This function retrieves the name of the OVS bridge that the given
netdev is attached to. This separate function is necessary because OVS
set the IFLA_MASTER attribute to "ovs-system" for all netdevs that are
attached to an OVS bridge, so the standard method of retrieving the
master can't be used.
Signed-off-by: NLaine Stump <laine@laine.org>
ACKed-by: NMichal Privoznik <mprivozn@redhat.com>

the last use of this function was deleted in commit
    19a148b7Signed-off-by: NAnya Harter <aharter@redhat.com>

the last use of this function was deleted in commit
    1aa5e66cSigned-off-by: NAnya Harter <aharter@redhat.com>

It's in the domain_addr.h section, but should be in the
domain_conf.h section
Signed-off-by: NCole Robinson <crobinso@redhat.com>

Remove the callbacks that the nwfilter driver registers with the domain
object config layer. Instead make the current helper methods call into
the public API for creating/deleting nwfilter bindings.
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>

Now that the nwfilter driver keeps a list of bindings that it has
created, there is no need for the complex virt driver callbacks. It is
possible to simply iterate of the list of recorded filter bindings.

This means that rebuilding filters no longer has to acquire any locks on
the virDomainObj objects, as they're never touched.
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>

Introduce a new struct to act as the manager of a collection of
virNWFilterBindingObjPtr objects.
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>

Introduce a new struct to act as the stateful owner of the
virNWFilterBindingDefPtr objects.
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>

When the daemons are split there will need to be a way for the virt
drivers and/or network driver to create and delete bindings between
network ports and network filters. This defines a set of public APIs
that are suitable for managing this facility.
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>

A typical XML representation of the virNWFilterBindingDefPtr struct
looks like this:

  <filterbinding>
    <owner>
      <name>f25arm7</name>
      <uuid>12ac8b8c-4f23-4248-ae42-fdcd50c400fd</uuid>
    </owner>
    <portdev name='vnet1'/>
    <mac address='52:54:00:9d:81:b1'/>
    <filterref filter='clean-traffic'>
      <parameter name='MAC' value='52:54:00:9d:81:b1'/>
    </filterref>
  </filterbinding>
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>

There's no code sharing between virNWFilterDef and
virNWFilterBindingDefPtr types, so it is clearer if they live in
separate source files and headers.
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>

We are going to want to expose the NWFilter binding concept in the
public API, so the virNWFilterBindingPtr type needs to be used there.
Our internal type will shortly gain an XML representation, so rename
it to virNWFilterBindingDefPtr which follows our normal conventions.
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>

The last usages were removed with the xend driver in 1dac5fbbReviewed-by: NErik Skultety <eskultet@redhat.com>
Signed-off-by: NCole Robinson <crobinso@redhat.com>

QEMU version >= 2.12 provides support for launching an encrypted VMs on
AMD x86 platform using Secure Encrypted Virtualization (SEV) feature.
This patch adds support to query the SEV capability from the qemu.
Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com>
Reviewed-by: NErik Skultety <eskultet@redhat.com>

It will be used in that file later on, plus it makes sense for all the
implementations to be in same place.  Also comment each one of them nicely and
add a comment explaining why they all need to end with the same _LAST value.
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

There is no need to have virResctrlGetInfo() when it must be called after
virResctrlInfoNew() anyway, otherwise it's just an unusable object.  When we
wrap the logic inside the New() function we'll save some calls later as well.
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

We already have virFileLock(), but we are now using flock() in the code as
well (due to requirements for mutual exclusion between libvirt and other
programs using flock() as well), so let's have a function for that as well so we
don't need to have stubs for unsupported platforms in other files.
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

The dirent's d_type field is not portable to all platforms. So we have
to use stat() to determine the type of file for the functions that need
to be cross-platform. Fix virFileChownFiles() by calling the new
virFileIsRegular() function.
Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>

In this patch we label the swtpm process with SELinux labels. We give it the
same label as the QEMU process has. We label its state directory and files
as well. We restore the old security labels once the swtpm has terminated.

The file and process labels now look as follows:

Directory: /var/lib/libvirt/swtpm

[root@localhost swtpm]# ls -lZ
total 4
rwx------. 2 tss  tss  system_u:object_r:svirt_image_t:s0:c254,c932 4096 Apr  5 16:46 testvm

[root@localhost testvm]# ls -lZ
total 8
-rw-r--r--. 1 tss tss system_u:object_r:svirt_image_t:s0:c254,c932 3648 Apr  5 16:46 tpm-00.permall

The log in /var/log/swtpm/libvirt/qemu is labeled as follows:

-rw-r--r--. 1 tss tss system_u:object_r:svirt_image_t:s0:c254,c932 2237 Apr  5 16:46 vtpm.log

[root@localhost 485d0004-a48f-436a-8457-8a3b73e28567]# ps auxZ | grep swtpm | grep ctrl | grep -v grep
system_u:system_r:svirt_t:s0:c254,c932 tss 25664 0.0  0.0 28172  3892 ?        Ss   16:57   0:00 /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/var/run/libvirt/qemu/swtpm/testvm-swtpm.sock,mode=0660 --tpmstate dir=/var/lib/libvirt/swtpm/testvm/tpm1.2 --log file=/var/log/swtpm/libvirt/qemu/testvm-swtpm.log

[root@localhost 485d0004-a48f-436a-8457-8a3b73e28567]# ps auxZ | grep qemu | grep tpm | grep -v grep
system_u:system_r:svirt_t:s0:c254,c932 qemu 25669 99.0  0.0 3096704 48500 ?    Sl   16:57   3:28 /bin/qemu-system-x86_64 [..]
Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

Implement virFileChownFiles() which changes file ownership of all
files in a given directory.
Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

Now that virCryptoGenerateRandom() is plain wrapper over
virRandomBytes() we can drop it in favour of the latter.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

Signed-off-by: NFilip Alac <filipalac@gmail.com>
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

Signed-off-by: NFilip Alac <filipalac@gmail.com>
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

With blockdev support we will need to introspect whether any of the
backing chain members requires PR rather just one of them. Add a helper
and reuse it in virDomainDefHasManagedPR.
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

s/virQEMUBuildObjectCommandlineFromJSON/virQEMUBuildObjectCommandlineFromJSONType/

The function adds the object of a certain type. Change the name so that
we make room for the generic function.
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

Introduce a function for comparing two vsock definitions.

https://bugzilla.redhat.com/show_bug.cgi?id=1291851Signed-off-by: NJán Tomko <jtomko@redhat.com>
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>

Allow hotplugging the vsock device.

https://bugzilla.redhat.com/show_bug.cgi?id=1291851Signed-off-by: NJán Tomko <jtomko@redhat.com>
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>

A file for vsock-related helper functions.
virVsockSetGuestCid to set an already-known CID,
virVsockAcquireGuestCid that will use the first available CID

https://bugzilla.redhat.com/show_bug.cgi?id=1291851Signed-off-by: NJán Tomko <jtomko@redhat.com>

A type to represent the new vsock device.
Also implement an allocation function to allow future addition
of private data.

https://bugzilla.redhat.com/show_bug.cgi?id=1291851Signed-off-by: NJán Tomko <jtomko@redhat.com>

Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

It will be used when parsing the migration private data.
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>

Extract the lookup code so that it can be reused later.
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>

The function now does not do anything useful. Replace it by the pointer
check.
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>

Rename to storageBackendCreateQemuImgOpts - which is what it's doing.
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>

Add the function virHostdevIsMdevDevice() which detects whether a
hostdev is a mediated device or not. Also, replace all existing
conditionals.
Signed-off-by: NShalini Chellathurai Saroja <shalini@linux.vnet.ibm.com>
Reviewed-by: NBjoern Walk <bwalk@linux.ibm.com>
Reviewed-by: NBoris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>

A function that keeps the hash in binary form instead of converting
it to human-readable hexadecimal form.
Signed-off-by: NJán Tomko <jtomko@redhat.com>

QEMU has possibility to call madvise(.., MADV_REMOVE) in some
cases. Expose this feature to users by new element/attribute
discard.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

For command line we need two things:

1) -object pr-manager-helper,id=$alias,path=$socketPath
2) -drive file.pr-manager=$alias

In -object pr-manager-helper we tell qemu which socket to connect
to, then in -drive file-pr-manager we just reference the object
the drive in question should use.

For managed PR helper the alias is always "pr-helper0" and socket
path "${vm->priv->libDir}/pr-helper0.sock".
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>