[PATCH] security: don't fail if built without attr support
by Christian Ehrhardt
If built without attr support removing any image will trigger
qemuBlockRemoveImageMetadata (the one that emits the warning)
-> qemuSecurityMoveImageMetadata
-> virSecurityManagerMoveImageMetadata
-> virSecurityDACMoveImageMetadata
-> virSecurityDACMoveImageMetadataHelper
-> virProcessRunInFork (spawns subprocess)
-> virSecurityMoveRememberedLabel
In there due to !HAVE_LIBATTR virFileGetXAttrQuiet will return
ENOSYS and from there the chain will error out.
That is wrong and looks like:
libvirtd[6320]: internal error: child reported (status=125):
libvirtd[6320]: Unable to remove disk metadata on vm testguest from
/var/lib/uvtool/libvirt/images/testguest.qcow (disk target vda)
This change makes virSecurityDACMoveImageMetadataHelper accept that
error code gracefully and in that sense it is an extension of:
5214b2f1a3f "security: Don't skip label restore on file systems lacking XATTRs"
which does the same for other call chains into the virFile*XAttr functions.
Signed-off-by: Christian Ehrhardt <christian.ehrhardt(a)canonical.com>
---
src/security/security_dac.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index bdc2d7edf3..7b95a6f86d 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -1117,6 +1117,12 @@ virSecurityDACMoveImageMetadataHelper(pid_t pid G_GNUC_UNUSED,
ret = virSecurityMoveRememberedLabel(SECURITY_DAC_NAME, data->src, data->dst);
virSecurityManagerMetadataUnlock(data->mgr, &state);
+
+ if (ret == -2) {
+ /* Libvirt built without XATTRS */
+ ret = 0;
+ }
+
return ret;
}
--
2.26.0
4 years, 10 months
[libvirt PATCH] scripts: Fix E741 that pycodesyle is pointing out during syntax-check
by Erik Skultety
With newer pycodestyle 2.6.0 (which is part of flake8-3.8.2) reports
the following pep violation during syntax-check:
../scripts/check-remote-protocol.py:95:9: E741 ambiguous variable name 'l'
for l in err.strip().split("\n")
On all the distros we test on, this hasn't occurred yet, but with the
future update of flake8 it likely would. The fix is easy, just name the
variable appropriately.
Signed-off-by: Erik Skultety <eskultet(a)redhat.com>
---
The weird thing is that E741 checking has been in pycodestyle since 2.1.0 [1],
we now have 2.5.0 and yet only 2.6.0 is complaining about it
[1] https://pycodestyle.pycqa.org/en/latest/developer.html#id8
scripts/check-remote-protocol.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/scripts/check-remote-protocol.py b/scripts/check-remote-protocol.py
index 25caa19563..cf9e3f84a1 100644
--- a/scripts/check-remote-protocol.py
+++ b/scripts/check-remote-protocol.py
@@ -92,8 +92,8 @@ if out == "" or pdwtagsproc.returncode != 0:
else:
print("WARNING: exit code %d, pdwtags appears broken:" %
pdwtagsproc.returncode, file=sys.stderr)
- for l in err.strip().split("\n"):
- print("WARNING: %s" % l, file=sys.stderr)
+ for line in err.strip().split("\n"):
+ print("WARNING: %s" % line, file=sys.stderr)
print("WARNING: skipping the remote protocol test", file=sys.stderr)
sys.exit(0)
--
2.25.4
4 years, 10 months
[PATCH v2 0/3] Support network interface downscript
by Chen Hanxiao
QEMU has the ability to run a script when a NIC is brought up and down.
Libvirt only enables use of the up script at this time.
This series add support for postscript when NIC is down/detached.
Chen Hanxiao (3):
interface: introduce downscript
downscript: add support for booting and hotplug interface
downscript: docs: add docs and news
docs/formatdomain.html.in | 6 ++-
docs/news.xml | 10 +++++
docs/schemas/domaincommon.rng | 8 ++++
src/conf/domain_conf.c | 9 ++++
src/conf/domain_conf.h | 1 +
src/qemu/qemu_extdevice.c | 4 ++
src/qemu/qemu_hotplug.c | 3 ++
tests/qemuxml2argvdata/downscript.xml | 60 +++++++++++++++++++++++++
tests/qemuxml2xmloutdata/downscript.xml | 60 +++++++++++++++++++++++++
tests/qemuxml2xmltest.c | 1 +
10 files changed, 161 insertions(+), 1 deletion(-)
create mode 100644 tests/qemuxml2argvdata/downscript.xml
create mode 100644 tests/qemuxml2xmloutdata/downscript.xml
--
2.23.0
4 years, 10 months
[libvirt PATCH 0/6] qemu: Invalidate capabilities when host CPU changes
by Jiri Denemark
The host CPU related info stored in the capabilities cache is no longer
valid after the host CPU changes. This is not a frequent situation in
real world, but it can easily happen in nested scenarios when a disk
image is started with various CPUs.
https://bugzilla.redhat.com/show_bug.cgi?id=1778819
Jiri Denemark (6):
util: Define g_autoptr callback for FILE
hostcpu: Introduce virHostCPUGetSignature
hostcpu: Implement virHostCPUGetSignature for x86
hostcpu: Implement virHostCPUGetSignature for ppc64
hostcpu: Implement virHostCPUGetSignature for s390
qemu: Invalidate capabilities when host CPU changes
src/libvirt_private.syms | 2 +
src/qemu/qemu_capabilities.c | 24 ++++
src/qemu/qemu_capspriv.h | 1 +
src/util/virfile.h | 1 +
src/util/virhostcpu.c | 111 ++++++++++++++++++
src/util/virhostcpu.h | 2 +
src/util/virhostcpupriv.h | 4 +
tests/qemucapsprobe.c | 2 +-
.../linux-ppc64-deconf-cpus.signature | 1 +
.../linux-ppc64-subcores1.signature | 1 +
.../linux-ppc64-subcores2.signature | 1 +
.../linux-ppc64-subcores3.signature | 1 +
.../linux-s390x-with-frequency.signature | 1 +
.../linux-x86_64-test1.signature | 1 +
.../linux-x86_64-test2.signature | 1 +
.../linux-x86_64-test3.signature | 1 +
.../linux-x86_64-test4.signature | 1 +
.../linux-x86_64-test5.signature | 1 +
.../linux-x86_64-test6.signature | 1 +
.../linux-x86_64-test7.signature | 1 +
.../linux-x86_64-test8.signature | 1 +
.../linux-x86_64-with-die.signature | 1 +
tests/virhostcputest.c | 42 ++++++-
23 files changed, 201 insertions(+), 2 deletions(-)
create mode 100644 tests/virhostcpudata/linux-ppc64-deconf-cpus.signature
create mode 100644 tests/virhostcpudata/linux-ppc64-subcores1.signature
create mode 100644 tests/virhostcpudata/linux-ppc64-subcores2.signature
create mode 100644 tests/virhostcpudata/linux-ppc64-subcores3.signature
create mode 100644 tests/virhostcpudata/linux-s390x-with-frequency.signature
create mode 100644 tests/virhostcpudata/linux-x86_64-test1.signature
create mode 100644 tests/virhostcpudata/linux-x86_64-test2.signature
create mode 100644 tests/virhostcpudata/linux-x86_64-test3.signature
create mode 100644 tests/virhostcpudata/linux-x86_64-test4.signature
create mode 100644 tests/virhostcpudata/linux-x86_64-test5.signature
create mode 100644 tests/virhostcpudata/linux-x86_64-test6.signature
create mode 100644 tests/virhostcpudata/linux-x86_64-test7.signature
create mode 100644 tests/virhostcpudata/linux-x86_64-test8.signature
create mode 100644 tests/virhostcpudata/linux-x86_64-with-die.signature
--
2.26.2
4 years, 10 months
[PATCH 0/5] qemuProcessUpdateCPU: do not change 'fallback' for pSeries guests
by Daniel Henrique Barboza
Hi,
Patch 5/5 contains a fix for [1]. The first 4 patches are
g_auto() cleanups I made along the way while investigating
the bug.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1660711
Daniel Henrique Barboza (5):
cpu_conf.c: modernize virCPUDefCopyWithoutModel and virCPUDefCopy
cpu_arm.c: modernize virCPUarmUpdate
cpu_s390.c: modernize virCPUs390Update
qemu_process.c: modernize qemuProcessUpdateCPU code path
qemuProcessUpdateCPU: do not change 'fallback' to ALLOW for pSeries
guests
src/conf/cpu_conf.c | 22 +++++-----------
src/cpu/cpu_arm.c | 14 ++++------
src/cpu/cpu_s390.c | 18 +++++--------
src/qemu/qemu_process.c | 58 +++++++++++++++++------------------------
4 files changed, 43 insertions(+), 69 deletions(-)
--
2.26.2
4 years, 10 months
[libvirt PATCH 0/3] cpu_map: Add Cooperlake x86 CPU model
by Jiri Denemark
Jiri Denemark (3):
cputest: Add data for Cooperlake CPU
cpu_map: Add pschange-mc-no bit in IA32_ARCH_CAPABILITIES MSR
cpu_map: Add Cooperlake x86 CPU model
src/cpu_map/index.xml | 1 +
src/cpu_map/x86_Cooperlake.xml | 90 +
src/cpu_map/x86_features.xml | 3 +
tests/cputest.c | 1 +
.../x86_64-cpuid-Cooperlake-disabled.xml | 7 +
.../x86_64-cpuid-Cooperlake-enabled.xml | 11 +
.../x86_64-cpuid-Cooperlake-guest.xml | 32 +
.../x86_64-cpuid-Cooperlake-host.xml | 33 +
.../x86_64-cpuid-Cooperlake-json.xml | 15 +
.../cputestdata/x86_64-cpuid-Cooperlake.json | 1574 +++++++++++++++++
tests/cputestdata/x86_64-cpuid-Cooperlake.sig | 4 +
tests/cputestdata/x86_64-cpuid-Cooperlake.xml | 68 +
.../x86_64-cpuid-Core-i7-8550U-enabled.xml | 2 +-
.../x86_64-cpuid-Core-i7-8550U-guest.xml | 1 +
.../x86_64-cpuid-Core-i7-8550U-host.xml | 1 +
.../x86_64-cpuid-Core-i7-8550U-json.xml | 1 +
...64-cpuid-Ryzen-9-3900X-12-Core-enabled.xml | 2 +-
...6_64-cpuid-Ryzen-9-3900X-12-Core-guest.xml | 1 +
...86_64-cpuid-Ryzen-9-3900X-12-Core-host.xml | 1 +
...86_64-cpuid-Ryzen-9-3900X-12-Core-json.xml | 1 +
...86_64-cpuid-Xeon-Platinum-9242-enabled.xml | 2 +-
.../x86_64-cpuid-Xeon-Platinum-9242-json.xml | 1 +
.../domaincapsdata/qemu_4.2.0-q35.x86_64.xml | 1 +
tests/domaincapsdata/qemu_4.2.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_5.0.0-q35.x86_64.xml | 2 +
.../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml | 1 +
tests/domaincapsdata/qemu_5.0.0.x86_64.xml | 2 +
.../domaincapsdata/qemu_5.1.0-q35.x86_64.xml | 2 +
.../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml | 1 +
tests/domaincapsdata/qemu_5.1.0.x86_64.xml | 2 +
30 files changed, 1861 insertions(+), 3 deletions(-)
create mode 100644 src/cpu_map/x86_Cooperlake.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Cooperlake-disabled.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Cooperlake-enabled.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Cooperlake-guest.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Cooperlake-host.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Cooperlake-json.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Cooperlake.json
create mode 100644 tests/cputestdata/x86_64-cpuid-Cooperlake.sig
create mode 100644 tests/cputestdata/x86_64-cpuid-Cooperlake.xml
--
2.26.2
4 years, 10 months
[PATCH 0/3] Support network interface downscript
by Chen Hanxiao
QEMU has the ability to run a script when a NIC is brought up and down.
Libvirt only enables use of the up script at this time.
This series add support for postscript when NIC is down/detached.
Chen Hanxiao (3):
downscript: Support network interface downscript
downscript: add test case
doc: downscript: updating the documentation
docs/formatdomain.html.in | 6 ++-
docs/schemas/domaincommon.rng | 8 ++++
src/conf/domain_conf.c | 9 ++++
src/conf/domain_conf.h | 1 +
src/qemu/qemu_extdevice.c | 4 ++
src/qemu/qemu_hotplug.c | 6 +++
tests/qemuxml2argvdata/downscript.xml | 60 +++++++++++++++++++++++++
tests/qemuxml2xmloutdata/downscript.xml | 60 +++++++++++++++++++++++++
tests/qemuxml2xmltest.c | 1 +
9 files changed, 154 insertions(+), 1 deletion(-)
create mode 100644 tests/qemuxml2argvdata/downscript.xml
create mode 100644 tests/qemuxml2xmloutdata/downscript.xml
--
2.23.0
4 years, 10 months
[PATCH v2 1/3] libxl: Add 'permissive' option for PCI devices
by Marek Marczykowski-Górecki
From: Simon Gaiser <simon(a)invisiblethingslab.com>
By setting the permissive flag the Xen guest access to the PCI config space
is not filtered. This might be a security risk, but it's required for
some devices and the IOMMU and interrupt remapping should (mostly?)
contain it. Because of it (and that the attribute is Xen only), in an
example include "permissive='no'" - to not expose users copying from
documentation to extra risk.
Example usage:
<devices>
...
<hostdev mode='subsystem' type='pci' managed='yes' permissive='yes'>
<source>
<address domain='0x0000' bus='0x06' slot='0x02' function='0x0'/>
</source>
</hostdev>
</devices>
Signed-off-by: Simon Gaiser <simon(a)invisiblethingslab.com>
Signed-off-by: Marek Marczykowski-Górecki <marmarek(a)invisiblethingslab.com>
---
Changes in v2:
- improve documentation (version info, example)
- update schema
- use virTristateBool
- add a test
- improve commit message
- news entry
---
docs/formatdomain.html.in | 7 +++++--
docs/news.xml | 11 +++++++++++-
docs/schemas/domaincommon.rng | 10 ++++++++++-
src/conf/domain_conf.c | 19 +++++++++++++++++++-
src/conf/domain_conf.h | 1 +-
src/libxl/libxl_conf.c | 1 +-
tests/libxlxml2domconfigdata/moredevs-hvm.json | 6 ++++++-
tests/libxlxml2domconfigdata/moredevs-hvm.xml | 5 +++++-
8 files changed, 58 insertions(+), 2 deletions(-)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index c530573..0d1146e 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -4987,7 +4987,7 @@
<pre>
...
<devices>
- <hostdev mode='subsystem' type='pci' managed='yes'>
+ <hostdev mode='subsystem' type='pci' managed='yes' permissive='no'>
<source>
<address domain='0x0000' bus='0x06' slot='0x02' function='0x0'/>
</source>
@@ -5082,7 +5082,10 @@
(or <code>virsh nodedev-detach</code> before starting the guest
or hot-plugging the device and <code>virNodeDeviceReAttach</code>
(or <code>virsh nodedev-reattach</code>) after hot-unplug or
- stopping the guest.
+ stopping the guest. When <code>permissive</code>
+ (<span class="since">since 6.3.0, Xen only</span>) is "yes"
+ the pci config space access will not be filtered. This might be
+ a security issue. The default is "no".
</dd>
<dt><code>scsi</code></dt>
<dd>For SCSI devices, user is responsible to make sure the device
diff --git a/docs/news.xml b/docs/news.xml
index 5835013..a8e992a 100644
--- a/docs/news.xml
+++ b/docs/news.xml
@@ -109,6 +109,17 @@
and/or fine tuned per individual host.
</description>
</change>
+ <change>
+ <summary>
+ xen: Add support for 'permissive' PCI device option
+ </summary>
+ <description>
+ <code>permissive</code> is a Xen-specific PCI device option that
+ disables config space write filtering. It is needed for proper
+ functioning of some devices using non-standard config space
+ registers.
+ </description>
+ </change>
</section>
<section title="Improvements">
</section>
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 7f18e5b..5a71222 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -3065,6 +3065,11 @@
<ref name="virYesNo"/>
</attribute>
</optional>
+ <optional>
+ <attribute name="permissive">
+ <ref name="virYesNo"/>
+ </attribute>
+ </optional>
<interleave>
<element name="source">
<optional>
@@ -4899,6 +4904,11 @@
<ref name="virYesNo"/>
</attribute>
</optional>
+ <optional>
+ <attribute name="permissive">
+ <ref name="virYesNo"/>
+ </attribute>
+ </optional>
<choice>
<ref name="hostdevsubsyspci"/>
<ref name="hostdevsubsysusb"/>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 89cd8c5..fe1a864 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -8434,6 +8434,7 @@ virDomainHostdevDefParseXMLSubsys(xmlNodePtr node,
virDomainHostdevSubsysSCSIVHostPtr scsihostsrc = &def->source.subsys.u.scsi_host;
virDomainHostdevSubsysMediatedDevPtr mdevsrc = &def->source.subsys.u.mdev;
g_autofree char *managed = NULL;
+ g_autofree char *permissive = NULL;
g_autofree char *sgio = NULL;
g_autofree char *rawio = NULL;
g_autofree char *backendStr = NULL;
@@ -8449,6 +8450,15 @@ virDomainHostdevDefParseXMLSubsys(xmlNodePtr node,
if ((managed = virXMLPropString(node, "managed")) != NULL)
ignore_value(virStringParseYesNo(managed, &def->managed));
+ if ((permissive = virXMLPropString(node, "permissive")) != NULL) {
+ if ((def->permissive = virTristateBoolTypeFromString(permissive)) < 0) {
+ virReportError(VIR_ERR_XML_ERROR,
+ _("unknown hostdev permissive setting '%s'"),
+ permissive);
+ return -1;
+ }
+ }
+
sgio = virXMLPropString(node, "sgio");
rawio = virXMLPropString(node, "rawio");
model = virXMLPropString(node, "model");
@@ -26091,6 +26101,9 @@ virDomainActualNetDefFormat(virBufferPtr buf,
virDomainHostdevDefPtr hostdef = virDomainNetGetActualHostdev(def);
if (hostdef && hostdef->managed)
virBufferAddLit(buf, " managed='yes'");
+ if (hostdef && hostdef->permissive)
+ virBufferAsprintf(buf, " permissive='%s'",
+ virTristateBoolTypeToString(hostdef->permissive));
}
if (def->trustGuestRxFilters)
virBufferAsprintf(buf, " trustGuestRxFilters='%s'",
@@ -26279,6 +26292,9 @@ virDomainNetDefFormat(virBufferPtr buf,
virBufferAsprintf(buf, "<interface type='%s'", typeStr);
if (hostdef && hostdef->managed)
virBufferAddLit(buf, " managed='yes'");
+ if (hostdef && hostdef->permissive)
+ virBufferAsprintf(buf, " permissive='%s'",
+ virTristateBoolTypeToString(hostdef->permissive));
if (def->trustGuestRxFilters)
virBufferAsprintf(buf, " trustGuestRxFilters='%s'",
virTristateBoolTypeToString(def->trustGuestRxFilters));
@@ -28063,6 +28079,9 @@ virDomainHostdevDefFormat(virBufferPtr buf,
if (def->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS) {
virBufferAsprintf(buf, " managed='%s'",
def->managed ? "yes" : "no");
+ if (def->permissive)
+ virBufferAsprintf(buf, " permissive='%s'",
+ virTristateBoolTypeToString(def->permissive));
if (def->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI &&
scsisrc->sgio)
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index ecb80ef..24ec03c 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -345,6 +345,7 @@ struct _virDomainHostdevDef {
bool missing;
bool readonly;
bool shareable;
+ virTristateBool permissive;
union {
virDomainHostdevSubsys subsys;
virDomainHostdevCaps caps;
diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c
index 458dfc2..23dd0e4 100644
--- a/src/libxl/libxl_conf.c
+++ b/src/libxl/libxl_conf.c
@@ -2284,6 +2284,7 @@ libxlMakePCI(virDomainHostdevDefPtr hostdev, libxl_device_pci *pcidev)
pcidev->bus = pcisrc->addr.bus;
pcidev->dev = pcisrc->addr.slot;
pcidev->func = pcisrc->addr.function;
+ pcidev->permissive = hostdev->permissive == VIR_TRISTATE_BOOL_YES;
return 0;
}
diff --git a/tests/libxlxml2domconfigdata/moredevs-hvm.json b/tests/libxlxml2domconfigdata/moredevs-hvm.json
index 7bfd68b..474aa2c 100644
--- a/tests/libxlxml2domconfigdata/moredevs-hvm.json
+++ b/tests/libxlxml2domconfigdata/moredevs-hvm.json
@@ -88,6 +88,12 @@
"dev": 16,
"bus": 10,
"rdm_policy": "invalid"
+ },
+ {
+ "dev": 8,
+ "bus": 10,
+ "permissive": true,
+ "rdm_policy": "invalid"
}
],
"vfbs": [
diff --git a/tests/libxlxml2domconfigdata/moredevs-hvm.xml b/tests/libxlxml2domconfigdata/moredevs-hvm.xml
index f7eb09f..1b6b738 100644
--- a/tests/libxlxml2domconfigdata/moredevs-hvm.xml
+++ b/tests/libxlxml2domconfigdata/moredevs-hvm.xml
@@ -48,6 +48,11 @@
<address type='pci' domain='0x0000' bus='0x0a' slot='0x10' function='0x0'/>
</source>
</interface>
+ <hostdev mode='subsystem' type='pci' managed='yes' permissive='yes'>
+ <source>
+ <address domain='0x0000' bus='0x0a' slot='0x08' function='0x0'/>
+ </source>
+ </hostdev>
<graphics type='vnc'/>
<video>
<model type='cirrus' vram='8192' heads='1' primary='yes'/>
base-commit: c3ace7e234ccd43d5a008d93e122e6d47cd58e17
--
git-series 0.9.1
4 years, 11 months
