Commit Graph

31246 Commits

Author SHA1 Message Date
Fabiano Fidêncio
6efa07e7b9 xen_common: Change xenParseCharDev to use virConfGetValueStringList
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-09-20 16:39:22 -04:00
Fabiano Fidêncio
1bb379ad8e xen_common: Change xenParseVfbs to use virConfGetValueStringList
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-09-20 16:39:16 -04:00
Fabiano Fidêncio
5f0c1c1e25 xen_common: Change xenParsePCIList to use virConfGetValueStringList
The `if(!list || list->type != VIR_CONF_LIST)` check couldn't be
written in a 100% similar way. Instead, we're just checking whether
`virConfGetValueStringList() <= 0` and creating a new function to:
- return -1 in case virConfGetValueStringList fails either due to some
  allocation failure or when traversing the list;
- resetting the last error and return 0 otherwise;

Taking this approach we can have the behaviour with the new code as
close as possible to the old one.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-09-20 16:39:09 -04:00
Fabiano Fidêncio
b98d936c19 xen_common: Change xenConfigGetString to use virConfGetValueString
This change actually changes the behaviour of xenConfigGetString() as
now it returns a newly-allocated string.

Unfortunately, there's not much that can be done in order to avoid that
and all the callers have to be changed in order to avoid leaking the
return value.

Also, as a side-effect of the change above, the function now takes a
"char **" argument instead of a "const char **" one.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-09-20 16:39:01 -04:00
Fabiano Fidêncio
93c6239f21 xen_common: Change xenConfigGetUUID to use virConfGetValueString
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-09-20 16:39:01 -04:00
Fabiano Fidêncio
db343ca830 xen_common: Change xenConfigCopyStringInternal to use virConfGetValueString
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-09-20 16:39:01 -04:00
Boris Fiuczynski
efc29ab2e5 tests: domaincaps: Add QEMU 3.0 for s390x
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
2018-09-20 16:24:58 -04:00
Boris Fiuczynski
d7434ae800 tests: Add capabilities data for QEMU 3.0.0 on s390x
The QEMU binary is compiled from the v3.0.0 tag.

Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
2018-09-20 16:24:58 -04:00
John Ferlan
2c476dbc07 util: Fix travis build error
Commit 12093f1f used %ld instead of %zd for a size_t.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2018-09-20 14:57:22 -04:00
John Ferlan
e3a42028af Remove ignore_value or void from unlink calls
There seems to be no need to add the ignore_value wrapper or
caste with (void) to the unlink() calls, so let's just remove
them. I assume at one point in time Coverity complained. So,
let's just be consistent - those that care to check the return
status can and those that don't can just have the naked unlink.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2018-09-20 13:45:56 -04:00
Wang Huaqiang
6af8417415 conf: Introduce RDT monitor host capability
This patch is introducing cache monitor(CMT) to cache and
memory bandwidth monitor(MBM) for monitoring CPU memory
bandwidth.

The host capability of the two monitors is also introduced
in this patch.

For CMT, the host capability is shown like:
  <host>
  ...
    <cache>
      <bank id='0' level='3' type='both' size='15' unit='MiB' cpus='0-5'>
        <control granularity='768' min='1536' unit='KiB' type='both' maxAllocs='4'/>
      </bank>
      <monitor level='3' 'reuseThreshold'='270336' maxMonitors='176'>
        <feature name='llc_occupancy'/>
      </monitor>
    </cache>
    ...
  </host>

For MBM, the capability is shown like this:
  <host>
    ...
    <memory_bandwidth>
      <node id='1' cpus='6-11'>
        <control granularity='10' min ='10' maxAllocs='4'/>
      </node>
      <monitor maxMonitors='176'>
        <feature name='mbm_total_bytes'/>
        <feature name='mbm_local_bytes'/>
      </monitor>
    </memory_bandwidth>
    ...
  </host>

Signed-off-by: Wang Huaqiang <huaqiang.wang@intel.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-09-20 13:06:02 -04:00
Wang Huaqiang
8f6887998b conf: Refactor memory bandwidth capability structure
Move memory bandwidth capability nodes into one data structure,
this allows us to add a monitor for memory bandwidth.

Signed-off-by: Wang Huaqiang <huaqiang.wang@intel.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-09-20 13:06:02 -04:00
Wang Huaqiang
58fcee6f3a conf: Refactor cache bank capability structure
Move all cache banks into one data structure, this allows
us to add other cache component, such as cache monitor.

Signed-off-by: Wang Huaqiang <huaqiang.wang@intel.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-09-20 13:06:02 -04:00
Wang Huaqiang
12093f1fea util: Introduce monitor capability interface
This patch introduces the resource monitor and creates the interface
for getting host capability of resource monitor from the system resource
control file system.

The resource monitor takes the role of RDT monitoring group and could be
used to monitor the resource consumption information, such as the last
level cache occupancy and the utilization of memory bandwidth.

Signed-off-by: Wang Huaqiang <huaqiang.wang@intel.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-09-20 13:06:02 -04:00
Jim Fehlig
dc3d2c9f8c libxl: fallback to lib probe if pkgconfig file not found
With the assumption that all Xen >= 4.6 contains a pkgconfig file for
libxenlight, commit 5bdcef13 dropped the fallback check to probe
libxenlight with LIBVIRT_CHECK_LIB. At the time it was not known that
the various Xen pkgconfig files are in the -runtime package in Fedora,
instead of the traditional -devel package. This bug [1] was fixed in
Fedora > 28, but until Fedora 28 reaches EOL we'll need to re-introduce
the fallback check.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1629643

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2018-09-20 07:59:26 -06:00
Jim Fehlig
e44840c441 build: remove unused variables from virt-driver-libxl.m4
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2018-09-20 07:59:26 -06:00
John Ferlan
5309b6cb64 storage: Save error during refresh failure processing
https://bugzilla.redhat.com/show_bug.cgi?id=1614283

Save the error from the refresh failure because the stopPool
processing may overwrite the error or even worse clear it
due to calling an external libvirt API that resets the last
error such as is the case with the SCSI pool which may call
virGetConnectNodeDev (see commit decaeb288) in order to
process deleting an NPIV vport.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2018-09-20 07:49:49 -04:00
John Ferlan
5745f08cea storage: Introduce storagePoolRefreshFailCleanup
Create a common pool refresh failure handling method as the
same code is repeated multiple times.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2018-09-20 07:49:43 -04:00
John Ferlan
1ff45609d6 storage: Create error label path for storagePoolCreateXML
Rather than duplicate the error code, let's create an error
label to keep code common.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2018-09-20 07:49:38 -04:00
John Ferlan
4a7abc67d5 storage: Clean up storagePoolUpdateStateCallback processing
Alter the code path to remove the need to to go cleanup and thus
remove the label completely.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2018-09-20 07:49:33 -04:00
John Ferlan
49c322145b storage: Clean up stateFile if refreshPool fails
If the virStoragePoolRefresh fails and we call stopPool, the
code neglected to clean up the state file leading to the next
libvirtd restart attempting to start the pool. For a transient
pool this could make it unexpectedly reappear.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2018-09-20 07:49:19 -04:00
John Ferlan
9e52c64966 qemu: Ignore nwfilter binding instantiation issues during reconnect
https://bugzilla.redhat.com/show_bug.cgi?id=1607202

It's essentially stated in the nwfilterBindingDelete that we
will allow the admin to shoot themselves in the foot by deleting
the nwfilter binding which then allows them to undefine the
nwfilter that is in use for the running guest...

However, by allowing this we cause a problem for libvirtd
restart reconnect processing which would then try to recreate
the missing binding attempting to use the deleted filter
resulting in an error and thus shutting the guest down.

So rather than keep adding virDomainConfNWFilterInstantiate
flags to "ignore" specific error conditions, modify the logic
to ignore, but VIR_WARN errors other than ignoreExists. This
will at least allow the guest to not shutdown for only nwfilter
binding errors that we can now perhaps recover from since we
have the binding create/delete capability.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2018-09-20 07:31:55 -04:00
Erik Skultety
5165ff0971 src: More cleanup of some system headers already contained in internal.h
All of the ones being removed are pulled in by internal.h. The only
exception is sanlock which expects the application to include <stdint.h>
before sanlock's headers, because sanlock prototypes use fixed width
int, but they don't include stdint.h themselves, so we have to leave
that one in place.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
2018-09-20 10:16:39 +02:00
Erik Skultety
9403b63102 internal: Move <stdio.h> include to internal.h
It doesn't really make sense for us to have stdlib.h and string.h but
not stdio.h in the internal.h header.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
2018-09-20 10:16:38 +02:00
Jim Fehlig
212df3f957 libxl: remove configure check for libxl_domain_config_from_json
The libxl_domain_config_from_json API appeared in Xen 4.5, hence
there is no need to check for its existence after changing the
minimum supported Xen version to 4.6. Remove the check and its
use in the tests.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-09-19 09:41:09 -06:00
Erik Skultety
322d2e58d0 secret: Makefile: Fix an EXTRA_DIST typo
So, when trying to add some secret util sources, we referenced them with
a non-existent symbol.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2018-09-19 15:37:26 +02:00
Jiri Denemark
993d85ae5e cpu_map: Add Icelake CPU models
Introduced in QEMU by commit v3.0.0-156-g8a11c62da9.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2018-09-19 14:05:59 +02:00
Jiri Denemark
9813081119 cpu_map: Add features for Icelake CPUs
QEMU commits:

    e37a5c7fa4 (v2.12.0)
        i386: Add Intel Processor Trace feature support

    c2f193b538 (v2.7.0)
        target-i386: Add support for UMIP and RDPID CPUID bits

    aff9e6e46a (v2.12.0)
        x86/cpu: Enable new SSE/AVX/AVX512 cpu features

    f77543772d (v2.9.0)
        x86: add AVX512_VPOPCNTDQ features

    5131dc433d (v3.1.0)
        i386: Add CPUID bit for PCONFIG

    59a80a19ca (v3.1.0)
        i386: Add CPUID bit for WBNOINVD

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2018-09-19 14:05:59 +02:00
Jiri Denemark
1468536d42 qemu: Fix error reporting in qemuDomainSaveImageStartVM
When restoring a domain from a compressed image, we launch an
intermediate process for decompressing the saved data. If QEMU fails to
load the data for some reason, we force close the stdin/stdout file
descriptors of the intermediate process and wait for it to die. However,
virCommandWait can report various errors which would overwrite the real
error from QEMU. Thus instead of getting something useful:

    internal error: process exited while connecting to monitor:
    2018-09-17T15:17:29.998910Z qemu-system-x86_64: can't apply global
    Skylake-Client-x86_64-cpu.osxsave=off: Property '.osxsave' not found

we could get an irrelevant error message:

    internal error: Child process (lzop -dc --ignore-warn) unexpected
    fatal signal 13

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-09-19 14:05:59 +02:00
Jiri Denemark
602ecdf2ab Drop \n at the end of VIR_DEBUG messages
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2018-09-19 14:05:59 +02:00
Michal Privoznik
8e8a9dc3fa virsh: Honour user locale in cmdList
In 2e97450425 we've mistakenly removed gettext macro for
translating static strings. This results in table header being
printed in English regardless of user locale.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-09-19 10:44:08 +02:00
Michal Privoznik
6d855abc14 security_selinux: Lock metadata when running transaction
Lock all the paths we want to relabel to mutually exclude other
libvirt daemons.

The only hitch here is that directories can't be locked.
Therefore, when relabeling a directory do not lock it (this
happens only when setting up some domain private paths anyway,
e.g. huge pages directory).

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-09-18 17:12:53 +02:00
Michal Privoznik
62fd05194a security_selinux: Move transaction handling up one level
So far the whole transaction handling is done
virSecuritySELinuxSetFileconHelper(). This needs to change for
the sake of security label remembering and locking. Otherwise we
would be locking a path when only appending it to transaction
list and not when actually relabelling it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-09-18 17:12:53 +02:00
Michal Privoznik
4a7a7808dc virSecuritySELinuxRestoreFileLabel: Adjust code pattern
Firstly, the following code pattern is harder to follow:

  if (func() < 0) {
      error();
  } else {
      /* success */
  }

We should put 'goto cleanup' into the error branch and move the
else branch one level up.
Secondly, 'rc' should really be named 'ret' because it holds
return value of the function. Not some intermediate value.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-09-18 17:12:53 +02:00
Michal Privoznik
c9318499a7 virSecuritySELinuxRestoreFileLabel: Rename 'err' label
This label is used in both successful and error paths. Therefore
it should be named 'cleanup' and not 'err'.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-09-18 17:12:53 +02:00
Michal Privoznik
7a9ca0fae9 security_dac: Lock metadata when running transaction
Lock all the paths we want to relabel to mutually exclude other
libvirt daemons.

The only hitch here is that directories can't be locked.
Therefore, when relabeling a directory do not lock it (this
happens only when setting up some domain private paths anyway,
e.g. huge pages directory).

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-09-18 17:12:53 +02:00
Michal Privoznik
6e22ab2701 security_dac: Fix info messages when chown()-ing
Firstly, the message that says we're setting uid:gid shouldn't be
called from virSecurityDACSetOwnershipInternal() because
virSecurityDACRestoreFileLabelInternal() is calling it too.
Secondly, there are places between us reporting label restore and
us actually doing it where we can quit. Don't say we're doing
something until we are actually about to do it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-09-18 17:12:53 +02:00
Michal Privoznik
c0b68c6e19 security_dac: Move transaction handling up one level
So far the whole transaction handling is done
virSecurityDACSetOwnershipInternal(). This needs to change for
the sake of security label remembering and locking. Otherwise we
would be locking a path when only appending it to transaction
list and not when actually relabeling it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-09-18 17:12:53 +02:00
Michal Privoznik
c34f11998e security_manager: Introduce metadata locking APIs
Two new APIs are added so that security driver can lock and
unlock paths it wishes to touch. These APIs are not for other
drivers to call but security drivers (DAC and SELinux). That is
the reason these APIs are not exposed through our
libvirt_private.syms file.

Three interesting things happen in this commit. The first is the
global @lockManagerMutex. Unfortunately, this has to exist so that
there is only one thread talking to virtlockd at a time. If there
were more threads and one of them closed the connection
prematurely, it would cause virtlockd killing libvirtd. Instead
of complicated code that would handle that, let's have a mutex
and keep the code simple.

The second interesting thing is keeping connection open between
lock and unlock API calls. This is achieved by duplicating client
FD and keeping it open until unlock is called. This trick is used
by regular disk content locking code when the FD is leaked to
qemu.

Finally, the third thing is polling implemented at client side.
Since virtlockd has only one thread that handles locking
requests, all it can do is either acquire lock or error out.
Therefore, the polling has to be implemented in client. The
polling is capped at 60 second timeout, which should be plenty
since the metadata lock is held only for a fraction of a second.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-09-18 17:12:53 +02:00
Michal Privoznik
3e26b476b5 security_manager: Load lock plugin on init
Now that we know what metadata lock manager user wishes to use we
can load it when initializing security driver. This is achieved
by adding new argument to virSecurityManagerNewDriver() and
subsequently to all functions that end up calling it.

The cfg.mk change is needed in order to allow lock_manager.h
inclusion in security driver without 'syntax-check' complaining.
This is safe thing to do as locking APIs will always exist (it's
only backend implementation that changes). However, instead of
allowing the include for all other drivers (like cpu, network,
and so on) allow it only for security driver. This will still
trigger the error if including from other drivers.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-09-18 17:12:53 +02:00
Michal Privoznik
8b8aefb3d6 qemu_conf: Introduce metadata_lock_manager
This config option allows users to set and enable lock manager
for domain metadata. The lock manager is going to be used by
security drivers to serialize each other when changing a file
ownership or changing the SELinux label. The only supported lock
manager is 'lockd' for now.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-09-18 17:12:53 +02:00
Michal Privoznik
35b5b244da lock_manager: Allow disabling configFile for virLockManagerPluginNew
In some cases we might want to not load the lock driver config.
Alter virLockManagerPluginNew() and the lock drivers to cope with
this fact.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-09-18 17:12:53 +02:00
Michal Privoznik
385eb8399b lock_driver: Introduce VIR_LOCK_MANAGER_ACQUIRE_ROLLBACK
Soon there will be a virtlockd client that wants to either lock
all the resources or none (in order to avoid virtlockd killing
the client on connection close). Because on the RPC layer we can
only acquire one resource at a time, we have to perform a
rollback once we hit a resource that can't be acquired.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-09-18 17:12:53 +02:00
Michal Privoznik
997283b54b lock_driver: Introduce VIR_LOCK_MANAGER_RESOURCE_TYPE_METADATA
This is a new type of object that lock drivers can handle.
Currently, it is supported by lockd driver only.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-09-18 17:12:53 +02:00
Michal Privoznik
aaf34cb901 _virLockManagerLockDaemonPrivate: Move @hasRWDisks into dom union
The fact whether domain has or doesn't have RW disks is specific
to VIR_LOCK_MANAGER_OBJECT_TYPE_DOMAIN and therefore should
reside in union specific to it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-09-18 17:12:53 +02:00
Michal Privoznik
22baf6e08c lock_driver: Introduce new VIR_LOCK_MANAGER_OBJECT_TYPE_DAEMON
We will want virtlockd to lock files on behalf of libvirtd and
not qemu process, because it is libvirtd that needs an exclusive
access not qemu. This requires new lock context.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-09-18 17:12:53 +02:00
Michal Privoznik
21c34b86be lock_driver_lockd: Introduce VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_METADATA flag
This flag causes virtlockd to use different offset when locking
the file.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-09-18 17:12:53 +02:00
Michal Privoznik
afd5a27575 virlockspace: Allow caller to specify start and length offset in virLockSpaceAcquireResource
So far the virLockSpaceAcquireResource() locks the first byte in
the underlying file. But caller might want to lock other range.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-09-18 17:12:53 +02:00
Erik Skultety
b916a25e8a ctags: Generate tags for headers, i.e. function prototypes
From time to time it's handy to jump directly to a function prototype in
a header. However, generating tags for headers is disabled by default in
ctags, let's enable it by using --c-kinds=+p.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2018-09-18 14:21:33 +02:00
Andrea Bolognani
d52dd5911b tests: Follow up on qemucaps2xmldata rename
The directory has been renamed in 562990849a, but a
reference to it was not updated at the same time, causing
'make dist' to fail ever since. Fix it.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2018-09-17 17:03:56 +02:00