qemu: Fix job usage in qemuDomainBlockJobImpl
[libvirt.git] / src / qemu / qemu_driver.c
1 /*
2  * qemu_driver.c: core driver methods for managing qemu guests
3  *
4  * Copyright (C) 2006-2013 Red Hat, Inc.
5  * Copyright (C) 2006 Daniel P. Berrange
6  *
7  * This library is free software; you can redistribute it and/or
8  * modify it under the terms of the GNU Lesser General Public
9  * License as published by the Free Software Foundation; either
10  * version 2.1 of the License, or (at your option) any later version.
11  *
12  * This library is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
15  * Lesser General Public License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public
18  * License along with this library.  If not, see
19  * <http://www.gnu.org/licenses/>.
20  *
21  * Author: Daniel P. Berrange <berrange@redhat.com>
22  */
23
24 #include <config.h>
25
26 #include <sys/types.h>
27 #include <sys/poll.h>
28 #include <sys/time.h>
29 #include <dirent.h>
30 #include <limits.h>
31 #include <string.h>
32 #include <stdio.h>
33 #include <stdarg.h>
34 #include <stdlib.h>
35 #include <unistd.h>
36 #include <errno.h>
37 #include <sys/stat.h>
38 #include <fcntl.h>
39 #include <signal.h>
40 #include <paths.h>
41 #include <stdio.h>
42 #include <sys/wait.h>
43 #include <sys/ioctl.h>
44 #include <sys/un.h>
45 #include <byteswap.h>
46
47
48 #include "qemu_driver.h"
49 #include "qemu_agent.h"
50 #include "qemu_conf.h"
51 #include "qemu_capabilities.h"
52 #include "qemu_command.h"
53 #include "qemu_cgroup.h"
54 #include "qemu_hostdev.h"
55 #include "qemu_hotplug.h"
56 #include "qemu_monitor.h"
57 #include "qemu_bridge_filter.h"
58 #include "qemu_process.h"
59 #include "qemu_migration.h"
60
61 #include "virerror.h"
62 #include "virlog.h"
63 #include "datatypes.h"
64 #include "virbuffer.h"
65 #include "virutil.h"
66 #include "nodeinfo.h"
67 #include "virstatslinux.h"
68 #include "capabilities.h"
69 #include "viralloc.h"
70 #include "viruuid.h"
71 #include "domain_conf.h"
72 #include "domain_audit.h"
73 #include "node_device_conf.h"
74 #include "virpci.h"
75 #include "virusb.h"
76 #include "virprocess.h"
77 #include "libvirt_internal.h"
78 #include "virxml.h"
79 #include "cpu/cpu.h"
80 #include "virsysinfo.h"
81 #include "domain_nwfilter.h"
82 #include "nwfilter_conf.h"
83 #include "virhook.h"
84 #include "virstoragefile.h"
85 #include "virfile.h"
86 #include "fdstream.h"
87 #include "configmake.h"
88 #include "virthreadpool.h"
89 #include "locking/lock_manager.h"
90 #include "locking/domain_lock.h"
91 #include "virkeycode.h"
92 #include "virnodesuspend.h"
93 #include "virtime.h"
94 #include "virtypedparam.h"
95 #include "virbitmap.h"
96
97 #define VIR_FROM_THIS VIR_FROM_QEMU
98
99 #define QEMU_DRIVER_NAME "QEMU"
100
101 #define QEMU_NB_MEM_PARAM  3
102
103 #define QEMU_NB_BLOCK_IO_TUNE_PARAM  6
104
105 #define QEMU_NB_NUMA_PARAM 2
106
107 #define QEMU_NB_TOTAL_CPU_STAT_PARAM 3
108 #define QEMU_NB_PER_CPU_STAT_PARAM 2
109
110 #define QEMU_SCHED_MIN_PERIOD              1000LL
111 #define QEMU_SCHED_MAX_PERIOD           1000000LL
112 #define QEMU_SCHED_MIN_QUOTA               1000LL
113 #define QEMU_SCHED_MAX_QUOTA  18446744073709551LL
114
115 #if HAVE_LINUX_KVM_H
116 # include <linux/kvm.h>
117 #endif
118
119 /* device for kvm ioctls */
120 #define KVM_DEVICE "/dev/kvm"
121
122 /* add definitions missing in older linux/kvm.h */
123 #ifndef KVMIO
124 # define KVMIO 0xAE
125 #endif
126 #ifndef KVM_CHECK_EXTENSION
127 # define KVM_CHECK_EXTENSION       _IO(KVMIO,   0x03)
128 #endif
129 #ifndef KVM_CAP_NR_VCPUS
130 # define KVM_CAP_NR_VCPUS 9       /* returns max vcpus per vm */
131 #endif
132
133 #define QEMU_NB_BLKIO_PARAM  2
134
135 #define QEMU_NB_BANDWIDTH_PARAM 6
136
137 static void processWatchdogEvent(void *data, void *opaque);
138
139 static int qemuShutdown(void);
140
141 static int qemuDomainObjStart(virConnectPtr conn,
142                               virQEMUDriverPtr driver,
143                               virDomainObjPtr vm,
144                               unsigned int flags);
145
146 static int qemuDomainGetMaxVcpus(virDomainPtr dom);
147
148 static int qemuDomainManagedSaveLoad(virDomainObjPtr vm,
149                                      void *opaque);
150
151
152 virQEMUDriverPtr qemu_driver = NULL;
153
154
155 static void
156 qemuVMDriverLock(void) {}
157 static void
158 qemuVMDriverUnlock(void) {}
159
160 static int
161 qemuVMFilterRebuild(virConnectPtr conn ATTRIBUTE_UNUSED,
162                     virDomainObjListIterator iter, void *data)
163 {
164     return virDomainObjListForEach(qemu_driver->domains, iter, data);
165 }
166
167 static virNWFilterCallbackDriver qemuCallbackDriver = {
168     .name = QEMU_DRIVER_NAME,
169     .vmFilterRebuild = qemuVMFilterRebuild,
170     .vmDriverLock = qemuVMDriverLock,
171     .vmDriverUnlock = qemuVMDriverUnlock,
172 };
173
174
175 struct qemuAutostartData {
176     virQEMUDriverPtr driver;
177     virConnectPtr conn;
178 };
179
180
181 /**
182  * qemuDomObjFromDomain:
183  * @domain: Domain pointer that has to be looked up
184  *
185  * This function looks up @domain and returns the appropriate
186  * virDomainObjPtr.
187  *
188  * Returns the domain object which is locked on success, NULL
189  * otherwise.
190  */
191 static virDomainObjPtr
192 qemuDomObjFromDomain(virDomainPtr domain)
193 {
194     virDomainObjPtr vm;
195     virQEMUDriverPtr driver = domain->conn->privateData;
196     char uuidstr[VIR_UUID_STRING_BUFLEN];
197
198     vm = virDomainObjListFindByUUID(driver->domains, domain->uuid);
199     if (!vm) {
200         virUUIDFormat(domain->uuid, uuidstr);
201         virReportError(VIR_ERR_NO_DOMAIN,
202                        _("no domain with matching uuid '%s'"), uuidstr);
203         return NULL;
204     }
205
206     return vm;
207 }
208
209 /* Looks up the domain object from snapshot and unlocks the driver. The
210  * returned domain object is locked and the caller is responsible for
211  * unlocking it */
212 static virDomainObjPtr
213 qemuDomObjFromSnapshot(virDomainSnapshotPtr snapshot)
214 {
215     return qemuDomObjFromDomain(snapshot->domain);
216 }
217
218
219 /* Looks up snapshot object from VM and name */
220 static virDomainSnapshotObjPtr
221 qemuSnapObjFromName(virDomainObjPtr vm,
222                     const char *name)
223 {
224     virDomainSnapshotObjPtr snap = NULL;
225     snap = virDomainSnapshotFindByName(vm->snapshots, name);
226     if (!snap)
227         virReportError(VIR_ERR_NO_DOMAIN_SNAPSHOT,
228                        _("no domain snapshot with matching name '%s'"),
229                        name);
230
231     return snap;
232 }
233
234
235 /* Looks up snapshot object from VM and snapshotPtr */
236 static virDomainSnapshotObjPtr
237 qemuSnapObjFromSnapshot(virDomainObjPtr vm,
238                         virDomainSnapshotPtr snapshot)
239 {
240     return qemuSnapObjFromName(vm, snapshot->name);
241 }
242
243 static int
244 qemuAutostartDomain(virDomainObjPtr vm,
245                     void *opaque)
246 {
247     struct qemuAutostartData *data = opaque;
248     virErrorPtr err;
249     int flags = 0;
250     virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(data->driver);
251     int ret = -1;
252
253     if (cfg->autoStartBypassCache)
254         flags |= VIR_DOMAIN_START_BYPASS_CACHE;
255
256     virObjectLock(vm);
257     virResetLastError();
258     if (vm->autostart &&
259         !virDomainObjIsActive(vm)) {
260         if (qemuDomainObjBeginJob(data->driver, vm,
261                                   QEMU_JOB_MODIFY) < 0) {
262             err = virGetLastError();
263             VIR_ERROR(_("Failed to start job on VM '%s': %s"),
264                       vm->def->name,
265                       err ? err->message : _("unknown error"));
266             goto cleanup;
267         }
268
269         if (qemuDomainObjStart(data->conn, data->driver, vm, flags) < 0) {
270             err = virGetLastError();
271             VIR_ERROR(_("Failed to autostart VM '%s': %s"),
272                       vm->def->name,
273                       err ? err->message : _("unknown error"));
274         }
275
276         if (qemuDomainObjEndJob(data->driver, vm) == 0)
277             vm = NULL;
278     }
279
280     ret = 0;
281 cleanup:
282     if (vm)
283         virObjectUnlock(vm);
284     virObjectUnref(cfg);
285     return ret;
286 }
287
288
289 static void
290 qemuAutostartDomains(virQEMUDriverPtr driver)
291 {
292     virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
293     /* XXX: Figure out a better way todo this. The domain
294      * startup code needs a connection handle in order
295      * to lookup the bridge associated with a virtual
296      * network
297      */
298     virConnectPtr conn = virConnectOpen(cfg->uri);
299     /* Ignoring NULL conn which is mostly harmless here */
300     struct qemuAutostartData data = { driver, conn };
301
302     virDomainObjListForEach(driver->domains, qemuAutostartDomain, &data);
303
304     if (conn)
305         virConnectClose(conn);
306     virObjectUnref(cfg);
307 }
308
309 static int
310 qemuSecurityInit(virQEMUDriverPtr driver)
311 {
312     char **names;
313     virSecurityManagerPtr mgr = NULL;
314     virSecurityManagerPtr stack = NULL;
315     virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
316
317     if (cfg->securityDriverNames &&
318         cfg->securityDriverNames[0]) {
319         names = cfg->securityDriverNames;
320         while (names && *names) {
321             if (!(mgr = virSecurityManagerNew(*names,
322                                               QEMU_DRIVER_NAME,
323                                               cfg->allowDiskFormatProbing,
324                                               cfg->securityDefaultConfined,
325                                               cfg->securityRequireConfined)))
326                 goto error;
327             if (!stack) {
328                 if (!(stack = virSecurityManagerNewStack(mgr)))
329                     goto error;
330             } else {
331                 if (virSecurityManagerStackAddNested(stack, mgr) < 0)
332                     goto error;
333             }
334             mgr = NULL;
335             names++;
336         }
337     } else {
338         if (!(mgr = virSecurityManagerNew(NULL,
339                                           QEMU_DRIVER_NAME,
340                                           cfg->allowDiskFormatProbing,
341                                           cfg->securityDefaultConfined,
342                                           cfg->securityRequireConfined)))
343             goto error;
344         if (!(stack = virSecurityManagerNewStack(mgr)))
345             goto error;
346         mgr = NULL;
347     }
348
349     if (cfg->privileged) {
350         if (!(mgr = virSecurityManagerNewDAC(QEMU_DRIVER_NAME,
351                                              cfg->user,
352                                              cfg->group,
353                                              cfg->allowDiskFormatProbing,
354                                              cfg->securityDefaultConfined,
355                                              cfg->securityRequireConfined,
356                                              cfg->dynamicOwnership)))
357             goto error;
358         if (!stack) {
359             if (!(stack = virSecurityManagerNewStack(mgr)))
360                 goto error;
361         } else {
362             if (virSecurityManagerStackAddNested(stack, mgr) < 0)
363                 goto error;
364         }
365         mgr = NULL;
366     }
367
368     driver->securityManager = stack;
369     virObjectUnref(cfg);
370     return 0;
371
372 error:
373     VIR_ERROR(_("Failed to initialize security drivers"));
374     virObjectUnref(stack);
375     virObjectUnref(mgr);
376     virObjectUnref(cfg);
377     return -1;
378 }
379
380
381 static int
382 qemuDomainSnapshotLoad(virDomainObjPtr vm,
383                        void *data)
384 {
385     char *baseDir = (char *)data;
386     char *snapDir = NULL;
387     DIR *dir = NULL;
388     struct dirent *entry;
389     char *xmlStr;
390     char *fullpath;
391     virDomainSnapshotDefPtr def = NULL;
392     virDomainSnapshotObjPtr snap = NULL;
393     virDomainSnapshotObjPtr current = NULL;
394     char ebuf[1024];
395     unsigned int flags = (VIR_DOMAIN_SNAPSHOT_PARSE_REDEFINE |
396                           VIR_DOMAIN_SNAPSHOT_PARSE_DISKS |
397                           VIR_DOMAIN_SNAPSHOT_PARSE_INTERNAL);
398     int ret = -1;
399     virCapsPtr caps = NULL;
400
401     virObjectLock(vm);
402     if (virAsprintf(&snapDir, "%s/%s", baseDir, vm->def->name) < 0) {
403         VIR_ERROR(_("Failed to allocate memory for snapshot directory for domain %s"),
404                    vm->def->name);
405         goto cleanup;
406     }
407
408     if (!(caps = virQEMUDriverGetCapabilities(qemu_driver, false)))
409         goto cleanup;
410
411     VIR_INFO("Scanning for snapshots for domain %s in %s", vm->def->name,
412              snapDir);
413
414     if (!(dir = opendir(snapDir))) {
415         if (errno != ENOENT)
416             VIR_ERROR(_("Failed to open snapshot directory %s for domain %s: %s"),
417                       snapDir, vm->def->name,
418                       virStrerror(errno, ebuf, sizeof(ebuf)));
419         goto cleanup;
420     }
421
422     while ((entry = readdir(dir))) {
423         if (entry->d_name[0] == '.')
424             continue;
425
426         /* NB: ignoring errors, so one malformed config doesn't
427            kill the whole process */
428         VIR_INFO("Loading snapshot file '%s'", entry->d_name);
429
430         if (virAsprintf(&fullpath, "%s/%s", snapDir, entry->d_name) < 0) {
431             VIR_ERROR(_("Failed to allocate memory for path"));
432             continue;
433         }
434
435         if (virFileReadAll(fullpath, 1024*1024*1, &xmlStr) < 0) {
436             /* Nothing we can do here, skip this one */
437             VIR_ERROR(_("Failed to read snapshot file %s: %s"), fullpath,
438                       virStrerror(errno, ebuf, sizeof(ebuf)));
439             VIR_FREE(fullpath);
440             continue;
441         }
442
443         def = virDomainSnapshotDefParseString(xmlStr, caps,
444                                               QEMU_EXPECTED_VIRT_TYPES,
445                                               flags);
446         if (def == NULL) {
447             /* Nothing we can do here, skip this one */
448             VIR_ERROR(_("Failed to parse snapshot XML from file '%s'"),
449                       fullpath);
450             VIR_FREE(fullpath);
451             VIR_FREE(xmlStr);
452             continue;
453         }
454
455         snap = virDomainSnapshotAssignDef(vm->snapshots, def);
456         if (snap == NULL) {
457             virDomainSnapshotDefFree(def);
458         } else if (snap->def->current) {
459             current = snap;
460             if (!vm->current_snapshot)
461                 vm->current_snapshot = snap;
462         }
463
464         VIR_FREE(fullpath);
465         VIR_FREE(xmlStr);
466     }
467
468     if (vm->current_snapshot != current) {
469         VIR_ERROR(_("Too many snapshots claiming to be current for domain %s"),
470                   vm->def->name);
471         vm->current_snapshot = NULL;
472     }
473
474     if (virDomainSnapshotUpdateRelations(vm->snapshots) < 0)
475         VIR_ERROR(_("Snapshots have inconsistent relations for domain %s"),
476                   vm->def->name);
477
478     /* FIXME: qemu keeps internal track of snapshots.  We can get access
479      * to this info via the "info snapshots" monitor command for running
480      * domains, or via "qemu-img snapshot -l" for shutoff domains.  It would
481      * be nice to update our internal state based on that, but there is a
482      * a problem.  qemu doesn't track all of the same metadata that we do.
483      * In particular we wouldn't be able to fill in the <parent>, which is
484      * pretty important in our metadata.
485      */
486
487     virResetLastError();
488
489     ret = 0;
490 cleanup:
491     if (dir)
492         closedir(dir);
493     VIR_FREE(snapDir);
494     virObjectUnref(caps);
495     virObjectUnlock(vm);
496     return ret;
497 }
498
499
500 static int
501 qemuDomainNetsRestart(virDomainObjPtr vm,
502                       void *data ATTRIBUTE_UNUSED)
503 {
504     int i;
505     virDomainDefPtr def = vm->def;
506
507     virObjectLock(vm);
508
509     for (i = 0; i < def->nnets; i++) {
510         virDomainNetDefPtr net = def->nets[i];
511         if (virDomainNetGetActualType(net) == VIR_DOMAIN_NET_TYPE_DIRECT &&
512             virDomainNetGetActualDirectMode(net) == VIR_NETDEV_MACVLAN_MODE_VEPA) {
513             VIR_DEBUG("VEPA mode device %s active in domain %s. Reassociating.",
514                       net->ifname, def->name);
515             ignore_value(virNetDevMacVLanRestartWithVPortProfile(net->ifname,
516                                                                  &net->mac,
517                                                                  virDomainNetGetActualDirectDev(net),
518                                                                  def->uuid,
519                                                                  virDomainNetGetActualVirtPortProfile(net),
520                                                                  VIR_NETDEV_VPORT_PROFILE_OP_CREATE));
521         }
522     }
523
524     virObjectUnlock(vm);
525     return 0;
526 }
527
528
529 static int
530 qemuDomainFindMaxID(virDomainObjPtr vm,
531                     void *data)
532 {
533     int *driver_maxid = data;
534
535     if (vm->def->id >= *driver_maxid)
536         *driver_maxid = vm->def->id + 1;
537
538     return 0;
539 }
540
541
542 /**
543  * qemuStartup:
544  *
545  * Initialization function for the QEmu daemon
546  */
547 static int
548 qemuStartup(bool privileged,
549             virStateInhibitCallback callback,
550             void *opaque)
551 {
552     char *driverConf = NULL;
553     int rc;
554     virConnectPtr conn = NULL;
555     char ebuf[1024];
556     char *membase = NULL;
557     char *mempath = NULL;
558     virQEMUDriverConfigPtr cfg;
559     uid_t run_uid = -1;
560     gid_t run_gid = -1;
561
562     if (VIR_ALLOC(qemu_driver) < 0)
563         return -1;
564
565     if (virMutexInit(&qemu_driver->lock) < 0) {
566         VIR_ERROR(_("cannot initialize mutex"));
567         VIR_FREE(qemu_driver);
568         return -1;
569     }
570
571     qemu_driver->inhibitCallback = callback;
572     qemu_driver->inhibitOpaque = opaque;
573
574     /* Don't have a dom0 so start from 1 */
575     qemu_driver->nextvmid = 1;
576
577     if (!(qemu_driver->domains = virDomainObjListNew()))
578         goto error;
579
580     /* Init domain events */
581     qemu_driver->domainEventState = virDomainEventStateNew();
582     if (!qemu_driver->domainEventState)
583         goto error;
584
585     /* read the host sysinfo */
586     if (privileged)
587         qemu_driver->hostsysinfo = virSysinfoRead();
588
589     if (!(qemu_driver->config = cfg = virQEMUDriverConfigNew(privileged)))
590         goto error;
591
592     if (virAsprintf(&driverConf, "%s/qemu.conf", cfg->configBaseDir) < 0)
593         goto out_of_memory;
594
595     if (virQEMUDriverConfigLoadFile(cfg, driverConf) < 0)
596         goto error;
597     VIR_FREE(driverConf);
598
599     if (virFileMakePath(cfg->stateDir) < 0) {
600         VIR_ERROR(_("Failed to create state dir '%s': %s"),
601                   cfg->stateDir, virStrerror(errno, ebuf, sizeof(ebuf)));
602         goto error;
603     }
604     if (virFileMakePath(cfg->libDir) < 0) {
605         VIR_ERROR(_("Failed to create lib dir '%s': %s"),
606                   cfg->libDir, virStrerror(errno, ebuf, sizeof(ebuf)));
607         goto error;
608     }
609     if (virFileMakePath(cfg->cacheDir) < 0) {
610         VIR_ERROR(_("Failed to create cache dir '%s': %s"),
611                   cfg->cacheDir, virStrerror(errno, ebuf, sizeof(ebuf)));
612         goto error;
613     }
614     if (virFileMakePath(cfg->saveDir) < 0) {
615         VIR_ERROR(_("Failed to create save dir '%s': %s"),
616                   cfg->saveDir, virStrerror(errno, ebuf, sizeof(ebuf)));
617         goto error;
618     }
619     if (virFileMakePath(cfg->snapshotDir) < 0) {
620         VIR_ERROR(_("Failed to create save dir '%s': %s"),
621                   cfg->snapshotDir, virStrerror(errno, ebuf, sizeof(ebuf)));
622         goto error;
623     }
624     if (virFileMakePath(cfg->autoDumpPath) < 0) {
625         VIR_ERROR(_("Failed to create dump dir '%s': %s"),
626                   cfg->autoDumpPath, virStrerror(errno, ebuf, sizeof(ebuf)));
627         goto error;
628     }
629
630     rc = virCgroupForDriver("qemu", &qemu_driver->cgroup, privileged, 1);
631     if (rc < 0) {
632         VIR_INFO("Unable to create cgroup for driver: %s",
633                  virStrerror(-rc, ebuf, sizeof(ebuf)));
634     }
635
636     qemu_driver->qemuImgBinary = virFindFileInPath("kvm-img");
637     if (!qemu_driver->qemuImgBinary)
638         qemu_driver->qemuImgBinary = virFindFileInPath("qemu-img");
639
640     if (!(qemu_driver->lockManager =
641           virLockManagerPluginNew(cfg->lockManagerName ?
642                                   cfg->lockManagerName : "nop",
643                                   "qemu",
644                                   cfg->configBaseDir,
645                                   0)))
646         goto error;
647
648    if (cfg->macFilter) {
649         if (!(qemu_driver->ebtables = ebtablesContextNew("qemu"))) {
650             virReportSystemError(errno,
651                                  _("failed to enable mac filter in '%s'"),
652                                  __FILE__);
653             goto error;
654         }
655
656         if ((errno = networkDisableAllFrames(qemu_driver))) {
657             virReportSystemError(errno,
658                                  _("failed to add rule to drop all frames in '%s'"),
659                                  __FILE__);
660             goto error;
661         }
662    }
663
664     /* Allocate bitmap for remote display port reservations. We cannot
665      * do this before the config is loaded properly, since the port
666      * numbers are configurable now */
667     if ((qemu_driver->remotePorts =
668          virPortAllocatorNew(cfg->remotePortMin,
669                              cfg->remotePortMax)) == NULL)
670         goto error;
671
672     if (qemuSecurityInit(qemu_driver) < 0)
673         goto error;
674
675     if ((qemu_driver->activePciHostdevs = virPCIDeviceListNew()) == NULL)
676         goto error;
677
678     if ((qemu_driver->activeUsbHostdevs = virUSBDeviceListNew()) == NULL)
679         goto error;
680
681     if ((qemu_driver->inactivePciHostdevs = virPCIDeviceListNew()) == NULL)
682         goto error;
683
684     if (!(qemu_driver->sharedDisks = virHashCreate(30, qemuSharedDiskEntryFree)))
685         goto error;
686
687     if (privileged) {
688         if (chown(cfg->libDir, cfg->user, cfg->group) < 0) {
689             virReportSystemError(errno,
690                                  _("unable to set ownership of '%s' to user %d:%d"),
691                                  cfg->libDir, cfg->user, cfg->group);
692             goto error;
693         }
694         if (chown(cfg->cacheDir, cfg->user, cfg->group) < 0) {
695             virReportSystemError(errno,
696                                  _("unable to set ownership of '%s' to %d:%d"),
697                                  cfg->cacheDir, cfg->user, cfg->group);
698             goto error;
699         }
700         if (chown(cfg->saveDir, cfg->user, cfg->group) < 0) {
701             virReportSystemError(errno,
702                                  _("unable to set ownership of '%s' to %d:%d"),
703                                  cfg->saveDir, cfg->user, cfg->group);
704             goto error;
705         }
706         if (chown(cfg->snapshotDir, cfg->user, cfg->group) < 0) {
707             virReportSystemError(errno,
708                                  _("unable to set ownership of '%s' to %d:%d"),
709                                  cfg->snapshotDir, cfg->user, cfg->group);
710             goto error;
711         }
712         run_uid = cfg->user;
713         run_gid = cfg->group;
714     }
715
716     qemu_driver->qemuCapsCache = virQEMUCapsCacheNew(cfg->libDir,
717                                                      run_uid,
718                                                      run_gid);
719     if (!qemu_driver->qemuCapsCache)
720         goto error;
721
722     if ((qemu_driver->caps = virQEMUDriverCreateCapabilities(qemu_driver)) == NULL)
723         goto error;
724
725     /* If hugetlbfs is present, then we need to create a sub-directory within
726      * it, since we can't assume the root mount point has permissions that
727      * will let our spawned QEMU instances use it.
728      *
729      * NB the check for '/', since user may config "" to disable hugepages
730      * even when mounted
731      */
732     if (cfg->hugetlbfsMount &&
733         cfg->hugetlbfsMount[0] == '/') {
734         if (virAsprintf(&membase, "%s/libvirt",
735                         cfg->hugetlbfsMount) < 0 ||
736             virAsprintf(&mempath, "%s/qemu", membase) < 0)
737             goto out_of_memory;
738
739         if (virFileMakePath(mempath) < 0) {
740             virReportSystemError(errno,
741                                  _("unable to create hugepage path %s"), mempath);
742             goto error;
743         }
744         if (cfg->privileged) {
745             if (virFileUpdatePerm(membase, 0, S_IXGRP | S_IXOTH) < 0)
746                 goto error;
747             if (chown(mempath, cfg->user, cfg->group) < 0) {
748                 virReportSystemError(errno,
749                                      _("unable to set ownership on %s to %d:%d"),
750                                      mempath, cfg->user,
751                                      cfg->group);
752                 goto error;
753             }
754         }
755         VIR_FREE(membase);
756
757         cfg->hugepagePath = mempath;
758     }
759
760     if (!(qemu_driver->closeCallbacks = virQEMUCloseCallbacksNew()))
761         goto error;
762
763     /* Get all the running persistent or transient configs first */
764     if (virDomainObjListLoadAllConfigs(qemu_driver->domains,
765                                        qemu_driver->caps,
766                                        cfg->stateDir,
767                                        NULL,
768                                        1, QEMU_EXPECTED_VIRT_TYPES,
769                                        NULL, NULL) < 0)
770         goto error;
771
772     /* find the maximum ID from active and transient configs to initialize
773      * the driver with. This is to avoid race between autostart and reconnect
774      * threads */
775     virDomainObjListForEach(qemu_driver->domains,
776                             qemuDomainFindMaxID,
777                             &qemu_driver->nextvmid);
778
779     virDomainObjListForEach(qemu_driver->domains,
780                             qemuDomainNetsRestart,
781                             NULL);
782
783     conn = virConnectOpen(cfg->uri);
784
785     qemuProcessReconnectAll(conn, qemu_driver);
786
787     /* Then inactive persistent configs */
788     if (virDomainObjListLoadAllConfigs(qemu_driver->domains,
789                                        qemu_driver->caps,
790                                        cfg->configDir,
791                                        cfg->autostartDir,
792                                        0, QEMU_EXPECTED_VIRT_TYPES,
793                                        NULL, NULL) < 0)
794         goto error;
795
796
797     virDomainObjListForEach(qemu_driver->domains,
798                             qemuDomainSnapshotLoad,
799                             cfg->snapshotDir);
800
801     virDomainObjListForEach(qemu_driver->domains,
802                             qemuDomainManagedSaveLoad,
803                             qemu_driver);
804
805     qemu_driver->workerPool = virThreadPoolNew(0, 1, 0, processWatchdogEvent, qemu_driver);
806     if (!qemu_driver->workerPool)
807         goto error;
808
809     qemuAutostartDomains(qemu_driver);
810
811     if (conn)
812         virConnectClose(conn);
813
814     virNWFilterRegisterCallbackDriver(&qemuCallbackDriver);
815     return 0;
816
817 out_of_memory:
818     virReportOOMError();
819 error:
820     if (conn)
821         virConnectClose(conn);
822     VIR_FREE(driverConf);
823     VIR_FREE(membase);
824     VIR_FREE(mempath);
825     qemuShutdown();
826     return -1;
827 }
828
829 static void qemuNotifyLoadDomain(virDomainObjPtr vm, int newVM, void *opaque)
830 {
831     virQEMUDriverPtr driver = opaque;
832
833     if (newVM) {
834         virDomainEventPtr event =
835             virDomainEventNewFromObj(vm,
836                                      VIR_DOMAIN_EVENT_DEFINED,
837                                      VIR_DOMAIN_EVENT_DEFINED_ADDED);
838         if (event)
839             qemuDomainEventQueue(driver, event);
840     }
841 }
842
843 /**
844  * qemuReload:
845  *
846  * Function to restart the QEmu daemon, it will recheck the configuration
847  * files and update its state and the networking
848  */
849 static int
850 qemuReload(void) {
851     virQEMUDriverConfigPtr cfg = NULL;
852     virCapsPtr caps = NULL;
853
854     if (!qemu_driver)
855         return 0;
856
857     if (!(caps = virQEMUDriverGetCapabilities(qemu_driver, false)))
858         goto cleanup;
859
860     cfg = virQEMUDriverGetConfig(qemu_driver);
861     virDomainObjListLoadAllConfigs(qemu_driver->domains,
862                                    caps,
863                                    cfg->configDir,
864                                    cfg->autostartDir,
865                                    0, QEMU_EXPECTED_VIRT_TYPES,
866                                    qemuNotifyLoadDomain, qemu_driver);
867 cleanup:
868     virObjectUnref(cfg);
869     virObjectUnref(caps);
870     return 0;
871 }
872
873
874 /*
875  * qemuStop:
876  *
877  * Save any VMs in preparation for shutdown
878  *
879  */
880 static int
881 qemuStop(void) {
882     int ret = -1;
883     virConnectPtr conn;
884     int numDomains = 0;
885     size_t i;
886     int state;
887     virDomainPtr *domains = NULL;
888     unsigned int *flags = NULL;
889     virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(qemu_driver);
890
891     if (!(conn = virConnectOpen(cfg->uri)))
892         goto cleanup;
893
894     if ((numDomains = virConnectListAllDomains(conn,
895                                                &domains,
896                                                VIR_CONNECT_LIST_DOMAINS_ACTIVE)) < 0)
897         goto cleanup;
898
899     if (VIR_ALLOC_N(flags, numDomains) < 0) {
900         virReportOOMError();
901         goto cleanup;
902     }
903
904     /* First we pause all VMs to make them stop dirtying
905        pages, etc. We remember if any VMs were paused so
906        we can restore that on resume. */
907     for (i = 0 ; i < numDomains ; i++) {
908         flags[i] = VIR_DOMAIN_SAVE_RUNNING;
909         if (virDomainGetState(domains[i], &state, NULL, 0) == 0) {
910             if (state == VIR_DOMAIN_PAUSED) {
911                 flags[i] = VIR_DOMAIN_SAVE_PAUSED;
912             }
913         }
914         virDomainSuspend(domains[i]);
915     }
916
917     ret = 0;
918     /* Then we save the VMs to disk */
919     for (i = 0 ; i < numDomains ; i++)
920         if (virDomainManagedSave(domains[i], flags[i]) < 0)
921             ret = -1;
922
923  cleanup:
924     for (i = 0 ; i < numDomains ; i++)
925         virDomainFree(domains[i]);
926     VIR_FREE(domains);
927     VIR_FREE(flags);
928     if (conn)
929         virConnectClose(conn);
930     virObjectUnref(cfg);
931
932     return ret;
933 }
934
935 /**
936  * qemuShutdown:
937  *
938  * Shutdown the QEmu daemon, it will stop all active domains and networks
939  */
940 static int
941 qemuShutdown(void) {
942     if (!qemu_driver)
943         return -1;
944
945     virNWFilterUnRegisterCallbackDriver(&qemuCallbackDriver);
946     virObjectUnref(qemu_driver->activePciHostdevs);
947     virObjectUnref(qemu_driver->inactivePciHostdevs);
948     virObjectUnref(qemu_driver->activeUsbHostdevs);
949     virHashFree(qemu_driver->sharedDisks);
950     virObjectUnref(qemu_driver->caps);
951     virQEMUCapsCacheFree(qemu_driver->qemuCapsCache);
952
953     virObjectUnref(qemu_driver->domains);
954     virObjectUnref(qemu_driver->remotePorts);
955
956     virSysinfoDefFree(qemu_driver->hostsysinfo);
957
958     virObjectUnref(qemu_driver->closeCallbacks);
959
960     VIR_FREE(qemu_driver->qemuImgBinary);
961
962     virObjectUnref(qemu_driver->securityManager);
963
964     ebtablesContextFree(qemu_driver->ebtables);
965
966     /* Free domain callback list */
967     virDomainEventStateFree(qemu_driver->domainEventState);
968
969     virCgroupFree(&qemu_driver->cgroup);
970
971     virLockManagerPluginUnref(qemu_driver->lockManager);
972
973     virMutexDestroy(&qemu_driver->lock);
974     virThreadPoolFree(qemu_driver->workerPool);
975     VIR_FREE(qemu_driver);
976
977     return 0;
978 }
979
980
981 static virDrvOpenStatus qemuOpen(virConnectPtr conn,
982                                  virConnectAuthPtr auth ATTRIBUTE_UNUSED,
983                                  unsigned int flags)
984 {
985     virQEMUDriverConfigPtr cfg = NULL;
986     virDrvOpenStatus ret = VIR_DRV_OPEN_ERROR;
987     virCheckFlags(VIR_CONNECT_RO, VIR_DRV_OPEN_ERROR);
988
989     if (conn->uri == NULL) {
990         if (qemu_driver == NULL) {
991             ret = VIR_DRV_OPEN_DECLINED;
992             goto cleanup;
993         }
994
995         cfg = virQEMUDriverGetConfig(qemu_driver);
996
997         if (!(conn->uri = virURIParse(cfg->uri)))
998             goto cleanup;
999     } else {
1000         /* If URI isn't 'qemu' its definitely not for us */
1001         if (conn->uri->scheme == NULL ||
1002             STRNEQ(conn->uri->scheme, "qemu")) {
1003             ret = VIR_DRV_OPEN_DECLINED;
1004             goto cleanup;
1005         }
1006
1007         /* Allow remote driver to deal with URIs with hostname server */
1008         if (conn->uri->server != NULL) {
1009             ret = VIR_DRV_OPEN_DECLINED;
1010             goto cleanup;
1011         }
1012
1013         if (qemu_driver == NULL) {
1014             virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
1015                            _("qemu state driver is not active"));
1016             goto cleanup;
1017         }
1018
1019         cfg = virQEMUDriverGetConfig(qemu_driver);
1020         if (conn->uri->path == NULL) {
1021             virReportError(VIR_ERR_INTERNAL_ERROR,
1022                            _("no QEMU URI path given, try %s"),
1023                            cfg->uri);
1024             goto cleanup;
1025         }
1026
1027         if (cfg->privileged) {
1028             if (STRNEQ(conn->uri->path, "/system") &&
1029                 STRNEQ(conn->uri->path, "/session")) {
1030                 virReportError(VIR_ERR_INTERNAL_ERROR,
1031                                _("unexpected QEMU URI path '%s', try qemu:///system"),
1032                                conn->uri->path);
1033                 goto cleanup;
1034             }
1035         } else {
1036             if (STRNEQ(conn->uri->path, "/session")) {
1037                 virReportError(VIR_ERR_INTERNAL_ERROR,
1038                                _("unexpected QEMU URI path '%s', try qemu:///session"),
1039                                conn->uri->path);
1040                 goto cleanup;
1041             }
1042         }
1043     }
1044     conn->privateData = qemu_driver;
1045
1046     ret = VIR_DRV_OPEN_SUCCESS;
1047 cleanup:
1048     virObjectUnref(cfg);
1049     return ret;
1050 }
1051
1052 static int qemuClose(virConnectPtr conn)
1053 {
1054     virQEMUDriverPtr driver = conn->privateData;
1055
1056     /* Get rid of callbacks registered for this conn */
1057     virQEMUCloseCallbacksRun(driver->closeCallbacks, conn, driver);
1058
1059     conn->privateData = NULL;
1060
1061     return 0;
1062 }
1063
1064 /* Which features are supported by this driver? */
1065 static int
1066 qemuSupportsFeature(virConnectPtr conn ATTRIBUTE_UNUSED, int feature)
1067 {
1068     switch (feature) {
1069     case VIR_DRV_FEATURE_MIGRATION_V2:
1070     case VIR_DRV_FEATURE_MIGRATION_V3:
1071     case VIR_DRV_FEATURE_MIGRATION_P2P:
1072     case VIR_DRV_FEATURE_MIGRATE_CHANGE_PROTECTION:
1073     case VIR_DRV_FEATURE_FD_PASSING:
1074     case VIR_DRV_FEATURE_TYPED_PARAM_STRING:
1075     case VIR_DRV_FEATURE_XML_MIGRATABLE:
1076     case VIR_DRV_FEATURE_MIGRATION_OFFLINE:
1077         return 1;
1078     default:
1079         return 0;
1080     }
1081 }
1082
1083 static const char *qemuGetType(virConnectPtr conn ATTRIBUTE_UNUSED) {
1084     return "QEMU";
1085 }
1086
1087
1088 static int qemuIsSecure(virConnectPtr conn ATTRIBUTE_UNUSED)
1089 {
1090     /* Trivially secure, since always inside the daemon */
1091     return 1;
1092 }
1093
1094 static int qemuIsEncrypted(virConnectPtr conn ATTRIBUTE_UNUSED)
1095 {
1096     /* Not encrypted, but remote driver takes care of that */
1097     return 0;
1098 }
1099
1100 static int qemuIsAlive(virConnectPtr conn ATTRIBUTE_UNUSED)
1101 {
1102     return 1;
1103 }
1104
1105
1106 static int kvmGetMaxVCPUs(void) {
1107     int maxvcpus = 1;
1108
1109     int r, fd;
1110
1111     fd = open(KVM_DEVICE, O_RDONLY);
1112     if (fd < 0) {
1113         virReportSystemError(errno, _("Unable to open %s"), KVM_DEVICE);
1114         return -1;
1115     }
1116
1117     r = ioctl(fd, KVM_CHECK_EXTENSION, KVM_CAP_NR_VCPUS);
1118     if (r > 0)
1119         maxvcpus = r;
1120
1121     VIR_FORCE_CLOSE(fd);
1122     return maxvcpus;
1123 }
1124
1125
1126 static char *
1127 qemuGetSysinfo(virConnectPtr conn, unsigned int flags)
1128 {
1129     virQEMUDriverPtr driver = conn->privateData;
1130     virBuffer buf = VIR_BUFFER_INITIALIZER;
1131
1132     virCheckFlags(0, NULL);
1133
1134     if (!driver->hostsysinfo) {
1135         virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
1136                        _("Host SMBIOS information is not available"));
1137         return NULL;
1138     }
1139
1140     if (virSysinfoFormat(&buf, driver->hostsysinfo) < 0)
1141         return NULL;
1142     if (virBufferError(&buf)) {
1143         virReportOOMError();
1144         return NULL;
1145     }
1146     return virBufferContentAndReset(&buf);
1147 }
1148
1149 static int qemuGetMaxVCPUs(virConnectPtr conn ATTRIBUTE_UNUSED, const char *type) {
1150     if (!type)
1151         return 16;
1152
1153     if (STRCASEEQ(type, "qemu"))
1154         return 16;
1155
1156     if (STRCASEEQ(type, "kvm"))
1157         return kvmGetMaxVCPUs();
1158
1159     if (STRCASEEQ(type, "kqemu"))
1160         return 1;
1161
1162     virReportError(VIR_ERR_INVALID_ARG,
1163                    _("unknown type '%s'"), type);
1164     return -1;
1165 }
1166
1167
1168 static char *qemuGetCapabilities(virConnectPtr conn) {
1169     virQEMUDriverPtr driver = conn->privateData;
1170     virCapsPtr caps = NULL;
1171     char *xml = NULL;
1172
1173     if (!(caps = virQEMUDriverGetCapabilities(driver, true)))
1174         goto cleanup;
1175
1176     if ((xml = virCapabilitiesFormatXML(caps)) == NULL)
1177         virReportOOMError();
1178     virObjectUnref(caps);
1179
1180 cleanup:
1181
1182     return xml;
1183 }
1184
1185
1186 static int
1187 qemuGetProcessInfo(unsigned long long *cpuTime, int *lastCpu, long *vm_rss,
1188                    pid_t pid, int tid)
1189 {
1190     char *proc;
1191     FILE *pidinfo;
1192     unsigned long long usertime, systime;
1193     long rss;
1194     int cpu;
1195     int ret;
1196
1197     /* In general, we cannot assume pid_t fits in int; but /proc parsing
1198      * is specific to Linux where int works fine.  */
1199     if (tid)
1200         ret = virAsprintf(&proc, "/proc/%d/task/%d/stat", (int) pid, tid);
1201     else
1202         ret = virAsprintf(&proc, "/proc/%d/stat", (int) pid);
1203     if (ret < 0)
1204         return -1;
1205
1206     if (!(pidinfo = fopen(proc, "r"))) {
1207         /* VM probably shut down, so fake 0 */
1208         if (cpuTime)
1209             *cpuTime = 0;
1210         if (lastCpu)
1211             *lastCpu = 0;
1212         if (vm_rss)
1213             *vm_rss = 0;
1214         VIR_FREE(proc);
1215         return 0;
1216     }
1217     VIR_FREE(proc);
1218
1219     /* See 'man proc' for information about what all these fields are. We're
1220      * only interested in a very few of them */
1221     if (fscanf(pidinfo,
1222                /* pid -> stime */
1223                "%*d %*s %*c %*d %*d %*d %*d %*d %*u %*u %*u %*u %*u %llu %llu"
1224                /* cutime -> endcode */
1225                "%*d %*d %*d %*d %*d %*d %*u %*u %ld %*u %*u %*u"
1226                /* startstack -> processor */
1227                "%*u %*u %*u %*u %*u %*u %*u %*u %*u %*u %*d %d",
1228                &usertime, &systime, &rss, &cpu) != 4) {
1229         VIR_FORCE_FCLOSE(pidinfo);
1230         VIR_WARN("cannot parse process status data");
1231         errno = -EINVAL;
1232         return -1;
1233     }
1234
1235     /* We got jiffies
1236      * We want nanoseconds
1237      * _SC_CLK_TCK is jiffies per second
1238      * So calulate thus....
1239      */
1240     if (cpuTime)
1241         *cpuTime = 1000ull * 1000ull * 1000ull * (usertime + systime) / (unsigned long long)sysconf(_SC_CLK_TCK);
1242     if (lastCpu)
1243         *lastCpu = cpu;
1244
1245     /* We got pages
1246      * We want kiloBytes
1247      * _SC_PAGESIZE is page size in Bytes
1248      * So calculate, but first lower the pagesize so we don't get overflow */
1249     if (vm_rss)
1250         *vm_rss = rss * (sysconf(_SC_PAGESIZE) >> 10);
1251
1252
1253     VIR_DEBUG("Got status for %d/%d user=%llu sys=%llu cpu=%d rss=%ld",
1254               (int) pid, tid, usertime, systime, cpu, rss);
1255
1256     VIR_FORCE_FCLOSE(pidinfo);
1257
1258     return 0;
1259 }
1260
1261
1262 static virDomainPtr qemuDomainLookupByID(virConnectPtr conn,
1263                                          int id) {
1264     virQEMUDriverPtr driver = conn->privateData;
1265     virDomainObjPtr vm;
1266     virDomainPtr dom = NULL;
1267
1268     vm  = virDomainObjListFindByID(driver->domains, id);
1269
1270     if (!vm) {
1271         virReportError(VIR_ERR_NO_DOMAIN,
1272                        _("no domain with matching id %d"), id);
1273         goto cleanup;
1274     }
1275
1276     dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
1277     if (dom) dom->id = vm->def->id;
1278
1279 cleanup:
1280     if (vm)
1281         virObjectUnlock(vm);
1282     return dom;
1283 }
1284
1285 static virDomainPtr qemuDomainLookupByUUID(virConnectPtr conn,
1286                                            const unsigned char *uuid) {
1287     virQEMUDriverPtr driver = conn->privateData;
1288     virDomainObjPtr vm;
1289     virDomainPtr dom = NULL;
1290
1291     vm = virDomainObjListFindByUUID(driver->domains, uuid);
1292
1293     if (!vm) {
1294         char uuidstr[VIR_UUID_STRING_BUFLEN];
1295         virUUIDFormat(uuid, uuidstr);
1296         virReportError(VIR_ERR_NO_DOMAIN,
1297                        _("no domain with matching uuid '%s'"), uuidstr);
1298         goto cleanup;
1299     }
1300
1301     dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
1302     if (dom) dom->id = vm->def->id;
1303
1304 cleanup:
1305     if (vm)
1306         virObjectUnlock(vm);
1307     return dom;
1308 }
1309
1310 static virDomainPtr qemuDomainLookupByName(virConnectPtr conn,
1311                                            const char *name) {
1312     virQEMUDriverPtr driver = conn->privateData;
1313     virDomainObjPtr vm;
1314     virDomainPtr dom = NULL;
1315
1316     vm = virDomainObjListFindByName(driver->domains, name);
1317
1318     if (!vm) {
1319         virReportError(VIR_ERR_NO_DOMAIN,
1320                        _("no domain with matching name '%s'"), name);
1321         goto cleanup;
1322     }
1323
1324     dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
1325     if (dom) dom->id = vm->def->id;
1326
1327 cleanup:
1328     if (vm)
1329         virObjectUnlock(vm);
1330     return dom;
1331 }
1332
1333
1334 static int qemuDomainIsActive(virDomainPtr dom)
1335 {
1336     virDomainObjPtr obj;
1337     int ret = -1;
1338
1339     if (!(obj = qemuDomObjFromDomain(dom)))
1340         goto cleanup;
1341
1342     ret = virDomainObjIsActive(obj);
1343
1344 cleanup:
1345     if (obj)
1346         virObjectUnlock(obj);
1347     return ret;
1348 }
1349
1350 static int qemuDomainIsPersistent(virDomainPtr dom)
1351 {
1352     virDomainObjPtr obj;
1353     int ret = -1;
1354
1355     if (!(obj = qemuDomObjFromDomain(dom)))
1356         goto cleanup;
1357
1358     ret = obj->persistent;
1359
1360 cleanup:
1361     if (obj)
1362         virObjectUnlock(obj);
1363     return ret;
1364 }
1365
1366 static int qemuDomainIsUpdated(virDomainPtr dom)
1367 {
1368     virDomainObjPtr obj;
1369     int ret = -1;
1370
1371     if (!(obj = qemuDomObjFromDomain(dom)))
1372         goto cleanup;
1373
1374     ret = obj->updated;
1375
1376 cleanup:
1377     if (obj)
1378         virObjectUnlock(obj);
1379     return ret;
1380 }
1381
1382 static int qemuGetVersion(virConnectPtr conn, unsigned long *version) {
1383     virQEMUDriverPtr driver = conn->privateData;
1384     int ret = -1;
1385     unsigned int qemuVersion = 0;
1386     virCapsPtr caps = NULL;
1387
1388     if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
1389         goto cleanup;
1390
1391     if (virQEMUCapsGetDefaultVersion(caps,
1392                                      driver->qemuCapsCache,
1393                                      &qemuVersion) < 0)
1394         goto cleanup;
1395
1396     *version = qemuVersion;
1397     ret = 0;
1398
1399 cleanup:
1400     virObjectUnref(caps);
1401     return ret;
1402 }
1403
1404 static int qemuListDomains(virConnectPtr conn, int *ids, int nids) {
1405     virQEMUDriverPtr driver = conn->privateData;
1406     int n;
1407
1408     n = virDomainObjListGetActiveIDs(driver->domains, ids, nids);
1409
1410     return n;
1411 }
1412
1413 static int qemuNumDomains(virConnectPtr conn) {
1414     virQEMUDriverPtr driver = conn->privateData;
1415     int n;
1416
1417     n = virDomainObjListNumOfDomains(driver->domains, 1);
1418
1419     return n;
1420 }
1421
1422
1423 static int
1424 qemuCanonicalizeMachine(virDomainDefPtr def, virQEMUCapsPtr qemuCaps)
1425 {
1426     const char *canon;
1427
1428     if (!(canon = virQEMUCapsGetCanonicalMachine(qemuCaps, def->os.machine)))
1429         return 0;
1430
1431     if (STRNEQ(canon, def->os.machine)) {
1432         char *tmp;
1433         if (!(tmp = strdup(canon))) {
1434             virReportOOMError();
1435             return -1;
1436         }
1437         VIR_FREE(def->os.machine);
1438         def->os.machine = tmp;
1439     }
1440
1441     return 0;
1442 }
1443
1444
1445 static virDomainPtr qemuDomainCreate(virConnectPtr conn, const char *xml,
1446                                      unsigned int flags) {
1447     virQEMUDriverPtr driver = conn->privateData;
1448     virDomainDefPtr def = NULL;
1449     virDomainObjPtr vm = NULL;
1450     virDomainPtr dom = NULL;
1451     virDomainEventPtr event = NULL;
1452     virDomainEventPtr event2 = NULL;
1453     unsigned int start_flags = VIR_QEMU_PROCESS_START_COLD;
1454     virQEMUCapsPtr qemuCaps = NULL;
1455     virCapsPtr caps = NULL;
1456
1457     virCheckFlags(VIR_DOMAIN_START_PAUSED |
1458                   VIR_DOMAIN_START_AUTODESTROY, NULL);
1459
1460     if (flags & VIR_DOMAIN_START_PAUSED)
1461         start_flags |= VIR_QEMU_PROCESS_START_PAUSED;
1462     if (flags & VIR_DOMAIN_START_AUTODESTROY)
1463         start_flags |= VIR_QEMU_PROCESS_START_AUTODESTROY;
1464
1465     if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
1466         goto cleanup;
1467
1468     if (!(def = virDomainDefParseString(caps, xml,
1469                                         QEMU_EXPECTED_VIRT_TYPES,
1470                                         VIR_DOMAIN_XML_INACTIVE)))
1471         goto cleanup;
1472
1473     if (virSecurityManagerVerify(driver->securityManager, def) < 0)
1474         goto cleanup;
1475
1476     if (!(qemuCaps = virQEMUCapsCacheLookup(driver->qemuCapsCache, def->emulator)))
1477         goto cleanup;
1478
1479     if (qemuCanonicalizeMachine(def, qemuCaps) < 0)
1480         goto cleanup;
1481
1482     if (qemuDomainAssignAddresses(def, qemuCaps, NULL) < 0)
1483         goto cleanup;
1484
1485     if (!(vm = virDomainObjListAdd(driver->domains,
1486                                    caps,
1487                                    def,
1488                                    VIR_DOMAIN_OBJ_LIST_ADD_CHECK_LIVE,
1489                                    NULL)))
1490         goto cleanup;
1491
1492     def = NULL;
1493
1494     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
1495         goto cleanup; /* XXXX free the 'vm' we created ? */
1496
1497     if (qemuProcessStart(conn, driver, vm, NULL, -1, NULL, NULL,
1498                          VIR_NETDEV_VPORT_PROFILE_OP_CREATE,
1499                          start_flags) < 0) {
1500         virDomainAuditStart(vm, "booted", false);
1501         if (qemuDomainObjEndJob(driver, vm) > 0)
1502             qemuDomainRemoveInactive(driver, vm);
1503         vm = NULL;
1504         goto cleanup;
1505     }
1506
1507     event = virDomainEventNewFromObj(vm,
1508                                      VIR_DOMAIN_EVENT_STARTED,
1509                                      VIR_DOMAIN_EVENT_STARTED_BOOTED);
1510     if (event && (flags & VIR_DOMAIN_START_PAUSED)) {
1511         /* There are two classes of event-watching clients - those
1512          * that only care about on/off (and must see a started event
1513          * no matter what, but don't care about suspend events), and
1514          * those that also care about running/paused.  To satisfy both
1515          * client types, we have to send two events.  */
1516         event2 = virDomainEventNewFromObj(vm,
1517                                           VIR_DOMAIN_EVENT_SUSPENDED,
1518                                           VIR_DOMAIN_EVENT_SUSPENDED_PAUSED);
1519     }
1520     virDomainAuditStart(vm, "booted", true);
1521
1522     dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
1523     if (dom) dom->id = vm->def->id;
1524
1525     if (vm &&
1526         qemuDomainObjEndJob(driver, vm) == 0)
1527         vm = NULL;
1528
1529 cleanup:
1530     virDomainDefFree(def);
1531     if (vm)
1532         virObjectUnlock(vm);
1533     if (event) {
1534         qemuDomainEventQueue(driver, event);
1535         if (event2)
1536             qemuDomainEventQueue(driver, event2);
1537     }
1538     virObjectUnref(caps);
1539     virObjectUnref(qemuCaps);
1540     return dom;
1541 }
1542
1543
1544 static int qemuDomainSuspend(virDomainPtr dom) {
1545     virQEMUDriverPtr driver = dom->conn->privateData;
1546     virDomainObjPtr vm;
1547     int ret = -1;
1548     virDomainEventPtr event = NULL;
1549     qemuDomainObjPrivatePtr priv;
1550     virDomainPausedReason reason;
1551     int eventDetail;
1552     int state;
1553     virQEMUDriverConfigPtr cfg = NULL;
1554     virCapsPtr caps = NULL;
1555
1556     vm = virDomainObjListFindByUUID(driver->domains, dom->uuid);
1557
1558     if (!vm) {
1559         char uuidstr[VIR_UUID_STRING_BUFLEN];
1560         virUUIDFormat(dom->uuid, uuidstr);
1561         virReportError(VIR_ERR_NO_DOMAIN,
1562                        _("no domain with matching uuid '%s'"), uuidstr);
1563         goto cleanup;
1564     }
1565     if (!virDomainObjIsActive(vm)) {
1566         virReportError(VIR_ERR_OPERATION_INVALID,
1567                        "%s", _("domain is not running"));
1568         goto cleanup;
1569     }
1570
1571     cfg = virQEMUDriverGetConfig(driver);
1572     priv = vm->privateData;
1573
1574     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_SUSPEND) < 0)
1575         goto cleanup;
1576
1577     if (!virDomainObjIsActive(vm)) {
1578         virReportError(VIR_ERR_OPERATION_INVALID,
1579                        "%s", _("domain is not running"));
1580         goto endjob;
1581     }
1582
1583     if (priv->job.asyncJob == QEMU_ASYNC_JOB_MIGRATION_OUT) {
1584         reason = VIR_DOMAIN_PAUSED_MIGRATION;
1585         eventDetail = VIR_DOMAIN_EVENT_SUSPENDED_MIGRATED;
1586     } else if (priv->job.asyncJob == QEMU_ASYNC_JOB_SNAPSHOT) {
1587         reason = VIR_DOMAIN_PAUSED_SNAPSHOT;
1588         eventDetail = -1; /* don't create lifecycle events when doing snapshot */
1589     } else {
1590         reason = VIR_DOMAIN_PAUSED_USER;
1591         eventDetail = VIR_DOMAIN_EVENT_SUSPENDED_PAUSED;
1592     }
1593
1594     state = virDomainObjGetState(vm, NULL);
1595     if (state == VIR_DOMAIN_PMSUSPENDED) {
1596         virReportError(VIR_ERR_OPERATION_INVALID,
1597                        "%s", _("domain is pmsuspended"));
1598         goto endjob;
1599     } else if (state != VIR_DOMAIN_PAUSED) {
1600         if (qemuProcessStopCPUs(driver, vm, reason, QEMU_ASYNC_JOB_NONE) < 0) {
1601             goto endjob;
1602         }
1603
1604         if (eventDetail >= 0) {
1605             event = virDomainEventNewFromObj(vm,
1606                                              VIR_DOMAIN_EVENT_SUSPENDED,
1607                                              eventDetail);
1608         }
1609     }
1610     if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
1611         goto endjob;
1612     if (virDomainSaveStatus(caps, cfg->stateDir, vm) < 0)
1613         goto endjob;
1614     ret = 0;
1615
1616 endjob:
1617     if (qemuDomainObjEndJob(driver, vm) == 0)
1618         vm = NULL;
1619
1620 cleanup:
1621     if (vm)
1622         virObjectUnlock(vm);
1623
1624     if (event)
1625         qemuDomainEventQueue(driver, event);
1626     virObjectUnref(caps);
1627     virObjectUnref(cfg);
1628     return ret;
1629 }
1630
1631
1632 static int qemuDomainResume(virDomainPtr dom) {
1633     virQEMUDriverPtr driver = dom->conn->privateData;
1634     virDomainObjPtr vm;
1635     int ret = -1;
1636     virDomainEventPtr event = NULL;
1637     int state;
1638     virQEMUDriverConfigPtr cfg = NULL;
1639     virCapsPtr caps = NULL;
1640
1641     vm = virDomainObjListFindByUUID(driver->domains, dom->uuid);
1642
1643     if (!vm) {
1644         char uuidstr[VIR_UUID_STRING_BUFLEN];
1645         virUUIDFormat(dom->uuid, uuidstr);
1646         virReportError(VIR_ERR_NO_DOMAIN,
1647                        _("no domain with matching uuid '%s'"), uuidstr);
1648         goto cleanup;
1649     }
1650
1651     cfg = virQEMUDriverGetConfig(driver);
1652
1653     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
1654         goto cleanup;
1655
1656     if (!virDomainObjIsActive(vm)) {
1657         virReportError(VIR_ERR_OPERATION_INVALID,
1658                        "%s", _("domain is not running"));
1659         goto endjob;
1660     }
1661
1662     state = virDomainObjGetState(vm, NULL);
1663     if (state == VIR_DOMAIN_PMSUSPENDED) {
1664         virReportError(VIR_ERR_OPERATION_INVALID,
1665                        "%s", _("domain is pmsuspended"));
1666         goto endjob;
1667     } else if (state == VIR_DOMAIN_PAUSED) {
1668         if (qemuProcessStartCPUs(driver, vm, dom->conn,
1669                                  VIR_DOMAIN_RUNNING_UNPAUSED,
1670                                  QEMU_ASYNC_JOB_NONE) < 0) {
1671             if (virGetLastError() == NULL)
1672                 virReportError(VIR_ERR_OPERATION_FAILED,
1673                                "%s", _("resume operation failed"));
1674             goto endjob;
1675         }
1676         event = virDomainEventNewFromObj(vm,
1677                                          VIR_DOMAIN_EVENT_RESUMED,
1678                                          VIR_DOMAIN_EVENT_RESUMED_UNPAUSED);
1679     }
1680     if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
1681         goto endjob;
1682     if (virDomainSaveStatus(caps, cfg->stateDir, vm) < 0)
1683         goto endjob;
1684     ret = 0;
1685
1686 endjob:
1687     if (qemuDomainObjEndJob(driver, vm) == 0)
1688         vm = NULL;
1689
1690 cleanup:
1691     if (vm)
1692         virObjectUnlock(vm);
1693     if (event)
1694         qemuDomainEventQueue(driver, event);
1695     virObjectUnref(caps);
1696     virObjectUnref(cfg);
1697     return ret;
1698 }
1699
1700 static int qemuDomainShutdownFlags(virDomainPtr dom, unsigned int flags) {
1701     virQEMUDriverPtr driver = dom->conn->privateData;
1702     virDomainObjPtr vm;
1703     int ret = -1;
1704     qemuDomainObjPrivatePtr priv;
1705     bool useAgent = false, agentRequested, acpiRequested;
1706
1707     virCheckFlags(VIR_DOMAIN_SHUTDOWN_ACPI_POWER_BTN |
1708                   VIR_DOMAIN_SHUTDOWN_GUEST_AGENT, -1);
1709
1710     if (!(vm = qemuDomObjFromDomain(dom)))
1711         goto cleanup;
1712
1713     priv = vm->privateData;
1714     agentRequested = flags & VIR_DOMAIN_SHUTDOWN_GUEST_AGENT;
1715     acpiRequested  = flags & VIR_DOMAIN_SHUTDOWN_ACPI_POWER_BTN;
1716
1717     /* Prefer agent unless we were requested to not to. */
1718     if (agentRequested || (!flags && priv->agent))
1719         useAgent = true;
1720
1721     if (priv->agentError) {
1722         if (agentRequested && !acpiRequested) {
1723             virReportError(VIR_ERR_AGENT_UNRESPONSIVE, "%s",
1724                            _("QEMU guest agent is not "
1725                              "available due to an error"));
1726             goto cleanup;
1727         } else {
1728             useAgent = false;
1729         }
1730     }
1731
1732     if (!priv->agent) {
1733         if (agentRequested && !acpiRequested) {
1734             virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, "%s",
1735                            _("QEMU guest agent is not configured"));
1736             goto cleanup;
1737         } else {
1738             useAgent = false;
1739         }
1740     }
1741
1742     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
1743         goto cleanup;
1744
1745     if (!virDomainObjIsActive(vm)) {
1746         virReportError(VIR_ERR_OPERATION_INVALID,
1747                        "%s", _("domain is not running"));
1748         goto endjob;
1749     }
1750
1751     if (useAgent) {
1752         qemuDomainObjEnterAgent(vm);
1753         ret = qemuAgentShutdown(priv->agent, QEMU_AGENT_SHUTDOWN_POWERDOWN);
1754         qemuDomainObjExitAgent(vm);
1755     }
1756
1757     /* If we are not enforced to use just an agent, try ACPI
1758      * shutdown as well in case agent did not succeed.
1759      */
1760     if (!useAgent ||
1761         (ret < 0 && (acpiRequested || !flags))) {
1762         qemuDomainSetFakeReboot(driver, vm, false);
1763
1764         qemuDomainObjEnterMonitor(driver, vm);
1765         ret = qemuMonitorSystemPowerdown(priv->mon);
1766         qemuDomainObjExitMonitor(driver, vm);
1767     }
1768
1769 endjob:
1770     if (qemuDomainObjEndJob(driver, vm) == 0)
1771         vm = NULL;
1772
1773 cleanup:
1774     if (vm)
1775         virObjectUnlock(vm);
1776     return ret;
1777 }
1778
1779 static int qemuDomainShutdown(virDomainPtr dom)
1780 {
1781     return qemuDomainShutdownFlags(dom, 0);
1782 }
1783
1784
1785 static int
1786 qemuDomainReboot(virDomainPtr dom, unsigned int flags)
1787 {
1788     virQEMUDriverPtr driver = dom->conn->privateData;
1789     virDomainObjPtr vm;
1790     int ret = -1;
1791     qemuDomainObjPrivatePtr priv;
1792     bool useAgent = false;
1793
1794     virCheckFlags(VIR_DOMAIN_REBOOT_ACPI_POWER_BTN |
1795                   VIR_DOMAIN_REBOOT_GUEST_AGENT , -1);
1796
1797     /* At most one of these two flags should be set.  */
1798     if ((flags & VIR_DOMAIN_REBOOT_ACPI_POWER_BTN) &&
1799         (flags & VIR_DOMAIN_REBOOT_GUEST_AGENT)) {
1800         virReportInvalidArg(flags, "%s",
1801                             _("flags for acpi power button and guest agent are mutually exclusive"));
1802         return -1;
1803     }
1804
1805     if (!(vm = qemuDomObjFromDomain(dom)))
1806         goto cleanup;
1807
1808     priv = vm->privateData;
1809
1810     if ((flags & VIR_DOMAIN_REBOOT_GUEST_AGENT) ||
1811         (!(flags & VIR_DOMAIN_REBOOT_ACPI_POWER_BTN) &&
1812          priv->agent))
1813         useAgent = true;
1814
1815     if (useAgent) {
1816         if (priv->agentError) {
1817             virReportError(VIR_ERR_AGENT_UNRESPONSIVE, "%s",
1818                            _("QEMU guest agent is not "
1819                              "available due to an error"));
1820             goto cleanup;
1821         }
1822         if (!priv->agent) {
1823             virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, "%s",
1824                            _("QEMU guest agent is not configured"));
1825             goto cleanup;
1826         }
1827     } else {
1828 #if WITH_YAJL
1829         if (virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_MONITOR_JSON)) {
1830             if (!virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_NO_SHUTDOWN)) {
1831                 virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
1832                                _("Reboot is not supported with this QEMU binary"));
1833                 goto cleanup;
1834             }
1835         } else {
1836 #endif
1837             virReportError(VIR_ERR_OPERATION_INVALID, "%s",
1838                            _("Reboot is not supported without the JSON monitor"));
1839             goto cleanup;
1840 #if WITH_YAJL
1841         }
1842 #endif
1843     }
1844
1845     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
1846         goto cleanup;
1847
1848     if (!virDomainObjIsActive(vm)) {
1849         virReportError(VIR_ERR_OPERATION_INVALID,
1850                        "%s", _("domain is not running"));
1851         goto endjob;
1852     }
1853
1854     if (useAgent) {
1855         qemuDomainObjEnterAgent(vm);
1856         ret = qemuAgentShutdown(priv->agent, QEMU_AGENT_SHUTDOWN_REBOOT);
1857         qemuDomainObjExitAgent(vm);
1858     } else {
1859         qemuDomainObjEnterMonitor(driver, vm);
1860         ret = qemuMonitorSystemPowerdown(priv->mon);
1861         qemuDomainObjExitMonitor(driver, vm);
1862
1863         if (ret == 0)
1864             qemuDomainSetFakeReboot(driver, vm, true);
1865     }
1866
1867 endjob:
1868     if (qemuDomainObjEndJob(driver, vm) == 0)
1869         vm = NULL;
1870
1871 cleanup:
1872     if (vm)
1873         virObjectUnlock(vm);
1874     return ret;
1875 }
1876
1877
1878 static int
1879 qemuDomainReset(virDomainPtr dom, unsigned int flags)
1880 {
1881     virQEMUDriverPtr driver = dom->conn->privateData;
1882     virDomainObjPtr vm;
1883     int ret = -1;
1884     qemuDomainObjPrivatePtr priv;
1885
1886     virCheckFlags(0, -1);
1887
1888     if (!(vm = qemuDomObjFromDomain(dom)))
1889         goto cleanup;
1890
1891     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
1892         goto cleanup;
1893
1894     if (!virDomainObjIsActive(vm)) {
1895         virReportError(VIR_ERR_OPERATION_INVALID,
1896                        "%s", _("domain is not running"));
1897         goto endjob;
1898     }
1899
1900     priv = vm->privateData;
1901     qemuDomainObjEnterMonitor(driver, vm);
1902     ret = qemuMonitorSystemReset(priv->mon);
1903     qemuDomainObjExitMonitor(driver, vm);
1904
1905     priv->fakeReboot = false;
1906
1907 endjob:
1908     if (qemuDomainObjEndJob(driver, vm) == 0)
1909         vm = NULL;
1910
1911 cleanup:
1912     if (vm)
1913         virObjectUnlock(vm);
1914     return ret;
1915 }
1916
1917
1918 /* Count how many snapshots in a set are external snapshots or checkpoints.  */
1919 static void
1920 qemuDomainSnapshotCountExternal(void *payload,
1921                                 const void *name ATTRIBUTE_UNUSED,
1922                                 void *data)
1923 {
1924     virDomainSnapshotObjPtr snap = payload;
1925     int *count = data;
1926
1927     if (virDomainSnapshotIsExternal(snap))
1928         (*count)++;
1929 }
1930
1931 static int
1932 qemuDomainDestroyFlags(virDomainPtr dom,
1933                        unsigned int flags)
1934 {
1935     virQEMUDriverPtr driver = dom->conn->privateData;
1936     virDomainObjPtr vm;
1937     int ret = -1;
1938     virDomainEventPtr event = NULL;
1939     qemuDomainObjPrivatePtr priv;
1940
1941     virCheckFlags(VIR_DOMAIN_DESTROY_GRACEFUL, -1);
1942
1943     vm  = virDomainObjListFindByUUID(driver->domains, dom->uuid);
1944     if (!vm) {
1945         char uuidstr[VIR_UUID_STRING_BUFLEN];
1946         virUUIDFormat(dom->uuid, uuidstr);
1947         virReportError(VIR_ERR_NO_DOMAIN,
1948                        _("no domain with matching uuid '%s'"), uuidstr);
1949         goto cleanup;
1950     }
1951
1952     priv = vm->privateData;
1953
1954     qemuDomainSetFakeReboot(driver, vm, false);
1955
1956
1957     /* We need to prevent monitor EOF callback from doing our work (and sending
1958      * misleading events) while the vm is unlocked inside BeginJob/ProcessKill API
1959      */
1960     priv->beingDestroyed = true;
1961
1962     /* Although qemuProcessStop does this already, there may
1963      * be an outstanding job active. We want to make sure we
1964      * can kill the process even if a job is active. Killing
1965      * it now means the job will be released
1966      */
1967     if (flags & VIR_DOMAIN_DESTROY_GRACEFUL) {
1968         if (qemuProcessKill(vm, 0) < 0) {
1969             priv->beingDestroyed = false;
1970             goto cleanup;
1971         }
1972     } else {
1973         if (qemuProcessKill(vm, VIR_QEMU_PROCESS_KILL_FORCE) < 0) {
1974             priv->beingDestroyed = false;
1975             goto cleanup;
1976         }
1977     }
1978
1979     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_DESTROY) < 0)
1980         goto cleanup;
1981
1982     priv->beingDestroyed = false;
1983
1984     if (!virDomainObjIsActive(vm)) {
1985         virReportError(VIR_ERR_OPERATION_INVALID,
1986                        "%s", _("domain is not running"));
1987         goto endjob;
1988     }
1989
1990     qemuProcessStop(driver, vm, VIR_DOMAIN_SHUTOFF_DESTROYED, 0);
1991     event = virDomainEventNewFromObj(vm,
1992                                      VIR_DOMAIN_EVENT_STOPPED,
1993                                      VIR_DOMAIN_EVENT_STOPPED_DESTROYED);
1994     virDomainAuditStop(vm, "destroyed");
1995
1996     if (!vm->persistent) {
1997         if (qemuDomainObjEndJob(driver, vm) > 0)
1998             qemuDomainRemoveInactive(driver, vm);
1999         vm = NULL;
2000     }
2001     ret = 0;
2002
2003 endjob:
2004     if (vm &&
2005         qemuDomainObjEndJob(driver, vm) == 0)
2006         vm = NULL;
2007
2008 cleanup:
2009     if (vm)
2010         virObjectUnlock(vm);
2011     if (event)
2012         qemuDomainEventQueue(driver, event);
2013     return ret;
2014 }
2015
2016 static int
2017 qemuDomainDestroy(virDomainPtr dom)
2018 {
2019     return qemuDomainDestroyFlags(dom, 0);
2020 }
2021
2022 static char *qemuDomainGetOSType(virDomainPtr dom) {
2023     virDomainObjPtr vm;
2024     char *type = NULL;
2025
2026     if (!(vm = qemuDomObjFromDomain(dom)))
2027         goto cleanup;
2028
2029     if (!(type = strdup(vm->def->os.type)))
2030         virReportOOMError();
2031
2032 cleanup:
2033     if (vm)
2034         virObjectUnlock(vm);
2035     return type;
2036 }
2037
2038 /* Returns max memory in kb, 0 if error */
2039 static unsigned long long
2040 qemuDomainGetMaxMemory(virDomainPtr dom)
2041 {
2042     virDomainObjPtr vm;
2043     unsigned long long ret = 0;
2044
2045     if (!(vm = qemuDomObjFromDomain(dom)))
2046         goto cleanup;
2047
2048     ret = vm->def->mem.max_balloon;
2049
2050 cleanup:
2051     if (vm)
2052         virObjectUnlock(vm);
2053     return ret;
2054 }
2055
2056 static int qemuDomainSetMemoryFlags(virDomainPtr dom, unsigned long newmem,
2057                                     unsigned int flags) {
2058     virQEMUDriverPtr driver = dom->conn->privateData;
2059     qemuDomainObjPrivatePtr priv;
2060     virDomainObjPtr vm;
2061     virDomainDefPtr persistentDef = NULL;
2062     int ret = -1, r;
2063     virQEMUDriverConfigPtr cfg = NULL;
2064     virCapsPtr caps = NULL;
2065
2066     virCheckFlags(VIR_DOMAIN_AFFECT_LIVE |
2067                   VIR_DOMAIN_AFFECT_CONFIG |
2068                   VIR_DOMAIN_MEM_MAXIMUM, -1);
2069
2070     if (!(vm = qemuDomObjFromDomain(dom)))
2071         goto cleanup;
2072
2073     cfg = virQEMUDriverGetConfig(driver);
2074
2075     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
2076         goto cleanup;
2077
2078     if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
2079         goto endjob;
2080     if (virDomainLiveConfigHelperMethod(caps, vm, &flags,
2081                                         &persistentDef) < 0)
2082         goto endjob;
2083
2084     if (flags & VIR_DOMAIN_MEM_MAXIMUM) {
2085         /* resize the maximum memory */
2086
2087         if (flags & VIR_DOMAIN_AFFECT_LIVE) {
2088             virReportError(VIR_ERR_OPERATION_INVALID, "%s",
2089                            _("cannot resize the maximum memory on an "
2090                              "active domain"));
2091             goto endjob;
2092         }
2093
2094         if (flags & VIR_DOMAIN_AFFECT_CONFIG) {
2095             /* Help clang 2.8 decipher the logic flow.  */
2096             sa_assert(persistentDef);
2097             persistentDef->mem.max_balloon = newmem;
2098             if (persistentDef->mem.cur_balloon > newmem)
2099                 persistentDef->mem.cur_balloon = newmem;
2100             ret = virDomainSaveConfig(cfg->configDir, persistentDef);
2101             goto endjob;
2102         }
2103
2104     } else {
2105         /* resize the current memory */
2106
2107         if (newmem > vm->def->mem.max_balloon) {
2108             virReportError(VIR_ERR_INVALID_ARG, "%s",
2109                            _("cannot set memory higher than max memory"));
2110             goto endjob;
2111         }
2112
2113         if (flags & VIR_DOMAIN_AFFECT_LIVE) {
2114             priv = vm->privateData;
2115             qemuDomainObjEnterMonitor(driver, vm);
2116             r = qemuMonitorSetBalloon(priv->mon, newmem);
2117             qemuDomainObjExitMonitor(driver, vm);
2118             virDomainAuditMemory(vm, vm->def->mem.cur_balloon, newmem, "update",
2119                                  r == 1);
2120             if (r < 0)
2121                 goto endjob;
2122
2123             /* Lack of balloon support is a fatal error */
2124             if (r == 0) {
2125                 virReportError(VIR_ERR_OPERATION_INVALID, "%s",
2126                                _("Unable to change memory of active domain without "
2127                                  "the balloon device and guest OS balloon driver"));
2128                 goto endjob;
2129             }
2130         }
2131
2132         if (flags & VIR_DOMAIN_AFFECT_CONFIG) {
2133             sa_assert(persistentDef);
2134             persistentDef->mem.cur_balloon = newmem;
2135             ret = virDomainSaveConfig(cfg->configDir, persistentDef);
2136             goto endjob;
2137         }
2138     }
2139
2140     ret = 0;
2141 endjob:
2142     if (qemuDomainObjEndJob(driver, vm) == 0)
2143         vm = NULL;
2144
2145 cleanup:
2146     if (vm)
2147         virObjectUnlock(vm);
2148     virObjectUnref(caps);
2149     virObjectUnref(cfg);
2150     return ret;
2151 }
2152
2153 static int qemuDomainSetMemory(virDomainPtr dom, unsigned long newmem)
2154 {
2155     return qemuDomainSetMemoryFlags(dom, newmem, VIR_DOMAIN_AFFECT_LIVE);
2156 }
2157
2158 static int qemuDomainSetMaxMemory(virDomainPtr dom, unsigned long memory)
2159 {
2160     return qemuDomainSetMemoryFlags(dom, memory, VIR_DOMAIN_MEM_MAXIMUM);
2161 }
2162
2163 static int qemuDomainInjectNMI(virDomainPtr domain, unsigned int flags)
2164 {
2165     virQEMUDriverPtr driver = domain->conn->privateData;
2166     virDomainObjPtr vm = NULL;
2167     int ret = -1;
2168     qemuDomainObjPrivatePtr priv;
2169
2170     virCheckFlags(0, -1);
2171
2172     vm = virDomainObjListFindByUUID(driver->domains, domain->uuid);
2173     if (!vm) {
2174         char uuidstr[VIR_UUID_STRING_BUFLEN];
2175         virUUIDFormat(domain->uuid, uuidstr);
2176         virReportError(VIR_ERR_NO_DOMAIN,
2177                        _("no domain with matching uuid '%s'"), uuidstr);
2178         goto cleanup;
2179     }
2180
2181     if (!virDomainObjIsActive(vm)) {
2182         virReportError(VIR_ERR_OPERATION_INVALID,
2183                        "%s", _("domain is not running"));
2184         goto cleanup;
2185     }
2186
2187     priv = vm->privateData;
2188
2189     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
2190         goto cleanup;
2191
2192     if (!virDomainObjIsActive(vm)) {
2193         virReportError(VIR_ERR_OPERATION_INVALID,
2194                        "%s", _("domain is not running"));
2195         goto endjob;
2196     }
2197
2198     qemuDomainObjEnterMonitor(driver, vm);
2199     ret = qemuMonitorInjectNMI(priv->mon);
2200     qemuDomainObjExitMonitor(driver, vm);
2201
2202 endjob:
2203     if (qemuDomainObjEndJob(driver, vm) == 0) {
2204         vm = NULL;
2205         goto cleanup;
2206     }
2207
2208 cleanup:
2209     if (vm)
2210         virObjectUnlock(vm);
2211     return ret;
2212 }
2213
2214 static int qemuDomainSendKey(virDomainPtr domain,
2215                              unsigned int codeset,
2216                              unsigned int holdtime,
2217                              unsigned int *keycodes,
2218                              int nkeycodes,
2219                              unsigned int flags)
2220 {
2221     virQEMUDriverPtr driver = domain->conn->privateData;
2222     virDomainObjPtr vm = NULL;
2223     int ret = -1;
2224     qemuDomainObjPrivatePtr priv;
2225
2226     virCheckFlags(0, -1);
2227
2228     /* translate the keycode to RFB for qemu driver */
2229     if (codeset != VIR_KEYCODE_SET_RFB) {
2230         int i;
2231         int keycode;
2232
2233         for (i = 0; i < nkeycodes; i++) {
2234             keycode = virKeycodeValueTranslate(codeset, VIR_KEYCODE_SET_RFB,
2235                                                keycodes[i]);
2236             if (keycode < 0) {
2237                 virReportError(VIR_ERR_INTERNAL_ERROR,
2238                                _("cannot translate keycode %u of %s codeset to rfb keycode"),
2239                                keycodes[i],
2240                                virKeycodeSetTypeToString(codeset));
2241                 return -1;
2242             }
2243             keycodes[i] = keycode;
2244         }
2245     }
2246
2247     if (!(vm = qemuDomObjFromDomain(domain)))
2248         goto cleanup;
2249
2250     priv = vm->privateData;
2251
2252     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
2253         goto cleanup;
2254
2255     if (!virDomainObjIsActive(vm)) {
2256         virReportError(VIR_ERR_OPERATION_INVALID,
2257                        "%s", _("domain is not running"));
2258         goto endjob;
2259     }
2260
2261     qemuDomainObjEnterMonitor(driver, vm);
2262     ret = qemuMonitorSendKey(priv->mon, holdtime, keycodes, nkeycodes);
2263     qemuDomainObjExitMonitor(driver, vm);
2264
2265 endjob:
2266     if (qemuDomainObjEndJob(driver, vm) == 0)
2267         vm = NULL;
2268
2269 cleanup:
2270     if (vm)
2271         virObjectUnlock(vm);
2272     return ret;
2273 }
2274
2275 static int qemuDomainGetInfo(virDomainPtr dom,
2276                              virDomainInfoPtr info)
2277 {
2278     virQEMUDriverPtr driver = dom->conn->privateData;
2279     virDomainObjPtr vm;
2280     int ret = -1;
2281     int err;
2282     unsigned long long balloon;
2283
2284     if (!(vm = qemuDomObjFromDomain(dom)))
2285         goto cleanup;
2286
2287     info->state = virDomainObjGetState(vm, NULL);
2288
2289     if (!virDomainObjIsActive(vm)) {
2290         info->cpuTime = 0;
2291     } else {
2292         if (qemuGetProcessInfo(&(info->cpuTime), NULL, NULL, vm->pid, 0) < 0) {
2293             virReportError(VIR_ERR_OPERATION_FAILED, "%s",
2294                            _("cannot read cputime for domain"));
2295             goto cleanup;
2296         }
2297     }
2298
2299     info->maxMem = vm->def->mem.max_balloon;
2300
2301     if (virDomainObjIsActive(vm)) {
2302         qemuDomainObjPrivatePtr priv = vm->privateData;
2303
2304         if ((vm->def->memballoon != NULL) &&
2305             (vm->def->memballoon->model == VIR_DOMAIN_MEMBALLOON_MODEL_NONE)) {
2306             info->memory = vm->def->mem.max_balloon;
2307         } else if (virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_BALLOON_EVENT)) {
2308             info->memory = vm->def->mem.cur_balloon;
2309         } else if (qemuDomainJobAllowed(priv, QEMU_JOB_QUERY)) {
2310             if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_QUERY) < 0)
2311                 goto cleanup;
2312             if (!virDomainObjIsActive(vm))
2313                 err = 0;
2314             else {
2315                 qemuDomainObjEnterMonitor(driver, vm);
2316                 err = qemuMonitorGetBalloonInfo(priv->mon, &balloon);
2317                 qemuDomainObjExitMonitor(driver, vm);
2318             }
2319             if (qemuDomainObjEndJob(driver, vm) == 0) {
2320                 vm = NULL;
2321                 goto cleanup;
2322             }
2323
2324             if (err < 0) {
2325                 /* We couldn't get current memory allocation but that's not
2326                  * a show stopper; we wouldn't get it if there was a job
2327                  * active either
2328                  */
2329                 info->memory = vm->def->mem.cur_balloon;
2330             } else if (err == 0) {
2331                 /* Balloon not supported, so maxmem is always the allocation */
2332                 info->memory = vm->def->mem.max_balloon;
2333             } else {
2334                 info->memory = balloon;
2335             }
2336         } else {
2337             info->memory = vm->def->mem.cur_balloon;
2338         }
2339     } else {
2340         info->memory = vm->def->mem.cur_balloon;
2341     }
2342
2343     info->nrVirtCpu = vm->def->vcpus;
2344     ret = 0;
2345
2346 cleanup:
2347     if (vm)
2348         virObjectUnlock(vm);
2349     return ret;
2350 }
2351
2352 static int
2353 qemuDomainGetState(virDomainPtr dom,
2354                    int *state,
2355                    int *reason,
2356                    unsigned int flags)
2357 {
2358     virDomainObjPtr vm;
2359     int ret = -1;
2360
2361     virCheckFlags(0, -1);
2362
2363     if (!(vm = qemuDomObjFromDomain(dom)))
2364         goto cleanup;
2365
2366     *state = virDomainObjGetState(vm, reason);
2367     ret = 0;
2368
2369 cleanup:
2370     if (vm)
2371         virObjectUnlock(vm);
2372     return ret;
2373 }
2374
2375 static int
2376 qemuDomainGetControlInfo(virDomainPtr dom,
2377                           virDomainControlInfoPtr info,
2378                           unsigned int flags)
2379 {
2380     virDomainObjPtr vm;
2381     qemuDomainObjPrivatePtr priv;
2382     int ret = -1;
2383
2384     virCheckFlags(0, -1);
2385
2386     if (!(vm = qemuDomObjFromDomain(dom)))
2387         goto cleanup;
2388
2389     if (!virDomainObjIsActive(vm)) {
2390         virReportError(VIR_ERR_OPERATION_INVALID,
2391                        "%s", _("domain is not running"));
2392         goto cleanup;
2393     }
2394
2395     priv = vm->privateData;
2396
2397     memset(info, 0, sizeof(*info));
2398
2399     if (priv->monError) {
2400         info->state = VIR_DOMAIN_CONTROL_ERROR;
2401     } else if (priv->job.active) {
2402         if (!priv->monStart) {
2403             info->state = VIR_DOMAIN_CONTROL_JOB;
2404             if (virTimeMillisNow(&info->stateTime) < 0)
2405                 goto cleanup;
2406             info->stateTime -= priv->job.start;
2407         } else {
2408             info->state = VIR_DOMAIN_CONTROL_OCCUPIED;
2409             if (virTimeMillisNow(&info->stateTime) < 0)
2410                 goto cleanup;
2411             info->stateTime -= priv->monStart;
2412         }
2413     } else {
2414         info->state = VIR_DOMAIN_CONTROL_OK;
2415     }
2416
2417     ret = 0;
2418
2419 cleanup:
2420     if (vm)
2421         virObjectUnlock(vm);
2422     return ret;
2423 }
2424
2425
2426 /* It would be nice to replace 'Qemud' with 'Qemu' but
2427  * this magic string is ABI, so it can't be changed
2428  */
2429 #define QEMU_SAVE_MAGIC   "LibvirtQemudSave"
2430 #define QEMU_SAVE_PARTIAL "LibvirtQemudPart"
2431 #define QEMU_SAVE_VERSION 2
2432
2433 verify(sizeof(QEMU_SAVE_MAGIC) == sizeof(QEMU_SAVE_PARTIAL));
2434
2435 typedef enum {
2436     QEMU_SAVE_FORMAT_RAW = 0,
2437     QEMU_SAVE_FORMAT_GZIP = 1,
2438     QEMU_SAVE_FORMAT_BZIP2 = 2,
2439     /*
2440      * Deprecated by xz and never used as part of a release
2441      * QEMU_SAVE_FORMAT_LZMA
2442      */
2443     QEMU_SAVE_FORMAT_XZ = 3,
2444     QEMU_SAVE_FORMAT_LZOP = 4,
2445     /* Note: add new members only at the end.
2446        These values are used in the on-disk format.
2447        Do not change or re-use numbers. */
2448
2449     QEMU_SAVE_FORMAT_LAST
2450 } virQEMUSaveFormat;
2451
2452 VIR_ENUM_DECL(qemuSaveCompression)
2453 VIR_ENUM_IMPL(qemuSaveCompression, QEMU_SAVE_FORMAT_LAST,
2454               "raw",
2455               "gzip",
2456               "bzip2",
2457               "xz",
2458               "lzop")
2459
2460 typedef struct _virQEMUSaveHeader virQEMUSaveHeader;
2461 typedef virQEMUSaveHeader *virQEMUSaveHeaderPtr;
2462 struct _virQEMUSaveHeader {
2463     char magic[sizeof(QEMU_SAVE_MAGIC)-1];
2464     uint32_t version;
2465     uint32_t xml_len;
2466     uint32_t was_running;
2467     uint32_t compressed;
2468     uint32_t unused[15];
2469 };
2470
2471 static inline void
2472 bswap_header(virQEMUSaveHeaderPtr hdr) {
2473     hdr->version = bswap_32(hdr->version);
2474     hdr->xml_len = bswap_32(hdr->xml_len);
2475     hdr->was_running = bswap_32(hdr->was_running);
2476     hdr->compressed = bswap_32(hdr->compressed);
2477 }
2478
2479
2480 /* return -errno on failure, or 0 on success */
2481 static int
2482 qemuDomainSaveHeader(int fd, const char *path, const char *xml,
2483                      virQEMUSaveHeaderPtr header)
2484 {
2485     int ret = 0;
2486
2487     if (safewrite(fd, header, sizeof(*header)) != sizeof(*header)) {
2488         ret = -errno;
2489         virReportError(VIR_ERR_OPERATION_FAILED,
2490                        _("failed to write header to domain save file '%s'"),
2491                        path);
2492         goto endjob;
2493     }
2494
2495     if (safewrite(fd, xml, header->xml_len) != header->xml_len) {
2496         ret = -errno;
2497         virReportError(VIR_ERR_OPERATION_FAILED,
2498                        _("failed to write xml to '%s'"), path);
2499         goto endjob;
2500     }
2501 endjob:
2502     return ret;
2503 }
2504
2505 /* Given a virQEMUSaveFormat compression level, return the name
2506  * of the program to run, or NULL if no program is needed.  */
2507 static const char *
2508 qemuCompressProgramName(int compress)
2509 {
2510     return (compress == QEMU_SAVE_FORMAT_RAW ? NULL :
2511             qemuSaveCompressionTypeToString(compress));
2512 }
2513
2514 static virCommandPtr
2515 qemuCompressGetCommand(virQEMUSaveFormat compression)
2516 {
2517     virCommandPtr ret = NULL;
2518     const char *prog = qemuSaveCompressionTypeToString(compression);
2519
2520     if (!prog) {
2521         virReportError(VIR_ERR_OPERATION_FAILED,
2522                        _("Invalid compressed save format %d"),
2523                        compression);
2524         return NULL;
2525     }
2526
2527     ret = virCommandNew(prog);
2528     virCommandAddArg(ret, "-dc");
2529
2530     switch (compression) {
2531     case QEMU_SAVE_FORMAT_LZOP:
2532         virCommandAddArg(ret, "--ignore-warn");
2533         break;
2534     default:
2535         break;
2536     }
2537
2538     return ret;
2539 }
2540
2541 /* Internal function to properly create or open existing files, with
2542  * ownership affected by qemu driver setup.  */
2543 static int
2544 qemuOpenFile(virQEMUDriverPtr driver, const char *path, int oflags,
2545              bool *needUnlink, bool *bypassSecurityDriver)
2546 {
2547     struct stat sb;
2548     bool is_reg = true;
2549     bool need_unlink = false;
2550     bool bypass_security = false;
2551     unsigned int vfoflags = 0;
2552     int fd = -1;
2553     int path_shared = virStorageFileIsSharedFS(path);
2554     uid_t uid = getuid();
2555     gid_t gid = getgid();
2556     virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
2557
2558     /* path might be a pre-existing block dev, in which case
2559      * we need to skip the create step, and also avoid unlink
2560      * in the failure case */
2561     if (oflags & O_CREAT) {
2562         need_unlink = true;
2563
2564         /* Don't force chown on network-shared FS
2565          * as it is likely to fail. */
2566         if (path_shared <= 0 || cfg->dynamicOwnership)
2567             vfoflags |= VIR_FILE_OPEN_FORCE_OWNER;
2568
2569         if (stat(path, &sb) == 0) {
2570             is_reg = !!S_ISREG(sb.st_mode);
2571             /* If the path is regular file which exists
2572              * already and dynamic_ownership is off, we don't
2573              * want to change it's ownership, just open it as-is */
2574             if (is_reg && !cfg->dynamicOwnership) {
2575                 uid = sb.st_uid;
2576                 gid = sb.st_gid;
2577             }
2578         }
2579     }
2580
2581     /* First try creating the file as root */
2582     if (!is_reg) {
2583         fd = open(path, oflags & ~O_CREAT);
2584         if (fd < 0) {
2585             virReportSystemError(errno, _("unable to open %s"), path);
2586             goto cleanup;
2587         }
2588     } else {
2589         if ((fd = virFileOpenAs(path, oflags, S_IRUSR | S_IWUSR, uid, gid,
2590                                 vfoflags | VIR_FILE_OPEN_NOFORK)) < 0) {
2591             /* If we failed as root, and the error was permission-denied
2592                (EACCES or EPERM), assume it's on a network-connected share
2593                where root access is restricted (eg, root-squashed NFS). If the
2594                qemu user (cfg->user) is non-root, just set a flag to
2595                bypass security driver shenanigans, and retry the operation
2596                after doing setuid to qemu user */
2597             if ((fd != -EACCES && fd != -EPERM) ||
2598                 cfg->user == getuid()) {
2599                 virReportSystemError(-fd,
2600                                      _("Failed to create file '%s'"),
2601                                      path);
2602                 goto cleanup;
2603             }
2604
2605             /* On Linux we can also verify the FS-type of the directory. */
2606             switch (path_shared) {
2607                 case 1:
2608                    /* it was on a network share, so we'll continue
2609                     * as outlined above
2610                     */
2611                    break;
2612
2613                 case -1:
2614                    virReportSystemError(errno,
2615                                         _("Failed to create file "
2616                                           "'%s': couldn't determine fs type"),
2617                                         path);
2618                    goto cleanup;
2619
2620                 case 0:
2621                 default:
2622                    /* local file - log the error returned by virFileOpenAs */
2623                    virReportSystemError(-fd,
2624                                         _("Failed to create file '%s'"),
2625                                         path);
2626                    goto cleanup;
2627             }
2628
2629             /* Retry creating the file as cfg->user */
2630
2631             if ((fd = virFileOpenAs(path, oflags,
2632                                     S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP,
2633                                     cfg->user, cfg->group,
2634                                     vfoflags | VIR_FILE_OPEN_FORK)) < 0) {
2635                 virReportSystemError(-fd,
2636                                    _("Error from child process creating '%s'"),
2637                                      path);
2638                 goto cleanup;
2639             }
2640
2641             /* Since we had to setuid to create the file, and the fstype
2642                is NFS, we assume it's a root-squashing NFS share, and that
2643                the security driver stuff would have failed anyway */
2644
2645             bypass_security = true;
2646         }
2647     }
2648 cleanup:
2649     if (needUnlink)
2650         *needUnlink = need_unlink;
2651     if (bypassSecurityDriver)
2652         *bypassSecurityDriver = bypass_security;
2653     virObjectUnref(cfg);
2654     return fd;
2655 }
2656
2657 /* Helper function to execute a migration to file with a correct save header
2658  * the caller needs to make sure that the processors are stopped and do all other
2659  * actions besides saving memory */
2660 static int
2661 qemuDomainSaveMemory(virQEMUDriverPtr driver,
2662                      virDomainObjPtr vm,
2663                      const char *path,
2664                      const char *domXML,
2665                      int compressed,
2666                      bool was_running,
2667                      unsigned int flags,
2668                      enum qemuDomainAsyncJob asyncJob)
2669 {
2670     virQEMUSaveHeader header;
2671     bool bypassSecurityDriver = false;
2672     bool needUnlink = false;
2673     int ret = -1;
2674     int fd = -1;
2675     int directFlag = 0;
2676     virFileWrapperFdPtr wrapperFd = NULL;
2677     unsigned int wrapperFlags = VIR_FILE_WRAPPER_NON_BLOCKING;
2678     unsigned long long pad;
2679     unsigned long long offset;
2680     size_t len;
2681     char *xml = NULL;
2682
2683     memset(&header, 0, sizeof(header));
2684     memcpy(header.magic, QEMU_SAVE_PARTIAL, sizeof(header.magic));
2685     header.version = QEMU_SAVE_VERSION;
2686     header.was_running = was_running ? 1 : 0;
2687
2688     header.compressed = compressed;
2689
2690     len = strlen(domXML) + 1;
2691     offset = sizeof(header) + len;
2692
2693     /* Due to way we append QEMU state on our header with dd,
2694      * we need to ensure there's a 512 byte boundary. Unfortunately
2695      * we don't have an explicit offset in the header, so we fake
2696      * it by padding the XML string with NUL bytes.  Additionally,
2697      * we want to ensure that virDomainSaveImageDefineXML can supply
2698      * slightly larger XML, so we add a miminum padding prior to
2699      * rounding out to page boundaries.
2700      */
2701     pad = 1024;
2702     pad += (QEMU_MONITOR_MIGRATE_TO_FILE_BS -
2703             ((offset + pad) % QEMU_MONITOR_MIGRATE_TO_FILE_BS));
2704     if (VIR_ALLOC_N(xml, len + pad) < 0) {
2705         virReportOOMError();
2706         goto cleanup;
2707     }
2708     strcpy(xml, domXML);
2709
2710     offset += pad;
2711     header.xml_len = len;
2712
2713     /* Obtain the file handle.  */
2714     if ((flags & VIR_DOMAIN_SAVE_BYPASS_CACHE)) {
2715         wrapperFlags |= VIR_FILE_WRAPPER_BYPASS_CACHE;
2716         directFlag = virFileDirectFdFlag();
2717         if (directFlag < 0) {
2718             virReportError(VIR_ERR_OPERATION_FAILED, "%s",
2719                            _("bypass cache unsupported by this system"));
2720             goto cleanup;
2721         }
2722     }
2723     fd = qemuOpenFile(driver, path, O_WRONLY | O_TRUNC | O_CREAT | directFlag,
2724                       &needUnlink, &bypassSecurityDriver);
2725     if (fd < 0)
2726         goto cleanup;
2727
2728     if (!(wrapperFd = virFileWrapperFdNew(&fd, path, wrapperFlags)))
2729         goto cleanup;
2730
2731     /* Write header to file, followed by XML */
2732     if (qemuDomainSaveHeader(fd, path, xml, &header) < 0)
2733         goto cleanup;
2734
2735     /* Perform the migration */
2736     if (qemuMigrationToFile(driver, vm, fd, offset, path,
2737                             qemuCompressProgramName(compressed),
2738                             bypassSecurityDriver,
2739                             asyncJob) < 0)
2740         goto cleanup;
2741
2742     /* Touch up file header to mark image complete. */
2743
2744     /* Reopen the file to touch up the header, since we aren't set
2745      * up to seek backwards on wrapperFd.  The reopened fd will
2746      * trigger a single page of file system cache pollution, but
2747      * that's acceptable.  */
2748     if (VIR_CLOSE(fd) < 0) {
2749         virReportSystemError(errno, _("unable to close %s"), path);
2750         goto cleanup;
2751     }
2752
2753     if (virFileWrapperFdClose(wrapperFd) < 0)
2754         goto cleanup;
2755
2756     if ((fd = qemuOpenFile(driver, path, O_WRONLY, NULL, NULL)) < 0)
2757         goto cleanup;
2758
2759     memcpy(header.magic, QEMU_SAVE_MAGIC, sizeof(header.magic));
2760
2761     if (safewrite(fd, &header, sizeof(header)) != sizeof(header)) {
2762         virReportSystemError(errno, _("unable to write %s"), path);
2763         goto cleanup;
2764     }
2765
2766     if (VIR_CLOSE(fd) < 0) {
2767         virReportSystemError(errno, _("unable to close %s"), path);
2768         goto cleanup;
2769     }
2770
2771     ret = 0;
2772
2773 cleanup:
2774     VIR_FORCE_CLOSE(fd);
2775     virFileWrapperFdFree(wrapperFd);
2776     VIR_FREE(xml);
2777
2778     if (ret != 0 && needUnlink)
2779         unlink(path);
2780
2781     return ret;
2782 }
2783
2784 /* The vm must be active + locked. Vm will be unlocked and
2785  * potentially free'd after this returns (eg transient VMs are freed
2786  * shutdown). So 'vm' must not be referenced by the caller after
2787  * this returns (whether returning success or failure).
2788  */
2789 static int
2790 qemuDomainSaveInternal(virQEMUDriverPtr driver, virDomainPtr dom,
2791                        virDomainObjPtr vm, const char *path,
2792                        int compressed, const char *xmlin, unsigned int flags)
2793 {
2794     char *xml = NULL;
2795     bool was_running = false;
2796     int ret = -1;
2797     int rc;
2798     virDomainEventPtr event = NULL;
2799     qemuDomainObjPrivatePtr priv = vm->privateData;
2800     virCapsPtr caps;
2801
2802     if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
2803         goto cleanup;
2804
2805     if (!qemuMigrationIsAllowed(driver, vm, vm->def, false))
2806         goto cleanup;
2807
2808     if (qemuDomainObjBeginAsyncJob(driver, vm,
2809                                              QEMU_ASYNC_JOB_SAVE) < 0)
2810
2811     memset(&priv->job.info, 0, sizeof(priv->job.info));
2812     priv->job.info.type = VIR_DOMAIN_JOB_UNBOUNDED;
2813
2814     /* Pause */
2815     if (virDomainObjGetState(vm, NULL) == VIR_DOMAIN_RUNNING) {
2816         was_running = true;
2817         if (qemuProcessStopCPUs(driver, vm, VIR_DOMAIN_PAUSED_SAVE,
2818                                 QEMU_ASYNC_JOB_SAVE) < 0)
2819             goto endjob;
2820
2821         if (!virDomainObjIsActive(vm)) {
2822             virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
2823                            _("guest unexpectedly quit"));
2824             goto endjob;
2825         }
2826     }
2827
2828    /* libvirt.c already guaranteed these two flags are exclusive.  */
2829     if (flags & VIR_DOMAIN_SAVE_RUNNING)
2830         was_running = true;
2831     else if (flags & VIR_DOMAIN_SAVE_PAUSED)
2832         was_running = false;
2833
2834     /* Get XML for the domain.  Restore needs only the inactive xml,
2835      * including secure.  We should get the same result whether xmlin
2836      * is NULL or whether it was the live xml of the domain moments
2837      * before.  */
2838     if (xmlin) {
2839         virDomainDefPtr def = NULL;
2840
2841         if (!(def = virDomainDefParseString(caps, xmlin,
2842                                             QEMU_EXPECTED_VIRT_TYPES,
2843                                             VIR_DOMAIN_XML_INACTIVE))) {
2844             goto endjob;
2845         }
2846         if (!virDomainDefCheckABIStability(vm->def, def)) {
2847             virDomainDefFree(def);
2848             goto endjob;
2849         }
2850         xml = qemuDomainDefFormatLive(driver, def, true, true);
2851     } else {
2852         xml = qemuDomainDefFormatLive(driver, vm->def, true, true);
2853     }
2854     if (!xml) {
2855         virReportError(VIR_ERR_OPERATION_FAILED,
2856                        "%s", _("failed to get domain xml"));
2857         goto endjob;
2858     }
2859
2860     ret = qemuDomainSaveMemory(driver, vm, path, xml, compressed,
2861                                was_running, flags, QEMU_ASYNC_JOB_SAVE);
2862     if (ret < 0)
2863         goto endjob;
2864
2865     /* Shut it down */
2866     qemuProcessStop(driver, vm, VIR_DOMAIN_SHUTOFF_SAVED, 0);
2867     virDomainAuditStop(vm, "saved");
2868     event = virDomainEventNewFromObj(vm,
2869                                      VIR_DOMAIN_EVENT_STOPPED,
2870                                      VIR_DOMAIN_EVENT_STOPPED_SAVED);
2871     if (!vm->persistent) {
2872         if (qemuDomainObjEndAsyncJob(driver, vm) > 0)
2873             qemuDomainRemoveInactive(driver, vm);
2874         vm = NULL;
2875     }
2876
2877 endjob:
2878     if (vm) {
2879         if (ret != 0) {
2880             if (was_running && virDomainObjIsActive(vm)) {
2881                 rc = qemuProcessStartCPUs(driver, vm, dom->conn,
2882                                           VIR_DOMAIN_RUNNING_SAVE_CANCELED,
2883                                           QEMU_ASYNC_JOB_SAVE);
2884                 if (rc < 0) {
2885                     VIR_WARN("Unable to resume guest CPUs after save failure");
2886                     event = virDomainEventNewFromObj(vm,
2887                                                      VIR_DOMAIN_EVENT_SUSPENDED,
2888                                                      VIR_DOMAIN_EVENT_SUSPENDED_API_ERROR);
2889                 }
2890             }
2891         }
2892         if (qemuDomainObjEndAsyncJob(driver, vm) == 0)
2893             vm = NULL;
2894     }
2895
2896 cleanup:
2897     VIR_FREE(xml);
2898     if (event)
2899         qemuDomainEventQueue(driver, event);
2900     if (vm)
2901         virObjectUnlock(vm);
2902     virObjectUnref(caps);
2903     return ret;
2904 }
2905
2906 /* Returns true if a compression program is available in PATH */
2907 static bool qemuCompressProgramAvailable(virQEMUSaveFormat compress)
2908 {
2909     const char *prog;
2910     char *c;
2911
2912     if (compress == QEMU_SAVE_FORMAT_RAW)
2913         return true;
2914     prog = qemuSaveCompressionTypeToString(compress);
2915     c = virFindFileInPath(prog);
2916     if (!c)
2917         return false;
2918     VIR_FREE(c);
2919     return true;
2920 }
2921
2922 static int
2923 qemuDomainSaveFlags(virDomainPtr dom, const char *path, const char *dxml,
2924                     unsigned int flags)
2925 {
2926     virQEMUDriverPtr driver = dom->conn->privateData;
2927     int compressed;
2928     int ret = -1;
2929     virDomainObjPtr vm = NULL;
2930     virQEMUDriverConfigPtr cfg = NULL;
2931
2932     virCheckFlags(VIR_DOMAIN_SAVE_BYPASS_CACHE |
2933                   VIR_DOMAIN_SAVE_RUNNING |
2934                   VIR_DOMAIN_SAVE_PAUSED, -1);
2935
2936     cfg = virQEMUDriverGetConfig(driver);
2937     if (cfg->saveImageFormat == NULL)
2938         compressed = QEMU_SAVE_FORMAT_RAW;
2939     else {
2940         compressed = qemuSaveCompressionTypeFromString(cfg->saveImageFormat);
2941         if (compressed < 0) {
2942             virReportError(VIR_ERR_OPERATION_FAILED,
2943                            "%s", _("Invalid save image format specified "
2944                                    "in configuration file"));
2945             goto cleanup;
2946         }
2947         if (!qemuCompressProgramAvailable(compressed)) {
2948             virReportError(VIR_ERR_OPERATION_FAILED,
2949                            "%s", _("Compression program for image format "
2950                                    "in configuration file isn't available"));
2951             goto cleanup;
2952         }
2953     }
2954
2955     vm = virDomainObjListFindByUUID(driver->domains, dom->uuid);
2956     if (!vm) {
2957         char uuidstr[VIR_UUID_STRING_BUFLEN];
2958         virUUIDFormat(dom->uuid, uuidstr);
2959         virReportError(VIR_ERR_NO_DOMAIN,
2960                        _("no domain with matching uuid '%s'"), uuidstr);
2961         goto cleanup;
2962     }
2963
2964     if (!virDomainObjIsActive(vm)) {
2965         virReportError(VIR_ERR_OPERATION_INVALID,
2966                        "%s", _("domain is not running"));
2967         goto cleanup;
2968     }
2969
2970     ret = qemuDomainSaveInternal(driver, dom, vm, path, compressed,
2971                                  dxml, flags);
2972     vm = NULL;
2973
2974 cleanup:
2975     if (vm)
2976         virObjectUnlock(vm);
2977     virObjectUnref(cfg);
2978     return ret;
2979 }
2980
2981 static int
2982 qemuDomainSave(virDomainPtr dom, const char *path)
2983 {
2984     return qemuDomainSaveFlags(dom, path, NULL, 0);
2985 }
2986
2987 static char *
2988 qemuDomainManagedSavePath(virQEMUDriverPtr driver, virDomainObjPtr vm)
2989 {
2990     char *ret;
2991     virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
2992
2993     if (virAsprintf(&ret, "%s/%s.save", cfg->saveDir, vm->def->name) < 0) {
2994         virReportOOMError();
2995         virObjectUnref(cfg);
2996         return NULL;
2997     }
2998
2999     virObjectUnref(cfg);
3000     return ret;
3001 }
3002
3003 static int
3004 qemuDomainManagedSave(virDomainPtr dom, unsigned int flags)
3005 {
3006     virQEMUDriverPtr driver = dom->conn->privateData;
3007     virDomainObjPtr vm;
3008     char *name = NULL;
3009     int ret = -1;
3010     int compressed;
3011
3012     virCheckFlags(VIR_DOMAIN_SAVE_BYPASS_CACHE |
3013                   VIR_DOMAIN_SAVE_RUNNING |
3014                   VIR_DOMAIN_SAVE_PAUSED, -1);
3015
3016     if (!(vm = qemuDomObjFromDomain(dom)))
3017         return -1;
3018
3019     if (!virDomainObjIsActive(vm)) {
3020         virReportError(VIR_ERR_OPERATION_INVALID,
3021                        "%s", _("domain is not running"));
3022         goto cleanup;
3023     }
3024     if (!vm->persistent) {
3025         virReportError(VIR_ERR_OPERATION_INVALID, "%s",
3026                        _("cannot do managed save for transient domain"));
3027         goto cleanup;
3028     }
3029
3030     if (!(name = qemuDomainManagedSavePath(driver, vm)))
3031         goto cleanup;
3032
3033     VIR_INFO("Saving state to %s", name);
3034
3035     compressed = QEMU_SAVE_FORMAT_RAW;
3036     if ((ret = qemuDomainSaveInternal(driver, dom, vm, name, compressed,
3037                                       NULL, flags)) == 0)
3038         vm->hasManagedSave = true;
3039
3040     vm = NULL;
3041
3042 cleanup:
3043     if (vm)
3044         virObjectUnlock(vm);
3045     VIR_FREE(name);
3046
3047     return ret;
3048 }
3049
3050 static int
3051 qemuDomainManagedSaveLoad(virDomainObjPtr vm,
3052                           void *opaque)
3053 {
3054     virQEMUDriverPtr driver = opaque;
3055     char *name;
3056     int ret = -1;
3057
3058     virObjectLock(vm);
3059
3060     if (!(name = qemuDomainManagedSavePath(driver, vm)))
3061         goto cleanup;
3062
3063     vm->hasManagedSave = virFileExists(name);
3064
3065     ret = 0;
3066 cleanup:
3067     virObjectUnlock(vm);
3068     VIR_FREE(name);
3069     return ret;
3070 }
3071
3072
3073 static int
3074 qemuDomainHasManagedSaveImage(virDomainPtr dom, unsigned int flags)
3075 {
3076     virDomainObjPtr vm = NULL;
3077     int ret;
3078
3079     virCheckFlags(0, -1);
3080
3081     if (!(vm = qemuDomObjFromDomain(dom)))
3082         return -1;
3083
3084     ret = vm->hasManagedSave;
3085     virObjectUnlock(vm);
3086     return ret;
3087 }
3088
3089 static int
3090 qemuDomainManagedSaveRemove(virDomainPtr dom, unsigned int flags)
3091 {
3092     virQEMUDriverPtr driver = dom->conn->privateData;
3093     virDomainObjPtr vm;
3094     int ret = -1;
3095     char *name = NULL;
3096
3097     virCheckFlags(0, -1);
3098
3099     if (!(vm = qemuDomObjFromDomain(dom)))
3100         return -1;
3101
3102     if (!(name = qemuDomainManagedSavePath(driver, vm)))
3103         goto cleanup;
3104
3105     if (unlink(name) < 0) {
3106         virReportSystemError(errno,
3107                              _("Failed to remove managed save file '%s'"),
3108                              name);
3109         goto cleanup;
3110     }
3111
3112     vm->hasManagedSave = false;
3113     ret = 0;
3114
3115 cleanup:
3116     VIR_FREE(name);
3117     virObjectUnlock(vm);
3118     return ret;
3119 }
3120
3121 static int qemuDumpToFd(virQEMUDriverPtr driver, virDomainObjPtr vm,
3122                         int fd, enum qemuDomainAsyncJob asyncJob)
3123 {
3124     qemuDomainObjPrivatePtr priv = vm->privateData;
3125     int ret = -1;
3126
3127     if (!virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_DUMP_GUEST_MEMORY)) {
3128         virReportError(VIR_ERR_NO_SUPPORT, "%s",
3129                        _("dump-guest-memory is not supported"));
3130         return -1;
3131     }
3132
3133     if (virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def,
3134                                           fd) < 0)
3135         return -1;
3136
3137     priv->job.dump_memory_only = true;
3138
3139     if (qemuDomainObjEnterMonitorAsync(driver, vm, asyncJob) < 0)
3140         return -1;
3141
3142     ret = qemuMonitorDumpToFd(priv->mon, fd);
3143     qemuDomainObjExitMonitor(driver, vm);
3144
3145     return ret;
3146 }
3147
3148 static int
3149 doCoreDump(virQEMUDriverPtr driver,
3150            virDomainObjPtr vm,
3151            const char *path,
3152            virQEMUSaveFormat compress,
3153            unsigned int dump_flags)
3154 {
3155     int fd = -1;
3156     int ret = -1;
3157     virFileWrapperFdPtr wrapperFd = NULL;
3158     int directFlag = 0;
3159     unsigned int flags = VIR_FILE_WRAPPER_NON_BLOCKING;
3160
3161     /* Create an empty file with appropriate ownership.  */
3162     if (dump_flags & VIR_DUMP_BYPASS_CACHE) {
3163         flags |= VIR_FILE_WRAPPER_BYPASS_CACHE;
3164         directFlag = virFileDirectFdFlag();
3165         if (directFlag < 0) {
3166             virReportError(VIR_ERR_OPERATION_FAILED, "%s",
3167                            _("bypass cache unsupported by this system"));
3168             goto cleanup;
3169         }
3170     }
3171     /* Core dumps usually imply last-ditch analysis efforts are
3172      * desired, so we intentionally do not unlink even if a file was
3173      * created.  */
3174     if ((fd = qemuOpenFile(driver, path,
3175                            O_CREAT | O_TRUNC | O_WRONLY | directFlag,
3176                            NULL, NULL)) < 0)
3177         goto cleanup;
3178
3179     if (!(wrapperFd = virFileWrapperFdNew(&fd, path, flags)))
3180         goto cleanup;
3181
3182     if (dump_flags & VIR_DUMP_MEMORY_ONLY) {
3183         ret = qemuDumpToFd(driver, vm, fd, QEMU_ASYNC_JOB_DUMP);
3184     } else {
3185         ret = qemuMigrationToFile(driver, vm, fd, 0, path,
3186                                   qemuCompressProgramName(compress), false,
3187                                   QEMU_ASYNC_JOB_DUMP);
3188     }
3189
3190     if (ret < 0)
3191         goto cleanup;
3192
3193     if (VIR_CLOSE(fd) < 0) {
3194         virReportSystemError(errno,
3195                              _("unable to close file %s"),
3196                              path);
3197         goto cleanup;
3198     }
3199     if (virFileWrapperFdClose(wrapperFd) < 0)
3200         goto cleanup;
3201
3202     ret = 0;
3203
3204 cleanup:
3205     VIR_FORCE_CLOSE(fd);
3206     if (ret != 0)
3207         unlink(path);
3208     virFileWrapperFdFree(wrapperFd);
3209     return ret;
3210 }
3211
3212 static virQEMUSaveFormat
3213 getCompressionType(virQEMUDriverPtr driver)
3214 {
3215     int ret = QEMU_SAVE_FORMAT_RAW;
3216     virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
3217
3218     /*
3219      * We reuse "save" flag for "dump" here. Then, we can support the same
3220      * format in "save" and "dump".
3221      */
3222     if (cfg->dumpImageFormat) {
3223         ret = qemuSaveCompressionTypeFromString(cfg->dumpImageFormat);
3224         /* Use "raw" as the format if the specified format is not valid,
3225          * or the compress program is not available.
3226          */
3227         if (ret < 0) {
3228             VIR_WARN("%s", _("Invalid dump image format specified in "
3229                              "configuration file, using raw"));
3230             ret = QEMU_SAVE_FORMAT_RAW;
3231             goto cleanup;
3232         }
3233         if (!qemuCompressProgramAvailable(ret)) {
3234             VIR_WARN("%s", _("Compression program for dump image format "
3235                              "in configuration file isn't available, "
3236                              "using raw"));
3237             ret = QEMU_SAVE_FORMAT_RAW;
3238             goto cleanup;
3239         }
3240     }
3241 cleanup:
3242     virObjectUnref(cfg);
3243     return ret;
3244 }
3245
3246 static int qemuDomainCoreDump(virDomainPtr dom,
3247                               const char *path,
3248                               unsigned int flags)
3249 {
3250     virQEMUDriverPtr driver = dom->conn->privateData;
3251     virDomainObjPtr vm;
3252     qemuDomainObjPrivatePtr priv;
3253     int resume = 0, paused = 0;
3254     int ret = -1;
3255     virDomainEventPtr event = NULL;
3256
3257     virCheckFlags(VIR_DUMP_LIVE | VIR_DUMP_CRASH |
3258                   VIR_DUMP_BYPASS_CACHE | VIR_DUMP_RESET |
3259                   VIR_DUMP_MEMORY_ONLY, -1);
3260
3261     vm = virDomainObjListFindByUUID(driver->domains, dom->uuid);
3262
3263     if (!vm) {
3264         char uuidstr[VIR_UUID_STRING_BUFLEN];
3265         virUUIDFormat(dom->uuid, uuidstr);
3266         virReportError(VIR_ERR_NO_DOMAIN,
3267                        _("no domain with matching uuid '%s'"), uuidstr);
3268         goto cleanup;
3269     }
3270
3271     if (qemuDomainObjBeginAsyncJob(driver, vm,
3272                                    QEMU_ASYNC_JOB_DUMP) < 0)
3273         goto cleanup;
3274
3275     if (!virDomainObjIsActive(vm)) {
3276         virReportError(VIR_ERR_OPERATION_INVALID,
3277                        "%s", _("domain is not running"));
3278         goto endjob;
3279     }
3280
3281     /* Migrate will always stop the VM, so the resume condition is
3282        independent of whether the stop command is issued.  */
3283     resume = virDomainObjGetState(vm, NULL) == VIR_DOMAIN_RUNNING;
3284
3285     /* Pause domain for non-live dump */
3286     if (!(flags & VIR_DUMP_LIVE) &&
3287         virDomainObjGetState(vm, NULL) == VIR_DOMAIN_RUNNING) {
3288         if (qemuProcessStopCPUs(driver, vm, VIR_DOMAIN_PAUSED_DUMP,
3289                                 QEMU_ASYNC_JOB_DUMP) < 0)
3290             goto endjob;
3291         paused = 1;
3292
3293         if (!virDomainObjIsActive(vm)) {
3294             virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
3295                            _("guest unexpectedly quit"));
3296             goto endjob;
3297         }
3298     }
3299
3300     ret = doCoreDump(driver, vm, path, getCompressionType(driver), flags);
3301     if (ret < 0)
3302         goto endjob;
3303
3304     paused = 1;
3305
3306 endjob:
3307     if ((ret == 0) && (flags & VIR_DUMP_CRASH)) {
3308         qemuProcessStop(driver, vm, VIR_DOMAIN_SHUTOFF_CRASHED, 0);
3309         virDomainAuditStop(vm, "crashed");
3310         event = virDomainEventNewFromObj(vm,
3311                                          VIR_DOMAIN_EVENT_STOPPED,
3312                                          VIR_DOMAIN_EVENT_STOPPED_CRASHED);
3313     }
3314
3315     /* Since the monitor is always attached to a pty for libvirt, it
3316        will support synchronous operations so we always get here after
3317        the migration is complete.  */
3318     else if (((resume && paused) || (flags & VIR_DUMP_RESET)) &&
3319              virDomainObjIsActive(vm)) {
3320         if ((ret == 0) && (flags & VIR_DUMP_RESET)) {
3321             priv =  vm->privateData;
3322             qemuDomainObjEnterMonitor(driver, vm);
3323             ret = qemuMonitorSystemReset(priv->mon);
3324             qemuDomainObjExitMonitor(driver, vm);
3325         }
3326
3327         if (resume && qemuProcessStartCPUs(driver, vm, dom->conn,
3328                                            VIR_DOMAIN_RUNNING_UNPAUSED,
3329                                            QEMU_ASYNC_JOB_DUMP) < 0) {
3330             event = virDomainEventNewFromObj(vm,
3331                                              VIR_DOMAIN_EVENT_SUSPENDED,
3332                                              VIR_DOMAIN_EVENT_SUSPENDED_API_ERROR);
3333             if (virGetLastError() == NULL)
3334                 virReportError(VIR_ERR_OPERATION_FAILED,
3335                                "%s", _("resuming after dump failed"));
3336         }
3337     }
3338
3339     if (qemuDomainObjEndAsyncJob(driver, vm) == 0)
3340         vm = NULL;
3341     else if ((ret == 0) && (flags & VIR_DUMP_CRASH) && !vm->persistent) {
3342         qemuDomainRemoveInactive(driver, vm);
3343         vm = NULL;
3344     }
3345
3346 cleanup:
3347     if (vm)
3348         virObjectUnlock(vm);
3349     if (event)
3350         qemuDomainEventQueue(driver, event);
3351     return ret;
3352 }
3353
3354 static char *
3355 qemuDomainScreenshot(virDomainPtr dom,
3356                      virStreamPtr st,
3357                      unsigned int screen,
3358                      unsigned int flags)
3359 {
3360     virQEMUDriverPtr driver = dom->conn->privateData;
3361     virDomainObjPtr vm;
3362     qemuDomainObjPrivatePtr priv;
3363     char *tmp = NULL;
3364     int tmp_fd = -1;
3365     char *ret = NULL;
3366     bool unlink_tmp = false;
3367     virQEMUDriverConfigPtr cfg = NULL;
3368
3369     virCheckFlags(0, NULL);
3370
3371     if (!(vm = qemuDomObjFromDomain(dom)))
3372         goto cleanup;
3373
3374     priv = vm->privateData;
3375     cfg = virQEMUDriverGetConfig(driver);
3376
3377     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_QUERY) < 0)
3378         goto cleanup;
3379
3380     if (!virDomainObjIsActive(vm)) {
3381         virReportError(VIR_ERR_OPERATION_INVALID,
3382                        "%s", _("domain is not running"));
3383         goto endjob;
3384     }
3385
3386     /* Well, even if qemu allows multiple graphic cards, heads, whatever,
3387      * screenshot command does not */
3388     if (screen) {
3389         virReportError(VIR_ERR_INVALID_ARG,
3390                        "%s", _("currently is supported only taking "
3391                                "screenshots of screen ID 0"));
3392         goto endjob;
3393     }
3394
3395     if (virAsprintf(&tmp, "%s/qemu.screendump.XXXXXX", cfg->cacheDir) < 0) {
3396         virReportOOMError();
3397         goto endjob;
3398     }
3399
3400     if ((tmp_fd = mkostemp(tmp, O_CLOEXEC)) == -1) {
3401         virReportSystemError(errno, _("mkostemp(\"%s\") failed"), tmp);
3402         goto endjob;
3403     }
3404     unlink_tmp = true;
3405
3406     virSecurityManagerSetSavedStateLabel(qemu_driver->securityManager, vm->def, tmp);
3407
3408     qemuDomainObjEnterMonitor(driver, vm);
3409     if (qemuMonitorScreendump(priv->mon, tmp) < 0) {
3410         qemuDomainObjExitMonitor(driver, vm);
3411         goto endjob;
3412     }
3413     qemuDomainObjExitMonitor(driver, vm);
3414
3415     if (VIR_CLOSE(tmp_fd) < 0) {
3416         virReportSystemError(errno, _("unable to close %s"), tmp);
3417         goto endjob;
3418     }
3419
3420     if (virFDStreamOpenFile(st, tmp, 0, 0, O_RDONLY) < 0) {
3421         virReportError(VIR_ERR_OPERATION_FAILED, "%s",
3422                        _("unable to open stream"));
3423         goto endjob;
3424     }
3425
3426     ret = strdup("image/x-portable-pixmap");
3427
3428 endjob:
3429     VIR_FORCE_CLOSE(tmp_fd);
3430     if (unlink_tmp)
3431         unlink(tmp);
3432     VIR_FREE(tmp);
3433
3434     if (qemuDomainObjEndJob(driver, vm) == 0)
3435         vm = NULL;
3436
3437 cleanup:
3438     if (vm)
3439         virObjectUnlock(vm);
3440     virObjectUnref(cfg);
3441     return ret;
3442 }
3443
3444 static void processWatchdogEvent(void *data, void *opaque)
3445 {
3446     int ret;
3447     struct qemuDomainWatchdogEvent *wdEvent = data;
3448     virQEMUDriverPtr driver = opaque;
3449     virQEMUDriverConfigPtr cfg;
3450
3451     virObjectLock(wdEvent->vm);
3452     cfg = virQEMUDriverGetConfig(driver);
3453
3454     switch (wdEvent->action) {
3455     case VIR_DOMAIN_WATCHDOG_ACTION_DUMP:
3456         {
3457             char *dumpfile;
3458             unsigned int flags = 0;
3459
3460             if (virAsprintf(&dumpfile, "%s/%s-%u",
3461                             cfg->autoDumpPath,
3462                             wdEvent->vm->def->name,
3463                             (unsigned int)time(NULL)) < 0) {
3464                 virReportOOMError();
3465                 goto unlock;
3466             }
3467
3468             if (qemuDomainObjBeginAsyncJob(driver, wdEvent->vm,
3469                                                      QEMU_ASYNC_JOB_DUMP) < 0) {
3470                 VIR_FREE(dumpfile);
3471                 goto unlock;
3472             }
3473
3474             if (!virDomainObjIsActive(wdEvent->vm)) {
3475                 virReportError(VIR_ERR_OPERATION_INVALID,
3476                                "%s", _("domain is not running"));
3477                 VIR_FREE(dumpfile);
3478                 goto endjob;
3479             }
3480
3481             flags |= cfg->autoDumpBypassCache ? VIR_DUMP_BYPASS_CACHE: 0;
3482             ret = doCoreDump(driver, wdEvent->vm, dumpfile,
3483                              getCompressionType(driver), flags);
3484             if (ret < 0)
3485                 virReportError(VIR_ERR_OPERATION_FAILED,
3486                                "%s", _("Dump failed"));
3487
3488             ret = qemuProcessStartCPUs(driver, wdEvent->vm, NULL,
3489                                        VIR_DOMAIN_RUNNING_UNPAUSED,
3490                                        QEMU_ASYNC_JOB_DUMP);
3491
3492             if (ret < 0)
3493                 virReportError(VIR_ERR_OPERATION_FAILED,
3494                                "%s", _("Resuming after dump failed"));
3495
3496             VIR_FREE(dumpfile);
3497         }
3498         break;
3499     default:
3500         goto unlock;
3501     }
3502
3503 endjob:
3504     /* Safe to ignore value since ref count was incremented in
3505      * qemuProcessHandleWatchdog().
3506      */
3507     ignore_value(qemuDomainObjEndAsyncJob(driver, wdEvent->vm));
3508
3509 unlock:
3510     virObjectUnlock(wdEvent->vm);
3511     virObjectUnref(wdEvent->vm);
3512     VIR_FREE(wdEvent);
3513     virObjectUnref(cfg);
3514 }
3515
3516 static int qemuDomainHotplugVcpus(virQEMUDriverPtr driver,
3517                                   virDomainObjPtr vm,
3518                                   unsigned int nvcpus)
3519 {
3520     qemuDomainObjPrivatePtr priv = vm->privateData;
3521     int i, rc = 1;
3522     int ret = -1;
3523     int oldvcpus = vm->def->vcpus;
3524     int vcpus = oldvcpus;
3525     pid_t *cpupids = NULL;
3526     int ncpupids;
3527     virCgroupPtr cgroup = NULL;
3528     virCgroupPtr cgroup_vcpu = NULL;
3529     bool cgroup_available = false;
3530
3531     qemuDomainObjEnterMonitor(driver, vm);
3532
3533     /* We need different branches here, because we want to offline
3534      * in reverse order to onlining, so any partial fail leaves us in a
3535      * reasonably sensible state */
3536     if (nvcpus > vcpus) {
3537         for (i = vcpus ; i < nvcpus ; i++) {
3538             /* Online new CPU */
3539             rc = qemuMonitorSetCPU(priv->mon, i, 1);
3540             if (rc == 0)
3541                 goto unsupported;
3542             if (rc < 0)
3543                 goto cleanup;
3544
3545             vcpus++;
3546         }
3547     } else {
3548         for (i = vcpus - 1 ; i >= nvcpus ; i--) {
3549             /* Offline old CPU */
3550             rc = qemuMonitorSetCPU(priv->mon, i, 0);
3551             if (rc == 0)
3552                 goto unsupported;
3553             if (rc < 0)
3554                 goto cleanup;
3555
3556             vcpus--;
3557         }
3558     }
3559
3560     /* hotplug succeeded */
3561
3562     ret = 0;
3563
3564     /* After hotplugging the CPUs we need to re-detect threads corresponding
3565      * to the virtual CPUs. Some older versions don't provide the thread ID
3566      * or don't have the "info cpus" command (and they don't support multiple
3567      * CPUs anyways), so errors in the re-detection will not be treated
3568      * fatal */
3569     if ((ncpupids = qemuMonitorGetCPUInfo(priv->mon, &cpupids)) <= 0) {
3570         virResetLastError();
3571         goto cleanup;
3572     }
3573
3574     /* check if hotplug has failed */
3575     if (vcpus < oldvcpus && ncpupids == oldvcpus) {
3576         virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
3577                        _("qemu didn't unplug the vCPUs properly"));
3578         vcpus = oldvcpus;
3579         ret = -1;
3580         goto cleanup;
3581     }
3582
3583     if (ncpupids != vcpus) {
3584         virReportError(VIR_ERR_INTERNAL_ERROR,
3585                        _("got wrong number of vCPU pids from QEMU monitor. "
3586                          "got %d, wanted %d"),
3587                        ncpupids, vcpus);
3588         ret = -1;
3589         goto cleanup;
3590     }
3591
3592     cgroup_available = (virCgroupForDomain(driver->cgroup, vm->def->name,
3593                                            &cgroup, 0) == 0);
3594
3595     if (nvcpus > oldvcpus) {
3596         for (i = oldvcpus; i < nvcpus; i++) {
3597             if (cgroup_available) {
3598                 int rv = -1;
3599                 /* Create cgroup for the onlined vcpu */
3600                 rv = virCgroupForVcpu(cgroup, i, &cgroup_vcpu, 1);
3601                 if (rv < 0) {
3602                     virReportSystemError(-rv,
3603                                          _("Unable to create vcpu cgroup for %s(vcpu:"
3604                                            " %d)"),
3605                                          vm->def->name, i);
3606                     goto cleanup;
3607                 }
3608
3609                 /* Add vcpu thread to the cgroup */
3610                 rv = virCgroupAddTask(cgroup_vcpu, cpupids[i]);
3611                 if (rv < 0) {
3612                     virReportSystemError(-rv,
3613                                          _("unable to add vcpu %d task %d to cgroup"),
3614                                          i, cpupids[i]);
3615                     virCgroupRemove(cgroup_vcpu);
3616                     goto cleanup;
3617                 }
3618             }
3619
3620             /* Inherit def->cpuset */
3621             if (vm->def->cpumask) {
3622                 /* vm->def->cputune.vcpupin can't be NULL if
3623                  * vm->def->cpumask is not NULL.
3624                  */
3625                 virDomainVcpuPinDefPtr vcpupin = NULL;
3626
3627                 if (VIR_REALLOC_N(vm->def->cputune.vcpupin,
3628                                   vm->def->cputune.nvcpupin + 1) < 0) {
3629                     virReportOOMError();