The parent bridge configuration of the current device
should be read and reset, instead of reading the current
device configuration.
Signed-off-by: NHe Xin <hexin15@baidu.com>
Signed-off-by: NLiu Qi <liuqi16@baidu.com>
Signed-off-by: NZhang Yu <zhangyu31@baidu.com>
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>

In some cases e.g. with clang on fedora 30 __open2 isn't even declared
which results in the following build error:

/home/pipo/libvirt/tests/virpcimock.c:939:1: error: no previous prototype for function
      '__open_2' [-Werror,-Wmissing-prototypes]
__open_2(const char *path, int flags)

Add a separate declaration to appease the compiler.
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
Reviewed-by: NErik Skultety <eskultet@redhat.com>

Since users can enable/disable drivers at compile time, it may
happen that @drivers array is in fact empty (in both its
occurrences within the function). This means that
ARRAY_CARDINALITY() returns 0UL which makes gcc unhappy because
of loop condition:

  i < ARRAY_CARDINALITY(drivers)

GCC complains that @i is unsigned and comparing an unsigned value
against 0 is always false. However, changing the type of @i to
ssize_t is not enough, because compiler still sees the unsigned
zero. The solution is to typecast the ARRAY_CARDINALITY().
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
Reviewed-by: NJim Fehlig <jfehlig@suse.com>

Hold on to your hat, this is going to be a wild ride. As nearly
nothing in glibc, nor open() is a real function. Just look into
bits/fcntl2.h and you'll see that open() is actually a thin
wrapper that calls either __open_alias() or __open_2(). Now,
before 801ebb5e the open() done in
virPCIDeviceConfigOpenInternal() had a constant oflags (we were
opening the pci config with O_RDWR). And since we were not
passing any mode nor O_CREAT the wrapper decided to call
__open_alias() which was open() provided by our mock. So far so
good. But after the referenced commit, the oflags is no longer
compile time constant and therefore the wrapper calls __open_2()
which we don't mock and thus the real __open_2() from glibc was
called and thus we did try to open real path from host's /sys.
This of course fails with variety of errors.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
Reviewed-by: NErik Skultety <eskultet@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

The gdb requires ptrace capability, but the way we run containers
now is that they drop every capability. Preserve SYS_PTRACE then.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
Reviewed-by: NErik Skultety <eskultet@redhat.com>

Introduced in commit 4a6ee535.
Signed-off-by: NAndrea Bolognani <abologna@redhat.com>
(cherry picked from commit df1b5cf0)

Reintroduced-by: fb275b76Signed-off-by: NJán Tomko <jtomko@redhat.com>

Add virStorageFileSupportsCreate which allows silent check whether
virStorageFileCreate is implemented.
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

Modify the return value so that callers don't have to repeat logic.
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

Signed-off-by: NIlias Stamatis <stamatis.iliass@gmail.com>
Reviewed-by: NErik Skultety <eskultet@redhat.com>

This helper extracts common lifecycle action code from both
testDomainShutdownFlags and testDomainReboot.
Signed-off-by: NIlias Stamatis <stamatis.iliass@gmail.com>
Reviewed-by: NErik Skultety <eskultet@redhat.com>

All the callers left require virPCIDeviceConfigOpen to be fatal
and only use read-only access to the config file.
Signed-off-by: NJán Tomko <jtomko@redhat.com>
Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>

For callers that only need read-only access and don't want
an error reported.
Signed-off-by: NJán Tomko <jtomko@redhat.com>
Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>

Allow wrappers to open PCI config as read-only.
Signed-off-by: NJán Tomko <jtomko@redhat.com>
Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>

Only a handful of function need write access to the PCI config
space. Create a wrapper function for those so that we can
open it read only by default.
Signed-off-by: NJán Tomko <jtomko@redhat.com>
Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>

A thin wrapper to allow creating new functions.
Signed-off-by: NJán Tomko <jtomko@redhat.com>
Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>

As a side effect, this also silences the possible:
  internal error: Unable to get DBus system bus connection:
  Failed to connect to socket /run/dbus/system_bus_socket:
  No such file or directory
error, since we check upfront whether dbus is available.
Signed-off-by: NJán Tomko <jtomko@redhat.com>
Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>

Similar to how we cache the availability of machined.
Signed-off-by: NJán Tomko <jtomko@redhat.com>
Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>

Split it out from virSystemdPMSupportTarget.
Signed-off-by: NJán Tomko <jtomko@redhat.com>
Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>

Look up the binary name upfront to avoid the error:
Cannot find 'pm-is-supported' in path: No such file or directory

In that case, we just assume nodesuspend is not available.
Signed-off-by: NJán Tomko <jtomko@redhat.com>
Reviewed-by: NAndrea Bolognani <abologna@redhat.com>

Use a 'binary' variable to hold it.
Signed-off-by: NJán Tomko <jtomko@redhat.com>
Reviewed-by: NAndrea Bolognani <abologna@redhat.com>

Get rid of the ret variable as well as the cleanup label.
Signed-off-by: NJán Tomko <jtomko@redhat.com>
Reviewed-by: NAndrea Bolognani <abologna@redhat.com>

When QEMU supports flushing caches at the end of migration, we can
safely allow migration even if disk/driver/@cache is not none nor
directsync.
Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
Acked-By: NPeter Krempa <pkrempa@redhat.com>

QEMU 4.0.0 and newer automatically drops caches at the end of migration.
Let's check for this capability so that we can allow migration when disk
cache is turned on.
Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
Acked-By: NPeter Krempa <pkrempa@redhat.com>

The original message was logically incorrect: cache != none or cache !=
directsync is always true. But even replacing "or" with "and" doesn't
make it more readable for humans.
Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
Acked-By: NPeter Krempa <pkrempa@redhat.com>

In the first stage of incoming migration (qemuMigrationDstPrepareAny) we
call qemuMigrationEatCookie when there's no vm object created yet and
thus we don't have any private data to pass.

Broken by me in commit v5.6.0-109-gbf15b145.
Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
Reviewed-by: NErik Skultety <eskultet@redhat.com>

This reverts commit 47cbc929.

The section is no longer correct when the patch switching to gnulib's
make coverage was reverted.
Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
Acked-By: NEric Blake <eblake@redhat.com>

This reverts commit f38d553e.

Gnulib's make coverage (or init-coverage, build-coverage, gen-coverage)
is not a 1-1 replacement for the original configure option. Our old
--enable-test-coverage seems to be close to gnulib's make build-coverage
except gnulib runs lcov in that phase and the build actually fails for
me even before lcov is run. And since we want to be able to just build
libvirt without running lcov, I suggest reverting to our own
implementation.
Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
Acked-By: NEric Blake <eblake@redhat.com>

If /etc/qemu/firmware directory exists, but is not readable then
qemuxml2xmltest fails. This is because once domain XML is parsed
it is validated. For that domain capabilities are needed.
However, when constructing domain capabilities, FW descriptors
are loaded and this is the point where the test fails, because it
fails to open one of the directories.

Fixes: 5b9819ee domain capabilities: Expose firmware auto selection feature
Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

Back in July 2010, commit 6ea90b84 (meant to resolve
https://bugzilla.redhat.com/571991 ) added code to set the MAC address
of any tap device to the associated guest interface's MAC, but with
the first byte replaced with 0xFE. This was done in order to assure
that

1) the tap MAC and guest interface MAC were different (otherwise L2
   forwarding through the tap would not work, and the kernel would
   repeatedly issue a warning stating as much).

2) any bridge device that had one of these taps attached would *not*
   take on the MAC of the tap (leading to network instability as
   guests started and stopped)

A couple years later, https://bugzilla.redhat.com/798467 was filed,
complaining that a user could configure a tap-based guest interface to
have a MAC address that itself had a first byte of 0xFE, silently
(other than the kernel warning messages) resulting in a non-working
configuration. This was fixed by commit 5d571045, which logged an
error and failed the guest start / interface attach if the MAC's first
byte was 0xFE.

Although this restriction only reduces the potential pool of MAC
addresses from 2^46 (last two bits of byte 1 must be set to 10) by
2^32 (still 4 orders of magnitude larger than the entire IPv4 address
space), it also means that management software that autogenerates MAC
addresses must have special code to avoid an 0xFE prefix. Now after 7
years, someone has noticed this restriction and requested that we
remove it.

So instead of failing when 0xFE is found as the first byte, this patch
removes the restriction by just replacing the first byte in the tap
device MAC with 0xFA if the first byte in the guest interface is
0xFE. 0xFA is the next-highest value that still has 10 as the lowest
two bits, and still

2) meets the requirement of "tap MAC must be different from guest
   interface MAC", and

3) is high enough that there should never be an issue of the attached
   bridge device taking on the MAC of the tap.

The result is that *any* MAC can be chosen by management software
(although it would still not work correctly if a multicast MAC (lowest
bit of first byte set to 1) was chosen), but that's a different
issue).
Signed-off-by: NLaine Stump <laine@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com

We have some early replies that don't quite match with how
QEMU 2.12.0 as released behaves.
Signed-off-by: NAndrea Bolognani <abologna@redhat.com>
Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>

Update the KVM feature tests for QEMU's kvm-hint-dedicated
performance hint.
Signed-off-by: NWim ten Have <wim.ten.have@oracle.com>
Signed-off-by: NMenno Lageman <menno.lageman@oracle.com>
Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>

QEMU version 2.12.1 introduced a performance feature under commit
be7773268d98 ("target-i386: add KVM_HINTS_DEDICATED performance hint")

This patch adds a new KVM feature 'hint-dedicated' to set this performance
hint for KVM guests. The feature is off by default.

To enable this hint and have libvirt add "-cpu host,kvm-hint-dedicated=on"
to the QEMU command line, the following XML code needs to be added to the
guest's domain description in conjunction with CPU mode='host-passthrough'.

  <features>
    <kvm>
      <hint-dedicated state='on'/>
    </kvm>
  </features>
  ...
  <cpu mode='host-passthrough ... />
Signed-off-by: NWim ten Have <wim.ten.have@oracle.com>
Signed-off-by: NMenno Lageman <menno.lageman@oracle.com>
Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>

Signed-off-by: NIlias Stamatis <stamatis.iliass@gmail.com>
Reviewed-by: NErik Skultety <eskultet@redhat.com>

Signed-off-by: NIlias Stamatis <stamatis.iliass@gmail.com>
Reviewed-by: NErik Skultety <eskultet@redhat.com>

We don't include this information for any other library, and
having it there means there are two places we need to change
every time the required version is bumped.

configure will provide the user with a nice error message,
which includes the required version, if libxml2 found on the
system is too old.
Signed-off-by: NAndrea Bolognani <abologna@redhat.com>

The various distros have the following libxml2 vesions:

        CentOS 7: 2.9.1
  Debian Stretch: 2.9.4
   FreeBSD Ports: 2.9.9
Ubuntu 16.04 LTS: 2.9.3

Based on this sampling, we can reasonably bump libxml2 min
version to 2.9.1

The 'query_raw' struct field was added in version 2.6.28,
so can be assumed to exist.
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>

QEMU shows a warning message if partial NUMA mapping is set. This patch
adds a warning message in libvirt when editing the XML. It must be an
error in future, when QEMU remove this ability.
Signed-off-by: NMaxiwell S. Garcia <maxiwell@linux.ibm.com>
Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>

Historically URIs handled by the remote driver will always connect to
the libvirtd UNIX socket. There will now be one daemon per driver, and
each of these has its own UNIX sockets to connect to.

It will still be possible to run the traditional monolithic libvirtd
though, which will have the original UNIX socket path.

In addition there is a virproxyd daemon that doesn't run any drivers,
but provides proxying for clients accessing libvirt over IP sockets, or
tunnelling to the legacy libvirtd UNIX socket path.

Finally when running inside a daemon, the remote driver must not reject
connections unconditionally. For example, the QEMU driver needs to be
able to connect to the network driver. The remote driver must thus be
willing to handle connections even when inside the daemon, provided no
local driver is registered.

This refactoring enables the remote driver to be able to connect to the
per-driver daemons. The URI parameter "mode" accepts the values "auto",
"direct" and "legacy" to control which daemons are connected to.

The client side libvirt.conf config file also supports a "remote_mode"
setting which is used if the URI parameter is not set.

If neither the config file or URI parameter set a mode, then "auto"
is used, whereby the client looks to see which sockets actually exist
right now.

The remote driver will only ever spawn the per-driver daemons, or
the legacy libvirtd. It won't ever try to spawn virtproxyd, as
that is only there for IP based connectivity, or for access from
legacy remote clients.

If connecting to a remote host over any kind of ssh tunnel, for now we
must assume only the legacy socket exists. A future patch will introduce
a netcat replacement that is tailored for libvirt to make remote
tunnelling easier.

The configure arg '--with-remote-default-mode=legacy|direct' allows
packagers to set a default at build time. If not given, it will default
to legacy mode.

Eventually the default will switch to direct mode. Distros can choose
to do the switch earlier if desired. The main blocker is testing and
suitable SELinux/AppArmor policies.
Reviewed-by: NAndrea Bolognani <abologna@redhat.com>
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>

The ssh, libssh, libssh2 & unix transports all need to use a UNIX socket
path, and duplicate some of the same logic for error checking. Pull this
out into a separate method to increase code sharing.
Reviewed-by: NAndrea Bolognani <abologna@redhat.com>
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>

Instead of open-coding a string -> enum conversion, use the enum helpers
for the remote driver transport. The old code uses STRCASEEQ, so we must
force the URI transport to lowercase for sake of back-compatibility.
Reviewed-by: NAndrea Bolognani <abologna@redhat.com>
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>