Commit Graph

35406 Commits

Author SHA1 Message Date
Michal Privoznik
cdd8a6690e qemu: Forcibly mknod() even if it exists
Another weird bug appeared concerning qemu namespaces. Basically
the problem is as follows:

1) Issue an API that causes libvirt to create a node in domain's
   namespace, say /dev/nvme0n1 with 8:0 as major:minor (the API can
   be attach-disk for instance). Or simply create the node from a
   console by hand.

2) Detach the disk from qemu.

3) Do something that makes /dev/nvme0n1 change it's minor number.

4) Try to attach the disk again.

The problem is, in a few cases - like disk-detach - we don't
remove the corresponding /dev node from the mount namespace
(because it may be used by some other disk's backing chain). But
this creates a problem, because if the node changes its MAJ:MIN
numbers we don't propagate the change into the domain's
namespace. We do plain mknod() and ignore EEXIST which obviously
is not enough because it doesn't guarantee that the node has
updated MAJ:MIN pair.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1752978

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-20 14:05:37 +01:00
Ján Tomko
73197f9803 gnulib: remove mk*temp modules
After commits 4ac4773040 and
ef88698668, we use the GLib versions
of these functions.

Remove the corresponding gnulib modules.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2019-11-20 13:31:21 +01:00
Pavel Hrdina
f0da677956 bootstrap.conf: drop c-strcasestr gnulib module
Last usage was removed by commit
<41f88886198e231285cc813f8c0687c8ec5c9488> and commit
<0f4d31720430b4e3735064cc0d8f88a1a438e154> forgot to drop include.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 13:31:13 +01:00
Peter Krempa
2dbf7e2e6d gnulib: Remove use of 'strsep' module
We don't use strsep any more.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2019-11-20 13:31:01 +01:00
Ján Tomko
dd01eb4fd1 bootstrap: remove regex module
Now that we use GRegex everywhere, there is no need for this module.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2019-11-20 13:30:55 +01:00
Pavel Hrdina
722f55180f syntax-check: forbid usage of snprintf
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 13:30:34 +01:00
Pavel Hrdina
3c5dcf3427 syntax-check: update of sprintf rule to mention g_snprintf
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 13:30:11 +01:00
Pavel Hrdina
62aa66416a bootstrap.conf: remove usage of snprintf gnulib module
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 13:29:26 +01:00
Ján Tomko
6250accb8c gnulib: remove use of 'vsnprintf' module
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2019-11-20 13:29:06 +01:00
Ján Tomko
0ebe536144 gnulib: remove use of 'byteswap' module
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2019-11-20 13:29:00 +01:00
Peter Krempa
d7234fe317 gnulib: remove 'areadlink' module
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 13:28:52 +01:00
Peter Krempa
a4762294b9 qemu: monitor: Remove non-transaction based dirty bitmap APIs
We replaced them by use of transaction to simplify possible failure
scenarios.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 13:24:54 +01:00
Peter Krempa
cec4e32998 qemu: checkpoint: Fix rollback and access to unlocked 'vm' when deleting checkpoints
Delete/merge bitmaps when deleting checkpoints using a 'transaction' so
that we don't have to deal with halfway-failed scenarios and also fix
access to 'vm' while in the monitor lock.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 13:24:54 +01:00
Peter Krempa
2eb7c68332 tests: virschema: Propagate errors from directory traversal in testSchemaDir
testSchemaDir is a helper which invokes the schema test using virTestRun
on all schema files. Since the function itself is not called inside
virTestRun any helper function call is not dispatched to the user and
thus it's hard to debug the test. Propagate errors from the directory
traversal.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-20 12:57:50 +01:00
Peter Krempa
d154807d5b tests: utils: Introduce helper for dispatching libvirt errors
In cases when we call a libvirt helper which reports an error the error
would be hidden unless libvirt library debug is on. This produces a lot
of output and is hard to debug.

The helper provides a way to dispatch the libvirt error in specific
cases sice we do already dispatch it in case when virTestRun is used.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-20 12:57:50 +01:00
Peter Krempa
5f5542b44e tests: schema: Simplify memory handling using g_autofree
Refactor various functions to avoid multiple freeing function calls.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-20 12:57:50 +01:00
Jonathon Jongsma
7a69486c4d lib: fix documentation typo in virDomainGetGuestInfo()
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2019-11-20 09:13:52 +01:00
LanceLiu
8ecab214de remote_daemon_stream: Fix @client locking in daemonStreamFilter()
When dispatching a message read from client it is first passed
through registered filters. If one of the filters consumes the
message no further processing of the message is done. However,
the filter callbacks are called with the client object locked.
This breaks lock ordering in case of virStream filter, we always
acquire stream private data lock without the client object
locked. In other words, the daemonStreamFilter() does not follow
the lock ordering.

Signed-off-by: LanceLiu <liu.lance.89@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-19 16:09:53 +01:00
Daniel Henrique Barboza
3a085d221e tests: remove unneeded cleanup labels
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-19 15:22:43 +01:00
Daniel Henrique Barboza
adf9c3f952 vbox: remove unneeded cleanup labels
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-19 15:22:40 +01:00
Daniel Henrique Barboza
6c63adc4a0 qemu: remove unneeded cleanup labels
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-19 15:22:37 +01:00
John Ferlan
f4db846c32 network: Check for QOS before blindly using it
If networkAllocatePort calls networkPlugBandwidth eventually the
port->bandwidth would be passed to virNetDevBandwidthPlug which
requires that the parameter is non-NULL.  Coverity additionally
notes that since (!port->bandwidth) is checked earlier in the
networkAllocatePort method that the subsequent call to blindly
use if for a function that requires it needs to check.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-19 07:02:08 -05:00
John Ferlan
10881fac46 network: Use local variables in networkUpdatePortBandwidth
We go through the trouble of checking {old|new}Bandwidth[->in] and
storing the result in local @old_floor and @new_floor, but then
we don't use them. Instead we make derefs to the longer name. This
caused Coverity to note dereferencing newBandwidth->in without first
checking @newBandwidth like was done for new_floor could cause a
NULL dereference.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-19 07:02:02 -05:00
John Ferlan
d70024d0a6 util: Remove unnecessary check in virFileRewrite
Since g_strdup_printf will abort, we know @newfile won't be NULL.

Found by Coverity

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-19 07:01:32 -05:00
Michal Privoznik
6c37ee4da2 qemuProcessStop: Set @def early
The @def variable holds pointer to the domain defintion, but is
set only somewhere in the middle of the function. This is
suboptimal.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-11-19 10:25:56 +01:00
Jonathon Jongsma
78e90879fa Add news for virDomainAgentSetResponseTimeout()
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-19 08:15:56 +01:00
Ján Tomko
af5aa266ed g_mkstemp_full: pass O_RDWR
This flag is not implied by g_mkstemp_full, only by g_mkstemp.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reported-by: Bjoern Walk <bwalk@linux.ibm.com>
Fixes: 4ac4773040
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2019-11-18 18:49:02 +01:00
Daniel P. Berrangé
7909359d60 build-aux: rewrite duplicate header checker in Python
As part of an goal to eliminate Perl from libvirt build tools,
rewrite the prohibit-duplicate-header.pl tool in Python.

This was a straight conversion, manually going line-by-line to
change the syntax from Perl to Python. Thus the overall structure
of the file and approach is the same.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-18 17:24:31 +00:00
Erik Skultety
2816fe2e84 qemu: Fix NULL ptr dereference caused by qemuDomainDefFormatBufInternal
qemuDomainDefFormatBufInternal function wasn't testing whether the CPU
was actually defined in the XML and saving such a domain resulted in the
following backtrace:

0 in qemuDomainMakeCPUMigratable (cpu=0x0)
1 in qemuDomainDefFormatBufInternal()
2 in qemuDomainDefFormatXMLInternal()
3 in qemuDomainDefFormatLive()
4 in qemuDomainSaveInternal()
5 in qemuDomainSaveFlags()
6 in qemuDomainSave()
7 in virDomainSave()

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-18 14:32:49 +01:00
Pavel Hrdina
4c0398b528 qemu_process: fix starting VMs if machine group has limited cpuset.cpus
Commit <f136b83139c63f20de0df3285d9e82df2fb97bfc> reworked process
affinity setting but did not take cgroups into account which introduced
an issue when starting VM with custom cpuset.cpus for the whole machine
group.

If the machine group is limited to some pCPUs libvirt should not try to
set a VM to run on all pCPUs as it will result in permission denied when
writing to cpuset.cpus.

To fix this the affinity has to be set separately from cgroups cpuset.

Resolves: <https://bugzilla.redhat.com/show_bug.cgi?id=1746517>

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-18 10:41:44 +01:00
Michal Privoznik
02bf7cc68b virbpf: Fix typecast to __aligned_u64 type
In functions implemented here we fill this attr union (type of
bpf_attr) and just pass it to syscall(2). Thing is that some of
the union members are type of __aligned_u64. This is not regular
uint64_t. This one is explicitly aligned to 8 bytes, while
uint64_t can be aligned to 4 bytes (on 32 bits). We've used
explicit typecast to uint64_t to shut compiler which would
otherwise complain of assigning a pointer into an integer. Well,
we have uintptr_t just for that.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-18 08:59:13 +01:00
Michal Privoznik
c10b78370d vircgroupv2devices: Fix format string for size_t variable
In virCgroupV2DevicesReallocMap() we are debug printing both
arguments passed to the function. However, the @size argument is
type of size_t but '%lu' is used to format it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-18 08:53:30 +01:00
Jonathon Jongsma
2de5e131b9 news: mention 'ramfb' mdev attribute
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
2019-11-17 20:13:52 -05:00
Michal Privoznik
c07a33bef9 virbpf: Check if syscall() is available
There are some OSes which don't have syscall() nor
<sys/syscall.h>. We already check for the header file in
configure phase, so we just need to add check for
HAVE_SYS_SYSCALL_H to HAVE_DECL_BPF_PROG_QUERY.

While I'm at it, some header files we are including are not
needed, so their includes can be safely dropped.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-16 06:39:23 +01:00
Jim Fehlig
5a5e92000d spec: Remove build-time list of edk2 firmwares
Fedora now advertises supported firmwares via descriptor files.
Since the upstream spec file assumes recent Fedora, remove the
build-time list of firmwares, which can produce a warning after
commit 75597f022a.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-15 16:49:30 -07:00
Jonathon Jongsma
889cd827ae conf: validate video resolution
Ensure that both x and y are non-zero when resolution is specified for a
video device.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
2019-11-15 13:30:56 -05:00
Jonathon Jongsma
026c2ffb50 conf: report errors when parsing video acceleration
Since this function is now only called when an 'acceleration' element is
present in the xml, any failure to parse the element will be considered
an error.

Previously, we detected some types of errors, but we would only log an
error (virReportError()), but still return a partially-specified accel
object to the caller. This patch returns NULL for all parsing errors and
reports that error back up to the caller.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
2019-11-15 13:30:56 -05:00
Jonathon Jongsma
754e4c24ec conf: report errors when parsing video resolution
The current code doesn't properly handle errors when parsing a video
device's resolution.  We were returning a NULL structure for the case
where 'x' or 'y' were missing. But for the other error cases, we were
logging an error (virReportError()), but still returning an
under-specified structure. That under-specified structure was used by
the calling function rather than properly reporting an error.

This patch changes the parse function to return NULL on any parsing
error and changes the calling function to report an error when NULL is
returned.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
2019-11-15 13:30:56 -05:00
Jonathon Jongsma
333cca0bfc conf: iterate video model children in parent function
Previously, we were passing the video "model" node to the "acceleration"
and "resolution" parsing functions and requiring them to iterate over
the children to discover and parse the appropriate node. It makes more
sense to move this responsibility up to the parent function and just
pass these functions the node that needs to be parsed.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
2019-11-15 13:30:55 -05:00
Miguel Ángel Arruga Vivas
a74df786a2 vircgroup: Ensure /machine group is associated with its parent
Call first virCgroupNew on the parent group virCgroupNewPartition if
it is available on before the creation of the child group.  This
ensures that the creation of a first level group on the unified
architecture, as the check at virCgroupV2ParseControllersFile as the
parent file is there.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1760233

Signed-off-by: Miguel Ángel Arruga Vivas <rosen644835@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-15 15:45:25 +01:00
Miguel Ángel Arruga Vivas
ddcb33bdc0 doc: cgroups: Remove unwanted references to systemd
The non-systemd configurations do not create system neither user
control groups.  The title of the diagram referenced systemd too.

Signed-off-by: Miguel Ángel Arruga Vivas <rosen644835@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-15 15:45:20 +01:00
Gregor Kopka
98f931de7c Allow a zfs pool or dataset as source for zfs storage backend
Enables hosting a pool on an existing zfs pool without affecting
other datasets there.
Specify dataset instead of pool as source to use.
Parent of dataset must exist for pool-build to succeed.
Beware that pool-delete destroys the source dataset and all children.

Solves: https://www.redhat.com/archives/libvirt-users/2017-April/msg00041.html

Signed-off-by: Gregor Kopka <gregor@kopka.net>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-15 15:25:53 +01:00
Pavel Hrdina
43b01ef2d6 replace use of gnulib snprintf by g_snprintf
Glib implementation follows the ISO C99 standard so it's safe to replace
the gnulib implementation.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2019-11-15 15:07:40 +01:00
Pavel Hrdina
8addef2bef vircgroupmock: mock virCgroupV2DevicesAvailable
We need to mock virCgroupV2DevicesAvailable() in order to remove any
dependency on kernel as BPF devices might not be available.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-15 12:58:43 +01:00
Pavel Hrdina
c359cb9aee vircgroup: workaround devices in hybrid mode
So the issue here is that you can end up with configuration where
you have cgroup v1 and v2 enabled at the same time and the devices
controllers is enabled for cgroup v1.

In cgroup v2 there is no devices controller, the device access is
controlled using BPF and since it is not a cgroup controller both
of them can exists at the same time and both of them are applied while
resolving access to devices.

In order to avoid configuring both BPF and cgroup v1 devices we will
use BPF if possible and otherwise fallback to cgroup v1 devices.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-15 12:58:43 +01:00
Pavel Hrdina
884479b42b vircgroup: introduce virCgroupV2DenyAllDevices
If we want to deny all devices we just need to replace any existing
program with new program with empty map.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-15 12:58:42 +01:00
Pavel Hrdina
285aefb31c vircgroup: introduce virCgroupV2AllowAllDevices
If we want to allow all devices with all permissions we need to replace
any existing program that has any rule configured, otherwise we just
need to add new rule which will for example allow read access to all
devices.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-15 12:58:41 +01:00
Pavel Hrdina
d5b09ce5d9 vircgroup: introduce virCgroupV2DenyDevice
In order to deny device we need to check if there is any entry in BPF
map and we need to load the current value from map if there is already
entry for that device.  If both values are same we can remove that entry
but if they are different we need to update the entry because we don't
have to deny all access, but for example only write access.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-15 12:58:40 +01:00
Pavel Hrdina
5d49651912 vircgroup: introduce virCgroupV2AllowDevice
In order to allow device we need to create key and value which will be
used to update BPF map.  virBPFUpdateElem() can override existing
entries in BPF map so we need to check if that entry exists in order to
track number of entries in our map.

This can add rule for specific device but major and minor can be both
-1 which follows the same behavior as in cgroup v1.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-15 12:58:39 +01:00
Pavel Hrdina
b18b0ce609 vircgroup: introduce virCgroupV2DevicesGetKey
Device rules are stored in BPF map that is a hash type, this function
will create a key based on major and minor id of device.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-11-15 12:58:38 +01:00