Some AMD processors only support a non-architectural means of
enabling Speculative Store Bypass Disable. To allow simplified
handling in virtual environments, hypervisors will expose an
architectural definition through CPUID bit 0x80000008_EBX[25].
This needs to be exposed to guest OS running on AMD x86 hosts to
allow them to protect against CVE-2018-3639.
Note that since this CPUID bit won't be present in the host CPUID
results on physical hosts, it will not be enabled automatically
in guests configured with "host-model" CPU unless using QEMU
version >= 2.9.0. Thus for older versions of QEMU, this feature
must be manually enabled using policy=force. Guests using the
"host-passthrough" CPU mode do not need special handling.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
New microcode introduces the "Speculative Store Bypass Disable"
CPUID feature bit. This needs to be exposed to guest OS to allow
them to protect against CVE-2018-3639.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
These two functions were duplicating some cleanup paths, so let's just merge
both cleanup and error paths together. To distinguish whether we need to
clean-up the return value let's keep it in @tmp until the function is successful
in which case we set @ret to the value of @tmp and set @tmp to NULL.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Since we started using `make distcheck` in travis, the part that's printing the
tests/test-suite.log file is rather pointless. Let's check for both known
locations (keeping the previous one there on purpose) so that the output is
usable again.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
We currently print the libvirt and qemu version strings into the
per-guest logfile. It would be useful to know what kernel is running
too, so add that.
Reviewed-by: Kashyap Chamarthy <kchamart@redhat.com>
Tested-by: Kashyap Chamarthy <kchamart@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The last caller not passing a comma was removed by:
commit ad8a7c4f85
Author: Ján Tomko <jtomko@redhat.com>
CommitDate: 2018-04-12 17:17:16 +0200
qemu: deprecate QEMU_CAPS_NETDEV
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
The JSON property generator should not escape commas as we do on the
command line. The JSON->commandline generator already does that.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
We have to escape commas when formatting them on the command line. Add a
test case of a TLS path containing a comma.
Note that the output is wrong, this test case is to prove there's a bug.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Use the 'S' modifier for create the field optionally rather than calling
another JSON formatter function.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
According to virDomainScreenshot() documentation, screens are
numbered sequentially. e.g. having two graphics cards, both with
four heads, screen ID 5 addresses the second head on the second
card.
But apart from that, there's nothing special happening here.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
As of v2.12.0-rc0~32^2 QEMU is capable specifying which display
device and head should the screendump be taken from. Track this
capability so that we can use it later in our virDomainScreenshot
API.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Commit [1] dropped support for synchronous block job cancel.
This patch erases remnants from comments.
[1] commit 2350d101 "qemu: Remove support for legacy block jobs"
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
Let us update the existing xml and replies files for QEMU 2.12.0 on
s390x.
Used a z14 using a QEMU 2.12 GA build and the following sequence:
tests/qemucapsprobe /usr/bin/qemu-system-s390x > \
tests/qemucapabilitiesdata/caps_2.12.0.s390x.replies
VIR_TEST_REGENERATE_OUTPUT=1 tests/qemucapabilitiestest
VIR_TEST_REGENERATE_OUTPUT=1 tests/domaincapstest
Signed-off-by: Shalini Chellathurai Saroja <shalini@linux.vnet.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
Historically we matched log filters with strstr(), and when switching to
fnmatch in cbb0fd3cfd, it was stated that
we would continue to match substrings, with "foo" being equivalent to
"*foo*". Unfortuntely I forget to provide the code to actually make that
happen. This fixes it to prepend and append "*". We don't bother to
check if the pattern already has a leading/trailing '*', because
"**foo**" will match the same as "*foo*".
Reviewed-by: Erik Skultety <eskultet@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Ubuntu 14.04 which is not targetted as a supported platform [0]
already has 3.2.11
[0] https://libvirt.org/platforms.html
Signed-off-by: Ján Tomko <jtomko@redhat.com>
virCryptoHashString also needs to know the size of the returned hash.
Return it if the hash conversion succeeded so the caller does not need
to access the hashinfo array.
This should make virCryptoHashString build without gnutls.
Also fixes the missing return value for the virCryptoHashBuf stub.
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Suggested-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
==1589== 7 bytes in 2 blocks are definitely lost in loss record 34 of 261
==1589== at 0x4C2AF0F: malloc (vg_replace_malloc.c:299)
==1589== by 0x8A82794: xmlStrndup (in /usr/lib64/libxml2.so.2.9.8)
==1589== by 0x5DD8392: virXMLPropString (virxml.c:510)
==1589== by 0x5E12427: virDomainMemoryDefParseXML (domain_conf.c:15704)
==1589== by 0x5E207DE: virDomainDefParseXML (domain_conf.c:20351)
==1589== by 0x5E2184F: virDomainDefParseNode (domain_conf.c:20636)
==1589== by 0x5E216A1: virDomainDefParse (domain_conf.c:20580)
==1589== by 0x5E21747: virDomainDefParseFile (domain_conf.c:20606)
==1589== by 0x112F5F: testCompareXMLToArgv (qemuxml2argvtest.c:493)
==1589== by 0x138780: virTestRun (testutils.c:180)
==1589== by 0x117129: mymain (qemuxml2argvtest.c:937)
==1589== by 0x13A83C: virTestMain (testutils.c:1120)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Libvirt only manages one PR daemon. This means that we don't need to
pass the 'disk' object and also rename the functions dealing with this
so that it's obvious we only deal with the managed PR daemon.
Signed-off-by: Peter Krempa <pkrempa@redhat st.com>
Rather than always checking which path to use pre-assign it when
preparing storage source.
This reduces the need to pass 'vm' around too much. For later use the
path can be retrieved from the status XML.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
To allow storing status information in the XML move the validation that
the 'path' is not valid for managed PR daemon case into
qemuDomainValidateStorageSource and allow parsing of the data even in
case when managed='yes'.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Everything can be disabled by not using the parent element. There's no
need to store this explicitly. Additionally it does not add any value
since any configuration is dropped if enabled='no' is configured.
Drop the attribute and adjust the code accordingly.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Disk source definition should be validated in
qemuDomainValidateStorageSource rather than in individual generators of
command line arguments.
Change to the XML2XML test is required since now the definition is
actually validated at define time.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
For use with blockdev the PR manager will be bound to a virStorageSource
rather than a virDomainDiskDef, so we will need to use the correct
alias.
Allow passing a string rather than the whole disk.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>