The code parsing thue query-cpu-definitions response will short-circuit
the for loop in the case where usable=yes, resulting in us failing to
parse the CPU deprecation flag.
IOW, we only reported deprecations in domain capabilities for CPU models
which were not runnable on the host.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
In the not so distant past, the lock ordering in
virNWFilterLockIface() was as follows: global mutex ifaceMapLock
was acquired, then internal representation of given interface was
looked up in a hash table (or created brand new if none was
found), the global lock was released and the lock of the
interface was acquired.
But this was mistakenly changed as the function was rewritten to
use automatic mutexes, because now the global lock is held
throughout the whole run of the function and thus the interface
specific lock is acquired with the global lock held. This results
in a deadlock.
Fixes: dd8150c48dcf94e8d3b0481be08eeef822b98b02 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Tested-by: Erik Skultety <eskultet@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
qemu_process: Be nicer to killing QEMU when probing caps
The qemuProcessQMPStop() function is intended to kill this dummy
QEMU process we started only for querying capabilities.
Nevertheless, it may be not plain QEMU binary we executed, but
in fact it may be a memcheck tool (e.g. valgrind) that executes
QEMU later. By switching to virProcessKillPainfully() we allow
this wrapper tool to exit gracefully.
Another up side is that virProcessKillPainfully() reports an
error so no need for us to VIR_ERROR() ourselves.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
ci: only run integration tests if $LIBVIRT_CI_INTEGRATION=1 is set
Right now the jobs have no rules so they will always be created in
a pipeline. If the user's fork has no runner configured, then the
jobs will never be able to execute and the pipeline will not finish.
Even on upstream, there might be times the runner has to be taken
offline for maint work, or unexpectedly fail. We need a quick way
to disable the integration tests if we decide we don't want to
have pipelines queued until the runner comes back online.
Both these problems can be addressed by requiring a environment
variable to be set
LIBVIRT_CI_INTEGRATION=1
This can be done in the GitLab repo CI settings for permanent
enablement. Alternatively it can be set for individual
scheduled jobs, or using a push option
git push -o ci.variable=LIBVIRT_CI_INTEGRATION=1
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Although we split out jobs across many files, the template / job
namespace is global, so we should use something more specific
than '.tests' as the template name.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Michal Privoznik [Fri, 18 Mar 2022 10:36:47 +0000 (11:36 +0100)]
virnwfilterobj: Don't use virObjectLockGuard() with virNWFilterObj
While its name would suggest that virNWFilterObj is an actual
virObject it is not. It's a plain structure (with virMutex as its
first member). Therefore, when locking the struct
virObjectLockGuard() can' be used and virLockGuardLock() must be
used instead.
Spotted-by: Martin Kletzander <mkletzan@redhat.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
qemu: use qemuDomainSaveStatus() and remove qemuDomainObjSaveStatus()
It does not make sense to have both of these, since one of them
is only a wrapper for the other one. I decided to preserve the
more general one, which requires only virDomainObj and rewrote it
a bit, so that it pulls the qemu driver from privateData.
conf: fix inverted parameters in hash iterator callbacks
virHashTableForEach unhelpfully has payload/key args in
its callback reversed compared to g_hash_table_foreach.
When converting from one to the other the semantics
change but you don't get a compile error
Reviewed-by: Erik Skultety <eskultet@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Tim Wiederhake [Thu, 17 Mar 2022 10:30:16 +0000 (11:30 +0100)]
esx_stream: Fix NULL dereferences
A wrong reordering caused "priv" to be derefenced before the NULL-check
in esxStreamSend and esxStreamRecvFlags.
Fixes: 12e19f172d2a908eec2a4557202ff764cdbb951e Signed-off-by: Tim Wiederhake <twiederh@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Erik Skultety [Tue, 5 Oct 2021 09:02:24 +0000 (11:02 +0200)]
gitlab-ci: Introduce new 'integration_tests' pipeline stage
This stage will download build artifacts from both the libvirt and
libvirt-perl (multi-project CI) builds, install all them on the custom
runners and configures libvirt debug logging on the runners prior to
executing the actual test suite. In case of a failure, libvirt and
Avocado logs will be saved and published as pipeline artifacts.
Signed-off-by: Erik Skultety <eskultet@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Erik Skultety [Tue, 5 Oct 2021 09:01:34 +0000 (11:01 +0200)]
ci: manifest: Publish RPMs as artifacts on CentOS Stream and Fedoras
We're already building libvirt in the containers already, if we publish
the build in form of, say, RPMs, later stages of the pipeline can
consume the RPMs instead of re-building libvirt from scratch.
Signed-off-by: Erik Skultety <eskultet@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Wed, 26 Jan 2022 14:09:52 +0000 (15:09 +0100)]
meson: Check for os-release's ID_LIKE in addition to ID
This makes it possible to reduce the number of cases we have to
consider, because 'sles' declares itself to be like 'suse' and
both 'rhel' and 'centos' declare themselves to be like 'fedora'.
We have to move the check for Ubuntu before the one for Debian,
however, because 'ubuntu' declares itself to be like 'debian'
and it would end up with the wrong defaults otherwise.
Suggested-by: Olaf Hering <olaf@aepfle.de> Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Thu, 27 Jan 2022 14:20:31 +0000 (15:20 +0100)]
spec: Move virkey* manual pages from -daemon to -client
The documentation included in these manual pages is mostly useful
to users of the 'send-key' virsh command, and the virsh manual
page refers to them, so it makes more sense to install them along
with virsh instead of libvirtd.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
I introduced support for these vim plugins several years ago
but have since moved away from them. These days developers
are likely better served by lsp-based tooling, which doesn't
require additional per-project configuration.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
The files marked as export-ignore here are not going to be
included in the tarball produced by 'meson dist' when using
meson >= 0.60.
Older versions of meson excluded a small subset of these files
automatically, but since we have more control now we can be
more aggressive and leave out anything that doesn't make sense
in a release tarball.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
conf: use a hash table for storing nwfilter object list
The current use of an array for nwfilter objects requires
the caller to iterate over all elements to find a filter,
and also requires locking each filter.
Switching to a pair of hash tables enables O(1) lookups
both by name and uuid, with no locking required.
Reviewed-by: Ján Tomko <jtomko@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
nwfilter: update comment about locking filter updates
The comment against the 'updateMutex' refers to a problem with
lock ordering when looking up filters in the virNWFilterObjList
which uses an array. That problem does indeed exist.
Unfortunately it claims that switching to a hash table would
solve the lock ordering problems during instantiation. That
is not correct because there is a second lock ordering
problem related to how we traverse related filters when
instantiating filters. Consider a set of filters:
Filter A:
Reference Filter C
Reference Filter D
Filter B:
Reference Filter D
Reference Filter C
In one example, we lock A, C, D, in the other example
we lock A, D, C.
Reviewed-by: Ján Tomko <jtomko@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
nwfilter: fix crash when counting number of network filters
The virNWFilterObjListNumOfNWFilters method iterates over the
driver->nwfilters, accessing virNWFilterObj instances. As such
it needs to be protected against concurrent modification of
the driver->nwfilters object.
This API allows unprivileged users to connect, so users with
read-only access to libvirt can cause a denial of service
crash if they are able to race with a call of virNWFilterUndefine.
Since network filters are usually statically defined, this is
considered a low severity problem.
This is assigned CVE-2022-0897.
Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Boris Fiuczynski [Thu, 17 Mar 2022 09:48:30 +0000 (10:48 +0100)]
nodedev: trigger mdev device definition update on udev add and remove
When nodedev objects are added and removed if possible check if mdev-types is
supported by the object and trigger a mdev device definition update to correct
the associated parent nodedevs.
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com>
Boris Fiuczynski [Thu, 17 Mar 2022 09:48:29 +0000 (10:48 +0100)]
nodedev: update mdevs on parent change
The parent of the mdev definition can change due to the existance of the
parent device. The parents existance can e.g. depend on the device
driver load state.
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com>
Michal Privoznik [Thu, 17 Mar 2022 08:19:39 +0000 (09:19 +0100)]
virnetdev: Use VIR_WITH_MUTEX_LOCK_GUARD in virNetDevGenerateName()
The virNetDevGenerateName() function uses a global array of
virNetDevGenName structs to find next unused name for network
device. This obviously needs some locking and in fact each member
of the array has its own lock. However, these members are not
virObjects, they are just plain structs, therefore
VIR_WITH_MUTEX_LOCK_GUARD() must be used instead of
VIR_WITH_OBJECT_LOCK_GUARD() to lock individual mutexes.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
qemu: domainjob: Allow InitJob if cb is not set in qemuDomainObjInitJob()
This allows init job even if cb structure is not set. This patch
also includes slight rewriting of the function to make it look
cleaner when freeing resources, by allocating privateData at the
end.
Signed-off-by: Kristina Hanicova <khanicov@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
qemu: domainjob: Allow operations if cb is not set in job structure
We should allow resetting / freeing / restoring / parsing /
formatting qemuDomainJobObj even if 'cb' attribute is not set.
This is theoretical for now, but the attribute must not be always
set in the future. It is sufficient to check if 'cb' exists
before dereferencing it.
Michal Privoznik [Tue, 15 Mar 2022 11:45:54 +0000 (12:45 +0100)]
qemu_cgroup: Don't deny devices from cgroupDeviceACL
On domain startup a couple of devices are allowed in the devices
controller no matter the domain configuration. The aim is to
allow devices crucial for QEMU or one of its libraries, or user
is passing through a device (e.g. through additional cmd line
arguments) and wants QEMU to access it.
However, during unplug it may happen that a device is configured
to use one of such devices and since we deny /dev nodes on
hotplug we would deny such device too. For example,
/dev/urandom belongs onto the list of implicit devices and users
can hotplug and hotunplug an RNG device with /dev/urandom as
backend.
The fix is fortunately simple - just consult the list of implicit
devices before removing the device from the namespace.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Michal Privoznik [Tue, 15 Mar 2022 11:37:44 +0000 (12:37 +0100)]
qemu_cgroup: Drop ENOENT special case for RNG devices
When allowing or denying RNG device in CGroups there's a special
check if the backend device exists (errno == ENOENT) in which
case success is returned to caller. This is in contrast with the
rest of the functions and in fact wrong too - if the backend
device doesn't exist then QEMU will fail opening it. Might as
well signal error here.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Michal Privoznik [Mon, 14 Mar 2022 12:35:15 +0000 (13:35 +0100)]
qemu_namespace: Be less aggressive in removing /dev nodes from namespace
When creating /dev nodes in a QEMU domain's namespace the first
thing we simply do is unlink() the path and create it again. This
aims to solve the case when a file changed type/major/minor in
the host and thus we need to reflect this in the guest's
namespace. Fair enough, except we can be a bit more clever about
it: firstly check whether the path doesn't already exist or isn't
already of the correct type/major/minor and do the
unlink+creation only if needed.
Currently, this is implemented only for symlinks and
block/character devices. For regular files/directories (which are
less common) this might be implemented one day, but not today.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Mon, 14 Mar 2022 14:05:11 +0000 (15:05 +0100)]
qemu_namespace: Don't unlink paths from cgroupDeviceACL
When building namespace for a domain there are couple of devices
that are created independent of domain config (see
qemuDomainPopulateDevices()). The idea behind is that these
devices are crucial for QEMU or one of its libraries, or user is
passing through a device and wants us to create it in the
namespace too. That's the reason that these devices are allowed
in the devices CGroup controller as well.
However, during unplug it may happen that a device is configured
to use one of such devices and since we remove /dev nodes on
hotplug we would remove such device too. For example,
/dev/urandom belongs onto the list of implicit devices and users
can hotplug and hotunplug an RNG device with /dev/urandom as
backend.
The fix is fortunately simple - just consult the list of implicit
devices before removing the device from the namespace.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Sat, 12 Mar 2022 04:41:56 +0000 (05:41 +0100)]
virsh: Don't open code virshEnumComplete()
Now that we have a function that generates string list for given
enum, let's use that instead of open coding it.
Note, after this there are still some 'candidates' left (e.g,
virshNetworkEventNameCompleter(), or
virshNetworkUpdateCommandCompleter()). These are not converted
because either they don't have a convenient int2str function or
they don't start from the very beginning of the enum.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Michal Privoznik [Sat, 12 Mar 2022 04:37:50 +0000 (05:37 +0100)]
virsh: Introduce virshEnumComplete()
We have plenty of completers which iterate over all values of
given enum and do nothing more than translate every member into
string (using corresponding virXXXTypeToString()).
Introduce a convenience function so that callers can pass just
VIR_XXX_LAST and virXXXTypeToString and the rest is taken care
of.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Michal Privoznik [Fri, 11 Mar 2022 08:13:56 +0000 (09:13 +0100)]
virsh: Properly terminate string list in virshDomainInterfaceSourceModeCompleter()
A completer must return a NULL terminated list of strings, which
means that when dealing with enums, it has to allocate one
pointer more than the value of VIR_XXX_LAST. But this is not
honoured in virshDomainInterfaceSourceModeCompleter() leading to
out of bounds read.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Peter Krempa [Thu, 10 Mar 2022 11:59:30 +0000 (12:59 +0100)]
qemu: migration: Use 'VIR_MIGRATE_PARAM_TLS_DESTINATION' for the NBD connection
The NBD connection for non-shared storage migration can have the same
issue regarding TLS certificate name match as the migration connection
itself.
Propagate the configured name also for the NBD connections.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1901394 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Thu, 10 Mar 2022 09:05:53 +0000 (10:05 +0100)]
conf: Add support for setting expected TLS hostname for NBD disks
In cases when the hostname of the NBD server doesn't match the hostname
in the TLS certificate the new attribute 'tlsHostname' can be used to
override it.
Add the XML infrastructure and tests.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Notable changes:
- 'tls-hostname' field for NBD client to override local hostname
- machine types 'pc-i440fx-1.7' and older are now deprecated
- 'snapshot-access' block driver added
- The 'protocol' field of 'set_password' and 'expire_password'
parameter is now an enum instead of a pure string allowing 'vnc' and
'spice' as value and the arguments are also covered by the schema.
- 'copy-before-write' block driver now has a 'bitmap' property
- 'query-migrate' now reports 'precopy-bytes', 'downtime-bytes',
'postcopy-bytes' for 'ram' and 'disk' statistics
- RTC_CHANGE event now has a 'qom-path' property to identify the RTC
- 'umip' cpu feature is now migratable
- SGX property 'section-size' reinstated after regression
Changes in build setting:
- fuse block export support now enabled
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 9 Mar 2022 14:43:56 +0000 (15:43 +0100)]
virDomainSnapshotDefParse: Decouple parsing of memory snapshot config
Separate the steps of parsing the memory snapshot config from the
post-processing and validation code. The upcoming patch refactoring the
parsing will be simpler.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 8 Mar 2022 17:20:46 +0000 (18:20 +0100)]
conf: snapshot: Remove VIR_DOMAIN_SNAPSHOT_PARSE_DISKS flag
All callers except the one in the 'esx' driver pass the flag. The 'esx'
driver has a check that 'def->ndisks' is zero after parsing the
definition. This means that we can simply always parse the disks.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 8 Mar 2022 17:08:54 +0000 (18:08 +0100)]
qemuDomainSnapshotForEachQcow2Raw: Act only on internal snapshots
Similarly to the external snapshot code the internal inactive snapshot
creation helper should act only when an internal snapshot of the disk is
required. For now the callers ensure that it's either _INTERNAL or _NO
when control reaches this function.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Fri, 4 Mar 2022 13:34:02 +0000 (14:34 +0100)]
qemuSnapshotDiskPrepareActiveExternal: Handle only external snapshots
Preparation steps ensure that the 'snapshot' field can only be
'VIR_DOMAIN_SNAPSHOT_LOCATION_NONE' or
VIR_DOMAIN_SNAPSHOT_LOCATION_EXTERNAL' at this point, but upcoming
patches will change that. Handle only external snapshots.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Haonan Wang [Thu, 10 Mar 2022 15:22:24 +0000 (23:22 +0800)]
virsh: Provide completer for vol-wipe algorithms
Related issue: https://gitlab.com/libvirt/libvirt/-/issues/9
Signed-off-by: Haonan Wang <hnwanga1@gmail.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
The security label setting for the external images is part of the
'source' element and documented there. Remove the empty definition added
accidentally in commit ac88a8cfad1
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 9 Mar 2022 08:40:31 +0000 (09:40 +0100)]
docs: formatsnapshot: Remove explicit listing of supported snapshot formats
In blockdev mode we support creating snapshots on all kinds of storage
that qemu allows us to format the image. Drop the part of the sentence
enumerating explicitly supported protocols.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 9 Mar 2022 08:34:40 +0000 (09:34 +0100)]
docs: formatsnapshot: Move paragraphs describing 'disk' element together
There was another paragraph describing the attribute 'type' of the
'disk' element under the description of the subelements. Move it to the
top to get all relevant information in one place.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
projects / libvirt.git / log