Commit Graph

51246 Commits

Author SHA1 Message Date
Michal Privoznik
4df8dc576f vircommand: Make sysconf(_SC_OPEN_MAX) failure non-fatal
The point of calling sysconf(_SC_OPEN_MAX) is to allocate big
enough bitmap so that subsequent call to
virCommandMassCloseGetFDsDir() can just set the bit instead of
expanding memory (this code runs in a forked off child and thus
using async-signal-unsafe functions like malloc() is a bit
tricky).

But on some systems the limit for opened FDs is virtually
non-existent (typically macOS Ventura started reporting EINVAL).

But with both glibc and musl using malloc() after fork() is safe.
And with sufficiently new glib too, as it's using malloc() with
newer releases instead of their own allocator.

Therefore, pick a sufficiently large value (glibc falls back to
256, [1], Darwin to 10240 [2] so 10240 should be good enough) to
fall back to and make the error non-fatal.

1: https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/unix/sysv/linux/getdtsz.c;h=4c5a6208067d2f9eaaac6dba652702fb4af9b7e3;hb=HEAD
2  https://github.com/apple/darwin-xnu/blob/main/bsd/sys/syslimits.h#L104

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2024-09-13 14:50:43 +02:00
Michal Privoznik
6ded014ba3 vircommand: Isolate FD dir parsing into a separate function
So far, virCommandMassCloseGetFDsLinux() opens "/proc/self/fd",
iterates over it marking opened FDs in @fds bitmap. Well, we can
do the same on other systems (with altered path), like MacOS or
FreeBSD. Therefore, isolate dir iteration into a separate
function that accepts dir path as an argument.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2024-09-13 14:50:43 +02:00
Michal Privoznik
dfe496ae33 vircommand: Drop unused arguments from virCommandMassCloseGetFDs*()
Both virCommandMassCloseGetFDsLinux() and
virCommandMassCloseGetFDsGeneric() take @cmd argument only to
mark it as unused. Drop it from both.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2024-09-13 14:50:43 +02:00
Martin Kletzander
8cf7d0d457 tests: Add caps2xml and resctrl data from the wild
Add tests for two new system dumps which show various configurations
that were fixed in the previous commits.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-09-13 12:57:42 +02:00
Martin Kletzander
bfad111c43 resctrl: Use cache IDs instead of max_id/max_cache_id
It is not guaranteed for the cache IDs to be continuous, especially for
L3 caches.  Hence do not assume so and instead record the individual IDs
in a virBitmap.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-09-13 12:57:41 +02:00
Martin Kletzander
f3fd0664cf resctrl: Don't assume MBA availability in virResctrlAllocNewFromInfo
Weirdly, the existence of /sys/fs/resctrl/info/MB does not always mean
that MBA is available and used on the system.  Instead of assuming that
copy the values from the default (root) allocation.  This also makes it
nicer to use the proper values in case the system does not use
percentages or when the root allocation already limits the bandwidth.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-09-13 12:55:39 +02:00
Martin Kletzander
bc97a2c043 capabilities: Also report L2 caches
Since some systems support control for L2 caches as well as L3 caches it
would be useful to report their configuration in capabilities.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-09-13 12:55:39 +02:00
Martin Kletzander
4437a775dc resctrl: Add virResctrlInfoPerTypeFree
It will be easier to add more dynamic data later on.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-09-13 12:55:39 +02:00
Martin Kletzander
7c40f1ead9 resctrl: Add virResctrlInfoMemBWFree
It will be easier to add more dynamic data later on

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-09-13 12:55:39 +02:00
Martin Kletzander
03b6383f33 resctrl: Move virResctrlAllocCopyMemBW up in the file
This way it can be used later in virResctrlAllocGetUnused().

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-09-13 12:55:39 +02:00
Martin Kletzander
d7e3a15a98 resctrl: Relax the limit of maximum memory bandwidth allocation
The value 100 represented the percentage as it was originally done from
Intel in the Linux kernel and on their CPUs.  Since then the situation
changed and there is no error-prone way of figuring out the meaning of
the value in the current configuration, let alone its possible maximum.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-09-13 12:55:39 +02:00
Martin Kletzander
b4f93ae8af docs: Document memory bandwidth allocation limits more clearly
The meaning of the values as well as their maximums are hard to predict
and accounting for all the possibilities (which by the way might change
during daemon's execution) is borderline hallucinatory.  There is
already a way we represent them, which is the same as the Linux kernel.
We do not interpret them at all, just blindly use them.  In order to
make this more apparent for the users change the documentation for the
<memorytune/> (not <memtune/>) element more boldly.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-09-13 12:55:39 +02:00
Martin Kletzander
eae19bb505 resctrl: Account for memory bandwidth of 0 being valid
In some scenarios the memory bandwidth in the schemata file might be 0
and so can the minimum allocation in other ones.  Remove checks which
were added for extra cautiousness.

Resolves: https://issues.redhat.com/browse/RHEL-54235
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-09-13 12:55:39 +02:00
Jim Fehlig
b04730f6f2 docs: Clarify hypervisor support for nwfilter profiles
Enhance the 'since' annotation of <filterref> documentation to note
it's only supported by the QEMU, LXC, and ch hypervisor drivers.

Suggested-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2024-09-12 15:40:28 -06:00
Stepan Zobal
f60e5f87d4 documentation: Remove untrue statement in GetVersion() description
The description of virConnectGetVersion() says the function might only
work with a privileged access to the hypervisor, not with a read-only
connection.  However that is not true since commit a2e2e4652f and can
be safely removed.

Signed-off-by: Stepan Zobal <szobal@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2024-09-12 15:53:10 +02:00
Göran Uddeborg
0186a13f54 Translated using Weblate (Swedish)
Currently translated at 86.4% (9094 of 10521 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/sv/

Signed-off-by: Göran Uddeborg <goeran@uddeborg.se>
2024-09-12 14:44:04 +02:00
Göran Uddeborg
80faf18068 Translated using Weblate (Swedish)
Currently translated at 86.3% (9086 of 10521 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/sv/

Signed-off-by: Göran Uddeborg <goeran@uddeborg.se>
2024-09-12 14:44:04 +02:00
Jakub Palacky
cc05007a43 vmx: use xmlBufferDetach() when applicable
xmlBuffer->content was deprecated in libxml2 v2.13.0-33-gb34dc1e4
xmlBufferDetach(xmlBuffer) should be used instead

Signed-off-by: Jakub Palacky <jpalacky@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-09-12 14:52:55 +02:00
Jakub Palacky
09ebe53349 util/virxml: use xmlCtxtGetLastError when applicable
xmlParserCtxt->lastError was deprecated in libxml2 v2.13.0-103-g1228b4e0
xmlCtxtGetLastError(xmlParserCtxt) should be used instead

Signed-off-by: Jakub Palacky <jpalacky@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-09-12 14:52:55 +02:00
Jakub Palacky
317139a316 util/virutil: Use readpassphrase when libbsd is available
When libbsd is available, use the preferred readpassphrase() function isntead of getpass()
as the getpass() function has been marked as obsolete and shouldnt be used

Signed-off-by: Jakub Palacky <jpalacky@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-09-12 13:12:47 +02:00
Richard W.M. Jones
94e8a5b650 vmx: Allow '*' to appear in VMX file keys
When connecting to a VMware server (eg using vpx://) we download and
try to parse the VMware metadata '*.vmx' file of a guest.  In this
case a VMX file was found which contained this key:

  pciPassthru*.present = "False"

The '*' character was not previously allowed in keys so this failed to
parse with the error:

  VIR_ERR_CONF_SYNTAX: VIR_FROM_CONF: configuration file syntax error:
  memory conf:74: expecting an assignment

Resolves: https://issues.redhat.com/browse/RHEL-58446
Thanks: Daniel Berrange
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2024-09-12 09:51:58 +02:00
Tom
5f6ccb0875 Allow apparmor parser to be executed in /usr/bin
This commit modifies the AppArmor profile for virt-aa-helper to
accommodate an observed behavior in certain Linux distributions,
such as ArchLinux.

In these distributions, /usr/sbin symlinks to /usr/bin. To ensure
that virt-aa-helper can execute apparmor_parser when it resides
in /usr/bin, the profile has been updated accordingly.

Signed-off-by: Tom <libvirt-patch@douile.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2024-09-12 09:44:20 +02:00
Peter Krempa
d15b7c3859 qemuxmlconfttest: Add test case for invalid disk target
Add a test case that the numeric overflow when parsing disk target is
detected.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2024-09-10 14:26:52 +02:00
Peter Krempa
e562b16ede virDiskNameParse: Fix integer overflow in disk name parsing
The conversion to index entails multiplication and accumulation by user
provided data which can easily overflow, use VIR_MULTIPLY_ADD_IS_OVERFLOW
to check if the string is valid.

Closes: https://gitlab.com/libvirt/libvirt/-/issues/674
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2024-09-10 14:26:39 +02:00
Peter Krempa
a9ede822da virconf: Properly fix numeric overflow when parsing numbers in conf files
The previous fix didn't check the overflow in addition. Use the new
macro to check both multiplication and addition overflows.

Fixes: 8666523b7d
Closes: https://gitlab.com/libvirt/libvirt/-/issues/671
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2024-09-10 14:26:31 +02:00
Peter Krempa
23cb613606 internal: Add helper macro for checking multiply and add overflows
The macro does the two checks together so that it's obvious what we're
checking as doing it in place is really unpleasant.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2024-09-10 14:26:28 +02:00
Peter Krempa
3c5839973f virDomainFeaturesDefParse: Add comment warning about features being specified repeatedly
Few of the handlers didn't take that possibility into account. Warn
others.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2024-09-10 14:26:24 +02:00
Peter Krempa
ead2419df3 virDomainFeaturesTCGDefParse: Don't leak 'tcg_features' when '<tcg>' feature is repeated
Similarly to other cases users may specify the feature flag multiple
times.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2024-09-10 14:26:20 +02:00
Peter Krempa
574769ceb6 virDomainFeaturesHyperVDefParse: Don't overwrite hypervisor vendor_id
In case when the user specifies the '<hyperv/>' feature multiple times
we could overwrite already parsed data. Clear it beforehand.

As before this isn't trying to address the case of features being
specified multiple times not making much sense.

Closes: https://gitlab.com/libvirt/libvirt/-/issues/675
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2024-09-10 14:26:09 +02:00
Peter Krempa
8e28f2c5c2 virBitmapShrink: Do not attempt to clear bits beyond end of buffer
'virBitmapShrink' clears the bits beyond the end of the bitmap when
shrinking and then reallocates to match the new size. As it uses the
address of the first bit beyond the bitmap to do the clearing it can
overrun the allocated buffer if we're not actually going to shrink it
and the last bit's address is on the chunk boundary.

Fix it by returning in that corner case and add few more tests to be
sure.

Closes: https://gitlab.com/libvirt/libvirt/-/issues/673
Fixes: d6e582da80
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2024-09-10 14:25:37 +02:00
Peter Krempa
bc02cb9506 virDomainDefParseBootInitOptions: Don't leak 'name' on failure
One of the failure paths skips code which would assign the string from
the temporary variable to the parsed struct, thus leaking it on failure.

Closes: https://gitlab.com/libvirt/libvirt/-/issues/672
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2024-09-10 14:24:48 +02:00
Michal Privoznik
2feeefc0b4 cpu_map: Install SierraForest description file
In one of recent commits new CPU model was introduced. But
corresponding change in meson.build is missing which results in
the XML file not being installed.

Fixes: 3afbb1644c
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2024-09-09 09:30:04 +02:00
Göran Uddeborg
b7a133f200 Translated using Weblate (Swedish)
Currently translated at 85.9% (9045 of 10521 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/sv/

Signed-off-by: Göran Uddeborg <goeran@uddeborg.se>
2024-09-07 22:38:49 +02:00
Peter Krempa
ecffc91d02 qemuBackupDiskDataCleanupOne: Don't skip rest of cleanup if we can't enter monitor
Recent fix to use the proper 'async' monitor function would cause
libvirt to leak some of the objects it's supposed to clean up in other
places besides qemu.

Don't skip the whole function on failure to enter the job but just the
monitor section.

Fixes: 9b22c25548
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-09-06 18:14:34 +02:00
Peter Krempa
8666523b7d virconf: Fix numeric overflow when parsing numbers in conf files
The number is parsed manually without making sure it'll fit.

Fixes: 3bbac7cdb6
Closes: https://gitlab.com/libvirt/libvirt/-/issues/671
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-09-06 18:14:34 +02:00
Peter Krempa
5d77061d7e conf: Don't overwrite KVM feature config struct if the feature is present twice
Don't allocate the struct if it exists already. This sidesteps the
discussion about whether forbidding multiple feature definitions makes
sense.

Fixes: a8e0f9c682
Closes: https://gitlab.com/libvirt/libvirt/-/issues/670
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-09-06 18:14:34 +02:00
Tim Wiederhake
3afbb1644c cpu_map: Add SierraForest CPU model
This was added in qemu commit 6e82d3b6220777667968a04c87e1667f164ebe88.

Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-09-06 18:10:15 +02:00
Tim Wiederhake
6ac72ea6dd cpu_map: Add missing feature "avx-vnni-int16"
Introduced in qemu commit 138c3377a9b27accec516b2c0da90dedef98a780.

Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-09-06 18:10:06 +02:00
Göran Uddeborg
4d3a2c61a3 Translated using Weblate (Swedish)
Currently translated at 85.5% (9005 of 10521 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/sv/

Signed-off-by: Göran Uddeborg <goeran@uddeborg.se>
2024-09-05 22:38:50 +02:00
Andi Chandler
be183218ed Translated using Weblate (English (United Kingdom))
Currently translated at 48.9% (5147 of 10521 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/en_GB/

Signed-off-by: Andi Chandler <andi@gowling.com>
2024-09-05 22:38:49 +02:00
Peter Krempa
9b22c25548 qemu: backup: Use 'async' monitor in 'qemuBackupDiskDataCleanupOne'
'qemuBackupDiskDataCleanupOne()' is entering the monitor while we're in
the async backup job inside 'qemuBackupBegin()' which is semantically
wrong and per upstream report causes crashes if some monitoring commands
are run in parallel.

Use qemuDomainObjEnterMonitorAsync() instead.

Closes: https://gitlab.com/libvirt/libvirt/-/issues/668
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2024-09-05 15:52:26 +02:00
Peter Krempa
2ccb213f94 virshtest: Add test case for script friendly options
Add a bunch of tests verifying that script-friendly options of certain
commands are not changed incompatibly thus potentially breaking user
scripts.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2024-09-05 15:24:55 +02:00
Peter Krempa
fc9442a638 NEWS: Mention breakage of scrip-friendly virsh output
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2024-09-05 15:24:55 +02:00
Peter Krempa
0082148420 virsh: cmdList: Revert to script-friendly output for 'virsh list --uuid'
Commit 271940223c which strived to add
support to use '--uuid' in the table output of 'virsh list' went too far
and also allowed the default table view to be enabled when just '--uuid'
is specified.

This broke the script-friendly output which previously had this format:

 $ virsh list --uuid
 b6d03c07-86f8-4a57-8719-172a5d0359bb

to this script-unfriendly output:

 $ virsh list --uuid
  Id   Name   State     UUID
 -------------------------------------------------------------
  1    ha     running   b6d03c07-86f8-4a57-8719-172a5d0359bb

Using the human friendly output will still be possible by using:

 $ virsh list --table --uuid

Fixes: 271940223c
Closes: https://gitlab.com/libvirt/libvirt/-/issues/666
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2024-09-05 15:24:55 +02:00
Peter Krempa
a35a355b09 tests: qemucapabilitiesdata: Add caps for 'caps_9.1.0_riscv64' (captured on x86_64)
Add a capability dump for 'riscv64' with 'qemu-9.1' release captured
on a x86_64 host as I don't have hardware.

The last dump for riscv64 was done with qemu-8.0 which didn't manifest
the newest features such as CPU type selection and ACPI support.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-09-05 15:24:55 +02:00
Peter Krempa
712b2c8f01 tests: qemucapabilities: Update 'caps_9.1.0_x86_64' for final release
QEMU-9.1 was released so update the capabilities to the final state.

Notable changes:

 - Machine types 'pc-q35-6.1' and 'pc-i440fx-6.1' were deprecated

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-09-05 15:24:55 +02:00
Peter Krempa
61c8a7180e qemuProcessSetupRawIO: Refactor return value and remove useless #ifdef
The function can return directly rather than setting 'ret' as there's no
cleanup.

It also doesn't make sense to conditionally compile out the 'break'
statement when checking whether a disk has rawio enabled if
'CAP_SYS_RAWIO' is _not_ defined as the function will still behave the
same.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2024-09-05 15:24:55 +02:00
Peter Krempa
d02a77c2ff spec: Demote 'nfs-utils' as a weak dependency of 'daemon-driver-storage-core'
The 'nfs-utils' package provides 'showmount' used to detect NFS-based
storage pool sources. As the lookup of storage pool sources can fail
gracefully and does so e.g. if the gluster backend is not installed we
can do the same for NFS.

Apart from allowing a tighter footprint when installing libvirt, this
also allows installation of the storage driver core in cases when a
security policy prohibits use of NFS.

Resolves: https://issues.redhat.com/browse/RHEL-56611
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2024-09-05 15:24:55 +02:00
Peter Krempa
ce1c9bb8ea storage: fs: Remove build-time detection of 'showmount' program
With the new virCommand infrastructure which can find the program in
path automatically we no longer need the build-time detection.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2024-09-05 15:24:55 +02:00
Cole Robinson
6f10d15ca1 spec: Fix dtrace BuildRequires on fedora 41+
/usr/bin/dtrace has been split from `systemtap-sdt-devel` into
`systemtap-sdt-dtrace`

It's forward and backward compatible to require the dtrace binary
directly.

We still need the latter dep though, for sdt.h in generated
libvirt_probes.h

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2024-09-04 11:37:38 -04:00