The NVDIMM backend file can be a normal file or a real device file,
Current xml example and explainations may mislead users. So add more
info about the NVDIMM related elements and update the xml examples.
Signed-off-by: Luyao Zhong <luyao.zhong@intel.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Chris Coulson [Tue, 24 Sep 2019 19:25:14 +0000 (20:25 +0100)]
security: AppArmor profile fixes for swtpm
The AppArmor profile generated by virt-aa-helper is too strict for swtpm.
This change contains 2 small fixes:
- Relax append access to swtpm's log file to permit write access instead.
Append access is insufficient because the log is opened with O_CREAT.
- Permit swtpm to acquire a lock on its lock file.
Signed-off-by: Chris Coulson <chris.coulson@canonical.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Since the test suite does not invoke qemuExtDevicesStart(), no
vhost_user_fd will be present when generating test XML. To deal
with this we can must a fake FD number. While the current XML
is using FD == 0, we pick a very interesting number that's unlikely
to be a real FD, so that we're more likely to see any mistakes
closing the invalid FD.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Peter Krempa [Thu, 26 Sep 2019 13:53:39 +0000 (15:53 +0200)]
qemu: monitor: Add transaction generators for dirty bitmap APIs
Rather than generating the transaction contents in random places add a
unified set of APIs to generate the contents for a 'transaction' for the
dirty bitmap APIs.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Peter Krempa [Thu, 26 Sep 2019 12:08:11 +0000 (14:08 +0200)]
qemu: domain: Base block job interlocking on QEMU_CAPS_INCREMENTAL_BACKUP
The QEMU_CAPS_INCREMENTAL_BACKUP will be enabled once all bits of the
incremental backup feature work as expected which means also properly
interacting with blockjobs and snapshots.
Thus we can allow blockjobs and snapshots if QEMU_CAPS_INCREMENTAL_BACKUP
is present even when checkpoints exist.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Peter Krempa [Thu, 26 Sep 2019 11:25:40 +0000 (13:25 +0200)]
qemu: checkpoint: Forbid creating checkpoints until we support backups
Checkpoints by themselves are not very useful for anything else than
testing the few bitmap interactions that are currently implemented.
It's very unlikely that anybody used this feature and thus we can
disable it until we have a more complete implementation ready.
Additionally the code for deleting checkpoints has many broken failure
scenarios which should be fixed first. This will require support of
deleting a bitmap in a qemu 'transaction' which was not released yet.
Curious users obviously can use the qemu namespace in the XML to enable
this for experiments:
Peter Krempa [Thu, 26 Sep 2019 11:21:00 +0000 (13:21 +0200)]
qemu: checkpoint: Remove open-ended TODOs
Once somebody is motivated enough to add the support for the quiesce
flag or offline checkpoint deletion they are welcome to do so but we
don't need to have a reminder.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Peter Krempa [Thu, 19 Sep 2019 14:49:21 +0000 (16:49 +0200)]
qemu: driver: Move checkpoint-related code to qemu_checkpoint.c
Move all extensive functions to a new file so that we don't just pile
everything in the common files. This obviously isn't possible with
straight code movement as we still need stubs in qemu_driver.c
Additionally some functions e.g. for looking up a checkpoint by name
were so short that moving the impl didn't make sense.
Note that in the move the new file also doesn't use
virQEMUMomentReparent but rather an stripped down copy. As I plan to
split out snapshot code into a separate file the unification doesn't
make sense any more.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
remote: forbid the --listen arg when systemd socket activation
In this change we forgot that virtproxyd doesn't have a --listen
parameter, and instead behaves as if it was always present. Thus
when systemd socket activation is present, we must disable this
built-in default
Reviewed-by: Erik Skultety <eskultet@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Michal Privoznik [Tue, 16 Jul 2019 10:06:20 +0000 (12:06 +0200)]
tools: Record NSS dependency on symbols file
If a symbol file for either of NSS modules is changed then
subsequent 'make' doesn't regenerate the library, because there
is no implicit dependency between the library and symbols file.
Put an explicit dependency into the Makefile then. Unfortunately,
setting _DEPENDENCIES makes us lose automake's generated
dependencies (see src/Makefile.am:592 for details). But
fortunately, the only dependency we had was _LIBADD variable.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Michal Privoznik [Sat, 28 Sep 2019 19:24:53 +0000 (21:24 +0200)]
nss: Drop needless free() in gethostbyname3()
The findLease() function allocates @addr array iff no error
occurred and at least one satisfactory record was found.
Therefore, there is no need to call free() if findLease() failed,
or did not find any records as addr == NULL.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Michal Privoznik [Sat, 28 Sep 2019 18:46:08 +0000 (20:46 +0200)]
nss: Compare addresses iff their family matches
When parsing leases file, appendAddr() is called to append parsed
tuple (address, expiry time, family) into an array. Whilst doing
so, the array is searched for possible duplicate. This is done by
comparing each item of the array by passed @family: if @family is
AF_INET then the item is viewed as IPv4 address. Similarly, if
@family is AF_INET6 then the item is viewed as IPv6 address. This
is not exactly right - the array can contain addresses of both
families and thus the address family of each item of the array
must be considered.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
The cgroupv2 code mishandles that first line in the second case, which
causes VM startup to fail with: Unable to read from
'/sys/fs/cgroup/machine/cgroup.controllers': No such file or directory
The kernel docs[1] say that the cgroupv2 path will always start with
'0::', which in the code here controllers="". Only set the v2 placement
path when we see that cgroup file entry.
Michal Privoznik [Fri, 27 Sep 2019 11:29:53 +0000 (13:29 +0200)]
qemu_monitor: s/size_t/ULL/ in qemuMonitorSave{Virtual,Physical}Memory
As it turns out, on my 32bit ARM machine size_t is not the same
size as ULL. However, @length argument for both functions is type
of size_t but it's treated as ULL - for instance when passed to
qemuMonitorJSONMakeCommand(). The problem is that because of
"U:size" the virJSONValueObjectAddVArgs() expects an ULL argument
but on the stack there are size_t and char * arguments (which
coincidentally add up to size of ULL). So the created command has
only two arguments "val" and incorrect "size" and no "path" which
is required.
I've tried to find other occurrences of this pattern but at the
rest of places where size_t is used it tracks size of an array so
that's safe.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> ACKed-by: Peter Krempa <pkrempa@redhat.com>
Laine Stump [Fri, 20 Sep 2019 22:15:19 +0000 (18:15 -0400)]
conf: refresh network ports missing from network driver on restart
Before the refactoring that properly separated the network driver from
the hypervisor driver and forced all interaction to go through public
APIs, all network usage counters were zeroed when the network driver
was initialized, and the network driver's now-deprecated
"semi-private" API networkNotifyActualDevice() was called for every
interface of every domain as each hypervisor "reconnected" its domains
during a libvirtd restart, and this would refresh the usage count for
each network.
Post-driver-split, during libvirtd restart/reconnection of the running
domains, the function virDomainNetNotifyActualDevice() is called by
each hypervisor driver for every interface of every domain restart,
and this function has code to re-register interfaces, but it only
calls into the network driver to re-register those ports that don't
already have a valid portid (ie. one that is not simply all 0),
assuming that those with valid portids are already known (and counted)
by the network driver.
commit 7ab9bdd47 recently modified the network driver so that, in most
cases, it properly resyncs each network's connection count during
libvirtd (or maybe virtnetworkd) restart by iterating through the
network's port list. This doesn't account for the case where a network
is destroyed and restarted while there are running domains that have
active ports on the network. In that case, the entire port list and
connection count for that network is lost, and now even a restart of
libvirtd/virtnetworkd/virtqemud, which in the past would resync the
connection count, doesn't help (the network driver thinks there are no
active ports, while the hypervisor driver knows about all the active
ports, but mistakenly believes that the network driver also knows).
The solution to this is to not just bypass valid portids during the
call to virDomainNetworkNotifyActualDevice(). Instead, we query the
network driver about the portid that was preserved in the domain
status, and if it is not registered, we register it.
(NB: while it would technically be correct to just generate a new
portid for these cases, it makes for less churn in portids (and thus
may make troubleshooting simpler) if we make the small fix to
virDomainNetDefActualToNetworkPort() that preserves existing valid
portids rather than unconditionally generating a new one.)
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
driver.c: change URI validation to handle QEMU and vbox case
The existing QEMU and vbox URI path validation consider
that a privileged user can use both a "/system" and a
"/session" URI. This differs from all the other drivers
that forbids the root user to use "/session" URI.
Let's update virConnectValidateURIPath() to handle these
cases as exceptions, using the already existent 'entityName'
value to handle "QEMU" and "vbox" differently. This allows
us to use the validateURI function in these cases without
changing the existing behavior of other drivers.
Laine Stump [Wed, 25 Sep 2019 16:42:51 +0000 (12:42 -0400)]
conf: utility function to update entry in def->nets array
A virDomainNetDef object in a domain's nets array might contain a
virDomainHostdevDef, and when this is the case, the domain's hostdevs
array will also have a pointer to this embedded hostdev (this is done
so that internal functions that need to perform some operation on all
hostdevs won't leave out the type='hostdev' network interfaces).
When a network device was updated with virDomainUpdateDeviceFlags(),
we were replacing the entry in the nets array (and free'ing the
original) but forgetting about the pointer in the hostdevs array
(which would then point to the now-free'd hostdev contained in the old
net object.) This often resulted in a libvirtd crash.
The solution is to add a function, virDomainNetUpdate(), called by
qemuDomainUpdateDeviceConfig(), that updates the hostdevs array
appropriately along with the nets array.
Michal Privoznik [Thu, 26 Sep 2019 14:17:49 +0000 (16:17 +0200)]
domain_conf: Unref video private data in virDomainVideoDefClear()
The private data for video definition is created in
virDomainVideoDefNew() and we attempt to free it in
virDomainVideoDefFree(). This seems to work, except
the free function calls clear function which zeroes
out the whole structure and thus virObjectUnref()
which is called on private data does nothing.
2,568 bytes in 107 blocks are definitely lost in loss record 207 of 213
at 0x4A35476: calloc (vg_replace_malloc.c:752)
by 0x50A6048: virAllocVar (viralloc.c:346)
by 0x513CC5A: virObjectNew (virobject.c:243)
by 0x4DC1DEE: qemuDomainVideoPrivateNew (qemu_domain.c:1337)
by 0x51A6BD6: virDomainVideoDefNew (domain_conf.c:2831)
by 0x51B9F06: virDomainVideoDefParseXML (domain_conf.c:15541)
by 0x51CB761: virDomainDefParseXML (domain_conf.c:21158)
by 0x51C5973: virDomainDefParseNode (domain_conf.c:21708)
by 0x51C583A: virDomainDefParse (domain_conf.c:21663)
by 0x51C58AE: virDomainDefParseFile (domain_conf.c:21688)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Peter Krempa [Thu, 19 Sep 2019 08:36:28 +0000 (10:36 +0200)]
qemu: Use virTypedParamList in the bulk stats gathering functions
The bulk stats functions are specific as they pass around the list into
many sub-functions and also a substantial amount of the entries uses
formatted names for indexing purposes. This makes them ideal to be
converted to the new virTypedParamList helpers.
Unfortunately given how the functions are used this requires a big-bang
rewrite of all of the calls to add entries to the parameter list.
Given that a substantial simplification is achieved as well as a pretty
significant change to the original code is required some macros which
were used only sporadically were replaced by inline calls rather than
tweaking the macros first and deleting them later.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Thu, 15 Aug 2019 09:32:28 +0000 (11:32 +0200)]
qemu: monitor: Change fields in qemuBlockStats to 'unsigned'
None of the fields actually return negative values. The internal
implementation of BlockAcctStats struct in qemu uses uint64_t and the
last place using -1 in libvirt was in the HMP monitor code which was
deleted.
Change the internal type to unsigned long long and ensure that all
public conversions don't overflow.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Thu, 19 Sep 2019 07:20:49 +0000 (09:20 +0200)]
util: typedparam: Simplify handling of lists of typed parameters
Introduce a new set of helpers including a new data structure which
simplifies keeping and construction of lists of typed parameters.
The use of VIR_RESIZE_N in the virTypedParamsAdd API has performance
benefits but requires passing around 3 arguments. Use of them lead to a
set of macros with embedded jumps used in the qemu statistics code.
This patch introduces 'virTypedParamList' type which aggregates the
necessary list-keeping variables and also a new set of functions to add
new typed parameters to a list.
These new helpers use printf-like format string and arguments to format
the argument name as the stats code often uses indexed typed parameters.
The accessor function then allows extracting the typed parameter list in
the same format as virTypedParamsAdd* functions would do.
One additional benefit is also that the list function can easily be used
with VIR_AUTOPTR.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 14 Aug 2019 12:52:46 +0000 (14:52 +0200)]
util: typedparam: Optionally copy strings passed to virTypedParameterAssignValue
Some code paths already pass in pointers to strings which should be
added directly as the value of the typed parameter. To allow more
universal use of virTypedParameterAssignValue add a flag which allows to
copy the value in place.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 17 Sep 2019 17:21:14 +0000 (19:21 +0200)]
util: typedparam: Split out public APIs into a separate file
Some of the typed parameter APIs are exported publicly, but the
implementation was intermixed with private functions. Introduce
virtypedparam-public.c, move all public API functions there and purge
the comments stating that some functions are public.
This will decrease the likelihood of messing up the expectations as well
as it will become more clear which of them are actually public.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Mon, 16 Sep 2019 10:28:48 +0000 (12:28 +0200)]
qemu_blockjob: Remove secdriver metadata for whole backing chain on job completion
Turns out, block mirror is not the only job a disk can have. It
can also do commits of one layer into the other. Or possibly some
other tricks too. Problem is that while we set seclabels on given
layers of backing chain when the job is starting (via
qemuDomainStorageSourceAccessAllow()) we don't restore them when
job finishes. This leaves XATTRs set and corresponding images
unusable.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> ACKed-by: Peter Krempa <pkrempa@redhat.com>
Michal Privoznik [Wed, 25 Sep 2019 07:54:49 +0000 (09:54 +0200)]
domain_conf: Fix str2enum translation of video driver name
In bc1e924cf0d we've introduced video driver name and whilst
doing so we've utilized VIR_ENUM_IMPL() macro. Then, in domain
XML parsing code the generated
virDomainVideoBackendTypeFromString() is called and its return
value is assigned directly to an unsigned int variable which is
wrong. Also, the video driver enum has 'default' value which is
not formatted into domain XML but is accepted during parsing.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Peter Krempa [Tue, 24 Sep 2019 12:39:21 +0000 (14:39 +0200)]
qemu: snapshot: Don't forbid snapshot if autodestroy is registered
Semantically VIR_DOMAIN_START_AUTODESTROY doesn't really clash with
snapshot operations as the VM stays on the same host and thus bound to
the same connection. Saving the state also doesn't differ from modifying
the state of the VM which is allowed.
Remove the check as it doesn't make much sense.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Peter Krempa [Tue, 24 Sep 2019 12:59:04 +0000 (14:59 +0200)]
qemu: migration: Forbid only remote migration if autodestroy is active for VM
Semantically we can't guarantee that we'll be able to destroy the VM on
the remote host, thus we can't allow remote migration. All other forms
of migration (e.g. saving to file) are okay though as they don't clash
with semantics of the flag.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Peter Krempa [Tue, 24 Sep 2019 12:55:15 +0000 (14:55 +0200)]
lib: Lessen restrictions on VIR_DOMAIN_START_AUTODESTROY
Apart from migrating the VM to a remote host where we can't honour the
VIR_DOMAIN_START_AUTODESTROY flag properly, restricting APIs which just
modify the state of the VM does not make much sense.
Change the wording of the documentation for VIR_DOMAIN_START_AUTODESTROY
so that snapshots and saving to a file may be permitted as they
semantically don't clash with the flag itself. Otherwise we'd have to
forbid other APIs, such as virDomainDestroy as well.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
For each vhost-user GPUs,
- build a socket chardev, and pass the vhost-user socket to it
- build a vhost-user video device and associate it with the chardev
Similar to the qemu_tpm.c, add a unit with a few functions to
start/stop and setup the cgroup of the external vhost-user-gpu
process. See function documentation.
The vhost-user connection fd is set on qemuDomainVideoPrivate struct.
projects / thirdparty / libvirt.git / log
