Commit Graph

47458 Commits

Author SHA1 Message Date
Michal Privoznik 179e45d237 virDomainCapsEnumFormat: Retrun void
The virDomainCapsEnumFormat() function does not return anything
but zero and none of its callers is interested in the failure
anyways. Switch its return type from integer to void.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-01-05 12:35:17 +01:00
Michal Privoznik a7789d9324 virDomainCapsEnumFormat: Switch to virXMLFormatElement()
We are formatting <enum/> element and its children using
virBufferAddLit(), virBufferAsprintf(), virBufferAdjustIndent(),
etc. Well, we can avoid that when switching to
virXMLFormatElement().

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-01-05 12:35:12 +01:00
Michal Privoznik 78b3400e50 virQEMUCapsLoadCache: Parse <selfvers/> properly
In a recent commit, when ditching virXPathULong() the parsing of
<selfvers/> was changed. But it was changed to virXMLPropUInt()
which is not correct because the value we're interested in is not
in an attribute but element itself.

Fixes: a3c7426839
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2023-01-04 16:21:58 +01:00
Peter Krempa ee394550df util: qemu: Remove 'skipKey' argument from virQEMUBuildCommandLineJSONArrayFormatFunc prototype
Since we really only need to handle key skipping in the top level object
the caller doesn't at this point even pass it to the array formatting
helper function. Remove the unused argument.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-01-04 14:01:16 +01:00
Peter Krempa 3bac06b278 virqemu: Don't strip the requested key from nested objects
Skipping of a specific key is needed only for the top level object to
specially handle the object type. We must not pass it to any recursed
printing of nested objects as skipping keys there might be surprising
and also is unhandlable later when formatting the commandline.

Until now this did not pose a problem but was discovered when adding a
new netdev backend which has a nested config object which also has the
'type' key which was being skipped.

Modern usage will prefer JSON directly but fix the commandline generator
to prevent surprises.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-01-04 14:01:16 +01:00
Michal Privoznik 9193bac260 qemu_capabilities: Decrease scope of @hash in virQEMUCapsProbeQMPHostCPU()
The @hash variable inside of virQEMUCapsProbeQMPHostCPU() is used
only within a block, but declared at the beginning of the
function. Bring the variable declaration into the said block.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-01-03 17:36:21 +01:00
Michal Privoznik 5ea0315f60 domain_capabilities: s/qemuDomainCapsFeatureFormatSimple/virDomainCapsFeatureFormatSimple/
There's nothing qemu specific about
qemuDomainCapsFeatureFormatSimple() and in fact, the function
lives in hypervisor agnostic location and thus mustn't have qemu
prefix.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-01-03 17:36:14 +01:00
Michal Privoznik a677ea928a docs: Recommend static seclabels for migration on shared storage
There are some network FSs (ceph, CIFS) that propagate XATTRs
properly and thus SELinux labels too. In such case using dynamic
seclabels would get in the way of migration as new seclabel is
assigned to the domain on the destination and thus two processes
with different labels (the source and the destination QEMU/helper
process) would try to access the same file. One of them is
necessarily going to be denied access.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-01-03 17:19:22 +01:00
Michal Privoznik 10f9cb7705 qemu_security: Drop qemuSecurityStartTPMEmulator()
After previous cleanup this function is no longer used and thus
can be dropped.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-01-03 17:19:22 +01:00
Michal Privoznik 3d2dfec95b qemu_tpm: Open code qemuSecurityStartTPMEmulator()
When starting swtpm binary, the qemuSecurityStartTPMEmulator() is
called which sets seclabel on the TPM state and then uses
qemuSecurityCommandRun() to execute the swtpm binary with proper
seclabel. Well, the aim is to ditch
qemuSecurityStartTPMEmulator() because it entangles two distinct
operations. Just call functions for them separately.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-01-03 17:19:22 +01:00
Michal Privoznik c0c52a9519 qemu_tpm: Restore TPM labels on failed start
If swtpm binary fails to start after successful exec() (e.g. it
fails to initialize itself), the seclabels set in
qemuSecurityStartTPMEmulator() are not restored. This is due to
lacking qemuSecurityRestoreTPMLabels() call in the error path.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-01-03 17:19:22 +01:00
Michal Privoznik bdbb8e7b00 qemu_security: Introduce qemuSecuritySetTPMLabels()
Now that we have qemuSecurityRestoreTPMLabels() we might as well
have qemuSecuritySetTPMLabels(). The aim here is to remove
qemuSecurityStartTPMEmulator() which couples two separate things
into a single function call.

Therefore, introduce qemuSecuritySetTPMLabels() which does only
set seclabels on the TPM state.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-01-03 17:19:22 +01:00
Michal Privoznik 51b92836ff qemu_security: Rename qemuSecurityCleanupTPMEmulator()
The qemuSecurityCleanupTPMEmulator() function calls
virSecurityManagerRestoreTPMLabels() and thus the proper name is
qemuSecurityRestoreTPMLabels(). Rename it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-01-03 17:19:22 +01:00
Michal Privoznik 8d6e1f3764 qemu_security: Rework qemuSecurityCleanupTPMEmulator()
Currently, qemuSecurityCleanupTPMEmulator() returns nothing which
means a caller (well, there's only one - qemuExtTPMStop()) can't
produce a warning when restoring seclabels on TPM state failed.
True, qemuSecurityCleanupTPMEmulator() does report a warning
itself, but only in one specific error path.

Make the function return an integer, just like the rest of
qemuSecurity*Restore() functions.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-01-03 17:19:22 +01:00
Peter Krempa 24cc9cda82 qemu: Use '-machine hpet=off' instead of '-no-hpet'
qemu is about to deprecate the '-no-hpet' option in favor of configuring
the timer via '-machine'.

Use the QEMU_CAPS_MACHINE_HPET capability to switch to the new syntax
and mask out the old QEMU_CAPS_NO_HPET capability at the same time to
prevent using the old syntax.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
2023-01-03 16:44:09 +01:00
Peter Krempa 3c508e7d43 qemu: capabilities: Introduce QEMU_CAPS_MACHINE_HPET capability
The capability represents that qemu accepts the configuration of the
HPET timer via -machine hpet=on/off rather than the
soon-to-be-deprecated '-no-hpet' option.

The capability is detected from 'query-command-line-options' which
recently added the 'hpet' option.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
2023-01-03 16:44:09 +01:00
Peter Krempa 6d49902110 tests: qemucapabilitiesdata: Add test data for the qemu-8.0 dev cycle
Add test data based on qemu commit v7.2.0-333-g222059a0fc

- query-command-line-options now reports more accurate data
- machine types for the 8.0 cycle were added
- vhost-vdpa device support was added
- default value of 'noreboot' changed from 'true' to 'false'

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-01-03 16:44:06 +01:00
김인수 08c97fe415 Translated using Weblate (Korean)
Currently translated at 100.0% (10368 of 10368 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/ko/

Co-authored-by: 김인수 <simmon@nplob.com>
Signed-off-by: 김인수 <simmon@nplob.com>
2023-01-03 13:44:15 +01:00
Ettore Atalan 930a567477 Translated using Weblate (German)
Currently translated at 47.7% (4953 of 10368 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/de/

Co-authored-by: Ettore Atalan <atalanttore@googlemail.com>
Signed-off-by: Ettore Atalan <atalanttore@googlemail.com>
2023-01-03 13:44:15 +01:00
Jan Kuparinen 501843c998 Translated using Weblate (Finnish)
Currently translated at 22.8% (2369 of 10368 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/fi/

Co-authored-by: Jan Kuparinen <copper_fin@hotmail.com>
Signed-off-by: Jan Kuparinen <copper_fin@hotmail.com>
2023-01-03 13:44:15 +01:00
Gedalya b9315159f5 Fix null pointer dereference in virXMLPropStringRequired
Fixes: 65eaf58335

Signed-off-by: Gedalya <gedalya@gedalya.net>
2023-01-03 19:39:36 +08:00
Martin Kletzander 35afa1d2d6 rpc: Check client limits in more places
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2033879
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-01-02 20:39:10 +01:00
Martin Kletzander f007940cb2 rpc: Fix error message in virNetServerSetClientLimits
That way it actually fits with what the condition checks for.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-01-02 20:39:09 +01:00
Martin Kletzander 1d625c5d25 tests: Check error message in virnetdaemontest
This way we actually check for the proper error, not any error like invalid JSON
format.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-01-02 20:39:08 +01:00
Martin Kletzander fd61d2df66 Fix test case to actually test something
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-01-02 20:39:08 +01:00
Michal Privoznik 0f2396751f qemumonitortestutils: Fix line counting in qemuMonitorTestProcessFileEntries()
It just so happens that our JSON snippets in
qemucapabilitiesdata/*.replies files are separated by an empty
line. These empty lines are then overwritten to make a single
line JSON. Nevertheless, the line counter @line is not
incremented which then leads to a misleading numbers in errors.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-23 14:48:31 +01:00
Michal Privoznik 9e3cc0ff5e secret: Inhibit shutdown for ephemeral secrets
Our secret driver divides secrets into two groups: ephemeral
(stored only in memory) and persistent (stored on disk). Now, the
aim of ephemeral secrets is to define them shortly before being
used and then undefine them. But 'shortly before being used' is a
very vague time frame. And since we default to socket activation
and thus pass '--timeout 120' to every daemon it may happen that
just defined ephemeral secret is gone among with the virtsecretd.

This is no problem for persistent secrets as their definition
(and value) is restored when the virtsecretd starts again, but
ephemeral secrets can't be restored.

Therefore, we could view ephemeral secrets as active objects that
the daemon manages and thus inhibit automatic shutdown (just like
hypervisor daemons do when a guest is running).

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2022-12-22 10:57:05 +01:00
Marek Marczykowski-Górecki d7d4056645 libxl: adjust 'ich6' sound card name
Xen 4.17 has strict parsing of 'soundhw' option that allows only
specific values (instead of passing through any value directly to
qemu's -soundhw option, it uses -device now). For 'intel-hda' audio
device, it requires "hda" string. "hda" works with older libxl too.
Other supported models are the same as in libvirt XML.

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-12-21 10:08:33 +01:00
Marek Marczykowski-Górecki f2fe8a3504 libxl: add validation if sound device is supported
Xen supports only subset of libvirt's sound devices, and starting with
Xen 4.17 it is enforced by libxl. Verify it early.

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-12-21 10:00:52 +01:00
Peter Krempa 4102acc608 virSecretGetSecretString: Refactor cleanup
Automatically free 'sec' and remove the 'cleanup' section and 'ret'
variables.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-19 14:40:26 +01:00
Peter Krempa a754ee59d8 datatypes: Register autoptr cleanup for virSecret
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-19 14:40:26 +01:00
Peter Krempa 6d661329dd virStorageBackendRBDOpenRADOSConn: Don't log the RBD key
'virStorageBackendRBDRADOSConfSet' logs its arguments but it's also
used to set the RBD secret/key.

All the security theatre with securely erasing the string we do to fetch
the secret would be quite pointless if we log it thus introduce
virStorageBackendRBDRADOSConfSetQuiet and use it to avoid logging the
password.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-19 14:40:26 +01:00
Peter Krempa 7df6338f4d virCryptoEncryptDataAESgnutls: Properly initialize data structures
The initialization vector is not optional thus we also don't need to
check whether the caller passed it in. Additionally we can use c99
initializers for the gnutls_datum_t structs.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-19 14:40:26 +01:00
Peter Krempa 53e46e4cd6 virCryptoEncryptDataAESgnutls: Don't secure erase gnutls_datum_t structs
'gnutls_datum_t' simply holds pointers to the encryption key and its
length. There's absolutely no point in securely erasing that.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-19 14:40:26 +01:00
Ján Tomko ac3614b5ad qemu: add tests for external swtpm
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-12-19 10:33:20 +01:00
Ján Tomko ad3f33a992 qemu: add external backend for tpm
Introduce a new backend type 'external' for connecting to a swtpm daemon
not managed by libvirtd.

Mostly in one commit, thanks to -Wswitch and the way we generate
capabilities.

https://bugzilla.redhat.com/show_bug.cgi?id=2063723

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-12-19 10:33:20 +01:00
Peter Krempa 443eb2330d tests: qemucapabilitiesdata: Final update of qemu-7.2 capabilities on x86
QEMU 7.2 was released, update the capabilities data to the final state.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-19 09:34:20 +01:00
Andrea Bolognani b271d6f3b0 kbase: Reorder deployments
List the various options so that the most likely ones come
first.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
2022-12-15 16:37:51 +01:00
Andrea Bolognani db7fdf6de8 kbase: Reorder sections
Users are likely more interested in the main deployment
scenarios than in the detailed list of every existing RPM
package. Reorder sections accordingly.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
2022-12-15 16:37:47 +01:00
Ján Tomko 99cbca98a8 qemu: tpm: fix spacing
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2022-12-15 13:17:00 +01:00
Daniel P. Berrangé aeba13f24d docs: replace footer link to the bird site with mastodon
Since the takeover of the bird site, the bulk of tech people who want
a more friendly and inclusive media site have jumped over to Mastodon.
With its decentralized nature, there's no one replacement that captures
everything, but the fosstodon.org site is a topic relevant choice.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-12-15 11:04:30 +00:00
Andrea Bolognani 8908615ef3 spec: List more directories
The storage-backend/ and storage-file/ directories are currently
considered unowned by RPM. Have the libvirt-daemon package take
ownership of them, just as it already owns the connection-driver/
and lock-driver/ directories.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
2022-12-14 19:24:01 +01:00
Andrea Bolognani 7aafa2fff4 spec: Add trailing backslash
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
2022-12-14 19:23:57 +01:00
Michal Privoznik 53369ad062 virnuma: Allow multiple nodes for preferred policy
In the past, the preferred policy
(VIR_DOMAIN_NUMATUNE_MEM_PREFERRED) required exactly one (host)
NUMA node. This made sense because:

  1) the libnuma API - numa_set_preferred() allowed exactly one
     node, because
  2) corresponding kernel syscall (__NR_set_mempolicy) accepted
     exactly one node (for MPOL_PREFERRED mode).

But things have changed since then. Firstly, kernel introduced
new MPOL_PREFERRED_MANY mode (v5.15-rc1~107^2~21) which was then
exposed in libnuma as numa_set_preferred_many() (v2.0.15~24).

Fortunately, libnuma also exposes numa_has_preferred_many() which
returns whether the kernel has support for the new mode (1) or
not (0).

Putting this all together, we can lift our check for sufficiently
new kernel and libnuma.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2151064
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-14 16:07:04 +01:00
Jiri Denemark 7166d26fc9 qemu_migration: Fix p2p post-copy recovery
Although the qemuMigrationSrcPerformResume actually got called
indirectly via qemuMigrationSrcPerformNative and the recovery process
worked, wrong job phases were used for the "perform" phase, which could
cause issues when libvirt daemon crashed (or was otherwise restarted)
during post-copy recovery.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2022-12-14 11:21:50 +01:00
Jiri Denemark 693c6b4a81 qemu_migration: Move qemuMigrationSrcPerformResume up
It will need to be called from a place above its current definition.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2022-12-14 11:21:50 +01:00
Jiri Denemark 2472e601ab qemu: Don't warn when releasing a released job
When qemuDomainObjReleaseAsyncJob is called when the current async job
is already released we emit quite useless warning which was implemented
to warn about releasing a job owned by another thread.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2022-12-14 11:21:37 +01:00
Jiri Denemark bff05a4504 cpu: Improve debug message in virCPUGetVendorForModel
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2022-12-14 11:21:37 +01:00
Jiri Denemark d71a5f67a0 qemu: Fix warning in qemuMigrationDstPostcopyFailed
The function is called even if QEMU reports migration as
postcopy-paused, i.e., it's not migrating anymore. And while changing
the warning, we can drop the part about unattended migration to make the
warning shorter and consistent with qemuMigrationSrcPostcopyFailed.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2022-12-14 11:21:37 +01:00
Kristina Hanicova 5ef2582646 qemu_process: add tray changed event to queue in refresh disks
There are some cases when the internal state of disks can change
without qemu sending events about it (e.g. a disk can close
during reset). In case this happens, we should emit an event
about the modified disk.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1824722#c20

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-12-13 18:01:41 +01:00