[PATCH] qemu: Replace the deprecated short-formed option "unix"
by Han Han
Change to the boolean option "unix=on"
Signed-off-by: Han Han <hhan(a)redhat.com>
---
src/qemu/qemu_command.c | 2 +-
.../graphics-spice-auto-socket-cfg.x86_64-latest.args | 2 +-
.../graphics-spice-auto-socket.x86_64-latest.args | 2 +-
tests/qemuxml2argvdata/graphics-spice-socket.x86_64-latest.args | 2 +-
tests/qemuxml2argvdata/name-escape.x86_64-latest.args | 2 +-
5 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index b45a5e4f80..bc285c0b6f 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -8204,7 +8204,7 @@ qemuBuildGraphicsSPICECommandLine(virQEMUDriverConfig *cfg,
switch (glisten->type) {
case VIR_DOMAIN_GRAPHICS_LISTEN_TYPE_SOCKET:
- virBufferAddLit(&opt, "unix,addr=");
+ virBufferAddLit(&opt, "unix=on,addr=");
virQEMUBuildBufferEscapeComma(&opt, glisten->socket);
virBufferAddLit(&opt, ",");
hasInsecure = true;
diff --git a/tests/qemuxml2argvdata/graphics-spice-auto-socket-cfg.x86_64-latest.args b/tests/qemuxml2argvdata/graphics-spice-auto-socket-cfg.x86_64-latest.args
index a50ca802ae..03fa8e868a 100644
--- a/tests/qemuxml2argvdata/graphics-spice-auto-socket-cfg.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/graphics-spice-auto-socket-cfg.x86_64-latest.args
@@ -27,7 +27,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-boot strict=on \
-device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}' \
-audiodev '{"id":"audio1","driver":"spice"}' \
--spice unix,addr=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/spice.sock,seamless-migration=on \
+-spice unix=on,addr=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/spice.sock,seamless-migration=on \
-device '{"driver":"cirrus-vga","id":"video0","bus":"pci.0","addr":"0x2"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/graphics-spice-auto-socket.x86_64-latest.args b/tests/qemuxml2argvdata/graphics-spice-auto-socket.x86_64-latest.args
index a50ca802ae..03fa8e868a 100644
--- a/tests/qemuxml2argvdata/graphics-spice-auto-socket.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/graphics-spice-auto-socket.x86_64-latest.args
@@ -27,7 +27,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-boot strict=on \
-device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}' \
-audiodev '{"id":"audio1","driver":"spice"}' \
--spice unix,addr=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/spice.sock,seamless-migration=on \
+-spice unix=on,addr=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/spice.sock,seamless-migration=on \
-device '{"driver":"cirrus-vga","id":"video0","bus":"pci.0","addr":"0x2"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/graphics-spice-socket.x86_64-latest.args b/tests/qemuxml2argvdata/graphics-spice-socket.x86_64-latest.args
index 634176a6c3..9c30cf6089 100644
--- a/tests/qemuxml2argvdata/graphics-spice-socket.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/graphics-spice-socket.x86_64-latest.args
@@ -27,7 +27,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-boot strict=on \
-device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}' \
-audiodev '{"id":"audio1","driver":"spice"}' \
--spice unix,addr=/tmp/spice.sock,seamless-migration=on \
+-spice unix=on,addr=/tmp/spice.sock,seamless-migration=on \
-device '{"driver":"cirrus-vga","id":"video0","bus":"pci.0","addr":"0x2"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/name-escape.x86_64-latest.args b/tests/qemuxml2argvdata/name-escape.x86_64-latest.args
index 096a774caa..9eec8f5a9f 100644
--- a/tests/qemuxml2argvdata/name-escape.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/name-escape.x86_64-latest.args
@@ -41,7 +41,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-foo=1,bar=2/.config \
-netdev '{"type":"user","guestfwd":[{"str":"tcp:10.0.2.1:4600-chardev:charchannel0"}],"id":"channel0"}' \
-audiodev '{"id":"audio1","driver":"spice"}' \
-vnc vnc=unix:/var/lib/libvirt/qemu/domain--1-foo=1,,bar=2/vnc.sock,audiodev=audio1 \
--spice unix,addr=/var/lib/libvirt/qemu/domain--1-foo=1,,bar=2/spice.sock,gl=on,rendernode=/dev/dri/foo,,bar,seamless-migration=on \
+-spice unix=on,addr=/var/lib/libvirt/qemu/domain--1-foo=1,,bar=2/spice.sock,gl=on,rendernode=/dev/dri/foo,,bar,seamless-migration=on \
-device '{"driver":"cirrus-vga","id":"video0","bus":"pci.0","addr":"0x2"}' \
-blockdev '{"driver":"iscsi","portal":"example.foo.org:3260","target":"iqn.1992-01.com.example:my,storage","lun":1,"transport":"tcp","node-name":"libvirt-2-backend","read-only":false}' \
-device '{"driver":"scsi-generic","drive":"libvirt-2-backend","id":"hostdev0","bus":"scsi0.0","channel":0,"scsi-id":0,"lun":4}' \
--
2.43.0
11 months, 1 week
[PATCH 0/4] Support for dirty-limit live migration
by Hyman Huang
v2:
- mark the VIR_MIGRATE_DIRTY_LIMIT flag since 9.10.0
v1:
The dirty-limit functionality for live migration was
introduced since qemu>=8.1.
In the live migration scenario, it implements the force
convergence using the dirty-limit approach, which results
in better reliable read performance.
A straightforward dirty-limit capability for live migration
is added by this patchset. Users might not care about other
dirty-limit arguments like "x-vcpu-dirty-limit-period"
or "vcpu-dirty-limit," thus do not expose them to Libvirt
and Keep the default configurations and values in place.
For more details about dirty-limit, please see the following
reference:
https://lore.kernel.org/qemu-
devel/169024923116.19090.10825599068950039132-0(a)git.sr.ht/
Hyman Huang (4):
Add VIR_MIGRATE_DIRTY_LIMIT flag
qemu_migration: Implement VIR_MIGRATE_DIRTY_LIMIT flag
virsh: Add support for VIR_MIGRATE_DIRTY_LIMIT flag
NEWS: document support for dirty-limit live migration
NEWS.rst | 8 ++++++++
docs/manpages/virsh.rst | 10 +++++++++-
include/libvirt/libvirt-domain.h | 5 +++++
src/libvirt-domain.c | 8 ++++++++
src/qemu/qemu_migration.c | 8 ++++++++
src/qemu/qemu_migration.h | 1 +
src/qemu/qemu_migration_params.c | 6 ++++++
src/qemu/qemu_migration_params.h | 1 +
tools/virsh-domain.c | 10 ++++++++++
9 files changed, 56 insertions(+), 1 deletion(-)
--
2.39.1
11 months, 1 week
[PATCH v2] conf: fix integer overflow in virDomainControllerDefParseXML
by Egor Makrushin
Multiplication results in integer overflow.
Thus, replace it with ULLONG_MAX and change
def->opts.pciopts.pcihole64size type to ULL.
Update variable usage according to new type.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Egor Makrushin <emakrushin(a)astralinux.ru>
---
v2: update variable type according to maintainer's proposal
src/conf/domain_conf.c | 4 ++--
src/conf/domain_conf.h | 2 +-
src/qemu/qemu_command.c | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 58a985fc5d..9f842937e6 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -8523,7 +8523,7 @@ virDomainControllerDefParseXML(virDomainXMLOption *xmlopt,
unsigned long long bytes;
if ((rc = virParseScaledValue("./pcihole64", NULL,
ctxt, &bytes, 1024,
- 1024ULL * ULONG_MAX, false)) < 0)
+ ULLONG_MAX, false)) < 0)
return NULL;
if (rc == 1)
@@ -23123,7 +23123,7 @@ virDomainControllerDefFormat(virBuffer *buf,
if (def->type == VIR_DOMAIN_CONTROLLER_TYPE_PCI &&
def->opts.pciopts.pcihole64) {
- virBufferAsprintf(&childBuf, "<pcihole64 unit='KiB'>%lu</"
+ virBufferAsprintf(&childBuf, "<pcihole64 unit='KiB'>%llu</"
"pcihole64>\n", def->opts.pciopts.pcihole64size);
}
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 0c5e2636e1..14901b37ba 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -707,7 +707,7 @@ struct _virDomainVirtioSerialOpts {
struct _virDomainPCIControllerOpts {
bool pcihole64;
- unsigned long pcihole64size;
+ unsigned long long pcihole64size;
/* the exact controller name is in the "model" subelement, e.g.:
* <controller type='pci' model='pcie-root-port'>
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 54fb8220e8..b45a5e4f80 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -6211,7 +6211,7 @@ qemuBuildGlobalControllerCommandLine(virCommand *cmd,
}
virCommandAddArg(cmd, "-global");
- virCommandAddArgFormat(cmd, "%s.pci-hole64-size=%luK", hoststr,
+ virCommandAddArgFormat(cmd, "%s.pci-hole64-size=%lluK", hoststr,
cont->opts.pciopts.pcihole64size);
}
}
--
2.30.2
11 months, 1 week
[PATCH 0/2] qemuxml2argvtest: Don't exec '/usr/libexec/qemu/vhost-user/test-vhost-user-gpu'
by Peter Krempa
'qemuExtVhostUserGPUPrepareDomain' breaks our design assumptions about
the 'PrepareDomain' step which should not touch anything on the host.
This patchset for now fixes the symptom by mocking the function and
poisons virFork and virCommandRun so that this doesn't happen in the
future.
Proper fix will require splitting the vhost-user GPU prepare step to
prepare the host-specific portion separately.
Peter Krempa (2):
qemuxml2argvmock: Mock qemuExtVhostUserGPUPrepareDomain
qemuxml2argvmock: Poison virCommandRun and virFork from test context
src/qemu/qemu_vhost_user_gpu.c | 4 ++++
src/qemu/qemu_vhost_user_gpu.h | 2 +-
src/util/vircommand.h | 4 ++--
tests/qemuxml2argvmock.c | 28 ++++++++++++++++++++++++++++
4 files changed, 35 insertions(+), 3 deletions(-)
--
2.43.0
11 months, 1 week
[PATCH] conf: Remove multiplication to avoid overflow
by Egor Makrushin
Multiplication results in integer overflow.
Replace value of 6th agrument with ULLONG_MAX.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 04bd77a19f ("conf: Move and rename virDomainParseScaledValue()")
Signed-off-by: Egor Makrushin <emakrushin(a)astralinux.ru>
---
src/conf/domain_conf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 58a985fc5d..871fd3a874 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -8523,7 +8523,7 @@ virDomainControllerDefParseXML(virDomainXMLOption *xmlopt,
unsigned long long bytes;
if ((rc = virParseScaledValue("./pcihole64", NULL,
ctxt, &bytes, 1024,
- 1024ULL * ULONG_MAX, false)) < 0)
+ ULLONG_MAX, false)) < 0)
return NULL;
if (rc == 1)
--
2.30.2
11 months, 1 week
[libvirt PATCH] remote: DeserializeDomainDiskErrors: remove dead code
by Ján Tomko
As of commit b2d079c113a which converted this function to use g_strdup,
the error label is only reached when i = 0, rendering it useless.
Remove it.
Fixes: https://gitlab.com/libvirt/libvirt/-/issues/572
Signed-off-by: Ján Tomko <jtomko(a)redhat.com>
---
src/remote/remote_driver.c | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 132d0194c6..392377deae 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -1641,12 +1641,11 @@ remoteDeserializeDomainDiskErrors(remote_domain_disk_error *ret_errors_val,
int maxerrors)
{
size_t i = 0;
- size_t j;
if (ret_errors_len > limit || ret_errors_len > maxerrors) {
virReportError(VIR_ERR_RPC, "%s",
_("returned number of disk errors exceeds limit"));
- goto error;
+ return -1;
}
for (i = 0; i < ret_errors_len; i++) {
@@ -1655,12 +1654,6 @@ remoteDeserializeDomainDiskErrors(remote_domain_disk_error *ret_errors_val,
}
return 0;
-
- error:
- for (j = 0; j < i; j++)
- VIR_FREE(errors[j].disk);
-
- return -1;
}
static int
--
2.42.0
11 months, 1 week
[PATCH] apparmor: Add capabilities for PCI passthrough to virtxend profile
by Jim Fehlig
When splitting out the apparmor modular daemon profiles from the
libvirtd profile, the net_admin and sys_admin capabilities were
dropped from the virtxend profile. It was not known at the time
that these capabilities were needed for PCI passthrough. Without
the capabilities, the following messages are emitted from the audit
subsystem
audit: type=1400 audit(1702939277.946:63): apparmor="DENIED" \
operation="capable" class="cap" profile="virtxend" pid=3611 \
comm="rpc-virtxend" capability=21 capname="sys_admin"
audit: type=1400 audit(1702940304.818:63): apparmor="DENIED" \
operation="capable" class="cap" profile="virtxend" pid=3731 \
comm="rpc-virtxend" capability=12 capname="net_admin"
It appears sys_admin is needed to simply read from the PCI dev's
sysfs config file. The net_admin capability is needed when setting
the MAC address of an SR-IOV virtual function.
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
---
src/security/apparmor/usr.sbin.virtxend.in | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/security/apparmor/usr.sbin.virtxend.in b/src/security/apparmor/usr.sbin.virtxend.in
index 78a11305f5..77fedce352 100644
--- a/src/security/apparmor/usr.sbin.virtxend.in
+++ b/src/security/apparmor/usr.sbin.virtxend.in
@@ -5,8 +5,10 @@ profile virtxend @sbindir@/virtxend flags=(attach_disconnected) {
#include <abstractions/dbus>
capability kill,
+ capability net_admin,
capability setgid,
capability setuid,
+ capability sys_admin,
capability sys_pacct,
capability ipc_lock,
--
2.43.0
11 months, 1 week
[vf-token 0/8] Introduce vf-token when using userspace PF
by Vivek Kashyap
The VFIO PCI ABI has been extended to require userspace PF driver to set
a VF token to a known value. The VF drivers are then required to provide
this token to access the VF device. The vf-token is set by the PF driver
before VF drivers can access the device. The kernel provides no means to
retrieve the token in use; but there is no specification describing the
distribution or level of confidentiality of the token. Qemu has been
extended to require the vf-token when vf device is used. An important
point to note is that the vf-token is required only when both the PF and
VF are used in userspace.
This patch series adds support to provide the vf-token (uuid format) in the
domain XML and to generate the qemu commandline including the vf-token.
To support vf-token the new element will be used as follows:
<hostdev mode='subsystem' type='pci' managed='yes'>
<driver name='vfio'/>
<source>
<address domain='0x0000' bus='0x0' slot='0x00' function='0x1'>
<vf-token uuid='00112233-4455-6677-8899-aabbccddeeff'/>
</address>
</source>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
</hostdev>
The generated commandline will include the following:
-device {"driver":"vfio-pci","host":"0000:00:0.1",
"vf-token":"00112233-4455-6677-8899-aabbccddeeff",
"id":"hostdev0","bus":"pci.0","addr":"0x1"}
Changes since initial RFC:
1. Added documentation
2. Added test cases and ran successful test suite after each patch commit
3. fixed spaces, coding sytle, and uuid string format
4. Used S:vftoken in virJSONValueObjectAdd instead of a conditional
Vivek Kashyap (8):
Define the vf-token extension for PCI device
Introduce the vf-token qemu capability
This patch introduces the PCI address extension flag for vf-token
This patch introduces new XML parser/formatter functions for parsing
the vf-token
Introduce a validation function for vf-token support in qemu and
generate vf-token device attribute in qemu command line
Provide information about the vf-token flag
Add tests for the vf-token flag to the qemuxml2argv and qemuxml2xml
test suites
Update news about vf-token
NEWS.rst | 8 +++
docs/formatdomain.rst | 3 ++
src/conf/device_conf.c | 49 ++++++++++++++++---
src/conf/domain_addr.h | 1 +
src/conf/domain_conf.c | 8 +++
src/conf/schemas/basictypes.rng | 7 +++
src/libvirt_private.syms | 1 +
src/qemu/qemu_capabilities.c | 3 ++
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_command.c | 8 +++
src/qemu/qemu_domain_address.c | 3 ++
src/qemu/qemu_validate.c | 20 ++++++++
src/util/virpci.c | 7 +++
src/util/virpci.h | 10 ++++
.../qemucapabilitiesdata/caps_8.1.0_s390x.xml | 1 +
.../caps_8.1.0_x86_64.xml | 1 +
.../caps_8.2.0_x86_64.xml | 1 +
.../hostdev-vfio-vf-token.x86_64-latest.args | 34 +++++++++++++
.../hostdev-vfio-vf-token.xml | 22 +++++++++
tests/qemuxml2argvtest.c | 1 +
.../hostdev-vfio-vf-token.x86_64-latest.xml | 40 +++++++++++++++
tests/qemuxml2xmltest.c | 1 +
22 files changed, 223 insertions(+), 7 deletions(-)
create mode 100644 tests/qemuxml2argvdata/hostdev-vfio-vf-token.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/hostdev-vfio-vf-token.xml
create mode 100644 tests/qemuxml2xmloutdata/hostdev-vfio-vf-token.x86_64-latest.xml
--
2.33.8
11 months, 1 week
[PATCH] rpc: fix race in waking up client event loop
by Daniel P. Berrangé
The first thread to issue a client RPC request will own the event
loop execution, sitting in the virNetClientIOEventLoop function.
It releases the client lock while running:
virNetClientUnlock()
g_main_loop_run()
virNetClientLock()
If a second thread arrives with an RPC request, it will queue it
for the first thread to process. To inform the first thread that
there's a new request it calls g_main_loop_quit() to break it out
of the main loop.
This works if the first thread is in g_main_loop_run() at that
time. There is a small window of opportunity, however, where
the first thread has released the client lock, but not yet got
into g_main_loop_run(). If that happens, the wakeup from the
second thread is lost.
This patch deals with that by changing the way the wakeup is
performed. Instead of directly calling g_main_loop_quit(), the
second thread creates an idle source to run the quit function
from within the first thread. This guarantees that the first
thread will see the wakeup.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/rpc/virnetclient.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
index 4ab8af68c5..68098b1c8d 100644
--- a/src/rpc/virnetclient.c
+++ b/src/rpc/virnetclient.c
@@ -1848,6 +1848,15 @@ static void virNetClientIOUpdateCallback(virNetClient *client,
}
+static gboolean virNetClientIOWakeup(gpointer opaque)
+{
+ GMainLoop *loop = opaque;
+
+ g_main_loop_quit(loop);
+
+ return G_SOURCE_REMOVE;
+}
+
/*
* This function sends a message to remote server and awaits a reply
*
@@ -1925,7 +1934,9 @@ static int virNetClientIO(virNetClient *client,
/* Check to see if another thread is dispatching */
if (client->haveTheBuck) {
/* Force other thread to wakeup from poll */
- g_main_loop_quit(client->eventLoop);
+ GSource *wakeup = g_idle_source_new();
+ g_source_set_callback(wakeup, virNetClientIOWakeup, client->eventLoop, NULL);
+ g_source_attach(wakeup, client->eventCtx);
/* If we are non-blocking, detach the thread and keep the call in the
* queue. */
--
2.43.0
11 months, 1 week
