Add the fields to support setting tls-creds and tls-hostname during
a migration (either source or target). Modify the query migration
function to check for the presence and set the field for future
consumers to determine which of 3 conditions is being met (NULL,
present and set to "", or present and sent to something). These
correspond to qemu commit id '4af245dc3' which added support to
default the value to "" and allow setting (or resetting) to ""
in order to disable. This reset option allows libvirt to properly
use the tls-creds and tls-hostname parameters.

Modify code paths that either allocate or use stack space in order
to call qemuMigrationParamsClear or qemuMigrationParamsFree for cleanup.
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>

If the variable store (<nvram>) file is raw qemu can't do a snapshot of
it and thus the snapshot fails. QEMU rejects such snapshot by a message
which would not be properly interpreted as an error by libvirt.

Additionally allowing to use a qcow2 variable store backing file would
solve this issue but then it would become eligible to become target of
the memory dump.

Offline internal snapshot would be incomplete too with either storage
format since libvirt does not handle the pflash file in this case.

Forbid such snapshot so that we can avoid problems.

The qemuDomainSnapshotPrepare should always set a > 0 format value anyway,
so remove the check.

Found by Coverity.

We reported error in caller virQEMUCapsCacheLookupByArch.
So the same error messages in qemuConnectGetDomainCapabilities
is useless.
Signed-off-by: NChen Hanxiao <chenhanxiao@gmail.com>

While the code path that queries the monitor allocates a separate copy
of the 'group_name' string the path querying the config would not copy
it. The call to virTypedParameterAssign would then steal the pointer
(without clearing it) and the RPC layer freed it. Any subsequent call
resulted into a crash.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1433183

https://bugzilla.redhat.com/show_bug.cgi?id=1379200

When we are restoring a domain from a saved image, or just
updating its XML in the saved image - we have to make sure that
the ABI guests sees will not change. We have a function for that
which reports errors. But for some reason if this function fails,
we call it again with slightly different argument. Therefore it
might happen that we overwrite the original error and leave user
with less helpful one.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

This patch adds support and documentation
for the emulation_faults perf event.
Signed-off-by: NNitesh Konkar <nitkon12@linux.vnet.ibm.com>

This patch adds support and documentation
for the alignment_faults perf event.
Signed-off-by: NNitesh Konkar <nitkon12@linux.vnet.ibm.com>

This patch adds support and documentation
for the page_faults_maj perf event.
Signed-off-by: NNitesh Konkar <nitkon12@linux.vnet.ibm.com>

This patch adds support and documentation
for the page_faults_min perf event.
Signed-off-by: NNitesh Konkar <nitkon12@linux.vnet.ibm.com>

This patch adds support and documentation
for the cpu_migrations perf event.
Signed-off-by: NNitesh Konkar <nitkon12@linux.vnet.ibm.com>

This patch adds support and documentation
for the context_switches perf event.
Signed-off-by: NNitesh Konkar <nitkon12@linux.vnet.ibm.com>

This patch adds support and documentation
for the page_faults perf event.
Signed-off-by: NNitesh Konkar <nitkon12@linux.vnet.ibm.com>

This patch adds support and documentation for
the task_clock perf event.
Signed-off-by: NNitesh Konkar <nitkon12@linux.vnet.ibm.com>

This patch adds support and documentation for
the cpu_clock perf event.
Signed-off-by: NNitesh Konkar <nitkon12@linux.vnet.ibm.com>

Now that we have some qemuSecurity wrappers over
virSecurityManager APIs, lets make sure everybody sticks with
them. We have them for a reason and calling virSecurityManager
API directly instead of wrapper may lead into accidentally
labelling a file on the host instead of namespace.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

Previously the code called virStorageSourceUpdateBlockPhysicalSize which
did not do anything on empty drives since it worked only on block
devices. After the refactor in c5f61513 it's called for all devices
and thus attempts to deref the NULL path of empty drives.

Add a check that skips the update of the physical size if the storage
source is empty.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1420718

Add code that validates user's selection of cores and then uses the
existing code to plug in the vCPU.

Signed-off-by: NPavel Hrdina <phrdina@redhat.com>

This follows the same check for disk, because we cannot remove iothread
if it's used by disk or by controller.  It could lead to crashing QEMU.
Signed-off-by: NPavel Hrdina <phrdina@redhat.com>

Signed-off-by: NPavel Hrdina <phrdina@redhat.com>

If virDomainDelIOThread API was called with VIR_DOMAIN_AFFECT_LIVE
and VIR_DOMAIN_AFFECT_CONFIG and both XML were already a different
it could result in removing iothread from config XML even if there
was a disk using that iothread.
Signed-off-by: NPavel Hrdina <phrdina@redhat.com>

Signed-off-by: NPavel Hrdina <phrdina@redhat.com>

Signed-off-by: NPavel Hrdina <phrdina@redhat.com>

The bare fact that mnt namespace is available is not enough for
us to allow/enable qemu namespaces feature. There are other
requirements: we must copy all the ACL & SELinux labels otherwise
we might grant access that is administratively forbidden or vice
versa.
At the same time, the check for namespace prerequisites is moved
from domain startup time to qemu.conf parser as it doesn't make
much sense to allow users to start misconfigured libvirt just to
find out they can't start a single domain.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

These functions do not need to see the whole virDomainDiskDef.
Moreover, they are going to be called from places where we don't
have access to the full disk definition. Sticking with
virStorageSource is more than enough.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

Now that we have a function for properly assigning the blockdeviotune
info, let's use it instead of dropping the group name on every
assignment.  Otherwise it will not work with both --live and --config
options.
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

For example when both total_bytes_sec and total_bytes_sec_max are set,
but the former gets cleaned due to new call setting, let's say,
read_bytes_sec, we end up with this weird message for the command:

 $ virsh blkdeviotune fedora vda --read-bytes-sec 3000
 error: Unable to change block I/O throttle
 error: unsupported configuration: value 'total_bytes_sec_max' cannot be set if 'total_bytes_sec' is not set

So let's make it more descriptive.  This is how it looks after the change:

 $ virsh blkdeviotune fedora vda --read-bytes-sec 3000
 error: Unable to change block I/O throttle
 error: unsupported configuration: cannot reset 'total_bytes_sec' when 'total_bytes_sec_max' is set

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1344897Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

Well, just two.  One indentation and the usage of 'ret'.
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

We were setting it based on whether it was supported and that lead to
setting it to NULL, which our JSON code caught.  However it ended up
producing the following results:

 $ virsh blkdeviotune fedora vda --total-bytes-sec-max 2000
 error: Unable to change block I/O throttle
 error: internal error: argument key 'group' must not have null value
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

Move all the worker code into the appropriate file. This will also allow
testing of cpu hotplug.

Extract the call to qemuDomainSelectHotplugVcpuEntities outside of
qemuDomainSetVcpusLive and decide whether to hotplug or unplug the
entities specified by the cpumap using a boolean flag.

This will allow to use qemuDomainSetVcpusLive in cases where we prepare
the list of vcpus to enable or disable by other means.

This reverts commit ae16c95f.

For the blockjobs, where libvirt is able to track the state internally
we can fix locking of images we can remove the appropriate locks.

Also when doing a pivoting operation we should not acquire the lock on
any of those images since both are actually locked already.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1302168

Images that became the backing chain of the current image due to the
snapshot need to be unlocked in the lock manager. Also if qemu was
paused during the snapshot the current top level images need to be
released until qemu is resumed so that they can be acquired properly.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1191901

The code at first changed the definition and then rolled it back in case
of failure. This was ridiculous. Refactor the code so that the image in
the definition is changed only when the snapshot is successful.

The refactor will also simplify further fix of image locking when doing
snapshots.

Libvirt is able to properly model what happens to the backing chain
after a snapshot so there's no real need to redetect the data.
Additionally with the _REUSE_EXT flag this might end up in redetecting
wrong data if the user puts wrong backing chain reference into the
snapshot image.

The code at the very bottom of the DAC secdriver that calls
chown() should be fine with read-only data. If something needs to
be prepared it should have been done beforehand.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

When coldplugging vcpus to a VM that already has a few hotpluggable
vcpus the code might generate invalid configuration as
non-hotpluggable cpus need to be clustered starting from vcpu 0.

This fix forces the added vcpus to be hotpluggable in such case.

Fixes a corner case described in:
https://bugzilla.redhat.com/show_bug.cgi?id=1370357

This patch adds support and documentation for
a generalized hardware cache event called cache_l1d
perf event.
Signed-off-by: NNitesh Konkar <nitkon12@linux.vnet.ibm.com>