This commit introduces a new capability that reflects virtio-mem-pci
device support in QEMU:
QEMU_CAPS_DEVICE_VIRTIO_MEM_PCI, /* -device virtio-mem-pci */
The virtio-mem-pci device was introduced in QEMU 5.1.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
There are two variables that are used only in a single
loop. Move their definitions into their respective blocks.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Added by QEMU commit:
b96feb2cb9 "9pfs: local: Add support for custom fmode/dmode in 9ps
mapped security modes"
in 2.10.0
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Now that it's no longer used, remove probing for it
and mark it as deprecated.
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Even though we only allow this option on x86,
all QEMUs report the command line option.
Added in QEMU v1.1:
6a48ffaaa7 "kvm: Activate in-kernel irqchip support"
Remove the pointless capability.
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Assume the presence of the 'sandbox' option is enough,
no need to look at the parameters.
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
There is no QEMU we support that would need the old syntax
for -sandbox on.
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
It contains too many negations and conditions that are
no longer relevant now that we only support QEMU >= 2.11.
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
elevateprivileges was introduced by QEMU commit:
73a1e64725 "seccomp: add elevateprivileges argument to command line"
released in 2.11.0
and later made conditional on SECCOMP support by:
9d0fdecbad sandbox: disable -sandbox if CONFIG_SECCOMP undefined
Use the existence of the sandbox option as a witness for its support.
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
When action for 'on_poweroff' is set to 'restart', 'fake reboot'
is triggered and qemu shutdown state is transient. Domain state
need not to be changed and events not sent in this case.
Fixes: 4ffc807214cb80086d57e1d3e7b60959a41d2874
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
QEMU added the capability to disable file transfers via spice in commit
5ad24e5f3b ("spice: Add -spice disable-agent-file-transfer cmdline
option (rhbz#961850)") released in qemu-v1.6.0 and the option can't be
disabled.
Remove the unnecessary validation.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
All supported qemu versions now use the new commandline parser
functions, thus we can remove the old-style commandline generator.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
The switch to QemuOpts parser which brought the long-form options
happened in qemu commit 4db14629c3 ("vnc: switch to QemuOpts, allow
multiple servers") released in v2.3.0.
We can always assume this capability and remove the old-style
generators.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
'qemuDomainSecretGraphicsPrepare' always populates 'gfxPriv->tlsAlias'
when 'cfg->vncTLS' is enabled.
This means we can remove the fallback code setting up TLS for vnc via
the 'x509=' parameter.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
The 'tls-creds-x509' object is always registered even when qemu is built
without gnutls for all supported qemu versions. This means we cannot
probe for its support and thus simplify the code using TLS.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Commit a50c473ad6c988a2 removed last use of 'cfg' from
qemuDomainMemoryPeek and qemuDomainScreenshot triggering a compile time
warning.
Fixes: a50c473ad6c988a249bf79a30fb7c6dc19733347
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
The test driver can share the same code with qemu driver when implement
testDomainGetIOThreadsConfig, so extract it for test driver to use.
Also add a new parameter `bitmap_size` to the function, it's used for
specifying the bitmap size of the bitmap to generate, it would be helpful
for test driver or some special situation.
Signed-off-by: Luke Yue <lukedyue@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
The test driver can share the same code with qemu driver when implement
testDomainAddIOThreadCheck and testDomainDelIOThreadCheck, so extract
them for test driver to use.
Signed-off-by: Luke Yue <lukedyue@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Commit 6bcf25017bc6 ("virDomainMemoryPeek API") introduced memory peek
and commit 9936aecfd1b4 ("qemu: Implement the driver methods")
introduced screenshot. Both of them will put temporary files in
/var/cache/libvirt/qemu, and the temporary files are created by QEMU.
Therefore, the ownership of /var/cache/libvirt/qemu should be changed to
user and group configured in qemu.conf to make sure that QEMU process
can create and write files in the cache directory.
Libvirt will only put the temporary files in /var/cache/libvirt/qemu
until commit cbde35899b90 ("Cache result of QEMU capabilities
extraction"), which will put the cache of QEMU capabilities in
'capabilities' subdir of the cache directory. Because the capabilities
is used by libvirt, the ownership of both 'capabilities' subdir and
capabilities files are root. However, when QEMU process runs as a
regular user (e.g. qemu user), the ownership of /var/cache/libvirt/qemu
will be changed to qemu:qemu while that of
/var/cache/libvirt/qemu/capabilities will be still root:root. Then the
regular user could spoof different capabilities, which maybe lead to
denial of service.
Since the previous patch has move the temp files of screenshot and
memory peek to per-domain directory, no one except domain capabilities
uses cacheDir currently. And since domain capabilities are used by
libvirtd instead of QEMU, no need to change the ownership of cacheDir to
qemu:qemu explicitly.
Signed-off-by: Peng Liang <liangpeng10@huawei.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
The temp files of screenshot and memory peek, which are created by QEMU,
are put in the cache directory. However, the caches of domain
capabilities, which are created and used by libvirtd, are also put in
the cache directory. In order to make the cache directory more secure,
move the temp files of screenshot and memory peek to per-domain
directory.
Since the temp files are just temporary files and are only used by
libvirtd (libvirtd will delete them after use), the use of screenshot
and memory peek will be affected.
Signed-off-by: Peng Liang <liangpeng10@huawei.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Since there's just one type left, we can change the name to a more
generic one.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Now that we've removed support for plaintext secrets qemuDomainSecretInfo
can be simplified by removing the 'type' field and merging in all the
fields from 'qemuDomainSecretAES'.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
It always returns true for iSCSI, so we can remove the fallback logic.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
After removal of plaintext secrets this function is a noop.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
There's no code which could set it any more so we can remove the
generators.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
QEMU supports the 'password-secret' parameter to pass a QCryptoSecret
since 2.9. Remove the alternate plaintext logic.
Unfortunately this had a ripple effect of removing qemuCaps from a lot
of functions.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
The answer is now always 'true', so we can remove the function and
simplify the logic in places where it's called.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
The secret object is supported since qemu-2.6 and can't be compiled out.
Assume the presence to simplify the code.
This enables the use of the secret key for most tests not using real
caps.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
It always returns true. Make the logic a bit simpler to see through.
This completely removes 'virCryptoHaveCipher' as it's pointless in the
current form.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
The code assumes that all supported qemu versions have this capability
so we can retire it.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
qemu supports this since 81b2b81062 ("fw_cfg: insert fw_cfg file blobs
via qemu cmdline") released in qemu-v2.4.0 and it can't be compiled out.
Assume that the option always works and remove the corresponding check.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Added to 'query-command-line-options' in qemu commit 5559716c98
("util/qemu-config: Add loadparm to qemu machine_opts") released in
qemu-v2.10.0 but makes sense for s390 only. Treat it the same as the
keywrap capabilities in previous commit.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
qemu introduced these options in 2eb1cd0768 ("s390x: CPACF: Handle key
wrap machine options") released in qemu-v2.3.0 but was exposed in
query-command-line-options only in 5bcfa0c543 ("util/qemu-config: fix
missing machine command line options").
The problem is that they are exposed even for architectures which don't
actually in fact support those.
Make the two capabilities a bit more useful by assuming them only on
s390 and thus removing them from other arches.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
The code assumes that the feature tracked by this capability always
exists.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Supported since qemu commit 8490fc78e7 ("add -machine mem-merge=on|off
option") released in qemu-v1.3.0 and can't be compiled out.
Assume that it's present and remove the validation code.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
The code assumes that the feature tracked by this capability always
exists.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Supported since qemu commit 3d3b8303c6 ("showing a splash picture when
start") released in qemu-v1.0 and can't be compiled out.
Assume that it's present and remove the validation code.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
The code assumes that the feature tracked by this capability always
exists.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Supported since ac05f34924 ("add a boot parameter to set reboot
timeout") released in qemu-v1.3.0 and can't be compiled out.
Assume that it's present and remove the validation code.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
