Commit Graph

30470 Commits

Author SHA1 Message Date
Peter Krempa
2976b6aaeb qemu: Move 'bootindex' handling for disks out of command line formatter
The logic assigning the bootindices from the legacy boot order
configuration was spread through the command line formatters for the
disk device and for the floppy controller.

This patch adds 'effectiveBootindex' property to the disk private data
which holds the calculated boot index and moves the logic of determining
the boot index into 'qemuProcessPrepareDomainDiskBootorder' called from
'qemuProcessPrepareDomainStorage'.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2021-05-24 20:38:07 +02:00
Masayoshi Mizuma
b4d87669ba qemu_snapshot: Add the guest name to the transient disk path
Later patches will implement sharing of the backing file, so we'll need
to be able to discriminate the overlays per VM.

Signed-off-by: Masayoshi Mizuma <m.mizuma@jp.fujitsu.com>
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2021-05-24 20:38:07 +02:00
Peter Krempa
b7583a5ba3 qemu: snapshot: move transient snapshot code to qemu_process
The code deals with the startup of the VM and just uses the snapshot
code to achieve the desired outcome.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2021-05-24 20:38:07 +02:00
Peter Krempa
f9e8857eec qemuSnapshotDiskCreate: Use 'cfg' from the qemuSnapshotDiskContext
We store the virQEMUDriverConfig object in the context.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2021-05-24 20:38:07 +02:00
Peter Krempa
2ec54727f7 qemuSnapshotDiskPrepareOne: Use data from qemuSnapshotDiskContext
Remove all the arguments which are present in qemuSnapshotDiskContext.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2021-05-24 20:38:07 +02:00
Peter Krempa
18f976abe2 qemuSnapshotDiskContext: Store virQEMUDriverConfig in the struct
The config is used both with the preparation and execution functions, so
we can store it in the context to simplify other helpers.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2021-05-24 20:38:07 +02:00
Peter Krempa
983bad4771 qemuSnapshotDiskPrepareOne: Pass in qemuSnapshotDiskContext
Rather than filling various parts of the context from arguments pass in
the whole context.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2021-05-24 20:38:07 +02:00
Peter Krempa
06e9b0c28d qemu: process: Setup transient disks only when starting a fresh VM
Creating the overlay for the disk is needed when starting a new VM only.
Additionally for now migration with transient disks is forbidden
anyways.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2021-05-24 20:38:07 +02:00
Peter Krempa
81db8b6d89 qemu: snapshot: Extract setup of snapshot disk definition for transient disks
The code will be later reused when adding support for sharing the
backing image of the snapshot.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2021-05-24 20:38:07 +02:00
Peter Krempa
92a3eddd03 Remove static analysis assertions
None of them are currently needed to pass our upstream CI, most were
either for ancient clang versions or coverity for silencing false
positives.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-05-24 20:26:20 +02:00
Peter Krempa
bbd55e9284 Drop magic comments for coverity
They were added mostly randomly and we don't really want to keep working
around of false positives.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-05-24 20:26:20 +02:00
Michal Privoznik
4b3dc045b9 conf: Deduplicate NUMA distance code
After previous patches we have two structures:
virCapsHostNUMACellDistance and virNumaDistance which express the
same thing. And have the exact same members (modulo their names).
Drop the former in favor of the latter.

This change means that distances with value of 0 are no longer
printed out into capabilities XML, because domain XML code allows
partial distance specification and thus threats value of 0 as
unspecified by user (see virDomainNumaGetNodeDistance() which
returns the default LOCAL/REMOTE distance for value of 0).

Also, from ACPI 6.1 specification, section 5.2.17 System Locality
Distance Information Table (SLIT):

  Distance values of 0-9 are reserved and have no meaning.

Thus we shouldn't be ever reporting 0 in neither domain nor
capabilities XML.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-05-24 19:57:45 +02:00
Michal Privoznik
773118632e numa_conf: Expose virNumaDistance formatter
Expose virNumaDistance XML formatter so that it can be re-used by
other parts of the code.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-05-24 14:49:28 +02:00
Michal Privoznik
ccb8acc966 numa_conf: Rename virDomainNumaDistance to virNumaDistance
There's nothing domain specific about NUMA distances. Rename the
virDomainNumaDistance structure to just virNumaDistance.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-05-24 14:49:28 +02:00
Michal Privoznik
fe25224fda capabilities: Rename siblings to distances
The virCapsHostNUMACellSiblingInfo structure really represents
distance to other NUMA node. Rename the structure and variables
of that type to make it more obvious.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-05-24 14:49:28 +02:00
Pavel Hrdina
8b118c909a Revert "qemuDomainSetNumaParamsLive: set nodeset for root cgroup"
This reverts commit <1b22dd6dd44202094e0f78f887cbe790c00e9ebc>.

First of all, the reverted commit is incomplete. It only sets
cpuset.mems in the VM root cgroup when the API is used but there is no
code that would do the same when the VM is started.

Libvirt never places any process into the VM root cgroup directly. All
the supporting processes like slirp-helper or dbus-daemon are placed
into the emulator sub-cgroup and all the QEMU threads are distributed
between emulator, vcpu* and iothread* sub-cgroups. The scenario
described in the reverted commit can happen only if someone manually
adds any process there which we should not care about.

If we would like to set the limit in the VM root cgroup we need to
introduce better logic:

    - set both (old and new) numa group in the VM root cgroup
    - change the numa group in all sub-cgroups to new value
    - finally set only the new value in the VM root cgroup

The simplest fix now is to revert the commit.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-05-24 14:31:42 +02:00
Olaf Hering
d8c468d58c libxl: remove libxl_domain_build_info_init from libxlMakeDomBuildInfo
The used libxl_domain_build_info, which is contained in
libxl_domain_config, is owned and already initialized by the caller.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
2021-05-21 10:59:47 -06:00
Olaf Hering
2b51050b10 libxl: remove libxl_domain_create_info_init from libxlMakeDomCreateInfo
The passed libxl_domain_create_info is owned, and already initialized,
by the caller.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
2021-05-21 10:58:53 -06:00
Olaf Hering
2d0decccba libxl: adjust handling of libxl_device_disk objects
libxl objects are supposed to be initialized and disposed.
Correct the usage of libxl_device_disk objects which are allocated on
the stack. Initialize each one prior usage, and dispose them once done.

Adjust libxlMakeDisk to use an already initialized object, it is owned
by the caller.

Adjust libxlMakeDiskList to initialize the list of objects, before they
are filled by libxlMakeDisk. In case of error, the objects are disposed
by libxl_domain_config_dispose.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
2021-05-21 10:57:36 -06:00
Kristina Hanicova
7ab1ba112f conf: Report alias name of the detached device in error
This is v2 from:
https://listman.redhat.com/archives/libvir-list/2021-May/msg00481.html

I have reworked the code a bit to have only one error report
instead of multiple ones with different combinations of possible
matching items. Suggested by Laine.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1942367

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-05-21 12:46:31 -04:00
Kristina Hanicova
b6b6725c95 qemu: Return -EINVAL to keep qemuDomainOpenFile() consistent
The description of the function says that the return value is a
file descriptor on success and negative errno on failure which is
not true. If the 'if' case with check on security labels fails,
the return value is -1 not -errno. The solution is to return
'-EINVAL' instead.

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-05-21 14:38:09 +02:00
Kristina Hanicova
bcdaa91a27 qemu: Use qemuDomainOpenFile() in qemuPrepareNVRAM()
Previously, nvram file was created with user/group owner as
'root', rather than specifications defined in libvirtd.conf. The
solution is to call qemuDomainOpenFile(), which creates file with
defined permissions and qemuSecurityDomainSetPathLabel() to set
security label for created nvram file.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1783255

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-05-21 14:36:57 +02:00
Kristina Hanicova
483e943884 qemu: Build command line for object input-linux
Resolves: https://gitlab.com/libvirt/libvirt/-/issues/142

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
2021-05-21 14:29:09 +02:00
Kristina Hanicova
cff0444e51 conf: Parse/format XML input type 'evdev'
Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-05-21 14:29:09 +02:00
Kristina Hanicova
3bfbc3c0ef qemu_capabilities: Add QEMU_CAPS_INPUT_LINUX
Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-05-21 14:29:09 +02:00
Pavel Hrdina
93344aed27 storage_file: add support to probe cluster_size from QCOW2 images
From QEMU docs/interop/qcow2.txt :

   Byte  20 - 23:   cluster_bits
                    Number of bits that are used for addressing an offset
                    within a cluster (1 << cluster_bits is the cluster size).

With this patch libvirt will be able to report the current cluster_size
for all existing storage volumes managed by storage driver.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-05-21 14:00:55 +02:00
Pavel Hrdina
3e1d2c93a3 storage: add support for QCOW2 cluster_size option
The default value hard-coded in QEMU (64KiB) is not always the ideal.
Having a possibility to set the cluster_size by user may in specific
use-cases improve performance for QCOW2 images.

QEMU internally has some limits, the value has to be between 512B and
2048KiB and must by power of two, except when the image has Extended L2
Entries the minimal value has to be 16KiB.

Since qemu-img ensures the value is correct and the limit is not always
the same libvirt will not duplicate any of these checks as the error
message from qemu-img is good enough:

    Cluster size must be a power of two between 512 and 2048k

Resolves: https://gitlab.com/libvirt/libvirt/-/issues/154

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-05-21 14:00:43 +02:00
Kristina Hanicova
19967f64f4 qemu: Add check for needed paths for memory devices
When building a commandline for a DIMM memory device with
non-default access mode, the qemuBuildMemoryBackendProps() will
tell QEMU to allocate memory from per-domain memory backing dir.
But later, when preparing the host, the
qemuProcessNeedMemoryBackingPath() does not check for memory
devices at all resulting in per-domain memory backing dir not
being created which upsets QEMU.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1961114

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-05-21 08:51:11 +02:00
Ján Tomko
015fe0439f qemu: fs: do not try to fill binary path if we have a socket
We do not need to look for a suitable binary in the vhost-user
description files, if we aren't the ones starting it.
Otherwise startup will fail with:

error: Failed to start domain 'vm1'
error: operation failed: Unable to find a satisfying virtiofsd

https://bugzilla.redhat.com/show_bug.cgi?id=1855789

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-05-20 16:27:21 +02:00
Michal Privoznik
c2707c7e3c lib: Add win-dmp crashdump format
QEMU gained support for 'win-dmp' format in it's release of 3.0,
but libvirt doesn't implement it yet. Fortunately, there not much
needed: new value to virDomainCoreDumpFormat public enum, which
unfortunately means that QEMU driver has to be updated in the
same commit, because of VIR_ENUM_IMPL().

Luckily, we don't need any extra QEMU capability - the code
already checks supported formats via
'query-dump-guest-memory-capability' just before issuing
'dump-guest-memory'.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-05-20 16:23:32 +02:00
Michal Privoznik
9d4cd1d1cd virNodeDevCapMdevParseXML: Use virXMLPropEnum() for ./start/@type
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-05-20 16:08:02 +02:00
Peter Krempa
7eb281f91c conf: node_device: Fix build with clang
Clang complains:

  ../libvirt/src/conf/node_device_conf.c:1945:74: error: result of comparison of unsigned enum expression < 0 is always false [-Werror,-Wtautological-unsigned-enum-zero-compare]
        if ((mdev->start = virNodeDevMdevStartTypeFromString(starttype)) < 0) {

Fixes: 42a5585499
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2021-05-20 12:17:09 +02:00
Tim Wiederhake
3d5591aede virDomainDeviceSpaprVioAddressParseXML: Use virXMLProp*
This strictens the parser to disallow negative values (interpreted as
`ULLONG_MAX + value + 1`) for attribute `reg`. Allowing negative
numbers to be interpreted this way makes no sense for this attribute, as it
refers to a 32 bit address space.

Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-05-20 11:52:46 +02:00
Tim Wiederhake
99037fb2b9 virStorageAdapterParseXML: Use virXMLProp*
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-05-20 11:52:44 +02:00
Tim Wiederhake
058d4ed47e virStorageAdapterFCHost: Change type of "type" to virStorageAdapterType
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-05-20 11:52:41 +02:00
Tim Wiederhake
8e2d030e26 virStorageAdapterParseXML: Use g_autofree
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-05-20 11:52:38 +02:00
Tim Wiederhake
b127e50290 virDomainIOMMUDefParseXML: Use virXMLProp*
This strictens the parser to disallow negative values (interpreted as
`UINT_MAX + value + 1`) for attribute `aw_bits`. Allowing negative
numbers to be interpreted this way makes no sense for this attribute.

Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-05-20 11:52:35 +02:00
Tim Wiederhake
5ad6db604a virDomainAudioDefParseXML: Don't ignore return value of virDomainAudio*Parse()
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-05-20 11:52:32 +02:00
Tim Wiederhake
e663717cb1 virDomainAudioDefParseXML: Use virXMLProp*
This strictens the parser to disallow negative values (interpreted as
`UINT_MAX + value + 1`) for attribute `id`. Allowing negative
numbers to be interpreted this way makes no sense for this attribute.

Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-05-20 11:52:29 +02:00
Tim Wiederhake
e1d589509a virDomainAudioDef: Change type of "sdl.driver" to virDomainAudioSDLDriver
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-05-20 11:52:27 +02:00
Tim Wiederhake
8f1b810333 virDomainAudioDef: Change type of "type" to virDomainAudioType
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-05-20 11:52:23 +02:00
Tim Wiederhake
15670ebb17 virDomainAudioPulseAudioParse: Use virXMLProp*
This strictens the parser to disallow negative values (interpreted as
`UINT_MAX + value + 1`) for attribute `latency`. Allowing negative
numbers to be interpreted this way makes no sense for this attribute.

Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-05-20 11:52:21 +02:00
Peng Liang
667dea5a1e virnetdevopenvswitch: Remove redundant declaration
virNetDevOpenvswitchInterfaceGetMaster is declared twice in
src/util/virnetdevopenvswitch.h.  Remove the last one.

Signed-off-by: Peng Liang <liangpeng10@huawei.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-05-20 11:30:01 +02:00
Boris Fiuczynski
42a5585499 nodedev: support auto-start property for mdevs
This adds a new element to the mdev capabilities xml schema that
represents the start policy for a defined mediated device. The actual
auto-start functionality is handled behind the scenes by mdevctl, but it
wasn't yet hooked up in libvirt.

Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-05-20 11:10:08 +02:00
Olaf Hering
0ad0204ce7 libxl: remove libxl_domain_config_init from libxlBuildDomainConfig
The passed libxl_domain_config is owned, and already initialized, by the
caller.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
2021-05-19 15:57:47 -06:00
Olaf Hering
5663be9f3a libxl: fix refcounting in libxlDomainChangeEjectableMedia
The initial variant of libxlDomainChangeEjectableMedia could just leave
the function earlier. With refcounting this does not work anymore.

Fixes commit a5bf06ba34

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
2021-05-18 15:35:19 -06:00
Tim Wiederhake
c6b0b7ad1a virNodeDevCapPCIDevIommuGroupParseXML: Use virXMLProp*
This strictens the parser to disallow negative values (interpreted as
`UINT_MAX + value + 1`) for attribute `number`. Allowing negative
numbers to be interpreted this way makes no sense for this attribute.

Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-05-18 12:27:14 -04:00
Tim Wiederhake
cd4c756fd5 virDomainAudioOSSParse: Use virXMLProp*
This strictens the parser to disallow negative values (interpreted as
`UINT_MAX + value + 1`) for attribute `bufferCount`. Allowing negative
numbers to be interpreted this way makes no sense for this attribute.

Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-05-18 12:27:14 -04:00
Tim Wiederhake
23e763eb46 virDomainAudioCoreAudioParse: Use virXMLProp*
This strictens the parser to disallow negative values (interpreted as
`UINT_MAX + value + 1`) for attribute `bufferCount`. Allowing negative
numbers to be interpreted this way makes no sense for this attribute.

Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-05-18 12:27:13 -04:00
Tim Wiederhake
7423635e46 virDomainChrDefParseTargetXML: Use virXMLProp*
This strictens the parser to disallow negative values (interpreted as
`UINT_MAX + value + 1`) for attribute `port`. Allowing negative
numbers to be interpreted this way makes no sense for this attribute.

Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-05-18 12:27:13 -04:00
Tim Wiederhake
38d76cde5e virDomainChrSourceReconnectDefParseXML: Use virXMLProp*
This strictens the parser to disallow negative values (interpreted as
`UINT_MAX + value + 1`) for attribute `timeout`. Allowing negative
numbers to be interpreted this way makes no sense for this attribute.

Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-05-18 12:27:13 -04:00
Tim Wiederhake
1b1cb2934e virDomainDiskDefGeometryParse: Use virXMLProp*
This strictens the parser to disallow negative values (interpreted as
`UINT_MAX + value + 1`) for attributes `cyls`, `heads` and `secs`.
Allowing negative numbers to be interpreted this way makes no sense for
these attributes.

Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-05-18 12:27:12 -04:00
Tim Wiederhake
ef18ca1c06 virDomainDiskDef: Change type of geometry.trans to virDomainDiskGeometryTrans
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-05-18 12:27:12 -04:00
Tim Wiederhake
081f22c209 virDomainDeviceUSBMasterParseXML: Use virXMLProp*
This strictens the parser to disallow negative values (interpreted as
`UINT_MAX + value + 1`) for attribute `startport`. Allowing negative
numbers to be interpreted this way makes no sense for this attribute.

Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-05-18 12:27:12 -04:00
Tim Wiederhake
793e71ee76 virDomainHostdevSubsysUSBDefParseXML: Use virXMLProp*
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-05-18 12:27:11 -04:00
Tim Wiederhake
e9c1e68d1f virDomainHostdevDef: Change type of startupPolicy to virDomainStartupPolicy
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-05-18 12:27:11 -04:00
Olaf Hering
bdbd902722 libxl: set vcpu affinity during domain creation
Since Xen 4.5 libxl allows to set affinities during domain creation.
This enables Xen to allocate the domain memory on NUMA systems close to
the specified pcpus.

Libvirt can now handle <domain/cputune/vcpupin> in domU.xml correctly.

Without this change, Xen will create the domU and assign NUMA memory and
vcpu affinities on its own. Later libvirt will adjust the affinity,
which may move the vcpus away from the assigned NUMA node.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
2021-05-18 10:11:55 -06:00
Michal Privoznik
655f67c68a qemu_process: Drop needless check in qemuProcessNeedMemoryBackingPath()
The aim of this function is to return whether domain definition
and/or memory device that user intents to hotplug needs a private
path inside cfg->memoryBackingDir. The rule for the memory device
that's being hotplug includes checking whether corresponding
guest NUMA node needs memoryBackingDir. Well, while the rationale
behind makes sense it is not necessary to check for that really -
just a few lines above every guest NUMA node was checked exactly
for that.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-05-18 17:47:58 +02:00
Michal Privoznik
4d779874ef qemu_process: Deduplicate code in qemuProcessNeedHugepagesPath()
The aim of qemuProcessNeedHugepagesPath() is to return whether
guest needs private path inside HugeTLBFS mounts (deducted from
domain definition @def) or whether the memory device that user is
hotplugging in needs the private path (deducted from the @mem
argument). The actual creation of the path is done in the only
caller qemuProcessBuildDestroyMemoryPaths().

The rule for the first case (@def) and the second case (@mem) is
the same (domain has a DIMM device that has HP requested) and is
written twice. Move the logic into a function to deduplicate the
code.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-05-18 17:47:58 +02:00
Michal Privoznik
2b371eacf1 qemu_capabilities: Update QEMU_MIN_* macros
As of b4cbdbe90b (and friends) the
minimal QEMU version required is 2.11.0. Let's update our
QEMU_MIN_* macros to reflect that.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-05-18 17:47:58 +02:00
Kristina Hanicova
42edef36fd qemu: capabilities: fill in domcaps <filesystem>
Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-05-18 14:52:36 +02:00
Kristina Hanicova
f388aa5ff3 conf: domcaps: Report device <filesystem>
Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-05-18 14:33:21 +02:00
Michal Privoznik
530715bd0b viridentity: Fix ref/unref imbalance in VIR_IDENTITY_AUTORESTORE
The basic use case of VIR_IDENTITY_AUTORESTORE() is in
conjunction with virIdentityElevateCurrent(). What happens is
that virIdentityElevateCurrent() gets current identity (which
increases the refcounter of thread local virIdentity object) and
returns a pointer to it. Later, when the variable goes out of
scope the virIdentityRestoreHelper() is called which calls
virIdentitySetCurrent() over the old identity. But this means
that the refcounter is increased again.

Therefore, we have to explicitly decrease the refcounter by
calling g_object_unref().

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-05-17 21:06:15 +02:00
Michal Privoznik
b24a45827a virCapabilitiesHostNUMAFormat: Bring variables into loops
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-05-17 15:56:25 +02:00
Michal Privoznik
9e63f35247 virnuma: Export virNumaGetMaxCPUs properly
This function will be used in virnumamock, shortly.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-05-17 15:54:13 +02:00
Michal Privoznik
ad661c70b9 numa_conf: Use virXMLFormatElement() in virDomainNumaDefFormatXML
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-05-17 15:54:04 +02:00
Michal Privoznik
d0e0a909fa driver: Don't leak saved error in virGetConnectGeneric()
Recently, a new code was added to virGetConnectGeneric() that
saves the original error into a variable so that it's not lost in
virConnectClose() called under the 'error' label.

However, the error saving code uses virSaveLastError() +
virSetError() combo which leaks the memory allocated for the
error copy. Using virErrorPreserveLast() + virErrorRestore() does
the same job without the memleak.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-05-17 15:53:39 +02:00
Tim Wiederhake
df28ba289c virDomainNumaDefParseXML: Use g_autofree
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-05-14 12:15:56 -04:00
Tim Wiederhake
9563732306 virDomainNumaDefParseXML: Use virXMLProp*
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-05-14 12:15:56 -04:00
Tim Wiederhake
de057e2cc3 virDomainNumaDefNodeDistanceParseXML: Use virXMLProp*
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-05-14 12:15:56 -04:00
Tim Wiederhake
39e1f32010 virDomainNumatuneNodeParseXML: Use g_autofree
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-05-14 12:15:56 -04:00
Tim Wiederhake
960984510b virDomainNumatuneNodeParseXML: Use virXMLProp*
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-05-14 12:15:56 -04:00
Tim Wiederhake
f16305b36f virNodeDeviceDefParseXML: Use g_auto*
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-05-14 12:15:56 -04:00
Daniel P. Berrangé
8f390ae310 secret: rework handling of private secrets
A secret can be marked with the "private" attribute. The intent was that
it is not possible for any libvirt client to be able to read the secret
value, it would only be accesible from within libvirtd. eg the QEMU
driver can read the value to launch a guest.

With the modular daemons, the QEMU, storage and secret drivers are all
running in separate daemons. The QEMU and storage drivers thus appear to
be normal libvirt client's from the POV of the secret driver, and thus
they are not able to read a private secret. This is unhelpful.

With the previous patches that introduced a "system token" to the
identity object, we can now distinguish APIs invoked by libvirt daemons
from those invoked by client applications.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-05-13 11:07:47 +01:00
Daniel P. Berrangé
9bcbdbd579 src: elevate current identity privilege when fetching secret
When fetching the value of a private secret, we need to use an elevated
identity otherwise the secret driver will deny access.

When using the modular daemons, the elevated identity needs to be active
before the secret driver connection is opened, and it will apply to all
APIs calls made on that conncetion.

When using the monolithic daemon, the identity at time of opening the
connection is ignored, and the elevated identity needs to be active
precisely at the time the virSecretGetValue API call is made.

After acquiring the secret value, the elevated identity should be
cleared.

This sounds complex, but is fairly straightfoward with the automatic
cleanup callbacks.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-05-13 11:07:43 +01:00
Daniel P. Berrangé
9645200dc0 src: set identity when opening secondary drivers
The drivers can all call virGetConnectXXX to open a connection to a
secondary driver. For example, when creating a encrypted storage volume,
the storage driver has to open a secret driver connection, or when
starting a guest, the QEMU driver has to open the network driver to
lookup a virtual network.

When using monolithic libvirtd, the connection has the same effective
identity as the client, since everything is still in the same process.
When using the modular daemons, however, the remote daemon sees the
identity of the calling daemon. This is a mistake as it results in
the modular daemons seeing the client with elevated privileges.

We need to pass on the current identity explicitly when opening the
secondary drivers. This is the same thing that is done by daemon RPC
dispatcher code when it is directly forwarding top level API calls
from virtproxyd and other daemons.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-05-13 11:07:41 +01:00
Daniel P. Berrangé
11f077e286 src: add API to determine if current identity is a system identity
This is essentially a way to determine if the current identity
is that of another libvirt daemon.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-05-13 11:07:40 +01:00
Daniel P. Berrangé
10689c16d8 util: helper to temporary elevate privileges of the current identity
When talking to the secret driver, the callers inside libvirt daemons
need to be able to run with an elevated privileges that prove the API
calls are made by a libvirt daemon, not an end user application.

The virIdentityElevateCurrent method will take the current identity
and, if not already present, add the system token. The old current
identity is returned to the caller. With the VIR_IDENTITY_AUTORESTORE
annotation, the old current identity will be restored upon leaving
the codeblock scope.

    ... early work with regular privileges ...
    if (something needing elevated privs) {
        VIR_IDENTITY_AUTORESTORE virIdentity *oldident =
	    virIdentityElevateCurrent();
	if (!oldident)
	    return -1;

        ... do something with elevated privileges ...
    }
    ... later work with regular privileges ...

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-05-13 11:07:36 +01:00
Daniel P. Berrangé
695d713df2 util: add API for copying identity objects
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-05-13 11:07:35 +01:00
Daniel P. Berrangé
b3fe905f53 util: set system token for system identity
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-05-13 11:07:33 +01:00
Daniel P. Berrangé
cbfebfc747 util: generate a persistent system token
When creating the system identity set the system token. The system
token is currently stored in a local path

   /var/run/libvirt/common/system.token

Obviously with only traditional UNIX DAC in effect, this is largely
security through obscurity, if the client is running at the same
privilege level as the daemon. It does, however, reliably distinguish
an unprivileged client from the system daemons.

With a MAC system like SELinux though, or possible use of containers,
access can be further restricted.

A possible future improvement for Linux would be to populate the
kernel keyring with a secret for libvirt daemons to share.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-05-13 11:07:16 +01:00
Daniel P. Berrangé
d5d011f767 util: introduce concept of a system token into identities
We want a way to distinguish between calls from a libvirt daemon, and a
regular client application when both are running as the same user
account. This is not possible with the current set of attributes
recorded against an identity, as there is nothing that is common to all
of the modular libvirt daemons, while distinct to all other processes.

We thus introduce the idea of a system token, which is simply a random
hex string that is only known by the libvirt daemons, to be recorded
against the system identity.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-05-13 11:07:15 +01:00
Daniel P. Berrangé
1ca3959712 util: add virRandomToken API
A random token is simply a string of random bytes formatted in
hexidecimal.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-05-13 11:07:13 +01:00
Tim Wiederhake
210bdb61ff virStoragePoolDefParseXML: Use virXMLProp*
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-05-13 09:24:09 +02:00
Tim Wiederhake
dba76bdba3 virStoragePoolDefParseSource: Use VIR_XPATH_NODE_AUTORESTORE
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-05-13 09:24:09 +02:00
Tim Wiederhake
0f8fd45482 virStoragePoolDefParseSource: Use virXMLProp*
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-05-13 09:24:09 +02:00
Tim Wiederhake
3681a53933 virStorageAdapterParseXMLFCHost: Use virXMLProp*
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-05-13 09:24:09 +02:00
Tim Wiederhake
3976dc598a virNodeDeviceDefParseXML: Use virXMLProp*
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-05-11 14:04:08 +02:00
Tim Wiederhake
1f59f2fd3d virNodeDevCapsDefParseXML: Use g_autoptr
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-05-11 14:04:06 +02:00
Tim Wiederhake
27b09ff09f conf: node_device: Register autoptr cleanup function for virNodeDevCapsDef
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-05-11 14:04:04 +02:00
Tim Wiederhake
afedd6dde5 virNodeDevCapsDefParseXML: Use virXMLProp*
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-05-11 14:04:02 +02:00
Tim Wiederhake
3a4027511d virPCIEDeviceInfoLinkParseXML: Remove unused parameter ctxt
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-05-11 14:04:00 +02:00
Tim Wiederhake
bfba1758a2 virPCIEDeviceInfoLinkParseXML: Use virXMLProp*
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-05-11 14:03:58 +02:00
Tim Wiederhake
fee958313d virNetworkDHCPLeaseTimeDefParseXML: Use virXMLProp*
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-05-11 14:03:48 +02:00
Tim Wiederhake
9013204afe virNetworkDHCPLeaseTimeDef: Make expiry unsigned long long
The width of `unsigned long` differs on 32 bit and 64 bit architectures.
There is no compelling reason why the maximum DHCP lease time should
depend on the architecture.

Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-05-11 14:03:44 +02:00
Tim Wiederhake
34851dd8f4 virDomainObjParseXML: Use g_autoptr
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-05-11 14:03:41 +02:00
Tim Wiederhake
107f687128 virDomainObjParseXML: Use virXMLProp*
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-05-11 14:03:37 +02:00
Pavel Hrdina
61d95a1073 qemu_firmware: don't error out for unknown firmware features
When QEMU introduces new firmware features libvirt will fail until we
list that feature in our code as well which doesn't sound right.

We should simply ignore the new feature until we add a proper support
for it.

Reported-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-05-10 15:30:18 +02:00
Michal Privoznik
fe75c387c4 virCapabilitiesHostNUMAInitReal: Bring variables into loop
Some variables are needed only inside for() loop. They were
declared at the beginning of the function because of VIR_FREE()
calls, but since they are auto-freed they can be declared inside
the loop.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-05-10 15:16:35 +02:00
Michal Privoznik
3bab9ce34f virCapabilitiesHostNUMAInitReal: Use g_auto* where possible
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-05-10 15:16:27 +02:00