June 2018 - Devel - libvirt List Archives

[libvirt] [PATCH] libvirt: fix a typo
by Chen Hanxiao 13 Jun '18

13 Jun '18

From: Chen Hanxiao <chenhanxiao(a)gmail.com> s/httsp/https Signed-off-by: Chen Hanxiao <chenhanxiao(a)gmail.com> --- src/libvirt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libvirt.c b/src/libvirt.c index ffb002f4e1..52f4dd2808 100644 --- a/src/libvirt.c +++ b/src/libvirt.c @@ -1098,7 +1098,7 @@ virConnectOpenInternal(const char *name, * if not already running. This can be prevented by setting the * environment variable LIBVIRT_AUTOSTART=0 * - * URIs are documented at httsp://libvirt.org/uri.html + * URIs are documented at https://libvirt.org/uri.html * * virConnectClose should be used to release the resources after the connection * is no longer needed. -- 2.17.1

3 3

[libvirt] [jenkins-ci PATCH 0/3] Drop CentOS 6 support
by Andrea Bolognani 13 Jun '18

13 Jun '18

As suggested in https://www.redhat.com/archives/libvir-list/2018-June/msg00943.html Andrea Bolognani (3): projects: Drop libvirt-master-build-website job guests: Drop libvirt+website project guests: Drop CentOS 6 support guests/host_vars/libvirt-centos-6/install.yml | 3 - guests/host_vars/libvirt-centos-6/main.yml | 3 - guests/inventory | 1 - guests/tasks/base.yml | 2 - guests/vars/mappings.yml | 19 +--- guests/vars/projects/libvirt+website.yml | 5 -- guests/vars/projects/libvirt.yml | 1 - guests/vars/vault.yml | 86 +++++++++---------- projects/libvirt.yaml | 11 --- 9 files changed, 42 insertions(+), 89 deletions(-) delete mode 100644 guests/host_vars/libvirt-centos-6/install.yml delete mode 100644 guests/host_vars/libvirt-centos-6/main.yml delete mode 100644 guests/vars/projects/libvirt+website.yml -- 2.17.1

3 5

[libvirt] [libvirt-python PATCH 0/2] Provide coverage for the AMD SEV APIs
by Erik Skultety 13 Jun '18

13 Jun '18

Add support for the recently introduced AMD SEV APIs Erik Skultety (2): Add support for virDomainGetLaunchSecurityInfo Add support for virNodeGetSEVInfo generator.py | 2 ++ libvirt-override-api.xml | 12 ++++++++ libvirt-override.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 87 insertions(+) -- 2.14.4

2 4

[libvirt] [PATCH libvirt 0/4] rmv virObjectEventStateQueue wrapper funcs
by Anya Harter 13 Jun '18

13 Jun '18

Currently, there are four wrapper functions which call virObjectEventStateQueue: - testObjectEventQueue - libxlDomainEventQueue - qemuDomainEventQueue - umlDomainEventQueue This patch series removes these wrappers makes all calls directly to virObjectEventStateQueue. Since virObjectEventStateQueue takes care of NULL checking, all NULL checking by callers has also been removed. This patch series should complete the BiteSizedTask entry at https://wiki.libvirt.org/page/BiteSizedTasks#Remove_NULL_checking_around_Ev… . Anya Harter (4): events: remove testObjectEventQueue wrapper func events: remove libxlDomainEventQueue wrapper func events: remove qemuDomainEventQueue wrapper func events: remove umlDomainEventQueue wrapper func src/libxl/libxl_domain.c | 24 +++------- src/libxl/libxl_domain.h | 4 -- src/libxl/libxl_driver.c | 21 +++------ src/libxl/libxl_migration.c | 18 +++----- src/qemu/qemu_blockjob.c | 4 +- src/qemu/qemu_cgroup.c | 2 +- src/qemu/qemu_domain.c | 11 +---- src/qemu/qemu_domain.h | 2 - src/qemu/qemu_driver.c | 88 +++++++++++++++++-------------------- src/qemu/qemu_hotplug.c | 26 +++++------ src/qemu/qemu_migration.c | 24 +++++----- src/qemu/qemu_process.c | 54 +++++++++++------------ src/test/test_driver.c | 80 ++++++++++++++++----------------- src/uml/uml_driver.c | 33 ++++---------- 14 files changed, 162 insertions(+), 229 deletions(-) -- 2.17.1

2 5

[libvirt] [PATCH 00/12] Temporarily use other boot configuration
by Marc Hartmayer 13 Jun '18

13 Jun '18

This patch series implements a new API that allows us to temporarily use another boot configuration than defined in the persistent domain definition. The s390 architecture knows only one boot device and therefore the boot order settings doesn't work the way it would work on x86, for example. If the first boot device fails to boot there is no trying to boot from the next boot device. In addition, the architecture/BIOS has no support for interactively changing the boot device during the boot/IPL process. Currently the API is implemented for the remote/QEMU/test driver and for virsh. It can be used as follows $ virsh start {{DOMAIN}} --with-kernel {{KERNEL_FILE}} \ --with-initrd {{INITRD_FILE}} --with-cmdline {{CMDLINE}} \ --with-bootdevice {{DEVICE_IDENTIFIER}} E.g. $ virsh start dom_01 --with-bootdevice='vdb' Marc Hartmayer (12): virsh: Force boot emulation is only required for virDomainCreateWithFlags Introduce new domain create API virDomainCreateWithParams remote: Add support for virDomainCreateWithParams utils: Add virStringUpdate conf: Add functions to change the boot configuration of a domain qemu: Add the functionality to override the boot configuration qemu: Add support for virDomainCreateWithParams test: Implement virConnectSupportsFeature test: Add support for virDomainCreateWithParams tests: Add tests for virDomainCreateWithParams virsh: Add with-{bootdevice,kernel,initrd,cmdline} options for start docs: Add news entry for new API virDomainCreateWithParams docs/news.xml | 11 ++ include/libvirt/libvirt-domain.h | 37 +++++ src/conf/domain_conf.c | 226 +++++++++++++++++++++++++++ src/conf/domain_conf.h | 11 ++ src/driver-hypervisor.h | 6 + src/libvirt-domain.c | 64 ++++++++ src/libvirt_private.syms | 2 + src/libvirt_public.syms | 4 + src/qemu/qemu_driver.c | 83 ++++++++-- src/qemu/qemu_migration.c | 3 +- src/qemu/qemu_process.c | 16 +- src/qemu/qemu_process.h | 2 + src/remote/remote_driver.c | 1 + src/remote/remote_protocol.x | 22 ++- src/remote_protocol-structs | 12 ++ src/rpc/gendispatch.pl | 18 ++- src/test/test_driver.c | 108 +++++++++++-- src/util/virstring.c | 27 ++++ src/util/virstring.h | 2 + tests/objecteventtest.c | 321 +++++++++++++++++++++++++++++++++++++++ tools/virsh-domain.c | 136 ++++++++++++++--- tools/virsh.pod | 14 ++ 22 files changed, 1064 insertions(+), 62 deletions(-) -- 2.13.4

6 22

[libvirt] [PATCH] lib: Document limitation of virDomainInterfaceAddresses
by Michal Privoznik 12 Jun '18

12 Jun '18

https://bugzilla.redhat.com/show_bug.cgi?id=1588336 This API takes @source argument which tells it where to get domain IP addresses from. However, not all sources are capable of providing all the information we report, for instance ARP table has no notion of IP address prefixes. Document this limitation. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- src/libvirt-domain.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c index dcfc7d4c57..4a899f31c8 100644 --- a/src/libvirt-domain.c +++ b/src/libvirt-domain.c @@ -11780,6 +11780,10 @@ virDomainFSInfoFree(virDomainFSInfoPtr info) * be unreachable. Depending on the route table config of the * guest, the returned mac address may be duplicated. * + * Note that for some @source values some pieces of returned @ifaces + * might be unset (e.g. VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_ARP does not + * set IP address prefix as ARP table does not have any notion of that). + * * @ifaces->name and @ifaces->hwaddr are never NULL. * * The caller *must* free @ifaces when no longer needed. Usual use case -- 2.16.4

2 1

[libvirt] [PATCH v2 00/21] nwfilter: refactor the driver to make it independent of virt drivers
by Daniel P. Berrangé 12 Jun '18

12 Jun '18

v1: https://www.redhat.com/archives/libvir-list/2018-April/msg02616.html Today the nwfilter driver is entangled with the virt drivers in both directions. At various times when rebuilding filters nwfilter will call out to the virt driver to iterate over running guest's NICs. This has caused very complicated lock ordering rules to be required. If we are to split the virt drivers out into separate daemons we need to get rid of this coupling since we don't want the separate daemons calling each other, as that risks deadlock if all of the RPC workers are busy. The obvious way to solve this is to have the nwfilter driver remember all the filters it has active, avoiding the need to iterate over running guests. Easy parts of the v1 posting have already been merged. This v2 is much more complete, though still not entirely ready for merge. - The virNWFilterBindingPtr was renamed virNWFilterBindingDefPtr - New virNWFilterBindingObjPtr & virNWFilterBindingObjListPtr structs added to track the objects in the driver - New virNWFilterBindingPtr public API type was added - New public APIs for listing filter bindings, querying XML, and creating/deleting them - Convert the virt drivers to use the public API for creating and deleting bindings - Persistent active bindings out to disk so they're preserved across restarts - Added RNG schema and XML-2-XML test - New virsh commands for listing/querying XML/creating/deleting bindings Still todo - Document the new XML format - Run the nwfilter stress tests to see what I've undoubtably broken - Think about recording the NIC index in the virNWFilterBindingObjPtr and persisting across restarts, so we can track if the NIC we had previously used was deleted & recreated - in which case we can drop the stale binding. - Probably something else... Daniel P. Berrangé (21): util: fix misleading command for virObjectLock conf: change virNWFilterBindingPtr to virNWFilterBindingDefPtr conf: add missing virxml.h include for nwfilter_params.h conf: move virNWFilterBindingDefPtr into its own files conf: add support for parsing/formatting virNWFilterBindingDefPtr schemas: add schema for nwfilter binding XML document nwfilter: export port binding concept in the public API access: add nwfilter binding object permissions remote: add support for nwfilter binding objects virsh: add nwfilter binding commands nwfilter: convert the gentech driver code to use virNWFilterBindingDefPtr nwfilter: convert IP address learning code to virNWFilterBindingDefPtr nwfilter: convert DHCP address snooping code to virNWFilterBindingDefPtr conf: report an error if nic needs filtering by no driver is present conf: introduce a virNWFilterBindingObjPtr struct conf: introduce a virNWFilterBindingObjListPtr struct nwfilter: keep track of active filter bindings nwfilter: remove virt driver callback layer for rebuilding filters nwfilter: wire up new APIs for listing and querying filter bindings nwfilter: wire up new APIs for creating and deleting nwfilter bindings nwfilter: convert virt drivers to use public API for nwfilter bindings docs/schemas/domaincommon.rng | 27 +- docs/schemas/nwfilter.rng | 29 +- docs/schemas/nwfilter_params.rng | 32 ++ docs/schemas/nwfilterbinding.rng | 49 ++ include/libvirt/libvirt-nwfilter.h | 39 ++ include/libvirt/virterror.h | 2 + src/access/viraccessdriver.h | 5 + src/access/viraccessdrivernop.c | 10 + src/access/viraccessdriverpolkit.c | 21 + src/access/viraccessdriverstack.c | 24 + src/access/viraccessmanager.c | 15 + src/access/viraccessmanager.h | 5 + src/access/viraccessperm.c | 7 +- src/access/viraccessperm.h | 39 ++ src/conf/Makefile.inc.am | 6 + src/conf/domain_nwfilter.c | 125 ++++- src/conf/domain_nwfilter.h | 13 - src/conf/nwfilter_conf.c | 223 ++------ src/conf/nwfilter_conf.h | 68 +-- src/conf/nwfilter_params.h | 1 + src/conf/virnwfilterbindingdef.c | 279 ++++++++++ src/conf/virnwfilterbindingdef.h | 65 +++ src/conf/virnwfilterbindingobj.c | 260 ++++++++++ src/conf/virnwfilterbindingobj.h | 60 +++ src/conf/virnwfilterbindingobjlist.c | 475 ++++++++++++++++++ src/conf/virnwfilterbindingobjlist.h | 66 +++ src/conf/virnwfilterobj.c | 4 +- src/conf/virnwfilterobj.h | 4 + src/datatypes.c | 67 +++ src/datatypes.h | 31 ++ src/driver-nwfilter.h | 30 ++ src/libvirt-nwfilter.c | 305 +++++++++++ src/libvirt_private.syms | 42 +- src/libvirt_public.syms | 13 + src/lxc/lxc_driver.c | 28 -- src/nwfilter/nwfilter_dhcpsnoop.c | 151 +++--- src/nwfilter/nwfilter_dhcpsnoop.h | 7 +- src/nwfilter/nwfilter_driver.c | 211 ++++++-- src/nwfilter/nwfilter_gentech_driver.c | 307 +++++------ src/nwfilter/nwfilter_gentech_driver.h | 22 +- src/nwfilter/nwfilter_learnipaddr.c | 98 ++-- src/nwfilter/nwfilter_learnipaddr.h | 7 +- src/qemu/qemu_driver.c | 25 - src/remote/remote_daemon_dispatch.c | 15 + src/remote/remote_driver.c | 20 + src/remote/remote_protocol.x | 90 +++- src/remote_protocol-structs | 43 ++ src/rpc/gendispatch.pl | 15 +- src/uml/uml_driver.c | 29 -- src/util/virerror.c | 12 + src/util/virobject.c | 2 +- tests/Makefile.am | 7 + .../filter-vars.xml | 11 + .../virnwfilterbindingxml2xmldata/simple.xml | 9 + tests/virnwfilterbindingxml2xmltest.c | 113 +++++ tests/virschematest.c | 1 + tools/virsh-completer.c | 45 ++ tools/virsh-completer.h | 4 + tools/virsh-nwfilter.c | 318 ++++++++++++ tools/virsh-nwfilter.h | 8 + 60 files changed, 3247 insertions(+), 792 deletions(-) create mode 100644 docs/schemas/nwfilter_params.rng create mode 100644 docs/schemas/nwfilterbinding.rng create mode 100644 src/conf/virnwfilterbindingdef.c create mode 100644 src/conf/virnwfilterbindingdef.h create mode 100644 src/conf/virnwfilterbindingobj.c create mode 100644 src/conf/virnwfilterbindingobj.h create mode 100644 src/conf/virnwfilterbindingobjlist.c create mode 100644 src/conf/virnwfilterbindingobjlist.h create mode 100644 tests/virnwfilterbindingxml2xmldata/filter-vars.xml create mode 100644 tests/virnwfilterbindingxml2xmldata/simple.xml create mode 100644 tests/virnwfilterbindingxml2xmltest.c -- 2.17.0

3 46

[libvirt] [PATCH] libvirtd: Add service dependency on systemd-logind
by Cole Robinson 12 Jun '18

12 Jun '18

At daemon startup we query logind for host PM support status. Without a service dependency host startup can trigger libvirtd errors like: error : virNodeSuspendSupportsTarget:336 : internal error: Cannot probe for supported suspend types warning : virQEMUCapsInit:949 : Failed to get host power management capabilities Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1588288 Signed-off-by: Cole Robinson <crobinso(a)redhat.com> --- src/remote/libvirtd.service.in | 1 + 1 file changed, 1 insertion(+) diff --git a/src/remote/libvirtd.service.in b/src/remote/libvirtd.service.in index 769702ea75..7f689e08a8 100644 --- a/src/remote/libvirtd.service.in +++ b/src/remote/libvirtd.service.in @@ -15,6 +15,7 @@ After=iscsid.service After=apparmor.service After=local-fs.target After=remote-fs.target +After=systemd-logind.service After=systemd-machined.service Documentation=man:libvirtd(8) Documentation=https://libvirt.org -- 2.17.1

2 1

[libvirt] [PATCH libvirt 0/3] events: clean up NULL checking involving virObjectEventStateQueueRemote
by Anya Harter 12 Jun '18

12 Jun '18

Currently, all virObjectEventStateQueue callers and virObjectEventStateQueueRemote callers need to do NULL checking. In this patch series, all NULL checking has been moved to virObjectEventStateQueueRemote and all callers of the Remote or not Remote function have their NULL checking removed. Anya Harter (3): events: add NULL check in virObjectEventStateQueue events: move NULL check to EventStateQueueRemote events: remove remoteEventQueue wrapper function src/bhyve/bhyve_driver.c | 15 ++---- src/conf/object_event.c | 3 ++ src/lxc/lxc_driver.c | 24 ++++------ src/lxc/lxc_process.c | 9 ++-- src/network/bridge_driver.c | 15 ++---- src/node_device/node_device_udev.c | 6 +-- src/qemu/qemu_domain.c | 3 +- src/remote/remote_driver.c | 75 +++++++++++++----------------- src/secret/secret_driver.c | 9 ++-- src/storage/storage_driver.c | 27 ++++------- src/test/test_driver.c | 3 -- src/vz/vz_sdk.c | 3 +- 12 files changed, 73 insertions(+), 119 deletions(-) -- 2.17.1

2 6

[libvirt] [PATCH] apparmor: fix vfio usage without initial hostdev
by Christian Ehrhardt 12 Jun '18

12 Jun '18

The base vfio has not much functionality but to provide a custom container by opening this path. See https://www.kernel.org/doc/Documentation/vfio.txt for more. Systems with static hostdevs will get /dev/vfio/vfio by virt-aa-hotplug right from the beginning. But if the guest initially had no hostdev at all it will run into the following deny before the security module labelling callbacks will make the actual vfio device (like /dev/vfio/93) known. Access by qemu is "wr" even thou in theory it could maybe be "r": [ 2652.756712] audit: type=1400 audit(1491303691.719:25): apparmor="DENIED" operation="open" profile="libvirt-17a61b87-5132-497c-b928-421ac2ee0c8a" name="/dev/vfio/vfio" pid=8486 comm="qemu-system-x86" requested_mask="wr" denied_mask="wr" fsuid=64055 ouid=0 Bug-Ubuntu: https://bugs.launchpad.net/bugs/1678322 Bug-Ubuntu: https://bugs.launchpad.net/bugs/1775777 Signed-off-by: Christian Ehrhardt <christian.ehrhardt(a)canonical.com> Signed-off-by: Stefan Bader <stefan.bader(a)canonical.com> --- examples/apparmor/libvirt-qemu | 3 +++ 1 file changed, 3 insertions(+) diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu index 2c47652250..874aca2092 100644 --- a/examples/apparmor/libvirt-qemu +++ b/examples/apparmor/libvirt-qemu @@ -193,6 +193,9 @@ deny /dev/shm/lttng-ust-wait-* r, deny /run/shm/lttng-ust-wait-* r, + # for vfio hotplug on systems without static vfio (LP: #1775777) + /dev/vfio/vfio rw, + # required for sasl GSSAPI plugin /etc/gss/mech.d/ r, /etc/gss/mech.d/* r, -- 2.17.1

3 4