[PATCH] qemu_process: Release domain seclabel later in qemuProcessStop()
by Michal Privoznik
Some secdrivers (typically SELinux driver) generate unique
dynamic seclabel for each domain (unless a static one is
requested in domain XML). This is achieved by calling
qemuSecurityGenLabel() from qemuProcessPrepareDomain() which
allocates unique seclabel and stores it in domain def->seclabels.
The counterpart is qemuSecurityReleaseLabel() which releases the
label and removes it from def->seclabels. Problem is, that with
current code the qemuProcessStop() may still want to use the
seclabel after it was released, e.g. when it wants to restore the
label of a disk mirror.
What is happening now, is that in qemuProcessStop() the
qemuSecurityReleaseLabel() is called, which removes the SELinux
seclabel from def->seclabels, yada yada yada and eventually
qemuSecurityRestoreImageLabel() is called. This bubbles down to
virSecuritySELinuxRestoreImageLabelSingle() which find no SELinux
seclabel (using virDomainDefGetSecurityLabelDef()) and this
returns early doing nothing.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1751664
Fixes: 8fa0374c5b8e834fcbdeae674cc6cc9e6bf9019f
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/qemu_process.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 3b64caa619..15cf8cb666 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -7702,8 +7702,6 @@ void qemuProcessStop(virQEMUDriverPtr driver,
qemuSecurityRestoreAllLabel(driver, vm,
!!(flags & VIR_QEMU_PROCESS_STOP_MIGRATED));
- qemuSecurityReleaseLabel(driver->securityManager, vm->def);
-
for (i = 0; i < vm->def->ndisks; i++) {
virDomainDeviceDef dev;
virDomainDiskDefPtr disk = vm->def->disks[i];
@@ -7891,6 +7889,8 @@ void qemuProcessStop(virQEMUDriverPtr driver,
}
}
+ qemuSecurityReleaseLabel(driver->securityManager, vm->def);
+
/* clear all private data entries which are no longer needed */
qemuDomainObjPrivateDataClear(priv);
--
2.26.2
3 years, 9 months
[PATCH] schema: Fix TPM version rules
by Michal Privoznik
According to our parser (virDomainTPMDefParseXML()) the version
is an optional attribute and independent of TPM backend type.
Therefore, it's not a choice group, which is what our RNG schema
suggests.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
docs/schemas/domaincommon.rng | 20 ++++++++------------
1 file changed, 8 insertions(+), 12 deletions(-)
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 712fb60562..86816e9b1d 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -4776,18 +4776,14 @@
</optional>
</group>
</choice>
- <choice>
- <group>
- <optional>
- <attribute name="version">
- <choice>
- <value>1.2</value>
- <value>2.0</value>
- </choice>
- </attribute>
- </optional>
- </group>
- </choice>
+ <optional>
+ <attribute name="version">
+ <choice>
+ <value>1.2</value>
+ <value>2.0</value>
+ </choice>
+ </attribute>
+ </optional>
</element>
</define>
--
2.26.2
3 years, 9 months
[libvirt PATCH] qemuDomainChangeNet: Check changed virtio network driver options
by Tim Wiederhake
Changes to a virtio network device such as
<interface type="network">
<model type="virtio"/>
<driver iommu="on" ats="on"/> <!-- this line added -->
...
</interface>
were quietly dismissed by `virsh update-device ... --live`.
Signed-off-by: Tim Wiederhake <twiederh(a)redhat.com>
---
src/qemu/qemu_hotplug.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 57635cd419..c385bde4bf 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -3600,6 +3600,16 @@ qemuDomainChangeNet(virQEMUDriverPtr driver,
goto cleanup;
}
+ if (!!olddev->virtio != !!newdev->virtio ||
+ (!!olddev->virtio && !!newdev->virtio &&
+ (olddev->virtio->iommu != newdev->virtio->iommu ||
+ olddev->virtio->ats != newdev->virtio->ats ||
+ olddev->virtio->packed != newdev->virtio->packed))) {
+ virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
+ _("cannot modify virtio network device driver options"));
+ goto cleanup;
+ }
+
/* data: this union will be examined later, after allocating new actualdev */
/* virtPortProfile: will be examined later, after allocating new actualdev */
--
2.26.2
3 years, 9 months
[PATCH] manpage: virsh: Drop note that 'domrename' doesn't work with snapshots/checkpoints
by Peter Krempa
As of commits 3b1244bffdb and 4770a96c662 renaming of the domain works
also with checkpoints and snapshots. Update the docs.
https://bugzilla.redhat.com/show_bug.cgi?id=1913138
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
docs/manpages/virsh.rst | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
index 4a1500e686..e3afa48f7b 100644
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
@@ -2177,7 +2177,7 @@ domrename
Rename a domain. This command changes current domain name to the new name
specified in the second argument.
-``Note``: Domain must be inactive and without snapshots or checkpoints.
+``Note``: Domain must be inactive.
domstate
--
2.29.2
3 years, 9 months
[PATCH 1/7] conf: Add NFS disk protocol
by Ryan Gahagan
Per Issue 90, Libvirt does not support attaching an NFS disk even though
QEMU has added support for it. This series of patches seeks to implement
this support in Libvirt and begins by adding in flags for an NFS disk.
Signed-off-by: Ryan Gahagan <rgahagan(a)cs.utexas.edu>
---
src/libxl/libxl_conf.c | 1 +
src/libxl/xen_xl.c | 1 +
src/qemu/qemu_block.c | 3 +++
src/qemu/qemu_command.c | 1 +
src/qemu/qemu_domain.c | 2 ++
src/qemu/qemu_snapshot.c | 3 +++
src/util/virstoragefile.c | 6 ++++++
src/util/virstoragefile.h | 1 +
8 files changed, 18 insertions(+)
diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c
index 00748e21e8..6a8ae27f54 100644
--- a/src/libxl/libxl_conf.c
+++ b/src/libxl/libxl_conf.c
@@ -941,6 +941,7 @@ libxlMakeNetworkDiskSrcStr(virStorageSourcePtr src,
case VIR_STORAGE_NET_PROTOCOL_SHEEPDOG:
case VIR_STORAGE_NET_PROTOCOL_SSH:
case VIR_STORAGE_NET_PROTOCOL_VXHS:
+ case VIR_STORAGE_NET_PROTOCOL_NFS:
case VIR_STORAGE_NET_PROTOCOL_LAST:
case VIR_STORAGE_NET_PROTOCOL_NONE:
virReportError(VIR_ERR_NO_SUPPORT,
diff --git a/src/libxl/xen_xl.c b/src/libxl/xen_xl.c
index ba0942601f..17b93d0f5c 100644
--- a/src/libxl/xen_xl.c
+++ b/src/libxl/xen_xl.c
@@ -1600,6 +1600,7 @@ xenFormatXLDiskSrcNet(virStorageSourcePtr src)
case VIR_STORAGE_NET_PROTOCOL_SHEEPDOG:
case VIR_STORAGE_NET_PROTOCOL_SSH:
case VIR_STORAGE_NET_PROTOCOL_VXHS:
+ case VIR_STORAGE_NET_PROTOCOL_NFS:
case VIR_STORAGE_NET_PROTOCOL_LAST:
case VIR_STORAGE_NET_PROTOCOL_NONE:
virReportError(VIR_ERR_NO_SUPPORT,
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index 4640e339c0..b224a550f3 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -1180,6 +1180,7 @@ qemuBlockStorageSourceGetBackendProps(virStorageSourcePtr src,
return NULL;
break;
+ case VIR_STORAGE_NET_PROTOCOL_NFS:
case VIR_STORAGE_NET_PROTOCOL_NONE:
case VIR_STORAGE_NET_PROTOCOL_LAST:
virReportEnumRangeError(virStorageNetProtocol, src->protocol);
@@ -2111,6 +2112,7 @@ qemuBlockGetBackingStoreString(virStorageSourcePtr src,
case VIR_STORAGE_NET_PROTOCOL_SHEEPDOG:
case VIR_STORAGE_NET_PROTOCOL_RBD:
case VIR_STORAGE_NET_PROTOCOL_VXHS:
+ case VIR_STORAGE_NET_PROTOCOL_NFS:
case VIR_STORAGE_NET_PROTOCOL_SSH:
case VIR_STORAGE_NET_PROTOCOL_LAST:
case VIR_STORAGE_NET_PROTOCOL_NONE:
@@ -2502,6 +2504,7 @@ qemuBlockStorageSourceCreateGetStorageProps(virStorageSourcePtr src,
case VIR_STORAGE_NET_PROTOCOL_NBD:
case VIR_STORAGE_NET_PROTOCOL_ISCSI:
case VIR_STORAGE_NET_PROTOCOL_VXHS:
+ case VIR_STORAGE_NET_PROTOCOL_NFS:
case VIR_STORAGE_NET_PROTOCOL_HTTP:
case VIR_STORAGE_NET_PROTOCOL_HTTPS:
case VIR_STORAGE_NET_PROTOCOL_FTP:
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index b06a086e18..c58f39ebf1 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -1044,6 +1044,7 @@ qemuBuildNetworkDriveStr(virStorageSourcePtr src,
_("'ssh' protocol is not yet supported"));
return NULL;
+ case VIR_STORAGE_NET_PROTOCOL_NFS:
case VIR_STORAGE_NET_PROTOCOL_LAST:
case VIR_STORAGE_NET_PROTOCOL_NONE:
virReportError(VIR_ERR_INTERNAL_ERROR,
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index bfb6e23942..d91c32b2c5 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -9630,6 +9630,8 @@ qemuDomainPrepareStorageSourceTLS(virStorageSourcePtr src,
case VIR_STORAGE_NET_PROTOCOL_FTP:
case VIR_STORAGE_NET_PROTOCOL_FTPS:
case VIR_STORAGE_NET_PROTOCOL_TFTP:
+ case VIR_STORAGE_NET_PROTOCOL_NFS:
+ /* Assumed NFS doesn't support TLS (needs Kerberos) */
case VIR_STORAGE_NET_PROTOCOL_SSH:
if (src->haveTLS == VIR_TRISTATE_BOOL_YES) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
diff --git a/src/qemu/qemu_snapshot.c b/src/qemu/qemu_snapshot.c
index 15494c3415..7e89a8839b 100644
--- a/src/qemu/qemu_snapshot.c
+++ b/src/qemu/qemu_snapshot.c
@@ -413,6 +413,7 @@ qemuSnapshotPrepareDiskExternalInactive(virDomainSnapshotDiskDefPtr snapdisk,
case VIR_STORAGE_NET_PROTOCOL_TFTP:
case VIR_STORAGE_NET_PROTOCOL_SSH:
case VIR_STORAGE_NET_PROTOCOL_VXHS:
+ case VIR_STORAGE_NET_PROTOCOL_NFS:
case VIR_STORAGE_NET_PROTOCOL_LAST:
virReportError(VIR_ERR_INTERNAL_ERROR,
_("external inactive snapshots are not supported on "
@@ -501,6 +502,7 @@ qemuSnapshotPrepareDiskExternalActive(virDomainObjPtr vm,
case VIR_STORAGE_NET_PROTOCOL_TFTP:
case VIR_STORAGE_NET_PROTOCOL_SSH:
case VIR_STORAGE_NET_PROTOCOL_VXHS:
+ case VIR_STORAGE_NET_PROTOCOL_NFS:
case VIR_STORAGE_NET_PROTOCOL_LAST:
virReportError(VIR_ERR_INTERNAL_ERROR,
_("external active snapshots are not supported on "
@@ -631,6 +633,7 @@ qemuSnapshotPrepareDiskInternal(virDomainDiskDefPtr disk,
case VIR_STORAGE_NET_PROTOCOL_TFTP:
case VIR_STORAGE_NET_PROTOCOL_SSH:
case VIR_STORAGE_NET_PROTOCOL_VXHS:
+ case VIR_STORAGE_NET_PROTOCOL_NFS:
case VIR_STORAGE_NET_PROTOCOL_LAST:
virReportError(VIR_ERR_INTERNAL_ERROR,
_("internal inactive snapshots are not supported on "
diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c
index fac93118fd..103dade0e7 100644
--- a/src/util/virstoragefile.c
+++ b/src/util/virstoragefile.c
@@ -90,6 +90,7 @@ VIR_ENUM_IMPL(virStorageNetProtocol,
"tftp",
"ssh",
"vxhs",
+ "nfs",
);
VIR_ENUM_IMPL(virStorageNetHostTransport,
@@ -3152,6 +3153,7 @@ virStorageSourceParseBackingColon(virStorageSourcePtr src,
case VIR_STORAGE_NET_PROTOCOL_GLUSTER:
case VIR_STORAGE_NET_PROTOCOL_SSH:
case VIR_STORAGE_NET_PROTOCOL_VXHS:
+ case VIR_STORAGE_NET_PROTOCOL_NFS:
virReportError(VIR_ERR_INTERNAL_ERROR,
_("malformed backing store path for protocol %s"),
protocol);
@@ -4627,6 +4629,10 @@ virStorageSourceNetworkDefaultPort(virStorageNetProtocol protocol)
case VIR_STORAGE_NET_PROTOCOL_VXHS:
return 9999;
+ case VIR_STORAGE_NET_PROTOCOL_NFS:
+ /* Per https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/4/... */
+ return 2049;
+
case VIR_STORAGE_NET_PROTOCOL_LAST:
case VIR_STORAGE_NET_PROTOCOL_NONE:
return 0;
diff --git a/src/util/virstoragefile.h b/src/util/virstoragefile.h
index 87763cf389..c5d5f0233a 100644
--- a/src/util/virstoragefile.h
+++ b/src/util/virstoragefile.h
@@ -135,6 +135,7 @@ typedef enum {
VIR_STORAGE_NET_PROTOCOL_TFTP,
VIR_STORAGE_NET_PROTOCOL_SSH,
VIR_STORAGE_NET_PROTOCOL_VXHS,
+ VIR_STORAGE_NET_PROTOCOL_NFS,
VIR_STORAGE_NET_PROTOCOL_LAST
} virStorageNetProtocol;
--
2.29.2
3 years, 9 months
[libvirt PATCH] qemu: The TSC tolerance interval should be closed
by Jiri Denemark
The kernel refuses to set guest TSC frequency less than a minimum
frequency or greater than maximum frequency (both computed based on the
host TSC frequency). When writing the libvirt code with a reversed logic
(return success when the requested frequency falls within the tolerance
interval) I forgot to include the boundaries.
Fixes: d8e5b4560006590668d4669f54a46b08ec14c1a2
https://bugzilla.redhat.com/show_bug.cgi?id=1839095
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
src/qemu/qemu_process.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index e7421b415f..e9802809a5 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -5403,7 +5403,7 @@ qemuProcessStartValidateTSC(virQEMUDriverPtr driver,
tsc->frequency, virTristateBoolTypeToString(tsc->scaling),
tolerance);
- if (freq > minFreq && freq < maxFreq) {
+ if (freq >= minFreq && freq <= maxFreq) {
VIR_DEBUG("Requested TSC frequency is within tolerance interval");
return 0;
}
--
2.30.0
3 years, 9 months
[libvirt][PATCH v2 0/3] introduce 'restrictive' mode in numatune
by Luyao Zhong
Before this patch set, numatune only has three memory modes:
static, interleave and prefered. These memory policies are
ultimately set by mbind() system call.
Memory policy could be 'hard coded' into the kernel, but none of
above policies fit our requirment under this case. mbind() support
default memory policy, but it requires a NULL nodemask. So obviously
setting allowed memory nodes is cgroups' mission under this case.
So we introduce a new option for mode in numatune named 'restrictive'.
<numatune>
<memory mode="restrictive" nodeset="1-4,^3"/>
<memnode cellid="0" mode="restrictive" nodeset="1"/>
<memnode cellid="2" mode="restrictive" nodeset="2"/>
</numatune>
The config above means we only use cgroups to restrict the allowed
memory nodes and not setting any specific memory policies explicitly.
RFC discussion:
https://www.redhat.com/archives/libvir-list/2020-November/msg01256.html
Regards,
Luyao
Luyao Zhong (3):
docs: add docs for 'restrictive' option for mode in numatune
schema: add 'restrictive' config option for mode in numatune
qemu: add parser and formatter for 'restrictive' mode in numatune
docs/formatdomain.rst | 7 +++-
docs/schemas/domaincommon.rng | 2 +
include/libvirt/libvirt-domain.h | 1 +
src/conf/numa_conf.c | 9 +++++
src/qemu/qemu_command.c | 6 ++-
src/qemu/qemu_process.c | 27 +++++++++++++
src/util/virnuma.c | 3 ++
.../numatune-memnode-invalid-mode.err | 1 +
.../numatune-memnode-invalid-mode.xml | 33 +++++++++++++++
...emnode-restrictive-mode.x86_64-latest.args | 40 +++++++++++++++++++
.../numatune-memnode-restrictive-mode.xml | 33 +++++++++++++++
tests/qemuxml2argvtest.c | 2 +
...memnode-restrictive-mode.x86_64-latest.xml | 40 +++++++++++++++++++
tests/qemuxml2xmltest.c | 1 +
14 files changed, 202 insertions(+), 3 deletions(-)
create mode 100644 tests/qemuxml2argvdata/numatune-memnode-invalid-mode.err
create mode 100644 tests/qemuxml2argvdata/numatune-memnode-invalid-mode.xml
create mode 100644 tests/qemuxml2argvdata/numatune-memnode-restrictive-mode.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/numatune-memnode-restrictive-mode.xml
create mode 100644 tests/qemuxml2xmloutdata/numatune-memnode-restrictive-mode.x86_64-latest.xml
--
2.25.4
3 years, 9 months
[PATCH 0/4] netlink: Extract common code to simplify netlink functions
by Shi Lei
This series makes some minor changes for macros NETLINK_MSG_* and extract
common code to simplify those netlink functions.
Shi Lei (4):
netlink: Remove invalid flags(NLM_F_CREATE and NLM_F_EXCL) for RTM_DELLINK
netlink: Minor changes for macros NETLINK_MSG_[NEST_START|NEST_END|PUT]
netlink: Introduce macro NETLINK_MSG_APPEND to wrap nlmsg_append
netlink: Introduce a helper function to simplify netlink functions
src/util/virnetlink.c | 299 ++++++++++++++++++------------------------
src/util/virnetlink.h | 27 +---
2 files changed, 126 insertions(+), 200 deletions(-)
--
2.25.1
3 years, 9 months
[libvirt PATCH v3 0/8] vmx: Don't error out on missing filename for cdrom
by Martin Kletzander
This is perfectly valid in VMWare and the VM just boots with an empty drive. We
used to just skip the whole drive before, but since we changed how we parse
empty cdrom drives this now results in an error and the user not being able to
even dump the XML. Instead of erroring out, just keep the drive empty.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1903953
v3:
- Fixed the vmware driver
- Bit of a clean-up
- Few more tests
v2:
- Do not report and reset an error, but handle it more nicely.
- https://www.redhat.com/archives/libvir-list/2020-December/msg00846.html
v1:
- https://www.redhat.com/archives/libvir-list/2020-December/msg00840.html
Martin Kletzander (8):
esx: Unindent unnecessary conditional branch
tests: Use g_autofree in testParseVMXFileName
vmx: Make virVMXParseFileName return an integer
tests: Allow testing for parse failures in vmx2xmltest
vmx: Allow missing cdrom image file in virVMXParseFileName
tests: Test vmx files with missing images
esx: Handle missing images in esxParseVMXFileName
vmx: Treat missing cdrom-image as empty drive
src/esx/esx_driver.c | 160 ++++++++++--------
src/vmware/vmware_conf.c | 21 ++-
src/vmware/vmware_conf.h | 10 +-
src/vmware/vmware_driver.c | 6 +-
src/vmx/vmx.c | 27 +--
src/vmx/vmx.h | 5 +-
...x2xml-cdrom-ide-file-missing-datastore.vmx | 6 +
.../vmx2xml-cdrom-ide-file-missing-file.vmx | 6 +
...ml-harddisk-ide-file-missing-datastore.vmx | 6 +
...mx2xml-harddisk-scsi-file-missing-file.vmx | 7 +
tests/vmx2xmltest.c | 67 +++++---
11 files changed, 203 insertions(+), 118 deletions(-)
create mode 100644 tests/vmx2xmldata/vmx2xml-cdrom-ide-file-missing-datastore.vmx
create mode 100644 tests/vmx2xmldata/vmx2xml-cdrom-ide-file-missing-file.vmx
create mode 100644 tests/vmx2xmldata/vmx2xml-harddisk-ide-file-missing-datastore.vmx
create mode 100644 tests/vmx2xmldata/vmx2xml-harddisk-scsi-file-missing-file.vmx
--
2.30.0
3 years, 9 months