[libvirt] [PATCH v2 00/24] Support multiple PHBs for pSeries guests
by Andrea Bolognani
Changes from [v1]:
* address review comments;
* implement a much better isolation algorithm that doesn't
require parsing and formatting the isolation group and
can handle more dynamic scenarios, such as empty PHBs
changing their isolation groups to accomodate hotplugged
hostdevs;
* add more test cases.
Reviewed-by tags have been collected, so figuring out which
patches are still in need of reviewing is pretty easy. As
an exception, patches 12 and 13 are unchanged but don't
carry the tag due to the required documentation being still
missing.
Known limitations:
* hot(un)plug is still not handled
- shouldn't be too much work to fix this, but I though
it would be better to send out the code now rather
than holding it up further, as most of it shouldn't
change anyway;
* hostdevs in IOMMU group 0 are not handled properly
- the default isolation group is currently 0, which
means hostdevs in IOMMU group 0 will be assigned
addresses as if they were emulated devices and will
not be isolated properly. Fixing this will be a lot
of work because it requires cleaning up the the code
that instantiates pretty much anything embedding a
virDomainDeviceInfo, which is... A lot of things.
Luckily, IOMMU group 0 will probably not contain any
devices that are actually usable as hostdevs, so it
should be okay to fix this in a follow-up series
rather than upfront;
* documentation is still missing
- I'll take care of that once the code is
feature-complete, eg. the first item has been solved;
* no epic cover letter this time around
- apologies to all my fans :(
[v1] https://www.redhat.com/archives/libvir-list/2017-June/msg00110.html
Andrea Bolognani (24):
conf: Remove obsolete comment
conf: Make virDomainPCIAddressSetGrow() private
conf: Make virDomainPCIAddressFlagsCompatible() private
conf: Tweak virDomainPCIAddressGetNextAddr() signature
tests: Update qemumemlock data
tests: Mock IOMMU groups
conf: Simplify slot allocation
qemu: Allow qemuBuildControllerDevStr() to return NULL
qemu: Tweak index number checking
conf: Move index number checking to drivers
qemu: Relax pci-root index requirement for pSeries guests
conf: Parse and format <target index='...'/>
conf: Add 'spapr-pci-host-bridge' controller model
qemu: Automatically pick target index and model for pci-root
controllers
qemu: Introduce QEMU_CAPS_DEVICE_SPAPR_PCI_HOST_BRIDGE
qemu: Deal with PHB naming convention
qemu: Use multiple PHBs for pSeries guests
tests: Add tests for pSeries guests with multiple PHBs
tests: Add baseline tests for automatic PHB usage
qemu: Use PHBs to fill holes in PCI bus numbering
qemu: Use PHBs when extending the guest PCI topology
conf: Introduce isolation groups
conf: Implement isolation rules
qemu: Isolate hostdevs on pSeries guests
docs/schemas/domaincommon.rng | 7 +
src/bhyve/bhyve_device.c | 4 +-
src/bhyve/bhyve_domain.c | 15 ++
src/conf/device_conf.h | 14 +-
src/conf/domain_addr.c | 199 +++++++++++------
src/conf/domain_addr.h | 38 ++--
src/conf/domain_conf.c | 31 ++-
src/conf/domain_conf.h | 2 +
src/libvirt_private.syms | 2 -
src/qemu/qemu_capabilities.c | 2 +
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_command.c | 148 ++++++++++--
src/qemu/qemu_command.h | 9 +-
src/qemu/qemu_domain.c | 14 ++
src/qemu/qemu_domain_address.c | 248 +++++++++++++++++++--
src/qemu/qemu_hotplug.c | 5 +-
.../qemuargv2xmldata/qemuargv2xml-pseries-disk.xml | 5 +-
.../qemuargv2xml-pseries-nvram.xml | 5 +-
tests/qemucapabilitiesdata/caps_2.6.0.ppc64le.xml | 1 +
.../qemumemlock-pc-hardlimit+hostdev.xml | 2 +-
.../qemumemlock-pc-hardlimit+locked+hostdev.xml | 2 +-
tests/qemumemlockdata/qemumemlock-pc-hostdev.xml | 2 +-
.../qemumemlock-pc-locked+hostdev.xml | 2 +-
.../qemumemlock-pseries-hardlimit+hostdev.xml | 2 +-
...emumemlock-pseries-hardlimit+locked+hostdev.xml | 2 +-
.../qemumemlock-pseries-hostdev.xml | 2 +-
.../qemumemlock-pseries-locked+hostdev.xml | 2 +-
tests/qemumemlocktest.c | 21 +-
.../qemuxml2argv-pseries-hostdevs-1.args | 25 +++
.../qemuxml2argv-pseries-hostdevs-1.xml | 38 ++++
.../qemuxml2argv-pseries-hostdevs-2.args | 25 +++
.../qemuxml2argv-pseries-hostdevs-2.xml | 37 +++
.../qemuxml2argv-pseries-hostdevs-3.args | 24 ++
.../qemuxml2argv-pseries-hostdevs-3.xml | 31 +++
.../qemuxml2argv-pseries-many-buses-1.args | 22 ++
.../qemuxml2argv-pseries-many-buses-1.xml | 19 ++
.../qemuxml2argv-pseries-many-buses-2.args | 22 ++
.../qemuxml2argv-pseries-many-buses-2.xml | 18 ++
.../qemuxml2argv-pseries-many-devices.args | 53 +++++
.../qemuxml2argv-pseries-many-devices.xml | 48 ++++
.../qemuxml2argv-pseries-phb-default-missing.args | 22 ++
.../qemuxml2argv-pseries-phb-default-missing.xml | 16 ++
.../qemuxml2argv-pseries-phb-simple.args | 22 ++
.../qemuxml2argv-pseries-phb-simple.xml | 17 ++
tests/qemuxml2argvtest.c | 64 +++++-
.../qemuxml2xmlout-panic-pseries.xml | 5 +-
.../qemuxml2xmlout-ppc64-usb-controller-legacy.xml | 5 +-
.../qemuxml2xmlout-ppc64-usb-controller.xml | 5 +-
.../qemuxml2xmlout-pseries-hostdevs-1.xml | 54 +++++
.../qemuxml2xmlout-pseries-hostdevs-2.xml | 50 +++++
.../qemuxml2xmlout-pseries-hostdevs-3.xml | 47 ++++
...xml => qemuxml2xmlout-pseries-many-buses-1.xml} | 19 +-
...xml => qemuxml2xmlout-pseries-many-buses-2.xml} | 20 +-
.../qemuxml2xmlout-pseries-many-devices.xml | 125 +++++++++++
.../qemuxml2xmlout-pseries-nvram.xml | 5 +-
.../qemuxml2xmlout-pseries-panic-missing.xml | 5 +-
.../qemuxml2xmlout-pseries-panic-no-address.xml | 5 +-
...qemuxml2xmlout-pseries-phb-default-missing.xml} | 18 +-
...m.xml => qemuxml2xmlout-pseries-phb-simple.xml} | 18 +-
tests/qemuxml2xmltest.c | 59 ++++-
tests/virpcimock.c | 43 +++-
61 files changed, 1562 insertions(+), 211 deletions(-)
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-pseries-hostdevs-1.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-pseries-hostdevs-1.xml
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-pseries-hostdevs-2.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-pseries-hostdevs-2.xml
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-pseries-hostdevs-3.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-pseries-hostdevs-3.xml
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-pseries-many-buses-1.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-pseries-many-buses-1.xml
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-pseries-many-buses-2.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-pseries-many-buses-2.xml
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-pseries-many-devices.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-pseries-many-devices.xml
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-pseries-phb-default-missing.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-pseries-phb-default-missing.xml
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-pseries-phb-simple.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-pseries-phb-simple.xml
create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-pseries-hostdevs-1.xml
create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-pseries-hostdevs-2.xml
create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-pseries-hostdevs-3.xml
copy tests/qemuxml2xmloutdata/{qemuxml2xmlout-pseries-nvram.xml => qemuxml2xmlout-pseries-many-buses-1.xml} (55%)
copy tests/qemuxml2xmloutdata/{qemuxml2xmlout-pseries-nvram.xml => qemuxml2xmlout-pseries-many-buses-2.xml} (54%)
create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-pseries-many-devices.xml
copy tests/qemuxml2xmloutdata/{qemuxml2xmlout-pseries-nvram.xml => qemuxml2xmlout-pseries-phb-default-missing.xml} (56%)
copy tests/qemuxml2xmloutdata/{qemuxml2xmlout-pseries-nvram.xml => qemuxml2xmlout-pseries-phb-simple.xml} (56%)
--
2.7.5
8 years
[libvirt] Various apparmor related changes (part 2)
by Stefan Bader
> Over the years there have been a bunch of changes to the
> apparmor profiles and/or virt-aa-helper which have been
> carried in Debian/Ubuntu but never made it upstream.
>
> In an attempt to clean this up and generally improve the
> apparmor based environments, we (Christian and I) went
> over the changes, cleaned out cruft as much as possible
> and would be sending out hunks of changes to this list
> for upstream inclusion.
>
This second batch consists partially of some reworked
patches from the previous round and some more things
which hopefully are simple enough and improve the upstream
profiles.
5+6: Although these are Debian/Ubuntu specific, there are
other paths which are specific for SuSE. So I wondered
why not have both upstream.
9: Jamie, I know it has been a long time but do you remember
what this resolved?
Thanks,
Stefan
8 years
[libvirt] [PATCH v2 0/4] fix labeling for chardev source path
by Pavel Hrdina
Pavel Hrdina (4):
conf: move seclabel for chardev source to the correct sturcture
qemu: introduce chardevStdioLogd to qemu private data
qemu: propagate chardevStdioLogd to qemuBuildChrChardevStr
security: don't relabel chardev source if virtlogd is used as stdio
handler
src/conf/domain_conf.c | 46 +++++++-------
src/conf/domain_conf.h | 9 +--
src/lxc/lxc_process.c | 6 +-
src/qemu/qemu_command.c | 132 ++++++++++++++++++++++++++-------------
src/qemu/qemu_command.h | 3 +-
src/qemu/qemu_domain.c | 6 ++
src/qemu/qemu_domain.h | 3 +
src/qemu/qemu_process.c | 15 ++++-
src/qemu/qemu_security.c | 9 ++-
src/security/security_apparmor.c | 7 ++-
src/security/security_dac.c | 74 +++++++++++++++-------
src/security/security_driver.h | 6 +-
src/security/security_manager.c | 16 +++--
src/security/security_manager.h | 6 +-
src/security/security_nop.c | 6 +-
src/security/security_selinux.c | 71 ++++++++++++++-------
src/security/security_stack.c | 12 ++--
tests/securityselinuxlabeltest.c | 2 +-
18 files changed, 281 insertions(+), 148 deletions(-)
--
2.13.0
8 years
[libvirt] [PATCH] qemu: Allow live-updates of coalesce settings
by Martin Kletzander
Change the settings from qemuDomainUpdateDeviceLive() as otherwise the
call would succeed even though nothing has changed.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1460862
Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
---
src/qemu/qemu_hotplug.c | 13 ++++++
src/util/virnetdev.c | 103 +++++++++++++++++++++++++++++++-----------------
src/util/virnetdev.h | 3 +-
src/util/virnetdevtap.c | 2 +-
4 files changed, 83 insertions(+), 38 deletions(-)
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 0b8d3d80f173..244dd5e605e6 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -2986,6 +2986,7 @@ qemuDomainChangeNet(virQEMUDriverPtr driver,
bool needLinkStateChange = false;
bool needReplaceDevDef = false;
bool needBandwidthSet = false;
+ bool needCoalesceChange = false;
int ret = -1;
int changeidx = -1;
@@ -3280,6 +3281,12 @@ qemuDomainChangeNet(virQEMUDriverPtr driver,
virDomainNetGetActualBandwidth(newdev)))
needBandwidthSet = true;
+ if (!!olddev->coalesce != !!newdev->coalesce ||
+ (olddev->coalesce && newdev->coalesce &&
+ !memcmp(olddev->coalesce, newdev->coalesce,
+ sizeof(*olddev->coalesce))))
+ needCoalesceChange = true;
+
/* FINALLY - actually perform the required actions */
if (needReconnect) {
@@ -3315,6 +3322,12 @@ qemuDomainChangeNet(virQEMUDriverPtr driver,
needReplaceDevDef = true;
}
+ if (needCoalesceChange) {
+ if (virNetDevSetCoalesce(newdev->ifname, newdev->coalesce, true) < 0)
+ goto cleanup;
+ needReplaceDevDef = true;
+ }
+
if (needLinkStateChange &&
qemuDomainChangeNetLinkState(driver, vm, olddev, newdev->linkstate) < 0) {
goto cleanup;
diff --git a/src/util/virnetdev.c b/src/util/virnetdev.c
index e75a1c970505..90b7bee34ae7 100644
--- a/src/util/virnetdev.c
+++ b/src/util/virnetdev.c
@@ -3086,7 +3086,8 @@ virNetDevGetEthtoolGFeatures(virBitmapPtr bitmap ATTRIBUTE_UNUSED,
/**
* virNetDevSetCoalesce:
* @ifname: interface name to modify
- * @coalesce: Coalesce settings to set and update
+ * @coalesce: Coalesce settings to set or update
+ * @update: Whether this is an update for existing settings or not
*
* This function sets the various coalesce settings for a given interface
* @ifname and updates them back into @coalesce.
@@ -3094,40 +3095,44 @@ virNetDevGetEthtoolGFeatures(virBitmapPtr bitmap ATTRIBUTE_UNUSED,
* Returns 0 in case of success or -1 on failure
*/
int virNetDevSetCoalesce(const char *ifname,
- virNetDevCoalescePtr coalesce)
+ virNetDevCoalescePtr coalesce,
+ bool update)
{
int fd = -1;
int ret = -1;
struct ifreq ifr;
struct ethtool_coalesce coal = {0};
- if (!coalesce)
+ if (!coalesce && !update)
return 0;
- coal = (struct ethtool_coalesce) {
- .cmd = ETHTOOL_SCOALESCE,
- .rx_max_coalesced_frames = coalesce->rx_max_coalesced_frames,
- .rx_coalesce_usecs_irq = coalesce->rx_coalesce_usecs_irq,
- .rx_max_coalesced_frames_irq = coalesce->rx_max_coalesced_frames_irq,
- .tx_coalesce_usecs = coalesce->tx_coalesce_usecs,
- .tx_max_coalesced_frames = coalesce->tx_max_coalesced_frames,
- .tx_coalesce_usecs_irq = coalesce->tx_coalesce_usecs_irq,
- .tx_max_coalesced_frames_irq = coalesce->tx_max_coalesced_frames_irq,
- .stats_block_coalesce_usecs = coalesce->stats_block_coalesce_usecs,
- .use_adaptive_rx_coalesce = coalesce->use_adaptive_rx_coalesce,
- .use_adaptive_tx_coalesce = coalesce->use_adaptive_tx_coalesce,
- .pkt_rate_low = coalesce->pkt_rate_low,
- .rx_coalesce_usecs_low = coalesce->rx_coalesce_usecs_low,
- .rx_max_coalesced_frames_low = coalesce->rx_max_coalesced_frames_low,
- .tx_coalesce_usecs_low = coalesce->tx_coalesce_usecs_low,
- .tx_max_coalesced_frames_low = coalesce->tx_max_coalesced_frames_low,
- .pkt_rate_high = coalesce->pkt_rate_high,
- .rx_coalesce_usecs_high = coalesce->rx_coalesce_usecs_high,
- .rx_max_coalesced_frames_high = coalesce->rx_max_coalesced_frames_high,
- .tx_coalesce_usecs_high = coalesce->tx_coalesce_usecs_high,
- .tx_max_coalesced_frames_high = coalesce->tx_max_coalesced_frames_high,
- .rate_sample_interval = coalesce->rate_sample_interval,
- };
+ if (coalesce) {
+ coal = (struct ethtool_coalesce) {
+ .rx_max_coalesced_frames = coalesce->rx_max_coalesced_frames,
+ .rx_coalesce_usecs_irq = coalesce->rx_coalesce_usecs_irq,
+ .rx_max_coalesced_frames_irq = coalesce->rx_max_coalesced_frames_irq,
+ .tx_coalesce_usecs = coalesce->tx_coalesce_usecs,
+ .tx_max_coalesced_frames = coalesce->tx_max_coalesced_frames,
+ .tx_coalesce_usecs_irq = coalesce->tx_coalesce_usecs_irq,
+ .tx_max_coalesced_frames_irq = coalesce->tx_max_coalesced_frames_irq,
+ .stats_block_coalesce_usecs = coalesce->stats_block_coalesce_usecs,
+ .use_adaptive_rx_coalesce = coalesce->use_adaptive_rx_coalesce,
+ .use_adaptive_tx_coalesce = coalesce->use_adaptive_tx_coalesce,
+ .pkt_rate_low = coalesce->pkt_rate_low,
+ .rx_coalesce_usecs_low = coalesce->rx_coalesce_usecs_low,
+ .rx_max_coalesced_frames_low = coalesce->rx_max_coalesced_frames_low,
+ .tx_coalesce_usecs_low = coalesce->tx_coalesce_usecs_low,
+ .tx_max_coalesced_frames_low = coalesce->tx_max_coalesced_frames_low,
+ .pkt_rate_high = coalesce->pkt_rate_high,
+ .rx_coalesce_usecs_high = coalesce->rx_coalesce_usecs_high,
+ .rx_max_coalesced_frames_high = coalesce->rx_max_coalesced_frames_high,
+ .tx_coalesce_usecs_high = coalesce->tx_coalesce_usecs_high,
+ .tx_max_coalesced_frames_high = coalesce->tx_max_coalesced_frames_high,
+ .rate_sample_interval = coalesce->rate_sample_interval,
+ };
+ }
+
+ coal.cmd = ETHTOOL_SCOALESCE;
if ((fd = virNetDevSetupControl(ifname, &ifr)) < 0)
return -1;
@@ -3141,12 +3146,36 @@ int virNetDevSetCoalesce(const char *ifname,
goto cleanup;
}
- coal = (struct ethtool_coalesce) {
- .cmd = ETHTOOL_GCOALESCE,
- };
+ if (coalesce) {
+ coal = (struct ethtool_coalesce) {
+ .cmd = ETHTOOL_GCOALESCE,
+ };
- /* Don't fail if the update itself fails */
- virNetDevSendEthtoolIoctl(fd, &ifr);
+ /* Don't fail if the update itself fails */
+ if (virNetDevSendEthtoolIoctl(fd, &ifr) == 0) {
+ coalesce->rx_max_coalesced_frames = coal.rx_max_coalesced_frames;
+ coalesce->rx_coalesce_usecs_irq = coal.rx_coalesce_usecs_irq;
+ coalesce->rx_max_coalesced_frames_irq = coal.rx_max_coalesced_frames_irq;
+ coalesce->tx_coalesce_usecs = coal.tx_coalesce_usecs;
+ coalesce->tx_max_coalesced_frames = coal.tx_max_coalesced_frames;
+ coalesce->tx_coalesce_usecs_irq = coal.tx_coalesce_usecs_irq;
+ coalesce->tx_max_coalesced_frames_irq = coal.tx_max_coalesced_frames_irq;
+ coalesce->stats_block_coalesce_usecs = coal.stats_block_coalesce_usecs;
+ coalesce->use_adaptive_rx_coalesce = coal.use_adaptive_rx_coalesce;
+ coalesce->use_adaptive_tx_coalesce = coal.use_adaptive_tx_coalesce;
+ coalesce->pkt_rate_low = coal.pkt_rate_low;
+ coalesce->rx_coalesce_usecs_low = coal.rx_coalesce_usecs_low;
+ coalesce->rx_max_coalesced_frames_low = coal.rx_max_coalesced_frames_low;
+ coalesce->tx_coalesce_usecs_low = coal.tx_coalesce_usecs_low;
+ coalesce->tx_max_coalesced_frames_low = coal.tx_max_coalesced_frames_low;
+ coalesce->pkt_rate_high = coal.pkt_rate_high;
+ coalesce->rx_coalesce_usecs_high = coal.rx_coalesce_usecs_high;
+ coalesce->rx_max_coalesced_frames_high = coal.rx_max_coalesced_frames_high;
+ coalesce->tx_coalesce_usecs_high = coal.tx_coalesce_usecs_high;
+ coalesce->tx_max_coalesced_frames_high = coal.tx_max_coalesced_frames_high;
+ coalesce->rate_sample_interval = coal.rate_sample_interval;
+ }
+ }
ret = 0;
cleanup:
@@ -3155,9 +3184,10 @@ int virNetDevSetCoalesce(const char *ifname,
}
# else
int virNetDevSetCoalesce(const char *ifname,
- virNetDevCoalescePtr coalesce)
+ virNetDevCoalescePtr coalesce,
+ bool update)
{
- if (!coalesce)
+ if (!coalesce && !update)
return 0;
virReportSystemError(ENOSYS,
@@ -3216,9 +3246,10 @@ virNetDevGetFeatures(const char *ifname ATTRIBUTE_UNUSED,
}
int virNetDevSetCoalesce(const char *ifname,
- virNetDevCoalescePtr coalesce)
+ virNetDevCoalescePtr coalesce,
+ bool update)
{
- if (!coalesce)
+ if (!coalesce && !update)
return 0;
virReportSystemError(ENOSYS,
diff --git a/src/util/virnetdev.h b/src/util/virnetdev.h
index c7494cd608f3..51fcae544e89 100644
--- a/src/util/virnetdev.h
+++ b/src/util/virnetdev.h
@@ -180,7 +180,8 @@ int virNetDevRestoreMacAddress(const char *linkdev,
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_RETURN_CHECK;
int virNetDevSetCoalesce(const char *ifname,
- virNetDevCoalescePtr coalesce)
+ virNetDevCoalescePtr coalesce,
+ bool update)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_RETURN_CHECK;
int virNetDevSetMTU(const char *ifname,
diff --git a/src/util/virnetdevtap.c b/src/util/virnetdevtap.c
index c8dacfe27b94..175dc2bfaae3 100644
--- a/src/util/virnetdevtap.c
+++ b/src/util/virnetdevtap.c
@@ -663,7 +663,7 @@ int virNetDevTapCreateInBridgePort(const char *brname,
if (virNetDevSetOnline(*ifname, !!(flags & VIR_NETDEV_TAP_CREATE_IFUP)) < 0)
goto error;
- if (virNetDevSetCoalesce(*ifname, coalesce) < 0)
+ if (virNetDevSetCoalesce(*ifname, coalesce, false) < 0)
goto error;
return 0;
--
2.13.1
8 years
[libvirt] Accepting RELATED, ESTABLISHED (TCP) connections into VM using Network Filters
by Wido den Hollander
Hi,
Over the past few days I've been trying to get a prototype working of a stateful firewall for a Virtual Machine using Libvirt's network filters.
My goal is to replace the current custom Python/Java code in the Apache CloudStack [0] project by Network Filters of Libvirt.
Both IPv4 and IPv6 should work, but I started off with IPv4 and I have issues with accepting back RELATED,ESTABLISHED connections into the VM.
In the guest's XML I have this defined:
<filterref filter='nwfilter-test'>
<parameter name='IP' value='192.168.200.250'/>
<parameter name='IPV6' value='2001:db8:100:0:5054:ff:fe9c:6ce6'/>
<parameter name='IPV6' value='fe80::5054:ff:fe9c:6ce6'/>
</filterref>
And the filter currently looks like this:
<filter name='nwfilter-test' chain='root'>
<uuid>a2493284-9dd5-4c20-98b5-7e70745b53de</uuid>
<!-- These are default build-in filters from libvirt and are mainly ipv4 only-->
<filterref filter='no-mac-spoofing'/>
<filterref filter='no-ip-spoofing'/>
<filterref filter='no-arp-spoofing'/>
<filterref filter='allow-dhcp'/>
<!-- IPv4 Rules -->
<rule action='accept' direction='in' priority='100'>
<all state='RELATED,ESTABLISHED'/>
</rule>
<rule action='return' direction='in' priority='500'>
<icmp/>
</rule>
<rule action='accept' direction='in' priority='500'>
<tcp dstportstart='22'/>
</rule>
<rule action='accept' direction='in' priority='500'>
<tcp dstportstart='80'/>
</rule>
<rule action='reject' direction='in' priority='1000'>
<all/>
</rule>
</filter>
I can SSH into the VM and also visit the Webserver running on it. But going out the VM results in issues:
root@nwfilter-test:~# telnet 109.72.92.155 80
Trying 109.72.92.155...
telnet: Unable to connect to remote host: Connection refused
root@nwfilter-test:~#
I can however ping the same target:
root@nwfilter-test:~# ping -c 2 109.72.92.155
PING 109.72.92.155 (109.72.92.155) 56(84) bytes of data.
64 bytes from 109.72.92.155: icmp_seq=1 ttl=56 time=13.2 ms
64 bytes from 109.72.92.155: icmp_seq=2 ttl=56 time=14.1 ms
--- 109.72.92.155 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 13.225/13.703/14.182/0.492 ms
root@nwfilter-test:~#
Looking at iptables-save it seems like the right rules are programmed:
-A FI-vnet1 -p icmp -j RETURN
-A FI-vnet1 -p tcp -m tcp --sport 22 -m conntrack --ctstate ESTABLISHED -m conntrack --ctdir REPLY -j RETURN
-A FI-vnet1 -p tcp -m tcp --sport 80 -m conntrack --ctstate ESTABLISHED -m conntrack --ctdir REPLY -j RETURN
-A FI-vnet1 -j REJECT --reject-with icmp-port-unreachable
-A FO-vnet1 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FO-vnet1 -p icmp -j RETURN
-A FO-vnet1 -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -m conntrack --ctdir ORIGINAL -j ACCEPT
-A FO-vnet1 -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW,ESTABLISHED -m conntrack --ctdir ORIGINAL -j ACCEPT
-A FO-vnet1 -j REJECT --reject-with icmp-port-unreachable
-A HI-vnet1 -p icmp -j RETURN
-A HI-vnet1 -p tcp -m tcp --sport 22 -m conntrack --ctstate ESTABLISHED -m conntrack --ctdir REPLY -j RETURN
-A HI-vnet1 -p tcp -m tcp --sport 80 -m conntrack --ctstate ESTABLISHED -m conntrack --ctdir REPLY -j RETURN
-A HI-vnet1 -j REJECT --reject-with icmp-port-unreachable
-A libvirt-host-in -m physdev --physdev-in vnet1 -g HI-vnet1
-A libvirt-in -m physdev --physdev-in vnet1 -g FI-vnet1
-A libvirt-in-post -m physdev --physdev-in vnet1 -j ACCEPT
-A libvirt-out -m physdev --physdev-out vnet1 --physdev-is-bridged -g FO-vnet1
I tried changing 'accept' into 'return' for the incoming RELATED,ESTABLISHED rules, but that didn't help.
I also tried searching for example of more complex network filters, but all I keep finding are the default filters of Libvirt.
Does anybody know what I'm doing wrong here? Or are there any examples of working filters out there?
Thank you!
Wido
[0]: http://cloudstack.apache.org/
8 years
[libvirt] [PATCH v2] Report more correct information for cache control
by Martin Kletzander
On some platforms the number of bits in the cbm_mask might not be
divisible by 4 (and not even by 2), so we need to properly count the
bits. Similar file, min_cbm_bits, is properly parsed and used, but if
the number is greater than one, we lose the information about
granularity when reporting the data in capabilities. For that matter
always report granularity, but if it is not the same as the minimum,
add that information in there as well.
Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
---
v2:
- More expressive comments for structure members
- Cache size adjusted to match the SKX machine (33M)
v1:
- https://www.redhat.com/archives/libvir-list/2017-June/msg00229.html
docs/schemas/capability.rng | 7 ++++-
src/conf/capabilities.c | 34 ++++++++++++++++++----
src/conf/capabilities.h | 11 +++++--
.../linux-resctrl-skx/resctrl/info/L3/cbm_mask | 1 +
.../linux-resctrl-skx/resctrl/info/L3/min_cbm_bits | 1 +
.../linux-resctrl-skx/resctrl/info/L3/num_closids | 1 +
.../linux-resctrl-skx/resctrl/schemata | 1 +
.../system/cpu/cpu0/cache/index0/id | 1 +
.../system/cpu/cpu0/cache/index0/level | 1 +
.../system/cpu/cpu0/cache/index0/shared_cpu_list | 1 +
.../system/cpu/cpu0/cache/index0/shared_cpu_map | 1 +
.../system/cpu/cpu0/cache/index0/size | 1 +
.../system/cpu/cpu0/cache/index0/type | 1 +
.../linux-resctrl-skx/system/cpu/cpu0/online | 1 +
.../system/cpu/cpu0/topology/core_id | 1 +
.../system/cpu/cpu0/topology/core_siblings | 1 +
.../system/cpu/cpu0/topology/core_siblings_list | 1 +
.../system/cpu/cpu0/topology/physical_package_id | 1 +
.../system/cpu/cpu0/topology/thread_siblings | 1 +
.../system/cpu/cpu0/topology/thread_siblings_list | 1 +
.../linux-resctrl-skx/system/cpu/online | 1 +
.../linux-resctrl-skx/system/cpu/present | 1 +
.../linux-resctrl-skx/system/node/node0/cpu0 | 1 +
.../linux-resctrl-skx/system/node/node0/cpulist | 1 +
.../linux-resctrl-skx/system/node/node0/cpumap | 1 +
.../linux-resctrl-skx/system/node/node0/distance | 1 +
.../linux-resctrl-skx/system/node/online | 1 +
.../vircaps2xmldata/vircaps-x86_64-resctrl-cdp.xml | 8 ++---
.../vircaps2xmldata/vircaps-x86_64-resctrl-skx.xml | 31 ++++++++++++++++++++
tests/vircaps2xmldata/vircaps-x86_64-resctrl.xml | 4 +--
tests/vircaps2xmltest.c | 1 +
31 files changed, 104 insertions(+), 16 deletions(-)
create mode 100644 tests/vircaps2xmldata/linux-resctrl-skx/resctrl/info/L3/cbm_mask
create mode 100644 tests/vircaps2xmldata/linux-resctrl-skx/resctrl/info/L3/min_cbm_bits
create mode 100644 tests/vircaps2xmldata/linux-resctrl-skx/resctrl/info/L3/num_closids
create mode 100644 tests/vircaps2xmldata/linux-resctrl-skx/resctrl/schemata
create mode 100644 tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/cache/index0/id
create mode 100644 tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/cache/index0/level
create mode 100644 tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/cache/index0/shared_cpu_list
create mode 100644 tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/cache/index0/shared_cpu_map
create mode 100644 tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/cache/index0/size
create mode 100644 tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/cache/index0/type
create mode 100644 tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/online
create mode 100644 tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/topology/core_id
create mode 100644 tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/topology/core_siblings
create mode 100644 tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/topology/core_siblings_list
create mode 100644 tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/topology/physical_package_id
create mode 100644 tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/topology/thread_siblings
create mode 100644 tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/topology/thread_siblings_list
create mode 100644 tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/online
create mode 100644 tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/present
create mode 120000 tests/vircaps2xmldata/linux-resctrl-skx/system/node/node0/cpu0
create mode 100644 tests/vircaps2xmldata/linux-resctrl-skx/system/node/node0/cpulist
create mode 100644 tests/vircaps2xmldata/linux-resctrl-skx/system/node/node0/cpumap
create mode 100644 tests/vircaps2xmldata/linux-resctrl-skx/system/node/node0/distance
create mode 100644 tests/vircaps2xmldata/linux-resctrl-skx/system/node/online
create mode 100644 tests/vircaps2xmldata/vircaps-x86_64-resctrl-skx.xml
diff --git a/docs/schemas/capability.rng b/docs/schemas/capability.rng
index e5cbfa362ec0..071090c2d991 100644
--- a/docs/schemas/capability.rng
+++ b/docs/schemas/capability.rng
@@ -273,9 +273,14 @@
</attribute>
<zeroOrMore>
<element name='control'>
- <attribute name='min'>
+ <attribute name='granularity'>
<ref name='unsignedInt'/>
</attribute>
+ <optional>
+ <attribute name='min'>
+ <ref name='unsignedInt'/>
+ </attribute>
+ </optional>
<attribute name='unit'>
<ref name='unit'/>
</attribute>
diff --git a/src/conf/capabilities.c b/src/conf/capabilities.c
index 3becc7e18c62..0f99f3096292 100644
--- a/src/conf/capabilities.c
+++ b/src/conf/capabilities.c
@@ -31,6 +31,7 @@
#include <unistd.h>
#include "capabilities.h"
+#include "c-ctype.h"
#include "count-one-bits.h"
#include "cpu_conf.h"
#include "domain_conf.h"
@@ -906,11 +907,24 @@ virCapabilitiesFormatCaches(virBufferPtr buf,
virBufferAdjustIndent(&controlBuf, indent + 4);
for (j = 0; j < bank->ncontrols; j++) {
- bool min_kilos = !(bank->controls[j]->min % 1024);
+ bool min_kilos = !(bank->controls[j]->granularity % 1024);
+
+ /* Only use KiB if both values are divisible */
+ if (bank->controls[j]->min)
+ min_kilos = min_kilos && !(bank->controls[j]->min % 1024);
+
+ virBufferAsprintf(&controlBuf,
+ "<control granularity='%llu'",
+ bank->controls[j]->granularity >> (min_kilos * 10));
+
+ if (bank->controls[j]->min) {
+ virBufferAsprintf(&controlBuf,
+ " min='%llu'",
+ bank->controls[j]->min >> (min_kilos * 10));
+ }
+
virBufferAsprintf(&controlBuf,
- "<control min='%llu' unit='%s' "
- "type='%s' maxAllocs='%u'/>\n",
- bank->controls[j]->min >> (min_kilos * 10),
+ " unit='%s' type='%s' maxAllocs='%u'/>\n",
min_kilos ? "KiB" : "B",
virCacheTypeToString(bank->controls[j]->scope),
bank->controls[j]->max_allocation);
@@ -1598,9 +1612,11 @@ virCapabilitiesGetCacheControl(virCapsHostCacheBankPtr bank,
virCacheType scope)
{
int ret = -1;
+ char *tmp = NULL;
char *path = NULL;
char *cbm_mask = NULL;
char *type_upper = NULL;
+ unsigned int bits = 0;
unsigned int min_cbm_bits = 0;
virCapsHostCacheControlPtr control;
@@ -1632,8 +1648,14 @@ virCapabilitiesGetCacheControl(virCapsHostCacheBankPtr bank,
virStringTrimOptionalNewline(cbm_mask);
- /* cbm_mask: cache bit mask, it's in hex, eg: fffff */
- control->min = min_cbm_bits * bank->size / (strlen(cbm_mask) * 4);
+ for (tmp = cbm_mask; *tmp != '\0'; tmp++) {
+ if (c_isxdigit(*tmp))
+ bits += count_one_bits(virHexToBin(*tmp));
+ }
+
+ control->granularity = bank->size / bits;
+ if (min_cbm_bits != 1)
+ control->min = min_cbm_bits * control->granularity;
control->scope = scope;
diff --git a/src/conf/capabilities.h b/src/conf/capabilities.h
index ee87d598ef66..39a9bc689279 100644
--- a/src/conf/capabilities.h
+++ b/src/conf/capabilities.h
@@ -151,9 +151,14 @@ VIR_ENUM_DECL(virCache);
typedef struct _virCapsHostCacheControl virCapsHostCacheControl;
typedef virCapsHostCacheControl *virCapsHostCacheControlPtr;
struct _virCapsHostCacheControl {
- unsigned long long min; /* minimum cache control size in B */
- virCacheType scope; /* data, code or both */
- unsigned int max_allocation; /* max number of supported allocations */
+ /* Smallest possible increase of the allocation size in bytes */
+ unsigned long long granularity;
+ /* Minimal allocatable size in bytes (if different from granularity) */
+ unsigned long long min;
+ /* Type of the allocation */
+ virCacheType scope;
+ /* Maximum number of simultaneous allocations */
+ unsigned int max_allocation;
};
typedef struct _virCapsHostCacheBank virCapsHostCacheBank;
diff --git a/tests/vircaps2xmldata/linux-resctrl-skx/resctrl/info/L3/cbm_mask b/tests/vircaps2xmldata/linux-resctrl-skx/resctrl/info/L3/cbm_mask
new file mode 100644
index 000000000000..d482bbb26931
--- /dev/null
+++ b/tests/vircaps2xmldata/linux-resctrl-skx/resctrl/info/L3/cbm_mask
@@ -0,0 +1 @@
+7ff
diff --git a/tests/vircaps2xmldata/linux-resctrl-skx/resctrl/info/L3/min_cbm_bits b/tests/vircaps2xmldata/linux-resctrl-skx/resctrl/info/L3/min_cbm_bits
new file mode 100644
index 000000000000..d00491fd7e5b
--- /dev/null
+++ b/tests/vircaps2xmldata/linux-resctrl-skx/resctrl/info/L3/min_cbm_bits
@@ -0,0 +1 @@
+1
diff --git a/tests/vircaps2xmldata/linux-resctrl-skx/resctrl/info/L3/num_closids b/tests/vircaps2xmldata/linux-resctrl-skx/resctrl/info/L3/num_closids
new file mode 100644
index 000000000000..b6a7d89c68e0
--- /dev/null
+++ b/tests/vircaps2xmldata/linux-resctrl-skx/resctrl/info/L3/num_closids
@@ -0,0 +1 @@
+16
diff --git a/tests/vircaps2xmldata/linux-resctrl-skx/resctrl/schemata b/tests/vircaps2xmldata/linux-resctrl-skx/resctrl/schemata
new file mode 100644
index 000000000000..4a4913735386
--- /dev/null
+++ b/tests/vircaps2xmldata/linux-resctrl-skx/resctrl/schemata
@@ -0,0 +1 @@
+L3:0=7ff;1=7ff
diff --git a/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/cache/index0/id b/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/cache/index0/id
new file mode 100644
index 000000000000..573541ac9702
--- /dev/null
+++ b/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/cache/index0/id
@@ -0,0 +1 @@
+0
diff --git a/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/cache/index0/level b/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/cache/index0/level
new file mode 100644
index 000000000000..00750edc07d6
--- /dev/null
+++ b/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/cache/index0/level
@@ -0,0 +1 @@
+3
diff --git a/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/cache/index0/shared_cpu_list b/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/cache/index0/shared_cpu_list
new file mode 100644
index 000000000000..573541ac9702
--- /dev/null
+++ b/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/cache/index0/shared_cpu_list
@@ -0,0 +1 @@
+0
diff --git a/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/cache/index0/shared_cpu_map b/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/cache/index0/shared_cpu_map
new file mode 100644
index 000000000000..5325a8dff751
--- /dev/null
+++ b/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/cache/index0/shared_cpu_map
@@ -0,0 +1 @@
+001
diff --git a/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/cache/index0/size b/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/cache/index0/size
new file mode 100644
index 000000000000..d23da60c1205
--- /dev/null
+++ b/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/cache/index0/size
@@ -0,0 +1 @@
+33M
diff --git a/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/cache/index0/type b/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/cache/index0/type
new file mode 100644
index 000000000000..e4fd9dccda2c
--- /dev/null
+++ b/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/cache/index0/type
@@ -0,0 +1 @@
+Unified
diff --git a/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/online b/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/online
new file mode 100644
index 000000000000..d00491fd7e5b
--- /dev/null
+++ b/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/online
@@ -0,0 +1 @@
+1
diff --git a/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/topology/core_id b/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/topology/core_id
new file mode 100644
index 000000000000..573541ac9702
--- /dev/null
+++ b/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/topology/core_id
@@ -0,0 +1 @@
+0
diff --git a/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/topology/core_siblings b/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/topology/core_siblings
new file mode 100644
index 000000000000..5325a8dff751
--- /dev/null
+++ b/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/topology/core_siblings
@@ -0,0 +1 @@
+001
diff --git a/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/topology/core_siblings_list b/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/topology/core_siblings_list
new file mode 100644
index 000000000000..573541ac9702
--- /dev/null
+++ b/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/topology/core_siblings_list
@@ -0,0 +1 @@
+0
diff --git a/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/topology/physical_package_id b/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/topology/physical_package_id
new file mode 100644
index 000000000000..573541ac9702
--- /dev/null
+++ b/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/topology/physical_package_id
@@ -0,0 +1 @@
+0
diff --git a/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/topology/thread_siblings b/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/topology/thread_siblings
new file mode 100644
index 000000000000..5325a8dff751
--- /dev/null
+++ b/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/topology/thread_siblings
@@ -0,0 +1 @@
+001
diff --git a/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/topology/thread_siblings_list b/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/topology/thread_siblings_list
new file mode 100644
index 000000000000..573541ac9702
--- /dev/null
+++ b/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/cpu0/topology/thread_siblings_list
@@ -0,0 +1 @@
+0
diff --git a/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/online b/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/online
new file mode 100644
index 000000000000..573541ac9702
--- /dev/null
+++ b/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/online
@@ -0,0 +1 @@
+0
diff --git a/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/present b/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/present
new file mode 100644
index 000000000000..573541ac9702
--- /dev/null
+++ b/tests/vircaps2xmldata/linux-resctrl-skx/system/cpu/present
@@ -0,0 +1 @@
+0
diff --git a/tests/vircaps2xmldata/linux-resctrl-skx/system/node/node0/cpu0 b/tests/vircaps2xmldata/linux-resctrl-skx/system/node/node0/cpu0
new file mode 120000
index 000000000000..c841bea28b2b
--- /dev/null
+++ b/tests/vircaps2xmldata/linux-resctrl-skx/system/node/node0/cpu0
@@ -0,0 +1 @@
+../../cpu/cpu0
\ No newline at end of file
diff --git a/tests/vircaps2xmldata/linux-resctrl-skx/system/node/node0/cpulist b/tests/vircaps2xmldata/linux-resctrl-skx/system/node/node0/cpulist
new file mode 100644
index 000000000000..573541ac9702
--- /dev/null
+++ b/tests/vircaps2xmldata/linux-resctrl-skx/system/node/node0/cpulist
@@ -0,0 +1 @@
+0
diff --git a/tests/vircaps2xmldata/linux-resctrl-skx/system/node/node0/cpumap b/tests/vircaps2xmldata/linux-resctrl-skx/system/node/node0/cpumap
new file mode 100644
index 000000000000..5325a8dff751
--- /dev/null
+++ b/tests/vircaps2xmldata/linux-resctrl-skx/system/node/node0/cpumap
@@ -0,0 +1 @@
+001
diff --git a/tests/vircaps2xmldata/linux-resctrl-skx/system/node/node0/distance b/tests/vircaps2xmldata/linux-resctrl-skx/system/node/node0/distance
new file mode 100644
index 000000000000..f599e28b8ab0
--- /dev/null
+++ b/tests/vircaps2xmldata/linux-resctrl-skx/system/node/node0/distance
@@ -0,0 +1 @@
+10
diff --git a/tests/vircaps2xmldata/linux-resctrl-skx/system/node/online b/tests/vircaps2xmldata/linux-resctrl-skx/system/node/online
new file mode 100644
index 000000000000..573541ac9702
--- /dev/null
+++ b/tests/vircaps2xmldata/linux-resctrl-skx/system/node/online
@@ -0,0 +1 @@
+0
diff --git a/tests/vircaps2xmldata/vircaps-x86_64-resctrl-cdp.xml b/tests/vircaps2xmldata/vircaps-x86_64-resctrl-cdp.xml
index 49aa0b98ca88..7361537bfb56 100644
--- a/tests/vircaps2xmldata/vircaps-x86_64-resctrl-cdp.xml
+++ b/tests/vircaps2xmldata/vircaps-x86_64-resctrl-cdp.xml
@@ -42,12 +42,12 @@
</topology>
<cache>
<bank id='0' level='3' type='both' size='15360' unit='KiB' cpus='0-5'>
- <control min='768' unit='KiB' type='code' maxAllocs='8'/>
- <control min='768' unit='KiB' type='data' maxAllocs='8'/>
+ <control granularity='768' unit='KiB' type='code' maxAllocs='8'/>
+ <control granularity='768' unit='KiB' type='data' maxAllocs='8'/>
</bank>
<bank id='1' level='3' type='both' size='15360' unit='KiB' cpus='6-11'>
- <control min='768' unit='KiB' type='code' maxAllocs='8'/>
- <control min='768' unit='KiB' type='data' maxAllocs='8'/>
+ <control granularity='768' unit='KiB' type='code' maxAllocs='8'/>
+ <control granularity='768' unit='KiB' type='data' maxAllocs='8'/>
</bank>
</cache>
</host>
diff --git a/tests/vircaps2xmldata/vircaps-x86_64-resctrl-skx.xml b/tests/vircaps2xmldata/vircaps-x86_64-resctrl-skx.xml
new file mode 100644
index 000000000000..4e91c87de3b1
--- /dev/null
+++ b/tests/vircaps2xmldata/vircaps-x86_64-resctrl-skx.xml
@@ -0,0 +1,31 @@
+<capabilities>
+
+ <host>
+ <cpu>
+ <arch>x86_64</arch>
+ </cpu>
+ <power_management/>
+ <migration_features>
+ <live/>
+ </migration_features>
+ <topology>
+ <cells num='1'>
+ <cell id='0'>
+ <memory unit='KiB'>1048576</memory>
+ <pages unit='KiB' size='4'>2048</pages>
+ <pages unit='KiB' size='2048'>4096</pages>
+ <pages unit='KiB' size='1048576'>6144</pages>
+ <cpus num='1'>
+ <cpu id='0' socket_id='0' core_id='0' siblings='0'/>
+ </cpus>
+ </cell>
+ </cells>
+ </topology>
+ <cache>
+ <bank id='0' level='3' type='both' size='33792' unit='KiB' cpus='0'>
+ <control granularity='3072' unit='KiB' type='both' maxAllocs='16'/>
+ </bank>
+ </cache>
+ </host>
+
+</capabilities>
diff --git a/tests/vircaps2xmldata/vircaps-x86_64-resctrl.xml b/tests/vircaps2xmldata/vircaps-x86_64-resctrl.xml
index cb78b4ab788d..eb02ad3322a2 100644
--- a/tests/vircaps2xmldata/vircaps-x86_64-resctrl.xml
+++ b/tests/vircaps2xmldata/vircaps-x86_64-resctrl.xml
@@ -42,10 +42,10 @@
</topology>
<cache>
<bank id='0' level='3' type='both' size='15360' unit='KiB' cpus='0-5'>
- <control min='1536' unit='KiB' type='both' maxAllocs='4'/>
+ <control granularity='768' min='1536' unit='KiB' type='both' maxAllocs='4'/>
</bank>
<bank id='1' level='3' type='both' size='15360' unit='KiB' cpus='6-11'>
- <control min='1536' unit='KiB' type='both' maxAllocs='4'/>
+ <control granularity='768' min='1536' unit='KiB' type='both' maxAllocs='4'/>
</bank>
</cache>
</host>
diff --git a/tests/vircaps2xmltest.c b/tests/vircaps2xmltest.c
index ae1cd521111e..c0a67858fec3 100644
--- a/tests/vircaps2xmltest.c
+++ b/tests/vircaps2xmltest.c
@@ -120,6 +120,7 @@ mymain(void)
DO_TEST_FULL("resctrl", VIR_ARCH_X86_64, true, true, true);
DO_TEST_FULL("resctrl-cdp", VIR_ARCH_X86_64, true, true, true);
+ DO_TEST_FULL("resctrl-skx", VIR_ARCH_X86_64, true, true, true);
return ret;
}
--
2.13.1
8 years
[libvirt] [PATCH go-xml] support virtualport for interface and add test code
by zhenwei.pi
---
domain.go | 29 +++++++++++++++++------------
domain_test.go | 4 ++++
2 files changed, 21 insertions(+), 12 deletions(-)
diff --git a/domain.go b/domain.go
index eb7ff9e..ecb8550 100644
--- a/domain.go
+++ b/domain.go
@@ -185,19 +185,24 @@ type DomainInterfaceDriver struct {
Queues uint `xml:"queues,attr,omitempty"`
}
+type DomainInterfaceVirtualport struct {
+ Type string `xml:"type,attr"`
+}
+
type DomainInterface struct {
- XMLName xml.Name `xml:"interface"`
- Type string `xml:"type,attr"`
- MAC *DomainInterfaceMAC `xml:"mac"`
- Model *DomainInterfaceModel `xml:"model"`
- Source *DomainInterfaceSource `xml:"source"`
- Target *DomainInterfaceTarget `xml:"target"`
- Alias *DomainInterfaceAlias `xml:"alias"`
- Link *DomainInterfaceLink `xml:"link"`
- Boot *DomainDeviceBoot `xml:"boot"`
- Script *DomainInterfaceScript `xml:"script"`
- Driver *DomainInterfaceDriver `xml:"driver"`
- Address *DomainAddress `xml:"address"`
+ XMLName xml.Name `xml:"interface"`
+ Type string `xml:"type,attr"`
+ MAC *DomainInterfaceMAC `xml:"mac"`
+ Model *DomainInterfaceModel `xml:"model"`
+ Source *DomainInterfaceSource `xml:"source"`
+ Target *DomainInterfaceTarget `xml:"target"`
+ Alias *DomainInterfaceAlias `xml:"alias"`
+ Link *DomainInterfaceLink `xml:"link"`
+ Boot *DomainDeviceBoot `xml:"boot"`
+ Script *DomainInterfaceScript `xml:"script"`
+ Driver *DomainInterfaceDriver `xml:"driver"`
+ Virtualport *DomainInterfaceVirtualport `xml:"virtualport"`
+ Address *DomainAddress `xml:"address"`
}
type DomainChardevSource struct {
diff --git a/domain_test.go b/domain_test.go
index 6b37719..9de725c 100644
--- a/domain_test.go
+++ b/domain_test.go
@@ -565,6 +565,9 @@ var domainTestData = []struct {
Model: &DomainInterfaceModel{
Type: "virtio",
},
+ Virtualport: &DomainInterfaceVirtualport{
+ Type: "openvswitch",
+ },
},
},
},
@@ -577,6 +580,7 @@ var domainTestData = []struct {
` <interface type="network">`,
` <mac address="00:11:22:33:44:55"></mac>`,
` <model type="virtio"></model>`,
+ ` <virtualport type="openvswitch"></virtualport>`,
` </interface>`,
` </devices>`,
`</domain>`,
--
2.7.4
8 years
[libvirt] [PATCH v2 0/8] virObject adjustments for common object
by John Ferlan
v1: https://www.redhat.com/archives/libvir-list/2017-May/msg01178.html
rfc: https://www.redhat.com/archives/libvir-list/2017-April/msg00321.html
Now that 3.5.0 is out, hopefully this can be considered early and more
progress can be made this month.
Differences to v1:
- Remove the magic_marker, replace with checks vs. existing magic without
the object # specific value. Also added a assert for the object# not
exceeding 0xcafeffff.
- Remove the recursive lock setup.... I believe I've had some success
with removing the need for recursive locks in nwfilter. I'll post a
series shortly with that removed for scrutiny.
Beyond that as in v1:
I'm "close enough" to at least convert secrets, nwfilters, nodedevs,
and interfaces to use a more common object methodolgy to add/store,
fetch/find, search, list, etc. the objects in something other than
a linear forward linked list. Converting the storage pool, storage volume,
and network is taking longer than hoped since there are so many patches
to get from pointA to pointB. So I'll focus on the 4 and work through
getting the complete model published/adopted as those have been in my
branches for a while now.
These patches get as far as the creation of the common object which
is a start. The first 4 patches are essentially setup. Patches 5-6 are
more or less what patch 7-8 were. Patches 7-8 are essentially the new
driver/common object extension.
Patches 5-6 from the RFC still exist in my branches and would be the next
logical step. It was a conscious decision to just use the "default" string
comparison for hash table key. That key could be a UUID, but since the
UUID can easily be converted from unsigned to signed - I believe it would
be far simpler to keep that mechanism rather than complexity introduced
by having "different" key search algorithms when the key isn't a char *.
John Ferlan (8):
util: Formatting cleanups to virobject API
util: Introduce virObjectGetLockableObj
util: Generate a common internal only error print
util: Add safety net of checks to ensure valid object
util: Introduce virObjectPoolableHashElement
util: Add virObjectPoolableHashElementGet*Key
util: Introduce virObjectPoolableDef
util: Add virObjectPoolableDef* accessor API's
src/libvirt_private.syms | 11 ++
src/util/virobject.c | 458 +++++++++++++++++++++++++++++++++++++++++++----
src/util/virobject.h | 123 +++++++++++--
3 files changed, 538 insertions(+), 54 deletions(-)
--
2.9.4
8 years
[libvirt] [PATCH] maint: update to latest gnulib
by Daniel P. Berrange
This fixes an incompatibility with glibc 2.25.90
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
Pushed as a broken build fix to get CI back online
.gnulib | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.gnulib b/.gnulib
index da830b5..ce4ee4c 160000
--- a/.gnulib
+++ b/.gnulib
@@ -1 +1 @@
-Subproject commit da830b5146cb553ac2a4bcfe76caeb57bda24cc3
+Subproject commit ce4ee4cbb596a9d7de2786cf8c48cf62a4edede7
--
2.9.3
8 years
[libvirt] [PATCH] Temporarily disable format truncation warnings
by Daniel P. Berrange
GCC 7.1 introduces a new -Wformat-truncation warning
flag that reports if it thinks the maximum possible
size of the formatted output will exceed the provided
fixed buffer. This is enabled automatically by the
-Wformat warning flag. There are quite a few places
hit by this in libvirt which need rewriting. This is
non-trivial work in some places, so temporarily
disable the new warning until those fixes can be
implemented.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
m4/virt-compile-warnings.m4 | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/m4/virt-compile-warnings.m4 b/m4/virt-compile-warnings.m4
index d7bb172f3..fa0940fc6 100644
--- a/m4/virt-compile-warnings.m4
+++ b/m4/virt-compile-warnings.m4
@@ -169,6 +169,10 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[
wantwarn="$wantwarn -Wno-format"
fi
+ # -Wformat enables this by default, and we should keep it,
+ # but need to rewrite various areas of code first
+ wantwarn="$wantwarn -Wno-format-truncation"
+
# This should be < 256 really. Currently we're down to 4096,
# but using 1024 bytes sized buffers (mostly for virStrerror)
# stops us from going down further
--
2.13.1
8 years
