May 2020 - Devel - libvirt List Archives

[PATCH] Don't require secdrivers to implement .domainMoveImageMetadata
by Michal Privoznik 26 May '20

26 May '20

The AppArmor secdriver does not use labels to grant access to resources. Therefore, it doesn't use XATTRs and hence it lacks implementation of .domainMoveImageMetadata callback. This leads to a harmless but needless error message appearing in the logs: virSecurityManagerMoveImageMetadata:476 : this function is not supported by the connection driver: virSecurityManagerMoveImageMetadata Closes: https://gitlab.com/libvirt/libvirt/-/issues/25 Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- src/security/security_manager.c | 3 +-- src/security/security_nop.c | 10 ---------- 2 files changed, 1 insertion(+), 12 deletions(-) diff --git a/src/security/security_manager.c b/src/security/security_manager.c index 2dea294784..b1237d63b6 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -473,8 +473,7 @@ virSecurityManagerMoveImageMetadata(virSecurityManagerPtr mgr, return ret; } - virReportUnsupportedError(); - return -1; + return 0; } diff --git a/src/security/security_nop.c b/src/security/security_nop.c index c1856eb421..d5f715b916 100644 --- a/src/security/security_nop.c +++ b/src/security/security_nop.c @@ -225,15 +225,6 @@ virSecurityDomainSetImageLabelNop(virSecurityManagerPtr mgr G_GNUC_UNUSED, return 0; } -static int -virSecurityDomainMoveImageMetadataNop(virSecurityManagerPtr mgr G_GNUC_UNUSED, - pid_t pid G_GNUC_UNUSED, - virStorageSourcePtr src G_GNUC_UNUSED, - virStorageSourcePtr dst G_GNUC_UNUSED) -{ - return 0; -} - static int virSecurityDomainSetMemoryLabelNop(virSecurityManagerPtr mgr G_GNUC_UNUSED, virDomainDefPtr def G_GNUC_UNUSED, @@ -290,7 +281,6 @@ virSecurityDriver virSecurityDriverNop = { .domainSetSecurityImageLabel = virSecurityDomainSetImageLabelNop, .domainRestoreSecurityImageLabel = virSecurityDomainRestoreImageLabelNop, - .domainMoveImageMetadata = virSecurityDomainMoveImageMetadataNop, .domainSetSecurityMemoryLabel = virSecurityDomainSetMemoryLabelNop, .domainRestoreSecurityMemoryLabel = virSecurityDomainRestoreMemoryLabelNop, -- 2.26.2

3 8

[PATCH] security: don't fail if built without attr support
by Christian Ehrhardt 26 May '20

26 May '20

If built without attr support removing any image will trigger qemuBlockRemoveImageMetadata (the one that emits the warning) -> qemuSecurityMoveImageMetadata -> virSecurityManagerMoveImageMetadata -> virSecurityDACMoveImageMetadata -> virSecurityDACMoveImageMetadataHelper -> virProcessRunInFork (spawns subprocess) -> virSecurityMoveRememberedLabel In there due to !HAVE_LIBATTR virFileGetXAttrQuiet will return ENOSYS and from there the chain will error out. That is wrong and looks like: libvirtd[6320]: internal error: child reported (status=125): libvirtd[6320]: Unable to remove disk metadata on vm testguest from /var/lib/uvtool/libvirt/images/testguest.qcow (disk target vda) This change makes virSecurityDACMoveImageMetadataHelper accept that error code gracefully and in that sense it is an extension of: 5214b2f1a3f "security: Don't skip label restore on file systems lacking XATTRs" which does the same for other call chains into the virFile*XAttr functions. Signed-off-by: Christian Ehrhardt <christian.ehrhardt(a)canonical.com> --- src/security/security_dac.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index bdc2d7edf3..7b95a6f86d 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -1117,6 +1117,12 @@ virSecurityDACMoveImageMetadataHelper(pid_t pid G_GNUC_UNUSED, ret = virSecurityMoveRememberedLabel(SECURITY_DAC_NAME, data->src, data->dst); virSecurityManagerMetadataUnlock(data->mgr, &state); + + if (ret == -2) { + /* Libvirt built without XATTRS */ + ret = 0; + } + return ret; } -- 2.26.0

2 1

[libvirt PATCH] scripts: Fix E741 that pycodesyle is pointing out during syntax-check
by Erik Skultety 26 May '20

26 May '20

With newer pycodestyle 2.6.0 (which is part of flake8-3.8.2) reports the following pep violation during syntax-check: ../scripts/check-remote-protocol.py:95:9: E741 ambiguous variable name 'l' for l in err.strip().split("\n") On all the distros we test on, this hasn't occurred yet, but with the future update of flake8 it likely would. The fix is easy, just name the variable appropriately. Signed-off-by: Erik Skultety <eskultet(a)redhat.com> --- The weird thing is that E741 checking has been in pycodestyle since 2.1.0 [1], we now have 2.5.0 and yet only 2.6.0 is complaining about it [1] https://pycodestyle.pycqa.org/en/latest/developer.html#id8 scripts/check-remote-protocol.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/check-remote-protocol.py b/scripts/check-remote-protocol.py index 25caa19563..cf9e3f84a1 100644 --- a/scripts/check-remote-protocol.py +++ b/scripts/check-remote-protocol.py @@ -92,8 +92,8 @@ if out == "" or pdwtagsproc.returncode != 0: else: print("WARNING: exit code %d, pdwtags appears broken:" % pdwtagsproc.returncode, file=sys.stderr) - for l in err.strip().split("\n"): - print("WARNING: %s" % l, file=sys.stderr) + for line in err.strip().split("\n"): + print("WARNING: %s" % line, file=sys.stderr) print("WARNING: skipping the remote protocol test", file=sys.stderr) sys.exit(0) -- 2.25.4

3 4

"http://libvirt.org/schemas/domain/qemu/1.0" returns 404 error
by Yan Fu 26 May '20

26 May '20

Hello everyone, The XML namespace request website can not be accessed with 404 error: http://libvirt.org/schemas/domain/qemu/1.0 Could anyone help to fix it please? Thanks, Yan Fu

2 1

[PATCH v2 0/3] Support network interface downscript
by Chen Hanxiao 25 May '20

25 May '20

QEMU has the ability to run a script when a NIC is brought up and down. Libvirt only enables use of the up script at this time. This series add support for postscript when NIC is down/detached. Chen Hanxiao (3): interface: introduce downscript downscript: add support for booting and hotplug interface downscript: docs: add docs and news docs/formatdomain.html.in | 6 ++- docs/news.xml | 10 +++++ docs/schemas/domaincommon.rng | 8 ++++ src/conf/domain_conf.c | 9 ++++ src/conf/domain_conf.h | 1 + src/qemu/qemu_extdevice.c | 4 ++ src/qemu/qemu_hotplug.c | 3 ++ tests/qemuxml2argvdata/downscript.xml | 60 +++++++++++++++++++++++++ tests/qemuxml2xmloutdata/downscript.xml | 60 +++++++++++++++++++++++++ tests/qemuxml2xmltest.c | 1 + 10 files changed, 161 insertions(+), 1 deletion(-) create mode 100644 tests/qemuxml2argvdata/downscript.xml create mode 100644 tests/qemuxml2xmloutdata/downscript.xml -- 2.23.0

2 4

[PATCH v2 0/1] qemuProcessRefreshCPU: skip 'host-model' code
by Daniel Henrique Barboza 25 May '20

25 May '20

changes in v2: - resending only patch 5/5 - changed the 'if' placement to qemuProcessRefreshCPU as suggested by Jiri Denemark - changed the commit msg to reflect the new intention of the patch link to v1: https://www.redhat.com/archives/libvir-list/2020-May/msg01049.html Daniel Henrique Barboza (1): qemuProcessRefreshCPU: skip 'host-model' logic for pSeries guests src/qemu/qemu_process.c | 9 +++++++++ 1 file changed, 9 insertions(+) -- 2.26.2

2 2

[libvirt PATCH 0/6] qemu: Invalidate capabilities when host CPU changes
by Jiri Denemark 25 May '20

25 May '20

The host CPU related info stored in the capabilities cache is no longer valid after the host CPU changes. This is not a frequent situation in real world, but it can easily happen in nested scenarios when a disk image is started with various CPUs. https://bugzilla.redhat.com/show_bug.cgi?id=1778819 Jiri Denemark (6): util: Define g_autoptr callback for FILE hostcpu: Introduce virHostCPUGetSignature hostcpu: Implement virHostCPUGetSignature for x86 hostcpu: Implement virHostCPUGetSignature for ppc64 hostcpu: Implement virHostCPUGetSignature for s390 qemu: Invalidate capabilities when host CPU changes src/libvirt_private.syms | 2 + src/qemu/qemu_capabilities.c | 24 ++++ src/qemu/qemu_capspriv.h | 1 + src/util/virfile.h | 1 + src/util/virhostcpu.c | 111 ++++++++++++++++++ src/util/virhostcpu.h | 2 + src/util/virhostcpupriv.h | 4 + tests/qemucapsprobe.c | 2 +- .../linux-ppc64-deconf-cpus.signature | 1 + .../linux-ppc64-subcores1.signature | 1 + .../linux-ppc64-subcores2.signature | 1 + .../linux-ppc64-subcores3.signature | 1 + .../linux-s390x-with-frequency.signature | 1 + .../linux-x86_64-test1.signature | 1 + .../linux-x86_64-test2.signature | 1 + .../linux-x86_64-test3.signature | 1 + .../linux-x86_64-test4.signature | 1 + .../linux-x86_64-test5.signature | 1 + .../linux-x86_64-test6.signature | 1 + .../linux-x86_64-test7.signature | 1 + .../linux-x86_64-test8.signature | 1 + .../linux-x86_64-with-die.signature | 1 + tests/virhostcputest.c | 42 ++++++- 23 files changed, 201 insertions(+), 2 deletions(-) create mode 100644 tests/virhostcpudata/linux-ppc64-deconf-cpus.signature create mode 100644 tests/virhostcpudata/linux-ppc64-subcores1.signature create mode 100644 tests/virhostcpudata/linux-ppc64-subcores2.signature create mode 100644 tests/virhostcpudata/linux-ppc64-subcores3.signature create mode 100644 tests/virhostcpudata/linux-s390x-with-frequency.signature create mode 100644 tests/virhostcpudata/linux-x86_64-test1.signature create mode 100644 tests/virhostcpudata/linux-x86_64-test2.signature create mode 100644 tests/virhostcpudata/linux-x86_64-test3.signature create mode 100644 tests/virhostcpudata/linux-x86_64-test4.signature create mode 100644 tests/virhostcpudata/linux-x86_64-test5.signature create mode 100644 tests/virhostcpudata/linux-x86_64-test6.signature create mode 100644 tests/virhostcpudata/linux-x86_64-test7.signature create mode 100644 tests/virhostcpudata/linux-x86_64-test8.signature create mode 100644 tests/virhostcpudata/linux-x86_64-with-die.signature -- 2.26.2

4 12

[PATCH 0/5] qemuProcessUpdateCPU: do not change 'fallback' for pSeries guests
by Daniel Henrique Barboza 25 May '20

25 May '20

Hi, Patch 5/5 contains a fix for [1]. The first 4 patches are g_auto() cleanups I made along the way while investigating the bug. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1660711 Daniel Henrique Barboza (5): cpu_conf.c: modernize virCPUDefCopyWithoutModel and virCPUDefCopy cpu_arm.c: modernize virCPUarmUpdate cpu_s390.c: modernize virCPUs390Update qemu_process.c: modernize qemuProcessUpdateCPU code path qemuProcessUpdateCPU: do not change 'fallback' to ALLOW for pSeries guests src/conf/cpu_conf.c | 22 +++++----------- src/cpu/cpu_arm.c | 14 ++++------ src/cpu/cpu_s390.c | 18 +++++-------- src/qemu/qemu_process.c | 58 +++++++++++++++++------------------------ 4 files changed, 43 insertions(+), 69 deletions(-) -- 2.26.2

2 11

[libvirt PATCH 0/3] cpu_map: Add Cooperlake x86 CPU model
by Jiri Denemark 25 May '20

25 May '20

Jiri Denemark (3): cputest: Add data for Cooperlake CPU cpu_map: Add pschange-mc-no bit in IA32_ARCH_CAPABILITIES MSR cpu_map: Add Cooperlake x86 CPU model src/cpu_map/index.xml | 1 + src/cpu_map/x86_Cooperlake.xml | 90 + src/cpu_map/x86_features.xml | 3 + tests/cputest.c | 1 + .../x86_64-cpuid-Cooperlake-disabled.xml | 7 + .../x86_64-cpuid-Cooperlake-enabled.xml | 11 + .../x86_64-cpuid-Cooperlake-guest.xml | 32 + .../x86_64-cpuid-Cooperlake-host.xml | 33 + .../x86_64-cpuid-Cooperlake-json.xml | 15 + .../cputestdata/x86_64-cpuid-Cooperlake.json | 1574 +++++++++++++++++ tests/cputestdata/x86_64-cpuid-Cooperlake.sig | 4 + tests/cputestdata/x86_64-cpuid-Cooperlake.xml | 68 + .../x86_64-cpuid-Core-i7-8550U-enabled.xml | 2 +- .../x86_64-cpuid-Core-i7-8550U-guest.xml | 1 + .../x86_64-cpuid-Core-i7-8550U-host.xml | 1 + .../x86_64-cpuid-Core-i7-8550U-json.xml | 1 + ...64-cpuid-Ryzen-9-3900X-12-Core-enabled.xml | 2 +- ...6_64-cpuid-Ryzen-9-3900X-12-Core-guest.xml | 1 + ...86_64-cpuid-Ryzen-9-3900X-12-Core-host.xml | 1 + ...86_64-cpuid-Ryzen-9-3900X-12-Core-json.xml | 1 + ...86_64-cpuid-Xeon-Platinum-9242-enabled.xml | 2 +- .../x86_64-cpuid-Xeon-Platinum-9242-json.xml | 1 + .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml | 2 + .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.x86_64.xml | 2 + .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml | 2 + .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_5.1.0.x86_64.xml | 2 + 30 files changed, 1861 insertions(+), 3 deletions(-) create mode 100644 src/cpu_map/x86_Cooperlake.xml create mode 100644 tests/cputestdata/x86_64-cpuid-Cooperlake-disabled.xml create mode 100644 tests/cputestdata/x86_64-cpuid-Cooperlake-enabled.xml create mode 100644 tests/cputestdata/x86_64-cpuid-Cooperlake-guest.xml create mode 100644 tests/cputestdata/x86_64-cpuid-Cooperlake-host.xml create mode 100644 tests/cputestdata/x86_64-cpuid-Cooperlake-json.xml create mode 100644 tests/cputestdata/x86_64-cpuid-Cooperlake.json create mode 100644 tests/cputestdata/x86_64-cpuid-Cooperlake.sig create mode 100644 tests/cputestdata/x86_64-cpuid-Cooperlake.xml -- 2.26.2

2 4

[PATCH 0/3] Support network interface downscript
by Chen Hanxiao 25 May '20

25 May '20

QEMU has the ability to run a script when a NIC is brought up and down. Libvirt only enables use of the up script at this time. This series add support for postscript when NIC is down/detached. Chen Hanxiao (3): downscript: Support network interface downscript downscript: add test case doc: downscript: updating the documentation docs/formatdomain.html.in | 6 ++- docs/schemas/domaincommon.rng | 8 ++++ src/conf/domain_conf.c | 9 ++++ src/conf/domain_conf.h | 1 + src/qemu/qemu_extdevice.c | 4 ++ src/qemu/qemu_hotplug.c | 6 +++ tests/qemuxml2argvdata/downscript.xml | 60 +++++++++++++++++++++++++ tests/qemuxml2xmloutdata/downscript.xml | 60 +++++++++++++++++++++++++ tests/qemuxml2xmltest.c | 1 + 9 files changed, 154 insertions(+), 1 deletion(-) create mode 100644 tests/qemuxml2argvdata/downscript.xml create mode 100644 tests/qemuxml2xmloutdata/downscript.xml -- 2.23.0

2 7