Commit Graph

27221 Commits

Author SHA1 Message Date
Pavel Hrdina
40b0f40b54 conf: move TCP chardev source parsing to separate function
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-22 17:44:36 +02:00
Pavel Hrdina
9ed225e910 conf: move mode parsing of chardev source to separate function
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-22 17:44:36 +02:00
Pavel Hrdina
3672fc99f4 conf: move chardev log parsing to separate function
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-22 17:44:36 +02:00
Pavel Hrdina
f2be5b38f0 conf: move chardev protocol parsing to separate function
In order to ensure that the default protocol is RAW, explicitly
assigning VIR_DOMAIN_CHR_TCP_PROTOCOL_RAW = 0.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-22 17:43:51 +02:00
Pavel Hrdina
209fa11b02 conf: error out for multiple protocol elements while parsing chardev
Remove check whether a variable was already set because the element
is parsed only once now.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-22 17:28:40 +02:00
Pavel Hrdina
23482e4b1e conf: error out for multiple log elements while parsing chardev
Remove check whether a variable was already set because the element
is parsed only once now.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-22 17:28:40 +02:00
Pavel Hrdina
21bfd1e9b9 conf: error out for multiple source elements while parsing chardev
Currently we accept and correctly parse this chardev XML:

  ...
  <channel type='tcp'>
    <source mode='connect'/>
    <source mode='bind' host='localhost'/>
    <source service='4567'/>
    <target type='virtio' name='test'/>
  </channel>
  ...

The parsed formatted XML is:

  ...
  <channel type='tcp'>
    <source mode='connect' host='localhost' service='4567'/>
    <target type='virtio' name='test'/>
  </channel>
  ...

That behavior is super wrong and should not be allowed.  If you notice
the current parse takes the first found attribute and uses that value,
so for example from the "<source mode='bind' host='localhost'/>" only
the "host" attribute is used.  It works the same way for all possible
attributes that we are able to parse for source element.

This patch enforces providing only one source element for all character
devices, only for UDP type we allow to provide two source elements
since you can specify both modes.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-22 17:28:40 +02:00
Pavel Hrdina
7d0ff9430b conf: switch from while to for loop for chardev parsing
This removes one level of indentation.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-22 17:28:40 +02:00
Pavel Hrdina
e90ba2541d tests: introduce genericxml test for UNIX chardev
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-22 17:28:40 +02:00
Pavel Hrdina
ad5982dd16 tests: introduce genericxml test for UDP chardev
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-22 17:28:40 +02:00
Pavel Hrdina
fedf120925 tests: introduce genericxml test for TCP chardev
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-22 17:28:40 +02:00
Ján Tomko
bad14fbbed conf: useserial: drop useless check for serial devices
Since its introduction in commit 874e65aa, if someone requests:
<os><bios useserial="yes"/><os/>
we report an error if we cannot successfully count the number
of serial devices via an XPath query.

Instead of fixing the check (and moving it to the validation phase,
to prevent existing domains from disappearing), drop it completely.
For QEMU, the number of serials is checked when building the command
line.
2017-08-22 09:44:28 +02:00
Jim Fehlig
0f1993aa15 Don't autogenerate seclabels of type 'none'
When security drivers are active but confinement is not enabled,
there is no need to autogenerate <seclabel> elements when starting
a domain def that contains no <seclabel> elements. In fact,
autogenerating the elements can result in needless save/restore and
migration failures when the security driver is not active on the
restore/migration target.

This patch changes the virSecurityManagerGenLabel function in
src/security_manager.c to only autogenerate a <seclabel> element
if none is already defined for the domain *and* default
confinement is enabled. Otherwise the needless <seclabel>
autogeneration is skipped.

Resolves: https://bugzilla.opensuse.org/show_bug.cgi?id=1051017
2017-08-21 09:22:26 -06:00
Jim Fehlig
ff7e0a1a40 Fix building domain def in securityselinuxtest
The virDomainDef created by testBuildDomainDef in securityselinuxtest
adds a seclabel but does not increment nseclabels. Also, it should
populate seclabel->model with 'selinux'.

While at it, use the secdef itself to populate values instead of
the indirection through def->seclabels[0].
2017-08-21 09:10:31 -06:00
Lily Zhu
6134dc2a6b tools: Fix docs in libvirt-guests configuration file
It was not entirely clear that PARALLEL_SHUTDOWN setting is applied only
when the desired action is "shutdown".

Signed-off-by: Lily Zhu <lizhu@redhat.com>
2017-08-21 16:12:42 +02:00
Andrea Bolognani
11d5271ebb docs: Improve PCI topology and hotplug guidelines
Address some minor flaws in the original document that
were pointed out during review.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2017-08-21 15:16:05 +02:00
Andrea Bolognani
64357c3f93 conf: Use the correct limit for the number of PHBs
I mistakenly thought pSeries guests supported 32 PHBs,
but it turns out they only support 31. Validate the
target index accordingly.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1479647

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2017-08-21 13:11:49 +02:00
Andrea Bolognani
c9d75d655a conf: Move target index validation
Validation should happen after parsing, so the proper
location for it is virDomainControllerDefValidate()
rather than virDomainControllerDefParseXML().

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2017-08-21 13:11:48 +02:00
Andrea Bolognani
9e318ad713 tests: Improve target index validation coverage
Split one of the existing tests to ensure both configuration
errors it contained cause a failure, and introduce a new
test case.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2017-08-21 13:11:48 +02:00
Peter Krempa
7726d1581f qemu: Implement postParse callback skipping on config reload
Use the new facility which allows to ignore failures in post parse
callbacks if they are not fatal so that VM configs are not lost if the
emulator binary is missing.

If qemuCaps can't be populated on daemon restart skip certain portions
of the post parse callbacks during config reload and re-run the callback
during VM startup.

This fixes VMs vanishing if the emulator binary was broken or
uninstalled and libvirtd was restarted.
2017-08-18 15:07:44 +02:00
Peter Krempa
7808884808 qemu: domain: Don't set default USB model if qemuCaps is missing
qemuDomainControllerDefPostParse assigns the default USB controller
model when it was not specified by the user. Skip this step if @qemuCaps
is missing so that we don't fill wrong data. This will then be fixes by
re-running the post parse callback.
2017-08-18 15:07:44 +02:00
Peter Krempa
fde772cf82 qemu: domain: Don't return default NIC model if @qemuCaps are missing
Return NULL in qemuDomainDefaultNetModel if qemuCaps is missing and the
network card model would be determined by the capabilities.
2017-08-18 15:07:44 +02:00
Peter Krempa
6df29d0816 qemu: capabilities: Tolerate missing @qemuCaps in virQEMUCapsSupportsGICVersion
Report the given GIC version as unsupported if @qemuCapsi is NULL. This
will be helpful to run post parse callbacks even if qemu is not
currently installed.
2017-08-18 15:07:44 +02:00
Peter Krempa
9088d42da1 qemu: capabilities: Tolerate missing @qemuCaps in virQEMUCapsGetCanonicalMachine
If qemuCaps are not present, just return the original machine type name.

This will help in situations when qemuCaps is not available in the post
parse callback.
2017-08-18 15:07:44 +02:00
Peter Krempa
7c5cf4983c conf: add infrastructure for tolerating certain post parse callback failures
Some failures of the post parse callback can be tolerated. This is
specifically desired when loading the configs of existing VMs. In such
case the post parse callback should not really be modifying anything
in the definition.

This patch adds a parse flag VIR_DOMAIN_DEF_PARSE_ALLOW_POST_PARSE_FAIL
which will allow the callbacks to report non-fatal failures by returning
a positive return value. In such case the field 'postParseFailed' in the
domain definition is set to true, to notify the drivers that the
callback failed and possibly needs to be re-run.
2017-08-18 15:07:44 +02:00
Peter Krempa
e159ddfab8 conf: Return any non-zero value from virDomainDeviceInfoIterateInternal callback
Post parse callbacks will need to be able to signal that they failed
non-fatally. This means that we need to return the value returned by the
callback without modification.
2017-08-18 15:07:44 +02:00
Peter Krempa
18a8c36610 qemu: domain: Don't re-allocate qemuCaps in post parse callbacks
The domain post parse callback, domain address callback and the domain
device callback (for every single device) would each grab qemuCaps for
the current emulator. This is quite wasteful. Use the new callback to do
this just once.
2017-08-18 15:07:44 +02:00
Peter Krempa
e168bc8a72 conf: Add callbacks that allocate per-def private data
Some drivers use def-specific private data across callbacks (e.g.
qemuCaps in the qemu driver). Currently it's mostly allocated in every
single callback. This is rather wasteful, given that every single call
to the device callback allocates it.

The new callback will allocate the data (if not provided externally) and
then use it for the VM, address and device post parse callbacks.
2017-08-18 15:07:44 +02:00
Peter Krempa
03132bf487 qemu: Move assignment of default emulator to the basic post parse callback 2017-08-18 15:07:44 +02:00
Peter Krempa
2f19c9325e conf: Add 'basic' post parse callback
Add yet another post parse callback, which is executed prior the real
one without @parseOpaque. This is meant to set basics before
@parseOpaque (in case of the qemu driver qemuCaps) can be allocated.

This callback will allow to optimize passing of custom parseOpaque
through the callbacks.
2017-08-18 15:07:44 +02:00
Peter Krempa
7a5f68a1f2 conf: domainlist: Explicitly report failure to load domain config
When dropping a domain report which one was dropped so that it's not
necessary to rummage through the logs.
2017-08-18 15:07:44 +02:00
Pavel Hrdina
abab46a29b qemu: don't check whether offline migration is safe
Offline migration transfers only the domain definition.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1449715

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-18 14:45:48 +02:00
Peter Krempa
c0ce84ca98 util: string: Introduce virStringHasChars
The helper returns true if a string contains any of the given chars.
virStringHasControlChars can be reimplemented using that helper.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-18 14:20:37 +02:00
Erik Skultety
ad97fecee7 nodedev: Introduce udevHandleOneDevice
Let this new method handle the device object we obtained from the
monitor in order to enhance readability.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-08-17 16:50:47 +02:00
Erik Skultety
d3f2820ff7 nodedev: udev: Remove the udevEventHandleCallback on fatal error
So we have a sanity check for the udev monitor fd. Theoretically, it
could happen that the udev monitor fd changes (due to our own wrongdoing,
hence the 'sanity' here) and if that happens it means we are handling an
event from a different entity than we think, thus we should remove the
handle if someone somewhere somehow hits this hypothetical case.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-08-17 16:50:47 +02:00
Erik Skultety
6167d8494c nodedev: mdev: Report an error when mdev path resolution fails
It might happen that virFileResolveLinkHelper fails on the lstat system
call. virFileResolveLink expects the caller to report an error when it
fails, however this wasn't the case for udevProcessMediatedDevice.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-08-17 16:50:47 +02:00
Christian Ehrhardt
03fb4e3dea virt-aa-helper: locking loader/nvram for qemu 2.10
Testing qemu-2.10-rc3 shows issues like:
  qemu-system-aarch64: -drive file=/home/ubuntu/vm-start-stop/vms/
  7936-0_CODE.fd,if=pflash,format=raw,unit=1: Failed to unlock byte 100

There is an apparmor deny due to qemu now locking those files:
 apparmor="DENIED" operation="file_lock" [...]
 name="/home/ubuntu/vm-start-stop/vms/7936-0_CODE.fd"
 name="/var/lib/uvtool/libvirt/images/kvmguest-artful-normal.qcow"
 [...] comm="qemu-system-aarch64" requested_mask="k" denied_mask="k"

The profile needs to allow locking for loader and nvram files via
the locking (k) rule.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2017-08-17 16:11:59 +02:00
Christian Ehrhardt
580cdaa7e7 virt-aa-helper: locking disk files for qemu 2.10
Testing qemu-2.10-rc2 shows issues like:
  qemu-system-x86_64: -drive file=/var/lib/uvtool/libvirt/images/kvmguest- \
  artful-normal.qcow,format=qcow2,if=none,id=drive-virtio-disk0:
  Failed to lock byte 100

It seems the following qemu commit changed the needs for the backing
image rules:

(qemu) commit 244a5668106297378391b768e7288eb157616f64
Author: Fam Zheng <famz@redhat.com>
    file-posix: Add image locking to perm operations

The block appears as:
 apparmor="DENIED" operation="file_lock" [...]
 name="/var/lib/uvtool/libvirt/images/kvmguest-artful-normal.qcow"
 [...] comm="qemu-system-x86" requested_mask="k" denied_mask="k"

With that qemu change in place the rules generated for the image
and backing files need the allowance to also lock (k) the files.

Disks are added via add_file_path and with this fix rules now get
that permission, but no other rules are changed, example:
  -  "/var/lib/uvtool/libvirt/images/kvmguest-artful-normal-a2.qcow" rw,
  +  "/var/lib/uvtool/libvirt/images/kvmguest-artful-normal-a2.qcow" rwk

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2017-08-17 16:11:59 +02:00
Pavel Hrdina
b71946af5c conf: use virXMLPropString and virXMLNodeContentString for vcpu parsing
XPath is good for random search of elements, not for accessing
attributes of one node.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-17 15:42:48 +02:00
Pavel Hrdina
49991b74d9 conf: use virXMLNodeContentString for boot options parsing
Using XPath here doesn't add any benefit.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-17 15:42:47 +02:00
Pavel Hrdina
422cf16079 conf: use virXMLPropStringLimit where it makes sense
The XPath call for these cases is more expensive than accessing the
XML dom node directly.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-17 15:42:47 +02:00
Pavel Hrdina
d5b025bb15 conf: use virXMLPropString for actual network parsing
XPath is good for random search of elements, not for accessing
attributes of one node.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-17 15:42:47 +02:00
Pavel Hrdina
0b36d6cb08 conf: use virXMLPropString for boot parsing
XPath is good for random search of elements, not for accessing
attributes of one node.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-17 15:42:47 +02:00
Pavel Hrdina
8cf6eb4612 conf: use virXMLPropString for network parsing
XPath is good for random search of elements, not for accessing
attributes of one node.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-17 15:42:47 +02:00
Pavel Hrdina
dee01fc5a0 conf: use virXMLPropString for IOMMU def parsing
XPath is good for random search of elements, not for accessing
attributes of one node.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-17 15:42:47 +02:00
Pavel Hrdina
58bf9d1d37 conf: use virXMLPropString for virDomainVirtioOptionsParseXML
XPath is good for random search of elements, not for accessing
attributes of one node.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-17 15:42:47 +02:00
Pavel Hrdina
561726cd7f util: introduce virXMLNodeContentString
It's equivalent of calling virXPathString("string(.)", ctxt) but it
doesn't have to use the XPath resolving and parsing.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-17 15:42:23 +02:00
Pavel Hrdina
827cf58d50 util: introduce virXMLPropStringLimit
The virXMLPropStringLimit is an equivalent of virXPathStringLimit
which should be preferred if you already have a XML dom node or
if you need to parse more than one property.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-08-17 15:42:08 +02:00
Michal Privoznik
361ff0a088 network: Use self inflating bitmap for class IDs
Back in the day when I was implementing QoS for networks there
were no self inflating virBitmaps. Only the static ones.
Therefore, I had to allocate the whole 8KB of memory in order to
keep track of used/unused class IDs. This is rather wasteful
because nobody is ever gonna use that much classes (kernel
overhead would drastically lower the bandwidth). Anyway, now that
we have self inflating bitmaps we can start small and allocate
more if there's need for it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-08-17 14:58:11 +02:00
John Ferlan
6862ad3cd7 network: Use @nnames instead of @got
To make it clearer, let's use @nnames instead of @got for counting the
names in the @names array.  Keeps things consistent and clear.
2017-08-17 07:28:17 -04:00