Commit Graph

27636 Commits

Author SHA1 Message Date
Peter Krempa
7b2163c8bf qemu: backup: integrate with blockpull
Merge the bitmaps when finalizing a block pull job so that backups work
properly afterwards.

https://bugzilla.redhat.com/show_bug.cgi?id=1799010

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-07-07 12:58:19 +02:00
Peter Krempa
981222b682 conf: backup: Don't explicitly forbid backup of read-only disk
Users may want to use this to create a full backup or even incremental
if the checkpoints are pre-existing. We still will not allow to create a
checkpoint on a read-only disk as that makes no sense.

https://bugzilla.redhat.com/show_bug.cgi?id=1840053

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-07-07 12:58:19 +02:00
Peter Krempa
423711aef2 qemu: domain: Setup secret for TLS key for nbd/vxhs disks
Setup the TLS secret when preparing a virStorageSource for use.

https://bugzilla.redhat.com/show_bug.cgi?id=1602328

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-07-07 12:58:19 +02:00
Peter Krempa
470d322e0c qemu: conf: Add configuration of TLS key encryption for 'vxhs' and 'nbd' disks
Until now libvirt didn't allow using encrypted TLS key for disk clients.

Add fields for configuring the secret and propagate defaults.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-07-07 12:58:19 +02:00
Peter Krempa
7fa772bfd7 qemu block: Add internals for handling 'secret' corresponding to TLS key
Add infrastructure for hot- and cold-plug of the secret object holding
decryption key for the TLS key.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-07-07 12:58:19 +02:00
Peter Krempa
a3cbbc5afb qemu: domain: Add infrastructure passing in TLS key's decryption key via 'secret'
Store the required data in the private data of a storage source and
ensure that the 'alias' of the secret is formatted in the status XML.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-07-07 12:58:18 +02:00
Peter Krempa
cd0dc1c19f virQEMUDriverConfigLoadSpecificTLSEntry: Split up fetching of server-only config options
The '*_tls_x509_verify' options are relevant only when we are going to
expose a server socket as client sockets always enable verification.

Split up the macro to separate the common bits from the server bits so
that when we'll later extend support of 'nbd' and 'vxhs' disks which are
client only we can reuse the existing macros.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-07-07 12:58:18 +02:00
Peter Krempa
94b5e9ebf6 virQEMUDriverConfigLoadSpecificTLSEntry: Move fetching of 'chardev_tls' above macro
Move the extraction of the config value so that it makes more sense
after upcoming refactors.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-07-07 12:58:18 +02:00
Peter Krempa
473b97abac qemu: conf: Move 'nbd' and 'vxhs' tls config variables together with rest of tls setup
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-07-07 12:58:18 +02:00
Peter Krempa
72fdba7ffd qemu.conf: Remove misleading mention of 'migrate_tls'
There's no such parameter. Reword the sentence to account for enabling
TLS-encrypted migration using API flags.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-07-07 12:58:18 +02:00
Peter Krempa
7bfb85cf1d qemuDomainDiskHasEncryptionSecret: unexport
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-07-07 12:58:18 +02:00
Peter Krempa
47be725719 qemu: domain: Introduce helper for always fetching virStorageSource private data
Add a helper which will always return the storage source private data
even if it was not allocated before.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-07-07 12:58:18 +02:00
Laine Stump
852ee1950a util: remove OOM error log from virGetHostnameImpl()
The strings allocated in virGetHostnameImpl() are all allocated via
g_strdup(), which will exit on OOM anyway, so the call to
virReportOOMError() is redundant, and removing it allows slight
modification to the code, in particular the cleanup label can be
eliminated.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-07-05 00:01:07 -04:00
Laine Stump
59afd0b0bc conf: eliminate useless error label in virDomainFeaturesDefParse()
The error: label in this function just does "return -1", so replace
all the "goto error" in the function with "return -1".

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-07-04 23:58:53 -04:00
Laine Stump
ab9fd53823 network: use proper arg type when calling virNetDevSetOnline()
The 2nd arg to this function is a bool, not an int.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-07-04 23:54:28 -04:00
Laine Stump
e95dd7aacd network: make networkDnsmasqXmlNsDef private to bridge_driver.c
This struct isn't used anywhere else.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-07-04 23:53:48 -04:00
Laine Stump
9ceb3cff85 network: fix memory leak in networkBuildDhcpDaemonCommandLine()
hostsfilestr was not being freed. This will be turned into g_autofree
in an upcoming patch converting a lot more of the same file to using
g_auto*, but I wanted to make a separate patch for this first so the
other patch is simpler to review (and to make backporting easier).

The leak was introduced in commit 97a0aa2467

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-07-04 23:52:34 -04:00
Laine Stump
a726feb693 use g_autoptr for all xmlBuffers
AUTOPTR_CLEANUP_FUNC is set to xmlBufferFree() in util/virxml.h (This
is actually new - added accidentally (but fortunately harmlessly!) in
commit 257aba2daf. I had added it along with the hunks in this patch,
then decided to remove it and submit separately, but missed taking out
the hunk in virxml.h)

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-07-04 23:50:38 -04:00
Laine Stump
b7a92bce07 conf, vmx: check for OOM after calling xmlBufferCreate()
Although libvirt itself uses g_malloc0() and friends, which exit when
there isn't enouogh memory, libxml2 uses standard malloc(), which just
returns NULL on OOM - this means we must check for NULL on return from
any libxml2 functions that allocate memory.

xmlBufferCreate(), for example, might return NULL, and we don't always
check for it. This patch adds checks where it isn't already done.

(NB: Although libxml2 has a provision for changing behavior on OOM (by
calling xmlMemSetup() to change what functions are used to
allocating/freeing memory), we can't use that, since parts of libvirt
code end up in libvirt.so, which is linked and called directly by
applications that may themselves use libxml2 (and may have already set
their own alternate malloc()), e.g. drivers like esx which live totally
in the library rather than a separate process.)

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-07-04 23:48:34 -04:00
Michal Privoznik
201f8d1876 virConnectGetAllDomainStats: Document two vcpu stats
When introducing vcpu.<num>.wait (v1.3.2-rc1~301) and
vcpu.<num>.halted (v2.4.0-rc1~36) the documentation was
not written.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2020-07-03 18:39:18 +02:00
Daniel P. Berrangé
7fa7f7eeb6 util: add access check for hooks to fix running as non-root
Since feb83c1e71 libvirtd will abort on
startup if run as non-root

  2020-07-01 16:30:30.738+0000: 1647444: error : virDirOpenInternal:2869 : cannot open directory '/etc/libvirt/hooks/daemon.d': Permission denied

The root cause flaw is that non-root libvirtd is using /etc/libvirt for
its hooks. Traditionally that has been harmless though since we checked
whether we could access the hook file and degraded gracefully. We need
the same access check for iterating over the hook directory.

Long term we should make it possible to have an unprivileged hook dir
under $HOME.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-07-01 18:54:21 +01:00
Michal Privoznik
db4b24b692 domain_conf: Remove zPCI validation from formatter
In 076591009a a validation code was added to
virDomainDeviceInfoFormat() which reports an error if zPCI
address entered in was incomplete. But, there are two problems
with this approach.

The first problem is the placement of the code - it doesn't
belong into XML formatter rather than XML validator.

The second one is that at the point of formatting XML the post
parse callback has run and thus filled in required info.
Therefore this check can never do something useful and instead of
moving it into validator, it's removed completely.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2020-06-29 13:44:00 +02:00
Michal Privoznik
90c9b90aee qemu_validate: Fix how qemuValidateDomainDeviceDefZPCIAddress() is called
To make the code future proof, the rest of the
qemuValidateDomainDeviceDefAddress() has to be executed (even
though there is nothing there yet) instead of returning directly.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2020-06-29 12:38:24 +02:00
Daniel Henrique Barboza
d482cf6bef domain_conf.c: skip checking ZPCI address is incomplete if not present
Commit 076591009a ("conf: fix zPCI address auto-generation on
s390") is doing a check for virZPCIDeviceAddressIsIncomplete()
prior to checking if the device has a ZPCI address at all. This
results in errors like these when starting libvirt:

  error : virDomainDeviceInfoFormat:7527 : internal error:
  Missing uid or fid attribute of zPCI address

Fix it by moving virZPCIDeviceAddressIsIncomplete() after the
check done by virZPCIDeviceAddressIsPresent().

Fixes: 076591009a
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2020-06-27 15:24:58 +02:00
Shalini Chellathurai Saroja
5f9dd9d866 qemu: move ZPCI uid validation into device validation
The ZPCI device validation is specific to qemu. So, let us move the
ZPCI uid validation out of domain xml parsing into qemu domain device
validation.

Signed-off-by: Shalini Chellathurai Saroja <shalini@linux.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2020-06-26 18:53:51 +02:00
Shalini Chellathurai Saroja
076591009a conf: fix zPCI address auto-generation on s390
Let us fix the issues with zPCI address validation and auto-generation
on s390.

Currently, there are two issues with handling the ZPCI address
extension. Firstly, when the uid is to be auto-generated with a
specified fid, .i.e.:

    ...
    <address type='pci'>
        <zpci fid='0x0000001f'/>
    </address>
    ...

we expect uid='0x0001' (or the next available uid for the domain).
However, we get a parsing error:

    $ virsh define zpci.xml
    error: XML error: Invalid PCI address uid='0x0000', must be > 0x0000
    and <= 0xffff

Secondly, when the uid is specified explicitly with the invalid
numerical value '0x0000', we actually expect the parsing error above.
However, the domain is being defined and the uid value is silently
changed to a valid value.

The first issue is a bug and the second one is undesired behaviour, and
both issues are related to how we (in-band) signal invalid values for
uid and fid. So let's fix the XML parsing to do validation based on what
is actually specified in the XML.

The first issue is also related to the current code behaviour, which
is, if either uid or fid is specified by the user, it is incorrectly
assumed that both uid and fid are specified. This bug is fixed by
identifying when the user specified ZPCI address is incomplete and
auto-generating the missing ZPCI address.

Signed-off-by: Bjoern Walk <bwalk@linux.ibm.com>
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Signed-off-by: Shalini Chellathurai Saroja <shalini@linux.ibm.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2020-06-26 18:53:51 +02:00
Shalini Chellathurai Saroja
c125556c12 conf: use g_autofree to ensure automatic cleanup
Signed-off-by: Bjoern Walk <bwalk@linux.ibm.com>
Signed-off-by: Shalini Chellathurai Saroja <shalini@linux.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2020-06-26 18:31:09 +02:00
Daniel P. Berrangé
d73cd87e81 lxc: replace use of term 'slave' filesystem mount setup
Refer to the notion of mount propagation instead which describes
the actual behaviour more clearly.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-26 15:39:34 +01:00
Daniel P. Berrangé
a6e10dbd0b lxc: remove use of the terms 'master' and 'slave' in PTY setup
The two sides of a PTY can be referred to as primary and secondary
TTYs.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-26 15:39:34 +01:00
Daniel P. Berrangé
bd2502ce8f qemu: remove use of the terms 'master' and 'slave' when iterating CPUs
When querying QEMU we have to iterate over two nested sets
of CPUs. The terms "main vcpu" and "sub vcpu" are a good
representation.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-26 15:39:34 +01:00
Daniel P. Berrangé
1421463e94 util: remove use of the terms 'master' and 'slave' in PTY code
The two sides of a PTY can be referred to as primary and  secondary
TTYs.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-26 15:39:34 +01:00
Daniel P. Berrangé
90a10912e2 nodedev: remove use of the term 'blacklist' from enumeration code
The term "ignored" is a better choice for the filtering performed
on devices from udev.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-26 15:39:33 +01:00
Daniel P. Berrangé
e8645610c8 util: rename method to virKModIsProhibited
This new naming matches the terminology used in the error
messages that the callers report.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-26 15:39:33 +01:00
Daniel P. Berrangé
7b977686d4 qemu: remove use of the terms 'whitelist' and 'blacklist' from CPU code
When listing CPU models, we need to filter the data based on sets
of permitted and forbidden CPU models.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-26 15:38:38 +01:00
Daniel P. Berrangé
11fc562951 cgroup: remove use of the term 'whitelist' from cgroup code
The term "access control list" better describes the concept involved.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-26 15:37:51 +01:00
Daniel P. Berrangé
5f75ec90fe rpc: remove use of the term 'whitelist' from RPC code
The term "access control list" better describes the concept involved.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-26 15:36:40 +01:00
Jonathon Jongsma
6c560b2d3a qemu: ramfb video device doesn't support PCI address
Although a ramfb video device is not a PCI device, we don't currently
report an error for ramfb device definitions containing a PCI address.
However, a guest configured with such a device will fail to start:

    # virsh start test1
    error: Failed to start domain test1
    error: internal error: qemu unexpectedly closed the monitor: 2020-06-16T05:23:02.759221Z qemu-kvm: -device ramfb,id=video0,bus=pcie.0,addr=0x1: Device 'ramfb' can't go on PCIE bus

A better approach is to reject any device definitions that contain PCI
addresses.  While this is a change in behavior, any existing
configurations were non-functional.

https://bugzilla.redhat.com/show_bug.cgi?id=1847259

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
2020-06-25 19:47:41 -04:00
Michal Privoznik
fe3840eac7 qemuDomainDeviceNetDefPostParse: Switch order of conditions
A few commits back (in v6.4.0-131-gbdb8f2e418) the post parse
function for domain interface was changed so that it doesn't fill
in model for hostdev types of interfaces (including network type
interfaces which would end up hostdevs).

While the idea is sound, the execution can be a bit better:
virDomainNetResolveActualType() which is used to determine
runtime type of given interface is heavy gun - it connects to
network driver, fetches network XML, parses it. This all is
followed by check whether the interface doesn't already have
model set (from domain XML).

If we switch the order of these two checks then the short circuit
evaluation will ensure the expensive check is done only if really
needed.

This commit in fact fixes qemuxml2xmltest which due to lacking
fake network driver tries to connect to network:///session and
start the virtnetworkd. Fortunately, because of
v6.3.0-25-gf28fbb05d3 it fails to do so and
virDomainNetResolveActualType() returns -1. The only reason we
don't see the test failing is because our input XMLs have model
and thus we are saved by the latter (now former) check.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2020-06-25 16:21:26 +02:00
Laine Stump
8c6dba054b qemu: auto-assign hostdev devices to PCIe
Until recently, an <interface type='network'> would automatically be
assigned model "rtl8139", which in turn would lead to the device being
assigned a PCI address on a conventional PCI controller (i.e. a
pcie-to-pci-bridge). If the network was a typical Linux host
bridge-based network that used an emulated device, this would be
appropriate, since the guest actually would get an emulated rtl8139
NIC, and that device is a conventional PCI device.

However, if the network being used was a pool of hostdev devices, the
guest would get an actual PCIe network device assigned from the host
via VFIO; while the interface model in that case is irrelevant for the
QEMU commandline to assign the device, the PCI address would have
already been assigned prior to runtime, so the address assignment
would be done based on the model='rtl8139' - a conventional PCI
device. VFIO assignment of a PCIe device to a conventional PCI slot
works, but we would rather have these devices in a PCIe slot.

Since commit bdb8f2e418, if <interface type='network'> points to a
etwork that is a pool of hostdev devices, the interface model will be
_unset_ by default. This patch uses that information when deciding
what type of slot to assign to the device: since all hostdev network
interfaces are SR-IOV VFs, and *all* SR-IOV network cards are PCIe, it
is safe to assume that the VFs are PCIe and we should assign then to a
PCIe slot in the guest.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2020-06-24 23:26:42 -04:00
Prathamesh Chavan
d66f2be2ab qemu_domainjob: moved domain job APIs to a separate file
All the domain job related APIs were present in `qemu_domain.c`
along with the other domain APIs. In this patch, we move all the
qemu domain job APIs into a separate file.

Also, in this process, `qemuDomainTrackJob()`,
`qemuDomainFreeJob()`, `qemuDomainInitJob()` and
`qemuDomainObjSaveStatus()` were converted to a non-static
funciton and exposed using `qemu_domain.h`.

Signed-off-by: Prathamesh Chavan <pc44800@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-06-24 18:09:18 +02:00
Prathamesh Chavan
6d0b1d2df5 qemu_domain: Avoid using qemuDomainObjPrivatePtr as parameter
In functions `qemuDomainObjInitJob`, `qemuDomainObjResetJob`,
`qemuDomainObjResetAgentJob`, `qemuDomainObjResetAsyncJob`,
`qemuDomainObjFreeJob`, `qemuDomainJobAllowed`,
`qemuDomainNestedJobAllowed` we avoid sending the complete
qemuDomainObjPrivatePtr as parameter and instead just send
qemuDomainJobObjPtr.

This is done in a effort to separating the qemu-job APIs into
a spearate file.

Signed-off-by: Prathamesh Chavan <pc44800@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-06-24 18:09:14 +02:00
Michal Privoznik
9ed345ac1a leaseshelper: Report more errors
Some functions or code paths that may fail don't report error
(e.g. when acquiring PID file fails) leading to a silent quit
of the leaseshelper. This makes it super hard for us and users
to debug what is happening. Fortunately, dnsmasq captures both
stdout and stderr so we can write an error message there.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-24 16:08:03 +02:00
Michal Privoznik
876211ef4a leaseshelper: Wait to acquire PID file
On a DHCP transaction, dnsmasq runs our leases helper which
updates corresponding JSON files. While one dnsmasq won't run the
leaseshelper in parallel, two dnsmasqs (from two distinct
networks) might. To avoid corrupting JSON file, the leaseshelper
acquires PID file first. Well, the way it's acquiring it is not
ideal - it calls virPidFileAcquirePath(wait = false); which
means, that either it acquires the PID file instantly or returns
an error and does not touch the JSON at all. This in turn means
that there might be a leases record missing. With wait = true,
this won't happen.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1840307

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-24 16:08:03 +02:00
Daniel P. Berrangé
5331c4804f qemu: fix missing error reports in capabilities probing
The "virsh domcapabilities --arch ppc64" command will fail with no
error message set if qemu-system-ppc64 is not currently installed.

This is because virQEMUCapsCacheLookup() does not report any error
message if not capabilities can be obtained from the cache. Almost
all methods calling this expected an error to be set on failure.

Once that's fixed though, we see a further bug which is that
virQEMUCapsCacheLookupDefault() is passing a NULL binary path to
virQEMUCapsCacheLookup(), so we need to catch that too.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-24 12:28:27 +01:00
Jonathon Jongsma
c5815b3197 qemu: format 'ramfb' attribute for mediated devices
It's possible to use ramfb as the boot display of an assigned vgpu
device. This was introduced in 4b95738c, but unfortunately the attribute
was not formatted into the xml output for such a device. This patch
fixes that oversight and adds a xml2xml test to verify proper behavior.

https://bugzilla.redhat.com/show_bug.cgi?id=1847791

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-06-23 23:20:00 +02:00
Daniel P. Berrangé
66ce769d27 qemu: don't continue loading caps if outdated
The XML format used for QEMU capabilities is not required to be
stable across releases, as we invalidate the cache whenever the
libvirt binary changes.

We none the less always try to parse te entire XML file before
we do any validity checks. Thus if we change the format of any
part of the data, or change permitted values for enums, then
libvirtd logs will be spammed with errors.

These are not in fact errors, but an expected scenario.

This change makes the loading code validate the cache timestamp
against the libvirtd timestamp immediately. If they don't match
then we stop loading the rest of the XML file.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-23 17:33:30 +01:00
Dmitry Nesterenko
feb83c1e71 virhook: support hooks placed in $driver.d/
It is easier for management software (and subsequently
distributions) to install hook script under
/etc/libvirt/hooks/$driver.d/ and have libvirt execute them in
alphabetical order. To maintain backwards compatibility,
/etc/libvirt/hooks/$driver hook script is executed the first
followed by scripts from the $driver.d directory.

The stdio is chained between the scripts. The output of the first
script is input of the second and so on.

Signed-off-by: Dmitry Nesterenko <dmitry.nesterenko@virtuozzo.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-06-23 18:34:15 +02:00
Dmitry Nesterenko
841910b5de virhook: Separate hook script invocation into a function
This refactor is needed to support support hooks placed in
several files.

Signed-off-by: Dmitry Nesterenko <dmitry.nesterenko@virtuozzo.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-06-23 18:34:12 +02:00
Daniel Henrique Barboza
9577d86f62 qemu: build command line for the TPM Proxy device
This patch wraps it up all the wiring done in previous patches,
enabling a PPC64 guest to launch a guest using a TPM Proxy
device.

Note that device validation is already being done in qemu_validate.c,
qemuValidateDomainDeviceDefTPM(), on domain define time. We don't
need to verify QEMU capabilities for this device again inside
qemu_command.c.

Tested-by: Satheesh Rajendran <sathnaga@linux.vnet.ibm.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-06-23 17:27:50 +02:00
Daniel Henrique Barboza
0f7e8649c7 qemu: add validations after TPM Proxy model introduction
Previous patch handled the conversion of def->tpm to the
array def->tpms and the XML parsing logic. This patch handles
the validations needed to ensure the intended behavior.

The existing qemuValidateDomainDeviceDefTPM() function was updated
to guarantee that the VIR_DOMAIN_TPM_MODEL_SPAPR_PROXY model is
exclusive to PPC64 guests and to the VIR_DOMAIN_TPM_TYPE_PASSTHROUGH
backend.

A new function called qemuDomainDefTPMsPostParse() was added to guarantee
that the following combinations in the same domain are valid:

- a single TPM device
- a single TPM Proxy device
- a single TPM + single TPM Proxy devices

And these combinations in the same domain are NOT valid:

- 2 or more TPM devices
- 2 or more TPM Proxy devices

Tested-by: Satheesh Rajendran <sathnaga@linux.vnet.ibm.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2020-06-23 17:27:50 +02:00
Daniel Henrique Barboza
19d74fdf0e conf, qemu, security, tests: introducing 'def->tpms' array
A TPM Proxy device can coexist with a regular TPM, but the
current domain definition supports only a single TPM device
in the 'tpm' pointer. This patch replaces this existing pointer
in the domain definition to an array of TPM devices.

All files that references the old pointer were adapted to
handle the new array instead. virDomainDefParseXML() TPM related
code was adapted to handle the parsing of an extra TPM device.
TPM validations after this new scenario will be updated in
the next patch.

Tested-by: Satheesh Rajendran <sathnaga@linux.vnet.ibm.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-06-23 17:27:50 +02:00
Daniel Henrique Barboza
db45fb49e8 qemu_tpm, security, tests: change 'switch' clauses for 'if'
This trivial rework is aimed to reduce the amount of line changes
made by the next patch, when 'def->tpm' will become a 'def->tpms'
array.

Instead of using a 'switch' where only the VIR_DOMAIN_TPM_TYPE_EMULATOR
label does something, use an 'if' clause instead.

Tested-by: Satheesh Rajendran <sathnaga@linux.vnet.ibm.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2020-06-23 17:27:50 +02:00
Daniel Henrique Barboza
9c77b617e6 qemu_extdevice.c: remove unneeded 'ret' variable
qemuExtDevicesInitPaths() does not need 'ret'.

Tested-by: Satheesh Rajendran <sathnaga@linux.vnet.ibm.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2020-06-23 17:27:50 +02:00
Daniel Henrique Barboza
096a42000e qemu: Extend QEMU capabilities with 'spapr-tpm-proxy'
Expose the TPM Proxy support for PPC64 guests by creating a new
cap called QEMU_CAPS_DEVICE_SPAPR_TPM_PROXY.

This device is part of the machinery the guest need to orchestrate
with the PPC64 Ultravisor the transition to the Secure VM (SVM)
mode. Inside QEMU, this device will be used with the H_TPM_COMM
hypercall to connect with the TPM Resource Manager, enabling
the guest to open and close TPM sessions with the host TPM.

Tested-by: Satheesh Rajendran <sathnaga@linux.vnet.ibm.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2020-06-23 17:27:50 +02:00
Daniel Henrique Barboza
461ddf509c qemu_capabilities.c: modernize virQEMUCapsCacheLookupDefault
Use g_autoptr() in qemuCaps to get rid of a virObjectUnref call,
a 'cleanup' label and the 'ret' pointer.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2020-06-23 17:22:20 +02:00
Michal Privoznik
c508c94d57 qemu_command: Fix IOMMU validator name in two comments
When building command line for IOMMU or machine, there are two
comments which mention function that validate IOMMU. But they
both refer to old name which was changed in v6.3.0-rc1~246.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2020-06-23 15:55:42 +02:00
Menno Lageman
dd1bc914f9 qemu: format address wdith on intel-iommu command line
Format the address width attribute. Depending on the version of
QEMU it is named 'aw-bits' or 'x-aw-bits'.

Signed-off-by: Menno Lageman <menno.lageman@oracle.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-06-23 15:53:10 +02:00
Menno Lageman
0e5c919397 conf: add address width attribute to iommu
Add a new aw_bits attribute to the iommu device to control
the address width of the intel-iommu

Signed-off-by Menno Lageman <menno.lageman@oracle.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-06-23 15:51:49 +02:00
Liao Pingfang
36b1e8669d qemu: Correct the log name for qemu_security.c
Correct the log name for qemu_security.c to qemu.qemu_security
instead of qemu.qemu_process.

Signed-off-by: Liao Pingfang <liao.pingfang@zte.com.cn>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-06-23 14:49:27 +02:00
Peter Krempa
d55b0811ff qemuBackupDiskDataCleanupOne: Free 'incrementalBitmap'
The bitmap name used for the incremental backup would be leaked
otherwise.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-06-23 11:23:01 +02:00
Peter Krempa
165b430eb9 qemuBackupDiskDataCleanupOne: Don't exit early when the job has started
Originally the function was cleaning up a failed job only but now
there's other stuff that needs to be cleared too.

Make only steps which clean up after a failed job depend on the
'started' field and execute the rest of the code always.

This fixes a leak of the backup job tracking object and the blockdev-add
helper data.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-06-23 11:23:01 +02:00
Peter Krempa
214faa0b04 qemuBackupDiskStarted: Fix improper dereference of array
The code would repeatedly mark the first disk's blockjob as started
rather than accessing all the blockjobs. Fix the dereferencing operator.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-06-23 11:23:01 +02:00
Peter Krempa
2d26f8b710 qemu: backup: Initialize 'store' source properly and just once
Two functions called in sequence both initialized the virStorageSource
backing 'store' leading to a memleak.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-06-23 11:23:01 +02:00
Peter Krempa
b5212365b6 qemuBackupBegin: Don't leak 'def' on early failures
The cleanup path expects that 'def' is assigned to 'priv->backup', but
that's not the case for early failures. Add a check to stop overwriting
of 'def' so that it can be freed.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-06-23 11:23:01 +02:00
Daniel P. Berrangé
597fdabbc0 util: remove unused virKModConfig method
Using virKModConfig would not simplify any existing code.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-22 18:22:34 +01:00
Daniel P. Berrangé
2d80cbc06a src: remove redundant arg to virKModLoad
All callers except for the test suite pass the same value
for the second arg, so it can be removed, simplifying the
code.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-22 18:22:23 +01:00
Peter Krempa
7bfff40fdf qemu: Rewrite bitmap handling for block copy
Reuse qemuBlockGetBitmapMergeActions which allows the removal of the
ad-hoc implementation of bitmap merging for block copy.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-06-22 16:04:31 +02:00
Peter Krempa
057e4bc591 qemu: blockjob: Remove 'disabledBitmapsBase' field from commit job private data
New semantics of the bitmap handling don't need this. Remove the field
and all uses of it including the status XML.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-06-22 16:04:31 +02:00
Peter Krempa
20a7abc2d2 qemu: Rewrite bitmap handling for block commit
Reuse qemuBlockGetBitmapMergeActions which allows removing the ad-hoc
implementation of bitmap merging for block commit. The new approach is
way simpler and more robust and also allows us to get rid of the
disabling of bitmaps done prior to the start as we actually do want to
update the bitmaps in the base.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-06-22 16:04:30 +02:00
Peter Krempa
e0d8d989e2 qemu: backup: Rewrite backup bitmap handling to the new bitmap semantics
Reuse qemuBlockGetBitmapMergeActions which allows removal of the ad-hoc
implementation of bitmap merging for backup. The new approach is simpler
and also more robust in case some of the bitmaps break as they remove
the dependency on the whole chain of bitmaps working.

The new approach also allows backups if a snapshot is created outside of
libvirt.

Additionally the code is greatly simplified.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-06-22 16:04:30 +02:00
Peter Krempa
4fa8654ece qemu: block: Add universal helper for merging dirty bitmaps for all scenarios
Add a function which allows merging bitmaps according to the new
semantics and will allow replacing all the specific ad-hoc functions
currently in use for 'backup', 'block commit', 'block copy' and will
also be usable in the future for 'block pull' and non-shared storage
migration.

The semantics are a bit quirky for the 'backup' case but these quirks
are documented and will prevent us from having two slightly different
algorithms.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-06-22 16:04:30 +02:00
Peter Krempa
4c33c5568c qemu: checkpoint: Don't merge checkpoints during deletion
Now that we've switched to the simple handling, the first thing that can
be massively simplified is checkpoint deletion. We now need to only go
through the backing chain and find the appropriately named bitmaps and
delete them, no complex lookups or merging.

Note that compared to other functions this deletes the bitmap in all
layers compared to others where we expect only exactly 1 bitmap of a
name in the backing chain to prevent potential problems.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-06-22 16:04:30 +02:00
Peter Krempa
3857b073cb qemuBlockBitmapChainIsValid: Adjust to new semantics of bitmaps
Reject duplicates and other problematic bitmaps according to the new
semantics of bitmap use in libvirt.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-06-22 16:04:30 +02:00
Peter Krempa
1f92aa454a qemu: checkpoint: Don't chain bitmaps for checkpoints
Chaining bitmaps for checkpoints (disabling the active one and creating
a new) severely overcomplicated all operations in regards to bitmaps.

Specifically it requires us re-matching the on-disk state to the
internal metadata and in case of merging during block jobs it makes it
almost impossible to cover all corner cases.

Since the checkpoints and incremental backups were not yet enabled,
let's change the design to keep one bitmap per checkpoint. In case of
layered snapshots this will be filled in by using dirty-bitmap-populate.

Finally the main reason for this unnecessary complexity was the fear
that qemu's performance could degrade. In the end I think that
addressing the performance issue will be better done in qemu (e.g by
keeping an internal bitmap updated with changes and merging it
periodically back to the real bitmaps. QEMU writes out changes to disk
at shutdown so consistency is not a problem).

Removing the relationships between bitmaps frees us from complex
handling and also makes all the surrounding code more robust as one
broken bitmap doesn't necessarily invalidate whole chains of backups.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-06-22 16:04:30 +02:00
Peter Krempa
15c5ed8ba6 qemu: backup: Move fetching of checkpoint list for incremental backup
Fetch the checkpoint list for every disk specifically based on the new
per-disk 'incremental' field.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-06-22 16:04:29 +02:00
Peter Krempa
b8295160c3 conf: backup: Store incremental backup checkpoint name per-disk
In preparation to allow heterogenous backups store the 'incremental'
field per-disk and fill it by default from the per-backup field.

Having this will be important once we'll want to allow incremental
backup working while hotplugging a new disk.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-06-22 16:04:29 +02:00
Peter Krempa
c89a44777f qemu: backup: Fix backup of disk skipped in an intermediate checkpoint
If a disk is not captured by one of the intermediate checkpoints the
code would fail, but we can easily calculate the bitmaps to merge
correctly by skipping over checkpoints which don't describe the disk.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-06-22 16:04:29 +02:00
Peter Krempa
562511afa6 qemu: backup: Split up code traversing checkpoint list looking for bitmaps
The algorithm is getting quite complex. Split out the lookup of range of
backing chain storage sources and bitmaps contained in them which
correspond to one checkpoint.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-06-22 16:04:29 +02:00
Jiri Denemark
96a39aad70 cpu_map: Add missing AMD SVM features
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-19 21:59:31 +02:00
Jiri Denemark
892b7c70f6 cpu_map: Add missing x86 features in 0x80000008 CPUID leaf
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-19 21:59:31 +02:00
Jiri Denemark
6ea3bb19c6 cpu_map: Add missing x86 features in 0x7 CPUID leaf
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-19 21:59:31 +02:00
Jiri Denemark
df69263c26 cpu_map: Request test files update when adding x86 features
The CPUID data in *-{disabled,enabled}.xml convert feature names from
the corresponding *.json file into raw CPUID and MSR data and thus some
of them may need to be updated when new features are added into the CPU
map.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-19 21:59:31 +02:00
Erik Skultety
69a9b021a8 nodedev: Makefile: Use AM_LDFLAGS_MOD_NOUNDEF with the installed library
Rather than using the AM_LDFLAGS_MOD_NOUNDEF options with the noinstall
library that will come out of libtool from
libvirt_driver_nodedev_impl_la, use it with the installed version
libvirt_driver_nodedev_la.

Broken-by-commit: c44bffb9
Fixes: https://ci.centos.org/job/libvirt-rpm/systems=libvirt-fedora-32/1155/

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-19 16:09:59 +02:00
Jonathon Jongsma
88043da227 nodedev: add mdev support to virNodeDeviceDestroy()
Add the ability to destroy mdev node devices via the mdevctl utility.

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-06-19 10:39:55 +02:00
Jonathon Jongsma
c44bffb9af nodedev: Build a non-loadable driver lib
In order to test the nodedev driver, we need to link against a
non-loadable module. Similar to other loadable modules already in the
repository, create an _impl library that can be linked against the unit
tests and then create a loadable module from that.

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-06-19 10:39:55 +02:00
Jonathon Jongsma
9691440ecb nodedev: add mdev support to virNodeDeviceCreateXML()
With recent additions to the node device xml schema, an xml schema can
now describe a mdev device sufficiently for libvirt to create and start
the device using the mdevctl utility.

Note that some of the the configuration for a mediated device must be
passed to mdevctl as a JSON-formatted file. In order to avoid creating
and cleaning up temporary files, the JSON is instead fed to stdin and we
pass the filename /dev/stdin to mdevctl. While this may not be portable,
neither are mediated devices, so I don't believe it should cause any
problems.

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-06-19 10:39:55 +02:00
Jonathon Jongsma
4583a73470 nodedev: store mdev UUID in mdev caps
In order to allow libvirt to create and start new mediated devices, we
need to be able to verify that the device has been started. In order to
do this, we'll need to save the UUID of newly-discovered devices within
the virNodeDevCapMdev structure. This allows us to search the device
list by UUID and verify whether the expected device has been started.

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-06-19 10:39:55 +02:00
Jonathon Jongsma
81dc248ea4 nodedev: refactor nodeDeviceFindNewDevice()
In preparation for creating mediated devices in libvirt, we will need to
wait for new mediated devices to be created as well. Refactor
nodeDeviceFindNewDevice() so that we can re-use the main logic from this
function to wait for different device types by passing a different
'find' function.

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-06-19 10:39:54 +02:00
Jonathon Jongsma
c952d9cc1e nodedev: add support for mdev attributes
Mediated devices support arbitrary vendor-specific attributes that can
be attached to a mediated device. These attributes are ordered, and are
written to sysfs in order after a device is created. This patch adds
support for these attributes to the mdev data types and XML schema.

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-06-19 10:39:54 +02:00
Jonathon Jongsma
37ab63a6fc nodedev: factor out nodeDeviceHasCapability()
Currently nodeDeviceCreateXML() and nodeDeviceDestroy() only support
NPIV HBAs, but we want to be able to create mdev devices as well. This
is a first step to enabling that support.

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-06-19 10:39:54 +02:00
Jonathon Jongsma
9baffe90b5 nodedev: make iommuGroup optional for mdevs
When parsing a nodedev xml file, the iommuGroup element should be
optional. This element should be read-only and is determined by the
device driver. While this is a change to existing behavior, it doesn't
break backwards-compatibility because it makes the parser less strict.

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-06-19 10:39:54 +02:00
Ján Tomko
ea33200488 Fix allocation of virDomainFSDef
Some less commonly used drivers were omitted when we switched
the allocator from a plain VIR_ALLOC to virDomainFSDefNew.

https://bugzilla.redhat.com/show_bug.cgi?id=1846450

Fixes: da665fbd48
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2020-06-18 15:56:15 +02:00
Ján Tomko
f1d7852a43 util: remove outdated comment from virLogFormatString
Introduced by commit 72ab0b6dc8 which
added some code depending on libvirt's log format string into
qemuProcessReadLogOutput. This function was deleted by commit
932534e85f later.

Drop the comment.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Closes: https://gitlab.com/libvirt/libvirt/-/issues/35
2020-06-18 15:07:28 +02:00
Michal Privoznik
f03a38bd1d qemuSecurityDomainRestorePathLabel: Introduce @ignoreNS argument
In a few cases we might set seclabels on a path outside of
namespaces. For instance, when restoring a domain from a file,
the file is opened, relabelled and only then the namespace is
created and the FD is passed to QEMU (see v6.3.0-rc1~108 for more
info). Therefore, when restoring the label on the restore file,
we must ignore domain namespaces and restore the label directly
in the host.

This bug demonstrates itself when restoring a domain from a block
device. We don't create the block device inside the domain
namespace and thus the following error is reported at the end of
(otherwise successful) restore:

error : virProcessRunInFork:1236 : internal error: child reported (status=125): unable to stat: /dev/sda: No such file or directory
error : virProcessRunInFork:1240 : unable to stat: /dev/sda: No such file or directory

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2020-06-18 13:55:40 +02:00
Michal Privoznik
6a0eaebaaf qemu: Rename qemuSecurityRestoreSavedStateLabel()
The function calls virSecurityManagerDomainRestorePathLabel()
after all.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2020-06-18 13:53:16 +02:00
Michal Privoznik
4ccbd207f2 security: Rename virSecurityManagerRestoreSavedStateLabel()
The new name is virSecurityManagerDomainRestorePathLabel().

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2020-06-18 13:52:24 +02:00
Michal Privoznik
bd22eec903 security: Drop unused virSecurityManagerSetSavedStateLabel()
After previous commit this function is used no more.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2020-06-18 13:51:42 +02:00
Michal Privoznik
3cc557c7fa qemu: Drop unused qemuSecuritySetSavedStateLabel()
After previous commit this function is used no more.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2020-06-18 13:51:28 +02:00
Michal Privoznik
8c62579424 qemu: Use qemuSecurityDomainSetPathLabel() to set seclabes on not saved state files
There are two places within qemu driver that misuse
qemuSecuritySetSavedStateLabel() to set seclabels on tempfiles
that are not state files: qemuDomainScreenshot() and
qemuDomainMemoryPeek(). They are doing so because of lack of
qemuSecurityDomainSetPathLabel() at the time of their
introduction.

In all three secdrivers (well, four if you count NOP driver) the
implementation of .domainSetSavedStateLabel and
.domainSetPathLabel callbacks is the same anyway.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2020-06-18 13:45:08 +02:00
Daniel Henrique Barboza
baca59a538 qemu_domain.c: NUMA CPUs auto-fill for incomplete topologies
Libvirt allows the user to define an incomplete NUMA topology, where
the sum of all CPUs in each cell is less than the total of VCPUs.
What ends up happening is that QEMU allocates the non-enumerated CPUs
in the first NUMA node. This behavior is being flagged as 'to be
deprecated' at least since QEMU commit ec78f8114bc4 ("numa: use
possible_cpus for not mapped CPUs check").

In [1], Maxiwell suggested that we forbid the user to define such
topologies. In his review [2], Peter Krempa pointed out that we can't
break existing guests, and suggested that Libvirt should emulate the
QEMU behavior of putting the remaining vCPUs in the first NUMA node
in these cases.

This patch implements Peter Krempa's suggestion. Since we're going
to most likely end up with disjointed NUMA configuration in node 0
after the auto-fill, we're making auto-fill dependent on QEMU_CAPS_NUMA.

A following patch will update the documentation not just to inform
about the auto-fill mechanic with incomplete NUMA topologies, but also
to discourage the user to create such topologies in the future. This
approach also makes Libvirt independent of whether QEMU changes
its current behavior since we're either auto-filling the CPUs in
node 0 or the user (hopefully) is aware that incomplete topologies,
although supported in Libvirt, are to be avoided.

[1] https://www.redhat.com/archives/libvir-list/2019-June/msg00224.html
[2] https://www.redhat.com/archives/libvir-list/2019-June/msg00263.html

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-06-18 12:31:54 +02:00