[PATCH] libxl: Fix domain startup failure error reporting
by Cole Robinson
When domain startup fails, domain cleanup calls
libxlNetworkUnwindDevices, which calls virGetConnectNetwork, which
is a top level API entry point, which resets the initial saved error,
leading to clients seeing:
error: An error occurred, but the cause is unknown
This preserves the error from before virGetConnectNetwork is called.
Signed-off-by: Cole Robinson <crobinso(a)redhat.com>
---
src/libxl/libxl_domain.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/libxl/libxl_domain.c b/src/libxl/libxl_domain.c
index 17b347de4e..bda110e9e6 100644
--- a/src/libxl/libxl_domain.c
+++ b/src/libxl/libxl_domain.c
@@ -830,12 +830,17 @@ libxlNetworkUnwindDevices(virDomainDef *def)
/* cleanup actual device */
virDomainNetRemoveHostdev(def, net);
if (net->type == VIR_DOMAIN_NET_TYPE_NETWORK) {
- g_autoptr(virConnect) conn = virGetConnectNetwork();
+ g_autoptr(virConnect) conn = NULL;
+ virErrorPtr save_err;
+
+ virErrorPreserveLast(&save_err);
+ conn = virGetConnectNetwork();
if (conn)
virDomainNetReleaseActualDevice(conn, def, net);
else
VIR_WARN("Unable to release network device '%s'", NULLSTR(net->ifname));
+ virErrorRestore(&save_err);
}
}
}
--
2.36.1
2 years, 4 months
[PATCH 0/4] qemu: Fix tpm-tis for armv7l and riscv
by Cole Robinson
This fixes tpm-tis usage for armv7l and riscv arches, and then
switches qemu tpm validation to use domcaps as the source of truth
Cole Robinson (4):
qemu: validate: Drop tpm-tis arch validation
qemu: command: Use correct tpm device for all non-x86
tests: mock swtpm initialization for all qemu tests
qemu: validate: use domcaps for tpm validation
src/qemu/qemu_command.c | 2 +-
src/qemu/qemu_validate.c | 77 +++++++++-------------------------------
tests/domaincapstest.c | 7 ----
tests/testutilsqemu.c | 8 +++++
4 files changed, 26 insertions(+), 68 deletions(-)
--
2.36.1
2 years, 4 months
[libvirt PATCH 0/2] tools: add integrated support for XPath in virsh
by Daniel P. Berrangé
See commit 2 for the example usage
Daniel P. Berrangé (2):
tools: add helper method for printing an XML document
tools: add '--xpath EXPRESSION --wrap' args to all dumpxml commands
docs/manpages/virsh.rst | 138 ++++++++++++++++++++++++++++++++++-----
tools/virsh-backup.c | 17 ++++-
tools/virsh-checkpoint.c | 17 ++++-
tools/virsh-domain.c | 55 +++++++++++++---
tools/virsh-interface.c | 22 +++++--
tools/virsh-network.c | 47 +++++++++----
tools/virsh-nodedev.c | 17 ++++-
tools/virsh-nwfilter.c | 51 ++++++++++-----
tools/virsh-pool.c | 27 +++++---
tools/virsh-secret.c | 18 ++++-
tools/virsh-snapshot.c | 17 ++++-
tools/virsh-util.c | 59 +++++++++++++++++
tools/virsh-util.h | 7 ++
tools/virsh-volume.c | 28 +++++---
14 files changed, 436 insertions(+), 84 deletions(-)
--
2.36.1
2 years, 4 months
[PATCH] po/LINGUAS: Fix sorting
by Peter Krempa
Fixes breakage of 'sc_linguas_sorting'.
Fixes: c886a40cfcbceb2efa57930b64f758d3e263d759
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
Pushed as a build fix. Whether that syntax check is a sensible use of
CPU cycles is for another discussion.
po/LINGUAS | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/po/LINGUAS b/po/LINGUAS
index 33418f7705..490a76b5d4 100644
--- a/po/LINGUAS
+++ b/po/LINGUAS
@@ -17,6 +17,7 @@ hu
id
it
ja
+ka
kn
ko
mk
@@ -42,4 +43,3 @@ uk
vi
zh_CN
zh_TW
-ka
--
2.36.1
2 years, 4 months
Some questions regarding firmware handling in the qemu driver
by Jim Fehlig
Hi All,
I received a bug report (private, sorry) about inability to "deploy uefi virtual
machine with secureboot enabled on aarch64 kvm host". Indeed the qemu driver has
some checks that would prohibit using secure boot with aarch64 virt machines, e.g.
https://gitlab.com/libvirt/libvirt/-/blob/master/src/qemu/qemu_validate.c...
However it appears qemu does not restrict booting a firmware with keys enrolled
and secure boot enabled. E.g.
qemu-system-aarch64 -m 4096 -cpu host -accel kvm -smp 4 -M virt -drive
if=pflash,format=raw,readonly=on,file=/usr/share/qemu/aavmf-aarch64-opensuse-code.bin
-drive if=pflash,format=raw,file=/vm_images/jim/images/test/test-vars-store.bin ...
seems to work fine and within the guest I see db keys loaded by kernel
[ 4.782777] integrity: Loading X.509 certificate: UEFI:db
[ 4.789494] integrity: Loaded X.509 cert 'Build time autogenerated kernel
key: 44e3470bd0c5eb190e3292dfc42db061521184ee'
[ 4.789548] integrity: Loading X.509 certificate: UEFI:db
[ 4.789701] integrity: Loaded X.509 cert 'openSUSE Secure Boot Signkey:
0332fa9cbf0d88bf21924b0de82a09a54d5defc8'
[ 4.789710] integrity: Loading X.509 certificate: UEFI:db
[ 4.789841] integrity: Loaded X.509 cert 'SUSE Linux Enterprise Secure Boot
Signkey: 3fb077b6cebc6ff2522e1c148c57c777c788e3e7'
Can we consider easing the secure boot restrictions in qemuValidateDomainDefBoot?
Experimenting with the behavior on x86 raised other questions:
libvirt requires the firmware to support SMM to enable secure boot. But is SMM a
strict requirement for secure boot? IIUC, lack of SMM makes the securely booted
stack less secure since it is easier to tamper with it, but it does not prevent
securely booting the components.
When selecting firmwares manually and marking the loader secure, VM creation
fails unless SMM is explicitly set in <features>. E.g. the following will fail
with "unsupported configuration: Secure boot requires SMM feature enabled"
<os>
<type arch="x86_64" machine="q35">hvm</type>
<loader readonly="yes" secure="yes"
type="pflash">/usr/share/qemu/ovmf-x86_64-smm-code.bin</loader>
<nvram template="/usr/share/qemu/ovmf-x86_64-smm-vars.bin"/>
<boot dev="hd"/>
</os>
even though the descriptor file for /usr/share/qemu/ovmf-x86_64-smm-code.bin
advertises secure-boot and requires-smm. Is this just a case of trying to mix
old style explicit firmware selection vs firmware auto-select? I.e., if
selecting the firmware explicitly, the onus is on the user to also specify any
related and required config?
Regards,
Jim
2 years, 4 months
[PATCH] storage: zfs: split pool and volume names properly
by Fabian Lesniak
Before, the volume name was determined as the last token after any /
character. This does not work with zvols below the top level of the
pool: /dev/zvols/pool/images/vm1 is truncated to /dev/zvols/pool/vm1.
This patch removes the pool name only, so when using the pool "pool",
the volume path "images/vm1" is used.
---
src/storage/storage_backend_zfs.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/storage/storage_backend_zfs.c b/src/storage/storage_backend_zfs.c
index 2a5d74357d..397ea7f386 100644
--- a/src/storage/storage_backend_zfs.c
+++ b/src/storage/storage_backend_zfs.c
@@ -104,7 +104,7 @@ virStorageBackendZFSParseVol(virStoragePoolObj *pool,
virStorageVolDef *volume = NULL;
virStoragePoolDef *def = virStoragePoolObjGetDef(pool);
g_auto(GStrv) tokens = NULL;
- char *tmp;
+ char *pool_name = def->source.name;
if (!(tokens = g_strsplit(volume_string, "\t", 0)))
return -1;
@@ -113,8 +113,9 @@ virStorageBackendZFSParseVol(virStoragePoolObj *pool,
goto cleanup;
vol_name = tokens[0];
- if ((tmp = strrchr(vol_name, '/')))
- vol_name = tmp + 1;
+ if (strlen(vol_name) > strlen(pool_name) &&
+ STRPREFIX(vol_name, pool_name))
+ vol_name += strlen(pool_name) + 1;
if (vol == NULL)
volume = virStorageVolDefFindByName(pool, vol_name);
--
2.36.1
2 years, 4 months
[PATCH] qemu: Fix alignment in qemuFirmwareMappingFlashFormat()
by Andrea Bolognani
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
Pushed as trivial.
src/qemu/qemu_firmware.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
index 1dd5c09636..c8f462bfcf 100644
--- a/src/qemu/qemu_firmware.c
+++ b/src/qemu/qemu_firmware.c
@@ -751,7 +751,7 @@ qemuFirmwareMappingFlashFormat(virJSONValue *mapping,
return -1;
if (virJSONValueObjectAppend(mapping,
- "nvram-template",
+ "nvram-template",
&nvram_template) < 0)
return -1;
}
--
2.35.3
2 years, 4 months
[PATCH 0/6] Improve setting of logging with 'virt-admin' when daemon uses auto-shutdown
by Peter Krempa
Allow setting of the timeout so that users can bypass it when they are
setting runtime-logging.
Update the docs to mention the caveat and suggest the bypass.
Peter Krempa (6):
virnetdaemon: Extract autoShutdownTimer operations from
virNetDaemonRun
virNetDaemonAutoShutdown: Allow live update of shutdown timeout
scripts: apibuild: Improve error when API is missing from symbol file
admin: Introduce virAdmConnectSetDaemonTimeout
virt-admin: Introduce 'daemon-timeout'
kbase: debuglogs: Add a note about auto-shutdown of daemons
docs/kbase/debuglogs.rst | 20 +++++
docs/manpages/virt-admin.rst | 12 +++
include/libvirt/libvirt-admin.h | 4 +
scripts/apibuild.py | 2 +
src/admin/admin_protocol.x | 12 ++-
src/admin/admin_server_dispatch.c | 12 +++
src/admin/libvirt-admin.c | 34 ++++++++
src/admin/libvirt_admin_public.syms | 5 ++
src/admin_protocol-structs | 5 ++
src/locking/lock_daemon.c | 5 +-
src/logging/log_daemon.c | 5 +-
src/remote/remote_daemon.c | 4 +-
src/rpc/virnetdaemon.c | 127 ++++++++++++++++++----------
src/rpc/virnetdaemon.h | 4 +-
tools/virt-admin.c | 45 ++++++++++
15 files changed, 240 insertions(+), 56 deletions(-)
--
2.36.1
2 years, 4 months
Plans for the next release
by Jiri Denemark
We are getting close to the next release of libvirt. To aim for the
release on Jul 01 I suggest entering the freeze on Monday Jun 27 and
tagging RC2 on Wednesday Jun 29.
I hope this works for everyone.
Jirka
2 years, 4 months
[PATCH] virMacAddrParse: Fix wrong termination character
by Eustance Wu
>From ef22e53c9360ddb4bdff61a12013a2812fb7346a Mon Sep 17 00:00:00 2001
From: longtao <longtao.wu(a)zstack.io>
Date: Thu, 16 Jun 2022 14:08:14 +0800
Subject: [PATCH] virMacAddrParse: Fix wrong termination character
The judgment of the termination character should be the '\0' character, not
a space.
Using spaces to judge, content can be injected into mac. such as:
"70:af:e7:1f:3f:89\32injected".
Before this patch, the terminating character was a space ('\32'),not '\0'.
So I can set the DHCP host mac like this "<host mac='c0:3b:04:21:15:35
injected' name='name129' ip='192.168.100.129'/>".
When running the network, no error is reported.
But, when using this mac to create a virtual machine, Will get
"virNetSocketReadWire:1805 : End of file while reading data: Input/output
error" in the libvirtd log.
---
src/util/virmacaddr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/util/virmacaddr.c b/src/util/virmacaddr.c
index 6b22384cee..ba7c7e7076 100644
--- a/src/util/virmacaddr.c
+++ b/src/util/virmacaddr.c
@@ -163,7 +163,7 @@ virMacAddrParse(const char* str, virMacAddr *addr)
addr->addr[i] = (unsigned char) result;
- if ((i == 5) && (*end_ptr <= ' '))
+ if ((i == 5) && (*end_ptr == 0))
return 0;
if (*end_ptr != ':')
break;
--
2.32.0
2 years, 4 months