Stefan Berger [Wed, 12 Jan 2022 15:49:52 +0000 (10:49 -0500)]
docs: tpm: Clarify omission or removal of active_pcr_banks node
Add a sentence to the active_pcr_banks node documentation that clarifies
that when the active_pcr_banks node is removed from the XML or when it
is omitted that the set of active PCR banks is not changed anymore.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2039246 Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Peter Krempa [Wed, 12 Jan 2022 09:31:59 +0000 (10:31 +0100)]
qemuSnapshotRedefine: Fix use of snapshot definition after free
Commit f4aae9726df factored out the snapshot redefinition code into a
separate function, but didn't account for the fact that the code is
consuming the reference to the snapshot definition and by moving the
code away the caller (qemuSnapshotCreateXML) now frees the definition
which didn't happen before as we cleared the pointer.
Fix it by increasing the reference locally. Later patches will refactor
the code so that it's more obvious what's happening.
Fixes: f4aae9726df
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2039651 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 11 Jan 2022 09:28:45 +0000 (10:28 +0100)]
qemuSnapshotCreate: Don't insert snapshot into list with VIR_DOMAIN_SNAPSHOT_CREATE_NO_METADATA
Our approach to snapshots without metadata was to insert them to the
snapshot list and then later remove them from the list when the flag is
present.
This quirky logic was broken in a recent refactor of the snapshot code
causing that the snapshot stayed inserted in the snapshot list.
Recent refactor of the snapshot code didn't faithfully relocate this
logic to the new function.
Rather than attempting to restore the quirky logic of adding and then
removing the object, don't add the snapshot into the list at all when
the user doesn't want metadata.
We achieve this by creating a temporary 'virDomainMomentObj' wrapper
which is not inserted into the list and using that instead of calling
virDomainSnapshotAssignDef.
Fixes: 9bad0fb809b
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2039131 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Ani Sinha [Tue, 11 Jan 2022 10:20:43 +0000 (15:50 +0530)]
report error when virProcessGetStatInfo() is unable to parse data
Currently virProcessGetStatInfo() always returns success and only logs error
when it is unable to parse the data. Make this function actually report the
error and return a negative value in this error scenario.
Fix the callers so that they do not override the error generated.
Also fix non-linux implementation of this function so as to report error.
Signed-off-by: Ani Sinha <ani@anisinha.ca> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
WARNING: pkgconfig variable 'cflags' not defined for dependency yajl.
which makes sense, because "cflags" is not one of the variables
reported by
$ pkg-config --print-variables yajl
and
$ pkg-config --variable=cflags yajl
doesn't work either.
The breakage was introduced when we switched from calling
pkg-config directly to using get_pkgconfig_variable() in 7.5.0
and, somehow, it went undetected until now.
Use "includedir", which is a proper pkg-config variable,
instead.
Fixes: c32c5ca29aeb63d329e2c1e60e249246c010f2f3 Signed-off-by: Andrea Bolognani <abologna@redhat.com> Tested-by: Roman Bolshakov <r.bolshakov@yadro.com> Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com>
Peter Krempa [Mon, 3 Jan 2022 14:50:49 +0000 (15:50 +0100)]
qemu: Revert to using non-JSON commandline for -device
When -device is configured via JSON a bug [1] is triggered in qemu were
the DEVICE_DELETED event for the removal of the device frontend is no
longer delivered to libvirt. Without the DEVICE_DELETED event we don't
remove the corresponding entries in the VM XML.
Until qemu will be fixed we must stop using the JSON syntax for -device.
This patch removes the detection of the capability. The capability is
used only during startup of a fresh VM so we don't need to consider any
compaitibility steps for existing VMs.
For users who wish to use 'libvirt-7.9' and 'libvirt-7.10' with
'qemu-6.2' there are two possible workarounds:
- filter out the 'device.json' qemu capability '/etc/libvirt/qemu.conf':
capability_filters = [ "device.json" ]
- filter out the 'device.json' qemu capability via qemu namespace XML:
We must never again use the same capability name as we are now
instructing users to filter it as a workaround so once qemu is fixed
we'll need to pick a new capability value for it.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2035237 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ani Sinha <ani@anisinha.ca> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Andrea Bolognani [Fri, 10 Dec 2021 14:56:29 +0000 (15:56 +0100)]
virt-ssh-helper: Add manual page
We don't usually provide manual pages for internal tools,
but in the case of virt-ssh-helper the command is installed
inside the default $PATH and so it's likely that the user
will stumble upon it by using the shell's completion feature
when invoking another virt-* command, which makes it a good
idea to provide at least a minimal manual page.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Ani Sinha [Thu, 6 Jan 2022 17:07:06 +0000 (22:37 +0530)]
do not report generic OPERATION_FAILED error when calling virConnectOpenAuth()
virConnectOpenAuth() calls virConnectOpenInternal(). This later function
generates fine grained errors arising from various failure conditions that are
more accurate than a "catch all" broader VIR_ERR_OPERATION_FAILED error that
the callers of this function generates. Remove the broader error so that more
specific errors can be caught and processed.
Signed-off-by: Ani Sinha <ani@anisinha.ca> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
src: Don't check for retval of some glib functions
There are a few glib functions that abort on OOM and thus there's
no point in checking their retval against NULL. Nevertheless, we
do have those checks in a few places. Remove them.
Generated using the following spatch:
@@
expression x;
identifier n;
expression r;
@@
(
x = g_strdup_printf(...);
| x = g_strdup_vprintf(...);
| x = g_strdup(...);
| x = g_strndup(...);
| x = g_new0(...);
| x = g_realloc(...);
)
... when != x
- if(!x)
(
- return r;
|
- goto n;
)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
virprocess: Provide non-Linux stubs for virProcessGet{Stat,Sched}Info
Both virProcessGetStatInfo() and virProcessGetSchedInfo() are
Linux centric. Provide stubs for non-Linux platforms.
Fixes: d73852c49962fbfe652fc7bec595a3f242faf847 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Until now we did 2 weird things when inserting the qemuCaps used for
individual test cases into the capability cache:
1) we inserted the same caps for all emulators
2) we always (expensively) copied them
Now when real capabilities are used we don't touch them at all just
simply inser them. This allows us one big optimization, by trading a
copy for just a virObjectRef as we can borrow the caps object to the
cache.
For fake caps we still copy them as we insert the fake machine types
into them, but second big optimization is to insert the capabilities
only for the architecture they belong to.
Additionally this commit also ensures that all other entries in the
cache for the binary are poisoned by empty caps so that it's obvious
that the test is doing the right thing.
Apart from this making actually more sense this shaves off more than 40%
of runtime from qemuxml2argvtest.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 5 Jan 2022 21:19:40 +0000 (22:19 +0100)]
qemuxml2(xml|argv)test: Test real state of things with 'x86-kvm-32-on-64'
As demonstrated by the qemuxml2xmltest DO_TEST_CAPS_LATEST data based on
the 'x86-kvm-32-on-64' test case the post parse CPU selection code which
fills in the CPU into the definition does not have exactly the same
logic as we used to have when the cpu model was picked when formatting
the commandline.
Change the qemuxml2argv test to use DO_TEST_CAPS_LATEST too as it
doesn't really make sense to test this on fake data.
In addition to 'latest' versions, this also adds second invocation
locked to qemu-4.1.0 which demonstrates the old behaviour.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 4 Jan 2022 17:21:36 +0000 (18:21 +0100)]
qemuxml2argvtest: Don't insert capabilities into cache twice
Fake capabilities are inserted twice, as in a few tests the architecture
is not present in the XML (testing filling in of the architecture).
Since we already know which architecture will be picked we don't need to
be adding the capabilities twice.
This doesn't impact the tests as they use the same approach to determine
the default arch.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 4 Jan 2022 15:36:46 +0000 (16:36 +0100)]
qemuxml2argvdata: Use proper arch and emulator for aarch64 real capability tests
Upcoming patches will modify how we populate the capability cache in
tests to be more sane. This also means that the emulator binary and
architecture used in the test files using real capabilities must match
what the real capabilities have.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 4 Jan 2022 15:36:46 +0000 (16:36 +0100)]
qemuxml2argvdata: Use proper arch and emulator for x86 real capability tests
Upcoming patches will modify how we populate the capability cache in
tests to be more saner. This also means that the emulator binary and
architecture used in the test files using real capabilities must match
what the real capabilities have.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 5 Jan 2022 09:23:42 +0000 (10:23 +0100)]
qemuxml2(argv|xml)test: Unify usage of DO_TEST_CAPS_LATEST
The qemuxml2argv invocation of some tests used DO_TEST_CAPS_LATEST while
the qemuxml2xmltest invocation uses fake caps. Unify them on
DO_TEST_CAPS_LATEST.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 5 Jan 2022 12:01:10 +0000 (13:01 +0100)]
qemuxml2(argv|xml)test: Enable 'controller-usb-order' for qemuxml2argv and convert it to latest caps
Since introduction in fc03eb53c0bf3f654 there wasn't a qemuxml2argv
version. As we are touching the files convert them to
DO_TEST_CAPS_LATEST directly.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 5 Jan 2022 11:35:40 +0000 (12:35 +0100)]
qemuxml2xmltest: Replace 'interface-server' by 'net-server' test case
According to commit 52222568490 the test case was added to verify that
the '<address>' element is covered by the schema. The test was not
registered for qemuxml2argvtest though. We can use 'net-server' instead
as it has the same type. On the other hand that one was not registered
for qemuxml2xmltest.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 5 Jan 2022 08:28:31 +0000 (09:28 +0100)]
tests: qemuxml2argvdata: Remove use of 'pc-1.0' and 'pc-1.2' machine types
There's nothing special about the tests requiring to use very old
machine types. Most usage is cargo-culted from other tests. Switch all
the tests to use 'pc' instead.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
For tests with fake capabilities we fill in a bunch of machine types
which the tests might use. For now there's a random collection of
machine types which are not actually used. Purge the unused ones for
non-x86 machines.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
The two test cases were added to avoid regressions such as fixed in 17dff3584855e9. Nowadays the code is much simpler and any Q35 machine
will trigger the explicit FDC.
Remove the '2.11' machine type version and turn the '2.9' version into a
generic q35 machine.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
All the fd-passing setup of chardevs which this hack meant to disable
was moved to the host-preparation phase which is skipped for formatting
of non-real commandlines.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Move qemuGetProcessInfo and qemuGetSchedInfo methods to util and share them
with ch driver.
Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Rohit Kumar [Tue, 4 Jan 2022 12:43:11 +0000 (04:43 -0800)]
Add VM info to improve error log message for qemu monitor
This change adds the domain name in the error and debug logs during
monitor IO processing so that we may infer which VM experienced
errors such as IO or socket hangup. This may help in debugging
monitor IO errors.
Signed-off-by: Rohit Kumar <rohit.kumar3@nutanix.com> Reviewed-by: Ani Sinha <ani@anisinha.ca> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Account for fact that virDomainDeviceDefCopy() does an inactive copy
In a few places (e.g. device attach/detach/update) we are given a
device XML, parse it but then need a copy of parsed data so that
the original can be passed to function handling the request over
inactive XML and the copy is then passed to function handling the
operation over live XML. Note, both functions consume passed
device on success, hence the need for copy.
The problem is in combination of how the copy is obtained and
where is passed. The copy is done by calling
virDomainDeviceDefCopy() which does only inactive copy, i.e. no
live information is copied over (e.g. no aliases).
Then, this copy (inactive XML effectively) is passed to function
handling live part of the operation (e.g.
qemuDomainUpdateDeviceLive()) and the definition containing all
the juicy, live bits is passed to function handling inactive part
of the operation (e.g. qemuDomainUpdateDeviceConfig()).
This is rather incorrect, and XML copies should be passed to
their respective functions.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2036895 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
Callers that already do this anyway can be cleaned up thanks to this and the one
that does not (daemon startup) gains the benefit of the error being printed to
standard error output changing:
And make callers check the return value as well. This helps error out early for
invalid environment variables.
That is desirable because it could lead to deadlocks. This can happen when
resetting logging after fork() reports translated errors because gettext
functions are not reentrant. Well, it is not limited to resetting logging after
fork(), it can be any translation at that phase, but parsing environment
variables is easy to make fail on purpose to show the result, it can also happen
just due to a typo.
Before this commit it is possible to deadlock the daemon on startup
with something like:
This prevents starting any daemons with improper logging settings. This is
desirable on its own, but will be even more beneficial when more functions start
reporting errors and failing on them, coming up in following patches
Signed-off-by: Martin Kletzander <mkletzan@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
The only difference is that we are not going to be guaranteed that the mutex is
normal (as opposed to recursive, although there is no system known to me that
would default to recursive mutexes), but that was done only to find occasional
errors (during runtime, back in 2010, commit 336fd879c00b). Functions using
this mutex are mostly stable and unchanging, and it makes the virLogOnceInit()
function only return 0 (or possibly abort in glib calls). On top of that we can
assume that the virLogMutex is always initialized which enables us to be more
consistent in some early error reporting.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Jim Fehlig [Wed, 15 Dec 2021 03:15:40 +0000 (20:15 -0700)]
tools: Add domsetlaunchsecstate virsh command
After attesting a domain with the help of domlaunchsecinfo,
domsetlaunchsecstate can be used to set a secret in the guest
domain's memory prior to running the vcpus.
Signed-off-by: Jim Fehlig <jfehlig@suse.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Jim Fehlig [Wed, 17 Nov 2021 01:21:19 +0000 (18:21 -0700)]
qemu: Implement the virDomainSetLaunchSecurityState API
Set a launch secret in guest memory using the sev-inject-launch-secret
QMP API. Only supported with qemu >= 6.0.0 and SEV-enabled guests in a
paused state.
Signed-off-by: Jim Fehlig <jfehlig@suse.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Jim Fehlig [Tue, 9 Nov 2021 23:28:55 +0000 (16:28 -0700)]
libvirt: Introduce virDomainSetLaunchSecurityState public API
This API allows setting a launch secret within a guests's memory. The
launch secret is created by the guest owner after retrieving and
verifying the launch measurement with virDomainGetLaunchSecurityInfo.
The API uses virTypedParameter for input, allowing it to be expanded
to support other confidential computing technologies. In the case of
SEV, a basic guest launch workflow is described in the SEV API spec
in section "1.3.1 Launch"
virnetdevopenvswitch: Fix 'burst' value passed to ovs-vsctl
As described in the previous commit, the units for 'burst' are
kibibytes and not kilobytes, i.e. multiples of 1024 not 1000.
Therefore, when constructing ovs-vsctl command the burst value
must be multiplied by 1024 and not just 1000. And because ovs
expects this size in bits the value has to be multiplied again by
8.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1510237#c26 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
The burst attribute for bandwidth specifies how much bytes can be
transmitted in a single burst. Therefore, the unit is in
multiples of 1024 (thus kibibytes) not SI-like 1000. It has
always been like that.
The 'tc' output is still confusing though, for instance:
# tc class add dev $DEV parent 1: classid 1:1 htb rate 1000kbps burst 2097152
# tc class show dev vnet2
class htb 1:1 root rate 8Mbit ceil 8Mbit burst 2Mb cburst 1600b
Please note that 2097152 = 2*1024*1024. Even the man page is
confusing. From tc(8):
kb or k Kilobytes
mb or m Megabytes
But I guess this is because 'tc' predates IEC standardisation of
binary multiples and thus can't change without breaking scripts
parsing its output.
And while at it, adjust _virNetDevBandwidthRate struct member
description, to make it obvious which members use SI/IEC units.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Michal Privoznik [Tue, 14 Dec 2021 12:54:44 +0000 (13:54 +0100)]
domain_conf: Use virXMLFormatElement*() more in virDomainDefFormatFeatures()
There are few places in virDomainDefFormatFeatures() which can
use virXMLFormatElement() or virXMLFormatElementEmpty() instead
of writing directly into the output buffer.
After this, there are still a lot of places left, but that is
much bigger task.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Michal Privoznik [Tue, 14 Dec 2021 11:28:34 +0000 (12:28 +0100)]
qemuxml2xmloutdata: Turn kvm-features*.xml into symlinks
There's no real difference between input and output XMLs for
kvm-features and kvm-features-off test cases. Do what we usually
do in such case - turn the output file into a symlink of the
input file.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
projects / libvirt.git / log