Commit Graph

27695 Commits

Author SHA1 Message Date
Nikolay Shirokovskiy
1071592e65 vz: fix typo for 0d3d020b 2017-10-17 21:27:05 +03:00
Nikolay Shirokovskiy
62d6de46fd vz: missing pieces for fd885a06 for vz driver 2017-10-17 21:27:05 +03:00
Jiri Denemark
6a6f6b91e0 qemu: Fix CPU model broken by older libvirt
When libvirt older than 3.9.0 reconnected to a running domain started by
old libvirt it could have messed up the expansion of host-model by
adding features QEMU does not support (such as cmt). Thus whenever we
reconnect to a running domain, revert to an active snapshot, or restore
a saved domain we need to check the guest CPU model and remove the
CPU features unknown to QEMU. We can do this because we know the domain
was successfully started, which means the CPU did not contain the
features when libvirt started the domain.

https://bugzilla.redhat.com/show_bug.cgi?id=1495171

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2017-10-17 15:08:05 +02:00
Jiri Denemark
e26cc8f82f qemu: Filter CPU features when using host CPU
When reconnecting to a domain started with a host-model CPU which was
started by old libvirt that did not replace host-model with the real CPU
definition, libvirt replaces the host-model CPU with the CPU from
capabilities (because this is what the old libvirt did when it started
the domain). Without this patch libvirt could use features unknown to
QEMU in the CPU definition which replaced the original host-model CPU.
Such domain would keep running just fine, but any attempt to migrate it
will fail and once the domain is saved or snapshotted, restoring it
would fail too.

In other words whenever we want to use the CPU definition from host
capabilities as a guest CPU definition, we have to filter the unknown
features.

https://bugzilla.redhat.com/show_bug.cgi?id=1495171

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2017-10-17 15:08:05 +02:00
Jiri Denemark
3276416904 conf: Introduce virCPUDefFindFeature
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2017-10-17 15:08:05 +02:00
Jiri Denemark
4b87b3675f qemu: Separate CPU updating code from qemuProcessReconnect
The new function is called qemuProcessRefreshCPU.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2017-10-17 15:08:05 +02:00
Jiri Denemark
e1ca8ecb46 qemu: Check QEMU error on failed migration
When migration fails, QEMU may provide a description of the error in
the reply to query-migrate QMP command. We can fetch this error and use
it instead of the generic "unexpectedly failed" message.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2017-10-17 10:41:45 +02:00
Ján Tomko
befe20184e docs: remove duplicate https links
Commit e371b3b changed all the links to libvirt.org to use https.
Remove the leftover 'http' links from downloads page, since they
point to https anyway.
2017-10-17 09:32:11 +02:00
Peter Krempa
a693fdba01 Terminate backing chains explicitly
Express a properly terminated backing chain by putting a
virStorageSource of type VIR_STORAGE_TYPE_NONE in the chain. The newly
used helpers simplify this greatly.

The change fixes a bug as formatting an incomplete backing chain and
parsing it back would end up in expressing a terminated chain since
src->backingStoreRaw was not populated. By relying on the terminator
object this can be now processed appropriately.
2017-10-17 06:19:18 +02:00
Peter Krempa
0a294a8e28 util: storagefile: Add helpers to check presence of backing store
Add helpers that will simplify checking if a backing file is valid or
whether it has backing store. The helper virStorageSourceIsBacking
returns true if the given virStorageSource is a valid backing store
member. virStorageSourceHasBacking returns true if the virStorageSource
has a backing store child.

Adding these functions creates a central points for further refactors.
2017-10-17 06:19:18 +02:00
Peter Krempa
8fdeefe1df test: set 'type' field of virStorageSource
Set the type so that the iterators will work after upcoming
modification.
2017-10-17 06:19:18 +02:00
Peter Krempa
ee4d2df87d storage: Fill in 'type' field for virStorageSource in storage driver
Storage driver uses virStorageSource only partially to store it's
configuration but fully when parsing backing files of storage volumes.
This patch sets the 'type' field to a value other than
VIR_STORAGE_TYPE_NONE so that further patches can add a terminator
element to backing chains without breaking iteration.
2017-10-17 06:19:18 +02:00
Peter Krempa
e3fb414e77 util: storagefile: Tolerate NULL path when looking up volume in chain
chain->path may be NULL e.g. for NBD drives, so the check needs to avoid
dereferencing the path in such case
2017-10-17 06:19:18 +02:00
Peter Krempa
9cc8d6ee9e util: storage: use stored index to lookup disks
We can now use the backing store ID directly rather than counting the
number of images seen while looking up images.
2017-10-17 06:19:18 +02:00
Peter Krempa
c6231a6a6c util: storage: Store backing chain index in virStorageSource
The backing store indexes were not bound to the storage sources in any
way. To allow us to bind a given alias to a given storage source we need
to save the index in virStorageSource. The backing store ids are now
generated when detecting the backing chain.

Since we don't re-detect the backing chain after snapshots, the
numbering needs to be fixed there.
2017-10-17 06:19:18 +02:00
Peter Krempa
7547ed1297 conf: Make backing store index optional
Index will remain an internal property even if we allow backing store
parsing from the XML, so we need to allow backing store without it in
the schema.
2017-10-17 06:19:18 +02:00
Peter Krempa
8b13c37f0b conf: domain: Simplify return from backing store parser
Use VIR_STEAL_PTR to remove conditional cleanup.
2017-10-17 06:19:18 +02:00
Kothapally Madhu Pavan
67a52f709a qemu: argv: parse qemu commandline memory arguments
Existing qemuParseCommandLineMem() will parse "-m 4G" format string.
This patch allows it to parse "-m size=8126464k,slots=32,maxmem=33554432k"
format along with existing format. And adds a testcase to validate the changes.

Signed-off-by: Kothapally Madhu Pavan <kmp@linux.vnet.ibm.com>
2017-10-16 11:18:25 -04:00
Ladi Prosek
a765e3094d hyperv: Map Limit to max_memory and VirtualQuantity to cur_balloon
Hyper-V uses its own specific memory management so no mapping is going to
be perfect. However, it is more correct to map Limit to max_memory (it
really is the upper limit of what the VM may potentially use) and keep
cur_balloon equal to total_memory.

The typical value returned from Hyper-V in Limit is 1 TiB, which is not
really going to work if interpreted as "startup memory" to be ballooned
away later.

Signed-off-by: Ladi Prosek <lprosek@redhat.com>
2017-10-16 10:29:32 -04:00
Ladi Prosek
5ae2d9c259 hyperv: Escape WQL queries
The code was vulnerable to SQL injection. Likely not a security issue due to
WMI SQL and other constraints but still lame. For example:

  virsh # dominfo \"
  error: failed to get domain '"'
  error: internal error: SOAP fault during enumeration: code 's:Sender', subcode
  'n:CannotProcessFilter', reason 'The data source could not process the filter.
  The filter might be missing or it might be invalid. Change the filter and try
  the request again.  ', detail 'The WS-Management service cannot process the
  request. The WQL query is invalid. '

This commit fixes the Hyper-V driver by escaping all WMI SQL string parameters.

The same command with the fix:

  virsh # dominfo \"
  error: failed to get domain '"'
  error: Domain not found: No domain with name "

Signed-off-by: Ladi Prosek <lprosek@redhat.com>
2017-10-16 10:29:32 -04:00
Ladi Prosek
bb8c2a76ca hyperv: Fix hypervInitConnection error reporting
"%s is not a Hyper-V server" is not a correct generalization of all possible
error conditions of hypervEnumAndPull. For example:

  $ virsh --connect hyperv://localhost/?transport=http
  Enter username for localhost [administrator]:
  Enter administrator's password for localhost: <enters incorrect password>
  error: failed to connect to the hypervisor
  error: internal error: localhost is not a Hyper-V server

This commit removes the general virReportError from hypervInitConnection and
also the "Invalid query" virReportError from hypervSerializeEprParam, which
does not correctly describe the error either (virBufferCheckError has
already set a meaningful error message at that point).

The same scenario with the fix:

  $ virsh --connect hyperv://localhost/?transport=http
  Enter username for localhost [administrator]:
  Enter administrator's password for localhost: <enters incorrect password>
  error: failed to connect to the hypervisor
  error: internal error: Transport error during enumeration: User, password or
  similar was not accepted (26)

Signed-off-by: Ladi Prosek <lprosek@redhat.com>
2017-10-16 10:29:32 -04:00
Daniel P. Berrange
441d3eb6d1 qemu: ensure TLS clients always verify the server certificate
The default_tls_x509_verify (and related) parameters in qemu.conf
control whether the QEMU TLS servers request & verify certificates
from clients. This works as a simple access control system for
servers by requiring the CA to issue certs to permitted clients.
This use of client certificates is disabled by default, since it
requires extra work to issue client certificates.

Unfortunately the code was using this configuration parameter when
setting up both TLS clients and servers in QEMU. The result was that
TLS clients for character devices and disk devices had verification
turned off, meaning they would ignore errors while validating the
server certificate.

This allows for trivial MITM attacks between client and server,
as any certificate returned by the attacker will be accepted by
the client.

This is assigned CVE-2017-1000256  / LSN-2017-0002

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-10-16 12:54:43 +01:00
Daniel P. Berrange
e371b3bf41 Use https:// links for most sites
This adds a rule to require https links for the libvirt, qemu
and kvm websites.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-10-16 10:22:34 +01:00
Daniel P. Berrange
f72d7cd933 Remove obsolete TODO file
We stopped autogenerating a TODO file from RFE bugs a long time
ago.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-10-16 10:22:34 +01:00
Ján Tomko
d007ec3344 qemu: reserve PCI addresses for implicit i440fx devices
Somewhere around commit 9ff9d9f reserving entire PCI slots was
eliminated, as demonstrated by commit 6cc2014.

Reserve the functions required by the implicit devices:
00:01.0 ISA Bridge
00:01.1 IDE Controller
00:01.2 USB Controller (unless USB is disabled)
00:01.3 Bridge

https://bugzilla.redhat.com/show_bug.cgi?id=1460143
2017-10-16 09:53:34 +02:00
Jiri Denemark
91d69cb03e cputest: Make a crippled version of Core-i7-2600
xsaveopt is artificially removed from the host to test disabled feature
which is only included in QEMU's version of the CPU model.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-16 09:23:21 +02:00
Jiri Denemark
911643ce45 cputest: Update Core-i7-2600 data
arat is now enabled even if the hardware does not support it.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-16 09:23:21 +02:00
Jiri Denemark
66b9f3ec9c cputest: Add query-cpu-definitions reply for Xeon-E3-1245
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-16 09:23:21 +02:00
Jiri Denemark
29a16fb618 cputest: Update Xeon-E3-1245 data
xsaves is supported by current QEMU/KVM on this CPU.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-16 09:23:21 +02:00
Jiri Denemark
8e72c612fe cputest: Add query-cpu-definitions reply for Xeon-E7-4830
This CPU was incorrectly detected as SandyBridge before because the
number of additional <feature> elements was the same for both
SandyBridge and Westmere CPU models, but SandyBridge is newer (the CPU
signature does not help here because it doesn't match any signature
defined in cpu_map.xml). But since QEMU's version of SandyBridge CPU
model contains xsaveopt which needs to be disabled, Westmere becomes the
best CPU model when translating CPUID data to virCPUDef. Unfortunately,
this doesn't help with translating the data we got from QEMU and the CPU
model is still computed as SandyBridge in this case.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-16 09:23:21 +02:00
Jiri Denemark
3479f297b3 cputest: Add CPUID data for Intel(R) Xeon(R) CPU E7-4830
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-16 09:23:21 +02:00
Jiri Denemark
11eddf3de0 cputest: Add query-cpu-definitions reply for Core-i5-2540M
The unavailable features do not make any difference in this case,
because this is a SandyBridge CPU which has an empty list of unavailable
features.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-16 09:23:20 +02:00
Jiri Denemark
7f00f07e77 cputest: Use CPU models from QEMU when available
When testing cpuDecode for computing guest CPU definition from CPUID
data (the CPU definition reported by domain capabilities), we need to
use CPU models (and their usability blockers) from QEMU if they are
available to cpuDecode in the same way it is actually used in the qemu
driver.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-16 09:23:20 +02:00
Jiri Denemark
4ee0f8d22d cputest: Separate QEMUCaps creation from cpuTestCPUIDJson
To make the code reusable by other tests.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-16 09:23:20 +02:00
Jiri Denemark
7bca16937a cputest: Test CPU usability blockers
Gather query-cpu-definitions results and use them for testing CPU model
usability blockers in CPUID to virCPUDef translation.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-16 09:23:20 +02:00
Jiri Denemark
c517a6a369 cputest: Print correct feature in virCPUUpdateLive test
If the actual result does not match our expectation, the tests would
not correctly show the difference if a CPU feature is disabled in the
expected result and the actual result does not mention it at all. The
test could complain about an unrelated CPU feature or it could even
crash in case the actual result contains no more features to go through.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-16 09:23:20 +02:00
Jiri Denemark
9d62af7283 cputest: Avoid calling json_reformat in cpu-parse.sh
Various version of json_reformat use different number of spaces for
indenting. Let's use a simple python reformatter to gain full control
over the formatting for consistent results.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-16 09:23:20 +02:00
Jiri Denemark
0d88c25f2c cputest: Replace bool with cpuTestCPUIDJson enum
We will soon need to handle more than two values.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-16 09:23:20 +02:00
Jiri Denemark
9c9620af1d cpu_x86: Disable blockers from unusable CPU models
When decoding CPUID data to virCPUDef we need to be careful about using
a CPU model which cannot be directly used on the current host. Normally,
libvirt would notice the features which prevent the model from being
usable and it would disable them in the computed virCPUDef, but this
won't work in case the definition of the CPU model in QEMU contains more
features than what we have in cpu_map.xml. We need to count with the
usability blockers we got from QEMU and explicitly disable all of them
to make the computed virCPUDef usable.

https://bugzilla.redhat.com/show_bug.cgi?id=1464832

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-16 09:23:20 +02:00
Jiri Denemark
722ef4ff38 cpu_x86: Move x86FeatureFind* to avoid forward prototypes
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-16 09:23:20 +02:00
Jiri Denemark
20664ec779 conf: Introduce virDomainCapsCPUModelsGet
This internal API can be used to find a specific CPU model in
virDomainCapsCPUModels list.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-16 09:23:17 +02:00
Jiri Denemark
a62dca833e cpu: Drop unused parameter from cpuDecode
The "preferred" parameter is not used by any caller of cpuDecode
anymore. It's only used internally in cpu_x86 to implement cpuBaseline.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-16 09:21:52 +02:00
Jiri Denemark
fd885a06a0 cpu: Use virDomainCapsCPUModelsPtr in cpu driver APIs
All APIs which expect a list of CPU models supported by hypervisors were
switched from char **models and int models to just accept a pointer to
virDomainCapsCPUModels object stored in domain capabilities. This avoids
the need to transform virDomainCapsCPUModelsPtr into a NULL-terminated
list of model names and also allows the various cpu driver APIs to
access additional details (such as its usability) about each CPU model.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-16 09:21:52 +02:00
Jiri Denemark
e9f8e1b8e6 qemu: Parse unavailable features for CPU models
query-cpu-definitions QMP command returns a list of unavailable features
which prevent CPU models from being usable on the current host. So far
we only checked whether the list was empty to mark CPU models as
(un)usable. This patch parses all unavailable features for each CPU
model and stores them in virDomainCapsCPUModel as a list of usability
blockers.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-16 09:21:52 +02:00
Jiri Denemark
1255fa877a qemu: Store CPU usability blockers in caps cache
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-16 09:21:51 +02:00
Jiri Denemark
0861080f0e conf: Add usability blockers to virDomainCapsCPUModel
When a hypervisor marks a CPU model as unusable on the current host, it
may also give us a list of features which prevent the model from being
usable. Storing this list in virDomainCapsCPUModel will help the CPU
driver with creating a host-model CPU configuration.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-16 09:21:51 +02:00
Jiri Denemark
ef04596d76 util: Introduce virStringListCopy
The API makes a deep copy of a NULL-terminated string list.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-16 09:21:51 +02:00
Michal Privoznik
02555bfe5c virDomainDeviceInfoParseXML: Clear whole @info on failure
Currently, if parsing of device info fails info->alias is freed.
It doesn't make much sense to leave the rest of the struct
behind.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-10-13 17:55:41 -07:00
Michal Privoznik
83a517cfe6 virDomainDeviceInfoParseXML: Separate address parsing into separate func
There's one 'return' in the middle of the function body. It's
very easy to miss and so it makes adding new code harder. Also
the function doesn't follow our style 100%.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-10-13 17:55:41 -07:00
Michal Privoznik
be9978bb89 virDomainInterfaceStats: Accept MAC addresses properly
https://bugzilla.redhat.com/show_bug.cgi?id=1497396

In 0d3d020ba6 I've added capability to accept MAC addresses
for the API too. However, the implementation was faulty. It needs
to lookup the corresponding interface in the domain definition
and pass the ifname instead of MAC address.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-10-13 17:54:50 -07:00