Commit Graph

3826 Commits

Author SHA1 Message Date
Tony Krowiak
79a8769479 qemu: change macvtap device options in response to NIC_RX_FILTER_CHANGED
This patch enables synchronization of the host macvtap
device options with the guest device's in response to the
NIC_RX_FILTER_CHANGED event.

The following device options will be synchronized:
* PROMISC
* MULTICAST
* ALLMULTI

Signed-off-by: Tony Krowiak <akrowiak@linux.vnet.ibm.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-01-30 13:16:28 +01:00
John Ferlan
7879d03197 qemu: Don't unconditionally delete file in qemuOpenFileAs
https://bugzilla.redhat.com/show_bug.cgi?id=1158034

If we're expecting to create a file somewhere and that fails for some
reason during qemuOpenFileAs, then we unlink the path we're attempting
to create leaving no way to determine what the "existing" privileges,
protections, or labels are that caused the failure (open, change owner
and group, change mode, etc.).

Furthermore, if we fall into the path where we'll be opening / creating
the file using VIR_FILE_OPEN_FORK, we need to first unlink/delete the file
we created in the first path; otherwise, the attempt by the child process
to open as some specific user:group may fail because the file was already
created using nfsnobody:nfsnobody. Again, if we didn't create the file we
don't want to blindly delete what already exists. Thus, a second reason for
the original check to set need_unlink to false when we find the file with
CREAT set, but already existing.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2015-01-29 15:37:34 -05:00
John Ferlan
8ff383366b qemu: Adjust EndAsyncJob for qemuDomainSaveInternal error path
Commit id '540c339a' to fix issues with reference counting and transient
domains moved the qemuDomainObjEndAsyncJob call prior to the attempt to
restart the guest CPU's resulting in an error:

    error: Failed to save domain rhel70 to /tmp/pl/rhel70.save
    error: internal error: unexpected async job 3

when (ret != 0) - eg, the error path from qemuDomainSaveMemory.

This patch will adjust the logic to call the EndAsyncJob only after
we've tried to restart the guest CPUs. It also needs to adjust the
test for qemuDomainRemoveInactive to add the ret == 0 condition.

Additionally, if we get to endjob: because of some error earlier, then
we need to save that error in the event the CPU restart logic fails.
We don't want to return the error from CPU restart failure, rather we
want to return the error from the failed save that caused us to fall
into the retry to start the CPU logic.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2015-01-29 12:10:41 -05:00
Michal Privoznik
436dcf0b74 qemu: Add AAVMF to the list of known UEFIs
Well, even though users can pass the list of UEFI:NVRAM pairs at the
configure time, we may maintain the list of widely available UEFI
ourselves too. And as arm64 begin to rises, OVMF was ported there too.
With a slight name change - it's called AAVMF, with AAVMF_CODE.fd
being the UEFI firmware and AAVMF_VARS.fd being the NVRAM store file.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-01-29 15:20:47 +01:00
Michal Privoznik
bc03a23149 qemu: Allow UEFI paths to be specified at compile time
Up until now there are just two ways how to specify UEFI paths to
libvirt. The first one is editing qemu.conf, the other is editing
qemu_conf.c and recompile which is not that fancy. So, new
configure option is introduced: --with-loader-nvram which takes a
list of pairs of UEFI firmware and NVRAM store. This way, the
compiled in defaults can be passed during compile time without
need to change the code itself.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-01-29 15:20:42 +01:00
Luyao Huang
f76df311e8 qemu: fix cannot set graphic passwd via qemuDomainSaveImageDefineXML
https://bugzilla.redhat.com/show_bug.cgi?id=1183890

When we try to update a xml to a image file, we will clear the
graphics passwd settings, because we do not pass VIR_DOMAIN_XML_SECURE
to qemuDomainDefCopy, qemuDomainDefFormatBuf won't format the passwd.

Add VIR_DOMAIN_XML_SECURE flag when we call qemuDomainDefCopy
in qemuDomainSaveImageUpdateDef.

Signed-off-by: Luyao Huang <lhuang@redhat.com>
2015-01-28 16:56:34 +01:00
Ján Tomko
21e0e8866e hotplug: only add a chardev to vmdef after monitor call
https://bugzilla.redhat.com/show_bug.cgi?id=1161024

This way the device is in vmdef only if ret = 0 and the caller
(qemuDomainAttachDeviceFlags) does not free it.

Otherwise it might get double freed by qemuProcessStop
and qemuDomainAttachDeviceFlags if the domain crashed
in monitor after we've added it to vm->def.
2015-01-28 10:10:54 +01:00
Ján Tomko
daf51be5f1 Split qemuDomainChrInsert into two parts
Do the allocation first, then add the actual device.
The second part should never fail. This is good
for live hotplug where we don't want to remove the device
on OOM after the monitor command succeeded.

The only change in behavior is that on failure, the
vmdef->consoles array is freed, not just the first console.
2015-01-27 18:30:15 +01:00
Daniel P. Berrange
f7afeddce9 qemu: report TAP device indexes to systemd
Record the index of each TAP device created and report them to
systemd, so they show up in machinectl status for the VM.
2015-01-27 13:57:02 +00:00
Daniel P. Berrange
55ea7be7d9 Removing probing of secondary drivers
For stateless, client side drivers, it is never correct to
probe for secondary drivers. It is only ever appropriate to
use the secondary driver that is associated with the
hypervisor in question. As a result the ESX & HyperV drivers
have both been forced to do hacks where they register no-op
drivers for the ones they don't implement.

For stateful, server side drivers, we always just want to
use the same built-in shared driver. The exception is
virtualbox which is really a stateless driver and so wants
to use its own server side secondary drivers. To deal with
this virtualbox has to be built as 3 separate loadable
modules to allow registration to work in the right order.

This can all be simplified by introducing a new struct
recording the precise set of secondary drivers each
hypervisor driver wants

struct _virConnectDriver {
    virHypervisorDriverPtr hypervisorDriver;
    virInterfaceDriverPtr interfaceDriver;
    virNetworkDriverPtr networkDriver;
    virNodeDeviceDriverPtr nodeDeviceDriver;
    virNWFilterDriverPtr nwfilterDriver;
    virSecretDriverPtr secretDriver;
    virStorageDriverPtr storageDriver;
};

Instead of registering the hypervisor driver, we now
just register a virConnectDriver instead. This allows
us to remove all probing of secondary drivers. Once we
have chosen the primary driver, we immediately know the
correct secondary drivers to use.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-01-27 12:02:04 +00:00
Daniel P. Berrange
7b1ba9566b Remove use of nwfilterPrivateData from nwfilter driver
The nwfilter driver can rely on its global state instead
of the connect private data.
2015-01-27 12:02:03 +00:00
Peter Krempa
d13f56f08a qemu: Fix job handling in qemuDomainSetMetadata
The code modifies the domain configuration but doesn't take a MODIFY
type job to do so.
2015-01-27 10:39:21 +01:00
Peter Krempa
fb2ed975c3 qemu: Fix job type in qemuDomainGetBlockIoTune
The function just queries status so there's no need for a MODIFY type
job.
2015-01-27 10:39:21 +01:00
Peter Krempa
c5ee5cfb18 qemu: Fix job handling in qemuDomainSetSchedulerParametersFlags
The code modifies the domain configuration but doesn't take a MODIFY
type job to do so.
2015-01-27 10:38:47 +01:00
Peter Krempa
4fd7a72075 qemu: Fix job handling in qemuDomainSetMemoryParameters
The code modifies the domain configuration but doesn't take a MODIFY
type job to do so.
2015-01-27 10:24:04 +01:00
Peter Krempa
e3e72743df qemu: Fix job handling in qemuDomainSetAutostart
The code modifies the domain configuration but doesn't take a MODIFY
type job to do so.

This patch also fixes a few very long lines of code around the touched
parts.
2015-01-27 10:24:04 +01:00
Peter Krempa
79e5603307 qemu: Fix job handling in qemuDomainPinEmulator
The code modifies the domain configuration but doesn't take a MODIFY
type job to do so.
2015-01-27 10:24:04 +01:00
Peter Krempa
46d950443d qemu: Fix job handling in qemuDomainPinVcpuFlags
The domain modifies the domain configuration but doesn't take a MODIFY
type job to do it.
2015-01-27 10:24:03 +01:00
Richard W.M. Jones
ee4c13ce1d aarch64: Support versioned machine types.
For distros that want to add versioned machine types, they will add
(downstream) machine types like "virt-foo-1.2.3".  Detect these as
MMIO too.

Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
2015-01-23 15:12:33 +00:00
Erik Skultety
b7e6f2fc80 qemu: Add check for PCI bridge placement if there are too many PCI devices
Previous patch of this series fixed the issue with adding a new PCI bridge
when all the slots were reserved by devices with user specified addresses.
In case there are still some PCI devices waiting to get a slot reserved
by qemuAssignDevicePCISlots, this means a new bus needs to be
created along with a corresponding bridge controller. By adding an
additional check, this scenario now results in a reasonable error
instead of generating wrong qemu command line.
2015-01-23 14:35:03 +01:00
Erik Skultety
5d6904b991 qemu: Fix auto-adding PCI bridge when all slots are reserved
Commit 93c8ca tried to fix the issue with auto-adding of a PCI bridge
controller, but didn't work properly in all scenarios.

This patch provides a better fix of the issue when all slots on a PCI bus
are reserved by devices with user specified addresses and no additional
bridges need to be created.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1132900
2015-01-23 14:32:18 +01:00
Erik Skultety
a3ecd63e92 qemu: move PCI slot assignment for PIIX3, Q35 into a separate function
In order to be able to test for fully reserved PCI buses, assignment of
PCI slots for integrated devices needs to be moved to a separate function.
This also might be a good preparation if we decide to add support for
other chipsets as well.
2015-01-23 14:26:55 +01:00
Erik Skultety
3fb2a69284 qemu: reorder PCI slot assignment functions
Move qemuDomainAssignPCIAddresses after the definition
of the static function qemuDomainValidateDevicePCISlotsQ35.

This lets us define a new static function using
qemuDomainValidateDevicePCISlots* and use it in
qemuDomainAssignPCIAddresses without a forward declaration.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2015-01-23 14:16:40 +01:00
Peter Krempa
165c34778b qemu: command: Honor const-correctnes in qemuBuildNumaArgStr
@def is modified in the function indirectly although it's marked as
const.
2015-01-23 13:18:04 +01:00
Erik Skultety
2fbfb3ac41 qemu: Remove dead code in qemuDomainAssignPCIAddresses revert patch
As it turned out, fix of dead code 419a22 changed the affected condition
from "never true" to "always true", so better fix would be to change the
return code of virDomainMaybeAddController from 0 to 1 if
a new bridge has been added, thus distinguishing case when we didn't need to
add any controller and case we successfully added one.

The return code is changed in the next commit
2015-01-23 11:03:45 +01:00
Peter Krempa
b347c0c2a3 CVE-2015-0236: qemu: Check ACLs when dumping security info from snapshots
The ACL check didn't check the VIR_DOMAIN_XML_SECURE flag and the
appropriate permission for it. Found via code inspection while fixing
permissions for save images.
2015-01-22 14:32:54 +01:00
Peter Krempa
03c3c0c874 CVE-2015-0236: qemu: Check ACLs when dumping security info from save image
The ACL check didn't check the VIR_DOMAIN_XML_SECURE flag and the
appropriate permission for it.
2015-01-22 14:32:54 +01:00
Luyao Huang
860522d26b qemu: output error when try to hotplug unsupported console type
https://bugzilla.redhat.com/show_bug.cgi?id=1164627

When using 'virsh attach-device' to hotplug an unsupported console type
into a qemu guest the attachment would succeed as the command line
formatter didn't report error in such case.

Signed-off-by: Luyao Huang <lhuang@redhat.com>
2015-01-22 11:17:14 +01:00
Ján Tomko
280ece4af9 qemu: format server interface without a listen address
https://bugzilla.redhat.com/show_bug.cgi?id=1130390

The listen address is not mandatory for <interface type='server'>
but when it's not specified, we've been formatting it as:
-netdev socket,listen=(null):5558,id=hostnet0
which failed with:
Device 'socket' could not be initialized

Omit the address completely and only format the port in the listen
attribute.

Also fix the schema to allow specifying a model.
2015-01-21 13:22:36 +01:00
Ján Tomko
d16704fd60 qemu_conf: check for duplicate security drivers
Using the same driver multiple times is pointless and
it can result in confusing errors:

$ virsh start test
error: Failed to start domain test
error: internal error: security label already defined for VM

https://bugzilla.redhat.com/show_bug.cgi?id=1153891
2015-01-19 12:46:37 +01:00
Ján Tomko
5c703ca396 Always check return value of qemuDomainObjExitMonitor
Depending on the context, either error out if the domain
has disappeared in the meantime, or just ignore the value
to allow marking the function as ATTRIBUTE_RETURN_CHECK.
2015-01-19 10:12:32 +01:00
Ján Tomko
3070bc8ee5 Fix vmdef usage after domain crash in monitor on device attach
https://bugzilla.redhat.com/show_bug.cgi?id=1161024

If the domain crashed while we were in monitor,
we cannot rely on the REALLOC done on live definition,
since vm->def now points to the persistent definition.
Skip adding the attached devices to domain definition
if the domain crashed.

In AttachChrDevice, the chardev was already added to the
live definition and freed by qemuProcessStop in the case
of a crash. Skip the device removal in that case.

Also skip audit if the domain crashed in the meantime.
2015-01-19 10:12:32 +01:00
Ján Tomko
6edb97f29a Fix vmdef usage after domain crash in monitor on device detach
https://bugzilla.redhat.com/show_bug.cgi?id=1161024

In the device type-specific functions, exit early
if the domain has disappeared, because the cleanup
should have been done by qemuProcessStop.

Check the return value in processDeviceDeletedEvent
and qemuProcessUpdateDevices.

Skip audit and removing the device from live def because
it has already been cleaned up.
2015-01-19 10:12:07 +01:00
Dmitry Guryanov
c8a6f844c3 add ploop fs driver type
Ploop is a pseudo device which makeit possible to access
to an image in a file as a block device. Like loop devices,
but with additional features, like snapshots, write tracker
and without double-caching.

It used in PCS for containers and in OpenVZ. You can manage
ploop devices and images with ploop utility
(http://git.openvz.org/?p=ploop).

Signed-off-by: Dmitry Guryanov <dguryanov@parallels.com>
2015-01-16 14:07:46 +01:00
Martin Kletzander
6514c04c18 qemu: Add support for enabling/disabling PMU
This is used as a boolean parameter for the '-cpu' option.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1178853

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-01-16 13:43:46 +01:00
Erik Skultety
419a22d5db Remove dead code in qemuDomainAssignPCIAddresses
We tested for positive return value from virDomainMaybeAddController,
but it returns 0 or -1 only resulting in a dead code.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-01-16 10:59:13 +01:00
Erik Skultety
93c8ca9974 qemu: Tweak auto adding PCI bridge controller when extending default PCI bus
In case we find out, there are more PCI devices to be connected
than there are available slots on the default PCI bus, we automatically add a
new bus and a related PCI bridge controller as well. As there are no free slots
left on the default PCI bus, PCI bridge controller gets a free slot on a
newly created PCI bus which causes qemu to refuse to start the guest.
This fix introduces a new function qemuDomainPCIBusFullyReserved which
is checked right before we possibly try to reserve a slot for PCI bridge
controller.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1132900
2015-01-16 10:38:29 +01:00
Daniel P. Berrange
dd69a14f90 Add support for schema validation when passing in XML
The virDomainDefineXMLFlags and virDomainCreateXML APIs both
gain new flags allowing them to be told to validate XML.
This updates all the drivers to turn on validation in the
XML parser when the flags are set
2015-01-15 16:40:27 +00:00
Daniel P. Berrange
c5b6a4a5cb Change int to size_t in size var for tap/vhost FDs
A number of methods take an int for a parameter that indicates
the size of an array. The correct type for array sizes is
size_t
2015-01-15 11:07:13 +00:00
Daniel P. Berrange
318df5a05f Add support for systemd-machined CreateMachineWithNetwork
systemd-machined introduced a new method CreateMachineWithNetwork
that obsoletes CreateMachine. It expects to be given a list of
VETH/TAP device indexes for the host side device(s) associated
with a container/machine.

This falls back to the old CreateMachine method when the new
one is not supported.
2015-01-15 11:07:07 +00:00
Luyao Huang
5035279198 qemu: free priv->origname when qemuMigrationPrepareAny fails
https://bugzilla.redhat.com/show_bug.cgi?id=1181182

When we meet error in qemuMigrationPrepareAny and goto
cleanup with rc < 0, we forget clear the priv->origname and this
will make this vm migrate fail next time because leave a wrong
origname in  priv, and will Generate a wrong cookie when do
migrate next time.

This patch will make priv->origname is NULL when migrate fail
in target host.

Signed-off-by: Luyao Huang <lhuang@redhat.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2015-01-15 11:32:50 +01:00
Ján Tomko
c749eda4a2 Fix vmdef usage while in monitor in qemu process
Make local copy of the disk alias in qemuProcessInitPasswords,
instead of referencing the one in domain definition, which
might get freed if the domain crashes while we're in monitor.

Also copy the memballoon period value.
2015-01-14 19:30:32 +01:00
Ján Tomko
3f21398437 Fix vmdef usage while in monitor in BlockStat* APIs
Make a local copy of the disk alias instead of pointing
to the domain definition, which might get freed if
the domain dies while we're in monitor.

Also exit early if that happens.
2015-01-14 19:30:32 +01:00
Ján Tomko
051add2ff9 Fix vmdef usage while in monitor in qemuDomainHotplugVcpus
Exit the monitor right after we've done with it to get
the virDomainObjPtr lock back, otherwise we might be accessing
vm->def while it's being cleaned up by qemuProcessStop.

If the domain crashed while we were in the monitor, exit
early instead of changing vm->def which is now the persistent
definition.
2015-01-14 19:30:32 +01:00
Ján Tomko
dc2fd51fd7 Check for domain liveness in qemuDomainObjExitMonitor
The domain might disappear during the time in monitor when
the virDomainObjPtr is unlocked, so the caller needs to check
if it's still alive.

Since most of the callers are going to need it, put the
check inside qemuDomainObjExitMonitor and return -1 if
the domain died in the meantime.
2015-01-14 19:30:32 +01:00
Pavel Hrdina
ce745914b3 qemu_process: detect updated video ram size values from QEMU
QEMU internally updates the size of video memory if the domain XML had
provided too low memory size or there are some dependencies for a QXL
devices 'vgamem' and 'ram' size. We need to know about the changes and
store them into the status XML to not break migration or managedsave
through different libvirt versions.

The values would be loaded only if the "vgamem_mb" property exists for
the device.  The presence of the "vgamem_mb" also tells that the
"ram_size" and "vram_size" exists for QXL devices.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2015-01-14 11:55:51 +01:00
Pavel Hrdina
cc41c64878 qemu_monitor: introduce new function to get QOM path
The search is done recursively only through QOM object that has a type
prefixed with "child<" as this indicate that the QOM is a parent for
other QOM objects.

The usage is that you give known device name with starting path where to
search.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2015-01-14 11:55:51 +01:00
Pavel Hrdina
e105dc9814 qemu_driver: fix setting vcpus for offline domain
Commit e3435caf fixed hot-plugging of vcpus with strict memory pinning
on NUMA hosts, but unfortunately it also broke updating number of vcpus
for offline guests using our API.

The issue is that we try to create a cpu cgroup for non-running guest
which fails as there are no cgroups for that domain. We should create
cgroups and update cpuset.mems only if we are hot-plugging.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2015-01-14 10:34:20 +01:00
Michal Privoznik
04cf99a6b6 qemu, lxc: Warn if setting QoS on unsupported vNIC types
https://bugzilla.redhat.com/show_bug.cgi?id=1165993

So, there are still plenty of vNIC types that we don't know how to set
bandwidth on. Let's warn explicitly in case user has requested it
instead of pretending everything was set.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-01-14 08:54:49 +01:00
Shanzhi Yu
9f974858dd qemu: snapshot: inactive external snapshot can't work after libvirtd restart
When create inactive external snapshot, after update disk definitions,
virDomainSaveConfig is needed, if not after restart libvirtd the new snapshot
file definitions in xml will be lost.

Reproduce steps:

1. prepare a shut off guest
$ virsh domstate rhel7 && virsh domblklist rhel7
shut off

Target     Source
------------------------------------------------
vda        /var/lib/libvirt/images/rhel7.img

2. create external disk snapshot
$ virsh snapshot-create rhel7 --disk-only && virsh domblklist rhel7
Domain snapshot 1417882967 created
Target     Source
------------------------------------------------
vda        /var/lib/libvirt/images/rhel7.1417882967

3. restart libvirtd then check guest source file
$ service  libvirtd restart && virsh domblklist rhel7
Redirecting to /bin/systemctl restart  libvirtd.service
Target     Source
------------------------------------------------
vda        /var/lib/libvirt/images/rhel7.img

This was first reported by Eric Blake
http://www.redhat.com/archives/libvir-list/2014-December/msg00369.html

Signed-off-by: Shanzhi Yu <shyu@redhat.com>
2015-01-13 15:59:06 -05:00