Peter Krempa [Tue, 20 Feb 2024 13:22:05 +0000 (14:22 +0100)]
qemuxmlconftest: Add test for 'realview' machine
Add test data for a 'realview' machine example to validate default USB
controller selection.
Note that it's unlikely that anyone would run 'realview' machines with
'aarch64' architecture, but qemu allows it and it's simpler test-wise in
libvirt.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Jiri Denemark [Fri, 1 Mar 2024 15:56:16 +0000 (16:56 +0100)]
qemu: Optimize CPU check='partial' for usable CPUs
Ideally check='partial' would check exactly the features QEMU would want
to enable when asked for a specific CPU model (and features). But there
is no way we could ask QEMU how a specific CPU would look like. So we
use our definition from CPU map, which may slightly differ as QEMU adds
or removes features from CPU models, and thus we may end up checking
features which QEMU would not enable while missing some required ones.
We can do better in specific cases, though. If a CPU definition uses
only a model and disabled features (or none at all), we already know
whether QEMU can enable all features required by the CPU model as that's
what we use to set usable='yes' attribute in the list of available CPU
models in domain capbilities XML. So when a usable CPU model is
requested without asking for additional features (disabling features is
fine) we can avoid our possible inaccurate check using our CPU map.
For backward compatibility we only consider usable models. If a
specified model is not usable, we still check it the old way and even
let QEMU start it (and disable some features) in case our definition
lacks some features compared to QEMU.
Fixes: https://gitlab.com/libvirt/libvirt/-/issues/608 Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Jiri Denemark [Thu, 29 Feb 2024 17:28:02 +0000 (18:28 +0100)]
cpu: x86: Check for invalid CPU data from hypervisor
Recently a kernel bug caused QEMU to report a CPU feature as enabled
while listing it in the "unavailable-features" list of features that
were requested, but could not be enabled. The feature was actually
enabled, but we marked it as disabled when starting a domain. Later when
the domain is migrated, the destination requests the feature to be
disabled, which breaks the guest ABI or if we are lucky QEMU just fails
to load the migration stream.
Let's make similar bugs more visible in the future by refusing to even
start the domain.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Adam Julis [Tue, 5 Mar 2024 10:43:03 +0000 (11:43 +0100)]
virsh: Fix overflow error of freepages command
Trying to print pages of a size larger than the UINT_MAX of the
given platform (for example, 4G on 64-bit ARM), results in a
system error even though this is a legitimate request.
The vshCommandOptScaledInt() used for parsing the pagesize is
given UINT_MAX as the upper limit. The parsed value is then
divided by 1024 and fed to virNodeGetFreePages() which expects an
unsigned int. We can't change the public API but the upper limit
can be raised by the factor of 1024.
Signed-off-by: Adam Julis <ajulis@redhat.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Thu, 29 Feb 2024 14:29:23 +0000 (15:29 +0100)]
tests: Add firmware descriptor for edk2 on loongarch64
This fails to be parsed because libvirt doesn't yet know about
the architecture, but thanks to the recent improvements this
is a merely a local failure rather than bringing everything
else down with it.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Thu, 29 Feb 2024 14:43:45 +0000 (15:43 +0100)]
qemu: Make firmware parsing failures non-fatal
At the moment, any kind of issue being detected in any of the
firmware descriptor files will result in the entire process
being aborted.
In particular, installing a build of edk2 for an architecture
that libvirt doesn't yet know about, for example loongarch64,
will break most firmware-related functionality: it will no
longer be possible to define new EFI VMs, start existing ones,
or even just obtain the domcapabilities for any architecture.
This is obviously unnecessarily harsh. Adopt a more relaxed
approach and simply ignore the firmware descriptors that we
are unable to parse correctly.
Andrea Bolognani [Thu, 29 Feb 2024 15:16:53 +0000 (16:16 +0100)]
qemu: Rewrite qemuFirmwareFetchParsedConfigs()
Instead of returning the list of paths exactly as obtained
from qemuFirmwareFetchConfigs(), and allocating the list of
firmwares to be exactly that size right away, start with two
empty lists and add elements to them one by one.
At the moment this only makes things more verbose, but later
we're going to change things so that it's possible that some
of the paths/firmwares are not included in the lists returned
to the caller, and at that point the changes will pay off.
Note that we can't use g_auto() for the new list of paths,
because until the very last moment it's not null-terminated,
so g_strfreev() wouldn't be able to handle it correctly.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Peter Krempa [Thu, 29 Feb 2024 12:50:09 +0000 (13:50 +0100)]
docs: newapi: Fix generation of type definition tables
Ensure that all rows have 3 columns and avoid generation of emtpy
elements which would be turned by the XML formatter into non-pair td/tr
tags which don't work properly with HTML5 parsers.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Peter Krempa [Thu, 29 Feb 2024 13:22:58 +0000 (14:22 +0100)]
docs: newapi: Properly skip ACL entries if empty
The source document can contain an empty '@flags' attribute which passes
the test but generates an empty element. Check that flags is non-empty
to trigger the fallback.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Peter Krempa [Thu, 29 Feb 2024 13:11:57 +0000 (14:11 +0100)]
docs: newapi: Avoid table where every row has an cell with 'colspan'
The HTML standard requires that a table column must include at least one
row which defines it exclusively, thus having a table where all rows
unite it via 'colspan' is illegal.
Modify the enum value generator to always output the description field
even when it's empty rather than uniting it, as in case when each value
doesn't have a description the generated document would violate the
standard.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Peter Krempa [Thu, 29 Feb 2024 12:06:39 +0000 (13:06 +0100)]
docs: newapi: Avoid empty <div>s when there is no description
The various objects we generate API for may have empty description in
which case an empty div would be generated when processing the API
description. As we're using XML output mode the generator would shorten
such divs to the non-pair empty element version, which doesn't work well
with HTML5 parsers requiring a pair tag for <div>
Avoid empty description <div> elements altogether by skipping it if the
description is empty.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Peter Krempa [Thu, 22 Feb 2024 12:29:07 +0000 (13:29 +0100)]
docs: newapi: Don't generate empty <div> in template for ACL permissions
If an API has no ACLs an empty <div class='acl'/> would be generated
which is mis-interpreted by browsers when creating DOM to nest any
subsequent elements under it.
Don't generate the ACL section div unless it will be filled.
Best viewed with 'git show -w'
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Fix off-by-one error in udevListInterfacesByStatus
Ever since this function was introduced in 2012 it could've tried
filling in an extra interface name. That was made worse in 2019 when
the caller functions started accepting NULL arrays of size 0.
This is assigned CVE-2024-1441.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com> Reported-by: Alexander Kuznetsov <kuznetsovam@altlinux.org> Fixes: 5a33366f5c0b18c93d161bd144f9f079de4ac8ca Fixes: d6064e2759a24e0802f363e3a810dc5a7d7ebb15 Reviewed-by: Ján Tomko <jtomko@redhat.com>
Boris Fiuczynski [Wed, 28 Feb 2024 18:46:08 +0000 (19:46 +0100)]
remote_protocol: Fix ACL on REMOTE_PROC_NODE_DEVICE_DEFINE_XML
Adding 'save' ACL to REMOTE_PROC_NODE_DEVICE_DEFINE_XML to make
REMOTE_PROC_NODE_DEVICE_UPDATE ACLs meaningful.
Fixes: 69f9e7dbc24657e85761f03574779540d0f18315 Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Michal Privoznik [Mon, 26 Feb 2024 11:42:09 +0000 (12:42 +0100)]
nodedevmdevctltest: Fix two memleaks
There are two memleaks inside of nodedevmdevctltest:
1) In the testCommandDryRunCallback() - when appending lines to
stdinbuf the pointer is overwritten without freeing the old
memory it pointed to.
2) In testMdevctlModify() the livecmd variable is reused and
since its marked as g_autoptr() the first use leaks.
Fixes: 582f27ff15f14fa0e913278c0a2ca9840c3f12f5 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Andrea Bolognani [Mon, 19 Feb 2024 10:33:45 +0000 (11:33 +0100)]
docs: Rewrite a few awkward sections
Address several oddities, and bring them in line with the style
used for the vast majority of our documentation. In a couple of
cases, some of the possible values for an attribute were listed
with :since: information matching that off the attribute itself,
making it redundant.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Mon, 19 Feb 2024 18:20:38 +0000 (19:20 +0100)]
docs: Fix a few weird :since: tags
These either mention libvirt explicitly, which is something
that we generally don't do, or lack the word "since", which
makes the resulting HTML awkward.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Mon, 19 Feb 2024 17:04:12 +0000 (18:04 +0100)]
docs: Remove unnecessary whitespace
It slipped in during the conversion to reStructuredText.
In one case, part of the preformatted text shouldn't have been
marked as such, so that's addressed too. A spurious opening
parenthesis is dropped as well.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Boris Fiuczynski [Thu, 22 Feb 2024 13:02:07 +0000 (14:02 +0100)]
nodedev: Implement virNodeDeviceUpdate
Implement the API functions in the node device driver by using mdevctl
modify with the options defined and live.
Instead of increasing the minimum mdevctl version to 1.3.0 in the spec
file to ensure support exists in mdevctl the support is dynamically
checked before using mdevctl.
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Boris Fiuczynski [Thu, 22 Feb 2024 13:02:06 +0000 (14:02 +0100)]
api: add virNodeDeviceUpdate()
A public API method which allows to update or modify objects is
implemented for almost all other objects that have a concept of
persistent definition and activatability. Currently node devices of type
mdev can be persistent and active. This new method allows to update
defined and active node devices as well.
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com> Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Boris Fiuczynski [Thu, 22 Feb 2024 13:02:04 +0000 (14:02 +0100)]
tools: add switches persistent and transient to nodedev-list
Now that we can filter persistent and transient node devices in
virConnectListAllNodeDevices(), add these switches also to the
virsh nodedev-list command.
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com> Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Boris Fiuczynski [Thu, 22 Feb 2024 13:02:01 +0000 (14:02 +0100)]
nodedev: add an active config to mdev
The configuration of a defined mdev can be modified after the mdev is
started. The defined configuration and the active configuration can
therefore run out of sync. Handle this by storing the modifiable data
which is the mdev type and attributes in two separate active and
defined configurations. mdevctl supports with callout scripts to do an
attribute retrieval of started mdevs which is already implemented in
libvirt.
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Boris Fiuczynski [Thu, 22 Feb 2024 13:01:58 +0000 (14:01 +0100)]
virmdev: prepare type and attributes for dual state
Create a new structure holding type and attributes as these are
modifiable in a persistent mdev configuration and run out of sync with
the active mdev configuration.
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com> Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Vincent Vanlaer [Mon, 19 Feb 2024 22:24:02 +0000 (23:24 +0100)]
daemon: fix wrong request count for sparse stream
Similar to when actual data is being written to the stream, it is
necessary to acknowledge handling of the client request when a hole is
encountered. This is done later in daemonStreamHandleWrite by sending a
fake zero-length reply if the status variable is set to
VIR_STREAM_CONTINUE. It seems that setting status from the message
header was missed for holes in the introduction of the sparse stream
feature.
Signed-off-by: Vincent Vanlaer <libvirt-e6954efa@volkihar.be> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Michal Privoznik [Tue, 20 Feb 2024 15:28:55 +0000 (16:28 +0100)]
qemuxmlconftest: Introduce memory-hotplug-nvdimm-overlap test case
This new test case checks whether we are handling NVDIMMs
correctly when checking for overlapping memory devices (see
previous commit). Without previous commit, this test case would
fail, yet it was produced in real life (at least the NVDIMM
part) and thus it is valid.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Michal Privoznik [Mon, 19 Feb 2024 14:37:16 +0000 (15:37 +0100)]
domain_validate: Account for NVDIMM label size properly when checking for memory conflicts
As of v9.8.0-rc1~7 we check whether two <memory/> devices don't
overlap (since we allow setting where a <memory/> device should
be mapped to). We do this pretty straightforward, by comparing
start and end address of each <memory/> device combination.
But since only the start address is given (an exposed in the
XML), the end address is computed trivially as:
start + mem->size * 1024
And for majority of memory device types this works. Except for
NVDIMMs. For them the <memory/> device consists of two separate
regions: 1) actual memory device, and 2) label.
Label is where NVDIMM stores some additional information like
namespaces partition and so on. But it's not mapped into the
guest the same way as actual memory device. In fact, mem->size is
a sum of both actual memory device and label sizes. And to make
things a bit worse, both sizes are subject to alignment (either
the alignsize value specified in XML, or system page size if not
specified in XML).
Therefore, to get the size of actual memory device we need to
take mem->size and substract label size rounded up to alignment.
If we don't do this we report there's an overlap between two
NVDIMMs even when in reality there's none.
Fixes: 3fd64fb0e236fc80ffa2cc977c0d471f11fc39bf Fixes: 91f9a9fb4fc0d34ed8d7a869de3d9f87687c3618
Resolves: https://issues.redhat.com/browse/RHEL-4452?focusedId=23805174#comment-23805174 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
ray [Wed, 21 Feb 2024 14:45:36 +0000 (06:45 -0800)]
qemu: Fix guest-sync response time in qga command
The current implementation sets the guest-sync timeout to the
smaller value between the default value (QEMU_AGENT_WAIT_TIME)
and agent->timeout, without considering the timeout passed
via the qga command.
This patch enhances the guest-sync timeout logic to use the
minimum value among the default value, agent->timeout, and
the timeout passed via the qga command.
Resolves: https://gitlab.com/libvirt/libvirt/-/issues/590 Signed-off-by: ray <honglei.wang@smartx.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Peter Krempa [Mon, 19 Feb 2024 12:53:26 +0000 (13:53 +0100)]
qemuMigrationDstPrepareStorage: Reject migration into 'dir' and 'vhost-user' types
Migrating into a 'directory' won't ever work as we ask qemu to emulate a
fat filesystem, so restoring of the files won't be possible. Same for
'vhost-user' disks which don't support blockjobs as there's no block
backend used in qemu.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Peter Krempa [Thu, 8 Feb 2024 15:48:17 +0000 (16:48 +0100)]
qemuMigrationDstPrecreateDisk: Refactor cleanup
Automatically free helper variables, remove the 'cleanup' label and
use virBufferCurrentContent() to take the XML from the buffer rather
than extracting it to a separate variable.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Peter Krempa [Fri, 16 Feb 2024 15:40:20 +0000 (16:40 +0100)]
qemuMigrationDstPrepareStorage: Properly consider path for 'vdpa' devices
Allow storage migration of VDPA devices by properly checking that they
exist on the destionation. Pre-creation is not supported but if the
device exists the migration should be able to succeed.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Peter Krempa [Thu, 8 Feb 2024 15:48:25 +0000 (16:48 +0100)]
qemuMigrationDstPrepareStorage: Use 'switch' statement to include all storage types
Decrease the likelyhood that addition of a new storage type will be
forgotten.
This patch also unifies the type check to consult the 'actual' type of
the storage in both cases as the NVMe check looked for the XML declared
type while virStorageSourceIsLocalStorage() looks for the
actual/translated type.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Tim Wiederhake [Thu, 1 Feb 2024 20:51:01 +0000 (21:51 +0100)]
cpu_map: Rewrite feature sync script
Previously, the script would only detect differences between
libvirt's and qemu's list of x86 features, adding those features
to libvirt was a manual and error prone procedure.
Replace with a script that can generate libvirt's feature list
directly from qemu source code.
If not specified otherwise, "output" defaults to x86_features.xml
in the same directory as sync_qemu_features_i386.py. If a checkout
of the qemu source code resides next to the libvirt directory, it
will be found automatically and need not be specified.
Signed-off-by: Tim Wiederhake <twiederh@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Laine Stump [Fri, 16 Feb 2024 17:43:59 +0000 (12:43 -0500)]
Set stubDriverName from hostdev driver model attribute during pci device setup
commit v9.10.0-129-g8b93d78c83 (first appearing in libvirt-10.0.0) was
supposed to allow forcing a PCI hostdev to be bound to a particular
driver by adding <driver model='blah'/> to the XML for the
device. Unfortunately, a single line was missed during the final
changes to the patch prior to pushing, and the result was that the
driver model could be set to *anything* and it would be accepted but
just ignored.
This patch adds the missing line, which will set the stubDriverName
field of the virPCIDevice object from the hostdev object as the
virPCIDevice is being created. This ends up being used by
virPCIDeviceBindToStub() as the driver that it binds the device to.
Fixes: 8b93d78c8325f1fba5db98848350f3db43f5e7d5 Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Adam Julis [Tue, 20 Feb 2024 09:31:34 +0000 (10:31 +0100)]
virsh-completer: modify and fix bug in virshPoolTypeCompleter, now used for more commands
Signed-off-by: Adam Julis <ajulis@redhat.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
We warned users before the meson times, so do like an S Club 7 and bring
it all back.
Add the information into a new section of the summary, because even
though using `warning()` looks better, it scrolls on by once the summary
is printed.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Andrea Bolognani [Fri, 16 Feb 2024 14:03:19 +0000 (15:03 +0100)]
syntax-check: Drop 'syntax-check' target
Our entry point for syntax-check rules is meson, which calls
to each of them specifically; additionally, we have the 'all'
target that warns users who try to use make directly.
The 'syntax-check' target is not used by anything, and in fact
it couldn't be even if one tried: its availability depends on
the $(_gl-Makefile) variable, which in our case is never
defined.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Andrea Bolognani [Fri, 16 Feb 2024 14:09:45 +0000 (15:09 +0100)]
syntax-check: Sync with gnulib
The most notable change is the new 'sc_unportable_grep_q' rule.
While importing it from gnulib, the rule has been tweaked
slightly by adding superflous quotes so that syntax-check.mk
itself doesn't trip it. This is similar to the tricks employed
for the 'sc_prohibit_close' and 'sc_copyright_usage' rules,
among many others.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Andrea Bolognani [Fri, 16 Feb 2024 14:15:55 +0000 (15:15 +0100)]
all: Don't use 'grep -q'
It's not portable.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Peter Krempa [Fri, 16 Feb 2024 08:40:59 +0000 (09:40 +0100)]
docs: domain: Fix iothread to virtqueue mapping example
Each queue can be referenced only once and queues are numbered starting
from 0. Modify the example to show a valid configuration of one
iothread servicing more queues.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
projects / libvirt.git / log