[libvirt] [PATCH 00/22] support VFIO groups
by Laine Stump
When I first put in support for VFIO device assignment, I didn't
realize that groups of devices were quite as common as they actually
are. In particular, I didn't know that often multiple
seemingly-unrelated devices can end up in the same VFIO iommu group
due to unlucky circumstances of hardware - they may share a dma
controller which means that the devices can't truly be isolated from
each other, and thus should not be simultaneously assigned to
different guests (or even used by the host) - all of the devices in a
group should be either assigned to the same guest or, if not assigned
to the guest, should be isolated off in a driver to prevent them
from being used by the host.
The following set of patches makes setting that up easier to deal
with. The end result of all the patches is the following:
1) The virNodeDevice API will be able to detach or re-attach all the
devices in a particular group with a single API call.
2) <hostdev managed='yes'>, <interface type='hostdev' managed='yes'>,
and <interface type='network' managed='yes'> devices (where the
network is itself a pool of SRIOV Virtual Functions) can specify:
<driver name='vfio' group='auto'/>
and libvirt will automatically detach (and bind to the 'vfio-pci'
driver for assignment/isolation) all devices in the same group as
the device being assigned. Likewise, when the device it detached
from the guest, a check will be made and, if none of the devices in
the same group as the device being detach is still in use by a guest
As usual there are a lot of patches here, but many of them are
extremely simple, so don't be put off by the count.
Also, please note that patches 15/22 - 18/22 provide a new public API
(virNodeDeviceReAttachFlags()). I kept the new API later in the series
just in case someone wanted to backport as much as possible of this
patchset to an old release.
Laine Stump (22):
syntax: virPCIDeviceFree is also a NOP for NULL args
pci: change stubDriver from const char* to char*
pci: new utility functions
pci: eliminate memory leak in virPCIDeviceReattach
pci: make virPCIDeviceDetach consistent in behavior
pci: eliminate repetitive path constructions in
virPCIDeviceBindToStub
pci: eliminate unused driver arg from virPCIDeviceDetach
pci: update stubDriver name in virPCIDeviceBindToStub
pci: rename virPCIDeviceGetVFIOGroupDev to
virPCIDeviceGetIOMMUGroupDev
pci: make virPCIParseDeviceAddress public
pci: new iommu_group functions
pci: optionally detach/reattach all devices in a VFIO group
API & qemu: add ability to detach an entire VFIO group of devices
virsh: add option to detach entire group of devices
API: new virNodeDeviceReAttachFlags
API: implement RPC calls for virNodeDeviceReAttachFlags
qemu: implement virNodeDeviceReAttachFlags
xen: implement virNodeDeviceReAttachFlags
virsh: add option to attach entire group of devices
nodedev: add iommuGroup to node device object
conf: add <driver group='auto'> to hostdev, interface, and networks
qemu: implement backend of <driver group='auto'/>
cfg.mk | 1 +
docs/formatdomain.html.in | 94 ++-
docs/formatnetwork.html.in | 11 +
docs/formatnode.html.in | 63 +-
docs/schemas/domaincommon.rng | 16 +
docs/schemas/network.rng | 8 +
docs/schemas/nodedev.rng | 11 +
include/libvirt/libvirt.h.in | 18 +
src/conf/domain_conf.c | 36 +-
src/conf/domain_conf.h | 13 +
src/conf/network_conf.c | 39 +-
src/conf/network_conf.h | 14 +
src/conf/node_device_conf.c | 86 ++-
src/conf/node_device_conf.h | 5 +-
src/driver.h | 5 +
src/libvirt.c | 60 ++
src/libvirt_private.syms | 11 +-
src/libvirt_public.syms | 4 +
src/network/bridge_driver.c | 22 +
src/node_device/node_device_udev.c | 21 +-
src/qemu/qemu_cgroup.c | 4 +-
src/qemu/qemu_driver.c | 40 +-
src/qemu/qemu_hostdev.c | 39 +-
src/remote/remote_driver.c | 29 +
src/remote/remote_protocol.x | 12 +-
src/remote_protocol-structs | 5 +
src/security/security_apparmor.c | 2 +-
src/security/security_dac.c | 4 +-
src/security/security_selinux.c | 4 +-
src/util/virpci.c | 707 ++++++++++++++++++---
src/util/virpci.h | 37 +-
src/xen/xen_driver.c | 22 +-
tests/networkxml2xmlin/hostdev-pf.xml | 2 +-
tests/networkxml2xmlout/hostdev-pf.xml | 2 +-
tests/nodedevschemadata/pci_8086_10c9_sriov_pf.xml | 16 +
tests/nodedevxml2xmltest.c | 1 +
.../qemuxml2argvdata/qemuxml2argv-hostdev-vfio.xml | 2 +-
.../qemuxml2argv-net-hostdev-vfio.xml | 2 +-
tools/virsh-nodedev.c | 30 +-
39 files changed, 1340 insertions(+), 158 deletions(-)
create mode 100644 tests/nodedevschemadata/pci_8086_10c9_sriov_pf.xml
--
1.7.11.7
11 years, 5 months
[libvirt] [PATCH] qemu: don't reset PCI devices being assigned with VFIO
by Laine Stump
I just learned that VFIO resets PCI devices when they are assigned to
guests / returned to the host, so it is redundant for libvirt to reset
the devices. This patch inhibits calling virPCIDeviceReset to devices
that will be/were assigned using VFIO.
---
src/qemu/qemu_hostdev.c | 4 ++++
src/qemu/qemu_hotplug.c | 5 +++--
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_hostdev.c b/src/qemu/qemu_hostdev.c
index 2b0221d..5a87eb0 100644
--- a/src/qemu/qemu_hostdev.c
+++ b/src/qemu/qemu_hostdev.c
@@ -556,6 +556,8 @@ int qemuPrepareHostdevPCIDevices(virQEMUDriverPtr driver,
* can safely reset them */
for (i = 0; i < virPCIDeviceListCount(pcidevs); i++) {
virPCIDevicePtr dev = virPCIDeviceListGet(pcidevs, i);
+ if (STREQ_NULLABLE(virPCIDeviceGetStubDriver(dev), "vfio-pci"))
+ continue;
if (virPCIDeviceReset(dev, driver->activePciHostdevs,
driver->inactivePciHostdevs) < 0)
goto reattachdevs;
@@ -1122,6 +1124,8 @@ void qemuDomainReAttachHostdevDevices(virQEMUDriverPtr driver,
for (i = 0; i < virPCIDeviceListCount(pcidevs); i++) {
virPCIDevicePtr dev = virPCIDeviceListGet(pcidevs, i);
+ if (STREQ_NULLABLE(virPCIDeviceGetStubDriver(dev), "vfio-pci"))
+ continue;
if (virPCIDeviceReset(dev, driver->activePciHostdevs,
driver->inactivePciHostdevs) < 0) {
virErrorPtr err = virGetLastError();
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 18f5fa5..46875ad 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -2528,8 +2528,9 @@ qemuDomainDetachHostPciDevice(virQEMUDriverPtr driver,
if (pci) {
activePci = virPCIDeviceListSteal(driver->activePciHostdevs, pci);
if (activePci &&
- virPCIDeviceReset(activePci, driver->activePciHostdevs,
- driver->inactivePciHostdevs) == 0) {
+ (subsys->u.pci.backend == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO ||
+ virPCIDeviceReset(activePci, driver->activePciHostdevs,
+ driver->inactivePciHostdevs) == 0)) {
qemuReattachPciDevice(activePci, driver);
ret = 0;
} else {
--
1.7.11.7
11 years, 5 months
[libvirt] [PATCH v2 0/8] Chardev hotplug
by Michal Privoznik
The second round which is just a rebase of the first round:
https://www.redhat.com/archives/libvir-list/2013-May/msg00395.html
Michal Privoznik (8):
domain_conf: Introduce chardev hotplug helpers
qemu: Implement chardev hotplug on config level
qemu_monitor_json: Move InetSocketAddress build to a separate function
qemu_monitor: Introduce qemuMonitorAttachCharDev
qemu_monitor: Introduce qemuMonitorDetachCharDev
qemu_command: Honour chardev alias assignment with a function
qemu: Introduce qemuBuildChrDeviceStr
qemu: Implement chardev hotplug on live level
src/conf/domain_conf.c | 182 +++++++++++++++++++++++++++++-
src/conf/domain_conf.h | 11 ++
src/libvirt_private.syms | 4 +
src/qemu/qemu_command.c | 262 +++++++++++++++++++++++++++++++++++--------
src/qemu/qemu_command.h | 14 ++-
src/qemu/qemu_driver.c | 43 ++++++-
src/qemu/qemu_hotplug.c | 102 +++++++++++++++++
src/qemu/qemu_hotplug.h | 6 +
src/qemu/qemu_monitor.c | 41 +++++++
src/qemu/qemu_monitor.h | 5 +
src/qemu/qemu_monitor_json.c | 259 +++++++++++++++++++++++++++++++++++++++---
src/qemu/qemu_monitor_json.h | 5 +
12 files changed, 861 insertions(+), 73 deletions(-)
--
1.8.2.1
11 years, 5 months
[libvirt] [PATCH 0/2] libxl: Add support for qdisk disk backend
by Jim Fehlig
An update of
https://www.redhat.com/archives/libvir-list/2013-April/msg02104.html
This small patch series adds support for qdisk backend type in libxl. A
qdisk uses the block drivers in qemu to serve as a block backend, verses
blktap or blkbk.
While testing the second patch, I noticed a slightly misleading error was
emitted when the tap backend didn't support the requested disk format. Fix
this with the first patch, including adding format checks in the other
supported disk backends.
V2: Fix logic errors when validating disk format
Jim Fehlig (2):
libxl: Fix disk format error message
libxl: support qdisk backend
src/libxl/libxl_conf.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++-
1 files changed, 47 insertions(+), 2 deletions(-)
--
1.7.7
11 years, 5 months
[libvirt] Introduction of virDomainDefPtr resulted in deadlock in xenUnifiedDomainGetXMLDesc
by Stefan Bader
The problem is the mutex lock on xenUnifiedPrivatePtr which is held around
xenDomainUsedCpus.
xenUnifiedDomainGetXMLDesc
...
xenUnifiedLock(priv);
cpus = xenDomainUsedCpus(dom);
xenUnifiedUnlock(priv);
...
Unfortunately the introduction of virDomainDefPtr added the following call paths
xenDomainUsedCpus
...
nb_vcpu = xenUnifiedDomainGetMaxVcpus(dom);
return xenUnifiedDomainGetVcpusFlags(...)
...
if (!(def = xenGetDomainDefForDom(dom)))
return xenGetDomainDefForUUID(dom->conn, dom->uuid);
...
ret = xenHypervisorLookupDomainByUUID(conn, uuid);
...
xenUnifiedLock(priv);
name = xenStoreDomainGetName(conn, id);
xenUnifiedUnlock(priv);
...
if ((ncpus = xenUnifiedDomainGetVcpus(dom, cpuinfo, nb_vcpu,
...
if (!(def = xenGetDomainDefForDom(dom)))
[again like above]
Right now, running the GetXMLDesc command for an active Xen domain will lock up
right in the xenUnifiedDomainGetMaxVcpus call. But any subcall leading to a call
to xenGetDomainDefForDom while holding the xenUnifiedPrivatePtr lock will have
the same fate.
I assume the lock around the xenDomainUsedCpus call is there to ensure all
accesses to the private pointer see consistent data. Otherwise it would be
possible to simply release the lock before the GetMaxVcpus and GetVcpus calls.
If that lock cannot be dropped this feels like a much more painful rework is needed.
What do others think?
-Stefan
11 years, 5 months
[libvirt] [PATCH] Set process ID in system identity
by Daniel P. Berrange
From: "Daniel P. Berrange" <berrange(a)redhat.com>
When creating a virIdentityPtr for the system identity, include
the current process ID as an attribute.
---
src/util/viridentity.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/src/util/viridentity.c b/src/util/viridentity.c
index 034a12a..6d93d0f 100644
--- a/src/util/viridentity.c
+++ b/src/util/viridentity.c
@@ -139,6 +139,13 @@ virIdentityPtr virIdentityGetSystem(void)
#if WITH_SELINUX
security_context_t con;
#endif
+ char *processid = NULL;
+
+ if (virAsprintf(&processid, "%llu",
+ (unsigned long long)getpid()) < 0) {
+ virReportOOMError();
+ goto cleanup;
+ }
if (!(username = virGetUserName(getuid())))
goto cleanup;
@@ -176,11 +183,16 @@ virIdentityPtr virIdentityGetSystem(void)
VIR_IDENTITY_ATTR_SELINUX_CONTEXT,
seccontext) < 0)
goto error;
+ if (virIdentitySetAttr(ret,
+ VIR_IDENTITY_ATTR_UNIX_PROCESS_ID,
+ processid) < 0)
+ goto error;
cleanup:
VIR_FREE(username);
VIR_FREE(groupname);
VIR_FREE(seccontext);
+ VIR_FREE(processid);
return ret;
error:
--
1.8.1.4
11 years, 5 months
[libvirt] [PATCH 00/19] Fine grained access control for libvirt APIs
by Daniel P. Berrange
From: "Daniel P. Berrange" <berrange(a)redhat.com>
This is a repost of
http://www.redhat.com/archives/libvir-list/2012-May/msg00090.html
Most of the early patches in that series are now merged. What is
left is the actual access control work. The first patches setup
the infrastructure and provide two drivers (policy kit and selinux).
The remaining patches add access control checks to all the public
APIs in each driver. The final patch adds a test case to validate
that every driver API impl has an access control check present.
Still todo
- Optimize the polkit driver by making direct dbus calls
instead of spawning the polkit helper program
- Add filtering of returned objects from the various
vir*List* APIs
- Finish adding acl checks to the legacy Xen driver in
about 6 apis.
- Write a standalone access control driver as alternative
to polkit
- Audit permission names & groups to ensure we have an
optimial set of permissions defined to cover all our
APIs.
Daniel P. Berrange (19):
Define basic internal API for access control
Set conn->driver before running driver connectOpen method
Setup default access control manager in libvirtd
Add a policy kit access control driver
Add an SELinux access control driver
Add ACL annotations to all RPC messages
Auto-generate helpers for checking access control rules
Add ACL checks into the QEMU driver
Add ACL checks into the LXC driver
Add ACL checks into the UML driver
Add ACL checks into the Xen driver
Add ACL checks into the libxl driver
Add ACL checks into the storage driver
Add ACL checks into the network driver
Add ACL checks into the interface driver
Add ACL checks into the node device driver
Add ACL checks into the nwfilter driver
Add ACL checks into the secrets driver
Add validation that all APIs contain ACL checks
.gitignore | 10 +
daemon/Makefile.am | 1 +
daemon/libvirtd-config.c | 4 +
daemon/libvirtd-config.h | 2 +
daemon/libvirtd.aug | 1 +
daemon/libvirtd.c | 28 +-
daemon/libvirtd.conf | 9 +
daemon/test_libvirtd.aug.in | 4 +
include/libvirt/virterror.h | 4 +
m4/virt-compile-warnings.m4 | 1 +
m4/virt-selinux.m4 | 2 +
po/POTFILES.in | 3 +
src/Makefile.am | 187 ++++++++-
src/access/genpolkit.pl | 119 ++++++
src/access/viraccessdriver.h | 89 ++++
src/access/viraccessdrivernop.c | 118 ++++++
src/access/viraccessdrivernop.h | 28 ++
src/access/viraccessdriverpolkit.c | 399 ++++++++++++++++++
src/access/viraccessdriverpolkit.h | 28 ++
src/access/viraccessdriverselinux.c | 565 +++++++++++++++++++++++++
src/access/viraccessdriverselinux.h | 28 ++
src/access/viraccessdriverstack.c | 285 +++++++++++++
src/access/viraccessdriverstack.h | 32 ++
src/access/viraccessmanager.c | 351 ++++++++++++++++
src/access/viraccessmanager.h | 91 ++++
src/access/viraccessperm.c | 84 ++++
src/access/viraccessperm.h | 647 +++++++++++++++++++++++++++++
src/check-aclrules.pl | 144 +++++++
src/interface/interface_backend_netcf.c | 115 +++++
src/interface/interface_backend_udev.c | 85 +++-
src/internal.h | 4 +
src/libvirt.c | 11 +-
src/libvirt_private.syms | 37 ++
src/libxl/libxl_driver.c | 187 ++++++++-
src/locking/lock_protocol.x | 8 +
src/lxc/lxc_driver.c | 219 +++++++++-
src/network/bridge_driver.c | 61 +++
src/node_device/node_device_driver.c | 36 ++
src/nwfilter/nwfilter_driver.c | 26 ++
src/qemu/qemu_driver.c | 716 ++++++++++++++++++++++++++++----
src/remote/lxc_protocol.x | 1 +
src/remote/qemu_protocol.x | 4 +
src/remote/remote_protocol.x | 406 ++++++++++++++++++
src/rpc/gendispatch.pl | 211 +++++++++-
src/secret/secret_driver.c | 31 ++
src/storage/storage_driver.c | 155 ++++++-
src/uml/uml_driver.c | 174 +++++++-
src/util/virerror.c | 8 +
src/util/virlog.c | 3 +-
src/util/virlog.h | 1 +
src/xen/xen_driver.c | 217 +++++++++-
51 files changed, 5827 insertions(+), 153 deletions(-)
create mode 100755 src/access/genpolkit.pl
create mode 100644 src/access/viraccessdriver.h
create mode 100644 src/access/viraccessdrivernop.c
create mode 100644 src/access/viraccessdrivernop.h
create mode 100644 src/access/viraccessdriverpolkit.c
create mode 100644 src/access/viraccessdriverpolkit.h
create mode 100644 src/access/viraccessdriverselinux.c
create mode 100644 src/access/viraccessdriverselinux.h
create mode 100644 src/access/viraccessdriverstack.c
create mode 100644 src/access/viraccessdriverstack.h
create mode 100644 src/access/viraccessmanager.c
create mode 100644 src/access/viraccessmanager.h
create mode 100644 src/access/viraccessperm.c
create mode 100644 src/access/viraccessperm.h
create mode 100644 src/check-aclrules.pl
--
1.8.1.4
11 years, 5 months
[libvirt] [PATCH] bugfix: virNetDevBridgeSetSTPDelay on BSD
by Roman Bogorodskiy
virNetDevBridgeSetSTPDelay accepts delay in milliseconds,
but BSD implementation was expecting seconds. Therefore,
it was working correctly only with delay == 0.
---
src/util/virnetdevbridge.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/util/virnetdevbridge.c b/src/util/virnetdevbridge.c
index ffcb4a4..9d95374 100644
--- a/src/util/virnetdevbridge.c
+++ b/src/util/virnetdevbridge.c
@@ -593,10 +593,11 @@ int virNetDevBridgeSetSTPDelay(const char *brname,
int delay)
{
struct ifbrparam param;
+ u_long delay_seconds = delay / 1000;
/* FreeBSD doesn't allow setting STP delay < 4 */
- delay = delay < 4 ? 4 : delay;
- param.ifbrp_fwddelay = ((u_long)delay) & 0xff;
+ delay_seconds = delay_seconds < 4 ? 4 : delay_seconds;
+ param.ifbrp_fwddelay = delay_seconds & 0xff;
if (virNetDevBridgeCmd(brname, BRDGSFD, ¶m, sizeof(param)) < 0) {
virReportSystemError(errno,
--
1.8.2.3
11 years, 5 months
[libvirt] [PATCH] qemu: check if block I/O limits fit into long long
by Ján Tomko
We can only pass values up to LLONG_MAX through JSON
and QEMU checks if the int64_t number is not negative
at startup since 1.5.0.
https://bugzilla.redhat.com/show_bug.cgi?id=974010
---
src/qemu/qemu_driver.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 3d9457f..b4b66aa 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -14099,6 +14099,13 @@ qemuDomainSetBlockIoTune(virDomainPtr dom,
for (i = 0; i < nparams; i++) {
virTypedParameterPtr param = ¶ms[i];
+ if (param->value.ul > LLONG_MAX) {
+ virReportError(VIR_ERR_OVERFLOW,
+ _("block I/O throttle limit value must"
+ " be less than %llu"), LLONG_MAX);
+ goto endjob;
+ }
+
if (STREQ(param->field, VIR_DOMAIN_BLOCK_IOTUNE_TOTAL_BYTES_SEC)) {
info.total_bytes_sec = param->value.ul;
set_bytes = true;
--
1.8.1.5
11 years, 5 months
[libvirt] [PATCH 0/2] security: Save labels of resources before libvirt changing them for restoring.
by yangdongsheng
Hi ALL:
There is a confusing issue in svirt. If sec_type is dynamic or relabel is yes in VM,
when VM stopped, the label of image will be restored to a default label on the path,
but not my expected label what it was before VM is started.
Example:
#virsh dumpxml virt-tests-vm1
...
<disk type='file' device='disk'>
<driver name='qemu' type='raw' cache='none'/>
<source file='/libvirt_autotest_root/images/fedora17.img'/>
<target dev='hda' bus='ide'/>
<address type='drive' controller='0' bus='0' target='0' unit='0'/>
</disk>
...
<seclabel type='dynamic' model='selinux' relabel='yes'/>
...
# ll /libvirt_autotest_root/images/fedora17.img -Z
-rwxr-xr-x. root root *system_u:object_r:svirt_image_t:s0* /libvirt_autotest_root/images/fedora17.img
# virsh start virt-tests-vm1
Domain virt-tests-vm1 started
# virsh destroy virt-tests-vm1
Domain virt-tests-vm1 destroyed
# ll /libvirt_autotest_root/images/fedora17.img -Z
-rwxr-xr-x. root root *system_u:object_r:default_t:s0* /libvirt_autotest_root/images/fedora17.img
Label is changed from svirt_image_t to default_t. And the svirt_image_t is accessable for svirt_t process
but default_t is not.
This patch instroduce a struct named _virSecuritySELinuxBackupContext to
save the path and the label before libvirt changing them. And labels will
be restored to path in VM being stopped.
yangdongsheng (2):
util: Introduce virStrcmp into virstring.
security: Save contexts of resources for restoring it.
src/security/security_selinux.c | 229 +++++++++++++++++++++++++++++++++++++--
src/util/virstring.c | 14 +++
src/util/virstring.h | 2 +
3 files changed, 238 insertions(+), 7 deletions(-)
--
1.7.10.1
11 years, 5 months
