Commit Graph

5375 Commits

Author SHA1 Message Date
John Ferlan
da86c6c226 qemu: Add luks support for domain disk
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1301021

Generate the luks command line using the AES secret key to encrypt the
luks secret. A luks secret object will be in addition to a an AES secret.

For hotplug, check if the encinfo exists and if so, add the AES secret
for the passphrase for the secret object used to decrypt the device.

Modify/augment the fakeSecret* in qemuxml2argvtest in order to handle
find a uuid or a volume usage with a specific path prefix in the XML
(corresponds to the already generated XML tests). Add error message
when the 'usageID' is not 'mycluster_myname'. Commit id '1d632c39'
altered the error message generation to rely on the errors from the
secret_driver (or it's faked replacement).

Add the .args output for adding the LUKS disk to the domain

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-07-19 09:40:10 -04:00
John Ferlan
b7b3a51e8a qemu: Alter the qemuDomainGetSecretAESAlias to add new arg
Soon we will be adding luks encryption support. Since a volume could require
both a luks secret and a secret to give to the server to use of the device,
alter the alias generation to create a slightly different alias so that
we don't have two objects with the same alias.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-07-19 09:40:10 -04:00
John Ferlan
fceeeda211 qemu: Add secinfo for hotplug virtio disk
Commit id 'a1344f70a' added AES secret processing for RBD when starting
up a guest. As such, when the hotplug code calls qemuDomainSecretDiskPrepare
an AES secret could be added to the disk about to be hotplugged. If an AES
secret was added, then the hotplug code would need to generate the secret
object because qemuBuildDriveStr would add the "password-secret=" to the
returned 'driveStr' rather than the base64 encoded password.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-07-19 09:40:10 -04:00
John Ferlan
8215aab003 qemu: Move and rename qemuBufferEscapeComma
Move to virqemu and rename to virQEMUBuildBufferEscapeComma. This can then
be shared by the storage driver when it builds the command line for qemuimg
2016-07-19 07:13:09 -04:00
John Ferlan
99026fd0ad qemu: Alter error path cleanup for qemuDomainAttachMemory
A recent adjustment to qemuDomainAttachRNGDevice to properly cleanup
the props object after a qemuMonitorAddObject also would affect this
code. Alter the cleanup to be similar to RNG changes.
2016-07-19 07:13:09 -04:00
John Ferlan
47208776be qemu: Alter error path cleanup for qemuDomainAttachRNGDevice
Based on recent review comment - rather than have a spate of goto failxxxx,
change to a boolean based model. Ensures that the original error can be
preserved and cleanup is a bit more orderly if more objects are added.
2016-07-19 07:13:09 -04:00
John Ferlan
05bc30d2bb qemu: Alter error path cleanup for qemuDomainAttachChrDevice
Based on recent review comment - rather than have a spate of goto failxxxx,
change to a boolean based model. Ensures that the original error can be
preserved and cleanup is a bit more orderly if more objects are added.
2016-07-19 07:13:09 -04:00
John Ferlan
c3b5f22dec qemu: Alter error path cleanup for qemuDomainAttachSCSIDisk
Based on recent review comment - rather than have a spate of goto failxxxx,
change to a boolean based model. Ensures that the original error can be
preserved and cleanup is a bit more orderly if more objects are added.
2016-07-19 07:13:09 -04:00
John Ferlan
a7f84cb1ee qemu: Alter error path cleanup for qemuDomainAttachVirtioDiskDevice
Based on recent review comment - rather than have a spate of goto failxxxx,
change to a boolean based model. Ensures that the original error can be
preserved and cleanup is a bit more orderly if more objects are added.
2016-07-19 07:13:09 -04:00
John Ferlan
6fe2eb2458 qemu: Alter error path cleanup for qemuDomainAttachHostSCSIDevice
Based on recent review comment - rather than have a spate of goto failxxxx,
change to a boolean based model. Ensures that the original error can be
preserved and cleanup is a bit more orderly if more objects are added.
2016-07-19 07:13:09 -04:00
Olga Krishtal
da665fbd48 filesystem: adds possibility to use storage pool as fs source
Signed-off-by: Olga Krishtal <okrishtal@virtuozzo.com>
2016-07-18 23:39:56 +03:00
Jiri Denemark
338f772e92 qemu: Fix migration from old libvirt
Older libvirt versions send persistent XML in a migration cookie even
when VIR_MIGRATE_PERSIST_DEST flag is not used, but current libvirt
properly fails if the cookie contains unexpected flags. Thus migration
from old libvirt fails with

    internal error: Unsupported migration cookie feature persistent

unless VIR_MIGRATE_PERSIST_DEST flag is set.

https://bugzilla.redhat.com/show_bug.cgi?id=1320500

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-07-18 17:38:03 +02:00
Ján Tomko
f820d5bf6f Store USB port path as an array of integers
In preparation to tracking which USB addresses are occupied.
Introduce two helper functions for printing the port path
as a string and appending it to a virBuffer.
2016-07-18 10:55:35 +02:00
Ján Tomko
4f90364318 Allow omitting USB port
We were requiring a USB port path in the schema, but not enforcing it.
Omitting the USB port would lead to libvirt formatting it as (null).
Such domain cannot be started and will disappear after libvirtd restart
(since it cannot parse back the XML).

Only format the port if it has been specified and mark it as optional
in the XML schema.
2016-07-18 10:55:35 +02:00
Jiri Denemark
08d566a0cf qemu: Drop default channel path during migration
Migration to an older libvirt (pre v1.3.0-175-g7140807) is broken
because older versions of libvirt generated different channel paths and
they didn't drop the default paths when parsing domain XMLs. We'd get
such a nice error message:

    internal error: process exited while connecting to monitor:
    2016-07-08T15:28:02.665706Z qemu-kvm: -chardev socket,
    id=charchannel0,path=/var/lib/libvirt/qemu/channel/target/
    domain-3-nest/org.qemu.guest_agent.0,server,nowait: Failed to bind
    socket to /var/lib/libvirt/qemu/channel/target/domain-3-nest/
    org.qemu.guest_agent.0: No such file or directory

That said, we should not even format the default paths when generating a
migratable XML.

https://bugzilla.redhat.com/show_bug.cgi?id=1320470

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-07-18 09:05:12 +02:00
Jiri Denemark
b1305a6b8f qemu: Copy complete domain def in qemuDomainDefFormatBuf
Playing directly with our live definition, updating it, and reverting it
back once we are done is very nice and it's quite dangerous too. Let's
just make a copy of the domain definition if needed and do all tricks on
the copy.

https://bugzilla.redhat.com/show_bug.cgi?id=1320470

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-07-18 09:05:12 +02:00
Andrea Bolognani
968ae60b55 qemu: command: Fix awkward formatting 2016-07-13 17:51:17 +02:00
Yan Fu
8305322d24 qemu: getAutoDumpPath() return value should be dumpfile not domname.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1354238

So we spend some time and effort constructing perfect file name
for an automatic coredump of a domain, but then just leak it and
use the domain name anyway. This is probably due to a silly
mistake that slipped even through review.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-07-13 07:05:21 +02:00
Ján Tomko
4c382376da qemu: format intel-iommu on the command line
<devices>
  <iommu model='intel'/>
</devices>

results in:

-device intel-iommu

https://bugzilla.redhat.com/show_bug.cgi?id=1235580
2016-07-12 12:36:13 +02:00
Ján Tomko
8e7e79738d Add QEMU_CAPS_DEVICE_INTEL_IOMMU
Check whether QEMU supports -device intel-iommu

Note that the presence of this option does not mean that it's
usable because of a bug in earlier QEMU versions, but it's
better than nothing.

https://bugzilla.redhat.com/show_bug.cgi?id=1235580
2016-07-12 12:36:13 +02:00
Ján Tomko
ea0ed35d6e Introduce <iommu> device
A device with an attribute 'model', with just one model
so far:

<devices>
  ...
  <iommu model='intel'/>
</devices>

https://bugzilla.redhat.com/show_bug.cgi?id=1235580
2016-07-12 12:36:13 +02:00
Daniel P. Berrange
a933139409 qemu: convert to typesafe virConf accessors
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-07-12 09:57:15 +01:00
Michal Privoznik
6b6e2cf92b qemuDomainObjPrivateFree: Free @masterKey too
This one's a bit more complicated. In qemuProcessPrepareDomain()
a master key for encrypting secret for ciphered disks is created.
This object lives within qemuDomainObjPrivate object. It is freed
in qemuProcessStop(), but if nobody calls it (for instance like
our qemuxml2argvtest does), the key object leaks.

==17078== 32 bytes in 1 blocks are definitely lost in loss record 633 of 707
==17078==    at 0x4C2C070: calloc (vg_replace_malloc.c:623)
==17078==    by 0xAD924DF: virAllocN (viralloc.c:191)
==17078==    by 0x5050BA6: virCryptoGenerateRandom (qemuxml2argvmock.c:166)
==17078==    by 0x453DC8: qemuDomainMasterKeyCreate (qemu_domain.c:678)
==17078==    by 0x47A36B: qemuProcessPrepareDomain (qemu_process.c:4913)
==17078==    by 0x47C728: qemuProcessCreatePretendCmd (qemu_process.c:5542)
==17078==    by 0x433698: testCompareXMLToArgvFiles (qemuxml2argvtest.c:332)
==17078==    by 0x4339AC: testCompareXMLToArgvHelper (qemuxml2argvtest.c:413)
==17078==    by 0x446E7A: virTestRun (testutils.c:179)
==17078==    by 0x445BD9: mymain (qemuxml2argvtest.c:2022)
==17078==    by 0x44886F: virTestMain (testutils.c:969)
==17078==    by 0x445D9B: main (qemuxml2argvtest.c:2036)

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-07-11 16:24:04 +02:00
Michal Privoznik
87df945240 qemuBuildCpuCommandLine: Don't leak @buf
Just like every other qemuBuild*CommandLine() function, this uses
a buffer to hold partial cmd line strings too. However, if
there's an error, the control jumps to 'cleanup' label leaving
the buffer behind and thus leaking it.

==2013== 1,006 bytes in 1 blocks are definitely lost in loss record 701 of 711
==2013==    at 0x4C29F80: malloc (vg_replace_malloc.c:296)
==2013==    by 0x4C2C32F: realloc (vg_replace_malloc.c:692)
==2013==    by 0xAD925A8: virReallocN (viralloc.c:245)
==2013==    by 0xAD95EA8: virBufferGrow (virbuffer.c:130)
==2013==    by 0xAD95F78: virBufferAdd (virbuffer.c:165)
==2013==    by 0x5097F5: qemuBuildCpuModelArgStr (qemu_command.c:6339)
==2013==    by 0x509CC3: qemuBuildCpuCommandLine (qemu_command.c:6437)
==2013==    by 0x51142C: qemuBuildCommandLine (qemu_command.c:9174)
==2013==    by 0x47CA3A: qemuProcessCreatePretendCmd (qemu_process.c:5546)
==2013==    by 0x433698: testCompareXMLToArgvFiles (qemuxml2argvtest.c:332)
==2013==    by 0x4339AC: testCompareXMLToArgvHelper (qemuxml2argvtest.c:413)
==2013==    by 0x446E7A: virTestRun (testutils.c:179)

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-07-11 14:21:01 +02:00
Martin Kletzander
949c43370e qemu: Use qemuProcessSetupPid() in qemuProcessSetupVcpu()
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-07-11 11:39:55 +02:00
Martin Kletzander
d65534f3ec qemu: Use qemuProcessSetupPid() in qemuProcessSetupEmulator()
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-07-11 11:36:19 +02:00
Martin Kletzander
71e419bbeb qemu: Add qemuProcessSetupPid() and use it in qemuProcessSetupIOThread()
Setting up cgroups and other things for all kinds of threads (the
emulator thread, vCPU threads, I/O threads) was copy-pasted every time
new thing was added.  Over time each one of those functions changed a
bit differently.  So create one function that does all that setup and
start using it, starting with I/O thread setup.  That will shave some
duplicated code and maybe fix some bugs as well.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-07-11 11:36:19 +02:00
Daniel P. Berrange
ed1fbd7c5b Fix logic in qemuDomainObjPrivateXMLParseVcpu
The code in qemuDomainObjPrivateXMLParseVcpu for parsing
the 'idstr' string was comparing the overall boolean
result against 0 which was always true

qemu/qemu_domain.c: In function 'qemuDomainObjPrivateXMLParseVcpu':
qemu/qemu_domain.c:1482:59: error: comparison of constant '0' with boolean expression is always false [-Werror=bool-compare]
     if ((idstr && virStrToLong_uip(idstr, NULL, 10, &idx)) < 0 ||
                                                           ^

It was further performing two distinct error checks in
the same conditional and reporting a single error message,
which was misleading in one of the two cases.

This splits the conditional check into two parts with
distinct error messages and fixes the logic error.

Fixes the bug in

  commit 5184f398b4
  Author: Peter Krempa <pkrempa@redhat.com>
  Date:   Fri Jul 1 14:56:14 2016 +0200

    qemu: Store vCPU thread ids in vcpu private data objects

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-07-11 10:32:50 +01:00
Andrea Bolognani
4074a82c0c qemu: capabilities: Make virHostCPUGetKVMMaxVCPUs() errors fatal
An error in virHostCPUGetKVMMaxVCPUs() means we've been unable
to access /dev/kvm, or we're running on a platform that doesn't
support KVM in the first place.

If that's the case, we shouldn't ignore the error and report
domcapabilities even though we know the user won't be able to
start any KVM guest.
2016-07-11 11:12:52 +02:00
Peter Krempa
5184f398b4 qemu: Store vCPU thread ids in vcpu private data objects
Rather than storing them in an external array store them directly.
2016-07-11 10:44:09 +02:00
Peter Krempa
3f57ce4a76 qemu: Add cpu ID to the vCPU pid list in the status XML
Note the vcpu ID so that once we allow non-contiguous vCPU topologies it
will be possible to pair thread id's with the vcpus.
2016-07-11 10:44:09 +02:00
Peter Krempa
b91335afe4 qemu: domain: Extract formating and parsing of vCPU thread ids
Further patches will be adding index and modifying the source variables
so this will make it more clear.
2016-07-11 10:44:09 +02:00
Peter Krempa
2540c93203 qemu: domain: Add vcpu private data structure
Members will be added in follow-up patches.
2016-07-11 10:44:09 +02:00
Peter Krempa
5fe0b6b0a7 conf: Add private data for virDomainVcpuDef
Allow to store driver specific data on a per-vcpu basis.

Move of the virDomainDef*Vcpus* functions was necessary as
virDomainXMLOptionPtr was declared below this block and I didn't want to
split the function headers.
2016-07-11 10:44:04 +02:00
Peter Krempa
9cc931f0bb conf: Don't report errors from virDomainDefGetVcpu
Most callers make sure that it's never called with an out of range vCPU.
Every other caller reports a different error explicitly. Drop the error
reporting and clean up some dead code paths.
2016-07-11 09:06:09 +02:00
Peter Krempa
c7d5dd3974 conf: Rename virDomainVcpuInfoPtr to virDomainVcpuDefPtr 2016-07-11 09:06:09 +02:00
Jiri Denemark
f34b981e40 qemu: Drop useless SPICE migration code
The spiceMigration flag will never be true if there is no SPICE graphics
configured for the domain.

https://bugzilla.redhat.com/show_bug.cgi?id=1151723

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-07-08 13:36:00 +02:00
Jiri Denemark
a16ea1a0f3 qemu: Properly reset spiceMigration flag
Otherwise migration during which we didn't send client_migrate_info QMP
command will get stuck waiting for SPICE migration to finish if libvirtd
sent the QMP command in a previous migration attempt.

Broken by bd7c8a69.

https://bugzilla.redhat.com/show_bug.cgi?id=1151723

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-07-08 13:35:17 +02:00
Peter Krempa
e114b09157 qemu: caps: Always assume QEMU_CAPS_SMP_TOPOLOGY
Support for SMP topology was added by qemu commit dc6b1c09849484fbbc50
prior to 0.12.0, our minimum supported qemu version.

$ git describe --tags dc6b1c09849484fbbc50803307e4c7a3d81eab62
v0.11.0-rc0-449-gdc6b1c0
$ git describe --tags --contains dc6b1c09849484fbbc50803307e4c7a3d81eab
v0.12.0-rc0~1477
2016-07-07 15:08:35 +02:00
Paolo Bonzini
7a97676b96 qemu: generate -display none
This is preferrable to -nographic which (in addition to disabling
graphics output) redirects the serial port to stdio and on OpenBIOS
enables the firmware's serial console.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-07-07 11:51:39 +02:00
Paolo Bonzini
ca57b5d60c qemu: detect -display
Add a new capability for the -display command line option, which has
been present since QEMU 1.0.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-07-07 11:51:39 +02:00
Peter Krempa
ef88140725 conf: Don't use virDomainLiveConfigHelperMethod in virDomainObjGetMetadata
Few arguments of the function are not necessary any more which leads to
some cleanups. The 'uri' argument had a stray ATTRIBUTE_UNUSED.
2016-07-07 08:57:05 +02:00
Peter Krempa
fcc3ccf3cd lxc: Synchronize implementation of qemuDomainSetMemoryParameters
The impls are identical and I don't have a reasonable idea where to
extract it.

This also kills yet another use of virDomainLiveConfigHelperMethod.
2016-07-07 08:57:05 +02:00
Peter Krempa
bcdbab891b qemu: driver: Make name of QEMU_SET_MEM_PARAMETER more universal
Use a VIR_ prefix even when it's a local helper macro. It will be later
synced with the LXC implementation.
2016-07-07 08:57:05 +02:00
Andrea Bolognani
cd89d3451b qemu: Memory locking is only required for KVM guests on ppc64
Due to the way the hardware works, KVM on ppc64 always requires
memory locking; however, that is not the case for non-KVM ppc64
guests, eg. ppc64 guests that are running on x86_64 with TCG.

Only require memory locking for ppc64 guests if they are using
KVM or, as it's the case for all architectures, they have host
devices assigned using VFIO.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1350772
2016-07-04 10:46:27 +02:00
Laine Stump
fe8567f6ad qemu: support setting host-side IP addresses/routes
For type='ethernet' interfaces only.

(This patch had been pushed earlier in
commit 0b4645a7e0, but was reverted in
commit 84d47a3cce because it had been
accidentally pushed during the freeze for release 2.0.0)
2016-07-01 21:13:31 -04:00
John Ferlan
60c40ce3be qemu: Introduce helper qemuDomainSecretDiskCapable
Introduce a helper to help determine if a disk src could be possibly used
for a disk secret... Going to need this for hot unplug.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-07-01 15:46:57 -04:00
John Ferlan
9bbf0d7e64 encryption: Add luks parsing for storageencryption
Add parse and format of the luks/passphrase secret including tests for
volume XML parsing.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-07-01 15:46:52 -04:00
John Ferlan
47e88b33be util: Add 'usage' for encryption
In order to use more common code and set up for a future type, modify the
encryption secret to allow the "usage" attribute or the "uuid" attribute
to define the secret. The "usage" in the case of a volume secret would be
the path to the volume as dictated by the backwards compatibility brought
on by virStorageGenerateQcowEncryption where it set up the usage field as
the vol->target.path and didn't allow someone to provide it. This carries
into virSecretObjListFindByUsageLocked which takes the secret usage attribute
value from from the domain disk definition and compares it against the
usage type from the secret definition. Since none of the code dealing
with qcow/qcow2 encryption secrets uses usage for lookup, it's a mostly
cosmetic change. The real usage comes in a future path where the encryption
is expanded to be a luks volume and the secret will allow definition of
the usage field.

This code will make use of the virSecretLookup{Parse|Format}Secret common code.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-07-01 15:46:24 -04:00
Jiri Denemark
60f35e263f qemu: Avoid needless copies of static strings
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-07-01 12:20:54 +02:00