Commit Graph

4999 Commits

Author SHA1 Message Date
Michal Privoznik
7fd8e49ef1 internal.h: Introduce and use VIR_IS_POW2()
This macro checks whether given number is an integer power of
two. At the same time, I've identified two places where we check
for pow2 and I'm replacing them with the macro.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Tested-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Tested-by: Han Han <hhan@redhat.com>
2020-12-04 16:24:19 +01:00
Michal Privoznik
32217bb709 viruuid: Rework virUUIDIsValid()
The only test we do when checking for UUID validity is that
whether all bytes are the same (invalid UUID) or not (valid
UUID). The algorithm we use is needlessly complicated.

Also, the checked UUID is not modified and hence the argument can
be of 'const' type.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Tested-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Tested-by: Han Han <hhan@redhat.com>
2020-12-04 16:24:19 +01:00
Daniel P. Berrangé
9801f91a8e util: squelch G_DEFINE_TYPE volatile warnings with GCC 11
In this previous commit:

  commit 65491a2dfe
  Author: Martin Kletzander <mkletzan@redhat.com>
  Date:   Thu Nov 12 13:58:53 2020 +0100

    Do not disable incompatible-pointer-types-discards-qualifiers

We selectively rewrite G_DEFINE_TYPE to avoid warnings about
mismatched volatile/non-volatile pointers that appeared with
CLang when using GLib2 >= 2.67

We have now just hit the reverse problem, GCC >= 11 has started
warning about mismatched volatile/non-volatile pointers but only
with GLib2 < 2.67. The new GLib2 avoids the warning, as does
older GCC.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-12-03 15:01:43 +00:00
John Ferlan
3d48ce9437 util: Fix memory leak in virNetDevOpenvswitchInterfaceGetMaster
Since 032548c4 @cmd was never autofree'd. Perhaps as a result of
VIR_AUTOPTR type changes occurring at roughly the same time so the
copy pasta missed this.

Found by Coverity.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2020-12-02 16:15:43 +01:00
Michal Privoznik
a2196bc238 virstring: Drop VIR_AUTOSTRINGLIST
Now that no one uses VIR_AUTOSTRINGLIST it can be dropped.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-12-02 15:43:21 +01:00
Michal Privoznik
b7d4e6b67e lib: Replace VIR_AUTOSTRINGLIST with GStrv
Glib provides g_auto(GStrv) which is in-place replacement of our
VIR_AUTOSTRINGLIST.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-12-02 15:43:07 +01:00
Daniel Henrique Barboza
97b8518356 virstorageencryption.h: add AUTOPTR_CLEANUP_FUNC for virStorageEncryptionPtr
This will open an opportunity to modernize virDomainDiskDefParseXML()
in the next patch.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2020-12-01 19:27:17 -03:00
Ján Tomko
49c66026cf util: introduce virCommandPassFDIndex
Just like virCommandPassFD, but it also returns an index of
the passed FD in the FD set.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-12-01 17:24:20 +01:00
Michal Privoznik
043b50b948 virJSONValueObjectGetStringArray: Report error if @key is not an array
The virJSONValueObjectGetStringArray() function is given a @key
which is supposed to be an array inside given @object. Well, if
it's not then an error state is returned (NULL), but no error
message is set.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-12-01 17:21:14 +01:00
Pavel Hrdina
0cbcd21b1f vircgroupv2: fix virCgroupV2DenyDevice
The original logic is incorrect. We would delete the device entry
from eBPF map only if the newval would be same as current val in the
map. In case that the device was allowed only as read-only but later
we remove all permissions for that device it would remain in the table
with empty values.

The old code would still deny the device but it's not working as
intended. Instead we will update the value in advance. If the updated
value is 0 it means that we are removing all permissions so it should
be removed from the map, otherwise we will update the value in map.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1810356

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-12-01 12:46:55 +01:00
Pavel Hrdina
ed1ba69f5a vircgroup: fix cpu quota maximum limit
Kernel commit <d505b8af58912ae1e1a211fabc9995b19bd40828> added proper
check for cpu quota maximum limit to prevent internal overflow.

Even though this change is not present in all kernels it makes sense
to enforce the same limit in libvirt.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1750315

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2020-12-01 12:41:36 +01:00
Pavel Hrdina
98a09ca48e vircgroupv2: use defines for cpu period and quota limits
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2020-12-01 12:41:35 +01:00
Pavel Hrdina
bc760f4d7c vircgroupv1: use defines for cpu period and quota limits
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2020-12-01 12:41:33 +01:00
Pavel Hrdina
a818e3f6f0 qemu: move cgroup cpu period and quota defines to vircgroup.h
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2020-12-01 12:41:24 +01:00
Marc-André Lureau
b3dad96972 util: json: add virJSONValueObjectGetStringArray convenience
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Tested-by: Han Han <hhan@redhat.com>
2020-12-01 11:23:37 +01:00
Daniel P. Berrangé
6d69afe451 util: avoid glib event loop workaround where possible
I previously did a workaround for a glib event loop race
that causes crashes:

  commit 0db4743645
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   Tue Jul 28 16:52:47 2020 +0100

    util: avoid crash due to race in glib event loop code

it turns out that the workaround has a significant performance
penalty on I/O intensive workloads. We thus need to avoid the
workaround if we know we have a new enough glib to avoid the
race condition.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Tested-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-11-26 13:30:35 +00:00
Laine Stump
b19863640d util: call iptables directly rather than via firewalld
When libvirt added support for firewalld, we were unable to use
firewalld's higher level rules, because they weren't detailed enough
and could not be applied to the iptables FORWARD or OUTPUT chains
(only to the INPUT chain). Instead we changed our code so that rather
than running the iptables/ip6tables/ebtables binaries ourselves, we
would send these commands to firewalld as "passthrough commands", and
firewalld would run the appropriate program on our behalf.

This was done under the assumption that firewalld was somehow tracking
all these rules, and that this tracking was benefitting proper
operation of firewalld and the system in general.

Several years later this came up in a discussion on IRC, and we
learned from the firewalld developers that, in fact, adding iptables
and ebtables rules with firewalld's passthrough commands actually has
*no* advantage; firewalld doesn't keep track of these rules in any
way, and doesn't use them to tailor the construction of its own rules.

Meanwhile, users have been complaining for some time that whenever
firewalld is restarted on a system with libvirt virtual networks
and/or nwfilter rules active, the system logs would be flooded with
warning messages whining that [lots of different rules] could not be
deleted because they didn't exist. For example:

firewalld[3536040]: WARNING: COMMAND_FAILED:
  '/usr/sbin/iptables -w10 -w --table filter --delete LIBVIRT_OUT
  --out-interface virbr4 --protocol udp --destination-port 68
  --jump ACCEPT' failed: iptables: Bad rule
  (does a matching rule exist in that chain?).

(See https://bugzilla.redhat.com/1790837 for many more examples and a
discussion)

Note that these messages are created by iptables, but are logged by
firewalld - when an iptables/ebtables command fails, firewalld grabs
whatever is in stderr of the program, and spits it out to the system
log as a warning. We've requested that firewalld not do this (and
instead leave it up to the calling application to do the appropriate
logging), but this request has been respectfully denied.

But combining the two problems above ( 1) firewalld doesn't do
anything useful when you use it as a proxy to add/remove iptables
rules, 2) firewalld often insists on logging lots of
annoying/misleading/useless "error" messages when you use it as a
proxy to remove iptables rules that don't already exist), leads to a
solution - simply stop using firewalld to add and remove iptables
rules. Instead, exec iptables/ip6tables/ebtables directly in the same
way we do when firewalld isn't active.

We still need to keep track of whether or not firewalld is active, as
there are some things that must be done, e.g. we need to add some
actual firewalld rules in the firewalld "libvirt" zone, and we need to
take notice when firewalld restarts, so that we can reload all our
rules.

This patch doesn't remove the infrastructure that allows having
different firewall backends that perform their functions in different
ways, as that will very possibly come in handy in the future when we
want to have an nftables direct backend, and possibly a "pure"
firewalld backend (now that firewalld supports more complex rules, and
can add those rules to the FORWARD and OUTPUT chains). Instead, it
just changes the action when the selected backend is "firewalld" so
that it adds rules directly rather than through firewalld, while
leaving as much of the existing code intact as possible.

In order for tests to still pass, virfirewalltest also had to be
modified to behave in a different way (i.e. by capturing the generated
commandline as it does for the DIRECT backend, rather than capturing
dbus messages using a mocked dbus API).

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2020-11-24 14:22:06 -05:00
Laine Stump
070690538a util: synchronize with firewalld before we start calling iptables directly
When it is starting up, firewalld will delete all existing iptables
rules and chains before adding its own rules. If libvirtd were to try
to directly add iptables rules during the time before firewalld has
finished initializing, firewalld would end up deleting the rules that
libvirtd has just added.

Currently this isn't a problem, since libvirtd only adds iptables
rules via the firewalld "passthrough command" API, and so firewalld is
able to properly serialize everything. However, we will soon be
changing libvirtd to add its iptables and ebtables rules by directly
calling iptables/ebtables rather than via firewalld, thus removing the
serialization of libvirtd adding rules vs. firewalld deleting rules.

This will especially apparent (if we don't fix it in advance, as this
patch does) when libvirtd is responding to the dbus NameOwnerChanged
event, which is used to learn when firewalld has been restarted. In
that case, dbus sends the event before firewalld has been able to
complete its initialization, so when libvirt responds to the event by
adding back its iptables rules (with direct calls to
/usr/bin/iptables), some of those rules are added before firewalld has
a chance to do its "remove everything" startup protocol. The usual
result of this is that libvirt will successfully add its private
chains (e.g. LIBVIRT_INP, etc), but then fail when it tries to add a
rule jumping to one of those chains (because in the interim, firewalld
has deleted the new chains).

The solution is for libvirt to preface it's direct calling to iptables
with a iptables command sent via firewalld's passthrough command
API. Since commands sent to firewalld are completed synchronously, and
since firewalld won't service them until it has completed its own
initialization, this will assure that by the time libvirt starts
calling iptables to add rules, that firewalld will not be following up
by deleting any of those rules.

To minimize the amount of extra overhead, we request the simplest
iptables command possible: "iptables -V" (and aside from logging a
debug message, we ignore the result, for good measure).

(This patch is being done *before* the patch that switches to calling
iptables directly, so that everything will function properly with any
fractional part of the series applied).

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2020-11-24 14:21:58 -05:00
Laine Stump
56dd128bd0 util: always check for ebtables/iptables binaries, even when using firewalld
Even though *we* don't call ebtables/iptables/ip6tables (yet) when the
firewalld backend is selected, firewalld does, so these binaries need
to be there; let's check for them. (Also, the patch after this one is
going to start execing those binaries directly rather than via
firewalld).

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2020-11-24 14:21:53 -05:00
Laine Stump
0a867cd895 util/tests: enable locking on iptables/ebtables commandlines by default
iptables and ip6tables have had a "-w" commandline option to grab a
systemwide lock that prevents two iptables invocations from modifying
the iptables chains since 2013 (upstream commit 93587a04 in
iptables-1.4.20).  Similarly, ebtables has had a "--concurrent"
commandline option for the same purpose since 2011 (in the upstream
ebtables commit f9b4bcb93, which was present in ebtables-2.0.10.4).

Libvirt added code to conditionally use the commandline option for
iptables/ip6tables in upstream commit ba95426d6f (libvirt-1.2.0,
November 2013), and for ebtables in upstream commit dc33e6e4a5
(libvirt-1.2.11, November 2014) (the latter actually *re*-added the
locking for iptables/ip6tables, as it had accidentally been removed
during a refactor of firewall code in the interim).

I say "conditionally" because a check was made during firewall module
initialization that tried executing a test command with the
-w/--concurrent option, and only continued using it for actual
commands if that test command completed successfully. At the time the
code was added this was a reasonable thing to do, as it had been less
than a year since introduction of -w to iptables, so many distros
supported by libvirt were still using iptables (and possibly even
ebtables) versions too old to have the new commandline options.

It is now 2020, and as far as I can discern from repology.org (and
manually examining a RHEL7.9 system), every version of every distro
that is supported by libvirt now uses new enough versions of both
iptables and ebtables that they all have support for -w/--concurrent.
That means we can finally remove the conditional code and simply
always use them.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2020-11-24 14:21:29 -05:00
Laine Stump
e66451f685 util/tests: enable locking on iptables/ebtables commandlines in unit tests
All the unit tests that use iptables/ip6tables/ebtables have been
written to omit the locking/exclusive use primitive on the generated
commandlines. Even though none of the tests actually execute those
commands (and so it doesn't matter for purposes of the test whether or
not the commands support these options), it still made sense when some
systems had these locking options and some didn't.

We are now at a point where every supported Linux distro has supported
the locking options on these commands for quite a long time, and are
going to make their use non-optional. As a first step, this patch uses
the virFirewallSetLockOverride() function, which is called at the
beginning of all firewall-related tests, to set all the bools
controlling whether or not the locking options are used to true. This
means that all the test cases must be updated to include the proper
locking option in their commandlines.

The change to make actual execs of the commands unconditionally use
the locking option will be in an upcoming patch - this one affects
only the unit tests.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2020-11-24 14:21:08 -05:00
Peter Krempa
6a252ab4d1 virCommandAddArg: Don't abort on invalid input
Commit 912c6b22fc added abort() when the
'val' parameter is NULL along with setting the error variable for the
command. We don't want to abort in this case, just set the error.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-11-24 17:59:26 +01:00
Barrett Schonefeld
b67080b345 util: secret: remove cleanup labels
Signed-off-by: Barrett Schonefeld <bschoney@utexas.edu>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2020-11-24 14:17:08 +01:00
Barrett Schonefeld
2ef7602685 util: storageencryption: remove cleanup labels
Signed-off-by: Barrett Schonefeld <bschoney@utexas.edu>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2020-11-24 14:17:08 +01:00
Barrett Schonefeld
f3522af454 util: uri: remove cleanup label
Signed-off-by: Barrett Schonefeld <bschoney@utexas.edu>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2020-11-24 14:17:08 +01:00
Barrett Schonefeld
32ec462fd9 util: cgroupv1: convert pointers to use g_autofree
Signed-off-by: Barrett Schonefeld <bschoney@utexas.edu>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2020-11-24 14:17:08 +01:00
Barrett Schonefeld
20aee6203b util: dnsmasq: convert pointers to use g_autofree
Signed-off-by: Barrett Schonefeld <bschoney@utexas.edu>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2020-11-24 14:17:08 +01:00
Barrett Schonefeld
e943f7ddee util: hostcpu: convert pointers to use g_autofree
Signed-off-by: Barrett Schonefeld <bschoney@utexas.edu>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2020-11-24 14:17:07 +01:00
Barrett Schonefeld
a93413c4d5 util: lockspace: convert pointers to use g_autofree
Signed-off-by: Barrett Schonefeld <bschoney@utexas.edu>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2020-11-24 14:17:07 +01:00
Barrett Schonefeld
8e9598dcad util: log: convert pointers to use g_autofree
Signed-off-by: Barrett Schonefeld <bschoney@utexas.edu>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2020-11-24 14:17:07 +01:00
Barrett Schonefeld
cf751a5feb util: macmap: convert pointers to use g_autofree
Signed-off-by: Barrett Schonefeld <bschoney@utexas.edu>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2020-11-24 14:17:07 +01:00
Barrett Schonefeld
5290d1000e util: secret: convert pointers to use g_autofree
Signed-off-by: Barrett Schonefeld <bschoney@utexas.edu>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2020-11-24 14:17:07 +01:00
Barrett Schonefeld
005aeb3936 util: storageencryption: convert pointers to use g_autofree
Signed-off-by: Barrett Schonefeld <bschoney@utexas.edu>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2020-11-24 14:17:07 +01:00
Barrett Schonefeld
266df90f5e util: storagefilebackend: convert pointers to use g_autofree
Signed-off-by: Barrett Schonefeld <bschoney@utexas.edu>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2020-11-24 14:17:07 +01:00
Barrett Schonefeld
47cd3d9298 util: uri: convert pointers to use g_autofree
Signed-off-by: Barrett Schonefeld <bschoney@utexas.edu>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2020-11-24 14:17:07 +01:00
Barrett Schonefeld
344415a306 util: xml: convert pointers to use g_autofree
Signed-off-by: Barrett Schonefeld <bschoney@utexas.edu>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2020-11-24 14:17:07 +01:00
Daniel P. Berrangé
05734471bb util: add ARCH_IS_MIPS64 helper macro
In most cases logic for MIPS64 and MIPS64EL will be identical.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-11-20 12:09:51 +00:00
Ján Tomko
0a8d561433 cgroup: add stub for virCgroupNew
The previous commit exported the function but forgot to add
a non-Linux stub.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Fixes: 126cb34a20
2020-11-19 11:31:32 +01:00
Pavel Hrdina
126cb34a20 virt-host-validate: fix detection with cgroups v2
Using virtCgroupNewSelf() is not correct with cgroups v2 because the
the virt-host-validate process is executed from from the same cgroup
context as the terminal and usually not all controllers are enabled
by default.

To do a proper check we need to use the root cgroup to see what
controllers are actually available. Libvirt or systemd ensures that
all controllers are available for VMs as well.

This still doesn't solve the devices controller with cgroups v2 where
there is no controller as it was replaced by eBPF. Currently libvirt
tries to query eBPF programs which usually works only for root as
regular users will get permission denied for that operation.

Fixes: https://gitlab.com/libvirt/libvirt/-/issues/94

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-11-19 01:18:35 +01:00
Martin Kletzander
65491a2dfe Do not disable incompatible-pointer-types-discards-qualifiers
This reverts commit b3710e9a2a.

That check is very valuable for our code, but it causes issue with glib >=
2.67.0 when building with clang.

The reason is a combination of two commits in glib, firstly fdda405b6b1b which
adds a g_atomic_pointer_{set,get} variants that enforce stricter type
checking (by removing an extra cast) for compilers that support __typeof__, and
commit dce24dc4492d which effectively enabled the new variant of glib's atomic
code for clang.  This will not be necessary when glib's issue #600 [0] (8 years
old) is fixed.  Thankfully, MR #1719 [1], which is supposed to deal with this
issue was opened 3 weeks ago, so there is a slight sliver of hope.

[0] https://gitlab.gnome.org/GNOME/glib/-/issues/600
[1] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1719

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2020-11-18 11:01:50 +01:00
Pavel Hrdina
f711fa9ad0 virdevmapper: fix stat comparison in virDMSanitizepath
Introduced by commit <22494556542c676d1b9e7f1c1f2ea13ac17e1e3e> which
fixed a CVE.

If the @path passed to virDMSanitizepath() is not a DM name or not a
path to DM name this function could return incorrect sanitized path as
it would always be the first device under /dev/mapper/.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-11-16 17:25:41 +01:00
Andrea Bolognani
57515a4c36 util: Make virFileClose() quiet on success
While it's certainly good to log events like "failed to close fd"
and "tried to close invalid fd", which are likely to be the
consequence of some bug in libvirt, logging a message every single
time a file descriptor is closed successfully is perhaps excessive
and can lead to useful information being missed among the noise.

Log filters don't help in this situation, because filtering out all
of util.file is too big a hammer and would cause important messages
to be left out as well.

To give an idea of just how much noise this single debug statement
can cause, here's a real life example from a quite large libvirtd
log I had to look at recently:

  $ grep virFile libvirt.log | wc -l
  1307
  $ grep virFile libvirt.log | grep -v 'Closed fd' | wc -l
  343

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-11-16 09:18:03 +01:00
Laine Stump
7754933983 util: remove ATTRIBUTE_NONNULL from virDirClose declaration
Before commit 24d8968c, virDirClose took a DIR**, and that was never
NULL, so its declaration included ATTRIBUTE_NONNULL(1). Since that
commit, virDirClose takes a DIR*, and it may be NULL (e.g. if the DIR*
is initialized to NULL and was never closed).

Even though virDirClose() is currently only called implicitly (as the
cleanup for a g_autoptr(DIR)), and (as I've just newly learned) the
autocleanup function g_autoptr will only be called if the pointer in
question is non-null (see the definition of
_GLIB_AUTOPTR_CLEAR_FUNC_NAME in
/usr/include/glib-2.0/glib/gmacros.h), it does still cause Coverity to
complain that it *could* be called with a NULL, and it's also possible
that in the future someone might add code that explicitly calls
virDirClose.

To eliminate the Coverity complaints, and protect against the
hypothetical future where someone both explicitly calls virDirClose()
with a potentially NULL value, *and* re-enables the nonnull directive
when not building with Coverity (disabled by commit eefb881) this
patch removes the ATTRIBUTE_NONNULL(1) from the declaration of
virDirClose().

Fixes: 24d8968cd0
Reported-by: John Ferlan <jferlan@redhat.com>
Details-Research-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Laine Stump <laine@redhat.com>
2020-11-13 14:58:48 -05:00
Michal Privoznik
1b077e6116 virnetdevopenvswitch: Fix ATTRIBUTE_NONNULL() tag for virNetDevOpenvswitchGetVhostuserIfname()
After e4c29e2904 the function has one argument more and the
argument that can't be NULL moved from second to third position.

Reported-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2020-11-13 18:12:49 +01:00
Michal Privoznik
2d5b106cf8 virnetdevopenvswitch: Simplify OVS_VSCTL cmd creation
Every time we create new virCommand of OVS_VSCTL it must be
followed by virNetDevOpenvswitchAddTimeout() call which adds the
--timeout=X argument to freshly created cmd. Instead of having
this as two separate function calls it can be just one.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2020-11-12 08:24:43 +01:00
Michal Privoznik
e4c29e2904 virnetdevopenvswitch: Get names for dpdkvhostuserclient too
There are two types of vhostuser ports:

  dpdkvhostuser - OVS creates the socket and QEMU connects to it
  dpdkvhostuserclient - QEMU creates the socket and OVS connects to it

But of course ovs-vsctl syntax for fetching ifname is different.
So far, we've implemented the former. The lack of implementation
for the latter means that we are not detecting the interface name
and thus not reporting it in domain XML, or failing to get
interface statistics.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1767013

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2020-11-12 08:24:43 +01:00
Pavel Hrdina
43ee7c6db1 virgdbus: fix getting non-shared DBus connection
We need to pass some flags in order to properly initialize the
connection otherwise it will not work. This copies what GLib does
for g_bus_get_sync() internally.

This fixes an issue with LXC driver where libvirt was not able to
register any VM with machined.

Reported-by: Matthias Maier <tamiko@gentoo.org>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-11-09 23:42:33 +01:00
Daniel P. Berrangé
18c73a4c70 meson: drop use of .path() for python args
When using .path() for an argument to a python script meson will not
setup dependancies on the file. This means that changes to the generator
script will not trigger a rebiuld

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-11-09 16:32:55 +00:00
Peter Krempa
facfa8262e error: Introduce VIR_ERR_CHECKPOINT_INCONSISTENT error code
This code will be used to signal cases when the checkpoint is broken
either during backup or other operations where a user might want to make
decision based on the presence of the checkpoint, such as do a full
backup instead of an incremental one.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-11-09 12:25:49 +01:00
Peter Krempa
ed2e78089b tests: Add mock library for virGetHostname and virGetHostUUID
The 'qemu_migration_cookie' module uses these. Provide a stable override
for tests.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-11-09 12:25:49 +01:00