All current IOMMU features are specific to Intel IOMMU, so
understandably we check for the corresponding capabilities
inside the Intel-specific switch() branch; however, we want
to make sure SMMUv3 IOMMU users get an error if they try to
enable any of those features in their guest, and performing
the capability checks unconditionally is both the easiest
way to achieve that, as well as the one least likely to
result in us inadvertently letting users enable some new
Intel-specific IOMMU feature for ARM guests later on.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
SMMUv3 is an IOMMU implementation for ARM virt guests.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
This capability can be used to figure out whether the
QEMU binary at hand supports the machine type property
we need in order to enable SMMUv3 IOMMU support.
Unfortunately we can't avoid probing the RISC-V binaries
along with the ARM ones, since both architectures have
their own 'virt' machine type.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Current capability checks are specific to Intel IOMMU, so
we need to move them inside the switch() statement before
we can introduce more virDomainIOMMUModel values.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
This doesn't make a whole lot of difference now, but once
we introduce more virDomainIOMMUModel values the current
structure will no longer work.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Ensure unexpected values are dealt with correctly, that
is by invoking virReportEnumRangeError() and immediately
returning a negative value to the caller.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
All other examples are organized using the either the format/
or the format/category/ hierarchy already, and grouping all
C programs together removes the last remaining outliers.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
Now that all C examples are neatly sorted into only three
categories, getting rid of our custom installation machinery
and replacing it with the standard autotools mechanism
finally becomes feasible.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
Most C examples live in their own directory, which seems a
bit unnecessary especially considering that all virt-admin
related examples share a single admin/ directory. Reorganize
non-admin C examples in two categories: domain/ for those
that act on a domain, and misc/ for everything else.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
The virt-lxc-convert shell script is at this point the
only example we don't install on the target system.
Create a sh/ subdirectory, following the example set by
the existing polkit/, systemtap/ and xml/, and move the
script there; then add rules that will install all example
shell scripts as documentation.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
Right now we install the files in RPMs only, and we include
them in the -daemon package which is probably not the best
option either. Start installing them via autotools; the RPMs
will get them automatically in the -docs package.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
We're doing nothing more than copying files to a target
directory, so we don't need any custom shell commands and
can just use the standard autotools data installation
support instead.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
$(mkinstalldirs) works like 'mkdir -p' in that it will
create all the necessary parts of the path leading up to
the actual directory, which means creating $(examplesdir)
beforehand is not necessary.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
$(AM_CPPFLAGS) is for passing options to the C preprocessor,
not the C compiler, and the stuff in $(WARN_CFLAGS) belongs
to the latter category.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
$(LDADD) is for object files that should be added during
linking, not for options that should be passed to the
linker: that's what $(AM_LDFLAGS) is for.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
The C programs in this directory are supposed to be only
using public functions, so having $(top_srcdir) in the
header search path is unnecessary at best and actively
harmful at worst.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
$(WARN_CFLAGS) contains options intended for the compiler,
whereas $(LDADD) is supposed to list additional objects
required during linking, so the former clearly doesn't
belong in the latter.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
This will make further changes easier to review.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
$(AM_CPPFLAGS) already includes $(WARN_CFLAGS), so this is
not doing anything useful.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
We already install the file, along with its driver-specific
counterparts, into ${datadir}/libvirt/api/ where language
bindings will actually look for them.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
They were introduced by commit 0a97486e09 when moving functions.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Depending on the way ctags was compiled, it may look for
.ctags.d/*.ctags files rather than .ctags for reading configuration.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
One of the current SEV document links went dead as AMD moved the
resource to another place (document store), so there's probably very
little point in maintaining 3rd party links if the resources are being
moved.
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
If the scheduler is set before vCPU0 cannot be moved into its cpu,cpuacct
cgroup. While it is not yet known whether this is a bug or not, it makes sense
for us to do that later as otherwise the scheduler would be inherited by vCPU
and I/O Threads even when they do not have any such setting specified.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Begins by writing a @start byte in the first position of @buffer and
then for every next byte it stores the value of its previous one
incremented by one.
Behaves the same for both supported flags.
Signed-off-by: Ilias Stamatis <stamatis.iliass@gmail.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
This is exactly how we already treat nwfilters, which require
the same kind of care (aka nasty hacks) as the default network,
because in both cases the UUID is generated and written to
disk the first time libvirtd is started after installing the
corresponding subpackage.
After this patch, RPM will be aware of the fact that the
libvirt-daemon-config-network subpackage owns the default
network.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
While libvirtd creates this directory with the default 0755 mode, the
spec file stores 0700 in the RPM database. Thus RPM verification always
complains about this directory. Let's fix the spec file to match
reality.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
The nwfilter XML files stored in /etc/libvirt/nwfilter are copied in a
%post scriptlet from /usr/share/libvirt/nwfilter/*.xml. While the files
in /usr/share are created with mode 0644, libvirt creates the files in
/etc/libvirt/nwfilter with mode 0600. Since 0600 is also stored in the
RPM database, we need to chmod the files copied from /usr/share to make
sure RPM verification does not complain about changed permissions.
https://bugzilla.redhat.com/show_bug.cgi?id=1628475
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
The libvirt-lock-sanlock subpackage requires sanlock to be installed
first and the sanlock package creates the sanlock group on all distros
we care about in the spec file (Fedora and RHEL >= 7). Thus instead of
setting the ownership and permissions in a post scriptlet only when the
sanlock group exists we can just install the directory with the
appropriate metadata.
https://bugzilla.redhat.com/show_bug.cgi?id=1702758
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
Fixes: 6864d8f740
Hugepages don't work in session mode but when building memory
part of command line we query for the default size anyway. This
breaks creating domains under session daemon. Query the page size
only if it's clear we need hugepages.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
formatdomaincaps.html provides explanation of SEV fields, but doesn't
link to the domain XML docs to show how it can be actually used in
libvirt.
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Apart from virDomainDefValidate, virDomainDefPostParse is another
place where operating on info-less devices makes sense.
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Ignore @source in the case of the test driver and return fixed private
IPv4 addresses for all the interfaces defined in the domain.
Signed-off-by: Ilias Stamatis <stamatis.iliass@gmail.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
Creating firewall rules for the virtual networks causes the kernel to
load the conntrack module. This imposes a significant performance
penalty on Linux network traffic. Thus we want to only take that hit if
we actually have virtual networks running.
We need to create global firewall rules during startup in order to
"upgrade" rules for any running networks created by older libvirt.
If no running networks are present though, we can safely delay setup
until the time we actually start a network.
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Pull the logic for creating global iptables chains into a separate
method and protect its invocation with virOnce, to make it possible
to reuse it in non-startup paths.
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
