Commit Graph

1636 Commits

Author SHA1 Message Date
Daniel Henrique Barboza
7be4bfd25f qemu: command: move qemuBuildBootCommandLine validation to qemu_domain.c
Move the boot validation being done by qemuBuildBootCommandLine()
to to a new qemuDomainDefValidateBoot() function. This new function
is called by qemuDomainDefValidate(), allowing boot validation in
domain define time.

Tests were adapted to consider the new caps being needed in
this earlier stage.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-12-16 17:51:10 -05:00
Daniel Henrique Barboza
3b32de2297 qemu: command: move qemuBuildPMCommandLine validation to qemu_domain.c
Move the PM validation being done by qemuBuildPMCommandLine() to
to a new qemuDomainDefValidatePM() function. This new function
is called by qemuDomainDefValidate(), promoting PM validation in
domain define time.

Tests were adapted to consider the new caps being needed in
this earlier stage.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-12-16 17:51:06 -05:00
Daniel Henrique Barboza
e8b2fc077d qemu: command: move virDomainClockDef validation to qemu_domain.c
@def->clock validation is done by qemuBuildClockCommandLine() and
qemuBuildClockArgStr(). This patch centralize the validation done
in both these functions to a new qemuDomainDefValidateClockTimers()
function. This new function is then called by qemuDomainDefValidate(),
promoting clock validation in domain define time.

Tests were adapted to consider the new caps being needed in
this earlier stage.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-12-16 17:51:03 -05:00
Daniel Henrique Barboza
576ba03c27 qemu: command: move qemuBuildSgaCommandLine validation to qemu_domain.c
Move QEMU caps validation of qemuBuildSgaCommandLine() to
qemuDomainDefValidate(), allowing validation at domain define
time.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-12-16 17:50:59 -05:00
Daniel Henrique Barboza
f64d67cdc5 qemu: command: move vmGenID validation to qemu_domain.c
QEMU_CAPS_DEVICE_VMGENID is now being validated by
qemuDomainDefValidate().

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-12-16 17:50:54 -05:00
Daniel Henrique Barboza
3d21545f6d qemu: command: move qemuBuildHostdevCommandLine caps validation to qemu_domain
Move QEMU caps validation of qemuBuildHostdevCommandLine() to
qemuDomainDeviceDefValidateHostdev() and qemuDomainMdevDefValidate(),
allowing them to be validated at domain define time.

Tests were adapted to consider the new caps being needed in
this earlier stage.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-12-16 17:50:50 -05:00
Daniel Henrique Barboza
8ed79ecc88 qemu: command: move qemuBuildChrChardevStr caps validation to qemu_domain
Move QEMU caps validation of QEMU_CAPS_CHARDEV_FILE_APPEND and
QEMU_CAPS_CHARDEV_LOGFILE to qemuDomainChrSourceDefValidate().

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-12-16 17:50:46 -05:00
Daniel Henrique Barboza
acf1e22642 qemu: command: move qemuBuildHubDevStr caps validation to qemu_domain
Move QEMU caps validation of QEMU_CAPS_USB_HUB to a new function in
qemu_domain.c, qemuDomainDeviceDefValidateHub(). This function is
called by qemuDomainDeviceDefValidate() to validate the sound device
in domain define time.

qemuxml2xmltest.c was adjusted to add the now required caps for
domain definition.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-12-16 17:50:43 -05:00
Daniel Henrique Barboza
4fb58a365d qemu: command: move NVRAM validation to qemu_domain.c
A new function qemuDomainDeviceDefValidateNVRAM() was created
to validate the NVRAM in domain define time. Unit test was
adjusted to account for the extra QEMU_CAPS_DEVICE_NVRAM required
during domain define.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-12-16 17:50:38 -05:00
Daniel Henrique Barboza
62065a6cb5 qemu: command: move NUMA validation to qemu_domain.c
A new qemuDomainDefValidateNuma() function was created to host
all the QEMU caps validation being done inside qemuBuildNumaArgStr().
This new function is called by qemuDomainValidateCpuCount()
to allow NUMA validation in domain define time.

Tests were changed to account for the QEMU capabilities
that need to be present at domain define time.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-12-16 17:50:33 -05:00
Daniel Henrique Barboza
2453950da6 qemu: command: move I/O APIC validation to qemu_domain.c
Validation of MACHINE_KERNEL_IRQCHIP and MACHINE_KERNEL_IRQCHIP_SPLIT
QEMU caps are now being done in qemuDomainDefValidateFeatures().

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-12-16 17:50:25 -05:00
Daniel Henrique Barboza
28f79bb342 qemu: command: move validation of vmport to qemu_domain.c
virQEMUCapsSupportsVmport() is now being called inside
qemuDomainDefValidateFeatures() for VIR_DOMAIN_FEATURE_VMPORT
feature.

qemuxml2xmltest.c was changed to account for this caps being
now validated at domain define time.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-12-16 17:50:21 -05:00
Daniel Henrique Barboza
96178e2238 qemu: command: move mem.nosharepages validation to qemu_domain.c
Move QEMU_CAPS_MEM_MERGE validation from qemuBuildMachineCommandLine()
to qemuDomainDefValidateMemory().

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-12-16 17:50:17 -05:00
Daniel Henrique Barboza
2628247f84 qemu: command: move PSeries features validation to qemu_domain.c
Introduce a new function called qemuDomainDefValidatePSeriesFeature()
that will center all the PSeries validation done in qemu_command.c.
qemuDomainDefValidatePSeriesFeature() is then called during domain
define time, in qemuDomainDefValidateFeatures().

qemuxml2argvtest.c is also changed to include all the caps that now
are being validated in define time.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-12-16 17:50:11 -05:00
Daniel P. Berrangé
8d157c13cc qemu: honour parseOpaque instead of refetching caps
The use of the parseOpaque parameter was mistakenly removed in

  commit 4a4132b462
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   Tue Dec 3 10:49:49 2019 +0000

    conf: don't use passed in caps in post parse method

causing the method to re-fetch qemuCaps that were already just
fetched and put into parseOpaque.

This is inefficient when parsing incoming XML, but for live
XML this is more serious as it means we use the capabilities
for the current QEMU binary on disk, rather than the running
QEMU.

That commit, however, did have a useful side effect of fixing
a crasher bug in the qemu post parse callback introduced by

  commit 5e939cea89
  Author: Jiri Denemark <jdenemar@redhat.com>
  Date:   Thu Sep 26 18:42:02 2019 +0200

    qemu: Store default CPU in domain XML

The qemuDomainDefSetDefaultCPU() method in that patch did not
allow for the possibility that qemuCaps would be NULL and thus
resulted in a SEGV.

This shows a risk in letting each check in the post parse
callback look for qemuCaps == NULL. The safer option is to
check once upfront and immediately stop (postpone) further
validation.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-12 16:30:02 +00:00
Daniel P. Berrangé
87a8b81d40 qemu: check os type / virt type / arch in validate callback
Don't check os type / virt type / arch in the post-parse callback
because we can't assume qemuCaps is non-NULL at this point. It
also conceptually belongs to the validation callback.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-12 16:30:02 +00:00
Pavel Mores
d75f865fb9 qemu: fix concurrency crash bug in snapshot revert
This commit aims to fix

https://bugzilla.redhat.com/show_bug.cgi?id=1610207

The cause was apparently incorrect handling of jobs in snapshot
revert code which allowed a thread executing snapshot delete to
begin job while snapshot revert was still running on another
thread. The snapshot delete thread then waited on a condition
variable in qemuMonitorSend() while the revert thread finished,
changing (and effectively corrupting) the qemuMonitor structure
under the delete thread which led to its crash.

The incorrect handling of jobs in revert code was due to the fact
that although qemuDomainRevertToSnapshot() correctly begins a job
at the start, the job was implicitly ended when qemuProcessStop()
was called because the job lives in the QEMU driver's private
data (qemuDomainObjPrivate) that was purged during
qemuProcessStop().

This fix prevents qemuProcessStop() from clearing jobs as the
idea of qemuProcessStop() clearing jobs seems wrong in the first
place. It was (inadvertently) introduced in commit
888aa4b6b9, which is effectively reverted by
the second hunk of this commit. To preserve the desired effects
of the faulty commit, the first hunk is included as suggested by
Michal.

Signed-off-by: Pavel Mores <pmores@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-12-12 11:26:19 +01:00
Daniel P. Berrangé
1902356231 qemu: keep capabilities when running QEMU as root
When QEMU uid/gid is set to non-root this is pointless as if we just
used a regular setuid/setgid call, the process will have all its
capabilities cleared anyway by the kernel.

When QEMU uid/gid is set to root, this is almost (always?) never
what people actually want. People make QEMU run as root in order
to access some privileged resource that libvirt doesn't support
yet and this often requires capabilities. As a result they have
to go find the qemu.conf param to turn this off. This is not
viable for libguestfs - they want to control everything via the
XML security label to request running as root regardless of the
qemu.conf settings for user/group.

Clearing capabilities was implemented originally because there
was a proposal in Fedora to change permissions such that root,
with no capabilities would not be able to compromise the system.
ie a locked down root account. This never went anywhere though,
and as a result clearing capabilities when running as root does
not really get us any security benefit AFAICT. The root user
can easily do something like create a cronjob, which will then
faithfully be run with full capabilities, trivially bypassing
the restriction we place.

IOW, our clearing of capabilities is both useless from a security
POV, and breaks valid use cases when people need to run as root.

This removes the clear_emulator_capabilities configuration
option from qemu.conf, and always runs QEMU with capabilities
when root.  The behaviour when non-root is unchanged.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-11 16:01:20 +00:00
Pavel Mores
73532dadd2 qemu: block: store the delete flag in libvirtd's status XML
Since blockcommit is asynchronous, libvirtd can be restarted while the
operation runs.  To ensure the information necessary to finish up the job
is not lost, serialisation to and deserialisation from the status XML is
added.

To unittest this, the new element was only added to the active commit test,
the non-active commit test doesn't have the new element so as to test its
absence.

Signed-off-by: Pavel Mores <pmores@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2019-12-11 08:40:18 +01:00
Pavel Hrdina
b10dd7d443 use g_ascii_isalpha instead of c_isalpha from gnulib
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-12-10 13:49:24 +01:00
Peter Krempa
2c59f0083e qemu: blockjob: Track internal data for 'backup' blockjob
A backup blockjob needs to be able to notify the parent backup job as
well as track all data to be able to clean up the bitmap and blockdev
used for the backup.

Add the data structure, job allocation function and status XML formatter
and parser.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-12-10 12:41:57 +01:00
Peter Krempa
9ac4b7db8d qemu: domain: Track backup job data in the status XML
Store the data of a backup job along with the index counter for new
backup jobs in the status XML. Currently we will support only one
backup job and thus there's no necessity to add arrays of jobs.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-12-10 12:41:57 +01:00
Peter Krempa
08b810053a Add 'backup' block job type
A backup job may consist of many backup sub-blockjobs. Add the new
blockjob type and add all type converter strings.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-12-10 12:41:57 +01:00
Peter Krempa
3656bb0a13 qemu: domain: Introduce QEMU_ASYNC_JOB_BACKUP async job type
We will want to use the async job infrastructure along with all the APIs
and event for the backup job so add the backup job as a new async job
type.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-12-10 12:41:57 +01:00
Peter Krempa
fed2cb487b qemu: Add infrastructure for statistics of a backup job
Introduce QEMU_DOMAIN_JOB_STATS_TYPE_BACKUP and the convertors and other
plumbing to be able to report statistics for the backup job.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-12-10 12:41:57 +01:00
Peter Krempa
1e320c9d83 qemu: domain: Export qemuDomainGetImageIds
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-12-10 12:41:56 +01:00
Cole Robinson
97cafa610e qemu: domain: raise an error when no emulator is found
$ cat f | grep -e arch -e emulator
    <type arch='mipsel'>hvm</type>
$ sudo virsh define f
error: Failed to define domain from f
error: An error occurred, but the cause is unknown

After:
$ sudo virsh define f
error: Failed to define domain from f
error: unsupported configuration: No emulator found for arch 'mipsel'

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-12-09 14:40:43 -05:00
Daniel P. Berrangé
8506afff7b conf: make virCPUDef into a ref counted struct
Annoyingly there was no existing constructor, and identifying all the
places which do a VIR_ALLOC(cpu) is a bit error prone. Hopefully this
has found & converted them all.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:17:27 +00:00
Daniel P. Berrangé
1a1d848694 qemu: use NUMA capabilities object directly
Avoid grabbing the whole virCapsPtr object when we only need the
NUMA information.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:17:27 +00:00
Daniel P. Berrangé
6cc992bd1a conf: move NUMA capabilities into self contained object
The NUMA cells are stored directly in the virCapsHostPtr
struct. This moves them into their own struct allowing
them to be stored independantly of the rest of the host
capabilities. The change is used as an excuse to switch
the representation to use a GPtrArray too.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:17:27 +00:00
Daniel P. Berrangé
bc1676fc2f qemu: drop virCapsPtr param & vars from many APIs
Now that the domain XML APIs don't use virCapsPtr we can stop passing it
around many QEMU driver methods.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:17:27 +00:00
Daniel P. Berrangé
575d9d2504 conf: drop virCapsPtr param from snapshot & checkpoint APIs
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:17:27 +00:00
Daniel P. Berrangé
78d8228eec conf: drop virCapsPtr param from APIs for saving domains
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:17:27 +00:00
Daniel P. Berrangé
24d87d2e88 conf: drop virCapsPtr param from domain APIs for copying config
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:17:27 +00:00
Daniel P. Berrangé
bf9d812956 conf: drop virCapsPtr param from domain parse APIs
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:17:27 +00:00
Daniel P. Berrangé
61bff77bf9 conf: drop virCapsPtr param from domain formatting APIs
This parameter is now unused and can be removed entirely.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:17:27 +00:00
Daniel P. Berrangé
04c960dd64 conf: drop virCapsPtr param from domain validate callback
None of the impls of this callback require the virCapsPtr param.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:17:27 +00:00
Daniel P. Berrangé
33b62676f8 conf: drop virCapsPtr param from device post parse callback
None of the impls of this callback require the virCapsPtr param.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:17:27 +00:00
Daniel P. Berrangé
c919336288 conf: drop virCapsPtr param from post parse callback
No impl of this callback requires the virCapsPtr anymore.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:17:27 +00:00
Daniel P. Berrangé
227a0503e2 conf: drop virCapsPtr param from post parse data alloc callback
The only user of this callback did not require the virCapsPtr parameter.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:17:27 +00:00
Daniel P. Berrangé
74fb858f7d conf: drop virCapsPtr param from basic post parse callback
The QEMU impl of the callback can directly use the QEMU capabilities
cache to resolve the emulator binary name, allowing virCapsPtr to be
dropped.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:17:19 +00:00
Daniel P. Berrangé
a7ef72a8fd conf: drop virCapsPtr param from assign addresses callback
The virCapsPtr param is not used by any of the virt drivers providing
this callback.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:15:16 +00:00
Daniel P. Berrangé
4a4132b462 conf: don't use passed in caps in post parse method
To enable the virCapsPtr parameter to the post parse method to be
eliminated, the drivers must fetch the virCapsPtr from their own
driver via the opaque parameter, or use an alternative approach
to validate the parsed data.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:15:16 +00:00
Daniel P. Berrangé
2578d74aee conf: move virt type / os type / arch validation to post-parse
The XML parser currently calls virCapabilitiesDomainDataLookup during
parsing to find the domain capabilities matching the triple

  (virt type, os type, arch)

This is, however, bogus with the QEMU driver as it assumes that there
is an emulator known to the default driver capabilities that matches
this triple. It is entirely possible for the driver to be parsing an
XML file with a custom emulator path specified pointing to a binary
that doesn't exist in the default driver capabilities.  This will,
for example be the case on a RHEL host which only installs the host
native emulator to /usr/bin. The user can have built a custom QEMU
for non-native arches into $HOME and wish to use that.

Aside from validation, this call is also used to fill in a machine type
for the guest if not otherwise specified. Again, this data may be
incorrect for the QEMU driver because it is not taking account of
the emulator binary that is referenced.

To start fixing this, move the validation to the post-parse callbacks
where more intelligent driver specific logic can be applied.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:15:16 +00:00
Daniel P. Berrangé
92d412149c conf: sanitize virDomainObjFormat & virDomainDefFormat* APIs
Moving their instance parameter to be the first one, and give consistent
ordering of other parameters across all functions. Ensure that the xml
options are passed into both functions in prep for future work.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:15:16 +00:00
Daniel P. Berrangé
908701c64a conf: sanitize virDomainSaveStatus & virDomainSaveConfig APIs
Our normal practice is for the object type to be the name prefix, and
the object instance be the first parameter passed in.

Rename these to virDomainObjSave and virDomainDefSave moving their
primary parameter to be the first one. Ensure that the xml options
are passed into both functions in prep for future work.

Finally enforce checking of the return type and mark all parameters
as non-NULL.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:15:16 +00:00
Daniel P. Berrangé
bce3b0807e qemu: cache host arch separately from virCapsPtr
As part of a goal to eliminate the need to use virCapsPtr for anything
other than the virConnectGetCapabilies() API impl, cache the host arch
against the QEMU driver struct and use that field directly.

In the tests we move virArchFromHost() globally in testutils.c so that
every test runs with a fixed default architecture reported.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:15:15 +00:00
Peter Krempa
ca67d02fbe qemu: domain: Mention searched disk in error of qemuDomainDiskByName
Mention the argument used if the disk can't be located.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2019-12-09 07:11:23 +01:00
Pavel Mores
7b2a6e8cf7 qemu: remove nested branching to enhance readability
This is a follow-up to patch series posted in

https://www.redhat.com/archives/libvir-list/2019-November/msg01180.html

It implements a suggestion made by Cole in

https://www.redhat.com/archives/libvir-list/2019-November/msg01207.html

and discussed in follow-up messages as there were no objections to the
change.

The aim is to make the code more readable by replacing nested branching
with a flat structure.

Signed-off-by: Pavel Mores <pmores@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-12-06 14:42:56 +01:00
Peter Krempa
dbbc9a3c40 qemu: Move and rename qemuDomainUpdateQEMUCaps
The function is now used only in qemu_process.c so move it there and
name it 'qemuProcessPrepareQEMUCaps' which is more appropriate to what
it's doing.

The reworded comment now mentions that it will also post-process the
caps for VM startup.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-12-03 15:26:54 +01:00
Peter Krempa
e67e8c545a qemu: blockjob: Introduce "broken" block job type
To better track jobs we couldn't parse let's introduce a new job type
which will clarify semantics internally in few places.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-11-27 15:59:33 +01:00
Laine Stump
b03d9e9593 conf: add hypervisor agnostic, domain start-time, validation function for NetDef
<interface> devices (virDomainNetDef) are a bit different from other
types of devices in that their actual type may come from a network (in
the form of a port connection), and that doesn't happen until the
domain is started. This means that any validation of an <interface> at
parse time needs to be a bit liberal in what it accepts - when
type='network', you could think that something is/isn't allowed, but
once the domain is started and a port is created by the configured
network, the opposite might be true.

To solve this problem hypervisor drivers need to do an extra
validation step when the domain is being started. I recently (commit
3cff23f7, libvirt 5.7.0) added a function to peform such validation
for all interfaces to the QEMU driver -
qemuDomainValidateActualNetDef() - but while that function is a good
single point to call for the multiple places that need to "start" an
interface (domain startup, device hotplug, device update), it can't be
called by the other hypervisor drivers, since 1) it's in the QEMU
driver, and 2) it contains some checks specific to QEMU. For
validation that applies to network devices on *all* hypervisors, we
need yet another interface validation function that can be called by
any hypervisor driver (not just QEMU) right after its network port has
been created during domain startup or hotplug. This patch adds that
function - virDomainActualNetDefValidate(), in the conf directory,
and calls it in appropriate places in the QEMU, lxc, and libxl
drivers.

This new function is the place to put all network device validation
that 1) is hypervisor agnostic, and 2) can't be done until we know the
"actual type" of an interface.

There is no framework for validation at domain startup as there is for
post-parse validation, but I don't want to create a whole elaborate
system that will only be used by one type of device. For that reason,
I just made a single function that should be called directly from the
hypervisors, when they are initializing interfaces to start a domain,
right after conditionally allocating the network port (and regardless
of whether or not that was actually needed). In the case of the QEMU
driver, qemuDomainValidateActualNetDef() is already called in all the
appropriate places, so we can just call the new function from
there. In the case of the other hypervisors, we search for
virDomainNetAllocateActualDevice() (which is the hypervisor-agnostic
function that calls virNetworkPortCreateXML()), and add the call to our
new function right after that.

The new function itself could be plunked down into many places in the
code, but we already have 3 validation functions for network devices
in 2 different places (not counting any basic validation done in
virDomainNetDefParseXML() itself):

1) post-parse hypervisor-agnostic
   (virDomainNetDefValidate() - domain_conf.c:6145)
2) post-parse hypervisor-specific
   (qemuDomainDeviceDefValidateNetwork() - qemu_domain.c:5498)
3) domain-start hypervisor-specific
   (qemuDomainValidateActualNetDef() - qemu_domain.c:5390)

I placed (3) right next to (2) when I added it, specifically to avoid
spreading validation all over the code. For the same reason, I decided
to put this new function right next to (1) - this way if someone needs
to add validation specific to qemu, they go to one location, and if
they need to add validation applying to everyone, they go to the
other. It looks a bit strange to have a public function in between a
bunch of statics, but I think it's better than the alternative of
further fragmentation. (I'm open to other ideas though, of course.)

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-11-25 15:30:05 -05:00
Laine Stump
fdcd273be2 conf: return a const from virDomainNetGetActualVirtPortProfile
This also isn't required (due to the vportprofile being stored in the
NetDef as a pointer rather than being directly contained), but it
seemed dishonest to not mark it as const (and thus permit users to
modify its contents)

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-11-25 15:29:56 -05:00
Laine Stump
1b029a929d qemu: add mac address to error messages in qemuDomainValidateActualNetDef
This makes it easier to understand which interface's config caused the
error.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-11-25 15:29:41 -05:00
Jiri Denemark
24d8202294 qemu: Use host-model CPU on s390 by default
On s390 machines host-passthrough and host-model CPUs result in the same
guest ABI (with QEMU new enough to be able to tell us what "host" CPU is
expanded to, which was implemented around 2.9.0). So instead of using
host-passthrough CPU when there's no CPU specified in a domain XML we
can safely use host-model and benefit from CPU compatibility checks
during migration, snapshot restore and similar operations.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-25 15:29:19 +01:00
Pavel Mores
33a9757852 qemu: the actual change of default video devide type selection algorithm
If a graphics device was added to XML that had no video device, libvirt
automatically added a video device which was always of type 'cirrus' on
x86_64, even if the underlying qemu didn't support cirrus.

This patch refines a bit the decision about the type of the video device.
Based on QEMU capabilities, cirrus is still preferred but only added if
QEMU supports it, otherwise VGA is used if supported by QEMU.  There is now
no fallback as libvirt only aspires to generate a basic working config and
leaves anything more specific up to higher-level management tools.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Pavel Mores <pmores@redhat.com>
2019-11-25 08:47:08 -05:00
Pavel Mores
b648d96289 qemu: default video device type selection algoritm moved into its own function
The default video device type selection algorithm we're about to deploy will
increase the amount of code dedicated to the task by amount enough to warrant
factoring the whole thing into its own function so as not to pollute the
caller qemuDomainDeviceVideoDefPostParse().  Do it now so that the actual
algorithm change later on is in a clean commit by itself and easy to review.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Pavel Mores <pmores@redhat.com>
2019-11-25 08:47:08 -05:00
Daniel P. Berrangé
bc7e72914a util: consolidate on one free callback for hash data
This previous commit introduced a simpler free callback for
hash data with only 1 arg, the value to free:

  commit 49288fac96
  Author: Peter Krempa <pkrempa@redhat.com>
  Date:   Wed Oct 9 15:26:37 2019 +0200

    util: hash: Add possibility to use simpler data free function in virHash

It missed two functions in the hash table code which need
to call the alternate data free function, virHashRemoveEntry
and virHashRemoveSet.

After the previous patch though, there is no code that
makes functional use of the 2nd key arg in the data
free function. There is merely one log message that can
be dropped.

We can thus purge the current virHashDataFree callback
entirely, and rename virHashDataFreeSimple to replace
it.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-22 14:21:28 +00:00
Peter Krempa
11d13ad8cf qemu: domain: Introduce helper to convert <loader> into virStorageSource
Add a helper which will covert the PFLASH code file and variable file
into the virStorageSource objects stored in private data so that we can
use them with -blockdev while keeping the infrastructure to determine
the path to the loaders intact.

This is a temporary solution until we will want to do snapshots of the
pflash where we will be forced do track the full backing chain in the
XML.

In the meanwhile just convert it partially so that we can stop using
-drive.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-22 08:32:25 +01:00
Peter Krempa
07675b0100 qemu: domain: Store virStorageSources representing pflash backing
To allow converting the pflash drives to blockdev we will need a
virStorageSource to allow using our helpers. Temporarily prior to
coverting loader data to a virStorageSoruce add private data which will
house this.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-22 08:32:25 +01:00
Jiri Denemark
5e939cea89 qemu: Store default CPU in domain XML
When starting a domain without a CPU model specified in the domain XML,
QEMU will choose a default one. Which is fine unless the domain gets
migrated to another host because libvirt doesn't perform any CPU ABI
checks and the virtual CPU provided by QEMU on the destination host can
differ from the one on the source host.

With QEMU 4.2.0 we can probe for the default CPU model used by QEMU for
a particular machine type and store it in the domain XML. This way the
chosen CPU model is more visible to users and libvirt will make sure
the guest will see the exact same CPU after migration.

Architecture specific notes
- aarch64: We only set the default CPU for TCG domains as KVM requires
  explicit "-cpu host" to work.

- ppc64: The default CPU for KVM is "host" thanks to some hacks in QEMU,
  we will translate the default model to the model corresponding to the
  host CPU ("POWER8" on a Power8 host, "POWER9" on Power9 host, etc.).
  This is not a problem as the corresponding CPU model is in fact an
  alias for "host". This is probably not ideal, but it's not wrong and
  the default virtual CPU configured by libvirt is the same QEMU would
  use. TCG uses various CPU models depending on machine type and its
  version.

- s390x: The default CPU for KVM is "host" while TCG defaults to "qemu".

- x86_64: The default CPU model (qemu64) is not runnable on any host
  with KVM, but QEMU just disables unavailable features and starts
  happily.

https://bugzilla.redhat.com/show_bug.cgi?id=1598151
https://bugzilla.redhat.com/show_bug.cgi?id=1598162

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:07 +01:00
Jiri Denemark
ac89b0549e qemu: Use g_autoptr in qemuDomainDefPostParse
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:06 +01:00
Jiri Denemark
de18836ea7 qemu: Pass virDomainVirtType to APIs dealing with machine types
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:06 +01:00
Michal Privoznik
cdd8a6690e qemu: Forcibly mknod() even if it exists
Another weird bug appeared concerning qemu namespaces. Basically
the problem is as follows:

1) Issue an API that causes libvirt to create a node in domain's
   namespace, say /dev/nvme0n1 with 8:0 as major:minor (the API can
   be attach-disk for instance). Or simply create the node from a
   console by hand.

2) Detach the disk from qemu.

3) Do something that makes /dev/nvme0n1 change it's minor number.

4) Try to attach the disk again.

The problem is, in a few cases - like disk-detach - we don't
remove the corresponding /dev node from the mount namespace
(because it may be used by some other disk's backing chain). But
this creates a problem, because if the node changes its MAJ:MIN
numbers we don't propagate the change into the domain's
namespace. We do plain mknod() and ignore EEXIST which obviously
is not enough because it doesn't guarantee that the node has
updated MAJ:MIN pair.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1752978

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-20 14:05:37 +01:00
Daniel Henrique Barboza
6c63adc4a0 qemu: remove unneeded cleanup labels
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-19 15:22:37 +01:00
Erik Skultety
2816fe2e84 qemu: Fix NULL ptr dereference caused by qemuDomainDefFormatBufInternal
qemuDomainDefFormatBufInternal function wasn't testing whether the CPU
was actually defined in the XML and saving such a domain resulted in the
following backtrace:

0 in qemuDomainMakeCPUMigratable (cpu=0x0)
1 in qemuDomainDefFormatBufInternal()
2 in qemuDomainDefFormatXMLInternal()
3 in qemuDomainDefFormatLive()
4 in qemuDomainSaveInternal()
5 in qemuDomainSaveFlags()
6 in qemuDomainSave()
7 in virDomainSave()

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-18 14:32:49 +01:00
Jonathon Jongsma
95f5ac9ae5 Add API to change qemu agent response timeout
Some layered products such as oVirt have requested a way to avoid being
blocked by guest agent commands when querying a loaded vm. For example,
many guest agent commands are polled periodically to monitor changes,
and rather than blocking the calling process, they'd prefer to simply
time out when an agent query is taking too long.

This patch adds a way for the user to specify a custom agent timeout
that is applied to all agent commands.

One special case to note here is the 'guest-sync' command. 'guest-sync'
is issued internally prior to calling any other command. (For example,
when libvirt wants to call 'guest-get-fsinfo', we first call
'guest-sync' and then call 'guest-get-fsinfo').

Previously, the 'guest-sync' command used a 5-second timeout
(VIR_DOMAIN_QEMU_AGENT_COMMAND_DEFAULT), whereas the actual command that
followed always blocked indefinitely
(VIR_DOMAIN_QEMU_AGENT_COMMAND_BLOCK). As part of this patch, if a
custom timeout is specified that is shorter than
5 seconds,  this new timeout is also used for 'guest-sync'. If there is
no custom timeout or if the custom timeout is longer than 5 seconds, we
will continue to use the 5-second timeout.

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-14 19:10:01 +01:00
Jonathon Jongsma
c66f2be6f1 qemu: use domain caps to validate video device model
As suggested by Cole, this patch uses the domain capabilities to
validate the supported video model types. This allows us to remove the
model type validation from qemu_process.c and qemu_domain.c and
consolidates it all in a single place that will automatically adjust
when new domain capabilities are added.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
2019-11-14 11:37:50 -05:00
Jonathon Jongsma
42cc3eb912 qemu: move validation of video accel to qemu_domain.c
Continue consolidation of video device validation started in previous
patch.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
2019-11-14 11:37:50 -05:00
Jonathon Jongsma
425310d1c8 qemu: validate vhost-user video backend in qemu_domain.c
The goal is to move all of the video device validation to a single place
and use domain caps to validate the supported video device models. Since
qemuDomainDeviceDefValidateVideo() is called from
qemuProcessStartValidate(), these changes should not change anny
behavior.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
2019-11-14 11:37:50 -05:00
Jonathon Jongsma
c69e6edea3 qemu: use g_autoptr in qemuDomainDeviceDefValidate()
This allows us to simplify the function and avoid jumping to 'cleanup'.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
2019-11-14 11:37:50 -05:00
Jonathon Jongsma
ed831437af qemu: fix domain device validation
When the virDomainCapsDeviceDefValidate() function returned an error
status (-1), we were aborting the function early, but returning the
default return value (0). This patch properly returns an error in that
case.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
2019-11-14 11:37:50 -05:00
Peter Krempa
794c9ec535 qemu: domain: Use g_file_read_link instead of virFileReadLink
In an effort to remove as much gnulib usage as possible let's
reimplement virFileReadLink. Since it's used in two places only I opted
to open-code it.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-14 12:42:09 +01:00
Ján Tomko
9985679c0a Remove VIR_STRDUP usage that snuck in
Fixes: 224d269f19

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-13 17:01:38 +01:00
Peter Krempa
107f7a2d16 qemu: domain: Convert child buffers to use VIR_BUFFER_INIT_CHILD
Use the new helper to initialize child XML element buffers.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-13 09:10:30 +01:00
Jiri Denemark
9cd03f7957 cpu_map: Drop pconfig from Icelake-Server CPU model
The pconfig feature was enabled in QEMU by accident in 3.1.0. All other
newer versions do not support it and it was removed from the
Icelake-Server CPU model in QEMU.

We don't normally change our CPU models even when QEMU does so to avoid
breaking migrations between different versions of libvirt. But we can
safely do so in this specific case. QEMU never supported enabling
pconfig so any domain which was able to start has pconfig disabled.

With a small compatibility hack which explicitly disables pconfig when
CPU model equals Icelake-Server in migratable domain definition, only
one migration scenario stays broken (and there's nothing we can do about
it): from any host to a host with libvirt < 5.10.0 and QEMU > 3.1.0.

https://bugzilla.redhat.com/show_bug.cgi?id=1749672

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-12 20:14:16 +01:00
Michal Privoznik
8eaa708991 Use g_strdup_vprintf() instead of virVasprintf() everywhere
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-12 16:15:59 +01:00
Michal Privoznik
d4e5b98330 qemu: Use g_strdup_printf() instead of virAsprintf()
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-12 16:15:58 +01:00
Michal Privoznik
1faf74050f qemu: Warn on possibly incorrect usage of EnterMonitor*
The qemuDomainObjEnterMonitor() should not be called without a
job set. Catch this error and produce a warning message if such
call occurred.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com>
2019-11-08 16:25:46 +01:00
Andrea Bolognani
54f60ef9af qemu: Validate ARM CPU features
This introduces semantic validation for SVE-related features,
preventing the user from combining them in invalid ways; it also
automatically enables overall SVE support if any SVE vector
length has been enabled by the user to make sure QEMU behaves
correctly.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Tested-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-07 16:09:20 +01:00
Peter Krempa
bf0e7bdeeb util: xml: Make virXMLFormatElement void
Now that we don't have to deal with errors of virBuffer we can also make
this function void.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-10-24 19:35:34 +02:00
Peter Krempa
0967708b81 util: buffer: Remove virBufferCheckError
The function now does not return an error so we can drop it fully.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-10-24 19:35:34 +02:00
Pavel Hrdina
5f92046b77 m4: virt-selinux: remove obsolete checks
All OSes that we support have libselinux >= 2.5 except for Ubuntu 16.04
where the version is 2.4.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-10-23 14:30:50 +02:00
Peter Krempa
5bf573f62b Replace virDomainDiskByName by virDomainDiskByTarget in appropriate cases
In many cases we used virDomainDiskByName to solely look up disk by
target. We have a new helper now so we can replace it.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-10-21 16:29:18 +02:00
Peter Krempa
ec042d3731 qemu: domain: Tolerate NULL @disk in qemuDomainPrepareDiskSourceData
In some cases we want to prepare a @src which is not meant to belong to
a disk and thus does not require us to copy the data. Allow passing in
NULL @disk into qemuDomainPrepareDiskSourceData.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-10-21 16:29:05 +02:00
Peter Krempa
b663201b23 qemu: domain: clarify sematics of qemuDomainPrepareDiskSourceData
Note in the comment that this function prepares the storage source based
on the configuration of the disk.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-10-21 16:29:05 +02:00
Peter Krempa
08e0ffe8f5 qemu: domain: Remove pointless return value in qemuDomainPrepareDiskSourceData
The function does not do anything that could fail. Remove the return
value.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-10-21 16:29:05 +02:00
Peter Krempa
aef87271be qemu: domain: Split out setup of virStorageSource from qemu driver config
qemuDomainPrepareDiskSourceData historically prepared everything but
we've split out the majority of the functionality so that it sets up
predominately only according to the configuration of the disk. There
was one leftover bit of setting the gluster debug level from the config.

Split this out into a separate function so that
qemuDomainPrepareDiskSourceData only prepares based on the disk.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
ACKed-by: Eric Blake <eblake@redhat.com>
2019-10-21 16:28:02 +02:00
Michal Privoznik
224d269f19 qemuDomainGetHostdevPath: Drop @freeTmpPath
The @freeTmpPath boolean is used to determine if @tmpPath holds
an allocated memory or is a pointer to a constant string and
therefore if it needs to be freed or not when returning from the
function. Well, we can unify the way we set @tmpPath so that it
always holds an allocated memory and thus always must be freed.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-10-21 13:50:24 +02:00
Michal Privoznik
69a66f1319 qemu_domain: Drop few useless checks in qemuDomainGetHostdevPath
There are three cases where vir*DeviceGetPath() returns a const
string. In these cases, the string is initialized in
corresponding vir*DeviceNew() calls which fail if string couldn't
be allocated. There's no point in checking the second time if the
string is NULL.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-10-21 13:50:24 +02:00
Michal Privoznik
78f0f2d273 qemu: Introduce qemuDomainNeedsVFIO
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-10-21 13:50:24 +02:00
Michal Privoznik
82a2486236 virhostdev: Introduce and use virHostdevIsVFIODevice
In some places we need to check if a hostdev has VFIO backend.
Because of how complicated virDomainHostdevDef structure is, the
check consists of three lines. Move them to a function and
replace all checks with the function call.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-10-21 13:50:23 +02:00
Ján Tomko
ce36e33c10 qemu: use g_strdup instead of VIR_STRDUP
Replace all occurrences of
  if (VIR_STRDUP(a, b) < 0)
     /* effectively dead code */
with:
  a = g_strdup(b);

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-21 12:51:57 +02:00
Ján Tomko
7b48bb8ca0 Use g_strdup to fill in default values
Replace:
  if (!s && VIR_STRDUP(s, str) < 0)
    goto;
with:
  if (!s)
    s = g_strdup(str);

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-21 12:51:55 +02:00
Ján Tomko
64023f6d21 Use g_strdup instead of ignoring VIR_STRDUP's value
Replace all the occurrences of
  ignore_value(VIR_STRDUP(a, b));
with
  a = g_strdup(b);

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-21 12:51:55 +02:00
Julio Faracco
71519d4638 qemu: Generate 'xres' and 'yres' for QEMU video devices
This commit let QEMU command line define 'xres' and 'yres' properties
if XML contains both properties from video model: based on resolution
fields 'x' and 'y'. There is a conditional structure inside
qemuDomainDeviceDefValidateVideo() that validates if video model
supports this feature. This commit includes the necessary changes to
cover resolution for 'video-qxl-resolution' test cases too.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
2019-10-17 16:18:34 -04:00
John Ferlan
7fb2d1339a qemu: Use consistent error preservation and restoration calls
Provide some consistency over error message variable name and usage
when saving error messages across possible other errors or possibility
of resetting of the last error.

Instead of virSaveLastError paired up with virSetError and virFreeError,
we should use the newer virErrorPreserveLast and virRestoreError.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-16 15:24:41 -04:00
Ján Tomko
72a1bb8e4c qemu: use g_steal_pointer instead of VIR_STEAL_PTR
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-16 15:59:42 +02:00
Ján Tomko
483a14f871 Remove all usage of VIR_RETURN_PTR
Prefer:
    return g_steal_pointer(&ptr);

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-16 15:59:41 +02:00
Ján Tomko
2b390b97b4 Use g_autoptr instead of VIR_AUTOUNREF
Now that all the types using VIR_AUTOUNREF have a cleanup func defined
to virObjectUnref, use g_autoptr instead of VIR_AUTOUNREF.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-16 12:06:44 +02:00
Ján Tomko
45678bd70a Use g_autoptr instead of VIR_AUTOPTR
Since commit 44e7f02915
    util: rewrite auto cleanup macros to use glib's equivalent

VIR_AUTOPTR aliases to g_autoptr. Replace all of its use by the GLib
macro version.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-16 12:06:43 +02:00
Ján Tomko
1e2ae2e311 Use g_autofree instead of VIR_AUTOFREE
Since commit 44e7f02915
    util: rewrite auto cleanup macros to use glib's equivalent

VIR_AUTOFREE is just an alias for g_autofree. Use the GLib macros
directly instead of our custom aliases.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-16 12:06:43 +02:00
Ján Tomko
2b2c67b401 virbuffer: use g_auto directly for virBuffer
Since commit 44e7f02915
    util: rewrite auto cleanup macros to use glib's equivalent

VIR_AUTOCLEAN is just an alias for g_auto. Use the GLib macros
directly instead of our custom aliases.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-16 12:06:43 +02:00
Ján Tomko
67e72053c1 Use G_N_ELEMENTS instead of ARRAY_CARDINALITY
Prefer the GLib version of the macro.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-15 16:14:19 +02:00
Ján Tomko
88131931b8 Use G_GNUC_FALLTHROUGH instead of ATTRIBUTE_FALLTHROUGH
Also define the macro for building with GLib older than 2.60

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-15 16:14:19 +02:00
Pavel Mores
b5308a1205 qemu: fix EFI nvram removal on domain undefine
When undefining a UEFI domain its nvram file has to be properly handled as
well.  It's mandatory to use one of --nvram and --keep-nvram options when
'virsh undefine <domain>' is issued for a UEFI domain.  To fix the bug as
reported, virsh should return an error message if neither option is used
and the nvram file should be removed when --nvram is given.

The cause of the problem is that when qemuDomainUndefineFlags() is invoked
on an inactive domain the path to its nvram file is empty.  This commit
aims to fix this by formatting and filling in the path in time for the
nvram removal code to run properly.

https://bugzilla.redhat.com/show_bug.cgi?id=1751596

Signed-off-by: Pavel Mores <pmores@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-15 13:39:54 +02:00
Ján Tomko
ada7596b92 qemu: use G_GNUC_UNUSED
Use G_GNUC_UNUSED from GLib instead of ATTRIBUTE_UNUSED.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-15 11:25:24 +02:00
Daniel P. Berrangé
6c748c8e2d util: use glib base64 encoding/decoding APIs
Replace use of the gnulib base64 module with glib's own base64 API family.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-10-14 10:54:42 +01:00
Daniel Henrique Barboza
cab3ea2303 qemu: Implement the ccf-assist pSeries feature
This patch adds the implementation of the ccf-assist pSeries
feature, based on the QEMU_CAPS_MACHINE_PSERIES_CAP_CCF_ASSIST
capability that was added in the previous patch.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-10-09 17:51:47 -04:00
Jonathon Jongsma
fd03d0e692 qemu: add a new video device model 'ramfb'
This device is a very simple framebuffer device supported by qemu that
is mostly intended to use as a boot framebuffer in conjunction with a
vgpu. However, there is also a standalone ramfb device that can be used
as a primary display device and is useful for e.g. aarch64 guests where
different memory mappings between the host and guest can prevent use of
other devices with framebuffers such as virtio-vga.

https://bugzilla.redhat.com/show_bug.cgi?id=1679680 describes the
issues in more detail.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
2019-10-09 14:52:49 -04:00
Pavel Mores
ca437d0603 qemu: Refuse partitions in disk targets
The way in which the qemu driver generates aliases for disks involves
ignoring the partition number part of a target dev name.  This means that
all partitions of a block device and the device itself all end up with the
same alias.  If multiple such disks are specified in XML, the resulting
name clash makes qemu invocation fail.

Since attaching partitions to qemu VMs doesn't seem to make much sense
anyway, disallow partitions in target specifications altogether.

https://bugzilla.redhat.com/show_bug.cgi?id=1346265

Signed-off-by: Pavel Mores <pmores@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-02 13:54:06 +02:00
Daniel P. Berrangé
227925a2e5 qemu: ensure vhostuser FD is initialized to -1
The video private data was not initializing the vhostuser FD
causing us to attempt to close FD 0 many times over.

Fixes

  commit ca60ecfa8c
  Author: Marc-André Lureau <marcandre.lureau@redhat.com>
  Date:   Mon Sep 23 14:44:36 2019 +0400

      qemu: add qemuDomainVideoPrivate

Since the test suite does not invoke qemuExtDevicesStart(), no
vhost_user_fd will be present when generating test XML. To deal
with this we can must a fake FD number. While the current XML
is using FD == 0, we pick a very interesting number that's unlikely
to be a real FD, so that we're more likely to see any mistakes
closing the invalid FD.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-09-30 13:08:43 +01:00
Peter Krempa
6227d9806f qemu: domain: Base block job interlocking on QEMU_CAPS_INCREMENTAL_BACKUP
The QEMU_CAPS_INCREMENTAL_BACKUP will be enabled once all bits of the
incremental backup feature work as expected which means also properly
interacting with blockjobs and snapshots.

Thus we can allow blockjobs and snapshots if QEMU_CAPS_INCREMENTAL_BACKUP
is present even when checkpoints exist.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2019-09-30 13:12:56 +02:00
Peter Krempa
9dde58e1c3 qemu: Aggregate interlocking of blockjobs by checkpoints in one place
Rather than having to fix 5 places once we support the combination, add
a function called by all the blockjob/snapshot APIs.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2019-09-30 13:12:56 +02:00
Peter Krempa
b3d8c03c69 qemu: domain: Move checkpoint related code to qemu_checkpoint.c
Finish the refactor by moving and renaming functions from qemu_domain.c

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2019-09-30 13:12:56 +02:00
Peter Krempa
75f4a7b2c7 qemu: Move, rename and export qemuDomObjFromDomain
Move it to qemu_domain.c and rename it to qemuDomainObjFromDomain. This
will allow reusing it after splitting out checkpoint code from
qemu_driver.c.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-09-27 15:23:41 +02:00
Marc-André Lureau
fc91a182d7 qemu: add vhost-user-gpu helper unit
Similar to the qemu_tpm.c, add a unit with a few functions to
start/stop and setup the cgroup of the external vhost-user-gpu
process. See function documentation.

The vhost-user connection fd is set on qemuDomainVideoPrivate struct.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-09-24 13:19:09 -04:00
Marc-André Lureau
ca60ecfa8c qemu: add qemuDomainVideoPrivate
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-09-24 13:19:09 -04:00
Marc-André Lureau
6396a478f4 qemu: check that qemu is vhost-user-vga capable
To support virtio VGA with vhost-user, vhost-user-vga device is necessary.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-09-24 12:29:33 -04:00
Laine Stump
3cff23f7f1 qemu: move runtime netdev validation into a separate function
The same validation should be done for both static network devices and
hotplugged devices, but they are currently inconsistent. Move all the
relevant validation from qemuBuildInterfaceCommandLine() into the new
function qemuDomainValidateActualNetDef() and call the latter from
the former.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-09-15 20:17:55 -04:00
Eric Farman
4b2998432a qemu: Refactor the max memlock routine
Let's pull this hunk out into a function, so it can be reused
in another codepath that needs to do the same thing.

Signed-off-by: Eric Farman <farman@linux.ibm.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2019-09-09 16:39:52 +02:00
Marc-André Lureau
0755234389 qemu: add a flag to the cookie to prevent slirp-helper setup
For VM started and migrated/saved without slirp-helpers, let's prevent
the automatic setup (as it would fail to migrate otherwise).

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-09-06 12:47:47 +02:00
Marc-André Lureau
6d5a9b9ed0 qemu-domain: save and restore slirp state
Save & restore the slirp helper PID associated with a network
interface & the probed features.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-09-06 12:47:47 +02:00
Marc-André Lureau
5d732dbb35 qemu: add qemuDomainNetworkPrivate
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-09-06 12:47:47 +02:00
Marc-André Lureau
2b0251af68 qemu: add dbus-vmstate
Add dbusVMStates to keep a list of dbus-vmstate objects needed for
migration. They are populated on the command line during start or
qemuDBusVMStateAdd/Remove() will hotplug them as needed.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-09-06 12:47:47 +02:00
Peter Krempa
510d154a0b qemu: Prevent storage causing too much nested XML
Since libvirt stores the backing chain into the XML in a nested way it
is the prime possibility to hit libxml2's parsing limit of 256 layers.

Introduce code which will crawl the backing chain and verify that it's
not too deep. The maximum nesting is set to 200 layers so that there's
still some space left for additional properties or nesting into snapshot
XMLs.

The check is applied to all disk use cases (starting, hotplug, media
change) as well as block copy which changes image and snapshots.

We simply report an error and refuse the operation.

Without this check a restart of libvirtd would result in the status XML
failing to be parsed and thus losing the VM.

https://bugzilla.redhat.com/show_bug.cgi?id=1524278

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-09-06 08:12:21 +02:00
Peter Krempa
7d60b1f45f qemu: domain: Refactor cleanup in qemuDomainDetermineDiskChain
Use VIR_AUTOUNREF and get rid of the cleanup label.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-09-06 08:12:21 +02:00
Jiri Denemark
f709377301 qemu: Fix qemuDomainObjTaint with virtlogd
When virtlogd is used to capture QEMU's stdout, qemuDomainObjTaint would
always fail to write the message to the log file when QEMU is already
running (i.e., outside qemuProcessLaunch). This can happen during device
hotplug or by sending a custom QEMU guest agent command:

    warning : qemuDomainObjTaint:8757 : Domain id=9 name='blaf'
        uuid=9cfa4e37-2930-405b-bcb4-faac1829dad8 is tainted:
        custom-ga-command
    error : virLogHandlerDomainOpenLogFile:388 : Cannot open log file:
        '/var/log/libvirt/qemu/blaf.log': Device or resource busy
    error : virNetClientProgramDispatchError:172 : Cannot open log file:
        '/var/log/libvirt/qemu/blaf.log': Device or resource busy

The fix is easy, we just need to use the right API for appending a
message to QEMU log file instead of creating a new log context.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-09-05 17:09:34 +02:00
Peter Krempa
ed7e342b0a qemu: domain: Fix potential NULL deref when parsing job private data
A specially crafted XML which would reference a non-existing disk but
request the mirror to be registered with the blockjob could potentially
make the parser dereference NULL. Fix it by moving the code slightly and
just treat it as a wrong job XML. Found by Coverity.

Reported-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-09-03 14:38:34 +02:00
Peter Krempa
a0b61591f2 qemu: Extract and store vCPU properties as qemu returned them
In addition to the data that libvirt needs and extracts internally,
copy and store the whole 'props' JSON sub-object of the data returned by
query-hotpluggable-cpus for future use.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2019-08-29 16:36:26 +02:00
Boris Fiuczynski
0c67a11a4a qemu: support bootindex on vfio-ccw mdev devices
Add support to specify a boot order on vfio-ccw passthrough devices.

Reviewed-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Signed-off-by: Bjoern Walk <bwalk@linux.ibm.com>
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2019-08-28 12:26:43 +02:00
Boris Fiuczynski
1219f0cadc qemu: refactor mdev validation method signatures
Refactoring the method signatures in preparation for
checking boot index of the mediated devices.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Signed-off-by: Bjoern Walk <bwalk@linux.ibm.com>
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2019-08-28 12:26:06 +02:00
Boris Fiuczynski
1aed9d84f9 qemu: make error messages device specific
Changing the error messages to report the problem encountered.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Signed-off-by: Bjoern Walk <bwalk@linux.ibm.com>
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2019-08-28 12:25:16 +02:00
Boris Fiuczynski
182659d8bd qemu: move hostdev boot validation into domain validation
Moving the hostdev boot support validation from the command line
generator code into the domain validation code.

Reviewed-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Signed-off-by: Bjoern Walk <bwalk@linux.ibm.com>
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2019-08-28 12:22:51 +02:00
Ján Tomko
66877835ec qemu: move TPM vaildation to qemuDomainDeviceDefValidateTPM
Simplify the command line formatter by complicating the validator.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-08-22 11:27:31 +02:00
Ján Tomko
6602551031 xml: namespaces: use uri instead of href
Store the namespace URI as const char*, instead of in a function.

Suggested-by: Jiri Denemark <jdenemar@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2019-08-21 11:59:33 +02:00
Ján Tomko
6f2819ef20 conf: domain: use virXMLNamespaceRegister
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2019-08-21 10:29:22 +02:00
Ján Tomko
56ecb33102 conf: domain: use virXMLNamespaceFormatNS
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2019-08-21 10:29:21 +02:00
Ján Tomko
34b1430262 conf: domain: store namespace prefix
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2019-08-21 10:29:20 +02:00
Ján Tomko
126ac61ea3 conf: domain: use generic XML namespace types
Now that virDomainXMLNamespace matches virXMLNamespace,
we no longer need to keep both around.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2019-08-21 10:29:20 +02:00
Ján Tomko
991dcd9f5f virDomainDefNamespaceParse: remove unused attributes
Neither the xmlDocPtr nor the root xmlNode (also passed
in the XPathContext) are interesting to the callees.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2019-08-21 10:29:19 +02:00
Peter Krempa
ce7229a3b0 qemu: Add blockdev support for the block copy job
Implement job handling for the block copy job (drive/blockdev-mirror)
when using -blockdev. In contrast to the previously implemented
blockjobs the block copy job introduces new images to the running qemu
instance, thus requires a bit more handling.

When copying to new images the code now makes use of blockdev-create to
format the images explicitly rather than depending on automagic qemu
behaviour.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-08-16 13:26:10 +02:00
Peter Krempa
545edb2502 qemu: Introduce code for blockdev-create
QEMU finally exposes an interface which allows us to instruct it to
format or create arbitrary images. This is required for blockdev
integration of block copy and snapshots as we need to pre-format images
prior to use with blockdev-add.

This path introduces job handling and also helpers for formatting and
attaching a whole image described by a virStorageSource.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-08-16 13:26:10 +02:00
Peter Krempa
41ac166c6c qemu: domain: Add 'break' after formatting commit job status XML
In commit 3f93884a4d where the job handling of commit jobs with
blockdev was added I've forgot to add a 'break' in the switch fomatting
the status XML. Thankfully this would not be a problem as the cases
where this fell through didn't have any code.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-08-16 13:26:10 +02:00
Peter Krempa
016584c52c qemu: blockjob: Remove qemuBlockJobDiskRegisterMirror
The utility of the function is extremely limited as for block copy
we need to register the mirror chain earlier than when it's set with the
disk. This means that it would be open-coded in that case.

Avoid any weird usage and just open-code the only current usage, remove
the function, and reword the docs.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-08-16 13:26:10 +02:00
Peter Krempa
734352d434 qemu: domain: Allow formatting top source only in qemuDomainObjPrivateXMLFormatBlockjobFormatChain
Rename qemuDomainObjPrivateXMLFormatBlockjobFormatChain to
qemuDomainObjPrivateXMLFormatBlockjobFormatSource and add a 'chain'
parameter which allows controlling whether the backing chain is
formatted.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-08-16 13:26:10 +02:00
Wim ten Have
cb12c59dac qemu: support for kvm-hint-dedicated performance hint
QEMU version 2.12.1 introduced a performance feature under commit
be7773268d98 ("target-i386: add KVM_HINTS_DEDICATED performance hint")

This patch adds a new KVM feature 'hint-dedicated' to set this performance
hint for KVM guests. The feature is off by default.

To enable this hint and have libvirt add "-cpu host,kvm-hint-dedicated=on"
to the QEMU command line, the following XML code needs to be added to the
guest's domain description in conjunction with CPU mode='host-passthrough'.

  <features>
    <kvm>
      <hint-dedicated state='on'/>
    </kvm>
  </features>
  ...
  <cpu mode='host-passthrough ... />

Signed-off-by: Wim ten Have <wim.ten.have@oracle.com>
Signed-off-by: Menno Lageman <menno.lageman@oracle.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-08-12 15:13:04 +02:00
Maxiwell S. Garcia
38d2e03368 qemu: check if numa cell's cpu range match with cpu topology count
QEMU shows a warning message if partial NUMA mapping is set. This patch
adds a warning message in libvirt when editing the XML. It must be an
error in future, when QEMU remove this ability.

Signed-off-by: Maxiwell S. Garcia <maxiwell@linux.ibm.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-08-09 15:43:09 +02:00
Jiri Denemark
900c595249 qemu: Pass qemuCaps to qemuDomainDefFormatBufInternal
Since qemuDomainDefPostParse callback requires qemuCaps, we need to make
sure it gets the capabilities stored in the domain's private data if the
domain is running. Passing NULL may cause QEMU capabilities probing to
be triggered in case QEMU binary changed in the meantime. When this
happens while a running domain object is locked, QMP event delivered to
the domain before QEMU capabilities probing finishes will deadlock the
event loop.

This patch fixes all paths leading to qemuDomainDefFormatBufInternal.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-08-09 13:55:54 +02:00
Jiri Denemark
a42f889591 qemu: Pass qemuCaps to qemuDomainDefCopy
Since qemuDomainDefPostParse callback requires qemuCaps, we need to make
sure it gets the capabilities stored in the domain's private data if the
domain is running. Passing NULL may cause QEMU capabilities probing to
be triggered in case QEMU binary changed in the meantime. When this
happens while a running domain object is locked, QMP event delivered to
the domain before QEMU capabilities probing finishes will deadlock the
event loop.

This patch fixes all paths leading to qemuDomainDefCopy.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-08-09 13:55:54 +02:00
Cole Robinson
d1830fba7f qemu: Move rng model validation to domcaps
The qemu driver already does some <rng> model validation, based on
qemuCaps. However, the logic for exposing <rng> model values in domcaps
is basically identical. This drops the qemuCaps checking and compares
against the domCaps data directly.

This approach makes it basically impossible to add a new <rng> model to
the qemu driver without extending domcaps. The validation can also
be shared with other drivers eventually.

Reviewed-by: Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-08-06 19:45:50 -04:00
Cole Robinson
b66ca0220a qemu: domain: Call virDomainCapsDeviceDefValidate
Fill in virDomainCaps at Validate time and use it to call
virDomainCapsDeviceDefValidate

Reviewed-by: Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-08-06 19:45:50 -04:00
Michal Privoznik
610858d282 qemu_domain: Separate VFIO code
This piece of code will be re-used later.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
2019-08-06 11:21:43 +02:00
Michal Privoznik
22fc83df92 qemuDomainDeviceDefValidateDisk: Reorder some checks
I find this function more readable if checks for passed storage
source are done first and backing chain is done last. Mixing them
together does not hurt, but is less readable.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
2019-08-06 11:20:35 +02:00
Eric Blake
3a204b036f backup: Wire up qemu checkpoint commands over QMP
Time to actually issue the QMP transactions that create and delete
persistent checkpoints, resolving TODOs intentionally left earlier in
the series.  For create, we only need one transaction: inside, we
visit all disks affected by the checkpoint, and create a new enabled
bitmap, as well as disabling the bitmap of the first ancestor
checkpoint (if any) that also had a bitmap.  For deletion, we need
multiple QMP calls: for each disk, if there is an ancestor checkpoint
with a bitmap, then the bitmap must be merged (including activating
the ancestor bitmap if the leaf node changes), all before deleting the
bitmap from the checkpoint being removed.

Signed-off-by: Eric Blake <eblake@redhat.com>
2019-07-29 08:15:31 -05:00
Eric Blake
e3a4b8f461 backup: qemu: Add helper API for looking up node name
Qemu bitmap operations require knowing the node name associated with
the format layer (the qcow2 file); as upcoming patches will be
grabbing that information frequently, make a helper function to access
it.

Another potential benefit of this function is that we have a single
place where we could insert a QMP node-name scraping call if we don't
currently know the node name, when -blockdev is not supported;
however, the goal is that we hopefully don't ever have to do that
because we instead scrape node names only at the point where they
change.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-29 08:15:11 -05:00
Eric Blake
5f4e079650 backup: qemu: Implement metadata tracking for checkpoint APIs
A lot of this work heavily copies from the existing snapshot APIs.
What's more, this patch is (intentionally) very similar to the
checkpoint code just added in the test driver, to the point that qemu
checkpoints are not fully usable in this patch, but it at least
bisects and builds cleanly.  The separation between patches is done
because the grunt work of saving and restoring XML and tracking
relations between checkpoints is common to the test driver, while the
later patch adding integration with QMP is specific to qemu.

Also note that the interlocking to prevent checkpoints and snapshots
from existing at the same time will be a separate patch, to make it
easier to revert that restriction when we finally round out the design
for supporting interaction between the two concepts.

Signed-off-by: Eric Blake <eblake@redhat.com>
2019-07-29 08:09:13 -05:00
Peter Krempa
3f93884a4d qemu: Add -blockdev support for block commit job
Introduce the handler for finalizing a block commit and active bloc
commit job which will allow to use it with blockdev.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-29 13:58:26 +02:00
Peter Krempa
1bf3808207 qemu: Add -blockdev support for block pull job
Introduce the handler for finalizing a block pull job which will allow
to use it with blockdev.

This patch also contains some additional machinery which is required to
store all the relevant job data in the status XML which will also be
reused with other block job types.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-29 13:58:25 +02:00
Peter Krempa
dae7d01322 qemu: blockjob: Register disk->mirror with a job only when required
The <mirror> subelement is used in two ways: in a commit job to point to
existing storage, and in a block-copy job to point to additional
storage. We need a way to track only the distinct storage.

This patch introduces qemuBlockJobDiskRegisterMirror which registers the
mirror chain separately only for jobs which require it. This also comes
with remembering that in the status XML.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
ACKed-by: Eric Blake <eblake@redhat.com>
2019-07-25 13:21:33 +02:00
Peter Krempa
0a9fd83240 qemu: Detect managed persistent reservations in block job orphan chains
The PR manager is a property of the format layer in qemu so we need to
be able to track it also in the chains of orphaned block jobs.

Add a helper for qemu to look also into the blockjob state.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-18 17:59:34 +02:00
Peter Krempa
b3f8ad07dd qemu: blockjob: Track orphaned backing chains in blockjob status XML
When the guest unplugs the disk frontend libvirt is responsible for
deleting the backend. Since a blockjob may still have a reference to the
backing chain when it is running we'll have to store the metadata for
the unplugged disk for future reference.

This patch adds 'chain' and 'mirrorChain' fields to 'qemuBlockJobData'
to keep them around with the job along with status XML machinery and
tests. Later patches will then add code to change the ownership of the
chain when unplugging the disk backend.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-18 17:59:34 +02:00
Peter Krempa
cbf4e3af70 qemu: Add handler for job state change event
Add support for handling the event either synchronously or
asynchronously using the event thread.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-18 17:59:34 +02:00
Peter Krempa
4cc4357f3e qemu: blockjob: Save status XML when modifying job state
Now that block job data is stored in the status XML portion we need to
make sure that everything which changes the state also saves the status
XML. The job registering function is used while parsing the status XML
so in that case we need to skip the XML saving.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-18 17:59:34 +02:00
Peter Krempa
d3158852fa qemu: domain: Store blockjob data in the status XML
We need to store the block job state in the status XML so that we can
properly recover any data when reconnecting after startup and also in
the end to be able to do any transition of the backing chain that
happened while libvirt was not connected to the monitor.

First step is to note the name, type, state and corresponding disk into
the status XML.

We also need to make sure that a broken blockjob does not make libvirt
lose the VM, thus many of the errors just mark the job as invalid.
Later on we'll cancel all invalid jobs.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-18 17:59:34 +02:00
Peter Krempa
acff582915 qemu: domain: Add global table of blockjobs
Block jobs currently belong to disks only so we can look up the block
job data for them in the corresponding disks. This won't be the case
when using blockdev as certain jobs don't even correspond to a disk and
most of them can run on a part of the backing chain.

Add a global table of blockjobs which can be used to look up the data
for the blockjobs when the job events need to be processed.

The table is a hash table organized by job name and has a reference to
the job. New and running jobs will later be added to this table.
Reference counting will allow to reap job state for synchronous callers.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-18 17:59:34 +02:00
Peter Krempa
a3b0e09242 qemu: domain: Add helper for saving config XML
Similarly to qemuDomainSaveStatus add a helper to save the config XML
named qemuDomainSaveConfig.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-18 17:59:34 +02:00
Peter Krempa
997746b2df qemu: domain: Repurpose and export helper for saving domain status XML
Rename qemuDomainObjSaveJob and create a wrapper for it which does not
require 'driver' to be passed and export it so that other palces can
easily save the status XML without having to invoke virDomainSaveStatus
which has unpleasing parameters.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-18 17:59:34 +02:00
Peter Krempa
b84c09f41a qemu: domain: Export qemuDomainPrepareStorageSourceBlockdev
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-18 17:59:34 +02:00
Ján Tomko
acef350080 qemu: introduce qemuDomainDeviceDefValidateFS
Move validation of the filesystem device out of qemu_command.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
2019-07-16 17:00:37 +02:00
Michal Privoznik
7711a7346a qemu: Relax os.loader->type check when validating domain
When validating a domain among all the checks there are two that
concern VIR_DOMAIN_LOADER_TYPE_PFLASH specifically. The first
check ensures that on x86 ACPI is enabled when UEFI is requested,
the second ensures that UEFI is used when ACPI is requested on
aarch64. However, check for UEFI is done by plain comparison of
def->os.loader->type which is insufficient because we have
def->os.firmware too.

NB, this wouldn't be a problem for active domain, because on
startup process def->os.loader->type gets filled by
qemuFirmwareEnableFeatures(), but that's not the case for
inactive domains.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1729604

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2019-07-15 13:24:09 +02:00
Jonathon Jongsma
e579f5300b qemu: add 'bochs' video display type
Update schema and configuration to allow specifying new video type of
'bochs'. Add implementation and tests for qemu.

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2019-07-15 10:21:21 +02:00
Ján Tomko
173a191cfe qemu: stop formatting json='1' in status XML
For quite some time now it is impossible to connect to a domain
using a HMP monitor, so there is no point in formatting it in the status
XML.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
2019-07-11 16:19:12 +02:00
Michal Privoznik
9f95552d17 qemu: De-duplicate some path definitions
There are some paths (e.g. /dev/vfio/vfio or /dev/mapper/control)
which are defined in qemu_domain.c and then in qemu_cgroup.c
again. This is suboptimal. Let's move paths into qemu_domain.h and
drop duplicate definitions.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2019-07-03 09:33:45 +02:00
Peter Krempa
7d5b283065 qemu: Supply correct default type for 'dir' based VIR_STORAGE_TYPE_VOLUME
Our code would skip adding the default type in this cases, but since we
know that the only reasonable option here is 'fat' we can add it while
starting the VM.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-26 12:28:31 +02:00
Peter Krempa
99917ade0a qemu: domain: Allow 'VIR_STORAGE_TYPE_VOLUME' disks with 'fat' format
The storage volume may in fact convert into a directory when starting
the VM so that it may be actually possible to use it.

This is a regression caused by c9b27af32d as moving the check to
validation time without adjustment causes problems as the volumes are
not translated yet.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-26 12:28:31 +02:00
Peter Krempa
2cb86fc260 qemu: Implement support for 'capability_filters' config option
Filter out the given capabilities and set domain taint if we've done so.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-21 15:24:06 +02:00
Peter Krempa
3616ec3927 qemu: domain: Add support for modifying qemu capability list via qemu namespace
For testing purposes it's sometimes desired to be able to control the
presence of capabilities of qemu. This adds the possibility to do this
via the qemu namespace.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-21 15:24:06 +02:00
Peter Krempa
c6da5913d9 qemu: Add support for controling qemu capabilities via the qemu XML namespace
Similarly how we allow adding arbitrary command line arguments and
environment variables this patch introduces the ability to control
libvirt's perception of the qemu process by tweaking the capability bits
for testing purposes.

The idea is to allow developers and users either test a new feature by
enabling it early or disabling it to see whether it introduced
regressions.

This feature is not meant for production use though, so users should
handle it with care.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-21 15:24:06 +02:00
Peter Krempa
f1ded974c3 qemu: domain: Split out commandline namespace data formatting
Separate it from qemuDomainDefNamespaceFormatXML.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-21 15:24:06 +02:00
Peter Krempa
8b0a389d2b qemu: Refactor qemuDomainDefNamespaceParse
Rename 'cmd' to 'nsdef' and improve the control flow.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-21 15:24:06 +02:00
Peter Krempa
a858b77754 qemu: Extract parsing of qemu namespace env vars into separate function
Simplify the main function by splitting out how we parse the extra
passthrough environment variables.

Note that the validation function checks that the first letter must be a
character or underscore which makes the check whether the name is
redundant.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-21 15:24:06 +02:00
Peter Krempa
3f76419a05 qemu: Extract parsing of qemu namespace arguments into separate function
Simplify the main function by splitting out how we parse the extra
passthrough commandline arguments.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-21 15:24:06 +02:00
Peter Krempa
ad4b08fa50 qemu: domain: Use virStringListFreeCount in qemuDomainXmlNsDefFree
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-21 15:24:06 +02:00
Peter Krempa
a967b2f0bd qemu: Move qemuDomainXmlNsDef(Free) from qemu_conf.(ch)
qemu_conf.c deals with the configuration file. Better fit for the
structure and freeing function will be qemu_domain.c where the rest of
the namespace parsing/formatting stuff resides.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-21 15:24:06 +02:00
Peter Krempa
99759126f7 qemu: Rename qemuDomainCmdlineDefPtr to qemuDomainXmlNsDefPtr
The data injected via the namespace may contain also other things than
commandline passthrough definitions. Rename it to make it more
universal.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-21 15:24:06 +02:00
Ján Tomko
466764346d qemu: domain: remove monJSON field
If we have a monitor, it is a JSON monitor.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
2019-06-20 13:47:41 +02:00
Ján Tomko
011f4eb124 qemu: assume monJSON is always true
Now that we no longer support the HMP monitor, remove some dead code.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
2019-06-20 13:47:41 +02:00
Andrea Bolognani
89afb9f594 qemu: Validate spapr-vio addresses
According to sPAPR, addresses are 32-bit rather than 64-bit.
Update qemuDomainDeviceDefValidateAddress() accordingly.

https://bugzilla.redhat.com/show_bug.cgi?id=1598657

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-06-20 12:49:59 +02:00
Andrea Bolognani
ad9b36efcd qemu: Rework qemuDomainDeviceDefValidateAddress()
Introduce a switch() statement and prepare for validating
more address types than just PCI.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-06-20 12:49:58 +02:00
Peter Krempa
bd843409a4 qemu: Move QEMU_QXL_VGAMEM_DEFAULT macro
qemu_domain.c is now the only place that uses it, so we can move it from
qemu_parse_command.h

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2019-06-20 12:15:05 +02:00
Peter Krempa
e6635c626a qemu: domain: Log some useful data in qemuDomainStorageSourceAccessModify
Log the flags passed to the function in a exploded state so that it's
easily visible what's happening to the image.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-13 09:43:02 +02:00
Peter Krempa
4c4953fb37 qemu: domain: Allow forcing images to read-write in qemuDomainStorageSourceAccessAllow
In commit 76b9aba2ba I refactored how the function treats the readonly
flag which introduced a bug when we'd not allow to force read-write
state for an image.

This created problems with blockjobs where we need to temporarily
force images to have read-write permissions.

Rename QEMU_DOMAIN_STORAGE_SOURCE_ACCESS_READ_ONLY to
QEMU_DOMAIN_STORAGE_SOURCE_ACCESS_FORCE_READ_ONLY and also introduce
a complement QEMU_DOMAIN_STORAGE_SOURCE_ACCESS_FORCE_READ_WRITE which
will allow to force write access.

https://bugzilla.redhat.com/show_bug.cgi?id=1717768

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-12 09:40:02 +02:00
Peter Krempa
9961e7799a qemu: domain: Fix logic bug in qemuDomainStorageSourceAccessAllow
In commit 76b9aba2ba I tried to refactor qemuDomainStorageSourceAccessAllow
but used wrong operators for adding bitwise flags.

This way the flags would result in 0 if any of them would be applied.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-12 09:40:02 +02:00
Andrea Bolognani
b645f0fcb4 qemu: Move capability checks for IOMMU features
All current IOMMU features are specific to Intel IOMMU, so
understandably we check for the corresponding capabilities
inside the Intel-specific switch() branch; however, we want
to make sure SMMUv3 IOMMU users get an error if they try to
enable any of those features in their guest, and performing
the capability checks unconditionally is both the easiest
way to achieve that, as well as the one least likely to
result in us inadvertently letting users enable some new
Intel-specific IOMMU feature for ARM guests later on.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-03 17:40:54 +02:00
Andrea Bolognani
fc660ae315 qemu: Add validation for SMMUv3 IOMMU
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-03 17:40:52 +02:00
Andrea Bolognani
60f4c41377 conf: Parse and format SMMUv3 IOMMU
SMMUv3 is an IOMMU implementation for ARM virt guests.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-03 17:40:48 +02:00
Andrea Bolognani
dfa631b55a qemu: Fix switch() statements for virDomainIOMMUModel
Ensure unexpected values are dealt with correctly, that
is by invoking virReportEnumRangeError() and immediately
returning a negative value to the caller.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-03 17:40:24 +02:00
Andrea Bolognani
a7a78c273e qemu: Introduce qemuDomainDeviceDefValidateIOMMU()
Device validation should not have to wait until command line
generation time. Moving the code to a separate function also
allows us to avoid some unnecessary repetition.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-05-23 15:19:01 +02:00
Eric Blake
9dd5bc151c qemu: Fix regression with undefine --snapshots-metadata
In refactoring the snapshot code to prepare for checkpoints, I changed
qemuDomainMomentDiscardAll to take a callback that would handle the
cleanup of either a snapshot or a checkpoint, but failed to set the
callback on one of the two snapshot callers.  As a result, 'virsh
undefine $dom --snapshots-metadata' crashed on a NULL function
dereference.

Fixes: a487890d37
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1707708
Signed-off-by: Eric Blake <eblake@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
2019-05-10 10:50:16 -05:00
Eric Blake
098043eddd snapshot: s/current/parent/ as prep for virObject
VIR_CLASS_NEW insists that descendents of virObject have 'parent' as
the name of their inherited base class member at offset 0. While it
would be possible to write a new class-creation macro that takes the
actual field name 'current', and rewrite VIR_CLASS_NEW to call the new
macro with the hard-coded name 'parent', it seems less confusing if
all object code uses similar naming. Thus, this is a mechanical rename
in preparation of making virDomainSnapshotDef a descendent of
virObject.

Signed-off-by: Eric Blake <eblake@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
2019-05-09 09:48:07 -05:00
Eric Blake
36603bc568 snapshot: s/parent/parent_name/ as prep for virObject
VIR_CLASS_NEW insists that descendents of virObject have 'parent' as
the name of their inherited base class member at offset 0. While it
would be possible to write a new class-creation macro that takes the
actual field name, and rewrite VIR_CLASS_NEW to call the new macro
with the hard-coded name 'parent', so that we could make
virDomainMomentDef use a custom name for its base class, it seems less
confusing if all object code uses similar naming. Thus, this is a
mechanical rename in preparation of making virDomainSnapshotDef a
descendent of virObject, when we can no longer use 'parent' for a
different purpose than the base class.

Signed-off-by: Eric Blake <eblake@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
2019-05-09 09:43:41 -05:00
Peter Krempa
76b9aba2ba qemu: Refactor/simplify qemuDomainStorageSourceAccessAllow
Use qemuDomainStorageSourceAccessModify with correct flags to do the
job.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-05-09 15:55:36 +02:00
Peter Krempa
b1fe51c4ba qemu: Mark when modifying access to existing source in qemuDomainStorageSourceAccessModify
Some operations e.g. namespace setup are not necessary when modifying
access to a file which the VM can already access. Add a flag which
allows to skip them.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-05-09 15:55:36 +02:00
Peter Krempa
f50d1b7f49 qemu: Allow skipping the revoke step in qemuDomainStorageSourceAccessModify
In some cases when we need to modify access permissions for a storage
source which is already used by the VM we should not revoke all
permissions on a failure. Allow this in qemuDomainStorageSourceAccessModify
by adding a new flag.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-05-09 15:55:36 +02:00
Peter Krempa
657216b60d qemu: Use bools rather than labels in qemuDomainStorageSourceAccessModify
Rather than jumping to the correct label use a set of booleans to
determine which operation needs to be rolled back. This will allow more
flexibility when e.g. rollback after a failed operation will not be
necessary/desired.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-05-09 15:55:36 +02:00
Peter Krempa
3bb1423883 qemu: Allow forcing read-only mode in qemuDomainStorageSourceAccessModify
Add a new flag which will set the image as read-only even if the image
data allows writing.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-05-09 15:55:36 +02:00
Peter Krempa
3decae00e9 qemu: Refactor/simplify qemuDomainStorageSourceAccessRevoke
Use qemuDomainStorageSourceAccessModify instead of the individual calls.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-05-09 15:55:35 +02:00
Peter Krempa
0304fa2fee qemu: Allow using qemuDomainStorageSourceAccessModify on singe images
Add a new flag QEMU_DOMAIN_STORAGE_SOURCE_ACCESS_CHAIN to select whether
to work on single image or full chain.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-05-09 15:55:35 +02:00
Peter Krempa
6d4136da2a qemu: Convert boolean flags to enum flags in qemuDomainStorageSourceAccessModify
Upcoming patches will add a few more flags. Add an enum to collect them
so that we don't end up with multiple bools.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-05-09 15:55:35 +02:00
Peter Krempa
0ae504d375 qemu: domain: Rename qemuDomainStorageSourceChainAccessPrepare
The function will be able to deal with non-chains too so drop 'Chain'
and also change the suffix to 'Modify' as it's used both for setup and
teardown.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-05-09 15:55:35 +02:00
Peter Krempa
45b9ec5b09 qemu: Split entry points to qemuDomainStorageSourceChainAccessPrepare
Introduce qemuDomainStorageSourceChainAccess(Allow|Revoke) as entry
points to qemuDomainStorageSourceChainAccessPrepare for symmetry with
the functions for single backing chain elements.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-05-09 15:55:35 +02:00
Peter Krempa
3d36d666f8 qemu: Move and rename qemuHotplugPrepareDiskSourceAccess
Move it to qemu_domain.c and call it
qemuDomainStorageSourceChainAccessPrepare.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-05-09 15:55:35 +02:00
Peter Krempa
1a828a578e qemu: Rename qemuDomainDiskChainElement(Revoke|Prepare)
Use qemuDomainStorageSourceAccess(Allow|Revoke) instead.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-05-09 15:55:35 +02:00
Eric Blake
1ec3e39742 conf: Add parameter to virDomainDiskSourceFormat
Commits 4bc42986 and 218c81ea removed virDomainStorageSourceFormat on
the grounds that there were no external callers; however, the upcoming
backup code wants to output a <target> (push mode) or <scratch> (pull
mode) element that is in all other respects identical to a domain's
<source> element, where the previous virDomainStorageSourceFormat fit
the bill nicely. But rather than reverting the commits, it's easier to
just add an additional parameter for the element name to use, and
update all callers.

Signed-off-by: Eric Blake <eblake@redhat.com>
2019-05-06 18:05:17 -05:00
Cole Robinson
84a5e89b31 conf: Add VIR_DOMAIN_DEF_FEATURE_NET_MODEL_STRING
This requires drivers to opt in to handle the raw modelstr
network model, all others will error if a passed in XML value
is not in the model enum.

Enable this feature for libxl/xen/xm and qemu drivers

Acked-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-04-16 13:11:08 -04:00
Cole Robinson
41b002f934 qemu: Partially convert to net model enum
This converts the qemu driver to the net model enum, for all
the model values that we have hardcoded for various checks,
which adds e1000e, virtio-transitional, virtio-non-transitional,
usb-net, spapr-vlan, lan9118, smc91c111

Because the qemu driver has historically also allowed the raw
model string onto the qemu command line, this isn't a full
conversion. Unwinding that will require more thought. However
for all new driver code we should be adding explicit enum
values for any model name we have special handling for.

Remove the now unused virDomainNetStreqModelString

Acked-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-04-16 13:11:08 -04:00
Cole Robinson
6bf7c67699 conf: net: Add wrapper functions for <model> value
To ease converting the net->model value to an enum, add
the wrapper functions:

virDomainNetGetModelString
virDomainNetSetModelString
virDomainNetStreqModelString
virDomainNetStrcaseeqModelString

Acked-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-04-16 13:11:08 -04:00
Daniel Henrique Barboza
1a922648f6 PPC64 support for NVIDIA V100 GPU with NVLink2 passthrough
The NVIDIA V100 GPU has an onboard RAM that is mapped into the
host memory and accessible as normal RAM via an NVLink2 bridge. When
passed through in a guest, QEMU puts the NVIDIA RAM window in a
non-contiguous area, above the PCI MMIO area that starts at 32TiB.
This means that the NVIDIA RAM window starts at 64TiB and go all the
way to 128TiB.

This means that the guest might request a 64-bit window, for each PCI
Host Bridge, that goes all the way to 128TiB. However, the NVIDIA RAM
window isn't counted as regular RAM, thus this window is considered
only for the allocation of the Translation and Control Entry (TCE).
For more information about how NVLink2 support works in QEMU,
refer to the accepted implementation [1].

This memory layout differs from the existing VFIO case, requiring its
own formula. This patch changes the PPC64 code of
@qemuDomainGetMemLockLimitBytes to:

- detect if we have a NVLink2 bridge being passed through to the
guest. This is done by using the @ppc64VFIODeviceIsNV2Bridge function
added in the previous patch. The existence of the NVLink2 bridge in
the guest means that we are dealing with the NVLink2 memory layout;

- if an IBM NVLink2 bridge exists, passthroughLimit is calculated in a
different way to account for the extra memory the TCE table can alloc.
The 64TiB..128TiB window is more than enough to fit all possible
GPUs, thus the memLimit is the same regardless of passing through 1 or
multiple V100 GPUs.

Further reading explaining the background
[1] https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg03700.html
[2] https://www.redhat.com/archives/libvir-list/2019-March/msg00660.html
[3] https://www.redhat.com/archives/libvir-list/2019-April/msg00527.html

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-04-15 07:41:43 +02:00
Daniel Henrique Barboza
cc9f03801c qemu_domain: NVLink2 bridge detection function for PPC64
The NVLink2 support in QEMU implements the detection of NVLink2
capable devices by verifying the attributes of the VFIO mem region
QEMU allocates for the NVIDIA GPUs. To properly allocate an
adequate amount of memLock, Libvirt needs this information before
a QEMU instance is even created, thus querying QEMU is not
possible and opening a VFIO window is too much.

An alternative is presented in this patch. Making the following
assumptions:

- if we want GPU RAM to be available in the guest, an NVLink2 bridge
must be passed through;

- an unknown PCI device can be classified as a NVLink2 bridge
if its device tree node has 'ibm,gpu', 'ibm,nvlink',
'ibm,nvlink-speed' and 'memory-region'.

This patch introduces a helper called @ppc64VFIODeviceIsNV2Bridge
that checks the device tree node of a given PCI device and
check if it meets the criteria to be a NVLink2 bridge. This
new function will be used in a follow-up patch that, using the
first assumption, will set up the rlimits of the guest
accordingly.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-04-15 07:06:52 +02:00
Cole Robinson
1d31526b52 Always put _LAST enums on second line of VIR_ENUM_IMPL
Standardize on putting the _LAST enum value on the second line
of VIR_ENUM_IMPL invocations. Later patches that add string labels
to VIR_ENUM_IMPL will push most of these to the second line anyways,
so this saves some noise.

Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-04-11 12:47:23 -04:00
Peter Krempa
f785318187 Revert "Include unistd.h directly by files using it"
This reverts commit a5e1602090.

Getting rid of unistd.h from our headers will require more work than
just fixing the broken mingw build. Revert it until I have a more
complete proposal.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2019-04-10 12:26:32 +02:00
Peter Krempa
a5e1602090 Include unistd.h directly by files using it
util/virutil.h bogously included unistd.h. Drop it and replace it by
including it directly where needed.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-10 09:12:04 +02:00
Nikolay Shirokovskiy
ab2eaa1492 qemu: Map suspended state reason to suspended event detail
Map is based on existing cases in code where we send suspended
event after changing domain state to paused.

Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2019-04-04 10:36:03 +03:00
Peter Krempa
f1a0d2277c qemu: domain: drop qemuDomainSupportsBlockJobs
It always returns true.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:10 +02:00
Peter Krempa
d5654a7537 qemu: capabilities: Always assume QEMU_CAPS_BLOCKJOB_ASYNC
This was detected by the presence of 'block-stream' which is present in
qemu since v1.1 (db58f9c0605fa151b8c4)

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
670053326b qemu: Parse NBD storage source private data by virDomainStorageSourceParse
Drop the local call in favor of passing in xmlopt.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
79e3b15ce6 qemu: Use virDomainStorageSourceParseBase in qemuDomainObjPrivateXMLParseJobNBDSource
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
ef5ed42655 qemu: Remove cleanup in qemuDomainObjPrivateXMLParseJobNBDSource
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
e1899a2490 qemu: Use VIR_AUTOFREE in qemuDomainObjPrivateXMLParseJobNBDSource
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
0c10edadde qemu: domain: Modify <migrationSource> to look like <disk>
When adding <migrationSource> I've used a slightly unusual approach. To
allow using the disk source XML parser and formatter convert
<migrationSource> to look like <disk>. This means that <source> will be
added as a subelement of <migrationSource> rather than being formatted
inline.

Conversion from the old format in the parser is very simple as it
involves only moving the XPath context current node slightly if the new
format is found.

The status XML to XML test shows that the upgrade is done correctly.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
6bee0262c7 conf: Remove @seclabels from virDomainStorageSourceFormat
All callers including transitive callers through
virDomainDiskSourceFormatInternal always pass true. Remove the argument.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
e8e51b634f qemu: domain: Forbid copy_on_read option also for floppies
Using copy_on_read for removable disks is a hassle. It also does not
work for CDROMs at all as the image is supposed to be read-only and we
might ignore it for floppies when they are started as empty. Forbid it
for floppies completely rather than trying to support what probably
nobody is using.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
63ff670f40 qemu: domain: Use VIR_AUTOFREE in qemuDomainObjPrivateXMLParseBlockjobs
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Ján Tomko
e5794c542b qemuDomainDiskChangeSupported: use CHECK_STREQ_NULLABLE more
Convert the other string comparisons to use the macro.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laine Stump <laine@laine.org>
2019-04-03 09:52:54 +02:00
Ján Tomko
4fbc8ddcd0 qemu: error out on attempt to change blkiotune group name
Check that the attribute is the same in qemuDomainDiskChangeSupported
in case somebody tries to change it using the UpdateDevice API.

https://bugzilla.redhat.com/show_bug.cgi?id=1601677

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laine Stump <laine@laine.org>
2019-03-29 12:54:41 +01:00
Ján Tomko
8535a298a2 qemu: introduce CHECK_STREQ_NULLABLE in qemuDomainDiskChangeSupported
A macro for comparing string fields of the disk.

https://bugzilla.redhat.com/show_bug.cgi?id=1601677

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laine Stump <laine@laine.org>
2019-03-29 12:54:41 +01:00
Ján Tomko
21a9cb986c Revert "qemu: emit error when trying to update blkiotune group_name in qemuDomainChangeDiskLive"
https://bugzilla.redhat.com/show_bug.cgi?id=1601677

This reverts commit 047cfb05ee
Using numeric comparison on strings means we reject every update
that does include the group name, even if it's unchanged.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laine Stump <laine@laine.org>
2019-03-29 12:54:41 +01:00
Eric Blake
a487890d37 snapshot: Refactor qemu to utilize virDomainMoment more
Use the common base class virDomainMoment for iterator callbacks
related to snapshots from the qemu code, so that when checkpoint
operations are introduced, they can share the same callbacks.

Simplify the code for qemuDomainSnapshotCurrent by better utilizing
virDomainMoment helpers.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-27 08:16:10 -05:00
Eric Blake
e055a816af snapshot: Rename virDomainSnapshotObjPtr
Now that the core of SnapshotObj is agnostic to snapshots and can be
shared with upcoming checkpoint code, it is time to rename the struct
and the functions specific to list operations. A later patch will
shuffle which file holds the common code. This is a fairly mechanical
patch.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-22 01:18:34 -05:00
Eric Blake
1ab05da228 snapshot: Switch type of virDomainSnapshotObj.def
Another step towards making the object list reusable for both
snapshots and checkpoints: the list code only ever needs items that
are in the common virDomainMomentDef base type. This undoes a lot of
the churn in accessing common members added in the previous patch, and
the bulk of the patch is mechanical. But there was one spot where I
had to unroll a VIR_STEAL_PTR to work around changed types.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-22 01:18:34 -05:00
Eric Blake
ffc0fbebe2 snapshot: Factor out virDomainMomentDef class
Pull out the common parts of virDomainSnapshotDef that will be reused
for virDomainCheckpointDef into a new base class.  Adjust all callers
that use the direct fields (some of it is churn that disappears when
the next patch refactors virDomainSnapshotObj; oh well...).

Someday, I hope to switch this type to be a subclass of virObject, but
that requires a more thorough audit of cleanup paths, and besides
minimal incremental changes are easier to review.

As for the choice of naming:
I promised my teenage daughter Evelyn that I'd give her credit for her
contribution to this commit. I asked her "What would be a good name
for a base class for DomainSnapshot and DomainCheckpoint". After
explaining what a base class was (using the classic OOB Square and
Circle inherit from Shape), she came up with "DomainMoment", which is
way better than my initial thought of "DomainPointInTime" or
"DomainPIT".

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-22 01:18:34 -05:00
Eric Blake
55c2ab3e2b snapshot: Access snapshot def directly when needed
An upcoming patch will rework virDomainSnapshotObjList to be generic
for both snapshots and checkpoints; reduce the churn by adding a new
accessor virDomainSnapshotObjGetDef() which returns the
snapshot-specific definition even when the list is rewritten to
operate only on a base class, then using it at sites that that are
specific to snapshots.  Use VIR_STEAL_PTR when appropriate in the
affected lines.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-22 01:18:33 -05:00
Eric Blake
02c4e24db7 snapshot: Add accessors for updating snapshot list relations
Rather than allowing a leaky abstraction where multiple drivers have
to open-code operations that update the relations in a
virDomainSnapshotObjList, it is better to add accessor functions so
that updates to relations are maintained closer to the internals.
This patch finishes the job started in the previous patch, by getting
rid of all direct access to nchildren, first_child, or sibling outside
of the lowest level functions, making it easier to refactor later on.

The lone new caller to virDomainSnapshotObjListSize() checks for a
return != 0, because it wants to handles errors (-1, only possible if
the hash table wasn't allocated) and existing snapshots (> 0) in the
same manner; we can drop the check for a current snapshot on the
grounds that there shouldn't be one if there are no snapshots.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-22 01:18:33 -05:00
Eric Blake
4819f54bd3 snapshot: Track current snapshot in virDomainSnapshotObjList
It is easier to track the current snapshot as part of the list of
snapshots. In particular, doing so lets us guarantee that the current
snapshot is cleared if that snapshot is removed from the list (rather
than depending on the caller to do so, and risking a use-after-free
problem, such as the one recently patched in 1db9d0efbf).  This
requires the addition of several new accessor functions, as well as a
useful return type for virDomainSnapshotObjListRemove().  A few error
handling sites that were previously setting vm->current_snapshot =
NULL can now be dropped, because the previous function call has now
done it already.  Also, qemuDomainRevertToSnapshot() was setting the
current vm twice, so keep only the one used on the success path.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-22 01:15:20 -05:00
Eric Blake
f105627992 snapshot: Drop virDomainSnapshotDef.current
The only use for the 'current' member of virDomainSnapshotDef was with
the PARSE/FORMAT_INTERNAL flag for controlling an internal-use
<active> element marking whether a particular snapshot definition was
current, and even then, only by the qemu driver on output, and by qemu
and test driver on input. But this duplicates vm->snapshot_current,
and gets in the way of potential simplifications to have qemu store a
single file for all snapshots rather than one file per snapshot.  Get
rid of the member by adding a bool* parameter during parse (ignored if
the PARSE_INTERNAL flag is not set), and by adding a new flag during
format (if FORMAT_INTERNAL is set, the value printed in <active>
depends on the new FORMAT_CURRENT).

Then update the qemu driver accordingly, which involves hoisting
assignments to vm->current_snapshot to occur prior to any point where
a snapshot XML file is written (although qemu kept
vm->current_snapshot and snapshot->def_current in sync by the end of
the function, they were not always identical in the middle of
functions, so the shuffling gets a bit interesting). Later patches
will clean up some of that confusing churn to vm->current_snapshot.

Note: even if later patches refactor qemu to no longer use
FORMAT_INTERNAL for output (by storing bulk snapshot XML instead), we
will always need PARSE_INTERNAL for input (because on upgrade, a new
libvirt still has to parse XML left from a previous libvirt).

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-22 01:15:20 -05:00
Peter Krempa
971872ca27 conf: Fold private data parsing into virDomainStorageSourceParse
Storage source private data can be parsed along with other components of
private data rather than a separate function which is called from
multiple places.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-20 15:00:17 +01:00
Peter Krempa
7981eadf92 conf: Invert 'skipSeclabels' argument of virDomainDiskSourceFormatInternal
Rename it to 'seclabels' and invert the value.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-20 08:17:05 +01:00
Eric Blake
9b75154c07 snapshot: Break out virDomainSnapshotObjList into its own file
snapshot_conf.h was mixing three separate types: the snapshot
definition, the snapshot object, and the snapshot object list.
Separate out the snapshot object list code into its own file, and
update includes for affected clients.

This is just code motion, but done in preparation of sharing a lot of
the object list code with checkpoints.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-15 11:43:09 -05:00
Eric Blake
4332c4d345 qemu: clean up qemuDomainRemoveInactiveCommon
Use VIR_AUTOFREE and saner formatting. No semantic change.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-13 20:29:48 -05:00
Jim Fehlig
09eb1ae0ec conf: Add a new 'xenbus' controller type
xenbus is virtual controller (akin to virtio controllers) for Xen
paravirtual devices. Although all Xen VMs have a xenbus, it has
never been modeled in libvirt, or in Xen native VM config format
for that matter.

Recently there have been requests to support Xen's max_grant_frames
setting in libvirt. max_grant_frames is best modeled as an attribute
of xenbus. It describes the maximum IO buffer space (or DMA space)
available in xenbus for use by connected paravirtual devices. This
patch introduces a new xenbus controller type that includes a
maxGrantFrames attribute.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-13 12:06:52 -06:00
Michal Privoznik
68ade25372 qemu: Enable firmware autoselection
https://bugzilla.redhat.com/show_bug.cgi?id=1564270

Now that everything is prepared for qemu driver we can enable
parser feature to allow users define such domains.

At the same time, introduce bunch of tests to test the feature.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-12 16:09:55 +01:00
Michal Privoznik
d433f3cdd8 qemuDomainDefValidate: Don't require SMM if automatic firmware selection enabled
The firmware selection code will enable the feature if needed.
There's no need to require SMM to be enabled in that case.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2019-03-12 16:05:03 +01:00
Michal Privoznik
d21f89cc1a conf: Introduce VIR_DOMAIN_LOADER_TYPE_NONE
This is going to extend virDomainLoader enum. The reason is that
once loader path is NULL its type makes no sense. However, since
value of zero corresponds to VIR_DOMAIN_LOADER_TYPE_ROM the
following XML would be produced:

  <os>
    <loader type='rom'/>
    ...
  </os>

To solve this, introduce VIR_DOMAIN_LOADER_TYPE_NONE which would
correspond to value of zero and then use post parse callback to
set the default loader type to 'rom' if needed.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-12 15:29:44 +01:00
Michal Privoznik
23018c0823 qemu_domain: Separate NVRAM VAR store file name generation
Move the code that (possibly) generates filename of NVRAM VAR
store into a single function so that it can be re-used later.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-12 15:29:43 +01:00
Andrea Bolognani
186bb479d0 qemu: Allow creating ppc64 guests with graphics and no USB mouse
The existing behavior for ppc64 guests is to always add a USB
keyboard and mouse combo if graphics are present; unfortunately,
this means any attempt to use a USB tablet will cause both pointing
devices to show up in the guest, which in turn will result in poor
user experience.

We can't just stop adding the USB mouse or start adding a USB tablet
instead, because existing applications and users might rely on the
current behavior; however, we can avoid adding the USB mouse if a USB
tablet is already present, thus allowing users and applications to
create guests that contain a single pointing device.

https://bugzilla.redhat.com/show_bug.cgi?id=1683681

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-03-11 09:59:34 +01:00
Andrea Bolognani
ff3f22e0ec qemu: Improve validation for virtio input devices
While the parser and schema have to accept all possible models,
virtio-(non-)transitional models are only applicable to
type=passthrough and should be otherwise rejected.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-03-11 09:53:40 +01:00
Eric Blake
44a9b872e8 snapshot: Avoid latent use-after-free when cleaning snapshots
Right now, the only callers of qemuDomainSnapshotDiscardAllMetadata()
are right before freeing the virDomainSnapshotObjList, so it did not
matter if the list's metaroot (which points to all the defined root
snapshots) is left inconsistent. But an upcoming patch will want to
clear all snapshots if a bulk redefine fails partway through, in
which case things must be reset.  Make this work by teaching the
existing virDomainSnapshotUpdateRelations() to be safe regardless of
the incoming state of the metaroot (since we don't want to leak that
internal detail into qemu code), then fixing the qemu code to use
it after deleting all snapshots. Additionally, the qemu code must
reset vm->current_snapshot if the current snapshot was removed,
regardless of whether the overall removal succeeded or failed later.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-07 17:40:18 -06:00
Eric Blake
c502955909 snapshot: Give virDomainSnapshotDefFormat its own flags
virDomainSnapshotDefFormat currently takes two sets of knobs:
an 'unsigned int flags' argument that can currently just be
VIR_DOMAIN_DEF_FORMAT_SECURE, and an 'int internal' argument used as
a bool to determine whether to output an additional element.  It
then reuses the 'flags' knob to call into virDomainDefFormatInternal(),
which takes a different set of flags. In fact, prior to commit 0ecd6851
(1.2.12), the 'flags' argument actually took the public
VIR_DOMAIN_XML_SECURE, which was even more confusing.  Let's borrow
from the style of that earlier commit, by introducing a function
for translating from the public flags (VIR_DOMAIN_SNAPSHOT_XML_SECURE
was just recently introduced) into a new enum specific to snapshot
formatting, and adjust all callers to use snapshot-specific enum
values when formatting, and where the formatter now uses a new
variable 'domainflags' to make it obvious when we are translating
from snapshot flags back to domain flags.  We don't even have to
use the conversion function for drivers that don't accept the
public VIR_DOMAIN_SNAPSHOT_XML_SECURE flag.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-07 17:31:40 -06:00
Eric Blake
7ff982f0bc qemu: Const-correct snapshot directory name
qemuDomainSnapshotWriteMetadata does not modify the directory name,
and making it const-correct aids in writing an upcoming patch.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-07 16:57:05 -06:00
Daniel Henrique Barboza
7a686fd2ea qemu_domain: add a PPC64 memLockLimit helper
There is a lot of documentation in the comments about how PPC64 handles
passthrough VFIO devices to calculate the @memLockLimit. And more will
be added with the PPC64 NVLink2 support code.

Let's remove the PPC64 code from qemuDomainGetMemLockLimitBytes()
body and put it into a helper function. This will simplify the
flow of qemuDomainGetMemLockLimitBytes() that handles all the other
platforms and improves readability of the PPC64 specifics.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-03-07 15:23:18 +01:00
Daniel Henrique Barboza
cf7c521287 qemu: domain: Simplify non-VFIO memLockLimit calculation for PPC64
@passthroughLimit is being calculated even if @usesVFIO is false. After
that, an if-else conditional is used to check if we're going to sum it
up with @baseLimit.

This patch initializes @passthroughLimit to zero and always returns
@memKB = @baseLimit + @passthroughLimit. The conditional is then used to
calculate @passthroughLimit if @usesVFIO == true. This results in some
cycles being spared for the @usesVFIO == false scenario, but the real
motivation is to make the code simpler to add an alternative formula to
calculate @passthroughLimit for NVLink2.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-03-07 15:15:02 +01:00
Cole Robinson
448a094717 qemu: Support scsi controller model=virtio-{non-}transitional
Add <controller type='scsi' model handling for virtio transitional
devices. Ex:

  <controller type='scsi' model='virtio-transitional'/>

* "virtio-transitional" maps to qemu "virtio-scsi-pci-transitional"
* "virtio-non-transitional" maps to qemu "virtio-scsi-non-transitional"

The naming here doesn't match the pre-existing model=virtio-scsi.
The prescence of '-scsi' there seems kind of redundant as we have
type='scsi' already, so I decided to follow the pattern of other
patches and use virtio-transitional etc.

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-03-04 11:08:41 -05:00
Cole Robinson
0f5958f5c5 qemu: Support memballoon model=virtio-{non-}transitional
Add new <memballoon> model values for virtio transitional devices. Ex:

  <memballoon model='virtio-transitional'/>

* "virtio-transitional" maps to qemu "virtio-balloon-pci-transitional"
* "virtio-non-transitional" maps to qemu "virtio-balloon-pci-non-transitional"

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-03-04 11:08:41 -05:00
Cole Robinson
e063707556 qemu: Support rng model=virtio-{non-}transitional
Add new <rng> model values for virtio transitional devices. Ex:

  <rng model='virtio-transitional'>
    ...
  </rng>

* "virtio-transitional" maps to qemu "virtio-rng-pci-transitional"
* "virtio-non-transitional" maps to qemu "virtio-rng-pci-non-transitional"

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-03-04 11:08:41 -05:00
Peter Krempa
b6aacfc435 qemu: Use VIR_XPATH_NODE_AUTORESTORE when XPath context is modified
Use the new helper when moving around the current node of the XPath
context.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-04 13:04:20 +01:00
Yi Wang
12a5e10f02 qemu: fix vcpu pinning when not all vcpus are enabled
vcpupin will fail when maxvcpus is larger than current
vcpu:

virsh vcpupin win7 --vcpu 0 --cpulist 5-6
error: Requested operation is not valid: cpu affinity is not supported

win7 xml in the command above is like below:
...
<vcpu current="3" placement="static">8</vcpu>
...

The reason is vcpu[3] and vcpu[4] have zero tids and should not been
compared as valid situation in qemuDomainRefreshVcpuInfo().

This issue is introduced by commit 34f7743, which fix recording of vCPU
pids for MTTCG.

Signed-off-by: Yi Wang <wang.yi59@zte.com.cn>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2019-02-26 13:40:35 +01:00
Marc Hartmayer
d7be1b1c5e qemu: Replace virDomainChrSourceDefFree with virObjectUnref
Replace virDomainChrSourceDefFree with virObjectUnref.

Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2019-02-25 14:38:30 +01:00
Roman Bogorodskiy
b71de701b8 conf: introduce 'msrs' feature
Introduce the 'msrs' feature element that controls Model Specific
Registers related behaviour. At this moment it allows only
single tunable attribute "unknown":

 <msrs unknown='ignore|fault'/>

Which tells hypervisor to ignore accesses to unimplemented
Model Specific Registers. The only user of that for now is going
to be the bhyve driver.

Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-02-24 12:33:42 +04:00
Peter Krempa
0c5d8300c5 qemu: domain: Use VIR_AUTOCLEAN for virBuffer
Replace all uses where virBuffer would need clearing on the cleanup
path.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2019-02-22 10:05:45 +01:00
Eric Blake
27c8fd7490 domain: Fix unknown flags diagnosis in virDomainGetXMLDesc
Many drivers had a comment that they did not validate the incoming
'flags' to virDomainGetXMLDesc() because they were relying on
virDomainDefFormat() to do it instead. This used to be the case
(at least since 461e0f1a and friends in 0.9.4 added unknown flag
checking in general), but regressed in commit 0ecd6851 (1.2.12),
when all of the drivers were changed to pass 'flags' through the
new helper virDomainDefFormatConvertXMLFlags(). Since this helper
silently ignores unknown flags, we need to implement flag checking
in each driver instead.

Annoyingly, this means that any new flag values added will silently
be ignored when targeting an older libvirt, rather than our usual
practice of loudly diagnosing an unsupported flag.  Add comments
in domain_conf.[ch] to remind us to be extra vigilant about the
impact when adding flags (a new flag to add data is safe if the
older server omitting the requested data doesn't break things in
the newer client; a new flag to suppress data rather than enhancing
the existing VIR_DOMAIN_XML_SECURE may form a data leak or even a
security hole).

In the qemu driver, there are multiple callers all funnelling to
qemuDomainDefFormatBufInternal(); many of them already validated
flags (and often only a subset of the full set of possible flags),
but for ease of maintenance, we can also check flags at the common
helper function.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-02-19 16:52:51 -06:00
Peter Krempa
44601a0e96 util: Replace virStorageSourceFree with virObjectUnref
Now that virStorageSource is a subclass of virObject we can use
virObjectUnref and remove virStorageSourceFree which was a thin wrapper.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-02-18 10:31:21 +01:00
Peter Krempa
e1c01b2252 util: Remove the AUTOPTR func for virStorageSource
Since virStorageSource is now a subclass of virObject, we can use
VIR_AUTOUNREF instead.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-02-18 10:31:21 +01:00
Peter Krempa
dcda2bf4c1 util: Introduce function for allocating virStorageSource
Add virStorageSourceNew and refactor places allocating that structure to
use the helper.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-02-18 10:27:30 +01:00
John Ferlan
bf688a0067 util: Introduce VIR_DEFINE_AUTOPTR_FUNC for virStorageSource
Let's make use of the auto __cleanup capabilities cleaning up any
now unnecessary goto paths.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-02-12 13:19:26 -05:00
Andrea Bolognani
df2b31ffea qemu: Unify style for qemuDomain*()
These functions do mostly the same things, and it would be
preferrable if they did them in mostly the same ways. This
also fixes a few violations to our code style guidelines.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2019-02-08 16:16:25 +01:00
Andrea Bolognani
0440d5e90f qemu: Move qemuDomainSupportsPCI() to qemu_domain
The function operates on a virDomainDef and is not tied to
device address assignment in any way, so it makes more sense
for it to live along with qemuDomainIs*() and the like.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2019-02-08 16:16:22 +01:00
Andrea Bolognani
68e26a9ea2 qemu: Make most qemuDomainMachine*() functions static
Ideally we'd make all of them static, but there are a few
cases where we don't have a virDomainDef instance handy and
so they are the only option.

For the few ones we're forced to keep exporting, document
through comments that the alternative is preferred.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2019-02-08 16:16:20 +01:00
Andrea Bolognani
8a8b14718e qemu: Remove useless ARCH_IS_X86() call
Now that we have added architecture checks to all
qemuDomainIs*() functions, we no longer need to perform the
same checks separately.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2019-02-08 16:16:18 +01:00
Andrea Bolognani
aa2da99ee8 qemu: Add arch checks to qemuDomainMachine*()
There is very little overlap in the machine types available
on different architectures, so broadly speaking checking the
machine type is usually enough; regardless, it's better to
check the architecture as well.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2019-02-08 16:16:16 +01:00
Andrea Bolognani
9a5ce5cb29 qemu: Add arch parameter to qemuDomainMachine*()
We want the signatures to be consistent, and also we're
going to start using the additional parameter next.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2019-02-08 16:16:14 +01:00
Andrea Bolognani
4028d7a46a qemu: Move functions around
Make sure related functions, eg. all qemuDomainIs*(), are
close together instead of being sprinkled throughout both
the header and implementation file, and also that all
qemuDomainMachine*() functions are declared first since
we're going to make a bunch of them static later on.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2019-02-08 16:16:12 +01:00
Andrea Bolognani
616beb17d4 qemu: Use more specific prefixes
While the chances of the current checks resulting in false
positives are basically zero, it's still nicer to check for
the full prefix instead of the prefix's prefix.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2019-02-08 16:16:10 +01:00
Peter Krempa
8c191a9061 qemu: caps: Always assume QEMU_CAPS_DEVICE_DEL_EVENT
DEVICE_DELETED was added in qemu commit 0402a5d65ec00 which was released
in v1.5.0.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2019-02-08 10:11:20 +01:00
Peter Krempa
3b0856c4ba qemu: Clean up usage of qemuDomainUpdateCurrentMemorySize
Remove the uneeded attribute and return value.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2019-02-08 10:11:20 +01:00
Peter Krempa
3f2fa8f303 qemu: caps: Always assume QEMU_CAPS_BALLOON_EVENT
The event was added to qemu by commit 973603a813c5d60 which is contained
in the 1.2.0 release.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2019-02-08 10:11:19 +01:00
Peter Krempa
5d884f3d3c qemu: Forbid cdroms on virtio bus
Attempting to create an empty virtio-blk drive results into:
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0xc,drive=drive-virtio-disk1,id=virtio-disk1: Device needs media, but drive is empty

Attempting to eject media from virtio-blk based drive results into:
error: internal error: unable to execute QEMU command 'eject': Device 'drive-virtio-disk0' is not removable

Forbid configurations where users would attempt to use cdroms in virtio
bus.

Fix few wrong examples which are not really relevant to the tested code.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2019-02-08 08:41:40 +01:00
Andrea Bolognani
3d23a434d2 qemu: Refactor virtio-input capabilities checks
The checks and error messages are mostly the same across
all virtio-input devices, so we can avoid having multiple
copies of the same code.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-02-05 17:50:42 +01:00
Peter Krempa
3bc3cca7bb qemu: domain: Use 'raw' for 'volume' disks without format
Storage pools might want to specify format of the image when translating
the volume thus we can't add any default format when parsing the XML.

Add a explicit format when starting the VM and format is not present
neither by user specifying it nor by the storage pool translation
function.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-02-04 13:42:11 +01:00
Peter Krempa
2f78ca803a qemu: domain: Assume 'raw' default storage format also for network storage
Post parse callback adds the 'raw' type only for local files. Remote
files can also have backing store (even local) so we should do this also
for network backed storage.

Note that virStorageFileGetMetadata always considers files with no type
as raw so we will not accidentally traverse the backing chain and allow
unexpected files being labelled with svirt labels.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-02-04 13:42:11 +01:00
Cole Robinson
af36f8a641 Require a semicolon for VIR_ONCE_GLOBAL_INIT calls
Missing semicolon at the end of macros can confuse some analyzers
(like cppcheck <filename>). VIR_ONCE_GLOBAL_INIT is almost
exclusively called without an ending semicolon, but let's
standardize on using one like the other macros.

Add a dummy struct definition at the end of the macro, so
the compiler will require callers to add a semicolon.

Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-02-03 17:46:29 -05:00
Erik Skultety
6fd4c8f878 qemu: domain: Add /dev/sev into the domain mount namespace selectively
Instead of exposing /dev/sev to every domain, do it selectively.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-02-01 12:40:20 +01:00
Andrea Bolognani
e266a41f1e qemu: Add PCI support for RISC-V guests
virtio-mmio is still used by default, so if PCI is desired
it's necessary to explicitly opt-in by adding an appropriate

  <address type='pci' domain='0x0000' ... />

element to the corresponding device.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-02-01 11:57:50 +01:00
Daniel P. Berrangé
a507edef33 qemu: pass virDomainDeviceInfo by reference
The virDomainDeviceInfo parameter is a large struct so it is preferrable
to pass it by reference instead of by value.

Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-01-31 10:38:36 +00:00
Peter Krempa
81594afb05 qemu: security: Add 'backingChain' flag to qemuSecurity[Set|Restore]ImageLabel
The flag will control the VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN
flag of the security driver image labeling APIs.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-01-30 17:20:38 +01:00
Peter Krempa
e7d14bf965 qemu: cgroup: Change qemu[Setup|Teardown]DiskCgroup to take virStorageSource
Since the disk is necessary only to get the source modify the functions
to take the source directly and rename them to
qemu[Setup|Teardown]ImageChainCgroup.

Additionally drop a pointless comment containing the old function name.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-01-30 17:20:38 +01:00
Peter Krempa
33b0a3bab8 qemu: domain: Allow overriding disk source in qemuDomainDetermineDiskChain
When we need to detect a chain for a image which will become the new
source for a disk (e.g. after a disk media change or a blockjob) we'd
need to replace disk->src temporarily to do so.

Move the 'disksrc' temporary variable to an argument and adjust callers.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-01-30 17:20:38 +01:00
Peter Krempa
73163a0e86 qemu: domain: Clarify temp variable scope in qemuDomainDetermineDiskChain
The function at first validates the top image of the chain, then
traverses the chain as declared in the XML (if any) and then procedes to
detect the rest of the chain from images. All of the steps have their
own temporary iterator.

Clarify the use scope of the steps by introducing a new temp variable
holding the top level source and adding comments.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-01-30 17:20:37 +01:00
Daniel P. Berrangé
34f77437da qemu: fix recording of vCPU pids for MTTCG
MTTCG is the new multi-threaded impl of TCG which follows
KVM in having one host OS thread per vCPU. Historically
we have discarded all PIDs reported for TCG guests, but
we must now selectively honour this data.

We don't have anything in the domain XML that indicates
whether a guest is using TCG or MTTCG. While QEMU does
have an option (-accel tcg,thread=single|multi), it is
not desirable to expose this in libvirt. QEMU will
automatically use MTTCG when the host/guest architecture
pairing is known to be safe. Only developers of QEMU TCG
have a strong reason to override this logic.

Thus we use two sanity checks to decide if the vCPU
PID information is usable. First we see if the PID
duplicates the main emulator PID, and second we see
if the PID duplicates any other vCPUs.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-01-29 16:31:04 +00:00
Michal Privoznik
5772885d28 lib: Use more of VIR_STEAL_PTR()
We have this very handy macro called VIR_STEAL_PTR() which steals
one pointer into the other and sets the other to NULL. The
following coccinelle patch was used to create this commit:

  @ rule1 @
  identifier a, b;
  @@

  - b = a;
    ...
  - a = NULL;
  + VIR_STEAL_PTR(b, a);

Some places were clean up afterwards to make syntax-check happy
(e.g. some curly braces were removed where the body become a one
liner).

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-01-28 14:46:58 +01:00