Commit Graph

25980 Commits

Author SHA1 Message Date
Marc-André Lureau
7f1bdec5fa nodedev: add drm capability
Add a new 'drm' capability for Direct Rendering Manager (DRM) devices,
providing device type information.

Teach the udev backend to populate those devices.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-02-17 15:47:58 +01:00
Marc-André Lureau
14a3e7ab5c nodedev: parse <path>
This should have been added with c4a4603de (or 0bdefd9b04).

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2017-02-17 15:47:58 +01:00
Marc-André Lureau
0809508ed2 nodedev: add <devnode> paths
Add new <devnode> top-level <device> element, that list the associated
/dev files. Distinguish the main /dev name from symlinks with a 'type'
attribute of value 'dev' or 'symlink'.

Update a test to check XML schema, and actually add it to the test list
since it was missing.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2017-02-17 15:47:58 +01:00
Marc-André Lureau
7f64435307 nodedev: fix extra space in dump
This is a cosmetic change, shouldn't change XML parsing, and doesn't
break any test.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2017-02-17 15:47:58 +01:00
Jiri Denemark
78d27c6501 cputest: Fix name of the file removed by cpu-parse.sh
We want to remove the file created by

    json <<<"$data" >$fname.json

in case it was empty.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-02-17 11:19:29 +01:00
John Ferlan
4337bc57be nodedev: Return the parent for a virNodeDevicePtr struct
When the 'parent' was added to the virNodeDevicePtr structure
by commit id 'e8a4ea75a' the 'parent' field was not properly filled
in when a virGetNodeDevice call was made within driver/config code.
Only the device name was ever filled in. Fetching the parent required
a second trip via virNodeDeviceGetParent into the node device lookup
code was required in order to retrieve the specific parent field (and
still the parent field was never filled in although it was free'd).

Since we have the data when we initially call virGetNodeDevice from
within driver/node_config code - let's just fill in the parent field
as well for anyone that wants it without requiring another trip into
the node_device lookup just to get the parent.

This will allow API's such as virConnectListAllNodeDevices,
virNodeDeviceLookupByName, and virNodeDeviceLookupSCSIHostByWWN
to retrieve both name and parent in the returned virNodeDevicePtr.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-02-16 12:23:04 -05:00
Joao Martins
1e6bc3c581 libxl: fix coverity issues introduced by 6a95edf
As discussed here [0][1] Coverity reported two issues:

- On libxlDomainMigrationPrepareTunnel3 @@mig will be leaked on failures
after sucessfull call libxlDomainMigrationPrepareAny hence we free it.

Setting mig = NULL after @mig is assigned plus adding libxlMigrationCookieFree
on error paths addresses the issue. In case virThreadCreate fails,
unref of args frees the cookie on dispose function (libxlMigrationDstArgsDispose)

- On libxlMigrationStartTunnel @tc would be leaked.

Fixed by correctly saving the newly allocated @tc onto @tnl such that
libxlMigrationStopTunnel would free it up.

[0] https://www.redhat.com/archives/libvir-list/2017-February/msg00791.html
[1] https://www.redhat.com/archives/libvir-list/2017-February/msg00833.html

Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
2017-02-16 12:19:35 -05:00
Michal Privoznik
1d9ab0f04a qemu: Allow empty script path to <interface/>
Before 9c17d665fd (v1.3.2 - I know, right?) it was possible to
have the following interface configuration:

  <interface type='ethernet'/>
    <script path=''/>
  </interface>

This resulted in -netdev tap,script=,.. Fortunately, qemu helped
us to get away with this as it just ignored the empty script
path. However, after the commit mentioned above it's libvirtd
who is executing the script. Unfortunately without special
case-ing empty script path.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-02-16 17:39:34 +01:00
Jim Fehlig
d23dfaae9f news: add entries for libxl driver improvements and bug fixes 2017-02-16 08:49:01 -07:00
Ján Tomko
76fd798191 Validate required CPU features even for host-passthrough
Commit adff345 allowed enabling features with -cpu host
without ajdusting the validity checks on domain startup
and migration.
2017-02-16 15:22:49 +01:00
Nitesh Konkar
5729746543 Ensure disk names follow the disk name regex
Currently disk names do not follow the
(regex) /^[fhv]d[a-z]+[0-9]*$/ completely
and hence one can assign disk names like
vd2 etc. This patch ensures that the
disk names follow the regex mentioned.
This patch also adds a testcase.

Signed-off-by: Nitesh Konkar <nitkon12@linux.vnet.ibm.com>
2017-02-16 09:59:13 +01:00
Jim Fehlig
2dc1cf19db libxl: fix potential double free in libxlDriverGetDom0MaxmemConf
Commit 4ab0c959 fixed a memory leak in libxlDriverGetDom0MaxmemConf
but introduced a potential double free of mem_tokens

*** Error in `/usr/sbin/libvirtd': double free or corruption (out):
    0x00007fffc808cfd0 ***

Avoid double free by setting mem_tokens to NULL after calling
virStringListFree.
2017-02-15 18:24:58 -07:00
Jim Fehlig
b5ac475f50 news: fix spelling of tunneled
s/tunnelled/tunneled/ in news for the libxl tunneled migration feature.
2017-02-15 16:37:34 -07:00
Joao Martins
13b20b2e89 news: document libxl tunnelled migration support
Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
2017-02-15 16:30:59 -07:00
Bob Liu
6a95edf9ab libxl: add tunnelled migration support
Tunnelled migration doesn't require any extra network connections
beside the libvirt daemon.  It's capable of strong encryption and the
default option of openstack-nova.

This patch adds the tunnelled migration(Tunnel3params) support to
libxl.  On the source side, the data flow is:

 * libxlDoMigrateSend() -> pipe libxlTunnel3MigrationFunc() polls pipe
 * out and then write to dest stream.

While on the destination side:
 * Stream -> pipe -> 'recvfd of libxlDomainStartRestore'

The usage is the same as p2p migration, execpt adding one extra
'--tunnelled' to the libvirt p2p migration command.

Signed-off-by: Bob Liu <bob.liu@oracle.com>
Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
2017-02-15 14:47:14 -07:00
Joao Martins
d2100f2b4a libxl: refactor libxlDomainMigrationPrepare
The newly introduced function libxlDomainMigrationPrepareAny
will be shared between P2P and tunnelled variations.

Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
2017-02-15 10:15:50 -07:00
Michal Privoznik
27ac5f3741 qemu_conf: Properly check for retval of qemuDomainNamespaceAvailable
This function is returning a boolean therefore check for '< 0'
makes no sense. It should have been
'!qemuDomainNamespaceAvailable'.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-02-15 15:40:01 +01:00
Michal Privoznik
b57bd206b9 qemu_conf: Check for namespaces availability more wisely
The bare fact that mnt namespace is available is not enough for
us to allow/enable qemu namespaces feature. There are other
requirements: we must copy all the ACL & SELinux labels otherwise
we might grant access that is administratively forbidden or vice
versa.
At the same time, the check for namespace prerequisites is moved
from domain startup time to qemu.conf parser as it doesn't make
much sense to allow users to start misconfigured libvirt just to
find out they can't start a single domain.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-02-15 12:43:23 +01:00
Jim Fehlig
ec94e14b68 apparmor: don't fail on non-apparmor <seclabel>
If the apparmor security driver is loaded/enabled and domain config
contains a <seclabel> element whose type attribute is not 'apparmor',
starting the domain fails when attempting to label resources such
as tap FDs.

Many of the apparmor driver entry points attempt to retrieve the
apparmor security label from the domain def, returning failure if
not found. Functions such as AppArmorSetFDLabel fail even though
domain config contains an explicit 'none' secuirty driver, e.g.

  <seclabel type='none' model='none'/>

Change the entry points to succeed if the domain config <seclabel>
is not apparmor. This matches the behavior of the selinux driver.
2017-02-14 16:53:30 -07:00
Jim Fehlig
5cdfc80ba8 apparmor: don't overwrite error from reload_profile
Like other callers of reload_profile, don't overwrite errors in
AppArmorSetSecurityHostdevLabelHelper.
2017-02-14 16:53:30 -07:00
Jiri Denemark
598b6d7999 qemu_monitor_json: Properly check GetArray return value
Commit 2a8d40f4ec refactored qemuMonitorJSONGetCPUx86Data and replaced
virJSONValueObjectGet(reply, "return") with virJSONValueObjectGetArray.
While the former is guaranteed to always return non-NULL pointer the
latter may return NULL if the returned JSON object is not an array.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-02-14 23:09:31 +01:00
Andrea Bolognani
ee6ec7824d qemu: Call chmod() after mknod()
mknod() is affected my the current umask, so we're not
guaranteed the newly-created device node will have the
right permissions.

Call chmod(), which is not affected by the current umask,
immediately afterwards to solve the issue.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1421036
2017-02-14 19:23:05 +01:00
Andrea Bolognani
e04bd5b6fc spec: Require libacl when building the QEMU driver
For the namespaces feature to work properly we need to be able
to make a perfect copy of the original /dev, including ACLs.

By adding a BuildRequires on libacl-devel we ensure that ACL
support will be enabled at configure time and made available
to the QEMU driver.
2017-02-14 19:07:43 +01:00
Andrea Bolognani
c315ead702 configure: Move ACL checks to a separate file 2017-02-14 19:06:30 +01:00
Ján Tomko
4a41cf18b1 util: fix off-by-one when expanding a bitmap
To make sure bit 'b' fits into the bitmap, we need to allocate b+1
bits, since we number from 0.

Adjust the bitmap test to set a bit at a multiple of 16.
That way the test fails without this fix, because the VIR_REALLOC
call clears the newly added memory even if the original pointer
has not changed.
2017-02-14 13:30:48 +01:00
Tomáš Golembiovský
5d82a2085f valgrind: add suppression for bash memory leak
Add suppression for memory leak in bash observerd with bash 4.4.011 on
Arch Linux.

Signed-off-by: Tomáš Golembiovský <tgolembi@redhat.com>
2017-02-14 10:54:29 +01:00
Ján Tomko
723fef99c0 qemu: enforce maximum ports value for nec-xhci
This controller only allows up to 15 ports.

https://bugzilla.redhat.com/show_bug.cgi?id=1375417
2017-02-13 16:34:09 +01:00
Roman Bogorodskiy
a69f3c9b63 docs: document bhyve e1000 support
* Add bhyve e1000 support entry to release notes
 * Update the bhyve driver page with usage sample
2017-02-13 17:25:43 +04:00
Ján Tomko
4a7773f7ea conf: check port range even for USB hubs
Move the range check introduced by commit 2650d5e into
virDomainUSBAddressFindPort. That way both virDomainUSBAddressRelease
and virDomainUSBAddressSetAddHub can benefit from it.

Reported-by: Michal Privoznik <mprivozn@redhat.com>
2017-02-13 13:08:36 +01:00
Ján Tomko
384504f7ba qemu: assign USB port on a selected hub for all devices
Due to a logic error, the autofilling of USB port when a bus is
specified:
    <address type='usb' bus='0'/>
does not work for non-hub devices on domain startup.

Fix the logic in qemuDomainAssignUSBPortsIterator to also
assign ports for USB addresses that do not yet have one.

https://bugzilla.redhat.com/show_bug.cgi?id=1374128
2017-02-13 09:46:15 +01:00
Marc Hartmayer
d6bc7622f0 rpc: Fix potentially segfaults
We have to allocate first and if, and only if, it was successful we
can set the count. A segfault has occurred in
virNetServerServiceNewPostExecRestart() when VIR_ALLOC_N(svc->socks,
n) has failed, but svc->nsocsk = n was already set. Thus
virObejectUnref(svc) was called and therefore it was possible that
virNetServerServiceDispose was called => segmentation fault.  For
safeness NULL pointer check were added in
virNetServerServiceDispose().

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
2017-02-12 15:02:42 -05:00
Roman Bogorodskiy
5620c60959 bhyve: add e1000 nic support
Recently e1000 NIC support was added to bhyve; implement that in
the bhyve driver:

 - Add capability check by analyzing output of the 'bhyve -s 0,e1000'
   command
 - Modify bhyveBuildNetArgStr() to support e1000 and also pass
   virConnectPtr so it could call bhyveDriverGetCaps() to check if this
   NIC is supported
 - Modify command parsing code to add support for e1000 and adjust tests
 - Add net-e1000 test
2017-02-11 06:51:28 +04:00
Nitesh Konkar
ef41eda68a util: Fix indentation for virnetdevmacvlan
Signed-off-by: Nitesh Konkar <nitkon12@linux.vnet.ibm.com>
2017-02-10 14:13:50 -05:00
John Ferlan
4ab0c959e9 libxl: Resolve possible resource leak in dom0 maximum memory setting
If either the "if (STRPREFIX(mem_tokens[j], "max:"))" is never entered
or the "if (virStrToLong_ull(mem_tokens[j] + 4, &p, 10, maxmem) < 0)" break
is hit, control goes back to the outer loop processing 'cmd_tokens' and
it's possible that the 'mem_tokens' would be overwritten.

Found by Coverity
2017-02-10 14:11:04 -05:00
Erik Skultety
b2774db9c2 storage: Fix checking whether source filesystem is mounted
Right now, we use simple string comparison both on the source paths
(mount's output vs pool's source) and the target (mount's mnt_dir vs
pool's target). The problem are symlinks and mount indeed returns
symlinks in its output, e.g. /dev/mappper/lvm_symlink. The same goes for
the pool's source/target, so in order to successfully compare these two
replace plain string comparison with virFileComparePaths which will
resolve all symlinks and canonicalize the paths prior to comparison.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1417203

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-02-10 17:01:12 +01:00
Erik Skultety
875894245a util: Introduce virFileComparePaths
So rather than comparing 2 paths (strings) as they are, which can very
easily lead to unnecessary errors (e.g. in storage driver) that the paths
are not the same when in fact they'd be e.g. just symlinks to the same
location, we should put our best effort into resolving any symlinks and
canonicalizing the path and only then compare the 2 paths for equality.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-02-10 17:01:12 +01:00
Erik Skultety
8fcf6330b6 storage: Fix reporting an error on an already mounted filesystem
When FS pool's source is already mounted on the target location instead
of just simply marking the pool as active, thus starting it we fail with
an error stating that the source is indeed already mounted on the target.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-02-10 17:01:12 +01:00
John Ferlan
e8a35271d4 tests: Link virusbmock with probes
Seeing similar error to commit id '997be5c27' with the inability
to find the libvirt_event_poll_purge_timeout_semaphore symbol
causing a virusbtest failure.
2017-02-10 10:55:26 -05:00
Boris Fiuczynski
d15b29be25 remote generator: Increase upper limit on lists of node devices
On a system with 697 SCSI disks each configured with 8 paths the command
virsh nodedev-list fails with
error: Failed to list node devices
error: internal error: Too many node_devices '16816' for limit '16384'
Increasing the upper limit on lists of node devices from 16K to 64K.

Signed-off-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
2017-02-10 16:05:24 +01:00
Nitesh Konkar
f278a148e2 Mention the min duration for nodesuspend explicitly
Although currently this is documented in virsh man page
and virsh help, the expicit mention in the error message
is helful for tools using the API directly.

Signed-off-by: Nitesh Konkar <nitkon12@linux.vnet.ibm.com>
2017-02-10 09:13:30 -05:00
Michal Privoznik
732629dad3 qemuMonitorCPUModelInfoFree: Don't leak model_info->props
==11846== 240 bytes in 1 blocks are definitely lost in loss record 81 of 107
==11846==    at 0x4C2BC75: calloc (vg_replace_malloc.c:624)
==11846==    by 0x18C74242: virAllocN (viralloc.c:191)
==11846==    by 0x4A05E8: qemuMonitorCPUModelInfoCopy (qemu_monitor.c:3677)
==11846==    by 0x446E3C: virQEMUCapsNewCopy (qemu_capabilities.c:2171)
==11846==    by 0x437335: testQemuCapsCopy (qemucapabilitiestest.c:108)
==11846==    by 0x437CD2: virTestRun (testutils.c:180)
==11846==    by 0x437AD8: mymain (qemucapabilitiestest.c:176)
==11846==    by 0x4397B6: virTestMain (testutils.c:992)
==11846==    by 0x437B44: main (qemucapabilitiestest.c:188)

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-02-10 10:25:44 +01:00
Michal Privoznik
afecfc2bf4 testUSBList: don't leak @dev
==22187== 77 (56 direct, 21 indirect) bytes in 1 blocks are definitely lost in loss record 23 of 37
==22187==    at 0x4C2BC75: calloc (vg_replace_malloc.c:624)
==22187==    by 0x4E75685: virAlloc (viralloc.c:144)
==22187==    by 0x4F0613A: virUSBDeviceNew (virusb.c:332)
==22187==    by 0x4F05BA2: virUSBDeviceSearch (virusb.c:183)
==22187==    by 0x4F05F95: virUSBDeviceFind (virusb.c:296)
==22187==    by 0x403514: testUSBList (virusbtest.c:209)
==22187==    by 0x403BD8: virTestRun (testutils.c:180)
==22187==    by 0x4039E5: mymain (virusbtest.c:285)
==22187==    by 0x4056BC: virTestMain (testutils.c:992)
==22187==    by 0x403A4A: main (virusbtest.c:293)

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-02-10 10:25:44 +01:00
Michal Privoznik
eb58732c01 virusbmock: Link with libvirt_utils
We are using couple of functions from there (e.g. virStrdup) and
rely that the binary linking us has the libvirt_utils linked
already. Well, this makes valgrind sad.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-02-10 10:25:44 +01:00
Michal Privoznik
a9595814ed tests: Trace re-executing processes with valgrind
A lot of our tests re-execute themeselves after loading their
mock library. This, however, makes valgrind sad because currently
we do not tell it to trace the process after exec().

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-02-10 10:25:44 +01:00
Nitesh Konkar
09a91f0528 Fix indentation in datatypes.h
Signed-off-by: Nitesh Konkar <nitkon12@linux.vnet.ibm.com>
2017-02-09 17:31:41 -05:00
Marc Hartmayer
fd98631cf0 remote generator: handle remoteDomainCreateWithFlags()
This commit removes the handcrafted code for
remoteDomainCreateWithFlags() and lets it auto generate.

A little bit of history repeating...
Commit 03d813bbcd removed the auto generation of
remoteDomainCreateWithFlags() because it was thought that the design
flaw in the remote protocol for virDomainCreate is also within the
remote protocol for virDomainCreateWithFlags. As the commit message of
ddaf15d7a3 mentions this is not the case therefore we
can auto generate the client part.

Even worse there was a typo in remoteDomainCreateWithFlags()

'remote_domain_create_with_flags_args ret;' but in fact it has to be
'remote_domain_create_with_flags_ret ret;'.

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
2017-02-09 17:21:15 -05:00
Marc Hartmayer
c26fe44be5 util: reset the counters to zero
After freeing the data structures we have to reset the counters to
zero. This fixes a segmentation fault when virNetDevIPInfoClear is
called twice (e.g. this is possible in virDomainNetDefParseXML() if
virDomainNetIPInfoParseXML(...) fails with ret < 0 (this leads to the
first call of 'virNetDevIPInfoClear(&def->guestIP)') and the resulting
call of virDomainNetDefFree(def) in the error path of
virDomainNetDefParseXML() (this leads to the second call of
virNetDevIPInfoClear(&def->guestIP), and finally to the segmentation
fault).

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
2017-02-09 14:20:42 -05:00
Marc Hartmayer
28dd54a5b9 conf: Fix libvirtd free() segfault if virDomainChrSourceDefNew(...) fails
If virDomainChrSourceDefNew(xmlopt) fails, it will lead to free()ing
the uninitialized pointer bus. The fix for this is to initialize bus
with NULL.

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
2017-02-09 14:18:51 -05:00
Marc Hartmayer
62b2c2fcdd qemu: Check if virQEMUCapsNewCopy(...) has failed
Check if virQEMUCapsNewCopy(...) has failed, thus a segmentation fault
in virQEMUCapsFilterByMachineType(...) will be avoided.

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
2017-02-09 14:08:00 -05:00
David Dai
728c0e5df4 qemu: Fix live migration over RDMA with IPv6
Using libvirt to do live migration over RDMA via IPv6 address failed.

For example:
    rhel73_host1_guest1 qemu+ssh://[deba::2222]/system --verbose
root@deba::2222's password:
error: internal error: unable to execute QEMU command 'migrate': RDMA
ERROR: could not rdma_getaddrinfo address deba

As we can see, the IPv6 address used by rdma_getaddrinfo() has only
"deba" part because we didn't properly enclose the IPv6 address in []
and passed rdma:deba::2222:49152 as the migration URI in
qemuMonitorMigrateToHost.

Signed-off-by: David Dai <zdai@linux.vnet.ibm.com>
2017-02-09 19:47:09 +01:00