[PATCH 0/4] Protect secret values stored on disk with TPM
by Michal Privoznik
Secret values are stored effectively in plaintext on a disk and we rely
on file perms to secure them. But with systemd-cred we can use system's
TPM chip and encrypt them.
Such secrets won't be transferable to another system by simply copying
files stored on disk, but: a) that's not recommended way anyway, b)
one can argue secrets shouldn't be migrated anyway.
Future work consists of encrypting secret values even when stored in
memory, as it's now possible to obtain secrets by dumping memory of
virsecretd. Though, to dump a memory admin rights are required at which
point users can just read values stored on disk (which is not true for
ephemeral secrets).
Michal Prívozník (4):
virsecret: Introduce APIs to talk to systemd-cred
conf: Introduce @tpm attribute to <secret/>
virsecretobj: Encrypt/decrypt secrets using TPM
NEWS: Document new virSecret TPM feature
NEWS.rst | 6 +
docs/formatsecret.rst | 8 +-
src/conf/schemas/secret.rng | 5 +
src/conf/secret_conf.c | 17 +++
src/conf/secret_conf.h | 2 +
src/conf/virsecretobj.c | 32 ++++-
src/libvirt_private.syms | 3 +
src/secret/secret_driver.c | 7 +
src/util/virsecret.c | 170 +++++++++++++++++++++++
src/util/virsecret.h | 10 ++
tests/secretxml2xmlin/usage-tpm-vtpm.xml | 7 +
tests/secretxml2xmltest.c | 1 +
12 files changed, 263 insertions(+), 5 deletions(-)
create mode 100644 tests/secretxml2xmlin/usage-tpm-vtpm.xml
--
2.43.0
9 months, 1 week
[PATCH 0/2] docs: domain: Fixes
by Peter Krempa
Peter Krempa (2):
docs: domain: Fix broken rST clauses
docs: domain: Fix iothread to virtqueue mapping example
docs/formatdomain.rst | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
--
2.43.0
9 months, 1 week
[PATCH 0/2] Add locking option for disk
by Hiroki Narukawa
There is a case that Linux has a bug and unlocking does not work properly like this:
https://lore.kernel.org/lkml/20230608084609.14245-1-zhangjiachen.jaycee@b...
Especiall in the situation that live migration source node has this kind of bug, destination must not locking, or otherwise VM stops when live migration runs.
There commits add workaround for this kind of problems.
Could you take a look?
Especially following is points I could not make sure:
In the first commit, I wrote explanation on file section in the document, but placed parser and formatter in virDomainStorageSourceParse and virDomainStorageSourceParse because locking can be common if added to other backends. Is it good to place here, or is there some better location to place?
Hiroki Narukawa (2):
conf: add locking option to disk source
qemu_block: add locking option
docs/formatdomain.rst | 5 ++++
src/conf/domain_conf.c | 8 +++++++
src/conf/schemas/domaincommon.rng | 5 ++++
src/conf/storage_source_conf.h | 3 +++
src/qemu/qemu_block.c | 7 ++++++
tests/qemublocktest.c | 1 +
...le-raw-aio_native-locking-off-srconly.json | 10 ++++++++
.../file-raw-aio_native-locking-off.json | 23 +++++++++++++++++++
.../file-raw-aio_native-locking-off.xml | 12 ++++++++++
9 files changed, 74 insertions(+)
create mode 100644 tests/qemublocktestdata/xml2json/file-raw-aio_native-locking-off-srconly.json
create mode 100644 tests/qemublocktestdata/xml2json/file-raw-aio_native-locking-off.json
create mode 100644 tests/qemublocktestdata/xml2json/file-raw-aio_native-locking-off.xml
--
2.25.1
9 months, 1 week
[PATCH v2 00/11] nodedev state and update
by Boris Fiuczynski
The series add a dual state to the mdev node devices as these objects
can be active and defined at the same time. These two states can
become different. To be able to also introspect the persisted and
transient nodedevs filtering is added. To be able to also dump the XML
of an inactive state while the node device is active a new option is
added.
The last three patches add the capability to update a mdev node device.
This can be done on the persisted configuration, on the active
configuration or on both. To support this v1.3.0 of mdevctl is required.
Changes since v1:
* replaced spec file requirement for v1.3.0 of mdevctl by a dynamic
support check and an unsupported message if not available.
* removed persisted precheck in virsh
* renamed persisted and persist into persistent
* addressed all other review comments made on v1
* added NEWS
Boris Fiuczynski (11):
virmdev: prepare type and attributes for dual state
node_device: refactor mdev attributes handling
node_device: remove unnecessary checks in virNodeDeviceDefFormat
nodedev: add an active config to mdev
tools: add option inactive to nodedev-dumpxml
nodedev: add persisted and transient filter on list
tools: add switches persisted and transient to nodedev-list
virsh: doc fix on nodedev-list
api: add virNodeDeviceUpdate()
nodedev: Implement virNodeDeviceUpdateXML
virsh: add nodedev-update
NEWS.rst | 7 +
docs/manpages/virsh.rst | 36 +-
include/libvirt/libvirt-nodedev.h | 31 ++
libvirt.spec.in | 1 +
src/access/viraccessperm.c | 1 +
src/access/viraccessperm.h | 6 +
src/conf/node_device_conf.c | 76 +--
src/conf/node_device_conf.h | 14 +-
src/conf/virnodedeviceobj.c | 50 ++
src/conf/virnodedeviceobj.h | 3 +
src/driver-nodedev.h | 6 +
src/libvirt-nodedev.c | 47 +-
src/libvirt_private.syms | 1 +
src/libvirt_public.syms | 5 +
src/node_device/node_device_driver.c | 459 +++++++++++++++---
src/node_device/node_device_driver.h | 17 +-
src/node_device/node_device_udev.c | 5 +-
src/remote/remote_driver.c | 1 +
src/remote/remote_protocol.x | 17 +-
src/remote_protocol-structs | 6 +
src/test/test_driver.c | 6 +-
src/util/virmdev.h | 6 +
...60c_c60c_c60c_c60c_c60cc60cc60c_update.xml | 16 +
tests/nodedevmdevctldata/mdevctl-modify.argv | 25 +
tests/nodedevmdevctldata/mdevctl-modify.json | 1 +
tests/nodedevmdevctltest.c | 94 +++-
...v_c60cc60c_c60c_c60c_c60c_c60cc60cc60c.xml | 14 +
...d_b7f0_4fea_b468_f1da537d301b_inactive.xml | 1 +
...v_c60cc60c_c60c_c60c_c60c_c60cc60cc60c.xml | 10 +
...c_c60c_c60c_c60c_c60cc60cc60c_inactive.xml | 9 +
...9_36ea_4111_8f0a_8c9a70e21366_inactive.xml | 1 +
...9_495e_4243_ad9f_beb3f14c23d9_inactive.xml | 1 +
...4_f554_4dc1_809d_b2a01e8e48ad_inactive.xml | 8 +
...6_1ca8_49ac_b176_871d16c13076_inactive.xml | 1 +
tests/nodedevxml2xmltest.c | 59 ++-
tools/virsh-nodedev.c | 132 ++++-
36 files changed, 1030 insertions(+), 143 deletions(-)
create mode 100644 tests/nodedevmdevctldata/mdev_c60cc60c_c60c_c60c_c60c_c60cc60cc60c_update.xml
create mode 100644 tests/nodedevmdevctldata/mdevctl-modify.argv
create mode 100644 tests/nodedevmdevctldata/mdevctl-modify.json
create mode 100644 tests/nodedevschemadata/mdev_c60cc60c_c60c_c60c_c60c_c60cc60cc60c.xml
create mode 120000 tests/nodedevxml2xmlout/mdev_3627463d_b7f0_4fea_b468_f1da537d301b_inactive.xml
create mode 100644 tests/nodedevxml2xmlout/mdev_c60cc60c_c60c_c60c_c60c_c60cc60cc60c.xml
create mode 100644 tests/nodedevxml2xmlout/mdev_c60cc60c_c60c_c60c_c60c_c60cc60cc60c_inactive.xml
create mode 120000 tests/nodedevxml2xmlout/mdev_d069d019_36ea_4111_8f0a_8c9a70e21366_inactive.xml
create mode 120000 tests/nodedevxml2xmlout/mdev_d2441d39_495e_4243_ad9f_beb3f14c23d9_inactive.xml
create mode 100644 tests/nodedevxml2xmlout/mdev_ee0b88c4_f554_4dc1_809d_b2a01e8e48ad_inactive.xml
create mode 120000 tests/nodedevxml2xmlout/mdev_fedc4916_1ca8_49ac_b176_871d16c13076_inactive.xml
--
2.42.0
9 months, 1 week
[PUSHED PATCH] spec: Explicitly disable userfaultfd_sysctl for mingw
by Jiri Denemark
The %meson* macros pass --auto-features=enabled to enable all "auto"
features, which means we have to explicitly disable them.
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
Notes:
Pushed as a build breaker.
libvirt.spec.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/libvirt.spec.in b/libvirt.spec.in
index c5ba4b632f..49ce717e1b 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1452,6 +1452,7 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/libvirt.spec)
-Dstorage_vstorage=disabled \
-Dstorage_zfs=disabled \
-Dsysctl_config=disabled \
+ -Duserfaultfd_sysctl=disabled \
-Dtests=disabled \
-Dudev=disabled \
-Dwireshark_dissector=disabled \
--
2.43.0
9 months, 1 week
[PATCH] virsh: completer for --type of commands find-storage-pool-sources and find-storage-pool-sources-as
by Adam Julis
Signed-off-by: Adam Julis <ajulis(a)redhat.com>
---
tools/virsh-completer-pool.c | 11 +++++++++++
tools/virsh-completer-pool.h | 5 +++++
tools/virsh-pool.c | 2 ++
3 files changed, 18 insertions(+)
diff --git a/tools/virsh-completer-pool.c b/tools/virsh-completer-pool.c
index 0600394411..1081e5c10c 100644
--- a/tools/virsh-completer-pool.c
+++ b/tools/virsh-completer-pool.c
@@ -66,6 +66,17 @@ virshStoragePoolNameCompleter(vshControl *ctl,
}
+char **
+virshStoragePoolTypeCompleter(vshControl *ctl G_GNUC_UNUSED,
+ const vshCmd *cmd G_GNUC_UNUSED,
+ unsigned int flags)
+{
+ virCheckFlags(0, NULL);
+
+ return virshEnumComplete(VIR_STORAGE_POOL_LAST, virStoragePoolTypeToString);
+}
+
+
char **
virshPoolEventNameCompleter(vshControl *ctl G_GNUC_UNUSED,
const vshCmd *cmd G_GNUC_UNUSED,
diff --git a/tools/virsh-completer-pool.h b/tools/virsh-completer-pool.h
index 059b6ba9e0..5a051d2aeb 100644
--- a/tools/virsh-completer-pool.h
+++ b/tools/virsh-completer-pool.h
@@ -32,6 +32,11 @@ virshPoolEventNameCompleter(vshControl *ctl,
const vshCmd *cmd,
unsigned int flags);
+char **
+virshStoragePoolTypeCompleter(vshControl *ctl,
+ const vshCmd *cmd,
+ unsigned int completerflags);
+
char **
virshPoolTypeCompleter(vshControl *ctl,
const vshCmd *cmd,
diff --git a/tools/virsh-pool.c b/tools/virsh-pool.c
index 36f00cf643..db5cb6306c 100644
--- a/tools/virsh-pool.c
+++ b/tools/virsh-pool.c
@@ -1414,6 +1414,7 @@ static const vshCmdOptDef opts_find_storage_pool_sources_as[] = {
{.name = "type",
.type = VSH_OT_DATA,
.flags = VSH_OFLAG_REQ,
+ .completer = virshStoragePoolTypeCompleter,
.help = N_("type of storage pool sources to find")
},
{.name = "host",
@@ -1501,6 +1502,7 @@ static const vshCmdOptDef opts_find_storage_pool_sources[] = {
{.name = "type",
.type = VSH_OT_DATA,
.flags = VSH_OFLAG_REQ,
+ .completer = virshStoragePoolTypeCompleter,
.help = N_("type of storage pool sources to discover")
},
{.name = "srcSpec",
--
2.43.0
9 months, 2 weeks
[libvirt PATCH v2 0/3] qemu: Add support for /dev/userfaultfd
by Jiri Denemark
Jiri Denemark (3):
qemu: Add support for /dev/userfaultfd
build: Add userfaultfd_sysctl build option
spec: Disable with_userfaultfd_sysctl on Fedora and RHEL-9
libvirt.spec.in | 16 +++++++++++
meson.build | 8 ++++++
meson_options.txt | 1 +
src/qemu/meson.build | 2 +-
src/qemu/qemu.conf.in | 3 +-
src/qemu/qemu_cgroup.c | 1 +
src/qemu/qemu_process.c | 38 +++++++++++++++++++++++++
src/qemu/qemu_security.c | 45 ++++++++++++++++++++++++++++++
src/qemu/qemu_security.h | 5 ++++
src/qemu/test_libvirtd_qemu.aug.in | 1 +
10 files changed, 118 insertions(+), 2 deletions(-)
--
2.43.0
9 months, 2 weeks
[PATCH 0/4] char: Minor fixes, and a tighter QAPI schema
by Markus Armbruster
Markus Armbruster (4):
chardev/parallel: Don't close stdin on inappropriate device
tests/unit/test-char: Fix qemu_socket(), make_udp_socket() check
qapi/char: Make backend types properly conditional
qapi/char: Deprecate backend type "memory"
docs/about/deprecated.rst | 8 ++++++++
qapi/char.json | 28 +++++++++++++++++-----------
include/qemu/osdep.h | 9 ++++++++-
chardev/char-parallel.c | 7 +++++--
tests/unit/test-char.c | 25 +++++++++++++++++++++++--
chardev/meson.build | 4 +---
6 files changed, 62 insertions(+), 19 deletions(-)
--
2.43.0
9 months, 2 weeks
