This helper is provided by qemu for vhost-user-gpu and thereby being
in the same path as qemu_bridge_helper. Due to that adding a rule allowing
to call uses the same path list.
Reviewed-by: Jim Fehlig <jfehlig@suse.com> Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
docs: add a kbase explaining security protections for QEMU passthrough
When using command line passthrough users will often trip up over the
security protections like SELinux, DAC, namespaces, etc which will
deny access to files they are passing. This document explains the
various protections and how to deal with their policy, and/or how
to disable them.
Reviewed-by: Kashyap Chamarthy <kchamart@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Ján Tomko [Mon, 24 Feb 2020 12:32:30 +0000 (13:32 +0100)]
qemu: use correct backendType when checking memfd capability
The backend name is memory-backend-memfd but we've been checking
for memory-backend-memory.
Reported by GCC on rawhide:
../../../src/internal.h:75:22: error: 'strcmp' of a string of length 21 and
an array of size 21 evaluates to nonzero [-Werror=string-compare]
../../../src/qemu/qemu_command.c:3525:20: note: in expansion of macro 'STREQ'
3525 | } else if (STREQ(backendType, "memory-backend-memory") &&
| ^~~~~
Signed-off-by: Ján Tomko <jtomko@redhat.com> Fixes: 24b74d187cab48a9dc9f409ea78900154c709579 Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Andrea Bolognani [Mon, 10 Feb 2020 17:02:55 +0000 (18:02 +0100)]
ci: Make container environment available to scripts
For container images targeted at cross-building, we bake a small
amount of architecture-specific information in the environment so
that builds can work as expected without requiring additional work
from the user; unfortunately this information got lost as soon as
we called sudo. Explicitly allow it.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
While we have CI testing coverage for many platforms, we don't test any
non-glibc based Linux and there are other non-Linux platforms we don't
officially target, both of which might hit regressions.
Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
docs: reduce excessive spacing in ToC for RST files
The table of contents in the RST based files uses <p> tags inside the
<li>, which results in 1em's worth of spacing above & below each
entry. This results in way too much whitespace in the ToC.
Reviewed-by: Ján Tomko <jtomko@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Rikard Falkeborn [Sat, 22 Feb 2020 23:22:47 +0000 (00:22 +0100)]
vz: Fix return value in error path
If PrlVmDev_GetType(), PrlVmDev_GetIndex() or PrlVmCfg_GetBootDevCount()
fails, return false to indicate error. Returning -1 would be interpreted
as true when used in an if-statement.
Fixes: 8c9252aa6d95247537da0939b54fdd2f31695e32 Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com> Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Rikard Falkeborn [Sat, 22 Feb 2020 23:22:25 +0000 (00:22 +0100)]
esx: Same order of arguments in definition and declaration
The order of arguments were not the same in the definition and
declaration. All callers use the same order as the definition, so there
is no bug, but change the function declaration to match the
implementation to avoid confusion.
Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com> Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Ján Tomko [Wed, 19 Feb 2020 00:00:49 +0000 (01:00 +0100)]
util: vireventglibwatch: watch for G_IO_HUP and G_IO_ERR
To more closely match the previous usage in virEventPollDispatchHandles,
where called the handle callback for any revents returned by poll.
This should fix the virtlogd error on subsequent domain startup:
error: can't connect to virtlogd: Cannot open log file:
'/var/log/libvirt/qemu/f28live.log': Device or resource busy
as well as virtlogd spinning caused by virLogHandlerDomainLogFileEvent
never being called on hangup.
Signed-off-by: Ján Tomko <jtomko@redhat.com> Fixes: f8ab47cb4491dd72d866c1a96a9d94b8c3341de9 Fixes: 946a25274c46ffff46323c62f567ae7e753aa921 Tested-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
After the introduction of virDomainDriverMergeBlkioDevice() in a
previous patch, it is now clear that lxcDomainSetBlkioParameters() and
qemuDomainSetBlkioParameters() uses the same loop to set cgroup
blkio parameter of a domain.
Avoid the repetition by adding a new helper called
virDomainCgroupSetupDomainBlkioParameters().
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
lxcDomainMergeBlkioDevice() and qemuDomainMergeBlkioDevice()
are the same functions. This duplicated code can't be put in
the existing domain_cgroup.c since it's not cgroup related.
This patch introduces a new src/hypervisor/domain_driver.c to
host this more generic code that can be shared between virt
drivers. This new file is then used to create a new helper
called virDomainDeivceMergeBlkioDevice() to eliminate the code
repetition mentioned above. Callers in LXC and QEMU files
were updated.
This change is a preliminary step for more code reduction of
cgroup related code inside lxcDomainSetBlkioParameters() and
qemuDomainSetBlkioParameters().
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
qemuSetupCgroupVcpuBW() and lxcSetVcpuBWLive() shares the
same code to set CPU CFS period and quota. This code can be
moved to a new virCgroupSetupCpuPeriodQuota() helper to
avoid code repetition.
A similar code is also executed in virLXCCgroupSetupCpuTune(),
but without the rollback on error. Use the new helper in this
function as well since the 'period' rollback, if not a
straight improvement for virLXCCgroupSetupCpuTune(), is
benign. And we end up cutting more code repetition.
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
The code that calls virCgroupSetCpuShares() and virCgroupGetCpuShares()
is repeated in 4 different places. Let's put it in a new
virCgroupSetupCpuShares() to avoid code repetition.
There's a reason of why we execute a Get in the same value we
just executed Set, explained in detail by commit 97814d8ab3.
Let's add a gist of the reasoning behind it as a comment in
this new function as well.
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
There is duplicated code between virt drivers that needs to
be moved to avoid code repetition. In the case of duplicated
code between lxc_cgroup.c and qemu_cgroup.c a common place
would be utils/vircgroup.c. The problem is that this would
introduce /conf related definitions that shouldn't be imported
to vircgroup.c, which is supposed to be a place for utilitary
cgroups functions only. And syntax-check would forbid it anyway
due to cross-directory includes being used.
An alternative would be to overload domain_conf.c, which already
contains all the definitions required. But that file is already
crowded with XML handling code and we wouldn't do any favors to
it by putting more utilitary, non-XML parsing/formatting code
there.
In [1], Cole suggested a 'domain_cgroup' file to host common code
between lxc_cgroup and qemu_cgroup, and Daniel suggested a
'src/hypervisor' dir to host these type of files. This patch
introduces src/hypervisor/domain_cgroup.c and, to get started,
introduces a new virDomainCgroupSetupBlkio() function to host shared
code between virLXCCgroupSetupBlkioTune() and qemuSetupBlkioCgroup().
vircgroup.c: turn virCgroup{Get/Set}BlkioDevice* into static
Previous patch moved all duplicated code that were setting
and getting BlkioDevice parameters to vircgroup.c. We can
turn them into static and spare a few symbols in
libvirt_private.syms.
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
There are code repetition of set() and get() blkio device
parameters across lxc and qemu files. Use the new vircgroup
helpers to trim the repetition a bit.
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
The current use of the functions that set and get
BlkioDevice attributes is doing a set(), followed by
a get() of the same parameter right after. This is done
because there is no guarantee that the kernel will accept
the desired value given by the set() call, thus we need to
execute a get() right after to get the actual value.
This patch adds helpers inside vircgroup.c to execute these
operations. Next patch will use these helpers to reduce
code repetition in LXC and QEMU files.
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Ryan Moeller [Sat, 22 Feb 2020 05:01:39 +0000 (00:01 -0500)]
Add virtlockd and virtlogd init scripts
These are missing files for OpenRC.
Signed-off-by: Ryan Moeller <ryan@iXsystems.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Tue, 18 Feb 2020 20:43:08 +0000 (21:43 +0100)]
docs: Expand documentation for the tickpolicy timer attribute
The current documentation is fairly terse and not easy to decode
for someone who's not intimately familiar with the inner workings
of timer devices. Expand on it by providing a somewhat verbose
description of what behavior each policy will result in, as seen
from both the guest OS and host point of view.
Michal Privoznik [Fri, 21 Feb 2020 07:28:13 +0000 (08:28 +0100)]
qemuTestParseCapabilitiesArch: Free @binary
The variable is allocated, but never freed.
==119642== 29 bytes in 1 blocks are definitely lost in loss record 409 of 671
==119642== at 0x483579F: malloc (vg_replace_malloc.c:309)
==119642== by 0x5AB075F: __vasprintf_internal (in /lib64/libc-2.29.so)
==119642== by 0x57C1A28: g_vasprintf (in /usr/lib64/libglib-2.0.so.0.6000.7)
==119642== by 0x579A0CC: g_strdup_vprintf (in /usr/lib64/libglib-2.0.so.0.6000.7)
==119642== by 0x4AE6D58: vir_g_strdup_printf (glibcompat.c:197)
==119642== by 0x136EEE: qemuTestParseCapabilitiesArch (testutilsqemu.c:291)
==119642== by 0x138506: testQemuInfoSetArgs (testutilsqemu.c:763)
==119642== by 0x135FFF: mymain (qemuxml2argvtest.c:3093)
==119642== by 0x13A60E: virTestMain (testutils.c:839)
==119642== by 0x1368C2: main (qemuxml2argvtest.c:3121)
Fixes: 42b3e5b9e4b919644afe55a815992c07fb79b9dc Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Fri, 21 Feb 2020 07:28:04 +0000 (08:28 +0100)]
virDomainNetDefClear: Free @persistent name
The persistent alias name @persistent is allocated in
virDomainNetDefParseXML() but never freed.
==119642== 22 bytes in 2 blocks are definitely lost in loss record 178 of 671
==119642== at 0x483579F: malloc (vg_replace_malloc.c:309)
==119642== by 0x58F89F1: xmlStrndup (in /usr/lib64/libxml2.so.2.9.9)
==119642== by 0x4BA3B74: virXMLPropString (virxml.c:520)
==119642== by 0x4BDB0C5: virDomainNetDefParseXML (domain_conf.c:11876)
==119642== by 0x4BF9EF4: virDomainDefParseXML (domain_conf.c:21196)
==119642== by 0x4BFCD5B: virDomainDefParseNode (domain_conf.c:21943)
==119642== by 0x4BFCC36: virDomainDefParse (domain_conf.c:21901)
==119642== by 0x4BFCCCB: virDomainDefParseFile (domain_conf.c:21924)
==119642== by 0x114A9D: testCompareXMLToArgv (qemuxml2argvtest.c:452)
==119642== by 0x13894F: virTestRun (testutils.c:143)
==119642== by 0x11F46E: mymain (qemuxml2argvtest.c:1316)
==119642== by 0x13A60E: virTestMain (testutils.c:839
Fixes: fb0509d06ac57434c2edbd81ee63deb32a0e598a Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Fri, 21 Feb 2020 07:27:50 +0000 (08:27 +0100)]
virDomainFSDefFree: Unref private data
The privateData object is allocated in virDomainFSDefNew() but
never unref'd.
==119642== 480 bytes in 20 blocks are definitely lost in loss record 656 of 671
==119642== at 0x4837B86: calloc (vg_replace_malloc.c:762)
==119642== by 0x57806A0: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.6000.7)
==119642== by 0x4AE7392: virAllocVar (viralloc.c:331)
==119642== by 0x4B64395: virObjectNew (virobject.c:241)
==119642== by 0x48F1464: qemuDomainFSPrivateNew (qemu_domain.c:1427)
==119642== by 0x4BBF004: virDomainFSDefNew (domain_conf.c:2307)
==119642== by 0x4BD859A: virDomainFSDefParseXML (domain_conf.c:11217)
==119642== by 0x4BF9DD1: virDomainDefParseXML (domain_conf.c:21179)
==119642== by 0x4BFCD5B: virDomainDefParseNode (domain_conf.c:21943)
==119642== by 0x4BFCC36: virDomainDefParse (domain_conf.c:21901)
==119642== by 0x4BFCCCB: virDomainDefParseFile (domain_conf.c:21924)
==119642== by 0x114A9D: testCompareXMLToArgv (qemuxml2argvtest.c:452)
Fixes: 5120577ed79f89e172e3deed534fa9b585f4701f Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Laine Stump [Mon, 17 Feb 2020 03:34:59 +0000 (22:34 -0500)]
conf: extra validation for <port isolated='yes'/>
During the hypervisor-agnostic validation of network devices, verify
that the interface type is either "network" or "bridge", and that if
there is any <virtualport>, that it doesn't have any type associated
with it.
This needs to be done both for the parse-time validation and for
runtime validation (after a port has been acquired from any associated
network), because an interface with type='network' could have an
actual type at runtime of "hostdev" or "direct", neither of which
support isolated='true' (yet). Likewise, if an interface is
type='network', then at runtime a <virtualport> with a type that
doesn't support isolated='yes' (e.g. "openvswitch", "802.1Qbh" -
currently *none* of the available virtualport types support it)
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Laine Stump [Fri, 14 Feb 2020 18:51:31 +0000 (13:51 -0500)]
qemu: support updating <port isolated='yes|no'/> during device update
This setting can be updating very easily on an already active
interface by just changing it in sysfs. If the bridge used for
connection is also changed, there is no need to separately update it,
because the new setting isf done as a part of connecting to the bridge
anyway.
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Laine Stump [Thu, 13 Feb 2020 17:57:47 +0000 (12:57 -0500)]
qemu/lxc: plumb isolatedPort from config down through bridge attachment
This patch pushes the isolatedPort setting from the <interface> down
all the way to the callers of virNetDevBridgeAddPort(), and sets
BR_ISOLATED on the port (using virNetDevBridgePortSetIsolated()) after
the port has been successfully added to the bridge.
Signed-off-by: Laine Stump <laine@redhat.com> Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Laine Stump [Thu, 6 Feb 2020 23:15:25 +0000 (18:15 -0500)]
network: propagate <port isolated='yes'/> between network and domain
Similar to the way that the <vlan>, <bandwidth>, and <virtualport>
elements and the trustGuestRxFilters attribute in a <network> (or in
the appropriate <portgroup> element of a <network> can be applied to a
port when it is allocated for a domain's network interface, this patch
checks for a configured value of <port isolated="yes|no"/> in
either the domain <interface> or in the network, setting isolatedPort
in the <networkport> to the first one it finds (the setting from the
domain's <interface> is preferred). This, in turn, is passed back to
the domain when a port is allocated, so that the domain will use that
setting.
(One difference from <vlan>, <bandwidth>, <virtualport>, and
trustGuestRxFilters, is that all of those can be set in a <portgroup>
so that they can be applied only to a subset of interfaces connected
to the network. This didn't really make sense for the isolated setting
due to the way that it's implemented in Linux - the BR_ISOLATED flag
will prevent traffic from passing between two ports that both have
BR_ISOLATED set, but traffic can still go between those ports and
other ports that *don't* have BR_ISOLATED. (It would be nice if all
traffic from a BR_ISOLATED port could be blocked except traffic going
to/from a designated egress port or ports, but instead the entire
feature is implemented as a single flag. Because of this, it's really
only useful if all the ports on a network are isolated, so setting it
for a subset has no practical utility.)
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Laine Stump [Wed, 29 Jan 2020 15:29:21 +0000 (10:29 -0500)]
conf: parse/format <port isolated='yes|no'/>
This is a very simple thing to parse and format, but needs to be done
in 4 places, so two trivial utility functions have been made that can
be called from all the higher level parser/formatters:
<domain><interface>
<domain><interface><actual> (only in domain status)
<network>
<networkport>
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Laine Stump [Mon, 20 Jan 2020 21:27:02 +0000 (16:27 -0500)]
util: query/set BR_ISOLATED flag on netdevs attached to bridge
When this flag is set for an interface attached to a bridge, traffic
to/from the specified interface can only enter/exit the bridge via
another attached interface that *doesn't* have the BR_ISOLATED flag
set. This can be used to permit guests to communicate with the rest of
the network, but not with each other.
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Laine Stump [Thu, 13 Feb 2020 16:57:43 +0000 (11:57 -0500)]
qemu: save/restore original error when recovering from failed bridge attach
Not only was the original error code destroyed in the case of
encountering an error during recovery from a failed attach to the
bridge (and then *that* error was destroyed by logging a *second*
error about the failure to recover - virNetDevBridgeAddPort() already
logs an error, so the one about failing to recover was redundant), but
if the recovery was successful, the function would then return success
to the caller even though it had failed.
Fixes: 2711ac87160d7ac7d550c57f4339e6c6749942fa
(overwritten errors were introduced along with this functionality) Fixes: 6bde0a1a37424c84492658223ff845b1ebb0e25c
(the wrong return value was introduced by a refactor)
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Laine Stump [Fri, 14 Feb 2020 23:59:52 +0000 (18:59 -0500)]
schema: add missing vlan element to networkport RNG
This is in the data structure and the parse/format functions, and is
getting passed all around correctly, it just was omitted from the RNG,
which hasn't been noticed because no human is creating <networkport>
XML, and so it's never getting validated against the schema.
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Thu, 20 Feb 2020 10:54:44 +0000 (11:54 +0100)]
qemu_migration: Rearrange some checks in qemuMigrationSrcIsAllowed()
Firstly, the check for disk I/O error can be moved into 'if
(!offline)' section a few lines below.
Secondly, checks for vmstate and slirp should be moved under the
same section because they reflect live state of a domain. For
offline migration no QEMU is involved and thus these restrictions
are not valid.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Thu, 20 Feb 2020 10:46:24 +0000 (11:46 +0100)]
qemu: Don't explicitly remove pidfile after virPidFileForceCleanupPath()
In two places where virPidFileForceCleanupPath() is called, we
try to unlink() the pidfile again. This is needless because
virPidFileForceCleanupPath() has done just that.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Thu, 20 Feb 2020 10:36:07 +0000 (11:36 +0100)]
virpidfile: Set correct retval in virPidFileReadPath()
The virPidFileReadPath() function is supposed to return 0 on
success or a negative value on failure. But the negative value
has a special meaning - it's negated errno. Therefore, when
converting string to int we shouldn't return -1 which translates
to EPERM. Returning EINVAL looks closer to the truth.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Mon, 17 Feb 2020 11:36:59 +0000 (12:36 +0100)]
virStorageFileGetMetadataRecurse: Use virHashHasEntry instead of fake pointers
Replacing virHashLookup by virHashHasEntry allows us to use NULL as the
payload of the hash table rather than putting a fake '1' pointer into
the table.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
We call virStorageFileSupportsBackingChainTraversal which already checks
that the 'storageFileRead' callback is non-NULL, which in turn means
that virStorageFileRead will not return -2.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Peter Krempa [Mon, 17 Feb 2020 08:26:46 +0000 (09:26 +0100)]
util: storagefile: Drop image format probing by file suffix
Probing by file suffix was meant to be a last resort if probing by
contents fails or is not supported. For most formats we never specified
any suffix. There's a few formats implementing both magic bytes and
suffix and finally DMG which had only suffix probing. Since suffix
probing is nowhere reliable and only one format depends on in which has a
comment that qemu doesn't do the probing either drop the whole
infrastructure.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Jiri Denemark [Wed, 19 Feb 2020 12:48:39 +0000 (13:48 +0100)]
cpu_conf: Format vendor_id for host-model CPUs
In commit v5.9.0-400-gaf8e39921a I removed printing model's fallback and
vendor_id attributes when no model is specified. However, vendor_id
makes sense even without a specific CPU model (for host-model CPUs).
Peter Krempa [Wed, 19 Feb 2020 07:40:59 +0000 (08:40 +0100)]
qemuDomainGetStatsIOThread: Don't leak array with 0 iothreads
qemuMonitorGetIOThreads returns a NULL-terminated list even when 0
iothreads are present. The caller didn't perform cleanup if there were 0
iothreads leaking the array.
Fixes: d1eac92784573559b6fd56836e33b215c89308e3 Reported-by: Jing Yan <jiyan@redhat.com> Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Pavel Mores [Fri, 14 Feb 2020 16:26:23 +0000 (17:26 +0100)]
qemu: call networkPlugBandwidth() for all types of network
To fix the actual bug, it was necessary to make networkPlugBandwidth() be
called also for 'bridge'-type networks implemented using macvtap's 'bridge'
mode (previously it was only called for those implemented on top of an
existing bridge).
However, it seems beneficial to call it for other network types as well, at
least because it removes an inconsistency in types of bandwidth configuration
changes permissible in inactive and active domain configs. It should also be
safe as the function pretty much amounts to NOP if no QoS is requested and the
new behaviour should not be any worse than before if it is.
Signed-off-by: Pavel Mores <pmores@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Pavel Mores [Fri, 14 Feb 2020 16:26:21 +0000 (17:26 +0100)]
qemu: fail on attempt to set 'floor' if interface type is not 'network'
QoS 'floor' setting is documented to be only supported for interfaces of
type 'network'. Fail with an error message on attempt to set 'floor' on
an interface of any other type.
Signed-off-by: Pavel Mores <pmores@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Pavel Mores [Fri, 14 Feb 2020 16:26:19 +0000 (17:26 +0100)]
qemu: test if bandwidth has 'floor' factored out to separate function
This compound condition will be useful in several places so it
makes sense to give it a name for better readability.
Signed-off-by: Pavel Mores <pmores@redhat.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Peter Krempa [Mon, 10 Feb 2020 13:37:14 +0000 (14:37 +0100)]
qemu: Add support for slices of type 'storage'
Implement support for the slice of type 'storage' which allows to set
the offset and size which modifies where qemu should look for the start
of the format container inside the image.
Since slicing is done using the 'raw' driver we need to add another
layer into the blockdev tree if there's any non-raw image format driver
used to access the data.
This patch adds the blockdev integration and setup of the image data so
that we can use the slices for any backing image.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 12 Feb 2020 16:26:18 +0000 (17:26 +0100)]
tests: qemublock: Add cases for creating image overlays on top of disks with <slice>
Add a set of test data to see whether the backing store strings are
formatted reasonably. Note that we don't support direct creation of such
images so those tests are not enabled.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 12 Feb 2020 16:25:12 +0000 (17:25 +0100)]
qemu: block: Properly format storage slice into backing store strings
When creating overlay images e.g. for snapshots or when merging
snapshots we often specify the backing store string to use. Make the
formatter aware of backing chain entries which have a <slice>
configured so that we record it properly. Otherwise such images
would not work without the XML (when detecting the backing chain).
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 5 Feb 2020 17:00:23 +0000 (18:00 +0100)]
docs: Document the new <slices> sub-element of disk's <source>
We are going to add support for specifying offset and size attributes
which will allow controling where the image and where the guest data
itself starts in the source of the disk. This will be represented by
a <slices> element filled with either a <slice type='storage'> for the
offset of the image format data.
Add the XML documentation and RNG schema.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Mon, 3 Feb 2020 16:14:52 +0000 (17:14 +0100)]
util: virstoragefile: Add data structure for storing storage source slices
Introduce virStorageSourceSlice which will store the 'offset' and 'size'
of a virStorageSource and declare it as 'sliceStorage' and 'sliceFormat'
attributes of a virStorageSource.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Thu, 16 Jan 2020 15:02:15 +0000 (16:02 +0100)]
tests: virstorage: Add test data for json specified raw image with offset/size
QEMU allows specifying the offset and size into a raw file to expose a
sub-slice of the image to the guest with the raw driver. Libvirt
currently doesn't support it but we can add test case for future
reference.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Fri, 14 Feb 2020 12:59:02 +0000 (13:59 +0100)]
qemu_domain: Modify access to a NVMe disk iff needed
If a domain has a NVMe disk it already has the access configured.
Trying to configure it again on a commit or some other operation
is wrong and condemned to failure.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
qemu: drop support for monitor connections on PTYs
Libvirt switched to using a UNIX socket for monitors in
2009 for version 0.7.0. It seems unlikely that there is
a running QEMU process that hasn't been restarted for
11 years while also taking a libvirt upgrade. Therefore
we can drop support for opening a PTY for the QEMU
monitor.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Your Name [Wed, 12 Feb 2020 10:53:59 +0000 (10:53 +0000)]
src: use closefrom() for mass closing of FDs
On FreeBSD 12 the default ulimit settings allow for 100,000
open file descriptors. As a result spawning processes in
libvirt is abominably slow. Fortunately FreeBSD has long
since provided a good solution in the form of closefrom(),
which closes all FDs equal to or larger than the specified
parameter.
Reviewed-by: Ján Tomko <jtomko@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Arnaud Patard [Thu, 5 Dec 2019 17:11:41 +0000 (18:11 +0100)]
virt-aa-helper: Add support for smartcard host-certificates
When emulating smartcard with host certificates, qemu needs to
be able to read the certificates files. Add necessary code to
add the smartcard certificates file path to the apparmor profile.
Passthrough support has been tested with spicevmc and remote-viewer.
v2:
- Fix CodingStyle
- Add support for 'host' case.
- Add a comment to mention that the passthrough case doesn't need
some configuration
- Use one rule with '{,*}' instead of two rules.
Andrea Bolognani [Tue, 11 Feb 2020 14:37:05 +0000 (15:37 +0100)]
docs: Improve documentation for <serial> and <console>
Users expect to be able to configure the <console> element and see
that configuration reflected into the <serial> element or at least
sticking, however due to our crazy back-compat code that doesn't
always happen.
There's really not much we can do to make this kind of corner cases
work as the user would expect, especially not without introducing
additional complexity in a part of libvirt that already has more
than a fair share of it; we can, however, improve the documentation
so that it will nudge said users in the right direction.
projects / libvirt.git / log