Commit Graph

23952 Commits

Author SHA1 Message Date
Michal Privoznik
6d9542e340 qemuFirmwareFetchConfigs: Fix check for @privileged
The qemuFirmwareFetchConfigs() function is supposed to fetch all
firmware descriptions from paths defined by firmware.json
specification. This includes user's $HOME directory. However, it
was agreed that if libvirtd is running as privileged user then
his $HOME is ignored (thus $HOME is included in the search only
for regular users). Well, I got the condition wrong - it should
have been reversed.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2019-03-13 13:11:25 +01:00
Eric Blake
e3e8fa1fb4 qemu: Support topological visits
snapshot_conf does all the hard work, the qemu driver just has to
accept the new flag.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-12 20:46:09 -05:00
Eric Blake
3f91afe020 test: Support topological visits
snapshot_conf does all the hard work, the test driver just has to
accept the new flag.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-12 20:46:09 -05:00
Eric Blake
b647d2195d snapshots: Support topological visits
Wire up support for VIR_DOMAIN_SNAPSHOT_LIST_TOPOLOGICAL in the
domain-agnostic support code.

Clients of snapshot_conf using virDomainSnapshotForEachDescendant()
are using a depth-first visit but with postfix visits of a given
node. Changing this to a prefix visit of the given node instantly
turns this into a topologically-ordered visit.  (A prefix
breadth-first visit would also be topologically sorted, but that
requires a queue while our recursion naturally has a stack).

With that change, we now always have a topological sort for
virDomainSnapshotListAllChildren() regardless of the new public API
flag. Then with one more tweak, we can also get a topological rather
than a faster random hash visit for virDomainListAllSnapshots(), by
doing a descendent walk from our internal metaroot (there, we let the
public API flag control behavior, because a topological sort DOES
require more stack and slightly more time).

Note that virDomainSnapshotForEach() still uses a random hash visit;
we could change that signature to take a tri-state for random, prefix,
or postfix visit if we ever had clients that cared about the
distinctions, but for now, none of the drivers seem to care.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-12 20:46:09 -05:00
Eric Blake
d16e5b15ed snapshots: Add flag to guarantee topological sort
When using virDomainSnapshotCreateXML with the REDEFINE flag on
multiple snapshot metadata XML descriptions, we require that a child
cannot be redefined before its parent.  Since libvirt already tracks a
DAG, it is more convenient if we can ensure that
virDomainListAllSnapshots() and friends have a way to return data in
an order that we can directly reuse, rather than having to
post-process the data ourselves to reconstruct the DAG.

Add VIR_DOMAIN_SNAPSHOT_LIST_TOPOLOGICAL as our new guarantee (well, a
guarantee at the time of the API call conclusion; there's always a
possible TOCTTOU race where someone redefining snapshots in between
the API results and the client actually using the list might render
the list out-of-date). Four listing APIs are directly benefitted by
the new flag; additionally, since we document that the older racy
ListNames interfaces should be sized by using the same flags on their
Num counterparts, the Num interfaces must document when they accept
(and ignore) the flag.

We could have supported the new flag just for the ListAll APIs (to
discourage people from using the older racy Num/ListNames APIs), but
it feels weird to special-case this flag value as being applicable to
only a subset of the API while all other List-related flags are
trivially applicable to all 6.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-12 20:38:53 -05:00
Michal Privoznik
68ade25372 qemu: Enable firmware autoselection
https://bugzilla.redhat.com/show_bug.cgi?id=1564270

Now that everything is prepared for qemu driver we can enable
parser feature to allow users define such domains.

At the same time, introduce bunch of tests to test the feature.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-12 16:09:55 +01:00
Michal Privoznik
d433f3cdd8 qemuDomainDefValidate: Don't require SMM if automatic firmware selection enabled
The firmware selection code will enable the feature if needed.
There's no need to require SMM to be enabled in that case.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2019-03-12 16:05:03 +01:00
Michal Privoznik
43527af27c qemu_process: Call qemuFirmwareFillDomain
When preparing domain call qemuFirmwareFillDomain() to fill in
desired firmware.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2019-03-12 15:29:44 +01:00
Michal Privoznik
804d2003e6 qemu_firmware: Introduce qemuFirmwareFillDomain()
And finally the last missing piece. This is what puts it all
together.

At the beginning, qemuFirmwareFillDomain() loads all possible
firmware description files based on algorithm described earlier.
Then it tries to find description which matches given domain.
The criteria are:

  - firmware is the right type (e.g. it's bios when bios was
    requested in domain XML)
  - firmware is suitable for guest architecture/machine type
  - firmware allows desired guest features to stay enabled (e.g.
    if s3/s4 is enabled for guest then firmware has to support
    it too)

Once the desired description has been found it is then used to
set various bits of virDomainDef so that proper qemu cmd line is
constructed as demanded by the description file. For instance,
secure boot enabled firmware might request SMM -> it will be
enabled if needed.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2019-03-12 15:29:44 +01:00
Michal Privoznik
3c876d2428 qemu_firmware: Introduce qemuFirmwareFetchConfigs
Implementation for yet another part of firmware description
specification. This one covers selecting which files to parse.

There are three locations from which description files can be
loaded. In order of preference, from most generic to most
specific these are:

  /usr/share/qemu/firmware
  /etc/qemu/firmware
  $XDG_CONFIG_HOME/qemu/firmware

If a file is found in two or more locations then the most specific
one is used. Moreover, if file is empty then it means it is
overriding some generic description and disabling it.

Again, this is described in more details and with nice examples
in firmware.json specification (qemu commit 3a0adfc9bf).

However, there's one slight difference - for the root user the
home directory is not searched. This follows rules laid out by
similar look up processes, e.g. PKI x509 certs are not searched
in /root but they are looked for under /home.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2019-03-12 15:29:44 +01:00
Michal Privoznik
8b5b80f4c5 qemu: Introduce basic skeleton for parsing firmware description
The firmware description is a JSON file which follows
specification from qemu.git/docs/interop/firmware.json. The
description file basically says: Firmware file X is {bios|uefi},
supports these targets and machine types, requires these features
to be enabled on qemu cmd line and this is how you put it onto
qemu cmd line.

The firmware.json specification covers more (i.e. how to select
the right firmware) but that will be covered and implemented in
next commits.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-12 15:29:44 +01:00
Michal Privoznik
d947fa8a08 conf: Introduce firmware attribute to <os/>
The idea is that using this attribute users enable libvirt to
automagically select firmware image for their domain. For
instance:

  <os firmware='efi'>
    <type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
    <loader secure='no'/>
  </os>

  <os firmware='bios'>
    <type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
  </os>

(The automagic of selecting firmware image will be described in
later commits.)

Accepted values are 'bios' and 'efi' to let libvirt select
corresponding type of firmware.

I know it is a good sign to introduce xml2xml test case when
changing XML config parser but that will have to come later.
Firmware auto selection is not enabled for any driver just yet so
any xml2xml test would fail right away.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-12 15:29:44 +01:00
Michal Privoznik
d21f89cc1a conf: Introduce VIR_DOMAIN_LOADER_TYPE_NONE
This is going to extend virDomainLoader enum. The reason is that
once loader path is NULL its type makes no sense. However, since
value of zero corresponds to VIR_DOMAIN_LOADER_TYPE_ROM the
following XML would be produced:

  <os>
    <loader type='rom'/>
    ...
  </os>

To solve this, introduce VIR_DOMAIN_LOADER_TYPE_NONE which would
correspond to value of zero and then use post parse callback to
set the default loader type to 'rom' if needed.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-12 15:29:44 +01:00
Michal Privoznik
cdd592553a virDomainLoaderDefParseXML: Allow loader path to be NULL
Except not really. At least for now.

In the future, the firmware will be selected automagically.
Therefore, it makes no sense to require the pathname of a
specific firmware binary in the domain XML. But since it is not
implemented do not really allow the path to be NULL. Only move
code around to prepare it for further expansion.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-12 15:29:43 +01:00
Michal Privoznik
849a0cfef1 qemu_capabilities: Expose qemu <-> libvirt arch translators
In some cases, the string representing architecture is different
in qemu and libvirt. That is the reason why we have
virQEMUCapsArchFromString() and virQEMUCapsArchToString(). So
far, we did not need them outside of qemu_capabilities code, but
this will change shortly. Expose them then.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-12 15:29:43 +01:00
Michal Privoznik
23018c0823 qemu_domain: Separate NVRAM VAR store file name generation
Move the code that (possibly) generates filename of NVRAM VAR
store into a single function so that it can be re-used later.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-12 15:29:43 +01:00
Martin Kletzander
bf8c8755dc resctrl: Fix testing line
Forgot to remove this before pushing.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2019-03-12 09:53:48 +01:00
Martin Kletzander
ceb6725d94 resctrl: Set MBA defaults properly
Similarly to CAT, when you set some values in an group, remove the group and
recreate it, the previous values will be kept there.  In order to not get values
from a previous setting (a previous VM, for example), we need to set them to
sensible defaults.  The same way we do that for CAT, just set the same values as
the default group has.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2019-03-12 09:06:06 +01:00
Martin Kletzander
408aeebcef resctrl: Do not calculate free bandwidth for MBA
For CAT we calculate unallocated parts of the cache, however with MBA this does
not make sense as the purpose of that is to limit the bandwidth and the setting
is only proportional relative to bandwidth settings for other groups.

This means it makes sense to set the values to 100% even if there are other
groups with some allocations and that we don't need to find the available
(unallocated) bandwidth in all the groups.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2019-03-12 09:06:06 +01:00
Andrea Bolognani
186bb479d0 qemu: Allow creating ppc64 guests with graphics and no USB mouse
The existing behavior for ppc64 guests is to always add a USB
keyboard and mouse combo if graphics are present; unfortunately,
this means any attempt to use a USB tablet will cause both pointing
devices to show up in the guest, which in turn will result in poor
user experience.

We can't just stop adding the USB mouse or start adding a USB tablet
instead, because existing applications and users might rely on the
current behavior; however, we can avoid adding the USB mouse if a USB
tablet is already present, thus allowing users and applications to
create guests that contain a single pointing device.

https://bugzilla.redhat.com/show_bug.cgi?id=1683681

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-03-11 09:59:34 +01:00
Andrea Bolognani
ff3f22e0ec qemu: Improve validation for virtio input devices
While the parser and schema have to accept all possible models,
virtio-(non-)transitional models are only applicable to
type=passthrough and should be otherwise rejected.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-03-11 09:53:40 +01:00
Pavel Hrdina
f38ef0fac0 util: skip RDMA detection for non-PCI network devices
Only PCI devices have '/sys/class/net/<ifname>/device/resource' so we
need to skip this check for all other network devices.

Without this patch and RDMA enabled libvirt will not detect any network
device that doesn't have the path above which includes 'lo', 'virbr',
'tun', etc.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1639258

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2019-03-08 16:22:50 +01:00
Pavel Hrdina
e387afeb9a conf: fix title and description for virDomainSetMetadata API
If we pass XML to virDomainDefineXML API with these two elements:

    ...
    <title></title>
    <description></description>
    ...

libvirt correctly ignores these two elements and they will not appear
in the parsed XML.

However, if we use virDomainSetMetadata API and with "" as value for
title or description we will end up with the parsed XML that contains
these empty elements.

Let's fix the behavior of this API to behave the same as
virDomainDefineXML.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1518042

Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2019-03-08 14:59:20 +01:00
Eric Blake
21dd152927 snapshots: Trivial doc improvements
Fix an incorrect @xmlDesc comment, as well as adding more details
about which XML element should be root.

Signed-off-by: Eric Blake <eblake@redhat.com>
2019-03-07 20:52:06 -06:00
Eric Blake
1b57269cbc snapshot: Add virDomainSnapshotObjListParse
Add a new function to make it possible to parse a list of snapshots
at once.  This is a counterpart to an earlier patch making it
possible to produce all snapshots in a single XML string, and
intentionally parses the same top-level element <snapshots> with
an optional attribute current='name'.

Note that since we know we started with no relations at all, and
since checking parent relationships per-snapshot is not viable as
we don't control which order the snapshots appear in, that we are
fine with doing a final pass to update all parent/child
relationships among the definitions.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-07 17:42:07 -06:00
Eric Blake
1e90fa89d1 snapshot: Split out virDomainSnapshotRedefineValidate helper
Pull out the portion of virDomainSnapshotRefinePrep() that deals
with definition sanity into a separate helper routine that can
be reused with bulk redefine, leaving behind only the code
specific to loop checking and in-place updates that are only
needed in single-definition handling.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-07 17:41:51 -06:00
Eric Blake
44a9b872e8 snapshot: Avoid latent use-after-free when cleaning snapshots
Right now, the only callers of qemuDomainSnapshotDiscardAllMetadata()
are right before freeing the virDomainSnapshotObjList, so it did not
matter if the list's metaroot (which points to all the defined root
snapshots) is left inconsistent. But an upcoming patch will want to
clear all snapshots if a bulk redefine fails partway through, in
which case things must be reset.  Make this work by teaching the
existing virDomainSnapshotUpdateRelations() to be safe regardless of
the incoming state of the metaroot (since we don't want to leak that
internal detail into qemu code), then fixing the qemu code to use
it after deleting all snapshots. Additionally, the qemu code must
reset vm->current_snapshot if the current snapshot was removed,
regardless of whether the overall removal succeeded or failed later.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-07 17:40:18 -06:00
Eric Blake
86c0ed6f70 snapshot: Add virDomainSnapshotObjListFormat
Add a new function to output all of the domain's snapshots in one
buffer.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-07 17:31:40 -06:00
Eric Blake
cae6619ad5 snapshot: Refactor virDomainSnapshotDefFormat
Split out an internal helper that produces format into a
virBuffer, similar to what domain_conf.c does, and making
the next patch easier to write.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-07 17:31:40 -06:00
Eric Blake
c502955909 snapshot: Give virDomainSnapshotDefFormat its own flags
virDomainSnapshotDefFormat currently takes two sets of knobs:
an 'unsigned int flags' argument that can currently just be
VIR_DOMAIN_DEF_FORMAT_SECURE, and an 'int internal' argument used as
a bool to determine whether to output an additional element.  It
then reuses the 'flags' knob to call into virDomainDefFormatInternal(),
which takes a different set of flags. In fact, prior to commit 0ecd6851
(1.2.12), the 'flags' argument actually took the public
VIR_DOMAIN_XML_SECURE, which was even more confusing.  Let's borrow
from the style of that earlier commit, by introducing a function
for translating from the public flags (VIR_DOMAIN_SNAPSHOT_XML_SECURE
was just recently introduced) into a new enum specific to snapshot
formatting, and adjust all callers to use snapshot-specific enum
values when formatting, and where the formatter now uses a new
variable 'domainflags' to make it obvious when we are translating
from snapshot flags back to domain flags.  We don't even have to
use the conversion function for drivers that don't accept the
public VIR_DOMAIN_SNAPSHOT_XML_SECURE flag.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-07 17:31:40 -06:00
Eric Blake
1ceb0e9337 qemu: Use virDomainSnapshotState for switch statements
Clean up the previous patch which abused switch on virDomainState
while working with a variable containing virDomainSnapshotState, by
converting the two affected switch statements to now use the right
enum.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-07 17:31:40 -06:00
Eric Blake
f43eb6807e snapshot: Rework virDomainSnapshotState enum
The existing virDomainSnapshotState is a superset of virDomainState,
adding one more state (disk-snapshot) on top of valid domain states.
But as written, the enum cannot be used for gcc validation that all
enum values are covered in a strongly-typed switch condition, because
the enum does not explicitly include the values it is adding to.

Copy the style used in qemu_blockjob.h of creating new enum names
for every inherited value, and update most clients to use the new
enum names anywhere snapshot state is referenced. The exception is
two switch statements in qemu code, which instead gain a fixme
comment about odd type usage (which will be cleaned up in the next
patch). The rest of the patch is fairly mechanical (I actually did
it by temporarily s/state/xstate/ in snapshot_conf.h to let the
compiler find which spots in the code used the field, did the
obvious search and replace in those functions, then undid the rename).

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-07 17:31:40 -06:00
Eric Blake
7ff982f0bc qemu: Const-correct snapshot directory name
qemuDomainSnapshotWriteMetadata does not modify the directory name,
and making it const-correct aids in writing an upcoming patch.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-07 16:57:05 -06:00
Eric Blake
8532ee4a9c qemu: Refactor snapshot check for _LIVE vs. _REDEFINE
The current qemu code rejects the combination of the two flags
VIR_DOMAIN_SNAPSHOT_CREATE_LIVE in tandem with
VIR_DOMAIN_SNAPSHOT_CREATE_REDEFINE, but rather late in the cycle
(after the snapshot was already parsed), and with a rather confusing
message (complaining that live snapshots require external storage,
even if the redefined snapshot already declares external storage).
Hoist the rejection message to occur earlier (before parsing any
XML, which also aids upcoming patches that will implement bulk
redefine), and with a more typical error message about mutually
exclusive flags.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-07 14:48:43 -06:00
John Ferlan
bf72ee049e conf: Remove unnecessary checks in virSecurityLabelDefsParseXML
Failure would have occurred for @ctxt before in callers' other
virXPath calls and @def derefs.

Found by Coverity due to commit 66a508d2 using VIR_XPATH_NODE_AUTORESTORE
to access @ctxt before the if condition. The @def was noted by review.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-07 12:04:58 -05:00
Maxim Kozin
14b6a1854f lxc: Try harder to stop/reboot containers
If shutting down a container via setting the runlevel fails, the
control jumps right onto endjob label and doesn't even try
sending the signal. If flags allow it, we should try both
methods.

Signed-off-by: Maxim Kozin <kolomaxes@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2019-03-07 18:02:51 +01:00
Andrea Bolognani
3d46d4a1bc util: Tweak virStringMatchesNameSuffix()
We can use STRNEQ() instead of STRNEQLEN() since we're only
interested in the trailing part of the string and we've
already verified that the length of file, name and suffix
are those we expect.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
2019-03-07 17:55:33 +01:00
Andrea Bolognani
17eb6fc1b8 util: Make virStringMatchesNameSuffix() return bool
It's a predicate, so bool is the appropriate return type.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
2019-03-07 17:55:31 +01:00
Andrea Bolognani
956817ef49 util: Make virStringStripSuffix() return bool
While this function is not, strictly speaking, a predicate,
it still mostly behaves like one as evidenced by the vast
majority of its callers, so using bool rather than int as
the return type makes sense.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
2019-03-07 17:55:29 +01:00
Andrea Bolognani
fcf78395d7 util: Make virStringHasCaseSuffix() return bool
It's a predicate, so bool is the appropriate return type.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
2019-03-07 17:55:12 +01:00
Viktor Mihajlovski
696239ba6f qemu: Fix query-cpus-fast target architecture detection
Since qemu 2.13 reports the target architecture in a property called
'target' additionally to the property 'arch', that has been used in
qemu 2.12 in the response data of 'query-cpus-fast'.
Libvirts monitor code prefers the 'target' property over 'arch'.

At least for s390(x), target is reported as 's390x' while arch is 's390'.
In a later step a comparison is performed against 's390' which fails for
qemu 2.13 and later.

In consequence the architecture specific data for s390 won't be extracted
from the returned data, leading to incorrect values being reported by
virsh domstats --vcpu.

Changing to check explicitly for 's390' and 's390x'.

Signed-off-by: Viktor Mihajlovski <mihajlov@linux.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
2019-03-07 16:53:12 +01:00
Michal Privoznik
62cb9c335c cpu: Don't access invalid memory in virCPUx86Translate
Problem is that if there are no signatures for a CPU, then we
still allocate cpu->signatures (even though with size 0). Later,
we access cpu->signatures[0] if cpu->signatures is not NULL.

 Invalid read of size 4
    at 0x5F439D7: virCPUx86Translate (cpu_x86.c:2930)
    by 0x5F3C239: virCPUTranslate (cpu.c:927)
    by 0x57CE7A1: qemuProcessUpdateGuestCPU (qemu_process.c:5870)
    ...
  Address 0xf752d40 is 0 bytes after a block of size 0 alloc'd
    at 0x4C30EC6: calloc (vg_replace_malloc.c:711)
    by 0x5DBDE4E: virAllocN (viralloc.c:190)
    by 0x5F3E4FA: x86ModelCopySignatures (cpu_x86.c:990)
    by 0x5F3E60F: x86ModelCopy (cpu_x86.c:1008)
    by 0x5F3E7CB: x86ModelFromCPU (cpu_x86.c:1068)
    by 0x5F4397E: virCPUx86Translate (cpu_x86.c:2922)
    by 0x5F3C239: virCPUTranslate (cpu.c:927)
    by 0x57CE7A1: qemuProcessUpdateGuestCPU (qemu_process.c:5870)
    ...

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2019-03-07 15:30:40 +01:00
Daniel Henrique Barboza
7a686fd2ea qemu_domain: add a PPC64 memLockLimit helper
There is a lot of documentation in the comments about how PPC64 handles
passthrough VFIO devices to calculate the @memLockLimit. And more will
be added with the PPC64 NVLink2 support code.

Let's remove the PPC64 code from qemuDomainGetMemLockLimitBytes()
body and put it into a helper function. This will simplify the
flow of qemuDomainGetMemLockLimitBytes() that handles all the other
platforms and improves readability of the PPC64 specifics.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-03-07 15:23:18 +01:00
Daniel Henrique Barboza
cf7c521287 qemu: domain: Simplify non-VFIO memLockLimit calculation for PPC64
@passthroughLimit is being calculated even if @usesVFIO is false. After
that, an if-else conditional is used to check if we're going to sum it
up with @baseLimit.

This patch initializes @passthroughLimit to zero and always returns
@memKB = @baseLimit + @passthroughLimit. The conditional is then used to
calculate @passthroughLimit if @usesVFIO == true. This results in some
cycles being spared for the @usesVFIO == false scenario, but the real
motivation is to make the code simpler to add an alternative formula to
calculate @passthroughLimit for NVLink2.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-03-07 15:15:02 +01:00
Pavel Hrdina
a6aedcf39b util: enable cgroups v2 cpuset controller for threads
When we create cgroup for qemu threads we need to enable cpuset
controller in order to use it.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2019-03-07 13:44:52 +01:00
Pavel Hrdina
3b72c84ff1 util: implement virCgroupV2(Set|Get)CpusetCpus
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2019-03-07 13:44:52 +01:00
Pavel Hrdina
77c1cf4da2 util: implement virCgroupV2(Set|Get)CpusetMemoryMigrate
Cgroups v2 don't have memory_migrate interface and the migration is
enabled by default.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2019-03-07 13:44:52 +01:00
Pavel Hrdina
74e7da0605 util: implement virCgroupV2(Set|Get)CpusetMems
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2019-03-07 13:44:52 +01:00
Pavel Hrdina
9dadc73029 caps: drop requiredSourceElements from storage pool capabilities
Capabilities should not duplicate data that are obvious from our
documentation and will not change with different QEMU binaries
or the way how we compile libvirt.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2019-03-07 12:01:09 +01:00
Andrea Bolognani
094f29df07 Use virStringHasSuffix() where possible
When dealing with internal paths we don't need to worry about
whether or not suffixes are lowercase since we have full control
over them, which means we can avoid performing case-insensitive
string comparisons.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
2019-03-07 10:10:49 +01:00
Andrea Bolognani
d93b9e8829 util: Add virStringHasSuffix()
This is the case-sensitive counterpart of the existing
virStringHasCaseSuffix() function.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
2019-03-07 10:10:47 +01:00
Andrea Bolognani
b5cc0a7f29 util: Rename virFileMatchesNameSuffix() to virStringMatchesNameSuffix()
Despite its name, this is really just a general-purpose string
manipulation function, so it should be moved to the virstring
module and renamed accordingly.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
2019-03-07 10:10:45 +01:00
Andrea Bolognani
9c5fa79fd7 util: Rename virFileStripSuffix() to virStringStripSuffix()
Despite its name, this is really just a general-purpose string
manipulation function, so it should be moved to the virstring
module and renamed accordingly.

A few trivial whitespace changes are squashed in.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
2019-03-07 10:10:43 +01:00
Andrea Bolognani
2de7dcba7e util: Rename virFileHasSuffix() to virStringHasCaseSuffix()
Despite its name, this is really just a general-purpose string
manipulation function, so it should be moved to the virstring
module and renamed accordingly.

In addition to the obvious s/File/String/, also tweak the name
to make it clear that the presence of the suffix is verified
using case-insensitive comparison.

A few trivial whitespace changes are squashed in.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
2019-03-07 10:08:47 +01:00
Michal Privoznik
ab2e90006d Drop some useless comparisons and checks
In these cases the check that is removed has been done a few
lines above already (as can even be seen in the context). Drop
them.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-03-07 09:22:47 +01:00
Jim Fehlig
4ec3cf9a0f apparmor: Add ptrace and signal rules for named profile
Commit a3ab6d42 changed the libvirtd profile to a named profile
but neglected to accommodate the change in the qemu profile
ptrace and signal rules. As a result, libvirtd is unable to
signal confined qemu processes and hence unable to shutdown
or destroy VMs.

Add ptrace and signal rules that reference the libvirtd profile
by name in addition to full binary path.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Acked-by: Jamie Strandboge <jamie@canonical.com>
2019-03-06 09:51:01 -07:00
John Ferlan
d9bf6cef32 storage: Introduce storageConnectGetStoragePoolCapabilities
https://bugzilla.redhat.com/show_bug.cgi?id=1581670

Create the storage driver code to generate the output for the
storage pool capabilities XML.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2019-03-06 11:12:48 -05:00
John Ferlan
6696155ae6 libvirt: Introduce virConnectGetStoragePoolCapabilities
Introduce the API to expose the storage pool capabilities along
with all the remote munglement required to hook up the client.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2019-03-06 11:12:48 -05:00
John Ferlan
3b1988f3e3 conf: Add storage pool capability formatting
Add support to format the storage pool capabilities using
the virStoragePoolTypeInfoPtr to determine what capabilities
exist for the various pools and the driver capabilities to
determine whether the pool is compiled in and supported.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2019-03-06 11:12:48 -05:00
John Ferlan
642c06fd63 storage: Process storage pool capabilities
https://bugzilla.redhat.com/show_bug.cgi?id=1581670

During storage driver backend initialization, let's save
which backends are available in the storage pool capabilities.

In order to format those, we need add a connectGetCapabilities
processor to the storageHypervisorDriver. This allows a storage
connection, such as "storage:///system" to find the API and
format the results, such as:

  virsh -c storage:///system capabilities

  <capabilities>

    <pool>
      <enum name='type'>
        <value>dir</value>
        <value>fs</value>
        <value>netfs</value>
        <value>logical</value>
        <value>iscsi</value>
        <value>iscsi-direct</value>
        <value>scsi</value>
        <value>mpath</value>
        <value>disk</value>
        <value>rbd</value>
        <value>sheepdog</value>
        <value>gluster</value>
        <value>zfs</value>
      </enum>
    </pool>

  </capabilities>

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2019-03-06 11:12:48 -05:00
John Ferlan
05fe03505a conf: Introduce storage pool functions into capabilities
Introduce the bare bones functions to processing capability
data for the storage driver.

Since there will be no need for the <host> output, we need
to filter that data.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2019-03-06 11:12:48 -05:00
John Ferlan
538b83ae68 conf: Remove defaultFormat from VIR_STORAGE_POOL_ZFS
The ZFS pool is documented as not using pool format types, so remove
the defaultFormat value.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2019-03-06 11:12:48 -05:00
John Ferlan
08af6ca362 conf: Remove volOptions for VIR_STORAGE_POOL_MPATH
The multipath pool is documented as not using the volume type,
so let's just remove it.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2019-03-06 11:12:48 -05:00
John Ferlan
85f574600a conf: Remove volOptions for VIR_STORAGE_POOL_ISCSI[_DIRECT]
The iscsi and iscsi-direct pools are documented as not using
the volume type, so let's just remove it. Besides it would
have produced bad output since formatting uses the Disk types.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2019-03-06 11:12:48 -05:00
John Ferlan
d893ce1574 conf: Remove volOptions for VIR_STORAGE_POOL_SCSI
The scsi pool is documented as not using the volume type,
so let's just remove it.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2019-03-06 11:12:48 -05:00
John Ferlan
035db37394 conf: Remove volOptions for VIR_STORAGE_POOL_RBD
The rbd pool is documented as not using the volume type,
so let's just remove it.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2019-03-06 11:12:48 -05:00
John Ferlan
4ad00278f6 conf: Remove volOptions for VIR_STORAGE_POOL_SHEEPDOG
The sheepdog pool is documented as not using the volume type,
so let's just remove it.  Besides it would have produced bad
results since the defaultType is FILE but the formatting used
the Disk types.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2019-03-06 11:12:48 -05:00
Peter Krempa
66a508d2cc conf: domain: Use VIR_XPATH_NODE_AUTORESTORE where appropriate
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-06 15:53:53 +01:00
Peter Krempa
933f136844 conf: Move XPath context node in descendants of virSysinfoParseXML
Rather than moving the XPath root node in the caller and then still
passing it down, make sure that the callees move the node themselves.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-06 15:53:53 +01:00
Peter Krempa
8f6ac3b740 conf: domain: Use VIR_AUTOCLEAN(virBuffer) where appropriate
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-06 15:53:53 +01:00
Peter Krempa
dc87a715ee conf: Use virXMLFormatElement in virDomainDefFormatFeatures
Remove logic necessary to figure out whether to format the 'features'
element by using virXMLFormatElement.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-06 15:53:53 +01:00
Peter Krempa
4653ae65af conf: Refactor formating of 'capabilities' features
Use virXMLFormatElement for the formatting which allows us to avoid
looking through the array to see if any feature is enabled.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-06 15:53:53 +01:00
Peter Krempa
89dda12b8d conf: Avoid formatting empty <capabilities> element
If none of the 'capabilities' features are enabled we'd still format the
opening and closing tag for the <capabilities element.

The implementation is suboptimal but will be refactored for a better
approach. This is done prior to the refactor to show that tests are not
impacted.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-06 15:53:53 +01:00
Peter Krempa
c7637521d6 conf: Avoid extra scope when formatting 'smm' feature
Use an early break and remove the temporary variable.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-06 15:53:53 +01:00
Peter Krempa
d1164bfdca conf: Avoid extra set of temp buffers in virDomainDefFormatFeatures
Use the top level set of temp buffers to do the job.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-06 15:53:53 +01:00
Peter Krempa
dc29a46777 conf: Simplify lifecycle of temp buffers in virDomainDefFormatFeatures
Use VIR_AUTOCLEAN to avoid leaking the buffer on error path and get rid
of resetting mid loop since virXMLFormatElement does the reset
internally.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-06 15:53:53 +01:00
Peter Krempa
e0b3e4e11c conf: Remove impossible error in virDomainDefFormatFeatures
'i' is always in range of the enum, thus the name is always populated by
virDomainFeatureTypeToString.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-06 15:53:52 +01:00
Peter Krempa
21dd762de8 conf: Rename temp buffers in virDomainDefFormatFeatures
These buffers are used temporarily for some of the partial formatters
but not globally. Prefix the name with 'tmp' to be explicit.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-06 15:53:52 +01:00
Peter Krempa
4c85929a73 conf: Refactor control flow in virDomainDefFormatFeatures
Use an early return to avoid one level of nesting scopes.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-06 15:53:52 +01:00
Peter Krempa
c3878c94f4 conf: Split out domain features formatting from virDomainDefFormatInternal
Pure code motion of code for formatting domain features to a function
called virDomainDefFormatFeatures. Best viewed with the '--patience'
option for git show.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-06 15:53:52 +01:00
Peter Krempa
a0585301cd conf: refactor formatting of 'blkiotune' from virDomainDefFormatInternal
Split out the code into a separate function named
virDomainDefFormatBlkiotune and use virXMLFormatElement.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-06 15:53:52 +01:00
Peter Krempa
b6f32c9ec2 conf: Refactor virDomainHubDefFormat
Use virXMLFormatElement to format the internals along with simplifying
cleanup code paths.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-06 15:53:52 +01:00
Peter Krempa
1fb4c01a8e conf: Refactor virDomainInputDefFormat
Use virXMLFormatElement to format the internals along with simplifying
cleanup code paths.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-06 15:53:52 +01:00
Peter Krempa
af993b172c conf: Refactor formatting of 'driver' in virDomainRNGDefFormat
Use virXMLFormatElement to format the internals along with simplifying
cleanup code paths.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-06 15:53:52 +01:00
Peter Krempa
bc817ddfdd conf: Refactor virDomainPanicDefFormat
Use virXMLFormatElement to format the internals along with simplifying
cleanup code paths.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-06 15:53:52 +01:00
Peter Krempa
4a08acd77e conf: Refactor virDomainWatchdogDefFormat
Use virXMLFormatElement to format the internals along with simplifying
cleanup code paths.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-06 15:53:51 +01:00
Peter Krempa
afc47b7785 conf: Refactor virDomainMemballoonDefFormat
Use virXMLFormatElement to format the internals along with simplifying
cleanup code paths.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-06 15:53:51 +01:00
Peter Krempa
6b8a31e26c conf: Use virXMLFormatElement in virDomainControllerDefFormat
Refactor the function to use the XML formatting aid and use automatic
cleaning to simplify the control flow.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-06 15:53:51 +01:00
Peter Krempa
53c11edef9 conf: Use virXMLFormatElement in virDomainControllerDriverFormat
Refactor adding of the controller <driver> element.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-06 15:53:51 +01:00
Peter Krempa
5a690f695f util: xml: Enforce return value check from virXMLFormatElement
The function does not transfer errors from 'attrBuf' and 'childBuf'
arguments into 'buf', but rather reports them right away, thus we need
to make sure that it's always checked.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-06 15:53:51 +01:00
Jiri Denemark
a1dec315c9 qemu: Don't set migration caps when changing postcopy bandwidth
The qemuMigrationParamsApply internal API was designed to apply all
migration parameters and capabilities before we start to migrate a
domain. While migration parameters are only passed to QEMU when we
explicitly want to set a specific value, capabilities are always either
enabled or disabled.

Thus when this API is called outside migration job, e.g., via a call to
qemuDomainMigrateSetMaxSpeed with VIR_DOMAIN_MIGRATE_MAX_SPEED_POSTCOPY
flag, we would call migrate-set-capabilities and disable all
capabilities. However, changing capabilities while migration is already
running does not make sense and our code should never be trying to do
so. In fact QEMU even reports an error if migrate-set-capabilities is
called during migration and qemuDomainMigrateSetMaxSpeed would fail
with:

    internal error: unable to execute QEMU command
    migrate-set-capabilities: There's a migration process in progress

With this patch qemuMigrationParamsApply never tries to call
migrate-set-capabilities outside of migration job. When the capabilities
bitmap is all zeros (which is its initial value after
qemuMigrationParamsNew), we just skip the command. But when any
capability bit is set to 1 by a non-migration job, we report an error to
highlight a bug in our code.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
2019-03-06 13:57:25 +01:00
Christian Ehrhardt
f2cbb94eab
security: aa-helper: gl devices in sysfs at arbitrary depth
Further testing with more devices showed that we sometimes have a
different depth of pci device paths when accessing sysfs for device
attributes.

But since the access is limited to a set of filenames and read only it
is safe to use a wildcard for that.

Related apparmor denies - while we formerly had only considered:
apparmor="DENIED" operation="open"
  name="/sys/devices/pci0000:00/0000:00:02.1/uevent"
  requested_mask="r"

We now also know of cases like:
apparmor="DENIED" operation="open"
  name="/sys/devices/pci0000:00/0000:00:03.1/0000:1c:00.0/uevent"
  requested_mask="r"

Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1817943

Acked-by: Jamie Strandboge <jamie@canonical.com>
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2019-03-06 11:31:39 +01:00
Christian Ehrhardt
00fbb9e516
security: aa-helper: nvidia rules for gl devices
Further testing with different devices showed that we need more rules
to drive gl backends with nvidia cards. Related denies look like:

apparmor="DENIED" operation="open"
  name="/usr/share/egl/egl_external_platform.d/"
  requested_mask="r"
apparmor="DENIED" operation="open"
  name="/proc/modules"
  requested_mask="r"
apparmor="DENIED" operation="open"
  name="/proc/driver/nvidia/params"
  requested_mask="r"
apparmor="DENIED" operation="mknod"
  name="/dev/nvidiactl"
  requested_mask="c"

Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1817943

Acked-by: Jamie Strandboge <jamie@canonical.com>
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2019-03-06 11:29:55 +01:00
Michal Privoznik
07a9c8bae8 Revert "Separate out StateAutoStart from StateInitialize"
https://bugzilla.redhat.com/show_bug.cgi?id=1685151

This reverts commit e4a969092b.

Now that drivers may call virConnectOpen() on secondary drivers, it
doesn't make much sense to have autostart separated from driver
initialization callback. In fact, it creates a problem because one
driver during its initialization might try to fetch an object from
another driver but since the object is yet to be autostarted the fetch
fails. This has been observed in reality: qemu driver performs
qemuProcessReconnect() during qemu's stateInitialize phase which may
call virDomainDiskTranslateSourcePool() which connects to the storage
driver to look up the volume. But the storage driver did not autostart
its pools yet therefore volume lookup fails and the domain is killed.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-06 10:20:31 +01:00
Michal Privoznik
fc380c2e01 Revert "virStateDriver - Separate AutoStart from Initialize"
https://bugzilla.redhat.com/show_bug.cgi?id=1685151

This reverts commit cefb97fb81.

The stateAutoStart callback will be removed in the next commit.
Therefore move autostarting of domains, networks and storage
pools back into stateInitialize callbacks.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-06 10:20:31 +01:00
Michal Privoznik
31c3c35c94 bhyve: Move autostarting of domains into bhyveStateInitialize
The stateAutoStart callback will go away shortly. Therefore, move
the autostart call into state initialize callback.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-06 10:20:31 +01:00
Michal Privoznik
c6266ddb02 daemon: Register secret driver before storage driver
The order in which drivers are registered is important because
their stateInitialize and stateAutoStart callback are called in
that order. Well, stateAutoStart is going away and therefore if
there is some dependency between two drivers (e.g. when
initializing storage driver expects secret driver to be available
already), the registration of such drivers must happen in correct
order.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-06 10:20:31 +01:00
Jiri Denemark
367d96a5d6 cpu_map: Add more signatures for Skylake-Client CPU models
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-05 14:47:49 +01:00
Jiri Denemark
4ff74a806a cpu_map: Add more signatures for Broadwell CPU models
This fixes several CPUs which were incorrectly detected as
Skylake-Client.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-05 14:47:49 +01:00
Jiri Denemark
e58ca588cc cpu_map: Add more signatures for Haswell CPU models
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-05 14:47:49 +01:00
Jiri Denemark
194105fef1 cpu_map: Add more signatures for IvyBridge CPU models
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-05 14:47:49 +01:00
Jiri Denemark
4a3c3682f3 cpu_map: Add more signatures for SandyBridge CPU models
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-05 14:47:49 +01:00
Jiri Denemark
e89f877214 cpu_map: Add more signatures for Westmere CPU model
This fixes several CPUs which were incorrectly detected as a different
CPU model.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-05 14:47:49 +01:00
Jiri Denemark
f349f3c53f cpu_map: Add more signatures for Nehalem CPU models
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-05 14:47:49 +01:00
Jiri Denemark
0a09e59457 cpu_map: Add more signatures for Penryn CPU model
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-05 14:47:49 +01:00
Jiri Denemark
c1f6a3269c cpu_map: Add more signatures for Conroe CPU model
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-05 14:47:49 +01:00
Jiri Denemark
61be05a00f cpu_map: Add hex representation of signatures
The family/model numbers are nice for humans or for comparing with
/proc/cpuinfo, but sometimes there's a need to see the CPUID
representation of the signature. Let's add it into a comment for each
signature in out cpu_map XMLs as the conversion is not exactly
straightforward.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-05 14:47:49 +01:00
Jiri Denemark
661307b4b2 cpu_x86: Add virCPUx86DataGetSignature for tests
The function exports the functionality of x86DataToSignatureFull and
x86MakeSignature to the test suite.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-05 14:47:49 +01:00
Jiri Denemark
793a9293ca qemu_capabilities: Use virQEMUCapsGetCPUModelInfo
Most places in qemu_capabilities.c which call virQEMUCapsGetHostCPUData
actually need qemuMonitorCPUModelInfoPtr from QEMU caps. Let's use the
wrapper introduced in the previous commit instead.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-05 14:47:49 +01:00
Jiri Denemark
8aa47cc072 qemu_capabilities: Introduce virQEMUCapsGetCPUModelInfo
This is a simple wrapper around virQEMUCapsGetHostCPUData usable in
tests for getting qemuMonitorCPUModelInfoPtr from QEMU caps.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-05 14:47:49 +01:00
Jiri Denemark
30e4faac2f qemu_capabilities: Inroduce virQEMUCapsGetCPUModelX86Data
The code for transforming qemuMonitorCPUModelInfo data from QEMU into
virCPUDefPtr consumable by virCPU* APIs was hidden inside
virQEMUCapsInitCPUModelX86. This patch moves it into a new function to
make it usable in tests.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-05 14:47:49 +01:00
Jiri Denemark
5ced12dece cpu_x86: Log decoded CPU model and signatures
The log message may be useful when debugging why a specific CPU model
was selected for a given set of CPUID data.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-05 14:40:37 +01:00
Jiri Denemark
dfeb3e5984 cpu_x86: Allow multiple signatures for a CPU model
CPU signatures in the cpu_map serve as a hint for CPUID to CPU model
matching algorithm. If the CPU signatures matches any CPU model in the
cpu_map, this model will be the preferred one.

This works out well and solved several mismatches, but in real world
CPUs which should match a single CPU model may be produced with several
different signatures. For example, low voltage Broadwell CPUs for
laptops and Broadwell CPUs for servers differ in CPU model numbers while
we should detect them all as Broadwell CPU model.

This patch adds support for storing several signatures for a single CPU
model to make this hint useful for more CPUs. Later commits will provide
additional signatures for existing CPU models, which will correct some
results in our CPU test suite.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-05 14:39:15 +01:00
Jiri Denemark
b07b8b7750 cpu_x86: Store CPU signature in an array
In preparation for storing several CPU signatures in a single CPU model,
we need to turn virCPUx86Model's signature into an array of signatures.

The parser still hardcodes the number of signatures to 1, but the
following patch will drop this limit.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-05 14:39:01 +01:00
Jiri Denemark
2254c1cfb8 cpu_x86: Add x86ModelCopySignatures helper
Introduce a helper for copying CPU signature between two CPU models.

It's not very useful until the way we store signatures is changed in the
next patch.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-05 14:38:52 +01:00
Jiri Denemark
8d7245441a cpu_x86: Make sure CPU model names are unique in cpu_map
Having multiple CPU model definitions with the same name could result in
unexpected behavior.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-05 14:38:50 +01:00
Jiri Denemark
8d249df9c9 cpu_x86: Separate feature list parsing from x86ModelParse
The code is separated into a new x86ModelParseFeatures function.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-05 14:38:50 +01:00
Jiri Denemark
232266839c cpu_x86: Separate vendor parsing from x86ModelParse
The code is separated into a new x86ModelParseVendor function.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-05 14:38:50 +01:00
Jiri Denemark
fe78d2fda9 cpu_x86: Separate signature parsing from x86ModelParse
The code is separated into a new x86ModelParseSignature function.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-05 14:38:50 +01:00
Jiri Denemark
2e1e2b910c cpu_x86: Separate ancestor model parsing from x86ModelParse
The code is separated into a new x86ModelParseAncestor function.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-05 14:38:50 +01:00
Erik Skultety
26adfe7596 Fix the recent CI build failures
After commits e2087c2 and ec0793de older GCC started act very smart and
complain about potentially uninitialized variable, which existed prior
to these patches + even if the affected vars were left uninitialized the
function responsible for filling them in would have failed with NULL
being returned which the caller has always handled carefully.
Although GCC complained only about a single variable, let's initialize
all of them so as to prevent any further potential breakages.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2019-03-05 10:07:28 +01:00
Cole Robinson
aa42d364a5 qemu: domcaps: Report disk <enum name="model">
This generates new XML like:

    <disk>
      <enum name='model'>
        <value>virtio</value>
        <value>virtio-transitional</value>
        <value>virtio-non-transitional</value>
      </enum>
    </disk>

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-03-04 11:08:41 -05:00
Cole Robinson
448a094717 qemu: Support scsi controller model=virtio-{non-}transitional
Add <controller type='scsi' model handling for virtio transitional
devices. Ex:

  <controller type='scsi' model='virtio-transitional'/>

* "virtio-transitional" maps to qemu "virtio-scsi-pci-transitional"
* "virtio-non-transitional" maps to qemu "virtio-scsi-non-transitional"

The naming here doesn't match the pre-existing model=virtio-scsi.
The prescence of '-scsi' there seems kind of redundant as we have
type='scsi' already, so I decided to follow the pattern of other
patches and use virtio-transitional etc.

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-03-04 11:08:41 -05:00
Cole Robinson
47f94f4591 qemu: Support virtio-serial controller model=virtio-{non-}transitional
Add controller type='virtio-serial' model handling for virtio
transitional devices. Ex:

  <controller type='virtio-serial' model='virtio-transitional'/>

* "virtio-transitional" maps to qemu "virtio-serial-pci-transitional"
* "virtio-non-transitional" maps to qemu "virtio-serial-pci-non-transitional"

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-03-04 11:08:41 -05:00
Cole Robinson
90fd9bd989 qemu: Support input model=virtio-{non-}transitional
Add <input> model handling for virtio transitional devices. Ex:

  <input type='passthrough' bus='virtio' model='virtio-transitional'>
    ...
  </input>

* "virtio-transitional" maps to qemu "virtio-input-host-pci-transitional"
* "virtio-non-transitional" maps to qemu "virtio-input-host-non-transitional"

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-03-04 11:08:41 -05:00
Cole Robinson
2593a1bd1a conf: Add <input model='virtio-{non-}transitional'/>
<input> devices lack the model= attribute which is used by
most other device types. To eventually support
virtio-input-host-pci-{non-}traditional in qemu, let's add
a standard model= attribute. This just adds the domain_conf
wiring

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-03-04 11:08:41 -05:00
Cole Robinson
6e64899284 qemu: Support vsock model=virtio-{non-}transitional
Add <vsock> model handling for virtio transitional devices. Ex:

  <vsock model='virtio-transitional'>
    ...
  </vsock>

* "virtio-transitional" maps to qemu "vhost-vsock-pci-transitional"
* "virtio-non-transitional" maps to qemu "vhost-vsock-pci-non-transitional"

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-03-04 11:08:41 -05:00
Cole Robinson
0f5958f5c5 qemu: Support memballoon model=virtio-{non-}transitional
Add new <memballoon> model values for virtio transitional devices. Ex:

  <memballoon model='virtio-transitional'/>

* "virtio-transitional" maps to qemu "virtio-balloon-pci-transitional"
* "virtio-non-transitional" maps to qemu "virtio-balloon-pci-non-transitional"

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-03-04 11:08:41 -05:00
Cole Robinson
62eef965ba qemu: Support filesystem model=virtio-{non-}transitional
Add <filesystem> model handling for virtio transitional devices. Ex:

  <filesystem type='mount' model='virtio-transitional'>
    ...
  </filesystem

* "virtio-transitional" maps to qemu "virtio-9p-pci-transitional"
* "virtio-non-transitional" maps to qemu "virtio-9p-pci-non-transitional"

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-03-04 11:08:41 -05:00
Cole Robinson
947448e212 conf: Add <filesystem model='virtio-{non-}transitional'/>
<filesystem> devices lack the model= attribute which is used by
most other device types. To eventually support
virtio-9p-pci-{non-}traditional in qemu, let's add a standard
model= attribute. The accepted values are:

- virtio
- virtio-transitional
- virtio-non-transitional

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-03-04 11:08:41 -05:00
Cole Robinson
e063707556 qemu: Support rng model=virtio-{non-}transitional
Add new <rng> model values for virtio transitional devices. Ex:

  <rng model='virtio-transitional'>
    ...
  </rng>

* "virtio-transitional" maps to qemu "virtio-rng-pci-transitional"
* "virtio-non-transitional" maps to qemu "virtio-rng-pci-non-transitional"

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-03-04 11:08:41 -05:00
Cole Robinson
37f75d56da qemu: Support hostdev model=virtio-{non-}transitional
Add <hostdev> protocol=vhost model handling for virtio transitional
devices. Ex:

  <hostdev mode='subsystem' type='scsi_host' model='virtio-transitional'>
    <source protocol='vhost' wwpn=X/>
  </hostdev>

* "virtio-transitional" maps to qemu "vhost-scsi-pci-transitional"
* "virtio-non-transitional" maps to qemu "vhost-scsi-pci-non-transitional"

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-03-04 11:08:40 -05:00
Cole Robinson
ef41ff4219 conf: Add <hostdev model='virtio-{non-}transitional'/>
qemu vhost-scsi devices map to XML roughly like:

    <hostdev mode='subsystem' type='scsi_host'>
      <source protocol='vhost' wwpn=X/>
    </hostdev>

To support vhost-scsi-pci-{non-}traditional in qemu, we
need to to extend the SCSI Host hostdev XML to handle
model= value. This matches the XML model= format used
for mediated devices. This is just the domain_conf bits
and some XML test cases.

Use of virtio-X naming here does not match the hostdev
protocol=vhost nor does it match the qemu vhost-X device
naming, however it's more consistent with all other
model= names in this area, and also matches the
inconsistency of <vsock> devices which use model=virtio
but map to vhost-vsock on the qemu commandline

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-03-04 11:08:40 -05:00
Cole Robinson
4d964373b5 qemu: Support interface model=virtio-{non-}transitional
Add new <interface> model handling for virtio transitional devices. Ex:

<interface>
  <model type='virtio-transitional'/>
</interface>

* "virtio-transitional" maps to qemu "virtio-net-pci-transitional"
* "virtio-non-transitional" maps to qemu "virtio-net-pci-non-transitional"

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-03-04 11:08:40 -05:00
Cole Robinson
239b535d99 qemu: Support disk model=virtio-{non-}transitional
Add new <disk> model values for virtio transitional devices. When
combined with bus='virtio':

* "virtio-transitional" maps to qemu "virtio-blk-pci-transitional"
* "virtio-non-transitional" maps to qemu "virtio-blk-pci-non-transitional"

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-03-04 11:08:40 -05:00
Cole Robinson
25d05051b3 conf: Add <disk model='virtio-{non-}transitional'/>
<disk> devices lack the model= attribute which is used by
most other device types. bus= mostly acts as one, but it
serves other purposes too like determing what target=
prefix to use, and for matching against controller type=
values.

Extending bus= to handle additional virtio transitional
devices will complicate apps lives, and it isn't a clean
mapping anyways. So let's bite the bullet and add a new
<disk model=X/> attribute, and wire up common handling
for virtio and virtio-{non-}transitional

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-03-04 11:08:40 -05:00
Cole Robinson
f15111f65c qemu: capabilities: Add virtio/vhost {non-}transitional
Add a single QEMU_CAPS_VIRTIO_PCI_TRANSITIONAL that
will be set if any of the following qemu devices are found:

    virtio-blk-pci-transitional
    virtio-blk-pci-non-transitional
    virtio-net-pci-transitional
    virtio-net-pci-non-transitional
    vhost-scsi-pci-transitional
    vhost-scsi-pci-non-transitional
    virtio-rng-pci-transitional
    virtio-rng-pci-non-transitional
    virtio-9p-pci-transitional
    virtio-9p-pci-non-transitional
    virtio-balloon-pci-transitional
    virtio-balloon-pci-non-transitional
    vhost-vsock-pci-transitional
    vhost-vsock-pci-non-transitional
    virtio-input-host-pci-transitional
    virtio-input-host-pci-non-transitional
    virtio-scsi-pci-transitional
    virtio-scsi-pci-non-transitional
    virtio-serial-pci-transitional
    virtio-serial-pci-non-transitional

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-03-04 11:08:40 -05:00
Cole Robinson
b3b108a2dd qemu: command: Add qemuCaps to BuildVirtioStr
It will be used in future patches

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-03-04 11:08:40 -05:00
Michal Privoznik
e896947350 virDomainDiskTranslateSourcePool: Don't set @mode of iscsi-direct
https://bugzilla.redhat.com/show_bug.cgi?id=1658504

This function is called when a domain is starting up (in qemu
driver that is when qemu cmd line is generated). It is used to
translate <disk type='volume'/> to something usable by filling in
virStorageSource (e.g. fetching disk path, or some connection URI
for a network FS). But some of these info are not stored in
status XML and thus the function is called on
qemuProcessReconnect too to reconstruct runtime data. But this
poses a problem because after the first run the mode is set to
'direct', but in the second run this triggers a failure because
mode is valid only for 'iscsi' volumes and not 'iscsi-direct'
ones.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-03-04 16:54:11 +01:00
John Ferlan
269d9c1aca conf: Rework virDomainKeyWrapDefParseXML
Rewrite the code to make usage of some VIR_AUTOFREE logic.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-03-04 07:09:06 -05:00
John Ferlan
226d069ee4 conf: Clean up some unnecessary goto paths
Now that we're using VIR_AUTOFREE there's quite a bit of clean up
possible for now unnecessary goto paths.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-03-04 07:09:06 -05:00
John Ferlan
145dc7dd8e conf: Use VIR_AUTOUNREF in domain_conf
Let's make use of the auto __cleanup capabilities for virObjectUnref
consumers.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2019-03-04 07:09:06 -05:00
John Ferlan
c9b1b443a1 conf: Use VIR_AUTOFREE in domain_conf
Let's make use of the auto __cleanup capabilities for VIR_FREE consumers.
In some cases adding or removing blank lines for readability.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-03-04 07:09:06 -05:00
John Ferlan
746be2a526 conf: Remove a few unused variables in domain_conf
In preparation for VIR_AUTOFREE usage, let's remove a couple
of unused variables so that clang compilations won't fail.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-03-04 07:09:06 -05:00
John Ferlan
ec0793ded4 conf: Clean up some unnecessary goto paths
Now that we're using VIR_AUTOPTR(virBitmap) there's a couple of methods
that we can clean up some now unnecessary goto paths.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-03-04 07:09:06 -05:00
John Ferlan
e2087c2955 conf: Use VIR_AUTOPTR(virBitmap) in domain_conf
Let's make use of the auto __cleanup capabilities for virBitmapPtr.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-03-04 07:09:06 -05:00
John Ferlan
6c2e8566f8 conf: Rework virDomainEmulatorPinDefParseXML
In preparation for using auto free mechanism, change to using the
VIR_STEAL_PTR on @def to @ret and of course be sure to properly clean
up @def in cleanup.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-03-04 07:09:06 -05:00
Peter Krempa
b6aacfc435 qemu: Use VIR_XPATH_NODE_AUTORESTORE when XPath context is modified
Use the new helper when moving around the current node of the XPath
context.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-04 13:04:20 +01:00
Peter Krempa
23ab209272 util: XML: Introduce automatic reset of XPath's current node
Quite a few parts modify the XPath context current node to shift the
scope and allow easier queries. This also means that the node needs
to be restored afterwards.

Introduce a macro based on 'VIR_AUTOCLEAN' which adds a local structure
on the stack remembering the original node along with a function which
will make sure that the node is reset when the local structure leaves
scope.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-04 13:04:20 +01:00
Peter Krempa
786f47414d util: alloc: Clarify docs for VIR_DEFINE_AUTOCLEAN_FUNC
Document that @func must take pointer to @type.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-04 13:04:20 +01:00
Peter Krempa
0278c77da8 util: object: Reset pointer when unrefing object in virObjectAutoUnref
The helper function is used by the VIR_AUTOUNREF macro. Prior art is to
clear the pointer even if the variable goes out of scope.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-04 13:04:20 +01:00
Peter Krempa
9ca7ca3d9f util: alloc: Note that VIR_AUTOPTR/VIR_AUTOCLEAN must not be used with vectors
We'd free only the first element of the vector leaking the rest.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-03-04 13:04:20 +01:00
Peter Krempa
cf3c525a45 util: string: Remove the 'virString' type
We don't need it as there's a separate macro for auto-freeing of string
lists.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-03-04 13:04:20 +01:00
Peter Krempa
bd734bbbce util: string: Use VIR_AUTOSTRINGLIST instead of VIR_AUTOPTR(virString)
Use of VIR_AUTOPTR and virString is confusing as it's a list and not a
single pointer. Replace it by VIR_AUTOSTRINGLIST as string lists are
basically the only sane NULL-terminated list we can have.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-03-04 13:04:20 +01:00
Peter Krempa
daefda165b util: string: Introduce macro for automatic string lists
Similar to VIR_AUTOPTR, VIR_AUTOSTRINGLIST defines a list of strings
which will be freed if the pointer is leaving scope.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-03-04 13:04:20 +01:00
John Ferlan
24c4fab8ec util: Use VIR_AUTOUNREF for virstoragefile
Let's make use of the auto __cleanup capabilities cleaning up any
now unnecessary goto paths.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-03-04 06:52:50 -05:00
Eric Blake
3926d0aa49 qemu: Fix snapshot redefine vs. domain state bug
The existing qemu snapshot code has a slight bug: if the domain
is currently pmsuspended, you can't use the _REDEFINE flag even
though the current domain state should have no bearing on being
able to recreate metadata state; and conversely, you can use the
_REDEFINE flag to create snapshot metadata claiming to be
pmsuspended as a bypass to the normal restrictions that you can't
create an original qemu snapshot in that state (the restriction
against pmsuspend is specific to qemu, rather than part of the
driver-agnostic snapshot_conf code).

Fix this by checking the snapshot state (when redefining) instead
of the domain state (which is a subset of snapshot states).

Fixes the second problem mentioned in https://bugzilla.redhat.com/1680304

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-03-01 08:23:31 -06:00
Jiri Denemark
5de5432e34 storage: Fix iscsi-direct volume size for volumes > 4GiB
Both block_size and nb_block are unit32_t and multiplying them overflows
at 4GiB.

Moreover, the iscsi_*10_* APIs use 32bit number of blocks and thus they
can only address images up to 2TiB with 512B blocks. Let's use 64b
iscsi_*16_* APIs instead.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2019-02-28 16:07:53 +01:00
Michal Privoznik
bf5cf610f2 virISCSIDirectRefreshVol: Don't clear volumes in each run
When fetching LUNs from iscsi server the
virISCSIDirectReportLuns() is called. This function does some
libiscsi calls and then calls virISCSIDirectRefreshVol() over
each LUN found. It's unfortunate that the latter calls
virStoragePoolObjClearVols() as we lose all LUNs processed
in previous iterations.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2019-02-28 15:55:48 +01:00
Michal Privoznik
290383cb2f iscsi_direct: Reset pool capacity and allocation just before refresh
Jirka reported a bug that with every 'virsh pool-refresh' an
iscsi-direct pool would grow and grow. The problem is that
virISCSIDirectRefreshVol() only adds to def->capacity and
def->allocation but nothing clears it out to begin with.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2019-02-28 13:55:38 +01:00
Eric Blake
33a07b8e41 snapshot: Improve message for VIR_ERR_INVALID_DOMAIN_SNAPSHOT
For consistency with other error messages, and the fact that
the object is always called a virDomainSnapshot rather than
a mere virSnapshot, include the word "domain" in the error
message.

Suggested-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-02-27 14:21:10 -06:00
Eric Blake
438ff36317 domain: Document VIR_DOMAIN_XML_MIGRATABLE
Commit 28f8dfdc (1.0.0) added a flag to virDomainGetXMLDesc, but
failed to document its effects.  And considering that the
MIGRATABLE flag has been the source of past bugs (CVE-2014-7823,
fixed in commit b1674ad5 (1.2.11), or even cf2d4c60 (1.2.13) where
flag mismatch broke virsh edit), make the wording wishy-washy
enough to discourage using the flag casually, by mentioning that
the resulting XML is more for internal use than for validation
against the schema.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-02-27 13:39:30 -06:00
Eric Blake
dafef600f4 snapshot: Permit redefine of offline external snapshot
Due to historical back-compat, bare 'virsh snapshot-create-as'
favors internal snapshots (but can't be used on domains with raw
storage), while 'virsh snapshot-create-as --disk-only' favors
external snapshots.  What's more, snapshots created with
--disk-only while the domain was running are marked as snapshot
state 'disk-snapshot', while snapshots created while the domain
was offline are marked as snapshot state 'shutdown' (a
'disk-snapshot' image might not be quiescent, while a 'shutdown'
snapshot always is).

But this leads to some interesting problems: if we create a
--disk-only snapshot of an offline guest, and then immediately try
to 'virsh snapshot-create --redefine' using the resulting XML to
overwrite the existing snapashot in place, things silently succeed,
but 'virsh snapshot-create --redefine --disk-only' fails with an
error message that the snapshot state is not 'disk-only'.  Worse,
if we delete the snapshot metadata first and then try to recreate
things, omitting --disk-only fails because the verification code
wants to force the default of an internal snapshot (which doesn't
work with raw disks), and using --disk-only still fails because the
snapshot XML is not 'disk-only' - making it impossible to recreate
the snapshot metadata (or to transfer it from one libvirtd host to
another).  Ideally, the presence or absence of the --disk-only
flag, and the presence or absence of an existing snapshot being
overwritten, shouldn't matter; if the XML is valid for one
situation, it should always be valid to redefine the metadata for
that snapshot.

Fix things by uniformly using virDomainSnapshotDefIsExternal()
(caching the results up front, and eliminating other 'if' clauses
now rendered redundant) when deciding whether the XML being
requested for redefinition should permit external or force internal
state capture (we got it right in only one out of three places in
the function).

See also https://bugzilla.redhat.com/1680304; this fixes the
domain-agnostic problems mentioned there, but another patch is
needed to fix further oddities with the qemu driver.  I did not
check for sure when the problems were introduced (git blame puts
some affected hunks as far back as 1.0.0), but it was definitely
been broken even before when commit 670e86bf (1.1.4) factored
redefine prep out of qemu code into the common snapshot_conf code.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-02-26 16:28:36 -06:00
Eric Blake
d152c727c6 snapshots: Avoid term 'checkpoint' for full system snapshot
Upcoming patches plan to introduce virDomainCheckpointPtr as a new
object for use in incremental backups, along with documentation on
how incremental backups differ from snapshots.  But first, we need
to rename any existing mention of a 'system checkpoint' to instead
be a 'full system snapshot', so that we aren't overloading
the term checkpoint.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-02-26 15:48:58 -06:00
Yi Wang
12a5e10f02 qemu: fix vcpu pinning when not all vcpus are enabled
vcpupin will fail when maxvcpus is larger than current
vcpu:

virsh vcpupin win7 --vcpu 0 --cpulist 5-6
error: Requested operation is not valid: cpu affinity is not supported

win7 xml in the command above is like below:
...
<vcpu current="3" placement="static">8</vcpu>
...

The reason is vcpu[3] and vcpu[4] have zero tids and should not been
compared as valid situation in qemuDomainRefreshVcpuInfo().

This issue is introduced by commit 34f7743, which fix recording of vCPU
pids for MTTCG.

Signed-off-by: Yi Wang <wang.yi59@zte.com.cn>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2019-02-26 13:40:35 +01:00
Diego Michelotto
d163b940a7 virfile: added GPFS as shared fs
Added GPFS as shared file system recognized during live migration
security checks.

GPFS is 'IBM General Parallel File System' also called
'IBM Spectrum Scale'

BUG: https://bugzilla.redhat.com/show_bug.cgi?id=1679528

Signed-off-by: Diego Michelotto <diego.michelotto@cnaf.infn.it>
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2019-02-26 11:41:18 +01:00
Julio Faracco
ac62e297db lxc: Converting 'if, else' logic into a 'switch, case'
The structure used to handle network entries was based on 'if,else'
conditions. This commit converts this ugly structure into a switch to
clearify each option of the handler.

Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-02-25 10:41:39 -05:00
Julio Faracco
087a7c9a88 lxc: Introduce lxcNetworkParseDataType
Extract out the network "type" processing into it's own method
rather than inline within lxcNetworkParseDataSuffix.

Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-02-25 10:41:39 -05:00
Julio Faracco
f7fd10e5f8 lxc: Introduce lxcNetworkParseDataSuffix
This commit removes the full network entry setting: "lxc.network.X" to
type only. Like "type", "name", "flags", etc. This will handle entries
regardless of whether they are prefixed by "lxc.network." (today) or
"lxc.net.X." (the future).

Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-02-25 10:41:39 -05:00
Julio Faracco
0ebb057a2a lxc: Introduce lxcNetworkParseDataEntry
Refactor lxcNetworkWalkCallback to be a simple method to handle
both possible network settings with indexes or the simple one. It is
better the decouple the whole algorithm to parse data to only parse
which entry type libvirt is handling.

The new method is responsible to verify is the settings correspond to
network entry. Right now, it is only verifying "lxc.network.", but in
the future, it can be used to verify "lxc.net.X." too. Any other case
would be rejected.

On the other hand, the idea here is working only with types. If we know
that entry is part of network settings, after we just need to know which
type is. It keeps the handler simple.

Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-02-25 10:41:39 -05:00
Julio Faracco
e6cb63d2ef lxc: Create a separate method to handle IPv{4, 6} outside parser
The new method called lxcNetworkParseDataIPs() is responsible to handle
IPv{4,6} settings now. The idea is let lxcNetworkWalkCallback() method
handle all entries related to network definition only.

Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-02-25 10:41:39 -05:00
Andrea Bolognani
40204c05c5 util: Report error in virFileWrapperFdClose()
libvirt_iohelper is used internally by the virFileWrapperFd APIs;
more specifically, in the QEMU driver we have the doCoreDump() and
qemuDomainSaveMemory() helper functions as users, and those in turn
end up being called by the implementation of several driver APIs.

By calling virReportError() if libvirt_iohelper has failed, we
overwrite whatever generic error message QEMU might have raised
with the more useful one generated by the helper program.

After this commit, the user will be able to see the error directly
instead of having to dig in the journal or libvirtd log.

https://bugzilla.redhat.com/show_bug.cgi?id=1578741

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-02-25 16:34:37 +01:00
Andrea Bolognani
4640131ba3 util: Move error reporting back to virFileWrapperFdClose()
virFileWrapperFdFree(), like all free functions, is supposed
to only release allocated resources, so error reporting is
better suited for virFileWrapperFdClose().

This reverts commit b0c3e93180.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-02-25 16:34:33 +01:00
Andrea Bolognani
e0e16a3d9a qemu: Always call virFileWrapperFdClose()
Right now we're reporting errors in virFileWrapperFdFree(),
but that's hardly the appropriate place to do so, as free
functions are supposed to do nothing more than release
allocated resources.

We want to move that code back into virFileWrapperFdClose(),
but before we can do that we need to make sure the function
is actually called every time we're done processing the
wrapped file. The cleanup path is the obvious candidate.

In a couple of cases we can just move the call, but for the
remaining ones we need to duplicate it instead in order not
to alter the existing behavior. We do, however, make sure
that in all cases a failure to properly close the wrapper
results in the overall operation being reported as failed.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-02-25 16:34:30 +01:00
Andrea Bolognani
aa60562869 util: Make it safe to call virFileWrapperFdClose() multiple times
We'll want to use this function in the cleanup path soon,
and in order to be able to do that we need to make sure we
can call it multiple times on the same virFileWrapperFd
without side effects.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-02-25 16:34:22 +01:00
Marc Hartmayer
d7be1b1c5e qemu: Replace virDomainChrSourceDefFree with virObjectUnref
Replace virDomainChrSourceDefFree with virObjectUnref.

Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2019-02-25 14:38:30 +01:00
Marc Hartmayer
527da4ce9b qemu: Use refcounting for priv->monConfig
Use refcounting for priv->monConfig instead of asymmetric freeing.

Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2019-02-25 14:38:30 +01:00
Christian Ehrhardt
27a9ebf281
security: aa-helper: generate more rules for gl devices
Change fb01e1a44 "virt-aa-helper: generate rules for gl enabled
graphics devices" implemented the detection for gl enabled
devices in virt-aa-helper. But further testing showed
that it will need much more access for the full gl stack
to work.

Upstream apparmor just recently split those things out and now
has two related abstractions at
https://gitlab.com/apparmor/apparmor/blob/master:
- dri-common at /profiles/apparmor.d/abstractions/dri-common
- mesa: at /profiles/apparmor.d/abstractions/mesa

If would be great to just include that for the majority of
rules, but they are not yet in any distribution so we need
to add rules inspired by them based on the testing that we
can do.

Furthermore qemu with opengl will also probe the backing device
of the rendernode for attributes which should be safe as
read-only wildcard rules.

Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1815452

Acked-by: Jamie Strandboge <jamie@canonical.com>
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2019-02-25 08:57:33 +01:00
Christian Ehrhardt
d85e8e400b
security: aa-helper: allow virt-aa-helper to read /dev/dri
Change fb01e1a44 "virt-aa-helper: generate rules for gl enabled
graphics devices" implemented the detection for gl enabled
devices in virt-aa-helper. But it will in certain cases e.g. if
no rendernode was explicitly specified need to read /dev/dri
which it currently isn't allowed.

Add a rule to the apparmor profile of virt-aa-helper itself to
be able to do that.

Acked-by: Jamie Strandboge <jamie@canonical.com>
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2019-02-25 08:50:38 +01:00
Roman Bogorodskiy
12f4bf80a7 bhyve: add bhyveDomainDefNeedsISAController helper
Add a bhyveDomainDefNeedsISAController() helper function
which by domain configuration determines whether LPC controller is
required or not.

Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-02-24 17:24:00 +04:00
Roman Bogorodskiy
e9528f41c6 bhyve: implement ignore unknown MSRs feature
Implement the MSRs ignore unknown reads and writes feature
that's specified using:

  <features>
    ...
    <msrs unknown='ignore'>
    ...
  </features>

in the domain XML.

In bhyve, it's just passing '-w' command line argument to the bhyve(8)
executable.

Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-02-24 13:20:51 +04:00
Roman Bogorodskiy
b71de701b8 conf: introduce 'msrs' feature
Introduce the 'msrs' feature element that controls Model Specific
Registers related behaviour. At this moment it allows only
single tunable attribute "unknown":

 <msrs unknown='ignore|fault'/>

Which tells hypervisor to ignore accesses to unimplemented
Model Specific Registers. The only user of that for now is going
to be the bhyve driver.

Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-02-24 12:33:42 +04:00
David Kiarie
cb6a46364b src/xenconfig: update copyright notice
Signed-off-by: David Kiarie <davidkiarie4@gmail.com>
2019-02-22 12:52:25 +00:00
Ján Tomko
3b4819802b qemu: fix memory leak in qemuBuildDiskDeviceStr
Commit a1dce962 added the allocated scsiVPDDeviceId without freeing it.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2019-02-22 12:56:13 +01:00
Peter Krempa
0c5d8300c5 qemu: domain: Use VIR_AUTOCLEAN for virBuffer
Replace all uses where virBuffer would need clearing on the cleanup
path.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2019-02-22 10:05:45 +01:00
Peter Krempa
55ee6ac8de util: buffer: Introduce VIR_AUTOCLEAN function for virBuffer
virBuffer is almost always stack-allocated, but requires freeing of the
internals on error. Introduce a VIR_AUTOCLEAN function to deal with
this.

Along with the addition add a test which would leak the buffer contents
if it weren't autocleaned.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2019-02-22 10:05:45 +01:00
Peter Krempa
c73f752e46 util: alloc: Introduce 'VIR_AUTOCLEAN' macros for clearing stack'd structs
The new utility macros are useful for variables we put on the stack but
require some cleanup. The most prominent of those is virBuffer which is
used almost exclusively in that way.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2019-02-22 10:05:45 +01:00
Peter Krempa
e25492444f util: buf: Remove virBufferEscapeN
The function was used only in the tests, remove it.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2019-02-22 10:05:45 +01:00
Peter Krempa
c97679c680 util: buf: Fix memory leak in virBufferEscapeN
The conversion to VIR_AUTOFREE of 'escapeList' introduced memory leak of
the copied item to be escaped:

==17517== 2 bytes in 1 blocks are definitely lost in loss record 1 of 32
==17517==    at 0x483880B: malloc (vg_replace_malloc.c:309)
==17517==    by 0x54D666D: strdup (in /usr/lib64/libc-2.28.so)
==17517==    by 0x497663E: virStrdup (virstring.c:956)
==17517==    by 0x497663E: virStrdup (virstring.c:945)
==17517==    by 0x48F8853: virBufferEscapeN (virbuffer.c:707)
==17517==    by 0x403C9D: testBufEscapeN (virbuftest.c:383)
==17517==    by 0x405FA8: virTestRun (testutils.c:174)
==17517==    by 0x403A70: mymain (virbuftest.c:517)
==17517==    by 0x406BC9: virTestMain (testutils.c:1097)
==17517==    by 0x5470412: (below main) (in /usr/lib64/libc-2.28.so)

[...] (all other have same backtrace as it happens in a loop)

Fix it by reverting all the VIR_AUTO nonsense in this function as there
is exactly one place where it's handled.

This effectively reverts commits:
d0a92a0371
96fbf6df90
d261ed2fb1

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2019-02-22 10:05:45 +01:00
Peter Krempa
a3d0d77e74 util: buffer: Remove misleading AUTOPTR func for 'virBuffer'
'virBufferFreeAndReset' does not free the top level structure itself.
Additionally we almost exclusively use stack'd buffers rather than
pointers.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2019-02-22 10:05:45 +01:00
Laine Stump
82fe58ff26 network: add netmask to dhcp range of dnsmasq conf file for IPv4
dnsmasq documentation says that the *IPv4* prefix/network
address/broadcast address sent to dhcp clients will be automatically
determined by dnsmasq by looking at the interface it's listening on,
so the original libvirt code did not add a netmask to the dnsmasq
commandline (or later, the dnsmasq conf file).

For *IPv6* however, dnsmasq apparently cannot automatically determine
the prefix (functionally the same as a netmask), and it must be
explicitly provided in the conf file (as a part of the dhcp-range
option). So many years after IPv4 DHCP support had been added, when
IPv6 dhcp support was added the prefix was included at the end of the
dhcp-range setting, but only for IPv6.

A user had reported a bug on a host where one of the interfaces was a
superset of the libvirt network where dhcp is needed (e.g., the host's
ethernet is 10.0.0.20/8, and the libvirt network is 10.10.0.1/24). For
some reason dnsmasq was supplying the netmask for the /8 network to
clients requesting an address on the /24 interface.

This seems like a bug in dnsmasq, but even if/when it gets fixed
there, it looks like there is no harm in just always adding the
netmask to all IPv4 dhcp-range options similar to how prefix is added
to all IPv6 dhcp-range options.

Signed-off-by: Laine Stump <laine@laine.org>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-02-21 13:06:16 -05:00
Laine Stump
abb293a56f util: set missing data length in virSocketAddrPrefixToNetmask()
This fixes a bug that has been present since the original version of
the function was pushed in commit 1ab80f3 on Nov. 26 2010 (by me). The
virSocketAddr::len was not being set.

Apparently until now we were always calling
virSocketAddrPrefixToNetmask with virSocketAddr object that was
already (coincidentally) initialized for the proper address family,
but the bug became apparent when trying to use it to fill in an
otherwise uninitialized object.

Signed-off-by: Laine Stump <laine@laine.org>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-02-21 12:59:09 -05:00
Eric Blake
c900474e6a snapshot: Saner use of uuid
Most of the code base is fairly consistent about using the name
'uuidstr' when dealing with a formatted human-readable form, and
'uuid' when dealing with the smaller raw bytes form. Fix
snapshot_conf to comply, as well as reducing the scope of a human
string to only the error message that needs it.

Signed-off-by: Eric Blake <eblake@redhat.com>
2019-02-21 11:40:04 -06:00
Marc Hartmayer
27eb324668 udev: wake up the udev thread for stopping it
Signal the udev thread the change of `priv->threadQuit` by using the
thread condition.

Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-02-20 14:07:48 -05:00
Marc Hartmayer
9380d92d6f udev: nodeStateInitializeEnumerate: remove watch handle in case of an error
If the udev thread is stopped, it must be ensured that the watch
handle is also removed from the main loop.

Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-02-20 14:07:42 -05:00
John Ferlan
632a8697c6 conf: Use VIR_STEAL_PTR in domain_conf
In preparation for some autofree mods.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-02-20 13:25:46 -05:00
Andrea Bolognani
939f254234 iohelper: Remove remaining newlines from error messages
The iohelper is an internal program that's only supposed to
be called by libvirt, and whatever output it might produce
will ultimately be passed to virReportError() or similar.

Since we do not want strings passed to those functions to
contain newlines, we can simply not output them in the first
place.

This is what happens in pretty much all cases already, but
in a couple instances newlines have managed to slip in.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Laine Stump <laine@laine.org>
2019-02-20 08:51:39 +01:00
Eric Blake
a27031c408 snapshot: Define explicit flags for snapshot xml
Commit f609cb85 (0.9.5) introduced virDomainSnapshotGetXMLDesc()'s use
of @flags as a subset of virDomainXMLFlags, documenting that 2 of the
3 flags defined at the time would never be valid.  Later, commit
28f8dfdc (1.0.0) introduced a new flag, VIR_DOMAIN_XML_MIGRATABLE, but
did not adjust the snapshot documentation to declare it as invalid.
However, since the flag is not accepted as valid by any of the
drivers (remote is just passthrough; esx and vbox don't support flags;
qemu, test, and vz only support VIR_DOMAIN_XML_SECURE), and it is
unlikely that the domain state saved off during a snapshot creation
needs to be migration-friendly (as the snapshot is not the source of
a migration), it is easier to just define an explicit set of supported
flags directly related to the snapshot API rather than trying to
borrow from domain API, and risking confusion if even more domain
flags are added later (in fact, I have an upcoming patch that plans to
add a new flag to virDomainGetXMLDesc that makes no sense for
snapshots).

There is no API or ABI impact (since we purposefully used unsigned int
rather than an enum type in public API, and since the new flag name
carries the same value as the reused name).

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-02-19 21:34:42 -06:00
Eric Blake
12a51f372a domain: Define explicit flags for saved image xml
Commit d2a929d4 (0.9.4) defined virDomainSaveImageGetXMLDesc()'s use
of @flags as a subset of virDomainXMLFlags, documenting that 2 of the
3 flags defined at the time would never be valid.  Later, commit
28f8dfdc (1.0.0) introduced a new flag, VIR_DOMAIN_XML_MIGRATABLE, but
did not adjust the save image documentation to declare it as invalid.
Later, commit a67e3872 (3.7.0) blindly copied and pasted the same text
into virDomainManagedSaveGetXMLDesc.

However, since the flag is not accepted as valid by any of the
drivers (remote is just passthrough; and qemu is the only supporting
driver for either API, with support for just VIR_DOMAIN_XML_SECURE),
it is easier to just define an explicit set of supported flags
directly related to the save image API rather than trying to borrow
from live domain API, and risking confusion if even more domain flags
are added later (in fact, I have an upcoming patch that plans to add
a new flag to virDomainGetXMLDesc that makes no sense for saved
images).  We may someday decide that saved images need to support the
_MIGRATABLE flag, as it is possible to load a saved image with a
different version of libvirt than the one that created it, but that
can be a separate patch if it is ever needed.  Meanwhile, it DOES make
sense to reuse the same flags for SaveImage and for ManagedSave (since
ManagedSave is really just sugar for creating a normal SaveImage in a
location controlled by libvirt instead of by the user).

There is no API or ABI impact (since we purposefully used unsigned int
rather than an enum type in public API, and since the new flag name
carries the same value as the old reused name).

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-02-19 21:34:42 -06:00
Eric Blake
022eeddf29 qemu: Use correct domain xml flag
Although VIR_DOMAIN_DEF_FORMAT_INACTIVE and VIR_DOMAIN_XML_INACTIVE
happen to have the same value (1<<1), they come from different enums;
and it is nicer to reason about a 'flags' variable if all uses of
that variable are compared against the same enum type.  Messed up in
commit 06f75ff2 (3.8.0).

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-02-19 17:02:43 -06:00