]> git.ipfire.org Git - thirdparty/libvirt.git/log
thirdparty/libvirt.git
7 years agolock_manager: Allow disabling configFile for virLockManagerPluginNew
Michal Privoznik [Tue, 21 Aug 2018 12:08:54 +0000 (14:08 +0200)] 
lock_manager: Allow disabling configFile for virLockManagerPluginNew

In some cases we might want to not load the lock driver config.
Alter virLockManagerPluginNew() and the lock drivers to cope with
this fact.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
7 years agolock_driver: Introduce VIR_LOCK_MANAGER_ACQUIRE_ROLLBACK
Michal Privoznik [Fri, 7 Sep 2018 14:07:13 +0000 (16:07 +0200)] 
lock_driver: Introduce VIR_LOCK_MANAGER_ACQUIRE_ROLLBACK

Soon there will be a virtlockd client that wants to either lock
all the resources or none (in order to avoid virtlockd killing
the client on connection close). Because on the RPC layer we can
only acquire one resource at a time, we have to perform a
rollback once we hit a resource that can't be acquired.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
7 years agolock_driver: Introduce VIR_LOCK_MANAGER_RESOURCE_TYPE_METADATA
Michal Privoznik [Wed, 22 Aug 2018 11:03:13 +0000 (13:03 +0200)] 
lock_driver: Introduce VIR_LOCK_MANAGER_RESOURCE_TYPE_METADATA

This is a new type of object that lock drivers can handle.
Currently, it is supported by lockd driver only.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
7 years ago_virLockManagerLockDaemonPrivate: Move @hasRWDisks into dom union
Michal Privoznik [Wed, 22 Aug 2018 08:23:36 +0000 (10:23 +0200)] 
_virLockManagerLockDaemonPrivate: Move @hasRWDisks into dom union

The fact whether domain has or doesn't have RW disks is specific
to VIR_LOCK_MANAGER_OBJECT_TYPE_DOMAIN and therefore should
reside in union specific to it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
7 years agolock_driver: Introduce new VIR_LOCK_MANAGER_OBJECT_TYPE_DAEMON
Michal Privoznik [Wed, 22 Aug 2018 07:39:00 +0000 (09:39 +0200)] 
lock_driver: Introduce new VIR_LOCK_MANAGER_OBJECT_TYPE_DAEMON

We will want virtlockd to lock files on behalf of libvirtd and
not qemu process, because it is libvirtd that needs an exclusive
access not qemu. This requires new lock context.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
7 years agolock_driver_lockd: Introduce VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_METADATA flag
Michal Privoznik [Wed, 22 Aug 2018 11:01:28 +0000 (13:01 +0200)] 
lock_driver_lockd: Introduce VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_METADATA flag

This flag causes virtlockd to use different offset when locking
the file.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
7 years agovirlockspace: Allow caller to specify start and length offset in virLockSpaceAcquireR...
Michal Privoznik [Tue, 14 Aug 2018 10:25:36 +0000 (12:25 +0200)] 
virlockspace: Allow caller to specify start and length offset in virLockSpaceAcquireResource

So far the virLockSpaceAcquireResource() locks the first byte in
the underlying file. But caller might want to lock other range.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
7 years agoctags: Generate tags for headers, i.e. function prototypes
Erik Skultety [Tue, 18 Sep 2018 12:21:33 +0000 (14:21 +0200)] 
ctags: Generate tags for headers, i.e. function prototypes

From time to time it's handy to jump directly to a function prototype in
a header. However, generating tags for headers is disabled by default in
ctags, let's enable it by using --c-kinds=+p.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
7 years agotests: Follow up on qemucaps2xmldata rename
Andrea Bolognani [Mon, 17 Sep 2018 14:51:23 +0000 (16:51 +0200)] 
tests: Follow up on qemucaps2xmldata rename

The directory has been renamed in 562990849a9d, but a
reference to it was not updated at the same time, causing
'make dist' to fail ever since. Fix it.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
7 years agoqemu: Don't check for /dev/kvm presence
Andrea Bolognani [Fri, 14 Sep 2018 06:43:44 +0000 (08:43 +0200)] 
qemu: Don't check for /dev/kvm presence

The file being present doesn't necessarily mean anything these
days, as it's created independently of whether the kvm module
has been loaded[1]; moreover, we're already gathering all the
information we need through QMP, so poking the filesystem at
all is entirely unnecessary.

[1] https://github.com/systemd/systemd/commit/d35d6249d5a7ed3228

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
7 years agoqemu: Clarify QEMU_CAPS_KVM
Andrea Bolognani [Thu, 13 Sep 2018 14:56:55 +0000 (16:56 +0200)] 
qemu: Clarify QEMU_CAPS_KVM

This capability is documented as having one meaning (whether
KVM is enabled by default) but is actually assigned two other
meanings over its life: whether the query-kvm QMP command is
available at first, and later on whether KVM is usable / was
used during probing.

Since the query-kvm QMP command was available in 1.5.0, we
can avoid probing for it; additionally, we can simplify the
logic by setting the flag when it applies instead of initially
setting it and then clearing it when it doesn't.

The flag's description is also updated to reflect reality.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
7 years agoqemu: Avoid probing non-native binaries all the time
Andrea Bolognani [Mon, 17 Sep 2018 10:23:43 +0000 (12:23 +0200)] 
qemu: Avoid probing non-native binaries all the time

A side effect of recent changes is that we would always try
to regenerate the capabilities cache for non-native QEMU
binaries based on /dev/kvm availability, which is of course
complete nonsense. Make sure that doesn't happen.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
7 years agoqemu: Drop QEMU_CAPS_ENABLE_KVM
Andrea Bolognani [Thu, 13 Sep 2018 15:40:51 +0000 (17:40 +0200)] 
qemu: Drop QEMU_CAPS_ENABLE_KVM

It was already available in 1.5.0.

Moreover, we're not even formatting it on the QEMU command
line, ever: we just use it as part of some logic that decides
whether KVM support should be advertised, and as it turns out
that logic is actually buggy and dropping this capability
fixes it.

https://bugzilla.redhat.com/show_bug.cgi?id=1628469

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
7 years agotests: Add more tests to qemucaps2xml
Andrea Bolognani [Thu, 13 Sep 2018 16:28:59 +0000 (18:28 +0200)] 
tests: Add more tests to qemucaps2xml

More specifically, everything that's tested by qemucapabilities
now goes through qemucaps2xml as well.

Ideally we'll rewrite both so that listing all test cases is
unnecessary and they get picked up automatically by listing the
contents of the input directory instead, but that's a refactor
for another day :)

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
7 years agotests: Reuse qemucapabilities data for qemucaps2xml
Andrea Bolognani [Thu, 13 Sep 2018 16:06:20 +0000 (18:06 +0200)] 
tests: Reuse qemucapabilities data for qemucaps2xml

While qemucaps2xml has a meager two test cases to its name, we
have plenty of data from qemucapabilities which is taken from
actual QEMU binaries, covers pretty much all supported QEMU
versions and architectures and is even in the right format already!

Rewrite qemucaps2xml so that it uses qemucapabilities data as
input. Right now we have a single test case, but we're going to
add a lot more next.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
7 years agosyntax-check: Check for incorrect indentation in function body
Shi Lei [Thu, 13 Sep 2018 08:55:19 +0000 (16:55 +0800)] 
syntax-check: Check for incorrect indentation in function body

This patch add syntax-check rule for incorrect indentation and blank
first line in function body by changing check-spacing.pl.
For efficiency, it only checks the first line of function body.
But it's enough for most cases.

Signed-off-by: Shi Lei <shi_lei@massclouds.com>
7 years agotools: remove blank first line in function body
Shi Lei [Thu, 13 Sep 2018 08:55:24 +0000 (16:55 +0800)] 
tools: remove blank first line in function body

Signed-off-by: Shi Lei <shi_lei@massclouds.com>
7 years agotests: remove blank first line in function body
Shi Lei [Thu, 13 Sep 2018 08:55:23 +0000 (16:55 +0800)] 
tests: remove blank first line in function body

Signed-off-by: Shi Lei <shi_lei@massclouds.com>
7 years agosrc: remove blank first line in function body
Shi Lei [Thu, 13 Sep 2018 08:55:22 +0000 (16:55 +0800)] 
src: remove blank first line in function body

Signed-off-by: Shi Lei <shi_lei@massclouds.com>
7 years agotests: fix incorrect indentation in function body by checking first line
Shi Lei [Thu, 13 Sep 2018 08:55:21 +0000 (16:55 +0800)] 
tests: fix incorrect indentation in function body by checking first line

Signed-off-by: Shi Lei <shi_lei@massclouds.com>
7 years agosrc: fix incorrect indentation in function body by checking first line
Shi Lei [Thu, 13 Sep 2018 08:55:20 +0000 (16:55 +0800)] 
src: fix incorrect indentation in function body by checking first line

Signed-off-by: Shi Lei <shi_lei@massclouds.com>
7 years agoqemu_security: Run transactions more frequently
Michal Privoznik [Wed, 5 Sep 2018 12:00:20 +0000 (14:00 +0200)] 
qemu_security: Run transactions more frequently

Now that committing transactions using pid == -1 means that we're
not fork()-ing to run the transaction in a specific namespace, we
can utilize the transaction processing semantics in order to
start, run a or multiple commands, and then commit the
transaction without being concerned with other interactions or
transactions interrupting the processing.  This will eventually
allow us to have a single place where all the paths can be
locked, followed by relabeling and unlocking again.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
7 years agovirSecurityManagerTransactionCommit: Accept pid == -1
Michal Privoznik [Wed, 5 Sep 2018 11:27:50 +0000 (13:27 +0200)] 
virSecurityManagerTransactionCommit: Accept pid == -1

It will be desirable to run transactions more often than we
currently do. Even if the domain we're relabeling the paths for
does not run in a namespace. If that's the case, there is no need
to fork() as we are already running in the right namespace. To
differentiate whether transaction code should fork() or not the
@pid argument now accepts -1 (which means do not fork).

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
7 years agoqemu_security: Require full wrappers for APIs that might touch a file
Michal Privoznik [Wed, 5 Sep 2018 09:37:00 +0000 (11:37 +0200)] 
qemu_security: Require full wrappers for APIs that might touch a file

In the future, the transactions are not going to be optional and
they will be run regardless of domain using namespace to collect
list of paths to be relabeled.

To make sure there won't be an API that goes behind transaction
code back update the comment that serves as decision manual
whether an API must be fully implemented or plain #define is
sufficient.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
7 years agoqemu_security: Fully implement qemuSecurity{Set,Restore}SavedStateLabel
Michal Privoznik [Wed, 5 Sep 2018 09:29:46 +0000 (11:29 +0200)] 
qemu_security: Fully implement qemuSecurity{Set,Restore}SavedStateLabel

Even though the current use of the functions does not require full
implementation with transactions (none of the callers passes a path
somewhere under /dev), it doesn't hurt either. Moreover, in
future patches the paradigm is going to shift so that any API
that touches a file is required to use transactions.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
7 years agoqemu_security: Fully implement qemuSecurityDomainSetPathLabel
Michal Privoznik [Wed, 5 Sep 2018 09:19:14 +0000 (11:19 +0200)] 
qemu_security: Fully implement qemuSecurityDomainSetPathLabel

Even though the current use of the function does not require full
implementation with transactions (none of the callers pass a path
somewhere under /dev), it doesn't hurt either. Moreover, in
future patches the paradigm is going to shift so that any API
that touches a file is required to use transactions.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
7 years agoconf: Move more PCI functions out of device_conf
Andrea Bolognani [Thu, 13 Sep 2018 14:36:25 +0000 (16:36 +0200)] 
conf: Move more PCI functions out of device_conf

Functions that deal with virPCIDeviceAddress exclusively
belong to util/virpci.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
7 years agonews: Announce dropping support for Xen 4.4 and 4.5
Jim Fehlig [Tue, 27 Mar 2018 22:17:29 +0000 (16:17 -0600)] 
news: Announce dropping support for Xen 4.4 and 4.5

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
7 years agolibxl: drop support for Xen < 4.6
Jim Fehlig [Tue, 27 Mar 2018 17:50:14 +0000 (11:50 -0600)] 
libxl: drop support for Xen < 4.6

Currently the libxl driver claims support for Xen >= 4.4, but
Xen 4.4 and 4.5 are no longer supported upstream. Let's increase
the minimum supported Xen version to 4.6 and change the defined
LIBXL_API_VERSION to 0x040500, which is the API version defined
when Xen 4.6 was released.

Since Xen 4.6 contains a pkgconfig file, drop the now unused code
that falls back to using LIBVIRT_CHECK_LIB in the absence of
pkgconfig file. In addition, bumping the LIBXL_API_VERSION
required adjusting the calls to libxl_set_vcpuaffinity to account
for the extra parameter in the 0x040500 version of the API.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
7 years agoutil: Return a virArpTablePtr when the nlmsghdr for loop is over
Lin Ma [Thu, 13 Sep 2018 07:54:24 +0000 (15:54 +0800)] 
util: Return a virArpTablePtr when the nlmsghdr for loop is over

commit b00c9c39 removed the label end_of_netlink_messages and 'return
table' statement, It causes the function virArpTableGet doesn't return
a proper virArpTable pointer.

How to reproduce:
 # virsh domiflist sles12sp3
Interface  Type       Source     Model       MAC
-------------------------------------------------------
vnet0      network    default    virtio      52:54:00:cd:02:e6

 # virsh domifaddr sles12sp3 --source arp
error: Failed to query for interfaces addresses
error: An error occurred, but the cause is unknown

It seems that the "if (nh->nlmsg_type == NLMSG_DONE)" statement won't be
meted. So this patch adds 'return table' when the iterations of nlmsghdr
for loop is over.

Signed-off-by: Lin Ma <lma@suse.com>
Reviewed-by: Chen Hanxiao <chenhanxiao@gmail.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
7 years agoutil: Add stubs for virDoes{User,Group}Exist() without getpwuid_r
Martin Kletzander [Fri, 14 Sep 2018 06:18:54 +0000 (08:18 +0200)] 
util: Add stubs for virDoes{User,Group}Exist() without getpwuid_r

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
7 years agoqemu: Report less errors on driver startup
Martin Kletzander [Wed, 12 Sep 2018 14:32:56 +0000 (16:32 +0200)] 
qemu: Report less errors on driver startup

It is not a problem at all if the `tss` user/group does not exist, the code
fallbacks to the `root` user/group.  However we report a warning for no reason
on every start-up.  Fix this by checking if the user/group actually exists.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
7 years agoAdd functions for checking if user or group exists
Martin Kletzander [Wed, 12 Sep 2018 14:24:30 +0000 (16:24 +0200)] 
Add functions for checking if user or group exists

Instead of duplicating the code from virGet{User,Group}IDByName(), which are
static anyway, extend those functions to accept NULL pointers for the result and
a boolean for controlling the error reporting.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
7 years agoqemu: keep websocketGenerated on libvirtd restarts
Nikolay Shirokovskiy [Wed, 4 Jul 2018 10:17:23 +0000 (13:17 +0300)] 
qemu: keep websocketGenerated on libvirtd restarts

Otherwise after libvirtd restart we come back to issues fixed by
introducing this flag in [1].

[1] 61a0026a : qemu: Fix xml dump of autogenerated websocket

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
7 years agoqemu: fix typo in vnc port releasing
Nikolay Shirokovskiy [Wed, 4 Jul 2018 07:30:43 +0000 (10:30 +0300)] 
qemu: fix typo in vnc port releasing

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
7 years agoqemu: remove unnecessary virQEMUCapsFreeHostCPUModel
Ján Tomko [Sat, 8 Sep 2018 22:40:30 +0000 (00:40 +0200)] 
qemu: remove unnecessary virQEMUCapsFreeHostCPUModel

After removing the host CPU model re-computation,
this function is no longer necessary.

This reverts commits:
commit d0498881a04dddd772f9f63b03de80fb4c33d090
  virQEMUCapsFreeHostCPUModel: Don't always free host cpuData
commit 5276ec712a44b3680569a096e8fe56a925f0d495
  testUpdateQEMUCaps: Don't leak host cpuData

Signed-off-by: Ján Tomko <jtomko@redhat.com>
7 years agotests: turn skipLegacyCPUs into a flag
Ján Tomko [Sun, 9 Sep 2018 01:19:35 +0000 (03:19 +0200)] 
tests: turn skipLegacyCPUs into a flag

Make it obvious when it is used intentionally and error
out when used in combination with real capabilities.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
7 years agotests: do not mangle real qemu caps in xml2argvtest
Ján Tomko [Sat, 8 Sep 2018 22:13:23 +0000 (00:13 +0200)] 
tests: do not mangle real qemu caps in xml2argvtest

None of the things testUpdateQEMUCaps adjusts are applicable
for tests that use the DO_TEST_CAPS macros, i.e.
real QEMU capabilities parsed from the XML files:

The architecture must be chosen before we even open the caps
file, CPU models are already present and the expensive HostModel
computation was already done in virQEMUCapsLoadCache.

Introduce FLAG_REAL_CAPS and skip the whole testUpdateQEMUCaps
function for DO_TEST_CAPS.

This speeds up the test by 25 %

Signed-off-by: Ján Tomko <jtomko@redhat.com>
7 years agotests: report errors in QEMU XML->startup XML tests
Ján Tomko [Sat, 8 Sep 2018 21:21:46 +0000 (23:21 +0200)] 
tests: report errors in QEMU XML->startup XML tests

Now that the function is only run if requested by
the FLAG_STEAL_VM flag, we know that missing data
is an error, not a request to skip the test.

The existence of the output file is now checked by
virTestCompareToFile, which allows usage of
the VIR_TEST_REGENERATE_OUTPUT=1 env variable
to generate new test cases.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
7 years agotests: only run startup XML tests if requested
Ján Tomko [Sat, 8 Sep 2018 21:10:23 +0000 (23:10 +0200)] 
tests: only run startup XML tests if requested

Use the recently introduced flag as a witness.
This reduces the apparent number of test cases
to the real number of test cases.

Note that this does not suffer from the same problem
as commit 70255fa was fixing, because the condition
for running virTestRun does not depend on results
of previous tests.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
7 years agotests: introduce macro for qemu XML->startup XML
Ján Tomko [Sat, 8 Sep 2018 21:00:54 +0000 (23:00 +0200)] 
tests: introduce macro for qemu XML->startup XML

Use this macro to indicate the intention to also
run the XML->startup XML test.

It sets the newly introduced FLAG_STEAL_VM flag,
which is the new witness for the XML->argv test
to leave the VM object behind.

This will allow us to report proper errors in
XML->startup tests.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
7 years agotests: add a function for checking exclusive flags
Ján Tomko [Sun, 9 Sep 2018 01:33:57 +0000 (03:33 +0200)] 
tests: add a function for checking exclusive flags

We can reject some non-sensical combinations with an error
message, once we add flags for them.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
7 years agoconf: Move hypervisor specific nhugepage checks
John Ferlan [Tue, 11 Sep 2018 12:46:46 +0000 (08:46 -0400)] 
conf: Move hypervisor specific nhugepage checks

Commit 82327038 moved a couple of checks out of the XML parser
into the domain validation; however, those checks seem to be more
useful as hypervisor specific checks rather than the more general
domain conf checks (nothing in the docs indicate a specific error).

Fortunately only QEMU was processing the memoryBacking, thus
add the changes to qemuDomainDefValidateMemory and change the
code a bit to make usage of the similar deref to def->mem and
the mem->nhugepages filter.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
7 years agodoc: Update the wording around the backingStore
John Ferlan [Tue, 11 Sep 2018 12:46:38 +0000 (08:46 -0400)] 
doc: Update the wording around the backingStore

Commit bc6d3121a was far too terse when describing the new
elements, attributes, and allow values. Provide a few more
words to help describe.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
7 years agoutil: netdev: use VIR_AUTOCLOSE instead of VIR_FORCE_CLOSE
Shi Lei [Wed, 12 Sep 2018 09:46:38 +0000 (17:46 +0800)] 
util: netdev: use VIR_AUTOCLOSE instead of VIR_FORCE_CLOSE

Signed-off-by: Shi Lei <shi_lei@massclouds.com>
7 years agoutil: netdevbridge: use VIR_AUTOCLOSE instead of VIR_FORCE_CLOSE
Shi Lei [Wed, 12 Sep 2018 09:46:37 +0000 (17:46 +0800)] 
util: netdevbridge: use VIR_AUTOCLOSE instead of VIR_FORCE_CLOSE

Signed-off-by: Shi Lei <shi_lei@massclouds.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
7 years agoutil: file: use VIR_AUTOCLOSE instead of VIR_FORCE_CLOSE
Shi Lei [Wed, 12 Sep 2018 09:46:36 +0000 (17:46 +0800)] 
util: file: use VIR_AUTOCLOSE instead of VIR_FORCE_CLOSE

Signed-off-by: Shi Lei <shi_lei@massclouds.com>
7 years agocfg.mk: change syntax-check rule for VIR_AUTOCLOSE variable initialization
Shi Lei [Wed, 12 Sep 2018 09:46:35 +0000 (17:46 +0800)] 
cfg.mk: change syntax-check rule for VIR_AUTOCLOSE variable initialization

Signed-off-by: Shi Lei <shi_lei@massclouds.com>
7 years agoutil: file: introduce VIR_AUTOCLOSE macro to close fd of the file automatically
Shi Lei [Wed, 12 Sep 2018 09:46:34 +0000 (17:46 +0800)] 
util: file: introduce VIR_AUTOCLOSE macro to close fd of the file automatically

Signed-off-by: Shi Lei <shi_lei@massclouds.com>
7 years agoconf: correct false boot order error during domain parse
Laine Stump [Fri, 7 Sep 2018 01:09:45 +0000 (21:09 -0400)] 
conf: correct false boot order error during domain parse

virDomainDefCollectBootOrder() is called for every item on the list
for each type of device. One of the checks it makes is to gather the
order attributes from the <boot> element of all devices, and assure
that no two devices have been given the same order.

Since (internally to libvirt, *not* in the domain XML) an <interface
type='hostdev'> is on both the list of hostdev devices and the list of
network devices, it will be counted twice, and the code that checks
for multiple devices with the same boot order will give a false
positive.

To remedy this, we make sure to return early for hostdev devices that
have a parent.type != NONE.

This was introduced in commit 5b75a4, which was first in libvirt-4.4.0.

Resolves: https://bugzilla.redhat.com/1601318

Signed-off-by: Laine Stump <laine@laine.org>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
7 years agoqemu: Drop redundant version checks
Andrea Bolognani [Wed, 12 Sep 2018 12:41:25 +0000 (14:41 +0200)] 
qemu: Drop redundant version checks

We require QEMU 1.5.0 these days, so checking for versions
older than that is pointless.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
7 years agoqemu: Drop QEMU_CAPS_CHARDEV_SPICEPORT
Andrea Bolognani [Wed, 12 Sep 2018 12:38:45 +0000 (14:38 +0200)] 
qemu: Drop QEMU_CAPS_CHARDEV_SPICEPORT

The capability was introduced in QEMU 1.5.0, which is our
minimum supported QEMU version these days.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
7 years agoqemu: Drop QEMU_CAPS_VNC_WEBSOCKET
Andrea Bolognani [Wed, 12 Sep 2018 12:29:13 +0000 (14:29 +0200)] 
qemu: Drop QEMU_CAPS_VNC_WEBSOCKET

The capability was introduced in QEMU 1.3.1 and we require
QEMU 1.5.0 these days.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
7 years agotests: drop redundant virQEMUCapsFilterByMachineType
Ján Tomko [Sat, 8 Sep 2018 21:25:10 +0000 (23:25 +0200)] 
tests: drop redundant virQEMUCapsFilterByMachineType

Introduced by commit <af204232>.

Made redundant by commit 1e9a083 which switched to using
qemuProcessCreatePretendCmd, where capabilities are filtered
in qemuProcessInit after being fetched from the cache.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
7 years agotests: drop 'drive' from qemuxml2startup tests
Ján Tomko [Sat, 8 Sep 2018 20:26:28 +0000 (22:26 +0200)] 
tests: drop 'drive' from qemuxml2startup tests

Commit 0bdb704 renamed the corresponding xml->argv tests,
but due to the optimistic nature of xml->startup xml testing,
this test was quietly skipped.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
7 years agoqemu: free SEV caps in virQEMUCapsDispose
Ján Tomko [Sat, 8 Sep 2018 23:26:36 +0000 (01:26 +0200)] 
qemu: free SEV caps in virQEMUCapsDispose

Commit 77f51ab5 started parsing an copying the SEV capabilities,
but omitted the free call.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
7 years agostorage: Allow inputvol to be encrypted
John Ferlan [Mon, 20 Aug 2018 16:25:44 +0000 (12:25 -0400)] 
storage: Allow inputvol to be encrypted

https://bugzilla.redhat.com/show_bug.cgi?id=1613737

When processing the inputvol for encryption, we need to handle
the case where the inputvol is encrypted. This then allows for
the encrypted inputvol to be used either for an output encrypted
volume or an output volume of some XML provided type.

Add tests to show the various conversion options when either input
or output is encrypted. This includes when both are encrypted.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
7 years agostorage: Allow for inputvol to have any format for encryption
John Ferlan [Tue, 21 Aug 2018 13:53:12 +0000 (09:53 -0400)] 
storage: Allow for inputvol to have any format for encryption

Commit 39cef12a9 altered/fixed the inputvol processing to create
a multistep process when using an inputvol to create an encrypted
output volume; however, it unnecessarily assumed/restricted the
inputvol to be of 'raw' format only.

Modify the processing code to allow the inputvol format to be checked
and used in order to create the encrypted volume.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
7 years agostorage: Remove secretPath from _virStorageBackendQemuImgInfo
John Ferlan [Tue, 21 Aug 2018 15:18:35 +0000 (11:18 -0400)] 
storage: Remove secretPath from _virStorageBackendQemuImgInfo

There's really no need for it to be there since it's only ever
used inside virStorageBackendCreateQemuImgCmdFromVol

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
7 years agoqemu_domain: Drop namespace check from top level functions
Michal Privoznik [Fri, 7 Sep 2018 05:14:59 +0000 (07:14 +0200)] 
qemu_domain: Drop namespace check from top level functions

In some cases we are checking if the mount namespace is enabled
at two places: one is at the beginning of exported function (e.g.
qemuDomainNamespaceSetupDisk()) and the other is at the beginning
of qemuDomainNamespaceMknodPaths() which is called from the
former function anyway. Then we have some other functions which
rely on the later check solely.

In order to compensate for possibly needless function call,
qemuDomainNamespaceMknodPaths() returns early if @npaths is zero.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
7 years agoutil: netlink: Use virNetlinkNewLink helper to simplify virNetDev*Create
Shi Lei [Fri, 7 Sep 2018 07:17:26 +0000 (15:17 +0800)] 
util: netlink: Use virNetlinkNewLink helper to simplify virNetDev*Create

This patch simplifies virNetDevBridgeCreate and virNetDevMacVLanCreate
functions by making use of the virNetlinkNewLink helper.

Signed-off-by: Shi Lei <shi_lei@massclouds.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
7 years agoutil: netlink: Add some wrapper macros to get rid of redundancy
Shi Lei [Fri, 7 Sep 2018 07:17:25 +0000 (15:17 +0800)] 
util: netlink: Add some wrapper macros to get rid of redundancy

This patch adds wrapper macros around nla_nest_[start|end] and nla_put,
thus getting rid of some redundancy and making virNetlinkNewLink more
readable.

Signed-off-by: Shi Lei <shi_lei@massclouds.com>
Signed-off-by: Erik Skultety <eskultet@redhat.com>
7 years agoutil: netlink: Introduce virNetlinkNewLink helper
Shi Lei [Fri, 7 Sep 2018 07:17:24 +0000 (15:17 +0800)] 
util: netlink: Introduce virNetlinkNewLink helper

This patch introduces virNetlinkNewLink helper which wraps the common
libnl/netlink code to create a new link.

Signed-off-by: Shi Lei <shi_lei@massclouds.com>
Signed-off-by: Erik Skultety <eskultet@redhat.com>
7 years agolibxl: join with thread receiving migration data
Jim Fehlig [Fri, 24 Aug 2018 21:38:14 +0000 (15:38 -0600)] 
libxl: join with thread receiving migration data

It is possible the incoming VM is not fully started when the finish
phase of migration is executed. In libxlDomainMigrationDstFinish,
wait for the thread receiving the VM to complete before executing
finish phase tasks.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
7 years agolibxl: fix job handling across migration phases on dst
Jim Fehlig [Wed, 29 Aug 2018 17:11:00 +0000 (11:11 -0600)] 
libxl: fix job handling across migration phases on dst

The libxlDomainMigrationDst* functions are a bit flawed in their
handling of modify jobs. A job begins when the destination host
begins receiving the incoming VM and ends after the VM is started.
The finish phase contains another BeginJob/EndJob sequence.

This patch changes the logic to begin a job for the incoming VM
in the prepare phase and end the job in the finish phase.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
7 years agolibxl: fix job handling across migration phases on src
Jim Fehlig [Tue, 28 Aug 2018 23:30:18 +0000 (17:30 -0600)] 
libxl: fix job handling across migration phases on src

The libxlDomainMigrationSrc* functions are a bit flawed in their
handling of modify jobs. A job begins at the start of the begin
phase but ends before the phase completes. No job is running for
the remaining phases of migration on the source host.

Change the logic to keep the job running after a successful begin
phase, and end the job in the confirm phase. The job must also end
in the perform phase in the case of error since confirm phase would
not be executed.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
7 years agolibxl: fix logic in P2P migration
Jim Fehlig [Tue, 28 Aug 2018 23:13:54 +0000 (17:13 -0600)] 
libxl: fix logic in P2P migration

libxlDoMigrateSrcP2P() performs all phases of the migration
protocol for peer-to-peer migration. Unfortunately the logic
was a bit flawed since it is possible to skip the confirm
phase after a successfull begin and prepare phase. Fix the
logic to always call the confirm phase after a successful begin
and perform. Skip the confirm phase if begin or perform fail.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
7 years agolibxl: migration: defer removing VM until finish phase
Jim Fehlig [Fri, 24 Aug 2018 20:55:03 +0000 (14:55 -0600)] 
libxl: migration: defer removing VM until finish phase

If for any reason the restore of a VM fails on the destination host
in a migration operation, the VM is removed (if not persistent) from
the virDomainObjList, meaning it is no longer available for additional
cleanup or processing in the finish phase. Defer removing the VM from
the virDomainObjList until the finish phase, which already contains
logic to remove the VM.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
7 years agonews: Mention Xen support for PM suspend and wakeup
Jim Fehlig [Mon, 10 Sep 2018 16:23:42 +0000 (10:23 -0600)] 
news: Mention Xen support for PM suspend and wakeup

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
7 years agotest: Remove possible infinite loop in virnetsockettest
John Ferlan [Fri, 7 Sep 2018 12:20:15 +0000 (08:20 -0400)] 
test: Remove possible infinite loop in virnetsockettest

Commit 39015a6f3 modified the test to be more reliable/realistic,
but without checking the return status of virEventRunDefaultImpl
it's possible that the test could run infinitely.

Found by Coverity

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
7 years agoqemu: Remove duplicated qemuAgentCheckError
John Ferlan [Fri, 7 Sep 2018 20:01:27 +0000 (16:01 -0400)] 
qemu: Remove duplicated qemuAgentCheckError

Commit 5b3492fadb moved qemuAgentCheckError calls into
qemuAgentCommand for various reasons; however, subsequent
commit 0977b8aa0 adding a new command made call again
So let's just remove the duplicitous call from
qemuAgentGetInterfaces.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
7 years agoqemu: Remove duplicated qemuAgentCheckError
John Ferlan [Fri, 7 Sep 2018 20:01:26 +0000 (16:01 -0400)] 
qemu: Remove duplicated qemuAgentCheckError

Commit 5b3492fadb moved qemuAgentCheckError calls into
qemuAgentCommand for various reasons; however, subsequent
commit b1aa91e14 restored the call. So let's just remove
the duplicitous call from qemuAgentSetVCPUsCommand.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
7 years agodocs: schemas: Fix missing timestamp inside backingStore
Julio Faracco [Tue, 11 Sep 2018 02:57:13 +0000 (23:57 -0300)] 
docs: schemas: Fix missing timestamp inside backingStore

All backingStore XML definitions have a XML tag with the timestamp. This
timestamp is not defined insinde RNG volume storage schema and it is
causing some problems to validate and check volume XMLs.

https://bugzilla.redhat.com/show_bug.cgi?id=1594266

Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
7 years agorpm: increase min required Fedora to 27
Fabiano Fidêncio [Tue, 11 Sep 2018 06:35:15 +0000 (08:35 +0200)] 
rpm: increase min required Fedora to 27

Fedora 26 has reached its EOL on May 29th 2018.

https://lists.fedoraproject.org/archives/list/announce@lists.fedoraproject.org/message/XGG7GYUJN3VDA6HX4KJNFSKSQCGF2FMW/

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
7 years agolibxl: initialize domain state with real data
Marek Marczykowski-Górecki [Fri, 7 Sep 2018 19:29:56 +0000 (21:29 +0200)] 
libxl: initialize domain state with real data

When libvirtd is started, initialize domain objects state with its real
state, not only RUNNING/SHUTOFF.

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
7 years agolibxl: implement virDomainPM* functions
Marek Marczykowski-Górecki [Fri, 7 Sep 2018 19:29:55 +0000 (21:29 +0200)] 
libxl: implement virDomainPM* functions

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
7 years agolibxl: send lifecycle event on suspend
Marek Marczykowski-Górecki [Fri, 7 Sep 2018 19:29:54 +0000 (21:29 +0200)] 
libxl: send lifecycle event on suspend

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
7 years agoqemu: Fix indentation in virDomainDefFormatInternal
Jiri Denemark [Thu, 6 Sep 2018 15:43:17 +0000 (17:43 +0200)] 
qemu: Fix indentation in virDomainDefFormatInternal

Broken by v3.10.0-68-gaed3d038a6.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
7 years agodocs: update domain schema for machine attribute
Marek Marczykowski-Górecki [Sun, 5 Aug 2018 21:48:45 +0000 (23:48 +0200)] 
docs: update domain schema for machine attribute

Replace the long dead 'xenner' with 'xenfv'.

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
7 years agoqemu: remove leftover property probing
Ján Tomko [Fri, 7 Sep 2018 12:59:00 +0000 (14:59 +0200)] 
qemu: remove leftover property probing

Previous commits removed all capabilities from per-device property
probing for:

  pci-assign
  kvm-pci-assign
  usb-host
  scsi-generic

Remove them from the virQEMUCapsDeviceProps list and get rid of the
redundant device-list-properties QMP calls.

Note that 'pci-assign' was already useless, because the QMP version
of the device is called 'kvm-pci-assign', see libvirt commit 7257480
from 2012.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
7 years agoqemu: always assume QEMU_CAPS_DEVICE_SCSI_GENERIC_BOOTINDEX
Ján Tomko [Fri, 7 Sep 2018 12:53:02 +0000 (14:53 +0200)] 
qemu: always assume QEMU_CAPS_DEVICE_SCSI_GENERIC_BOOTINDEX

Introduced by QEMU commit 28b77657 in v1.0-rc4~21^2~8.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
7 years agoqemu: always assume QEMU_CAPS_VFIO_PCI_BOOTINDEX
Ján Tomko [Fri, 7 Sep 2018 12:46:26 +0000 (14:46 +0200)] 
qemu: always assume QEMU_CAPS_VFIO_PCI_BOOTINDEX

Introduced by QEMU commit c29029d which was included in 1.5.0

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
7 years agoqemu: always assume QEMU_CAPS_USB_HOST_BOOTINDEX
Ján Tomko [Fri, 7 Sep 2018 12:37:34 +0000 (14:37 +0200)] 
qemu: always assume QEMU_CAPS_USB_HOST_BOOTINDEX

Added by QEMU commit 65bb3a5 contained in v1.1.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
7 years agoqemu: always assume QEMU_CAPS_USB_REDIR_BOOTINDEX
Ján Tomko [Fri, 7 Sep 2018 12:37:34 +0000 (14:37 +0200)] 
qemu: always assume QEMU_CAPS_USB_REDIR_BOOTINDEX

Added by QEMU commit 65bb3a5 contained in v1.1.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
7 years agoqemu: always assume QEMU_CAPS_PCI_BOOTINDEX
Ján Tomko [Fri, 7 Sep 2018 11:31:23 +0000 (13:31 +0200)] 
qemu: always assume QEMU_CAPS_PCI_BOOTINDEX

At the time of the addition of 'pci-assign' in QEMU commit
v1.3.0-rc0~572^2 the bootindex argument was already supported.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
7 years agoqemu: always assume QEMU_CAPS_PCI_CONFIGFD
Ján Tomko [Fri, 7 Sep 2018 11:31:23 +0000 (13:31 +0200)] 
qemu: always assume QEMU_CAPS_PCI_CONFIGFD

At the time of the addition of 'pci-assign' in QEMU commit
v1.3.0-rc0~572^2 the configfd argument was already supported.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
7 years agoqemu: drop unused QEMU_CAPS_DEVICE_USB_NET
Ján Tomko [Fri, 7 Sep 2018 12:28:50 +0000 (14:28 +0200)] 
qemu: drop unused QEMU_CAPS_DEVICE_USB_NET

Added by commit fc66c1603c and not used since.

Also, the device was present in QEMU 1.5.0 so this capability
will not be needed if we ever decide to implement usb-net support.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
7 years agoqemuProcessBuildDestroyMemoryPathsImpl: Don't overwrite error
Michal Privoznik [Fri, 7 Sep 2018 12:04:54 +0000 (14:04 +0200)] 
qemuProcessBuildDestroyMemoryPathsImpl: Don't overwrite error

The qemuSecurityDomainSetPathLabel() function reports perfect
error itself. Do not overwrite it to something less meaningful.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
7 years agoconf: Fix check for chardev source path
Andrea Bolognani [Thu, 6 Sep 2018 15:51:10 +0000 (17:51 +0200)] 
conf: Fix check for chardev source path

Attempting to use a chardev definition like

  <serial type='unix'>
    <target type='isa-serial'/>
  </serial>

correctly results in an error being reported, since the source
path - a required piece of information - is missing; however,
the very similar

  <serial type='unix'>
    <target type='pci-serial'/>
  </serial>

was happily accepted by libvirt, only to result in libvirtd
crashing as soon as the guest was started.

The issue was caused by checking the chardev's targetType
against whitelisted values from virDomainChrChannelTargetType
without first checking the chardev's deviceType to make sure
it is actually a channel, for which the check makes sense,
rather than a different type of chardev.

The only reason this wasn't spotted earlier is that the
whitelisted values just so happen to correspond to USB and
PCI serial devices and Xen and UML consoles respectively,
all of which are fairly uncommon.

https://bugzilla.redhat.com/show_bug.cgi?id=1609720

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
7 years agoconf: fix args naming of virDomainChrSourceDefCopy
Ján Tomko [Thu, 6 Sep 2018 11:10:20 +0000 (13:10 +0200)] 
conf: fix args naming of virDomainChrSourceDefCopy

Since its introduction in commit 2e37bf42 the naming of the arguments
between the prototype and the definition does not match.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
7 years agoconf: Renamed 'controlBuf' to 'childrenBuf'
Wang Huaqiang [Mon, 27 Aug 2018 11:23:04 +0000 (19:23 +0800)] 
conf: Renamed 'controlBuf' to 'childrenBuf'

To add CMT/MBM feature and let code be consistent in later patches,
renaming variable name from 'controlBuf' to 'childrenBuf', locates
in functions 'virCapabilitiesFormatCaches' and
'virCapabilitiesFormatMemoryBandwidth'.

Signed-off-by: Wang Huaqiang <huaqiang.wang@intel.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
7 years agoutil: netlink: Replace virNetDevPutExtraHeader with nlmsg_append
Shi Lei [Fri, 7 Sep 2018 08:14:46 +0000 (16:14 +0800)] 
util: netlink: Replace virNetDevPutExtraHeader with nlmsg_append

nlmsg_append from the libnl library provides exactly the same
functionality, so we should rely on that instead. This also allows us to
drop the aforementioned function completely.

Signed-off-by: Shi Lei <shi_lei@massclouds.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
7 years agoutil: netdevip: Fix a memleak in virNetDevIPRouteAdd
Shi Lei [Fri, 7 Sep 2018 08:27:39 +0000 (16:27 +0800)] 
util: netdevip: Fix a memleak in virNetDevIPRouteAdd

@resp is allocated by virNetlinkCommand and the caller is responsible
for freeing the buffer. Since we already converted this module to use
VIR_AUTO{FREE,PTR} macros, let's resolve the problem by using them.

Signed-off-by: Shi Lei <shi_lei@massclouds.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
7 years agosecurity_dac: Fix const correctness
Michal Privoznik [Wed, 22 Aug 2018 13:57:08 +0000 (15:57 +0200)] 
security_dac: Fix const correctness

These two functions (virSecurityDACSetOwnership and
virSecurityDACRestoreFileLabelInternal) do not really change
@src. Make it const.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
7 years agosecurity_dac: Pass virSecurityManagerPtr to virSecurityDACRestoreFileLabelInternal
Michal Privoznik [Wed, 22 Aug 2018 13:19:11 +0000 (15:19 +0200)] 
security_dac: Pass virSecurityManagerPtr to virSecurityDACRestoreFileLabelInternal

This function is going call security manager APIs and therefore
it needs pointer to it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
7 years agosecurity_dac: Pass virSecurityManagerPtr to virSecurityDACSetOwnership
Michal Privoznik [Wed, 22 Aug 2018 13:09:16 +0000 (15:09 +0200)] 
security_dac: Pass virSecurityManagerPtr to virSecurityDACSetOwnership

This function is going call security manager APIs and therefore
it needs pointer to it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
7 years agoqemuDomainNamespaceTeardownHostdev: Drop useless check
Michal Privoznik [Thu, 6 Sep 2018 16:14:55 +0000 (18:14 +0200)] 
qemuDomainNamespaceTeardownHostdev: Drop useless check

There is no need to check if @npaths is not zero. Let's
qemuDomainNamespaceUnlinkPaths() handle that.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
7 years agonwfilter: Check for filter presence before open connect during teardown
John Ferlan [Mon, 27 Aug 2018 14:39:39 +0000 (10:39 -0400)] 
nwfilter: Check for filter presence before open connect during teardown

https://bugzilla.redhat.com/show_bug.cgi?id=1608275

Instantiation of an nwfilter binding is only allowed when
the net->filter is defined for the network; however, the
teardown of the binding does not make this check. This
leaves open the possibility that the teardown could be
called during guest shutdown/teardown in session mode
resulting in the following error being logged:

    error : nwfilterConnectOpen:383 : internal error: unexpected
    nwfilter URI path '/session', try nwfilter:///system

So before going through the teardown processing, let's
be sure the network had a filter and then attempt to
get a connection. For session mode it's not even possible
create an nwfilter binding.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
7 years agonwfilter: Disallow binding creation in session mode
John Ferlan [Mon, 27 Aug 2018 14:41:35 +0000 (10:41 -0400)] 
nwfilter: Disallow binding creation in session mode

Similar to nwfilterDefineXML, let's be sure the a filter binding
creation is not attempted in session mode and generate the proper
error message.

Failure to open nwfilter in session mode (nwfilterConnectOpen)
fails already, but that doesn't stop the free thinker from using
a different connection in order to attempt to attempt to create
the binding. Although even doing that would result in a failure:

$ virsh nwfilter-binding-create QEMUGuest1-binding.xml
error: Failed to create network filter from QEMUGuest1-binding.xml
error: internal error: Could not get access to ACL tech driver 'ebiptables'

$

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
7 years agoqemu: Unify generation of command line for virtio devices
Andrea Bolognani [Wed, 5 Sep 2018 16:24:55 +0000 (18:24 +0200)] 
qemu: Unify generation of command line for virtio devices

A virtio device such as

  <controller type='scsi' model='virtio-scsi'/>

will be translated to one of four different QEMU devices
based on the address type. This behavior is the same for
all virtio devices, but unfortunately we have separate
ad-hoc code dealing with each and every one of them: not
only this is pointless duplication, but it turns out
that most of that code is not robust against new address
types being introduced and some of it is outright buggy.

Introduce a new function, qemuBuildVirtioDevStr(), which
deals with the issue in a generic fashion, and rewrite
all existing code to use it.

This fixes a bunch of issues such as virtio-serial-pci
being used with virtio-mmio addresses and virtio-gpu
not being usable at all with virtio-mmio addresses.

It also introduces a couple of minor regressions,
namely no longer erroring out when attempting to
use virtio-balloon and virtio-input devices with
virtio-s390 addresses; that said, virtio-s390 has
been superseded by virtio-ccw such a long time ago
that recent QEMU releases have dropped support for
the former entirely, so re-implementing such
device-specific validation is not worth it.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>