Commit Graph

15194 Commits

Author SHA1 Message Date
Michal Privoznik
c63b088035 Revert "lxc: ensure setns() syscall is defined"
After my previous commit this commit is no longer needed.

This reverts commit eff95ac8fc.
2015-08-27 15:05:52 +02:00
Michal Privoznik
692e9fac75 lxc_container: Turn lxcAttachNS into calling virProcessSetNamespaces
Now that virProcessSetNamespaces() does accept FD list in the
correct format, we can simply turn lxcAttachNS into calling
virProcessSetNamespaces().

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-08-27 15:05:52 +02:00
Michal Privoznik
fb0ef0d511 libvirt_lxc: Claim success for --help
So far, if libvirt_lxc binary (usually to be found under
/usr/libexec/) is run with --help, due to a missing line
and our usual functions pattern, an 'uknown' error is returned.
Yeah, the help is printed out, but we should not claim error.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-08-27 15:05:51 +02:00
Michal Privoznik
ea0486873e util: Allow virProcessSetNamespaces() to have sparse FD list
So far, the virProcessSetNamespaces() takes an array of FDs that
it tries to set namespace on. However, in the very next commit
this array may be sparse, having some -1's in it. Teach the
function to cope with that.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-08-27 15:05:51 +02:00
Michal Privoznik
52970dec5b virt-aa-helper: Improve valid_path
So, after some movement in virt-aa-helper, I've noticed the
virt-aa-helper-test failing. I've ran gdb (it took me a while to
realize how to do that) and this showed up immediately:

  Program received signal SIGSEGV, Segmentation fault.
  strlen () at ../sysdeps/x86_64/strlen.S:106
  106     ../sysdeps/x86_64/strlen.S: No such file or directory.
  (gdb) bt
  #0  strlen () at ../sysdeps/x86_64/strlen.S:106
  #1  0x0000555555561a13 in array_starts_with (str=0x5555557ce910 "/tmp/tmp.6nI2Fkv0KL/1.img", arr=0x7fffffffd160, size=-1540438016) at security/virt-aa-helper.c:525
  #2  0x0000555555561d49 in valid_path (path=0x5555557ce910 "/tmp/tmp.6nI2Fkv0KL/1.img", readonly=false) at security/virt-aa-helper.c:617
  #3  0x0000555555562506 in vah_add_path (buf=0x7fffffffd3e0, path=0x5555557cb910 "/tmp/tmp.6nI2Fkv0KL/1.img", perms=0x555555581585 "rw", recursive=false) at security/virt-aa-helper.c:823
  #4  0x0000555555562693 in vah_add_file (buf=0x7fffffffd3e0, path=0x5555557cb910 "/tmp/tmp.6nI2Fkv0KL/1.img", perms=0x555555581585 "rw") at security/virt-aa-helper.c:854
  #5  0x0000555555562918 in add_file_path (disk=0x5555557d4440, path=0x5555557cb910 "/tmp/tmp.6nI2Fkv0KL/1.img", depth=0, opaque=0x7fffffffd3e0) at security/virt-aa-helper.c:931
  #6  0x00007ffff78f18b1 in virDomainDiskDefForeachPath (disk=0x5555557d4440, ignoreOpenFailure=true, iter=0x5555555628a6 <add_file_path>, opaque=0x7fffffffd3e0) at conf/domain_conf.c:23286
  #7  0x0000555555562b5f in get_files (ctl=0x7fffffffd670) at security/virt-aa-helper.c:982
  #8  0x0000555555564100 in vahParseArgv (ctl=0x7fffffffd670, argc=5, argv=0x7fffffffd7e8) at security/virt-aa-helper.c:1277
  #9  0x00005555555643d6 in main (argc=5, argv=0x7fffffffd7e8) at security/virt-aa-helper.c:1332

So I've taken look at valid_path() because it is obviously
calling array_starts_with() with malformed @size. And here's the
result: there are two variables to hold the size of three arrays
and their value is recalculated before each call of
array_starts_with(). What if we just use three variables,
initialize them and do not touch them afterwards?

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-08-27 15:05:25 +02:00
John Ferlan
dd25b5a793 lxc: Resolve Coverity RESOURCE_LEAK
Commit id 'c27553b6e' added a return -1 in a failure path without
the necessary VIR_FREE(stack)
2015-08-27 07:10:20 -04:00
Luyao Huang
8f8031df19 qemu: Emit correct audit message for memory hot unplug
https://bugzilla.redhat.com/show_bug.cgi?id=1226234#c3

If the qemu monitor fails to remove the memory from the guest for
any reason, the auditlog message will incorrectly use the current
actual memory (via virDomainDefGetMemoryActual) instead of the
value we were attempting to reduce to. The result is the 'new-mem'
and 'old-mem' values for the auditlog message would be identical.

This patch creates a local 'newmem' which accounts for the current
memory size minus the memory which is being removed. NB, for the
success case this results in the same value that would be returned
by virDomainDefGetMemoryActual without the need to do the math. This
follows the existing code which would subtract the size for cur_balloon.

Signed-off-by: Luyao Huang <lhuang@redhat.com>
2015-08-26 17:47:49 -04:00
Luyao Huang
cb1fbda4a1 qemu: Emit correct audit message for memory hot plug
https://bugzilla.redhat.com/show_bug.cgi?id=1226234#c3

Prior to this patch, after successfully hot plugging memory
the audit log indicated that the update failed, e.g.:

type=VIRT_RESOURCE ... old-mem=1024000 new-mem=1548288 \
exe="/usr/sbin/libvirtd" hostname=? addr=? terminal=pts/2 res=failed

This patch will adjust where virDomainAuditMemory is called to
ensure the proper 'ret' value is used based on success or failure.

Additionally, the audit message should include the size of the
memory we were attempting to change to rather than the current
actual size. On failure to add, the message showed the same value
for old-mem and new-mem.

In order to do this, introduce a 'newmem' local which will compute
the new size based on the oldmem size plus the size of memory we
are about to add. NB: This would be the same as calling the
virDomainDefGetMemoryActual again on success, but avoids the
overhead of recalculating. Plus cur_balloon is already adjusted
by the same value, so this follows that.

Signed-off-by: Luyao Huang <lhuang@redhat.com>
2015-08-26 17:47:49 -04:00
Moshe Levi
6f2a0198e9 utils: Remove the logging of errors from virNetDevSendEthtoolIoctl
This patch remove the logging of errors of ioctl api and instead
let the caller to choose what errors to log
2015-08-26 17:11:27 -04:00
Laine Stump
108d591b11 hostdev: skip ACS check when using VFIO for device assignment
The ACS checks are meaningless when using the more modern VFIO driver
for device assignment since VFIO has its own more complete and exact
checks, but I didn't realize that when I added support for VFIO. This
patch eliminates the ACS check when preparing PCI devices for
assignment if VFIO is being used.

This resolves:

  https://bugzilla.redhat.com/show_bug.cgi?id=1256486
2015-08-26 14:07:01 -04:00
Daniel P. Berrange
eff95ac8fc lxc: ensure setns() syscall is defined
Older versions of glibc don't provide the setns() syscall
function wrapper, so we must define it ourselves to prevent
build failure on old distros.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-08-26 15:53:16 +01:00
Peter Kieser
91fdcefa7f virt-aa-helper: add NVRAM store file for read/write
This is a cryptographically signed message in MIME format.

Some UEFI firmwares may want to use a non-volatile memory to store some
variables.
If AppArmor is enabled, and NVRAM store file is set currently
virt-aa-helper does
not add the NVRAM store file to the template. Add this file for
read/write when
this functionality is defined in domain XML.

Signed-off-by: Peter Kieser <peter@kieser.ca>
2015-08-26 16:25:44 +02:00
ik.nitk
c27553b6e2 lxc: Inherit namespace feature
This patch adds feature for lxc containers to inherit namespaces.
This is very similar to what lxc-tools or docker provides.  Look
for "man lxc-start" and you will find that you can pass command
args as [ --share-[net|ipc|uts] name|pid ]. Or check out docker
networking option in which you can give --net=container:NAME_or_ID
as an option for sharing +namespace.

>From this patch you can add extra libvirt option to share
namespace in following way.

 <lxc:namespace>
   <lxc:sharenet type='netns' value='red'/>
   <lxc:shareipc type='pid' value='12345'/>
   <lxc:shareuts type='name' value='container1'/>
 </lxc:namespace>

The netns option is specific to sharenet. It can be used to
inherit from existing network namespace.

Co-authored: Daniel P. Berrange <berrange@redhat.com>
2015-08-26 11:28:30 +01:00
Martin Kletzander
f674dc6794 qemu: Label correct per-VM path when starting
Commit f1f68ca334 overused mdir_name()
event though it was not needed in the latest version, hence labelling
directory one level up in the tree and not the one it should.

If anyone with SElinux managed to try run a domain with guest agent set
up, it's highly possible that they will need to run 'restorecon -F
/var/lib/libvirt/qemu/channel/target' to fix what was done.

Reported-by: Luyao Huang <lhuang@redhat.com>
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-08-26 10:44:14 +02:00
Luyao Huang
bf2788218a qemu: Update blkio.weight value after successful set
https://bugzilla.redhat.com/show_bug.cgi?id=1253107

Make a call virCgroupGetBlkioWeight to re-read blkio.weight right
after it is set in order to keep internal data up-to-date.

Signed-off-by: Luyao Huang <lhuang@redhat.com>
2015-08-25 16:20:39 -04:00
Vasiliy Tolstov
bbc705d130 Eliminate incorrect and unnecessary check for changed IP address
Commit aa2cc7 modified a previously unnecessary but innocuous check
for interface IP address during interface update incorrectly, causing
all attempted updates (e.g. changing link state) to interfaces of
type='ethernet' for QEMU to fail.

This patch fixes the issue by completely removing the check for IP
address, which is pointless since QEMU doesn't support setting
interface IP addresses from the domain interface XML anyway.

Signed-off-by: Vasiliy Tolstov <v.tolstov@selfip.ru>
Signed-off-by: Laine Stump <laine@laine.org>
2015-08-24 10:23:40 -04:00
Tomas Meszaros
6c2702eddf virDomainRename: Extend API documentation
Signed-off-by: Tomas Meszaros <exo@tty.sk>
2015-08-24 15:20:35 +02:00
Luyao Huang
c8e5177303 qemu: add a check for nodeset in qemuDomainSetNumaParamsLive
We will try to set the node to cpuset.mems without check if
it is available, since we already have helper to check this.
Call virNumaNodesetIsAvailable to check if node is available,
then try to change it in the cgroup.

Signed-off-by: Luyao Huang <lhuang@redhat.com>
2015-08-24 15:20:35 +02:00
Guido Günther
4d4c90dfd5 selinux: fix compile errors
Remove unused variable, tag unused parameter and adjust return type.

introduced by 3f48345f7e

CC     security/libvirt_security_manager_la-security_selinux.lo
security/security_selinux.c: In function 'virSecuritySELinuxDomainSetDirLabel':
security/security_selinux.c:2520:5: error: return makes pointer from integer without a cast [-Werror]
security/security_selinux.c:2514:9: error: unused variable 'ret' [-Werror=unused-variable]
security/security_selinux.c:2509:59: error: unused parameter 'mgr' [-Werror=unused-parameter]
2015-08-24 14:15:12 +02:00
Guido Günther
269d39afe5 storage: only run safezero if allocation is > 0
While a zero allocation in safezero should be fine it isn't when we use
posix_fallocate which returns EINVAL on a zero allocation.

While we could skip the zero allocation in safezero_posix_fallocate it's
an optimization to do it for all allocations.

This fixes vm installation via virtinst for me which otherwise aborts
like:

   Starting install...
   Retrieving file linux...               | 5.9 MB     00:01 ...
   Retrieving file initrd.gz...           |  29 MB     00:07 ...
   ERROR    Couldn't create storage volume 'virtinst-linux.sBgds4': 'cannot fill file '/var/lib/libvirt/boot/virtinst-linux.sBgds4': Invalid argument'

The error was introduced by e30297b0 as spotted by Chunyan Liu
2015-08-24 13:51:44 +02:00
intrigeri
2f01cfdf05 virt-aa-helper: allow access to /usr/share/ovmf/
We forbid access to /usr/share/, but (at least on Debian-based systems)
the Open Virtual Machine Firmware files needed for booting UEFI virtual
machines in QEMU live in /usr/share/ovmf/. Therefore, we need to add
that directory to the list of read only paths.

A similar patch was suggested by Jamie Strandboge <jamie@canonical.com>
on https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1483071.
2015-08-24 13:00:39 +02:00
Guido Günther
d25a5e087a virt-aa-helper: Simplify restriction logic
First check overrides, then read only files then restricted access
itself.

This allows us to mark files for read only access whose parents were
already restricted for read write.

Based on a proposal by Martin Kletzander
2015-08-24 13:00:39 +02:00
Guido Günther
26c5fa3a9b virt-aa-helper: document --probing and --dry-run 2015-08-24 13:00:39 +02:00
Martin Kletzander
f1f68ca334 qemu: Fix access to auto-generated socket paths
We are automatically generating some socket paths for domains, but all
those paths end up in a directory that's the same for multiple domains.
The problem is that multiple domains can each run with different
seclabels (users, selinux contexts, etc.).  The idea here is to create a
per-domain directory labelled in a way that each domain can access its
own unix sockets.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1146886

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-08-24 11:53:17 +02:00
Martin Kletzander
f4c60dfbf2 security_dac: Add SetDirLabel support
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-08-24 11:53:17 +02:00
Martin Kletzander
3f48345f7e security_selinux: Add SetDirLabel support
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-08-24 11:53:17 +02:00
Martin Kletzander
99cf04e32d security_stack: Add SetDirLabel support
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-08-24 11:53:17 +02:00
Martin Kletzander
f65a2a12f4 security: Add virSecurityDomainSetDirLabel
That function can be used for setting security labels on arbitrary
directories.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-08-24 11:53:17 +02:00
Martin Kletzander
7b6953bc22 security_dac: Label non-listening sockets
SELinux security driver already does that, but DAC driver somehow missed
the memo.  Let's fix it so it works the same way.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-08-24 11:53:17 +02:00
Martin Kletzander
4ac6ce38d3 security_selinux: Use proper structure to access socket data
In virSecuritySELinuxSetSecurityChardevLabel() we are labelling unix
socket path, but accessing another structure of the union.  This does
not pose a problem currently as both paths are at the same offset, but
this should be fixed for the future.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-08-24 11:53:17 +02:00
Erik Skultety
f08b1c58f3 locking: Remove redundant 'srv' element from virLockDaemon
Now that we have virNetDaemon object holding all the data and being
capable of referencing multiple servers, having a duplicate reference to
a single server stored in virLockDaemon isn't necessary anymore. This
patch removes the above described element.
2015-08-24 10:37:12 +02:00
Andrea Bolognani
5750149fed cpu: Move check for NULL CPU model inside the driver
While the check is appropriate for eg. the x86 and generic drivers,
there are some valid ppc64 guest configurations where the CPU
model is supposed to be NULL.

Moving this check from the generic code to the drivers makes it
possible to accomodate both use cases.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1251927
2015-08-21 15:42:38 -07:00
Andrea Bolognani
2f913162ed cpu: Better support for ppc64 compatibility modes
Not all combinations of host CPU models and compatibility modes
are valid, so we need to make sure we don't try to do something
that QEMU will reject.

Moreover, we need to apply a different logic to guests using
host-model and host-passthrough modes when testing them for host
compatibility.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1251927
2015-08-21 15:42:33 -07:00
Andrea Bolognani
6d7c2f65c1 cpu: Don't update host-model guest CPUs on ppc64
If a guest CPU is defined using

  <cpu mode='host-model'/>

the <model> sub-element will contain the compatibility mode to use.
That means we can't just copy the host CPU model on cpuUpdate(),
otherwise we'll overwrite that information and migration of such
guests will fail.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1251927
2015-08-21 14:51:31 -07:00
John Ferlan
cb5d0193aa conf: Check for attach disk usage of iothread=0
Since iothreadid = 0 is invalid, we need to check for it when attempting
to add a disk; otherwise, someone would think/believe their attempt to
add an IOThread to the disk would succeed. Luckily other code ignored
things when ->iothread == 0...
2015-08-20 12:10:21 -04:00
Guido Günther
a2c5d16a70 libvirt-admin: Generate symbols file
Since we're linking this into libvirtd we need some symbols to be public
but not part of the public API so mark them as
LIBVIRT_ADMIN_PRIVATE_<VERSION> as we do with libvirt.

Making all other symbols local makes sure we don't accidentally leak
unwanted ones.
2015-08-20 10:19:27 +02:00
Roman Bogorodskiy
46550cde0f util: fix build without cgroup
Commit 89c509a0 added getters for cgroup block device I/O throttling,
however stub versions of these functions have not matching function
prototypes that result in compilation fail on platforms not supporting
cgroup.

Fix build by correcting prototypes of the stubbed functions.

Pushing under build-breaker rule.
2015-08-20 09:42:56 +03:00
Cao jin
d0fbaf16cc virconf: correct code formatting
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2015-08-20 01:41:28 +02:00
Cao jin
4cbeb48713 virConfWalk: fix the inconsistent name
Fix inconsistency between function description and actual
parameter name.

Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
2015-08-20 01:03:42 +02:00
Martin Kletzander
c7596cf0e0 qemu: Report better error message when renaming to existing domain name
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-08-19 14:13:06 -07:00
Martin Kletzander
7b5acf9461 qemu: Sync BlkioDevice values when setting them in cgroups
The problem here is that there are some values that kernel accepts, but
does not set them, for example 18446744073709551615 which acts the same
way as zero.  Let's do the same thing we do with other tuning options
and re-read them right after they are set in order to keep our internal
structures up-to-date.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1165580

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-08-18 16:27:43 -07:00
Martin Kletzander
4563c59b5b lxc: Sync BlkioDevice values when setting them in cgroups
The problem here is that there are some values that kernel accepts, but
does not set them, for example 18446744073709551615 which acts the same
way as zero.  Let's do the same thing we do with other tuning options
and re-read them right after they are set in order to keep our internal
structures up-to-date.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-08-18 16:27:43 -07:00
Martin Kletzander
89c509a0c1 util: Add getters for cgroup block device I/O throttling
Since now they were not needed, but I sense they will be in a short
while.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-08-18 16:25:16 -07:00
Martin Kletzander
ea9db906fc util: Add virCgroupGetBlockDevString
This function translates device paths to "major:minor " string, and all
virCgroupSetBlkioDevice* functions are modified to use it.  It's a
cleanup with no functional change.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-08-18 16:16:38 -07:00
Martin Kletzander
1fe69c4656 util: Add virStringGetFirstWithPrefix
That function takes string list and returns first string in that list
that starts with the @prefix parameter with that prefix being skipped as
the caller knows what it starts with (also for easier manipulation in
future).

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-08-18 16:16:37 -07:00
Michal Privoznik
ed4da64657 qemuDomainRename: Don't leave a domain locked uppon fail
Well, yet again one case of 'goto cleanup' while 'goto endjob'
was needed. Sorry.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-08-18 20:42:44 +02:00
John Ferlan
32c6b1908b qemu: Add check for invalid iothread_id in qemuDomainChgIOThread
https://bugzilla.redhat.com/show_bug.cgi?id=1251886

Since iothread_id == 0 is an invalid value for QEMU let's point
that out specifically.  For the IOThreadDel code, the failure would
have ended up being a failure to find the IOThread ID; however, for
the IOThreadAdd code - an IOThread 0 was added and that isn't good.

It seems during many reviews/edits to the code the check for
iothread_id = 0 being invalid was lost - it could have originally
been in the API code, but requested to be moved - I cannot remember.
2015-08-18 14:36:21 -04:00
John Ferlan
53058e11aa api: Adjust comment for virDomainAddIOThread
The comment for the function indicated that iothread_id had to be
a positive non-zero value; however, that wasn't checked - that is
a value of 0 is/was allowed by the API and was left up to the
hypervisor to reject the value.

More than likely this nuance was missed during the many "adjustments"
to the API in the review phase.
2015-08-18 14:36:21 -04:00
John Ferlan
d64b81a8f0 api: Remove check on iothread_id arg in virDomainPinIOThread
Allow 0 as an iothread_id and force the hypervisor to handle.
The qemuDomainPinIOThread API will look up the iothread_id of
0 and not find it and message that anyway.
2015-08-18 14:36:21 -04:00
Luyao Huang
4153a74105 qemuDomainAddCgroupForThread: Don't overwrite the error
Just like in commit 704cf06, if virCgroup*() fails, the error is
already reported. There's no need to overwrite the error with a
generic one and possibly hiding the true root cause of the error.

Signed-off-by: Luyao Huang <lhuang@redhat.com>
2015-08-18 19:53:58 +02:00
Cao jin
d5d710a199 virconf: fix the inconsistent name
Fix inconsistency between function description and actual
parameter name in virConfGetValue/virConfSetValue.

Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
2015-08-18 19:42:49 +02:00
Eric Blake
0a617b53d4 build: fix mingw build
Ever since commit e44b0269, 64-bit mingw compilation fails with:

../../src/util/virprocess.c: In function 'virProcessGetPids':
../../src/util/virprocess.c:628:50: error: passing argument 4 of 'virStrToLong_i' from incompatible pointer type [-Werror=incompatible-pointer-types]
         if (virStrToLong_i(ent->d_name, NULL, 10, &tmp_pid) < 0)
                                                  ^
In file included from ../../src/util/virprocess.c:59:0:
../../src/util/virstring.h:53:5: note: expected 'int *' but argument is of type 'pid_t * {aka long long int *}'
 int virStrToLong_i(char const *s,
     ^
cc1: all warnings being treated as errors

Although mingw won't be using this function, it does compile the
file, and the fix is relatively simple.

* src/util/virprocess.c (virProcessGetPids): Don't assume pid_t
fits in int.

Signed-off-by: Eric Blake <eblake@redhat.com>
2015-08-17 16:03:40 -07:00
Michal Privoznik
0ace4d985a qemuDomainRename: Explicitly check if domain is renaming to itself
It may happen that user (mistakenly) wants to rename a domain to
itself. Which is no renaming at all. We should reject that with
some meaningful error message.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-08-17 23:41:17 +02:00
Michal Privoznik
1dc2587224 virHashAddEntry: Report error on duplicate key
If this function fails, the error message is reported only in
some cases (e.g. OOM), but in some it's not (e.g. duplicate key).
This fact is painful and we should either not report error at all
or report the error in all possible cases. I vote for the latter.
Unfortunately, since the key may be an arbitrary value (not
necessarily a string) we can't report it in the error message.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-08-17 23:34:08 +02:00
Michal Privoznik
890676d26b virHashAddOrUpdateEntry: Turn @new_name into void *
In 9190f0b0 we've tried to fix an OOM. And boy, was that fix
successful. But back then, the hash table implementation worked
strictly over string keys, which is not the case anymore. Hash
table have this function keyCopy() which returns void *.
Therefore a local variable that is temporarily holding the
intermediate return value from that function should be void *
too.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-08-17 23:25:01 +02:00
Luyao Huang
2b3fb38fab libvirt-domain: forbid use virDomainRename in readonly connection
This function will change the guest name, we shouldn't
allow the readonly user do this.

Signed-off-by: Luyao Huang <lhuang@redhat.com>
2015-08-17 12:43:17 -04:00
John Ferlan
c4cfc0d037 qemu: Resolve Coverity UNINIT
Coverity complained that 'vm' wasn't initialized before jumping to
cleanup: and calling virDomainObjEndAPI if the VIR_STRDUP fails.
So I initialized vm = NULL and also moved the VIR_STRDUP closer to
usage and used endjob for goto. Lots of other reasons for failures.
2015-08-15 15:53:26 -04:00
Martin Kletzander
e4c8b67024 protocol: Don't use rename as a variable name
That causes shadowing errors on older compilers.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-08-15 17:15:33 +02:00
Erik Skultety
834c5720e4 tools: Introduce new client generic module vsh
In order to share as much virsh' logic as possible with upcomming
virt-admin client we need to split virsh logic into virsh specific and
client generic features.

Since majority of virsh methods should be generic enough to be used by
other clients, it's much easier to rename virsh specific data to virshX
than doing this vice versa. It moved generic virsh commands (including info
and opts structures) to generic module vsh.c.

Besides renaming methods and structures, this patch also involves introduction
of a client specific control structure being referenced as private data in the
original control structure, introduction of a new global vsh Initializer,
which currently doesn't do much, but there is a potential for added
functionality in the future.
Lastly it introduced client hooks which are especially necessary during
client connecting phase.
2015-08-14 15:45:44 +02:00
Tomas Meszaros
b5d63e997b qemu: Implement virDomainRename
Currently supports only renaming inactive domains without snapshots.

Signed-off-by: Tomas Meszaros <exo@tty.sk>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-08-14 10:50:20 +02:00
Tomas Meszaros
28257dc2be domain_conf: Introducde virDomainObjListRenameAddNew() & virDomainObjListRenameRemove()
We just need to update the entry in the second hash table. Since commit 8728a56
we have two hash tables for the domain list so that we can do O(1) lookup
regardless of looking up by UUID or name. Since with renaming a domain UUID does
not change, we only need to update the second hash table, where domains are
referenced by their name.

We will call both functions from the qemuDomainRename().

Signed-off-by: Tomas Meszaros <exo@tty.sk>
2015-08-14 10:50:20 +02:00
Tomas Meszaros
9f7a559a6d Introduce virDomainRename API
Also, among with this new API new ACL that restricts rename
capability is invented too.

Signed-off-by: Tomas Meszaros <exo@tty.sk>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-08-14 10:50:20 +02:00
Guido Günther
0e4972fe48 Detect location of qemu-bridge-helper
RedHat and Debian based distros use different locations

Reference: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790935
2015-08-13 21:31:55 +02:00
Guido Günther
151ba02293 Check if qemu-bridge-helper exists and is executable
Otherwise the error is just

    error: Failed to create domain from test1.xml
    error: failed to retrieve file descriptor for interface: Transport endpoint is not connected

since we don't get a sensible error after the fork.
2015-08-13 21:31:54 +02:00
John Ferlan
11d571470a conf: Remove 'vmdef' from virDomainHostdevDefParseXML
Since it's not used, let's remove it to avoid any future usage.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2015-08-13 11:40:21 -04:00
Martin Kletzander
776924e376 qemu: Use numad information when getting pin information
Pinning information returned for emulatorpin and vcpupin calls is being
returned from our data without querying cgroups for some time.  However,
not all the data were utilized.  When automatic placement is used the
information is not returned for the calls mentioned above.  Since the
numad hint in private data is properly saved/restored, we can safely use
it to return true information.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1162947

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-08-13 15:06:06 +02:00
Martin Kletzander
8ce86722d7 qemu: Keep numad hint after daemon restart
The numad hint stored in priv->autoNodeset is information that gets lost
during daemon restart.  And because we would like to use that
information in the future, we also need to save it in the status XML.
For the sake of tests, we need to initialize nnumaCell_max to some
value, so that the restoration doesn't fail in our test suite.  There is
no need to fill in the actual numa cell data since the recalculating
function virCapabilitiesGetCpusForNodemask() will not fail, it will just
skip filling the data in the bitmap which we don't use in tests anyway.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-08-13 15:06:06 +02:00
Martin Kletzander
7c8028cda9 conf: Pass private data to Parse function of XML options
This needs a reorder of XML option definitions.  It might come in handy
one day.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-08-13 15:06:06 +02:00
Martin Kletzander
92ddffdbd3 qemu: Fix segfault when parsing private domain data
When parsing private domain data, there are two paths that are flawed.
They are both error paths, just from different parts of the function.
One of them can call free() on an uninitialized pointer.  Initialization
to NULL is enough here.  The other one is a bit trickier to explain, but
as easy as the first one to fix.  We create capabilities, parse them and
then assign them into the private data pointer inside the domain object.
If, however, we get to fail from now on, the error path calls unrefs the
capabilities and then, when the domain object is being cleaned,
qemuDomainObjPrivateFree() tries to unref them as well.  That causes a
segfault.  Settin the pointer to NULL upon successful addition to the
private data is enough.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-08-13 15:06:06 +02:00
John Ferlan
1b08cc170a conf: Check for hostdev conflicts when assign default disk address
https://bugzilla.redhat.com/show_bug.cgi?id=1210587  (completed)

When generating the default drive address for a SCSI <disk> device,
check the generated address to ensure it doesn't conflict with a SCSI
<hostdev> address. The <disk> address generation algorithm uses the
<target> "dev" name in order to determine which controller and unit
in order to place the device. Since a SCSI <hostdev> device doesn't
require a target device name, its placement on the guest SCSI address
"could" conflict.  For instance, if a SCSI <hostdev> exists at
controller=0 unit=0 and an attempt to hotplug 'sda' into the guest
made, there would be a conflict if the <hostdev> is already using
/dev/sda.
2015-08-12 16:09:05 -04:00
John Ferlan
d6ea4adbfc conf: Create locals for virDomainDiskDefAssignAddress
Create local controller/bus variables to be used by a future patch
2015-08-12 16:09:04 -04:00
John Ferlan
8d46386bfe conf: Add SCSI hostdev check for disk drive address already in use
https://bugzilla.redhat.com/show_bug.cgi?id=1210587  (partial)

If a SCSI subsystem <hostdev> element address is provided, we need to
make sure the address provided doesn't conflict with an existing or
libvirt generated address for a SCSI <disk> element. We can handle
this condition in device post processing since we're not generating an
address based on some target name - rather it's either generated based
on space or provided from the user. If the user provides one that conflicts,
then we need to disallow the change.

This will fix the issue where the domain XML provided an <address> for
the <hostdev>, but not the <disk> element where the address provided
ends up being the same address used for the <disk>. A <disk> address
is generated using it's assigned <target> 'dev' name prior to the
check/validation of the <hostdev> address value.
2015-08-12 15:40:00 -04:00
Frank Schreuder
69a3b0df2d Drive hot-unplug: reliable parsing of HMP results
Hot-unplugging a disk from a guest that supports hot-unplugging generates an error
in the libvirt log when running QEMU with the "-msg timestamp=on" flag.

2015-08-06 10:48:59.945+0000: 11662: error : qemuMonitorTextDriveDel:2594 :
operation failed: deleting drive-virtio-disk4 drive failed:
2015-08-06T10:48:59.945058Z Device 'drive-virtio-disk4' not found

This error is caused because the HMP results are getting prefixed with a timestamp.
Parsing the output is not reliable with STRPREFIX as the results can be prefixed with a timestamp.

Using strstr ensures that parsing the output works whether the results are prefixed or not.

Cc: Stefan Hajnoczi <stefanha@redhat.com>
Cc: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Frank Schreuder <fschreuder@transip.nl>
2015-08-12 18:30:28 +02:00
Laine Stump
d5e6d1cfc7 Revert "qemu: Allow to plug virtio-net-pci into PCIe slot"
This reverts commit ede34470fd, which
was apparently written based on testing performed before commits
1e15be1 and 9a12b6 were pushed upstream. Once those two patches are in
place, commit ede34470 is redundant, and can even cause
incorrect/unexpected behavior when auto-assigning addresses for
virtio-net devices.
2015-08-12 11:23:29 -04:00
Michal Privoznik
f7fba69bd7 networkBandwidthGenericChecks: Drop useless check
There's a check right at the beginning of the function that
shortcuts if the function was called over all NULL arguments.
However, this was meant just as a fool-proof check so that we
don't crash if function is used in a bad manner. Anyway, it makes
Coverity unhappy as it then thinks any of the arguments could be
NULL. Well, with the current state of the code it can't.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-08-12 10:57:36 +02:00
Michal Privoznik
ef6b3b625d networkBandwidthUpdate: Don't blindly dereference pointers
It may happen that an interface don't have any bandwidth set and
a new one is to be set. In that case, @ifaceBand will be NULL.
This will cause troubles later in the code when deciding what to
do.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-08-12 10:57:36 +02:00
Cole Robinson
c7790408d7 domain: Fix crash if trying to live update disk <serial>
If you pass <disk><serial> XML to UpdateDevice, and the original device
didn't have a <serial> block, libvirtd crashes trying to read the original
NULL serial string.

Use _NULLABLE string comparisons to avoid the crash. A couple other
properties needed the change too.
2015-08-11 17:33:34 -04:00
Laine Stump
9bd16ad3b4 qemu: fix qemuDomainSupportsPCI() for ARM machines of "virt" machinetype
Commit e8d5517 updated the domain post-parse to automatically add
pcie-root et al for certain ARM "virt" machinetypes, but didn't update
the function qemuDomainSupportsPCI() which is called later on when we
are auto-assigning PCI addresses and default settings for the PCI
controller <model> and <target> attributes. The result was that PCI
addresses weren't assigned, and the controllers didn't have their
attribute default values set, leading to an error when the domain was
started, e.g.:

  internal error: autogenerated dmi-to-pci-bridge options not set

This patch adds the same check made in the earlier patch to
qemuDomainSupportsPCI(), so that PCI address auto-assignment and
target/model default values will be set.
2015-08-11 16:11:05 -04:00
Guido Günther
fbb27088ee virNetSocketCheckProtocols: handle EAI_NONAME as IPv6 unavailable
When running the test suite using "unshare -n" we might have IPv6 but no
configured addresses. Due to AI_ADDRCONFIG getaddrinfo then fails with
EAI_NONAME which we should then treat as IPv6 unavailable.
2015-08-11 22:08:50 +02:00
Laine Stump
bfaaa2b681 util: don't overwrite stack when getting ethtool gfeatures
This fixes the crash described here:

 https://www.redhat.com/archives/libvir-list/2015-August/msg00162.html

In short, we were calling ioctl(SIOCETHTOOL) pointing to a too-short
object that was a local on the stack, resulting in the memory past the
end of the object being overwritten. This was because the struct used
by the ETHTOOL_GFEATURES command of SIOCETHTOOL ends with a 0-length
array, but we were telling ethtool that it could use 2 elements on the
array.

The fix is to allocate the necessary memory with VIR_ALLOC_VAR(),
including the extra length needed for a 2 element array at the end.
2015-08-11 15:29:14 -04:00
Andrea Bolognani
133c25c81c cpu: Fix segfault in the ppc64 driver
Commit adb865d introduced some changes in ppc64DriverNodeData()
that cause libvirtd to crash on startup unless this patch is
applied as well.
2015-08-11 18:05:04 +02:00
Michal Privoznik
b044e3257f qemu: Implement VIR_DOMAIN_BANDWIDTH_IN_FLOOR
Well, there are just two places that needs adjustment:

qemuDomainGetInterfaceParameters - to report the @floor
qemuDomainSetInterfaceParameters - now that the function has been
fixed, we can allow updating @floor too.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-08-11 16:10:32 +02:00
Michal Privoznik
5ee6d243fc qemuDomainSetInterfaceParameters: Use new functions to update bandwidth
As sketched in previous commits, imagine the following scenario:

  virsh # domiftune gentoo vnet0
  inbound.average: 100
  inbound.peak   : 0
  inbound.burst  : 0
  outbound.average: 100
  outbound.peak  : 0
  outbound.burst : 0

  virsh # domiftune gentoo vnet0 --inbound 0

  virsh # shutdown gentoo
  Domain gentoo is being shutdown

  virsh # list --all
  error: Failed to list domains
  error: Cannot recv data: Connection reset by peer

  Program received signal SIGSEGV, Segmentation fault.
  0x00007fffe80ea221 in networkUnplugBandwidth (net=0x7fff9400c1a0, iface=0x7fff940ea3e0) at network/bridge_driver.c:4881
  4881            net->floor_sum -= ifaceBand->in->floor;

This is rather unfortunate. We should not SIGSEGV here. The
problem is, that while in the second step the inbound QoS was
cleared out, the network part of it was not updated (moreover, we
don't report that vnet0 had inbound.floor set). Internal
structure therefore still had some fragments left (e.g.
class_id). So when qemuProcessStop() started to clean up the
environment it got to networkUnplugBandwidth(). Here, class_id is
set therefore function assumes that there is an inbound QoS. This
actually is a fair assumption to make, there's no need for a
special QoS box in network's QoS when there's no QoS to set.
Anyway, the problem is not the networkUnplugBandwidth() rather
than qemuDomainSetInterfaceParameters() which completely forgot
about QoS being disperse (some parts are set directly on
interface itself, some on bridge the interface is plugged into).

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-08-11 16:10:32 +02:00
Michal Privoznik
812932bea2 bridge_driver: Introduce networkBandwidthUpdate
So, if a domain vNIC's bandwidth has been successfully set, it's
possible that because @floor is set on network's bridge, this
part may need updating too. And that's exactly what this function
does. While the previous commit introduced a function to check if
@floor can be satisfied, this does all the hard work. In general,
there may be three, well four possibilities:

  1) No change in @floor value (either it remain unset, or its
  value hasn't changed)

  2) The @floor value has changed from a non-zero to a non-zero
  value

  3) New @floor is to be set

  4) Old @floor must be cleared out

The difference between 2), 3) and 4) is, that while in 2) the QoS
tree on the network's bridge already has a special class for the
vNIC, in 3) the class must be created from scratch. In 4) it must
be removed. Fortunately, we have helpers for all three
interesting cases.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-08-11 16:10:32 +02:00
Michal Privoznik
41a1531de5 bridge_driver: Introduce networkBandwidthChangeAllowed
When a domain vNIC's bandwidth is to be changed (at runtime) it is
possible that guaranteed minimal bandwidth (@floor) will change too.
Well, so far it is, because we still don't have an implementation that
allows setting it dynamically, so it's effectively erased on:

    #virsh domiftune $dom vnet0 --inbound 0

However, that's slightly unfortunate. We do some checks on domain
startup to see if @floor can be guaranteed. We ought do the same if
QoS is changed at runtime.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-08-11 16:10:32 +02:00
Michal Privoznik
45090449c4 virNetDevBandwidthUpdateRate: turn class_id into integer
This is no functional change. It's just that later in the series we
will need to pass class_id as an integer.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-08-11 16:10:32 +02:00
Michal Privoznik
327bc16a05 virNetDevParseMcast: Avoid magic constant
There is no guarantee that an enum start it mapped onto a value
of zero. However, we are guaranteed that enum items are
consecutive integers. Moreover, it's a pity to define an enum to
avoid using magical constants but then using them anyway.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-08-11 16:10:32 +02:00
Martin Kletzander
1f24c1494a conf: Don't try formating non-existing addresses
Commit a6f9af8292 added checking for address colisions between
starting and ending addresses of forwarding addresses, but forgot that
there might be no addresses set at all.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-08-11 16:07:41 +02:00
Andrea Bolognani
344d1675e8 cpu: Forbid model fallback in the ppc64 driver
Unlike what happens on x86, on ppc64 you can't mix and match CPU
features to obtain the guest CPU you want regardless of the host
CPU, so the concept of model fallback doesn't apply.

Make sure CPU definitions emitted by the driver, eg. as output of
the cpuBaseline() and cpuUpdate() calls, reflect this fact.
2015-08-11 15:25:28 +02:00
Andrea Bolognani
dee2247afa cpu: Implement backwards compatibility in the ppc64 driver
All previously recognized CPU models (POWER7_v2.1, POWER7_v2.3,
POWER7+_v2.1 and POWER8_v1.0) are internally converted to the
corrisponding generation name so that existing guests don't stop
working.
2015-08-11 15:25:24 +02:00
Andrea Bolognani
36300d2ba1 cpu: Add POWER8NVL information to CPU map XML
This is yet another variation of POWER8. The PVR information comes
from arch/powerpc/kernel/cputable.c in the Linux kernel tree.
2015-08-11 14:09:43 +02:00
Andrea Bolognani
5d0aa93c50 cpu: Parse and use PVR masks in the ppc64 driver
Instead of relying on a hard-coded mask value, read it from the CPU
map XML and use it when looking up models by PVR.
2015-08-11 14:09:37 +02:00
Andrea Bolognani
d87359af5e cpu: Simplify ppc64 part of CPU map XML
Use multiple PVRs per CPU model to reduce the number of models we
need to keep track of.

Remove specific CPU models (eg. POWER7+_v2.1): the corresponding
generic CPU model (eg. POWER7) should be used instead to ensure
the guest can be booted on any compatible host.

Get rid of all the entries that did not match any of the CPU
models supported by QEMU, like power8 and power8e.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1250977
2015-08-11 14:05:35 +02:00
Andrea Bolognani
59fcc96195 cpu: Support multiple PVRs in the ppc64 driver
This will allow us to perform PVR matching more broadly, eg. consider
both POWER8 and POWER8E CPUs to be the same even though they have
different PVR values.
2015-08-11 14:05:25 +02:00
Andrea Bolognani
adb865df85 cpu: Align ppc64 CPU data with x86
Use a typedef instead of the plain struct and heap allocation. This
will make it easier to extend the ppc64 specific CPU data later on.
2015-08-11 11:04:57 +02:00
Andrea Bolognani
d574094d30 cpu: Use ppc64Compute() to implement ppc64DriverCompare()
This ensures comparison of two CPU definitions will be consistent
regardless of the fact that it is performed using cpuCompare() or
cpuGuestData(). The x86 driver uses the same exact code.
2015-08-11 11:04:57 +02:00
Andrea Bolognani
96b2c7459c cpu: CPU model names have to match on ppc64
Limitations of the POWER architecture mean that you can't run
eg. a POWER7 guest on a POWER8 host when using KVM. This applies
to all guests, not just those using VIR_CPU_MATCH_STRICT in the
CPU definition; in fact, exact and strict CPU matching are
basically the same on ppc64.

This means, of course, that hosts using different CPUs have to be
considered incompatible as well.

Change ppc64Compute(), called by cpuGuestData(), to reflect this
fact and update test cases accordingly.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1250977
2015-08-11 11:04:57 +02:00
Andrea Bolognani
8382136d42 cpu: Never skip CPU model name check in ppc64 driver
ppc64Compute(), called by cpuNodeData(), is used not only to retrieve
the driver-specific data associated to a guest CPU definition, but
also to check whether said guest CPU is compatible with the host CPU.

If the user is not interested in the CPU data, it's perfectly fine
to pass a NULL pointer instead of a return location, and the
compatibility data returned should not be affected by this. One of
the checks, specifically the one on CPU model name, was however
only performed if the return location was non-NULL.
2015-08-11 11:04:57 +02:00
Andrea Bolognani
cb8c0e1102 cpu: Remove ISA information from CPU map XML
The information is not used anywhere in libvirt.

No functional changes.
2015-08-11 11:04:57 +02:00
Andrea Bolognani
b85b51f2a5 cpu: Reorder functions in the ppc64 driver
Having the functions grouped together this way will avoid further
shuffling around down the line.

No functional changes.
2015-08-11 11:04:56 +02:00
Andrea Bolognani
c238d16af4 cpu: Simplify ppc64ModelFromCPU() 2015-08-11 11:04:56 +02:00
Andrea Bolognani
4590f0678f cpu: Simplify NULL handling in ppc64 driver
Use briefer checks, eg. (!model) instead of (model == NULL), and
avoid initializing to NULL a pointer that would be assigned in
the first line of the function anyway.

Also remove a pointless NULL assignment.

No functional changes.
2015-08-11 11:04:56 +02:00
Andrea Bolognani
2686bf2292 cpu: Mark driver functions in ppc64 driver
Use the ppc64Driver prefix for all functions that are used to
fill in the cpuDriverPPC64 structure, ie. those that are going
to be called by the generic CPU code.

This makes it clear which functions are exported and which are
implementation details; it also gets rid of the ambiguity that
affected the ppc64DataFree() function which, despite what the
name suggested, was not related to ppc64DataCopy() and could
not be used to release the memory allocated for a
virCPUppc64Data* instance.

No functional changes.
2015-08-11 11:04:56 +02:00
Laine Stump
f4f1d18dc4 qemu: fail on attempts to use <filterref> for non-tap network connections
nwfilter uses iptables and ebtables, which only work properly on
tap-based network connections (*not* on macvtap, for example), but we
just ignore any <filterref> elements for other types of networks,
potentially giving users a false sense of security.

This patch checks the network type and fails/logs an error if any
domain <interface> has a <filterref> when the connection isn't using a
tap device.

This resolves:

  https://bugzilla.redhat.com/show_bug.cgi?id=1180011
2015-08-10 13:08:41 -04:00
Laine Stump
a6f9af8292 network: validate network NAT range
This patch modifies virSocketAddrGetRange() to function properly when
the containing network/prefix of the address range isn't known, for
example in the case of the NAT range of a virtual network (since it is
a range of addresses on the *host*, not within the network itself). We
then take advantage of this new functionality to validate the NAT
range of a virtual network.

Extra test cases are also added to verify that virSocketAddrGetRange()
works properly in both positive and negative cases when the network
pointer is NULL.

This is the *real* fix for:

https://bugzilla.redhat.com/show_bug.cgi?id=985653

Commits 1e334a and 48e8b9 had earlier been pushed as fixes for that
bug, but I had neglected to read the report carefully, so instead of
fixing validation for the NAT range, I had fixed validation for the
DHCP range. sigh.
2015-08-10 13:06:56 -04:00
Martin Kletzander
cf0404455c qemu: Enable ioeventfd usage for virtio-scsi controllers
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1150484

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-08-10 15:05:34 +02:00
Martin Kletzander
35eecddee3 conf: Add ioeventfd option for controllers
This will be used with a virtio-scsi controller later on.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-08-10 15:05:34 +02:00
Michal Privoznik
2a5d3f227d virNetDevBandwidthParseRate: Reject negative values
https://bugzilla.redhat.com/show_bug.cgi?id=1022292

The following XML really does not make any sense:

<inbound average="-1" burst="-2" peak="-3" floor="-4"/>

There can't be a negative packet rate. Well, so far we haven't
assigned any meaning to it. So reject it unless users harm themselves,
because otherwise we turn the negative numbers into really big values.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-08-10 13:47:48 +02:00
Cao jin
17cba9fb51 qemuMonitorOpenInternal: remove redundant code
There's no need to set mon->fd to a dummy value since
it's initialized to proper value just a few lines below.

Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
2015-08-10 13:47:33 +02:00
Martin Kletzander
a8743c3938 rpc: Remove keepalive_required option
Since its introduction in 2011 (particularly in commit f4324e3292),
the option doesn't work.  It just effectively disables all incoming
connections.  That's because the client private data that contain the
'keepalive_supported' boolean, are initialized to zeroes so the bool is
false and the only other place where the bool is used is when checking
whether the client supports keepalive.  Thus, according to the server,
no client supports keepalive.

Removing this instead of fixing it is better because a) apparently
nobody ever tried it since 2011 (4 years without one month) and b) we
cannot know whether the client supports keepalive until we get a ping or
pong keepalive packet.  And that won't happen until after we dispatched
the ConnectOpen call.

Another two reasons would be c) the keepalive_required was tracked on
the server level, but keepalive_supported was in private data of the
client as well as the check that was made in the remote layer, thus
making all other instances of virNetServer miss this feature unless they
all implemented it for themselves and d) we can always add it back in
case there is a request and a use-case for it.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-08-10 13:15:56 +02:00
Cao jin
b1ad57ecd2 fix typo in comments
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
2015-08-10 09:39:13 +02:00
Michal Privoznik
bc359f77f3 virDomainCoreDumpWithFormat: Mention enum for @dumpformat
So the API takes @dumpformat argument. This is what makes it special
when compared to virDomainCoreDump. The argument is there so that
users can choose the format of resulting core dump file. And to ease
them the choosing process we even have an enum with supported values
across all the hypervisors. But we don't mention the enum in  the
function description anywhere. Fix it!

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-08-10 08:40:27 +02:00
Laine Stump
6a21bc119e network: verify proper address family in updates to <host> and <range>
By specifying parentIndex in a call to virNetworkUpdate(), it was
possible to direct libvirt to add a dhcp range or static host of a
non-matching address family to the <dhcp> element of an <ip>. For
example, given:

 <ip address='192.168.122.1' netmask='255.255.255.0'/>
 <ip family='ipv6' address='2001:db6:ca3:45::1' prefix='64'/>

you could provide a static host entry with an IPv4 address, and
specify that it be added to the 2nd <ip> element (index 1):

  virsh net-update default add ip-dhcp-host --parent-index 1 \
  '<host mac="52:54:00:00:00:01" ip="192.168.122.45"/>'

This would be happily added with no error (and no concern of any
possible future consequences).

This patch checks that any dhcp range or host element being added to a
network ip's <dhcp> subelement has addresses of the same family as the
ip element they are being added to.

This resolves:

  https://bugzilla.redhat.com/show_bug.cgi?id=1184736
2015-08-10 02:38:41 -04:00
Laine Stump
7d69387cd6 qemu: support new pci controller model "pcie-switch-downstream-port"
This is backed by the qemu device xio3130-downstream. It can only be
connected to a pcie-switch-upstream-port (x3130-upstream) on the
upstream side.
2015-08-09 22:32:00 -04:00
Laine Stump
76379a6ec1 conf: new pcie-controller model "pcie-switch-downstream-port"
This controller can be connected only to a port on a
pcie-switch-upstream-port. It provides a single hotpluggable port that
will accept any PCI or PCIe device, as well as any device requiring a
pcie-*-port (the only current example of such a device is the
pcie-switch-upstream-port).
2015-08-09 22:30:47 -04:00
Laine Stump
ad1748a1aa qemu: add capabilities bit for device xio3130-downstream
The downstream ports of an x3130-upstream switch can each have one of
these plugged into them (and that is the only place they can be
connected). Each xio3130-downstream provides a single PCIe port that
can have PCI or PCIe devices hotplugged into it. Apparently an entire
set of x3130-upstream + several xio3130-downstreams can be hotplugged
as a unit, but it's not clear to me yet how that would be done, since
qemu only allows attaching a single device at a time.

This device will be used to implement the
"pcie-switch-downstream-port" model of pci controller.
2015-08-09 22:29:25 -04:00
Laine Stump
cb99086d1b qemu: support new pci controller model "pcie-switch-upstream-port"
this is backed by the qemu device x3130-upstream. It can only plug
into a pcie-root-port or pcie-switch-downstream-port.
2015-08-09 22:16:10 -04:00
Laine Stump
38ea9515af conf: new pci controller model "pcie-switch-upstream-port"
This controller can be connected only to a pcie-root-port or a
pcie-switch-downstream-port (which will be added in a later patch),
which is the reason for the new connect type
VIR_PCI_CONNECT_TYPE_PCIE_PORT. A pcie-switch-upstream-port provides
32 ports (slot=0 to slot=31) on the downstream side, which can only
have pci controllers of model "pcie-switch-downstream-port" plugged
into them, which is the reason for the other new connect type
VIR_PCI_CONNECT_TYPE_PCIE_SWITCH.
2015-08-09 22:12:29 -04:00
Laine Stump
4cde758808 qemu: add capabilities bit for device x3130-upstream
This is the upstream part of a PCIe switch. It connects to a PCIe port
(but not PCI) on the upstream side, and can have up to 31
xio3130-downstream controllers (but no other types of devices)
connected to its downstream side.

This device will be used to implement the "pcie-switch-upstream-port"
model of pci controller.
2015-08-09 22:02:16 -04:00
Laine Stump
16328520f6 qemu: support new pci controller model "pcie-root-port"
This is backed by the qemu device ioh3420.

chassis and port from the <target> subelement are used to store/set the
respective qemu device options for the ioh3420. Currently, chassis is
set to be the index of the controller, and port is set to
"(slot << 3) + function" (per suggestion from Alex Williamson).
2015-08-09 21:58:55 -04:00
Laine Stump
dce3b8beb3 conf: new pci controller model "pcie-root-port"
This controller can be connected (at domain startup time only - not
hotpluggable) only to a port on the pcie root complex ("pcie-root" in
libvirt config), hence the new connect type
VIR_PCI_CONNECT_TYPE_PCIE_ROOT. It provides a hotpluggable port that
will accept any PCI or PCIe device.

New attributes must be added to the controller <target> subelement for
this - chassis and port are guest-visible option values that will be
set by libvirt with values derived from the controller's index and pci
address information.
2015-08-09 21:52:52 -04:00
Laine Stump
408b100a06 qemu: add capabilities bit for device ioh3420
This is a PCIE "root port". It connects only to a port of the
integrated pcie.0 bus of a Q35 machine (can't be hotplugged), and
provides a single PCIe port that can have PCI or PCIe devices
hotplugged into it.

This device will be used to implement the "pcie-root-port" model of
pci controller.
2015-08-09 21:44:11 -04:00
Laine Stump
18c104516e qemu: implement <target chassisNr='n'/> subelement/attribute of <controller>
This uses the new subelement/attribute in two ways:

1) If a "pci-bridge" pci controller has no chassisNr attribute, it
will automatically be set to the controller's index as soon as the
controller's PCI address is known (during
qemuDomainAssignPCIAddresses()).

2) when creating the commandline for a pci-bridge device, chassisNr
will be used to set qemu's chassis_nr option (rather than the previous
practice of hard-coding it to the controller's index).
2015-08-09 21:40:40 -04:00
Laine Stump
8dc88aeed6 conf: add new <target> subelement with chassisNr attribute to <controller>
There are some configuration options to some types of pci controllers
that are currently automatically derived from other parts of the
controller's configuration. For example, in qemu a pci-bridge
controller has an option that is called "chassis_nr"; up until now
libvirt has always set chassis_nr to the index of the pci-bridge. So
this:

  <controller type='pci' model='pci-bridge' index='2'/>

will always result in:

  -device pci-bridge,chassis_nr=2,...

on the qemu commandline. In the future we may decide there is a better
way to derive that option, but even in that case we will need for
existing domains to retain the same chassis_nr they were using in the
past - that is something that is visible to the guest so it is part of
the guest ABI and changing it would lead to problems for migrating
guests (or just guests with very picky OSes).

The <target> subelement has been added as a place to put the new
"chassisNr" attribute that will be filled in by libvirt when it
auto-generates the chassisNr; it will be saved in the config, then
reused any time the domain is started:

  <controller type='pci' model='pci-bridge' index='2'>
    <model type='pci-bridge'/>
    <target chassisNr='2'/>
  </controller>

The one oddity of all this is that if the controller configuration
is changed (for example to change the index or the pci address
where the controller is plugged in), the items in <target> will
*not* be re-generated, which might lead to conflict. I can't
really see any way around this, but fortunately if there is a
material conflict qemu will let us know and we will pass that on
to the user.
2015-08-09 21:35:00 -04:00
Laine Stump
572ebdbce7 qemu: implement <model> subelement to <controller>
This patch provides qemu support for the contents of <model> in
<controller> for the two existing PCI controller types that need it
(i.e. the two controller types that are backed by a device that must
be specified on the qemu commandline):

1) pci-bridge - sets <model> name attribute default as "pci-bridge"

2) dmi-to-pci-bridge - sets <model> name attribute default as
   "i82801b11-bridge".

These both match current hardcoded practice.

The defaults are set at the end of qemuDomainAssignPCIAddresses().
This can't be done earlier because some of the options that will be
autogenerated need full PCI address info for the controller, and
because qemuDomainAssignPCIAddresses() might create extra controllers
which would need default settings added, and that hasn't yet been done
at the time the PostParse callbacks are being run.
qemuDomainAssignPCIAddresses() is still called prior to the XML being
written to disk, though, so the autogenerated defaults are persistent.

qemu capabilities bits aren't checked when the domain is defined, but
rather when the commandline is actually created (so the domain can
possibly be defined on a host that doesn't yet have support for the
given device, or a host different from the one where it will
eventually be run). When the commandline is being generated we compare
the modelName to known qemu device names implementing the given type
of controller, and check the capabilities bit for that device.
2015-08-09 21:33:58 -04:00
Laine Stump
bf20251048 conf: add new <model> subelement with name attribute to <controller>
This new subelement is used in PCI controllers: the toplevel
*attribute* "model" of a controller denotes what kind of PCI
controller is being described, e.g. a "dmi-to-pci-bridge",
"pci-bridge", or "pci-root". But in the future there will be different
implementations of some of those types of PCI controllers, which
behave similarly from libvirt's point of view (and so should have the
same model), but use a different device in qemu (and present
themselves as a different piece of hardware in the guest). In an ideal
world we (i.e. "I") would have thought of that back when the pci
controllers were added, and used some sort of type/class/model
notation (where class was used in the way we are now using model, and
model was used for the actual manufacturer's model number of a
particular family of PCI controller), but that opportunity is long
past, so as an alternative, this patch allows selecting a particular
implementation of a pci controller with the "name" attribute of the
<model> subelement, e.g.:

  <controller type='pci' model='dmi-to-pci-bridge' index='1'>
    <model name='i82801b11-bridge'/>
  </controller>

In this case, "dmi-to-pci-bridge" is the kind of controller (one that
has a single PCIe port upstream, and 32 standard PCI ports downstream,
which are not hotpluggable), and the qemu device to be used to
implement this kind of controller is named "i82801b11-bridge".

Implementing the above now will allow us in the future to add a new
kind of dmi-to-pci-bridge that doesn't use qemu's i82801b11-bridge
device, but instead uses something else (which doesn't yet exist, but
qemu people have been discussing it), all without breaking existing
configs.

(note that for the existing "pci-bridge" type of PCI controller, both
the model attribute and <model> name are 'pci-bridge'. This is just a
coincidence, since it turns out that in this case the device name in
qemu really is a generic 'pci-bridge' rather than being the name of
some real-world chip)
2015-08-09 21:29:27 -04:00
Laine Stump
f8fe8f0345 conf: more useful error message when pci function is out of range
If a pci address had a function number out of range, the error message
would be:

  Insufficient specification for PCI address

which is logged by virDevicePCIAddressParseXML() after
virDevicePCIAddressIsValid returns a failure.

This patch enhances virDevicePCIAddressIsValid() to optionally report
the error itself (since it is the place that decides which part of the
address is "invalid"), and uses that feature when calling from
virDevicePCIAddressParseXML(), so that the error will be more useful,
e.g.:

  Invalid PCI address function=0x8, must be <= 7

Previously, virDevicePCIAddressIsValid didn't check for the
theoretical limits of domain or bus, only for slot or function. While
adding log messages, we also correct that ommission. (The RNG for PCI
addresses already enforces this limit, which by the way means that we
can't add any negative tests for this - as far as I know our
domainschematest has no provisions for passing XML that is supposed to
fail).

Note that virDevicePCIAddressIsValid() can only check against the
absolute maximum attribute values for *any* possible PCI controller,
not for the actual maximums of the specific controller that this
device is attaching to; fortunately there is later more specific
validation for guest-side PCI addresses when building the set of
assigned PCI addresses. For host-side PCI addresses (e.g. for
<hostdev> and for network device pools), we rely on the error that
will be logged when it is found that the device doesn't actually
exist.

This resolves:

  https://bugzilla.redhat.com/show_bug.cgi?id=1004596
2015-08-08 18:37:35 -04:00
Michal Privoznik
82af954c52 virDomainDefParseXML: Check for malicious cpu ids in <numa/>
https://bugzilla.redhat.com/show_bug.cgi?id=1176020

Some users think this is a good idea:

      <vcpu placement='static'>4</vcpu>
      <cpu mode='host-model'>
        <model fallback='allow'/>
        <numa>
          <cell id='0' cpus='0-1' memory='1048576' unit='KiB'/>
          <cell id='1' cpus='9-10' memory='2097152' unit='KiB'/>
        </numa>
      </cpu>

It's not. Lets therefore introduce a check and discourage them in
doing so.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-08-07 17:19:07 +02:00
Michal Privoznik
8f2535dec1 numa_conf: Introduce virDomainNumaGetMaxCPUID
This function should return the greatest CPU number set in
/domain/cpu/numa/cell/@cpus. The idea is that we should compare
the returned value against /domain/vcpu value. Yes, there exist
users who think the following is a good idea:

  <vcpu placement='static'>4</vcpu>
  <cpu mode='host-model'>
    <model fallback='allow'/>
    <numa>
      <cell id='0' cpus='0-1' memory='1048576' unit='KiB'/>
      <cell id='1' cpus='9-10' memory='2097152' unit='KiB'/>
    </numa>
  </cpu>

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-08-07 17:19:03 +02:00
Peter Krempa
8dc2725925 qemu: Fix reporting of physical capacity for block devices
Qemu reports physical size 0 for block devices. As 15fa84acbb
changed the behavior of qemuDomainGetBlockInfo to just query the monitor
this created a regression since we didn't report the size correctly any
more.

This patch adds code to refresh the physical size of a block device by
opening it and seeking to the end and uses it both in
qemuDomainGetBlockInfo and also in qemuDomainGetStatsOneBlock that was
broken since it was introduced in this respect.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1250982
2015-08-07 13:28:50 +02:00
Shivaprasad G Bhat
e3810db34f Allow vfio hotplug of a device to the domain which owns the iommu
The commit 7e72de4 didn't consider the hotplug scenarios. The patch addresses
the hotplug case whereby if atleast one of the pci function is owned by a
guest, the hotplug of other functions/devices in the same iommu group to the
same guest goes through successfully.

Signed-off-by: Shivaprasad G Bhat <sbhat@linux.vnet.ibm.com>
2015-08-06 17:55:03 +02:00
Michal Privoznik
c646814438 qemuDomainDefPostParse: Adjust indent
While reviewing e8d551725 I've noticed a few unaligned lines.
Fix this.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-08-06 15:33:01 +02:00
Pavel Fedin
ede34470fd qemu: Allow to plug virtio-net-pci into PCIe slot
virtio-net-pci adapter is capable to use irqfd with vhost-net only in MSI-X
mode, which appears to be available only on PCIe bus, at least on ARM

Signed-off-by: Pavel Fedin <p.fedin@samsung.com>
2015-08-06 14:28:05 +02:00
Pavel Fedin
8b78ec011c qemu: Build correct command line for PCI NICs on ARM
Legacy -net option works correctly only with embedded device models, which
do not require any bus specification. Therefore, we should use -device for
PCI hardware

Signed-off-by: Pavel Fedin <p.fedin@samsung.com>
2015-08-06 14:25:02 +02:00
Pavel Fedin
e8d5517254 qemu: Add PCI-Express root to ARM virt machine
Here we assume that if qemu supports generic PCI host controller,
it is a part of virt machine and can be used for adding PCI devices.

In qemu this is actually a PCIe bus, so we also declare multibus
capability so that 0'th bus is specified to qemu correctly as 'pcie.0'

Signed-off-by: Pavel Fedin <p.fedin@samsung.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-08-06 14:24:51 +02:00
Pavel Fedin
8a482abf75 qemu: Introduce QEMU_CAPS_OBJECT_GPEX
This capability specifies that qemu can implement generic PCI host
controller. It is often used for virtual environments, including ARM.

Signed-off-by: Pavel Fedin <p.fedin@samsung.com>
2015-08-06 13:59:22 +02:00
Peter Krempa
6da3b694cc qemu: Forbid image pre-creation for non-shared storage migration
Libvirt doesn't reliably know the location of the backing chain when
pre-creating images for non-shared migration. This isn't a problem for
full copy, but incremental copy requires the information.

Forbid pre-creating the image in cases where incremental migration is
required. This limitation can perhaps be lifted once libvirt will fully
support loading of backing chain information from the XML.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1249587
2015-08-05 17:24:59 +02:00
Andrea Bolognani
4ff3e939e7 cpu: Indentation changes in the ppc64 driver 2015-08-05 13:30:16 +02:00
Andrea Bolognani
3d1515890b cpu: Rename {powerpc,ppc} => ppc64 (internal symbols)
Update the names of the symbols used internally by the driver.

No functional changes.
2015-08-05 13:30:16 +02:00
Andrea Bolognani
e89733c4a4 cpu: Rename {powerpc,ppc} => ppc64 (exported symbols)
Only the symbols exported by the driver have been updated;
the driver implementation itself still uses the old names
internally.

No functional changes.
2015-08-05 13:30:16 +02:00
Andrea Bolognani
ef770f0160 cpu: Rename {powerpc,ppc} => ppc64 (filesystem)
The driver only supports VIR_ARCH_PPC64 and VIR_ARCH_PPC64LE.

Just shuffling files around and updating the build system
accordingly. No functional changes.
2015-08-05 13:30:16 +02:00
John Ferlan
a16871fef7 conf: Resolve Coverity FORWARD_NULL
The recent changes to perform SCSI device address checks during the
post parse callbacks ran afoul of the Coverity checker since the changes
assumed that the 'xmlopt' parameter to virDomainDeviceDefPostParse
would be non NULL (commit id 'ca2cf74e87'); however, what was missed
is there was an "if (xmlopt &&" check being made, so Coverity believed
that it could be possible for a NULL 'xmlopt'.

Checking the various calling paths seemingly disproves that. If called
from virDomainDeviceDefParse, there were two other possible calls that
would end up dereffing, so that path could not be NULL. If called via
virDomainDefPostParseDeviceIterator via virDomainDefPostParse there
are two callers (virDomainDefParseXML and qemuParseCommandLine)
which deref xmlopt either directly or through another call.

So I'm removing the check for non-NULL xmlopt.
2015-08-05 05:44:46 -04:00
John Ferlan
36025c552c conf: Allow error reporting in virDomainDiskSourceIsBlockType
Rather than provide a somewhat generic error message when the API
returns false, allow the caller to supply a "report = true" option
in order to cause virReportError's to describe which of the 3 paths
that can cause failure.

Some callers don't care about what caused the failure, they just want
to have a true/false - for those, calling with report = false should
be sufficient.
2015-08-04 07:19:25 -04:00
Kothapally Madhu Pavan
d9557572ae Avoid starting a PowerPC VM with floppy disk
PowerPC pseries based VMs do not support a floppy disk controller.
This prohibits libvirt from creating qemu command with floppy device.

Signed-off-by: Kothapally Madhu Pavan <kmp@linux.vnet.ibm.com>

https://bugzilla.redhat.com/show_bug.cgi?id=1180486

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2015-08-04 10:17:07 +02:00
Kothapally Madhu Pavan
020a178318 Caps: Disable floppy disk for PowerPC VM
PowerPC pseries based VMs do not support a floppy disk controller.
This prohibits libvirt from adding floppy disk for a PowerPC pseries VM.

Signed-off-by: Kothapally Madhu Pavan <kmp@linux.vnet.ibm.com>
2015-08-04 10:16:20 +02:00
John Ferlan
e1dbce1589 conf: Change when virDomainDiskDefAssignAddress is called
Rather than calling virDomainDiskDefAssignAddress during the parsing of
the XML, moving the setting of disk addresses into the domain/device post
processing.

Commit id '37588b25' which introduced VIR_DOMAIN_DEF_PARSE_DISK_SOURCE
in order to avoid generating the address which wasn't required will not
be affected by this as all it cared about was processing the source XML.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2015-08-03 17:06:15 -04:00
John Ferlan
9bcdb21005 conf: Remove unused param from virDomainHostdevDefParseXML
Remove unused xmlopt param

Signed-off-by: John Ferlan <jferlan@redhat.com>
2015-08-03 16:48:45 -04:00
John Ferlan
0d8b24f6b6 conf: Change when virDomainHostdevAssignAddress is called
Rather than calling virDomainHostdevAssignAddress during the parsing
of the XML, move the setting of a default hostdev address to domain/
device post processing.

Since the parse code no longer generates an address, we can remove
the virDomainDefMaybeAddHostdevSCSIcontroller since the call to
virDomainHostdevAssignAddress will attempt to add the controllers
that were not already defined in the XML.

This patch will also enforce that the address type is type 'drive'
when a SCSI subsystem <hostdev> element is provided with an <address>.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2015-08-03 16:48:45 -04:00
John Ferlan
0785966d03 conf: Try controller add when searching hostdev bus for unit
If virDomainControllerSCSINextUnit failed to find a slot on the current
VIR_DOMAIN_CONTROLLER_TYPE_SCSI controller(s), try to add a new controller;
otherwise, there may be multiple unit=0 entries for the same "next"
controller.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2015-08-03 16:48:45 -04:00
John Ferlan
83f2b62c1f conf: Add check for host address type while checking in use
While searching the hostdevs the drive type can be either *_TYPE_DRIVE
or *_TYPE_NONE.  If the type is _TYPE_NONE on the first scsi_host, then
there is an erroneous "match" that the address already exists.

Although this works by chance currently because hostdev's are added one
at a time and 'nhostdevs' would be zero, thus returning false for the
first hostdev added, a future patch will move the hostdev address
assignment into post processing resulting in the bad match.

This code is only called by path's expecting either drive or none.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2015-08-03 16:48:45 -04:00