[PATCH v2 00/11] nwfilter: Add support for user defined metadata
by K Shiva Kiran
This patchset adds support for the following user defined metadata
fields for network filters.
- <title>: A short description of the filter.
- <description>: Any documentation that the user wants to store.
- <metadata>: Other metadata in XML form.
Two new public APIs have been added to work with these fields:
- virNWFilterGetMetadata()
- virNWFilterSetMetadata()
This is a v2 of:
https://listman.redhat.com/archives/libvir-list/2023-September/241788.html
Diff to v1:
- Added test cases in tests/nwfilterxml2xmltest.c
- Implemented test driver for nwfilter
- Added an API testcase tests/nwfiltermetadatatest.c
- Merged patches as instructed
K Shiva Kiran (11):
nwfilter_conf: Add schema and parser logic for nwfilter metadata
nwfilter_conf: Introduce public API to get/set user metadata
nwfilter: Implement RPC
virsh: Add new command `nwfilter-desc`
virsh: Add new command `nwfilter-metadata`
virsh: Add option --title for nwfilter-list
virnwfilterobj: Add obj get and set methods for nwfilter metadata
nwfilter_driver: Add Driver implementation for metadata
test_driver: Implement test driver for network filters
test_driver: Implement test driver for metadata APIs
NEWS: Introduce user-defined metadata fields for NWFilter object
NEWS.rst | 18 +
docs/formatnwfilter.rst | 31 ++
docs/manpages/virsh.rst | 93 ++++-
include/libvirt/libvirt-nwfilter.h | 27 ++
include/libvirt/virterror.h | 1 +
src/conf/nwfilter_conf.c | 35 +-
src/conf/nwfilter_conf.h | 8 +
src/conf/schemas/nwfilter.rng | 9 +
src/conf/virnwfilterobj.c | 148 ++++++++
src/conf/virnwfilterobj.h | 13 +
src/driver-nwfilter.h | 15 +
src/libvirt-nwfilter.c | 154 ++++++++
src/libvirt_private.syms | 2 +
src/libvirt_public.syms | 6 +
src/nwfilter/nwfilter_driver.c | 61 ++++
src/remote/remote_driver.c | 2 +
src/remote/remote_protocol.x | 34 +-
src/remote_protocol-structs | 19 +
src/test/test_driver.c | 287 ++++++++++++++-
src/util/virerror.c | 3 +
tests/meson.build | 1 +
tests/nwfiltermetadatatest.c | 297 ++++++++++++++++
tests/nwfilterxml2xmlin/metadata-test.xml | 12 +
tests/nwfilterxml2xmlout/metadata-test.xml | 10 +
tests/nwfilterxml2xmltest.c | 1 +
tools/virsh-nwfilter.c | 387 ++++++++++++++++++++-
tools/virsh-util.c | 25 ++
tools/virsh-util.h | 9 +
28 files changed, 1698 insertions(+), 10 deletions(-)
create mode 100644 tests/nwfiltermetadatatest.c
create mode 100644 tests/nwfilterxml2xmlin/metadata-test.xml
create mode 100644 tests/nwfilterxml2xmlout/metadata-test.xml
--
2.42.0
1 year, 1 month
[PATCH v1] util: vircommand: fix redundant if
by Dmitry Frolov
Comparisson "if(ret == -1)" is always false.
This statement was forgotten during switching to g_new0()
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 0275b06a55fc7b1ec6a9e93f7fb73bea7388f634 ("util: command: use g_new0")
Signed-off-by: Dmitry Frolov <frolov(a)swemel.ru>
---
src/util/vircommand.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/src/util/vircommand.c b/src/util/vircommand.c
index 9d4ba1e97c..81e74deee0 100644
--- a/src/util/vircommand.c
+++ b/src/util/vircommand.c
@@ -2227,7 +2227,7 @@ virCommandProcessIO(virCommand *cmd)
int outfd = -1, errfd = -1;
size_t inlen = 0, outlen = 0, errlen = 0;
size_t inoff = 0;
- int ret = 0;
+ int ret = -1;
g_autofree struct pollfd *fds = NULL;
if (dryRunBuffer || dryRunCallback) {
@@ -2254,9 +2254,6 @@ virCommandProcessIO(virCommand *cmd)
VIR_FREE(*cmd->errbuf);
*cmd->errbuf = g_new0(char, 1);
}
- if (ret == -1)
- goto cleanup;
- ret = -1;
fds = g_new0(struct pollfd, 3 + virCommandGetNumSendBuffers(cmd));
--
2.34.1
1 year, 1 month
[libvirt PATCH 0/7] docs: ci: Update the CI pages with fresh contents
by Erik Skultety
While we have already descriptive articles on our GitLab CI, there's recently
been some work on the CI front where a few sections deserve some updates.
Erik Skultety (7):
docs: ci-runners: Add a note on a new runner registration process
docs: ci: Update the description on the integration CI GitLab
variables
docs: testtck: Tweak the Avocado command to run TCK test suite
docs: testtck: Improve the documentation on how to get a VM from
lcitool
docs: testing: Adjust the docs on how to run container workloads
locally
docs: testtck: Add a clear note on libvirt + Perl bindings dependency
docs: testtck: Expand the 'Run TCK' section on making use of
ci/jobs.sh
docs/ci-runners.rst | 10 ++++++++
docs/ci.rst | 8 ++++--
docs/testing.rst | 37 ++++++++++++++++++++++------
docs/testtck.rst | 60 ++++++++++++++++++++++++++++++++++++++-------
4 files changed, 96 insertions(+), 19 deletions(-)
--
2.41.0
1 year, 1 month
[RFC PATCH 0/4] Added virtio-net RSS with eBPF support.
by Andrew Melnychenko
This series of rfc patches adds support for loading the RSS eBPF program and passing it to the QEMU.
Comments and suggestions would be useful.
QEMU with vhost may work with RSS through eBPF. To load eBPF,
the capabilities required that Libvirt may provide.
eBPF program and maps may be unique for particular QEMU and
Libvirt retrieves eBPF through qapi.
For now, there is only "RSS" eBPF object in QEMU, in the future,
there may be another one(g.e. network filters).
That's why in Libvirt added logic to load and store any
eBPF object that QEMU provides using qapi schema.
For virtio-net RSS, the document has not changed.
```
<interface type="network">
<model type="virtio"/>
<driver queues="4" rss="on" rss_hash_report="off"/>
<interface type="network">
```
Simplified routine for RSS:
* Libvirt retrieves eBPF "RSS" and load it.
* Libvirt passes file descriptors to virtio-net with property "ebpf_rss_fds" ("rss" property should be "on" too).
* if fds was provided - QEMU using eBPF RSS implementation.
* if fds was not provided - QEMU tries to load eBPF RSS in own context and use it.
* if eBPF RSS was not loaded - QEMU uses "in-qemu" RSS(vhost not supported).
meson.build | 6 ++
meson_options.txt | 1 +
src/qemu/meson.build | 1 +
src/qemu/qemu_capabilities.c | 181 +++++++++++++++++++++++++++++++++++
src/qemu/qemu_capabilities.h | 4 +
src/qemu/qemu_command.c | 53 ++++++++++
src/qemu/qemu_domain.c | 4 +
src/qemu/qemu_domain.h | 3 +
src/qemu/qemu_interface.c | 42 ++++++++
src/qemu/qemu_interface.h | 4 +
src/qemu/qemu_monitor.c | 23 +++++
src/qemu/qemu_monitor.h | 3 +
src/qemu/qemu_monitor_json.c | 21 ++++
src/qemu/qemu_monitor_json.h | 3 +
14 files changed, 349 insertions(+)
--
2.42.0
1 year, 1 month
[PATCH] docs: Fix typos
by Han Han
Signed-off-by: Han Han <hhan(a)redhat.com>
---
docs/formatdomain.rst | 2 +-
docs/kbase/kvm-realtime.rst | 2 +-
docs/manpages/virsh.rst | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index af62fcd820..03735e4593 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -2179,7 +2179,7 @@ are:
Enable QEMU vmcoreinfo device to let the guest kernel save debug details.
:since:`Since 4.4.0` (QEMU only)
``htm``
- Configure HTM (Hardware Transational Memory) availability for pSeries guests.
+ Configure HTM (Hardware Transactional Memory) availability for pSeries guests.
Possible values for the ``state`` attribute are ``on`` and ``off``. If the
attribute is not defined, the hypervisor default will be used. :since:`Since
4.6.0` (QEMU/KVM only)
diff --git a/docs/kbase/kvm-realtime.rst b/docs/kbase/kvm-realtime.rst
index 87ab314bcb..c829eac120 100644
--- a/docs/kbase/kvm-realtime.rst
+++ b/docs/kbase/kvm-realtime.rst
@@ -103,7 +103,7 @@ Be aware that CPU ID numbers are not always allocated sequentially as shown
here. It is not unusual to see IDs interleaved between sockets on the two NUMA
nodes, such that ``0-3,8-11`` are on the first node and ``4-7,12-15`` are on
the second node. Carefully check the ``virsh capabilities`` output to determine
-the CPU ID numbers when configiring both ``isolcpus`` and the guest ``cpuset``
+the CPU ID numbers when configuring both ``isolcpus`` and the guest ``cpuset``
values.
Guest configuration
diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
index 4ae3bb4d93..c425974912 100644
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
@@ -5267,7 +5267,7 @@ dom-fd-associate
Associate one or more fds described via *--pass-fds* argument to *domain* as
*--name*. The lifetime of the passed fd group is the same as the connection, thus
-exitting virsh un-registers them afterwards.
+exiting virsh un-registers them afterwards.
By default security labels are applied if needed but they are not restored after
use to avoid keeping them open unnecessarily. Best-effort security label restore
--
2.41.0
1 year, 1 month
[PATCH] qemu: add 'media=cdrom' attribute for usb CDROM
by Minglei Liu
From: "minglei.liu" <minglei.liu(a)smartx.com>
In commit 1328a83, the 'media=cdrom' attribute was removed from -drive.
However, this attribute is still essential for usb cdrom and is still
supported in qemu 8.1.1. Therefore, we need to reintroduce this attribute
for usb cdrom.
---
src/qemu/qemu_command.c | 7 +++++++
.../disk-cdrom-bus-other.x86_64-latest.args | 2 +-
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 8a7b80719f..42f3f8f740 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -1705,6 +1705,13 @@ qemuBuildDriveStr(virDomainDiskDef *disk)
virBufferAsprintf(&opt, "if=sd,index=%d", virDiskNameToIndex(disk->dst));
+ /* While this is a frontend attribute, it only makes sense to be used when
+ * legacy -drive is used. In modern qemu the 'ide-cd' or 'scsi-cd' are used.
+ * currently only usb cdrom need this attribute */
+ if (disk->device == VIR_DOMAIN_DISK_DEVICE_CDROM &&
+ disk->bus == VIR_DOMAIN_DISK_BUS_USB)
+ virBufferAddLit(&opt, ",media=cdrom");
+
if (disk->src->readonly)
virBufferAddLit(&opt, ",readonly=on");
diff --git a/tests/qemuxml2argvdata/disk-cdrom-bus-other.x86_64-latest.args b/tests/qemuxml2argvdata/disk-cdrom-bus-other.x86_64-latest.args
index de5fa083d8..38093423cf 100644
--- a/tests/qemuxml2argvdata/disk-cdrom-bus-other.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/disk-cdrom-bus-other.x86_64-latest.args
@@ -27,7 +27,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-no-shutdown \
-boot strict=on \
-device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}' \
--blockdev '{"driver":"file","filename":"/root/boot.iso","node-name":"libvirt-2-storage","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"driver":"file","filename":"/root/boot.iso","node-name":"libvirt-2-storage","auto-read-only":true,"discard":"unmap","media":"cdrom"}' \
-blockdev '{"node-name":"libvirt-2-format","read-only":true,"driver":"raw","file":"libvirt-2-storage"}' \
-device '{"driver":"usb-storage","bus":"usb.0","port":"1","drive":"libvirt-2-format","id":"usb-disk0","removable":false}' \
-device '{"driver":"usb-storage","bus":"usb.0","port":"2","id":"usb-disk1","removable":false}' \
--
2.41.0
1 year, 1 month
[RFC: vf-token 0/5] Introduce vf-token when using userspace PF
by Vivek Kashyap
vf token is set by a vfio-pci based PF driver and it must be known to the
vfio-pci based VF driver. This vf-token is set by the PF driver before VF
drivers can access the device. vfio-pci driver and qemu support vf-token.
This RFC patch series adds support to provide the vf-token (uuid format)
in the domain XML and to generate the qemu commandline including the
vf-token.
To support vf-token the new element will be used as follows:
<hostdev mode='subsystem' type='pci' managed='yes'>
<driver name='vfio'/>
<source>
<address domain='0x0000' bus='0x0' slot='0x00' function='0x1'>
<vf-token uuid='00112233-4455-6677-8899-aabbccddeeff'/>
</address>
</source>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
</hostdev>
The generated commandline will include the following:
-device {"driver":"vfio-pci","host":"0000:00:0.1",
"vf-token":"00112233-4455-6677-8899-aabbccddeeff",
"id":"hostdev0","bus":"pci.0","addr":"0x1"}
This patch is get feedback on the approach. Will post with add
documentation and testcases in follow-up.
Vivek Kashyap (5):
virpci: Define vf-token
qemu: vf-token capability
conf: vf-token flag
conf: vf-token parsing and formatting
qemu: validate and generate vf-token on command line
src/conf/device_conf.c | 31 +++++++++++++++++++++++++++++--
src/conf/device_conf.h | 3 +++
src/conf/domain_addr.h | 1 +
src/conf/domain_conf.c | 5 +++++
src/conf/schemas/basictypes.rng | 11 +++++++++++
src/conf/schemas/domaincommon.rng | 1 +
src/libvirt_private.syms | 1 +
src/qemu/qemu_capabilities.c | 3 +++
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_command.c | 27 ++++++++++++++++++++++++---
src/qemu/qemu_domain_address.c | 3 +++
src/qemu/qemu_validate.c | 19 +++++++++++++++++++
src/util/virpci.c | 5 +++++
src/util/virpci.h | 11 +++++++++++
14 files changed, 117 insertions(+), 5 deletions(-)
--
2.25.1
1 year, 1 month
[PATCH] hw/rdma: Deprecate the pvrdma device and the rdma subsystem
by Thomas Huth
This subsystem is said to be in a bad shape (see e.g. [1], [2]
and [3]), and nobody seems to feel responsible to pick up patches
for this and send them via a pull request. For example there is
a patch for a CVE-worthy bug posted more than half a year ago [4]
which has never been merged.
Quoting Markus: "Given the shape it is in, I wouldn't let friends
use it in production" - we shouldn't expose this to our users in
the current state. Thus let's mark it as deprecated and finally
remove it unless somebody steps up and improves the code quality
and adds proper regression tests.
[1] https://lore.kernel.org/qemu-devel/20230918144206.560120-1-armbru@redhat....
[2] https://lore.kernel.org/qemu-devel/ZQnojJOqoFu73995@redhat.com/
[3] https://lore.kernel.org/qemu-devel/1054981c-e8ae-c676-3b04-eeb030e11f65@t...
[4] https://lore.kernel.org/qemu-devel/20230301142926.18686-1-yuval.shaia.ml@...
[5] https://lore.kernel.org/qemu-devel/8734z9f086.fsf@pond.sub.org/
Signed-off-by: Thomas Huth <thuth(a)redhat.com>
---
MAINTAINERS | 2 +-
docs/about/deprecated.rst | 8 ++++++++
hw/rdma/vmw/pvrdma_main.c | 2 ++
3 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/MAINTAINERS b/MAINTAINERS
index 355b1960ce..ca42b89ef8 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -3815,7 +3815,7 @@ F: docs/block-replication.txt
PVRDMA
M: Yuval Shaia <yuval.shaia.ml(a)gmail.com>
M: Marcel Apfelbaum <marcel.apfelbaum(a)gmail.com>
-S: Maintained
+S: Odd Fixes
F: hw/rdma/*
F: hw/rdma/vmw/*
F: docs/pvrdma.txt
diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index dc4da95329..f0c7addb1f 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -365,6 +365,14 @@ QEMU's ``vhost`` feature, which would eliminate the high latency costs under
which the 9p ``proxy`` backend currently suffers. However as of to date nobody
has indicated plans for such kind of reimplementation unfortunately.
+``-device pvrdma`` and the rdma subsystem (since 8.2)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The pvrdma device and the whole rdma subsystem are in a bad shape and
+without active maintenance. The QEMU project intends to remove this
+device and subsystem from the code base in a future release without
+replacement unless somebody steps up and improves the situation.
+
Block device options
''''''''''''''''''''
diff --git a/hw/rdma/vmw/pvrdma_main.c b/hw/rdma/vmw/pvrdma_main.c
index 4fc6712025..ed49ce1e72 100644
--- a/hw/rdma/vmw/pvrdma_main.c
+++ b/hw/rdma/vmw/pvrdma_main.c
@@ -601,6 +601,8 @@ static void pvrdma_realize(PCIDevice *pdev, Error **errp)
bool ram_shared = false;
PCIDevice *func0;
+ warn_report_once("pvrdma is deprecated and will be removed in a future release");
+
rdma_info_report("Initializing device %s %x.%x", pdev->name,
PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn));
--
2.41.0
1 year, 1 month
