June 2021 - Devel - Libvirt List Archives

[PATCH V2 0/4] Apparmor: Add profiles for hypervisor daemons

by Jim Fehlig

and other improvements. V2 of https://listman.redhat.com/archives/libvir-list/2021-June/msg00456.html Changes since V1: Removed many unneeded capabilities. I used the 'audit' qualifier as suggested by cboltz to verify which capabilities were actually used. It's a difficult task though, as it is nearly impossible for one person to exercise a driver in all the ways thousands of users will push it :-). I was able to whittle the virtxend profile quite a bit since xen doesn't need a lot in the way of host capabilities. Removed patch containing the virtlxcd profile since I'm unable to start any lxc domains with virtlxcd. Added patches to squelch denial messages from the virt-aa-helper profile. Jim Fehlig (4): Apparmor: Add profile for virtqemud Apparmor: Add profile for virtxend Apparmor: Allow reading libnl's classid file Apparmor: Allow reading /etc/ssl/openssl.cnf src/security/apparmor/libvirt-qemu | 5 + src/security/apparmor/meson.build | 2 + .../usr.lib.libvirt.virt-aa-helper.in | 4 +- src/security/apparmor/usr.sbin.virtqemud.in | 135 ++++++++++++++++++ src/security/apparmor/usr.sbin.virtxend.in | 53 +++++++ 5 files changed, 198 insertions(+), 1 deletion(-) create mode 100644 src/security/apparmor/usr.sbin.virtqemud.in create mode 100644 src/security/apparmor/usr.sbin.virtxend.in -- 2.31.1

3 years, 5 months

4
12
0 / 0

[PATCH] tests: qemucapabilities: Bump test data for qemu-6.1 on x86_64

by Peter Krempa

Update the caps data for the upcoming qemu version. Notable changes are: - 'query-sev-attestation-report' command added - 'sample-pages' members for dirty rate calculation added - 'qtest' device added - 'share' member added to query-memdev and 'reserve' members added to query-memdev/memory-backend-[file,memfd,ram] - 'qemu-vdagent' chardev added - 'mptcp' toggle added to inet servers - 'zstd' compression for qcow2 - new cpu models: - "Snowridge-v3" - "Skylake-Server-v5" - "Skylake-Client-v4" - "Icelake-Server-v5" - "Icelake-Client-v3" - "Dhyana-v2" - "Denverton-v3" - "Cooperlake-v2" - "Cascadelake-Server-v5" - 'avx-vnni' added to some existing cpu models - 'model-id' is now being reported as the host cpu again rather than QEMU TCG as I've noted in previous bump Signed-off-by: Peter Krempa <pkrempa(a)redhat.com> --- .../caps_6.1.0.x86_64.replies | 3663 ++++++++++------- .../caps_6.1.0.x86_64.xml | 366 +- 2 files changed, 2525 insertions(+), 1504 deletions(-) diff --git a/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.replies b/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.replies index 9291840bd2..2217e1331c 100644 --- a/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.replies +++ b/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.replies @@ -21,7 +21,7 @@ "minor": 0, "major": 6 }, - "package": "v6.0.0-540-g6005ee07c3" + "package": "v6.0.0-1820-g0add99ea3e" }, "id": "libvirt-2" } [...] Trimmed for brevity. Full version: https://gitlab.com/pipo.sk/libvirt/-/commit/9fd3bc550ff91d6340d1c0316b46f... diff --git a/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml index 1937b88a4d..f173daf788 100644 --- a/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml @@ -263,7 +263,7 @@ <version>6000050</version> <kvmVersion>0</kvmVersion> <microcodeVersion>43100243</microcodeVersion> - <package>v6.0.0-540-g6005ee07c3</package> + <package>v6.0.0-1820-g0add99ea3e</package> <arch>x86_64</arch> <hostCPU type='kvm' model='base' migratability='yes'> <property name='vmx-entry-load-rtit-ctl' type='boolean' value='false'/> @@ -297,7 +297,7 @@ <property name='vmx-exit-load-efer' type='boolean' value='false'/> <property name='vmx-exit-clear-bndcfgs' type='boolean' value='false'/> <property name='sse4.1' type='boolean' value='true' migratable='yes'/> - <property name='family' type='number' value='6'/> + <property name='family' type='number' value='23'/> <property name='intel-pt-lip' type='boolean' value='false'/> <property name='vmx-vmwrite-vmexit-fields' type='boolean' value='false'/> <property name='kvm-asyncpf-int' type='boolean' value='true' migratable='yes'/> @@ -314,7 +314,7 @@ <property name='xcrypt' type='boolean' value='false'/> <property name='vmx-exit-load-pat' type='boolean' value='false'/> <property name='vmx-intr-exit' type='boolean' value='false'/> - <property name='min-level' type='number' value='13'/> + <property name='min-level' type='number' value='16'/> <property name='vmx-flexpriority' type='boolean' value='false'/> <property name='xgetbv1' type='boolean' value='true' migratable='yes'/> <property name='cid' type='boolean' value='false'/> @@ -359,6 +359,7 @@ <property name='avx512-4fmaps' type='boolean' value='false'/> <property name='vmcb-clean' type='boolean' value='false'/> <property name='hle' type='boolean' value='false'/> + <property name='avx-vnni' type='boolean' value='false'/> <property name='3dnowext' type='boolean' value='false'/> <property name='amd-no-ssb' type='boolean' value='false'/> <property name='npt' type='boolean' value='false'/> @@ -427,7 +428,7 @@ <property name='pdcm' type='boolean' value='false'/> <property name='vmx-entry-load-bndcfgs' type='boolean' value='false'/> <property name='vmx-exit-clear-rtit-ctl' type='boolean' value='false'/> - <property name='model' type='number' value='6'/> + <property name='model' type='number' value='113'/> <property name='movbe' type='boolean' value='true' migratable='yes'/> <property name='nrip-save' type='boolean' value='false'/> <property name='ssse3' type='boolean' value='true' migratable='yes'/> @@ -442,7 +443,7 @@ <property name='fma' type='boolean' value='true' migratable='yes'/> <property name='cx16' type='boolean' value='true' migratable='yes'/> <property name='de' type='boolean' value='true' migratable='yes'/> - <property name='stepping' type='number' value='3'/> + <property name='stepping' type='number' value='0'/> <property name='xsave' type='boolean' value='true' migratable='yes'/> <property name='clflush' type='boolean' value='true' migratable='yes'/> <property name='skinit' type='boolean' value='false'/> @@ -516,7 +517,7 @@ <property name='md-clear' type='boolean' value='false'/> <property name='misalignsse' type='boolean' value='true' migratable='yes'/> <property name='split-lock-detect' type='boolean' value='false'/> - <property name='min-xlevel' type='number' value='2147483656'/> + <property name='min-xlevel' type='number' value='2147483679'/> <property name='bmi1' type='boolean' value='true' migratable='yes'/> <property name='bmi2' type='boolean' value='true' migratable='yes'/> <property name='kvm-pv-unhalt' type='boolean' value='true' migratable='yes'/> @@ -568,7 +569,7 @@ <property name='vmx-rdpmc-exit' type='boolean' value='false'/> <property name='vmx-mtf' type='boolean' value='false'/> <property name='vmx-entry-load-efer' type='boolean' value='false'/> - <property name='model-id' type='string' value='QEMU TCG CPU version 2.5+'/> + <property name='model-id' type='string' value='AMD Ryzen 9 3900X 12-Core Processor '/> <property name='sha-ni' type='boolean' value='true' migratable='yes'/> <property name='vmx-exit-load-pkrs' type='boolean' value='false'/> <property name='abm' type='boolean' value='true' migratable='yes'/> @@ -636,6 +637,16 @@ <blocker name='spec-ctrl'/> </cpu> <cpu type='kvm' name='Westmere' typename='Westmere-x86_64-cpu' usable='yes'/> + <cpu type='kvm' name='Snowridge-v3' typename='Snowridge-v3-x86_64-cpu' usable='no'> + <blocker name='erms'/> + <blocker name='gfni'/> + <blocker name='cldemote'/> + <blocker name='movdiri'/> + <blocker name='movdir64b'/> + <blocker name='spec-ctrl'/> + <blocker name='core-capability'/> + <blocker name='split-lock-detect'/> + </cpu> <cpu type='kvm' name='Snowridge-v2' typename='Snowridge-v2-x86_64-cpu' usable='no'> <blocker name='erms'/> <blocker name='gfni'/> @@ -672,6 +683,22 @@ <blocker name='mpx'/> <blocker name='split-lock-detect'/> </cpu> + <cpu type='kvm' name='Skylake-Server-v5' typename='Skylake-Server-v5-x86_64-cpu' usable='no'> + <blocker name='pcid'/> + <blocker name='erms'/> + <blocker name='invpcid'/> + <blocker name='avx512f'/> + <blocker name='avx512dq'/> + <blocker name='avx512cd'/> + <blocker name='avx512bw'/> + <blocker name='avx512vl'/> + <blocker name='pku'/> + <blocker name='spec-ctrl'/> + <blocker name='avx512f'/> + <blocker name='avx512f'/> + <blocker name='avx512f'/> + <blocker name='pku'/> + </cpu> <cpu type='kvm' name='Skylake-Server-v4' typename='Skylake-Server-v4-x86_64-cpu' usable='no'> <blocker name='pcid'/> <blocker name='erms'/> @@ -790,6 +817,12 @@ <blocker name='avx512f'/> <blocker name='pku'/> </cpu> + <cpu type='kvm' name='Skylake-Client-v4' typename='Skylake-Client-v4-x86_64-cpu' usable='no'> + <blocker name='pcid'/> + <blocker name='erms'/> + <blocker name='invpcid'/> + <blocker name='spec-ctrl'/> + </cpu> <cpu type='kvm' name='Skylake-Client-v3' typename='Skylake-Client-v3-x86_64-cpu' usable='no'> <blocker name='pcid'/> <blocker name='erms'/> @@ -916,6 +949,35 @@ <cpu type='kvm' name='IvyBridge' typename='IvyBridge-x86_64-cpu' usable='no'> <blocker name='erms'/> </cpu> + <cpu type='kvm' name='Icelake-Server-v5' typename='Icelake-Server-v5-x86_64-cpu' usable='no'> + <blocker name='pcid'/> + <blocker name='erms'/> + <blocker name='invpcid'/> + <blocker name='avx512f'/> + <blocker name='avx512dq'/> + <blocker name='avx512ifma'/> + <blocker name='avx512cd'/> + <blocker name='avx512bw'/> + <blocker name='avx512vl'/> + <blocker name='avx512vbmi'/> + <blocker name='pku'/> + <blocker name='avx512vbmi2'/> + <blocker name='gfni'/> + <blocker name='vaes'/> + <blocker name='vpclmulqdq'/> + <blocker name='avx512vnni'/> + <blocker name='avx512bitalg'/> + <blocker name='avx512-vpopcntdq'/> + <blocker name='la57'/> + <blocker name='fsrm'/> + <blocker name='spec-ctrl'/> + <blocker name='avx512f'/> + <blocker name='avx512f'/> + <blocker name='avx512f'/> + <blocker name='pku'/> + <blocker name='ibrs-all'/> + <blocker name='taa-no'/> + </cpu> <cpu type='kvm' name='Icelake-Server-v4' typename='Icelake-Server-v4-x86_64-cpu' usable='no'> <blocker name='pcid'/> <blocker name='erms'/> @@ -1076,6 +1138,22 @@ <blocker name='avx512f'/> <blocker name='pku'/> </cpu> + <cpu type='kvm' name='Icelake-Client-v3' typename='Icelake-Client-v3-x86_64-cpu' usable='no' deprecated='yes'> + <blocker name='pcid'/> + <blocker name='erms'/> + <blocker name='invpcid'/> + <blocker name='avx512vbmi'/> + <blocker name='pku'/> + <blocker name='avx512vbmi2'/> + <blocker name='gfni'/> + <blocker name='vaes'/> + <blocker name='vpclmulqdq'/> + <blocker name='avx512vnni'/> + <blocker name='avx512bitalg'/> + <blocker name='avx512-vpopcntdq'/> + <blocker name='spec-ctrl'/> + <blocker name='pku'/> + </cpu> <cpu type='kvm' name='Icelake-Client-v2' typename='Icelake-Client-v2-x86_64-cpu' usable='no' deprecated='yes'> <blocker name='pcid'/> <blocker name='erms'/> @@ -1224,8 +1302,13 @@ </cpu> <cpu type='kvm' name='EPYC-IBPB' typename='EPYC-IBPB-x86_64-cpu' usable='yes'/> <cpu type='kvm' name='EPYC' typename='EPYC-x86_64-cpu' usable='yes'/> + <cpu type='kvm' name='Dhyana-v2' typename='Dhyana-v2-x86_64-cpu' usable='yes'/> <cpu type='kvm' name='Dhyana-v1' typename='Dhyana-v1-x86_64-cpu' usable='yes'/> <cpu type='kvm' name='Dhyana' typename='Dhyana-x86_64-cpu' usable='yes'/> + <cpu type='kvm' name='Denverton-v3' typename='Denverton-v3-x86_64-cpu' usable='no'> + <blocker name='erms'/> + <blocker name='spec-ctrl'/> + </cpu> <cpu type='kvm' name='Denverton-v2' typename='Denverton-v2-x86_64-cpu' usable='no'> <blocker name='erms'/> <blocker name='spec-ctrl'/> @@ -1244,6 +1327,29 @@ <blocker name='mpx'/> <blocker name='mpx'/> </cpu> + <cpu type='kvm' name='Cooperlake-v2' typename='Cooperlake-v2-x86_64-cpu' usable='no'> + <blocker name='pcid'/> + <blocker name='hle'/> + <blocker name='erms'/> + <blocker name='invpcid'/> + <blocker name='rtm'/> + <blocker name='avx512f'/> + <blocker name='avx512dq'/> + <blocker name='avx512cd'/> + <blocker name='avx512bw'/> + <blocker name='avx512vl'/> + <blocker name='pku'/> + <blocker name='avx512vnni'/> + <blocker name='spec-ctrl'/> + <blocker name='avx-vnni'/> + <blocker name='avx512-bf16'/> + <blocker name='avx512f'/> + <blocker name='avx512f'/> + <blocker name='avx512f'/> + <blocker name='pku'/> + <blocker name='ibrs-all'/> + <blocker name='taa-no'/> + </cpu> <cpu type='kvm' name='Cooperlake-v1' typename='Cooperlake-v1-x86_64-cpu' usable='no'> <blocker name='pcid'/> <blocker name='hle'/> @@ -1258,6 +1364,7 @@ <blocker name='pku'/> <blocker name='avx512vnni'/> <blocker name='spec-ctrl'/> + <blocker name='avx-vnni'/> <blocker name='avx512-bf16'/> <blocker name='avx512f'/> <blocker name='avx512f'/> @@ -1280,6 +1387,7 @@ <blocker name='pku'/> <blocker name='avx512vnni'/> <blocker name='spec-ctrl'/> + <blocker name='avx-vnni'/> <blocker name='avx512-bf16'/> <blocker name='avx512f'/> <blocker name='avx512f'/> @@ -1290,6 +1398,24 @@ </cpu> <cpu type='kvm' name='Conroe-v1' typename='Conroe-v1-x86_64-cpu' usable='yes'/> <cpu type='kvm' name='Conroe' typename='Conroe-x86_64-cpu' usable='yes'/> + <cpu type='kvm' name='Cascadelake-Server-v5' typename='Cascadelake-Server-v5-x86_64-cpu' usable='no'> + <blocker name='pcid'/> + <blocker name='erms'/> + <blocker name='invpcid'/> + <blocker name='avx512f'/> + <blocker name='avx512dq'/> + <blocker name='avx512cd'/> + <blocker name='avx512bw'/> + <blocker name='avx512vl'/> + <blocker name='pku'/> + <blocker name='avx512vnni'/> + <blocker name='spec-ctrl'/> + <blocker name='avx512f'/> + <blocker name='avx512f'/> + <blocker name='avx512f'/> + <blocker name='pku'/> + <blocker name='ibrs-all'/> + </cpu> <cpu type='kvm' name='Cascadelake-Server-v4' typename='Cascadelake-Server-v4-x86_64-cpu' usable='no'> <blocker name='pcid'/> <blocker name='erms'/> @@ -1472,9 +1598,9 @@ <machine type='kvm' name='pc-q35-2.4' hotplugCpus='yes' maxCpus='255' defaultCPU='qemu64-x86_64-cpu' numaMemSupported='yes' defaultRAMid='pc.ram'/> <machine type='kvm' name='pc-q35-2.10' hotplugCpus='yes' maxCpus='288' defaultCPU='qemu64-x86_64-cpu' numaMemSupported='yes' defaultRAMid='pc.ram'/> <machine type='kvm' name='x-remote' maxCpus='1'/> + <machine type='kvm' name='pc-i440fx-1.7' hotplugCpus='yes' maxCpus='255' defaultCPU='qemu64-x86_64-cpu' numaMemSupported='yes' defaultRAMid='pc.ram'/> <machine type='kvm' name='pc-q35-5.1' hotplugCpus='yes' maxCpus='288' defaultCPU='qemu64-x86_64-cpu' defaultRAMid='pc.ram'/> <machine type='kvm' name='pc-q35-2.9' hotplugCpus='yes' maxCpus='288' defaultCPU='qemu64-x86_64-cpu' numaMemSupported='yes' defaultRAMid='pc.ram'/> - <machine type='kvm' name='pc-i440fx-1.7' hotplugCpus='yes' maxCpus='255' defaultCPU='qemu64-x86_64-cpu' numaMemSupported='yes' defaultRAMid='pc.ram'/> <machine type='kvm' name='pc-i440fx-2.11' hotplugCpus='yes' maxCpus='255' defaultCPU='qemu64-x86_64-cpu' numaMemSupported='yes' defaultRAMid='pc.ram'/> <machine type='kvm' name='pc-q35-3.1' hotplugCpus='yes' maxCpus='288' defaultCPU='qemu64-x86_64-cpu' numaMemSupported='yes' defaultRAMid='pc.ram'/> <machine type='kvm' name='pc-q35-4.1' hotplugCpus='yes' maxCpus='288' defaultCPU='qemu64-x86_64-cpu' numaMemSupported='yes' defaultRAMid='pc.ram'/> @@ -1538,7 +1664,7 @@ <property name='vmx-exit-load-efer' type='boolean' value='false'/> <property name='vmx-exit-clear-bndcfgs' type='boolean' value='false'/> <property name='sse4.1' type='boolean' value='true' migratable='yes'/> - <property name='family' type='number' value='6'/> + <property name='family' type='number' value='15'/> <property name='intel-pt-lip' type='boolean' value='false'/> <property name='vmx-vmwrite-vmexit-fields' type='boolean' value='false'/> <property name='kvm-asyncpf-int' type='boolean' value='false'/> @@ -1600,6 +1726,7 @@ <property name='avx512-4fmaps' type='boolean' value='false'/> <property name='vmcb-clean' type='boolean' value='false'/> <property name='hle' type='boolean' value='false'/> + <property name='avx-vnni' type='boolean' value='false'/> <property name='3dnowext' type='boolean' value='true' migratable='yes'/> <property name='amd-no-ssb' type='boolean' value='false'/> <property name='npt' type='boolean' value='true' migratable='yes'/> @@ -1668,7 +1795,7 @@ <property name='pdcm' type='boolean' value='false'/> <property name='vmx-entry-load-bndcfgs' type='boolean' value='false'/> <property name='vmx-exit-clear-rtit-ctl' type='boolean' value='false'/> - <property name='model' type='number' value='6'/> + <property name='model' type='number' value='107'/> <property name='movbe' type='boolean' value='true' migratable='yes'/> <property name='nrip-save' type='boolean' value='false'/> <property name='ssse3' type='boolean' value='true' migratable='yes'/> @@ -1683,7 +1810,7 @@ <property name='fma' type='boolean' value='false'/> <property name='cx16' type='boolean' value='true' migratable='yes'/> <property name='de' type='boolean' value='true' migratable='yes'/> - <property name='stepping' type='number' value='3'/> + <property name='stepping' type='number' value='1'/> <property name='xsave' type='boolean' value='true' migratable='yes'/> <property name='clflush' type='boolean' value='true' migratable='yes'/> <property name='skinit' type='boolean' value='false'/> @@ -1859,6 +1986,25 @@ <blocker name='spec-ctrl'/> </cpu> <cpu type='tcg' name='Westmere' typename='Westmere-x86_64-cpu' usable='yes'/> + <cpu type='tcg' name='Snowridge-v3' typename='Snowridge-v3-x86_64-cpu' usable='no'> + <blocker name='x2apic'/> + <blocker name='tsc-deadline'/> + <blocker name='rdseed'/> + <blocker name='sha-ni'/> + <blocker name='umip'/> + <blocker name='gfni'/> + <blocker name='cldemote'/> + <blocker name='movdiri'/> + <blocker name='movdir64b'/> + <blocker name='spec-ctrl'/> + <blocker name='arch-capabilities'/> + <blocker name='core-capability'/> + <blocker name='ssbd'/> + <blocker name='3dnowprefetch'/> + <blocker name='xsavec'/> + <blocker name='xsaves'/> + <blocker name='split-lock-detect'/> + </cpu> <cpu type='tcg' name='Snowridge-v2' typename='Snowridge-v2-x86_64-cpu' usable='no'> <blocker name='x2apic'/> <blocker name='tsc-deadline'/> @@ -1913,6 +2059,26 @@ <blocker name='xsavec'/> <blocker name='split-lock-detect'/> </cpu> + <cpu type='tcg' name='Skylake-Server-v5' typename='Skylake-Server-v5-x86_64-cpu' usable='no'> + <blocker name='fma'/> + <blocker name='pcid'/> + <blocker name='x2apic'/> + <blocker name='tsc-deadline'/> + <blocker name='avx'/> + <blocker name='f16c'/> + <blocker name='avx2'/> + <blocker name='invpcid'/> + <blocker name='avx512f'/> + <blocker name='avx512dq'/> + <blocker name='rdseed'/> + <blocker name='avx512cd'/> + <blocker name='avx512bw'/> + <blocker name='avx512vl'/> + <blocker name='spec-ctrl'/> + <blocker name='3dnowprefetch'/> + <blocker name='xsavec'/> + <blocker name='xsaves'/> + </cpu> <cpu type='tcg' name='Skylake-Server-v4' typename='Skylake-Server-v4-x86_64-cpu' usable='no'> <blocker name='fma'/> <blocker name='pcid'/> @@ -2052,6 +2218,21 @@ <blocker name='3dnowprefetch'/> <blocker name='xsavec'/> </cpu> + <cpu type='tcg' name='Skylake-Client-v4' typename='Skylake-Client-v4-x86_64-cpu' usable='no'> + <blocker name='fma'/> + <blocker name='pcid'/> + <blocker name='x2apic'/> + <blocker name='tsc-deadline'/> + <blocker name='avx'/> + <blocker name='f16c'/> + <blocker name='avx2'/> + <blocker name='invpcid'/> + <blocker name='rdseed'/> + <blocker name='spec-ctrl'/> + <blocker name='3dnowprefetch'/> + <blocker name='xsavec'/> + <blocker name='xsaves'/> + </cpu> <cpu type='tcg' name='Skylake-Client-v3' typename='Skylake-Client-v3-x86_64-cpu' usable='no'> <blocker name='fma'/> <blocker name='pcid'/> @@ -2282,6 +2463,48 @@ <blocker name='avx'/> <blocker name='f16c'/> </cpu> + <cpu type='tcg' name='Icelake-Server-v5' typename='Icelake-Server-v5-x86_64-cpu' usable='no'> + <blocker name='fma'/> + <blocker name='pcid'/> + <blocker name='x2apic'/> + <blocker name='tsc-deadline'/> + <blocker name='avx'/> + <blocker name='f16c'/> + <blocker name='avx2'/> + <blocker name='invpcid'/> + <blocker name='avx512f'/> + <blocker name='avx512dq'/> + <blocker name='rdseed'/> + <blocker name='avx512ifma'/> + <blocker name='avx512cd'/> + <blocker name='sha-ni'/> + <blocker name='avx512bw'/> + <blocker name='avx512vl'/> + <blocker name='avx512vbmi'/> + <blocker name='umip'/> + <blocker name='avx512vbmi2'/> + <blocker name='gfni'/> + <blocker name='vaes'/> + <blocker name='vpclmulqdq'/> + <blocker name='avx512vnni'/> + <blocker name='avx512bitalg'/> + <blocker name='avx512-vpopcntdq'/> + <blocker name='rdpid'/> + <blocker name='fsrm'/> + <blocker name='spec-ctrl'/> + <blocker name='arch-capabilities'/> + <blocker name='ssbd'/> + <blocker name='3dnowprefetch'/> + <blocker name='wbnoinvd'/> + <blocker name='xsavec'/> + <blocker name='xsaves'/> + <blocker name='rdctl-no'/> + <blocker name='ibrs-all'/> + <blocker name='skip-l1dfl-vmentry'/> + <blocker name='mds-no'/> + <blocker name='pschange-mc-no'/> + <blocker name='taa-no'/> + </cpu> <cpu type='tcg' name='Icelake-Server-v4' typename='Icelake-Server-v4-x86_64-cpu' usable='no'> <blocker name='fma'/> <blocker name='pcid'/> @@ -2484,6 +2707,32 @@ <blocker name='wbnoinvd'/> <blocker name='xsavec'/> </cpu> + <cpu type='tcg' name='Icelake-Client-v3' typename='Icelake-Client-v3-x86_64-cpu' usable='no' deprecated='yes'> + <blocker name='fma'/> + <blocker name='pcid'/> + <blocker name='x2apic'/> + <blocker name='tsc-deadline'/> + <blocker name='avx'/> + <blocker name='f16c'/> + <blocker name='avx2'/> + <blocker name='invpcid'/> + <blocker name='rdseed'/> + <blocker name='avx512vbmi'/> + <blocker name='umip'/> + <blocker name='avx512vbmi2'/> + <blocker name='gfni'/> + <blocker name='vaes'/> + <blocker name='vpclmulqdq'/> + <blocker name='avx512vnni'/> + <blocker name='avx512bitalg'/> + <blocker name='avx512-vpopcntdq'/> + <blocker name='spec-ctrl'/> + <blocker name='ssbd'/> + <blocker name='3dnowprefetch'/> + <blocker name='wbnoinvd'/> + <blocker name='xsavec'/> + <blocker name='xsaves'/> + </cpu> <cpu type='tcg' name='Icelake-Client-v2' typename='Icelake-Client-v2-x86_64-cpu' usable='no' deprecated='yes'> <blocker name='fma'/> <blocker name='pcid'/> @@ -2896,6 +3145,22 @@ <blocker name='nrip-save'/> <blocker name='xsavec'/> </cpu> + <cpu type='tcg' name='Dhyana-v2' typename='Dhyana-v2-x86_64-cpu' usable='no'> + <blocker name='fma'/> + <blocker name='avx'/> + <blocker name='f16c'/> + <blocker name='avx2'/> + <blocker name='rdseed'/> + <blocker name='fxsr-opt'/> + <blocker name='misalignsse'/> + <blocker name='3dnowprefetch'/> + <blocker name='osvw'/> + <blocker name='topoext'/> + <blocker name='ibpb'/> + <blocker name='nrip-save'/> + <blocker name='xsavec'/> + <blocker name='xsaves'/> + </cpu> <cpu type='tcg' name='Dhyana-v1' typename='Dhyana-v1-x86_64-cpu' usable='no'> <blocker name='fma'/> <blocker name='avx'/> @@ -2926,6 +3191,20 @@ <blocker name='nrip-save'/> <blocker name='xsavec'/> </cpu> + <cpu type='tcg' name='Denverton-v3' typename='Denverton-v3-x86_64-cpu' usable='no'> + <blocker name='x2apic'/> + <blocker name='tsc-deadline'/> + <blocker name='rdseed'/> + <blocker name='sha-ni'/> + <blocker name='spec-ctrl'/> + <blocker name='arch-capabilities'/> + <blocker name='ssbd'/> + <blocker name='3dnowprefetch'/> + <blocker name='xsavec'/> + <blocker name='xsaves'/> + <blocker name='rdctl-no'/> + <blocker name='skip-l1dfl-vmentry'/> + </cpu> <cpu type='tcg' name='Denverton-v2' typename='Denverton-v2-x86_64-cpu' usable='no'> <blocker name='x2apic'/> <blocker name='tsc-deadline'/> @@ -2965,6 +3244,40 @@ <blocker name='rdctl-no'/> <blocker name='skip-l1dfl-vmentry'/> </cpu> + <cpu type='tcg' name='Cooperlake-v2' typename='Cooperlake-v2-x86_64-cpu' usable='no'> + <blocker name='fma'/> + <blocker name='pcid'/> + <blocker name='x2apic'/> + <blocker name='tsc-deadline'/> + <blocker name='avx'/> + <blocker name='f16c'/> + <blocker name='hle'/> + <blocker name='avx2'/> + <blocker name='invpcid'/> + <blocker name='rtm'/> + <blocker name='avx512f'/> + <blocker name='avx512dq'/> + <blocker name='rdseed'/> + <blocker name='avx512cd'/> + <blocker name='avx512bw'/> + <blocker name='avx512vl'/> + <blocker name='avx512vnni'/> + <blocker name='spec-ctrl'/> + <blocker name='stibp'/> + <blocker name='arch-capabilities'/> + <blocker name='ssbd'/> + <blocker name='avx-vnni'/> + <blocker name='avx512-bf16'/> + <blocker name='3dnowprefetch'/> + <blocker name='xsavec'/> + <blocker name='xsaves'/> + <blocker name='rdctl-no'/> + <blocker name='ibrs-all'/> + <blocker name='skip-l1dfl-vmentry'/> + <blocker name='mds-no'/> + <blocker name='pschange-mc-no'/> + <blocker name='taa-no'/> + </cpu> <cpu type='tcg' name='Cooperlake-v1' typename='Cooperlake-v1-x86_64-cpu' usable='no'> <blocker name='fma'/> <blocker name='pcid'/> @@ -2987,6 +3300,7 @@ <blocker name='stibp'/> <blocker name='arch-capabilities'/> <blocker name='ssbd'/> + <blocker name='avx-vnni'/> <blocker name='avx512-bf16'/> <blocker name='3dnowprefetch'/> <blocker name='xsavec'/> @@ -3019,6 +3333,7 @@ <blocker name='stibp'/> <blocker name='arch-capabilities'/> <blocker name='ssbd'/> + <blocker name='avx-vnni'/> <blocker name='avx512-bf16'/> <blocker name='3dnowprefetch'/> <blocker name='xsavec'/> @@ -3031,6 +3346,33 @@ </cpu> <cpu type='tcg' name='Conroe-v1' typename='Conroe-v1-x86_64-cpu' usable='yes'/> <cpu type='tcg' name='Conroe' typename='Conroe-x86_64-cpu' usable='yes'/> + <cpu type='tcg' name='Cascadelake-Server-v5' typename='Cascadelake-Server-v5-x86_64-cpu' usable='no'> + <blocker name='fma'/> + <blocker name='pcid'/> + <blocker name='x2apic'/> + <blocker name='tsc-deadline'/> + <blocker name='avx'/> + <blocker name='f16c'/> + <blocker name='avx2'/> + <blocker name='invpcid'/> + <blocker name='avx512f'/> + <blocker name='avx512dq'/> + <blocker name='rdseed'/> + <blocker name='avx512cd'/> + <blocker name='avx512bw'/> + <blocker name='avx512vl'/> + <blocker name='avx512vnni'/> + <blocker name='spec-ctrl'/> + <blocker name='arch-capabilities'/> + <blocker name='ssbd'/> + <blocker name='3dnowprefetch'/> + <blocker name='xsavec'/> + <blocker name='xsaves'/> + <blocker name='rdctl-no'/> + <blocker name='ibrs-all'/> + <blocker name='skip-l1dfl-vmentry'/> + <blocker name='mds-no'/> + </cpu> <cpu type='tcg' name='Cascadelake-Server-v4' typename='Cascadelake-Server-v4-x86_64-cpu' usable='no'> <blocker name='fma'/> <blocker name='pcid'/> @@ -3309,9 +3651,9 @@ <machine type='tcg' name='pc-q35-2.4' hotplugCpus='yes' maxCpus='255' defaultCPU='qemu64-x86_64-cpu' numaMemSupported='yes' defaultRAMid='pc.ram'/> <machine type='tcg' name='pc-q35-2.10' hotplugCpus='yes' maxCpus='288' defaultCPU='qemu64-x86_64-cpu' numaMemSupported='yes' defaultRAMid='pc.ram'/> <machine type='tcg' name='x-remote' maxCpus='1'/> + <machine type='tcg' name='pc-i440fx-1.7' hotplugCpus='yes' maxCpus='255' defaultCPU='qemu64-x86_64-cpu' numaMemSupported='yes' defaultRAMid='pc.ram'/> <machine type='tcg' name='pc-q35-5.1' hotplugCpus='yes' maxCpus='288' defaultCPU='qemu64-x86_64-cpu' defaultRAMid='pc.ram'/> <machine type='tcg' name='pc-q35-2.9' hotplugCpus='yes' maxCpus='288' defaultCPU='qemu64-x86_64-cpu' numaMemSupported='yes' defaultRAMid='pc.ram'/> - <machine type='tcg' name='pc-i440fx-1.7' hotplugCpus='yes' maxCpus='255' defaultCPU='qemu64-x86_64-cpu' numaMemSupported='yes' defaultRAMid='pc.ram'/> <machine type='tcg' name='pc-i440fx-2.11' hotplugCpus='yes' maxCpus='255' defaultCPU='qemu64-x86_64-cpu' numaMemSupported='yes' defaultRAMid='pc.ram'/> <machine type='tcg' name='pc-q35-3.1' hotplugCpus='yes' maxCpus='288' defaultCPU='qemu64-x86_64-cpu' numaMemSupported='yes' defaultRAMid='pc.ram'/> <machine type='tcg' name='pc-q35-4.1' hotplugCpus='yes' maxCpus='288' defaultCPU='qemu64-x86_64-cpu' numaMemSupported='yes' defaultRAMid='pc.ram'/> -- 2.31.1

3 years, 5 months

2
1
0 / 0

[PATCH] test_driver: Implement virDomainGetSecurityLabelList

by Luke Yue

Signed-off-by: Luke Yue <lukedyue(a)gmail.com> --- src/test/test_driver.c | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/src/test/test_driver.c b/src/test/test_driver.c index 611ec6d7ec..ae1b8ebc23 100644 --- a/src/test/test_driver.c +++ b/src/test/test_driver.c @@ -136,6 +136,7 @@ VIR_ONCE_GLOBAL_INIT(testDriver); #define TEST_MODEL "i686" #define TEST_EMULATOR "/usr/bin/test-hv" +#define TEST_SECURITY_LABEL_LIST_LENGTH 2 static const virNodeInfo defaultNodeInfo = { TEST_MODEL, @@ -5037,6 +5038,45 @@ testDomainGetSecurityLabel(virDomainPtr dom, return ret; } +static int +testDomainGetSecurityLabelList(virDomainPtr dom, + virSecurityLabelPtr* seclabels) +{ + virDomainObj *vm; + size_t i; + int ret = -1; + + if (!(vm = testDomObjFromDomain(dom))) + return -1; + + if (!virDomainObjIsActive(vm)) { + /* No seclabels */ + *seclabels = NULL; + ret = 0; + } else { + int len = TEST_SECURITY_LABEL_LIST_LENGTH; + + (*seclabels) = g_new0(virSecurityLabel, len); + memset(*seclabels, 0, sizeof(**seclabels) * len); + + /* Fill the array */ + for (i = 0; i < len; i++) { + if (virStrcpyStatic(seclabels[i]->label, "libvirt-test") < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("security label exceeds maximum: %zu"), + sizeof(seclabels[i]->label) - 1); + VIR_FREE(*seclabels); + goto cleanup; + } + } + ret = len; + } + + cleanup: + virDomainObjEndAPI(&vm); + return ret; +} + static int testNodeGetSecurityModel(virConnectPtr conn, virSecurityModelPtr secmodel) @@ -9357,6 +9397,7 @@ static virHypervisorDriver testHypervisorDriver = { .domainGetVcpuPinInfo = testDomainGetVcpuPinInfo, /* 1.2.18 */ .domainGetMaxVcpus = testDomainGetMaxVcpus, /* 0.7.3 */ .domainGetSecurityLabel = testDomainGetSecurityLabel, /* 7.5.0 */ + .domainGetSecurityLabelList = testDomainGetSecurityLabelList, /* 7.5.0 */ .nodeGetSecurityModel = testNodeGetSecurityModel, /* 7.5.0 */ .domainGetXMLDesc = testDomainGetXMLDesc, /* 0.1.4 */ .domainSetMemoryParameters = testDomainSetMemoryParameters, /* 5.6.0 */ -- 2.32.0

3 years, 5 months

2
4
0 / 0

[PATCH] test_driver: Implement virDomainGetMessages

by Luke Yue

Signed-off-by: Luke Yue <lukedyue(a)gmail.com> --- src/test/test_driver.c | 53 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/src/test/test_driver.c b/src/test/test_driver.c index ae1b8ebc23..a7ea05464d 100644 --- a/src/test/test_driver.c +++ b/src/test/test_driver.c @@ -9331,6 +9331,58 @@ testDomainCheckpointDelete(virDomainCheckpointPtr checkpoint, return ret; } +static int +testDomainGetMessages(virDomainPtr dom, + char ***msgs, + unsigned int flags) +{ + virDomainObj *vm = NULL; + int rv = -1; + size_t i, n; + int nmsgs; + + virCheckFlags(VIR_DOMAIN_MESSAGE_DEPRECATION | + VIR_DOMAIN_MESSAGE_TAINTING, -1); + + if (!(vm = testDomObjFromDomain(dom))) + return -1; + + *msgs = NULL; + nmsgs = 0; + n = 0; + + if (!flags || (flags & VIR_DOMAIN_MESSAGE_TAINTING)) { + nmsgs += __builtin_popcount(vm->taint); + *msgs = g_renew(char *, *msgs, nmsgs+1); + + for (i = 0; i < VIR_DOMAIN_TAINT_LAST; i++) { + if (vm->taint & (1 << i)) { + (*msgs)[n++] = g_strdup_printf( + _("tainted: %s"), + _(virDomainTaintMessageTypeToString(i))); + } + } + } + + if (!flags || (flags & VIR_DOMAIN_MESSAGE_DEPRECATION)) { + nmsgs += vm->ndeprecations; + *msgs = g_renew(char *, *msgs, nmsgs+1); + + for (i = 0; i < vm->ndeprecations; i++) { + (*msgs)[n++] = g_strdup_printf( + _("deprecated configuration: %s"), + vm->deprecations[i]); + } + } + + (*msgs)[nmsgs] = NULL; + + rv = nmsgs; + + virDomainObjEndAPI(&vm); + return rv; +} + /* * Test driver */ @@ -9489,6 +9541,7 @@ static virHypervisorDriver testHypervisorDriver = { .domainCheckpointLookupByName = testDomainCheckpointLookupByName, /* 5.6.0 */ .domainCheckpointGetParent = testDomainCheckpointGetParent, /* 5.6.0 */ .domainCheckpointDelete = testDomainCheckpointDelete, /* 5.6.0 */ + .domainGetMessages = testDomainGetMessages, /* 7.5.0 */ }; static virNetworkDriver testNetworkDriver = { -- 2.32.0

3 years, 5 months

2
4
0 / 0

[libvirt PATCH] spec: Drop libiscsi support in RHEL-9

by Jiri Denemark

https://bugzilla.redhat.com/show_bug.cgi?id=1975677 Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com> --- libvirt.spec.in | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libvirt.spec.in b/libvirt.spec.in index b8a698e81e..c1ccd2f74e 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -85,6 +85,10 @@ %endif %define with_storage_iscsi_direct 0%{!?_without_storage_iscsi_direct:1} +# libiscsi has been dropped in RHEL-9 +%if 0%{?rhel} > 8 + %define with_storage_iscsi_direct 0 +%endif # Other optional features %define with_numactl 0%{!?_without_numactl:1} -- 2.32.0

3 years, 5 months

2
1
0 / 0

[libvirt PATCH 0/7] Enable autostarting mediated devices

by Jonathon Jongsma

This series replaces the initial patch that was recently reverted. It implements the autostart feature using a new virNodeDeviceGet/SetAutostart() API that is consistent with how other libvirt objects handle autostart. It also adds a counterpart virsh command nodedev-autostart. In order to easily check the 'autostart' status of the device (since it is no longer part of the device xml), a new virsh command is introduced: nodedev-info. This also presents a few more basic bits of information about the device, including 'active' and 'persistent' status, which requires exposing new APIs on the node device: IsActive() and IsPersistent(). These APIs are consistent with existing libvirt objects. Jonathon Jongsma (7): api: add virNodeDevice(Get|Set)Autostart() nodedev: implement virNodeDevice(Get|Set)Autostart() nodedev: Add tests for mdevctl autostart command virsh: add nodedev-autostart api: add virNodeDeviceIsPersistent()/IsActive() nodedev: Implement virNodeDeviceIsPersistent()/IsActive() virsh: add nodedev-info docs/manpages/virsh.rst | 27 +++ include/libvirt/libvirt-nodedev.h | 10 ++ src/conf/virnodedeviceobj.c | 16 ++ src/conf/virnodedeviceobj.h | 6 + src/driver-nodedev.h | 18 ++ src/libvirt-nodedev.c | 141 +++++++++++++++ src/libvirt_private.syms | 2 + src/libvirt_public.syms | 6 + src/node_device/node_device_driver.c | 166 ++++++++++++++++++ src/node_device/node_device_driver.h | 19 ++ src/node_device/node_device_udev.c | 30 +++- src/remote/remote_driver.c | 6 +- src/remote/remote_protocol.x | 59 ++++++- src/remote_protocol-structs | 26 +++ .../nodedevmdevctldata/mdevctl-autostart.argv | 8 + tests/nodedevmdevctltest.c | 54 ++++++ tools/virsh-nodedev.c | 139 +++++++++++++++ 17 files changed, 727 insertions(+), 6 deletions(-) create mode 100644 tests/nodedevmdevctldata/mdevctl-autostart.argv -- 2.31.1

3 years, 5 months

3
25
0 / 0

[PATCH v2 0/4] Ring support (Libvirt)

by huangy81＠chinatelecom.cn

From: Hyman Huang(黄勇) <huangy81(a)chinatelecom.cn> v2 - split patchset into 4 patches - leave out the tcg case when building commandline. - handle the VIR_DOMAIN_KVM_DIRTY_RING case independently in , virDomainFeatureDefParse and virDomainDefFeaturesCheckABIStability, do not integrate it with other cases... - add dirty ring size check in virDomainDefFeaturesCheckABIStability - modify zero checks on integers of dirty ring size in a explicit way. - set the default value of dirty ring size in a post-parser callback. - check the absence of kvm_feature in a explicit way. - code clean of virTristateSwitchTypeToString function. this version's modification base on Peter's advices mostly, thanks a lot, please review ! Best Regards ! Hyman Huang(黄勇) v1 since qemu has introduced a dirty ring feature in 6.1.0, may be it's the right time to introduce dirty ring in libvirt meanwhile. this patch add feature named 'dirty-ring', which enable dirty ring feature when starting vm. to try this out, three things has done in this patchset: - introduce QEMU_CAPS_ACCEL so the the libvirt can use it to select the right option when specifying the accelerator type. - switch the option "-machine accel=xxx" to "-accel xxx" when specifying accelerator type once libvirt build QEMU command line, so that dirty-ring-size property can be passed to qemu when start vm. - introduce dirty_ring_size to hold the ring size configured by user and pass dirty_ring_size when building qemu commandline if dirty ring feature enabled. though dirty ring is per-cpu logically, the size of dirty ring is registered by 'struct kvm' in QEMU. so we would like to place the dirty_ring_size as a property of vm in Libvirt as the QEMU do. the dirty ring feature is disabled by default, and if enabled, the default value of ring size if 4096 if size not configured. for more details about dirty ring and "-accel" option, please refer to: https://lore.kernel.org/qemu-devel/20210108165050.406906-10-peterx@redhat... https://lore.kernel.org/qemu-devel/3aa73987-40e8-3619-0723-9f17f73850bd@r... please review, Thanks! Best Regards ! Hyman Huang(黄勇) (4): qemu_capabilities: introduce QEMU_CAPS_ACCEL qemu_command: switch accelerator option to new style conf: introduce dirty_ring_size in struct "_virDomainDef" qemu: support dirty ring feature docs/formatdomain.rst | 16 +++--- docs/schemas/domaincommon.rng | 10 ++++ src/conf/domain_conf.c | 66 ++++++++++++++++++++++ src/conf/domain_conf.h | 4 ++ src/qemu/qemu_capabilities.c | 2 + src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_command.c | 42 +++++++++++++- tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml | 1 + tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_3.0.0.riscv32.xml | 1 + tests/qemucapabilitiesdata/caps_3.0.0.riscv64.xml | 1 + tests/qemucapabilitiesdata/caps_3.0.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_3.1.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_4.0.0.aarch64.xml | 1 + tests/qemucapabilitiesdata/caps_4.0.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_4.0.0.riscv32.xml | 1 + tests/qemucapabilitiesdata/caps_4.0.0.riscv64.xml | 1 + tests/qemucapabilitiesdata/caps_4.0.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_4.0.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_4.1.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml | 1 + tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml | 1 + tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml | 1 + tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_5.1.0.sparc.xml | 1 + tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_5.2.0.aarch64.xml | 1 + tests/qemucapabilitiesdata/caps_5.2.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_5.2.0.riscv64.xml | 1 + tests/qemucapabilitiesdata/caps_5.2.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_5.2.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_6.0.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_6.0.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml | 1 + ...64-default-cpu-kvm-virt-4.2.aarch64-latest.args | 3 +- .../aarch64-features-sve.aarch64-latest.args | 3 +- .../channel-unix-guestfwd.x86_64-latest.args | 3 +- .../clock-timer-armvtimer.aarch64-latest.args | 3 +- .../console-virtio-unix.x86_64-latest.args | 3 +- .../cpu-Icelake-Server-pconfig.x86_64-3.1.0.args | 3 +- .../cpu-Icelake-Server-pconfig.x86_64-latest.args | 3 +- .../cpu-tsc-frequency.x86_64-4.0.0.args | 3 +- .../cpu-tsc-high-frequency.x86_64-latest.args | 3 +- .../default-video-type-aarch64.aarch64-latest.args | 3 +- .../default-video-type-ppc64.ppc64-latest.args | 3 +- .../default-video-type-s390x.s390x-latest.args | 3 +- .../disk-cdrom-network.x86_64-2.12.0.args | 3 +- .../disk-cdrom-network.x86_64-latest.args | 3 +- .../disk-network-http.x86_64-latest.args | 3 +- .../hugepages-memaccess3.x86_64-latest.args | 3 +- .../intel-iommu-aw-bits.x86_64-latest.args | 3 +- .../intel-iommu-caching-mode.x86_64-latest.args | 3 +- .../intel-iommu-device-iotlb.x86_64-latest.args | 3 +- .../intel-iommu-eim.x86_64-latest.args | 3 +- ...ty-sev-missing-platform-info.x86_64-2.12.0.args | 3 +- .../launch-security-sev.x86_64-2.12.0.args | 3 +- .../launch-security-sev.x86_64-6.0.0.args | 3 +- ...emfd-memory-default-hugepage.x86_64-latest.args | 3 +- .../memfd-memory-numa.x86_64-latest.args | 3 +- .../memory-hotplug-virtio-pmem.x86_64-5.2.0.args | 3 +- .../memory-hotplug-virtio-pmem.x86_64-latest.args | 3 +- .../os-firmware-bios.x86_64-latest.args | 3 +- ...irmware-efi-no-enrolled-keys.x86_64-latest.args | 3 +- .../os-firmware-efi-secboot.x86_64-latest.args | 3 +- .../os-firmware-efi.x86_64-latest.args | 3 +- .../parallel-unix-chardev.x86_64-latest.args | 3 +- ...4-default-cpu-kvm-pseries-2.7.ppc64-latest.args | 3 +- ...4-default-cpu-kvm-pseries-3.1.ppc64-latest.args | 3 +- ...4-default-cpu-kvm-pseries-4.2.ppc64-latest.args | 3 +- ...efault-cpu-kvm-ccw-virtio-2.7.s390x-latest.args | 3 +- ...efault-cpu-kvm-ccw-virtio-4.2.s390x-latest.args | 3 +- .../smartcard-passthrough-unix.x86_64-latest.args | 3 +- .../usb-redir-unix.x86_64-latest.args | 3 +- .../vhost-user-fs-fd-memory.x86_64-latest.args | 3 +- .../virtio-rng-builtin.x86_64-5.2.0.args | 3 +- .../virtio-rng-builtin.x86_64-latest.args | 3 +- .../virtio-rng-egd-unix.x86_64-5.2.0.args | 3 +- .../virtio-rng-egd-unix.x86_64-latest.args | 3 +- ...86_64-default-cpu-kvm-pc-4.2.x86_64-latest.args | 3 +- ...6_64-default-cpu-kvm-q35-4.2.x86_64-latest.args | 3 +- 91 files changed, 263 insertions(+), 54 deletions(-) -- 1.8.3.1

3 years, 5 months

1
4
0 / 0

[PATCH] build: fix logic for enabling libssh/libssh2 checks

by Daniel P. Berrangé

When 'driver_remote' is 'auto', the 'enabled()' method does not evaluate to true, causing the libssh/libssh2 checks to be skipped. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- meson.build | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meson.build b/meson.build index 9caae5521b..1fab424fde 100644 --- a/meson.build +++ b/meson.build @@ -1005,7 +1005,7 @@ else endif libssh_version = '0.7' -if get_option('driver_remote').enabled() +if not get_option('driver_remote').disabled() libssh_dep = dependency('libssh', version: '>=' + libssh_version, required: get_option('libssh')) if libssh_dep.found() conf.set('WITH_LIBSSH', 1) @@ -1028,7 +1028,7 @@ else endif libssh2_version = '1.3' -if get_option('driver_remote').enabled() +if not get_option('driver_remote').disabled() libssh2_dep = dependency('libssh2', version: '>=' + libssh2_version, required: get_option('libssh2')) if libssh2_dep.found() conf.set('WITH_SSH2', 1) -- 2.31.1

3 years, 5 months

2
1
0 / 0

[PATCH] rpc: prefer SHA256 host key fingerprint with new libssh

by Daniel P. Berrangé

The host key fingerprint for SSH servers is used in a scenario where cryptographic strength is important. We should thus be defaulting to use of SHA256 where available. We only need SHA1 for Ubuntu 18.04 which does not have libssh >= 0.8.1 Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- src/rpc/virnetlibsshsession.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/src/rpc/virnetlibsshsession.c b/src/rpc/virnetlibsshsession.c index 50ace5f41d..22d54c99be 100644 --- a/src/rpc/virnetlibsshsession.c +++ b/src/rpc/virnetlibsshsession.c @@ -39,6 +39,12 @@ VIR_LOG_INIT("rpc.netlibsshsession"); #define VIR_NET_LIBSSH_BUFFER_SIZE 1024 +#if LIBSSH_VERSION_INT < SSH_VERSION_INT(0, 8, 1) +# define VIR_SSH_HOSTKEY_HASH SSH_PUBLICKEY_HASH_SHA1 +#else +# define VIR_SSH_HOSTKEY_HASH SSH_PUBLICKEY_HASH_SHA256 +#endif + /* TRACE_LIBSSH=<level> enables tracing in libssh itself. * The meaning of <level> is described here: * https://api.libssh.org/master/group__libssh__log.html @@ -203,9 +209,10 @@ virLibsshServerKeyAsString(virNetLibsshSession *sess) return NULL; } - /* calculate remote key hash, using SHA1 algorithm that is - * usual in OpenSSH. The returned value must be freed */ - ret = ssh_get_publickey_hash(key, SSH_PUBLICKEY_HASH_SHA1, + /* calculate remote key hash, using SHA256 algorithm that is + * the default in modern OpenSSH, fallback to SHA1 for older + * libssh. The returned value must be freed */ + ret = ssh_get_publickey_hash(key, VIR_SSH_HOSTKEY_HASH, &keyhash, &keyhashlen); ssh_key_free(key); if (ret < 0) { -- 2.31.1

3 years, 5 months

2
1
0 / 0

[PATCH v2] ci: Also perform package upgrades on macOS and FreeBSD

by Martin Kletzander

The base OS image might include outdated contents, and we don't want to get spurious failures caused by bugs that have already been fixed in the respective packages. This is particularly important on macOS, because 'brew install foo' will fail if 'foo' is already installed but outdated: upgrading all packages first ensures we never run into this scenario. Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com> --- .gitlab-ci.yml | 4 ++++ ci/cirrus/build.yml | 1 + 2 files changed, 5 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3fa616261e93..3cb6ff5e6b26 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -115,6 +115,7 @@ stages: -e "s|[@]CIRRUS_VM_IMAGE_SELECTOR@|$CIRRUS_VM_IMAGE_SELECTOR|g" -e "s|[@]CIRRUS_VM_IMAGE_NAME@|$CIRRUS_VM_IMAGE_NAME|g" -e "s|[@]UPDATE_COMMAND@|$UPDATE_COMMAND|g" + -e "s|[@]UPGRADE_COMMAND@|$UPGRADE_COMMAND|g" -e "s|[@]INSTALL_COMMAND@|$INSTALL_COMMAND|g" -e "s|[@]PATH@|$PATH_EXTRA${PATH_EXTRA:+:}\$PATH|g" -e "s|[@]PKG_CONFIG_PATH@|$PKG_CONFIG_PATH|g" @@ -423,6 +424,7 @@ x64-freebsd-12-build: CIRRUS_VM_IMAGE_SELECTOR: image_family CIRRUS_VM_IMAGE_NAME: freebsd-12-2 UPDATE_COMMAND: pkg update + UPGRADE_COMMAND: pkg upgrade -y INSTALL_COMMAND: pkg install -y x64-freebsd-13-build: @@ -433,6 +435,7 @@ x64-freebsd-13-build: CIRRUS_VM_IMAGE_SELECTOR: image_family CIRRUS_VM_IMAGE_NAME: freebsd-13-0 UPDATE_COMMAND: pkg update + UPGRADE_COMMAND: pkg upgrade -y INSTALL_COMMAND: pkg install -y x64-macos-11-build: @@ -443,6 +446,7 @@ x64-macos-11-build: CIRRUS_VM_IMAGE_SELECTOR: image CIRRUS_VM_IMAGE_NAME: big-sur-base UPDATE_COMMAND: brew update + UPGRADE_COMMAND: brew upgrade INSTALL_COMMAND: brew install PATH_EXTRA: /usr/local/opt/ccache/libexec:/usr/local/opt/gettext/bin:/usr/local/opt/libpcap/bin:/usr/local/opt/libxslt/bin:/usr/local/opt/rpcgen/bin PKG_CONFIG_PATH: /usr/local/opt/curl/lib/pkgconfig:/usr/local/opt/libpcap/lib/pkgconfig:/usr/local/opt/libxml2/lib/pkgconfig:/usr/local/opt/ncurses/lib/pkgconfig:/usr/local/opt/readline/lib/pkgconfig diff --git a/ci/cirrus/build.yml b/ci/cirrus/build.yml index 39c17dc08a43..867d5f297b7e 100644 --- a/ci/cirrus/build.yml +++ b/ci/cirrus/build.yml @@ -15,6 +15,7 @@ env: build_task: install_script: - @UPDATE_COMMAND@ + - @UPGRADE_COMMAND@ - @INSTALL_COMMAND@ @PKGS@ - if test -n "@PYPI_PKGS@" ; then @PIP3@ install @PYPI_PKGS@ ; fi clone_script: -- 2.32.0

3 years, 5 months

2
1
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Devel June 2021