Commit Graph

29530 Commits

Author SHA1 Message Date
Laine Stump
f772c48697 conf: simplify virDomainCapsDispose()
virDomainCapsDispose() was the only caller of
virDomainCapsStringValuesFree(), which 1) didn't actually free the
object it was called with, but only cleared it, making it less
mechanical to convert from VIR_FREE to g_free (since it's not
immediately obvious from looking at virDomainCapsStringValuesFree()
that the pointers being cleared will never again be used).

We could have renamed the function to virDomainCapsStringValuesClear()
to side-step the confusion of what the function actually does, but
that would just make the upcoming switch from VIR_FREE to g_free
require more thought. But since there is only a single caller to the
function, and it is a vir*Dispose() function (indicating that the
object containing the virDomainCapsStringValues is going to be freed
immediately after the function finishes), and thus VIR_FREE() *could*
be safely replaced by g_free()), we instead just move the contents of
virDomainCapsStringValuesFree() into virDomainCapsDispose() (and
*that* function will be trivially converted in an upcoming
"mechanical" patch).

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-02-05 00:22:09 -05:00
Laine Stump
1745297d51 rpc: rename virNetSessionAuthMethodsFree to virNetSessionAuthMethodsClear
This is another *Free() function that doesn't free the object it is
passed. Instead it frees and clears some parts of the object.

In this case, the function is actually called from two places, and one
of them (virNetSSHSessionAuthReset) appears to be assuming that the
pointers actually *will* be cleared. So the proper thing to do here
(?) is to rename the function to virNetSSHSesionAuthMethodsClear().

(NB: virNetSSHSessionAuthReset is seemingly never called from
anywhere. Is this one of those functions that actually *is* called by
some strange MACRO invocation? Or it is truly one of those
"written-but-never-used" functions that can be deleted? (if the latter
is the case, then I would rather move the contents of
virNetSessionAuthMethodsFree() into its only other caller,
virNetSSHSessionDispose(), so that the VIR_FREEs could be replaced
with g_free.)

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-02-05 00:22:09 -05:00
Laine Stump
5fb0c789c3 qemu: replace VIR_FREE with g_free in qemuFirmware*FreeContent()
These functions are all only called as a part of qemuFirmwareFree(),
which frees the qemuFirmware object before return, so we can be sure
none of the pointers is referenced after freeing (and thus there is no
need to clear any of them).

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-02-05 00:22:09 -05:00
Laine Stump
e7942f65c9 qemu: pass pointers instead of copying objects for qemuFirmware*FreeContent()
These functions all cooperate to free memory pointed to by a single
object that contains (doesn't *point to*, but actually contains)
several sub-objects. They were written to send copies of these
sub-objects to subordinate functions, rather than just sending
pointers to the sub-objects.

Let's change these functions to just send pointers to the objects
they're cleaning out rather than all the wasteful and pointless
copying.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-02-05 00:21:54 -05:00
Laine Stump
e1b02e3a56 qemu: rename virFirmware*Free() functions to have more accurate names
Several functions had the names virFirmware[something]Free(), but they
aren't taking a pointer to some object and freeing it. Instead, they
are making a copy of the content of an entire object, then Freeing the
objects pointed to by that content.

As a first step in a too-complicated cleanup just to eliminate a few
occurrences of VIR_FREE(), this patch renames those functions to more
accurately reflect what they do - they Free the *Content* of their
arguments.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-02-05 00:20:45 -05:00
Laine Stump
8626fb378c util: rename two *Free() functions while changing VIR_FREE to g_free
dhcpHostFree() and addnHostFree() don't follow the normal pattern of
*Free functions in the rest of libvirt code - they are actually more
similar to the *Dispose() functions, in that they free all subordinate
objects, but not the object pointed to by the argument
itself. However, the arguments aren't virObjects, so it wouldn't be
proper to name them *Dispose() either.

They *currently* behave similar to a *Clear() function, in that they
free all the subordinate objects and nullify the pointers of those
objects. HOWEVER, we don't actually need or want that behavior - the
two functions in question are only called as part of a higher level
*Free() function, and the pointers are not referenced in any way
between the time they are freed and when the parent object is freed.

So, since the current name isn't correct, nor is *Dispose(), and we
want to change the behavior in such a way that *Clear() also wouldn't
be correct, lets name the functions *FreeContent(), which is an
accurate description of what the functions do, and what we *want* them
to do.

And since it's such a small patch, we can go ahead and change that
behavior - replacing the VIR_FREEs with g_free.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-02-05 00:20:45 -05:00
Laine Stump
bb6fa828f9 libvirtd: replace straggler VIR_FREE with g_free in all vir*Free() functions
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-02-05 00:20:45 -05:00
Laine Stump
a699d1d18a storage: replace VIR_FREE with g_free in all vir*Free() functions
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-02-05 00:20:45 -05:00
Laine Stump
a9e72390e8 security: replace VIR_FREE with g_free in all vir*Free() functions
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-02-05 00:20:44 -05:00
Laine Stump
cb5cbf722e rpc: replace VIR_FREE with g_free in all vir*Free() functions
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-02-05 00:20:44 -05:00
Laine Stump
a37805eab0 remote: replace VIR_FREE with g_free in all vir*Free() functions
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-02-05 00:20:44 -05:00
Laine Stump
eee35f0f93 logging: replace VIR_FREE with g_free in all vir*Free() functions
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-02-05 00:20:44 -05:00
Laine Stump
553c2ac4a5 locking: replace VIR_FREE with g_free in all vir*Free() functions
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-02-05 00:20:44 -05:00
Laine Stump
f202f365d7 admin: replace VIR_FREE with g_free in all vir*Free() functions
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-02-05 00:20:44 -05:00
Laine Stump
acb4d8ed71 vz: replace VIR_FREE with g_free in all vir*Free() functions
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-02-05 00:20:44 -05:00
Laine Stump
c11f2343c2 vmx: replace VIR_FREE with g_free in all vir*Free() functions
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-02-05 00:20:44 -05:00
Laine Stump
881bff1cc2 vbox: replace VIR_FREE with g_free in all vir*Free() functions
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-02-05 00:20:44 -05:00
Laine Stump
5b31dec63d test_driver: replace VIR_FREE with g_free in all vir*Free() functions
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-02-05 00:20:43 -05:00
Laine Stump
674719afe6 qemu: replace VIR_FREE with g_free in all vir*Free() functions
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-02-05 00:20:43 -05:00
Laine Stump
3ebaa1bff3 libxl: replace VIR_FREE with g_free in all vir*Free() functions
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-02-05 00:20:43 -05:00
Laine Stump
2e6635bc05 bhyve: replace VIR_FREE with g_free in all vir*Free() functions
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-02-05 00:20:43 -05:00
Laine Stump
238d96b8f1 util: replace VIR_FREE with g_free in all vir*Free() functions
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-02-05 00:20:43 -05:00
Laine Stump
a3a88167e4 conf: replace remaining straggler VIR_FREE with g_free in vir*Free()
I missed a few in commit f9f81f1c

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-02-05 00:20:43 -05:00
Pavel Hrdina
02ffd9909c qemu_driver: increase recorded counter for disk block stats
Commit <318d807a0bd3372b634d1952b559c5c627ccfa5b> added a fix to skip
most of the block stat code to not log error message for missing storage
sources but forgot to increase the recordnr counter.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-02-04 13:11:27 +01:00
Pavel Hrdina
8ebfd29cbd qemu_monitor_json: fix JSON generator for VC chardev
The correct backend type is 'vc', same as in qemuBuildChrChardevStr()
where we generate qemu command line.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-02-04 13:07:02 +01:00
Michal Privoznik
3426bc5882 vircgroup: Don't leak @parent in virCgroupEnableMissingControllers()
A memory leak was identified in
virCgroupEnableMissingControllers():

==11680==    at 0x483EAE5: calloc (vg_replace_malloc.c:760)
==11680==    by 0x4E51780: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.6701.0)
==11680==    by 0x4908618: virCgroupNew (vircgroup.c:701)
==11680==    by 0x49096F4: virCgroupEnableMissingControllers (vircgroup.c:1146)
==11680==    by 0x4909B17: virCgroupNewMachineSystemd (vircgroup.c:1228)
==11680==    by 0x4909E94: virCgroupNewMachine (vircgroup.c:1313)
==11680==    by 0x1694FDBC: qemuInitCgroup (qemu_cgroup.c:946)
==11680==    by 0x1695046B: qemuSetupCgroup (qemu_cgroup.c:1083)
==11680==    by 0x16A60126: qemuProcessLaunch (qemu_process.c:7077)
==11680==    by 0x16A61504: qemuProcessStart (qemu_process.c:7384)
==11680==    by 0x169B84C2: qemuDomainObjStart (qemu_driver.c:6590)
==11680==    by 0x169B8776: qemuDomainCreateWithFlags (qemu_driver.c:6641)

What happens is that new virCgroup is created and stored into
@parent. Then, if @tokens is not empty the for() loop is entered
into where another virCgroup is created and @parent is replaced
with this new virCgroup. But nothing freed the old @parent.

Fixes: 77291414c7
Reported-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2021-02-04 09:08:16 +01:00
Pavel Hrdina
d763466edc qemu: implement vhost-user-blk support
Implements QEMU support for vhost-user-blk together with live
hotplug/unplug.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-02-03 18:56:34 +01:00
Pavel Hrdina
c8b0d5b0ad qemu_capabilities: introduce vhost-user-blk capability
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-02-03 18:56:34 +01:00
Pavel Hrdina
f00fe96eb0 conf: implement support for vhostuser disk
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-02-03 18:56:34 +01:00
Pavel Hrdina
592fb164e9 qemu_validate: move and refactor qemuValidateDomainDefVirtioFSSharedMemory
Make the function reusable by other vhost-user based devices.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-02-03 18:56:34 +01:00
Pavel Hrdina
6799cc3ada qemu_alias: introduce qemuDomainGetVhostUserAlias helper
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-02-03 18:56:33 +01:00
Daniel P. Berrangé
6a40c01ed0 qemu: taint the VM if it is using a deprecated machine type
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 17:32:27 +00:00
Daniel P. Berrangé
c212eb6c7f qemu: taint the VM if it is using a deprecated CPU model
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 17:31:57 +00:00
Daniel P. Berrangé
30626ed15b qemu: add ability to associate a string message with taint warning
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 17:31:31 +00:00
Daniel P. Berrangé
2273065746 conf: introduce new taint flag for deprecated configuration
Hypervisors are capable of reporting that some features are deprecated.
This should be used to mark a domain as tainted.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 17:30:58 +00:00
Daniel P. Berrangé
1e260cc449 qemu: report whether a machine type is deprecated in capabilities
QEMU has the ability to mark machine types as deprecated. This should be
exposed to management applications in the capabilities.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 17:30:52 +00:00
Daniel P. Berrangé
5138a09260 qemu: report whether a CPU model is deprecated in dom capabilities
QEMU has the ability to mark CPUs as deprecated. This should be exposed
to management applications in the domain capabilities.

This attribute is only set when the model is actually deprecated.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 17:26:39 +00:00
Peter Krempa
bfdfa64010 viralloc: Remove VIR_ALLOC_VAR
The use case VIR_ALLOC_VAR deals with is very unlikely. We had just 2
legitimate uses, which were reimplemented locally using g_malloc0 and
sizeof instead as they used a static number of members of the trailing
array.

Remove VIR_ALLOC_VAR since in most cases the direct implementation is
shorter and clearer and there are no users of it currently.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 16:09:25 +01:00
Peter Krempa
52ca0a6229 virNetDevGetEthtoolGFeatures: Avoid use of VIR_ALLOC_VAR
In this case we need a 'struct ethtool_gfeatures' followed by two
'struct ethtool_get_features_block' so there's no risk of overflow.

Use g_malloc0 and sizeof() to allocate the memory instead of
VIR_ALLOC_VAR.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 16:09:25 +01:00
Peter Krempa
729ac13938 locking: sanlock: Avoid use of VIR_ALLOC_VAR for 'struct sanlk_resource'
In both cases we need memory for a 'struct sanlk_resource' followed by
one 'struct sanlk_disk', thus there's no risk of overflow.

Use g_malloc0 and sizeof() to allocate the memory instead of
VIR_ALLOC_VAR.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 16:09:25 +01:00
Peter Krempa
7d836cfba1 virLockManagerSanlockAddDisk: Refactor cleanup
Use g_autofree to allow removal of 'cleanup:' and the 'ret' variable.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 16:09:25 +01:00
Peter Krempa
30a42dcddc virLockManagerSanlockAddLease: Refactor cleanup
Use g_autofree and remove the 'cleanup' section and 'ret' variable.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 16:09:25 +01:00
Peter Krempa
add18b06c7 virNWFilterVarCombIter: Allocate 'iter' member separately
Switch to the more common approach of having arrays allocated separately
rather than trailing the struct.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 16:09:25 +01:00
Peter Krempa
ed97683897 util: alloc: Remove VIR_DISPOSE_STRING
Users were replaced with virSecureEraseString with explicit freeing of
the memory.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 13:07:14 +01:00
Peter Krempa
de4d0103b6 virnetlibsshsession: Replace VIR_DISPOSE_STRING with virSecureEraseString
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 13:07:14 +01:00
Peter Krempa
2025001609 util: alloc: Remove VIR_AUTODISPOSE_STR
There are no users any more. The replacement is to use g_auto and
virSecureEraseString explicitly.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 13:07:14 +01:00
Peter Krempa
7979d85783 virNetLibsshAuthenticatePassword: Use virSecureEraseString instead of VIR_AUTODISPOSE_STR
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 13:07:13 +01:00
Peter Krempa
7f0780c0d2 virStorageBackendRBDOpenRADOSConn: Use virSecureEraseString instead of VIR_AUTODISPOSE_STR
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 13:07:13 +01:00
Peter Krempa
3b1d2ff510 qemuBuildRBDSecinfoURI: Use virSecureEraseString instead of VIR_AUTODISPOSE_STR
In this instance attempting to be correct is really pointless since the
secret is formatted into another string which is not erased securely and
then put on the commandline.

Keep the secure handling for correctness.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 13:07:13 +01:00
Peter Krempa
ffc13e76ac libxlMakeNetworkDiskSrc: Use virSecureEraseString instead of VIR_AUTODISPOSE_STR
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 13:07:13 +01:00
Peter Krempa
39089a6faf util: virsecureerase: Introduce virSecureEraseString
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 13:07:13 +01:00
Peter Krempa
bacf612607 util: viralloc: Remove VIR_DISPOSE(_N)
The macros are unused now and callers who care about clearing the memory
they use should use memset() appropriately.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 13:07:13 +01:00
Peter Krempa
8bac46997f storageBackendCreateQemuImgSecretPath: Use virSecureErase instead of VIR_DISPOSE_N
Clear out the value using virSecureErase and free it with g_free so
that VIR_DISPOSE_N can be phased out.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 13:07:13 +01:00
Peter Krempa
91858434b4 virCryptoEncryptDataAESgnutls: Use virSecureErase instead of memset
Clear the key and IV structs using virSecureErase.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 13:07:13 +01:00
Peter Krempa
288d051494 virCryptoEncryptDataAESgnutls: Use virSecureErase instead of VIR_DISPOSE_N
Clear out the value using virSecureErase and free it with g_free so
that VIR_DISPOSE_N can be phased out.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 13:07:13 +01:00
Peter Krempa
549305922a virStorageBackendRBDOpenRADOSConn: Use virSecureErase instead of VIR_DISPOSE_N
Switch the secret value to 'g_autofree' for handling of the memory and
clear it out using virSecureErase.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 13:07:12 +01:00
Peter Krempa
ee88bce43d qemu: domain: Use virSecureErase for clearing secrets instead of VIR_DISPOSE_N
Phase out use of VIR_DISPOSE_N from the qemu driver. Use memset in the
appropriate cases.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 13:07:12 +01:00
Peter Krempa
3217d445b9 libxlMakeNetworkDiskSrc: Avoid use of VIR_DISPOSE_N
Clear the secret right after use with virSecureErase.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 13:07:12 +01:00
Peter Krempa
fabd172065 storage_backend_iscsi(_direct): Properly clear secrets
The code pretends that it cares about clearing the secret values, but
passes the secret value to a realloc, which may copy the value somewhere
else and doesn't sanitize the original location when it does so.

Since we want to construct a string from the value, let's copy it to a
new piece of memory which has the space for the 'NUL' byte ourselves, to
prevent a random realloc keeping the data around.

While at it, use virSecureErase instead of VIR_DISPOSE_N since it's
being phased out.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 13:07:12 +01:00
Peter Krempa
43696418af util: Introduce virsecureerase module
The module will provide functions for disposing secrets stored in
memory.

Note that for now it's implemented using memset, which is not really
secure.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 13:07:12 +01:00
Peter Krempa
5761f8ab54 virNetLibsshSessionAuthAddPrivKeyAuth: Refactor cleanup
Shuffle the code around to remove the need for temporary variables and
labels for cleaning them.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 13:07:12 +01:00
Peter Krempa
34e522418f virNetLibsshSessionAuthAddPrivKeyAuth: Don't unlock unlocked 'sess' on error
The check whether @keyfile is non-NULL is before locking @sess, but uses
the 'error' label which unlocks '@sess'.

While touching the error path, update the error message to be on one
line.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 13:07:12 +01:00
Peter Krempa
ac4b55c99d qemuDomainMasterKeyCreate: Don't use VIR_DISPOSE_N on failure
When virRandomBytes fails we don't get any random bytes and even if we
did they don't have to be treated as secret as they weren't used in any
way.

Add a temporary variable with automatic freeing for the secret buffer
and assign it only on success.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 13:07:12 +01:00
Peter Krempa
b57b6b4eea libxlMakeDomBuildInfo: Don't use VIR_DISPOSE_N for USB device list
The list isn't secret which would need being disposed of. Just expand
the array and return failure when adding the NULL terminator similarly
to how we expand the list for adding devices in a loop.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 13:07:12 +01:00
Peter Krempa
9c9423a1e8 hypervFreeInvokeParams: Don't use VIR_DISPOSE_N for freeing 'params'
The struct doesn't contain any secrets to clear before freeing and even
if it did VIR_DISPOSE_N wouldn't help as the struct contains only
pointers thus the actual memory pointing to isn't sanitized.

Just free the params array pointer and then the struct itself.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-03 13:07:12 +01:00
gongwei
976bdfc8e7 conf: add realtime parameter for rtc
Pass the parameter clock rt to qemu to ensure that the
virtual machine is not synchronized with the host time

Signed-off-by: gongwei <gongwei@smartx.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-02-03 10:18:04 +01:00
Peter Krempa
d115019b6a util: virstring: Remove unused prototypes for virStr(n)dup
The headers weren't removed after use of VIR_STRDUP was removed.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-02-02 15:10:47 +01:00
Tim Wiederhake
8b1755024b vircommand: Simplify virCommandAddArg
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-02-02 15:00:55 +01:00
Tim Wiederhake
2cdbfbe7ac virhostuptime: Fix rounding in uptime calculation
"f + 0.5" does not round correctly for values very close to
".5" for every integer multiple, e.g. "0.499999975".

Found by clang-tidy's "bugprone-incorrect-roundings" check.

Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-02-02 15:00:55 +01:00
Tim Wiederhake
795187fe0c udevProcessCCW: Initialize variable
`udevGetIntSysfsAttr` does not necessarily write to the third parameter,
even when it returns 0.

This was found by clang-tidy's
"clang-analyzer-core.UndefinedBinaryOperatorResult" check.

Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-02-02 15:00:55 +01:00
Tim Wiederhake
1e2e8ac88f Replace bzero() with memset()
This was found by clang-tidy's
"clang-analyzer-security.insecureAPI.bzero" check.

bzero is marked as deprecated ("LEGACY") in POSIX.1-2001 and
removed in POSIX.1-2008.

Besides its deprecation, bzero can be unsafe to use under certain
circumstances, e.g. when used to zero-out memory containing secrects.
These calls can be optimized away by the compiler, if it concludes no
further access happens to the memory, thus leaving the secrets still
in memory. Hence its classification as "insecureAPI".

Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-02-02 15:00:55 +01:00
Tim Wiederhake
2870d99f1b qemu_tpm: Fix indentation in qemuTPMEmulatorBuildCommand
This was found by clang-tidy's "readability-misleading-indentation"
check.

Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-02-02 15:00:55 +01:00
Tim Wiederhake
a6675869fb xen: Fix indentation in xenParseXLSpice
This was found by clang-tidy's "readability-misleading-indentation"
check.

Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-02-02 15:00:55 +01:00
Tim Wiederhake
8b8d6a24f9 virfile: Remove redundant #ifndef
This section is guarded by "#ifndef WIN32" in line 2109--2808.

Found by clang-tidy's "readability-redundant-preprocessor" check.

Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-02-02 15:00:55 +01:00
Matt Coleman
c45c912840 hyperv: provide a more detailed error message for WSMan faults
Signed-off-by: Matt Coleman <matt@datto.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-02-02 09:36:35 +01:00
Matt Coleman
2d20589fbd hyperv: implement domainScreenshot
Signed-off-by: Matt Coleman <matt@datto.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-02-02 09:36:35 +01:00
Matt Coleman
6b82b0209a hyperv: implement networkGetXMLDesc
Co-authored-by: Dawid Zamirski <dzamirski@datto.com>
Signed-off-by: Matt Coleman <matt@datto.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-02-02 09:36:35 +01:00
Matt Coleman
15a9f829a0 hyperv: implement networkGetAutostart, networkIsActive, and networkIsPersistent
Co-authored-by: Dawid Zamirski <dzamirski@datto.com>
Signed-off-by: Matt Coleman <matt@datto.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-02-02 09:36:35 +01:00
Matt Coleman
b0615df6bf hyperv: implement connectNumOfDefinedNetworks and connectListDefinedNetworks
Co-authored-by: Dawid Zamirski <dzamirski@datto.com>
Signed-off-by: Matt Coleman <matt@datto.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-02-02 09:36:35 +01:00
Matt Coleman
4c928220a1 hyperv: implement networkLookupByName and networkLookupByUUID
Signed-off-by: Matt Coleman <matt@datto.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-02-02 09:36:35 +01:00
Matt Coleman
ee6172bc17 hyperv: implement connectListAllNetworks and connectNumOfNetworks
Co-authored-by: Dawid Zamirski <dzamirski@datto.com>
Signed-off-by: Matt Coleman <matt@datto.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-02-02 09:36:35 +01:00
Matt Coleman
fa66bd8cad hyperv: add support for creating network adapters
Co-authored-by: Sri Ramanujam <sramanujam@datto.com>
Signed-off-by: Matt Coleman <matt@datto.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-02-02 09:36:35 +01:00
Matt Coleman
67e2786a0e hyperv: XML parsing of Ethernet adapters
Co-authored-by: Sri Ramanujam <sramanujam@datto.com>
Signed-off-by: Matt Coleman <matt@datto.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-02-02 09:36:35 +01:00
Matt Coleman
26e94bcd94 domain_conf: enable use of g_autofree for virDomainNetDef
Signed-off-by: Matt Coleman <matt@datto.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-02-02 09:36:35 +01:00
Matt Coleman
c0c6254eed hyperv: add support for creating serial devices
Co-authored-by: Sri Ramanujam <sramanujam@datto.com>
Signed-off-by: Matt Coleman <matt@datto.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-02-02 09:36:35 +01:00
Matt Coleman
3550d11a79 hyperv: XML parsing of serial ports
Co-authored-by: Sri Ramanujam <sramanujam@datto.com>
Signed-off-by: Matt Coleman <matt@datto.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-02-02 09:36:27 +01:00
Laine Stump
f9f81f1c8f conf: replace VIR_FREE() with g_free() in vir*Free() functions
This patch takes on one set of examples of unnecessary use of
VIR_FREE() when g_free() is adequate - it modifies only vir*Free()
functions within the conf directory that take a single pointer and
free the object pointed to by that argument before returning. The
modification is to replace VIR_FREE() with g_free() for the object
itself *and* for all subordinate chunks of memory pointed to by that
object.

(NB: there are other functions that VIR_FREE subordinate memory of
objects that end up being freed before return (also sometimes with
VIR_FREE); I am purposefully ignoring those to reduce scope and focus
on a sub class where the pointlessness is obvious.)

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-02-02 00:27:58 -05:00
Laine Stump
45b2912c71 util: rename virStorageEncryptionInfoDefFree()
usually a function call vir*Free() will take a single pointer to an
object as its argument, and will then free all resources associated
with that object, including the object
itself. virStorageEnctyptionInfoDefFree() doesn't do that - it frees
all the subordinate resources of the ojbect, but doesn't free the
object itself; usually a function like that is called
vir*Clear(). Let's rename this function to not be misleading.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-02-02 00:27:58 -05:00
Laine Stump
2adfd26ec9 conf: eliminate pointless setting of interface model
There is no point in setting the interface model to unknown during
virDomainNetDefFree(), since we are about to free the object anyway
(and the model isn't used anywhere in the rest of the function).

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-02-02 00:27:58 -05:00
Laine Stump
c2e47fb334 conf: don't bother setting pointers to NULL in vir*Free() functions
The memory containing the pointer is going to be freed momentarily anyway.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-02-02 00:27:58 -05:00
Laine Stump
eb8f62ce88 conf: fix arg to virDomainPCIAddressSetExtensionFree()
This function clears out and frees a virDomainZPCIAddressIds object,
so that's that's what it should take as its argument, *not* the
pointer to a parent object that contains the object we want to free.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-02-02 00:27:58 -05:00
Laine Stump
8fb0b08762 hostdevmgr: remove unneeded oldStateDir
Back in commit 2c71d3826, which appeared in libvirt-1.2.3 in April
2014, the location used to store saved MAC addresses and vlan tags of
SRIOV VFs was changed from /var/run/libvirt/qemu to
/var/run/libvirt/hostdevmgr. For backward compatibility the code was
made to continue looking in the old location for the files when it
didn't find them in the new location.

It's now been 6 years, and even if there was somebody still running
libvirt-1.2.3 on their system, that system would now be out of support
for libvirt, so there would be no way for them to upgrade to a new
libvirt that no longer looks in  "oldStateDir" for the files. So
let's no longer look in "oldStateDir" for the files!

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-02-02 00:27:58 -05:00
Laine Stump
65ce8a424f log error if virConnectCacheOnceInit() fails
virGetConnectNetwork() calls
 virGetConnectGeneric(), which calls
  virConnecCacheInitialize(), which is actually a call (only once) to
   virConnectCacheOnceInit() which calls
    virThreadLocalInit() several times, which calls
     pthread_key_create()

If pthread_key_create() fails, it (of course) doesn't log an error
(because it's not a part of libvirt), nor does any other function on
the call chain all the way up to virGetConnectNetwork(). But none of
the callers of virGetConnectNetwork() log an error either, so it is
possible that an API could fail due to virGetConnectNetwork() failing,
but would only log "an error was encountered, but the cause is
unknown. Deal with it."  (paraphrasing).

(In all likelyhood, virConnectCacheOnceInit() is going to be called at
some earlier time, and almost certainly pthread_key_create() will
never fail (and if it does, the user will have *much* bigger problems
than an obtuse error message from libvirt)).

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-02-02 00:27:27 -05:00
Roman Bogorodskiy
31d1835428 virfile: workaround for when posix_fallocate() is not supported by FS
posix_fallocate() might be not supported by a filesystem, for example,
it's not supported by ZFS. In that case it fails with
return code 22 (EINVAL), and thus safezero_posix_fallocate() returns -1.

As safezero_posix_fallocate() is the first function tried by safezero()
and it tries other functions only when it returns -2, it fails
immediately without falling back to other methods, such as
safezero_slow().

Fix that by returning -2 if posix_fallocate() returns EINVAL, to give
safezero() a chance to try other functions.

Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-02-01 20:15:22 +04:00
Daniel Henrique Barboza
4ab0d1844a security_dac.c: use g_auto* in hostdev label set/restore functions
Use g_auto* cleanup to avoid free() calls.

Reviewed-by: Laine Stump <laine@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-01-29 17:56:13 -03:00
Daniel Henrique Barboza
e49319534e security_selinux.c: use g_auto* in set/restore hostdev subsys functions
Use g_auto* cleanup to avoid free() calls.

Reviewed-by: Laine Stump <laine@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-01-29 17:55:13 -03:00
Daniel Henrique Barboza
b0264e9404 virpci.c: simplify virPCIDeviceNew() signature
The current virPCIDeviceNew() signature, receiving 4 uints in sequence
(domain, bus, slot, function), is not neat.

We already have a way to represent a PCI address in virPCIDeviceAddress
that is used in the code. Aside from the test files, most of
virPCIDeviceNew() callers have access to a virPCIDeviceAddress reference,
but then we need to retrieve the 4 required uints (addr.domain, addr.bus,
addr.slot, addr.function) to satisfy virPCIDeviceNew(). The result is
that we have extra verbosity/boilerplate to retrieve an information that
is already available in virPCIDeviceAddress.

A better way is presented by virNVMEDeviceNew(), where the caller just
supplies a virPCIDeviceAddress pointer and the function handles the
details internally.

This patch changes virPCIDeviceNew() to receive a virPCIDeviceAddress
pointer instead of 4 uints.

Reviewed-by: Laine Stump <laine@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-01-29 17:52:10 -03:00
Daniel Henrique Barboza
0e0c974b20 domain_driver.c: use PCI address with virDomainDriverNodeDeviceGetPCIInfo()
Instead of receiving 4 uints in order and write domain/bus/slot/function,
receive a virPCIDeviceAddressPtr instead and write into it.

This change will allow us to simplify the API for virPCIDeviceNew()
in the next patch.

Reviewed-by: Laine Stump <laine@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-01-29 17:51:03 -03:00
Daniel Henrique Barboza
28657b8001 qemu, lxc: move NodeDeviceGetPCIInfo() function to domain_driver.c
libxlNodeDeviceGetPCIInfo() and qemuNodeDeviceGetPCIInfo() are equal.
Let's move the logic to a new virDomainDriverNodeDeviceGetPCIInfo()
info to be used by libxl_driver.c and qemu_driver.c.

Reviewed-by: Laine Stump <laine@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-01-29 17:49:54 -03:00
Daniel Henrique Barboza
03f9c17805 virpci, domain_audit: use virPCIDeviceAddressAsString()
There is no need to open code the PCI address string format
when we have a function that does exactly that.

Reviewed-by: Laine Stump <laine@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-01-29 17:46:34 -03:00