Luyao Zhong [Thu, 20 Dec 2018 09:14:40 +0000 (17:14 +0800)]
conf: Introduce 'alignsize' element into xml for NVDIMM memory
NVDIMM emulation will mmap the backend file, it uses host pagesize
as the alignment of mapping address before, but some backends may
require alignments different from the pagesize. So the 'alignsize'
option is introduced to allow specification of the proper alignment:
Erik Skultety [Thu, 6 Dec 2018 13:59:15 +0000 (14:59 +0100)]
qemu: process: SEV: Relabel guest owner's SEV files created before start
Before launching a SEV guest we take the base64-encoded guest owner's
data specified in launchSecurity and create files with the same content
under /var/lib/libvirt/qemu/<domain>. The reason for this is that we
need to pass these files on to QEMU which then uses them to communicate
with the SEV firmware, except when it doesn't have permissions to open
those files since we don't relabel them.
Erik Skultety [Thu, 6 Dec 2018 13:50:19 +0000 (14:50 +0100)]
qemu: process: SEV: Assume libDir to be the directory to create files in
Since SEV operates on a per domain basis, it's very likely that all
SEV launch-related data will be created under
/var/lib/libvirt/qemu/<domain_name>. Therefore, when calling into
qemuProcessSEVCreateFile we can assume @libDir as the directory prefix
rather than passing it explicitly.
Signed-off-by: Erik Skultety <eskultet@redhat.com> Acked-by: Michal Privoznik <mprivozn@redhat.com>
John Ferlan [Thu, 20 Dec 2018 21:30:24 +0000 (16:30 -0500)]
security: Fix comparison for virSecuritySELinuxRecallLabel
The @con type security_context_t is actually a "char *", so the
correct check should be to dereference one more level; otherwise,
we could return/use the NULL pointer later in a subsequent
virSecuritySELinuxSetFileconImpl call (using @fcon).
Suggested-by: Michal Prívozník <mprivozn@redhat.com> Signed-off-by: John Ferlan <jferlan@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
qemu: don't log error for missing optional storage sources on start
Because missing optional storage source is not error. The patch
address only local files. Fixing other cases is a bit ugly.
Below is example of error notice in log now:
error: virStorageFileReportBrokenChain:427 :
Cannot access storage file '/path/to/missing/optional/disk':
No such file or directory
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
qemu: don't log error for missing optional storage sources on stats
Every time we call all domain stats for inactive domain with
unavailable storage source we get error message in logs [1]. It's a bit noisy.
While it's arguable whether we need such message or not for mandatory
disks we would like not to see messages for optional disks. Let's
filter at least for cases of local files. Fixing other cases would
require passing flag down the stack to .backendInit of storage
which is ugly.
Stats for active domain are fine because we either drop disks
with unavailable sources or clean source which is handled
by virStorageSourceIsEmpty in qemuDomainGetStatsOneBlockFallback.
We have these logs for successful stats since 25aa7035d (version 1.2.15)
which in turn fixes 596a13713 (version 1.2.12 )which added substantial
stats for offline disks.
[1] error message example:
qemuOpenFileAs:3324 : Failed to open file '/path/to/optional/disk': No such file or directory
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
Marc Hartmayer [Mon, 29 Oct 2018 17:34:58 +0000 (18:34 +0100)]
qemu: Introduce caching whether /dev/kvm is accessible
Introduce caching whether /dev/kvm is usable as the QEMU user:QEMU
group. This reduces the overhead of the QEMU capabilities cache
lookup. Before this patch there were many fork() calls used for
checking whether /dev/kvm is accessible. Now we store the result
whether /dev/kvm is accessible or not and we only need to re-run the
virFileAccessibleAs check if the ctime of /dev/kvm has changed.
Suggested-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Michal Privoznik [Tue, 25 Sep 2018 12:15:24 +0000 (14:15 +0200)]
tools: Provide a script to recover fubar'ed XATTRs setup
Our code is not bug free. The refcounting I introduced will
almost certainly not work in some use cases. Provide a script
that will remove all the XATTRs set by libvirt so that it can
start cleanly.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
This test checks if security label remembering works correctly.
It uses qemuSecurity* APIs to do that. And some mocking (even
though it's not real mocking as we are used to from other tests
like virpcitest). So far, only DAC driver is tested.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
When iterating over list of paths/disk sources to relabel it may
happen that the process fails at some point. In that case, for
the sake of keeping seclabel refcount (stored in XATTRs) in sync
with reality we have to perform rollback. However, if that fails
too the only thing we can do is warn user.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Tue, 25 Sep 2018 15:07:23 +0000 (17:07 +0200)]
security_selinux: Restore label on failed setfilecon() attempt
It's important to keep XATTRs untouched (well, in the same state
they were in when entering the function). Otherwise our
refcounting would be messed up.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Wed, 19 Sep 2018 08:06:44 +0000 (10:06 +0200)]
security_selinux: Remember old labels
Similarly to what I did in DAC driver, this also requires the
same SELinux label to be used for shared paths. If a path is
already in use by a domain (or domains) then and the domain we
are starting now wants to access the path it has to have the same
SELinux label. This might look too restrictive as the new label
can still guarantee access to already running domains but in
reality it is very unlikely and usually an admin mistake.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Tue, 25 Sep 2018 14:32:47 +0000 (16:32 +0200)]
security_selinux: Track if transaction is restore
It is going to be important to know if the current transaction we
are running is a restore operation or set label operation so that
we know whether to call virSecurityGetRememberedLabel() or
virSecuritySetRememberedLabel(). That is, whether we are in a
restore and therefore have to fetch the remembered label, or we
are in set operation and therefore have to store the original
label.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Tue, 25 Sep 2018 11:33:28 +0000 (13:33 +0200)]
virSecurityDACRestoreImageLabelInt: Restore even shared/RO disks
Now that we have seclabel remembering we can safely restore
labels for shared and RO disks. In fact we need to do that to
keep seclabel refcount stored in XATTRs in sync with reality.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
This also requires the same DAC label to be used for shared
paths. If a path is already in use by a domain (or domains) then
and the domain we are starting now wants to access the path it
has to have the same DAC label. This might look too restrictive
as the new label can still guarantee access to already running
domains but in reality it is very unlikely and usually an admin
mistake.
This requirement also simplifies seclabel remembering, because we
can store only one seclabel and have a refcounter for how many
times the path is in use. If we were to allow different labels
and store them in some sort of array the algorithm to match
labels to domains would be needlessly complicated.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Tue, 20 Nov 2018 12:05:08 +0000 (13:05 +0100)]
security_dac: Allow callers to enable/disable label remembering/recall
Because the implementation that will be used for label
remembering/recall is not atomic we have to give callers a chance
to enable or disable it. That is, enable it if and only if
metadata locking is enabled. Otherwise the feature MUST be turned
off.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Tue, 25 Sep 2018 08:36:13 +0000 (10:36 +0200)]
virSecurityDACTransactionRun: Implement rollback
When iterating over list of paths/disk sources to relabel it may
happen that the process fails at some point. In that case, for
the sake of keeping seclabel refcount (stored in XATTRs) in sync
with reality we have to perform rollback. However, if that fails
too the only thing we can do is warn user.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Mon, 24 Sep 2018 15:10:06 +0000 (17:10 +0200)]
security_dac: Restore label on failed chown() attempt
It's important to keep XATTRs untouched (well, in the same state
they were in when entering the function). Otherwise our
refcounting would be messed up.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Luyao Huang [Wed, 19 Dec 2018 03:17:01 +0000 (11:17 +0800)]
virsh: Fix vcpupin command output wrong vcpu pinning info
Commit 3072ded3 changed the waya to format the vcpu pinning info
and forget to get cpumap for each vcpu during the loop, that cause
vcpupin command will display vcpu 0 info for other vcpus.
John Ferlan [Mon, 17 Dec 2018 12:07:44 +0000 (07:07 -0500)]
remote: Resolve resource leak
Using a combination of VIR_ALLOC and VIR_STRDUP into a local
variable and then jumping to error on the VIR_STRDUP before
assiging it into the @data would cause a memory leak. Let's
just avoid that by assiging directly into @data.
Signed-off-by: John Ferlan <jferlan@redhat.com> ACKed-by: Michal Privoznik <mprivozn@redhat.com>
John Ferlan [Mon, 17 Dec 2018 12:02:26 +0000 (07:02 -0500)]
tests: Fix possible NULL derefs in virErrorTestMsgs
Add guards to avoid calling strchr when @err_noinfo == NULL or
calling virErrorTestMsgFormatInfoOne when @err_info == NULL as
both would fail with a NULL deref.
Signed-off-by: John Ferlan <jferlan@redhat.com> ACKed-by: Peter Krempa <pkrempa@redhat.com>
logging: ensure pending I/O is drained before reading position
The virtualization driver has two connections to the virtlogd daemon,
one pipe fd for writing to the log file, and one socket fd for making
RPC calls. The typical sequence is to write some data to the pipe fd and
then make an RPC call to determine the current log file offset.
Unfortunately these two operations are not guaranteed to be handling in
order by virtlogd. The event loop for virtlogd may identify an incoming
event on both the pipe fd and socket fd in the same iteration of the
event loop. It is then entirely possible that it will process the socket
fd RPC call before reading the pending log data from the pipe fd.
As a result the virtualization driver will get an outdated log file
offset reported back.
This can be seen with the QEMU driver where, when a guest fails to
start, it will randomly include too much data in the error message it
has fetched from the log file.
The solution is to ensure we have drained all pending data from the pipe
fd before reporting the log file offset. The pipe fd is always in
blocking mode, so cares needs to be taken to avoid blocking. When
draining this is taken care of by using poll(). The extra complication
is that they might already be an event loop dispatch pending on the pipe
fd. If we have just drained the pipe this pending event will be invalid
so must be discarded.
See also https://bugzilla.redhat.com/show_bug.cgi?id=1356108
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
If an editor has an XML file open, it may create a temporary . file. The
existance of this file will cause the virschematest to fail, so just
skip these editor temp files.
Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Jim Fehlig [Fri, 14 Dec 2018 21:44:57 +0000 (14:44 -0700)]
docs: Improve description of <hard_limit>
/domain/memtune/hard_limit provides a way to cap the memory a VM process
can use, including the amount of memory the process can lock. When memory
locking of a VM is requested, <hard_limit> can be used to prevent the
potential host DoS issue mentioned in /domain/memoryBacking/locked
description.
This patch improves the <hard_limit> text by clarifying it can be used
to prevent "host crashing" when VM memory is locked.
The arguments to the N_() macro must only ever be a literal string. It
is not possible to use macro arguments, or use macro string
concatenation in this context. The N_() macro is a no-op whose only
purpose is to act as a marker for xgettext when it extracts translatable
strings from the source code. Anything other than a literal string will
be silently ignored by xgettext.
Unfortunately this means that the clever MSG, MSG2 & MSG_EXISTS macros
used for building up error message strings have prevented any of the
error messages getting marked for translation. We must sadly, revert to
a more explicit listing of strings for now.
Reviewed-by: Jiri Denemark <jdenemar@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Jiri Denemark [Thu, 15 Nov 2018 14:25:46 +0000 (15:25 +0100)]
qemu: Add support for postcopy-requests migration statistics
QEMU can report how many times during post-copy migration the domain
running on the destination host tried to access a page which has not
been migrated yet.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
qemu: use line breaks in command line args written to log
The QEMU command line arguments are very long and currently all written
on a single line to /var/log/libvirt/qemu/$GUEST.log. This introduces
logic to add line breaks after every env variable and "-" optional
argument, and every positional argument. This will create a clearer log
file, which will in turn present better in bug reports when people cut +
paste from the log into a bug comment.
The virCommand APIs do not expect to be given a NULL value for an arg
name or value. Such a mistake can lead to execution of the wrong
command, as the NULL may prematurely terminate the list of args.
Detect this and report suitable error messages.
This identified a flaw in the storage test which was passing a NULL
instead of the volume path. This flaw was then validated by an incorrect
set of qemu-img args as expected data.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
There is a limit on the number of lines in the /proc/<pid>/{g,u}id_map
files. In Linux 4.14 and earlier, this limit was (arbitrarily) set at
5 lines. Since Linux 4.15, which was released on 28 Jan 2018, the limit
is 340 lines.
Peter Krempa [Wed, 5 Dec 2018 13:41:18 +0000 (14:41 +0100)]
util: error: Put error code messages into an array
Simplify adding of new errors by just adding them to the array of
messages rather than having to add conversion code.
Additionally most of the messages add the format string part as a suffix
so we can avoid some of the duplication by using a macro which adds the
suffix to the original string. This way most messages fit into the 80
column limit and only 3 exceed 100 colums.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Erik Skultety <eskultet@redhat.com>
Peter Krempa [Mon, 12 Nov 2018 09:33:01 +0000 (10:33 +0100)]
tests: Add test for virErrorMsg message constraints
Make sure that we don't add any broken error message strings any more.
This ensures that both the version with and without additional info is
populated, the version without info does not have any formatting
modifiers and the version with info has exactly one.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Peter Krempa [Thu, 13 Dec 2018 11:32:29 +0000 (12:32 +0100)]
util: error: Reword some unused error messages
Simplify wording of the error string for VIR_ERR_OPEN_FAILED and
VIR_ERR_CALL_FAILED. The error codes itself are currently unused so it
will not impact any client.
This will simplify upcomming patch which refactors how we convert these.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Peter Krempa [Mon, 12 Nov 2018 15:00:03 +0000 (16:00 +0100)]
util: error: Add error message versions with info for some error codes
Few error codes were missing the version of the message with additional
info. In case of the modified messages it's not very likely they'll ever
report any additional data, but for the sake of consistency we should
provide them.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Peter Krempa [Mon, 12 Nov 2018 14:30:21 +0000 (15:30 +0100)]
util: error: Fix error message strings to play well with additional info
Additional information for an error message is either in form of a
string or empty. Fix two offenders. One used %d as the format modifier
and the second one always expected a string.
Thankfully, neither of the offenders are currently in effect.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Erik Skultety [Fri, 14 Dec 2018 08:52:40 +0000 (09:52 +0100)]
remote: Fix the build by explicitly casting the obj pointer for xdr_free
For some reason, xdr_free uses char * instead of void * for its 2nd
argument which is passed to a custom free routine. Commit dc54b3ec missed this detail which made the build fail on a number of
platforms. Fix it by explicitly casting the object pointer to char *
just like we do in other places throughout the code base.
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Pavel Hrdina [Tue, 11 Dec 2018 09:35:20 +0000 (17:35 +0800)]
vircgroupv2: fix virCgroupV2ValidateMachineGroup
When libvirt is reconnecting to running domain that uses cgroup v2
the QEMU process reports cgroup for the emulator directory because the
main thread is in that cgroup. We need to remove the "/emulator" part
in order to match with the root cgroup directory name for that domain.
Pavel Hrdina [Mon, 10 Dec 2018 08:51:14 +0000 (16:51 +0800)]
vircgroup: introduce virCgroupKillRecursiveCB
The rewrite to support cgroup v2 missed this function. In cgroup v2
we have different files to track tasks.
We would fail to remove cgroup on non-systemd OSes if there is any
extra process assigned to guest cgroup because we would not kill any
process form the guest cgroup.
John Ferlan [Thu, 13 Dec 2018 16:11:18 +0000 (11:11 -0500)]
storage: Fix build issue with MOUNT and VGCHANGE commands
Turns out there some build platforms that must not define MOUNT
or VGCHANGE in config.h... So moving the commands from the storage
backend specific module into a common storage_util module causes
issues for those platforms.
So instead of assuming they are there, let's just pass the command
string to the storage util API's from the storage backend specific
code (as would have been successful before). Also modify the test
to determine whether the MOUNT and/or VGCHANGE doesn't exist and
just define it to (for example) what Fedora has for the path. Could
have just used "mount" and "vgchange" in the call, but that defeats
the purpose of adding the call to virTestClearCommandPath.
remote: check & report OOM in make_nonnull_XXX methods
The make_nonnull_XXX methods can all fail due to OOM but this was being
silently ignored and thus also not checked by callers. Make the methods
propagate errors and use ATTRIBUTE_RETURN_CHECK to force callers to deal
with it.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Remove all Author(s): lines from source file headers
In many files there are header comments that contain an Author:
statement, supposedly reflecting who originally wrote the code.
In a large collaborative project like libvirt, any non-trivial
file will have been modified by a large number of different
contributors. IOW, the Author: comments are quickly out of date,
omitting people who have made significant contribitions.
In some places Author: lines have been added despite the person
merely being responsible for creating the file by moving existing
code out of another file. IOW, the Author: lines give an incorrect
record of authorship.
With this all in mind, the comments are useless as a means to identify
who to talk to about code in a particular file. Contributors will always
be better off using 'git log' and 'git blame' if they need to find the
author of a particular bit of code.
This commit thus deletes all Author: comments from the source and adds
a rule to prevent them reappearing.
The Copyright headers are similarly misleading and inaccurate, however,
we cannot delete these as they have legal meaning, despite being largely
inaccurate. In addition only the copyright holder is permitted to change
their respective copyright statement.
Reviewed-by: Erik Skultety <eskultet@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
John Ferlan [Mon, 12 Nov 2018 19:58:09 +0000 (14:58 -0500)]
qemu: Add check for whether KVM nesting is enabled
Support for nested KVM is handled via a kernel module configuration
parameters values for kvm_intel, kvm_amd, kvm_hv (PPC), or kvm (s390).
While it's possible to fetch the kmod config values via virKModConfig,
unfortunately that is the static value and we need to get the
current/dynamic value from the kernel file system.
So this patch adds a new API virHostKVMSupportsNesting that will
search the 3 kernel modules to get the nesting value and check if
it is 'Y' (or 'y' just in case) to return a true/false whether
the KVM kernel supports nesting.
We need to do this in order to handle cases where adjustments to
the value are made after libvirtd is started to force a refetch of
the latest QEMU capabilities since the correct CPU settings need
to be made for a guest to add the "vmx=on" to/for the guest config.
Signed-off-by: John Ferlan <jferlan@redhat.com> ACKed-by: Michal Privoznik <mprivozn@redhat.com>
If virSecretGetSecretString is using by secretLookupByUUID,
then it's possible the found sec->usageType doesn't match the
desired @secretUsageType. If this occurs for the encrypted
volume creation processing and a subsequent pool refresh is
executed, then the secret used to create the volume will not
be found by the storageBackendLoadDefaultSecrets which expects
to find secrets by VIR_SECRET_USAGE_TYPE_VOLUME.
Add a check to virSecretGetSecretString to avoid the possibility
along with an error indicating the incorrect matched types.
Signed-off-by: John Ferlan <jferlan@redhat.com> ACKed-by: Michal Privoznik <mprivozn@redhat.com>
Let's create helpers for each style of command line created. This
primarily is easier on the eyes rather than the large multi line
if-then-else-else clause used, but may also be useful if in the
future any particular pool needs to add to the command line based
on pool xml format.
Signed-off-by: John Ferlan <jferlan@redhat.com> ACKed-by: Michal Privoznik <mprivozn@redhat.com>
John Ferlan [Tue, 4 Dec 2018 15:20:59 +0000 (10:20 -0500)]
tests: Add storagepool xml test for netfs-auto
Cover the case where @netauto would be used to create the command
line in virStorageBackendFileSystemMountCmd. Essentially when the
pool type is "netfs", but the "source.format" is empty, create the
command line properly.
Signed-off-by: John Ferlan <jferlan@redhat.com> ACKed-by: Michal Privoznik <mprivozn@redhat.com>
John Ferlan [Tue, 4 Dec 2018 11:28:34 +0000 (06:28 -0500)]
storage: Extract out mount command creation for FS Backend
Extract out the code that is used to create the MOUNT command
for starting the pool. We can use this for Storage Pool XML
to Argv testing to ensure code changes don't alter how a
storage pool is started.
Signed-off-by: John Ferlan <jferlan@redhat.com> ACKed-by: Michal Privoznik <mprivozn@redhat.com>
There are two ways to request memory preallocation on cmd line:
-mem-prealloc and .prealloc attribute for a memory-backend-file.
However, as it turns out it's not safe to use both at the same
time. If -mem-prealloc is used then qemu will fully allocate the
memory (this is done by actually touching every page that has
been allocated). Then, if .prealloc=yes is specified,
mbind(flags = MPOL_MF_STRICT | MPOL_MF_MOVE) is called which:
a) has to (possibly) move the memory to a different NUMA node,
b) can have no effect when hugepages are in play (thus ignoring user
request to place memory on desired NUMA nodes).
Prefer -mem-prealloc as it is more backward compatible
compared to switching to "-numa node,memdev= + -object
memory-backend-file".
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
qemuBuildMemoryBackendProps: Pass @priv instead of its individual members
So far we have two arguments that we are passing to
qemuBuildMemoryBackendProps() and that are taken from domain
private data: @qemuCaps and @autoNodeset. In the next commit I
will use one more item from there. Therefore, instead of having
it as yet another argument to the function, pass pointer to the
private data object.
There is one change in qemuDomainAttachMemory() where previously
@autoNodeset was NULL but now is priv->autoNodeset (which may be
set). This is safe to do as @autoNodeset is advisory only.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Add a check during virDomainDefCompatibleDevice whether the
domain supports cold/hotplug of a memory module even though
this duplicates the qemuDomainDefValidateMemoryHotplug check.
Without this check, the cold/hot plug would fail on the
subsequent mem_memory check (since it's 0). Adding a check
for max_memory > 0 would allow the subsequent hotplug check
to fail, but would cause coldplug to fail with the somewhat
opaque message "no free memory device slot available".
Signed-off-by: John Ferlan <jferlan@redhat.com> ACKed-by: Michal Privoznik <mprivozn@redhat.com>
John Ferlan [Fri, 7 Dec 2018 16:07:32 +0000 (11:07 -0500)]
conf: Add the size of failed max_memory in error
If virDomainDefCompatibleDevice fails because there is insufficient
domain def->mem.max_memory, then let's also print out that value in
the error message.
Signed-off-by: John Ferlan <jferlan@redhat.com> ACKed-by: Michal Privoznik <mprivozn@redhat.com>
Erik Skultety [Fri, 7 Dec 2018 13:53:46 +0000 (14:53 +0100)]
conf: domain: gfx: Iterate over graphics devices when doing validation
The QEMU validation code for graphics has been in place for a while, but
because it is only executed from virDomainDeviceInfoIterateInternal, it
was never run, since the iterator expects the device to have boot info
which graphics don't have. The unfortunate side effect of this whole mess
was that a few capabilities were missing from the test suite (as commit d8266ebe1 demonstrated with graphics-spice-invalid-egl-headless test),
which in turn meant that a few graphics tests which expected a failure
happily accepted any failure the test runtime returned which made them
succeed. The impact of this was that we then allowed to start a domain
with multiple OpenGL-enabled graphics devices.
This patch enables iteration over graphics devices. Unsurprisingly,
a few tests started to fail as a result, so fix those too.
Signed-off-by: Erik Skultety <eskultet@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Erik Skultety [Fri, 7 Dec 2018 12:13:58 +0000 (13:13 +0100)]
tests: Introduce negative versions of DO_TEST_CAPS_LATEST
It's fairly easy to forget to add a capability to the list of
capabilities for a negative test case which might yield (for us) very
unfortunate results. Therefore, introduce negative versions of
DO_TEST_CAPS_LATEST macros, so that real QEMU caps can be used with
tests that expect a failure too.
Signed-off-by: Erik Skultety <eskultet@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Validation of domain devices is accomplished via a generic device
iterator which takes a callback, iterates over all kinds of supported
device types and invokes the callback on every single device. However,
there might be cases when we need to alter the behaviour of the
iteration (most notably skip or include a group of devices). Therefore,
this patch introduces iterator flags.
Signed-off-by: Erik Skultety <eskultet@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Julio Faracco [Fri, 30 Nov 2018 12:43:37 +0000 (20:43 +0800)]
tests: Adding test case to include multiple network definitions.
This commit includes a test case for multiple network definitions. It is
useful right now, but it will be more useful when the index used by LXC
version 3.X is implemented to support this new settings. The version 3.X
is using indexes to specify each network settings.
Signed-off-by: Julio Faracco <jcfaracco@gmail.com> ACKed-by: Michal Privoznik <mprivozn@redhat.com>
Julio Faracco [Fri, 30 Nov 2018 12:43:36 +0000 (20:43 +0800)]
lxc: Initializing IPv6 and IPv4 gateway to overwrite old settings.
This commit fixes a bug when you have multiple network settings defined.
Basically, if you set an IPv6 or IPv4 gateway, it carries on next
network settings. It is happening because the data is not being
initialized when a new network type is defined. So, the old data still
persists into the pointer. Another way to initialized the data was
introduced using memset() to avoid missing attributes from the struct.
Signed-off-by: Julio Faracco <jcfaracco@gmail.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
tools: relax x509 Subject regexes to allow numbers and more
The virt-pki-validate tool is extracting components in the x509
certificate Subject field. Unfortunately the regex it is is using is far
too strict, and so truncating valid data. It needs to consider ',' as a
field separator, and if that's not there take all data until the EOL.
With the broken regex:
$ echo " Subject: O=Test,CN=guestHyp1ver" | sed 's+.*CN=\(.[a-zA-Z \._-]*\).*+\1+'
guestHyp
And with the fixed regex
$ echo "Subject: O=Test,CN=guestHyp1ver" | sed 's+.*CN=\([^,]*\).*+\1+'
guestHyp1ver
Reported-by: Kashyap Chamarthy <kchamart@redhat.com> Reviewed-by: Kashyap Chamarthy <kchamart@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Erik Skultety [Thu, 6 Dec 2018 15:12:14 +0000 (16:12 +0100)]
domain: conf: graphics: Fix picking DRI renderer automatically for SPICE
Commit 255e0732 introduced a few graphics-related helpers. The problem
is that virDomainGraphicsNeedsAutoRenderNode returns true if it gets
NULL as a response from virDomainGraphicsNeedsAutoRenderNode. That's
okay for egl-headless because that one always needs a DRM render node,
the same is not true for SPICE though, and unless the XML specifies
<gl enable='yes'> for SPICE, there's no need for any renderer.
Signed-off-by: Erik Skultety <eskultet@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Disable external snapshot of a readonly disk for domains as
this operation is not very useful. Such a snapshot is not
possible for active domains but the error message from QEMU
is more cryptic:
error: internal error: unable to execute QEMU command 'transaction':
Could not create file: Permission denied
This error at least makes the error more understandable for
active domains and disallows for inactive domains as well.
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
If domain is killed with `xl destroy`, libvirt will not notice it and
still report the domain as running. Also trying to destroy the domain
through libvirt will fail. The only way to recover from such a situation
is to restart libvirt daemon. The problem is that even though libxl
report LIBXL_EVENT_TYPE_DOMAIN_DEATH, libvirt ignore it as all the
domain cleanup is done in a function actually destroying the domain. If
destroy is done outside of libvirt, there is no place where it would be
handled.
Fix this by doing domain cleanup in LIBXL_EVENT_TYPE_DOMAIN_DEATH too.
To avoid doing it twice, add a ignoreDeathEvent flag
libxlDomainObjPrivate, set when the domain death is triggered by libvirt
itself.
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Reviewed-by: Jim Fehlig <jfehlig@suse.com>
Laine Stump [Thu, 6 Dec 2018 14:59:59 +0000 (09:59 -0500)]
lxc: don't forbid <interface type='direct'>
Commit 017dfa27d changed a few switch statements in the LXC code to
have all possible enum values, and in the process changed the switch
statement in virLXCControllerGetNICIndexes() to return an error status
for unsupported interface types, but it erroneously put type='direct'
on the list of unsupported types.
type='direct' (implemented with a macvlan interface) is supported on
LXC, but it's interface shouldn't be placed on the list of interfaces
given to CreateMachineWithNetwork() because the interface is put
inside the container, while CreateMachineWithNetwork() only wants to
know about the parent veths of veth pairs (the parent veth remains on
the host side, while the child veth is put into the container).
Resolves: https://bugzilla.redhat.com/1656463 Signed-off-by: Laine Stump <laine@laine.org> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Laine Stump [Wed, 5 Dec 2018 21:58:08 +0000 (16:58 -0500)]
lxc: check actual type of interface not config type
virLXCControllerGetNICIndexes() was deciding whether or not to add the
ifindex for an interface's ifname to the list of ifindexes sent to
CreateMachineWithNetwork based on the interface type stored in the
config. This would be incorrect in the case of <interface
type='network'> where the network was giving out macvlan interfaces
tied to a physical device (i.e. when the actual interface type was
"direct").
Instead of checking the setting of "net->type", we should be checking
the setting of virDomainNetGetActualType(net).
I don't think this caused any actual misbehavior, it was just
technically wrong.
Signed-off-by: Laine Stump <laine@laine.org> Reviewed-by: Ján Tomko <jtomko@redhat.com>
tests: fix dry run handling in network firewall test
The networkxml2firewalltest sets virCommand to dry run mode but doesn't
provide a callback to fill in stdout/stderr. As a result when the
firewall code queries rules it gets a NULL output and so never triggers
the callback to process output.
This trivial change just returns an empty string for the command output
in order to ensure the callback gets triggered. It has no effect right
now, but in future patches this will trigger greater test coverage.
Reviewed-by: Laine Stump <laine@laine.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Jim Fehlig [Fri, 16 Nov 2018 20:08:23 +0000 (13:08 -0700)]
xenconfig: add support for openvswitch configuration
Add support for converting openvswitch interface configuration
to/from libvirt domXML and xl.cfg(5). The xl config syntax for
virtual interfaces is described in detail in the
xl-network-configuration(5) man page. The Xen Networking wiki
also contains information and examples for using openvswitch
in xl.cfg config format
projects / libvirt.git / log