This makes the feature fully operational.

https://bugzilla.redhat.com/show_bug.cgi?id=1525599Signed-off-by: NAndrea Bolognani <abologna@redhat.com>
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>

Add comma escaping for netsource. This is done here because
qemuBuildNetworkDriveStr has other external callers which
may not expect an escaped comma; however, this particular
command building path needs to perform the escaping for the
hostdev command line, so we do it now to ensure src->path
and src->host->name are covered.
Signed-off-by: NAnya Harter <aharter@redhat.com>

Instead of source to enable use of virBuffer functions in
string construction.
Signed-off-by: NAnya Harter <aharter@redhat.com>

This makes the feature fully functional.

https://bugzilla.redhat.com/show_bug.cgi?id=1571078Signed-off-by: NAndrea Bolognani <abologna@redhat.com>

This doesn't seem very useful at the moment, but it will make
sense once we introduce another HPT-related setting.

The output XML is decoupled from the input XML in preparation
of future changes as well; while doing so, we can shave a few
lines off the latter.

This commit is best viewed with 'git show -w'.
Signed-off-by: NAndrea Bolognani <abologna@redhat.com>

We're going to introduce a second HPT-related setting soon,
at which point using a single location to store everything is
no longer going to cut it.

This mostly, but not completely, reverts 3dd1eb3b.
Signed-off-by: NAndrea Bolognani <abologna@redhat.com>

The UNIX socket FDs were we passing to QEMU inherited a label based on
libvirtd's context. QEMU is thus denied ability to access the UNIX
socket. We need to use the security manager to change our current
context temporarily when creating the UNIX socket FD.
Reviewed-by: NLaine Stump <laine@laine.org>
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>

Add comma escaping for disk->blkdeviotune.group_name.
Signed-off-by: NAnya Harter <aharter@redhat.com>
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>

- Switch to cleanup: label and share free calls
- Don't overwrite qemuBuildNicDevStr error
Signed-off-by: NCole Robinson <crobinso@redhat.com>

VMs with hardcoded platform network devices are forced to use old
style '-net nic' command line config. Current we use qemu's vlan
option to hook this with the '-netdev' host side of things.

However since qemu 1.2 there is '-net nic,netdev=X' option for
explicitly referencing a netdev ID, which is more inline with
typical VM commandlines, so let's switch to that
Signed-off-by: NCole Robinson <crobinso@redhat.com>

Hardcode the only string that's passed in
Signed-off-by: NCole Robinson <crobinso@redhat.com>

Makes it less ambiguous
Signed-off-by: NCole Robinson <crobinso@redhat.com>

It doesn't have any external callers
Signed-off-by: NCole Robinson <crobinso@redhat.com>

Add comma escaping for cfg->spiceTLSx509certdir and
graphics->data.spice.rendernode.
Signed-off-by: NAnya Harter <aharter@redhat.com>
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>

Add comma escaping for smartcard->data.cert.file[i] and
smartcard->data.cert.database.
Signed-off-by: NAnya Harter <aharter@redhat.com>
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>

Add comma escaping for fileval.
Signed-off-by: NAnya Harter <aharter@redhat.com>
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>

Add comma escaping for dev->data.file.path in cases
VIR_DOMAIN_CHR_TYPE_DEV and VIR_DOMAIN_CHR_TYPE_PIPE.
Signed-off-by: NAnya Harter <aharter@redhat.com>
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>

Signed-off-by: NJán Tomko <jtomko@redhat.com>
Reviewed-by: NBrijesh Singh <brijesh.singh@amd.com>
Tested-by: NBrijesh Singh <brijesh.singh@amd.com>
Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>

Some identifiers use Sev, some SEV. Prefer the latter.
Signed-off-by: NJán Tomko <jtomko@redhat.com>
Reviewed-by: NBrijesh Singh <brijesh.singh@amd.com>
Tested-by: NBrijesh Singh <brijesh.singh@amd.com>
Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>

The buffer is not freed anywhere. Nor in the error paths. Also
the usage virCommand with respect to buffer is very odd.

==2504== 1,100 bytes in 1 blocks are definitely lost in loss record 167 of 175
==2504==    at 0x4C2CE3F: malloc (vg_replace_malloc.c:298)
==2504==    by 0x4C2F1BF: realloc (vg_replace_malloc.c:785)
==2504==    by 0x5D32EE2: virReallocN (viralloc.c:245)
==2504==    by 0x5D37278: virBufferGrow (virbuffer.c:150)
==2504==    by 0x5D3783E: virBufferVasprintf (virbuffer.c:408)
==2504==    by 0x5D377A9: virBufferAsprintf (virbuffer.c:381)
==2504==    by 0x57017C1: qemuBuildSevCommandLine (qemu_command.c:9707)
==2504==    by 0x57030F7: qemuBuildCommandLine (qemu_command.c:10324)
==2504==    by 0x575FA48: qemuProcessCreatePretendCmd (qemu_process.c:6644)
==2504==    by 0x11351A: testCompareXMLToArgv (qemuxml2argvtest.c:564)
==2504==    by 0x1392F7: virTestRun (testutils.c:180)
==2504==    by 0x137895: mymain (qemuxml2argvtest.c:2900)
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

The variable points to a buffer not a domain object therefore its
current name is misleading.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

QEMU >= 2.12 provides 'sev-guest' object which is used to launch encrypted
VMs on AMD platform using SEV feature. The various inputs required to
launch SEV guest is provided through the <launch-security> tag. A typical
SEV guest launch command line looks like this:

  -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=5 ...\
  -machine memory-encryption=sev0 \
Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com>
Reviewed-by: NErik Skultety <eskultet@redhat.com>

The default is stable per machine type so there should be no need to keep that.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1469338Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

We are still hoping all of such checks will be moved there and this is one small
step in that direction.
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

This patch adds support for an external swtpm TPM emulator. The XML for
this type of TPM looks as follows:

 <tpm model='tpm-tis'>
   <backend type='emulator'/>
 </tpm>

The XML will currently only start a TPM 1.2.

Upon first start, libvirt will run `swtpm_setup`, which will simulate the
manufacturing of a TPM and create certificates for it and write them into
NVRAM locations of the emulated TPM.

After that libvirt starts the swtpm TPM emulator using the `swtpm` executable.

Once the VM terminates, libvirt uses the swtpm_ioctl executable to gracefully
shut down the `swtpm` in case it is still running (QEMU did not send shutdown)
or clean up the socket file.

The above mentioned executables must be found in the PATH.

The executables can either be run as root or started as root and switch to
the tss user. The requirement for the tss user comes through 'tcsd', which
is used for the simulation of the manufacturing. Which user is used can be
configured through qemu.conf. By default 'tss' is used.

The swtpm writes out state into files. The state is kept in /var/lib/libvirt/swtpm:

[root@localhost libvirt]# ls -lZ | grep swtpm

drwx--x--x. 7 root root unconfined_u:object_r:virt_var_lib_t:s0 4096 Apr  5 16:22 swtpm

The directory /var/lib/libvirt/swtpm maintains per-TPM state directories.
(Using the uuid of the VM for that since the name can change per VM renaming but
 we need a stable directory name.)

[root@localhost swtpm]# ls -lZ
total 4
drwx------. 2 tss  tss  system_u:object_r:virt_var_lib_t:s0          4096 Apr  5 16:46 485d0004-a48f-436a-8457-8a3b73e28568

[root@localhost 485d0004-a48f-436a-8457-8a3b73e28568]# ls -lZ
total 4
drwx------. 2 tss tss system_u:object_r:virt_var_lib_t:s0 4096 Apr 10 21:34 tpm1.2

[root@localhost tpm1.2]# ls -lZ
total 8
-rw-r--r--. 1 tss tss system_u:object_r:virt_var_lib_t:s0 3648 Apr  5 16:46 tpm-00.permall

The directory /var/run/libvirt/qemu/swtpm/ hosts the swtpm.sock that
QEMU uses to communicate with the swtpm:

root@localhost domain-1-testvm]# ls -lZ
total 0
srw-------. 1 qemu qemu system_u:object_r:svirt_image_t:s0:c597,c632  0 Apr  6 10:24 1-testvm-swtpm.sock

The logfile for the swtpm is in /var/log/swtpm/libvirt/qemu:

[root@localhost-3 qemu]# ls -lZ
total 4
-rw-------. 1 tss tss unconfined_u:object_r:var_log_t:s0 2199 Apr  6 14:01 testvm-swtpm.log

The processes are labeled as follows:

[root@localhost 485d0004-a48f-436a-8457-8a3b73e28567]# ps auxZ | grep swtpm | grep socket | grep -v grep
system_u:system_r:virtd_t:s0-s0:c0.c1023 tss 18697 0.0  0.0 28172 3892 ?       Ss   16:46   0:00 /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/var/run/libvirt/qemu/swtpm/1-testvm-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/485d0004-a48f-436a-8457-8a3b73e28568/tpm1.2 --log file=/var/log/swtpm/libvirt/qemu/testvm-swtpm.log

[root@localhost 485d0004-a48f-436a-8457-8a3b73e28567]# ps auxZ | grep qemu | grep tpm | grep -v grep
system_u:system_r:svirt_t:s0:c413,c430 qemu 18702 2.5  0.0 3036052 48676 ?     Sl   16:46   0:08 /bin/qemu-system-x86_64 [...]
Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

This patch adds support for an external swtpm TPM emulator. The XML for
this type of TPM looks as follows:

 <tpm model='tpm-tis'>
   <backend type='emulator'/>
 </tpm>

The XML will currently only define a TPM 1.2.

Extend the documentation.

Add a test case testing the XML parser and formatter.
Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

Instead of array of pointers to individual buffers it can be
array of buffers directly. This also fixes the following memleak:

==22516== 96 bytes in 4 blocks are definitely lost in loss record 166 of 195
==22516==    at 0x4C2EF26: calloc (vg_replace_malloc.c:711)
==22516==    by 0x5D2C7D5: virAlloc (viralloc.c:144)
==22516==    by 0x56FAABD: qemuBuildNumaArgStr (qemu_command.c:7543)
==22516==    by 0x5701835: qemuBuildCommandLine (qemu_command.c:10112)
==22516==    by 0x575D794: qemuProcessCreatePretendCmd (qemu_process.c:6568)
==22516==    by 0x113338: testCompareXMLToArgv (qemuxml2argvtest.c:549)
==22516==    by 0x138CA3: virTestRun (testutils.c:180)
==22516==    by 0x136CD1: mymain (qemuxml2argvtest.c:2825)
==22516==    by 0x13AD58: virTestMain (testutils.c:1118)
==22516==    by 0x137351: main (qemuxml2argvtest.c:2874)
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

There is a race condition when spawning QEMU where libvirt has spawned
QEMU but the monitor socket is not yet open. Libvirt has to repeatedly
try to connect() to QEMU's monitor until eventually it succeeds, or
times out. We use kill() to check if QEMU is still alive so we avoid
waiting a long time if QEMU exited, but having a timeout at all is still
unpleasant.

With QEMU 2.12 we can pass in a pre-opened FD for UNIX domain or TCP
sockets. If libvirt has called bind() and listen() on this FD, then we
have a guarantee that libvirt can immediately call connect() and
succeed without any race.

Although we only really care about this for the monitor socket and agent
socket, this patch does FD passing for all UNIX socket based character
devices since there appears to be no downside to it.

We don't do FD passing for TCP sockets, however, because it is only
possible to pass a single FD, while some hostnames may require listening
on multiple FDs to cover IPv4 and IPv6 concurrently.
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>

Now that we have one place that sets up all disk-related objects to
qemuBlockStorageSourceAttachDataPtr we can easily reuse the data in the
command-line formatter by implementing a worker which will convert the
data.

A huge advantage is that it will be way easier to integrate this with
-blockdev later on.
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

It prepares all disk so use the plural form.
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

Introduce a new setup function for all the related configuration and
move the setup and attachment of the PR code.
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

Create a new "Prepare" function and move the drive add code into the new
helpers. This will eventually allow to simplify and unify the attaching
code for use with blockdev at the same time as providing compatibility
with older qemus.
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

Emphasize that it's for the 'drive' part of the disk.
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

Add code that will handle the managed persistent reservations object
separately from the unmanaged one. There is only one managed object so
handling it with disks is awkward and does not scale well when backing
chains come into view.
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

Also since we don't do any conditional formatting, fix the comment for
the function.
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

Everything is contained in the virStorageSourceStructure.
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

https://bugzilla.redhat.com/show_bug.cgi?id=1544869Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>