QiangWei Zhang [Tue, 6 May 2025 10:33:01 +0000 (18:33 +0800)]
virnetdevtap: Fix memory leak in virNetDevTapReattachBridge
Variable 'master' needs to be free because it will be reassigned in
virNetDevOpenvswitchInterfaceGetMaster().
The leaked stack:
Direct leak of 11 byte(s) in 1 object(s) allocated from:
#0 0x7f7dad8ba6df in __interceptor_malloc (/lib64/libasan.so.8+0xba6df)
#1 0x7f7dad715728 in g_malloc (/lib64/libglib-2.0.so.0+0x60728)
#2 0x7f7dad72d8b2 in g_strdup (/lib64/libglib-2.0.so.0+0x788b2)
#3 0x7f7dacb63088 in g_strdup_inline /usr/include/glib-2.0/glib/gstrfuncs.h:321
#4 0x7f7dacb63088 in virNetDevGetName ../src/util/virnetdev.c:823
#5 0x7f7dacb63886 in virNetDevGetMaster ../src/util/virnetdev.c:909
#6 0x7f7dacb90288 in virNetDevTapReattachBridge ../src/util/virnetdevtap.c:527
#7 0x7f7dacd5cd67 in virDomainNetNotifyActualDevice ../src/conf/domain_conf.c:30505
#8 0x7f7da3a10bc3 in qemuProcessNotifyNets ../src/qemu/qemu_process.c:3290
#9 0x7f7da3a375c6 in qemuProcessReconnect ../src/qemu/qemu_process.c:9211
#10 0x7f7dacc0cc53 in virThreadHelper ../src/util/virthread.c:256
#11 0x7f7dac2875d4 in start_thread (/lib64/libc.so.6+0x875d4)
#12 0x7f7dac3091bb in __GI___clone3 (/lib64/libc.so.6+0x1091bb)
Fixes: de938b92c9d3a47647164aa643c20d2fc96cd2bc Signed-off-by: QiangWei Zhang <zhang.qiangwei@zte.com.cn> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Michal Privoznik [Mon, 12 May 2025 13:00:04 +0000 (15:00 +0200)]
virnetlink: Split virNetlinkBridgeVlanFilterSet()
Currently, virNetlinkBridgeVlanFilterSet() takes @cmd as the
second argument where either RTM_SETLINK or RTM_DELLINK is
expected. Both of these constants come from linux/rtnetlink.h and
thus are undefined when building without netlink. This design
also clashes with the whole point of virnetlink: to offload
netlink dependency onto a single file.
Therefore, drop the argument, turn
virNetlinkBridgeVlanFilterSet() into just setter, effectively,
and introduce virNetlinkBridgeVlanFilterDel() for the case when
RTM_DELLINK would be passed as @cmd.
Resolves: https://gitlab.com/libvirt/libvirt/-/issues/770 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Michal Privoznik [Mon, 12 May 2025 12:29:21 +0000 (14:29 +0200)]
virnetdevbridge: Include virnetlink.h more often
The whole point of virnetlink.h is that it hides away the build
time dependency on netlink. It wraps netlink functions in our
functions which then have a stub implementation in case netlink
support was disabled.
Though, netlink is still Linux specific, so keep it in the
'#ifdef __linux__` block to cause a compilation error should
anybody try to use any of the wrapped functions on non-Linux.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Michal Privoznik [Mon, 12 May 2025 12:28:42 +0000 (14:28 +0200)]
virnetlink: Provide stub for virNetlinkBridgeVlanFilterSet()
In virnetlink.c there are two sections: the first one when
building WITH_LIBNL support, the other that provides stubs for
functions declared in the corresponding header file when building
without netlink support. But the stub implementation for
virNetlinkBridgeVlanFilterSet() was missing.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
qemu_capabilities: Fetch caps for virtio-mem-ccw too
While with upstream QEMU it's impossible to have virtio-mem-ccw and not
have virtio-mem-pci, in RHEL the QEMU's build system is patched to make
that possible. But this breaks our assumption when fetching
capabilities.
Well, just do what we are already doing in this situation (e.g.
"virtio-blk-pci"/"virtio-blk-ccw" & virQEMUCapsDevicePropsVirtioBlk, or
"virtio-scsi-pci"/"virtio-net-ccw" & virQEMUCapsDevicePropsVirtioSCSI):
fetch the same set of props for both devices.
docs: hooks: Document when shutoff-reason argument was introduced
Introduced in v10.5.0-rc1~52, qemu and lxc hook scripts are
executed with additional argument: shutoff reason. But wording of
our docs make it looks like it's been that way forever. Make it
clear this is `recent` feature.
Resolves: https://gitlab.com/libvirt/libvirt/-/issues/766 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
cpu_x86: Fix algorithm for computing CPU model weight
This patch is effectively a NOP, but it fixes a logic bug and makes the
heuristics more visible and easier to change should there be a need to
do so in the future.
We decide which CPU model is the best match for given CPU data by
comparing lists of features that need to be enabled/disabled on top of
the selected CPU model. Since the original approach of using just the
total number of features was not working well enough, commit v8.3.0-42-g48341b025a implemented a penalty for disabled features which
would increase for each additional disabled features. Apparently the
intention was weighting disabled features as
But there was a bug in the code which caused it to ignore some of the
features and counted as enabled regardless on their policy. Instead of
going through all features the code used the number of "enabled"
features (the variable was not really counting number of enabled
features though) which was initialized to the total number of features
and decremented each time a disabled features was found. Thus depending
on the number of disabled features, some features at the end of the list
were ignored. Luckily we know all the ignored features had to be
disabled because the CPU definitions were created by x86DataToCPU which
constructs a list of enabled features followed by disabled features.
So to fix the bug while providing the same results we can come up with
an equivalent formula using properly counted features in the CPU
definition.
The number of disabled features counted by the buggy code is
When computing the total weight, we can't no longer use number of
enabled features because the original code counted some of the disabled
features as enabled. So to match the old behavior, we count the total
weight as
weight = features - half + weightDisabled
The weight of enabled features now differs from the value computed by
the old code, but we don't need to worry about it as it's not really
used anywhere except for logging.
Fixes: https://gitlab.com/libvirt/libvirt/-/issues/759 Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Refactor weight calculation to a separate virCPUx86WeightFeatures
function to avoid code duplication. The algorithm is not changed during
the refactoring, it will be fixed later.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Peter Krempa [Thu, 24 Apr 2025 13:40:12 +0000 (15:40 +0200)]
qemuxmlactivetest: Don't segfault when capability XMLs are invalid
This is purely a devel-time problem in the test suite.
'qemuxmlactivetest' invokes the whole test worker twice, once for
inactive output and second time for active.
Now 'testQemuInfoInitArgs' returns a failure if the XML is invalid and
the test is skipped. On another invocation though it returns 0 if
'testQemuInfoSetArgs' was not invoked meanwhile and thus makes it seem
it succeeded which leads to a crash in the code assuming that some
pointers are valid.
Use same interlocking as 'qemuxmlconftest' to skip the second invocation
on failure of the first one.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
The files were forgotten after the previous bump to use qemu-5.2 as
minimum. The data for qemu-5.2, qemu-6.0, and qemu-6.1 was already
removed when bumping to qemu-6.2.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Mon, 28 Apr 2025 12:19:32 +0000 (14:19 +0200)]
qemucapabilitiesdata: Enable GTK graphics for 'caps_10.0.0_x86_64'
The common x86_64 test output was usually built without GTK as I've had
that in my build script for a long time. Enable it now as GTK UI is
enabled by many distros and upcoming patches plan to add support to
libvirt as well.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Michal Privoznik [Mon, 28 Apr 2025 09:58:39 +0000 (11:58 +0200)]
src: s/G_NO_INLINE/ATTRIBUTE_MOCKABLE/
Per change in coding style done in previous commit,
ATTRIBUTE_MOCKABLE should be used instead of G_NO_INLINE for
functions that are mocked in our test suite. Do the change.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Michal Privoznik [Mon, 28 Apr 2025 08:49:57 +0000 (10:49 +0200)]
internal: Introduce ATTRIBUTE_MOCKABLE
Currently, if we want to mock a function the noinline attribute
is appended after the function (via G_NO_INLINE macro). This used
to work for non pure functions. But there are some trivial
functions (for instance virQEMUCapsProbeHVF()) that are pure,
i.e. have no side effect, and while their call from other parts
of the code is not optimized out, their call from within the same
compilation unit (qemu_capabilities.c) is optimized out.
This is because inlining and semantic interposition are two
different things. Even GCC's documentation for noinline attribute
[1] states that clearly:
This function attribute prevents a function from being
considered for inlining. It also disables some other
interprocedural optimizations; it’s preferable to use the more
comprehensive noipa attribute instead if that is your goal.
Even if a function is declared with the noinline attribute,
there are optimizations other than inlining that can cause
calls to be optimized away if it does not have side effects,
although the function call is live.
Unfortunately, despite attempts [2] Clang still does not support
the attribute and thus we have to rely on noinline +
-fsemantic-interposition combo.
Allow virCommand to find 'tc' in $PATH. This command is only used
when running privileged in which case both 'bin' and 'sbin' dirs will
be in $PATH, so virFindFileInPath will do the right thing to find it.
Since there are no longer any optional programs, only optional test
programs, the meson variables can be renamed and simplified at this
point.
The "TC" constant is defined in the header to match the pattern used
for the other firewall tool names.
Reviewed-by: Peter Krempa <pkrempa@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Allow virCommand to find 'ovs-vsctl' in $PATH. This command is only used
when running privileged in which case both 'bin' and 'sbin' dirs will
be in $PATH, so virFindFileInPath will do the right thing to find it.
Reviewed-by: Peter Krempa <pkrempa@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Allow virCommand to find 'modprobe' & 'rmmod' in $PATH. These commands
are only used when running privileged in which case both 'bin' and
'sbin' dirs will be in $PATH, so virFindFileInPath will do the right
thing to find them.
Reviewed-by: Peter Krempa <pkrempa@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Allow virCommand to find 'mm-ctl' in $PATH. This command is only used
when running privileged in which case both 'bin' and 'sbin' dirs will
be in $PATH, so virFindFileInPath will do the right thing to find it.
Reviewed-by: Peter Krempa <pkrempa@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Allow virCommand to find 'mdevctl' in $PATH. This command is only used
when running privileged in which case both 'bin' and 'sbin' dirs will
be in $PATH, so virFindFileInPath will do the right thing to find it.
Reviewed-by: Peter Krempa <pkrempa@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Gating the iscsi driver backend on a isciadm probe is likely to do
more harm than good as it needlessly disables the code if the dev
forgot to install iscsiadm at build time. As a Linux only command
it is simpler to gate the feature based on the platform choice and
allow missing binaries to be diagnose at runtime.
Reviewed-by: Peter Krempa <pkrempa@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Allow virCommand to find 'dmidecode' in $PATH. This command is only
usable when running privileged since it relies on reading from a
privileged kernel file. Thus we can assume both 'bin' and 'sbin' dirs
will be in $PATH and virFindFileInPath will do the right thing to
find it when called by virCommand.
Reviewed-by: Peter Krempa <pkrempa@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
storage: stop hardcoding paths for mkfs, mount, umount
This was always undesirable but now causes problems on Fedora 42
where at build time we detect a /sbin path but at runtime this
will only exist on upgraded machines, not fresh installs.
Reviewed-by: Peter Krempa <pkrempa@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Michal Privoznik [Mon, 28 Apr 2025 11:37:43 +0000 (13:37 +0200)]
scripts: Fix reading list of files in mock-noinline.py
The mock-noinline.py script is fed list of files through its
stdin, each file on its own line. Unfortunately, the way the
script is written does nothing as the trailing newline character
prevents any .endswith() match. Strip each line of white spaces.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Michal Privoznik [Mon, 28 Apr 2025 11:36:45 +0000 (13:36 +0200)]
util: Add missing G_NO_INLINE annotation
There are two functions that are mocked, but are missing required
G_NO_INLINE attribute: virFirewallDIsRegistered() and
virHostCPUGetPhysAddrSize(). Add it.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
kbase: update docs to account for changed error message
The updated doc refers to both the old and new error message, as users
with old deployed versions will still be pointed to the current online
docs URL.
Reviewed-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
When no URI is set we try to guess what daemon to connect to by looking
for any listening sockets. If there are no listening sockets, however,
we don't even know what daemon the user expected to connect to. The
error message in this case is not especially clear
This tweaks the error message to try to make the problem easier to
understand.
Resolves: https://issues.redhat.com/browse/RHEL-87177 Reviewed-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
nwfilter: Fix erroneous pointer passing to g_clear_pointer
Commit 5de27c32a18f wanted to fix a possible double free, but by mistake
did not pass a reference to the variable. This made virtnwfilterd
coredump in our daily CI build.
Fixes: 5de27c32a18f1da4969a679a2385d45cf0279699 Signed-off-by: Martin Kletzander <mkletzan@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
bhyve: use const virDomainDef pointer in bhyveBuildNetArgStr()
As virDomainNet* functions were converted to use const virDomainDef
pointers, update bhyveBuildNetArgStr() as well, like it was before it was
changed in e1e40b5035.
Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
- Document the virtio random number generator device support
- While here, remove mention of the specific FreeBSD version such as
10-STABLE, and just refer to the latest supported release.
Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Michal Privoznik [Fri, 11 Apr 2025 14:40:41 +0000 (16:40 +0200)]
vsh: Turn _vshControl::progname into a const string
The aim of the progname member of the _vshControl struct is to
point to argv[0] which is then used in vshOutputLogFile() to
create a prefix for a log message. But the member is never
modified (nor it should be) and thus can be a const char *.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Michal Privoznik [Fri, 11 Apr 2025 14:34:50 +0000 (16:34 +0200)]
vsh: Free commands in vshDeinit()
Whether virsh/virt-admin is running in interactive or
non-interactive mode, vshControl::cmd contains the batch of last
executed commands as a linked list. Just look into
vshCommandParse(). Free the linked list in vshDeinit() to avoid
memleak.
3,312 bytes in 3 blocks are still reachable in loss record 572 of 577
at 0x484CEF3: calloc (vg_replace_malloc.c:1675)
by 0x506AB29: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.8200.5)
by 0x1B74B8: vshCmdNew (vsh.c:1466)
by 0x1B7A80: vshCommandParse (vsh.c:1615)
by 0x1B8458: vshCommandStringParse (vsh.c:1874)
by 0x1419C1: virshParseArgv (virsh.c:773)
by 0x141D11: main (virsh.c:879)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Peter Krempa [Fri, 11 Apr 2025 11:42:37 +0000 (13:42 +0200)]
qemuDomainAttachDiskGeneric: Report errors from 'qemuBuildThrottleFiltersAttachPrepareBlockdev'
'qemuBuildThrottleFiltersAttachPrepareBlockdev' can fail when
constructing JSON props, but otherwise always retruns a pointer even if
there's nothing to do.
The code in 'qemuDomainAttachDiskGeneric' didn't handle this properly as
it considered NULL as "nothing to do". Return the failure instead and
check if tere's something to do by looking at 'nfilterdata'
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Peter Krempa [Fri, 11 Apr 2025 11:39:06 +0000 (13:39 +0200)]
qemu: block: Don't crash if qemuBlockThrottleFiltersDetach gets NULL @data
'qemuBlockThrottleFiltersDetach' crashes if @data is NULL. That can
happen in 'qemuDomainAttachDiskGeneric' as it's used as a rollback path
in cases when we didn't yet initialize the filter struct.
Fix it by tolerating NULL @data.
Closes: https://gitlab.com/libvirt/libvirt/-/issues/765 Fixes: 9a6560f066d1e65502d901f32ff2e91ffed3b209 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Laine Stump [Fri, 4 Apr 2025 23:44:52 +0000 (19:44 -0400)]
qemu: make passt+vhostuser reconnect behave identically to passt+user
When "original passt" support was added, we decided that we always
wanted to reconnect (i.e. restart the passt process) if it was somehow
terminated. Generic vhost-user, on the other hand, only turns on
reconnect if specified by the user in the config. But there is no
reason to require the user to specify this if the other end of the
vhost-user socket is a passt process - we know what has happened and
what we want to do; no reason to do the *wrong* thing by default, and
force the user to make an arbitrary decision about what to add to the
config in order to make it do the *right* thing; instead we just
hardcode it to always do the right thing.
(NB: when the backend is passt, <interface type='vhostuser'> has
always ignored the reconnect setting in <source> when parsing and
formatting, just as it has always ignored the socket path (since that
also is not user configurable for the passt backend)
Laine Stump [Fri, 4 Apr 2025 23:38:28 +0000 (19:38 -0400)]
qemu: put vhost-user code that's special for passt in a helper function
Rather than duplicating these two lines of chr device object setup for
hotplug and domain start, put them in a helper function that's called
from both places. That way when we need to setup *more* stuff specific
to passt+vhostuser, we can just add it in that one place.
Signed-off-by: Laine Stump <laine@redhat.com> Tested-by: Stefano Brivio <sbrivio@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Laine Stump [Fri, 4 Apr 2025 21:16:43 +0000 (17:16 -0400)]
qemu: respond to NETDEV_VHOST_USER_DISCONNECTED event
This response to this event is identical to NETDEV_STREAM_DISCONNECTED
(start a new passt process to replace the one that just disappeared -
see commitf62ce81b8a5), except that the new passt process will have
"--vhost-user" appended to the commandline. Fortunately that
difference is already handled based on the virDomainNetDef contents,
so we can, in fact, respond to the new event in exactly the same
manner.
Signed-off-by: Laine Stump <laine@redhat.com> Tested-by: Stefano Brivio <sbrivio@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Laine Stump [Fri, 4 Apr 2025 20:57:21 +0000 (16:57 -0400)]
qemu: make processNetDevStreamDisconnectedEvent() reusable
We will be adding a new event whose response will be *exactly* the
same as the response to NETDEV_STREAM_DISCONNECTED. Rather than doing
a copy-paste of the complete function that does the processing, turn
that function into something more generic that takes the name of the
event as an arg (the event name is only used in log messages).
Signed-off-by: Laine Stump <laine@redhat.com> Tested-by: Stefano Brivio <sbrivio@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Laine Stump [Fri, 4 Apr 2025 20:48:23 +0000 (16:48 -0400)]
qemu: remove nonsensical sanity check in processNetdevStreamDisconnectedEvent()
By definition QEMU will never send a NETDEV_STREAM_DISCONNECTED event
if it doesn't support the reconnect option for a stream netdev. And
even if, by some comedy of errors, it did send
NETDEV_STREAM_DISCONNECTED in that case, our response to the event
doesn't request anything at all of QEMU (much less something that
would fail if QEMU didn't understand NETDEV_STREAM_DISCONNECTED) - it
just starts a new passt process to replace the one that has been
terminated, so we don't need to check the QEMU capabilities for
QEMU_CAPS_NETDEV_STREAM_RECONNECT.
Signed-off-by: Laine Stump <laine@redhat.com> Tested-by: Stefano Brivio <sbrivio@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Peter Krempa [Thu, 10 Apr 2025 14:18:29 +0000 (16:18 +0200)]
qemuDomainBlockCopyCommon: Don't revoke access to file twice on failure
If the copy job fails to start up when calling the 'blockdev-mirror'
command the code would call qemuDomainStorageSourceChainAccessRevoke()
twice; once right after the monitor call and the second time in the
'endjob' section.
Remove the one directly after the monitor call and let the common
cleanup handle it.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Thu, 10 Apr 2025 13:26:14 +0000 (15:26 +0200)]
qemuDomainBlockCopyCommon: Reorder setup of 'mirror' data
While exploring an idea that modified the setup of the mirror I've
noticed that the code setting up the 'discard' field in the block copy
job happens after setup of the storage source, while normally e.g. in
qemuDomainPrepareStorageSource() it happens before.
Reorder it despite not having an effect currently.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
projects / thirdparty / libvirt.git / log
