Commit Graph

47502 Commits

Author SHA1 Message Date
Michal Privoznik
5ea0315f60 domain_capabilities: s/qemuDomainCapsFeatureFormatSimple/virDomainCapsFeatureFormatSimple/
There's nothing qemu specific about
qemuDomainCapsFeatureFormatSimple() and in fact, the function
lives in hypervisor agnostic location and thus mustn't have qemu
prefix.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-01-03 17:36:14 +01:00
Michal Privoznik
a677ea928a docs: Recommend static seclabels for migration on shared storage
There are some network FSs (ceph, CIFS) that propagate XATTRs
properly and thus SELinux labels too. In such case using dynamic
seclabels would get in the way of migration as new seclabel is
assigned to the domain on the destination and thus two processes
with different labels (the source and the destination QEMU/helper
process) would try to access the same file. One of them is
necessarily going to be denied access.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-01-03 17:19:22 +01:00
Michal Privoznik
10f9cb7705 qemu_security: Drop qemuSecurityStartTPMEmulator()
After previous cleanup this function is no longer used and thus
can be dropped.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-01-03 17:19:22 +01:00
Michal Privoznik
3d2dfec95b qemu_tpm: Open code qemuSecurityStartTPMEmulator()
When starting swtpm binary, the qemuSecurityStartTPMEmulator() is
called which sets seclabel on the TPM state and then uses
qemuSecurityCommandRun() to execute the swtpm binary with proper
seclabel. Well, the aim is to ditch
qemuSecurityStartTPMEmulator() because it entangles two distinct
operations. Just call functions for them separately.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-01-03 17:19:22 +01:00
Michal Privoznik
c0c52a9519 qemu_tpm: Restore TPM labels on failed start
If swtpm binary fails to start after successful exec() (e.g. it
fails to initialize itself), the seclabels set in
qemuSecurityStartTPMEmulator() are not restored. This is due to
lacking qemuSecurityRestoreTPMLabels() call in the error path.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-01-03 17:19:22 +01:00
Michal Privoznik
bdbb8e7b00 qemu_security: Introduce qemuSecuritySetTPMLabels()
Now that we have qemuSecurityRestoreTPMLabels() we might as well
have qemuSecuritySetTPMLabels(). The aim here is to remove
qemuSecurityStartTPMEmulator() which couples two separate things
into a single function call.

Therefore, introduce qemuSecuritySetTPMLabels() which does only
set seclabels on the TPM state.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-01-03 17:19:22 +01:00
Michal Privoznik
51b92836ff qemu_security: Rename qemuSecurityCleanupTPMEmulator()
The qemuSecurityCleanupTPMEmulator() function calls
virSecurityManagerRestoreTPMLabels() and thus the proper name is
qemuSecurityRestoreTPMLabels(). Rename it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-01-03 17:19:22 +01:00
Michal Privoznik
8d6e1f3764 qemu_security: Rework qemuSecurityCleanupTPMEmulator()
Currently, qemuSecurityCleanupTPMEmulator() returns nothing which
means a caller (well, there's only one - qemuExtTPMStop()) can't
produce a warning when restoring seclabels on TPM state failed.
True, qemuSecurityCleanupTPMEmulator() does report a warning
itself, but only in one specific error path.

Make the function return an integer, just like the rest of
qemuSecurity*Restore() functions.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-01-03 17:19:22 +01:00
Peter Krempa
24cc9cda82 qemu: Use '-machine hpet=off' instead of '-no-hpet'
qemu is about to deprecate the '-no-hpet' option in favor of configuring
the timer via '-machine'.

Use the QEMU_CAPS_MACHINE_HPET capability to switch to the new syntax
and mask out the old QEMU_CAPS_NO_HPET capability at the same time to
prevent using the old syntax.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
2023-01-03 16:44:09 +01:00
Peter Krempa
3c508e7d43 qemu: capabilities: Introduce QEMU_CAPS_MACHINE_HPET capability
The capability represents that qemu accepts the configuration of the
HPET timer via -machine hpet=on/off rather than the
soon-to-be-deprecated '-no-hpet' option.

The capability is detected from 'query-command-line-options' which
recently added the 'hpet' option.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
2023-01-03 16:44:09 +01:00
Peter Krempa
6d49902110 tests: qemucapabilitiesdata: Add test data for the qemu-8.0 dev cycle
Add test data based on qemu commit v7.2.0-333-g222059a0fc

- query-command-line-options now reports more accurate data
- machine types for the 8.0 cycle were added
- vhost-vdpa device support was added
- default value of 'noreboot' changed from 'true' to 'false'

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-01-03 16:44:06 +01:00
김인수
08c97fe415 Translated using Weblate (Korean)
Currently translated at 100.0% (10368 of 10368 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/ko/

Co-authored-by: 김인수 <simmon@nplob.com>
Signed-off-by: 김인수 <simmon@nplob.com>
2023-01-03 13:44:15 +01:00
Ettore Atalan
930a567477 Translated using Weblate (German)
Currently translated at 47.7% (4953 of 10368 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/de/

Co-authored-by: Ettore Atalan <atalanttore@googlemail.com>
Signed-off-by: Ettore Atalan <atalanttore@googlemail.com>
2023-01-03 13:44:15 +01:00
Jan Kuparinen
501843c998 Translated using Weblate (Finnish)
Currently translated at 22.8% (2369 of 10368 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/fi/

Co-authored-by: Jan Kuparinen <copper_fin@hotmail.com>
Signed-off-by: Jan Kuparinen <copper_fin@hotmail.com>
2023-01-03 13:44:15 +01:00
Gedalya
b9315159f5 Fix null pointer dereference in virXMLPropStringRequired
Fixes: 65eaf58335

Signed-off-by: Gedalya <gedalya@gedalya.net>
2023-01-03 19:39:36 +08:00
Martin Kletzander
35afa1d2d6 rpc: Check client limits in more places
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2033879
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-01-02 20:39:10 +01:00
Martin Kletzander
f007940cb2 rpc: Fix error message in virNetServerSetClientLimits
That way it actually fits with what the condition checks for.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-01-02 20:39:09 +01:00
Martin Kletzander
1d625c5d25 tests: Check error message in virnetdaemontest
This way we actually check for the proper error, not any error like invalid JSON
format.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-01-02 20:39:08 +01:00
Martin Kletzander
fd61d2df66 Fix test case to actually test something
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-01-02 20:39:08 +01:00
Michal Privoznik
0f2396751f qemumonitortestutils: Fix line counting in qemuMonitorTestProcessFileEntries()
It just so happens that our JSON snippets in
qemucapabilitiesdata/*.replies files are separated by an empty
line. These empty lines are then overwritten to make a single
line JSON. Nevertheless, the line counter @line is not
incremented which then leads to a misleading numbers in errors.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-23 14:48:31 +01:00
Michal Privoznik
9e3cc0ff5e secret: Inhibit shutdown for ephemeral secrets
Our secret driver divides secrets into two groups: ephemeral
(stored only in memory) and persistent (stored on disk). Now, the
aim of ephemeral secrets is to define them shortly before being
used and then undefine them. But 'shortly before being used' is a
very vague time frame. And since we default to socket activation
and thus pass '--timeout 120' to every daemon it may happen that
just defined ephemeral secret is gone among with the virtsecretd.

This is no problem for persistent secrets as their definition
(and value) is restored when the virtsecretd starts again, but
ephemeral secrets can't be restored.

Therefore, we could view ephemeral secrets as active objects that
the daemon manages and thus inhibit automatic shutdown (just like
hypervisor daemons do when a guest is running).

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2022-12-22 10:57:05 +01:00
Marek Marczykowski-Górecki
d7d4056645 libxl: adjust 'ich6' sound card name
Xen 4.17 has strict parsing of 'soundhw' option that allows only
specific values (instead of passing through any value directly to
qemu's -soundhw option, it uses -device now). For 'intel-hda' audio
device, it requires "hda" string. "hda" works with older libxl too.
Other supported models are the same as in libvirt XML.

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-12-21 10:08:33 +01:00
Marek Marczykowski-Górecki
f2fe8a3504 libxl: add validation if sound device is supported
Xen supports only subset of libvirt's sound devices, and starting with
Xen 4.17 it is enforced by libxl. Verify it early.

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-12-21 10:00:52 +01:00
Peter Krempa
4102acc608 virSecretGetSecretString: Refactor cleanup
Automatically free 'sec' and remove the 'cleanup' section and 'ret'
variables.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-19 14:40:26 +01:00
Peter Krempa
a754ee59d8 datatypes: Register autoptr cleanup for virSecret
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-19 14:40:26 +01:00
Peter Krempa
6d661329dd virStorageBackendRBDOpenRADOSConn: Don't log the RBD key
'virStorageBackendRBDRADOSConfSet' logs its arguments but it's also
used to set the RBD secret/key.

All the security theatre with securely erasing the string we do to fetch
the secret would be quite pointless if we log it thus introduce
virStorageBackendRBDRADOSConfSetQuiet and use it to avoid logging the
password.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-19 14:40:26 +01:00
Peter Krempa
7df6338f4d virCryptoEncryptDataAESgnutls: Properly initialize data structures
The initialization vector is not optional thus we also don't need to
check whether the caller passed it in. Additionally we can use c99
initializers for the gnutls_datum_t structs.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-19 14:40:26 +01:00
Peter Krempa
53e46e4cd6 virCryptoEncryptDataAESgnutls: Don't secure erase gnutls_datum_t structs
'gnutls_datum_t' simply holds pointers to the encryption key and its
length. There's absolutely no point in securely erasing that.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-19 14:40:26 +01:00
Ján Tomko
ac3614b5ad qemu: add tests for external swtpm
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-12-19 10:33:20 +01:00
Ján Tomko
ad3f33a992 qemu: add external backend for tpm
Introduce a new backend type 'external' for connecting to a swtpm daemon
not managed by libvirtd.

Mostly in one commit, thanks to -Wswitch and the way we generate
capabilities.

https://bugzilla.redhat.com/show_bug.cgi?id=2063723

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-12-19 10:33:20 +01:00
Peter Krempa
443eb2330d tests: qemucapabilitiesdata: Final update of qemu-7.2 capabilities on x86
QEMU 7.2 was released, update the capabilities data to the final state.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-19 09:34:20 +01:00
Andrea Bolognani
b271d6f3b0 kbase: Reorder deployments
List the various options so that the most likely ones come
first.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
2022-12-15 16:37:51 +01:00
Andrea Bolognani
db7fdf6de8 kbase: Reorder sections
Users are likely more interested in the main deployment
scenarios than in the detailed list of every existing RPM
package. Reorder sections accordingly.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
2022-12-15 16:37:47 +01:00
Ján Tomko
99cbca98a8 qemu: tpm: fix spacing
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2022-12-15 13:17:00 +01:00
Daniel P. Berrangé
aeba13f24d docs: replace footer link to the bird site with mastodon
Since the takeover of the bird site, the bulk of tech people who want
a more friendly and inclusive media site have jumped over to Mastodon.
With its decentralized nature, there's no one replacement that captures
everything, but the fosstodon.org site is a topic relevant choice.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-12-15 11:04:30 +00:00
Andrea Bolognani
8908615ef3 spec: List more directories
The storage-backend/ and storage-file/ directories are currently
considered unowned by RPM. Have the libvirt-daemon package take
ownership of them, just as it already owns the connection-driver/
and lock-driver/ directories.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
2022-12-14 19:24:01 +01:00
Andrea Bolognani
7aafa2fff4 spec: Add trailing backslash
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
2022-12-14 19:23:57 +01:00
Michal Privoznik
53369ad062 virnuma: Allow multiple nodes for preferred policy
In the past, the preferred policy
(VIR_DOMAIN_NUMATUNE_MEM_PREFERRED) required exactly one (host)
NUMA node. This made sense because:

  1) the libnuma API - numa_set_preferred() allowed exactly one
     node, because
  2) corresponding kernel syscall (__NR_set_mempolicy) accepted
     exactly one node (for MPOL_PREFERRED mode).

But things have changed since then. Firstly, kernel introduced
new MPOL_PREFERRED_MANY mode (v5.15-rc1~107^2~21) which was then
exposed in libnuma as numa_set_preferred_many() (v2.0.15~24).

Fortunately, libnuma also exposes numa_has_preferred_many() which
returns whether the kernel has support for the new mode (1) or
not (0).

Putting this all together, we can lift our check for sufficiently
new kernel and libnuma.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2151064
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-14 16:07:04 +01:00
Jiri Denemark
7166d26fc9 qemu_migration: Fix p2p post-copy recovery
Although the qemuMigrationSrcPerformResume actually got called
indirectly via qemuMigrationSrcPerformNative and the recovery process
worked, wrong job phases were used for the "perform" phase, which could
cause issues when libvirt daemon crashed (or was otherwise restarted)
during post-copy recovery.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2022-12-14 11:21:50 +01:00
Jiri Denemark
693c6b4a81 qemu_migration: Move qemuMigrationSrcPerformResume up
It will need to be called from a place above its current definition.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2022-12-14 11:21:50 +01:00
Jiri Denemark
2472e601ab qemu: Don't warn when releasing a released job
When qemuDomainObjReleaseAsyncJob is called when the current async job
is already released we emit quite useless warning which was implemented
to warn about releasing a job owned by another thread.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2022-12-14 11:21:37 +01:00
Jiri Denemark
bff05a4504 cpu: Improve debug message in virCPUGetVendorForModel
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2022-12-14 11:21:37 +01:00
Jiri Denemark
d71a5f67a0 qemu: Fix warning in qemuMigrationDstPostcopyFailed
The function is called even if QEMU reports migration as
postcopy-paused, i.e., it's not migrating anymore. And while changing
the warning, we can drop the part about unattended migration to make the
warning shorter and consistent with qemuMigrationSrcPostcopyFailed.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2022-12-14 11:21:37 +01:00
Kristina Hanicova
5ef2582646 qemu_process: add tray changed event to queue in refresh disks
There are some cases when the internal state of disks can change
without qemu sending events about it (e.g. a disk can close
during reset). In case this happens, we should emit an event
about the modified disk.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1824722#c20

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-12-13 18:01:41 +01:00
김인수
e6cd8b6eb3 Translated using Weblate (Korean)
Currently translated at 100.0% (10368 of 10368 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/ko/

Translated using Weblate (Korean)

Currently translated at 100.0% (10368 of 10368 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/ko/

Co-authored-by: 김인수 <simmon@nplob.com>
Signed-off-by: 김인수 <simmon@nplob.com>
2022-12-13 10:47:35 +01:00
Ján Tomko
da8ebfbe27 Translated using Weblate (Korean)
Currently translated at 100.0% (10368 of 10368 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/ko/

Translated using Weblate (Chinese (Simplified) (zh_CN))

Currently translated at 98.9% (10255 of 10368 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/zh_CN/

Translated using Weblate (Swedish)

Currently translated at 51.8% (5400 of 10423 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/sv/

Translated using Weblate (Korean)

Currently translated at 99.9% (10366 of 10368 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/ko/

Translated using Weblate (Japanese)

Currently translated at 98.8% (10247 of 10368 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/ja/

Co-authored-by: Jan Tomko <jtomko@redhat.com>
Co-authored-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Jan Tomko <jtomko@redhat.com>
2022-12-13 10:47:34 +01:00
Daniel P. Berrangé
8ee8f0f828 rpc: securely erase the message buffers
While only a couple of the message types include sensitive data,
the overhead of calling secure erase is not noticable enough
to worry about making the erasure selective per type. Thus it is
simplest to unconditionally securely erase the buffer.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-12-13 04:46:59 -05:00
Daniel P. Berrangé
8868cb2f7c rpc: fix buffer offset updates after decoding payload
The buffer length refers to the allocated buffer memory size,
while the offset refers to have much of the buffer we have
read/written. After reading the message payload we must thus
update the latter.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-12-13 04:46:59 -05:00
Daniel P. Berrangé
77b9617cd7 util: implement secure erase with explicit_bzero
This is available on at least FreeBSD and GLibc >= 2.25.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-12-13 04:46:59 -05:00
Michal Privoznik
03a25597f1 meson: Provide default values for nonexistent xenlight pkgconfig vars
It may happen that xenlight pkgconfig file does not contain
'xenfirmwaredir' and/or 'libexec_bin' variables, which is okay
and we have code that deals with this situation. But that code is
executed when the queried value is an empty string. This may not
always be the case and we should specifically set 'default_value'
so that the empty string is returned if pkgconfig variable
doesn't exist.

Fixes: 968479adcf
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2022-12-12 17:10:32 +01:00