Commit Graph

20989 Commits

Author SHA1 Message Date
Dawid Zamirski
6f8ddbb83b vbox: Update ATTRIBUTE_UNUSED usage
Since the removal of VBOX <= 3x, the function arguments are actually
used so they should not be marked with ATTRIBUTE_UNUSED anymore.
2017-11-03 13:13:09 -04:00
Andrea Bolognani
3e7db8d3e8 Remove backslash alignment attempts
Right-aligning backslashes when defining macros or using complex
commands in Makefiles looks cute, but as soon as any changes is
required to the code you end up with either distractingly broken
alignment or unnecessarily big diffs where most of the changes
are just pushing all backslashes a few characters to one side.

Generated using

  $ git grep -El '[[:blank:]][[:blank:]]\\$' | \
    grep -E '*\.([chx]|am|mk)$$' | \
    while read f; do \
      sed -Ei 's/[[:blank:]]*[[:blank:]]\\$/ \\/g' "$f"; \
    done

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2017-11-03 13:24:12 +01:00
Peter Krempa
a92c4f7537 qemu: domain: skip chain detection to end of backing chain
When a user provides the backing chain, we will not need to re-detect
all the backing stores again, but should move to the end of the user
specified chain. Additionally if a user provides a full terminated chain
we should not attempt any further detection.
2017-11-03 10:27:32 +01:00
Peter Krempa
b0a46b609e qemu: domain: Prepare TLS data for the whole backing chain
Iterate through the backing chain when setting up TLS for disks.
2017-11-03 10:23:21 +01:00
Peter Krempa
beb1661f3d qemu: domain: Remove pointless alias check
When attaching the disks, aliases are always generated.
2017-11-03 10:23:21 +01:00
Peter Krempa
d565877312 qemu: domain: Destroy secrets for complete backing chain 2017-11-03 10:23:21 +01:00
Peter Krempa
e53a42f0f6 qemu: domain: Extract setup for disk source secrets
Separate it so that it deals only with single virStorageSource, so that
it can later be reused for full backing chain support.

Two aliases are passed since authentication is more relevant to the
'storage backend' whereas encryption is more relevant to the protocol
layer. When using node names, the aliases will be different.
2017-11-03 10:23:16 +01:00
Peter Krempa
2b757b964b qemu: domain: Simplify using DAC permissions of top of backing chain
qemuDomainGetImageIds and qemuDomainStorageFileInit are helpful when
trying to access a virStorageSource from the qemu driver since they
figure out the correct uid and gid for the image.

When accessing members of a backing chain the permissions for the top
level would be used. To allow using specific permissions per backing
chain level but still allow inheritance from the parent of the chain we
need to add a new parameter to the image ID APIs.
2017-11-03 09:15:41 +01:00
Peter Krempa
cc16fa2a85 security: selinux: Take parent security label into account
Until now we ignored user-provided backing chains and while detecting
the code inherited labels of the parent device. With user provided
chains we should keep this functionality, so label of the parent image
in the backing chain will be applied if an image-specific label is not
present.
2017-11-03 09:15:41 +01:00
Peter Krempa
2742dfee28 security: dac: Take parent security label into account
Until now we ignored user-provided backing chains and while detecting
the code inherited labels of the parent device. With user provided
chains we should keep this functionality, so label of the parent image
in the backing chain will be applied if an image-specific label is not
present.
2017-11-03 09:15:41 +01:00
Peter Krempa
023da7ddbd security: selinux: Pass parent storage source into image labeling helper
virSecuritySELinuxSetImageLabelInternal assigns different labels to
backing chain members than to the parent image. This was done via the
'first' flag. Convert it to passing in pointer to the parent
virStorageSource. This will allow us to use the parent virStorageSource
in further changes.
2017-11-03 09:15:41 +01:00
Peter Krempa
b4daf6af9a storage: Extract error reporting for broken chains
Simplify reporting the error if backing chain is broken for further
callers by extracting it into a separate function.
2017-11-03 09:15:41 +01:00
Peter Krempa
a93d750a7e storage: Add feature check for storage file backend supporting access check
When the user provides backing chain, we don't need the full support for
traversing the backing chain. This patch adds a feature check for the
virStorageSourceAccess API.
2017-11-03 09:15:41 +01:00
Peter Krempa
8c6b6684a8 storage: Extract common code to retrieve driver backend for support check
The 'file access' module of the storage driver has few feature checks to
determine whether libvirt supports given storage driver method. The code
to retrieve the driver struct needed for the check is the same so it can
be extracted.
2017-11-03 09:15:41 +01:00
Jiri Denemark
a1e3e8ddbd qemu: Add support for block-incremental migration parameter
We handle incremental storage migration in a different way. The support
for this new (as of QEMU 2.10) parameter is only needed for full
coverage of migration parameters used by QEMU.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-11-02 22:14:20 +01:00
Jiri Denemark
f6e2a70ae2 qemu: Add support for max-bandwidth migration parameter
We already support several ways of setting migration bandwidth and this
is not adding another one. With this patch we are able to read and write
this parameter using query-migrate-parameters and migrate-set-parameters
in one call with all other parameters.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-11-02 22:14:20 +01:00
Jiri Denemark
af1d2fe270 qemu: Rename TLS related migration parameters
The parameters used "migrate" prefix which is pretty redundant and
qemuMonitorMigrationParams structure is our internal representation of
QEMU migration parameters and it is supposed to use names which match
QEMU names.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-11-02 22:14:20 +01:00
Jiri Denemark
2384b6f019 qemu: Add support for setting downtime-limit migration parameter
We already support setting the maximum downtime with a dedicated
virDomainMigrateSetMaxDowntime API. This patch does not implement
another way of setting the downtime by adding a new public migration
parameter. It just makes sure any parameter we are able to get from a
QEMU monitor by query-migrate-parameters can be passed back to QEMU via
migrate-set-parameters.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-11-02 22:14:19 +01:00
Jiri Denemark
487759126b qemu: Drop giant if statement from qemuMonitorSetMigrationParams
The check can be easily replaced with a simple test in the JSON
implementation and we don't need to update it every time a new parameter
is added.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-11-02 22:14:19 +01:00
Jiri Denemark
6bc3d06700 qemu: Use macro for setting string migration parameters
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-11-02 22:14:19 +01:00
Jiri Denemark
27e5633724 qemu: Generalize APPEND macro in qemuMonitorJSONSetMigrationParams
The APPEND macro is now be usable for any type.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-11-02 22:14:18 +01:00
Jiri Denemark
7ddcab891e qemu: Use macro for parsing ull migration parameters
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-11-02 22:14:18 +01:00
Jiri Denemark
4fabc0caa0 qemu: Use macro for parsing string migration parameters
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-11-02 22:14:18 +01:00
Jiri Denemark
c04fbbd9c9 qemu: Generalize PARSE macro in qemuMonitorJSONGetMigrationParams
The macro (now called PARSE_SET) is now usable for any type which needs
a *_set bool for indicating a valid value.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-11-02 22:14:18 +01:00
Jiri Denemark
3b2674ff63 cpu_map: Add cqm alternative name for cmt
Linux kernel shows our "cmt" feature as "cqm". Let's mention the name in
the cpu_map.xml to make it easier to find.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-11-02 21:44:29 +01:00
Michal Privoznik
bc8a99ef06 virNetDevSupportBandwidth: Enable QoS for vhostuser
Since vhostuser type is really a tap that is just plugged into
different type of bridge, supporting QoS is trivial.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-10-27 14:59:29 +02:00
Michal Privoznik
98696fd170 qemuDomainSetInterfaceParameters: Explicitly reject unsupported net types
For instance, NET_TYPE_MCAST doesn't support setting QoS. Instead
of claiming success and doing nothing, we should be explicit
about that and report an error.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-10-27 14:59:29 +02:00
John Ferlan
c9f7a04e28 qemu.conf: Clarify the various _tls_x509_cert_dir descriptions
https://bugzilla.redhat.com/show_bug.cgi?id=1458630

Apparantly commit id 'dc4c2f75a' wasn't specific enough, so here's
a few more clarifications.
2017-10-27 05:53:45 -04:00
John Ferlan
2518fd3b6a storage: Allow creation of a LUKS using logical volume
https://bugzilla.redhat.com/show_bug.cgi?id=1427049

Use virStorageBackendCreateVolUsingQemuImg to apply the LUKS information
to the logical volume just created.  As part of the processing of the
lvcreate command add 2MB to the capacity to account for the LUKS header
when it's determined that the volume desires to use encryption.
2017-10-27 05:46:35 -04:00
John Ferlan
29c5c7d27e storage: Introduce virStorageBackendCreateVolUsingQemuImg
Create a shim that will allow other backends to make use of qemu-img
functionality to create or possibly modify the volume.
2017-10-27 05:46:35 -04:00
John Ferlan
e32a9ef420 storage: Extract out the LVCREATE
Refactor to extract out the LVCREATE command.  This also removes the
need for the local @created since the error path can now only be reached
after the creation of the logical volume.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-10-27 05:46:35 -04:00
John Ferlan
becb383a63 storage: Properly resize a local volume using LUKS
https://bugzilla.redhat.com/show_bug.cgi?id=1490279

Turns out the virStorageBackendVolResizeLocal did not differentiate
whether the target volume was a LUKS volume or not and just blindly
did the ftruncate() on the target volume.

Follow the volume creation logic (in general) and create a qemu-img
resize command to resize the target volume for LUKS ensuring that
the --object secret is provided as well as the '--image-opts' used
by the qemu-img resize logic to describe the path and secret ensuring
that it's using the luks driver on the volume of course.
2017-10-27 05:34:36 -04:00
John Ferlan
03984ae543 storage: Alter storageBackendCreateQemuImgSecretObject args
Since all that was really needed was a couple of fields and building
the object can be more generic, let's alter the args a bit. This will
be useful shortly for adding the secret object for a volume resize
operation on a luks volume that will need a secret object.
2017-10-27 05:31:19 -04:00
John Ferlan
07731f9917 storage: Add error path for virStorageBackendCreateQemuImgCmdFromVol
Rather than inline the various free's and return NULL, just create
an error label.
2017-10-27 05:31:19 -04:00
John Ferlan
ae94084b76 storage: Alter args to storageBackendResizeQemuImg
Rather than passing just the path, pass the virStorageVolDefPtr as we're
going to need it shortly.

Also fix the order of code and stack variables in the calling function
virStorageBackendVolResizeLocal.
2017-10-27 05:31:19 -04:00
Christian Ehrhardt
a150b86c4c virt-aa-helper: apparmor wildcards to forbidden chars
Some globbing chars in the domain name could be used to break out of
apparmor rules, so lets forbid these when in virt-aa-helper.

Also adding a test to ensure all those cases were detected as bad char.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2017-10-27 10:32:02 +02:00
Marc Hartmayer
a50b45a297 qemu: Fix memory leak in virQEMUCapsLoadCPUModels
Don't leak @blockNodes in the loop.

==226576== 7,120 bytes in 60 blocks are definitely lost in loss record 122 of 125
==226576==    at 0x4835214: calloc (vg_replace_malloc.c:711)
==226576==    by 0x4950D7B: virAllocN (viralloc.c:191)
==226576==    by 0x49EB5BB: virXPathNodeSet (virxml.c:676)
==226576==    by 0x104DB67: virQEMUCapsLoadCPUModels (qemu_capabilities.c:3738)
==226576==    by 0x105510D: virQEMUCapsLoadCache (qemu_capabilities.c:3929)
==226576==    by 0x104459F: qemuTestParseCapabilities (testutilsqemu.c:498)
==226576==    by 0x1040DC9: testQemuCapsCopy (qemucapabilitiestest.c:105)
==226576==    by 0x1041F07: virTestRun (testutils.c:180)
==226576==    by 0x1040B45: mymain (qemucapabilitiestest.c:181)
==226576==    by 0x104320F: virTestMain (testutils.c:1119)
==226576==    by 0x1041149: main (qemucapabilitiestest.c:193)

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-10-27 10:13:43 +02:00
Christian Ehrhardt
07fc5c9c06 virt-aa-helper: grant locking permission on -f
Hot-adding disks does not parse the full XML to generate apparmor rules.
Instead it uses -f <PATH> to append a generic rule for that file path.

580cdaa7: "virt-aa-helper: locking disk files for qemu 2.10" implemented
the qemu 2.10 requirement to allow locking on disks images that are part of
the domain xml.

But on attach-device a user will still trigger an apparmor deny by going
through virt-aa-helper -f, to fix that add the lock "k" permission to the
append file case of virt-aa-helper.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2017-10-26 12:48:32 +02:00
Jiri Denemark
8def32157a conf: Avoid leaking blockers from virDomainCapsCPUModel
When adding CPU usability blockers I forgot to properly free them when
in virDomainCapsCPUModelsDispose.

Reported-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2017-10-26 12:45:34 +02:00
Christian Ehrhardt
3080834fcd Increase default file handle limits for virtlockd
The assumption so far was an average of 4 disks per guest.
But some architectures, like s390x, still often use plenty of smaller disks.

To include those in the considerations an assumption of an average of 10
disks is more reasonable.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2017-10-26 12:29:28 +02:00
Christian Ehrhardt
d744476475 Increase default file handle limits for virtlogd
The initial assumption was ~2 files per guest, but some common setups
like Openstack drive up to 4 files per guest.

E.g. on Arm where the following XML leads to 4 file handles:
    <serial type='file'>
      <source path='/var/lib/nova/instances/7c0dcd78-.../console.log'/>
      <target port='0'/>
      <alias name='serial0'/>
    </serial>
    <console type='file'>
      <source path='/var/lib/nova/instances/7c0dcd78-.../console.log'/>
      <target type='serial' port='0'/>
      <alias name='serial0'/>
    </console>

With that in mind and the target to support 4k guests by default we
should raise the limit to 16k.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2017-10-26 12:29:28 +02:00
Jiri Denemark
32c29f10db qemu: Enabled pause-before-switchover migration capability
QEMU identified a race condition between the device state serialization
and the end of storage migration. Both QEMU and libvirt needs to be
updated to fix this.

Our migration work flow is modified so that after starting the migration
we to wait for QEMU to enter "pre-switchover", "postcopy-active", or
"completed" state. Once there, we cancel all block jobs as usual. But if
QEMU is in "pre-switchover", we need to resume the migration afterwards
and wait again for the real end (either "postcopy-active" or
"completed" state).

Old QEMU will just enter either "postcopy-active" or "completed"
directly, which is still correctly handled even by new libvirt. The
"pre-switchover" state will only be entered if QEMU supports it and the
pause-before-switchover capability was enabled. Thus all combinations of
libvirt and QEMU will work, but only new QEMU with new libvirt will
avoid the race condition.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-10-26 10:36:02 +02:00
Jiri Denemark
6addde24be qemu: Add pause-before-switchover migration capability
This new capability enables a pause before device state serialization so
that we can finish all block jobs without racing with the end of the
migration. The pause is indicated by "pre-switchover" state. Once we're
done QEMU enters "device" migration state.

This patch just defines the new capability and QEMU migration states and
their mapping to our job states.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-10-26 10:36:02 +02:00
Jiri Denemark
b5ec33b832 qemu: Add support for migrate-continue QMP command
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-10-26 10:36:02 +02:00
Dawid Zamirski
55223c2b16 vbox: Read runtime RDP port and handle autoport
VirutalBox has a IVRDEServerInfo structure available that
gives the effective runtime port that the VM is using when it's
running. This is useful when the "TCP/Ports" VBox property was set to
port range (e.g. via autoport = "yes" or via VBoxManage) in which
case it would be impossible to get the "active" port otherwise.
2017-10-26 01:03:18 -04:00
Dawid Zamirski
380815f8ef vbox: Make autoport set RDP port range.
Originally autoport in vbox driver was setting the port to default value
(3389) which caused multiple VM instances use the same port. Since
libvirt XML does not allow to set port ranges, this patch changes the
"autoport" behavior to set VBox's "TCP/Ports" property to an arbitrary
port range (3389-3689) to avoid that issue.
2017-10-25 11:14:21 -04:00
Dawid Zamirski
32845fd656 vbox: Remove old unflexible macros
The VBOX_SESSION_OPEN/CLOSE macros are only called in
_vboxDomainSnapshotRestore and they are unflexible because:

* assume the caller will have variable named "data"
* can only create Write lock type

As per above, it's not that hard to simply use the VBOX API directly.
2017-10-25 11:14:21 -04:00
Jiri Denemark
f26636887f qemu: Reset hasManagedSave after removing a corrupted image
When starting a domain with managed save image, we try to restore it
first. If the image is corrupted, we silently unlink it and just
normally start the domain. At this point the domain has no managed save
image, yet we did not reset the hasManagedSave flag.

https://bugzilla.redhat.com/show_bug.cgi?id=1460962

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-10-24 11:07:10 +02:00
Nikolay Shirokovskiy
05021e727d iohelper: use saferead if later write with O_DIRECT
One of the usecases of iohelper is to read from pipe and write
to file with O_DIRECT. As we read from pipe we can have partial
read and then we fail to write this data because output file
is open with O_DIRECT and buffer size is not aligned.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-10-24 10:53:18 +02:00
Jiri Denemark
55ac6a5d44 qemu: Set correct job status when qemuMigrationRun fails
Instead of enumerating all states which need to be turned into
QEMU_DOMAIN_JOB_STATUS_FAILED (and failing to add all of them), it's
better to mention just the one which needs to be left alone.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-23 10:08:29 +02:00
Jiri Denemark
73a352263c qemu: Consistently use exit_monitor in qemuMigrationRun
Almost every failure in qemuMigrationRun while we are talking to QEMU
monitor results in a jump to exit_monitor label. The only exception is
removed by this patch.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-23 10:08:29 +02:00
Jiri Denemark
af32e57f8e qemu: Don't misuse "ret" in qemuMigrationRun
The "ret" variable is used for storing the return value of a function
and should not be used as a temporary variable.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-23 10:08:29 +02:00
Jiri Denemark
7d2fbabcaf qemu: Unite error handling in qemuMigrationRun
Merge cancel and cancelPostCopy sections with the generic error section,
where we can easily decide whether canceling the ongoing migration is
required.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-23 10:08:29 +02:00
Jiri Denemark
c1a643b68f qemu: Split cleanup and error code in qemuMigrationRun
Let cleanup only do things common to both failure and success paths and
move error handling code inside the new "error" section.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-23 10:08:29 +02:00
Jiri Denemark
f8ede9cc23 qemu: Refactor qemuMigrationRun a bit
Some code which was supposed to be executed only when migration
succeeded was buried inside the cleanup code.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-23 10:08:29 +02:00
Jiri Denemark
9603262377 qemu: Use switch in qemuMigrationCompleted
When adding a new job state it's useful to let the compiler complain
about places where we need to think about what to do with the new
state.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-23 10:08:29 +02:00
Michal Privoznik
f3bc68e221 qemu: Parse alias from inactive XMLs
https://bugzilla.redhat.com/show_bug.cgi?id=1434451

This way users can uniquely identify devices at define time.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-10-23 09:01:46 +02:00
Michal Privoznik
0429e52f19 conf: Format alias even for inactive XMLs
We need to format alias even for inactive XMLs since that's the
way how users are going to identify their devices.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-10-23 08:56:55 +02:00
Michal Privoznik
92f41b3297 qemuDomainABIStabilityCheck: Check for memory aliases too
Since we will be allowing users to set device aliases and memory
devices are fragile when it comes to aliases we have to make sure
they won't change during migration. Other devices should be fine.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-10-23 08:52:08 +02:00
Michal Privoznik
e2797e3256 conf: Validate user supplied aliases
They have to be unique within the domain. As usual, backwards
compatibility takes its price. In this particular situation we
have a device that is represented twice in a domain and so is its
alias.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-10-23 08:52:01 +02:00
Michal Privoznik
c14f1ed206 conf: Parse user supplied aliases
If driver that is calling the parse supports user supplied
aliases, they can be parsed even for inactive XMLs. However, to
avoid any clashes with aliases that libvirt generates, the user
ones have to have "ua-" prefix.

Note, that some drivers don't have notion of device aliases at
all. Also, in order to support user supplied aliases some extra
checks need to be done (e.g. during hotplug). Therefore we can't
just enable this feature for all the drivers. Thus we need a flag
that drivers set to tell parsing code that they can handle user
supplied device aliases.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-10-22 13:49:46 +02:00
Michal Privoznik
ad30f069d1 qemu_alias: Be more tolerant if alias don't follow our format
When assigning alias to a device we usually iterate over other
devices of its kind trying to find next index. We do this by
stripping down the prefix and then parsing number at the end,
Usually, if the prefix doesn't match the one we are expecting, we
just continue with next iteration. Except for couple of
functions: qemuGetNextChrDevIndex(),
qemuAssignDeviceRedirdevAlias() and qemuAssignDeviceShmemAlias().

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-10-22 13:49:46 +02:00
John Ferlan
08d4e16f88 conf: Rename [n]macs and maxmacs to [n]names and maxnames
To avoid further confusion - rename the array elements to what they are.
2017-10-20 14:48:23 -04:00
Pavel Hrdina
727238de25 conf: duplicate interface name instead of MAC provided to lookup the interface
Introduced by 6094d6ec7f.
Found by running libvirt-perl tests.

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-10-20 16:28:38 +02:00
Julio Faracco
89622ebfad util: Missing 'removeTimeoutImpl' check variable inside virEventRegisterImpl() function.
The function virEventRegisterImpl() checks the attempt to replace the
registered events. But there is a duplicate variable inside the IF statement.
The variable 'removeHandleImpl' was wrongly repeated. One of them needs to be
replaced by 'removeTimeoutImpl'.

Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2017-10-20 15:15:35 +02:00
Jiri Denemark
58c1e16951 qemu: Enhance debug message in qemuMonitorSetMigrationCapability
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-20 13:37:03 +02:00
Jiri Denemark
38b0e4f58f qemu: Drop qemuMonitorGetMigrationCapability
The only remaining user of qemuMonitorGetMigrationCapability is our test
suite. Let's replace qemuMonitorGetMigrationCapability with
qemuMonitorGetMigrationCapabilities there and drop the unused function.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-20 13:37:03 +02:00
Jiri Denemark
310287b1c9 qemu: Use bitmap with migration capabilities
All calls to qemuMonitorGetMigrationCapability in QEMU driver are
replaced with qemuMigrationCapsGet.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-20 13:37:03 +02:00
Jiri Denemark
765d9b1245 qemu: Store supported migration capabilities in a bitmap
Each time we need to check whether a given migration capability is
supported by QEMU, we call query-migrate-capabilities QMP command and
lookup the capability in the returned list. Asking for the list of
supported capabilities once when we connect to QEMU and storing the
result in a bitmap is much better and we don't need to enter a monitor
just to check whether a migration capability is supported.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-20 13:36:56 +02:00
Jiri Denemark
19bade7ad9 qemu: Create a wrapper around qemuMonitorSetCapabilities
The new function is called qemuProcessInitMonitor and it will enter/exit
the monitor so that the caller doesn't have to deal with this.

The goal of this patch is to simplify the code in qemuConnectMonitor
which would otherwise be a bit hairy after the following patch.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-20 09:08:45 +02:00
John Ferlan
6094d6ec7f interfaces: Convert virInterfaceObjList to virObjectRWLockable
Rather than a forward linked list, let's use the virHashTable in
order to manage the objsName data.

Requires numerous changes from List to Object management similar to
many other drivers/vir*obj.c modules
2017-10-19 15:42:47 -04:00
John Ferlan
4102e22864 interface: Make _virInterfaceObjList virObjectRWLockable
Modify the allocation to be a real RWLockable object and add the
various RWLock{Read|Write} and RWUnlock calls to process the list
of interfaces.
2017-10-19 15:39:44 -04:00
John Ferlan
37537a7c64 conf: Add/Allow parsing the encryption in the disk source
Since the virStorageEncryptionPtr encryption; is a member of
 _virStorageSource it really should be allowed to be a subelement
of the disk <source> for various disk formats:

   Source{File|Dir|Block|Volume}
   SourceProtocol{RBD|ISCSI|NBD|Gluster|Simple|HTTP}

NB: Simple includes sheepdog, ftp, ftps, tftp

That way we can set up to allow the <encryption> element to be
formatted within the disk source, but we still need to be wary
from whence the element was read - see keep track and when it
comes to format the data, ensure it's written in the correct place.

Modify the qemuxml2argvtest to add a parse failure when there is an
<encryption> as a child of <disk> *and* an <encryption> as a child
of <source>.

The virschematest will read the new test files and validate from a
RNG viewpoint things are fine.
2017-10-19 15:32:50 -04:00
John Ferlan
8002d3cb1b conf: Add/Allow parsing the auth in the disk source
Since the virStorageAuthDefPtr auth; is a member of _virStorageSource
it really should be allowed to be a subelement of the disk <source>
for the RBD and iSCSI prototcols. That way we can set up to allow
the <auth> element to be formatted within the disk source.

Since we've allowed the <auth> to be a child of <disk>, we'll need
to keep track of how it was read so that when writing out we'll know
whether to format as child of <disk> or <source>. For the argv2xml
parsing, let's format under <source> as a preference. Do not allow
<auth> to be both a child of <disk> and <source>.

Modify the qemuxml2argvtest to add a parse failure when there is an
<auth> as a child of <disk> *and* an <auth> as a child of <source>.

Add tests to validate that if the <auth> was found in <source>, then
the resulting xml2xml and xml2arg works just fine.  The two new .args
file are exact copies of the non "-source" version of the file.

The virschematest will read the new test files and validate from a
RNG viewpoint things are fine

Update the virstoragefile, virstoragetest, and args2xml file to show
the "preference" to place <auth> as a child of <source>.
2017-10-19 15:26:49 -04:00
John Ferlan
0e2e22485e qemu: Move encinfo from private disk to private disk src
Since the encryption information can also be disk source specific
move it from qemuDomainDiskPrivate to qemuDomainStorageSourcePrivate

Since the last allocated element from qemuDomainDiskPrivate is
removed, that means we no longer need qemuDomainDiskPrivateDispose.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2017-10-19 18:20:30 +02:00
John Ferlan
ab0e32fbdf qemu: Relocate qemuDomainSecretInfoPtr to qemuDomainStorageSourcePrivate
Since the secret information is really virStorageSource specific
piece of data, let's manage the privateData from there instead of
at the Disk level.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2017-10-19 18:20:30 +02:00
John Ferlan
3ff3eb70c7 qemu: Introduce privateData object for virStorageSource
Add the object definition and helpers to store security-related private
data for virStorageSources.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2017-10-19 18:20:30 +02:00
John Ferlan
1f38445e43 util: storage: Introduce privateData for _virStorageSource
Introduce the bare necessities to add privateData to _virStorageSource.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2017-10-19 18:20:30 +02:00
John Ferlan
76a5ca62fb qemu: Add missing encinfo cleanup
When commit id 'da86c6c22' added support for diskPriv->encinfo in
qemuDomainSecretDiskPrepare a change to qemuDomainSecretDiskDestroy
to was missed. Although qemuDomainDiskPrivateDispose probably would
do the trick.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-10-19 18:20:30 +02:00
Michal Privoznik
4f15707202 qemu-ns: Detect /dev/* mount point duplicates better
https://bugzilla.redhat.com/show_bug.cgi?id=1495511

When creating new /dev for domain ran in namespace we try to
preserve all sub-mounts of /dev. Well, not quite all. For
instance if /dev/foo/bar and /dev/foo are both mount points, only
/dev/foo needs preserving. /dev/foo/bar is preserved with it too.
Now, to identify such cases like this one STRPREFIX() is used.
That is not good enough. While it works for [/dev/foo/bar;
/dev/foo] case, it fails for [/dev/prefix; /dev/prefix2] where
the strings share the same prefix but are in fact two different
paths. The solution is to use STRSKIP().

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2017-10-19 17:33:31 +02:00
Michal Privoznik
eebfdcb41e conf: Pass xmlopt down to virDomainDeviceInfoParseXML
This function is going to make decisions based on the features
set per each driver. For that we need the virDomainXMLOption
object.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-10-19 17:33:29 +02:00
Michal Privoznik
6bc4a371cf qemu: Be tolerant to preexisting aliases
In the future, some aliases might be already parsed therefore we
should avoid overwriting them.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-10-19 17:33:27 +02:00
Michal Privoznik
215ab7aa03 qemu: Move device alias assignment to separate functions
Let's move all the virAsprintf()-s into separate functions for
better structure of the code. Later, when somebody wants to
generate a device alias, all they need is to expose the function.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-10-19 17:32:50 +02:00
Michal Privoznik
16bb5a710e qemuAssignDeviceAliases: Use qemuAssignDeviceRNGAlias for assigning RNG aliases
We have a special function for assigning aliases to RNG devices.
Use that instead of plain virAsprintf().

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-10-19 17:28:56 +02:00
Michal Privoznik
93ef9cf21d virDomainObjGetOneDefState: Fix error message
It looks like the error message was copied from virsh, because
that's where we have @ctl. Nevertheless, it's @flags which is
invalid, not @ctl.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-10-19 17:28:56 +02:00
Peter Krempa
05d4323989 qemu: hotplug: Reuse qemuDomainAttachDiskGeneric in qemuDomainAttachUSBMassStorageDevice
Apart from killing a lot of code this also "implements" authentication
and encryption for USB disks.
2017-10-19 15:04:00 +02:00
Peter Krempa
4e6ac368a5 qemu: hotplug: Reuse qemuDomainAttachDiskGeneric in qemuDomainAttachSCSIDisk
Get rid of the first copy of the mess.
2017-10-19 15:02:44 +02:00
Peter Krempa
5b0dc7fdfd qemu: hotplug: extract disk hotplug worker code
This horrible piece of spaghetti code is copy-past(ae)d in the SCSI and
USB disk hotplug code with minimal changes. Extract it for further
reuse.
2017-10-19 15:00:58 +02:00
Peter Krempa
3c437ebf40 qemu: hotplug: Use disk target in debug/warning messages where appropriate
Some messages deal with the disk itself thus using the disk target is
better than using the disk source name which can be NULL in some cases.
2017-10-19 14:50:50 +02:00
Peter Krempa
c01a2e057f qemu: hotplug: Remove wrong check for empty disks
The check if the disk is empty is wrong and would spuriously reject NBD
sources. Remove it.
2017-10-19 14:50:50 +02:00
Peter Krempa
a4bac46c96 qemu: address: Remove dead code when un-reserving PCI address
The code can't fail so having error handling is pointless.
2017-10-19 14:50:50 +02:00
Ján Tomko
537e86f031 fix error message spacing in qemuDomainDetachNetDevice
Move the space after the colon.
2017-10-19 14:46:13 +02:00
Ján Tomko
311f4069f9 qemu: remove pointless address validation on hot unplug
Back in the times of using 'pci_del', unplugging a device without
a PCI address was not wired up.

After completely removing support for qemu without QEMU_CAPS_DEVICE,
aliases are used to uniquely identify devices in all cases.

Remove the pointless validation of data that was already present
in the domain definition.
2017-10-19 14:45:15 +02:00
Ján Tomko
8a0d84e25b qemuIsMultiFunctionDevice: return early for non-PCI addresses
There is no point in iterating over all devices if none of them
could possibly match.
2017-10-19 14:45:15 +02:00
Ján Tomko
67486bb295 qemu: implement input device hotunplug
Allow unplugging USB and virtio USB devices.

https://bugzilla.redhat.com/show_bug.cgi?id=1379603
2017-10-19 14:43:22 +02:00
Ján Tomko
bc9ffafcc7 qemu: implement input device hotplug
For both virtio input devices and USB input devices.

https://bugzilla.redhat.com/show_bug.cgi?id=1379603
2017-10-19 14:43:22 +02:00
Ján Tomko
c547a5f8d8 Introduce qemuBuildInputDevStr
A function that builds the -device string for input devices.
2017-10-19 14:43:22 +02:00
Ján Tomko
d059b24aea split out qemuAssignDeviceInputAlias
Move assignment of input device alias into a separate function,
for reuse on hotplug.
2017-10-19 14:43:20 +02:00
Ján Tomko
513a8d4588 qemu: allow cold unplugging of input devices
https://bugzilla.redhat.com/show_bug.cgi?id=1379603
2017-10-19 14:42:10 +02:00
Ján Tomko
ba589d88bc qemu: allow coldplugging input devices
https://bugzilla.redhat.com/show_bug.cgi?id=1379603
2017-10-19 14:42:10 +02:00
Ján Tomko
f0cab974af Use qemuDomainEnsureVirtioAddress where possible
There are two more cases where we set an S390/CCW/PCI address
type based on the machine type.

Reuse qemuDomainEnsureVirtioAddress to reduce repetition.
2017-10-19 14:41:55 +02:00
Ján Tomko
f16600ff91 Split out qemuDomainEnsureVirtioAddress
Split out the common code responsible for reserving/assigning
PCI/CCW addresses for virtio disks into a helper function
for reuse by other virtio devices.
2017-10-19 14:41:51 +02:00
Ján Tomko
5ec76b0cb4 Move qemuCheckCCWS390AddressSupport to qemu_domain
Let it be reused in qemu_domain_address.
2017-10-19 14:39:05 +02:00
Ján Tomko
fef2855366 qemuDomainAttachRNGDevice: do not access source.file randomly
We pass the source.file to qemuCheckCCWS390AddressSupport for
the purpose of reporting an error message without actually checking
that the rng device is of type VIR_DOMAIN_RNG_BACKEND_RANDOM.

Change it to a hardcoded "rng" string, which also avoids
referring to the device by a host-side attribute.
2017-10-19 14:34:21 +02:00
Ján Tomko
7afaaa934b qemuDomainAttachControllerDevice: remove dead code
After a successful attach, the device address has already been set.
Remove the pointless assignment.
2017-10-19 14:34:21 +02:00
Ján Tomko
2690b5b930 conf: audit passthrough input devices at domain startup
Introduce virDomainAuditInput and use it to log the evdev passed
to the guest.
2017-10-19 14:34:21 +02:00
Pavel Hrdina
d66fc71d31 qemu: implement virDomainSetLifecycleAction() API
There is one limitation for using this API, when the guest is started
with all actions set to "destroy" we put "-no-reboot" on the QEMU
command line.  That cannot be changed while QEMU is running and
the QEMU process is always terminated no matter what is configured
for any action.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1460677

Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-10-19 11:52:38 +02:00
Pavel Hrdina
e859da6f42 qemu: send allowReboot in migration cookie
We need to send allowReboot in the migration cookie to ensure the same
behavior of the virDomainSetLifecycleAction() API on the destination.

Consider this scenario:

    1. On the source the domain is started with:
        <on_poweroff>destroy</on_poweroff>
        <on_reboot>restart</on_reboot>
        <on_crash>destroy</on_crash>

    2. User calls an API to set "destroy" for <on_reboot>:
        <on_poweroff>destroy</on_poweroff>
        <on_reboot>destroy</on_reboot>
        <on_crash>destroy</on_crash>

    3. The guest is migrated to a different host

    4a. Without the allowReboot in the migration cookie the QEMU
        process on destination would be started with -no-reboot
        which would prevent using the virDomainSetLifecycleAction() API
        for the rest of the guest lifetime.

    4b. With the allowReboot in the migration cookie the QEMU process
        on destination is started without -no-reboot like it was started
        on the source host and the virDomainSetLifecycleAction() API
        continues to work.

The following patch adds a QEMU implementation of the
virDomainSetLifecycleAction() API and that implementation disallows
using the API if all actions are set to "destroy" because we add
"-no-reboot" on the QEMU command line.  Changing the lifecycle action
is in this case pointless because the QEMU process is always terminated.

Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-10-19 11:52:34 +02:00
Pavel Hrdina
a9d637e71e qemu: move detection whether to use -no-reboot to qemu_domain
This will be used later on in implementation of new API
virDomainSetLifecycleAction().  In order to use it, we need to store
the value in status XML to not lose the information if libvirtd is
restarted.

If some guest was started by old libvirt where it was not possible
to change the lifecycle action for running guest, we can safely
detect it based on the current actions from the status XML.

Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-10-19 11:52:30 +02:00
Pavel Hrdina
1a2f34e363 lib: introduce virDomainSetLifecycleAction() API
Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-10-19 11:52:26 +02:00
Pavel Hrdina
17f1a647a0 qemu: pass priv data instead of qemuCaps and autoNodeset
Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-10-19 11:52:24 +02:00
Pavel Hrdina
2dfef1240a qemu: pass priv data to qemuBuildMasterKeyCommandLine
Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-10-19 11:52:21 +02:00
Pavel Hrdina
ebf3abb166 qemu: pass priv data to qemuBuildPMCommandLine
Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-10-19 11:52:19 +02:00
Pavel Hrdina
b569ef0a76 qemu: pass priv data to qemuBuildMonitorCommandLine
Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-10-19 11:52:16 +02:00
Pavel Hrdina
e54d4d5e98 qemu: pass virDomainObjPtr to qemuBuildCommandLine
Extract the required data inside a function instead of passing it
all as arguments.

Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-10-19 11:52:13 +02:00
Pavel Hrdina
8c85b1ed4a conf: merge virDomainLifecycleCrashAction with virDomainLifecycleAction
There is no need to have two different enums where one has the same
values as the other one with some additions.

Currently for on_poweroff and on_reboot we allow only subset of actions
that are allowed for on_crash.  This was covered in parse time using
two different enums.  Now to make sure that we don't allow setting
actions that are not supported we need to check it while validating
domain config.

Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-10-19 11:52:09 +02:00
Pavel Hrdina
1ccf35b4f2 conf: introduce virDomainLifecycle enum to list all lifecycle types
Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-10-19 11:52:06 +02:00
Pavel Hrdina
55c63295b2 conf: rename virDomainLifecycleAction enum functions
Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-10-19 11:52:04 +02:00
Pavel Hrdina
21068580d6 conf: rename lifecycle enum values to correspond with typedef keyword
Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-10-19 11:51:53 +02:00
Jiri Denemark
86fde4d2b2 bhyve: Fix build
Commit v3.8.0-95-gfd885a06a dropped nmodels parameter from several APIs
in src/cpu/cpu.h, but failed to update all callers.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-10-19 11:13:54 +02:00
Erik Skultety
1af4580408 nodedev: udev: Hook up virFileWaitForAccess to work around uevent race
If we find ourselves in the situation that the 'add' uevent has been
fired earlier than the sysfs tree for a device was created, we should
use the best-effort approach and give kernel some predetermined amount
of time, thus waiting for the attributes to be ready rather than
discarding the device from our device list forever. If those don't appear
in the given time frame, we need to move on, since libvirt can't wait
indefinitely.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1463285

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-10-19 08:54:53 +02:00
Erik Skultety
caf26412b6 util: Introduce virFileWaitForExists
Since we have a number of places where we workaround timing issues with
devices, attributes (files in general) not being available at the time
of processing them by calling usleep in a loop for a fixed number of
tries, we could as well have a utility function that would do that.
Therefore we won't have to duplicate this ugly workaround even more.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-10-19 08:54:53 +02:00
Erik Skultety
cdbe13329a nodedev: udev: Convert udevEventHandleThread to an actual thread routine
Adjust udevEventHandleThread to be a proper thread routine running in an
infinite loop handling devices. The handler thread pulls all available
data from the udev monitor and only then waits until a wakeup signal for
new incoming data has been emitted by udevEventHandleCallback.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-10-19 08:54:53 +02:00
Erik Skultety
5a47baaf44 nodedev: udev: Split udevEventHandleCallback in two functions
This patch splits udevEventHandleCallback in two (introduces
udevEventHandleThread) in order to be later able to refactor the latter
to actually become a normal thread which will wait some time for the
kernel to create the whole sysfs tree for a device as we cannot do that
in the event loop directly.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-10-19 08:54:53 +02:00
Erik Skultety
6215b036e7 nodedev: udev: Unlock the private data before setting up 'system' node
udevSetupSystemDev only needs the udev data lock to be locked because of
calling udevGetDMIData which accesses some protected structure members,
but it can do that on its own just fine, no need to hold the lock the
whole time.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-10-19 08:54:53 +02:00
Erik Skultety
37e02f68d0 nodedev: udev: Remove driver locks from stateInitialize and stateCleanup
The driver locks are unnecessary here, since currently the cleanup is
only called from the main daemon thread, so we can't race here. Moreover
@devs and @privateData are self-lockable objects, so no problem there
either.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-10-19 08:54:53 +02:00
Erik Skultety
365553645c nodedev: udev: Convert udev private data to a lockable object
Since there's going to be a worker thread which needs to have some data
protected by a lock, the whole code would just simply get unnecessary
complex, since two sets of locks would be necessary, driver lock (for
udev monitor and event handle) and a mutex protecting thread-local data.
Given the future thread will need to access the udev monitor socket as
well, why not protect everything with a single lock, even better, by
converting the driver's private data to a lockable object, we get the
automatic object disposal feature for free.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-10-19 08:54:53 +02:00
Erik Skultety
c6a16d3c64 nodedev: udev: Introduce udevEventMonitorSanityCheck helper function
We need to perform a sanity check on the udev monitor before every
use so that we know nothing has changed in the meantime. The reason for
moving the code to a separate helper is to enhance readability and shift
the focus on the important stuff within the udevEventHandleCallback
handler.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-10-19 08:54:53 +02:00
Erik Skultety
643c74abff nodedev: Move privileged flag from udev private data to driver's state
Even though hal doesn't make use of it, the privileged flag is related
to the daemon/driver rather than the backend actually used.
While at it, get rid of some tab indentation in the driver state struct.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-10-19 08:54:52 +02:00
Erik Skultety
15a37cdf88 maint: Remove not-so-much informative block commentaries
There were a bunch of commentary blocks that were literally useless in
terms of describing what the code following them does, since most of
them were documenting "the obvious" or it just wouldn't help at all.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-10-18 13:38:59 +02:00
Erik Skultety
b08017ca54 maint: Replace tabs with spaces in all source files in repo
So we have a syntax-check rule to catch all tab indents but it naturally
can't catch tab spacing, i.e. as a delimiter. This patch is a result of
running 'vim -en +retab +wq'
(using tabstop=8 softtabstop=4 shiftwidth=4 expandtab) on each file from
a list generated by the following:
find . -regextype gnu-awk \
         -regex ".*\.(rng|syms|html|s?[ch]|py|pl|php(\.code)?)(\.in)?" \
         | xargs git grep -lP "\t"

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-10-18 13:25:10 +02:00
Peter Krempa
4a5cbba4bc util: storagefile: Track whether a virStorageSource was auto-detected
When formatting an inactive or migratable XML we will need to suppress
backing chain members which were detected from the disk to keep
semantics straight. This means we need to record, whether a
virStorageSource originates from autodetection.
2017-10-18 09:44:29 +02:00
Peter Krempa
bf75ed463c qemu: block: Add support for file/block/dir storage to JSON disk src generator
qemuBlockStorageSourceGetBackendProps now is able to format the JSON
definition for regular storage too.
2017-10-18 09:43:49 +02:00
Peter Krempa
5e24a36e0d qemu: command: Separate wrapping of disk backend props to 'file' object
The file object is needed when formatting the command line, but it makes
nesting of the objects less easy for use with blockdev. Separate the
wrapping into the 'file' object into a helper used specifically for disk
sources in the old code path.
2017-10-18 09:43:49 +02:00
Kothapally Madhu Pavan
7702cc1f80 qemu: Move qemuFreeKeywords into qemu_parse_command.c
Move qemuFreeKeywords into qemu_parse_command.c as
qemuParseKeywordsFree and call it rather than inline code
in multiple places.

Signed-off-by: Kothapally Madhu Pavan <kmp@linux.vnet.ibm.com>
2017-10-17 18:52:47 -04:00
Jiri Denemark
c1a63a5f7b qemu: Parse CPU stepping from query-cpu-model-expansion
Even though only family and model are used for matching CPUID data with
CPU models from cpu_map.xml, stepping is used by x86DataFilterTSX which
is supposed to disable TSX on CPU models with broken TSX support. Thus
we need to start parsing stepping from QEMU to make sure we don't
disable TSX on CPUs which provide working TSX implementation. See the
following patch for a real world example of such CPU.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-17 22:37:04 +02:00
Nikolay Shirokovskiy
921d61575d conf: fix use of uninitialized variable
If same boot order is specified twice (or more) in domain xml
we call free for uninitiaziled loadparm on cleanup in virDomainDeviceBootParseXML
and SIGABRT (or similar) as a result.
2017-10-17 15:49:25 -04:00
Nikolay Shirokovskiy
1071592e65 vz: fix typo for 0d3d020b 2017-10-17 21:27:05 +03:00
Nikolay Shirokovskiy
62d6de46fd vz: missing pieces for fd885a06 for vz driver 2017-10-17 21:27:05 +03:00
Jiri Denemark
6a6f6b91e0 qemu: Fix CPU model broken by older libvirt
When libvirt older than 3.9.0 reconnected to a running domain started by
old libvirt it could have messed up the expansion of host-model by
adding features QEMU does not support (such as cmt). Thus whenever we
reconnect to a running domain, revert to an active snapshot, or restore
a saved domain we need to check the guest CPU model and remove the
CPU features unknown to QEMU. We can do this because we know the domain
was successfully started, which means the CPU did not contain the
features when libvirt started the domain.

https://bugzilla.redhat.com/show_bug.cgi?id=1495171

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2017-10-17 15:08:05 +02:00
Jiri Denemark
e26cc8f82f qemu: Filter CPU features when using host CPU
When reconnecting to a domain started with a host-model CPU which was
started by old libvirt that did not replace host-model with the real CPU
definition, libvirt replaces the host-model CPU with the CPU from
capabilities (because this is what the old libvirt did when it started
the domain). Without this patch libvirt could use features unknown to
QEMU in the CPU definition which replaced the original host-model CPU.
Such domain would keep running just fine, but any attempt to migrate it
will fail and once the domain is saved or snapshotted, restoring it
would fail too.

In other words whenever we want to use the CPU definition from host
capabilities as a guest CPU definition, we have to filter the unknown
features.

https://bugzilla.redhat.com/show_bug.cgi?id=1495171

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2017-10-17 15:08:05 +02:00
Jiri Denemark
3276416904 conf: Introduce virCPUDefFindFeature
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2017-10-17 15:08:05 +02:00
Jiri Denemark
4b87b3675f qemu: Separate CPU updating code from qemuProcessReconnect
The new function is called qemuProcessRefreshCPU.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2017-10-17 15:08:05 +02:00
Jiri Denemark
e1ca8ecb46 qemu: Check QEMU error on failed migration
When migration fails, QEMU may provide a description of the error in
the reply to query-migrate QMP command. We can fetch this error and use
it instead of the generic "unexpectedly failed" message.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2017-10-17 10:41:45 +02:00
Peter Krempa
a693fdba01 Terminate backing chains explicitly
Express a properly terminated backing chain by putting a
virStorageSource of type VIR_STORAGE_TYPE_NONE in the chain. The newly
used helpers simplify this greatly.

The change fixes a bug as formatting an incomplete backing chain and
parsing it back would end up in expressing a terminated chain since
src->backingStoreRaw was not populated. By relying on the terminator
object this can be now processed appropriately.
2017-10-17 06:19:18 +02:00
Peter Krempa
0a294a8e28 util: storagefile: Add helpers to check presence of backing store
Add helpers that will simplify checking if a backing file is valid or
whether it has backing store. The helper virStorageSourceIsBacking
returns true if the given virStorageSource is a valid backing store
member. virStorageSourceHasBacking returns true if the virStorageSource
has a backing store child.

Adding these functions creates a central points for further refactors.
2017-10-17 06:19:18 +02:00
Peter Krempa
ee4d2df87d storage: Fill in 'type' field for virStorageSource in storage driver
Storage driver uses virStorageSource only partially to store it's
configuration but fully when parsing backing files of storage volumes.
This patch sets the 'type' field to a value other than
VIR_STORAGE_TYPE_NONE so that further patches can add a terminator
element to backing chains without breaking iteration.
2017-10-17 06:19:18 +02:00
Peter Krempa
e3fb414e77 util: storagefile: Tolerate NULL path when looking up volume in chain
chain->path may be NULL e.g. for NBD drives, so the check needs to avoid
dereferencing the path in such case
2017-10-17 06:19:18 +02:00
Peter Krempa
9cc8d6ee9e util: storage: use stored index to lookup disks
We can now use the backing store ID directly rather than counting the
number of images seen while looking up images.
2017-10-17 06:19:18 +02:00
Peter Krempa
c6231a6a6c util: storage: Store backing chain index in virStorageSource
The backing store indexes were not bound to the storage sources in any
way. To allow us to bind a given alias to a given storage source we need
to save the index in virStorageSource. The backing store ids are now
generated when detecting the backing chain.

Since we don't re-detect the backing chain after snapshots, the
numbering needs to be fixed there.
2017-10-17 06:19:18 +02:00
Peter Krempa
8b13c37f0b conf: domain: Simplify return from backing store parser
Use VIR_STEAL_PTR to remove conditional cleanup.
2017-10-17 06:19:18 +02:00
Kothapally Madhu Pavan
67a52f709a qemu: argv: parse qemu commandline memory arguments
Existing qemuParseCommandLineMem() will parse "-m 4G" format string.
This patch allows it to parse "-m size=8126464k,slots=32,maxmem=33554432k"
format along with existing format. And adds a testcase to validate the changes.

Signed-off-by: Kothapally Madhu Pavan <kmp@linux.vnet.ibm.com>
2017-10-16 11:18:25 -04:00
Ladi Prosek
a765e3094d hyperv: Map Limit to max_memory and VirtualQuantity to cur_balloon
Hyper-V uses its own specific memory management so no mapping is going to
be perfect. However, it is more correct to map Limit to max_memory (it
really is the upper limit of what the VM may potentially use) and keep
cur_balloon equal to total_memory.

The typical value returned from Hyper-V in Limit is 1 TiB, which is not
really going to work if interpreted as "startup memory" to be ballooned
away later.

Signed-off-by: Ladi Prosek <lprosek@redhat.com>
2017-10-16 10:29:32 -04:00
Ladi Prosek
5ae2d9c259 hyperv: Escape WQL queries
The code was vulnerable to SQL injection. Likely not a security issue due to
WMI SQL and other constraints but still lame. For example:

  virsh # dominfo \"
  error: failed to get domain '"'
  error: internal error: SOAP fault during enumeration: code 's:Sender', subcode
  'n:CannotProcessFilter', reason 'The data source could not process the filter.
  The filter might be missing or it might be invalid. Change the filter and try
  the request again.  ', detail 'The WS-Management service cannot process the
  request. The WQL query is invalid. '

This commit fixes the Hyper-V driver by escaping all WMI SQL string parameters.

The same command with the fix:

  virsh # dominfo \"
  error: failed to get domain '"'
  error: Domain not found: No domain with name "

Signed-off-by: Ladi Prosek <lprosek@redhat.com>
2017-10-16 10:29:32 -04:00
Ladi Prosek
bb8c2a76ca hyperv: Fix hypervInitConnection error reporting
"%s is not a Hyper-V server" is not a correct generalization of all possible
error conditions of hypervEnumAndPull. For example:

  $ virsh --connect hyperv://localhost/?transport=http
  Enter username for localhost [administrator]:
  Enter administrator's password for localhost: <enters incorrect password>
  error: failed to connect to the hypervisor
  error: internal error: localhost is not a Hyper-V server

This commit removes the general virReportError from hypervInitConnection and
also the "Invalid query" virReportError from hypervSerializeEprParam, which
does not correctly describe the error either (virBufferCheckError has
already set a meaningful error message at that point).

The same scenario with the fix:

  $ virsh --connect hyperv://localhost/?transport=http
  Enter username for localhost [administrator]:
  Enter administrator's password for localhost: <enters incorrect password>
  error: failed to connect to the hypervisor
  error: internal error: Transport error during enumeration: User, password or
  similar was not accepted (26)

Signed-off-by: Ladi Prosek <lprosek@redhat.com>
2017-10-16 10:29:32 -04:00
Daniel P. Berrange
441d3eb6d1 qemu: ensure TLS clients always verify the server certificate
The default_tls_x509_verify (and related) parameters in qemu.conf
control whether the QEMU TLS servers request & verify certificates
from clients. This works as a simple access control system for
servers by requiring the CA to issue certs to permitted clients.
This use of client certificates is disabled by default, since it
requires extra work to issue client certificates.

Unfortunately the code was using this configuration parameter when
setting up both TLS clients and servers in QEMU. The result was that
TLS clients for character devices and disk devices had verification
turned off, meaning they would ignore errors while validating the
server certificate.

This allows for trivial MITM attacks between client and server,
as any certificate returned by the attacker will be accepted by
the client.

This is assigned CVE-2017-1000256  / LSN-2017-0002

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-10-16 12:54:43 +01:00
Daniel P. Berrange
e371b3bf41 Use https:// links for most sites
This adds a rule to require https links for the libvirt, qemu
and kvm websites.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-10-16 10:22:34 +01:00
Ján Tomko
d007ec3344 qemu: reserve PCI addresses for implicit i440fx devices
Somewhere around commit 9ff9d9f reserving entire PCI slots was
eliminated, as demonstrated by commit 6cc2014.

Reserve the functions required by the implicit devices:
00:01.0 ISA Bridge
00:01.1 IDE Controller
00:01.2 USB Controller (unless USB is disabled)
00:01.3 Bridge

https://bugzilla.redhat.com/show_bug.cgi?id=1460143
2017-10-16 09:53:34 +02:00
Jiri Denemark
7bca16937a cputest: Test CPU usability blockers
Gather query-cpu-definitions results and use them for testing CPU model
usability blockers in CPUID to virCPUDef translation.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-16 09:23:20 +02:00
Jiri Denemark
9c9620af1d cpu_x86: Disable blockers from unusable CPU models
When decoding CPUID data to virCPUDef we need to be careful about using
a CPU model which cannot be directly used on the current host. Normally,
libvirt would notice the features which prevent the model from being
usable and it would disable them in the computed virCPUDef, but this
won't work in case the definition of the CPU model in QEMU contains more
features than what we have in cpu_map.xml. We need to count with the
usability blockers we got from QEMU and explicitly disable all of them
to make the computed virCPUDef usable.

https://bugzilla.redhat.com/show_bug.cgi?id=1464832

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-16 09:23:20 +02:00
Jiri Denemark
722ef4ff38 cpu_x86: Move x86FeatureFind* to avoid forward prototypes
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-16 09:23:20 +02:00
Jiri Denemark
20664ec779 conf: Introduce virDomainCapsCPUModelsGet
This internal API can be used to find a specific CPU model in
virDomainCapsCPUModels list.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-16 09:23:17 +02:00
Jiri Denemark
a62dca833e cpu: Drop unused parameter from cpuDecode
The "preferred" parameter is not used by any caller of cpuDecode
anymore. It's only used internally in cpu_x86 to implement cpuBaseline.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-16 09:21:52 +02:00
Jiri Denemark
fd885a06a0 cpu: Use virDomainCapsCPUModelsPtr in cpu driver APIs
All APIs which expect a list of CPU models supported by hypervisors were
switched from char **models and int models to just accept a pointer to
virDomainCapsCPUModels object stored in domain capabilities. This avoids
the need to transform virDomainCapsCPUModelsPtr into a NULL-terminated
list of model names and also allows the various cpu driver APIs to
access additional details (such as its usability) about each CPU model.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-16 09:21:52 +02:00
Jiri Denemark
e9f8e1b8e6 qemu: Parse unavailable features for CPU models
query-cpu-definitions QMP command returns a list of unavailable features
which prevent CPU models from being usable on the current host. So far
we only checked whether the list was empty to mark CPU models as
(un)usable. This patch parses all unavailable features for each CPU
model and stores them in virDomainCapsCPUModel as a list of usability
blockers.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-16 09:21:52 +02:00
Jiri Denemark
1255fa877a qemu: Store CPU usability blockers in caps cache
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-16 09:21:51 +02:00
Jiri Denemark
0861080f0e conf: Add usability blockers to virDomainCapsCPUModel
When a hypervisor marks a CPU model as unusable on the current host, it
may also give us a list of features which prevent the model from being
usable. Storing this list in virDomainCapsCPUModel will help the CPU
driver with creating a host-model CPU configuration.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-16 09:21:51 +02:00
Jiri Denemark
ef04596d76 util: Introduce virStringListCopy
The API makes a deep copy of a NULL-terminated string list.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-16 09:21:51 +02:00
Michal Privoznik
02555bfe5c virDomainDeviceInfoParseXML: Clear whole @info on failure
Currently, if parsing of device info fails info->alias is freed.
It doesn't make much sense to leave the rest of the struct
behind.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-10-13 17:55:41 -07:00
Michal Privoznik
83a517cfe6 virDomainDeviceInfoParseXML: Separate address parsing into separate func
There's one 'return' in the middle of the function body. It's
very easy to miss and so it makes adding new code harder. Also
the function doesn't follow our style 100%.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-10-13 17:55:41 -07:00
Michal Privoznik
be9978bb89 virDomainInterfaceStats: Accept MAC addresses properly
https://bugzilla.redhat.com/show_bug.cgi?id=1497396

In 0d3d020ba6 I've added capability to accept MAC addresses
for the API too. However, the implementation was faulty. It needs
to lookup the corresponding interface in the domain definition
and pass the ifname instead of MAC address.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-13 17:54:50 -07:00
John Ferlan
ac7cc62419 nodedev: Fix missing network devices
Commit id '8708ca01c' added a check to determine whether the NIC had
Switchdev capabilities; however, in doing so inadvertently would cause
network devices without a PCI device to not be added to the node device
database. Thus, network devices having a "computer" as a parent, such
as "net_lo*", "net_virbr*", "net_tun*", "net_vnet*", etc. were not added.

Alter the check to not even check for Switchdev bits if no PCI device found.
2017-10-13 20:29:06 -04:00
Michal Privoznik
0d3d020ba6 virDomainInterfaceStats: Accept MAC address too
https://bugzilla.redhat.com/show_bug.cgi?id=1497396

The other APIs accept both, ifname and MAC address. There's no
reason virDomainInterfaceStats can't do the same.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-13 13:46:59 -07:00
Michal Privoznik
e3909729d2 virDomainNetFind: Report error if no device found
Every caller reports the error themselves. Might as well move it
into the function and thus unify it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-13 13:46:36 -07:00
John Ferlan
d6efd72915 nodedev: Convert virNodeDeviceObjHasCap to bool
It only returns 0 or 1 anyway, let's be realistic

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-10-12 21:36:44 -04:00
John Ferlan
1b4ad370e9 nodedev: Convert virNodeDeviceObjList to use RWObjectLockable
Let's use the RWObjectLockable for the various list lock mgmt.
Only time need Write lock will be for Add/Remove logic.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-10-12 21:36:43 -04:00
John Ferlan
c37efe19e8 secrets: Convert to use ObjectRWLockable
Let's use the ObjectRWLockable for the various list lock mgmt.
Only time need Write lock will be for Add/Remove logic.
2017-10-12 21:30:52 -04:00
John Ferlan
3dcab1de5d network: Convert virNetworkObjList to use RWObjectLockable
Let's use the RWObjectLockable for the various list lock mgmt.
Only time need Write lock will be for Add, Remove, and Prune logic.
2017-10-12 18:30:39 -04:00
John Ferlan
0c691e9806 util: Resolve resource leak
Need to free @groups in the parent on success similar to other
APIs (virFile*) which use virGetGroupList and virFork.

Reported by Coverity.
2017-10-12 18:27:00 -04:00
Chao Fan
79b7ac43fa qemu: add the print of page size in cmd domjobinfo
The command "info migrate" of qemu outputs the dirty-pages-rate during
migration, but page size is different in different architectures. So
page size should be output to calculate dirty pages in bytes.

Page size is already implemented with commit
030ce1f8612215fcbe9d353dfeaeb2937f8e3f94 in qemu.
Now Implement the counter-part in libvirt.

Signed-off-by: Chao Fan <fanc.fnst@cn.fujitsu.com>
Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-10-12 17:06:07 +02:00
Nitesh Konkar
7388d055d4 cpu_ppc64: Error out when model tag missing in virsh cpu-compare xml
libvirtd throws unhandled signal 11 on ppc while running
virsh cpu-compare with missing model tag in the xml. This
patch errors out in such situation.

Signed-off-by: Nitesh Konkar <nitkon12@linux.vnet.ibm.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-10-12 16:37:54 +02:00
caoxinhua
0248098d38 Fix 1 << -1 in JOB_MASK macro
Calling JOB_MASK(QEMU_JOB_NONE) would result in 1 << -1.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-10-12 15:53:56 +02:00
Ján Tomko
f9267297cf qemu: clarify error message for index 0 PIIX3 USB controller
The address is restricted to 0:0:1.2 only for the piix3-uhci controller
at index 0.

https://bugzilla.redhat.com/show_bug.cgi?id=1460602
2017-10-11 09:39:23 +02:00
Andrea Bolognani
0e0e328dc1 qemu: Don't crash when parsing command line lacking -M
Parse the -M (or -machine) command line option before starting
processing in earnest and have a fallback ready in case it's not
present, so that while parsing other options we can rely on
def->os.machine being initialized.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1379218

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
2017-10-11 08:44:31 +02:00
Marc Hartmayer
20e3217a54 lxc: Fixed indentation
Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
2017-10-10 09:27:01 +01:00
Marc Hartmayer
7596b29fd1 lxc: Fixed a typo
Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
2017-10-10 09:27:00 +01:00
Marc Hartmayer
5fec1c3a5c util: Fix deadlock across fork()
This commit fixes the deadlock introduced by commit
0980764dee. The call getgrouplist() of
the glibc library isn't safe to be called in between fork and
exec (see commit 75c125641a).

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Fixes: 0980764dee ("util: share code between virExec and virCommandExec")
Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
2017-10-10 09:27:00 +01:00
Marc Hartmayer
2e88eeebb1 util: Add virCommandGetGID and virCommandGetUID
These functions are used by an upcoming commit.

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
2017-10-10 09:27:00 +01:00
Kothapally Madhu Pavan
9020c7d7e4 qemu: Remove redundant code in qemuParseCommandLineDisk
Signed-off-by: Kothapally Madhu Pavan <kmp@linux.vnet.ibm.com>
2017-10-10 08:36:22 +02:00
Wim ten Have
137391bda7 numa: rename function virDomainNumaDefCPUFormat
Rename virDomainNumaDefCPUFormat to virDomainNumaDefCPUFormatXML,
matching its peer virDomainNumaDefCPUParseXML and the general
vir*{Format,Parse}XML conventions.

Signed-off-by: Wim ten Have <wim.ten.have@oracle.com>
Reviewed-by:   Jim Fehlig <jfehlig@suse.com>
2017-10-06 11:09:49 -06:00
Wim ten Have
6c200c76f1 build: isolate core libvirt libs deps from xen runtime
Generating libvirt packages per make rpm, "with-libxl=1" and "with-xen=1",
adds strict runtime dependencies per libxenlight for xen-libs package from
core libvirt-libs package.  This is not necessary and unfortunate since
those dependencies set demand to "xen-libs" package even when there's no
need for libvirt xen or libxl driver components.

This patch is to have two separate xenconfig lib tool libraries: one for
core libvirt (without XL), and a another that contains xl for libxl driver
(libvirt_driver_libxl_impl.la) which when loading the driver, loads the
remaining symbols (xen{Format,Parse}XL. For the user/sysadmin, this means
the xen dependencies are moved into libxl driver, instead of core libvirt.

Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
Signed-off-by: Wim ten Have <wim.ten.have@oracle.com>
Reviewed-by:   Jim Fehlig <jfehlig@suse.com>
2017-10-06 10:21:37 -06:00
John Ferlan
746a18dbe8 storage: Use virStoragePoolObjGetDef accessor for Gluster backend
In preparation for privatizing the object, use the accessor.
2017-10-06 07:09:47 -04:00
John Ferlan
759fbdd00b storage: Use virStoragePoolObjGetDef accessor for FS backend
In preparation for privatizing the object, use the accessor.
2017-10-06 07:09:47 -04:00
John Ferlan
2bbb66c4b7 storage: Use virStoragePoolObjGetDef accessor for Sheepdog backend
In preparation for privatizing the object, use the accessor.
2017-10-06 07:09:47 -04:00
John Ferlan
7920d97ab9 storage: Use virStoragePoolObjGetDef accessor for Logical backend
In preparation for privatizing the object, use the accessor.
2017-10-06 07:09:47 -04:00
John Ferlan
cd3eecd839 storage: Use virStoragePoolObjGetDef accessor for Disk backend
In preparation for privatizing the object, use the accessor.
2017-10-06 07:09:47 -04:00
John Ferlan
c0682800cd storage: Use virStoragePoolObjGetDef accessor for storage_util
In preparation for privatizing the object, use the accessor.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-10-06 07:09:47 -04:00
John Ferlan
296d6e2d93 test: Use virStoragePoolObjGetDef accessor
In preparation for privatizing the object, use the accessor.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-10-06 06:53:05 -04:00
John Ferlan
bb34b61bdf test: Create local virStoragePoolObjPtr VolLookup APIs
Rather than accessing privconn->pools.objs[i] in the for loop,
let's use an @obj variable to make it easier to read the code.
2017-10-06 06:53:05 -04:00
John Ferlan
3a867d9e52 test: Rename @vol to @volDef in testOpenVolumesForPool
Make it more obvious as we're about to need to change how
obj->def gets referenced.

Perform a couple of minor cleanups along the way too.
2017-10-06 06:53:05 -04:00
John Ferlan
bfcd8fc924 storage: Use virStoragePoolObjGetDef accessor for driver
In preparation for privatizing the object, use the accessor to fetch
the obj->def instead of the direct reference.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-10-06 06:53:05 -04:00
John Ferlan
ee5498304f conf: Fix prototype/definition for virStoragePoolObj get functions
Modify virStoragePoolObjGetAutostartLink and
virStoragePoolObjGetConfigFile to return "const char *"
since that's how both are used and to ensure no one
tries to VIR_FREE the result.
2017-10-06 06:53:05 -04:00
Christian Ehrhardt
cbd609524d virt-aa-helper: put static rules in quotes
To avoid any issues later on if paths ever change (unlikely but
possible) and to match the style of other generated rules the paths
of the static rules have to be quoted as well.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2017-10-06 11:14:49 +02:00
Christian Ehrhardt
e79211ed23 virt-aa-helper: allow spaces in vm names
libvirt allows spaces in vm names, there were issues in the past but it
seems not removed so the assumption has to be that spaces are continuing
to be allowed.

Therefore virt-aa-helper should not reject spaces in vm names anymore if
it is going to be refused causing issues then the parser or xml schema
should do so.
Apparmor rules are in quotes, so a space in a path based on the name works.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-10-06 11:14:49 +02:00
Christian Ehrhardt
750e08443a virt-aa-helper: fix paths for usb hostdevs
If users only specified vendor&product (the common case) then parsing
the xml via virDomainHostdevSubsysUSBDefParseXML would only set these.
Bus and Device would much later be added when the devices are prepared
to be added.

Due to that a hot-add of a usb hostdev works as the device is prepared
and virt-aa-helper processes the new internal xml. But on an initial
guest start at the time virt-aa-helper renders the apparmor rules the
bus/device id's are not set yet:

p ctl->def->hostdevs[0]->source.subsys.u.usb
$12 = {autoAddress = false, bus = 0, device = 0, vendor = 1921, product
= 21888}

That causes rules to be wrong:
  "/dev/bus/usb/000/000" rw,

The fix calls virHostdevFindUSBDevice after reading the XML from
virt-aa-helper to only add apparmor rules for devices that could be found
and now are fully known to be able to write the rule correctly.

It uncondtionally sets virHostdevFindUSBDevice mandatory attribute as
adding an apparmor rule for a device not found makes no sense no matter
what startup policy it has set.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-10-06 11:14:49 +02:00
Peter Krempa
3cf0655c3a qemu: process: Don't redetect backing chain on reconnect
Skip purging the backing chain and redetecting it when it was not going
to change during the time we were not present.

The decision is based on the new flag which records whether there were
blockjobs running to the status XML.
2017-10-06 08:48:18 +02:00
Peter Krempa
1266495763 qemu: process: Simplify access to individual disk when reconnecting
Add a helper variable so that we don't have to access the disk via 3
indirections.
2017-10-06 08:48:10 +02:00
Peter Krempa
802fd24506 qemu: domain: Mark if no blockjobs are active in the status XML
Note when no blockjobs are running in the status XML so that we know
that the backing chain will not change until we reconnect.
2017-10-06 08:47:30 +02:00
Peter Krempa
d868366fe3 util: Add functions to simplify bool->virTristate(Bool|Switch) assignment
virTristateBoolFromBool and virTristateSwitchFromBool convert a boolean
to the correct enum value.
2017-10-06 08:47:30 +02:00
Michal Privoznik
662140fa68 qemu: hot-unplug of watchdog
https://bugzilla.redhat.com/show_bug.cgi?id=1447169

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-05 14:23:20 +02:00
Michal Privoznik
361c8dc179 qemu: hot-plug of watchdog
https://bugzilla.redhat.com/show_bug.cgi?id=1447169

Since domain can have at most one watchdog it simplifies things a
bit. However, since we must be able to set the watchdog action as
well, new monitor command needs to be used.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-05 14:23:20 +02:00
Michal Privoznik
8a54cc1d08 qemuDomainDeviceDefValidate: Validate watchdog
Currently we don't do it. Therefore we accept senseless
combinations of models and buses they are attached to.
Moreover, diag288 watchdog is exclusive to s390(x).

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-05 14:23:20 +02:00
Peter Krempa
cb1e4ca203 qemu: driver: Save status XML when starting a block job
Few jobs (which don't) use the 'mirror' element did not save the status
XML. It will be helpful to do so once we start tracking jobs fully.
2017-10-05 10:36:56 +02:00
Peter Krempa
d39173ff7a qemu: blockjob: Always save config XML when a blockjob is finished
For VMs with persistent config the config may change upon successful
completion of a job. Save it always if a persistent VM finishes a
blockjob. This will simplify further additions.
2017-10-05 10:36:56 +02:00
Peter Krempa
f7954d6b07 qemu: blockjob: Always save status XML after block event
The status XML would be saved only for the copy job (in case of success)
or on failure even for other jobs. As the status contains the backing
chain data, which change after success we should always save it on
block job completion.
2017-10-05 10:36:56 +02:00
Peter Krempa
8418aed978 qemu: process: move disk presence checking to host setup function
Checking of disk presence accesses storage on the host so it should be
done from the host setup function. Move the code to new function called
qemuProcessPrepareHostStorage and remove qemuDomainCheckDiskPresence.
2017-10-05 09:46:46 +02:00
Peter Krempa
0c09c5b0d1 qemu: process: Move TLS setup for storage source to qemuProcessPrepareDomainStorage 2017-10-05 09:45:59 +02:00
Peter Krempa
f1cec8829e qemu: process: Move 'volume' translation to domain prepare stage
Introduce a new function to prepare domain disks which will also do the
volume source to actual disk source translation.

The 'pretend' condition is not transferred to the new location since it
does not help in writing tests and also no tests abuse it.
2017-10-05 09:45:10 +02:00
Peter Krempa
76039bba87 qemu: domain: Document and export qemuDomainCheckDiskStartupPolicy 2017-10-05 09:40:15 +02:00
Peter Krempa
2e78c588d8 qemu: process: Pass flags to qemuProcessPrepareHost
Pass flags to the function rather than just whether we have incoming
migration. This also enforces correct startup policy for USB devices
when reverting from a snapshot.
2017-10-05 09:40:13 +02:00
Peter Krempa
b8c0262efa qemu: migration: Extract flags for starting VM into a variable
qemuMigrationPrepareAny called multiple of the functions starting the
qemu process for incoming migration by adding the flags explicitly.
Extract them to a variable so that they can be easily used for other
calls or changed in the future.
2017-10-05 09:38:15 +02:00
Peter Krempa
fda4298515 qemu: process: document parameters for startup preparing functions
Document mainly what flag values are passed in.
2017-10-05 09:37:47 +02:00
Peter Krempa
79edca277a qemu: command: Move PPC fdc check to domain validation
Apart from not littering the command line generator, the added benefit
is that new configs with a FDC will be rejected at define stage.
2017-10-05 09:28:37 +02:00
Peter Krempa
627f489e5d qemu: command: Separate validation from command line building for -drive
Remove validation code into a separate function so that it's not
interleaved with actual building of the command line.
2017-10-05 09:28:37 +02:00
Michal Privoznik
57b17c8d84 libvirt-domain: Document interface stats POV
Interestingly enough, we don't document the point of view of the
interface statistics. Therefore it's unknown to users if for
instance rx_packets is the number of packets received by domain or
received by host (from domain). Document this explicitly.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-10-05 09:16:05 +02:00
Michal Privoznik
cea3715b2e QoS: Set classes and filters in proper direction
Similarly to previous patch, for some types of interface domain
and host are on the same side of RX/TX barrier. In that case, we
need to set up the QoS differently. Well, swapped.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-05 09:16:05 +02:00
Michal Privoznik
d86fd2402e virNetDevTapInterfaceStats: Allow caller to not swap the statistics
https://bugzilla.redhat.com/show_bug.cgi?id=1497410

The comment in virNetDevTapInterfaceStats() implementation for
Linux states that packets transmitted by domain are received by
the host and vice versa. Well, this is true but not for all types
of interfaces. For instance, for macvtaps when TAP device is
hooked right onto a physical device any packet that domain sends
looks also like a packet sent to the host. Therefore, we should
allow caller to chose if the stats returned should be straight
copy or swapped.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-05 09:16:05 +02:00
Michal Privoznik
c2c47b586f src: Use virDomainNetFindByName
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-05 09:16:05 +02:00
Michal Privoznik
784742c762 conf: Introduce virDomainNetFindByName
Small wrapper to lookup interface in domain definition by its
name.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-05 09:16:05 +02:00
Michal Privoznik
98eabee0a1 qemuDomainInterfaceStats: Check for the actual type of interface
Users might have configured interface so that it's type of
network, but the corresponding network plugs interfaces into an
OVS bridge. Therefore, we have to check for the actual type of
the interface instead of the configured one.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-05 09:16:05 +02:00
Michal Privoznik
d4588bb957 lxc: Drop useless ifdef __linux__
This code compiles only on Linux. Therefore the condition we
check is always true.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-05 09:16:05 +02:00
Pavel Hrdina
000e950455 storage: Fix incorrect parenthesis placement
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1498528

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-10-04 18:52:54 +02:00
Lin Ma
abca72faa4 qemu: Support multiqueue virtio-blk
qemu 2.7.0 introduces multiqueue virtio-blk(commit 2f27059).
This patch introduces a new attribute "queues". An example of
the XML:

<disk type='file' device='disk'>
  <driver name='qemu' type='qcow2' queues='4'/>

The corresponding QEMU command line:

-device virtio-blk-pci,scsi=off,num-queues=4,id=virtio-disk0

Signed-off-by: Lin Ma <lma@suse.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2017-10-04 17:50:53 +02:00
Lin Ma
c7bdeed559 qemucapstest: Update test data for 'num-queues' property of virtio-blk
Signed-off-by: Lin Ma <lma@suse.com>
2017-10-04 17:50:53 +02:00
Michal Privoznik
7e9f171d8b virDomainNetFindIdx: Ignore auto generated MAC addresses
When detaching an <interface/> from a domain, the MAC address is
parsed and if not present one is generated. If no corresponding
interface is found in the domain, the following error is
reported:

error: operation failed: no device matching mac address 52:54:00:75:32:5b found

where the MAC address is the auto generated one. This might be
very confusing. Solution to this is to ignore auto generated MAC
address when looking up the device.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2017-10-04 17:10:12 +02:00
Michal Privoznik
7e62c4cd26 virmacaddr: Track if MAC address is autogenerated
It will come handy to know if the MAC address was generated (e.g.
during XML parse) or if it was parsed since provided by user in
the XML.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2017-10-04 17:10:12 +02:00
Michal Privoznik
b2482c084a qemuParseCommandLineNet: Make it more readable
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2017-10-04 17:10:12 +02:00
John Ferlan
f2fb783bb6 nwfilter: Fix memory leak and error path
Found by Coverity. If virNWFilterHashTablePut, then the 3rd arg @val
must be free'd since it would be leaked.

This also fixes potential problem on the error path where the caller
could assume the virNWFilterHashTablePut was successful when in fact
it failed leading to other issues.
2017-10-04 06:22:02 -04:00
John Ferlan
ca3bef4cec nwfilter: Clean up virNWFilterDetermineMissingVarsRec returns
Rather than using loop break;'s in order to force a return
of rc = -1, let's just return -1 immediately on the various
error paths and then return 0 on the success path.
2017-10-04 06:22:02 -04:00
Kothapally Madhu Pavan
65a983eca1 util: Free a pointer in virPolkitCheckAuth
Free DBusMessage pointer in virPolkitCheckAuth

Signed-off-by: Kothapally Madhu Pavan <kmp@linux.vnet.ibm.com>
2017-10-04 11:20:17 +02:00
Peter Krempa
5047524baa conf: Split out parsing of network disk source XML elements
virDomainDiskSourceParse got to the point of being an ugly spaghetti
mess by adding more and more stuff into it. Split out parsing of network
disk information into a separate function so that it stays contained.
2017-10-04 10:38:49 +02:00
John Ferlan
a55eaced60 nwfilter: Don't have virNWFilterIPAddrMapAddIPAddr consume input
On pure success paths, virNWFilterIPAddrMapAddIPAddr was validly
consuming the input @addr; however, on failure paths it was possible
that virNWFilterVarValueCreateSimple succeed, but virNWFilterHashTablePut
failed resulting in virNWFilterVarValueFree being called to clean
up @val which also cleaned up the input @addr. Thus the caller had
no way to determine on failure whether it too should clean up the
passed parameter.

Instead, let's create a copy of the input @addr, then handle that
properly in the API allowing/forcing the caller to free it's own
copy of the input parameter.
2017-10-02 06:14:32 -04:00
John Ferlan
039702174c Revert "nwfilter: Fix possible segfault on sometimes consumed variable"
This reverts commit 6209bb32e5.

This turns out to be the wrong adjustment
2017-10-02 06:14:32 -04:00
Ashish Mittal
6885b51e5f qemu: Add TLS support for Veritas HyperScale (VxHS)
Alter qemu command line generation in order to possibly add TLS for
a suitably configured domain.

Sample TLS args generated by libvirt -

    -object tls-creds-x509,id=objvirtio-disk0_tls0,dir=/etc/pki/qemu,\
    endpoint=client,verify-peer=yes \
    -drive file.driver=vxhs,file.tls-creds=objvirtio-disk0_tls0,\
    file.vdisk-id=eb90327c-8302-4725-9e1b-4e85ed4dc251,\
    file.server.type=tcp,file.server.host=192.168.0.1,\
    file.server.port=9999,format=raw,if=none,\
    id=drive-virtio-disk0,cache=none \
    -device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\
    id=virtio-disk0

Update the qemuxml2argvtest with a couple of examples. One for a
simple case and the other a bit more complex where multiple VxHS disks
are added where at least one uses a VxHS that doesn't require TLS
credentials and thus sets the domain disk source attribute "tls = 'no'".

Update the hotplug to be able to handle processing the tlsAlias whether
it's to add the TLS object when hotplugging a disk or to remove the TLS
object when hot unplugging a disk.  The hot plug/unplug code is largely
generic, but the addition code does make the VXHS specific checks only
because it needs to grab the correct config directory and generate the
object as the command line would do.

Signed-off-by: Ashish Mittal <Ashish.Mittal@veritas.com>
Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-09-28 09:45:14 -04:00
John Ferlan
5c09486c1e qemu: Introduce qemuDomainPrepareDiskSource
Introduce a function to setup any TLS needs for a disk source.

If there's a configuration or other error setting up the disk source
for TLS, then cause the domain startup to fail.

For VxHS, follow the chardevTLS model where if the src->haveTLS hasn't
been configured, then take the system/global cfg->haveTLS setting for
the storage source *and* mark that we've done so via the tlsFromConfig
setting in storage source.

Next, if we are using TLS, then generate an alias into a virStorageSource
'tlsAlias' field that will be used to create the TLS object and added to
the disk object in order to link the two together for QEMU.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-09-28 09:45:14 -04:00
Ashish Mittal
f170548502 util: Add TLS attributes to virStorageSource
Add an optional virTristateBool haveTLS to virStorageSource to
manage whether a storage source will be using TLS.

Sample XML for a VxHS disk:

<disk type='network' device='disk'>
  <driver name='qemu' type='raw' cache='none'/>
  <source protocol='vxhs' name='eb90327c-8302-4725-9e1b-4e85ed4dc251' tls='yes'>
    <host name='192.168.0.1' port='9999'/>
  </source>
  <target dev='vda' bus='virtio'/>
</disk>

Additionally add a tlsFromConfig boolean to control whether the TLS
setting was due to domain configuration or qemu.conf global setting
in order to decide whether to Format the haveTLS setting for either
a live or saved domain configuration file.

Update the qemuxml2xmltest in order to add a test to show the proper
parsing.

Also update the docs to describe the tls attribute.

Signed-off-by: Ashish Mittal <Ashish.Mittal@veritas.com>
Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-09-28 09:45:14 -04:00
Ashish Mittal
bd6fdcd806 conf: Introduce TLS options for VxHS block device clients
Add a new TLS X.509 certificate type - "vxhs". This will handle the
creation of a TLS certificate capability for properly configured
VxHS network block device clients.

The following describes the behavior of TLS for VxHS block device:

  (1) Two new options have been added in /etc/libvirt/qemu.conf
      to control TLS behavior with VxHS block devices
      "vxhs_tls" and "vxhs_tls_x509_cert_dir".
  (2) Setting "vxhs_tls=1" in /etc/libvirt/qemu.conf will enable
      TLS for VxHS block devices.
  (3) "vxhs_tls_x509_cert_dir" can be set to the full path where the
      TLS CA certificate and the client certificate and keys are saved.
      If this value is missing, the "default_tls_x509_cert_dir" will be
      used instead. If the environment is not configured properly the
      authentication to the VxHS server will fail.

Signed-off-by: Ashish Mittal <Ashish.Mittal@veritas.com>
Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-09-28 09:45:14 -04:00
John Ferlan
6209bb32e5 nwfilter: Fix possible segfault on sometimes consumed variable
The virNWFilterIPAddrMapAddIPAddr code can consume the @addr parameter
on success when the @ifname is found in the ipAddressMap->hashTable
hash table in the call to virNWFilterVarValueAddValue; however, if
not found in the hash table, then @addr is formatted into a @val
which is stored in the table and on return the caller would be
expected to free @addr.

Thus, the caller has no way to determine on success whether @addr was
consumed, so in order to fix this create a @tmp variable which will
be stored/consumed when virNWFilterVarValueAddValue succeeds. That way
the caller can free @addr whether the function returns success or failure.
2017-09-28 06:29:21 -04:00
Pavel Hrdina
5c52aed174 rpc: for messages with FDs always decode count of FDs from the message
The packet with passed FD has the following format:

    --------------------------
    | len | header | payload |
    --------------------------

where "payload" has an additional count of FDs before the actual data:

    ------------------
    | nfds | payload |
    ------------------

When the packet is received we parse the "header", which as a side
effect updates msg->bufferOffset to point to the beginning of "payload".
If the message call contains FDs, we need to also parse the count of
FDs, which also updates the msg->bufferOffset.

The issue here is that when we attempt to read the FDs data from the
socket and we receive EAGAIN we finish the reading and call poll()
to wait for the data the we need.  When the data arrives we already have
the packet in our buffer so we read the "header" again but this time
we don't read the count of FDs because we already have it stored.

That means that the msg->bufferOffset is not updated to point to the
actual beginning of the payload data, but it points to the count of
FDs.  After all FDs are processed we dispatch the message to process
it and decode the payload.  Since the msg->bufferOffset points to wrong
data, we decode the wrong payload and the API call fails with
error messages:

    Domain not found: no domain with matching uuid '67656e65-7269-6300-0c87-5003ca6941f2' ()

Broken by commit 133c511b52 which fixed a FD and memory leak.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-09-27 18:56:32 +02:00
Peter Krempa
3685e2dd64 qemu: domain: Extract common clearing of VM private data
VM private data is cleared when the VM is turned off and also when the
VM object is being freed. Some of the clearing code was duplicated.
Extract it to a separate function.

This also removes the now unnecessary function
qemuDomainClearPrivatePaths.
2017-09-27 17:02:02 +02:00
Ján Tomko
959fe7de1f Shrink volume even with ALLOCATE flag
Calling fallocate on the new (smaller) capacity ensures
that the whole file is allocated, but it does not reduce
the file size.

Also call ftruncate after fallocate.

https://bugzilla.redhat.com/show_bug.cgi?id=1366446
2017-09-27 14:40:44 +02:00
Ján Tomko
3f702f5ab1 virStorageFileResize: fallocate the whole capacity
We have been trying to implement the ALLOCATE flag to mean
"the volume should be fully allocated after the resize".

Since commit b0579ed9 we do not allocate from the existing
capacity, but from the existing allocation value.
However this value is a total of all the allocated bytes,
not an offset.

For a sparsely allocated file:
$ perl -e 'print "x"x8192;' > vol1
$ fallocate -p -o 0 -l 4096 vol1
$ virsh vol-info vol1 default
Capacity:       8.00 KiB
Allocation:     4.00 KiB

Treating allocation as an offset would result in an incompletely
allocated file:
$ virsh vol-resize vol1 --pool default 16384 --allocate
Capacity:       16.00 KiB
Allocation:     12.00 KiB

Call fallocate from zero on the whole requested capacity to fully
allocate the file. After that, the volume is fully allocated
after the resize:
$ virsh vol-resize vol1 --pool default 16384 --allocate
$ virsh vol-info vol1 default
Capacity:       16.00 KiB
Allocation:     16.00 KiB
2017-09-27 14:40:44 +02:00
Ján Tomko
5463d95969 use virFileAllocate in virStorageFileResize
Introduce a new function virFileAllocate that will call the
non-destructive variants of safezero, essentially reverting
my commit 1390c268
    safezero: fall back to writing zeroes even when resizing
back to the state as of commit 18f0316
    virstoragefile: Have virStorageFileResize use safezero

This means that _ALLOCATE flag will no longer work on platforms
without the allocate syscalls, but it will not overwrite data
either.
2017-09-27 14:40:44 +02:00
ZhiPeng Lu
d957e23663 nwfilter: Fix memory leak in learnIPAddressThread
Don't leak @inetaddr within the done: processing when attempting
to instantiate the filter.

Signed-off-by: ZhiPeng Lu <lu.zhipeng@zte.com.cn>
2017-09-27 07:31:08 -04:00
ZhiPeng Lu
7e20862576 nwfilter: Fix memory leak in virNWFilterIPAddrMapAddIPAddr
If virNWFilterHashTablePut fails, then the @val was leaked.

Signed-off-by: ZhiPeng Lu <lu.zhipeng@zte.com.cn>
2017-09-27 07:23:44 -04:00
Ján Tomko
955caf171c qemu: fix hotplug of udp device with no connect host
Use an empty string to let qemu fill out the default.
This matches what's done in qemuBuildChrChardevStr.

https://bugzilla.redhat.com/show_bug.cgi?id=1454671

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-09-27 12:38:27 +02:00
Pavel Hrdina
80740d9c66 Revert "vhost-user: add support reconnect for vhost-user ports"
This reverts commit edaf4ebe95.

This uses "reconnect" as attribute for <source> element, but we already
have a <reconnect> element for <source> element for chardev devices.

Since this is the same feature for different device it should be
presented in XML the same way.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-09-27 12:20:24 +02:00
Peter Krempa
4b480d1076 qemu: process: Refresh data from qemu monitor after migration
Some values we read from the qemu monitor may be changed with the actual
state by the incoming migration. This means that we should refresh
certain things only after the migration has finished.

This is mostly visible in the cdrom tray state, which is by default
closed but may be opened by the guest OS. This would be refreshed before
qemu transferred the actual state and thus libvirt would think that the
tray is closed.

Note that this patch moves only a few obvious query commands. Others may
be moved later after individual assessment.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1463168
2017-09-27 09:09:14 +02:00
Peter Krempa
cf30a8cabd qemu: hotplug: Ignore cgroup errors when hot-unplugging vcpus
When the vcpu is successfully removed libvirt would remove the cgroup.
In cases when removal of the cgroup fails libvirt would report an error.

This does not make much sense, since the vcpu was removed and we can't
really do anything with the cgroup. This patch silences the errors from
cgroup removal.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1462092
2017-09-27 08:51:45 +02:00
Ján Tomko
01f86fb301 qemu: adjust indentation of qemuDomainObjPrivateXMLFormatAutomaticPlacement
Commit 6801da94 fixed the typo in the function name, but forgot
to adjust the indentation level of the next line.
2017-09-26 17:10:51 +02:00
Peter Krempa
6801da940e qemu: domain: Fix typo in qemuDomainObjPtrivateXMLFormatAutomaticPlacement 2017-09-26 16:38:04 +02:00
Ján Tomko
fcd5c61cd4 conf: fix formatting of udp chardev attributes
It is possible (although possibly not very useful) to leave out
the service attribute when using <source mode='bind'/>

Fix the formatter bug introduced by commit 4a0da34 and format
the host when its present (checked for non-NULL inside
virBufferEscapeString) instead of basing it on the presence
of the service attribute.

https://bugzilla.redhat.com/show_bug.cgi?id=1455825
2017-09-26 13:36:51 +02:00
Peter Krempa
93575f3451 qemu: block: Use correct alias when extracting disk node names
The alias recorded in disk->info.alias is the alias for the frontend
device but we are interested in the backend drive. This messed up the
disk node name extraction code as qemu reports the drive alias in the
block query commands. This was broken in the node name detector
refactoring done in commit 0175dc6ea0

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1494327
2017-09-25 14:38:15 +02:00
Peter Krempa
8b2fd3b148 qemu: block: Don't lookup node names if they are already known
Move the check that skips node name detection if they are already
present earlier so that the hash table lookup is skipped.
2017-09-25 14:38:15 +02:00
Daniel P. Berrange
32d6c7386d Print hex values with '0x' prefix and octal with '0' in debug messages
Seeing a log message saying 'flags=93' is ambiguous & confusing unless
you happen to know that libvirt always prints flags as hex.  Change our
debug messages so that they always add a '0x' prefix when printing flags,
and '0' prefix when printing mode. A few other misc places gain a '0x'
prefix in error messages too.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-09-25 13:34:53 +01:00
Peter Krempa
a5852db182 qemu: capabilities: Remove support for downstream-only QMP monitor backport
Some distros (see diff) chose to backport QMP support rather than rebase
to newer version of qemu. As a hack they added the string 'libvirt' to
the qemu -help output. Remove this as downstream-only hacks should be
carried by downstream and not litter upstream.

This effectively reverts commit ff88cd5905
2017-09-22 14:28:26 +02:00
Jiri Denemark
369199d1a9 qemu: Use qemuDomainDefFormatXML in qemuDomainDefCopy
Because qemuDomainDefCopy needs a string representation of a domain
definition, there's no reason for calling the lower level
qemuDomainDefFormatBuf API.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-22 14:02:59 +02:00
Jiri Denemark
5c4fc07d1a qemu: Fix error checking in qemuDomainDefFormatXMLInternal
virDomainDefFormatInternal (called by qemuDomainDefFormatXMLInternal)
already checks for buffer errors and properly resets the buffer on
failure.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-22 14:02:59 +02:00
Guido Günther
eba2225bc5 apparmor: delete profile on VM shutdown
instead of only unloading it. This makes sure old profiles don't pile up
in /etc/apparmor.d/libvirt and we get updates to modified templates on
VM restart.

Reviewed-by: Jim Fehlig <jfehlig@suse.com>
2017-09-22 12:32:49 +02:00
Laine Stump
17825e8ae7 util: Fix stack smashing in virNetDevGetFamilyId
After commit 8708ca01c0 libvirtd consistently aborts with "stack
 smashing detected" when nodedev driver is initialized.

This is caused by nlmsg_parse() being told that its array of nlattr*
has CTRL_CMD_MAX (10) entries, when in fact it is declared to have
CTRL_ATTR_MAX (8) entries. Since all the entries are initialized to
NULL, the result is that nlmsg_parse is overwriting 2*(sizof(nlattr*))
bytes outside the array.

Signed-off-by: Laine Stump <laine@laine.org>
Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-22 09:17:59 +02:00
John Ferlan
ffdce9b1f1 util: Fix secret generation in virStorageSourceParseRBDColonString
Commit id '5604c056' used the wrong API to generate the
<secret type='%s'..." field. The previous code used the
correct API as was done in commit id '6887af39'. The data
is actually a usage type not an auth type even though the
result is the same.
2017-09-21 15:46:48 -04:00
John Ferlan
2dd024754e util: Move virSecretUsageType to virsecret.h
Move the virSecretUsageType into the util.
2017-09-21 15:46:48 -04:00
Ashish Mittal
a74a16320b qemu: Avoid a possible NULL pointer deref in qemuDomainGetTLSObjects
Passing a NULL value for the argument secAlias to the function
qemuDomainGetTLSObjects would cause a segmentation fault in
libvirtd.

Changed code to check before dereferencing a NULL secAlias.

Signed-off-by: Ashish Mittal <ashmit602@gmail.com>
2017-09-21 15:42:47 -04:00
Michal Privoznik
92524d3e6e qemu: Introduce a wrapper over virFileWrapperFdClose
https://bugzilla.redhat.com/show_bug.cgi?id=1448268

When migrating to a file (e.g. when doing 'virsh save file'),
couple of things are happening in the thread that is executing
the API:

1) the domain obj is locked
2) iohelper is spawned as a separate process to handle all I/O
3) the thread waits for iohelper to finish
4) the domain obj is unlocked

Now, the problem is that while the thread waits in step 3 for
iohelper to finish this may take ages because iohelper calls
fdatasync(). And unfortunately, we are waiting the whole time
with the domain locked. So if another thread wants to jump in and
say copy the domain name ('virsh list' for instance), they are
stuck.

The solution is to unlock the domain whenever waiting for I/O and
lock it back again when it finished.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-09-21 17:21:39 +02:00
John Ferlan
ed2a741e48 qemu: Be more selective when determining cdrom for taint messaging
https://bugzilla.redhat.com/show_bug.cgi?id=1471225

Commit id '99a2d6af2' was a bit too aggressive with determining whether
the provided path was a "physical" cd-rom in order to generate a taint
message due to the possibility of some guest and host trying to control
the tray. For cd-rom guest devices backed to some VIR_STORAGE_TYPE_FILE
storage, this wouldn't be a problem and as such it shouldn't be a problem
for guest devices using some sort of block device on the host such as
iSCSI, LVM, or a Disk pool would present.

So before issuing a taint message, let's check if the provided path of
the VIR_STORAGE_TYPE_BLOCK backed device is a "known" physical cdrom name
by comparing the beginning of the path w/ "/dev/cdrom" and "/dev/sr".
Also since it's possible the provided path could resolve to some /dev/srN
device, let's get that path as well and perform the same check.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-09-21 10:22:34 -04:00
Michal Privoznik
57d8afcf75 qemuBuildHostNetStr: Don't leak @addr
The virSocketAddrFormat() allocates the string and it's caller
responsibility to free it afterwards.

==28857== 11 bytes in 1 blocks are definitely lost in loss record 37 of 168
==28857==    at 0x4C2BEDF: malloc (vg_replace_malloc.c:299)
==28857==    by 0x9A81D79: strdup (in /lib64/libc-2.23.so)
==28857==    by 0x5DA3BF0: virStrdup (virstring.c:902)
==28857==    by 0x5D96182: virSocketAddrFormatFull (virsocketaddr.c:427)
==28857==    by 0x5D95E13: virSocketAddrFormat (virsocketaddr.c:352)
==28857==    by 0x5706890: qemuBuildHostNetStr (qemu_command.c:3891)
==28857==    by 0x57138D3: qemuBuildInterfaceCommandLine (qemu_command.c:8597)
==28857==    by 0x5713D6A: qemuBuildNetCommandLine (qemu_command.c:8699)
==28857==    by 0x57176F6: qemuBuildCommandLine (qemu_command.c:10027)
==28857==    by 0x5769D61: qemuProcessCreatePretendCmd (qemu_process.c:6004)
==28857==    by 0x4056EC: testCompareXMLToArgv (qemuxml2argvtest.c:502)
==28857==    by 0x41DF40: virTestRun (testutils.c:180)

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-09-21 16:07:09 +02:00
Jiri Denemark
06f75ff2cb qemu: Don't update CPU when formatting live def
Since commit v2.2.0-199-g7ce711a30e libvirt stores an updated guest CPU
in domain's live definition and there's no need to update it every time
we want to format the definition. The commit itself tried to address
this in qemuDomainFormatXML, but forgot to fix qemuDomainDefFormatLive.
Not to mention that masking a previously set flag is only acceptable if
the flag was set by a public API user. Internally, libvirt should have
never set the flag in the first place.

https://bugzilla.redhat.com/show_bug.cgi?id=1485022

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-21 15:27:39 +02:00
Jiri Denemark
7e874326a3 qemu: Use correct host model for updating guest cpu
When a user requested a domain XML description with
VIR_DOMAIN_XML_UPDATE_CPU flag, libvirt would use the host CPU
definition from host capabilities rather than the one which will
actually be used once the domain is started.

https://bugzilla.redhat.com/show_bug.cgi?id=1481309

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-21 15:27:39 +02:00
Jiri Denemark
43a90eb7e8 conf: Drop unused VIR_DOMAIN_DEF_FORMAT_UPDATE_CPU
The only real usage of this flag was removed by "cpu_conf: Drop
updateCPU from virCPUDefFormat".

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-21 15:27:25 +02:00
Jiri Denemark
659a92f2e3 cpu_conf: Simplify formatting of guest CPU attributes
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-21 15:23:39 +02:00
Jiri Denemark
4fd179f518 cpu_conf: Drop updateCPU from virCPUDefFormat
In the past we updated host-model CPUs with host CPU data by adding a
model and features, but keeping the host-model mode. And since the CPU
model is not normally formatted for host-model CPU defs, we had to pass
the updateCPU flag to the formatting code to be able to properly output
updated host-model CPUs. Libvirt doesn't do this anymore, host-model
CPUs are turned into custom mode CPUs once updated with host CPU data
and thus there's no reason for keeping the hacks inside CPU XML
formatters.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-21 15:23:39 +02:00
Pino Toscano
cf4acafe8b qemu: reject parallel ports for pseries machines
They are simply not supported on that machine type.

Partially-resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1487499

Signed-off-by: Pino Toscano <ptoscano@redhat.com>
2017-09-21 13:05:14 +02:00
Pino Toscano
02b1908de6 qemu: reject parallel ports for s390 archs
They are simply not supported on those architectures.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1487499

Signed-off-by: Pino Toscano <ptoscano@redhat.com>
2017-09-21 13:05:14 +02:00
Pino Toscano
2c79a2b26c qemu: pass the virDomainDef to qemuDomainChrDefValidate
This will be used to improve the validation for this type of devices.

The former @def parameter is renamed to @dev, leaving @def for the
virDomainDef (following the style used elsewhere).

Signed-off-by: Pino Toscano <ptoscano@redhat.com>
2017-09-21 13:05:14 +02:00
Daniel P. Berrange
633b699bfd iohelper: avoid calling read() with misaligned buffers for O_DIRECT
The iohelper currently calls saferead() to get data from the
underlying file. This has a problem with O_DIRECT when hitting
end-of-file. saferead() is asked to read 1MB, but the first
read() it does may return only a few KB, so it'll try another
read() to fill the remaining buffer. Unfortunately the buffer
pointer passed into this 2nd read() is likely not aligned
to the extent that O_DIRECT requires, so rather than seeing
'0' for end-of-file, we'll get -1 + EINVAL due to misaligned
buffer.

The way the iohelper is currently written, it already handles
getting short reads, so there is actually no need to use
saferead() at all. We can simply call read() directly. The
benefit of this is that we can now write() the data immediately
so when we go into the subsequent reads() we'll always have a
correctly aligned buffer.

Technically the file position ought to be aligned for O_DIRECT
too, but this does not appear to matter when at end-of-file.

Tested-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-09-21 08:52:13 +01:00
ZhiPeng Lu
edaf4ebe95 vhost-user: add support reconnect for vhost-user ports
For vhost-user ports, Open vSwitch acts as the server and QEMU the client.
When OVS crashed or restart, QEMU shoule be reconnect to OVS.

Signed-off-by: ZhiPeng Lu <lu.zhipeng@zte.com.cn>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-09-20 15:12:40 +02:00
Julio Faracco
b06521928c storage: Add new events for *PoolBuild() and *PoolDelete().
This commit adds new events for two methods and operations: *PoolBuild() and
*PoolDelete(). Using the event-test and the commands set below we have the
following outputs:

$ sudo ./event-test
Registering event callbacks
myStoragePoolEventCallback EVENT: Storage pool test Defined 0
myStoragePoolEventCallback EVENT: Storage pool test Created 0
myStoragePoolEventCallback EVENT: Storage pool test Started 0
myStoragePoolEventCallback EVENT: Storage pool test Stopped 0
myStoragePoolEventCallback EVENT: Storage pool test Deleted 0
myStoragePoolEventCallback EVENT: Storage pool test Undefined 0

Another terminal:
$ sudo virsh pool-define test.xml
Pool test defined from test.xml

$ sudo virsh pool-build test
Pool test built

$ sudo virsh pool-start test
Pool test started

$ sudo virsh pool-destroy test
Pool test destroyed

$ sudo virsh pool-delete test
Pool test deleted

$ sudo virsh pool-undefine test
Pool test has been undefined

This commits can be a solution for RHBZ #1475227.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1475227

Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-09-20 11:52:56 +02:00
ZhiPeng Lu
0dde16be73 qemu: handle reconnect on chardev hotplug
The patch passes the reconnect timeout to QEMU by monitor on
chardev hotplug.

Signed-off-by: ZhiPeng Lu <lu.zhipeng@zte.com.cn>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-09-20 11:09:00 +02:00
Daniel P. Berrange
c120ce1609 Link libvirt_util.la with gnutls
The util/vircrypto.c file uses gnutls, so we must directly link
libvirt_util.la with gnutls to avoid errors on OS which do not
resolve symbols against indirectly linked libraries.

This fixes a build failure on Ubuntu Trusty

  CCLD     storagevolxml2argvtest
/usr/bin/ld: ../src/.libs/libvirt_util.a(libvirt_util_la-vircrypto.o): undefined reference to symbol 'gnutls_strerror@@GNUTLS_1_4'

//usr/lib/x86_64-linux-gnu/libgnutls.so.26: error adding symbols: DSO missing from command line

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-09-20 09:40:53 +01:00
Ashish Mittal
dbd98380b9 qemu: Add qemu command line generation for a VxHS block device
The VxHS block device will only use the newer formatting options and
avoid the legacy URI syntax.

An excerpt for a sample QEMU command line is:

  -drive file.driver=vxhs,file.vdisk-id=eb90327c-8302-4725-9e1b-4e85ed4dc251,\
   file.server.type=tcp,file.server.host=192.168.0.1,\
   file.server.port=9999,format=raw,if=none,id=drive-virtio-disk0,cache=none \
  -device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\
   id=virtio-disk0

Update qemuxml2argvtest with a simple test.

Signed-off-by: Ashish Mittal <Ashish.Mittal@veritas.com>
Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-09-19 21:10:21 -04:00
Ashish Mittal
8b5e76e913 qemu: Refactor qemuBlockStorageSourceBuildHostsJSONSocketAddress
Extract out the "guts" of building a server entry into it's own
separately callable/usable function in order to allow building
a server entry for a consumer with src->nhosts == 1.
2017-09-19 21:10:21 -04:00
Ashish Mittal
2a48252bb5 util: storage: Add JSON backing volume parse for VxHS
Add the backing parse and a test case to verify parsing of VxHS
backing storage.

Signed-off-by: Ashish Mittal <Ashish.Mittal@veritas.com>
Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-09-19 21:10:21 -04:00
Ashish Mittal
029c36c981 storage: Introduce VIR_STORAGE_NET_PROTOCOL_VXHS
Add a new virStorageNetProtocol for Veritas HyperScale (VxHS) disks

Signed-off-by: Ashish Mittal <Ashish.Mittal@veritas.com>
Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-09-19 21:10:21 -04:00
John Ferlan
fa6159dd15 qemu: Detect support for vxhs
Using the query-qmp-schema introspection - look for the 'vxhs'
blockdevOptions type.

NB: This is a "best effort" type situation as there is not a
    mechanism to determine whether the running QEMU has been
    built with '--enable-vxhs'. All we can do is check if the
    option to use vxhs for a blockdev-add exists in the command
    infrastructure which does not take that into account when
    building its table of commands and options.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-09-19 21:10:21 -04:00
Laine Stump
747116e0b9 util: virPCIGetNetName(): use first netdev name when phys_port_id isn't matched
The mlx4 (Mellanox) netdev driver implements the sysfs phys_port_id
file for both VFs and PFs, so you can find the VF netdev plugged into
the same physical port as any given PF netdev by comparing the
contents of phys_port_id of the respective netdevs. That's what
libvirt does when attempting to find the PF netdev for a given VF
netdev (or vice versa).

Most other netdev's drivers don't implement phys_port_id, so the file
is visible in sysfs directory listing, but attempts to read it result
in ENOTSUPP. In these cases, libvirt is unable to read phys_port_id of
either the PF or the VF, so it just returns the first entry in the
PF/VF's list of netdevs.

But we've found that the i40e driver is in between those two
situations - it implements phys_port_id for PF netdevs, but doesn't
implement it for VF netdevs. So libvirt would successfully read the
phys_port_id of the PF netdev, then try to find a VF netdev with
matching phys_port_id, but would fail because phys_port_id is NULL for
all VFs. This would result in a message like the following:

   Could not find network device with phys_port_id '3cfdfe9edc39'
   under PCI device at /sys/class/net/ens4f1/device/virtfn0

To solve this problem in a way that won't break functionality for
anyone else, this patch saves the first netdev name we find for the
device, and returns that if we fail to find a netdev with the desired
phys_port_id.
2017-09-19 20:41:21 -04:00
Peter Krempa
8de85386db qemu: blockPeek: Enforce buffer filling
Documentation states:

"'offset' and 'size' represent an area which must lie entirely within
the device or file." Enforce the that the buffer lies within fully.
2017-09-19 17:26:48 +02:00
Peter Krempa
f767d53dbe qemu: blockPeek: Fix filling of the return buffer
Commit 3956af495e broke the blockPeek API since virStorageFileRead
allocates a return buffer and fills it with the data, while the API
fills a user-provided buffer. This did not get caught by the compiler
since the API prototype uses a 'void *'.

Fix it by transferring the data from the allocated buffer to the user
provided buffer.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1491217
2017-09-19 17:26:48 +02:00
Andrea Bolognani
f34fdd5ab6 python: Don't hardcode interpreter path
This is particularly useful on operating systems that don't ship
Python as part of the base system (eg. FreeBSD) while still working
just as well as it did before on Linux.

While at it, make it explicit that our scripts are only going to
work with Python 2, and remove the usage of unbuffered I/O, which
as far as I can tell has no effect on the output files.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2017-09-19 16:04:53 +02:00
Andrea Bolognani
90b17aef1a perl: Don't hardcode interpreter path
This is particularly useful on operating systems that don't ship
Perl as part of the base system (eg. FreeBSD) while still working
just as well as it did before on Linux.

In one case (src/rpc/genprotocol.pl) the interpreter path was
missing altogether.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2017-09-19 16:04:53 +02:00
Michal Privoznik
8406769642 qemu: Mark graphics ports used on reconnect
I don't want to mask the real problem, but one can advocate
that we should be marking graphics ports as already in use on
qemuProcessReconnect anyway, because we already know that they
are taken.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-09-19 15:40:54 +02:00
Ján Tomko
cdd6eb99c2 configure: fix check for DEVLINK_CMD_ESWITCH_GET
Instead of checking for all possible constants that every
kernel header with devlink support should have (and defining
HAVE_DECL_DEVLINK as 1 if any of them is present due to the
way AC_CHECK_DECLS works), only check for DEVLINK_CMD_ESWITCH_GET.

This is the name of the constant since kernel 4.11. Between 4.8
and 4.11, the now deprecated spelling DEVLINK_CMD_ESWITCH_MODE_GET
was used.

Assume DEVLINK_ESWITCH_MODE_SWITCHDEV is available, since it was
introduced along with the deprecated spelling.
2017-09-19 15:25:10 +02:00
John Ferlan
d085197ce2 storage: Use virStoragePoolObjDefUseNewDef
Use the new accessor API for storage_driver.
2017-09-19 08:31:56 -04:00
John Ferlan
67129bb435 storage: Use virStoragePoolObj{Get|Incr|Decr}Asyncjobs
Use the new accessor APIs for storage_driver.
2017-09-19 08:31:05 -04:00
John Ferlan
ccc8c311b2 storage: Internally represent @autostart as bool
Since it's been used that way anyway, let's just convert it to a bool
and only make the external representation be an int.
2017-09-19 08:30:37 -04:00
John Ferlan
bb15e65af2 storage: Use virStoragePoolObj{Is|Set}Autostart
Use the new accessor APIs for storage_driver and test_driver.
2017-09-19 08:30:19 -04:00
John Ferlan
0147f72741 storage: Use virStoragePoolObj{Is|Set}Active
Use the new accessor APIs for storage_driver, test_driver, and
gluster backend.
2017-09-19 08:30:19 -04:00
John Ferlan
1bd4349671 storage: Use virStoragePoolObjGetAutostartLink
Use the new accessor API for storage_driver.
2017-09-19 08:28:50 -04:00
John Ferlan
8603d848a3 storage: Use virStoragePoolObj{Get|Set}ConfigFile
Use the new accessor APIs for storage_driver and test_driver.
2017-09-19 08:28:50 -04:00
John Ferlan
5bf9b65501 storage: Introduce APIs to search/scan storage pool volumes list
Introduce virStoragePoolObjForEachVolume to scan each volume
calling the passed callback function until all volumes have been
processed in the storage pool volume list, unless the callback
function returns an error.

Introduce virStoragePoolObjSearchVolume to search each volume
calling the passed callback function until it returns true
indicating that the desired volume was found.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-09-19 08:28:50 -04:00
John Ferlan
40630a8e45 storage: Introduce storage volume add, delete, count APIs
Create/use virStoragePoolObjAddVol in order to add volumes onto list.

Create/use virStoragePoolObjRemoveVol in order to remove volumes from list.

Create/use virStoragePoolObjGetVolumesCount to get count of volumes on list.

For the storage driver, the logic alters when the volumes.obj list grows
to after we've fetched the volobj. This is an optimization of sorts, but
also doesn't "needlessly" grow the volumes.objs list and then just decr
the count if the virGetStorageVol fails.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-09-19 08:28:50 -04:00
John Ferlan
acd9a38069 storage: Fill in storage pool @active properly
It's a bool not an int, so use true/false and not 1/0
2017-09-19 08:28:50 -04:00
John Ferlan
407e6a3678 storage: Introduce virStoragePoolObjNew
Create/use a helper to perform object allocation.

Adjust storagevolxml2argvtest.c in order to use the allocator and
setting of the obj->def.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-09-19 08:28:38 -04:00
John Ferlan
b31982868a storage: Create accessor API's for virStoragePoolObj
In preparation for making a private object, create accessor API's for
consumer storage functions to use:

    virStoragePoolObjGetDef
    virStoragePoolObjSetDef
    virStoragePoolObjGetNewDef
    virStoragePoolObjDefUseNewDef
    virStoragePoolObjGetConfigFile
    virStoragePoolObjSetConfigFile
    virStoragePoolObjGetAutostartLink
    virStoragePoolObjIsActive
    virStoragePoolObjSetActive
    virStoragePoolObjIsAutostart
    virStoragePoolObjSetAutostart
    virStoragePoolObjGetAsyncjobs
    virStoragePoolObjIncrAsyncjobs
    virStoragePoolObjDecrAsyncjobs

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-09-19 07:58:15 -04:00
Nikolay Shirokovskiy
776b9ac594 iohelper: reduce zero-out in align case
We only need to zero-out bytes that will be written.
May be we even don't need to zero-out at all because
of immediate truncate.
2017-09-19 11:37:24 +02:00
Nikolay Shirokovskiy
f830e371ef iohelper: simplify last direct write alignment
Make alignment of last direct write more straightforward. Using
additionally two flags 'end' and 'shortRead' looks complicated.
2017-09-19 11:37:20 +02:00
Nikolay Shirokovskiy
3b8a0f6ac2 iohelper: drop unused operation length limit 2017-09-19 11:37:15 +02:00
Guido Günther
3faf3ca60a apparmor: cater for new AAVMF image location
Things moved again, sigh.

Reviewed-By: Jamie Strandboge <jamie@canonical.com>
Michal Privoznik <mprivozn@redhat.com>
2017-09-18 19:06:53 +02:00
Jiri Denemark
848b72421f cpu: Add new Skylake-Server CPU model
Available since QEMU 2.10.0 (specifically commit
v2.9.0-2233-g53f9a6f45f).

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2017-09-18 15:10:46 +02:00
Jiri Denemark
78d177df67 cpu: Add clwb/pcommit CPU features
The features were added to QEMU by commit v2.4.0-1690-gf7fda28094 as
Skylake Server features.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2017-09-18 15:10:46 +02:00
Edan David
8708ca01c0 nodedev: add switchdev to NIC capabilities
Adding functionality to libvirt that will allow querying the interface
for the availability of switchdev Offloading NIC capabilities.

The switchdev mode was introduced in kernel 4.8, the iproute2-devlink
command to retrieve the switchdev NIC feature with command example:

    devlink dev eswitch show pci/0000:03:00.0

This feature is needed for Openstack so we can do a scheduling decision
if the NIC is in Hardware Offload (switchdev) or regular SR-IOV (legacy) mode.
And select the appropriate hypervisors with the requested capability see [1].

[1] - https://specs.openstack.org/openstack/nova-specs/specs/pike/approved/enable-sriov-nic-features.html

Reviewed-by: Laine Stump <laine@laine.org>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-09-18 08:32:24 -04:00
Michal Privoznik
8703813aae qemu: Implement usernet address
https://bugzilla.redhat.com/show_bug.cgi?id=1075520

Apart from generic checks, we need to constrain netmask/prefix
length a bit. Thing is, with current implementation QEMU needs to
be able to 'assign' some IP addresses to the virtual network. For
instance, the default gateway is at x.x.x.2, dns is at x.x.x.3,
the default DHCP range is x.x.x.15-x.x.x.30. Since we don't
expose these settings yet, it's safer to require shorter prefix
to have room for the defaults.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: laine@laine.org
2017-09-18 13:54:27 +02:00
Michal Privoznik
d1dbb30782 conf: Allow usernet to have an address
https://bugzilla.redhat.com/show_bug.cgi?id=1075520

Currently, all that users can specify for an interface type of
'user' is the common attributes: PCI address, NIC model (and
that's basically it). However, some need to configure other
address range than the default one.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: laine@laine.org
2017-09-18 13:54:27 +02:00
Jiri Denemark
ea9741f600 cpu_x86: Implement virCPUValidateFeatures
The function checks whether all CPU features used in a CPU definition
are specified in cpu_map.xml.

https://bugzilla.redhat.com/show_bug.cgi?id=1460086

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-18 10:40:12 +02:00
Jiri Denemark
20edbad776 cpu_s390: Implement virCPUValidateFeatures
Only feature policy is checked on s390, which was previously done in
virCPUUpdate, but that's not the correct place for the check once we
have virCPUValidateFeatures.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-18 10:40:12 +02:00
Jiri Denemark
3f0193f7e5 qemu: Validate guest CPU features before starting a domain
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-18 10:40:12 +02:00
Jiri Denemark
6ef9c202f2 cpu: Introduce virCPUValidateFeatures
This new API may be used to check whether all features used in a CPU
definition are valid (e.g., libvirt knows their name, their policy is
supported, etc.). Leaving this API unimplemented in an arch subdriver
means libvirt does not restrict CPU features usable on the associated
architectures.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-18 10:40:12 +02:00
Jiri Denemark
2ba32a86dd qemu: Filter CPU features returned by qemuConnectBaselineCPU
The host CPU definitions reported in the capabilities XML may contain
CPU features unknown to QEMU, but the result of virConnectBaselineCPU is
supposed to be directly usable as a guest CPU definition and thus it
should only contain features QEMU knows about.

https://bugzilla.redhat.com/show_bug.cgi?id=1450317

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-18 10:40:12 +02:00
Jiri Denemark
399f91694f qemu: Publish virQEMUCapsCPUFilterFeatures
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-18 10:40:12 +02:00
Jiri Denemark
b0b5c9c620 qemu: Pass virArch * to virQEMUCapsCPUFilterFeatures
The filter only needs to know the CPU architecture. Passing
virQEMUCapsPtr as opaque is a bit overkill.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-18 10:40:12 +02:00
Jiri Denemark
abec725ab1 cpu: Drop cpuBaselineXML
The implementation of virConnectBaselineCPU may be different for each
hypervisor. Thus it shouldn't really be implmented in the cpu code.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-18 10:40:12 +02:00
Jiri Denemark
7816de498b cpu: Don't log CPU models in cpuBaselineXML
They are logged in cpuBaseline anyway.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-18 10:40:12 +02:00
Jiri Denemark
50234e4eaf cpu: Use virCPUDefListParse in cpuBaselineXML
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-18 10:40:12 +02:00
Jiri Denemark
57f3999d72 cpu_conf: Introduce virCPUDefList{Parse,Free}
For parsing a list of CPU XMLs into a NULL-terminated list of CPU defs.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-18 10:40:12 +02:00
John Ferlan
1f8528c2b8 qemu: Fix return check on virHashAddEntry call
Luckily it only returns 0 or -1
2017-09-15 08:34:57 -04:00
John Ferlan
304e0f6d16 conf: Use virXMLFormatElement to format disk source network
Commit id 'e02ff020cac' neglected to use the attrBuf and childBuf
in the virDomainDiskSourceFormatNetwork call.

So make the necessary alterations to allow usage.
2017-09-15 08:17:32 -04:00
John Ferlan
fae7a7354c conf: Move <disk> encryption validation
Rather than checking during XML processing, move the check for
valid <encryption> into virDomainDiskDefParseValidate and alter
the text of the message slightly to be a bit more correct.
2017-09-15 08:12:26 -04:00
John Ferlan
c09c93cf57 conf: Move <disk> authdef validation
Rather than checking during XML processing, move the checks for correct
and valid auth into virDomainDiskDefParseValidate. This will introduce
virDomainDiskSourceDefParseAuthValidate to validate that the authdef
stored for the virStorageSource is valid. This can then be expanded
to service backingStore sources as well.

Alter the message text slightly as well to distinguish between an
unknown name and an incorrectly used name.  Since type is not a
mandatory field, add the NULLSTR() around the output of the unknown
error. NB, a config using unknown formatting would fail virschematest
since it only accepts 'iscsi' and 'ceph' as "valid" types.
2017-09-15 07:52:04 -04:00
Peter Krempa
a823d0a62e qemu: Restore errors when rolling back disk image state
Some operations done to rollback disk image labelling and locking might
overwrite (or clear) the actual error. Remember the original error when
tearing down disk access so that it's not obscured.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1461301
2017-09-15 05:28:21 +02:00
Peter Krempa
6f18150f7b qemu: hotplug: Use new helpers for storing libvirt errors
The helpers allow to simplify restoring original errors in most cases.
2017-09-15 05:28:21 +02:00
Peter Krempa
8333e7455e util: error: Add helpers for saving and restoring of last error
Some cleanup paths overwrite a usefull error message with a less useful
one and we then try to preserve the original message. The handlers added
in this patch will simplify the operations since they are designed right
for the purpose.
2017-09-15 05:28:21 +02:00
Peter Krempa
1666d10793 qemu: caps: Deprecate QEMU_CAPS_BLOCKJOB_SYNC
Interestingly, none of the qemus we have caps for supported it ...

Reviewed-by: Eric Blake <eblake@redhat.com>
2017-09-14 10:03:47 +02:00
Peter Krempa
771a38609d qemu: monitor: Remove support for "legacy" block jobs
Drop all the monitor code necessary to do the downstream block jobs.

Reviewed-by: Eric Blake <eblake@redhat.com>
2017-09-14 10:03:38 +02:00
Peter Krempa
2350d10149 qemu: Remove support for legacy block jobs
Block job QMP commands with underscores rather than dashes were never
released in upstream qemu, (they were added, but modified in the same
release [1]), but a certain distro managed to backport the version in the
middle.

The change also slightly modified semantics for the abort command, which
made us have a lot of code which was only ever present in certain
downstream distros.

Clean the upstream code from the legacy cruft and support only the
upstream implementations.

[1] See qemu commit v1.0-2176-gdb58f9c060

Reviewed-by: Eric Blake <eblake@redhat.com>
2017-09-14 10:03:25 +02:00
John Ferlan
23706c1708 qemu: Clean up qemuDomainSecretPrepare
No need to pass a @driver parameter since all that's done is deref
the @cfg especially since the only caller can just pass an already
referenced @cfg.

Also, looks like commit id '0298531b' at one time had a different
name for the API, so I took the liberty of fixing the comments too
since I would already be updating them for the @cfg variable.
2017-09-13 06:22:52 -04:00
Cole Robinson
98931187ee security: dac: relabel spice rendernode
For a logged in user this a path like /dev/dri/renderD128 will have
default ownership root:video which won't work for the qemu:qemu user,
so we need to chown it.

We only do this when mount namespaces are enabled in the qemu driver,
so the chown'ing doesn't interfere with other users of the shared
render node path

https://bugzilla.redhat.com/show_bug.cgi?id=1460804
2017-09-12 12:27:42 -04:00
Cole Robinson
321031e482 security: add MANAGER_MOUNT_NAMESPACE flag
The VIR_SECURITY_MANAGER_MOUNT_NAMESPACE flag informs the DAC driver
if mount namespaces are in use for the VM. Will be used for future
changes.

Wire it up in the qemu driver
2017-09-12 12:27:42 -04:00
John Ferlan
239781e03a storage: Adjust expected format for Disk startup processing
https://bugzilla.redhat.com/show_bug.cgi?id=1464313

If a Disk pool was defined/created using XML that either didn't
specify a specific format or specified format type='unknown', then
restarting a pool after an initial disk backend build with overwrite
would fail after a libvirtd restart for a non-autostarted pool.

This is because the persistent pool data is not updated during pool
build w/ overwrite processing to have the VIR_STORAGE_POOL_DISK_DOS
default format.

So in addition to the alteration done during disk build processing,
alter the default expectation for disk startup to be DOS if nothing
has been defined yet. That will either succeed if the pool had been
successfully built previously using the default DOS format or fail
with a message indicating the format is something else that does not
match the expect format 'dos'.
2017-09-12 10:52:06 -04:00
John Ferlan
f64f03b5b1 qemu: Provide default LUN=0 for iSCSI if not provided
https://bugzilla.redhat.com/show_bug.cgi?id=1477880

If the "/#" is missing from the provided iSCSI path, then we need
to provide the default LUN of /0; otherwise, QEMU will fail to parse
the URL causing a failure to either create the guest or hotplug
attach the storage.

During post parse, for any iSCSI disk or hostdev, scan the source
path looking for the presence of '/', if found, then we can assume
the LUN is provided.  If not found, alter the input XML to add the
"/0".  This will cause the generated XML to have the generated
value when the domain config is saved after post parse.
2017-09-12 10:33:25 -04:00
Peter Krempa
4fc3051258 qemu: blockcopy: Probe image format only with VIR_DOMAIN_BLOCK_COPY_REUSE_EXT
Commit 703abf1d7 changed the logic so that we don't attempt to re-create
the image if it's a block device. This was done by modifying the
'reuse' variable. Unfortunately after modifying it one of the uses was
to infer whether we should probe the disk format. After changes in the
commit mentioned above we would attempt the probe if the target of the
copy is a block device and the format was not provided explicitly rather
than using the format of the disk.

Fix it by explicitly checking whether the user requested a reuse of the
disk rather than the modified boolean flag.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1490826
2017-09-12 16:03:56 +02:00
Michal Privoznik
607a00d170 qemu: cold-unplug of watchdog
https://bugzilla.redhat.com/show_bug.cgi?id=1447169

Again, no special here.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-09-12 15:59:38 +02:00
Michal Privoznik
50c1dbafae qemu: cold-plug of watchdog
https://bugzilla.redhat.com/show_bug.cgi?id=1447169

With this patch users can cold plug a watchdog. Things are pretty
simple because a domain can have at most one watchdog device.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-09-12 15:59:32 +02:00
Michal Privoznik
891b3c119e qemuBuildHostNetStr: Don't leak buffer
If there was an error when constructing the buffer, NULL is
returned. The buffer is never freed though.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-09-12 13:41:31 +02:00
Guido Günther
cdecfbed02 virnetserver: fix mesage vs message typo 2017-09-11 18:17:22 +02:00
Guido Günther
175710b6f2 qemu_driver: fix existance vs existence typo 2017-09-11 18:17:22 +02:00
Guido Günther
9c0d66bb07 storagefile: fix defintion vs definition typo 2017-09-11 18:17:22 +02:00
Jiri Denemark
c5d1dcbcd9 qemu: Don't report failure to destroy a destroyed domain
When destroying a domain libvirt marks it internally with a
beingDestroyed flag to make sure the qemuDomainDestroyFlags API itself
cleans up after the domain rather than letting an uninformed EOF handler
do it. However, when the domain is being started at the moment libvirt
was asked to destroy it, only the starting thread can properly clean up
after the domain and thus it ignores the beingDestroyed flag. Once
qemuDomainDestroyFlags finally gets a job, the domain may not be running
anymore, which should not be reported as an error if the domain has been
starting up.

https://bugzilla.redhat.com/show_bug.cgi?id=1445600

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2017-09-11 16:32:15 +02:00
Ján Tomko
90cd99a42e conf: validate IOMMU interrupt remapping setting
This option requires:
  <ioapic driver='qemu'/>

Report an error in case someone tries to combine
it with different ioapic setting.

Setting 'eim' on without enabling 'intremap' does not make sense.

https://bugzilla.redhat.com/show_bug.cgi?id=1457610
2017-09-11 14:56:07 +02:00
Ján Tomko
73c336eb46 conf: use virXMLFormatElement for <iommu>
Simplify the formatting function even further.
2017-09-11 09:45:34 +02:00
Ján Tomko
e844b6e12c conf: use virXMLFormatElement for <iommu><driver>
Use the new helper to simplify the code.
This also fixes the bug of not formatting 'eim' in the useless
case if it's the only enabled attribute.
2017-09-11 09:45:34 +02:00
Andrea Bolognani
1a81722921 qemu: Clean up qemuBuildControllerDevCommandLine()
Add a 'cleanup' label and improve the readability of one of the
checks by making it conform to our formatting standard and moving
the corresponding comment.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Laine Stump <laine@laine.org>
2017-09-07 14:13:40 +02:00
Stefan Berger
dfbb15b754 tpm: Use /dev/null for cancel path if none was found
TPM 2 does not implement sysfs files for cancellation of commands.
We therefore use /dev/null for the cancel path passed to QEMU.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Tested-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-07 14:00:46 +02:00
Brijesh Singh
a0b628432a cpu: Add new EPYC CPU model
Add a new CPU model called 'EPYC' to model processors from AMD EPYC
family (which includes EPYC 76xx,75xx,74xx, 73xx and 72xx).

The following features bits have been added/removed compare to Opteron_G5

Added: monitor, movbe, rdrand, mmxext, ffxsr, rdtscp, cr8legacy, osvw,
       fsgsbase, bmi1, avx2, smep, bmi2, rdseed, adx, smap, clfshopt, sha
       xsaveopt, xsavec, xgetbv1, arat

Removed: xop, fma4, tbm

The patch is depend on EPYC CPU model supported introduced in qemu [1]

[1] https://patchwork.kernel.org/patch/9902205/

Cc: Tom Lendacky <Thomas.Lendacky@amd.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2017-09-07 13:53:32 +02:00
Nikolay Shirokovskiy
3f2d6d829e qemu: migration: don't expose incomplete job as complete
In case of real migration (not migrating to file on save, dump etc)
migration info is not complete at time qemu finishes migration
in normal (non postcopy) mode. We need to update disks stats,
downtime info etc. Thus let's not expose this job status as
completed.

To archive this let's set status to 'qemu completed' after
qemu reports migration is finished. It is not visible as complete
job to clients. Cookie code on confirm phase will finally turn
job into completed. As we don't need more things to do when
migrating to file status is set to 'completed' as before
in this case.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-07 12:52:36 +02:00
Nikolay Shirokovskiy
8c46658337 qemu: migrate: add mirror stats to migration stats
When getting job info in case mirror does not reach ready phase
fetch mirror stats from qemu. Otherwise mirror stats are already
saved in current job.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-07 11:18:10 +02:00
Nikolay Shirokovskiy
defc87901e qemu: always get job condition on getting job stats
Looks like it is more simple to drop this optimization as we are
going to add getting disks stats during migration via quering qemu
process and checking if we have to acquire job condition becomes
more complicate.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-07 11:17:28 +02:00
Nikolay Shirokovskiy
5a274d4fdc qemu: introduce migrating job status
Instead of checking stat.status let's set status to migrating
as soon as migrate command is send (waiting for completion
is a good place too).

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-07 11:15:43 +02:00
Nikolay Shirokovskiy
b6868c3cdd qemu: start all async job with job status active
Setting status to none has little value - getting job status
will not return even elapsed time.

After this patch getting job stats stays correct in a sence
it will not fetch migration stats because it consults
stats.status before doing the fetch.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-07 11:15:01 +02:00
Nikolay Shirokovskiy
78107f8537 qemu: fail querying destination migration statistics always
Querying destination migration statistics may result in getting
a failure or getting a elapsed time value depending on stats.status
value which is odd. Instead let's always fail. Clients should
be ready to handle this as currently getting failure period
can be considerable.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-07 11:13:04 +02:00
Nikolay Shirokovskiy
c9cd4b4add qemu: simplify getting completed job stats
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-07 11:09:41 +02:00
Nikolay Shirokovskiy
6a2a80c653 qemu: refactor fetching migration stats
qemuMigrationFetchJobStatus is rather inconvinient. Some of its
callers don't need status to be updated, some don't need to update
elapsed time right away. So let's update status or elapsed time
in callers instead.

This patch drops updating job status on getting job stats by
client. This way we will not provide status 'completed' while
it is not yet updated by migration routine.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-07 10:38:10 +02:00
Nikolay Shirokovskiy
e796747092 qemu: drop excessive zero-out in qemuMigrationFetchJobStatus
qemuMonitorGetMigrationStats will do it for us anyway.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-07 09:41:45 +02:00
Nikolay Shirokovskiy
e87d4b9e2f qemu: drop QEMU_MIGRATION_COMPLETED_UPDATE_STATS
This way we get stats only in one place. The former code waits for
complete/postcopy status basically and don't need to mess with stats.

The patch drops raising an error on stats updates failure. This
does not make much sense anyway.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-07 09:41:45 +02:00
Nikolay Shirokovskiy
09f57f9aac qemu: introduce QEMU_DOMAIN_JOB_STATUS_POSTCOPY
Let's introduce QEMU_DOMAIN_JOB_STATUS_POSTCOPY state for job.current->status
instead of checking job.current->stats.status. The latter can be changed
when fetching migration statistics. Moving state function from the variable
and leave only store function seems more managable.

This patch removes all state checking usage of stats except for
qemuDomainGetJobStatsInternal. This place will be handled separately.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-07 09:41:45 +02:00
Nikolay Shirokovskiy
751a1c7f0a qemu: introduce qemu domain job status
This patch simply switches code from using VIR_DOMAIN_JOB_* to
introduced QEMU_DOMAIN_JOB_STATUS_*. Later this gives us freedom
to introduce states for postcopy and mirroring phases.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-07 09:41:45 +02:00
Nikolay Shirokovskiy
16bf7619b8 qemu: drop code for VIR_DOMAIN_JOB_BOUNDED and timeRemaining
qemu driver does not have VIR_DOMAIN_JOB_BOUNDED jobs and
timeRemaining is always 0.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-07 09:41:45 +02:00
Michal Privoznik
c57f3fd2f8 conf: Validate device on update-device
https://bugzilla.redhat.com/show_bug.cgi?id=1439991

Whenever a device is being updated via
virDomainUpdateDeviceFlags() API, we parse the device XML and
ideally run some generic checks to validate the configuration
(e.g. if device defines per-device boot order but the domain has
os/boot element already). Well, that's the theory - due to a
missing check we've jumped early from that check function.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2017-09-06 11:19:30 +02:00
John Ferlan
d143837bd1 qemu: Remove unused params from qemuDomainDeviceDefValidate
Neither @cfg nor (now) @driver is used in the API, so remove them
and mark @opaque as UNUSED.

NB: Commit id 'fa3c558596' dropped the unused @qemuCaps which was the
last consumer of @driver other than @cfg, but even @cfg was never used
even in the original implementation from commit id 'd987f63a'.
2017-09-05 10:56:58 -04:00
Cole Robinson
dda0da14cd qemu: Default to video type=virtio for machvirt
arm/aarch64 -M virt on KVM doesn't and will never work with standard
VGA card emulation. The recommended method is to use type=virtio, so
let's make it the default for video devices without an explicit type
set by the user.

https://bugzilla.redhat.com/show_bug.cgi?id=1404112

Signed-off-by: Cole Robinson <crobinso@redhat.com>
2017-09-05 10:41:32 -04:00
Cole Robinson
ef08a54538 qemu: Set default video type in qemu PostParse
And not generic domain_conf code. We will need qemu private functions
in a bit.

Signed-off-by: Cole Robinson <crobinso@redhat.com>
2017-09-05 10:41:32 -04:00
Cole Robinson
29a90f071d conf: domain: move video type validation to DeviceDefValidate
This allows drivers to set their own default. But if a driver neglects
to fill one in, we still error like we previously would at parse time.

Signed-off-by: Cole Robinson <crobinso@redhat.com>
2017-09-05 10:41:32 -04:00
Cole Robinson
a2ca7ca52e conf: domain: add VIDEO_TYPE_DEFAULT
Will be needed for future patches to pull the default video type
setting out of XML parsing routines.

Signed-off-by: Cole Robinson <crobinso@redhat.com>
2017-09-05 10:41:32 -04:00
Erik Skultety
4c248e938a maint: Fix incorrect parenthesis placement causing true/false assignment
There were a few places in our code where the following pattern in 'if'
condition occurred:

if ((foo = bar() < 0))
    do something;

This patch adjusts the conditions to the expected format:

if ((foo = bar()) < 0)
    do something;

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1488192

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2017-09-05 11:27:12 +02:00
Andrea Bolognani
bc0108845c docs: Fix typo deamon -> daemon
Suggested-by: Martin Kletzander <mkletzan@redhat.com>
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2017-09-04 15:07:17 +02:00
Daniel P. Berrange
5f5c515bbd event: ignore attempts to replace the event loop impl
Although not previously explicitly documented, the expectation for
the libvirt event loop is that an implementation is registered early
in application startup, before calling any libvirt APIs and then
run forever after. Replacing a previously registered event loop is
not safe & subject to races even if virConnectClose has been called
on open handles, due to delayed deregistration of callbacks during
conenction close.

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-09-04 13:06:24 +01:00
Michal Privoznik
e703039c20 lxcStateInitialize: Don't leak driver's caps
Funny thing. So when initializing LXC driver's capabilities,
firstly the virLXCDriverGetCapabilities() is called. This creates
new capabilities, stores them under driver->caps, ref() them and
return them. However, the return value is ignored. Secondly, the
function is called yet again and since we have driver->caps set,
they are ref()-ed again an returned. So in the end, driver's
capabilities have refcount of three when in fact they should have
refcount of one.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-09-04 12:40:44 +02:00
Richard W.M. Jones
4c10c38275 vmx: Expose VMware Managed Object Reference (moref) in XML.
If you use the VDDK library to access virtual machines remotely, you
really need to know the Managed Object Reference ("moref") of the VM.
This must be passed each time you connect to the API.

For example nbdkit's VDDK plugin requires a moref to be passed to
mount up a VM's disk remotely:

 nbdkit vddk user=root password=+/tmp/rootpw \
             server=esxi.example.com thumbprint=xx:xx:xx:... \
             vm=moref=2 \
             file="[datastore1] Fedora/Fedora.vmdk"

Getting the moref is a huge pain.  To get some idea of what it is, why
it is needed, and how much trouble it is to get it, see:
https://blogs.vmware.com/vsphere/2012/02/uniquely-identifying-virtual-machines-in-vsphere-and-vcloud-part-1-overview.html
https://blogs.vmware.com/vsphere/2012/02/uniquely-identifying-virtual-machines-in-vsphere-and-vcloud-part-2-technical.html

However the moref is available conveniently in the internals of the
libvirt VMX driver.  This patch exposes it as a custom XML element
using the same "vmware:" namespace which was previously used for the
datacenterpath (see libvirt commit 636a990587).

It appears in the XML like this:

<domain type='vmware' xmlns:vmware='http://libvirt.org/schemas/domain/vmware/1.0'>
  <name>Fedora</name>
...
  <vmware:datacenterpath>ha-datacenter</vmware:datacenterpath>
  <vmware:moref>2</vmware:moref>
</domain>

Note that the moref can appear as either a simple ID (for esx://
connections) or as a "vm-<ID>" (for vpx:// connections).  It should be
treated by users as an opaque string.

Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
2017-09-04 09:48:32 +01:00
Michal Privoznik
054c6d2721 virnetdaemon: Don't deadlock when talking to D-Bus
https://bugzilla.redhat.com/show_bug.cgi?id=1487322

In ace45e67ab I tried to fix a problem that we get the reply to
a D-Bus call while we were sleeping. In that case the callback
was never set. So I changed the code that the callback is called
directly in this case. However, I hadn't realized that since the
callback is called out of order it locks the virNetDaemon.
Exactly the very same virNetDaemon object that we are dealing
with right now and that we have locked already (in
virNetDaemonAddShutdownInhibition())

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-09-01 13:21:33 +02:00
Nikolay Shirokovskiy
9820756cd3 qemu: handle -1 for pid in qemuDomainGetMachineName
We call qemuDomainGetMachineName on domain start. On first
start (after daemon start) pid is 0 and virSystemdGetMachineNameByPID
don't get called. But after domain shutting down pid became -1 so
on next start virSystemdGetMachineNameByPID is called and returned an error.
Error is ignored so it is not critical. But at least on my system
(systemd-219 with extra patches) systemd-machined is crashed on
this request.

This behaviour is triggered by eaf2c9f89.

Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
2017-09-01 10:49:44 +02:00
Michal Privoznik
f0607f394c qemu: Forbid rx/tx_queue_size change explicitly
https://bugzilla.redhat.com/show_bug.cgi?id=1484230

When updating a virtio enabled vNIC and trying to change either
of rx_queue_size or tx_queue_size success is reported although no
operation is actually performed. Moreover, there's no way how to
change these on the fly. This is due to way we check for changes:
explicitly for each struct member. Therefore it's easy to miss
one.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-09-01 09:50:44 +02:00
John Ferlan
d16f803d78 storage: Use virStorageBackendRefreshVolTargetUpdate after wipeVol
https://bugzilla.redhat.com/show_bug.cgi?id=1437797

Rather than using refreshVol which essentially only updates the
allocation, capacity, and permissions for the volume, but not
the format which does get updated in a pool refresh - let's use
the same helper that pool refresh uses in order to update the
volume target.
2017-08-30 15:32:13 -04:00
John Ferlan
7c2945b854 storage: Introduce virStorageBackendRefreshVolTargetUpdate
Create a separate function to handle the volume target update
via probe processing.
2017-08-30 15:32:13 -04:00
Pavel Hrdina
be6a415e51 qemu: set bind mode for chardev while parsing XML
Currently while parsing domain XML we clear the UNIX path if it matches
one of the auto-generated paths by libvirt.  After that when the guest
is started new path is generated but the mode is also changed to "bind".

In the real-world use-case the mode should not change, it only happens
if a user provides a mode='connect' and path that matches one of the
auto-generated path or not provides a path at all.

Before *reconnect* feature was introduced there was no issue, but with
the new feature we need to make sure that it's used only with "connect"
mode, therefore we need to move the mode change into parsing in order
to have a proper error reported by validation code.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-30 17:47:56 +02:00
Pavel Hrdina
393543910d conf: add reconnect to virDomainChrSourceDef(Copy|IsEqual)
Missed by 9aa72a6dd5.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-30 13:33:30 +02:00
Daniel P. Berrange
e4cb850081 rpc: avoid ssh interpreting malicious hostname as arguments
Inspired by the recent GIT / Mercurial security flaws
(http://blog.recurity-labs.com/2017-08-10/scm-vulns),
consider someone/something manages to feed libvirt a bogus
URI such as:

  virsh -c qemu+ssh://-oProxyCommand=gnome-calculator/system

In this case, the hosname "-oProxyCommand=gnome-calculator"
will get interpreted as an argument to ssh, not a hostname.
Fortunately, due to the set of args we have following the
hostname, SSH will then interpret our bit of shell script
that runs 'nc' on the remote host as a cipher name, which is
clearly invalid. This makes ssh exit during argv parsing and
so it never tries to run gnome-calculator.

We are lucky this time, but lets be more paranoid, by using
'--' to explicitly tell SSH when it has finished seeing
command line options. This forces it to interpret
"-oProxyCommand=gnome-calculator" as a hostname, and thus
see a fail from hostname lookup.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-08-29 18:02:03 +01:00
Martin Kletzander
ed8661a309 qemu: Also treat directories properly when using namespaces
When recreating folders with namespaces, the directory type was not
being handled at all.  It's not special, we probably just didn't know
that that can be used as a volume path as well.  The code failed
gracefully, but we want to allow that so that we can use <disk
type='dir'> in domains again.

Partially-resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1443434

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2017-08-29 16:30:04 +02:00
Martin Kletzander
3401e208ab qemu: Don't mangle the storage format for type='dir'
Our backing probing code handles directory file types properly in
virStorageFileGetMetadataRecurse(), by that I mean it leaves them
alone.  However its caller, the virStorageFileGetMetadata() resets the
type to raw before probing, without even checking the type.  We need
to special-case TYPE_DIR in order to achieve desired results.

Also, in order to properly test this, we need to stop resetting format
of volumes in tests for TYPE_DIR (probably the reason why we didn't
catch that and why the test data didn't need to be modified).

Partially-resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1443434

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2017-08-29 16:30:04 +02:00
Kothapally Madhu Pavan
021f7c132b qemu: Implement qemuDomainManagedSaveDefineXML
This commit adds qemu driver implementation to edit xml
configuration of managed save state file of a domain.

Signed-off-by: Kothapally Madhu Pavan <kmp@linux.vnet.ibm.com>
2017-08-29 13:40:13 +02:00
Kothapally Madhu Pavan
18d4cafef7 qemu: Implement qemuDomainManagedSaveGetXMLDesc
This commit adds qemu driver implementation to get xml description
for managed save state domain.

Signed-off-by: Kothapally Madhu Pavan <kmp@linux.vnet.ibm.com>
2017-08-29 13:40:13 +02:00
Kothapally Madhu Pavan
1558f2584f lib: Add API to edit domain's managed save state xml configuration
Similar to domainSaveImageDefineXML this commit adds domainManagedSaveDefineXML
API which allows to edit domain's managed save state xml configuration.

Signed-off-by: Kothapally Madhu Pavan <kmp@linux.vnet.ibm.com>
2017-08-29 13:40:13 +02:00
Kothapally Madhu Pavan
a67e3872a6 lib: Add API to dump xml configuration of managed save state domain
Similar to domainSaveImageGetXMLDesc this commit adds domainManagedSaveGetXMLDesc
API which allows to get the xml of managed save state domain.

Signed-off-by: Kothapally Madhu Pavan <kmp@linux.vnet.ibm.com>
2017-08-29 13:40:13 +02:00
Michal Privoznik
3ee9bdbe35 qemu: Honour <on_reboot/>
https://bugzilla.redhat.com/show_bug.cgi?id=1476866

For some reason, we completely ignore <on_reboot/> setting for
domains. The implementation is simply not there. It never was.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-08-29 11:33:38 +02:00
Michal Privoznik
4a8bd26039 qemuDomainUndefineFlags: Grab QEMU_JOB_MODIFY
This API is definitely modifying state of @vm. Therefore it
should grab a job.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-08-29 11:18:34 +02:00
Michal Privoznik
9115dcd83e qemu: Introduce and use qemuDomainRemoveInactiveJob
At some places we either already have synchronous job or we just
released it. Also, some APIs might want to use this code without
having to release their job. Anyway, the job acquire code is
moved out to qemuDomainRemoveInactiveJob so that
qemuDomainRemoveInactive does just what it promises.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-08-29 11:18:34 +02:00
Martin Kletzander
265d0bed0b conf: Clean up and report error in virDomainGenerateMachineName
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2017-08-29 11:17:16 +02:00
Martin Kletzander
2a544e3130 conf: Clean up and report error in virDomainCapsFormat
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2017-08-29 11:17:16 +02:00
Martin Kletzander
323f7c476e util: Use virBufferCheckError to its full potential.
We can now check for the error and not care about the return value as
it will be properly handled in virBufferContentAndReset() anyway.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2017-08-29 11:17:16 +02:00
Martin Kletzander
7addfa195b util: Umark virBufferCheckErrorInternal as ATTRIBUTE_RETURN_CHECK
The function is useful even without using the return value.  And if
needed, the return value can be obtained by other calls as well.  The
potential for clean-up can be seen in the following patch.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2017-08-29 11:17:16 +02:00
Martin Kletzander
f5ef291bdb qemu: Use short domain name in qemuDomainGetPreservedMountPath
Otherwise longer domain names might generate paths that are too long
to be created.  This follows what other parts of the code do as well.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1453194

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2017-08-29 11:17:16 +02:00
Martin Kletzander
5102be52d8 conf: Properly truncate wide character names in virDomainObjGetShortName
We always truncated the name at 20 bytes instead of characters.  In
case 20 bytes were in the middle of a multi-byte character, then the
string became invalid and various parts of the code would error
out (e.g. XML parsing of that string).  Let's instead properly
truncate it after 20 characters instead.

We cannot test this in our test suite because we would need to know
what locales are installed on the system where the tests are ran and
if there is supported one (most probably there will be, but we cannot
be 100% sure), we could initialize gettext in qemuxml2argvtest, but
there would still be a chance of getting two different (both valid,
though) results.

In order to test this it is enough to start a machine with a name for
which trimming it after 20 bytes would create invalid sequence (e.g.
1234567890123456789č where č is any multi-byte character).  Then start
the domain and restart libvirtd.  The domain would disappear because
such illegal sequence will not go through the XML parser.  And that's
not a bug of the parser, it should not be in the XML in the first
place, but since we don't use any sophisticated formatter, just
mash some strings together, the formatting succeeds.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1448766

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2017-08-29 11:17:16 +02:00
Martin Kletzander
fb61407501 qemu: Add support for virtio-vga/gpu's max_outputs= parameter
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1449712

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2017-08-29 11:17:16 +02:00
Martin Kletzander
66c4e15335 qemu: Add capabilities for virtio-vga/gpu's max_outputs= parameter
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2017-08-29 11:17:16 +02:00
Pavel Hrdina
3ba6b532d1 qemu: implement chardev source reconnect
The reconnect attribute for chardev devices in QEMU is used to
configure the reconnect timeout in seconds.  Setting '0' value disables
the reconnect functionality thus we don't allow to set '0' for QEMU.
To disable the reconnect user should use <reconnect enabled='no'/>.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1254971

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-29 10:30:05 +02:00
Pavel Hrdina
9aa72a6dd5 conf: introduce reconnect element for chardev source
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-29 10:30:05 +02:00
Pavel Hrdina
5f7da98b3f qemu: introduce QEMU_CAPS_CHARDEV_RECONNECT
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-29 10:30:05 +02:00
John Ferlan
5aaa304f8d network: Fix virNetworkObjBridgeInUse return type
Rather than an int, it returns a bool - so let's define it that way

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-08-28 14:02:22 -04:00
John Ferlan
c447086f01 Revert "interface: Consume @def in virInterfaceObjNew"
This reverts commit 92840eb3a7.

More recent reviews/changes don't have the vir*ObjNew APIs
consuming the @def, so remove from Interface as well. Changes
needed to also deal with conflicts from commit id '46f5eca4'.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-08-28 14:02:22 -04:00
Erik Skultety
b988f794e3 daemon: logging: Fix --verbose option being ignored by the daemon
Commit 94c465d0 refactored the logging setup phase but introduced an
issue, where the daemon ignores verbose mode when there are no outputs
defined and the default must be used. The problem is that the default
output was determined too early, thus ignoring the potential '--verbose'
option taking effect. This patch postpones the creation of the default
output to the very last moment when nothing else can change. Since the
default output is only created during the init phase, it's safe to leave
the pointer as NULL for a while, but it will be set eventually, thus not
affecting runtime.
Patch also adjusts both the other daemons.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1442947

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-08-28 16:42:13 +02:00
Andrea Bolognani
1f43393283 qemu: Handle host devices not being available better
We can't retrieve the isolation group of a device that's not present
in the system. However, it's very common for VFs to be created late
in the boot, so they might not be present yet when libvirtd starts,
which would cause the guests using them to disappear.

Moreover, for other architectures and even ppc64 before isolation
groups were introduced, it's considered perfectly fine to configure a
guest to use a device that's not yet (or no longer) available to the
host, with the obvious caveat that such a guest won't be able to
start before the device is available.

In order to be consistent, when a device's isolation group can't be
determined fall back to not isolating it rather than erroring out or,
worse, making the guest disappear.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1484254

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2017-08-28 16:16:12 +02:00
Pavel Hrdina
e02ff020ca conf: don't close the source element inside different function
While formatting disk or chardev element they both uses
virDomainDiskSourceDefFormatSeclabel() function which also closes
the source element.  This is not extendable.

Use the new virXMLFormatElement() to properly format the source
element with possible child elements.

As a side effect it fixes a bug in disk source formatting.

Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-28 14:02:50 +02:00
Pavel Hrdina
4e56a3e793 util: introduce virXMLFormatElement helper
This helper allows you to better structurize the code if some element
may or may not contains attributes and/or child elements.

Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-28 14:02:44 +02:00
Pavel Hrdina
ef3ea17f62 util: introduce virBufferSetChildIndent macro
Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-28 14:02:34 +02:00
Cole Robinson
ac87932ee3 conf: add virDomainVideoDefNew
To handle setting a default heads value. Convert callers that were
doing it by hand

Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2017-08-27 09:38:12 -04:00
Cole Robinson
5db046211f qemu: domain: Move some validation out of DeviceDefPostParse
And into DeviceDefValidate which is the expected place

Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2017-08-27 09:38:12 -04:00
Cole Robinson
42845acb0b qemu: parse: drop redundant video config
The ram/vram = 0 bits aren't needed, and PostParse will fill in the
needed QXL default

Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2017-08-27 09:38:12 -04:00
Cole Robinson
1f17ce215f qemu: Remove remnants of xenner support
Both of these are dead code: qemu_command.c explicitly rejects
VIRT_XEN earlier in the call chain, and qemu_parse_command.c
will never set VIRT_XEN anymore

Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2017-08-27 09:38:05 -04:00
Scott Garfinkle
457f8f33c9 qemu: Implement virDomainMigrateGetMaxDowntime
Add code to support querying maximum allowable downtime during live migration.
2017-08-26 07:55:17 -04:00
Scott Garfinkle
4601a546b7 Add virDomainMigrateGetMaxDowntime public API
Add virDomainMigrateGetMaxDowntime to support querying maximum allowable
downtime during live migration.
2017-08-26 07:55:17 -04:00
Andrea Bolognani
ed9db36b42 qemu: Report error on failure to set isolation group
This is more user-friendly because the error will be
displayed directly instead of being buried in the log.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-25 10:05:45 +02:00
George Dunlap
92b6c99223 libxl: Avoid a variable named 'stat'
Using a variable named 'stat' clashes with the system function
'stat()' causing compiler warnings on some platforms:

libxl/libxl_driver.c: In function 'libxlDomainBlockStatsVBD':
libxl/libxl_driver.c:5387: error: declaration of 'stat' shadows a global declaration [-Wshadow]
/usr/include/sys/stat.h:455: error: shadowed declaration is here [-Wshadow]

Signed-off-by: George Dunlap <george.dunlap@citrix.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2017-08-24 16:22:27 +02:00
Ján Tomko
d9fc08d103 vmx: do not treat controllers as implicit devices
When parsing the config, we look for the SCSI controllers one by one,
remembering their models, then let virDomainDefAddImplicitDevices
add them if any SCSI disk is using them.

Since these controllers are not really implicit (they are present
in the source config), add them explicitly.

This patch maintains the behavior of not adding a controller
if it was present in the config, but no disk was using it.

This also resolves the memory leak of virVMXParseConfig overwriting
the video device added by calling virDomainDefAddImplicitDevices
before the parsing is finished.

Reported-by: Michal Privoznik <mprivozn@redhat.com>
2017-08-24 09:46:56 +02:00
Nikolay Shirokovskiy
c22f02cfdf vz: build fix
6e6faf6d changed vzDomObjAlloc signature in source but not in header file.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-08-24 09:40:34 +02:00
Ján Tomko
126e6f381a conf: check address type for USB hostdevs
https://bugzilla.redhat.com/show_bug.cgi?id=1225339
2017-08-24 09:28:53 +02:00
Ján Tomko
cdf72e19d9 conf: move hostdev address validation to virDomainHostdevDefValidate
For selected hostdev types, we validate that the address type
matches the subsystem type when parsing the XML.

Move it to the validation phase, to allow extending the checks
to other subsystem types without making existing domains disappear.
2017-08-24 09:28:53 +02:00
Nikolay Shirokovskiy
f3cdbf22e3 vz: support disabled items in vz boot order
At the time the check was written virtuozzo did not use disabled items in boot
order configuration. Boot items were always enabled. Now they can be disabled
as well. Supporting such items is easy - they just should be ignored.
2017-08-23 09:03:27 -04:00
Ján Tomko
a530078cd2 conf: do not count per-device boot elements when parsing <os><boot>
When parsing bootable devices, we maintain a bitmap of used
<boot order=""> elements. Use it in the post-parse function
to figure out whether the user tried to mix per-device and
per-domain boot elements.

This removes the need to count them twice.
2017-08-22 17:47:24 +02:00
Ján Tomko
4b759a4041 conf: create a thin wrapper above virDomainDefPostParse
Rename the original function to virDomainDefPostParseInternal
to allow adding arguments that will be only used by the internal
version.
2017-08-22 17:47:24 +02:00
Ján Tomko
c4480eef08 conf: rename virDomain*PostParseInternal to virDomain*PostParseCommon
These functions contain the post-parse steps common for all drivers.
Rename it to use the 'Common' prefix, instead of the vagueness
of 'Internal', leaving 'Internal' available for other vague uses.
2017-08-22 17:47:23 +02:00
Pavel Hrdina
1e4cc18890 conf: move chardev validation into virDomainDeviceDefValidateInternal
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-22 17:44:36 +02:00
Pavel Hrdina
a4ba59ff4b conf: separate PTY chardev source parsing
There is no reason why to share the same code for PTY and other file
based chardev source types.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-22 17:44:36 +02:00
Pavel Hrdina
9b341bbf41 conf: move FILE chardev source parsing to separate function
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-22 17:44:36 +02:00
Pavel Hrdina
65f4e2ff27 conf: assign parsed strings directly into chardev source definition
Since the source element is parsed only once for these type of
character devices we don't have to use temporary variable and
check whether the variable was already set.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-22 17:44:36 +02:00
Pavel Hrdina
2c9b97d842 conf: move UNIX chardev source parsing to separate function
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-22 17:44:36 +02:00
Pavel Hrdina
34e0eb7dc4 conf: move UDP chardev source parsing to separate function
The extra check whether (connect|bind)(Host|Service) was set is
required because for UDP chardev there can be two source elements.
Without the check there could be a memory leak.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-22 17:44:36 +02:00
Pavel Hrdina
40b0f40b54 conf: move TCP chardev source parsing to separate function
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-22 17:44:36 +02:00
Pavel Hrdina
9ed225e910 conf: move mode parsing of chardev source to separate function
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-22 17:44:36 +02:00
Pavel Hrdina
3672fc99f4 conf: move chardev log parsing to separate function
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-22 17:44:36 +02:00
Pavel Hrdina
f2be5b38f0 conf: move chardev protocol parsing to separate function
In order to ensure that the default protocol is RAW, explicitly
assigning VIR_DOMAIN_CHR_TCP_PROTOCOL_RAW = 0.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-22 17:43:51 +02:00
Pavel Hrdina
209fa11b02 conf: error out for multiple protocol elements while parsing chardev
Remove check whether a variable was already set because the element
is parsed only once now.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-22 17:28:40 +02:00
Pavel Hrdina
23482e4b1e conf: error out for multiple log elements while parsing chardev
Remove check whether a variable was already set because the element
is parsed only once now.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-22 17:28:40 +02:00
Pavel Hrdina
21bfd1e9b9 conf: error out for multiple source elements while parsing chardev
Currently we accept and correctly parse this chardev XML:

  ...
  <channel type='tcp'>
    <source mode='connect'/>
    <source mode='bind' host='localhost'/>
    <source service='4567'/>
    <target type='virtio' name='test'/>
  </channel>
  ...

The parsed formatted XML is:

  ...
  <channel type='tcp'>
    <source mode='connect' host='localhost' service='4567'/>
    <target type='virtio' name='test'/>
  </channel>
  ...

That behavior is super wrong and should not be allowed.  If you notice
the current parse takes the first found attribute and uses that value,
so for example from the "<source mode='bind' host='localhost'/>" only
the "host" attribute is used.  It works the same way for all possible
attributes that we are able to parse for source element.

This patch enforces providing only one source element for all character
devices, only for UDP type we allow to provide two source elements
since you can specify both modes.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-22 17:28:40 +02:00
Pavel Hrdina
7d0ff9430b conf: switch from while to for loop for chardev parsing
This removes one level of indentation.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-22 17:28:40 +02:00
Ján Tomko
bad14fbbed conf: useserial: drop useless check for serial devices
Since its introduction in commit 874e65aa, if someone requests:
<os><bios useserial="yes"/><os/>
we report an error if we cannot successfully count the number
of serial devices via an XPath query.

Instead of fixing the check (and moving it to the validation phase,
to prevent existing domains from disappearing), drop it completely.
For QEMU, the number of serials is checked when building the command
line.
2017-08-22 09:44:28 +02:00
Jim Fehlig
0f1993aa15 Don't autogenerate seclabels of type 'none'
When security drivers are active but confinement is not enabled,
there is no need to autogenerate <seclabel> elements when starting
a domain def that contains no <seclabel> elements. In fact,
autogenerating the elements can result in needless save/restore and
migration failures when the security driver is not active on the
restore/migration target.

This patch changes the virSecurityManagerGenLabel function in
src/security_manager.c to only autogenerate a <seclabel> element
if none is already defined for the domain *and* default
confinement is enabled. Otherwise the needless <seclabel>
autogeneration is skipped.

Resolves: https://bugzilla.opensuse.org/show_bug.cgi?id=1051017
2017-08-21 09:22:26 -06:00
Andrea Bolognani
64357c3f93 conf: Use the correct limit for the number of PHBs
I mistakenly thought pSeries guests supported 32 PHBs,
but it turns out they only support 31. Validate the
target index accordingly.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1479647

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2017-08-21 13:11:49 +02:00
Andrea Bolognani
c9d75d655a conf: Move target index validation
Validation should happen after parsing, so the proper
location for it is virDomainControllerDefValidate()
rather than virDomainControllerDefParseXML().

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2017-08-21 13:11:48 +02:00
Peter Krempa
7726d1581f qemu: Implement postParse callback skipping on config reload
Use the new facility which allows to ignore failures in post parse
callbacks if they are not fatal so that VM configs are not lost if the
emulator binary is missing.

If qemuCaps can't be populated on daemon restart skip certain portions
of the post parse callbacks during config reload and re-run the callback
during VM startup.

This fixes VMs vanishing if the emulator binary was broken or
uninstalled and libvirtd was restarted.
2017-08-18 15:07:44 +02:00
Peter Krempa
7808884808 qemu: domain: Don't set default USB model if qemuCaps is missing
qemuDomainControllerDefPostParse assigns the default USB controller
model when it was not specified by the user. Skip this step if @qemuCaps
is missing so that we don't fill wrong data. This will then be fixes by
re-running the post parse callback.
2017-08-18 15:07:44 +02:00
Peter Krempa
fde772cf82 qemu: domain: Don't return default NIC model if @qemuCaps are missing
Return NULL in qemuDomainDefaultNetModel if qemuCaps is missing and the
network card model would be determined by the capabilities.
2017-08-18 15:07:44 +02:00
Peter Krempa
6df29d0816 qemu: capabilities: Tolerate missing @qemuCaps in virQEMUCapsSupportsGICVersion
Report the given GIC version as unsupported if @qemuCapsi is NULL. This
will be helpful to run post parse callbacks even if qemu is not
currently installed.
2017-08-18 15:07:44 +02:00
Peter Krempa
9088d42da1 qemu: capabilities: Tolerate missing @qemuCaps in virQEMUCapsGetCanonicalMachine
If qemuCaps are not present, just return the original machine type name.

This will help in situations when qemuCaps is not available in the post
parse callback.
2017-08-18 15:07:44 +02:00
Peter Krempa
7c5cf4983c conf: add infrastructure for tolerating certain post parse callback failures
Some failures of the post parse callback can be tolerated. This is
specifically desired when loading the configs of existing VMs. In such
case the post parse callback should not really be modifying anything
in the definition.

This patch adds a parse flag VIR_DOMAIN_DEF_PARSE_ALLOW_POST_PARSE_FAIL
which will allow the callbacks to report non-fatal failures by returning
a positive return value. In such case the field 'postParseFailed' in the
domain definition is set to true, to notify the drivers that the
callback failed and possibly needs to be re-run.
2017-08-18 15:07:44 +02:00
Peter Krempa
e159ddfab8 conf: Return any non-zero value from virDomainDeviceInfoIterateInternal callback
Post parse callbacks will need to be able to signal that they failed
non-fatally. This means that we need to return the value returned by the
callback without modification.
2017-08-18 15:07:44 +02:00
Peter Krempa
18a8c36610 qemu: domain: Don't re-allocate qemuCaps in post parse callbacks
The domain post parse callback, domain address callback and the domain
device callback (for every single device) would each grab qemuCaps for
the current emulator. This is quite wasteful. Use the new callback to do
this just once.
2017-08-18 15:07:44 +02:00
Peter Krempa
e168bc8a72 conf: Add callbacks that allocate per-def private data
Some drivers use def-specific private data across callbacks (e.g.
qemuCaps in the qemu driver). Currently it's mostly allocated in every
single callback. This is rather wasteful, given that every single call
to the device callback allocates it.

The new callback will allocate the data (if not provided externally) and
then use it for the VM, address and device post parse callbacks.
2017-08-18 15:07:44 +02:00
Peter Krempa
03132bf487 qemu: Move assignment of default emulator to the basic post parse callback 2017-08-18 15:07:44 +02:00
Peter Krempa
2f19c9325e conf: Add 'basic' post parse callback
Add yet another post parse callback, which is executed prior the real
one without @parseOpaque. This is meant to set basics before
@parseOpaque (in case of the qemu driver qemuCaps) can be allocated.

This callback will allow to optimize passing of custom parseOpaque
through the callbacks.
2017-08-18 15:07:44 +02:00
Peter Krempa
7a5f68a1f2 conf: domainlist: Explicitly report failure to load domain config
When dropping a domain report which one was dropped so that it's not
necessary to rummage through the logs.
2017-08-18 15:07:44 +02:00
Pavel Hrdina
abab46a29b qemu: don't check whether offline migration is safe
Offline migration transfers only the domain definition.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1449715

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-18 14:45:48 +02:00
Peter Krempa
c0ce84ca98 util: string: Introduce virStringHasChars
The helper returns true if a string contains any of the given chars.
virStringHasControlChars can be reimplemented using that helper.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-18 14:20:37 +02:00
Erik Skultety
ad97fecee7 nodedev: Introduce udevHandleOneDevice
Let this new method handle the device object we obtained from the
monitor in order to enhance readability.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-08-17 16:50:47 +02:00
Erik Skultety
d3f2820ff7 nodedev: udev: Remove the udevEventHandleCallback on fatal error
So we have a sanity check for the udev monitor fd. Theoretically, it
could happen that the udev monitor fd changes (due to our own wrongdoing,
hence the 'sanity' here) and if that happens it means we are handling an
event from a different entity than we think, thus we should remove the
handle if someone somewhere somehow hits this hypothetical case.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-08-17 16:50:47 +02:00
Erik Skultety
6167d8494c nodedev: mdev: Report an error when mdev path resolution fails
It might happen that virFileResolveLinkHelper fails on the lstat system
call. virFileResolveLink expects the caller to report an error when it
fails, however this wasn't the case for udevProcessMediatedDevice.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-08-17 16:50:47 +02:00
Christian Ehrhardt
03fb4e3dea virt-aa-helper: locking loader/nvram for qemu 2.10
Testing qemu-2.10-rc3 shows issues like:
  qemu-system-aarch64: -drive file=/home/ubuntu/vm-start-stop/vms/
  7936-0_CODE.fd,if=pflash,format=raw,unit=1: Failed to unlock byte 100

There is an apparmor deny due to qemu now locking those files:
 apparmor="DENIED" operation="file_lock" [...]
 name="/home/ubuntu/vm-start-stop/vms/7936-0_CODE.fd"
 name="/var/lib/uvtool/libvirt/images/kvmguest-artful-normal.qcow"
 [...] comm="qemu-system-aarch64" requested_mask="k" denied_mask="k"

The profile needs to allow locking for loader and nvram files via
the locking (k) rule.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2017-08-17 16:11:59 +02:00
Christian Ehrhardt
580cdaa7e7 virt-aa-helper: locking disk files for qemu 2.10
Testing qemu-2.10-rc2 shows issues like:
  qemu-system-x86_64: -drive file=/var/lib/uvtool/libvirt/images/kvmguest- \
  artful-normal.qcow,format=qcow2,if=none,id=drive-virtio-disk0:
  Failed to lock byte 100

It seems the following qemu commit changed the needs for the backing
image rules:

(qemu) commit 244a5668106297378391b768e7288eb157616f64
Author: Fam Zheng <famz@redhat.com>
    file-posix: Add image locking to perm operations

The block appears as:
 apparmor="DENIED" operation="file_lock" [...]
 name="/var/lib/uvtool/libvirt/images/kvmguest-artful-normal.qcow"
 [...] comm="qemu-system-x86" requested_mask="k" denied_mask="k"

With that qemu change in place the rules generated for the image
and backing files need the allowance to also lock (k) the files.

Disks are added via add_file_path and with this fix rules now get
that permission, but no other rules are changed, example:
  -  "/var/lib/uvtool/libvirt/images/kvmguest-artful-normal-a2.qcow" rw,
  +  "/var/lib/uvtool/libvirt/images/kvmguest-artful-normal-a2.qcow" rwk

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2017-08-17 16:11:59 +02:00
Pavel Hrdina
b71946af5c conf: use virXMLPropString and virXMLNodeContentString for vcpu parsing
XPath is good for random search of elements, not for accessing
attributes of one node.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-17 15:42:48 +02:00
Pavel Hrdina
49991b74d9 conf: use virXMLNodeContentString for boot options parsing
Using XPath here doesn't add any benefit.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-17 15:42:47 +02:00
Pavel Hrdina
422cf16079 conf: use virXMLPropStringLimit where it makes sense
The XPath call for these cases is more expensive than accessing the
XML dom node directly.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-17 15:42:47 +02:00
Pavel Hrdina
d5b025bb15 conf: use virXMLPropString for actual network parsing
XPath is good for random search of elements, not for accessing
attributes of one node.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-17 15:42:47 +02:00
Pavel Hrdina
0b36d6cb08 conf: use virXMLPropString for boot parsing
XPath is good for random search of elements, not for accessing
attributes of one node.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-17 15:42:47 +02:00
Pavel Hrdina
8cf6eb4612 conf: use virXMLPropString for network parsing
XPath is good for random search of elements, not for accessing
attributes of one node.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-17 15:42:47 +02:00
Pavel Hrdina
dee01fc5a0 conf: use virXMLPropString for IOMMU def parsing
XPath is good for random search of elements, not for accessing
attributes of one node.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-17 15:42:47 +02:00
Pavel Hrdina
58bf9d1d37 conf: use virXMLPropString for virDomainVirtioOptionsParseXML
XPath is good for random search of elements, not for accessing
attributes of one node.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-17 15:42:47 +02:00
Pavel Hrdina
561726cd7f util: introduce virXMLNodeContentString
It's equivalent of calling virXPathString("string(.)", ctxt) but it
doesn't have to use the XPath resolving and parsing.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-17 15:42:23 +02:00
Pavel Hrdina
827cf58d50 util: introduce virXMLPropStringLimit
The virXMLPropStringLimit is an equivalent of virXPathStringLimit
which should be preferred if you already have a XML dom node or
if you need to parse more than one property.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-17 15:42:08 +02:00
Michal Privoznik
361ff0a088 network: Use self inflating bitmap for class IDs
Back in the day when I was implementing QoS for networks there
were no self inflating virBitmaps. Only the static ones.
Therefore, I had to allocate the whole 8KB of memory in order to
keep track of used/unused class IDs. This is rather wasteful
because nobody is ever gonna use that much classes (kernel
overhead would drastically lower the bandwidth). Anyway, now that
we have self inflating bitmaps we can start small and allocate
more if there's need for it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-08-17 14:58:11 +02:00
John Ferlan
6862ad3cd7 network: Use @nnames instead of @got
To make it clearer, let's use @nnames instead of @got for counting the
names in the @names array.  Keeps things consistent and clear.
2017-08-17 07:28:17 -04:00
John Ferlan
1910abbf47 storage: Alter @aclfilter to just @filter
Rename the variable, recent review requested just use of @filter,
so be consistent throughout.
2017-08-16 14:24:38 -04:00
John Ferlan
8ce0556fc5 secret: Alter @aclfilter to just @filter
Rename the variable, recent review requested just use of @filter,
so be consistent throughout.
2017-08-16 14:24:38 -04:00
John Ferlan
59310792a6 nwfilter: Alter @aclfilter to just @filter
Rename the variable, recent review requested just use of @filter,
so be consistent throughout.

NB: Also change the virNWFilterPtr to be @nwfilter to not conflict
with the renamed variable.
2017-08-16 14:24:38 -04:00
John Ferlan
f4b5844050 nodedev: Alter @aclfilter to just @filter
Rename the variable, recent review requested just use of @filter,
so be consistent throughout.
2017-08-16 14:24:38 -04:00
John Ferlan
63d84f18fa network: Privatize virNetworkObj
Move from virnetworkobj.h into virnetworkobj.c

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-08-16 14:17:57 -04:00
John Ferlan
80ba4142e1 network: Modify naming for virNetworkObjList* fetching APIs
Use the structure names in the @data setup - makes it easier than
going back to find the struct fields to make sure the order of the
data is correct.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-08-16 14:17:57 -04:00
John Ferlan
8473859a47 network: Use @maxnames instead of @nnames
To be consistent with the API definition, use the @maxnames instead
of @nnames when describing/comparing against the maximum names to
be provided for the *ConnectList[Defined]Networks APIs.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-08-16 14:17:57 -04:00
John Ferlan
178ac3d133 network: Move virObjectRef during AssignDef processing
Move the virObjectRef in virNetworkObjAssignDefLocked to after
the virHashAddEntry to make it "clearer" why the @ref is being
incremented. Upon return from the ObjNew we will have 1 ref on
the object already, adding it to the hash table requires the
increment.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-08-16 14:17:57 -04:00
John Ferlan
7beef70871 network: Have virNetworkObjNew lock the returned object
Forces callers to use the virNetworkObjEndAPI properly.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-08-16 14:17:57 -04:00
John Ferlan
26c8fe4990 network: Consistent use of @obj for virnetworkobj
Consistently use @obj for a virNetworkObjPtr.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-08-16 14:17:57 -04:00
John Ferlan
bc9868aaf2 network: Introduce virNetworkObjIsPersistent
In preparation to privatize the virNetworkObj - create an accessor function
to get the current @persistent value.  Also change the value to a bool rather
than an unsigned int (since that's how it's generated anyway).

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-08-16 14:17:57 -04:00
John Ferlan
9e8227d76b network: Introduce virNetworkObj{Is|Set}Active
In order to privatize the virNetworkObj create accessors in virnetworkobj
in order to handle the get/set of the active value.

Also rather than an unsigned int, convert it to a boolean to match other
drivers representation and the reality of what it is.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-08-16 14:17:57 -04:00
John Ferlan
f57d8a7b32 network: Introduce virNetworkObj{Is|Set}Autostart
In preparation for privatizing the virNetworkObj structure, create
accessors for the obj->autostart.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-08-16 14:17:57 -04:00
John Ferlan
db207a6233 network: Add virNetworkObj Get/Set API's for @def and @newDef
In preparation for making the object private, create a couple of API's
to get the obj->def & obj->newDef and set the obj->def.

While altering networkxml2conftest.c to use the virNetworkObjSetDef
API, fix the name of the variable from @dev to @def

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-08-16 14:17:57 -04:00
John Ferlan
062c38ce75 network: Add virNetworkObj Get/Set API's for @floor_sum
In preparation for making the object private, create a couple of API's
to get/set the obj->floor_sum.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-08-16 14:17:57 -04:00
John Ferlan
7435404fd5 network: Introduce virNetworkObjGetClassIdMap
In preparation for privatizing virNetworkObj, create accessor function to
fetch the @classIdMap.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-08-16 14:17:57 -04:00
John Ferlan
d5d699ec18 network: Alter virNetworkObj @class_id to be @classIdMap
Change the variable name to be a bit more descriptive and less confusing
when used with the data.network.actual->class_id.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-08-16 14:17:57 -04:00
John Ferlan
8489d31cee network: Add virNetworkObj Get/Set API's for @dnsmasqPid and @radvdPid
In preparation for making the object private, create/use a couple of API's
to get/set the obj->dnsmasqPid and obj->radvdPid.

NB: Since the pid's can sometimes changed based on intervening functions,
be sure to always fetch the latest value.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-08-16 14:17:57 -04:00
John Ferlan
4f5e32d305 network: Unconditionally initialize macmap when stopping virtual network
Since we can only ever have one reference to obj->macmap, rather
than only clearing obj->macmap during virNetworkObjUnrefMacMap
(e.g. virtual network from networkShutdownNetwork), let's just
unconditionally clear the obj->macmap to ensure that some future
change that created it's own reference to obj->macmap wouldn't
have that reference disappear if virNetworkObjDispose got called.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-08-16 14:17:57 -04:00
John Ferlan
f4adeae09d network: Move macmap mgmt from bridge_driver to virnetworkobj
In preparation for having a private virNetworkObj - let's create/move some
API's that handle the obj->macmap. The API's will be renamed to have a
virNetworkObj prefix to follow conventions and the arguments slightly
modified to accept what's necessary to complete their task.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-08-16 14:17:57 -04:00
John Ferlan
070b6f7f55 network: Move and rename networkMacMgrFileName
Move networkMacMgrFileName into src/util/virmacmap.c and rename to
virMacMapFileName. We're about to move some more MacMgr processing
files into virnetworkobj and it doesn't make sense to have this helper
in the driver or in virnetworkobj.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-08-16 14:17:57 -04:00
John Ferlan
8e51b30148 network: Use consistent naming in bridge_driver for virNetwork objects
Use @obj for a virNetworkObjPtr

Use @net for a virNetworkPtr

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-08-16 14:17:57 -04:00
John Ferlan
f8f59d39cb network: Perform some formatting cleanup in bridge_driver.h
Alter prototypes to utilize some more recent guidelines.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-08-16 14:17:57 -04:00
John Ferlan
fdab78b574 qemu: Fix bug assuming usage of default UUID for certificate passphrase
If an environment specific _tls_x509_cert_dir is provided, then
do not VIR_STRDUP the defaultTLSx509secretUUID as that would be
for the "default" environment and not the vnc, spice, chardev, or
migrate environments. If the environment needs a secret to decode
it's certificate, then it must provide the secret. If the secrets
happen to be the same, then configuration would use the same UUID
as the default (but we cannot assume that nor can we assume that
the secret would be necessary).
2017-08-15 16:10:27 -04:00
John Ferlan
d3e17259e1 util: Add object checking for virObject{Ref|Unref}
Rather than assuming that what's passed to virObject{Ref|Unref}
would be a virObjectPtr as long as it's not NULL, let's do the
similar checks virObjectIsClass in order to prevent a possible
increment or decrement to some field at the obj->u.s.refs offset.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-08-14 21:41:59 -04:00
John Ferlan
dfa0efbb77 util: Add magic number check for object validity
The virObjectIsClass API has only ever checked object validity
based on if the @obj is not NULL and it was derived from some class.
While this has worked well in general, there is one additional
check that could be made prior to calling virClassIsDerivedFrom
which loops through the classes checking the magic number against
the klass expected magic number.

If by chance a non virObject is passed, rather than assuming the
void * @obj is a _virObject and thus offsetting to obj->klass,
obj->magic, and obj->parent, let's check that the void * @obj
has at least the "base part" of the magic number in the right
place and generate a more specific VIR_WARN message if not.

There are many consumers to virObjectIsClass, include the locking
primitives virObject{Lock|Unlock}, virObjectRWLock{Read|Write},
and virObjectRWUnlock. For those callers, the locking call will
not fail, but it also will not attempt a virMutex* call which
will "most likely" fail since the &obj->lock is used.

In order to avoid some possible future wrap on the 0xCAFExxxx
value, add a check during initialization that some new class
won't cause the wrap. Should be good for a few years at least!

It is still left up to the caller to handle the failed API calls
just as it would be if it passed a NULL opaque pointer anyobj.
2017-08-14 21:41:59 -04:00
John Ferlan
19f4395230 util: Create common error path for invalid object
If virObjectIsClass fails "internally" to virobject.c, create a
macro to generate the VIR_WARN describing what the problem is.
Also improve the checks and message a bit to indicate which was
the failure - whether the obj was NULL or just not the right class

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-08-14 21:41:59 -04:00
John Ferlan
045d712c4b util: Introduce and use virObjectRWUnlock
Rather than overload virObjectUnlock as commit id '77f4593b' has
done, create a separate virObjectRWUnlock API that will force the
consumers to make the proper decision regarding unlocking the
RWLock's. Similar to the RWLockRead and RWLockWrite, use the
virObjectGetRWLockableObj helper. This restores the virObjectUnlock
code to using the virObjectGetLockableObj.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-08-14 21:41:59 -04:00
John Ferlan
bf09f002b1 util: Introduce virObjectGetRWLockableObj
Introduce a helper to handle the error path more cleanly. The same
as virObjectGetLockableObj in order to essentially follow the original
logic of commit 'b545f65d' to ensure that the input argument at least
has some validity before using.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-08-14 21:41:59 -04:00
John Ferlan
8b03a609dd util: Only have virObjectLock handle virObjectLockable
Now that virObjectRWLockWrite exists to handle the virObjectRWLockable
objects, let's restore virObjectLock to only handle virObjectLockable
class locks. There still exists the possibility that the input @anyobj
isn't a valid object and the resource isn't truly locked, but that
also exists before commit id '77f4593b'.

This also restores some logic that commit id '77f4593b' removed
with respect to a common code path that commit id '10c2bb2b' had
introduced as virObjectGetLockableObj. This code path merely does
the same checks as the original virObjectLock commit 'b545f65d',
but in callable/reusable helper to ensure the @obj at least has
some validity before using.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-08-14 21:41:59 -04:00
John Ferlan
908b33644e util: Introduce and use virObjectRWLockWrite
Instead of making virObjectLock be the entry point for two
different types of locks, let's create a virObjectRWLockWrite API
which will only handle the virObjectRWLockableClass objects.

Use the new virObjectRWLockWrite for the virdomainobjlist code
in order to handle the Add, Remove, Rename, and Load operations
that need to be very synchronous.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-08-14 21:41:59 -04:00
John Ferlan
99a72b3eb4 util: Rename virObjectLockRead to virObjectRWLockRead
Since the class it represents is based on virObjectRWLockableClass
and in order to make sure we differentiate just in case anyone somehow
believes they could use virObjectLockRead for a virObjectLockableClass,
let's rename the API to use the RW in the name. Besides the RW locks
refer to pthread_rwlock_{init|rdlock|wrlock|unlock|destroy} while the
other locks refer to pthread_mutex_{init|lock|unlock|destroy}.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-08-14 21:41:59 -04:00
Pavel Hrdina
40cc355c92 qemu: fix nwfilter deadlock in qemuProcessReconnect
The correct lock order is:

  nwfilter driver lock (not used in this code path)
  nwfilter update lock
  virt driver lock (not used in this code path)
  domain object lock

but the current code have this order:

  domain object lock
  nwfilter update lock

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-14 18:23:56 +02:00
Pavel Hrdina
231c710460 qemu: fix nwfilter deadlock while reverting to snapshot
Introduced by commit <41127244fb90f08cf5032a5d7553f5f0390d925e>.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-14 18:23:21 +02:00
Pavel Hrdina
771002669b conf: use virXMLPropString for Domain def parsing
XPath is good for random search of elements, not for accessing
attributes of one node.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-14 17:46:22 +02:00
Pavel Hrdina
4785a401f9 conf: use virXMLPropString for IOThread pin parsing
XPath is good for random search of elements, not for accessing
attributes of one node.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-14 17:46:21 +02:00
Pavel Hrdina
954b52cd8b conf: use virXMLPropString for IOThread parsing
XPath is good for random search of elements, not for accessing
attributes of one node.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-14 17:46:21 +02:00
Pavel Hrdina
db755227ae conf: use virXMLPropString for disk geometry parsing
XPath is good for random search of elements, not for accessing
attributes of one node.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-14 17:46:21 +02:00
Pavel Hrdina
aa99ea747e conf: use virXMLPropString for KeyWrapCipherDef parsing
XPath is good for random search of elements, not for accessing
attributes of one node.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-14 17:42:11 +02:00
Pavel Hrdina
78ac13860a conf: cleanup virDomainChrSourceDef parsing
The @remaining variable is leftover from old code and it's not
used anymore.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-14 14:31:52 +02:00
Pavel Hrdina
068606f85c use virXMLNodeNameEqual instead of xmlStrEqual
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-14 14:31:52 +02:00
Pavel Hrdina
5bd8a1c5d8 util: introduce virXMLNodeNameEqual
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-14 14:31:52 +02:00
Martin Kletzander
a045317680 util: Rename virResctrl to virResctrlInfo
This way later patches can add another structures with virResctrl
prefix without the meaning being even more confusing than it needs to
be.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2017-08-14 10:01:12 +02:00
Martin Kletzander
7c4b4f8905 util: Make virResctrlGetCacheControlType() behave like other functions
That means that returning negative values means error and non-negative
values differ in meaning, but are all successful.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2017-08-14 10:01:12 +02:00
Martin Kletzander
af4270400a Move resctrl-related code from conf/capabilities to util/virresctrl
It doesn't access anything from conf/ and ti will be needed to use
from other util/ places.  This split makes the separation clearer.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2017-08-14 10:01:12 +02:00
Martin Kletzander
62146d8532 virxml: Fix indentation
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2017-08-14 10:01:12 +02:00
Laine Stump
f5bc8b5436 util: eliminate superfluous saveVlan check in virNetDevSetNetConfig()
Commit 81fb440b further qualified an if statement by adding the
boolean saveVlan to the condition. Coverity pointed out that this
change in the logic eliminated the need to check saveVlan in an
argument to virAsprintf().
2017-08-13 23:07:13 -04:00
Laine Stump
83074cc917 util: fix improper assignment of return value in virHostdevReadNetConfig()
Commit 9a94af6d restructured virHostdevReadNetConfig() so that it
would manually set ret = 0 after successfully reading the device's
config, but Coverity pointed out that "ret = 0" was erroneously placed
outside of an "else" clause, meaning that the the value of ret set in
the "if" clause was unnecessarily and incorrectly overwritten.

This patch moves ret = 0 into the else clause, which should silence
Coverity.
2017-08-13 23:07:13 -04:00
Guido Günther
cd3c4eece2 vbox: fix typo in warning message
Acked-by: Laine Stump <laine@laine.org>
2017-08-14 02:56:35 +02:00
Laine Stump
489a937eb4 util: check for PF online status earlier in guest startup
When using a VF from an SRIOV-capable network card in a guest (either
in macvtap passthrough mode, or via VFIO PCI device assignment), The
associated PF netdev must be online in order for the VF to be usable
by the guest. The guest, however, is not able to change the state of
the PF. And libvirt *could* set the PF online as needed, but that
could lead to the host receiving unexpected IPv6 traffic (since the
default for an unconfigured interface is to participate in IPv6
autoconf). For this reason, before assigning a VF to a guest, libvirt
verifies that the related PF netdev is online - if it isn't, then we
log an error and don't allow the guest startup to continue.

Until now, this check was done during virNetDevSetNetConfig(). This
works nicely because the same function is called both for macvtap
passthrough and for VFIO device assignment. But in the case of VFIO,
the VF has already been unbound from its netdev driver by the time we
get to virNetDevSetNetConfig(), and in the case of dual port Mellanox
NICs that have their VFs setup in single port mode, the *only* way to
determine the proper PF netdev to query for online status is via the
"phys_port_id" file that is in the VF netdev's sysfs directory. *BUT*
if we've unbound the VF from the netdev driver, then it doesn't *have*
a netdev sysfs directory.

So, in order to check the correct PF netdev for online status, this
patch moved the check earlier in the setup, into
virNetDevSaveNetConfig(), which is called *before* unbinding the VF
from its netdev driver.

(Note that this implies that if you are using VFIO device assignment
for the VFs of a Mellanox NIC that has the VFs programmed in single
port mode, you must let the VFs be bound to their net driver and use
"managed='yes'" in the device definition. To be more specific, this is
only true if the VFs in single port mode are using port *2* of the PF
- if the VFs are using only port 1, then the correct PF netdev will be
arrived at by default/chance))

  This resolves: https://bugzilla.redhat.com/267191
2017-08-11 19:13:33 -04:00
Laine Stump
9a08168301 util: restructure virNetDevReadNetConfig() to eliminate false error logs
virHostdevRestoreNetConfig() calls virNetDevReadNetConfig() to try and
read the "original config" of a netdev, and if that fails, it tries
again with a different directory/netdev name. This achieves the
desired effect (we end up finding the config wherever it may be), but
for each failure, virNetDevReadNetConfig() places a nice error message
in the system logs. Experience has shown that false-positive error
logs like this lead to erroneous bug reports, and can often mislead
those searching for *real* bugs.

This patch changes virNetDevReadNetConfig() to explicitly check if the
file exists before calling virFileReadAll(); if it doesn't exist,
virNetDevReadNetConfig() returns a success, but leaves all the
variables holding the results as NULL. (This makes sense if you define
the purpose of the function as "read a netdev's config from its config
file *if that file exists*).

To take advantage of that change, the caller,
virHostdevRestoreNetConfig() is modified to fail immediately if
virNetDevReadNetConfig() returns an error, and otherwise to try the
different directory/netdev name if adminMAC & vlan & MAC are all NULL
after the preceding attempt.
2017-08-11 19:09:49 -04:00
Laine Stump
b67eaa6351 util: save the correct VF's info when using a dual port SRIOV NIC in single port mode
Mellanox ConnectX-3 dual port SRIOV NICs present a bit of a challenge
when assigning one of their VFs to a guest using VFIO device
assignment.

These NICs have only a single PCI PF device, and that single PF has
two netdevs sharing the single PCI address - one for port 1 and one
for port 2. When a VF is created it can also have 2 netdevs, or it can
be setup in "single port" mode, where the VF has only a single netdev,
and that netdev is connected either to port 1 or to port 2.

When the VF is created in dual port mode, you get/set the MAC
address/vlan tag for the port 1 VF by sending a netlink message to the
PF's port1 netdev, and you get/set the MAC address/vlan tag for the
port 2 VF by sending a netlink message to the PF's port 2 netdev. (Of
course libvirt doesn't have any way to describe MAC/vlan info for 2
ports in a single hostdev interface, so that's a bit of a moot point)

When the VF is created in single port mode, you can *set* the MAC/vlan
info by sending a netlink message to *either* PF netdev - the driver
is smart enough to understand that there's only a single netdev, and
set the MAC/vlan for that netdev. When you want to *get* it, however,
the driver is more accurate - it will return 00:00:00:00:00:00 for the
MAC if you request it from the port 1 PF netdev when the VF was
configured to be single port on port 2, or if you request if from the
port 2 PF netdev when the VF was configured to be single port on port
1.

Based on this information, when *getting* the MAC/vlan info (to save
the original setting prior to assignment), we determine the correct PF
netdev by matching phys_port_id between VF and PF.

(IMPORTANT NOTE: this implies that to do PCI device assignment of the
VFs on dual port Mellanox cards using <interface type='hostdev'>
(i.e. if you want the MAC address/vlan tag to be set), not only must
the VFs be configured in single port mode, but also the VFs *must* be
bound to the host VF net driver, and libvirt must use managed='yes')

By the time libvirt is ready to set the new MAC/vlan tag, the VF has
already been unbound from the host net driver and bound to
vfio-pci. This isn't problematic though because, as stated earlier,
when a VF is created in single port mode, commands to configure it can
be sent to either the port 1 PF netdev or the port 2 PF netdev.

When it is time to restore the original MAC/vlan tag, again the VF
will *not* be bound to a host net driver, so it won't be possible to
learn from sysfs whether to use the port 1 or port 2 PF netdev for the
netlink commands. And again, it doesn't matter which netdev you
use. However, we must keep in mind that we saved the original settings
to a file called "${PF}_${VFNUM}". To solve this problem, we just
check for the existence of ${PF1}_${VFNUM} and ${PF2}_${VFNUM}, and
use whichever one we find (since we know that only one can be there)
2017-08-11 19:05:20 -04:00
Laine Stump
39d136b67b util: match phys_port_id when converting PF-netdev to/from VF-netdev
This patch updates functions in netdev.c to pay attention to
phys_port_id. It uses the new function virNetDevGetPhysPortID() to
learn the phys_port_id of a VF or PF, then sends that info to
virPCIGetNetName(), which has newly been modified to take an optional
phys_port_id.
2017-08-11 18:55:25 -04:00
Laine Stump
b3b5aa75ed util: make virPCIGetNetName() more versatile
A single PCI device may have multiple netdevs associated with it. Each
of those netdevs will have a different phys_port_id entry in
sysfs. This patch modifies virPCIGetNetName() to allow selecting one
of the potential many netdevs in two different ways:

1) by setting the "idx" argument, the caller can select the 1st (0),
2nd (1), etc. netdev from the PCI device's net subdirectory.

2) If the physPortID arg is set (to a null-terminated string) then
virPCIGetNetName() returns the netdev that has that phys_port_id in
the sysfs file of the same name in the netdev's directory.
2017-08-11 18:35:09 -04:00
Laine Stump
0dc67e6d2d util: Fix const'ness of 1st arg to virPCIGetNetName()
The first arg isn't modified in the function, so it should be const.
2017-08-11 18:30:14 -04:00
Laine Stump
48f33bb5df util: new function virNetDevGetPhysPortID()
On Linux each network device *can* (but not necessarily *does*) have
an attribute called phys_port_id which can be read from the file of
that name in the netdev's sysfs directory. The examples I've seen have
been a many-digit hexadecimal number (as an ASCII string).

This value can be useful when a single PCI device is associated with
multiple netdevs (e.g a dual port Mellanox SR-IOV NIC - this card has
a single PCI Physical Function (PF), and that PF has two netdevs
associated with it (the "net" subdirectory of the PF in sysfs has two
links rather than the usual single link to a netdev directory). Each
of the PF netdevs has a different phys_port_id. The Virtual Functions
(VF) are similar - the PF (a PCI device) has "n" VFs (also each of
these is a PCI device), each VF has two netdevs, and each of the VF
netdevs points back to the VF PCI device (with the "device" entry in
its sysfs directory) as well as having a phys_port_id matching the PF
netdev it is associated with.

virNetDevGetPhysPortID() simply attempts to read the phys_port_id for
the given netdev and return it to the caller. If this particular
netdev driver doesn't support phys_port_id, it returns NULL (*not* a
NULL-terminated string, but a NULL pointer) but still counts it as a
success.
2017-08-11 18:25:00 -04:00
Michal Privoznik
e255cf02b2 qemuBuildMemoryBackendStr: Handle one more corner case
https://bugzilla.redhat.com/show_bug.cgi?id=1458638

This code is so complicated because we allow enabling the same
bits at many places. Just like in this case: huge pages can be
enabled by global <hugepages/> element under <memoryBacking> or
on per <memory/> basis. To complicate things a bit more, users
are allowed to omit the page size which case the default page
size is used. And this is what is causing this bug. If no page
size is specified, @pagesize is keeping value of zero throughout
whole function. Therefore we need yet another boolean to hold
[use, don't use] information as we can't sue @pagesize for that.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2017-08-10 17:26:30 +02:00
Michal Privoznik
667a37a1ff virDomainNetDefClear: Free @coalesce
In virDomainNetDefParseXML() the def->coalesce is parsed and
allocated by virDomainNetDefCoalesceParseXML() but in fact it's
never freed .

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-08-10 09:33:11 +02:00
Michal Privoznik
e488ebb31d qemuDomainUndefineFlags: unlink nvram file regardless of domain state
https://bugzilla.redhat.com/show_bug.cgi?id=1467245

Currently, there's a bug when undefining a domain with NVRAM
store. Basically, the unlink() of the NVRAM store file happens
during the undefine procedure iff domain is inactive. So, if
domain is running and undefine is called the file is left behind.
It won't be removed in the domain cleanup process either
(qemuProcessStop). One of the solutions is to remove if
regardless of the domain state and rely on qemu having the file
opened. This still has a downside that if the domain is defined
back the NVRAM store file is going to be new, any changes to the
current one are lost (just like with any other file that is
deleted while a process has it opened). But is it really a
downside?

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-08-10 09:30:15 +02:00
Ján Tomko
e9f3222705 introduce virConfReadString
Rewrite virConfReadMem to take a null-terminated string.
All the callers were calling strlen on it anyway.
2017-08-08 12:19:17 +02:00
Ján Tomko
5d218156a8 conf: check rombar against VIR_DOMAIN_TRISTATE_SWITCH_ABSENT
Make the comparison explicit.
2017-08-08 12:07:52 +02:00
Sri Ramanujam
e756333dac hyperv: Silence clang alignment warnings in serialization code
Slight refactor of the WMI serialization code to minimize mixing
openwsman and libxml2 APIs that triggered clang alignment warnings.

The only usage of libxml2 APIs now is in creating CDATA blocks,
because the openwsman API does not provide that functionality. The
clang alignment warning in this case is silenced by casting to a
void pointer first.
2017-08-07 23:14:01 +02:00
Sri Ramanujam
97197ce243 hyperv: Correct number of milliseconds in five minutes 2017-08-07 21:34:51 +02:00
Daniel P. Berrange
10e277a432 Remove bogus warning about vir$OBJECTGetConnect functions
The API docs for the various vir$OBJECTGetConnect functions
contain a warning

  WARNING: When writing libvirt bindings in other languages, do
  not use this function.  Instead, store the connection and
  the domain object together.

There is no reason why language bindings should not use this
method, and indeed the Perl, Python, and Go bindings all use
these methods.

This warning was originally added back in

  commit 3edb4bc9fb
  Author: Daniel Veillard <veillard@redhat.com>
  Date:   Tue Jul 24 15:32:55 2007 +0000

    * libvirt.spec.in NEWS docs/* po/*: preparing release 0.3.1
    * src/libvirt.c python/generator.py: some cleanup and warnings
      from Richard W.M. Jones

IIUC, the rational was that these APIs do not need to be
directly exposed to the non-C language, as the language
can expose the same concept itself by storing the original
virConnectPtr object alongside the virDomainPtr.  There's
no reason to mandate such an approach though - it is valid
for languages to expose this directly if that suits their
needs better.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-08-07 13:39:28 +01:00
Michal Privoznik
e0a4eaa913 qemuDomainObjPrivateFree: Free @machineName
We're storing the machine name in @priv but free it just in
qemuProcessStop, Therefore this may leak.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-08-07 10:44:06 +02:00
Michal Privoznik
2d533297a0 virNodeDevCapCCWParseXML: Free temporary variables
Again, we are using @cssid, @ssid and @devno to store some
temporary strings, but never free it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-08-07 10:44:06 +02:00
Michal Privoznik
65cb40a07e virDomainDefParseXML: Free @tmp
When parsing <ioapic> feature we're using @tmp to store some
temporary string but never free it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-08-07 10:44:06 +02:00
Michal Privoznik
5619c93ce7 virDomainDefFree: Don't leak initenv name and value
When parsing boot options from domain XML in
virDomainDefParseBootOptions() initenv id stored to:

    def->os.initenv[i]->name
    def->os.initenv[i]->value

But these are never freed.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-08-07 10:44:05 +02:00
Alexander Nusov
ed210660d6 bhyve: Add support for VNC autoport
This patch adds support for automatic VNC port assignment for bhyve guests.

Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2017-08-06 09:24:26 +04:00
Daniel P. Berrange
b7dba9336f remote: increase max storage pools, nwfilters & snapshots to 16384
Most other top level objects have already had their limits increased
to 16384. Increase the storage pool, nwfilter & snapshot object
limits to match. For snapshots at least, we have seen hosts which
exceeded the current limit

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-08-04 16:24:03 +01:00
Marek Marczykowski-Górecki
1be213e295 cpu: define sub-leaf 0 for leaf 7 in cpu_map.xml
CPUID leaf 7 is sub-leaf aware. Add missing attribute.

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-08-04 16:45:11 +02:00
Cole Robinson
64665fa82f qemu: command: explicitly error for non-x86 default CPU
The code only currently handles writing an x86 default -cpu
argument, and doesn't know anything about other architectures.
Let's make this explicit rather than leaving ex. qemu ppc64 to
throw an error about -cpu qemu64

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2017-08-03 11:54:42 -04:00
Cole Robinson
05583fcb37 qemu: command: rework adding of default cpu model
Certain XML features that aren't in the <cpu> block map to -cpu
flags on the qemu cli. If one of these is specified but the user
didn't explicitly pass an XML <cpu> model, we need to format a
default model on the command line.

The current code handles this by sprinkling this default cpu handling
among all the different flag string formatting. Instead, switch it
to do this just once.

This alters some test output slightly: the previous code would
write the default -cpu in some cases when no flags were actually
added, so the output was redundant.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2017-08-03 11:54:37 -04:00
Ján Tomko
b4f7793ce2 conf: fix formatting of smartcard devices
My commit 0c1d863 broke formatting of passthrough smartcard devices:
<smartcard mode='passthrough' type='spicevmc'/>

resulted in invalid XML:
    <smartcard mode='passthrough'>
       type='spicevmc'>
      <address type='ccid' controller='0' slot='0'/>
    </smartcard>

Split out chardev source formatting function into two -
one formatting the attributes and other formatting the subelements.

Reported-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-08-03 17:19:04 +02:00
Peter Krempa
0b1ecf7b53 util: hash: Make virHashCodeGen mockable
Export the function from the util module so that dynamic linking can
override it.
2017-08-03 09:49:15 +02:00
Peter Krempa
8982f3ab20 util: hash: Include stdbool.h in the header file
The functions declared in virhash.h return bool, but stdbool.h was not
included.
2017-08-03 09:49:15 +02:00
Nikolay Shirokovskiy
cc6d43bb49 qemu: command: align disk serial check to schema
Disk serial schema has extra '.+' allowed characters in comparison
with check in code. Looks like there is no reason for that as qemu
allows any character AFAIK for serial. This discrepancy is originated
in commit id '85d15b51' where the ability to add serial was added.

Alter the disk-serial test to add a disk with all the possible
characters listed as the serial value.
2017-08-02 19:19:55 -04:00
John Ferlan
dc4c2f75ab qemu: Check for existence of provided *_tls_x509_cert_dir
https://bugzilla.redhat.com/show_bug.cgi?id=1458630

Introduce virQEMUDriverConfigTLSDirResetDefaults in order to check
if the defaultTLSx509certdir was changed, then change the default
for any other *TLSx509certdir that was not set to the default default.

Introduce virQEMUDriverConfigValidate to validate the existence of
any of the *_tls_x509_cert_dir values that were uncommented/set,
incuding the default.

Update the qemu.conf description for default to describe the consequences
if the default directory path does not exist.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-08-02 15:51:50 -04:00
Ján Tomko
ba54acd3c7 Turn virDomainDeviceInfoFormat into void
The rombar attribute was already validated at the time of parsing
the XML.
2017-08-02 15:49:30 +02:00
Ján Tomko
7330a36579 conf: check for buffer errors before virBufferUse
After an OOM error, virBuffer* APIs set buf->use to zero.
Adding a buffer to the parent buffer only if use is non-zero
would quietly drop data on error.

Check the error beforehand to make sure buf->use is zero
because we have not attempted to add anything to it.
2017-08-02 15:49:23 +02:00
Ján Tomko
338c74dacd Use a separate buffer for <hub> subelements
Switch virDomainHubDefFormat to use a separate buffer for subelements.
2017-08-02 15:45:53 +02:00
Ján Tomko
cc7368e962 Use a separate buffer for <watchdog> subelements
Convert virDomainWatchdogDefFormat to use a separate
buffer for subelements.
2017-08-02 15:45:53 +02:00
Ján Tomko
a0d43268ca Use a separate buffer for <sound> subelements
Convert virDomainSoundDefFormat to use a separate buffer
for subelements.
2017-08-02 15:45:53 +02:00
Ján Tomko
0c1d863232 Use a separate buffer for <smartcard> subelements
Convert virDomainSmartcardDefFormat to use a separate buffer
for possible subelements, to avoid the need for duplicated
formatting logic in virDomainDeviceInfoNeedsFormat.
2017-08-02 15:45:52 +02:00
Ján Tomko
b301ed584c virDomainDeviceInfoFormat: delete outdated comments
This function has grown to format more than just the address.
Delete the comment completely to avoid failing to update it
in the future.

Also, the indentation is now handled by the virBuffer APIs,
so the comment about indentation no longer makes sense.
2017-08-02 15:45:52 +02:00
Ján Tomko
6233e7bb74 Remove superfluous usage of virDomainDeviceInfoNeedsFormat
This function returns false if virDomainDeviceInfoFormat
would not format anything.

Using it as the sole condition to decide whether to call
virDomainDeviceInfoFormat or not is pointless, since
the conditions are repeated in virDomainDeviceInfoFormat.
2017-08-02 15:45:52 +02:00
Ján Tomko
2403dcce51 virCapabilitiesFormatCaches: free cpus_str right after use
This will simplify the cleanup when we start checking for
buffer errors.
2017-08-02 15:44:34 +02:00
Michal Privoznik
2074ef6cd4 Add support for virtio-net.tx_queue_size
https://bugzilla.redhat.com/show_bug.cgi?id=1462653

Just like I've added support for setting rx_queue_size (in
c56cdf259 and friends), qemu just gained support for setting tx
ring size.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-08-02 15:37:09 +02:00
Daniel P. Berrange
8b9d017de3 driver: conditionalize use of dlopen functions & use mingw-dlfcn
Not every platform is guaranteed to have dlopen/dlsym, so we should
conditionalize its use. Suprisingly it is actually present for Win32
via the mingw-dlfcn add on, but we should still conditionalize it.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-08-02 13:51:28 +01:00
Michal Privoznik
d8447faa61 virnetworkobj: Make virNetworkObjFindBy{UUID,Name}Locked() static again
These functions were made exportable back in 3aa3e072 when I was
splitting network code into parsing and list management parts.
Since then the split is finished now and these two functions do
not need to be exported anymore.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-08-02 10:03:23 +02:00
Michal Privoznik
8e2a535cf4 virConnect: Update comment for @privateData
This member allows us to store a pointer to some private data.
However, the comment says it's used in both domain driver and
network driver. Well, it is not. It's just one pointer and domain
driver uses it directly. Network driver has a global driver
variable. Update the comment to not confuse others.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-08-02 10:03:23 +02:00
Martin Kletzander
848378c64c qemu: Split shmem preparation as it's supposed to be
Since the introduction of shmem, there was a split of preparation code
from the formatting code from qemuBuildCommandLine() into
qemuProcessPrepareDomain().  Let's fix shmem in this regard, so that
we can slowly get to a cleaner codebase.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2017-08-02 09:27:22 +02:00
Michal Privoznik
ace45e67ab virNetDaemonCallInhibit: Call virNetDaemonGotInhibitReply properly
So there are couple of issues here. Firstly, we never unref the
@pendingReply and thus it leaks.

==13279== 144 (72 direct, 72 indirect) bytes in 1 blocks are definitely lost in loss record 1,095 of 1,259
==13279==    at 0x4C2E080: calloc (vg_replace_malloc.c:711)
==13279==    by 0x781FA97: _dbus_pending_call_new_unlocked (in /usr/lib64/libdbus-1.so.3.14.11)
==13279==    by 0x7812A4C: dbus_connection_send_with_reply (in /usr/lib64/libdbus-1.so.3.14.11)
==13279==    by 0x56BEDF3: virNetDaemonCallInhibit (virnetdaemon.c:514)
==13279==    by 0x56BEF18: virNetDaemonAddShutdownInhibition (virnetdaemon.c:536)
==13279==    by 0x12473B: daemonInhibitCallback (libvirtd.c:742)
==13279==    by 0x1249BD: daemonRunStateInit (libvirtd.c:823)
==13279==    by 0x554FBCF: virThreadHelper (virthread.c:206)
==13279==    by 0x8F913D3: start_thread (in /lib64/libpthread-2.23.so)
==13279==    by 0x928DE3C: clone (in /lib64/libc-2.23.so)

Secondly, while we send the message, we are suspended ('cos we're
talking to a UNIX socket).  However, until we are resumed back
again the reply might have came therefore subsequent
dbus_pending_call_set_notify() has no effect and in fact the
virNetDaemonGotInhibitReply() callback is never called. Thirdly,
the dbus_connection_send_with_reply() has really stupid policy
for return values. To cite the man page:

  Returns
      FALSE if no memory, TRUE otherwise.

Yes, that's right. If anything goes wrong and it's not case of
OOM then TRUE is returned, i.e. you're trying to pass FDs and
it's not supported, or you're not connected, or anything else.
Therefore, checking for return value of
dbus_connection_send_with_reply() is not enoguh. We also have to
check if @pendingReply is not NULL before proceeding any further.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-08-01 11:37:51 +02:00
Michal Privoznik
3e609bf4e4 virCgroupValidateMachineGroup: Don't free @machinename
We are given a string in @machinename, we never allocate it, just
merely use it for reading. We should not free it otherwise it
leads to double free:

==32191== Thread 17:
==32191== Invalid free() / delete / delete[] / realloc()
==32191==    at 0x4C2D1A0: free (vg_replace_malloc.c:530)
==32191==    by 0x54BBB84: virFree (viralloc.c:582)
==32191==    by 0x2BC04499: qemuProcessStop (qemu_process.c:6313)
==32191==    by 0x2BC500FF: processMonitorEOFEvent (qemu_driver.c:4724)
==32191==    by 0x2BC502FC: qemuProcessEventHandler (qemu_driver.c:4769)
==32191==    by 0x5550640: virThreadPoolWorker (virthreadpool.c:167)
==32191==    by 0x554FBCF: virThreadHelper (virthread.c:206)
==32191==    by 0x8F913D3: start_thread (in /lib64/libpthread-2.23.so)
==32191==    by 0x928DE3C: clone (in /lib64/libc-2.23.so)
==32191==  Address 0x31893d70 is 0 bytes inside a block of size 1,100 free'd
==32191==    at 0x4C2D1A0: free (vg_replace_malloc.c:530)
==32191==    by 0x54BBB84: virFree (viralloc.c:582)
==32191==    by 0x54C1936: virCgroupValidateMachineGroup (vircgroup.c:343)
==32191==    by 0x54C4B29: virCgroupNewDetectMachine (vircgroup.c:1550)
==32191==    by 0x2BBDDA29: qemuConnectCgroup (qemu_cgroup.c:972)
==32191==    by 0x2BC05DA7: qemuProcessReconnect (qemu_process.c:6822)
==32191==    by 0x554FBCF: virThreadHelper (virthread.c:206)
==32191==    by 0x8F913D3: start_thread (in /lib64/libpthread-2.23.so)
==32191==    by 0x928DE3C: clone (in /lib64/libc-2.23.so)
==32191==  Block was alloc'd at
==32191==    at 0x4C2BE80: malloc (vg_replace_malloc.c:298)
==32191==    by 0x4C2E35F: realloc (vg_replace_malloc.c:785)
==32191==    by 0x54BB492: virReallocN (viralloc.c:245)
==32191==    by 0x54BEDF2: virBufferGrow (virbuffer.c:150)
==32191==    by 0x54BF3B9: virBufferVasprintf (virbuffer.c:408)
==32191==    by 0x54BF324: virBufferAsprintf (virbuffer.c:381)
==32191==    by 0x55BB271: virDomainGenerateMachineName (domain_conf.c:27078)
==32191==    by 0x2BBD5B8F: qemuDomainGetMachineName (qemu_domain.c:9595)
==32191==    by 0x2BBDD9B4: qemuConnectCgroup (qemu_cgroup.c:966)
==32191==    by 0x2BC05DA7: qemuProcessReconnect (qemu_process.c:6822)
==32191==    by 0x554FBCF: virThreadHelper (virthread.c:206)
==32191==    by 0x8F913D3: start_thread (in /lib64/libpthread-2.23.so)

Moreover, make the @machinename 'const char *' to mark it
explicitly that we are not changing the passed string.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-08-01 11:37:51 +02:00
Erik Skultety
159be14d9c nodedev: Fix double unlock of the driver on udevEnumerateDevices failure
Commit @4cb719b2dc moved the driver locks around since these have become
unnecessary at spots where the code handles now self-lockable object
list, but missed the possible double unlock if udevEnumerateDevices
fails, because at that point the driver lock had been already dropped.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-07-28 10:52:28 +02:00
Peter Krempa
6cf7fc573f security: apparmor: load the storage driver dynamically
In commit 5e515b542d I've attempted to fix the inability to access
storage from the apparmor helper program by linking with the storage
driver. By linking with the .so the linker complains that it's not
portable. Fix this by loading the module dynamically as we are supposed
to do.

Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
2017-07-27 12:00:35 +02:00
Peter Krempa
5aec02dc37 make: Drop building without driver modules
Driver modules proved to be reliable for a long time. Since support for
not building modules complicates the code and makefiles drop it.

Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
2017-07-27 12:00:35 +02:00
Pavel Hrdina
ed4d1653ed qemu: properly handle '=' in the VNC socket path
If a domain name contains a '=' and the unix socket path is
auto-generated or socket path provided by user contains '=' QEMU
is unable to properly parse the command line.  In order to make it
work we need to use the new command line syntax for VNC if it's
available, otherwise we can use the old syntax.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1352529

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-07-27 10:49:55 +02:00
Pavel Hrdina
cb9e09b502 qemu: capabilities: introduce QEMU_CAPS_VNC_MULTI_SERVERS
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-07-27 10:49:55 +02:00
Peter Krempa
c03e52af57 qemu: block: store and test driver names for detected storage nodes
Store the 'drv' field both for the storage node and for the format node
and format them in the test case.

Reviewed-by: Eric Blake <eblake@redhat.com>
2017-07-27 09:56:41 +02:00
Peter Krempa
0175dc6ea0 qemu: block: Refactor node name detection code
Remove the complex and unreliable code which inferred the node name
hierarchy only from data returned by 'query-named-block-nodes'. It turns
out that query-blockstats contain the full hierarchy of nodes as
perceived by qemu so the inference code is not necessary.

In query blockstats, the 'parent' object corresponds to the storage
behind a storage volume and 'backing' corresponds to the lower level of
backing chain. Since all have node names this data can be really easily
used to detect node names.

In addition to the code refactoring the one remaining test case needed
to be fixed along.

Reviewed-by: Eric Blake <eblake@redhat.com>
2017-07-27 09:47:40 +02:00
Peter Krempa
c61d169327 util: storagefile: rename 'nodebacking' to 'nodestorage' in virStorageSource
Make it less confusing by naming the field which refers to the storage
object as 'nodestorage'.

Reviewed-by: Eric Blake <eblake@redhat.com>
2017-07-27 09:44:05 +02:00
Peter Krempa
4a58dfc24e qemu: block: Rename qemuBlockFillNodeData and move it to the top
The same operation will become useful in other places so rename the
function to be more generic and move it to the top so that it can be
reused earlier in the file.

Reviewed-by: Eric Blake <eblake@redhat.com>
2017-07-27 09:42:31 +02:00
Peter Krempa
3c60388591 util: buffer: Add virBufferStrcatVArgs
Split out the worker loop into a separate function and export it.

Reviewed-by: Eric Blake <eblake@redhat.com>
2017-07-27 09:31:14 +02:00
Peter Krempa
51d243bdbf qemu: monitor: Extract call of 'query-blockstats' and add new API for it
Allow getting the raw data from query-blockstats, so that we can use it
to detect the backing chain later on.

Reviewed-by: Eric Blake <eblake@redhat.com>
2017-07-27 09:25:26 +02:00
John Ferlan
43e6686c7f storage: Disallow usage of the HBA for a fc_host backing
Disallow providing the wwnn/wwpn of the HBA in the adapter XML:

  <adapter type='fc_host' [parent='scsi_hostN'] wwnn='HBA_wwnn'
    wwpn='HBA_wwpn'/>

This should be considered a configuration error since a vHBA
would not be created. In order to use the HBA as the backing the
following XML should be used:

  <adapter type='scsi_host' name='scsi_hostN'/>

So add a check prior to the checkParent call to validate that
the provided wwnn/wwpn resolves to a vHBA and not an HBA.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-07-26 15:28:06 -04:00
Martin Kletzander
e1bafb0099 qemu_cgroup: Remove unnecessary virQEMUDriverPtr arguments
Since commit 2e6ecba1bc, the pointer to the qemu driver is saved in
domain object's private data and hence does not have to be passed as
yet another parameter if domain object is already one of them.

This is a first (example) patch of this kind of clean up, others will
hopefully follow.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2017-07-26 17:47:25 +02:00
John Ferlan
5df1d0d417 test: Use consistent variable names for network test driver APIs
A virNetworkObjPtr will be an 'obj'.

A virNetworkPtr will be a 'net'.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-07-26 10:38:01 -04:00
Pavel Hrdina
f444e5b4a2 qemu: privatize _virQEMUCapsCachePriv struct
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2017-07-26 15:36:47 +02:00
Pavel Hrdina
d03de54e7e qemu: switch QEMU capabilities to use virFileCache
The switch contains considerable amount of changes:

  virQEMUCapsRememberCached() is removed because this is now handled
  by virFileCacheSave().

  virQEMUCapsInitCached() is removed because this is now handled by
  virFileCacheLoad().

  virQEMUCapsNewForBinary() is split into two functions,
  virQEMUCapsNewData() which creates new data if there is nothing
  cached and virQEMUCapsLoadFile() which loads the cached data.
  This is now handled by virFileCacheNewData().

  virQEMUCapsCacheValidate() is removed because this is now handled by
  virFileCacheValidate().

  virQEMUCapsCacheFree() is removed because it's no longer required.

  Add virCapsPtr into virQEMUCapsCachePriv because for each call of
  virFileCacheLookup*() we need to use current virCapsPtr.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2017-07-26 15:36:21 +02:00
Pavel Hrdina
f366cfed62 qemu: pass only host arch instead of the whole virCaps
This is a preparation for following patches where we switch to
virFileCache for QEMU capabilities cache

The host arch will always remain the same but virCaps may change.  Now
the host arch is stored while creating new qemu capabilities cache.
It removes the need to pass virCaps into virQEMUCapsCache*() functions.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2017-07-26 15:35:24 +02:00
Pavel Hrdina
731cfd5fe8 qemu: introduce struct _virQEMUCapsCachePriv
This will store private data that will be used by following patches
when switching to virFileCache.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2017-07-26 15:33:59 +02:00
Pavel Hrdina
ac3eb2ab24 util: introduce virFileCache
The new virFileCache will nicely handle the caching logic for any data
that we would like to cache.  For each type of data we will just need
to implement few handlers that will take care of creating, validating,
loading and saving the cached data.

The cached data must be an instance of virObject.

Currently we cache QEMU capabilities which will start using
virFileCache.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2017-07-26 15:31:25 +02:00
Pavel Hrdina
cc1329b627 qemu: we prefer C89 comment styles over C99
Introduced by commit 'a7bc2c8cfd6f'.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-07-25 23:10:00 +02:00