Re: [libvirt] [libvirt-test-API] Plans for code update

2016-06-23 Thread Ruifeng Bian 


- Original Message -
> From: "Martin Kletzander" 
> To: "Ruifeng Bian" 
> Cc: libvir-list@redhat.com
> Sent: Thursday, June 23, 2016 8:57:26 PM
> Subject: Re: [libvirt] [libvirt-test-API] Plans for code update
> 
> On Thu, Jun 23, 2016 at 02:17:22AM -0400, Ruifeng Bian wrote:
> >
> >I am not sure how many of you keep an eye on this project.
> 
> From what I know, not many.  I believe it is used in some CI
> _somewhere_... by _someone_.
> 
> >The project is for testing libvirt-python APIs, but many test cases are
> >not fully implemented until now.
> 
> And many of them are broken by design.  I remember fixing one just out
> of sheer curiosity and it was hard not to go down the rabbit hole and
> get stuck in there.
> 
> >We want to keep this project updated in the future, the following aspects
> >will be considered to update the code:
> >1. Code style - Use inspekt to check code style.
> >2. Pythonizing the code - Replace all shell scripts with python.
> >3. Bug fixing - Some code bugs need to be fixed.
> >4. New features - Add more API test cases.
> >
> 
> Good luck with that, it looks like the code haven't gotten a good scrub
> in years.  Are you planning to use it somewhere?  Will there be anything
> left after cleanups? =)

Actually we always use this project in our team. But the code hasn't 
synchronized
to upstream for a long time. We have 3 guys working on this project now. And we
Plan to synchronize our code with upstream recently.

> 
> >Any feedback or suggestion is welcome. Let's work together to contribute
> >to this project.
> >
> 
> One suggestion could be too have a look at avocado-vt (what used to be
> autotest's virt-test) for that is being still actively developed.
> Although I have no idea what's your intention, so I might be just
> generating noise, in which case I apologise.

Yes, we also have the thought of integrating this project with avocado-vt. It 
will
require much work to do. We will take this as our second step.

Thanks a lot.

> 
> Have a nice day,
> Martin
> 
> >Thanks,
> >Ruifeng Bian
> >
> >--
> >libvir-list mailing list
> >libvir-list@redhat.com
> >https://www.redhat.com/mailman/listinfo/libvir-list
> 
> --
> libvir-list mailing list
> libvir-list@redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v2 1/1] cpu_map.xml: add cmt/mbm feature to x86

2016-06-23 Thread Qiaowei Ren 
Some Intel processor families (e.g. the Intel Xeon processor E5 v3
family) introduced some PQos (Platform Qos) features, including CMT
(Cache Monitoring technology) and MBM (Memory Bandwidth Monitoring),
to monitor or control shared resource. This patch add them into x86
part of cpu_map.xml to be used for applications based on libvirt to
get cpu capabilities. For example, Nova in OpenStack schedules guests
based on the CPU features that the host has.

Signed-off-by: Qiaowei Ren 
---
 src/cpu/cpu_map.xml | 11 +++
 1 file changed, 11 insertions(+)

diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml
index bf2dfc6..6da8321 100644
--- a/src/cpu/cpu_map.xml
+++ b/src/cpu/cpu_map.xml
@@ -224,6 +224,9 @@
 
   
 
+
+  
+
 
   
 
@@ -266,6 +269,14 @@
   
 
 
+
+ 
+  
+
+ 
+  
+
+
 
  
   
-- 
1.9.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 1/1] cpu_map.xml: add cmt/mbm feature to x86

2016-06-23 Thread Ren, Qiaowei 

> -Original Message-
> From: Daniel P. Berrange [mailto:berra...@redhat.com]
> Sent: Thursday, June 23, 2016 5:18 PM
> To: Ren, Qiaowei ; libvir-list@redhat.com; Peter
> Krempa 
> Subject: Re: [libvirt] [PATCH 1/1] cpu_map.xml: add cmt/mbm feature to x86
> 
> On Fri, Jun 17, 2016 at 11:17:47AM +0200, Jiri Denemark wrote:
> > On Fri, Jun 17, 2016 at 09:25:14 +0200, Jiri Denemark wrote:
> > > On Fri, Jun 17, 2016 at 09:23:56 +0800, Qiaowei Ren wrote:
> > > > Some Intel processor families (e.g. the Intel Xeon processor E5 v3
> > > > family) introduced some PQos (Platform Qos) features, including
> > > > CMT (Cache Monitoring echnology) and MBM (Memory Bandwidth
> > > > Monitoring), to monitor or control shared resource. This patch add
> > > > them into x86 part of cpu_map.xml to be used for applications
> > > > (like OpenStack) based on libvirt to get cpu capabilities.
> > > >
> > > > Signed-off-by: Qiaowei Ren 
> > > > ---
> > > >  src/cpu/cpu_map.xml | 11 +++
> > > >  1 file changed, 11 insertions(+)
> > > >
> > > > diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml index
> > > > 08aded2..2e2cb4f 100644
> > > > --- a/src/cpu/cpu_map.xml
> > > > +++ b/src/cpu/cpu_map.xml
> > > > @@ -320,6 +320,9 @@
> > > >  
> > > >
> > > >  
> > > > +
> > > > +  
> > > > +
> > > >  
> > > >
> > > >  
> > >
> > > This hunk won't apply since about a week ago. Please, use current
> > > git when sending patches.
> > >
> > > > @@ -353,6 +356,14 @@
> > > >
> > > >  
> > > >
> > > > +
> > > > + 
> > > > +  
> > > > +
> > > > + 
> > > > +  
> > > > +
> > > > +
> > >
> > > And keep the list of features sorted by CPUID level, i.e., these
> > > features should go after 0x0d and before 0x8000.
> >
> > Oh and I completely forgot the most important thing: it makes little
> > sense to add CPUID features that QEMU does not support. It will only
> > allow users to see the features in host CPU capabilities. So if the
> > purpose of these patches is to be able to advertise whether the
> > appropriate perf events are supported on current host, CPU features
> > are not the right way of doing that. I think domain capabilities XML
> > would be the right place to advertise what events are supported.
> 
> Nova schedules guests based on the CPU features that the host has, so we 
> really
> do want this to be exposed in the general host capabilities XML description of
> the host CPU. We don't care about running guests with this features - we just
> want to see the host report for them.
> 
> 

Yes, Nova need host report for these features, and I will submit new version 
for this patch based on latest code according to Jiri's previous comment.

Thanks,
Qiaowei

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH] storage: Fix coverity warning

2016-06-23 Thread Cole Robinson 
After commit e808d3f227 cbdata is always available here, so the
check is pointless
---
 src/storage/storage_driver.c | 10 --
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c
index 4b5419d..d75c5aa 100644
--- a/src/storage/storage_driver.c
+++ b/src/storage/storage_driver.c
@@ -2442,12 +2442,10 @@ storageVolUpload(virStorageVolPtr obj,
 /* Add cleanup callback - call after uploadVol since the stream
  * is then fully set up
  */
-if (cbdata) {
-virFDStreamSetInternalCloseCb(stream,
-  virStorageVolFDStreamCloseCb,
-  cbdata, NULL);
-cbdata = NULL;
-}
+virFDStreamSetInternalCloseCb(stream,
+  virStorageVolFDStreamCloseCb,
+  cbdata, NULL);
+cbdata = NULL;
 
  cleanup:
 virStoragePoolObjUnlock(pool);
-- 
2.7.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [RFC PATCH] build: increase xz compression level

2016-06-23 Thread Ján Tomko 
Increase the default compression level to 9 from 6.

This also increases decompression memory requirements
from 9 MB to 65 MB.
---
The resulting tarball is 880 kB smaller [10.5 MB]
Level 8 requires 33 MB and saves 520 kB [10.8 MB]
Level 7 requires 17 MB and saves 170 kB [11.2 MB]
Compression time is not much different since we're already using --extreme.

The Linux kernel also uses -9, but the tarball is 8x our size.

 cfg.mk | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/cfg.mk b/cfg.mk
index e93114c..ebafb0f 100644
--- a/cfg.mk
+++ b/cfg.mk
@@ -16,6 +16,9 @@
 # along with this program.  If not, see
 # .
 
+XZ_OPT ?= -9e
+export XZ_OPT
+
 # Use alpha.gnu.org for alpha and beta releases.
 # Use ftp.gnu.org for major releases.
 gnu_ftp_host-alpha = alpha.gnu.org
-- 
2.7.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 13/28] util: new files virnetdevip.[ch] for IP-related netdev functions

2016-06-23 Thread John Ferlan 


On 06/22/2016 01:37 PM, Laine Stump wrote:
> This patch splits virnetdev.[ch] into multiple files, with the new
> virnetdevip.[ch] containing all the functions related to setting and
> retrieving IP-related info for a device (both addresses and routes).
> ---
>  po/POTFILES.in  |   1 +
>  src/Makefile.am |   1 +
>  src/libvirt_private.syms|  13 +-
>  src/lxc/lxc_container.c |  14 +-
>  src/network/bridge_driver.c |  15 +-
>  src/util/virnetdev.c| 711 
>  src/util/virnetdevip.c  | 778 
> 
>  src/util/virnetdevip.h  |  50 +++
>  8 files changed, 853 insertions(+), 730 deletions(-)
>  create mode 100644 src/util/virnetdevip.c
>  create mode 100644 src/util/virnetdevip.h
> 

Seems to be a very faithful move and rename.

ACK

John

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 12/28] conf/openvz: eliminate incorrect/undocumented use of

2016-06-23 Thread John Ferlan 


On 06/22/2016 01:37 PM, Laine Stump wrote:
> When support for  was added in commit
> 9a4b705f back in 2010, it erroneously looked at 
> for a user-specified guest-side interface name. This was never
> documented though. (that attribute already existed at the time in the
> data.ethernet union member of virDomainNetDef, but apparently had no
> practical use - it was only used as a storage place for a NetDef's
> bridge name during qemuDomainXMLToNative(), but even then that was
> never used for anything).
> 
> When support for similar guest-side device naming was added to the lxc
> driver several years later, it was put in a new subelement  dev='blah'/>.
> 
> In the intervening years, since there was no validation that
> ethernet.dev was NULL in the other drivers that didn't actually use
> it, innocent souls who were adding other features assuming they needed
> to account for non-NULL ethernet.dev when really they didn't, so
> little bits of the usual pointless cargo-cult code showed up.
> 
> This patch not only switches the openvz driver to use the documented
>  notation for naming the guest-side device (just in
> case anyone is still using the openvz driver), and logs an error if
> anyone tries to set  for a type='ethernet'
> interface, it also removes the cargo-cult uses of ethernet.dev and
> , and eliminates if from the RNG and from
> virDomainNetDef.
> 
> NB: I decided on this course of action after mentioning the
> inconsistency here:
> 
>   https://www.redhat.com/archives/libvir-list/2016-May/msg02038.html
> 
> and getting encouragement do eliminate it in a later IRC discussion
> with danpb.
> ---
>  docs/schemas/domaincommon.rng|  3 ---
>  src/conf/domain_conf.c   | 32 
> +++-
>  src/conf/domain_conf.h   |  1 -
>  src/openvz/openvz_driver.c   |  5 ++---
>  src/qemu/qemu_hotplug.c  |  6 +-
>  tests/xml2sexprdata/xml2sexpr-net-routed.xml |  1 -
>  6 files changed, 25 insertions(+), 23 deletions(-)
> 

I'll be impressed if someone finds your needle-in-the-haystack message
in virDomainNetDefParseXML regarding openvz driver and deprecation.  My
only words of wisdom there are - could it cause a guest to disappear now
that previously was visible? I'm all for keeping it as written here
though, but there could be someone else needing some TUMS.


> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
> index 162c2e0..b81b558 100644
> --- a/docs/schemas/domaincommon.rng
> +++ b/docs/schemas/domaincommon.rng
> @@ -2142,9 +2142,6 @@
>
>  
>
> -
> -  
> -
>  
>
>  
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index 899b6af..4802e03 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -1749,7 +1749,6 @@ virDomainNetDefClear(virDomainNetDefPtr def)
>  
>  switch (def->type) {
>  case VIR_DOMAIN_NET_TYPE_ETHERNET:
> -VIR_FREE(def->data.ethernet.dev);
>  break;
>  
>  case VIR_DOMAIN_NET_TYPE_VHOSTUSER:
> @@ -9004,12 +9003,31 @@ virDomainNetDefParseXML(virDomainXMLOptionPtr xmlopt,
> def->type == VIR_DOMAIN_NET_TYPE_BRIDGE &&
> xmlStrEqual(cur->name, BAD_CAST "source")) {
>  bridge = virXMLPropString(cur, "bridge");
> -} else if (!dev &&
> -   (def->type == VIR_DOMAIN_NET_TYPE_ETHERNET ||
> -def->type == VIR_DOMAIN_NET_TYPE_DIRECT) &&
> +} else if (!dev && def->type == VIR_DOMAIN_NET_TYPE_DIRECT &&
> xmlStrEqual(cur->name, BAD_CAST "source")) {
>  dev  = virXMLPropString(cur, "dev");
>  mode = virXMLPropString(cur, "mode");
> +} else if (!dev && def->type == VIR_DOMAIN_NET_TYPE_ETHERNET &&
> +   xmlStrEqual(cur->name, BAD_CAST "source")) {
> +/* This clause is only necessary because from 2010 to
> + * 2016 it was possible (but never documented) to
> + * configure the name of the guest-side interface of
> + * an openvz domain with .  That
> + * was blatant misuse of , so was likely
> + * (hopefully) never used, but just in case there was
> + * somebody using it, we need to generate an error. If
> + * the openvz driver is ever deprecated, this clause
> + * can be removed from here.
> + */
> +if ((dev = virXMLPropString(cur, "dev"))) {
> +virReportError(VIR_ERR_XML_ERROR,
> +   _("Invalid attempt to set  type='ethernet'> "
> + "device name with . "
> + "Use  (for

Re: [libvirt] [PATCH 11/28] qemu: eliminate memory leaks when converting NetDefs to type='ethernet'

2016-06-23 Thread John Ferlan 


On 06/22/2016 01:37 PM, Laine Stump wrote:
> in qemuConnectDomainXMLToNative. This function was only accounting for
> about 1/10 of all the allocated items in the NetDef prior to memseting
> it to all 0's. On top of that, it was going to great pains to learn
> the name of the bridge device, but then never doing anything useful
> with it (just putting it into data.ethernet.dev, which is *never* used
> when building a qemu commandline). (I think this again all started off
> as code with good intentions, but it was never completed, and instead
> was just Frankensteinically cargo-culted into the odd mish mash we
> have today).
> 
> The resulting code is much simpler, produces exactly the same output,
> and doesn't leak memory.
> ---
>  src/qemu/qemu_driver.c | 56 
> ++
>  1 file changed, 6 insertions(+), 50 deletions(-)
> 
> diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> index 517d0b8..4a8cb7a 100644
> --- a/src/qemu/qemu_driver.c
> +++ b/src/qemu/qemu_driver.c
> @@ -6987,62 +6987,18 @@ static char 
> *qemuConnectDomainXMLToNative(virConnectPtr conn,
>  unsigned int bootIndex = net->info.bootIndex;
>  char *model = net->model;
>  virMacAddr mac = net->mac;
> +char *script = net->script;

Based on 3 spots below where net->script was set to NULL, should this
only be set when "(net->type == VIR_DOMAIN_NET_TYPE_BRIDGE)" ?


>  
> -if (net->type == VIR_DOMAIN_NET_TYPE_NETWORK) {
> -int actualType = virDomainNetGetActualType(net);
> -const char *brname;
> -
> -VIR_FREE(net->data.network.name);
> -VIR_FREE(net->data.network.portgroup);
> -if ((actualType == VIR_DOMAIN_NET_TYPE_BRIDGE) &&
> -(brname = virDomainNetGetActualBridgeName(net))) {
> -
> -char *brnamecopy;
> -
> -if (VIR_STRDUP(brnamecopy, brname) < 0)
> -goto cleanup;
> -
> -virDomainActualNetDefFree(net->data.network.actual);
> -
> -memset(net, 0, sizeof(*net));
> -
> -net->type = VIR_DOMAIN_NET_TYPE_ETHERNET;
> -net->script = NULL;
^^^

> -net->data.ethernet.dev = brnamecopy;
> -} else {
> -/* actualType is either NETWORK or DIRECT. In either
> - * case, the best we can do is NULL everything out.
> - */
> -virDomainActualNetDefFree(net->data.network.actual);
> -memset(net, 0, sizeof(*net));
> -
> -net->type = VIR_DOMAIN_NET_TYPE_ETHERNET;
> -net->script = NULL;
^^^

> -net->data.ethernet.dev = NULL;
> -}
> -} else if (net->type == VIR_DOMAIN_NET_TYPE_DIRECT) {
> -VIR_FREE(net->data.direct.linkdev);
> +net->model = NULL;
> +net->script = NULL;
>  
> -memset(net, 0, sizeof(*net));
> -
> -net->type = VIR_DOMAIN_NET_TYPE_ETHERNET;
> -net->script = NULL;
^^^

ACK - whichever way you go with that 'script' setting. I figure you know
the best answer to my question


John
> -net->data.ethernet.dev = NULL;
> -} else if (net->type == VIR_DOMAIN_NET_TYPE_BRIDGE) {
> -char *script = net->script;
> -char *brname = net->data.bridge.brname;
> -
> -memset(net, 0, sizeof(*net));
> -
> -net->type = VIR_DOMAIN_NET_TYPE_ETHERNET;
> -net->script = script;
> -net->data.ethernet.dev = brname;
> -}
> +virDomainNetDefClear(net);
>  
> -VIR_FREE(net->virtPortProfile);
> +net->type = VIR_DOMAIN_NET_TYPE_ETHERNET;
>  net->info.bootIndex = bootIndex;
>  net->model = model;
>  net->mac = mac;
> +net->script = script;
>  }
>  
>  if (!(cmd = qemuProcessCreatePretendCmd(conn, driver, vm, NULL,
> 

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 10/28] qemu: don't set/clear NetDef IP addresses in qemuConnectDomainXMLToNative()

2016-06-23 Thread John Ferlan 


On 06/22/2016 01:37 PM, Laine Stump wrote:
> This patch removes the expanded and duplicated code that all sprung
> out of two well-intentioned-but-useless settings of
> net->data.(bridge|ethernet).ipaddr.
> 
> qemu has never supported even a single IP address in the interface
> config, much less a list of them. All of the instances of "clearing
> out the IP addresses" that are now in this function originated with
> commit d8dbd6 "Basic domain XML conversions for Xen/QEMU drivers" in
> May 2009, but even then the single "ipaddr" in the struct for
> type='ethernet' and type='bridge' wasn't used in the qemu driver (only
> in xen and openvz). Since then anyone who added a new interface type
> also tacked on another unnecessary clearing of ipaddr, and when it was
> made into a list of IPs (so far supported only by the LXC driver) this
> simple setting was turned into a loop (well, multiple loops) to clear
> them all.
> ---
>  src/qemu/qemu_driver.c | 20 
>  1 file changed, 20 deletions(-)
> 

Seems like a reasonable explanation


ACK -

John

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 09/28] conf: new function virDomainNetDefClear

2016-06-23 Thread John Ferlan 


On 06/22/2016 01:37 PM, Laine Stump wrote:
> We need to clear these out without freeing the object completely.
> ---
>  src/conf/domain_conf.c   | 14 +-
>  src/conf/domain_conf.h   |  1 +
>  src/libvirt_private.syms |  1 +
>  3 files changed, 15 insertions(+), 1 deletion(-)
> 

ACK

John

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 08/28] lxc: use correct prefix when setting veth IP address

2016-06-23 Thread John Ferlan 


On 06/22/2016 01:37 PM, Laine Stump wrote:
> Commit c9a641 (first appearred in 1.2.12) added support for setting
> the guest-side IP address of veth devices in lxc domains.
> Unfortunately, it hardcoded the assumption that the proper prefix for
> any IP address with no explicit prefix in the config should be "24";
> that is only correct for class C IPv4 addresses, but not for any other
> IPv4 address, nor for any IPv6 address.
> 
> The good news is that there is already a function in libvirt that will
> determine the proper default prefix for any IP address. This patch
> replaces the use of the ill-fated VIR_SOCKET_ADDR_DEFAULT_PREFIX with
> calls to virSocketAddrGetIPPrefix().
> ---
>  src/lxc/lxc_container.c  | 17 -
>  src/util/virsocketaddr.h |  1 -
>  2 files changed, 12 insertions(+), 6 deletions(-)
> 
> diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
> index 3d9e28b..304aa86 100644
> --- a/src/lxc/lxc_container.c
> +++ b/src/lxc/lxc_container.c
> @@ -1,5 +1,5 @@
>  /*
> - * Copyright (C) 2008-2015 Red Hat, Inc.
> + * Copyright (C) 2008-2016 Red Hat, Inc.
>   * Copyright (C) 2008 IBM Corp.
>   * Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
>   *
> @@ -514,12 +514,19 @@ static int 
> lxcContainerRenameAndEnableInterfaces(virDomainDefPtr vmDef,
>  
>  for (j = 0; j < netDef->nips; j++) {
>  virDomainNetIPDefPtr ip = netDef->ips[j];
> -unsigned int prefix = (ip->prefix > 0) ? ip->prefix :
> -  VIR_SOCKET_ADDR_DEFAULT_PREFIX;
> +int prefix;
>  char *ipStr = virSocketAddrFormat(>address);
>  
> -VIR_DEBUG("Adding IP address '%s/%u' to '%s'",
> -  ipStr, ip->prefix, newname);
> +if ((prefix = virSocketAddrGetIPPrefix(>address,
> +   NULL, ip->prefix)) < 0) {

Oh and here we go call with NULL ...


> +virReportError(VIR_ERR_INTERNAL_ERROR,
> +   _("Failed to determine prefix for IP address 
> '%s'"),
> +   ipStr);

Coverity determines that ipStr needs to be VIR_FREE()'d here.

ACK w/ the VIR_FREE()

John
> +goto error_out;
> +}
> +
> +VIR_DEBUG("Adding IP address '%s/%d' to '%s'",
> +  ipStr, prefix, newname);
>  if (virNetDevSetIPAddress(newname, >address, NULL, prefix) < 
> 0) {
>  virReportError(VIR_ERR_SYSTEM_ERROR,
> _("Failed to set IP address '%s' on %s"),
> diff --git a/src/util/virsocketaddr.h b/src/util/virsocketaddr.h
> index 990e31c..7ee993b 100644
> --- a/src/util/virsocketaddr.h
> +++ b/src/util/virsocketaddr.h
> @@ -54,7 +54,6 @@ typedef struct {
>  # define VIR_SOCKET_ADDR_FAMILY(s)  \
>  ((s)->data.sa.sa_family)
>  
> -# define VIR_SOCKET_ADDR_DEFAULT_PREFIX 24
>  # define VIR_SOCKET_ADDR_IPV4_ALL "0.0.0.0"
>  # define VIR_SOCKET_ADDR_IPV6_ALL "::"
>  
> 

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 07/28] lxc: eliminate extraneous free of netDef->ifname_guest

2016-06-23 Thread John Ferlan 


On 06/22/2016 01:37 PM, Laine Stump wrote:
> lxcContainerRenameAndEnableInterfaces() isn't making a copy of the
> interface's ifname_guest (into newname), it's just copying the pointer
> to it. This means that when it later calls VIR_FREE(newname), it's
> actually freeing up (and fortunately NULLing out, so at least we don't
> try to access free'd memory) netDef->ifname_guest.
> ---
>  src/lxc/lxc_container.c | 5 +
>  1 file changed, 1 insertion(+), 4 deletions(-)
> 

ACK

John

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] Don't allow raneming domains to empty strings

2016-06-23 Thread Ján Tomko 

s/raneming/renaming/

On Thu, Jun 23, 2016 at 02:42:59PM -0400, John Ferlan wrote:



On 06/22/2016 11:48 AM, Martin Kletzander wrote:

It may cause unwanted behaviour (of course, is there any wanted one for
that case?) so we should rather disable the possibility of doing so.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1320893

Signed-off-by: Martin Kletzander 
---
 src/libvirt-domain.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
index 508520efd6c5..89a2d7efe972 100644
--- a/src/libvirt-domain.c
+++ b/src/libvirt-domain.c
@@ -8790,7 +8790,7 @@ virDomainRename(virDomainPtr dom,

 virResetLastError();
 virCheckDomainReturn(dom, -1);
-virCheckNonNullArgGoto(new_name, error);
+virCheckNonEmptyStringArgGoto(new_name, error);


Shouldn't both be required?  EG  We don't want NULL or "" for new_name,
right?



virCheckNonEmptyStringArgGoto also checks for NULL, so ACK with the typo
fixed.

Jan


The comments should at least indicate @new_name cannot be NULL or empty
string.

Although it seems remoteDomainRename could pass along a NULL that it
doesn't seem virDomainObjListRename would be very happy to STREQ against.

ACK as long as the NonNullArg is replaced...

John


--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 06/28] util: allow calling virSocketAddrGetIPPrefix with NULL netmask or address

2016-06-23 Thread John Ferlan 


On 06/22/2016 01:37 PM, Laine Stump wrote:
> There are times when we don't have a netmask pointer to give to
> virSocketAddrGetIPPrefix() (e.g. the IP addresses in domain interfaces
> only have a prefix, no netmask), but it would have caused a segv if we
> called it with NULL instead of a pointer to a netmask. This patch
> qualifies the code that would use the netmask or address pointers to
> check for NULL first.
> ---
>  src/util/virsocketaddr.c | 8 
>  1 file changed, 4 insertions(+), 4 deletions(-)
> 

According to how I read the commit message, "today" it could only be
possible to have a NULL netmask if prefix was set.

If prefix was set, then the following code returns prefix immediately.

So I don't have anything against the extra checks - perhaps a few extra
words either in comments or commit regarding is something existing or
something that could be a truism in the future where prefix == 0 and
either netmask or address is NULL.

Of course I have a feeling I'm being set up for something soon ;-)

ACK -

John
> diff --git a/src/util/virsocketaddr.c b/src/util/virsocketaddr.c
> index 12fe96a..33b1e9e 100644
> --- a/src/util/virsocketaddr.c
> +++ b/src/util/virsocketaddr.c
> @@ -1,5 +1,5 @@
>  /*
> - * Copyright (C) 2009-2015 Red Hat, Inc.
> + * Copyright (C) 2009-2016 Red Hat, Inc.
>   *
>   * This library is free software; you can redistribute it and/or
>   * modify it under the terms of the GNU Lesser General Public
> @@ -1026,9 +1026,9 @@ virSocketAddrGetIPPrefix(const virSocketAddr *address,
>  {
>  if (prefix > 0) {
>  return prefix;
> -} else if (VIR_SOCKET_ADDR_VALID(netmask)) {
> +} else if (netmask && VIR_SOCKET_ADDR_VALID(netmask)) {
>  return virSocketAddrGetNumNetmaskBits(netmask);
> -} else if (VIR_SOCKET_ADDR_IS_FAMILY(address, AF_INET)) {
> +} else if (address && VIR_SOCKET_ADDR_IS_FAMILY(address, AF_INET)) {
>  /* Return the natural prefix for the network's ip address.
>   * On Linux we could use the IN_CLASSx() macros, but those
>   * aren't guaranteed on all platforms, so we just deal with
> @@ -1053,7 +1053,7 @@ virSocketAddrGetIPPrefix(const virSocketAddr *address,
>  return 24;
>  }
>  return -1;
> -} else if (VIR_SOCKET_ADDR_IS_FAMILY(address, AF_INET6)) {
> +} else if (address && VIR_SOCKET_ADDR_IS_FAMILY(address, AF_INET6)) {
>  if (virSocketAddrIsWildcard(address))
>  return 0;
>  return 64;
> 

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] Rename virNetClient*AddrString

2016-06-23 Thread Ján Tomko 

On Thu, Jun 23, 2016 at 10:47:25PM +0200, Peter Krempa wrote:

On Thu, Jun 23, 2016 at 22:38:46 +0200, Ján Tomko wrote:

Add SASL at the end to make the format obvious.
---
 src/libvirt_remote.syms| 4 ++--
 src/remote/remote_driver.c | 4 ++--
 src/rpc/virnetclient.c | 4 ++--
 src/rpc/virnetclient.h | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)





diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
index c43cd08..361dc1a 100644
--- a/src/rpc/virnetclient.c
+++ b/src/rpc/virnetclient.c
@@ -944,12 +944,12 @@ void virNetClientRemoveStream(virNetClientPtr client,
 }


-const char *virNetClientLocalAddrString(virNetClientPtr client)
+const char *virNetClientLocalAddrStringSASL(virNetClientPtr client)
 {
 return virNetSocketLocalAddrStringSASL(client->sock);
 }


Is it even worth having such thin wrappers?


Well they let us hide the internals of virNetClient and virNetSocket
structures.



ACK


Thanks, pushed.

Jan

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] Rename virNetClient*AddrString

2016-06-23 Thread Peter Krempa 
On Thu, Jun 23, 2016 at 22:38:46 +0200, Ján Tomko wrote:
> Add SASL at the end to make the format obvious.
> ---
>  src/libvirt_remote.syms| 4 ++--
>  src/remote/remote_driver.c | 4 ++--
>  src/rpc/virnetclient.c | 4 ++--
>  src/rpc/virnetclient.h | 4 ++--
>  4 files changed, 8 insertions(+), 8 deletions(-)
>


> diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
> index c43cd08..361dc1a 100644
> --- a/src/rpc/virnetclient.c
> +++ b/src/rpc/virnetclient.c
> @@ -944,12 +944,12 @@ void virNetClientRemoveStream(virNetClientPtr client,
>  }
>  
>  
> -const char *virNetClientLocalAddrString(virNetClientPtr client)
> +const char *virNetClientLocalAddrStringSASL(virNetClientPtr client)
>  {
>  return virNetSocketLocalAddrStringSASL(client->sock);
>  }

Is it even worth having such thin wrappers?

ACK

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 7/7] Rename virNetServerClient*AddrString

2016-06-23 Thread Ján Tomko 

On Wed, Jun 22, 2016 at 07:43:08PM -0400, John Ferlan wrote:



On 06/20/2016 10:27 AM, Ján Tomko wrote:

Add SASL at the end to make the format obvious.
---
 daemon/remote.c  | 4 ++--
 src/libvirt_remote.syms  | 4 ++--
 src/rpc/virnetserverclient.c | 4 ++--
 src/rpc/virnetserverclient.h | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/daemon/remote.c b/daemon/remote.c
index ea4753f..5ee82bb 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -3028,8 +3028,8 @@ remoteDispatchAuthSaslInit(virNetServerPtr server 
ATTRIBUTE_UNUSED,

 sasl = virNetSASLSessionNewServer(saslCtxt,
   "libvirt",
-  
virNetServerClientLocalAddrString(client),
-  
virNetServerClientRemoteAddrString(client));
+  
virNetServerClientLocalAddrStringSASL(client),
+  
virNetServerClientRemoteAddrStringSASL(client));
 if (!sasl)
 goto authfail;



Based purely on my comment from 1/7 - Does remoteAuthSASL need to be
adjusted too?


Right, I forgot to rename the virNetClient*AddrString functions.



ACK for this, but I wanted to make sure to ask.


Thanks, I've pushed the series and sent the missing rename separately.

Jan

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 1/7] Revert "virnetsocket: Provide socket address format in a more standard form"

2016-06-23 Thread Ján Tomko 

On Wed, Jun 22, 2016 at 07:41:39PM -0400, John Ferlan wrote:



On 06/20/2016 10:27 AM, Ján Tomko wrote:

This partially reverts commit 9b45c9f049a7e9b6c1abfa6988b63b760714e169.

It changed the default format of socket address from the one SASL
requires, but did not adjust all the callers.

It also removed the test coverage for it.

Revert most of the changes except the virSocketAddrFormatFull support
for URI-formatted strings.

This fixes https://bugzilla.redhat.com/show_bug.cgi?id=1345743 while
reverting the format used by virt-admin's client-info command from
the URI one to the SASL one.

https://bugzilla.redhat.com/show_bug.cgi?id=1345743
---
 daemon/remote.c  | 13 ++---
 src/remote/remote_driver.c   |  7 ---
 src/rpc/virnetclient.c   | 10 --
 src/rpc/virnetclient.h   |  2 --
 src/rpc/virnetserverclient.c | 13 -
 src/rpc/virnetserverclient.h |  2 --
 src/rpc/virnetsocket.c   | 17 ++---
 src/rpc/virnetsocket.h   |  2 --
 tests/virnetsockettest.c | 10 +-
 9 files changed, 9 insertions(+), 67 deletions(-)



So prior to Erik's changes, we provided/used SASL addresses. Erik's
change was to provide/use URI addresses. Can I assume the "missed"
change was perhaps in remoteAuthSASL where localAddr/remoteAddr weren't
used?


Yes, that would have been the minimal fix, but I also wanted to restore
the tests and get rid of the extra allocation.

Jan

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH] Rename virNetClient*AddrString

2016-06-23 Thread Ján Tomko 
Add SASL at the end to make the format obvious.
---
 src/libvirt_remote.syms| 4 ++--
 src/remote/remote_driver.c | 4 ++--
 src/rpc/virnetclient.c | 4 ++--
 src/rpc/virnetclient.h | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/libvirt_remote.syms b/src/libvirt_remote.syms
index a6192ef..ca1f3ac 100644
--- a/src/libvirt_remote.syms
+++ b/src/libvirt_remote.syms
@@ -17,7 +17,7 @@ virNetClientIsOpen;
 virNetClientKeepAliveIsSupported;
 virNetClientKeepAliveStart;
 virNetClientKeepAliveStop;
-virNetClientLocalAddrString;
+virNetClientLocalAddrStringSASL;
 virNetClientNewExternal;
 virNetClientNewLibSSH2;
 virNetClientNewSSH;
@@ -25,7 +25,7 @@ virNetClientNewTCP;
 virNetClientNewUNIX;
 virNetClientRegisterAsyncIO;
 virNetClientRegisterKeepAlive;
-virNetClientRemoteAddrString;
+virNetClientRemoteAddrStringSASL;
 virNetClientRemoveStream;
 virNetClientSendNonBlock;
 virNetClientSendNoReply;
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index b11bfe0..1f81f03 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -3831,8 +3831,8 @@ remoteAuthSASL(virConnectPtr conn, struct private_data 
*priv,
 if (!(sasl = virNetSASLSessionNewClient(saslCtxt,
 "libvirt",
 priv->hostname,
-
virNetClientLocalAddrString(priv->client),
-
virNetClientRemoteAddrString(priv->client),
+
virNetClientLocalAddrStringSASL(priv->client),
+
virNetClientRemoteAddrStringSASL(priv->client),
 saslcb)))
 goto cleanup;
 /* saslcb is now owned by sasl */
diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
index c43cd08..361dc1a 100644
--- a/src/rpc/virnetclient.c
+++ b/src/rpc/virnetclient.c
@@ -944,12 +944,12 @@ void virNetClientRemoveStream(virNetClientPtr client,
 }
 
 
-const char *virNetClientLocalAddrString(virNetClientPtr client)
+const char *virNetClientLocalAddrStringSASL(virNetClientPtr client)
 {
 return virNetSocketLocalAddrStringSASL(client->sock);
 }
 
-const char *virNetClientRemoteAddrString(virNetClientPtr client)
+const char *virNetClientRemoteAddrStringSASL(virNetClientPtr client)
 {
 return virNetSocketRemoteAddrStringSASL(client->sock);
 }
diff --git a/src/rpc/virnetclient.h b/src/rpc/virnetclient.h
index 38f929c..c772d0b 100644
--- a/src/rpc/virnetclient.h
+++ b/src/rpc/virnetclient.h
@@ -121,8 +121,8 @@ int virNetClientSetTLSSession(virNetClientPtr client,
 bool virNetClientIsEncrypted(virNetClientPtr client);
 bool virNetClientIsOpen(virNetClientPtr client);
 
-const char *virNetClientLocalAddrString(virNetClientPtr client);
-const char *virNetClientRemoteAddrString(virNetClientPtr client);
+const char *virNetClientLocalAddrStringSASL(virNetClientPtr client);
+const char *virNetClientRemoteAddrStringSASL(virNetClientPtr client);
 
 # ifdef WITH_GNUTLS
 int virNetClientGetTLSKeySize(virNetClientPtr client);
-- 
2.7.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 05/28] tests: mock virNetDevSetIPAddress

2016-06-23 Thread John Ferlan 


On 06/22/2016 01:37 PM, Laine Stump wrote:
> Now that we can include  in tests, we could
> almost test XML that has an  element in an interface. Except that
> the test fails when it tries to actually set the IP address for the
> interface's tap device. This patch mocks virNetDevSetIPAddress() to
> just return success.
> ---
>  tests/qemuxml2argvmock.c | 10 +-
>  1 file changed, 9 insertions(+), 1 deletion(-)
> 

ACK

John

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] Allow custom metadata in network configuration XML

2016-06-23 Thread Vasiliy Tolstov 
2016-06-23 22:37 GMT+03:00 Laine Stump :
> I talked with him about it on IRC yesterday. He wants to do [something] in a
> network hook script, and presumably wants some bit of local configuration
> that is the same for all domains connected to a network, but can change
> depending on the network. It makes sense to me that any toplevel persistent
> piece of libvirt config should allow a  element with user-defined
> contents (so pools and volumes might have it too, if somebody had the need).


Hm very interesting idea. I think this may be useful. Thanks for patch.

-- 
Vasiliy Tolstov,
e-mail: v.tols...@yoctocloud.net

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 04/28] conf: clean up virDomainNetIPParseXML()

2016-06-23 Thread John Ferlan 


On 06/22/2016 01:37 PM, Laine Stump wrote:
> Rearrange this function to be better organized and more correct:
> 
> * the error codes were changed from the incorrect INVALID_ARG to
>   XML_ERROR
> 
> * prefix still isn't required, but if present it must be valid or an
>   error will be logged.
> 
> * don't emit a debug log just because prefix is missing - this
>   is valid.
> 
> * group everything related to setting prefix in one place rather than
>   scattered through the function.
> ---
>  src/conf/domain_conf.c | 25 +++--
>  1 file changed, 15 insertions(+), 10 deletions(-)
> 
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index e57655e..c5b4815 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -6115,15 +6115,9 @@ virDomainNetIPParseXML(xmlNodePtr node)
>  int family = AF_UNSPEC;
>  char *address = NULL;
>  
> -if (!(prefixStr = virXMLPropString(node, "prefix")) ||
> -(virStrToLong_ui(prefixStr, NULL, 10, ) < 0)) {
> -// Don't shout, as some old config may not have a prefix
> -VIR_DEBUG("Missing or invalid network prefix");
> -}
> -
>  if (!(address = virXMLPropString(node, "address"))) {
> -virReportError(VIR_ERR_INVALID_ARG, "%s",
> -   _("Missing network address"));
> +virReportError(VIR_ERR_XML_ERROR, "%s",
> +   _("Missing required address in "));
>  goto cleanup;
>  }
>  
> @@ -6139,11 +6133,22 @@ virDomainNetIPParseXML(xmlNodePtr node)
>  goto cleanup;
>  
>  if (virSocketAddrParse(>address, address, family) < 0) {
> -virReportError(VIR_ERR_INVALID_ARG,
> -   _("Failed to parse IP address: '%s'"),
> +virReportError(VIR_ERR_XML_ERROR,
> +   _("Invalid address '%s' in "),
> address);
>  goto cleanup;
>  }
> +
> +prefixStr = virXMLPropString(node, "prefix");
> +if (prefixStr &&
> +((virStrToLong_ui(prefixStr, NULL, 10, ) < 0) ||
> + (family == AF_INET6 && prefixValue > 128) ||
> + (family == AF_INET && prefixValue > 32))) {
> +virReportError(VIR_ERR_XML_ERROR,
> +   _("Invalid prefix value '%s' in "),
> +   prefixStr);
> +goto cleanup;
> +}

I fear the answer to this question, but I'll ask it... Can a domain that
running today with an incorrect prefixValue?

If I'm reading things correct, it would have been assigned a value of 0,
but could still be running.  On libvirtd restart with this change could
that domain 'disappear' because of this "parse" error.

ACK in principle, but you may need to move that check to the "Validate"
callback code path depending on how you answer the question.

John
>  ip->prefix = prefixValue;
>  
>  ret = ip;
> 

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 00/18] Allow domains to start with a dot

2016-06-23 Thread Ján Tomko 

On Thu, Jun 23, 2016 at 08:37:30AM -0400, John Ferlan wrote:



On 06/21/2016 12:05 PM, Ján Tomko wrote:

Also introduce virDirOpen* and VIR_DIR_CLOSE helpers.

https://bugzilla.redhat.com/show_bug.cgi?id=1333248

Ján Tomko (18):


...


 31 files changed, 245 insertions(+), 410 deletions(-)



ACK series modulo the couple of notes I made along the way.



Thanks, I have left patches 2 and 5-11 for later and pushed the rest.


John

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list


--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 03/28] global: consistently use IP rather than Ip in identifiers

2016-06-23 Thread John Ferlan 


On 06/22/2016 01:37 PM, Laine Stump wrote:
> I'm tired of mistyping this all the time, so let's do it the same all
> the time (similar to how we changed all "Pci" to "PCI" awhile back).
> 
> (NB: I've left alone some things in the esx and vbox drivers because
> I'm unable to compile them and they weren't obviously *not* a part of
> some API. I also didn't change a couple of variables named,
> e.g. "somethingIptables", because they were derived from the name of
> the "iptables" command)
> ---
>  src/conf/domain_conf.c| 24 +-
>  src/conf/domain_conf.h| 12 ++---
>  src/conf/interface_conf.c | 38 +++
>  src/conf/interface_conf.h |  8 ++--
>  src/conf/network_conf.c   | 80 
> +++
>  src/conf/network_conf.h   | 20 
>  src/conf/networkcommon_conf.c |  6 +--
>  src/esx/esx_driver.c  | 44 -
>  src/esx/esx_interface_driver.c|  4 +-
>  src/esx/esx_vi.c  |  4 +-
>  src/esx/esx_vi.h  |  2 +-
>  src/libvirt_private.syms  | 10 ++--
>  src/lxc/lxc_container.c   |  2 +-
>  src/lxc/lxc_native.c  |  4 +-
>  src/network/bridge_driver.c   | 74 ++--
>  src/network/bridge_driver_linux.c | 70 +--
>  src/nwfilter/nwfilter_ebiptables_driver.c | 24 +-
>  src/openvz/openvz_conf.c  |  2 +-
>  src/qemu/qemu_driver.c|  2 +-
>  src/util/virsocketaddr.c  |  4 +-
>  src/util/virsocketaddr.h  |  2 +-
>  src/vbox/vbox_network.c   |  8 ++--
>  src/xenconfig/xen_common.c|  2 +-
>  src/xenconfig/xen_sxpr.c  |  4 +-
>  24 files changed, 225 insertions(+), 225 deletions(-)
> 

It's a type "A" type change ;-)

I think I am going to need that eye exam after all...

[...]


> diff --git a/src/conf/interface_conf.c b/src/conf/interface_conf.c
> index 26e55cc..40f1958 100644
> --- a/src/conf/interface_conf.c
> +++ b/src/conf/interface_conf.c
> @@ -45,7 +45,7 @@ virInterfaceDefDevFormat(virBufferPtr buf, const 
> virInterfaceDef *def,
>   virInterfaceType parentIfType);
>  
>  static
> -void virInterfaceIpDefFree(virInterfaceIpDefPtr def)
> +void virInterfaceIPDefFree(virInterfaceIPDefPtr def)
>  {
>  if (def == NULL)
>  return;
> @@ -61,7 +61,7 @@ void virInterfaceProtocolDefFree(virInterfaceProtocolDefPtr 
> def)
>  if (def == NULL)
>  return;
>  for (i = 0; i < def->nips; i++)
> -virInterfaceIpDefFree(def->ips[i]);
> +virInterfaceIPDefFree(def->ips[i]);
>  VIR_FREE(def->ips);
>  VIR_FREE(def->family);
>  VIR_FREE(def->gateway);
> @@ -281,7 +281,7 @@ virInterfaceDefParseDhcp(virInterfaceProtocolDefPtr def,
>  }
>  
>  static int
> -virInterfaceDefParseIp(virInterfaceIpDefPtr def,
> +virInterfaceDefParseIP(virInterfaceIPDefPtr def,
> xmlXPathContextPtr ctxt)
>  {
>  int ret = 0;
> @@ -310,7 +310,7 @@ virInterfaceDefParseProtoIPv4(virInterfaceProtocolDefPtr 
> def,
>  {
>  xmlNodePtr dhcp;
>  xmlNodePtr *ipNodes = NULL;
> -int nIpNodes, ret = -1;
> +int nIPNodes, ret = -1;

You changed a variable name here which while I suppose is correct leads
me to wonder why "ipNodes" wasn't changed as well.

In the long run though, in whatever manner "ip" is used, it should be
consistent between "n[ip|IP]Nodes" and [ip|IP]Nodes... I'd lean towards
ipNodes and nipNodes...


>  size_t i;
>  char *tmp;
>  
> @@ -323,26 +323,26 @@ 
> virInterfaceDefParseProtoIPv4(virInterfaceProtocolDefPtr def,
>  return -1;
>  }
>  
> -nIpNodes = virXPathNodeSet("./ip", ctxt, );
> -if (nIpNodes < 0)
> +nIPNodes = virXPathNodeSet("./ip", ctxt, );
> +if (nIPNodes < 0)
>  return -1;
>  if (ipNodes == NULL)
>  return 0;
>  
> -if (VIR_ALLOC_N(def->ips, nIpNodes) < 0)
> +if (VIR_ALLOC_N(def->ips, nIPNodes) < 0)
>  goto error;
>  
>  def->nips = 0;
> -for (i = 0; i < nIpNodes; i++) {
> +for (i = 0; i < nIPNodes; i++) {
>  
> -virInterfaceIpDefPtr ip;
> +virInterfaceIPDefPtr ip;
>  
>  if (VIR_ALLOC(ip) < 0)
>  goto error;
>  
>  ctxt->node = ipNodes[i];
> -if (virInterfaceDefParseIp(ip, ctxt) < 0) {
> -virInterfaceIpDefFree(ip);
> +if (virInterfaceDefParseIP(ip, ctxt) < 0) {
> +virInterfaceIPDefFree(ip);
>  goto error;
>  }
>  def->ips[def->nips++] = ip;
> @@ -361,7 +361,7 @@ virInterfaceDefParseProtoIPv6(virInterfaceProtocolDefPtr 
> def,
>  {
>  xmlNodePtr dhcp, autoconf;
>  xmlNodePtr *ipNodes = NULL;
> -int nIpNodes, ret = -1;
> +int nIPNodes, ret

[libvirt] [PATCH v3 0/5] bhyve: virConnectDomainXMLFromNative

2016-06-23 Thread Fabian Freyer 
Differences to v2:
  - style fixes (C-style comments, function naming)
  - removed unnecessary break
  - added commentary on why __GNU_C_PREREQ is defined
  - Set Domain virtType = VIR_DOMAIN_VIRT_BHYVE
  - Free domain definition on error in bhyveParseCommandLineString. This
should prevent an empty XML document to be returned.

Link to v2:
 https://www.redhat.com/archives/libvir-list/2016-June/msg00728.html

Link to v1:
 https://www.redhat.com/archives/libvir-list/2016-June/msg1.html

Fabian Freyer (5):
  config-post.h: define __GNUC_PREREQ if not defined
  gnulib: add getopt module
  bhyve: implement virConnectDomainXMLFromNative
  bhyve: implement bhyve argument parser
  bhyve: implement argument parser for loader

 bootstrap.conf  |   1 +
 config-post.h   |  18 +
 m4/virt-driver-bhyve.m4 |   3 +
 po/POTFILES.in  |   1 +
 src/Makefile.am |   2 +
 src/bhyve/bhyve_driver.c|  42 ++
 src/bhyve/bhyve_parse_command.c | 877 
 src/bhyve/bhyve_parse_command.h |  30 ++
 8 files changed, 974 insertions(+)
 create mode 100644 src/bhyve/bhyve_parse_command.c
 create mode 100644 src/bhyve/bhyve_parse_command.h

-- 
2.7.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v3 5/5] bhyve: implement argument parser for loader

2016-06-23 Thread Fabian Freyer 
A simple getopt-based argument parser is added for the /usr/sbin/bhyveload
command, loosely based on its argument parser.

The boot disk is guessed by iterating over all
disks and matching their sources. If any non-default arguments are found,
def->os.bootloaderArgs is set accordingly, and the bootloader is treated as a
custom bootloader.

Custom bootloader are supported by setting the def->os.bootloader and
def->os.bootloaderArgs accordingly

grub-bhyve is also treated as a custom bootloader. Since we don't get the
device map in the native format anyways, we can't reconstruct the complete
boot order. While it is possible to check what type the grub boot disk is by
checking if the --root argument is "cd" or "hd0,msdos1", and then just use the
first disk found, implementing the grub-bhyve argument parser as-is in the
grub-bhyve source would mean adding a dependency to argp or duplicating lots
of the code of argp. Therefore it's not really worth implementing that now.

Signed-off-by: Fabian Freyer 
---
 src/bhyve/bhyve_parse_command.c | 122 
 1 file changed, 122 insertions(+)

diff --git a/src/bhyve/bhyve_parse_command.c b/src/bhyve/bhyve_parse_command.c
index 2a64ba3..f00e7fe 100644
--- a/src/bhyve/bhyve_parse_command.c
+++ b/src/bhyve/bhyve_parse_command.c
@@ -711,6 +711,121 @@ error:
 return -1;
 }
 
+/*
+ * Parse the /usr/sbin/bhyveload command line.
+ */
+static int
+bhyveParseBhyveLoadCommandLine(virDomainDefPtr def,
+   int argc, char **argv)
+{
+int c;
+/* bhyveload called with default arguments when only -m and -d are given.
+ * Store this in a bit field and check if only those two options are given
+ * later */
+unsigned arguments = 0;
+size_t memory = 0;
+struct _getopt_data *parser;
+int i = 0;
+
+const char optstr[] = "CSc:d:e:h:l:m:";
+
+if (!argv)
+goto error;
+
+if (VIR_ALLOC(parser) < 0)
+goto error;
+
+while ((c = _getopt_internal_r(argc, argv, optstr,
+NULL, NULL, 0, parser, 0)) != -1) {
+switch (c) {
+case 'd':
+arguments |= 1;
+/* Iterate over the disks of the domain trying to match up the
+ * source */
+for (i = 0; i < def->ndisks; i++) {
+if (STREQ(virDomainDiskGetSource(def->disks[i]),
+  parser->optarg)) {
+def->disks[i]->info.bootIndex = i;
+break;
+}
+}
+break;
+case 'm':
+arguments |= 2;
+if (virStrToLong_ul(parser->optarg, NULL, 10, ) < 0) {
+virReportError(VIR_ERR_OPERATION_FAILED,
+   _("Failed to parse Memory."));
+goto error;
+}
+if (memory < 1024)
+memory *= 1024;
+else
+memory /= 1024UL;
+if (def->mem.cur_balloon != 0 && def->mem.cur_balloon != memory) {
+virReportError(VIR_ERR_OPERATION_FAILED,
+   _("Failed to parse Memory: Memory size mismatch."));
+goto error;
+}
+def->mem.cur_balloon = memory;
+virDomainDefSetMemoryTotal(def, memory);
+break;
+default:
+arguments |= 4;
+}
+}
+
+if (arguments != 3) {
+/* Set os.bootloader since virDomainDefFormatInternal will only format
+ * the bootloader arguments if os->bootloader is set. */
+if (VIR_STRDUP(def->os.bootloader, argv[0]) < 0)
+   goto error;
+
+def->os.bootloaderArgs = virStringJoin((const char**) [1], " ");
+}
+
+if (argc != parser->optind) {
+virReportError(VIR_ERR_OPERATION_FAILED,
+   _("Failed to parse arguments for bhyveload command."));
+goto error;
+}
+
+if (def->name == NULL) {
+if (VIR_STRDUP(def->name, argv[argc]) < 0)
+goto error;
+}
+else if (STRNEQ(def->name, argv[argc])) {
+/* the vm name of the loader and the bhyverun command differ, throw an
+ * error here */
+virReportError(VIR_ERR_OPERATION_FAILED,
+   _("Failed to parse arguments: VM name mismatch."));
+goto error;
+}
+
+VIR_FREE(parser);
+return 0;
+error:
+VIR_FREE(parser);
+return -1;
+}
+
+static int
+bhyveParseCustomLoaderCommandLine(virDomainDefPtr def,
+  int argc ATTRIBUTE_UNUSED,
+  char **argv)
+{
+if (!argv)
+goto error;
+
+if (VIR_STRDUP(def->os.bootloader, argv[0]) < 0)
+   goto error;
+
+def->os.bootloaderArgs = virStringJoin((const char**) [1], " ");
+
+return 0;
+error:
+return -1;
+}
+
 virDomainDefPtr
 bhyveParseCommandLineString(const char* nativeConfig,

[libvirt] [PATCH v3 3/5] bhyve: implement virConnectDomainXMLFromNative

2016-06-23 Thread Fabian Freyer 
First, remove escaped newlines and split up the string into an argv-list for
the bhyve and loader commands, respectively. This is done by iterating over the
string splitting it by newlines, and then re-iterating over each line,
splitting it by spaces.

Since this code reuses part of the code of qemu_parse_command.c
(in bhyveCommandLine2argv), add the appropriate copyright notices.

Signed-off-by: Fabian Freyer 
---
 po/POTFILES.in  |   1 +
 src/Makefile.am |   2 +
 src/bhyve/bhyve_driver.c|  42 +++
 src/bhyve/bhyve_parse_command.c | 266 
 src/bhyve/bhyve_parse_command.h |  30 +
 5 files changed, 341 insertions(+)
 create mode 100644 src/bhyve/bhyve_parse_command.c
 create mode 100644 src/bhyve/bhyve_parse_command.h

diff --git a/po/POTFILES.in b/po/POTFILES.in
index 0d92448..b1580b7 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -15,6 +15,7 @@ src/bhyve/bhyve_command.c
 src/bhyve/bhyve_device.c
 src/bhyve/bhyve_driver.c
 src/bhyve/bhyve_monitor.c
+src/bhyve/bhyve_parse_command.c
 src/bhyve/bhyve_process.c
 src/conf/capabilities.c
 src/conf/cpu_conf.c
diff --git a/src/Makefile.am b/src/Makefile.am
index 12b66c2..d53c98f 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -901,6 +901,8 @@ BHYVE_DRIVER_SOURCES =  
\
bhyve/bhyve_capabilities.h  \
bhyve/bhyve_command.c   \
bhyve/bhyve_command.h   \
+   bhyve/bhyve_parse_command.c \
+   bhyve/bhyve_parse_command.h \
bhyve/bhyve_device.c\
bhyve/bhyve_device.h\
bhyve/bhyve_domain.c\
diff --git a/src/bhyve/bhyve_driver.c b/src/bhyve/bhyve_driver.c
index c4051a1..c7abea4 100644
--- a/src/bhyve/bhyve_driver.c
+++ b/src/bhyve/bhyve_driver.c
@@ -55,6 +55,7 @@
 #include "bhyve_device.h"
 #include "bhyve_driver.h"
 #include "bhyve_command.h"
+#include "bhyve_parse_command.h"
 #include "bhyve_domain.h"
 #include "bhyve_process.h"
 #include "bhyve_capabilities.h"
@@ -1536,6 +1537,46 @@ bhyveConnectIsEncrypted(virConnectPtr conn 
ATTRIBUTE_UNUSED)
 return 0;
 }
 
+static char *
+bhyveConnectDomainXMLFromNative(virConnectPtr conn,
+const char *nativeFormat,
+const char *nativeConfig,
+unsigned int flags)
+{
+char *xml = NULL;
+virDomainDefPtr def = NULL;
+bhyveConnPtr privconn = conn->privateData;
+virCapsPtr capabilities = NULL;
+unsigned caps = bhyveDriverGetCaps(conn);
+
+virCheckFlags(0, NULL);
+
+if (virConnectDomainXMLFromNativeEnsureACL(conn) < 0)
+goto cleanup;
+
+capabilities = bhyveDriverGetCapabilities(privconn);
+
+if (!capabilities)
+goto cleanup;
+
+if (STRNEQ(nativeFormat, BHYVE_CONFIG_FORMAT_ARGV)) {
+virReportError(VIR_ERR_INVALID_ARG,
+   _("unsupported config type %s"), nativeFormat);
+goto cleanup;
+}
+
+ def = bhyveParseCommandLineString(nativeConfig, caps, privconn->xmlopt);
+ if (def == NULL)
+   goto cleanup;
+
+xml = virDomainDefFormat(def, capabilities, 0);
+
+ cleanup:
+virObjectUnref(capabilities);
+virDomainDefFree(def);
+return xml;
+}
+
 static virHypervisorDriver bhyveHypervisorDriver = {
 .name = "bhyve",
 .connectOpen = bhyveConnectOpen, /* 1.2.2 */
@@ -1589,6 +1630,7 @@ static virHypervisorDriver bhyveHypervisorDriver = {
 .connectIsAlive = bhyveConnectIsAlive, /* 1.3.5 */
 .connectIsSecure = bhyveConnectIsSecure, /* 1.3.5 */
 .connectIsEncrypted = bhyveConnectIsEncrypted, /* 1.3.5 */
+.connectDomainXMLFromNative = bhyveConnectDomainXMLFromNative, /* 1.3.6 */
 };
 
 
diff --git a/src/bhyve/bhyve_parse_command.c b/src/bhyve/bhyve_parse_command.c
new file mode 100644
index 000..b3064bc
--- /dev/null
+++ b/src/bhyve/bhyve_parse_command.c
@@ -0,0 +1,266 @@
+/*
+ * bhyve_parse_command.c: Bhyve command parser
+ *
+ * Copyright (C) 2006-2016 Red Hat, Inc.
+ * Copyright (C) 2006 Daniel P. Berrange
+ * Copyright (C) 2016 Fabian Freyer
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General

[libvirt] [PATCH v3 4/5] bhyve: implement bhyve argument parser

2016-06-23 Thread Fabian Freyer 
A simpe getopt-based argument parser is added for the /usr/sbin/bhyve command,
loosely based on its argument parser, which reads the following from the bhyve
command line string:

* vm name
* number of vcpus
* memory size
* the time offset (UTC or localtime). This includes a capability check to see
  if this is actually supported by the bhyve version.
* features:
  * acpi
  * ioapic: While this flag is deprecated in FreeBSD r257423, keep checking for
it for backwards compatibiility.
* the domain UUID; if not explicitely given, one will be generated.
* lpc devices: for now only the com1 and com2 are supported. It is required for
   these to be /dev/nmdm[\d+][AB], and the slave devices are automatically
   inferred from these to be the corresponding end of the virtual null-modem
   cable: /dev/nmdmA <-> /dev/nmdmB
* PCI devices:
  * Disks: these are numbered in the order they are found, for virtio and ahci
disks separately. The destination is set to sdX or vdX with X='a'+index;
therefore only 'z'-'a' disks are supported.
Disks are considered to be block devices if the path
starts with /dev, otherwise they are considered to be files.
  * Networks: only tap devices are supported. Since it isn't possible to tell
the type of the network, VIR_DOMAIN_NET_TYPE_ETHERNET is assumed, since it
is the most generic. If no mac is specified, one will be generated.

Signed-off-by: Fabian Freyer 
---
 src/bhyve/bhyve_parse_command.c | 493 +++-
 1 file changed, 491 insertions(+), 2 deletions(-)

diff --git a/src/bhyve/bhyve_parse_command.c b/src/bhyve/bhyve_parse_command.c
index b3064bc..2a64ba3 100644
--- a/src/bhyve/bhyve_parse_command.c
+++ b/src/bhyve/bhyve_parse_command.c
@@ -23,6 +23,7 @@
  */
 
 #include 
+#include 
 
 #include "bhyve_capabilities.h"
 #include "bhyve_command.h"
@@ -225,10 +226,495 @@ bhyveCommandLineToArgv(const char *nativeConfig,
 return -1;
 }
 
+static int
+bhyveParseBhyveLPCArg(virDomainDefPtr def,
+  unsigned caps ATTRIBUTE_UNUSED,
+  const char *arg)
+{
+/* -l emulation[,config] */
+const char *separator = NULL;
+const char *param = NULL;
+size_t last = 0;
+virDomainChrDefPtr chr = NULL;
+char *type = NULL;
+
+separator = strchr(arg, ',');
+param = separator + 1;
+
+if (!separator)
+goto error;
+
+if (VIR_STRNDUP(type, arg, separator - arg) < 0)
+goto error;
+
+/* Only support com%d */
+if (STRPREFIX(type, "com") && type[4] == 0) {
+if (!(chr = virDomainChrDefNew()))
+goto error;
+
+chr->source.type = VIR_DOMAIN_CHR_TYPE_NMDM;
+chr->deviceType = VIR_DOMAIN_CHR_DEVICE_TYPE_SERIAL;
+
+if (!STRPREFIX(param, "/dev/nmdm")) {
+virReportError(VIR_ERR_OPERATION_FAILED,
+   _("Failed to set com port %s: does not start with "
+ "'/dev/nmdm'."), type);
+goto error;
+}
+
+if (VIR_STRDUP(chr->source.data.file.path, param) < 0) {
+virDomainChrDefFree(chr);
+goto error;
+}
+
+if (VIR_STRDUP(chr->source.data.nmdm.slave, chr->source.data.file.path)
+< 0) {
+virDomainChrDefFree(chr);
+goto error;
+}
+
+/* If the last character of the master is 'A', the slave will be 'B'
+ * and vice versa */
+last = strlen(chr->source.data.file.path) - 1;
+switch (chr->source.data.file.path[last]) {
+case 'A':
+chr->source.data.file.path[last] = 'B';
+break;
+case 'B':
+chr->source.data.file.path[last] = 'A';
+break;
+default:
+virReportError(VIR_ERR_OPERATION_FAILED,
+   _("Failed to set slave for %s: last letter not "
+ "'A' or 'B'"),
+   chr->source.data.file.path);
+goto error;
+}
+
+switch (type[3]-'0') {
+case 1:
+case 2:
+chr->target.port = type[3] - '1';
+break;
+default:
+virReportError(VIR_ERR_OPERATION_FAILED,
+   _("Failed to parse %s: only com1 and com2"
+ "supported."), type);
+virDomainChrDefFree(chr);
+goto error;
+break;
+}
+
+if (VIR_APPEND_ELEMENT(def->serials, def->nserials, chr) < 0) {
+virDomainChrDefFree(chr);
+goto error;
+}
+}
+
+VIR_FREE(type);
+return 0;
+
+error:
+VIR_FREE(chr);
+VIR_FREE(type);
+return -1;
+}
+
+static int
+bhyveParsePCISlot(const char *slotdef,
+  unsigned *pcislot,
+  unsigned *bus,
+  unsigned *function)
+{
+/* slot[:function] |

[libvirt] [PATCH v3 1/5] config-post.h: define __GNUC_PREREQ if not defined

2016-06-23 Thread Fabian Freyer 
Several gnulib headers rely on features.h being included by ctype.h to provide
__GNUC_PREREQ, but on systems without glibc, this is not provided. In these
cases __GNUC_PREREQ gets redefined to 0, which causes build errors from checks
in src/internal.h.
Therefore, define __GNUC_PREREQ as early as possible. config.h is probably the
first header that is included, before any other headers.
---
 config-post.h | 18 ++
 1 file changed, 18 insertions(+)

diff --git a/config-post.h b/config-post.h
index 2398d3d..9243d7d 100644
--- a/config-post.h
+++ b/config-post.h
@@ -67,3 +67,21 @@
 # undef WITH_SECDRIVER_APPARMOR
 # undef WITH_CAPNG
 #endif /* LIBVIRT_NSS */
+
+/*
+ * Define __GNUC__ to a sane default if it isn't yet defined.
+ * This is done here so that it's included as early as possible; gnulib relies
+ * on this to be defined in features.h, which should be included from ctype.h.
+ * This doesn't happen on many non-glibc systems.
+ * When __GNUC__ is not defined, gnulib defines it to 0, which breaks things.
+ */ 
+#ifdef __GNUC__
+# ifndef __GNUC_PREREQ
+#  if defined __GNUC__ && defined __GNUC_MINOR__
+#   define __GNUC_PREREQ(maj, min)\
+   ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
+#  else
+#   define __GNUC_PREREQ(maj, min) 0
+#  endif
+# endif
+#endif
-- 
2.7.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v3 2/5] gnulib: add getopt module

2016-06-23 Thread Fabian Freyer 
Unconditionally use gnulib's getopt module. This is needed by the bhyve driver
to provide a reentrant interface for getopt.
---
 bootstrap.conf  | 1 +
 m4/virt-driver-bhyve.m4 | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/bootstrap.conf b/bootstrap.conf
index 0db6b62..edea8c3 100644
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -54,6 +54,7 @@ func
 getaddrinfo
 getcwd-lgpl
 gethostname
+getopt-posix
 getpass
 getpeername
 getsockname
diff --git a/m4/virt-driver-bhyve.m4 b/m4/virt-driver-bhyve.m4
index c65b15d..bbdd8b2 100644
--- a/m4/virt-driver-bhyve.m4
+++ b/m4/virt-driver-bhyve.m4
@@ -52,6 +52,9 @@ AC_DEFUN([LIBVIRT_DRIVER_CHECK_BHYVE],[
 AM_CONDITIONAL([WITH_BHYVE], [test "$with_bhyve" = "yes"])
 ])
 
+dnl Build with gnulib's getopt which contains a reentrant interface
+AC_DEFUN([gl_REPLACE_GETOPT_ALWAYS], [])
+
 AC_DEFUN([LIBVIRT_DRIVER_RESULT_BHYVE],[
 AC_MSG_NOTICE([Bhyve: $with_bhyve])
 ])
-- 
2.7.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 02/28] util: move virInterface(State|Link)/virNetDevFeature from conf to util

2016-06-23 Thread John Ferlan 


On 06/22/2016 01:37 PM, Laine Stump wrote:
> These had been declared in conf/device_conf.h, but then used in
> util/virnetdev.c, meaning that we had to #include conf/device_conf.h
> in virnetdev.c (which we have for a long time said shouldn't be done.
> 
> This caused a bigger problem when I tried to #include util/virnetdev.h
> in a file in src/conf (which is allowed) - for some reason the
> "device_conf.h: File not found" error.
> 
> The solution is to move the data types and functions used in util
> sources from conf to util. Some names were adjusted during the move
> ("virInterface" --> "virNetDevIf", and "VIR_INTERFACE" -->
> "VIR_NETDEV_IF")
> ---
>  src/conf/device_conf.c  | 31 ---
>  src/conf/device_conf.h  | 44 +++-
>  src/conf/domain_conf.c  |  1 +
>  src/conf/interface_conf.h   |  2 +-
>  src/conf/node_device_conf.h |  2 +-
>  src/libvirt_private.syms|  6 --
>  src/util/virnetdev.c| 31 +++
>  src/util/virnetdev.h| 40 ++--
>  tests/virnetdevtest.c   | 14 +++---
>  9 files changed, 86 insertions(+), 85 deletions(-)
> 

New names seem reasonable to me -

ACK

John


--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 01/28] util: move virNetDevLinkDump to virnetlink.c

2016-06-23 Thread John Ferlan 


On 06/22/2016 01:37 PM, Laine Stump wrote:
> virNetDevLinkDump should have been in virnetlink.c, but that file
> didn't exist yet when the function was created. It didn't really
> matter until now - I found that having virnetlink.h included by
> virnetdev.h caused build problems when trying to #include virnetdev.h
> in a .c file in src/conf (due to missing directory in -I). Rather than
> fix that to further institutionalize the incorrect placement of this
> one function, this patch moves the function.
> ---
>  src/libvirt_private.syms |   2 +-
>  src/util/virnetdev.c | 134 +-
>  src/util/virnetdev.h |   6 --
>  src/util/virnetdevvportprofile.c |   4 +-
>  src/util/virnetlink.c| 135 
> +++
>  src/util/virnetlink.h|   5 ++
>  6 files changed, 145 insertions(+), 141 deletions(-)
> 

Let's see if I can clear a few off the starboard side...  Start getting
some of these in before something else changes that causes a ripple effect.

ACK

John

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] storage: Remove redundant refreshPool check

2016-06-23 Thread John Ferlan 


On 06/22/2016 08:29 PM, Cole Robinson wrote:
> Every driver provides a refreshPool impl, and many other critical
> places in the code unconditionally call it without checking if
> it exists, so this check is pointless
> ---
>  src/storage/storage_driver.c | 16 +++-
>  1 file changed, 7 insertions(+), 9 deletions(-)
> 
> diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c
> index e2d729f..4b5419d 100644
> --- a/src/storage/storage_driver.c
> +++ b/src/storage/storage_driver.c
> @@ -2422,20 +2422,18 @@ storageVolUpload(virStorageVolPtr obj,
>  goto cleanup;
>  }
>  
> -/* If we have a refreshPool, use the callback routine in order to
> +/* Use the callback routine in order to
>   * refresh the pool after the volume upload stream closes. This way
>   * we make sure the volume and pool data are refreshed without user
>   * interaction and we can just lookup the backend in the callback
>   * routine in order to call the refresh API.
>   */
> -if (backend->refreshPool) {
> -if (VIR_ALLOC(cbdata) < 0 ||
> -VIR_STRDUP(cbdata->pool_name, pool->def->name) < 0)
> -goto cleanup;
> -if (vol->target.type == VIR_STORAGE_VOL_PLOOP &&
> -VIR_STRDUP(cbdata->vol_path, vol->target.path) < 0)
> -goto cleanup;
> -}
> +if (VIR_ALLOC(cbdata) < 0 ||
> +VIR_STRDUP(cbdata->pool_name, pool->def->name) < 0)
> +goto cleanup;
> +if (vol->target.type == VIR_STORAGE_VOL_PLOOP &&
> +VIR_STRDUP(cbdata->vol_path, vol->target.path) < 0)
> +goto cleanup;
>  
>  if ((ret = backend->uploadVol(obj->conn, pool, vol, stream,
>offset, length, flags)) < 0)
> 
Of course my Coverity checker just pointed out that the subsequent "if
(cbdata)" below here is not necessary now since cbdata will always be
allocated .


John

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] Allow custom metadata in network configuration XML

2016-06-23 Thread Laine Stump 

On 06/23/2016 02:31 PM, Vasiliy Tolstov wrote:

2016-06-23 1:05 GMT+03:00 Brnadon Bennett :

From: Brandon Bennett 

 This replicates the metadata field found in the domain configuration
 and adds it to the network configuration XML.


Why not use domain metadata? WHy you create metadata for network and
not want to use domain metadata?



I talked with him about it on IRC yesterday. He wants to do [something] 
in a network hook script, and presumably wants some bit of local 
configuration that is the same for all domains connected to a network, 
but can change depending on the network. It makes sense to me that any 
toplevel persistent piece of libvirt config should allow a  
element with user-defined contents (so pools and volumes might have it 
too, if somebody had the need).


--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] Allow custom metadata in network configuration XML

2016-06-23 Thread Laine Stump 

On 06/22/2016 06:05 PM, Brnadon Bennett wrote:

From: Brandon Bennett 

 This replicates the metadata field found in the domain configuration
 and adds it to the network configuration XML.
---
  docs/formatnetwork.html.in   | 13 +
  docs/schemas/basictypes.rng  | 23 +++
  docs/schemas/domaincommon.rng| 23 ---
  docs/schemas/network.rng |  5 +
  src/conf/network_conf.c  | 35 ++-
  src/conf/network_conf.h  |  3 +++
  tests/networkxml2xmlin/metadata.xml  | 10 ++
  tests/networkxml2xmlout/metadata.xml | 10 ++
  tests/networkxml2xmltest.c   |  1 +
  9 files changed, 99 insertions(+), 24 deletions(-)
  create mode 100644 tests/networkxml2xmlin/metadata.xml
  create mode 100644 tests/networkxml2xmlout/metadata.xml

diff --git a/docs/formatnetwork.html.in b/docs/formatnetwork.html.in
index 1cea931..15ebf0c 100644
--- a/docs/formatnetwork.html.in
+++ b/docs/formatnetwork.html.in
@@ -38,6 +38,10 @@
network ipv6='yes' trustGuestRxFilters='no'
  namedefault/name
  uuid3e3fce45-4f53-4fa7-bb32-11f34168b82b/uuid
+   metadata


You used a space rather than a tab in the line just above here. If you 
run "make syntax-check", style errors like that will be pointed out.


Other than that, this is a very faithful reproduction of commit 
fa981fc94, which added metada support to the domain and passes make 
syntax-check and make check.


ACK to the patch. Unless someone has a specific reason why networks 
shouldn't have the same ability to store metadata as domains, I'll push 
this tomorrow (so that it makes it into the release).


Thanks for putting your money where your mouth is and coming up with 
this patch in such a short time (we discussed it briefly on IRC 
yesterday)., and congratulations on your first libvirt patch!


--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 08/19] qemu: Change protocol parameter for secret setup

2016-06-23 Thread Peter Krempa 
On Thu, Jun 23, 2016 at 12:16:06 -0400, John Ferlan wrote:
> 
> 
> On 06/23/2016 11:57 AM, Peter Krempa wrote:
> > On Mon, Jun 13, 2016 at 20:27:47 -0400, John Ferlan wrote:
> >> Rather than assume/pass the protocol to the qemuDomainSecretPlainSetup
> >> and qemuDomainSecretAESSetup, determine and pass the secretUsageType
> >> which is then used in the virSecretGetSecretString call
> >>
> >> For the two callers that convert from virStorageNetProtocol, add
> >> a new helper qemuDomainSecretProtocolGetUsageType.
> >>
> >> Signed-off-by: John Ferlan 
> >> ---
> >>  src/qemu/qemu_domain.c | 105 
> >> +
> >>  1 file changed, 63 insertions(+), 42 deletions(-)
> >>
> >> diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
> >> index 34e3d95..52cbc72 100644
> >> --- a/src/qemu/qemu_domain.c
> >> +++ b/src/qemu/qemu_domain.c
> > 
> > [...]
> > 
> >> +/* qemuDomainSecretGetProtocolUsageType:
> >> + * @protocol: The virStorageNetProtocol protocol type
> >> + *
> >> + * Convert the protocl into the expected virSecretUsageType for
> >> + * eventual usage to fetch the secret
> >> + *
> >> + * Returns matched protocol type or VIR_SECRET_USAGE_TYPE_NONE with an
> >> + * error message set on failure.
> >> + */
> >> +static virSecretUsageType
> >> +qemuDomainSecretProtocolGetUsageType(virStorageNetProtocol protocol)
> >> +{
> >> +switch ((virStorageNetProtocol)protocol) {
> >> +case VIR_STORAGE_NET_PROTOCOL_RBD:
> >> +return VIR_SECRET_USAGE_TYPE_CEPH;
> >> +
> >> +case VIR_STORAGE_NET_PROTOCOL_ISCSI:
> >> +return VIR_SECRET_USAGE_TYPE_ISCSI;
> >> +
> >> +case VIR_STORAGE_NET_PROTOCOL_NONE:
> >> +case VIR_STORAGE_NET_PROTOCOL_NBD:
> >> +case VIR_STORAGE_NET_PROTOCOL_SHEEPDOG:
> >> +case VIR_STORAGE_NET_PROTOCOL_GLUSTER:
> >> +case VIR_STORAGE_NET_PROTOCOL_HTTP:
> >> +case VIR_STORAGE_NET_PROTOCOL_HTTPS:
> >> +case VIR_STORAGE_NET_PROTOCOL_FTP:
> >> +case VIR_STORAGE_NET_PROTOCOL_FTPS:
> >> +case VIR_STORAGE_NET_PROTOCOL_TFTP:
> >> +case VIR_STORAGE_NET_PROTOCOL_LAST:
> >> +virReportError(VIR_ERR_INTERNAL_ERROR,
> >> +   _("protocol '%s' cannot be used for encrypted 
> >> secrets"),
> >> +   virStorageNetProtocolTypeToString(protocol));
> > 
> > You could change this error message so that it actually makes some
> > sense. The protocols above don't support any form of authentication at
> > least in context of our interaction with qemu, not only specifically
> > encrypted secrets.
> > 
> 
> OK - poof this is gone...
> 
> >> +}
> >> +return VIR_SECRET_USAGE_TYPE_NONE;
> >> +}
> >> +
> >> +
> >>  /* qemuDomainSecretDiskPrepare:
> >>   * @conn: Pointer to connection
> >>   * @priv: pointer to domain private object
> >> @@ -1008,13 +1018,19 @@ qemuDomainSecretDiskPrepare(virConnectPtr conn,
> >>  (src->protocol == VIR_STORAGE_NET_PROTOCOL_ISCSI ||
> >>   src->protocol == VIR_STORAGE_NET_PROTOCOL_RBD)) {
> >>  
> >> +virSecretUsageType secretUsageType;
> >>  qemuDomainDiskPrivatePtr diskPriv = 
> >> QEMU_DOMAIN_DISK_PRIVATE(disk);
> >>  
> >>  if (VIR_ALLOC(secinfo) < 0)
> >>  return -1;
> >>  
> >> +if ((secretUsageType =
> >> + qemuDomainSecretProtocolGetUsageType(src->protocol)) ==
> >> +VIR_SECRET_USAGE_TYPE_NONE)
> > 
> > Dead code. The condition above guarantees that this doesn't ever return
> > _NONE. I think you could set the usage type here rather than having an
> > extra helper that doesn't do much else.
> 
> Changed to:
> 
> if (src->protocol == VIR_STORAGE_NET_PROTOCOL_ISCSI)
> secretUsageType = VIR_SECRET_USAGE_TYPE_ISCSI;
> else
> secretUsageType = VIR_SECRET_USAGE_TYPE_CEPH;
> 
> 
> > 
> >> +goto error;
> >> +
> >>  if (qemuDomainSecretSetup(conn, priv, secinfo, disk->info.alias,
> >> -  src->protocol, src->auth) < 0)
> >> +  secretUsageType, src->auth) < 0)
> >>  goto error;
> >>  
> >>  diskPriv->secinfo = secinfo;
> >> @@ -1072,14 +1088,19 @@ qemuDomainSecretHostdevPrepare(virConnectPtr conn,
> >>  if (scsisrc->protocol == 
> >> VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI &&
> >>  iscsisrc->auth) {
> >>  
> >> +virSecretUsageType secretUsageType;
> 
> Changed to:
> 
> virSecretUsageType secretUsageType =
> VIR_SECRET_USAGE_TYPE_ISCSI;
> 
> 
> Tks -

thanks for doing that. ACK to those.

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH v2 4/5] bhyve: implement bhyve argument parser

2016-06-23 Thread Fabian Freyer 
On 12/06/16 15:29, Roman Bogorodskiy wrote:
>   Fabian Freyer wrote:
> 
>> A simpe getopt-based argument parser is added for the /usr/sbin/bhyve 
>> command,
>> loosely based on its argument parser, which reads the following from the 
>> bhyve
>> command line string:
>>
>> * vm name
>> * number of vcpus
>> * memory size
>> * the time offset (UTC or localtime). This includes a capability check to see
>>   if this is actually supported by the bhyve version.
>> * features:
>>   * acpi
>>   * ioapic: While this flag is deprecated in FreeBSD r257423, keep checking 
>> for
>> it for backwards compatibiility.
>> * the domain UUID; if not explicitely given, one will be generated.
>> * lpc devices: for now only the com1 and com2 are supported. It is required 
>> for
>>these to be /dev/nmdm[\d+][AB], and the slave devices are automatically
>>inferred from these to be the corresponding end of the virtual null-modem
>>cable: /dev/nmdmA <-> /dev/nmdmB
>> * PCI devices:
>>   * Disks: these are numbered in the order they are found, for virtio and 
>> ahci
>> disks separately. The destination is set to sdX or vdX with X='a'+index;
>> therefore only 'z'-'a' disks are supported.
>> Disks are considered to be block devices if the path
>> starts with /dev, otherwise they are considered to be files.
>>   * Networks: only tap devices are supported. Since it isn't possible to tell
>> the type of the network, VIR_DOMAIN_NET_TYPE_ETHERNET is assumed, since 
>> it
>> is the most generic. If no mac is specified, one will be generated.
>>
>> Signed-off-by: Fabian Freyer 
>> ---
>>  src/bhyve/bhyve_parse_command.c | 494 
>> +++-
>>  1 file changed, 492 insertions(+), 2 deletions(-)
>>
>> diff --git a/src/bhyve/bhyve_parse_command.c 
>> b/src/bhyve/bhyve_parse_command.c
>> index 72367bb..be4ff2a 100644
>> --- a/src/bhyve/bhyve_parse_command.c
>> +++ b/src/bhyve/bhyve_parse_command.c
>> @@ -23,6 +23,7 @@
>>   */
>>  
>>  #include 
>> +#include 
>>  
>>  #include "bhyve_capabilities.h"
>>  #include "bhyve_command.h"
>> @@ -225,10 +226,496 @@ bhyveCommandLine2argv(const char *nativeConfig,
>>  return -1;
>>  }
>>  
>> +static int
>> +bhyveParseBhyveLPCArg(virDomainDefPtr def,
>> +  unsigned caps ATTRIBUTE_UNUSED,
>> +  const char *arg)
>> +{
>> +/* -l emulation[,config] */
>> +const char *separator = NULL;
>> +const char *param = NULL;
>> +size_t last = 0;
>> +virDomainChrDefPtr chr = NULL;
>> +char *type = NULL;
>> +
>> +separator = strchr(arg, ',');
>> +param = separator + 1;
>> +
>> +if (!separator)
>> +goto error;
>> +
>> +if (VIR_STRNDUP(type, arg, separator - arg) < 0)
>> +goto error;
>> +
>> +/* Only support com%d */
>> +if (STRPREFIX(type, "com") && type[4] == 0) {
>> +if (!(chr = virDomainChrDefNew()))
>> +goto error;
>> +
>> +chr->source.type = VIR_DOMAIN_CHR_TYPE_NMDM;
>> +chr->deviceType = VIR_DOMAIN_CHR_DEVICE_TYPE_SERIAL;
>> +
>> +if (!STRPREFIX(param, "/dev/nmdm")) {
>> +virReportError(VIR_ERR_OPERATION_FAILED,
>> +   _("Failed to set com port %s: does not start 
>> with "
>> + "'/dev/nmdm'."), type);
>> +goto error;
>> +}
>> +
>> +if (VIR_STRDUP(chr->source.data.file.path, param) < 0) {
>> +virDomainChrDefFree(chr);
>> +goto error;
>> +}
>> +
>> +if (VIR_STRDUP(chr->source.data.nmdm.slave, 
>> chr->source.data.file.path)
>> +< 0) {
>> +virDomainChrDefFree(chr);
>> +goto error;
>> +}
>> +
>> +/* If the last character of the master is 'A', the slave will be 'B'
>> + * and vice versa */
>> +last = strlen(chr->source.data.file.path) - 1;
>> +switch (chr->source.data.file.path[last]) {
>> +case 'A':
>> +chr->source.data.file.path[last] = 'B';
>> +break;
>> +case 'B':
>> +chr->source.data.file.path[last] = 'A';
>> +break;
>> +default:
>> +virReportError(VIR_ERR_OPERATION_FAILED,
>> +   _("Failed to set slave for %s: last letter 
>> not "
>> + "'A' or 'B'"),
>> +   chr->source.data.file.path);
>> +goto error;
>> +}
>> +
>> +switch (type[3]-'0') {
>> +case 1:
>> +case 2:
>> +chr->target.port = type[3] - '1';
>> +break;
>> +default:
>> +virReportError(VIR_ERR_OPERATION_FAILED,
>> +   _("Failed to parse %s: only com1 and com2"
>> + "supported."), type);
>> +virDomainChrDefFree(chr);
>> +goto error;
>>

Re: [libvirt] [PATCH 2/2] qemu: Check for thread <=> memory alignment

2016-06-23 Thread John Ferlan 


On 06/22/2016 12:37 PM, Martin Kletzander wrote:
> Some settings may be confusing and in case users use numad placement in
> combination with static placement we could warn them as it might not be
> wanted (but it's not forbidden).
> 
> Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1254402
> 
> Signed-off-by: Martin Kletzander 
> ---
>  src/qemu/qemu_driver.c  |   4 +-
>  src/qemu/qemu_process.c | 107 
> +---
>  src/qemu/qemu_process.h |   6 ++-
>  3 files changed, 99 insertions(+), 18 deletions(-)
> 

Perhaps could have been two patches ... one to add the driver argument
and the second to use it...

> diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> index 931efae27dee..4cf9f0560092 100644
> --- a/src/qemu/qemu_driver.c
> +++ b/src/qemu/qemu_driver.c
> @@ -4702,7 +4702,7 @@ qemuDomainHotplugAddVcpu(virQEMUDriverPtr driver,
>  goto cleanup;
>  }
> 
> -if (qemuProcessSetupVcpu(vm, vcpu) < 0)
> +if (qemuProcessSetupVcpu(driver, vm, vcpu) < 0)
>  goto cleanup;
> 
>  ret = 0;
> @@ -5828,7 +5828,7 @@ qemuDomainHotplugAddIOThread(virQEMUDriverPtr driver,
> 
>  iothrid->thread_id = new_iothreads[idx]->thread_id;
> 
> -if (qemuProcessSetupIOThread(vm, iothrid) < 0)
> +if (qemuProcessSetupIOThread(driver, vm, iothrid) < 0)
>  goto cleanup;
> 
>  ret = 0;
> diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
> index d1247d2fd0f9..51709f8c9d58 100644
> --- a/src/qemu/qemu_process.c
> +++ b/src/qemu/qemu_process.c
> @@ -2306,6 +2306,75 @@ qemuProcessSetLinkStates(virQEMUDriverPtr driver,
>  }
> 
> 
> +static int
> +qemuProcessCheckCpusMemsAlignment(virQEMUDriverPtr driver,
> +  virDomainObjPtr vm,
> +  virBitmapPtr cpumask,
> +  const char *mem_mask)
> +{
> +int ret = -1;
> +int hostnodes = 0;
> +char *cpumask_str = NULL;
> +char *tmpmask_str = NULL;
> +char *mem_cpus_str = NULL;
> +virCapsPtr caps = NULL;
> +virBitmapPtr tmpmask = NULL;
> +virBitmapPtr mem_cpus = NULL;
> +virBitmapPtr mem_nodes = NULL;
> +virDomainNumatuneMemMode mem_mode;
> +
> +if (virDomainNumatuneGetMode(vm->def->numa, -1, _mode) != 0)
> +return 0;
> +
> +if (mem_mode != VIR_DOMAIN_NUMATUNE_MEM_STRICT)
> +return 0;
> +
> +if (!mem_mask || !cpumask)
> +return 0;
> +
> +if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
> +goto cleanup;
> +
> +if (!(tmpmask = virBitmapNewCopy(cpumask)))
> +goto cleanup;
> +
> +if ((hostnodes = virNumaGetMaxNode()) < 0)
> +goto cleanup;
> +
> +if (virBitmapParse(mem_mask, _nodes, hostnodes) < 0)
> +goto cleanup;
> +
> +if (!(mem_cpus = virCapabilitiesGetCpusForNodemask(caps, mem_nodes)))
> +goto cleanup;
> +
> +virBitmapSubtract(tmpmask, mem_cpus);
> +if (!virBitmapIsAllClear(tmpmask)) {
> +if (!(cpumask_str = virBitmapFormat(cpumask)))
> +goto cleanup;
> +
> +if (!(tmpmask_str = virBitmapFormat(tmpmask)))
> +goto cleanup;
> +
> +if (!(mem_cpus_str = virBitmapFormat(mem_cpus)))
> +goto cleanup;
> +
> +VIR_WARN("CPUs '%s' in cpumask '%s' might not have access to any 
> NUMA "
> + "node in memory's nodeset '%s' which consists of CPUs: 
> '%s'.",
> + tmpmask_str, cpumask_str, mem_mask, mem_cpus_str);

Hopefully enough details ;-)

> +}
> +
> +ret = 0;
> + cleanup:
> +VIR_FREE(mem_cpus_str);
> +VIR_FREE(tmpmask_str);
> +VIR_FREE(cpumask_str);
> +virBitmapFree(mem_cpus);

Coverity complains that mem_nodes is leaked.


> +virBitmapFree(tmpmask);
> +virObjectUnref(caps);
> +return ret;
> +}
> +
> +
>  /**
>   * qemuProcessSetupPid:
>   *
> @@ -2317,7 +2386,8 @@ qemuProcessSetLinkStates(virQEMUDriverPtr driver,
>   * Returns 0 on success, -1 on error.
>   */
>  static int
> -qemuProcessSetupPid(virDomainObjPtr vm,
> +qemuProcessSetupPid(virQEMUDriverPtr driver,
> +virDomainObjPtr vm,
>  pid_t pid,
>  virCgroupThreadName nameval,
>  int id,
> @@ -2390,6 +2460,10 @@ qemuProcessSetupPid(virDomainObjPtr vm,
>  if ((period || quota) &&
>  qemuSetupCgroupVcpuBW(cgroup, period, quota) < 0)
>  goto cleanup;
> +
> +if (qemuProcessCheckCpusMemsAlignment(driver, vm,
> +  use_cpumask, mem_mask) < 0)
> +goto cleanup;

It doesn't seem to matter that for an emulator virCgroupSetCpusetMems is
not called yet... But I figured I'd ask to double check!

ACK with the coverity error fixed as this seems reasonable to me.

John

>  }
> 
>  /* Setup legacy affinity. */
> @@ -2415,9 +2489,10 @@ qemuProcessSetupPid(virDomainObjPtr vm,
> 
>

Re: [libvirt] [PATCH v2 3/5] bhyve: implement virConnectDomainXMLFromNative

2016-06-23 Thread Fabian Freyer 
On 12/06/16 16:03, Roman Bogorodskiy wrote:
>   Fabian Freyer wrote:
> 
>> First, remove escaped newlines and split up the string into an argv-list for
>> the bhyve and loader commands, respectively. This is done by iterating over 
>> the
>> string splitting it by newlines, and then re-iterating over each line,
>> splitting it by spaces.
>>
>> Since this code reuses part of the code of qemu_parse_command.c
>> (in bhyveCommandLine2argv), add the appropriate copyright notices.
>>
>> Signed-off-by: Fabian Freyer 
>> ---
>>  po/POTFILES.in  |   1 +
>>  src/Makefile.am |   2 +
>>  src/bhyve/bhyve_driver.c|  42 +++
>>  src/bhyve/bhyve_parse_command.c | 263 
>> 
>>  src/bhyve/bhyve_parse_command.h |  30 +
>>  5 files changed, 338 insertions(+)
>>  create mode 100644 src/bhyve/bhyve_parse_command.c
>>  create mode 100644 src/bhyve/bhyve_parse_command.h
>>
>> diff --git a/po/POTFILES.in b/po/POTFILES.in
>> index 0d92448..b1580b7 100644
>> --- a/po/POTFILES.in
>> +++ b/po/POTFILES.in
>> @@ -15,6 +15,7 @@ src/bhyve/bhyve_command.c
>>  src/bhyve/bhyve_device.c
>>  src/bhyve/bhyve_driver.c
>>  src/bhyve/bhyve_monitor.c
>> +src/bhyve/bhyve_parse_command.c
>>  src/bhyve/bhyve_process.c
>>  src/conf/capabilities.c
>>  src/conf/cpu_conf.c
>> diff --git a/src/Makefile.am b/src/Makefile.am
>> index 12b66c2..d53c98f 100644
>> --- a/src/Makefile.am
>> +++ b/src/Makefile.am
>> @@ -901,6 +901,8 @@ BHYVE_DRIVER_SOURCES =   
>> \
>>  bhyve/bhyve_capabilities.h  \
>>  bhyve/bhyve_command.c   \
>>  bhyve/bhyve_command.h   \
>> +bhyve/bhyve_parse_command.c \
>> +bhyve/bhyve_parse_command.h \
>>  bhyve/bhyve_device.c\
>>  bhyve/bhyve_device.h\
>>  bhyve/bhyve_domain.c\
>> diff --git a/src/bhyve/bhyve_driver.c b/src/bhyve/bhyve_driver.c
>> index c4051a1..c7abea4 100644
>> --- a/src/bhyve/bhyve_driver.c
>> +++ b/src/bhyve/bhyve_driver.c
>> @@ -55,6 +55,7 @@
>>  #include "bhyve_device.h"
>>  #include "bhyve_driver.h"
>>  #include "bhyve_command.h"
>> +#include "bhyve_parse_command.h"
>>  #include "bhyve_domain.h"
>>  #include "bhyve_process.h"
>>  #include "bhyve_capabilities.h"
>> @@ -1536,6 +1537,46 @@ bhyveConnectIsEncrypted(virConnectPtr conn 
>> ATTRIBUTE_UNUSED)
>>  return 0;
>>  }
>>  
>> +static char *
>> +bhyveConnectDomainXMLFromNative(virConnectPtr conn,
>> +const char *nativeFormat,
>> +const char *nativeConfig,
>> +unsigned int flags)
>> +{
>> +char *xml = NULL;
>> +virDomainDefPtr def = NULL;
>> +bhyveConnPtr privconn = conn->privateData;
>> +virCapsPtr capabilities = NULL;
>> +unsigned caps = bhyveDriverGetCaps(conn);
>> +
>> +virCheckFlags(0, NULL);
>> +
>> +if (virConnectDomainXMLFromNativeEnsureACL(conn) < 0)
>> +goto cleanup;
>> +
>> +capabilities = bhyveDriverGetCapabilities(privconn);
>> +
>> +if (!capabilities)
>> +goto cleanup;
>> +
>> +if (STRNEQ(nativeFormat, BHYVE_CONFIG_FORMAT_ARGV)) {
>> +virReportError(VIR_ERR_INVALID_ARG,
>> +   _("unsupported config type %s"), nativeFormat);
>> +goto cleanup;
>> +}
>> +
>> + def = bhyveParseCommandLineString(nativeConfig, caps, 
>> privconn->xmlopt);
>> + if (def == NULL)
>> +   goto cleanup;
> 
> Nit: this chunk is over-indented by one space.
> 
>> +
>> +xml = virDomainDefFormat(def, capabilities, 0);
>> +
>> + cleanup:
>> +virObjectUnref(capabilities);
>> +virDomainDefFree(def);
>> +return xml;
>> +}
>> +
>>  static virHypervisorDriver bhyveHypervisorDriver = {
>>  .name = "bhyve",
>>  .connectOpen = bhyveConnectOpen, /* 1.2.2 */
>> @@ -1589,6 +1630,7 @@ static virHypervisorDriver bhyveHypervisorDriver = {
>>  .connectIsAlive = bhyveConnectIsAlive, /* 1.3.5 */
>>  .connectIsSecure = bhyveConnectIsSecure, /* 1.3.5 */
>>  .connectIsEncrypted = bhyveConnectIsEncrypted, /* 1.3.5 */
>> +.connectDomainXMLFromNative = bhyveConnectDomainXMLFromNative, /* 1.3.6 
>> */
>>  };
>>  
>>  
>> diff --git a/src/bhyve/bhyve_parse_command.c 
>> b/src/bhyve/bhyve_parse_command.c
>> new file mode 100644
>> index 000..72367bb
>> --- /dev/null
>> +++ b/src/bhyve/bhyve_parse_command.c
>> @@ -0,0 +1,263 @@
>> +/*
>> + * bhyve_parse_command.c: Bhyve command parser
>> + *
>> + * Copyright (C) 2006-2016 Red Hat, Inc.
>> + * Copyright (C) 2006 Daniel P. Berrange
>> + * Copyright (C) 2016 Fabian Freyer
>> + *
>> + * This library is free software; you can redistribute it and/or
>> + * modify it under the terms

Re: [libvirt] [Qemu-devel] [PATCH 2/3] target-i386: Introduce x86_cpu_load_host_data() function

2016-06-23 Thread Eduardo Habkost 
On Thu, Jun 23, 2016 at 06:56:12PM +0200, Igor Mammedov wrote:
> On Thu, 23 Jun 2016 13:04:53 -0300
> Eduardo Habkost  wrote:
> 
> > On Thu, Jun 23, 2016 at 04:59:28PM +0200, Igor Mammedov wrote:
> > > On Mon, 20 Jun 2016 17:12:43 -0300
> > > Eduardo Habkost  wrote:
> > > 
> > > > The code that loads host-specific information inside
> > > > x86_cpu_realizefn() will be reused by the implementation of
> > > > query-host-cpu, so move it to a separate function.
> > > > 
> > > > Signed-off-by: Eduardo Habkost 
> > > > ---
> > > >  target-i386/cpu.c | 23 ---
> > > >  1 file changed, 16 insertions(+), 7 deletions(-)
> > > > 
> > > > diff --git a/target-i386/cpu.c b/target-i386/cpu.c
> > > > index aadd0b9..3d3635d 100644
> > > > --- a/target-i386/cpu.c
> > > > +++ b/target-i386/cpu.c
> > > > @@ -1491,6 +1491,20 @@ void x86_cpu_change_kvm_default(const char
> > > > *prop, const char *value) static uint32_t
> > > > x86_cpu_get_supported_feature_word(FeatureWord w, bool
> > > > migratable_only); 
> > > > +/* Load host-dependent CPU information, when applicable */
> > > > +static void x86_cpu_load_host_data(X86CPU *cpu)
> > > > +{
> > > > +CPUX86State *env = >env;
> > > > +FeatureWord w;
> > > > +
> > > > +if (cpu->host_features) {
> > > > +for (w = 0; w < FEATURE_WORDS; w++) {
> > > > +env->features[w] =
> > > > +x86_cpu_get_supported_feature_word(w,
> > > > cpu->migratable);
> > > > +}
> > > > +}
> > > > +}
> > > > +
> > > >  #ifdef CONFIG_KVM
> > > >  
> > > >  static int cpu_x86_fill_model_id(char *str)
> > > > @@ -3012,18 +3026,13 @@ static void x86_cpu_realizefn(DeviceState
> > > > *dev, Error **errp) return;
> > > >  }
> > > >  
> > > > +x86_cpu_load_host_data(cpu);
> > > this function should be below TODO comment as it applies to moved
> > > code.
> > 
> > It was on purpose. The comment is actually about the
> > plus_features/minus_features code, that is the hack we want to
> > remove after cpu->host_features is fixed.
> > 
> > Placing the comment before the x86_cpu_load_host_data() call
> > wouldn't make sense, as the host_features code is now hidden
> > inside the function.
> > 
> > > 
> > > with this fixed
> > > Reviewed-by: Igor Mammedov 
> > 
> > Considering the above explanation, do you prefer that I keep the
> > patch as-is, or move the comment inside x86_cpu_load_host_data()?
> I prefer comment inside call as it is related to bug introduced by
> moving
> 
> env->features[w] = x86_cpu_get_supported_feature_word(w, cpu->migratable);
> 
> into x86_cpu_parse_featurestr() for initfn().
> 
> plus_features/minus_features code in realize are side affect of above
> otherwise they could be converted at x86_cpu_parse_featurestr() time.

OK, I will move it inside x86_cpu_load_host_data().

-- 
Eduardo

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 1/2] qemu: Add qemuProcessSetupPid()

2016-06-23 Thread John Ferlan 


On 06/22/2016 12:37 PM, Martin Kletzander wrote:
> Setting up cgroups and other things for all kinds of threads (the
> emulator thread, vCPU threads, I/O threads) was copy-pasted every time
> new thing was added.  Over time each one of those functions changed a
> bit differently.  So create one function that does all that setup and
> start using it.  That will shave some duplicated code and maybe fix some
> bugs as well.
> 
> Signed-off-by: Martin Kletzander 
> ---
>  src/qemu/qemu_process.c | 278 
> +++-
>  1 file changed, 87 insertions(+), 191 deletions(-)
> 

Would have been so much easier one at a time...  The scroll wheel on my
mouse needs a break.

I think this looks so much more logical.  The only other comment I have
is regarding the virCgroupAddTask call ordering...

If I'm reading right, prior to this set of changes the emulator code
would call that right after  virCgroupNewThread and then make the
qemuSetupCgroupCpusetCpus and virCgroupHasController calls while vcpus
and iothreads would call virCgroupAddTask after all cgroup related
calls.  I mention this mainly because I have a feint (or faint)
recollection of there being issues when regarding ordering of calls and
what gets copied when (details I really tried to forget).

Since emulator is the pid and vcpu/iothread are tid's I'm just being
overly cautious that there's a difference in ordering that isn't readily
apparent.

This looks reasonable to me, but hopefully someone else will chime in
regarding the order of virCgroupNewThread, virCgroupAddTask,
qemuSetupCgroupCpusetCpus, virCgroupSetCpusetMems, and
qemuSetupCgroupVcpuBW prior to calling virProcessSetAffinity

Consider it a fragile ACK -

John


--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] Don't allow raneming domains to empty strings

2016-06-23 Thread John Ferlan 


On 06/22/2016 11:48 AM, Martin Kletzander wrote:
> It may cause unwanted behaviour (of course, is there any wanted one for
> that case?) so we should rather disable the possibility of doing so.
> 
> Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1320893
> 
> Signed-off-by: Martin Kletzander 
> ---
>  src/libvirt-domain.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
> index 508520efd6c5..89a2d7efe972 100644
> --- a/src/libvirt-domain.c
> +++ b/src/libvirt-domain.c
> @@ -8790,7 +8790,7 @@ virDomainRename(virDomainPtr dom,
> 
>  virResetLastError();
>  virCheckDomainReturn(dom, -1);
> -virCheckNonNullArgGoto(new_name, error);
> +virCheckNonEmptyStringArgGoto(new_name, error);

Shouldn't both be required?  EG  We don't want NULL or "" for new_name,
right?

The comments should at least indicate @new_name cannot be NULL or empty
string.

Although it seems remoteDomainRename could pass along a NULL that it
doesn't seem virDomainObjListRename would be very happy to STREQ against.

ACK as long as the NonNullArg is replaced...

John
>  virCheckReadOnlyGoto(dom->conn->flags, error);
> 
>  if (dom->conn->driver->domainRename) {
> 

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] Allow custom metadata in network configuration XML

2016-06-23 Thread Vasiliy Tolstov 
2016-06-23 1:05 GMT+03:00 Brnadon Bennett :
> From: Brandon Bennett 
>
> This replicates the metadata field found in the domain configuration
> and adds it to the network configuration XML.


Why not use domain metadata? WHy you create metadata for network and
not want to use domain metadata?

-- 
Vasiliy Tolstov,
e-mail: v.tols...@yoctocloud.net

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 4/4] qemu: Use stricter checks in virQEMUCapsFillDomainDeviceDiskCaps()

2016-06-23 Thread Laine Stump 

On 06/23/2016 04:40 AM, Andrea Bolognani wrote:

Unfortunately, we can't just call qemuDomainMachineIsPSeries()
here, because we don't have a virDomainDef instance; that said,
the open-coded check should match said function as closely as
possible.


Maybe you could make a separate function called something like 
"qemuMachineIsPSeries() that took the arch and machinetype args 
separately, then call that new function from 
qemuDomainMachineIsPSeries() and from the place you've patched below. 
That way there would be a single location for the logic, and no need to 
worry about whether or not it matched in the future.


Either way is fine with me though, since I doubt this will change. ACK.

---
  src/qemu/qemu_capabilities.c | 6 --
  1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 5fcd744..01466fc 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -4139,7 +4139,8 @@ virQEMUCapsFillDomainDeviceDiskCaps(virQEMUCapsPtr 
qemuCaps,
   VIR_DOMAIN_DISK_DEVICE_LUN);
  
  /* PowerPC pseries based VMs do not support floppy device */

-if (!(ARCH_IS_PPC64(qemuCaps->arch) && STRPREFIX(machine, "pseries")))
+if (!ARCH_IS_PPC64(qemuCaps->arch) ||
+(STRNEQ(machine, "pseries") && !STRPREFIX(machine, "pseries-")))
  VIR_DOMAIN_CAPS_ENUM_SET(disk->diskDevice, 
VIR_DOMAIN_DISK_DEVICE_FLOPPY);
  
  VIR_DOMAIN_CAPS_ENUM_SET(disk->bus,

@@ -4149,7 +4150,8 @@ virQEMUCapsFillDomainDeviceDiskCaps(virQEMUCapsPtr 
qemuCaps,
   /* VIR_DOMAIN_DISK_BUS_SD */);
  
  /* PowerPC pseries based VMs do not support floppy device */

-if (!(ARCH_IS_PPC64(qemuCaps->arch) && STRPREFIX(machine, "pseries")))
+if (!ARCH_IS_PPC64(qemuCaps->arch) ||
+(STRNEQ(machine, "pseries") && !STRPREFIX(machine, "pseries-")))
  VIR_DOMAIN_CAPS_ENUM_SET(disk->bus, VIR_DOMAIN_DISK_BUS_FDC);
  
  if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_USB_STORAGE))



--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 3/4] qemu: Introduce qemuDomainMachineIsPSeries()

2016-06-23 Thread Laine Stump 

On 06/23/2016 04:40 AM, Andrea Bolognani wrote:

This new function checks for both the architecture and the
machine type, so we can use it instead of writing the same
checks over and over again.
---
  src/qemu/qemu_command.c| 13 +
  src/qemu/qemu_domain.c | 19 ---
  src/qemu/qemu_domain.h |  1 +
  src/qemu/qemu_domain_address.c |  9 +++--
  src/qemu/qemu_parse_command.c  | 12 
  5 files changed, 29 insertions(+), 25 deletions(-)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 10bcb1c..e2201ff 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c

[...]

@@ -4930,6 +4929,20 @@ qemuDomainMachineIsVirt(const virDomainDef *def)
  }
  
  
+bool

+qemuDomainMachineIsPSeries(const virDomainDef *def)
+{
+if (!ARCH_IS_PPC64(def->os.arch))
+return false;
+
+if (STRNEQ(def->os.machine, "pseries") &&
+!STRPREFIX(def->os.machine, "pseries-"))
+return false;


...and you've also made sure that it will continue to work if the 
pseries machinetype is ever versioned (as all machinetypes should be).


ACK.


--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 2/4] qemu: Add architecture checks to qemuDomainMachineIsVirt()

2016-06-23 Thread Laine Stump 

On 06/23/2016 04:40 AM, Andrea Bolognani wrote:

Remove all external architecture checks that have been
made redundant by this change.
---
  src/qemu/qemu_capabilities.c | 12 +---
  src/qemu/qemu_command.c  |  4 +---
  src/qemu/qemu_domain.c   | 12 +---
  3 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 4ed5b71..5fcd744 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -2174,13 +2174,11 @@ bool virQEMUCapsHasPCIMultiBus(virQEMUCapsPtr qemuCaps,
  return false;
  }
  
-if (ARCH_IS_ARM(def->os.arch)) {

-/* If 'virt' supports PCI, it supports multibus.
- * No extra conditions here for simplicity.
- */


Just to be pedantic - here you're removing a check for ARMV6L or ARMV7L 
or ARMV7B or AARCH64, and replacing it with a simpler check for ARMV7L 
or AARCH64. But I guess the virt machinetype isn't available/possible on 
those other two types?


As long as that's okay, ACK.



-if (qemuDomainMachineIsVirt(def))
-return true;
-}
+/* If 'virt' supports PCI, it supports multibus.
+ * No extra conditions here for simplicity.
+ */
+if (qemuDomainMachineIsVirt(def))
+return true;
  
  return false;

  }
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 030d84b..10bcb1c 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -6831,9 +6831,7 @@ qemuBuildMachineCommandLine(virCommandPtr cmd,
  
  if (def->features[VIR_DOMAIN_FEATURE_GIC] == VIR_TRISTATE_SWITCH_ON) {

  if (def->gic_version != VIR_GIC_VERSION_NONE) {
-if ((def->os.arch != VIR_ARCH_ARMV7L &&
- def->os.arch != VIR_ARCH_AARCH64) ||
-!qemuDomainMachineIsVirt(def)) {
+if (!qemuDomainMachineIsVirt(def)) {
  virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
 _("gic-version option is available "
   "only for ARM virt machine"));
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 1f99baa..3e906b3 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -2040,7 +2040,6 @@ qemuDomainDefEnableDefaultFeatures(virDomainDefPtr def,
   * was not included in the domain XML, we need to choose a suitable
   * GIC version ourselves */
  if (def->features[VIR_DOMAIN_FEATURE_GIC] == VIR_TRISTATE_SWITCH_ABSENT &&
-(def->os.arch == VIR_ARCH_ARMV7L || def->os.arch == VIR_ARCH_AARCH64) 
&&
  qemuDomainMachineIsVirt(def)) {
  
  VIR_DEBUG("Looking for usable GIC version in domain capabilities");

@@ -4919,8 +4918,15 @@ qemuDomainMachineIsS390CCW(const virDomainDef *def)
  bool
  qemuDomainMachineIsVirt(const virDomainDef *def)
  {
-return STREQ(def->os.machine, "virt") ||
-   STRPREFIX(def->os.machine, "virt-");
+if (def->os.arch != VIR_ARCH_ARMV7L &&
+def->os.arch != VIR_ARCH_AARCH64)
+return false;
+
+if (STRNEQ(def->os.machine, "virt") &&
+!STRPREFIX(def->os.machine, "virt-"))
+return false;
+
+return true;
  }
  
  



--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v4 08/14] conf: Introduce chartcp_tls_x509_cert_dir

2016-06-23 Thread John Ferlan 
Add a new TLS X.509 certificate type - "chardev". This will handle the
creation of a TLS certificate capability (and possibly repository) for
properly configured character device TCP backends.

Unlike the vnc and spice there is no "listen" or "passwd" associated. The
credentials will be handled via a libvirt secret provided to a specific
backend.

Make use of the default verify option as well.

Signed-off-by: John Ferlan 
---
 src/qemu/libvirtd_qemu.aug |  5 +++
 src/qemu/qemu.conf | 28 
 src/qemu/qemu_conf.c   |  6 +++
 src/qemu/qemu_conf.h   |  4 ++
 src/qemu/test_libvirtd_qemu.aug.in |  3 ++
 .../qemuxml2argv-serial-tcp-tlsx509-chardev.xml| 41 ++
 .../qemuxml2xmlout-serial-tcp-tlsx509-chardev.xml  | 50 ++
 tests/qemuxml2xmltest.c|  1 +
 8 files changed, 138 insertions(+)
 create mode 100644 
tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.xml
 create mode 100644 
tests/qemuxml2xmloutdata/qemuxml2xmlout-serial-tcp-tlsx509-chardev.xml

diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
index 06d9b98..25b4645 100644
--- a/src/qemu/libvirtd_qemu.aug
+++ b/src/qemu/libvirtd_qemu.aug
@@ -45,6 +45,10 @@ module Libvirtd_qemu =
  | bool_entry "spice_sasl"
  | str_entry "spice_sasl_dir"
 
+   let chardev_entry = bool_entry "chardev_tls"
+ | str_entry "chardev_tls_x509_cert_dir"
+ | bool_entry "chardev_tls_x509_verify"
+
let nogfx_entry = bool_entry "nographics_allow_host_audio"
 
let remote_display_entry = int_entry "remote_display_port_min"
@@ -99,6 +103,7 @@ module Libvirtd_qemu =
let entry = default_tls_entry
  | vnc_entry
  | spice_entry
+ | chardev_entry
  | nogfx_entry
  | remote_display_entry
  | security_entry
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index fb6b843..8634e9f 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -185,6 +185,34 @@
 #
 #spice_sasl_dir = "/some/directory/sasl2"
 
+# Enable use of TLS encryption on the chardev TCP transports.
+#
+# It is necessary to setup CA and issue a server certificate
+# before enabling this.
+#
+#chardev_tls = 1
+
+
+# In order to override the default TLS certificate location for character
+# device TCP certificates, supply a valid path to the certificate directory.
+# If the provided path does not exist then the default_tls_x509_cert_dir
+# path will be used.
+#
+#chardev_tls_x509_cert_dir = "/etc/pki/qemu-chardev"
+
+
+# The default TLS configuration only uses certificates for the server
+# allowing the client to verify the server's identity and establish
+# an encrypted channel.
+#
+# It is possible to use x509 certificates for authentication too, by
+# issuing a x509 certificate to every client who needs to connect.
+#
+# Enabling this option will reject any client who does not have a
+# certificate signed by the CA in /etc/pki/libvirt-chardev/ca-cert.pem
+#
+#chardev_tls_x509_verify = 1
+
 
 # By default, if no graphical front end is configured, libvirt will disable
 # QEMU audio output since directly talking to alsa/pulseaudio may not work
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 3091843..b1c6215 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -272,6 +272,7 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool 
privileged)
 
 SET_TLS_X509_CERT_DEFAULT(vnc);
 SET_TLS_X509_CERT_DEFAULT(spice);
+SET_TLS_X509_CERT_DEFAULT(chardev);
 
 #undef SET_TLS_X509_CERT_DEFAULT
 
@@ -370,6 +371,8 @@ static void virQEMUDriverConfigDispose(void *obj)
 VIR_FREE(cfg->spicePassword);
 VIR_FREE(cfg->spiceSASLdir);
 
+VIR_FREE(cfg->chardevTLSx509certdir);
+
 while (cfg->nhugetlbfs) {
 cfg->nhugetlbfs--;
 VIR_FREE(cfg->hugetlbfs[cfg->nhugetlbfs].mnt_dir);
@@ -547,6 +550,9 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg,
 GET_VALUE_STR("spice_password", cfg->spicePassword);
 GET_VALUE_BOOL("spice_auto_unix_socket", cfg->spiceAutoUnixSocket);
 
+GET_VALUE_STR("chardev_tls_x509_cert_dir", cfg->chardevTLSx509certdir);
+GET_VALUE_BOOL_DFLT("chardev_tls_x509_verify", cfg->chardevTLSx509verify,
+cfg->defaultTLSx509verify);
 
 GET_VALUE_ULONG("remote_websocket_port_min", cfg->webSocketPortMin);
 if (cfg->webSocketPortMin < QEMU_WEBSOCKET_PORT_MIN) {
diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
index 1843693..7138a7b 100644
--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -129,6 +129,10 @@ struct _virQEMUDriverConfig {
 char *spicePassword;
 bool spiceAutoUnixSocket;
 
+bool chardevTLS;
+char *chardevTLSx509certdir;
+bool chardevTLSx509verify;
+
 int remotePortMin;
 int

[libvirt] [PATCH v4 14/14] qemu: Add the ability to hotplug a secret object for TCP chardev TLS

2016-06-23 Thread John Ferlan 
https://bugzilla.redhat.com/show_bug.cgi?id=1300776

Complete the implementation of support for TLS encryption on
chardev TCP transports by adding the hotplug ability of a secret
to generate the passwordid for the TLS object

Likewise, add the ability to hot unplug that secret object as well

Signed-off-by: John Ferlan 
---
 src/qemu/qemu_driver.c  |  2 +-
 src/qemu/qemu_hotplug.c | 43 +--
 src/qemu/qemu_hotplug.h |  3 ++-
 tests/qemuhotplugtest.c |  2 +-
 4 files changed, 45 insertions(+), 5 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index ee717f0..aba5a69 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -7516,7 +7516,7 @@ qemuDomainAttachDeviceLive(virDomainObjPtr vm,
 break;
 
 case VIR_DOMAIN_DEVICE_CHR:
-ret = qemuDomainAttachChrDevice(driver, vm,
+ret = qemuDomainAttachChrDevice(dom->conn, driver, vm,
 dev->data.chr);
 if (!ret) {
 alias = dev->data.chr->info.alias;
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 1a07a32..42b5778 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -1513,7 +1513,8 @@ 
qemuDomainAttachChrDeviceAssignAddr(qemuDomainObjPrivatePtr priv,
 return 0;
 }
 
-int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
+int qemuDomainAttachChrDevice(virConnectPtr conn,
+  virQEMUDriverPtr driver,
   virDomainObjPtr vm,
   virDomainChrDefPtr chr)
 {
@@ -1526,6 +1527,8 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
 char *charAlias = NULL;
 virJSONValuePtr props = NULL;
 char *objAlias = NULL;
+virJSONValuePtr secprops = NULL;
+char *secAlias = NULL;
 bool need_release = false;
 
 if (chr->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CHANNEL &&
@@ -1549,11 +1552,28 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
 if (qemuDomainChrPreInsert(vmdef, chr) < 0)
 goto cleanup;
 
+if (qemuDomainSecretChardevPrepare(conn, priv, chr) < 0)
+goto cleanup;
+
 if (cfg->chardevTLS) {
+/* Add a secret object in order to access the TLS environment
+ * if provided of course */
+if (dev->data.tcp.sectype == VIR_SECRET_USAGE_TYPE_PASSPHRASE) {
+qemuDomainChardevPrivatePtr chardevPriv =
+QEMU_DOMAIN_CHARDEV_PRIVATE(chr);
+qemuDomainSecretInfoPtr secinfo = chardevPriv->secinfo;
+
+if (qemuBuildSecretInfoProps(secinfo, ) < 0)
+goto cleanup;
+
+if (!(secAlias = qemuDomainGetSecretAESAlias(charAlias)))
+goto cleanup;
+}
+
 if (qemuBuildTLSx509BackendProps(cfg->chardevTLSx509certdir,
  dev->data.tcp.listen,
  cfg->chardevTLSx509verify,
- NULL,
+ secAlias,
  priv->qemuCaps,
  ) < 0)
 goto cleanup;
@@ -1565,6 +1585,10 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
 
 qemuDomainObjEnterMonitor(driver, vm);
 
+if (secAlias && qemuMonitorAddObject(priv->mon, "secret",
+ secAlias, secprops) < 0)
+goto failsecobject;
+
 if (objAlias && qemuMonitorAddObject(priv->mon, "tls-creds-x509",
  objAlias, props) < 0)
 goto failobject;
@@ -1589,6 +1613,8 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
 qemuDomainReleaseDeviceAddress(vm, >info, NULL);
 VIR_FREE(objAlias);
 virJSONValueFree(props);
+VIR_FREE(secAlias);
+virJSONValueFree(secprops);
 VIR_FREE(charAlias);
 VIR_FREE(devstr);
 virObjectUnref(cfg);
@@ -1601,6 +1627,9 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
 /* Remove the object */
 ignore_value(qemuMonitorDelObject(priv->mon, objAlias));
  failobject:
+/* Remove the secobject */
+ignore_value(qemuMonitorDelObject(priv->mon, secAlias));
+ failsecobject:
 ignore_value(qemuDomainObjExitMonitor(driver, vm));
 goto audit;
 }
@@ -4115,6 +4144,7 @@ int qemuDomainDetachChrDevice(virQEMUDriverPtr driver,
 qemuDomainObjPrivatePtr priv = vm->privateData;
 virDomainDefPtr vmdef = vm->def;
 virDomainChrDefPtr tmpChr;
+virDomainChrSourceDefPtr dev = >source;
 char *objAlias = NULL;
 char *devstr = NULL;
 
@@ -4139,6 +4169,15 @@ int qemuDomainDetachChrDevice(virQEMUDriverPtr driver,
 qemuDomainMarkDeviceForRemoval(vm, >info);
 
 qemuDomainObjEnterMonitor(driver, vm);
+if (dev->data.tcp.sectype == VIR_SECRET_USAGE_TYPE_PASSPHRASE) {
+qemuDomainChardevPrivatePtr chardevPriv =
+

[libvirt] [PATCH v4 03/14] conf: Add new secret type "passphrase"

2016-06-23 Thread John Ferlan 
Add a new secret type known as "passphrase" - it will handle adding the
secret objects that need a passphrase without a specific username.

The format is:

   
 ...
 ...
 
   mumblyfratz
 
   

Signed-off-by: John Ferlan 
---
 docs/aclpolkit.html.in |  4 +++
 docs/formatsecret.html.in  | 57 --
 docs/schemas/secret.rng| 10 ++
 include/libvirt/libvirt-secret.h   |  3 +-
 src/access/viraccessdriverpolkit.c | 13 +++
 src/conf/secret_conf.c | 26 +-
 src/conf/secret_conf.h |  1 +
 src/conf/virsecretobj.c|  5 +++
 tests/secretxml2xmlin/usage-passphrase.xml |  7 
 tests/secretxml2xmltest.c  |  1 +
 10 files changed, 123 insertions(+), 4 deletions(-)
 create mode 100644 tests/secretxml2xmlin/usage-passphrase.xml

diff --git a/docs/aclpolkit.html.in b/docs/aclpolkit.html.in
index dae0814..1d31b6d 100644
--- a/docs/aclpolkit.html.in
+++ b/docs/aclpolkit.html.in
@@ -224,6 +224,10 @@
   secret_usage_target
   Name of the associated iSCSI target, if any
 
+
+  secret_usage_id
+  Name of be associated passphrase secret, if any
+
   
 
 
diff --git a/docs/formatsecret.html.in b/docs/formatsecret.html.in
index 599cb38..79c4082 100644
--- a/docs/formatsecret.html.in
+++ b/docs/formatsecret.html.in
@@ -41,8 +41,9 @@
   
 Specifies what this secret is used for.  A mandatory
 type attribute specifies the usage category, currently
-only volume, ceph and iscsi
-are defined. Specific usage categories are described below.
+only volume, ceph, iscsi,
+and passphrase are defined. Specific usage categories
+are described below.
   
 
 
@@ -241,5 +242,57 @@
 secret usage='libvirtiscsi'/
   /auth
 
+
+Usage type "passphrase"
+
+
+  This secret is a general purpose secret to be used by various libvirt
+  objects to provide a single passphrase as required by the object in
+  order to perform its authentication.
+  Since 2.0.0. The following is an example
+  of a secret.xml file:
+
+
+
+  # cat secret.xml
+  secret ephemeral='no' private='yes'
+ descriptionsample passphrase secret/description
+ usage type='passphrase'
+idid_example/id
+ /usage
+  /secret
+
+  # virsh secret-define secret.xml
+  Secret 718c71bd-67b5-4a2b-87ec-a24e8ca200dc created
+
+  # virsh secret-list
+  UUID Usage
+  ---
+   718c71bd-67b5-4a2b-87ec-a24e8ca200dc  passphrase  id_example
+  #
+
+
+
+
+  A secret may also be defined via the
+  
+   virSecretDefineXML API.
+
+  Once the secret is defined, a secret value will need to be set. This
+  value would be the same used to create and use the volume.
+  The following is a simple example of using
+  virsh secret-set-value to set the secret value. The
+  
+  virSecretSetValue API may also be used to set
+  a more secure secret without using printable/readable characters.
+
+
+
+  # MYSECRET=`printf %s "letmein" | base64`
+  # virsh secret-set-value 718c71bd-67b5-4a2b-87ec-a24e8ca200dc $MYSECRET
+  Secret value set
+
+
+
   
 
diff --git a/docs/schemas/secret.rng b/docs/schemas/secret.rng
index e21e700..fc188ba 100644
--- a/docs/schemas/secret.rng
+++ b/docs/schemas/secret.rng
@@ -36,6 +36,7 @@
   
   
   
+  
   
 
   
@@ -71,4 +72,13 @@
 
   
 
+  
+
+  passphrase
+
+
+  
+
+  
+
 
diff --git a/include/libvirt/libvirt-secret.h b/include/libvirt/libvirt-secret.h
index 3e5cdf6..55b11e0 100644
--- a/include/libvirt/libvirt-secret.h
+++ b/include/libvirt/libvirt-secret.h
@@ -4,7 +4,7 @@
  * Description: Provides APIs for the management of secrets
  * Author: Daniel Veillard 
  *
- * Copyright (C) 2006-2014 Red Hat, Inc.
+ * Copyright (C) 2006-2014, 2016 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -43,6 +43,7 @@ typedef enum {
 VIR_SECRET_USAGE_TYPE_VOLUME = 1,
 VIR_SECRET_USAGE_TYPE_CEPH = 2,
 VIR_SECRET_USAGE_TYPE_ISCSI = 3,
+VIR_SECRET_USAGE_TYPE_PASSPHRASE = 4,
 
 # ifdef VIR_ENUM_SENTINELS
 VIR_SECRET_USAGE_TYPE_LAST
diff --git a/src/access/viraccessdriverpolkit.c 
b/src/access/viraccessdriverpolkit.c
index 89bc890..1f955f0 100644
--- a/src/access/viraccessdriverpolkit.c
+++ b/src/access/viraccessdriverpolkit.c
@@ -338,6 +338,19 @@ virAccessDriverPolkitCheckSecret(virAccessManagerPtr 
manager,

[libvirt] [PATCH v4 12/14] qemu: Introduce qemuDomainChardevPrivatePtr

2016-06-23 Thread John Ferlan 
Modeled after the qemuDomainHostdevPrivatePtr (commit id '27726d8c'),
create a privateData pointer in the _virDomainChardevDef to allow storage
of private data for a hypervisor in order to at least temporarily store
secret data for usage during qemuBuildCommandLine.

NB: Since the qemu_parse_command (qemuParseCommandLine) code is not
expecting to restore the secret data, there's no need to add code
code to handle this new structure there.

Signed-off-by: John Ferlan 
---
 src/conf/domain_conf.c| 27 ++
 src/conf/domain_conf.h|  4 +++-
 src/libxl/libxl_domain.c  |  2 +-
 src/lxc/lxc_native.c  |  2 +-
 src/qemu/qemu_domain.c| 44 +++
 src/qemu/qemu_domain.h| 14 ++
 src/qemu/qemu_parse_command.c |  4 ++--
 src/vz/vz_sdk.c   |  2 +-
 src/xenconfig/xen_sxpr.c  |  2 +-
 9 files changed, 86 insertions(+), 15 deletions(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index f614ff9..18dfc1c 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -10208,7 +10208,7 @@ virDomainChrSourceDefParseXML(virDomainChrSourceDefPtr 
def,
  * default port.
  */
 virDomainChrDefPtr
-virDomainChrDefNew(void)
+virDomainChrDefNew(virDomainXMLOptionPtr xmlopt)
 {
 virDomainChrDefPtr def = NULL;
 
@@ -10216,6 +10216,11 @@ virDomainChrDefNew(void)
 return NULL;
 
 def->target.port = -1;
+
+if (xmlopt && xmlopt->privateData.chardevNew &&
+!(def->privateData = xmlopt->privateData.chardevNew()))
+VIR_FREE(def);
+
 return def;
 }
 
@@ -10263,7 +10268,8 @@ virDomainChrDefNew(void)
  *
  */
 static virDomainChrDefPtr
-virDomainChrDefParseXML(xmlXPathContextPtr ctxt,
+virDomainChrDefParseXML(virDomainXMLOptionPtr xmlopt,
+xmlXPathContextPtr ctxt,
 xmlNodePtr node,
 virSecurityLabelDefPtr* vmSeclabels,
 int nvmSeclabels,
@@ -10275,7 +10281,7 @@ virDomainChrDefParseXML(xmlXPathContextPtr ctxt,
 virDomainChrDefPtr def;
 bool seenTarget = false;
 
-if (!(def = virDomainChrDefNew()))
+if (!(def = virDomainChrDefNew(xmlopt)))
 return NULL;
 
 type = virXMLPropString(node, "type");
@@ -13424,7 +13430,8 @@ virDomainDeviceDefParse(const char *xmlStr,
 goto error;
 break;
 case VIR_DOMAIN_DEVICE_CHR:
-if (!(dev->data.chr = virDomainChrDefParseXML(ctxt,
+if (!(dev->data.chr = virDomainChrDefParseXML(xmlopt,
+  ctxt,
   node,
   def->seclabels,
   def->nseclabels,
@@ -16859,7 +16866,8 @@ virDomainDefParseXML(xmlDocPtr xml,
 goto error;
 
 for (i = 0; i < n; i++) {
-virDomainChrDefPtr chr = virDomainChrDefParseXML(ctxt,
+virDomainChrDefPtr chr = virDomainChrDefParseXML(xmlopt,
+ ctxt,
  nodes[i],
  def->seclabels,
  def->nseclabels,
@@ -16886,7 +16894,8 @@ virDomainDefParseXML(xmlDocPtr xml,
 goto error;
 
 for (i = 0; i < n; i++) {
-virDomainChrDefPtr chr = virDomainChrDefParseXML(ctxt,
+virDomainChrDefPtr chr = virDomainChrDefParseXML(xmlopt,
+ ctxt,
  nodes[i],
  def->seclabels,
  def->nseclabels,
@@ -16915,7 +16924,8 @@ virDomainDefParseXML(xmlDocPtr xml,
 goto error;
 
 for (i = 0; i < n; i++) {
-virDomainChrDefPtr chr = virDomainChrDefParseXML(ctxt,
+virDomainChrDefPtr chr = virDomainChrDefParseXML(xmlopt,
+ ctxt,
  nodes[i],
  def->seclabels,
  def->nseclabels,
@@ -16934,7 +16944,8 @@ virDomainDefParseXML(xmlDocPtr xml,
 goto error;
 
 for (i = 0; i < n; i++) {
-virDomainChrDefPtr chr = virDomainChrDefParseXML(ctxt,
+virDomainChrDefPtr chr = virDomainChrDefParseXML(xmlopt,
+ ctxt,
  nodes[i],
  def->seclabels,
  def->nseclabels,
diff --git a/src/conf/domain_conf.h

[libvirt] [PATCH v4 01/14] qemu: Change protocol parameter for secret setup

2016-06-23 Thread John Ferlan 
Rather than assume/pass the protocol to the qemuDomainSecretPlainSetup
and qemuDomainSecretAESSetup, set and pass the secretUsageType based
on the src->protocol type. This will eventually be used by the
virSecretGetSecretString call

Signed-off-by: John Ferlan 
---
 src/qemu/qemu_domain.c | 62 --
 1 file changed, 20 insertions(+), 42 deletions(-)

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 4a5378f..ca49db1 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -814,7 +814,7 @@ qemuDomainHostdevPrivateDispose(void *obj)
 /* qemuDomainSecretPlainSetup:
  * @conn: Pointer to connection
  * @secinfo: Pointer to secret info
- * @protocol: Protocol for secret
+ * @secretUsageType: The virSecretUsageType
  * @authdef: Pointer to auth data
  *
  * Taking a secinfo, fill in the plaintext information
@@ -824,19 +824,15 @@ qemuDomainHostdevPrivateDispose(void *obj)
 static int
 qemuDomainSecretPlainSetup(virConnectPtr conn,
qemuDomainSecretInfoPtr secinfo,
-   virStorageNetProtocol protocol,
+   virSecretUsageType secretUsageType,
virStorageAuthDefPtr authdef)
 {
-int secretType = VIR_SECRET_USAGE_TYPE_ISCSI;
-
 secinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_PLAIN;
 if (VIR_STRDUP(secinfo->s.plain.username, authdef->username) < 0)
 return -1;
 
-if (protocol == VIR_STORAGE_NET_PROTOCOL_RBD)
-secretType = VIR_SECRET_USAGE_TYPE_CEPH;
-
-return virSecretGetSecretString(conn, >seclookupdef, secretType,
+return virSecretGetSecretString(conn, >seclookupdef,
+secretUsageType,
 >s.plain.secret,
 >s.plain.secretlen);
 }
@@ -847,7 +843,7 @@ qemuDomainSecretPlainSetup(virConnectPtr conn,
  * @priv: pointer to domain private object
  * @secinfo: Pointer to secret info
  * @srcalias: Alias of the disk/hostdev used to generate the secret alias
- * @protocol: Protocol for secret
+ * @secretUsageType: The virSecretUsageType
  * @authdef: Pointer to auth data
  *
  * Taking a secinfo, fill in the AES specific information using the
@@ -859,7 +855,7 @@ qemuDomainSecretAESSetup(virConnectPtr conn,
  qemuDomainObjPrivatePtr priv,
  qemuDomainSecretInfoPtr secinfo,
  const char *srcalias,
- virStorageNetProtocol protocol,
+ virSecretUsageType secretUsageType,
  virStorageAuthDefPtr authdef)
 {
 int ret = -1;
@@ -869,34 +865,11 @@ qemuDomainSecretAESSetup(virConnectPtr conn,
 size_t secretlen = 0;
 uint8_t *ciphertext = NULL;
 size_t ciphertextlen = 0;
-int secretType = VIR_SECRET_USAGE_TYPE_NONE;
 
 secinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_AES;
 if (VIR_STRDUP(secinfo->s.aes.username, authdef->username) < 0)
 return -1;
 
-switch ((virStorageNetProtocol)protocol) {
-case VIR_STORAGE_NET_PROTOCOL_RBD:
-secretType = VIR_SECRET_USAGE_TYPE_CEPH;
-break;
-
-case VIR_STORAGE_NET_PROTOCOL_NONE:
-case VIR_STORAGE_NET_PROTOCOL_NBD:
-case VIR_STORAGE_NET_PROTOCOL_SHEEPDOG:
-case VIR_STORAGE_NET_PROTOCOL_GLUSTER:
-case VIR_STORAGE_NET_PROTOCOL_ISCSI:
-case VIR_STORAGE_NET_PROTOCOL_HTTP:
-case VIR_STORAGE_NET_PROTOCOL_HTTPS:
-case VIR_STORAGE_NET_PROTOCOL_FTP:
-case VIR_STORAGE_NET_PROTOCOL_FTPS:
-case VIR_STORAGE_NET_PROTOCOL_TFTP:
-case VIR_STORAGE_NET_PROTOCOL_LAST:
-virReportError(VIR_ERR_INTERNAL_ERROR,
-   _("protocol '%s' cannot be used for encrypted secrets"),
-   virStorageNetProtocolTypeToString(protocol));
-return -1;
-}
-
 if (!(secinfo->s.aes.alias = qemuDomainGetSecretAESAlias(srcalias)))
 return -1;
 
@@ -909,7 +882,7 @@ qemuDomainSecretAESSetup(virConnectPtr conn,
 goto cleanup;
 
 /* Grab the unencoded secret */
-if (virSecretGetSecretString(conn, >seclookupdef, secretType,
+if (virSecretGetSecretString(conn, >seclookupdef, secretUsageType,
  , ) < 0)
 goto cleanup;
 
@@ -943,7 +916,7 @@ qemuDomainSecretAESSetup(virConnectPtr conn,
  * @priv: pointer to domain private object
  * @secinfo: Pointer to secret info
  * @srcalias: Alias of the disk/hostdev used to generate the secret alias
- * @protocol: Protocol for secret
+ * @secretUsageType: The virSecretUsageType
  * @authdef: Pointer to auth data
  *
  * If we have the encryption API present and can support a secret object, then
@@ -958,17 +931,18 @@ qemuDomainSecretSetup(virConnectPtr conn,
   qemuDomainObjPrivatePtr priv,
   qemuDomainSecretInfoPtr secinfo,
   const char *srcalias,
-

[libvirt] [PATCH v4 06/14] qemu: Add secinfo for hotplug virtio disk

2016-06-23 Thread John Ferlan 
Commit id 'a1344f70a' added AES secret processing for RBD when starting
up a guest. As such, when the hotplug code calls qemuDomainSecretDiskPrepare
an AES secret could be added to the disk about to be hotplugged. If an AES
secret was added, then the hotplug code would need to generate the secret
object because qemuBuildDriveStr would add the "password-secret=" to the
returned 'driveStr' rather than the base64 encoded password.

Signed-off-by: John Ferlan 
---
 src/qemu/qemu_hotplug.c | 44 ++--
 1 file changed, 38 insertions(+), 6 deletions(-)

diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index f695903..e4cbbf0 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -310,6 +310,9 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn,
 bool releaseaddr = false;
 virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
 const char *src = virDomainDiskGetSource(disk);
+virJSONValuePtr secobjProps = NULL;
+qemuDomainDiskPrivatePtr diskPriv;
+qemuDomainSecretInfoPtr secinfo;
 
 if (!disk->info.type) {
 if (qemuDomainMachineIsS390CCW(vm->def) &&
@@ -342,6 +345,13 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn,
 if (qemuDomainSecretDiskPrepare(conn, priv, disk) < 0)
 goto error;
 
+diskPriv = QEMU_DOMAIN_DISK_PRIVATE(disk);
+secinfo = diskPriv->secinfo;
+if (secinfo && secinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES) {
+if (qemuBuildSecretInfoProps(secinfo, ) < 0)
+goto error;
+}
+
 if (!(drivestr = qemuBuildDriveStr(disk, false, priv->qemuCaps)))
 goto error;
 
@@ -354,9 +364,15 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn,
 if (VIR_REALLOC_N(vm->def->disks, vm->def->ndisks+1) < 0)
 goto error;
 
-/* Attach the device - 2 step process */
+/* Attach the device - possible 3 step process */
 qemuDomainObjEnterMonitor(driver, vm);
 
+if (secobjProps && qemuMonitorAddObject(priv->mon, "secret",
+ secinfo->s.aes.alias,
+ secobjProps) < 0)
+goto failaddobjsecret;
+secobjProps = NULL;
+
 if (qemuMonitorAddDrive(priv->mon, drivestr) < 0)
 goto failadddrive;
 
@@ -374,6 +390,7 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn,
 ret = 0;
 
  cleanup:
+virJSONValueFree(secobjProps);
 qemuDomainSecretDiskDestroy(disk);
 VIR_FREE(devstr);
 VIR_FREE(drivestr);
@@ -393,8 +410,13 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn,
 }
 
  failadddrive:
+if (secobjProps)
+ignore_value(qemuMonitorDelObject(priv->mon, secinfo->s.aes.alias));
+
+ failaddobjsecret:
 if (qemuDomainObjExitMonitor(driver, vm) < 0)
 releaseaddr = false;
+secobjProps = NULL; /* qemuMonitorAddObject consumes props on failure too 
*/
 
  failexitmonitor:
 virDomainAuditDisk(vm, NULL, disk->src, "attach", false);
@@ -3389,6 +3411,8 @@ qemuDomainDetachVirtioDiskDevice(virQEMUDriverPtr driver,
 {
 int ret = -1;
 qemuDomainObjPrivatePtr priv = vm->privateData;
+qemuDomainDiskPrivatePtr diskPriv = QEMU_DOMAIN_DISK_PRIVATE(detach);
+qemuDomainSecretInfoPtr secinfo = diskPriv->secinfo;
 
 if (qemuIsMultiFunctionDevice(vm->def, >info)) {
 virReportError(VIR_ERR_OPERATION_FAILED,
@@ -3422,12 +3446,14 @@ qemuDomainDetachVirtioDiskDevice(virQEMUDriverPtr 
driver,
 qemuDomainMarkDeviceForRemoval(vm, >info);
 
 qemuDomainObjEnterMonitor(driver, vm);
-if (qemuMonitorDelDevice(priv->mon, detach->info.alias) < 0) {
-if (qemuDomainObjExitMonitor(driver, vm) < 0)
-goto cleanup;
-virDomainAuditDisk(vm, detach->src, NULL, "detach", false);
-goto cleanup;
+if (secinfo && secinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES) {
+if (qemuMonitorDelObject(priv->mon, secinfo->s.aes.alias) < 0)
+goto faildel;
 }
+
+if (qemuMonitorDelDevice(priv->mon, detach->info.alias) < 0)
+goto faildel;
+
 if (qemuDomainObjExitMonitor(driver, vm) < 0)
 goto cleanup;
 
@@ -3437,6 +3463,12 @@ qemuDomainDetachVirtioDiskDevice(virQEMUDriverPtr driver,
  cleanup:
 qemuDomainResetDeviceRemoval(vm);
 return ret;
+
+ faildel:
+if (qemuDomainObjExitMonitor(driver, vm) < 0)
+goto cleanup;
+virDomainAuditDisk(vm, detach->src, NULL, "detach", false);
+goto cleanup;
 }
 
 static int
-- 
2.5.5

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v4 11/14] conf: Add new secret element for tcp chardev

2016-06-23 Thread John Ferlan 
Define, parse, and format a key secret element for a chardev tcp backend.
This secret will be used in conjunction with the chartcp_tls_x509_cert_dir
in order to provide the secret to the TLS encrypted TCP chardev.



Signed-off-by: John Ferlan 
---
 docs/formatdomain.html.in  | 29 
 docs/schemas/domaincommon.rng  | 21 +
 src/conf/domain_conf.c | 35 +++
 src/conf/domain_conf.h |  3 ++
 ...uxml2argv-serial-tcp-tlsx509-secret-chardev.xml | 42 ++
 ...ml2xmlout-serial-tcp-tlsx509-secret-chardev.xml | 51 ++
 tests/qemuxml2xmltest.c|  1 +
 7 files changed, 182 insertions(+)
 create mode 100644 
tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.xml
 create mode 100644 
tests/qemuxml2xmloutdata/qemuxml2xmlout-serial-tcp-tlsx509-secret-chardev.xml

diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index f660aa6..5803c40 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -6031,6 +6031,35 @@ qemu-kvm -net nic,model=? /dev/null
   /devices
   ...
 
+
+  Since 2.0.0, some hypervisors support using
+  a TLS X.509 certificate environment in order to encrypt the TCP. In
+  order to provide the passphrase for the certificates, provide a
+  secret element. The secret element takes
+  two required attributes type and either UUID
+  or usage.  The supported type is a "passphrase"
+  secret referenced via either attribute uuid or
+  usage.
+
+
+  ...
+  devices
+serial type="tcp"
+  source mode="connect" host="0.0.0.0" service="2445"/
+  protocol type="raw"/
+  secret type='passphrase' usage='keyexample'/
+  target port="1"/
+/serial
+...
+serial type="tcp"
+  source mode="bind" host="127.0.0.1" service="2445"/
+  protocol type="raw"/
+  target port="1"/
+  secret type='passphrase' usage='keyexample'/
+/serial
+  /devices
+  ...
+
 UDP network console
 
 
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 162c2e0..eb08f3d 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -3221,6 +3221,9 @@
 
   
   
+
+  
+  
 
   
   
@@ -3272,6 +3275,24 @@
 
   
 
+  
+
+  
+
+  passphrase
+
+  
+  
+
+  
+
+
+  
+
+  
+
+  
+
   
 
   dev
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 9443281..f614ff9 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -1843,6 +1843,7 @@ virDomainChrSourceDefClear(virDomainChrSourceDefPtr def)
 case VIR_DOMAIN_CHR_TYPE_TCP:
 VIR_FREE(def->data.tcp.host);
 VIR_FREE(def->data.tcp.service);
+virSecretLookupDefClear(>data.tcp.seclookupdef);
 break;
 
 case VIR_DOMAIN_CHR_TYPE_UNIX:
@@ -1899,6 +1900,10 @@ virDomainChrSourceDefCopy(virDomainChrSourceDefPtr dest,
 
 if (VIR_STRDUP(dest->data.tcp.service, src->data.tcp.service) < 0)
 return -1;
+
+if (virSecretLookupDefCopy(>data.tcp.seclookupdef,
+   >data.tcp.seclookupdef) < 0)
+return -1;
 break;
 
 case VIR_DOMAIN_CHR_TYPE_UNIX:
@@ -9900,6 +9905,8 @@ virDomainChrSourceDefParseXML(virDomainChrSourceDefPtr 
def,
 char *master = NULL;
 char *slave = NULL;
 char *append = NULL;
+xmlNodePtr secret = NULL;
+char *sectypestr = NULL;
 int remaining = 0;
 
 while (cur != NULL) {
@@ -9989,6 +9996,8 @@ virDomainChrSourceDefParseXML(virDomainChrSourceDefPtr 
def,
 } else if (xmlStrEqual(cur->name, BAD_CAST "protocol")) {
 if (!protocol)
 protocol = virXMLPropString(cur, "type");
+} else if (xmlStrEqual(cur->name, BAD_CAST "secret")) {
+secret = cur;
 } else {
 remaining++;
 }
@@ -10092,6 +10101,25 @@ virDomainChrSourceDefParseXML(virDomainChrSourceDefPtr 
def,
 goto error;
 }
 
+if (secret) {
+
+if (!(sectypestr = virXMLPropString(secret, "type"))) {
+virReportError(VIR_ERR_XML_ERROR, "%s",
+   _("missing TCP chardev secret type"));
+goto error;
+}
+if ((def->data.tcp.sectype =
+ virSecretUsageTypeFromString(sectypestr)) !=
+VIR_SECRET_USAGE_TYPE_PASSPHRASE) {
+virReportError(VIR_ERR_XML_ERROR,
+   _("invalid TCP chardev secret type '%s'"),
+   sectypestr);
+goto error;
+}
+if (virSecretLookupParseSecret(secret,
+

[libvirt] [PATCH v4 00/14] Add native TLS encrypted chardev TCP support

2016-06-23 Thread John Ferlan 
v3: http://www.redhat.com/archives/libvir-list/2016-June/msg01094.html

Yes, I know another long series, but there are some duplicates with the
LUKS series:

http://www.redhat.com/archives/libvir-list/2016-June/msg01691.html

In particular:

Patches 1-3 match the LUKS patches 1-3
Patches 4-6 match the LUKS patches 12-14

They are needed for "parts" for this series. 

Changes since v3: 
Patches 7-10 are patches 1-4 of the v3 series with perhaps a few adjustments
these were reviewed and had partial ACK's see the v3 series cover for details

Patches 11->14 are NEW.  

Patch 11 needs the "passphrase" secret from LUKS in order to allow the
addition of a  for a  to provide the passphrase
for the TLS environment.

Patch 12 provides the means (like Disk and Hostdev) to store the secinfo
required to generate an AES secret

Patch 13 adds the secret for the command line startup

Patch 14 could be combined w/ 13, but I just kept it a separate way to
add the secret for the hotplug (and unplug)

John Ferlan (14):
  qemu: Change protocol parameter for secret setup
  qemu: Remove authdef from secret setup
  conf: Add new secret type "passphrase"
  qemu: Remove type from qemuBuildSecretInfoProps
  qemu: Make qemuBuildSecretInfoProps global
  qemu: Add secinfo for hotplug virtio disk
  conf: Add new default TLS X.509 certificate default directory
  conf: Introduce chartcp_tls_x509_cert_dir
  qemu: Add support for TLS X.509 path to TCP chardev backend
  qemu: Add the ability to hotplug the TLS X.509 environment
  conf: Add new secret element for tcp chardev
  qemu: Introduce qemuDomainChardevPrivatePtr
  qemu: Add a secret object to/for a chardev tcp with secret
  qemu: Add the ability to hotplug a secret object for TCP chardev TLS

 docs/aclpolkit.html.in |   4 +
 docs/formatdomain.html.in  |  29 +++
 docs/formatsecret.html.in  |  57 +-
 docs/schemas/domaincommon.rng  |  21 +++
 docs/schemas/secret.rng|  10 +
 include/libvirt/libvirt-secret.h   |   3 +-
 src/access/viraccessdriverpolkit.c |  13 ++
 src/conf/domain_conf.c |  62 ++-
 src/conf/domain_conf.h |   8 +-
 src/conf/secret_conf.c |  26 ++-
 src/conf/secret_conf.h |   1 +
 src/conf/virsecretobj.c|   5 +
 src/libxl/libxl_domain.c   |   2 +-
 src/lxc/lxc_native.c   |   2 +-
 src/qemu/libvirtd_qemu.aug |  11 +-
 src/qemu/qemu.conf |  83 +++--
 src/qemu/qemu_command.c| 148 ++-
 src/qemu/qemu_command.h|  13 ++
 src/qemu/qemu_conf.c   |  59 +-
 src/qemu/qemu_conf.h   |   7 +
 src/qemu/qemu_domain.c | 202 +++--
 src/qemu/qemu_domain.h |  22 +++
 src/qemu/qemu_driver.c |   2 +-
 src/qemu/qemu_hotplug.c| 141 --
 src/qemu/qemu_hotplug.h|   3 +-
 src/qemu/qemu_monitor_json.c   |   9 +
 src/qemu/qemu_parse_command.c  |   4 +-
 src/qemu/qemu_process.c|   2 +-
 src/qemu/test_libvirtd_qemu.aug.in |   5 +
 src/vz/vz_sdk.c|   2 +-
 src/xenconfig/xen_sxpr.c   |   2 +-
 tests/qemuhotplugtest.c|   2 +-
 .../qemuxml2argv-serial-tcp-tlsx509-chardev.args   |  33 
 .../qemuxml2argv-serial-tcp-tlsx509-chardev.xml|  41 +
 ...xml2argv-serial-tcp-tlsx509-secret-chardev.args |  38 
 ...uxml2argv-serial-tcp-tlsx509-secret-chardev.xml |  42 +
 tests/qemuxml2argvtest.c   |  14 ++
 .../qemuxml2xmlout-serial-tcp-tlsx509-chardev.xml  |  50 +
 ...ml2xmlout-serial-tcp-tlsx509-secret-chardev.xml |  51 ++
 tests/qemuxml2xmltest.c|   2 +
 tests/secretxml2xmlin/usage-passphrase.xml |   7 +
 tests/secretxml2xmltest.c  |   1 +
 42 files changed, 1116 insertions(+), 123 deletions(-)
 create mode 100644 
tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args
 create mode 100644 
tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.xml
 create mode 100644 
tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args
 create mode 100644 
tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.xml
 create mode 100644 
tests/qemuxml2xmloutdata/qemuxml2xmlout-serial-tcp-tlsx509-chardev.xml
 create mode 100644 
tests/qemuxml2xmloutdata/qemuxml2xmlout-serial-tcp-tlsx509-secret-chardev.xml

[libvirt] [PATCH v4 10/14] qemu: Add the ability to hotplug the TLS X.509 environment

2016-06-23 Thread John Ferlan 
If the incoming XML defined a path to a TLS X.509 certificate environment,
add the necessary 'tls-creds-x509' object to the VIR_DOMAIN_CHR_TYPE_TCP
character device.

Likewise, if the environment exists the hot unplug needs adjustment as
well.  Note that all the return ret were changed to goto cleanup since
the cfg needs to be unref'd

Signed-off-by: John Ferlan 
---
 src/conf/domain_conf.h   |  1 +
 src/qemu/qemu_command.c  |  2 +-
 src/qemu/qemu_command.h  |  8 +++
 src/qemu/qemu_hotplug.c  | 57 +---
 src/qemu/qemu_monitor_json.c |  9 +++
 5 files changed, 68 insertions(+), 9 deletions(-)

diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 6e81e52..a06281c 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1097,6 +1097,7 @@ struct _virDomainChrSourceDef {
 char *service;
 bool listen;
 int protocol;
+bool tlscreds;
 } tcp;
 struct {
 char *bindHost;
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 12f357a..8b0bd90 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -707,7 +707,7 @@ qemuBuildRBDSecinfoURI(virBufferPtr buf,
  *
  * Returns 0 on success, -1 on failure with error set.
  */
-static int
+int
 qemuBuildTLSx509BackendProps(const char *tlspath,
  bool listen,
  bool verifypeer,
diff --git a/src/qemu/qemu_command.h b/src/qemu/qemu_command.h
index c4d0567..c22a251 100644
--- a/src/qemu/qemu_command.h
+++ b/src/qemu/qemu_command.h
@@ -61,10 +61,18 @@ virCommandPtr qemuBuildCommandLine(virQEMUDriverPtr driver,
const char *domainLibDir)
 ATTRIBUTE_NONNULL(15);
 
+
 /* Generate the object properties for a secret */
 int qemuBuildSecretInfoProps(qemuDomainSecretInfoPtr secinfo,
  virJSONValuePtr *propsret);
 
+/* Generate the object properties for a tls-creds-x509 */
+int qemuBuildTLSx509BackendProps(const char *tlspath,
+ bool listen,
+ bool verifypeer,
+ virQEMUCapsPtr qemuCaps,
+ virJSONValuePtr *propsret);
+
 /* Generate '-device' string for chardev device */
 int
 qemuBuildChrDeviceStr(char **deviceStr,
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index e4cbbf0..8251444 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -1518,10 +1518,14 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
   virDomainChrDefPtr chr)
 {
 int ret = -1, rc;
+virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
 qemuDomainObjPrivatePtr priv = vm->privateData;
 virDomainDefPtr vmdef = vm->def;
 char *devstr = NULL;
+virDomainChrSourceDefPtr dev = >source;
 char *charAlias = NULL;
+virJSONValuePtr props = NULL;
+char *objAlias = NULL;
 bool need_release = false;
 
 if (chr->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CHANNEL &&
@@ -1545,8 +1549,26 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
 if (qemuDomainChrPreInsert(vmdef, chr) < 0)
 goto cleanup;
 
+if (cfg->chardevTLS) {
+if (qemuBuildTLSx509BackendProps(cfg->chardevTLSx509certdir,
+ dev->data.tcp.listen,
+ cfg->chardevTLSx509verify,
+ priv->qemuCaps,
+ ) < 0)
+goto cleanup;
+
+if (virAsprintf(, "obj%s_tls0", chr->info.alias) < 0)
+goto cleanup;
+dev->data.tcp.tlscreds = true;
+}
+
 qemuDomainObjEnterMonitor(driver, vm);
-if (qemuMonitorAttachCharDev(priv->mon, charAlias, >source) < 0)
+
+if (objAlias && qemuMonitorAddObject(priv->mon, "tls-creds-x509",
+ objAlias, props) < 0)
+goto failobject;
+
+if (qemuMonitorAttachCharDev(priv->mon, charAlias, dev) < 0)
 goto failchardev;
 
 if (qemuMonitorAddDevice(priv->mon, devstr) < 0)
@@ -1564,14 +1586,20 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
 qemuDomainChrInsertPreAllocCleanup(vmdef, chr);
 if (ret < 0 && need_release)
 qemuDomainReleaseDeviceAddress(vm, >info, NULL);
+VIR_FREE(objAlias);
+virJSONValueFree(props);
 VIR_FREE(charAlias);
 VIR_FREE(devstr);
+virObjectUnref(cfg);
 return ret;
 
  failadddev:
 /* detach associated chardev on error */
 qemuMonitorDetachCharDev(priv->mon, charAlias);
  failchardev:
+/* Remove the object */
+ignore_value(qemuMonitorDelObject(priv->mon, objAlias));
+ failobject:
 ignore_value(qemuDomainObjExitMonitor(driver, vm));
 goto audit;
 }
@@ -4082,32 +4110,40 @@ int

[libvirt] [PATCH v4 04/14] qemu: Remove type from qemuBuildSecretInfoProps

2016-06-23 Thread John Ferlan 
It's just a constant "secret" string anyway

Signed-off-by: John Ferlan 
---
 src/qemu/qemu_command.c | 9 ++---
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 4fdb410..9331e65 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -510,7 +510,6 @@ qemuNetworkDriveGetPort(int protocol,
 /**
  * qemuBuildSecretInfoProps:
  * @secinfo: pointer to the secret info object
- * @type: returns a pointer to a character string for object name
  * @props: json properties to return
  *
  * Build the JSON properties for the secret info type.
@@ -520,14 +519,11 @@ qemuNetworkDriveGetPort(int protocol,
  */
 static int
 qemuBuildSecretInfoProps(qemuDomainSecretInfoPtr secinfo,
- const char **type,
  virJSONValuePtr *propsret)
 {
 int ret = -1;
 char *keyid = NULL;
 
-*type = "secret";
-
 if (!(keyid = qemuDomainGetMasterKeyAlias()))
 return -1;
 
@@ -565,13 +561,12 @@ qemuBuildObjectSecretCommandLine(virCommandPtr cmd,
 {
 int ret = -1;
 virJSONValuePtr props = NULL;
-const char *type;
 char *tmp = NULL;
 
-if (qemuBuildSecretInfoProps(secinfo, , ) < 0)
+if (qemuBuildSecretInfoProps(secinfo, ) < 0)
 return -1;
 
-if (!(tmp = virQEMUBuildObjectCommandlineFromJSON(type,
+if (!(tmp = virQEMUBuildObjectCommandlineFromJSON("secret",
   secinfo->s.aes.alias,
   props)))
 goto cleanup;
-- 
2.5.5

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v4 09/14] qemu: Add support for TLS X.509 path to TCP chardev backend

2016-06-23 Thread John Ferlan 
When building a chardev device string for tcp, add the necessary pieces to
access provide the TLS X.509 path to qemu.  This includes generating the
'tls-creds-x509' object and then adding the 'tls-creds' parameter to the
VIR_DOMAIN_CHR_TYPE_TCP command line.

Finally add the tests for the qemu command line. This test will make use
of the "new(ish)" /etc/pki/qemu setting for a TLS certificate environment
by *not* "resetting" the chardevTLSx509certdir prior to running the test.
Also use the default "verify" option (which is "no").

Signed-off-by: John Ferlan 
---
 src/qemu/qemu_command.c| 109 -
 .../qemuxml2argv-serial-tcp-tlsx509-chardev.args   |  33 +++
 tests/qemuxml2argvtest.c   |   6 ++
 3 files changed, 147 insertions(+), 1 deletion(-)
 create mode 100644 
tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 5d82a4d..12f357a 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -696,6 +696,103 @@ qemuBuildRBDSecinfoURI(virBufferPtr buf,
 }
 
 
+/* qemuBuildTLSx509BackendProps:
+ * @tlspath: path to the TLS credentials
+ * @listen: boolen listen for client or server setting
+ * @verifypeer: boolean to enable peer verification (form of authorization)
+ * @qemuCaps: capabilities
+ * @propsret: json properties to return
+ *
+ * Create a backend string for the tls-creds-x509 object.
+ *
+ * Returns 0 on success, -1 on failure with error set.
+ */
+static int
+qemuBuildTLSx509BackendProps(const char *tlspath,
+ bool listen,
+ bool verifypeer,
+ virQEMUCapsPtr qemuCaps,
+ virJSONValuePtr *propsret)
+{
+virBuffer buf = VIR_BUFFER_INITIALIZER;
+char *path = NULL;
+int ret = -1;
+
+if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_TLS_CREDS_X509)) {
+virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+   _("tls-creds-x509 not supported in this QEMU binary"));
+return -1;
+}
+
+qemuBufferEscapeComma(, tlspath);
+if (virBufferCheckError() < 0)
+goto cleanup;
+path = virBufferContentAndReset();
+
+if (virJSONValueObjectCreate(propsret,
+ "s:dir", path,
+ "s:endpoint", (listen ? "server": "client"),
+ "b:verify-peer", verifypeer,
+ NULL) < 0)
+goto cleanup;
+
+ret = 0;
+
+ cleanup:
+virBufferFreeAndReset();
+VIR_FREE(path);
+return ret;
+}
+
+
+/* qemuBuildTLSx509CommandLine:
+ * @cmd: Pointer to command
+ * @tlspath: path to the TLS credentials
+ * @listen: boolen listen for client or server setting
+ * @verifypeer: boolean to enable peer verification (form of authorization)
+ * @inalias: Alias for the parent (this code will add a "_tls0" to alias)
+ * @qemuCaps: capabilities
+ *
+ * Create the command line for a TLS object
+ *
+ * Returns 0 on success, -1 on failure with error set.
+ */
+static int
+qemuBuildTLSx509CommandLine(virCommandPtr cmd,
+const char *tlspath,
+bool listen,
+bool verifypeer,
+const char *inalias,
+virQEMUCapsPtr qemuCaps)
+{
+int ret = -1;
+char *alias = NULL;
+virJSONValuePtr props = NULL;
+char *tmp = NULL;
+
+if (qemuBuildTLSx509BackendProps(tlspath, listen, verifypeer,
+ qemuCaps, ) < 0)
+return -1;
+
+if (virAsprintf(, "obj%s_tls0", inalias) < 0)
+goto cleanup;
+
+if (!(tmp = virQEMUBuildObjectCommandlineFromJSON("tls-creds-x509",
+  alias, props)))
+goto cleanup;
+
+virCommandAddArgList(cmd, "-object", tmp, NULL);
+
+ret = 0;
+
+ cleanup:
+virJSONValueFree(props);
+VIR_FREE(alias);
+VIR_FREE(tmp);
+return ret;
+}
+
+
 #define QEMU_DEFAULT_NBD_PORT "10809"
 
 static char *
@@ -4689,7 +4786,7 @@ qemuBuildChrChardevFileStr(virLogManagerPtr logManager,
 static char *
 qemuBuildChrChardevStr(virLogManagerPtr logManager,
virCommandPtr cmd,
-   virQEMUDriverConfigPtr cfg ATTRIBUTE_UNUSED,
+   virQEMUDriverConfigPtr cfg,
const virDomainDef *def,
const virDomainChrSourceDef *dev,
const char *alias,
@@ -4772,6 +4869,16 @@ qemuBuildChrChardevStr(virLogManagerPtr logManager,
   dev->data.tcp.service,
   telnet ? ",telnet" : "",
   dev->data.tcp.listen ? ",server,nowait" : "");
+
+if (cfg->chardevTLS) {
+if (qemuBuildTLSx509CommandLine(cmd,

[libvirt] [PATCH v4 13/14] qemu: Add a secret object to/for a chardev tcp with secret

2016-06-23 Thread John Ferlan 
Add the secret object prior to the chardev tcp so the 'passwordid=' can
be added if the domain XML has a  for the chardev TLS.

Signed-off-by: John Ferlan 
---
 src/qemu/qemu_command.c| 32 +-
 src/qemu/qemu_command.h|  1 +
 src/qemu/qemu_domain.c | 72 +-
 src/qemu/qemu_domain.h |  8 +++
 src/qemu/qemu_hotplug.c|  1 +
 src/qemu/qemu_process.c|  2 +-
 ...xml2argv-serial-tcp-tlsx509-secret-chardev.args | 38 
 tests/qemuxml2argvtest.c   |  8 +++
 8 files changed, 158 insertions(+), 4 deletions(-)
 create mode 100644 
tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 8b0bd90..e5fd2b2 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -700,6 +700,7 @@ qemuBuildRBDSecinfoURI(virBufferPtr buf,
  * @tlspath: path to the TLS credentials
  * @listen: boolen listen for client or server setting
  * @verifypeer: boolean to enable peer verification (form of authorization)
+ * @secalias: if one exists, the alias of the security object for passwordid
  * @qemuCaps: capabilities
  * @propsret: json properties to return
  *
@@ -711,6 +712,7 @@ int
 qemuBuildTLSx509BackendProps(const char *tlspath,
  bool listen,
  bool verifypeer,
+ const char *secalias,
  virQEMUCapsPtr qemuCaps,
  virJSONValuePtr *propsret)
 {
@@ -736,6 +738,10 @@ qemuBuildTLSx509BackendProps(const char *tlspath,
  NULL) < 0)
 goto cleanup;
 
+if (secalias &&
+virJSONValueObjectAdd(*propsret, "s:passwordid", secalias, NULL) < 0)
+goto cleanup;
+
 ret = 0;
 
  cleanup:
@@ -750,6 +756,7 @@ qemuBuildTLSx509BackendProps(const char *tlspath,
  * @tlspath: path to the TLS credentials
  * @listen: boolen listen for client or server setting
  * @verifypeer: boolean to enable peer verification (form of authorization)
+ * @addpasswordid: boolean to handle adding passwordid to object
  * @inalias: Alias for the parent (this code will add a "_tls0" to alias)
  * @qemuCaps: capabilities
  *
@@ -762,6 +769,7 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd,
 const char *tlspath,
 bool listen,
 bool verifypeer,
+bool addpasswordid,
 const char *inalias,
 virQEMUCapsPtr qemuCaps)
 {
@@ -769,11 +777,15 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd,
 char *alias = NULL;
 virJSONValuePtr props = NULL;
 char *tmp = NULL;
+char *secalias = NULL;
 
-if (qemuBuildTLSx509BackendProps(tlspath, listen, verifypeer,
- qemuCaps, ) < 0)
+if (addpasswordid && !(secalias = qemuDomainGetSecretAESAlias(inalias)))
 return -1;
 
+if (qemuBuildTLSx509BackendProps(tlspath, listen, verifypeer, secalias,
+ qemuCaps, ) < 0)
+goto cleanup;
+
 if (virAsprintf(, "obj%s_tls0", inalias) < 0)
 goto cleanup;
 
@@ -789,6 +801,7 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd,
 virJSONValueFree(props);
 VIR_FREE(alias);
 VIR_FREE(tmp);
+VIR_FREE(secalias);
 return ret;
 }
 
@@ -4871,9 +4884,13 @@ qemuBuildChrChardevStr(virLogManagerPtr logManager,
   dev->data.tcp.listen ? ",server,nowait" : "");
 
 if (cfg->chardevTLS) {
+bool addpasswordid = (dev->data.tcp.sectype ==
+  VIR_SECRET_USAGE_TYPE_PASSPHRASE);
+
 if (qemuBuildTLSx509CommandLine(cmd, 
cfg->chardevTLSx509certdir,
 dev->data.tcp.listen,
 cfg->chardevTLSx509verify,
+addpasswordid,
 alias, qemuCaps) < 0)
 goto error;
 
@@ -8482,6 +8499,17 @@ qemuBuildSerialCommandLine(virLogManagerPtr logManager,
 
 /* Use -chardev with -device if they are available */
 if (virQEMUCapsSupportsChardev(def, qemuCaps, serial)) {
+/* Add the secret object first if necessary */
+if (serial->source.data.tcp.sectype ==
+VIR_SECRET_USAGE_TYPE_PASSPHRASE) {
+qemuDomainChardevPrivatePtr chardevPriv =
+QEMU_DOMAIN_CHARDEV_PRIVATE(serial);
+qemuDomainSecretInfoPtr secinfo = chardevPriv->secinfo;
+
+if (qemuBuildObjectSecretCommandLine(cmd, secinfo) < 0)
+

[libvirt] [PATCH v4 02/14] qemu: Remove authdef from secret setup

2016-06-23 Thread John Ferlan 
Rather than pass authdef, pass the 'authdef->username' and the
'>secdef'

Note that a username may be NULL.

Signed-off-by: John Ferlan 
---
 src/qemu/qemu_domain.c | 38 +++---
 1 file changed, 23 insertions(+), 15 deletions(-)

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index ca49db1..dca8970 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -815,7 +815,8 @@ qemuDomainHostdevPrivateDispose(void *obj)
  * @conn: Pointer to connection
  * @secinfo: Pointer to secret info
  * @secretUsageType: The virSecretUsageType
- * @authdef: Pointer to auth data
+ * @username: username to use for authentication (may be NULL)
+ * @seclookupdef: Pointer to seclookupdef data
  *
  * Taking a secinfo, fill in the plaintext information
  *
@@ -825,14 +826,14 @@ static int
 qemuDomainSecretPlainSetup(virConnectPtr conn,
qemuDomainSecretInfoPtr secinfo,
virSecretUsageType secretUsageType,
-   virStorageAuthDefPtr authdef)
+   const char *username,
+   virSecretLookupTypeDefPtr seclookupdef)
 {
 secinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_PLAIN;
-if (VIR_STRDUP(secinfo->s.plain.username, authdef->username) < 0)
+if (VIR_STRDUP(secinfo->s.plain.username, username) < 0)
 return -1;
 
-return virSecretGetSecretString(conn, >seclookupdef,
-secretUsageType,
+return virSecretGetSecretString(conn, seclookupdef, secretUsageType,
 >s.plain.secret,
 >s.plain.secretlen);
 }
@@ -844,7 +845,8 @@ qemuDomainSecretPlainSetup(virConnectPtr conn,
  * @secinfo: Pointer to secret info
  * @srcalias: Alias of the disk/hostdev used to generate the secret alias
  * @secretUsageType: The virSecretUsageType
- * @authdef: Pointer to auth data
+ * @username: username to use for authentication (may be NULL)
+ * @seclookupdef: Pointer to seclookupdef data
  *
  * Taking a secinfo, fill in the AES specific information using the
  *
@@ -856,7 +858,8 @@ qemuDomainSecretAESSetup(virConnectPtr conn,
  qemuDomainSecretInfoPtr secinfo,
  const char *srcalias,
  virSecretUsageType secretUsageType,
- virStorageAuthDefPtr authdef)
+ const char *username,
+ virSecretLookupTypeDefPtr seclookupdef)
 {
 int ret = -1;
 uint8_t *raw_iv = NULL;
@@ -867,7 +870,7 @@ qemuDomainSecretAESSetup(virConnectPtr conn,
 size_t ciphertextlen = 0;
 
 secinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_AES;
-if (VIR_STRDUP(secinfo->s.aes.username, authdef->username) < 0)
+if (VIR_STRDUP(secinfo->s.aes.username, username) < 0)
 return -1;
 
 if (!(secinfo->s.aes.alias = qemuDomainGetSecretAESAlias(srcalias)))
@@ -882,7 +885,7 @@ qemuDomainSecretAESSetup(virConnectPtr conn,
 goto cleanup;
 
 /* Grab the unencoded secret */
-if (virSecretGetSecretString(conn, >seclookupdef, secretUsageType,
+if (virSecretGetSecretString(conn, seclookupdef, secretUsageType,
  , ) < 0)
 goto cleanup;
 
@@ -917,7 +920,8 @@ qemuDomainSecretAESSetup(virConnectPtr conn,
  * @secinfo: Pointer to secret info
  * @srcalias: Alias of the disk/hostdev used to generate the secret alias
  * @secretUsageType: The virSecretUsageType
- * @authdef: Pointer to auth data
+ * @username: username to use for authentication (may be NULL)
+ * @seclookupdef: Pointer to seclookupdef data
  *
  * If we have the encryption API present and can support a secret object, then
  * build the AES secret; otherwise, build the Plain secret. This is the magic
@@ -932,17 +936,19 @@ qemuDomainSecretSetup(virConnectPtr conn,
   qemuDomainSecretInfoPtr secinfo,
   const char *srcalias,
   virSecretUsageType secretUsageType,
-  virStorageAuthDefPtr authdef)
+  const char *username,
+  virSecretLookupTypeDefPtr seclookupdef)
 {
 if (virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC) &&
 virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET) &&
 secretUsageType == VIR_SECRET_USAGE_TYPE_CEPH) {
 if (qemuDomainSecretAESSetup(conn, priv, secinfo, srcalias,
- secretUsageType, authdef) < 0)
+ secretUsageType, username,
+ seclookupdef) < 0)
 return -1;
 } else {
 if (qemuDomainSecretPlainSetup(conn, secinfo, secretUsageType,
-   authdef) < 0)
+   username, seclookupdef) < 0)
 return -1;
 }
 return 0;
@@ -999,7 +1005,8

[libvirt] [PATCH v4 07/14] conf: Add new default TLS X.509 certificate default directory

2016-06-23 Thread John Ferlan 
Rather than specify perhaps multiple TLS X.509 certificate directories,
let's create a "default" directory which can then be used if the service
(e.g. for now vnc and spice) does not supply a default directory.

Since the default for vnc and spice may have existed before without being
supplied, the default check will first check if the service specific path
exists and if so, set the cfg entry to that; otherwise, the default will
be set to the (now) new defaultTLSx509certdir.

Additionally add a "default_tls_x509_verify" entry which can also be used
to force the peer verification option (for vnc it's a x509verify option).
Add/alter the macro for the option being found in the config file to accept
the default value.

Signed-off-by: John Ferlan 
---
 src/qemu/libvirtd_qemu.aug |  6 -
 src/qemu/qemu.conf | 55 +-
 src/qemu/qemu_conf.c   | 53 +++-
 src/qemu/qemu_conf.h   |  3 +++
 src/qemu/test_libvirtd_qemu.aug.in |  2 ++
 5 files changed, 93 insertions(+), 26 deletions(-)

diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
index 8bc23ba..06d9b98 100644
--- a/src/qemu/libvirtd_qemu.aug
+++ b/src/qemu/libvirtd_qemu.aug
@@ -24,6 +24,9 @@ module Libvirtd_qemu =
 
 
(* Config entry grouped by function - same order as example config *)
+   let default_tls_entry = str_entry "default_tls_x509_cert_dir"
+ | bool_entry "default_tls_x509_verify"
+
let vnc_entry = str_entry "vnc_listen"
  | bool_entry "vnc_auto_unix_socket"
  | bool_entry "vnc_tls"
@@ -93,7 +96,8 @@ module Libvirtd_qemu =
let nvram_entry = str_array_entry "nvram"
 
(* Each entry in the config is one of the following ... *)
-   let entry = vnc_entry
+   let entry = default_tls_entry
+ | vnc_entry
  | spice_entry
  | nogfx_entry
  | remote_display_entry
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 7964273..fb6b843 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -2,6 +2,32 @@
 # All settings described here are optional - if omitted, sensible
 # defaults are used.
 
+# Use of TLS requires that x509 certificates be issued. The default is
+# to keep them in /etc/pki/qemu. This directory must contain
+#
+#  ca-cert.pem - the CA master certificate
+#  server-cert.pem - the server certificate signed with ca-cert.pem
+#  server-key.pem  - the server private key
+#
+# and optionally may contain
+#
+#  dh-params.pem - the DH params configuration file
+#
+#default_tls_x509_cert_dir = "/etc/pki/qemu"
+
+
+# The default TLS configuration only uses certificates for the server
+# allowing the client to verify the server's identity and establish
+# an encrypted channel.
+#
+# It is possible to use x509 certificates for authentication too, by
+# issuing a x509 certificate to every client who needs to connect.
+#
+# Enabling this option will reject any client who does not have a
+# certificate signed by the CA in /etc/pki/qemu/ca-cert.pem
+#
+#default_tls_x509_verify = 1
+
 # VNC is configured to listen on 127.0.0.1 by default.
 # To make it listen on all public interfaces, uncomment
 # this next option.
@@ -32,15 +58,10 @@
 #vnc_tls = 1
 
 
-# Use of TLS requires that x509 certificates be issued. The
-# default it to keep them in /etc/pki/libvirt-vnc. This directory
-# must contain
-#
-#  ca-cert.pem - the CA master certificate
-#  server-cert.pem - the server certificate signed with ca-cert.pem
-#  server-key.pem  - the server private key
-#
-# This option allows the certificate directory to be changed
+# In order to override the default TLS certificate location for
+# vnc certificates, supply a valid path to the certificate directory.
+# If the provided path does not exist then the default_tls_x509_cert_dir
+# path will be used.
 #
 #vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc"
 
@@ -55,6 +76,9 @@
 # Enabling this option will reject any client who does not have a
 # certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem
 #
+# If this option is not supplied, it will be set to the value of
+# "default_tls_x509_verify".
+#
 #vnc_tls_x509_verify = 1
 
 
@@ -117,15 +141,10 @@
 #spice_tls = 1
 
 
-# Use of TLS requires that x509 certificates be issued. The
-# default it to keep them in /etc/pki/libvirt-spice. This directory
-# must contain
-#
-#  ca-cert.pem - the CA master certificate
-#  server-cert.pem - the server certificate signed with ca-cert.pem
-#  server-key.pem  - the server private key
-#
-# This option allows the certificate directory to be changed.
+# In order to override the default TLS certificate location for
+# spice certificates, supply a valid path to the certificate directory.
+# If the provided path does not exist then the default_tls_x509_cert_dir
+# path will be used.
 #
 #spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice"
 
diff --git

[libvirt] [PATCH v4 05/14] qemu: Make qemuBuildSecretInfoProps global

2016-06-23 Thread John Ferlan 
Need to create the object for a hotplug disk

Signed-off-by: John Ferlan 
---
 src/qemu/qemu_command.c | 2 +-
 src/qemu/qemu_command.h | 4 
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 9331e65..5d82a4d 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -517,7 +517,7 @@ qemuNetworkDriveGetPort(int protocol,
  * Returns 0 on success with the filled in JSON property; otherwise,
  * returns -1 on failure error message set.
  */
-static int
+int
 qemuBuildSecretInfoProps(qemuDomainSecretInfoPtr secinfo,
  virJSONValuePtr *propsret)
 {
diff --git a/src/qemu/qemu_command.h b/src/qemu/qemu_command.h
index 9ff4edb..c4d0567 100644
--- a/src/qemu/qemu_command.h
+++ b/src/qemu/qemu_command.h
@@ -61,6 +61,10 @@ virCommandPtr qemuBuildCommandLine(virQEMUDriverPtr driver,
const char *domainLibDir)
 ATTRIBUTE_NONNULL(15);
 
+/* Generate the object properties for a secret */
+int qemuBuildSecretInfoProps(qemuDomainSecretInfoPtr secinfo,
+ virJSONValuePtr *propsret);
+
 /* Generate '-device' string for chardev device */
 int
 qemuBuildChrDeviceStr(char **deviceStr,
-- 
2.5.5

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 1/4] qemu: Remove redundant arguments to qemuBuildSerialChrDeviceStr()

2016-06-23 Thread Laine Stump 

On 06/23/2016 04:40 AM, Andrea Bolognani wrote:

Since we're already passing the full virDomainDef, it doesn't
make sense to also pass def->os.arch and def->os.machine as
separate arguments.
---
  src/qemu/qemu_command.c | 10 +++---
  1 file changed, 3 insertions(+), 7 deletions(-)


ACK.

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v2 13/15] qemu: Make qemuBuildSecretInfoProps global

2016-06-23 Thread John Ferlan 
Need to create the object for a hotplug disk

Signed-off-by: John Ferlan 
---
 src/qemu/qemu_command.c | 2 +-
 src/qemu/qemu_command.h | 4 
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 9331e65..5d82a4d 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -517,7 +517,7 @@ qemuNetworkDriveGetPort(int protocol,
  * Returns 0 on success with the filled in JSON property; otherwise,
  * returns -1 on failure error message set.
  */
-static int
+int
 qemuBuildSecretInfoProps(qemuDomainSecretInfoPtr secinfo,
  virJSONValuePtr *propsret)
 {
diff --git a/src/qemu/qemu_command.h b/src/qemu/qemu_command.h
index 9ff4edb..c4d0567 100644
--- a/src/qemu/qemu_command.h
+++ b/src/qemu/qemu_command.h
@@ -61,6 +61,10 @@ virCommandPtr qemuBuildCommandLine(virQEMUDriverPtr driver,
const char *domainLibDir)
 ATTRIBUTE_NONNULL(15);
 
+/* Generate the object properties for a secret */
+int qemuBuildSecretInfoProps(qemuDomainSecretInfoPtr secinfo,
+ virJSONValuePtr *propsret);
+
 /* Generate '-device' string for chardev device */
 int
 qemuBuildChrDeviceStr(char **deviceStr,
-- 
2.5.5

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v2 14/15] qemu: Add secinfo for hotplug virtio disk

2016-06-23 Thread John Ferlan 
Commit id 'a1344f70a' added AES secret processing for RBD when starting
up a guest. As such, when the hotplug code calls qemuDomainSecretDiskPrepare
an AES secret could be added to the disk about to be hotplugged. If an AES
secret was added, then the hotplug code would need to generate the secret
object because qemuBuildDriveStr would add the "password-secret=" to the
returned 'driveStr' rather than the base64 encoded password.

Signed-off-by: John Ferlan 
---
 src/qemu/qemu_hotplug.c | 44 ++--
 1 file changed, 38 insertions(+), 6 deletions(-)

diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index f695903..235cb73 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -310,6 +310,9 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn,
 bool releaseaddr = false;
 virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
 const char *src = virDomainDiskGetSource(disk);
+virJSONValuePtr secobjProps = NULL;
+qemuDomainDiskPrivatePtr diskPriv;
+qemuDomainSecretInfoPtr secinfo;
 
 if (!disk->info.type) {
 if (qemuDomainMachineIsS390CCW(vm->def) &&
@@ -342,6 +345,13 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn,
 if (qemuDomainSecretDiskPrepare(conn, priv, disk) < 0)
 goto error;
 
+diskPriv = QEMU_DOMAIN_DISK_PRIVATE(disk);
+secinfo = diskPriv->secinfo;
+if (secinfo && secinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES) {
+if (qemuBuildSecretInfoProps(secinfo, ) < 0)
+goto error;
+}
+
 if (!(drivestr = qemuBuildDriveStr(disk, false, priv->qemuCaps)))
 goto error;
 
@@ -354,9 +364,15 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn,
 if (VIR_REALLOC_N(vm->def->disks, vm->def->ndisks+1) < 0)
 goto error;
 
-/* Attach the device - 2 step process */
+/* Attach the device - possible 3 step process */
 qemuDomainObjEnterMonitor(driver, vm);
 
+if (secobjProps && qemuMonitorAddObject(priv->mon, "secret",
+secinfo->s.aes.alias,
+secobjProps) < 0)
+goto failaddobjsecret;
+secobjProps = NULL;
+
 if (qemuMonitorAddDrive(priv->mon, drivestr) < 0)
 goto failadddrive;
 
@@ -374,6 +390,7 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn,
 ret = 0;
 
  cleanup:
+virJSONValueFree(secobjProps);
 qemuDomainSecretDiskDestroy(disk);
 VIR_FREE(devstr);
 VIR_FREE(drivestr);
@@ -393,8 +410,13 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn,
 }
 
  failadddrive:
+if (secobjProps)
+ignore_value(qemuMonitorDelObject(priv->mon, secinfo->s.aes.alias));
+
+ failaddobjsecret:
 if (qemuDomainObjExitMonitor(driver, vm) < 0)
 releaseaddr = false;
+secobjProps = NULL; /* qemuMonitorAddObject consumes props on failure too 
*/
 
  failexitmonitor:
 virDomainAuditDisk(vm, NULL, disk->src, "attach", false);
@@ -3389,6 +3411,8 @@ qemuDomainDetachVirtioDiskDevice(virQEMUDriverPtr driver,
 {
 int ret = -1;
 qemuDomainObjPrivatePtr priv = vm->privateData;
+qemuDomainDiskPrivatePtr diskPriv = QEMU_DOMAIN_DISK_PRIVATE(detach);
+qemuDomainSecretInfoPtr secinfo = diskPriv->secinfo;
 
 if (qemuIsMultiFunctionDevice(vm->def, >info)) {
 virReportError(VIR_ERR_OPERATION_FAILED,
@@ -3422,12 +3446,14 @@ qemuDomainDetachVirtioDiskDevice(virQEMUDriverPtr 
driver,
 qemuDomainMarkDeviceForRemoval(vm, >info);
 
 qemuDomainObjEnterMonitor(driver, vm);
-if (qemuMonitorDelDevice(priv->mon, detach->info.alias) < 0) {
-if (qemuDomainObjExitMonitor(driver, vm) < 0)
-goto cleanup;
-virDomainAuditDisk(vm, detach->src, NULL, "detach", false);
-goto cleanup;
+if (secinfo && secinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES) {
+if (qemuMonitorDelObject(priv->mon, secinfo->s.aes.alias) < 0)
+goto faildel;
 }
+
+if (qemuMonitorDelDevice(priv->mon, detach->info.alias) < 0)
+goto faildel;
+
 if (qemuDomainObjExitMonitor(driver, vm) < 0)
 goto cleanup;
 
@@ -3437,6 +3463,12 @@ qemuDomainDetachVirtioDiskDevice(virQEMUDriverPtr driver,
  cleanup:
 qemuDomainResetDeviceRemoval(vm);
 return ret;
+
+ faildel:
+if (qemuDomainObjExitMonitor(driver, vm) < 0)
+goto cleanup;
+virDomainAuditDisk(vm, detach->src, NULL, "detach", false);
+goto cleanup;
 }
 
 static int
-- 
2.5.5

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v2 07/15] util: Add 'luks' to the FileTypeInfo

2016-06-23 Thread John Ferlan 
Add the ability to detect a luks encrypted device.

Signed-off-by: John Ferlan 
---
 src/util/virstoragefile.c | 24 ++--
 src/util/virstoragefile.h |  1 +
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c
index 37e9798..59927ea 100644
--- a/src/util/virstoragefile.c
+++ b/src/util/virstoragefile.c
@@ -63,7 +63,7 @@ VIR_ENUM_IMPL(virStorageFileFormat,
   "cloop", "dmg", "iso",
   "vpc", "vdi",
   /* Not direct file formats, but used for various drivers */
-  "fat", "vhd", "ploop",
+  "fat", "vhd", "ploop", "luks",
   /* Formats with backing file below here */
   "cow", "qcow", "qcow2", "qed", "vmdk")
 
@@ -189,6 +189,13 @@ qedGetBackingStore(char **, int *, const char *, size_t);
 #define PLOOP_IMAGE_SIZE_OFFSET 36
 #define PLOOP_SIZE_MULTIPLIER 512
 
+#define LUKS_HDR_MAGIC_LEN 6
+#define LUKS_HDR_VERSION_LEN 2
+
+/* Format described by qemu commit id '3e308f20e' */
+#define LUKS_HDR_VERSION_OFFSET LUKS_HDR_MAGIC_LEN
+
+
 static struct FileTypeInfo const fileTypeInfo[] = {
 [VIR_STORAGE_FILE_NONE] = { 0, NULL, NULL, LV_LITTLE_ENDIAN,
 -1, 0, {0}, 0, 0, 0, 0, NULL, NULL },
@@ -244,6 +251,13 @@ static struct FileTypeInfo const fileTypeInfo[] = {
  -2, 0, {0}, PLOOP_IMAGE_SIZE_OFFSET, 0,
  PLOOP_SIZE_MULTIPLIER, -1, NULL, NULL },
 
+/* Magic is 'L','U','K','S', 0xBA, 0xBE
+ * Set sizeOffset = -1 and let hypervisor handle */
+[VIR_STORAGE_FILE_LUKS] = {
+0, "\x4c\x55\x4b\x53\xba\xbe", NULL,
+LV_BIG_ENDIAN, LUKS_HDR_VERSION_OFFSET, 2, {1},
+-1, 0, 0, -1, NULL, NULL
+},
 /* All formats with a backing store probe below here */
 [VIR_STORAGE_FILE_COW] = {
 0, "OOOM", NULL,
@@ -626,7 +640,7 @@ virStorageFileMatchesVersion(int format,
  char *buf,
  size_t buflen)
 {
-int version;
+int version = 0;
 size_t i;
 
 /* Validate version number info */
@@ -838,6 +852,12 @@ virStorageFileGetMetadataInternal(virStorageSourcePtr meta,
 goto cleanup;
 }
 
+if (meta->format == VIR_STORAGE_FILE_LUKS) {
+/* By definition, this is encrypted */
+if (!meta->encryption && VIR_ALLOC(meta->encryption) < 0)
+goto cleanup;
+}
+
 VIR_FREE(meta->backingStoreRaw);
 if (fileTypeInfo[meta->format].getBackingStore != NULL) {
 int store = 
fileTypeInfo[meta->format].getBackingStore(>backingStoreRaw,
diff --git a/src/util/virstoragefile.h b/src/util/virstoragefile.h
index 71a8b3a..78beaf4 100644
--- a/src/util/virstoragefile.h
+++ b/src/util/virstoragefile.h
@@ -74,6 +74,7 @@ typedef enum {
 VIR_STORAGE_FILE_FAT,
 VIR_STORAGE_FILE_VHD,
 VIR_STORAGE_FILE_PLOOP,
+VIR_STORAGE_FILE_LUKS,
 
 /* Not a format, but a marker: all formats below this point have
  * libvirt support for following a backing chain */
-- 
2.5.5

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v2 12/15] qemu: Remove type from qemuBuildSecretInfoProps

2016-06-23 Thread John Ferlan 
It's just a constant "secret" string anyway

Signed-off-by: John Ferlan 
---
 src/qemu/qemu_command.c | 9 ++---
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 4fdb410..9331e65 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -510,7 +510,6 @@ qemuNetworkDriveGetPort(int protocol,
 /**
  * qemuBuildSecretInfoProps:
  * @secinfo: pointer to the secret info object
- * @type: returns a pointer to a character string for object name
  * @props: json properties to return
  *
  * Build the JSON properties for the secret info type.
@@ -520,14 +519,11 @@ qemuNetworkDriveGetPort(int protocol,
  */
 static int
 qemuBuildSecretInfoProps(qemuDomainSecretInfoPtr secinfo,
- const char **type,
  virJSONValuePtr *propsret)
 {
 int ret = -1;
 char *keyid = NULL;
 
-*type = "secret";
-
 if (!(keyid = qemuDomainGetMasterKeyAlias()))
 return -1;
 
@@ -565,13 +561,12 @@ qemuBuildObjectSecretCommandLine(virCommandPtr cmd,
 {
 int ret = -1;
 virJSONValuePtr props = NULL;
-const char *type;
 char *tmp = NULL;
 
-if (qemuBuildSecretInfoProps(secinfo, , ) < 0)
+if (qemuBuildSecretInfoProps(secinfo, ) < 0)
 return -1;
 
-if (!(tmp = virQEMUBuildObjectCommandlineFromJSON(type,
+if (!(tmp = virQEMUBuildObjectCommandlineFromJSON("secret",
   secinfo->s.aes.alias,
   props)))
 goto cleanup;
-- 
2.5.5

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v2 10/15] storage: Introduce virStoragePoolObjBuildTempFilePath

2016-06-23 Thread John Ferlan 
Create a function to return a temporary file path to be used in a mkostemp
type call using the path to the stateDir + pool->def->name + vol->name

Signed-off-by: John Ferlan 
---
 src/storage/storage_driver.c | 24 
 src/storage/storage_driver.h |  6 +-
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c
index 4b5419d..92a1fb9 100644
--- a/src/storage/storage_driver.c
+++ b/src/storage/storage_driver.c
@@ -3608,3 +3608,27 @@ virStoragePoolObjFindPoolByUUID(const unsigned char 
*uuid)
 storageDriverUnlock();
 return pool;
 }
+
+
+/*
+ * virStoragePoolObjBuildTempFilePath
+ * @pool: pool object pointer
+ * @vol: volume definition
+ *
+ * Generate a name for a temporary file using the driver stateDir
+ * as a path, the pool name, and the volume name to be used as input
+ * for a mkostemp
+ *
+ * Returns a string pointer on success, NULL on failure
+ */
+char *
+virStoragePoolObjBuildTempFilePath(virStoragePoolObjPtr pool,
+   virStorageVolDefPtr vol)
+
+{
+char *tmp = NULL;
+
+ignore_value(virAsprintf(, "%s/%s.%s.secret.XX",
+ driver->stateDir, pool->def->name, vol->name));
+return tmp;
+}
diff --git a/src/storage/storage_driver.h b/src/storage/storage_driver.h
index 912c232..99c58bc 100644
--- a/src/storage/storage_driver.h
+++ b/src/storage/storage_driver.h
@@ -1,7 +1,7 @@
 /*
  * storage_driver.h: core driver for storage APIs
  *
- * Copyright (C) 2006-2008, 2014 Red Hat, Inc.
+ * Copyright (C) 2006-2008, 2014-2016 Red Hat, Inc.
  * Copyright (C) 2006-2008 Daniel P. Berrange
  *
  * This library is free software; you can redistribute it and/or
@@ -65,6 +65,10 @@ storagePoolLookupByTargetPath(virConnectPtr conn,
   const char *path)
 ATTRIBUTE_NONNULL(2);
 
+char *virStoragePoolObjBuildTempFilePath(virStoragePoolObjPtr pool,
+ virStorageVolDefPtr vol)
+ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_RETURN_CHECK;
+
 int storageRegister(void);
 
 #endif /* __VIR_STORAGE_DRIVER_H__ */
-- 
2.5.5

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v2 09/15] encryption: Add and to encryption

2016-06-23 Thread John Ferlan 
For a luks device, allow the configuration of a specific cipher to be
used for encrypting the volume.

Signed-off-by: John Ferlan 
---
 docs/formatstorageencryption.html.in   |  81 +-
 docs/schemas/storagecommon.rng |  44 +++-
 src/conf/domain_conf.c |  11 ++
 src/util/virstorageencryption.c| 124 +
 src/util/virstorageencryption.h|  13 +++
 .../qemuxml2argv-luks-disk-cipher.xml  |  41 +++
 .../qemuxml2xmlout-luks-disk-cipher.xml|  45 
 tests/qemuxml2xmltest.c|   1 +
 tests/storagevolxml2xmlin/vol-luks-cipher.xml  |  23 
 tests/storagevolxml2xmlout/vol-luks-cipher.xml |  23 
 tests/storagevolxml2xmltest.c  |   1 +
 11 files changed, 401 insertions(+), 6 deletions(-)
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disk-cipher.xml
 create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disk-cipher.xml
 create mode 100644 tests/storagevolxml2xmlin/vol-luks-cipher.xml
 create mode 100644 tests/storagevolxml2xmlout/vol-luks-cipher.xml

diff --git a/docs/formatstorageencryption.html.in 
b/docs/formatstorageencryption.html.in
index 3a08192..80111e3 100644
--- a/docs/formatstorageencryption.html.in
+++ b/docs/formatstorageencryption.html.in
@@ -71,6 +71,58 @@
   be used as the passphrase to decrypt the volume.
   Since 2.0.0.
 
+
+  For volume creation, it is possible to specify the encryption
+  algorithm used to encrypt the luks volume. The following two
+  optional elements may be provided for that purpose. It is hypervisor
+  dependent as to which algorithms are supported. The default algorithm
+  for QEMU is 'aes-256-cbc' using 'essiv' for initialization vector
+  generation and 'sha256' hash algorithm for both the cipher and the
+  initialization vector generation.
+
+
+
+  cipher
+  This element describes the cipher algorithm to be used to either
+  encrypt or decrypt the luks volume. This element has the following
+  attributes:
+  
+name
+The name of the cipher algorithm used for data encryption,
+such as 'aes', 'des', 'cast5', 'serpent', 'twofish', etc.
+Support of the specific algorithm is hypervisor dependent.
+size
+The size of the cipher in bits, such as '256', '192', '128',
+etc. Support of the specific size for a specific cipher is
+hypervisor dependent.
+mode
+An optional cipher algorithm mode such as 'cbc', 'xts',
+'ecb', etc. Support of the specific cipher mode is
+hypervisor dependent.
+hash
+An optional master key hash algorithm such as 'md5', 'sha1',
+'sha256', etc. Support of the specific hash algorithm is
+hypervisor dependent.
+  
+  
+  ivgen
+  This optional element describes the initialization vector
+  generation algorithm used in conjunction with the
+  cipher. If the cipher is not provided,
+  then an error will be generated by the parser.
+  
+name
+The name of the algorithm, such as 'plain', 'plain64',
+'essiv', etc. Support of the specific algorithm is hypervisor
+dependent.
+hash
+An optional hash algorithm such as 'md5', 'sha1', 'sha256',
+etc. Support of the specific ivgen hash algorithm is hypervisor
+dependent.
+  
+  
+
+
 
 Examples
 
@@ -84,9 +136,12 @@
   /encryption
 
 
-  Here is a simple example, specifying use of the luks format
-  where it's assumed that a secret has been defined using a
-  usage element with a id of "luks_example":
+  Assuming a 
+  luks secret is already defined using a
+  usage element with an id of "luks_example",
+  a simple example specifying use of the luks format
+  for either volume creation without a specific cipher being defined or
+  as part of a domain volume definition:
 
 
   encryption format='luks'
@@ -94,5 +149,25 @@
   /encryption
 
 
+
+  Here is an example, specifying use of the luks format for
+  a specific cipher algorihm for volume creation:
+
+
+  volume
+nametwofish.luks/name
+capacity unit='G'5/capacity
+target
+  path/var/lib/libvirt/images/demo.luks/path
+  format type='luks'/
+  encryption format='luks'
+ secret type='passphrase' usage='luks_example'/
+ cipher name='twofish' size='256' mode='cbc' hash='sha256'/
+ ivgen name='plain64' hash='sha256'/
+  /encryption
+/target
+  /volume
+
+
   
 
diff --git

[libvirt] [PATCH v2 15/15] qemu: Add luks support for domain disk

2016-06-23 Thread John Ferlan 
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1301021

Generate the luks command line using the AES secret key to encrypt the
luks secret. A luks secret object will be in addition to a an AES secret.

For hotplug, check if the encinfo exists and if so, add the AES secret
for the passphrase for the secret object used to decrypt the device.

Add tests for sample output

Signed-off-by: John Ferlan 
---
 src/qemu/qemu_command.c| 12 +++-
 src/qemu/qemu_domain.c | 50 +++--
 src/qemu/qemu_hotplug.c| 65 +++---
 .../qemuxml2argv-luks-disk-cipher.args | 36 
 .../qemuxml2argvdata/qemuxml2argv-luks-disks.args  | 36 
 tests/qemuxml2argvtest.c   | 11 +++-
 6 files changed, 182 insertions(+), 28 deletions(-)
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disk-cipher.args
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disks.args

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 5d82a4d..6ba9607 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -1098,6 +1098,7 @@ qemuBuildDriveStr(virDomainDiskDefPtr disk,
 int actualType = virStorageSourceGetActualType(disk->src);
 qemuDomainDiskPrivatePtr diskPriv = QEMU_DOMAIN_DISK_PRIVATE(disk);
 qemuDomainSecretInfoPtr secinfo = diskPriv->secinfo;
+qemuDomainSecretInfoPtr encinfo = diskPriv->encinfo;
 bool emitDeviceSyntax = qemuDiskBusNeedsDeviceArg(disk->bus);
 
 if (idx < 0) {
@@ -1232,10 +1233,13 @@ qemuBuildDriveStr(virDomainDiskDefPtr disk,
 qemuBufferEscapeComma(, source);
 virBufferAddLit(, ",");
 
-if (secinfo && secinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES) {
+if (secinfo && secinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES)
 virBufferAsprintf(, "password-secret=%s,",
   secinfo->s.aes.alias);
-}
+
+if (encinfo)
+virQEMUBuildLuksOpts(, disk->src->encryption,
+ encinfo->s.aes.alias);
 
 if (disk->src->format > 0 &&
 disk->src->type != VIR_STORAGE_TYPE_DIR)
@@ -1939,6 +1943,7 @@ qemuBuildDiskDriveCommandLine(virCommandPtr cmd,
 virDomainDiskDefPtr disk = def->disks[i];
 qemuDomainDiskPrivatePtr diskPriv = QEMU_DOMAIN_DISK_PRIVATE(disk);
 qemuDomainSecretInfoPtr secinfo = diskPriv->secinfo;
+qemuDomainSecretInfoPtr encinfo = diskPriv->encinfo;
 
 /* PowerPC pseries based VMs do not support floppy device */
 if ((disk->device == VIR_DOMAIN_DISK_DEVICE_FLOPPY) &&
@@ -1968,6 +1973,9 @@ qemuBuildDiskDriveCommandLine(virCommandPtr cmd,
 if (qemuBuildDiskSecinfoCommandLine(cmd, secinfo) < 0)
 return -1;
 
+if (qemuBuildDiskSecinfoCommandLine(cmd, encinfo) < 0)
+return -1;
+
 virCommandAddArg(cmd, "-drive");
 
 optstr = qemuBuildDriveStr(disk,
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index dca8970..53744c9 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -941,7 +941,8 @@ qemuDomainSecretSetup(virConnectPtr conn,
 {
 if (virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC) &&
 virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET) &&
-secretUsageType == VIR_SECRET_USAGE_TYPE_CEPH) {
+(secretUsageType == VIR_SECRET_USAGE_TYPE_CEPH ||
+ secretUsageType == VIR_SECRET_USAGE_TYPE_PASSPHRASE)) {
 if (qemuDomainSecretAESSetup(conn, priv, secinfo, srcalias,
  secretUsageType, username,
  seclookupdef) < 0)
@@ -989,27 +990,42 @@ qemuDomainSecretDiskPrepare(virConnectPtr conn,
 virStorageSourcePtr src = disk->src;
 qemuDomainSecretInfoPtr secinfo = NULL;
 
-if (conn && !virStorageSourceIsEmpty(src) &&
-virStorageSourceGetActualType(src) == VIR_STORAGE_TYPE_NETWORK &&
-src->auth &&
-(src->protocol == VIR_STORAGE_NET_PROTOCOL_ISCSI ||
- src->protocol == VIR_STORAGE_NET_PROTOCOL_RBD)) {
-
-virSecretUsageType secretUsageType = VIR_SECRET_USAGE_TYPE_ISCSI;
+if (conn && !virStorageSourceIsEmpty(src)) {
 qemuDomainDiskPrivatePtr diskPriv = QEMU_DOMAIN_DISK_PRIVATE(disk);
 
-if (VIR_ALLOC(secinfo) < 0)
-return -1;
+if (virStorageSourceGetActualType(src) == VIR_STORAGE_TYPE_NETWORK &&
+src->auth &&
+(src->protocol == VIR_STORAGE_NET_PROTOCOL_ISCSI ||
+ src->protocol == VIR_STORAGE_NET_PROTOCOL_RBD)) {
 
-if (src->protocol == VIR_STORAGE_NET_PROTOCOL_RBD)
-secretUsageType = VIR_SECRET_USAGE_TYPE_CEPH;
+virSecretUsageType secretUsageType = VIR_SECRET_USAGE_TYPE_ISCSI;
 
-if (qemuDomainSecretSetup(conn, priv, secinfo, disk->info.alias,
-

[libvirt] [PATCH v2 08/15] encryption: Add luks parsing for storageencryption

2016-06-23 Thread John Ferlan 
Add parse and format of the luks/passphrase secret including tests for
volume XML parsing.

Signed-off-by: John Ferlan 
---
 docs/formatsecret.html.in  |  7 +++-
 docs/formatstorageencryption.html.in   | 26 -
 docs/schemas/storagecommon.rng |  2 +
 src/qemu/qemu_process.c|  6 +++
 src/storage/storage_backend.c  |  3 +-
 src/storage/storage_backend_fs.c   |  7 +++-
 src/storage/storage_backend_gluster.c  |  2 +
 src/util/virstorageencryption.c|  2 +-
 src/util/virstorageencryption.h|  1 +
 tests/qemuxml2argvdata/qemuxml2argv-luks-disks.xml | 41 
 .../qemuxml2xmlout-luks-disks.xml  | 45 ++
 tests/qemuxml2xmltest.c|  1 +
 tests/storagevolxml2xmlin/vol-luks.xml | 21 ++
 tests/storagevolxml2xmlout/vol-luks.xml| 21 ++
 tests/storagevolxml2xmltest.c  |  1 +
 15 files changed, 180 insertions(+), 6 deletions(-)
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disks.xml
 create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml
 create mode 100644 tests/storagevolxml2xmlin/vol-luks.xml
 create mode 100644 tests/storagevolxml2xmlout/vol-luks.xml

diff --git a/docs/formatsecret.html.in b/docs/formatsecret.html.in
index 79c4082..578c80e 100644
--- a/docs/formatsecret.html.in
+++ b/docs/formatsecret.html.in
@@ -248,7 +248,12 @@
 
   This secret is a general purpose secret to be used by various libvirt
   objects to provide a single passphrase as required by the object in
-  order to perform its authentication.
+  order to perform its authentication. For example, this secret will
+  be used either by the
+  storage volume in order to
+  provide the passphrase to encrypt a luks volume or by the
+  disk device in order to
+  provide the passphrase to decrypt the luks volume for usage.
   Since 2.0.0. The following is an example
   of a secret.xml file:
 
diff --git a/docs/formatstorageencryption.html.in 
b/docs/formatstorageencryption.html.in
index fae86eb..3a08192 100644
--- a/docs/formatstorageencryption.html.in
+++ b/docs/formatstorageencryption.html.in
@@ -59,8 +59,20 @@
   the secret element is not present during volume creation,
   a secret is automatically generated and attached to the volume.
 
+"luks" format
+
+  The luks format is specific to a luks encrypted volume
+  and the secret used in order to either encrypt or decrypt the volume.
+  A single secret type='passphrase'... element is
+  expected. The secret may be referenced via either a uuid or
+  usage attribute. One of the two must be present. When
+  present for volume creation, the secret will be used in order for
+  volume encryption.  When present for domain usage, the secret will
+  be used as the passphrase to decrypt the volume.
+  Since 2.0.0.
+
 
-Example
+Examples
 
 
   Here is a simple example, specifying use of the qcow format:
@@ -70,5 +82,17 @@
   encryption format='qcow'
  secret type='passphrase' 
uuid='c1f11a6d-8c5d-4a3e-ac7a-4e171c5e0d4a' /
   /encryption
+
+
+  Here is a simple example, specifying use of the luks format
+  where it's assumed that a secret has been defined using a
+  usage element with a id of "luks_example":
+
+
+  encryption format='luks'
+ secret type='passphrase' usage='luks_example'/
+  /encryption
+
+
   
 
diff --git a/docs/schemas/storagecommon.rng b/docs/schemas/storagecommon.rng
index c5b71de..63b55b4 100644
--- a/docs/schemas/storagecommon.rng
+++ b/docs/schemas/storagecommon.rng
@@ -12,6 +12,7 @@
 
   default
   qcow
+  luks
 
   
   
@@ -81,6 +82,7 @@
   fat
   vhd
   ploop
+  luks
   
 
   
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 7d56ec8..d4c49eb 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -2411,6 +2411,12 @@ qemuProcessInitPasswords(virConnectPtr conn,
 !virDomainDiskGetSource(vm->def->disks[i]))
 continue;
 
+if (vm->def->disks[i]->src->encryption->format !=
+VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT &&
+vm->def->disks[i]->src->encryption->format !=
+VIR_STORAGE_ENCRYPTION_FORMAT_QCOW)
+continue;
+
 VIR_FREE(secret);
 if (qemuProcessGetVolumeQcowPassphrase(conn,
vm->def->disks[i],
diff --git a/src/storage/storage_backend.c b/src/storage/storage_backend.c
index fd76e21..89d5962 100644
--- a/src/storage/storage_backend.c
+++ b/src/storage/storage_backend.c
@@ -1027,8 +1027,7 @@

[libvirt] [PATCH v2 11/15] storage: Add support to create a luks volume

2016-06-23 Thread John Ferlan 
Partially resolves:
https://bugzilla.redhat.com/show_bug.cgi?id=1301021

If the volume xml was looking to create a luks volume take the necessary
steps in order to make that happen.

The processing will be:
 1. create a temporary file in the storage driver state dir path
   1a. the file name will include the pool name, the volume name, secret,
   and XX for usage in the mkostemp call.
   1b. mkostemp the file, initially setting mode to 0600 with current
   effective uid:gid as owner
   1c. fetch the secret into a buffer and write that into the file
   1d. change file protections to 0400

 2. create a secret object
   2a. use an alias combinding the volume name and "_luks0"
   2b. add the file to the object

 3. create/add luks options to the commandline
   3a. at the very least a "key-secret" using the secret object alias
   3b. if found in the XML the various "cipher" and "ivgen" options

Signed-off-by: John Ferlan 
---
 src/libvirt_private.syms   |   1 +
 src/storage/storage_backend.c  | 260 ++---
 src/storage/storage_backend.h  |   3 +-
 src/util/virqemu.c |  23 
 src/util/virqemu.h |   6 +
 tests/storagevolxml2argvtest.c |   3 +-
 6 files changed, 275 insertions(+), 21 deletions(-)

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index b118d1e..9160b22 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2163,6 +2163,7 @@ virProcessWait;
 
 
 # util/virqemu.h
+virQEMUBuildLuksOpts;
 virQEMUBuildObjectCommandlineFromJSON;
 
 
diff --git a/src/storage/storage_backend.c b/src/storage/storage_backend.c
index 89d5962..8918f3e 100644
--- a/src/storage/storage_backend.c
+++ b/src/storage/storage_backend.c
@@ -55,11 +55,14 @@
 #include "viralloc.h"
 #include "internal.h"
 #include "secret_conf.h"
+#include "secret_util.h"
 #include "viruuid.h"
 #include "virstoragefile.h"
 #include "storage_backend.h"
 #include "virlog.h"
 #include "virfile.h"
+#include "virjson.h"
+#include "virqemu.h"
 #include "stat-time.h"
 #include "virstring.h"
 #include "virxml.h"
@@ -880,6 +883,7 @@ virStoragePloopResize(virStorageVolDefPtr vol,
 enum {
 QEMU_IMG_BACKING_FORMAT_OPTIONS = 0,
 QEMU_IMG_BACKING_FORMAT_OPTIONS_COMPAT,
+QEMU_IMG_FORMAT_LUKS,
 };
 
 static bool
@@ -907,6 +911,27 @@ virStorageBackendQemuImgSupportsCompat(const char *qemuimg)
 return ret;
 }
 
+
+static bool
+virStorageBackendQemuImgSupportsLuks(const char *qemuimg)
+{
+bool ret = false;
+int exitstatus = -1;
+virCommandPtr cmd = virCommandNewArgList(qemuimg, "create", "-o", "?",
+ "-f", "luks", "/dev/null", NULL);
+
+if (virCommandRun(cmd, ) < 0)
+goto cleanup;
+
+if (exitstatus == 0)
+ret = true;
+
+ cleanup:
+virCommandFree(cmd);
+return ret;
+}
+
+
 static int
 virStorageBackendQEMUImgBackingFormat(const char *qemuimg)
 {
@@ -915,12 +940,18 @@ virStorageBackendQEMUImgBackingFormat(const char *qemuimg)
  * out what else we have */
 int ret = QEMU_IMG_BACKING_FORMAT_OPTIONS;
 
-/* QEMU 2.0 changed to using a format that only QEMU 1.1 and newer
- * understands. Since we still support QEMU 0.12 and newer, we need
- * to be able to handle the previous format as can be set via a
- * compat=0.10 option. */
-if (virStorageBackendQemuImgSupportsCompat(qemuimg))
-ret = QEMU_IMG_BACKING_FORMAT_OPTIONS_COMPAT;
+/* QEMU 2.6 added support for luks - let's check for that.
+ * If available, then we can also assume OPTIONS_COMPAT is present */
+if (virStorageBackendQemuImgSupportsLuks(qemuimg)) {
+ret = QEMU_IMG_FORMAT_LUKS;
+} else {
+/* QEMU 2.0 changed to using a format that only QEMU 1.1 and newer
+ * understands. Since we still support QEMU 0.12 and newer, we need
+ * to be able to handle the previous format as can be set via a
+ * compat=0.10 option. */
+if (virStorageBackendQemuImgSupportsCompat(qemuimg))
+ret = QEMU_IMG_BACKING_FORMAT_OPTIONS_COMPAT;
+}
 
 return ret;
 }
@@ -941,21 +972,31 @@ struct _virStorageBackendQemuImgInfo {
 const char *inputPath;
 const char *inputFormatStr;
 int inputFormat;
+
+char *secretAlias;
+const char *secretPath;
 };
 
+
 static int
-virStorageBackendCreateQemuImgOpts(char **opts,
+virStorageBackendCreateQemuImgOpts(virStorageEncryptionPtr enc,
+   char **opts,
struct _virStorageBackendQemuImgInfo info)
 {
 virBuffer buf = VIR_BUFFER_INITIALIZER;
 
-if (info.backingPath)
-virBufferAsprintf(, "backing_fmt=%s,",
-  
virStorageFileFormatTypeToString(info.backingFormat));
-if (info.encryption)
-virBufferAddLit(, "encryption=on,");
-if (info.preallocate)
-virBufferAddLit(, "preallocation=metadata,");
+if (info.format ==

[libvirt] [PATCH v2 02/15] qemu: Remove authdef from secret setup

2016-06-23 Thread John Ferlan 
Rather than pass authdef, pass the 'authdef->username' and the
'>secdef'

Note that a username may be NULL.

Signed-off-by: John Ferlan 
---
 src/qemu/qemu_domain.c | 38 +++---
 1 file changed, 23 insertions(+), 15 deletions(-)

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index ca49db1..dca8970 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -815,7 +815,8 @@ qemuDomainHostdevPrivateDispose(void *obj)
  * @conn: Pointer to connection
  * @secinfo: Pointer to secret info
  * @secretUsageType: The virSecretUsageType
- * @authdef: Pointer to auth data
+ * @username: username to use for authentication (may be NULL)
+ * @seclookupdef: Pointer to seclookupdef data
  *
  * Taking a secinfo, fill in the plaintext information
  *
@@ -825,14 +826,14 @@ static int
 qemuDomainSecretPlainSetup(virConnectPtr conn,
qemuDomainSecretInfoPtr secinfo,
virSecretUsageType secretUsageType,
-   virStorageAuthDefPtr authdef)
+   const char *username,
+   virSecretLookupTypeDefPtr seclookupdef)
 {
 secinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_PLAIN;
-if (VIR_STRDUP(secinfo->s.plain.username, authdef->username) < 0)
+if (VIR_STRDUP(secinfo->s.plain.username, username) < 0)
 return -1;
 
-return virSecretGetSecretString(conn, >seclookupdef,
-secretUsageType,
+return virSecretGetSecretString(conn, seclookupdef, secretUsageType,
 >s.plain.secret,
 >s.plain.secretlen);
 }
@@ -844,7 +845,8 @@ qemuDomainSecretPlainSetup(virConnectPtr conn,
  * @secinfo: Pointer to secret info
  * @srcalias: Alias of the disk/hostdev used to generate the secret alias
  * @secretUsageType: The virSecretUsageType
- * @authdef: Pointer to auth data
+ * @username: username to use for authentication (may be NULL)
+ * @seclookupdef: Pointer to seclookupdef data
  *
  * Taking a secinfo, fill in the AES specific information using the
  *
@@ -856,7 +858,8 @@ qemuDomainSecretAESSetup(virConnectPtr conn,
  qemuDomainSecretInfoPtr secinfo,
  const char *srcalias,
  virSecretUsageType secretUsageType,
- virStorageAuthDefPtr authdef)
+ const char *username,
+ virSecretLookupTypeDefPtr seclookupdef)
 {
 int ret = -1;
 uint8_t *raw_iv = NULL;
@@ -867,7 +870,7 @@ qemuDomainSecretAESSetup(virConnectPtr conn,
 size_t ciphertextlen = 0;
 
 secinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_AES;
-if (VIR_STRDUP(secinfo->s.aes.username, authdef->username) < 0)
+if (VIR_STRDUP(secinfo->s.aes.username, username) < 0)
 return -1;
 
 if (!(secinfo->s.aes.alias = qemuDomainGetSecretAESAlias(srcalias)))
@@ -882,7 +885,7 @@ qemuDomainSecretAESSetup(virConnectPtr conn,
 goto cleanup;
 
 /* Grab the unencoded secret */
-if (virSecretGetSecretString(conn, >seclookupdef, secretUsageType,
+if (virSecretGetSecretString(conn, seclookupdef, secretUsageType,
  , ) < 0)
 goto cleanup;
 
@@ -917,7 +920,8 @@ qemuDomainSecretAESSetup(virConnectPtr conn,
  * @secinfo: Pointer to secret info
  * @srcalias: Alias of the disk/hostdev used to generate the secret alias
  * @secretUsageType: The virSecretUsageType
- * @authdef: Pointer to auth data
+ * @username: username to use for authentication (may be NULL)
+ * @seclookupdef: Pointer to seclookupdef data
  *
  * If we have the encryption API present and can support a secret object, then
  * build the AES secret; otherwise, build the Plain secret. This is the magic
@@ -932,17 +936,19 @@ qemuDomainSecretSetup(virConnectPtr conn,
   qemuDomainSecretInfoPtr secinfo,
   const char *srcalias,
   virSecretUsageType secretUsageType,
-  virStorageAuthDefPtr authdef)
+  const char *username,
+  virSecretLookupTypeDefPtr seclookupdef)
 {
 if (virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC) &&
 virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET) &&
 secretUsageType == VIR_SECRET_USAGE_TYPE_CEPH) {
 if (qemuDomainSecretAESSetup(conn, priv, secinfo, srcalias,
- secretUsageType, authdef) < 0)
+ secretUsageType, username,
+ seclookupdef) < 0)
 return -1;
 } else {
 if (qemuDomainSecretPlainSetup(conn, secinfo, secretUsageType,
-   authdef) < 0)
+   username, seclookupdef) < 0)
 return -1;
 }
 return 0;
@@ -999,7 +1005,8

[libvirt] [PATCH v2 00/15] Add support for LUKS encrypted devices

2016-06-23 Thread John Ferlan 
v1: http://www.redhat.com/archives/libvir-list/2016-June/msg00804.html

Differences since v1 (beyond those patches already pushed)

Patch 1: Adjust via recent comments for patch 8 of previous series
Patch 2: Already ACK'd, adjust slightly based on merge conflicts 
Patch 3: Used to be patch 14
  - Use VIR_SECRET_USAGE_TYPE_PASSPHRASE  (instead of _KEY)
  - Use "usage.id" (instead of "usage.key")

Patch 4: Used by be patch 11 (wasn't reviewed)

Patch 5: Split from patch 13 for separate endian code to read a 16 bit value

Patch 6: NEW - based slightly on former patch 12
  - No longer use cryptType
  - Use versionSize instead in order to decode verision data as 16 or 32 bits

Patch 7: Former patch 13 with adjustments based on previous patches

Patch 8-9: Former patch 15-16 w/ adjustments from review and to keep up with
   other changes

Patch 10: NEW - Reaction to former patch 17 comments with respect to a
   file name.  Need a way to build a path to temporarily save the secret
   where that path is not in the pool.  Chose the "stateDir", but since
   storage_driver is the only place that knows, added helper API to access.

Patch 11: Former patch 17 with adjustments from code review and to handle
   other changes so far

Patches 12-14: NEW - Really a bug fix submitted as a separate patch
   (although there are a few differences here), but I need it for patch 15

Patch 15: Former patch 19 plus adjustments for hotplug.


John Ferlan (15):
  qemu: Change protocol parameter for secret setup
  qemu: Remove authdef from secret setup
  conf: Add new secret type "passphrase"
  util: Add 'usage' for encryption
  util: Introduce virReadBufInt16LE and virReadBufInt16BE
  util: Modify the FileTypeInfo to add a version size
  util: Add 'luks' to the FileTypeInfo
  encryption: Add luks parsing for storageencryption
  encryption: Add  and  to encryption
  storage: Introduce virStoragePoolObjBuildTempFilePath
  storage: Add support to create a luks volume
  qemu: Remove type from qemuBuildSecretInfoProps
  qemu: Make qemuBuildSecretInfoProps global
  qemu: Add secinfo for hotplug virtio disk
  qemu: Add luks support for domain disk

 docs/aclpolkit.html.in |   4 +
 docs/formatsecret.html.in  |  62 -
 docs/formatstorageencryption.html.in   | 116 -
 docs/schemas/secret.rng|  10 +
 docs/schemas/storagecommon.rng |  57 -
 include/libvirt/libvirt-secret.h   |   3 +-
 src/access/viraccessdriverpolkit.c |  13 +
 src/conf/domain_conf.c |  11 +
 src/conf/secret_conf.c |  26 +-
 src/conf/secret_conf.h |   1 +
 src/conf/virsecretobj.c|   5 +
 src/libvirt_private.syms   |   1 +
 src/qemu/qemu_command.c|  23 +-
 src/qemu/qemu_command.h|   4 +
 src/qemu/qemu_domain.c | 126 +-
 src/qemu/qemu_hotplug.c| 107 -
 src/qemu/qemu_process.c|  19 +-
 src/storage/storage_backend.c  | 266 +++--
 src/storage/storage_backend.h  |   3 +-
 src/storage/storage_backend_fs.c   |  10 +-
 src/storage/storage_backend_gluster.c  |   2 +
 src/storage/storage_driver.c   |  24 ++
 src/storage/storage_driver.h   |   6 +-
 src/util/virendian.h   |  24 ++
 src/util/virqemu.c |  23 ++
 src/util/virqemu.h |   6 +
 src/util/virstorageencryption.c| 152 ++--
 src/util/virstorageencryption.h|  17 +-
 src/util/virstoragefile.c  |  84 +--
 src/util/virstoragefile.h  |   1 +
 .../qemuxml2argv-encrypted-disk-usage.args |  24 ++
 .../qemuxml2argv-encrypted-disk-usage.xml  |  32 +++
 .../qemuxml2argv-luks-disk-cipher.args |  36 +++
 .../qemuxml2argv-luks-disk-cipher.xml  |  41 
 .../qemuxml2argvdata/qemuxml2argv-luks-disks.args  |  36 +++
 tests/qemuxml2argvdata/qemuxml2argv-luks-disks.xml |  41 
 tests/qemuxml2argvtest.c   |  12 +-
 .../qemuxml2xmlout-encrypted-disk-usage.xml|  36 +++
 .../qemuxml2xmlout-luks-disk-cipher.xml|  45 
 .../qemuxml2xmlout-luks-disks.xml  |  45 
 tests/qemuxml2xmltest.c|   3 +
 tests/secretxml2xmlin/usage-passphrase.xml |   7 +
 tests/secretxml2xmltest.c  |   1 +
 tests/storagevolxml2argvtest.c |   3 +-
 tests/storagevolxml2xmlin/vol-luks-cipher.xml  |  23 ++
 tests/storagevolxml2xmlin/vol-luks.xml

Re: [libvirt] [PATCH 0/7] Create a util/virsecret and add key usage secret

2016-06-23 Thread John Ferlan 


On 06/16/2016 07:08 AM, John Ferlan wrote:
> Extracted from the LUKS series (patches 4-9 and patch 14):
> 
> http://www.redhat.com/archives/libvir-list/2016-June/msg00804.html
> 
> with a couple of modifications as I working through the TLS code...
> 
>  1. Instead of looking the LookupDef 'secdef', call it 'seclookupdef'
> (it's just clearer that way I think)
> 
>  2. Likewise, change the ParseSecret and FormatSecret to add "Lookup"
> 
> John Ferlan (7):
>   storage: Use virSecretGetSecretString
>   secret: Move virStorageSecretType and rename
>   util: Move and rename virStorageAuthDefParseSecret
>   util: Introduce virSecretFormatSecret
>   qemu: Change protocol parameter for secret setup
>   qemu: Remove authdef from secret setup
>   conf: Add new secret type "key"
> 
>  docs/aclpolkit.html.in  |   4 ++
>  docs/formatsecret.html.in   |  57 +++-
>  docs/schemas/secret.rng |  10 +++
>  include/libvirt/libvirt-secret.h|   3 +-
>  po/POTFILES.in  |   1 +
>  src/Makefile.am |   2 +
>  src/access/viraccessdriverpolkit.c  |  13 
>  src/conf/secret_conf.c  |  26 ++-
>  src/conf/secret_conf.h  |   3 +-
>  src/conf/virsecretobj.c |   5 ++
>  src/libvirt_private.syms|   7 ++
>  src/libxl/libxl_conf.c  |   2 +-
>  src/qemu/qemu_domain.c  | 131 
> ++--
>  src/secret/secret_util.c|  18 ++---
>  src/secret/secret_util.h|  10 +--
>  src/storage/storage_backend_iscsi.c |  54 +++
>  src/storage/storage_backend_rbd.c   |  49 ++
>  src/util/virsecret.c| 124 ++
>  src/util/virsecret.h|  56 +++
>  src/util/virstoragefile.c   | 103 +++-
>  src/util/virstoragefile.h   |  17 +
>  tests/qemuargv2xmltest.c|   4 +-
>  tests/secretxml2xmlin/usage-key.xml |   7 ++
>  tests/secretxml2xmltest.c   |   1 +
>  24 files changed, 451 insertions(+), 256 deletions(-)
>  create mode 100644 src/util/virsecret.c
>  create mode 100644 src/util/virsecret.h
>  create mode 100644 tests/secretxml2xmlin/usage-key.xml
> 

With Peter's review of the LUKS series, these no longer are necessary to
review separately.

John

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v2 01/15] qemu: Change protocol parameter for secret setup

2016-06-23 Thread John Ferlan 
Rather than assume/pass the protocol to the qemuDomainSecretPlainSetup
and qemuDomainSecretAESSetup, set and pass the secretUsageType based
on the src->protocol type. This will eventually be used by the
virSecretGetSecretString call

Signed-off-by: John Ferlan 
---
 src/qemu/qemu_domain.c | 62 --
 1 file changed, 20 insertions(+), 42 deletions(-)

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 4a5378f..ca49db1 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -814,7 +814,7 @@ qemuDomainHostdevPrivateDispose(void *obj)
 /* qemuDomainSecretPlainSetup:
  * @conn: Pointer to connection
  * @secinfo: Pointer to secret info
- * @protocol: Protocol for secret
+ * @secretUsageType: The virSecretUsageType
  * @authdef: Pointer to auth data
  *
  * Taking a secinfo, fill in the plaintext information
@@ -824,19 +824,15 @@ qemuDomainHostdevPrivateDispose(void *obj)
 static int
 qemuDomainSecretPlainSetup(virConnectPtr conn,
qemuDomainSecretInfoPtr secinfo,
-   virStorageNetProtocol protocol,
+   virSecretUsageType secretUsageType,
virStorageAuthDefPtr authdef)
 {
-int secretType = VIR_SECRET_USAGE_TYPE_ISCSI;
-
 secinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_PLAIN;
 if (VIR_STRDUP(secinfo->s.plain.username, authdef->username) < 0)
 return -1;
 
-if (protocol == VIR_STORAGE_NET_PROTOCOL_RBD)
-secretType = VIR_SECRET_USAGE_TYPE_CEPH;
-
-return virSecretGetSecretString(conn, >seclookupdef, secretType,
+return virSecretGetSecretString(conn, >seclookupdef,
+secretUsageType,
 >s.plain.secret,
 >s.plain.secretlen);
 }
@@ -847,7 +843,7 @@ qemuDomainSecretPlainSetup(virConnectPtr conn,
  * @priv: pointer to domain private object
  * @secinfo: Pointer to secret info
  * @srcalias: Alias of the disk/hostdev used to generate the secret alias
- * @protocol: Protocol for secret
+ * @secretUsageType: The virSecretUsageType
  * @authdef: Pointer to auth data
  *
  * Taking a secinfo, fill in the AES specific information using the
@@ -859,7 +855,7 @@ qemuDomainSecretAESSetup(virConnectPtr conn,
  qemuDomainObjPrivatePtr priv,
  qemuDomainSecretInfoPtr secinfo,
  const char *srcalias,
- virStorageNetProtocol protocol,
+ virSecretUsageType secretUsageType,
  virStorageAuthDefPtr authdef)
 {
 int ret = -1;
@@ -869,34 +865,11 @@ qemuDomainSecretAESSetup(virConnectPtr conn,
 size_t secretlen = 0;
 uint8_t *ciphertext = NULL;
 size_t ciphertextlen = 0;
-int secretType = VIR_SECRET_USAGE_TYPE_NONE;
 
 secinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_AES;
 if (VIR_STRDUP(secinfo->s.aes.username, authdef->username) < 0)
 return -1;
 
-switch ((virStorageNetProtocol)protocol) {
-case VIR_STORAGE_NET_PROTOCOL_RBD:
-secretType = VIR_SECRET_USAGE_TYPE_CEPH;
-break;
-
-case VIR_STORAGE_NET_PROTOCOL_NONE:
-case VIR_STORAGE_NET_PROTOCOL_NBD:
-case VIR_STORAGE_NET_PROTOCOL_SHEEPDOG:
-case VIR_STORAGE_NET_PROTOCOL_GLUSTER:
-case VIR_STORAGE_NET_PROTOCOL_ISCSI:
-case VIR_STORAGE_NET_PROTOCOL_HTTP:
-case VIR_STORAGE_NET_PROTOCOL_HTTPS:
-case VIR_STORAGE_NET_PROTOCOL_FTP:
-case VIR_STORAGE_NET_PROTOCOL_FTPS:
-case VIR_STORAGE_NET_PROTOCOL_TFTP:
-case VIR_STORAGE_NET_PROTOCOL_LAST:
-virReportError(VIR_ERR_INTERNAL_ERROR,
-   _("protocol '%s' cannot be used for encrypted secrets"),
-   virStorageNetProtocolTypeToString(protocol));
-return -1;
-}
-
 if (!(secinfo->s.aes.alias = qemuDomainGetSecretAESAlias(srcalias)))
 return -1;
 
@@ -909,7 +882,7 @@ qemuDomainSecretAESSetup(virConnectPtr conn,
 goto cleanup;
 
 /* Grab the unencoded secret */
-if (virSecretGetSecretString(conn, >seclookupdef, secretType,
+if (virSecretGetSecretString(conn, >seclookupdef, secretUsageType,
  , ) < 0)
 goto cleanup;
 
@@ -943,7 +916,7 @@ qemuDomainSecretAESSetup(virConnectPtr conn,
  * @priv: pointer to domain private object
  * @secinfo: Pointer to secret info
  * @srcalias: Alias of the disk/hostdev used to generate the secret alias
- * @protocol: Protocol for secret
+ * @secretUsageType: The virSecretUsageType
  * @authdef: Pointer to auth data
  *
  * If we have the encryption API present and can support a secret object, then
@@ -958,17 +931,18 @@ qemuDomainSecretSetup(virConnectPtr conn,
   qemuDomainObjPrivatePtr priv,
   qemuDomainSecretInfoPtr secinfo,
   const char *srcalias,
-

[libvirt] [PATCH v2 05/15] util: Introduce virReadBufInt16LE and virReadBufInt16BE

2016-06-23 Thread John Ferlan 
In order to read 16 bits of data in the native format and convert add
the 16 bit macros to match existing 32 and 64 bit code.

Signed-off-by: John Ferlan 
---
 src/util/virendian.h  | 24 
 tests/virendiantest.c | 18 ++
 2 files changed, 42 insertions(+)

diff --git a/src/util/virendian.h b/src/util/virendian.h
index eefe48c..97940bd 100644
--- a/src/util/virendian.h
+++ b/src/util/virendian.h
@@ -90,4 +90,28 @@
  ((uint32_t)(uint8_t)((buf)[2]) << 16) | \
  ((uint32_t)(uint8_t)((buf)[3]) << 24))
 
+/**
+ * virReadBufInt16BE:
+ * @buf: byte to start reading at (can be 'char*' or 'unsigned char*');
+ *   evaluating buf must not have any side effects
+ *
+ * Read 2 bytes at BUF as a big-endian 16-bit number.  Caller is
+ * responsible to avoid reading beyond array bounds.
+ */
+# define virReadBufInt16BE(buf)  \
+(((uint16_t)(uint8_t)((buf)[0]) << 8) |  \
+ (uint16_t)(uint8_t)((buf)[1]))
+
+/**
+ * virReadBufInt16LE:
+ * @buf: byte to start reading at (can be 'char*' or 'unsigned char*');
+ *   evaluating buf must not have any side effects
+ *
+ * Read 2 bytes at BUF as a little-endian 16-bit number.  Caller is
+ * responsible to avoid reading beyond array bounds.
+ */
+# define virReadBufInt16LE(buf)  \
+((uint16_t)(uint8_t)((buf)[0]) | \
+ ((uint16_t)(uint8_t)((buf)[1]) << 8))
+
 #endif /* __VIR_ENDIAN_H__ */
diff --git a/tests/virendiantest.c b/tests/virendiantest.c
index 4072507..f858e5c 100644
--- a/tests/virendiantest.c
+++ b/tests/virendiantest.c
@@ -50,6 +50,15 @@ test1(const void *data ATTRIBUTE_UNUSED)
 if (virReadBufInt32LE(array + 9) != 0x8d8c8b8aU)
 goto cleanup;
 
+if (virReadBufInt16BE(array) != 0x0102U)
+goto cleanup;
+if (virReadBufInt16BE(array + 11) != 0x8c8dU)
+goto cleanup;
+if (virReadBufInt16LE(array) != 0x0201U)
+goto cleanup;
+if (virReadBufInt16LE(array + 11) != 0x8d8cU)
+goto cleanup;
+
 ret = 0;
  cleanup:
 return ret;
@@ -81,6 +90,15 @@ test2(const void *data ATTRIBUTE_UNUSED)
 if (virReadBufInt32LE(array + 9) != 0x8d8c8b8aU)
 goto cleanup;
 
+if (virReadBufInt16BE(array) != 0x0102U)
+goto cleanup;
+if (virReadBufInt16BE(array + 11) != 0x8c8dU)
+goto cleanup;
+if (virReadBufInt16LE(array) != 0x0201U)
+goto cleanup;
+if (virReadBufInt16LE(array + 11) != 0x8d8cU)
+goto cleanup;
+
 ret = 0;
  cleanup:
 return ret;
-- 
2.5.5

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v2 03/15] conf: Add new secret type "passphrase"

2016-06-23 Thread John Ferlan 
Add a new secret type known as "passphrase" - it will handle adding the
secret objects that need a passphrase without a specific username.

The format is:

   
 ...
 ...
 
   mumblyfratz
 
   

Signed-off-by: John Ferlan 
---
 docs/aclpolkit.html.in |  4 +++
 docs/formatsecret.html.in  | 57 --
 docs/schemas/secret.rng| 10 ++
 include/libvirt/libvirt-secret.h   |  3 +-
 src/access/viraccessdriverpolkit.c | 13 +++
 src/conf/secret_conf.c | 26 +-
 src/conf/secret_conf.h |  1 +
 src/conf/virsecretobj.c|  5 +++
 tests/secretxml2xmlin/usage-passphrase.xml |  7 
 tests/secretxml2xmltest.c  |  1 +
 10 files changed, 123 insertions(+), 4 deletions(-)
 create mode 100644 tests/secretxml2xmlin/usage-passphrase.xml

diff --git a/docs/aclpolkit.html.in b/docs/aclpolkit.html.in
index dae0814..1d31b6d 100644
--- a/docs/aclpolkit.html.in
+++ b/docs/aclpolkit.html.in
@@ -224,6 +224,10 @@
   secret_usage_target
   Name of the associated iSCSI target, if any
 
+
+  secret_usage_id
+  Name of be associated passphrase secret, if any
+
   
 
 
diff --git a/docs/formatsecret.html.in b/docs/formatsecret.html.in
index 599cb38..79c4082 100644
--- a/docs/formatsecret.html.in
+++ b/docs/formatsecret.html.in
@@ -41,8 +41,9 @@
   
 Specifies what this secret is used for.  A mandatory
 type attribute specifies the usage category, currently
-only volume, ceph and iscsi
-are defined. Specific usage categories are described below.
+only volume, ceph, iscsi,
+and passphrase are defined. Specific usage categories
+are described below.
   
 
 
@@ -241,5 +242,57 @@
 secret usage='libvirtiscsi'/
   /auth
 
+
+Usage type "passphrase"
+
+
+  This secret is a general purpose secret to be used by various libvirt
+  objects to provide a single passphrase as required by the object in
+  order to perform its authentication.
+  Since 2.0.0. The following is an example
+  of a secret.xml file:
+
+
+
+  # cat secret.xml
+  secret ephemeral='no' private='yes'
+ descriptionsample passphrase secret/description
+ usage type='passphrase'
+idid_example/id
+ /usage
+  /secret
+
+  # virsh secret-define secret.xml
+  Secret 718c71bd-67b5-4a2b-87ec-a24e8ca200dc created
+
+  # virsh secret-list
+  UUID Usage
+  ---
+   718c71bd-67b5-4a2b-87ec-a24e8ca200dc  passphrase  id_example
+  #
+
+
+
+
+  A secret may also be defined via the
+  
+   virSecretDefineXML API.
+
+  Once the secret is defined, a secret value will need to be set. This
+  value would be the same used to create and use the volume.
+  The following is a simple example of using
+  virsh secret-set-value to set the secret value. The
+  
+  virSecretSetValue API may also be used to set
+  a more secure secret without using printable/readable characters.
+
+
+
+  # MYSECRET=`printf %s "letmein" | base64`
+  # virsh secret-set-value 718c71bd-67b5-4a2b-87ec-a24e8ca200dc $MYSECRET
+  Secret value set
+
+
+
   
 
diff --git a/docs/schemas/secret.rng b/docs/schemas/secret.rng
index e21e700..fc188ba 100644
--- a/docs/schemas/secret.rng
+++ b/docs/schemas/secret.rng
@@ -36,6 +36,7 @@
   
   
   
+  
   
 
   
@@ -71,4 +72,13 @@
 
   
 
+  
+
+  passphrase
+
+
+  
+
+  
+
 
diff --git a/include/libvirt/libvirt-secret.h b/include/libvirt/libvirt-secret.h
index 3e5cdf6..55b11e0 100644
--- a/include/libvirt/libvirt-secret.h
+++ b/include/libvirt/libvirt-secret.h
@@ -4,7 +4,7 @@
  * Description: Provides APIs for the management of secrets
  * Author: Daniel Veillard 
  *
- * Copyright (C) 2006-2014 Red Hat, Inc.
+ * Copyright (C) 2006-2014, 2016 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -43,6 +43,7 @@ typedef enum {
 VIR_SECRET_USAGE_TYPE_VOLUME = 1,
 VIR_SECRET_USAGE_TYPE_CEPH = 2,
 VIR_SECRET_USAGE_TYPE_ISCSI = 3,
+VIR_SECRET_USAGE_TYPE_PASSPHRASE = 4,
 
 # ifdef VIR_ENUM_SENTINELS
 VIR_SECRET_USAGE_TYPE_LAST
diff --git a/src/access/viraccessdriverpolkit.c 
b/src/access/viraccessdriverpolkit.c
index 89bc890..1f955f0 100644
--- a/src/access/viraccessdriverpolkit.c
+++ b/src/access/viraccessdriverpolkit.c
@@ -338,6 +338,19 @@ virAccessDriverPolkitCheckSecret(virAccessManagerPtr 
manager,

[libvirt] [PATCH v2 06/15] util: Modify the FileTypeInfo to add a version size

2016-06-23 Thread John Ferlan 
The version field historically has been a 4 byte data; however, an upcoming
new type will use a 2 byte version.  So let's adjust for that now.

Signed-off-by: John Ferlan 
---
 src/util/virstoragefile.c | 60 +--
 1 file changed, 37 insertions(+), 23 deletions(-)

diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c
index de4955b..37e9798 100644
--- a/src/util/virstoragefile.c
+++ b/src/util/virstoragefile.c
@@ -1,7 +1,7 @@
 /*
  * virstoragefile.c: file utility functions for FS storage backend
  *
- * Copyright (C) 2007-2014 Red Hat, Inc.
+ * Copyright (C) 2007-2014, 2016 Red Hat, Inc.
  * Copyright (C) 2007-2008 Daniel P. Berrange
  *
  * This library is free software; you can redistribute it and/or
@@ -120,10 +120,12 @@ struct FileTypeInfo {
  * to check at head of file */
 const char *extension; /* Optional file extension to check */
 enum lv_endian endian; /* Endianness of file format */
+
 int versionOffset;/* Byte offset from start of file
* where we find version number,
* -1 to always fail the version test,
* -2 to always pass the version test */
+int versionSize;  /* Size in bytes of version data (0, 2, or 4) */
 int versionNumbers[FILE_TYPE_VERSIONS_LAST];
   /* Version numbers to validate. Zeroes are ignored. 
*/
 int sizeOffset;   /* Byte offset from start of file
@@ -189,15 +191,15 @@ qedGetBackingStore(char **, int *, const char *, size_t);
 
 static struct FileTypeInfo const fileTypeInfo[] = {
 [VIR_STORAGE_FILE_NONE] = { 0, NULL, NULL, LV_LITTLE_ENDIAN,
--1, {0}, 0, 0, 0, 0, NULL, NULL },
+-1, 0, {0}, 0, 0, 0, 0, NULL, NULL },
 [VIR_STORAGE_FILE_RAW] = { 0, NULL, NULL, LV_LITTLE_ENDIAN,
-   -1, {0}, 0, 0, 0, 0, NULL, NULL },
+   -1, 0, {0}, 0, 0, 0, 0, NULL, NULL },
 [VIR_STORAGE_FILE_DIR] = { 0, NULL, NULL, LV_LITTLE_ENDIAN,
-   -1, {0}, 0, 0, 0, 0, NULL, NULL },
+   -1, 0, {0}, 0, 0, 0, 0, NULL, NULL },
 [VIR_STORAGE_FILE_BOCHS] = {
 /*"Bochs Virtual HD Image", */ /* Untested */
 0, NULL, NULL,
-LV_LITTLE_ENDIAN, 64, {0x2},
+LV_LITTLE_ENDIAN, 64, 4, {0x2},
 32+16+16+4+4+4+4+4, 8, 1, -1, NULL, NULL
 },
 [VIR_STORAGE_FILE_CLOOP] = {
@@ -206,7 +208,7 @@ static struct FileTypeInfo const fileTypeInfo[] = {
modprobe cloop file=$0 && mount -r -t iso9660 /dev/cloop $1
 */ /* Untested */
 0, NULL, NULL,
-LV_LITTLE_ENDIAN, -1, {0},
+LV_LITTLE_ENDIAN, -1, 0, {0},
 -1, 0, 0, -1, NULL, NULL
 },
 [VIR_STORAGE_FILE_DMG] = {
@@ -214,60 +216,60 @@ static struct FileTypeInfo const fileTypeInfo[] = {
  * /usr/share/misc/magic lists double magic (both offsets
  * would have to match) but then disables that check. */
 0, NULL, ".dmg",
-0, -1, {0},
+0, -1, 0, {0},
 -1, 0, 0, -1, NULL, NULL
 },
 [VIR_STORAGE_FILE_ISO] = {
 32769, "CD001", ".iso",
-LV_LITTLE_ENDIAN, -2, {0},
+LV_LITTLE_ENDIAN, -2, 0, {0},
 -1, 0, 0, -1, NULL, NULL
 },
 [VIR_STORAGE_FILE_VPC] = {
 0, "conectix", NULL,
-LV_BIG_ENDIAN, 12, {0x1},
+LV_BIG_ENDIAN, 12, 4, {0x1},
 8 + 4 + 4 + 8 + 4 + 4 + 2 + 2 + 4, 8, 1, -1, NULL, NULL
 },
 /* TODO: add getBackingStore function */
 [VIR_STORAGE_FILE_VDI] = {
 64, "\x7f\x10\xda\xbe", ".vdi",
-LV_LITTLE_ENDIAN, 68, {0x00010001},
+LV_LITTLE_ENDIAN, 68, 4, {0x00010001},
 64 + 5 * 4 + 256 + 7 * 4, 8, 1, -1, NULL, NULL},
 
 /* Not direct file formats, but used for various drivers */
 [VIR_STORAGE_FILE_FAT] = { 0, NULL, NULL, LV_LITTLE_ENDIAN,
-   -1, {0}, 0, 0, 0, 0, NULL, NULL },
+   -1, 0, {0}, 0, 0, 0, 0, NULL, NULL },
 [VIR_STORAGE_FILE_VHD] = { 0, NULL, NULL, LV_LITTLE_ENDIAN,
-   -1, {0}, 0, 0, 0, 0, NULL, NULL },
+   -1, 0, {0}, 0, 0, 0, 0, NULL, NULL },
 [VIR_STORAGE_FILE_PLOOP] = { 0, "WithouFreSpacExt", NULL, LV_LITTLE_ENDIAN,
- -2, {0}, PLOOP_IMAGE_SIZE_OFFSET, 0,
+ -2, 0, {0}, PLOOP_IMAGE_SIZE_OFFSET, 0,
  PLOOP_SIZE_MULTIPLIER, -1, NULL, NULL },
 
 /* All formats with a backing store probe below here */
 [VIR_STORAGE_FILE_COW] = {
 0, "OOOM", NULL,
-LV_BIG_ENDIAN, 4, {2},
+LV_BIG_ENDIAN, 4, 4, {2},
 4+4+1024+4, 8, 1, -1, cowGetBackingStore, NULL
 },
 [VIR_STORAGE_FILE_QCOW] = {
 0, "QFI", NULL,
-

[libvirt] [PATCH v2 04/15] util: Add 'usage' for encryption

2016-06-23 Thread John Ferlan 
In order to use more common code and set up for a future type, modify the
encryption secret to allow the "usage" attribute or the "uuid" attribute
to define the secret. The "usage" in the case of a volume secret would be
the path to the volume.

This code will make use of the virSecretLookup{Parse|Format}Secret common code.

Signed-off-by: John Ferlan 
---
 docs/formatstorageencryption.html.in   | 15 ++---
 docs/schemas/storagecommon.rng | 11 +--
 src/qemu/qemu_process.c| 13 +++-
 src/storage/storage_backend.c  |  3 +-
 src/storage/storage_backend_fs.c   |  3 +-
 src/util/virstorageencryption.c| 26 ++--
 src/util/virstorageencryption.h|  3 +-
 .../qemuxml2argv-encrypted-disk-usage.args | 24 +++
 .../qemuxml2argv-encrypted-disk-usage.xml  | 32 +++
 tests/qemuxml2argvtest.c   |  1 +
 .../qemuxml2xmlout-encrypted-disk-usage.xml| 36 ++
 tests/qemuxml2xmltest.c|  1 +
 12 files changed, 132 insertions(+), 36 deletions(-)
 create mode 100644 
tests/qemuxml2argvdata/qemuxml2argv-encrypted-disk-usage.args
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-encrypted-disk-usage.xml
 create mode 100644 
tests/qemuxml2xmloutdata/qemuxml2xmlout-encrypted-disk-usage.xml

diff --git a/docs/formatstorageencryption.html.in 
b/docs/formatstorageencryption.html.in
index 04c3346..fae86eb 100644
--- a/docs/formatstorageencryption.html.in
+++ b/docs/formatstorageencryption.html.in
@@ -25,10 +25,17 @@
 
   The encryption tag can currently contain a sequence of
   secret tags, each with mandatory attributes 
type
-  and uuid.  The only currently defined value of
-  type is passphrase.  uuid
-  refers to a secret known to libvirt.  libvirt can use a secret value
-  previously set using virSecretSetValue(), or, if supported
+  and either uuid or
+  usage (since 2.0.0).
+  The only currently defined value of
+  type is passphrase. The uuid
+  refers to a secret known to libvirt by it's "uuid" value (from the
+  output of a virsh secret-list.  The usage
+  is the path to the volume as it appears in the volume
+  source element. A secret value can be set in libvirt by
+  using either virsh secret-set-value or the
+  
+  virSecretSetValue API. Alternatively, if supported
   by the particular volume format and driver, automatically generate a
   secret value at the time of volume creation, and store it using the
   specified uuid.
diff --git a/docs/schemas/storagecommon.rng b/docs/schemas/storagecommon.rng
index 7c04462..c5b71de 100644
--- a/docs/schemas/storagecommon.rng
+++ b/docs/schemas/storagecommon.rng
@@ -27,9 +27,14 @@
   passphrase
 
   
-  
-
-  
+  
+
+  
+
+
+  
+
+  
 
   
 
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 63da600..7d56ec8 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -70,6 +70,7 @@
 #include "virnuma.h"
 #include "virstring.h"
 #include "virhostdev.h"
+#include "secret_util.h"
 #include "storage/storage_driver.h"
 #include "configmake.h"
 #include "nwfilter_conf.h"
@@ -377,7 +378,6 @@ qemuProcessGetVolumeQcowPassphrase(virConnectPtr conn,
char **secretRet,
size_t *secretLen)
 {
-virSecretPtr secret;
 char *passphrase;
 unsigned char *data;
 size_t size;
@@ -416,14 +416,9 @@ qemuProcessGetVolumeQcowPassphrase(virConnectPtr conn,
 goto cleanup;
 }
 
-secret = conn->secretDriver->secretLookupByUUID(conn,
-enc->secrets[0]->uuid);
-if (secret == NULL)
-goto cleanup;
-data = conn->secretDriver->secretGetValue(secret, , 0,
-  
VIR_SECRET_GET_VALUE_INTERNAL_CALL);
-virObjectUnref(secret);
-if (data == NULL)
+if (virSecretGetSecretString(conn, >secrets[0]->seclookupdef,
+ VIR_SECRET_USAGE_TYPE_VOLUME,
+ , ) < 0)
 goto cleanup;
 
 if (memchr(data, '\0', size) != NULL) {
diff --git a/src/storage/storage_backend.c b/src/storage/storage_backend.c
index d041530..fd76e21 100644
--- a/src/storage/storage_backend.c
+++ b/src/storage/storage_backend.c
@@ -648,7 +648,8 @@ virStorageGenerateQcowEncryption(virConnectPtr conn,
 goto cleanup;
 
 enc_secret->type = VIR_STORAGE_ENCRYPTION_SECRET_TYPE_PASSPHRASE;
-memcpy(enc_secret->uuid, secret->uuid, VIR_UUID_BUFLEN);
+enc_secret->seclookupdef.type = VIR_SECRET_LOOKUP_TYPE_UUID;
+memcpy(enc_secret->seclookupdef.u.uuid, secret->uuid,

Re: [libvirt] [Qemu-devel] [PATCH 2/3] target-i386: Introduce x86_cpu_load_host_data() function

2016-06-23 Thread Igor Mammedov 
On Thu, 23 Jun 2016 13:04:53 -0300
Eduardo Habkost  wrote:

> On Thu, Jun 23, 2016 at 04:59:28PM +0200, Igor Mammedov wrote:
> > On Mon, 20 Jun 2016 17:12:43 -0300
> > Eduardo Habkost  wrote:
> > 
> > > The code that loads host-specific information inside
> > > x86_cpu_realizefn() will be reused by the implementation of
> > > query-host-cpu, so move it to a separate function.
> > > 
> > > Signed-off-by: Eduardo Habkost 
> > > ---
> > >  target-i386/cpu.c | 23 ---
> > >  1 file changed, 16 insertions(+), 7 deletions(-)
> > > 
> > > diff --git a/target-i386/cpu.c b/target-i386/cpu.c
> > > index aadd0b9..3d3635d 100644
> > > --- a/target-i386/cpu.c
> > > +++ b/target-i386/cpu.c
> > > @@ -1491,6 +1491,20 @@ void x86_cpu_change_kvm_default(const char
> > > *prop, const char *value) static uint32_t
> > > x86_cpu_get_supported_feature_word(FeatureWord w, bool
> > > migratable_only); 
> > > +/* Load host-dependent CPU information, when applicable */
> > > +static void x86_cpu_load_host_data(X86CPU *cpu)
> > > +{
> > > +CPUX86State *env = >env;
> > > +FeatureWord w;
> > > +
> > > +if (cpu->host_features) {
> > > +for (w = 0; w < FEATURE_WORDS; w++) {
> > > +env->features[w] =
> > > +x86_cpu_get_supported_feature_word(w,
> > > cpu->migratable);
> > > +}
> > > +}
> > > +}
> > > +
> > >  #ifdef CONFIG_KVM
> > >  
> > >  static int cpu_x86_fill_model_id(char *str)
> > > @@ -3012,18 +3026,13 @@ static void x86_cpu_realizefn(DeviceState
> > > *dev, Error **errp) return;
> > >  }
> > >  
> > > +x86_cpu_load_host_data(cpu);
> > this function should be below TODO comment as it applies to moved
> > code.
> 
> It was on purpose. The comment is actually about the
> plus_features/minus_features code, that is the hack we want to
> remove after cpu->host_features is fixed.
> 
> Placing the comment before the x86_cpu_load_host_data() call
> wouldn't make sense, as the host_features code is now hidden
> inside the function.
> 
> > 
> > with this fixed
> > Reviewed-by: Igor Mammedov 
> 
> Considering the above explanation, do you prefer that I keep the
> patch as-is, or move the comment inside x86_cpu_load_host_data()?
I prefer comment inside call as it is related to bug introduced by
moving

env->features[w] = x86_cpu_get_supported_feature_word(w, cpu->migratable);

into x86_cpu_parse_featurestr() for initfn().

plus_features/minus_features code in realize are side affect of above
otherwise they could be converted at x86_cpu_parse_featurestr() time.

> 
> (I will not move it before the x86_cpu_load_host_data() call)
> 
> 
> > 
> > > +
> > >  /*TODO: cpu->host_features incorrectly overwrites features
> > >   * set using "feat=on|off". Once we fix this, we can convert
> > >   * plus_features & minus_features to global properties
> > >   * inside x86_cpu_parse_featurestr() too.
> > >   */
> > > -if (cpu->host_features) {
> > > -for (w = 0; w < FEATURE_WORDS; w++) {
> > > -env->features[w] =
> > > -x86_cpu_get_supported_feature_word(w,
> > > cpu->migratable);
> > > -}
> > > -}
> > > -
> > >  for (w = 0; w < FEATURE_WORDS; w++) {
> > >  cpu->env.features[w] |= plus_features[w];
> > >  cpu->env.features[w] &= ~minus_features[w];
> > 
> 

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [Qemu-devel] [PATCH 1/3] qmp: Add query-host-cpu command

2016-06-23 Thread Eduardo Habkost 
On Tue, Jun 21, 2016 at 03:48:58PM -0600, Eric Blake wrote:
> On 06/20/2016 02:12 PM, Eduardo Habkost wrote:
> > The command can be used to return host-specific CPU capabilities
> > information.
> > 
> > Signed-off-by: Eduardo Habkost 
> > ---
> >  include/sysemu/arch_init.h   |  1 +
> >  qapi-schema.json | 36 
> >  qmp-commands.hx  |  6 ++
> >  qmp.c| 13 +
> >  stubs/Makefile.objs  |  1 +
> >  stubs/arch-query-host-cpu-info.c |  8 
> >  6 files changed, 65 insertions(+)
> >  create mode 100644 stubs/arch-query-host-cpu-info.c
> > 
> > diff --git a/include/sysemu/arch_init.h b/include/sysemu/arch_init.h
> > index d690dfa..54215ab 100644
> > --- a/include/sysemu/arch_init.h
> > +++ b/include/sysemu/arch_init.h
> > @@ -35,5 +35,6 @@ int kvm_available(void);
> >  int xen_available(void);
> >  
> >  CpuDefinitionInfoList *arch_query_cpu_definitions(Error **errp);
> > +void arch_query_host_cpu_info(HostCPUInfo *r, bool migratable, Error 
> > **errp);
> >  
> >  #endif
> > diff --git a/qapi-schema.json b/qapi-schema.json
> > index 19e3ef2..d2f4879 100644
> > --- a/qapi-schema.json
> > +++ b/qapi-schema.json
> > @@ -3047,6 +3047,42 @@
> >  ##
> >  { 'command': 'query-cpu-definitions', 'returns': ['CpuDefinitionInfo'] }
> >  
> > +
> > +##
> > +# @HostCPUInfo:
> > +#
> > +# Information on CPU capabilities supported by the current host.
> > +#
> > +# @qom-properties: #optional Values of CPU QOM properties corresponding
> > +#  to CPU capabilities supported by the host.
> > +#
> > +# Most properties returned in qom-properties are boolean properties
> > +# indicating if a feature can be enabled in the current host. Other
> > +# non-boolean properties may be returned, the semantics of each property
> > +# depend on the architecture-specific code that handle them.
> > +#
> > +# Since: 2.7.0
> 
> Most places in .json files list just 'Since: x.y' rather than 'x.y.z',
> but we aren't consistent enough to insist either way on including or
> excluding a micro release number.
> 
> > +##
> > +{ 'struct': 'HostCPUInfo',
> > +  'data': { '*qom-properties': 'any' } }
> 
> This is a big hammer that makes the properties non-introspectible - a
> client can tell that properties will be returned, but cannot tell which
> properties to expect nor what format to expect for a given property
> name.  I don't know that the interface could be made easily
> introspectible or not (it would probably require some QAPI unions, and a
> LOT more generated code).  So it would be nice if we could explore how
> hard it would be to use a type-safe representation instead of 'any',
> before declaring that this is the best we can do.  Or, it may be the
> sign of a bigger issue that we have no good way to introspect what qom
> properties to expect, in general (and that solving that would also solve
> this).

What I thought libvirt needed is different from what I though, so
this series will be dropped by now (see the "s390x CPU models:
exposing features" thread). But your comments may still apply
when we look at the alternative "query-cpu-model-expansion"
proposal.

I believe QOM introspection is really the issue here. The CPU
configuration is already based on QOM properties. Manually
duplicating the existing QOM properties into the QAPI
representation would be a waste of time, IMO.

But I agree that the interface could be improved: we should
document very clearly what can be done with the QOM property list
being returned, and return only useful data. For example: we
could only return properties that really makes sense when used
with "-cpu" or "-global" (not every single QOM property), and
document that.

-- 
Eduardo

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] qemu: match controller index for LIVE+CONFIG when doing hotplug

2016-06-23 Thread Laine Stump 

On 06/23/2016 08:26 AM, Ján Tomko wrote:

On Wed, Jun 22, 2016 at 03:00:47PM -0400, Laine Stump wrote:

An attempt to attach a new scsi controller with both --live and
--config but without specifying an index, e.g.:

 

led to this error:

 internal error: Cannot parse controller index -1

This was because unspecified indexes are auto-assigned during
virDomainDefPostParse(), which doesn't happen for hotplugged devices
until after the device has been added to the domainDef, but
qemuDomainAttachFlags() makes a copy of the device (for feeding to
qemuDomainAttachDeviceLive() *before* it's added to the config, and
the copying function actually formats the device object and then
re-parses it into a new object.

Since qemuDomainAttachDeviceConfig() consumes the device object
pointer (i.e. sets it to NULL in the original virDomainDeviceDef) we
can't just wait to make the copy. Instead, we need to make a *shallow*
copy of the virDomainDeviceDef prior to
qemuDomainAttachDeviceConfig(), then make a deep copy of the shallow
copy.

This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1344899
---
src/qemu/qemu_driver.c | 31 ---
1 file changed, 20 insertions(+), 11 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index fa05046..f3e17e2 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -8199,6 +8199,7 @@ qemuDomainAttachDeviceFlags(virDomainPtr dom,
virDomainObjPtr vm = NULL;
virDomainDefPtr vmdef = NULL;
virDomainDeviceDefPtr dev = NULL, dev_copy = NULL;
+virDomainDeviceDef dev_shallow;
int ret = -1;
unsigned int parse_flags = VIR_DOMAIN_DEF_PARSE_INACTIVE |
   VIR_DOMAIN_DEF_PARSE_ABI_UPDATE;
@@ -8237,22 +8238,19 @@ qemuDomainAttachDeviceFlags(virDomainPtr dom,
if (dev == NULL)
goto endjob;

-if (flags & VIR_DOMAIN_AFFECT_CONFIG &&
-flags & VIR_DOMAIN_AFFECT_LIVE) {
-/* If we are affecting both CONFIG and LIVE
- * create a deep copy of device as adding
- * to CONFIG takes one instance.
- */
-dev_copy = virDomainDeviceDefCopy(dev, vm->def, caps, 
driver->xmlopt);

-if (!dev_copy)
-goto endjob;
-}
-
if (priv->qemuCaps)
qemuCaps = virObjectRef(priv->qemuCaps);
else if (!(qemuCaps = 
virQEMUCapsCacheLookup(driver->qemuCapsCache, vm->def->emulator)))

goto endjob;

+/* Save away the pointer to the device object before it is
+ * potentially swallowed up by qemuDomainAttachDeviceConfig().
+ * This will allow us to make a copy of the device after any
+ * modifications made by virDomainDefPostParse() (which is called
+ * after the new device is added to the config
+ */
+dev_shallow = *dev;
+


This looks fragile and complicated, and I've already managed to break it
with the XML you provided:

$ virsh attach-device f24 cont --live
Device attached successfully

$ virsh attach-device f24 cont --live --config
error: Failed to attach device from cont
error: operation failed: target scsi:1 already exists


Yeah, I noticed that too just before I posted, and am still thinking 
about how to solve it, but I still think the situation is one step 
better with this patch in place (although it does have a similar effect 
on --live + --config attachment of PCI devices - changing from one 
improper behavior to another. Sigh.)


This all comes down to a more general problem that I offhandledly 
mentioned in an email with Tomasz Flendrich (the GSoC student working on 
"device address abstraction") - other than the live state starting off 
as a copy of the config, we make no attempt to maintain consistency of 
device attributes between the two, and could easily end up with 
conflicting things between the two. Normally this is mostly transparent 
to the user, but could cause serious complaints from guest OSes when 
they are later restarted and all their nice cozy devices previously 
added with "--live --config" are suddenly moved (this may not make sense 
now, but there are some further examples below).




AFAIK the reason we create a deep copy instead of parsing it again is


But a "deep copy" is just formatting the object and then parsing the 
resulting XML again.



our generation of MAC addresses in the parser:
commit 1e0534a770208be6b848c961785db20467deb2fc
   qemu: Don't parse device twice in attach/detach


Well, that's a bit misleading. It *is* parsing twice; it's just that 
after the patch, the 2nd parse is done on the result of formatting the 
result of the first parse rather than parsing the original xml again. 
Because the MAC address is auto-generated as a part of the parsing 
(rather than during post-parse), we're able to get a MAC address 
consistent between live and persistent without calling 
virDomainDefPostParse(). Anything set in the post-parse doesn't have 
this same happy existence though.


(side-note - when I made the patch to allow auto-generating the

[libvirt] [PATCH 4/6] events: Pass in UUID as a string

2016-06-23 Thread Cole Robinson 
This should not have any functional difference, it's just a step
towards matching on non-uuid string keys
---
 src/conf/domain_event.c | 17 ++---
 src/conf/network_event.c| 12 ++--
 src/conf/object_event.c | 24 +---
 src/conf/object_event_private.h |  2 +-
 src/conf/storage_event.c| 12 ++--
 5 files changed, 48 insertions(+), 19 deletions(-)

diff --git a/src/conf/domain_event.c b/src/conf/domain_event.c
index 58823e8..7ad6d2c 100644
--- a/src/conf/domain_event.c
+++ b/src/conf/domain_event.c
@@ -1998,10 +1998,14 @@ virDomainEventStateRegisterID(virConnectPtr conn,
   virFreeCallback freecb,
   int *callbackID)
 {
+char uuidstr[VIR_UUID_STRING_BUFLEN];
+
 if (virDomainEventsInitialize() < 0)
 return -1;
 
-return virObjectEventStateRegisterID(conn, state, dom ? dom->uuid : NULL,
+if (dom)
+virUUIDFormat(dom->uuid, uuidstr);
+return virObjectEventStateRegisterID(conn, state, dom ? uuidstr : NULL,
  NULL, NULL,
  virDomainEventClass, eventID,
  VIR_OBJECT_EVENT_CALLBACK(cb),
@@ -2042,10 +2046,14 @@ virDomainEventStateRegisterClient(virConnectPtr conn,
   int *callbackID,
   bool remoteID)
 {
+char uuidstr[VIR_UUID_STRING_BUFLEN];
+
 if (virDomainEventsInitialize() < 0)
 return -1;
 
-return virObjectEventStateRegisterID(conn, state, dom ? dom->uuid : NULL,
+if (dom)
+virUUIDFormat(dom->uuid, uuidstr);
+return virObjectEventStateRegisterID(conn, state, dom ? uuidstr : NULL,
  NULL, NULL,
  virDomainEventClass, eventID,
  VIR_OBJECT_EVENT_CALLBACK(cb),
@@ -2180,6 +2188,7 @@ virDomainQemuMonitorEventStateRegisterID(virConnectPtr 
conn,
 {
 virDomainQemuMonitorEventData *data = NULL;
 virObjectEventCallbackFilter filter = NULL;
+char uuidstr[VIR_UUID_STRING_BUFLEN];
 
 if (virDomainEventsInitialize() < 0)
 return -1;
@@ -2220,7 +2229,9 @@ virDomainQemuMonitorEventStateRegisterID(virConnectPtr 
conn,
 filter = virDomainQemuMonitorEventFilter;
 freecb = virDomainQemuMonitorEventCleanup;
 
-return virObjectEventStateRegisterID(conn, state, dom ? dom->uuid : NULL,
+if (dom)
+virUUIDFormat(dom->uuid, uuidstr);
+return virObjectEventStateRegisterID(conn, state, dom ? uuidstr : NULL,
  filter, data,
  virDomainQemuMonitorEventClass, 0,
  VIR_OBJECT_EVENT_CALLBACK(cb),
diff --git a/src/conf/network_event.c b/src/conf/network_event.c
index 8623940..21f6db1 100644
--- a/src/conf/network_event.c
+++ b/src/conf/network_event.c
@@ -150,10 +150,14 @@ virNetworkEventStateRegisterID(virConnectPtr conn,
virFreeCallback freecb,
int *callbackID)
 {
+char uuidstr[VIR_UUID_STRING_BUFLEN];
+
 if (virNetworkEventsInitialize() < 0)
 return -1;
 
-return virObjectEventStateRegisterID(conn, state, net ? net->uuid : NULL,
+if (net)
+virUUIDFormat(net->uuid, uuidstr);
+return virObjectEventStateRegisterID(conn, state, net ? uuidstr : NULL,
  NULL, NULL,
  virNetworkEventClass, eventID,
  VIR_OBJECT_EVENT_CALLBACK(cb),
@@ -190,10 +194,14 @@ virNetworkEventStateRegisterClient(virConnectPtr conn,
virFreeCallback freecb,
int *callbackID)
 {
+char uuidstr[VIR_UUID_STRING_BUFLEN];
+
 if (virNetworkEventsInitialize() < 0)
 return -1;
 
-return virObjectEventStateRegisterID(conn, state, net ? net->uuid : NULL,
+if (net)
+virUUIDFormat(net->uuid, uuidstr);
+return virObjectEventStateRegisterID(conn, state, net ? uuidstr : NULL,
  NULL, NULL,
  virNetworkEventClass, eventID,
  VIR_OBJECT_EVENT_CALLBACK(cb),
diff --git a/src/conf/object_event.c b/src/conf/object_event.c
index 2230eec..8fd182d 100644
--- a/src/conf/object_event.c
+++ b/src/conf/object_event.c
@@ -45,7 +45,7 @@ struct _virObjectEventCallback {
 virConnectPtr conn;
 int remoteID;
 bool uuid_filter;
-unsigned char uuid[VIR_UUID_BUFLEN];
+char *uuid;
 virObjectEventCallbackFilter filter;
 void *filter_opaque;
 virConnectObjectEventGenericCallback cb;
@@ -138,6 +138,7 @@ virObjectEventCallbackFree(virObjectEventCallbackPtr cb)
 return;

[libvirt] [PATCH 2/6] events: Add virObjectEventCallbackFree

2016-06-23 Thread Cole Robinson 
---
 src/conf/object_event.c | 26 +++---
 1 file changed, 19 insertions(+), 7 deletions(-)

diff --git a/src/conf/object_event.c b/src/conf/object_event.c
index 95bf3e6..1b5a4d0 100644
--- a/src/conf/object_event.c
+++ b/src/conf/object_event.c
@@ -126,6 +126,22 @@ virObjectEventDispose(void *obj)
 }
 
 /**
+ * virObjectEventCallbackFree:
+ * @list: event callback to free
+ *
+ * Free the memory in the domain event callback
+ */
+static void
+virObjectEventCallbackFree(virObjectEventCallbackPtr cb)
+{
+if (!cb)
+return;
+
+virObjectUnref(cb->conn);
+VIR_FREE(cb);
+}
+
+/**
  * virObjectEventCallbackListFree:
  * @list: event callback list head
  *
@@ -230,8 +246,7 @@ virObjectEventCallbackListRemoveID(virConnectPtr conn,
 
 if (cb->freecb)
 (*cb->freecb)(cb->opaque);
-virObjectUnref(cb->conn);
-VIR_FREE(cb);
+virObjectEventCallbackFree(cb);
 VIR_DELETE_ELEMENT(cbList->callbacks, i, cbList->count);
 return ret;
 }
@@ -280,8 +295,7 @@ 
virObjectEventCallbackListPurgeMarked(virObjectEventCallbackListPtr cbList)
 virFreeCallback freecb = cbList->callbacks[n]->freecb;
 if (freecb)
 (*freecb)(cbList->callbacks[n]->opaque);
-virObjectUnref(cbList->callbacks[n]->conn);
-VIR_FREE(cbList->callbacks[n]);
+virObjectEventCallbackFree(cbList->callbacks[n]);
 
 VIR_DELETE_ELEMENT(cbList->callbacks, n, cbList->count);
 n--;
@@ -441,9 +455,7 @@ virObjectEventCallbackListAddID(virConnectPtr conn,
 }
 
  cleanup:
-if (event)
-virObjectUnref(event->conn);
-VIR_FREE(event);
+virObjectEventCallbackFree(event);
 return ret;
 }
 
-- 
2.7.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH 6/6] events: Rename argument uuid->key

2016-06-23 Thread Cole Robinson 
Since it's not strictly a uuid anymore
---
This could have been squashed in earlier, but I kept it separate to
make earlier bits easier to review.

 src/conf/object_event.c | 61 -
 src/conf/object_event_private.h |  2 +-
 2 files changed, 30 insertions(+), 33 deletions(-)

diff --git a/src/conf/object_event.c b/src/conf/object_event.c
index 5734230..cb984ff 100644
--- a/src/conf/object_event.c
+++ b/src/conf/object_event.c
@@ -44,8 +44,8 @@ struct _virObjectEventCallback {
 int eventID;
 virConnectPtr conn;
 int remoteID;
-bool uuid_filter;
-char *uuid;
+bool key_filter;
+char *key;
 virObjectEventCallbackFilter filter;
 void *filter_opaque;
 virConnectObjectEventGenericCallback cb;
@@ -139,7 +139,7 @@ virObjectEventCallbackFree(virObjectEventCallbackPtr cb)
 return;
 
 virObjectUnref(cb->conn);
-VIR_FREE(cb->uuid);
+VIR_FREE(cb->key);
 VIR_FREE(cb);
 }
 
@@ -173,17 +173,17 @@ 
virObjectEventCallbackListFree(virObjectEventCallbackListPtr list)
  * @cbList: the list
  * @klass: the base event class
  * @eventID: the event ID
- * @uuid: optional uuid of per-object filtering
+ * @key: optional key of per-object filtering
  * @serverFilter: true if server supports object filtering
  *
  * Internal function to count how many callbacks remain registered for
- * the given @eventID and @uuid; knowing this allows the client side
+ * the given @eventID and @key; knowing this allows the client side
  * of the remote driver know when it must send an RPC to adjust the
  * callbacks on the server.  When @serverFilter is false, this function
  * returns a count that includes both global and per-object callbacks,
  * since the remote side will use a single global event to feed both.
  * When true, the count is limited to the callbacks with the same
- * @uuid, and where a remoteID has already been set on the callback
+ * @key, and where a remoteID has already been set on the callback
  * with virObjectEventStateSetRemote().  Note that this function
  * intentionally ignores the legacy field, since RPC calls use only a
  * single callback on the server to manage both legacy and modern
@@ -194,7 +194,7 @@ virObjectEventCallbackListCount(virConnectPtr conn,
 virObjectEventCallbackListPtr cbList,
 virClassPtr klass,
 int eventID,
-const char *uuid,
+const char *key,
 bool serverFilter)
 {
 size_t i;
@@ -211,8 +211,8 @@ virObjectEventCallbackListCount(virConnectPtr conn,
 !cb->deleted &&
 (!serverFilter ||
  (cb->remoteID >= 0 &&
-  ((uuid && cb->uuid_filter && STREQ(cb->uuid, uuid)) ||
-   (!uuid && !cb->uuid_filter)
+  ((key && cb->key_filter && STREQ(cb->key, key)) ||
+   (!key && !cb->key_filter)
 ret++;
 }
 return ret;
@@ -242,7 +242,7 @@ virObjectEventCallbackListRemoveID(virConnectPtr conn,
 ret = cb->filter ? 0 :
 (virObjectEventCallbackListCount(conn, cbList, cb->klass,
  cb->eventID,
- cb->uuid_filter ? cb->uuid : 
NULL,
+ cb->key_filter ? cb->key : 
NULL,
  cb->remoteID >= 0) - 1);
 
 if (cb->freecb)
@@ -275,7 +275,7 @@ virObjectEventCallbackListMarkDeleteID(virConnectPtr conn,
 return cb->filter ? 0 :
 virObjectEventCallbackListCount(conn, cbList, cb->klass,
 cb->eventID,
-cb->uuid_filter ? cb->uuid : 
NULL,
+cb->key_filter ? cb->key : 
NULL,
 cb->remoteID >= 0);
 }
 }
@@ -310,7 +310,7 @@ 
virObjectEventCallbackListPurgeMarked(virObjectEventCallbackListPtr cbList)
  * virObjectEventCallbackLookup:
  * @conn: pointer to the connection
  * @cbList: the list
- * @uuid: the uuid of the object to filter on
+ * @key: the key of the object to filter on
  * @klass: the base event class
  * @eventID: the event ID
  * @callback: the callback to locate
@@ -327,7 +327,7 @@ 
virObjectEventCallbackListPurgeMarked(virObjectEventCallbackListPtr cbList)
 static int ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2)
 virObjectEventCallbackLookup(virConnectPtr conn,
  virObjectEventCallbackListPtr cbList,
- const char *uuid,
+ const char *key,
  virClassPtr klass,
  int eventID,

[libvirt] [PATCH 0/6] events: don't mandate a uuid

2016-06-23 Thread Cole Robinson 
The generic event infrastructure has the notion of lookup-by-uuid
baked into the API, but not all objects have a uuid (nodedev,
interfaces).

This series enables callers to specify a string key for match
purposes. Existing users of the binary uuid value now pass in a
converted uuid string.

Cole Robinson (6):
  events: Privatize virObjectEventCallback
  events: Add virObjectEventCallbackFree
  events: Cleanup callback variable name
  events: Pass in UUID as a string
  events: Add explicit lookup 'key' value
  events: Rename argument uuid->key

 src/conf/domain_event.c |  28 +--
 src/conf/network_event.c|  16 +++-
 src/conf/object_event.c | 170 +---
 src/conf/object_event.h |   3 -
 src/conf/object_event_private.h |   8 +-
 src/conf/storage_event.c|  16 +++-
 6 files changed, 145 insertions(+), 96 deletions(-)

-- 
2.7.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH 1/6] events: Privatize virObjectEventCallback

2016-06-23 Thread Cole Robinson 
It's only used in object_event.c, so remove it from the header. We
need to move the _virObjectEventCallback definition earlier as a
result.
---
 src/conf/object_event.c | 36 +++-
 src/conf/object_event.h |  3 ---
 2 files changed, 19 insertions(+), 20 deletions(-)

diff --git a/src/conf/object_event.c b/src/conf/object_event.c
index 06eedff..95bf3e6 100644
--- a/src/conf/object_event.c
+++ b/src/conf/object_event.c
@@ -38,6 +38,25 @@
 
 VIR_LOG_INIT("conf.object_event");
 
+struct _virObjectEventCallback {
+int callbackID;
+virClassPtr klass;
+int eventID;
+virConnectPtr conn;
+int remoteID;
+bool uuid_filter;
+unsigned char uuid[VIR_UUID_BUFLEN];
+virObjectEventCallbackFilter filter;
+void *filter_opaque;
+virConnectObjectEventGenericCallback cb;
+void *opaque;
+virFreeCallback freecb;
+bool deleted;
+bool legacy; /* true if end user does not know callbackID */
+};
+typedef struct _virObjectEventCallback virObjectEventCallback;
+typedef virObjectEventCallback *virObjectEventCallbackPtr;
+
 struct _virObjectEventCallbackList {
 unsigned int nextID;
 size_t count;
@@ -63,23 +82,6 @@ struct _virObjectEventState {
 virMutex lock;
 };
 
-struct _virObjectEventCallback {
-int callbackID;
-virClassPtr klass;
-int eventID;
-virConnectPtr conn;
-int remoteID;
-bool uuid_filter;
-unsigned char uuid[VIR_UUID_BUFLEN];
-virObjectEventCallbackFilter filter;
-void *filter_opaque;
-virConnectObjectEventGenericCallback cb;
-void *opaque;
-virFreeCallback freecb;
-bool deleted;
-bool legacy; /* true if end user does not know callbackID */
-};
-
 static virClassPtr virObjectEventClass;
 
 static void virObjectEventDispose(void *obj);
diff --git a/src/conf/object_event.h b/src/conf/object_event.h
index 7654799..b0201dd 100644
--- a/src/conf/object_event.h
+++ b/src/conf/object_event.h
@@ -29,9 +29,6 @@
 #ifndef __OBJECT_EVENT_H__
 # define __OBJECT_EVENT_H__
 
-typedef struct _virObjectEventCallback virObjectEventCallback;
-typedef virObjectEventCallback *virObjectEventCallbackPtr;
-
 /**
  * Dispatching domain events that come in while
  * in a call / response rpc
-- 
2.7.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH 5/6] events: Add explicit lookup 'key' value

2016-06-23 Thread Cole Robinson 
This allows event implementations to match on something other
than an object's uuid, like nodedev or interface objects which
don't have a uuid.
---
 src/conf/domain_event.c | 11 +--
 src/conf/network_event.c|  4 +++-
 src/conf/object_event.c | 23 +++
 src/conf/object_event_private.h |  6 --
 src/conf/storage_event.c|  4 +++-
 5 files changed, 30 insertions(+), 18 deletions(-)

diff --git a/src/conf/domain_event.c b/src/conf/domain_event.c
index 7ad6d2c..63ae9e1 100644
--- a/src/conf/domain_event.c
+++ b/src/conf/domain_event.c
@@ -581,6 +581,7 @@ virDomainEventNew(virClassPtr klass,
   const unsigned char *uuid)
 {
 virDomainEventPtr event;
+char uuidstr[VIR_UUID_STRING_BUFLEN];
 
 if (virDomainEventsInitialize() < 0)
 return NULL;
@@ -592,10 +593,14 @@ virDomainEventNew(virClassPtr klass,
 return NULL;
 }
 
+/* We use uuid for matching key. We ignore 'name' because
+ * Xen sometimes renames guests during migration, thus
+ * 'uuid' is the only truly reliable key we can use. */
+virUUIDFormat(uuid, uuidstr);
 if (!(event = virObjectEventNew(klass,
 virDomainEventDispatchDefaultFunc,
 eventID,
-id, name, uuid)))
+id, name, uuid, uuidstr)))
 return NULL;
 
 return (virObjectEventPtr)event;
@@ -1873,13 +1878,15 @@ virDomainQemuMonitorEventNew(int id,
  const char *details)
 {
 virDomainQemuMonitorEventPtr ev;
+char uuidstr[VIR_UUID_STRING_BUFLEN];
 
 if (virDomainEventsInitialize() < 0)
 return NULL;
 
+virUUIDFormat(uuid, uuidstr);
 if (!(ev = virObjectEventNew(virDomainQemuMonitorEventClass,
  virDomainQemuMonitorEventDispatchFunc,
- 0, id, name, uuid)))
+ 0, id, name, uuid, uuidstr)))
 return NULL;
 
 /* event is mandatory, details are optional */
diff --git a/src/conf/network_event.c b/src/conf/network_event.c
index 21f6db1..e0d1a3d 100644
--- a/src/conf/network_event.c
+++ b/src/conf/network_event.c
@@ -226,14 +226,16 @@ virNetworkEventLifecycleNew(const char *name,
 int detail)
 {
 virNetworkEventLifecyclePtr event;
+char uuidstr[VIR_UUID_STRING_BUFLEN];
 
 if (virNetworkEventsInitialize() < 0)
 return NULL;
 
+virUUIDFormat(uuid, uuidstr);
 if (!(event = virObjectEventNew(virNetworkEventLifecycleClass,
 virNetworkEventDispatchDefaultFunc,
 VIR_NETWORK_EVENT_ID_LIFECYCLE,
-0, name, uuid)))
+0, name, uuid, uuidstr)))
 return NULL;
 
 event->type = type;
diff --git a/src/conf/object_event.c b/src/conf/object_event.c
index 8fd182d..5734230 100644
--- a/src/conf/object_event.c
+++ b/src/conf/object_event.c
@@ -123,6 +123,7 @@ virObjectEventDispose(void *obj)
 VIR_DEBUG("obj=%p", event);
 
 VIR_FREE(event->meta.name);
+VIR_FREE(event->meta.key);
 }
 
 /**
@@ -619,6 +620,7 @@ virObjectEventStateNew(void)
  * @id: id of the object the event describes, or 0
  * @name: name of the object the event describes
  * @uuid: uuid of the object the event describes
+ * @key: key for per-object filtering
  *
  * Create a new event, with the information common to all events.
  */
@@ -628,7 +630,8 @@ virObjectEventNew(virClassPtr klass,
   int eventID,
   int id,
   const char *name,
-  const unsigned char *uuid)
+  const unsigned char *uuid,
+  const char *key)
 {
 virObjectEventPtr event;
 
@@ -653,6 +656,11 @@ virObjectEventNew(virClassPtr klass,
 VIR_FREE(event);
 return NULL;
 }
+if (VIR_STRDUP(event->meta.key, key) < 0) {
+VIR_FREE(event->meta.name);
+VIR_FREE(event);
+return NULL;
+}
 event->meta.id = id;
 memcpy(event->meta.uuid, uuid, VIR_UUID_BUFLEN);
 
@@ -701,17 +709,8 @@ virObjectEventDispatchMatchCallback(virObjectEventPtr 
event,
 if (cb->filter && !(cb->filter)(cb->conn, event, cb->filter_opaque))
 return false;
 
-if (cb->uuid_filter) {
-/* Deliberately ignoring 'id' for matching, since that
- * will cause problems when a domain switches between
- * running & shutoff states & ignoring 'name' since
- * Xen sometimes renames guests during migration, thus
- * leaving 'uuid' as the only truly reliable ID we can use. */
-char uuidstr[VIR_UUID_STRING_BUFLEN];
-virUUIDFormat(event->meta.uuid, uuidstr);
-
-return STREQ(uuidstr, cb->uuid);
-}
+if (cb->uuid_filter)
+return STREQ(event->meta.key,

[libvirt] [PATCH 3/6] events: Cleanup callback variable name

2016-06-23 Thread Cole Robinson 
In every other instance virObjectEventCallbackPtr is named 'cb',
and in other code 'event' usually means a virObjectEventPtr
---
 src/conf/object_event.c | 36 ++--
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/src/conf/object_event.c b/src/conf/object_event.c
index 1b5a4d0..2230eec 100644
--- a/src/conf/object_event.c
+++ b/src/conf/object_event.c
@@ -393,7 +393,7 @@ virObjectEventCallbackListAddID(virConnectPtr conn,
 int *callbackID,
 bool serverFilter)
 {
-virObjectEventCallbackPtr event;
+virObjectEventCallbackPtr cb;
 int ret = -1;
 int remoteID = -1;
 
@@ -417,30 +417,30 @@ virObjectEventCallbackListAddID(virConnectPtr conn,
_("event callback already tracked"));
 return -1;
 }
-/* Allocate new event */
-if (VIR_ALLOC(event) < 0)
+/* Allocate new cb */
+if (VIR_ALLOC(cb) < 0)
 goto cleanup;
-event->conn = virObjectRef(conn);
-*callbackID = event->callbackID = cbList->nextID++;
-event->cb = callback;
-event->klass = klass;
-event->eventID = eventID;
-event->opaque = opaque;
-event->freecb = freecb;
-event->remoteID = remoteID;
+cb->conn = virObjectRef(conn);
+*callbackID = cb->callbackID = cbList->nextID++;
+cb->cb = callback;
+cb->klass = klass;
+cb->eventID = eventID;
+cb->opaque = opaque;
+cb->freecb = freecb;
+cb->remoteID = remoteID;
 
 /* Only need 'uuid' for matching; 'id' can change as domain
  * switches between running and shutoff, and 'name' can change in
  * Xen migration.  */
 if (uuid) {
-event->uuid_filter = true;
-memcpy(event->uuid, uuid, VIR_UUID_BUFLEN);
+cb->uuid_filter = true;
+memcpy(cb->uuid, uuid, VIR_UUID_BUFLEN);
 }
-event->filter = filter;
-event->filter_opaque = filter_opaque;
-event->legacy = legacy;
+cb->filter = filter;
+cb->filter_opaque = filter_opaque;
+cb->legacy = legacy;
 
-if (VIR_APPEND_ELEMENT(cbList->callbacks, cbList->count, event) < 0)
+if (VIR_APPEND_ELEMENT(cbList->callbacks, cbList->count, cb) < 0)
 goto cleanup;
 
 /* When additional filtering is being done, every client callback
@@ -455,7 +455,7 @@ virObjectEventCallbackListAddID(virConnectPtr conn,
 }
 
  cleanup:
-virObjectEventCallbackFree(event);
+virObjectEventCallbackFree(cb);
 return ret;
 }
 
-- 
2.7.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 08/19] qemu: Change protocol parameter for secret setup

2016-06-23 Thread John Ferlan 


On 06/23/2016 11:57 AM, Peter Krempa wrote:
> On Mon, Jun 13, 2016 at 20:27:47 -0400, John Ferlan wrote:
>> Rather than assume/pass the protocol to the qemuDomainSecretPlainSetup
>> and qemuDomainSecretAESSetup, determine and pass the secretUsageType
>> which is then used in the virSecretGetSecretString call
>>
>> For the two callers that convert from virStorageNetProtocol, add
>> a new helper qemuDomainSecretProtocolGetUsageType.
>>
>> Signed-off-by: John Ferlan 
>> ---
>>  src/qemu/qemu_domain.c | 105 
>> +
>>  1 file changed, 63 insertions(+), 42 deletions(-)
>>
>> diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
>> index 34e3d95..52cbc72 100644
>> --- a/src/qemu/qemu_domain.c
>> +++ b/src/qemu/qemu_domain.c
> 
> [...]
> 
>> +/* qemuDomainSecretGetProtocolUsageType:
>> + * @protocol: The virStorageNetProtocol protocol type
>> + *
>> + * Convert the protocl into the expected virSecretUsageType for
>> + * eventual usage to fetch the secret
>> + *
>> + * Returns matched protocol type or VIR_SECRET_USAGE_TYPE_NONE with an
>> + * error message set on failure.
>> + */
>> +static virSecretUsageType
>> +qemuDomainSecretProtocolGetUsageType(virStorageNetProtocol protocol)
>> +{
>> +switch ((virStorageNetProtocol)protocol) {
>> +case VIR_STORAGE_NET_PROTOCOL_RBD:
>> +return VIR_SECRET_USAGE_TYPE_CEPH;
>> +
>> +case VIR_STORAGE_NET_PROTOCOL_ISCSI:
>> +return VIR_SECRET_USAGE_TYPE_ISCSI;
>> +
>> +case VIR_STORAGE_NET_PROTOCOL_NONE:
>> +case VIR_STORAGE_NET_PROTOCOL_NBD:
>> +case VIR_STORAGE_NET_PROTOCOL_SHEEPDOG:
>> +case VIR_STORAGE_NET_PROTOCOL_GLUSTER:
>> +case VIR_STORAGE_NET_PROTOCOL_HTTP:
>> +case VIR_STORAGE_NET_PROTOCOL_HTTPS:
>> +case VIR_STORAGE_NET_PROTOCOL_FTP:
>> +case VIR_STORAGE_NET_PROTOCOL_FTPS:
>> +case VIR_STORAGE_NET_PROTOCOL_TFTP:
>> +case VIR_STORAGE_NET_PROTOCOL_LAST:
>> +virReportError(VIR_ERR_INTERNAL_ERROR,
>> +   _("protocol '%s' cannot be used for encrypted 
>> secrets"),
>> +   virStorageNetProtocolTypeToString(protocol));
> 
> You could change this error message so that it actually makes some
> sense. The protocols above don't support any form of authentication at
> least in context of our interaction with qemu, not only specifically
> encrypted secrets.
> 

OK - poof this is gone...

>> +}
>> +return VIR_SECRET_USAGE_TYPE_NONE;
>> +}
>> +
>> +
>>  /* qemuDomainSecretDiskPrepare:
>>   * @conn: Pointer to connection
>>   * @priv: pointer to domain private object
>> @@ -1008,13 +1018,19 @@ qemuDomainSecretDiskPrepare(virConnectPtr conn,
>>  (src->protocol == VIR_STORAGE_NET_PROTOCOL_ISCSI ||
>>   src->protocol == VIR_STORAGE_NET_PROTOCOL_RBD)) {
>>  
>> +virSecretUsageType secretUsageType;
>>  qemuDomainDiskPrivatePtr diskPriv = QEMU_DOMAIN_DISK_PRIVATE(disk);
>>  
>>  if (VIR_ALLOC(secinfo) < 0)
>>  return -1;
>>  
>> +if ((secretUsageType =
>> + qemuDomainSecretProtocolGetUsageType(src->protocol)) ==
>> +VIR_SECRET_USAGE_TYPE_NONE)
> 
> Dead code. The condition above guarantees that this doesn't ever return
> _NONE. I think you could set the usage type here rather than having an
> extra helper that doesn't do much else.

Changed to:

if (src->protocol == VIR_STORAGE_NET_PROTOCOL_ISCSI)
secretUsageType = VIR_SECRET_USAGE_TYPE_ISCSI;
else
secretUsageType = VIR_SECRET_USAGE_TYPE_CEPH;


> 
>> +goto error;
>> +
>>  if (qemuDomainSecretSetup(conn, priv, secinfo, disk->info.alias,
>> -  src->protocol, src->auth) < 0)
>> +  secretUsageType, src->auth) < 0)
>>  goto error;
>>  
>>  diskPriv->secinfo = secinfo;
>> @@ -1072,14 +1088,19 @@ qemuDomainSecretHostdevPrepare(virConnectPtr conn,
>>  if (scsisrc->protocol == 
>> VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI &&
>>  iscsisrc->auth) {
>>  
>> +virSecretUsageType secretUsageType;

Changed to:

virSecretUsageType secretUsageType =
VIR_SECRET_USAGE_TYPE_ISCSI;


Tks -

John
>>  qemuDomainHostdevPrivatePtr hostdevPriv =
>>  QEMU_DOMAIN_HOSTDEV_PRIVATE(hostdev);
>>  
>>  if (VIR_ALLOC(secinfo) < 0)
>>  return -1;
>>  
>> +if ((secretUsageType =
>> + 
>> qemuDomainSecretProtocolGetUsageType(VIR_STORAGE_NET_PROTOCOL_ISCSI)) == 
>> VIR_SECRET_USAGE_TYPE_NONE)
> 
> Same complaint.
> 
>> +goto error;
>> +

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 2/3] target-i386: Introduce x86_cpu_load_host_data() function

2016-06-23 Thread Eduardo Habkost 
On Thu, Jun 23, 2016 at 04:59:28PM +0200, Igor Mammedov wrote:
> On Mon, 20 Jun 2016 17:12:43 -0300
> Eduardo Habkost  wrote:
> 
> > The code that loads host-specific information inside
> > x86_cpu_realizefn() will be reused by the implementation of
> > query-host-cpu, so move it to a separate function.
> > 
> > Signed-off-by: Eduardo Habkost 
> > ---
> >  target-i386/cpu.c | 23 ---
> >  1 file changed, 16 insertions(+), 7 deletions(-)
> > 
> > diff --git a/target-i386/cpu.c b/target-i386/cpu.c
> > index aadd0b9..3d3635d 100644
> > --- a/target-i386/cpu.c
> > +++ b/target-i386/cpu.c
> > @@ -1491,6 +1491,20 @@ void x86_cpu_change_kvm_default(const char
> > *prop, const char *value) static uint32_t
> > x86_cpu_get_supported_feature_word(FeatureWord w, bool
> > migratable_only); 
> > +/* Load host-dependent CPU information, when applicable */
> > +static void x86_cpu_load_host_data(X86CPU *cpu)
> > +{
> > +CPUX86State *env = >env;
> > +FeatureWord w;
> > +
> > +if (cpu->host_features) {
> > +for (w = 0; w < FEATURE_WORDS; w++) {
> > +env->features[w] =
> > +x86_cpu_get_supported_feature_word(w,
> > cpu->migratable);
> > +}
> > +}
> > +}
> > +
> >  #ifdef CONFIG_KVM
> >  
> >  static int cpu_x86_fill_model_id(char *str)
> > @@ -3012,18 +3026,13 @@ static void x86_cpu_realizefn(DeviceState
> > *dev, Error **errp) return;
> >  }
> >  
> > +x86_cpu_load_host_data(cpu);
> this function should be below TODO comment as it applies to moved
> code.

It was on purpose. The comment is actually about the
plus_features/minus_features code, that is the hack we want to
remove after cpu->host_features is fixed.

Placing the comment before the x86_cpu_load_host_data() call
wouldn't make sense, as the host_features code is now hidden
inside the function.

> 
> with this fixed
> Reviewed-by: Igor Mammedov 

Considering the above explanation, do you prefer that I keep the
patch as-is, or move the comment inside x86_cpu_load_host_data()?

(I will not move it before the x86_cpu_load_host_data() call)


> 
> > +
> >  /*TODO: cpu->host_features incorrectly overwrites features
> >   * set using "feat=on|off". Once we fix this, we can convert
> >   * plus_features & minus_features to global properties
> >   * inside x86_cpu_parse_featurestr() too.
> >   */
> > -if (cpu->host_features) {
> > -for (w = 0; w < FEATURE_WORDS; w++) {
> > -env->features[w] =
> > -x86_cpu_get_supported_feature_word(w,
> > cpu->migratable);
> > -}
> > -}
> > -
> >  for (w = 0; w < FEATURE_WORDS; w++) {
> >  cpu->env.features[w] |= plus_features[w];
> >  cpu->env.features[w] &= ~minus_features[w];
> 

-- 
Eduardo

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 08/19] qemu: Change protocol parameter for secret setup

2016-06-23 Thread Peter Krempa 
On Mon, Jun 13, 2016 at 20:27:47 -0400, John Ferlan wrote:
> Rather than assume/pass the protocol to the qemuDomainSecretPlainSetup
> and qemuDomainSecretAESSetup, determine and pass the secretUsageType
> which is then used in the virSecretGetSecretString call
> 
> For the two callers that convert from virStorageNetProtocol, add
> a new helper qemuDomainSecretProtocolGetUsageType.
> 
> Signed-off-by: John Ferlan 
> ---
>  src/qemu/qemu_domain.c | 105 
> +
>  1 file changed, 63 insertions(+), 42 deletions(-)
> 
> diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
> index 34e3d95..52cbc72 100644
> --- a/src/qemu/qemu_domain.c
> +++ b/src/qemu/qemu_domain.c

[...]

> +/* qemuDomainSecretGetProtocolUsageType:
> + * @protocol: The virStorageNetProtocol protocol type
> + *
> + * Convert the protocl into the expected virSecretUsageType for
> + * eventual usage to fetch the secret
> + *
> + * Returns matched protocol type or VIR_SECRET_USAGE_TYPE_NONE with an
> + * error message set on failure.
> + */
> +static virSecretUsageType
> +qemuDomainSecretProtocolGetUsageType(virStorageNetProtocol protocol)
> +{
> +switch ((virStorageNetProtocol)protocol) {
> +case VIR_STORAGE_NET_PROTOCOL_RBD:
> +return VIR_SECRET_USAGE_TYPE_CEPH;
> +
> +case VIR_STORAGE_NET_PROTOCOL_ISCSI:
> +return VIR_SECRET_USAGE_TYPE_ISCSI;
> +
> +case VIR_STORAGE_NET_PROTOCOL_NONE:
> +case VIR_STORAGE_NET_PROTOCOL_NBD:
> +case VIR_STORAGE_NET_PROTOCOL_SHEEPDOG:
> +case VIR_STORAGE_NET_PROTOCOL_GLUSTER:
> +case VIR_STORAGE_NET_PROTOCOL_HTTP:
> +case VIR_STORAGE_NET_PROTOCOL_HTTPS:
> +case VIR_STORAGE_NET_PROTOCOL_FTP:
> +case VIR_STORAGE_NET_PROTOCOL_FTPS:
> +case VIR_STORAGE_NET_PROTOCOL_TFTP:
> +case VIR_STORAGE_NET_PROTOCOL_LAST:
> +virReportError(VIR_ERR_INTERNAL_ERROR,
> +   _("protocol '%s' cannot be used for encrypted 
> secrets"),
> +   virStorageNetProtocolTypeToString(protocol));

You could change this error message so that it actually makes some
sense. The protocols above don't support any form of authentication at
least in context of our interaction with qemu, not only specifically
encrypted secrets.

> +}
> +return VIR_SECRET_USAGE_TYPE_NONE;
> +}
> +
> +
>  /* qemuDomainSecretDiskPrepare:
>   * @conn: Pointer to connection
>   * @priv: pointer to domain private object
> @@ -1008,13 +1018,19 @@ qemuDomainSecretDiskPrepare(virConnectPtr conn,
>  (src->protocol == VIR_STORAGE_NET_PROTOCOL_ISCSI ||
>   src->protocol == VIR_STORAGE_NET_PROTOCOL_RBD)) {
>  
> +virSecretUsageType secretUsageType;
>  qemuDomainDiskPrivatePtr diskPriv = QEMU_DOMAIN_DISK_PRIVATE(disk);
>  
>  if (VIR_ALLOC(secinfo) < 0)
>  return -1;
>  
> +if ((secretUsageType =
> + qemuDomainSecretProtocolGetUsageType(src->protocol)) ==
> +VIR_SECRET_USAGE_TYPE_NONE)

Dead code. The condition above guarantees that this doesn't ever return
_NONE. I think you could set the usage type here rather than having an
extra helper that doesn't do much else.

> +goto error;
> +
>  if (qemuDomainSecretSetup(conn, priv, secinfo, disk->info.alias,
> -  src->protocol, src->auth) < 0)
> +  secretUsageType, src->auth) < 0)
>  goto error;
>  
>  diskPriv->secinfo = secinfo;
> @@ -1072,14 +1088,19 @@ qemuDomainSecretHostdevPrepare(virConnectPtr conn,
>  if (scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI 
> &&
>  iscsisrc->auth) {
>  
> +virSecretUsageType secretUsageType;
>  qemuDomainHostdevPrivatePtr hostdevPriv =
>  QEMU_DOMAIN_HOSTDEV_PRIVATE(hostdev);
>  
>  if (VIR_ALLOC(secinfo) < 0)
>  return -1;
>  
> +if ((secretUsageType =
> + 
> qemuDomainSecretProtocolGetUsageType(VIR_STORAGE_NET_PROTOCOL_ISCSI)) == 
> VIR_SECRET_USAGE_TYPE_NONE)

Same complaint.

> +goto error;
> +

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 05/19] secret: Move virStorageSecretType and rename

2016-06-23 Thread Peter Krempa 
On Mon, Jun 13, 2016 at 20:27:44 -0400, John Ferlan wrote:
> Move the enum into a new src/util/virsecret.h, rename it to be
> virSecretLookupType. Add a src/util/virsecret.h in order to perform
> a couple of simple operations on the secret XML and virSecretLookupTypeDef
> for clearing and copying.
> 
> This includes quite a bit of collateral damage, but the goal is to remove
> the "virStorage*" and replace with the virSecretLookupType so that it's
> easier to to add new lookups that aren't necessarily storage pool related.
> 
> Signed-off-by: John Ferlan 
> ---
>  src/Makefile.am |  1 +
>  src/conf/secret_conf.h  |  2 +-
>  src/libvirt_private.syms|  5 
>  src/libxl/libxl_conf.c  |  2 +-
>  src/qemu/qemu_domain.c  |  4 +--
>  src/secret/secret_util.c| 18 ++--
>  src/secret/secret_util.h| 10 +++
>  src/storage/storage_backend_iscsi.c |  7 +++--
>  src/storage/storage_backend_rbd.c   |  3 +-
>  src/util/virsecret.c| 57 
> +
>  src/util/virsecret.h| 50 
>  src/util/virstoragefile.c   | 32 +
>  src/util/virstoragefile.h   | 17 ++-
>  tests/qemuargv2xmltest.c|  4 +--
>  14 files changed, 156 insertions(+), 56 deletions(-)
>  create mode 100644 src/util/virsecret.c
>  create mode 100644 src/util/virsecret.h

ACK

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 4/4] Check the kvm host cpu max limits in virConnectGetDomainCapabilities()

2016-06-23 Thread Andrea Bolognani 
On Wed, 2016-06-15 at 09:58 +, Shivaprasad G Bhat wrote:
> -domCaps->maxvcpus = maxvcpus;
> +domCaps->maxvcpus = virQEMUCapsGetMachineMaxCpus(qemuCaps, domCaps-
>machine);
> +if (virttype == VIR_DOMAIN_VIRT_KVM) {
> +hostmaxvcpus = virHostCPUGetKVMVCPUs(VIR_HOSTCPU_KVM_MAXVCPUS);
> +domCaps->suggestedvcpus =
virHostCPUGetKVMVCPUs(VIR_HOSTCPU_KVM_NR_VCPUS);
> +domCaps->maxvcpus = MIN(domCaps->maxvcpus, hostmaxvcpus);
> +}

Forgot to mention this yesterday: domCaps->suggestedvcpus
will have to be capped by hostmaxvcpus as well, because
otherwise you would end up with stuff like

  

for the 'isapc' or 'xenpv' machine types.


-- 
Andrea Bolognani / Red Hat / Virtualization

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 2/3] target-i386: Introduce x86_cpu_load_host_data() function

2016-06-23 Thread Igor Mammedov 
On Mon, 20 Jun 2016 17:12:43 -0300
Eduardo Habkost  wrote:

> The code that loads host-specific information inside
> x86_cpu_realizefn() will be reused by the implementation of
> query-host-cpu, so move it to a separate function.
> 
> Signed-off-by: Eduardo Habkost 
> ---
>  target-i386/cpu.c | 23 ---
>  1 file changed, 16 insertions(+), 7 deletions(-)
> 
> diff --git a/target-i386/cpu.c b/target-i386/cpu.c
> index aadd0b9..3d3635d 100644
> --- a/target-i386/cpu.c
> +++ b/target-i386/cpu.c
> @@ -1491,6 +1491,20 @@ void x86_cpu_change_kvm_default(const char
> *prop, const char *value) static uint32_t
> x86_cpu_get_supported_feature_word(FeatureWord w, bool
> migratable_only); 
> +/* Load host-dependent CPU information, when applicable */
> +static void x86_cpu_load_host_data(X86CPU *cpu)
> +{
> +CPUX86State *env = >env;
> +FeatureWord w;
> +
> +if (cpu->host_features) {
> +for (w = 0; w < FEATURE_WORDS; w++) {
> +env->features[w] =
> +x86_cpu_get_supported_feature_word(w,
> cpu->migratable);
> +}
> +}
> +}
> +
>  #ifdef CONFIG_KVM
>  
>  static int cpu_x86_fill_model_id(char *str)
> @@ -3012,18 +3026,13 @@ static void x86_cpu_realizefn(DeviceState
> *dev, Error **errp) return;
>  }
>  
> +x86_cpu_load_host_data(cpu);
this function should be below TODO comment as it applies to moved
code.

with this fixed
Reviewed-by: Igor Mammedov 

> +
>  /*TODO: cpu->host_features incorrectly overwrites features
>   * set using "feat=on|off". Once we fix this, we can convert
>   * plus_features & minus_features to global properties
>   * inside x86_cpu_parse_featurestr() too.
>   */
> -if (cpu->host_features) {
> -for (w = 0; w < FEATURE_WORDS; w++) {
> -env->features[w] =
> -x86_cpu_get_supported_feature_word(w,
> cpu->migratable);
> -}
> -}
> -
>  for (w = 0; w < FEATURE_WORDS; w++) {
>  cpu->env.features[w] |= plus_features[w];
>  cpu->env.features[w] &= ~minus_features[w];

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] storage: Remove redundant refreshPool check

2016-06-23 Thread Cole Robinson 
On 06/23/2016 10:06 AM, Martin Kletzander wrote:
> On Thu, Jun 23, 2016 at 09:20:19AM -0400, John Ferlan wrote:
>>
>>
>> On 06/23/2016 09:03 AM, Cole Robinson wrote:
>>> On 06/23/2016 03:32 AM, Martin Kletzander wrote:
 On Wed, Jun 22, 2016 at 08:29:35PM -0400, Cole Robinson wrote:
> Every driver provides a refreshPool impl, and many other critical
> places in the code unconditionally call it without checking if
> it exists, so this check is pointless

 I'm not entirely sure about it, but it'd be nicer if we actually checked
 that it's non-NULL.  Just to future-proof the code in case someone adds
 another backend.
>>>
>>> Please check the other storage_driver.c code... every 'startPool' invocation
>>> is followed by an uncondtional refreshPool call. If a driver is added 
>>> without
>>> a refreshPool impl, it will crash libvirtd from any avenue that the pool can
>>> be started, so to support a driver like that will need much more work. This 
>>> is
>>> the one place in the code that checks for backend->refreshPool
>>
>>
>> Hmm.. this check was caused by commit id '4a85bf3e2' where IIRC I was
>> probably being really paranoid.
>>
>> Digging a bit more finds commit id '318ea3cb77' which seems to indicate
>> refreshPool *must* be supplied.
>>
>> So ACK to the change,
>>
> 
> Fair enough, sorry for the noise, ACK.
> 

Thanks guys, I've pushed this

- Cole

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] storage: Remove redundant refreshPool check

2016-06-23 Thread Martin Kletzander 

On Thu, Jun 23, 2016 at 09:20:19AM -0400, John Ferlan wrote:



On 06/23/2016 09:03 AM, Cole Robinson wrote:

On 06/23/2016 03:32 AM, Martin Kletzander wrote:

On Wed, Jun 22, 2016 at 08:29:35PM -0400, Cole Robinson wrote:

Every driver provides a refreshPool impl, and many other critical
places in the code unconditionally call it without checking if
it exists, so this check is pointless


I'm not entirely sure about it, but it'd be nicer if we actually checked
that it's non-NULL.  Just to future-proof the code in case someone adds
another backend.


Please check the other storage_driver.c code... every 'startPool' invocation
is followed by an uncondtional refreshPool call. If a driver is added without
a refreshPool impl, it will crash libvirtd from any avenue that the pool can
be started, so to support a driver like that will need much more work. This is
the one place in the code that checks for backend->refreshPool



Hmm.. this check was caused by commit id '4a85bf3e2' where IIRC I was
probably being really paranoid.

Digging a bit more finds commit id '318ea3cb77' which seems to indicate
refreshPool *must* be supplied.

So ACK to the change,



Fair enough, sorry for the noise, ACK.


John


signature.asc
Description: Digital signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 0/2] Fix genericxml2xml test and avoid further mistakes

2016-06-23 Thread Martin Kletzander 

On Thu, Jun 23, 2016 at 03:32:32PM +0200, Peter Krempa wrote:

Peter Krempa (2):
 tests: genericxml2xml: Fix test file name
 tests: utils: Fail XML file comparison if input file doesn't exist

tests/genericxml2xmltest.c | 2 +-
tests/testutils.c  | 5 +
2 files changed, 6 insertions(+), 1 deletion(-)



ACK series


--
2.8.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list


signature.asc
Description: Digital signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 2/2] vz: support filesystem type volume

2016-06-23 Thread Nikolay Shirokovskiy 


On 08.04.2016 19:39, Olga Krishtal wrote:
> Vz containers are able to use ploop volumes from storage pools
> to work upon.
> 
> To use filesystem type volume, pool name and volume name should be
> specifaed in 
> 
> Signed-off-by: Olga Krishtal 
> ---
>  src/storage/storage_driver.c |   3 +
>  src/vz/vz_sdk.c  | 127 
> ++-
>  2 files changed, 105 insertions(+), 25 deletions(-)
> 
> diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c
> index 1d96618..c2c1483 100644
> --- a/src/storage/storage_driver.c
> +++ b/src/storage/storage_driver.c
> @@ -3348,6 +3348,9 @@ virStorageTranslateDiskSourcePool(virConnectPtr conn,
>  def->src->srcpool->actualtype = VIR_STORAGE_TYPE_BLOCK;
>  break;
>  
> +case VIR_STORAGE_VOL_PLOOP:
> +def->src->srcpool->actualtype = VIR_STORAGE_TYPE_FILE;
> +
>  case VIR_STORAGE_VOL_NETWORK:
>  case VIR_STORAGE_VOL_NETDIR:
>  virReportError(VIR_ERR_INTERNAL_ERROR,
> diff --git a/src/vz/vz_sdk.c b/src/vz/vz_sdk.c
> index 00f42b8..a8b2ffa 100644
> --- a/src/vz/vz_sdk.c
> +++ b/src/vz/vz_sdk.c
> @@ -31,6 +31,8 @@
>  #include "datatypes.h"
>  #include "domain_conf.h"
>  #include "virtime.h"
> +#include "dirname.h"

seems we don't use it

> +#include "storage/storage_driver.h"
>  
>  #include "vz_sdk.h"
>  
> @@ -570,8 +572,36 @@ prlsdkGetFSInfo(PRL_HANDLE prldisk,
>  PRL_UINT32 buflen = 0;
>  PRL_RESULT pret;
>  int ret = -1;
> +char *storage = NULL;
> +char **matches = NULL;
> +virURIPtr uri = NULL;
> +
> +pret = PrlVmDevHd_GetStorageURL(prldisk, NULL, );
> +prlsdkCheckRetGoto(pret, cleanup);
> +if (VIR_ALLOC_N(storage, buflen) < 0)
> +goto cleanup;
> +pret = PrlVmDevHd_GetStorageURL(prldisk, storage, );
> +prlsdkCheckRetGoto(pret, cleanup);

there is brand new prlsdkGetStringParamVar for getting strings from sdk

> +
> +if (!virStringIsEmpty(storage)) {
> +uri = virURIParse(storage);
> +if (!uri || STRNEQ("volume", uri->scheme))
> +goto cleanup;

second clause need error message

> +if (!(matches = virStringSplitCount(uri->path, "/", 0, NULL)))
> +goto cleanup;

check count or we have invalid pointers in matches[N]
or add matches[0] to the check.

> +if (!matches[1] || !matches[2])
> +goto cleanup;
> +fs->type = VIR_DOMAIN_FS_TYPE_VOLUME;
> +if (VIR_ALLOC(fs->src->srcpool) < 0)
> +goto cleanup;
> +if (VIR_STRDUP(fs->src->srcpool->pool, matches[1]) < 0)
> +goto cleanup;
> +if (VIR_STRDUP(fs->src->srcpool->volume, matches[2]) < 0)
> +goto cleanup;
> +} else {
> +fs->type = VIR_DOMAIN_FS_TYPE_FILE;

i think we should move setting fs->src->path under this branch, we
don't need this set in case of volume AFAIU

> +}
>  
> -fs->type = VIR_DOMAIN_FS_TYPE_FILE;
>  fs->fsdriver = VIR_DOMAIN_FS_DRIVER_TYPE_PLOOP;
>  fs->accessmode = VIR_DOMAIN_FS_ACCESSMODE_PASSTHROUGH;
>  fs->wrpolicy = VIR_DOMAIN_FS_WRPOLICY_DEFAULT;
> @@ -608,6 +638,9 @@ prlsdkGetFSInfo(PRL_HANDLE prldisk,
>  
>   cleanup:
>  VIR_FREE(buf);
> +VIR_FREE(storage);
> +virURIFree(uri);
> +virStringFreeList(matches);
>  return ret;
>  }
>  
> @@ -636,7 +669,7 @@ prlsdkAddDomainHardDisksInfo(vzConnPtr privconn, 
> PRL_HANDLE sdkdom, virDomainDef
>  
>  if (PDT_USE_REAL_DEVICE != emulatedType && IS_CT(def)) {
>  
> -if (VIR_ALLOC(fs) < 0)
> +if (!(fs = virDomainFSDefNew()))
>  goto error;
>  
>  if (prlsdkGetFSInfo(hdd, fs) < 0)
> @@ -2417,13 +2450,14 @@ static int 
> prlsdkCheckNetUnsupportedParams(virDomainNetDefPtr net)
>  
>  static int prlsdkCheckFSUnsupportedParams(virDomainFSDefPtr fs)
>  {
> -if (fs->type != VIR_DOMAIN_FS_TYPE_FILE) {
> +if (fs->type != VIR_DOMAIN_FS_TYPE_FILE &&
> +fs->type != VIR_DOMAIN_FS_TYPE_VOLUME) {
>  virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
> -   _("Only file based filesystems are "
> - "supported by vz driver."));
> +   _("Unsupported filesystem type."));
>  return -1;
>  }
>  
> +

unrelated, stricly speaking )

>  if (fs->fsdriver != VIR_DOMAIN_FS_DRIVER_TYPE_PLOOP) {
>  virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
> _("Only ploop fs driver is "
> @@ -3266,6 +3300,7 @@ prlsdkAddFS(PRL_HANDLE sdkdom, virDomainFSDefPtr fs)
>  PRL_RESULT pret;
>  PRL_HANDLE sdkdisk = PRL_INVALID_HANDLE;
>  int ret = -1;
> +char *storage = NULL;
>  
>  if (prlsdkCheckFSUnsupportedParams(fs) < 0)
>  return -1;
> @@ -3273,6 +3308,13 @@ prlsdkAddFS(PRL_HANDLE sdkdom, virDomainFSDefPtr fs)
>  pret = PrlVmCfg_CreateVmDev(sdkdom, PDE_HARD_DISK, );
>  prlsdkCheckRetGoto(pret,

Re: [libvirt] [PATCH 2/2] Add support for preallocated memory - xml2argv

2016-06-23 Thread Safka, JaroslavX 
If source is file then -object 
memory-backend-file,id=mem,size=1024M,mem-path=/var/lib/libvirt/qemu -numa 
node,memdev=mem should be added to the qemu commandline

If allocation is immediate then -mem-prealloc should be added to the qemu 
commanline.

If access is shared then the share=on parameter should be added to the 
memory-backend-file 
e.g.-object 
memory-backend-file,id=mem,size=1024M,mem-path=/var/lib/libvirt/qemu,share=on

-Original Message-
From: Martin Kletzander [mailto:mklet...@redhat.com] 
Sent: Thursday, June 23, 2016 3:42 PM
To: Safka, JaroslavX 
Cc: libvir-list@redhat.com; Mooney, Sean K ; Ptacek, 
MichalX 
Subject: Re: [libvirt] [PATCH 2/2] Add support for preallocated memory - 
xml2argv

On Thu, Jun 23, 2016 at 01:25:29PM +0100, Jaroslav Safka wrote:
>Add conversion from xml to argv for subelements source,access and 
>allocation of 
>
>This change introduces support for preallocated shared file descriptor 
>based memory backing.
>It allows vhost-user to be used without hugepages.
>

How does this show up in the guest?

>Configured by these elements:
>
>
>
> 
>---
> src/qemu/qemu_command.c| 56 ++
> src/qemu/qemu_command.h|  4 ++
> .../qemuxml2argv-memorybacking-set.args|  6 ++-
> tests/qemuxml2argvtest.c   |  3 ++
> 4 files changed, 68 insertions(+), 1 deletion(-)
>
>diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 
>6944129..321e71f 100644
>--- a/src/qemu/qemu_command.c
>+++ b/src/qemu/qemu_command.c
>@@ -9328,6 +9328,9 @@ qemuBuildCommandLine(virQEMUDriverPtr driver,
> if (qemuBuildNVRAMCommandLine(cmd, def, qemuCaps) < 0)
> goto error;
>
>+if (qemuBuildMemoryBackendCommandLine(cmd, def, qemuCaps) < 0)
>+goto error;
>+

So this is not accounted for in any of the memory sizes, right?

Shouldn't this be reflected in some of those virDomainDefGetMemory*() 
functions?  It probably depends on the answer to my previous question.

> if (snapshot)
> virCommandAddArgList(cmd, "-loadvm", snapshot->def->name, 
> NULL);
>
>@@ -9592,3 +9595,56 @@ qemuBuildChrDeviceStr(char **deviceStr,
>
> return ret;
> }
>+
>+static char *
>+qemuBuildMemoryBackendFileStr(const virDomainDef *def) {
>+virBuffer buf = VIR_BUFFER_INITIALIZER;
>+const char template[] = 
>+"memory-backend-file,id=mem,size=1024M,mem-path=/var/lib/libvirt/qemu"
>+;
>+

Wow, this seems highly configurable.  How come none of these options needs to 
be changed?  That doesn't seem right.

>+if (VIR_DOMAIN_MEMORY_ACCESS_SHARED == def->mem.access) {

As you might've noticed in the code, we don't do yoda conditions.

>+// add ",share=on" to -object memory-backend-file
>+virBufferAsprintf(, "%s,share=on", template);
>+} else {
>+virBufferAsprintf(, "%s", template);
>+}
>+

The virAsprintf() function should shorten this function a bit.

>+
>+if (virBufferCheckError() < 0)
>+goto error;
>+
>+return virBufferContentAndReset();
>+
>+ error:
>+virBufferFreeAndReset();
>+return NULL;
>+}
>+
>+
>+int
>+qemuBuildMemoryBackendCommandLine(virCommandPtr cmd,
>+  const virDomainDef *def,
>+  virQEMUCapsPtr qemuCaps 
>+__attribute__((unused))) {
>+char *optstr = NULL;
>+
>+if (VIR_DOMAIN_MEMORY_ALLOCATION_IMMEDIATE == def->mem.allocation) {
>+// add '-mem-prealloc'
>+virCommandAddArg(cmd, "-mem-prealloc");
>+}
>+
>+if (VIR_DOMAIN_MEMORY_SOURCE_FILE == def->mem.source) {
>+optstr = qemuBuildMemoryBackendFileStr(def);
>+if (optstr) {
>+virCommandAddArg(cmd, "-object");
>+virCommandAddArg(cmd, optstr);
>+VIR_FREE(optstr);
>+}
>+
>+// add '-object 
>memory-backend-file,id=mem,size=1024M,mem-path=/var/lib/libvirt/qemu'
>+// add '-numa node,memdev=mem'
>+virCommandAddArgList(cmd, "-numa", "node,memdev=mem", NULL);

This looks like it duplicates some of the code that is there already.
Couldn't this be handled more cleanly?  Could there be only part of that memory 
shared and not all of it?

>+}
>+
>+return 0;
>+}
>diff --git a/src/qemu/qemu_command.h b/src/qemu/qemu_command.h index 
>9ff4edb..f95d0ea 100644
>--- a/src/qemu/qemu_command.h
>+++ b/src/qemu/qemu_command.h
>@@ -175,5 +175,9 @@ bool qemuCheckCCWS390AddressSupport(const virDomainDef 
>*def,
> virDomainDeviceInfo info,
> virQEMUCapsPtr qemuCaps,
> const char *devicename);
>+int
>+qemuBuildMemoryBackendCommandLine(virCommandPtr cmd,
>+  const virDomainDef *def,
>+  virQEMUCapsPtr qemuCaps);
>

Not aligned.

> #endif /* __QEMU_COMMAND_H__*/

  1   2   >