[libvirt] [dbus PATCH v2 0/4] Implement LookupBy* methods for Connect
by Katerina Koukiou
Changes from v1:
* Added to method names Domain prefix.
* Seperated move of domain method in seperate commit.
Katerina Koukiou (4):
tests: Moved `domain` method from test_domain.py to libvirttest.py
Implement DomainLookupByID method for Connect Interface.
Implement DomainLookupByName method for Connect Interface
Implement DomainLookupByUUID method for Connect Interface
data/org.libvirt.Connect.xml | 18 +++++++++
src/connect.c | 87 ++++++++++++++++++++++++++++++++++++++++++++
test/libvirttest.py | 5 +++
test/test_connect.py | 14 +++++++
test/test_domain.py | 5 ---
5 files changed, 124 insertions(+), 5 deletions(-)
--
2.15.0
7 years
[libvirt] [PATCH v3 0/9] x86: Secure Encrypted Virtualization (AMD)
by Brijesh Singh
The patch series is test with QEMU recent pull which includes SEV support:
https://lists.gnu.org/archive/html/qemu-devel/2018-03/msg03826.html
This patch series provides support for launching an encrypted guest using
AMD's new Secure Encrypted Virtualization (SEV) feature.
SEV is an extension to the AMD-V architecture which supports running
multiple VMs under the control of a hypervisor. When enabled, SEV feature
allows the memory contents of a virtual machine (VM) to be transparently
encrypted with a key unique to the guest VM.
At very high level the flow looks this:
1. mgmt tool calls virConnectGetDomainCapabilities. This returns an XML document
that includes the following
<feature>
...
<sev supported='yes'>
<cbitpos> </cbitpos>
<reduced-phys-bits> </reduced-phys-bits>
<pdh> </pdh>
<cert-chain> </cert-chain>
</feature>
If <sev> is provided then we indicate that hypervisor is capable of launching
SEV guest.
2. (optional) mgmt tool can provide the PDH and Cert-chain to guest owner in case
if guest owner wish to establish a secure connection with SEV firmware to
negotiate a key used for validating the measurement.
3. mgmt tool requests to start a guest calling virCreateXML(), passing VIR_DOMAIN_START_PAUSED.
The xml would include
<launch-security type='sev'>
<cbitpos> </cbitpos> /* the value is same as what is obtained via virConnectGetDomainCapabilities()
<reduced-phys-bits> </reduced-phys-bits> /* the value is same as what is obtained via virConnectGetDomainCapabilities()
<dh-cert> .. </dh> /* guest owners diffie-hellman key */ (optional)
<session> ..</session> /* guest owners session blob */ (optional)
<policy> ..</policy> /* guest policy */ (optional)
4. Libvirt generate the QEMU cli arg to enable the SEV feature, a typical
args looks like this:
# $QEMU ..
-machine memory-encryption=sev0 \
-object sev-guest,id=sev0,dh-cert-file=<file>....
5. Libvirt generates lifecycle VIR_DOMAIN_EVENT_SUSPENDED_PAUSED event
6. mgmt tool gets the VIR_DOMAIN_EVENT_SUSPENDED_PAUSED and calls virDomainGetLaunchSecretInfo()
to retrieve the measurement of encrypted memory.
7. (optional) mgmt tool can provide the measurement value to guest owner, which can
validate the measurement and gives GO/NO-GO answer. If mgmt tool gets GO then
it resumes the guest otherwise it calls destroy() to kill the guest.
8. mgmt tool resumes the guest
TODO:
* SEV guest require to use DMA apis for the virtio devices. In order to use the DMA
apis the virtio devices must have this tag
<driver iommu=on ats=on>
It is a bit unclear to me where these changes need to go. Do we need to
modify the libvirt to automatically add these when SEV is enabled or
we ask mgmt tool to make sure that it creates XML with right tag to enable
the DMA APIs for virtio devices. I am looking for some suggestions.
Using these patches we have succesfully booted and tested a guest both with and
without SEV enabled.
SEV Firmware API spec is available at:
https://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf
Changes since v2:
* make cbitpos, policy and reduced-phys-bits as unsigned int
* update virDomainGetLaunchSecurityInfo to accept virTypedParameterPtr *params
instead of virTypedParameterPtr params.
Changes since v1:
* rename <sev> -> <launch-security> for domain
* add more information about policy and other fields in domaincaps.html
* split the domain_conf support in two patches
* add virDomainGetLaunchInfo() to retrieve the SEV measurement
* extend virsh command to show the domain's launch security information
* add test cases to validate newly added <launch-security> element
* fix issues reported with 'make check' and 'make syntax-check'
The complete git tree is available at:
https://github.com/codomania/libvirt/tree/v3
Brijesh Singh (8):
qemu: provide support to query the SEV capability
qemu: introduce SEV feature in hypervisor capabilities
conf: introduce launch-security element in domain
qemu: add support to launch SEV guest
libvirt: add new public API to get launch security info
remote: implement the remote protocol for launch security
qemu_driver: add support to launch security info
virsh: implement new command for launch security
Xiaogang Chen (1):
tests: extend tests to include sev specific tag parsing
docs/formatdomain.html.in | 120 ++++++++++++++++++++++++++++++++++++
docs/formatdomaincaps.html.in | 40 ++++++++++++
docs/schemas/domaincaps.rng | 20 ++++++
docs/schemas/domaincommon.rng | 39 ++++++++++++
include/libvirt/libvirt-domain.h | 17 +++++
src/conf/domain_capabilities.c | 20 ++++++
src/conf/domain_capabilities.h | 14 +++++
src/conf/domain_conf.c | 110 +++++++++++++++++++++++++++++++++
src/conf/domain_conf.h | 26 ++++++++
src/driver-hypervisor.h | 7 +++
src/libvirt-domain.c | 48 +++++++++++++++
src/libvirt_public.syms | 5 ++
src/qemu/qemu_capabilities.c | 40 ++++++++++++
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_capspriv.h | 4 ++
src/qemu/qemu_command.c | 35 +++++++++++
src/qemu/qemu_driver.c | 66 ++++++++++++++++++++
src/qemu/qemu_monitor.c | 17 +++++
src/qemu/qemu_monitor.h | 6 ++
src/qemu/qemu_monitor_json.c | 105 +++++++++++++++++++++++++++++++
src/qemu/qemu_monitor_json.h | 5 ++
src/qemu/qemu_process.c | 58 +++++++++++++++++
src/remote/remote_daemon_dispatch.c | 47 ++++++++++++++
src/remote/remote_driver.c | 42 ++++++++++++-
src/remote/remote_protocol.x | 20 +++++-
src/remote_protocol-structs | 11 ++++
tests/genericxml2xmlindata/sev.xml | 20 ++++++
tests/genericxml2xmloutdata/sev.xml | 22 +++++++
tests/genericxml2xmltest.c | 2 +
tests/qemuxml2argvdata/sev.args | 24 ++++++++
tests/qemuxml2argvdata/sev.xml | 35 +++++++++++
tests/qemuxml2argvtest.c | 2 +
tests/qemuxml2xmloutdata/sev.xml | 39 ++++++++++++
tests/qemuxml2xmltest.c | 2 +
tools/virsh-domain.c | 84 +++++++++++++++++++++++++
35 files changed, 1151 insertions(+), 2 deletions(-)
create mode 100644 tests/genericxml2xmlindata/sev.xml
create mode 100644 tests/genericxml2xmloutdata/sev.xml
create mode 100644 tests/qemuxml2argvdata/sev.args
create mode 100644 tests/qemuxml2argvdata/sev.xml
create mode 100644 tests/qemuxml2xmloutdata/sev.xml
--
2.14.3
7 years
[libvirt] Compiling Libvirt 3.0.0 failed: cannot stat t-kw@kkcor.gmo
by Mathieu Tarral
Hi,
I tried to compile libvirt 3.0.0, from git, on a Debian Stretch.
It failed with these weird errors that i'm not able to fix by myself:
rm -f ky.gmo && : -c --statistics -o ky.gmo ky.po
rm -f lt.gmo && : -c --statistics -o lt.gmo lt.po
mv: cannot stat 't-kw(a)kkcor.gmo': No such file or directory
mv: cannot stat 't-kw(a)uccor.gmo': No such file or directory
Makefile:448: recipe for target 'kw(a)kkcor.gmo' failed
make[3]: *** [kw(a)kkcor.gmo] Error 1
make[3]: *** Waiting for unfinished jobs....
rm -f lv.gmo && : -c --statistics -o lv.gmo lv.po
Makefile:448: recipe for target 'kw(a)uccor.gmo' failed
make[3]: *** [kw(a)uccor.gmo] Error 1
mv: cannot stat 't-kw_GB.gmo': No such file or directory
I have no idea what this "t-kw(a)kkcor.gmo" is about ??
Could you guys help ?
Note: the build failed erlier because uuid-dev was missing.
You might want to add a check for that lib in the configure.ac
Best regards.
--
Mathieu Tarral
7 years
[libvirt] [dbus PATCH 0/3] Implement LookupBy* methods for libvirt
by Katerina Koukiou
Katerina Koukiou (3):
Implement LookupByID method for Connect Interface.
Implement LookupByName method for Connect Interface
Implement LookupByUUID method for Connect Interface
data/org.libvirt.Connect.xml | 18 +++++++++
src/connect.c | 87 ++++++++++++++++++++++++++++++++++++++++++++
src/domain.c | 1 +
test/libvirttest.py | 5 +++
test/test_connect.py | 15 +++++++-
test/test_domain.py | 5 ---
6 files changed, 125 insertions(+), 6 deletions(-)
--
2.15.0
7 years
[libvirt] [jenkins-ci PATCH] guests: Enable ccache
by Andrea Bolognani
We install ccache on all guests where it's available, but
Fedora is the only one actually using it at the moment,
because it enables it automatically.
Tweak the user's profile so that compilation will use ccache
if it's installed.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
guests/tasks/users.yml | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/guests/tasks/users.yml b/guests/tasks/users.yml
index 87693e0..1ecacee 100644
--- a/guests/tasks/users.yml
+++ b/guests/tasks/users.yml
@@ -64,3 +64,21 @@
dest: /home/{{ flavor }}/.ccache/ccache.conf
owner: '{{ flavor }}'
group: '{{ flavor }}'
+
+- name: '{{ flavor }}: Enable ccache'
+ lineinfile:
+ path: /home/{{ flavor }}/.profile
+ line: 'which ccache >/dev/null 2>&1 && export CC="ccache cc"'
+ state: present
+ owner: '{{ flavor }}'
+ group: '{{ flavor }}'
+ create: yes
+
+- name: '{{ flavor }}: Enable ccache'
+ lineinfile:
+ path: /home/{{ flavor }}/.bashrc
+ line: 'which ccache >/dev/null 2>&1 && export CC="ccache cc"'
+ state: present
+ owner: '{{ flavor }}'
+ group: '{{ flavor }}'
+ create: yes
--
2.14.3
7 years
Re: [libvirt] [PATCH 01/12] conf: introduce domain XML element <polling> for iothread
by Sergio Lopez
Hi,
I'd like to resurrect this thread:
https://www.redhat.com/archives/libvir-list/2017-February/msg01084.html
Recent benchmarks have demonstrated that using large values for
poll-max-ns significantly decreases the perceived latency in the Guest,
at the expense of the iothread using more CPU:
- virtio-blk+iothread, 16 vCPUs, null_blk=200us and default poll-max-ns
randread: (groupid=0, jobs=4): err= 0: pid=1314: Thu Feb 15 06:24:06 2018
read: IOPS=15.0k, BW=58.7MiB/s (61.6MB/s)(587MiB/10001msec)
clat (usec): min=98, max=2016, avg=257.98, stdev=22.91
lat (usec): min=100, max=2017, avg=259.37, stdev=22.99
randread: (groupid=0, jobs=8): err= 0: pid=1359: Thu Feb 15 06:25:03 2018
read: IOPS=29.8k, BW=117MiB/s (122MB/s)(1166MiB/10002msec)
clat (usec): min=33, max=3818, avg=260.92, stdev=32.02
lat (usec): min=34, max=3819, avg=262.14, stdev=32.02
randread: (groupid=0, jobs=16): err= 0: pid=1339: Thu Feb 15 06:24:41 2018
read: IOPS=55.9k, BW=218MiB/s (229MB/s)(2182MiB/10002msec)
clat (usec): min=37, max=3390, avg=279.19, stdev=34.53
lat (usec): min=38, max=3391, avg=280.41, stdev=34.54
- virtio-blk+iothread, 16 vCPUs, null_blk=200us and poll-max-ns=1000000
randread: (groupid=0, jobs=4): err= 0: pid=1361: Thu Feb 15 06:31:47 2018
read: IOPS=16.2k, BW=63.3MiB/s (66.3MB/s)(633MiB/10001msec)
clat (usec): min=72, max=2790, avg=240.12, stdev=22.28
lat (usec): min=73, max=2791, avg=241.30, stdev=22.28
randread: (groupid=0, jobs=8): err= 0: pid=1342: Thu Feb 15 06:30:51 2018
read: IOPS=32.1k, BW=125MiB/s (132MB/s)(1255MiB/10001msec)
clat (usec): min=30, max=5474, avg=242.14, stdev=46.24
lat (usec): min=31, max=5475, avg=243.33, stdev=46.25
randread: (groupid=0, jobs=16): err= 0: pid=1324: Thu Feb 15 06:30:11 2018
read: IOPS=61.8k, BW=241MiB/s (253MB/s)(2413MiB/10002msec)
clat (usec): min=26, max=2931, avg=251.89, stdev=38.37
lat (usec): min=27, max=2932, avg=253.11, stdev=38.38
I think this trade-off should be user's decision. Layered products may
consider abstracting this configuration under simplified VM tuning
attributes.
Sergio.
7 years
[libvirt] [dbus PATCH v2] Add 'Version' property for virConnectGetVersion
by Katerina Koukiou
---
data/org.libvirt.Connect.xml | 4 ++++
src/connect.c | 25 ++++++++++++++++++++++++-
test/test_connect.py | 9 +++++++++
3 files changed, 37 insertions(+), 1 deletion(-)
diff --git a/data/org.libvirt.Connect.xml b/data/org.libvirt.Connect.xml
index e47c2f5..56a1126 100644
--- a/data/org.libvirt.Connect.xml
+++ b/data/org.libvirt.Connect.xml
@@ -3,6 +3,10 @@
<node name="/org/libvirt/connect">
<interface name="org.libvirt.Connect">
+ <property name="Version" type="t" access="read">
+ <annotation name="org.gtk.GDBus.DocString"
+ value="See https://libvirt.org/html/libvirt-libvirt-domain.html#virConnectGetVersion"/>
+ </property>
<method name="ListDomains">
<annotation name="org.gtk.GDBus.DocString"
value="See https://libvirt.org/html/libvirt-libvirt-domain.html#virConnectListAllDom..."/>
diff --git a/src/connect.c b/src/connect.c
index bf97cd5..8898e6d 100644
--- a/src/connect.c
+++ b/src/connect.c
@@ -80,6 +80,24 @@ virtDBusConnectOpen(virtDBusConnect *connect,
return TRUE;
}
+static void
+virtDBusConnectGetVersion(const gchar *objectPath G_GNUC_UNUSED,
+ gpointer userData,
+ GVariant **value,
+ GError **error)
+{
+ virtDBusConnect *connect = userData;
+ gulong hvVer;
+
+ if (!virtDBusConnectOpen(connect, error))
+ return;
+
+ if (virConnectGetVersion(connect->connection, &hvVer) < 0)
+ return virtDBusUtilSetLastVirtError(error);
+
+ *value = g_variant_new("t", hvVer);
+}
+
static void
virtDBusConnectListDomains(GVariant *inArgs,
GUnixFDList *inFDs G_GNUC_UNUSED,
@@ -177,6 +195,11 @@ virtDBusConnectDefineXML(GVariant *inArgs,
*outArgs = g_variant_new("(o)", path);
}
+static virtDBusGDBusPropertyTable virtDBusConnectPropertyTable[] = {
+ { "Version", virtDBusConnectGetVersion, NULL },
+ { NULL, NULL, NULL }
+};
+
static virtDBusGDBusMethodTable virtDBusConnectMethodTable[] = {
{ "ListDomains", virtDBusConnectListDomains },
{ "CreateXML", virtDBusConnectCreateXML },
@@ -228,7 +251,7 @@ virtDBusConnectNew(virtDBusConnect **connectp,
connect->connectPath,
interfaceInfo,
virtDBusConnectMethodTable,
- NULL,
+ virtDBusConnectPropertyTable,
connect);
virtDBusDomainRegister(connect, error);
diff --git a/test/test_connect.py b/test/test_connect.py
index a52140c..01d4d41 100755
--- a/test/test_connect.py
+++ b/test/test_connect.py
@@ -2,6 +2,7 @@
import dbus
import libvirttest
+import pytest
class TestConnect(libvirttest.BaseTestClass):
@@ -53,6 +54,14 @@ class TestConnect(libvirttest.BaseTestClass):
self.main_loop()
+ @pytest.mark.parametrize("property_name,expected_type", [
+ ("Version", dbus.UInt64),
+ ])
+ def test_connect_properties_return_type(self, property_name, expected_type):
+ obj = self.bus.get_object('org.libvirt', '/org/libvirt/Test')
+ props = obj.GetAll('org.libvirt.Connect', dbus_interface=dbus.PROPERTIES_IFACE)
+ assert isinstance(props[property_name], expected_type)
+
if __name__ == '__main__':
libvirttest.run()
--
2.15.0
7 years
[libvirt] [dbus PATCH 0/4] remove AUTHORS file and cleanup spec file
by Pavel Hrdina
Pavel Hrdina (4):
maint: remove AUTHORS from repository
spec: cleanup spec file based on fedora package review
spec: Require dbus and polkit
spec: fix D-Bus spelling and improve description
AUTHORS.in | 13 -------------
Makefile.am | 14 --------------
libvirt-dbus.spec.in | 34 +++++++++++++++-------------------
3 files changed, 15 insertions(+), 46 deletions(-)
delete mode 100644 AUTHORS.in
--
2.14.3
7 years
