Peter Krempa [Wed, 6 Jan 2021 16:19:03 +0000 (17:19 +0100)]
schema: secret: Relax requirements for usage name
There's plenty of existing documentation [1] which shows as example a
name which contains a space and a dot ('client.admin secret') as ceph
usage name.
Use a more relaxed type in the RNG schema since the usage name is
actually just a string used to look up the secret.
[1]:
https://docs.ceph.com/en/latest/rbd/libvirt/#configuring-the-vm
https://documentation.suse.com/ses/6/html/ses-all/cha-ceph-libvirt.html#ceph-libvirt-cfg-vm
Libvirt docs were correct though:
https://libvirt.org/formatsecret.html#CephUsageType
Peter Krempa [Wed, 6 Jan 2021 15:51:21 +0000 (16:51 +0100)]
schema: Add define for object names
Objects such as domain, pool, etc re-define the regex for the format.
Add more generic types for objects with/without a slash which we'll be
able to reuse also for other objects.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 6 Jan 2021 16:12:03 +0000 (17:12 +0100)]
schema: domaincommon: Remove pointless 'choice' from 'inituser'/'initgroup'
'genericName' allows arbitrary numeric strings so using an explicit
'unsignedInt' choice is pointless. The elements take an username or a
uid which is prefixed by '+', both of which are covered by
'genericName'.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Thu, 7 Jan 2021 09:19:22 +0000 (10:19 +0100)]
qemuDomainSetBlockIoTune: Skip monitor call for empty cdrom
Similarly to startup of the VM qemu doesn't like setting throttling for
an empty drive. Just skip it since we do the correct thing once new
media is inserted.
Resolves: https://gitlab.com/libvirt/libvirt/-/issues/117 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com> Tested-by: Han Han <hhan@redhat.com>
Peter Krempa [Mon, 30 Nov 2020 13:14:22 +0000 (14:14 +0100)]
qemuBuildChrChardevStr: Rename 'flags' to 'cdevflags'
The monitor code uses 'flags' for the flags of the monitor builder,
while in this function it's a different set of flags. All callers pass a
variable named 'cdevflags', so rename the argument to suit.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Peter Krempa [Mon, 30 Nov 2020 15:23:55 +0000 (16:23 +0100)]
qemuMonitorAddObject: Refactor cleanup
Remove freeing/clearing of @props as the function doesn't guarantee that
it happens on success, rename the variable hodling copy of the alias and
use g_autofree to automatically free it and remove the cleanup label as
well as 'ret' variable.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Peter Krempa [Mon, 30 Nov 2020 15:21:18 +0000 (16:21 +0100)]
qemuMonitorAddObject: Fix semantics of @alias
The callers of qemuMonitorAddObject rely on the fact that @alias is
filled only when the object is added successfully. This is documented
but the code didn't behave like that.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Peter Krempa [Mon, 30 Nov 2020 14:34:56 +0000 (15:34 +0100)]
qemuMonitorJSONMakeCommandInternal: Clear @arguments when stolen
All callers of qemuMonitorJSONMakeCommandInternal will benefit from
making @arguments a double pointer and passing it to
virJSONValueObjectCreate directly which will clear it if it steals the
value.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Erik Skultety [Thu, 7 Jan 2021 15:53:21 +0000 (16:53 +0100)]
hostdev: mdev: Lookup mdevs by sysfs path rather than mdev struct
The lookup didn't do anything apart from comparing the sysfs paths
anyway since that's what makes each mdev unique.
The most ridiculous usage of the old logic was in
virHostdevReAttachMediatedDevices where in order to drop an mdev
hostdev from the list of active devices we first had to create a new
mdev and use it in the lookup call. Why couldn't we have used the
hostdev directly? Because the hostdev and mdev structures are
incompatible.
The way mdevs are currently removed is via a write to a specific sysfs
attribute. If you do it while the machine which has the mdev assigned
is running, the write call may block (with a new enough kernel, with
older kernels it would return a write error!) until the device
is no longer in use which is when the QEMU process exits.
The interesting part here comes afterwards when we're cleaning up and
call virHostdevReAttachMediatedDevices. The domain doesn't exist
anymore, so the list of active hostdevs needs to be updated and the
respective hostdevs removed from the list, but remember we had to
create an mdev object in the memory in order to find it in the list
first which will fail because the write to sysfs had already removed
the mdev instance from the host system.
And so the next time you try to start the same domain you'll get:
"Requested operation is not valid: mediated device <path> is in use by
driver QEMU, domain <name>"
Fixes: https://gitlab.com/libvirt/libvirt/-/issues/119 Signed-off-by: Erik Skultety <eskultet@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Erik Skultety [Thu, 7 Jan 2021 15:48:40 +0000 (16:48 +0100)]
hostdev: Update mdev pointer reference after checking device type
We set the pointer to some garbage packed structure data without
knowing whether we were actually handling the type of device we
expected to be handling. On its own, this was harmless, because we'd
never use the pointer as we'd skip the device if it were not the
expected type. However, it's better to make the logic even more
explicit - we first check the device and only when we're sure we have
the expected type we then update the pointer shortcut.
Signed-off-by: Erik Skultety <eskultet@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Laine Stump [Wed, 6 Jan 2021 20:42:47 +0000 (15:42 -0500)]
util: validate pcie_cap_pos != 0 in virDeviceHasPCIExpressLink()
virDeviceHasPCIExpressLink() wasn't checking that pcie_cap_pos was
valid before attempting to use it, which could lead to reading the
byte at offset 0 + PCI_CAP_ID_EXP instead of [valid offset] +
PCI_CAP_ID_EXP. In particular, this could happen for "integrated" PCI
devices (those that are on the PCIe root complex). If it happened that
the byte from the wrong address had the "right" bit set, then it would
lead to us innappropriately believing that Express Link info was
available when it wasn't, and the node device driver would then log an
error like this:
virPCIDeviceGetLinkCapSta:2754 :
internal error: pci device 0000:00:18.0 is not a PCI-Express device
during a libvirtd restart. (this didn't ever occur until after
virPCIDeviceIsPCIExpress() was made more intelligent in commit c00b6b1ae, which hasn't yet been in any official release)
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Laine Stump [Wed, 6 Jan 2021 18:44:40 +0000 (13:44 -0500)]
lxc: eliminate leaked and dangling pointers in virLXCProcessSetupInterfaceTap
The two scenarios were found by Coverity after a seemingly-unrelated
change to virLXCProcessSetupInterfaceTap() (in commit ecfc2d5f43), and
explained by John Ferlan here:
a) On entry to virLXCProcessSetupInterfaceTap() if net->ifname != NULL
then a copy of net->ifname is made into parentVeth, and a reference
to *that* pointer is sent down to virNetDevVethCreate().
b) If parentVeth (aka net->ifname) is a template name (e.g. "blah%d"),
then virNetDevVethCreate() calls virNetDevGenerateName(), and if
virNetDevGenerateName() successfully generates a usable name
(e.g. "blah27") then it will free the original template string
(which is pointed to by net->ifname and by parentVeth), then
replace the pointer in parentVeth with a pointer to the new
string. Note that net->ifname still points to the now-freed
template string.
c) returning back up to virLXCProcessSetupInterfaceTap(), we check if
net->ifname == NULL - it *isn't* (still contains stale pointer to
template string), so we don't replace it with the pointer to the new
string that is in parentVeth.
d) Result: the new string is leaked once we return from
virLXCProcessSetupInterfaceTap(), while there is a dangling pointer
to the old string in net->ifname.
There is also a leak if there is a failure somewhere between steps (b)
and (c) above - the failure cleanup in virNetDevVethCreate() will only
free the newly-generated parentVeth string if the original pointer was
NULL (narrator: "It wasn't."). But it's a new string allocated by
virNetDevGenerateName(), not the original string from net->ifname, so
it really does need to be freed.
The solution is to make a copy of the entire original string into a
g_autofree pointer, then iff everything is successful we g_free() the
original net->ifname and replace it by stealing the string returned by
virNetDevVethCreate().
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Laine Stump [Mon, 21 Dec 2020 01:35:02 +0000 (20:35 -0500)]
lxc: remove unnecessary call to virNetDevReserveName()
In all cases *except* when parsing status XML as libvirt is being
restarted, the XML parser will delete any manually specified interface
name (aka "<target dev='blah'/>" aka net->ifname) that could have been
generated by virNetDevGenerateName(). This means that during the setup
when a domain is being started (e.g. during
virLXCProcessSetupInterfaceTap()) it is pointless to call
virNetDevReserveName() with any setting of net->ifname that has come
from the XML parser - it is guaranteed to not fit the pattern of any
auto-generated name, and so the call is just a NOP anyway.
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Tim Wiederhake [Wed, 6 Jan 2021 10:05:11 +0000 (11:05 +0100)]
cpu_map: Define and enable Snowridge model
Due to missing pdpe1gb support in the host CPU data, the CPU is still
incorrectly detected as Westmere-IBRS for host capabilities because we
don't have the option to disable features included in the base model
there.
Signed-off-by: Tim Wiederhake <twiederh@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
network: Introduce mutex for bridge name generation
When defining/creating a network the bridge name may be filled in
automatically by libvirt (if none provided in the input XML or
the one provided is a pattern, e.g. "virbr%d"). During the
bridge name generation process a candidate name is generated
which is then checked with the rest of already defined/running
networks for collisions.
Problem is, that there is no mutex guarding this critical section
and thus if two threads line up so that they both generate the
same candidate they won't find any collision and the same name is
then stored.
Resolves: https://gitlab.com/libvirt/libvirt/-/issues/78 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
The @fds member of qemuMonitorFdsetInfo struct is an array and as
such, it's allocated in qemuMonitorJSONQueryFdsetsParse() but not
freed in qemuMonitorFdsetsFree().
Fixes: b8998cc670f7b1b11a83276050e49dce7efba333 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Neal Gompa [Thu, 7 Jan 2021 14:58:08 +0000 (09:58 -0500)]
rpm: Simplify expression of supported platforms
Stanzas like "0%{?fedora} && 0%{?fedora} >= %{min_fedora}" contain
redundant definitions, as "0%{?fedora} >= %{min_fedora}" implies that
"%fedora" is defined and has a value. Thus, we can simplify this.
Tim Wiederhake [Mon, 4 Jan 2021 11:30:17 +0000 (12:30 +0100)]
cpu-gather: Use actions instead of flags for action argument
This allows for the functionality of cpu-cpuid.py script to be
integrated more naturally in a later patch.
Changes the way this script should be called:
cpu-gather.py -> cpu-gather.py
cpu-gather.py --gather -> cpu-gather.py gather
cpu-gather.py --parse -> cpu-gather.py parse
cpu-gather.py --gather --parse -> cpu-gather.py full
Signed-off-by: Tim Wiederhake <twiederh@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Tim Wiederhake [Mon, 4 Jan 2021 11:30:13 +0000 (12:30 +0100)]
cpu-cpuid: Remove xmltodict usage in parseCPU
'xmltodict' is a Python module that is not installed by default.
Replace it, so the dependencies of cpu-gather.py do not change
when both scripts are merged.
Signed-off-by: Tim Wiederhake <twiederh@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Tim Wiederhake [Mon, 4 Jan 2021 11:30:12 +0000 (12:30 +0100)]
cpu-cpuid: Remove xmltodict usage in parseMap
'xmltodict' is a Python module that is not installed by default.
Replace it, so the dependencies of cpu-gather.py do not change
when both scripts are merged.
Signed-off-by: Tim Wiederhake <twiederh@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
src/qemu/qemu_migration.c:4814:20: error: ‘dstOffline’ may be used
uninitialized in this function [-Werror=maybe-uninitialized]
4814 | if (offline && !dstOffline) {
The commit that introduced the error: 910b94df: qemu: adopt to VIR_DRV_SUPPORTS_FEATURE return -1
Signed-off-by: Nick Shyrokovskiy <nshyrokovskiy@gmail.com>
Changes to a virtio network device such as
<interface type="network">
<model type="virtio"/>
<driver iommu="on" ats="on"/> <!-- this line added -->
...
</interface>
were quietly dismissed by `virsh update-device ... --live`.
Signed-off-by: Tim Wiederhake <twiederh@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Otherwise we can get misleading error messages. One example is when connection
is broken we got "this function is not supported by the connection driver:
virDomainMigrate3" from virDomainMigrate3.
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
qemu: Restore default root qdisc when QoS is cleared out
When an interface has some bandwidth limitation set (it's root
qdisc is htb in that case) but this gets cleared out via public
API call (virDomainSetInterfaceParameters() or
virDomainUpdateDeviceFlags()) then virNetDevBandwidthSet() clears
out whatever qdiscs were set on the interface and kernel places
the default qdisc at the root. What we need to do next is to
replace the root qdisc with the one we want.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1329644 Fixes: 0b66196d86ea375234cb0ee99289c486f9921820 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
While the code that's setting default qdisc is clever enough to
not overwrite any bandwidth (potentially) set by
virNetDevBandwidthSet() (and thus the root qdisc htb is not
replaced with noqueue), it does print a debug message when that's
the case. It's needless. We can set the root qdisc beforehand and
let virNetDevBandwidthSet() overwrite it.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
qemu_process: Release domain seclabel later in qemuProcessStop()
Some secdrivers (typically SELinux driver) generate unique
dynamic seclabel for each domain (unless a static one is
requested in domain XML). This is achieved by calling
qemuSecurityGenLabel() from qemuProcessPrepareDomain() which
allocates unique seclabel and stores it in domain def->seclabels.
The counterpart is qemuSecurityReleaseLabel() which releases the
label and removes it from def->seclabels. Problem is, that with
current code the qemuProcessStop() may still want to use the
seclabel after it was released, e.g. when it wants to restore the
label of a disk mirror.
What is happening now, is that in qemuProcessStop() the
qemuSecurityReleaseLabel() is called, which removes the SELinux
seclabel from def->seclabels, yada yada yada and eventually
qemuSecurityRestoreImageLabel() is called. This bubbles down to
virSecuritySELinuxRestoreImageLabelSingle() which find no SELinux
seclabel (using virDomainDefGetSecurityLabelDef()) and this
returns early doing nothing.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1751664 Fixes: 8fa0374c5b8e834fcbdeae674cc6cc9e6bf9019f Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Pavel Hrdina [Wed, 6 Jan 2021 12:02:38 +0000 (13:02 +0100)]
virfile: refactor virFileNBDDeviceAssociate
The only reason why virstoragefile.h needs to be included in virfile.h
is that virFileNBDDeviceAssociate() takes virStorageFileFormat argument.
The function doesn't need the enum value as it converts the value to
string and uses only that.
Change the argument to string which will allow us to remove that
include.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
According to our parser (virDomainTPMDefParseXML()) the version
is an optional attribute and independent of TPM backend type.
Therefore, it's not a choice group, which is what our RNG schema
suggests.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Eiichi Tsukata [Mon, 4 Jan 2021 02:31:59 +0000 (02:31 +0000)]
conf: Add support for keeping TPM emulator state
Currently, swtpm TPM state file is removed when a transient domain is
powered off or undefined. When we store TPM state on a shared storage
such as NFS and use transient domain, TPM states should be kept as it is.
Add per-TPM emulator option `persistent_sate` for keeping TPM state.
This option only works for the emulator type backend and looks as follows:
Jiri Denemark [Tue, 5 Jan 2021 22:53:25 +0000 (23:53 +0100)]
qemu: The TSC tolerance interval should be closed
The kernel refuses to set guest TSC frequency less than a minimum
frequency or greater than maximum frequency (both computed based on the
host TSC frequency). When writing the libvirt code with a reversed logic
(return success when the requested frequency falls within the tolerance
interval) I forgot to include the boundaries.
Peter Krempa [Tue, 5 Jan 2021 14:43:21 +0000 (15:43 +0100)]
qemu: backup: Properly delete temporary bitmap after push-mode incremental backup
Refactor in 0316c28a453ac used incorrect source variable to initialize
the variable which holds the name of the bitmap which needs to be
deleted after the backup job finishes. This resulted into deleting the
source bitmap of the backup rather than the temporary one.
Use 'dd->incrementalBitmap' which holds the temporary bitmap name
instead of 'dd->backupdisk->incremental' which holds the name of the
source bitmap which is used by the backup.
Fixes: 0316c28a453ac15f58c61f30359f66ab9a649884
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1908647 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 5 Jan 2021 12:02:34 +0000 (13:02 +0100)]
virsh-domain: Add quotes around '%s' formatting domain name
Domain name can contain spaces in which case it's not immediately clear
from virsh messages where the boundary of the name is. Enclose all %s
formatters in apostrophes as delimiters.
Done via the following vim regex:
%s/omain %s/omain '%s'/g
This patch changes:
$ virsh undefine --snapshots-metadata 'OWASP Broken Web Apps VM v1.2'
Domain OWASP Broken Web Apps VM v1.2 has been undefined
to:
$ virsh undefine --snapshots-metadata 'OWASP Broken Web Apps VM v1.2'
Domain 'OWASP Broken Web Apps VM v1.2' has been undefined
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
This is perfectly valid in VMWare and the VM just boots with an empty drive. We
used to just skip the whole drive before, but since we changed how we parse
empty cdrom drives this results in an error. Make it behave more closer to
VMWare.
There's only one variable to clean-up, others are just tokens inside that
variable, but it is nicer anyway. Positive returns have not been converted
because the function will change soon and it would not make much sense.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
As soon as a guest using a <tpm> device is launched, libvirt will change
the ownership to 'tss' user and group, with mode 0730, which will cause
RPM verify to then fail.
Reviewed-by: Laine Stump <laine@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
projects / libvirt.git / log