March 2019 - Devel - libvirt List Archives

[libvirt] [PATCHv3 0/5] Implement debugcon chardev
by Ján Tomko 19 Jun '19

19 Jun '19

v2: https://www.redhat.com/archives/libvir-list/2019-February/msg00293.html v3: * dropped the pointless isa-prefix * use DO_TEST_CAPS_LATEST * trimmed the XML * compiles with gcc * only make irq optional * autofill iobase Ján Tomko (3): qemu: introduce qemuDomainChrSerialTargetModel qemu: make irq optional when formatting the ISA address qemu: autoadd iobase to debugcon chardev Nikolay Shirokovskiy (2): conf: add debugcon chardev guest interface qemu: implement debugcon chardev docs/formatdomain.html.in | 3 +- docs/schemas/domaincommon.rng | 1 + src/conf/domain_conf.c | 5 ++++ src/conf/domain_conf.h | 1 + src/qemu/qemu_command.c | 25 +++++++++++++--- src/qemu/qemu_domain.c | 12 ++++++++ .../isa-serial-debugcon.x86_64-latest.args | 30 +++++++++++++++++++ .../qemuxml2argvdata/isa-serial-debugcon.xml | 21 +++++++++++++ tests/qemuxml2argvtest.c | 1 + .../isa-serial-debugcon.xml | 30 +++++++++++++++++++ tests/qemuxml2xmltest.c | 2 ++ 11 files changed, 126 insertions(+), 5 deletions(-) create mode 100644 tests/qemuxml2argvdata/isa-serial-debugcon.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/isa-serial-debugcon.xml create mode 100644 tests/qemuxml2xmloutdata/isa-serial-debugcon.xml -- 2.19.2

2 14

[libvirt] New Feature: Intel MKTME Support
by Carvalho, Larkins L 23 Apr '19

23 Apr '19

Hello Team, Greetings. We want to add Intel MKTME support to the Libvirt. Intel MKTME is a capability to encrypt entirety of physical memory of a system similar to AMD SEV. Please let us know what are the expectations from us to initiate the design and development of the feature. Regards, Larkins Carvalho Intel Corporation

5 15

[libvirt] [PATCH v2 00/11] conf: partial net model enum conversion
by Cole Robinson 18 Apr '19

18 Apr '19

v1 here: https://www.redhat.com/archives/libvir-list/2019-January/msg00763.html Changes since v1: - patch #7, case insensitive model input comparison - Add xml2xml testing - compile tested on freebsd12.0 This series partially converts the net->model value from a string to an enum. We wrap the existing ->model string in accessor functions, rename it to ->modelstr, add a ->model enum, and convert internal driver usage bit by bit. At the end, all driver code that is acting on specific network model values is comparing against an enum, not a string. This is only partial because of xen/libxl/xm and qemu drivers, which if they don't know anything particular about the model string will just place it on the qemu command line/xen config and see what happens. So basically if I were to pass in <model type='idontexist'/> qemu would turn that into -device idontexist,... That behavior is untouched by this series, as fully unwinding that will take some more work: * Figuring out all reasonable qemu + xen values that could actually result in a working VM config, and adding them to the enum * Figuring out a long term plan for disabling passthrough entirely. There's some discussion in the v1 thread about this. Some caveats: * vz driver is not compile tested. What's the sdk magic to actually get this building? * net model enum lookup is done case insensitive. this is to maintain the behavior of the vmx and virtualbox drivers, but it's different than all our other enum usage. Cole Robinson (11): tests: Add several net model passthrough tests conf: net: Add wrapper functions for <model> value conf: net: Rename 'model' to 'modelstr' conf: net: Add model enum, and netfront value vz: convert to net model enum bhyve: convert to net model enum qemu: Partially convert to net model enum conf: Make net model enum compare case insensitive vmx: convert to net model enum vbox: Convert to net enum model conf: Add VIR_DOMAIN_DEF_FEATURE_NET_MODEL_STRING src/bhyve/bhyve_command.c | 15 +-- src/bhyve/bhyve_parse_command.c | 10 +- src/conf/domain_conf.c | 111 ++++++++++++++---- src/conf/domain_conf.h | 35 +++++- src/libvirt_private.syms | 4 + src/libxl/libxl_conf.c | 8 +- src/libxl/libxl_domain.c | 1 + src/qemu/qemu_command.c | 13 +- src/qemu/qemu_domain.c | 32 +++-- src/qemu/qemu_domain_address.c | 13 +- src/qemu/qemu_driver.c | 14 ++- src/qemu/qemu_hotplug.c | 15 ++- src/qemu/qemu_parse_command.c | 5 +- src/security/virt-aa-helper.c | 3 +- src/vbox/vbox_common.c | 29 ++--- src/vmx/vmx.c | 55 ++++----- src/vz/vz_driver.c | 7 +- src/vz/vz_sdk.c | 17 ++- src/xenconfig/xen_common.c | 31 ++--- src/xenconfig/xen_sxpr.c | 30 ++--- tests/qemuxml2argvdata/net-many-models.args | 39 ++++++ tests/qemuxml2argvdata/net-many-models.xml | 38 ++++++ tests/qemuxml2argvtest.c | 1 + tests/qemuxml2xmloutdata/net-many-models.xml | 53 +++++++++ tests/qemuxml2xmltest.c | 1 + tests/xlconfigdata/test-net-fakemodel.cfg | 24 ++++ tests/xlconfigdata/test-net-fakemodel.xml | 39 ++++++ tests/xlconfigtest.c | 1 + .../test-paravirt-net-fakemodel.cfg | 13 ++ .../test-paravirt-net-fakemodel.xml | 40 +++++++ .../test-paravirt-net-modelstr.cfg | 13 ++ tests/xmconfigtest.c | 1 + .../xml2sexpr-fv-net-many-models.sexpr | 1 + .../xml2sexpr-fv-net-many-models.xml | 43 +++++++ tests/xml2sexprtest.c | 1 + 35 files changed, 586 insertions(+), 170 deletions(-) create mode 100644 tests/qemuxml2argvdata/net-many-models.args create mode 100644 tests/qemuxml2argvdata/net-many-models.xml create mode 100644 tests/qemuxml2xmloutdata/net-many-models.xml create mode 100644 tests/xlconfigdata/test-net-fakemodel.cfg create mode 100644 tests/xlconfigdata/test-net-fakemodel.xml create mode 100644 tests/xmconfigdata/test-paravirt-net-fakemodel.cfg create mode 100644 tests/xmconfigdata/test-paravirt-net-fakemodel.xml create mode 100644 tests/xmconfigdata/test-paravirt-net-modelstr.cfg create mode 100644 tests/xml2sexprdata/xml2sexpr-fv-net-many-models.sexpr create mode 100644 tests/xml2sexprdata/xml2sexpr-fv-net-many-models.xml -- 2.20.1

3 24

[libvirt] [PATCH 0/2] rpc: client: stream bugfix and improvement
by Nikolay Shirokovskiy 17 Apr '19

17 Apr '19

Nikolay Shirokovskiy (2): rpc: client: fix race on stream error and stream creation rpc: client: stream: notify streams of closing connection src/rpc/virnetclient.c | 13 ++++++++++--- src/rpc/virnetclientstream.c | 30 ++++++++++++++++++++++++++++-- src/rpc/virnetclientstream.h | 2 ++ 3 files changed, 40 insertions(+), 5 deletions(-) -- 1.8.3.1

2 6

[libvirt] [PATCH for v5.3.0 00/17] Fix and enable owner remembering
by Michal Privoznik 16 Apr '19

16 Apr '19

The basic owner remembering is already merged but was turned off because there were some issues. Well, this is my first attempt to fix those and then enable the feature. Yay! Michal Prívozník (17): tools: Slightly rework libvirt_recover_xattrs.sh virSecuritySELinuxRestoreAllLabel: Print @migrated in the debug message too virfile: Make virFileGetXAttr report errors virFileSetXAttr: Report error on failure virFileRemoveXAttr: Report error on failure security: Don't skip label restore on file systems lacking XATTRs security: Document @restore member of transaction list security_dac: Allow caller to suppress owner remembering security_selinux: Allow caller to suppress owner remembering security: Remember owner only for top level image security: Introduce virSecurityManagerMoveImageMetadata security_util: Introduce virSecurityMoveRememberedLabel security_dac: Implement virSecurityManagerMoveImageMetadata security_selinux: Implement virSecurityManagerMoveImageMetadata qemu_security: Implement qemuSecurityMoveImageMetadata qemu: Move image security metadata on snapshot activity Revert "qemu: Temporary disable owner remembering" docs/news.xml | 21 +++ src/libvirt_private.syms | 2 + src/qemu/libvirtd_qemu.aug | 1 + src/qemu/qemu.conf | 5 + src/qemu/qemu_blockjob.c | 6 + src/qemu/qemu_conf.c | 4 + src/qemu/qemu_driver.c | 17 +- src/qemu/qemu_security.c | 19 +++ src/qemu/qemu_security.h | 5 + src/qemu/test_libvirtd_qemu.aug.in | 1 + src/security/security_dac.c | 149 +++++++++++++---- src/security/security_driver.h | 5 + src/security/security_manager.c | 39 +++++ src/security/security_manager.h | 4 + src/security/security_nop.c | 10 ++ src/security/security_selinux.c | 249 ++++++++++++++++++++--------- src/security/security_stack.c | 20 +++ src/security/security_util.c | 85 +++++++++- src/security/security_util.h | 5 + src/util/virfile.c | 78 +++++++-- src/util/virfile.h | 5 + tests/qemusecuritymock.c | 6 +- tools/libvirt_recover_xattrs.sh | 49 +++--- 23 files changed, 626 insertions(+), 159 deletions(-) -- 2.19.2

3 34

[libvirt] vcpupin reports bogus vcpu affinities
by Allen, John 15 Apr '19

15 Apr '19

For pinned vcpus, vcpupin will report inaccurate affinity values on machines with high core counts (256 cores in my case). The problem is produced as follows: $ virsh vcpupin myguest 0 4 $ virsh vcpupin myguest 0 VCPU CPU Affinity --------------------------- 0 4,192,194,196-197 Running taskset on the qemu threads shows the correct affinity, so this seems to be a reporting problem. Strangely, the value "192" is significant. If I pin a cpu greater than 192, the problem no longer appears. I believe the cause of the problem in my case is that in this case in src/conf/domain_conf.c:virDomainDefGetVcpuPinInfoHelper: ... if (vcpu && vcpu->cpumask) bitmap = vcpu->cpumask; ... vcpu->cpumask is "shortened" in that it is only long enough to contain the last set bit in the mask. However, when we go to copy the mask to the buffer that is returned, we use the masklen passed to the function which is the "full" masklen with a bit for each cpu. So it seems virBitmapToDataBuf copies some extra data past the end of the bitmask. Why the "192" value is always set and I typically see similar bogus bits set is still unknown. What is the function meant to assume in this case? Is it sane to assume that the bitmask is the full length of the buffer here and it's the responsibility of the setter of vcpu->cpumask to provide the length of the bitmap we're expecting? Or should we assume that we may receive a shortened bitmask here and expand the bitmask before copying to the buffer? -John

2 2

[libvirt] [PATCH] security: apparmor: make vhost-net access a static rule
by Christian Ehrhardt 10 Apr '19

10 Apr '19

So far we were detecting at guest start if any devices needed vhost net and only if that was true added a rule for /dev/vhost-net. It turns out that it is an absolutely valid case to start a guest without any vhost-net networking but later on wanting to hotplug such a device which then would be denied by apparmor. Unfortunately there also is no security labeling callback involved other than the one to /dev/net/tun. But on the other hand vhost-net is no more new and considered rather safe. Therefore drop the old detection and just add it as a static rule. Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1815910 Signed-off-by: Christian Ehrhardt <christian.ehrhardt(a)canonical.com> --- src/security/apparmor/libvirt-qemu | 1 + src/security/virt-aa-helper.c | 17 +---------------- 2 files changed, 2 insertions(+), 16 deletions(-) diff --git a/src/security/apparmor/libvirt-qemu b/src/security/apparmor/libvirt-qemu index eaa5167525..a71f34c175 100644 --- a/src/security/apparmor/libvirt-qemu +++ b/src/security/apparmor/libvirt-qemu @@ -21,6 +21,7 @@ signal (receive) peer=/usr/sbin/libvirtd, /dev/net/tun rw, + /dev/vhost-net rw, /dev/kvm rw, /dev/ptmx rw, /dev/kqemu rw, diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 8e22e9978a..ebc4feac77 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -937,7 +937,7 @@ get_files(vahControl * ctl) size_t i; char *uuid; char uuidstr[VIR_UUID_STRING_BUFLEN]; - bool needsVfio = false, needsvhost = false; + bool needsVfio = false; /* verify uuid is same as what we were given on the command line */ virUUIDFormat(ctl->def->uuid, uuidstr); @@ -1248,21 +1248,6 @@ get_files(vahControl * ctl) } } - if (ctl->def->virtType == VIR_DOMAIN_VIRT_KVM) { - for (i = 0; i < ctl->def->nnets; i++) { - virDomainNetDefPtr net = ctl->def->nets[i]; - if (net && net->model) { - if (net->driver.virtio.name == VIR_DOMAIN_NET_BACKEND_TYPE_QEMU) - continue; - if (!virDomainNetIsVirtioModel(net)) - continue; - } - needsvhost = true; - } - } - if (needsvhost) - virBufferAddLit(&buf, " \"/dev/vhost-net\" rw,\n"); - if (needsVfio) { virBufferAddLit(&buf, " \"/dev/vfio/vfio\" rw,\n"); virBufferAddLit(&buf, " \"/dev/vfio/[0-9]*\" rw,\n"); -- 2.17.1

2 5

[libvirt] [PATCH 0/3] Replace vmware/esx argv string to VMX_CONFIG_FORMAT_ARGV
by Han Han 09 Apr '19

09 Apr '19

Han Han (3): vmx: Define macro VMX_CONFIG_FORMAT_ARGV for vmware-vmx esx: Use VMX_CONFIG_FORMAT_ARGV for esx naive argv vmware: Use VMX_CONFIG_FORMAT_ARGV for vmware naive argv src/esx/esx_driver.c | 4 ++-- src/vmware/vmware_conf.c | 2 +- src/vmware/vmware_driver.c | 2 +- src/vmx/vmx.h | 2 ++ 4 files changed, 6 insertions(+), 4 deletions(-) -- 2.20.1

2 5

[libvirt] [PATCH 0/5] snapshot coverage in 'make check'
by Eric Blake 08 Apr '19

08 Apr '19

Given that my recent snapshot changes introduced two separate bugs, both of which were fairly easy to reproduce with the test:///default driver, but neither of which caused 'make check' to alert me to the problems, it's high time I submit a test, including enhancing virsh to give me the functionality the test needs. Eric Blake (5): snapshot: Avoid infloop during REDEFINE virsh: Parse # comments in batch mode virsh: Treat any command name starting with # as comment virsh: Add 'echo --err' option snapshot: Add tests of virsh -c test:///default snapshot* src/conf/snapshot_conf.c | 1 + tests/Makefile.am | 3 +- tests/virsh-snapshot | 212 +++++++++++++++++++++++++++++++++++++++ tests/virshtest.c | 7 ++ tools/virsh.pod | 10 +- tools/virt-admin.pod | 7 +- tools/vsh.c | 34 ++++++- 7 files changed, 263 insertions(+), 11 deletions(-) create mode 100755 tests/virsh-snapshot -- 2.20.1

5 11

[libvirt] [PATCH v4 0/2] PPC64 support for NVIDIA V100 GPU with NVLink2 passthrough
by Daniel Henrique Barboza 08 Apr '19

08 Apr '19

This series adds support for a new QEMU feature for the spapr (PPC64) machine, NVIDIA V100 + P9 passthrough. Refer to [1] for the version 7 of this feature (same version used as a reference for this series). changes in v4: - only 2 patches - previous patches 1 and 2 were applied - the detection mechanism was redesigned in patch 3. It is now simpler and shorter after the discussions from the previous version. - previous version can be found at [2] [1] https://patchwork.kernel.org/patch/10848727/ [2] https://www.redhat.com/archives/libvir-list/2019-March/msg00212.html Daniel Henrique Barboza (2): qemu_domain: NVLink2 bridge detection function for PPC64 PPC64 support for NVIDIA V100 GPU with NVLink2 passthrough src/qemu/qemu_domain.c | 71 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 69 insertions(+), 2 deletions(-) -- 2.20.1

6 16