In cases when the hostname of the NBD server doesn't match the hostname
in the TLS certificate the new attribute 'tlsHostname' can be used to
override it.
Add the XML infrastructure and tests.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Detect that qemu can override TLS hostname setting for NBD clients.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Update to commit v6.2.0-2296-g9f0369efb0
Notable changes:
- 'tls-hostname' field for NBD client to override local hostname
- machine types 'pc-i440fx-1.7' and older are now deprecated
- 'snapshot-access' block driver added
- The 'protocol' field of 'set_password' and 'expire_password'
parameter is now an enum instead of a pure string allowing 'vnc' and
'spice' as value and the arguments are also covered by the schema.
- 'copy-before-write' block driver now has a 'bitmap' property
- 'query-migrate' now reports 'precopy-bytes', 'downtime-bytes',
'postcopy-bytes' for 'ram' and 'disk' statistics
- RTC_CHANGE event now has a 'qom-path' property to identify the RTC
- 'umip' cpu feature is now migratable
- SGX property 'section-size' reinstated after regression
Changes in build setting:
- fuse block export support now enabled
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
All callers except the one in the 'esx' driver pass the flag. The 'esx'
driver has a check that 'def->ndisks' is zero after parsing the
definition. This means that we can simply always parse the disks.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Long ago we adapted to Linux kernel changes which inverted the
behaviour of the conntrack --ctdir setting:
commit a6a04ea47a
Author: Stefan Berger <stefanb@us.ibm.com>
Date: Wed May 15 21:02:11 2013 -0400
nwfilter: check for inverted ctdir
Linux netfilter at some point (Linux 2.6.39) inverted the meaning of the
'--ctdir reply' and newer netfilter implementations now expect
'--ctdir original' instead and vice-versa.
We check for the kernel version and assume that all Linux kernels with version
2.6.39 have the newer inverted logic.
Any distro backporting the Linux kernel patch that inverts the --ctdir logic
(Linux commit 96120d86f) must also backport this patch for Linux and
adapt the kernel version being tested for.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Given our supported platform targets, we no longer need to
consider a version of Linux before 2.6.39, so can drop
support for the old direction behaviour.
The test suite updates are triggered because that never
probed for the ctdir direction, and so the iptables syntax
generator unconditionally dropped the ctdir args.
Reviewed-by: Laine Stump <laine@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Long ago we adapted to iptables changes by introducing support
for '-m conntrack':
commit 06844ccbaa
Author: Stefan Berger <stefanb@us.ibm.com>
Date: Tue Aug 6 20:30:46 2013 -0400
nwfilter: Use -m conntrack rather than -m state
Since iptables version 1.4.16 '-m state --state NEW' is converted to
'-m conntrack --ctstate NEW'. Therefore, when encountering this or later
versions of iptables use '-m conntrack --ctstate'.
Given our supported platform targets, we no longer need to
consider a version of iptables before 1.4.16, so can drop
support for the old syntax.
The test suite updates are triggered because that never
probed for the new syntax, and so unconditionally
generated the old syntax.
Reviewed-by: Laine Stump <laine@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
When libc uses a define to rewrite stat64 to stat our mocks do not work if they
are chained because the symbol that we are looking up is being stringified and
therefore preventing the stat64->stat expansion per C-preprocessor rules. One
stringification macro is just enough to make it work.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
We have couple of tests where the obsolete IPv4-in-IPv6 notation
is used (::10.1.2.3). Change them to the correct format
(::ffff:10.1.2.3).
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
There are two standards how IPv4 address in IPv6 can be
expressed:
::10.1.2.3
::ffff:10.1.2.3
The former is obsolete and the latter should be used instead [1].
Add test cases to our sockettest to exercise parsing/formatting
of the valid address format.
1: https://datatracker.ietf.org/doc/html/rfc4291#section-2.5.5.1
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Apparently clang was fixed as it no longer considers having
global variables static a problem. Make the variables static to
be sure they aren't used outside of the source file.
This effectively reverts v1.0.6-rc1~198 which started the trend.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
The way that vircgroupmock works is that the vircgrouptest
creates a temporary directory and sets LIBVIRT_FAKE_ROOT_DIR env
variable which is then checked by the mock at the beginning of
basically every function it overrides (access(), stat in all its
flavours, mkdir(), etc.). The mock then creates a CGroup dir
structure. But the test is allowed to change the directory, to
accommodate environment for the particular test case. This is
done by changing the environment variable which is then detected
by the mock and the whole process repeats.
However, the way the mock detect changes is buggy. After it got
the environment variable it compares it to the last known value
(global variable @fakerootdir) and if they don't match the last
known value is set to point to the new value. Problem is that the
result of getenv() is assigned to the @fakerootdir directly.
Therefore, @fakerootdir points somewhere into the buffer of
environment variables. In turn, when the test sets new value (via
g_setenv()) it may be placed at the very same position in the env
var buffer and thus the mock fails to detect the change.
The solution is to keep our private copy of the value (by
g_strdup()) which makes the variable not rely on
getenv()/setenv() placing values at random positions.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Currently the 'nvram_template' entry is mandatory when parsing the
firmware descriptor based on flash. QEMU is extending the firmware
descriptor spec to make the 'nvram_template' optional, depending
on the value of a new 'mode' field:
- "split"
* "executable" contains read-only CODE
* "nvram_template" contains read-write VARS
- "combined"
* "executable" contains read-write CODE and VARs
* "nvram_template" not present
- "stateless"
* "executable" contains read-only CODE and VARs
* "nvram_template" not present
In the latter case, the guest OS can write vars but the
firmware will make no attempt to persist them, so any changes
will be lost at poweroff.
For now we parse this new 'mode' but discard any firmware
which is not 'mode=split' when matching for a domain.
In the tests we have a mixture of files with and without the
mode attribute.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
By using the auto-generated NVRAM path in test data files, we won't see
bugs where a user specified path gets accidentally overwritten by a
post-parse callback, or VM startup. For example, this caused us to miss
the bug fixed by:
commit 24adb6c7a6
Author: Michal Prívozník <mprivozn@redhat.com>
Date: Wed Feb 23 08:50:44 2022 +0100
qemu: Don't regenerate NVRAM path if parsed from domain XML
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
When building the default memory backend (which has id='pc.ram')
and no guest NUMA is configured then
qemuBuildMemCommandLineMemoryDefaultBackend() is called. However,
its return value is ignored which means that on invalid
configuration (e.g. when non-existent hugepage size was
requested) an error is reported into the logs but QEMU is started
anyway. And while QEMU does error out its error message doesn't
give much clue what's going on:
qemu-system-x86_64: Memory backend 'pc.ram' not found
While at it, introduce a test case. While I could chose a nice
looking value (e.g. 4MiB) that's exactly what I wanted to avoid,
because while such value might not be possible on x84_64 it may
be possible on other arches (e.g. ppc is notoriously known for
supporting wide range of HP sizes). Let's stick with obviously
wrong value of 5MiB.
Reported-by: Charles Polisher <chas@chasmo.org>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
This demonstrates that
<os>
<loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.fd</loader>
<nvram template="/usr/share/OVMF/OVMF_VARS.fd"/>
</os>
gets expanded to give a per-VM NVRAM path.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The following is expected to raise an error:
<os>
<loader readonly='yes' type='pflash'/>
</os>
because no path to the pflash loader is given and there is
no default built-in.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Commit b56a833243 removed bunch of old code after which
'demo_socket_path' in 'testActivationFDNames' is no longer used
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
The systemd version in RHEL-7 lacked support for the LISTEN_FDNAMES env
variable with socket activation. Since we stopped targetting RHEL-7 we
can drop some considerable amount of compatibility code.
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The minimal supported version of QEMU is 2.11. And after capabilities
for older QEMUs were dropped in v7.3.0-17-g184de10c1d we have some
domaincapsdata/ files that are never read. This is because
domaincapstest uses testQemuCapsIterate() which iterates over
qemucapabilitiesdata/caps_*.xml files.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
All modern QEMU versions use FD passing for listening unix sockets so
the test should reflect this. This will later help when removing the
legacy code paths when we drop support for old QEMUs.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
We don't want to be dealing with real FDs thus we mock
'qemuMonitorIOWriteWithFD' to do the same thing as when no FD is being
passed.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Adding an exception for the whole file usually defeats the purpose of a
syntax check and is also likely to get forgotten once the file is
removed.
In case of the suggestion of using 'safewrite' instead of write even the
comment for safewrite states that the function needs to be used only in
certain cases.
Remove the blanket exceptions for files and use an exclude string
instead. The only instance where we keep the full file exception is for
src/libvirt-stream.c as there are multiple uses in example code in
comments where I couldn't find a nicer targetted wapproach.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Move the declaration of the struct into 'qemu_monitor_priv.h' as other
code has no business in peeking into the monitor messages.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Upcoming patches will remove support for qemu-2.12. Since tests of
'sev' use hacked data we need to use our capability dump of qemu-6.0 as
it has the required fields.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Originally when I started working on '-blockdev' support I added version
locked variants of all the relevant disk tests locked to qemu-2.12, but
blockdev was finally enabled with qemu-4.2.
This patch bumps the rest of the test cases with no functional changes
related to disks.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
The 'device_id' property was added in qemu-4.0. Since upcoming patch
will be modernizing all disk test cases we specifically want to preserve
the instance of 'device_id' not being used with qemu-3.1 and earlier.
Change the 'disk-cache' and 'disk-shared' cases to have a qemu-3.1 and a
qemu-4.1 version for testing pre-'device_id' and pre-blockdev scenarios.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Starting with qemu-3.0 release we use the 'werror' and 'rerror'
properties with the frontend (device) rather than the storage backend
(with a minor caveat of s390, where we use it earlier as it doesn't
support USB disks, and other disk types supported it earlier).
Add specific test cases after the change, but before '-blockdev' was
enabled.
This is done separately from the changes in the next commit which simply
moves all other disk tests to the last pre-blockdev qemu as we have a
semantic change happening after 2.12.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Since 'cancel_path' is constructed from the 'tpmdev' argument, we can
push it down into the function opening the FDs.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Setup the chardev similarly to how we do it on startup so that virtlogd
is properly used with chardevs which are hotplugged to a VM.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Move the function doing the fake setup of chardev backend for FD passing
into the collection of qemu test helpers so that it can be used in
qemumonitorjsontest.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
The main objective of this patch is to use a proper instance of
virDomainChrSourceDef allocated with the private data.
To achieve this the test cases are grouped into blocks by how much they
fill in the chardev definition. Some test cases are moved around so
that the resulting sequence doesn't need extra clearing.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Don't add the command to the test monitor when we don't expect to invoke
it rather than bypassing the test monitor.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Our code uses fdsets for the pipe passed from virtlogd to qemu, but the
chardev hot-unplug code neglected to detach the fdset after the chardev
was removed. This kept the FDs open by qemu even after they were not
used any more.
After the refactor to use qemuFDPass for chardevs we now configure the
'opaque' field for fdsets used for chardevs so we can use
qemuHotplugRemoveFDSet to remove the unused fdset.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Rewrite the parts which already pass FDs via fdset or directly to use
the new infrastructure.
Apart from simpler code this also adds the appropriate names to the fds
in the fdsets which will allow us to properly remove the fdsets won
hot-unplug of chardevs, which we didn't do for now and resulted in
leaking the FDs.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Prefix the file descriptor name with the alias of the network device so
that it's similar to other upcoming use.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Code paths which don't wish to use FD passing are supposed to not call
the function which sets up the chardev for FD passing.
This is ensured by calling it only in the host prepare step.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Add test cases for quotes appearing in the netcat parameter,
for the default behavior of proxy=auto where virt-ssh-helper
is used if available, and for proxy=native.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Currently the test cases all follow the proxy=auto behavior, but
we want to add coverage for other proxy modes as well.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
The important part of the value we assign to "netcat" is that it
contains whitespace, so drop everything else to highlight this
fact.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Having the actual script indented and the closing quote on a
separate line, like
sh -c '
if foo; then
bar;
fi
'
makes things more readable and easier to scan visually.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Make this test case consistent with all the other ones.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Test the behavior of virBufferEscapeShell for different types of
quotes as well as the empty string.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
