Peter Krempa [Tue, 20 Feb 2018 16:56:46 +0000 (17:56 +0100)]
qemu: monitor: Factor out and document code to format QMP command
Move formatting of the qemu command out of qemuMonitorJSONMakeCommandRaw
to qemuMonitorJSONMakeCommandInternal to allow greater reusability and
document the function better.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Peter Krempa [Thu, 29 Mar 2018 11:22:04 +0000 (13:22 +0200)]
qemu: caps: Add capability for blockdev-add/blockdev-del
The capability also represents that 'blockdev-add' is functional. It's
necessary to detect it via presence of 'blockdev-del' since blockdev-add
did not have the unsupported 'x-blockdev-add' version previously and
thus would be marked as present even if we could not use it.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Peter Krempa [Fri, 23 Feb 2018 08:03:49 +0000 (09:03 +0100)]
qemu: migration: Don't access disk members without lock
The initiation of a synchronous block job in the NBD storage migration
code was placed after entering the monitor thus after the lock on the VM
object was unlocked. Thankfully nothing bad could happen in this
situation since the migration job prevents any disk detaches or other
modifications of the domain object.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Peter Krempa [Mon, 14 May 2018 11:54:12 +0000 (13:54 +0200)]
qemu: block: Don't nest storage layer properties into format layer
Reference the storage via node name rather than inlining it. This is
the approach that will be used with -blockdev/blockdev-add since it
allows more control and is more future proof.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Filip Alac [Tue, 22 May 2018 11:12:32 +0000 (13:12 +0200)]
conf: Introduce codec type 'output'
Introduce support for codec type 'output' ('hda-output' in QEMU) for ich6
and ich9 sound devices, which only advertises a line-out in the guest.
This has been available in QEMU since 0.14.
Signed-off-by: Filip Alac <filipalac@gmail.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Ján Tomko [Fri, 18 May 2018 12:46:54 +0000 (14:46 +0200)]
Reintroduce QEMU_CAPS_SECCOMP_SANDBOX
Commit 766d5c1b deprecated the capability, because we were assuming
it for every QEMU binary. At the time of the introduction, there
was no way to probe for this via QMP.
However since QEMU 1.5.0 (which is the earliest version we support)
we can rely on the query-command-line-options command to detect this
feature.
Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Just like ec982f6d929f3c23 denies hugepages for non-existent
guest NUMA nodes in case there are some nodes configured.
Unfortunately, when there are none, qemuBuildNumaArgStr() is not
called and thus we have to have check in qemuBuildMemPathStr()
too.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639)
Some AMD processors only support a non-architectural means of
enabling Speculative Store Bypass Disable. To allow simplified
handling in virtual environments, hypervisors will expose an
architectural definition through CPUID bit 0x80000008_EBX[25].
This needs to be exposed to guest OS running on AMD x86 hosts to
allow them to protect against CVE-2018-3639.
Note that since this CPUID bit won't be present in the host CPUID
results on physical hosts, it will not be enabled automatically
in guests configured with "host-model" CPU unless using QEMU
version >= 2.9.0. Thus for older versions of QEMU, this feature
must be manually enabled using policy=force. Guests using the
"host-passthrough" CPU mode do not need special handling.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639)
New microcode introduces the "Speculative Store Bypass Disable"
CPUID feature bit. This needs to be exposed to guest OS to allow
them to protect against CVE-2018-3639.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
tools: Tiny clean-ups for two functions in virsh-completer.c
These two functions were duplicating some cleanup paths, so let's just merge
both cleanup and error paths together. To distinguish whether we need to
clean-up the return value let's keep it in @tmp until the function is successful
in which case we set @ret to the value of @tmp and set @tmp to NULL.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
travis: Print test log file from distcheck as well
Since we started using `make distcheck` in travis, the part that's printing the
tests/test-suite.log file is rather pointless. Let's check for both known
locations (keeping the previous one there on purpose) so that the output is
usable again.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
We currently print the libvirt and qemu version strings into the
per-guest logfile. It would be useful to know what kernel is running
too, so add that.
Reviewed-by: Kashyap Chamarthy <kchamart@redhat.com> Tested-by: Kashyap Chamarthy <kchamart@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Ján Tomko [Fri, 18 May 2018 13:41:25 +0000 (15:41 +0200)]
Remove type_sep parameter from qemuBuildHostNetStr
The last caller not passing a comma was removed by:
commit ad8a7c4f8599bd58608500a72cdfec18a6bf2318
Author: Ján Tomko <jtomko@redhat.com>
CommitDate: 2018-04-12 17:17:16 +0200
qemu: deprecate QEMU_CAPS_NETDEV
Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Michal Privoznik [Thu, 17 May 2018 11:53:34 +0000 (13:53 +0200)]
qemu: Implement multiple screen support for virDomainScreenshot
According to virDomainScreenshot() documentation, screens are
numbered sequentially. e.g. having two graphics cards, both with
four heads, screen ID 5 addresses the second head on the second
card.
But apart from that, there's nothing special happening here.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Michal Privoznik [Thu, 17 May 2018 09:41:37 +0000 (11:41 +0200)]
qemu: Introduce QEMU_CAPS_SCREENDUMP_DEVICE
As of v2.12.0-rc0~32^2 QEMU is capable specifying which display
device and head should the screendump be taken from. Track this
capability so that we can use it later in our virDomainScreenshot
API.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Historically we matched log filters with strstr(), and when switching to
fnmatch in cbb0fd3cfdc287f6f4653ef1f04a7cfb2ea51b27, it was stated that
we would continue to match substrings, with "foo" being equivalent to
"*foo*". Unfortuntely I forget to provide the code to actually make that
happen. This fixes it to prepend and append "*". We don't bother to
check if the pattern already has a leading/trailing '*', because
"**foo**" will match the same as "*foo*".
Reviewed-by: Erik Skultety <eskultet@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Ján Tomko [Tue, 15 May 2018 07:58:50 +0000 (09:58 +0200)]
virCryptoHashBuf: return the length of the hash in bytes
virCryptoHashString also needs to know the size of the returned hash.
Return it if the hash conversion succeeded so the caller does not need
to access the hashinfo array.
This should make virCryptoHashString build without gnutls.
Also fixes the missing return value for the virCryptoHashBuf stub.
Signed-off-by: Ján Tomko <jtomko@redhat.com> Suggested-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Michal Privoznik [Tue, 15 May 2018 11:49:06 +0000 (13:49 +0200)]
virDomainMemoryDefParseXML: Don't leak discard
==1589== 7 bytes in 2 blocks are definitely lost in loss record 34 of 261
==1589== at 0x4C2AF0F: malloc (vg_replace_malloc.c:299)
==1589== by 0x8A82794: xmlStrndup (in /usr/lib64/libxml2.so.2.9.8)
==1589== by 0x5DD8392: virXMLPropString (virxml.c:510)
==1589== by 0x5E12427: virDomainMemoryDefParseXML (domain_conf.c:15704)
==1589== by 0x5E207DE: virDomainDefParseXML (domain_conf.c:20351)
==1589== by 0x5E2184F: virDomainDefParseNode (domain_conf.c:20636)
==1589== by 0x5E216A1: virDomainDefParse (domain_conf.c:20580)
==1589== by 0x5E21747: virDomainDefParseFile (domain_conf.c:20606)
==1589== by 0x112F5F: testCompareXMLToArgv (qemuxml2argvtest.c:493)
==1589== by 0x138780: virTestRun (testutils.c:180)
==1589== by 0x117129: mymain (qemuxml2argvtest.c:937)
==1589== by 0x13A83C: virTestMain (testutils.c:1120)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Peter Krempa [Fri, 11 May 2018 13:40:34 +0000 (15:40 +0200)]
qemu: process: Change semantics of functions starting PR daemon
Libvirt only manages one PR daemon. This means that we don't need to
pass the 'disk' object and also rename the functions dealing with this
so that it's obvious we only deal with the managed PR daemon.
Signed-off-by: Peter Krempa <pkrempa@redhat st.com>
Peter Krempa [Mon, 14 May 2018 05:25:43 +0000 (07:25 +0200)]
util: storage: Allow passing <source> also for managed PR case
To allow storing status information in the XML move the validation that
the 'path' is not valid for managed PR daemon case into
qemuDomainValidateStorageSource and allow parsing of the data even in
case when managed='yes'.
Peter Krempa [Fri, 11 May 2018 13:50:57 +0000 (15:50 +0200)]
util: storage: Drop pointless 'enabled' form PR definition
Everything can be disabled by not using the parent element. There's no
need to store this explicitly. Additionally it does not add any value
since any configuration is dropped if enabled='no' is configured.
Drop the attribute and adjust the code accordingly.
Split up virStorageBackendCreateQemuImgCmdFromVol into two parts.
It's too long anyway and virStorageBackendCreateQemuImgCmdFromVol
should just handle the command line processing.
NB: Requires changing info.* into info->* references.
John Ferlan [Mon, 7 May 2018 14:15:33 +0000 (10:15 -0400)]
storage_util: Split preallocate set in storageBackendCreateQemuImgOpts
The only way preallocate could be set is if the info->format was
not RAW (see storageBackendCreateQemuImgSetBacking), so let's just
extract it from the if/else surrounding the application of the
encryption options.
John Ferlan [Mon, 7 May 2018 14:17:43 +0000 (10:17 -0400)]
storage_util: Split backing_fmt set in storageBackendCreateQemuImgOpts
The only way backing_fmts could be set is if the info->format was
not RAW (see storageBackendCreateQemuImgSetBacking), so let's just
extract it from the if/else surrounding the application of the
encryption options.
John Ferlan [Wed, 18 Apr 2018 18:18:14 +0000 (14:18 -0400)]
storage_util: Move secretPath generation
Move generation of secretPath to storageBackendGenerateSecretData
and simplify a bit since we know vol->target.encryption is set plus
we have a local @enc.
John Ferlan [Wed, 18 Apr 2018 18:08:51 +0000 (14:08 -0400)]
storage_util: Generate the qcow secret earlier
Rather than having storageBackendCreateQemuImgCheckEncryption
perform the virStorageGenerateQcowEncryption, let's just do that
earlier during storageBackendCreateQemuImg so that the check
helper is just a check helper rather doing something different
based on whether the format is qcow[2] or raw based encryption.
This fixes an issue in the storageBackendResizeQemuImg processing
for qcow encryption where if a secret was not available for a
volume, a new secret will not be generated and instead an error
message will be generated.
John Ferlan [Wed, 18 Apr 2018 16:43:43 +0000 (12:43 -0400)]
storage_util: Remove unnecessary check
Commit id 'a48c71411' altered the logic a bit and didn't
remove an unnecessary check as info.encryption is true when
vol->target.encryption != NULL, so if we enter the if segment
with info.format == VIR_STORAGE_FILE_RAW && vol->target.encryption
!= NULL, then there's no way info.encryption could be false.
Jim Fehlig [Mon, 14 May 2018 20:45:05 +0000 (14:45 -0600)]
libxl: don't set hasManagedSave when performing save
libxlDoDomainSave() is used in both the save and managedsave code
paths but was unconditionally setting hasManagedSave to true on
success. As a result, undefine would fail after a non-managed
save/restore operation. E.g.
virsh define; virsh start
virsh save; virsh restore
virsh shutdown
virsh undefine
error: Refusing to undefine while domain managed save image exists
Modify libxlDoDomainSave() to take an additional parameter to
specify managed vs non-managed save, and change callers to use it.
Signed-off-by: Jim Fehlig <jfehlig@suse.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Michal Privoznik [Tue, 15 May 2018 06:58:33 +0000 (08:58 +0200)]
tests: Link mocks with libvirt.so
In a lot of our mocks (if not all of them) we use our internal
APIs (e.g. VIR_ALLOC). So far, we're relying on test binary that
links with the mock to drag in libvirt.so. Well, this works only
partially. Firstly, whatever binary we execute from tests will
fail (e.g. as Martin reported on the list ./qemucapsprobe fails
to execute qemu). Secondly, if there's a program that tries to
validate linking (like valgrind is doing) it fails because of
unresolved symbols.
Because of that we have to link our mocks with libvirt.so.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Generates the QEMU command line for the vfio-ccw device.
Adds various functionality testing for vfio-ccw in libvirt:
1. Generation of QEMU command line from domain xml file
2. Generation of dump xml from domain xml file
3. Checks duplicate/invalid addresses for vfio-ccw devices.
Signed-off-by: Shalini Chellathurai Saroja <shalini@linux.vnet.ibm.com> Reviewed-by: Bjoern Walk <bwalk@linux.ibm.com> Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com> Reviewed-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com> Reviewed-by: Stefan Zimmermann <stzi@linux.ibm.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Introduces the vfio-ccw model for mediated devices and prime vfio-ccw
devices such that CCW address will be generated.
Alters the qemuxml2xmltest for testing a basic mdev device using vfio-ccw.
Signed-off-by: Shalini Chellathurai Saroja <shalini@linux.vnet.ibm.com> Reviewed-by: Bjoern Walk <bwalk@linux.ibm.com> Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com> Reviewed-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com> Reviewed-by: Stefan Zimmermann <stzi@linux.ibm.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Let us introduce the capability vfio-ccw for supporting the basic
channel I/O passthrough, which have been introduced in QEMU 2.10. The
current focus is to support dasd-eckd (cu_type/dev_type = 0x3990/0x3390)
as the target device.
Let us also introduce the capability QEMU_CAPS_CCW_CSSID_UNRESTRICTED
for virtual-css-bridge. This capability is based on the
cssid-unrestricted property which exists if QEMU no longer enforces
cssid restrictions based on ccw device types.
Vfio-ccw capability is dependent on the hidden virtual-css-bridge, so
that we are able to probe for the cssid-unrestriced property to make
sure the devices are visible to non-mcss-e enabled guests.
Signed-off-by: Shalini Chellathurai Saroja <shalini@linux.vnet.ibm.com> Reviewed-by: Bjoern Walk <bwalk@linux.ibm.com> Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Let us introduce the capability QEMU_CAPS_CCW for virtual-css-bridge
and replace QEMU_CAPS_VIRTIO_CCW with QEMU_CAPS_CCW in code segments
which identify support for ccw devices.
The virtual-css-bridge is part of the ccw support introduced in QEMU 2.7.
The QEMU_CAPS_CCW capability is based on the existence of the QEMU type.
Let us also add the capability QEMU_CAPS_CCW to the tests which
require support for ccw devices.
Signed-off-by: Shalini Chellathurai Saroja <shalini@linux.vnet.ibm.com> Reviewed-by: Bjoern Walk <bwalk@linux.ibm.com> Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
Andrea Bolognani [Mon, 14 May 2018 07:45:10 +0000 (09:45 +0200)]
travis: Uninstall packages before upgrade
numpy (needed by cgal) started having the same issue with
linking as python, which makes upgrade and thus the entire
build fail on macOS.
Instead of playing more tricks with linking/unlinking, just
uninstall the problematic packages (and those dragging them
in) before doing anything else.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
projects / libvirt.git / log