Commit Graph

30026 Commits

Author SHA1 Message Date
Daniel P. Berrangé
feac14fa2e conf: add support for disk "rotation_rate" property
This lets the app expose the virtual SCSI or IDE disks as solid state
devices by setting a rate of '1', or rotational media by setting a
rate between 1025 and 65534.

https://bugzilla.redhat.com/show_bug.cgi?id=1498955

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-04-01 15:11:38 +01:00
Kristina Hanicova
6336fcd9f8 XML <source bridge='VMnet0'/> update in <interface type='bridge'/>
Previously, we accepted empty bridge name, because some old versions of
VMWare Workstation did not put it into the config. But this doesn't make
much sense - to have an interface type bridge with no name. We
circumvented this problem by generating an empty name but that is
equally wrong.

Therefore, fill in missing bridge names (according to the documentation
[1] the default bridge name is VMnet0) and error out if bridge name is
missing.

This partially reverts f246cdb5ac

1: https://docs.vmware.com/en/VMware-Workstation-Player-for-Linux/16.0/com.vmware.player.linux.using.doc/GUID-BAFA66C3-81F0-4FCA-84C4-D9F7D258A60A.html

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2021-04-01 13:36:35 +02:00
Daniel P. Berrangé
a9b1375d7d conf: remove duplicated firmware type attribute
The

  <os firmware='efi'>
    <firmware type='efi'>
      <feature enabled='no' name='enrolled-keys'/>
    </firmware>
  </os>

repeats the firmware attribute twice. This has no functional benefit, as
evidenced by fact that we use a single struct field to store both
attributes, while needlessly introducing an error scenario. The XML can
just be simplified to:

  <os firmware='efi'>
    <firmware>
      <feature enabled='no' name='enrolled-keys'/>
    </firmware>
  </os>

which also means that we don't need to emit the empty element
<firmware type='efi'/> for all existing configs too.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-03-30 10:19:42 +01:00
Michal Privoznik
cadfefd3ce qemu_driver: Acquire MODIFY job in qemuDomainStartDirtyRateCalc()
This API talks to QEMU and changes its internal state. Therefore,
it should acquire QEMU_JOB_MODIFY instead of QEMU_JOB_QUERY.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2021-03-30 10:05:10 +02:00
Daniel P. Berrangé
dfbe4f4c9b remote: don't allow dirty rate API with read permission
This API interacts with the hypervisor and makes changes to its
behaviour, so must be protected by the write permission.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-03-29 13:39:23 +01:00
Tim Wiederhake
c5d4d0198f qemuProcessUpdateGuestCPU: Check host cpu for forbidden features
See https://bugzilla.redhat.com/show_bug.cgi?id=1840770

Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com
2021-03-26 11:40:55 +01:00
Tim Wiederhake
a839fcbe62 cpu: Introduce virCPUCheckForbiddenFeatures
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com
2021-03-26 11:40:52 +01:00
Tim Wiederhake
1e1db67836 virCPUDefFindFeature: Make first argument const ptr
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com
2021-03-26 11:40:39 +01:00
wangjian
59788a5cae node_device_udev: Serialize access to pci_get_strings)_
Since the functions provided by libpciaccess are not thread-safe,
when the udev-event and nodedev-init threads of libvirt call the
pci_get_strings function provided by libpaciaccess at the same
time the following can happen:

nodedev-init thread:
nodeStateInitializeEnumerate ->
  udevEnumerateDevices->
    udevProcessDeviceListEntry ->
      udevAddOneDevice ->
        udevGetDeviceDetails->
          udevProcessPCI ->
            udevTranslatePCIIds ->
              pci_get_strings -> (libpciaccess)
                find_device_name ->
                  populate_vendor ->
                    d = realloc( vend->devices, (vend->num_devices + 1), * sizeof( struct pci_device_leaf ) );
                    vend->num_devices++;

udev-event thread:
udevEventHandleThread ->
  udevHandleOneDevice ->
    udevAddOneDevice->
      udevGetDeviceDetails->
        udevProcessPCI ->
          udevTranslatePCIIds ->
            pci_get_strings -> (libpciaccess)
              find_device_name ->
                populate_vendor ->
                  d = realloc( vend->devices, (vend->num_devices + 1), * sizeof( struct pci_device_leaf ) );
                  vend->num_devices++;

Signed-off-by: WangJian <wangjian161@huawei.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-26 11:06:21 +01:00
Michal Privoznik
5f9330e724 lib: Undo some g_steal_pointer() changes
Recently, a few commits back I've switched bunch of code to
g_steal_pointer() using coccinelle. Problem was that the semantic
patch used was slightly off:

  @@
  expression a, b;
  @@

  + b = g_steal_pointer(&a);
  - b = a;
    ... when != a
  - a = NULL;

Problem is that, "... when != a" is supposed to jump over those
lines, which don't contain expression a. My idea was to replace
the following pattern too:

  ptrX = ptrY;
  if (something(ptrZ) < 0) goto error;
  ptrY = NULL;

But what I missed is that the following pattern is also matched
and replaced:

  ptrX = ptrY;
  if (something(ptrX) < 0) goto error;
  ptrY = NULL;

This is not necessarily correct - as demonstrated by our hotplug
code. The real problem is ambiguous memory ownership transfer
(functions which add device to domain def take ownership only on
success), but to not tackle the real issue let's revert those
parts.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-03-26 10:11:57 +01:00
Michal Privoznik
af09d7a37a virnetsocket: Revert part of g_steal_pointer() rewrite
Turns out, the way that glib implements g_steal_pointer() is not
compatible with function callbacks. And that's what my recent
patch did in virNetSocketEventFree(). Revert that part.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-03-26 10:11:57 +01:00
Michal Privoznik
ae1201fab4 vz: Add case for VIR_DRV_FEATURE_NETWORK_UPDATE_HAS_CORRECT_ORDER
In one of my recent patches I've introduced new connection
feature VIR_DRV_FEATURE_NETWORK_UPDATE_HAS_CORRECT_ORDER.
However, I forgot to add corresponding case into a switch in
vzConnectSupportsFeature().

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-25 13:01:09 +01:00
Michal Privoznik
b0f78d626a lib: Fix calling of virNetworkUpdate() driver callback
The order in which virNetworkUpdate() accepts @section and
@command arguments is not the same as in which it passes them
onto networkUpdate() callback. Until recently, it did not really
matter, because calling the API on client side meant arguments
were encoded in reversed order (compared to the public API), but
then on the server it was fixed again - because the server
decoded RPC (still swapped), called public API (still swapped)
and in turn called the network driver callback (with reversing
the order - so magically fixing the order).

Long story short, if the public API is called even number of
times those swaps cancel each other out. The problem is when the
API is called an odd numbed of times - which happens with split
daemons and the right URI. There's one call in the client (e.g.
virsh net-update), the other in a hypervisor daemon (say
virtqemud) which ends up calling the API in the virnetworkd.

The fix is obvious - fix the order in which arguments are passed
to the callback.

But, to maintain compatibility with older, yet unfixed, daemons
new connection feature is introduced. The feature is detected
just before calling the callback and allows client to pass
arguments in correct order (talking to fixed daemon) or in
reversed order (talking to older daemon).

Unfortunately, older client talking to newer daemon can't be
fixed. Let's hope that it's less frequent scenario.

Fixes: 574b9bc66b
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1870552
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2021-03-25 10:10:23 +01:00
Michal Privoznik
94741bc53e network: Implement virConnectSupportsFeature()
So far, it was not needed, but shortly a client will want to know
whether virNetworkUpdate() API is fixed or not. See next commits
for more info.

Side note, this driver's implementation is called only when using
sub-driver's connection, i.e. "network:///system". For any other
URI the corresponding hypervisor's driver callback is called.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2021-03-25 10:10:14 +01:00
Laine Stump
98e22ff749 qemu: increase locked memory limit when a vDPA device is present
Just like VFIO devices, vDPA devices may need to have all guest memory
pages locked/pinned in order to operate properly. In the case of VFIO
devices (including mdev and NVME, which also use VFIO) libvirt
automatically increases the locked memory limit when one of those
devices is present. This patch modifies that code to also increase the
limit if there are any vDPA devices present.

Resolves: https://bugzilla.redhat.com/1939776
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-03-24 15:06:08 -04:00
Laine Stump
e7068a0bc2 qemu: account for mdev devices in getPPC64MemLockLimitBytes()
This function is a specialized version of
qemuDomainGetMemLockLimitBytes() for PPC64. Simplifying it in the same
manner as the previous patch has the nice side effect of accounting
for the possibility of an mdev device

(I don't know if mdev devices are supported on PPC, but even if not
then a) the additional check for mdev devices gained by using
qemuDomainNeedsVFIO() in place of open coding will be an effective
NOP, and b) if mdev devices are supported on PPC64 in the future, this
function will be prepared for it).

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-03-24 15:06:08 -04:00
Laine Stump
0789edc86a qemu: simplify qemuDomainGetMemLockLimitBytes()
This function goes through a loop checking if each hostdev is a VFIO
or mdev device, and then later it calls virDomainDefHasNVMEDisk(). The
function qemuDomainNeedsVFIO() does exactly the same thing, so let's
just call that instead.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-03-24 15:06:08 -04:00
Laine Stump
43d8d16161 conf: new function virDomainDefHasVDPANet()
This function returns true if the domain has any interfaces that are
type='vdpa'.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-03-24 15:06:08 -04:00
Michal Privoznik
0c30e7221c lib: Use g_steal_pointer() more
Generated by the following spatch:

  @@
  expression a, b;
  @@

  + b = g_steal_pointer(&a);
  - b = a;
    ... when != a
  - a = NULL;

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2021-03-24 13:57:51 +01:00
Michal Privoznik
cebd40590c esx: Fix @doms pointer steal in esxConnectListAllDomains()
The ESX implementation of virConnectListAllDomains() follows
pretty much implementations in other drivers: it has local array
of virDomainPtr-s which (if requested by caller) is filled by
actual domains or not (if the caller is interested only in the
count of domains).

Anyway, in case of the former, the passed @domains argument is
set to the local array, which is then set to NULL to prevent it
from freeing under cleanup label. Pretty standard pattern.
Except, the local array is set to NULL always. Even if the local
array is not stolen. Fortunately, this doesn't lead to a memory
leak, because if caller is not interested in the array, none is
allocated. But it doesn't set good example and also breaks my
spatch rules.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2021-03-24 13:57:51 +01:00
Laine Stump
96e99e4948 util: don't log error if SRIOV PF has no associated netdev
Some SRIOV PFs don't have a netdev associated with them (the spec
apparently doesn't require it). In most cases when libvirt is dealing
with an SRIOV VF, that VF must have a PF, and the PF *must* have an
associated netdev (the only way to set the MAC address of a VF is by
sending a netlink message to the netdev of that VF's PF). But there
are times when we don't need for the PF to have a netdev; in
particular, when we're just getting the Switchdev Features for a VF,
we don't need the PF netdev - the netdev of the VF (apparently) works
just as well.

Commit 6452e2f5 (libvirt 5.1.0) *kind of* made libvirt work around PFs
with no netdevs in this case - if virNetDevGetPhysicalFunction
returned an error when setting up to retrieve Switchdev feature info,
it would ignore the error, and then check if the PF netdev name was
NULL and, if so it would reset the error object and continue on rather
than returning early with a failure. The problem is that by the time
this special handling occured, the error message about missing netdev
had already been logged, which was harmless to proper operation, but
confused the user.

Fortunately there are only 2 users of virNetDevGetPhysicalFunction, so
it is easy to redefine it's API to state that a missing netdev name is
*not* an error - in that case it will still return success, but the
caller must be prepared for the PF netdev name to be NULL. After
making this change, we can modify the two callers to behave properly
with the new semantics (for one of the callers it *is* still an error,
so the error message is moved there, but for the other it is okay to
continue), and our spurious error messages are a thing of the past.

Resolves: https://bugzilla.redhat.com/1924616
Fixes: 6452e2f5e1
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-23 14:56:45 -04:00
Kristina Hanicova
511bdb0bb2 qemu: don't raise error upon interface update without <frames/> for <rx/> in coalesce
With this, incomplete XML without <frames/> for <rx/> in coalesce
won't raise error as before. It will leave the coalesce parameter
empty, thanks to passing it as a parameter and return an integer
to indicate error state - previously it returned pointer (or NULL
for both error and incomplete XML).
I also added a test case to test this functionality in the
qemuxml2xmltest.

The code went through some refactoring:
* change of a condition
* addition of a parameter
* change of order, that allowed removal of VIR_FREE
* removal of redundant labels and variables

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1535930
Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2021-03-23 15:37:45 +01:00
Daniel Henrique Barboza
e2602f2bb1 domain_cgroup.c: update domain after setting blkio.weight
Commit ac87d3520a consolidated common cgroup code between the QEMU and
lxc drivers in domain_cgroup.c. In this process, in
virDomainCgroupSetupDomainBlkioParameters(), a call to
virCgroupGetBlkioWeight() went missing.

The result is that 'virsh blkiotune' is setting the blkio.weight for the
guest in the host cgroup, but not on the domain XML, because
virCgroupGetBlkioWeight() is also used to write the blkio.weight value
in the domain object.

Fix it by adding the virCgroupGetBlkioWeight() call in the
virDomainCgroupSetupDomainBlkioParameters() helper.

Fixes: ac87d3520a
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1941407
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-03-23 10:15:30 -03:00
Peter Krempa
8fdc37711b virDomainCheckpointRedefinePrep: Assign default bitmap names when domain XML is missing
Previously we'd assign the default checkpoint bitmap names in
virDomainCheckpointAlignDisks. In cases when the checkpoint is redefined
without a domain XML virDomainCheckpointAlignDisks is not called.

Add an explicit call to virDomainCheckpointDefAssignBitmapNames to
restore functionality.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-03-23 14:06:31 +01:00
Peter Krempa
3a340872f8 qemuCheckpointDiscardBitmaps: Refuse to delete checkpoint with NULL bitmap name
When a checkpoint is redefined without providing the domain XML, we
might end up with a definition where the per-disk bitmap name is not
set. Trying to delete such checkpoint would lead to a crash.

Refuse such deletion.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1941600
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-03-23 14:06:31 +01:00
Peter Krempa
f763b6e439 qemu: capabilities: Enable detection of QEMU_CAPS_OBJECT_QAPIFIED
Base the detection on the presence of the 'secret' qom-type entry, which
isn't conditionally compiled in qemu.

All caps-based test now switch to using JSON for -object.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-23 14:06:31 +01:00
Peter Krempa
4f33b817b2 qemu: command: Use JSON for QAPIfied -object directly
Skip the lossy conversion to legacy commandline arguments by using the
JSON props directly when -object is QAPIfied. This avoids issues with
conversion of bitmaps and also allows validation of the generated JSON
against the QMP schema in the tests.

Since the new approach is triggered by a qemu capability the code
from 'virQEMUBuildObjectCommandlineFromJSON' in util/virqemu.c was moved
to 'qemuBuildObjectCommandlineFromJSON' in qemu/qemu_command.c which has
the virQEMUCaps type.

Some functions needed to be modified to propagate qemuCaps.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-23 14:06:31 +01:00
Peter Krempa
96850dfe21 qemu: monitor: Don't add 'props' wrapper if qemu has QEMU_CAPS_OBJECT_QAPIFIED
Set 'objectAddNoWrap' when the capability is present.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-23 14:06:31 +01:00
Peter Krempa
71828a7bc0 qemuMonitorCreateObjectPropsWrap: Open-code in qemuBuildMemoryBackendProps
There's just one caller left. Since qemuBuildMemoryBackendProps is too
complex to be modified for now, just move the adding of 'id' and 'qom'
type directly into the function.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-23 14:06:31 +01:00
Peter Krempa
e0eeb2cc67 qemu: monitor: Make wrapping of 'props' of 'object-add' optional
Construct the JSON object which is used for object-add without the
'props' wrapper and add the wrapper only in the monitor code.

This simplifies the JSON->commandline generator in the first place and
also prepares for upcoming qemu where 'props' will be removed.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-23 14:06:31 +01:00
Peter Krempa
3d50ecc9bb qemu: capabilities: Introduce QEMU_CAPS_OBJECT_QAPIFIED
Starting from qemu-6.0 the parameters of -object/object-add are formally
described by the QAPI schema. Additionally this changes the nesting of
the properties as the 'props' nested object will be flattened to the
parent.

We'll need to detect whether qemu switched to this new approach to
generate the objects with proper nesting and also allow testing.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-23 14:06:31 +01:00
Peter Krempa
ced521d050 virQEMUQAPISchemaTraverse: Fix quoting in comment
It tripped up highlighter in my editor.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-23 14:06:31 +01:00
Michal Privoznik
c116b94814 domain_conf: Don't leak def->os.firmwareFeatures
The firmwareFeatures member of virDomainOSDef struct is allocated
in virDomainDefParseBootFirmwareOptions() but never freed.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2021-03-23 13:56:34 +01:00
Michal Privoznik
77f8e48fc3 domain_conf: Separate virDomainOS clear into a function
The virDomainDefFree() function frees individual members of
virDomainDef struct. The function is already long enough, move
code that handles def->os member into a separate function.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2021-03-23 13:56:34 +01:00
Jiri Denemark
9eb7e9e817 util: Make virReallocN return void
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2021-03-22 12:44:18 +01:00
Jiri Denemark
1107c0b9c3 Do not check return value of VIR_REALLOC_N
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2021-03-22 12:44:18 +01:00
Jiri Denemark
52ef4a9af2 util: Make virExpandN return void
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2021-03-22 12:44:18 +01:00
Jiri Denemark
7d2fd6ef01 Do not check return value of VIR_EXPAND_N
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2021-03-22 12:44:18 +01:00
Jiri Denemark
ea5e926bb6 util: Make virResizeN return void
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2021-03-22 12:44:18 +01:00
Jiri Denemark
244204eccd Do not check return value of VIR_RESIZE_N
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2021-03-22 12:44:18 +01:00
Jiri Denemark
be664a41f9 util: Drop G_GNUC_WARN_UNUSED_RESULT from reallocation APIs
Our reallocation APIs already abort on OOM and thus can only return 0.
There's no need to force callers to check the result.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2021-03-22 12:44:18 +01:00
Jiri Denemark
b8c919b5b4 qemu: Drop redundant checks for qemuCaps before virQEMUCapsGet
virQEMUCapsGet checks for qemuCaps itself, no need to do it explicitly.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2021-03-22 12:44:18 +01:00
Jiri Denemark
d5c9acc166 qemu: Use g_autoptr in qemuMonitorJSONSetCapabilities
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2021-03-22 12:44:18 +01:00
Jiri Denemark
90a5be6416 qemu: Use g_autofree in qemuMigrationJobCheckStatus
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2021-03-22 12:44:18 +01:00
Jiri Denemark
df92ccb494 qemu: Update asyncOwnerAPI when entering async job phase
In case an async job spans multiple APIs (e.g., incoming migration) the
API that started the job is recorded as the asyncOwnerAPI even though it
is no longer running and the owner thread is updated properly to the one
currently handling the job. Let's also update asyncOwnerAPI to make it
more obvious which is the current (or the most recent) API involved in
the job.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2021-03-22 12:44:18 +01:00
Andrea Bolognani
af41380672 qemu: Only raise memlock limit if necessary
Attempting to set the memlock limit might fail if we're running
in a containerized environment where CAP_SYS_RESOURCE is not
available, and if the limit is already high enough there's no
point in trying to raise it anyway.

https://bugzilla.redhat.com/show_bug.cgi?id=1916346

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-22 12:05:18 +01:00
Andrea Bolognani
b4967d7498 qemu: Refactor qemuDomainAdjustMaxMemLock()
Store the current memory locking limit and the desired one
separately, which will help with later changes.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-22 12:05:18 +01:00
Andrea Bolognani
a6b2804513 qemu: Don't ignore virProcessGetMaxMemLock() errors
Now that we've implemented a fallback for the function that
obtains the information from /proc, there is no reason we would
get a failure unless there's something seriously wrong with the
environment we're running in, in which case we're better off
reporting the issue to the user rather than pretending
everything is fine.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-22 12:05:18 +01:00
Andrea Bolognani
90fe839f8a util: Try to get limits from /proc
Calling prlimit() requires elevated privileges, specifically
CAP_SYS_RESOURCE, and getrlimit() only works for the current
process which is too limiting for our needs; /proc/$pid/limits,
on the other hand, can be read by any process, so implement
parsing that file as a fallback for when prlimit() fails.

This is useful in containerized environments.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-22 12:05:18 +01:00
Roman Bogorodskiy
63bed955df bhyve: add <os firmware='efi'> support
Implement "<os firmware='efi'>" support for bhyve driver.
As there are not really lot of options, try to find
"BHYVE_UEFI.fd" firmware which is installed by the
sysutils/uefi-edk2-bhyve FreeBSD port.

If not found, just use the first found firmware
in the firmwares directory (which is configurable via
config file).

Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-20 07:53:45 +04:00
Peter Krempa
8967ad7be6 qemu: backup: Restore security label on backup disk store image on VM termination
When the backup job is terminated normally the security label is
restored by the blockjob finishing handler.

If the VM dies or is destroyed that wouldn't happen as the blockjob
handler wouldn't be called.

Restore the security label on disk store where we remember that the job
was running at the point when 'qemuBackupJobTerminate' was called.

Not resetting the security label means that we also leak the xattr
attributes remembering the label which prevents any further use of the
file, which is a problem for block devices.

This also requires that the call to 'qemuBackupJobTerminate' from
'qemuProcessStop' happens only after 'vm->pid' was reset as otherwise
the security subdrivers attempt to enter the process namespace which
fails if the process isn't running any more.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1939082
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-19 16:41:39 +01:00
Peter Krempa
272017484e qemu: backup: Enable full backup support
qemuBackupBegin can take a full backup of the disks (excluding any
operations with bitmaps) without the need to wait for the
blockdev-reopen support in qemu.

Add a check that no checkpoint creation is required and the disk backup
mode isn't VIR_DOMAIN_BACKUP_DISK_BACKUP_MODE_INCREMENTAL.

Call to virDomainBackupAlignDisks is moved earlier as it initializes the
disk backup mode if not present in user config.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-19 16:41:39 +01:00
Peter Krempa
12758f040a qemu: capabilities: Introduce QEMU_CAPS_BLOCKDEV_BACKUP
Upcoming commit will enable full backup support (incremental part
requires blockdev-reopen, which won't happen in qemu for at least
another release).

Add a capability that the 'blockdev-backup' job is supported by qemu
capped, but limited to when qemu supports QEMU_CAPS_BLOCKDEV.

We can also use it in the expression to enable
QEMU_CAPS_INCREMENTAL_BACKUP since it's a pre-requisite too.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-19 16:41:39 +01:00
Pavel Hrdina
c91fa27306 qemu: implement support for firmware auto-selection feature filtering
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 18:42:29 +01:00
Pavel Hrdina
cff524af6c conf: introduce support for firmware auto-selection feature filtering
When the firmware auto-selection was introduced it always picked first
usable firmware based on the JSON descriptions on the host. It is
possible to add/remove/change the JSON files but it will always be for
the whole host.

This patch introduces support for configuring the auto-selection per VM
by adding users an option to limit what features they would like to have
available in the firmware.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 18:42:26 +01:00
Pavel Hrdina
6330be1ba3 conf: use switch in virDomainDefParseBootOptions
The original code used a lot of conditions and was not that obvious
when each XML bits are parsed.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 18:42:24 +01:00
Pavel Hrdina
108cb29c1c conf: introduce virDomainDefParseBootAcpiOptions
Extract the code to it's own function.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 18:42:22 +01:00
Pavel Hrdina
b8dd70db4e conf: introduce virDomainDefParseBootLoaderOptions
Extract the code to it's own function.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 18:42:20 +01:00
Pavel Hrdina
bcf97abfc6 conf: introduce virDomainDefParseBootFirmwareOptions
Extract the code to it's own function.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 18:42:18 +01:00
Pavel Hrdina
bf9b3f8e57 conf: introduce virDomainDefParseBootKernelOptions
Extract the code to it's own function.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 18:42:16 +01:00
Pavel Hrdina
b07116438c conf: introduce virDomainDefParseBootInitOptions
Extract the code to it's own function.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 18:42:11 +01:00
Kristina Hanicova
25d3b41e5e domain_validate: XML validate that non-virtio video devices have none virtio options
With this, XML fails if non-virtio video devices have virtio
options. Previously it didn't raise error.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1922093
Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 15:03:49 +01:00
Kristina Hanicova
b5d25b8183 domain_validate: Move virDomainCheckVirtioOptionsAreAbsent() a few lines forward
Move this function in order to use it in the next patch before
its previous declaration.

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 15:03:01 +01:00
Kristina Hanicova
e6c6efc208 domain_conf: Refactor virDomainDeviceInfoParseXML to use XPath
Currently, virDomainDeviceInfoParseXML() uses node->children
evaluation which is too verbose. Use XPath evaluation which is
nicer.

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 14:30:25 +01:00
Kristina Hanicova
df3359fb18 domain_conf: Propagate xmlXPathContextPtr into virDomainDeviceInfoParseXML()
Function virDomainDeviceInfoParseXML() will need it soon, because it
will be doing XPath evaluation.

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 14:30:16 +01:00
Jonathon Jongsma
caf23cdc9b nodedev: Don't crash when exiting before init is done
If libvirtd is terminated before the node driver finishes
initialization, it can crash with a backtrace similar to the following:

    Stack trace of thread 1922933:
    #0  0x00007f8515178774 g_hash_table_find (libglib-2.0.so.0)
    #1  0x00007f851593ea98 virHashSearch (libvirt.so.0)
    #2  0x00007f8515a1dd83 virNodeDeviceObjListSearch (libvirt.so.0)
    #3  0x00007f84cceb40a1 udevAddOneDevice (libvirt_driver_nodedev.so)
    #4  0x00007f84cceb5fae nodeStateInitializeEnumerate (libvirt_driver_nodedev.so)
    #5  0x00007f85159840cb virThreadHelper (libvirt.so.0)
    #6  0x00007f8511c7d14a start_thread (libpthread.so.0)
    #7  0x00007f851442bdb3 __clone (libc.so.6)

    Stack trace of thread 1922863:
    #0  0x00007f851442651d syscall (libc.so.6)
    #1  0x00007f85159842d4 virThreadSelfID (libvirt.so.0)
    #2  0x00007f851594e240 virLogFormatString (libvirt.so.0)
    #3  0x00007f851596635d vir_object_finalize (libvirt.so.0)
    #4  0x00007f8514efe8e9 g_object_unref (libgobject-2.0.so.0)
    #5  0x00007f85159667f8 virObjectUnref (libvirt.so.0)
    #6  0x00007f851517755f g_hash_table_remove_all_nodes.part.0 (libglib-2.0.so.0)
    #7  0x00007f8515177e62 g_hash_table_unref (libglib-2.0.so.0)
    #8  0x00007f851596637e vir_object_finalize (libvirt.so.0)
    #9  0x00007f8514efe8e9 g_object_unref (libgobject-2.0.so.0)
    #10 0x00007f85159667f8 virObjectUnref (libvirt.so.0)
    #11 0x00007f84cceb2b42 nodeStateCleanup (libvirt_driver_nodedev.so)
    #12 0x00007f8515b37950 virStateCleanup (libvirt.so.0)
    #13 0x00005648085348e8 main (libvirtd)
    #14 0x00007f8514352493 __libc_start_main (libc.so.6)
    #15 0x00005648085350fe _start (libvirtd)

This is because the initial population of the device list is done in a
separate initialization thread. If we attempt to exit libvirtd before
this init thread has completed, we'll try to free the device list while
accessing it from the other thread. In order to guarantee that this
init thread is not accessing the device list when we're cleaning up the
nodedev driver, make it joinable and wait for it to finish before
proceding with the cleanup. This is similar to how we handle the udev
event handler thread.

The separate initialization thread was added in commit
9f0ae0b1.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1836865

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 13:09:44 +01:00
Kristina Hanicova
aaa98e3cfa virxml: Fix possible memory leak in virXMLNodeContentString()
Previously, if xml node passed to the virXMLNodeContentString()
was not of type XML_ELEMENT_NODE, @ret could have caused a memory
leak because xmlNodeGetContent() works for other types of nodes
as well.

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 12:45:05 +01:00
Hao Wang
fee42ea120 migration/dirtyrate: Extend dirtyrate statistics for domGetStats
Extend dirtyrate statistics for domGetStats to display the information
of a domain's memory dirty rate produced by domainStartDirtyRateCalc.

Signed-off-by: Hao Wang <wanghao232@huawei.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 08:50:25 +01:00
Hao Wang
4ae60b1caf migration/dirtyrate: Implement qemuMonitorQueryDirtyRate
Implement qemuMonitorQueryDirtyRate which query domain's memory
dirty rate calling qmp "query-dirty-rate".

Signed-off-by: Hao Wang <wanghao232@huawei.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 08:50:25 +01:00
Hao Wang
fbe99823e2 migration/dirtyrate: Implement qemuDomainStartDirtyRateCalc
Implement qemuDomainStartDirtyRateCalc which calculates domain's memory
dirty rate calling qmp "calc-dirty-rate".

Signed-off-by: Hao Wang <wanghao232@huawei.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 08:50:25 +01:00
Hao Wang
df5c5c3e60 migration/dirtyrate: Introduce virDomainStartDirtyRateCalc API
Introduce virDomainStartDirtyRateCalc API for start calculation of
a domain's memory dirty rate with a specified time.

Signed-off-by: Hao Wang <wanghao232@huawei.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 08:50:25 +01:00
Daniel P. Berrangé
0a92f70c8f docs: stop mentioning insecure / broken SASL mechanisms
We don't need to go to the trouble of telling users about existance of
insecure SASL mechanisms only to then say that they shouldn't be used.
We should only tell people about the GSSAPI mechanism for TCP sockets.

For the SCRAM mechanism we should be telling people about the SHA256
variant only, and also warning that the password database stores the
passwords in clear text.

Reviewed-by: Erik Skultety <eskultet@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-03-17 09:31:57 +00:00
Daniel P. Berrangé
fa56310e18 util: tell users that memory locking ulimit is too low for BPF
If running libvirtd via systemd, it gets a 64 MB memlock limit, but if
running from the shell it will only get 64 KB on a Fedora 33 system.
The latter low limit causes any attempt to use BPF to fail and it is
not obvious why.

This improves the error message thus:

  # virsh -c lxc:/// start sh
error: Failed to start domain 'sh'
error: internal error: guest failed to start: Failure in libvirt_lxc startup: failed to initialize device BPF map; locked memory limit for libvirtd probably needs to be raised: Operation not permitted

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-03-17 09:16:44 +00:00
Daniel P. Berrangé
695bdb3841 src: ensure GSource background unref happens in correct event loop
The g_idle_add function adds a callback to the primary GMainContext.

To workaround the GSource unref bugs, we need to add our callbacks
to the GMainContext that is associated with the GSource being
unref'd. Thus code using the per-VM virEventThread must use its
private GMainContext.

Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-03-17 09:16:05 +00:00
Michal Privoznik
d8576d70e5 lib: Debug print all arguments of virNetworkUpdate()
Somehow, command argument was not printed into debug logs. It is
imperative that all arguments are logged.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-03-16 09:17:08 +01:00
Michal Privoznik
6e9c4811be qemu_process: Use accessor for def->mem.total_memory
When connecting to the monitor, a timeout is calculated that is
bigger the more memory guest has (because QEMU has to allocate
and possibly zero out the memory and what not, empirically
deducted). However, when computing the timeout the @total_memory
mmember is accessed directly even though
virDomainDefGetMemoryTotal() should have been used.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-03-16 09:16:13 +01:00
Pavel Hrdina
10bf55c99f qemu_driver: fix setting vcpu_quota if not all vCPUs are online
When switching to g_autoptr this was incorrectly changed from
'continue;' into 'return -1;' resulting into an error when user tries
to set vcpu_quota of running VM:

    error: An error occurred, but the cause is unknown

Fixes: e4a8bbfaf2
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2021-03-15 15:00:53 +01:00
Michal Privoznik
9d3cd0c1d4 lib: Put some variable declarations on individual lines
In short, virXXXPtr type is going away. With big bang. And to
help us rewrite the code with a sed script, it's better if each
variable is declared on its own line.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-03-15 09:38:18 +01:00
Michal Privoznik
a1d058a1db virconftypes: Fix name of virCapsGuestArchPtr
The name is supposed to be virCapsGuestArchPtr not ..ptr.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-03-15 09:37:33 +01:00
Michal Privoznik
4fc66ab262 gendispatch: Don't use virXXXPtr for internal types
The use of virXXXPtr is going away soon, therefore use 'virXXX *'
instead.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-03-15 09:36:21 +01:00
Michal Privoznik
ab9afee6e7 virsysinfo: Define and use auto cleanup func for virSysinfoDef properly
What we are using really is heap allocated structure rather than
stack allocated. And for that it's better to use g_autoptr() +
G_DEFINE_AUTOPTR_CLEANUP_FUNC() combo, as Glib documentation for
g_auto() reads:

  This is meant to be used with stack-allocated structures and
  non-pointer types. For the (more commonly used) pointer
  version, see g_autoptr().

This will be even more visible, when virSysinfoDefPtr type is
gone. Stay tuned.

Fixes: cee3a900a0
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-03-15 09:34:18 +01:00
Michal Privoznik
52a937d8a2 qemu_shim: Don't hang if failed to start domain
The qemu shim spawns a separate thread in which the event loop is
ran. The virEventRunDefaultImpl() call is wrapped in a while()
loop, just like it should. There are few lines of code around
which try to ensure that domain is destroyed (when quitting) and
that the last round of event loop is ran after the
virDomainDestroy() call. Only after that the loop is quit from
and the thread quits.

However, if domain creation fails, there is no @dom to call
destroy over, the @quit flag is never set and while() never
exits. Set the flag regardless of @dom pointer.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1920337
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2021-03-12 17:05:52 +01:00
Peter Krempa
ba2593bddc qemu: command: Generate commandline of iothread objects JSON
The commandline generator for 'iothread' objects has a private
implementation of the properties. Convert it to JSON so that it can be
later validated.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-03-12 16:15:05 +01:00
Peter Krempa
9d5a668d4a qemu: command: Generate commandline of 'sev0' sev-guest object via JSON
While the 'sev0' sev-guest object will never be hotplugged, but we want
to generate it through JSON so that we'll be able to validate all
parameters of '-object' against the QAPI schema once 'object-add' is
qapified in qemu.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-03-12 16:15:05 +01:00
Peter Krempa
f4e00d6d61 qemu: command: Generate commandline of 'masterKey0' secret via JSON
While the 'masterKey0' secret object will never be hotplugged we want to
generate it through JSON so that we'll be able to validate all
parameters of '-object' against the QAPI schema once 'object-add' is
qapified in qemu.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-03-12 16:15:05 +01:00
Peter Krempa
ccc6dd8f11 virtlo(g|ck)d: Fix exec-restart
Commit 94e45d1042 broke exec-restart of virtlogd and virtlockd as the
code waiting for the daemon shutdown closed the daemons before
exec-restarting.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1912243
Fixes: 94e45d1042
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-12 16:08:28 +01:00
Peter Krempa
c363f03e6d virnetdaemon: Introduce virNetDaemonQuitExecRestart
Recent changes which meant to fix daemon shutdown broke the exec-restart
capability of virtlogd and virtlockd, since the code actually closed all
the sockets and shut down all the internals.

Add virNetDaemonQuitExecRestart, which requests a shutdown of the
process, but keeps all the services open and registered since they are
preserved across the restart.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-12 16:08:28 +01:00
Michal Privoznik
76f3b2988b qemu_shim: Always pre-create root dir
This problem is reproducible only with secret driver. When
starting a domain via virt-qemu-run and both secret and
(nonexistent) root directory specified this is what happens:

1) virt-qemu-run opens "secret:///embed?root=$rootdir"
   connection, which results in the secret driver initialization
   (done in secretStateInitialize()). During this process, the
   driver creates its own configDir (derived from $rootdir)
   including those parents which don't exists yet. This is all
   done with the mode S_IRWXU and thus results in the $rootdir
   being created with very restrictive mode (specifically, +x is
   missing for group and others).

2) now, virt-qemu-run opens "qemu:///embed?root=$rootdir" and
   calls virDomainCreateXML(). This results in the master-key.aes
   being written somewhere under the $rootdir and telling qemu
   where to find it.

But because the secret driver created $rootdir with too
restrictive mode, qemu can't access the file (even though it
knows the full path) and fails to start.

It looks like the best solution is to pre-create the root
directory before opening any connection (letting any driver
initialize itself) and set its mode to something less
restrictive.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1859873
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2021-03-12 15:40:13 +01:00
Michal Privoznik
b1fef73225 virConnectOpen: Require root dir to be absolute path
In theory, users might want to use a relative path as a root
directory for embed drivers. But in practice, nothing in driver
initialization (specifically QEMU driver since it's the only one
that supports embedding now), is prepared for that. Document and
enforce absolute paths.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1883725
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2021-03-12 15:40:13 +01:00
Peter Krempa
eab7ae6bfe virLockSpaceNewPostExecRestart: Fix out-of-bounds array access
'res->owners' is allocated to 'res->nOwners' elements, but unfortunately
'res->nOwners' doesn't contain the proper value until after the
allocation so 0 elements are allocated. The following loop which assumes
that the array has the right number of elements then accesses the
pointer out of bounds. The bug was also faithfully converted from
VIR_ALLOC_N to g_new0.

Fixes: 4a3d6ed5ee
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-12 11:02:35 +01:00
Peter Krempa
6b8e961399 virLockSpacePreExecRestart: Avoid use-after-free
Recent refactor marked 'object' which is returned from the function as
autofree but forgot to use g_steal_pointer in the return statement to
prevent freeing it.

Fixes: 9a1651f64d
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-12 11:02:35 +01:00
Peter Krempa
55d175c073 qemuBackupJobTerminate: Fix job termination for inactive VMs
Commit cb29e4e801 didn't take into account that the VM can be inactive
when it's destroyed. This means that the job would remain active also
when the VM became inactive.

To fix this properly:

1) Remove the bogus VM liveness check and early return
    (reverts the aforementioned commit)

2) Conditionalize the stats assignment only when the stats object is
   present
    (properly fix the crash when VM dies when reconnecting)

3) end the asyncjob only when it was already set
   (prevent corruption of priv->jobs_queued)

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1937598
Fixes: cb29e4e801
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-03-12 10:59:05 +01:00
Peter Krempa
aa372e5a01 backup: Store 'apiFlags' in private section of virDomainBackupDef
'qemuBackupJobTerminate' needs the API flags to see whether
VIR_DOMAIN_BACKUP_BEGIN_REUSE_EXTERNAL. Unfortunately when called via
qemuProcessReconnect()->qemuProcessStop() early (e.g. if the qemu
process died while we were reconnecting) the job is cleared temporarily
so that other APIs can be called. This would mean that we couldn't clean
up the files in some cases.

Save the 'apiFlags' inside the backup object and set it from the
'qemuDomainJobObj' 'apiFlags' member when reconnecting to a VM.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-03-12 10:59:05 +01:00
Peter Krempa
07c6e493b2 virSystemdCreateMachine: Use proper format string for uint64_t when constructing gvariant
g_variant_new_parsed uses '%t' for a uint64_t rather than printf-like
%llu. Additionally ensure that the passed value is a uint64_t since the
argument used is a 'unsigned int'.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1937287
Fixes: bf5f2ed09c
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2021-03-12 10:59:05 +01:00
Peter Krempa
d380dd0efd util: virstring: Remove virStrncpy
The function is now unused and motivated users to write crazy parsers
which were hard to understand, had pointless error paths just to avoid
few memory allocations.

Remove the function as we're fine with g_strndup and virStrcpy.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-03-12 10:57:42 +01:00
Peter Krempa
a7cb4dbca5 xenParseVif: Refactor parser
Use g_strsplit to split the string and avoid use of stack'd strings.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-12 10:57:42 +01:00
Michal Privoznik
c2840e90ea virutil: Do not use g_get_host_name() to obtain hostname
The problem is that g_get_host_name() caches the hostname in a
thread local variable. Therefore, it doesn't reflect any
subsequent hostname changes. While this might be acceptable for
logs where the hostname is printed exactly once when the libvirtd
starts up, it is not optimal for virGetHostnameImpl() which is
what our public virConnectGetHostname() API calls. If the
hostname at the moment of the first API invocation happens to
start with "localhost" or contains a dot, then no further
hostname changes will ever be reflected.

This reverts 26d9748ff1, partially.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-03-12 08:45:04 +01:00
Peter Krempa
2d91b1405d virNetLibsshAuthenticatePrivkeyCb: Use virStrcpy instead of virStrncpy
We already assume that 'retr_passphrase.result' is a string, thus we can
use virStrcpy instead.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-03-11 18:00:35 +01:00
Peter Krempa
1b50f2d102 virNetLibsshAuthenticatePrivkeyCb: Use g_autofree for 'actual_prompt'
So that the 'error' label can be removed.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-03-11 18:00:35 +01:00
Peter Krempa
08372887ec xenParseXLUSB: Rewrite to avoid virStrncpy
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-03-11 18:00:35 +01:00
Peter Krempa
207a9db8eb xenParseXLUSBController: Avoid use of virStrncpy
Use g_strndup with a freed buffer instead of the more complex approach
using virStrncpy.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-03-11 18:00:35 +01:00
Peter Krempa
bd1728e969 xenParseXLChannel: Use g_strndup instead of virStrncpy
Make the temporary string an autofree-ing pointer and copy the contents.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-03-11 18:00:35 +01:00
Peter Krempa
dae4dddb12 openvzReadNetworkConf: Rework parser
Rewrite so that the parser doesn't use virStrncpy by employing
g_strsplit.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-03-11 18:00:35 +01:00
Peter Krempa
8b0e845d67 xenParseSxprSound: Refactor parsing of model list
Copy the input string so that we don't have to use a static buffer and
virStrncpy.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-03-11 18:00:35 +01:00
Kristina Hanicova
f11f32326f XML validate that 'ramfb' has no address
With this, XML fails if config video type 'ramfb' contains
address, since address is not supported for 'ramfb' video
devices. Previously it didn't raise error.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1891416
Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2021-03-10 20:07:09 +01:00
Yi Li
7dfa87aed3 virQEMUCapsInitQMPArch: Refactor cleanup
Switch to using the 'g_auto*' helpers.

Signed-off-by: Yi Li <yili@winhong.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2021-03-10 19:57:49 +01:00
Daniel P. Berrangé
16634feb1d qemu: wire up support for backend specific audio settings
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-03-09 22:58:53 +00:00
Daniel P. Berrangé
3e97d81a81 conf: add support for audio backend specific settings
This pulls in the remaining QEMU audio backend specific settings to the
XML schema.

    <audio id="1" type="alsa">
      <input dev="/dev/dsp0"/>
      <output dev="/dev/dsp1"/>
    </audio>

    <audio id="1" type="coreaudio">
      <input bufferCount="50"/>
      <output bufferCount="42"/>
    </audio>

    <audio id="1" type="file" path="audio.wav"/>

    <audio id="1" type="jack">
      <input serverName="fish" clientName="food" connectPorts="yum"/>
      <output serverName="fish" clientName="food" connectPorts="yum"/>
    </audio>

    <audio id="1" type="oss" tryMMap="yes" exclusive="yes" dspPolicy="3">
      <input dev="/dev/dsp0" bufferCount="50" tryPoll="yes"/>
      <output dev="/dev/dsp1" bufferCount="30" tryPoll="no"/>
    </audio>

    <audio id="1" type="pulseaudio" serverName="acme.example.org">
      <input name="fish" streamName="food" latency="100"/>
      <output name="fish" streamName="food" latency="200"/>
    </audio>

    <audio type='sdl' id='1' driver='pulseaudio'>
      <input bufferCount='40'/>
      <output bufferCount='40'/>
    </audio>

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-03-09 22:58:49 +00:00
Daniel P. Berrangé
c99e72d18d qemu: wire up support for common audio backend settings
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-03-09 22:58:45 +00:00
Daniel P. Berrangé
46b77b3e6a conf: introduce support for common audio settings
This introduces support for the QEMU audio settings that are common to
all audio backends. These are expressed in the QAPI schema as settings
common to all backends, but in reality some backends ignore some of
them. For example, some backends are output only. The parser isn't
attempting to apply restrictions that QEMU itself doesn't apply.

    <audio id='1' type='pulseaudio'>
      <input mixingEngine='yes' fixedSettings='yes' voices='1' bufferLength='100'>
        <settings frequency='44100' channels='2' format='s16'/>
      </input>
      <output mixingEngine='yes' fixedSettings='yes' voices='2' bufferLength='100'>
        <settings frequency='22050' channels='4' format='f32'/>
      </output>
    </audio>

The <settings> child is only valid if fixedSettings='yes'

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-03-09 22:58:39 +00:00
Daniel P. Berrangé
d96fb5cb31 qemu: add support for generating -audiodev arguments
The -audiodev argument is replacing the QEMU_AUDIO_DRV env variable (and
its relations).

Sadly we still have to use the SDL_AUDIODRIVER env variable because that
wasn't mapped into QAPI schema.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-03-09 22:58:36 +00:00
Daniel P. Berrangé
e07994aade qemu: probe for -vnc audiodev property
The -audiodev arg is a new way to configure audio devices in QEMU to
replace the QEMU_AUDIO_DRV env variable. This arg is not visible in
the "query-command-line-options" output since it is entirely QAPI
driven, not QemuOpts. It also isn't in "query-qmp-schema" though
since there's no QMP command that uses the Audiodev type yet.

So probe for the existance of this feature by looking for the
-vnc "audiodev" property. This won't let us determine which
precise audio backends QEMU has been built with, but for now
that's no worse than with env variables today.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-03-09 22:58:33 +00:00
Daniel P. Berrangé
e88367095f qemu: populate <audio> element with default config
Currently the QEMU driver secretly sets the QEMU_AUDIO_DRV env variable

 - VNC - set to "none", unless passthrough of host env variable is set
 - SPICE - always set to "spice"
 - SDL - always passthrough host env
 - No graphics - set to "none", unless passthrough of host env variable is set

The setting of the QEMU_AUDIO_DRV env variable is done in the code which
configures graphics.

If no <audio> element is present, we now auto-populate <audio> elements
to reflect this historical default config. This avoids need to set audio
env when processing graphics.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-03-09 22:58:30 +00:00
Daniel P. Berrangé
6be99c99c5 qemu: support use of <audio> elements
Currently the QEMU driver secretly sets the QEMU_AUDIO_DRV env variable
depending on how <graphics> are configured.

This introduces support for configuring audio backends from the <audio>
elements in the XML config.

The existing default behaviour is now only used if no <audio> element is
present.

All except the 'jack' audio driver are supported via QEMU's old env
variable config.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-03-09 22:58:26 +00:00
Daniel P. Berrangé
efdab67f44 conf: rename and improve virDomainDefFindAudioForSound
The virDomainDefFindAudioForSound only takes a virDomainSoundDefPtr as
its arg, but we want to use the same functionality for VNC graphics.
In addition if audio ID is zero, then we want to return the first
available audio backend.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-03-09 22:58:23 +00:00
Daniel P. Berrangé
562a495b92 conf: add validation of audio backend IDs
Validate that if a non-zero audio ID is given for <sound> or <graphics>
elements, it must map to an <audio> backend that exists.

Validate that audio IDs given in <audio> are unique.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-03-09 22:58:20 +00:00
Daniel P. Berrangé
cf1c5c6344 conf: add support for audio backend for the VNC server
When there are multiple <audio> backends specified, it is possible to
assign a specific one to the VNC server using

  <graphics type='vnc'...>
    <audio id='1'/>
  </graphics>

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-03-09 22:58:18 +00:00
Daniel P. Berrangé
915b637257 conf: add coverage for all QEMU audio backend types
The current <audio> element only allows an "OSS" audio backend, as this
is all that BHyve needed. This is now extended to cover most QEMU audio
backends. These backends all have a variety of attributes they support,
but this initial impl does the bare minimum, relying on built-in
defaults for everything. The only QEMU backend omitted is "dsound" since
the libvirt QEMU driver is not built on Windows platforms.

The SDL audio driver names are based on the SDL 2.0 drivers. It is not
intended to support SDL 1.2 drivers.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-03-09 22:58:15 +00:00
Daniel P. Berrangé
8149518ee1 conf: refactor OSS audio backend specific options
To prepare for the introduction for more backend specific audio options,
move the OSS options into a dedicated struct and introduce separate
helper methods for parse/format/free.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-03-09 22:58:12 +00:00
Daniel P. Berrangé
d0ae9b429a conf: add missing iteration over audio backends
Fixes 9375bc7373
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-03-09 22:58:07 +00:00
Daniel P. Berrangé
657999b04f conf: add helper to test for sound device codec support
The check for ICH6 || ICH9 is repeated in many places in the code. The
new virDomainSoundModelSupportsCodecs() method provides a helper to
standardize this check.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-03-09 22:58:04 +00:00
Daniel P. Berrangé
fe304b02f0 conf: don't force existance of audio child elements
The attributes on the elements are optional, so we should not force the
elements themselves to be present, especially since we omit them when
formating the XML thus breaking round-tripping.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-03-09 22:58:00 +00:00
Daniel P. Berrangé
d6b79a64e6 conf: stronger error reporting when parsing audio related params
Check for varuous mandatory elements and improve error message
clarity

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-03-09 22:57:48 +00:00
Aleksei Zakharov
4719ec15e9 qemu: add per-vcpu delay stats
This patch adds delay time (steal time inside guest) to libvirt
domain per-vcpu stats. Delay time is an important performance metric.
It is a consequence of the overloaded CPU. Knowledge of the delay
time of a virtual machine helps to understand if it is affected and
estimate the impact.

As a result, it is possible to react exactly when needed and
rebalance the load between hosts. This is used by cloud providers
to provide quality of service, especially when the CPU is
oversubscribed.

It's more convenient to work with this metric in a context of a
libvirt domain. Any monitoring software may use this information.

Signed-off-by: Aleksei Zakharov <zaharov@selectel.ru>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-09 13:35:05 +01:00
Andrea Bolognani
9b2f6c1030 util: Fix error reporting in virnetlink
The preprocessor macro we use to check whether we're on Linux
has not been spelled properly, and so we will always report the
error message intended for other platforms.

Fixes: 879bcee08c
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-09 13:33:09 +01:00
Peter Krempa
568d7358ab qemuMigrationSrcRun: Don't jump to 'exit_monitor' from outside of the monitor
Failure of 'qemuMigrationSetDBusVMState' would jump to 'exit_monitor'
but the function isn't called inside of the monitor context.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2021-03-09 13:27:43 +01:00
Michal Privoznik
01e206c3e3 virnetdevbandwidth: Don't generate burst outside of boundaries
When generating TC rules for domain's outbound traffic, Libvirt
will use the 'average' as the default for 'burst' - it's been
this way since the feature introduction in v0.9.4-rc1~22. The
reason is that 'average' considers 'burst' for policing. However,
when parsing its command line TC uses an unsigned int (with
overflow detection) to store the 'burst' size. This means, that
the upper limit for the value is UINT_MAX, well UINT_MAX / 1024
because we are putting the value in KiB onto the command line.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1912210
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-09 09:56:48 +01:00
Andrea Bolognani
6564cb01e1 tests: Mock virProcessGetMaxMemLock()
Up until now we've implicitly relied on the fact that failures
reported from this function were simply ignored, but that's
about to change and so we need a proper mock.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-08 22:41:40 +01:00
Andrea Bolognani
b431f3c7fd conf: Rename original_memlock -> originalMemlock
That's more consistent with our usual naming convention.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-08 22:41:40 +01:00
Andrea Bolognani
cfeb497f3f util: Don't special-case setting a limit to zero
This behavior reflects the needs of the QEMU driver and has no
place in a generic module such as virProcess.

Thanks to the changes made with the previous commit, it is now
safe to remove these checks and make all virProcessSetMax*()
functions finally behave the same way.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-08 22:41:40 +01:00
Andrea Bolognani
c2180c2fd6 qemu: Set limits only when explicitly asked to do so
The current code is written under the assumption that, for all
limits except the core size, asking for the limit to be set to
zero is a no-op, and so the operation is performed
unconditionally.

While this is the behavior we want for the QEMU driver, the
virCommand and virProcess facilities are generic, and should not
implement this kind of policy: asking for a limit to be set to
zero should result in that limit being set to zero every single
time.

Add some checks in the QEMU driver, effectively moving the
policy where it belongs.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-08 22:41:40 +01:00
Andrea Bolognani
e098340cc4 util: Have virCommand remember whether limits are set
Currently this only happens for the core size, but we want the
behavior to be consistent for other limits as well.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-08 22:41:40 +01:00
Andrea Bolognani
bd33680f02 qemu: Set all limits at the same time
qemuProcessLaunch() is the correct place to set process limits,
and in fact is where we were dealing with almost all of them,
but the memory locking limit was handled in
qemuBuildCommandLine() instead for some reason.

The code is rewritten so that the desired limit is calculated
and applied in separated steps, which will help with further
changes, but this doesn't alter the behavior.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-08 22:41:40 +01:00
Andrea Bolognani
9bf5c00f9b qemu: Make some minor tweaks
Doing this now will make the next changes nicer.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-08 22:41:40 +01:00
Andrea Bolognani
6a6d6bb520 util: Introduce virProcess{Get,Set}Limit()
These functions abstract part of the existing logic, which is
the same in all virProcessSetMax*() functions, and changes it
so that which underlying syscall is used depends on their
availability rather than on the context in which they are
called: since prlimit() and {g,s}etrlimit() have slightly
different requirements, using the same one every single time
should make for a more consistent experience.

As part of the change, we also remove the special case for
passing zero to virProcessSetMax*() functions: we have removed
all callers that depended on that functionality in the previous
commit, so this is now safe to do and makes the semantics
simpler.

This commit is better viewed with 'git show -w'.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-08 22:41:40 +01:00
Andrea Bolognani
3d44a809c2 util: Always pass a pid to virProcessSetMax*()
Currently, the functions accept either an explicit pid or zero,
in which case the current process should be modified: the latter
might sound like a convenient little feature, but in reality
obtaining the pid of the current process is a single additional
function call away, so it hardly makes a difference.

Removing the few cases in which we're passing zero will allow us
to simplify and improve the functions later.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-08 22:41:40 +01:00
Daniel P. Berrangé
fe82fdfb52 qemu: wire up support for VNC power control options
This allows the VNC client user to perform a shutdown, reboot and reset
of the VM from the host side.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-03-08 21:04:06 +00:00
Daniel P. Berrangé
bad5280a53 qemu: probe for -vnc power-control option support
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-03-08 21:04:06 +00:00
Daniel P. Berrangé
f84f04350b conf: add support for VNC power control setting
The <graphics type="vnc" .... powerControl="yes"/> option instructs the
VNC server to enable an extension that lets the client perform a
graceful shutdown, reboot and hard reset.

This is enabled by default since it cannot be assumed that the VNC
client user has administrator rights over the guest OS. In the case
where the VNC user is a guest administrator though, it is reasonable
to allow direct power control host side too.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-03-08 21:04:06 +00:00
Andrea Bolognani
4114fb2712 util: Simplify stubs
Calling a stub should always result in ENOSYS being raised,
regardless of what arguments are passed to it.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-08 18:55:23 +01:00
Andrea Bolognani
0f5e0b44d7 util: Document limit-related functions
We're going to change their behavior, so it's good to have the
current one documented to serve as baseline.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-08 18:55:21 +01:00
Michal Privoznik
4f30c1bb8c virDevMapperGetTargetsImpl: Use correct length when copying into dm.name
For reasons unknown, when rewriting this code and dropping
libdevmapper I've mistakenly used incorrect length of dm.name. In
linux/dm-ioctl.h the dm_ioctl struct is defined as follows:

  #define DM_NAME_LEN 128

  struct dm_ioctl {
    ...
    char name[DM_NAME_LEN];     /* device name */
    ...
  };

However, when copying string into this member, DM_TABLE_DEPS was
used, which is defined as follows:

  #define DM_TABLE_DEPS    _IOWR(DM_IOCTL, DM_TABLE_DEPS_CMD, struct dm_ioctl)

After decryption, this results in the following size: 3241737483.

Fixes: 2249455654
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-03-08 12:16:13 +01:00
Roman Bogorodskiy
d5b2644815 meson: tools: depend on keycode generated sources
Tools depend on keycode generated sources, so declare that as an
explicit dependency, otherwise it might fail with:

../tools/virsh-completer-domain.c:35:10: fatal error: 'virkeynametable_linux.h' file not found
         ^~~~~~~~~~~~~~~~~~~~~~~~~

Fixes: b0f4cf25a6
Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-03-05 20:05:54 +04:00
Peter Krempa
0a3d0c610a virFirewallApply: Fix possible NULL dereference on error
Commit bbc25f0d03 juggled around some
error reporting. Unfortunately virFirewallApply tries to report the
errno stored in the firewall object and we'd try to do that when the
firewall object is NULL too. Report EINVAL if 'firewall' is NULL.

Found by Coverity.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2021-03-05 15:33:34 +01:00
Peter Krempa
1553e72567 virBufferAdd: Ensure that the buffer is initialized also when len == 0
There's an optimization in virBufferAdd which returns early when the
length of the added string is 0 (given that auto-indent is disabled).

The optimization causes inconsistent behaviour between these two cases:

 virBufferAdd(buf, "", 0);  // this doesn't initialize the buffer

and

 virBufferAdd(buf, "", -1); //this initializes the buffer

Since using an empty string is used to prime the buffer to an empty
string it can be confusing. Remove the optimization.

This fixes such a wrong initialization done in x86FeatureNames.

Note that our code in many places expects that if no virBuffer APIs are
used on a buffer object, then NULL should be retured, so we can't always
prime the buffer to an empty string.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-03-05 15:33:34 +01:00
Peter Krempa
3a11950af2 conf: Rewrite network virtio driver formatting using virXMLFormatElement
Simplify the logic picking which element form to format by using
virBuffers for the partial properties and virXMLFormatElement for
combining them.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-03-05 15:33:34 +01:00
Peter Krempa
4851a99ee0 virHostCPUGetStatsLinux: Avoid 'strcpy'
Use an allocated buffer for 'cpu_header' so that g_strdup(_printf) can
be used to fill it.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-05 15:33:34 +01:00
Peter Krempa
14a4f7cbf2 remote_daemon_dispatch: Replace g_new + strcpy with g_strdup
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-05 15:33:34 +01:00
Peter Krempa
ec809ba4ed virIndexToDiskName: Use g_string_prepend(_c) to improve readability
Use a dynamic string helper so that we don't have to calculate the
string lengths and then iterate from the rear.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-05 15:33:34 +01:00
Peter Krempa
3b5eab6e25 virIndexToDiskName: Make 'idx' unsigned and remove check
We can remove the check that 'idx' is negative by forcing callers to
pass unsigned numbers, which they do already or have a check that 'idx'
is positive.

This in turn allows us to remove most return value NULL checks.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-05 15:33:34 +01:00