Commit Graph

30398 Commits

Author SHA1 Message Date
Anya Harter
fddd2318bb domain_addr: make virDomainVirtioSerialAddr funcs static
SetCreate, SetAddControllers, Reserve

    last uses of these functions outside domain_addr.c removed in commit:
        40c284f0a6

Assign

    never used outside domain_addr.c

move Assign and Reserve above their first call within domain_addr.c

Signed-off-by: Anya Harter <aharter@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2018-07-04 07:17:18 +02:00
Anya Harter
6d9edcb8ee domain_addr: make virDomainCCWAddress funcs static
Allocate, Validate, SetCreate

    last uses of these functions outside domain_addr.c removed in commit:
        7bdd06b4e1

Signed-off-by: Anya Harter <aharter@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2018-07-04 07:17:15 +02:00
Anya Harter
3cb6821c22 domain_addr: make virDomainPCIAddressBusIsEmpty static
never used outside domain_addr.c

Signed-off-by: Anya Harter <aharter@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2018-07-04 07:16:13 +02:00
Michal Privoznik
d999b6016b esx: De-duplicate @virtualMachine check in esxDomainLookupByName
The function call esxVI_LookupVirtualMachineByName(occurrence =
OptionalItem) and then checks if @virtualMachine is NULL. If it
is an error is reported. The same result can be achieved by
setting occurrence to RequiredItem.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2018-07-03 23:24:06 +02:00
Michal Privoznik
5feb9f9420 esx: Report error in esxVI_LookupVirtualMachineByName
When reviewing 00d9edfe2f I've changed proposed patch and
made it to not report error if no domain is found. This is wrong
and the original patch was okay. Thing is, both callers pass
occurrence = OptionalItem so no error message overwriting is done
as I thought initially.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2018-07-03 23:24:06 +02:00
Anya Harter
7bdd06b4e1 qemu: move qemuDomainCCWAddrSetCreateFromDomain
from src/qemu/qemu_domain_address.c to src/conf/domain_addr.c
and rename to virDomainCCWAddressSetCreateFromDomain

(rename to have Address in full instead of Addr to follow
the naming convention of other virDomainCCWAddress functions)

Signed-off-by: Anya Harter <aharter@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-07-03 15:37:32 -04:00
Daniel P. Berrangé
2625722cbc cpu: add 'amd-ssbd' and 'amd-no-ssb' CPU features (CVE-2018-3639)
AMD x86 CPUs have two separate ways to mitigate the Speculative Store
Bypass hardware flaw. In current processors only non-architectural MSRs
are available, and so hypervisors must expose a virtualized MSR and CPU
flag "virt-ssbd" (CPUID Function 8000_0008, EBX[25]=1).

In future processors AMD will provide an architectural MSR, indicated by
existance of the CPUID Function 8000_0008, EBX[24]=1, to which QEMU has
given the name "amd-ssbd".

The "amd-ssbd" flag should be used in preference to "virt-ssbd", if it
is available, since it provides improved performance. For virtual
machine configuration, both should be exposed when available, to allow
for maximal guest OS compatibility as not all guests yet support both.

If future processes are not vulnerable to the flaw, this will be
indicated by the existance of CPUID Function 8000_0008, EBX[26]=1,
to which QEMU has given the name "amd-no-ssb".

See also 124441_AMD64_SpeculativeStoreBypassDisable_Whitepaper_final.pdf
from:

  https://bugzilla.kernel.org/show_bug.cgi?id=199889

Note that neither amd-ssbd or amd-no-ssb will be reported by the kernel
in /proc/cpuinfo. It knows about these CPUID bits and does the right thing,
but doesn't report their existance as distinct flags in /proc/cpuinfo.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-07-03 17:31:46 +01:00
Daniel P. Berrangé
12e93dc006 rpm: add new nwfilter RNGs to mingw-libvirt spec file
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-07-03 16:32:42 +01:00
Daniel P. Berrangé
b340c6c614 qemu: format serial and geometry on frontend disk device
Currently we format the serial, geometry and error policy on the -drive
backend argument.

QEMU added the ability to set serial and geometry on the frontend in
the 1.2 release deprecating use of -drive, with support being deleted
from -drive in 3.0.

We keep formatting error policy on -drive for now, because we don't
ahve support for that with -device for usb-storage just yet.

Note that some disk buses (sd) still don't support -device. Although
QEMU allowed these properties to be set on -drive for if=sd, they
have been ignored so we now report an error in this case.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-07-03 16:32:42 +01:00
Peter Krempa
33a475056f qemu: hotplug: Don't access srcPriv when it's not allocated
The private data of a virStorageSource which is backing an iSCSI hostdev
may be NULL if no authentication is present. The code handling the
hotplug would attempt to extract the authentication info stored in
'secinfo' without checking if it is allocated which resulted in a crash.

Here we opt the easy way to check if srcPriv is not NULL so that we
don't duplicate all the logic which selects whether the disk source has
a secret.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1597550

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-07-03 16:42:14 +02:00
Michal Privoznik
8677a476c7 qemu: Remove unused bypassSecurityDriver from qemuOpenFileAs
This argument is not used anymore. The only function that is
passing non-NULL (qemuDomainSaveMemory) does not actually care
for the value (after 23087cfdb) and every other caller just
passes NULL anyway.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-07-03 15:09:08 +02:00
Marcos Paulo de Souza
e66f87ade8 esx_driver: Use virCheckFlag macro
Instead of duplicating code to do the same checking. Now all functions
of virHypervisorDriver from esx driver are using this macro.

Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2018-07-03 11:26:28 +02:00
Marcos Paulo de Souza
00d9edfe2f esx_vi.c: Simplify error handling in MachineByName
The same pattern is used in lots of other places.
Also, reporting error message is not desired because all callers
check the return value and report errors on their own.

Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2018-07-03 11:26:28 +02:00
Daniel P. Berrangé
7ac08cc929 qemu: don't use chardev FD passing with standalone args
When using domxml-to-native, we must generate CLI args that can be used
in a standalone scenario. This means no FD passing can be used. To
achieve this we must clear the QEMU_CAPS_CHARDEV_FD_PASS capability bit.

Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-07-03 10:19:26 +01:00
Andrea Bolognani
147cb0c18c news: Update for the HTM pSeries feature
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-07-03 09:47:05 +02:00
Andrea Bolognani
d4c1117107 qemu: Format the HTM pSeries feature
This makes the feature fully operational.

https://bugzilla.redhat.com/show_bug.cgi?id=1525599

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-07-03 09:47:01 +02:00
Andrea Bolognani
9f3b9100f3 conf: Parse and format the HTM pSeries feature
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-07-03 09:46:59 +02:00
Andrea Bolognani
755a5765ac qemu: Add capability for the HTM pSeries feature
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-07-03 09:46:52 +02:00
Peter Krempa
b4891e997c tests: qemumonitorjson: Fix name and call apropriate API
Call the internal version of qemuMonitorGetAllBlockStatsInfo API and
rename the test accordingly.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2018-07-03 06:34:08 +02:00
Peter Krempa
dca4abc0e3 tests: qemumonitorjson: Add only required replies for blockstats test
testQemuMonitorJSONqemuMonitorJSONGetBlockStatsInfo added 4 replies but
only one was used. Additionally the comment stated that 7 replies are
going to be added.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2018-07-03 06:34:08 +02:00
Peter Krempa
d802eb6ad1 qemu: domain: update only newly detected images in qemuDomainDetermineDiskChain
The processing code which prepares images should be executed really only
for the images which were detected. The code actually tried to update
the last user-specified layer as well. Thankfully we don't do anything
that would be a problem at this point.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2018-07-03 06:16:42 +02:00
Michal Privoznik
01d1b535f8 virsh: Provide completer for detach-device-alias
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-07-03 04:56:29 +02:00
Michal Privoznik
a6fbbce73e qemuDomainDeviceDefValidateNetwork: Check for range only if IP prefix set
https://bugzilla.redhat.com/show_bug.cgi?id=1515533

The @prefix attribute to <ip/> element for interface type user is
optional. Therefore, if left out it has value of zero in which
case we should not check whether it falls into <4, 27> range.
Otherwise we fail parsing domain XML for no good reason.

Broken by commit b62b8090b2.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2018-07-03 04:56:29 +02:00
Marcos Paulo de Souza
15498a76e4 esx_driver: Simplify IsEncrypted and IsSecure
Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>
2018-07-03 04:56:29 +02:00
Julio Faracco
4539301bc8 util: moving 'type' argument to avoid issues with mount() syscall.
This commit fixes a mount call inside virgroup.c file. The NULL value
into 'type' argument is causing a valgrind issue. See commit 794b576c
for more details. The best approach to fix it is moving NULL to "none"
filesytem.

Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
2018-07-03 04:56:29 +02:00
Julio Faracco
87e198bb39 lxc: moving 'type' argument to avoid issues with mount() syscall.
This commit fixes a lots of mount calls inside lxc_container.c file. The
NULL value into 'type' argument is causing a valgrind issue. See commit
794b576c2b for more details. The best approach to fix it is moving NULL
to "none" filesytem.

Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
2018-07-03 04:56:29 +02:00
Laine Stump
c17edaf778 network: properly check for taps that are connected to an OVS bridge
When libvirtd is restarted, it checks that each guest tap device is
still attached to the bridge device that the configuration info says
it should be connected to. If not, the tap will be disconnected from
[wherever it is] and connected to [wherever it should be].

The previous code that did this did not account for:

1) the IFLA_MASTER attribute in a netdev's ifinfo will be set to
   "ovs-system" for any tap device connected to an OVS bridge, *not*
   to the name of the bridge it is attached to.

2) virNetDevRemovePort() only works for devices that are attached to a
   standard Linux host bridge. If a device is currently attached to an
   OVS bridge, then virNetDevOpenvswitchRemovePort() must be called
   instead.

This patch remedies those problems, and adds a couple of information
log messages to aid in debugging any future problem.

Resolves: https://bugzilla.redhat.com/1596176

Signed-off-by: Laine Stump <laine@laine.org>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2018-07-02 19:57:52 -04:00
Laine Stump
15072f3a97 util: add some debug log to virNetDevGetMaster
This makes it easier to see why libvirt has decided it must re-attach
a tap device to its bridge.

Signed-off-by: Laine Stump <laine@laine.org>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2018-07-02 18:58:22 -04:00
Laine Stump
032548c42a util: new function virNetDevOpenvswitchInterfaceGetMaster()
This function retrieves the name of the OVS bridge that the given
netdev is attached to. This separate function is necessary because OVS
set the IFLA_MASTER attribute to "ovs-system" for all netdevs that are
attached to an OVS bridge, so the standard method of retrieving the
master can't be used.

Signed-off-by: Laine Stump <laine@laine.org>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2018-07-02 18:06:53 -04:00
John Ferlan
fbe4a458b6 lxc: Rearrange order in lxcDomainUpdateDeviceFlags
Although commit e3497f3f noted that the LIVE option doesn't
matter and removed the call to virDomainDefCompatibleDevice,
it didn't go quite far enough and change the order of the checks
and rework the code to just handle the config change causing
a failure after virDomainObjUpdateModificationImpact updates
the @flags. Since we only support config a lot of previously
conditional code is now just inlined.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Prívozník <mprivozn@redhat.com>
2018-07-02 17:06:14 -04:00
John Ferlan
6ab0632b32 lxc: Remove FORCE flag from lxcDomainUpdateDeviceFlags
Force would be used to force eject a cdrom live, since the code
doesn't support live update, remove the flag.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Prívozník <mprivozn@redhat.com>
2018-07-02 17:06:14 -04:00
Anya Harter
5031bb2cd6 domain_addr: delete virDomainVirtioSerialAddrRelease
the last use of this function was deleted in commit
    19a148b7c8

Signed-off-by: Anya Harter <aharter@redhat.com>
2018-07-02 16:59:41 -04:00
Anya Harter
039802ca62 domain_addr: delete virDomainCCWAddressReleaseAddr
the last use of this function was deleted in commit
    1aa5e66cf3

Signed-off-by: Anya Harter <aharter@redhat.com>
2018-07-02 16:59:41 -04:00
John Ferlan
abd253c963 Post-release version bump to 4.6.0
Signed-off-by: John Ferlan <jferlan@redhat.com>
2018-07-02 16:58:50 -04:00
Daniel Veillard
6a32f5b89d Release of libvirt-4.5.0
- docs/news.xml: updated for the release

Signed-off-by: Daniel Veillard <veillard@redhat.com>
2018-07-02 22:11:33 +02:00
Andrea Bolognani
04e10e8714 news: Update for 4.5.0 release
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2018-07-02 17:42:30 +02:00
Jiri Denemark
5f99821911 qemu_migration: Check for active domain after talking to remote daemon
Once we called qemuDomainObjEnterRemote to talk to the destination
daemon during a peer to peer migration, the vm lock is released and we
only hold an async job. If the source domain dies at this point the
monitor EOF callback is allowed to do its job and (among other things)
clear all private data irrelevant for stopped domain. Thus when we call
qemuDomainObjExitRemote, the domain may already be gone and we should
avoid touching runtime private data (such as current job info).

In other words after acquiring the lock in qemuDomainObjExitRemote, we
need to check the domain is still alive. Unless we're doing offline
migration.

https://bugzilla.redhat.com/show_bug.cgi?id=1589730

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2018-07-02 11:53:21 +02:00
Jiri Denemark
e05ed21623 qemu_migration: Rename 'offline' variable in SrcPerformPeer2Peer
The variable is used to store the offline migration capability of the
destination daemon. Let's call it 'dstOffline' so that we can later use
'offline' to indicate whether we were asked to do offline migration.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2018-07-02 11:52:30 +02:00
Michal Privoznik
cb7a4ac4fb qemu: Allow cachetune only for KVM domains
https://bugzilla.redhat.com/show_bug.cgi?id=1541921

In TCG mode, there are no vCPU threads and thus there's nothing
to be placed into resctrl group. Forbid such configuration.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-06-28 17:06:52 +02:00
Jiri Denemark
57d90e3e05 qemu: Report error on unexpected job stats type
If we ever fail to properly set jobinfo->statsType,
qemuDomainJobInfoToParams would return -1 without setting an error.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2018-06-28 15:27:59 +02:00
Stefan Berger
43b0b4f834 security: Add swtpm paths to the domain's AppArmor profile
This patch extends the AppArmor domain profile with file paths
the swtpm accesses for state, log, pid, and socket files.

Both, QEMU and swtpm, use this AppArmor profile.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Cc: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2018-06-28 06:50:43 -04:00
Julio Faracco
f8c65481d5 nwfilter: variable 'obj' must be initialized inside nwfilterBindingCreateXML().
The function nwfilterBindingCreateXML() is failing to compile due to a
conditional branch which leads to an undefined 'obj' variable. So 'obj'
must have an initial value to avoid compilation errors. See the problem:

  CC       nwfilter/libvirt_driver_nwfilter_impl_la-nwfilter_driver.lo
nwfilter/nwfilter_driver.c:752:9: error: variable 'obj' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized]
    if (virNWFilterBindingCreateXMLEnsureACL(conn, def) < 0)
        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
nwfilter/nwfilter_driver.c:779:10: note: uninitialized use occurs here
    if (!obj)
         ^~~
nwfilter/nwfilter_driver.c:752:5: note: remove the 'if' if its condition is always false
    if (virNWFilterBindingCreateXMLEnsureACL(conn, def) < 0)
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
nwfilter/nwfilter_driver.c:742:33: note: initialize the variable 'obj' to silence this warning
    virNWFilterBindingObjPtr obj;
                                ^
                                 = NULL

This commit initialized 'obj' with NULL to fix the error properly.

Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2018-06-28 09:44:28 +02:00
Michal Privoznik
4ad54a417a conf: Forbid device alias change on device-update
https://bugzilla.redhat.com/show_bug.cgi?id=1585108

When updating a live device users might pass different alias than
the one the device has. Currently, this is silently ignored which
goes against our behaviour for other parts of the device where we
explicitly allow only certain changes and error out loudly on
anything else.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-06-27 16:43:09 +02:00
Michal Privoznik
5e9b150fe0 conf: Reintroduce action to virDomainDefCompatibleDevice
This was lost in c57f3fd2f8. But now we are going to
need it again (except the DETACH action where checking for device
compatibility does not make much sense anyway).

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-06-27 16:42:27 +02:00
Michal Privoznik
84de7fbfdb qemuDomainUpdateDeviceFlags: Parse device as live if needed
When updating device it's worth parsing live info too as users
might want to update it as well.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-06-27 15:57:49 +02:00
Pavel Hrdina
36e92adc7e spec: list new nwfilter schema files
Commit <41d619e99c2015eab2d56bea874e23ba9f52f829> introduced new RNG
schema files for nwfilter but forgot to update spec file.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-06-27 10:42:52 +02:00
Cole Robinson
a7d6c48dad syms: Fix placement of virDomainGetBlkioParametersAssignFromDef
It's in the domain_addr.h section, but should be in the
domain_conf.h section

Signed-off-by: Cole Robinson <crobinso@redhat.com>
2018-06-26 15:54:41 -04:00
Bjoern Walk
8a1acc7ebc qemu: hotplug: fix mdev attach for vfio-ccw
Mediated devices of model 'vfio-ccw' are using CCW addresses, so make
sure to call the correct address preparation code for the model.

Reviewed-by: Shalini Chellathurai Saroja <shalini@linux.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Signed-off-by: Bjoern Walk <bwalk@linux.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-06-26 14:57:32 -04:00
John Ferlan
5c73acec32 docs: Add news article for volume encryption modifications
Include both the domain and storage modifications in a "Removed
features" section as well as describing the improvement to allow
using a raw input volume to create the luks encrypted volume.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2018-06-26 14:02:43 -04:00
John Ferlan
39cef12a95 storage: Add support for using inputvol for encryption
Starting with QEMU 2.9, encryption convert processing requires
a multi-step process in order to generate an encrypted image from
some non encrypted raw image.

Processing requires to first create an encrypted image using the
sizing parameters from the input source and second to use the
--image-opts, -n, and --target-image-opts options along with inline
driver options to describe the input and output files, generating
two commands such as:

  $ qemu-img create -f luks \
      --object secret,id=demo.img_encrypt0,file=/path/to/secretFile \
      -o key-secret=demo.img_encrypt0 \
      demo.img 500K
  Formatting 'demo.img', fmt=luks size=512000 key-secret=demo.img_encrypt0
  $ qemu-img convert --image-opts -n --target-image-opts \
      --object secret,id=demo.img_encrypt0,file=/path/to/secretFile \
      driver=raw,file.filename=sparse.img \
      driver=luks,file.filename=demo.img,key-secret=demo.img_encrypt0
  $

This patch handles the convert processing by running the processing
in a do..while loop essentially reusing the existing create logic and
arguments to create the target vol from the inputvol and then converting
the inputvol using new arguments.

This then allows the following virsh command to work properly:

  virsh vol-create-from default encrypt1-luks.xml data.img --inputpool default

where encrypt1-luks.xml would provided the path and secret for
the new image, while data.img would be the source image.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2018-06-26 14:02:43 -04:00