Commit Graph

24033 Commits

Author SHA1 Message Date
Michal Privoznik
96e2486156 virNetDevMacVLanCreateWithVPortProfile: Don't mask virNetDevMacVLanTapOpen error
https://bugzilla.redhat.com/show_bug.cgi?id=1240439

In this function we create a macvtap device and open its tap
device. Possibly multiple times. Now the thing is, if opening the
tap device fails, that is virNetDevMacVLanTapOpen() returns a
negative value, we unroll all the changes BUT return 0 fooling
caller into thinking everything went okay.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-08-10 16:54:41 +02:00
Cole Robinson
856965b362 qemu: fix qemu.conf security_driver
Since a9331394 (first release v2.1.0), specifying a manual
security_driver setting in qemu.conf causes the daemon to fail to
start, erroring with 'Duplicate security driver X'.

The duplicate checking was incorrectly comparing every entry
against itself, guaranteeing a false positive.

https://bugzilla.redhat.com/show_bug.cgi?id=1365607
2016-08-10 10:41:07 -04:00
Laine Stump
a220f43a65 conf: restrict expander buses to connect only to a root bus
More misunderstanding/mistaken assumptions on my part - I had thought
that a pci-expander-bus could be plugged into any legacy PCI slot, and
that pcie-expander-bus could be plugged into any PCIe slot. This isn't
correct - they can both be plugged ontly into their respective root
buses. This patch adds that restriction.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1358712
2016-08-10 10:29:34 -04:00
Laine Stump
b70e3d0123 conf: restrict where dmi-to-pci-bridge can be connected
libvirt had allowed a dmi-to-pci-bridge to be plugged in anywhere a
normal PCIe endpoint can be connected, but this is wrong - it will
only work if it's plugged into pcie-root (the PCIe root complex) or a
pcie-expander-bus (the qemu device pxb-pcie). This patch adjusts the
connection flags accordingly.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1363648
2016-08-10 10:27:37 -04:00
Laine Stump
b70e54342b conf: don't allow connecting upstream-port directly to pce-expander-bus
I apparently misunderstood Marcel's description of what could and
couldn't be plugged into qemu's pxb-pcie controller (known as
pcie-expander-bus in libvirt) - I specifically allowed directly
connecting a pcie-switch-upstream-port, and it turns out that causes
the guest kernel to crash.

This patch forbids such a connection, and updates the xml docs
appropriately.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1361172
2016-08-10 10:26:21 -04:00
Laine Stump
10031fe5f2 conf: improve error log when PCI devices don't match requested controller
The virDomainPCIAddressFlagsCompatible() error logs report that a
device required a controller that accepted standard PCI endpoint
devices, or PCI Express endpoint devices, and if hotplug was required
by the configuration but not provided by the selected controller. But
the wording of the error messages was apparently confusing (according
to the bugzilla report referenced below). On top of that, if the
device was something other than an endpoint device (e.g. a
pcie-switch-downstream-port) the error message was a complete punt -
it would just say that the flags were incorrect.

This patch makes the messages for PCI/PCIe endpoint and hotplug
requirements more clear, and also specifically indicates what was the
device type when it is other than an endpoint device.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1363627
2016-08-10 10:23:18 -04:00
Erik Skultety
4914494eb8 virt-admin: Fix the error when an invalid URI has been provided
After commit 9d479dd1 fiddled with the cmdConnect's output which used to be a
bit more verbose prior to the mentioned commit, the program flow would result
in a quite confusing error if an invalid URI has been provided:

    error: Failed to connect to the admin server
    Connected to the admin server
    error: <some error>

The problem is that the commit mentioned above relied on the fact that
connect routine always succeeds which is not true.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-08-10 15:24:07 +02:00
Jiri Denemark
300f668c66 cpu_x86: Fix host-model CPUs on hosts with CMT
Since the introduction of CMT features (commit v1.3.5-461-gf294b83)
starting a domain with host-model CPU on a host which supports CMT fails
because QEMU complains about unknown 'cmt' feature:

    qemu-system-x86_64: CPU feature cmt not found

https://bugzilla.redhat.com/show_bug.cgi?id=1355857

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-08-10 14:25:24 +02:00
Jiri Denemark
58ba240df8 tests: Add a test for host-model CPU with CMT feature
The generated command line wouldn't work since QEMU doesn't know what
'cmt' is. The following patch will fix this issue.

https://bugzilla.redhat.com/show_bug.cgi?id=1355857

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-08-10 14:25:24 +02:00
Jiri Denemark
1ac897a15d cpu_x86: Properly drop non-migratable features
By removing a non-migratable feature in a for loop we would fail to drop
every second non-migratable feature if the features array contained
several of them in a row.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-08-10 14:25:24 +02:00
Jiri Denemark
dbb14bb0f1 cpu_x86: Introduce x86FeatureIsMigratable
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-08-10 14:25:24 +02:00
Chen Hanxiao
73b647d418 virsh: clarify snapshot --live
In libvirt, snapshot means disk snapshot.
snapshot --live is more like VM checkpoint.
Make it clear in virsh.pod.

Signed-off-by: Chen Hanxiao <chenhanxiao@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-08-10 13:29:54 +02:00
Jovanka Gulicoska
5b8643099a virsh: Introduce nodedev-event command
Add nodedev-event support for node device lifecycle events
2016-08-09 11:05:32 -04:00
Erik Skultety
9e5e7f3a5b virt-admin: Properly fix the default session daemon URI to admin server
Commit 30ce2f0e tried to fix the issue with an incorrect session URI to admin
server but it messed up the checks:

    if (geteuid == 0 && VIR_STRDUP(*uristr, "libvirtd:///system") < 0)
        return -1;
    else if (VIR_STRDUP(*uristr, "libvirtd:///session") < 0)
        return -1;

So if a client executed with root privileges tries to connect, its euid is
checked (true) and the correct URI is successfully copied to @uristr (false),
therefore the 'else' branch is taken and @uristr is replaced by the session URI
which for root results in:
    Failed to connect socket to '/root/.cache/libvirt/libvirt-admin-sock':
    No such file or directory

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-08-09 15:24:19 +02:00
Erik Skultety
30ce2f0e2a admin: Fix the default uri for session daemon to libvirtd:///session
Just like we decide on which URI we go with based on EUID for qemu in remote
driver, do a similar thing for admin except we do not spawn a daemon in this
case.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1356858

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-08-09 13:25:22 +02:00
Michal Privoznik
e396de03f3 docs: Distribute subsite.xsl
So, I've ran into very interesting problem lately. When doing the
following, I've encountered an error:

  libvirt.git $ make dist && tar -xJf libvirt-2.2.0.tar.xz && \
                cd libvirt-2.2.0 && ./configure && \
                rm docs/formatdomain.html && make -C docs

  make: Entering directory 'docs'
  make: *** No rule to make target 'formatdomain.html', needed by 'web'.  Stop.
  make: Leaving directory 'docs'

I had no idea what was going on, so I've nailed down the commit
that "broke it" via running git-bisect. It was this one:
7659bd9221. But that shed no more light until I realized
that the commit might actually just exposed a problem we had. And
guess what - I've nailed it down. Of course we are not
distributing subsite.xsl that's why make prints error message.
Very misleading one I must say.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-08-08 11:49:35 +02:00
Marc Hartmayer
cdf065537f virsystemd: Fix error check
Commit b3e4401dc6 introduced a check to ignore an error if the guest
is already terminated. However the check accidentally compared
error.code with VIR_ERR_ERROR, which is an error level, not an error
code. Because of this, almost every error got silently ignored.

Fixes: b3e4401dc6 ("systemd: don't report an error if the guest is
already terminated")

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
2016-08-08 08:15:59 +02:00
Kai Kang
7e1ca80d87 nsslinktest: also build virAtomic.h
When build for architecture that don't use gcc atomic ops but pthread,
it fails to build for armel:

| ../tools/nss/.libs/libnss_libvirt_impl.a(libvirt_nss_la-virobject.o): In function `virClassNew':
| /buildarea2/kkang/builds/qemuarm-Aug03/bitbake_build/tmp/work/armv5e-wrs-linux-gnueabi/libvirt/1.3.5-r0/build/src/../../libvirt-1.3.5/src/util/virobject.c:153: undefined reference to `virAtomicLock'
| ../tools/nss/.libs/libnss_libvirt_impl.a(libvirt_nss_la-virobject.o): In function `virObjectNew':
| /buildarea2/kkang/builds/qemuarm-Aug03/bitbake_build/tmp/work/armv5e-wrs-linux-gnueabi/libvirt/1.3.5-r0/build/src/../../libvirt-1.3.5/src/util/virobject.c:205: undefined reference to `virAtomicLock'
| ../tools/nss/.libs/libnss_libvirt_impl.a(libvirt_nss_la-virobject.o): In function `virObjectUnref':
| /buildarea2/kkang/builds/qemuarm-Aug03/bitbake_build/tmp/work/armv5e-wrs-linux-gnueabi/libvirt/1.3.5-r0/build/src/../../libvirt-1.3.5/src/util/virobject.c:277: undefined reference to `virAtomicLock'
| ../tools/nss/.libs/libnss_libvirt_impl.a(libvirt_nss_la-virobject.o): In function `virObjectRef':
| /buildarea2/kkang/builds/qemuarm-Aug03/bitbake_build/tmp/work/armv5e-wrs-linux-gnueabi/libvirt/1.3.5-r0/build/src/../../libvirt-1.3.5/src/util/virobject.c:298: undefined reference to `virAtomicLock'
| collect2: error: ld returned 1 exit status

It is similar with:

http://libvirt.org/git/?p=libvirt.git;a=commit;h=12dc729

Signed-off-by: Kai Kang <kai.kang@windriver.com>
2016-08-08 08:06:56 +02:00
Nikolay Shirokovskiy
492a383e58 vz: add vzDomainGetJobStats
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2016-08-06 22:01:29 +03:00
Nikolay Shirokovskiy
dd7b0a388f vz: add getting job info for migration
Unfortunately vz sdk do not provide detail information on migration
progress, only progress percentage. Thus vz driver provides percents
instead of bytes in data fields of virDomainJobInfoPtr.

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2016-08-06 22:01:02 +03:00
Eric Blake
f33f03d015 build: centralize use of extra Cygwin LDFLAGS
The build was failing with:

  CCLD     lockd.la
libtool:   error: can't build i686-pc-cygwin shared library unless -no-undefined is specified

Rather than add yet another $(CYGWIN_EXTRA_LDFLAGS) to all the
impacted *_la_LDFLAGS, it was easier to just pull the extra
flags into ALL libraries via AM_LDFLAGS.

Then, fix lockd_la_LDFLAGS to include AM_LDFLAGS, like all other
libraries.

Signed-off-by: Eric Blake <eblake@redhat.com>
2016-08-06 07:50:19 -06:00
Eric Blake
aa760cd522 build: use XDR_CFLAGS for Cygwin build
Without XDR_CFLAGS, compilation on Cygwin fails with:

  CC       libvirt_driver_la-libvirt-stream.lo
In file included from libvirt-stream.c:26:0:
rpc/virnetprotocol.h:9:21: fatal error: rpc/rpc.h: No such file or directory

Signed-off-by: Eric Blake <eblake@redhat.com>
2016-08-06 07:27:03 -06:00
Michal Privoznik
5f5a5a42e5 lxcDomainCreateXMLWithFiles: Avoid crash
https://bugzilla.redhat.com/show_bug.cgi?id=1363773

Imagine that you're creating a transient domain, but for some reason,
starting it fails. That is virLXCProcessStart() returns an error. With
current code, in the error handling code the domain object is removed
from the domain object list, @vm is set to NULL and controls jump to
enjob label where virLXCDomainObjEndJob() is called which dereference vm
leading to instant crash.

The fix is to end the job in the error handling code and only after that
remove the domain from the list and jump onto cleanup label instead of
endjob.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-08-05 15:50:19 +02:00
John Ferlan
fbfd6f2103 storage: Don't remove the pool for buildPool failure in storagePoolCreate
https://bugzilla.redhat.com/show_bug.cgi?id=1362349

When adding the ability to build the pool during the start pool processing
using the similar flags as buildPool processing would use, the code was
essentially cut-n-pasted from storagePoolCreateXML.  However, that included
a call to virStoragePoolObjRemove which shouldn't happen within the
storagePoolCreate path since that'll remove the pool from the list of
pools only to be rediscovered if libvirtd restarts.

So on failure, just fail and return as we should expect
2016-08-05 09:30:54 -04:00
Ján Tomko
3f19ac3486 Fix indentation 2016-08-05 10:25:10 +02:00
Jiri Denemark
a80827a7f9 qemu: Add tests for virQEMUCapsNewCopy
Doing a load, copy, format cycle on all QEMU capabilities XML files
should make sure we don't forget to update virQEMUCapsNewCopy when
adding new elements to QEMU capabilities.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-08-05 10:06:01 +02:00
Jiri Denemark
c611c886f5 qemu: Copy missing QEMU caps elements
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-08-05 10:06:01 +02:00
Jiri Denemark
79057b8b3b qemu: Copy QEMU caps elements in order of definition
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-08-05 10:06:01 +02:00
Peter Krempa
2cda2628db tests: qemucapabilities: Add data for qemu 2.7.0
As of (v2.7.0-rc1-52-g42e0d60)
2016-08-05 09:47:08 +02:00
Erik Skultety
5a3558c620 storage: Fix a NULL ptr dereference in virStorageBackendCreateQemuImg
There was a missing check for vol->target.encryption being NULL
at one particular place (modified by commit a48c71411) which caused a crash
when user attempted to create a raw volume using a non-raw file volume as
source.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1363636

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-08-05 09:07:00 +02:00
Peter Krempa
5b7dedc995 internal: Introduce macro for stealing pointers
VIR_STEAL_PTR copies the pointer from the second argument into the
first argument and then sets the second to NULL.
2016-08-05 08:38:20 +02:00
John Ferlan
d5813d72ad tests: Fix broken build
Commit id 'f522b7d2' caused a build failure :

GEN      check-augeas-virtlogd
Test failure:test_libvirtd_qemu.aug:69.3-147.28:
 Expected:
{
...
  { "nvram"
    { "1" = "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd" }
    { "2" = "/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd" }
  }
...
 Actual:
...
{
  { "nvram"
    { "1" = "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd" }
    { "2" = "/usr/share/OVMF/OVMF_CODE.secboot.fd:/usr/share/OVMF/OVMF_VARS.fd" }
    { "3" = "/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd" }
  }
...

This patch adds the OVMF_CODE.secboot.fd to the aug.in file

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-08-04 15:25:23 -04:00
Boris Fiuczynski
202846f8c3 qemu: fix capability counting
Signed-off-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
2016-08-04 17:48:19 +02:00
Michal Privoznik
f522b7d269 qemu: Advertise OVMF_CODE.secboot.fd
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-08-04 17:22:48 +02:00
Michal Privoznik
9c1524a01c qemu: Enable secure boot
In qemu, enabling this feature boils down to adding the following
onto the command line:

  -global driver=cfi.pflash01,property=secure,value=on

However, there are some constraints resulting from the
implementation. For instance, System Management Mode (SMM) is
required to be enabled, the machine type must be q35-2.4 or
later, and the guest should be x86_64. While technically it is
possible to have 32 bit guests with secure boot, some non-trivial
CPU flags tuning is required (for instance lm and nx flags must
be prohibited). Given complexity of our CPU driver, this is not
trivial. Therefore I've chosen to forbid 32 bit guests for now.
If there's ever need, we can refine the check later.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-08-04 17:22:20 +02:00
Michal Privoznik
64c2480043 Introduce @secure attribute to os loader element
This element will control secure boot implemented by some
firmwares. If the firmware used in <loader/> does support the
feature we must tell it to the underlying hypervisor. However, we
can't know whether loader does support it or not just by looking
at the file. Therefore we have to have an attribute to the
element where users can tell us whether the firmware is secure
boot enabled or not.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-08-04 17:14:20 +02:00
Michal Privoznik
d0e4be9d02 Introduce SMM feature
Since its release of 2.4.0 qemu is able to enable System
Management Module in the firmware, or disable it. We should
expose this capability in the XML. Unfortunately, there's no good
way to determine whether the binary we are talking to supports
it. I mean, if qemu's run with real machine type, the smm
attribute can be seen in 'qom-list /machine' output. But it's not
there when qemu's run with -M none. Therefore we're stuck with
version based check.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-08-04 17:14:20 +02:00
Michal Privoznik
90b42f0fad qemuBuildMachineCommandLine: Follow our pattern
We use 'goto cleanup' for a reason. If a function can exit at
many places but doesn't follow the pattern, it has to copy the
free code in multiple places.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-08-04 17:14:20 +02:00
Daniel P. Berrange
072e095660 rpm: set TLS priority to @LIBVIRT,SYSTEM on Fedora >= 25
With newest gnutls available in Fedora 25/rawhide, it is
possible to have TLS priority fallbacks, so we can finally
use --tls-priority=@LIBVIRT,SYSTEM

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-08-04 15:59:24 +01:00
Andrea Bolognani
a4e08bd431 tests: qemuxml2xml: Add some USB test cases
All these configurations are already covered for qemuxml2argv,
but there were no equivalent tests for qemuxml2xml.
2016-08-04 16:23:15 +02:00
Andrea Bolognani
ad7adcbe29 tests: qemuxml2xml: Use DO_TEST() for most tests
Now that DO_TEST() can be passed capabilities, there is little
need to use DO_TEST_FULL() instead of DO_TEST().
2016-08-04 16:22:41 +02:00
Andrea Bolognani
aa27fda09d tests: qemuxml2xml: Pass capabilities to DO_TEST()
This will allow us to remove most DO_TEST_FULL() usages. For the
time being, just add the extra argument to all DO_TEST() calls.
2016-08-04 16:22:08 +02:00
Andrea Bolognani
4be3b8f66f tests: qemuxml2xml: Use WHEN_BOTH for most tests
A bunch of cases were only being tested for WHEN_ACTIVE or
WHEN_INACTIVE. Use WHEN_BOTH for all except the very few that
actually require the existing setup.
2016-08-04 16:21:35 +02:00
Andrea Bolognani
ccd3bb69f6 tests: qemuxml2xml: Clean up disk-mirror
Instead of testing it twice using WHEN_ACTIVE and WHEN_INACTIVE
separately, just use WHEN_BOTH.
2016-08-04 16:21:02 +02:00
Andrea Bolognani
ba55861afe tests: qemuxml2argv: Fix usb-too-long-port-path-invalid
The test case uses DO_TEST_PARSE_FLAGS_ERROR(), but doesn't
pass any parse flag. Use DO_TEST_PARSE_ERROR() instead.
2016-08-04 16:20:27 +02:00
Andrea Bolognani
fc9cf8d8eb tests: qemuxml2argv: Remove useless GIC flags
DO_TEST_FAILURE() doesn't take a GIC version, but the GIC flag
was passed anyway. Get rid of all such occurrences.
2016-08-04 16:18:17 +02:00
Michal Privoznik
b660238eb1 virObjectEventNew: Use virObjectUnref() to free virObjectEvent
While no leak was observed yet, there might be one if
virObjectEventClass is ever derived from another class. Because
in that case plain VIR_FREE() will not call dispose() from parent
classes possibly leaking some memory.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-08-04 15:32:22 +02:00
Michal Privoznik
b3df357da6 libxlDoMigrateReceive: Drop useless check for !vm
In the cleanup path, @vm cannot be possibly NULL. If it were so,
we would receive SIGSEGV much earlier. At the beginning of the
function we do libxlDomainObjBeginJob(.., vm, ..); and so on.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-08-04 15:32:21 +02:00
Michal Privoznik
7584d992b8 virshConnect: Don't leak polkit agent
In our attempts to reconnect, we may create a polkit daemon.
However, it may happen that we would rewrite the variable that
already holds pointer to the agent.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-08-04 15:32:21 +02:00
Michal Privoznik
1758ee4a94 securityselinuxlabeltest: Prefer virGetLastErrorMessage() over virGetLastError
At the beginning of the test, some preparation work is done. For
instance new virSecurityManager is created. If this fails for
whatever reason, we try to fetch the latest error and print the
error message contained in it. However, if there's a bug in our
code and no error is reported, this approach will lead to crash,
while with virGetLastErrorMessage() it won't.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-08-04 15:32:20 +02:00