[libvirt PATCH v2 00/20] Invalidate the cpu flags cache on host cpuid mismatch
by Tim Wiederhake
Many things can affect the availability of cpu features (e.g. software
upgrades, kernel versions, kernel command line, etc.) and invalidate the
cached capabilities without notice. Add CPUID information to the
capabilities cache.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1953389.
V1: https://listman.redhat.com/archives/libvir-list/2021-August/msg00138.html
Tim Wiederhake (20):
cpu_x86: Simplify x86ParseCPUID
cpu_x86: Simplify x86ParseMSR
cpu_x86: Add x86ParseDataItemList
cpu: Change virCPUArchDataParse to take xmlNodePtr
cpu: Split up virCPUDataParse
cpu: Add virCPUDataIsIdentical
cpu_x86: Implement virCPUDataIsIdentical for x86
cpu_arm: No need to protect macro definitions
cpu_arm: Implement virCPUDataIsIdentical for arm
cpu_ppc64: Implement virCPUDataIsIdentical for ppc64
cpu: Add virCPUDataNewCopy
cpu_x86: Implement virCPUDataNewCopy for x86
cpu_arm: Implement virCPUDataNewCopy for arm
cpu_ppc64: Implement virCPUDataNewCopy for ppc64
virhostcpu: Add virHostCPUGetCPUID
cpu_x86: Add virCPUDataGetHost
cpu_x86: Implement virCPUDataGetHost for x86
virQEMUCaps: Add host cpuid information
virQEMUCapsCachePriv: Add host cpuid information
qemu: Invalidate capabilities cache on host cpuid mismatch
src/cpu/cpu.c | 97 +++++++++++-
src/cpu/cpu.h | 27 +++-
src/cpu/cpu_arm.c | 54 ++++++-
src/cpu/cpu_ppc64.c | 44 ++++++
src/cpu/cpu_x86.c | 296 +++++++++++++++++++++++------------
src/libvirt_private.syms | 5 +
src/qemu/qemu_capabilities.c | 33 +++-
src/qemu/qemu_capspriv.h | 3 +-
src/util/virhostcpu.c | 43 +++++
src/util/virhostcpu.h | 2 +
tests/qemucapsprobe.c | 2 +-
11 files changed, 486 insertions(+), 120 deletions(-)
--
2.31.1
3 years
[libvirt PATCH] NEWS: document tcp_min_ssf
by Ján Tomko
Signed-off-by: Ján Tomko <jtomko(a)redhat.com>
---
NEWS.rst | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/NEWS.rst b/NEWS.rst
index 983153a631..fc47c63bd2 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -24,6 +24,13 @@ v7.10.0 (unreleased)
Libvirt is now able to report interface information from the guest's
perspective (using guest agent).
+ * Minimum SSF setting
+
+ The libvirtd.conf option tcp_min_ssf can be used to override the minimum
+ permitted security strength factor for non-TLS remote connections.
+ The current hardcoded minimum is 56 (single-DES) and will be raised to 112
+ in the future. Setting a minimum lower than 112 is not supported.
+
* **Bug fixes**
--
2.31.1
3 years
[PATCH] remote_daemon: Validate tcp_min_ssf value only if found in config
by Michal Privoznik
If there is no tcp_min_ssf value set in daemon config we still
compare it against the default (56 which corresponds to DES) and
if the value is below our expected minimum (112 which corresponds
to 3DES) an error is reported and the daemon refuses to start.
This is not what we want. What we want is to check the value iff
the value was specified in the config file.
Fixes: 58a48cff840
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/remote/remote_daemon_config.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/remote/remote_daemon_config.c b/src/remote/remote_daemon_config.c
index a9961013f2..30653e82cf 100644
--- a/src/remote/remote_daemon_config.c
+++ b/src/remote/remote_daemon_config.c
@@ -231,6 +231,8 @@ daemonConfigLoadOptions(struct daemonConfig *data,
const char *filename,
virConf *conf)
{
+ int rc G_GNUC_UNUSED;
+
#ifdef WITH_IP
if (virConfGetValueBool(conf, "listen_tcp", &data->listen_tcp) < 0)
return -1;
@@ -303,10 +305,9 @@ daemonConfigLoadOptions(struct daemonConfig *data,
if (virConfGetValueString(conf, "tls_priority", &data->tls_priority) < 0)
return -1;
- if (virConfGetValueUInt(conf, "tcp_min_ssf", &data->tcp_min_ssf) < 0)
+ if ((rc = virConfGetValueUInt(conf, "tcp_min_ssf", &data->tcp_min_ssf)) < 0) {
return -1;
-
- if (data->tcp_min_ssf < SSF_WARNING_LEVEL) {
+ } else if (rc > 0 && data->tcp_min_ssf < SSF_WARNING_LEVEL) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("minimum SSF levels lower than %d are not supported"),
SSF_WARNING_LEVEL);
--
2.32.0
3 years
[libvirt PATCH v4 0/5] add interface infomation in guestinfo command
by zhanglei
zhanglei (5):
domain: add interface information to 'virDomainGetGuestInfo'
virsh: add interface information to guestinfo command
qemu: refactor 'qemuAgentGetInterfaces'
qemu: add guest interface information in 'qemuDomainGetGuestInfo'
NEWS: add guest interface information in 'virDomainGetGuestInfo'
NEWS.rst | 5 ++
docs/manpages/virsh.rst | 12 ++++-
include/libvirt/libvirt-domain.h | 1 +
src/libvirt-domain.c | 12 +++++
src/qemu/qemu_agent.c | 9 ++--
src/qemu/qemu_agent.h | 3 +-
src/qemu/qemu_driver.c | 90 +++++++++++++++++++++++++++++++-
tests/qemuagenttest.c | 2 +-
tools/virsh-domain.c | 6 +++
9 files changed, 131 insertions(+), 9 deletions(-)
--
2.31.1
3 years
[PATCH] syntax-check: Fix regex for sc_require_attribute_cleanup_initialization:
by Peter Krempa
When I was cleaning up the regex after we removed most of our custom
autofree helpers I've forgot to delete one closing brace, thus the regex
was not matching anything.
Fixes: 65f702020e8
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
build-aux/syntax-check.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/build-aux/syntax-check.mk b/build-aux/syntax-check.mk
index 2a6e2f86a1..4d396699c9 100644
--- a/build-aux/syntax-check.mk
+++ b/build-aux/syntax-check.mk
@@ -910,7 +910,7 @@ sc_prohibit_backslash_alignment:
# Rule to ensure that variables declared using a cleanup macro are
# always initialized.
sc_require_attribute_cleanup_initialization:
- @prohibit='((g_auto(ptr|free|slist)?)|VIR_AUTOCLOSE)) *[^=]+;' \
+ @prohibit='((g_auto(ptr|free|slist)?)|VIR_AUTOCLOSE) *[^=]+;' \
in_vc_files='\.[chx]$$' \
halt='variable declared with a cleanup macro must be initialized' \
$(_sc_search_regexp)
--
2.31.1
3 years
[libvirt PATCH] ci: disable CCACHE for the coverity job
by Ján Tomko
Signed-off-by: Ján Tomko <jtomko(a)redhat.com>
---
Untested, as I obviously do not have access to the COVERITY_SCAN_TOKEN.
.gitlab-ci.yml | 2 ++
1 file changed, 2 insertions(+)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d486faca58..3e06d16fb1 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -116,6 +116,8 @@ coverity:
needs:
- x86_64-centos-8-container
stage: builds
+ before_script:
+ export CCACHE_DISABLE=1
script:
- curl https://scan.coverity.com/download/linux64 --form project=$COVERITY_SCAN_PROJECT_NAME --form token=$COVERITY_SCAN_TOKEN -o /tmp/cov-analysis-linux64.tgz
- tar xfz /tmp/cov-analysis-linux64.tgz
--
2.31.1
3 years
[PATCH 0/2] Allow tweaking TCG's tb-size
by Michal Privoznik
*** BLURB HERE ***
Michal Prívozník (2):
conf: Introduce TCG domain features
qemu: Generate command line for tb-cache feature
docs/formatdomain.rst | 11 +++
docs/schemas/domaincommon.rng | 15 +++-
src/conf/domain_conf.c | 90 +++++++++++++++++++
src/conf/domain_conf.h | 7 ++
src/qemu/qemu_command.c | 14 ++-
src/qemu/qemu_validate.c | 11 +++
...efault-cpu-tcg-features.x86_64-latest.args | 40 +++++++++
.../x86_64-default-cpu-tcg-features.xml | 67 ++++++++++++++
tests/qemuxml2argvtest.c | 1 +
...default-cpu-tcg-features.x86_64-latest.xml | 1 +
tests/qemuxml2xmltest.c | 1 +
11 files changed, 256 insertions(+), 2 deletions(-)
create mode 100644 tests/qemuxml2argvdata/x86_64-default-cpu-tcg-features.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/x86_64-default-cpu-tcg-features.xml
create mode 120000 tests/qemuxml2xmloutdata/x86_64-default-cpu-tcg-features.x86_64-latest.xml
--
2.32.0
3 years
[PATCH] qemuTPMEmulatorReconfigure: Fix two build issues
by Peter Krempa
1) 'activePcrBanksStr' is not initialized:
../../../libvirt/src/qemu/qemu_tpm.c: In function ‘qemuExtTPMStart’:
/usr/include/glib-2.0/glib/glib-autocleanups.h:28:3: error: ‘activePcrBanksStr’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
28 | g_free (*pp);
| ^~~~~~~~~~~~
../../../libvirt/src/qemu/qemu_tpm.c:613:22: note: ‘activePcrBanksStr’ was declared here
613 | g_autofree char *activePcrBanksStr;
| ^~~~~~~~~~~~~~~~~
2) 'pwdfile_fd' is unused:
../../../libvirt/src/qemu/qemu_tpm.c:615:19: error: unused variable 'pwdfile_fd' [-Werror,-Wunused-variable]
VIR_AUTOCLOSE pwdfile_fd = -1;
Fixes: a5bbe1a8b63
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
Pushed.
src/qemu/qemu_tpm.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index 25890a8589..7d05394356 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -610,9 +610,8 @@ qemuTPMEmulatorReconfigure(const char *storagepath,
{
g_autoptr(virCommand) cmd = NULL;
int exitstatus;
- g_autofree char *activePcrBanksStr;
+ g_autofree char *activePcrBanksStr = NULL;
g_autofree char *swtpm_setup = virTPMGetSwtpmSetup();
- VIR_AUTOCLOSE pwdfile_fd = -1;
if (!swtpm_setup)
return -1;
--
2.31.1
3 years
[PATCH v3 0/2] qemu: tpm: Activate PCR banks of a TPM 2.0 before VM start
by Stefan Berger
This series of patches adds support for activating the PCR banks of a TPM 2.0
before starting a VM.
Stefan
Stefan Berger (2):
qemu: Move code to add encryption options for swtpm_setup into
function
qemu: tpm: Extend TPM domain XML with PCR banks to activate
docs/formatdomain.rst | 12 ++
docs/schemas/domaincommon.rng | 30 ++++
src/conf/domain_conf.c | 50 +++++-
src/conf/domain_conf.h | 11 ++
src/libvirt_private.syms | 2 +
src/qemu/qemu_tpm.c | 152 ++++++++++++++++--
src/util/virtpm.c | 1 +
src/util/virtpm.h | 1 +
tests/qemuxml2argvdata/tpm-emulator-tpm2.xml | 7 +-
.../tpm-emulator-tpm2.x86_64-latest.xml | 7 +-
10 files changed, 252 insertions(+), 21 deletions(-)
--
2.31.1
3 years
[libvirt PATCH] qemu: Check return value of virJSONValueObjectAdd
by Jiri Denemark
The return value was not properly checked in the code for input type
evdev.
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
src/qemu/qemu_command.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 45278c7108..483041f584 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -4336,13 +4336,15 @@ qemuBuildInputEvdevProps(virDomainInputDef *dev)
NULL) < 0)
return NULL;
- if (dev->source.grab == VIR_DOMAIN_INPUT_SOURCE_GRAB_ALL)
- virJSONValueObjectAdd(props, "b:grab_all", true, NULL);
+ if (dev->source.grab == VIR_DOMAIN_INPUT_SOURCE_GRAB_ALL &&
+ virJSONValueObjectAdd(props, "b:grab_all", true, NULL) < 0)
+ return NULL;
- if (dev->source.grabToggle != VIR_DOMAIN_INPUT_SOURCE_GRAB_TOGGLE_DEFAULT)
+ if (dev->source.grabToggle != VIR_DOMAIN_INPUT_SOURCE_GRAB_TOGGLE_DEFAULT &&
virJSONValueObjectAdd(props, "s:grab-toggle",
virDomainInputSourceGrabToggleTypeToString(dev->source.grabToggle),
- NULL);
+ NULL) < 0)
+ return NULL;
return g_steal_pointer(&props);
}
--
2.33.1
3 years
