Andrea Bolognani [Tue, 21 Jan 2025 10:27:13 +0000 (11:27 +0100)]
meson: Unify handling of directories used for loadable modules
Currently the directories that are searched for each possible
kind of loadable module are created as a side effect of
installing the corresponding module, which means that their
availability depends on the exact list of features that have
been enabled.
Create them explicitly ahead of time instead, ensuring
consistency.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Implement domainInterfaceAddresses for the Cloud Hypervisor driver.
Support VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_LEASE and
VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_ARP sources. Implementation is
similar to other drivers.
Signed-off-by: Anirudh Rayabharam <anrayabh@linux.microsoft.com> Signed-off-by: Praveen K Paladugu <praveenkpaladugu@gmail.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Implement `virCHProcessEvent` that maps event string to corresponding
event type and take appropriate actions. As part of this, handle the
shutdown event by correctly updating the domain state. This change also
facilitates the handling of other VM lifecycle events, such as booting,
rebooting, pause, resume, etc.
Signed-off-by: Purna Pavan Chandra Aekkaladevi <paekkaladevi@linux.microsoft.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Use a FIFO(named pipe) for --event-monitor option in CH. Introduce a new
thread, `virCHEventHandlerLoop`, to continuously monitor and handle
events from cloud-hypervisor.
Signed-off-by: Purna Pavan Chandra Aekkaladevi <paekkaladevi@linux.microsoft.com> Co-authored-by: Vineeth Pillai <viremana@linux.microsoft.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
ch: pass --event-monitor option to cloud-hypervisor
The `--event-monitor` option in cloud-hypervisor outputs events to a
specified file. This file can then be used to monitor VM lifecycle,
other vmm events and trigger appropriate actions.
Most of my historical libvirt contributions are PowerPC related but at
this moment I'm working with RISC-V enablement (mostly on the QEMU
side).
Feel free to reach out for RISC-V related matters w.r.t libvirt and
QEMU-KVM support.
Suggested-by: Martin Kletzander <mkletzan@redhat.com> Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
The 'aia' feature is added as a machine type option for the 'virt'
RISC-V machine, e.g. "-machine virt,aia=<val>".
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
This feature is implemented as a string that can range from "none",
"aplic" and "aplic-imsic".
If the feature isn't present in the domain XML the hypervisor default
will be used. For QEMU, at least up to 9.2, the default is "none".
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
AIA (Advanced Interrupt Architecture) support was introduced in QEMU 7.0
for the 'virt' machine type. It allows the guest to choose from a more
modern interrupt model than the default (CLINT - Core Logical Interrupt
Controller).
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Let us introduce the xml and reply files for QEMU 10.0.0 on s390x.
Notable changes:
- new s390-ccw-virtio-10.0 machine type
- old machine types (2.4 - 2.8) dropped
- new CPU models
- New devices:
- virtio-mem-ccw
- chardev now supports qemu-vdagent
Signed-off-by: Shalini Chellathurai Saroja <shalini@linux.ibm.com> Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com> Suggested-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Jiri Denemark [Mon, 20 Jan 2025 15:28:20 +0000 (16:28 +0100)]
qemu: Fix hang when migration is canceled at the last moment
When a migration is canceled very late once virtual CPUs are already
stopped, QEMU will automatically resume them. If this happens after we
exited a waiting loop in qemuMigrationSrcWaitForCompletion, but before a
loop that tries to make sure CPUs are stopped by waiting for the
appropriate event, we may end up waiting forever because the CPUs are
running (they were resumed by migrate_cancel), but the STOP event is
already gone.
This is possible because we enter monitor for fetching migration
statistics at which point other APIs can be processed and migration may
change its state. We should recheck the state when we get back from the
monitor code.
https://issues.redhat.com/browse/RHEL-52493
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Michal Privoznik [Tue, 21 Jan 2025 11:36:48 +0000 (12:36 +0100)]
tools: ssh-proxy: Check for domain status before parsing its CID
Inactive domain XML can be wildly different to the live XML. For
instance, it can have VSOCK CID of that from another (running)
domain. Since domain status is not checked for, attempting to ssh
into an inactive domain may in fact result in opening a
connection to a different live domain that listens on said CID
currently.
Jiang XueQian [Sat, 18 Jan 2025 08:32:10 +0000 (16:32 +0800)]
nss: Skip empty files and avoid use of uninitialized value
JSON parser isn't called when reading empty files so `jerr` will be used
uninitialized in the original code. Empty files appear when a network
has no dhcp clients.
This patch checks for such files and skip them.
Fixes: a8d828c88bbdaf83ae78dc06cdd84d5667fcc424 Signed-off-by: Jiang XueQian <jiangxueqian@gmail.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Peter Krempa [Mon, 20 Jan 2025 14:14:39 +0000 (15:14 +0100)]
libvirt.spec: Move ownership of 'storage-file' backends directory to gluster
Commit f8558a87ac8525b16f4cbba4f24e0885fde2b79e de-modularized the
'storage-file' backend for local files, and thus now the only
possibility to have the directory is when compiling with gluster.
This breaks RPM builds when building without gluster as the backend
directory no longer exists in such case. Move the stanza requiring the
directory under the gluster driver declarations.
Fixes: f8558a87ac8525b16f4cbba4f24e0885fde2b79e Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Michal Privoznik [Tue, 14 Jan 2025 11:16:06 +0000 (12:16 +0100)]
qemuxmlconftest: Drop s390-default-cpu-...ccw-virtio-2.7 test cases
In its upstream commit [1], qemu dropped s390-2.7 machine type,
then in commit [2] the s390-2.8 machine type was dropped. But as
Thomas Huth pointed out, any machine type that's older than 6
years is subject to removal [3]. This means, any machine type
older than 4.1 is going to be removed eventually.
We have two test cases that assumes existence of 2.7 machine type.
While they could be switched to 4.1 machine type, we also have
another test case that already check 4.2 machine type.
Therefore, just drop the 2.7 ones.
Peter Krempa [Thu, 9 Jan 2025 08:52:36 +0000 (09:52 +0100)]
storage_file: de-modularize the local file backend
The 'storage_file' infrastructure serves as an abstraction on top of
file-looking storage technologies. Apart from local file it currently
implements also a backend for 'gluster'.
Historically it was all modularized and the local file module was
usually packaged with the 'core' part of the storage driver. Now with
split daemons one can install e.g. 'virqemud' without the storage driver
core which contains the 'fs' backend module. Since the qemu driver uses
the storage file backends to e.g. create storage for snapshots and
backups this allows users to create a deployment where some things will
not work properly.
As the 'fs' backend doesn't use any code that wouldn't be linked
directly anyways there's no point in actually shipping it as a module.
Let's compile it in so that all deployments can use it.
To achieve that, compile the source directly into the
'virt_storage_file_lib' static library and remove the loading code. Also
adjust the spec file.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Thu, 9 Jan 2025 13:53:49 +0000 (14:53 +0100)]
storage_file: Refuse qcow2 images with empty string as 'data_file'
In certain buggy conditions qemu can create an image which has empty
string stored as 'data_file'. While probing libvirt would consider the
empty string as a relative file name and construct the path using the
path of the parent image stripping the last component and appending the
empty string. This results into attempting to using a directory as an
image and thus the following error when attempting to start VM with such
an image:
error: unsupported configuration: storage type 'dir' requires use of storage format 'fat'
Reject empty strings passed in as 'data_file'.
Note that we do not have the same problem with 'backing store' as an
empty string there is interpreted as no backing file both by qemu and
libvirt.
Resolves: https://issues.redhat.com/browse/RHEL-70627 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
The assigned string is 17 chars long once the trailing nul is taken
into account. This triggers a warning with GCC 15
src/util/virsystemd.c: In function ‘virSystemdEscapeName’:
src/util/virsystemd.c:59:38: error: initializer-string for array of ‘char’ is too long [-Werror=unterminated-string-initialization]
59 | static const char hextable[16] = "0123456789abcdef";
| ^~~~~~~~~~~~~~~~~~
Switch to a dynamically sized array as used in all the other places
we have a hextable array.
See also: https://gcc.gnu.org/PR115185 Reported-by: Yaakov Selkowitz <yselkowi@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Jiri Denemark [Thu, 16 Jan 2025 12:43:35 +0000 (13:43 +0100)]
cpu_x86: Probe host CPU for all MSR features
The list of CPU features we probe from various MSR grew significantly
over time and the CPU map currently mentions 11 distinct MSR indexes.
But the code for directly probing host CPU features was still reading
only the original 0x10a index. Thus the CPU model in host capabilities
was missing a lot of features.
Instead of specifying a static list of indexes to read (which we would
forget to update in the future), let's just read all indexes found in
the CPU map.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Jiri Denemark [Wed, 15 Jan 2025 15:02:00 +0000 (16:02 +0100)]
qemu_migration: Do not automatically resume domain after I/O error
When an I/O error happens (causing a domain to be paused) during live
migration which is later cancelled by a user, trying to resume the
domain doesn't make sense.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Jiri Denemark [Tue, 14 Jan 2025 12:30:52 +0000 (13:30 +0100)]
qemu: Report error from both sides of migration
When migration fails in Perform phase, we call Finish on the destination
host with cancelled=1 and get the error from there and report it to the
user. This works well if the error on the destination caused the
migration to fail. But in other cases the main error may reported by the
source and the destination would just be complaining about broken
migration stream.
In other words, we don't really know which error caused the migration to
fail and we have no way of detecting that. So instead of choosing one
error, this patch will combine the error messages from both sides of
migration into a single message and report it to the user. The result
would be, for example:
operation failed: migration failed. Message from the source host:
operation failed: job 'migration out' failed: Certificate does not
match the hostname ble.bla. Message from the destination host:
operation failed: job 'migration in' failed: load of migration
failed: Invalid argument
And yes, this is ugly, but I wasn't able to come up with a better way of
fixing this issue.
https://issues.redhat.com/browse/RHEL-58933
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
conf: Do not parse hyperv features with passthrough mode
The schema does not allow that anyway and we then format them all back
which leads to libvirt producing an invalid XML.
Resolves: https://issues.redhat.com/browse/RHEL-70656 Signed-off-by: Martin Kletzander <mkletzan@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Jiri Denemark [Fri, 10 Jan 2025 17:25:20 +0000 (18:25 +0100)]
qemu_migration: Do not consider post-copy active in postcopy-recover
The postcopy-recover migration state in QEMU means a connection for the
migration stream was established. Depending on the schedulers on both
hosts a relative timing of the corresponding MIGRATION event on the
source host and the destination host may differ. Specifically it's
possible that the source sees postcopy-recover while the destination is
still in postcopy-paused.
Currently the Perform phase on the source host ends when we get
postcopy-recover event and the Finish phase on the destination host is
called. If this is fast enough we can still see postcopy-paused state
when the Finish phase starts waiting for migration to complete. This is
interpreted as a failure and reported back to the caller. Even though
the recovery may actually start just a few moments later.
To avoid this race we now don't consider post-copy migration active in
postcopy-recover state and keep waiting for postcopy-active event (in
the success path). Thus the Finish phase is entered only after the
migration switches to postcopy-active. In this state QEMU guarantees the
destination already switched at least to postcopy-recover and we won't
be confused be seeing an old postcopy-failed state.
https://issues.redhat.com/browse/RHEL-73085
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com
The generated org.libvirt.api.policy.in file was recently added to the
POTFILES list as it contains translatable messages.
It is only generated when WITH_POLKIT && WITH_LIBVIRTD is satisfied
though, resulting in the 'po_check' syntax rule failing if either of
those conditions are not met.
It is harmless to unconditionally generate this file, as a separate
rule takes care of of installing it, and the latter remains under
the build conditions.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Laine Stump [Sun, 12 Jan 2025 02:10:40 +0000 (21:10 -0500)]
qemu: support vlan change for linux host bridge during update-device
Since we previously only supported vlan tagging for interfaces
connected to an OVS bridge [*], the code in qemuChangeNet() (used by
the update-device API) assumed an interface with modified vlan config
was on an OVS bridge, and would call the OVS-specific
virNetDevOpenvswitchUpdateVlan().
Now that we support vlan tagging for interfaces connected to a
standard Linux host bridge, we must check the type of connection and
only call the OVS function when connected to an OVS bridge *both
before and after the update*. Otherwise we just set the flag to
re-connect to the bridge, which has the side effect of redoing the
vlan setup.
([*] or an SRIOV VF assigned using VFIO, but we don't support *any
runtime changes to that type of netdev so it's irrelevant here.)
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Pavel Hrdina [Thu, 9 Jan 2025 15:23:44 +0000 (16:23 +0100)]
qemu: snapshot: delete disk image only if parent snapshot is external
When we are deleting external snapshot that is not active we only need
to delete overlay disk image of the parent snapshot. This works
correctly even if parent snapshot is external and active as it will have
another overlay created when user reverted to that snapshot.
In case the parent snapshot is internal there are no overlay disk images
created as everything is stored internally within the disk image. In
this case we would delete the actual disk image storing internal
snapshots and most likely the original disk image as well resulting in
data loss once the VM is shutoff.
Fixes: https://gitlab.com/libvirt/libvirt/-/issues/734 Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Jiri Denemark [Thu, 9 Jan 2025 14:06:24 +0000 (15:06 +0100)]
docs: Clarify documentation of host-model CPU mode
The host-model CPU mode was described as similar to copying the host CPU
definition from capabilities, which has not been the case for ages. The
host-model definition from domain capabilities is used instead.
Only the first sentence changed, but it required reformatting
essentially the whole paragraph so I used this as an opportunity to
reformat it a little bit more and split the long paragraph into several
smaller ones for better readability.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
util: don't attempt to acquire logind inhibitor if not requested
When VIR_INHIBITOR_WHAT_NONE is passed to virInhibitorNew, it is
an indication that daemon shutdown should be inhibited, but no
OS level inhibitors acquired. This is done by the virtnetworkd
daemon, for example, to prevent shutdown while running virtual
machines are present, without blocking / delaying OS shutdown.
Unfortunately the code forgot to skip the DBus call in this case,
resulting in errors being logged.
Reviewed-by: Laine Stump <laine@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
When debugging it is useful to know what signals are being received and
metadata related to them. Log this data before calling the signal
handling callbacks.
Reviewed-by: Jiri Denemark <jdenemar@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Laine Stump [Fri, 13 Dec 2024 17:47:39 +0000 (12:47 -0500)]
qemu: allow migration of guest with mdev vGPU to VF vGPU
GPU vendors are moving away from using mdev to create virtual GPUs
towards using SRIOV VFs that are vGPUs. In both cases, once created
the vGPUs are assigned to guests via <hostdev> (i.e. VFIO device
assignment), and inside the guest the devices look identical, but mdev
vGPUs are located by QEMU/VFIO using a uuid, while VF vGPUs are
located with a PCI address. So although we generally require the
device on the source host to exactly match the device on the
destination host, in the case of mdev-created vGPU vs. VF vGPU
migration *can* potentially work, except that libvirt has a hard-coded
check that prevents us from even trying.
This patch loosens up that check so that we will allow attempts to
migrate a guest from a source host that has mdev-created vGPUs to a
destination host that has VF vGPUs (and vice versa). The expectation
is that if this doesn't actually work then QEMU will fail and generate
an error that we can report.
Georgia Garcia [Tue, 7 Jan 2025 15:23:38 +0000 (12:23 -0300)]
apparmor: fix UUID specification
There is a common misconception when writing AppArmor policy that
[0-9]* applies * to the [0-9] class, but that's not the case. For this
example, [0-9]* matches a single digit followed by any number of
characters except for /
Create a UUID variable that uses the following format 8-4-4-4-12.
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com> Reviewed-by: Jim Fehlig <jfehlig@suse.com>
meson: remove unneeded dependency on libdevmapper for storage_disk
In commit dfa0e11 the last direct usage of devmapper for storage_disk was
removed. There is one stale include remaining, which is unused even longer
since df1011ca. Remove the include and change meson.build so we can use
storage_disk without devmapper.
I'm running it right now with a stripped-down config on a small arm64
router with openwrt.
Signed-off-by: Stefan Hellermann <stefan@the2masters.de> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Commit 247357cc292a added support for direct and extended modes for
tlbflush, but forgot to do the formatting as well.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com> Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Adam Julis [Fri, 3 Jan 2025 13:22:23 +0000 (14:22 +0100)]
virtiofs: Allow read only mode
Resolves: https://issues.redhat.com/browse/RHEL-72192 Signed-off-by: Adam Julis <ajulis@redhat.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Jim Fehlig [Sat, 4 Jan 2025 03:44:19 +0000 (20:44 -0700)]
security: apparmor: Remove hardcoded "libvirtd" profile name
The apparmor driver probe function checks for an active profile matching
the full path of the running daemon binary. If not found, it checks for
a profile named "libvirtd". This works fine when the running daemon is the
old monolithic libvirtd, but fails with modular daemons.
Remove the check for a hardcoded "libvirtd" profile and replace with the
basename of the running daemon binary.
Signed-off-by: Jim Fehlig <jfehlig@suse.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
The 'description' and 'message' fields in polkit policy files should be
translated into the user's chosen language. xgettext is told to search
in both and source and build dirs by meson.
Unfortunately a bug in xgettext means that when it searches for built
files in XML format, it'll trigger a warning message due to failure to
load the generated file from the source dir:
xgettext: cannot read ..snip../libvirt/src/access/org.libvirt.api.policy: failed to load external entity "..snip../libvirt/src/access/org.libvirt.api.policy"
This is harmless since it then goes on to try the build dir and
succeeds, but will pollute the output of 'ninja libvirt-pot'
Related: https://gitlab.com/libvirt/libvirt/-/merge_requests/387 Reviewed-by: Ján Tomko <jtomko@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
po: add its rules for translating polkit file strings
xgettext / msgfmt have generic support for extracting / merging strings
in XML files, however, they need to be told something about the schema
to know which fields are translatable. This is done by providing 'its'
rules. Usually the 'its' rules would be shipped in a -devel package of
the app which owns the schema definition, but polkit does not do this.
Thus libvirt (and other apps) must ship their own local 'its' rules for
polkit.
Reviewed-by: Ján Tomko <jtomko@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
qemu_tpm: lock the state explicitly when running swtpm
Commit bb5e26749fe5b ("qemu: explicit swtpm state locking") attempted to
lock the state, but only for swtpm-setup. The capability
"tpmstate-opt-lock" is actually only exposed by swtpm.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
projects / thirdparty / libvirt.git / log
