Commit Graph

28486 Commits

Author SHA1 Message Date
Daniel P. Berrange
bc251ea91b qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748)
We read from QEMU until seeing a \r\n pair to indicate a completed reply
or event. To avoid memory denial-of-service though, we must have a size
limit on amount of data we buffer. 10 MB is large enough that it ought
to cope with normal QEMU replies, and small enough that we're not
consuming unreasonable mem.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2018-01-18 09:04:27 +00:00
Andrea Bolognani
ff609286a7 news: Update for 4.0.0
As usual, a bunch of changes slipped through the cracks during the
development cycle. Update the release notes to include at least the
most notable ones.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2018-01-17 17:35:24 +01:00
Marc Hartmayer
029e024770 qemu: qemuDomainNamespaceUnlinkPaths: Return 0 in case of success
Commit 7a931a4204 refactored the code and probably forgot to add
this line.

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
2018-01-17 17:08:53 +01:00
Jiri Denemark
24d504396c cpu: Add Skylake-Server-IBRS CPU model
This is a variant of Skylake-Server with indirect branch prediction
protection. The only difference between Skylake-Server and
Skylake-Server-IBRS is the added "spec-ctrl" feature.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2018-01-17 17:07:04 +01:00
Jiri Denemark
b2042020c3 cpu: Add Skylake-Client-IBRS CPU model
This is a variant of Skylake-Client with indirect branch prediction
protection. The only difference between Skylake-Client and
Skylake-Client-IBRS is the added "spec-ctrl" feature.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2018-01-17 17:07:04 +01:00
Jiri Denemark
7bb4ce9761 cpu: Add Broadwell-IBRS CPU model
This is a variant of Broadwell with indirect branch prediction
protection. The only difference between Broadwell and Broadwell-IBRS is
the added "spec-ctrl" feature.

The Broadwell-IBRS model in QEMU is a bit different since Broadwell got
several additional features since we added it in cpu_map.xml:
    abm, arat, f16c, rdrand, vme, xsaveopt

Adding them only to the -IBRS variant would confuse our CPU detection
code.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2018-01-17 17:07:04 +01:00
Jiri Denemark
49bffcb3cc cpu: Add Broadwell-noTSX-IBRS CPU model
This is a variant of Broadwell-noTSX with indirect branch prediction
protection. The only difference between Broadwell-noTSX and
Broadwell-noTSX-IBRS is the added "spec-ctrl" feature.

The Broadwell-noTSX-IBRS model in QEMU is a bit different since
Broadwell-noTSX got several additional features since we added it in
cpu_map.xml:
    abm, arat, f16c, rdrand, vme, xsaveopt

Adding them only to the -IBRS variant would confuse our CPU detection
code.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2018-01-17 17:07:03 +01:00
Jiri Denemark
7f83eefa9e cpu: Add Haswell-IBRS CPU model
This is a variant of Haswell with indirect branch prediction protection.
The only difference between Haswell and Haswell-IBRS is the added
"spec-ctrl" feature.

The Haswell-IBRS model in QEMU is a bit different since Haswell got
several additional features since we added it in cpu_map.xml:
    arat, abm, f16c, rdrand, vme, xsaveopt

Adding them only to the -IBRS variant would confuse our CPU detection
code.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2018-01-17 17:07:03 +01:00
Jiri Denemark
7dd85ff62d cpu: Add Haswell-noTSX-IBRS CPU model
This is a variant of Haswell-noTSX with indirect branch prediction
protection. The only difference between Haswell-noTSX and
Haswell-noTSX-IBRS is the added "spec-ctrl" feature.

The Haswell-noTSX-IBRS model in QEMU is a bit different since
Haswell-noTSX got several additional features since we added it in
cpu_map.xml:
    arat, abm, f16c, rdrand, vme, xsaveopt

Adding them only to the -IBRS variant would confuse our CPU detection
code.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2018-01-17 17:07:03 +01:00
Jiri Denemark
203c92e9cc cpu: Add IvyBridge-IBRS CPU model
This is a variant of IvyBridge with indirect branch prediction
protection. The only difference between IvyBridge and IvyBridge-IBRS is
the added "spec-ctrl" feature.

The IvyBridge-IBRS model in QEMU is a bit different since IvyBridge got
several additional features since we added it in cpu_map.xml:
    arat, vme, xsaveopt

Adding them only to the -IBRS variant would confuse our CPU detection
code.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2018-01-17 17:07:03 +01:00
Jiri Denemark
30b381cfdd cpu: Add SandyBridge-IBRS CPU model
This is a variant of SandyBridge with indirect branch prediction
protection. The only difference between SandyBridge and SandyBridge-IBRS
is the added "spec-ctrl" feature.

The SandyBridge-IBRS model in QEMU is a bit different since SandyBridge
got several additional features since we added it in cpu_map.xml:
    arat, vme, xsaveopt

Adding them only to the -IBRS variant would confuse our CPU detection
code.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2018-01-17 17:07:03 +01:00
Jiri Denemark
2e3b220a87 cpu: Add Westmere-IBRS CPU model
This is a variant of Westmere with indirect branch prediction
protection. The only difference between Westmere and Westmere-IBRS is
the added "spec-ctrl" feature.

The Westmere-IBRS model in QEMU is a bit different since Westmere got
several additional features since we added it in cpu_map.xml:
    arat, pclmuldq, vme

Adding them only to the -IBRS variant would confuse our CPU detection
code.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2018-01-17 17:07:03 +01:00
Jiri Denemark
6b7e7d1cc2 cpu: Add Nehalem-IBRS CPU model
This is a variant of Nehalem with indirect branch prediction protection.
The only difference between Nehalem and Nehalem-IBRS is the added
"spec-ctrl" feature.

Thus the diff matches QEMU, but the new CPU model itself is different.
The QEMU's versions of both models contain "vme" feature, while this
feature is missing in libvirt's models. While we can't change the
existing Nehalem CPU model, we could add "vme" to Nehalem-IBRS to make
it similar to QEMU, but doing so would fool our CPU detecting code so
that any Nehalem CPU with "vme" feature would be detected as
Nehalem-IBRS CPU without spec-ctrl. Not adding "vme" to Nehalem-IBRS is
safe as QEMU will just provide the feature anyway, which matches what
happens with Nehalem (and new enough machine types).

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2018-01-17 17:07:02 +01:00
Jiri Denemark
edcab4d0a4 cputest: Add data for updated Intel(R) Core(TM) i7-5600U CPU
The CPU contains the updated microcode for CVE-2017-5715.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2018-01-17 17:07:02 +01:00
Jiri Denemark
32e348be6b cputest: Add data for updated AMD EPYC 7601 32-Core Processor
The CPU contains the updated microcode for CVE-2017-5715.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2018-01-17 17:07:02 +01:00
Jiri Denemark
e68ffa5164 cputest: Add data for Intel(R) Xeon(R) Gold 5115 CPU
The CPU contains the updated microcode for CVE-2017-5715.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2018-01-17 17:07:02 +01:00
Jiri Denemark
69e4eb047f cputest: Add data for Intel(R) Xeon(R) CPU E5-2623 v4
The CPU contains the updated microcode for CVE-2017-5715.

The *-guest.xml and *-json.xml CPU definitions use Skylake-Client CPU
model rather than Broadwell. This is similar to Xeon-E5-2650-v4 and it
is caused by our CPU model selection code when no model matches the CPU
signature (family + model). We'd need to maintain a complete list of CPU
signatures for our CPU models to fix this.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2018-01-17 17:07:02 +01:00
Jiri Denemark
181acabef9 cputest: Add data for Intel(R) Xeon(R) CPU E5-2609 v3
The CPU contains the updated microcode for CVE-2017-5715.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2018-01-17 17:07:02 +01:00
Paolo Bonzini
8b605530e8 cpu: add CPU features for indirect branch prediction protection
Added in QEMU commits TBD and TBD.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2018-01-17 17:07:02 +01:00
intrigeri
904cdd09bc On startup libvirtd runs a number of QEMU processes unconfined such as:
/usr/bin/qemu-system-x86_64 -S -no-user-config -nodefaults -nographic -machine none,accel=kvm:tcg -qmp unix:/var/lib/libvirt/qemu/capabilities.monitor.sock,server,nowait -pidfile /var/lib/libvirt/qemu/capabilities.pidfile -daemonize

libvirtd needs to be allowed to kill these processes, otherwise they
remain running.
2018-01-17 16:28:27 +01:00
Marc Hartmayer
97202988d9 qemu: Fix segmentation fault when attaching a non iSCSI host device
Add a check if it's a iSCSI hostdev and if it's not then don't use the
union member 'iscsi'. The segmentation fault occured when accessing
secinfo->type, but this can vary from case to case.

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
2018-01-17 09:57:53 -05:00
Daniel P. Berrange
2efd35a307 rpm: updates wrt min required fedora version
Update the min fedora to 26. Use a macro to record the min versions so that the
later error message is always in sync with the earlier version check. Clarify
the comment that refers to guessing of dist which does not actually happen.

Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2018-01-17 12:09:33 +00:00
Pavel Hrdina
5209781f67 spec: enable bash completion only on new enough distros
RHEL-6 doesn't have bash-completion package by default, it has to be
installed from EPEL.

Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-01-17 12:08:16 +01:00
Dan Zheng
75cfb8434e nodedev: Add the missing PCI dev checks for 'mdev_types' capability
Similar to commit @f44ec9c1, commit @500cbc06 introduced a new nested
'mdev_types' capability, however the mentioned commit didn't adjust
virNodeDeviceNumOfCaps and virNodeDeviceListCaps functions accordingly
to provide proper support for this capability.

After applying this patch the following python snippet returns the
expected results:
    import libvirt
    conn = libvirt.openReadOnly('qemu:///system')
    devs = conn.listAllDevices()
    for dev in devs:
        if 'mdev_types' in dev.listCaps():
            print dev.name(),dev.numOfCaps(),dev.listCaps()

Signed-off-by: Dan Zheng <dzheng@redhat.com>
Signed-off-by: Erik Skultety <eskultet@redhat.com>
2018-01-16 10:33:25 +01:00
Michal Privoznik
74416b1d48 m4: Check for rl_completion_quote_character
Apparently we can't assume that people run readline recent enough
to have rl_completion_quote_character (added in readline-5.0
released in 2011). However, we can't compile without it. So if
not present, disable readline.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2018-01-15 17:59:26 +01:00
Michal Privoznik
0d6d5de53e tools: Always compile {virsh,virt-admin}-completer.c
The functions defined in these sources are referenced all over
the place, however, compiler only when building with readline.
Thus when building without it linker gets sad as it can't find
them.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2018-01-15 15:49:11 +01:00
Michal Privoznik
66aa7e02c6 vsh: Provide cmdComplete stub for readline disabled builds
When building without readline, this function does nothing but
return false. Without touching any of its arguments which
triggers a build error. Therefore, provide a stub that has
arguments marked as unused.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2018-01-15 15:49:07 +01:00
Michal Privoznik
98bc781b42 vshReadlineOptionsGenerator: Don't add already specified options to the list
The current state of art is as follows:

 1) vshReadlineOptionsGenerator() generate all possible --options
 for given command, and then
 2) vshReadlineOptionsPrune() clears out already provided ones
 from the list.

Not only this brings needless memory complexity it is also not
trivial to get right. We can switch to easier approach: just
don't add already specified --options in the first step.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2018-01-15 15:45:14 +01:00
Bjoern Walk
44601840dd tests: sysinfotest: add new test case for S390
Let's add a test case for S390 with CPU frequency information available.
Test data is sampled from an IBM z13 system running kernel 4.14 on LPAR.

Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Signed-off-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
2018-01-12 09:24:14 -05:00
Bjoern Walk
4be9959b41 util: virsysinfo: parse frequency information on S390
Let's also parse the available processor frequency information on S390
so that it can be utilized by virsh sysinfo:

    # virsh sysinfo

    <sysinfo type='smbios'>
      ...
      <processor>
	<entry name='family'>2964</entry>
	<entry name='manufacturer'>IBM/S390</entry>
	<entry name='version'>00</entry>
	<entry name='max_speed'>5000</entry>
	<entry name='serial_number'>145F07</entry>
      </processor>
      ...
    </sysinfo>

Reviewed-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Signed-off-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
2018-01-12 09:21:05 -05:00
Andrea Bolognani
85604bc332 travis: Skip nfs-common installation
Installing nfs-common is broken on trusty since build #807

  https://travis-ci.org/libvirt/libvirt/builds/326705054

It's probably a transient error on Travis' side, so just comment
it out for the time being to allow builds to proceed.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
2018-01-12 14:40:58 +01:00
Andrea Bolognani
3e61c2129c travis: Sync packages with libvirt-jenkins-ci
Make sure we install the same packages lcitool would install on
the CentOS CI so that we have consistent results. The package
list is current as of libvirt-jenkins-ci commit 3a559ae7bc08.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
2018-01-12 14:40:53 +01:00
Scott Garfinkle
2d8721e260 domcaps: Treat host models as case-insensitive strings
Qemu 2.11 allows case-insensitive specification of CPU models.
This patch fixes the resulting problems on (at least) POWER
arch machines so that Power8 and POWER8 are not different.

Signed-off-by: Scott Garfinkle <scottgar@linux.vnet.ibm.com>
2018-01-12 06:31:53 -05:00
Jiri Denemark
e8784e7868 qemu: Fix type of a completed job
Libvirt 3.7.0 and earlier libvirt reported a migration job as completed
immediately after QEMU finished sending migration data at which point
migration was not really complete yet. Commit v3.7.0-29-g3f2d6d829e
fixed this, but caused a regression in reporting statistics for
completed jobs which started reporting the job as still running. This
happened because the completed job statistics including the job status
are copied from the running job before we finally mark it as completed.

Let's make sure QEMU_DOMAIN_JOB_STATUS_COMPLETED is always set in the
completed job info even when the job has not finished yet.

https://bugzilla.redhat.com/show_bug.cgi?id=1523036

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2018-01-12 10:45:31 +01:00
Jiri Denemark
237f045d9a qemu: Ignore fallback CPU attribute on reconnect
When reconnecting to a running domain with host-model CPU started by old
libvirt which did not store the actual CPU in the status XML, we need to
ignore the fallback attribute to make sure we can translate the detected
host CPU model to a model which is supported by the running QEMU.

https://bugzilla.redhat.com/show_bug.cgi?id=1532980

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2018-01-12 10:45:31 +01:00
Michal Privoznik
72ac507f42 m4: Don't enable bash-completion by default
Due to the way that check logic was written we basically enabled
bash completion whenever readline was enabled. This is not right
because it made bash-completion pkg-config module required.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2018-01-12 10:43:30 +01:00
Michal Privoznik
b1afeda98d virt-admin: Introduce vshAdmServerCompleter
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2018-01-11 18:53:04 +01:00
Michal Privoznik
7e7db4bfe0 virsh: Introduce virshDomainInterfaceCompleter
For given domain fetch list of defined interfaces. This can be
used for commands like domif-getlink and others. If available,
the interface name is returned (e.g. "vnet0", usually available
only for running domains), if not the MAC address is returned.
Moreover, the detach-interface command requires only MAC address
and therefore we have new flag that forces the completer to
return just the MAC address.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2018-01-11 18:53:04 +01:00
Michal Privoznik
ec3403be7e virsh: Introduce virshDomainNameCompleter
Now that we have everything prepared let the fun begin. This
completer is very simple and returns domain names. Moreover,
depending on the command it can return just a subset of domains
(e.g. only running/paused/transient/.. ones).

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2018-01-11 18:53:04 +01:00
Michal Privoznik
f0d390bc16 tools: Provide bash autompletion file
The only purpose of this file is to be sourced. After that one
can use completion even for their bash:

  # virsh list --<TAB><TAB>
  --all                   --inactive ...

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2018-01-11 18:53:04 +01:00
Michal Privoznik
a0e1ada63c vsh: Introduce complete command
This command is going to be called from bash completion script in
the following form:

  virsh complete -- start --domain

Its only purpose is to return list of possible strings for
completion. Note that this is a 'hidden', unlisted command and
therefore there's no documentation to it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2018-01-11 18:53:04 +01:00
Michal Privoznik
cc005fe5a8 vsh: Filter --options
Similarly to the previous commit, once we've presented an
--option for a command to the user it makes no sense to offer it
again. Therefore, we can prune all already specified options. For
instance, after this patch:

  virsh # migrate --verbose <TAB><TAB>

will no longer offer --verbose option.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2018-01-11 18:53:04 +01:00
Michal Privoznik
d4e63aff5d vsh: Prune string list returned by completer
Instead of having completers prune returned string list based on
user's input we can do that right after the callback is called.
Only strings matching the prefix will be presented to the user
then.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2018-01-11 18:53:04 +01:00
Michal Privoznik
f1da85d44e vsh: Call vshCmdOptDef completer
Now that we have everything prepared we can call options'
completer again. At the same time, pass partially parsed input to
the completer callback - it will help the callbacks to narrow
down the list of returned options based on user's input. For
instance, if the completer is supposed to return list of
interfaces depending on user input it may return just those
interfaces defined for already specified domain. Of course,
completers might ignore this parameter.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2018-01-11 18:53:04 +01:00
Michal Privoznik
4d3c65c2e8 vsh: Fix vshCompleter signature
The first argument passed to this function is vshControl *.
There's no need to use void pointer.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2018-01-11 18:53:04 +01:00
Michal Privoznik
72bf14d345 util: Introduce virStringListMerge
For two string lists merge one into the other one.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2018-01-11 18:53:04 +01:00
Michal Privoznik
a26ff63ae4 vshCommandOpt: Allow caller avoiding assert()
In the future, completer callbacks will receive partially parsed
command (and thus possibly incomplete). However, we still want
them to use command options fetching APIs we already have (e.g.
vshCommandOpt*()) and at the same time don't report any errors
(nor call any asserts).

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-01-11 18:53:04 +01:00
Michal Privoznik
69ebc64518 vshReadlineParse: Use string list
It's better to fetch list of either commands or options just once
and then iterate over it. Moreover, it makes future completers
way simpler as they will return string lists too.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2018-01-11 18:53:04 +01:00
Michal Privoznik
61fb1df74d vshReadlineParse: Escape returned results if needed
When returning a string that needs escaping there are two
scenarios that can happen. Firstly, user already started the
string with a quote (or double quote) in which case we don't need
to do anything - readline takes care of that. However, if they
haven't typed anything yet, we need to escape the string
ourselves.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2018-01-11 18:53:04 +01:00
Michal Privoznik
255be07d35 vshReadlineParse: Drop code duplication
Now that we have a way of retrieving partly parsed command we
don't need duplicate code that parses the user's input.

Yes, this code removes call of opt's completer, but:
  a) current implementation is broken anyway, and
  b) it will be added back shortly

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2018-01-11 18:53:04 +01:00