Commit Graph

3428 Commits

Author SHA1 Message Date
Michal Privoznik
c3320d6518 virCryptoGenerateRandom: Don't allocate return buffer
To unify our vir*Random() functions we need to make
virCryptoGenerateRandom NOT allocate return buffer. It should
just fill given buffer with random data.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2018-06-05 10:31:19 +02:00
Michal Privoznik
a5865cdbea virCryptoGenerateRandom: Explain gnults error
When generating random stream using gnults fails an error is
reported. However, the error is not helpful as it contains only
an integer error code (a negative number). Use gnutls_strerror()
to turn the error code into a string explaining what went wrong.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2018-06-05 10:31:19 +02:00
Michal Privoznik
d4e66f7639 virCryptoGenerateRandom: rename ret
This function allocates a buffer, fills it in with random bytes
and then returns it. However, the buffer is held in @buf
variable, therefore having @ret variable which does not hold
return value of the function is misleading.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2018-06-05 10:31:19 +02:00
Michal Privoznik
29592788f1 virRandomBytes: Fix return value
In libvirt when a function wants to return an error code it
should be a negative value. Returning a positive value (or zero)
means success. But virRandomBytes() does not follow this rule.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2018-06-05 10:31:19 +02:00
Radostin Stoyanov
4e9d0ad7a0 virFileAccessibleAs: Remove redundant forkRet
The variable forkRet is not used after commit 25f8781

Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 09:18:47 +02:00
Filip Alac
1597e155b2 qemu: hostdev: Move parts of qemuHostdevHostSupportsPassthroughVFIO() into separate function
Signed-off-by: Filip Alac <filipalac@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2018-06-05 08:33:13 +02:00
Peter Krempa
8ac8301366 util: storage: Add helper for determining whether a backing chain requires PR
With blockdev support we will need to introspect whether any of the
backing chain members requires PR rather just one of them. Add a helper
and reuse it in virDomainDefHasManagedPR.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:14:00 +02:00
Peter Krempa
0b9451f9d6 util: storage: remove virStorageSource->tlsVerify
Disks are client-only so we don't need to have this variable. We also
always pass false for 'isListen' to qemuBuildTLSx509BackendProps for all
disk-related code-paths so the 'tlsVerify' is ignored anyways.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:13:59 +02:00
Peter Krempa
d766021c60 qemu: Delete old unused code for adding objects to qemu
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:13:59 +02:00
Peter Krempa
efd32528d0 util: qemu: Introduce helper for formatting command line from new object props
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:13:59 +02:00
Peter Krempa
bf26dd222f qemu: Rename virQEMUBuildObjectCommandlineFromJSON
s/virQEMUBuildObjectCommandlineFromJSON/virQEMUBuildObjectCommandlineFromJSONType/

The function adds the object of a certain type. Change the name so that
we make room for the generic function.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:13:59 +02:00
Ján Tomko
950c46f1a4 util: create virvsock.c
A file for vsock-related helper functions.
virVsockSetGuestCid to set an already-known CID,
virVsockAcquireGuestCid that will use the first available CID

https://bugzilla.redhat.com/show_bug.cgi?id=1291851

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2018-05-29 15:42:03 +02:00
Daniel P. Berrangé
8fe30b2167 log: actually do substring matches with fnmatch
Historically we matched log filters with strstr(), and when switching to
fnmatch in cbb0fd3cfd, it was stated that
we would continue to match substrings, with "foo" being equivalent to
"*foo*". Unfortuntely I forget to provide the code to actually make that
happen. This fixes it to prepend and append "*". We don't bother to
check if the pattern already has a leading/trailing '*', because
"**foo**" will match the same as "*foo*".

Reviewed-by: Erik Skultety <eskultet@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-05-16 17:48:17 +01:00
Ján Tomko
fe8a06798d Remove check for gnutls/crypto.h
Assume its presence for gnutls >= 3.2.

Check introduced by <commit 7d21d6b>.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2018-05-16 10:40:40 +02:00
Ján Tomko
504b4f2669 Fix indentation in virCryptoHaveCipher
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2018-05-16 10:40:40 +02:00
Ján Tomko
fbb07a757b Remove explicit check for gnutls_cipher_encrypt
Introduced in gnutls 2.10, and we assume >= 3.2.

Commit 1ce9c08a added this check.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2018-05-16 10:40:40 +02:00
Ján Tomko
ac9ad77303 Remove explicit check for gnutls_rnd
Introduced in gnutls 2.12, but we require gnutls >= 3.2
Check added by commit <2d23d14>.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2018-05-16 10:40:40 +02:00
Ján Tomko
c25fbbec68 virCryptoHashBuf: return the length of the hash in bytes
virCryptoHashString also needs to know the size of the returned hash.
Return it if the hash conversion succeeded so the caller does not need
to access the hashinfo array.

This should make virCryptoHashString build without gnutls.
Also fixes the missing return value for the virCryptoHashBuf stub.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Suggested-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2018-05-16 10:40:40 +02:00
Peter Krempa
8bebb2b735 util: storage: Store PR manager alias in the definition
Rather than always re-generating the alias store it in the definition
and in the status XML.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2018-05-16 06:32:29 +02:00
Peter Krempa
e31f490458 util: storage: Allow passing <source> also for managed PR case
To allow storing status information in the XML move the validation that
the 'path' is not valid for managed PR daemon case into
qemuDomainValidateStorageSource and allow parsing of the data even in
case when managed='yes'.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2018-05-16 06:32:28 +02:00
Peter Krempa
900fc66121 util: storage: Drop virStoragePRDefIsEnabled
The function now does not do anything useful. Replace it by the pointer
check.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2018-05-16 06:32:28 +02:00
Peter Krempa
e72b3f0bbe util: storage: Drop pointless 'enabled' form PR definition
Everything can be disabled by not using the parent element. There's no
need to store this explicitly. Additionally it does not add any value
since any configuration is dropped if enabled='no' is configured.

Drop the attribute and adjust the code accordingly.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2018-05-16 06:32:28 +02:00
John Ferlan
9629fe258f storage_util: Rename virQEMUBuildLuksOpts
Rename to storageBackendCreateQemuImgOpts - which is what it's doing.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2018-05-15 16:54:58 -04:00
Daniel P. Berrangé
45b98aaaa0 util: fix misleading comment for virObjectLock
It only accepts a virObjecLockable, not a virObjecRWLockable

Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-05-15 18:43:01 +01:00
Shalini Chellathurai Saroja
7224144400 qemu: vfio-ccw device address generation
Introduces the vfio-ccw model for mediated devices and prime vfio-ccw
devices such that CCW address will be generated.

Alters the qemuxml2xmltest for testing a basic mdev device using vfio-ccw.

Signed-off-by: Shalini Chellathurai Saroja <shalini@linux.vnet.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Stefan Zimmermann <stzi@linux.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-05-14 12:27:44 -04:00
Shalini Chellathurai Saroja
2b9690b62d util: virhostdev: add virHostdevIsMdevDevice()
Add the function virHostdevIsMdevDevice() which detects whether a
hostdev is a mediated device or not. Also, replace all existing
conditionals.

Signed-off-by: Shalini Chellathurai Saroja <shalini@linux.vnet.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-05-14 12:12:06 -04:00
Ján Tomko
799011bbe7 vircrypto: Rely on GnuTLS for hash functions
Ditch the use of gnulib's digest functions in favor of GnuTLS,
which might be more likely to get FIPS-certified.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2018-05-14 14:05:21 +02:00
Ján Tomko
0eeedd61a9 Introduce virCryptoHashBuf
A function that keeps the hash in binary form instead of converting
it to human-readable hexadecimal form.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2018-05-14 13:57:45 +02:00
Ján Tomko
95ba1c2f6e vircrypto: provide constants for hash sizes
The callers needing to know the size of the resulting digest
rely on _DIGEST_SIZE constants from gnulib.

Introduce VIR_CRYPTO_HASH_SIZE_ constants to remove the dependency.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2018-05-14 13:55:47 +02:00
Ján Tomko
e8c0558414 virutil.c: do not include stdarg.h
Last functions using it were moved to virfile.c in commit <bfe7721>.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2018-05-14 08:41:58 +02:00
Ján Tomko
d80881db3f virutil.c: do not include ioctl.h
Added by commit 61674cc, but we have started using
set_nonblocking_flag from gnulib in commit da3c4714

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2018-05-14 08:41:49 +02:00
Daniel P. Berrangé
cbb0fd3cfd log: support logging using shell wildcard syntax
Rather than specialcasing handling of the '*' character, use fnmatch()
to get normal shell wildcard syntax, as described in 'man glob(7)'.

To get an indication of the performance impact of using globs instead
of plain string matches, a test program was written. The list of all
260 log categories was extracted from the source. Then a typical log
filters setup was picked by creating an array of the strings "qemu",
"security", "util", "cgroup", "event", "object". Every filter string
was matched against every log category. Timing information showed that
using strstr() this took 8 microseconds, while fnmatch() took 114
microseconds.

IOW, fnmatch is 14 times slower than our existing strstr check. These
numbers show a worst case scenario that will never be hit, because it
is rare that every log category would have data output. The log category
matches are cached, so each category is only checked once no matter how
many log statements are emitted. IOW despite being slower, this will
be lost in the noise and have no consequence on real world logging
performance.

Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-05-11 17:08:06 +01:00
Daniel P. Berrangé
4a239d1509 log: rename virLogFlags to virLogFilterFlags to match docs
Reviewed-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-05-11 17:06:55 +01:00
Michal Privoznik
ebad530e9f virbuffer: Set child buffer indent properly
There's this macro virBufferSetChildIndent which sets offset of
child buffer from given parent buffer. However, it is calling
virBufferAdjustIndent() which only adds adjustment instead of
calling virBufferSetIndent() which clears out any adjustment
previously set.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-05-11 17:04:12 +02:00
Ján Tomko
50b4e9afe2 virJSONValue: remove unused 'protect' property
The last usage was removed by commit <167028e>

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2018-05-11 13:23:06 +02:00
Michal Privoznik
d13179fe8d qemu_cgroup: Allow /dev/mapper/control for PR
Just like in previous commit, qemu-pr-helper might want to open
/dev/mapper/control under certain circumstances. Therefore we
have to allow it in cgroups.

The change virdevmapper.c might look spurious but it isn't. After
6dd84f6850 any path that we're allowing in deivces CGroup is
subject to virDevMapperGetTargets() inspection. And libdevmapper
returns ENXIO for the path from subject.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-05-11 09:02:56 +02:00
Michal Privoznik
13fe558fb4 qemu: Generate pr cmd line at startup
For command line we need two things:

1) -object pr-manager-helper,id=$alias,path=$socketPath
2) -drive file.pr-manager=$alias

In -object pr-manager-helper we tell qemu which socket to connect
to, then in -drive file-pr-manager we just reference the object
the drive in question should use.

For managed PR helper the alias is always "pr-helper0" and socket
path "${vm->priv->libDir}/pr-helper0.sock".

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-05-11 09:02:56 +02:00
Michal Privoznik
c7c9dea0a0 qemuDomainDiskChangeSupported: Deny changing reservations
Couple of reasons for that:

a) there's no monitor command to change path where the pr-helper
connects to, or
b) there's no monitor command to introduce a new pr-helper for a
disk that already exists.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-05-11 09:02:56 +02:00
Michal Privoznik
687730540e virstoragefile: Introduce virStoragePRDef
This is a definition that holds information on SCSI persistent
reservation settings. The XML part looks like this:

  <reservations enabled='yes' managed='no'>
    <source type='unix' path='/path/to/qemu-pr-helper.sock' mode='client'/>
  </reservations>

If @managed is set to 'yes' then the <source/> is not parsed.
This design was agreed on here:

https://www.redhat.com/archives/libvir-list/2017-November/msg01005.html

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-05-11 09:02:56 +02:00
John Ferlan
4a3d6ed5ee util: Clean up consumers of virJSONValueArraySize
Rather than have virJSONValueArraySize return a -1 when the input
is not an array and then splat an error message, let's check for
an array before calling and then change the return to be a size_t
instead of ssize_t.

That means using the helper virJSONValueIsArray as well as using a
more generic error message such as "Malformed <something> array".
In some cases we can remove stack variables and when we cannot,
those variables should be size_t not ssize_t. Alter a few references
of if (!value) to be if (value == 0) instead as well.

Some callers can already assume an array is being worked on based
on the previous call, so there's less to do.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-05-10 14:59:15 -04:00
Peter Krempa
74fad50de4 util: file: Fix usage of STRPREFIX in virFileIsCDROM
STRPREFIX takes only two arguments, but the code it was adapted from
used function with 3 arguments.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2018-05-07 17:12:26 +02:00
Peter Krempa
e5dc760d0c qemu: domain: Store whether a virStorageSource is a host CDROM drive
Use virFileIsCDROM to detect whether a block device is a cdrom drive and
store it in virStorageSource. This will be necessary to correctly create
the 'host_cdrom' backend in qemu when using -blockdev.

We assume that host_cdrom makes only sense when used directly as a raw
image, but if a backing chain would be put in front of it, libvirt will
use 'host_device' in that case.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-05-07 15:22:30 +02:00
Peter Krempa
f3282d1f9b util: file: Add helper to determine whether a path is a CDROM
Add detection mechanism which will allow to check whether a path to a
block device is a physical CDROM drive. This will be useful once we will
need to pass it to hypervisors.

The linux implementation uses an ioctl to do the detection, while the
fallback uses a simple string prefix match.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-05-07 15:17:06 +02:00
Peter Krempa
a33a3b1006 util: file: Use only one #ifdef for __linux__
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-05-07 15:07:33 +02:00
Peter Krempa
043b9069c5 utils: storage: Mark that a virStorageSource is going to be used as a floppy
Add a flag denoting that a virStorageSource is going to be used as a
floppy image. This will be useful in cases where the user passes in
files which shall be exposed as an image to the guest.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-05-07 14:52:43 +02:00
Peter Krempa
d302b5896e util: storage: Add shadow copies of few disk properties to virStorageSource
Few things which are currently stored the virDomainDiskDef structure are
actually relevant for the storage source as well. Add the fields with a
note that they are just mirror of the values from the disk.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-05-07 14:47:43 +02:00
Peter Krempa
3817fa10c4 storage: Properly track that backing chain members are readonly
Everything besides the top of the chain is readonly. Track this when
parsing the XML and detecting the chain from the disk. Also fix the
state when taking snapshots.

All other cases where the top image is changed already preserve the
readonly state from the original image.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-05-07 14:41:20 +02:00
Andrea Bolognani
00d465bb4d syntax-check: Prohibit canonicalize_file_name()
We want to make sure our wrapper is used instead in order
to keep the test suite working.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-05-03 18:23:30 +02:00
Andrea Bolognani
4267393198 all: Use virFileCanonicalizePath() instead of canonicalize_file_name()
The latter is impossible to mock on platforms that use the
gnulib implementation, such as FreeBSD, while the former
doesn't suffer from this limitation.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-05-03 18:23:30 +02:00
Andrea Bolognani
026606caf2 util: Introduce virFileCanonicalizePath()
It's a trivial wrapper around canonicalize_file_name(),
which we need in order to fully mock file access on non-Linux
platforms.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-05-03 18:23:29 +02:00