[PATCH v4 0/5] Add support for librbd encryption
by Or Ozeri
v4:
- added disk post parse to image creation flow in qemublocktest (since more tests failed after adding engine validation)
- removed symlink changes
- added luks2 and engine documentation
- switched to using enum engine instead of int
- added validation for encryption engine and formats
v3: rebased on master
v2: addressed (hopefully) all of Peter's v1 comments (thanks Peter!)
Or Ozeri (5):
qemu: add disk post parse to qemublocktest
qemu: capablities: Detect presence of 'rbd-encryption' as
QEMU_CAPS_RBD_ENCRYPTION
conf: add encryption engine property
qemu: add librbd encryption engine
conf: add luks2 encryption format
docs/formatstorageencryption.html.in | 23 ++++-
docs/schemas/domainbackup.rng | 7 ++
docs/schemas/storagecommon.rng | 9 ++
src/conf/storage_encryption_conf.c | 29 ++++++-
src/conf/storage_encryption_conf.h | 11 +++
src/qemu/qemu_block.c | 33 ++++++++
src/qemu/qemu_capabilities.c | 2 +
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_domain.c | 61 +++++++++++++-
src/qemu/qemu_domain.h | 3 +
tests/qemublocktest.c | 29 +++----
.../caps_6.1.0.x86_64.xml | 1 +
tests/qemustatusxml2xmldata/upgrade-out.xml | 6 +-
...sk-network-rbd-encryption.x86_64-6.0.0.err | 1 +
...-network-rbd-encryption.x86_64-latest.args | 49 +++++++++++
.../disk-network-rbd-encryption.xml | 75 +++++++++++++++++
tests/qemuxml2argvdata/disk-nvme.xml | 2 +-
.../qemuxml2argvdata/encrypted-disk-usage.xml | 2 +-
tests/qemuxml2argvdata/luks-disks.xml | 4 +-
tests/qemuxml2argvdata/user-aliases.xml | 2 +-
tests/qemuxml2argvtest.c | 2 +
...k-network-rbd-encryption.x86_64-latest.xml | 83 +++++++++++++++++++
.../disk-slices.x86_64-latest.xml | 4 +-
tests/qemuxml2xmloutdata/encrypted-disk.xml | 2 +-
.../luks-disks-source-qcow2.x86_64-latest.xml | 14 ++--
.../qemuxml2xmloutdata/luks-disks-source.xml | 10 +--
tests/qemuxml2xmltest.c | 1 +
27 files changed, 421 insertions(+), 45 deletions(-)
create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-6.0.0.err
create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption.xml
create mode 100644 tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-latest.xml
--
2.25.1
3 years, 5 months
[PATCH 0/5] qemu_monitor_json: Assume existence of some commands
by Michal Privoznik
Just like with QEMU capabilities, we can safely assume existence of some
monitor commands because they were introduced in older than minimal
required version and do not depend on QEMU build arguments.
Michal Prívozník (5):
qemuMonitorJSONGetMigrationParams: Don't return early on
CommandNotFound
qemuMonitorJSONGetDumpGuestMemoryCapability: Don't return early on
CommandNotFound
qemuMonitorJSONGetKVMState: Don't return early on CommandNotFound
qemuMonitorJSONGetMemoryDeviceInfo: Don't return early on
CommandNotFound
qemuMonitorJSONGetMigrationCapabilities: Don't return early on
CommandNotFound
src/qemu/qemu_monitor_json.c | 23 -----------------------
1 file changed, 23 deletions(-)
--
2.32.0
3 years, 5 months
[PATCH v2 0/5] qapi: Add feature flags to enum members
by Markus Armbruster
PATCH 1+2 add feature flags to enum members. Awkward due to an
introspection design mistake; see PATCH 1 for details.
PATCH 3+4 implement policy deprecated-input={reject,crash} for enum
values.
Policy deprecated-output=hide is not implemented, because we can't
hide a value without hiding the entire member, which is almost
certainly more than the requester of this policy bargained for.
Perhaps we want a new policy deprecated-output=hide-or-else-crash to
help us catch unwanted use of deprecated enum values. Perhaps we want
deprecated-output=hide to behave that way together with
deprecated-input=crash. Or even always. Thoughts?
PATCH 5 puts the new feature flags to use. It's RFC because it makes
sense only on top of Vladimir's deprecation of drive-backup. See its
commit message for a reference.
I prefer to commit new features together with a use outside tests/.
PATCH 5 adds such a use, but it's RFC, because it depends on
Vladimir's work. Perhaps another use pops up. I can delay this work
in the hope of a use becoming ready, but the feature flags work I have
in the pipeline will eventually force my hand.
v2:
* Rebased with straightforward conflicts.
* PATCH 1-4: No longer RFC.
* PATCH 1: "Since" information fixed [Eric]. Commit message updated
to reflect feedback.
* PATCH 2: Commit message amended to point out special feature flag
'deprecated' is ignored at this stage.
* PATCH 4: Documentation updated. Commit message tweaked.
Markus Armbruster (5):
qapi: Enable enum member introspection to show more than name
qapi: Add feature flags to enum members
qapi: Move compat policy from QObject to generic visitor
qapi: Implement deprecated-input={reject,crash} for enum values
block: Deprecate transaction type drive-backup
docs/devel/qapi-code-gen.rst | 10 ++++---
qapi/compat.json | 3 +++
qapi/introspect.json | 24 +++++++++++++++--
qapi/transaction.json | 5 +++-
include/qapi/qobject-input-visitor.h | 4 ---
include/qapi/qobject-output-visitor.h | 4 ---
include/qapi/util.h | 6 ++++-
include/qapi/visitor-impl.h | 3 +++
include/qapi/visitor.h | 9 +++++++
qapi/qapi-visit-core.c | 27 ++++++++++++++++---
qapi/qmp-dispatch.c | 4 +--
qapi/qobject-input-visitor.c | 14 +---------
qapi/qobject-output-visitor.c | 14 +---------
scripts/qapi/expr.py | 3 ++-
scripts/qapi/introspect.py | 19 ++++++++++---
scripts/qapi/schema.py | 22 +++++++++++++--
scripts/qapi/types.py | 17 +++++++++++-
tests/qapi-schema/doc-good.json | 5 +++-
tests/qapi-schema/doc-good.out | 3 +++
tests/qapi-schema/doc-good.txt | 3 +++
.../qapi-schema/enum-dict-member-unknown.err | 2 +-
tests/qapi-schema/qapi-schema-test.json | 3 ++-
tests/qapi-schema/qapi-schema-test.out | 1 +
tests/qapi-schema/test-qapi.py | 1 +
24 files changed, 149 insertions(+), 57 deletions(-)
--
2.31.1
3 years, 5 months
[PATCH 0/5] qemu: Prefer -numa cpu over -numa node,cpus=
by Michal Privoznik
I've sent these patches a while ago. Resending them again to resume the
discussion.
https://listman.redhat.com/archives/libvir-list/2020-May/msg01035.html
Michal Prívozník (5):
virCPUDefParseXML: Parse uint using virXPathUInt()
virCPUDefParseXML: Prefer virXMLPropUInt over virXPathUInt
qemuBuildNumaCommandLine: Move vars into loops
qemuBuildNumaCommandLine: Separate out building of CPU list
qemu: Prefer -numa cpu over -numa node,cpus=
src/conf/cpu_conf.c | 45 ++----
src/qemu/qemu_command.c | 151 ++++++++++++++++--
.../hugepages-nvdimm.x86_64-latest.args | 4 +-
...memory-default-hugepage.x86_64-latest.args | 10 +-
.../memfd-memory-numa.x86_64-latest.args | 10 +-
...y-hotplug-nvdimm-access.x86_64-latest.args | 4 +-
...ory-hotplug-nvdimm-align.x86_64-5.2.0.args | 4 +-
...ry-hotplug-nvdimm-align.x86_64-latest.args | 4 +-
...ory-hotplug-nvdimm-label.x86_64-5.2.0.args | 4 +-
...ry-hotplug-nvdimm-label.x86_64-latest.args | 4 +-
...mory-hotplug-nvdimm-pmem.x86_64-5.2.0.args | 4 +-
...ory-hotplug-nvdimm-pmem.x86_64-latest.args | 4 +-
...-hotplug-nvdimm-readonly.x86_64-5.2.0.args | 4 +-
...hotplug-nvdimm-readonly.x86_64-latest.args | 4 +-
.../memory-hotplug-nvdimm.x86_64-latest.args | 4 +-
...mory-hotplug-virtio-pmem.x86_64-5.2.0.args | 4 +-
...ory-hotplug-virtio-pmem.x86_64-latest.args | 4 +-
.../numatune-hmat.x86_64-latest.args | 18 ++-
...emnode-restrictive-mode.x86_64-latest.args | 38 ++++-
.../numatune-memnode.x86_64-5.2.0.args | 38 ++++-
.../numatune-memnode.x86_64-latest.args | 38 ++++-
...vhost-user-fs-fd-memory.x86_64-latest.args | 4 +-
...vhost-user-fs-hugepages.x86_64-latest.args | 4 +-
...host-user-gpu-secondary.x86_64-latest.args | 3 +-
.../vhost-user-vga.x86_64-latest.args | 3 +-
25 files changed, 338 insertions(+), 76 deletions(-)
--
2.32.0
3 years, 5 months
[RFC PATCH 00/10] VirtioNet RSS support
by Andrew Melnychenko
This series of patches add RSS property support for virtio-net-pci.
Virtio RSS effectively works with TAP devices, it requires additional
vectors for VirtioNet, queues for TAP device, and vCPU cores.
Example of device configuration:
```
<interface type="network">
<mac address="52:54:00:c4:90:25"/>
<source network="default"/>
<model type="virtio"/>
<driver name="qemu" queues="9" rss="on" rss_hash_report="off"/>
<address type="pci" domain="0x0000" bus="0x01" slot="0x00" function="0x0"/>
</interface>
```
Capability "rss" enables RSS, "rss_hash_report" - enables hashes in vheader.
Qemu uses eBPF program as RSS driver.
For loading RSS eBPF program, the helper is used.
Path to the helper is provided by Qemu through "query-helper-paths" qmp command.
The helper "qemu-ebpf-rss-helper" is built with Qemu and may differ from build to build.
So it's required that the Qemu should provide a proper helper path.
Libvirt would call the helper and receive the program and map fd through unix socket.
Fds would be passed to Qemu in "ebpf_rss_fds" property by passing to child process or unix socket.
If libvirt would fail at helper call or Qemu didn't provide the path,
the Qemu would be launched without "ebpf_rss_fds" property.
Without "ebpf_rss_fds" property, Qemu would try to load eBPF program by
itself - usually, it would require additional system permissions.
Qemu may use "in-qemu" RSS as a fallback option, which will not require system
permissions, but doesn't work with vhost TAP.
Qemu patches: https://lists.nongnu.org/archive/html/qemu-devel/2021-07/msg03535.html
Andrew Melnychenko (10):
domain_conf: Added configs for RSS and Hash report.
qemu_capabilities: Added capabilites for qemu's "rss" and "hash".
qemu_command: Added "rss" and "hash" properties.
virsocket: Added receive for multiple fds.
qemu_capabilities: Added capability for qemu's "ebpf_rss_fds".
qemu_capabilities: Added capability for ebpf helper path.
qemu_interface: Added ebpf helper call.
qemu_command: Added ebpf RSS helper call for NIC creation.
qemu_hotplug: Added helper call for hotplug NIC.
docs: Added descriptions for "rss" and "rss_hash_report"
configurations.
docs/formatdomain.rst | 16 +++++++
src/conf/domain_conf.c | 31 +++++++++++++-
src/conf/domain_conf.h | 2 +
src/libvirt_private.syms | 1 +
src/qemu/qemu_capabilities.c | 48 +++++++++++++++++++++
src/qemu/qemu_capabilities.h | 5 +++
src/qemu/qemu_command.c | 46 +++++++++++++++++++-
src/qemu/qemu_command.h | 2 +
src/qemu/qemu_hotplug.c | 30 ++++++++++++-
src/qemu/qemu_interface.c | 54 +++++++++++++++++++++++
src/qemu/qemu_interface.h | 2 +
src/qemu/qemu_monitor.c | 9 ++++
src/qemu/qemu_monitor.h | 3 ++
src/qemu/qemu_monitor_json.c | 50 ++++++++++++++++++++++
src/qemu/qemu_monitor_json.h | 3 ++
src/qemu/qemu_validate.c | 16 +++++++
src/util/virsocket.c | 83 ++++++++++++++++++++++++++++++++++++
src/util/virsocket.h | 2 +
18 files changed, 399 insertions(+), 4 deletions(-)
--
2.31.1
3 years, 5 months
[PATCH] acpi/hotplug: Fix error message format to conform to spec
by Ani Sinha
Error messages must conform to spec as specified here:
https://www.libvirt.org/coding-style.html#error-message-format
This change encloses format specifiers in quotes and unbreaks error messages.
Fixes: 8eadf82fb5 ("conf: introduce option to enable/disable pci hotplug on pci-root controller")
Fixes: 7300ccc9b3 ("conf: introduce support for acpi-bridge-hotplug feature")
Signed-off-by: Ani Sinha <ani(a)anisinha.ca>
---
src/conf/domain_conf.c | 6 ++----
src/qemu/qemu_validate.c | 6 +++---
.../pc-i440fx-acpi-root-hotplug-disable.x86_64-5.1.0.err | 2 +-
.../pc-i440fx-acpi-root-hotplug-enable.x86_64-5.1.0.err | 2 +-
4 files changed, 7 insertions(+), 9 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 6fcf86ba58..d5de07d13d 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -17557,8 +17557,7 @@ virDomainFeaturesPCIDefParse(virDomainDef *def,
feature = virDomainPCITypeFromString((const char *)node->name);
if (feature < 0) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
- _("unsupported PCI feature: %s"),
- node->name);
+ _("unsupported PCI feature: '%s'"), node->name);
return -1;
}
@@ -21833,8 +21832,7 @@ virDomainDefFeaturesCheckABIStability(virDomainDef *src,
case VIR_DOMAIN_PCI_ACPI_BRIDGE_HOTPLUG:
if (src->pci_features[i] != dst->pci_features[i]) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
- _("State of PCI feature '%s' differs: "
- "source: '%s', destination: '%s'"),
+ _("State of PCI feature '%s' differs: source: '%s', destination: '%s'"),
virDomainPCITypeToString(i),
virTristateSwitchTypeToString(src->pci_features[i]),
virTristateSwitchTypeToString(dst->pci_features[i]));
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index 3045e4b64b..f93b697265 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -3947,7 +3947,7 @@ qemuValidateDomainDeviceDefControllerPCI(const virDomainControllerDef *cont,
case VIR_DOMAIN_CONTROLLER_MODEL_PCI_ROOT:
if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_PIIX4_ACPI_ROOT_PCI_HOTPLUG)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
- _("setting the %s property on a '%s' device is not supported by this QEMU binary"),
+ _("setting the '%s' property on a '%s' device is not supported by this QEMU binary"),
"hotplug", "pci-root");
return -1;
}
@@ -3956,8 +3956,8 @@ qemuValidateDomainDeviceDefControllerPCI(const virDomainControllerDef *cont,
case VIR_DOMAIN_CONTROLLER_MODEL_PCIE_SWITCH_DOWNSTREAM_PORT:
if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_PCIE_ROOT_PORT_HOTPLUG)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
- _("setting the hotplug property on a '%s' device is not supported by this QEMU binary"),
- modelName);
+ _("setting the '%s' property on a '%s' device is not supported by this QEMU binary"),
+ "hotplug", modelName);
return -1;
}
break;
diff --git a/tests/qemuxml2argvdata/pc-i440fx-acpi-root-hotplug-disable.x86_64-5.1.0.err b/tests/qemuxml2argvdata/pc-i440fx-acpi-root-hotplug-disable.x86_64-5.1.0.err
index b507f1f8bc..55ec41c476 100644
--- a/tests/qemuxml2argvdata/pc-i440fx-acpi-root-hotplug-disable.x86_64-5.1.0.err
+++ b/tests/qemuxml2argvdata/pc-i440fx-acpi-root-hotplug-disable.x86_64-5.1.0.err
@@ -1 +1 @@
-unsupported configuration: setting the hotplug property on a 'pci-root' device is not supported by this QEMU binary
+unsupported configuration: setting the 'hotplug' property on a 'pci-root' device is not supported by this QEMU binary
diff --git a/tests/qemuxml2argvdata/pc-i440fx-acpi-root-hotplug-enable.x86_64-5.1.0.err b/tests/qemuxml2argvdata/pc-i440fx-acpi-root-hotplug-enable.x86_64-5.1.0.err
index b507f1f8bc..55ec41c476 100644
--- a/tests/qemuxml2argvdata/pc-i440fx-acpi-root-hotplug-enable.x86_64-5.1.0.err
+++ b/tests/qemuxml2argvdata/pc-i440fx-acpi-root-hotplug-enable.x86_64-5.1.0.err
@@ -1 +1 @@
-unsupported configuration: setting the hotplug property on a 'pci-root' device is not supported by this QEMU binary
+unsupported configuration: setting the 'hotplug' property on a 'pci-root' device is not supported by this QEMU binary
--
2.25.1
3 years, 5 months
[libvirt PATCH v2 00/22] qemu: Implement virtio-iommu support
by Andrea Bolognani
The first patch adds QEMU replies and as such has been aggressively
snipped to deal with mailing list message size limits. Grab the
unabriged version with
$ git fetch https://gitlab.com/abologna/libvirt.git virtio-iommu
As noted in patch 10, the QEMU feature this series enables has not
yet been accepted upstream: the relevant patches are
https://lists.gnu.org/archive/html/qemu-devel/2021-10/msg00161.html
https://lists.gnu.org/archive/html/qemu-devel/2021-09/msg07819.html
and of course this series should only be merged once those have gone
in.
That said, patches 1-6 are necessary to implement the feature but
also not strictly related to it, so they could be merged right away.
Changes from [v1]:
* rebased after Peter's recent changes enabling JSON for -device.
[v1] https://listman.redhat.com/archives/libvir-list/2021-October/msg00459.html
Andrea Bolognani (22):
tests: Add replies for QEMU 6.2.0 on aarch64
conf: Make virDomainDeviceInfoFormat() const correct
qemu: Make qemuBuildDeviceAddressProps() const correct
qemu: Make qemuBuildVirtioDevProps() const correct
conf: Add IOMMU support to virDomainDeviceDefCopy()
conf: Add new/free functions for virDomainIOMMUDef
conf: Introduce VIR_PCI_CONNECT_INTEGRATED
qemu: Tweak some code
qemu: Introduce QEMU_CAPS_DEVICE_VIRTIO_IOMMU_PCI
DONOTMERGEYET: qemu: Introduce QEMU_CAPS_VIRTIO_IOMMU_BOOT_BYPASS
conf: Introduce virtio model for <iommu>
tests: Add test cases for virtio-iommu
qemu: Validate machine type used with virtio-iommu
qemu: Validate capabilities for virtio-iommu
qemu: Validate use of ACPI with virtio-iommu
conf: Add virDomainDeviceInfo to virDomainIOMMUDef
qemu: Assign PCI address to virtio-iommu
qemu: Validate address type for virtio-iommu
tests: Add test for virtio-iommu address
qemu: Generate command line for virtio-iommu
docs: Document virtio-iommu
news: Document virtio-iommu
NEWS.rst | 4 +
docs/formatdomain.rst | 5 +-
docs/schemas/domaincommon.rng | 64 +-
src/conf/domain_addr.c | 21 +-
src/conf/domain_addr.h | 30 +-
src/conf/domain_conf.c | 74 +-
src/conf/domain_conf.h | 5 +
src/qemu/qemu_capabilities.c | 10 +
src/qemu/qemu_capabilities.h | 2 +
src/qemu/qemu_command.c | 52 +-
src/qemu/qemu_domain_address.c | 33 +-
src/qemu/qemu_validate.c | 32 +
.../qemu_6.2.0-virt.aarch64.xml | 184 +
tests/domaincapsdata/qemu_6.2.0.aarch64.xml | 178 +
.../caps_5.0.0.aarch64.replies | 71 +-
.../caps_5.0.0.aarch64.xml | 1 +
.../caps_5.0.0.ppc64.replies | 59 +-
.../qemucapabilitiesdata/caps_5.0.0.ppc64.xml | 1 +
.../caps_5.0.0.riscv64.replies | 55 +-
.../caps_5.0.0.riscv64.xml | 1 +
.../caps_5.0.0.x86_64.replies | 71 +-
.../caps_5.0.0.x86_64.xml | 1 +
.../caps_5.1.0.x86_64.replies | 71 +-
.../caps_5.1.0.x86_64.xml | 1 +
.../caps_5.2.0.aarch64.replies | 71 +-
.../caps_5.2.0.aarch64.xml | 1 +
.../caps_5.2.0.ppc64.replies | 59 +-
.../qemucapabilitiesdata/caps_5.2.0.ppc64.xml | 1 +
.../caps_5.2.0.riscv64.replies | 55 +-
.../caps_5.2.0.riscv64.xml | 1 +
.../caps_5.2.0.s390x.replies | 59 +-
.../qemucapabilitiesdata/caps_5.2.0.s390x.xml | 1 +
.../caps_5.2.0.x86_64.replies | 71 +-
.../caps_5.2.0.x86_64.xml | 1 +
.../caps_6.0.0.aarch64.replies | 71 +-
.../caps_6.0.0.aarch64.xml | 1 +
.../caps_6.0.0.s390x.replies | 59 +-
.../qemucapabilitiesdata/caps_6.0.0.s390x.xml | 1 +
.../caps_6.0.0.x86_64.replies | 71 +-
.../caps_6.0.0.x86_64.xml | 1 +
.../caps_6.1.0.x86_64.replies | 71 +-
.../caps_6.1.0.x86_64.xml | 1 +
...h64.replies => caps_6.2.0.aarch64.replies} | 5594 ++++++++++-------
...0.0.aarch64.xml => caps_6.2.0.aarch64.xml} | 58 +-
.../caps_6.2.0.x86_64.replies | 275 +-
.../caps_6.2.0.x86_64.xml | 2 +
...fault-cpu-kvm-virt-4.2.aarch64-latest.args | 6 +-
...fault-cpu-tcg-virt-4.2.aarch64-latest.args | 6 +-
.../aarch64-tpm.aarch64-latest.args | 2 +-
.../aarch64-virt-graphics.aarch64-latest.args | 36 +-
.../aarch64-virt-headless.aarch64-latest.args | 28 +-
...ult-video-type-aarch64.aarch64-latest.args | 6 +-
.../disk-arm-virtio-sd.aarch64-latest.args | 2 +-
...e-expander-bus-aarch64.aarch64-latest.args | 2 +-
... virtio-iommu-aarch64.aarch64-latest.args} | 17 +-
.../qemuxml2argvdata/virtio-iommu-aarch64.xml | 20 +
...mmu-invalid-address-type.x86_64-latest.err | 1 +
.../virtio-iommu-invalid-address-type.xml | 20 +
...io-iommu-invalid-address.x86_64-latest.err | 1 +
.../virtio-iommu-invalid-address.xml | 20 +
.../virtio-iommu-no-acpi.x86_64-latest.err | 1 +
.../qemuxml2argvdata/virtio-iommu-no-acpi.xml | 15 +
...rtio-iommu-wrong-machine.x86_64-latest.err | 1 +
.../virtio-iommu-wrong-machine.xml | 18 +
.../virtio-iommu-x86_64.x86_64-6.1.0.err | 1 +
.../virtio-iommu-x86_64.x86_64-latest.args | 31 +
.../qemuxml2argvdata/virtio-iommu-x86_64.xml | 18 +
tests/qemuxml2argvtest.c | 7 +
.../virtio-iommu-aarch64.aarch64-latest.xml | 34 +
.../virtio-iommu-x86_64.x86_64-latest.xml | 36 +
tests/qemuxml2xmltest.c | 2 +
71 files changed, 5278 insertions(+), 2604 deletions(-)
create mode 100644 tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml
create mode 100644 tests/domaincapsdata/qemu_6.2.0.aarch64.xml
copy tests/qemucapabilitiesdata/{caps_6.0.0.aarch64.replies => caps_6.2.0.aarch64.replies} (92%)
copy tests/qemucapabilitiesdata/{caps_6.0.0.aarch64.xml => caps_6.2.0.aarch64.xml} (92%)
copy tests/qemuxml2argvdata/{aarch64-default-cpu-tcg-virt-4.2.aarch64-latest.args => virtio-iommu-aarch64.aarch64-latest.args} (54%)
create mode 100644 tests/qemuxml2argvdata/virtio-iommu-aarch64.xml
create mode 100644 tests/qemuxml2argvdata/virtio-iommu-invalid-address-type.x86_64-latest.err
create mode 100644 tests/qemuxml2argvdata/virtio-iommu-invalid-address-type.xml
create mode 100644 tests/qemuxml2argvdata/virtio-iommu-invalid-address.x86_64-latest.err
create mode 100644 tests/qemuxml2argvdata/virtio-iommu-invalid-address.xml
create mode 100644 tests/qemuxml2argvdata/virtio-iommu-no-acpi.x86_64-latest.err
create mode 100644 tests/qemuxml2argvdata/virtio-iommu-no-acpi.xml
create mode 100644 tests/qemuxml2argvdata/virtio-iommu-wrong-machine.x86_64-latest.err
create mode 100644 tests/qemuxml2argvdata/virtio-iommu-wrong-machine.xml
create mode 100644 tests/qemuxml2argvdata/virtio-iommu-x86_64.x86_64-6.1.0.err
create mode 100644 tests/qemuxml2argvdata/virtio-iommu-x86_64.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/virtio-iommu-x86_64.xml
create mode 100644 tests/qemuxml2xmloutdata/virtio-iommu-aarch64.aarch64-latest.xml
create mode 100644 tests/qemuxml2xmloutdata/virtio-iommu-x86_64.x86_64-latest.xml
--
2.31.1
3 years, 5 months
[PATCH v5] qemu: tpm: Run swtpm_setup --create-config-files in session mode
by Stefan Berger
Using swtpm v0.7.0 we can run swtpm_setup to create default config files
for swtpm_setup and swtpm-localca in session mode. Now a user can start
a VM with an attached TPM without having to run this program on the
command line before. This program needs to run once.
This patch addresses the issue raised in
https://bugzilla.redhat.com/show_bug.cgi?id=2010649
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
v5:
- Address Daniel's comments on v4
- Pass swtpm_setup to function since it's already been looked up
v4:
- Append stderr output to virReportError if swtpm_setup fails
v3:
- Removed logfile parameter
v2:
- fixed return code if swtpm_setup doesn't support the option
---
src/qemu/qemu_tpm.c | 40 ++++++++++++++++++++++++++++++++++++++++
src/util/virtpm.c | 1 +
src/util/virtpm.h | 1 +
3 files changed, 42 insertions(+)
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index 100481503c..e1b08a66c5 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -385,6 +385,43 @@ qemuTPMSetupEncryption(const unsigned char *secretuuid,
return virCommandSetSendBuffer(cmd, g_steal_pointer(&secret), secret_len);
}
+
+/*
+ * qemuTPMCreateConfigFiles: run swtpm_setup --create-config-files skip-if-exist
+ */
+static int
+qemuTPMCreateConfigFiles(const char *swtpm_setup)
+{
+ g_autoptr(virCommand) cmd = NULL;
+ g_autofree char *errbuf = NULL;
+ int exitstatus;
+
+ if (!virTPMSwtpmSetupCapsGet(
+ VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_CREATE_CONFIG_FILES))
+ return 0;
+
+ cmd = virCommandNew(swtpm_setup);
+ if (!cmd)
+ return -1;
+
+ virCommandAddArgList(cmd, "--create-config-files", "skip-if-exist", NULL);
+ virCommandClearCaps(cmd);
+ virCommandSetErrorBuffer(cmd, &errbuf);
+
+ if (virCommandRun(cmd, &exitstatus) < 0)
+ return -1;
+ if (exitstatus != 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Could not run '%s' to create config files. "
+ "exitstatus: %d;\nError: %s"),
+ swtpm_setup, exitstatus, errbuf);
+ return -1;
+ }
+
+ return 0;
+}
+
+
/*
* qemuTPMEmulatorRunSetup
*
@@ -432,6 +469,9 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
"this requires privileged mode for a "
"TPM 1.2\n"), 0600);
+ if (!privileged && qemuTPMCreateConfigFiles(swtpm_setup) < 0)
+ return -1;
+
cmd = virCommandNew(swtpm_setup);
if (!cmd)
return -1;
diff --git a/src/util/virtpm.c b/src/util/virtpm.c
index 1a567139b4..0f50de866c 100644
--- a/src/util/virtpm.c
+++ b/src/util/virtpm.c
@@ -45,6 +45,7 @@ VIR_ENUM_IMPL(virTPMSwtpmFeature,
VIR_ENUM_IMPL(virTPMSwtpmSetupFeature,
VIR_TPM_SWTPM_SETUP_FEATURE_LAST,
"cmdarg-pwdfile-fd",
+ "cmdarg-create-config-files",
);
/**
diff --git a/src/util/virtpm.h b/src/util/virtpm.h
index d021a083b4..3bb03b3b33 100644
--- a/src/util/virtpm.h
+++ b/src/util/virtpm.h
@@ -38,6 +38,7 @@ typedef enum {
typedef enum {
VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PWDFILE_FD,
+ VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_CREATE_CONFIG_FILES,
VIR_TPM_SWTPM_SETUP_FEATURE_LAST
} virTPMSwtpmSetupFeature;
--
2.31.1
3 years, 5 months
[libvirt PATCH] Switch to new GitHub repo-lockdown configuration
by Daniel P. Berrangé
The repo-lockdown service used to run as a bot outside GitHub, but has
now switched to using the GitHub Actions workflow framework. This
requires use of a new configuration file.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
.github/lockdown.yml | 38 -------------------------
.github/workflows/lockdown.yml | 51 ++++++++++++++++++++++++++++++++++
2 files changed, 51 insertions(+), 38 deletions(-)
delete mode 100644 .github/lockdown.yml
create mode 100644 .github/workflows/lockdown.yml
diff --git a/.github/lockdown.yml b/.github/lockdown.yml
deleted file mode 100644
index 7601a2a156..0000000000
--- a/.github/lockdown.yml
+++ /dev/null
@@ -1,38 +0,0 @@
-# Configuration for Repo Lockdown - https://github.com/dessant/repo-lockdown
-
-skipCreatedBefore: 2020-01-01
-
-# Close issues and pull requests
-close: true
-
-# Lock issues and pull requests
-lock: true
-
-# Optionally, specify configuration settings just for `issues` or `pulls`
-issues:
- comment: |
- Thank you for your interest in the libvirt project.
-
- Since this repository is a read-only mirror of the project's master repostory hosted on GitLab, issues opened here are not processed.
-
- We kindly request that new issues are reported to
-
- https://gitlab.com/libvirt/libvirt/-/issues/new
-
- Thank you for your time and understanding.
-
-pulls:
- comment: |
- Thank you for your interest in the libvirt project.
-
- Since this repository is a read-only mirror of the project's master repostory hosted on GitLab, merge requests opened here are not processed.
-
- We kindly request that contributors fork the project at
-
- https://gitlab.com/libvirt/libvirt/
-
- push changes to the fork, and then open a new merge request at
-
- https://gitlab.com/libvirt/libvirt/-/merge_requests/new
-
- Thank you for your time and understanding.
diff --git a/.github/workflows/lockdown.yml b/.github/workflows/lockdown.yml
new file mode 100644
index 0000000000..f7646d9bde
--- /dev/null
+++ b/.github/workflows/lockdown.yml
@@ -0,0 +1,51 @@
+---
+# Configuration for Repo Lockdown - https://github.com/dessant/repo-lockdown
+
+name: 'Repo Lockdown'
+
+on:
+ issues:
+ types: opened
+ pull_request_target:
+ types: opened
+
+permissions:
+ pull-requests: write
+
+jobs:
+ action:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: dessant/repo-lockdown@v2
+ with:
+ issue-comment: |
+ Thank you for your interest in the libvirt project.
+
+ Since this repository is a read-only mirror of the project's master
+ repostory hosted on GitLab, issues opened here are not processed.
+
+ We kindly request that new issues are reported to
+
+ https://gitlab.com/libvirt/libvirt/-/issues/new
+
+ Thank you for your time and understanding.
+ lock-issue: true
+ close-issue: true
+ pr-comment: |
+ Thank you for your interest in the libvirt project.
+
+ Since this repository is a read-only mirror of the project's master
+ repostory hosted on GitLab, merge requests opened here are not
+ processed.
+
+ We kindly request that contributors fork the project at
+
+ https://gitlab.com/libvirt/libvirt/
+
+ push changes to the fork, and then open a new merge request at
+
+ https://gitlab.com/libvirt/libvirt/-/merge_requests/new
+
+ Thank you for your time and understanding.
+ lock-pr: true
+ close-pr: true
--
2.31.1
3 years, 5 months
[libvirt PATCH] ci: switch all non-released distros to be non-gating
by Daniel P. Berrangé
The non-released distros have reasonably frequent package installation
failures that can last for days at a time. This makes them unsuitable
for use as gating CI jobs.
This ensures all of the jobs in Debian Sid, Fedora Rawhide, openSUSE
Tumbleweed and FreeBSD Current are marked "allow-failure: true".
This means the jobs still run, but any failure will not be considered
fatal to the pipeline.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
ci/gitlab.yml | 20 ++++++++++----------
ci/manifest.yml | 6 ++++++
2 files changed, 16 insertions(+), 10 deletions(-)
diff --git a/ci/gitlab.yml b/ci/gitlab.yml
index 0678cb7ba0..cbe7d0f9e9 100644
--- a/ci/gitlab.yml
+++ b/ci/gitlab.yml
@@ -109,7 +109,7 @@ x86_64-debian-11-container:
x86_64-debian-sid-container:
extends: .container_job
- allow_failure: false
+ allow_failure: true
variables:
NAME: debian-sid
@@ -144,7 +144,7 @@ x86_64-opensuse-leap-152-container:
x86_64-opensuse-tumbleweed-container:
extends: .container_job
- allow_failure: false
+ allow_failure: true
variables:
NAME: opensuse-tumbleweed
@@ -287,7 +287,7 @@ s390x-debian-11-container:
aarch64-debian-sid-container:
extends: .container_job
- allow_failure: false
+ allow_failure: true
variables:
NAME: debian-sid-cross-aarch64
@@ -308,7 +308,7 @@ armv7l-debian-sid-container:
i686-debian-sid-container:
extends: .container_job
- allow_failure: false
+ allow_failure: true
variables:
NAME: debian-sid-cross-i686
@@ -336,7 +336,7 @@ ppc64le-debian-sid-container:
s390x-debian-sid-container:
extends: .container_job
- allow_failure: false
+ allow_failure: true
variables:
NAME: debian-sid-cross-s390x
@@ -419,7 +419,7 @@ x86_64-debian-sid:
extends: .native_build_job
needs:
- x86_64-debian-sid-container
- allow_failure: false
+ allow_failure: true
variables:
NAME: debian-sid
@@ -476,7 +476,7 @@ x86_64-opensuse-tumbleweed:
extends: .native_build_job
needs:
- x86_64-opensuse-tumbleweed-container
- allow_failure: false
+ allow_failure: true
variables:
NAME: opensuse-tumbleweed
RPM: skip
@@ -582,7 +582,7 @@ aarch64-debian-sid:
extends: .cross_build_job
needs:
- aarch64-debian-sid-container
- allow_failure: false
+ allow_failure: true
variables:
NAME: debian-sid
CROSS: aarch64
@@ -592,7 +592,7 @@ i686-debian-sid:
extends: .cross_build_job
needs:
- i686-debian-sid-container
- allow_failure: false
+ allow_failure: true
variables:
NAME: debian-sid
CROSS: i686
@@ -602,7 +602,7 @@ s390x-debian-sid:
extends: .cross_build_job
needs:
- s390x-debian-sid-container
- allow_failure: false
+ allow_failure: true
variables:
NAME: debian-sid
CROSS: s390x
diff --git a/ci/manifest.yml b/ci/manifest.yml
index 878c4773a3..49d5fe7064 100644
--- a/ci/manifest.yml
+++ b/ci/manifest.yml
@@ -94,8 +94,10 @@ targets:
debian-sid:
jobs:
- arch: x86_64
+ allow-failure: true
- arch: aarch64
+ allow-failure: true
- arch: armv6l
allow-failure: true
@@ -106,6 +108,7 @@ targets:
builds: false
- arch: i686
+ allow-failure: true
- arch: mips64el
allow-failure: true
@@ -120,6 +123,7 @@ targets:
builds: false
- arch: s390x
+ allow-failure: true
fedora-33: x86_64
@@ -150,6 +154,7 @@ targets:
freebsd-current:
jobs:
- arch: x86_64
+ allow-failure: true
builds: False
opensuse-leap-152:
@@ -161,6 +166,7 @@ targets:
opensuse-tumbleweed:
jobs:
- arch: x86_64
+ allow-failure: true
variables:
RPM: skip
--
2.31.1
3 years, 5 months