Andrea Bolognani [Tue, 12 Jun 2018 08:59:20 +0000 (10:59 +0200)]
travis: Use pre-built Docker images
Instead of starting from the minimal Ubuntu 18.04 base
image and installing all requirements at build time,
use a Docker image that has been specifically tailored
at building libvirt and thus already includes all
required packages.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Erik Skultety [Thu, 14 Jun 2018 12:18:30 +0000 (14:18 +0200)]
conf: Fix formatting of <sev> element in domain capabilities XML
We only formatted the <sev> element when QEMU supported the feature when
in fact we should always format the element to make clear that libvirt
knows about the feature and the fact whether it is or isn't supported
depends on QEMU version, in other words if QEMU doesn't support the
feature we're going to format the following into the domain capabilities
XML:
<sev supported='no'/>
This patch also adjusts the RNG schema accordingly in order to reflect
the proposed change.
Signed-off-by: Erik Skultety <eskultet@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
The new name is arguably more informative, especially now
that we have MACOS_CMD and knowing that MINGW_CMD will
be introduced later on.
We still use DOCKER_CMD when calling Docker, and we assign
the actual script on a per-image basis. Having this
separation will help us when we introduce MinGW builds.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
It mirrors the existing DOCKER_CMD, both in how it's defined
as part of the environment and how it's called by passing it
directly to the shell.
In addition to making the configuration more consistent, this
also allows us to move from having the macOS build script
divided into four steps, some of which have slightly different
semantics and the relationship between which is not immediately
obvious without consulting the documentation, to a single
straightforward shell invocation.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
All variable parts are taken from the environment, so we
can exploit inheritance and avoid duplication. This will
become more important as we start building on additional
platforms.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Fabiano Fidêncio [Thu, 14 Jun 2018 04:59:52 +0000 (06:59 +0200)]
xen_common: Split per-Vif logic from xenParseVif()
xenParseVif() does a lot of stuff and, in order to make things cleaner,
let's split it in two new functions:
- xenParseVif(): it's a new function that keeps the old name. It's
responsible for the whole per-Vif logic from the old xenParseVif();
- xenParseVifList(): it's basically the old xenParsePCI(), but now it
just iterates over the list of Vifs, calling xenParsePCI() per each Vif.
This patch is basically preparing the ground for the future when
typesafe virConf acessors will be used.
Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org> Reviewed-by: Ján Tomko <jtomko@redhat.com> Signed-off-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Wed, 13 Jun 2018 11:16:20 +0000 (13:16 +0200)]
qemuxml2argvtest: Don't leak TPM unix path
When testing a domain XML with TPM we overwrite UNIX socket path
to mimic what qemuTPMEmulatorPrepareHost() is doing (because
*PrepareHost() functions are not called from the test). But we
are not doing it fully - we need to set the chardev's type too so
that virDomainTPMDefFree() can free the path.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Pavel Hrdina [Thu, 14 Jun 2018 07:17:10 +0000 (09:17 +0200)]
virtportallocator: Change number of ports to 65536
USHRT_MAX is not good enough because the value is 65535 which specifies
the number of bits in bitmap. The allowed port range is 0-65535 so we
need to increase the number.
We could have USHRT_MAX + 1 but let's define the number explicitly.
Michal Privoznik [Wed, 13 Jun 2018 10:44:06 +0000 (12:44 +0200)]
conf: Rework virDomainSEVDefParseXML()
Firstly, this function changes node for relative XPaths but
doesn't restore the original one in case VIR_ALLOC(def) fails.
Secondly, @type is leaked. Thirdly, dh-cert and session
attributes are strdup()-ed needlessly, virXPathString already
does that so we can use the retval immediately.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Wed, 13 Jun 2018 10:33:57 +0000 (12:33 +0200)]
qemuBuildSevCommandLine: fix buffer leak
The buffer is not freed anywhere. Nor in the error paths. Also
the usage virCommand with respect to buffer is very odd.
==2504== 1,100 bytes in 1 blocks are definitely lost in loss record 167 of 175
==2504== at 0x4C2CE3F: malloc (vg_replace_malloc.c:298)
==2504== by 0x4C2F1BF: realloc (vg_replace_malloc.c:785)
==2504== by 0x5D32EE2: virReallocN (viralloc.c:245)
==2504== by 0x5D37278: virBufferGrow (virbuffer.c:150)
==2504== by 0x5D3783E: virBufferVasprintf (virbuffer.c:408)
==2504== by 0x5D377A9: virBufferAsprintf (virbuffer.c:381)
==2504== by 0x57017C1: qemuBuildSevCommandLine (qemu_command.c:9707)
==2504== by 0x57030F7: qemuBuildCommandLine (qemu_command.c:10324)
==2504== by 0x575FA48: qemuProcessCreatePretendCmd (qemu_process.c:6644)
==2504== by 0x11351A: testCompareXMLToArgv (qemuxml2argvtest.c:564)
==2504== by 0x1392F7: virTestRun (testutils.c:180)
==2504== by 0x137895: mymain (qemuxml2argvtest.c:2900)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
This API takes @source argument which tells it where to get
domain IP addresses from. However, not all sources are capable of
providing all the information we report, for instance ARP table
has no notion of IP address prefixes. Document this limitation.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Laine Stump <laine@laine.org>
The base vfio has not much functionality but to provide a custom
container by opening this path.
See https://www.kernel.org/doc/Documentation/vfio.txt for more.
Systems with static hostdevs will get /dev/vfio/vfio by virt-aa-hotplug
right from the beginning. But if the guest initially had no hostdev at
all it will run into the following deny before the security module
labelling callbacks will make the actual vfio device (like /dev/vfio/93)
known.
Example of such a deny:
[ 2652.756712] audit: type=1400 audit(1491303691.719:25):
apparmor="DENIED" operation="open"
profile="libvirt-17a61b87-5132-497c-b928-421ac2ee0c8a"
name="/dev/vfio/vfio" pid=8486 comm="qemu-system-x86"
requested_mask="wr" denied_mask="wr" fsuid=64055 ouid=0
intrigeri [Sat, 9 Jun 2018 19:26:26 +0000 (19:26 +0000)]
AppArmor: allow virt-aa-helper read access to Nova's qcow backing files.
As reported on https://bugs.debian.org/892431, without this rule, when launching
a QEMU KVM instance, an error occurs immediately upon launching the QEMU
process such as:
Peter Krempa [Thu, 3 May 2018 15:29:36 +0000 (17:29 +0200)]
tests: qemucapsprobemock: Prepare 'qemucapsprobe' for the new format
Change the output of qemucapsprobe to record the commands used for
querying. This allows to easily identify which reply belongs to which
command and also will allow to test whether we use stable queries.
This change includes changing dropping of the QMP greeting from the file
and reformatting of the query and output to stdout.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Peter Krempa [Thu, 3 May 2018 15:34:43 +0000 (17:34 +0200)]
tests: qemucapsprobemock: Simplify and extract skipping of empty lines
The prettyfied output may sometimes contain empty lines which would
desynchonize the test monitor workers. The skipping code can be much
simplified though. Also a extract it so so that it's obvious what
it's doing and can be reused.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Peter Krempa [Thu, 3 May 2018 09:43:34 +0000 (11:43 +0200)]
tests: qemumonitor: Optimize control flow when concatenating replies
The test file can be broken up by newlines and is automatically
concatenated back. Fix the control flow so that the concatenation code
'continues' the loop rather than branching out.
Also add an anotation to the concatenation code.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Peter Krempa [Mon, 4 Jun 2018 09:21:51 +0000 (11:21 +0200)]
tests: qemucapabilities: Reset command sequence before second probe
The test data for capabilities is obtained from two consecutive qemu
runs when the regular monitor object will be reset. Do the same for the
test monitor object which is not disposed between runs by calling
qemuMonitorResetCommandID.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Peter Krempa [Fri, 4 May 2018 14:26:08 +0000 (16:26 +0200)]
qemu: monitor: Add possibility to reset command sequence in tests
qemucapabilitiestest for simplicity uses one test monitor object for
simulating work of two separate inquiries of the qemu process. To allow
better testing in the future it will be required to reset the counter
so that it accurately simulates how qemu would behave.
This patch adds a private monitor API which allows to reset the counter
which will be usable only in tests.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Julio Faracco [Mon, 11 Jun 2018 20:35:33 +0000 (17:35 -0300)]
qemu: fix uninitialised variable in virQEMUDriverConfigLoadFile
Since virConfGetValueBool() can return earlier, the parameter 'value'
might be not initialised properly inside this method. Another proof:
Valgrind is returning this error during the libvirtd daemon startup:
==16199== Conditional jump or move depends on uninitialised value(s)
==16199== at 0x27FFFEF4: virQEMUDriverConfigLoadFile (qemu_conf.c:809)
==16199== by 0x2807665C: qemuStateInitialize (qemu_driver.c:654)
==16199== by 0x5535428: virStateInitialize (libvirt.c:662)
==16199== by 0x12AED8: daemonRunStateInit (remote_daemon.c:802)
==16199== by 0x536DE18: virThreadHelper (virthread.c:206)
==16199== by 0x6CB36DA: start_thread (pthread_create.c:463)
==16199== by 0x6FEC88E: clone (clone.S:95)
Signed-off-by: Julio Faracco <jcfaracco@gmail.com> Reviewed-by: Ján Tomko <jtomko@redhat.com> Signed-off-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Mon, 11 Jun 2018 13:32:05 +0000 (15:32 +0200)]
conf: Use virXMLFormatElement to format disk 'driver' element
Formatting of 'driver' already used a separate buffer but was part of
the main function. Separate it and remove bunch of unnecessary temporary
variables.
Note that some checks are removed but they are not really necessary
anyways.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Brijesh Singh [Fri, 8 Jun 2018 14:41:01 +0000 (09:41 -0500)]
qemu: Implement the driver backend for virDomainGetLaunchSecurityInfo
This patch implements the internal driver API for launch event into
qemu driver. When SEV is enabled, execute 'query-sev-launch-measurement'
to get the measurement of memory encrypted through launch sequence.
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Brijesh Singh [Fri, 8 Jun 2018 14:40:59 +0000 (09:40 -0500)]
libvirt: Introduce virDomainGetLaunchSecurityInfo public API
The API can be used outside the libvirt to get the launch security
information. When SEV is enabled, the API can be used to get the
measurement of the launch process.
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Brijesh Singh [Fri, 8 Jun 2018 14:40:58 +0000 (09:40 -0500)]
qemu: Add support to launch an SEV guest
QEMU >= 2.12 provides 'sev-guest' object which is used to launch encrypted
VMs on AMD platform using SEV feature. The various inputs required to
launch SEV guest is provided through the <launch-security> tag. A typical
SEV guest launch command line looks like this:
Brijesh Singh [Fri, 8 Jun 2018 14:40:56 +0000 (09:40 -0500)]
conf: Introduce launch-security element in domain
The launch-security element can be used to define the security
model to use when launching a domain. Currently we support 'sev'.
When 'sev' is used, the VM will be launched with AMD SEV feature enabled.
SEV feature supports running encrypted VM under the control of KVM.
Encrypted VMs have their pages (code and data) secured such that only the
guest itself has access to the unencrypted version. Each encrypted VM is
associated with a unique encryption key; if its data is accessed to a
different entity using a different key the encrypted guests data will be
incorrectly decrypted, leading to unintelligible data.
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Brijesh Singh [Fri, 8 Jun 2018 14:40:52 +0000 (09:40 -0500)]
conf: Expose SEV feature in domain capabilities
Extend hypervisor capabilities to include sev feature. When available,
hypervisor supports launching an encrypted VM on AMD platform. The
sev feature tag provides additional details like Platform Diffie-Hellman
(PDH) key and certificate chain which can be used by the guest owner to
establish a cryptographic session with the SEV firmware to negotiate
keys used for attestation or to provide secret during launch.
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Brijesh Singh [Fri, 8 Jun 2018 14:40:51 +0000 (09:40 -0500)]
qemu: Provide support to query the SEV capability
QEMU version >= 2.12 provides support for launching an encrypted VMs on
AMD x86 platform using Secure Encrypted Virtualization (SEV) feature.
This patch adds support to query the SEV capability from the qemu.
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
When attaching a virtio-scsi with IOThreads for the config of a
live domain, allow the <address> to not be defined thus allowing
post parse processing to fill in the address. This allows parsing
of an individual device to succeed for attach config.
Signed-off-by: John Ferlan <jferlan@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
John Ferlan [Tue, 5 Jun 2018 12:33:04 +0000 (08:33 -0400)]
vbox: Fix resource leak
The @disk was allocated, filled in, and consumed on the normal path,
but for error/cleanup paths it would be leaked. Rename to newHardDisk
and manage properly.
Found by Coverity
Signed-off-by: John Ferlan <jferlan@redhat.com> Reviewed-by: Katerina Koukiou <kkoukiou@redhat.com>
John Ferlan [Tue, 5 Jun 2018 12:18:32 +0000 (08:18 -0400)]
vbox: Fix resource leak
Need to free the allocated hardDiskToOpen array. The contents of the
array are just pointers returned by virVBoxSnapshotConfHardDiskByLocation
and not allocated AFAICT so they don't need to also be freed as well.
Found by Coverity
Signed-off-by: John Ferlan <jferlan@redhat.com> Reviewed-by: Katerina Koukiou <kkoukiou@redhat.com>
Fabiano Fidêncio [Sun, 27 May 2018 22:28:23 +0000 (00:28 +0200)]
xen_common: Split per-PCI logic from xenParsePCI()
xenParsePCI() does a lot of stuff and, in order to make things cleaner,
let's split it in two new functions:
- xenParsePCI(): it's a new function that keeps the old name. It's
responsible for the whole per-PCI logic from the old xenParsePCI();
- xenParsePCIList(): it's basically the old xenParsePCI(), but now it
just iterates over the list of PCIs, calling xenParsePCI() per each PCI.
This patch is basically preparing the ground for the future when
typesafe virConf acessors will be used.
Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org> Reviewed-by: Ján Tomko <jtomko@redhat.com> Signed-off-by: Ján Tomko <jtomko@redhat.com>
Fabiano Fidêncio [Sun, 27 May 2018 22:28:20 +0000 (00:28 +0200)]
xen_xm: Split the per-disk logic from xenParseXMDisk()
xenParseXMDisk() does a lot of stuff and, in order to make things
cleaner, let's split it in two new functions:
- xenParseXMDisk(): it's a new function that keeps the old name. It's
responsible for the whole per-disk logic from the old xenParseXMDisk();
- xenParseXMDiskList(): it's basically the old xenParseXMDisk(), but
now it just iterates over the list of disks, calling xenParseXMDisk()
per each disk.
This patch is basically preparing the ground for the future when
typesafe virConf acessors will be used.
Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org> Reviewed-by: Ján Tomko <jtomko@redhat.com> Signed-off-by: Ján Tomko <jtomko@redhat.com>
Marc Hartmayer [Fri, 8 Jun 2018 10:49:07 +0000 (12:49 +0200)]
qemu: Fix segmentation fault on reconnect
On start up of libvirtd the worker pool of the QEMU driver must be
initialized before trying to reconnect to all the running QEMU
instances. Otherwise segmentation faults can occur if there are QEMU
monitor events emitted.
#0 __GI___pthread_mutex_lock
#1 0x000003fffdba9e62 in virMutexLock
#2 0x000003fffdbab2dc in virThreadPoolSendJob
#3 0x000003ffd8343b70 in qemuProcessHandleSerialChanged
#4 0x000003ffd836a776 in qemuMonitorEmitSerialChange
#5 0x000003ffd8378e52 in qemuMonitorJSONHandleSerialChange
#6 0x000003ffd8378930 in qemuMonitorJSONIOProcessEvent
#7 0x000003ffd837edee in qemuMonitorJSONIOProcessLine
#8 0x000003ffd837ef86 in qemuMonitorJSONIOProcess
#9 0x000003ffd836757a in qemuMonitorIOProcess
#10 0x000003ffd836863e in qemuMonitorIO
#11 0x000003fffdb4033a in virEventPollDispatchHandles
#12 0x000003fffdb4055e in virEventPollRunOnce
#13 0x000003fffdb3e782 in virEventRunDefaultImpl
#14 0x000003fffdc89400 in virNetDaemonRun
#15 0x000000010002a816 in main
Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com> Reviewed-by: Bjoern Walk <bwalk@linux.ibm.com> Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
It was used just temporarily to do a calculation, no need to keep that around.
Also use virBitmap in the code instead of reimplementing two of its existing
functions. And move the counting part next to where the value is read.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Move virCacheKernel enum implemetation from conf/ to util/
It will be used in that file later on, plus it makes sense for all the
implementations to be in same place. Also comment each one of them nicely and
add a comment explaining why they all need to end with the same _LAST value.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
There is no need to have virResctrlGetInfo() when it must be called after
virResctrlInfoNew() anyway, otherwise it's just an unusable object. When we
wrap the logic inside the New() function we'll save some calls later as well.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Move description of the purpose of the file before any definition.
One empty line between related enum definitions.
All typedefs before all structs. This is exception from the usual, but not the
only one, we already have something similar for some other structs. This way we
can move contents between structs and reorder some parts nicely without moving
all definitions of one type before another one just so it's defined.
Define all classes in one place.
Have one initialization function for all classes in the file.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
We already have virFileLock(), but we are now using flock() in the code as
well (due to requirements for mutual exclusion between libvirt and other
programs using flock() as well), so let's have a function for that as well so we
don't need to have stubs for unsupported platforms in other files.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
qemu: Add capability flag for setting the extended tseg size
For getting the reply I queried the newest and oldest QEMU using
test/qemucapsprobe. From the differences I only extracted the reply to the new
QMP command and discarded the rest. For all the versions below the one which
added support for the new option I used the output from the oldest QEMU release
and for those that support it I used the output from the newest one.
In order to make doubly sure the reply is where it is supposed to be (the
replies files are very forgiving) I added the property to all the replies files,
reran the tests again and fixed the order in replies files so that all the
versions are reporting the new capability. Then removed that one property.
After that I used test/qemucapsfixreplies to fix the reply IDs.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
conf, schema, docs: Add support for TSEG size setting
TSEG (Top of Memory Segment) is one of many regions that SMM (System Management
Mode) can occupy. This one, however is special, because a) most of the SMM code
lives in TSEG nowadays and b) QEMU just (well, some time ago) added support for
so called 'extended' TSEG. The difference to the TSEG implemented in real q35's
MCH (Memory Controller Hub) is that it can offer one extra size to the guest OS
apart from the standard TSEG's 1, 2, and 8 MiB and that size can be selected in
1 MiB increments. Maximum may vary based on QEMU and is way too big, so we
don't need to check for the maximum here. Similarly to the memory size we'll
leave it to the hypervisor to try satisfying that and giving us an error message
in case it is not possible.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
One of the things that this is improving is the fact that instead of error
message (that was wrong) you get when starting a domain with SMM and i440fx we
allow the setting to go through. SMM option exists and makes sense on i440fx as
well (basically whenever that _SMM_OPT capability is set).
Signed-off-by: Martin Kletzander <mkletzan@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Mon, 4 Jun 2018 13:30:49 +0000 (15:30 +0200)]
tests: qemuxml2argv: Make tests based on DO_TEST_CAPS_LATEST stable
To avoid problems with test cases specifying an alias machine type which
would change once capabilities for a newer version are added strip all
alias machine types for the DO_TEST_CAPS_LATEST based tests.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Peter Krempa [Mon, 4 Jun 2018 08:16:03 +0000 (10:16 +0200)]
tests: storage: Drop duplicate tests with TEST_CHAIN
Now that all test cases with TEST_CHAIN were testing the same thing
twice drop one of them. Note that some of the cases were duplicate even
before dropping the image format probing tests.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
projects / libvirt.git / log