1 /*
2 * qemu_conf.c: QEMU configuration management
3 *
4 * Copyright (C) 2006-2014 Red Hat, Inc.
5 * Copyright (C) 2006 Daniel P. Berrange
6 *
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library. If not, see
19 * <http://www.gnu.org/licenses/>.
20 */
21
22 #include <config.h>
23
24 #include <sys/types.h>
25 #include <sys/stat.h>
26 #include <unistd.h>
27 #include <fcntl.h>
28
29 #include "virerror.h"
30 #include "qemu_conf.h"
31 #include "qemu_capabilities.h"
32 #include "qemu_domain.h"
33 #include "qemu_firmware.h"
34 #include "qemu_namespace.h"
35 #include "qemu_security.h"
36 #include "viruuid.h"
37 #include "virbuffer.h"
38 #include "virconf.h"
39 #include "viralloc.h"
40 #include "datatypes.h"
41 #include "virxml.h"
42 #include "virlog.h"
43 #include "cpu/cpu.h"
44 #include "domain_driver.h"
45 #include "domain_nwfilter.h"
46 #include "virfile.h"
47 #include "virsocket.h"
48 #include "virstring.h"
49 #include "storage_conf.h"
50 #include "virutil.h"
51 #include "configmake.h"
52 #include "security/security_util.h"
53
54 #define VIR_FROM_THIS VIR_FROM_QEMU
55
56 VIR_LOG_INIT("qemu.qemu_conf");
57
58 /* These are only defaults, they can be changed now in qemu.conf and
59 * explicitly specified port is checked against these two (makes
60 * sense to limit the values).
61 *
62 * This limitation is mentioned in qemu.conf, so bear in mind that the
63 * configuration file should reflect any changes made to these values.
64 */
65 #define QEMU_REMOTE_PORT_MIN 5900
66 #define QEMU_REMOTE_PORT_MAX 65535
67
68 #define QEMU_WEBSOCKET_PORT_MIN 5700
69 #define QEMU_WEBSOCKET_PORT_MAX 65535
70
71 #define QEMU_MIGRATION_PORT_MIN 49152
72 #define QEMU_MIGRATION_PORT_MAX 49215
73
74 static virClass *virQEMUDriverConfigClass;
75 static void virQEMUDriverConfigDispose(void *obj);
76
virQEMUConfigOnceInit(void)77 static int virQEMUConfigOnceInit(void)
78 {
79 if (!VIR_CLASS_NEW(virQEMUDriverConfig, virClassForObject()))
80 return -1;
81
82 return 0;
83 }
84
85 VIR_ONCE_GLOBAL_INIT(virQEMUConfig);
86
87
88 static void
qemuDriverLock(virQEMUDriver * driver)89 qemuDriverLock(virQEMUDriver *driver)
90 {
91 virMutexLock(&driver->lock);
92 }
93 static void
qemuDriverUnlock(virQEMUDriver * driver)94 qemuDriverUnlock(virQEMUDriver *driver)
95 {
96 virMutexUnlock(&driver->lock);
97 }
98
99 #ifndef DEFAULT_LOADER_NVRAM
100 # define DEFAULT_LOADER_NVRAM \
101 "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd:" \
102 "/usr/share/OVMF/OVMF_CODE.secboot.fd:/usr/share/OVMF/OVMF_VARS.fd:" \
103 "/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd:" \
104 "/usr/share/AAVMF/AAVMF32_CODE.fd:/usr/share/AAVMF/AAVMF32_VARS.fd"
105 #endif
106
107
virQEMUDriverConfigNew(bool privileged,const char * root)108 virQEMUDriverConfig *virQEMUDriverConfigNew(bool privileged,
109 const char *root)
110 {
111 g_autoptr(virQEMUDriverConfig) cfg = NULL;
112
113 if (virQEMUConfigInitialize() < 0)
114 return NULL;
115
116 if (!(cfg = virObjectNew(virQEMUDriverConfigClass)))
117 return NULL;
118
119 if (root) {
120 cfg->uri = g_strdup_printf("qemu:///embed?root=%s", root);
121 } else {
122 cfg->uri = g_strdup(privileged ? "qemu:///system" : "qemu:///session");
123 }
124
125 if (privileged) {
126 if (virGetUserID(QEMU_USER, &cfg->user) < 0)
127 return NULL;
128 if (virGetGroupID(QEMU_GROUP, &cfg->group) < 0)
129 return NULL;
130 } else {
131 cfg->user = (uid_t)-1;
132 cfg->group = (gid_t)-1;
133 }
134 cfg->dynamicOwnership = privileged;
135
136 if (privileged)
137 cfg->rememberOwner = virSecurityXATTRNamespaceDefined();
138 else
139 cfg->rememberOwner = false;
140
141 cfg->cgroupControllers = -1; /* -1 == auto-detect */
142
143 if (root != NULL) {
144 cfg->logDir = g_strdup_printf("%s/log/qemu", root);
145 cfg->swtpmLogDir = g_strdup_printf("%s/log/swtpm", root);
146 cfg->configBaseDir = g_strdup_printf("%s/etc", root);
147 cfg->stateDir = g_strdup_printf("%s/run/qemu", root);
148 cfg->swtpmStateDir = g_strdup_printf("%s/run/swtpm", root);
149 cfg->cacheDir = g_strdup_printf("%s/cache/qemu", root);
150 cfg->libDir = g_strdup_printf("%s/lib/qemu", root);
151 cfg->swtpmStorageDir = g_strdup_printf("%s/lib/swtpm", root);
152
153 cfg->saveDir = g_strdup_printf("%s/save", cfg->libDir);
154 cfg->snapshotDir = g_strdup_printf("%s/snapshot", cfg->libDir);
155 cfg->checkpointDir = g_strdup_printf("%s/checkpoint", cfg->libDir);
156 cfg->autoDumpPath = g_strdup_printf("%s/dump", cfg->libDir);
157 cfg->channelTargetDir = g_strdup_printf("%s/channel/target", cfg->libDir);
158 cfg->nvramDir = g_strdup_printf("%s/nvram", cfg->libDir);
159 cfg->memoryBackingDir = g_strdup_printf("%s/ram", cfg->libDir);
160 } else if (privileged) {
161 cfg->logDir = g_strdup_printf("%s/log/libvirt/qemu", LOCALSTATEDIR);
162
163 cfg->swtpmLogDir = g_strdup_printf("%s/log/swtpm/libvirt/qemu",
164 LOCALSTATEDIR);
165
166 cfg->configBaseDir = g_strdup(SYSCONFDIR "/libvirt");
167
168 cfg->stateDir = g_strdup_printf("%s/libvirt/qemu", RUNSTATEDIR);
169
170 cfg->swtpmStateDir = g_strdup_printf("%s/libvirt/qemu/swtpm", RUNSTATEDIR);
171
172 cfg->cacheDir = g_strdup_printf("%s/cache/libvirt/qemu", LOCALSTATEDIR);
173
174 cfg->libDir = g_strdup_printf("%s/lib/libvirt/qemu", LOCALSTATEDIR);
175 cfg->saveDir = g_strdup_printf("%s/save", cfg->libDir);
176 cfg->snapshotDir = g_strdup_printf("%s/snapshot", cfg->libDir);
177 cfg->checkpointDir = g_strdup_printf("%s/checkpoint", cfg->libDir);
178 cfg->autoDumpPath = g_strdup_printf("%s/dump", cfg->libDir);
179 cfg->channelTargetDir = g_strdup_printf("%s/channel/target", cfg->libDir);
180 cfg->nvramDir = g_strdup_printf("%s/nvram", cfg->libDir);
181 cfg->memoryBackingDir = g_strdup_printf("%s/ram", cfg->libDir);
182 cfg->swtpmStorageDir = g_strdup_printf("%s/lib/libvirt/swtpm",
183 LOCALSTATEDIR);
184 if (!virDoesUserExist("tss") ||
185 virGetUserID("tss", &cfg->swtpm_user) < 0)
186 cfg->swtpm_user = 0; /* fall back to root */
187 if (!virDoesGroupExist("tss") ||
188 virGetGroupID("tss", &cfg->swtpm_group) < 0)
189 cfg->swtpm_group = 0; /* fall back to root */
190 } else {
191 g_autofree char *rundir = NULL;
192 g_autofree char *cachedir = NULL;
193
194 cachedir = virGetUserCacheDirectory();
195
196 cfg->logDir = g_strdup_printf("%s/qemu/log", cachedir);
197 cfg->swtpmLogDir = g_strdup_printf("%s/qemu/log", cachedir);
198 cfg->cacheDir = g_strdup_printf("%s/qemu/cache", cachedir);
199
200 rundir = virGetUserRuntimeDirectory();
201 cfg->stateDir = g_strdup_printf("%s/qemu/run", rundir);
202
203 cfg->swtpmStateDir = g_strdup_printf("%s/swtpm", cfg->stateDir);
204
205 cfg->configBaseDir = virGetUserConfigDirectory();
206
207 cfg->libDir = g_strdup_printf("%s/qemu/lib", cfg->configBaseDir);
208 cfg->saveDir = g_strdup_printf("%s/qemu/save", cfg->configBaseDir);
209 cfg->snapshotDir = g_strdup_printf("%s/qemu/snapshot", cfg->configBaseDir);
210 cfg->checkpointDir = g_strdup_printf("%s/qemu/checkpoint",
211 cfg->configBaseDir);
212 cfg->autoDumpPath = g_strdup_printf("%s/qemu/dump", cfg->configBaseDir);
213 cfg->channelTargetDir = g_strdup_printf("%s/qemu/channel/target",
214 cfg->configBaseDir);
215 cfg->nvramDir = g_strdup_printf("%s/qemu/nvram", cfg->configBaseDir);
216 cfg->memoryBackingDir = g_strdup_printf("%s/qemu/ram", cfg->configBaseDir);
217 cfg->swtpmStorageDir = g_strdup_printf("%s/qemu/swtpm",
218 cfg->configBaseDir);
219 }
220
221 if (privileged) {
222 if (!virDoesUserExist("tss") ||
223 virGetUserID("tss", &cfg->swtpm_user) < 0)
224 cfg->swtpm_user = 0; /* fall back to root */
225 if (!virDoesGroupExist("tss") ||
226 virGetGroupID("tss", &cfg->swtpm_group) < 0)
227 cfg->swtpm_group = 0; /* fall back to root */
228 } else {
229 cfg->swtpm_user = (uid_t)-1;
230 cfg->swtpm_group = (gid_t)-1;
231 }
232
233 cfg->configDir = g_strdup_printf("%s/qemu", cfg->configBaseDir);
234 cfg->autostartDir = g_strdup_printf("%s/qemu/autostart", cfg->configBaseDir);
235 cfg->slirpStateDir = g_strdup_printf("%s/slirp", cfg->stateDir);
236 cfg->dbusStateDir = g_strdup_printf("%s/dbus", cfg->stateDir);
237
238 /* Set the default directory to find TLS X.509 certificates.
239 * This will then be used as a fallback if the service specific
240 * directory doesn't exist (although we don't check if this exists).
241 */
242 if (root == NULL) {
243 cfg->defaultTLSx509certdir = g_strdup(SYSCONFDIR "/pki/qemu");
244 } else {
245 cfg->defaultTLSx509certdir = g_strdup_printf("%s/etc/pki/qemu", root);
246 }
247
248 cfg->vncListen = g_strdup(VIR_LOOPBACK_IPV4_ADDR);
249 cfg->spiceListen = g_strdup(VIR_LOOPBACK_IPV4_ADDR);
250
251 cfg->remotePortMin = QEMU_REMOTE_PORT_MIN;
252 cfg->remotePortMax = QEMU_REMOTE_PORT_MAX;
253
254 cfg->webSocketPortMin = QEMU_WEBSOCKET_PORT_MIN;
255 cfg->webSocketPortMax = QEMU_WEBSOCKET_PORT_MAX;
256
257 cfg->migrationPortMin = QEMU_MIGRATION_PORT_MIN;
258 cfg->migrationPortMax = QEMU_MIGRATION_PORT_MAX;
259
260 /* For privileged driver, try and find hugetlbfs mounts automatically.
261 * Non-privileged driver requires admin to create a dir for the
262 * user, chown it, and then let user configure it manually. */
263 if (privileged &&
264 virFileFindHugeTLBFS(&cfg->hugetlbfs, &cfg->nhugetlbfs) < 0) {
265 /* This however is not implemented on all platforms. */
266 if (virGetLastErrorCode() != VIR_ERR_NO_SUPPORT)
267 return NULL;
268 }
269
270 cfg->bridgeHelperName = g_strdup(QEMU_BRIDGE_HELPER);
271 cfg->prHelperName = g_strdup(QEMU_PR_HELPER);
272 cfg->slirpHelperName = g_strdup(QEMU_SLIRP_HELPER);
273 cfg->dbusDaemonName = g_strdup(QEMU_DBUS_DAEMON);
274
275 cfg->securityDefaultConfined = true;
276 cfg->securityRequireConfined = false;
277
278 cfg->keepAliveInterval = 5;
279 cfg->keepAliveCount = 5;
280 cfg->seccompSandbox = -1;
281
282 cfg->logTimestamp = true;
283 cfg->glusterDebugLevel = 4;
284 cfg->stdioLogD = true;
285
286 cfg->namespaces = virBitmapNew(QEMU_DOMAIN_NS_LAST);
287
288 if (privileged &&
289 qemuDomainNamespaceAvailable(QEMU_DOMAIN_NS_MOUNT) &&
290 virBitmapSetBit(cfg->namespaces, QEMU_DOMAIN_NS_MOUNT) < 0)
291 return NULL;
292
293 if (virFirmwareParseList(DEFAULT_LOADER_NVRAM,
294 &cfg->firmwares,
295 &cfg->nfirmwares) < 0)
296 return NULL;
297
298 cfg->deprecationBehavior = g_strdup("none");
299
300 return g_steal_pointer(&cfg);
301 }
302
303
virQEMUDriverConfigDispose(void * obj)304 static void virQEMUDriverConfigDispose(void *obj)
305 {
306 virQEMUDriverConfig *cfg = obj;
307
308 virBitmapFree(cfg->namespaces);
309
310 g_strfreev(cfg->cgroupDeviceACL);
311 g_free(cfg->uri);
312
313 g_free(cfg->configBaseDir);
314 g_free(cfg->configDir);
315 g_free(cfg->autostartDir);
316 g_free(cfg->logDir);
317 g_free(cfg->swtpmLogDir);
318 g_free(cfg->stateDir);
319 g_free(cfg->swtpmStateDir);
320 g_free(cfg->slirpStateDir);
321 g_free(cfg->dbusStateDir);
322
323 g_free(cfg->libDir);
324 g_free(cfg->cacheDir);
325 g_free(cfg->saveDir);
326 g_free(cfg->snapshotDir);
327 g_free(cfg->checkpointDir);
328 g_free(cfg->channelTargetDir);
329 g_free(cfg->nvramDir);
330
331 g_free(cfg->defaultTLSx509certdir);
332 g_free(cfg->defaultTLSx509secretUUID);
333
334 g_free(cfg->vncTLSx509certdir);
335 g_free(cfg->vncTLSx509secretUUID);
336 g_free(cfg->vncListen);
337 g_free(cfg->vncPassword);
338 g_free(cfg->vncSASLdir);
339
340 g_free(cfg->spiceTLSx509certdir);
341 g_free(cfg->spiceListen);
342 g_free(cfg->spicePassword);
343 g_free(cfg->spiceSASLdir);
344
345 g_free(cfg->chardevTLSx509certdir);
346 g_free(cfg->chardevTLSx509secretUUID);
347
348 g_free(cfg->vxhsTLSx509certdir);
349 g_free(cfg->vxhsTLSx509secretUUID);
350
351 g_free(cfg->nbdTLSx509certdir);
352 g_free(cfg->nbdTLSx509secretUUID);
353
354 g_free(cfg->migrateTLSx509certdir);
355 g_free(cfg->migrateTLSx509secretUUID);
356
357 g_free(cfg->backupTLSx509certdir);
358 g_free(cfg->backupTLSx509secretUUID);
359
360 while (cfg->nhugetlbfs) {
361 cfg->nhugetlbfs--;
362 g_free(cfg->hugetlbfs[cfg->nhugetlbfs].mnt_dir);
363 }
364 g_free(cfg->hugetlbfs);
365 g_free(cfg->bridgeHelperName);
366 g_free(cfg->prHelperName);
367 g_free(cfg->slirpHelperName);
368 g_free(cfg->dbusDaemonName);
369
370 g_free(cfg->saveImageFormat);
371 g_free(cfg->dumpImageFormat);
372 g_free(cfg->snapshotImageFormat);
373 g_free(cfg->autoDumpPath);
374
375 g_strfreev(cfg->securityDriverNames);
376
377 g_free(cfg->lockManagerName);
378
379 virFirmwareFreeList(cfg->firmwares, cfg->nfirmwares);
380
381 g_free(cfg->memoryBackingDir);
382 g_free(cfg->swtpmStorageDir);
383
384 g_strfreev(cfg->capabilityfilters);
385
386 g_free(cfg->deprecationBehavior);
387 }
388
389
390 static int
virQEMUDriverConfigHugeTLBFSInit(virHugeTLBFS * hugetlbfs,const char * path,bool deflt)391 virQEMUDriverConfigHugeTLBFSInit(virHugeTLBFS *hugetlbfs,
392 const char *path,
393 bool deflt)
394 {
395 hugetlbfs->mnt_dir = g_strdup(path);
396 if (virFileGetHugepageSize(path, &hugetlbfs->size) < 0)
397 return -1;
398
399 hugetlbfs->deflt = deflt;
400 return 0;
401 }
402
403
404 static int
virQEMUDriverConfigLoadDefaultTLSEntry(virQEMUDriverConfig * cfg,virConf * conf)405 virQEMUDriverConfigLoadDefaultTLSEntry(virQEMUDriverConfig *cfg,
406 virConf *conf)
407 {
408 int rv;
409
410 if ((rv = virConfGetValueString(conf, "default_tls_x509_cert_dir", &cfg->defaultTLSx509certdir)) < 0)
411 return -1;
412 cfg->defaultTLSx509certdirPresent = (rv == 1);
413 if ((rv = virConfGetValueBool(conf, "default_tls_x509_verify", &cfg->defaultTLSx509verify)) < 0)
414 return -1;
415 if (rv == 1)
416 cfg->defaultTLSx509verifyPresent = true;
417 if (virConfGetValueString(conf, "default_tls_x509_secret_uuid",
418 &cfg->defaultTLSx509secretUUID) < 0)
419 return -1;
420
421 return 0;
422 }
423
424
425 static int
virQEMUDriverConfigLoadVNCEntry(virQEMUDriverConfig * cfg,virConf * conf)426 virQEMUDriverConfigLoadVNCEntry(virQEMUDriverConfig *cfg,
427 virConf *conf)
428 {
429 int rv;
430
431 if (virConfGetValueBool(conf, "vnc_auto_unix_socket", &cfg->vncAutoUnixSocket) < 0)
432 return -1;
433 if (virConfGetValueBool(conf, "vnc_tls", &cfg->vncTLS) < 0)
434 return -1;
435 if ((rv = virConfGetValueBool(conf, "vnc_tls_x509_verify", &cfg->vncTLSx509verify)) < 0)
436 return -1;
437 if (rv == 1)
438 cfg->vncTLSx509verifyPresent = true;
439 if (virConfGetValueString(conf, "vnc_tls_x509_cert_dir", &cfg->vncTLSx509certdir) < 0)
440 return -1;
441 if (virConfGetValueString(conf, "vnc_tls_x509_secret_uuid", &cfg->vncTLSx509secretUUID) < 0)
442 return -1;
443 if (virConfGetValueString(conf, "vnc_listen", &cfg->vncListen) < 0)
444 return -1;
445 if (virConfGetValueString(conf, "vnc_password", &cfg->vncPassword) < 0)
446 return -1;
447 if (virConfGetValueBool(conf, "vnc_sasl", &cfg->vncSASL) < 0)
448 return -1;
449 if (virConfGetValueString(conf, "vnc_sasl_dir", &cfg->vncSASLdir) < 0)
450 return -1;
451 if (virConfGetValueBool(conf, "vnc_allow_host_audio", &cfg->vncAllowHostAudio) < 0)
452 return -1;
453
454 return 0;
455 }
456
457
458 static int
virQEMUDriverConfigLoadNographicsEntry(virQEMUDriverConfig * cfg,virConf * conf)459 virQEMUDriverConfigLoadNographicsEntry(virQEMUDriverConfig *cfg,
460 virConf *conf)
461 {
462 return virConfGetValueBool(conf, "nographics_allow_host_audio", &cfg->nogfxAllowHostAudio);
463 }
464
465
466 static int
virQEMUDriverConfigLoadSPICEEntry(virQEMUDriverConfig * cfg,virConf * conf)467 virQEMUDriverConfigLoadSPICEEntry(virQEMUDriverConfig *cfg,
468 virConf *conf)
469 {
470 if (virConfGetValueBool(conf, "spice_tls", &cfg->spiceTLS) < 0)
471 return -1;
472 if (virConfGetValueString(conf, "spice_tls_x509_cert_dir", &cfg->spiceTLSx509certdir) < 0)
473 return -1;
474 if (virConfGetValueBool(conf, "spice_sasl", &cfg->spiceSASL) < 0)
475 return -1;
476 if (virConfGetValueString(conf, "spice_sasl_dir", &cfg->spiceSASLdir) < 0)
477 return -1;
478 if (virConfGetValueString(conf, "spice_listen", &cfg->spiceListen) < 0)
479 return -1;
480 if (virConfGetValueString(conf, "spice_password", &cfg->spicePassword) < 0)
481 return -1;
482 if (virConfGetValueBool(conf, "spice_auto_unix_socket", &cfg->spiceAutoUnixSocket) < 0)
483 return -1;
484
485 return 0;
486 }
487
488
489 static int
virQEMUDriverConfigLoadSpecificTLSEntry(virQEMUDriverConfig * cfg,virConf * conf)490 virQEMUDriverConfigLoadSpecificTLSEntry(virQEMUDriverConfig *cfg,
491 virConf *conf)
492 {
493 int rv;
494
495 if (virConfGetValueBool(conf, "vxhs_tls", &cfg->vxhsTLS) < 0)
496 return -1;
497 if (virConfGetValueBool(conf, "nbd_tls", &cfg->nbdTLS) < 0)
498 return -1;
499 if (virConfGetValueBool(conf, "chardev_tls", &cfg->chardevTLS) < 0)
500 return -1;
501 if (virConfGetValueBool(conf, "migrate_tls_force", &cfg->migrateTLSForce) < 0)
502 return -1;
503
504 #define GET_CONFIG_TLS_CERTINFO_COMMON(val) \
505 do { \
506 if (virConfGetValueString(conf, #val "_tls_x509_cert_dir", \
507 &cfg->val## TLSx509certdir) < 0) \
508 return -1; \
509 if (virConfGetValueString(conf, \
510 #val "_tls_x509_secret_uuid", \
511 &cfg->val## TLSx509secretUUID) < 0) \
512 return -1; \
513 } while (0)
514
515 #define GET_CONFIG_TLS_CERTINFO_SERVER(val) \
516 do { \
517 if ((rv = virConfGetValueBool(conf, #val "_tls_x509_verify", \
518 &cfg->val## TLSx509verify)) < 0) \
519 return -1; \
520 if (rv == 1) \
521 cfg->val## TLSx509verifyPresent = true; \
522 } while (0)
523
524 GET_CONFIG_TLS_CERTINFO_COMMON(chardev);
525 GET_CONFIG_TLS_CERTINFO_SERVER(chardev);
526
527 GET_CONFIG_TLS_CERTINFO_COMMON(migrate);
528 GET_CONFIG_TLS_CERTINFO_SERVER(migrate);
529
530 GET_CONFIG_TLS_CERTINFO_COMMON(backup);
531 GET_CONFIG_TLS_CERTINFO_SERVER(backup);
532
533 GET_CONFIG_TLS_CERTINFO_COMMON(vxhs);
534
535 GET_CONFIG_TLS_CERTINFO_COMMON(nbd);
536
537 #undef GET_CONFIG_TLS_CERTINFO_COMMON
538 #undef GET_CONFIG_TLS_CERTINFO_SERVER
539 return 0;
540 }
541
542
543 static int
virQEMUDriverConfigLoadRemoteDisplayEntry(virQEMUDriverConfig * cfg,virConf * conf,const char * filename)544 virQEMUDriverConfigLoadRemoteDisplayEntry(virQEMUDriverConfig *cfg,
545 virConf *conf,
546 const char *filename)
547 {
548 if (virConfGetValueUInt(conf, "remote_websocket_port_min", &cfg->webSocketPortMin) < 0)
549 return -1;
550 if (cfg->webSocketPortMin < QEMU_WEBSOCKET_PORT_MIN) {
551 /* if the port is too low, we can't get the display name
552 * to tell to vnc (usually subtract 5700, e.g. localhost:1
553 * for port 5701) */
554 virReportError(VIR_ERR_INTERNAL_ERROR,
555 _("%s: remote_websocket_port_min: port must be greater "
556 "than or equal to %d"),
557 filename, QEMU_WEBSOCKET_PORT_MIN);
558 return -1;
559 }
560
561 if (virConfGetValueUInt(conf, "remote_websocket_port_max", &cfg->webSocketPortMax) < 0)
562 return -1;
563 if (cfg->webSocketPortMax > QEMU_WEBSOCKET_PORT_MAX ||
564 cfg->webSocketPortMax < cfg->webSocketPortMin) {
565 virReportError(VIR_ERR_INTERNAL_ERROR,
566 _("%s: remote_websocket_port_max: port must be between "
567 "the minimal port and %d"),
568 filename, QEMU_WEBSOCKET_PORT_MAX);
569 return -1;
570 }
571
572 if (cfg->webSocketPortMin > cfg->webSocketPortMax) {
573 virReportError(VIR_ERR_INTERNAL_ERROR,
574 _("%s: remote_websocket_port_min: min port must not be "
575 "greater than max port"), filename);
576 return -1;
577 }
578
579 if (virConfGetValueUInt(conf, "remote_display_port_min", &cfg->remotePortMin) < 0)
580 return -1;
581 if (cfg->remotePortMin < QEMU_REMOTE_PORT_MIN) {
582 /* if the port is too low, we can't get the display name
583 * to tell to vnc (usually subtract 5900, e.g. localhost:1
584 * for port 5901) */
585 virReportError(VIR_ERR_INTERNAL_ERROR,
586 _("%s: remote_display_port_min: port must be greater "
587 "than or equal to %d"),
588 filename, QEMU_REMOTE_PORT_MIN);
589 return -1;
590 }
591
592 if (virConfGetValueUInt(conf, "remote_display_port_max", &cfg->remotePortMax) < 0)
593 return -1;
594 if (cfg->remotePortMax > QEMU_REMOTE_PORT_MAX ||
595 cfg->remotePortMax < cfg->remotePortMin) {
596 virReportError(VIR_ERR_INTERNAL_ERROR,
597 _("%s: remote_display_port_max: port must be between "
598 "the minimal port and %d"),
599 filename, QEMU_REMOTE_PORT_MAX);
600 return -1;
601 }
602
603 if (cfg->remotePortMin > cfg->remotePortMax) {
604 virReportError(VIR_ERR_INTERNAL_ERROR,
605 _("%s: remote_display_port_min: min port must not be "
606 "greater than max port"), filename);
607 return -1;
608 }
609
610 return 0;
611 }
612
613
614 static int
virQEMUDriverConfigLoadSaveEntry(virQEMUDriverConfig * cfg,virConf * conf)615 virQEMUDriverConfigLoadSaveEntry(virQEMUDriverConfig *cfg,
616 virConf *conf)
617 {
618 if (virConfGetValueString(conf, "save_image_format", &cfg->saveImageFormat) < 0)
619 return -1;
620 if (virConfGetValueString(conf, "dump_image_format", &cfg->dumpImageFormat) < 0)
621 return -1;
622 if (virConfGetValueString(conf, "snapshot_image_format", &cfg->snapshotImageFormat) < 0)
623 return -1;
624 if (virConfGetValueString(conf, "auto_dump_path", &cfg->autoDumpPath) < 0)
625 return -1;
626 if (virConfGetValueBool(conf, "auto_dump_bypass_cache", &cfg->autoDumpBypassCache) < 0)
627 return -1;
628 if (virConfGetValueBool(conf, "auto_start_bypass_cache", &cfg->autoStartBypassCache) < 0)
629 return -1;
630
631 return 0;
632 }
633
634
635 static int
virQEMUDriverConfigLoadProcessEntry(virQEMUDriverConfig * cfg,virConf * conf)636 virQEMUDriverConfigLoadProcessEntry(virQEMUDriverConfig *cfg,
637 virConf *conf)
638 {
639 g_auto(GStrv) hugetlbfs = NULL;
640 g_autofree char *stdioHandler = NULL;
641 g_autofree char *corestr = NULL;
642 size_t i;
643
644 if (virConfGetValueStringList(conf, "hugetlbfs_mount", true,
645 &hugetlbfs) < 0)
646 return -1;
647 if (hugetlbfs) {
648 /* There already might be something autodetected. Avoid leaking it. */
649 while (cfg->nhugetlbfs) {
650 cfg->nhugetlbfs--;
651 VIR_FREE(cfg->hugetlbfs[cfg->nhugetlbfs].mnt_dir);
652 }
653 VIR_FREE(cfg->hugetlbfs);
654
655 cfg->nhugetlbfs = g_strv_length(hugetlbfs);
656 if (hugetlbfs[0])
657 cfg->hugetlbfs = g_new0(virHugeTLBFS, cfg->nhugetlbfs);
658
659 for (i = 0; hugetlbfs[i] != NULL; i++) {
660 if (virQEMUDriverConfigHugeTLBFSInit(&cfg->hugetlbfs[i],
661 hugetlbfs[i], i != 0) < 0)
662 return -1;
663 }
664 }
665
666 if (virConfGetValueString(conf, "bridge_helper", &cfg->bridgeHelperName) < 0)
667 return -1;
668
669 if (virConfGetValueString(conf, "pr_helper", &cfg->prHelperName) < 0)
670 return -1;
671
672 if (virConfGetValueString(conf, "slirp_helper", &cfg->slirpHelperName) < 0)
673 return -1;
674
675 if (virConfGetValueString(conf, "dbus_daemon", &cfg->dbusDaemonName) < 0)
676 return -1;
677
678 if (virConfGetValueBool(conf, "set_process_name", &cfg->setProcessName) < 0)
679 return -1;
680 if (virConfGetValueUInt(conf, "max_processes", &cfg->maxProcesses) < 0)
681 return -1;
682 if (virConfGetValueUInt(conf, "max_files", &cfg->maxFiles) < 0)
683 return -1;
684 if (virConfGetValueUInt(conf, "max_threads_per_process", &cfg->maxThreadsPerProc) < 0)
685 return -1;
686
687 if (virConfGetValueType(conf, "max_core") == VIR_CONF_STRING) {
688 if (virConfGetValueString(conf, "max_core", &corestr) < 0)
689 return -1;
690 if (STREQ(corestr, "unlimited")) {
691 cfg->maxCore = ULLONG_MAX;
692 } else {
693 virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
694 _("Unknown core size '%s'"),
695 corestr);
696 return -1;
697 }
698 } else if (virConfGetValueULLong(conf, "max_core", &cfg->maxCore) < 0) {
699 return -1;
700 }
701
702 if (virConfGetValueBool(conf, "dump_guest_core", &cfg->dumpGuestCore) < 0)
703 return -1;
704 if (virConfGetValueString(conf, "stdio_handler", &stdioHandler) < 0)
705 return -1;
706 if (stdioHandler) {
707 if (STREQ(stdioHandler, "logd")) {
708 cfg->stdioLogD = true;
709 } else if (STREQ(stdioHandler, "file")) {
710 cfg->stdioLogD = false;
711 } else {
712 virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
713 _("Unknown stdio handler %s"),
714 stdioHandler);
715 return -1;
716 }
717 }
718
719 return 0;
720 }
721
722
723 static int
virQEMUDriverConfigLoadDeviceEntry(virQEMUDriverConfig * cfg,virConf * conf)724 virQEMUDriverConfigLoadDeviceEntry(virQEMUDriverConfig *cfg,
725 virConf *conf)
726 {
727 bool tmp;
728 int rv;
729
730 if (virConfGetValueBool(conf, "mac_filter", &cfg->macFilter) < 0)
731 return -1;
732
733 if (virConfGetValueBool(conf, "relaxed_acs_check", &cfg->relaxedACS) < 0)
734 return -1;
735 if (virConfGetValueString(conf, "lock_manager", &cfg->lockManagerName) < 0)
736 return -1;
737 if ((rv = virConfGetValueBool(conf, "allow_disk_format_probing", &tmp)) < 0)
738 return -1;
739 if (rv == 1 && tmp) {
740 virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
741 _("allow_disk_format_probing is no longer supported"));
742 return -1;
743 }
744
745 return 0;
746 }
747
748
749 static int
virQEMUDriverConfigLoadRPCEntry(virQEMUDriverConfig * cfg,virConf * conf)750 virQEMUDriverConfigLoadRPCEntry(virQEMUDriverConfig *cfg,
751 virConf *conf)
752 {
753 if (virConfGetValueUInt(conf, "max_queued", &cfg->maxQueuedJobs) < 0)
754 return -1;
755 if (virConfGetValueInt(conf, "keepalive_interval", &cfg->keepAliveInterval) < 0)
756 return -1;
757 if (virConfGetValueUInt(conf, "keepalive_count", &cfg->keepAliveCount) < 0)
758 return -1;
759
760 return 0;
761 }
762
763
764 static int
virQEMUDriverConfigLoadNetworkEntry(virQEMUDriverConfig * cfg,virConf * conf,const char * filename)765 virQEMUDriverConfigLoadNetworkEntry(virQEMUDriverConfig *cfg,
766 virConf *conf,
767 const char *filename)
768 {
769 if (virConfGetValueUInt(conf, "migration_port_min", &cfg->migrationPortMin) < 0)
770 return -1;
771 if (cfg->migrationPortMin <= 0) {
772 virReportError(VIR_ERR_INTERNAL_ERROR,
773 _("%s: migration_port_min: port must be greater than 0"),
774 filename);
775 return -1;
776 }
777
778 if (virConfGetValueUInt(conf, "migration_port_max", &cfg->migrationPortMax) < 0)
779 return -1;
780 if (cfg->migrationPortMax > 65535 ||
781 cfg->migrationPortMax < cfg->migrationPortMin) {
782 virReportError(VIR_ERR_INTERNAL_ERROR,
783 _("%s: migration_port_max: port must be between "
784 "the minimal port %d and 65535"),
785 filename, cfg->migrationPortMin);
786 return -1;
787 }
788
789 if (virConfGetValueString(conf, "migration_host", &cfg->migrateHost) < 0)
790 return -1;
791 virStringStripIPv6Brackets(cfg->migrateHost);
792 if (cfg->migrateHost &&
793 (STRPREFIX(cfg->migrateHost, "localhost") ||
794 virSocketAddrIsNumericLocalhost(cfg->migrateHost))) {
795 virReportError(VIR_ERR_CONF_SYNTAX,
796 _("migration_host must not be the address of"
797 " the local machine: %s"),
798 cfg->migrateHost);
799 return -1;
800 }
801
802 if (virConfGetValueString(conf, "migration_address", &cfg->migrationAddress) < 0)
803 return -1;
804 virStringStripIPv6Brackets(cfg->migrationAddress);
805 if (cfg->migrationAddress &&
806 (STRPREFIX(cfg->migrationAddress, "localhost") ||
807 virSocketAddrIsNumericLocalhost(cfg->migrationAddress))) {
808 virReportError(VIR_ERR_CONF_SYNTAX,
809 _("migration_address must not be the address of"
810 " the local machine: %s"),
811 cfg->migrationAddress);
812 return -1;
813 }
814
815 return 0;
816 }
817
818
819 static int
virQEMUDriverConfigLoadLogEntry(virQEMUDriverConfig * cfg,virConf * conf)820 virQEMUDriverConfigLoadLogEntry(virQEMUDriverConfig *cfg,
821 virConf *conf)
822 {
823 return virConfGetValueBool(conf, "log_timestamp", &cfg->logTimestamp);
824 }
825
826
827 static int
virQEMUDriverConfigLoadNVRAMEntry(virQEMUDriverConfig * cfg,virConf * conf,bool privileged)828 virQEMUDriverConfigLoadNVRAMEntry(virQEMUDriverConfig *cfg,
829 virConf *conf,
830 bool privileged)
831 {
832 g_auto(GStrv) nvram = NULL;
833 size_t i;
834
835 if (virConfGetValueStringList(conf, "nvram", false, &nvram) < 0)
836 return -1;
837 if (nvram) {
838 g_auto(GStrv) fwList = NULL;
839
840 virFirmwareFreeList(cfg->firmwares, cfg->nfirmwares);
841 cfg->firmwares = NULL;
842 cfg->nfirmwares = 0;
843
844 if (qemuFirmwareFetchConfigs(&fwList, privileged) < 0)
845 return -1;
846
847 if (fwList) {
848 VIR_WARN("Obsolete nvram variable is set while firmware metadata "
849 "files found. Note that the nvram config file variable is "
850 "going to be ignored.");
851 return 0;
852 }
853
854 cfg->nfirmwares = g_strv_length(nvram);
855 cfg->firmwares = g_new0(virFirmware *, cfg->nfirmwares);
856
857 for (i = 0; nvram[i] != NULL; i++) {
858 cfg->firmwares[i] = g_new0(virFirmware, 1);
859 if (virFirmwareParse(nvram[i], cfg->firmwares[i]) < 0)
860 return -1;
861 }
862 }
863
864 return 0;
865 }
866
867
868 static int
virQEMUDriverConfigLoadDebugEntry(virQEMUDriverConfig * cfg,virConf * conf)869 virQEMUDriverConfigLoadDebugEntry(virQEMUDriverConfig *cfg,
870 virConf *conf)
871 {
872 if (virConfGetValueUInt(conf, "gluster_debug_level", &cfg->glusterDebugLevel) < 0)
873 return -1;
874 if (virConfGetValueBool(conf, "virtiofsd_debug", &cfg->virtiofsdDebug) < 0)
875 return -1;
876 if (virConfGetValueString(conf, "deprecation_behavior", &cfg->deprecationBehavior) < 0)
877 return -1;
878
879 return 0;
880 }
881
882
883 static int
virQEMUDriverConfigLoadSecurityEntry(virQEMUDriverConfig * cfg,virConf * conf,bool privileged)884 virQEMUDriverConfigLoadSecurityEntry(virQEMUDriverConfig *cfg,
885 virConf *conf,
886 bool privileged)
887 {
888 g_auto(GStrv) controllers = NULL;
889 g_auto(GStrv) namespaces = NULL;
890 g_autofree char *user = NULL;
891 g_autofree char *group = NULL;
892 size_t i, j;
893
894 if (virConfGetValueStringList(conf, "security_driver", true, &cfg->securityDriverNames) < 0)
895 return -1;
896
897 for (i = 0; cfg->securityDriverNames && cfg->securityDriverNames[i] != NULL; i++) {
898 for (j = i + 1; cfg->securityDriverNames[j] != NULL; j++) {
899 if (STREQ(cfg->securityDriverNames[i],
900 cfg->securityDriverNames[j])) {
901 virReportError(VIR_ERR_CONF_SYNTAX,
902 _("Duplicate security driver %s"),
903 cfg->securityDriverNames[i]);
904 return -1;
905 }
906 }
907 }
908
909 if (virConfGetValueBool(conf, "security_default_confined", &cfg->securityDefaultConfined) < 0)
910 return -1;
911 if (virConfGetValueBool(conf, "security_require_confined", &cfg->securityRequireConfined) < 0)
912 return -1;
913
914 if (virConfGetValueString(conf, "user", &user) < 0)
915 return -1;
916 if (user && virGetUserID(user, &cfg->user) < 0)
917 return -1;
918
919 if (virConfGetValueString(conf, "group", &group) < 0)
920 return -1;
921 if (group && virGetGroupID(group, &cfg->group) < 0)
922 return -1;
923
924 if (virConfGetValueBool(conf, "dynamic_ownership", &cfg->dynamicOwnership) < 0)
925 return -1;
926
927 if (virConfGetValueBool(conf, "remember_owner", &cfg->rememberOwner) < 0)
928 return -1;
929
930 if (virConfGetValueStringList(conf, "cgroup_controllers", false,
931 &controllers) < 0)
932 return -1;
933
934 if (controllers) {
935 cfg->cgroupControllers = 0;
936 for (i = 0; controllers[i] != NULL; i++) {
937 int ctl;
938 if ((ctl = virCgroupControllerTypeFromString(controllers[i])) < 0) {
939 virReportError(VIR_ERR_CONF_SYNTAX,
940 _("Unknown cgroup controller '%s'"),
941 controllers[i]);
942 return -1;
943 }
944 cfg->cgroupControllers |= (1 << ctl);
945 }
946 }
947
948 if (virConfGetValueStringList(conf, "cgroup_device_acl", false,
949 &cfg->cgroupDeviceACL) < 0)
950 return -1;
951
952 if (virConfGetValueInt(conf, "seccomp_sandbox", &cfg->seccompSandbox) < 0)
953 return -1;
954
955 if (virConfGetValueStringList(conf, "namespaces", false, &namespaces) < 0)
956 return -1;
957
958 if (namespaces) {
959 virBitmapClearAll(cfg->namespaces);
960
961 for (i = 0; namespaces[i]; i++) {
962 int ns = qemuDomainNamespaceTypeFromString(namespaces[i]);
963
964 if (ns < 0) {
965 virReportError(VIR_ERR_CONF_SYNTAX,
966 _("Unknown namespace: %s"),
967 namespaces[i]);
968 return -1;
969 }
970
971 if (!privileged) {
972 virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
973 _("cannot use namespaces in session mode"));
974 return -1;
975 }
976
977 if (!qemuDomainNamespaceAvailable(ns)) {
978 virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
979 _("%s namespace is not available"),
980 namespaces[i]);
981 return -1;
982 }
983
984 if (virBitmapSetBit(cfg->namespaces, ns) < 0) {
985 virReportError(VIR_ERR_INTERNAL_ERROR,
986 _("Unable to enable namespace: %s"),
987 namespaces[i]);
988 return -1;
989 }
990 }
991 }
992
993 return 0;
994 }
995
996
997 static int
virQEMUDriverConfigLoadMemoryEntry(virQEMUDriverConfig * cfg,virConf * conf)998 virQEMUDriverConfigLoadMemoryEntry(virQEMUDriverConfig *cfg,
999 virConf *conf)
1000 {
1001 g_autofree char *dir = NULL;
1002 int rc;
1003
1004 if ((rc = virConfGetValueString(conf, "memory_backing_dir", &dir)) < 0)
1005 return -1;
1006
1007 if (rc > 0) {
1008 VIR_FREE(cfg->memoryBackingDir);
1009 cfg->memoryBackingDir = g_strdup_printf("%s/libvirt/qemu", dir);
1010 }
1011
1012 return 0;
1013 }
1014
1015
1016 static int
virQEMUDriverConfigLoadSWTPMEntry(virQEMUDriverConfig * cfg,virConf * conf)1017 virQEMUDriverConfigLoadSWTPMEntry(virQEMUDriverConfig *cfg,
1018 virConf *conf)
1019 {
1020 g_autofree char *swtpm_user = NULL;
1021 g_autofree char *swtpm_group = NULL;
1022
1023 if (virConfGetValueString(conf, "swtpm_user", &swtpm_user) < 0)
1024 return -1;
1025 if (swtpm_user && virGetUserID(swtpm_user, &cfg->swtpm_user) < 0)
1026 return -1;
1027
1028 if (virConfGetValueString(conf, "swtpm_group", &swtpm_group) < 0)
1029 return -1;
1030 if (swtpm_group && virGetGroupID(swtpm_group, &cfg->swtpm_group) < 0)
1031 return -1;
1032
1033 return 0;
1034 }
1035
1036
1037 static int
virQEMUDriverConfigLoadCapsFiltersEntry(virQEMUDriverConfig * cfg,virConf * conf)1038 virQEMUDriverConfigLoadCapsFiltersEntry(virQEMUDriverConfig *cfg,
1039 virConf *conf)
1040 {
1041 if (virConfGetValueStringList(conf, "capability_filters", false,
1042 &cfg->capabilityfilters) < 0)
1043 return -1;
1044
1045 return 0;
1046 }
1047
1048
virQEMUDriverConfigLoadFile(virQEMUDriverConfig * cfg,const char * filename,bool privileged)1049 int virQEMUDriverConfigLoadFile(virQEMUDriverConfig *cfg,
1050 const char *filename,
1051 bool privileged)
1052 {
1053 g_autoptr(virConf) conf = NULL;
1054
1055 /* Just check the file is readable before opening it, otherwise
1056 * libvirt emits an error.
1057 */
1058 if (access(filename, R_OK) == -1) {
1059 VIR_INFO("Could not read qemu config file %s", filename);
1060 return 0;
1061 }
1062
1063 if (!(conf = virConfReadFile(filename, 0)))
1064 return -1;
1065
1066 if (virQEMUDriverConfigLoadDefaultTLSEntry(cfg, conf) < 0)
1067 return -1;
1068
1069 if (virQEMUDriverConfigLoadVNCEntry(cfg, conf) < 0)
1070 return -1;
1071
1072 if (virQEMUDriverConfigLoadNographicsEntry(cfg, conf) < 0)
1073 return -1;
1074
1075 if (virQEMUDriverConfigLoadSPICEEntry(cfg, conf) < 0)
1076 return -1;
1077
1078 if (virQEMUDriverConfigLoadSpecificTLSEntry(cfg, conf) < 0)
1079 return -1;
1080
1081 if (virQEMUDriverConfigLoadRemoteDisplayEntry(cfg, conf, filename) < 0)
1082 return -1;
1083
1084 if (virQEMUDriverConfigLoadSaveEntry(cfg, conf) < 0)
1085 return -1;
1086
1087 if (virQEMUDriverConfigLoadProcessEntry(cfg, conf) < 0)
1088 return -1;
1089
1090 if (virQEMUDriverConfigLoadDeviceEntry(cfg, conf) < 0)
1091 return -1;
1092
1093 if (virQEMUDriverConfigLoadRPCEntry(cfg, conf) < 0)
1094 return -1;
1095
1096 if (virQEMUDriverConfigLoadNetworkEntry(cfg, conf, filename) < 0)
1097 return -1;
1098
1099 if (virQEMUDriverConfigLoadLogEntry(cfg, conf) < 0)
1100 return -1;
1101
1102 if (virQEMUDriverConfigLoadNVRAMEntry(cfg, conf, privileged) < 0)
1103 return -1;
1104
1105 if (virQEMUDriverConfigLoadDebugEntry(cfg, conf) < 0)
1106 return -1;
1107
1108 if (virQEMUDriverConfigLoadSecurityEntry(cfg, conf, privileged) < 0)
1109 return -1;
1110
1111 if (virQEMUDriverConfigLoadMemoryEntry(cfg, conf) < 0)
1112 return -1;
1113
1114 if (virQEMUDriverConfigLoadSWTPMEntry(cfg, conf) < 0)
1115 return -1;
1116
1117 if (virQEMUDriverConfigLoadCapsFiltersEntry(cfg, conf) < 0)
1118 return -1;
1119
1120 return 0;
1121 }
1122
1123
1124 /**
1125 * @cfg: Recently read config values
1126 *
1127 * Validate the recently read configuration values.
1128 *
1129 * Returns 0 on success, -1 on failure
1130 */
1131 int
virQEMUDriverConfigValidate(virQEMUDriverConfig * cfg)1132 virQEMUDriverConfigValidate(virQEMUDriverConfig *cfg)
1133 {
1134 if (cfg->defaultTLSx509certdirPresent) {
1135 if (!virFileExists(cfg->defaultTLSx509certdir)) {
1136 virReportError(VIR_ERR_CONF_SYNTAX,
1137 _("default_tls_x509_cert_dir directory '%s' "
1138 "does not exist"),
1139 cfg->defaultTLSx509certdir);
1140 return -1;
1141 }
1142 }
1143
1144 if (cfg->vncTLSx509certdir &&
1145 !virFileExists(cfg->vncTLSx509certdir)) {
1146 virReportError(VIR_ERR_CONF_SYNTAX,
1147 _("vnc_tls_x509_cert_dir directory '%s' does not exist"),
1148 cfg->vncTLSx509certdir);
1149 return -1;
1150 }
1151
1152 if (cfg->spiceTLSx509certdir &&
1153 !virFileExists(cfg->spiceTLSx509certdir)) {
1154 virReportError(VIR_ERR_CONF_SYNTAX,
1155 _("spice_tls_x509_cert_dir directory '%s' does not exist"),
1156 cfg->spiceTLSx509certdir);
1157 return -1;
1158 }
1159
1160 if (cfg->chardevTLSx509certdir &&
1161 !virFileExists(cfg->chardevTLSx509certdir)) {
1162 virReportError(VIR_ERR_CONF_SYNTAX,
1163 _("chardev_tls_x509_cert_dir directory '%s' does not exist"),
1164 cfg->chardevTLSx509certdir);
1165 return -1;
1166 }
1167
1168 if (cfg->migrateTLSx509certdir &&
1169 !virFileExists(cfg->migrateTLSx509certdir)) {
1170 virReportError(VIR_ERR_CONF_SYNTAX,
1171 _("migrate_tls_x509_cert_dir directory '%s' does not exist"),
1172 cfg->migrateTLSx509certdir);
1173 return -1;
1174 }
1175
1176 if (cfg->backupTLSx509certdir &&
1177 !virFileExists(cfg->backupTLSx509certdir)) {
1178 virReportError(VIR_ERR_CONF_SYNTAX,
1179 _("backup_tls_x509_cert_dir directory '%s' does not exist"),
1180 cfg->backupTLSx509certdir);
1181 return -1;
1182 }
1183
1184 if (cfg->vxhsTLSx509certdir &&
1185 !virFileExists(cfg->vxhsTLSx509certdir)) {
1186 virReportError(VIR_ERR_CONF_SYNTAX,
1187 _("vxhs_tls_x509_cert_dir directory '%s' does not exist"),
1188 cfg->vxhsTLSx509certdir);
1189 return -1;
1190 }
1191
1192 if (cfg->nbdTLSx509certdir &&
1193 !virFileExists(cfg->nbdTLSx509certdir)) {
1194 virReportError(VIR_ERR_CONF_SYNTAX,
1195 _("nbd_tls_x509_cert_dir directory '%s' does not exist"),
1196 cfg->nbdTLSx509certdir);
1197 return -1;
1198 }
1199
1200 return 0;
1201 }
1202
1203
1204 int
virQEMUDriverConfigSetDefaults(virQEMUDriverConfig * cfg)1205 virQEMUDriverConfigSetDefaults(virQEMUDriverConfig *cfg)
1206 {
1207 #define SET_TLS_SECRET_UUID_DEFAULT(val) \
1208 do { \
1209 if (!cfg->val## TLSx509certdir && \
1210 !cfg->val## TLSx509secretUUID && \
1211 cfg->defaultTLSx509secretUUID) { \
1212 cfg->val## TLSx509secretUUID = g_strdup(cfg->defaultTLSx509secretUUID); \
1213 } \
1214 } while (0)
1215
1216 SET_TLS_SECRET_UUID_DEFAULT(vnc);
1217 SET_TLS_SECRET_UUID_DEFAULT(chardev);
1218 SET_TLS_SECRET_UUID_DEFAULT(migrate);
1219 SET_TLS_SECRET_UUID_DEFAULT(backup);
1220 SET_TLS_SECRET_UUID_DEFAULT(vxhs);
1221 SET_TLS_SECRET_UUID_DEFAULT(nbd);
1222
1223 #undef SET_TLS_SECRET_UUID_DEFAULT
1224
1225 /*
1226 * If a "SYSCONFDIR" + "pki/libvirt-<val>" exists, then assume someone
1227 * has created a val specific area to place service specific certificates.
1228 *
1229 * If the service specific directory doesn't exist, 'assume' that the
1230 * user has created and populated the "SYSCONFDIR" + "pki/libvirt-default".
1231 */
1232 #define SET_TLS_X509_CERT_DEFAULT(val) \
1233 do { \
1234 if (cfg->val ## TLSx509certdir) \
1235 break; \
1236 if (virFileExists(SYSCONFDIR "/pki/libvirt-"#val)) { \
1237 cfg->val ## TLSx509certdir = g_strdup(SYSCONFDIR "/pki/libvirt-"#val); \
1238 } else { \
1239 cfg->val ## TLSx509certdir = g_strdup(cfg->defaultTLSx509certdir); \
1240 } \
1241 } while (0)
1242
1243 SET_TLS_X509_CERT_DEFAULT(vnc);
1244 SET_TLS_X509_CERT_DEFAULT(spice);
1245 SET_TLS_X509_CERT_DEFAULT(chardev);
1246 SET_TLS_X509_CERT_DEFAULT(migrate);
1247 SET_TLS_X509_CERT_DEFAULT(backup);
1248 SET_TLS_X509_CERT_DEFAULT(vxhs);
1249 SET_TLS_X509_CERT_DEFAULT(nbd);
1250
1251 #undef SET_TLS_X509_CERT_DEFAULT
1252
1253 #define SET_TLS_VERIFY_DEFAULT(val, defaultverify) \
1254 do { \
1255 if (!cfg->val## TLSx509verifyPresent) {\
1256 if (cfg->defaultTLSx509verifyPresent) \
1257 cfg->val## TLSx509verify = cfg->defaultTLSx509verify; \
1258 else \
1259 cfg->val## TLSx509verify = defaultverify;\
1260 }\
1261 } while (0)
1262
1263 SET_TLS_VERIFY_DEFAULT(vnc, false);
1264 SET_TLS_VERIFY_DEFAULT(chardev, true);
1265 SET_TLS_VERIFY_DEFAULT(migrate, true);
1266 SET_TLS_VERIFY_DEFAULT(backup, true);
1267
1268 #undef SET_TLS_VERIFY_DEFAULT
1269
1270 return 0;
1271 }
1272
1273
virQEMUDriverGetConfig(virQEMUDriver * driver)1274 virQEMUDriverConfig *virQEMUDriverGetConfig(virQEMUDriver *driver)
1275 {
1276 virQEMUDriverConfig *conf;
1277 qemuDriverLock(driver);
1278 conf = virObjectRef(driver->config);
1279 qemuDriverUnlock(driver);
1280 return conf;
1281 }
1282
1283 virDomainXMLOption *
virQEMUDriverCreateXMLConf(virQEMUDriver * driver,const char * defsecmodel)1284 virQEMUDriverCreateXMLConf(virQEMUDriver *driver,
1285 const char *defsecmodel)
1286 {
1287 virQEMUDriverDomainDefParserConfig.priv = driver;
1288 virQEMUDriverDomainDefParserConfig.defSecModel = defsecmodel;
1289 return virDomainXMLOptionNew(&virQEMUDriverDomainDefParserConfig,
1290 &virQEMUDriverPrivateDataCallbacks,
1291 &virQEMUDriverDomainXMLNamespace,
1292 &virQEMUDriverDomainABIStability,
1293 &virQEMUDriverDomainSaveCookie);
1294 }
1295
1296
1297 virCPUDef *
virQEMUDriverGetHostCPU(virQEMUDriver * driver)1298 virQEMUDriverGetHostCPU(virQEMUDriver *driver)
1299 {
1300 virCPUDef *hostcpu;
1301
1302 qemuDriverLock(driver);
1303
1304 if (!driver->hostcpu)
1305 driver->hostcpu = virCPUProbeHost(virArchFromHost());
1306
1307 hostcpu = driver->hostcpu;
1308
1309 qemuDriverUnlock(driver);
1310
1311 if (hostcpu)
1312 virCPUDefRef(hostcpu);
1313
1314 return hostcpu;
1315 }
1316
1317
virQEMUDriverCreateCapabilities(virQEMUDriver * driver)1318 virCaps *virQEMUDriverCreateCapabilities(virQEMUDriver *driver)
1319 {
1320 size_t i, j;
1321 g_autoptr(virCaps) caps = NULL;
1322 g_autofree virSecurityManager **sec_managers = NULL;
1323 /* Security driver data */
1324 const char *doi, *model, *lbl, *type;
1325 const int virtTypes[] = {VIR_DOMAIN_VIRT_KVM,
1326 VIR_DOMAIN_VIRT_QEMU,};
1327
1328 /* Basic host arch / guest machine capabilities */
1329 if (!(caps = virQEMUCapsInit(driver->qemuCapsCache)))
1330 return NULL;
1331
1332 if (virGetHostUUID(caps->host.host_uuid)) {
1333 virReportError(VIR_ERR_INTERNAL_ERROR,
1334 "%s", _("cannot get the host uuid"));
1335 return NULL;
1336 }
1337
1338 /* access sec drivers and create a sec model for each one */
1339 if (!(sec_managers = qemuSecurityGetNested(driver->securityManager)))
1340 return NULL;
1341
1342 /* calculate length */
1343 for (i = 0; sec_managers[i]; i++)
1344 ;
1345 caps->host.nsecModels = i;
1346
1347 caps->host.secModels = g_new0(virCapsHostSecModel, caps->host.nsecModels);
1348
1349 for (i = 0; sec_managers[i]; i++) {
1350 virCapsHostSecModel *sm = &caps->host.secModels[i];
1351 doi = qemuSecurityGetDOI(sec_managers[i]);
1352 model = qemuSecurityGetModel(sec_managers[i]);
1353 sm->model = g_strdup(model);
1354 sm->doi = g_strdup(doi);
1355
1356 for (j = 0; j < G_N_ELEMENTS(virtTypes); j++) {
1357 lbl = qemuSecurityGetBaseLabel(sec_managers[i], virtTypes[j]);
1358 type = virDomainVirtTypeToString(virtTypes[j]);
1359 if (lbl &&
1360 virCapabilitiesHostSecModelAddBaseLabel(sm, type, lbl) < 0)
1361 return NULL;
1362 }
1363
1364 VIR_DEBUG("Initialized caps for security driver \"%s\" with "
1365 "DOI \"%s\"", model, doi);
1366 }
1367
1368 caps->host.numa = virCapabilitiesHostNUMANewHost();
1369 caps->host.cpu = virQEMUDriverGetHostCPU(driver);
1370 return g_steal_pointer(&caps);
1371 }
1372
1373
1374 /**
1375 * virQEMUDriverGetCapabilities:
1376 *
1377 * Get a reference to the virCaps *instance for the
1378 * driver. If @refresh is true, the capabilities will be
1379 * rebuilt first
1380 *
1381 * The caller must release the reference with virObjectUnref
1382 *
1383 * Returns: a reference to a virCaps *instance or NULL
1384 */
virQEMUDriverGetCapabilities(virQEMUDriver * driver,bool refresh)1385 virCaps *virQEMUDriverGetCapabilities(virQEMUDriver *driver,
1386 bool refresh)
1387 {
1388 virCaps *ret = NULL;
1389 if (refresh) {
1390 virCaps *caps = NULL;
1391 if ((caps = virQEMUDriverCreateCapabilities(driver)) == NULL)
1392 return NULL;
1393
1394 qemuDriverLock(driver);
1395 virObjectUnref(driver->caps);
1396 driver->caps = caps;
1397 } else {
1398 qemuDriverLock(driver);
1399
1400 if (driver->caps == NULL ||
1401 driver->caps->nguests == 0) {
1402 VIR_DEBUG("Capabilities didn't detect any guests. Forcing a "
1403 "refresh.");
1404 qemuDriverUnlock(driver);
1405 return virQEMUDriverGetCapabilities(driver, true);
1406 }
1407 }
1408
1409 ret = virObjectRef(driver->caps);
1410 qemuDriverUnlock(driver);
1411 return ret;
1412 }
1413
1414
1415 /**
1416 * virQEMUDriverGetDomainCapabilities:
1417 *
1418 * Get a reference to the virDomainCaps *instance. The caller
1419 * must release the reference with virObjetUnref().
1420 *
1421 * Returns: a reference to a virDomainCaps *instance or NULL
1422 */
1423 virDomainCaps *
virQEMUDriverGetDomainCapabilities(virQEMUDriver * driver,virQEMUCaps * qemuCaps,const char * machine,virArch arch,virDomainVirtType virttype)1424 virQEMUDriverGetDomainCapabilities(virQEMUDriver *driver,
1425 virQEMUCaps *qemuCaps,
1426 const char *machine,
1427 virArch arch,
1428 virDomainVirtType virttype)
1429 {
1430 g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
1431 g_autoptr(virDomainCaps) domCaps = NULL;
1432 const char *path = virQEMUCapsGetBinary(qemuCaps);
1433
1434 if (!(domCaps = virDomainCapsNew(path, machine, arch, virttype)))
1435 return NULL;
1436
1437 if (virQEMUCapsFillDomainCaps(qemuCaps, driver->hostarch,
1438 domCaps, driver->privileged,
1439 cfg->firmwares,
1440 cfg->nfirmwares) < 0)
1441 return NULL;
1442
1443 return g_steal_pointer(&domCaps);
1444 }
1445
1446
1447 struct _qemuSharedDeviceEntry {
1448 size_t ref;
1449 char **domains; /* array of domain names */
1450 };
1451
1452 /* Construct the hash key for sharedDevices as "major:minor" */
1453 char *
qemuGetSharedDeviceKey(const char * device_path)1454 qemuGetSharedDeviceKey(const char *device_path)
1455 {
1456 int maj, min;
1457 int rc;
1458
1459 if ((rc = virGetDeviceID(device_path, &maj, &min)) < 0) {
1460 virReportSystemError(-rc,
1461 _("Unable to get minor number of device '%s'"),
1462 device_path);
1463 return NULL;
1464 }
1465
1466 return g_strdup_printf("%d:%d", maj, min);
1467 }
1468
1469 /*
1470 * Make necessary checks for the need to check and for the current setting
1471 * of the 'unpriv_sgio' value for the device_path passed.
1472 *
1473 * Returns:
1474 * 0 - Success
1475 * -1 - Some failure which would already have been messaged
1476 * -2 - Mismatch with the "shared" sgio setting - needs to be messaged
1477 * by caller since it has context of which type of disk resource is
1478 * being used and in the future the hostdev information.
1479 */
1480 static int
qemuCheckUnprivSGIO(GHashTable * sharedDevices,const char * device_path,int sgio)1481 qemuCheckUnprivSGIO(GHashTable *sharedDevices,
1482 const char *device_path,
1483 int sgio)
1484 {
1485 g_autofree char *sysfs_path = NULL;
1486 g_autofree char *key = NULL;
1487 int val;
1488
1489 if (!(sysfs_path = virGetUnprivSGIOSysfsPath(device_path, NULL)))
1490 return -1;
1491
1492 /* It can't be conflict if unpriv_sgio is not supported by kernel. */
1493 if (!virFileExists(sysfs_path))
1494 return 0;
1495
1496 if (!(key = qemuGetSharedDeviceKey(device_path)))
1497 return -1;
1498
1499 /* It can't be conflict if no other domain is sharing it. */
1500 if (!(virHashLookup(sharedDevices, key)))
1501 return 0;
1502
1503 if (virGetDeviceUnprivSGIO(device_path, NULL, &val) < 0)
1504 return -1;
1505
1506 /* Error message on failure needs to be handled in caller
1507 * since there is more specific knowledge of device
1508 */
1509 if (!((val == 0 &&
1510 (sgio == VIR_DOMAIN_DEVICE_SGIO_FILTERED ||
1511 sgio == VIR_DOMAIN_DEVICE_SGIO_DEFAULT)) ||
1512 (val == 1 &&
1513 sgio == VIR_DOMAIN_DEVICE_SGIO_UNFILTERED))) {
1514 return -2;
1515 }
1516
1517 return 0;
1518 }
1519
1520
1521 /* Check if a shared device's setting conflicts with the conf
1522 * used by other domain(s). Currently only checks the sgio
1523 * setting. Note that this should only be called for disk with
1524 * block source if the device type is disk.
1525 *
1526 * Returns 0 if no conflicts, otherwise returns -1.
1527 */
1528 static int
qemuCheckSharedDisk(GHashTable * sharedDevices,virDomainDiskDef * disk)1529 qemuCheckSharedDisk(GHashTable *sharedDevices,
1530 virDomainDiskDef *disk)
1531 {
1532 int ret;
1533
1534 if (disk->device != VIR_DOMAIN_DISK_DEVICE_LUN)
1535 return 0;
1536
1537 if ((ret = qemuCheckUnprivSGIO(sharedDevices, disk->src->path,
1538 disk->sgio)) < 0) {
1539 if (ret == -2) {
1540 if (virDomainDiskGetType(disk) == VIR_STORAGE_TYPE_VOLUME) {
1541 virReportError(VIR_ERR_OPERATION_INVALID,
1542 _("sgio of shared disk 'pool=%s' 'volume=%s' "
1543 "conflicts with other active domains"),
1544 disk->src->srcpool->pool,
1545 disk->src->srcpool->volume);
1546 } else {
1547 virReportError(VIR_ERR_OPERATION_INVALID,
1548 _("sgio of shared disk '%s' conflicts with "
1549 "other active domains"),
1550 disk->src->path);
1551 }
1552 }
1553 return -1;
1554 }
1555
1556 return 0;
1557 }
1558
1559
1560 bool
qemuSharedDeviceEntryDomainExists(qemuSharedDeviceEntry * entry,const char * name,int * idx)1561 qemuSharedDeviceEntryDomainExists(qemuSharedDeviceEntry *entry,
1562 const char *name,
1563 int *idx)
1564 {
1565 size_t i;
1566
1567 for (i = 0; i < entry->ref; i++) {
1568 if (STREQ(entry->domains[i], name)) {
1569 if (idx)
1570 *idx = i;
1571 return true;
1572 }
1573 }
1574
1575 return false;
1576 }
1577
1578 void
qemuSharedDeviceEntryFree(void * payload)1579 qemuSharedDeviceEntryFree(void *payload)
1580 {
1581 qemuSharedDeviceEntry *entry = payload;
1582 size_t i;
1583
1584 if (!entry)
1585 return;
1586
1587 for (i = 0; i < entry->ref; i++)
1588 g_free(entry->domains[i]);
1589 g_free(entry->domains);
1590 g_free(entry);
1591 }
1592
1593
1594 static int
qemuSharedDeviceEntryInsert(virQEMUDriver * driver,const char * key,const char * name)1595 qemuSharedDeviceEntryInsert(virQEMUDriver *driver,
1596 const char *key,
1597 const char *name)
1598 {
1599 qemuSharedDeviceEntry *entry = NULL;
1600
1601 if ((entry = virHashLookup(driver->sharedDevices, key))) {
1602 /* Nothing to do if the shared scsi host device is already
1603 * recorded in the table.
1604 */
1605 if (!qemuSharedDeviceEntryDomainExists(entry, name, NULL)) {
1606 VIR_EXPAND_N(entry->domains, entry->ref, 1);
1607 entry->domains[entry->ref - 1] = g_strdup(name);
1608 }
1609 } else {
1610 entry = g_new0(qemuSharedDeviceEntry, 1);
1611 entry->domains = g_new0(char *, 1);
1612
1613 entry->domains[0] = g_strdup(name);
1614
1615 entry->ref = 1;
1616
1617 if (virHashAddEntry(driver->sharedDevices, key, entry) < 0)
1618 goto error;
1619 }
1620
1621 return 0;
1622
1623 error:
1624 qemuSharedDeviceEntryFree(entry);
1625 return -1;
1626 }
1627
1628
1629 static int
qemuSharedDeviceEntryRemove(virQEMUDriver * driver,const char * key,const char * name)1630 qemuSharedDeviceEntryRemove(virQEMUDriver *driver,
1631 const char *key,
1632 const char *name)
1633 {
1634 qemuSharedDeviceEntry *entry = NULL;
1635 int idx;
1636
1637 if (!(entry = virHashLookup(driver->sharedDevices, key)))
1638 return -1;
1639
1640 /* Nothing to do if the shared disk is not recorded in the table. */
1641 if (!qemuSharedDeviceEntryDomainExists(entry, name, &idx))
1642 return 0;
1643
1644 if (entry->ref != 1) {
1645 VIR_FREE(entry->domains[idx]);
1646 VIR_DELETE_ELEMENT(entry->domains, idx, entry->ref);
1647 } else {
1648 ignore_value(virHashRemoveEntry(driver->sharedDevices, key));
1649 }
1650
1651 return 0;
1652 }
1653
1654
1655 static int
qemuSharedDiskAddRemoveInternal(virQEMUDriver * driver,virDomainDiskDef * disk,const char * name,bool addDisk)1656 qemuSharedDiskAddRemoveInternal(virQEMUDriver *driver,
1657 virDomainDiskDef *disk,
1658 const char *name,
1659 bool addDisk)
1660 {
1661 g_autofree char *key = NULL;
1662 int ret = -1;
1663
1664 if (virStorageSourceIsEmpty(disk->src) ||
1665 !disk->src->shared ||
1666 !virStorageSourceIsBlockLocal(disk->src))
1667 return 0;
1668
1669 qemuDriverLock(driver);
1670
1671 if (!(key = qemuGetSharedDeviceKey(virDomainDiskGetSource(disk))))
1672 goto cleanup;
1673
1674 if (addDisk) {
1675 if (qemuCheckSharedDisk(driver->sharedDevices, disk) < 0)
1676 goto cleanup;
1677
1678 if (qemuSharedDeviceEntryInsert(driver, key, name) < 0)
1679 goto cleanup;
1680 } else {
1681 if (qemuSharedDeviceEntryRemove(driver, key, name) < 0)
1682 goto cleanup;
1683 }
1684
1685 ret = 0;
1686 cleanup:
1687 qemuDriverUnlock(driver);
1688 return ret;
1689 }
1690
1691
1692 /* qemuAddSharedDisk:
1693 * @driver: Pointer to qemu driver struct
1694 * @src: disk source
1695 * @name: The domain name
1696 *
1697 * Increase ref count and add the domain name into the list which
1698 * records all the domains that use the shared device if the entry
1699 * already exists, otherwise add a new entry.
1700 */
1701 int
qemuAddSharedDisk(virQEMUDriver * driver,virDomainDiskDef * disk,const char * name)1702 qemuAddSharedDisk(virQEMUDriver *driver,
1703 virDomainDiskDef *disk,
1704 const char *name)
1705 {
1706 return qemuSharedDiskAddRemoveInternal(driver, disk, name, true);
1707 }
1708
1709
1710 static bool
qemuIsSharedHostdev(virDomainHostdevDef * hostdev)1711 qemuIsSharedHostdev(virDomainHostdevDef *hostdev)
1712 {
1713 return (hostdev->shareable &&
1714 (virHostdevIsSCSIDevice(hostdev) &&
1715 hostdev->source.subsys.u.scsi.protocol !=
1716 VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI));
1717 }
1718
1719
1720 static char *
qemuGetHostdevPath(virDomainHostdevDef * hostdev)1721 qemuGetHostdevPath(virDomainHostdevDef *hostdev)
1722 {
1723 virDomainHostdevSubsysSCSI *scsisrc = &hostdev->source.subsys.u.scsi;
1724 virDomainHostdevSubsysSCSIHost *scsihostsrc = &scsisrc->u.host;
1725 g_autofree char *dev_name = NULL;
1726
1727 if (!(dev_name = virSCSIDeviceGetDevName(NULL,
1728 scsihostsrc->adapter,
1729 scsihostsrc->bus,
1730 scsihostsrc->target,
1731 scsihostsrc->unit)))
1732 return NULL;
1733
1734 return g_strdup_printf("/dev/%s", dev_name);
1735 }
1736
1737
1738 static int
qemuSharedHostdevAddRemoveInternal(virQEMUDriver * driver,virDomainHostdevDef * hostdev,const char * name,bool addDevice)1739 qemuSharedHostdevAddRemoveInternal(virQEMUDriver *driver,
1740 virDomainHostdevDef *hostdev,
1741 const char *name,
1742 bool addDevice)
1743 {
1744 g_autofree char *dev_path = NULL;
1745 g_autofree char *key = NULL;
1746 int ret = -1;
1747
1748 if (!qemuIsSharedHostdev(hostdev))
1749 return 0;
1750
1751 if (!(dev_path = qemuGetHostdevPath(hostdev)) ||
1752 !(key = qemuGetSharedDeviceKey(dev_path)))
1753 return -1;
1754
1755 qemuDriverLock(driver);
1756
1757 if (addDevice)
1758 ret = qemuSharedDeviceEntryInsert(driver, key, name);
1759 else
1760 ret = qemuSharedDeviceEntryRemove(driver, key, name);
1761
1762 qemuDriverUnlock(driver);
1763
1764 return ret;
1765 }
1766
1767 static int
qemuSharedDeviceAddRemoveInternal(virQEMUDriver * driver,virDomainDeviceDef * dev,const char * name,bool addDevice)1768 qemuSharedDeviceAddRemoveInternal(virQEMUDriver *driver,
1769 virDomainDeviceDef *dev,
1770 const char *name,
1771 bool addDevice)
1772 {
1773 /* Currently the only conflicts we have to care about for
1774 * the shared disk and shared host device is "sgio" setting,
1775 * which is only valid for block disk and scsi host device.
1776 */
1777 if (dev->type == VIR_DOMAIN_DEVICE_DISK)
1778 return qemuSharedDiskAddRemoveInternal(driver, dev->data.disk,
1779 name, addDevice);
1780 if (dev->type == VIR_DOMAIN_DEVICE_HOSTDEV)
1781 return qemuSharedHostdevAddRemoveInternal(driver, dev->data.hostdev,
1782 name, addDevice);
1783 return 0;
1784 }
1785
1786
1787 /* qemuAddSharedDevice:
1788 * @driver: Pointer to qemu driver struct
1789 * @dev: The device def
1790 * @name: The domain name
1791 *
1792 * Increase ref count and add the domain name into the list which
1793 * records all the domains that use the shared device if the entry
1794 * already exists, otherwise add a new entry.
1795 */
1796 int
qemuAddSharedDevice(virQEMUDriver * driver,virDomainDeviceDef * dev,const char * name)1797 qemuAddSharedDevice(virQEMUDriver *driver,
1798 virDomainDeviceDef *dev,
1799 const char *name)
1800 {
1801 return qemuSharedDeviceAddRemoveInternal(driver, dev, name, true);
1802 }
1803
1804
1805 int
qemuRemoveSharedDisk(virQEMUDriver * driver,virDomainDiskDef * disk,const char * name)1806 qemuRemoveSharedDisk(virQEMUDriver *driver,
1807 virDomainDiskDef *disk,
1808 const char *name)
1809 {
1810 return qemuSharedDiskAddRemoveInternal(driver, disk, name, false);
1811 }
1812
1813
1814 /* qemuRemoveSharedDevice:
1815 * @driver: Pointer to qemu driver struct
1816 * @device: The device def
1817 * @name: The domain name
1818 *
1819 * Decrease ref count and remove the domain name from the list which
1820 * records all the domains that use the shared device if ref is not
1821 * 1, otherwise remove the entry.
1822 */
1823 int
qemuRemoveSharedDevice(virQEMUDriver * driver,virDomainDeviceDef * dev,const char * name)1824 qemuRemoveSharedDevice(virQEMUDriver *driver,
1825 virDomainDeviceDef *dev,
1826 const char *name)
1827 {
1828 return qemuSharedDeviceAddRemoveInternal(driver, dev, name, false);
1829 }
1830
1831
1832 int
qemuSetUnprivSGIO(virDomainDeviceDef * dev)1833 qemuSetUnprivSGIO(virDomainDeviceDef *dev)
1834 {
1835 virDomainDiskDef *disk = NULL;
1836 virDomainHostdevDef *hostdev = NULL;
1837 g_autofree char *sysfs_path = NULL;
1838 const char *path = NULL;
1839 int val = -1;
1840
1841 /* "sgio" is only valid for block disk; cdrom
1842 * and floopy disk can have empty source.
1843 */
1844 if (dev->type == VIR_DOMAIN_DEVICE_DISK) {
1845 disk = dev->data.disk;
1846
1847 if (disk->device != VIR_DOMAIN_DISK_DEVICE_LUN ||
1848 !virStorageSourceIsBlockLocal(disk->src))
1849 return 0;
1850
1851 path = virDomainDiskGetSource(disk);
1852 } else if (dev->type == VIR_DOMAIN_DEVICE_HOSTDEV) {
1853 hostdev = dev->data.hostdev;
1854
1855 if (!qemuIsSharedHostdev(hostdev))
1856 return 0;
1857
1858 if (hostdev->source.subsys.u.scsi.sgio) {
1859 virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
1860 _("'sgio' is not supported for SCSI "
1861 "generic device yet "));
1862 return -1;
1863 }
1864
1865 return 0;
1866 } else {
1867 return 0;
1868 }
1869
1870 if (!(sysfs_path = virGetUnprivSGIOSysfsPath(path, NULL)))
1871 return -1;
1872
1873 /* By default, filter the SG_IO commands, i.e. set unpriv_sgio to 0. */
1874 val = (disk->sgio == VIR_DOMAIN_DEVICE_SGIO_UNFILTERED);
1875
1876 /* Do not do anything if unpriv_sgio is not supported by the kernel and the
1877 * whitelist is enabled. But if requesting unfiltered access, always call
1878 * virSetDeviceUnprivSGIO, to report an error for unsupported unpriv_sgio.
1879 */
1880 if (virFileExists(sysfs_path) || val == 1) {
1881 int curr_val;
1882
1883 if (virGetDeviceUnprivSGIO(path, NULL, &curr_val) < 0)
1884 return -1;
1885
1886 if (curr_val != val &&
1887 virSetDeviceUnprivSGIO(path, NULL, val) < 0) {
1888 return -1;
1889 }
1890 }
1891
1892 return 0;
1893 }
1894
qemuDriverAllocateID(virQEMUDriver * driver)1895 int qemuDriverAllocateID(virQEMUDriver *driver)
1896 {
1897 return g_atomic_int_add(&driver->lastvmid, 1) + 1;
1898 }
1899
1900
1901 int
qemuTranslateSnapshotDiskSourcePool(virDomainSnapshotDiskDef * def)1902 qemuTranslateSnapshotDiskSourcePool(virDomainSnapshotDiskDef *def)
1903 {
1904 if (def->src->type != VIR_STORAGE_TYPE_VOLUME)
1905 return 0;
1906
1907 virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
1908 _("Snapshots are not yet supported with 'pool' volumes"));
1909 return -1;
1910 }
1911
1912 char *
qemuGetBaseHugepagePath(virQEMUDriver * driver,virHugeTLBFS * hugepage)1913 qemuGetBaseHugepagePath(virQEMUDriver *driver,
1914 virHugeTLBFS *hugepage)
1915 {
1916 const char *root = driver->embeddedRoot;
1917
1918 if (root && !STRPREFIX(hugepage->mnt_dir, root)) {
1919 g_autofree char * hash = virDomainDriverGenerateRootHash("qemu", root);
1920 return g_strdup_printf("%s/libvirt/%s", hugepage->mnt_dir, hash);
1921 }
1922
1923 return g_strdup_printf("%s/libvirt/qemu", hugepage->mnt_dir);
1924 }
1925
1926
1927 char *
qemuGetDomainHugepagePath(virQEMUDriver * driver,const virDomainDef * def,virHugeTLBFS * hugepage)1928 qemuGetDomainHugepagePath(virQEMUDriver *driver,
1929 const virDomainDef *def,
1930 virHugeTLBFS *hugepage)
1931 {
1932 g_autofree char *base = qemuGetBaseHugepagePath(driver, hugepage);
1933 g_autofree char *domPath = virDomainDefGetShortName(def);
1934
1935 if (!base || !domPath)
1936 return NULL;
1937
1938 return g_strdup_printf("%s/%s", base, domPath);
1939 }
1940
1941
1942 /**
1943 * qemuGetDomainHupageMemPath: Construct HP enabled memory backend path
1944 *
1945 * The resulting path is stored at @memPath.
1946 *
1947 * Returns 0 on success,
1948 * -1 otherwise.
1949 */
1950 int
qemuGetDomainHupageMemPath(virQEMUDriver * driver,const virDomainDef * def,unsigned long long pagesize,char ** memPath)1951 qemuGetDomainHupageMemPath(virQEMUDriver *driver,
1952 const virDomainDef *def,
1953 unsigned long long pagesize,
1954 char **memPath)
1955 {
1956 g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
1957 size_t i = 0;
1958
1959 if (!cfg->nhugetlbfs) {
1960 virReportError(VIR_ERR_INTERNAL_ERROR,
1961 "%s", _("hugetlbfs filesystem is not mounted "
1962 "or disabled by administrator config"));
1963 return -1;
1964 }
1965
1966 for (i = 0; i < cfg->nhugetlbfs; i++) {
1967 if (cfg->hugetlbfs[i].size == pagesize)
1968 break;
1969 }
1970
1971 if (i == cfg->nhugetlbfs) {
1972 virReportError(VIR_ERR_INTERNAL_ERROR,
1973 _("Unable to find any usable hugetlbfs "
1974 "mount for %llu KiB"),
1975 pagesize);
1976 return -1;
1977 }
1978
1979 if (!(*memPath = qemuGetDomainHugepagePath(driver, def, &cfg->hugetlbfs[i])))
1980 return -1;
1981
1982 return 0;
1983 }
1984
1985
1986 int
qemuGetMemoryBackingDomainPath(virQEMUDriver * driver,const virDomainDef * def,char ** path)1987 qemuGetMemoryBackingDomainPath(virQEMUDriver *driver,
1988 const virDomainDef *def,
1989 char **path)
1990 {
1991 g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
1992 const char *root = driver->embeddedRoot;
1993 g_autofree char *shortName = NULL;
1994
1995 if (!(shortName = virDomainDefGetShortName(def)))
1996 return -1;
1997
1998 if (root && !STRPREFIX(cfg->memoryBackingDir, root)) {
1999 g_autofree char * hash = virDomainDriverGenerateRootHash("qemu", root);
2000 *path = g_strdup_printf("%s/%s-%s", cfg->memoryBackingDir, hash, shortName);
2001 } else {
2002 *path = g_strdup_printf("%s/%s", cfg->memoryBackingDir, shortName);
2003 }
2004
2005 return 0;
2006 }
2007
2008
2009 /**
2010 * qemuGetMemoryBackingPath:
2011 * @driver: the qemu driver
2012 * @def: domain definition
2013 * @alias: memory object alias
2014 * @memPath: constructed path
2015 *
2016 * Constructs path to memory backing dir and stores it at @memPath.
2017 *
2018 * Returns: 0 on success,
2019 * -1 otherwise (with error reported).
2020 */
2021 int
qemuGetMemoryBackingPath(virQEMUDriver * driver,const virDomainDef * def,const char * alias,char ** memPath)2022 qemuGetMemoryBackingPath(virQEMUDriver *driver,
2023 const virDomainDef *def,
2024 const char *alias,
2025 char **memPath)
2026 {
2027 g_autofree char *domainPath = NULL;
2028
2029 if (!alias) {
2030 /* This should never happen (TM) */
2031 virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
2032 _("memory device alias is not assigned"));
2033 return -1;
2034 }
2035
2036 if (qemuGetMemoryBackingDomainPath(driver, def, &domainPath) < 0)
2037 return -1;
2038
2039 *memPath = g_strdup_printf("%s/%s", domainPath, alias);
2040 return 0;
2041 }
2042