Commit Graph

33552 Commits

Author SHA1 Message Date
Peter Krempa
e8ea7ac579 util: xml: Disallow aliasing of negative numbers in virXPathULongLong
Passing negative number as an alias for the max value is an anti-feature
we unfortunately allowed in virsh, but luckily never encouraged in the
XML.

Refuse numbers with negative sign when parsing unsigned long long from
XPaths.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-02 09:20:56 +01:00
Michal Privoznik
43ac2e703c qemu_namespace: Make qemuDomainGetPreservedMounts() more robust wrt running VMs
The aim of qemuDomainGetPreservedMounts() is to get a list of
filesystems mounted under /dev and optionally generate a path for
each one where they are moved temporarily when building the
namespace. And if given domain is also running it looks into its
mount table rather than at the host one. But if it did look at
the domain's private mount table, it find /dev mounted twice: the
first time by udev, the second time the tmpfs mounted by us.

Now, later in the function there's a "sorting" algorithm that
tries to reduce number of mount points needing preservation, by
identifying nested mount points. And if we keep the second
occurrence of /dev on the list, well, after the "sorting" we are
left with nothing but "/dev" because all other mount points are
nested.

Fixes: 46b03819ae
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-01 14:51:48 +01:00
Michal Privoznik
bca7a53333 qemu_namespace: Don't leak memory in qemuDomainGetPreservedMounts()
The aim of qemuDomainGetPreservedMounts() is to get a list of
filesystems mounted under /dev and optionally generate a path for
each one where they are moved temporarily when building the
namespace. And the function tries to be a bit clever about it.
For instance, if /dev/shm mount point exists, there's no need to
consider /dev/shm/a nor /dev/shm/b as preserving just 'top level'
/dev/shm gives the same result. To achieve this, the function
iterates over the list of filesystem as returned by
virFileGetMountSubtree() and removes the nested ones. However, it
does so in a bit clumsy way: plain VIR_DELETE_ELEMENT() is used
without freeing the string itself. Therefore, if all three
aforementioned example paths appeared on the list, /dev/shm/a and
/dev/shm/b strings would be leaked.

And when I think about it more, there's no real need to shrink
the array down (realloc()). It's going to be free()-d when
returning from the function. Switch to
VIR_DELETE_ELEMENT_INPLACE() then.

Fixes: cdd9205dff
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-01 14:51:48 +01:00
Peter Krempa
ecb8c93196 qemuAppendDomainMemoryMachineParams: Refactor formatting of 'dump-guest-core'
Use virTristateSwitchFromBool to fill in the default if user didn't
request it explicitly.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
c7c5d65183 util: xml: Remove double->(u)ll conversion in virXPath(U)LongLong
The conversion from double is not precise enough at the extremes so it
must not be used.

Spell out that the callers are required to use a string() conversion in
the XPath expression and remove the code path handling the direct
conversion from numbers.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
713ec72222 util: xml: Extract XPath evaluation for strings
Extract the internals of virXPathString which evaluate the XPath and
validate that the returned object is a string into a new helper named
'virXPathEvalString'.

The function will be later reused in the number XPath evaluation
functions.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
8525ac4b83 conf: Always use 'string()' conversion with virXPath(U)LongLong
When the 'string()' conversion is used the number is parsed inside
libvirt by our internal helpers which work on integers in contrast to
when 'number()' is used and libxml2 uses a 'double' variable internally.

On the upper extremes of the 64 bit variables the double precision
variable doesn't have enough precision to represent each distinct
integer and thus could cause problems.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
3ae376535a virNodeDeviceCapPCIDefFormat: Use %u for unsigned values
'bus', 'slot' and 'function' are unsigned int variables parsed as
unsigned int, but were formated as signed.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
c0cbdd24d5 conf: node_device: Rename virNodeDevCapsDefParseULong to virNodeDevCapsDefParseUInt
The function parses an unsigned int so rename it.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
f7281dd014 virNodeDevCapsDefParseULong: Use virXPathUInt instead of virXPathULong
Fix the function argument to properly spell out 'unsigned int' and use
virXPathUInt instead of virXPathULong and a temporary value.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
a3f7165889 util: xml: Remove unused 'virXPathLongHex'
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
426a0b3779 util: xml: Use consistent naming for RNG validation error handling functions
Rename 'catchRNGError' to 'virXMLValidatorRNGErrorCatch' and
'ignoreRNGError' to 'virXMLValidatorRNGErrorIgnore'.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
877654b879 util: xml: Ensure proper header style in virxml.c
Make the file use consistent header formatting and two line spacing
between functions.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
5def8f7577 util: xml: Unexport virXMLXPathContextNew
The function is now referenced only within util/virxml.c other callers
should not use it directly.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
ed03de9e46 util: xml: Remove unused virXPathNumber
'virXPathNumber' is not used currently, remove it.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
df570882cd storage|test|vbox: Implement support for validating storage volume XMLs
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
563ef19f9b conf: storage: Add support for validating storage vol XML to virStorageVolDefParse
Introduce the VIR_VOL_XML_PARSE_VALIDATE parser flag and wire it up into
the validator.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
295908688d nodedev|test: Implement support for validating node device XMLs
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
d8791c3c7c nodedev: Add VIR_NODE_DEVICE_(CREATE|DEFINE)_XML_VALIDATE flags
The node device APIs which get XML from the user don't yet support XML
validation flags. Introduce virNodeDeviceCreateXMLFlags and
virNodeDeviceDefineXMLFlags with the appropriate flags and add virsh
support for the new flags.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
0268270b0f conf: node_device: Add 'validate' argument to virNodeDeviceDefParse
Allow callers to request XML validation against the schema. All callers
for now pass 'false'.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
abfdaf8a94 schema: cpu: include 'arch' subelement in interleave definition of 'hostcpu'
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
663b36019b schema: storagepool: Allow interleaving of per-pool custom namespace elements
The custom namespace parameters for 'rbd' and 'netfs' pool types were
not included in the interleave statement.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
de8d15a5a5 schema: nwfilterbinding: Allow interleaving of subelements of 'owner' element
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
58117f9720 schema: nwfilter: Allow interleaving subelements of the top level 'filter' element
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
0d3dc4be0f schema: networkport: Allow interleaving of subelements of 'driver' subelement of hostdev-pci
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
03c0632f8b schema: networkport: Allow interleaving of subelements of 'owner'
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
15730e7667 schema: domain: Allow interleaving of 'watchdog' subelements
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
5fc6ec1fa2 schema: domain: Allow interleaving of <bootloader> and <os>
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
9b656a95c0 schema: domain: Add the 'type' subelement of the osexe case of 'os' element to interleave
The 'type' element was outside of the 'interleave' definition.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
80c2e04a85 schema: domain: Allow interleaving 'ip' and 'route' sub-elements of interface
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
cc8b827b44 schema: domain: Allow interleaving of subelements of disk's 'mirror'
While for now the 'mirror' element is output only, the idea was to allow
it to be used for input too to restore the mirror job if that becomes
the necessity. Allowing interleaving of the subelements can be done
regardless.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
8b2b71d899 schema: domain: Allow interleaving of subelements of 'memtune'
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
123a52fe07 schema: domain: Allow interleaving of 'tpm' config elements
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
fde40ee4f4 schema: domain: Allow interleaving of PCI controller config elements
The 'model' and 'target' element can be freely moved around.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
1210074d5e schema: domain: Allow interleaving of character device config elements
Allow interleaving in the 'qemucdevSrcDef' definition which is shared
by all places using character device as backend.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
c43718ef67 Document caveats of 'VIR_DOMAIN_STATS_VM' group of statistics
The original patches adding the functionality neglected to add any form
of documentation for the stats fields returned for this group.

The stats are directly converted from qemu's 'query-stats(-schema)' QMP
command without any further interpretation. The 'query-stats-schema' has
the following disclaimer:

 Note: runtime-collected statistics and their names fall outside QEMU's usual
       deprecation policies.  QEMU will try to keep the set of available data
       stable, together with their names, but will not guarantee stability
       at all costs; the same is true of providers that source statistics
       externally, e.g. from Linux.  For example, if the same value is being
       tracked with different names on different architectures or by different
       providers, one of them might be renamed.  A statistic might go away if
       an algorithm is changed or some code is removed; changing a default
       might cause previously useful statistics to always report 0.  Such
       changes, however, are expected to be rare.

Since libvirt is not doing any form of conversion of the stats we can't
meaningfully document any of the returned fields. At the same time we
can't even meaningfully provide any form of API stability for the field
names.

Modify the documentation for the 'VIR_DOMAIN_STATS_VM' group both in the
API docs and in the virsh man page to reflect that and disclaim any form
of stability guarantees we provide normally.

Fixes: 8c9e3dae14
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2022-11-01 11:56:00 +01:00
Martin Kletzander
86e27b3506 Remove Before=libvirt-guests.service from other services
libvirt-guests has After= dependency for all the sockets and that is enough.
With the extra Before= in the service file systemd postpones the start of the
socket activated service (when libvirt-guests is trying to connect to the
socket) until after libvirt-guests is stopped effectively making `systemctl stop
libvirt-guests` deadlock.  The reason for that is that all stop jobs are
scheduled before any start job.  Removing the redundant Before= specification
fixes this behaviour.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-10-27 17:39:19 +02:00
Michal Privoznik
a6474cfe48 node_device_driver.h: Drop nodeDeviceLock() and nodeDeviceUnlock() fwd declarations
The node_device_driver.h declares nodeDeviceLock() and
nodeDeviceUnlock() functions which used to exist, but after
rework to automatic mutex management they exist no more. Their
last use was removed in v8.1.0-rc1~122.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com>
2022-10-26 08:49:01 +02:00
Michal Privoznik
6f45d2c181 node_device: Move fwd declaration of udevNodeRegister() into correct header file
Currently, udevNodeRegister() is forward declared in
node_device_driver.h even though the function is implemented in
node_device_udev.c which warrants node_device_udev.h header file.
Move the declaration into the correct file.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com>
2022-10-26 08:48:23 +02:00
Michal Privoznik
6283e10062 node_device_udev.h: Drop include of libudev.h
Nothing in the header file requires the include of libudev.h, as
the former header file is now empty.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com>
2022-10-26 08:47:59 +02:00
Michal Privoznik
a9db75ad3a node_device: Move DMI_DEVPATH into node_device_udev.c
The DMI_DEVPATH macro is used exclusively within
node_device_udev.c. There's no need to expose it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com>
2022-10-26 08:47:32 +02:00
Michal Privoznik
4a00efe9cb node_device_udev.h: Drop unused macro
The SYSFS_DATA_SIZE macro is Unused since its introduction in
v0.7.3~48. Sorry Dave.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com>
2022-10-26 08:45:35 +02:00
Pavel Hrdina
76c6e91402 Revert "cgroup/LXC: Do not condition availability of v2 by controllers"
This reverts commit e49313b54e.
This reverts commit a0f37232b9.

Revert them together to not break build.

This fix of the issue is incorrect and breaks usage of other controllers
in hybrid mode that systemd creates, specifically usage of devices and
cpuacct controllers as they are now assumed to be part of the cgroup v2
topology which is not true.

We need to find different solution to the issue.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-10-25 13:51:45 +02:00
Ján Tomko
045072ee3a qemu: fix conversion specifier in qemuBuildVsockDevProps
vhostfd is a signed integer.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2022-10-24 15:36:33 +02:00
Ján Tomko
0b1da01ef2 qemu: do not attempt to pass unopened vsock FD
On normal vm startup, we open a file descriptor
for the vsock device in qemuProcessPrepareHost.

However, when doing domxml-to-native, no file descriptors are open.

Only pass the fd if it's not -1, to make domxml-to-native work.

https://bugzilla.redhat.com/show_bug.cgi?id=1777212

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2022-10-24 15:36:33 +02:00
Jiri Denemark
1a570f9712 qemu: Do not crash when canceling migration on reconnect
When libvirtd is restarted during an active outgoing migration (or
snapshot, save, or dump which are internally implemented as migration)
it wants to cancel the migration. But by a mistake in commit
v8.7.0-57-g2d7b22b561 the qemuMigrationSrcCancel function is called with
wait == true, which leads to an instant crash by dereferencing NULL
pointer stored in priv->job.current.

When canceling migration to file (snapshot, save, dump), we don't need
to wait until it is really canceled as no migration capabilities or
parameters need to be restored.

On the other hand we need to wait when canceling outgoing migration and
since we don't have virDomainJobData at this point, we have to
temporarily restore the migration job to make sure we can process
MIGRATION events from QEMU.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-10-24 15:28:47 +02:00
Jiri Denemark
4dd86f334b qemu_migration: Properly wait for migration to be canceled
In my commit v8.7.0-57-g2d7b22b561 I attempted to make
qemuMigrationSrcCancel synchronous, but failed. When we are canceling
migration after some kind of error which is detected in
in qemuMigrationSrcWaitForCompletion, jobData->status will be set to
VIR_DOMAIN_JOB_STATUS_FAILED regardless on QEMU state. So instead of
relying on the translated jobData->status in qemuMigrationSrcIsCanceled
we need to check the migration status we get from QEMU MIGRATION event.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-10-24 15:28:47 +02:00
Peter Krempa
e49313b54e vircgroup: Remove unused variables in virCgroupV2Available
After recent commit 'contFile' and 'contStr' became unused breaking
build with clang:

../../../libvirt/src/util/vircgroupv2.c:72:26: error: unused variable 'contFile' [-Werror,-Wunused-variable]
        g_autofree char *contFile = NULL;
                         ^
../../../libvirt/src/util/vircgroupv2.c:73:26: error: unused variable 'contStr' [-Werror,-Wunused-variable]
        g_autofree char *contStr = NULL;
                         ^

Fixes: a0f37232b9
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2022-10-24 13:41:34 +02:00
Eric van Blokland
a0f37232b9 cgroup/LXC: Do not condition availability of v2 by controllers
systemd in hybrid mode uses v1 hierarchies for controllers and v2 for
process tracking.

The LXC code uses virCgroupAddMachineProcess() to move processes into
appropriate cgroup by manipulating cgroupfs directly. (Note, despite
libvirt also supports talking to systemd directly via
org.freedesktop.machine1 API.)

If this path is taken, libvirt/lxc must convince systemd that processes
really belong to new cgroup, i.e. also the tracking v2 hierarchy must
undergo migration too.

The current check would evaluate v2 backend as unavailable with hybrid
mode (because there are no available controllers). Simplify the
condition and consider the mounted cgroup2 as sufficient to touch v2
hierarchy.

This consequently creates an issue with binding the V2 mount. In hybrid
mode the V2 filesystem may be mounted upon the V1 filesystem. By reversing
the order in which backends are mounted in virCgroupBindMount this problem
is circumvented.

Resolves: https://gitlab.com/libvirt/libvirt/-/issues/182
Signed-off-by: Eric van Blokland <mail@ericvanblokland.nl>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-10-24 12:47:13 +02:00
Michal Privoznik
ab966b9d31 qemu: Enable for vCPUs on hotplug
As advertised in the previous commit, QEMU_SCHED_CORE_VCPUS case
is implemented for hotplug case. The implementation is very
similar to the cold boot case, except here we fork off for every
vCPU (because the implementation is done in
qemuProcessSetupVcpu() which is also the function that's called
from hotplug code). But that's okay because our hotplug APIs
allow hotplugging one device at the time.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2074559
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2022-10-20 09:01:21 +02:00