October 2024 - Devel - libvirt List Archives

[PATCH v3 00/10] qemu: Rework internal active snapshots to use QMP commands
by Peter Krempa 09 Oct '24

09 Oct '24

Changes to v2: - added few cleanups - added qemumonitorjson test cases for new commands - dropped duplicate capability flags - fixed bugs pointed out in v2 - rewritten logic for selecting snapshot images (both for creation/deletion) - fixed the logic to be fault tolerant same way as 'delvm' - allowed internal snapshots of VMs with UEFI - added explanation to all code with non-obvious implications Nikolai Barybin via Devel (4): qemu: monitor: Add plumbing for 'snaphot-save'/'snapshot-delete' QMP commands qemu: blockjob: Add job types for 'snapshot-save/delete' qemu: capabilities: Introduce QEMU_CAPS_SNAPSHOT_INTERNAL_QMP capability qemu snapshot: use QMP snapshot-save for internal snapshots creation Peter Krempa (6): qemuDomainObjWait: Annotate with G_GNUC_WARN_UNUSED_RESULT qemu: monitor: Store internal snapshot names from 'query-named-block-nodes' qemu snapshot: use QMP snapshot-delete for internal snapshots deletion qemuSnapshotActiveInternalDeleteGetDevices: Add warning when deleting inconsistent snapshot qemu: snapshot: Allow internal snapshots with PFLASH nvram news: mention internal snapshot changes NEWS.rst | 16 + src/qemu/qemu_block.c | 2 + src/qemu/qemu_blockjob.c | 7 + src/qemu/qemu_blockjob.h | 2 + src/qemu/qemu_capabilities.c | 4 + src/qemu/qemu_capabilities.h | 3 + src/qemu/qemu_domain.c | 10 + src/qemu/qemu_domain.h | 3 +- src/qemu/qemu_monitor.c | 30 ++ src/qemu/qemu_monitor.h | 17 + src/qemu/qemu_monitor_json.c | 79 ++++ src/qemu/qemu_monitor_json.h | 13 + src/qemu/qemu_snapshot.c | 358 +++++++++++++++++- tests/qemublocktest.c | 11 + .../bitmap/snapshots-internal.json | 298 +++++++++++++++ .../bitmap/snapshots-internal.out | 2 + .../caps_6.0.0_aarch64.xml | 1 + .../qemucapabilitiesdata/caps_6.0.0_s390x.xml | 1 + .../caps_6.0.0_x86_64.xml | 1 + .../caps_6.1.0_x86_64.xml | 1 + .../caps_6.2.0_aarch64.xml | 1 + .../qemucapabilitiesdata/caps_6.2.0_ppc64.xml | 1 + .../caps_6.2.0_x86_64.xml | 1 + .../caps_7.0.0_aarch64+hvf.xml | 1 + .../caps_7.0.0_aarch64.xml | 1 + .../qemucapabilitiesdata/caps_7.0.0_ppc64.xml | 1 + .../caps_7.0.0_x86_64.xml | 1 + .../qemucapabilitiesdata/caps_7.1.0_ppc64.xml | 1 + .../caps_7.1.0_x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_7.2.0_ppc.xml | 1 + .../caps_7.2.0_x86_64+hvf.xml | 1 + .../caps_7.2.0_x86_64.xml | 1 + .../caps_8.0.0_riscv64.xml | 1 + .../caps_8.0.0_x86_64.xml | 1 + .../qemucapabilitiesdata/caps_8.1.0_s390x.xml | 1 + .../caps_8.1.0_x86_64.xml | 1 + .../caps_8.2.0_aarch64.xml | 1 + .../caps_8.2.0_armv7l.xml | 1 + .../caps_8.2.0_loongarch64.xml | 1 + .../qemucapabilitiesdata/caps_8.2.0_s390x.xml | 1 + .../caps_8.2.0_x86_64.xml | 1 + .../qemucapabilitiesdata/caps_9.0.0_sparc.xml | 1 + .../caps_9.0.0_x86_64.xml | 1 + .../caps_9.1.0_riscv64.xml | 1 + .../caps_9.1.0_x86_64.xml | 1 + tests/qemumonitorjsontest.c | 33 ++ 46 files changed, 895 insertions(+), 22 deletions(-) create mode 100644 tests/qemublocktestdata/bitmap/snapshots-internal.json create mode 100644 tests/qemublocktestdata/bitmap/snapshots-internal.out -- 2.46.0

3 18

[PATCH 0/7] qemu: Fix some more migration issues related to vmx-* features
by Jiri Denemark 09 Oct '24

09 Oct '24

Sigh. Jiri Denemark (7): qemu: Drop vmx-* from migratable CPU model only when origCPU is set qemu: Do not drop unknown CPU features from domain XML cpu-data.py: Properly handle aliases qemu: Translate vmx-invvpid-single-context-noglobals CPU feature qemu: Replace big condition in virQEMUCapsCPUFilterFeatures with array cpu_map: Drop vmx-ept-{uc,wb} features from CPU models cpu_map: Drop vmx-invvpid-single-context from CPU models src/cpu_map/sync_qemu_features_i386.py | 3 -- src/cpu_map/sync_qemu_models_i386.py | 5 ++- src/cpu_map/x86_Broadwell-IBRS.xml | 2 -- src/cpu_map/x86_Broadwell-noTSX-IBRS.xml | 2 -- src/cpu_map/x86_Broadwell-noTSX.xml | 2 -- src/cpu_map/x86_Broadwell.xml | 2 -- src/cpu_map/x86_Cascadelake-Server-noTSX.xml | 2 -- src/cpu_map/x86_Cascadelake-Server.xml | 2 -- src/cpu_map/x86_Cooperlake.xml | 2 -- src/cpu_map/x86_GraniteRapids.xml | 2 -- src/cpu_map/x86_Haswell-IBRS.xml | 2 -- src/cpu_map/x86_Haswell-noTSX-IBRS.xml | 2 -- src/cpu_map/x86_Haswell-noTSX.xml | 2 -- src/cpu_map/x86_Haswell.xml | 2 -- src/cpu_map/x86_Icelake-Server-noTSX.xml | 2 -- src/cpu_map/x86_Icelake-Server.xml | 2 -- src/cpu_map/x86_IvyBridge-IBRS.xml | 2 -- src/cpu_map/x86_IvyBridge.xml | 2 -- src/cpu_map/x86_Nehalem-IBRS.xml | 2 -- src/cpu_map/x86_Nehalem.xml | 2 -- src/cpu_map/x86_SandyBridge-IBRS.xml | 2 -- src/cpu_map/x86_SandyBridge.xml | 2 -- src/cpu_map/x86_SapphireRapids.xml | 2 -- src/cpu_map/x86_Skylake-Client-IBRS.xml | 2 -- src/cpu_map/x86_Skylake-Client-noTSX-IBRS.xml | 2 -- src/cpu_map/x86_Skylake-Client.xml | 2 -- src/cpu_map/x86_Skylake-Server-IBRS.xml | 2 -- src/cpu_map/x86_Skylake-Server-noTSX-IBRS.xml | 2 -- src/cpu_map/x86_Skylake-Server.xml | 2 -- src/cpu_map/x86_Snowridge.xml | 2 -- src/cpu_map/x86_Westmere-IBRS.xml | 2 -- src/cpu_map/x86_Westmere.xml | 2 -- src/qemu/qemu_capabilities.c | 19 +++++++---- src/qemu/qemu_command.c | 13 +++++++- src/qemu/qemu_domain.c | 26 +++++++-------- src/qemu/qemu_process.c | 32 ------------------- tests/cputestdata/cpu-data.py | 5 +++ .../x86_64-cpuid-Atom-P5362-enabled.xml | 2 +- .../x86_64-cpuid-Atom-P5362-json.xml | 1 + .../x86_64-cpuid-Cooperlake-enabled.xml | 2 +- .../x86_64-cpuid-Cooperlake-json.xml | 1 + .../x86_64-cpuid-Core-i7-8550U-enabled.xml | 2 +- .../x86_64-cpuid-Core-i7-8550U-json.xml | 1 + ...86_64-cpuid-Xeon-Platinum-9242-enabled.xml | 2 +- .../x86_64-cpuid-Xeon-Platinum-9242-json.xml | 1 + ...-cpuid-baseline-Cooperlake+Cascadelake.xml | 1 + 46 files changed, 53 insertions(+), 123 deletions(-) -- 2.46.2

2 8

[PATCH 0/6] docs: link fixes and improvements
by Peter Krempa 09 Oct '24

09 Oct '24

*** BLURB HERE *** Peter Krempa (6): docs: remote: Replace broken link to article about 'ssh-agent' docs: Reject non-https external links kbase: Fix link in 'merging_disk_image_chains' article docs: Use relative links within the web page docs: newreposetup: Drop section about 'libvirt project server' docs: Prohibit 'external' links within the webpage docs/api_extension.rst | 4 +- docs/issue-handling.rst | 2 +- docs/kbase/backing_chains.rst | 4 +- docs/kbase/debuglogs.rst | 4 +- docs/kbase/internals/incremental-backup.rst | 6 +- docs/kbase/launch_security_sev.rst | 2 +- docs/kbase/live_full_disk_backup.rst | 2 +- docs/kbase/merging_disk_image_chains.rst | 6 +- docs/kbase/rpm-deployment.rst | 2 +- docs/kbase/s390_protected_virt.rst | 2 +- docs/kbase/systemtap.rst | 2 +- docs/meson.build | 4 ++ docs/newreposetup.rst | 34 ----------- docs/remote.rst | 2 +- docs/securityprocess.rst | 2 +- docs/testtck.rst | 2 +- docs/windows.rst | 5 +- scripts/check-html-references.py | 67 +++++++++++++++++++-- 18 files changed, 86 insertions(+), 66 deletions(-) -- 2.46.0

2 7

[PATCH 0/5] network: fix regression in firewalld zone setting
by Laine Stump 08 Oct '24

08 Oct '24

commit v10.7.0-76-g1a72b83d56 improperly assumed that reloading firewalld wouldn't reset the firewalld zone of libvirt-managed bridge devices. This resulted in loss of networking to guests when something on the host triggered a reload of firewalld rules, reported here: https://issues.redhat.com/browse/RHEL-61576 This new series of patches, reverts that commit, along with commit v10.7.0-78-g200f60b2e1, then reimplements their functionality assuming that a firewalld reload *will* reset the zone of all libvirt-managed bridge devices. Laine Stump (5): Revert "network: *un*set the firewalld zone while shutting down a network" Revert "network: support setting firewalld zone for bridge device of open networks" network: call network(Add|Remove)FirewallRules() for forward mode='open' network: a different way of supporting firewalld zone for mode='open' networks network: a different implementation of *un*setting firewalld zone when network is destroyed src/network/bridge_driver.c | 34 +++---- src/network/bridge_driver_linux.c | 140 ++++++++++++++++----------- src/network/bridge_driver_nop.c | 19 ---- src/network/bridge_driver_platform.h | 4 - src/util/virfirewalld.c | 16 +-- 5 files changed, 102 insertions(+), 111 deletions(-) -- 2.46.1

2 7

[PATCH v2 0/1] Add support for RAPL MSRs feature in QEMU
by Anthony Harivel 07 Oct '24

07 Oct '24

Hi, First of all, kudos to Peter Krempa for his fast review! In this v2, I've addressed the following points: - The socket is *not* mandatory and my code totally confused Peter. Sorry about that! here a snippet of the QEMU code to understand: /* Compute the socket path if necessary */ if (s->msr_energy.socket_path == NULL) { s->msr_energy.socket_path = vmsr_compute_default_paths(); } So I made all the modification to make it not necessary. - Change the socket name to "rapl_helper_socket" - Change the socket to be absFilePath - I did not add anything to honour the _OFF state, because it is not necessary to explicitly disable it. That's about it. Regards, Anthony Anthony Harivel (1): qemu: Add support for RAPL MSRs feature docs/formatdomain.rst | 2 ++ src/conf/domain_conf.c | 18 ++++++++++++++++++ src/conf/domain_conf.h | 2 ++ src/conf/schemas/domaincommon.rng | 10 ++++++++++ src/qemu/qemu_command.c | 11 +++++++++++ tests/qemuxmlconfdata/kvm-features-off.xml | 1 + .../kvm-features.x86_64-latest.args | 2 +- tests/qemuxmlconfdata/kvm-features.xml | 1 + 8 files changed, 46 insertions(+), 1 deletion(-) -- 2.46.0

3 14

[PATCH v2 0/4] Add TPM emulator <source file=''/>
by marcandre.lureau＠redhat.com 04 Oct '24

04 Oct '24

From: Marc-André Lureau <marcandre.lureau(a)redhat.com> Hi, When swtpm capabilities reports "nvram-backend-dir", it can accepts a single file or block device where TPM state will be stored. --tpmstate must be backend-uri=file://. v2: - add <source dir='..'/> support as well (Daniel) Related: https://issues.redhat.com/browse/CNV-35250 Marc-André Lureau (4): util: check swtpm nvram-backend-dir capability schema: add TPM emulator <source file='..'> schema: add TPM emulator <source dir='..'> qemu_tpm: handle file/block storage source docs/formatdomain.rst | 18 +++++ src/conf/domain_conf.c | 28 +++++++ src/conf/domain_conf.h | 7 ++ src/conf/schemas/domaincommon.rng | 20 +++++ src/qemu/qemu_tpm.c | 76 +++++++++++++++---- src/util/virtpm.c | 1 + src/util/virtpm.h | 1 + .../qemuxmlconfdata/tpm-emulator-tpm2-enc.xml | 1 + tests/qemuxmlconfdata/tpm-emulator-tpm2.xml | 1 + 9 files changed, 140 insertions(+), 13 deletions(-) -- 2.45.2.827.g557ae147e6

5 22

[PATCH 0/2] add disk hotplug/unplug support to test hypervisor
by John Levon 04 Oct '24

04 Oct '24

John Levon (2): test_driver: provide basic disk hotplug support test_driver: provide basic disk hotunplug support src/test/test_driver.c | 276 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 273 insertions(+), 3 deletions(-) -- 2.34.1

1 2

[PATCH] util: Look for newer name of cpu wait time statistic
by Martin Kletzander 03 Oct '24

03 Oct '24

It looks like linux changed the key for wait time in /proc/<pid>/sched and /proc/<pid>/task/<tid>/sched files in commit ceeadb83aea2 (or around that time) from se.statistics.wait_sum to just wait_sum. Similarly to the previous change (from se.wait_sum) just look for the new name first. Resolves: https://issues.redhat.com/browse/RHEL-60030 Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com> --- src/util/virprocess.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/util/virprocess.c b/src/util/virprocess.c index f1e5e4decd68..dd4bd866102e 100644 --- a/src/util/virprocess.c +++ b/src/util/virprocess.c @@ -1849,8 +1849,10 @@ virProcessGetSchedInfo(unsigned long long *cpuWait, const char *line = lines[i]; /* Needs CONFIG_SCHEDSTATS. The second check + * is the name used before ceeadb83aea2, the third one * is the old name the kernel used in past */ - if (STRPREFIX(line, "se.statistics.wait_sum") || + if (STRPREFIX(line, "wait_sum") || + STRPREFIX(line, "se.statistics.wait_sum") || STRPREFIX(line, "se.wait_sum")) { line = strchr(line, ':'); if (!line) { -- 2.46.2

2 1

[PATCH v7 00/14] qemu: Introduce shared_filesystems configuration option
by Andrea Bolognani 03 Oct '24

03 Oct '24

The need to have something like this in the first place is driven by KubeVirt (see [1] and [2]). A draft version of this series has been integrated into KubeVirt and it has been confirmed that it was effective in removing the need to use LD_PRELOAD hacks in the storage provider. Changes from [v6]: * only skip metadata locking for the swtpm lock file; * other tweaks based on review feedback. Changes from [v5]: * make migration of domains with TPM work (patches 12 and 13); * fixed all typos for "remember"; * added R-bs for Peter's patches. Changes from [v4] (v5 was posted by Peter): * added patch 7 cleaning up a helper function (noticed just while reading the code) * added patch 8 properly unrefing security labels in dac/selinux drivers on outgoing migration * patch 11: added handling of the 'nvram' image file (and refactored the function to allow reuse) Changes from [v3] (v4 was posted by Peter): * patch 2/8 was modified to change the docs for the new option. * patches 1-5 will get an R-b by me as I've adopted them. * patches 6, 9-11 are new. * patches 7, 8 were not part of v3 Changes from [v2]: * added canonicalization for user-provided paths; * fixed compilation issues when AppArmor support is enabled. Changes from [v1]: * documented more explicitly that the newly introduced option is intended for very specific scenarios and not general usage; as part of this, the NEWS update has been dropped too; * made a few tweaks and addressed a few oversight based on review feedback; * several preparatory cleanup patches have been pushed. Changes from [v0]: * reworked approach. [v6] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/7TTR… [v5] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/HNF5… [v4] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/FWR7… [v3] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/PISB… [v2] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/XPCP… [v1] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/XEIS… [v0] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/MMKV… [1] https://issues.redhat.com/browse/CNV-34322 [2] https://issues.redhat.com/browse/CNV-39370 Andrea Bolognani (8): security: Fix alignment qemu: Introduce shared_filesystems configuration option qemu: Propagate shared_filesystems utils: Use overrides in virFileIsSharedFS() qemu: Always set labels for TPM state security: Always forget labels for TPM state directory security: Allow skipping locking when labeling lock files qemu: Handle locking of TPM state directory for incoming migration Peter Krempa (6): virFileIsSharedFSOverride: Export virParseOwnershipIds: Refactor virSecuritySELinuxRestoreImageLabelInt: Move FD image relabeling after 'migrated' check security_(dac|selinux): Unref remembered security labels on outgoing migration storage_source: Add field for skipping seclabel remembering qemu: migration: Don't remember seclabel for images shared from current host src/conf/storage_source_conf.c | 3 + src/conf/storage_source_conf.h | 9 ++ src/libvirt_private.syms | 1 + src/lxc/lxc_controller.c | 3 +- src/lxc/lxc_driver.c | 2 +- src/lxc/lxc_process.c | 4 +- src/qemu/libvirtd_qemu.aug | 3 + src/qemu/qemu.conf.in | 26 +++++ src/qemu/qemu_conf.c | 31 ++++++ src/qemu/qemu_conf.h | 2 + src/qemu/qemu_domain.c | 7 +- src/qemu/qemu_extdevice.c | 2 +- src/qemu/qemu_migration.c | 83 ++++++++++++++-- src/qemu/qemu_security.c | 147 ++++++++++++++++++++-------- src/qemu/qemu_security.h | 6 +- src/qemu/qemu_tpm.c | 51 +++++++--- src/qemu/qemu_tpm.h | 10 +- src/qemu/test_libvirtd_qemu.aug.in | 5 + src/security/security_apparmor.c | 8 +- src/security/security_dac.c | 61 +++++++++--- src/security/security_driver.h | 11 ++- src/security/security_manager.c | 54 ++++++++--- src/security/security_manager.h | 15 ++- src/security/security_nop.c | 5 + src/security/security_selinux.c | 151 +++++++++++++++++++++++------ src/security/security_stack.c | 38 ++++++-- src/util/virfile.c | 63 +++++++++++- src/util/virfile.h | 5 +- src/util/virutil.c | 20 ++-- tests/securityselinuxlabeltest.c | 2 +- tests/virfiletest.c | 2 +- 31 files changed, 666 insertions(+), 164 deletions(-) -- 2.46.2

2 19

[PATCH V2 0/4] Rework qemu internal active snapshots to use QMP
by Nikolai Barybin 03 Oct '24

03 Oct '24

Den, Peter, Daniel thank you for your comments! I'm sending v2 of this patchset. Changes since last revision: - dropped [PATCH 4/4] qemu monitor: reap qemu_monitor_text - added new patch: qemu capabilities: add QEMU_CAPS_SNAPSHOT_SAVE/_DELETE - preserved old-style snapshotting (HMP savevm) in case we have QEMU < 6.0 - enhanced requirements for allowing snapshotting. All writable disks should be qcow2, non-shared. If such disks exist and we have qcow2 NVRAM, add NVRAM device to the list of wrdevs. But never save vmstate to NVRAM - make char** wrdevs list allocation inside qemuSnapshotActiveInternalGetWrdevListHelper() Nikolai Barybin (4): qemu monitor: add snaphot-save/delete QMP commands qemu blockjob: add snapshot-save/delete job types qemu capabilities: add QEMU_CAPS_SNAPSHOT_SAVE/_DELETE qemu snapshot: use QMP snapshot-save/delete for internal snapshots src/qemu/qemu_block.c | 2 + src/qemu/qemu_blockjob.c | 6 +- src/qemu/qemu_blockjob.h | 2 + src/qemu/qemu_capabilities.c | 4 + src/qemu/qemu_capabilities.h | 2 + src/qemu/qemu_domain.c | 4 + src/qemu/qemu_monitor.c | 30 +++ src/qemu/qemu_monitor.h | 13 ++ src/qemu/qemu_monitor_json.c | 66 ++++++ src/qemu/qemu_monitor_json.h | 13 ++ src/qemu/qemu_snapshot.c | 207 ++++++++++++++++-- .../caps_6.0.0_aarch64.xml | 2 + .../qemucapabilitiesdata/caps_6.0.0_s390x.xml | 2 + .../caps_6.0.0_x86_64.xml | 2 + .../caps_6.1.0_x86_64.xml | 2 + .../caps_6.2.0_aarch64.xml | 2 + .../qemucapabilitiesdata/caps_6.2.0_ppc64.xml | 2 + .../caps_6.2.0_x86_64.xml | 2 + .../caps_7.0.0_aarch64+hvf.xml | 2 + .../caps_7.0.0_aarch64.xml | 2 + .../qemucapabilitiesdata/caps_7.0.0_ppc64.xml | 2 + .../caps_7.0.0_x86_64.xml | 2 + .../qemucapabilitiesdata/caps_7.1.0_ppc64.xml | 2 + .../caps_7.1.0_x86_64.xml | 2 + tests/qemucapabilitiesdata/caps_7.2.0_ppc.xml | 2 + .../caps_7.2.0_x86_64+hvf.xml | 2 + .../caps_7.2.0_x86_64.xml | 2 + .../caps_8.0.0_riscv64.xml | 2 + .../caps_8.0.0_x86_64.xml | 2 + .../qemucapabilitiesdata/caps_8.1.0_s390x.xml | 2 + .../caps_8.1.0_x86_64.xml | 2 + .../caps_8.2.0_aarch64.xml | 2 + .../caps_8.2.0_armv7l.xml | 2 + .../caps_8.2.0_loongarch64.xml | 2 + .../qemucapabilitiesdata/caps_8.2.0_s390x.xml | 2 + .../caps_8.2.0_x86_64.xml | 2 + .../qemucapabilitiesdata/caps_9.0.0_sparc.xml | 2 + .../caps_9.0.0_x86_64.xml | 2 + .../caps_9.1.0_x86_64.xml | 2 + 39 files changed, 391 insertions(+), 14 deletions(-) -- 2.43.5

2 14