Commit Graph

47566 Commits

Author SHA1 Message Date
Jim Fehlig
b1da03b5b3 spec: Move virtproxyd to a new subpackage libvirt-daemon-proxy
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-01-18 11:06:13 -07:00
Jim Fehlig
b19b817f5a spec: Move virtlogd to a new subpackage libvirt-daemon-log
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-01-18 11:06:13 -07:00
Jim Fehlig
19df5ec352 spec: Move virtlockd to a new subpackage libvirt-daemon-lock
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-01-18 11:06:13 -07:00
Andrea Bolognani
ef48295105 apparmor: Allow umount(/dev)
Commit 379c0ce4bf introduced a call to umount(/dev) performed
inside the namespace that we run QEMU in.

As a result of this, on machines using AppArmor, VM startup now
fails with

  internal error: Process exited prior to exec: libvirt:
  QEMU Driver error: failed to umount devfs on /dev: Permission denied

The corresponding denial is

  AVC apparmor="DENIED" operation="umount" profile="libvirtd"
      name="/dev/" pid=70036 comm="rpc-libvirtd"

Extend the AppArmor configuration for virtqemud and libvirtd so
that this operation is allowed.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
2023-01-18 18:02:03 +01:00
Daniel P. Berrangé
9cd70fb25c ch: use CURLOPT_UPLOAD instead of CURLOPT_PUT
The CURLOPT_PUT constant causes a deprecation warning when compiling on
Alpine Edge.  The docs indicate it is deprecated since 7.2.1

  https://curl.se/libcurl/c/CURLOPT_PUT.html

Since 7.87 the deprecation is now exposed at build time via a compiler
warning.

We already use CURLOPT_UPLOAD in the ESX driver, so this brings the CH
driver into line.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-01-18 13:45:56 +00:00
Daniel P. Berrangé
d6c7c6823a remote: add missing lock guard for secret value API
This fixes a bug in

  commit fda53ab3a5
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   Thu Dec 22 10:29:32 2022 -0500

    remote: use VIR_LOCK_GUARD in client code

Reviewed-by: Erik Skultety <eskultet@redhat>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-01-18 13:22:38 +00:00
Erik Skultety
9de1eb61a6 remote: remoteDomainCreate: Add missing struct initializer for 'ret2'
Fixes: 62448c1a49

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-01-18 13:39:24 +01:00
Daniel P. Berrangé
83c9fc8bfb admin: use struct zero initializer instead of memset
This is a more concise approach and guarantees there is
no time window where the struct is uninitialized.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-01-17 12:33:54 -05:00
Daniel P. Berrangé
62448c1a49 remote: use struct zero initializer instead of memset
This is a more concise approach and guarantees there is
no time window where the struct is uninitialized.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-01-17 12:33:54 -05:00
Daniel P. Berrangé
1c656836e3 rpc: use struct zero initializer instead of memset
This is a more concise approach and guarantees there is
no time window where the struct is uninitialized.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-01-17 12:33:54 -05:00
Daniel P. Berrangé
8ed7ef5d1a admin: use VIR_LOCK_GUARD in client code
Using VIR_LOCK_GUARD enables the 'done' goto label to be
eliminated.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-01-17 12:33:54 -05:00
Daniel P. Berrangé
fda53ab3a5 remote: use VIR_LOCK_GUARD in client code
Using VIR_LOCK_GUARD enables the 'done' goto label to be
eliminated.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-01-17 12:33:54 -05:00
Daniel P. Berrangé
778c300460 rpc: use VIR_LOCK_GUARD in remote client code
Using VIR_LOCK_GUARD helps to simplify the control flow
logic.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-01-17 12:33:54 -05:00
Daniel P. Berrangé
3ebcd59d21 logging: remove redundant XDR typedef
Every enum/struct/union implicitly includes a typedef in the
emitted C code. Furthermore, the syntax used to declare the
redundant typedef is not compliant with the XDR spec.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-01-17 12:33:54 -05:00
Daniel P. Berrangé
f143e4e7b6 lxc: fix XDR protocol compliance
The RFC spec for XDR does not allow enums to omit their
values, they must be explicitly given. Don't rely on this
rpcgen language extension.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-01-17 12:33:54 -05:00
Daniel P. Berrangé
b2034bb04c remote: remove redundant initialization of args variable
Every member of the args variable will be initialized
explicitly. A few methods had a redundant call to memset
the args which can be removed.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-01-17 12:33:54 -05:00
Andrea Bolognani
35c5f091f5 docs: Fix typo
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2023-01-17 16:49:44 +01:00
Pavel Hrdina
ead6e1b002 docs: document correct cpu shares limits with both cgroups v1 and v2
The limits are different with cgroups v1 and v2 but our XML
documentation and virsh manpage mentioned only cgroups v1 limits without
explicitly saying it only applies to cgroups v1.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-01-17 10:58:07 +01:00
Pavel Hrdina
38af649761 domain_validate: drop cpu.shares cgroup check
This check is done when VM is defined but doesn't take into account what
cgroups version is currently used on the host system so it doesn't work
correctly.

To make proper check at this point we would have to figure out cgroups
version while defining a VM but that will still not guarantee that the
VM will start correctly in the future as the host may be rebooted with
different cgroups version.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-01-17 10:58:04 +01:00
Pavel Hrdina
cf3414a85b vircgroupv2: fix cpu.weight limits check
The cgroup v2 cpu.weight limits are different than cgroup v1 cpu.shares
limits.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-01-17 10:57:50 +01:00
Daniel P. Berrangé
57ecc37f15 rpm: convert license to SPDX format
Note that with the introduction of SPDX, Fedora no longer wants
maintainers to do effective license analysis, hence we now list
all the licenses that are applicable to the binary package
contents

  https://docs.fedoraproject.org/en-US/legal/license-field/#_no_effective_license_analysis

Note, we can still omit licenses that are only applicable to
the build system.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-01-16 09:24:39 -05:00
Jiri Denemark
666bc8ee4f Post-release version bump to 9.1.0
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2023-01-16 11:59:42 +01:00
Jiri Denemark
21b0099b79 Release of libvirt-9.0.0
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2023-01-16 11:57:28 +01:00
Michal Privoznik
9b81b7fdec NEWS: Document my contributions for upcoming release
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2023-01-16 10:04:09 +01:00
김인수
e8871a9ce0 Translated using Weblate (Korean)
Currently translated at 100.0% (10405 of 10405 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/ko/

Translated using Weblate (Korean)

Currently translated at 99.5% (10363 of 10405 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/ko/

Co-authored-by: 김인수 <simmon@nplob.com>
Signed-off-by: 김인수 <simmon@nplob.com>
2023-01-15 05:20:13 +01:00
Peter Krempa
46aee2a925 NEWS: Document virDomainFDAssociate and NULL dereference in virXMLPropStringRequired
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-01-13 10:31:45 +01:00
Laine Stump
6ce7cebea3 tests: remove unused qemu .args file
net-user-passt.args was generated early during testing of the passt
qemu commandline, when qemuxml2argvtest was using
DO_TEST("net-user-passt"). This was later changed to
DO_TEST_CAPS_LATEST(), so the file net-user-passt.x86_64-latest.args
is used instead, but the original (now unused) test file was
accidentally added to the original patch. This patch removes it.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2023-01-13 10:02:05 +01:00
Laine Stump
a2042a4516 qemu: remove commented-out option in passt qemu commandline setup
This commented-out option was pointed out by jtomko during review, but
I missed taking it out when addressing his comments.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2023-01-13 10:02:05 +01:00
Laine Stump
3592b81c4c conf: remove <backend upstream='xxx'/> attribute
This attribute was added to support setting the --interface option for
passt, but in a post-push/pre-9.0-release review, danpb pointed out
that it would be better to use the existing <source dev='xxx'/>
attribute to set --interface rather than creating a new attribute (in
the wrong place). So we remove backend/upstream, and change the passt
commandline creation to grab the name for --interface from source/dev.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2023-01-13 10:02:05 +01:00
Michal Privoznik
8ff8fe3f8a qemuBuildThreadContextProps: Generate ThreadContext less frequently
Currently, the ThreadContext object is generated whenever we see
.host-nodes attribute for a memory-backend-* object. The idea was
that when the backend is pinned to a specific set of host NUMA
nodes, then the allocation could be happening on CPUs from those
nodes too. But this may not be always possible.

Users might configure their guests in such way that vCPUs and
corresponding guest NUMA nodes are on different host NUMA nodes
than emulator thread. In this case, ThreadContext won't work,
because ThreadContext objects live in context of the emulator
thread (vCPU threads are moved around by us later, when emulator
thread finished its setup and spawned vCPU threads - see
qemuProcessSetupVcpus()). Therefore, memory allocation is done by
emulator thread which is pinned to a subset of host NUMA nodes,
but tries to create a ThreadContext object with a disjoint subset
of host NUMA nodes, which fails.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2154750
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-01-13 08:43:30 +01:00
Michal Privoznik
ed6b8a30b9 security_selinux: Set and restore /dev/sgx_* labels
For SGX type of memory, QEMU needs to open and talk to
/dev/sgx_vepc and /dev/sgx_provision files. But we do not set nor
restore SELinux labels on these files when starting a guest.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-01-13 08:41:51 +01:00
Ján Tomko
a50e6f649b NEWS: document external swtpm backend addition
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-01-12 21:19:54 +01:00
김인수
08e3bf0b6f Translated using Weblate (Korean)
Currently translated at 99.5% (10362 of 10405 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/ko/

Co-authored-by: 김인수 <simmon@nplob.com>
Signed-off-by: 김인수 <simmon@nplob.com>
2023-01-12 13:13:25 +01:00
Yuri Chornoivan
d07a7793da Translated using Weblate (Ukrainian)
Currently translated at 100.0% (10405 of 10405 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/uk/

Co-authored-by: Yuri Chornoivan <yurchor@ukr.net>
Signed-off-by: Yuri Chornoivan <yurchor@ukr.net>
2023-01-12 13:13:25 +01:00
antonios-f
9233f0fa8c src/util/vircgroupv2.c: interpret neg quota as "max"
Because of kernel doesn't allow passing negative values to
cpu.max as quota, it's needing to convert negative values to "max" token.

Signed-off-by: Anton Fadeev <anton.fadeev@red-soft.ru>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2023-01-12 13:11:41 +01:00
Han Han
f41d1a2e75 docs: drvqemu: Fix a typo
Fixes: a677ea928a
Signed-off-by: Han Han <hhan@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-01-12 11:40:21 +01:00
Erik Skultety
ad00beffa6 ci: integration: Set an expiration on logs artifacts
The default expiry time is 30 days. Since the RPM artifacts coming from
the previous pipeline stages are set to expire in 1 day we can set the
failed integration job log artifacts to the same value. The sentiment
here is that if an integration job legitimately failed (i.e. not with
an infrastructure failure) unless it was fixed in the meantime it will
fail the next day with the scheduled pipeline again, meaning, that even
if the older log artifacts are removed, they'll be immediately
replaced with fresh ones.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-01-12 09:57:52 +01:00
Jiri Denemark
12a3bee389 qemu: Change some gotos in qemuPasstStart to direct return
Jumping to the error label and reading the pidfile does not make sense
until we reached qemuSecurityCommandRun which creates the pidfile.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2023-01-11 15:20:41 +01:00
Jiri Denemark
12d194404c qemu: Don't check pidfile in qemuPasstStart
The pidfile is guaranteed to be non-NULL (thanks to glib allocation
functions) and it's dereferenced two lines above anyway.

Reported by coverity:

    /src/qemu/qemu_passt.c: 278 in qemuPasstStart()
    272         return 0;
    273
    274      error:
    275         ignore_value(virPidFileReadPathIfLocked(pidfile, &pid));
    276         if (pid != -1)
    277             virProcessKillPainfully(pid, true);
    >>>     CID 404360:  Null pointer dereferences  (REVERSE_INULL)
    >>>     Null-checking "pidfile" suggests that it may be null, but it
    >>>     has already been dereferenced on all paths leading to the check.
    278         if (pidfile)
    279             unlink(pidfile);
    280
    281         return -1;

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2023-01-11 15:20:41 +01:00
Jiri Denemark
a82d74dd75 conf: Avoid NULL dereference in virDomainNetPortForwardFree
In our current code the function is not called with NULL argument, but
we should follow our common practice and make it safe anyway.

Reported by coverity:

    /src/conf/domain_conf.c: 2635 in virDomainNetPortForwardFree()
    2629     {
    2630         size_t i;
    2631
    2632         if (pf)
    2633             g_free(pf->dev);
    2634
    >>>     CID 404359:  Null pointer dereferences  (FORWARD_NULL)
    >>>     Dereferencing null pointer "pf".
    2635         for (i = 0; i < pf->nRanges; i++)
    2636             g_free(pf->ranges[i]);
    2637
    2638         g_free(pf->ranges);
    2639         g_free(pf);
    2640     }

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2023-01-11 09:25:58 +01:00
Weblate
f0a514dbba Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/

Co-authored-by: Weblate <noreply@weblate.org>
Signed-off-by: Fedora Weblate Translation <i18n@lists.fedoraproject.org>
2023-01-10 16:38:11 +01:00
Laine Stump
a5738ab74c NEWS: document addition of passt support
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-01-10 10:37:10 -05:00
Peter Krempa
d7e9093502 qemu: Fix handling of passed FDs in remoteDispatchDomainFdAssociate
To ensure same behaviour when remote driver is or is not used we must
not steal the FDs and array holding them passed to qemuDomainFDAssociate
but rather duplicate them. At the same time the remote driver must close
and free them to prevent leak.

Pointed out by Coverity as FD leak on error path:

 *** CID 404348:  Resource leaks  (RESOURCE_LEAK)
 /src/remote/remote_daemon_dispatch.c: 7484 in remoteDispatchDomainFdAssociate()
 7478         rv = 0;
 7479
 7480      cleanup:
 7481         if (rv < 0)
 7482             virNetMessageSaveError(rerr);
 7483         virObjectUnref(dom);
 >>>     CID 404348:  Resource leaks  (RESOURCE_LEAK)
 >>>     Variable "fds" going out of scope leaks the storage it points to.
 7484         return rv;

Fixes: abd9025c2f
Fixes: f762f87534
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-01-10 15:54:52 +01:00
Martin Kletzander
8f93d546d1 spec: Restart libvirtd on upgrade without socket activation
The %posttrans phase has a special case for upgrading libvirt daemon
with --listen, but it forgot to also restart the daemon in order to
run the new installed version.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1820437

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2023-01-10 15:47:39 +01:00
Daniel P. Berrangé
2b5f925112 remote: fix double free of migration params on error
The remote_*_args methods will generally borrow pointers
passed in the caller, so should not be freed.

On failure of the virTypedParamsSerialize method, however,
xdr_free was being called. This is presumably because it
was thought that the params may have been partially
serialized and need cleaning up. This is incorrect, as
virTypedParamsSerialize takes care to cleanup partially
serialized data. This xdr_free call would lead to free'ing
the borrowed cookie pointers, which would be a double free.

Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-01-10 08:26:27 -05:00
Daniel P. Berrangé
0edf44664e admin: fix leak of typed parameters on error
A few admin client methods had the xdr_free call the wrong
side of the cleanup label, so typed parameters would not
be freed on error.

Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-01-10 08:26:04 -05:00
Jiri Denemark
f193959ee7 po: Refresh potfile for v9.0.0
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2023-01-10 09:25:28 +01:00
Laine Stump
b6e72716c9 specfile: require passt for the build if fedora >= 36 or rhel >= 9
The only reason we need it at build time is to find its location in
$PATH so it can be hardcoded into the libvirt binary (and avoid the
possibility of someone adding in a malicious binary somewhere earlier
in the path, I guess).

Only 'recommend' passt during installation though, since it is not
needed unless someone is actually using it.

There is no need to add in a build-time "WITH_PASST" option (IMO),
since it adds very little to the size of the code - "PASST" (the path
to the binary) will just be set to "passt", so if someone does manage
to build and install passt on an older version of Fedora or RHEL, it
will still work (as long as it's installed somewhere in the path).

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-01-10 01:19:27 -05:00
Laine Stump
a56f0168d5 qemu: hook up passt config to qemu domains
This consists of (1) adding the necessary args to the qemu commandline
netdev option, and (2) starting a passt process prior to starting
qemu, and making sure that it is terminated when it's no longer
needed. Under normal circumstances, passt will terminate itself as
soon as qemu closes its socket, but in case of some error where qemu
is never started, or fails to startup completely, we need to terminate
passt manually.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-01-10 01:19:25 -05:00
Laine Stump
98a24813c8 qemu: add passtStateDir to qemu driver config
...following in the patter of slirpStateDir.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-01-09 14:24:27 -05:00