Commit Graph

37604 Commits

Author SHA1 Message Date
Paulo de Rezende Pinatti
bdb8f2e418 qemu: do not add model when actual iface type is hostdev
No default model should be added to the interface
entry at post parse when its actual network type is hostdev
as doing so might cause a mismatch between the interface
definition and its actual device type.

Signed-off-by: Paulo de Rezende Pinatti <ppinatti@linux.ibm.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2020-06-17 12:04:53 -04:00
Weblate
6f28865223 Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/

Signed-off-by: Fedora Weblate Translation <i18n@lists.fedoraproject.org>

Update translation files

Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/

Signed-off-by: Fedora Weblate Translation <i18n@lists.fedoraproject.org>
2020-06-17 12:59:44 +02:00
Yuri Chornoivan
456d9a0e56 Translated using Weblate (Ukrainian)
Currently translated at 100.0% (10291 of 10291 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/uk/

Signed-off-by: Yuri Chornoivan <yurchor@ukr.net>

Translated using Weblate (Ukrainian)

Currently translated at 97.7% (10056 of 10291 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/uk/

Signed-off-by: Yuri Chornoivan <yurchor@ukr.net>
2020-06-17 12:59:44 +02:00
Andrea Bolognani
65a883b349 spec: Require Fedora 31
Fedora 30 has been EOL for almost a month now.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2020-06-17 12:59:08 +02:00
Erik Skultety
32a5083cad ci: Makefile: Fix 'overridde' typo
Signed-off-by: Erik Skultety <eskultet@redhat.com>
2020-06-17 11:47:02 +02:00
Jiri Denemark
2481fcea95 qemu: Avoid deprecated migrate-set-cache-size QMP command
The same functionality can be achieved using migrate-set-parameters QMP
command with xbzrle-cache-size parameter.

https://bugzilla.redhat.com/show_bug.cgi?id=1845012

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-06-17 10:25:33 +02:00
Jiri Denemark
0b45addf19 qemu: Avoid deprecated query-migrate-cache-size QMP command
The same functionality can be achieved using query-migrate-parameters
QMP command and checking the xbzrle-cache-size parameter.

https://bugzilla.redhat.com/show_bug.cgi?id=1829544

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-06-17 10:25:33 +02:00
Jiri Denemark
65de5f6fe4 qemu: Avoid deprecated migrate_set_downtime QMP command
The same functionality can be achieved using migrate-set-parameters QMP
command with downtime-limit parameter.

https://bugzilla.redhat.com/show_bug.cgi?id=1829543

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-06-17 10:25:33 +02:00
Jiri Denemark
92b8dbc66a qemu: Avoid deprecated migrate_set_speed QMP command
The same functionality can be achieved using migrate-set-parameters QMP
command with max-bandwidth parameter.

https://bugzilla.redhat.com/show_bug.cgi?id=1829545

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-06-17 10:25:33 +02:00
Jiri Denemark
5fba42c21b qemu: Probe for a few params supported by migrate-set-parameters
These parameters were originally set via dedicated commands which are
now deprecated. We want to use migrate-set-parameters instead if
possible.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-06-17 10:25:33 +02:00
Michal Privoznik
d659cd341f virsysinfo: Don't leak fw_cfg
In v6.4.0-72-g3dda889a44 I've introduced parsing and formatting
of new sysinfo type 'fwcfg'. However, I've forgot to introduce
code that would free parsed data.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2020-06-16 16:34:30 +02:00
Daniel Henrique Barboza
1b22dd6dd4 qemuDomainSetNumaParamsLive: set nodeset for root cgroup
This function handles the change of NUMA nodeset for a given
guest, setting CpusetMems for the emulator, vcpus and IOThread
sub-groups. It doesn't set the same  nodeset to the root cgroup
though. This means that cpuset.mems of the root cgroup ends up
holding the new nodeset and the old nodeset as well. For
a guest with placement=strict, nodeset='0', doing

virsh numatune <vm> 0 8 --live

Will make cpuset.mems of emulator, vcpus and iothread to be
"8", but cpuset.mems of the root cgroup will be "0,8".

This means that any new tasks that ends up landing in the
root cgroup, aside from the emulator/vcpus/iothread sub-groups,
will be split between the old nodeset and the new nodeset,
which is not what we want.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-06-16 16:29:36 +02:00
John Ferlan
87386ddcb6 conf: Fix memory leak in virCPUDefParseXML
Since a08669c31, @tsc is not automatically free'd by any g_auto* method.

Found by Coverity.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-06-16 15:01:06 +02:00
John Ferlan
40ef01697f conf: Fix memory leak in openvzReadFSConf
Since 1f5deed9, @veid_str has been leaked in the error path.

Found by Coverity.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-06-16 15:01:06 +02:00
John Ferlan
dd0e292992 conf: Fix memory leak in openvzWriteConfigParam
Since 60623a7c, @temp_file was not properly free'd on the non error path.

Found by Coverity.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-06-16 15:01:06 +02:00
John Ferlan
072f6d6e43 test: Fix memory leak in testParseXMLDocFromFile
Since ceb3255c, @absFile is leaked.

Found by Coverity.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-06-16 15:01:06 +02:00
John Ferlan
16818ad4a3 util: Fix memory leak in virPCIProbeStubDriver
Since 9ea90206, @drvpath could be overwritten if we jumped to recheck

Found by Coverity.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-06-16 15:01:06 +02:00
John Ferlan
52e3c2b480 lxc: Fix memory leak in virLXCControllerPopulateDevices
Since 5b82f7f3, @path should have been placed inside the for loop
since it'd need to be free'd for each pass through the loop; otherwise,
we'd leak like a sieve.

Found by Coverity.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-06-16 15:01:06 +02:00
John Ferlan
d257581417 util: Fix memory leak in virAuthConfigLookup
Since 5084091a, @authcred is filled by a g_key_file_get_string which is
now an allocated string as opposed to some hash table lookup value, so
we need to treat it as so.

Found by Coverity

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-06-16 15:01:05 +02:00
John Ferlan
d585847d2e util: Fix memory leak in virAuthGetCredential
Since 5084091a, @tmp is filled by a g_key_file_get_string which is
now an allocated string as opposed to some hash table lookup value,
so we need to treat it as so.

Found by Coverity

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-06-16 15:01:05 +02:00
Daniel Henrique Barboza
3a58613b0c manpages/virsh.rst: clarify numatune memory migration on Linux
On Linux, changing the nodeset on 'numatune' does not imply that
the guest memory will be migrated on the spot to the new nodeset.
The memory migration is tied on guest usage of the memory pages,
and an idle guest will take longer to have its memory migrated
to the new nodeset.

This is a behavior explained in detail in the Linux kernel
documentation in Documentation/admin-guide/cgroup-v1/cpusets.rst.
The user doesn't need this level of detail though - just needs
his/her expectations under check. Running 'numastat' and hoping
for instant memory migration from the previous nodeset to the new
one is not viable.

There's also parts of the memory that are locked by QEMU in the
same place, e.g. when VFIO devices are present. Let's also
mention it as another factor that impacts the results the
user might expect from NUMA memory migration with numatune.

https://bugzilla.redhat.com/show_bug.cgi?id=1640869

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2020-06-16 14:06:37 +02:00
Peter Krempa
8f58a40035 virQEMUDriverConfigNew: Add slash to cfg->defaultTLSx509certdir for non-embedded driver
Commit 068efae5b1 accidentally removed the slash.

https://bugzilla.redhat.com/show_bug.cgi?id=1847234

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2020-06-16 12:52:07 +02:00
Jiri Denemark
cf9e7726b3 qemuxml2*test: Add cases for CPU pinning to large host CPU IDs
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-06-16 10:32:32 +02:00
Jiri Denemark
e728ffba51 conf: Increase cpuset length limit for CPU pinning
Domains are now allowed to be pinned to host CPUs with IDs up to 16383.
The new limit is as arbitrary as the old one. It's just bigger.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-06-16 10:32:32 +02:00
Viktor Mihajlovski
f0d0cd6179 docs: Describe protected virtualization guest setup
Protected virtualization/IBM Secure Execution for Linux protects
guest memory and state from the host.

Add some basic information about technology and a brief guide
on setting up secure guests with libvirt.

Signed-off-by: Viktor Mihajlovski <mihajlov@linux.ibm.com>
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Paulo de Rezende Pinatti <ppinatti@linux.ibm.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2020-06-16 09:43:45 +02:00
Boris Fiuczynski
2c3ffa3728 docs: Update AMD launch secure description
Update document with changes in qemu capability caching and the added
secure guest support checking for AMD SEV in virt-host-validate.

Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2020-06-16 09:43:45 +02:00
Boris Fiuczynski
4b561d49ad tools: Secure guest check for AMD in virt-host-validate
Add checking in virt-host-validate for secure guest support
on x86 for AMD Secure Encrypted Virtualization.

Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Paulo de Rezende Pinatti <ppinatti@linux.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.ibm.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2020-06-16 09:43:44 +02:00
Boris Fiuczynski
0254ceab82 tools: Secure guest check on s390 in virt-host-validate
Add checking in virt-host-validate for secure guest support
on s390 for IBM Secure Execution.

Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Tested-by: Viktor Mihajlovski <mihajlov@linux.ibm.com>
Reviewed-by: Paulo de Rezende Pinatti <ppinatti@linux.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.ibm.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2020-06-16 09:43:44 +02:00
Paulo de Rezende Pinatti
657365e74f qemu: Check if AMD secure guest support is enabled
Implement secure guest check for AMD SEV (Secure Encrypted
Virtualization) in order to invalidate the qemu capabilities
cache in case the availability of the feature changed.

For AMD SEV the verification consists of:
 - checking if /sys/module/kvm_amd/parameters/sev contains the
   value '1': meaning SEV is enabled in the host kernel;
 - checking if /dev/sev exists

Signed-off-by: Paulo de Rezende Pinatti <ppinatti@linux.ibm.com>
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.ibm.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2020-06-16 09:43:44 +02:00
Paulo de Rezende Pinatti
b611b620ce qemu: Check if s390 secure guest support is enabled
This patch introduces a common function to verify if the
availability of the so-called Secure Guest feature on the host
has changed in order to invalidate the qemu capabilities cache.
It can be used as an entry point for verification on different
architectures.

For s390 the verification consists of:
- checking if /sys/firmware/uv is available: meaning the HW
facility is available and the host OS supports it;
- checking if the kernel cmdline contains 'prot_virt=1': meaning
the host OS wants to use the feature.

Whenever the availability of the feature does not match the secure
guest flag in the cache then libvirt will re-build it in order to
pick up the new set of capabilities available.

Signed-off-by: Paulo de Rezende Pinatti <ppinatti@linux.ibm.com>
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Tested-by: Viktor Mihajlovski <mihajlov@linux.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.ibm.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2020-06-16 09:43:44 +02:00
Paulo de Rezende Pinatti
c5fffb959d util: Introduce a parser for kernel cmdline arguments
Introduce two utility functions to parse a kernel command
line string according to the kernel code parsing rules in
order to enable the caller to perform operations such as
verifying whether certain argument=value combinations are
present or retrieving an argument's value.

Signed-off-by: Paulo de Rezende Pinatti <ppinatti@linux.ibm.com>
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2020-06-16 09:43:34 +02:00
Laine Stump
1eabe312ea conf: use g_steal_pointer in network_conf.c
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2020-06-15 16:02:39 -04:00
Laine Stump
257aba2daf conf: convert network_conf.c to use g_auto* pointers
This was mostly boilerplate conversion, but in one case I needed to
define several differently named char* to take the place of a single
char *tmp that was re-used multiple times, and in another place there
was a single char* that was used at the toplevel of the function, and
then later used repeatedly inside a for loop, so I defined a new
separate char* inside the loop.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2020-06-15 16:02:16 -04:00
Daniel P. Berrangé
8a4f331e8c network: wire up support for IPv6 NAT rules
Now that we have support for IPv6 in the iptables helpers, and a new
option in the XML schema, we can wire up support for it in the network
driver.

Reviewed-by: Laine Stump <laine@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-15 17:10:15 +01:00
Daniel P. Berrangé
927acaedec conf: add an attribute to turn on NAT for IPv6 virtual networks
Historically IPv6 did not support NAT, so when IPv6 was added to
libvirt's virtual networks, when requesting <forward mode="nat"/>
libvirt will NOT apply NAT to IPv6 traffic, only IPv4 traffic.

This is an annoying historical design decision as it means we
cannot enable IPv6 automatically. We thus need to introduce a
new attribute

   <forward mode="nat">
     <nat ipv6="yes"/>
   </forward>

Reviewed-by: Laine Stump <laine@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-15 17:10:15 +01:00
Daniel P. Berrangé
8774db431f util: add support for IPv6 masquerade rules
IPv6 does support masquerade since Linux 3.9.0 / ip6tables 1.4.18,
which is Fedora 18 / RHEL-7 vintage, which covers all our supported
Linux versions.

Reviewed-by: Laine Stump <laine@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-15 17:10:15 +01:00
Michal Privoznik
d53ab9f54e virDevMapperGetTargetsImpl: Check for dm major properly
In v6.4.0-rc1~143 I've introduced a check that is supposed to
return from the function early, if given path is not a dm target.
While the idea is still valid, the implementation had a flaw.
It calls stat() over given path and the uses major(sb.st_dev) to
learn the major of the device. This is then passed to
dm_is_dm_major() which returns true or false depending whether
the device is under devmapper's control or not.

The problem with this approach is in how the major of the device
is obtained - paths managed by devmapper are special files and
thus we want to be using st_rdev instead of st_dev to obtain the
major number. Well, that's what virIsDevMapperDevice() does
already so might as well us that.

Fixes: 01626c668e
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1839992

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2020-06-15 14:50:46 +02:00
Michal Privoznik
dfa0e118f7 util: Move virIsDevMapperDevice() to virdevmapper.c
When introducing virdevmapper.c (in v4.3.0-rc1~427) I didn't
realize there is a function that calls in devmapper. The function
is called virIsDevMapperDevice() and lives in virutil.c. Now that
we have a special file for handling devmapper move it there.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2020-06-15 14:50:46 +02:00
Andrea Bolognani
e57323ece1 docs: Remove libvirt-dockerfiles from CI dashboard
The repository is now obsolete, and it never had proper GitLab CI
support anyway.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-15 14:40:24 +02:00
Daniel P. Berrangé
ead908014d docs: add kbase entry showing KVM real time guest config
There are many different settings that required to config a KVM guest
for real time, low latency workoads. The documentation included here is
based on guidance developed & tested by the Red Hat KVM real time team.

Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-15 13:10:28 +01:00
Peter Krempa
e0cf04ffd6 Remove use of variables passed only to 'VIR_FREE'
Compilers are not very good at detecting this problem. Fixed by manual
inspection of compilation warnings after replacing 'VIR_FREE' with an
empty macro.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com
2020-06-15 10:27:37 +02:00
Peter Krempa
515e62b32b vboxDomainScreenshot: Don't pass uninitialized 'screenData' to VIR_FREE
If one of the early checks to get screen resolution fails 'screenData'
would be passed to VIR_FREE uninitialized. Unfortunately the compiler
isn't able to detect this when VIR_FREE is implemented using
g_clear_pointer.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com
2020-06-15 10:27:37 +02:00
Peter Krempa
94f26f01bd remoteDispatchDomainMigratePrepare*: Don't pass uninitialized variable to VIR_FREE
'uri_out' may be passed to VIR_FREE uninitialized if 'conn' is NULL.
Unfortunately the compiler isn't able to detect this problem when
VIR_FREE is implemented using g_clear_pointer. Initialize the variable.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com
2020-06-15 10:27:37 +02:00
Peter Krempa
c5c0dc3c81 virTPMEmulatorInit: Don't use temporary variable to free path
Use VIR_FREE directly.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com
2020-06-15 10:27:37 +02:00
Peter Krempa
473c54e788 cputest: Avoid use of temporary variable in DO_TEST macro
Use g_free directly to free the returned pointer from
virTestLogContentAndReset rather than store it in a temp variable which
was necessary when we only allowed VIR_FREE.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com
2020-06-15 10:27:37 +02:00
Peter Krempa
0eefd2a00a testVirFindSCSIHostByPCI: Remove unused 'path_addr'
The path is formatted but then just freed without any use since
introduction of the test function.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com
2020-06-15 10:27:37 +02:00
Peter Krempa
84a4208ed2 libxlDomainMigrationDstPrepareDef: remove use of temporary variable
We can free 'def->name' directly.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com
2020-06-15 10:27:37 +02:00
Andrea Bolognani
63d08bec0b ci: Swap mipsel and ppc64le builds
Debian sid is currently broken on mipsel, so use Debian 10 for
that architecture; at the same time, move the ppc64le build from
Debian 10 to Debian sid to keep things balanced.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2020-06-11 20:08:32 +02:00
Andrea Bolognani
2250a0b56f ci: Update build system integration
The ci-* targets need to know where our container images are stored
and how they are called to work, so now that we use the GitLab
container registry instead of Quay some changes are necessary.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-11 19:06:53 +02:00
Andrea Bolognani
95abbdc432 ci: Use GitLab container registry
Instead of using pre-built containers hosted on Quay, build
containers as part of the GitLab CI pipeline and upload them to the
GitLab container registry for later use.

This will not significantly slow down builds, because containers are
only rebuilt when the corresponding Dockerfile has been modified.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-11 19:06:51 +02:00