Commit Graph

27565 Commits

Author SHA1 Message Date
Michal Privoznik
b2482c084a qemuParseCommandLineNet: Make it more readable
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2017-10-04 17:10:12 +02:00
John Ferlan
f2fb783bb6 nwfilter: Fix memory leak and error path
Found by Coverity. If virNWFilterHashTablePut, then the 3rd arg @val
must be free'd since it would be leaked.

This also fixes potential problem on the error path where the caller
could assume the virNWFilterHashTablePut was successful when in fact
it failed leading to other issues.
2017-10-04 06:22:02 -04:00
John Ferlan
ca3bef4cec nwfilter: Clean up virNWFilterDetermineMissingVarsRec returns
Rather than using loop break;'s in order to force a return
of rc = -1, let's just return -1 immediately on the various
error paths and then return 0 on the success path.
2017-10-04 06:22:02 -04:00
Luyao Huang
3e581d150a tests: Do not ignore mode parameter in mocked open()
This is normally not an issue since the tests which use mocked open() do
not create files. But once coverage build is enabled, gcov_open will use
O_CREATE and real_open will read random data rather than the actual mode
argument.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-10-04 11:57:42 +02:00
Kothapally Madhu Pavan
65a983eca1 util: Free a pointer in virPolkitCheckAuth
Free DBusMessage pointer in virPolkitCheckAuth

Signed-off-by: Kothapally Madhu Pavan <kmp@linux.vnet.ibm.com>
2017-10-04 11:20:17 +02:00
Peter Krempa
5047524baa conf: Split out parsing of network disk source XML elements
virDomainDiskSourceParse got to the point of being an ugly spaghetti
mess by adding more and more stuff into it. Split out parsing of network
disk information into a separate function so that it stays contained.
2017-10-04 10:38:49 +02:00
Peter Krempa
5656596a40 Post-release version bump to 3.9.0 2017-10-04 10:38:30 +02:00
Daniel Veillard
a60d1b150c Release of libvirt-3.8.0
* docs/news.xml: updated for release
* po/*.po*: regenerated
2017-10-04 10:20:23 +02:00
Jiri Denemark
4ddb4bb861 spec: Delay supported_platform check
Building RPM should only be allowed on a supported platform, but
unpacking the source and applying all patches can be done anywhere.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-10-03 13:45:57 +02:00
Martin Kletzander
b9163679c5 docs: Document the real behaviour of suspend-to-{mem,disk}
We get a question every now and then about why hibernation works when
suspend-to-disk is disabled and similar.  Let's hope that, by documenting the
obvious more blatantly, people will get more informed.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2017-10-03 10:29:50 +02:00
John Ferlan
a55eaced60 nwfilter: Don't have virNWFilterIPAddrMapAddIPAddr consume input
On pure success paths, virNWFilterIPAddrMapAddIPAddr was validly
consuming the input @addr; however, on failure paths it was possible
that virNWFilterVarValueCreateSimple succeed, but virNWFilterHashTablePut
failed resulting in virNWFilterVarValueFree being called to clean
up @val which also cleaned up the input @addr. Thus the caller had
no way to determine on failure whether it too should clean up the
passed parameter.

Instead, let's create a copy of the input @addr, then handle that
properly in the API allowing/forcing the caller to free it's own
copy of the input parameter.
2017-10-02 06:14:32 -04:00
John Ferlan
039702174c Revert "nwfilter: Fix possible segfault on sometimes consumed variable"
This reverts commit 6209bb32e5.

This turns out to be the wrong adjustment
2017-10-02 06:14:32 -04:00
Martin Kletzander
513f0982f1 docs: Add some changes to news.xml for this release
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2017-10-02 10:49:54 +02:00
Daniel P. Berrange
89f0ea419d Fix vxhs test to have stable certificate dir
The test suite has hardcoded /etc/pki/qemu as the cert dir, but this
only works if configure has --sysconfdir=/etc passed. We must set the
vxhs cert dir to a stable path in the test suite.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-09-28 18:41:21 +01:00
Ashish Mittal
6885b51e5f qemu: Add TLS support for Veritas HyperScale (VxHS)
Alter qemu command line generation in order to possibly add TLS for
a suitably configured domain.

Sample TLS args generated by libvirt -

    -object tls-creds-x509,id=objvirtio-disk0_tls0,dir=/etc/pki/qemu,\
    endpoint=client,verify-peer=yes \
    -drive file.driver=vxhs,file.tls-creds=objvirtio-disk0_tls0,\
    file.vdisk-id=eb90327c-8302-4725-9e1b-4e85ed4dc251,\
    file.server.type=tcp,file.server.host=192.168.0.1,\
    file.server.port=9999,format=raw,if=none,\
    id=drive-virtio-disk0,cache=none \
    -device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\
    id=virtio-disk0

Update the qemuxml2argvtest with a couple of examples. One for a
simple case and the other a bit more complex where multiple VxHS disks
are added where at least one uses a VxHS that doesn't require TLS
credentials and thus sets the domain disk source attribute "tls = 'no'".

Update the hotplug to be able to handle processing the tlsAlias whether
it's to add the TLS object when hotplugging a disk or to remove the TLS
object when hot unplugging a disk.  The hot plug/unplug code is largely
generic, but the addition code does make the VXHS specific checks only
because it needs to grab the correct config directory and generate the
object as the command line would do.

Signed-off-by: Ashish Mittal <Ashish.Mittal@veritas.com>
Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-09-28 09:45:14 -04:00
John Ferlan
5c09486c1e qemu: Introduce qemuDomainPrepareDiskSource
Introduce a function to setup any TLS needs for a disk source.

If there's a configuration or other error setting up the disk source
for TLS, then cause the domain startup to fail.

For VxHS, follow the chardevTLS model where if the src->haveTLS hasn't
been configured, then take the system/global cfg->haveTLS setting for
the storage source *and* mark that we've done so via the tlsFromConfig
setting in storage source.

Next, if we are using TLS, then generate an alias into a virStorageSource
'tlsAlias' field that will be used to create the TLS object and added to
the disk object in order to link the two together for QEMU.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-09-28 09:45:14 -04:00
Ashish Mittal
f170548502 util: Add TLS attributes to virStorageSource
Add an optional virTristateBool haveTLS to virStorageSource to
manage whether a storage source will be using TLS.

Sample XML for a VxHS disk:

<disk type='network' device='disk'>
  <driver name='qemu' type='raw' cache='none'/>
  <source protocol='vxhs' name='eb90327c-8302-4725-9e1b-4e85ed4dc251' tls='yes'>
    <host name='192.168.0.1' port='9999'/>
  </source>
  <target dev='vda' bus='virtio'/>
</disk>

Additionally add a tlsFromConfig boolean to control whether the TLS
setting was due to domain configuration or qemu.conf global setting
in order to decide whether to Format the haveTLS setting for either
a live or saved domain configuration file.

Update the qemuxml2xmltest in order to add a test to show the proper
parsing.

Also update the docs to describe the tls attribute.

Signed-off-by: Ashish Mittal <Ashish.Mittal@veritas.com>
Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-09-28 09:45:14 -04:00
John Ferlan
70ad305275 docs: Clean up the description for network disk protocol options
Clean up the description a bit to make it more readable and not
appear as one long run-on paragraph.
2017-09-28 09:45:14 -04:00
Ashish Mittal
bd6fdcd806 conf: Introduce TLS options for VxHS block device clients
Add a new TLS X.509 certificate type - "vxhs". This will handle the
creation of a TLS certificate capability for properly configured
VxHS network block device clients.

The following describes the behavior of TLS for VxHS block device:

  (1) Two new options have been added in /etc/libvirt/qemu.conf
      to control TLS behavior with VxHS block devices
      "vxhs_tls" and "vxhs_tls_x509_cert_dir".
  (2) Setting "vxhs_tls=1" in /etc/libvirt/qemu.conf will enable
      TLS for VxHS block devices.
  (3) "vxhs_tls_x509_cert_dir" can be set to the full path where the
      TLS CA certificate and the client certificate and keys are saved.
      If this value is missing, the "default_tls_x509_cert_dir" will be
      used instead. If the environment is not configured properly the
      authentication to the VxHS server will fail.

Signed-off-by: Ashish Mittal <Ashish.Mittal@veritas.com>
Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-09-28 09:45:14 -04:00
John Ferlan
6209bb32e5 nwfilter: Fix possible segfault on sometimes consumed variable
The virNWFilterIPAddrMapAddIPAddr code can consume the @addr parameter
on success when the @ifname is found in the ipAddressMap->hashTable
hash table in the call to virNWFilterVarValueAddValue; however, if
not found in the hash table, then @addr is formatted into a @val
which is stored in the table and on return the caller would be
expected to free @addr.

Thus, the caller has no way to determine on success whether @addr was
consumed, so in order to fix this create a @tmp variable which will
be stored/consumed when virNWFilterVarValueAddValue succeeds. That way
the caller can free @addr whether the function returns success or failure.
2017-09-28 06:29:21 -04:00
Pavel Hrdina
5c52aed174 rpc: for messages with FDs always decode count of FDs from the message
The packet with passed FD has the following format:

    --------------------------
    | len | header | payload |
    --------------------------

where "payload" has an additional count of FDs before the actual data:

    ------------------
    | nfds | payload |
    ------------------

When the packet is received we parse the "header", which as a side
effect updates msg->bufferOffset to point to the beginning of "payload".
If the message call contains FDs, we need to also parse the count of
FDs, which also updates the msg->bufferOffset.

The issue here is that when we attempt to read the FDs data from the
socket and we receive EAGAIN we finish the reading and call poll()
to wait for the data the we need.  When the data arrives we already have
the packet in our buffer so we read the "header" again but this time
we don't read the count of FDs because we already have it stored.

That means that the msg->bufferOffset is not updated to point to the
actual beginning of the payload data, but it points to the count of
FDs.  After all FDs are processed we dispatch the message to process
it and decode the payload.  Since the msg->bufferOffset points to wrong
data, we decode the wrong payload and the API call fails with
error messages:

    Domain not found: no domain with matching uuid '67656e65-7269-6300-0c87-5003ca6941f2' ()

Broken by commit 133c511b52 which fixed a FD and memory leak.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-09-27 18:56:32 +02:00
Peter Krempa
3685e2dd64 qemu: domain: Extract common clearing of VM private data
VM private data is cleared when the VM is turned off and also when the
VM object is being freed. Some of the clearing code was duplicated.
Extract it to a separate function.

This also removes the now unnecessary function
qemuDomainClearPrivatePaths.
2017-09-27 17:02:02 +02:00
Erik Skultety
f54f32740f docs: Add the closing </address> tag for mdev example
Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-09-27 15:12:21 +02:00
Ján Tomko
959fe7de1f Shrink volume even with ALLOCATE flag
Calling fallocate on the new (smaller) capacity ensures
that the whole file is allocated, but it does not reduce
the file size.

Also call ftruncate after fallocate.

https://bugzilla.redhat.com/show_bug.cgi?id=1366446
2017-09-27 14:40:44 +02:00
Ján Tomko
3f702f5ab1 virStorageFileResize: fallocate the whole capacity
We have been trying to implement the ALLOCATE flag to mean
"the volume should be fully allocated after the resize".

Since commit b0579ed9 we do not allocate from the existing
capacity, but from the existing allocation value.
However this value is a total of all the allocated bytes,
not an offset.

For a sparsely allocated file:
$ perl -e 'print "x"x8192;' > vol1
$ fallocate -p -o 0 -l 4096 vol1
$ virsh vol-info vol1 default
Capacity:       8.00 KiB
Allocation:     4.00 KiB

Treating allocation as an offset would result in an incompletely
allocated file:
$ virsh vol-resize vol1 --pool default 16384 --allocate
Capacity:       16.00 KiB
Allocation:     12.00 KiB

Call fallocate from zero on the whole requested capacity to fully
allocate the file. After that, the volume is fully allocated
after the resize:
$ virsh vol-resize vol1 --pool default 16384 --allocate
$ virsh vol-info vol1 default
Capacity:       16.00 KiB
Allocation:     16.00 KiB
2017-09-27 14:40:44 +02:00
Ján Tomko
5463d95969 use virFileAllocate in virStorageFileResize
Introduce a new function virFileAllocate that will call the
non-destructive variants of safezero, essentially reverting
my commit 1390c268
    safezero: fall back to writing zeroes even when resizing
back to the state as of commit 18f0316
    virstoragefile: Have virStorageFileResize use safezero

This means that _ALLOCATE flag will no longer work on platforms
without the allocate syscalls, but it will not overwrite data
either.
2017-09-27 14:40:44 +02:00
John Ferlan
63d3d895a2 virsh: Add/allow secret-uuid for pool-{define|create}-as
https://bugzilla.redhat.com/show_bug.cgi?id=1476775

For the virsh pool-{define|create}-as command, let's allow using
--secret-uuid on the command line as an alternative to --secret-usage
(added for commit id '8932580'), but ensure that they are mutually
 exclusive.
2017-09-27 08:07:04 -04:00
ZhiPeng Lu
d957e23663 nwfilter: Fix memory leak in learnIPAddressThread
Don't leak @inetaddr within the done: processing when attempting
to instantiate the filter.

Signed-off-by: ZhiPeng Lu <lu.zhipeng@zte.com.cn>
2017-09-27 07:31:08 -04:00
ZhiPeng Lu
7e20862576 nwfilter: Fix memory leak in virNWFilterIPAddrMapAddIPAddr
If virNWFilterHashTablePut fails, then the @val was leaked.

Signed-off-by: ZhiPeng Lu <lu.zhipeng@zte.com.cn>
2017-09-27 07:23:44 -04:00
Ján Tomko
955caf171c qemu: fix hotplug of udp device with no connect host
Use an empty string to let qemu fill out the default.
This matches what's done in qemuBuildChrChardevStr.

https://bugzilla.redhat.com/show_bug.cgi?id=1454671

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-09-27 12:38:27 +02:00
Pavel Hrdina
80740d9c66 Revert "vhost-user: add support reconnect for vhost-user ports"
This reverts commit edaf4ebe95.

This uses "reconnect" as attribute for <source> element, but we already
have a <reconnect> element for <source> element for chardev devices.

Since this is the same feature for different device it should be
presented in XML the same way.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-09-27 12:20:24 +02:00
Peter Krempa
4b480d1076 qemu: process: Refresh data from qemu monitor after migration
Some values we read from the qemu monitor may be changed with the actual
state by the incoming migration. This means that we should refresh
certain things only after the migration has finished.

This is mostly visible in the cdrom tray state, which is by default
closed but may be opened by the guest OS. This would be refreshed before
qemu transferred the actual state and thus libvirt would think that the
tray is closed.

Note that this patch moves only a few obvious query commands. Others may
be moved later after individual assessment.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1463168
2017-09-27 09:09:14 +02:00
Peter Krempa
cf30a8cabd qemu: hotplug: Ignore cgroup errors when hot-unplugging vcpus
When the vcpu is successfully removed libvirt would remove the cgroup.
In cases when removal of the cgroup fails libvirt would report an error.

This does not make much sense, since the vcpu was removed and we can't
really do anything with the cgroup. This patch silences the errors from
cgroup removal.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1462092
2017-09-27 08:51:45 +02:00
Ján Tomko
01f86fb301 qemu: adjust indentation of qemuDomainObjPrivateXMLFormatAutomaticPlacement
Commit 6801da94 fixed the typo in the function name, but forgot
to adjust the indentation level of the next line.
2017-09-26 17:10:51 +02:00
Peter Krempa
6801da940e qemu: domain: Fix typo in qemuDomainObjPtrivateXMLFormatAutomaticPlacement 2017-09-26 16:38:04 +02:00
Ján Tomko
fcd5c61cd4 conf: fix formatting of udp chardev attributes
It is possible (although possibly not very useful) to leave out
the service attribute when using <source mode='bind'/>

Fix the formatter bug introduced by commit 4a0da34 and format
the host when its present (checked for non-NULL inside
virBufferEscapeString) instead of basing it on the presence
of the service attribute.

https://bugzilla.redhat.com/show_bug.cgi?id=1455825
2017-09-26 13:36:51 +02:00
Peter Krempa
93575f3451 qemu: block: Use correct alias when extracting disk node names
The alias recorded in disk->info.alias is the alias for the frontend
device but we are interested in the backend drive. This messed up the
disk node name extraction code as qemu reports the drive alias in the
block query commands. This was broken in the node name detector
refactoring done in commit 0175dc6ea0

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1494327
2017-09-25 14:38:15 +02:00
Peter Krempa
8b2fd3b148 qemu: block: Don't lookup node names if they are already known
Move the check that skips node name detection if they are already
present earlier so that the hash table lookup is skipped.
2017-09-25 14:38:15 +02:00
Daniel P. Berrange
32d6c7386d Print hex values with '0x' prefix and octal with '0' in debug messages
Seeing a log message saying 'flags=93' is ambiguous & confusing unless
you happen to know that libvirt always prints flags as hex.  Change our
debug messages so that they always add a '0x' prefix when printing flags,
and '0' prefix when printing mode. A few other misc places gain a '0x'
prefix in error messages too.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-09-25 13:34:53 +01:00
Jim Fehlig
b482925c22 apparmor: support ptrace checks
Kernel 4.13 introduced finer-grained ptrace checks

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=v4.13.2&id=290f458a4f16f9cf6cb6562b249e69fe1c3c3a07

With kernel 4.13 and apparmor 2.11, simply starting libvirtd
results in the following apparmor denial

type=AVC msg=audit(1506112085.645:954): apparmor="DENIED"
operation="ptrace" profile="/usr/sbin/libvirtd" pid=6984
comm="libvirtd" requested_mask="trace" denied_mask="trace"
peer="unconfined"

Attempting to start an unconfined domain results in

type=AVC msg=audit(1506112301.227:1112): apparmor="DENIED"
operation="ptrace" profile="/usr/sbin/libvirtd" pid=7498
comm="libvirtd" requested_mask="trace" denied_mask="trace"
peer="/usr/sbin/libvirtd"

And attempting to start a confined domain results in

type=AVC msg=audit(1506112631.408:1312): apparmor="DENIED"
operation="open" profile="virt-aa-helper" name="/etc/libnl/classid"
pid=8283 comm="virt-aa-helper" requested_mask="r" denied_mask="r"
fsuid=0 ouid=0
type=AVC msg=audit(1506112631.530:1319): apparmor="DENIED"
operation="open" profile="virt-aa-helper" name="/etc/libnl/classid"
pid=8289 comm="virt-aa-helper" requested_mask="r" denied_mask="r"
fsuid=0 ouid=0
type=AVC msg=audit(1506112632.186:1324): apparmor="DENIED"
operation="ptrace" profile="/usr/sbin/libvirtd" pid=8342
comm="libvirtd" requested_mask="trace" denied_mask="trace"
peer="libvirt-66154842-e926-4f92-92f0-1c1bf61dd1ff"

Add ptrace rules to allow the trace operations.

Resolves: https://bugzilla.suse.com/show_bug.cgi?id=1058847
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Guido Günther <agx@sigxcpu.org>
2017-09-25 12:03:35 +02:00
Ján Tomko
9eba116817 news: remove kernel version reference from switchdev entry
The functionality was added in 4.8, but due to a rename of
the DEVLINK_CMD_ESWITCH_GET constant in the kernel headers,
the headers from kernel 4.11 are required by the libvirt code.

Remove the reference from the news entry, since it could be
misleading.
2017-09-22 16:01:50 +02:00
Peter Krempa
a5852db182 qemu: capabilities: Remove support for downstream-only QMP monitor backport
Some distros (see diff) chose to backport QMP support rather than rebase
to newer version of qemu. As a hack they added the string 'libvirt' to
the qemu -help output. Remove this as downstream-only hacks should be
carried by downstream and not litter upstream.

This effectively reverts commit ff88cd5905
2017-09-22 14:28:26 +02:00
Jiri Denemark
369199d1a9 qemu: Use qemuDomainDefFormatXML in qemuDomainDefCopy
Because qemuDomainDefCopy needs a string representation of a domain
definition, there's no reason for calling the lower level
qemuDomainDefFormatBuf API.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-22 14:02:59 +02:00
Jiri Denemark
5c4fc07d1a qemu: Fix error checking in qemuDomainDefFormatXMLInternal
virDomainDefFormatInternal (called by qemuDomainDefFormatXMLInternal)
already checks for buffer errors and properly resets the buffer on
failure.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-22 14:02:59 +02:00
Michal Privoznik
8a573f7c0c libvirt_nss.c: Fix typo in aiforaf()
In my previous commit of b1d87f9ad9 I've made a typo breaking
the FreeBSD build. s/ipAaddr/ipAddr/

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-09-22 13:20:35 +02:00
Guido Günther
eba2225bc5 apparmor: delete profile on VM shutdown
instead of only unloading it. This makes sure old profiles don't pile up
in /etc/apparmor.d/libvirt and we get updates to modified templates on
VM restart.

Reviewed-by: Jim Fehlig <jfehlig@suse.com>
2017-09-22 12:32:49 +02:00
Laine Stump
17825e8ae7 util: Fix stack smashing in virNetDevGetFamilyId
After commit 8708ca01c0 libvirtd consistently aborts with "stack
 smashing detected" when nodedev driver is initialized.

This is caused by nlmsg_parse() being told that its array of nlattr*
has CTRL_CMD_MAX (10) entries, when in fact it is declared to have
CTRL_ATTR_MAX (8) entries. Since all the entries are initialized to
NULL, the result is that nlmsg_parse is overwriting 2*(sizof(nlattr*))
bytes outside the array.

Signed-off-by: Laine Stump <laine@laine.org>
Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-09-22 09:17:59 +02:00
Michal Privoznik
b1d87f9ad9 nss: Don't leak @ipAddr
In aiforaf() (which exists only when building for BSD) the
@ipAddr may be leaked.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-09-22 09:06:04 +02:00
John Ferlan
ffdce9b1f1 util: Fix secret generation in virStorageSourceParseRBDColonString
Commit id '5604c056' used the wrong API to generate the
<secret type='%s'..." field. The previous code used the
correct API as was done in commit id '6887af39'. The data
is actually a usage type not an auth type even though the
result is the same.
2017-09-21 15:46:48 -04:00
John Ferlan
2dd024754e util: Move virSecretUsageType to virsecret.h
Move the virSecretUsageType into the util.
2017-09-21 15:46:48 -04:00