Commit Graph

44499 Commits

Author SHA1 Message Date
Michal Privoznik
d05a89b703 manpages: Document 'restrictive' mode for numatune
While we document possibility of passing an integer from
virDomainNumatuneMemMode enum, we list string variants to only
the first three enum members. The fourth (and so far the last)
member is called 'restrictive' and thus should be documented.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2021-12-17 12:50:05 +01:00
Michal Privoznik
8237cdd8d4 qemucapabilitiesdata: Fix command name in caps_3.0.0.ppc64.replies
Under the qemucapabilitiesdata we have a replies file for
QEMU-3.0.0.ppc64. At least we think so. In fact, the file
contains replies from a development snapshot release that
predates 3.0.0 (specifically it's v2.12.0-1689-g518d23a) and as
such does not reflect any change that was made to QEMU after the
snapshot and before the official relase. One of such changes was
renaming 'exit-preconfig' command to 'x-exit-preconfig' (QEMU
commit v3.0.0-rc1~21^2~3). Ideally, we would just regenerate
capabilities using the official release but since this is a PPC64
machine and pretty old version anyway let's just fix the command
name.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-12-17 09:39:53 +01:00
Daniel P. Berrangé
e4e873e9b6 qemu: format sev-guest.kernel-hashes property
Set the kernel-hashes property on the sev-guest object if the config
asked for it explicitly. While QEMU machine types currently default to
having this setting off, it is not guaranteed to remain this way.

We can't assume that the QEMU capabilities were generated on an AMD host
with SEV, so we must force set the QEMU_CAPS_SEV_GUEST. This also means
that the 'sev' info in the qemuCaps struct might be NULL, but this is
harmless from POV of testing the CLI generator.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-12-16 18:10:33 +00:00
Daniel P. Berrangé
a4efca7695 tests: allow setting extra capabilities on top of versioned caps
In the QEMU tests a test can either use an explicitly listed set of
capabilities, or can request those matching a particular QEMU
version. Sometimes it is desirable to be able to list extra caps
on top of those implied by a particular version.

This is useful, for example, when QEMU won't report certain features
unless it was run on particular hardware or kernels, and those were
not used when a caps snapshot was imported to the libvirt source tree.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-12-16 18:10:33 +00:00
Daniel P. Berrangé
1826716c1f qemu: probe for sev-guest.kernel-hashes property
This sev-guest object property indicates whether QEMU should
expose the kernel, ramdisk, cmdline hashes to the firmware
for measurement.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-12-16 18:06:53 +00:00
Daniel P. Berrangé
cd4e917760 conf: add support for setting SEV kernel hashes
Normally the SEV measurement only covers the firmware
loader contents. When doing a direct kernel boot, however,
with new enough OVMF it is possible to ask for the
measurement to cover the kernel, ramdisk and command line.

It can't be done automatically as that would break existing
guests using direct kernel boot with old firmware, so there
is a new XML setting allowing this behaviour to be toggled.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-12-16 18:02:58 +00:00
Daniel P. Berrangé
27c1d06b5b qemu: validate VNC password length
The VNC password authentication scheme is quite horrendous in that it
takes the user password and directly uses it as a DES case. DES is a
byte 8 keyed cipher, so the VNC password can never be more than 8
characters long. Anything over that length will be silently dropped.

We should validate this length restriction when accepting user XML
configs and report an error. For the global VNC password we don't
really want to break daemon startup by reporting an error, but
logging a warning is worthwhile.

https://bugzilla.redhat.com/show_bug.cgi?id=1506689

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-12-16 18:02:18 +00:00
Ján Tomko
8ab1a0fdc9 qemu: qemu_command: clean up includes
Over time, the code using them got split into other files.
(Mostly qemu_interface.c and qemu_process.c)

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Ani Sinha <ani@anisinha.ca>
2021-12-16 16:53:42 +01:00
Peter Krempa
8557431995 qemuxml2argvtest: disk-missing-target: Add two disks with same bus
A recent code movement introduced a bug which reproduces only when there
are two disks on the same bus missing the target. Improve the test case
for the missing target test.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-12-16 15:58:06 +01:00
Peter Krempa
019b74103b virDomainDiskInsert: Don't access NULL disk target
'virDomainDiskInsert' orders the inserted disks by target. If the target
is not provided though it would try to parse it anyways. This lead to a
crash when parsing a definition where there are multiple disks and of
two disks sharing the bus at least one also misses the target.

Since we want to actually use the parser for stuff which doesn't
necessarily need the disk target, we make virDomainDiskInsert tolerant
of missing target instead. The definition will be rejected by the
validator regardless of the order the disks were inserted in.

Fixes: 61fd7174
Closes: https://gitlab.com/libvirt/libvirt/-/issues/257
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-12-16 15:58:06 +01:00
Daniel P. Berrangé
883f643d70 rpm: don't start/stop -ro.socket units for virtlockd/virtlogd
These daemons do not have any support for unprivileged readonly
access, so we must not reference -ro.socket units in scripts.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-12-16 10:02:56 +00:00
Daniel P. Berrangé
25a6e49668 rpm: fix typo in daemon name in %post/%preun scripts
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-12-16 10:02:46 +00:00
Ani Sinha
0d5b08e56d qemu: fix missing cleanup on error in qemuSaveImageStartVM
Commit 52521de8332c2323bd ("qemu: Use qemuDomainSaveStatus") replaced a call
to virDomainObjSave() with qemuDomainSaveStatus() as a part of cleanup. Since
qemuDomainSaveStatus() does not indicate any failure through its return code,
the error handling cleanup code got eliminated in the process. Thus upon
failure, we will no longer killing the started qemu process. This commit fixes
this by reverting the change that was introduced with the above commit.

Fixes: 52521de8332c2323bd ("qemu: Use qemuDomainSaveStatus")

Signed-off-by: Ani Sinha <ani@anisinha.ca>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2021-12-16 10:32:10 +01:00
Peter Krempa
f8915af663 qemucapstest: Update qemu capabilities probe dump for qemu-6.2 release
qemu-6.2 is out, update the caps dump for the final time.

Notable changes:
- 'unstable' feature flag for various QMP schema entries
- 'aio-max-batch' iothread property
- 'kernel-hashes' knob for the 'sev-guest' object
- 'native-hotplug' of 'pcie-root-port' is now unstable again
- 'page-sampling/dirty-ring/dirty-bitmap' mode for 'calc-dirty-rate'
- 'toolsversion' field for the 'vmdk' disk format driver
- CPU changes resulting in 'core-capability' being present on the cpu
  of the machine this dump was done on

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-12-16 09:57:35 +01:00
Ján Tomko
856e6f0b34 network: remove unused 'driver' parameter
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-12-15 15:28:17 +01:00
Ján Tomko
2f9ad6537b util: dnsmasq: remove caps completely
Now that we only check whether the dnsmasq version is new enough,
there is no need for the caps field.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-12-15 15:28:17 +01:00
Ján Tomko
cd74b24fdf util: remove dnsmasqCapsGetVersion
It has no callers anymore.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-12-15 15:28:17 +01:00
Ján Tomko
5e0c3e0a33 spec: do not require radvd
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-12-15 15:28:17 +01:00
Ján Tomko
7a50e524df build: do not search for radvd binary
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-12-15 15:28:17 +01:00
Ján Tomko
7193ef2bed conf: remove radvdPid from virNetworkObj
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-12-15 15:28:17 +01:00
Ján Tomko
665702135e network: driver: remove unused radvdStateDir variable
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-12-15 15:28:17 +01:00
Ján Tomko
b4efa0cfc5 network: remove any code dealing with radvd
Since dnsmasq supports --ra-param for a long time, this code is now
unused.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-12-15 15:28:17 +01:00
Ján Tomko
4ddd442687 util: dnsmasq: delete assumed capability flags
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-12-15 15:28:17 +01:00
Ján Tomko
c8e45725f9 network: assume DNSMASQ_CAPS_RA_PARAM
Introduced by dnsmasq commit:
commit c4cd95df68b573b63d234ecdb675228657d65353
Author:     Simon Kelley <simon@thekelleys.org.uk>
CommitDate: 2013-10-10 20:58:11 +0100

    Add --ra-param and remove --force-fast-ra

git describe: v2.67rc3-3-gc4cd95d contains: v2.67rc4~12

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-12-15 15:28:17 +01:00
Ján Tomko
0927510d7f network: assume DNSMASQ_CAPS_BIND_DYNAMIC
Introduced by dnsmasq commit:
commit 54dd393f3938fc0c19088fbd319b95e37d81a2b0
CommitDate: 2012-06-20 11:23:38 +0100

    Add --bind-dynamic

git describe: v2.63test1 contains: v2.63test1^0

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-12-15 15:28:17 +01:00
Ján Tomko
ac0028f541 util: remove DNSMASQ_RA_SUPPORT
Now that the macro is unused, delete it.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-12-15 15:28:17 +01:00
Ján Tomko
166fdbad6c network: assume DNSMASQ_RA_SUPPORT
Delete the code that is only run without the capability.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-12-15 15:28:17 +01:00
Ján Tomko
e3baacd344 network: assume DNSMASQ_DHCPv6_SUPPORT
Remove the (now unreachable) error message and the macro.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-12-15 15:28:17 +01:00
Ján Tomko
80d1a5ff2e util: dnsmasq: mandate at least version 2.67
All the capabilities should be supported in 2.67.
Make this the minimum version, since even the oldest
distros we support have moved on:

Debian 8: 2.72
CentOS 7: 2.76
Ubuntu 18.04: 2.79

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-12-15 15:28:17 +01:00
Ján Tomko
6b59d6cac1 tests: do not test dnsmasq older than 2.67
Prepare to retire older versions by droping older tests.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-12-15 15:28:17 +01:00
Ján Tomko
b9a4c5f8c8 util: dnsmasqCapsSetFromBuffer: use error label
Rename 'fail' to 'error' to match the prevalent usage.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-12-15 15:28:17 +01:00
Michal Privoznik
be592a6ebb meson: Detect XDR only when needed
If remote driver was disabled there is no need to check whether
host has a XDR library installed.

Resolves: https://gitlab.com/libvirt/libvirt/-/issues/196
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-12-15 12:12:44 +01:00
Michal Privoznik
a642cc648c meson: Require XDR for wireshark
The way our wireshark dissector works is by providing decoders
for primitive types (like integers, string, double, etc.) and
then parsing virsomethingprotocol.x files and generating complex
decoders for RPC. This obviously means that XDR is required for
the dissector, but corresponding check was missing.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-12-15 12:12:44 +01:00
Michal Privoznik
de617ce96b admin: Build only when RPC is available
The admin module is very closely tied to RPC. If we are
building without RPC support there's not much use for the
admin module, in fact it fails to build.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-12-15 12:12:44 +01:00
Michal Privoznik
b7ccae7f1f logging: Build log manager only when RPC is available
The logging manager is very closely tied to RPC. If we are
building without RPC support there's not much use for the
manager, in fact it fails to build.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-12-15 12:12:44 +01:00
Michal Privoznik
377f67d5b3 rpc: Build only when XDR is available
Our RPC layer is as tied to XDR as possible. Therefore, if we
haven't detected and XDR library there's not much sense in trying
to build RPC layer.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-12-15 12:12:44 +01:00
Michal Privoznik
1bbcc79e0e rpc: Separate out socket code into another static lib
There's nothing RPC specific about virnettlscontext.c or
virnetsocket.c. We use TLS for other things than just RPC
encryption (e.g. for generating random numbers) and sockets can
be used even without RPC.

Move these two sources into a static library (virt_socket) so
that other areas can use it even when RPC is disabled.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-12-15 12:12:43 +01:00
Michal Privoznik
81025a6a18 libvirt-stream: Don't require RPC module
When implementing sparse streams, one of improvements I did was
to increase client buffer size for sending/receiving stream data
(commit v1.3.5-rc1~502). Previously, we were using 64KiB buffer
while packets on RPC are 256KiB (usable data is slightly less
because of the header). This meant that it took multiple calls of
virStreamRecv()/virStreamSend() to serve a single packet of data.
In my fix, I've included the virnetprotocol.h file which provides
VIR_NET_MESSAGE_LEGACY_PAYLOAD_MAX macro which is the exact size
of data in a single packet. However, including the file from
libvirt-stream.c which implements public APIs is not right. If
RPC module is not built then the file doesn't exists.

Redefine the macro and drop the include. The size can never
change anyways.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-12-15 12:12:43 +01:00
Tim Wiederhake
0519787f88 docs: domain: Clarify on the dangers of migrating with hyperv-passthrough enabled
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-12-15 11:53:08 +01:00
Tim Wiederhake
fdec0cbf43 Fix some typos
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-12-15 11:52:54 +01:00
Jiri Denemark
7ab39cf04b qemu: Drop driver parameter from qemuDomainSetFakeReboot
And its callers. The parameter is no longer used since virDomainObjSave
was replaced with qemuDomainSaveStatus wrapper.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-12-15 10:44:50 +01:00
Jiri Denemark
38fb9106ed qemu: Use qemuDomainSaveStatus
It is a nice wrapper around virDomainObjSave which logs a warning, but
otherwise ignores the error. Let's use it where appropriate.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-12-15 10:44:50 +01:00
Jiri Denemark
877d1c2478 qemu: Add support for return-path migration capability
When return-path is enabled, QEMU on the source host won't report
completed migration until the destination QEMU sends a confirmation it
successfully loaded all data. Libvirt would detect such situation in the
Finish phase and report the error read from QEMU's stderr back to the
source, but using return-path could give use a bit better error
reporting with an earlier restart of vCPUs on the source.

The capability is only enabled when the connection between QEMU
processes on the source and destination hosts is bidirectional. In other
words, only when VIR_MIGRATE_TUNNELLED is not set, because our tunnel
only allows one-way communication from the source to the destination.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-12-15 10:44:50 +01:00
Jiri Denemark
4f9f3c5d13 qemu: Support enabling migration caps unless a flag is used
So far we were enabling specific migration capabilities when a
corresponding API flag is set. We need to generalize our code to be able
to enable some migration capabilities unless a particular API flag is
used.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-12-15 10:44:50 +01:00
Daniel P. Berrangé
7826148a72 qemu: report max number of SEV guests
Different CPU generations have different limits on the number
of SEV/SEV-ES guests that can be run. Since both limits come
from the same overall set, there is typically also BIOS config
to set the tradeoff betweeen SEV and SEV-ES guest limits.

This is important information to expose for a mgmt application
scheduling guests to hosts.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-12-14 16:04:17 +00:00
Daniel P. Berrangé
2150c7c9f7 util: pull CPUID helper function out of CPU driver
This will be needed directly in the QEMU driver in a later patch.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-12-14 16:04:17 +00:00
Daniel P. Berrangé
0ac34b614b include: define parameters for reporting SEV guest limits
There are limits on the number of SEV/SEV-ES guests that can
be run on machines, which may be influenced by firmware
settings. This is important to expose to users.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-12-14 16:04:17 +00:00
Daniel P. Berrangé
34cb8f6fcd conf: extend domain capabilities for max SEV guest count
There are limits on the number of SEV/SEV-ES guests that can
be run on machines, which may be influenced by firmware
settings. This is important to expose to users.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-12-14 16:04:17 +00:00
Daniel P. Berrangé
719bb0bf23 tools: add 'nodesevinfo' virsh command
While some SEV info is reported in the domain capabilities,
for reasons of size, this excludes the certificates. The
nodesevinfo command provides the full set of information.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-12-14 16:04:17 +00:00
Daniel P. Berrangé
ac79e9ff5c tools: add 'domlaunchsecinfo' virsh command
This command reports the launch security parameters for
a guest, allowing an external tool to perform a launch
attestation.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-12-14 16:04:17 +00:00