Commit Graph

16847 Commits

Author SHA1 Message Date
Cole Robinson
ef2c82170f qemu: alias: Remove QEMU_CAPS_DEVICE
QEMU_CAPS_DEVICE is always set nowadays, so drop code that depends
on not-DEVICE
2016-05-16 10:29:39 -04:00
Jiri Denemark
5b62a95176 cpu: Properly report errors when parsing CPU map XML
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-05-16 15:46:30 +02:00
Jiri Denemark
17924643ec cpu_x86: Check vendor early
When searching for the best CPU model for CPUID data we can easily
ignore models with non-matching vendor before spending time on CPUID
data to virCPUDef conversion.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-05-16 15:46:30 +02:00
Jiri Denemark
1cc9a1d07c cpu_x86: Don't ignore parsing errors in x86ModelLoad
CPU map XML is our internal data file, it makes no sense to tolerate any
errors in it.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-05-16 15:46:29 +02:00
Jiri Denemark
49da4cf168 cpu_x86: Don't ignore parsing errors in x86FeatureLoad
CPU map XML is our internal data file, it makes no sense to tolerate any
errors in it.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-05-16 15:46:29 +02:00
Jiri Denemark
db8a1873fb cpu_x86: Don't ignore parsing errors in x86VendorLoad
CPU map XML is our internal data file, it makes no sense to tolerate any
errors in it.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-05-16 15:46:29 +02:00
Jiri Denemark
945776dbc6 cpu_x86: Simplify insertions into a linked list
The next pointer is initialized to NULL, overwriting to with another
NULL doesn't hurt.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-05-16 15:46:28 +02:00
Jiri Denemark
26bfa2a63b cpu_x86: Remove comparisons to NULL
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-05-16 15:46:28 +02:00
Jiri Denemark
aa9e0ef0ef cpu_x86: Use for loop in x86Decode
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-05-16 15:46:28 +02:00
Jiri Denemark
2085f9a514 cpu_x86: Rename cleanup labels
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-05-16 15:46:27 +02:00
Jiri Denemark
ea51e6a045 cpu_x86: Compare CPU candidates in a separate function
Splitting the comparison into a separate function makes the code cleaner
and easier to update in the future.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-05-16 15:46:27 +02:00
Jiri Denemark
5b991c44ed cpu_x86: Rename struct virCPUx86DataIterator
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-05-16 15:46:27 +02:00
Jiri Denemark
5778daf7db cpu_x86: Rename enum compare_result
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-05-16 15:46:26 +02:00
Jiri Denemark
bc01151a03 cpu_x86: Rename struct x86_map
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-05-16 15:46:26 +02:00
Jiri Denemark
449e2d43cc cpu_x86: Rename struct x86_model
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-05-16 15:46:26 +02:00
Jiri Denemark
44f9cf6c04 cpu_x86: Rename struct x86_kvm_feature
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-05-16 15:46:25 +02:00
Jiri Denemark
3925e073f1 cpu_x86: Rename struct x86_feature
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-05-16 15:46:25 +02:00
Jiri Denemark
49ecf3da24 cpu_x86: Rename struct x86_vendor
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-05-16 15:46:25 +02:00
Cole Robinson
c7d6c13989 qemu: command: Ignore QEMU_CAPS_DEVICE when building drive alias
QEMU_CAPS_DEVICE is always set nowadays, so we can drop the
non-DEVICE code paths
2016-05-16 08:59:35 -04:00
Jiri Denemark
afdb3fc901 cpuGetModels: Fix memory leak on error
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-05-16 13:21:43 +02:00
Alexander Burluka
2b140f0cae cpu: Add support for clflushopt and tsc_adjust Intel features
Corresponding QEMU commits:
    clflushopt f7fda280948a5e74aeb076ef346b991ecb173c56
    tsc_adjust 7b458bfd12a71b3da6b531daedc417492c9334e0

Signed-off-by: Alexander Burluka <aburluka@virtuozzo.com>
2016-05-16 13:19:12 +02:00
John Ferlan
abd2272c02 secret: Alter virSecretGetSecretString
Rather than returning a "char *" indicating perhaps some sized set of
characters that is NUL terminated, alter the function to return 0 or -1
for success/failure and add two parameters to handle returning the
buffer and it's size.

The function no longer encodes the returned secret, rather it returns
the unencoded secret forcing callers to make the necessary adjustments.

Alter the callers to handle the adjusted model.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-16 12:58:48 +02:00
Peter Krempa
fb1dddfb00 qemu: domain: Fix names for functions that clear security info
They don't free the structure itself so they should be called *Clear
rather than *Free.
2016-05-16 12:58:48 +02:00
John Ferlan
1cf5af40b9 util: string: Introduce helper to determine whether a byte buffer is printable
Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-16 12:58:48 +02:00
Peter Krempa
cb2e3e50ee util: string: Introduce virStringEncodeBase64
Add a new helper that sanitizes error semantics of base64_encode_alloc.
2016-05-16 12:58:48 +02:00
Peter Krempa
1d632c3924 secret: util: Refactor virSecretGetSecretString
Call the internal driver callbacks rather than the public APIs to avoid
calling unnecessarily the error dispatching code and don't overwrite
the error messages provided by the APIs. They are good enough to
describe which secret is missing either by UUID or the usage (basically
name).
2016-05-16 12:58:48 +02:00
Peter Krempa
eb2116fd9a util: alloc: Introduce freeing helpers that clear the memory before freeing
For a few cases where we handle secret information it's good to clear
the buffers containing sensitive data before freeing them.

Introduce VIR_DISPOSE, VIR_DISPOSE_N and VIR_DISPOSE_STRING that allow
simple clearing fo the buffers holding sensitive information on cleanup
paths.
2016-05-16 12:58:48 +02:00
Jiri Denemark
ced1e846a0 capabilities: Advertise cpuselection if -cpu host is usable
When -cpu host is supported by a QEMU binary, a user can use
<cpu mode='host-passthrough'/> in domain XML even when libvirtd failed
to find a matching model for the host CPU. Let's make it obvious by
advertising <cpuselection/> guest capability whenever -cpu host is
supported.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-05-16 10:42:28 +02:00
Fabian Freyer
9055faebd4 qemu: remove ATTRIBUTE_UNUSED in connectGetType
This is not needed here, since the conn parameter is used in the ACL
checking calls, which were introduced in abf75aea2.
2016-05-13 15:52:11 -04:00
Fabian Freyer
126e630e85 bhyve: implement virConnectGetType
This implements virConnectGetType for the bhyve driver.
2016-05-13 21:10:58 +03:00
Jim Fehlig
400e716d7d libxl: don't attempt to probe a non-existent emulator
When probing the <emulator> with '-help' to determine if
it is the old qemu, errors are reported if the emulator
doesn't exist

libvirt:  error : internal error: Child process
(/usr/lib/xen/bin/qemu-dm -help) unexpected exit status 127:
libvirt:  error : cannot execute binary /usr/lib/xen/bin/qemu-dm:
No such file or directory

Avoid the probe if the specified emulator doesn't exist,
squelching the error. There is no behavior change since
libxlDomainGetEmulatorType() would return
LIBXL_DEVICE_MODEL_VERSION_QEMU_XEN if the probe failed
via virCommandRun().

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2016-05-13 10:08:34 -06:00
Pavel Hrdina
3902f634bf virt-aa-helper: remove replace_string and use virStringReplace instead
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-05-13 17:42:57 +02:00
Laine Stump
9575cb8554 network: log error when <bandwidth> is requested for hostdev interfaces
This would previously be silently ignored.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1319044
2016-05-13 10:02:20 -04:00
Michal Privoznik
7fccf12482 virfile: Introduce virFileRemoveLastComponent
Move some parts of virStorageFileRemoveLastPathComponent
into a separate function so they can be reused.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-05-13 14:17:15 +02:00
Shivaprasad G Bhat
be1a7e6d31 leave out the default USB controller only on i440fx during migration
Further followup discussions in list on commit 192a53e concluded
that we should be leaving out the USB controller only for
i440fx machines as default USB can be used by someone on q35
at random slots.

Signed-off-by: Shivaprasad G Bhat <sbhat@linux.vnet.ibm.com>
2016-05-13 10:11:00 +02:00
Peter Krempa
2a1a9808b1 qemu: domain: Fix name of macro defining AES IV length
The initialization vector is a technical term by itself different from
the key.
2016-05-12 17:13:09 +02:00
John Ferlan
677b94f487 qemu: Change from SecretIV or _IV to SecretAES or _AES
The preferred name will be AES not IV, change current references

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-12 09:30:08 -04:00
Ján Tomko
538012c8a3 Fill out default vram in DeviceDefPostParse
Move filling out the default video (v)ram to DeviceDefPostParse.

This means it can be removed from virDomainVideoDefParseXML
and qemuParseCommandLine. Also, we no longer need to special case
VIR_DOMAIN_VIRT_XEN, since the per-driver callback gets called
before the generic one.
2016-05-12 08:22:08 +02:00
Ján Tomko
3e42867032 Call per-device post-parse callback even on implicit video
Commit 6879be48 moved adding of an implicit video device after XML
parsing. As a result, libxlDomainDeviceDefPostParse() is no longer
called to set the default vram when adding an implicit device.
Commit 6879be48 assumes virDomainVideoDefaultRAM() will set the
default vram, but it returns 0 if the domain virtType is
VIR_DOMAIN_VIRT_XEN. Attempting to start an HVM domain with vram=0
results in

error: unsupported configuration: videoram must be at least 4MB for CIRRUS

The default vram setting for Xen HVM domains depends on the device
model used (qemu-xen vs qemu-traditional), hence setting the
default is deferred to libxlDomainDeviceDefPostParse().

Call the device post-parse callback even for implicit video,
to fill out the default vram even for VIR_DOMAIN_VIRT_XEN.

https://bugzilla.redhat.com/show_bug.cgi?id=1334557
Most-of-commit-message-by: Jim Fehlig <jfehlig@suse.com>
2016-05-12 08:22:08 +02:00
Ján Tomko
e4d131b8cb Move virDomainDefPostParseInternal after virDomainDeviceDefPostParse
Future commit will call DeviceDefPostParse on a device auto-added
in DomainDefPostParse.
2016-05-12 08:22:08 +02:00
Erik Skultety
e711a3918f util: Fix virGetLastErrorMessage to return proper error when 'err' is NULL
Both virGetLastError and virGetLastErrorMessage call virLastErrorObject method
that returns a thread-local error object. However, if a direct call to malloc
or pthread_setspecific (probably also due to malloc, since it sets ENOMEM)
fail, virLastErrorObject returns NULL which, although incorrectly interpreted
by virGetLastError as no error, still requires the caller to check for NULL
pointer. This isn't the case with virGetLastErrorMessage that also treated it
incorrectly as no error, but returned the literal "no error".
This patch tweaks the checks in the virGetLastErrorMessage function, so that
if virLastErrorObject failed, it returned "unknown error" which is equivalent
to the current approach with virGetLastError and if it returned NULL,
"unknown error" was set.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-11 20:10:35 +02:00
John Ferlan
8cdff0b93f storage: Fix virStorageBackendDiskDeleteVol for device mapper
Commit id 'df1011ca8' modified virStorageBackendDiskDeleteVol to use
"dmsetup remove --force" to remove the volume, but left things in an
inconsistent state since the partition still existed on the disk and
only the device mapper device (/dev/dm-#) was removed.

Prior to commit '1895b421' (or '1ffd82bb' and '471e1c4e'), this could
go unnoticed since virStorageBackendDiskRefreshPool wasn't called.
However, the pool would be unusable since the /dev/dm-# device would
be removed even though the partition was not removed unless a multipathd
restart reset the link. That would of course make the volume appear again
in the pool after a refresh or pool start after libvirt reload.

This patch removes the 'dmsetup' logic and re-implements the partition
deletion logic for device mapper devices. The removal of the partition
via 'parted rm --script #' will cause udev device change logic to allow
multipathd to handle removing the dm-* device associated with the partition.
2016-05-11 09:23:31 -04:00
John Ferlan
e7bde8d319 storage: Fix algorithm generating path names for devmapper
https://bugzilla.redhat.com/show_bug.cgi?id=1265694

Commit id '020135dc' didn't quite get the algorithm correct when a
device mapper source ended with a non numeric value (e.g. ends with
an alphabet value).

This patch modifies the 'part_separator' logic to add the "p" separator
to the attempted target path name only when specified as part_separator='yes'.

For a source name that already ends with a number, the logic doesn't change
as the part separator would need to be there.

For a source name that ends with something other than a number, this allows
the possibility that a "p" separator can be added. The default for one of
these source devices is to not add the separator.

The key for device mapper and the need for a partition separator "p" is
the presence of a number in the last character of the device name link
in /dev/mapper.  A name such as "/dev/mapper/mpatha1" would generate
a "/dev/mapper/mpatha1p1" partition, while "/dev/mapper/mpatha" would
generate partition "/dev/mapper/mpatha1". Similarly for a device
mapper entry not using friendly names or an alias, a device such as
"/dev/mapper/3600a0b80005b10ca00005ad656fd8d93" would generate a
paritition "/dev/mapper/3600a0b80005b10ca00005ad656fd8d93p1", while
a device such as "/dev/mapper/3600a0b80005b10ca00005e115729093f" would
generate a partition "/dev/mapper/3600a0b80005b10ca00005e115729093f1".
The long number is the WWID of the device. It's also possible to assign
an alias for a device mapper entry, that alias follows the same rules
with respect to ending with a number or not when adding a "p" to create
the target device path.
2016-05-11 09:23:31 -04:00
John Ferlan
5e54361c9d storage: Need to clear pool prior to calling the refreshPool
Prior to calling the 'refreshPool' during CreatePool or UploadPool
operations, we need to clear the pool; otherwise, the pool will
have duplicated entries.
2016-05-11 09:23:31 -04:00
John Ferlan
2c52ec43aa storage: Fix regression cloning volume into a logical pool
https://bugzilla.redhat.com/show_bug.cgi?id=1318993

Commit id 'dd519a294' caused a regression cloning a volume into a
logical pool by removing just the 'allocation' adjustment during
storageVolCreateXMLFrom. Combined with the change to not require the
new volume input XML to have a capacity listed (commit id 'e3f1d2a8')
left the possibility that a zero allocation value (e.g., not provided)
would create a thin/sparse logical volume. When a thin lv becomes fully
populated, then LVM sets the partition 'inactive' and the subsequent
fdatasync() fails.

Add a new 'has_allocation' flag to be set at XML parse time to indicate
that allocation was provided. This is done so that if it's not provided
the create-from code uses the capacity value since we document that if
omitted, the volume will be fully allocated at time of creation.

For a logical backend, that creation time is 'createVol', while for a
file backend, creation doesn't set the size, but the 'createRaw' called
during buildVolFrom will decide whether the file is sparse or not based
on the provided capacity and allocation value.

For volume clones that provide different allocation and capacity values
to allow for sparse files, there is no change.
2016-05-11 09:06:26 -04:00
Erik Skultety
898c0bbea7 headers: Remove unnecessary keyword extern from function declaration
Usage of this keyword in front of function declaration that is exported via a
header file is unnecessary, since internally, this has been the default for most
compilers for quite some time.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-11 09:06:32 +02:00
Laine Stump
e5aecc2f80 conf: log error when incorrect PCI root controller is added to domain
libvirt may automatically add a pci-root or pcie-root controller to a
domain, depending on the arch/machinetype, and it hopefully always
makes the right decision about which to add (since in all cases these
controllers are an implicit part of the virtual machine).

But it's always possible that someone will create a config that
explicitly supplies the wrong type of PCI controller for the selected
machinetype. In the past that would lead to an error later when
libvirt was trying to assign addresses to other devices, for example:

  XML error: PCI bus is not compatible with the device at
  0000:00:02.0. Device requires a PCI Express slot, which is not
  provided by bus 0000:00

(that's the error message that appears if you replace the pcie-root
controller in a Q35 domain with a pci-root controller).

This patch adds a check at the same place that the implicit
controllers are added (to ensure that the same logic is used to check
which type of pci root is correct). If a pci controller with index='0'
is already present, we verify that it is of the model that we would
have otherwise added automatically; if not, an error is logged:

  The PCI controller with index='0' must be " model='pcie-root' for
  this machine type, " but model='pci-root' was found instead.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1004602
2016-05-10 17:03:24 -04:00
Laine Stump
b3f2c7cae8 conf: make virDomainDefAddController() public
This will be needed by the qemu driver in an upcoming patch.
2016-05-10 17:03:11 -04:00
Jim Fehlig
f9edcfa473 libxl: support migration stream V2 in migration
Similar to "support Xen migration stream V2 in save/restore",
add support for indicating the migration stream version in
the migration code. To accomplish this, add a minimal migration
cookie in the libxl driver that is passed between source and
destination hosts. Initially, the cookie is only used in
the Begin and Prepare phases of migration to communicate the
version of the migration stream produced by the source.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2016-05-10 14:23:37 -06:00
Jim Fehlig
5325123d23 libxl: support Xen migration stream V2 in save/restore
Xen 4.6 introduced a new migration stream commonly referred to as
"migration V2". Xen 4.6 and newer always produce this new stream,
whereas Xen 4.5 and older always produce the legacy stream.
Support for migration stream V2 can be detected at build time with
LIBXL_HAVE_SRM_V2 from libxl.h. The legacy and V2 streams are not
compatible, but a V2 host can accept and convert a legacy stream.

Commit e7440656 changed the libxl driver to use the lowest libxl
API version possible (version 0x040200) to ensure the driver
builds against older Xen releases. The old 4.2 restore API does
not support specifying a stream version and assumes a legacy
stream, even if the incoming stream is migration V2. Thinking it
has been given a legacy stream, libxl will fail to convert an
incoming stream that is already V2, which causes the entire
restore operation to fail. Xen's libvirt-related OSSTest has been
failing since commit e7440656 landed in libvirt.git master. One
of the more recent failures can be seen here

http://lists.xenproject.org/archives/html/xen-devel/2016-05/msg00071.html

This patch changes the call to libxl_domain_create_restore() to
include the stream version if LIBXL_HAVE_SRM_V2 is defined. The
version field of the libxlSavefileHeader struct is also updated
to '2' when LIBXL_HAVE_SRM_V2 is defined, ensuring the stream
version in the header matches the actual stream version produced
by Xen. Along with bumping the libxl API requirement to 0x040400,
this patch fixes save/restore on a migration V2 Xen host.

Oddly, migration has never used the libxlSavefileHeader. It
handles passing configuration in the Begin and Prepare phases,
and then calls libxl directly to transfer domain state/memory
in the Perform phase. A subsequent patch will add stream
version handling in the Begin and Prepare phase handshaking,
which will fix the migration related OSSTest failures.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2016-05-10 14:23:37 -06:00
Jim Fehlig
fccf27253c libxl: switch to using libxl_domain_create_restore from v4.4 API
In LIBXL_API_VERSION 0x040400, the libxl_domain_create_restore API
gained a parameter for specifying restore parameters. Switch to
using version 0x040400, which will be useful in a subsequent commit
to specify the Xen migration stream version when restoring.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2016-05-10 14:23:37 -06:00
John Ferlan
fc5c1e7fe9 qemu: Add extra checks for secret destroy API's
Remove the possibility that a NULL hostdev->privateData or a
disk->privateData could crash libvirtd by checking for NULL
before dereferencing for the secinfo structure in the
qemuDomainSecret{Disk|Hostdev}Destroy functions. The hostdevPriv
could be NULL if qemuProcessNetworkPrepareDevices adds a new
hostdev during virDomainNetGetActualHostdev that then gets
inserted via virDomainHostdevInsert. The hostdevPriv was added
by commit id '27726d8' and is currently only used by scsi hostdev.
2016-05-10 15:48:08 -04:00
Laine Stump
75db9997a0 util: set vlan tag for macvtap passthrough mode on SRIOV VFs
SRIOV VFs used in macvtap passthrough mode can take advantage of the
SRIOV card's transparent vlan tagging. All the code was there to set
the vlan tag, and it has been used for SRIOV VFs used for hostdev
interfaces for several years, but for some reason, the vlan tag for
macvtap passthrough devices was stubbed out with a -1.

This patch moves a bit of common validation down to a lower level
(virNetDevReplaceNetConfig()) so it is shared by hostdev and macvtap
modes, and updates the macvtap caller to actually send the vlan config
instead of -1.
2016-05-10 14:04:19 -04:00
Erik Skultety
c22ac618b5 admin: Introduce virAdmClientClose API
Once we're able to list and identify all clients connected to a specific
server, we can then support force-closing a connection. This patch introduces
a simple API calling virNetServerClientClose on a specific client, which
can be later extended easily, e.g. by sending an event once the client is
disconnected successfully.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-10 16:05:17 +02:00
Erik Skultety
37675f6b66 admin: Remove flags checking from virAdmConnectOpen public API
Unlike the previous commit, we do actually support one client-side only flag
VIR_CONNECT_NO_ALIASES, so besides removing the check for flags this flag
has to be masked out before sending a message to the daemon, otherwise it
would trigger an error when checking flags on the daemon side.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-10 15:54:20 +02:00
Erik Skultety
c53595785d admin: Remove flags checking from public API entry points
Due to compatibility reasons these should be checked on the server side.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-10 15:50:26 +02:00
Pavel Hrdina
1ccc7fbff3 qemu_hotplug: fix checking graphics ports
We cannot change ports for running domain and we should error out if
autoport is enabled.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-05-10 10:44:46 +02:00
Pavel Hrdina
9d88cbea87 qemu_process: merge graphics code into qemuProcessSetupGraphics
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-05-10 10:44:45 +02:00
Pavel Hrdina
9f51c1c7c7 graphics: generate fake ports also for tests
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-05-10 10:44:45 +02:00
Pavel Hrdina
446aebbcf6 qemu_process: separate graphics port reservation
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-05-10 10:44:45 +02:00
Roman Bogorodskiy
9dec97dd00 conf: don't redefine virDomainCapsDeviceHostdev
Commit 5ed235c6 added unnecessary redifinition of
virDomainCapsDeviceHostdev in conf/domain_capabilities.h. This breaks
build with clang 3.4:

In file included from conf/domain_capabilities.c:25:
conf/domain_capabilities.h:88:44: error: redefinition of typedef
'virDomainCapsDeviceHostdev' is a C11 feature
[-Werror,-Wtypedef-redefinition]
typedef struct _virDomainCapsDeviceHostdev virDomainCapsDeviceHostdev;
                                           ^
conf/domain_capabilities.h:86:44: note: previous definition is here
typedef struct _virDomainCapsDeviceHostdev virDomainCapsDeviceHostdev;

So drop one of those.
2016-05-10 07:12:10 +03:00
John Ferlan
9d418b20ae conf: Fix error path in virNodeDevPCICapabilityParseXML
If the call to virXPathNodeSet to set naddresses fails, Coverity notes
that the subsequent VIR_ALLOC_N cannot have a negative value (well it
probably wouldn't be negative per se).

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-09 19:33:57 -04:00
John Ferlan
4fac5a9fd3 Use virGetLastErrorMessage to avoid Coverity message
Both instances use VIR_WARN() to print the error from a failed
virDBusGetSystemBus() call.  Rather than use the virGetLastError
and need to check for valid return err pointer, just use the
virGetLastErrorMessage.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-09 19:33:56 -04:00
Cole Robinson
f0187c1f27 qemu: command: unconditionally allow accel3d='no'
This matches how we handle spice gl='no' even if spice GL isn't
supported. Not too interesting in practice but I figure we should
be consistent
2016-05-09 16:06:32 -04:00
Cole Robinson
5ed235c68f domaincaps: Report video modelType
Requires adding the plumbing for <device><video>
The value is <enum name='modelType'> to match the associated domain
XML of <video><model type='XXX'/>

Wire it up for qemu too
2016-05-09 16:05:31 -04:00
Cole Robinson
6da27ad1b5 domaincaps: Report graphics type enum
Requires adding the plumbing for <device><graphics>
Wire it up for qemu too
2016-05-09 16:05:31 -04:00
Peter Krempa
4e8b81e5c4 util: polkit: Fix polkit agent startup
Commit 0b36b0e9 broke polkit agent startup when attempting to fix a
coverity warning. Refactor it properly so that we don't need the 'cmd'
intermediate variable.
2016-05-09 13:54:52 +02:00
Peter Krempa
a391a9c5b1 qemu: domain: Don't treat unknown storage type as not having backing chain
qemuDomainCheckDiskPresence has short-circuit code to skip the
determination of the disk backing chain for storage formats that can't
have backing volumes. The code treats VIR_STORAGE_FILE_NONE as not
having backing chain and skips the call to qemuDomainDetermineDiskChain.

This is wrong as qemuDomainDetermineDiskChain is responsible for storage
format detection and has logic to determine the default type if format
detection is disabled.

This allows to storage passed via <disk type="volume"> to circumvent the
enforcement to have correct storage format or that we shall default to
format='raw', since we don't set the default type via the post parse
callback for "volume" backed disks as the translation code could come up
with a better guess.

This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1328003
2016-05-09 13:40:17 +02:00
Peter Krempa
bd9d707894 qemu: Reject invalid block copy targets for <disk device='lun'>
Extract the relevant parts of the existing checker and reuse them for
blockcopy since copying to a non-block device creates an invalid
configuration.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1209802
2016-05-09 13:16:26 +02:00
Peter Krempa
b66664ffcc qemu: command: Remove unnecessary label in qemuCheckDiskConfig 2016-05-09 13:16:26 +02:00
Peter Krempa
1f880b5f22 conf: Kill now unused virDomainDiskSourceIsBlockType 2016-05-09 13:16:26 +02:00
Peter Krempa
c240335b88 qemu: command: Use more appropriate checking function for block devices
In qemuCheckDiskConfig would now use virDomainDiskSourceIsBlockType just
as a glorified version of virStorageSourceIsBlockLocal that reports
error messages. Replace it with the latter including the message for
clarity.
2016-05-09 13:16:26 +02:00
Peter Krempa
82ba41108a qemu: Support <disk device='lun'> for iSCSI direct mapped volumes
Commit c820fbff9f added support for iSCSI
disk as backing for <disk device='lun'>. We would not use it for a disk
type="volume" with direct access mode which basically maps to direct
iSCSI usage. Fix it by adding the storage source type accessor that
resolves the volume type.
2016-05-09 13:16:26 +02:00
Peter Krempa
5e9d56f83f lxc: Fix wrong error message on disk hotplug
Commit 36025c552 tried to improve error reporting for <disk type="lun">
but reused the code in LXC which doesn't care about the actual disk
type. The error messages would then contain a bogous hint that the
config for the 'lun' device is invalid which might not be the case.

Re-do the relevant portion of the commit with the original message.
2016-05-09 12:44:52 +02:00
Peter Krempa
3ec7bb354a util: Replace virDomainDiskSourceIsBlockType with a new helper
For disks sources described by a libvirt volume we don't need to do a
complicated check since virStorageTranslateDiskSourcePool already
correctly determines the actual disk type.

Replace the checks using a new accessor that does not open-code the
whole logic.
2016-05-09 12:36:52 +02:00
Michal Privoznik
e85d3e1bbe qemu_monitor_json: Follow refactor
In 7884d089d2 I've started to refactor qemu_monitor_json.c.
Thing is, it's current structure is nothing like the rest of our
code. The @ret variable is rewritten all the time, if()-s are
nested instead of using goto and so on.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-05-09 09:55:18 +02:00
Pavel Hrdina
3d3d1dfa31 domain_conf: fix migration/managedsave with usb keyboard
Commin 36785c7e refactored the code for input devices but introduced a
bug where we removed all keyboard from migratable XML.  We have to
remove only implicit keyboards like PS2 or XEN.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-05-06 15:42:38 +02:00
Pavel Hrdina
351ee40643 qemu_hotplug: cleanup error messages in qemuDomainChangeGraphics
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-05-06 15:24:35 +02:00
Pavel Hrdina
39f78671ce qemu_process: handle port allocation for VNC the same way as for Spice
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-05-06 14:54:13 +02:00
Pavel Hrdina
df73f1db82 qemu_process: move listen code out of qemuProcessSetupGraphics
Move adding the config listen type=address if there is none in
qemuProcessPrepareDomain and move check for multiple listens to
qemuProcessStartValidate.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-05-06 14:52:40 +02:00
Pavel Hrdina
76ee92562e graphics: use enums instead of int
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-05-06 14:33:48 +02:00
Michal Privoznik
fb377701f2 virCgroupValidateMachineGroup: Reflect change in CGroup struct naming
Fron c3bd0019c0 on instead of creating the following path for
cgroups:

  /sys/fs/cgroupX/$name.libvirt-$driver

we generate rather more verbose one:

  /sys/fs/cgroupX/$driver-$id-$name.libvirt-$driver

where $name is optional and included iff contains allowed chars.
See original commit for more reasoning. Now, problem with the
original commit is that we are unable to start any LXC domain
after it. Because when starting LXC container, the CGroup layout
is created by our lxc_controller process and then detected and
validated by libvirtd. The validation is done by trying to match
detected layout against all the possible patterns for cgroup
paths that we've ever had. And the commit in question forgot to
update this part of the code.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-05-06 12:51:06 +02:00
Jiri Denemark
3af432199d qemu: Export caps cache APIs for tests
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-05-06 10:27:32 +02:00
Jiri Denemark
dccb2629c3 qemu: Separate formatting from saving into caps cache
We will need to use the formatter directly for testing QEMU capabilities
code.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-05-06 10:27:28 +02:00
John Ferlan
bead05ea4d qemu: Introduce qemuDomainSecretIV
Add the data structure and infrastructure to support an initialization
vector (IV) secrets. The IV secret generation will need to have access
to the domain private master key, so let's make sure the prepare disk
and hostdev functions can accept that now.

Anywhere that needs to make a decision over which secret type to use
in order to fill in or use the IV secret has a switch added.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-05 14:47:51 -04:00
John Ferlan
2ba52ce095 qemu: Separate network URI command building code
Create helper API's in order to build the network URI as shortly we will
be adding a new SecretInfo type

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-05 14:47:51 -04:00
John Ferlan
8ac3b74ad2 qemu: Move qemuDomainSecretDestroy to qemuProcessLaunch
Rather than need to call qemuDomainSecretDestroy after any call to
qemuProcessLaunch, let's do the destroy in qemuProcessLaunch since
that's where command line is eventually generated and processed. Once
it's generated, we can clear out the secrets.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-05 14:47:51 -04:00
John Ferlan
3619be4971 qemu: Move qemuDomainSecretPrepare to qemuProcessPrepareDomain
Commit id '40d8e2ba3' added the function to qemuProcessStart because
in order to set up some secrets in the future we will need the master
key. However, since the previous patch split the master key creation
into two parts (create just the key and create the file), we can now
call qemuDomainSecretPrepare from qemuProcessPrepareDomain since the
file is not necessary.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-05 14:47:50 -04:00
John Ferlan
608dfc6af0 qemu: Split out the master key create and write
A recent review of related changes noted that we should split the creation
(or generation) of the master key into the qemuProcessPrepareDomain and leave
the writing of the master key for qemuProcessPrepareHost.

Made the adjustment and modified some comments to functions that have
changed calling parameters, but didn't change the intro doc.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-05 14:47:50 -04:00
John Ferlan
70ae856e34 qemu: Adjust names of qemuDomainSecretInfoType enums
From a review after push, add the "_TYPE" into the name.

Also use qemuDomainSecretInfoType in the struct rather than int
with the comment field containing the struct name

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-05 14:47:50 -04:00
Cole Robinson
b6238738ea rpc: use virNetMessageClearPayload in client
This removes the opencoded payload freeing in the client, to use
the shared virNetMessageClearPayload call. Two changes:

- ClearPayload sets nfds=0, which fixes a potential crash if
  an error path called virNetMessageFree/Clear on the message
  after fds was free'd
- We drop the inner loop VIR_FORCE_CLOSE... this may mean fds are
  kept open a little bit longer if the call is blocking but in
  practice I don't think it will have any effect
2016-05-05 14:28:19 -04:00
Cole Robinson
64bd680d42 rpc: Clear more in virNetMessageClearPayload
Set all counters to 0. This doesn't impact current users, but
future users will want this
2016-05-05 14:28:19 -04:00
Cole Robinson
220c4e85b3 rpc: Add virNetMessageClearPayload
Handles freeing the buffer and fds, but not the message details.
Use it to drop some duplicate code.
2016-05-05 14:28:19 -04:00
Michal Privoznik
b17e610e1f virNetServerClientNewPostExecRestart: Avoid align problems
I've noticed this while trying to compile libvirt on my arm box.

  CC       rpc/libvirt_net_rpc_server_la-virnetserverclient.lo
rpc/virnetserverclient.c: In function 'virNetServerClientNewPostExecRestart':
rpc/virnetserverclient.c:516:45: error: cast increases required alignment of target type [-Werror=cast-align]
                                             (long long *) &timestamp) < 0) {
                                             ^
cc1: all warnings being treated as errors

Problem is, @timestap is defined as time_t which is 32 bits long,
and we are typecasting it to long long which is 64bits long.
Solution is to make @timestamp type of long long. At the same
time, we can make @conn_time in _virNetServerClient struct long
long too. There is no need for it to be type of time_t.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-05-05 13:48:56 +02:00
Michal Privoznik
2a3a2c2f5b virNetServerClientNewPostExecRestart: Drop useless typecasts
In this function, @id is defined as unsigned long long. When
passing this variable to virJSONValueObjectGetNumberUlong(),
well address of this variable, it's typecasted to ull*. There
is no need for that. It's a same story with @nrequests_max.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-05-05 13:48:53 +02:00
Jiri Denemark
7197e5fd3f virjson: Make pretty format more compact
json_reformat uses two spaces for when indenting nested objects, let's
do the same. The result of virJSONValueToString will be exactly the same
as json_reformat would produce.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-05-05 10:01:55 +02:00
Jiri Denemark
666d780531 qemu: Make qemuMonitorJSONIOProcessLine available for tests
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-05-05 10:01:55 +02:00
Jiri Denemark
b0b8517eeb qemu: Make virQEMUCapsNewForBinary usable from tests
virQEMUCapsNewForBinary unconditionally loads data from cache and probes
using both QMP and -help parsing, which is suboptimal when we want to
use it in tests.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-05-05 10:01:55 +02:00
Roman Bogorodskiy
9e0bb1c8b6 bhyve: implement domainShutdown
Bhyve supports ACPI shutdown by issuing SIGTERM signal to a bhyve
process.

Add the bhyveDomainShutdown() function and virBhyveProcessShutdown()
helper function that just sends SIGTERM to VM's bhyve process. If
a guest supports ACPI shutdown then process will be terminated and
this event will be noticed by the bhyve monitor code that will handle
setting proper status and clean up VM's resources by calling
virBhyveProcessStop().
2016-05-05 08:04:01 +03:00
Roman Bogorodskiy
c35c2fe78e bhyve: drop virProcessKillPainfully() from destroy
Current implementation of domainDestroy for bhyve calls
virProcessKillPainfully() for the bhyve process and then
executes "bhyvectl --destroy".

This is wrong for two reasons:

 * bhyvectl --destroy alone is sufficient because it terminates
   the process
 * virProcessKillPainfully() first sends SIGTERM and after few
   attempts sends SIGKILL. As SIGTERM triggers ACPI shutdown that
   we're not interested in, it creates an unwanted side effect in
   domainDestroy.

Also, destroy monitor only after "bhyvectl --destroy" command succeeded
to avoid a case when the command fails and domain remains running, but
not being monitored anymore.
2016-05-05 08:01:19 +03:00
Erik Skultety
ca0d45148d admin: Add a check to reject negative argument for number of typed params
Since nparams can be technically negative, it is a good practice throughout
our code to check if nparams actually has a non-negative value. The same effect
would be achieved by converting our internal typed params serializer argument
to 'unsigned' type, but it definitely would not be the path of least resistance.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-04 16:36:22 +02:00
John Ferlan
d0b5845952 qemu: Add 'iothread' to command line for supported controller
https://bugzilla.redhat.com/show_bug.cgi?id=1286709

Now that we have all the pieces in place, we can add the 'iothread=#' to
the command line for the (two) controllers that support it (virtio-scsi-pci
and virtio-scsi-ccw). Add the tests as well...
2016-05-04 09:59:14 -04:00
John Ferlan
ade5dae282 qemu: Use switch for qemuCheckIOThreads
Rather than an if statement, use a switch.

The switch will also catch the illegal usage of 'iothread' with some other
kind of unsupported bus configuration.
2016-05-04 09:59:14 -04:00
John Ferlan
e0d0e53086 conf: Add support for virtio-scsi iothreads
Add the ability to add an 'iothread' to the controller which will be how
virtio-scsi-pci and virtio-scsi-ccw iothreads have been implemented in qemu.

Describe the new functionality and add tests to parse/validate that the
new attribute can be added.
2016-05-04 09:59:14 -04:00
John Ferlan
a3aa2005f8 conf: Move virDomainControllerModelTypeToString
Move virDomainControllerModelTypeToString closer to it's counterpart
virDomainControllerModelTypeFromString.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-03 14:08:05 -04:00
John Ferlan
e2faa97672 qemu: Add capability for virtio-scsi iothreads
An iothread for virtio-scsi is a property of the controller. Add a lookup
of the 'virtio-scsi-pci' and 'virtio-scsi-ccw' device properties and parse
the output.  For both, support for the iothread was added in qemu 2.4
while support for virtio-scsi in general was added in qemu 1.4.

Modify the various mock capabilities replies (by hand) to reflect the
when virtio-scsi was supported and then specifically when the iothread
property was added. For versions prior to 1.4, use the no device error
return for virtio-scsi. For versions 1.4 to before 2.4, add some data
for virtio-scsi-pci even though it isn't complete we're not looking for
anything specific there anyway. For 2.4 to 2.6, add a more complete reply.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-03 14:08:05 -04:00
Erik Skultety
4a0e910825 admin: Introduce virAdmClientGetInfo API
Expose a public API to retrieve some identity and connection information about
a client connected to the specified server on daemon. The identity info
retrieved is mostly connection transport dependent, i.e. there won't be any
socket address returned for a local (UNIX socket) connection, while on the
other hand, when connected through TLS or unencrypted TCP, obviously no UNIX
process identification will be present in the returned data. All supported
values that can be returned in typed params are exposed and documented in
include/libvirt/libvirt-admin.h

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-03 15:52:50 +02:00
Erik Skultety
8420a53edf virnetserverclient: Add an internal method to retrieve client's identity
This method just aggregates various client object attributes, like socket
address, connection type (RO/RW), and some TCP/TLS/UNIX identity in an atomic
manner.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-03 15:52:50 +02:00
Erik Skultety
bde2cb6136 virneserverclient: Introduce virNetServerClientHasSASLSession
We do have a similar method, serving the same purpose, for TLS, but we lack
one for SASL. So introduce one, in order for other modules to be able to find
out, if a SASL session is active, or better said, that a SASL session exists
at all.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-03 15:52:50 +02:00
Erik Skultety
9b45c9f049 virnetsocket: Provide socket address format in a more standard form
Our socket address format is in a rather non-standard format and that is
because sasl library requires the IP address and service to be delimited by a
semicolon. The string form is a completely internal matter, however once the
admin interfaces to retrieve client identity information are merged, we should
return the socket address string in a common format, e.g. format defined by
URI rfc-3986, i.e. the IP address and service are delimited by a colon and
in case of an IPv6 address, square brackets are added:

Examples:
    127.0.0.1:1234
    [::1]:1234

This patch changes our default format to the one described above, while adding
separate methods to request the non-standard SASL format using semicolon as a
delimiter.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-03 15:52:50 +02:00
Erik Skultety
52a2eef948 admin: Introduce virAdmServerLookupClient
Just like with server-related APIs, before any of client-based APIs can be
called, a reference to a client-side client object needs to be obtained. For
this purpose, a lookup method should exist. Apart from the client retrieval
logic, a new error code for non-existent client had to be added as well.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-03 15:52:50 +02:00
Michal Privoznik
7884d089d2 qemu_monitor_json: Follow our coding style
In majority of our functions we have this variable @ret that is
overwritten a lot. In other areas of the code we use 'goto
cleanup;' just so that this wouldn't happen. But here.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-05-03 15:45:44 +02:00
Nikolay Shirokovskiy
3506ad7f0a util: factor out reading file into preallocated buffer
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2016-05-03 08:58:30 -04:00
Cole Robinson
600977e293 qemu: support configuring usb3 controller port count
This adds a ports= attribute to usb controller XML, like

  <controller type='usb' model='nec-xhci' ports='8'/>

This maps to:

  qemu -device nec-usb-xhci,p2=8,p3=8

Meaning, 8 ports that support both usb2 and usb3 devices. Gerd
suggested to just expose them as one knob.

https://bugzilla.redhat.com/show_bug.cgi?id=1271408
2016-05-03 08:58:30 -04:00
Cole Robinson
48e12de51e qemu: caps: introduce QEMU_CAPS_NEC_USB_XHCI_PORTS
Reports whether we support -device nec-usb-xhci,p3=XXX value,
which has been available since qemu 1.3.0
2016-05-03 08:58:30 -04:00
Cole Robinson
345d2ab488 qemu: parse: Use virControllerDefNew
Rather than reimplement it. This will be needed in upcoming patches
2016-05-03 08:58:30 -04:00
Michal Privoznik
e2ac519cd2 qemu_monitor_json: Drop redundant checks
In these functions I'm fixing here, we do call
qemuMonitorJSONCheckError() followed by another check if qemu
reply contains 'return' object. If it wouldn't, the former
CheckError() function would error out and the flow would not even
get to the latter.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-05-03 14:18:02 +02:00
Michal Privoznik
3af8186898 qemuMonitorJSONQueryRxFilter: Validate qemu reply prior parsing it
Usually, the flow in this area of the code is as follows:

qemuMonitorJSONMakeCommand()
qemuMonitorJSONCommand()
qemuMonitorJSONCheckError()
parseReply()

But in this function, for some reasons, the last two steps were
swapped. This makes no sense.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-05-03 14:18:02 +02:00
Ján Tomko
f2b157945f Remove useless os.machine NULL check
In qemuDomainDefAddDefaultDevices we check for a non-NULL
def->os.machine for x86 archs, but not the others.

Moreover, the only caller - qemuDomainDefPostParse
already checks for it and even then it can happen only
if /etc/libvirt contains an XML without a machine type.
2016-05-03 12:29:26 +02:00
Ján Tomko
53a868f152 Introduce qemuDomainMachineIsVirt
Use it everywhere except for virQEMUCapsFillDomainFeatureGICCaps.
2016-05-03 12:08:44 +02:00
Ján Tomko
204b459c1a Rewrite the condition in qemuDomainAssignARMVirtioMMIOAddresses
It was not indented correctly.
2016-05-03 12:08:09 +02:00
Ján Tomko
2d61934a21 Remove useless variable in qemuDomainAssignAddresses
We do not need to propagate the exact return values
and the only possible ones are 0 and -1 anyway.

Remove the temporary variable and use the usual pattern:

if (f() < 0)
    return -1;
2016-05-03 12:07:46 +02:00
Ján Tomko
7c6733a234 Return void in qemuDomainAssignARMVirtioMMIOAddresses
This function does not fail and it does not need to return anything.
2016-05-03 12:07:46 +02:00
Ján Tomko
ef0f90d1b8 Invert condition in qemuDomainDefAddDefaultDevices
For all the other machine types, we use a positive condition.

Be more positive and use it for i440fx too.
2016-05-03 12:07:46 +02:00
Ján Tomko
90f27f07ed Use qemuDomainMachineIs helpers when adding default devices
Do not duplicate the string comparisons by writing them twice.
2016-05-03 12:07:45 +02:00
Michal Privoznik
6ee78d334a qemu: Refresh RTC adjustment on qemuProcessReconnect
https://bugzilla.redhat.com/show_bug.cgi?id=1139766

Thing is, for some reasons you can have your domain's RTC to be
in something different than UTC. More weirdly, it's not only time
zone what you can shift it of, but an arbitrary value. So, if
domain is configured that way, libvirt will correctly put it onto
qemu cmd line and moreover track it as this offset changes during
domain's life time (e.g. because guest OS decides the best thing
to do is set new time to RTC). Anyway, they way in which this
tracking is implemented is events. But we've got a problem if
change in guest's RTC occurs and the daemon is not running. The
event is lost and we end up reporting invalid value in domain
XML. Therefore, when the daemon is starting up again and it is
reconnecting to all running domains, re-fetch their RTC so the
correct offset value can be computed.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-05-03 11:44:13 +02:00
Michal Privoznik
b1e2f2d84d qemu: Introduce qemuMonitorGetRTCTime
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-05-03 11:44:13 +02:00
Erik Skultety
ed978fa2bc admin: Introduce listing clients
Finally add public method to retrieve the list of currently connected clients
to a given server.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-03 10:04:54 +02:00
Erik Skultety
42b06aa65d rpc: virnetserverclient: Implement client connection transport retrieval
Although we document 6 types of transport that we support, internally we can
only differentiate between TCP, TLS, and UNIX transports only, since both SSH
and libssh2 transports, due to using netcat, behave in the exactly the same
way as a UNIX socket.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-03 10:04:49 +02:00
Erik Skultety
04bab54d05 rpc: virnetserver: Support retrieval of a list of clients
For now, the list copy is done simply by locking the whole server, walking the
original and increasing the refcount on each object. We may want to change
the list to a lockable object (like list of domains) later in the future if
we discover some performance issues related to locking the whole server in
order to walk the whole list of clients, possibly issuing some 'ForEach'
callback.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-02 22:26:23 +02:00
Erik Skultety
4bd430748c rpc: gendispatch: Tune it to support client structure
Now that libvirt-admin supports another client-side object and provided that
we want to generate as many both client-side and server-side RPC dispatchers,
support for this needs to be added to gendispatch.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-02 22:26:23 +02:00
Erik Skultety
324945d99b admin: Introduce virAdmClient client-side object
Besides ID, the object also stores static data like connection transport and
connection timestamp, since once obtained a list of all clients connected to a
server, from user's perspective, it would be nice to know whether a given
client is remote or local only and when did it connect to the daemon.
Along with the object introduction, all necessary client-side methods necessary
to work with the object are added as well.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-02 22:26:17 +02:00
Erik Skultety
a32135b3b1 rpc: virnetserverclient: Introduce new attribute conn_time to client
Besides ID, libvirt should provide several parameters to help the user
distinguish two clients from each other. One of them is the connection
timestamp. This patch also adds a testcase for proper JSON formatting of the
new attribute too (proper formatting of older clients that did not support
this attribute yet is included in the existing tests) - in order to
testGenerateJSON to work, a mock of time_t time(time_t *timer) needed to be
created.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-02 22:25:52 +02:00
Erik Skultety
5841d64d25 rpc: virnetserverclient: Identify clients by an integer ID
Admin API needs a way of addressing specific clients. Unlike servers, which we
are happy to address by names both because its name reflects its purpose (to
some extent) and we only have two of them (so far), naming clients doesn't make
any sense, since a) each client is an anonymous, i.e. not recognized after a
disconnect followed by a reconnect, b) we can't predict what kind of requests
it's going to send to daemon, and c) the are loads of them comming and going,
so the only viable option is to use an ID which is of a reasonably wide data
type.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-02 22:25:51 +02:00
Boris Fiuczynski
73e4e10e62 qemu: add default panic device to S390 guests
This patch adds by default a panic device with model s390 to S390 guests.

Signed-off-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
2016-05-02 17:01:40 +02:00
Boris Fiuczynski
d855465452 qemu: add panic device support for S390
If a panic device is being defined without a model in a domain
the default value is always overwritten with model ISA. An ISA
bus does not exist on S390 and therefore specifying a panic device
results in an unsupported configuration.
Since the S390 architecture inherently provides a crash detection
capability the panic device should be defined in the domain xml.

This patch adds an s390 panic device model and prevents setting a
device address on it.

Signed-off-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-05-02 17:01:40 +02:00
Boris Fiuczynski
b43ab240c2 qemu: merge S390 and S390X default device creation
Signed-off-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
2016-05-02 17:01:40 +02:00
Boris Fiuczynski
a1574e5c98 qemu: fix error message for default panic device
Adding the default bus type ISA to the message.

Signed-off-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
2016-05-02 17:01:40 +02:00
Cole Robinson
a5481546d6 fdstream: don't raise error on SIGPIPE if abort requested
The iohelper dies on SIGPIPE if the stream is closed before all data
is processed. IMO this should be an error condition for virStreamFinish
according to docs like:

  * This method is a synchronization point for all asynchronous
  * errors, so if this returns a success code the application can
  * be sure that all data has been successfully processed.

However for virStreamAbort, not so much:

  * Request that the in progress data transfer be cancelled
  * abnormally before the end of the stream has been reached.
  * For output streams this can be used to inform the driver
  * that the stream is being terminated early. For input
  * streams this can be used to inform the driver that it
  * should stop sending data.

Without this, virStreamAbort will realistically always error for
active streams like domain console. So, treat the SIGPIPE case
as non-fatal if abort is requested.

Note, this will only affect an explicit user requested abort. An
abnormal abort, like from a server error, always raises an error
in the daemon.
2016-05-02 10:13:05 -04:00
Cole Robinson
8958dde506 rpc: protocol: Clarify VIR_NET_ERROR usage with streams
The described protocol semantics really only apply to server initiated
stream messages. Document the semantics for client messages.
2016-05-02 10:13:04 -04:00
Cole Robinson
c48db92fbd fdstream: Raise explicit error when iohelper gets SIGPIPE
This happens when virStreamFinish/Abort are called, but iohelper
still has data to process.
2016-05-02 10:13:04 -04:00
Cole Robinson
6b173cf562 fdstream: Report error with virProcessTranslateStatus
Rather than poorly duplicate it
2016-05-02 10:13:04 -04:00
Cole Robinson
c0e870376c fdstream: separate out virCommandPtr cleanup
Let's us de-nest some of the logic, and will simplify upcoming
patches
2016-05-02 10:12:58 -04:00
Cole Robinson
441e881e9a nwfilter: Save config to disk if we generated a UUID
libvirt-daemon-config-nwfilter will put a bunch of xml configs
into /etc/libvirt/nwfilter. These configs don't hardcode a UUID
and depends on libvirt to generate one. However the generated UUID
is never saved to disk, unless the user manually calls Define.

This makes daemon reload quite noisy with many errors like:

error : virNWFilterObjAssignDef:3101 : operation failed: filter 'allow-incoming-ipv4' already exists with uuid 50def3b5-48d6-46a3-b005-cc22df4e5c5c

Because a new UUID is generated every time the config is read from
disk, so libvirt constantly thinks it's finding a new nwfilter.

Detect if we generated a UUID when the config file is loaded; if so,
resave the new contents to disk to ensure the UUID is persisteny.

This is similar to what was done in commit a47ae7c0 with virtual
networks and generated MAC addresses
2016-05-02 10:06:04 -04:00
Cole Robinson
0feb1c6c24 nwfilter: Push configFile building into LoadConfig
This matches the pattern used for network object APIs, and we want
configDir in LoadConfig for upcoming patches
2016-05-02 10:06:04 -04:00
Cole Robinson
ab05abdbc3 nwfilter: Fix potential locking problems on ObjLoad failure
In virNWFilterObjLoad we can still fail after virNWFilterObjAssignDef,
but we don't unlock and free the created virNWFilterObjPtr in the
cleanup path.

The bit we are trying to do after AssignDef is just STRDUP in the
configFile path. However caching the configFile in the NWFilterObj
is largely redundant and doesn't follow the same pattern we use
for domain and network objects.

So just remove all the configFile caching which fixes the latent
bug as a side effect.
2016-05-02 10:06:04 -04:00
Cole Robinson
26af7e4e93 network: Fix segfault on daemon reload
We will segfault of a daemon reload picks up a new network config
that needs to be autostarted. We shouldn't be passing NULL for
network_driver here. This seems like it was missed in the larger
rework in commit 1009a61e
2016-05-02 10:06:04 -04:00
Shivaprasad G Bhat
192a53e07c send default USB controller in xml to destination during migration
The default USB controller is not sent to destination as the older versions
of libvirt(0.9.4 or earlier as I see in commit log of 409b5f54) didn't
support them. For some archs where the support started much later can
safely send the USB controllers without this worry. So, send the controller
to destination for all archs except x86. Moreover this is not very applicable
to x86 as the USB controller has model ich9_ehci1 on q35 and for pc-i440fx,
there cant be any slots before USB as it is fixed on slot 1.

The patch fixes a bug that, if the USB controller happens to occupy
a slot after disks/interfaces and one of them is hot-unplugged, then
the default USB controller added on destination takes the smallest slot
number and that would lead to savestate mismatch and migration
failure. Seen and verified on PPC64.

Signed-off-by: Shivaprasad G Bhat <sbhat@linux.vnet.ibm.com>
2016-05-02 10:06:04 -04:00
Cole Robinson
601531d6ea conf: format runtime DAC seclabel, unless MIGRATABLE
We historically format runtime seclabel selinux/apparmor values,
however we skip formatting runtime DAC values. This was added in

commit 990e46c454
Author: Marcelo Cerri <mhcerri@linux.vnet.ibm.com>
Date:   Fri Aug 31 13:40:41 2012 +0200

    conf: Avoid formatting auto-generated DAC labels

to maintain migration compatibility with libvirt < 0.10.0.

However the formatting was skipped unconditionally. Instead only
skip formatting in the VIR_DOMAIN_DEF_FORMAT_MIGRATABLE case.

https://bugzilla.redhat.com/show_bug.cgi?id=1215833
2016-05-02 10:06:04 -04:00
Cole Robinson
20b52668dd conf: storage: pool: reject name containing '/'
Trying to define a pool name containing an embedded '/'
will immediately fail when trying to write the XML to disk.
This patch explicitly rejects names containing a '/'

Besides our stateful driver, there are two other storage impls:
esx and phyp. esx doesn't support pool creation, so this should
doesn't apply.

phyp does support pool creation, and the name is passed to the
'mksp' tool, which google doesn't reveal whether it accepts '/'
or not. IMO the likeliness of this impacting any users is near zero
2016-05-02 10:06:04 -04:00