November 2022 - Devel - libvirt List Archives

[PATCH 0/2] Fix virt-qemu-run with network interface
by Martin Kletzander 15 Nov '22

15 Nov '22

yay, blurb Martin Kletzander (2): util: Remove return value from virTypedParamsCopy virGetConnectGeneric: Only delegate existing identities src/driver.c | 14 ++++++-------- src/libvirt-domain.c | 3 +-- src/util/viridentity.c | 10 ++++------ src/util/virtypedparam.c | 6 ++---- src/util/virtypedparam.h | 6 +++--- src/vz/vz_driver.c | 3 +-- 6 files changed, 17 insertions(+), 25 deletions(-) -- 2.38.1

2 3

[libvirt PATCH] ci: regenerate with lcitool manifest
by Daniel P. Berrangé 14 Nov '22

14 Nov '22

Two notable changes: * the macOS platform has switched from x86_64 to aarch64 * if a new pipeline starts before a previous one finishes, jobs marked 'interruptible: true' will be auto-cancelled Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- NB: the macOS changes are pending on approval of: https://gitlab.com/libvirt/libvirt-ci/-/merge_requests/333 ci/gitlab.yml | 1 + ci/gitlab/build-templates.yml | 37 ++++++++++++++++++------------- ci/gitlab/builds.yml | 6 ++--- ci/gitlab/container-templates.yml | 1 + ci/gitlab/sanity-checks.yml | 1 + ci/manifest.yml | 2 +- 6 files changed, 28 insertions(+), 20 deletions(-) diff --git a/ci/gitlab.yml b/ci/gitlab.yml index bdc5e0a96f..3866dcf545 100644 --- a/ci/gitlab.yml +++ b/ci/gitlab.yml @@ -67,6 +67,7 @@ workflow: debug: image: docker.io/library/alpine:3 stage: sanity_checks + interruptible: true needs: [] script: - printenv | sort diff --git a/ci/gitlab/build-templates.yml b/ci/gitlab/build-templates.yml index 5d7d6c59c5..259cf2b173 100644 --- a/ci/gitlab/build-templates.yml +++ b/ci/gitlab/build-templates.yml @@ -9,14 +9,14 @@ # We use pre-built containers for any pipelines that are: # # - Validating code committed on default upstream branch -# - Validating patches targetting default upstream branch +# - Validating patches targeting default upstream branch # which do not have CI changes # # We use a local build env for any pipelines that are: # # - Validating code committed to a non-default upstream branch -# - Validating patches targetting a non-default upstream branch -# - Validating patches targetting default upstream branch which +# - Validating patches targeting a non-default upstream branch +# - Validating patches targeting default upstream branch which # include CI changes # - Validating code committed to a fork branch # @@ -26,6 +26,7 @@ .gitlab_native_build_job_prebuilt_env: image: $CI_REGISTRY/$RUN_UPSTREAM_NAMESPACE/libvirt/ci-$NAME:latest stage: builds + interruptible: true before_script: - cat /packages.txt rules: @@ -36,14 +37,14 @@ - if: '$CI_PROJECT_NAMESPACE == $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' when: on_success - # upstream: other web/api/scheduled pipelines targetting the default branch + # upstream: other web/api/scheduled pipelines targeting the default branch - if: '$CI_PROJECT_NAMESPACE == $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE =~ /(web|api|schedule)/ && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH && $JOB_OPTIONAL' when: manual allow_failure: true - if: '$CI_PROJECT_NAMESPACE == $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE =~ /(web|api|schedule)/ && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH' when: on_success - # upstream+forks: merge requests targetting the default branch, without CI changes + # upstream+forks: merge requests targeting the default branch, without CI changes - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $CI_DEFAULT_BRANCH' changes: - ci/gitlab/container-templates.yml @@ -61,6 +62,7 @@ .gitlab_native_build_job_local_env: image: $IMAGE stage: builds + interruptible: true before_script: - source ci/buildenv/$NAME.sh - install_buildenv @@ -79,7 +81,7 @@ - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE' when: on_success - # upstream: other web/api/scheduled pipelines targetting non-default branches + # upstream: other web/api/scheduled pipelines targeting non-default branches - if: '$CI_PROJECT_NAMESPACE == $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE =~ /(web|api|schedule)/ && $CI_COMMIT_REF_NAME != $CI_DEFAULT_BRANCH && $JOB_OPTIONAL' when: manual allow_failure: true @@ -93,7 +95,7 @@ - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE =~ /(web|api|schedule)/' when: on_success - # upstream+forks: merge requests targetting the default branch, with CI changes + # upstream+forks: merge requests targeting the default branch, with CI changes - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $CI_DEFAULT_BRANCH && $JOB_OPTIONAL' changes: - ci/gitlab/container-templates.yml @@ -106,7 +108,7 @@ - ci/containers/$NAME.Dockerfile when: on_success - # upstream+forks: merge requests targetting non-default branches + # upstream+forks: merge requests targeting non-default branches - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != $CI_DEFAULT_BRANCH && $JOB_OPTIONAL' when: manual allow_failure: true @@ -121,14 +123,14 @@ # We use pre-built containers for any pipelines that are: # # - Validating code committed on default upstream branch -# - Validating patches targetting default upstream branch +# - Validating patches targeting default upstream branch # which do not have CI changes # # We use a local build env for any pipelines that are: # # - Validating code committed to a non-default upstream branch -# - Validating patches targetting a non-default upstream branch -# - Validating patches targetting default upstream branch which +# - Validating patches targeting a non-default upstream branch +# - Validating patches targeting default upstream branch which # include CI changes # - Validating code committed to a fork branch # @@ -138,6 +140,7 @@ .gitlab_cross_build_job_prebuilt_env: image: $CI_REGISTRY/$RUN_UPSTREAM_NAMESPACE/libvirt/ci-$NAME-cross-$CROSS:latest stage: builds + interruptible: true before_script: - cat /packages.txt rules: @@ -148,14 +151,14 @@ - if: '$CI_PROJECT_NAMESPACE == $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' when: on_success - # upstream: other web/api/scheduled pipelines targetting the default branch + # upstream: other web/api/scheduled pipelines targeting the default branch - if: '$CI_PROJECT_NAMESPACE == $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE =~ /(web|api|schedule)/ && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH && $JOB_OPTIONAL' when: manual allow_failure: true - if: '$CI_PROJECT_NAMESPACE == $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE =~ /(web|api|schedule)/ && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH' when: on_success - # upstream+forks: merge requests targetting the default branch, without CI changes + # upstream+forks: merge requests targeting the default branch, without CI changes - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $CI_DEFAULT_BRANCH' changes: - ci/gitlab/container-templates.yml @@ -173,6 +176,7 @@ .gitlab_cross_build_job_local_env: image: $IMAGE stage: builds + interruptible: true before_script: - source ci/buildenv/$NAME.sh - install_buildenv @@ -191,7 +195,7 @@ - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE' when: on_success - # upstream: other web/api/scheduled pipelines targetting non-default branches + # upstream: other web/api/scheduled pipelines targeting non-default branches - if: '$CI_PROJECT_NAMESPACE == $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE =~ /(web|api|schedule)/ && $CI_COMMIT_REF_NAME != $CI_DEFAULT_BRANCH && $JOB_OPTIONAL' when: manual allow_failure: true @@ -205,7 +209,7 @@ - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE =~ /(web|api|schedule)/' when: on_success - # upstream+forks: merge requests targetting the default branch, with CI changes + # upstream+forks: merge requests targeting the default branch, with CI changes - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $CI_DEFAULT_BRANCH && $JOB_OPTIONAL' changes: - ci/gitlab/container-templates.yml @@ -218,7 +222,7 @@ - ci/containers/$NAME.Dockerfile when: on_success - # upstream+forks: merge requests targetting non-default branches + # upstream+forks: merge requests targeting non-default branches - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != $CI_DEFAULT_BRANCH && $JOB_OPTIONAL' when: manual allow_failure: true @@ -232,6 +236,7 @@ .cirrus_build_job: stage: builds image: registry.gitlab.com/libvirt/libvirt-ci/cirrus-run:master + interruptible: true needs: [] script: - source ci/cirrus/$NAME.vars diff --git a/ci/gitlab/builds.yml b/ci/gitlab/builds.yml index e2f2f39320..0e2daebe97 100644 --- a/ci/gitlab/builds.yml +++ b/ci/gitlab/builds.yml @@ -860,14 +860,14 @@ x86_64-freebsd-13: UPGRADE_COMMAND: pkg upgrade -y -x86_64-macos-12: +aarch64-macos-12: extends: .cirrus_build_job needs: [] allow_failure: false variables: - CIRRUS_VM_IMAGE_NAME: monterey-base + CIRRUS_VM_IMAGE_NAME: ghcr.io/cirruslabs/macos-monterey-base:latest CIRRUS_VM_IMAGE_SELECTOR: image - CIRRUS_VM_INSTANCE_TYPE: osx_instance + CIRRUS_VM_INSTANCE_TYPE: macos_instance INSTALL_COMMAND: brew install NAME: macos-12 PATH_EXTRA: /usr/local/opt/ccache/libexec:/usr/local/opt/gettext/bin:/usr/local/opt/libpcap/bin:/usr/local/opt/libxslt/bin:/usr/local/opt/rpcgen/bin diff --git a/ci/gitlab/container-templates.yml b/ci/gitlab/container-templates.yml index a577028d11..edb4aba676 100644 --- a/ci/gitlab/container-templates.yml +++ b/ci/gitlab/container-templates.yml @@ -16,6 +16,7 @@ .container_job: image: docker:stable stage: containers + interruptible: false needs: [] services: - docker:dind diff --git a/ci/gitlab/sanity-checks.yml b/ci/gitlab/sanity-checks.yml index f843c7f708..cdcfb9bf91 100644 --- a/ci/gitlab/sanity-checks.yml +++ b/ci/gitlab/sanity-checks.yml @@ -9,6 +9,7 @@ check-dco: stage: sanity_checks needs: [] image: registry.gitlab.com/libvirt/libvirt-ci/check-dco:master + interruptible: true script: - /check-dco "$RUN_UPSTREAM_NAMESPACE" rules: diff --git a/ci/manifest.yml b/ci/manifest.yml index 865a82a4a9..2aec92dd26 100644 --- a/ci/manifest.yml +++ b/ci/manifest.yml @@ -175,7 +175,7 @@ targets: macos-12: jobs: - - arch: x86_64 + - arch: aarch64 variables: PATH_EXTRA: /usr/local/opt/ccache/libexec:/usr/local/opt/gettext/bin:/usr/local/opt/libpcap/bin:/usr/local/opt/libxslt/bin:/usr/local/opt/rpcgen/bin PKG_CONFIG_PATH: /usr/local/opt/curl/lib/pkgconfig:/usr/local/opt/libpcap/lib/pkgconfig:/usr/local/opt/libxml2/lib/pkgconfig:/usr/local/opt/ncurses/lib/pkgconfig:/usr/local/opt/readline/lib/pkgconfig -- 2.37.3

2 1

[libvirt PATCH][pushed] Fix spelling
by Tim Wiederhake 14 Nov '22

14 Nov '22

Signed-off-by: Tim Wiederhake <twiederh(a)redhat.com> --- NEWS.rst | 2 +- src/qemu/qemu.conf.in | 2 +- src/qemu/qemu_monitor.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/NEWS.rst b/NEWS.rst index e584bc1fed..2ce8ef4b6a 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -218,7 +218,7 @@ v8.5.0 (2022-07-01) * qemu: Add support for zero-copy migration With QEMU 7.1.0, libvirt can enable zerocopy for parallel migration. This - is implmented by adding a new ``VIR_MIGRATE_ZEROCOPY`` flag(``virsh migrate + is implemented by adding a new ``VIR_MIGRATE_ZEROCOPY`` flag(``virsh migrate --zerocopy``). * Introduce thread_pool_min and thread_pool_max attributes to IOThread diff --git a/src/qemu/qemu.conf.in b/src/qemu/qemu.conf.in index 623da72d60..3895d42514 100644 --- a/src/qemu/qemu.conf.in +++ b/src/qemu/qemu.conf.in @@ -963,7 +963,7 @@ # "vcpus" - only QEMU vCPU threads are placed into a separate scheduling group, # emulator threads and helper processes remain outside of the group # "emulator" - only QEMU and its threads (emulator + vCPUs) are placed into -# separate scheduling group, helper proccesses remain outside of +# separate scheduling group, helper processes remain outside of # the group # "full" - both QEMU and its helper processes are placed into separate # scheduling group diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index 8ada16154c..80f262cec7 100644 --- a/src/qemu/qemu_monitor.c +++ b/src/qemu/qemu_monitor.c @@ -4346,7 +4346,7 @@ qemuMonitorQueryStatsProviderNew(qemuMonitorQueryStatsProviderType provider_type /* * This can be lowered later in case of the enum getting quite large, hence - * the virBitmapSetExpand below which also incidently makes this function + * the virBitmapSetExpand below which also incidentally makes this function * non-fallible. */ provider->names = virBitmapNew(QEMU_MONITOR_QUERY_STATS_NAME_LAST); -- 2.36.1

2 1

[PATCH] tests: Fix libxlxml2domconfigtest
by Jim Fehlig 11 Nov '22

11 Nov '22

Downstream CI recently encountered failures of libxlxml2domconfigtest when building libvirt packages against Xen 4.17 rc3 packages. The test fails on vnuma_hvm config, where suddently the actual json produced by libxl_domain_config_to_json() contains a 'pnode' entry in the 'vnuma_nodes' list, which is absent in the expected json. It appears the test has thus far passed by luck. E.g. I was able to make the test pass in the failing environment by changing the meson buildtype from debugoptimized to debug. When a VM config contains vnuma settings, libxlMakeVnumaList() checks if the number of requested vnuma nodes exceeds the number of physical nodes. The number of physical nodes is retrieved with libxl_get_physinfo(), which can return wildly different results in the context of unit tests. This change mocks libxl_get_physinfo() to return consistent results. All fields of the libxl_physinfo struct are set to 0 except nr_nodes, which is set to 6 to ensure the vnuma_hvm configuration is properly tested. Signed-off-by: Jim Fehlig <jfehlig(a)suse.com> --- tests/libxlmock.c | 15 +++++++++++++++ tests/libxlxml2domconfigdata/vnuma-hvm.json | 5 +++++ 2 files changed, 20 insertions(+) diff --git a/tests/libxlmock.c b/tests/libxlmock.c index 4754597e5b..205d34df19 100644 --- a/tests/libxlmock.c +++ b/tests/libxlmock.c @@ -70,6 +70,21 @@ VIR_MOCK_IMPL_RET_ARGS(libxl_get_version_info, return &info; } +VIR_MOCK_IMPL_RET_ARGS(libxl_get_physinfo, + int, + libxl_ctx *, ctx, + libxl_physinfo *, physinfo) +{ + memset(physinfo, 0, sizeof(*physinfo)); + physinfo->nr_nodes = 6; + + /* silence gcc warning about unused function */ + if (0) + real_libxl_get_physinfo(ctx, physinfo); + + return 0; +} + VIR_MOCK_STUB_RET_ARGS(libxl_get_free_memory, int, 0, libxl_ctx *, ctx, diff --git a/tests/libxlxml2domconfigdata/vnuma-hvm.json b/tests/libxlxml2domconfigdata/vnuma-hvm.json index 2556c82d5f..c90ee823a4 100644 --- a/tests/libxlxml2domconfigdata/vnuma-hvm.json +++ b/tests/libxlxml2domconfigdata/vnuma-hvm.json @@ -39,6 +39,7 @@ 41, 51 ], + "pnode": 1, "vcpus": [ 1 ] @@ -53,6 +54,7 @@ 31, 41 ], + "pnode": 2, "vcpus": [ 2 ] @@ -67,6 +69,7 @@ 21, 31 ], + "pnode": 3, "vcpus": [ 3 ] @@ -81,6 +84,7 @@ 10, 21 ], + "pnode": 4, "vcpus": [ 4 ] @@ -95,6 +99,7 @@ 21, 10 ], + "pnode": 5, "vcpus": [ 5 ] -- 2.37.3

2 2

[PATCH] qemu_validate: Use proper printf directive for ssize_t
by Michal Privoznik 11 Nov '22

11 Nov '22

In one of recent commits an error message was introduced. In this message a variable of type ssize_t is being printed out, but the corresponding format directive is %ld instead of %zd which breaks on 32bits systems. Switch to proper format. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- Pushed under trivial rule. src/qemu/qemu_validate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c index bd040c7ff8..c687df0bfc 100644 --- a/src/qemu/qemu_validate.c +++ b/src/qemu/qemu_validate.c @@ -5047,7 +5047,7 @@ qemuValidateDomainDeviceDefMemory(virDomainMemoryDef *mem, while ((node = virBitmapNextSetBit(mem->sourceNodes, node)) >= 0) { if (mem->size > sgxCaps->sgxSections[node].size) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, - _("sgx epc size %lld on host node %ld is less than requested size %lld"), + _("sgx epc size %lld on host node %zd is less than requested size %lld"), sgxCaps->sgxSections[node].size, node, mem->size); return -1; } -- 2.37.4

1 0

[libvirt][PATCH v17 0/9] Support query and use SGX
by Lin Yang 11 Nov '22

11 Nov '22

Diff to v16: * Included SGX EPC in the calculation and validation of maximum memory space in qemuDomainDefValidateMemoryHotplug. Removed all hacking in this function, but only skip qemuDomainDefValidateMemoryHotplugDevice validation for SGX EPC, since it is not hotpluggable. * Added SGX fields in new QEMU 7.2 domaincaps xml. Haibin Huang (4): domain_capabilities: Define SGX capabilities structs qemu: Get SGX capabilities form QMP Convert QMP capabilities to domain capabilities conf: expose SGX feature in domain capabilities Lin Yang (2): conf: Introduce SGX EPC element into device memory xml qemu: Add command-line to generate SGX EPC memory backend Michal Prívozník (3): qemu_cgroup: Allow SGX in devices controller qemu_namespace: Create SGX related nodes in domain's namespace security_dac: Set DAC label on SGX /dev nodes docs/formatdomain.rst | 25 +- docs/formatdomaincaps.rst | 40 ++++ src/conf/domain_capabilities.c | 47 ++++ src/conf/domain_capabilities.h | 22 ++ src/conf/domain_conf.c | 30 +++ src/conf/domain_conf.h | 1 + src/conf/domain_postparse.c | 1 + src/conf/domain_validate.c | 9 + src/conf/schemas/domaincaps.rng | 43 ++++ src/conf/schemas/domaincommon.rng | 1 + src/libvirt_private.syms | 1 + src/qemu/qemu_alias.c | 6 +- src/qemu/qemu_capabilities.c | 220 ++++++++++++++++++ src/qemu/qemu_capabilities.h | 4 + src/qemu/qemu_cgroup.c | 78 ++++++- src/qemu/qemu_command.c | 66 +++++- src/qemu/qemu_domain.c | 28 ++- src/qemu/qemu_domain.h | 2 + src/qemu/qemu_domain_address.c | 6 + src/qemu/qemu_driver.c | 1 + src/qemu/qemu_monitor.c | 10 + src/qemu/qemu_monitor.h | 3 + src/qemu/qemu_monitor_json.c | 154 +++++++++++- src/qemu/qemu_monitor_json.h | 4 + src/qemu/qemu_namespace.c | 20 +- src/qemu/qemu_process.c | 2 + src/qemu/qemu_validate.c | 40 ++++ src/security/security_apparmor.c | 1 + src/security/security_dac.c | 46 ++-- src/security/security_selinux.c | 2 + tests/domaincapsdata/bhyve_basic.x86_64.xml | 1 + tests/domaincapsdata/bhyve_fbuf.x86_64.xml | 1 + tests/domaincapsdata/bhyve_uefi.x86_64.xml | 1 + tests/domaincapsdata/empty.xml | 1 + tests/domaincapsdata/libxl-xenfv.xml | 1 + tests/domaincapsdata/libxl-xenpv.xml | 1 + .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml | 1 + .../qemu_4.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.s390x.xml | 1 + tests/domaincapsdata/qemu_4.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml | 1 + .../qemu_5.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_5.1.0.sparc.xml | 1 + tests/domaincapsdata/qemu_5.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.2.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.2.0-tcg.x86_64.xml | 1 + .../qemu_5.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_5.2.0.s390x.xml | 1 + tests/domaincapsdata/qemu_5.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_6.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml | 1 + .../qemu_6.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_6.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_6.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_6.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_6.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_6.2.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml | 1 + .../qemu_6.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_6.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_7.0.0-q35.x86_64.xml | 10 + .../domaincapsdata/qemu_7.0.0-tcg.x86_64.xml | 10 + .../qemu_7.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_7.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_7.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_7.0.0.x86_64.xml | 10 + .../domaincapsdata/qemu_7.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_7.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_7.1.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_7.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_7.2.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_7.2.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_7.2.0.x86_64.xml | 1 + .../caps_6.2.0.x86_64.replies | 21 +- .../caps_7.0.0.x86_64.replies | 34 ++- .../caps_7.0.0.x86_64.xml | 11 + .../caps_7.1.0.x86_64.replies | 21 +- .../caps_7.2.0.x86_64.replies | 21 +- .../sgx-epc.x86_64-7.0.0.args | 40 ++++ tests/qemuxml2argvdata/sgx-epc.xml | 65 ++++++ tests/qemuxml2argvtest.c | 2 + .../sgx-epc.x86_64-7.0.0.xml | 65 ++++++ tests/qemuxml2xmltest.c | 2 + 98 files changed, 1210 insertions(+), 70 deletions(-) create mode 100644 tests/qemuxml2argvdata/sgx-epc.x86_64-7.0.0.args create mode 100644 tests/qemuxml2argvdata/sgx-epc.xml create mode 100644 tests/qemuxml2xmloutdata/sgx-epc.x86_64-7.0.0.xml -- 2.25.1

2 1

[libvirt][PATCH v17 1/9] domain_capabilities: Define SGX capabilities structs
by Lin Yang 11 Nov '22

11 Nov '22

From: Haibin Huang <haibin.huang(a)intel.com> Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> Reviewed-by: Peter Krempa <pkrempa(a)redhat.com> Signed-off-by: Haibin Huang <haibin.huang(a)intel.com> --- src/conf/domain_capabilities.c | 11 +++++++++++ src/conf/domain_capabilities.h | 22 ++++++++++++++++++++++ src/libvirt_private.syms | 1 + 3 files changed, 34 insertions(+) diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c index a7f256e4ec..daeaee3c5c 100644 --- a/src/conf/domain_capabilities.c +++ b/src/conf/domain_capabilities.c @@ -76,6 +76,17 @@ virSEVCapabilitiesFree(virSEVCapability *cap) } +void +virSGXCapabilitiesFree(virSGXCapability *cap) +{ + if (!cap) + return; + + g_free(cap->sgxSections); + g_free(cap); +} + + static void virDomainCapsDispose(void *obj) { diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h index e0cfa75531..1d504a3506 100644 --- a/src/conf/domain_capabilities.h +++ b/src/conf/domain_capabilities.h @@ -208,6 +208,22 @@ struct _virSEVCapability { unsigned int max_es_guests; }; +typedef struct _virSGXSection virSGXSection; +struct _virSGXSection { + unsigned long long size; + unsigned int node; +}; + +typedef struct _virSGXCapability virSGXCapability; +struct _virSGXCapability { + bool flc; + bool sgx1; + bool sgx2; + unsigned long long section_size; + size_t nSgxSections; + virSGXSection *sgxSections; +}; + typedef enum { VIR_DOMAIN_CAPS_FEATURE_IOTHREADS = 0, VIR_DOMAIN_CAPS_FEATURE_VMCOREINFO, @@ -246,6 +262,7 @@ struct _virDomainCaps { virDomainCapsFeatureGIC gic; virSEVCapability *sev; + virSGXCapability *sgx; /* add new domain features here */ virTristateBool features[VIR_DOMAIN_CAPS_FEATURE_LAST]; @@ -296,3 +313,8 @@ void virSEVCapabilitiesFree(virSEVCapability *capabilities); G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSEVCapability, virSEVCapabilitiesFree); + +void +virSGXCapabilitiesFree(virSGXCapability *capabilities); + +G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSGXCapability, virSGXCapabilitiesFree); diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 97ff2a43e4..ebd7bc61a8 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -218,6 +218,7 @@ virDomainCapsEnumSet; virDomainCapsFormat; virDomainCapsNew; virSEVCapabilitiesFree; +virSGXCapabilitiesFree; # conf/domain_conf.h -- 2.25.1

1 8

[libvirt][PATCH v16 1/9] domain_capabilities: Define SGX capabilities structs
by Lin Yang 10 Nov '22

10 Nov '22

From: Haibin Huang <haibin.huang(a)intel.com> Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> Signed-off-by: Haibin Huang <haibin.huang(a)intel.com> --- src/conf/domain_capabilities.c | 11 +++++++++++ src/conf/domain_capabilities.h | 22 ++++++++++++++++++++++ src/libvirt_private.syms | 1 + 3 files changed, 34 insertions(+) diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c index 653123f293..869b5d68e6 100644 --- a/src/conf/domain_capabilities.c +++ b/src/conf/domain_capabilities.c @@ -76,6 +76,17 @@ virSEVCapabilitiesFree(virSEVCapability *cap) } +void +virSGXCapabilitiesFree(virSGXCapability *cap) +{ + if (!cap) + return; + + g_free(cap->sgxSections); + g_free(cap); +} + + static void virDomainCapsDispose(void *obj) { diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h index a526969cda..3c9fd7f7de 100644 --- a/src/conf/domain_capabilities.h +++ b/src/conf/domain_capabilities.h @@ -193,6 +193,22 @@ struct _virSEVCapability { unsigned int max_es_guests; }; +typedef struct _virSGXSection virSGXSection; +struct _virSGXSection { + unsigned long long size; + unsigned int node; +}; + +typedef struct _virSGXCapability virSGXCapability; +struct _virSGXCapability { + bool flc; + bool sgx1; + bool sgx2; + unsigned long long section_size; + size_t nSgxSections; + virSGXSection *sgxSections; +}; + typedef enum { VIR_DOMAIN_CAPS_FEATURE_IOTHREADS = 0, VIR_DOMAIN_CAPS_FEATURE_VMCOREINFO, @@ -229,6 +245,7 @@ struct _virDomainCaps { virDomainCapsFeatureGIC gic; virSEVCapability *sev; + virSGXCapability *sgx; /* add new domain features here */ virTristateBool features[VIR_DOMAIN_CAPS_FEATURE_LAST]; @@ -277,3 +294,8 @@ void virSEVCapabilitiesFree(virSEVCapability *capabilities); G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSEVCapability, virSEVCapabilitiesFree); + +void +virSGXCapabilitiesFree(virSGXCapability *capabilities); + +G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSGXCapability, virSGXCapabilitiesFree); diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 00cb07709d..97b019d00a 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -218,6 +218,7 @@ virDomainCapsEnumSet; virDomainCapsFormat; virDomainCapsNew; virSEVCapabilitiesFree; +virSGXCapabilitiesFree; # conf/domain_conf.h -- 2.25.1

5 15

libvirt-guests configurability regression
by Laszlo Ersek 10 Nov '22

10 Nov '22

Hi, I'm really unhappy about commit 8eb4461645c5 ("remove sysconfig files", 2022-01-17), first included in release v8.1.0. The (a) well-documented and (b) easily editable config file "/etc/sysconfig/libvirt-guests" is now gone. So if I want to do now on Fedora 36 the same thing that I used to do on up to and including Fedora 35, I now need to consult a new manual page (from grandparent commit 161727417a91, "docs: Add man page for libvirt-guests", 2022-01-17), and collect a bunch of options manually. The message on commit 8eb4461645c5 says, Remove the sysconfig file and place the current desired default into the service file. which I briefly considered a consolation, figuring I'd just copy the collected bunch of options (and hopefully their comments!) to the same place as before, from the "service file" -- "libvirt-guests.service". However, the actual commit does not live up to its promise; for example, the important ON_SHUTDOWN knob is only *removed* from the codebase by the commit; it is not reintroduced anywhere (certainly not in "libvirt-guests.service"). Well, the manual page, two commits up the branch, documents it, but that's totally no viable replacement. As of f8ebb5816350: > $ git grep -w ON_SHUTDOWN > > docs/manpages/libvirt-guests.rst:- ON_SHUTDOWN=suspend > docs/manpages/libvirt-guests.rst: time to shutdown. When setting ON_SHUTDOWN=shutdown, you must also set > docs/manpages/libvirt-guests.rst: "ON_SHUTDOWN" is set to "shutdown". If Set to 0, guests will be shutdown one > tools/libvirt-guests.sh.in:ON_SHUTDOWN="suspend" > tools/libvirt-guests.sh.in: if [ "x$ON_SHUTDOWN" = xshutdown ]; then > tools/libvirt-guests.sh.in: ON_SHUTDOWN="shutdown" ... It seems that "tools/libvirt-guests.sh.in" does have some built-in defaults (going back as far as to 66823690e469, "Init script for handling guests on shutdown/boot", 2010-05-21), which I could copy and modify presumably; however, those defaults still lack the previously directly adjacent documentation. Please consider remedying this. Readily editable config files with documentation and defaults included are very powerful. They are not suitable for all config formats of course (especially hierarchical ones: consider the domain XML for example), but for flat or otherwise simply structured config files, offering that productivity boost to end-users is a no-brainer, IMO. Please restore it if you can. Thanks Laszlo

4 13

[PATCH v3] nodedev: ignore EINVAL from libudev in udevEventHandleThread
by christian.ehrhardt＠canonical.com 10 Nov '22

10 Nov '22

From: Christian Ehrhardt <christian.ehrhardt(a)canonical.com> Certain udev entries might be of a size that makes libudev emit EINVAL which right now leads to udevEventHandleThread exiting. Due to no more handling events other elements of libvirt will start pushing for events to be consumed which never happens causing a busy loop burning a cpu without any gain. After evaluation of the example case discussed in in #245 and a test run ignoring EINVAL it was considered safe to add EINVAL to the ignored errnos to not exit udevEventHandleThread giving it more resilience. The root cause is in systemd and by now was discussed and fixed via https://github.com/systemd/systemd/issues/24987, but hardening libvirt to be able to better deal with EINVAL returned still is the right thing to avoid the reported busy loops on systemd with older systemd versions. Fixes: https://gitlab.com/libvirt/libvirt/-/issues/245 Signed-off-by: Christian Ehrhardt <christian.ehrhardt(a)canonical.com> Reviewed-by: Daniel P. Berrangé <berrange(a)redhat.com> --- src/node_device/node_device_udev.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/node_device/node_device_udev.c b/src/node_device/node_device_udev.c index 24ef1c25a9..2454cab8f8 100644 --- a/src/node_device/node_device_udev.c +++ b/src/node_device/node_device_udev.c @@ -1865,10 +1865,12 @@ udevEventHandleThread(void *opaque G_GNUC_UNUSED) } /* POSIX allows both EAGAIN and EWOULDBLOCK to be used - * interchangeably when the read would block or timeout was fired + * interchangeably when the read would block or timeout was fired. + * EINVAL might happen on too large udev entries, ignore those for + * the robustness of udevEventHandleThread. */ VIR_WARNINGS_NO_WLOGICALOP_EQUAL_EXPR - if (errno != EAGAIN && errno != EWOULDBLOCK) { + if (errno != EAGAIN && errno != EWOULDBLOCK && errno != EINVAL) { VIR_WARNINGS_RESET virReportSystemError(errno, "%s", _("failed to receive device from udev " -- 2.38.1

2 1