In order for the iTCO watchdog to be operational we must disable the
noreboot pin strap in qemu. This is the default starting from 8.0
machine types, but desirable for older ones as well. And we can safely
do that since that is not guest-visible.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
This is already possible with qemu, and actually already happening with
q35 machines and a specified watchdog since q35 already includes a
watchdog we do not include in the XML. In order to express such
posibility multiple watchdogs need to be supported.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
The function cannot fail once it starts populating
ret->params.params_val[i].field.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
In case the API returned success and a NULL pointer in uri_out, we would
leak the preallocated buffer used for storing the uri_out pointer.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
The daemon side of this API has been broken ever since the API was
introduced in 2012. Instead of sending the error from
virDomainGetSecurityLabelList via RPC so that the client can see it, the
dispatcher would just send a successful reply with return value set to
-1 (and an empty array of labels). The client side would propagate this
return value so the client can see the API failed, but the original
error would be lost.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Recently, in v9.0.0-7-gb2034bb04c we've dropped initialization of
@args variable. The reasoning was that eventually, all members of
the variable will be set. Well, this is not correct. For
instance, in remoteConnectGetAllDomainStats() the
args.doms.doms_val pointer is set iff @ndoms != 0. However,
regardless of that, the pointer is then passed to VIR_FREE().
Worse, the whole args is passed to
xdr_remote_connect_get_all_domain_stats_args() which then calls
xdr_array, which tests the (uninitialized) pointer against NULL.
This effectively reverts b2034bb04c.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
The g_hash_table_unref() function does not accept NULL. Passing
NULL results in a glib warning being triggered. Check whether the
hash table is not NULL and unref it only then.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Support virtio-crypto device, also support cryptodev types:
- builtin
- lkcf
Finally, we can launch a VM(QEMU) with one or more crypto devices by
libvirt.
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Changes in this commit:
- docs: formatdomaincaps.rst
- conf: crypto related domain caps
- qemu: crypto related
- tests: crypto related test
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Introduce crypto device like:
<crypto model='virtio' type='qemu'>
<backend model='builtin' queues='1'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x0a' function='0x0'/>
</crypto>
<crypto model='virtio' type='qemu'>
<backend model='lkcf'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x0b' function='0x0'/>
</crypto>
Currently, crypto model supports virtio only, type supports qemu only
(vhost-user in the plan). For the qemu type, backend supports modle
builtin/lkcf, and the queues is optional.
Changes in this commit:
- docs: formatdomain.rst
- schemas: domaincommon.rng
- conf: crypto related domain conf
- qemu: crypto related
- tests: crypto related test
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
'domaincapstest' is currently skipping RISC-V tests. Let's enable it.
The decision of enabling the "virt" machine is based on the idea that
this is the most used QEMU RISC-V machine in the community and it's the
most likely to be widely supported in the long run.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Update RISC-V capabilities for the QEMU 8.0.0 cycle. Changes made are
based on the JSONification of device parameters.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
There are tests in qemuxml2argvtest that will fail if we enable RISC-V
testing, with an error like the following:
"cpuGetSubDriver:64 : this function is not supported by the connection
driver: 'riscv64' architecture is not supp orted by CPU driver"
This happens because we don't have a RISC-V driver yet.
Add a barebone RISC-V driver to allow tests to be executed. The only 2
callbacks implemented here are 'compare' and 'validateFeatures', both
acting as a no-op. More callbacks and features will be added in the
future.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Commit f007940cb2 tried to change the error message so that it is unified
later in 35afa1d2d6, but various rewrites missed this particular error message
which does not make sense. Fix it so that it is the same as the other two
messages checking the same thing in this file.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2033879
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
The field is no longer used so we can remove it and the code filling it.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
All callers pass 'false' so we no longer need it.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Commit b7798a07f9 (in fall of 2016) changed the way we generate aliases
for 'dimm' memory devices as the alias itself is part of the migration
stream section naming and thus must be treated as ABI.
The code added compatibility layer for VMs with memory hotplug started
with the old scheme to prevent from generating wrong aliases. The
compatibility layer broke though later when 'nvdimm' and 'pmem' devices
were introduced as it wrongly detected them as old configuration.
Now rather than attempting to fix the legacy compat layer to treat other
devices properly we'll be better off simply removing it as it's
extremely unlikely that somebody has a VM started in 2016 running with
today's libvirt and attempts to hotplug more memory.
This fixes a corner case when a user hot-adds a 'dimm' into a VM with a
'dimm' and a 'nvdimm' after restart of libvirtd and then attempts to
migrate the VM.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2158701
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
The function can't return NULL to the callers so it doesn't make sense
to check it.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
'sess->authPath' is modified before locking the 'sess' object.
Additionally on failure of 'virAuthGetConfigFilePathURI' 'sess' would be
unlocked even when it was not yet locked.
Fixes: 6917467c2b
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
The function can't return NULL to the callers so it doesn't make sense
to check it.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
'sess->authPath' is modified before locking the 'sess' object.
Additionally on failure of 'virAuthGetConfigFilePathURI' 'sess' would be
unlocked even when it was not yet locked.
Fixes: 273745b431
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
The function can't fail so it's pointless to check its return value.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
As shown in the commit that introduced vboxReportError(), we are
appending the retval of a failed VirtualBox API onto our error
messages. Well, this is no longer needed because
vboxReportError() already appends the VirtualBox error in plain
text.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Our coding style suggests error messages to be on a single line
for easier git grep. Since I'm touching them anyways, let's make
them follow our own suggestion.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Now that we have vboxReportError() which reports VirtualBox
errors too, we can switch the code to use the former. And since
the vboxReportError() is designed to behave exactly like
virReportError() we can do that almost everywhere, regardless of
the source of the error.
There are a few exceptions though, for instance, when
initializing VirtualBox SDK (we don't have all the objects needed
for querying exceptions yet), or when invalid combination of
arguments was passed to an API of ours, or when a function from
other module (e.g. src/conf/) failed.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
When a VirtualBox API fails it produced an exception. Until now,
we did not have correct APIs wired up to get the exception and
its error message. Thus, we were left with plain:
virReportError("virtualbox API failed, rc=%08x", rc);
This is not very user friendly because those rc values are hard
to parse (e.g. some values are defined as a sum of a base value
and some other value) and also it expects users to know where to
look.
But now that we have all machinery needed for querying
exceptions, vboxReportError() can be introduced. The aim is to
query VirtualBox exceptions and append them after the error
message we intent to report. If the exception can't be queried
successfully, this behaves exactly like virReportError().
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
The ClearException() method clears the latest exception inside of
VirtualBox. This needed because obtaining an exception via
GetException() does not clear it.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
The GetException() method can be used to obtain the latest
exception that occurred in VirtualBox. Calling the method does
not reset the exception though. For that we'll need to call
another method (introduced in following commit).
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
The IVirtualBoxErrorInfo interface allows us to query error
messages from VirtualBox. Since VirtualBox has stacked errors we
need the GetNext() method too.
The odd one, that sticks out is GetIID() as it is not part of the
interface as defined by VirtualBox header files. BUT, we need to
get the interface UUID (which MAY change across each release) so
that it can be passed to VBOX_QUERY_INTERFACE() introduced
earlier.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
So far we haven't needed to use a different interface for objects
we are working with. We were happy with calling their respective
vtbl callbacks. Well, this will change soon as we will query an
exception (type of nsIException) but will need to promote it to
IVirtualBoxErrorInfo class. This promoting is done by
QueryInterface() callback which accepts 3 arguments: the original
object, ID of the new interface and address where to store the
promoted object.
As this is very basic operation, available to every object, it is
part of the ISupports interface among with other goodies like
AddRef() and Release().
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
The support for VirtualBox 5.2 and 6.0 was removed and 7.0 was
added. Reflect these changes in the NEWS file.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
As advertised in previous commit that added the SDK header file,
there were some changes to the API:
1) IVirtualBox::OpenMachine() and IVirtualBox::CreateMachine()
now have @password argument to deal with password protected
settings files. Well, we don't have that wired now (and we
don't create such files). If we ever want to support user
settings files that are password protected (e.g. via
virSecret) we can wire this argument. For now, just pass NULL.
2) IMachine::GetAudioAdapter() is gone. But it can be replaced
with IMachine::GetAudioSettings() + IMachine::GetAdapter()
combo.
Resolves: https://gitlab.com/libvirt/libvirt/-/issues/419
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Notable changes in the API:
- Both IVirtualBox::OpenMachine() and
IVirtualBox::CreateMachine() have new @password argument for
password protected settings files.
- The IMachine::GetAudioAdapter() function is gone and to be
replaced with IMachine::GetAudioSettings() +
IMachine::GetAdapter() combo.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
To avoid including a header file more than once, either:
#pragma once
can be used, or the older trick (that vbox still uses):
#ifndef MACRO
# define MACRO
Well, vbox still uses the latter and in its 7.0 release the macro
was renamed from ___VirtualBox_CXPCOM_h to ___VirtualBox_CAPI_h.
Now, ideally, we wouldn't touch those header files for older
versions, but we need to use the same macro across all header
files (because vbox_tmpl.c includes corresponding vbox_CAPI_XXX.h
and then includes vbox_XPCOMCGlue.h which in turn includes
vbox_CAPI_v6_1.h to get the basic typedefs).
Instead of changing the newer 7.0 header file (and having to
change all subsequent versions), let's change the old ones and as
we drop support for them, we can forget this ever happened.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
The @networkName argument of UIDHCPServer::Start() callback is
unused. Drop it and also its propagation from parent functions.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
According to VirtualBox download page [1], the 6.0.0 release is
no longer supported (the support ended 2020/07). Drop it from
Libvirt too.
1: https://www.virtualbox.org/wiki/Download_Old_Builds
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
According to VirtualBox download page [1], the 5.2.0 release is
no longer supported (the support ended 2020/07). Drop it from
Libvirt too.
1: https://www.virtualbox.org/wiki/Download_Old_Builds
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
The UIUSBCommon::GetEnabled() function is not needed really, as
it sets a boolean to true and always succeeds. We can live
without the function.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
The UIUSBCommon::Enable() function is no longer needed as it is a
NOP. Drop it.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
The @data and @name arguments of
UIHost::CreateHostOnlyNetworkInterface() callback are unused.
Drop them and also their propagation from parent functions.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
The @iid argument of UISession::OpenExisting() callback is
unused. Drop it and also its propagation from parent functions.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
The @iid argument of UISession::Open() callback is unused. Drop
it and also its propagation from parent functions.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
The @iid argument of UIMachine::LaunchVMProcess() callback is
unused. Drop it and also its propagation from parent functions.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
The @mediaChangeOnly argument of vboxDomainAttachDeviceImpl()
function is unused. Drop it.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
There are few cases where a function argument is marked as
unused, but it's used later in the function. The majority of such
occurrences are in vbox_tmpl.c as a residue of older vbox
versions, but a pair was found in vbox_common.c too.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
In d9ee51e, virNetDevIPCheckIPv6Forwarding was updated to walk the
contents of /proc/net/ipv6_route so that it could check to see if the
RTF_ADDRCONF was set on any IPv6 routes to ultimately determine if
enabling forwarding would result in an error due to accept_ra=1 being
set on the interface.
The implementation added in that commit limited the number of routes
that could be read from /proc/net/ipv6_route to 100_000, each with 150
characters. This is problematic for machines that have a full IPv6
routing table, as the IPv6 routing table has now grown to over 160_000
(it was closer to 100_000 at the time of that commit).
This patch increases the maximum route size from 100_000 to 1_000_000.
While a million routes is somewhat arbitrary, it's meant to be a value
that can be supported for the forseeable future. APNIC, one of the five
regional internet registries, recently published a forecast of IPv6
table growth which anticipates a worst-case growth to 1_000_000 in
January of 2029.
Signed-off-by: Brooks Swinnerton <bswinnerton@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
