Peter Krempa [Tue, 29 May 2018 16:04:42 +0000 (18:04 +0200)]
qemu: command: Don't generate alias for TLS private key password secret
qemuBuildTLSx509CommandLine has no business guessing which alias should
be used. The alias needs to be passed in.
Note that there's a lingering bad design of this, since the secret
object alias is based on the device name and not on the fact that the
secret is used for decrypting of the TLS private key. If we ever add
authentication for chardevs this will bite us.
Thankfully disk code does not support encrypted private keys for TLS so
it can be happily refactored there.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 30 May 2018 10:48:34 +0000 (12:48 +0200)]
qemu: domain: Process only one object in qemuDomainPrepareDiskSourceTLS
Remove the loop from qemuDomainPrepareDiskSourceTLS and rename it to
qemuDomainPrepareStorageSourceTLS. Currently there is no backing chain
to prepare so fixing one device is equivalent. In the future it will be
reused in a function which will do the looping.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 29 May 2018 14:38:50 +0000 (16:38 +0200)]
qemu: domain: aggregate setup of disk drive options for -drive
When using blockdev the approach to base aliases will change. Add a
helper function that will aggregate all code which needs to be called
with the disk alias for the -drive to setup internal data.
qemuDomainSecretDiskPrepare wrapper is no longer necessary as the
contents were moved to a function which is designed to use the old
aliases.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 29 May 2018 15:05:05 +0000 (17:05 +0200)]
qemu: domain: don't loop through images in qemuDomainPrepareDiskSourceChain
Convert the function to just prepare data for the disk. Callers need to
do the looping since there's more to do than just copy the data around.
The code path in qemuDomainPrepareDiskSource doesn't need to loop over
the chain yet, since there currently is no chain at this point. This
will be addressed later in the blockdev series where we will setup much
more stuff.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 29 May 2018 14:52:17 +0000 (16:52 +0200)]
qemu: domain: Properly setup data relevant for top disk image
qemuDomainPrepareDiskSourceChain should set up the disk zero detection
mode only for the top level image. Since it's invoked also for the
middle of the chain we need to check that it's really only the top level
image.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 30 May 2018 10:18:37 +0000 (12:18 +0200)]
qemu: domain: Regenerate alias for the TLS x509 credential object
When restarting libvirt would previously lose the alias of the x509
certificate object. Upon unplug we would then not delete the
corresponding objects.
Restore the alias if we know it should be there.
Luckily for disks we don't support encrypted TLS environment, so there's
no need to regenerate the 'secret' alias for decryption.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 30 May 2018 10:03:41 +0000 (12:03 +0200)]
qemu: domain: Store and restore TLS object alias of a disk
Libvirt uses the stored alias to detach the TLS x509 object on disk
unplug. As the alias was not stored, the object would not be detached
if unplugging disks after libvirtd restart.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Mon, 28 May 2018 13:15:16 +0000 (15:15 +0200)]
qemu: hotplug: Don't try to infer secret object alias/presence
Now that we remember the alias we've used to attach the secret objects
we should reuse them rather than trying to infer them from the disk
configuration.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Thu, 24 May 2018 16:24:13 +0000 (18:24 +0200)]
qemu: domain: Regenerate auth/enc secret aliases when restoring status XML
Previously we did not store the aliases but rather re-generated them
when unplug was necessary. This is very cumbersome since the knowledge
when and which alias to use needs to be stored in the hotplug code as
well.
While this patch will not strictly improve this situation since there
still will be two places containing this code it at least will allow to
remove the mess from the disk-unplug code and will prevent introducing
more mess when adding blockdev support.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Mon, 28 May 2018 13:17:01 +0000 (15:17 +0200)]
qemu: domain: Add helpers for partially clearing qemuDomainSecretInfoPtr
It's desired to keep the alias around to allow referencing of the secret
object used with qemu. Add set of APIs which will destroy all data
except the alias.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 22 May 2018 15:14:10 +0000 (17:14 +0200)]
qemu: domain: Add new function to set up encrypted secrets only
Some code paths can't use the unencrypted secret. Add a helper which
checks and sets up an encrypted secret only and reuse it when setting up
the secret to decrypt the TLS private key in qemuDomainSecretInfoTLSNew.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 22 May 2018 11:08:19 +0000 (13:08 +0200)]
qemu: domain: Rename and fix docs for qemuDomainSecretInfoNew
Rename it to qemuDomainSecretInfoNewPlain and annotate that it also may
set up a 'plain' secret in some cases. This will eventually be
refactored further.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 22 May 2018 07:03:02 +0000 (09:03 +0200)]
qemu: domain: Reuse code when preparing hostdev auth secrets
Use qemuDomainSecretStorageSourcePrepare in
qemuDomainSecretHostdevPrepare as it uses a virStorageSource to prepare
the authentication secret object data.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 23 May 2018 14:00:33 +0000 (16:00 +0200)]
tests: qemuxml2argv: Verify that disk secret alias is correct with user-aliases
Change the disk encryption type to qcow2+luks so that the appropriate
secret objects are generated. This tests that the proper alias is used
for the passphrase secret object.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Ján Tomko [Wed, 30 May 2018 10:52:51 +0000 (12:52 +0200)]
qemu: Add prefix for vsock vhostfd
Alter qemuBuildVsockDevStr to allow passing a prefix for
the vhostfd file descriptor name. Domain startup uses
the numeric value of fd without a prefix, but hotplug
will need to use a prefix because passed file descriptor
names cannot start with a number.
Jim Fehlig [Wed, 23 May 2018 21:09:45 +0000 (15:09 -0600)]
tests: xmconfigtest: add tests for cmdline formating
Commit 656151bf fixed formatting of the <cmdline> element. Perhaps it
would have been noticed and fixed earlier if we had a test. With this
change, all possible cases of formatting <cmdline> from xmconfig are
covered
1. no 'extra=' or 'root=' in xm.cfg
2. 'extra=' but no 'root=' in xm.cfg
3. 'root=' but no 'extra=' in xm.cfg
4. both 'root=' and 'extra=' in xm.cfg
Case 1 is covered by all existing paravirt tests since they have no
'extra=' or 'root='. Case 2 is covered by adding 'extra=' to a few
of the existing paravirt tests. Cases 3 and 4 are covered by new
tests that only test conversion of xm.cfg to xml.
Signed-off-by: Jim Fehlig <jfehlig@suse.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Jim Fehlig [Thu, 31 May 2018 21:41:37 +0000 (15:41 -0600)]
libxl: fix leaking logfile fds
Per-domain log files were introduced in commit a30b08b7179. The FILE
objects associated with these log files are stored in a hash table
using domid as a key. When a domain is shutdown, destroyed, or
otherwise powered-off, the FILE object is removed from the hash table,
where the free function will close the FILE.
Unfortunately the call to remove the FILE from the hash table occurs
after setting domid=-1 in the libxlDomainCleanup() function. The
object is never removed from the hash table, the free function is
never called, and the underlying fd is leaked. Fix by removing the
FILE object from the hash table before setting domid=-1.
Signed-off-by: Jim Fehlig <jfehlig@suse.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Jiri Denemark [Fri, 1 Jun 2018 08:32:49 +0000 (10:32 +0200)]
qemu: Fix reporting completed migration stats on destination
This has been broken since commit v4.0.0-165-g93412bb827 which added
jobInfo->statsType enum to distinguish various statistics types. During
migration the type will always be QEMU_DOMAIN_JOB_STATS_TYPE_MIGRATION,
however the destination code consuming the statistics data from
migration cookie failed to properly set the type. So even though
everything was filled in, the type remained *_NONE and any attempt to
fetch the statistics data of a completed migration on the destination
host failed.
Ján Tomko [Fri, 1 Jun 2018 11:22:56 +0000 (13:22 +0200)]
conf: rename <vsock><source> to <vsock><cid>
To avoid the <source> vs. <target> confusion,
change <source auto='no' cid='3'/> to:
<cid auto='no' address='3'/>
Signed-off-by: Ján Tomko <jtomko@redhat.com> Suggested-by: Daniel P. Berrangé <berrange@redhat.com> Acked-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Peter Krempa [Thu, 31 May 2018 13:18:20 +0000 (15:18 +0200)]
qemu: hotplug: Fix detach of disk with managed persistent reservations
In commit 8bebb2b735d I've refactored how the detach of disk with a
managed persistent reservations object is handled. After the commit if
any disk with a managed PR object would be removed libvirt would also
attempt to remove the shared 'pr-manager-helper' object potentially used
by other disks.
Thankfully this should not have practical impact as qemu should reject
deletion of the object if it was still used and the rest of the code is
correct.
Fix this by removing the disk from the definition earlier and checking
if the shared/managed pr-manager-helper object is still needed.
This basically splits the detach code for the managed PR object from the
unmanaged ones. The same separation will follow for the attachment code
as well as it greatly simplifies -blockdev support for this.
Michal Privoznik [Thu, 31 May 2018 10:00:41 +0000 (12:00 +0200)]
testUpdateQEMUCaps: Don't leak host cpuData
When preparing qemuCaps for test cases the following is
happening:
qemuTestParseCapabilitiesArch() is called, which calls
virQEMUCapsLoadCache() which in turn calls
virQEMUCapsInitHostCPUModel() which sets qemuCaps->kvmCPU and
qemuCaps->tcgCPU.
But then the code tries to update the capabilities:
testCompareXMLToArgv() calls testUpdateQEMUCaps() which calls
virQEMUCapsInitHostCPUModel() again overwriting previously
allocated memory. The solution is to free host cpuData in
testUpdateQEMUCaps().
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Michal Privoznik [Wed, 30 May 2018 15:51:59 +0000 (17:51 +0200)]
qemuxml2argvtest: Don't initialize qemuCaps twice
There's no point in calling testInitQEMUCaps() (which sets
info.qemuCaps) only to overwrite (and leak) it on the very next
line.
==12962== 296 (208 direct, 88 indirect) bytes in 1 blocks are definitely lost in loss record 265 of 331
==12962== at 0x4C2CF26: calloc (vg_replace_malloc.c:711)
==12962== by 0x5D28D9F: virAllocVar (viralloc.c:560)
==12962== by 0x5D96AB4: virObjectNew (virobject.c:239)
==12962== by 0x56DB7C7: virQEMUCapsNew (qemu_capabilities.c:1480)
==12962== by 0x112A5B: testInitQEMUCaps (qemuxml2argvtest.c:361)
==12962== by 0x1371C8: mymain (qemuxml2argvtest.c:2871)
==12962== by 0x13AD0B: virTestMain (testutils.c:1120)
==12962== by 0x1372FD: main (qemuxml2argvtest.c:2883)
Removing the function call renders @gic argument unused therefore
it's removed from the macro (and all its callers).
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Michal Privoznik [Wed, 30 May 2018 15:50:30 +0000 (17:50 +0200)]
virDomainDefParseXML: Free @tmp when parsing genid
We need to free return value of virXPathString().
==12962== 37 bytes in 1 blocks are definitely lost in loss record 156 of 331
==12962== at 0x4C2AF0F: malloc (vg_replace_malloc.c:299)
==12962== by 0x91E8439: strdup (in /lib64/libc-2.25.so)
==12962== by 0x5DBD551: virStrdup (virstring.c:977)
==12962== by 0x5DD3E5E: virXPathString (virxml.c:84)
==12962== by 0x5E178AB: virDomainDefParseXML (domain_conf.c:19110)
==12962== by 0x5E1E985: virDomainDefParseNode (domain_conf.c:20885)
==12962== by 0x5E1E7CB: virDomainDefParse (domain_conf.c:20827)
==12962== by 0x5E1E871: virDomainDefParseFile (domain_conf.c:20853)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Ján Tomko [Mon, 28 May 2018 07:05:29 +0000 (09:05 +0200)]
tests: initialize some variables
Found by cppcheck:
[tests/metadatatest.c:284]: (error) Uninitialized variable: test
[tests/objecteventtest.c:855]: (error) Uninitialized variable: test
Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Jiri Denemark [Tue, 29 May 2018 20:30:33 +0000 (22:30 +0200)]
spec: Fix permissions of nwfilter XMLs
The nwfilter XMLs in /etc are defined as %ghost in the spec file, which
means rpm will not install them, but it will record its existence and
permissions in the database. During installation the files are copied in
a %post scriptlet from /usr/share/libvirt/nwfilter, but once libvirtd is
restarted, it will rewrite the files to add generated UUIDs.
While RPM recorded 644 mode for the XMLs, libvirt saves them with 600
and thus any future attempt to verify the libvirt-daemon-config-nwfilter
package would fail. We need to tell RPM the ghost files are supposed to
have 600 permissions.
Similar to the the Logical backend, use qemu-img on the created
disk partition device to set up for LUKS encryption. Secret mgmt
for the device can be complicated by a reboot possibly changing
the path to the device if the infrastructure changes.
Signed-off-by: John Ferlan <jferlan@redhat.com> ACKed-by: Peter Krempa <pkrempa@redhat.com>
Ján Tomko [Tue, 22 May 2018 13:57:47 +0000 (15:57 +0200)]
qemu: add support for vhost-vsock-pci
Create a new vsock endpoint by opening /dev/vhost-vsock,
set the requested CID via ioctl (or assign a free one if auto='yes'),
pass the file descriptor to QEMU and build the command line.
https://bugzilla.redhat.com/show_bug.cgi?id=1291851 Signed-off-by: Ján Tomko <jtomko@redhat.com>
Ján Tomko [Tue, 22 May 2018 13:52:52 +0000 (15:52 +0200)]
util: create virvsock.c
A file for vsock-related helper functions.
virVsockSetGuestCid to set an already-known CID,
virVsockAcquireGuestCid that will use the first available CID
Ján Tomko [Tue, 22 May 2018 09:21:15 +0000 (11:21 +0200)]
conf: introduce <vsock> element
Add a new 'vsock' element for the vsock device.
The 'model' attribute is optional.
A <source cid> subelement should be used to specify the guest cid,
or <source auto='yes'/> should be used.
John Ferlan [Thu, 24 May 2018 19:38:18 +0000 (15:38 -0400)]
storage: Remove rwlocks during virStoragePoolObjListForEach
Remove the locks since they are unnecessary and would cause
a hang for a driver reload/restart when a transient pool was
previously active as a result of the call:
virStoragePoolUpdateInactive:
...
if (!virStoragePoolObjGetConfigFile(obj)) {
virStoragePoolObjRemove(driver->pools, obj);
...
Peter Krempa [Mon, 28 May 2018 09:36:47 +0000 (11:36 +0200)]
qemu: domain: Pass 'qemuCaps' to post parse callbacks when parsing status XML
When status XML was parsed the post-parse callbacks could not access
qemu caps and potentially upgrade the definition according to the
present caps. Implement the callback to pass it in.
Peter Krempa [Mon, 28 May 2018 09:36:46 +0000 (11:36 +0200)]
conf: domain: Allow passing in 'parseOpaque' for post-parse of status XML
The status XML parser function virDomainObjParseXML could not pass in
parseOpaque into the post parse callbacks. Add a callback which will
allow hypervisor drivers to fill it from the 'virDomainObj' data.
Peter Krempa [Mon, 28 May 2018 09:36:45 +0000 (11:36 +0200)]
conf: domain: Invoke post-parse callbacks after parsing private XML parts
When parsing status XML the post-parse callbacks can't access any
private data present in the status XML as the private bits were parsed
after invoking post-parse callbacks.
Move the invocation so that everything is parsed first.
Ján Tomko [Mon, 28 May 2018 12:31:50 +0000 (14:31 +0200)]
conf: introduce virDomainDefBootOrderPostParse
Move the check for boot elements into a separate function
and remove its dependency on the parser-supplied bootHash table.
Reconstructing the hash table from the domain definition
effectively duplicates the check for duplicate boot order
values, also present in virDomainDeviceBootParseXML.
Now it will also be run on domains created by other means than XML
parsing, since it will be run even for code paths that did not supply
the bootHash table before.
Ján Tomko [Mon, 28 May 2018 13:16:16 +0000 (15:16 +0200)]
vmx: add VIR_DOMAIN_DEF_FEATURE_NO_BOOT_ORDER
Further patches will introduce validation and a default setting
of def->os.bootDevs in postParse.
Introduce a feature flag to opt out of this and set it in the vmx
driver, otherwise we would be adding it <boot dev='hd'/> into every
vmx config despite having no way to change it.
Michal Privoznik [Mon, 28 May 2018 14:28:09 +0000 (16:28 +0200)]
qemu: Don't build cache= cmd line for scsi-block
Trying to set any cache for <disk device='lun'/> makes no sense.
Such disk translates into -device scsi-block on the command line
and the device lacks any cache setting because it's merely a
middle man between qemu and real SCSI device.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
The function creates a list of all (or migratable only) CPU features
supported by QEMU. It works by looking at the CPU model info returned by
query-cpu-model-expansion QMP command.
Jiri Denemark [Tue, 15 May 2018 09:57:35 +0000 (11:57 +0200)]
cpu: Add optional list of allowed features to virCPUBaseline
When computing a baseline CPU for a specific hypervisor we have to make
sure to include only CPU features supported by the hypervisor. Otherwise
the computed CPU could not be used for starting a new domain.
Jiri Denemark [Tue, 15 May 2018 09:27:20 +0000 (11:27 +0200)]
cpu_x86: Add support for passing guest CPUs to virCPUx86Baseline
Modern host CPU models from domain capabilities XMLs are reported as
guest CPU definitions with feature policies. This patch updates
virCPUx86Baseline to properly handle such CPU models.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Introduce virConnectBaselineHypervisorCPU public API
The new API computes the most feature-rich CPU which is compatible with
all given CPUs and can be provided by the specified hypervisor. It is a
more useful version of virConnectBaselineCPU, which doesn't consider any
hypervisor capabilities when computing the best CPU.
Introduce virConnectCompareHypervisorCPU public API
This new API compares the given CPU description with the CPU the
specified hypervisor is able to provide on the host. It is a more useful
version of virConnectCompareCPU, which compares the CPU definition with
the host CPU without considering any specific hypervisor and its
abilities.
virConnectGetDomainCapabilities needs to lookup QEMU capabilities
matching a specified binary, architecture, virt type, and machine type
while using default values when any of the parameters are not provided
by the user. Let's extract the lookup code into
virQEMUCapsCacheLookupDefault to make it reusable.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Jiri Denemark [Fri, 4 May 2018 21:46:55 +0000 (23:46 +0200)]
vshExtractCPUDefXML: Accept domain capabilities XML
The domain capabilities XML contains host CPU model tailored to a
specific hypervisor and since it's enclosed in <mode name='host-model'>
element rather then the required <cpu> it's impossible to directly use
the host CPU model as an input to, e.g., cpu-compare command. To make
this more convenient, vshExtractCPUDefXML now accepts full domain
capabilities XML and automatically transforms the host CPU models into
the form accepted by libvirt APIs.
projects / libvirt.git / log