January 2023 - Devel - libvirt List Archives

[libvirt PATCH 0/1] apparmor: Allow umount(/dev)
by Andrea Bolognani 18 Jan '23

18 Jan '23

CC'ing AppArmor experts to get their input :) This is a farily big hammer, but unfortunately I don't think it's possible to tell AppArmor "let the driver use umount, but only if it's running inside a namespace". Andrea Bolognani (1): apparmor: Allow umount(/dev) src/security/apparmor/usr.sbin.libvirtd.in | 1 + src/security/apparmor/usr.sbin.virtqemud.in | 1 + 2 files changed, 2 insertions(+) -- 2.39.0

3 7

[PATCH] remote: add missing lock guard for secret value API
by Daniel P. Berrangé 18 Jan '23

18 Jan '23

This fixes a bug in commit fda53ab3a536647192dd088672dcb6f4a6820e51 Author: Daniel P. Berrangé <berrange(a)redhat.com> Date: Thu Dec 22 10:29:32 2022 -0500 remote: use VIR_LOCK_GUARD in client code Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- src/remote/remote_driver.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 206a3829e2..a1e08bcfe2 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -5088,6 +5088,7 @@ remoteSecretGetValue(virSecretPtr secret, size_t *value_size, remote_secret_get_value_args args; remote_secret_get_value_ret ret = {0}; struct private_data *priv = secret->conn->privateData; + VIR_LOCK_GUARD lock = remoteDriverLock(priv); make_nonnull_secret(&args.secret, secret); args.flags = flags; -- 2.39.0

2 1

[libvirt PATCH] remote: remoteDomainCreate: Add missing struct initializer for 'ret2'
by Erik Skultety 18 Jan '23

18 Jan '23

Fixes: 62448c1a4927682f999fecf55e896de4625e46f6 Signed-off-by: Erik Skultety <eskultet(a)redhat.com> --- The commit in question broke many integration tests: https://gitlab.com/libvirt/libvirt/-/jobs/3620679044 src/remote/remote_driver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 206a3829e2..33eff0fe12 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -2428,7 +2428,7 @@ remoteDomainCreate(virDomainPtr domain) { remote_domain_create_args args; remote_domain_lookup_by_uuid_args args2; - remote_domain_lookup_by_uuid_ret ret2; + remote_domain_lookup_by_uuid_ret ret2 = {0}; struct private_data *priv = domain->conn->privateData; VIR_LOCK_GUARD lock = remoteDriverLock(priv); -- 2.39.0

2 1

[libvirt PATCH] ch: use CURLOPT_UPLOAD instead of CURLOPT_PUT
by Daniel P. Berrangé 18 Jan '23

18 Jan '23

The CURLOPT_PUT constant causes a deprecation warning when compiling on Alpine Edge. The docs indicate it is deprecated since 7.2.1 https://curl.se/libcurl/c/CURLOPT_PUT.html We already use CURLOPT_UPLOAD in the ESX driver, so this brings the CH driver into line. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- src/ch/ch_monitor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ch/ch_monitor.c b/src/ch/ch_monitor.c index 8d8654332f..7b8f0a8077 100644 --- a/src/ch/ch_monitor.c +++ b/src/ch/ch_monitor.c @@ -660,7 +660,7 @@ virCHMonitorPutNoContent(virCHMonitor *mon, const char *endpoint) curl_easy_setopt(mon->handle, CURLOPT_UNIX_SOCKET_PATH, mon->socketpath); curl_easy_setopt(mon->handle, CURLOPT_URL, url); - curl_easy_setopt(mon->handle, CURLOPT_PUT, true); + curl_easy_setopt(mon->handle, CURLOPT_UPLOAD, 1L); curl_easy_setopt(mon->handle, CURLOPT_HTTPHEADER, NULL); responseCode = virCHMonitorCurlPerform(mon->handle); -- 2.39.0

2 2

[PATCH V9 00/14] spec: Decompose the daemon subpackage
by Jim Fehlig 18 Jan '23

18 Jan '23

This is V9 of https://listman.redhat.com/archives/libvir-list/2023-January/237006.html The end goal is to remove the libvirt-dameon dependency on the various libvirt-daemon-driver-foo subpackages, allowing installation of a modular daemon configuration without the traditional monolithic libvirtd. Changes from V8: * Move adjustments to systemd service files to a new patch * Address more review comments Jim Fehlig (14): spec: Move virtlockd to a new subpackage libvirt-daemon-lock spec: Move virtlogd to a new subpackage libvirt-daemon-log spec: Move virtproxyd to a new subpackage libvirt-daemon-proxy spec: Move lockd plugin to a new subpackage spec: Rename the libvirt-lock-sanlock subpackage spec: Move common files and dependencies to libvirt-daemon-common spec: Add module-init-tools dependency to nodedev and lxc drivers spec: Add numad dependency to qemu and lxc drivers spec: Remove libvirt-daemon dependency from secondary drivers services: Weaken systemd dependency on virtlockd spec: Remove libvirt-daemon dependency from primary drivers spec: Remove libvirt-daemon dependency from hypervisor subpackages kbase: Update rpm-deployment.rst with new subpackages NEWS: Mention split of libvirt-daemon subpackage NEWS.rst | 6 + docs/kbase/rpm-deployment.rst | 48 +++-- libvirt.spec.in | 332 +++++++++++++++++++++++---------- src/libxl/virtxend.service.in | 2 +- src/qemu/virtqemud.service.in | 2 +- src/remote/libvirtd.service.in | 2 +- 6 files changed, 281 insertions(+), 111 deletions(-) -- 2.38.1

3 24

[PATCH] qemu_namespace: Umount the original /dev before replacing it with tmpfs
by Michal Privoznik 18 Jan '23

18 Jan '23

Our code relies on mount events propagating into the namespace we create for a domain. However, there's one caveat. In v8.8.0-rc1~8 I've tried to make us detect differences in mount tables between the namespace in which libvirtd runs and the domain namespace. This is crucial for any mounts that happen after the domain was started (for instance new hugetlbfs can be mounted on say /dev/hugepages1G). Therefore, we take a look into /proc/$(pgrep qemu)/mounts to see what filesystems are mounted under /dev. Now, since we don't umount the original /dev, just mount a tmpfs over it, we get all the events (e.g. aforementioned hugetlbfs mount on /dev/hugepages1G), but we are not really able to access it because of the tmpfs that's placed on top. This then confuses our algorithm for detecting which filesystems are mounted (the algorithm is implemented in qemuDomainGetPreservedMounts()). To break the link between host's and guest's /dev we just need to umount() the original /dev in the namespace. Just before our artificially created tmpfs is moved into its place. Fixes: 46b03819ae8d833b11c2aaccb2c2a0361727f51b Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2151869#c6 Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- src/qemu/qemu_namespace.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c index 90c0b90024..a6b9af1307 100644 --- a/src/qemu/qemu_namespace.c +++ b/src/qemu/qemu_namespace.c @@ -775,6 +775,11 @@ qemuDomainUnshareNamespace(virQEMUDriverConfig *cfg, goto cleanup; } + if (umount("/dev") < 0) { + virReportSystemError(errno, "%s", _("failed to umount devfs on /dev")); + return -1; + } + if (virFileMoveMount(devPath, "/dev") < 0) goto cleanup; -- 2.37.4

4 3

[PATCH 00/15] Clean up credential asking code in SSH transport
by Peter Krempa 17 Jan '23

17 Jan '23

Peter Krempa (15): virNetLibsshSessionAuthAddPrivKeyAuth: Drop 'password' argument virNetLibsshAuthMethod: Drop 'password' field util: authconfig: Use automatic pointer clearing for virAuthConfig util: authconfig: Use conteporary and consistent header style virNetSSHSessionAuthAddPrivKeyAuth: Remove unused 'password' argument virNetSSHSessionAuthAddPrivKeyAuth: Refactor cleanup virNetSSHAuthMethod: Remove unused 'password' field virnetsshsession: Pass in username via virNetSSHSessionNew rather than auth functions util: auth: Introduce virAuthAskCredential virNetLibsshAuthenticateKeyboardInteractive: Use virAuthAskCredential virNetLibsshAuthenticatePrivkeyCb: Use virAuthAskCredential util: virauth: Export virAuthGetCredential virNetLibsshCheckHostKey: Use virAuthAskCredential virNetLibsshAuthenticatePassword: Use virAuthAskPassword instead of virAuthGetPasswordPath virAuthGetPasswordPath: Use virAuthAskCredential for callback interaction src/libvirt_private.syms | 3 + src/rpc/virnetlibsshsession.c | 211 ++++++++++------------------------ src/rpc/virnetlibsshsession.h | 3 +- src/rpc/virnetsocket.c | 19 +-- src/rpc/virnetsshsession.c | 162 ++++++++------------------ src/rpc/virnetsshsession.h | 13 +-- src/util/virauth.c | 107 +++++++++++------ src/util/virauth.h | 12 ++ src/util/virauthconfig.c | 52 ++++----- 9 files changed, 223 insertions(+), 359 deletions(-) -- 2.38.1

2 21

[PATCH] qemu: Provide virDomainGetCPUStats() implementation for session connection
by Michal Privoznik 17 Jan '23

17 Jan '23

We have virDomainGetCPUStats() API which offers querying statistics on host CPU usage by given guest. And it works in two modes: getting overall stats (@start_cpu == -1, @ncpus == 1) or getting per host CPU usage. For the QEMU driver it is implemented by looking into values stored in corresponding cpuacct CGroup controller. Well, this works for system instances, where libvirt has permissions to create CGroups and place QEMU process into them. But it does not fly for session connection, where no CGroups are set up. Fortunately, we can do something similar to v8.8.0-rc1~95 and use virProcessGetStatInfo() to fill the overall stats. Unfortunately, I haven't found any source of per host CPU usage, so we just continue throwing an error in that case. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- src/qemu/qemu_driver.c | 52 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 50 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index d6879175fe..a570057ecf 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -16009,6 +16009,50 @@ qemuDomainGetMetadata(virDomainPtr dom, return ret; } +#define QEMU_CPU_STATS_PROC_TOTAL 3 + +static int +qemuDomainGetCPUStatsProc(virDomainObj *vm, + virTypedParameterPtr params, + unsigned int nparams) +{ + unsigned long long cpuTime = 0; + unsigned long long userTime = 0; + unsigned long long sysTime = 0; + + if (nparams == 0) { + /* return supported number of params */ + return QEMU_CPU_STATS_PROC_TOTAL; + } + + if (virProcessGetStatInfo(&cpuTime, &userTime, &sysTime, + NULL, NULL, vm->pid, 0) < 0) { + virReportError(VIR_ERR_OPERATION_FAILED, "%s", + _("cannot read cputime for domain")); + return -1; + } + + if (virTypedParameterAssign(&params[0], VIR_DOMAIN_CPU_STATS_CPUTIME, + VIR_TYPED_PARAM_ULLONG, cpuTime) < 0) + return -1; + + if (nparams > 1 && + virTypedParameterAssign(&params[1], VIR_DOMAIN_CPU_STATS_USERTIME, + VIR_TYPED_PARAM_ULLONG, userTime) < 0) + return -1; + + if (nparams > 2 && + virTypedParameterAssign(&params[2], VIR_DOMAIN_CPU_STATS_SYSTEMTIME, + VIR_TYPED_PARAM_ULLONG, sysTime) < 0) + return -1; + + if (nparams > 3) + nparams = 3; + + return nparams; +} + +#undef QEMU_CPU_STATS_PROC_TOTAL static int qemuDomainGetCPUStats(virDomainPtr domain, @@ -16037,8 +16081,12 @@ qemuDomainGetCPUStats(virDomainPtr domain, goto cleanup; if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_CPUACCT)) { - virReportError(VIR_ERR_OPERATION_INVALID, - "%s", _("cgroup CPUACCT controller is not mounted")); + if (start_cpu == -1) { + ret = qemuDomainGetCPUStatsProc(vm, params, nparams); + } else { + virReportError(VIR_ERR_OPERATION_INVALID, "%s", + _("cgroup CPUACCT controller is not mounted")); + } goto cleanup; } -- 2.38.2

3 2

[PATCH] docs: Fix typo
by Andrea Bolognani 17 Jan '23

17 Jan '23

Signed-off-by: Andrea Bolognani <abologna(a)redhat.com> --- Pushed as trivial. docs/formatdomain.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index 8fc8aeb928..f76c7c3d81 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -2703,7 +2703,7 @@ paravirtualized driver is specified via the ``disk`` element. holding the disk. :since:`Since 0.0.3` :since:`Since 9.0.0` a new optional attribute ``fdgroup`` can be added - instructing to access the disk via file descriptiors associated to the + instructing to access the disk via file descriptors associated to the domain object via the ``virDomainFDAssociate()`` API rather than opening the files. The files do not necessarily have to be accessible by libvirt via the filesystem. The filename passed via ``file`` can still be used -- 2.39.0

1 0

[libvirt PATCH 0/3] cgroups cpu shares fixes
by Pavel Hrdina 17 Jan '23

17 Jan '23

Pavel Hrdina (3): vircgroupv2: fix cpu.weight limits check domain_validate: drop cpu.shares cgroup check docs: document correct cpu shares limits with both cgroups v1 and v2 docs/formatdomain.rst | 2 +- docs/manpages/virsh.rst | 3 ++- src/conf/domain_validate.c | 10 ---------- src/util/vircgroup.h | 2 ++ src/util/vircgroupv2.c | 8 ++++---- 5 files changed, 9 insertions(+), 16 deletions(-) -- 2.39.0

3 5