[PATCH 0/6] docs: link fixes and improvements
by Peter Krempa
*** BLURB HERE ***
Peter Krempa (6):
docs: remote: Replace broken link to article about 'ssh-agent'
docs: Reject non-https external links
kbase: Fix link in 'merging_disk_image_chains' article
docs: Use relative links within the web page
docs: newreposetup: Drop section about 'libvirt project server'
docs: Prohibit 'external' links within the webpage
docs/api_extension.rst | 4 +-
docs/issue-handling.rst | 2 +-
docs/kbase/backing_chains.rst | 4 +-
docs/kbase/debuglogs.rst | 4 +-
docs/kbase/internals/incremental-backup.rst | 6 +-
docs/kbase/launch_security_sev.rst | 2 +-
docs/kbase/live_full_disk_backup.rst | 2 +-
docs/kbase/merging_disk_image_chains.rst | 6 +-
docs/kbase/rpm-deployment.rst | 2 +-
docs/kbase/s390_protected_virt.rst | 2 +-
docs/kbase/systemtap.rst | 2 +-
docs/meson.build | 4 ++
docs/newreposetup.rst | 34 -----------
docs/remote.rst | 2 +-
docs/securityprocess.rst | 2 +-
docs/testtck.rst | 2 +-
docs/windows.rst | 5 +-
scripts/check-html-references.py | 67 +++++++++++++++++++--
18 files changed, 86 insertions(+), 66 deletions(-)
--
2.46.0
5 months, 3 weeks
[PATCH 0/5] network: fix regression in firewalld zone setting
by Laine Stump
commit v10.7.0-76-g1a72b83d56 improperly assumed that reloading
firewalld wouldn't reset the firewalld zone of libvirt-managed bridge
devices. This resulted in loss of networking to guests when something
on the host triggered a reload of firewalld rules, reported here:
https://issues.redhat.com/browse/RHEL-61576
This new series of patches, reverts that commit, along with commit
v10.7.0-78-g200f60b2e1, then reimplements their functionality assuming
that a firewalld reload *will* reset the zone of all libvirt-managed
bridge devices.
Laine Stump (5):
Revert "network: *un*set the firewalld zone while shutting down a
network"
Revert "network: support setting firewalld zone for bridge device of
open networks"
network: call network(Add|Remove)FirewallRules() for forward
mode='open'
network: a different way of supporting firewalld zone for mode='open'
networks
network: a different implementation of *un*setting firewalld zone when
network is destroyed
src/network/bridge_driver.c | 34 +++----
src/network/bridge_driver_linux.c | 140 ++++++++++++++++-----------
src/network/bridge_driver_nop.c | 19 ----
src/network/bridge_driver_platform.h | 4 -
src/util/virfirewalld.c | 16 +--
5 files changed, 102 insertions(+), 111 deletions(-)
--
2.46.1
5 months, 3 weeks
[PATCH v2 0/1] Add support for RAPL MSRs feature in QEMU
by Anthony Harivel
Hi,
First of all, kudos to Peter Krempa for his fast review!
In this v2, I've addressed the following points:
- The socket is *not* mandatory and my code totally confused Peter.
Sorry about that!
here a snippet of the QEMU code to understand:
/* Compute the socket path if necessary */
if (s->msr_energy.socket_path == NULL) {
s->msr_energy.socket_path = vmsr_compute_default_paths();
}
So I made all the modification to make it not necessary.
- Change the socket name to "rapl_helper_socket"
- Change the socket to be absFilePath
- I did not add anything to honour the _OFF state, because it is not
necessary to explicitly disable it.
That's about it.
Regards,
Anthony
Anthony Harivel (1):
qemu: Add support for RAPL MSRs feature
docs/formatdomain.rst | 2 ++
src/conf/domain_conf.c | 18 ++++++++++++++++++
src/conf/domain_conf.h | 2 ++
src/conf/schemas/domaincommon.rng | 10 ++++++++++
src/qemu/qemu_command.c | 11 +++++++++++
tests/qemuxmlconfdata/kvm-features-off.xml | 1 +
.../kvm-features.x86_64-latest.args | 2 +-
tests/qemuxmlconfdata/kvm-features.xml | 1 +
8 files changed, 46 insertions(+), 1 deletion(-)
--
2.46.0
5 months, 4 weeks
[PATCH v2 0/4] Add TPM emulator <source file=''/>
by marcandre.lureau@redhat.com
From: Marc-André Lureau <marcandre.lureau(a)redhat.com>
Hi,
When swtpm capabilities reports "nvram-backend-dir", it can accepts a single
file or block device where TPM state will be stored.
--tpmstate must be backend-uri=file://.
v2:
- add <source dir='..'/> support as well (Daniel)
Related: https://issues.redhat.com/browse/CNV-35250
Marc-André Lureau (4):
util: check swtpm nvram-backend-dir capability
schema: add TPM emulator <source file='..'>
schema: add TPM emulator <source dir='..'>
qemu_tpm: handle file/block storage source
docs/formatdomain.rst | 18 +++++
src/conf/domain_conf.c | 28 +++++++
src/conf/domain_conf.h | 7 ++
src/conf/schemas/domaincommon.rng | 20 +++++
src/qemu/qemu_tpm.c | 76 +++++++++++++++----
src/util/virtpm.c | 1 +
src/util/virtpm.h | 1 +
.../qemuxmlconfdata/tpm-emulator-tpm2-enc.xml | 1 +
tests/qemuxmlconfdata/tpm-emulator-tpm2.xml | 1 +
9 files changed, 140 insertions(+), 13 deletions(-)
--
2.45.2.827.g557ae147e6
6 months
[PATCH 0/2] add disk hotplug/unplug support to test hypervisor
by John Levon
John Levon (2):
test_driver: provide basic disk hotplug support
test_driver: provide basic disk hotunplug support
src/test/test_driver.c | 276 ++++++++++++++++++++++++++++++++++++++++-
1 file changed, 273 insertions(+), 3 deletions(-)
--
2.34.1
6 months
[PATCH] util: Look for newer name of cpu wait time statistic
by Martin Kletzander
It looks like linux changed the key for wait time in /proc/<pid>/sched
and /proc/<pid>/task/<tid>/sched files in commit ceeadb83aea2 (or around
that time) from se.statistics.wait_sum to just wait_sum. Similarly to
the previous change (from se.wait_sum) just look for the new name first.
Resolves: https://issues.redhat.com/browse/RHEL-60030
Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
---
src/util/virprocess.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/util/virprocess.c b/src/util/virprocess.c
index f1e5e4decd68..dd4bd866102e 100644
--- a/src/util/virprocess.c
+++ b/src/util/virprocess.c
@@ -1849,8 +1849,10 @@ virProcessGetSchedInfo(unsigned long long *cpuWait,
const char *line = lines[i];
/* Needs CONFIG_SCHEDSTATS. The second check
+ * is the name used before ceeadb83aea2, the third one
* is the old name the kernel used in past */
- if (STRPREFIX(line, "se.statistics.wait_sum") ||
+ if (STRPREFIX(line, "wait_sum") ||
+ STRPREFIX(line, "se.statistics.wait_sum") ||
STRPREFIX(line, "se.wait_sum")) {
line = strchr(line, ':');
if (!line) {
--
2.46.2
6 months
[PATCH v7 00/14] qemu: Introduce shared_filesystems configuration option
by Andrea Bolognani
The need to have something like this in the first place is driven by
KubeVirt (see [1] and [2]). A draft version of this series has been
integrated into KubeVirt and it has been confirmed that it was
effective in removing the need to use LD_PRELOAD hacks in the storage
provider.
Changes from [v6]:
* only skip metadata locking for the swtpm lock file;
* other tweaks based on review feedback.
Changes from [v5]:
* make migration of domains with TPM work (patches 12 and 13);
* fixed all typos for "remember";
* added R-bs for Peter's patches.
Changes from [v4] (v5 was posted by Peter):
* added patch 7 cleaning up a helper function (noticed just while
reading the code)
* added patch 8 properly unrefing security labels in dac/selinux
drivers on outgoing migration
* patch 11: added handling of the 'nvram' image file (and refactored
the function to
allow reuse)
Changes from [v3] (v4 was posted by Peter):
* patch 2/8 was modified to change the docs for the new option.
* patches 1-5 will get an R-b by me as I've adopted them.
* patches 6, 9-11 are new.
* patches 7, 8 were not part of v3
Changes from [v2]:
* added canonicalization for user-provided paths;
* fixed compilation issues when AppArmor support is enabled.
Changes from [v1]:
* documented more explicitly that the newly introduced option is
intended for very specific scenarios and not general usage; as
part of this, the NEWS update has been dropped too;
* made a few tweaks and addressed a few oversight based on review
feedback;
* several preparatory cleanup patches have been pushed.
Changes from [v0]:
* reworked approach.
[v6] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/7T...
[v5] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/HN...
[v4] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/FW...
[v3] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/PI...
[v2] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/XP...
[v1] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/XE...
[v0] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/MM...
[1] https://issues.redhat.com/browse/CNV-34322
[2] https://issues.redhat.com/browse/CNV-39370
Andrea Bolognani (8):
security: Fix alignment
qemu: Introduce shared_filesystems configuration option
qemu: Propagate shared_filesystems
utils: Use overrides in virFileIsSharedFS()
qemu: Always set labels for TPM state
security: Always forget labels for TPM state directory
security: Allow skipping locking when labeling lock files
qemu: Handle locking of TPM state directory for incoming migration
Peter Krempa (6):
virFileIsSharedFSOverride: Export
virParseOwnershipIds: Refactor
virSecuritySELinuxRestoreImageLabelInt: Move FD image relabeling after
'migrated' check
security_(dac|selinux): Unref remembered security labels on outgoing
migration
storage_source: Add field for skipping seclabel remembering
qemu: migration: Don't remember seclabel for images shared from
current host
src/conf/storage_source_conf.c | 3 +
src/conf/storage_source_conf.h | 9 ++
src/libvirt_private.syms | 1 +
src/lxc/lxc_controller.c | 3 +-
src/lxc/lxc_driver.c | 2 +-
src/lxc/lxc_process.c | 4 +-
src/qemu/libvirtd_qemu.aug | 3 +
src/qemu/qemu.conf.in | 26 +++++
src/qemu/qemu_conf.c | 31 ++++++
src/qemu/qemu_conf.h | 2 +
src/qemu/qemu_domain.c | 7 +-
src/qemu/qemu_extdevice.c | 2 +-
src/qemu/qemu_migration.c | 83 ++++++++++++++--
src/qemu/qemu_security.c | 147 ++++++++++++++++++++--------
src/qemu/qemu_security.h | 6 +-
src/qemu/qemu_tpm.c | 51 +++++++---
src/qemu/qemu_tpm.h | 10 +-
src/qemu/test_libvirtd_qemu.aug.in | 5 +
src/security/security_apparmor.c | 8 +-
src/security/security_dac.c | 61 +++++++++---
src/security/security_driver.h | 11 ++-
src/security/security_manager.c | 54 ++++++++---
src/security/security_manager.h | 15 ++-
src/security/security_nop.c | 5 +
src/security/security_selinux.c | 151 +++++++++++++++++++++++------
src/security/security_stack.c | 38 ++++++--
src/util/virfile.c | 63 +++++++++++-
src/util/virfile.h | 5 +-
src/util/virutil.c | 20 ++--
tests/securityselinuxlabeltest.c | 2 +-
tests/virfiletest.c | 2 +-
31 files changed, 666 insertions(+), 164 deletions(-)
--
2.46.2
6 months
[PATCH V2 0/4] Rework qemu internal active snapshots to use QMP
by Nikolai Barybin
Den, Peter, Daniel thank you for your comments!
I'm sending v2 of this patchset.
Changes since last revision:
- dropped [PATCH 4/4] qemu monitor: reap qemu_monitor_text
- added new patch: qemu capabilities: add QEMU_CAPS_SNAPSHOT_SAVE/_DELETE
- preserved old-style snapshotting (HMP savevm) in case we have QEMU < 6.0
- enhanced requirements for allowing snapshotting. All writable disks
should be qcow2, non-shared. If such disks exist and we have qcow2
NVRAM, add NVRAM device to the list of wrdevs. But never save vmstate
to NVRAM
- make char** wrdevs list allocation inside
qemuSnapshotActiveInternalGetWrdevListHelper()
Nikolai Barybin (4):
qemu monitor: add snaphot-save/delete QMP commands
qemu blockjob: add snapshot-save/delete job types
qemu capabilities: add QEMU_CAPS_SNAPSHOT_SAVE/_DELETE
qemu snapshot: use QMP snapshot-save/delete for internal snapshots
src/qemu/qemu_block.c | 2 +
src/qemu/qemu_blockjob.c | 6 +-
src/qemu/qemu_blockjob.h | 2 +
src/qemu/qemu_capabilities.c | 4 +
src/qemu/qemu_capabilities.h | 2 +
src/qemu/qemu_domain.c | 4 +
src/qemu/qemu_monitor.c | 30 +++
src/qemu/qemu_monitor.h | 13 ++
src/qemu/qemu_monitor_json.c | 66 ++++++
src/qemu/qemu_monitor_json.h | 13 ++
src/qemu/qemu_snapshot.c | 207 ++++++++++++++++--
.../caps_6.0.0_aarch64.xml | 2 +
.../qemucapabilitiesdata/caps_6.0.0_s390x.xml | 2 +
.../caps_6.0.0_x86_64.xml | 2 +
.../caps_6.1.0_x86_64.xml | 2 +
.../caps_6.2.0_aarch64.xml | 2 +
.../qemucapabilitiesdata/caps_6.2.0_ppc64.xml | 2 +
.../caps_6.2.0_x86_64.xml | 2 +
.../caps_7.0.0_aarch64+hvf.xml | 2 +
.../caps_7.0.0_aarch64.xml | 2 +
.../qemucapabilitiesdata/caps_7.0.0_ppc64.xml | 2 +
.../caps_7.0.0_x86_64.xml | 2 +
.../qemucapabilitiesdata/caps_7.1.0_ppc64.xml | 2 +
.../caps_7.1.0_x86_64.xml | 2 +
tests/qemucapabilitiesdata/caps_7.2.0_ppc.xml | 2 +
.../caps_7.2.0_x86_64+hvf.xml | 2 +
.../caps_7.2.0_x86_64.xml | 2 +
.../caps_8.0.0_riscv64.xml | 2 +
.../caps_8.0.0_x86_64.xml | 2 +
.../qemucapabilitiesdata/caps_8.1.0_s390x.xml | 2 +
.../caps_8.1.0_x86_64.xml | 2 +
.../caps_8.2.0_aarch64.xml | 2 +
.../caps_8.2.0_armv7l.xml | 2 +
.../caps_8.2.0_loongarch64.xml | 2 +
.../qemucapabilitiesdata/caps_8.2.0_s390x.xml | 2 +
.../caps_8.2.0_x86_64.xml | 2 +
.../qemucapabilitiesdata/caps_9.0.0_sparc.xml | 2 +
.../caps_9.0.0_x86_64.xml | 2 +
.../caps_9.1.0_x86_64.xml | 2 +
39 files changed, 391 insertions(+), 14 deletions(-)
--
2.43.5
6 months
[PATCH 0/2] add NIC hotplug support to test hypervisor
by John Levon
These two patches add basic support for NIC hot[un]plug to the test hypervisor,
based on the qemu driver; only ethernet and bridge type VNICS are currently
supported.
John Levon (2):
test_driver: provide basic NIC hotplug support
test_driver: provide basic NIC hotunplug support
src/test/test_driver.c | 305 ++++++++++++++++++++++++++++++++++++++---
1 file changed, 283 insertions(+), 22 deletions(-)
--
2.34.1
6 months
[PATCH v6 00/13] qemu: Introduce shared_filesystems configuration option
by Andrea Bolognani
The need to have something like this in the first place is driven by
KubeVirt (see [1] and [2]). A draft version of this series has been
integrated into KubeVirt and it has been confirmed that it was
effective in removing the need to use LD_PRELOAD hacks in the storage
provider.
Changes from [v5]:
* make migration of domains with TPM work (patches 12 and 13);
* fixed all typos for "remember";
* added R-bs for Peter's patches.
Changes from [v4] (v5 was posted by Peter):
* added patch 7 cleaning up a helper function (noticed just while
reading the code)
* added patch 8 properly unrefing security labels in dac/selinux
drivers on outgoing migration
* patch 11: added handling of the 'nvram' image file (and refactored
the function to
allow reuse)
Changes from [v3] (v4 was posted by Peter):
* patch 2/8 was modified to change the docs for the new option.
* patches 1-5 will get an R-b by me as I've adopted them.
* patches 6, 9-11 are new.
* patches 7, 8 were not part of v3
Changes from [v2]:
* added canonicalization for user-provided paths;
* fixed compilation issues when AppArmor support is enabled.
Changes from [v1]:
* documented more explicitly that the newly introduced option is
intended for very specific scenarios and not general usage; as
part of this, the NEWS update has been dropped too;
* made a few tweaks and addressed a few oversight based on review
feedback;
* several preparatory cleanup patches have been pushed.
Changes from [v0]:
* reworked approach.
[v5] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/H...
[v4] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/F...
[v3] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/P...
[v2] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/XP...
[v1] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/XE...
[v0] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/MM...
[1] https://issues.redhat.com/browse/CNV-34322
[2] https://issues.redhat.com/browse/CNV-39370
Andrea Bolognani (7):
security: Fix alignment
qemu: Introduce shared_filesystems configuration option
qemu: Propagate shared_filesystems
utils: Use overrides in virFileIsSharedFS()
qemu: Always set labels for TPM state
security: Always forget labels for TPM state directory
qemu: Don't lock TPM state directory for incoming migration
Peter Krempa (6):
virFileIsSharedFSOverride: Export
virParseOwnershipIds: Refactor
virSecuritySELinuxRestoreImageLabelInt: Move FD image relabeling after
'migrated' check
security_(dac|selinux): Unref remembered security labels on outgoing
migration
storage_source: Add field for skipping seclabel remembering
qemu: migration: Don't remember seclabel for images shared from
current host
src/conf/storage_source_conf.c | 3 +
src/conf/storage_source_conf.h | 9 ++
src/libvirt_private.syms | 1 +
src/lxc/lxc_controller.c | 3 +-
src/lxc/lxc_driver.c | 2 +-
src/lxc/lxc_process.c | 4 +-
src/qemu/libvirtd_qemu.aug | 3 +
src/qemu/qemu.conf.in | 26 +++++
src/qemu/qemu_conf.c | 31 ++++++
src/qemu/qemu_conf.h | 2 +
src/qemu/qemu_domain.c | 7 +-
src/qemu/qemu_extdevice.c | 2 +-
src/qemu/qemu_migration.c | 86 ++++++++++++++---
src/qemu/qemu_security.c | 95 +++++++++++++-----
src/qemu/qemu_security.h | 6 +-
src/qemu/qemu_tpm.c | 50 ++++++----
src/qemu/qemu_tpm.h | 10 +-
src/qemu/test_libvirtd_qemu.aug.in | 5 +
src/security/security_apparmor.c | 8 +-
src/security/security_dac.c | 53 +++++++++--
src/security/security_driver.h | 8 +-
src/security/security_manager.c | 33 +++++--
src/security/security_manager.h | 9 +-
src/security/security_nop.c | 5 +
src/security/security_selinux.c | 148 +++++++++++++++++++++++------
src/security/security_stack.c | 32 +++++--
src/util/virfile.c | 63 +++++++++++-
src/util/virfile.h | 5 +-
src/util/virutil.c | 20 ++--
tests/securityselinuxlabeltest.c | 2 +-
tests/virfiletest.c | 2 +-
31 files changed, 594 insertions(+), 139 deletions(-)
--
2.46.0
6 months