[libvirt PATCH 00/17] Bump minimum dnsmasq version
by Ján Tomko
This bumps the minimum dnsmasq version to the point where we do not need
capability probing, reducing it to a version check (which I will be
happy to remove on request).
Unless I missed something, this also means we no longer need to spawn
radvd manually.
Note that DNSMASQ_CAPS_BINDTODEVICE was the indication of a downstream
mitigation of a CVE that should no longer be needed if we have
--bind-dynamic
Ján Tomko (17):
util: dnsmasqCapsSetFromBuffer: use error label
tests: do not test dnsmasq older than 2.67
util: dnsmasq: mandate at least version 2.67
network: assume DNSMASQ_DHCPv6_SUPPORT
network: assume DNSMASQ_RA_SUPPORT
util: remove DNSMASQ_RA_SUPPORT
network: assume DNSMASQ_CAPS_BIND_DYNAMIC
network: assume DNSMASQ_CAPS_RA_PARAM
util: dnsmasq: delete assumed capability flags
network: remove any code dealing with radvd
network: driver: remove unused radvdStateDir variable
conf: remove radvdPid from virNetworkObj
build: do not search for radvd binary
spec: do not require radvd
util: remove dnsmasqCapsGetVersion
util: dnsmasq: remove caps completely
network: remove unused 'driver' parameter
libvirt.spec.in | 2 -
meson.build | 1 -
src/conf/virnetworkobj.c | 16 -
src/conf/virnetworkobj.h | 7 -
src/libvirt_private.syms | 4 -
src/network/bridge_driver.c | 459 ++----------------
src/network/bridge_driver_platform.h | 1 -
src/util/virdnsmasq.c | 69 +--
src/util/virdnsmasq.h | 24 -
.../networkxml2confdata/isolated-network.conf | 5 +-
.../nat-network-dns-srv-record-minimal.conf | 10 +-
.../nat-network-dns-srv-record.conf | 2 +
.../nat-network-dns-txt-record.conf | 2 +
.../nat-network-name-with-quotes.conf | 10 +-
.../networkxml2confdata/netboot-network.conf | 4 +-
.../netboot-proxy-network.conf | 4 +-
tests/networkxml2conftest.c | 32 +-
17 files changed, 83 insertions(+), 569 deletions(-)
--
2.31.1
2 years, 11 months
[libvirt PATCH] Fix some typos
by Tim Wiederhake
Signed-off-by: Tim Wiederhake <twiederh(a)redhat.com>
---
docs/manpages/virsh.rst | 2 +-
src/qemu/qemu_domain.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
index 275f416090..265725d214 100644
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
@@ -3203,7 +3203,7 @@ host. By default only non-shared non-readonly images are transferred. Use
*--migrate-disks* to explicitly specify a list of disk targets to
transfer via the comma separated ``disk-list`` argument.
With *--copy-storage-synchronous-writes* flag used the disk data migration will
-synchronously handle guest disk writes to both the original soure and the
+synchronously handle guest disk writes to both the original source and the
destination to ensure that the disk migration converges at the price of possibly
decreased burst performance.
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index 5474d1dccc..6586411919 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -344,7 +344,7 @@ struct _qemuDomainChrSourcePrivate {
int fd; /* file descriptor of the chardev source */
int logfd; /* file descriptor of the logging source */
- bool wait; /* wait for incomming connections on chardev */
+ bool wait; /* wait for incoming connections on chardev */
char *tlsCertPath; /* path to certificates if TLS is requested */
bool tlsVerify; /* whether server should verify client certificates */
--
2.31.1
2 years, 11 months
[libvirt PATCH 0/2] qemu: Add support for return-path migration capability
by Jiri Denemark
See 2/2 for more details about the capability.
Jiri Denemark (2):
qemu: Support enabling migration caps unless a flag is used
qemu: Add support for return-path migration capability
src/qemu/qemu_migration_params.c | 39 ++++++++++++++++++++++++--------
src/qemu/qemu_migration_params.h | 1 +
2 files changed, 31 insertions(+), 9 deletions(-)
--
2.34.1
2 years, 11 months
[PATCH] rpm: don't start/stop -ro.socket units for virtlockd/virtlogd
by Daniel P. Berrangé
These daemons do not have any support for unprivileged readonly
access, so we must not reference -ro.socket units in scripts.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
libvirt.spec.in | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 97030be407..e672fcc3a5 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1279,14 +1279,18 @@ then \
fi \
%libvirt_daemon_finish_restart %1
+# For daemons with only UNIX sockets
%define libvirt_daemon_systemd_post() %systemd_post %1.socket %1-ro.socket %1-admin.socket %1.service
-
-%define libvirt_daemon_systemd_post_inet() %systemd_post %1.socket %1-ro.socket %1-admin.socket %1-tls.socket %1-tcp.socket %1.service
-
%define libvirt_daemon_systemd_preun() %systemd_preun %1.service %1-ro.socket %1-admin.socket %1.socket
+# For daemons with UNIX and INET sockets
+%define libvirt_daemon_systemd_post_inet() %systemd_post %1.socket %1-ro.socket %1-admin.socket %1-tls.socket %1-tcp.socket %1.service
%define libvirt_daemon_systemd_preun_inet() %systemd_preun %1.service %1-ro.socket %1-admin.socket %1-tls.socket %1-tcp.socket %1.socket
+# For daemons with only UNIX sockets and no unprivileged read-only access
+%define libvirt_daemon_systemd_post_priv() %systemd_post %1.socket %1-admin.socket %1.service
+%define libvirt_daemon_systemd_preun_priv() %systemd_preun %1.service %1-admin.socket %1.socket
+
%pre daemon
# 'libvirt' group is just to allow password-less polkit access to
# libvirtd. The uid number is irrelevant, so we use dynamic allocation
@@ -1296,8 +1300,8 @@ getent group libvirt >/dev/null || groupadd -r libvirt
exit 0
%post daemon
-%libvirt_daemon_systemd_post virtlogd
-%libvirt_daemon_systemd_post virtlockd
+%libvirt_daemon_systemd_post_priv virtlogd
+%libvirt_daemon_systemd_post_priv virtlockd
%if %{with_modular_daemons}
%libvirt_daemon_systemd_post_inet virtproxyd
%else
@@ -1313,8 +1317,8 @@ exit 0
%libvirt_daemon_systemd_preun_inet libvirtd
%libvirt_daemon_systemd_preun_inet virtproxyd
-%libvirt_daemon_systemd_preun virtlogd
-%libvirt_daemon_systemd_preun virtlockd
+%libvirt_daemon_systemd_preun_priv virtlogd
+%libvirt_daemon_systemd_preun_priv virtlockd
%postun daemon
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
--
2.33.1
2 years, 11 months
[PATCH] rpm: fix typo in daemon name in %post/%preun scripts
by Daniel P. Berrangé
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
libvirt.spec.in | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 32b4243d0a..97030be407 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1297,7 +1297,7 @@ exit 0
%post daemon
%libvirt_daemon_systemd_post virtlogd
-%libvirt_daemon_systemd_post virtlockdd
+%libvirt_daemon_systemd_post virtlockd
%if %{with_modular_daemons}
%libvirt_daemon_systemd_post_inet virtproxyd
%else
@@ -1314,7 +1314,7 @@ exit 0
%libvirt_daemon_systemd_preun_inet libvirtd
%libvirt_daemon_systemd_preun_inet virtproxyd
%libvirt_daemon_systemd_preun virtlogd
-%libvirt_daemon_systemd_preun virtlockdd
+%libvirt_daemon_systemd_preun virtlockd
%postun daemon
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
--
2.33.1
2 years, 11 months
[libvirt PATCH 00/10] Enable hyperv-passthrough
by Tim Wiederhake
This series enables "hv-passthrough" in libvirt.
See https://bugzilla.redhat.com/show_bug.cgi?id=1851249.
Example usage in VM definition:
<features>
<hyperv mode='passthrough'/>
</features>
Tim Wiederhake (10):
schema: Wrap hyperv element in choice and group
schema: Add optional "mode" attribute to hyperv
conf: domain: Define enum for HyperV mode
virDomainFeaturesHyperVDefParse: Read attribute "mode" of element
"hyperv"
virDomainDefFormatFeatures: Write attribute "mode" of element "hyperv"
docs: domain: Add documentation for "hyperv"'s new "mode" attribute
conf: domain: Add hyperv passthrough mode
schema: hyperv: Add mode "passthrough"
tests: Add tests for hyperv-passthrough
docs: domain: Add documentation for hyperv passthrough mode
docs/formatdomain.rst | 13 +-
docs/schemas/domaincommon.rng | 172 ++++++++++--------
src/conf/domain_conf.c | 23 ++-
src/conf/domain_conf.h | 8 +
src/qemu/qemu_command.c | 18 +-
src/qemu/qemu_validate.c | 2 +-
.../hyperv-passthrough.x86_64-6.1.0.args | 32 ++++
.../hyperv-passthrough.x86_64-latest.args | 32 ++++
tests/qemuxml2argvdata/hyperv-passthrough.xml | 27 +++
tests/qemuxml2argvtest.c | 2 +
tests/qemuxml2xmloutdata/hyperv-off.xml | 2 +-
.../qemuxml2xmloutdata/hyperv-passthrough.xml | 31 ++++
.../hyperv-stimer-direct.xml | 2 +-
tests/qemuxml2xmloutdata/hyperv.xml | 2 +-
tests/qemuxml2xmltest.c | 1 +
15 files changed, 277 insertions(+), 90 deletions(-)
create mode 100644 tests/qemuxml2argvdata/hyperv-passthrough.x86_64-6.1.0.args
create mode 100644 tests/qemuxml2argvdata/hyperv-passthrough.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/hyperv-passthrough.xml
create mode 100644 tests/qemuxml2xmloutdata/hyperv-passthrough.xml
--
2.31.1
2 years, 11 months
[libvirt PATCH 0/5] use g_auto for virCommand (Episode II.V: Goodbye, Galaxy!)
by Ján Tomko
Fear not, the end is near.
Ján Tomko (5):
docs: use g_auto in virCommand example
util: dnsmasq: refactor CapsRefresh
util: iscsi: use two vars in CreateIfaceIQN
util: refactor virNodeSuspendSetNodeWakeup
util: use g_auto in virNodeSuspendHelper
docs/internals/command.html.in | 12 +++--------
src/util/virdnsmasq.c | 37 +++++++++++++++-------------------
src/util/viriscsi.c | 34 +++++++++++++++----------------
src/util/virnodesuspend.c | 16 +++------------
4 files changed, 39 insertions(+), 60 deletions(-)
--
2.31.1
2 years, 11 months
[PATCH] libxl: Implement domainGetMessages API
by Jim Fehlig
Since commit 46783e6307a, the 'virsh dominfo' command calls
virDomainGetMessages to report any messages from the domain.
Hypervisors not implementing the API now get the following
log message when clients invoke 'virsh dominfo'
this function is not supported by the connection driver: virDomainGetMessages
Although libxl currently does not support any tainting or
deprecation messages, provide an implementation to squelch
the previously unseen error message when collecting dominfo.
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
---
src/libxl/libxl_driver.c | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c
index bc8598ea96..2d9385654c 100644
--- a/src/libxl/libxl_driver.c
+++ b/src/libxl/libxl_driver.c
@@ -6385,6 +6385,29 @@ libxlDomainGetMetadata(virDomainPtr dom,
return ret;
}
+static int
+libxlDomainGetMessages(virDomainPtr dom,
+ char ***msgs,
+ unsigned int flags)
+{
+ virDomainObj *vm = NULL;
+ int ret = -1;
+
+ virCheckFlags(0, -1);
+
+ if (!(vm = libxlDomObjFromDomain(dom)))
+ return -1;
+
+ if (virDomainGetMessagesEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
+ ret = virDomainObjGetMessages(vm, msgs, flags);
+
+ cleanup:
+ virDomainObjEndAPI(&vm);
+ return ret;
+}
+
static virHypervisorDriver libxlHypervisorDriver = {
.name = LIBXL_DRIVER_EXTERNAL_NAME,
.connectURIProbe = libxlConnectURIProbe,
@@ -6498,6 +6521,7 @@ static virHypervisorDriver libxlHypervisorDriver = {
.connectBaselineCPU = libxlConnectBaselineCPU, /* 2.3.0 */
.domainSetMetadata = libxlDomainSetMetadata, /* 5.7.0 */
.domainGetMetadata = libxlDomainGetMetadata, /* 5.7.0 */
+ .domainGetMessages = libxlDomainGetMessages, /* 8.0.0 */
};
--
2.34.1
2 years, 11 months
[libvirt PATCH v3 00/13] Improve AMD SEV support
by Daniel P. Berrangé
This addresses a few issues in the AMD SEV support
- Neither host or domain level SEV metadata is
exposed in virsh commands
- The domain launch security parameters don't expose
enough info to validate the measurement
- Support verified direct kernel boot
- Report max SEV/SEV-ES guest counts
The second point was the initial purpose of my work. Per the
SEV API guide to calculate the measurement we need
measurement = HMAC(0x04 || API_MAJOR || API_MINOR || BUILD ||
GCTX.POLICY || GCTX.LD || MNONCE; GCTX.TIK)
The API_MINOR, API_MAJOR, BUILD values are things that are
available from 'query-sev' QMP command and libvirt does
not expose this info. This patch series adds them to
virDomainGetLaunchSecurityParams alongside the measurement
that we already report.
So now the client can fetch this info and calculate an expected
measurement to compare with the actual measurement they got.
They will thus know if the guest is safe to inject secrets into,
which is where Jim's recent patches come into play.
In v3:
- Refactor CPUID code so and mock it in test suite
Daniel P. Berrangé (13):
include: add new launch security parameters
qemu: report error querying launch params for inactive guest
qemu: add monitor APIs for query-sev
qemu: report new launch security parameters
tools: add 'domlaunchsecinfo' virsh command
tools: add 'nodesevinfo' virsh command
conf: extend domain capabilities for max SEV guest count
include: define parameters for reporting SEV guest limits
util: pull CPUID helper function out of CPU driver
qemu: report max number of SEV guests
conf: add support for setting SEV kernel hashes
qemu: probe for sev-guest.kernel-hashes property
qemu: format sev-guest.kernel-hashes property
docs/formatdomain.rst | 7 +-
docs/formatdomaincaps.html.in | 6 +
docs/manpages/virsh.rst | 31 +++++
docs/schemas/domaincaps.rng | 6 +
docs/schemas/domaincommon.rng | 5 +
include/libvirt/libvirt-domain.h | 32 +++++
include/libvirt/libvirt-host.h | 16 +++
src/conf/domain_capabilities.c | 4 +
src/conf/domain_capabilities.h | 2 +
src/conf/domain_conf.c | 8 ++
src/conf/domain_conf.h | 1 +
src/cpu/cpu_x86.c | 34 +-----
src/libvirt_private.syms | 1 +
src/qemu/qemu_capabilities.c | 47 ++++++++
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_command.c | 1 +
src/qemu/qemu_driver.c | 59 ++++++++--
src/qemu/qemu_monitor.c | 13 +++
src/qemu/qemu_monitor.h | 9 ++
src/qemu/qemu_monitor_json.c | 46 ++++++++
src/qemu/qemu_monitor_json.h | 9 ++
src/qemu/qemu_validate.c | 7 ++
src/util/virhostcpu.c | 58 ++++++++++
src/util/virhostcpu.h | 7 ++
.../domaincapsdata/qemu_2.12.0-q35.x86_64.xml | 2 +
.../domaincapsdata/qemu_2.12.0-tcg.x86_64.xml | 2 +
tests/domaincapsdata/qemu_2.12.0.x86_64.xml | 2 +
.../domaincapsdata/qemu_6.0.0-q35.x86_64.xml | 2 +
.../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml | 2 +
tests/domaincapsdata/qemu_6.0.0.x86_64.xml | 2 +
.../domaincapsdata/qemu_6.2.0-q35.x86_64.xml | 7 +-
.../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml | 7 +-
tests/domaincapsdata/qemu_6.2.0.x86_64.xml | 7 +-
.../caps_2.12.0.x86_64.replies | 97 ++++++++++++----
.../caps_3.0.0.x86_64.replies | 97 ++++++++++++----
.../caps_3.1.0.x86_64.replies | 97 ++++++++++++----
.../caps_4.0.0.x86_64.replies | 97 ++++++++++++----
.../caps_4.1.0.x86_64.replies | 89 ++++++++++----
.../caps_4.2.0.x86_64.replies | 89 ++++++++++----
.../caps_5.0.0.x86_64.replies | 89 ++++++++++----
.../caps_5.1.0.x86_64.replies | 89 ++++++++++----
.../caps_5.2.0.x86_64.replies | 89 ++++++++++----
.../caps_6.0.0.x86_64.replies | 89 ++++++++++----
.../caps_6.1.0.x86_64.replies | 89 ++++++++++----
.../caps_6.2.0.x86_64.replies | 109 ++++++++++++++----
.../caps_6.2.0.x86_64.xml | 8 ++
tests/qemumonitorjsontest.c | 43 +++++++
...unch-security-sev-direct.x86_64-6.2.0.args | 40 +++++++
.../launch-security-sev-direct.xml | 39 +++++++
tests/qemuxml2argvtest.c | 1 +
tests/testutilsqemu.c | 21 ++++
tools/virsh-domain.c | 53 +++++++++
tools/virsh-host.c | 45 ++++++++
53 files changed, 1514 insertions(+), 299 deletions(-)
create mode 100644 tests/qemuxml2argvdata/launch-security-sev-direct.x86_64-6.2.0.args
create mode 100644 tests/qemuxml2argvdata/launch-security-sev-direct.xml
--
2.33.1
2 years, 11 months
[PATCH v7 0/2] Dirty Ring support (Libvirt)
by huangy81@chinatelecom.cn
From: "Hyman Huang(黄勇)" <huangy81(a)chinatelecom.cn>
v7
- rebase on master
- modify the following points according to the advice given by Peter
1. skip the -accel switch and reuse the existing commit d20ebdda2
'qemu: Switch to -accel'
2. remove the post-parse function and do the parse work in
virDomainFeaturesKVMDefParse once for all
3. throw an error if "size" not specified when kvm-dirty-ring
feature enabled in xml
4. fix the memory leak when parsing xml
5. use macro VIR_ROUND_UP_POWER_OF_TWO to check power-of-two
6. put error messages in one line
7. squash the last 2 commit into 1
8. add test for kvm-dirty-ring feature
Thanks for the careful reviews made by Peter.
Please review, Thanks!
Hyman
Ping for this series.
I still keep thinking the dirty ring feature is something good to
have for libvirt.
qemu-6.1 has supported dirty ring feature and followed up with the
commit 0e21bf24 "support dirtyrate at the granualrity of vcpu",
which is a typical usage scenario of dirty ring. another usage
scenario may be the implementation of per-vcpu auto-converge during
live migration which is already being reviewed. so we can make full
use of dirty ring feature if libvirt supports. and any corrections
and comments about this series would be very appreciated.
Please review, Thanks!
Hyman
v6
- rebase on master
v5,v4: blank, just make v6 be the the latest version.
v3
- rebase master and fix the confilict when apply
"conf: introduce dirty_ring_size in struct "_virDomainDef" to current
master.
v2
- split patchset into 4 patches
- leave out the tcg case when building commandline.
- handle the VIR_DOMAIN_KVM_DIRTY_RING case independently in ,
virDomainFeatureDefParse and virDomainDefFeaturesCheckABIStability,
do not integrate it with other cases...
- add dirty ring size check in virDomainDefFeaturesCheckABIStability
- modify zero checks on integers of dirty ring size in a explicit way.
- set the default value of dirty ring size in a post-parser callback.
- check the absence of kvm_feature in a explicit way.
- code clean of virTristateSwitchTypeToString function.
this version's modification base on Peter's advices mostly, thanks
a lot, please review !
v1
since qemu has introduced a dirty ring feature in 6.1.0, may be it's
the right time to introduce dirty ring in libvirt meanwhile.
this patch add feature named 'dirty-ring', which enable dirty ring
feature when starting vm. to try this out, three things has done
in this patchset:
- introduce QEMU_CAPS_ACCEL so the the libvirt can use it to select
the right option when specifying the accelerator type.
- switch the option "-machine accel=xxx" to "-accel xxx" when specifying
accelerator type once libvirt build QEMU command line, so that
dirty-ring-size property can be passed to qemu when start vm.
- introduce dirty_ring_size to hold the ring size configured by user
and pass dirty_ring_size when building qemu commandline if dirty
ring feature enabled.
though dirty ring is per-cpu logically, the size of dirty ring is
registered by 'struct kvm' in QEMU. so we would like to place the
dirty_ring_size as a property of vm in Libvirt as the QEMU do.
the dirty ring feature is disabled by default, and if enabled, the
default value of ring size if 4096 if size not configured.
for more details about dirty ring and "-accel" option, please refer to:
https://lore.kernel.org/qemu-devel/20210108165050.406906-10-peterx@redhat...
https://lore.kernel.org/qemu-devel/3aa73987-40e8-3619-0723-9f17f73850bd@r...
please review, Thanks!
Best Regards !
Hyman Huang(黄勇) (2):
qemu: support dirty ring feature
tests: add test for kvm-dirty-ring feature
docs/formatdomain.rst | 18 ++++---
docs/schemas/domaincommon.rng | 10 ++++
src/conf/domain_conf.c | 54 +++++++++++++++++++
src/conf/domain_conf.h | 4 ++
src/qemu/qemu_command.c | 12 +++++
tests/qemuxml2argvdata/kvm-features-off.xml | 1 +
tests/qemuxml2argvdata/kvm-features.args | 2 +-
tests/qemuxml2argvdata/kvm-features.xml | 1 +
tests/qemuxml2xmloutdata/kvm-features-off.xml | 1 +
tests/qemuxml2xmloutdata/kvm-features.xml | 1 +
10 files changed, 95 insertions(+), 9 deletions(-)
--
2.27.0
2 years, 11 months
