Laine Stump [Thu, 21 Jun 2018 06:19:45 +0000 (02:19 -0400)]
hyperv: fix typo in Makefile.am.inc
The problem has been around for quite awhile - the misspelling was
faithfully copied from src/Makefile.am to src/hyperv/Makefile.am.inc
in commit 253b528c.
Signed-off-by: Laine Stump <laine@laine.org> ACKed-by: Michal Privoznik <mprivozn@redhat.com>
Attempting to use the FORCE flag for snapshot-revert was resulting
in failures because qemuProcessStart and qemuProcessStartCPUs were
using QEMU_ASYNC_JOB_START after a qemuProcessStop resulting in an
error when entering the monitor:
error: internal error: unexpected async job 6 type expected 0
So create a local @jobType, initialize to QEMU_ASYNC_JOB_START, and
change to QEMU_ASYNC_JOB_NONE if we end up in the --force path
where the qemuProcessStop is run before a Start and StartCPUs.
Signed-off-by: John Ferlan <jferlan@redhat.com> ACKed-by: Michal Privoznik <mprivozn@redhat.com>
John Ferlan [Tue, 19 Jun 2018 22:54:18 +0000 (18:54 -0400)]
qemu: Unset the genid start change flag for revert force
If the the snapshot revert involves a forced revert option, then
let's not cause startup to change the genid flag in order to signify
that we're still running the same/previous guest and not some
snapshot reversion.
Related to:
https://bugzilla.redhat.com/show_bug.cgi?id=1149445
Signed-off-by: John Ferlan <jferlan@redhat.com> ACKed-by: Michal Privoznik <mprivozn@redhat.com>
Cole Robinson [Tue, 19 Jun 2018 15:42:37 +0000 (11:42 -0400)]
qemu_command: replace vlan= with netdev= for legacy nic
VMs with hardcoded platform network devices are forced to use old
style '-net nic' command line config. Current we use qemu's vlan
option to hook this with the '-netdev' host side of things.
However since qemu 1.2 there is '-net nic,netdev=X' option for
explicitly referencing a netdev ID, which is more inline with
typical VM commandlines, so let's switch to that
There are two sets of functions here:
1) some functions talk on both monitor and agent monitor,
2) some functions only talk on agent monitor.
For functions from set 1) we need to use
qemuDomainObjBeginJobWithAgent() and for functions from set 2) we
need to use qemuDomainObjBeginAgentJob() only.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Michal Privoznik [Tue, 19 Jun 2018 06:12:11 +0000 (08:12 +0200)]
qemu: Introduce APIs for manipulating qemuDomainAgentJob
The point is to break QEMU_JOB_* into smaller pieces which
enables us to achieve higher throughput. For instance, if there
are two threads, one is trying to query something on qemu
monitor while the other is trying to query something on agent
monitor these two threads would serialize. There is not much
reason for that.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Michal Privoznik [Tue, 19 Jun 2018 06:11:39 +0000 (08:11 +0200)]
qemu: Introduce qemuDomainAgentJob
Introduce guest agent specific job categories to allow threads to
run agent monitor specific jobs while normal monitor jobs can
also be running.
Alter _qemuDomainJobObj in order to duplicate certain fields that
will be used for guest agent specific tasks to increase
concurrency and throughput and reduce serialization.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Erik Skultety [Mon, 18 Jun 2018 07:20:12 +0000 (09:20 +0200)]
qemu: sev: Use EnterMonitor instead of EnterMonitorAsync
Since it's being called with QEMU_ASYNC_JOB_NONE which is what
qemuDomainObjEnterMonitor is going to use with the internal helper,
let's use that one instead.
Signed-off-by: Erik Skultety <eskultet@redhat.com> Reviewed-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Andrea Bolognani [Tue, 19 Jun 2018 11:51:00 +0000 (13:51 +0200)]
tests: Fix qemucapsfixreplies
Since e6be524508d5 we include the executed command along
with the reply in *.replies files, which breaks the
renumbering logic implemented in qemucapsfixreplies.
Adapt the script so that it works with the new format.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
If there's a long running job it might cause us to wait 30
seconds before we give up acquiring the job. This is problematic
to interactive applications that fetch stats repeatedly every few
seconds.
The solution is to introduce
VIR_CONNECT_GET_ALL_DOMAINS_STATS_NOWAIT flag which tries to
acquire job but does not wait if acquiring failed.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
The aim of this API is to allow the caller to do best effort.
Some functions can work even when acquiring the job fails (e.g.
qemuConnectGetAllDomainStats()). But what they can't bear is
delay if they have to wait up to 30 seconds for each domain that
is processing some other job.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
John Ferlan [Mon, 18 Jun 2018 11:35:38 +0000 (07:35 -0400)]
qemu: Fix qemuMonitorCreateObjectProps
Fix the return value status comparison checking for call to
virJSONValueObjectCreateVArgs introduced by commit id f0a23c0c3.
If a NULL arglist is passed, then a 0 is returned which is a
valid status and we only should fail when the return is < 0.
This resolves an issue seen for "virsh iothreadadd $dom $iothread"
where a "error: An error occurred, but the cause is unknown" error
was generated when trying to hotplug an IOThread to a domain since
qemuDomainHotplugAddIOThread passes a NULL arglist.
John Ferlan [Fri, 15 Jun 2018 19:25:59 +0000 (15:25 -0400)]
events: Remove ATTRIBUTE_NONNULL for virObjectEventStateQueue[Remote]
Commit aad3a0b5f altered virObjectEventStateQueueRemote to move
the "if (!event) return" call added in the previous commit 031eb8f6
to virObjectEventStateQueue. Neither commit altered the function
prototype which used ATTRIBUTE_NONNULL(2).
This caused Coverity build problems. Since @event is now checked,
just remove the ATTRIBUTE_NONNULL check from both prototypes.
For reasons I don't understand my original patch of 75f0fd51124
freed not only the chardev from domain but also the one from
passed virDomainDeviceDefPtr. This caused no troubles until now,
because those two pointers were separate, but after I've
introduced virDomainDetachDeviceAlias() they became the same
resulting in double free on detach.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Andrea Bolognani [Tue, 12 Jun 2018 08:59:20 +0000 (10:59 +0200)]
travis: Use pre-built Docker images
Instead of starting from the minimal Ubuntu 18.04 base
image and installing all requirements at build time,
use a Docker image that has been specifically tailored
at building libvirt and thus already includes all
required packages.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Erik Skultety [Thu, 14 Jun 2018 12:18:30 +0000 (14:18 +0200)]
conf: Fix formatting of <sev> element in domain capabilities XML
We only formatted the <sev> element when QEMU supported the feature when
in fact we should always format the element to make clear that libvirt
knows about the feature and the fact whether it is or isn't supported
depends on QEMU version, in other words if QEMU doesn't support the
feature we're going to format the following into the domain capabilities
XML:
<sev supported='no'/>
This patch also adjusts the RNG schema accordingly in order to reflect
the proposed change.
Signed-off-by: Erik Skultety <eskultet@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
The new name is arguably more informative, especially now
that we have MACOS_CMD and knowing that MINGW_CMD will
be introduced later on.
We still use DOCKER_CMD when calling Docker, and we assign
the actual script on a per-image basis. Having this
separation will help us when we introduce MinGW builds.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
It mirrors the existing DOCKER_CMD, both in how it's defined
as part of the environment and how it's called by passing it
directly to the shell.
In addition to making the configuration more consistent, this
also allows us to move from having the macOS build script
divided into four steps, some of which have slightly different
semantics and the relationship between which is not immediately
obvious without consulting the documentation, to a single
straightforward shell invocation.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
All variable parts are taken from the environment, so we
can exploit inheritance and avoid duplication. This will
become more important as we start building on additional
platforms.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Fabiano Fidêncio [Thu, 14 Jun 2018 04:59:52 +0000 (06:59 +0200)]
xen_common: Split per-Vif logic from xenParseVif()
xenParseVif() does a lot of stuff and, in order to make things cleaner,
let's split it in two new functions:
- xenParseVif(): it's a new function that keeps the old name. It's
responsible for the whole per-Vif logic from the old xenParseVif();
- xenParseVifList(): it's basically the old xenParsePCI(), but now it
just iterates over the list of Vifs, calling xenParsePCI() per each Vif.
This patch is basically preparing the ground for the future when
typesafe virConf acessors will be used.
Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org> Reviewed-by: Ján Tomko <jtomko@redhat.com> Signed-off-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Wed, 13 Jun 2018 11:16:20 +0000 (13:16 +0200)]
qemuxml2argvtest: Don't leak TPM unix path
When testing a domain XML with TPM we overwrite UNIX socket path
to mimic what qemuTPMEmulatorPrepareHost() is doing (because
*PrepareHost() functions are not called from the test). But we
are not doing it fully - we need to set the chardev's type too so
that virDomainTPMDefFree() can free the path.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Pavel Hrdina [Thu, 14 Jun 2018 07:17:10 +0000 (09:17 +0200)]
virtportallocator: Change number of ports to 65536
USHRT_MAX is not good enough because the value is 65535 which specifies
the number of bits in bitmap. The allowed port range is 0-65535 so we
need to increase the number.
We could have USHRT_MAX + 1 but let's define the number explicitly.
Michal Privoznik [Wed, 13 Jun 2018 10:44:06 +0000 (12:44 +0200)]
conf: Rework virDomainSEVDefParseXML()
Firstly, this function changes node for relative XPaths but
doesn't restore the original one in case VIR_ALLOC(def) fails.
Secondly, @type is leaked. Thirdly, dh-cert and session
attributes are strdup()-ed needlessly, virXPathString already
does that so we can use the retval immediately.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Wed, 13 Jun 2018 10:33:57 +0000 (12:33 +0200)]
qemuBuildSevCommandLine: fix buffer leak
The buffer is not freed anywhere. Nor in the error paths. Also
the usage virCommand with respect to buffer is very odd.
==2504== 1,100 bytes in 1 blocks are definitely lost in loss record 167 of 175
==2504== at 0x4C2CE3F: malloc (vg_replace_malloc.c:298)
==2504== by 0x4C2F1BF: realloc (vg_replace_malloc.c:785)
==2504== by 0x5D32EE2: virReallocN (viralloc.c:245)
==2504== by 0x5D37278: virBufferGrow (virbuffer.c:150)
==2504== by 0x5D3783E: virBufferVasprintf (virbuffer.c:408)
==2504== by 0x5D377A9: virBufferAsprintf (virbuffer.c:381)
==2504== by 0x57017C1: qemuBuildSevCommandLine (qemu_command.c:9707)
==2504== by 0x57030F7: qemuBuildCommandLine (qemu_command.c:10324)
==2504== by 0x575FA48: qemuProcessCreatePretendCmd (qemu_process.c:6644)
==2504== by 0x11351A: testCompareXMLToArgv (qemuxml2argvtest.c:564)
==2504== by 0x1392F7: virTestRun (testutils.c:180)
==2504== by 0x137895: mymain (qemuxml2argvtest.c:2900)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
This API takes @source argument which tells it where to get
domain IP addresses from. However, not all sources are capable of
providing all the information we report, for instance ARP table
has no notion of IP address prefixes. Document this limitation.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Laine Stump <laine@laine.org>
The base vfio has not much functionality but to provide a custom
container by opening this path.
See https://www.kernel.org/doc/Documentation/vfio.txt for more.
Systems with static hostdevs will get /dev/vfio/vfio by virt-aa-hotplug
right from the beginning. But if the guest initially had no hostdev at
all it will run into the following deny before the security module
labelling callbacks will make the actual vfio device (like /dev/vfio/93)
known.
Example of such a deny:
[ 2652.756712] audit: type=1400 audit(1491303691.719:25):
apparmor="DENIED" operation="open"
profile="libvirt-17a61b87-5132-497c-b928-421ac2ee0c8a"
name="/dev/vfio/vfio" pid=8486 comm="qemu-system-x86"
requested_mask="wr" denied_mask="wr" fsuid=64055 ouid=0
intrigeri [Sat, 9 Jun 2018 19:26:26 +0000 (19:26 +0000)]
AppArmor: allow virt-aa-helper read access to Nova's qcow backing files.
As reported on https://bugs.debian.org/892431, without this rule, when launching
a QEMU KVM instance, an error occurs immediately upon launching the QEMU
process such as:
Peter Krempa [Thu, 3 May 2018 15:29:36 +0000 (17:29 +0200)]
tests: qemucapsprobemock: Prepare 'qemucapsprobe' for the new format
Change the output of qemucapsprobe to record the commands used for
querying. This allows to easily identify which reply belongs to which
command and also will allow to test whether we use stable queries.
This change includes changing dropping of the QMP greeting from the file
and reformatting of the query and output to stdout.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Peter Krempa [Thu, 3 May 2018 15:34:43 +0000 (17:34 +0200)]
tests: qemucapsprobemock: Simplify and extract skipping of empty lines
The prettyfied output may sometimes contain empty lines which would
desynchonize the test monitor workers. The skipping code can be much
simplified though. Also a extract it so so that it's obvious what
it's doing and can be reused.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Peter Krempa [Thu, 3 May 2018 09:43:34 +0000 (11:43 +0200)]
tests: qemumonitor: Optimize control flow when concatenating replies
The test file can be broken up by newlines and is automatically
concatenated back. Fix the control flow so that the concatenation code
'continues' the loop rather than branching out.
Also add an anotation to the concatenation code.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Peter Krempa [Mon, 4 Jun 2018 09:21:51 +0000 (11:21 +0200)]
tests: qemucapabilities: Reset command sequence before second probe
The test data for capabilities is obtained from two consecutive qemu
runs when the regular monitor object will be reset. Do the same for the
test monitor object which is not disposed between runs by calling
qemuMonitorResetCommandID.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Peter Krempa [Fri, 4 May 2018 14:26:08 +0000 (16:26 +0200)]
qemu: monitor: Add possibility to reset command sequence in tests
qemucapabilitiestest for simplicity uses one test monitor object for
simulating work of two separate inquiries of the qemu process. To allow
better testing in the future it will be required to reset the counter
so that it accurately simulates how qemu would behave.
This patch adds a private monitor API which allows to reset the counter
which will be usable only in tests.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Julio Faracco [Mon, 11 Jun 2018 20:35:33 +0000 (17:35 -0300)]
qemu: fix uninitialised variable in virQEMUDriverConfigLoadFile
Since virConfGetValueBool() can return earlier, the parameter 'value'
might be not initialised properly inside this method. Another proof:
Valgrind is returning this error during the libvirtd daemon startup:
==16199== Conditional jump or move depends on uninitialised value(s)
==16199== at 0x27FFFEF4: virQEMUDriverConfigLoadFile (qemu_conf.c:809)
==16199== by 0x2807665C: qemuStateInitialize (qemu_driver.c:654)
==16199== by 0x5535428: virStateInitialize (libvirt.c:662)
==16199== by 0x12AED8: daemonRunStateInit (remote_daemon.c:802)
==16199== by 0x536DE18: virThreadHelper (virthread.c:206)
==16199== by 0x6CB36DA: start_thread (pthread_create.c:463)
==16199== by 0x6FEC88E: clone (clone.S:95)
Signed-off-by: Julio Faracco <jcfaracco@gmail.com> Reviewed-by: Ján Tomko <jtomko@redhat.com> Signed-off-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Mon, 11 Jun 2018 13:32:05 +0000 (15:32 +0200)]
conf: Use virXMLFormatElement to format disk 'driver' element
Formatting of 'driver' already used a separate buffer but was part of
the main function. Separate it and remove bunch of unnecessary temporary
variables.
Note that some checks are removed but they are not really necessary
anyways.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Brijesh Singh [Fri, 8 Jun 2018 14:41:01 +0000 (09:41 -0500)]
qemu: Implement the driver backend for virDomainGetLaunchSecurityInfo
This patch implements the internal driver API for launch event into
qemu driver. When SEV is enabled, execute 'query-sev-launch-measurement'
to get the measurement of memory encrypted through launch sequence.
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Brijesh Singh [Fri, 8 Jun 2018 14:40:59 +0000 (09:40 -0500)]
libvirt: Introduce virDomainGetLaunchSecurityInfo public API
The API can be used outside the libvirt to get the launch security
information. When SEV is enabled, the API can be used to get the
measurement of the launch process.
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Brijesh Singh [Fri, 8 Jun 2018 14:40:58 +0000 (09:40 -0500)]
qemu: Add support to launch an SEV guest
QEMU >= 2.12 provides 'sev-guest' object which is used to launch encrypted
VMs on AMD platform using SEV feature. The various inputs required to
launch SEV guest is provided through the <launch-security> tag. A typical
SEV guest launch command line looks like this:
Brijesh Singh [Fri, 8 Jun 2018 14:40:56 +0000 (09:40 -0500)]
conf: Introduce launch-security element in domain
The launch-security element can be used to define the security
model to use when launching a domain. Currently we support 'sev'.
When 'sev' is used, the VM will be launched with AMD SEV feature enabled.
SEV feature supports running encrypted VM under the control of KVM.
Encrypted VMs have their pages (code and data) secured such that only the
guest itself has access to the unencrypted version. Each encrypted VM is
associated with a unique encryption key; if its data is accessed to a
different entity using a different key the encrypted guests data will be
incorrectly decrypted, leading to unintelligible data.
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Brijesh Singh [Fri, 8 Jun 2018 14:40:52 +0000 (09:40 -0500)]
conf: Expose SEV feature in domain capabilities
Extend hypervisor capabilities to include sev feature. When available,
hypervisor supports launching an encrypted VM on AMD platform. The
sev feature tag provides additional details like Platform Diffie-Hellman
(PDH) key and certificate chain which can be used by the guest owner to
establish a cryptographic session with the SEV firmware to negotiate
keys used for attestation or to provide secret during launch.
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Brijesh Singh [Fri, 8 Jun 2018 14:40:51 +0000 (09:40 -0500)]
qemu: Provide support to query the SEV capability
QEMU version >= 2.12 provides support for launching an encrypted VMs on
AMD x86 platform using Secure Encrypted Virtualization (SEV) feature.
This patch adds support to query the SEV capability from the qemu.
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
When attaching a virtio-scsi with IOThreads for the config of a
live domain, allow the <address> to not be defined thus allowing
post parse processing to fill in the address. This allows parsing
of an individual device to succeed for attach config.
Signed-off-by: John Ferlan <jferlan@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
projects / libvirt.git / log