Ján Tomko [Fri, 14 Jun 2019 07:14:53 +0000 (09:14 +0200)]
api: disallow virDomainManagedSaveDefineXML on read-only connections
The virDomainManagedSaveDefineXML can be used to alter the domain's
config used for managedsave or even execute arbitrary emulator binaries.
Forbid it on read-only connections.
Fixes: CVE-2019-10166 Reported-by: Matthias Gerstner <mgerstner@suse.de> Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Ján Tomko [Fri, 14 Jun 2019 06:47:42 +0000 (08:47 +0200)]
api: disallow virDomainSaveImageGetXMLDesc on read-only connections
The virDomainSaveImageGetXMLDesc API is taking a path parameter,
which can point to any path on the system. This file will then be
read and parsed by libvirtd running with root privileges.
Forbid it on read-only connections.
Fixes: CVE-2019-10161 Reported-by: Matthias Gerstner <mgerstner@suse.de> Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Ján Tomko [Fri, 14 Jun 2019 18:59:32 +0000 (20:59 +0200)]
qemu: also delete qemuProcessAttach
Now that the virDomainQemuAttach API returns an error, we can remove the
unused qemuProcessAttach function as well, deleting the only user
that possibly could have requested to open a non-JSON monitor.
Signed-off-by: Ján Tomko <jtomko@redhat.com> Acked-by: Peter Krempa <pkrempa@redhat.com>
Peter Krempa [Tue, 18 Jun 2019 11:25:20 +0000 (13:25 +0200)]
docs: drvqemu: Clarify caveats of domxml-to-native
Explicitly state that the conversion nowadays produces results which
aren't really usable manually as it requires all the stuff which is
usually prepared by libvirtd.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Fri, 14 Jun 2019 12:56:35 +0000 (14:56 +0200)]
qemu: driver: Remove support for native->XML conversion
This code is really neglected and does not at all work reliably. It
can't even be used for converting our own commandline back.
Since this was mostly useful for aiding migration from manually run qemu
to libvirt and will not work for this puspose in many cases it's not
worth having.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Peter Krempa [Mon, 17 Jun 2019 11:59:31 +0000 (13:59 +0200)]
docs: hvsupport: Add support for deprecating hypervisor implementations
Allow expressing that a hypervisor implementation was deleted by adding
a end-version when the implementation was removed to our hypervisor
support matrix.
This patch hacks the perl script that generates the support matrix to
support comments like:
Ján Tomko [Fri, 14 Jun 2019 18:39:24 +0000 (20:39 +0200)]
tests: assume JSON in qemuMonitorTestIO
The QMP monitor only uses a newline to separate lines,
while HMP and the guest agent also use a carriage return.
In preparation to dropping support for testing HMP interaction,
only skip the carriage return if we're dealing with the guest agent,
removing the need to check the 'json' field.
Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Michal Privoznik [Sat, 15 Jun 2019 07:37:18 +0000 (09:37 +0200)]
virHostdevPrepareSCSIVHostDevices: Simplify logic
Couple of things happening in this patch:
1) We can mark the device we're adding onto active list as used
way before - when adding it onto temporary list.
2) When actually moving device from a temporary helper list onto
the list of active devices we check if the device isn't
already there. The same check is performed by
virSCSIVHostDeviceListAdd() later. Drop this duplicity.
3) The 'error' label is renamed to 'rollback' to reflect what it
is actually doing. While in the rest of the code we don't
allow random label names, this source file is different.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Sat, 15 Jun 2019 07:22:12 +0000 (09:22 +0200)]
virHostdevFindUSBDevice: Simplify flow a bit
When looking up a USB device by vendor the
virUSBDeviceFindByVendor() is used. The function returns number
of items found. But the logic in caller to process it is
needlessly complicated.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Sat, 15 Jun 2019 06:25:33 +0000 (08:25 +0200)]
virHostdevGetPCIHostDeviceList: Add @pci a bit later
This function is a good candidate for VIR_AUTOPTR() conversion.
But this conversion will be easier if we only add @pci device
onto @pcidevs list after it was all set up.
This is no functional change.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Thu, 23 May 2019 09:00:27 +0000 (11:00 +0200)]
qemuProcessLaunch: Return earlier if spawning qemu failed
If spawning qemu fails then we report an error and proceed to
writing status XML onto the disk. This is unnecessary as we are
sure that the domain is not running.
At the same time, if virPidFileReadPath() fails it returns
-errno. Use it in the error message. It may explain what went
wrong.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
We support pcie-to-pci-bridge, and prefer it to
dmi-to-pci-bridge, since libvirt 4.3.0, but we didn't
update all the documentation accordingly at the time.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 10 Apr 2019 12:52:48 +0000 (14:52 +0200)]
qemu: qapi: Implement support for 'features'
Starting from version 4.1 qemu allows reporting 'features' for a given
QAPI type object. This allows reporting support of fixes and additions
which are otherwise invisible in the QAPI schema.
Implement a possibility to query 'features' in the QAPI query strings.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Peter Krempa [Thu, 20 Jun 2019 05:47:43 +0000 (07:47 +0200)]
tests: qemucaps: Update 4.1.0 capabilities to a more recent version
Update the capabilities from a non-upstream version (9c70209b63 is not
in qemu.git) to qemu upstream commit 33d6099906 (2019/06/18) so that we
get the QMP schema 'features' field support and are able to detect that
the 'file' block backend supports dynamic auto-read-only.
Note that I've rebuilt this on a machine with a more modern kernel and
microcode which exposes e.g. the recent CPU bug mitigations, thus I
opted to keep the CPU changes rather than trying to do a franken-caps
by updating only the output of query-qmp-schema.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
When updating guest CPU definition according to the vCPU actually
created by QEMU, we want to use the generic qemuMonitorGetGuestCPU to
get both CPUID and MSR features.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Jiri Denemark [Mon, 17 Jun 2019 21:36:53 +0000 (23:36 +0200)]
qemu: Introduce generic qemuMonitorGetGuestCPU
Unlike the old version (which is now called qemuMonitorGetGuestCPUx86),
this monitor API checks for individual features by their names rather
than processing CPUID bits. Thus we can get the list of enabled and
disabled features for both CPUID and MSR features.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Jiri Denemark [Mon, 17 Jun 2019 19:51:20 +0000 (21:51 +0200)]
qemu: Add type filter to qemuMonitorJSONParsePropsList
The function converts a list of QOM properties into a NULL-terminated
array of property names. The new type parameter may be used to limit the
result to properties of a specific type.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Jiri Denemark [Mon, 17 Jun 2019 14:56:32 +0000 (16:56 +0200)]
qemu: Make qemuMonitorGetGuestCPU usable on x86 only
It was never implemented or used for anything else anyway. Mainly
because it uses CPUID features bits. The function is renamed as
qemuMonitorGetGuestCPUx86 to make this explicit.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Jiri Denemark [Wed, 12 Jun 2019 11:54:27 +0000 (13:54 +0200)]
qemu: Don't use full CPU model expansion
We used type=full expansion on the result of previous type=static
expansion to get all possible spellings of CPU features. Since we can
now translate the QEMU's canonical names to our names, we can drop this
magic and do only type=static CPU model expansion.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Jiri Denemark [Mon, 17 Jun 2019 11:54:53 +0000 (13:54 +0200)]
qemu: Translate feature names from query-cpu-model-expansion
By default query-cpu-model-expansion only reports canonical names of all
CPU features. We do some magic and call the command twice to get all
possible spellings of the features, but being able to consume canonical
names will allow us to drop this magic.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Jiri Denemark [Fri, 7 Jun 2019 13:00:28 +0000 (15:00 +0200)]
qemu_command: Use canonical names of CPU features
When building QEMU command line, we should use the preferred spelling of
each CPU feature without relying on compatibility aliases (which may be
removed at some point).
The "unavailable-features" CPU property is used as a witness for the
correct names of the features in our translation table.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Jiri Denemark [Mon, 10 Jun 2019 14:49:22 +0000 (16:49 +0200)]
qemu: Probe for "unavailable-features" CPU property
It is similar to "filtered-features" property, which reports CPUID bits
corresponding to disabled features, but more general. The
"unavailable-features" property supports both CPUID and MSR features by
listing their names.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Jiri Denemark [Thu, 6 Jun 2019 07:27:18 +0000 (09:27 +0200)]
qemu: Add APIs for translating CPU features
So far we always used libvirt's name of each CPU feature relying on
backward compatible aliases in QEMU. The new translation table can be
used whenever QEMU mandates or prefers canonical feature names.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Jiri Denemark [Tue, 11 Jun 2019 14:44:36 +0000 (16:44 +0200)]
qemuxml2argvtest: Add 4.0.0 cases for kvm features tests
Newer QEMU will translate the feature names to their canonical names so
4.0.0 is the last one which produces the results we currently have in
*-latest.args.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Jiri Denemark [Wed, 12 Jun 2019 10:08:06 +0000 (12:08 +0200)]
qemuxml2argvtest: Switch some tests to DO_TEST_CAPS_*
These test check all kvm CPU features that could be passed to the -cpu
option by libvirt.
The 2.7.0 version is the last one for which we use +|-feature syntax for
CPU features, while feature=on|off is used with newer versions. This
is visible in the following patch which changes only the *-latest.args
files.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Jiri Denemark [Thu, 6 Jun 2019 12:51:14 +0000 (14:51 +0200)]
qemu: Filter CPU features in active XML
Properly filter features which should not be passed to QEMU because they
were never supported by QEMU or they did nothing and QEMU dropped them.
Currently they are just silently ignored by the command line generator.
Let's make this process more visible and clean by dropping the features
from the domain's active definition in qemuProcessUpdateGuestCPU.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Jiri Denemark [Thu, 6 Jun 2019 12:39:52 +0000 (14:39 +0200)]
qemu: Drop qemuFeatureNoEffect
We already have virQEMUCapsCPUFilterFeatures for filtering features
which QEMU does not know about. Let's move osxsave and ospke from
qemuFeatureNoEffect there.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
projects / libvirt.git / log