When gnutls negotiates TLS 1.3 instead of 1.2, the order of messages
sent by the handshake changes. This exposed a logic bug in the test
suite which caused us to wait for the server to see handshake
completion, but not wait for the client to see completion. The result
was the client didn't receive the certificate for verification and the
test failed.

This is exposed in Fedora 29 rawhide which has just enabled TLS 1.3 in
its GNUTLS builds.
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>

Historically, we've always enabled an emulated video device every time we
see that graphics should be supported with a guest. With the appearance
of mediated devices which can support QEMU's vfio-display capability,
users might want to use such a device as the only video device.
Therefore introduce a new, effectively a 'disable', type for video
device.
Reviewed-by: NJán Tomko <jtomko@redhat.com>
Signed-off-by: NErik Skultety <eskultet@redhat.com>

Since QEMU 2.12, QEMU understands a new vfio-pci device option 'display'
which can be used to turn on display capabilities on vgpu-enabled
mediated devices, IOW emulated GPU devices like QXL will no longer be
needed with vgpu-enable mdevs.
QEMU defaults to 'auto' for the 'display' attribute, which is not
foolproof, so we need to play it safe here and default to display='off'
if this attribute wasn't provided in the XML explicitly.
Reviewed-by: NJán Tomko <jtomko@redhat.com>
Signed-off-by: NErik Skultety <eskultet@redhat.com>

QEMU 2.12 introduced a new type of display for mediated devices using
vfio-pci backend which allows a mediated device to be used as a VGA
compatible device as an alternative to an emulated video device. QEMU
exposes this feature via a vfio device property 'display' with supported
values 'on/off/auto' (libvirt will default to 'off').

This patch adds the necessary bits to domain config handling in order to
expose this feature. Since there's no convenient way for libvirt to come
up with usable defaults for the display setting, simply because libvirt
is not able to figure out which of the display implementations - dma-buf
which requires OpenGL support vs vfio regions which doesn't need OpenGL
(works with OpenGL enabled too) - the underlying mdev uses.
Reviewed-by: NJán Tomko <jtomko@redhat.com>
Signed-off-by: NErik Skultety <eskultet@redhat.com>

QEMU 2.12 introduced a new vfio-pci device option 'display=on/off/auto'.
This patch introduces the necessary capability.
Signed-off-by: NErik Skultety <eskultet@redhat.com>
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

Since 2.10 QEMU supports a new display type egl-headless which uses the
drm nodes for OpenGL rendering copying back the rendered bits back to
QEMU into a dma-buf which can be accessed by standard "display" apps
like VNC or SPICE. Although this display type can be used on its own,
for any practical use case it makes sense to pair it with either VNC or
SPICE display. The clear benefit of this display is that VNC gains
OpenGL support, which it natively doesn't have, and SPICE gains remote
OpenGL support (native OpenGL support only works locally through a UNIX
socket, i.e. listen type=socket/none).
Reviewed-by: NJán Tomko <jtomko@redhat.com>
Signed-off-by: NErik Skultety <eskultet@redhat.com>

Since QEMU 2.10, it's possible to use a new type of display -
egl-headless which uses drm nodes to provide OpenGL support. This patch
adds a capability for that. However, since QEMU doesn't provide a QMP
command to probe it, we have to base the capability on specific QEMU
version.
Acked-by: NMichal Privoznik <mprivozn@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>
Signed-off-by: NErik Skultety <eskultet@redhat.com>

Add a second check for Jansson >= 2.8, which includes
fixes to preserve ordering of object keys.

Use this constant to guard tests that depend on stable ordering.
Signed-off-by: NJán Tomko <jtomko@redhat.com>

Yajl has not seen much activity upstream recently.
Switch to using Jansson >= 2.5.

All the platforms we target on https://libvirt.org/platforms.html
have a version >= 2.7 listed on the sites below:
https://repology.org/metapackage/jansson/versions
https://build.opensuse.org/package/show/devel:libraries:c_c++/libjansson

Additionally, Ubuntu 14.04 on Travis-CI has 2.5. Set the requirement
to 2.5 since we don't use anything from newer versions.

Implement virJSONValue{From,To}String using Jansson, delete the yajl
code (and the related virJSONParser structure) and report an error
if someone explicitly specifies --with-yajl.

Also adjust the test data to account for Jansson's different whitespace
usage for empty arrays and tune up the specfile to keep 'make rpm'
working when bisecting.
Signed-off-by: NJán Tomko <jtomko@redhat.com>

The tls, x509 and x509verify options were deprecated in QEMU v2.5.0:

commit 3e305e4a4752f70c0b5c3cf5b43ec957881714f7
Author:     Daniel P. Berrange <berrange@redhat.com>

    ui: convert VNC server to use QCryptoTLSSession

Use the tls-creds-x509 object when available.

https://bugzilla.redhat.com/show_bug.cgi?id=1598167Signed-off-by: NJán Tomko <jtomko@redhat.com>

Add a test with QEMU 2.4.0 capabilites, as well as the latest caps.

The code paths for formatting TLS options will be altered and
2.4.0 is the newest version where QEMU_CAPS_OBJECT_TLS_CREDS_X509
is not supported.
Signed-off-by: NJán Tomko <jtomko@redhat.com>

The disk command line is tested elsewhere.
Signed-off-by: NJán Tomko <jtomko@redhat.com>

The original capabilities didn't include a patched kernel for spectre,
SPICE gl support and had xen support enabled which we already have
dropped.
Signed-off-by: NErik Skultety <eskultet@redhat.com>

We were missing these for x86_64 arch, so this is just for completeness.
Signed-off-by: NErik Skultety <eskultet@redhat.com>

Test some more QMP commands against the schema.
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>

The 'simpleFunc' data structure is overwritten by the code generated
from the macros which initiate the tests. This means that most of the
tests would get NULL 'schema' member which means that the schema
validation would not take place.
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>

The debug output of the schema validator on success is not so
interesting that it should be printed when basic debugging is enabled.

Print it only when test debugging is set to 3 and more.
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>

virQEMUQAPISchemaPathGet returns success when a given schema path was
not found but the returned object is set to NULL. This meant that we'd
call testQEMUSchemaValidate with the schemaroot being NULL which lead to
a crash if a mistyped monitor command was tested.
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>

Message stating which schema replies file is being used would be
squashed with other messages.
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>

s/testQEMUSchemaValidateArrayBuiltin/testQEMUSchemaValidateBuiltin/
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>

Use the new proper location for the read/write error policy selection.
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

Support for specifying it with the -device frontend was added recently.
Add a capability for it.
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

Add output arguments generated with the latest qemu capabilities.
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

Add multiple drives with the various configurations rather than having
multiple tests.
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

To allow using -blockdev with RBD we need to support the recently added
RBD authentication.
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

Based on qemu commit ab3257c281c1a1a91da1090ac9e38ddd8f860c63
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

We now take the schema from the qemucapabilitiestest data.
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

Add helpers that allow using the latest schema from the replies from an
actual qemu which are recorded for the purpose of the qemucapabilities
test instead of an unsynced copy stored in qemuqapischema.json.
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

We are testing character devices so the disk is not necessary. Minimize
the configuration. This will prevent changes when switching to blockdev.
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

QEMU uses a shorthand '-sdl' which maps to '-display sdl'. However, if
there are any options to be passed to SDL, the full command version must
be used. Everything seemingly worked for us until commit 5038b300
introduced OpenGL support for SDL and added ',gl=on/off' option which as
mentioned above could have never worked with the shorthand version of
the command. Indeed starting a domain with an SDL display and OpenGL
enabled, QEMU produces a rather cryptic error:

-sdl: Could not open 'gl=on': No such file or directory

This patch provides fixes to both the SDL cmdline generation and the
test suite.
Signed-off-by: NErik Skultety <eskultet@redhat.com>
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>

When support was adding for passing a pre-opened listener socket to UNIX
chardevs, it accidentally passed the listener socket for client mode
chardevs too with predictable amounts of fail resulting. This affects
libvirt when using QEMU >= 2.12

Expand the unit test coverage to validate that we are only doing FD
passing when operating in server mode.

  https://bugzilla.redhat.com/show_bug.cgi?id=1598440Tested-by: NRichard W.M. Jones <rjones@redhat.com>
Reported-by: NRichard W.M. Jones <rjones@redhat.com>
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>

QEMU chardevs have a bug which makes the vhostuser backend complain
about lack of support for FD passing when validating the chardev.
While this is ultimately QEMU's responsibility to fix, libvirt needs to
avoid tickling the bug.

Simply disabling chardev FD passing just for vhostuser's chardev is
the most prudent approach, avoiding need for a QEMU version number
check.
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>

Currently we format the serial, geometry and error policy on the -drive
backend argument.

QEMU added the ability to set serial and geometry on the frontend in
the 1.2 release deprecating use of -drive, with support being deleted
from -drive in 3.0.

We keep formatting error policy on -drive for now, because we don't
ahve support for that with -device for usb-storage just yet.

Note that some disk buses (sd) still don't support -device. Although
QEMU allowed these properties to be set on -drive for if=sd, they
have been ignored so we now report an error in this case.
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>

This makes the feature fully operational.

https://bugzilla.redhat.com/show_bug.cgi?id=1525599Signed-off-by: NAndrea Bolognani <abologna@redhat.com>
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>

Signed-off-by: NAndrea Bolognani <abologna@redhat.com>
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>

Signed-off-by: NAndrea Bolognani <abologna@redhat.com>
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>

Call the internal version of qemuMonitorGetAllBlockStatsInfo API and
rename the test accordingly.
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>

testQemuMonitorJSONqemuMonitorJSONGetBlockStatsInfo added 4 replies but
only one was used. Additionally the comment stated that 7 replies are
going to be added.
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>

Starting with QEMU 2.9, encryption convert processing requires
a multi-step process in order to generate an encrypted image from
some non encrypted raw image.

Processing requires to first create an encrypted image using the
sizing parameters from the input source and second to use the
--image-opts, -n, and --target-image-opts options along with inline
driver options to describe the input and output files, generating
two commands such as:

  $ qemu-img create -f luks \
      --object secret,id=demo.img_encrypt0,file=/path/to/secretFile \
      -o key-secret=demo.img_encrypt0 \
      demo.img 500K
  Formatting 'demo.img', fmt=luks size=512000 key-secret=demo.img_encrypt0
  $ qemu-img convert --image-opts -n --target-image-opts \
      --object secret,id=demo.img_encrypt0,file=/path/to/secretFile \
      driver=raw,file.filename=sparse.img \
      driver=luks,file.filename=demo.img,key-secret=demo.img_encrypt0
  $

This patch handles the convert processing by running the processing
in a do..while loop essentially reusing the existing create logic and
arguments to create the target vol from the inputvol and then converting
the inputvol using new arguments.

This then allows the following virsh command to work properly:

  virsh vol-create-from default encrypt1-luks.xml data.img --inputpool default

where encrypt1-luks.xml would provided the path and secret for
the new image, while data.img would be the source image.
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
ACKed-by: NMichal Privoznik <mprivozn@redhat.com>

https://bugzilla.redhat.com/show_bug.cgi?id=1526382

Since commit c4eedd79 disallowed qcow2 encrypted images to be
used for domains, it no longer makes sense to allow a qcow2
encrypted volume to be created or resized.

Add a test that will exhibit the failure of creation as well
as the xml2xml validation of the format still being correct.

Update the documentation to note the removal of the capability
to create and use qcow/default encrypted volumes.
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
ACKed-by: NMichal Privoznik <mprivozn@redhat.com>