[PATCH 0/2] gnutls: Be more clever about DH key size
by Michal Privoznik
See 2/2 for explanation.
Ideally, we wouldn't use gnutls_dh_params_generate2() at all, per [1].
But that would require bumping minimal required version to gnutls-3.6.0
and I'm not sure how available it is in OSes we support. Therefore, for
now let's stick with patch 2/2.
1: https://www.gnutls.org/manual/html_node/Parameter-generation.html
Michal Prívozník (2):
virnettlscontext: Drop gnutls_dh_set_prime_bits()
virnettlscontext: Don't pass static key length to
gnutls_dh_params_generate2()
src/rpc/virnettlscontext.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
--
2.32.0
2 years, 10 months
[PATCH 0/3] VirtioNet RSS support
by Andrew Melnychenko
This series of patches add RSS property support for virtio-net-pci.
Virtio RSS effectively works with TAP devices, it requires additional
vectors for VirtioNet, queues for TAP device, and vCPU cores.
Example of device configuration:
```
<interface type="network">
<mac address="52:54:00:c4:90:25"/>
<source network="default"/>
<model type="virtio"/>
<driver name="qemu" queues="9" rss="on" rss_hash_report="off"/>
<address type="pci" domain="0x0000" bus="0x01" slot="0x00" function="0x0"/>
</interface>
```
Capability "rss" enables RSS, "rss_hash_report" - enables hashes in vheader.
For now, "rss" property will trigger "in-qemu" RSS in most cases.
Current Qemu(6.2) supports eBPF RSS that may require additional capabilities.
In future, the helper will be provided. And this code is the base for VirtIO RSS.
Changes since RFC:
* rebased and refactored
* added tests
* postponed the helper
Andrew Melnychenko (3):
domain_conf: Added configs for RSS and Hash report.
qemu_capabilities: Added capabilites for qemu's "rss" and "hash".
test: Added caps, xml2argv and xml2xml tests.
docs/formatdomain.rst | 15 ++++++++
docs/schemas/domaincommon.rng | 10 ++++++
src/conf/domain_conf.c | 31 +++++++++++++++-
src/conf/domain_conf.h | 2 ++
src/qemu/qemu_capabilities.c | 2 ++
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_command.c | 2 ++
src/qemu/qemu_validate.c | 16 +++++++++
.../caps_5.1.0.x86_64.xml | 1 +
.../caps_5.2.0.aarch64.xml | 1 +
.../qemucapabilitiesdata/caps_5.2.0.ppc64.xml | 1 +
.../caps_5.2.0.riscv64.xml | 1 +
.../qemucapabilitiesdata/caps_5.2.0.s390x.xml | 1 +
.../caps_5.2.0.x86_64.xml | 1 +
.../caps_6.0.0.aarch64.xml | 1 +
.../qemucapabilitiesdata/caps_6.0.0.s390x.xml | 1 +
.../caps_6.0.0.x86_64.xml | 1 +
.../caps_6.1.0.x86_64.xml | 1 +
.../caps_6.2.0.aarch64.xml | 1 +
.../qemucapabilitiesdata/caps_6.2.0.ppc64.xml | 1 +
.../caps_6.2.0.x86_64.xml | 1 +
tests/qemuxml2argvdata/net-virtio-hash.args | 35 +++++++++++++++++++
tests/qemuxml2argvdata/net-virtio-hash.xml | 29 +++++++++++++++
tests/qemuxml2argvdata/net-virtio-rss.args | 35 +++++++++++++++++++
tests/qemuxml2argvdata/net-virtio-rss.xml | 29 +++++++++++++++
.../qemuxml2argvdata/net-virtio-rsshash.args | 35 +++++++++++++++++++
tests/qemuxml2argvdata/net-virtio-rsshash.xml | 29 +++++++++++++++
.../virtio-options.x86_64-latest.args | 2 +-
tests/qemuxml2argvdata/virtio-options.xml | 2 +-
tests/qemuxml2argvtest.c | 7 ++++
30 files changed, 292 insertions(+), 3 deletions(-)
create mode 100644 tests/qemuxml2argvdata/net-virtio-hash.args
create mode 100644 tests/qemuxml2argvdata/net-virtio-hash.xml
create mode 100644 tests/qemuxml2argvdata/net-virtio-rss.args
create mode 100644 tests/qemuxml2argvdata/net-virtio-rss.xml
create mode 100644 tests/qemuxml2argvdata/net-virtio-rsshash.args
create mode 100644 tests/qemuxml2argvdata/net-virtio-rsshash.xml
--
2.34.1
2 years, 10 months
[PATCH V4 0/6] Add virDomainSetLaunchSecurityState API
by Jim Fehlig
V4 of https://listman.redhat.com/archives/libvir-list/2021-December/msg00686.html
Similar to previous versions, this series is compile-tested only. I plan to
work on functional testing soon.
Changes since V3:
- Set secret and secret header read buffer to 64k
- Add capability for sev-inject-launch-secret qmp command
- Add NEWS entry
Jim Fehlig (6):
libvirt: Introduce virDomainSetLaunchSecurityState public API
remote: Add RPC support for the virDomainSetLaunchSecurityState API
qemu_capabilities: Introduce QEMU_CAPS_SEV_INJECT_LAUNCH_SECRET
qemu: Implement the virDomainSetLaunchSecurityState API
tools: Add domsetlaunchsecstate virsh command
NEWS: Mention new virDomainSetLaunchSecurityState API
NEWS.rst | 6 +
docs/manpages/virsh.rst | 25 ++++
include/libvirt/libvirt-domain.h | 36 ++++++
src/driver-hypervisor.h | 7 ++
src/libvirt-domain.c | 62 ++++++++++
src/libvirt_public.syms | 5 +
src/qemu/qemu_capabilities.c | 2 +
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_driver.c | 100 ++++++++++++++++
src/qemu/qemu_monitor.c | 14 +++
src/qemu/qemu_monitor.h | 7 ++
src/qemu/qemu_monitor_json.c | 45 ++++++++
src/qemu/qemu_monitor_json.h | 6 +
src/remote/remote_driver.c | 1 +
src/remote/remote_protocol.x | 17 ++-
src/remote_protocol-structs | 9 ++
.../caps_6.0.0.x86_64.xml | 1 +
.../caps_6.1.0.x86_64.xml | 1 +
.../caps_6.2.0.x86_64.xml | 1 +
tests/qemumonitorjsontest.c | 3 +
tools/virsh-domain.c | 107 ++++++++++++++++++
21 files changed, 455 insertions(+), 1 deletion(-)
--
2.34.1
2 years, 10 months
[PATCH] rpc: Require dtrace sources to be generated first
by Michal Privoznik
The virt_socket_lib is built from virnetsocket.c (among others).
But this file includes virprobe.h which includes libvirt_probes.h
which is a generated file. But this dependency is not recorded in
meson which may lead to a failed build.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
I don't know if this is the right fix or we need to go with
declare_dependency(), or even something else. But this fixes the build
for me.
src/rpc/meson.build | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/rpc/meson.build b/src/rpc/meson.build
index 7fde92e6cf..36a2809adf 100644
--- a/src/rpc/meson.build
+++ b/src/rpc/meson.build
@@ -9,6 +9,7 @@ socket_sources = [
virt_socket_lib = static_library(
'virt_socket',
[
+ dtrace_gen_headers,
socket_sources,
],
dependencies: [
--
2.32.0
2 years, 10 months
[PATCH v2] Add VM info to improve error log message for qemu monitor
by Rohit Kumar
This patch is to determine the VM which had IO or socket hangup error.
Accessing directly vm->def->name inside qemuMonitorIO() or qemuMonitorSend()
might leads to illegal access as we are out of 'vm' context and vm->def might
not exist. Adding a field "domainName" inside mon object to access vm name
and initialising it when creating mon object.
Signed-off-by: Rohit Kumar <rohit.kumar3(a)nutanix.com>
---
diff to v1:
- Adding a field domainName inside _qemuMonitor struct for accessing vm name
instead of directly accessing mon->vm->def->name.
- Link to v1: https://listman.redhat.com/archives/libvir-list/2021-December/msg00217.html
- Talked with peter on RFC and he suggested me to add a field inside
monitor struct to get VM name.
src/qemu/qemu_monitor.c | 47 +++++++++++++++++++++++++----------------
1 file changed, 29 insertions(+), 18 deletions(-)
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index dda6ae9796..c3a0227795 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -80,6 +80,7 @@ struct _qemuMonitor {
GSource *watch;
virDomainObj *vm;
+ char *domainName;
qemuMonitorCallbacks *cb;
void *callbackOpaque;
@@ -243,6 +244,7 @@ qemuMonitorDispose(void *obj)
virCondDestroy(&mon->notify);
g_free(mon->buffer);
g_free(mon->balloonpath);
+ g_free(mon->domainName);
}
@@ -530,13 +532,18 @@ qemuMonitorIO(GSocket *socket G_GNUC_UNUSED,
qemuMonitor *mon = opaque;
bool error = false;
bool hangup = false;
+ virDomainObj *vm = NULL;
+ char *vmName = NULL;
virObjectRef(mon);
+ vm = mon->vm;
+ vmName = mon->domainName;
+
/* lock access to the monitor and protect fd */
virObjectLock(mon);
#if DEBUG_IO
- VIR_DEBUG("Monitor %p I/O on socket %p cond %d", mon, socket, cond);
+ VIR_DEBUG("Monitor %p I/O on socket %p cond %d vm=%p name=%s", mon, socket, cond, vm, NULLSTR(vmName));
#endif
if (mon->fd == -1 || !mon->watch) {
virObjectUnlock(mon);
@@ -583,8 +590,8 @@ qemuMonitorIO(GSocket *socket G_GNUC_UNUSED,
if (!error && !mon->goteof &&
cond & G_IO_ERR) {
- virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("Invalid file descriptor while waiting for monitor"));
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("%s: Invalid file descriptor while waiting for monitor"), NULLSTR(vmName));
mon->goteof = true;
}
}
@@ -609,13 +616,14 @@ qemuMonitorIO(GSocket *socket G_GNUC_UNUSED,
virResetLastError();
} else {
if (virGetLastErrorCode() == VIR_ERR_OK && !mon->goteof)
- virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("Error while processing monitor IO"));
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("%s: Error while processing monitor IO"), NULLSTR(vmName));
virCopyLastError(&mon->lastError);
virResetLastError();
}
- VIR_DEBUG("Error on monitor %s", NULLSTR(mon->lastError.message));
+ VIR_DEBUG("Error on monitor %s mon=%p vm=%p name=%s",
+ NULLSTR(mon->lastError.message), mon, vm, NULLSTR(vmName));
/* If IO process resulted in an error & we have a message,
* then wakeup that waiter */
if (mon->msg && !mon->msg->finished) {
@@ -631,22 +639,22 @@ qemuMonitorIO(GSocket *socket G_GNUC_UNUSED,
* will try to acquire the virDomainObj *mutex next */
if (mon->goteof) {
qemuMonitorEofNotifyCallback eofNotify = mon->cb->eofNotify;
- virDomainObj *vm = mon->vm;
/* Make sure anyone waiting wakes up now */
virCondSignal(&mon->notify);
virObjectUnlock(mon);
- VIR_DEBUG("Triggering EOF callback");
+ VIR_DEBUG("Triggering EOF callback mon=%p vm=%p name=%s",
+ mon, vm, NULLSTR(vmName));
(eofNotify)(mon, vm, mon->callbackOpaque);
virObjectUnref(mon);
} else if (error) {
qemuMonitorErrorNotifyCallback errorNotify = mon->cb->errorNotify;
- virDomainObj *vm = mon->vm;
/* Make sure anyone waiting wakes up now */
virCondSignal(&mon->notify);
virObjectUnlock(mon);
- VIR_DEBUG("Triggering error callback");
+ VIR_DEBUG("Triggering error callback mon=%p vm=%p name=%s",
+ mon, vm, NULLSTR(vmName));
(errorNotify)(mon, vm, mon->callbackOpaque);
virObjectUnref(mon);
} else {
@@ -694,6 +702,7 @@ qemuMonitorOpenInternal(virDomainObj *vm,
mon->fd = fd;
mon->context = g_main_context_ref(context);
mon->vm = virObjectRef(vm);
+ mon->domainName = g_strdup(vm->def->name);
mon->waitGreeting = true;
mon->cb = cb;
mon->callbackOpaque = opaque;
@@ -932,17 +941,19 @@ qemuMonitorSend(qemuMonitor *mon,
qemuMonitorMessage *msg)
{
int ret = -1;
+ virDomainObj *vm = mon->vm;
+ char *vmName = mon->domainName;
/* Check whether qemu quit unexpectedly */
if (mon->lastError.code != VIR_ERR_OK) {
- VIR_DEBUG("Attempt to send command while error is set %s",
- NULLSTR(mon->lastError.message));
+ VIR_DEBUG("Attempt to send command while error is set %s mon=%p vm=%p name=%s",
+ NULLSTR(mon->lastError.message), mon, vm, NULLSTR(vmName));
virSetError(&mon->lastError);
return -1;
}
if (mon->goteof) {
- virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("End of file from qemu monitor"));
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("%s: End of file from qemu monitor"), NULLSTR(vmName));
return -1;
}
@@ -955,15 +966,15 @@ qemuMonitorSend(qemuMonitor *mon,
while (!mon->msg->finished) {
if (virCondWait(&mon->notify, &mon->parent.lock) < 0) {
- virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("Unable to wait on monitor condition"));
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("%s: Unable to wait on monitor condition"), NULLSTR(vmName));
goto cleanup;
}
}
if (mon->lastError.code != VIR_ERR_OK) {
- VIR_DEBUG("Send command resulted in error %s",
- NULLSTR(mon->lastError.message));
+ VIR_DEBUG("Send command resulted in error %s mon=%p vm=%p name=%s",
+ NULLSTR(mon->lastError.message), mon, vm, NULLSTR(vmName));
virSetError(&mon->lastError);
goto cleanup;
}
--
2.25.1
2 years, 10 months
CDROM hotplug not supported even with usb bus
by Tianren Zhang
Hi,
I am using libvirt-4.5.0 + qemu-kvm-ev-2.12.0 and I have a question about
the cdrom function of libvirt. When I tried to attach a CD ROM, it rejected
the operation showing "cdrom/floppy device hotplug isn't supported". I
understand that it should be rejected when the IDE bus is used, but the
hotplug with USB bus is totally feasible, as it's also supported in qemu,
in this case, should it be allowed for hotplug?
I have not tried the newest version of libvirt yet, but looking at the
upstream source code it seems that there is no change regarding this issue.
Thank you,
Tianren Zhang
2 years, 10 months
[libvirt PATCH] spec: Drop BuildRequires on ZFS
by Andrea Bolognani
We're no longer performing build time detection.
Fixes: 506c3a39d6e645c8414c278ceaba97935f90cb95
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
libvirt.spec.in | 6 ------
1 file changed, 6 deletions(-)
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 7bd74da2c9..9e24ba92ff 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -320,12 +320,6 @@ BuildRequires: glusterfs-devel >= 3.4.1
%if %{with_storage_sheepdog}
BuildRequires: sheepdog
%endif
-%if %{with_storage_zfs}
-# Support any conforming implementation of zfs. On stock Fedora
-# this is zfs-fuse, but could be zfsonlinux upstream RPMs
-BuildRequires: /sbin/zfs
-BuildRequires: /sbin/zpool
-%endif
%if %{with_numactl}
# For QEMU/LXC numa info
BuildRequires: numactl-devel
--
2.31.1
2 years, 10 months
[libvirt PATCH] meson: Don't require the parted command at build time
by Andrea Bolognani
We need libparted to be available at build time otherwise we
can't link against it; we don't, however, need the parted
command to be present until runtime and, just as is the case
for other commands, we already perform a lookup through the
virCommand API so making sure it's available at build time
is unnecessary.
This doesn't make any difference for platform such as Fedora
and CentOS, where both the library and the command are in the
same package, but others like Debian, Ubuntu and openSUSE
have separate packages for the two components and this change
means that we can install one less package at build time.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
Test pipeline: https://gitlab.com/abologna/libvirt/-/pipelines/437853370
meson.build | 8 --------
src/storage/storage_backend_disk.c | 2 ++
src/storage/storage_util.c | 2 ++
3 files changed, 4 insertions(+), 8 deletions(-)
diff --git a/meson.build b/meson.build
index 57561adf51..be51af1934 100644
--- a/meson.build
+++ b/meson.build
@@ -1043,14 +1043,6 @@ endif
libparted_version = '1.8.0'
libparted_dep = dependency('libparted', version: '>=' + libparted_version, required: false)
-if libparted_dep.found()
- parted_prog = find_program('parted', required: false, dirs: libvirt_sbin_path)
- if parted_prog.found()
- conf.set_quoted('PARTED', parted_prog.path())
- else
- libparted_dep = dependency('', required: false)
- endif
-endif
libpcap_version = '1.5.0'
if not get_option('libpcap').disabled()
diff --git a/src/storage/storage_backend_disk.c b/src/storage/storage_backend_disk.c
index 97554e2576..be8a535570 100644
--- a/src/storage/storage_backend_disk.c
+++ b/src/storage/storage_backend_disk.c
@@ -40,6 +40,8 @@ VIR_LOG_INIT("storage.storage_backend_disk");
#define SECTOR_SIZE 512
+#define PARTED "parted"
+
static bool
virStorageVolPartFindExtended(virStorageVolDef *def,
const void *opaque G_GNUC_UNUSED)
diff --git a/src/storage/storage_util.c b/src/storage/storage_util.c
index 03874d6ca3..728710153e 100644
--- a/src/storage/storage_util.c
+++ b/src/storage/storage_util.c
@@ -85,6 +85,8 @@ VIR_LOG_INIT("storage.storage_util");
# define S_IRWXUGO (S_IRWXU | S_IRWXG | S_IRWXO)
#endif
+#define PARTED "parted"
+
/* virStorageBackendNamespaceInit:
* @poolType: virStoragePoolType
* @xmlns: Storage Pool specific namespace callback methods
--
2.31.1
2 years, 10 months
how to change nic's tx/rx ring size inside vm
by longguang.yue
Hi, all:
my environment is qemu-kvm-6.0.0, 4.18.0-240, libvirt 7.4.0. vm is configured like this queues='4' rx_queue_size='1024' tx_queue_size='1024'.
inside vm i can not change nic's ring size.
changing tx leads to error 'Cannot set device ring parameters: Operation not supported'.
changing rx leads to error 'rx unmodified, ignoring. no ring parameters changed, aborting'
how to make it work and confirm what current value is?
thanks
2 years, 10 months
[libvirt PATCH] spec: Demote netcat to Recommends
by Andrea Bolognani
It is only needed if compatibility with clients using libvirt
6.9.0 is required, and can be uninstalled otherwise.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
libvirt.spec.in | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 7bd74da2c9..0180b4200c 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -402,8 +402,12 @@ Summary: Server side daemon and supporting files for libvirt library
# The client side, i.e. shared libs are in a subpackage
Requires: %{name}-libs = %{version}-%{release}
-# (client invokes 'nc' against the UNIX socket on the server)
-Requires: /usr/bin/nc
+# netcat is needed on the server side so that clients that have
+# libvirt < 6.9.0 can connect, but newer versions will prefer
+# virt-ssh-helper. Making this a Recommends means that it gets
+# installed by default, but can still be removed if compatibility
+# with old clients is not required
+Recommends: /usr/bin/nc
# for modprobe of pci devices
Requires: module-init-tools
--
2.31.1
2 years, 11 months
