Peter Krempa [Tue, 20 Jul 2021 07:35:39 +0000 (09:35 +0200)]
qemu: monitor: Remove return value from qemuMonitorEmit* functions
The callers in the monitor code invoking the callbacks after events are
received don't actually check the return value from the callbacks and
there isn't really anything we could do on failure.
Remove the return value from the intermediary functions so we can later
remove them from the callback prototypes.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Boris Fiuczynski [Wed, 21 Jul 2021 11:30:00 +0000 (13:30 +0200)]
nodedev: fix internal error when no defined mdevs exist
Commit e9b534905f4 introduced an error when parsing an empty list
returned from mdevctl.
This occurs e.g. if nodedev-undefine is used to undefine the last
defined mdev which causes the following error messages
libvirtd[33143]: internal error: Unexpected format for mdevctl response
libvirtd[33143]: internal error: failed to query mdevs from mdevctl:
libvirtd[33143]: mdevctl failed to updated mediated devices
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com> Reviewed-by: Shalini Chellathurai Saroja <shalini@linux.ibm.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com> Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com>
Pavel Hrdina [Thu, 22 Jul 2021 13:15:18 +0000 (15:15 +0200)]
qemuxml2argvmock: drop virQEMUCapsGetKVMSupportsSecureGuest
It is actually not needed because in qemuxml2argvtest we preload
domaincapsmock as well.
Reported-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Pavel Hrdina [Thu, 22 Jul 2021 09:45:38 +0000 (11:45 +0200)]
tests: fix compiling tests with minGW
We need to mock virQEMUCapsGetKVMSupportsSecureGuest only if compiling
with QEMU otherwise compilation will fail with error:
/usr/lib/gcc/i686-w64-mingw32/11.1.1/../../../../i686-w64-mingw32/bin/ld: tests/libdomaincapsmock.dll.p/domaincapsmock.c.obj: in function `virQEMUCapsGetKVMSupportsSecureGuest':
/builds/libvirt/libvirt/build/../tests/domaincapsmock.c:40: undefined reference to `virQEMUCapsGet'
/usr/lib/gcc/i686-w64-mingw32/11.1.1/../../../../i686-w64-mingw32/bin/ld: /builds/libvirt/libvirt/build/../tests/domaincapsmock.c:41: undefined reference to `virQEMUCapsGet'
Fixes: 248a30c0c0ec2610e8fa2bbbc98da6d06978ad2e Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Tim Wiederhake [Mon, 19 Jul 2021 12:14:20 +0000 (14:14 +0200)]
ci: Halt on sanitizer errors
The undefined behaviour sanitizer (UBSAN) defaults to merely printing an
error message if it detects undefined behaviour. These error messages often
end up in captured output and do not fail the tests, effectively hiding
the warning. Make the test cases fail to make the issues visible.
Signed-off-by: Tim Wiederhake <twiederh@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
We just found <qemu:commandline> is ignored in our xml. Further debug
shows that ctxt's node pointer isn't restored in virDomainSecDefParseXML(),
which leads to parsing of remaining elements failed.
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Boris Fiuczynski [Fri, 16 Jul 2021 09:44:35 +0000 (11:44 +0200)]
qemu: Fix error code for SEV launchSecurity unsupported
When SEV is not supported but specified in the domain XML by a user it
should not result in an internal error (VIR_ERR_INTERNAL_ERROR)
therefore switching to XML error (VIR_ERR_CONFIG_UNSUPPORTED).
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Boris Fiuczynski [Fri, 16 Jul 2021 09:44:31 +0000 (11:44 +0200)]
docs: Add s390-pv documentation
Add documentation for launch security type s390-pv.
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Boris Fiuczynski [Wed, 21 Jul 2021 11:17:40 +0000 (13:17 +0200)]
conf: Add s390-pv as launch security type
Add launch security type 's390-pv' as well as some tests.
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Boris Fiuczynski [Fri, 16 Jul 2021 09:44:29 +0000 (11:44 +0200)]
qemu: Add s390-pv-guest capability
Add s390-pv-guest capability.
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Boris Fiuczynski [Wed, 21 Jul 2021 11:07:51 +0000 (13:07 +0200)]
conf: Refactor launch security to allow more types
Adding virDomainSecDef for general launch security data
and moving virDomainSEVDef as an element for SEV data.
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Boris Fiuczynski [Fri, 16 Jul 2021 09:44:26 +0000 (11:44 +0200)]
conf: Rework SEV XML parse and format methods
Make use of virDomainLaunchSecurity enum.
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Michal Privoznik [Tue, 20 Jul 2021 15:21:34 +0000 (17:21 +0200)]
qemu_migration: Unregister close callback only if connection still exists
When doing a peer-to-peer migration it may happen that the
connection to the destination disappears. If that happens,
there's no point in trying to unregister the close callback
because the connection is closed already. It results only in
polluting logs with this message:
error : virNetSocketReadWire:1814 : End of file while reading data: : Input/output error
and the reason for that is unregistering a connection callback
results in RPC (among other things).
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1918211 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
meson: disable bogus warnings from sanitizers on Fedora
When building with sanitizers on Fedora we get a wierd error
message
In file included from /usr/include/string.h:519,
from ../src/internal.h:28,
from ../src/util/virsocket.h:21,
from ../src/util/virsocketaddr.h:21,
from ../src/util/virnetdevip.h:21,
from ../src/util/virnetdevip.c:21:
In function ‘memcpy’,
inlined from ‘virNetDevGetifaddrsAddress’ at ../src/util/virnetdevip.c:702:13,
inlined from ‘virNetDevIPAddrGet’ at ../src/util/virnetdevip.c:754:16:
/usr/include/bits/string_fortified.h:29:10: error: ‘__builtin_memcpy’ offset [2, 27] from the object at ‘addr’ is out of the bounds of referenced subobject ‘ss_family’ with type ‘short unsigned int’ at offset 0 [-Werror=array-bounds]
29 | return __builtin___memcpy_chk (__dest, __src, __len,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
30 | __glibc_objsize0 (__dest));
| ~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /usr/include/bits/socket.h:175,
from /usr/include/sys/socket.h:33,
from ../src/util/virsocket.h:66,
from ../src/util/virsocketaddr.h:21,
from ../src/util/virnetdevip.h:21,
from ../src/util/virnetdevip.c:21:
../src/util/virnetdevip.c: In function ‘virNetDevIPAddrGet’:
/usr/include/bits/socket.h:193:5: note: subobject ‘ss_family’ declared here
193 | __SOCKADDR_COMMON (ss_); /* Address family, etc. */
| ^~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
The code is correct, and this only happens when building at -O2.
The docs for -Warray-bounds say that a value of "2" is known to
be liable to generate false positives. Rather than downgrade the
check everywhere, we do it selectively for sanitizers.
Reviewed-by: Tim Wiederhake <twiederh@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
genericxml2xmltest: Modify cachetune test to include id
I changed DO_TEST_DIFFERENT to DO_TEST, which allows us to remove
the duplicate out file. I also added id attribute for domain
element in order to parse it as a live XML ('cachetune id' is in
the output of only live XMLs). Lastly I added id of cachetune to
test its output value.
Signed-off-by: Kristina Hanicova <khanicov@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
docs: add kbase article on how to configure core dumps for QEMU
Enabling core dumps is a reasonably straightforward task, but is not
documented clearly. This page provides as easy link to point users
to when they need to debug QEMU.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Jim Fehlig [Fri, 16 Jul 2021 15:09:37 +0000 (09:09 -0600)]
qemu: migration: Use correct flag when preparing block dirty bitmaps
qemuMigrationSrcRunPrepareBlockDirtyBitmaps receives the flags parameter
from qemuMigrationSrcRun, where flags are based on the main API enum
values. Similar to commit f58349c9c6, use the main API enum instead of
internal driver enum when checking flags in
qemuMigrationSrcRunPrepareBlockDirtyBitmaps.
Signed-off-by: Jim Fehlig <jfehlig@suse.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
qemu: Signal domain condition in qemuProcessStop a bit later
Signaling the condition before vm->def->id is reset to -1 is dangerous:
in case a waiting thread wakes up, it does not see anything interesting
(the domain is still marked as running) and just enters virDomainObjWait
where it waits forever because the condition will never be signalled
again.
Originally it was impossible to get into such situation because the vm
object was locked all the time between signaling the condition and
resetting vm->def->id, but after commit 860a999802 released in 6.8.0,
qemuDomainObjStopWorker called in qemuProcessStop between
virDomainObjBroadcast and setting vm->def->id to -1 unlocks the vm
object giving other threads a chance to wake up and possibly hang.
In real world, this can be easily reproduced by killing, destroying, or
just shutting down (from the guest OS) a domain while it is being
migrated somewhere else. The migration job would never finish.
So let's make sure we delay signaling the domain condition to the point
when a woken up thread can detect the domain is not active anymore.
Tim Wiederhake [Fri, 9 Jul 2021 13:09:10 +0000 (15:09 +0200)]
virThreadPoolNewFull: Prevent expanding worker pool by zero
On libvirtd startup, the list of priority worker threads is uninitialized
(`pool->prioWorkers` is NULL), and then "expanded" to zero (`prioWorkers`)
entries.
This causes `virThreadPoolExpand` to call `VIR_EXPAND_N` on a null pointer
and an increment of zero. The zero increment triggers `virReallocN` to not
actually allocate any memory and leave the pointer NULL, which, eventually,
causes `memset(NULL, 0, 0)` to be called in `virExpandN`.
`memset` is declared `__attribute__ ((__nonnull__ 1))`, which triggers the
following warning when libvirt is compiled with address sanitizing enabled:
$ meson -Dbuildtype=debug -Db_lundef=false -Db_sanitize=address,undefined
build && ninja -C build
$ ./build/run build/src/libvirtd
src/util/viralloc.c:82:5: runtime error: null pointer passed as
argument 1, which is declared to never be null
Signed-off-by: Tim Wiederhake <twiederh@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Luke Yue [Tue, 13 Jul 2021 12:21:32 +0000 (20:21 +0800)]
test_driver: Implement virDomainGetControlInfo and add test
As test driver won't have real background job running, in order to get
all possible states, the time is used here to decide which state to be
returned. The default time will get `ok` as return value.
Note that using `virsh domtime fc4 200` won't take effect for the test
driver, to get other states, you have to enter virsh interactive
terminal and set time.
Signed-off-by: Luke Yue <lukedyue@gmail.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Peter Krempa [Mon, 12 Jul 2021 12:55:42 +0000 (14:55 +0200)]
qemu: Fix crash in virQEMUCapsProbeQMPTPM
If the queried QMP command doesn't exist qemuMonitorGetTPMModels returns
0 but sets the string list to NULL which isn't accepted by
g_strv_contains.
Fixes: a5bc5f0ecf8 Reported-by: Olaf Hering <olaf@aepfle.de> Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Inactive mdevs were simply formatting their parent name as the value
received from mdevctl rather than looking up the libvirt nodedev name of
the parent device. This resulted in a parent value of e.g.
'0000:5b:00.0' instead of 'pci_0000_5b_00_0'. This prevented defining a
new mdev device from the output of nodedev-dumpxml.
Unfortunately, it's not simple to fix this comprehensively due to the
fact that mdevctl supports defining (inactive) mdevs for parent devices
that do not actually exist on the host (yet). So for those persistent
mdev definitions that do not have a valid parent in the device list, the
parent device will be set to the root "computer" device.
Unfortunately, because the value of the 'parent' field now depends on
the configuration of the host, the mdevctl parsing test will output
'computer' for all test devices. Fixing this would require a more
extensive mock test environment.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1979761 Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com> Reviewed-by: Shalini Chellathurai Saroja <shalini@linux.ibm.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Peter Krempa [Wed, 14 Jul 2021 10:58:12 +0000 (12:58 +0200)]
network: Allow adding DNS entries sharing hostname for multiple addreses
Having multiple addresses having same hostname is a common config either
to have IPv4 and IPv6 address for the same hostname or even for DNS
round robin. The validation in the network update code didn't allow
adding such entries despite the fact that it is possible to define a
network with them.
Don't check hostname duplicity when adding a DNS entry.
The update of the test case adds another entry for the 'pudding'
hostname which is added in one of the networkxml2xmlupdate test cases.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
We need to report via domcapabilities if specifying shared memory
is supported without hugepages or numa config in order to find
out if domain has suitable setup to make virtiofs work.
The solution is to report source types of memory backing to
determine if memfd is a valid option.
Signed-off-by: Kristina Hanicova <khanicov@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
This was bothering someone as the debug message looked like there was an issue
despite it being just a debug message. Change it to what is actually happening
and why the name is being skipped.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
ci: refresh cirrus variables for FreeBSD python rename
All the python packages got renamed from py37- to py38-
Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
qemu: Do not erase duplicate devices from namespace if error occurs
If the attempt to attach a device failed, we erased the
unattached device from the namespace. This resulted in erasing an
already attached device in case of a duplicate. We need to check
for existing file in the namespace in order to determine erasing
it in case of a failure.
Jim Fehlig [Tue, 15 Jun 2021 17:24:14 +0000 (11:24 -0600)]
Apparmor: Add profile for virtxend
A new apparmor profile initially derived from the libvirtd profile.
All rules were prefixed with the 'audit' qualifier to verify they
are actually used by virtxend. It turns out that several, beyond
the obvious ones, can be dropped in the resulting virtxend profile.
Signed-off-by: Jim Fehlig <jfehlig@suse.com> Reviewed-by: Neal Gompa <ngompa13@gmail.com>
Jim Fehlig [Tue, 15 Jun 2021 17:13:33 +0000 (11:13 -0600)]
Apparmor: Add profile for virtqemud
A new apparmor profile derived from the libvirtd profile, with non-QEMU
related rules removed. Adopt the libvirt-qemu abstraction to work with
the new profile.
Signed-off-by: Jim Fehlig <jfehlig@suse.com> Reviewed-by: Christian Ehrhardt <christian.ehrhardt@canonical.com> Reviewed-by: Neal Gompa <ngompa13@gmail.com>
projects / thirdparty / libvirt.git / log
