2953 Commits

Author SHA1 Message Date
Peter Krempa
d26f3cdedd qemu: driver: Don't use qemuBlockJobStartupFinalize in processBlockJobEvent
While this function does start a block job in case when we'd not be able
to get our internal data for it, the handler sets the job state to
QEMU_BLOCKJOB_STATE_RUNNING anyways, thus qemuBlockJobStartupFinalize
would just unref the job.

Since the other usage of qemuBlockJobStartupFinalize in the other part
of the event handler was a bug replace this one anyways even if it would
not cause problems.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-19 15:49:40 +02:00
Peter Krempa
0a9fd83240 qemu: Detect managed persistent reservations in block job orphan chains
The PR manager is a property of the format layer in qemu so we need to
be able to track it also in the chains of orphaned block jobs.

Add a helper for qemu to look also into the blockjob state.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-18 17:59:34 +02:00
Peter Krempa
cbf4e3af70 qemu: Add handler for job state change event
Add support for handling the event either synchronously or
asynchronously using the event thread.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-18 17:59:34 +02:00
Peter Krempa
3b6161a5f2 qemu: driver: Remove unnecessary saving of status XML
Now that the blockjob handling code deals with the status XML we don't
need to save it explicitly when starting blockjobs.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-18 17:59:34 +02:00
Peter Krempa
4cc4357f3e qemu: blockjob: Save status XML when modifying job state
Now that block job data is stored in the status XML portion we need to
make sure that everything which changes the state also saves the status
XML. The job registering function is used while parsing the status XML
so in that case we need to skip the XML saving.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-18 17:59:34 +02:00
Peter Krempa
5ff46aaa7f qemu: blockjob: Register new and running blockjobs in the global table
Add the job structure to the table when instantiating a new job and
remove it when it terminates/fails.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-18 17:59:34 +02:00
Peter Krempa
ac6c579af3 qemu: monitor: Add new fields for 'block-commit' command
Allow using the node name to specify the base and top of the 'commit'
operation, allow specifying explicit job name and add support for
delayed dismiss of the job so that we can reap the state even if
libvirtd was not running when qemu emitted the job completion event.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-18 17:59:33 +02:00
Peter Krempa
a4f10a6821 qemu: monitor: Add new fields for 'block-stream' command
Allow using the node name to specify the base of the 'stream' operation,
allow specifying explicit job name and add support for delayed dismiss
of the job so that we can reap the state even if libvirtd was not
running when qemu emitted the job completion event.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-18 17:59:33 +02:00
Daniel P. Berrangé
cb1938eb58 all: don't wait for driver lock during startup
When the drivers acquire their pidfile lock we don't want to wait if the
lock is already held. We need the driver to immediately report error,
causing the daemon to exit.

Reviewed-by: Erik Skultety <eskultet@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-15 13:36:45 +01:00
Peter Krempa
16ca234b56 qemu: Refactor variables for extracting flags in qemuDomainBlockCopyCommon
Add separate booleans for extracting VIR_DOMAIN_BLOCK_COPY_REUSE_EXT and
VIR_DOMAIN_BLOCK_COPY_SHALLOW from '@flags' and also change 'reuse' into
'existing'.

qemuMonitorDriveMirror requires the unmodified state of the flags to
pass to qemu and also we use the value a few times internally. Extract
it separately now.

The 'reuse' flag did not indicate reusing of the file as much as the
fact that the storage is existing and thus should not be created, so
modify the name to reflect this.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-15 10:26:23 +02:00
Daniel P. Berrangé
1af03e2714 qemu: acquire a pidfile in the driver root directory
When we allow multiple instances of the driver for the same user
account, using a separate root directory, we need to ensure mutual
exclusion. Use a pidfile to guarantee this.

In privileged libvirtd this ends up locking

   /var/run/libvirt/qemu/driver.pid

In unprivileged libvirtd this ends up locking

  /run/user/$UID/libvirt/qemu/run/driver.pid

NB, the latter can vary depending on $XDG_RUNTIME_DIR

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-11 12:46:20 +01:00
Eric Blake
95f8e3237e snapshot: Add VIR_DOMAIN_SNAPSHOT_CREATE_VALIDATE flag
We've been doing a terrible job of performing XML validation in our
various API that parse XML with a corresponding schema (we started
with domains back in commit dd69a14f, v1.2.12, but didn't catch all
domain-related APIs, didn't document the use of the flag, and didn't
cover other XML). New APIs (like checkpoints) should do the validation
unconditionally, but it doesn't hurt to continue retrofitting existing
APIs to at least allow the option.

While there are many APIs that could be improved, this patch focuses
on wiring up a new snapshot XML creation flag through all the
hypervisors that support snapshots, as well as exposing it in 'virsh
snapshot-create'.  For 'virsh snapshot-create-as', we blindly set the
flag without a command-line option, since the XML we create from the
command line should generally always comply (note that validation
might cause failures where it used to succeed, such as if we tighten
the RNG to reject a name of '../\n'); but blindly passing the flag
means we also have to add in fallback code to disable validation if
the server is too old to understand the flag.

Signed-off-by: Eric Blake <eblake@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
2019-07-10 17:34:58 -05:00
Michal Privoznik
881686d4b1 qemu: Validate disk against domain def on coldplug
https://bugzilla.redhat.com/show_bug.cgi?id=1692296#c7

This is a counterpart for ddc72f99027 and implements the same
check for coldplug.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-07-08 14:26:20 +02:00
Ilias Stamatis
13a7d75835 qemu: Remove a redundant function call from qemuDomainGetPerfEvents
Calling virDomainObjUpdateModificationImpact directly inside the
function body is redundant, since the same function call is embedded
into virDomainObjGetOneDef.

Signed-off-by: Ilias Stamatis <stamatis.iliass@gmail.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-07-03 09:57:30 +02:00
Michal Privoznik
3973d4dff1 qemu: Move image security metadata on snapshot activity
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-03 08:36:04 +02:00
Daniel P. Berrangé
464a41bc0d qemu: delete methods which are no longer supported
The public API entry points will report VIR_ERR_NO_SUPPORT to the
caller when a driver does not provide an implementation of a particular
method.

When deleting methods, leaving the driver API entry point explicitly
set to NULL with an version range comment, allows the hvsupport.html
page to document when the AP was removed.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-06-27 14:41:48 +01:00
Peter Krempa
6f532d7ffc qemu: Use VIR_ERR_DEPRECATED in QemuAttach and DomainXMLFromNative stubs
We've deprecated qemuConnectDomainXMLFromNative qemuDomainQemuAttach.
Switch the error code from VIR_ERR_OPERATION_UNSUPPORTED to the new
VIR_ERR_DEPRECATED.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-26 08:37:01 +02:00
Peter Krempa
d79ec3f33b qemu: driver: Fix off-by-one in qemuDomainSnapshotDiskDataCollect
Commit f34397e51c17 introduced a crash-inducing problem when collecting
disk snapshot data, where the array would be filled starting from the
second element.

The code then dereferenced the first one.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-20 16:09:58 +02:00
Ján Tomko
aed6a032ce api: disallow virDomainSaveImageGetXMLDesc on read-only connections
The virDomainSaveImageGetXMLDesc API is taking a path parameter,
which can point to any path on the system. This file will then be
read and parsed by libvirtd running with root privileges.

Forbid it on read-only connections.

Fixes: CVE-2019-10161
Reported-by: Matthias Gerstner <mgerstner@suse.de>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-06-20 13:50:56 +02:00
Ján Tomko
011f4eb124 qemu: assume monJSON is always true
Now that we no longer support the HMP monitor, remove some dead code.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
2019-06-20 13:47:41 +02:00
Peter Krempa
5cc402a9b4 qemu: driver: Remove support for native->XML conversion
This code is really neglected and does not at all work reliably. It
can't even be used for converting our own commandline back.

Since this was mostly useful for aiding migration from manually run qemu
to libvirt and will not work for this puspose in many cases it's not
worth having.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2019-06-20 12:15:05 +02:00
Peter Krempa
215d9393bb qemu: driver: Drop support for qemu-attach
Attaching to modern qemu will not work with all this code and attempting
to ressurect it would be mostly pointless.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2019-06-20 12:15:05 +02:00
Daniel P. Berrangé
f02e21cb33 network: remove the virDomainNetBandwidthChangeAllowed callback
The current qemu driver code for changing bandwidth on a NIC first asks
the network driver if the change is supported, then changes the
bandwidth on the VIF, and then tells the network driver to update the
bandwidth on the bridge.

This is potentially racing if a parallel API call causes the network
driver to allocate bandwidth on the bridge between the check and the
update phases.

Change the code to just try to apply the network bridge update
immediately and rollback at the end if something failed.

Reviewed-by: Laine Stump <laine@laine.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-06-17 15:19:54 +01:00
Peter Krempa
143c2de113 qemu: snapshot: Remove unnecessary 'do_transaction' logic in qemuDomainSnapshotCreateDiskActive
Now that we never get to the actual snapshot code if there's nothing to
do we can remove the variable and surrounding logic.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-10 14:01:09 +02:00
Peter Krempa
0491128f2a qemu: snapshot: Return early if there's nothing to snapshot
Skip actual snapshot creation code if we have 0 disks to snapshot.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-10 14:01:09 +02:00
Peter Krempa
0325d42668 qemu: snapshot: Unify 'cleanup' and 'error' in qemuDomainSnapshotCreateDiskActive
All cases taking the 'cleanup' path can take the original 'error' path.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-10 14:01:09 +02:00
Peter Krempa
46da762669 qemu: snapshot: Don't overload 'ret' in qemuDomainSnapshotCreateDiskActive
Introduce 'rc' for collecting state from monitor commands so that we can
initialize 'ret' to -1. This also fixes few cases which could return 0
from the function despite an error condition.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-10 14:01:09 +02:00
Peter Krempa
a7087c929e qemu: snapshot: Move all cleanup of snapshot disk data to qemuDomainSnapshotDiskDataFree
qemuDomainSnapshotDiskDataFree also removes the resources associated
with the disk data. Move the unlinking of the just-created file so that
we can unify the cleanup paths.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-10 14:01:09 +02:00
Peter Krempa
acda184236 qemu: Rename qemuDomainSnapshotDiskDataFree to qemuDomainSnapshotDiskDataCleanup
In commit cbb4d229de30b5 I named the function with 'free' suffix, but at
that time it already did some non-freeing tasks. Rename it to make it
obvious that it's not just memory managemet.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-10 14:01:08 +02:00
Peter Krempa
f34397e51c qemu: snapshot: Densely pack data in qemuDomainSnapshotDiskDataCollect
The function skips disks which are not selected for snapshot. Rather
than creating a sparse array and check whether the given field is filled
compress the entries.

Note that this does not allocate a smaller array, but the memory
allocation is short-lived.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-10 14:01:08 +02:00
Peter Krempa
9678503088 qemu: snapshot: Always save config XML after qemuDomainSnapshotCreateDiskActive
If there's an offline config definition save it unconditionally even if
it was not modified.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-10 14:01:08 +02:00
Peter Krempa
999e450c26 qemu: snapshot: Always save status and config after qemuDomainSnapshotCreateDiskActive
The error path is unlikely thus saving the status XML even if we didn't
modify it does not add much burden.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-10 14:01:08 +02:00
Peter Krempa
7b8c319d9c qemu: snapshot: Remove unused cleanup section in qemuDomainSnapshotCreateSingleDiskActive
After getting rid of pre-transaction qemu support the cleanup section is
unused.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-10 14:01:08 +02:00
Peter Krempa
7d67319cfb qemu: Use VIR_AUTO* in qemuDomainSnapshotCreateActiveExternal
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-10 14:01:08 +02:00
Peter Krempa
77f71c45ad qemu: Use virErrorPreserveLast in qemuDomainSnapshotCreateDiskActive
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-10 14:01:08 +02:00
Peter Krempa
0f9a2a665b qemu: Use VIR_AUTOPTR in qemuDomainSnapshotCreateDiskActive
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-10 14:01:08 +02:00
Peter Krempa
ef6b88deef qemu: snapshot: Pass 'cfg' to external snapshot functions
The caller has it so there's no point in getting it again.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-10 14:01:08 +02:00
Peter Krempa
e90d51c4d0 qemu: monitor: Don't pass full flags to qemuMonitorJSONDriveMirror
Split out the 'shallow' and 'reuse' flags as booleans rather than passing
in flags and constructing them in irrelevant APIs.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-05-21 14:22:06 +02:00
Peter Krempa
47d610e960 qemu: blockcopy: sanitize permission handling for 'mirror'
At the point when we want to modify the permissions for the 'mirror' we
know whether it is supposed to have a backing chain or no. Given that
mirror->backingStore is populated only when we'd need to touch it ayways
we can use qemuDomainStorageSourceChainAccessAllow even in place of
qemuDomainStorageSourceAccessAllow used for other cases to simplify the
code.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-05-21 14:22:06 +02:00
Peter Krempa
32ec5fee02 qemu: Simplify allowing access to storage file for block copy
One code path open-coded qemuDomainStorageSourceChainAccessAllow badly
and also did not integrate with the locking code.

Replace the separate calls with qemuDomainStorageSourceChainAccessAllow
which does everything internally.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-05-21 14:22:06 +02:00
Peter Krempa
56fe0d6d29 qemu: Validate backing store of 'mirror' for block copy
Since 4e797f1a we parse backingStore of mirror which will later be used
with blockdev. Add some validation for the user passed mirror at the
current point to make sure it's not used improperly.

Validate that it's not used without blockdev and also that it's not
passed when not requesting a shallow copy. Also add a chain terminator
for a deep copy since we know the resulting mirror will not have chain.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-05-21 14:22:06 +02:00
Peter Krempa
83c579d0ae qemu: Remove unnecessary calls to qemuDomainStorageSourceAccessRevoke
Since 3decae00e90 qemuDomainStorageSourceAccessAllow revokes the
permissions it granted if it fails halfway, thus we can remove some
calls to qemuDomainStorageSourceAccessRevoke which tried to undo this
situation.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-05-21 14:22:06 +02:00
Peter Krempa
8787032c5c qemu: Remove unecessary error keeping in qemuDomainBlockCopyCommon
Since 3decae00e90 qemuDomainStorageSourceAccessRevoke keeps the libvirt
error which was set prior to the call around even after the call, thus
we don't need to do the same when reverting access in the block copy
code.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-05-21 14:22:06 +02:00
Peter Krempa
e05d211f5b qemu: Modernize memory cleaning in qemuDomainBlockCommit
Use VIR_AUTOFREE and VIR_AUTOUNREF.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-05-21 14:22:06 +02:00
Peter Krempa
82b3f470c6 qemu: Modernize memory cleaning in qemuDomainBlockPullCommon
Use VIR_AUTOFREE and VIR_AUTOUNREF.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-05-21 14:22:06 +02:00
Peter Krempa
ddafae7a39 qemu: Modernize memory cleaning in qemuDomainBlockCopyCommon
Use VIR_AUTOFREE, VIR_AUTOUNREF, and VIR_STEAL_PTR.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-05-21 14:22:05 +02:00
Peter Krempa
019461facb qemu: driver: Set mirror state after successful command
When aborting or pivoting a block job we record which operation we do
for the mirror in the virDomainDiskDef structure. As everything is
synchronized by a job it's not necessary to modify the state prior to
calling the monitor and resetting the state on failure.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-05-21 14:22:05 +02:00
Peter Krempa
d41e1aa169 qemu: driver: Don't try to update blockjob status in qemuDomainGetBlockJobInfo
All blockjobs get their status updated by events from qemu, so this code
no longer makes sense.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-05-21 14:22:05 +02:00
Michal Privoznik
da04eab953 Revert "qemu: Do not override config XML in case of snapshot revert"
This reverts commit dfd70ca1ebc623fcda788c414a472107b37b2bb8.

Pushed by a mistake, sorry. There's still some discussion going
on upstream.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2019-05-20 14:19:44 +02:00
Han Han
a699b19f6c qemu: Add entry for balloon stats stat-htlb-pgalloc and stat-htlb-pgfail
Qemu added reporting of virtio balloon new statistics stat-htlb-pgalloc and
stat-htlb-pgfail since qemu-3.0 commit b7b12644297. The value of
stat-htlb-pgalloc represents the number of successful hugetlb page allocations
while stat-htlb-pgfail represents the number of failed ones. Add this
statistics reporting to libvirt.

To enable this feature for vm, guest kenel >= 4.17 is required because
the exporting hugetlb page allocation for virtio balloon is introduced
since 6c64fe7f.

Signed-off-by: Han Han <hhan@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2019-05-20 11:18:25 +02:00