Commit Graph

26463 Commits

Author SHA1 Message Date
Eric Blake
42adc45937 backup: Implement backup APIs for remote driver
This one is fairly straightforward - the generator already does what
we need.

Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-12-10 12:41:56 +01:00
Eric Blake
74ca70507a backup: Introduce virDomainBackup APIs
Introduce a few new public APIs related to incremental backups.  This
builds on the previous notion of a checkpoint (without an existing
checkpoint, the new API is a full backup, differing from
virDomainBlockCopy in the point of time chosen and in operation on
multiple disks at once); and also allows creation of a new checkpoint
at the same time as starting the backup (after all, an incremental
backup is only useful if it covers the state since the previous
backup).

A backup job also affects filtering a listing of domains, as well as
adding event reporting for signaling when a push model backup
completes (where the hypervisor creates the backup); note that the
pull model does not have an event (starting the backup lets a third
party access the data, and only the third party knows when it is
finished).

The full list of new APIs:
        virDomainBackupBegin;
        virDomainBackupGetXMLDesc;

Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-12-10 12:41:56 +01:00
Peter Krempa
1e320c9d83 qemu: domain: Export qemuDomainGetImageIds
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-12-10 12:41:56 +01:00
Cole Robinson
97cafa610e qemu: domain: raise an error when no emulator is found
$ cat f | grep -e arch -e emulator
    <type arch='mipsel'>hvm</type>
$ sudo virsh define f
error: Failed to define domain from f
error: An error occurred, but the cause is unknown

After:
$ sudo virsh define f
error: Failed to define domain from f
error: unsupported configuration: No emulator found for arch 'mipsel'

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-12-09 14:40:43 -05:00
Daniel P. Berrangé
66d4fd7009 vz: drop virCapsPtr param from many API domain parse calls
This fixes commit bf9d812956

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 14:46:14 +00:00
Daniel P. Berrangé
ef7526cc19 vz: declare missing driver variable
This fixes commit 61bff77bf9

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 14:46:14 +00:00
Daniel P. Berrangé
92fdbaf97a vz: pass pointer to vz capabilities
This fixes commit 4a4132b462

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 14:46:13 +00:00
Daniel P. Berrangé
eb2952c0f5 vz: pass virDomainXMLOptionPtr to virDomainVideoDefNew
The virDomainVideoDefNew requires the xml options to be
provided since

  commit 3dbf3941ad
  Author: Marc-André Lureau <marcandre.lureau@redhat.com>
  Date:   Mon Sep 23 14:44:35 2019 +0400

    conf: add privateData to virDomainVideoDef

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 14:46:13 +00:00
Cole Robinson
4ce7e743df qemu: checkpoint: fix NULL dereference at create time
'cfg' is never initialized here, which causes a crash
later in qemuCheckpointCreateFinalize

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-12-09 08:57:40 -05:00
Peter Krempa
6f6a1763a1 qemu: snapshot: Mark file becoming backingStore as read-only
For any backing file we set 'read-only' to true, but didn't do this when
modifying the recorded backing store when creating external snapshots.

This meant that qemu would attempt to open the backing-file read-write.
This would fail for example when selinux is used as qemu doesn't have
write permission for the backing file.

https://bugzilla.redhat.com/show_bug.cgi?id=1781079

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-12-09 14:07:24 +01:00
Peter Krempa
35614b6022 xen: Remove unused 'cfg'
Refactoring of the XML parser left few instances of the
libxlDriverConfig object unused. Remove them.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2019-12-09 14:06:15 +01:00
Daniel P. Berrangé
3dd91af01f qemu: stop creating capabilities at driver startup
Now that nearly all internal APIs use the QEMU capabilities or other
QEMU driver data directly, there's no compelling benefit to create
virCapsPtr at driver startup.

Skipping this means we don't probe capabilities for all 30 system
emulator targets at startup, only those emulators which are referenced
by an XML doc. This massively improves libvirtd startup time when the
capabilities cache is not populated. It even improves startup time
when the cache is up to date, as we don't bother to load files from
the cache until we need them.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:17:27 +00:00
Daniel P. Berrangé
7be5fe66cd qemu: directly create virResctrlInfo ignoring capabilities
We always refresh the capabilities object when using virResctrlInfo
during process startup. This is undesirable overhead, because we can
just directly create a virResctrlInfo instead.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:17:27 +00:00
Daniel P. Berrangé
adf009b48f qemu: use host CPU object directly
Avoid grabbing the whole virCapsPtr object when we only need the
host CPU information.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:17:27 +00:00
Daniel P. Berrangé
8506afff7b conf: make virCPUDef into a ref counted struct
Annoyingly there was no existing constructor, and identifying all the
places which do a VIR_ALLOC(cpu) is a bit error prone. Hopefully this
has found & converted them all.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:17:27 +00:00
Daniel P. Berrangé
1a1d848694 qemu: use NUMA capabilities object directly
Avoid grabbing the whole virCapsPtr object when we only need the
NUMA information.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:17:27 +00:00
Daniel P. Berrangé
6cc992bd1a conf: move NUMA capabilities into self contained object
The NUMA cells are stored directly in the virCapsHostPtr
struct. This moves them into their own struct allowing
them to be stored independantly of the rest of the host
capabilities. The change is used as an excuse to switch
the representation to use a GPtrArray too.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:17:27 +00:00
Daniel P. Berrangé
bc1676fc2f qemu: drop virCapsPtr param & vars from many APIs
Now that the domain XML APIs don't use virCapsPtr we can stop passing it
around many QEMU driver methods.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:17:27 +00:00
Daniel P. Berrangé
575d9d2504 conf: drop virCapsPtr param from snapshot & checkpoint APIs
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:17:27 +00:00
Daniel P. Berrangé
1cd2b2d545 conf: drop virCapsPtr param from domain obj list APIs
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:17:27 +00:00
Daniel P. Berrangé
78d8228eec conf: drop virCapsPtr param from APIs for saving domains
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:17:27 +00:00
Daniel P. Berrangé
24d87d2e88 conf: drop virCapsPtr param from domain APIs for copying config
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:17:27 +00:00
Daniel P. Berrangé
bf9d812956 conf: drop virCapsPtr param from domain parse APIs
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:17:27 +00:00
Daniel P. Berrangé
b5f591cdb4 conf: drop virCapsPtr param from domain post parse & validate APIs
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:17:27 +00:00
Daniel P. Berrangé
61bff77bf9 conf: drop virCapsPtr param from domain formatting APIs
This parameter is now unused and can be removed entirely.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:17:27 +00:00
Daniel P. Berrangé
04c960dd64 conf: drop virCapsPtr param from domain validate callback
None of the impls of this callback require the virCapsPtr param.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:17:27 +00:00
Daniel P. Berrangé
33b62676f8 conf: drop virCapsPtr param from device post parse callback
None of the impls of this callback require the virCapsPtr param.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:17:27 +00:00
Daniel P. Berrangé
c919336288 conf: drop virCapsPtr param from post parse callback
No impl of this callback requires the virCapsPtr anymore.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:17:27 +00:00
Daniel P. Berrangé
227a0503e2 conf: drop virCapsPtr param from post parse data alloc callback
The only user of this callback did not require the virCapsPtr parameter.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:17:27 +00:00
Daniel P. Berrangé
74fb858f7d conf: drop virCapsPtr param from basic post parse callback
The QEMU impl of the callback can directly use the QEMU capabilities
cache to resolve the emulator binary name, allowing virCapsPtr to be
dropped.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:17:19 +00:00
Daniel P. Berrangé
a7ef72a8fd conf: drop virCapsPtr param from assign addresses callback
The virCapsPtr param is not used by any of the virt drivers providing
this callback.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:15:16 +00:00
Daniel P. Berrangé
638ffa2228 conf: pass default sec model in parser config
Instead of using the virCapsPtr to get the default security model,
pass this in via the parser config.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:15:16 +00:00
Daniel P. Berrangé
99a949ffc4 conf: move seclabel validation into post-parse phase
Currently the disk and chardev seclabels are validated immediately at
the time their data is parsed. This forces the parser to fill in the
top level secmodel at time of parsing which is an undesirable thing.
This validation conceptually should be done in the post-parse phase
instead.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:15:16 +00:00
Daniel P. Berrangé
a7b6e49d00 conf: pass netprefix in the domain parser config struct
Instead of using the virCapsPtr information, pass the driver specific
netprefix in the domain parser struct. This eliminates one more use of
virCapsPtr from the XML parsing/formatting code.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:15:16 +00:00
Daniel P. Berrangé
4a4132b462 conf: don't use passed in caps in post parse method
To enable the virCapsPtr parameter to the post parse method to be
eliminated, the drivers must fetch the virCapsPtr from their own
driver via the opaque parameter, or use an alternative approach
to validate the parsed data.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:15:16 +00:00
Daniel P. Berrangé
2578d74aee conf: move virt type / os type / arch validation to post-parse
The XML parser currently calls virCapabilitiesDomainDataLookup during
parsing to find the domain capabilities matching the triple

  (virt type, os type, arch)

This is, however, bogus with the QEMU driver as it assumes that there
is an emulator known to the default driver capabilities that matches
this triple. It is entirely possible for the driver to be parsing an
XML file with a custom emulator path specified pointing to a binary
that doesn't exist in the default driver capabilities.  This will,
for example be the case on a RHEL host which only installs the host
native emulator to /usr/bin. The user can have built a custom QEMU
for non-native arches into $HOME and wish to use that.

Aside from validation, this call is also used to fill in a machine type
for the guest if not otherwise specified. Again, this data may be
incorrect for the QEMU driver because it is not taking account of
the emulator binary that is referenced.

To start fixing this, move the validation to the post-parse callbacks
where more intelligent driver specific logic can be applied.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:15:16 +00:00
Daniel P. Berrangé
6430c00552 conf: pass in default architecture via domain XML options
When parsing the guest XML we must fill in the default guest arch if it
is not already present because later parts of the parsing process need
this information.

If no arch is specified we lookup the first guest in the capabilities
data matching the os type and virt type. In most cases this will result
in picking the host architecture but there are some exceptions...

 - The test driver is hardcoded to always use i686 arch
 - The VMWare/ESX drivers will always place i686 guests ahead
   of x86_64 guests in capabilities, so effectively they always
   use i686
 - The QEMU driver can potentially return any arch at all
   depending on what combination of QEMU binaries are installed.

The domain XML hardware configurations are inherently architecture
specific in many places. As a result whomever/whatever created the
domain XML will have had a particular architecture in mind when
specifying the config. In pretty much any sensible case this arch
will have been the native host architecture. i686 on x86_64 is
the only sensible divergance because both these archs are
compatible from a domaain XML config POV.

IOW, although the QEMU driver can pick an almost arbitrary arch as its
default, in the real world no application or user is likely to be
relying on this default arch being anything other than native.

With all this in mind, it is reasonable to change the XML parser to
allow the default architecture to be passed via the domain XML options
struct. If no info is explicitly given then it is safe & sane to pick
the host native architecture as the default for the guest.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:15:16 +00:00
Daniel P. Berrangé
92d412149c conf: sanitize virDomainObjFormat & virDomainDefFormat* APIs
Moving their instance parameter to be the first one, and give consistent
ordering of other parameters across all functions. Ensure that the xml
options are passed into both functions in prep for future work.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:15:16 +00:00
Daniel P. Berrangé
908701c64a conf: sanitize virDomainSaveStatus & virDomainSaveConfig APIs
Our normal practice is for the object type to be the name prefix, and
the object instance be the first parameter passed in.

Rename these to virDomainObjSave and virDomainDefSave moving their
primary parameter to be the first one. Ensure that the xml options
are passed into both functions in prep for future work.

Finally enforce checking of the return type and mark all parameters
as non-NULL.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:15:16 +00:00
Daniel P. Berrangé
5cedfbd100 qemu: add machines & arch to fake test capabilities cache
Currently the virQEMUCapsPtr objects are just empty. Future patches are
going to expect them to contain real data. Start off by populating the
machine types and arch information.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:15:15 +00:00
Daniel P. Berrangé
bce3b0807e qemu: cache host arch separately from virCapsPtr
As part of a goal to eliminate the need to use virCapsPtr for anything
other than the virConnectGetCapabilies() API impl, cache the host arch
against the QEMU driver struct and use that field directly.

In the tests we move virArchFromHost() globally in testutils.c so that
every test runs with a fixed default architecture reported.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-09 10:15:15 +00:00
Jiri Denemark
c11706cc25 qemu: Implement VIR_MIGRATE_PARAM_TLS_DESTINATION
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2019-12-09 10:11:58 +01:00
Jiri Denemark
cc023b33bb qemu: Add support for setting string migration params
The functions for converting migration typed parameters to QEMU
migration parameters and back were only implemented for integer types.
This patch adds support for string parameters.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2019-12-09 10:11:58 +01:00
Peter Krempa
f5259ba402 qemu: migration: Properly setup mirror for blockdev configurations
With blockdev we need to refer to the nodename of the disk source image
as the source argument for the blockdev-mirror operation while still
keeping the old job name. With blockdev we must also persist the job in
qemu.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2019-12-09 07:11:24 +01:00
Peter Krempa
3e35156bd1 qemu: migration: Mention disk target rather than the drive name in debug msg
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2019-12-09 07:11:24 +01:00
Peter Krempa
69abc80f5e qemu: migration: Split out setup of the migration target
Separate out allocation of the virStorageSource corresponding to the
target NBD export of the migration.

As part of the splitout we allocate the export name explicitly as that
one must not change regardless whether blockdev is used or not to
provide compatibility.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2019-12-09 07:11:24 +01:00
Peter Krempa
0d0b490a32 qemu: blockjob: Allow NULL 'mirror' for block copy jobs due to migration
The non-shared-storage migration tracks the storage source used
explicitly in the migration data so we must allow for processing of the
block job which has NULL mirror as the mirror will not be populated.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2019-12-09 07:11:24 +01:00
Peter Krempa
e1910a1f3b qemu: migration: Simplify cleanup in qemuMigrationSrcNBDCopyCancelOne
Now that the cleanup section does not exist remove the label.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2019-12-09 07:11:24 +01:00
Peter Krempa
37e801340a qemu: migration: Access job name from job struct
qemuMigrationSrcNBDCopyCancelOne uses the block job data structure but
generated it's own job name rather than taking it from the block job
data.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2019-12-09 07:11:24 +01:00
Peter Krempa
5339f57a0b qemu: migration: Properly export backend for NBD storage migration
With -blockdev we must use the nodename as the export but we must keep
the name of the export as it was before to ensure compatiblity.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2019-12-09 07:11:24 +01:00
Peter Krempa
83137f5d37 qemu: migration: Simplify handling of 'diskAlias' when adding NBD exports
Declare the variable inside the loop with automatic clearing.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2019-12-09 07:11:24 +01:00
Peter Krempa
d179acf4ad qemu: driver: Use appropriate job name when setting blockjob speed
qemuDomainBlockJobSetSpeed was not converted to get the job name from
the block job data. This means that after enabling blockdev the API call
would fail as we wouldn't use the appropriate name.

https://bugzilla.redhat.com/show_bug.cgi?id=1780497

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2019-12-09 07:11:24 +01:00
Peter Krempa
e3faa84819 qemu: driver: Use qemuDomainDiskByName instead of virDomainDiskByName
Where appropriate replace the open coded call with the qemu wrapper
which already reports the error.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2019-12-09 07:11:23 +01:00
Peter Krempa
ca67d02fbe qemu: domain: Mention searched disk in error of qemuDomainDiskByName
Mention the argument used if the disk can't be located.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2019-12-09 07:11:23 +01:00
Jidong Xia
863c0d8e8d qemu: cold-unplug of sound
With this patch users can cold unplug some sound devices.
use "virsh detach-device vm sound.xml --config" command.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Jidong Xia <xiajidong@cmss.chinamobile.com>
2019-12-08 19:41:34 -05:00
Pavel Mores
7b2a6e8cf7 qemu: remove nested branching to enhance readability
This is a follow-up to patch series posted in

https://www.redhat.com/archives/libvir-list/2019-November/msg01180.html

It implements a suggestion made by Cole in

https://www.redhat.com/archives/libvir-list/2019-November/msg01207.html

and discussed in follow-up messages as there were no objections to the
change.

The aim is to make the code more readable by replacing nested branching
with a flat structure.

Signed-off-by: Pavel Mores <pmores@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-12-06 14:42:56 +01:00
Michal Privoznik
4c53267b70 qemu_monitor_text: Drop unused variable and avoid crash
In v5.8.0-rc1~122 we've removed the only use of @safename in
qemuMonitorTextLoadSnapshot(). What we are left with is an
declared but not initialized variable that is passed to
VIR_FREE().

Caught by libvirt-php test suite.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2019-12-06 10:29:46 +01:00
Michal Privoznik
516b867685 qemuProcessStop: Remove image metadata only when allowed
In v5.9.0-370-g8fa0374c5b I've tried to fix a bug by removing
some stale XATTRs in qemuProcessStop(). However, I forgot to
do nothing when the VIR_QEMU_PROCESS_STOP_NO_RELABEL flag was
specified.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2019-12-05 15:08:28 +01:00
Peter Krempa
6865dc295e qemu: Convert aborting of a domain job to a switch statement
Until now we only really aborted migration via qemuDomainAbortJob. This
will change with the upcoming addition of the backup job. Additionally
there were a bunch of if statements checking various aspects of the
current job.

To make it more obvious convert qemuDomainAbortJob to use a switch
statement and move the individual conditions to the appropriate job
type.

Every job type has now it's own case despite multiple job types just
plainly cancelling the job for clarity and future extension.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2019-12-05 13:53:15 +01:00
Peter Krempa
4ef3401eb8 qemu: driver: Split out cancellation of migration from qemuDomainAbortJob
Following patch will refactor qemuDomainAbortJob to use a per-job-type
switch where we will need to abort a migration job in various branches.

Save some code duplication by introducing a helper.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2019-12-05 13:53:15 +01:00
Daniel P. Berrangé
e0314b6855 src: rewrite remote protocol checker in Python
As part of a goal to eliminate Perl from libvirt build tools,
rewrite the pdwtags processing script in Python.

The original inline shell and perl code was completely
unintelligible. The new python code is a manual conversion
that attempts todo basically the same thing.

Tested-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-04 13:44:15 +00:00
Han Han
0e37372291 conf: fix logic error for scsi units
Introduced in c8007fdc5d, it should use 'greater than max' instead of
'equal or greater than max' for the condition of checking invalid scsi
unit.

Signed-off-by: Han Han <hhan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-12-04 13:20:57 +01:00
Daniel P. Berrangé
1fbd80c42a tests: stop static linking to libvirt code in tests
If we static link to libvirt_util.la then we can't override functions in
this file by simply implementing them in the test code. Any tests should
dynamic link to the main libvirt.la and ensure symbols are exported.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-04 12:08:21 +00:00
Daniel P. Berrangé
d57d8d6e92 docs: move hyperv_wmi_generator.py to the scripts/ directory
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-04 11:42:28 +00:00
Daniel P. Berrangé
74f270095a docs: move esx_vi_generator.py to the scripts/ directory
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-04 11:42:16 +00:00
Peter Krempa
cd1e6fd478 qemu: process: Re-process qemu capability lockout in qemuProcessPrepareQEMUCaps
We clear some capabilities here so the lockouts need to be
re-evaluated.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-12-03 15:26:54 +01:00
Peter Krempa
be1a201533 qemu: capabilities: Lock out incremental backup capability without blockdev
Blockdev is required to do incremental backups properly. Add a helper
function for locking out capabilities and export it to allow re-doing
the processing if a different code path modifies capabilities.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-12-03 15:26:54 +01:00
Peter Krempa
a64265f440 qemu: caps: Don't check capability before clearing it
Checking whether a qemu capability set right before clearing it without
any other logic doesn't make sense.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-12-03 15:26:54 +01:00
Peter Krempa
78c2a8b934 qemu: process: Move handling of qemu capability overrides
Do all post-processing of capabilities in qemuProcessPrepareQEMUCaps.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-12-03 15:26:54 +01:00
Peter Krempa
97c9ece79b qemu: process: Move clearing of QEMU_CAPS_CHARDEV_FD_PASS to qemuProcessPrepareQEMUCaps
Move the post-processing of the QEMU_CAPS_CHARDEV_FD_PASS flag to the
new function.

The clearing of the capability is based on the presence of
VIR_QEMU_PROCESS_START_STANDALONE so we must also pass in the process
start flags.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-12-03 15:26:54 +01:00
Peter Krempa
3a075524d9 qemu: process: Move clearing of the BLOCKDEV capability to qemuProcessPrepareQEMUCaps
Start aggregating all capability post-processing code in one place.

The comment was modified while moving it as it was mentioning floppies
which are no longer clearing the blockdev capability.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-12-03 15:26:54 +01:00
Peter Krempa
dbbc9a3c40 qemu: Move and rename qemuDomainUpdateQEMUCaps
The function is now used only in qemu_process.c so move it there and
name it 'qemuProcessPrepareQEMUCaps' which is more appropriate to what
it's doing.

The reworded comment now mentions that it will also post-process the
caps for VM startup.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-12-03 15:26:54 +01:00
Peter Krempa
530d7a73f4 qemu: process: Don't try to redetect missing qemuCaps on reconnect
The redetection was originally added in 43c01d3838 as a way to recover
from libvirtd upgrade from the time when we didn't persist the qemu
capabilities in the status XML. Also this the oldest supported qemu by
more than two years.

Even if somebody would have a running VM running at least qemu 1.5 with
such an old libvirt we certainly wouldn't do the right thing by
redetecting the capabilities and then trying to communicate with qemu.

For now it will be the best to just stop considering this scenario any
more and error out for such VM.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-12-03 15:26:54 +01:00
Peter Krempa
2504dbeb5d qemu: process: Make it obvious that virDomainDefPostParse is called with NULL opaque
Commit c90fb5a828 added explicit use of the private copy of the qemu
capabilities to various places. The change to qemuProcessInit was bogus
though as at the point where we re-initiate the post parse callbacks
priv->qemuCaps is still NULL as we clear it after shutdown of the VM and
don't initiate it until a later point.

Using the value from priv->qemuCaps might mislead readers of the code
into thinking that something useful is being passed at that point so go
with an explicit NULL instead.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-12-03 15:26:54 +01:00
Peter Krempa
ab163144eb qemu: Always reset @info in qemuDomainGetJobInfo
qemuDomainGetJobInfo didn't always reset the return data in @info.
Thankfully this wouldn't be a problem as the RPC layer does it but we
should do it anyways.

Since we reset the struct we don't have to set the type to
VIR_DOMAIN_JOB_NONE as the value is 0.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2019-12-03 15:26:54 +01:00
Peter Krempa
2dae916de4 qemu: Implement VIR_DOMAIN_JOB_STATS_KEEP_COMPLETED
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2019-12-03 15:26:53 +01:00
Peter Krempa
d4a4933a0d api: Allow keeping completed domain job stats when reading them
virDomainGetJobStats destroys the completed statistics on the first
read. Give the user possibility to keep them around if they wish so.

Add a flag VIR_DOMAIN_JOB_STATS_KEEP_COMPLETED which will read the stats
without destroying them.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2019-12-03 15:26:53 +01:00
Daniel P. Berrangé
8aaed287f5 qemu: make 'xz' image compression viable by using -3
For managed save we can choose between various compression
methods. I randomly tested the 'xz' program on a 8 GB guest
and was surprised to have to wait > 50 minutes for it to
finish compressing, with 'xz' burning 100% cpu for the
entire time. Despite the impressive compression, this is
completely useless in the real world as it is far too long
to wait to save the VM.

The 'xz' binary defaults to '-6' optimization level which
aims for high compression, with moderate memory usage,
at the expense of speed.

This change switches it to use the '-3' optimization level
which is documented as being the one that optimizes speed
at expense of compression. Even with this, it will still
outperform all the other options in terms of compression
level. It is a little less than x4 faster than '-6' which
means it starts to be a viable choice to use 'xz' for
people who really want best compression.

The test results on a 1 GB, fairly freshly booted VM are
as follows

  format | save  | restore  size
  =======+=======+=============
  raw    |   05s |    1s  | 428 MB
  lzop   |   05s |    3s  | 160 MB
  gzip   |   29s |    5s  | 118 MB
  bz2    |   54s |   22s  | 114 MB
  xz     | 4m37s |   13s  |  86 MB
  xz -3  | 1m20s |   12s  |  95 MB

Based on this we can say

 * For moderate compression with no noticable loss in speed

       => use lzop

 * For high compression with moderate loss in speed

       => use gzip

 * For best compression with significant loss in speed

       => use xz

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-03 13:43:45 +00:00
Erik Skultety
d7efba9711 storage: backend_disk: Implement the deletePool function
This is a very simple and straightforward implementation of the opposite
what buildPool does for the disk backend.
The background for this change comes from an existing test case in TCK
which does use the delete method for a pool of type disk, but it
truly could not have ever worked since the implementation simply
wasn't there for the pool of type disk.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-12-03 09:31:10 +01:00
Michal Privoznik
087fac8fa7 selinux: Drop needless getfilecon()-s
When SELinux support was first introduced the libselinux library
wasn't that advanced and setfilecon_raw() or fsetfilecon_raw()
could fail even when the target context was set. Looking at the
current code [1][2] this is no longer the case. We can drop our
workarounds.

1: https://github.com/SELinuxProject/selinux/blob/master/libselinux/src/setfilecon.c#L10
2: https://github.com/SELinuxProject/selinux/blob/master/libselinux/src/fsetfilecon.c#L10

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-03 08:34:09 +01:00
Peter Krempa
6519c1b554 qemu: blockcopy: Fix conditions when virStorageSource should be initialized
Commit 4b58fdf280 which enabled block copy also for network
destinations needed to limit when the 'mirror' storage source is
initialized in cases when we e.g. don't have an appropriate backend.

Limiting it just to virStorageFileSupportsCreate is too restrictive as
for example we can't precreate block devices and thus wouldn't
initialize the 'mirror' but since it's a local source we'd try to
examine it. This would fail since it wouldn't be initialized.

Fix it by introducing a more granular check whether certain operations
are supported and fix the check interlocks.

https://bugzilla.redhat.com/show_bug.cgi?id=1778058

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-12-02 15:44:03 +01:00
Peter Krempa
c958b8eb46 qemu: blockcopy: Report error on image format detection failure
We tolerate image format detection during block copy in very specific
circumstances, but the code didn't error out on failure of the format
detection.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-12-02 15:44:03 +01:00
Daniel P. Berrangé
54fff1856b src: fix pkg-config path for API XML files
The API XML files are generated files, so live in the build dir not the
source dir.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-12-02 13:45:14 +00:00
Michal Privoznik
5e9bdccd92 remote_daemon_stream: Hold an extra reference to stream in daemonStreamFilter
In v5.9.0-273-g8ecab214de I've tried to fix a lock ordering
problem, but introduced a crasher. Problem is that because the
client lock is unlocked (in order to honour lock ordering) the
stream we are currently checking in daemonStreamFilter() might be
freed and thus stream->priv might not even exist when the control
get to virMutexLock() call.

To resolve this, grab an extra reference to the stream and handle
its cleanup should the refcounter reach zero after the deref.
If that's the case and we are the only ones holding a reference
to the stream, we MUST return a positive value to make
virNetServerClientDispatchRead() break its loop where it iterates
over filters. The problem is, if we did not do so, then
"filter = filter->next" line will read from a memory that was
just freed (freeing a stream also unregisters its filter).

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-29 15:00:15 +01:00
Peter Krempa
21986f5047 qemu: Fix indexes in statistics of iothreads
In commit 2ccb5335dc I've refactored how we fill the typed parameters
for domain statistics. The commit introduced a regression in the
formating of stats for IOthreads by using the array index to label the
entries as it's common for all other types of statistics rather than
the iothread IDs used for iothreads.

Since only the design of iothread deviates from the common approach used
in all other statistic types this was not caught.

https://bugzilla.redhat.com/show_bug.cgi?id=1778014

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-29 14:51:47 +01:00
Peter Krempa
06f5f60e9a lib: Fix documentation for the count field of VIR_DOMAIN_STATS_IOTHREAD
The original implementation used QEMU_ADD_COUNT_PARAM which added the
'count' suffix, but 'cnt' was documented. Fix the documentation to
conform with the original implementation.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-29 14:51:47 +01:00
Jiri Denemark
d802d9ab83 qemu: Fix migration without parameters
The virTypedParamsFilter function doesn't mind params == NULL if nparams
is zero. And there's no need to check for params == NULL && nparams > 0
because this is checked higher in the stack.

In fact all the virCheckNonNull* checks in virTypedParamsFilter are
useless.

https://bugzilla.redhat.com/show_bug.cgi?id=1777094

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-11-28 14:27:11 +01:00
Peter Krempa
d310b08697 qemu: blockjob: Finish handling job with broken data
Now that we have a separate job type which will not trigger normal code
paths for terminating job we can remove the ad-hoc handling.

This possibly fixes the issue of a broken job inheriting the disk and
then finishing in which case we'd not detach the backing chain.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-11-27 15:59:33 +01:00
Peter Krempa
e67e8c545a qemu: blockjob: Introduce "broken" block job type
To better track jobs we couldn't parse let's introduce a new job type
which will clarify semantics internally in few places.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-11-27 15:59:33 +01:00
Peter Krempa
2624c6d2d2 qemu: blockjob: Separate clearing of per-job data
We will need to clear per-job type data when we will be marking a
blockjob as broken in the new way. Extract the code for future reuse.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-11-27 15:59:33 +01:00
Peter Krempa
0cb3061943 qemu: blockjob: Don't stop processing the finished job early
Both failure to refresh and to dismiss the job are very unlikely but if
they happen there's not much we can do about the blockjob.

The concluded job handlers treat it as if the job failed if we don't
update the state to 'QEMU_BLOCKJOB_STATE_COMPLETED' which is probably
the safest thing to do here.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-11-27 15:59:33 +01:00
Peter Krempa
5b29c7dc27 qemu: blockjob: Mark job with broken data but tracked by qemu as reconnected
Otherwise it would get dropped later on as untracked despite us knowing
about it. Additionally since we cancelled it we must wait to dismiss it
which would not be possible if we unregister it. This also opened a
window for a race condition since the job state change event of the
just-cancelled job might be delivered prior to us unregistering the job
in which case everything would work properly.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-11-27 15:59:33 +01:00
Peter Krempa
f15d4cb1c8 qemu: blockjob: Log blockjobs which are dropped when untracked by qemu
Since we don't know what happened to the job we can't do much about it
but we can at least log that this happened.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-11-27 15:59:33 +01:00
Peter Krempa
8622498f6e qemu: blockjob: Fix deadlock when terminating job with invalid data
We must exit the monitor prior to refusing other work, otherwise the VM
object will become unusable.

This bug was introduced in commit v5.5.0-244-gc412383796 but thankfully
the code path was not excercised without QEMU_CAPS_BLOCKDEV.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-11-27 15:59:33 +01:00
Peter Krempa
ccde9ca1f4 qemu: process: Move block job refresh after async job recovery
Block jobs may be members of async jobs so it makes more sense to
refresh block job state after we do steps for async job recovery.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-11-27 15:59:33 +01:00
Peter Krempa
a887da529c qemu: blockjob: Properly propagate cancellation of blockjobs
qemu returns an error message in the job statistics even if the job was
cancelled to emphasize it was not successful. Libvirt didn't properly
transform it into QEMU_BLOCKJOB_STATE_CANCELLED though.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-11-27 15:59:33 +01:00
Peter Krempa
01270a9a5f qemu: monitor: Finish implementation of infrastructure for 'query-jobs'
Commit ed56851f1b didn't wire up fetching of the statistics for the
job which are reported by 'query-jobs'.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-11-27 15:59:33 +01:00
Daniel P. Berrangé
27660f7990 util: whitelist Oracle ACFS as a shared filesystem
The magic number is taken from the coreutils stat.c file since
there is no constant for it in normal system headers.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-27 14:19:57 +00:00
Daniel P. Berrangé
6881ef2e4e libxl: fix typo in error message
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-27 14:19:41 +00:00
Peter Krempa
a10eb61340 Revert "qemu: Don't repeat virDomainObjEndAPI in qemuDomainBlockPull"
This reverts commit 421c9550f5

qemuDomainBlockPullCommon calls virDomainObjEndAPI internally so the
original commit made us shed two references of @vm instead of one
getting us into a premature free of @vm.

This is not a straight revert as qemuDomainBlockPull was modified
meanwhile. I've also added a warning comment that @vm is consumed.

https://bugzilla.redhat.com/show_bug.cgi?id=1777230

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-27 14:19:50 +01:00
Michal Privoznik
c8579871a9 all: don't wait for driver lock during startup
There are two daemons that wait for acquiring their pid files:
virtnetworkd and virtstoraged. This is undesirable as the idea
is to quit early if unable to acquire the pid file.

Fixes: v5.6.0-rc1~207.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-26 15:46:47 +01:00
Laine Stump
9d6920bd7d net/qemu: move vlan/bandwidth validation out of network driver
In the past the network driver was (mistakenly) being called for all
interfaces, not just those of type='network', and so it had a chance
to validate all interface configs after the actual type of the
interface was known.

But since the network driver has been more completely/properly
separated from qemu, the network driver isn't called during the
startup of any interfaces except those with type='network', so this
validation no longer takes place for, e.g. <interface type='bridge'>
(or direct, etc). This in turn meant that a config could erroneously
specify a vlan tag, or bandwidth settings, for a type of interface
that didn't support it, and the domain would start without complaint,
just silently ignoring those settings.

This patch moves those validation checks out of the network driver,
and into virDomainActualNetDefValidate() so they will be done for all
interfaces, not just type='network'.

https://bugzilla.redhat.com/1741121
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-11-25 15:30:10 -05:00
Laine Stump
b03d9e9593 conf: add hypervisor agnostic, domain start-time, validation function for NetDef
<interface> devices (virDomainNetDef) are a bit different from other
types of devices in that their actual type may come from a network (in
the form of a port connection), and that doesn't happen until the
domain is started. This means that any validation of an <interface> at
parse time needs to be a bit liberal in what it accepts - when
type='network', you could think that something is/isn't allowed, but
once the domain is started and a port is created by the configured
network, the opposite might be true.

To solve this problem hypervisor drivers need to do an extra
validation step when the domain is being started. I recently (commit
3cff23f7, libvirt 5.7.0) added a function to peform such validation
for all interfaces to the QEMU driver -
qemuDomainValidateActualNetDef() - but while that function is a good
single point to call for the multiple places that need to "start" an
interface (domain startup, device hotplug, device update), it can't be
called by the other hypervisor drivers, since 1) it's in the QEMU
driver, and 2) it contains some checks specific to QEMU. For
validation that applies to network devices on *all* hypervisors, we
need yet another interface validation function that can be called by
any hypervisor driver (not just QEMU) right after its network port has
been created during domain startup or hotplug. This patch adds that
function - virDomainActualNetDefValidate(), in the conf directory,
and calls it in appropriate places in the QEMU, lxc, and libxl
drivers.

This new function is the place to put all network device validation
that 1) is hypervisor agnostic, and 2) can't be done until we know the
"actual type" of an interface.

There is no framework for validation at domain startup as there is for
post-parse validation, but I don't want to create a whole elaborate
system that will only be used by one type of device. For that reason,
I just made a single function that should be called directly from the
hypervisors, when they are initializing interfaces to start a domain,
right after conditionally allocating the network port (and regardless
of whether or not that was actually needed). In the case of the QEMU
driver, qemuDomainValidateActualNetDef() is already called in all the
appropriate places, so we can just call the new function from
there. In the case of the other hypervisors, we search for
virDomainNetAllocateActualDevice() (which is the hypervisor-agnostic
function that calls virNetworkPortCreateXML()), and add the call to our
new function right after that.

The new function itself could be plunked down into many places in the
code, but we already have 3 validation functions for network devices
in 2 different places (not counting any basic validation done in
virDomainNetDefParseXML() itself):

1) post-parse hypervisor-agnostic
   (virDomainNetDefValidate() - domain_conf.c:6145)
2) post-parse hypervisor-specific
   (qemuDomainDeviceDefValidateNetwork() - qemu_domain.c:5498)
3) domain-start hypervisor-specific
   (qemuDomainValidateActualNetDef() - qemu_domain.c:5390)

I placed (3) right next to (2) when I added it, specifically to avoid
spreading validation all over the code. For the same reason, I decided
to put this new function right next to (1) - this way if someone needs
to add validation specific to qemu, they go to one location, and if
they need to add validation applying to everyone, they go to the
other. It looks a bit strange to have a public function in between a
bunch of statics, but I think it's better than the alternative of
further fragmentation. (I'm open to other ideas though, of course.)

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-11-25 15:30:05 -05:00
Laine Stump
012624217e conf: change args/return values of remaining virDomainNetGetActual*() to const
These all just return a scalar value, so there's no daisy-chained
fallout from changing them, and they can easily be combined in a
single patch.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-11-25 15:30:00 -05:00
Laine Stump
fdcd273be2 conf: return a const from virDomainNetGetActualVirtPortProfile
This also isn't required (due to the vportprofile being stored in the
NetDef as a pointer rather than being directly contained), but it
seemed dishonest to not mark it as const (and thus permit users to
modify its contents)

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-11-25 15:29:56 -05:00
Laine Stump
583ac17f5d conf: make virDomainNetGetActualBandwidth arg/return value const
In this case, the virNetDevBandwidthPtr that is returned is not to a
region within the virDomainNetDef arg, but points elsewhere (the
NetDef has the pointer, not the entire object), so technically it's
not necessary to make the return value a const, but it's a bit
disingenuous to *not* do it.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-11-25 15:29:51 -05:00
Laine Stump
12207fcfcf conf: make virDomainNetGetActualVlan arg/return val const
This is needed if we want to call the function when the
virDomainNetDef* we have is a const.

Since virDomainNetGetActualVlan returns a pointer to memory that is
within the virDomainNetDefPtr arg, the returned pointer must also be
made const. This leads to a cascade of other virNetDevVlanPtr's that
must be changed to "const virNetDevVlan *".

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-11-25 15:29:46 -05:00
Laine Stump
1b029a929d qemu: add mac address to error messages in qemuDomainValidateActualNetDef
This makes it easier to understand which interface's config caused the
error.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-11-25 15:29:41 -05:00
Michal Privoznik
9b1d53d417 qemu_capabilities: Use proper free function for caps->cpuModels
The cpuModels member of _virQEMUCapsAccel struct is not a
virObject but regular struct with a free function defined:
qemuMonitorCPUDefsFree(). Use that when clearing parent structure
instead of virObjectUnref() to avoid a memleak:

==212322== 57,275 (48 direct, 57,227 indirect) bytes in 3 blocks are definitely lost in loss record 623 of 627
==212322==    at 0x4838B86: calloc (vg_replace_malloc.c:762)
==212322==    by 0x554A158: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.6000.6)
==212322==    by 0x17B14BF5: qemuMonitorCPUDefsNew (qemu_monitor.c:3587)
==212322==    by 0x17B27BA7: qemuMonitorJSONGetCPUDefinitions (qemu_monitor_json.c:5616)
==212322==    by 0x17B14B0B: qemuMonitorGetCPUDefinitions (qemu_monitor.c:3559)
==212322==    by 0x17A6AFBB: virQEMUCapsFetchCPUDefinitions (qemu_capabilities.c:2571)
==212322==    by 0x17A6B2CC: virQEMUCapsProbeQMPCPUDefinitions (qemu_capabilities.c:2629)
==212322==    by 0x17A70C00: virQEMUCapsInitQMPMonitorTCG (qemu_capabilities.c:4769)
==212322==    by 0x17A70DDF: virQEMUCapsInitQMPSingle (qemu_capabilities.c:4820)
==212322==    by 0x17A70E99: virQEMUCapsInitQMP (qemu_capabilities.c:4848)
==212322==    by 0x17A71044: virQEMUCapsNewForBinaryInternal (qemu_capabilities.c:4891)
==212322==    by 0x17A7119C: virQEMUCapsNewData (qemu_capabilities.c:4923)

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2019-11-25 17:13:05 +01:00
Jiri Denemark
24d8202294 qemu: Use host-model CPU on s390 by default
On s390 machines host-passthrough and host-model CPUs result in the same
guest ABI (with QEMU new enough to be able to tell us what "host" CPU is
expanded to, which was implemented around 2.9.0). So instead of using
host-passthrough CPU when there's no CPU specified in a domain XML we
can safely use host-model and benefit from CPU compatibility checks
during migration, snapshot restore and similar operations.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-25 15:29:19 +01:00
Jiri Denemark
0a24331c6e cpu_s390: Don't check match attribute for host-model CPUs
The match attribute is only relevant for custom mode CPUs. Reporting
failure when match == 'minimum' regardless on CPU mode can cause
unexpected failures. We should only report the error for custom CPUs. In
fact, calling virCPUs390Update on a custom mode CPU should always report
an error as optional features are not supported on s390 either.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-25 15:29:19 +01:00
Jiri Denemark
af8e39921a cpu_conf: Don't format empty model for host-model CPUs
Most likely for historical reasons our CPU def formatting code is
happily adding useless <model fallback='allow'/> for host-model CPUs. We
can just drop it.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-25 15:29:19 +01:00
Jiri Denemark
65fa7bba1a cpu_conf: Fix default value for CPU match attribute
Commit v0.8.4-66-g95ff6b18ec (9 years ago) changed the default value for
the cpu/@match attribute to 'exact' in a rather complicated way. It did
so only if <model> subelement was present and set -1 otherwise (which is
not expected to ever happen). Thus the following two equivalent XML
elements:

    <cpu mode='host-model'/>

and

    <cpu mode='host-model'>
      <model/>
    </cpu>

would be parsed differently. The former would end up with match == -1
while the latter would have match == 1 ('exact'). This is not a big deal
since the match attribute is ignored for host-model CPUs, but we can
simplify the code and make it a little bit saner anyway.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-25 15:29:19 +01:00
Pavel Mores
33a9757852 qemu: the actual change of default video devide type selection algorithm
If a graphics device was added to XML that had no video device, libvirt
automatically added a video device which was always of type 'cirrus' on
x86_64, even if the underlying qemu didn't support cirrus.

This patch refines a bit the decision about the type of the video device.
Based on QEMU capabilities, cirrus is still preferred but only added if
QEMU supports it, otherwise VGA is used if supported by QEMU.  There is now
no fallback as libvirt only aspires to generate a basic working config and
leaves anything more specific up to higher-level management tools.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Pavel Mores <pmores@redhat.com>
2019-11-25 08:47:08 -05:00
Pavel Mores
b648d96289 qemu: default video device type selection algoritm moved into its own function
The default video device type selection algorithm we're about to deploy will
increase the amount of code dedicated to the task by amount enough to warrant
factoring the whole thing into its own function so as not to pollute the
caller qemuDomainDeviceVideoDefPostParse().  Do it now so that the actual
algorithm change later on is in a clean commit by itself and easy to review.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Pavel Mores <pmores@redhat.com>
2019-11-25 08:47:08 -05:00
Erik Skultety
36a01c2a47 Revert "network: Check for QOS before blindly using it"
This reverts commit f4db846c32.

This patch results in the following error when trying to start
essentially any VM with default network:

unsupported configuration: QOS must be defined for network 'default'

Coverity didn't see that the bandwidth == NULL it complained about in
virNetDevBandwidthPlug was already checked properly in
networkCheckBandwidth, thus causing networkPlugBandwidth to return 0
and finish before a call to virNetDevBandwidthPlug would have been even
made.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-25 09:41:40 +01:00
Daniel P. Berrangé
bc7e72914a util: consolidate on one free callback for hash data
This previous commit introduced a simpler free callback for
hash data with only 1 arg, the value to free:

  commit 49288fac96
  Author: Peter Krempa <pkrempa@redhat.com>
  Date:   Wed Oct 9 15:26:37 2019 +0200

    util: hash: Add possibility to use simpler data free function in virHash

It missed two functions in the hash table code which need
to call the alternate data free function, virHashRemoveEntry
and virHashRemoveSet.

After the previous patch though, there is no code that
makes functional use of the 2nd key arg in the data
free function. There is merely one log message that can
be dropped.

We can thus purge the current virHashDataFree callback
entirely, and rename virHashDataFreeSimple to replace
it.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-22 14:21:28 +00:00
Daniel P. Berrangé
feef23e130 conf: stop using hash key when free'ing hash entries
The virChrdevHashEntryFree method uses the hash 'key'
as the name of the logfile it has to remove. By storing
a struct as the value which contains the stream and
the dev path, we can avoid relying on the hash key
when free'ing entries.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-22 14:21:16 +00:00
Peter Krempa
c6a9e54ce3 qemu: enable blockdev support
Now that all pieces are in place (hopefully) let's enable -blockdev.

We base the capability on presence of the fix for 'auto-read-only' on
files so that blockdev works properly, mandate that qemu supports
explicit SCSI id strings to avoid ABI regression and that the fix for
'savevm' is present so that internal snapshots work.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-22 12:51:27 +01:00
Peter Krempa
5b4b503be6 qemu: capabilities: Add detection of the 'savevm' fix for -blockdev
The 'savevm' HMP command didn't work properly with blockdev as it tried
to do snapshot of everything including the protocol nodes accessing
files which are not snapshottable. Qemu fixed this bug so now we need to
detect it to allow enabling blockdev.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-22 12:51:27 +01:00
Peter Krempa
e0300f92fc qemu: qapi: Add support for command features
The top level commands now can have 'feature' flags for fixes so add
support for querying those as well.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-22 12:51:27 +01:00
Peter Krempa
3460fef5a0 qemu: caps: Add capability for dynamic 'auto-read-only' support for files
Initial implementation of 'auto-read-only' didn't reopen the backing
files when needed. For '-blockdev' to work we need to be able to tel
qemu to open a file read-only and change it during blockjobs as we label
backing chains with a sVirt label which does not allow writing. The
dynamic auto-read-only supports this as it reopens files when writing
is demanded.

Add a capability to detect that the posix file based backends support
the dynamic part.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-22 12:51:27 +01:00
Peter Krempa
48e57cd632 qemu: caps: Base support of 'backingStoreInput' domain feature on QEMU_CAPS_BLOCKDEV
The qemu driver will obey <backingStore> when we support blockdev.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-22 12:51:27 +01:00
Peter Krempa
757203ee52 conf: domcaps: Add 'backingStoreInput' domain capability
Historically we've only supported the <backingStore> as an output-only
element for domain disks. The documentation states that it may become
supported on input. To allow management apps detectin once that happens
add a domain capability which will be asserted if the hypervisor driver
will be able to obey the <backingStore> as configured on input.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-22 12:51:27 +01:00
Michal Privoznik
8fa0374c5b qemuProcessStop: Remove image metadata for running mirror jobs
If user starts a blockcommit or a blockcopy then we modify access
for qemu on both images and leave it like that until the job
terminates.  So far so good. Problem is, if user instead of
terminating the job (where we would modify the access again so
that the state before the job is restored) calls destroy on the
domain or if qemu dies whilst executing the block job.  In this
case we don't ever clear the access we granted at the beginning.
To fix this, maybe a bit harsh approach is used, but it works:
after all labels were restored (that is after
qemuSecurityRestoreAllLabel() was called), we iterate over each
disk in the domain and remove XATTRs from the whole backing chain
and also from any file the disk is being mirrored to.

This would have been done at the time of pivot, but it isn't
because user decided to kill the domain instead. If we don't do
this and leave some XATTRs behind the domain might be unable to
start.

Also, secdriver can't do this because it doesn't know if there is
any job running. It's outside of its scope - the hypervisor
driver is responsible for calling secdriver's APIs.

Moreover, this is safe to call because we don't remember labels
for any member of a backing chain except of the top layer. But
that one was restored in qemuSecurityRestoreAllLabel() call done
earlier. Therefore, not only we don't remember labels (and thus
this is basically a NOP for other images in the backing chain) it
is also safe to call this when no blockjob was started in the
first place, or if some parts of the backing chain are shared
with some other domains - this is NOP, unless a block job is
active at the time of domain destroy.

https://bugzilla.redhat.com/show_bug.cgi?id=1741456#c19

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2019-11-22 10:48:14 +01:00
Michal Privoznik
1c12b86185 qemu: Separate image metadata removal into a function
There are four places where we remove image XATTRs and in all of
them we have the same for() loop with the same body. Move it into
a separate function because I'm about to introduce fifth place
where the same needs to be done.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2019-11-22 10:48:04 +01:00
Peter Krempa
86085c9a2f qemu: Instantiate pflash via -machine when using blockdev
Install the convertor function which enables the internals that will use
-blockdev to make qemu open the firmware image and stop using -drive.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-22 08:32:25 +01:00
Peter Krempa
c8eb99eebf qemu: command: Build the 'pflash' drives via -machine
The old way to instantiate a pflash device via -drive was a hack since
it's a platform device.

The modern approach calls for configuring it via -machine and takes the
node name as an argument.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-22 08:32:25 +01:00
Peter Krempa
7d2f942af9 qemu: command: Build -blockdev-s for backing of pflash
As a first step we will build the blockdevs which will be supposed to
back the pflash drives when moving away from -drive.

This code is similar to the way we build the blockdevs for the disk, but
skips the copy-on-read layer and doesn't implement any legacy approach.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-22 08:32:25 +01:00
Peter Krempa
11d13ad8cf qemu: domain: Introduce helper to convert <loader> into virStorageSource
Add a helper which will covert the PFLASH code file and variable file
into the virStorageSource objects stored in private data so that we can
use them with -blockdev while keeping the infrastructure to determine
the path to the loaders intact.

This is a temporary solution until we will want to do snapshots of the
pflash where we will be forced do track the full backing chain in the
XML.

In the meanwhile just convert it partially so that we can stop using
-drive.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-22 08:32:25 +01:00
Peter Krempa
07675b0100 qemu: domain: Store virStorageSources representing pflash backing
To allow converting the pflash drives to blockdev we will need a
virStorageSource to allow using our helpers. Temporarily prior to
coverting loader data to a virStorageSoruce add private data which will
house this.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-22 08:32:25 +01:00
Peter Krempa
316223b6ad qemu: command: Extract formatting of -drive for pflash
Extract the old way to instantiate pflash devices to hold the firmware
via -drive to a separate function so that it can later be conditionally
disabled when -blockdev will be used.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-22 08:32:23 +01:00
Peter Krempa
c78fadb57c domcaps: Remove function initializing domain caps as unsupported
Commit 5751a0b6b1 added a helper function
called virDomainCapsFeaturesInitUnsupported which initialized all domain
capability features as unsupported.

When adding a new feature this would initialize it as unsupported also
for hypervisor drivers which the original author possibly didn't intend
to modify. To prevent accidental wrong value being reported in such case
revert back to initializing individual features in the hypervisor
drivers themselves.

This is not a straight revert as additonal patches modified how we store
the capabilities.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-22 08:16:51 +01:00
Erik Skultety
d6064e2759 libvirt-<module>: Check caller-provided buffers to be NULL with size > 0
Pre-Glib era which used malloc allowed the size of the client-side
buffers to be declared as 0, because malloc documents that it can either
return 0 or a unique pointer on 0 size allocations.
With glib this doesn't work anymore, because glib documents that for
such allocation requests NULL is always returned which results in an
error in our public API checks server-side.
This patch complements the fix in the RPC layer by explicitly erroring
out on the following combination of args used by our legacy APIs (their
moder equivalents don't suffer from this):

function(caller-allocated-array, size, ...) {
    if (!caller-allocated-array && size > 0)
        return error;
}

treating everything else as a valid input and potentially let that fail
on the server-side rather than client-side.

https://bugzilla.redhat.com/show_bug.cgi?id=1772842

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-21 18:16:35 +01:00
Erik Skultety
bf2988235c rpc: gendispatch: Fix a couple of places adding trailing spaces
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-21 18:16:18 +01:00
Ján Tomko
5e067ba4e1 conf: remove NULL check from virDomainQemuMonitorEventNew
The qemu_domain_monitor_event_msg struct in qemu_protocol.x
defines event as a nonnull_string and qemuMonitorJSONIOProcessEvent
also errors out on a non-NULL event.

Drop the check to fix the build with static analysis.

This essentially reverts commit d343e8203d

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-21 12:44:23 +01:00
Christian Ehrhardt
36afd1a78e
virt-aa-helper: add rules for shmem devices
Shared memory devices need qemu to be able to access certain paths
either for the shared memory directly (mostly ivshmem-plain) or for a
socket (mostly ivshmem-doorbell).

Add logic to virt-aa-helper to render those apparmor rules based
on the domain configuration.

https://bugzilla.redhat.com/show_bug.cgi?id=1761645

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Acked-by: Jamie Strandboge <jamie@canonical.com>
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2019-11-21 08:26:56 +01:00
Christian Ehrhardt
d53f4d02d0
apparmor: let AppArmorSetSecurityImageLabel append rules
There are currently broken use cases, e.g. snapshotting more than one disk at
once like:
 $ virsh snapshot-create-as --domain eoan --disk-only --atomic
   --diskspec vda,snapshot=no  --diskspec vdb,snapshot=no
   --diskspec vdc,file=/test/disk1.snapshot1.qcow,snapshot=external
   --diskspec vdd,file=/test/disk2.snapshot1.qcow,snapshot=external
The command above will iterate from qemuDomainSnapshotCreateDiskActive and
eventually add /test/disk1.snapshot1.qcow first (appears in the rules)
to then later add /test/disk2.snapshot1.qcow and while doing so throwing
away the former rule causing it to fail.

All other calls to (re)load_profile already use append=true when adding
rules append=false is only used when restoring rules [1].

Fix this by letting AppArmorSetSecurityImageLabel use append=true as well.

Since this is removing a (unintentional) trigger to revoke all rules
appended so far we agreed on review to do some tests, but in the tests
no rules came back on:
- hot-plug
- hot-unplug
- snapshotting

Bugs:
https://bugs.launchpad.net/libvirt/+bug/1845506
https://bugzilla.redhat.com/show_bug.cgi?id=1746684

[1]: https://bugs.launchpad.net/libvirt/+bug/1845506/comments/13

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Acked-by: Jamie Strandboge <jamie@canonical.com>
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2019-11-21 08:26:07 +01:00
Christian Ehrhardt
9714f270f1
apparmor: refactor AppArmorSetSecurityImageLabel
A lot of the code in AppArmorSetSecurityImageLabel is a duplicate of
what is in reload_profile, this refactors AppArmorSetSecurityImageLabel
to use reload_profile instead.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Acked-by: Jamie Strandboge <jamie@canonical.com>
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2019-11-21 08:26:07 +01:00
Christian Ehrhardt
70cf0af7bf
apparmor: drop useless call to get_profile_name
reload_profile calls get_profile_name for no particular gain, lets
remove that call. The string isn't used in that function later on
and not registered/passed anywhere.

It can only fail if it either can't allocate or if the
virDomainDefPtr would have no uuid set (which isn't allowed).

Thereby the only "check" it really provides is if it can allocate the
string to then free it again.

This was initially added in [1] when the code was still in
AppArmorRestoreSecurityImageLabel (later moved) and even back then had
no further effect than described above.

[1]: https://libvirt.org/git/?p=libvirt.git;a=blob;f=src/security/security_apparmor.c;h=16de0f26f41689e0c50481120d9f8a59ba1f4073;hb=bbaecd6a8f15345bc822ab4b79eb0955986bb2fd#l487

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Acked-by: Jamie Strandboge <jamie@canonical.com>
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2019-11-21 08:26:06 +01:00
Christian Ehrhardt
9d38bce689
virt-aa-helper: clarify command line options
While only used internally from libvirt the options still are misleading
enough to cause issues every now and then.
Group modes, options and an adding extra file and extend the wording of
the latter which had the biggest lack of clarity.
Both add a file to the end of the rules, but one re-generates the
rules from XML and the other keeps the existing rules as-is not
considering the XML content.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Acked-by: Jamie Strandboge <jamie@canonical.com>
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2019-11-21 08:26:06 +01:00
Jiri Denemark
5e939cea89 qemu: Store default CPU in domain XML
When starting a domain without a CPU model specified in the domain XML,
QEMU will choose a default one. Which is fine unless the domain gets
migrated to another host because libvirt doesn't perform any CPU ABI
checks and the virtual CPU provided by QEMU on the destination host can
differ from the one on the source host.

With QEMU 4.2.0 we can probe for the default CPU model used by QEMU for
a particular machine type and store it in the domain XML. This way the
chosen CPU model is more visible to users and libvirt will make sure
the guest will see the exact same CPU after migration.

Architecture specific notes
- aarch64: We only set the default CPU for TCG domains as KVM requires
  explicit "-cpu host" to work.

- ppc64: The default CPU for KVM is "host" thanks to some hacks in QEMU,
  we will translate the default model to the model corresponding to the
  host CPU ("POWER8" on a Power8 host, "POWER9" on Power9 host, etc.).
  This is not a problem as the corresponding CPU model is in fact an
  alias for "host". This is probably not ideal, but it's not wrong and
  the default virtual CPU configured by libvirt is the same QEMU would
  use. TCG uses various CPU models depending on machine type and its
  version.

- s390x: The default CPU for KVM is "host" while TCG defaults to "qemu".

- x86_64: The default CPU model (qemu64) is not runnable on any host
  with KVM, but QEMU just disables unavailable features and starts
  happily.

https://bugzilla.redhat.com/show_bug.cgi?id=1598151
https://bugzilla.redhat.com/show_bug.cgi?id=1598162

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:07 +01:00
Jiri Denemark
d8e1d39663 conf: Define g_autoptr cleanup function for virCPUDef
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:06 +01:00
Jiri Denemark
ac89b0549e qemu: Use g_autoptr in qemuDomainDefPostParse
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:06 +01:00
Jiri Denemark
02e5cb0d1a qemu: Introduce virQEMUCapsGetMachineDefaultCPU
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:06 +01:00
Jiri Denemark
a882db7bea qemu: Probe for default CPU types
QEMU 4.2.0 will report default CPU types used by each machine type and
we will want to start using it.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:06 +01:00
Jiri Denemark
e41e3b29be qemu: Probe machine types for both KVM and TCG
Almost all TCG query-machines replies match KVM. The only exceptions are
4.2.0 replies on s390x which differ in the reported default CPU type.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:06 +01:00
Jiri Denemark
d5d2d8e34a qemu: Make probed machine types depend on accelerator
Some specifics of machine types may depend on the accelerator and thus
the data should be moved to virQEMUCapsAccel. The TCG machine types are
just copied from the ones probed for KVM to simplify the changes to
qemucapabilitiestest data files.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:06 +01:00
Jiri Denemark
518948997c qemu: Introduce virQEMUCapsCopyMachineTypes
The function copies machine type data from one QEMU caps structure to
another.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:06 +01:00
Jiri Denemark
4df4dcd270 qemu: Use typedef for virQEMUCapsMachineType
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:06 +01:00
Jiri Denemark
a068413e7c qemu: Move machine type data in capabilities cache
In preparation for making machine types dependent on the accelerator,
the <machine> elements are formatted between <cpu type='kvm'> and
<cpu type='tcg'>.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:06 +01:00
Jiri Denemark
de18836ea7 qemu: Pass virDomainVirtType to APIs dealing with machine types
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:06 +01:00
Jiri Denemark
4682197641 qemu: Split out virQEMUCapsFormatCache
All the code for formatting machine type data was moved to a standalone
virQEMUCapsFormatMachines function.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:06 +01:00
Jiri Denemark
299f12ad1f qemu: Split out virQEMUCapsLoadCache
All the code for loading machine type data was moved to a standalone
virQEMUCapsLoadMachines function.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:06 +01:00
Jiri Denemark
21b2025a0e qemu: Make virQEMUCapsIsMachineSupported static
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:06 +01:00
Jiri Denemark
42adc0b87d qemu: Make virQEMUCapsGetMachineTypesCaps static
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:06 +01:00
Jiri Denemark
c8fe9102fc qemu: Refactor probing of accelerator dependent data
To avoid duplicating code which selects the right virQEMUCapsAccel data
to be filled during probing.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:06 +01:00
Jiri Denemark
03828af3af qemu: Introduce virQEMUCapsProbeCPUDefinitionsTest
It is a tiny wrapper around virQEMUCapsProbeQMPCPUDefinitions which will
soon get private parameters and thus it cannot be exposed outside
qemu_capabilities.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:06 +01:00
Jiri Denemark
fa4db8ed6a qemu: Refactor virQEMUCapsFormatAccel
And make it use virQEMUCapsGetAccel once rather than repeating the same
code in all functions called from virQEMUCapsFormatAccel.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:06 +01:00
Jiri Denemark
4fd90d06e6 qemu: Refactor virQEMUCapsLoadAccel
And make it use virQEMUCapsGetAccel once rather than repeating the same
code in all functions called from virQEMUCapsLoadAccel.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:06 +01:00
Jiri Denemark
948d2fbb66 qemu: Drop virQEMUCapsGetHostCPUData
It was very similar to virQEMUCapsGetAccel.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:06 +01:00
Jiri Denemark
9a6fc6987c qemu: Introduce and use virQEMUCapsGetAccel
The function can be used to get the pointer to all data which depend on
the accelerator.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:06 +01:00
Jiri Denemark
8c9b93cd26 qemu: Introduce virQEMUCapsAccelClear
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:06 +01:00
Jiri Denemark
2e754ed694 qemu: Introduce virQEMUCapsAccelCopy
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:06 +01:00
Jiri Denemark
8f0948767b qemu: Introduce virQEMUCapsAccel structure
This is container for capabilities data that depend on the accelerator.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:06 +01:00
Jiri Denemark
fe893a19eb qemu: Add virQEMUCaps{Load,Format}Accel
The new functions are designed to load and format capabilities which
depend on the accelerator (host CPU expansion and CPU models).

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:06 +01:00
Jiri Denemark
34fc23a43b qemu: Drop unused virQEMUCapsGetDefaultMachine
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:06 +01:00
Jiri Denemark
94b9e68263 qemu: Store typename from query-cpu-definitions in qemuCaps
We need to create a mapping between CPU model names and their
corresponding QOM types.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:06 +01:00
Jiri Denemark
1f58d10197 conf: Drop virDomainCapsCPUModelsAddSteal
Both virDomainCapsCPUModelsAdd and virDomainCapsCPUModelsAddSteal are so
simple we can just squash the code in a single function.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:06 +01:00
Jiri Denemark
180ac4ca34 conf: Drop unused virDomainCapsCPUModelsFilter
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:06 +01:00
Jiri Denemark
bc0b22884a qemu: Switch qemuCaps to use qemuMonitorCPUDefs
We will need to keep some QEMU-specific data for each CPU model
supported by a QEMU binary. Instead of complicating the generic
virDomainCapsCPUModelsPtr, we can just directly store
qemuMonitorCPUDefsPtr returned by the capabilities probing code.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:06 +01:00
Jiri Denemark
857b88f5c3 qemu: Split virQEMUCapsFetchCPUModels
Most of the code moved to a new virQEMUCapsFetchCPUDefinitions function
and the existing virQEMUCapsFetchCPUModels just becomes a small wrapper
around virQEMUCapsFetchCPUDefinitions and virQEMUCapsCPUDefsToModels.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:05 +01:00
Jiri Denemark
76baa994b7 qemu: Rename virQEMUCaps{Get,Fetch}CPUDefinitions
The functions return virDomainCapsCPUModelsPtr and thus they should be
called *CPUModels for consistency. Functions called *CPUDefinitions will
work on qemuMonitorCPUDefsPtr.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:05 +01:00
Jiri Denemark
a8ca6b4dc4 qemu: Introduce virQEMUCapsCPUDefsToModels
The function translates qemuMonitorCPUDefsPtr (used by QEMU caps probing
code) into virDomainCapsCPUModelsPtr used by domain capabilities.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:05 +01:00
Jiri Denemark
b3ef7efaa5 qemu: Use virDomainCapsCPUUsable in qemuMonitorCPUDefInfo
While virDomainCapsCPUModel structure contains 'usable' field with
virDomainCapsCPUUsable type, the lower level structure specific to QEMU
driver used virTriStateBool for the same thing and we had to translate
between them.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:05 +01:00
Jiri Denemark
7f091cb6ed qemu: Use g_autofree in virQEMUCapsLoadCPUModels
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:05 +01:00
Jiri Denemark
ffcb39cbc1 qemu: Add qemuMonitorCPUDefsCopy
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:05 +01:00
Jiri Denemark
7e0a6ac04b qemu: Flatten qemuMonitorCPUDefs.cpus
Let's store qemuMonitorCPUDefInfo directly in the array of CPUs in
qemuMonitorCPUDefs rather then using an array of pointers.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:05 +01:00
Jiri Denemark
3aa53dcf01 qemu: Introduce qemuMonitorCPUDefs struct
It is a container for a CPU models list (qemuMonitorCPUDefInfo) and a
number of elements in this list.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:05 +01:00
Jiri Denemark
a94f67ee69 qemu: Change return type of virQEMUCapsFetchCPUDefinitions
The function would return a valid virDomainCapsCPUModelsPtr with empty
CPU models list if query-cpu-definitions exists in QEMU, but returns
GenericError meaning it's not in fact implemented. This behaviour is a
bit strange especially after such virDomainCapsCPUModels structure is
stored in capabilities XML and parsed back, which will result in NULL
virDomainCapsCPUModelsPtr rather than a structure containing nothing.

Let's just keep virDomainCapsCPUModelsPtr NULL if the QMP command is not
implemented and change the return value to int so that callers can
easily check for failure or success.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:05 +01:00
Jiri Denemark
fb35cbb329 qemu: Use g_autoptr in qemuMonitorJSONGetCPUDefinitions
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:05 +01:00
Jiri Denemark
7e3e31444c qemu: Use virQEMUCapsGetCPUDefinitions more
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:05 +01:00
Jiri Denemark
4d74990143 qemu: Filter models in virQEMUCapsGetCPUDefinitions
Some callers of virQEMUCapsGetCPUDefinitions will need to filter the
returned list of CPU models. Let's add the filtering parameters directly
to virQEMUCapsGetCPUDefinitions to avoid copying the CPU models list
twice.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:05 +01:00
Jiri Denemark
e20a11eecf qemu: Copy CPU models in virQEMUCapsGetCPUDefinitions
Rather than returning a direct pointer the list stored in qemuCaps the
function now creates a new copy of the CPU models list.

The main purpose of this seemingly useless change is to update callers
to free the result returned by virQEMUCapsGetCPUDefinitions because the
internals of this function will change significantly in the following
patches.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 17:22:05 +01:00
Daniel P. Berrangé
a5c72a0061 src: rewrite polkit ACL generator in Python
As part of a goal to eliminate Perl from libvirt build tools,
rewrite the genpolkit.pl tool in Python.

This was a straight conversion, manually going line-by-line to
change the syntax from Perl to Python. Thus the overall structure
of the file and approach is the same.

Tested-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-20 14:45:25 +00:00
Daniel P. Berrangé
a559ffec44 src: rewrite ACL rule checker in Python
As part of a goal to eliminate Perl from libvirt build tools,
rewrite the check-aclrules.pl tool in Python.

This was a straight conversion, manually going line-by-line to
change the syntax from Perl to Python. Thus the overall structure
of the file and approach is the same.

Tested-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-20 14:45:25 +00:00
Daniel P. Berrangé
c2d6e61d5a src: rewrite driver impl checker in Python
As part of a goal to eliminate Perl from libvirt build tools,
rewrite the check-driverimpls.pl tool in Python.

This was a straight conversion, manually going line-by-line to
change the syntax from Perl to Python. Thus the overall structure
of the file and approach is the same.

Tested-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-20 14:45:25 +00:00
Daniel P. Berrangé
4a5370ba41 src: rewrite driver name checker in Python
As part of a goal to eliminate Perl from libvirt build tools,
rewrite the check-drivername.pl tool in Python.

This was mostly a straight conversion, manually going line-by-line
to change the syntax from Perl to Python. Thus the overall structure
of the file and approach is the same.

In testing though it was discovered the existing code was broken
since it hadn't been updated after driver.h was split into many
files. Since the old code is being thrown away, the fix was done
as part of the rewrite rather than split into a separate commit.

Tested-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-20 14:45:25 +00:00
Daniel P. Berrangé
6f4f52d05f src: rewrite systemtap function generator in Python
As part of a goal to eliminate Perl from libvirt build tools,
rewrite the gensystemtap.pl tool in Python.

This was a straight conversion, manually going line-by-line to
change the syntax from Perl to Python. Thus the overall structure
of the file and approach is the same.

Tested-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-20 14:45:25 +00:00
Daniel P. Berrangé
952c018efe src: rewrite systemtap probe generator in Python
As part of a goal to eliminate Perl from libvirt build tools,
rewrite the dtrace2systemtap.pl tool in Python.

This was a straight conversion, manually going line-by-line to
change the syntax from Perl to Python. Thus the overall structure
of the file and approach is the same.

The "--with-modules" flag was dropped because this functionality
is not implicitly always enabled.

Tested-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-20 14:45:25 +00:00
Daniel P. Berrangé
d30a1ad044 src: rewrite symfile library checker in Python
As part of a goal to eliminate Perl from libvirt build tools,
rewrite the check-symfile.pl tool in Python.

This was a straight conversion, manually going line-by-line to
change the syntax from Perl to Python. Thus the overall structure
of the file and approach is the same.

Tested-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-20 14:45:25 +00:00
Daniel P. Berrangé
31276b3b27 src: rewrite symfile sorting checker in Python
As part of a goal to eliminate Perl from libvirt build tools,
rewrite the check-symsorting.pl tool in Python.

This was a straight conversion, manually going line-by-line to
change the syntax from Perl to Python. Thus the overall structure
of the file and approach is the same.

Tested-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-20 14:45:25 +00:00
Daniel P. Berrangé
312f232b17 src: rewrite ACL permissions checker in Python
As part of a goal to eliminate Perl from libvirt build tools,
rewrite the check-aclperms.pl tool in Python.

This was a straight conversion, manually going line-by-line to
change the syntax from Perl to Python. Thus the overall structure
of the file and approach is the same.

Tested-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-20 14:45:25 +00:00
Peter Krempa
e136236158 qemu: checkpoint: Use qemuMonitorTransactionBitmapMergeSourceAddBitmap
Use the new helper in qemuCheckpointDiscard rather than constructing the
array manually.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 15:43:11 +01:00
Michal Privoznik
cdd8a6690e qemu: Forcibly mknod() even if it exists
Another weird bug appeared concerning qemu namespaces. Basically
the problem is as follows:

1) Issue an API that causes libvirt to create a node in domain's
   namespace, say /dev/nvme0n1 with 8:0 as major:minor (the API can
   be attach-disk for instance). Or simply create the node from a
   console by hand.

2) Detach the disk from qemu.

3) Do something that makes /dev/nvme0n1 change it's minor number.

4) Try to attach the disk again.

The problem is, in a few cases - like disk-detach - we don't
remove the corresponding /dev node from the mount namespace
(because it may be used by some other disk's backing chain). But
this creates a problem, because if the node changes its MAJ:MIN
numbers we don't propagate the change into the domain's
namespace. We do plain mknod() and ignore EEXIST which obviously
is not enough because it doesn't guarantee that the node has
updated MAJ:MIN pair.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1752978

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-20 14:05:37 +01:00
Pavel Hrdina
f0da677956 bootstrap.conf: drop c-strcasestr gnulib module
Last usage was removed by commit
<41f88886198e231285cc813f8c0687c8ec5c9488> and commit
<0f4d31720430b4e3735064cc0d8f88a1a438e154> forgot to drop include.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 13:31:13 +01:00
Peter Krempa
a4762294b9 qemu: monitor: Remove non-transaction based dirty bitmap APIs
We replaced them by use of transaction to simplify possible failure
scenarios.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 13:24:54 +01:00
Peter Krempa
cec4e32998 qemu: checkpoint: Fix rollback and access to unlocked 'vm' when deleting checkpoints
Delete/merge bitmaps when deleting checkpoints using a 'transaction' so
that we don't have to deal with halfway-failed scenarios and also fix
access to 'vm' while in the monitor lock.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 13:24:54 +01:00
Jonathon Jongsma
7a69486c4d lib: fix documentation typo in virDomainGetGuestInfo()
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 09:13:52 +01:00
LanceLiu
8ecab214de remote_daemon_stream: Fix @client locking in daemonStreamFilter()
When dispatching a message read from client it is first passed
through registered filters. If one of the filters consumes the
message no further processing of the message is done. However,
the filter callbacks are called with the client object locked.
This breaks lock ordering in case of virStream filter, we always
acquire stream private data lock without the client object
locked. In other words, the daemonStreamFilter() does not follow
the lock ordering.

Signed-off-by: LanceLiu <liu.lance.89@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-19 16:09:53 +01:00
Daniel Henrique Barboza
adf9c3f952 vbox: remove unneeded cleanup labels
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-19 15:22:40 +01:00
Daniel Henrique Barboza
6c63adc4a0 qemu: remove unneeded cleanup labels
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-19 15:22:37 +01:00
John Ferlan
f4db846c32 network: Check for QOS before blindly using it
If networkAllocatePort calls networkPlugBandwidth eventually the
port->bandwidth would be passed to virNetDevBandwidthPlug which
requires that the parameter is non-NULL.  Coverity additionally
notes that since (!port->bandwidth) is checked earlier in the
networkAllocatePort method that the subsequent call to blindly
use if for a function that requires it needs to check.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-19 07:02:08 -05:00
John Ferlan
10881fac46 network: Use local variables in networkUpdatePortBandwidth
We go through the trouble of checking {old|new}Bandwidth[->in] and
storing the result in local @old_floor and @new_floor, but then
we don't use them. Instead we make derefs to the longer name. This
caused Coverity to note dereferencing newBandwidth->in without first
checking @newBandwidth like was done for new_floor could cause a
NULL dereference.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-19 07:02:02 -05:00
John Ferlan
d70024d0a6 util: Remove unnecessary check in virFileRewrite
Since g_strdup_printf will abort, we know @newfile won't be NULL.

Found by Coverity

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-19 07:01:32 -05:00
Michal Privoznik
6c37ee4da2 qemuProcessStop: Set @def early
The @def variable holds pointer to the domain defintion, but is
set only somewhere in the middle of the function. This is
suboptimal.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-11-19 10:25:56 +01:00
Ján Tomko
af5aa266ed g_mkstemp_full: pass O_RDWR
This flag is not implied by g_mkstemp_full, only by g_mkstemp.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reported-by: Bjoern Walk <bwalk@linux.ibm.com>
Fixes: 4ac4773040
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2019-11-18 18:49:02 +01:00
Erik Skultety
2816fe2e84 qemu: Fix NULL ptr dereference caused by qemuDomainDefFormatBufInternal
qemuDomainDefFormatBufInternal function wasn't testing whether the CPU
was actually defined in the XML and saving such a domain resulted in the
following backtrace:

0 in qemuDomainMakeCPUMigratable (cpu=0x0)
1 in qemuDomainDefFormatBufInternal()
2 in qemuDomainDefFormatXMLInternal()
3 in qemuDomainDefFormatLive()
4 in qemuDomainSaveInternal()
5 in qemuDomainSaveFlags()
6 in qemuDomainSave()
7 in virDomainSave()

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-18 14:32:49 +01:00
Pavel Hrdina
4c0398b528 qemu_process: fix starting VMs if machine group has limited cpuset.cpus
Commit <f136b83139c63f20de0df3285d9e82df2fb97bfc> reworked process
affinity setting but did not take cgroups into account which introduced
an issue when starting VM with custom cpuset.cpus for the whole machine
group.

If the machine group is limited to some pCPUs libvirt should not try to
set a VM to run on all pCPUs as it will result in permission denied when
writing to cpuset.cpus.

To fix this the affinity has to be set separately from cgroups cpuset.

Resolves: <https://bugzilla.redhat.com/show_bug.cgi?id=1746517>

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-18 10:41:44 +01:00
Michal Privoznik
02bf7cc68b virbpf: Fix typecast to __aligned_u64 type
In functions implemented here we fill this attr union (type of
bpf_attr) and just pass it to syscall(2). Thing is that some of
the union members are type of __aligned_u64. This is not regular
uint64_t. This one is explicitly aligned to 8 bytes, while
uint64_t can be aligned to 4 bytes (on 32 bits). We've used
explicit typecast to uint64_t to shut compiler which would
otherwise complain of assigning a pointer into an integer. Well,
we have uintptr_t just for that.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-18 08:59:13 +01:00
Michal Privoznik
c10b78370d vircgroupv2devices: Fix format string for size_t variable
In virCgroupV2DevicesReallocMap() we are debug printing both
arguments passed to the function. However, the @size argument is
type of size_t but '%lu' is used to format it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-18 08:53:30 +01:00
Michal Privoznik
c07a33bef9 virbpf: Check if syscall() is available
There are some OSes which don't have syscall() nor
<sys/syscall.h>. We already check for the header file in
configure phase, so we just need to add check for
HAVE_SYS_SYSCALL_H to HAVE_DECL_BPF_PROG_QUERY.

While I'm at it, some header files we are including are not
needed, so their includes can be safely dropped.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-16 06:39:23 +01:00
Jonathon Jongsma
889cd827ae conf: validate video resolution
Ensure that both x and y are non-zero when resolution is specified for a
video device.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
2019-11-15 13:30:56 -05:00
Jonathon Jongsma
026c2ffb50 conf: report errors when parsing video acceleration
Since this function is now only called when an 'acceleration' element is
present in the xml, any failure to parse the element will be considered
an error.

Previously, we detected some types of errors, but we would only log an
error (virReportError()), but still return a partially-specified accel
object to the caller. This patch returns NULL for all parsing errors and
reports that error back up to the caller.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
2019-11-15 13:30:56 -05:00
Jonathon Jongsma
754e4c24ec conf: report errors when parsing video resolution
The current code doesn't properly handle errors when parsing a video
device's resolution.  We were returning a NULL structure for the case
where 'x' or 'y' were missing. But for the other error cases, we were
logging an error (virReportError()), but still returning an
under-specified structure. That under-specified structure was used by
the calling function rather than properly reporting an error.

This patch changes the parse function to return NULL on any parsing
error and changes the calling function to report an error when NULL is
returned.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
2019-11-15 13:30:56 -05:00
Jonathon Jongsma
333cca0bfc conf: iterate video model children in parent function
Previously, we were passing the video "model" node to the "acceleration"
and "resolution" parsing functions and requiring them to iterate over
the children to discover and parse the appropriate node. It makes more
sense to move this responsibility up to the parent function and just
pass these functions the node that needs to be parsed.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
2019-11-15 13:30:55 -05:00
Miguel Ángel Arruga Vivas
a74df786a2 vircgroup: Ensure /machine group is associated with its parent
Call first virCgroupNew on the parent group virCgroupNewPartition if
it is available on before the creation of the child group.  This
ensures that the creation of a first level group on the unified
architecture, as the check at virCgroupV2ParseControllersFile as the
parent file is there.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1760233

Signed-off-by: Miguel Ángel Arruga Vivas <rosen644835@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-15 15:45:25 +01:00
Gregor Kopka
98f931de7c Allow a zfs pool or dataset as source for zfs storage backend
Enables hosting a pool on an existing zfs pool without affecting
other datasets there.
Specify dataset instead of pool as source to use.
Parent of dataset must exist for pool-build to succeed.
Beware that pool-delete destroys the source dataset and all children.

Solves: https://www.redhat.com/archives/libvirt-users/2017-April/msg00041.html

Signed-off-by: Gregor Kopka <gregor@kopka.net>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-15 15:25:53 +01:00
Pavel Hrdina
43b01ef2d6 replace use of gnulib snprintf by g_snprintf
Glib implementation follows the ISO C99 standard so it's safe to replace
the gnulib implementation.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2019-11-15 15:07:40 +01:00
Pavel Hrdina
8addef2bef vircgroupmock: mock virCgroupV2DevicesAvailable
We need to mock virCgroupV2DevicesAvailable() in order to remove any
dependency on kernel as BPF devices might not be available.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-15 12:58:43 +01:00
Pavel Hrdina
c359cb9aee vircgroup: workaround devices in hybrid mode
So the issue here is that you can end up with configuration where
you have cgroup v1 and v2 enabled at the same time and the devices
controllers is enabled for cgroup v1.

In cgroup v2 there is no devices controller, the device access is
controlled using BPF and since it is not a cgroup controller both
of them can exists at the same time and both of them are applied while
resolving access to devices.

In order to avoid configuring both BPF and cgroup v1 devices we will
use BPF if possible and otherwise fallback to cgroup v1 devices.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-15 12:58:43 +01:00
Pavel Hrdina
884479b42b vircgroup: introduce virCgroupV2DenyAllDevices
If we want to deny all devices we just need to replace any existing
program with new program with empty map.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-15 12:58:42 +01:00
Pavel Hrdina
285aefb31c vircgroup: introduce virCgroupV2AllowAllDevices
If we want to allow all devices with all permissions we need to replace
any existing program that has any rule configured, otherwise we just
need to add new rule which will for example allow read access to all
devices.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-15 12:58:41 +01:00
Pavel Hrdina
d5b09ce5d9 vircgroup: introduce virCgroupV2DenyDevice
In order to deny device we need to check if there is any entry in BPF
map and we need to load the current value from map if there is already
entry for that device.  If both values are same we can remove that entry
but if they are different we need to update the entry because we don't
have to deny all access, but for example only write access.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-15 12:58:40 +01:00
Pavel Hrdina
5d49651912 vircgroup: introduce virCgroupV2AllowDevice
In order to allow device we need to create key and value which will be
used to update BPF map.  virBPFUpdateElem() can override existing
entries in BPF map so we need to check if that entry exists in order to
track number of entries in our map.

This can add rule for specific device but major and minor can be both
-1 which follows the same behavior as in cgroup v1.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-15 12:58:39 +01:00
Pavel Hrdina
b18b0ce609 vircgroup: introduce virCgroupV2DevicesGetKey
Device rules are stored in BPF map that is a hash type, this function
will create a key based on major and minor id of device.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-15 12:58:38 +01:00
Pavel Hrdina
63cfe7b84d vircgroup: introduce virCgroupV2DeviceGetPerms
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-15 12:58:37 +01:00
Pavel Hrdina
6a24bd75ed vircgroup: introduce virCgroupV2DevicesRemoveProg
We need to close our FD that we have for BPF program and map in order
to let kernel remove all resources once the cgroup is removed as well.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-15 12:58:34 +01:00
Pavel Hrdina
ef747499a5 vircgroup: introduce virCgroupV2DevicesPrepareProg
This function will be called for every virCgroup(Allow|Deny)* API in
order to prepare BPF program for guest.  Since libvirtd can be restarted
at any point we will first try to detect existing progam, if there is
none we will create a new empty BPF program and lastly if we don't have
any space left in the existing BPF map we will create a new copy of the
BPF map with more space and attach a new program with that map into the
guest cgroup.

This solution allows us to start with reasonably small BPF map consuming
only small amount of memory and if needed we can easily extend the BPF
map if there is a lot of host devices used in guest or if user wants to
hot-plug a lot of devices once the guest is running.

Since there is no way how to reallocate existing BPF map we need to
create a new copy if we run out of space in current BPF map.

This overcomes all the limitations in BPF:

    - map used in program has to be created before the program is loaded
      into kernel

    - once map is created you cannot change its size

    - you cannot replace map in existing program

    - you cannot use an array of maps because it can store FD to maps
      of one specific size so we would not be able to use it to overcome
      the second issue

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-15 12:58:33 +01:00
Pavel Hrdina
afa2788662 vircgroup: introduce virCgroupV2DevicesCreateProg
This function creates new BPF program with new empty BPF map with the
default size and attaches it to the guest cgroup.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-15 12:58:32 +01:00
Pavel Hrdina
ce11a5c59f vircgroup: introduce virCgroupV2DevicesDetectProg
This function will be called if libvirtd was restarted while some
domains were running.  It will try to detect existing programs attached
to the guest cgroup.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-15 12:58:31 +01:00
Pavel Hrdina
48423a0b5d vircgroup: introduce virCgroupV2DevicesAttachProg
This function loads the BPF prog with prepared map into kernel and
attaches it into guest cgroup.  It can be also used to replace existing
program in the cgroup if we need to resize BPF map to store more rules
for devices. The old program will be closed and removed from kernel.

There are two possible ways how to create BPF program:

    - One way is to write simple C-like code which can by compiled into
      BPF object file which can be loaded into kernel using elfutils.

    - The second way is to define macros which look like assembler
      instructions and can be used directly to create BPF program that
      can be directly loaded into kernel.

Since the program is not too complex we can use the second option.

If there is no program, all devices are allowed, if there is some
program it is executed and based on the exit status the access is
denied for 0 and allowed for 1.

Our program will follow these rules:

    - first it will try to look for the specific key using major and
      minor to see if there is any rule for that specific device

    - if there is no specific rule it will try to look for any rule that
      matches only major of the device

    - if there is no match with major it will try the same but with
      minor of the device

    - as the last attempt it will try to look for rule for all devices
      and if there is no match it will return 0 to deny that access

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-15 12:58:05 +01:00
Pavel Hrdina
30b6ddc44c vircgroup: introduce virCgroupV2DevicesAvailable
There is no exact way how to figure out whether BPF devices support is
compiled into kernel.  One way is to check kernel configure options but
this is not reliable as it may not be available.  Let's try to do
syscall to which will list BPF cgroup device programs.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-15 12:58:04 +01:00
Pavel Hrdina
07946d6e39 util: introduce virbpf helpers
In order to implement devices controller with cgroup v2 we need to
add support for BPF programs, cgroup v2 doesn't have devices controller.

This introduces required helpers wrapping linux syscalls.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-15 12:58:00 +01:00
Jonathon Jongsma
95f5ac9ae5 Add API to change qemu agent response timeout
Some layered products such as oVirt have requested a way to avoid being
blocked by guest agent commands when querying a loaded vm. For example,
many guest agent commands are polled periodically to monitor changes,
and rather than blocking the calling process, they'd prefer to simply
time out when an agent query is taking too long.

This patch adds a way for the user to specify a custom agent timeout
that is applied to all agent commands.

One special case to note here is the 'guest-sync' command. 'guest-sync'
is issued internally prior to calling any other command. (For example,
when libvirt wants to call 'guest-get-fsinfo', we first call
'guest-sync' and then call 'guest-get-fsinfo').

Previously, the 'guest-sync' command used a 5-second timeout
(VIR_DOMAIN_QEMU_AGENT_COMMAND_DEFAULT), whereas the actual command that
followed always blocked indefinitely
(VIR_DOMAIN_QEMU_AGENT_COMMAND_BLOCK). As part of this patch, if a
custom timeout is specified that is shorter than
5 seconds,  this new timeout is also used for 'guest-sync'. If there is
no custom timeout or if the custom timeout is longer than 5 seconds, we
will continue to use the 5-second timeout.

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-14 19:10:01 +01:00
Ján Tomko
ef88698668 Use g_mkdtemp instead of mkdtemp
Prefer the GLib version to the one from gnulib.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2019-11-14 19:02:31 +01:00
Ján Tomko
4ac4773040 Use g_mkstemp_full instead of mkostemp(s)
With g_mkstemp_full, there is no need to distinguish between
mkostemp and mkostemps (no suffix vs. a suffix of a fixed length),
because the GLib function looks for the XXXXXX pattern everywhere
in the string.

Use S_IRUSR | S_IWUSR for the permissions and do not pass O_RDWR
in flags since it's implied.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2019-11-14 19:02:31 +01:00
Ján Tomko
b96e0dbba9 util: use GRegex in virStringMatch
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2019-11-14 17:45:40 +01:00
Ján Tomko
9c76dd3a2e util: use GRegex in virStringSearch
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2019-11-14 17:45:40 +01:00
Ján Tomko
514b2b272b util: use GRegex for virLogRegex
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2019-11-14 17:45:40 +01:00
Ján Tomko
039d26fcb0 util: use GRegex in virCommandRunRegex
This saves us from allocating vars upfront, since GLib deals with
that for us.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2019-11-14 17:45:40 +01:00
Ján Tomko
70d6994679 storage: use GRegex virStorageBackendLogicalParseVolExtents
Using GRegex simplifies the code since g_match_info_fetch will
copy the matched substring for us.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2019-11-14 17:45:40 +01:00
Ján Tomko
815db3ea58 libxl: remove 'ret' from xenParseSxprVifRate
Now that the cleanup section is empty, the ret variable is no longer
necessary.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2019-11-14 17:45:40 +01:00
Ján Tomko
c4ac8e4168 libxl: use GRegex in xenParseSxprVifRate
Use GRegex from GLib instead of regcomp.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2019-11-14 17:45:40 +01:00
Ján Tomko
5c98d442df libxl: use g_autofree in xenParseSxprVifRate
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2019-11-14 17:45:40 +01:00
Ján Tomko
77d228468d libxl: use GRegex in libxlGetAutoballoonConf
Replace the use of regcomp with GRegex.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2019-11-14 17:45:40 +01:00
Ján Tomko
5c89468ff2 remove unused regex.h includes
The code using regexes got moved, but the include stayed.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2019-11-14 17:45:40 +01:00
Ján Tomko
8aa0f8e6dc libxl: do not use G_REGEX_EXTENDED
This flag is not needed to use extended regular expression syntax
with GRegex and it makes GRegex ignore whitespace in the regex.

Remove the unintended usage, even though it should not matter in this
case.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2019-11-14 17:45:40 +01:00
Jonathon Jongsma
4b95738c8f qemu: add 'ramfb' attribute for mediated devices
The 'ramfb' attribute provides a framebuffer to the guest that can be
used as a boot display for the vgpu

For example, the following configuration can be used to provide a vgpu
with a boot display:

    <hostdev mode='subsystem' type='mdev' model='vfio-pci' display='on' ramfb='on'>
        <source>
            <address uuid='$UUID'/>
        </source>
    </hostdev>

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
2019-11-14 11:37:50 -05:00
Jonathon Jongsma
c66f2be6f1 qemu: use domain caps to validate video device model
As suggested by Cole, this patch uses the domain capabilities to
validate the supported video model types. This allows us to remove the
model type validation from qemu_process.c and qemu_domain.c and
consolidates it all in a single place that will automatically adjust
when new domain capabilities are added.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
2019-11-14 11:37:50 -05:00
Jonathon Jongsma
42cc3eb912 qemu: move validation of video accel to qemu_domain.c
Continue consolidation of video device validation started in previous
patch.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
2019-11-14 11:37:50 -05:00
Jonathon Jongsma
425310d1c8 qemu: validate vhost-user video backend in qemu_domain.c
The goal is to move all of the video device validation to a single place
and use domain caps to validate the supported video device models. Since
qemuDomainDeviceDefValidateVideo() is called from
qemuProcessStartValidate(), these changes should not change anny
behavior.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
2019-11-14 11:37:50 -05:00
Jonathon Jongsma
d5e9f47e76 qemu: set domain capability for video type "none"
In a follow-up commit, we will use the domain capabilities to validate
video device configurations, which means that we also need to make sure
that the domain capabilities include the "none" video device.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
2019-11-14 11:37:50 -05:00
Jonathon Jongsma
eecab2e80b qemu: set domain capability for ramfb device
commit 9bfcf0f62d added the
QEMU_CAPS_DEVICE_RAMFB capability but did not set the domain capability.
This patch sets the domain capability for the ramfb device and updates
the tests.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
2019-11-14 11:37:50 -05:00
Jonathon Jongsma
c69e6edea3 qemu: use g_autoptr in qemuDomainDeviceDefValidate()
This allows us to simplify the function and avoid jumping to 'cleanup'.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
2019-11-14 11:37:50 -05:00
Jonathon Jongsma
ed831437af qemu: fix domain device validation
When the virDomainCapsDeviceDefValidate() function returned an error
status (-1), we were aborting the function early, but returning the
default return value (0). This patch properly returns an error in that
case.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
2019-11-14 11:37:50 -05:00
Jim Fehlig
2552752f0b libxl: Fix lock manager lock ordering
The ordering of lock manager locks in the libxl driver has a flaw that was
uncovered by a migration error path. In the perform phase of migration, the
source host calls virDomainLockProcessPause to release the lock before
sending the VM to the destination host. If the send fails an attempt is made
to reacquire the lock with virDomainLockProcessResume, but that too can fail
if the destination host has not finished cleaning up the failed VM and
releasing the lock it acquired when starting to receive the VM.

This change delays calling virDomainLockProcessResume in libxlDomainStart
until the VM is successfully created, but before it is unpaused. A similar
approach is used by the qemu driver, avoiding the need to release the lock
if VM creation fails. In the migration perform phase, releasing the lock
with virDomainLockProcessPause is delayed until the VM is successfully
sent to the destination, which avoids reacquiring the lock if the send
fails.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-11-14 09:08:54 -07:00
Daniel Henrique Barboza
6ab3d0b9ea qemu: hotplug: remove unused cleanup labels
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-14 10:46:57 -05:00
Daniel Henrique Barboza
54c17f8498 qemu: hotplug: use g_autoptr() with virConnectPtr
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-14 10:46:57 -05:00
Michal Privoznik
1b0de07f41 virhostuptime: Wrap virHostGetBootTimeProcfs() call in an ifdef
The virHostGetBootTimeProcfs() function is defined only for Linux
and therefore it's only call should also be done if we're on
Linux.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-14 16:42:51 +01:00
Peter Krempa
ffd151d17b qemu: domcaps: Simplify adding new domaincaps based on qemu caps
Add a helper which converts qemu emulator capabilities to the domain
capability XML. This will simplify future additions of new features.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-14 15:50:43 +01:00
Peter Krempa
caa6dc3b31 domaincaps: Store domain capability features in an array
Declare the capabilities as enum values and store them in an array. This
makes adding new features more straightforward and simplifies the
formatter which now doesn't require changing.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-14 15:50:43 +01:00
Peter Krempa
ae92101be4 qemu: domcaps: Initialize all features
While the qemu driver currently implements all domain capability
features, we should initialize all features using the helper similarly
to how we do it in drivers which don't support any.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-14 15:50:43 +01:00
Peter Krempa
5751a0b6b1 domcaps: Add function for initializing domain caps as unsupported
For future extensions of the domain caps it's useful to have a single
point that initializes all capabilities as unsupported by a driver. The
driver then can enable specific ones.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-14 15:50:43 +01:00
Peter Krempa
f2316d8d26 conf: domaincaps: Use virXMLFormatElement in virDomainCapsFormatFeatures
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-14 15:50:43 +01:00
Peter Krempa
8bc9131b1a conf: domaincaps: Extract formatting of the <features> subelement
Extract it to virDomainCapsFormatFeatures so that the main function does
not get so bloated over time.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-14 15:50:43 +01:00
Peter Krempa
c4940317ef conf: domaincaps: Replace FORMAT_SINGLE macro by a function
Introduce qemuDomainCapsFeatureFormatSimple which does exactly the same
thing but it's a function.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-14 15:50:43 +01:00
Peter Krempa
38bc2e8c1b util: file: Replace use of 'strsep' with virStringSplit
Use our helper instead of the gnulib one.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-14 15:50:43 +01:00
Peter Krempa
4bb2c51a9c util: file: Use more obvious logic in virFindFileInPath
Make it more obvious that the function will return NULL if the file is
not executable and stop reusing variables.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-14 15:50:43 +01:00
Peter Krempa
6eac0c5436 util: file: Use g_autofree in virFindFileInPath
Simplify the final lookup loop by freeing memory automatically and thus
being able to directly return the result.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-14 15:50:43 +01:00
Peter Krempa
1a288c7e8a rpc: use virStringSplit instead of strsep
When parsing allowed authentication methods for the native ssh lib
transports we used strsep. Since we have virStringSplit helper let's use
that one.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-14 15:50:43 +01:00
Michal Privoznik
070d6969fe virhostuptime: Add linux stub for musl
When we want to know the boot timestamp of the host, we can call
virHostGetBootTime(). Under the hood, it uses getutxid() which is
defined by POSIX and properly check for in configure. However,
musl took a path where it declares the function but instead of
providing any useful implementation it returns NULL meaning "no
record found". If that's the case, use our second best option -
/proc/uptime and a bit of maths.

https://bugzilla.redhat.com/show_bug.cgi?id=1760885

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-11-14 15:20:38 +01:00
Jiri Denemark
18eeb75daf conf: Drop nameLen parameter from virDomainCapsCPUModelsAdd
All callers use nameLen == -1 anyway.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-14 15:13:38 +01:00
Jiri Denemark
537768a7ca conf: Use VIR_AUTO* in virDomainCapsCPUModelsAdd
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-14 15:08:33 +01:00
Jidong Xia
9ec64b591e qemu: cold-plug of sound
With this patch users can cold plug some sound devices.
use "virsh attach-device vm sound.xml --config" command.
Consider the following sound.xml for a domain:
    <sound model='ich6'>
         <address type='pci' domain='0x0000' bus='0x00' slot='xxx' function='0'/>
    </sound>

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Jidong Xia <xiajidong@cmss.chinamobile.com>
2019-11-14 08:42:59 -05:00
Mao Zhongyi
35e1547870 qemu/qemu_migration_params: use virStringParseYesNo helper
A function virStringParseYesNo was added to convert
string 'yes' to true and 'no' to false, so use this
helper to replace 'STREQ(.*, \"yes\")' and
'STREQ(.*, \"no\")' as it allows us to drop several
repetitive if-then-else string->bool conversion blocks.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Mao Zhongyi <maozhongyi@cmss.chinamobile.com>
Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com>
2019-11-14 08:14:50 -05:00
Mao Zhongyi
5da6615baf conf/network_conf: use virStringParseYesNo helper
A function virStringParseYesNo was added to convert
string 'yes' to true and 'no' to false, so use this
helper to replace 'STREQ(.*, \"yes\")' and
'STREQ(.*, \"no\")' as it allows us to drop several
repetitive if-then-else string->bool conversion blocks.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Mao Zhongyi <maozhongyi@cmss.chinamobile.com>
Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-14 08:14:50 -05:00
Mao Zhongyi
7ae802ebb3 conf/domain_conf: use virStringParseYesNo helper
This helper performs a conversion from a "yes|no" string
to a corresponding boolean, and several conversions were
already done, but there are still some omissions.

For most of the remaining usages in domain_conf.c only
"yes" is explicitly checked for. This means all other
values are implicitly handled as 'false'. In this case,
use virStringParseYesNo to handle the conversion and
reserve the original logic of not raise an error, so
ignore the return value of helper.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Mao Zhongyi <maozhongyi@cmss.chinamobile.com>
Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com>
2019-11-14 08:14:50 -05:00
Ján Tomko
a8ee07e0d1 qemu: use GUINT32_SWAP_LE_BE
Use this GLib macro instead of bswap_32 from gnulib.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2019-11-14 14:06:49 +01:00
Ján Tomko
ec07893a5f util: use g_vsnprintf
Instead of vsnprintf from gnulib, use g_vsnprintf from GLib.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2019-11-14 14:06:49 +01:00
Peter Krempa
5ff6eb5dc7 util: pidfile: Replace 'areadlink' by 'g_file_read_link'
Use the glib function rather than gnulib.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-14 12:42:10 +01:00
Peter Krempa
f95ef9248a util: pidfile: Sanitize return values of virPidFileReadPathIfAlive
The callers don't actually use the returned errno for reporting errors.

Additionally virFileResolveAllLinks returns -1 rather than -errno on
error thus you'd get a spurious EPERM even on other errors.

Don't try to return errno in this case.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-14 12:42:10 +01:00
Peter Krempa
b13e45911d util: pidfile: Sanitize return values of virPidFileReadIfAlive
Return -1 on failure rather than -errno since none of the callers
actually cares about the return value. This specifically fixes returns
of -ENOMEM in cases of bad usage, which would report wrong error
anyways.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-14 12:42:09 +01:00
Peter Krempa
19cfd7e598 qemu: gpu: Sanitize error values in qemuVhostUserGPUGetPid
The caller doesn't care about the actual return value, so return -1
rather than errno.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-14 12:42:09 +01:00
Peter Krempa
e22d844ef7 qemu: tpm: Sanitize error values in qemuTPMEmulatorGetPid
The callers don't care about the actual return value, so return -1
rather than errno.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-14 12:42:09 +01:00
Peter Krempa
c3ce83678c qemu: tpm: Use g_autofree in qemuTPMEmulatorGetPid
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-14 12:42:09 +01:00
Peter Krempa
1900936fe6 util: file: Remove virFileReadLink
The function is unused so we can remove it.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-14 12:42:09 +01:00
Peter Krempa
794c9ec535 qemu: domain: Use g_file_read_link instead of virFileReadLink
In an effort to remove as much gnulib usage as possible let's
reimplement virFileReadLink. Since it's used in two places only I opted
to open-code it.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-14 12:42:09 +01:00
Peter Krempa
f6cccece48 qemu: snapshot: Fix inactive external snapshots when backing chain is present
The inactive external snapshot code replaced the file name in the
virStorageSource but did not touch the backing files. This meant that
after an inactive snapshot the backing chain recorded in the inactive
XML (which is used with -blockdev) would be incorrect.

Fix it by adding a new layer if there is an existing chain and replacing
the virStorageSource struct fully when there is no chain.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-14 12:42:09 +01:00
Peter Krempa
b036834eae qemu: blockjob: Transfer 'readonly' state of images after active layer block commit
When commiting a different image becomes the disk source. Since we store
the readonly flag per-image we must update it to the same state the
original image had.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-14 12:42:09 +01:00
Daniel Henrique Barboza
f46eb511a2 qemu_hotplug.c: user-friendlier setvcpus timeout error message
The current 'setvcpus' timeout message requires a deeper
understanding of QEMU/Libvirt internals to proper react to it.
One who knows how setvcpus unplug work (it is an asynchronous
operation between QEMU and guest that Libvirt can't know for
sure if it failed, unless an explicit error happened during the
timeout period) will read the message and not assume a failed
operation. But the regular user, most often than not, will read
it and believe that the unplug operation failed.

This leads to situations where the user isn't exactly relieved
when accessing the guest and seeing that the unplug operation
worked. Instead, the user feel mislead by the timeout message
setvcpus threw.

Changing the timeout message to let the user know that the
unplug status is not known, and manual inspection in the guest
is required, is not a silver bullet. But it gives a more
realistic expectation of what happened, as best as we can tell
from Libvirt side anyways.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-13 15:03:40 -05:00
Daniel Henrique Barboza
2fe78a833e qemu: Remove qemu_hotplugpriv.h and qemuDomainRemoveDeviceWaitTime
qemu_hotplugpriv.h is a header file created to share a global variable
called 'qemuDomainRemoveDeviceWaitTime', declared in qemu_hotplug.c,
to other files that would want to change the timeout value
(currently, only tests/qemuhotplugtest.c).

Previous patch deprecated the variable, using qemu_driver->unplugTimeout
to set the timeout instead. This means that the header file is now
unused, and can be safely discarded.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-13 15:03:40 -05:00
Daniel Henrique Barboza
e03e27ee08 qemu_hotplug.c: adding qemuDomainGetUnplugTimeout
For some architectures and setups, device removal can take
longer than the default 5 seconds. This results in commands
such as 'virsh setvcpus' to fire timeout messages even if
the operation were successful in the guest, confusing the
user.

This patch sets a new 10 seconds unplug timeout for PPC64
guests. All other archs will keep the default 5 seconds
timeout.

Instead of putting 'if PPC64' conditionals inside qemu_hotplug.c
to set the new timeout value, a new function called
qemuDomainGetUnplugTimeout was added. The timeout value is then
retrieved when needed, by passing the correspondent DomainDef
object. This approach allows for different guest architectures
to have distint unplug timeout intervals, regardless of the
host architecture. This design also makes it easier to
modify/enhance the unplug timeout logic in the future
(allow for special timeouts for TCG domains, for example).

A new mock file was created to work with qemuhotplugtest.c,
given that the test timeout is significantly shorter than
the actual timeout value in qemu_hotplug.c.

The now unused 'qemuDomainRemoveDeviceWaitTime' global can't
be simply erased from qemu_hotplug.c though. Next patch will
remove it properly.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Suggested-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-13 15:03:40 -05:00
Jonathon Jongsma
4670f062c2 conf: use glib allocation when parsing video props
In preparation for some other improvements, switch to using glib
allocation and g_autofree when parsing the 'acceleration' and
'resolution' properties of the video device.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
2019-11-13 13:10:47 -05:00
Jonathon Jongsma
90c737bbd9 conf: remove unnecessary NULL checks
Just above in the function, we return from the function if either x or y
are NULL, so there's no need to re-check whether x or y are NULL.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
2019-11-13 13:10:46 -05:00
Julio Faracco
52d805117a conf: Fix memory leak caused by missing VIR_FREE for video resolution.
Commit 72862797 introduced resolution settings for QEMU video drivers.
It includes a new structure inside video definition. So, the code needs
to clear pointer allocation for that structure into clear function
virDomainVideoDefClear(). This commit adds this missing VIR_FREE().

Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com>
Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
2019-11-13 13:08:25 -05:00
Ján Tomko
fa061c92ec Remove VIR_STRNDUP usage that subtracts from a non-NULL pointer
Use g_strndup in all the cases where we check upfront whether a pointer
is non-NULL and then use it to calculate the copied length.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-13 17:01:38 +01:00
Ján Tomko
05e33d4f54 Remove VIR_STRNDUP usage that passes -1
Replace all the usage of
  VIR_STRNDUP(dest, b, p ? p - b : -1)
with separate calls to g_strndup/g_strdup.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-13 17:01:38 +01:00
Ján Tomko
9985679c0a Remove VIR_STRDUP usage that snuck in
Fixes: 224d269f19

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-13 17:01:38 +01:00
Ján Tomko
54dd093837 locking: fix build with older sanlock
../../src/locking/lock_driver_sanlock.c:106:17: error: incompatible pointer types
assigning to 'char **' from 'char *' [-Werror,-Wincompatible-pointer-types]
        message = g_strdup_printf(_("sanlock error %d"), err);
                ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fixes: b1d58418aa

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2019-11-13 09:52:37 +01:00
Peter Krempa
48b68470c8 util: buffer: remove virBufferSetChildIndent
Promote usage of separate buffers for separate formatting passes by
removing the now unused virBufferSetChildIndent.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-13 09:10:30 +01:00
Peter Krempa
e8bed23d15 conf: domain: Convert child buffers to use VIR_BUFFER_INIT_CHILD
Use the new helper to initialize child XML element buffers.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-13 09:10:30 +01:00
Peter Krempa
619fac2ea6 conf: cpu: Convert child buffers to use VIR_BUFFER_INIT_CHILD
Use the new helper to initialize child XML element buffers.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-13 09:10:30 +01:00
Peter Krempa
4a0ccab772 conf: caps: sysinfo: Convert child buffers to use VIR_BUFFER_INIT_CHILD
Use the new helper to initialize child XML element buffers.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-13 09:10:30 +01:00
Peter Krempa
186e247b4c util: sysinfo: Convert child buffers to use VIR_BUFFER_INIT_CHILD
Use the new helper to initialize child XML element buffers.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-13 09:10:30 +01:00
Peter Krempa
107f7a2d16 qemu: domain: Convert child buffers to use VIR_BUFFER_INIT_CHILD
Use the new helper to initialize child XML element buffers.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-13 09:10:30 +01:00
Peter Krempa
15dc77082d util: buffer: Add init macro for automatically setting child XML indent
Add a new macro which initializes a virBuffer on the stack and also sets
the indent level to be used for child XML element formatting.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-13 09:10:29 +01:00
Peter Krempa
9a2ca9c947 conf: capabilities: Refactor API for setting guest capability features
Remove the need to pass around strings and switch to the enum values
instead.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-13 08:19:37 +01:00
Peter Krempa
7a6e7bad1c conf: Refactor storage of guest capabilities
The capabilities are declared in the XML schema so passing feature names
as strings from hypervisor drivers makes no sense.

Additionally some of the features expose so called 'toggles' while
others not. This knowledge was encoded by a bunch of 'STREQ's in the
formatter.

Change all of this by declaring the features as an enum and use it
instead of a dynamically allocated array.

Presence of 'toggles' is encoded together with the conversion strings
rather than in the formatter directly.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-13 08:16:04 +01:00
Peter Krempa
09afb14a82 qemu: driver: Remove unused 'driver' from qemuDomainSnapshotFSFreeze/Thaw
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-13 08:15:02 +01:00
Jiri Denemark
9cd03f7957 cpu_map: Drop pconfig from Icelake-Server CPU model
The pconfig feature was enabled in QEMU by accident in 3.1.0. All other
newer versions do not support it and it was removed from the
Icelake-Server CPU model in QEMU.

We don't normally change our CPU models even when QEMU does so to avoid
breaking migrations between different versions of libvirt. But we can
safely do so in this specific case. QEMU never supported enabling
pconfig so any domain which was able to start has pconfig disabled.

With a small compatibility hack which explicitly disables pconfig when
CPU model equals Icelake-Server in migratable domain definition, only
one migration scenario stays broken (and there's nothing we can do about
it): from any host to a host with libvirt < 5.10.0 and QEMU > 3.1.0.

https://bugzilla.redhat.com/show_bug.cgi?id=1749672

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-12 20:14:16 +01:00
Jiri Denemark
ca1a5d041e cpu_map: Drop comments about ospke
QEMU does not support setting this feature on the command line anymore.
We don't need to explain why it is not included in CPU models then.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-12 20:14:16 +01:00
Jiri Denemark
ac34e14159 qemu: Drop disabled CPU features unknown to QEMU
When a CPU definition wants to explicitly disable some features that are
unknown to QEMU, we can safely drop them from the definition before
starting QEMU. Naturally QEMU won't enable such features implicitly.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-12 20:14:16 +01:00
Jiri Denemark
668797dc5c cpu_conf: Pass policy to CPU feature filtering callbacks
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-12 20:14:15 +01:00
Daniel Henrique Barboza
2f7d81497b bhyve_device.c: remove unneeded cleanup labels
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-12 17:54:01 +01:00
Daniel Henrique Barboza
77e6f13c1e bridge_driver.c: remove unneeded cleanup labels
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-12 17:54:01 +01:00
Daniel Henrique Barboza
775f34c8bf libxl_driver.c: remove unneeded cleanup label
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-12 17:54:01 +01:00
Daniel Henrique Barboza
e19f6cb7f2 libvirt.c: remove unneeded cleanup label
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-12 17:54:01 +01:00
Daniel Henrique Barboza
93af79fba3 util: remove unneeded cleanup labels
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-12 17:54:01 +01:00
Daniel Henrique Barboza
5b05d99dab vz_sdk.c: remove unneeded cleanup label
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-12 17:54:01 +01:00
Daniel Henrique Barboza
2d13431d45 rpc: remove unneeded cleanup labels
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-12 17:54:01 +01:00
Daniel Henrique Barboza
215007f24f qemu_monitor_json.c: remove unneeded cleanup label
qemuMonitorJSONBlockIoThrottleInfo uses a macro called
GET_THROTTLE_STATS that's defined outside of the function,
which references a 'cleanup' label. GET_THROTTLE_STATS is
only used inside qemuMonitorJSONBlockIoThrottleInfo (in fact,
the macro is undef right after it) thus it is safe to erase
the 'cleanup' reference inside the macro, then proceed
with the usual cleanup label removal inside
qemuMonitorJSONBlockIoThrottleInfo.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-12 17:54:01 +01:00
Daniel Henrique Barboza
9c3748d3c2 secret_driver.c: remove unneeded cleanup label
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-12 17:54:01 +01:00
Daniel Henrique Barboza
5231b480d4 node_device: remove unneeded cleanup labels
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-12 17:54:01 +01:00
Daniel Henrique Barboza
64b8d27e9a lxc: remove unneeded cleanup labels
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-12 17:54:01 +01:00
Daniel Henrique Barboza
c5d86a9834 remote: remove unneeded cleanup labels
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-12 17:54:01 +01:00
Daniel Henrique Barboza
7868643275 nwfilter: remove unneeded cleanup labels
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-12 17:54:01 +01:00
Daniel Henrique Barboza
abd2899d73 storage: remove unneeded cleanup labels
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-12 17:54:01 +01:00
Daniel Henrique Barboza
3814e767d5 conf: remove unneeded cleanup labels
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-12 17:54:01 +01:00
Bjoern Walk
3666d7ac69 qemu: hotplug: ensure address generation for vfio-ccw
When attaching a mediated host device of model vfio-ccw without
specifying a guest-address, none is generated by libvirt. Let's fix this
and make sure to generate a device address during live-hotplug.

Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Signed-off-by: Bjoern Walk <bwalk@linux.ibm.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-12 16:43:14 +01:00
Michal Privoznik
33ed622106 Drop virVasprintf()
Now that function is no longer used, it can be dropped.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-12 16:15:59 +01:00
Michal Privoznik
a067916975 virstring: Drop virVasprintfQuiet()
This macro is no longer used and therefore can be dropped.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-12 16:15:59 +01:00
Michal Privoznik
dd98a6edb9 Drop virAsprintf()
Now that function is no longer used, it can be dropped.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-12 16:15:59 +01:00
Michal Privoznik
a028630620 virstring: Drop virAsprintfQuiet()
This macro is no longer used and therefore can be dropped.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-12 16:15:59 +01:00
Michal Privoznik
8eaa708991 Use g_strdup_vprintf() instead of virVasprintf() everywhere
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-12 16:15:59 +01:00
Michal Privoznik
d36a15f963 Use g_strdup_printf instead of virAsprintf everywhere
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-12 16:15:59 +01:00
Michal Privoznik
06030f05bb vz: Use g_strdup_printf() instead of virAsprintf()
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-12 16:15:58 +01:00
Michal Privoznik
3bfb359944 vmx: Use g_strdup_printf() instead of virAsprintf()
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-12 16:15:58 +01:00
Michal Privoznik
adca67448e vmware: Use g_strdup_printf() instead of virAsprintf()
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-12 16:15:58 +01:00
Michal Privoznik
24d213b03c vbox: Use g_strdup_printf() instead of virAsprintf()
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-12 16:15:58 +01:00
Michal Privoznik
837f5619e7 secret: Use g_strdup_printf() instead of virAsprintf()
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-12 16:15:58 +01:00
Michal Privoznik
91d88aaf23 util: Use g_strdup_printf() instead of virAsprintf()
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-12 16:15:58 +01:00
Michal Privoznik
ad1118ebd2 test: Use g_strdup_printf() instead of virAsprintf()
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-12 16:15:58 +01:00
Michal Privoznik
930cae510b storage: Use g_strdup_printf() instead of virAsprintf()
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-12 16:15:58 +01:00
Michal Privoznik
2e9fe8b9a7 security: Use g_strdup_printf() instead of virAsprintf()
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-12 16:15:58 +01:00
Michal Privoznik
c684b3c7e8 rpc: Use g_strdup_printf() instead of virAsprintf()
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-12 16:15:58 +01:00
Michal Privoznik
2b41a017ab remote: Use g_strdup_printf() instead of virAsprintf()
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-12 16:15:58 +01:00
Michal Privoznik
d4e5b98330 qemu: Use g_strdup_printf() instead of virAsprintf()
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-12 16:15:58 +01:00
Michal Privoznik
183a60aa75 phyp: Use g_strdup_printf() instead of virAsprintf()
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-12 16:15:58 +01:00
Michal Privoznik
e5caed83bd openvz: Use g_strdup_printf() instead of virAsprintf()
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-12 16:15:58 +01:00