Michal Privoznik [Tue, 21 Jul 2020 12:26:49 +0000 (14:26 +0200)]
qemuDomainBuildNamespace: Populate chardevs from daemon's namespace
As mentioned in one of previous commits, populating domain's
namespace from pre-exec() hook is dangerous. This commit moves
population of the namespace with domain chardevs into daemon's
namespace.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Tue, 21 Jul 2020 11:30:31 +0000 (13:30 +0200)]
qemuDomainBuildNamespace: Populate memory from daemon's namespace
As mentioned in one of previous commits, populating domain's
namespace from pre-exec() hook is dangerous. This commit moves
population of the namespace with domain memory (nvdimms) into
daemon's namespace.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Tue, 21 Jul 2020 12:18:59 +0000 (14:18 +0200)]
qemuDomainBuildNamespace: Populate hostdevs from daemon's namespace
As mentioned in one of previous commits, populating domain's
namespace from pre-exec() hook is dangerous. This commit moves
population of the namespace with domain hostdevs into daemon's
namespace.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Tue, 21 Jul 2020 12:11:41 +0000 (14:11 +0200)]
qemuDomainBuildNamespace: Populate disks from daemon's namespace
As mentioned in one of previous commits, populating domain's
namespace from pre-exec() hook is dangerous. This commit moves
population of the namespace with domain disks into daemon's
namespace.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Tue, 21 Jul 2020 15:13:11 +0000 (17:13 +0200)]
qemuDomainBuildNamespace: Populate basic /dev from daemon's namespace
As mentioned in previous commit, populating domain's namespace
from pre-exec() hook is dangerous. This commit moves population
of the namespace with basic /dev nodes (e.g. /dev/null, /dev/kvm,
etc.) into daemon's namespace.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Okay, here is the deal. Currently, the way we build namespace is
very fragile. It is done from pre-exec hook when starting a
domain, after we mass closed all FDs and before we drop
privileges and exec() QEMU. This fact poses some limitations onto
the namespace build code, e.g. it has to make sure not to keep
any FD opened (not even through a library call), because it would
be leaked to QEMU. Also, it has to call only async signal safe
functions. These requirements are hard to meet - in fact as of my
commit v6.2.0-rc1~235 we are leaking a FD into QEMU by calling
libdevmapper functions.
To solve this issue and avoid similar problems in the future, we
should change our paradigm. We already have functions which can
populate domain's namespace with nodes from the daemon context.
If we use them to populate the namespace and keep only the bare
minimum in the pre-exec hook, we've mitigated the risk.
Therefore, the old qemuDomainBuildNamespace() is renamed to
qemuDomainUnshareNamespace() and new qemuDomainBuildNamespace()
function is introduced. So far, the new function is basically a
NOP and domain's namespace is still populated from the pre-exec
hook - next patches will fix it.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Tue, 21 Jul 2020 11:32:32 +0000 (13:32 +0200)]
qemuDomainSetupDisk: Accept @src
The aim to make it look as close to
qemuDomainNamespaceSetupDisk() as possible. The latter will call
the former and this change makes that diff easier to read.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Tue, 21 Jul 2020 11:08:36 +0000 (13:08 +0200)]
qemuNamespaceMknodPaths: Turn @paths into string list
Every caller does the same - counts the number of items in a
string list they have, only to pass the number to
qemuDomainNamespaceMknodPaths(). This is needless - the function
can accept the string list and count the items itself.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Tue, 21 Jul 2020 08:58:41 +0000 (10:58 +0200)]
qemuDomainNamespaceMknodPaths: Create more files in one go
While the previous commit prepared the helper function run in a
forked off helper (with corresponding struct), this commit
modifies the caller, which now create all files requested in a
single process and does not fork off for every single path.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Mon, 20 Jul 2020 18:00:19 +0000 (20:00 +0200)]
qemuDomainAttachDeviceMknodHelper: Create more files in a single go
So far, when attaching a device needs two or more /dev nodes
created into a domain, we fork off and run the helper for every
node separately. For majority of devices this is okay, because
they need no or one node created anyway. But the idea is to use
this attach code to build the namespace when starting a domain,
in which case there will be way more nodes than one.
To achieve this, the recursive approach for handling symlinks has
to be turned into an iterative one.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
When attaching a device into a domain, the corresponding /dev
node might need to be created in the domain's namespace. For some
types of files we call mknod(), for symlinks we call symlink(),
but for others - which exist in the host namespace - we need to
so called 'bind mount' them (which is a way of passing a
file/directory between mount namespaces). There is this condition
in qemuDomainAttachDeviceMknodRecursive() which decides whether a
bind mount will be used, move it into a separate function so that
it can be reused later.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
This structure is going to be used from not only device attach
code, but also when building the namespace. Moreover, the code
lives in a separate file so the chances of clashing with another
name are minimal.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
It's not really a problem since this is a helper process that
dies as soon as the helper function returns, but the cleanup code
will be replaced with a function soon and this change prepares
the code for that.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Tue, 21 Jul 2020 10:14:02 +0000 (12:14 +0200)]
qemuDomainNamespaceSetupHostdev: Create paths in one go
While qemuDomainNamespaceMknodPaths() doesn't actually create
files in the namespace in one go (it forks for each path), it a
few commits time it will.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Mon, 20 Jul 2020 16:01:16 +0000 (18:01 +0200)]
qemu_domain_namespace: Check for namespace enablement earlier
Functions that create a device node after domain startup (used
from hotplug) will get a list of paths they want to create and
eventually call qemuDomainNamespaceMknodPaths() which then checks
whether domain mount namespace is enabled in the first place.
Alternatively, on device hotunplug, we might want to delete a
path inside domain namespace in which case
qemuDomainNamespaceUnlinkPaths() checks whether the namespace is
enabled. While this is not dangerous, it certainly burns a couple
of CPU cycles needlessly.
Check whether mount namespace is enabled upfront.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Tue, 21 Jul 2020 10:57:49 +0000 (12:57 +0200)]
qemu_domain_namespace: Drop unused @cfg argument
There is a lot of functions called from
qemuDomainBuildNamespace() that accept @cfg
(virQEMUDriverConfigPtr) as an argument and don't use it.
Historically, it was done so that all qemuDomainSetupAll*()
functions look the same.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
The name of this function is not very helpful, because it doesn't
create anything, it just flips a bit in a bitmask when domain is
starting up. Move the function internals into qemu_process.c and
forget the function ever existed.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Mon, 3 Aug 2020 06:24:30 +0000 (08:24 +0200)]
docs: css: Hide redundant 'Contents:' line in table of contents of RST docs
'docutils' add line saying "Contents:" on top of the table of contents.
We don't have that in other documents nor it's really necessary. Hide it
in the stylesheet as we can select it easily.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 14 Jul 2020 10:18:45 +0000 (12:18 +0200)]
docs: css: Make definition list 'code' entries bold when converted from rst
Docutils don't generate <code> for inline literals (``blah``) in rst
but rather put them in the '.literal' class. Add a selector for making
them bold when used in definition list headers.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Mon, 3 Aug 2020 05:32:29 +0000 (07:32 +0200)]
docs: build: Don't include stylesheet in intermediate html files generated from RST
'docutils' add a stylesheet to the output html file for direct
consumption. Since we use the html files just as an intermediate step
which is post-processed to add our own stylesheet and drop the docutils
one in the process we can ask 'rst2html' to not add any for an
intermediate file with less garbage.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Mon, 3 Aug 2020 10:09:21 +0000 (12:09 +0200)]
kbase: debuglogs: Include more data to attach to bugreports
Promote the 'What to attach?' section to a first level heading and
request also the XML config of a VM, coredump backtrace if something
crashed and ask to not tear down the environment for the possibility to
ask for additional data.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Kashyap Chamarthy <kchamart@redhat.com>
Peter Krempa [Mon, 3 Aug 2020 14:38:31 +0000 (16:38 +0200)]
docs: build: Use proper path to file in 'contribute' link
NEWS.rst is based in the root of the repository and 'hvsupport.html'
doesn't have a backing file which can be edited since it's fully
generated. Our 'contribute -> edit this page' link on the bottom of the
page is wrong in those cases.
Fix it by adding the contribute section only when there's a source and
base the 'source' of a html file in the root of the repository.
Along with that we need to modify the scripts/meson-html-gen.py script
to accept optional 'pagesrc' and the XSL template to skip the
'contribute' section when we don't have a source.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
virLoginShellGetShellArgv was not dereferencing the pointer
to the string list containing the shell parameters from the
config file, thus setting some random number as shargvlen.
Signed-off-by: Ján Tomko <jtomko@redhat.com> Fixes: 740e4d705284ba0598258291c2656f50075486f0 Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Ján Tomko [Sun, 2 Aug 2020 21:35:16 +0000 (23:35 +0200)]
tools: virt-admin: do not leak daemon-log settings
The commands daemon-log-filters and daemon-log-outputs
are used both for getting and setting the variables.
But the getter receives an allocated string, which
we do not free.
Use separate variables for the getter and the setter
to get rid of the memory leak and to stop casting
away the const.
Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Ján Tomko [Sun, 2 Aug 2020 20:52:51 +0000 (22:52 +0200)]
vz: remove redundant NULL pointer check
The 'dom' pointer is already dereferenced earlier.
src/vz/vz_sdk.c:249:24: warning: Either the condition 'if(dom)'
is redundant or there is possible null pointer dereference:
dom. [nullPointerRedundantCheck]
Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
It was created to get rid of conditional compilation in the resctrl code and
make it usable anywhere else. However this is not something that is going to be
used in other places because it is not portable and resctrl is just very
specific in this regard. And there is no reason why there could not be a
preprocessor conditional in the resctrl code. Also the interface of
virFileFlock() was very ambiguous which lead to some issues.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
That's the way it should've been all the time. It was originally the case, but
then the rework to virFileFlock() made the function ambiguous when it was
created in commit 5a0a5f7fb5f5, and due to that it was misused in commit 657ddeff2313 and since then the lock being taken was shared rather than
exclusive.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Wang Xin [Fri, 24 Jul 2020 03:34:12 +0000 (11:34 +0800)]
conf: allow shmem name change in migration
The shmem 'name' specifies the shared memory path in '/dev/shm/',
however, we may need to change it to avoid filename conflict
when VM migrate to other host. This patch remove shmem name
consistency check.
Signed-off-by: Wang Xin <wangxinxin.wang@huawei.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Wang Xin [Fri, 24 Jul 2020 03:34:11 +0000 (11:34 +0800)]
qemu: add support for shmem-{plain, doorbell} role
Role(master or peer) controls how the domain behaves on migration.
For more details about migration with ivshmem, see
https://git.qemu.org/?p=qemu.git;a=blob_plain;f=docs/system/ivshmem.rst;hb=HEAD
It's a optional attribute in libvirt, and qemu will choose default
role for ivshmem device if the user is not specified.
With device property 'role', the value can be 'master' or 'peer'.
- 'master' (means 'master=on' in qemu), the guest will copy
the shared memory on migration to the destination host.
- 'peer' (means 'master=off' in qemu), the migration is disabled.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com> Signed-off-by: Yang Hang <yanghang44@huawei.com> Signed-off-by: Wang Xin <wangxinxin.wang@huawei.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Pavel Hrdina [Thu, 16 Jul 2020 08:26:02 +0000 (10:26 +0200)]
meson: .gitlab-ci.yml: switch armv7l build to Debian 10
On Debian Sid there are broken headers for cross compilation. There is
no <asm/kvm.h> header unconditionally included by <linux/kvm.h>.
With autotools the build works correctly because the header detection
tries to compile simple code that includes the header but with Meson
the detection works differently. We check <linux/kvm.h> which is present
so it should be safe to include it.
We could workaround it in libvirt by checking for presence of
<asm/kvm.h> as well but I don't believe that's a correct approach.
IMHO it should be fixed in Debian.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Neal Gompa <ngompa13@gmail.com>
Pavel Hrdina [Wed, 1 Jul 2020 13:35:41 +0000 (15:35 +0200)]
meson: drop remaining bits from Makefile.am
There is no alternative to DISTCHECK_CONFIGURE_FLAGS in Meson. We could
enable -Werror unconditionally but that would affect all users. It is
mainly used in our CI environment so we can run meson with --werror to
enable it in configure time which will be picked up by meson dist as
well.
XZ_OPT is not relevant with meson since it uses shutil.make_archive
which uses lzma python module to do the compression.
Introducing rpm and srpm rules should be possible with Meson but we
don't even use them in our CI and it's easy to run 'ninja dist'
followed by rpmbuild manually.
As for the ci rules that is simply not possible in the same way, we
would have to have a lot of aliases for all the ci rules and that would
be just insane.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Neal Gompa <ngompa13@gmail.com>
Pavel Hrdina [Thu, 25 Jun 2020 21:29:43 +0000 (23:29 +0200)]
meson: add syntax-check
This changes the approach used with autotools where it was separate make
target. With meson it will be part of the `meson test` target but can be
disabled using --no-suite syntax-check or we can run only syntax-check
by using --suite syntax-check.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Neal Gompa <ngompa13@gmail.com>