June 2021 - Devel - libvirt List Archives

set custom loglevel for external libraries
by Olaf Hering 11 Oct '21

11 Oct '21

In src/libxl/libxl_conf.c:libxlDriverConfigInit, virLogGetDefaultPriority is used to specify the (private) loglevel of an external library. This value could be controlled via "log_level=N" in libvirtd.conf. But doing it that way will affect libvirtd itself, instead of libxenlight.so as intended. There might be ways to suppress everything but libxl output via "log_filters=", but it is not clear what the syntax would be. I wonder what the preferred way is to specify the desired loglevel for the external library. It seems a separate configuration setting is required so that each value of XTL_* from xentoollog.h can be specified. Olaf

3 11

[PATCH v2 0/3] qapi & doc: deprecate drive-backup
by Vladimir Sementsov-Ogievskiy 15 Sep '21

15 Sep '21

Hi all! See 03 commit message for details. 01-02 are preparation docs update. v2: add a lot of documentation changes v1 was "[PATCH] qapi: deprecate drive-backup" Supersedes: <20210423125900.3640-1-vsementsov(a)virtuozzo.com> Vladimir Sementsov-Ogievskiy (3): docs/block-replication: use blockdev-backup docs/interop/bitmaps: use blockdev-backup qapi: deprecate drive-backup docs/block-replication.txt | 4 +- docs/interop/bitmaps.rst | 285 +++++++++++++++++++------ docs/interop/live-block-operations.rst | 47 ++-- docs/system/deprecated.rst | 11 + qapi/block-core.json | 5 +- 5 files changed, 263 insertions(+), 89 deletions(-) -- 2.29.2

4 17

[PATCH v4 for v7.6.0 00/14] Introduce virtio-mem <memory/> model
by Michal Privoznik 13 Sep '21

13 Sep '21

v4 of: https://listman.redhat.com/archives/libvir-list/2021-April/msg01138.html diff to v3: - Rebased code on the top of master - Tried to work in all Peter's review suggestions - Fixed a bug where adjusting <requested/> was viewed as hotplug of new <memory/> by XML validator and thus if <maxMemory/> was close enough to <currentMemory/> the validator reported an error (this was reported by David). You can also find these patches on my branch: https://gitlab.com/MichalPrivoznik/libvirt/-/tree/virtio_mem_v4 Michal Prívozník (14): virhostmem: Introduce virHostMemGetTHPSize() qemu_capabilities: Introduce QEMU_CAPS_DEVICE_VIRTIO_MEM_PCI conf: Introduce virtio-mem <memory/> model qemu: Build command line for virtio-mem qemu: Wire up <memory/> live update Introduce <actual/> property to virtio-mem conf: Introduce virDomainMemoryFindByDeviceAlias() qemu: Wire up MEMORY_DEVICE_SIZE_CHANGE event qemu: Refresh the actual size of virtio-mem on monitor reconnect qemu: Account for both memballoon and virtio-mem qemuDomainSetMemoryFlags: Take virtio-mem into consideration virsh: Introduce update-memory-device command news: document recent virtio memory addition kbase: Document virtio-mem NEWS.rst | 12 + docs/formatdomain.rst | 45 +++- docs/kbase/index.rst | 4 + docs/kbase/memorydevices.rst | 150 +++++++++++ docs/kbase/meson.build | 1 + docs/manpages/virsh.rst | 30 +++ docs/schemas/domaincommon.rng | 16 ++ examples/c/misc/event-test.c | 17 ++ include/libvirt/libvirt-domain.h | 23 ++ src/conf/domain_conf.c | 118 ++++++++- src/conf/domain_conf.h | 15 ++ src/conf/domain_event.c | 84 ++++++ src/conf/domain_event.h | 10 + src/conf/domain_validate.c | 39 +++ src/libvirt_private.syms | 5 + src/qemu/qemu_alias.c | 10 +- src/qemu/qemu_capabilities.c | 2 + src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_command.c | 13 +- src/qemu/qemu_domain.c | 33 ++- src/qemu/qemu_domain.h | 1 + src/qemu/qemu_domain_address.c | 38 ++- src/qemu/qemu_driver.c | 240 +++++++++++++++++- src/qemu/qemu_hotplug.c | 18 ++ src/qemu/qemu_hotplug.h | 5 + src/qemu/qemu_monitor.c | 37 +++ src/qemu/qemu_monitor.h | 28 ++ src/qemu/qemu_monitor_json.c | 97 +++++-- src/qemu/qemu_monitor_json.h | 5 + src/qemu/qemu_process.c | 72 ++++++ src/qemu/qemu_validate.c | 8 + src/remote/remote_daemon_dispatch.c | 30 +++ src/remote/remote_driver.c | 32 +++ src/remote/remote_protocol.x | 14 +- src/remote_protocol-structs | 7 + src/security/security_apparmor.c | 1 + src/security/security_dac.c | 2 + src/security/security_selinux.c | 2 + src/util/virhostmem.c | 54 ++++ src/util/virhostmem.h | 3 + tests/domaincapsmock.c | 9 + .../caps_5.1.0.x86_64.xml | 1 + .../caps_5.2.0.x86_64.xml | 1 + .../caps_6.0.0.x86_64.xml | 1 + .../caps_6.1.0.x86_64.xml | 1 + ...mory-hotplug-virtio-mem.x86_64-latest.args | 41 +++ .../memory-hotplug-virtio-mem.xml | 67 +++++ tests/qemuxml2argvtest.c | 1 + ...emory-hotplug-virtio-mem.x86_64-latest.xml | 1 + tests/qemuxml2xmltest.c | 1 + tools/virsh-domain.c | 169 ++++++++++++ 51 files changed, 1562 insertions(+), 53 deletions(-) create mode 100644 docs/kbase/memorydevices.rst create mode 100644 tests/qemuxml2argvdata/memory-hotplug-virtio-mem.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/memory-hotplug-virtio-mem.xml create mode 120000 tests/qemuxml2xmloutdata/memory-hotplug-virtio-mem.x86_64-latest.xml -- 2.31.1

4 21

[PATCH v3 0/4] Dirty Ring support (Libvirt)
by huangy81＠chinatelecom.cn 29 Aug '21

29 Aug '21

From: Hyman Huang(黄勇) <huangy81(a)chinatelecom.cn> v3 - rebase master and fix the confilict when apply "conf: introduce dirty_ring_size in struct "_virDomainDef" to current master. v2 - split patchset into 4 patches - leave out the tcg case when building commandline. - handle the VIR_DOMAIN_KVM_DIRTY_RING case independently in , virDomainFeatureDefParse and virDomainDefFeaturesCheckABIStability, do not integrate it with other cases... - add dirty ring size check in virDomainDefFeaturesCheckABIStability - modify zero checks on integers of dirty ring size in a explicit way. - set the default value of dirty ring size in a post-parser callback. - check the absence of kvm_feature in a explicit way. - code clean of virTristateSwitchTypeToString function. this version's modification base on Peter's advices mostly, thanks a lot, please review ! Best Regards ! Hyman Huang(黄勇) v1 since qemu has introduced a dirty ring feature in 6.1.0, may be it's the right time to introduce dirty ring in libvirt meanwhile. this patch add feature named 'dirty-ring', which enable dirty ring feature when starting vm. to try this out, three things has done in this patchset: - introduce QEMU_CAPS_ACCEL so the the libvirt can use it to select the right option when specifying the accelerator type. - switch the option "-machine accel=xxx" to "-accel xxx" when specifying accelerator type once libvirt build QEMU command line, so that dirty-ring-size property can be passed to qemu when start vm. - introduce dirty_ring_size to hold the ring size configured by user and pass dirty_ring_size when building qemu commandline if dirty ring feature enabled. though dirty ring is per-cpu logically, the size of dirty ring is registered by 'struct kvm' in QEMU. so we would like to place the dirty_ring_size as a property of vm in Libvirt as the QEMU do. the dirty ring feature is disabled by default, and if enabled, the default value of ring size if 4096 if size not configured. for more details about dirty ring and "-accel" option, please refer to: https://lore.kernel.org/qemu-devel/20210108165050.406906-10-peterx@redhat.c… https://lore.kernel.org/qemu-devel/3aa73987-40e8-3619-0723-9f17f73850bd@red… please review, Thanks! Best Regards ! Hyman Huang(黄勇) (4): qemu_capabilities: introduce QEMU_CAPS_ACCEL qemu_command: switch accelerator option to new style conf: introduce dirty_ring_size in struct "_virDomainDef" qemu: support dirty ring feature docs/formatdomain.rst | 16 +++-- docs/schemas/domaincommon.rng | 10 +++ src/conf/domain_conf.c | 74 +++++++++++++++++++++- src/conf/domain_conf.h | 4 ++ src/qemu/qemu_capabilities.c | 2 + src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_command.c | 40 +++++++++++- tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml | 1 + tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_3.0.0.riscv32.xml | 1 + tests/qemucapabilitiesdata/caps_3.0.0.riscv64.xml | 1 + tests/qemucapabilitiesdata/caps_3.0.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_3.1.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_4.0.0.aarch64.xml | 1 + tests/qemucapabilitiesdata/caps_4.0.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_4.0.0.riscv32.xml | 1 + tests/qemucapabilitiesdata/caps_4.0.0.riscv64.xml | 1 + tests/qemucapabilitiesdata/caps_4.0.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_4.0.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_4.1.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml | 1 + tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml | 1 + tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml | 1 + tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_5.1.0.sparc.xml | 1 + tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_5.2.0.aarch64.xml | 1 + tests/qemucapabilitiesdata/caps_5.2.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_5.2.0.riscv64.xml | 1 + tests/qemucapabilitiesdata/caps_5.2.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_5.2.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_6.0.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_6.0.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml | 1 + ...64-default-cpu-kvm-virt-4.2.aarch64-latest.args | 3 +- .../aarch64-features-sve.aarch64-latest.args | 3 +- .../channel-unix-guestfwd.x86_64-latest.args | 3 +- .../clock-timer-armvtimer.aarch64-latest.args | 3 +- .../console-virtio-unix.x86_64-latest.args | 3 +- .../cpu-Icelake-Server-pconfig.x86_64-3.1.0.args | 3 +- .../cpu-Icelake-Server-pconfig.x86_64-latest.args | 3 +- .../cpu-tsc-frequency.x86_64-4.0.0.args | 3 +- .../cpu-tsc-high-frequency.x86_64-latest.args | 3 +- .../default-video-type-aarch64.aarch64-latest.args | 3 +- .../default-video-type-ppc64.ppc64-latest.args | 3 +- .../default-video-type-s390x.s390x-latest.args | 3 +- .../disk-cdrom-network.x86_64-2.12.0.args | 3 +- .../disk-cdrom-network.x86_64-latest.args | 3 +- .../disk-network-http.x86_64-latest.args | 3 +- .../hugepages-memaccess3.x86_64-latest.args | 3 +- .../intel-iommu-aw-bits.x86_64-latest.args | 3 +- .../intel-iommu-caching-mode.x86_64-latest.args | 3 +- .../intel-iommu-device-iotlb.x86_64-latest.args | 3 +- .../intel-iommu-eim.x86_64-latest.args | 3 +- ...ty-sev-missing-platform-info.x86_64-2.12.0.args | 3 +- .../launch-security-sev.x86_64-2.12.0.args | 3 +- .../launch-security-sev.x86_64-6.0.0.args | 3 +- ...emfd-memory-default-hugepage.x86_64-latest.args | 3 +- .../memfd-memory-numa.x86_64-latest.args | 3 +- .../memory-hotplug-virtio-pmem.x86_64-5.2.0.args | 3 +- .../memory-hotplug-virtio-pmem.x86_64-latest.args | 3 +- .../os-firmware-bios.x86_64-latest.args | 3 +- ...irmware-efi-no-enrolled-keys.x86_64-latest.args | 3 +- .../os-firmware-efi-secboot.x86_64-latest.args | 3 +- .../os-firmware-efi.x86_64-latest.args | 3 +- .../parallel-unix-chardev.x86_64-latest.args | 3 +- ...4-default-cpu-kvm-pseries-2.7.ppc64-latest.args | 3 +- ...4-default-cpu-kvm-pseries-3.1.ppc64-latest.args | 3 +- ...4-default-cpu-kvm-pseries-4.2.ppc64-latest.args | 3 +- ...efault-cpu-kvm-ccw-virtio-2.7.s390x-latest.args | 3 +- ...efault-cpu-kvm-ccw-virtio-4.2.s390x-latest.args | 3 +- .../smartcard-passthrough-unix.x86_64-latest.args | 3 +- .../usb-redir-unix.x86_64-latest.args | 3 +- .../vhost-user-fs-fd-memory.x86_64-latest.args | 3 +- .../virtio-rng-builtin.x86_64-5.2.0.args | 3 +- .../virtio-rng-builtin.x86_64-latest.args | 3 +- .../virtio-rng-egd-unix.x86_64-5.2.0.args | 3 +- .../virtio-rng-egd-unix.x86_64-latest.args | 3 +- ...86_64-default-cpu-kvm-pc-4.2.x86_64-latest.args | 3 +- ...6_64-default-cpu-kvm-q35-4.2.x86_64-latest.args | 3 +- 91 files changed, 268 insertions(+), 55 deletions(-) -- 1.8.3.1

2 5

[libvirt PATCH 0/4] RFC: tests: introduce lavocado
by Beraldo Leal 27 Jul '21

27 Jul '21

lavocado aims to be an alternative test framework for the libvirt project using Python, python-libvirt and Avocado. This can be used to write unit, functional and integration tests and it is inspired by the libvirt-tck framework. This series introduces the basic framework along with some basic test examples that I got from libvirt-tck. I would appreciate your comments on this RFC, to see if this fits this project's needs. Also, names and locations are just a proposal and can be changed. For now, this framework assumes that you are going to run the tests in a fresh clean environment, i.e. a VM. If you decide to use your local system, beware that execution of the tests may affect your system. One of the future goals of this framework is to utilize nested virtualization technologies and hence make sure an L1 guest is provisioned automatically for the tests to be executed in this environment and not tamper with your main system. I'm adding more information with some details inside the README file. Beraldo Leal (4): tests: introduce lavocado: initial code structure tests.lavocado: adding basic transient domain tests tests.lavocado: adding a .gitignore tests.lavocado: adding a README and Makefile for convenience tests/lavocado/.gitignore | 3 + tests/lavocado/Makefile | 2 + tests/lavocado/README.md | 124 +++++++++++++++++ tests/lavocado/lavocado/__init__.py | 0 tests/lavocado/lavocado/defaults.py | 11 ++ tests/lavocado/lavocado/exceptions.py | 20 +++ tests/lavocado/lavocado/helpers/__init__.py | 0 tests/lavocado/lavocado/helpers/domains.py | 75 ++++++++++ tests/lavocado/lavocado/test.py | 144 ++++++++++++++++++++ tests/lavocado/requirements.txt | 3 + tests/lavocado/templates/domain.xml.jinja | 20 +++ tests/lavocado/tests/domain/transient.py | 102 ++++++++++++++ 12 files changed, 504 insertions(+) create mode 100644 tests/lavocado/.gitignore create mode 100644 tests/lavocado/Makefile create mode 100644 tests/lavocado/README.md create mode 100644 tests/lavocado/lavocado/__init__.py create mode 100644 tests/lavocado/lavocado/defaults.py create mode 100644 tests/lavocado/lavocado/exceptions.py create mode 100644 tests/lavocado/lavocado/helpers/__init__.py create mode 100644 tests/lavocado/lavocado/helpers/domains.py create mode 100644 tests/lavocado/lavocado/test.py create mode 100644 tests/lavocado/requirements.txt create mode 100644 tests/lavocado/templates/domain.xml.jinja create mode 100644 tests/lavocado/tests/domain/transient.py -- 2.26.3

4 25

[PATCH V3 0/2] Apparmor: Add profiles for hypervisor daemons
by Jim Fehlig 14 Jul '21

14 Jul '21

V2: https://listman.redhat.com/archives/libvir-list/2021-June/msg00676.html V1: https://listman.redhat.com/archives/libvir-list/2021-June/msg00456.html Changes since V2: Patches 3 and 4 ACKed and pushed since they are bug fixes independent of modular vs monolithic daemons. The qemu_bridge_helper subprofile in patch 1 was adjusted for communication with virtqemud instead of libvirtd. After snooping through git history, I found a few capabilities explicitly added for xen that have been added back to the virtxend profile. Note: The profile for virtlxcd will have to wait until the following issue is fixed https://gitlab.com/libvirt/libvirt/-/issues/181 Jim Fehlig (2): Apparmor: Add profile for virtqemud Apparmor: Add profile for virtxend src/security/apparmor/libvirt-qemu | 3 + src/security/apparmor/meson.build | 2 + src/security/apparmor/usr.sbin.virtqemud.in | 134 ++++++++++++++++++++ src/security/apparmor/usr.sbin.virtxend.in | 55 ++++++++ 4 files changed, 194 insertions(+) create mode 100644 src/security/apparmor/usr.sbin.virtqemud.in create mode 100644 src/security/apparmor/usr.sbin.virtxend.in -- 2.31.1

4 7

[PATCH 00/10] ch: Add Console support
by William Douglas 12 Jul '21

12 Jul '21

This series enables console support in the cloud-hypervisor driver. Cloud-hypervisor only supports a single console or serial device at a time, hence the checks to ensure the domain configuration is only passing one or the other. I wasn't sure if the controller device should have some additonal validation handling so I just did the minimal to get the console open functioning. William Douglas (10): ch_monitor: Make unused function static ch_monitor: Update virCHMonitorGet to handle accept a response ch_monitor: Use virCHMonitorGet to access cloud-hypervisor API ch_monitor: Add pty json builder function ch_monitor: Make use of the PTY json builder ch_process: Handle enabled console devices ch_process: Update the domain with console path information ch_domain: Allow controller and chr devices ch_driver: Add handler for console API ch_driver: Turn on the domainOpenConsole API src/ch/ch_domain.c | 4 +- src/ch/ch_driver.c | 78 +++++++++++++++++++++++++++++ src/ch/ch_monitor.c | 117 ++++++++++++++++++++++++++++++++++++++++++-- src/ch/ch_monitor.h | 3 ++ src/ch/ch_process.c | 67 +++++++++++++++++++++++++ 5 files changed, 263 insertions(+), 6 deletions(-) -- 2.31.1

3 18

[PATCH v3 0/3] Implement virDomainGetMessages for test driver
by Luke Yue 12 Jul '21

12 Jul '21

v3: - Squash tests commit - Extract the same code in test driver and qemu driver to a function Luke Yue (3): test_driver: Implement virDomainGetMessages test_driver: Introduce testDomainObjCheckTaint conf: domain: Introduce and use virDomainObjGetMessages() src/conf/domain_conf.c | 53 +++++++++++++++++++++++++++ src/conf/domain_conf.h | 5 +++ src/libvirt_private.syms | 1 + src/qemu/qemu_driver.c | 34 +----------------- src/test/test_driver.c | 78 ++++++++++++++++++++++++++++++++++++++++ tests/virshtest.c | 2 ++ 6 files changed, 140 insertions(+), 33 deletions(-) -- 2.32.0

2 8

[PATCH] lib: Specify domain redefinition requirements
by Roman Bolshakov 09 Jul '21

09 Jul '21

There might be misunderstanding [1] when libvirt permits domain redefinition and if it's a valid case at all. 1. https://github.com/ansible-collections/community.libvirt/blob/b973d7c4b4058… Signed-off-by: Roman Bolshakov <r.bolshakov(a)yadro.com> --- src/libvirt-domain.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c index 750e32f0ca..e48f3cdb02 100644 --- a/src/libvirt-domain.c +++ b/src/libvirt-domain.c @@ -6290,8 +6290,8 @@ virDomainGetBlockInfo(virDomainPtr domain, const char *disk, * * Define a domain, but does not start it. * This definition is persistent, until explicitly undefined with - * virDomainUndefine(). A previous definition for this domain would be - * overridden if it already exists. + * virDomainUndefine(). A previous definition for this domain with the same + * UUID and name would be overridden if it already exists. * * virDomainFree should be used to free the resources after the * domain object is no longer needed. @@ -6333,8 +6333,8 @@ virDomainDefineXML(virConnectPtr conn, const char *xml) * * Defines a domain, but does not start it. * This definition is persistent, until explicitly undefined with - * virDomainUndefine(). A previous definition for this domain would be - * overridden if it already exists. + * virDomainUndefine(). A previous definition for this domain with the same + * UUID and name would be overridden if it already exists. * * virDomainFree should be used to free the resources after the * domain object is no longer needed. -- 2.32.0

2 1

Add SELinux policy for Virt
by Nikola Knazekova 08 Jul '21

08 Jul '21

Hi, I created SELinux policy for Libvirt drivers, as part of Decentralized SELinux Policy (DSP) project. DSP guidelines is available: https://fedoraproject.org/wiki/SELinux/IndependentPolicy Discussion about the first version of SELinux policy for Libvirt is available on gitlab: https://gitlab.com/libvirt/libvirt/-/merge_requests/65 SELinux policy was created for: Hypervisor drivers: - virtqemud (QEMU/KVM) - virtlxcd (LXC) - virtvboxd (VirtualBox) Secondary drivers: - virtstoraged (host storage mgmt) - virtnetworkd (virtual network mgmt) - virtinterface (network interface mgmt) - virtnodedevd (physical device mgmt) - virtsecretd (security credential mgmt) - virtnwfilterd (ip[6]tables/ebtables mgmt) - virtproxyd (proxy daemon) SELinux policy for virtvxz and virtxend has not been created yet, because I wasn't able to reproduce AVC messages. These drivers run in unconfined_domain until the AVC messages are reproduced internally and policy for these drivers is made. Can you please look at it? Thanks Nikola

5 45