In fcdcf8f70c the remoteGetUNIXSocket() function was changed and
one new variable was introduced (among other things): @env_name.
However, for WIN32 case the variable changed name to @env_path
which builds mingw builds.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
When the default driver mode requests the modular daemons, we still
defaulted to spawning libvirtd if the URI was NULL, because we don't
know which driver specific daemon to spawn. virtproxyd has logic
that can handle this as it is used for compatibility when accepting
incoming TCP connections with a NULL URI.
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The "spawnDaemon" and "binary" parameters are co-dependant, with the
latter non-NULL, if-and-only-if the former is true. Getting rid of the
"spawnDaemon" parameter simplifies life for the callers and eliminates
an error checking scenario.
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
When deciding what socket to connect to, we build the daemon path
that we need to autostart. This path only needs to be populated
if we actually intend to use autostart.
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The remoteGetUNIXSocket method currently just returns the daemon name
and the caller then converts this to a path. Except the SSH helper
didn't do this, so it was relying on later code expanding $PATH, and
this doesn't allow for build root overrides.
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
We have helper methods that return boolans for ro/user/autostart
properties. We then pack them into a flags parameter, and later
unpack them again. This makes the code consistently use flags
throughout.
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This enum will shortly be used by the remote driver sockets helper
methods too.
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Cloud-Hypervisor is a KVM virtualization using hypervisor. It
functions similarly to qemu and the libvirt Cloud-Hypervisor driver
uses a very similar structure to the libvirt driver.
The biggest difference from the libvirt perspective is that the
"monitor" socket is seperated into two sockets one that commands are
issued to and one that events are notified from. The current
implementation only uses the command socket (running over a REST API
with json encoded data) with future changes to add support for the
event socket (to better handle shutdowns from inside the VM).
This patch adds support for the following initial VM actions using the
Cloud-Hypervsior API:
* vm.create
* vm.delete
* vm.boot
* vm.shutdown
* vm.reboot
* vm.pause
* vm.resume
To use the Cloud-Hypervisor driver, the v15.0 release of
Cloud-Hypervisor is required to be installed.
Some additional notes:
* The curl handle is persistent but not useful to detect ch process
shutdown/crash (a future patch will address this shortcoming)
* On a 64-bit host Cloud-Hypervisor needs to support PVH and so can
emulate 32-bit mode but it isn't fully tested (a 64-bit kernel and
32-bit userspace is fine, a 32-bit kernel isn't validated)
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: William Douglas <william.douglas@intel.com>
While we couldn't historically connect to the remote session daemon
automatically, we do allow the user to set an explicit socket path
to enable the connections to work. This ability was accidentally
lost in
commit f8ec7c842d
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: Wed Jul 8 17:03:38 2020 +0100
rpc: use new virt-ssh-helper binary for remote tunnelling
We need to force use of 'netcat' when a 'socket' path is given in
the URI parameters.
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Currently the defaults for the proxy/mode settings are set before
parsing URI parameters. A following commit will introduce a dependancy
on the URI parsing for the defaults, so they need to move.
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The remoteGetUNIXSocketHelper method always returns a non-NULL string.
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
virFileFindResource needs to be given the absolute build path otherwise
its results will vary according to the CWD, leading to spurious failures
in dev testing.
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
They were added mostly randomly and we don't really want to keep working
around of false positives.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
A secret can be marked with the "private" attribute. The intent was that
it is not possible for any libvirt client to be able to read the secret
value, it would only be accesible from within libvirtd. eg the QEMU
driver can read the value to launch a guest.
With the modular daemons, the QEMU, storage and secret drivers are all
running in separate daemons. The QEMU and storage drivers thus appear to
be normal libvirt client's from the POV of the secret driver, and thus
they are not able to read a private secret. This is unhelpful.
With the previous patches that introduced a "system token" to the
identity object, we can now distinguish APIs invoked by libvirt daemons
from those invoked by client applications.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Historically, we declared pointer type to our types:
typedef struct _virXXX virXXX;
typedef virXXX *virXXXPtr;
But usefulness of such declaration is questionable, at best.
Unfortunately, we can't drop every such declaration - we have to
carry some over, because they are part of public API (e.g.
virDomainPtr). But for internal types - we can do drop them and
use what every other C project uses 'virXXX *'.
This change was generated by a very ugly shell script that
generated sed script which was then called over each file in the
repository. For the shell script refer to the cover letter:
https://listman.redhat.com/archives/libvir-list/2021-March/msg00537.html
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Follow best practices and add a unsigned int flags parameter to these
new APIs that have not been in a release yet.
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
The comments mistakenly say 7.2.0, when they were actually merged during
the 7.3 development cycle.
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This new API function provides a way to start a persistently-defined
mediate device that was defined by virNodeDeviceDefineXML() (or one that
was defined externally via mdevctl)
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
This interface allows you to undefine a persistently defined (but
inactive) mediated devices. It is implemented via 'mdevctl'
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
With mediated devices, we can now define persistent node devices that
can be started and stopped. In order to take advantage of this, we need
an API to define new node devices.
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
This API interacts with the hypervisor and makes changes to its
behaviour, so must be protected by the write permission.
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The order in which virNetworkUpdate() accepts @section and
@command arguments is not the same as in which it passes them
onto networkUpdate() callback. Until recently, it did not really
matter, because calling the API on client side meant arguments
were encoded in reversed order (compared to the public API), but
then on the server it was fixed again - because the server
decoded RPC (still swapped), called public API (still swapped)
and in turn called the network driver callback (with reversing
the order - so magically fixing the order).
Long story short, if the public API is called even number of
times those swaps cancel each other out. The problem is when the
API is called an odd numbed of times - which happens with split
daemons and the right URI. There's one call in the client (e.g.
virsh net-update), the other in a hypervisor daemon (say
virtqemud) which ends up calling the API in the virnetworkd.
The fix is obvious - fix the order in which arguments are passed
to the callback.
But, to maintain compatibility with older, yet unfixed, daemons
new connection feature is introduced. The feature is detected
just before calling the callback and allows client to pass
arguments in correct order (talking to fixed daemon) or in
reversed order (talking to older daemon).
Unfortunately, older client talking to newer daemon can't be
fixed. Let's hope that it's less frequent scenario.
Fixes: 574b9bc66b
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1870552
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Generated by the following spatch:
@@
expression a, b;
@@
+ b = g_steal_pointer(&a);
- b = a;
... when != a
- a = NULL;
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
Introduce virDomainStartDirtyRateCalc API for start calculation of
a domain's memory dirty rate with a specified time.
Signed-off-by: Hao Wang <wanghao232@huawei.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
We don't need to go to the trouble of telling users about existance of
insecure SASL mechanisms only to then say that they shouldn't be used.
We should only tell people about the GSSAPI mechanism for TCP sockets.
For the SCRAM mechanism we should be telling people about the SHA256
variant only, and also warning that the password database stores the
passwords in clear text.
Reviewed-by: Erik Skultety <eskultet@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Generated using the following spatch:
@@
expression path;
@@
- virFileMakePath(path)
+ g_mkdir_with_parents(path, 0777)
However, 14 occurrences were not replaced, e.g. in
virHostdevManagerNew(). I don't really understand why.
Fixed by hand afterwards.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Via coccinelle (not the handbag!)
spatches used:
@ rule1 @
identifier a, b;
symbol NULL;
@@
- b = a;
... when != a
- a = NULL;
+ b = g_steal_pointer(&a);
@@
- *b = a;
... when != a
- a = NULL;
+ *b = g_steal_pointer(&a);
Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
The various virtproxyd socket files are generated with invalid syntax,
e.g. from virtproxyd.socket
[Unit]
Description=Libvirt proxy local socket
Before=virtproxyd.service
libvirtd.socket libvirtd-ro.socket libvirtd-admin.socket libvirtd-tcp.socket libvirtd-tls.socket
Note the missing 'Conflicts=' in the last line. Fix it by prepending
'Conflicts=' to libvirtd_socket_conflicts when adding virtproxyd
to virt_daemon_units.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Further testing revealed commit f035f53baa regresses Debian bug 955216
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955216
Restarting libvirt-guests on libvirtd restart is worse than the original
dependency issue, so revert the commit until a better solution is found.
This reverts commit f035f53baa.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
There are a few places where we open code virStrcpy() or
virStrcpyStatic(). Call respective functions instead.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
It was reported that the performance of tunnelled migration and
volume upload/download regressed in 6.9.0, when the virt-ssh-helper
is used for remote SSH tunnelling instead of netcat.
When seeing data available to read from stdin, or the socket,
the current code will allocate at most 1k of extra space in
the buffer it has.
After writing data to the socket, or stdout, if more than 1k
of extra space is in the buffer, it will reallocate to free
up that space.
This results in a huge number of mallocs when doing I/O, as
well as a huge number of syscalls since at most 1k of data
will be read/written at a time.
Also if writing blocks for some reason, it will continue to
read data with no memory bound which is bad.
This changes the code to use a 1 MB fixed size buffer in each
direction. If that buffer becomes full, it will update the
watches to stop reading more data. It will never reallocate
the buffer at runtime.
This increases the performance by orders of magnitude.
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Tested-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
When the host is shutting down then we get PrepareForShutdown
signal on DBus to which we react by creating a thread which
runs virStateStop() and thus qemuStateStop(). But if scheduling
the thread is delayed just a but it may happen that we receive
SIGTERM (sent by systemd) to which we respond by quitting our
event loop and cleaning up everything (including drivers). And
only after that the thread gets to run only to find qemu_driver
being NULL.
What we can do is to delay exiting event loop and join the thread
that's executing virStateStop(). If the join doesn't happen in
given timeout (currently 30 seconds) then libvirtd shuts down
forcefully anyways (see virNetDaemonRun()).
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1895359
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1739564
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
When introducing the API I've mistakenly used 'int' type for
@nkeys argument which does nothing more than tells the API how
many items there are in @keys array. Obviously, negative values
are not expected and therefore 'unsigned int' should have been
used.
Reported-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Since both APIs accept/return an array of strings we can't have
client/server dispatch code generated. But implementation is
fairly trivial, although verbose.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
When restarting libvirt services and sockets *and* libvirt-guests.service
is running, the latter will sometimes hang when trying to connect to
libvirtd. Even though libvirt-guests has 'Wants=libvirtd.service' and
'After=libvirtd.service', we can see via journalctl that it is not
shutdown before libvirtd when executing something like
systemctl try-restart libvirtd.service libvirtd.socket \
libvirtd-ro.socket virtlockd.service virtlockd.socket \
virtlogd.service virtlogd.socket virt-guest-shutdown.target
Oct 28 15:53:31 systemd[1]: Stopping Virtualization daemon...
Oct 28 15:53:31 systemd[1]: libvirtd.service: Succeeded.
Oct 28 15:53:31 systemd[1]: Stopped Virtualization daemon.
Oct 28 15:53:31 systemd[1]: libvirtd-admin.socket: Succeeded.
Oct 28 15:53:31 systemd[1]: Closed Libvirt admin socket.
Oct 28 15:53:31 systemd[1]: Stopping Libvirt admin socket.
Oct 28 15:53:31 systemd[1]: libvirtd-ro.socket: Succeeded.
Oct 28 15:53:31 systemd[1]: Closed Libvirt local read-only socket.
Oct 28 15:53:31 systemd[1]: Stopping Libvirt local read-only socket.
Oct 28 15:53:31 systemd[1]: libvirtd.socket: Succeeded.
Oct 28 15:53:31 systemd[1]: Closed Libvirt local socket.
Oct 28 15:53:31 systemd[1]: Stopping Libvirt local socket.
Oct 28 15:53:31 systemd[1]: Listening on Libvirt local socket.
Oct 28 15:53:31 systemd[1]: Listening on Libvirt admin socket.
Oct 28 15:53:31 systemd[1]: Listening on Libvirt local read-only socket.
Oct 28 15:53:31 systemd[1]: virtlockd.socket: Succeeded.
Oct 28 15:53:31 systemd[1]: Closed Virtual machine lock manager socket.
Oct 28 15:53:31 systemd[1]: Stopping Virtual machine lock manager socket.
Oct 28 15:53:31 systemd[1]: Listening on Virtual machine lock manager socket.
Oct 28 15:53:31 systemd[1]: virtlogd.socket: Succeeded.
Oct 28 15:53:31 systemd[1]: Closed Virtual machine log manager socket.
Oct 28 15:53:31 systemd[1]: Stopping Virtual machine log manager socket.
Oct 28 15:53:31 systemd[1]: Listening on Virtual machine log manager socket.
Oct 28 15:53:31 systemd[1]: Stopping Suspend/Resume Running libvirt Guests...
In this case, the try-restart command hung and libvirt-guests was stuck
trying to connect to libvirtd. In the following case, the try-restart
worked since libvirtd was started again before libvirt-guests was stopped!
Oct 28 15:19:02 systemd[1]: Stopping Virtualization daemon...
Oct 28 15:19:02 systemd[1]: Stopped Virtualization daemon.
Oct 28 15:19:02 systemd[1]: Closed Libvirt admin socket.
Oct 28 15:19:02 systemd[1]: Stopping Libvirt admin socket.
Oct 28 15:19:02 systemd[1]: Closed Virtual machine lock manager socket.
Oct 28 15:19:02 systemd[1]: Stopping Virtual machine lock manager socket.
Oct 28 15:19:02 systemd[1]: Listening on Virtual machine lock manager socket.
Oct 28 15:19:02 systemd[1]: Closed Libvirt local read-only socket.
Oct 28 15:19:02 systemd[1]: Stopping Libvirt local read-only socket.
Oct 28 15:19:02 systemd[1]: Closed Libvirt local socket.
Oct 28 15:19:02 systemd[1]: Stopping Libvirt local socket.
Oct 28 15:19:02 systemd[1]: Listening on Libvirt local socket.
Oct 28 15:19:02 systemd[1]: Listening on Libvirt admin socket.
Oct 28 15:19:02 systemd[1]: Listening on Libvirt local read-only socket.
Oct 28 15:19:02 systemd[1]: Closed Virtual machine log manager socket.
Oct 28 15:19:02 systemd[1]: Stopping Virtual machine log manager socket.
Oct 28 15:19:02 systemd[1]: Listening on Virtual machine log manager socket.
Oct 28 15:19:02 systemd[1]: Starting Virtualization daemon...
Oct 28 15:19:02 systemd[1]: Stopping Suspend/Resume Running libvirt Guests...
Oct 28 15:19:02 systemd[1]: Started Virtualization daemon.
Oct 28 15:19:02 libvirt-guests.sh[4912]: Running guests on default URI: no running guests.
Oct 28 15:19:02 systemd[1]: Stopped Suspend/Resume Running libvirt Guests.
Oct 28 15:19:02 systemd[1]: Stopped target Libvirt guests shutdown.
Oct 28 15:19:02 systemd[1]: Stopping Libvirt guests shutdown.
Oct 28 15:19:02 systemd[1]: Reached target Libvirt guests shutdown.
Oct 28 15:19:02 systemd[1]: Starting Suspend/Resume Running libvirt Guests...
Oct 28 15:19:02 systemd[1]: Started Suspend/Resume Running libvirt Guests.
Adding 'Requires=libvirtd.service' to virt-guest-shutdown.target results
in expected behavior
Oct 28 15:40:00 systemd[1]: Stopping Suspend/Resume Running libvirt Guests...
Oct 28 15:40:00 libvirt-guests.sh[5245]: Running guests on default URI: no running guests.
Oct 28 15:40:00 systemd[1]: Stopped Suspend/Resume Running libvirt Guests.
Oct 28 15:40:00 systemd[1]: Stopped target Libvirt guests shutdown.
Oct 28 15:40:00 systemd[1]: Stopping Libvirt guests shutdown.
Oct 28 15:40:00 systemd[1]: Stopping Virtualization daemon...
Oct 28 15:40:00 systemd[1]: Stopped Virtualization daemon.
Oct 28 15:40:00 systemd[1]: Closed Virtual machine log manager socket.
Oct 28 15:40:00 systemd[1]: Stopping Virtual machine log manager socket.
Oct 28 15:40:00 systemd[1]: Listening on Virtual machine log manager socket.
Oct 28 15:40:00 systemd[1]: Closed Libvirt admin socket.
Oct 28 15:40:00 systemd[1]: Stopping Libvirt admin socket.
Oct 28 15:40:00 systemd[1]: Closed Libvirt local read-only socket.
Oct 28 15:40:00 systemd[1]: Stopping Libvirt local read-only socket.
Oct 28 15:40:00 systemd[1]: Closed Libvirt local socket.
Oct 28 15:40:00 systemd[1]: Stopping Libvirt local socket.
Oct 28 15:40:00 systemd[1]: Listening on Libvirt local socket.
Oct 28 15:40:00 systemd[1]: Listening on Libvirt admin socket.
Oct 28 15:40:00 systemd[1]: Listening on Libvirt local read-only socket.
Oct 28 15:40:00 systemd[1]: Closed Virtual machine lock manager socket.
Oct 28 15:40:00 systemd[1]: Stopping Virtual machine lock manager socket.
Oct 28 15:40:00 systemd[1]: Listening on Virtual machine lock manager socket.
Oct 28 15:40:00 systemd[1]: Starting Virtualization daemon...
Oct 28 15:40:00 systemd[1]: Started Virtualization daemon.
Oct 28 15:40:00 systemd[1]: Reached target Libvirt guests shutdown.
Oct 28 15:40:00 systemd[1]: Starting Suspend/Resume Running libvirt Guests...
Oct 28 15:40:00 systemd[1]: Started Suspend/Resume Running libvirt Guests.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Neal Gompa <ngompa13@gmail.com>
Introduce memory failure event. Libvirt should monitor domain's
event, then posts it to uplayer. According to the hardware memory
corrupted message, a cloud scheduler could migrate domain to another
health physical server.
Several changes in this patch:
public API:
include/*
src/conf/*
src/remote/*
src/remote_protocol-structs
client:
examples/c/misc/event-test.c
tools/virsh-domain.c
With this patch, each driver could implement its own method to run
this new event.
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reported-by: John Ferlan <jferlan@redhat.com>
Fixes: 8487595bee
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Use g_new0 for allocation and remove all the temporary
variables.
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
CVE-2020-25637
Add a requirement for domain:write if source is set to
VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_AGENT.
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
CVE-2020-25637
Add a new field to @acl annotations for filtering by
unsigned int parameters.
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
