27690 Commits

Author SHA1 Message Date
Daniel Henrique Barboza
f1704e61c3 src: introduce hypervisor/domain_cgroup.c
There is duplicated code between virt drivers that needs to
be moved to avoid code repetition. In the case of duplicated
code between lxc_cgroup.c and qemu_cgroup.c a common place
would be utils/vircgroup.c. The problem is that this would
introduce /conf related definitions that shouldn't be imported
to vircgroup.c, which is supposed to be a place for utilitary
cgroups functions only. And syntax-check would forbid it anyway
due to cross-directory includes being used.

An alternative would be to overload domain_conf.c, which already
contains all the definitions required. But that file is already
crowded with XML handling code and we wouldn't do any favors to
it by putting more utilitary, non-XML parsing/formatting code
there.

In [1], Cole suggested a 'domain_cgroup' file to host common code
between lxc_cgroup and qemu_cgroup, and Daniel suggested a
'src/hypervisor' dir to host these type of files. This patch
introduces src/hypervisor/domain_cgroup.c and, to get started,
introduces a new virDomainCgroupSetupBlkio() function to host shared
code between virLXCCgroupSetupBlkioTune() and qemuSetupBlkioCgroup().

[1] https://www.redhat.com/archives/libvir-list/2019-December/msg00817.html

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-23 14:02:23 +01:00
Daniel Henrique Barboza
adfd20f043 vircgroup.c: turn virCgroup{Get/Set}BlkioDevice* into static
Previous patch moved all duplicated code that were setting
and getting BlkioDevice parameters to vircgroup.c. We can
turn them into static and spare a few symbols in
libvirt_private.syms.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-23 14:02:23 +01:00
Daniel Henrique Barboza
17e8af6b45 lxc,qemu: use virCgroupSetupBlkioDevice* helpers
There are code repetition of set() and get() blkio device
parameters across lxc and qemu files. Use the new vircgroup
helpers to trim the repetition a bit.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-23 14:02:22 +01:00
Daniel Henrique Barboza
3118b4ee95 vircgroup.c: add virCgroupSetupBlkioDevice* helpers
The current use of the functions that set and get
BlkioDevice attributes is doing a set(), followed by
a get() of the same parameter right after. This is done
because there is no guarantee that the kernel will accept
the desired value given by the set() call, thus we need to
execute a get() right after to get the actual value.

This patch adds helpers inside vircgroup.c to execute these
operations. Next patch will use these helpers to reduce
code repetition in LXC and QEMU files.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-23 14:02:22 +01:00
Ján Tomko
66de1d921e fix paths to openrc.init.in files
The inc.am Makfiles are included by src/Makefile.am.
Adjust the paths added to OPENRC_INIT_FILES_IN
accordingly.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Fixes: f4b1c020a2c8493473bf868231cee6a952d57e6f
2020-02-23 12:21:02 +01:00
Ryan Moeller
f4b1c020a2 Add virtlockd and virtlogd init scripts
These are missing files for OpenRC.

Signed-off-by: Ryan Moeller <ryan@iXsystems.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-02-22 17:11:54 +01:00
Michal Privoznik
2ab278ec75 virDomainNetDefClear: Free @persistent name
The persistent alias name @persistent is allocated in
virDomainNetDefParseXML() but never freed.

==119642== 22 bytes in 2 blocks are definitely lost in loss record 178 of 671
==119642==    at 0x483579F: malloc (vg_replace_malloc.c:309)
==119642==    by 0x58F89F1: xmlStrndup (in /usr/lib64/libxml2.so.2.9.9)
==119642==    by 0x4BA3B74: virXMLPropString (virxml.c:520)
==119642==    by 0x4BDB0C5: virDomainNetDefParseXML (domain_conf.c:11876)
==119642==    by 0x4BF9EF4: virDomainDefParseXML (domain_conf.c:21196)
==119642==    by 0x4BFCD5B: virDomainDefParseNode (domain_conf.c:21943)
==119642==    by 0x4BFCC36: virDomainDefParse (domain_conf.c:21901)
==119642==    by 0x4BFCCCB: virDomainDefParseFile (domain_conf.c:21924)
==119642==    by 0x114A9D: testCompareXMLToArgv (qemuxml2argvtest.c:452)
==119642==    by 0x13894F: virTestRun (testutils.c:143)
==119642==    by 0x11F46E: mymain (qemuxml2argvtest.c:1316)
==119642==    by 0x13A60E: virTestMain (testutils.c:839

Fixes: fb0509d06ac57434c2edbd81ee63deb32a0e598a
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-21 11:13:20 +01:00
Michal Privoznik
d8b4f70e1e virDomainFSDefFree: Unref private data
The privateData object is allocated in virDomainFSDefNew() but
never unref'd.

==119642== 480 bytes in 20 blocks are definitely lost in loss record 656 of 671
==119642==    at 0x4837B86: calloc (vg_replace_malloc.c:762)
==119642==    by 0x57806A0: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.6000.7)
==119642==    by 0x4AE7392: virAllocVar (viralloc.c:331)
==119642==    by 0x4B64395: virObjectNew (virobject.c:241)
==119642==    by 0x48F1464: qemuDomainFSPrivateNew (qemu_domain.c:1427)
==119642==    by 0x4BBF004: virDomainFSDefNew (domain_conf.c:2307)
==119642==    by 0x4BD859A: virDomainFSDefParseXML (domain_conf.c:11217)
==119642==    by 0x4BF9DD1: virDomainDefParseXML (domain_conf.c:21179)
==119642==    by 0x4BFCD5B: virDomainDefParseNode (domain_conf.c:21943)
==119642==    by 0x4BFCC36: virDomainDefParse (domain_conf.c:21901)
==119642==    by 0x4BFCCCB: virDomainDefParseFile (domain_conf.c:21924)
==119642==    by 0x114A9D: testCompareXMLToArgv (qemuxml2argvtest.c:452)

Fixes: 5120577ed79f89e172e3deed534fa9b585f4701f
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-21 11:13:05 +01:00
Laine Stump
ef8de28cb0 conf: extra validation for <port isolated='yes'/>
During the hypervisor-agnostic validation of network devices, verify
that the interface type is either "network" or "bridge", and that if
there is any <virtualport>, that it doesn't have any type associated
with it.

This needs to be done both for the parse-time validation and for
runtime validation (after a port has been acquired from any associated
network), because an interface with type='network' could have an
actual type at runtime of "hostdev" or "direct", neither of which
support isolated='true' (yet). Likewise, if an interface is
type='network', then at runtime a <virtualport> with a type that
doesn't support isolated='yes' (e.g. "openvswitch", "802.1Qbh" -
currently *none* of the available virtualport types support it)

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-20 23:16:44 -05:00
Laine Stump
db7f262884 qemu: support updating <port isolated='yes|no'/> during device update
This setting can be updating very easily on an already active
interface by just changing it in sysfs. If the bridge used for
connection is also changed, there is no need to separately update it,
because the new setting isf done as a part of connecting to the bridge
anyway.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-20 23:15:56 -05:00
Laine Stump
2b8fd7334d qemu/lxc: plumb isolatedPort from config down through bridge attachment
This patch pushes the isolatedPort setting from the <interface> down
all the way to the callers of virNetDevBridgeAddPort(), and sets
BR_ISOLATED on the port (using virNetDevBridgePortSetIsolated()) after
the port has been successfully added to the bridge.

Signed-off-by: Laine Stump <laine@redhat.com>

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-20 23:13:15 -05:00
Laine Stump
de7c347d9b network: propagate <port isolated='yes'/> between network and domain
Similar to the way that the <vlan>, <bandwidth>, and <virtualport>
elements and the trustGuestRxFilters attribute in a <network> (or in
the appropriate <portgroup> element of a <network> can be applied to a
port when it is allocated for a domain's network interface, this patch
checks for a configured value of <port isolated="yes|no"/> in
either the domain <interface> or in the network, setting isolatedPort
in the <networkport> to the first one it finds (the setting from the
domain's <interface> is preferred). This, in turn, is passed back to
the domain when a port is allocated, so that the domain will use that
setting.

(One difference from <vlan>, <bandwidth>, <virtualport>, and
trustGuestRxFilters, is that all of those can be set in a <portgroup>
so that they can be applied only to a subset of interfaces connected
to the network. This didn't really make sense for the isolated setting
due to the way that it's implemented in Linux - the BR_ISOLATED flag
will prevent traffic from passing between two ports that both have
BR_ISOLATED set, but traffic can still go between those ports and
other ports that *don't* have BR_ISOLATED. (It would be nice if all
traffic from a BR_ISOLATED port could be blocked except traffic going
to/from a designated egress port or ports, but instead the entire
feature is implemented as a single flag. Because of this, it's really
only useful if all the ports on a network are isolated, so setting it
for a subset has no practical utility.)

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-20 23:11:29 -05:00
Laine Stump
31d95b182e conf: parse/format <port isolated='yes|no'/>
This is a very simple thing to parse and format, but needs to be done
in 4 places, so two trivial utility functions have been made that can
be called from all the higher level parser/formatters:

  <domain><interface>
  <domain><interface><actual> (only in domain status)
  <network>
  <networkport>

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-20 23:09:27 -05:00
Laine Stump
a378d8fa55 util: query/set BR_ISOLATED flag on netdevs attached to bridge
When this flag is set for an interface attached to a bridge, traffic
to/from the specified interface can only enter/exit the bridge via
another attached interface that *doesn't* have the BR_ISOLATED flag
set. This can be used to permit guests to communicate with the rest of
the network, but not with each other.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-20 23:07:53 -05:00
Laine Stump
3f8b57a61f qemu: save/restore original error when recovering from failed bridge attach
Not only was the original error code destroyed in the case of
encountering an error during recovery from a failed attach to the
bridge (and then *that* error was destroyed by logging a *second*
error about the failure to recover - virNetDevBridgeAddPort() already
logs an error, so the one about failing to recover was redundant), but
if the recovery was successful, the function would then return success
to the caller even though it had failed.

Fixes: 2711ac87160d7ac7d550c57f4339e6c6749942fa
(overwritten errors were introduced along with this functionality)
Fixes: 6bde0a1a37424c84492658223ff845b1ebb0e25c
(the wrong return value was introduced by a refactor)

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-20 23:05:24 -05:00
Michal Privoznik
739bb1f26f qemu_migration: Rearrange some checks in qemuMigrationSrcIsAllowed()
Firstly, the check for disk I/O error can be moved into 'if
(!offline)' section a few lines below.
Secondly, checks for vmstate and slirp should be moved under the
same section because they reflect live state of a domain. For
offline migration no QEMU is involved and thus these restrictions
are not valid.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-20 12:57:24 +01:00
Michal Privoznik
74ec3f4d7d qemu: Don't explicitly remove pidfile after virPidFileForceCleanupPath()
In two places where virPidFileForceCleanupPath() is called, we
try to unlink() the pidfile again. This is needless because
virPidFileForceCleanupPath() has done just that.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-20 12:57:19 +01:00
Michal Privoznik
ac21e39faa virpidfile: Set correct retval in virPidFileReadPath()
The virPidFileReadPath() function is supposed to return 0 on
success or a negative value on failure. But the negative value
has a special meaning - it's negated errno. Therefore, when
converting string to int we shouldn't return -1 which translates
to EPERM. Returning EINVAL looks closer to the truth.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-20 12:57:06 +01:00
Peter Krempa
a570dc6767 virStorageFileGetMetadataRecurse: Remove 'cleanup' label
There's nothing to clean up. Make it obvious what is returned.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-02-20 07:57:09 +01:00
Peter Krempa
01adad0932 virStorageFileGetMetadataRecurse: Extract storage access
Extract the code that directly deals with storage. This allows further
simplification and clarification of virStorageFileGetMetadataRecurse.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-02-20 07:57:09 +01:00
Peter Krempa
e3960f4b6d virStorageFileGetMetadataRecurse: Use virHashHasEntry instead of fake pointers
Replacing virHashLookup by virHashHasEntry allows us to use NULL as the
payload of the hash table rather than putting a fake '1' pointer into
the table.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-02-20 07:57:09 +01:00
Peter Krempa
157b8722cb virStorageFileGetMetadataRecurse: Expect NULL src->path
The path can be NULL e.g. for NBD disks. Use NULLSTR to prevent use of
NULL in %s.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-02-20 07:57:08 +01:00
Peter Krempa
b347e5c7dd virStorageFileGetMetadataRecurse: Shuffle around assignment of backing chain depth
Move the assignment to a place where we know that the backing store is
present rather than having to check in the cleanup section.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-02-20 07:57:08 +01:00
Peter Krempa
84df98f29e virStorageFileGetMetadataRecurse: Remove impossible error report
We call virStorageFileSupportsBackingChainTraversal which already checks
that the 'storageFileRead' callback is non-NULL, which in turn means
that virStorageFileRead will not return -2.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-02-20 07:57:08 +01:00
Peter Krempa
181fccc2ed util: storagefile: Drop image format probing by file suffix
Probing by file suffix was meant to be a last resort if probing by
contents fails or is not supported. For most formats we never specified
any suffix. There's a few formats implementing both magic bytes and
suffix and finally DMG which had only suffix probing. Since suffix
probing is nowhere reliable and only one format depends on in which has a
comment that qemu doesn't do the probing either drop the whole
infrastructure.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-02-20 07:57:08 +01:00
Jiri Denemark
0905f222f1 cpu_conf: Format vendor_id for host-model CPUs
In commit v5.9.0-400-gaf8e39921a I removed printing model's fallback and
vendor_id attributes when no model is specified. However, vendor_id
makes sense even without a specific CPU model (for host-model CPUs).

https://bugzilla.redhat.com/show_bug.cgi?id=1804549

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-19 15:11:40 +01:00
Peter Krempa
9bf9e0ae6a qemuDomainGetStatsIOThread: Don't leak array with 0 iothreads
qemuMonitorGetIOThreads returns a NULL-terminated list even when 0
iothreads are present. The caller didn't perform cleanup if there were 0
iothreads leaking the array.

https://bugzilla.redhat.com/show_bug.cgi?id=1804548

Fixes: d1eac92784573559b6fd56836e33b215c89308e3
Reported-by: Jing Yan <jiyan@redhat.com>
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-19 10:24:31 +01:00
Pavel Mores
e32934062d qemu: call networkPlugBandwidth() for all types of network
To fix the actual bug, it was necessary to make networkPlugBandwidth() be
called also for 'bridge'-type networks implemented using macvtap's 'bridge'
mode (previously it was only called for those implemented on top of an
existing bridge).

However, it seems beneficial to call it for other network types as well, at
least because it removes an inconsistency in types of bandwidth configuration
changes permissible in inactive and active domain configs.  It should also be
safe as the function pretty much amounts to NOP if no QoS is requested and the
new behaviour should not be any worse than before if it is.

Signed-off-by: Pavel Mores <pmores@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-02-17 17:26:38 +01:00
Pavel Mores
aa985af212 qemu: check if 'floor' is supported for given interface and network
Even if an interface of type 'network', setting 'floor' is only supported
if the network's forward type is nat, route, open or none.

Signed-off-by: Pavel Mores <pmores@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2020-02-17 17:26:31 +01:00
Pavel Mores
92a71456ac qemu: fail on attempt to set 'floor' if interface type is not 'network'
QoS 'floor' setting is documented to be only supported for interfaces of
type 'network'.  Fail with an error message on attempt to set 'floor' on
an interface of any other type.

Signed-off-by: Pavel Mores <pmores@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-02-17 17:25:59 +01:00
Pavel Mores
17f430eb5c qemu: test if bandwidth has 'floor' factored out to separate function
This compound condition will be useful in several places so it
makes sense to give it a name for better readability.

Signed-off-by: Pavel Mores <pmores@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-02-17 17:25:52 +01:00
Peter Krempa
e8a819e87f virStorageSourceParseBackingJSONRaw: Parse 'offset' and 'size' attributes
If the parsed 'raw' format JSON string has 'offset' or 'size' attributes
parse them as the format slice.

https://bugzilla.redhat.com/show_bug.cgi?id=1791788

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-14 16:32:21 +01:00
Peter Krempa
0e644e6e47 qemu: Add support for slices of type 'storage'
Implement support for the slice of type 'storage' which allows to set
the offset and size which modifies where qemu should look for the start
of the format container inside the image.

Since slicing is done using the 'raw' driver we need to add another
layer into the blockdev tree if there's any non-raw image format driver
used to access the data.

This patch adds the blockdev integration and setup of the image data so
that we can use the slices for any backing image.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-14 16:32:21 +01:00
Peter Krempa
73ca201467 qemu: block: Properly format storage slice into backing store strings
When creating overlay images e.g. for snapshots or when merging
snapshots we often specify the backing store string to use. Make the
formatter aware of backing chain entries which have a <slice>
configured so that we record it properly. Otherwise such images
would not work without the XML (when detecting the backing chain).

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-14 16:32:21 +01:00
Peter Krempa
f36d751fa6 qemu: domain: Store nodenames of slice in status XML
The storage slice will require a specific node name in cases when the
image format is not raw. Store and format them in the status XML.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-14 16:32:21 +01:00
Peter Krempa
bbf5d05cfd conf: Implement support for <slices> of disk source
Implement parsing and formatting of the 'storage' slice.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-14 16:32:21 +01:00
Peter Krempa
8c43037688 qemu: block: forbid creation of storage sources with <slice>
Specifically creating such images via libvirt during blockjobs would
be much more hassle than it's worth. Just forbid them for now.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-14 16:32:21 +01:00
Peter Krempa
a6eeda986e qemuDomainValidateStorageSource: Reject unsupported slices
We support explicit storage slices only when using blockdev. Storage
slices expressed via the backing store string are left to qemu to
open correctly.

Reject storage slices configured via the XML for non-blockdev usage.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-14 16:32:21 +01:00
Peter Krempa
c481881283 qemuBlockStorageSourceGetFormatRawProps: format 'offset' and 'size' for slice
If we have a 'format' type slice for a raw driver we can directly format
the values.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-14 16:32:21 +01:00
Peter Krempa
6efa046165 util: virstoragefile: Add data structure for storing storage source slices
Introduce virStorageSourceSlice which will store the 'offset' and 'size'
of a virStorageSource and declare it as 'sliceStorage' and 'sliceFormat'
attributes of a virStorageSource.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-14 16:32:21 +01:00
Peter Krempa
9fb7ccb3cf qemu: domain: Refactor formatting of node names into status XML
Use virXMLFormatElement to simplify the logic.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-14 16:32:21 +01:00
Michal Privoznik
b18328256b qemu_domain: Modify access to a NVMe disk iff needed
If a domain has a NVMe disk it already has the access configured.
Trying to configure it again on a commit or some other operation
is wrong and condemned to failure.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-14 16:08:23 +01:00
Andrea Bolognani
7c4bc108a9 qemu: Format the armvtimer timer on the command line
Its behavior is controlled by a KVM-specific CPU feature.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Masayoshi Mizuma <m.mizuma@jp.fujitsu.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-14 12:09:15 +01:00
Andrea Bolognani
aeddab230c qemu: Validate configuration for the armvtimer timer
Its use is limited to certain guest types, and it only supports
a subset of all possible tick policies.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Masayoshi Mizuma <m.mizuma@jp.fujitsu.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-14 12:09:11 +01:00
Andrea Bolognani
3809e88a87 conf: Introduce VIR_DOMAIN_TIMER_NAME_ARMVTIMER
This new timer model will be used to control the behavior of the
virtual timer for KVM ARM/virt guests.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Masayoshi Mizuma <m.mizuma@jp.fujitsu.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-14 12:09:07 +01:00
Andrea Bolognani
204e2306e5 qemu: Add the QEMU_CAPS_CPU_KVM_NO_ADJVTIME capability
We will use this capability to detect whether the QEMU binary
supports the kvm-no-adjvtime CPU feature.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Masayoshi Mizuma <m.mizuma@jp.fujitsu.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-14 12:09:02 +01:00
Andrea Bolognani
f8e923c1ba qemu: Use switch statement in qemuBuildCpuCommandLine()
Make sure we are taking all possible virDomainTimerNameType values
into account. This will make upcoming changes easier.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Masayoshi Mizuma <m.mizuma@jp.fujitsu.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-02-14 12:08:57 +01:00
Daniel P. Berrangé
9b82e2c4b0 qemu: drop support for monitor connections on PTYs
Libvirt switched to using a UNIX socket for monitors in
2009 for version 0.7.0. It seems unlikely that there is
a running QEMU process that hasn't been restarted for
11 years while also taking a libvirt upgrade. Therefore
we can drop support for opening a PTY for the QEMU
monitor.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-02-13 12:52:07 +00:00
Your Name
59afd9764d src: use closefrom() for mass closing of FDs
On FreeBSD 12 the default ulimit settings allow for 100,000
open file descriptors. As a result spawning processes in
libvirt is abominably slow. Fortunately FreeBSD has long
since provided a good solution in the form of closefrom(),
which closes all FDs equal to or larger than the specified
parameter.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-02-12 11:12:03 +00:00
Arnaud Patard
800aed4644
virt-aa-helper: Add support for smartcard host-certificates
When emulating smartcard with host certificates, qemu needs to
be able to read the certificates files. Add necessary code to
add the smartcard certificates file path to the apparmor profile.

Passthrough support has been tested with spicevmc and remote-viewer.

v2:
- Fix CodingStyle
- Add support for 'host' case.
- Add a comment to mention that the passthrough case doesn't need
  some configuration
- Use one rule with '{,*}' instead of two rules.

Signed-off-by: Arnaud Patard <apatard@hupstream.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Acked-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2020-02-12 10:35:04 +01:00