Commit Graph

50509 Commits

Author SHA1 Message Date
Peter Krempa
100cbccecd virsh: Annodate 'unwanted_positional' arguments
Historically the command parser in virsh parses/fills even optional
arguments with values as if they were positional unless opted out using
VSH_OFLAG_REQ_OPT. This creates unexpected situations when commands can
break in this unwanted semantics:

 $ virsh snapshot-create-as --print-xml 1 2 3
 <domainsnapshot>
   <name>2</name>
   <description>3</description>
 </domainsnapshot>

To prevent any further addition annotate the rest of the arguments with
the 'unwanted_positional' flag, so that the parser can keep parsing them
as such but any further optional argument will not have this behaviour.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-04-02 14:24:30 +02:00
Peter Krempa
32a89fc670 virsh: Annotate "unwanted_positional" arguments for 'pool-(define|create)-as' commands
Annotate arguments which can be unintentionally parsed positionally.
(See previous commits for explanation.)

All of these options were added in order thus we must declare all of
them as 'unwanted_positional'.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-04-02 14:24:30 +02:00
Peter Krempa
e31cd46364 virsh: volume: Mark optional 'pool' argument as 'positional'
Annotate arguments which can be unintentionally parsed positionally.
(See previous commits for explanation.)

The pool name is optional but in all cases it can be promoted to an
optional positional argument so that it can be properly aligned with the
expectations of the parser.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-04-02 14:24:29 +02:00
Peter Krempa
1304ef40a9 virsh: Annotate some optional arguments as positional
Make certain optional arguments truly positional in cases when it makes
semantic sense.

Previously it wasn't possible to have optional positional arguments, but
the parser filled them regardless, thus this preserves functionality.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-04-02 14:24:29 +02:00
Peter Krempa
d19b12a681 virsh-backup: Fix argument annotations of 'backup-begin' command
Mark the 'backupxml' as positional optional and the 'checkpointxml' as
'unwanted_positional' to preserve the positional parsing quirk.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-04-02 14:24:29 +02:00
Peter Krempa
3bbc97620a virsh: Make '(snapshot|checkpoint)-create' 'xmlfile' argument positional
The argument is optional thus couldn't be marked as positional until now,
despite being parsed positionally.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-04-02 14:24:29 +02:00
Peter Krempa
29f3ac4223 virsh: snapshot: Make 'snapshotname' argument positional
The 'snapshotname' argument is optional as by default "current" snapshot
is considered. Regardless of that we should treat it as positional as
it's the common usage. This is now possible as we can have one optional
positional argument.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-04-02 14:24:29 +02:00
Peter Krempa
0ce337b20c vsh: Make the only argument of 'connect', 'cd', and 'help' commands positional
The intended use of those commands is to use the argument directly
without the flag. Since the argument is optional in all cases we
couldn't declare them as positional until now.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-04-02 14:24:29 +02:00
Peter Krempa
fc7934695d vsh: Allow one optional positional argument
We already allow a optional positional _ARGV argument but there's no
reason why any other argument type could not be allowed this way.

Add checks that there's just one such argument and it's placed after
required positional arguments.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-04-02 14:24:29 +02:00
Peter Krempa
627cf466f0 virsh-checkpoint: Make 'checkpointname' positional and required
The argument was being parsed positionally due to the command parser
quirk as we didn't opt out of it.

Since the code in virshLookupCheckpoint requires that the checkpointname
is present we can mark all the options as positional and required and
remove the redundant check from virshLookupCheckpoint.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-04-02 14:24:29 +02:00
Peter Krempa
a7b10919e7 virsh: Require option flags for all optional arguments of 'attach-disk'
Annotate arguments which can be unintentionally parsed positionally.
(See previous commits for explanation.)

Currently virsh accepts the arguments such as:

 $ virsh attach-disk --print-xml 1 2 3 4 5 6 7 8 9 10
 <disk type='file' device='10'>
   <driver name='5' type='6' iothread='7' cache='8' io='9'/>
   <source file='2'/>
   <target dev='3' bus='4'/>
 </disk>

While making virsh require the flags is technically a breaking change,
there were multiple instances where arguments were added to the argument
list thus changing the order the positional arguments would be
interpreted as. Examples are commits: 7e157858b4, bc5a8090af,
ca21d75d25. As of such there are multiple breaks of compatibility for
the positional arguments.

As of such, require the option flag for all optional arguments with
value for 'virsh attach-disk'.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-04-02 14:24:29 +02:00
Peter Krempa
1efb794487 virsh: Fix "positional" argument annotations for 'migrate' command
Annotate arguments which can be unintentionally parsed positionally.
(See previous commits for explanation.)

Annotate '--migrateuri', '--graphicsuri', '--listen-address', '-dname',
'--timeout', '--xml', '--migrate-disks' and '--disks port' as
'unwanted_positional'. These were declared in chronological order per
git history.

All others are annotated with VSH_OFLAG_REQ_OPT which makes the parser
require the '--optionname'. This is due to the fact that '--disks-uri'
was introduced later and put in front of others declared earlier
breaking the order they would be accepted, thus changing the behaviour
between versions.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-04-02 14:24:29 +02:00
Peter Krempa
39218865f4 virsh: Require option flags for 'blkdeviotune' arguments
Make all of the tunable parameter flags require the option name (don't
parse them positionally).

While techically this would be a breaking change if anyone were to
specify the tunable values positionally this is not the case as the
first two tunables are not compatible with each other:

  $ virsh blkdeviotune cd vda 4 5
  error: Unable to change block I/O throttle
  error: invalid argument: total and read/write of bytes_sec cannot be set at the same time

The above is produced by all implementations of the API (qemu and test
drivers). It is true that the first tunable can be specified
positionally (--total-bytes-sec) but it is misleading and shoud not be
allowed either.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-04-02 14:24:29 +02:00
Peter Krempa
baa20d6eb8 vsh: Fix option formatting for 'VHS_OT_ARGV' options
While previous fixes kept the help output unchanged as base for the
refactors it turns out that the formatting of help for argv options is
wrong.

Specifically in SYNOPSIS the non-positional _ARGV would have the option
name in square brackets (which in other cases means that given thing is
optional) despite being required.

Similarly in the DESCRIPTION section positional versions would not show
the optional argument name and also didn't use the three dots to signal
that it can be used multiple times.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-04-02 14:24:29 +02:00
Peter Krempa
e9e3d6dff4 virsh: Annotate rest of _ARGV arguments as positional
In most cases it's the usual/recommended way to use those commands:

 $ virsh qemu-monitor-command VMNAME cmd args args args

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-04-02 14:24:29 +02:00
Peter Krempa
4d4f4fd516 virsh: Annotate '--diskspec' _ARGV options as unwanted positional
Our documentation in most places explicitly mentions --diskspec and it
was never meant to be positional, although we can't change the parser
any more. Annotate them as 'unwanted_positional'.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-04-02 14:24:29 +02:00
Peter Krempa
d226a2cd70 vsh: Introduce annotation for vsh options which are unexpectedly parsed positionally
Based on the rationale in previous commit, all commands which were
parsed as positional but not documented as such will be annotated with
this flag.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-04-02 14:24:29 +02:00
Peter Krempa
348010ac93 vsh: Introduce tool to find unwanted positional arguments to 'self-test'
While the virsh option definitions specify (either explicitly after
recent refactors, or implicitly before) whether an argument is
positional or not, the actual parser is way more lax and actually and
allows also arguments which were considered/documented as non-positional
to be filled positionally unless VSH_OFLAG_REQ_OPT is used in the flags.

This creates situations such as 'snapshot-create-as' which has the
following docs:

SYNOPSIS
  snapshot-create-as <domain> [--name <string>] [--description <string>]
    [--print-xml] [--no-metadata] [--halt] [--disk-only]
    [--reuse-external] [--quiesce] [--atomic] [--live] [--validate]
    [--memspec <string>] [[--diskspec] <string>]...

Thus showing as if '--name' and '--description' required the option, but
in fact the following happens when only positionals are passed:

  $ virsh snapshot-create-as --print-xml 1 2 3 4 5
  <domainsnapshot>
    <name>2</name>
    <description>3</description>
    <disks>
      <disk name='4'/>
      <disk name='5'/>
    </disks>
  </domainsnapshot>

In the above example e.g. '--memspec' is not populated.

This disconnect makes it impossible to refactor the parser itself and
allows users to write buggy interactions with virsh.

In order to address this we'll be annotating every single of these
unwanted positional options as such so that this doesn't happen in the
future, while still preserving the quirk in the parser.

This patch introduces a tool which outputs list of options which are not
marked as positional but are lacking the VSH_OFLAG_REQ_OPT flag.

This tool will be removed once all the offenders found by it will be
addressed.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-04-02 14:24:29 +02:00
Peter Krempa
1f3f9c81da virsh: Inline VIRSH_COMMON_OPT_NETWORK_OT_STRING macro
The macro is used in just one place and the definition of the option is
going to be modified. Inline the macro.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-04-02 14:24:29 +02:00
Peter Krempa
d2e29eb74c virsh: Inline VIRSH_COMMON_OPT_FILE_FULL macro
The macro is used in one place only and the command definition will be
altered. Inline it.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-04-02 14:24:29 +02:00
Peter Krempa
7a696e9c3d virsh: Inline VIRSH_COMMON_OPT_DOMAIN_OT_STRING macro
Upcoming patches will need to tweak some of the properties of the
command. Since the macro is used in just two places expand it inline.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-04-02 14:24:29 +02:00
Peter Krempa
25be987715 vshCmddefCheckInternals: Improve some checks
- move the check that completer_flags are 0 if no completer is set
   into a common place and remove duplication
 - add check that _BOOL arguments are not positional
 - add missing checks to _ALIAS

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-04-02 14:24:29 +02:00
Peter Krempa
334510a687 vshCmddefHelp: Drop empty line at the end
All virsh commands in non-quiet mode append another separator line thus
having two is unnecessary and in quiet mode it still has a trailing
blank line. Remove it.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-04-02 14:24:29 +02:00
Pavel Hrdina
0a164b74eb qemu_snapshot: correctly update metadata when deleting external snapshot with multiple branches
XML metadata for snapshot contains only single list of disk overlays
from the moment when the snapshot was taken. When user creates multiple
branches of snapshots the parent snapshot will still list only the
original disk overlays. This may cause an issue in a specific scenario:

     s1
      |
      +- s2
      +- s3 (active)

For this snapshot topology when we delete s2 metadata for s1 are not
updated. Now when we delete s1 the code operated with incorrect
overlays from s1 metadata in order to update s3 metadata resulting in no
changes to s3 metadata.

Now when user tries to delete s3 it fails with following error:

    error: Failed to delete snapshot s3
    error: operation failed: snapshot VM disk source and parent disk source are not the same

For the actual deletion there is a code to figure out the correct disk
source but it was not used to update metadata as well. Due to reasons
how block commit in libvirt works we need to create a copy of that disk
source in order to have it available when updating metadata as the
original source will be freed at that point.

Resolves: https://issues.redhat.com/browse/RHEL-26276
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2024-04-02 14:14:26 +02:00
Pavel Hrdina
79654f425c qemu_snapshot: call qemuSnapshotDeleteUpdateDisks only for external snapshots
Calling this function when deleting internal snapshot isn't required
because with internal snapshots all changes are done within the file
itself so there is no file deletion and no need to update snapshot
metadata.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2024-04-02 14:14:26 +02:00
Jiri Denemark
ca7d1bd5ee Post-release version bump to 10.3.0
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2024-04-02 13:43:31 +02:00
Jiri Denemark
5d9ebb126c Release of libvirt-10.2.0
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2024-04-02 13:38:48 +02:00
김인수
222a6c8638 Translated using Weblate (Korean)
Currently translated at 100.0% (10438 of 10438 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/ko/

Co-authored-by: 김인수 <simmon@nplob.com>
Signed-off-by: 김인수 <simmon@nplob.com>
2024-03-29 15:36:18 +01:00
Ján Tomko
32d836bc6f NEWS: Update
Update NEWS with new news.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2024-03-28 12:49:29 +01:00
Peter Krempa
61bd4d9b01 NEWS: Mention fix for PCI VPD error reporting
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-03-28 10:11:55 +01:00
Peter Krempa
0e566614ff pci: Remove error reporting from PCI VPD parsing
The PCI VPD (Vital Product Data) may be missing or the kernel can report
presence but not actually have the data. Also the data is specified by
the device vendor and thus may be invalid in some cases.

To avoid log spamming, since the only usage in the node device driver is
ignoring errors, remove all error reporting.

Closes: https://gitlab.com/libvirt/libvirt/-/issues/607
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-03-28 10:11:55 +01:00
Peter Krempa
34f7ca668f virpcivpd: Revert error reporting from PCI VPD parser
The VPD parsing is fragile and depends on hardware vendor's adherance to
standards. Since libvirt only ever uses this data to report it in the
nodedev XML which ignores any errors there's no much point in having
error reporting which I've added recently.

Turn the errors into VIR_DEBUG statements in preparation for upcoming
patch which completely removes the expectation to report errors.

This effectively reverts commits dfc85658bd and f85a382a0e.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-03-28 10:11:55 +01:00
Yuri Chornoivan
5afaf127c0 Translated using Weblate (Ukrainian)
Currently translated at 100.0% (10438 of 10438 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/uk/

Co-authored-by: Yuri Chornoivan <yurchor@ukr.net>
Signed-off-by: Yuri Chornoivan <yurchor@ukr.net>
2024-03-27 18:36:11 +01:00
김인수
80de00d92a Translated using Weblate (Korean)
Currently translated at 99.5% (10394 of 10438 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/ko/

Co-authored-by: 김인수 <simmon@nplob.com>
Signed-off-by: 김인수 <simmon@nplob.com>
2024-03-27 18:36:10 +01:00
Peter Krempa
1a883c9a7c virsh: cmdDomdisplayReload: Require option name for --type
As this command was introduced in this release add the flag requiring to
pass optionname.

This is needed to actually disallow positional parsing of the value
despite documenting that the flag name is required.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-03-25 16:18:32 +01:00
Weblate
3050cd73a4 Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/

Co-authored-by: Weblate <noreply@weblate.org>
Signed-off-by: Fedora Weblate Translation <i18n@lists.fedoraproject.org>
2024-03-25 12:29:40 +01:00
Jiri Denemark
e04680870c po: Refresh potfile for v10.2.0
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2024-03-25 12:33:31 +01:00
Adam Julis
6821271123 qemuDomainChangeNet: Error when boot index changes in live XML
If the original code detected a missing or null boot index in the
new XML, it automatically added the current value. This
autocompletion was incorrect because it was impossible to
distinguish between user intent and user error - changing the
boot order itself is forbidden and should always be an error.

Resolves: https://issues.redhat.com/browse/RHEL-23416
Fixes: aa3e07caec
Signed-off-by: Adam Julis <ajulis@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-03-22 10:49:40 +01:00
Andrea Bolognani
a57617dca5 NEWS: Mention loongarch64 guest support
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-03-22 09:51:37 +01:00
Andrea Bolognani
3525781ceb NEWS: Fix spacing
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-03-22 09:51:33 +01:00
Lennart Fricke
71a604fce6 qemu: warn on pausing of guest due to watchdog or io error
Change the log level for pauses of guests due to watchdog timeouts
or io errors from debug to warn to enhance the visibility of such
events.

Signed-off-by: Lennart Fricke <lennart.fricke@drehpunkt.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-03-21 15:00:00 +01:00
Xianglai Li
e478a6d3f3 Add test script for loongarch
Add domaincapstest qemuxml2argvtest qemuxml2xmltest
related test cases for loongarch.

Signed-off-by: Xianglai Li <lixianglai@loongson.cn>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2024-03-21 14:42:27 +01:00
Xianglai Li
0038b155ec Implement the method of getting host info for loongarch
Implement method for loongarch to get host info, such as
cpu frequency, system info, etc.

Signed-off-by: Xianglai Li <lixianglai@loongson.cn>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2024-03-21 14:42:26 +01:00
Xianglai Li
3243783c32 Support for loongarch64 in the QEMU driver
Implement support for loongarch64 in the QEMU driver.

Signed-off-by: Xianglai Li <lixianglai@loongson.cn>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2024-03-21 14:42:24 +01:00
Xianglai Li
a4e3718981 Add loongarch cpu support
Add loongarch cpu support, Define new cpu type 'loongarch64'
and implement it's driver functions.

Signed-off-by: Xianglai Li <lixianglai@loongson.cn>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2024-03-21 14:42:20 +01:00
Daniel P. Berrangé
8a3f8d9575 remote: check for negative array lengths before allocation
While the C API entry points will validate non-negative lengths
for various parameters, the RPC server de-serialization code
will need to allocate memory for arrays before entering the C
API. These allocations will thus happen before the non-negative
length check is performed.

Passing a negative length to the g_new0 function will usually
result in a crash due to the negative length being treated as
a huge positive number.

This was found and diagnosed by ALT Linux Team with AFLplusplus.

CVE-2024-2494
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Found-by: Alexandr Shashkin <dutyrok@altlinux.org>
Co-developed-by: Alexander Kuznetsov <kuznetsovam@altlinux.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-03-21 08:08:00 +00:00
Andrea Bolognani
5fb47c5bed qemu: Tweak augeas schema
Current entries should always be listed before obsolete ones.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
2024-03-20 18:37:58 +01:00
Andrea Bolognani
8ca0005ec6 security: Drop virSecurity(DAC|SELinux)SetImageLabelRelative()
The single caller for each function passes the same value
for @src and @parent, which means that we don't really need
the additional API.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
2024-03-20 18:37:56 +01:00
Andrea Bolognani
94028ebf48 security: Drop virSecurity(DAC|SELinux)RestoreImageLabelSingle()
Each one only has a single, trivial caller.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
2024-03-20 18:37:55 +01:00
Andrea Bolognani
931990b7c2 security: Fix name for _virSecurityDACChardevCallbackData
It was clearly copied over from the SELinux driver without
updating its name in the process.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
2024-03-20 18:37:53 +01:00