Commit Graph

24119 Commits

Author SHA1 Message Date
Peter Krempa
29a7c2e5d8 rpc: ssh: Use virStrToLong_i instead of virParseNumber
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 16:51:02 +02:00
Peter Krempa
5857a63519 vmx: Refactor number parsing in virVMXParseConfig
Parsing of the cpu affinity list was using virParseNumber. Modernize it
to get rid of the virParseNumber call.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 16:51:02 +02:00
Peter Krempa
c0dae62e02 vmx: Remove unused variable in virVMXParseConfig
'cpumasklen' is only written to since ee7d23ba4b.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 16:51:02 +02:00
Peter Krempa
1bb063f69c util: Remove virPipeReadUntilEOF
Unused since 3c269b51a6

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 16:51:02 +02:00
Michal Privoznik
6864d8f740 qemuBuildMemoryBackendProps: Get pagesize early
https://bugzilla.redhat.com/show_bug.cgi?id=1693066

Up until memfd introduction (in 24b74d187c) we did not need to
know @pagesize because qemuGetDomainHupageMemPath() could deal
with it being zero (value of zero means use the default hugetlbfs
mount). But since for memfd we are not passing a path to
hugetlbfs mount rather the page size value we need to know its
value upfront.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 16:37:19 +02:00
Michal Privoznik
465df4771a virfile: Introduce and use virFileGetDefaultHugepage
This helper returns the default hugetlbfs mount point from given
array of mount points.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 16:37:19 +02:00
Ján Tomko
8753865c76 virjson: drop compatibility macros
Since commit 66460e3 dropped support for YAJL 1, we no longer need
these.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
2019-04-03 15:19:02 +02:00
Ján Tomko
650e62e034 rbd: fix build with LIBRBD_VERSION_CODE <= 265
Add ATTRIBUTE_UNUSED to the volStorageBackendRBDGetFlags stub.

Fixes: 21deeaf02f

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 13:36:44 +02:00
Ján Tomko
f01a34f04c virJSONValueToString: bail out early on error
Now that we do not need to cater to YAJL 1, move the check for the
return value of yajl_gen_alloc earlier, so that we can assume it
was successful in later code.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-04-03 13:30:47 +02:00
Ján Tomko
66460e32e6 json: assume WITH_YAJL2
Now that we require YAJL2, drop the code dealing with YAJL 1.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-04-03 13:30:47 +02:00
Nikolay Shirokovskiy
cae45f2cdd qemu: fix domain unlock/unref in qemuMigrationSrcPerform
qemuMigrationSrcPerform callers expect it to call virDomainObjEndAPI
in any case so on error paths we miss the virDomainObjEndAPI call.
To fix this let's make qemuMigrationSrcPerform callers responsible
for the virDomainObjEndAPI call.

ACKed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2019-04-03 13:46:26 +03:00
Daniel P. Berrangé
c1ac1e4637 security: avoid use of dirent d_type field
The d_type field cannot be assumed to be filled. Some filesystems, such
as older XFS, will simply report DT_UNKNOWN.

Even if the d_type is filled in, the use of it in the SELinux functions
is dubious. If labelling all files in a directory there's no reason to
skip things which are not regular files. We merely need to skip "." and
"..", which is done by virDirRead() already.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-04-03 11:31:38 +01:00
Daniel P. Berrangé
ebe9c6eab7 qemu: don't rely on the non-portable d_type field in dirent
d_type is a non-portable extension to the struct dirent and even if it
exists, its value may be DT_UNKNOWN if the filesystem doesn't support
it. This is common with older versions of XFS which have ftype=0
feature.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-04-03 11:31:38 +01:00
Peter Krempa
ac21141ce4 qemu: monitor: Avoid unnecessary copies of command string
Use virJSONValueToBuffer so that we can append the command terminator
string without copying of the string again. Also avoid a 'strlen' as we
can query the buffer use size.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@laine.org>
2019-04-03 11:58:10 +02:00
Peter Krempa
d8306dce0f qemu: monitor: Remove few debug statements
The internal qemu machinery already logs the sent message via the PROBE
point in qemuMonitorSend and the monitor receive function. Those are way
better as they are easy grepable. Remove the additional ones from the
monitor code which just duplicate the sent data.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@laine.org>
2019-04-03 11:58:10 +02:00
Peter Krempa
a2a04524be util: json: Export virJSONValueToBuffer
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@laine.org>
2019-04-03 11:58:10 +02:00
Peter Krempa
cfe6cecdca util: json: Don't bother logging output string in virJSONValueToString
We have tests that validate the XML formatter. Additionally almost every
guide tells users to disable JSON logging. Drop logging of output string
in virJSONValueToString.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@laine.org>
2019-04-03 11:58:10 +02:00
Peter Krempa
6a604f759d util: json: Use virBuffer in JSON->string conversion
The last step of the conversion involves copying of the generated JSON
into a separate string. We can use a virBuffer to do this as this will
also allow to subsequently use the buffer when we actually need to do
some other formatting of the string.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@laine.org>
2019-04-03 11:58:10 +02:00
Peter Krempa
29ad523018 util: buffer: Use 'size_t' for buffer size variables
Use size_t for all sizes. The '*' modifier unfortunately does require an
int so a temporary variable is necessary in the tests.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@laine.org>
2019-04-03 11:58:10 +02:00
Peter Krempa
14f7030f95 util: buffer: Remove struct member munging
This was meant to stop abusing the members directly, but we don't do
this for other internal structs. Additionally this did not stop the
test from touching the members. Remove the header obscurization.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@laine.org>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:10 +02:00
Peter Krempa
fb59497484 Use VIR_AUTODISPOSE_STR instead of VIR_DISPOSE_STRING where possible
Refactor code paths which clear strings on cleanup paths to use the
automatic helper.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:10 +02:00
Peter Krempa
a9b3afabcd util: alloc: Add automatic cleanup/disposal of strings
VIR_AUTODISPOSE_STR is similar to VIR_AUTOFREE(char *) but uses
virDispose for clearing of the stored string.

This patch also refactors VIR_DISPOSE to use the new helper which is
used for the new macro.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:10 +02:00
Peter Krempa
c358adc571 qemu: capabilities: Always assume disk snapshot caps
'blockdev-snapshot-sync' is present in QEMU since v0.14.0-rc0 and
'transaction' since v1.1.0 (52e7c241ac766406f05fa)

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:10 +02:00
Peter Krempa
72e88ca0a2 qemu: capabilities: Always assume QEMU_CAPS_DRIVE_MIRROR
qemu added the 'drive-mirror' command in v1.3.0 (d9b902db3fb71fdc)

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:10 +02:00
Peter Krempa
852afb2dc4 qemu: capabilities: Always assume QEMU_CAPS_BLOCK_COMMIT
qemu added the 'block-commit' command in v1.3.0 (ed61fc10e8c8d2)

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:10 +02:00
Peter Krempa
f1a0d2277c qemu: domain: drop qemuDomainSupportsBlockJobs
It always returns true.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:10 +02:00
Peter Krempa
d5654a7537 qemu: capabilities: Always assume QEMU_CAPS_BLOCKJOB_ASYNC
This was detected by the presence of 'block-stream' which is present in
qemu since v1.1 (db58f9c0605fa151b8c4)

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
22b83a54f5 conf: Add 'index' attribute for <disk><mirror><source>
Similarly to the disk source we need to keep the disk index (which is in
the qemu driver used for identification of the source for block jobs)
for the <mirror> element so that when it's replaced as a disk source
after pivoting all the allocated data is present.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
4e797f1af9 conf: Parse and format 'backingStore' for disk <mirror>
When the block copy operation is started with a reused external file in
incremental mode libvirt will need to open and insert the backing chain
for that file into qemu (in -blockdev mode). This means that we'll need
to track the backing chain and metadata such as node names for the full
chain of <mirror>.

This patch invokes the full backing chain formatter and parser for
<mirror> so that the chain can be kept with <mirror>.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
944d09fa3e conf: Refactor virDomainDiskDefMirrorParse
Use virDomainStorageSourceParseBase and other tricks.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
54b36c03a0 conf: Pass 'flags' to virDomainDiskSourceFormat in virDomainDiskDefFormatMirror
We have the proper flags available so we can pass them to the fomatter.
The added bonus is that private data may be formatted into the status
XML.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
86855f761f conf: use virXMLFormatElement in virDomainDiskDefFormatMirror
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
670053326b qemu: Parse NBD storage source private data by virDomainStorageSourceParse
Drop the local call in favor of passing in xmlopt.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
79e3b15ce6 qemu: Use virDomainStorageSourceParseBase in qemuDomainObjPrivateXMLParseJobNBDSource
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
ef5ed42655 qemu: Remove cleanup in qemuDomainObjPrivateXMLParseJobNBDSource
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
e1899a2490 qemu: Use VIR_AUTOFREE in qemuDomainObjPrivateXMLParseJobNBDSource
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
08c4a54ec0 conf: Modify arguments passed to virDomainDiskBackingStoreFormat
Pass in 'src' rather than the backing store of it.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
d588981913 conf: Document virDomainStorageSourceParse
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
868be7ce58 conf: Use virDomainStorageSourceParseBase in virDomainDiskBackingStoreParse
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
18bc52bce0 conf: introduce virDomainStorageSourceParseBase
The helper converts the 'type', 'format' and index values to enum
values/numbers and does validation.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
dfaf170df5 conf: Replace virDomainDiskSourceParse by virDomainStorageSourceParse
virDomainDiskSourceParse was now just a thin wrapper without any extra
value. Replace all usage of it by the function it calls and remove the
function.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
54fc720d8e conf: Document virDomainDiskSourceFormat
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
218c81ead0 conf: Merge virDomainStorageSourceFormat into virDomainDiskSourceFormat
There was only one caller, remove the unnecessary wrapper.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
0f13b78b20 conf: Use virXMLFormatElement in virDomainDiskBackingStoreFormat
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
945eab4060 conf: Avoid temporary variable in virDomainDiskBackingStoreFormat
Modify the check that the format is in range to be standalone and use
the convertor function directly.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
eaef9b1f67 conf: Simplify control flow in virDomainDiskSourceFormat
Now that the cleanup is handled automatically it can be removed.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
4bc429868e conf: Unexport virDomainStorageSourceFormat
It's not used outside of src/conf/domain_conf.c

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
0c10edadde qemu: domain: Modify <migrationSource> to look like <disk>
When adding <migrationSource> I've used a slightly unusual approach. To
allow using the disk source XML parser and formatter convert
<migrationSource> to look like <disk>. This means that <source> will be
added as a subelement of <migrationSource> rather than being formatted
inline.

Conversion from the old format in the parser is very simple as it
involves only moving the XPath context current node slightly if the new
format is found.

The status XML to XML test shows that the upgrade is done correctly.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
a9621831a3 conf: Export virDomainDiskSourceFormat
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
5f6f803ca1 conf: Merge virDomainDiskSourceFormatInternal into virDomainDiskSourceFormat
Remove the wrapper and fix callers.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
6bee0262c7 conf: Remove @seclabels from virDomainStorageSourceFormat
All callers including transitive callers through
virDomainDiskSourceFormatInternal always pass true. Remove the argument.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
da9f3cd84b conf: Format seclabels for <backingStore>
We parse the seclabels and use them internally so omitting them when
formatting would be misleading. Additionally our schema actually allows
them.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
e8e51b634f qemu: domain: Forbid copy_on_read option also for floppies
Using copy_on_read for removable disks is a hassle. It also does not
work for CDROMs at all as the image is supposed to be read-only and we
might ignore it for floppies when they are started as empty. Forbid it
for floppies completely rather than trying to support what probably
nobody is using.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
b3736febca qemu: hotplug: Disallow media change while blockjob is active
Until the block job completes we can't change the disk chain. Removal
would fail as the block job still has reference to the chain.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
0beac488e0 qemu: hotplug: Use VIR_AUTOUNREF for virQEMUDriverConfigPtr
Unref the config pointer automatically in code paths which get a local
copy.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
24fce6637c qemu: hotplug: Remove unused copies of virQEMUDriverConfigPtr
qemuDomainChangeGraphicsPasswords and qemuDomainRemoveHostDevice
don't use 'cfg' any more since commits 4327df7eee and 802c59d4b9
respectively.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
63ff670f40 qemu: domain: Use VIR_AUTOFREE in qemuDomainObjPrivateXMLParseBlockjobs
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
8f956ee71a qemu: Remove cleanup section of virQEMUCapsInitQMPMonitorTCG
There's nothing to clean up.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
e125000a88 qemu: Remove ATTRIBUTE_UNUSED from 'qemuCaps' of virQEMUCapsInitQMPMonitorTCG
It's actually used.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
de6049ccf4 qemu: caps: Remove pointless debug message in virQEMUCapsInitQMPMonitor
Failure of qemuMonitorGetVersion is fatal now that we only support QMP
based qemus. Remove the debug message since we report an error already.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
c5c8618463 qemu: caps: Remove cleanup section in virQEMUCapsInitQMPMonitor
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
78ad4c559e qemu: caps: Don't leak package name string in virQEMUCapsInitQMPMonitor
If the detected qemu version is below our required version 'package'
would be leaked.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
f7550ecce8 qemu: Decide whether to query schema in virQEMUCapsProbeQMPSchemaCapabilities
Move the check out of virQEMUCapsInitQMPMonitor similarly to other
functions.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
43a8527762 qemu: Move SEV capability handling into virQEMUCapsProbeQMPSEVCapabilities
Move the code out of virQEMUCapsInitQMPMonitor similarly to other
functions.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
c31b9159e6 qemu: Decide whether check GIC caps in virQEMUCapsProbeQMPGICCapabilities
Move the check out of virQEMUCapsInitQMPMonitor similarly to other
functions.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
26dbc2e72a qemu: caps: Aggregate all caps post-processing into a function
Some caps are cleared according to some more advanced logic after
detection. Split all that logic out into virQEMUCapsInitProcessCaps.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-04-03 11:58:09 +02:00
Peter Krempa
87b906811b qemu: caps: Separate capabilities based on qemu version
virQEMUCapsInitQMPMonitor is massive now since it collects calls to the
various probing functions and also version based capabilities. Split
out the version based caps into a separate function.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-04-03 11:58:09 +02:00
Ján Tomko
e5794c542b qemuDomainDiskChangeSupported: use CHECK_STREQ_NULLABLE more
Convert the other string comparisons to use the macro.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laine Stump <laine@laine.org>
2019-04-03 09:52:54 +02:00
intrigeri
80e83d63dc apparmor: support more QEMU architectures
Add hppa, nios2, or1k, riscv32 and riscv64 to the profile.

Fixes: https://bugs.debian.org/914940

Signed-off-by: intrigeri <intrigeri@boum.org>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2019-04-01 12:32:55 +02:00
Ján Tomko
4fbc8ddcd0 qemu: error out on attempt to change blkiotune group name
Check that the attribute is the same in qemuDomainDiskChangeSupported
in case somebody tries to change it using the UpdateDevice API.

https://bugzilla.redhat.com/show_bug.cgi?id=1601677

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laine Stump <laine@laine.org>
2019-03-29 12:54:41 +01:00
Ján Tomko
8535a298a2 qemu: introduce CHECK_STREQ_NULLABLE in qemuDomainDiskChangeSupported
A macro for comparing string fields of the disk.

https://bugzilla.redhat.com/show_bug.cgi?id=1601677

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laine Stump <laine@laine.org>
2019-03-29 12:54:41 +01:00
Ján Tomko
21a9cb986c Revert "qemu: emit error when trying to update blkiotune group_name in qemuDomainChangeDiskLive"
https://bugzilla.redhat.com/show_bug.cgi?id=1601677

This reverts commit 047cfb05ee
Using numeric comparison on strings means we reject every update
that does include the group name, even if it's unchanged.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laine Stump <laine@laine.org>
2019-03-29 12:54:41 +01:00
Eric Blake
83b1808ca2 snapshot: Improve logic of virDomainMomentMoveChildren
Even though Coverity can prove that 'last' is always set if the prior
loop executed, gcc 8.0.1 cannot:

  CC       conf/libvirt_conf_la-virdomainmomentobjlist.lo
../../src/conf/virdomainmomentobjlist.c: In function 'virDomainMomentMoveChildren':
../../src/conf/virdomainmomentobjlist.c:178:19: error: 'last' may be used uninitialized in this function [-Werror=maybe-uninitialized]
         last->sibling = to->first_child;
         ~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~

Rewrite the loop to a form that should be easier for static analysis
to work with.

Fixes: ced0898f86
Reported-by: Bjoern Walk <bwalk@linux.ibm.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-28 10:38:11 -05:00
Laine Stump
3f7cba3f5e util: suppress unimportant ovs-vsctl errors when getting interface stats
commit edaf13565 modified the stats retrieval for OVS interfaces to
not fail when one of the fields was unrecognized by the ovs-vsctl
command, but ovs-vsctl was still returning an error, and libvirt was
cluttering the logs with these inconsequential error messages.

This patch modifies the GET_STAT macro to add "--if-exists" to the
ovs-vsctl command, which causes it to return an empty string (and exit
with success) if the requested statistic isn't in its database, thus
eliminating the ugly error messages from the log.

Resolves: https://bugzilla.redhat.com/1683175

Signed-off-by: Laine Stump <laine@laine.org>
2019-03-28 11:19:03 -04:00
Peter Krempa
54eb3e096b qemu: address: Stop reporting warning when USB address can't be released
The warning is reported at a code path which already reports a proper
error so it's pointless to add yet another line into logs.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2019-03-28 13:40:01 +01:00
Peter Krempa
3c0b1cfdf6 qemu: Always use 'alias' in warning message when removing USB address
Avoid the extra parameter passing in the disk 'dst' parameter to be
reported instead of the device alias. Using 'dst' instead of alias does
not add much value.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2019-03-28 13:38:57 +01:00
Peter Krempa
dbd15d6c45 qemu: hotplug: Don't release USB address twice when removing disk
qemuDomainRemoveDiskDevice calls qemuDomainReleaseDeviceAddress which
already calls virDomainUSBAddressRelease so we don't need to call it
again.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2019-03-28 13:33:50 +01:00
Michal Privoznik
087a74e160 qemu_capabilities; Drop virQEMUCapsSetVAList
There is one specific caller (testInfoSetArgs() in
qemuxml2argvtest.c) which expect the va_list argument to change
after returning from the virQEMUCapsSetVAList() function.
However, since we are passing plain va_list this is not
guaranteed. The man page of stdarg(3) says:

  If ap is passed to a function that uses va_arg(ap,type), then
  the value of ap is undefined after the return of that function.

(ap is a variable of type va_list)

I've seen this in action in fact: on i686 the qemuxml2argvtest
fails on the second test case because testInfoSetArgs() sees
ARG_QEMU_CAPS and calls virQEMUCapsSetVAList to process the
capabilities (in this case there's just one
QEMU_CAPS_SECCOMP_BLACKLIST). But since the changes are not
reflected in the caller, in the next iteration testInfoSetArgs()
sees the QEMU capability and not ARG_END.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-28 09:54:23 +01:00
Eric Blake
a6d822cee3 Revert "snapshot: Allow NULL to virDomainSnapshotObjGetDef"
This reverts commit 6b90a84738.

It turns out gcc -O2 is not happy with it, complaining:

/home/pipo/libvirt/src/qemu/qemu_driver.c: In function 'qemuDomainSnapshotCreateXML':
/home/pipo/libvirt/src/qemu/qemu_driver.c:15389:26: error: potential null pointer dereference [-Werror=null-dereference]
     bool memory = snapdef->memory == VIR_DOMAIN_SNAPSHOT_LOCATION_EXTERNAL;
                   ~~~~~~~^~~~~~~~
/home/pipo/libvirt/src/qemu/qemu_driver.c:15389:26: error: potential null pointer dereference [-Werror=null-dereference]
In file included from /home/pipo/libvirt/src/util/virbuffer.h:27,
                 from /home/pipo/libvirt/src/conf/capabilities.h:27,
                 from /home/pipo/libvirt/src/conf/domain_conf.h:32,
                 from /home/pipo/libvirt/src/qemu/qemu_agent.h:26,
                 from /home/pipo/libvirt/src/qemu/qemu_driver.c:40:
/home/pipo/libvirt/src/util/viralloc.h:125:34: error: potential null pointer dereference [-Werror=null-dereference]
 # define VIR_ALLOC_N(ptr, count) virAllocN(&(ptr), sizeof(*(ptr)), (count), true, \
                                  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                                            VIR_FROM_THIS, __FILE__, __FUNCTION__, __LINE__)
                                            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/home/pipo/libvirt/src/qemu/qemu_driver.c:15103:9: note: in expansion of macro 'VIR_ALLOC_N'
     if (VIR_ALLOC_N(ret, snapdef->ndisks) < 0)
         ^~~~~~~~~~~
/home/pipo/libvirt/src/qemu/qemu_driver.c:15798:45: error: null pointer dereference [-Werror=null-dereference]
             virDomainSnapshotObjGetDef(snap)->memory == VIR_DOMAIN_SNAPSHOT_LOCATION_EXTERNAL) {
             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~

As the patch simplified one or two callers at the risk of making
many other callers now candidates to trigger aggressive compiler
warnings, it isn't worth it.

Signed-off-by: Eric Blake <eblake@redhat.com>
2019-03-27 09:21:45 -05:00
Eric Blake
a487890d37 snapshot: Refactor qemu to utilize virDomainMoment more
Use the common base class virDomainMoment for iterator callbacks
related to snapshots from the qemu code, so that when checkpoint
operations are introduced, they can share the same callbacks.

Simplify the code for qemuDomainSnapshotCurrent by better utilizing
virDomainMoment helpers.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-27 08:16:10 -05:00
Eric Blake
6b90a84738 snapshot: Allow NULL to virDomainSnapshotObjGetDef
Doing so can simplify some callers.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-27 08:14:42 -05:00
Eric Blake
3d7c683a27 snapshot: Drop pointless function virDomainMomentIsCurrentName
The qemu driver already had a full-blown virDomainMomentObjPtr to
check against, and the test driver ought to have one since we get
better error checking that the user passed in a valid object. Removes
the need for a helper function added in commit commit 4819f54b.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-27 08:13:24 -05:00
Jiri Denemark
d3ea986af2 qemu: Add support for parallel migration
The VIR_MIGRATE_PARALLEL flag is implemented using QEMU's multifd
migration capability and the corresponding multifd-channels migration
parameter.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-27 09:37:55 +01:00
Eric Blake
421861824c backup: Introduce virDomainCheckpointPtr
Prepare for introducing a bunch of new public APIs related to
backup checkpoints by first introducing a new internal type
and errors associated with that type.  Checkpoints are modeled
heavily after virDomainSnapshotPtr (both represent a point in
time of the guest), although a snapshot exists with the intent
of rolling back to that state, while a checkpoint exists to
make it possible to create an incremental backup at a later
time.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-26 15:40:57 -05:00
Eric Blake
1c6b6c0ba1 snapshot: Various doc tweaks
Since I was copying this text to form checkpoint XML and API
documentation, I might as well make improvements along the way. Most
of these changes are based on reviews of the checkpoint docs.

Among other things: grammar tweaks, point to a single source of
documentation rather than repeating verbosity, reword things for
easier legibility.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-26 15:33:07 -05:00
Eric Blake
0b4fac6afd Revert "snapshot: Add virDomainSnapshotObjListFormat"
This reverts commit 86c0ed6f70, and
subsequent refactorings of the function into new files.  There are no
callers of this function - I had originally proposed it for
implementing a new bulk snapshot API, but that proved to be too
invasive given RPC limits. I also tried using it for streamlining how
the qemu driver stores snapshot state across libvirtd restarts
internally, but in the end, the risks of a new internal format
outweighed the benefits of one file per snapshot.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-26 15:07:47 -05:00
Eric Blake
57d252c740 Revert "snapshot: Add virDomainSnapshotObjListParse"
This reverts commit 1b57269cbc, and
subsequent refactorings of the function into new files.  There are no
callers of this function - I had originally proposed it for
implementing a new bulk snapshot API, but that proved to be too
invasive given RPC limits. I also tried using it for streamlining how
the qemu driver stores snapshot state across libvirtd restarts
internally, but in the end, the risks of a new internal format
outweighed the benefits of one file per snapshot.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-26 15:07:02 -05:00
Laine Stump
34086fc59e qemu_hotplug: don't shutdown net device until the guest has released it
For [some unknown reason, possibly/probably pure chance], Net devices
have been taken offline and their bandwidth tc rules cleared as the
very first operation when detaching the device. This is contrary to
every other type of device, where all hostside teardown is delayed
until we receive the DEVICE_DELETED event back from qemu, indicating
that the guest has finished with the device.

This patch delays these two operations until receipt of
DEVICE_DELETED, which removes an ugly wart from
qemuDomainDetachDeviceLive(), and also seems to be a more correct
sequence of events.

Signed-off-by: Laine Stump <laine@laine.org>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
2019-03-26 11:05:04 -04:00
Laine Stump
78b03a7770 qemu_hotplug: delay sending DEVICE_REMOVED event until after *all* teardown
The VIR_DOMAIN_EVENT_ID_DEVICE_REMOVED event is sent after qemu has
responded to a device_del command with a DEVICE_DELETED event. Before
queuing the event, *some* of the final teardown of the device's
trappings in libvirt is done, but not *all* of it. As a result, an
application may receive and process the DEVICE_REMOVED event before
libvirt has really finished with it.

Usually this doesn't cause a problem, but it can - in the case of the
bug report referenced below, vdsm is assigning a PCI device to a guest
with managed='no', using livirt's virNodeDeviceDetachFlags() and
virNodeDeviceReAttach() APIs. Immediately after receiving a
DEVICE_REMOVED event from libvirt signalling that the device had been
successfully unplugged, vdsm would cal virNodeDeviceReAttach() to
unbind the device from vfio-pci and rebind it to the host driverm but
because the event was received before libvirt had completely finished
processing the removal, that device was still on the "activeDevs"
list, and so virNodeDeviceReAttach() failed.

Experimentation with additional debug logs proved that libvirt would
always end up dispatching the DEVICE_REMOVED event before it had
removed the device from activeDevs (with a *much* greater difference
with managed='yes', since in that case the re-binding of the device
occurred after queuing the device).

Although the case of hostdev devices is the most extreme (since there
is so much involved in tearing down the device), *all* device types
suffer from the same problem - the DEVICE_REMOVED event is queued very
early in the qemuDomainRemove*Device() function for all of them,
resulting in a possibility of any application receiving the event
before libvirt has really finished with the device.

The solution is to save the device's alias (which is the only piece of
info from the device object that is needed for the event) at the
beginning of processing the device removal, and then queue the event
as a final act before returning. Since all of the
qemuDomainRemove*Device() functions (except
qemuDomainRemoveChrDevice()) are now called exclusively from
qemuDomainRemoveDevice() (which selects which of the subordinates to
call in a switch statement based on the type of device), the shortest
route to a solution is to doing the saving of alias, and later
queueing of the event, in the higher level qemuDomainRemoveDevice(),
and just completely remove the event-related code from all the
subordinate functions.

The single exception to this, as mentioned before, is
qemuDomainRemoveChrDevice(), which is still called from somewhere
other than qemuDomainRemoveDevice() (and has a separate arg used to
trigger different behavior when the chr device has targetType ==
GUESTFWD), so it must keep its original behavior intact, and must be
treated differently by qemuDomainRemoveDevice() (similar to the way
that qemuDomainDetachDeviceLive() treats chr and lease devices
differently from all the others).

Resolves: https://bugzilla.redhat.com/1658198

Signed-off-by: Laine Stump <laine@laine.org>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
2019-03-26 11:05:04 -04:00
Laine Stump
dd60bd62d3 qemu_hotplug: consolidate all common detach code in qemuDomainDetachDeviceLive
Now that all the qemuDomainDetachPrep*() functions look nearly
identical at the end, we can put one copy of that identical code in
qemuDomainDetachDeviceLive() at the point after the individual prep
functions have been called, and remove the duplicated code from all
the prep functions. The code to locate the target "detach" device
based on the "match" device remains, as do all device-type-specific
validations.

Unfortunately there are a few things going on at once in this patch,
which makes it a bit more difficult to follow than the others; it was
just impossible to do the changes in stages and still have a
buildable/testable tree at each step.

The other changes of note:

* The individual prep functions no longer need their driver or async
  args, so those are removed, as are the local "ret" variables, since
  in all cases the functions just directly return -1 or 0.

* Some of the prep functions were checking for a valid alias and/or
  for attempts to detach a multifunction PCI device, but not all. In
  fact, both checks are valid (or at least harmless) for *all* device
  types, so they are removed from the prep functions, and done a
  single time in the common function.

  (any attempts to *create* an alias when there isn't one has been
  removed, since that is doomed to failure anyway; the only way the
  device wouldn't have an alias is if 1) the domain was created by
  calling virsh qemu-attach to attach an existing qemu process to
  libvirt, and 2) the qemu command that started said process used "old
  style" arguments for creating devices that didn't have any device
  ids. Even if we constructed a device id for one of these devices,
  qemu wouldn't recognize it in the device_del command anyway, so we
  may as well fail earlier with "device missing alias" rather than
  failing later with "couldn't delete device net0".)

* Only one type of device has shutdown code that must not be called
  until after *all* validation of the device is done (including
  checking for multifunction PCI and valid alias, which is done in the
  toplevel common code). For this reason, the Net function has been
  split in two, with the 2nd half (qemuDomainDetachShutdownNet())
  called from the common function, right before sending the delete
  command to qemu.

Signed-off-by: Laine Stump <laine@laine.org>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
2019-03-26 11:05:04 -04:00
Laine Stump
444c5e7c43 qemu_hotplug: audit *all* auditable device types in qemuDomainRemoveAuditDevice
Although all hotpluggable devices other than lease, controller,
watchdof, and vsock can be audited, and *are* audited when an unplug
is successful, only disk, net, and hostdev were actually being audited
on failure.

This patch corrects that omission.

Signed-off-by: Laine Stump <laine@laine.org>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
2019-03-26 11:05:04 -04:00
Laine Stump
b914e0eca3 qemu_hotplug: new function qemuDomainRemoveAuditDevice()
This function can be called with a virDomainDevicePtr and whether or
not the removal was successful, and it will call the appropriate
virDomainAudit*() function with the appropriate args for whatever type
of device it's given (or do nothing, if that's appropriate). This
permits generalizing some code that currently has a separate copy for
each type of device.

NB: Although the function initially will be called only with
success=false, that has been made an argument so that in the future
(when the qemuDomainRemove*Device() functions have had their common
functionality consolidated into qemuDomainRemoveDevice()), this new
common code can call qemuDomainRemoveAuditDevice() for all types.

Signed-off-by: Laine Stump <laine@laine.org>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
2019-03-26 11:05:04 -04:00
Laine Stump
e1949c7045 qemu_hotplug: rename Chr and Lease Detach functions
qemuDomainDetachDeviceChr and qemuDomainDetachDeviceLease are more
consistent with each other.

Signed-off-by: Laine Stump <laine@laine.org>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
2019-03-26 11:05:03 -04:00
Laine Stump
b6a53bf907 qemu_hotplug: standardize the names/args/calling of qemuDomainDetach*()
Most of these functions will soon contain only some setup for
detaching the device, not the detach code proper (since that code is
identical for these devices). Their device specific functions are all
being renamed to qemuDomainDetachPrep*(), where * is the
name of that device's data member in the virDomainDeviceDef
object.

Since there will be other code in qemuDomainDetachDeviceLive() after
the calls to qemuDomainDetachPrep*() that could still fail, we no
longer directly set "ret" with the return code from
qemuDomainDetachPrep*() functions, but simply return -1 on
failure, and wait until the end of qemuDomainDetachDeviceLive() to set
ret = 0.

Along with the rename, qemuDomainDetachPrep*() functions are also
given similar arglists, including an arg called "match" that points to
the proto-object of the device we want to delete, and another arg
"detach" that is used to return a pointer to the actual object that
will be (for now *has been*) detached. To make sure these new args
aren't confused with existing local pointers that sometimes had the
same name (detach), the local pointer to the device is now named after
the device type ("controller", "disk", etc). These point to the same
place as (*detach)->data.blah, it's just easier on the eyes to have,
e.g., "disk->dst" rather than "(*detach)->data.disk-dst".

Signed-off-by: Laine Stump <laine@laine.org>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
2019-03-26 11:05:03 -04:00
Laine Stump
2ec6faea79 qemu_hotplug: separate Chr|Lease from other devices in DetachDevice switch
The Chr and Lease devices have detach code that is too different from
the other device types to handle with common functionality (which will
soon be added at the end of qemuDomainDetachDeviceLive(). In order to
make this difference obvious, move the cases for those two device
types to the top of the switch statement in
qemuDomainDetachDeviceLive(), have the cases return immediately so the
future common code at the end of the function will be skipped, and
also include some hopefully helpful comments to remind future
maintainers why these two device types are treated differently.

Any attempt to detach an unsupported device type should also skip the
future common code at the end of the function, so the case for
unsupported types is similarly changed from a simple break to a return
-1.

Signed-off-by: Laine Stump <laine@laine.org>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
2019-03-26 11:05:03 -04:00
Laine Stump
c4d6a121a8 qemu_hotplug: rename dev to match in qemuDomainDetachDeviceLive
I'm about to add a second virDomainDeviceDef to this function that
will point to the actual device in the domain object. while this is
just a partially filled-in example of what to look for. Naming it
match will make the code easier to follow.

Signed-off-by: Laine Stump <laine@laine.org>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
2019-03-26 11:05:03 -04:00
Laine Stump
637d72f985 qemu_hotplug: make Detach functions called only from qemu_hotplug.c static
These are no longer called from qemu_driver.c, since the function that
called them (qemuDomainDetachDeviceLive()) has been moved to
qemu_hotplug.c, and they are no longer called from testqemuhotplug.c
because it now just called qemuDomainDetachDeviceLive() instead of all
the subordinate functions.

Signed-off-by: Laine Stump <laine@laine.org>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
2019-03-26 11:05:03 -04:00
Laine Stump
b204941865 qemu_hotplug: pull qemuDomainUpdateDeviceList out of qemuDomainDetachDeviceLive
qemuDomainDetachDeviceLive() is called from two places in
qemu_driver.c, and qemuDomainUpdateDeviceList() is called from the
end of qemuDomainDetachDeviceLive(), which is now in qemu_hotplug.c

This patch replaces the single call to qemuDomainUpdateDeviceList()
with two calls to it immediately after return from
qemuDomainDetachDeviceLive(). This is only done if the return from
that function is exactly 0, in order to exactly preserve previous
behavior.

Removing that one call from qemuDomainDetachDeviceList() will permit
us to call it from the test driver hotplug test, replacing the
separate calls to qemuDomainDetachDeviceDiskLive(),
qemuDomainDetachChrDevice(), qemuDomainDetachShmemDevice() and
qemuDomainDetachWatchdog(). We want to do this so that part of the
common functionality of those three functions (and the rest of the
device-specific Detach functions) can be pulled up into
qemuDomainDetachDeviceLive() without breaking the test. (This is done
in the next patch).

NB: Almost certainly this is "not the best place" to call
qemuDomainUpdateDeviceList() (actually, it is provably the *wrong*
place), since it's purpose is to retrieve an "up to date" list of
aliases for all devices from qemu, and if the guest OS hasn't yet
processed the detach request, the now-being-removed device may still
be on that list. It would arguably be better to instead call
qemuDomainUpdateDevicesList() later during the response to the
DEVICE_DELETED event for the device. But removing the call from the
current point in the detach could have some unforeseen ill effect due
to changed timing, so the change to move it into
qemuDomainRemove*Device() will be done in a separate patch (in order
to make it easily revertible in case it causes a regression).

Signed-off-by: Laine Stump <laine@laine.org>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
2019-03-26 11:05:03 -04:00
Laine Stump
e4d96324b4 qemu_hotplug: remove extra function in middle of DetachController call chain
qemuDomainDetachDeviceControllerLive() just checks if the controller
type is SCSI, and then either returns failure, or calls
qemuDomainDetachControllerDevice().

Instead, lets just check for type != SCSI at the top of the latter
function, and call it directly.

Signed-off-by: Laine Stump <laine@laine.org>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
2019-03-26 11:05:03 -04:00
Laine Stump
6a9c3fbade qemu_hotplug: move qemuDomainDetachDeviceLive() to qemu_hotplug.c
This function is going to take on some of the functionality of its
subordinate functions, which all live in qemu_hotplug.c.

qemuDomainDetachDeviceControllerLive() is only called from
qemuDomainDetachDeviceLive() (and will soon be merged into
qemuDomainDetachControllerDevice(), which is in qemu_hotplug.c), so
it is also moved.

Signed-off-by: Laine Stump <laine@laine.org>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
2019-03-26 11:05:03 -04:00
Peter Krempa
24181fa0a9 qemu: monitor: Remove unused qemuMonitor(JSON)SetVNCPassword
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-26 14:12:05 +01:00
Peter Krempa
ac5b6cfea8 qemu: Assume that 'set_password' and 'expire_password' are supported
They were added in qemu commit 7572150c189c6553c2448334116ab717680de66d
released in v0.14.0.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-26 14:12:05 +01:00
Eric Blake
a3d179807a snapshot: Make virDomainMomentObjListGetNames more generic
Rather than hard-coding the snapshot filter bit values into the
generic code, add another layer of indirection: callers must map which
of their public filter bits correspond to supported moment bits, then
pass two separate flags (the ones translated for moment code to
operate on, and the remaining ones for the filter callback to operate
on).

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-25 14:53:33 -05:00
Laine Stump
015e71c54d qemu_hotplug: move (Attach|Detach)Lease functions with others of same type
The Attach and Detach Lease functions were together in the middle of
the Detach functions. Put them at the end of their respective
sections, since they behave differently from the other attach/detach
functions (DetachLease doesn't use qemuDomainDeleteDevice(), and is
always synchronous).

Signed-off-by: Laine Stump <laine@laine.org>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
2019-03-25 12:34:18 -04:00
Laine Stump
5a8ffaec76 qemu_hotplug: move (almost) all qemuDomainDetach*() functions together
There were two outliers at the end of the file beyond the Vcpu
functions.

Signed-off-by: Laine Stump <laine@laine.org>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
2019-03-25 12:34:18 -04:00
Laine Stump
036a4521f3 qemu_hotplug: move qemuDomainChangeGraphicsPasswords()
It was sitting down in the middle of all the qemuDomainDetach*()
functions. Move it up with the rest of the qemuDomain*Graphics*()
functions.

Signed-off-by: Laine Stump <laine@laine.org>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
2019-03-25 12:34:18 -04:00
Laine Stump
6be2414820 qemu_hotplug: merge qemuDomainDetachThisHostDevice into qemuDomainDetachHostDevice
It's now only called from one place, and combining the two functions
highlights the similarity with Detach functions for other device
types.

Signed-off-by: Laine Stump <laine@laine.org>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
2019-03-25 12:34:18 -04:00
Laine Stump
48a2668151 qemu_hotplug: don't call DetachThisHostDevice for hostdev network devices
Back in the bad old days different device types required a different
qemu monitor call to detach them, and so an <interface type='hostdev'>
needed to call the function for detaching hostdevs, while other
<interface> types could be deleted as netdevs.

Times have changed, and *all* device types are detached by calling the
common function qemuDomainDeleteDevice(vm, alias), so we don't need to
differentiate between hostdev interfaces and the others for that
reason.

There are a few other netdev-specific functions called during
qemuDomainDetachNetDevice() (clearing bandwidth limits, stopping the
interface), but those turn into NOPs when type=hostdev, so they're
safe to call for type=hostdev.

The only thing that is different + not a NOP is the call to
virDomainAudit*() when qemuDomainDeleteDevice() fails, so if we add a
conditional for that small bit of code, we can eliminate the callout
from qemuDomainDetachNetDevice() to qemuDomainDetachThisDevice(),
which makes this function fit the desired pattern for merging with the
other detach functions, and paves the way to simplifying
qemuDomainDetachHostDevice() too.

Signed-off-by: Laine Stump <laine@laine.org>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
2019-03-25 12:34:18 -04:00
Laine Stump
ac442713e6 qemu_hotplug: refactor qemuDomainDetachDiskLive and qemuDomainDetachDiskDevice
qemuDomainDetachDiskDevice() is only called from one place. Moving the
contents of the function to that place makes
qemuDomainDetachDiskLive() more similar to the other Detach functions
called by the toplevel qemuDomainDetachDevice().

The goal is to make each of the device-type-specific functions do this:

  1) find the exact device
  2) do any device-specific validation
  3) do general validation
  4) do device-specific shutdown (only needed for net devices)
  5) do the common block of code to send device_del to qemu, then
     optionally wait for a corresponding DEVICE_DELETED event from
     qemu.

with the final aim being that only items 1 & 2 will remain in each
device-type-specific function, while 3 & 5 (which are the same for
almost every type) will be de-duplicated and moved to the toplevel
function that calls all of these (qemuDomainDetachDeviceLive(), which
will also contain a callout to the one instance of (4) (netdev).

Signed-off-by: Laine Stump <laine@laine.org>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
2019-03-25 12:34:18 -04:00
Laine Stump
1ed46f3a22 qemu_hotplug: eliminate unnecessary call to qemuDomainDetachNetDevice()
qemuDomainDetachHostDevice() has a check at the end that calls
qemuDomainDetachNetDevice() in the case that the hostdev is actually a
Net device of type='hostdev'. A long time ago when device removal was
(supposedly but not actually) synchronous, this would cause some extra
code to be run prior to removing the device (e.g. restoring the original MAC
address of the device, undoing some sort of virtual port profile, etc).

For quite awhile now the device removal has been asynchronous, so that
"extra teardown" isn't handled by the detach function, but instead is
handled by the Remove function called at a later time. The result is
that when we call qemuDomainDetachNetDevice() from
qemuDomainDetachHostDevice(), it ends up just calling
qemuDomainDetachThisHostDevice() and returning, which is exactly what
we do for all other hostdevs anyway.

Based on that, remove the behavioral difference when parent.type ==
VIR_DOMAIN_DEVICE_NET, and just call qemuDomainDetachThisHostDevice()
for all hostdevs.

Signed-off-by: Laine Stump <laine@laine.org>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
2019-03-25 12:34:18 -04:00
Laine Stump
287415e219 qemu_hotplug: eliminate multiple identical qemuDomainDetachHost*Device() functions
There are separate Detach functions for PCI, USB, SCSI, Vhost, and
Mediated hostdevs, but the functions are all 100% the same code,
except that the PCI function checks for the guest side of the device
being a PCI Multifunction device, while the other 4 check that the
device's alias != NULL.

The check for multifunction PCI devices should be done for *all*
devices that are connected to the PCI bus in the guest, not just PCI
hostdevs, and qemuIsMultiFunctionDevice() conveniently returns false
if the queried device doesn't connect with PCI, so it is safe to make
this check for all hostdev devices. (It also needs to be done for many
other device types, but that will be addressed in a future patch).

Likewise, since all hostdevs are detached by calling
qemuDomainDeleteDevice(), which requires the device's alias, checking
for a valid alias is a reasonable thing for PCI hostdevs too.

Signed-off-by: Laine Stump <laine@laine.org>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-25 12:34:18 -04:00
Laine Stump
1c2866a1f6 qemu_hotplug: rename a virDomainDeviceInfoPtr to avoid confusion
Having an InfoPtr named "dev" made my brain hurt. Renaming it to
"info" gives one less thing to confuse when looking at the code.

Signed-off-by: Laine Stump <laine@laine.org>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
2019-03-25 12:34:18 -04:00
Laine Stump
155064e0ed qemu_hotplug: remove unnecessary check for valid PCI address
When support for hotplug/unplug of SCSI controllers was added way back
in December 2009 (commit da9d937b), unplug was handled by calling the
now-extinct function qemuMonitorRemovePCIDevice(), which required a
PCI address as an argument. At the same time, the idea of every device
in the config having a PCI address apparently was not yet fully
implemented, because the author of the patch including a check for a
valid PCI address in the device object.

These days, all PCI devices are guaranteed to have a valid PCI
address. But more important than that, we no longer detach devices by
PCI address, but instead use qemuDomainDeleteDevice(), which
identifies the device by its alias. So checking for a valid PCI
address is just pointless extra code that obscures the high level of
similarity between all the individual qemuDomainDetach*Device()
functions.

Signed-off-by: Laine Stump <laine@laine.org>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-25 12:34:18 -04:00
Laine Stump
e18e9b72a9 qemu_hotplug: remove another erroneous qemuDomainDetachExtensionDevice() call
qemuDomainRemoveRNGDevice() calls qemuDomainDetachExtensionDevice().
According to commit 1d1e264f1 that added this code, it should not be
necessary to explicitly remove the zPCI extension device for a PCI
device during unplug, because "QEMU implements an unplug callback
which will unplug both PCI and zPCI device in a cascaded way". In
fact, no other devices call qemuDomainDetachExtensionDevice() during
their qemuDomainRemove*Device() function, so it should be removed from
qemuDomainRemoveRNGDevice as well.

Signed-off-by: Laine Stump <laine@laine.org>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
2019-03-25 12:34:17 -04:00
Laine Stump
1432916983 qemu_hotplug: remove erroneous call to qemuDomainDetachExtensionDevice()
qemuDomainDetachControllerDevice() calls
qemuDomainDetachExtensionDevice() when the controller type is
PCI. This is incorrect in multiple ways:

* Any code that tears down a device should be in the
  qemuDomainRemove*Device() function (which is called after libvirt
  gets a DEVICE_DELETED event from qemu indicating that the guest is
  finished with the device on its end. The qemuDomainDetach*Device()
  functions should only contain code that ensures the requested
  operation is valid, and sends the command to qemu to initiate the
  unplug.

* qemuDomainDetachExtensionDevice() is a function that applies to
  devices that plug into a PCI slot, *not* necessarily PCI controllers
  (which is what's being checked in the offending code). The proper
  way to check for this would be to see if the DeviceInfo for the
  controller device had a PCI address, not to check if the controller
  is a PCI controller (the code being removed was doing the latter).

* According to commit 1d1e264f1 that added this code (and other
  support for hotplugging zPCI devices on s390), it's not necessary to
  explicitly detach the zPCI device when unplugging a PCI device. To
  quote:

       There's no need to implement hot unplug for zPCI as QEMU
       implements an unplug callback which will unplug both PCI and
       zPCI device in a cascaded way.

  and the evidence bears this out - all the other uses of
  qemuDomainDetachExtensionDevice() (except one, which I believe is
  also in error, and is being removed in a separate patch) are only to
  remove the zPCI extension device in cases where it was successfully
  added, but there was some other failure later in the hotplug process
  (so there was no regular PCI device to remove and trigger removal of
  the zPCI extension device).

* PCI controllers are not hot pluggable, so this is dead code
  anyway. (The only controllers that can currently be
  hotplugged/unplugged are SCSI controllers).

Signed-off-by: Laine Stump <laine@laine.org>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
2019-03-25 12:34:17 -04:00
Eric Blake
9884b2d185 snapshot: Avoid infloop during REDEFINE
Commit 55c2ab3e accidentally introduced an infinite loop while
checking whether a redefined snapshot would cause an infinite loop in
chasing its parents back to a root.  Alas, 'make check' did not catch
it, so my next patch will be a testsuite improvement that would have
hung and prevented the bug from being checked in to begin with.

Signed-off-by: Eric Blake <eblake@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
2019-03-25 08:50:45 -05:00
Daniel Henrique Barboza
f1d6585300 domain_conf: check device address before attach
In a case where we want to hotplug the following disk:

<disk type='file' device='disk'>
    (...)
    <address type='drive' controller='0' bus='0' target='0' unit='0'/>
</disk>

In a QEMU guest that has a single OS disk, as follows:

<disk type='file' device='disk'>
    (...)
    <address type='drive' controller='0' bus='0' target='0' unit='0'/>
</disk>

What happens is that the existing guest disk will receive the ID
'scsi0-0-0-0' due to how Libvirt calculate the alias based on
the address in qemu_alias.c, qemuAssignDeviceDiskAlias. When hotplugging
a disk that happens to have the same address, Libvirt will calculate
the same ID to it and attempt to device_add. QEMU will refuse it:

$ virsh attach-device ub1810 hp-disk-dup.xml
error: Failed to attach device from hp-disk-dup.xml
error: internal error: unable to execute QEMU command 'device_add': Duplicate ID 'scsi0-0-0-0' for device

And Libvirt follows it up with a cleanup code in qemuDomainAttachDiskGeneric
that ends up removing what supposedly is a faulty hotplugged disk but, in
this case, ends up being the original guest disk.

This patch adds an address verification for all attached devices, avoid
calling the driver attach() function using a device with duplicated address.
The change is done in virDomainDefCompatibleDevice when @action is equal
to VIR_DOMAIN_DEVICE_ACTION_ATTACH. The affected callers are:

- qemuDomainAttachDeviceLiveAndConfig, both LIVE and CONFIG cases;
- lxcDomainAttachDeviceFlags, both LIVE and CONFIG.

The check is done using the virDomainDefHasDeviceAddress, a generic
function that can check address duplicates for all supported device
types, not limiting just to DeviceDisk type.

After this patch, this is the result of the previous attach-device call:

$ ./run tools/virsh attach-device ub1810 hp-disk-dup.xml
error: Failed to attach device from hp-disk-dup.xml
error: Requested operation is not valid: Domain already contains a device with the same address

Reported-by: Srikanth Aithal <bssrikanth@in.ibm.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2019-03-25 10:23:59 +01:00
Michal Privoznik
5e752513d8 virDomainMomentAssignDef: Don't dereference a NULL pointer
This functions tries to add a domain moment (love the name!) onto
a list of domain moments. Firstly, it checks if another moment
with the same name already exists. Then, it creates an empty
moment (without initializing its definition) and tries to add the
moment onto the list dereferencing moment definition in that
process. If it succeeds (which it never can), only after that it
sets moment->def.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-22 11:19:41 +01:00
Nikolay Shirokovskiy
1193d9737b xml: nodedev: make pci capability class element optional
Commit 3bd4ed46 introduced this element as required which
breaks backcompat for test driver. Let's make the element optional.

Reviewed-by: Erik Skultety <eskultet@redhat.com>
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2019-03-22 12:59:56 +03:00
Nikolay Shirokovskiy
01e11ebcb6 nwfilter: fix adding std MAC and IP values to filter binding
Commit d1a7c08eb changed filter instantiation code to ignore MAC and IP
variables explicitly specified for filter binding. It just replaces
explicit values with values associated with the binding. Before the
commit virNWFilterCreateVarsFrom was used so that explicit value
take precedence. Let's bring old behavior back.

This is useful. For example if domain has two interfaces it makes
sense to list both mac adresses in MAC var of every interface
filterref. So that if guest make a bond of these interfaces
and start sending frames with one of the mac adresses from
both interfaces we can pass outgress traffic from both
interfaces too.

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2019-03-22 12:03:00 +03:00
Eric Blake
ac0379043a snapshot: Make virDomainSnapshotObjList use MomentObjList
Now that the generic moment code does pretty much everything that both
snapshots and checkpoints will need, it's time to replace the
now-duplicate code in virdomainsnapshotobjlist.c with simpler calls
into the generic code. I considered using sub-classing (a
'virDomainMomentObjList parent;' member, but that requires making the
opaque type visible in headers; so for now, I stuck with a container
instead (a 'virDomainMomentObjListPtr base;' member).

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-22 01:18:34 -05:00
Eric Blake
dc8d3dc6cd snapshot: Create new virDomainMomentObjList type
The new code here very heavily resembles the code in
virDomainSnapshotObjList. There are still a couple of spots that are
tied a little too heavily to snapshots (the free function lacks a
polymorphic cleanup until we refactor code to use virObject; and an
upcoming patch will add internal VIR_DOMAIN_MOMENT_LIST flags to
replace the snapshot flag bits), but in general this is fairly close
to the state needed to add checkpoint lists.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-22 01:18:34 -05:00
Eric Blake
5d23cd1c52 snapshot: Rename file for virDomainMomentObj
Now that we have made virDomainMomentObj sufficiently generic to
support both snapshots and checkpoints, it is time to rename the file
that it lives in. The split between a generic object and a list of the
generic objects doesn't buy us as much, so it will be easier to stick
all the moment list code in one file, with more code moving in the
next patch.  The changes during the move are fairly minor, although it
is worth pointing out that the log/error messages for the new file
report that they are from "domain", since the file will eventually be
shared by both "domain snapshot" and "domain checkpoint".

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-22 01:18:34 -05:00
Eric Blake
e055a816af snapshot: Rename virDomainSnapshotObjPtr
Now that the core of SnapshotObj is agnostic to snapshots and can be
shared with upcoming checkpoint code, it is time to rename the struct
and the functions specific to list operations. A later patch will
shuffle which file holds the common code. This is a fairly mechanical
patch.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-22 01:18:34 -05:00
Eric Blake
1ab05da228 snapshot: Switch type of virDomainSnapshotObj.def
Another step towards making the object list reusable for both
snapshots and checkpoints: the list code only ever needs items that
are in the common virDomainMomentDef base type. This undoes a lot of
the churn in accessing common members added in the previous patch, and
the bulk of the patch is mechanical. But there was one spot where I
had to unroll a VIR_STEAL_PTR to work around changed types.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-22 01:18:34 -05:00
Eric Blake
ffc0fbebe2 snapshot: Factor out virDomainMomentDef class
Pull out the common parts of virDomainSnapshotDef that will be reused
for virDomainCheckpointDef into a new base class.  Adjust all callers
that use the direct fields (some of it is churn that disappears when
the next patch refactors virDomainSnapshotObj; oh well...).

Someday, I hope to switch this type to be a subclass of virObject, but
that requires a more thorough audit of cleanup paths, and besides
minimal incremental changes are easier to review.

As for the choice of naming:
I promised my teenage daughter Evelyn that I'd give her credit for her
contribution to this commit. I asked her "What would be a good name
for a base class for DomainSnapshot and DomainCheckpoint". After
explaining what a base class was (using the classic OOB Square and
Circle inherit from Shape), she came up with "DomainMoment", which is
way better than my initial thought of "DomainPointInTime" or
"DomainPIT".

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-22 01:18:34 -05:00
Eric Blake
de80cdbcc9 snapshot: Refactor list filtering
Separate the algorithm for which list members to vist (which is
generic and can be shared with checkpoints, provided that common
filtering bits are either declared with the same value or have a
mapping from public API to common value) from the decision on which
members to return (which is specific to snapshots).  The typedef for
the callback function feels a bit heavy here, but will make it easier
to move the common portions in a later patch.

As part of the refactoring, note that the macros for selecting filter
bits are specific to listing functionality, so they belong better in
virdomainsnapshotobjlist.h (missed in commit 9b75154c).

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-22 01:18:33 -05:00
Eric Blake
55c2ab3e2b snapshot: Access snapshot def directly when needed
An upcoming patch will rework virDomainSnapshotObjList to be generic
for both snapshots and checkpoints; reduce the churn by adding a new
accessor virDomainSnapshotObjGetDef() which returns the
snapshot-specific definition even when the list is rewritten to
operate only on a base class, then using it at sites that that are
specific to snapshots.  Use VIR_STEAL_PTR when appropriate in the
affected lines.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-22 01:18:33 -05:00
Eric Blake
02c4e24db7 snapshot: Add accessors for updating snapshot list relations
Rather than allowing a leaky abstraction where multiple drivers have
to open-code operations that update the relations in a
virDomainSnapshotObjList, it is better to add accessor functions so
that updates to relations are maintained closer to the internals.
This patch finishes the job started in the previous patch, by getting
rid of all direct access to nchildren, first_child, or sibling outside
of the lowest level functions, making it easier to refactor later on.

The lone new caller to virDomainSnapshotObjListSize() checks for a
return != 0, because it wants to handles errors (-1, only possible if
the hash table wasn't allocated) and existing snapshots (> 0) in the
same manner; we can drop the check for a current snapshot on the
grounds that there shouldn't be one if there are no snapshots.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-22 01:18:33 -05:00
Eric Blake
ced0898f86 snapshot: Add accessor for reparenting snapshot children
Rather than allowing a leaky abstraction where multiple drivers have
to open-code operations that update the relations in a
virDomainSnapshotObjList, it is better to add accessor functions so
that updates to relations are maintained closer to the internals.
This patch starts the task with a single new function:
virDomainSnapshotMoveChildren(). The logic might not be immediately
obvious [okay, that's an understatement - the existing code uses black
magic ;-)], so here's an overview: The old code has an implicit for
loop around each call to qemuDomainSnapshotReparentChildren() by using
virDomainSnapshotForEachChild() (you'll need a wider context than
git's default of 3 lines to see that); the new code has a more visible
for loop. Then it helps if you realize that the code is making two
separate changes to each child object: STRDUP of the new parent name
prior to writing XML files (unchanged), and touching up the pointer to
the parent object (refactored); the end result is the same whether a
single pass made both changes (both in driver code), or whether it is
split into two passes making one change each (one in driver code, the
other in the new accessor).

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-22 01:18:25 -05:00
Eric Blake
4819f54bd3 snapshot: Track current snapshot in virDomainSnapshotObjList
It is easier to track the current snapshot as part of the list of
snapshots. In particular, doing so lets us guarantee that the current
snapshot is cleared if that snapshot is removed from the list (rather
than depending on the caller to do so, and risking a use-after-free
problem, such as the one recently patched in 1db9d0efbf).  This
requires the addition of several new accessor functions, as well as a
useful return type for virDomainSnapshotObjListRemove().  A few error
handling sites that were previously setting vm->current_snapshot =
NULL can now be dropped, because the previous function call has now
done it already.  Also, qemuDomainRevertToSnapshot() was setting the
current vm twice, so keep only the one used on the success path.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-22 01:15:20 -05:00
Eric Blake
40bc98ddaf snapshot: Rework parse logic during libvirt startup
Rework the logic in qemuDomainSnapshotLoad() to set
vm->current_snapshot only once at the end of the loop, rather than
repeatedly querying it during the loop, to make it easier for the next
patch to use accessor functions rather than direct manipulation of
vm->current_snapshot.  When encountering multiple snapshots claiming
to be current (based on the presence of an <active>1</active> element
in the XML, which libvirt only outputs for internal use and not for
any public API), this changes behavior from warning only once and
running with no current snapshot, to instead warning on each duplicate
and selecting the last one encountered (which is arbitrary based on
readdir() ordering, but actually stands a fair chance of being the
most-recently created snapshot whether by timestamp or by the
propensity of humans to name things in ascending order).

Note that the code in question is only run by libvirtd when it first
starts, reading state from disk from the previous run into memory for
this run. Since the data resides somewhere that only libvirt should be
touching (typically /var/lib/libvirt/qemu/snapshot/*), it should be
clean.  So in the common case, the code touched here is unreachable.
But if someone is actually messing with files behind libvirt's back,
they deserve the change in behavior.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-22 01:15:20 -05:00
Eric Blake
f105627992 snapshot: Drop virDomainSnapshotDef.current
The only use for the 'current' member of virDomainSnapshotDef was with
the PARSE/FORMAT_INTERNAL flag for controlling an internal-use
<active> element marking whether a particular snapshot definition was
current, and even then, only by the qemu driver on output, and by qemu
and test driver on input. But this duplicates vm->snapshot_current,
and gets in the way of potential simplifications to have qemu store a
single file for all snapshots rather than one file per snapshot.  Get
rid of the member by adding a bool* parameter during parse (ignored if
the PARSE_INTERNAL flag is not set), and by adding a new flag during
format (if FORMAT_INTERNAL is set, the value printed in <active>
depends on the new FORMAT_CURRENT).

Then update the qemu driver accordingly, which involves hoisting
assignments to vm->current_snapshot to occur prior to any point where
a snapshot XML file is written (although qemu kept
vm->current_snapshot and snapshot->def_current in sync by the end of
the function, they were not always identical in the middle of
functions, so the shuffling gets a bit interesting). Later patches
will clean up some of that confusing churn to vm->current_snapshot.

Note: even if later patches refactor qemu to no longer use
FORMAT_INTERNAL for output (by storing bulk snapshot XML instead), we
will always need PARSE_INTERNAL for input (because on upgrade, a new
libvirt still has to parse XML left from a previous libvirt).

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-22 01:15:20 -05:00
Eric Blake
0baf6945ed snapshot: Minor cleanup to virDomainSnapshotAssignDef
When a future patch converts virDomainSnapshotDef to be a virObject,
we need to be careful that converting VIR_FREE() to virObjectUnref()
does not result in double frees. Reorder the assignment of def into
the object to the point after object is in the hash table (as
otherwise the virHashAddEntry() error path would have a shot at
freeing def prematurely).

Suggested-by: John Ferlan <ferlan@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2019-03-22 01:15:20 -05:00
Eric Blake
967eef2b95 snapshot: Tweaks to bulk dumpxml/import internals
Change the return value of virDomainSnapshotObjListParse() to return
the number of snapshots imported, and allow a return of 0 (the
original proposal of adding a flag to virDomainSnapshotCreateXML
required returning an arbitrary non-NULL snapshot, but that idea was
abandoned; and by returning a count, we are no longer constrained to a
non-empty list).

Document which flags are supported (namely, just SECURE) in
virDomainSnapshotObjListFormat().

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-22 01:15:20 -05:00
Eric Blake
063042c7d0 vbox: Clean up some snapshot usage
An upcoming patch will be reworking virDomainSnapshotDef to have a
base class; minimize the churn by using a local variable to reduce the
number of dereferences required when acessing the domain definition
associated with the snapshot.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-22 01:15:20 -05:00
Cole Robinson
05be8d8b06 qemu: add virQEMUCapsSetVAList
And adjust virQEMUCapsSetList to use it. It will also be used in future
patches.

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-03-21 12:43:01 -04:00
Eric Blake
1db9d0efbf test: Avoid use-after-free on virDomainSnapshotDelete
The following virsh command was triggering a use-after-free:

$ virsh -c test:///default '
  snapshot-create-as test s1
  snapshot-create-as test s2
  snapshot-delete --children-only test s1
  snapshot-current --name test'
Domain snapshot s1 created
Domain snapshot s2 created
Domain snapshot s1 children deleted

error: name in virGetDomainSnapshot must not be NULL

I got lucky on that run - although the error message is quite
unexpected.  On other runs, I was able to get a core dump, and
valgrind confirms there is a definitive problem.

The culprit? We were inconsistent about whether we set
vm->current_snapshot, snap->def->current, or both when updating how
the current snapshot was being tracked.  As a result, deletion did not
see that snapshot s2 was previously current, and failed to update
vm->current_snapshot, so that the next API using the current snapshot
failed because it referenced stale memory for the now-gone s2 (instead
of the intended s1).

The test driver code was copied from the qemu code (which DOES track
both pieces of state everywhere), but was purposefully simplified
because the test driver does not have to write persistent snapshot
state to the file system.  But when you realize that the only reason
snap->def->current needs to exist is when writing out one file per
snapshot for qemu, it's just as easy to state that the test driver
never has to mess with the field (rather than chasing down which
places forgot to set the field), and have vm->current_snapshot be the
sole source of truth in the test driver.

Ideally, I'd get rid of the 'current' member in virDomainSnapshotDef,
as well as the 'current_snapshot' member in virDomainDef, and instead
track the current member in virDomainSnapshotObjList, coupled with
writing ALL snapshot state for qemu in a single file (where I can use
<snapshots current='...'> as a wrapper, rather than
VIR_DOMAIN_SNAPSHOT_FORMAT_INTERNAL to output <current>1</current> XML
on a per-snapshot file basis).  But that's a bigger change, so for now
I'm just patching things to avoid the test driver segfault.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-20 12:24:25 -05:00
Michal Privoznik
8c08a99745 virnwfilterbindingobj: Introduce and use virNWFilterBindingObjStealDef
https://bugzilla.redhat.com/show_bug.cgi?id=1686927

When trying to create a nwfilter binding via
nwfilterBindingCreateXML() we may encounter a crash. The sequence
of functions called is as follows:

1) nwfilterBindingCreateXML() parses the XML and calls
virNWFilterBindingObjListAdd() which calls
virNWFilterBindingObjListAddLocked()

2) Here, @binding is not found because binding->remove is set.

3) Therefore, controls continue with creating new @binding,
setting its def to the one from 1) and adding it to the hash
table.

4) This fails, because the binding is still in the hash table
(duplicate key is detected).

5) The control jumps to 'error' label where
virNWFilterBindingObjEndAPI() is called which frees the binding
definition passed.

6) Error is propagated to the caller, which calls
virNWFilterBindingDefFree() over the definition again.

The solution is to unset binding->def in case of failure so it's
not freed in step 5).

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-20 16:26:31 +01:00
Peter Krempa
971872ca27 conf: Fold private data parsing into virDomainStorageSourceParse
Storage source private data can be parsed along with other components of
private data rather than a separate function which is called from
multiple places.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-20 15:00:17 +01:00
Peter Krempa
bdc76386d3 conf: Simplify error paths in storage source component parsers
virDomainDiskSourcePrivateDataParse and virDomainDiskSourcePRParse don't
need the 'cleanup' label any more thanks to VIR_XPATH_NODE_AUTORESTORE.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-20 14:34:38 +01:00
Peter Krempa
3145285a06 conf: Refactor control flow in virDomainDiskBackingStoreParse
The function does not have any code in the 'cleanup' label so we can
simplify the control flow.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-20 08:17:05 +01:00
Peter Krempa
0973dbd841 util: xml: Introduce VIR_AUTOPTR functions for xmlDoc and xmlXPathContext
We can use our VIR_AUTOPTR machinery also for libxml2's xmlDoc and
xmlXPathContext.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-20 08:17:05 +01:00
Peter Krempa
afbf71af24 conf: cleanup error path in virDomainStorageSourceParse
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-20 08:17:05 +01:00
Peter Krempa
7981eadf92 conf: Invert 'skipSeclabels' argument of virDomainDiskSourceFormatInternal
Rename it to 'seclabels' and invert the value.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-20 08:17:05 +01:00
Michal Privoznik
181b68ad9d virStoragePoolDefParseSource: Don't leak @port
In a1c453dc08, during VIR_AUTOFREE() rewrite this wasn't done
properly. @port might be leaked because it's allocated in a for()
loop.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2019-03-19 17:36:27 +01:00
Michal Privoznik
66bb371e8e virStoragePoolDefFree: Free @def->refresh
In 669018bc9c I've introduced def->refresh which might be
allocated by virStoragePoolDefRefreshParse() but is never freed.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2019-03-19 17:36:27 +01:00
Andrea Bolognani
9cc92b1db9 conf: Drop unused variable
The refresh_volume_allocation variable in
virStoragePoolDefParseXML() has been unused since its
introduction in commit 669018bc9c, and Clang rightfully
complains about this fact.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2019-03-19 17:31:37 +01:00
Jason Dillaman
f9c38c723a rbd: optionally compute volume allocation from capacity
Use the new refresh volume allocation pool override to skip
computing the actual volume usage if disabled.

Signed-off-by: Jason Dillaman <dillaman@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2019-03-19 16:49:24 +01:00
Jason Dillaman
669018bc9c storage: optional 'refresh' elemement on pool
The new 'refresh' element can override the default refresh operations
for a storage pool. The only currently supported override is to set
the volume allocation size to the volume capacity. This can be specified
by adding the following snippet:

<pool>
...
  <refresh>
    <volume allocation='capacity'/>
  </refresh>
...
</pool>

This is useful for certain backends where computing the actual allocation
of a volume might be an expensive operation.

Signed-off-by: Jason Dillaman <dillaman@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2019-03-19 16:46:21 +01:00