libvirt.git
21 min agolibvirtd: clarify the TLS conf default value setting master
Chen Hanxiao [Sun, 21 Jan 2018 14:39:34 +0000]
libvirtd: clarify the TLS conf default value setting

Provide more details related to the requirement that setting one
of the values requires setting all of them.

Signed-off-by: Chen Hanxiao <chenhanxiao@gmail.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>

29 min agolibvirtd: Explicit dependency on systemd-machined
Michal Koutný [Wed, 10 Jan 2018 22:06:41 +0000]
libvirtd: Explicit dependency on systemd-machined

The libvirtd daemon uses systemd-machined D-Bus API when manipulating
domains. The systemd-machined is D-Bus activated on demand.

However, during system shutdown systemd-machined is stopped concurrently
with libvirtd and virsh users also doing their final cleanup may
transitively fail due to unavailability of systemd-machined. Example
error message

> libvirtd[1390]: 2017-12-20 18:55:56.182+0000: 32700: error : virSystemdTerminateMachine:503 : Refusing activation, D-Bus is shutting down.

To circumvent this we need to explicitly specify both ordering and
requirement dependency (to avoid late D-Bus activation) on
systemd-machined. See [1] for the dependency debate.

[1] https://lists.freedesktop.org/archives/systemd-devel/2018-January/040095.html

71 min agoqemu: auto-add generic xhci rather than NEC xhci to Q35 domains
Laine Stump [Wed, 17 Jan 2018 21:47:06 +0000]
qemu: auto-add generic xhci rather than NEC xhci to Q35 domains

We recently added a generic XHCI USB3 controller to QEMU, and libvirt
supports adding that controller rather than the NEC XHCI USB3
controller, but when auto-adding a USB controller to Q35 domains we
were still adding the vendor-specific NEC controller. This patch
changes to add the generic controller instead, if it's available in
the QEMU binary that will be used.

Signed-off-by: Laine Stump <laine@laine.org>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2 hours agoqemu: Don't initialize struct utsname
Jiri Denemark [Mon, 22 Jan 2018 13:51:11 +0000]
qemu: Don't initialize struct utsname

It breaks the build and it is not really useful for anything.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>

3 hours agoqemu: Refresh caps cache after booting a different kernel
Jiri Denemark [Mon, 22 Jan 2018 10:37:04 +0000]
qemu: Refresh caps cache after booting a different kernel

Whenever a different kernel is booted, some capabilities related to KVM
(such as CPUID bits) may change. We need to refresh the cache to see the
changes.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>

24 hours agoqemu: move qemuDomainDefValidateVideo into qemuDomainDeviceDefValidateVideo
Laine Stump [Mon, 18 Dec 2017 15:19:40 +0000]
qemu: move qemuDomainDefValidateVideo into qemuDomainDeviceDefValidateVideo

qemuDomainDefValidateVideo() (called from qemuDomainDefValidate()) is
just a loop performing various checks on each video device. Rather
than maintaining this separate function, just fold the validations
into qemuDomainDeviceDefValidateVideo(), which is called once for each
video device.

37 hours agoqemu: assign correct type of PCI address for vhost-scsi when using pcie-root
Laine Stump [Fri, 15 Dec 2017 16:42:35 +0000]
qemu: assign correct type of PCI address for vhost-scsi when using pcie-root

Commit 10c73bf1 fixed a bug that I had introduced back in commit
70249927 - if a vhost-scsi device had no manually assigned PCI
address, one wouldn't be assigned automatically. There was a slight
problem with the logic of the fix though - in the case of domains with
pcie-root (e.g. those with a q35 machinetype),
qemuDomainDeviceCalculatePCIConnectFlags() will attempt to determine
if the host-side PCI device is Express or legacy by examining sysfs
based on the host-side PCI address stored in
hostdev->source.subsys.u.pci.addr, but that part of the union is only
valid for PCI hostdevs, *not* for SCSI hostdevs. So we end up trying
to read sysfs for some probably-non-existent device, which fails, and
the function virPCIDeviceIsPCIExpress() returns failure (-1).

By coincidence, the return value is being examined as a boolean, and
since -1 is true, we still end up assigning the vhost-scsi device to
an Express slot, but that is just by chance (and could fail in the
case that the gibberish in the "hostside PCI address" was the address
of a real device that happened to be legacy PCI).

Since (according to Paolo Bonzini) vhost-scsi devices appear just like
virtio-scsi devices in the guest, they should follow the same rules as
virtio devices when deciding whether they should be placed in an
Express or a legacy slot. That's accomplished in this patch by
returning early with virtioFlags, rather than erroneously using
hostdev->source.subsys.u.pci.addr. It also adds a test case for PCIe
to assure it doesn't get broken in the future.

2 days agonodedev: Fix failing to parse PCI address for non-PCI network devices
Jim Fehlig [Sat, 6 Jan 2018 00:10:47 +0000]
nodedev: Fix failing to parse PCI address for non-PCI network devices

Commit 8708ca01c added virNetDevSwitchdevFeature() to check if a network
device has Switchdev capabilities. virNetDevSwitchdevFeature() attempts
to retrieve the PCI device associated with the network device, ignoring
non-PCI devices. It does so via the following call chain

  virNetDevSwitchdevFeature()->virNetDevGetPCIDevice()->
  virPCIGetDeviceAddressFromSysfsLink()

For non-PCI network devices (qeth, Xen vif, etc),
virPCIGetDeviceAddressFromSysfsLink() will report an error when
virPCIDeviceAddressParse() fails. virPCIDeviceAddressParse() also
logs an error. After commit 8708ca01c there are now two errors reported
for each non-PCI network device even though the errors are harmless.

To avoid the errors, introduce virNetDevIsPCIDevice() and use it in
virNetDevGetPCIDevice() before attempting to retrieve the associated
PCI device. virNetDevIsPCIDevice() uses the 'subsystem' property of the
device to determine if it is PCI. See the sysfs rules in kernel
documentation for more details

https://www.kernel.org/doc/html/latest/admin-guide/sysfs-rules.html

3 days agoRevert "qemu: monitor: do not report error on shutdown"
Michal Privoznik [Fri, 19 Jan 2018 12:53:57 +0000]
Revert "qemu: monitor: do not report error on shutdown"

https://bugzilla.redhat.com/show_bug.cgi?id=1536461

This reverts commit aeda1b8c56dc58b0a413acc61bbea938b40499e1.

Problem is that we need mon->lastError to be set because it's
used all over the place. Also, there's nothing wrong with
reporting error if one occurred. I mean, if there's a thread
executing an API and which currently is talking on monitor it
definitely wants the error reported.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

3 days agoPost-release version bump to 4.1.0
Michal Privoznik [Fri, 19 Jan 2018 13:26:53 +0000]
Post-release version bump to 4.1.0

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

3 days agoRelease of libvirt-4.0.0 v4.0.0
Daniel Veillard [Fri, 19 Jan 2018 10:43:00 +0000]
Release of libvirt-4.0.0

* docs/news.xml: update for release
* po/*.po*: regenerated

3 days agoqemu: Fix crash in offline migration
Jiri Denemark [Fri, 19 Jan 2018 09:32:44 +0000]
qemu: Fix crash in offline migration

When migrating a shutoff domain (i.e., offline migration), we have no
statistics to report and thus jobInfo will be NULL in
qemuMigrationFinish.

Broken by me in v3.10.0-183-ge8784e7868.

https://bugzilla.redhat.com/show_bug.cgi?id=1536351

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

4 days agocpu: Add EPYC-IBPB CPU model
Jiri Denemark [Mon, 8 Jan 2018 19:53:25 +0000]
cpu: Add EPYC-IBPB CPU model

This is a variant of EPYC with indirect branch prediction protection.
The only difference between EPYC and EPYC-IBPB is the added "ibpb"
feature.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

4 days agoRaise the frame limit for tests
Ján Tomko [Thu, 18 Jan 2018 09:14:41 +0000]
Raise the frame limit for tests

After the latest CPU additions, the build fails with clang:
cputest.c:905:1: error: stack frame size of 26136 bytes
  in function 'mymain' [-Werror,-Wframe-larger-than=]

Raise the relaxed limit which is used for tests.

4 days agoqemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748)
Daniel P. Berrange [Tue, 16 Jan 2018 17:00:11 +0000]
qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748)

We read from QEMU until seeing a \r\n pair to indicate a completed reply
or event. To avoid memory denial-of-service though, we must have a size
limit on amount of data we buffer. 10 MB is large enough that it ought
to cope with normal QEMU replies, and small enough that we're not
consuming unreasonable mem.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

4 days agonews: Update for 4.0.0
Andrea Bolognani [Wed, 17 Jan 2018 15:57:49 +0000]
news: Update for 4.0.0

As usual, a bunch of changes slipped through the cracks during the
development cycle. Update the release notes to include at least the
most notable ones.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>

5 days agoqemu: qemuDomainNamespaceUnlinkPaths: Return 0 in case of success
Marc Hartmayer [Wed, 17 Jan 2018 15:47:16 +0000]
qemu: qemuDomainNamespaceUnlinkPaths: Return 0 in case of success

Commit 7a931a4204af refactored the code and probably forgot to add
this line.

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

5 days agocpu: Add Skylake-Server-IBRS CPU model
Jiri Denemark [Tue, 9 Jan 2018 20:47:29 +0000]
cpu: Add Skylake-Server-IBRS CPU model

This is a variant of Skylake-Server with indirect branch prediction
protection. The only difference between Skylake-Server and
Skylake-Server-IBRS is the added "spec-ctrl" feature.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

5 days agocpu: Add Skylake-Client-IBRS CPU model
Jiri Denemark [Tue, 9 Jan 2018 20:41:31 +0000]
cpu: Add Skylake-Client-IBRS CPU model

This is a variant of Skylake-Client with indirect branch prediction
protection. The only difference between Skylake-Client and
Skylake-Client-IBRS is the added "spec-ctrl" feature.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

5 days agocpu: Add Broadwell-IBRS CPU model
Jiri Denemark [Tue, 9 Jan 2018 20:36:28 +0000]
cpu: Add Broadwell-IBRS CPU model

This is a variant of Broadwell with indirect branch prediction
protection. The only difference between Broadwell and Broadwell-IBRS is
the added "spec-ctrl" feature.

The Broadwell-IBRS model in QEMU is a bit different since Broadwell got
several additional features since we added it in cpu_map.xml:
    abm, arat, f16c, rdrand, vme, xsaveopt

Adding them only to the -IBRS variant would confuse our CPU detection
code.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

5 days agocpu: Add Broadwell-noTSX-IBRS CPU model
Jiri Denemark [Mon, 8 Jan 2018 19:53:25 +0000]
cpu: Add Broadwell-noTSX-IBRS CPU model

This is a variant of Broadwell-noTSX with indirect branch prediction
protection. The only difference between Broadwell-noTSX and
Broadwell-noTSX-IBRS is the added "spec-ctrl" feature.

The Broadwell-noTSX-IBRS model in QEMU is a bit different since
Broadwell-noTSX got several additional features since we added it in
cpu_map.xml:
    abm, arat, f16c, rdrand, vme, xsaveopt

Adding them only to the -IBRS variant would confuse our CPU detection
code.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

5 days agocpu: Add Haswell-IBRS CPU model
Jiri Denemark [Mon, 8 Jan 2018 19:53:25 +0000]
cpu: Add Haswell-IBRS CPU model

This is a variant of Haswell with indirect branch prediction protection.
The only difference between Haswell and Haswell-IBRS is the added
"spec-ctrl" feature.

The Haswell-IBRS model in QEMU is a bit different since Haswell got
several additional features since we added it in cpu_map.xml:
    arat, abm, f16c, rdrand, vme, xsaveopt

Adding them only to the -IBRS variant would confuse our CPU detection
code.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

5 days agocpu: Add Haswell-noTSX-IBRS CPU model
Jiri Denemark [Tue, 9 Jan 2018 19:40:03 +0000]
cpu: Add Haswell-noTSX-IBRS CPU model

This is a variant of Haswell-noTSX with indirect branch prediction
protection. The only difference between Haswell-noTSX and
Haswell-noTSX-IBRS is the added "spec-ctrl" feature.

The Haswell-noTSX-IBRS model in QEMU is a bit different since
Haswell-noTSX got several additional features since we added it in
cpu_map.xml:
    arat, abm, f16c, rdrand, vme, xsaveopt

Adding them only to the -IBRS variant would confuse our CPU detection
code.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

5 days agocpu: Add IvyBridge-IBRS CPU model
Jiri Denemark [Mon, 8 Jan 2018 19:53:25 +0000]
cpu: Add IvyBridge-IBRS CPU model

This is a variant of IvyBridge with indirect branch prediction
protection. The only difference between IvyBridge and IvyBridge-IBRS is
the added "spec-ctrl" feature.

The IvyBridge-IBRS model in QEMU is a bit different since IvyBridge got
several additional features since we added it in cpu_map.xml:
    arat, vme, xsaveopt

Adding them only to the -IBRS variant would confuse our CPU detection
code.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

5 days agocpu: Add SandyBridge-IBRS CPU model
Jiri Denemark [Mon, 8 Jan 2018 19:53:25 +0000]
cpu: Add SandyBridge-IBRS CPU model

This is a variant of SandyBridge with indirect branch prediction
protection. The only difference between SandyBridge and SandyBridge-IBRS
is the added "spec-ctrl" feature.

The SandyBridge-IBRS model in QEMU is a bit different since SandyBridge
got several additional features since we added it in cpu_map.xml:
    arat, vme, xsaveopt

Adding them only to the -IBRS variant would confuse our CPU detection
code.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

5 days agocpu: Add Westmere-IBRS CPU model
Jiri Denemark [Mon, 8 Jan 2018 19:53:25 +0000]
cpu: Add Westmere-IBRS CPU model

This is a variant of Westmere with indirect branch prediction
protection. The only difference between Westmere and Westmere-IBRS is
the added "spec-ctrl" feature.

The Westmere-IBRS model in QEMU is a bit different since Westmere got
several additional features since we added it in cpu_map.xml:
    arat, pclmuldq, vme

Adding them only to the -IBRS variant would confuse our CPU detection
code.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

5 days agocpu: Add Nehalem-IBRS CPU model
Jiri Denemark [Mon, 8 Jan 2018 19:53:25 +0000]
cpu: Add Nehalem-IBRS CPU model

This is a variant of Nehalem with indirect branch prediction protection.
The only difference between Nehalem and Nehalem-IBRS is the added
"spec-ctrl" feature.

Thus the diff matches QEMU, but the new CPU model itself is different.
The QEMU's versions of both models contain "vme" feature, while this
feature is missing in libvirt's models. While we can't change the
existing Nehalem CPU model, we could add "vme" to Nehalem-IBRS to make
it similar to QEMU, but doing so would fool our CPU detecting code so
that any Nehalem CPU with "vme" feature would be detected as
Nehalem-IBRS CPU without spec-ctrl. Not adding "vme" to Nehalem-IBRS is
safe as QEMU will just provide the feature anyway, which matches what
happens with Nehalem (and new enough machine types).

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

5 days agocputest: Add data for updated Intel(R) Core(TM) i7-5600U CPU
Jiri Denemark [Mon, 8 Jan 2018 23:02:44 +0000]
cputest: Add data for updated Intel(R) Core(TM) i7-5600U CPU

The CPU contains the updated microcode for CVE-2017-5715.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

5 days agocputest: Add data for updated AMD EPYC 7601 32-Core Processor
Jiri Denemark [Fri, 5 Jan 2018 14:58:07 +0000]
cputest: Add data for updated AMD EPYC 7601 32-Core Processor

The CPU contains the updated microcode for CVE-2017-5715.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

5 days agocputest: Add data for Intel(R) Xeon(R) Gold 5115 CPU
Jiri Denemark [Fri, 5 Jan 2018 14:43:16 +0000]
cputest: Add data for Intel(R) Xeon(R) Gold 5115 CPU

The CPU contains the updated microcode for CVE-2017-5715.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

5 days agocputest: Add data for Intel(R) Xeon(R) CPU E5-2623 v4
Jiri Denemark [Fri, 5 Jan 2018 14:03:12 +0000]
cputest: Add data for Intel(R) Xeon(R) CPU E5-2623 v4

The CPU contains the updated microcode for CVE-2017-5715.

The *-guest.xml and *-json.xml CPU definitions use Skylake-Client CPU
model rather than Broadwell. This is similar to Xeon-E5-2650-v4 and it
is caused by our CPU model selection code when no model matches the CPU
signature (family + model). We'd need to maintain a complete list of CPU
signatures for our CPU models to fix this.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

5 days agocputest: Add data for Intel(R) Xeon(R) CPU E5-2609 v3
Jiri Denemark [Fri, 5 Jan 2018 13:52:45 +0000]
cputest: Add data for Intel(R) Xeon(R) CPU E5-2609 v3

The CPU contains the updated microcode for CVE-2017-5715.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

5 days agocpu: add CPU features for indirect branch prediction protection
Paolo Bonzini [Tue, 12 Dec 2017 15:23:42 +0000]
cpu: add CPU features for indirect branch prediction protection

Added in QEMU commits TBD and TBD.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

5 days agoOn startup libvirtd runs a number of QEMU processes unconfined such as:
intrigeri [Wed, 17 Jan 2018 15:28:15 +0000]
On startup libvirtd runs a number of QEMU processes unconfined such as:

  /usr/bin/qemu-system-x86_64 -S -no-user-config -nodefaults -nographic -machine none,accel=kvm:tcg -qmp unix:/var/lib/libvirt/qemu/capabilities.monitor.sock,server,nowait -pidfile /var/lib/libvirt/qemu/capabilities.pidfile -daemonize

libvirtd needs to be allowed to kill these processes, otherwise they
remain running.

5 days agoqemu: Fix segmentation fault when attaching a non iSCSI host device
Marc Hartmayer [Wed, 17 Jan 2018 12:26:08 +0000]
qemu: Fix segmentation fault when attaching a non iSCSI host device

Add a check if it's a iSCSI hostdev and if it's not then don't use the
union member 'iscsi'. The segmentation fault occured when accessing
secinfo->type, but this can vary from case to case.

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

5 days agorpm: updates wrt min required fedora version
Daniel P. Berrange [Thu, 11 Jan 2018 16:30:03 +0000]
rpm: updates wrt min required fedora version

Update the min fedora to 26. Use a macro to record the min versions so that the
later error message is always in sync with the earlier version check. Clarify
the comment that refers to guessing of dist which does not actually happen.

Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

5 days agospec: enable bash completion only on new enough distros
Pavel Hrdina [Wed, 17 Jan 2018 09:21:31 +0000]
spec: enable bash completion only on new enough distros

RHEL-6 doesn't have bash-completion package by default, it has to be
installed from EPEL.

Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>

6 days agonodedev: Add the missing PCI dev checks for 'mdev_types' capability v4.0.0-rc2
Dan Zheng [Tue, 16 Jan 2018 04:21:21 +0000]
nodedev: Add the missing PCI dev checks for 'mdev_types' capability

Similar to commit @f44ec9c1, commit @500cbc06 introduced a new nested
'mdev_types' capability, however the mentioned commit didn't adjust
virNodeDeviceNumOfCaps and virNodeDeviceListCaps functions accordingly
to provide proper support for this capability.

After applying this patch the following python snippet returns the
expected results:
    import libvirt
    conn = libvirt.openReadOnly('qemu:///system')
    devs = conn.listAllDevices()
    for dev in devs:
        if 'mdev_types' in dev.listCaps():
            print dev.name(),dev.numOfCaps(),dev.listCaps()

Signed-off-by: Dan Zheng <dzheng@redhat.com>
Signed-off-by: Erik Skultety <eskultet@redhat.com>

6 days agom4: Check for rl_completion_quote_character
Michal Privoznik [Sun, 14 Jan 2018 13:29:32 +0000]
m4: Check for rl_completion_quote_character

Apparently we can't assume that people run readline recent enough
to have rl_completion_quote_character (added in readline-5.0
released in 2011). However, we can't compile without it. So if
not present, disable readline.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>

7 days agotools: Always compile {virsh,virt-admin}-completer.c
Michal Privoznik [Sun, 14 Jan 2018 10:51:44 +0000]
tools: Always compile {virsh,virt-admin}-completer.c

The functions defined in these sources are referenced all over
the place, however, compiler only when building with readline.
Thus when building without it linker gets sad as it can't find
them.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>

7 days agovsh: Provide cmdComplete stub for readline disabled builds
Michal Privoznik [Sun, 14 Jan 2018 10:43:51 +0000]
vsh: Provide cmdComplete stub for readline disabled builds

When building without readline, this function does nothing but
return false. Without touching any of its arguments which
triggers a build error. Therefore, provide a stub that has
arguments marked as unused.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>

7 days agovshReadlineOptionsGenerator: Don't add already specified options to the list
Michal Privoznik [Fri, 12 Jan 2018 16:05:33 +0000]
vshReadlineOptionsGenerator: Don't add already specified options to the list

The current state of art is as follows:

 1) vshReadlineOptionsGenerator() generate all possible --options
 for given command, and then
 2) vshReadlineOptionsPrune() clears out already provided ones
 from the list.

Not only this brings needless memory complexity it is also not
trivial to get right. We can switch to easier approach: just
don't add already specified --options in the first step.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>

10 days agotests: sysinfotest: add new test case for S390 v4.0.0-rc1
Bjoern Walk [Fri, 12 Jan 2018 11:38:02 +0000]
tests: sysinfotest: add new test case for S390

Let's add a test case for S390 with CPU frequency information available.
Test data is sampled from an IBM z13 system running kernel 4.14 on LPAR.

Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Signed-off-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

10 days agoutil: virsysinfo: parse frequency information on S390
Bjoern Walk [Fri, 12 Jan 2018 11:38:01 +0000]
util: virsysinfo: parse frequency information on S390

Let's also parse the available processor frequency information on S390
so that it can be utilized by virsh sysinfo:

    # virsh sysinfo

    <sysinfo type='smbios'>
      ...
      <processor>
<entry name='family'>2964</entry>
<entry name='manufacturer'>IBM/S390</entry>
<entry name='version'>00</entry>
<entry name='max_speed'>5000</entry>
<entry name='serial_number'>145F07</entry>
      </processor>
      ...
    </sysinfo>

Reviewed-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Signed-off-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

10 days agotravis: Skip nfs-common installation
Andrea Bolognani [Fri, 12 Jan 2018 10:41:06 +0000]
travis: Skip nfs-common installation

Installing nfs-common is broken on trusty since build #807

  https://travis-ci.org/libvirt/libvirt/builds/326705054

It's probably a transient error on Travis' side, so just comment
it out for the time being to allow builds to proceed.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>

10 days agotravis: Sync packages with libvirt-jenkins-ci
Andrea Bolognani [Fri, 12 Jan 2018 10:02:38 +0000]
travis: Sync packages with libvirt-jenkins-ci

Make sure we install the same packages lcitool would install on
the CentOS CI so that we have consistent results. The package
list is current as of libvirt-jenkins-ci commit 3a559ae7bc08.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>

10 days agodomcaps: Treat host models as case-insensitive strings
Scott Garfinkle [Tue, 26 Dec 2017 19:55:08 +0000]
domcaps: Treat host models as case-insensitive strings

Qemu 2.11 allows case-insensitive specification of CPU models.
This patch fixes the resulting problems on (at least) POWER
arch machines so that Power8 and POWER8 are not different.

Signed-off-by: Scott Garfinkle <scottgar@linux.vnet.ibm.com>

10 days agoqemu: Fix type of a completed job
Jiri Denemark [Thu, 11 Jan 2018 19:47:50 +0000]
qemu: Fix type of a completed job

Libvirt 3.7.0 and earlier libvirt reported a migration job as completed
immediately after QEMU finished sending migration data at which point
migration was not really complete yet. Commit v3.7.0-29-g3f2d6d829e
fixed this, but caused a regression in reporting statistics for
completed jobs which started reporting the job as still running. This
happened because the completed job statistics including the job status
are copied from the running job before we finally mark it as completed.

Let's make sure QEMU_DOMAIN_JOB_STATUS_COMPLETED is always set in the
completed job info even when the job has not finished yet.

https://bugzilla.redhat.com/show_bug.cgi?id=1523036

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

10 days agoqemu: Ignore fallback CPU attribute on reconnect
Jiri Denemark [Wed, 10 Jan 2018 14:56:21 +0000]
qemu: Ignore fallback CPU attribute on reconnect

When reconnecting to a running domain with host-model CPU started by old
libvirt which did not store the actual CPU in the status XML, we need to
ignore the fallback attribute to make sure we can translate the detected
host CPU model to a model which is supported by the running QEMU.

https://bugzilla.redhat.com/show_bug.cgi?id=1532980

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

10 days agom4: Don't enable bash-completion by default
Michal Privoznik [Thu, 11 Jan 2018 21:11:15 +0000]
m4: Don't enable bash-completion by default

Due to the way that check logic was written we basically enabled
bash completion whenever readline was enabled. This is not right
because it made bash-completion pkg-config module required.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

10 days agovirt-admin: Introduce vshAdmServerCompleter
Michal Privoznik [Tue, 7 Nov 2017 08:33:06 +0000]
virt-admin: Introduce vshAdmServerCompleter

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

10 days agovirsh: Introduce virshDomainInterfaceCompleter
Michal Privoznik [Mon, 6 Nov 2017 14:48:01 +0000]
virsh: Introduce virshDomainInterfaceCompleter

For given domain fetch list of defined interfaces. This can be
used for commands like domif-getlink and others. If available,
the interface name is returned (e.g. "vnet0", usually available
only for running domains), if not the MAC address is returned.
Moreover, the detach-interface command requires only MAC address
and therefore we have new flag that forces the completer to
return just the MAC address.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

10 days agovirsh: Introduce virshDomainNameCompleter
Michal Privoznik [Tue, 31 Oct 2017 08:24:21 +0000]
virsh: Introduce virshDomainNameCompleter

Now that we have everything prepared let the fun begin. This
completer is very simple and returns domain names. Moreover,
depending on the command it can return just a subset of domains
(e.g. only running/paused/transient/.. ones).

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

10 days agotools: Provide bash autompletion file
Michal Privoznik [Thu, 2 Nov 2017 13:41:53 +0000]
tools: Provide bash autompletion file

The only purpose of this file is to be sourced. After that one
can use completion even for their bash:

  # virsh list --<TAB><TAB>
  --all                   --inactive ...

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

10 days agovsh: Introduce complete command
Michal Privoznik [Wed, 1 Nov 2017 14:34:14 +0000]
vsh: Introduce complete command

This command is going to be called from bash completion script in
the following form:

  virsh complete -- start --domain

Its only purpose is to return list of possible strings for
completion. Note that this is a 'hidden', unlisted command and
therefore there's no documentation to it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

10 days agovsh: Filter --options
Michal Privoznik [Fri, 29 Dec 2017 10:25:38 +0000]
vsh: Filter --options

Similarly to the previous commit, once we've presented an
--option for a command to the user it makes no sense to offer it
again. Therefore, we can prune all already specified options. For
instance, after this patch:

  virsh # migrate --verbose <TAB><TAB>

will no longer offer --verbose option.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

10 days agovsh: Prune string list returned by completer
Michal Privoznik [Thu, 28 Dec 2017 11:26:41 +0000]
vsh: Prune string list returned by completer

Instead of having completers prune returned string list based on
user's input we can do that right after the callback is called.
Only strings matching the prefix will be presented to the user
then.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

10 days agovsh: Call vshCmdOptDef completer
Michal Privoznik [Tue, 21 Nov 2017 16:45:50 +0000]
vsh: Call vshCmdOptDef completer

Now that we have everything prepared we can call options'
completer again. At the same time, pass partially parsed input to
the completer callback - it will help the callbacks to narrow
down the list of returned options based on user's input. For
instance, if the completer is supposed to return list of
interfaces depending on user input it may return just those
interfaces defined for already specified domain. Of course,
completers might ignore this parameter.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

10 days agovsh: Fix vshCompleter signature
Michal Privoznik [Tue, 7 Nov 2017 09:41:00 +0000]
vsh: Fix vshCompleter signature

The first argument passed to this function is vshControl *.
There's no need to use void pointer.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

10 days agoutil: Introduce virStringListMerge
Michal Privoznik [Sat, 25 Nov 2017 08:29:54 +0000]
util: Introduce virStringListMerge

For two string lists merge one into the other one.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

10 days agovshCommandOpt: Allow caller avoiding assert()
Michal Privoznik [Thu, 9 Nov 2017 17:06:11 +0000]
vshCommandOpt: Allow caller avoiding assert()

In the future, completer callbacks will receive partially parsed
command (and thus possibly incomplete). However, we still want
them to use command options fetching APIs we already have (e.g.
vshCommandOpt*()) and at the same time don't report any errors
(nor call any asserts).

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>

10 days agovshReadlineParse: Use string list
Michal Privoznik [Tue, 21 Nov 2017 16:23:11 +0000]
vshReadlineParse: Use string list

It's better to fetch list of either commands or options just once
and then iterate over it. Moreover, it makes future completers
way simpler as they will return string lists too.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

10 days agovshReadlineParse: Escape returned results if needed
Michal Privoznik [Mon, 13 Nov 2017 12:34:54 +0000]
vshReadlineParse: Escape returned results if needed

When returning a string that needs escaping there are two
scenarios that can happen. Firstly, user already started the
string with a quote (or double quote) in which case we don't need
to do anything - readline takes care of that. However, if they
haven't typed anything yet, we need to escape the string
ourselves.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

10 days agovshReadlineParse: Drop code duplication
Michal Privoznik [Tue, 21 Nov 2017 14:07:34 +0000]
vshReadlineParse: Drop code duplication

Now that we have a way of retrieving partly parsed command we
don't need duplicate code that parses the user's input.

Yes, this code removes call of opt's completer, but:
  a) current implementation is broken anyway, and
  b) it will be added back shortly

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

10 days agovshCommandStringParse: Allow retrieving partial result
Michal Privoznik [Mon, 6 Nov 2017 14:46:50 +0000]
vshCommandStringParse: Allow retrieving partial result

In the future, this function is going to be called from
vshReadlineParse() to provide parsed input for completer
callbacks. The idea is to allow the callbacks to provide more
specific data. For instance, for the following input:

  virsh # domifaddr --domain fedora --interface <TAB><TAB>

the --interface completer callback is going to be called. Now, it
is more user friendly if the completer offers only those
interfaces found in 'fedora' domain. But in order to do that it
needs to be able to retrieve partially parsed result.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

10 days agovshCommandParse: Don't leak @tkdata
Michal Privoznik [Mon, 13 Nov 2017 13:46:36 +0000]
vshCommandParse: Don't leak @tkdata

When parsing cmd line which has "--" on it, this is leaked.
Problem is, parser->getNextArg() allocates new string and stores
it into tkdata. But as soon as "--" is detected 'continue' is
issued without any free of the allocated memory.

  ==5304== 3 bytes in 1 blocks are definitely lost in loss record 1 of 782
  ==5304==    at 0x4C2AF50: malloc (vg_replace_malloc.c:299)
  ==5304==    by 0x8BB5AA9: strdup (strdup.c:42)
  ==5304==    by 0x55842CA: virStrdup (virstring.c:941)
  ==5304==    by 0x172B21: _vshStrdup (vsh.c:162)
  ==5304==    by 0x175E8E: vshCommandArgvGetArg (vsh.c:1622)
  ==5304==    by 0x17551D: vshCommandParse (vsh.c:1418)
  ==5304==    by 0x175F25: vshCommandArgvParse (vsh.c:1638)
  ==5304==    by 0x130940: virshParseArgv (virsh.c:820)
  ==5304==    by 0x130C49: main (virsh.c:922)

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

10 days agovsh: Drop useless check for cmd != NULL
Michal Privoznik [Tue, 2 Jan 2018 13:33:45 +0000]
vsh: Drop useless check for cmd != NULL

All our internal *Free() functions are capable of handling NULL.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

10 days agovsh: Drop useless check for opts != NULL
Michal Privoznik [Fri, 29 Dec 2017 11:19:47 +0000]
vsh: Drop useless check for opts != NULL

All our internal *Free() functions are capable of handling NULL.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

11 days agodocs: Add missing encryption type
John Ferlan [Thu, 11 Jan 2018 15:40:37 +0000]
docs: Add missing encryption type

Update the text to include "luks" as a possible value.

11 days agotests: Break symlink loop
Andrea Bolognani [Thu, 11 Jan 2018 13:18:59 +0000]
tests: Break symlink loop

distcheck, and possibly more stuff, breaks because of it.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>

11 days agotests: virhostcputest: testcase for S390 system
Bjoern Walk [Tue, 19 Dec 2017 10:08:01 +0000]
tests: virhostcputest: testcase for S390 system

Let's add a testcase for a S390 system running kernel version 4.14 on
LPAR.

Reviewed-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Signed-off-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

11 days agoutil: virhostcpu: parse frequency information on S390
Bjoern Walk [Tue, 19 Dec 2017 10:08:00 +0000]
util: virhostcpu: parse frequency information on S390

Since kernel version 4.7, processor frequency information is available
on S390. Let's adjust the parser so this information shows up for virsh
nodeinfo:

    # virsh nodeinfo
    CPU model:           s390x
    CPU(s):              8
    CPU frequency:       5000 MHz
    CPU socket(s):       1
    Core(s) per socket:  8
    Thread(s) per core:  1
    NUMA cell(s):        1
    Memory size:         16273908 KiB

Reviewed-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Signed-off-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

12 days agostorage: Complete implementation volume by hash object
John Ferlan [Tue, 10 Oct 2017 22:32:40 +0000]
storage: Complete implementation volume by hash object

Alter the volume logic to use the hash tables instead of forward
linked lists. There are three hash tables to allow for fast lookup
by name, target.path, and key.

Modify the virStoragePoolObjAddVol to place the object in all 3
tables if possible using self locking RWLock on the volumes object.
Conversely when removing the volume, it's a removal of the object
from the various hash tables.

Implement functions to handle remote ForEach and Search Volume
type helpers. These are used by the disk backend in order to
facilitate adding a primary, extended, or logical partition.

Implement the various VolDefFindBy* helpers as simple (and fast)
hash lookups. The NumOfVolumes, GetNames, and ListExport helpers
are all implemented using standard for each hash table calls.

12 days agostorage: Introduce _virStorageVolObj[List]
John Ferlan [Tue, 10 Oct 2017 20:49:04 +0000]
storage: Introduce _virStorageVolObj[List]

Prepare for hash table volume lists by creating the object infrastructure
for a Volume Object and Volume Object List

The _virStorageVolObj will contain just a pointer to the "current"
(and live) volume definition.

The _virStorageVolObjList will contain three hash tables, one for
each of the lookup options allowed for a volume.

12 days agostorage: Modify virStorageBackendDiskMakeDataVol logic
John Ferlan [Tue, 9 Jan 2018 16:31:01 +0000]
storage: Modify virStorageBackendDiskMakeDataVol logic

Alter the logic such that we only add the volume to the pool once
we've filled in all the information and cause failure to go to a
common error: label. Patches to place the @vol into a few hash tables
will soon "require" that at least the keys (name, target.path, and key)
be populated with valid data.

12 days agostorage: When delete volume avoid disk backend removal
John Ferlan [Tue, 9 Jan 2018 13:40:24 +0000]
storage: When delete volume avoid disk backend removal

For a disk backend, the deleteVol code will clear all the
volumes in the pool and perform a pool refresh, thus the
storageVolDeleteInternal should not use access @voldef
after deleteVol succeeds.

12 days agocpu_x86: Copy CPU signature from ancestor
Jiri Denemark [Fri, 5 Jan 2018 16:43:03 +0000]
cpu_x86: Copy CPU signature from ancestor

When specifying a new CPU model in cpu_map.xml as an extension to an
existing model, we forgot to copy the signature (family + model) from
the original CPU model.

We don't use this way of specifying CPU models, but it's still supported
and it becomes useful when someone wants to quickly hack up a CPU model
for testing or when creating additional variants of existing models to
help with fixing some spectral issues.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

12 days agocpu_x86: Add debug messages to x86DecodeUseCandidate
Jiri Denemark [Fri, 5 Jan 2018 16:43:27 +0000]
cpu_x86: Add debug messages to x86DecodeUseCandidate

When translating CPUID data into CPU model + features, the code
sometimes uses an unexpected CPU model. There may be several reasons for
this, starting with wrong expectations and ending with an actual bug in
our code. These debug messages will help determining the reason.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

12 days agocputest: Fix cpu-cpuid.py diff command
Jiri Denemark [Fri, 5 Jan 2018 13:35:42 +0000]
cputest: Fix cpu-cpuid.py diff command

The cpuidMap in cpu-cpuid.py was created for converting old data files
(with QEMU's feature-words bits) to the new model-expansion based data.
When I added tests for CPU live update based on disabled/enabled feature
lists I shamelessly used the existing cpuidMap for generating the
*-{enabled,disabled}.xml data files. Thus any new CPUID bits which are
not present in the original cpuidMap would be ignored. The correct thing
to do is to use cpu_map.xml.

All data files were fixed by running the following command:

    ./cpu-cpuid.py diff *.json

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

12 days agoapparmor, virt-aa-helper: drop static channel rule
Christian Ehrhardt [Tue, 9 Jan 2018 15:04:05 +0000]
apparmor, virt-aa-helper: drop static channel rule

This is now covered by DomainSetPathLabel being implemented in apparmor.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>

12 days agosecurity, apparmor: add (Set|Restore)ChardevLabel
Christian Ehrhardt [Tue, 9 Jan 2018 15:04:04 +0000]
security, apparmor: add (Set|Restore)ChardevLabel

Since 1b4f66e "security: introduce virSecurityManager
(Set|Restore)ChardevLabel" this is a public API of security manager.

Implementing this in apparmor avoids miss any rules that should be
added for devices labeled via these calls.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>

12 days agosecurity: full path option for DomainSetPathLabel
Christian Ehrhardt [Tue, 9 Jan 2018 15:04:03 +0000]
security: full path option for DomainSetPathLabel

virSecurityManagerDomainSetPathLabel is used to make a path known
to the security modules, but today is used interchangably for
 - paths to files/dirs to be accessed directly
 - paths to a dir, but the access will actually be to files therein

Depending on the security module it is important to know which of
these types it will be.

The argument allowSubtree augments the call to the implementations of
DomainSetPathLabel that can - per security module - decide if extra
actions shall be taken.

For now dac/selinux handle this as before, but apparmor will make
use of it to add a wildcard to the path that was passed.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

12 days agosecurity, apparmor: implement domainSetPathLabel
Christian Ehrhardt [Tue, 9 Jan 2018 15:04:02 +0000]
security, apparmor: implement domainSetPathLabel

This came up in discussions around huge pages, but it will cover
more per guest paths that should be added to the guests apparmor profile:
 - keys via qemuDomainWriteMasterKeyFile
 - per domain dirs via qemuProcessMakeDir
 - memory backing paths via qemuProcessBuildDestroyMemoryPathsImpl

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>

13 days agoapparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices
Jamie Strandboge [Wed, 20 Dec 2017 10:56:43 +0000]
apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices

Required to generate correct profiles when using usb passthrough.

Bug-Ubuntu: https://bugs.launchpad.net/bugs/565691

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Acked-by: Jamie Strandboge <jamie@ubuntu.com>
Acked-by: Intrigeri <intrigeri@boum.org>

13 days agoapparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd*
Jamie Strandboge [Tue, 19 Dec 2017 15:03:43 +0000]
apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd*

This is required for the ebtables functionality added in
libvirt 0.8.0.

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

13 days agoapparmor, libvirt-qemu: qemu won't call qemu-nbd
Christian Ehrhardt [Tue, 19 Dec 2017 15:03:42 +0000]
apparmor, libvirt-qemu: qemu won't call qemu-nbd

While libvirtd might do so, qemu itself as a guest will not need
to call qemu-nbd so remove it from the profile.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

13 days agoapparmor, libvirt-qemu: add default pki path of libvirt-spice
Christian Ehrhardt [Wed, 20 Dec 2017 11:41:55 +0000]
apparmor, libvirt-qemu: add default pki path of libvirt-spice

Adding the PKI path that is used as default suggestion in src/qemu/qemu.conf
If people use non-default paths they should use local overrides but the
suggested defaults we should open up.

This is the default path as referenced by src/qemu/qemu.conf in libvirt.

While doing so merge the several places we have to cover PKI access into
one.

Bug-Ubuntu: https://bugs.launchpad.net/bugs/1690140

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>

13 days agoapparmor, libvirt-qemu: Allow qemu-block-extra libraries
Jamie Strandboge [Wed, 20 Dec 2017 07:41:08 +0000]
apparmor, libvirt-qemu: Allow qemu-block-extra libraries

Allows (multi-arch enabled) access to libraries under the
/usr/lib/@{multiarch}/qemu/*.so path in the Debian/Ubuntu
qemu-block-extra package and all such libs for the paths
of rpm qemu-block-* packages.

Bug-Ubuntu: https://bugs.launchpad.net/bugs/1554761

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>

13 days agoapparmor, libvirt-qemu: Silence lttng related deny messages
Stefan Bader [Tue, 19 Dec 2017 15:03:35 +0000]
apparmor, libvirt-qemu: Silence lttng related deny messages

Prevent denial messages related to attempted reads on lttng
files from spamming the logs.

Bug-Ubuntu: https://bugs.launchpad.net/bugs/1432644

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

13 days agoapparmor, libvirt-qemu: Allow use of sgabios
Serge Hallyn [Tue, 19 Dec 2017 15:03:34 +0000]
apparmor, libvirt-qemu: Allow use of sgabios

Bug-Ubuntu: https://bugs.launchpad.net/bugs/1393548

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

13 days agoqemu: Prepare BIOS/UEFI when starting a domain
Michal Privoznik [Wed, 3 Jan 2018 07:08:07 +0000]
qemu: Prepare BIOS/UEFI when starting a domain

https://bugzilla.redhat.com/show_bug.cgi?id=1527740

Users might use a block device as UEFI VAR store. Or even have
OVMF stored there. Therefore, when starting a domain and separate
mount namespace is used, we have to create all the /dev entries
that are configured for the domain.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>

13 days agonews: add change of hot unplug redirdev
Chen Hanxiao [Fri, 5 Jan 2018 02:47:48 +0000]
news: add change of hot unplug redirdev

Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Chen Hanxiao <chenhanxiao@gmail.com>

13 days agoqemu: Add support for hot unplugging redirdev device
Chen Hanxiao [Fri, 5 Jan 2018 02:47:47 +0000]
qemu: Add support for hot unplugging redirdev device

Commit id '162efa1a' added support hotplug a redirdev, but
did not add the hot unplug. This patch will add that support
to allow usage of the detach-device --live on the device.

Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Chen Hanxiao <chenhanxiao@gmail.com>

2 weeks agoutil: Don't report CPU frequency for ARM hosts
Andrea Bolognani [Mon, 11 Dec 2017 15:09:20 +0000]
util: Don't report CPU frequency for ARM hosts

Some ARM platforms, such as the original Raspberry Pi, report the
CPU frequency in the BogoMIPS field of /proc/cpuinfo, so libvirt
parsed that field and returned it through its API.

However, not only many more boards don't report any value there,
but several - including ARMv8-based server hardware, and even the
more recent Raspberry Pi 3 - use this field as originally intended:
to report the BogoMIPS value instead of the CPU frequency.

Since we have no way of detecting how the field is being used,
it's better to report no information at all rather than something
ludicrous like "your shiny 96-core aarch64 virtualization host's
CPUs are running at a whopping 100 MHz".

Partially-resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1206353

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>

2 weeks agoutil: Improve CPU frequency parsing
Andrea Bolognani [Mon, 11 Dec 2017 14:32:49 +0000]
util: Improve CPU frequency parsing

Make the parser both more strict, by not ignoring errors reported
by virStrToLong_ui(), and more permissive, by not failing due to
unrelated fields which just happen to have a know prefix and
accepting any amount of whitespace before the numeric value.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

2 weeks agoutil: Print architecture name in /proc/cpuinfo parser
Andrea Bolognani [Thu, 14 Dec 2017 12:26:26 +0000]
util: Print architecture name in /proc/cpuinfo parser

Instead of a generic "your architecture", print the actual
architecture name.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

2 weeks agoutil: virhostcpu: factor out frequency parsing
Bjoern Walk [Thu, 30 Nov 2017 11:50:47 +0000]
util: virhostcpu: factor out frequency parsing

All different architectures use the same copy-pasted code to parse
processor frequency information from /proc/cpuinfo. Let's extract that
code into a function to avoid repetition.

We now also tolerate if the parsing of /proc/cpuinfo is not successful
and just report a warning instead of bailing out and abandoning the rest
of the CPU information.

Reviewed-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

2 weeks agotests: Add host CPU data for Moonshot (RHEL 7.4)
Andrea Bolognani [Mon, 11 Dec 2017 15:30:39 +0000]
tests: Add host CPU data for Moonshot (RHEL 7.4)

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>

2 weeks agoqemuDomainAttachDeviceMknodHelper: Remove symlink before creating it
Michal Privoznik [Thu, 4 Jan 2018 10:11:53 +0000]
qemuDomainAttachDeviceMknodHelper: Remove symlink before creating it

https://bugzilla.redhat.com/show_bug.cgi?id=1528502

So imagine you have /dev/blah symlink which points to /dev/sda.
You attach /dev/blah as disk to your domain. Libvirt correctly
creates the /dev/blah -> /dev/sda symlink in the qemu namespace.
However, then you detach the disk, change the symlink so that it
points to /dev/sdb and tries to attach the disk again. This time,
however, the attach fails (well, qemu attaches wrong disk)
because the code assumes that symlinks don't change. Well they
do.

This is inspired by test fix written by Eduardo Habkost.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>

2 weeks agoqemu: Add support for pseries machine's max-cpu-compat= parameter
Shivaprasad G Bhat [Fri, 5 Jan 2018 13:48:00 +0000]
qemu: Add support for pseries machine's max-cpu-compat= parameter

When the -machine pseries,max-cpu-compat=X is supported use
machine parameter instead of -cpu host,compat=X parameter as
that is deprecated now with qemu >= v2.10.

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1519146

Signed-off-by: Shivaprasad G Bhat <sbhat@linux.vnet.ibm.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>