October 2021 - Devel - libvirt List Archives

[PATCH v4 0/5] Add support for librbd encryption
by Or Ozeri 21 Oct '21

21 Oct '21

v4: - added disk post parse to image creation flow in qemublocktest (since more tests failed after adding engine validation) - removed symlink changes - added luks2 and engine documentation - switched to using enum engine instead of int - added validation for encryption engine and formats v3: rebased on master v2: addressed (hopefully) all of Peter's v1 comments (thanks Peter!) Or Ozeri (5): qemu: add disk post parse to qemublocktest qemu: capablities: Detect presence of 'rbd-encryption' as QEMU_CAPS_RBD_ENCRYPTION conf: add encryption engine property qemu: add librbd encryption engine conf: add luks2 encryption format docs/formatstorageencryption.html.in | 23 ++++- docs/schemas/domainbackup.rng | 7 ++ docs/schemas/storagecommon.rng | 9 ++ src/conf/storage_encryption_conf.c | 29 ++++++- src/conf/storage_encryption_conf.h | 11 +++ src/qemu/qemu_block.c | 33 ++++++++ src/qemu/qemu_capabilities.c | 2 + src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_domain.c | 61 +++++++++++++- src/qemu/qemu_domain.h | 3 + tests/qemublocktest.c | 29 +++---- .../caps_6.1.0.x86_64.xml | 1 + tests/qemustatusxml2xmldata/upgrade-out.xml | 6 +- ...sk-network-rbd-encryption.x86_64-6.0.0.err | 1 + ...-network-rbd-encryption.x86_64-latest.args | 49 +++++++++++ .../disk-network-rbd-encryption.xml | 75 +++++++++++++++++ tests/qemuxml2argvdata/disk-nvme.xml | 2 +- .../qemuxml2argvdata/encrypted-disk-usage.xml | 2 +- tests/qemuxml2argvdata/luks-disks.xml | 4 +- tests/qemuxml2argvdata/user-aliases.xml | 2 +- tests/qemuxml2argvtest.c | 2 + ...k-network-rbd-encryption.x86_64-latest.xml | 83 +++++++++++++++++++ .../disk-slices.x86_64-latest.xml | 4 +- tests/qemuxml2xmloutdata/encrypted-disk.xml | 2 +- .../luks-disks-source-qcow2.x86_64-latest.xml | 14 ++-- .../qemuxml2xmloutdata/luks-disks-source.xml | 10 +-- tests/qemuxml2xmltest.c | 1 + 27 files changed, 421 insertions(+), 45 deletions(-) create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-6.0.0.err create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption.xml create mode 100644 tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-latest.xml -- 2.25.1

3 14

[PATCH 0/5] qemu_monitor_json: Assume existence of some commands
by Michal Privoznik 21 Oct '21

21 Oct '21

Just like with QEMU capabilities, we can safely assume existence of some monitor commands because they were introduced in older than minimal required version and do not depend on QEMU build arguments. Michal Prívozník (5): qemuMonitorJSONGetMigrationParams: Don't return early on CommandNotFound qemuMonitorJSONGetDumpGuestMemoryCapability: Don't return early on CommandNotFound qemuMonitorJSONGetKVMState: Don't return early on CommandNotFound qemuMonitorJSONGetMemoryDeviceInfo: Don't return early on CommandNotFound qemuMonitorJSONGetMigrationCapabilities: Don't return early on CommandNotFound src/qemu/qemu_monitor_json.c | 23 ----------------------- 1 file changed, 23 deletions(-) -- 2.32.0

2 1

[PATCH v2 0/5] qapi: Add feature flags to enum members
by Markus Armbruster 21 Oct '21

21 Oct '21

PATCH 1+2 add feature flags to enum members. Awkward due to an introspection design mistake; see PATCH 1 for details. PATCH 3+4 implement policy deprecated-input={reject,crash} for enum values. Policy deprecated-output=hide is not implemented, because we can't hide a value without hiding the entire member, which is almost certainly more than the requester of this policy bargained for. Perhaps we want a new policy deprecated-output=hide-or-else-crash to help us catch unwanted use of deprecated enum values. Perhaps we want deprecated-output=hide to behave that way together with deprecated-input=crash. Or even always. Thoughts? PATCH 5 puts the new feature flags to use. It's RFC because it makes sense only on top of Vladimir's deprecation of drive-backup. See its commit message for a reference. I prefer to commit new features together with a use outside tests/. PATCH 5 adds such a use, but it's RFC, because it depends on Vladimir's work. Perhaps another use pops up. I can delay this work in the hope of a use becoming ready, but the feature flags work I have in the pipeline will eventually force my hand. v2: * Rebased with straightforward conflicts. * PATCH 1-4: No longer RFC. * PATCH 1: "Since" information fixed [Eric]. Commit message updated to reflect feedback. * PATCH 2: Commit message amended to point out special feature flag 'deprecated' is ignored at this stage. * PATCH 4: Documentation updated. Commit message tweaked. Markus Armbruster (5): qapi: Enable enum member introspection to show more than name qapi: Add feature flags to enum members qapi: Move compat policy from QObject to generic visitor qapi: Implement deprecated-input={reject,crash} for enum values block: Deprecate transaction type drive-backup docs/devel/qapi-code-gen.rst | 10 ++++--- qapi/compat.json | 3 +++ qapi/introspect.json | 24 +++++++++++++++-- qapi/transaction.json | 5 +++- include/qapi/qobject-input-visitor.h | 4 --- include/qapi/qobject-output-visitor.h | 4 --- include/qapi/util.h | 6 ++++- include/qapi/visitor-impl.h | 3 +++ include/qapi/visitor.h | 9 +++++++ qapi/qapi-visit-core.c | 27 ++++++++++++++++--- qapi/qmp-dispatch.c | 4 +-- qapi/qobject-input-visitor.c | 14 +--------- qapi/qobject-output-visitor.c | 14 +--------- scripts/qapi/expr.py | 3 ++- scripts/qapi/introspect.py | 19 ++++++++++--- scripts/qapi/schema.py | 22 +++++++++++++-- scripts/qapi/types.py | 17 +++++++++++- tests/qapi-schema/doc-good.json | 5 +++- tests/qapi-schema/doc-good.out | 3 +++ tests/qapi-schema/doc-good.txt | 3 +++ .../qapi-schema/enum-dict-member-unknown.err | 2 +- tests/qapi-schema/qapi-schema-test.json | 3 ++- tests/qapi-schema/qapi-schema-test.out | 1 + tests/qapi-schema/test-qapi.py | 1 + 24 files changed, 149 insertions(+), 57 deletions(-) -- 2.31.1

4 16

[PATCH 0/5] qemu: Prefer -numa cpu over -numa node,cpus=
by Michal Privoznik 21 Oct '21

21 Oct '21

I've sent these patches a while ago. Resending them again to resume the discussion. https://listman.redhat.com/archives/libvir-list/2020-May/msg01035.html Michal Prívozník (5): virCPUDefParseXML: Parse uint using virXPathUInt() virCPUDefParseXML: Prefer virXMLPropUInt over virXPathUInt qemuBuildNumaCommandLine: Move vars into loops qemuBuildNumaCommandLine: Separate out building of CPU list qemu: Prefer -numa cpu over -numa node,cpus= src/conf/cpu_conf.c | 45 ++---- src/qemu/qemu_command.c | 151 ++++++++++++++++-- .../hugepages-nvdimm.x86_64-latest.args | 4 +- ...memory-default-hugepage.x86_64-latest.args | 10 +- .../memfd-memory-numa.x86_64-latest.args | 10 +- ...y-hotplug-nvdimm-access.x86_64-latest.args | 4 +- ...ory-hotplug-nvdimm-align.x86_64-5.2.0.args | 4 +- ...ry-hotplug-nvdimm-align.x86_64-latest.args | 4 +- ...ory-hotplug-nvdimm-label.x86_64-5.2.0.args | 4 +- ...ry-hotplug-nvdimm-label.x86_64-latest.args | 4 +- ...mory-hotplug-nvdimm-pmem.x86_64-5.2.0.args | 4 +- ...ory-hotplug-nvdimm-pmem.x86_64-latest.args | 4 +- ...-hotplug-nvdimm-readonly.x86_64-5.2.0.args | 4 +- ...hotplug-nvdimm-readonly.x86_64-latest.args | 4 +- .../memory-hotplug-nvdimm.x86_64-latest.args | 4 +- ...mory-hotplug-virtio-pmem.x86_64-5.2.0.args | 4 +- ...ory-hotplug-virtio-pmem.x86_64-latest.args | 4 +- .../numatune-hmat.x86_64-latest.args | 18 ++- ...emnode-restrictive-mode.x86_64-latest.args | 38 ++++- .../numatune-memnode.x86_64-5.2.0.args | 38 ++++- .../numatune-memnode.x86_64-latest.args | 38 ++++- ...vhost-user-fs-fd-memory.x86_64-latest.args | 4 +- ...vhost-user-fs-hugepages.x86_64-latest.args | 4 +- ...host-user-gpu-secondary.x86_64-latest.args | 3 +- .../vhost-user-vga.x86_64-latest.args | 3 +- 25 files changed, 338 insertions(+), 76 deletions(-) -- 2.32.0

4 17

[RFC PATCH 00/10] VirtioNet RSS support
by Andrew Melnychenko 21 Oct '21

21 Oct '21

This series of patches add RSS property support for virtio-net-pci. Virtio RSS effectively works with TAP devices, it requires additional vectors for VirtioNet, queues for TAP device, and vCPU cores. Example of device configuration: ``` <interface type="network"> <mac address="52:54:00:c4:90:25"/> <source network="default"/> <model type="virtio"/> <driver name="qemu" queues="9" rss="on" rss_hash_report="off"/> <address type="pci" domain="0x0000" bus="0x01" slot="0x00" function="0x0"/> </interface> ``` Capability "rss" enables RSS, "rss_hash_report" - enables hashes in vheader. Qemu uses eBPF program as RSS driver. For loading RSS eBPF program, the helper is used. Path to the helper is provided by Qemu through "query-helper-paths" qmp command. The helper "qemu-ebpf-rss-helper" is built with Qemu and may differ from build to build. So it's required that the Qemu should provide a proper helper path. Libvirt would call the helper and receive the program and map fd through unix socket. Fds would be passed to Qemu in "ebpf_rss_fds" property by passing to child process or unix socket. If libvirt would fail at helper call or Qemu didn't provide the path, the Qemu would be launched without "ebpf_rss_fds" property. Without "ebpf_rss_fds" property, Qemu would try to load eBPF program by itself - usually, it would require additional system permissions. Qemu may use "in-qemu" RSS as a fallback option, which will not require system permissions, but doesn't work with vhost TAP. Qemu patches: https://lists.nongnu.org/archive/html/qemu-devel/2021-07/msg03535.html Andrew Melnychenko (10): domain_conf: Added configs for RSS and Hash report. qemu_capabilities: Added capabilites for qemu's "rss" and "hash". qemu_command: Added "rss" and "hash" properties. virsocket: Added receive for multiple fds. qemu_capabilities: Added capability for qemu's "ebpf_rss_fds". qemu_capabilities: Added capability for ebpf helper path. qemu_interface: Added ebpf helper call. qemu_command: Added ebpf RSS helper call for NIC creation. qemu_hotplug: Added helper call for hotplug NIC. docs: Added descriptions for "rss" and "rss_hash_report" configurations. docs/formatdomain.rst | 16 +++++++ src/conf/domain_conf.c | 31 +++++++++++++- src/conf/domain_conf.h | 2 + src/libvirt_private.syms | 1 + src/qemu/qemu_capabilities.c | 48 +++++++++++++++++++++ src/qemu/qemu_capabilities.h | 5 +++ src/qemu/qemu_command.c | 46 +++++++++++++++++++- src/qemu/qemu_command.h | 2 + src/qemu/qemu_hotplug.c | 30 ++++++++++++- src/qemu/qemu_interface.c | 54 +++++++++++++++++++++++ src/qemu/qemu_interface.h | 2 + src/qemu/qemu_monitor.c | 9 ++++ src/qemu/qemu_monitor.h | 3 ++ src/qemu/qemu_monitor_json.c | 50 ++++++++++++++++++++++ src/qemu/qemu_monitor_json.h | 3 ++ src/qemu/qemu_validate.c | 16 +++++++ src/util/virsocket.c | 83 ++++++++++++++++++++++++++++++++++++ src/util/virsocket.h | 2 + 18 files changed, 399 insertions(+), 4 deletions(-) -- 2.31.1

4 29

[PATCH] acpi/hotplug: Fix error message format to conform to spec
by Ani Sinha 21 Oct '21

21 Oct '21

Error messages must conform to spec as specified here: https://www.libvirt.org/coding-style.html#error-message-format This change encloses format specifiers in quotes and unbreaks error messages. Fixes: 8eadf82fb5 ("conf: introduce option to enable/disable pci hotplug on pci-root controller") Fixes: 7300ccc9b3 ("conf: introduce support for acpi-bridge-hotplug feature") Signed-off-by: Ani Sinha <ani(a)anisinha.ca> --- src/conf/domain_conf.c | 6 ++---- src/qemu/qemu_validate.c | 6 +++--- .../pc-i440fx-acpi-root-hotplug-disable.x86_64-5.1.0.err | 2 +- .../pc-i440fx-acpi-root-hotplug-enable.x86_64-5.1.0.err | 2 +- 4 files changed, 7 insertions(+), 9 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 6fcf86ba58..d5de07d13d 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -17557,8 +17557,7 @@ virDomainFeaturesPCIDefParse(virDomainDef *def, feature = virDomainPCITypeFromString((const char *)node->name); if (feature < 0) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, - _("unsupported PCI feature: %s"), - node->name); + _("unsupported PCI feature: '%s'"), node->name); return -1; } @@ -21833,8 +21832,7 @@ virDomainDefFeaturesCheckABIStability(virDomainDef *src, case VIR_DOMAIN_PCI_ACPI_BRIDGE_HOTPLUG: if (src->pci_features[i] != dst->pci_features[i]) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, - _("State of PCI feature '%s' differs: " - "source: '%s', destination: '%s'"), + _("State of PCI feature '%s' differs: source: '%s', destination: '%s'"), virDomainPCITypeToString(i), virTristateSwitchTypeToString(src->pci_features[i]), virTristateSwitchTypeToString(dst->pci_features[i])); diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c index 3045e4b64b..f93b697265 100644 --- a/src/qemu/qemu_validate.c +++ b/src/qemu/qemu_validate.c @@ -3947,7 +3947,7 @@ qemuValidateDomainDeviceDefControllerPCI(const virDomainControllerDef *cont, case VIR_DOMAIN_CONTROLLER_MODEL_PCI_ROOT: if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_PIIX4_ACPI_ROOT_PCI_HOTPLUG)) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, - _("setting the %s property on a '%s' device is not supported by this QEMU binary"), + _("setting the '%s' property on a '%s' device is not supported by this QEMU binary"), "hotplug", "pci-root"); return -1; } @@ -3956,8 +3956,8 @@ qemuValidateDomainDeviceDefControllerPCI(const virDomainControllerDef *cont, case VIR_DOMAIN_CONTROLLER_MODEL_PCIE_SWITCH_DOWNSTREAM_PORT: if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_PCIE_ROOT_PORT_HOTPLUG)) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, - _("setting the hotplug property on a '%s' device is not supported by this QEMU binary"), - modelName); + _("setting the '%s' property on a '%s' device is not supported by this QEMU binary"), + "hotplug", modelName); return -1; } break; diff --git a/tests/qemuxml2argvdata/pc-i440fx-acpi-root-hotplug-disable.x86_64-5.1.0.err b/tests/qemuxml2argvdata/pc-i440fx-acpi-root-hotplug-disable.x86_64-5.1.0.err index b507f1f8bc..55ec41c476 100644 --- a/tests/qemuxml2argvdata/pc-i440fx-acpi-root-hotplug-disable.x86_64-5.1.0.err +++ b/tests/qemuxml2argvdata/pc-i440fx-acpi-root-hotplug-disable.x86_64-5.1.0.err @@ -1 +1 @@ -unsupported configuration: setting the hotplug property on a 'pci-root' device is not supported by this QEMU binary +unsupported configuration: setting the 'hotplug' property on a 'pci-root' device is not supported by this QEMU binary diff --git a/tests/qemuxml2argvdata/pc-i440fx-acpi-root-hotplug-enable.x86_64-5.1.0.err b/tests/qemuxml2argvdata/pc-i440fx-acpi-root-hotplug-enable.x86_64-5.1.0.err index b507f1f8bc..55ec41c476 100644 --- a/tests/qemuxml2argvdata/pc-i440fx-acpi-root-hotplug-enable.x86_64-5.1.0.err +++ b/tests/qemuxml2argvdata/pc-i440fx-acpi-root-hotplug-enable.x86_64-5.1.0.err @@ -1 +1 @@ -unsupported configuration: setting the hotplug property on a 'pci-root' device is not supported by this QEMU binary +unsupported configuration: setting the 'hotplug' property on a 'pci-root' device is not supported by this QEMU binary -- 2.25.1

2 2

[libvirt PATCH v2 00/22] qemu: Implement virtio-iommu support
by Andrea Bolognani 20 Oct '21

20 Oct '21

The first patch adds QEMU replies and as such has been aggressively snipped to deal with mailing list message size limits. Grab the unabriged version with $ git fetch https://gitlab.com/abologna/libvirt.git virtio-iommu As noted in patch 10, the QEMU feature this series enables has not yet been accepted upstream: the relevant patches are https://lists.gnu.org/archive/html/qemu-devel/2021-10/msg00161.html https://lists.gnu.org/archive/html/qemu-devel/2021-09/msg07819.html and of course this series should only be merged once those have gone in. That said, patches 1-6 are necessary to implement the feature but also not strictly related to it, so they could be merged right away. Changes from [v1]: * rebased after Peter's recent changes enabling JSON for -device. [v1] https://listman.redhat.com/archives/libvir-list/2021-October/msg00459.html Andrea Bolognani (22): tests: Add replies for QEMU 6.2.0 on aarch64 conf: Make virDomainDeviceInfoFormat() const correct qemu: Make qemuBuildDeviceAddressProps() const correct qemu: Make qemuBuildVirtioDevProps() const correct conf: Add IOMMU support to virDomainDeviceDefCopy() conf: Add new/free functions for virDomainIOMMUDef conf: Introduce VIR_PCI_CONNECT_INTEGRATED qemu: Tweak some code qemu: Introduce QEMU_CAPS_DEVICE_VIRTIO_IOMMU_PCI DONOTMERGEYET: qemu: Introduce QEMU_CAPS_VIRTIO_IOMMU_BOOT_BYPASS conf: Introduce virtio model for <iommu> tests: Add test cases for virtio-iommu qemu: Validate machine type used with virtio-iommu qemu: Validate capabilities for virtio-iommu qemu: Validate use of ACPI with virtio-iommu conf: Add virDomainDeviceInfo to virDomainIOMMUDef qemu: Assign PCI address to virtio-iommu qemu: Validate address type for virtio-iommu tests: Add test for virtio-iommu address qemu: Generate command line for virtio-iommu docs: Document virtio-iommu news: Document virtio-iommu NEWS.rst | 4 + docs/formatdomain.rst | 5 +- docs/schemas/domaincommon.rng | 64 +- src/conf/domain_addr.c | 21 +- src/conf/domain_addr.h | 30 +- src/conf/domain_conf.c | 74 +- src/conf/domain_conf.h | 5 + src/qemu/qemu_capabilities.c | 10 + src/qemu/qemu_capabilities.h | 2 + src/qemu/qemu_command.c | 52 +- src/qemu/qemu_domain_address.c | 33 +- src/qemu/qemu_validate.c | 32 + .../qemu_6.2.0-virt.aarch64.xml | 184 + tests/domaincapsdata/qemu_6.2.0.aarch64.xml | 178 + .../caps_5.0.0.aarch64.replies | 71 +- .../caps_5.0.0.aarch64.xml | 1 + .../caps_5.0.0.ppc64.replies | 59 +- .../qemucapabilitiesdata/caps_5.0.0.ppc64.xml | 1 + .../caps_5.0.0.riscv64.replies | 55 +- .../caps_5.0.0.riscv64.xml | 1 + .../caps_5.0.0.x86_64.replies | 71 +- .../caps_5.0.0.x86_64.xml | 1 + .../caps_5.1.0.x86_64.replies | 71 +- .../caps_5.1.0.x86_64.xml | 1 + .../caps_5.2.0.aarch64.replies | 71 +- .../caps_5.2.0.aarch64.xml | 1 + .../caps_5.2.0.ppc64.replies | 59 +- .../qemucapabilitiesdata/caps_5.2.0.ppc64.xml | 1 + .../caps_5.2.0.riscv64.replies | 55 +- .../caps_5.2.0.riscv64.xml | 1 + .../caps_5.2.0.s390x.replies | 59 +- .../qemucapabilitiesdata/caps_5.2.0.s390x.xml | 1 + .../caps_5.2.0.x86_64.replies | 71 +- .../caps_5.2.0.x86_64.xml | 1 + .../caps_6.0.0.aarch64.replies | 71 +- .../caps_6.0.0.aarch64.xml | 1 + .../caps_6.0.0.s390x.replies | 59 +- .../qemucapabilitiesdata/caps_6.0.0.s390x.xml | 1 + .../caps_6.0.0.x86_64.replies | 71 +- .../caps_6.0.0.x86_64.xml | 1 + .../caps_6.1.0.x86_64.replies | 71 +- .../caps_6.1.0.x86_64.xml | 1 + ...h64.replies => caps_6.2.0.aarch64.replies} | 5594 ++++++++++------- ...0.0.aarch64.xml => caps_6.2.0.aarch64.xml} | 58 +- .../caps_6.2.0.x86_64.replies | 275 +- .../caps_6.2.0.x86_64.xml | 2 + ...fault-cpu-kvm-virt-4.2.aarch64-latest.args | 6 +- ...fault-cpu-tcg-virt-4.2.aarch64-latest.args | 6 +- .../aarch64-tpm.aarch64-latest.args | 2 +- .../aarch64-virt-graphics.aarch64-latest.args | 36 +- .../aarch64-virt-headless.aarch64-latest.args | 28 +- ...ult-video-type-aarch64.aarch64-latest.args | 6 +- .../disk-arm-virtio-sd.aarch64-latest.args | 2 +- ...e-expander-bus-aarch64.aarch64-latest.args | 2 +- ... virtio-iommu-aarch64.aarch64-latest.args} | 17 +- .../qemuxml2argvdata/virtio-iommu-aarch64.xml | 20 + ...mmu-invalid-address-type.x86_64-latest.err | 1 + .../virtio-iommu-invalid-address-type.xml | 20 + ...io-iommu-invalid-address.x86_64-latest.err | 1 + .../virtio-iommu-invalid-address.xml | 20 + .../virtio-iommu-no-acpi.x86_64-latest.err | 1 + .../qemuxml2argvdata/virtio-iommu-no-acpi.xml | 15 + ...rtio-iommu-wrong-machine.x86_64-latest.err | 1 + .../virtio-iommu-wrong-machine.xml | 18 + .../virtio-iommu-x86_64.x86_64-6.1.0.err | 1 + .../virtio-iommu-x86_64.x86_64-latest.args | 31 + .../qemuxml2argvdata/virtio-iommu-x86_64.xml | 18 + tests/qemuxml2argvtest.c | 7 + .../virtio-iommu-aarch64.aarch64-latest.xml | 34 + .../virtio-iommu-x86_64.x86_64-latest.xml | 36 + tests/qemuxml2xmltest.c | 2 + 71 files changed, 5278 insertions(+), 2604 deletions(-) create mode 100644 tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml create mode 100644 tests/domaincapsdata/qemu_6.2.0.aarch64.xml copy tests/qemucapabilitiesdata/{caps_6.0.0.aarch64.replies => caps_6.2.0.aarch64.replies} (92%) copy tests/qemucapabilitiesdata/{caps_6.0.0.aarch64.xml => caps_6.2.0.aarch64.xml} (92%) copy tests/qemuxml2argvdata/{aarch64-default-cpu-tcg-virt-4.2.aarch64-latest.args => virtio-iommu-aarch64.aarch64-latest.args} (54%) create mode 100644 tests/qemuxml2argvdata/virtio-iommu-aarch64.xml create mode 100644 tests/qemuxml2argvdata/virtio-iommu-invalid-address-type.x86_64-latest.err create mode 100644 tests/qemuxml2argvdata/virtio-iommu-invalid-address-type.xml create mode 100644 tests/qemuxml2argvdata/virtio-iommu-invalid-address.x86_64-latest.err create mode 100644 tests/qemuxml2argvdata/virtio-iommu-invalid-address.xml create mode 100644 tests/qemuxml2argvdata/virtio-iommu-no-acpi.x86_64-latest.err create mode 100644 tests/qemuxml2argvdata/virtio-iommu-no-acpi.xml create mode 100644 tests/qemuxml2argvdata/virtio-iommu-wrong-machine.x86_64-latest.err create mode 100644 tests/qemuxml2argvdata/virtio-iommu-wrong-machine.xml create mode 100644 tests/qemuxml2argvdata/virtio-iommu-x86_64.x86_64-6.1.0.err create mode 100644 tests/qemuxml2argvdata/virtio-iommu-x86_64.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/virtio-iommu-x86_64.xml create mode 100644 tests/qemuxml2xmloutdata/virtio-iommu-aarch64.aarch64-latest.xml create mode 100644 tests/qemuxml2xmloutdata/virtio-iommu-x86_64.x86_64-latest.xml -- 2.31.1

2 24

[PATCH v5] qemu: tpm: Run swtpm_setup --create-config-files in session mode
by Stefan Berger 20 Oct '21

20 Oct '21

Using swtpm v0.7.0 we can run swtpm_setup to create default config files for swtpm_setup and swtpm-localca in session mode. Now a user can start a VM with an attached TPM without having to run this program on the command line before. This program needs to run once. This patch addresses the issue raised in https://bugzilla.redhat.com/show_bug.cgi?id=2010649 Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com> --- v5: - Address Daniel's comments on v4 - Pass swtpm_setup to function since it's already been looked up v4: - Append stderr output to virReportError if swtpm_setup fails v3: - Removed logfile parameter v2: - fixed return code if swtpm_setup doesn't support the option --- src/qemu/qemu_tpm.c | 40 ++++++++++++++++++++++++++++++++++++++++ src/util/virtpm.c | 1 + src/util/virtpm.h | 1 + 3 files changed, 42 insertions(+) diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 100481503c..e1b08a66c5 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -385,6 +385,43 @@ qemuTPMSetupEncryption(const unsigned char *secretuuid, return virCommandSetSendBuffer(cmd, g_steal_pointer(&secret), secret_len); } + +/* + * qemuTPMCreateConfigFiles: run swtpm_setup --create-config-files skip-if-exist + */ +static int +qemuTPMCreateConfigFiles(const char *swtpm_setup) +{ + g_autoptr(virCommand) cmd = NULL; + g_autofree char *errbuf = NULL; + int exitstatus; + + if (!virTPMSwtpmSetupCapsGet( + VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_CREATE_CONFIG_FILES)) + return 0; + + cmd = virCommandNew(swtpm_setup); + if (!cmd) + return -1; + + virCommandAddArgList(cmd, "--create-config-files", "skip-if-exist", NULL); + virCommandClearCaps(cmd); + virCommandSetErrorBuffer(cmd, &errbuf); + + if (virCommandRun(cmd, &exitstatus) < 0) + return -1; + if (exitstatus != 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Could not run '%s' to create config files. " + "exitstatus: %d;\nError: %s"), + swtpm_setup, exitstatus, errbuf); + return -1; + } + + return 0; +} + + /* * qemuTPMEmulatorRunSetup * @@ -432,6 +469,9 @@ qemuTPMEmulatorRunSetup(const char *storagepath, "this requires privileged mode for a " "TPM 1.2\n"), 0600); + if (!privileged && qemuTPMCreateConfigFiles(swtpm_setup) < 0) + return -1; + cmd = virCommandNew(swtpm_setup); if (!cmd) return -1; diff --git a/src/util/virtpm.c b/src/util/virtpm.c index 1a567139b4..0f50de866c 100644 --- a/src/util/virtpm.c +++ b/src/util/virtpm.c @@ -45,6 +45,7 @@ VIR_ENUM_IMPL(virTPMSwtpmFeature, VIR_ENUM_IMPL(virTPMSwtpmSetupFeature, VIR_TPM_SWTPM_SETUP_FEATURE_LAST, "cmdarg-pwdfile-fd", + "cmdarg-create-config-files", ); /** diff --git a/src/util/virtpm.h b/src/util/virtpm.h index d021a083b4..3bb03b3b33 100644 --- a/src/util/virtpm.h +++ b/src/util/virtpm.h @@ -38,6 +38,7 @@ typedef enum { typedef enum { VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PWDFILE_FD, + VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_CREATE_CONFIG_FILES, VIR_TPM_SWTPM_SETUP_FEATURE_LAST } virTPMSwtpmSetupFeature; -- 2.31.1

4 3

[libvirt PATCH] Switch to new GitHub repo-lockdown configuration
by Daniel P. Berrangé 20 Oct '21

20 Oct '21

The repo-lockdown service used to run as a bot outside GitHub, but has now switched to using the GitHub Actions workflow framework. This requires use of a new configuration file. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- .github/lockdown.yml | 38 ------------------------- .github/workflows/lockdown.yml | 51 ++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+), 38 deletions(-) delete mode 100644 .github/lockdown.yml create mode 100644 .github/workflows/lockdown.yml diff --git a/.github/lockdown.yml b/.github/lockdown.yml deleted file mode 100644 index 7601a2a156..0000000000 --- a/.github/lockdown.yml +++ /dev/null @@ -1,38 +0,0 @@ -# Configuration for Repo Lockdown - https://github.com/dessant/repo-lockdown - -skipCreatedBefore: 2020-01-01 - -# Close issues and pull requests -close: true - -# Lock issues and pull requests -lock: true - -# Optionally, specify configuration settings just for `issues` or `pulls` -issues: - comment: | - Thank you for your interest in the libvirt project. - - Since this repository is a read-only mirror of the project's master repostory hosted on GitLab, issues opened here are not processed. - - We kindly request that new issues are reported to - - https://gitlab.com/libvirt/libvirt/-/issues/new - - Thank you for your time and understanding. - -pulls: - comment: | - Thank you for your interest in the libvirt project. - - Since this repository is a read-only mirror of the project's master repostory hosted on GitLab, merge requests opened here are not processed. - - We kindly request that contributors fork the project at - - https://gitlab.com/libvirt/libvirt/ - - push changes to the fork, and then open a new merge request at - - https://gitlab.com/libvirt/libvirt/-/merge_requests/new - - Thank you for your time and understanding. diff --git a/.github/workflows/lockdown.yml b/.github/workflows/lockdown.yml new file mode 100644 index 0000000000..f7646d9bde --- /dev/null +++ b/.github/workflows/lockdown.yml @@ -0,0 +1,51 @@ +--- +# Configuration for Repo Lockdown - https://github.com/dessant/repo-lockdown + +name: 'Repo Lockdown' + +on: + issues: + types: opened + pull_request_target: + types: opened + +permissions: + pull-requests: write + +jobs: + action: + runs-on: ubuntu-latest + steps: + - uses: dessant/repo-lockdown@v2 + with: + issue-comment: | + Thank you for your interest in the libvirt project. + + Since this repository is a read-only mirror of the project's master + repostory hosted on GitLab, issues opened here are not processed. + + We kindly request that new issues are reported to + + https://gitlab.com/libvirt/libvirt/-/issues/new + + Thank you for your time and understanding. + lock-issue: true + close-issue: true + pr-comment: | + Thank you for your interest in the libvirt project. + + Since this repository is a read-only mirror of the project's master + repostory hosted on GitLab, merge requests opened here are not + processed. + + We kindly request that contributors fork the project at + + https://gitlab.com/libvirt/libvirt/ + + push changes to the fork, and then open a new merge request at + + https://gitlab.com/libvirt/libvirt/-/merge_requests/new + + Thank you for your time and understanding. + lock-pr: true + close-pr: true -- 2.31.1

2 2

[libvirt PATCH] ci: switch all non-released distros to be non-gating
by Daniel P. Berrangé 20 Oct '21

20 Oct '21

The non-released distros have reasonably frequent package installation failures that can last for days at a time. This makes them unsuitable for use as gating CI jobs. This ensures all of the jobs in Debian Sid, Fedora Rawhide, openSUSE Tumbleweed and FreeBSD Current are marked "allow-failure: true". This means the jobs still run, but any failure will not be considered fatal to the pipeline. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- ci/gitlab.yml | 20 ++++++++++---------- ci/manifest.yml | 6 ++++++ 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/ci/gitlab.yml b/ci/gitlab.yml index 0678cb7ba0..cbe7d0f9e9 100644 --- a/ci/gitlab.yml +++ b/ci/gitlab.yml @@ -109,7 +109,7 @@ x86_64-debian-11-container: x86_64-debian-sid-container: extends: .container_job - allow_failure: false + allow_failure: true variables: NAME: debian-sid @@ -144,7 +144,7 @@ x86_64-opensuse-leap-152-container: x86_64-opensuse-tumbleweed-container: extends: .container_job - allow_failure: false + allow_failure: true variables: NAME: opensuse-tumbleweed @@ -287,7 +287,7 @@ s390x-debian-11-container: aarch64-debian-sid-container: extends: .container_job - allow_failure: false + allow_failure: true variables: NAME: debian-sid-cross-aarch64 @@ -308,7 +308,7 @@ armv7l-debian-sid-container: i686-debian-sid-container: extends: .container_job - allow_failure: false + allow_failure: true variables: NAME: debian-sid-cross-i686 @@ -336,7 +336,7 @@ ppc64le-debian-sid-container: s390x-debian-sid-container: extends: .container_job - allow_failure: false + allow_failure: true variables: NAME: debian-sid-cross-s390x @@ -419,7 +419,7 @@ x86_64-debian-sid: extends: .native_build_job needs: - x86_64-debian-sid-container - allow_failure: false + allow_failure: true variables: NAME: debian-sid @@ -476,7 +476,7 @@ x86_64-opensuse-tumbleweed: extends: .native_build_job needs: - x86_64-opensuse-tumbleweed-container - allow_failure: false + allow_failure: true variables: NAME: opensuse-tumbleweed RPM: skip @@ -582,7 +582,7 @@ aarch64-debian-sid: extends: .cross_build_job needs: - aarch64-debian-sid-container - allow_failure: false + allow_failure: true variables: NAME: debian-sid CROSS: aarch64 @@ -592,7 +592,7 @@ i686-debian-sid: extends: .cross_build_job needs: - i686-debian-sid-container - allow_failure: false + allow_failure: true variables: NAME: debian-sid CROSS: i686 @@ -602,7 +602,7 @@ s390x-debian-sid: extends: .cross_build_job needs: - s390x-debian-sid-container - allow_failure: false + allow_failure: true variables: NAME: debian-sid CROSS: s390x diff --git a/ci/manifest.yml b/ci/manifest.yml index 878c4773a3..49d5fe7064 100644 --- a/ci/manifest.yml +++ b/ci/manifest.yml @@ -94,8 +94,10 @@ targets: debian-sid: jobs: - arch: x86_64 + allow-failure: true - arch: aarch64 + allow-failure: true - arch: armv6l allow-failure: true @@ -106,6 +108,7 @@ targets: builds: false - arch: i686 + allow-failure: true - arch: mips64el allow-failure: true @@ -120,6 +123,7 @@ targets: builds: false - arch: s390x + allow-failure: true fedora-33: x86_64 @@ -150,6 +154,7 @@ targets: freebsd-current: jobs: - arch: x86_64 + allow-failure: true builds: False opensuse-leap-152: @@ -161,6 +166,7 @@ targets: opensuse-tumbleweed: jobs: - arch: x86_64 + allow-failure: true variables: RPM: skip -- 2.31.1

2 1