Base the validation on presence of JSON as we do with other validated
commands. This will prepare the code for a refactor so that it's the
same for all validated commands.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
We validate the generated props against the QMP schema which makes sure
that the objects are generated properly.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Introduce a capability that will be asserted once '-netdev' will accept
JSON. For now it will be dormant (only used by tests).
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Unify it with the upcoming capabilities for -netdev and -device.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
All callers basically end up dumping the buffer into a string and then
adding '-object' 'props' arguments to virCommand. Simplify all callers
by doing this in the function itself.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Input devices of VIR_DOMAIN_INPUT_TYPE_EVDEV type are instantiated via
an '-object' rather than a '-device'. Mixing them in one function is a
bad idea as the caller then needs to use the string correctly which is
not the case in 'qemuDomainAttachInputDevice'.
Generate a JSON object for '-object' explicitly.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Rename the function to 'qemuBuildMemoryCellBackendProps' and return the
properties before conversion to commandline arguments. This requires
changes in the caller.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Enforce that the ':' separator between the key and value is always
present.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
In many cases we use a signed value, but use the sign to note that it
was not assigned. For converting to JSON objects it will be handy to
have possibility to do this automatically.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Commit 58ba0f6a3d added a capability which
is supported by all qemu versions we support. Remove it and the
associated dead code. Since the capability isn't present in any upstream
release we can delete it completely.
Specifically the commit itself states that it was introduced "around
(qemu) 2.1". The rest of the code handles properly that the feature is
used only on x86 with the i440fx machine so the capability is pointless.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
We have input files for those, provide also xml2argv testing since we
have them.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
We can use real example configs to prove the support without the
need for using fake capabilities. Fix the recently added test cases.
The negative case for 'pc-i440fx-acpi-hotplug-bridge-disable' is removed
completely as there is no real qemu libvirt supports which wouldn't
have the capability.
The input file for the negative test on aarch64 is modified so that it's
actually a reasonably valid VM config.
Fixes: bef0f0d8be
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
We can use two real example configs to prove the support without the
need for using fake capabilities. Fix the recently added test cases.
Fixes: 133d7983d6
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
The error that "acpi-bridge-hotplug" is not supported would be triggered
only if both the ICH9 and PIIX don't support the capability and the
machine is q35. This makes no sense.
We want to check that the appropriate platform supports the appropriate
feature.
Fixes: 7300ccc9b3
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Added the following new libvirt conf option to the release note to
indicate their availability with the next release:
<feature>
<pci>
<acpi-bridge-hotplug state='off|on'/>
</pci>
</feature>
Signed-off-by: Ani Sinha <ani@anisinha.ca>
Reviewed-by: Laine Stump <laine@redhat.com>
This change adds backend qemu command line support for new libvirt
global feature 'acpi-bridge-hotplug'. This option can be used as
following:
<feature>
<pci>
<acpi-bridge-hotplug state='off|on'/>
</pci>
</feature>
The '<pci>' sub-element under '<feature>' is also newly introduced.
'acpi-bridge-hotplug' turns on the following command line option to
qemu for x86 guests:
(pc): -global PIIX4_PM.acpi-pci-hotplug-with-bridge-support=<off|on>
(q35): -global ICH9-LPC.acpi-pci-hotplug-with-bridge-support=<off|on>
This change also adds the required qemuxml2argv unit tests in order to
test correct qemu arguments. Unit tests have also been added to test
qemu capability validation checks as well as checks for using this
option with the right architecture.
Signed-off-by: Ani Sinha <ani@anisinha.ca>
Reviewed-by: Laine Stump <laine@redhat.com>
This change introduces a new libvirt sub-element <pci> under
<features> that can be used to configure all pci related features.
Currently the only sub-sub element supported by this sub-element is
'acpi-bridge-hotplug' as shown below:
<features>
<pci>
<acpi-bridge-hotplug state='on|off'/>
</pci>
</features>
The above option is only available for the QEMU driver, for x86 guests
only. It is a global option, affecting all PCI bridge controllers on
the guest.
The 'acpi-bridge-hotplug' option enables or disables ACPI hotplug
support for cold-plugged pci bridges. Examples of bridges include the
PCI-PCI bridge (pci-bridge controller) for pc (i440fx) machinetypes,
or PCIe-PCI bridges and pcie-root-port controllers for q35
machinetypes.
For pc machinetypes in x86, this option has been available in QEMU
since version 2.1. Please see the following changes in qemu repo:
9e047b982452c6 ("piix4: add acpi pci hotplug support")
133a2da488062e ("pc: acpi: generate AML only for PCI0 devices if PCI
bridge hotplug is disabled")
For q35 machinetypes, this was introduced in QEMU 6.1 with the
following changes in qemu repo:
(a) c0e427d6eb5fef ("hw/acpi/ich9: Enable ACPI PCI hot-plug")
(b) 17858a16950860 ("hw/acpi/ich9: Set ACPI PCI hot-plug as default on
Q35")
The reasons for enabling ACPI based hotplug for PCIe (q35) based
machines (as opposed to native hotplug) are outlined in (b). There are
use cases where users would still want to use native
hotplug. Therefore, this config option enables users to choose either
ACPI based hotplug or native hotplug for bridges (for example for pcie
root port controller in q35 machines).
Qemu capability validation checks have also been added along with
related unit tests to exercise the new conf option.
Signed-off-by: Ani Sinha <ani@anisinha.ca>
Reviewed-by: Laine Stump <laine@redhat.com>
qemu added support for i440fx specific global boolean flag
PIIX4_PM.acpi-pci-hotplug-with-bridge-support
around version 2.1. This flag is enabled by default. When disabled, it
turns off acpi pci hotplug for cold plugged pci bridges in i440fx
machine types.
Very recently, in qemu version 6.1, the same global option was also
added for q35 machine types as well.
ICH9-LPC.acpi-pci-hotplug-with-bridge-support
This option turns on or off acpi based hotplug for cold plugged pcie
bridges like pcie root ports. This flag is also enabled by
default. Please refer to the following qemu changes:
c0e427d6eb5fef ("hw/acpi/ich9: Enable ACPI PCI hot-plug")
17858a16950860 ("hw/acpi/ich9: Set ACPI PCI hot-plug as default on Q35")
This patch adds the corresponding qemu capabilities in libvirt. For
i440fx, the capability is detected as
QEMU_CAPS_PIIX_ACPI_HOTPLUG_BRIDGE. For q35, the capability is
detected as QEMU_CAPS_ICH9_ACPI_HOTPLUG_BRIDGE.
Please note that the test specific qemu capabilities .replies files
has already been updated as a part of regular refreshing them when a
new qemu version is released. Hence, no updates to those files are
required.
Signed-off-by: Ani Sinha <ani@anisinha.ca>
Reviewed-by: Laine Stump <laine@redhat.com>
When a server decides to close a client, the
virNetServerClientCloseLocked() is called. In here various
cleanup steps are taken, but the most important part (from this
commit's POV at least) is the way that the socket is closed.
Firstly, removal of the socket associated with the client from
the event loop is signalized and then the socket is unrefed. The
socket is not closed just yet though, because the event loop
holds a reference to it. This reference will be freed as soon as
the event loop wakes up and starts issuing callbacks (in this
case virNetSocketEventFree()).
So far, this is how things usually work. But if the daemon
reaches the number of opened files limit, things start to work
differently.
If the RLIMIT_NOFILE limit is reached and there's a client that
wants to connect then the event loop wakes up, sees POLLIN on the
socket and calls virNetServerServiceAccept() which in turn calls
virNetSocketAccept(). But because of the limit, accept() fails
with EMFILE leaving the POLLIN event unhandled. The dispatch then
continues to next FDs with events on them. BUT, it will NOT call
the socket removal callback (virNetSocketEventFree()) because it
has low priority (G_PRIORITY_DEFAULT_IDLE). Per glib's
documentation:
* Each event source is assigned a priority. The default priority,
* %G_PRIORITY_DEFAULT, is 0. Values less than 0 denote higher priorities.
* Values greater than 0 denote lower priorities. Events from high priority
* sources are always processed before events from lower priority sources.
and per g_idle_add() documentation:
* Adds a function to be called whenever there are no higher priority
* events pending to the default main loop. The function is given the
* default idle priority, %G_PRIORITY_DEFAULT_IDLE.
Now, because we did not accept() the client we are constantly
seeing POLLIN on the main socket and thus the removal of the
client socket won't ever happen.
The fix is to set at least the same priority as other sources,
but since we want to just close an FD, let's give it the highest
priority and call it before handling other events.
This issue can be easily reproduced, for instance:
# ulimit -S -n 40 (tweak this number if needed)
# ./src/libvirtd
from another terminal:
# for ((i=0; i<100; i++)); do virsh list & done; virsh list
The last `virsh list` must not get stuck.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2007168
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
With cgroup v1 I'm seeing LXC container startup failures:
$ sudo virt-install --connect lxc:/// --name test-container --memory 128
--boot init=/bin/sh
Starting install...
ERROR error from service:
GDBus.Error:org.freedesktop.machine1.NoMachineForPID: PID 2145047 does
not belong to any known machine
libvirt 7.0.0 works but 7.1.0+ does not. The root error seems to predate
that, showing up in syslog, but commit 9c1693eff made it fatal:
commit 9c1693eff4
Author: Pavel Hrdina <phrdina@redhat.com>
Date: Fri Feb 5 16:17:35 2021 +0100
vircgroup: use DBus call to systemd for some APIs
The error comes from virSystemdGetMachineByPID. The PID that shows up in
the above error message does not match the leader PID as reported by
machinectl.
This change fixes the error. Things seem to continue to work with
cgroupsv2 after this change.
https://gitlab.com/libvirt/libvirt/-/issues/182
Tested-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
virt-host-validate checks if AMD SEV is enabled by verifying
/sys/module/kvm_amd/parameters/sev is set to '1'. On a system
running kernel 5.13, the parameter is reported as 'Y'. To be
extra paranoid, add a check for 'y' along with 'Y' to complement
the existing check for '1'.
Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1188715
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Other devices (includes 9p-based fsdev) call this wrapper
before formatting the device.
Add it here too.
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
This reverts commit 801e6da29c
They are not needed anymore.
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Reconstruct the socket path from priv->libDir in every user.
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
The mocked path in the test suite is not in sync with what libvirtd
generates.
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Intended as a replacement for qemuVirtioFSCreateSocketFilename,
to be used outside of qemu_virtiofs.c
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
The commit adding the vhost-user-fs device forgot to format
the device's alias on the command line.
Thankfully it was not needed yet because virtiofs migration
is not yet supported, but it will be needed in the future
to allow hot(un)plug.
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
There are few places where we can replace explicit
VIR_FORCE_CLOSE() with VIR_AUTOCLOSE annotation.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
Similarly to virshDomainFree add a wrapper for the snapshot object
freeing function.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
Similarly to virshDomainFree add a wrapper for the snapshot object
freeing function.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
Similarly to virshDomainFree add a wrapper for the snapshot object
freeing function.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
Similarly to virshDomainFree add a wrapper for the snapshot object
freeing function.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
Similarly to virshDomainFree add a wrapper for the snapshot object
freeing function.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
Similarly to virshDomainFree add a wrapper for the snapshot object
freeing function.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
Similarly to virshDomainFree add a wrapper for the snapshot object
freeing function.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
Currently the order of virshXXXFree functions in the header file
does not correspond to the order in the corresponding .c file.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
In case when libvirt runs inside a restricted container it may
not have enough permissions to modify unpriv_sgio. However, it
may have been set beforehand by sysadmin or an orchestration
tool. Therefore, let's check whether the currently set value is
the one we want and if it is refrain from writing to the file.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2010306
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
The --nvram and --keep-nvram options of the undefine command can
be used regardless of the domain status (the only consumer so far
- qemuDomainUndefineFlags() doesn't care about the domain
status). Yet, their corresponding help strings say something
about inactive domains while manpage says nothing. Remove the
reference to domain state.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2007659
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
The capability name piix4-acpi-root-hotplug-en is not conventional and
appreared to be confusing to some. "en" suffix is also incorrect as the
capability in qemu is used to both enable and disable hotplug on the pci root
bus on the i440fx. Hence, rename it to piix4.acpi-root-pci-hotplug so that it
is clearer, less confusing and more accurate.
Signed-off-by: Ani Sinha <ani@anisinha.ca>
Reviewed-by: Laine Stump <laine@redhat.com>
Also introduces a G_DEFINE_AUTOPTR_CLEANUP_FUNC for virCHMonitor.
Signed-off-by: William Douglas <william.douglas@intel.com>
Reviewed-by: Laine Stump <laine@redhat.com>
