Commit Graph

48105 Commits

Author SHA1 Message Date
Michal Privoznik
d05ad0f15e esx: Change the default username when connecting to VCenter
While it's true that the default username is:

  administrator@${SSO-Domain}

in majority of cases the ${SSO-Domain} is "vsphere.local". But
our code (and what virsh displays then) says it's just
"administrator".

This is wrong also from a different POV: the username must
contain the suffix no matter what and our default suggests
otherwise.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2181234
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-03-24 14:44:54 +01:00
Michal Privoznik
2c13a2a7c9 virt-host-validate: Detect SMMU support on ARMs
In vir-host-validate we do two checks related to IOMMU:

  1) hardware support, and
  2) kernel support.

While users are usually interested in the latter, the former also
makes sense. And for the former (hardware support) we have this
huge if-else block for nearly every architecture, except ARM.

Now, IOMMU is called SMMU in ARM world, and while there's
certainly a definitive way of detecting SMMU support (e.g. via
dumping some registers in asm), we can work around this - just
like we do for Intel and AMD - and check for an ACPI table
presence.

In ARM world, there's I/O Remapping Table (IORT) which describes
SMMU capabilities on given host and is exposed in sysfs
(regardless of arm_smmu module).

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2178885
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-03-24 14:44:38 +01:00
Martin Kletzander
1f76b5365e ci: Disable optimization on macos-12
This enables our CI to run tests on on macos-12 after commit
7944700b40.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2023-03-24 13:15:32 +01:00
Martin Kletzander
1b0c07db75 ci: Refresh CI files with current lcitool
This updates to FreeBSD 12.4 which has clang that supports
-fsemantic-interposition, plus of course updates the system.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-03-24 12:59:51 +01:00
Michal Privoznik
7944700b40 meson: Don't build tests when CLang lacks -fsemantic-interposition
There are some CLang versions that do not support
-fsemantic-interposition. If that's the case, the code is
optimized so much that our mocking no longer works.

Therefore, disable tests and produce a warning.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-03-24 11:15:23 +01:00
Peter Krempa
7334972c9a ci: Drop EOL OpenSUSE 15.3
The '15.3' version is EOL now:

  https://get.opensuse.org/leap/15.3/

Also switch the 'codestyle' job to the appropriate container image.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-03-23 16:24:56 +01:00
Peter Krempa
0cbd00525d ci: Add OpenSUSE leap 15.4 job
As a precursor to dropping the EOL OpenSUSE 15.3 job add first the
definitions for the replacement version.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-03-23 16:13:01 +01:00
Jiri Denemark
d1690ae485 Translated using Weblate (Japanese)
Currently translated at 99.5% (10368 of 10416 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/ja/

Co-authored-by: Jiri Denemark <jdenemar@redhat.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2023-03-22 16:20:49 +01:00
grimst
de16103027 Translated using Weblate (French)
Currently translated at 99.9% (10410 of 10416 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/fr/

Co-authored-by: grimst <grimaitres@gmail.com>
Signed-off-by: grimst <grimaitres@gmail.com>
2023-03-22 16:20:48 +01:00
Jan Kuparinen
04df0bd25b Translated using Weblate (Finnish)
Currently translated at 22.5% (2349 of 10416 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/fi/

Co-authored-by: Jan Kuparinen <copper_fin@hotmail.com>
Signed-off-by: Jan Kuparinen <copper_fin@hotmail.com>
2023-03-22 16:20:48 +01:00
Michal Privoznik
b407897ea9 qemu_shim: Require absolute path for root directory
The virConnectOpen(), well virConnectOpenInternal() reports an
error if embed root is not an absolute path. This is a fair
requirement, but our qemu_shim doesn't check this requirement and
passes the path to mkdir(), only to fail later on, leaving the
empty directory behind:

  $ ls -d asd
  ls: cannot access 'asd': No such file or directory

  $ virt-qemu-run -r asd whatever.xml
  virt-qemu-run: cannot open qemu:///embed?root=asd: unsupported configuration: root path must be absolute

  $ ls -d asd
  asd

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Kristina Hanicova <khanicov@redhat.com>
2023-03-22 15:53:33 +01:00
Michal Privoznik
94862a77be qemu_domain: Drop ATTRIBUTE_NONNULL() for non-existent arguments
After cleanup done in v8.2.0-rc1~47 the
qemuDomainObjExitMonitor() and after v8.7.0-rc1~176 the
qemuDomainObjEnterMonitor() lost the @driver argument. But
corresponding ATTRIBUTE_NONNULL() annotation was not removed and
both functions are still annotated as ATTRIBUTE_NONNULL(2) even
though they accept just one argument (@obj).

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Kristina Hanicova <khanicov@redhat.com>
2023-03-22 15:53:33 +01:00
Ján Tomko
8c8cda2c9a qemu_shim: set system identity
Otherwise looking up a secret fails when we try to elevate the identity
in qemuDomainSecretInfoSetupFromSecret.

https://bugzilla.redhat.com/show_bug.cgi?id=2000410

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-03-22 14:41:28 +01:00
Andrea Bolognani
f099d3fe10 qemu: Move validation check out of postparse
Suggested-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-03-22 13:49:53 +01:00
Andrea Bolognani
e493a2ed73 conf: Move validation check out of postparse
The reason why it was in postparse in the first place was so
that we could could automatically enable the secure-boot feature
in some cases, but that no longer happens so we can finally move
it to the proper location.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-03-22 13:49:53 +01:00
Andrea Bolognani
6d0d416f41 conf: Don't explicitly set the secure-boot feature
Now that we're adding information obtained from the firmware
descriptor to the domain XML, this will happen automatically
whenever a firmware that has the enrolled-keys feature ends up
being selected.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-03-22 13:49:53 +01:00
Andrea Bolognani
24ad99d76d qemu: Automatically add firmware type/features information
Even when the user is not taking advantage of firmware
autoselection and instead manually providing all the necessary
information, in most cases they're still going to use firmware
builds that are provided by the OS vendor, are installed in
standard paths and come with a corresponding firmware
descriptor.

Similarly, even when the user is not guiding the autoselection
process by specifying the desired status of certain features
and instead is relying on the system-level descriptor priority
being set up correctly, libvirt will still ultimately decide to
use a specific descriptor, which includes information about the
firmware's features.

In both these cases, take the additional information that were
obtained from the firmware descriptor and reflect them back into
the domain XML, where they can be conveniently inspected by the
user and management applications alike.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-03-22 13:49:53 +01:00
Andrea Bolognani
50d68c1d10 qemu: Don't drop firmware type/features information
Now that we no longer reject configurations that include both
this information and explicit firmware details, as long of
course as everything is internally consistent, and that we've
ensured that we produce maximally compatible XML on migration,
we can stop stripping this information at the end of the
firmware selection process.

There are several advantages to keeping this information around:

  * if the user wants to change the firmware configuration for
    an existing VM, they can simply drop the <loader> and
    <nvram> elements, tweak the firmware autoselection parameters
    and let libvirt pick a firmware that matches on the new
    requirements;

  * management applications can inspect the XML and easily
    figure out firmware-related information without having to
    reverse-engineer them based on some opaque paths.

Overall, this change makes things more transparent and easier to
understand. The improvement is so significant that, in a
follow-up commit, we're going to ensure that this information is
available in even more cases.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-03-22 13:49:53 +01:00
Andrea Bolognani
a0065f9728 conf: Don't format firmware type/features when migrating
The combination of explicit firmware paths, which we now
produce in all cases, and firmware autoselection knobs is
explicitly rejected by libvirt 8.6.0 and newer.

Right now we produce inherently migratable XML in all cases,
since we always strip those bits, but that's going to change
soon. To prepare for that, make sure that we always skip the
problematic elements and attributes when preparing a
migratable XML.

The destination will simply receive a fully specified firmware
configuration, which is indistinguishable from one that was
manually provided by the user and is thus accepted by any old
version of libvirt, regardless of whether or not firmware
autoselection was used on the source host.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-03-22 13:49:53 +01:00
Andrea Bolognani
ccf4aa37a0 conf: Remove some firmware validation checks
libvirt 8.6.0 introduced these checks and very clearly delineated
two possible firmware selection scenarios: manual firmware
selection, where the user is responsible for providing all
information, and firmware autoselection, where a list of desired
features is provided and everything else is handled by libvirt.

In the interest of maintaining the clear separation between these
two scenarios, setting most attributes when firmware autoselection
is active will result in the configuration being rejected.

This works fine, but is unnecessarily restrictive: in most cases,
the additional information that the user has provided matches
the information that libvirt would have discovered on its own by
looking at firmware descriptors, and asking the user to scrub it
from the XML only result in pointless friction.

Remove these checks entirely.

Unsurprisingly, this results in a few test cases that were
rejected until now to suddenly start working and producing
sensible results.

The firmware-auto-efi-loader-path-nonstandard test case is
notable: while we can now enable the xml2xml part of the test,
the xml2argv part is still failing, although in a slightly
different way. This is expected: since the firmware binary is a
non-standard one, libvirt is unable to figure out the missing
information from a firmware descriptor, and the configuration
is still ultimately an invalid one. However, if we were to find
such a configuration on disk at daemon startup, we would not
ignore it completely and instead would offer the user a chance
to fix it.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-03-22 13:49:53 +01:00
Andrea Bolognani
04568019c6 qemu: Always go through firmware autoselection
Right now there are a few scenarios in which we skip ahead, and
removing these exceptions will make for more consistent and
predictable behavior.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-03-22 13:49:53 +01:00
Andrea Bolognani
63859189e6 qemu: Discard requires-smm firmware when loader.secure=no
The requires-smm feature being present in a firmware descriptor
causes loader.secure=yes to be automatically chosen for the
domain, so we have to avoid this situation or the user's choice
will be silently subverted.

Note that we can't actually encounter loader.secure=no in this
function at the moment because of earlier checks, but that's
going to change soon.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-03-22 13:49:53 +01:00
Andrea Bolognani
8b96a17019 qemu: Introduce qemuFirmwareMatchesPaths()
Right now we have checks in place that ensure that explicit
paths are not provided when firmware autoselection has been
enabled, but that's going to change soon.

To prepare for that, take into account user-provided paths
during firmware autoselection if present, and discard all
firmware descriptors that don't contain matching information.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-03-22 13:49:53 +01:00
Andrea Bolognani
3030010fa9 tests: Fix firmware descriptor masking test
Right now we're checking that firmware descriptor masking works
as intended by creating an empty file matching 60-ovmf-sb.json
in name.

However, that firmware descriptors contains the details for a
perfectly valid and quite common situation: Secure Boot being
supported by the firmware build, but being effectively disabled
by the lack of certificates in the NVRAM template.

Unmask that firmware descriptor, and instead create a dummy one
that has higher priority than all other OVMF builds and points
to paths that are obviously incorrect, which should make it
easy to notice it getting accidentally unmasked in the future.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-03-22 13:49:53 +01:00
Andrea Bolognani
bf6a6f90a9 tests: Add more tests for manual Secure Boot configuration
These cover the same scenarios as the matching test cases for
autoselection.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-03-22 13:49:53 +01:00
Andrea Bolognani
66e5c43a03 tests: Add firmware-auto-efi-loader-path
This is identical to the existing
firmware-auto-efi-loader-path-nonstandard test case, but uses
a standard firmware path.

Right now the two test cases behave identically, but that's
going to change in the future.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-03-22 13:49:53 +01:00
Andrea Bolognani
d8d06f0a4a tests: Fix firmware-auto-efi-loader-path-nonstandard
This test is intended to simulate the use of an OVMF firmware
image installed under a non-standard path. In order to make
such a configuration work, the user would have to provide
additional information.

Right now it doesn't matter, because the configuration is
rejected anyway, but the behavior is going to change slightly
in the future. Prepare by making the configuration more
complete and realistic.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-03-22 13:49:53 +01:00
Andrea Bolognani
bfb507853a tests: Rename a few firmware tests
This unifies the naming between the manual and automatic
selection cases, clarifies the contents of the tests and makes
room for more tests being added in the future.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-03-22 13:49:53 +01:00
Andrea Bolognani
b62d1b30ae qemu: Fix memory leaks in firmware selection code
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2023-03-22 13:49:50 +01:00
Michal Privoznik
743fdb97c8 meson: Stop detecting -Wl,--version-script=
With its version 16.0, the LLVM's linker turned on
--no-undefined-version by default [1]. This breaks how we detect
--version-script= detection, because at the compile time there's
no library built yet that we can use to make --version-script=
happy. Unfortunately, meson does not provide a way to detect this
either [2].

But there's not much sense in detecting the argument either. We
already special case some systems (windows, darwin) and do the
check for others, which are expected to support versioned
symbols, because of ELF. Worst case scenario - the error is
reported during compile time rather than configure time.

1: https://reviews.llvm.org/D135402
2: https://github.com/mesonbuild/meson/issues/3047

Resolves: https://bugs.gentoo.org/902211
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-03-21 11:54:52 +01:00
Ján Tomko
4be3ba0226 vbox: unify "unable to get hard disk id" message
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2023-03-20 14:32:41 +01:00
Ján Tomko
3811027318 Unify error message when namespaces are unsupported
Some helpers used a period at the end, others did not.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2023-03-20 14:32:40 +01:00
Ján Tomko
0526a6024b util: xml: remove function names from error messages
The function name is already logged, and these can happen only as a
result of a programmer error.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2023-03-20 14:32:40 +01:00
Ján Tomko
161e21018a vbox: remove unreachable error in virVBoxSnapshotConfSaveVboxFile
Both callers in the VirtualBox driver handle the error and only
call this function with a non-NULL argument.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2023-03-20 14:32:40 +01:00
Ján Tomko
d2a430f90a vbox: remove unreachable error in virVBoxSnapshotConfLoadVboxFile
Both callers in the VirtualBox driver error out if the path
can't be fetched via VirtualBox APIs and abort on conversion error
from UTF-16 to UTF-8.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2023-03-20 14:32:40 +01:00
Ján Tomko
6c41f2e076 bhyve: unify error message for UUID generation
All the other places spell UUID in all caps.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2023-03-20 14:32:40 +01:00
Ján Tomko
6e23112304 src: unify symlink creation error message
In some places, one quote got dropped by accident.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2023-03-20 14:32:40 +01:00
Ján Tomko
9fc3c2524c bhyve: fix typo in error message
Use the same string as in qemu_process.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2023-03-20 14:32:40 +01:00
Shaleen Bathla
9a3bccf695 capabilities: reduce scope in virCapabilitiesInitCaches()
over-writing a variable in inner while-loop without freeing previous memory
leaks it over time.
To fix this, we can just change scope of bank variable to the inner loop.

Signed-off-by: Shaleen Bathla <shaleen.bathla@oracle.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Fixes: 5c84485439
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2023-03-20 14:29:38 +01:00
Daniel P. Berrangé
27d8bcc337 manpages: fix secret injection example for SEV
The --disk-password argument was present in early impls of the patch but
replaced by the more generic --inject-secret argument.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-03-17 15:45:33 +00:00
Ján Tomko
50f0e8e7aa rpc: fix typo in admin code generation
An extra '&' introduced a crash.

https://bugzilla.redhat.com/show_bug.cgi?id=2178866

Fixes: 778c300460
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-03-17 16:42:55 +01:00
Ludek Janda
15ba70184c Translated using Weblate (French)
Currently translated at 100.0% (10416 of 10416 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/fr/

Co-authored-by: Ludek Janda <ljanda@redhat.com>
Signed-off-by: Ludek Janda <ljanda@redhat.com>
2023-03-17 16:10:04 +01:00
Ján Tomko
cd41eefb5f Translated using Weblate (Czech)
Currently translated at 83.5% (8706 of 10416 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/cs/

Co-authored-by: Jan Tomko <jtomko@redhat.com>
Co-authored-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Jan Tomko <jtomko@redhat.com>
2023-03-17 16:10:04 +01:00
Jiri Denemark
e2e192d76c Translated using Weblate (Chinese (Simplified) (zh_CN))
Currently translated at 99.5% (10373 of 10416 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/zh_CN/

Translated using Weblate (Chinese (Simplified) (zh_CN))

Currently translated at 99.5% (10373 of 10416 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/zh_CN/

Translated using Weblate (Japanese)

Currently translated at 99.5% (10368 of 10416 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/ja/

Translated using Weblate (Japanese)

Currently translated at 99.5% (10369 of 10416 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/ja/

Co-authored-by: Jiri Denemark <jdenemar@redhat.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2023-03-17 16:10:04 +01:00
Daniel P. Berrangé
2591573c24 Translated using Weblate (Czech)
Currently translated at 83.5% (8706 of 10416 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/cs/

Co-authored-by: Daniel P. Berrange <berrange@redhat.com>
Co-authored-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2023-03-17 16:10:04 +01:00
Daniel P. Berrangé
f9f5ab5718 meson: stop CLang doing inter-procedural analysis
The virNumaNodeIsAvailable function is stubbed out when building
without libnuma, such that it just returns a constant value. When
CLang is optimizing, it does inter-procedural analysis across
function calls. When it sees that the call to virNumaNodeIsAvailable
returns a fixed constant, it elides the conditional check for errors
in the callers such as virNumaNodesetIsAvailable.

This is a valid optimization as the C standard declares that there
must only be one implementation of each function in a binary. This
is normally the case, but ELF allows for function overrides when
linking or at runtime with LD_PRELOAD, which is technically outside
the mandated C language behaviour.

So while CLang's optimization works fine at runtime, it breaks in our
test suite which aims to mock the virNumaNodeIsAvailable function so
that it has specific semantics regardless of whether libnuma is built
or not. The return value check optimization though means our mock
override won't have the right effect. The mock will be invoked, but
its return value is not used.

Potentially the same problem could be exhibited with GCC if certain
combinations of optimizations are enabled, though thus far we've
not seen it.

To be robust on both CLang and GCC we need to make it more explicit
that we want to be able to replace functions and thus optimization
of calls must be limited. Currently we rely on 'noinline' which
does successfully prevent inlining of the function, but it cannot
stop the eliding of checks based on the constant return value.
Thus we need a bigger hammer.

There are a couple of options to disable this optimization:

 * Annotate a symbol as 'weak'. This is tells the compiler
   that the symbol is intended to be overridable at linktime
   or runtime, and thus it will avoid doing inter-procedural
   analysis for optimizations. This was tried previously but
   have to be reverted as it had unintended consequences
   when linking .a files into our final .so, resulting in all
   the weak symbol impls being lost. See commit
   407a281a8e

 * Annotate a symbol with 'noipa'. This tells the compiler
   to avoid inter-procedural analysis for calls to just this
   function. This would be ideal match for our scenario, but
   unfortunately it is only implemented for GCC currently:

     https://reviews.llvm.org/D101011

 * The '-fsemantic-interposition' argument tells the optimizer
   that any functions may be replaced with alternative
   implementations that have different semantics. It thus
   blocks any optimizations across function calls. This is
   quite a harsh block on the optimizer, but it appears to be
   the only one that is viable with CLang.

Out of those choices option (3) is the only viable option for
CLang. We don't want todo it for GCC though as it is such a
big hammer. Probably we should apply (2) for GCC, should we
experiance a problem in future.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-03-17 14:43:46 +00:00
Ján Tomko
9dab836721 qemu: use correct formatting string for size_t
Otherwise the build on armv7l breaks:
error: format ‘%lu’ expects argument of type
‘long unsigned int’, but argument 4 has type
‘size_t’ {aka ‘unsigned int’} [-Werror=format=]

Fixes: 1992ae40fa
Fixes: e239f7d0a8

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2023-03-17 15:36:48 +01:00
Ján Tomko
246d187a0f tests: qemublocktest: fix memory leak
Set enccount to 1, so the cleanup function knows
there is something to be cleaned up.

Fixes: 1992ae40fa

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2023-03-17 15:36:36 +01:00
Or Ozeri
5589a3e1f3 qemu: add luks-any encryption support for RBD images
The newly added luks-any rbd encryption format in qemu
allows for opening both LUKS and LUKS2 encryption formats.
This commit enables libvirt uses to use this wildcard format.

Signed-off-by: Or Ozeri <oro@il.ibm.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-03-16 15:19:36 +01:00
Or Ozeri
5a42a8c38c qemu: capabilities: Introduce QEMU_CAPS_RBD_ENCRYPTION_LUKS_ANY capability
This capability represents that qemu supports the "luks-any" encryption
format for RBD images.
Both LUKS and LUKS2 formats can be parsed using this wildcard format.

Signed-off-by: Or Ozeri <oro@il.ibm.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-03-16 15:19:36 +01:00