January 2022 - Devel - libvirt List Archives

[PATCH 0/4] Rework <tpm/> formatting
by Michal Privoznik 04 Jan '22

04 Jan '22

Please note that the test suite is temporarily broken after 2/4 but fixed in 3/4. This could be resolved be swapping those two patches, but I figured I keep the order to demonstrate the bug. However, I can do the swap if desired. Michal Prívozník (4): qemuxml2xmltest: Introduce tpm-emulator-spapr test qemuxml2xmloutdata: Turn tpm-*.xml files into symlinks conf: Rework <tpm/> formatting conf: Make virDomainTPMDefFormat() return void src/conf/domain_conf.c | 65 +++++++--------- tests/qemuxml2argvdata/tpm-emulator-spapr.xml | 74 +++++++++++-------- .../tpm-emulator-tpm2-enc.xml | 12 ++- .../tpm-emulator-tpm2-pstate.xml | 12 ++- tests/qemuxml2argvdata/tpm-emulator-tpm2.xml | 13 +++- tests/qemuxml2argvdata/tpm-emulator.xml | 12 ++- .../qemuxml2argvdata/tpm-passthrough-crb.xml | 12 ++- tests/qemuxml2argvdata/tpm-passthrough.xml | 12 ++- .../tpm-emulator-spapr.ppc64-latest.xml | 1 + .../tpm-emulator-tpm2-enc.x86_64-latest.xml | 41 +--------- ...tpm-emulator-tpm2-pstate.x86_64-latest.xml | 39 +--------- .../tpm-emulator-tpm2.x86_64-latest.xml | 44 +---------- .../tpm-emulator.x86_64-latest.xml | 39 +--------- .../tpm-passthrough-crb.x86_64-latest.xml | 41 +--------- .../tpm-passthrough.x86_64-latest.xml | 41 +--------- tests/qemuxml2xmltest.c | 1 + 16 files changed, 138 insertions(+), 321 deletions(-) create mode 120000 tests/qemuxml2xmloutdata/tpm-emulator-spapr.ppc64-latest.xml mode change 100644 => 120000 tests/qemuxml2xmloutdata/tpm-emulator-tpm2-enc.x86_64-latest.xml mode change 100644 => 120000 tests/qemuxml2xmloutdata/tpm-emulator-tpm2-pstate.x86_64-latest.xml mode change 100644 => 120000 tests/qemuxml2xmloutdata/tpm-emulator-tpm2.x86_64-latest.xml mode change 100644 => 120000 tests/qemuxml2xmloutdata/tpm-emulator.x86_64-latest.xml mode change 100644 => 120000 tests/qemuxml2xmloutdata/tpm-passthrough-crb.x86_64-latest.xml mode change 100644 => 120000 tests/qemuxml2xmloutdata/tpm-passthrough.x86_64-latest.xml -- 2.34.1

4 12

[PATCH] rpc: Require dtrace sources to be generated first
by Michal Privoznik 04 Jan '22

04 Jan '22

The virt_socket_lib is built from virnetsocket.c (among others). But this file includes virprobe.h which includes libvirt_probes.h which is a generated file. But this dependency is not recorded in meson which may lead to a failed build. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- I don't know if this is the right fix or we need to go with declare_dependency(), or even something else. But this fixes the build for me. src/rpc/meson.build | 1 + 1 file changed, 1 insertion(+) diff --git a/src/rpc/meson.build b/src/rpc/meson.build index 7fde92e6cf..36a2809adf 100644 --- a/src/rpc/meson.build +++ b/src/rpc/meson.build @@ -9,6 +9,7 @@ socket_sources = [ virt_socket_lib = static_library( 'virt_socket', [ + dtrace_gen_headers, socket_sources, ], dependencies: [ -- 2.32.0

2 1

[PATCH v2] Add VM info to improve error log message for qemu monitor
by Rohit Kumar 04 Jan '22

04 Jan '22

This patch is to determine the VM which had IO or socket hangup error. Accessing directly vm->def->name inside qemuMonitorIO() or qemuMonitorSend() might leads to illegal access as we are out of 'vm' context and vm->def might not exist. Adding a field "domainName" inside mon object to access vm name and initialising it when creating mon object. Signed-off-by: Rohit Kumar <rohit.kumar3(a)nutanix.com> --- diff to v1: - Adding a field domainName inside _qemuMonitor struct for accessing vm name instead of directly accessing mon->vm->def->name. - Link to v1: https://listman.redhat.com/archives/libvir-list/2021-December/msg00217.html - Talked with peter on RFC and he suggested me to add a field inside monitor struct to get VM name. src/qemu/qemu_monitor.c | 47 +++++++++++++++++++++++++---------------- 1 file changed, 29 insertions(+), 18 deletions(-) diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index dda6ae9796..c3a0227795 100644 --- a/src/qemu/qemu_monitor.c +++ b/src/qemu/qemu_monitor.c @@ -80,6 +80,7 @@ struct _qemuMonitor { GSource *watch; virDomainObj *vm; + char *domainName; qemuMonitorCallbacks *cb; void *callbackOpaque; @@ -243,6 +244,7 @@ qemuMonitorDispose(void *obj) virCondDestroy(&mon->notify); g_free(mon->buffer); g_free(mon->balloonpath); + g_free(mon->domainName); } @@ -530,13 +532,18 @@ qemuMonitorIO(GSocket *socket G_GNUC_UNUSED, qemuMonitor *mon = opaque; bool error = false; bool hangup = false; + virDomainObj *vm = NULL; + char *vmName = NULL; virObjectRef(mon); + vm = mon->vm; + vmName = mon->domainName; + /* lock access to the monitor and protect fd */ virObjectLock(mon); #if DEBUG_IO - VIR_DEBUG("Monitor %p I/O on socket %p cond %d", mon, socket, cond); + VIR_DEBUG("Monitor %p I/O on socket %p cond %d vm=%p name=%s", mon, socket, cond, vm, NULLSTR(vmName)); #endif if (mon->fd == -1 || !mon->watch) { virObjectUnlock(mon); @@ -583,8 +590,8 @@ qemuMonitorIO(GSocket *socket G_GNUC_UNUSED, if (!error && !mon->goteof && cond & G_IO_ERR) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Invalid file descriptor while waiting for monitor")); + virReportError(VIR_ERR_INTERNAL_ERROR, + _("%s: Invalid file descriptor while waiting for monitor"), NULLSTR(vmName)); mon->goteof = true; } } @@ -609,13 +616,14 @@ qemuMonitorIO(GSocket *socket G_GNUC_UNUSED, virResetLastError(); } else { if (virGetLastErrorCode() == VIR_ERR_OK && !mon->goteof) - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Error while processing monitor IO")); + virReportError(VIR_ERR_INTERNAL_ERROR, + _("%s: Error while processing monitor IO"), NULLSTR(vmName)); virCopyLastError(&mon->lastError); virResetLastError(); } - VIR_DEBUG("Error on monitor %s", NULLSTR(mon->lastError.message)); + VIR_DEBUG("Error on monitor %s mon=%p vm=%p name=%s", + NULLSTR(mon->lastError.message), mon, vm, NULLSTR(vmName)); /* If IO process resulted in an error & we have a message, * then wakeup that waiter */ if (mon->msg && !mon->msg->finished) { @@ -631,22 +639,22 @@ qemuMonitorIO(GSocket *socket G_GNUC_UNUSED, * will try to acquire the virDomainObj *mutex next */ if (mon->goteof) { qemuMonitorEofNotifyCallback eofNotify = mon->cb->eofNotify; - virDomainObj *vm = mon->vm; /* Make sure anyone waiting wakes up now */ virCondSignal(&mon->notify); virObjectUnlock(mon); - VIR_DEBUG("Triggering EOF callback"); + VIR_DEBUG("Triggering EOF callback mon=%p vm=%p name=%s", + mon, vm, NULLSTR(vmName)); (eofNotify)(mon, vm, mon->callbackOpaque); virObjectUnref(mon); } else if (error) { qemuMonitorErrorNotifyCallback errorNotify = mon->cb->errorNotify; - virDomainObj *vm = mon->vm; /* Make sure anyone waiting wakes up now */ virCondSignal(&mon->notify); virObjectUnlock(mon); - VIR_DEBUG("Triggering error callback"); + VIR_DEBUG("Triggering error callback mon=%p vm=%p name=%s", + mon, vm, NULLSTR(vmName)); (errorNotify)(mon, vm, mon->callbackOpaque); virObjectUnref(mon); } else { @@ -694,6 +702,7 @@ qemuMonitorOpenInternal(virDomainObj *vm, mon->fd = fd; mon->context = g_main_context_ref(context); mon->vm = virObjectRef(vm); + mon->domainName = g_strdup(vm->def->name); mon->waitGreeting = true; mon->cb = cb; mon->callbackOpaque = opaque; @@ -932,17 +941,19 @@ qemuMonitorSend(qemuMonitor *mon, qemuMonitorMessage *msg) { int ret = -1; + virDomainObj *vm = mon->vm; + char *vmName = mon->domainName; /* Check whether qemu quit unexpectedly */ if (mon->lastError.code != VIR_ERR_OK) { - VIR_DEBUG("Attempt to send command while error is set %s", - NULLSTR(mon->lastError.message)); + VIR_DEBUG("Attempt to send command while error is set %s mon=%p vm=%p name=%s", + NULLSTR(mon->lastError.message), mon, vm, NULLSTR(vmName)); virSetError(&mon->lastError); return -1; } if (mon->goteof) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("End of file from qemu monitor")); + virReportError(VIR_ERR_INTERNAL_ERROR, + _("%s: End of file from qemu monitor"), NULLSTR(vmName)); return -1; } @@ -955,15 +966,15 @@ qemuMonitorSend(qemuMonitor *mon, while (!mon->msg->finished) { if (virCondWait(&mon->notify, &mon->parent.lock) < 0) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Unable to wait on monitor condition")); + virReportError(VIR_ERR_INTERNAL_ERROR, + _("%s: Unable to wait on monitor condition"), NULLSTR(vmName)); goto cleanup; } } if (mon->lastError.code != VIR_ERR_OK) { - VIR_DEBUG("Send command resulted in error %s", - NULLSTR(mon->lastError.message)); + VIR_DEBUG("Send command resulted in error %s mon=%p vm=%p name=%s", + NULLSTR(mon->lastError.message), mon, vm, NULLSTR(vmName)); virSetError(&mon->lastError); goto cleanup; } -- 2.25.1

3 12

[PATCH v2 0/3] Rework <tpm/> formatting
by Michal Privoznik 04 Jan '22

04 Jan '22

v2 of: https://listman.redhat.com/archives/libvir-list/2022-January/msg00047.html diff to v1: - Pushed 1/4 from the original series, because it was acked and independent of the rest. - Swapped two patches to make the test suite pass after each single patch. - Renamed variable in 1/3 (3/4 in the original series) per Peter's suggestion. Michal Prívozník (3): conf: Rework <tpm/> formatting qemuxml2xmloutdata: Turn tpm-*.xml files into symlinks conf: Make virDomainTPMDefFormat() return void src/conf/domain_conf.c | 65 ++++++++----------- .../tpm-emulator-tpm2-enc.xml | 12 +++- .../tpm-emulator-tpm2-pstate.xml | 12 +++- tests/qemuxml2argvdata/tpm-emulator-tpm2.xml | 13 +++- tests/qemuxml2argvdata/tpm-emulator.xml | 12 +++- .../qemuxml2argvdata/tpm-passthrough-crb.xml | 12 +++- tests/qemuxml2argvdata/tpm-passthrough.xml | 12 +++- .../tpm-emulator-tpm2-enc.x86_64-latest.xml | 41 +----------- ...tpm-emulator-tpm2-pstate.x86_64-latest.xml | 39 +---------- .../tpm-emulator-tpm2.x86_64-latest.xml | 44 +------------ .../tpm-emulator.x86_64-latest.xml | 39 +---------- .../tpm-passthrough-crb.x86_64-latest.xml | 41 +----------- .../tpm-passthrough.x86_64-latest.xml | 41 +----------- 13 files changed, 94 insertions(+), 289 deletions(-) mode change 100644 => 120000 tests/qemuxml2xmloutdata/tpm-emulator-tpm2-enc.x86_64-latest.xml mode change 100644 => 120000 tests/qemuxml2xmloutdata/tpm-emulator-tpm2-pstate.x86_64-latest.xml mode change 100644 => 120000 tests/qemuxml2xmloutdata/tpm-emulator-tpm2.x86_64-latest.xml mode change 100644 => 120000 tests/qemuxml2xmloutdata/tpm-emulator.x86_64-latest.xml mode change 100644 => 120000 tests/qemuxml2xmloutdata/tpm-passthrough-crb.x86_64-latest.xml mode change 100644 => 120000 tests/qemuxml2xmloutdata/tpm-passthrough.x86_64-latest.xml -- 2.34.1

2 4

[PATCH] conf: Extend TPM ABI stability check for <active_pcr_banks/>
by Michal Privoznik 04 Jan '22

04 Jan '22

Changing <active_pcr_banks/> means changing the guest ABI and as such must be prevented on both restoring from a file or migration. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2035888 Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- src/conf/domain_conf.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 716c6d2240..bba662bf4c 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -21994,6 +21994,20 @@ virDomainTPMDefCheckABIStability(virDomainTPMDef *src, return false; } + switch (src->type) { + case VIR_DOMAIN_TPM_TYPE_EMULATOR: + if (src->data.emulator.activePcrBanks != dst->data.emulator.activePcrBanks) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("Target active PCR banks doesn't match source")); + return false; + } + break; + + case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: + case VIR_DOMAIN_TPM_TYPE_LAST: + break; + } + return virDomainDeviceInfoCheckABIStability(&src->info, &dst->info); } -- 2.34.1

2 1

[PATCH] ci: Refresh configuration
by Andrea Bolognani 04 Jan '22

04 Jan '22

Notable changes: * drop libdbus and radvd; * add codespell. Signed-off-by: Andrea Bolognani <abologna(a)redhat.com> --- Pushed under the CI refresh rule. Test pipeline: https://gitlab.com/abologna/libvirt/-/pipelines/440555431 Full patch: https://gitlab.com/libvirt/libvirt/-/commit/d004171806f1364c8a0112e02329ff0… ci/cirrus/freebsd-12.vars | 2 +- ci/cirrus/freebsd-13.vars | 2 +- ci/cirrus/freebsd-current.vars | 2 +- ci/cirrus/macos-11.vars | 2 +- ci/containers/centos-8.Dockerfile | 4 +--- ci/containers/centos-stream-8.Dockerfile | 4 +--- ci/containers/debian-10-cross-aarch64.Dockerfile | 3 +-- ci/containers/debian-10-cross-armv6l.Dockerfile | 3 +-- ci/containers/debian-10-cross-armv7l.Dockerfile | 3 +-- ci/containers/debian-10-cross-i686.Dockerfile | 3 +-- ci/containers/debian-10-cross-mips.Dockerfile | 3 +-- ci/containers/debian-10-cross-mips64el.Dockerfile | 3 +-- ci/containers/debian-10-cross-mipsel.Dockerfile | 3 +-- ci/containers/debian-10-cross-ppc64le.Dockerfile | 3 +-- ci/containers/debian-10-cross-s390x.Dockerfile | 3 +-- ci/containers/debian-10.Dockerfile | 3 +-- ci/containers/debian-11-cross-aarch64.Dockerfile | 6 ++---- ci/containers/debian-11-cross-armv6l.Dockerfile | 6 ++---- ci/containers/debian-11-cross-armv7l.Dockerfile | 6 ++---- ci/containers/debian-11-cross-i686.Dockerfile | 6 ++---- ci/containers/debian-11-cross-mips64el.Dockerfile | 6 ++---- ci/containers/debian-11-cross-mipsel.Dockerfile | 6 ++---- ci/containers/debian-11-cross-ppc64le.Dockerfile | 6 ++---- ci/containers/debian-11-cross-s390x.Dockerfile | 6 ++---- ci/containers/debian-11.Dockerfile | 6 ++---- ci/containers/debian-sid-cross-aarch64.Dockerfile | 6 ++---- ci/containers/debian-sid-cross-armv6l.Dockerfile | 6 ++---- ci/containers/debian-sid-cross-armv7l.Dockerfile | 6 ++---- ci/containers/debian-sid-cross-i686.Dockerfile | 6 ++---- ci/containers/debian-sid-cross-mips64el.Dockerfile | 6 ++---- ci/containers/debian-sid-cross-mipsel.Dockerfile | 6 ++---- ci/containers/debian-sid-cross-ppc64le.Dockerfile | 6 ++---- ci/containers/debian-sid-cross-s390x.Dockerfile | 6 ++---- ci/containers/debian-sid.Dockerfile | 6 ++---- ci/containers/fedora-34.Dockerfile | 8 +++----- ci/containers/fedora-35-cross-mingw32.Dockerfile | 6 ++---- ci/containers/fedora-35-cross-mingw64.Dockerfile | 6 ++---- ci/containers/fedora-35.Dockerfile | 8 +++----- ci/containers/fedora-rawhide-cross-mingw32.Dockerfile | 6 ++---- ci/containers/fedora-rawhide-cross-mingw64.Dockerfile | 6 ++---- ci/containers/fedora-rawhide.Dockerfile | 8 +++----- ci/containers/opensuse-leap-152.Dockerfile | 3 +-- ci/containers/opensuse-tumbleweed.Dockerfile | 3 +-- ci/containers/ubuntu-1804.Dockerfile | 6 ++---- ci/containers/ubuntu-2004.Dockerfile | 6 ++---- 45 files changed, 75 insertions(+), 145 deletions(-) diff --git a/ci/cirrus/freebsd-13.vars b/ci/cirrus/freebsd-13.vars index 4845d8d461..480a403361 100644 --- a/ci/cirrus/freebsd-13.vars +++ b/ci/cirrus/freebsd-13.vars @@ -11,6 +11,6 @@ MAKE='/usr/local/bin/gmake' NINJA='/usr/local/bin/ninja' PACKAGING_COMMAND='pkg' PIP3='/usr/local/bin/pip-3.8' -PKGS='augeas bash-completion ca_root_nss ccache cppi curl cyrus-sasl dbus diffutils diskscrub dnsmasq fusefs-libs gettext git glib gmake gnugrep gnutls gsed libpcap libpciaccess libssh libssh2 libxml2 libxslt meson ninja perl5 pkgconf polkit py38-docutils py38-flake8 python3 qemu radvd readline yajl' +PKGS='augeas bash-completion ca_root_nss ccache codespell cppi curl cyrus-sasl diffutils diskscrub dnsmasq fusefs-libs gettext git glib gmake gnugrep gnutls gsed libpcap libpciaccess libssh libssh2 libxml2 libxslt meson ninja perl5 pkgconf polkit py38-docutils py38-flake8 python3 qemu readline yajl' PYPI_PKGS='' PYTHON='/usr/local/bin/python3' diff --git a/ci/containers/debian-11.Dockerfile b/ci/containers/debian-11.Dockerfile index e26b89d1d9..ce66568fb5 100644 --- a/ci/containers/debian-11.Dockerfile +++ b/ci/containers/debian-11.Dockerfile @@ -17,6 +17,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ ca-certificates \ ccache \ clang \ + codespell \ cpp \ diffutils \ dnsmasq-base \ @@ -39,7 +40,6 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ libc6-dev \ libcap-ng-dev \ libcurl4-gnutls-dev \ - libdbus-1-dev \ libdevmapper-dev \ libfuse-dev \ libglib2.0-dev \ @@ -81,14 +81,12 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ python3 \ python3-docutils \ qemu-utils \ - radvd \ scrub \ sed \ systemtap-sdt-dev \ wireshark-dev \ xfslibs-dev \ - xsltproc \ - zfs-fuse && \ + xsltproc && \ eatmydata apt-get autoremove -y && \ eatmydata apt-get autoclean -y && \ sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \ [... a lot more like this ...] -- 2.31.1

1 0

[PATCH] qemu: monitor: Remove disabled debug infrastructure
by Peter Krempa 04 Jan '22

04 Jan '22

Signed-off-by: Peter Krempa <pkrempa(a)redhat.com> --- src/qemu/qemu_monitor.c | 44 ----------------------------------------- 1 file changed, 44 deletions(-) diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index dda6ae9796..32e4ff1191 100644 --- a/src/qemu/qemu_monitor.c +++ b/src/qemu/qemu_monitor.c @@ -56,9 +56,6 @@ VIR_LOG_INIT("qemu.qemu_monitor"); -#define DEBUG_IO 0 -#define DEBUG_RAW_IO 0 - /* We read from QEMU until seeing a \r\n pair to indicate a * completed reply or event. To avoid memory denial-of-service * though, we must have a size limit on amount of data we @@ -210,25 +207,6 @@ VIR_ENUM_IMPL(qemuMonitorMemoryFailureAction, "ignore", "inject", "fatal", "reset"); -#if DEBUG_RAW_IO -static char * -qemuMonitorEscapeNonPrintable(const char *text) -{ - size_t i; - g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER; - for (i = 0; text[i] != '\0'; i++) { - if (g_ascii_isprint(text[i]) || - text[i] == '\n' || - (text[i] == '\r' && text[i + 1] == '\n')) - virBufferAddChar(&buf, text[i]); - else - virBufferAsprintf(&buf, "0x%02x", text[i]); - } - return virBufferContentAndReset(&buf); -} -#endif - - static void qemuMonitorDispose(void *obj) { @@ -329,17 +307,6 @@ qemuMonitorIOProcess(qemuMonitor *mon) if (mon->msg && mon->msg->txOffset == mon->msg->txLength) msg = mon->msg; -#if DEBUG_IO -# if DEBUG_RAW_IO - char *str1 = qemuMonitorEscapeNonPrintable(msg ? msg->txBuffer : ""); - char *str2 = qemuMonitorEscapeNonPrintable(mon->buffer); - VIR_ERROR(_("Process %d %p %p [[[[%s]]][[[%s]]]"), (int)mon->bufferOffset, mon->msg, msg, str1, str2); - VIR_FREE(str1); - VIR_FREE(str2); -# else - VIR_DEBUG("Process %d", (int)mon->bufferOffset); -# endif -#endif PROBE_QUIET(QEMU_MONITOR_IO_PROCESS, "mon=%p buf=%s len=%zu", mon, mon->buffer, mon->bufferOffset); @@ -360,10 +327,6 @@ qemuMonitorIOProcess(qemuMonitor *mon) VIR_FREE(mon->buffer); mon->bufferOffset = mon->bufferLength = 0; } -#if DEBUG_IO - VIR_DEBUG("Process done %d used %d", (int)mon->bufferOffset, len); -#endif - /* As the monitor mutex was unlocked in qemuMonitorJSONIOProcess() * while dealing with qemu event, mon->msg could be changed which * means the above 'msg' may be invalid, thus we use 'mon->msg' here */ @@ -505,10 +468,6 @@ qemuMonitorIORead(qemuMonitor *mon) mon->buffer[mon->bufferOffset] = '\0'; } -#if DEBUG_IO - VIR_DEBUG("Now read %d bytes of data", (int)mon->bufferOffset); -#endif - return ret; } @@ -535,9 +494,6 @@ qemuMonitorIO(GSocket *socket G_GNUC_UNUSED, /* lock access to the monitor and protect fd */ virObjectLock(mon); -#if DEBUG_IO - VIR_DEBUG("Monitor %p I/O on socket %p cond %d", mon, socket, cond); -#endif if (mon->fd == -1 || !mon->watch) { virObjectUnlock(mon); virObjectUnref(mon); -- 2.31.1

2 1

CDROM hotplug not supported even with usb bus
by Tianren Zhang 03 Jan '22

03 Jan '22

Hi, I am using libvirt-4.5.0 + qemu-kvm-ev-2.12.0 and I have a question about the cdrom function of libvirt. When I tried to attach a CD ROM, it rejected the operation showing "cdrom/floppy device hotplug isn't supported". I understand that it should be rejected when the IDE bus is used, but the hotplug with USB bus is totally feasible, as it's also supported in qemu, in this case, should it be allowed for hotplug? I have not tried the newest version of libvirt yet, but looking at the upstream source code it seems that there is no change regarding this issue. Thank you, Tianren Zhang

2 1

[PATCH] virnettlscontext: Generate longer DH keys
by Michal Privoznik 03 Jan '22

03 Jan '22

Currently, we generate 2048 bits long DH keys. This may look enough, but it's not very future proof. When system crypto policy is tightened only 3072 or longer keys are valid. From CRYPTO-POLICIES(7): FUTURE A conservative security policy that is believed to withstand any near-term future attacks. ... • DH params size: >= 3072 • RSA keys size: >= 3072 This policy corresponds to GNUTLS_SEC_PARAM_HIGH parameters. Therefore, pass that to gnutls_sec_param_to_pk_bits() to get longer key. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- Technically, this is a v2 of: https://listman.redhat.com/archives/libvir-list/2021-December/msg00827.html and was already reviewed. I'm sending it here because I've split the original patch into two. The first one, which switches to gnutls_sec_param_to_pk_bits() usage is merged. The second one (this one) which lengthens the key is not. src/rpc/virnettlscontext.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c index 55da485f96..f0b1e8f9c1 100644 --- a/src/rpc/virnettlscontext.c +++ b/src/rpc/virnettlscontext.c @@ -718,7 +718,7 @@ static virNetTLSContext *virNetTLSContextNew(const char *cacert, if (isServer) { unsigned int bits = 0; - bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, GNUTLS_SEC_PARAM_MEDIUM); + bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, GNUTLS_SEC_PARAM_HIGH); if (bits == 0) { virReportError(VIR_ERR_SYSTEM_ERROR, "%s", _("Unable to get key length for diffie-hellman parameters")); -- 2.34.1

2 1

[libvirt PATCH 0/3] tests: virtimetest: Skip more tests near year's end
by Andrea Bolognani 03 Jan '22

03 Jan '22

Failed pipeline: https://gitlab.com/libvirt/libvirt/-/pipelines/439750804 Fixed pipeline: https://gitlab.com/abologna/libvirt/-/pipelines/439847251 Andrea Bolognani (3): tests: virtimetest: Move comment tests: virtimetest: Skip more tests near year's end tests: virtimetest: Mention GLib version containing fix tests/virtimetest.c | 58 ++++++++++++++++++++++----------------------- 1 file changed, 28 insertions(+), 30 deletions(-) -- 2.31.1

2 5