Andrea Bolognani [Mon, 20 Feb 2017 14:56:18 +0000 (15:56 +0100)]
conf: Remove dead code
The switch in virDomainPCIControllerModelToConnectType()
had some code that, while techically part of the
_PCIE_SWITCH_DOWNSTREAM_PORT case, was in fact dead due
to the early return.
Get rid of the dead code, and fix the inaccurate function
description while at it.
Jiri Denemark [Thu, 2 Feb 2017 21:04:25 +0000 (22:04 +0100)]
cpu: Use virCPUData.arch in cpuDecode
virCPUDef.arch is not required to be filled in for guest CPU
definitions. It doesn't make sense to artificially mandate it to be set
when cpuDecode is called especially when virCPUData.arch passed to
cpuDecode already contains the architecture.
Jiri Denemark [Fri, 13 Jan 2017 17:42:57 +0000 (18:42 +0100)]
qemu: Introduce virQEMUCapsFormatHostCPUModelInfo
The CPU model info formating code in virQEMUCapsFormatCache will get
more complicated soon. Separating the code in
virQEMUCapsFormatHostCPUModelInfo will make the result easier to read.
Jiri Denemark [Wed, 18 Jan 2017 13:05:26 +0000 (14:05 +0100)]
qemu: Skip virQEMUCapsCPUFilterFeatures on non-x86 CPUs
All features the function is currently supposed to filter out are
specific to x86_64. We should avoid removing them on other
architectures. It seems to be quite unlikely other achitectures would
use the same names, but one can never be sure.
Jiri Denemark [Tue, 14 Feb 2017 22:32:24 +0000 (23:32 +0100)]
docs: Drop obsolete statement about CPU modes and migration
The guest CPU definition has always been updated automatically during
migration. And currently we just transform any host-model CPU into a
custom one when a domain starts.
The 'raw' block driver in Qemu is not directly interesting from
libvirt's perspective, but it can be layered above some other block
drivers and this may be interesting for the user.
The patch adds support for the 'raw' block driver. The driver is treated
simply as a pass-through and child driver in JSON is queried to get the
necessary information.
Signed-off-by: Tomáš Golembiovský <tgolembi@redhat.com>
util: storage: split function for JSON backing volume parsing in two
Split virStorageSourceParseBackingJSON into two functions so that the
core can be reused by other functions. The new function called
virStorageSourceParseBackingJSONInternal accepts virJSONValuePtr.
Signed-off-by: Tomáš Golembiovský <tgolembi@redhat.com>
Peter Krempa [Wed, 8 Feb 2017 08:20:21 +0000 (09:20 +0100)]
spec: Modularize the storage driver
Create a new set of sub-packages containing the new storage driver
modules so that certain heavy-weight backends (gluster, rbd) can be
installed separately only if required.
To keep backward compatibility the 'libvirt-driver-storage' package
will be turned into a virtual package pulling in all the new storage
backend sub-packages. The storage driver module will be moved into
libvirt-driver-storage-core including the filesystem backend which is
mandatory.
This then allows to make libvirt-daemon-driver-qemu depend only on the
core of the storage driver.
All other meta-packages still depend on the full storage driver and thus
pull in all the backends.
Peter Krempa [Tue, 7 Feb 2017 17:58:39 +0000 (18:58 +0100)]
tests: drivermodule: Make sure that all compiled storage backends can be loaded
Add a new storage driver registration function that will force the
backend code to fail if any of the storage backend modules can't be
loaded. This will make sure that they work and are present.
Peter Krempa [Tue, 7 Feb 2017 18:40:29 +0000 (19:40 +0100)]
storage: Turn storage backends into dynamic modules
If driver modules are enabled turn storage driver backends into
dynamically loadable objects. This will allow greater modularity for
binary distributions, where heavyweight dependencies as rbd and gluster
can be avoided by selecting only a subset of drivers if the rest is not
necessary.
The storage modules are installed into 'LIBDIR/libvirt/storage-backend/'
and users can override the location by using
'LIBVIRT_STORAGE_BACKEND_DIR' environment variable.
rpm based distros will at this point install all the backends when
libvirt-daemon-driver-storage package is installed.
Peter Krempa [Tue, 21 Feb 2017 09:16:04 +0000 (10:16 +0100)]
spec: Don't check for storage driver backends in configure script
Explicitly enable --with-storage-scsi and disable --without-storage-zfs
and --without-storage-vstorage so that the configure script doesn't
check for them.
Note that --with-storage-dir is enabled by default.
Michal Privoznik [Tue, 21 Feb 2017 16:24:17 +0000 (17:24 +0100)]
conf: Don't accept dummy values for <memoryBacking/> attributes
Our virSomeEnumTypeFromString() functions return either the value
of item from the enum or -1 on error. Usually however the value 0
means 'this value is not set in the domain XML, use some sensible
default'. Therefore, we don't accept corresponding string in
domain XML, for instance:
John Ferlan [Mon, 20 Feb 2017 18:59:36 +0000 (13:59 -0500)]
conf: Cleanup matchFCHostToSCSIHost
Rather than the inlined VIR_FREE's, use a cleanup: label... Fixes an
issue introduced by 03346def where @name was free'd before usage in
a virAsprintf to format scsi_host_name.
Marc Hartmayer [Tue, 21 Feb 2017 12:11:00 +0000 (13:11 +0100)]
qemu: Fix deadlock across fork() in QEMU driver
The functions in virCommand() after fork() must be careful with regard
to accessing any mutexes that may have been locked by other threads in
the parent process. It is possible that another thread in the parent
process holds the lock for the virQEMUDriver while fork() is called.
This leads to a deadlock in the child process when
'virQEMUDriverGetConfig(driver)' is called and therefore the handshake
never completes between the child and the parent process. Ultimately
the virDomainObjectPtr will never be unlocked.
It gets much worse if the other thread of the parent process, that
holds the lock for the virQEMUDriver, tries to lock the already locked
virDomainObject. This leads to a completely unresponsive libvirtd.
It's possible to reproduce this case with calling 'virsh start XXX'
and 'virsh managedsave XXX' in a tight loop for multiple domains.
With that users could access files outside /dev/shm. That itself
isn't a security problem, but might cause some errors we want to
avoid. So let's forbid slashes as we do with domain and volume names
and also mention that in the schema.
Peter Krempa [Thu, 26 Jan 2017 13:57:41 +0000 (14:57 +0100)]
daemon: Refactor connection driver module loading
Pass the registration function name to virDriverLoadModule so that we
can later call specific functions if necessary (e.g. for testing
purposes). This gets rid of the rather ugly automatic name generator and
unifies the code to load/initialize the modules.
It's also clear which registration function gets called.
Format printf format specifier used with niothreadids
The niothreadids struct field is size_t, so must use %zu not %lu
with printf. While they're identical on some platforms, on others
they are different, causing warnings
conf/domain_conf.c: In function 'virDomainDefCheckABIStabilityFlags':
conf/domain_conf.c:19575:26: error: format '%lu' expects argument of type 'long unsigned int', but argument 7 has type 'size_t {aka unsigned int}' [-Werror=format=]
_("Target domain iothreads count %lu does not "
^
conf/domain_conf.c: In function 'virDomainDefFormatInternal':
conf/domain_conf.c:23915:46: error: format '%lu' expects argument of type 'long unsigned int', but argument 3 has type 'size_t {aka unsigned int}' [-Werror=format=]
virBufferAsprintf(buf, "<iothreads>%lu</iothreads>\n",
^
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Pavel Hrdina [Sun, 12 Feb 2017 16:49:21 +0000 (17:49 +0100)]
qemu_driver: always check whether iothread is used by disk or not
If virDomainDelIOThread API was called with VIR_DOMAIN_AFFECT_LIVE
and VIR_DOMAIN_AFFECT_CONFIG and both XML were already a different
it could result in removing iothread from config XML even if there
was a disk using that iothread.
Pavel Hrdina [Mon, 20 Feb 2017 17:05:18 +0000 (18:05 +0100)]
qemu_process: remove unnecessary iothread check
The situation covered by the removed code will not ever happen.
This code is called only while starting a new QEMU process where
the capabilities where already checked and while attaching to
existing QEMU process where we don't even detect the iothreads.
Peter Krempa [Mon, 20 Feb 2017 13:54:12 +0000 (14:54 +0100)]
Disallow inclusion of files from src/conf into src/utils
The utils code should stay separated from other code (except for very
well justified cases). Unfortunately commit 272769beccd7479c75e700a6cb
made it trivial to break the separation (and not get slapped by the
syntax-check rule) by adding -I src/conf to the CFLAGS for utils.
Remove this shortcut and except the two offenders from the syntax check
so that the codebase can be kept separated.
Marc Hartmayer [Fri, 10 Feb 2017 09:44:44 +0000 (10:44 +0100)]
node_device: Check return value for udev_new()
The comment was actually wrong as
https://www.freedesktop.org/software/systemd/man/udev_new.html#
mentions that on failure NULL is returned. Also the same return value
is checked in src/interface/interface_backend_udev.c already.
Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
When enabling virgl, qemu opens /dev/dri/render*. So far, we are
not allowing that in devices CGroup nor creating the file in
domain's namespace and thus requiring users to set the paths in
qemu.conf. This, however, is suboptimal as it allows access to
ALL qemu processes even those which don't have virgl configured.
Now that we have a way to specify render node that qemu will use
we can be more cautious and enable just that.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
qemuDomainGetHostdevPath: Report /dev/vfio/vfio less frequently
So far, qemuDomainGetHostdevPath has no knowledge of the reasong
it is called and thus reports /dev/vfio/vfio for every VFIO
backed device. This is suboptimal, as we want it to:
a) report /dev/vfio/vfio on every addition or domain startup
b) report /dev/vfio/vfio only on last VFIO device being unplugged
If a domain is being stopped then namespace and CGroup die with
it so no need to worry about that. I mean, even when a domain
that's exiting has more than one VFIO devices assigned to it,
this function does not clean /dev/vfio/vfio in CGroup nor in the
namespace. But that doesn't matter.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
So far, we are allowing /dev/vfio/vfio in the devices cgroup
unconditionally (and creating it in the namespace too). Even if
domain has no hostdev assignment configured. This is potential
security hole. Therefore, when starting the domain (or
hotplugging a hostdev) create & allow /dev/vfio/vfio too (if
needed).
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
qemuSetupHostdevCgroup: Use qemuDomainGetHostdevPath
Since these two functions are nearly identical (with
qemuSetupHostdevCgroup actually calling virCgroupAllowDevicePath)
we can have one function call the other and thus de-duplicate
some code.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
There's no need for this function. Currently it is passed as a
callback to virSCSIVHostDeviceFileIterate(). However, SCSI host
devices have just one file path. Therefore we can mimic approach
used in qemuDomainGetHostdevPath() to get path and call
virCgroupAllowDevicePath() directly.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
There's no need for this function. Currently it is passed as a
callback to virSCSIDeviceFileIterate(). However, SCSI devices
have just one file path. Therefore we can mimic approach used in
qemuDomainGetHostdevPath() to get path and call
virCgroupAllowDevicePath() directly.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
There's no need for this function. Currently it is passed as a
callback to virUSBDeviceFileIterate(). However, USB devices have
just one file path. Therefore we can mimic approach used in
qemuDomainGetHostdevPath() to get path and call
virCgroupAllowDevicePath() directly.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
John Ferlan [Tue, 24 Jan 2017 17:21:26 +0000 (12:21 -0500)]
nodedev: Rework virNodeDeviceGetParentHost
Rework the code to perform the various searches by parent, parent_wwnn/
parent_wwpn, parent_fabric_wwn, or vport capable in order to return the
'parent_host' number that is vHBA capable.
The former virNodeDeviceGetParentHost is renamed to add the ByParent
on it fixes an issue where if no parent was supplied in the XML to
create the vHBA, then virNodeDeviceFindByName was called with a NULL
second parameter which had bad results.
The reworked code will make the various calls to fetch the NPIV host
by the passed parameter options or if none are provided find a vport
capable NPIV HBA to perform the create. If the call is from the delete
path, then this option won't be allowed.
Each of virNodeDeviceGetParentHostBy* functions is now static, so
remove them external definitions.
A secondary benefit of this is the test_driver now can make use of
the new API to add some new tests to test the various creation options.
John Ferlan [Tue, 24 Jan 2017 17:26:25 +0000 (12:26 -0500)]
nodedev: Keep the node device lock longer in nodeDeviceDestroy
While perhaps improbable, it could be possible that after finding our
object that another thread running essentially in parallel could attempt
to delete the same vHBA.
So rather than dropping the lock right after finding the object, keep
the lock around while we drop the object lock and work on deleting the
object. Once the delete occurs we can safely drop the driver lock again.
Cleanup some of the usage of cleanup instead out for the goto label.
John Ferlan [Tue, 24 Jan 2017 15:49:23 +0000 (10:49 -0500)]
tests: Add new fchosttest tests for management of a vHBA
Add a test that will mimic creation and destruction of a vHBA
by using node device XML. The design will allow for testing the
multiple mechanisms.
The first test uses just <parent> in the node device XML. This is
somewhat similar to the existing objecteventtest, except that this
test will not provide input wwnn/wwpn's (similar to how the process
is described for the the libvirt wiki).
This requires mocking the virRandomGenerateWWN since parsing the
input XML (virNodeDevCapSCSIHostParseXML) requires either a provided
wwnn/wwpn in the XML or the ability to randomly generate the wwnn/wwpn.
John Ferlan [Sat, 18 Feb 2017 13:26:21 +0000 (08:26 -0500)]
util: Replace virStoragePoolGetVhbaSCSIHostParent
Use the new virNodeDeviceGetParentName instead. Modify the callers to
build the node device scsi_host# name string in order to call the new
function so that proper lookup occurs.
John Ferlan [Mon, 23 Jan 2017 17:54:42 +0000 (12:54 -0500)]
util: Create a new virvhba module and move/rename API's
Rather than have them mixed in with the virutil apis, create a separate
virvhba.c module and move the vHBA related calls into there. Soon there
will be more added.
Also modify the names of the functions and some arguments to be more
indicative of what is really happening. Adjust the callers respectively.
While I was changing fchosttest, rather than the non-descriptive names
test1...test6, rename them to match what the test is doing.
John Ferlan [Tue, 24 Jan 2017 01:52:24 +0000 (20:52 -0500)]
tests: Create a more realistic vHBA
Modify the code to react more like a real HBA -> vHBA creation.
Currently the code would just modify the input XML definition to
set the name to a wwpn and then modify the scsi_host capability
entry for the defintion to change the scsi_host# and unique_id
before adding that into the node device.
This patch does things a bit better. It finds and copies a known
existing vHBA (scsi_host11) in the node_device database and modifies
that definition to change the name to scsi_host12 and set the wwnn/
wwpn to what the input XML would expect before adding the def to the
node device object list.
Then rather than create a returned "dev" using the (poorly) mocked
name - perform the lookup using the new device name.
John Ferlan [Tue, 24 Jan 2017 11:32:03 +0000 (06:32 -0500)]
test: Add new NPIV capable HBA and a vHBA
Predefine a second NPIV capable HBA as well as a vHBA using the first
NPIV capable HBA. This will allow for a mechanism to perform more
realistic create vHBA testing.
John Ferlan [Mon, 23 Jan 2017 20:24:59 +0000 (15:24 -0500)]
tests: Alter test_driver HBA name/data to be closer to reality
Alter "test-scsi-host-vport" to be "scsi_host1" to match the real
environment. This is the vport capable HBA - IOW the NPIV device.
Add more fields to scsi_host1 as well.
Alter the XML being used by the objecttest to create a vHBA in order
to match the scsi_host1 parent name and to use validateable wwnn/wwpn.
This will allow for realistic testing.
Michal Privoznik [Fri, 17 Feb 2017 15:09:15 +0000 (16:09 +0100)]
nodedev: Introduce new drm cap
After 7f1bdec5fa0a0cd25 our nodedev driver is capable of
determining DRM devices (DRM stands for Direct Render Manager not
Digital rights management). There is still one bit missing
though: virConnectListAllNodeDevices() is capable of listing
either all devices or just those with specified capability. Well,
DRM capability is missing there.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Add new <devnode> top-level <device> element, that list the associated
/dev files. Distinguish the main /dev name from symlinks with a 'type'
attribute of value 'dev' or 'symlink'.
Update a test to check XML schema, and actually add it to the test list
since it was missing.
John Ferlan [Tue, 7 Feb 2017 18:04:08 +0000 (13:04 -0500)]
nodedev: Return the parent for a virNodeDevicePtr struct
When the 'parent' was added to the virNodeDevicePtr structure
by commit id 'e8a4ea75a' the 'parent' field was not properly filled
in when a virGetNodeDevice call was made within driver/config code.
Only the device name was ever filled in. Fetching the parent required
a second trip via virNodeDeviceGetParent into the node device lookup
code was required in order to retrieve the specific parent field (and
still the parent field was never filled in although it was free'd).
Since we have the data when we initially call virGetNodeDevice from
within driver/node_config code - let's just fill in the parent field
as well for anyone that wants it without requiring another trip into
the node_device lookup just to get the parent.
This will allow API's such as virConnectListAllNodeDevices,
virNodeDeviceLookupByName, and virNodeDeviceLookupSCSIHostByWWN
to retrieve both name and parent in the returned virNodeDevicePtr.
As discussed here [0][1] Coverity reported two issues:
- On libxlDomainMigrationPrepareTunnel3 @@mig will be leaked on failures
after sucessfull call libxlDomainMigrationPrepareAny hence we free it.
Setting mig = NULL after @mig is assigned plus adding libxlMigrationCookieFree
on error paths addresses the issue. In case virThreadCreate fails,
unref of args frees the cookie on dispose function (libxlMigrationDstArgsDispose)
- On libxlMigrationStartTunnel @tc would be leaked.
Fixed by correctly saving the newly allocated @tc onto @tnl such that
libxlMigrationStopTunnel would free it up.
This resulted in -netdev tap,script=,.. Fortunately, qemu helped
us to get away with this as it just ignored the empty script
path. However, after the commit mentioned above it's libvirtd
who is executing the script. Unfortunately without special
case-ing empty script path.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Nitesh Konkar [Wed, 15 Feb 2017 11:14:58 +0000 (16:44 +0530)]
Ensure disk names follow the disk name regex
Currently disk names do not follow the
(regex) /^[fhv]d[a-z]+[0-9]*$/ completely
and hence one can assign disk names like
vd2 etc. This patch ensures that the
disk names follow the regex mentioned.
This patch also adds a testcase.
Bob Liu [Wed, 15 Feb 2017 11:17:38 +0000 (11:17 +0000)]
libxl: add tunnelled migration support
Tunnelled migration doesn't require any extra network connections
beside the libvirt daemon. It's capable of strong encryption and the
default option of openstack-nova.
This patch adds the tunnelled migration(Tunnel3params) support to
libxl. On the source side, the data flow is:
* libxlDoMigrateSend() -> pipe libxlTunnel3MigrationFunc() polls pipe
* out and then write to dest stream.
While on the destination side:
* Stream -> pipe -> 'recvfd of libxlDomainStartRestore'
The usage is the same as p2p migration, execpt adding one extra
'--tunnelled' to the libvirt p2p migration command.
Signed-off-by: Bob Liu <bob.liu@oracle.com> Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
Michal Privoznik [Wed, 15 Feb 2017 09:06:09 +0000 (10:06 +0100)]
qemu_conf: Check for namespaces availability more wisely
The bare fact that mnt namespace is available is not enough for
us to allow/enable qemu namespaces feature. There are other
requirements: we must copy all the ACL & SELinux labels otherwise
we might grant access that is administratively forbidden or vice
versa.
At the same time, the check for namespace prerequisites is moved
from domain startup time to qemu.conf parser as it doesn't make
much sense to allow users to start misconfigured libvirt just to
find out they can't start a single domain.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Jim Fehlig [Fri, 3 Feb 2017 02:26:13 +0000 (19:26 -0700)]
apparmor: don't fail on non-apparmor <seclabel>
If the apparmor security driver is loaded/enabled and domain config
contains a <seclabel> element whose type attribute is not 'apparmor',
starting the domain fails when attempting to label resources such
as tap FDs.
Many of the apparmor driver entry points attempt to retrieve the
apparmor security label from the domain def, returning failure if
not found. Functions such as AppArmorSetFDLabel fail even though
domain config contains an explicit 'none' secuirty driver, e.g.
<seclabel type='none' model='none'/>
Change the entry points to succeed if the domain config <seclabel>
is not apparmor. This matches the behavior of the selinux driver.
Jiri Denemark [Mon, 13 Feb 2017 08:32:21 +0000 (09:32 +0100)]
qemu_monitor_json: Properly check GetArray return value
Commit 2a8d40f4ec refactored qemuMonitorJSONGetCPUx86Data and replaced
virJSONValueObjectGet(reply, "return") with virJSONValueObjectGetArray.
While the former is guaranteed to always return non-NULL pointer the
latter may return NULL if the returned JSON object is not an array.
projects / libvirt.git / log