Peter Krempa [Fri, 1 Jun 2018 15:21:02 +0000 (17:21 +0200)]
qemu: hotplug: Fix TLS setup on disk hotplug
We need to check if TLS is enabled as the variable is a tristate.
Currently we'd setup TLS even if it was explicitly turned off.
Thankfully TLS for disks was only used with the vxhs protocol so hardly
anybody would ever be able to hit the problem.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Peter Krempa [Thu, 31 May 2018 12:10:47 +0000 (14:10 +0200)]
util: storage: remove virStorageSource->tlsVerify
Disks are client-only so we don't need to have this variable. We also
always pass false for 'isListen' to qemuBuildTLSx509BackendProps for all
disk-related code-paths so the 'tlsVerify' is ignored anyways.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 22 May 2018 05:38:22 +0000 (07:38 +0200)]
qemu: hotplug: Refactor tls-credential props formatting to qemuMonitorCreateObjectProps
Note that it's okay to pass NULL to qemuDomainDelTLSObjects in
qemuDomainAddTLSObjects as the tls-creds-x509 object was either not
created or qemu crashed.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Thu, 17 May 2018 14:43:58 +0000 (16:43 +0200)]
qemu: monitor: Add better APIs for adding of objects to qemu
Use the new monitor command internal API to allow wrapping of the object
name and alias into the JSON props so that they don't have to be passed
out of band.
The new API also takes a double pointer so that it can be cleared when
the value is consumed so that it does not need to happen in every single
caller.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 29 May 2018 16:04:42 +0000 (18:04 +0200)]
qemu: command: Don't generate alias for TLS private key password secret
qemuBuildTLSx509CommandLine has no business guessing which alias should
be used. The alias needs to be passed in.
Note that there's a lingering bad design of this, since the secret
object alias is based on the device name and not on the fact that the
secret is used for decrypting of the TLS private key. If we ever add
authentication for chardevs this will bite us.
Thankfully disk code does not support encrypted private keys for TLS so
it can be happily refactored there.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 30 May 2018 10:48:34 +0000 (12:48 +0200)]
qemu: domain: Process only one object in qemuDomainPrepareDiskSourceTLS
Remove the loop from qemuDomainPrepareDiskSourceTLS and rename it to
qemuDomainPrepareStorageSourceTLS. Currently there is no backing chain
to prepare so fixing one device is equivalent. In the future it will be
reused in a function which will do the looping.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 29 May 2018 14:38:50 +0000 (16:38 +0200)]
qemu: domain: aggregate setup of disk drive options for -drive
When using blockdev the approach to base aliases will change. Add a
helper function that will aggregate all code which needs to be called
with the disk alias for the -drive to setup internal data.
qemuDomainSecretDiskPrepare wrapper is no longer necessary as the
contents were moved to a function which is designed to use the old
aliases.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 29 May 2018 15:05:05 +0000 (17:05 +0200)]
qemu: domain: don't loop through images in qemuDomainPrepareDiskSourceChain
Convert the function to just prepare data for the disk. Callers need to
do the looping since there's more to do than just copy the data around.
The code path in qemuDomainPrepareDiskSource doesn't need to loop over
the chain yet, since there currently is no chain at this point. This
will be addressed later in the blockdev series where we will setup much
more stuff.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 29 May 2018 14:52:17 +0000 (16:52 +0200)]
qemu: domain: Properly setup data relevant for top disk image
qemuDomainPrepareDiskSourceChain should set up the disk zero detection
mode only for the top level image. Since it's invoked also for the
middle of the chain we need to check that it's really only the top level
image.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 30 May 2018 10:18:37 +0000 (12:18 +0200)]
qemu: domain: Regenerate alias for the TLS x509 credential object
When restarting libvirt would previously lose the alias of the x509
certificate object. Upon unplug we would then not delete the
corresponding objects.
Restore the alias if we know it should be there.
Luckily for disks we don't support encrypted TLS environment, so there's
no need to regenerate the 'secret' alias for decryption.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 30 May 2018 10:03:41 +0000 (12:03 +0200)]
qemu: domain: Store and restore TLS object alias of a disk
Libvirt uses the stored alias to detach the TLS x509 object on disk
unplug. As the alias was not stored, the object would not be detached
if unplugging disks after libvirtd restart.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Mon, 28 May 2018 13:15:16 +0000 (15:15 +0200)]
qemu: hotplug: Don't try to infer secret object alias/presence
Now that we remember the alias we've used to attach the secret objects
we should reuse them rather than trying to infer them from the disk
configuration.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Thu, 24 May 2018 16:24:13 +0000 (18:24 +0200)]
qemu: domain: Regenerate auth/enc secret aliases when restoring status XML
Previously we did not store the aliases but rather re-generated them
when unplug was necessary. This is very cumbersome since the knowledge
when and which alias to use needs to be stored in the hotplug code as
well.
While this patch will not strictly improve this situation since there
still will be two places containing this code it at least will allow to
remove the mess from the disk-unplug code and will prevent introducing
more mess when adding blockdev support.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Mon, 28 May 2018 13:17:01 +0000 (15:17 +0200)]
qemu: domain: Add helpers for partially clearing qemuDomainSecretInfoPtr
It's desired to keep the alias around to allow referencing of the secret
object used with qemu. Add set of APIs which will destroy all data
except the alias.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 22 May 2018 15:14:10 +0000 (17:14 +0200)]
qemu: domain: Add new function to set up encrypted secrets only
Some code paths can't use the unencrypted secret. Add a helper which
checks and sets up an encrypted secret only and reuse it when setting up
the secret to decrypt the TLS private key in qemuDomainSecretInfoTLSNew.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 22 May 2018 11:08:19 +0000 (13:08 +0200)]
qemu: domain: Rename and fix docs for qemuDomainSecretInfoNew
Rename it to qemuDomainSecretInfoNewPlain and annotate that it also may
set up a 'plain' secret in some cases. This will eventually be
refactored further.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 22 May 2018 07:03:02 +0000 (09:03 +0200)]
qemu: domain: Reuse code when preparing hostdev auth secrets
Use qemuDomainSecretStorageSourcePrepare in
qemuDomainSecretHostdevPrepare as it uses a virStorageSource to prepare
the authentication secret object data.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 23 May 2018 14:00:33 +0000 (16:00 +0200)]
tests: qemuxml2argv: Verify that disk secret alias is correct with user-aliases
Change the disk encryption type to qcow2+luks so that the appropriate
secret objects are generated. This tests that the proper alias is used
for the passphrase secret object.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Ján Tomko [Wed, 30 May 2018 10:52:51 +0000 (12:52 +0200)]
qemu: Add prefix for vsock vhostfd
Alter qemuBuildVsockDevStr to allow passing a prefix for
the vhostfd file descriptor name. Domain startup uses
the numeric value of fd without a prefix, but hotplug
will need to use a prefix because passed file descriptor
names cannot start with a number.
Jim Fehlig [Wed, 23 May 2018 21:09:45 +0000 (15:09 -0600)]
tests: xmconfigtest: add tests for cmdline formating
Commit 656151bf fixed formatting of the <cmdline> element. Perhaps it
would have been noticed and fixed earlier if we had a test. With this
change, all possible cases of formatting <cmdline> from xmconfig are
covered
1. no 'extra=' or 'root=' in xm.cfg
2. 'extra=' but no 'root=' in xm.cfg
3. 'root=' but no 'extra=' in xm.cfg
4. both 'root=' and 'extra=' in xm.cfg
Case 1 is covered by all existing paravirt tests since they have no
'extra=' or 'root='. Case 2 is covered by adding 'extra=' to a few
of the existing paravirt tests. Cases 3 and 4 are covered by new
tests that only test conversion of xm.cfg to xml.
Signed-off-by: Jim Fehlig <jfehlig@suse.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Jim Fehlig [Thu, 31 May 2018 21:41:37 +0000 (15:41 -0600)]
libxl: fix leaking logfile fds
Per-domain log files were introduced in commit a30b08b7179. The FILE
objects associated with these log files are stored in a hash table
using domid as a key. When a domain is shutdown, destroyed, or
otherwise powered-off, the FILE object is removed from the hash table,
where the free function will close the FILE.
Unfortunately the call to remove the FILE from the hash table occurs
after setting domid=-1 in the libxlDomainCleanup() function. The
object is never removed from the hash table, the free function is
never called, and the underlying fd is leaked. Fix by removing the
FILE object from the hash table before setting domid=-1.
Signed-off-by: Jim Fehlig <jfehlig@suse.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Jiri Denemark [Fri, 1 Jun 2018 08:32:49 +0000 (10:32 +0200)]
qemu: Fix reporting completed migration stats on destination
This has been broken since commit v4.0.0-165-g93412bb827 which added
jobInfo->statsType enum to distinguish various statistics types. During
migration the type will always be QEMU_DOMAIN_JOB_STATS_TYPE_MIGRATION,
however the destination code consuming the statistics data from
migration cookie failed to properly set the type. So even though
everything was filled in, the type remained *_NONE and any attempt to
fetch the statistics data of a completed migration on the destination
host failed.
Ján Tomko [Fri, 1 Jun 2018 11:22:56 +0000 (13:22 +0200)]
conf: rename <vsock><source> to <vsock><cid>
To avoid the <source> vs. <target> confusion,
change <source auto='no' cid='3'/> to:
<cid auto='no' address='3'/>
Signed-off-by: Ján Tomko <jtomko@redhat.com> Suggested-by: Daniel P. Berrangé <berrange@redhat.com> Acked-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Peter Krempa [Thu, 31 May 2018 13:18:20 +0000 (15:18 +0200)]
qemu: hotplug: Fix detach of disk with managed persistent reservations
In commit 8bebb2b735d I've refactored how the detach of disk with a
managed persistent reservations object is handled. After the commit if
any disk with a managed PR object would be removed libvirt would also
attempt to remove the shared 'pr-manager-helper' object potentially used
by other disks.
Thankfully this should not have practical impact as qemu should reject
deletion of the object if it was still used and the rest of the code is
correct.
Fix this by removing the disk from the definition earlier and checking
if the shared/managed pr-manager-helper object is still needed.
This basically splits the detach code for the managed PR object from the
unmanaged ones. The same separation will follow for the attachment code
as well as it greatly simplifies -blockdev support for this.
Michal Privoznik [Thu, 31 May 2018 10:00:41 +0000 (12:00 +0200)]
testUpdateQEMUCaps: Don't leak host cpuData
When preparing qemuCaps for test cases the following is
happening:
qemuTestParseCapabilitiesArch() is called, which calls
virQEMUCapsLoadCache() which in turn calls
virQEMUCapsInitHostCPUModel() which sets qemuCaps->kvmCPU and
qemuCaps->tcgCPU.
But then the code tries to update the capabilities:
testCompareXMLToArgv() calls testUpdateQEMUCaps() which calls
virQEMUCapsInitHostCPUModel() again overwriting previously
allocated memory. The solution is to free host cpuData in
testUpdateQEMUCaps().
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Michal Privoznik [Wed, 30 May 2018 15:51:59 +0000 (17:51 +0200)]
qemuxml2argvtest: Don't initialize qemuCaps twice
There's no point in calling testInitQEMUCaps() (which sets
info.qemuCaps) only to overwrite (and leak) it on the very next
line.
==12962== 296 (208 direct, 88 indirect) bytes in 1 blocks are definitely lost in loss record 265 of 331
==12962== at 0x4C2CF26: calloc (vg_replace_malloc.c:711)
==12962== by 0x5D28D9F: virAllocVar (viralloc.c:560)
==12962== by 0x5D96AB4: virObjectNew (virobject.c:239)
==12962== by 0x56DB7C7: virQEMUCapsNew (qemu_capabilities.c:1480)
==12962== by 0x112A5B: testInitQEMUCaps (qemuxml2argvtest.c:361)
==12962== by 0x1371C8: mymain (qemuxml2argvtest.c:2871)
==12962== by 0x13AD0B: virTestMain (testutils.c:1120)
==12962== by 0x1372FD: main (qemuxml2argvtest.c:2883)
Removing the function call renders @gic argument unused therefore
it's removed from the macro (and all its callers).
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Michal Privoznik [Wed, 30 May 2018 15:50:30 +0000 (17:50 +0200)]
virDomainDefParseXML: Free @tmp when parsing genid
We need to free return value of virXPathString().
==12962== 37 bytes in 1 blocks are definitely lost in loss record 156 of 331
==12962== at 0x4C2AF0F: malloc (vg_replace_malloc.c:299)
==12962== by 0x91E8439: strdup (in /lib64/libc-2.25.so)
==12962== by 0x5DBD551: virStrdup (virstring.c:977)
==12962== by 0x5DD3E5E: virXPathString (virxml.c:84)
==12962== by 0x5E178AB: virDomainDefParseXML (domain_conf.c:19110)
==12962== by 0x5E1E985: virDomainDefParseNode (domain_conf.c:20885)
==12962== by 0x5E1E7CB: virDomainDefParse (domain_conf.c:20827)
==12962== by 0x5E1E871: virDomainDefParseFile (domain_conf.c:20853)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Ján Tomko [Mon, 28 May 2018 07:05:29 +0000 (09:05 +0200)]
tests: initialize some variables
Found by cppcheck:
[tests/metadatatest.c:284]: (error) Uninitialized variable: test
[tests/objecteventtest.c:855]: (error) Uninitialized variable: test
Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Jiri Denemark [Tue, 29 May 2018 20:30:33 +0000 (22:30 +0200)]
spec: Fix permissions of nwfilter XMLs
The nwfilter XMLs in /etc are defined as %ghost in the spec file, which
means rpm will not install them, but it will record its existence and
permissions in the database. During installation the files are copied in
a %post scriptlet from /usr/share/libvirt/nwfilter, but once libvirtd is
restarted, it will rewrite the files to add generated UUIDs.
While RPM recorded 644 mode for the XMLs, libvirt saves them with 600
and thus any future attempt to verify the libvirt-daemon-config-nwfilter
package would fail. We need to tell RPM the ghost files are supposed to
have 600 permissions.
Similar to the the Logical backend, use qemu-img on the created
disk partition device to set up for LUKS encryption. Secret mgmt
for the device can be complicated by a reboot possibly changing
the path to the device if the infrastructure changes.
Signed-off-by: John Ferlan <jferlan@redhat.com> ACKed-by: Peter Krempa <pkrempa@redhat.com>
Ján Tomko [Tue, 22 May 2018 13:57:47 +0000 (15:57 +0200)]
qemu: add support for vhost-vsock-pci
Create a new vsock endpoint by opening /dev/vhost-vsock,
set the requested CID via ioctl (or assign a free one if auto='yes'),
pass the file descriptor to QEMU and build the command line.
https://bugzilla.redhat.com/show_bug.cgi?id=1291851 Signed-off-by: Ján Tomko <jtomko@redhat.com>
Ján Tomko [Tue, 22 May 2018 13:52:52 +0000 (15:52 +0200)]
util: create virvsock.c
A file for vsock-related helper functions.
virVsockSetGuestCid to set an already-known CID,
virVsockAcquireGuestCid that will use the first available CID
Ján Tomko [Tue, 22 May 2018 09:21:15 +0000 (11:21 +0200)]
conf: introduce <vsock> element
Add a new 'vsock' element for the vsock device.
The 'model' attribute is optional.
A <source cid> subelement should be used to specify the guest cid,
or <source auto='yes'/> should be used.
John Ferlan [Thu, 24 May 2018 19:38:18 +0000 (15:38 -0400)]
storage: Remove rwlocks during virStoragePoolObjListForEach
Remove the locks since they are unnecessary and would cause
a hang for a driver reload/restart when a transient pool was
previously active as a result of the call:
virStoragePoolUpdateInactive:
...
if (!virStoragePoolObjGetConfigFile(obj)) {
virStoragePoolObjRemove(driver->pools, obj);
...
Peter Krempa [Mon, 28 May 2018 09:36:47 +0000 (11:36 +0200)]
qemu: domain: Pass 'qemuCaps' to post parse callbacks when parsing status XML
When status XML was parsed the post-parse callbacks could not access
qemu caps and potentially upgrade the definition according to the
present caps. Implement the callback to pass it in.
Peter Krempa [Mon, 28 May 2018 09:36:46 +0000 (11:36 +0200)]
conf: domain: Allow passing in 'parseOpaque' for post-parse of status XML
The status XML parser function virDomainObjParseXML could not pass in
parseOpaque into the post parse callbacks. Add a callback which will
allow hypervisor drivers to fill it from the 'virDomainObj' data.
Peter Krempa [Mon, 28 May 2018 09:36:45 +0000 (11:36 +0200)]
conf: domain: Invoke post-parse callbacks after parsing private XML parts
When parsing status XML the post-parse callbacks can't access any
private data present in the status XML as the private bits were parsed
after invoking post-parse callbacks.
Move the invocation so that everything is parsed first.
Ján Tomko [Mon, 28 May 2018 12:31:50 +0000 (14:31 +0200)]
conf: introduce virDomainDefBootOrderPostParse
Move the check for boot elements into a separate function
and remove its dependency on the parser-supplied bootHash table.
Reconstructing the hash table from the domain definition
effectively duplicates the check for duplicate boot order
values, also present in virDomainDeviceBootParseXML.
Now it will also be run on domains created by other means than XML
parsing, since it will be run even for code paths that did not supply
the bootHash table before.
Ján Tomko [Mon, 28 May 2018 13:16:16 +0000 (15:16 +0200)]
vmx: add VIR_DOMAIN_DEF_FEATURE_NO_BOOT_ORDER
Further patches will introduce validation and a default setting
of def->os.bootDevs in postParse.
Introduce a feature flag to opt out of this and set it in the vmx
driver, otherwise we would be adding it <boot dev='hd'/> into every
vmx config despite having no way to change it.
projects / libvirt.git / log