The NVRAM label is set in qemuSecuritySetAllLabel(). There's no
need to set its label upfront. In fact, setting it twice creates
an imbalance because it's unset only once which mangles seclabel
remembering. However, plain removal of the
qemuSecurityDomainSetPathLabel() undoes the fix for the original
bug (when dynamic ownership is off then the NVRAM is not created
with cfg->user and cfg->group but as root:root). Therefore, we
have to switch to virFileOpenAs() and pass cfg->user and
cfg->group and VIR_FILE_OPEN_FORCE_OWNER flag. There's no need to
pass VIR_FILE_OPEN_FORCE_MODE because the file will be created
with the proper mode.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1969347 Fixes: bcdaa91a27b5b2d103535270a6a287efe6cd8bfb Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
This change simply does the same for qemuDomainDetachPrepDisk,
qemuDomainDetachPrepInput and qemuDomainDetachPrepVsock to allow
management apps to centralise their error handling on just
VIR_ERR_DEVICE_MISSING for missing devices during a detach.
Signed-off-by: Lee Yarwood <lyarwood@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Peter Krempa [Mon, 14 Jun 2021 15:14:13 +0000 (17:14 +0200)]
virStorageBackendRBDGetVolNames: Fix memory leak in 'rbd_list2' version
The 'rbd_image_spec_t' struct has two string members 'id' and
'name'. We only stole the 'name' members thus the 'id's as well as the
whole list would be leaked on success.
Restructure the code so that we copy out the image names and call
rbd_image_spec_list_cleanup on success rather than on error.
The error path is then handled by using g_autofree for 'images'.
Since we no longer have a error path after allocating the returned
string list we can completely remove its cleanup.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Mon, 14 Jun 2021 14:34:28 +0000 (16:34 +0200)]
virQEMUCapsProbeQMPTPM: Refactor handling of string lists
This refactors multiple aspects of the function:
1) Use automatic memory freeing
2) Remove need to check element count in the returned arrays
3) Fixes questionable code linebreaks
4) Removes reuse of variables
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 15 Jun 2021 09:47:01 +0000 (11:47 +0200)]
qemu: capabilities: Fill SDL graphics support only when it's really supported
virQEMUCapsFillDomainDeviceGraphicsCaps fills data needed both for
validation of the graphics type and also for correct display in the
(dom)capablities XML.
Signal the support for SDL only when qemu has the capability.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Peter Krempa [Tue, 15 Jun 2021 09:38:26 +0000 (11:38 +0200)]
qemu: capabilities: Un-retire QEMU_CAPS_SDL
SDL graphics can be compiled out in qemu so we need to be able to know
whether the given qemu version support it.
Base the capability on the presence of the 'sdl' member in
'query-display-options' or imply it if 'query-display-options' is not
supported as we implied it before for all versions.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
The command allows to query various display-related options. The absence
of the command will be used to imply certain video-related capabilities
before we would be able to detect them.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Peter Krempa [Thu, 10 Jun 2021 14:43:36 +0000 (16:43 +0200)]
qemu: validate: Don't check bus type in qemuValidateDomainDeviceDefDiskIOThreads
IOThreads are supported with all 3 currently supported buses which can
have virtio devices (PCI, CCW, MMIO) , so there's no need for this check.
Additionally this check was buggy in the current location as on e.g.
hotplug cases the address may not yet be assigned for the disk and thus
a bogus error would be printed.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1970277 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
For validation of explicitly configured addresses we already ported the
same style of checks to qemuValidateDomainDeviceDefAddress and implicit
address assignment should do the right thing in the first place, thus
the function is redundant and can be removed.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Fri, 11 Jun 2021 12:51:21 +0000 (14:51 +0200)]
qemu: Always reject 'virtio-s390' addresses
QEMU_CAPS_VIRTIO_S390 can never be asserted any more, add an explicit
check that will reject the 'virtio-s390' address type and remove the
code which would auto-fill them.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Fri, 11 Jun 2021 12:50:01 +0000 (14:50 +0200)]
qemuxml2argvtest: Use other bus capability for 'non-x86_64-timer-error' case
Give the test QEMU_CAPS_CCW instead of QEMU_CAPS_VIRTIO_S390 since the
latter can never be asserted any more. This preserves what the tests
wants to check so that QEMU_CAPS_VIRTIO_S390 can be removed.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Fri, 11 Jun 2021 09:02:10 +0000 (11:02 +0200)]
qemu: capabilities: Remove probing of 'virtio-*-s390' devices
QEMU commit 7b3fdbd9a826791bd98e649cf44c0a6129a44179 released in 2.6
dropped the legacy s390 virtio machine and it's devices. Remove our
probing based on the devices.
The probing of properties of the appropriate devices will be removed
subsequently.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Fri, 11 Jun 2021 08:30:31 +0000 (10:30 +0200)]
tests: Remove 's390-virtio' machine caps faking
The machine type was removed in qemu 2.6 and no tests now depend on it.
Remove the faking of the machine type support and the capabilities test
for it.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Fri, 11 Jun 2021 08:27:20 +0000 (10:27 +0200)]
qemu: domain: Remove hack for 's390-virtio' machine
qemuDomainDefAddDefaultDevices skipped adding the memballoon for the
's390-virtio' machine type, but since it was removed in qemu 2.6 we can
remove the hack now.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Fri, 11 Jun 2021 08:16:01 +0000 (10:16 +0200)]
tests: qemuxml2argv: Modernize 's390-allow-bogus-usb-controller' test
The 's390-virtio' machine was removed from qemu in the 2.6 release.
Use the more modern s390-ccw-virtio machine type and use
VIR_TEST_CAPS_ARCH_LATEST to invoke it.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Fri, 11 Jun 2021 08:16:01 +0000 (10:16 +0200)]
tests: qemuxml2argv: Modernize 's390-allow-bogus-usb-none' test
The 's390-virtio' machine was removed from qemu in the 2.6 release.
Use the more modern s390-ccw-virtio machine type and use
VIR_TEST_CAPS_ARCH_LATEST to invoke it.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Fri, 11 Jun 2021 08:08:37 +0000 (10:08 +0200)]
bhyveConnectDomainXMLToNative: Fix memory leak in incorrect virCommandToString usage
virCommandToString returns an allocated buffer, so using it directly as
argument of virBufferAdd which doesn't consume the string causes it to
be leaked. Switch to virBufferToStringBuf since we are already using a
buffer.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Fri, 11 Jun 2021 07:45:12 +0000 (09:45 +0200)]
qemuxml2arvtest: Ensure newline at the end of generated .args files
The switch to internal linebreaking of arguments caused a problem when
generating .args files with VIR_TEST_REGENERATE_OUTPUT as the last
argument isn't terminated with a newline.
Switch to using virCommandToStringBuf and append a newline.
Fixes: 0046e0b1c26c8e0167de4a35be2902b9327b0c51 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Thu, 10 Jun 2021 15:43:59 +0000 (17:43 +0200)]
util: command: Introduce virCommandToStringBuf
The new version allows passing a virBuffer to format the string into.
This will be helpful in solving a memory lean in wrong usage of
virCommandToString and also in tests where we need to add a newline
after the command in certain cases.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Simon Chopin [Mon, 14 Jun 2021 08:23:50 +0000 (10:23 +0200)]
docs: add a link to Gitlab on the contributing page
I expect to find a link to the repositories when clicking on
"Contribute", this patch fixes this. The wording is directly inspired by
the one on the hacking page.
Signed-off-by: Simon Chopin <chopin.simon@gmail.com> Reviewed-by: Ján Tomko <jtomko@redhat.com> Signed-off-by: Ján Tomko <jtomko@redhat.com>
Pavel Hrdina [Thu, 10 Jun 2021 13:58:15 +0000 (15:58 +0200)]
tests: add launch-security-sev test with latest capabilities
QEMU 6.0.0 introduced `confidential-guest-support` -machine option as
a replacement for `memory-encryption`. In order to test it use 6.0.0
capabilities as well.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
In libvirt we already use `query-command-line-options` QMP command but
that is useless as it doesn't provide correct data for `-machine`
option. So we need a new and better way to get that data.
We already use `qom-list-properties` to get options for specific machine
types so we can reuse it to get options for special `none` machine type
as a generic arch independent machine type.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Michal Privoznik [Mon, 17 May 2021 11:36:34 +0000 (13:36 +0200)]
capabilities: Expose NUMA interconnects
Links between NUMA nodes can have different latencies and
bandwidths. This info is newly defined in ACPI 6.2 under
Heterogeneous Memory Attribute Table (HMAT) table. Linux kernel
learned how to report these values under sysfs and thus we can
expose them in our capabilities XML. The sysfs interface is
documented in kernel's Documentation/admin-guide/mm/numaperf.rst.
Long story short, two nodes can be in initiator-target
relationship. A node can be initiator if it has a CPU or a device
that's capable of initiating memory transfer. Therefore a node
that has just memory can only be target. An initiator-target link
can then have any combination of {bandwidth, latency} - {access,
read, write} attribute (6 in total). However, the standard says
access is applicable iff read and write values are the same.
Therefore, we really have just four combinations of attributes:
bandwidth-read, bandwidth-write, latency-read, latency-write.
This is the combination that kernel reports anyway.
Then, under /sys/system/devices/node/nodeX/acccessN/initiators we
find values for those 4 attributes and also symlinks named
"nodeN" which then represent initiators to nodeX. For instance:
This means that node0 is initiator and node1 is target and values
of the interconnect can be read.
In theory, there can be separate links to memory side caches too
(e.g. one link from node X to node Y's main memory, another from
node X to node Y's L1 cache, another one to L2 cache and so on).
But sysfs does not express this relationship just yet.
The "accessN" means either "access0" or "access1". The difference
is that while the former expresses the best interconnect between
two nodes including CPUS and I/O devices (such as GPUs and NICs),
the latter includes only CPUs and thus is what we need.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1786309 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Michal Privoznik [Thu, 29 Apr 2021 16:58:43 +0000 (18:58 +0200)]
capabilities: Expose NUMA memory side cache
Memory on a NUMA node can have a side caches. Configuring these
for a domain was implemented in v6.6.0-rc1~249 and friends.
However, up until now mgmt applications did not really know what
values to pass because we were not exposing caches of the host.
With recent enough kernel these are exposed under sysfs and with
a bit of parsing we can extend our capabilities XML. The sysfs
structure is documented in kernel's
Documentation/admin-guide/mm/numaperf.rst and basically maps in
1:1 fashion to our virNumaCache structure.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Michal Privoznik [Wed, 26 May 2021 13:39:38 +0000 (15:39 +0200)]
capabilities: Separate <cpu/> formatting into a function
The way we format <cpu/> element for capabilities is not ideal,
because if there are no CPUs, i.e. no child elements, we still
output opening and closing element. To solve this,
virXMLFormatElement() could be used but that would introduce more
variables into the loop. Therefore, move the formatter into a
separate function and use virXMLFormatElement().
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Michal Privoznik [Wed, 26 May 2021 14:23:29 +0000 (16:23 +0200)]
schemas: Allow zero <cpu/> for capabilities
It may happen that a NUMA node has no CPUs associated with it. We
allow this for domains since v6.6.0-rc1~250. Let's update our
capabilities schema to match that.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Michal Privoznik [Fri, 28 May 2021 13:59:35 +0000 (15:59 +0200)]
tests: glib-ify vircaps2xmltest
Ideally, turning pointers into g_auto* would be done in one step
and dropping cleanup label and unused @ret variable in second
step, but since this is a test we don't care that much, do we?
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Pavel Hrdina [Tue, 25 May 2021 07:56:38 +0000 (09:56 +0200)]
qemu_firmware: select correct firmware for AMD SEV-ES
When using firmware auto-selection and user enables AMD SEV-ES we need
to pick correct firmware that actually supports it. This can be detected
by having `amd-sev-es` in the firmware JSON description.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Michal Privoznik [Mon, 14 Jun 2021 10:46:58 +0000 (12:46 +0200)]
src: Use 1U for bit shifting
In a few places we take 1 and shift it left repeatedly. So much
that it won't longer fit into signed integer. The problem is that
this is undefined behaviour. Switching to 1U makes us stay within
boundaries.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Tim Wiederhake <twiederh@redhat.com>
Michal Privoznik [Mon, 14 Jun 2021 10:46:02 +0000 (12:46 +0200)]
Don't call qsort() over NULL
In a few places it may happen that the array we want to sort is
still NULL (e.g. because there were no leases found, no paths for
secdriver to lock or no cache banks). However, passing NULL to
qsort() is undefined and even though glibc plays nicely we
shouldn't rely on undefined behaviour.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Tim Wiederhake <twiederh@redhat.com>
Tim Wiederhake [Thu, 6 May 2021 15:08:38 +0000 (17:08 +0200)]
ci: Enable address and undefined behavior sanitizers
meson supports the following sanitizers: "address" (e.g. out-of-bounds
memory access, use-after-free, etc.), "thread" (data races), "undefined"
(e.g. signed integer overflow), and "memory" (use of uninitialized
memory). Note that not all sanitizers are supported by all compilers,
and that more sanitizers exist.
Not all sanitizers can be enabled at the same time, but "address" and
"undefined" can. Both thread and memory sanitizers require an instrumented
build of all dependencies, including libc.
gcc and clang use different implementations of these sanitizers and
have proven to find different issues. Create CI jobs for both.
Signed-off-by: Tim Wiederhake <twiederh@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Tim Wiederhake [Thu, 6 May 2021 15:08:37 +0000 (17:08 +0200)]
virt-aa-helper: Remove duplicate linking with src/datatypes.o
"virt-aa-helper" links, amongst others, against "datatypes.o" and
"libvirt.so". The latter links against "libvirt_driver.a" which in turn
also links against "datatypes.o", leading to a One-Definition-Rule
violoation for "virConnectClass" et al. in "datatypes.c".
Signed-off-by: Tim Wiederhake <twiederh@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Tim Wiederhake [Thu, 6 May 2021 15:08:36 +0000 (17:08 +0200)]
tests: openvzutilstest: Remove duplicate linking with libvirt_openvz.a
"openvzutilstest" links, amongst others, against "libvirt_openvz.a" and
"libvirt.so". The latter also links against "libvirt_openvz.a", leading
to a One-Definition-Rule violation for "openvzLocateConfFile" in
"openvz_conf.c".
Signed-off-by: Tim Wiederhake <twiederh@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Tim Wiederhake [Thu, 6 May 2021 15:08:34 +0000 (17:08 +0200)]
tests: virfilemock: realpath: Allow non-null second parameter
When other preloaded libraries wrap and / or make calls to `realpath`
(e.g. LLVM's AddessSanitizer), the second parameter is no longer
guaranteed to be NULL.
Signed-off-by: Tim Wiederhake <twiederh@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Tim Wiederhake [Thu, 6 May 2021 15:08:33 +0000 (17:08 +0200)]
meson: Allow undefined symbols when sanitizers are enabled
When enabling sanitizers, clang adds some function symbols when
instrumenting the code. The exact names of those functions are an
implementation detail and should therefore not be added to any
syms file. This patch prevents build failures due to those symbols
not present in the syms file when building with sanitizers enabled.
Signed-off-by: Tim Wiederhake <twiederh@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Tim Wiederhake [Thu, 6 May 2021 15:08:32 +0000 (17:08 +0200)]
meson: Allow larger stack frames when instrumenting
When enabling sanitizers, gcc adds some instrumentation to the code
that may enlarge stack frames. Some function's stack frames are already
close to the limit of 4096 and are enlarged past that threshold,
e.g. virLXCProcessStart which reaches a frame size of 4624 bytes.
Signed-off-by: Tim Wiederhake <twiederh@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Michal Privoznik [Fri, 11 Jun 2021 13:13:24 +0000 (15:13 +0200)]
qemuBuildDeviceVideoStr: Move logic wrapping qemuBuildVirtioDevStr() into qemuDeviceVideoGetModel()
We want to call qemuBuildVirtioDevStr() from
qemuBuildDeviceVideoStr() but only for some models (currently
"virtio-gpu" and "vhost-user-gpu"), not all of them. Move this
logic into qemuDeviceVideoGetModel() because this logic will be
refined.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Michal Privoznik [Fri, 11 Jun 2021 11:31:56 +0000 (13:31 +0200)]
qemuDeviceVideoGetModel: Deduplicate a check
There is the same check written twice (whether given video card
is primary one and whether it supports VGA mode). Write it just
once and store it in a boolean variable.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
projects / thirdparty / libvirt.git / log
