1
0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-23 21:34:54 +03:00
Commit Graph

420 Commits

Author SHA1 Message Date
John Levon
ce9c9e315f meson: correct git detection
The current "building from git" test uses "test -d .git"; however, that
doesn't work when libvirt is used as a submodule, as in that case .git
is a normal file. Use "test -e .git" instead.

Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-07-24 12:41:58 +02:00
Jiri Denemark
479eab6ce2 Post-release version bump to 10.6.0
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2024-07-01 11:13:02 +02:00
Daniel P. Berrangé
3fff8c91b0 network: introduce a "none" firewall backend type
There are two scenarios identified after the recent firewall backend
selection was introduced, which result in libvirtd failing to startup
due to an inability to find either iptables/nftables

 - On Linux if running unprivileged with $PATH lacking the dir
   containing iptables/nftables
 - On non-Linux where iptables/nftables never existed

In the former case, it is preferrable to restore the behaviour whereby
the driver starts successfully. Users will get an error reported when
attempting to start any virtual network, due to the lack of permissions
needed to create bridge devices. This makes the missing firewall backend
irrelevant.

In the latter case, the network driver calls the 'nop' platform
implementation which does not attempt to implement any firewall logic,
just allowing the network to start without firewall rules.

To solve this are number of changes are required

 * Introduce VIR_FIREWALL_BACKEND_NONE, which does nothing except
   report a fatal error from virFirewallApply(). This code path
   is unreachable, since we'll never create a virFirewall
   object with with VIR_FIREWALL_BACKEND_NONE, so the error reporting
   is just a sanity check.

 * Ignore the compile time backend defaults and assume use of
   the 'none' backend if running unprivileged.

   This fixes the first regression, avoiding the failure to start
   libvirtd on Linux in unprivileged context, instead allowing use
   of the driver and expecting a permission denied when creating a
   bridge.

 * Reject the use of compile time backend defaults no non-Linux
   and hardcode the 'none' backend. The non-Linux platforms have
   no firewall implementation at all currently, so there's no
   reason to permit the use of 'firewall_backend_priority'
   meson option.

   This fixes the second regression, avoiding the failure to start
   libvirtd on non-Linux hosts due to non-existant Linux binaries.

 * Change the Linux platform backend to raise an error if the
   firewall backend is 'none'. Again this code path is unreachable
   by default since we'll fail to create the bridge before getting
   here, but if someone modified network.conf to request the 'none'
   backend, this will stop further progress.

 * Change the nop platform backend to raise an error if the
   firewall backend is 'iptables' or 'nftables'. Again this code
   path is unreachable, since we should already have failed to
   find the iptables/nftables binaries on non-Linux hosts, so
   this is just a sanity check.

 * 'none' is not permited as a value in 'firewall_backend_priority'
   meson option, since it is conceptually meaningless to ask for
   that on Linux.

NB, 'firewall_backend_priority' allows repeated options temporarily,
which we don't want. Meson intends to turn this into a hard error

  DEPRECATION: Duplicated values in array option is deprecated. This will become a hard error in the future.

and we can live with the reduced error checking until that happens.

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-06-17 15:55:14 +01:00
Daniel P. Berrangé
991c324fae meson: fix typo s/getoption/get_option/
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-06-13 10:25:07 +01:00
Daniel P. Berrangé
f2828880b6 meson: allow systemd sysusersdir to be changed
We currently hardcode the systemd sysusersdir, but it is desirable to be
able to choose a different location in some cases. For example, Fedora
flatpak builds change the RPM %_sysusersdir macro, but we can't currently
honour that.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Reported-by: Yaakov Selkowitz <yselkowi@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-06-13 10:23:11 +01:00
Daniel P. Berrangé
a7eb7de531 meson: allow systemd unitdir to be changed
We currently hardcode the systemd unitdir, but it is desirable to be
able to choose a different location in some cases. For examples, Fedora
flatpak builds change the RPM %_unitdir macro, but we can't currently
honour that.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-06-07 14:04:19 +01:00
Jiri Denemark
89678c2002 Post-release version bump to 10.5.0
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2024-06-03 10:38:11 +02:00
Andrea Bolognani
cb02e853e6 meson: Include firewall backend selection in summary
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2024-05-28 19:29:26 +02:00
Andrea Bolognani
957eea376b meson: Improve default firewall backend configuration
The current implementation requires users to configure the
preference as such:

  -Dfirewall_backend_default_1=iptables
  -Dfirewall_backend_default_2=nftables

In addition to being more verbose than one would hope, there
are several things that could go wrong.

First of all, meson performs no validation on the provided
values, so mistakes will only be caught by the compiler.
Additionally, it's entirely possible to provide nonsensical
combinations, such as repeating the same value twice.

Change things so that the preference can now be configured
as such:

  -Dfirewall_backend_priority=iptables,nftables

Checks have been added to prevent invalid values from being
accepted.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2024-05-28 19:28:58 +02:00
Laine Stump
b89c4991da network: add an nftables backend for network driver's firewall construction
Support using nftables to setup the firewall for each virtual network,
rather than iptables. The initial implementation of the nftables
backend creates (almost) exactly the same ruleset as the iptables
backend, determined by running the following commands on a host that
has an active virtual network:

  iptables-save >iptables.txt
  iptables-restore-translate -f iptables.txt

(and the similar ip6tables-save/ip6tables-restore-translate for an
IPv6 network). Correctness of the new backend was checked by comparing
the output of:

  nft list ruleset

when the backend is set to iptables and when it is set to nftables.

This page was used as a guide:

  https://wiki.nftables.org/wiki-nftables/index.php/Moving_from_iptables_to_nftables

The only differences between the rules created by the nftables backed
vs. the iptables backend (aside from a few inconsequential changes in
display order of some chains/options) are:

1) When we add nftables rules, rather than adding them in the
system-created "filter" and "nat" tables, we add them in a private
table (ie only we should be using it) created by us called "libvirt"
(the system-created "filter" and "nat" tables can't be used because
adding any rules to those tables directly with nft will cause failure
of any legacy application attempting to use iptables when it tries to
list the iptables rules (e.g. "iptables -S").

(NB: in nftables only a single table is required for both nat and
filter rules - the chains for each are differentiated by specifying
different "hook" locations for the toplevel chain of each)

2) Since the rules that were added to allow tftp/dns/dhcp traffic from
the guests to the host are unnecessary in the context of nftables,
those rules aren't added.

(Longer explanation: In the case of iptables, all rules were in a
single table, and it was always assumed that there would be some
"catch-all" REJECT rule added by "someone else" in the case that a
packet didn't match any specific rules, so libvirt added these
specific rules to ensure that, no matter what other rules were added
by any other subsystem, the guests would still have functional
tftp/dns/dhcp. For nftables though, the rules added by each subsystem
are in a separate table, and in order for traffic to be accepted, it
must be accepted by *all* tables, so just adding the specific rules to
libvirt's table doesn't help anything (as the default for the libvirt
table is ACCEPT anyway) and it just isn't practical/possible for
libvirt to find *all* other tables and add rules in all of them to
make sure the traffic is accepted. libvirt does this for firewalld (it
creates a "libvirt" zone that allows tftp/dns/dhcp, and adds all
virtual network bridges to that zone), however, so in that case no
extra work is required of the sysadmin.)

3) nftables doesn't support the "checksum mangle" rule (or any
equivalent functionality) that we have historically added to our
iptables rules, so the nftables rules we add have nothing related to
checksum mangling.

(NB: The result of (3) is that if you a) have a very old guest (RHEL5
era or earlier) and b) that guest is using a virtio-net network
device, and c) the virtio-net device is using vhost packet processing
(the default) then DHCP on the guest will fail. You can work around
this by adding <driver name='qemu'/> to the <interface> XML for the
guest).

There are certainly much better nftables rulesets that could be used
instead of those implemented here, and everything is in place to make
future changes to the rules that are used simple and free of surprises
(e.g. the rules that are added have coresponding "removal" commands
added to the network status so that we will always remove exactly the
rules that were previously added rather than trying to remove the
rules that "the current build of libvirt would have added" (which will
be incorrect the first time we run a libvirt with a newly modified
ruleset). For this initial implementation though, I wanted the
nftables rules to be as identical to the iptables rules as possible,
just to make it easier to verify that everything is working.

The backend can be manually chosen using the firewall_backend setting
in /etc/libvirt/network.conf. libvirtd/virtnetworkd will read this
setting when it starts; if there is no explicit setting, it will check
for availability of FIREWALL_BACKEND_DEFAULT_1 and then
FIREWALL_BACKEND_DEFAULT_2 (which are set at build time in
meson_options.txt or by adding -Dfirewall_backend_default_n=blah to
the meson commandline), and use the first backend that is available
(ie, that has the necessary programs installed). The standard
meson_options.txt is set to check for nftables first, and then
iptables.

Although it should be very safe to change the default backend from
iptables to nftables, that change is left for a later patch, to show
how the change in default can be undone if someone really needs to do
that.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Tested-by: Daniel P. Berrangé <berrange@redhat.com>
2024-05-22 23:20:07 -04:00
Laine Stump
865eea30f4 meson: stop looking for iptables/ip6tables/ebtables at build time
This was the only reason we required the iptables and ebtables
packages at build time, and many other external commands already have
their binaries found at runtime by looking through $PATH (virCommand
automatically does this), so we may as well do it for these commands
as well.

Since we no longer need iptables or iptables at build time, we can
also drop the BuildRequires for them from the rpm specfile.

Inspired-by: 6aa2fa38b0
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2024-05-22 23:20:07 -04:00
Laine Stump
64b966558c network: support setting firewallBackend from network.conf
It still can have only one useful value ("iptables"), but once a 2nd
value is supported, it will be selectable by setting
"firewall_backend=nftables" in /etc/libvirt/network.conf.

If firewall_backend isn't set in network.conf, then libvirt will check
to see if FIREWALL_BACKEND_DEFAULT_1 is available and, if so, set
that. (Since FIREWALL_BACKEND_DEFAULT_1 is currently "iptables", this
means checking to see it the iptables binary is present on the
system).  If the default backend isn't available, that is considered a
fatal error (since no networks can be started anyway), so an error is
logged and startup of the network driver fails.

NB: network.conf is itself created from network.conf.in at build time,
and the advertised default setting of firewall_backend (in a commented
out line) is set from the meson_options.txt setting
"firewall_backend_default_1". This way the conf file will have correct
information no matter what ordering is chosen for default backend at
build time (as more backends are added, settings will be added for
"firewall_backend_default_n", and those will be settable in
meson_options.txt and on the meson commandline to change the ordering
of the auto-detection when no backend is set in network.conf).

virNetworkLoadDriverConfig() may look more complicated than necessary,
but as additional backends are added, it will be easier to add checks
for those backends (and to re-order the checks based on builders'
preferences).

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2024-05-22 23:19:18 -04:00
Michal Privoznik
9c1cfc337e meson: Bump glib version to 2.58.0
Now that we don't have any distro stuck with glib-2.56.0, we can
bump the glib version. In fact, this is needed, because of
g_clear_pointer. Since v7.4.0-rc1~301 we declare at compile time
what version of glib APIs we want to use (by setting
GLIB_VERSION_MIN_REQUIRED = GLIB_VERSION_MAX_ALLOWED = 2.56.0),
regardless of actual glib version in the host.

And since we currently require glib-2.56.0 and force glib to use
APIs of that version, some newer bits are slipping from us. For
instance: regular function version of g_clear_pointer() is used
instead of a fancy macro. So what? Well, g_clear_pointer()
function typecasts passed free function to void (*)(void *) and
then calls it. Well, this triggers UBSAN, understandably. But
with glib-2.58.0 the g_clear_pointer() becomes a macro which
calls the free function directly, with no typecasting and thus no
undefined behavior.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-05-14 15:17:20 +02:00
Michal Privoznik
3f5a1fa234 meson: Disable -fsanitize=function
Strictly speaking, xdrproc_t is declared as following:

  typedef bool_t (*xdrproc_t)(XDR *, ...);

But our rpcgen generates properly typed functions, e.g.:

  bool_t xdr_virNetMessageError(XDR *xdrs, virNetMessageError *objp)

Now, these functions of ours are passed around as callbacks (via
an argument of xdrproc_t type), for instance in
virNetMessageEncodePayload(). But these two types are strictly
different. We silence the compiler by typecasting the callbacks
when passing them, but strictly speaking - calling such callback
later, when a function of xdrproc_t is expected is an undefined
behavior.

Ideally, we would fix our rpcgen to generate proper function
headers, but: a) my brain is too small to do that, and b) we
would lose compiler protection if an xdr_*() function is called
directly but argument of a wrong type is passed.

Silence UBSAN for now.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-05-14 15:12:23 +02:00
Michal Privoznik
0287b5dfd2 tools: Introduce SSH proxy
This allows users to SSH into a domain with a VSOCK device:

  ssh user@qemu/machineName

So far, only QEMU domains are supported AND qemu:///system is
looked for the first for 'machineName' followed by
qemu:///session. I took an inspiration from Systemd's ssh proxy
[1] [2].

To just work out of the box, it requires (yet unreleased) systemd
to be running inside the guest to set up a socket activated SSHD
on the VSOCK. Alternatively, users can set up the socket
activation themselves, or just run a socat that'll forward vsock
<-> TCP communication.

1: https://github.com/systemd/systemd/blob/main/src/ssh-generator/ssh-proxy.c
2: https://github.com/systemd/systemd/blob/main/src/ssh-generator/20-systemd-ssh-proxy.conf.in

Resolves: https://gitlab.com/libvirt/libvirt/-/issues/579
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-05-13 08:56:35 +02:00
Michal Privoznik
bc70aa1df3 scripts/meson-dist.py: Get builddir from env too
When meson runs a dist script it sets both MESON_BUILD_ROOT and
MESON_DIST_ROOT envvars [1]. But for some reason, we took the
former as an argument and obtained the latter via env. Well,
obtain both via env.

1: https://mesonbuild.com/Reference-manual_builtin_meson.html#mesonadd_dist_script
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-05-02 14:33:20 +02:00
Jiri Denemark
8c80acdec0 Post-release version bump to 10.4.0
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2024-05-02 11:10:01 +02:00
Jiri Denemark
ca7d1bd5ee Post-release version bump to 10.3.0
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2024-04-02 13:43:31 +02:00
Andrea Bolognani
6b7c8fce5a meson: Check for sched_get_priority_min()
virProcessSetScheduler() uses not just sched_setscheduler() but
also sched_get_priority_{min,max}(). Currently we assume that
the former being available implies that the latter are as well,
but that's not the case for at least GNU/Hurd.

Make sure all functions are actually available before
attempting to use them.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-03-19 18:38:19 +01:00
Andrea Bolognani
526e7ee15a meson: Restore check for sched_getaffinity()
Commit c07cf0a686 replaced this check with one for the
presence of cpu_set_t.

The idea at the time was that only sched_{get,set}affinity()
were visible by default, while making cpu_set_t visible required
defining _WITH_CPU_SET_T. So libvirt would detect the function
and attempt to use it, but the code would not compile because
the necessary data type had not been made accessible.

The commit in question brought three FreeBSD commits as evidence
of this. While [1] and [2] do indeed seem to support this
explanation, [3] from just a few days later made it so that not
just cpu_set_t, but also the functions, required user action to
be visible. This arguably would have made the change unnecessary.

However, [4] from roughly a month later changed things once
again: it completely removed _WITH_CPU_SET_T, making both the
functions and the data type visible by default.

This is the status quo that seems to have persisted until
today. If one were to check any recent FreeBSD build job
performed as part of our CI pipeline, for example [5] and [6]
for FreeBSD 13 and 14 respectively, they would be able to
confirm that in both cases cpu_set_t is detected as available.

Since there is no longer a difference between the availability
of the functions and that of the data type, go back to what we
had before.

This has the interesting side-effect of fixing a bug
introduced by the commit in question.

When detection was changed from the function to the data type,
most uses of WITH_SCHED_GETAFFINITY were replaced with uses of
WITH_DECL_CPU_SET_T, but not all of them: specifically, those
that decided whether qemuProcessInitCpuAffinity() would be
actually implemented or replaced with a no-op stub were not
updated, which means that we've been running the stub version
everywhere except on FreeBSD ever since.

The code has been copied to the Cloud Hypervisor driver in
the meantime, which is similarly affected. Now that we're
building the actual implementation, we need to add virnuma.h
to the includes.

As a nice bonus this also makes things work correctly on
GNU/Hurd, where cpu_set_t is available but
sched_{get,set}affinity() are non-working stubs.

[1] https://cgit.freebsd.org/src/commit/?id=160b4b922b6021848b6b48afc894d16b879b7af2
[2] https://cgit.freebsd.org/src/commit/?id=43736b71dd051212d5c55be9fa21c45993017fbb
[3] https://cgit.freebsd.org/src/commit/?id=90fa9705d5cd29cf11c5dc7319299788dec2546a
[4] https://cgit.freebsd.org/src/commit/?id=5e04571cf3cf4024be926976a6abf19626df30be
[5] https://gitlab.com/libvirt/libvirt/-/jobs/6266401204
[6] https://gitlab.com/libvirt/libvirt/-/jobs/6266401205

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-03-19 18:38:13 +01:00
Michal Privoznik
b7e6513a01 tests: mock __open_2()
As of commit [1] glibc may overwrite a call to open() with call
to __open_2() (if only two arguments are provided and the code is
compiled with clang). But since we are not mocking the latter our
test suite is broken as tests try to access paths outside of our
repo.

1: https://sourceware.org/git/?p=glibc.git;a=commit;h=86889e22db329abac618c6a41f86c84657a15324
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2024-03-14 15:17:48 +01:00
Jiri Denemark
8c1ea0b8a7 Post-release version bump to 10.2.0
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2024-03-01 12:22:04 +01:00
Martin Kletzander
c8ca9d0118 build: Let users know not all tests might run
We warned users before the meson times, so do like an S Club 7 and bring
it all back.

Add the information into a new section of the summary, because even
though using `warning()` looks better, it scrolls on by once the summary
is printed.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2024-02-19 17:18:42 +01:00
Martin Kletzander
ece58c0a5d build: Split optional programs into test and rest
To be used in the following commit.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-02-19 17:18:42 +01:00
Jiri Denemark
2a6799fd43 build: Add userfaultfd_sysctl build option
This option controls whether the sysctl config for enabling unprivileged
userfaultfd will be installed.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-02-13 17:44:26 +01:00
Andrea Bolognani
7284b4cf8b meson: Adjust -fstack-protector use
Back in 2014, -fstack-protector was reported not to work on
aarch64, so fe881ae086 disabled it on that target. OS-wise,
its use is currently limited to just Linux, FreeBSD and Windows.

Looking at the situation today, it seems that whatever issue was
affecting aarch64 a decade ago has been resolved; moreover,
macOS can also use the feature these days.

I haven't checked any of the other BSDs, but since the feature
works on FreeBSD it's pretty safe to assume that they can use
it too. If we get reports that it's not the case, we can always
further restrict its usage accordingly.

Best viewed with 'git show -w'.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-01-31 11:25:32 +01:00
Jiri Denemark
db791c8601 Post-release version bump to 10.1.0
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2024-01-15 11:01:50 +01:00
Jonathon Jongsma
9eabf14afb qemu: add runtime config option for nbdkit
Currently when we build with nbdkit support, libvirt will always try to
use nbdkit to access remote disk sources when it is available. But
without an up-to-date selinux policy allowing this, it will fail.
because the required selinux policies are not yet widely available, we
have disabled nbdkit support on rpm builds for all distributions before
Fedora 40.

Unfortunately, this makes it more difficult to test nbdkit support.
After someone updates to the necessary selinux policies, they would also
need to rebuild libvirt to enable nbdkit support. By introducing a
configure option (nbdkit_config_default), we can build packages with
nbdkit support but have it disabled by default.

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Suggested-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2024-01-04 14:34:40 -06:00
Andrea Bolognani
6aa2fa38b0 meson: Stop looking for passt at build time
We only use it at runtime, not during the build process.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2023-12-05 11:50:44 +01:00
Andrea Bolognani
58b17ce789 meson: Stop looking for scrub at build time
We only use it at runtime, not during the build process.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2023-12-05 11:50:42 +01:00
Andrea Bolognani
5b4d1a68b2 meson: Stop looking for udevadm at build time
We only use it at runtime, not during the build process.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2023-12-05 11:50:40 +01:00
Jiri Denemark
ce7d0a7db4 Post-release version bump to 10.0.0
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2023-12-01 16:24:28 +01:00
Laine Stump
9231566146 build: suppress "ignoring duplicate libraries" warning on macOS
Xcode 15, which provides the compiler toolchain for building libvirt
on macOS has switched to a new linker that warns about duplicated
"-lblah" options on the ld commandline. In practice this is impossible
to prevent in a large project, and also harmless.

Fortunately the new ld command also has an option,
-no_warn_duplicate_libraries, that supresses this harmless/pointless
warning, meson has a simple way to check if that option is supported,
and libvirt's meson.build files already have examples of adding an
option to the ld commandline if it's available.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-11-03 15:56:37 -04:00
Daniel P. Berrangé
a62486b95f build: switch over to new rpc generator code
This replaces use of 'rpcgen' with our new python impl of
the RPC code generator. Since the new impl generates code
that matches our style/coding rules, and does not contain
long standing bugs, we no longer need to post-process the
output.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-11-03 14:06:35 -04:00
Daniel P. Berrangé
8c8b97685b rpcgen: add an XDR protocol lexer
This adds a lexer capable of handling the XDR protocol files.

The lexical rquirements are detailed in

  https://www.rfc-editor.org/rfc/rfc4506#section-6.2

pytest is introduced as a build dependancy for testing python
code.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-11-03 14:06:35 -04:00
Daniel P. Berrangé
a24ab56da8 build-aux: introduce 'black' tool for python formatting
The 'black' tool is intended to be an opinionated formatting
tool for python code. It is complementary to flake8 which
validates coding bad practices, but (mostly) ignores code
layout issues.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-11-03 14:06:35 -04:00
Jiri Denemark
bfcf4be172 Post-release version bump to 9.10.0
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2023-11-01 10:42:48 +01:00
Andrea Bolognani
4242a94816 meson: Rename build_tests -> tests_enabled
Given that this variable now controls not just whether C tests
are built, but also whether any test at all is executed, the new
name is more appropriate.

Update the description for the corresponding meson option
accordingly.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-10-26 11:31:25 +02:00
Andrea Bolognani
87f14badd0 meson: Disable all tests when tests are disabled
Currently, passing -Dtests=disabled only disables a subset of
tests: those that are written in C and thus require compilation.
Other tests, such as the syntax-check ones and those that are
implemented as scripts, are always enabled.

There's a potentially dangerous consequence of this behavior:
when tests are disabled, 'meson test' will succeed as if they
had been enabled. No indication of this will be shown, so the
user will likely make the reasonable assumption that everything
is fine when in fact the significantly reduced coverage might
be hiding failures.

To solve this issues, disable *all* tests when asked to do so,
and inject an intentionally failing test to ensure that 'meson
test' doesn't succeed.

Best viewed with 'git show -w'.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-10-26 11:31:24 +02:00
Andrea Bolognani
8ce0decc37 meson: Make -Dexpensive_tests depend on -Dtests
It only makes sense to enable expensive tests when tests are
enabled. Disallow invalid configurations.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-10-26 11:31:22 +02:00
Andrea Bolognani
5904228f92 meson: Handle -Dtests=enabled with Clang
There are some cases in which we automatically disable tests when
using Clang as the compiler. If the user has explicitly asked for
tests to be enabled, however, we should error out instead of
silently disabling things.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-10-26 11:31:21 +02:00
Andrea Bolognani
44711485b1 meson: Move all handling of test options together
This will make future patches nicer.

Note that we need to handle these somewhat late because of the
dependency on information about the compiler and the flags it
supports.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-10-26 11:31:19 +02:00
Andrea Bolognani
03785fef92 meson: Fix XDR check for GNU/Hurd
The situation is the same as Linux: since glibc no
longer includes the RPC functionality, libtirpc must
be used to complement it.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-10-25 12:19:32 +02:00
Andrea Bolognani
7cbd8c4230 meson: Improve nbdkit configurability
Currently, nbdkit support will automatically be enabled as long as
the pidfd_open(2) syscall is available. Optionally, libnbd is used
to generate more user-friendly error messages.

In theory this is all good, since use of nbdkit is supposed to be
transparent to the user. In practice, however, there is a problem:
if support for it is enabled at build time and the necessary
runtime components are installed, nbdkit will always be preferred,
with no way for the user to opt out.

This will arguably be fine in the long run, but right now none of
the platforms that we target ships with a SELinux policy that
allows libvirt to launch nbdkit, and the AppArmor policy that we
maintain ourselves hasn't been updated either.

So, in practice, as of today having nbdkit installed on the host
makes network disks completely unusable unless you're willing to
compromise the overall security of the system by disabling
SELinux/AppArmor.

In order to make the transition smoother, provide a convenient
way for users and distro packagers to disable nbdkit support at
compile time until SELinux and AppArmor are ready.

In the process, detection is completely overhauled. libnbd is
made mandatory when nbdkit support is enabled, since availability
across operating systems is comparable and offering users the
option to make error messages worse doesn't make a lot of sense;
we also make sure that an explicit request from the user to
enable/disable nbdkit support is either complied with, or results
in a build failure when that's not possible. Last but not least,
we avoid linking against libnbd when nbdkit support is disabled.

At the RPM level, we disable the feature when building against
anything older than Fedora 40, which still doesn't have the
necessary SELinux bits but will hopefully gain them by the time
it's released. We also allow nbdkit support to be disabled at
build time the same way as other optional features, that is, by
passing "--define '_without_nbdkit 1'" to rpmbuild. Finally, if
nbdkit support has been disabled, installing libvirt will no
longer drag it in as a (weak) dependency.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com>
2023-10-05 22:49:14 +02:00
Jiri Denemark
bd011ff818 Post-release version bump to 9.9.0
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2023-10-02 09:33:28 +02:00
Jonathon Jongsma
40935b395c qemu: try to connect to nbdkit early to detect errors
When using nbdkit to serve a network disk source, the nbdkit process
will start and wait for an nbd connection before actually attempting to
connect to the (remote) disk location. Because of this, nbdkit will not
report an error until after qemu is launched and tries to read from the
disk. This results in a fairly user-unfriendly error saying that qemu
was unable to start because "Requested export not available".

Ideally we'd like to be able to tell the user *why* the export is not
available, but this sort of information is only available to nbdkit, not
qemu. It could be because the url was incorrect, or because of an
authentication failure, or one of many other possibilities.

To make this friendlier for users and easier to detect
misconfigurations, try to connect to nbdkit immediately after starting
nbdkit and before we try to start qemu. This requires adding a
dependency on libnbd. If an error occurs when connecting to nbdkit, read
back from the nbdkit error log and provide that information in the error
report from qemuNbdkitProcessStart().

User-visible change demonstrated below:
Previous error:

    $ virsh start nbdkit-test
    2023-01-18 19:47:45.778+0000: 30895: error : virNetClientProgramDispatchError:172 : internal
    error: process exited while connecting to monitor: 2023-01-18T19:47:45.704658Z
    qemu-system-x86_64: -blockdev {"driver":"nbd","server":{"type":"unix",
    "path":"/var/lib/libvirt/qemu/domain-1-nbdkit-test/nbdkit-libvirt-1-storage.socket"},
    "node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}: Requested export not
    available
    error: Failed to start domain 'nbdkit-test'
    error: internal error: process exited while connecting to monitor: 2023-01-18T19:47:45.704658Z
    qemu-system-x86_64: -blockdev {"driver":"nbd","server":{"type":"unix",
    "path":"/var/lib/libvirt/qemu/domain-1-nbdkit-test/nbdkit-libvirt-1-storage.socket"},
    "node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}: Requested export not
    available

After this change:

    $ virsh start nbdkit-test
    2023-01-18 19:44:36.242+0000: 30895: error : virNetClientProgramDispatchError:172 : internal
    error: Failed to connect to nbdkit for 'http://localhost:8888/nonexistent.iso': nbdkit: curl[1]:
    error: problem doing HEAD request to fetch size of URL [http://localhost:8888/nonexistent.iso]:
    HTTP response code said error: The requested URL returned error: 404
    error: Failed to start domain 'nbdkit-test'
    error: internal error: Failed to connect to nbdkit for 'http://localhost:8888/nonexistent.iso]:
    error: problem doing HEAD request to fetch size of URL [http://localhost:8888/nonexistent.iso]:
    HTTP response code said error: The requested URL returned error: 404

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-09-19 14:28:50 -05:00
Jonathon Jongsma
447e09dfdb qemu: Monitor nbdkit process for exit
Adds the ability to monitor the nbdkit process so that we can take
action in case the child exits unexpectedly.

When the nbdkit process exits, we pause the vm, restart nbdkit, and then
resume the vm. This allows the vm to continue working in the event of a
nbdkit failure.

Eventually we may want to generalize this functionality since we may
need something similar for e.g. qemu-storage-daemon, etc.

The process is monitored with the pidfd_open() syscall if it exists
(since linux 5.3). Otherwise it resorts to checking whether the process
is alive once a second. The one-second time period was chosen somewhat
arbitrarily.

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-09-19 14:28:50 -05:00
Peter Krempa
c2e6897e54 build: Fix logic bug determining whether running with optimization
The conversion from ternary to a 'if' clause was wrong and thus didn't
properly increase the stack size where needed but only where not
actually needed.

Fixes: b68faa99d9
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2023-09-04 14:30:48 +02:00
Peter Krempa
d9c04cdc34 build: Fix assignment into 'stack_frame_size' when sanitizer is enabled
Instead of an assignment into the 'stack_frame_size' variable when
sanitizers are enabled I've accidentally compared the value against the
requested size.

Fix the typo.

Fixes: b68faa99d9
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2023-09-04 14:07:31 +02:00
Peter Krempa
b68faa99d9 build: Work around clang's stack size calculation without optimization
When building without optimization on clang, certain big functions trip
the stack size limit despite not actually reaching it. Relax the stack
limit size for clang without optimization.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-09-04 13:32:28 +02:00