March 2024 - Devel - Libvirt List Archives

[PATCH 00/10] qemu: Introduce shared_filesystems configuration option

by Andrea Bolognani

An alternative take on [1] based on review feedback. The need to have something like this in the first place is driven by KubeVirt (see [2] and [3]). A draft version of this series has been integrated into KubeVirt and it has been confirmed that it was effective in removing the need to use LD_PRELOAD hacks in the storage provider. CC'ing Stefan so he can have a look at the TPM part and shout if I've gotten anything wrong :) [1] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/MM... [2] https://issues.redhat.com/browse/CNV-34322 [3] https://issues.redhat.com/browse/CNV-39370 Andrea Bolognani (10): security: Fix alignment security: Fix name for _virSecurityDACChardevCallbackData security: Drop virSecurity(DAC|SELinux)RestoreImageLabelSingle() security: Drop virSecurity(DAC|SELinux)SetImageLabelRelative() qemu: Tweak augeas schema qemu: Introduce shared_filesystems configuration option qemu: Propagate shared_filesystems utils: Use overrides in virFileIsSharedFS() qemu: Always set labels for TPM state NEWS: Document qemu shared_filesystems option NEWS.rst | 7 +++ src/lxc/lxc_controller.c | 2 +- src/lxc/lxc_driver.c | 2 +- src/lxc/lxc_process.c | 4 +- src/qemu/libvirtd_qemu.aug | 11 ++-- src/qemu/qemu.conf.in | 17 ++++++ src/qemu/qemu_conf.c | 17 ++++++ src/qemu/qemu_conf.h | 2 + src/qemu/qemu_domain.c | 2 +- src/qemu/qemu_extdevice.c | 2 +- src/qemu/qemu_migration.c | 12 ++-- src/qemu/qemu_security.c | 14 ++++- src/qemu/qemu_tpm.c | 36 ++++++------ src/qemu/qemu_tpm.h | 8 ++- src/qemu/test_libvirtd_qemu.aug.in | 5 ++ src/security/security_apparmor.c | 2 + src/security/security_dac.c | 67 +++++++++------------- src/security/security_driver.h | 4 ++ src/security/security_manager.c | 34 +++++++----- src/security/security_manager.h | 20 ++++--- src/security/security_nop.c | 4 ++ src/security/security_selinux.c | 58 ++++++++----------- src/security/security_stack.c | 16 ++++-- src/util/virfile.c | 89 +++++++++++++++++++++++++----- src/util/virfile.h | 3 +- tests/securityselinuxlabeltest.c | 2 +- tests/virfiletest.c | 2 +- 27 files changed, 289 insertions(+), 153 deletions(-) -- 2.44.0

11 months, 3 weeks

4
44
0 / 0

[PATCH-for-9.1 v2 00/21] hw/i386: Remove deprecated pc-i440fx-2.0 -> 2.3 machines

by Philippe Mathieu-Daudé

Missing review: 4-6, 10-12, 16, 19-20 Since v1: - Addressed Zhao and Thomas review comments - Removal around ICH9 acpi_memory_hotplug (Thomas) Kill legacy code, because we need to evolve. I ended there via dynamic machine -> ICH9 -> legacy ACPI... This should also help Igor cleanups: http://lore.kernel.org/qemu-devel/20240326171632.3cc7533d@imammedo.users.... Philippe Mathieu-Daudé (21): hw/i386/pc: Remove deprecated pc-i440fx-2.0 machine hw/usb/hcd-xhci: Remove XHCI_FLAG_FORCE_PCIE_ENDCAP flag hw/usb/hcd-xhci: Remove XHCI_FLAG_SS_FIRST flag hw/i386/acpi: Remove PCMachineClass::legacy_acpi_table_size hw/acpi/ich9: Remove 'memory-hotplug-support' property hw/acpi/ich9: Remove dead code related to 'acpi_memory_hotplug' hw/i386/pc: Remove deprecated pc-i440fx-2.1 machine target/i386/kvm: Remove x86_cpu_change_kvm_default() and 'kvm-cpu.h' hw/i386/pc: Remove PCMachineClass::smbios_uuid_encoded hw/smbios: Remove 'uuid_encoded' argument from smbios_set_defaults() hw/smbios: Remove 'smbios_uuid_encoded', simplify smbios_encode_uuid() hw/i386/pc: Remove PCMachineClass::enforce_aligned_dimm hw/mem/pc-dimm: Remove legacy_align argument from pc_dimm_pre_plug() hw/mem/memory-device: Remove legacy_align from memory_device_pre_plug() hw/i386/pc: Remove deprecated pc-i440fx-2.2 machine hw/i386/pc: Remove PCMachineClass::resizable_acpi_blob hw/i386/pc: Remove PCMachineClass::rsdp_in_ram hw/i386/acpi: Remove AcpiBuildState::rsdp field hw/i386/pc: Remove 2.3 and deprecate 2.4 to 2.7 pc-i440fx machines target/i386: Remove X86CPU::kvm_no_smi_migration field hw/i386/pc: Replace PCMachineClass::acpi_data_size by PC_ACPI_DATA_SIZE docs/about/deprecated.rst | 2 +- docs/about/removed-features.rst | 2 +- hw/usb/hcd-xhci.h | 4 +- include/hw/firmware/smbios.h | 3 +- include/hw/i386/pc.h | 22 ------ include/hw/mem/memory-device.h | 2 +- include/hw/mem/pc-dimm.h | 3 +- target/i386/cpu.h | 3 - target/i386/kvm/kvm-cpu.h | 41 ---------- hw/acpi/ich9.c | 46 ++--------- hw/arm/virt.c | 5 +- hw/i386/acpi-build.c | 95 ++--------------------- hw/i386/fw_cfg.c | 3 +- hw/i386/pc.c | 107 ++++---------------------- hw/i386/pc_piix.c | 101 ------------------------ hw/loongarch/virt.c | 4 +- hw/mem/memory-device.c | 12 +-- hw/mem/pc-dimm.c | 6 +- hw/ppc/spapr.c | 2 +- hw/riscv/virt.c | 2 +- hw/smbios/smbios.c | 13 +--- hw/usb/hcd-xhci-nec.c | 4 - hw/usb/hcd-xhci-pci.c | 4 +- hw/usb/hcd-xhci.c | 42 ++-------- hw/virtio/virtio-md-pci.c | 2 +- target/i386/cpu.c | 2 - target/i386/kvm/kvm-cpu.c | 3 +- target/i386/kvm/kvm.c | 7 +- tests/avocado/mem-addr-space-check.py | 3 +- 29 files changed, 64 insertions(+), 481 deletions(-) delete mode 100644 target/i386/kvm/kvm-cpu.h -- 2.41.0

12 months

3
50
0 / 0

[PATCH] qemu: Add sysusers config file for qemu & kvm user/groups

by tim＠siosm.fr

Install a systemd sysusers config file for the qemu & kvm user/groups. We can not use the sysusers_create_compat macro in the RPM specfile to create those users as we want to keep the specfile standalone and not relying on additionnal files. Update the specfile to make the commands closer to what is generated by the current macro. See: https://src.fedoraproject.org/rpms/libvirt/pull-request/22 See: https://gitlab.com/libvirt/libvirt/-/merge_requests/319 See: https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/ Based on previous work by: Peter Krempa <pkrempa(a)redhat.com> Signed-off-by: Timothée Ravier <tim(a)siosm.fr> --- libvirt.spec.in | 21 +++++++++++++-------- src/qemu/libvirt-qemu.sysusers.conf | 4 ++++ src/qemu/meson.build | 7 +++++++ 3 files changed, 24 insertions(+), 8 deletions(-) create mode 100644 src/qemu/libvirt-qemu.sysusers.conf diff --git a/libvirt.spec.in b/libvirt.spec.in index 8413e3c19a..a411ac6515 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1473,6 +1473,7 @@ chmod 600 $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/nwfilter/*.xml %if ! %{with_qemu} rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/libvirtd_qemu.aug rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/tests/test_libvirtd_qemu.aug +rm -f $RPM_BUILD_ROOT%{_sysusersdir}/libvirt-qemu.conf %endif %find_lang %{name} @@ -1834,16 +1835,19 @@ exit 0 %pre daemon-driver-qemu %libvirt_sysconfig_pre virtqemud %libvirt_systemd_unix_pre virtqemud + # We want soft static allocation of well-known ids, as disk images -# are commonly shared across NFS mounts by id rather than name; see -# https://fedoraproject.org/wiki/Packaging:UsersAndGroups -getent group kvm >/dev/null || groupadd -f -g 36 -r kvm -getent group qemu >/dev/null || groupadd -f -g 107 -r qemu -if ! getent passwd qemu >/dev/null; then - if ! getent passwd 107 >/dev/null; then - useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" qemu +# are commonly shared across NFS mounts by id rather than name. +# See https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/ +# We can not use the sysusers_create_compat macro here as we want to keep the +# specfile standalone and not relying on additionnal files. +getent group 'kvm' >/dev/null || groupadd -f -g '36' -r 'kvm' || : +getent group 'qemu' >/dev/null || groupadd -f -g '107' -r 'qemu' || : +if ! getent passwd 'qemu' >/dev/null; then + if ! getent passwd '107' >/dev/null; then + useradd -r -u '107' -g 'qemu' -G 'kvm' -d '/' -s '/sbin/nologin' -c 'qemu user' 'qemu' || : else - useradd -r -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" qemu + useradd -r -g 'qemu' -G 'kvm' -d '/' -s '/sbin/nologin' -c 'qemu user' 'qemu' || : fi fi exit 0 @@ -2246,6 +2250,7 @@ exit 0 %{_bindir}/virt-qemu-run %{_mandir}/man1/virt-qemu-run.1* %{_mandir}/man8/virtqemud.8* +%{_sysusersdir}/libvirt-qemu.conf %endif %if %{with_lxc} diff --git a/src/qemu/libvirt-qemu.sysusers.conf b/src/qemu/libvirt-qemu.sysusers.conf new file mode 100644 index 0000000000..3189191e73 --- /dev/null +++ b/src/qemu/libvirt-qemu.sysusers.conf @@ -0,0 +1,4 @@ +g kvm 36 +g qemu 107 +u qemu 107:qemu "qemu user" - - +m qemu kvm diff --git a/src/qemu/meson.build b/src/qemu/meson.build index 4c3e1dee78..7a0e908a66 100644 --- a/src/qemu/meson.build +++ b/src/qemu/meson.build @@ -160,6 +160,13 @@ if conf.has('WITH_QEMU') configuration: qemu_user_group_hack_conf, ) + # Install the sysuser config for the qemu driver + install_data( + 'libvirt-qemu.sysusers.conf', + install_dir: prefix / 'lib' / 'sysusers.d', + rename: [ 'libvirt-qemu.conf' ], + ) + virt_conf_files += qemu_conf virt_aug_files += files('libvirtd_qemu.aug') virt_test_aug_files += { -- 2.43.0

1 year

3
4
0 / 0

[RFC PATCH 0/2] One memory leak fix and one question

by Marc Hartmayer

Marc Hartmayer (2): node_device_conf: virNodeDeviceGetSCSITargetCaps: fix memory leak TODO virNodeDeviceUpdateCaps: checks missing? src/conf/node_device_conf.c | 37 ++++++++++++++++--------------------- 1 file changed, 16 insertions(+), 21 deletions(-) -- 2.34.1

1 year

2
10
0 / 0

[RFC] virsysinfo: Try reading DMI table

by brett.holman＠canonical.com

This patch intends to add DMI support to libvirt for RISC-V and mips. This is based on commit ec6ce6363, which added ARM support. This is untested, as I've been unable to find hardware to test this on. src/util/virsysinfo.c | 2 ++ 1 file changed, 2 insertions(+) Cheers, Brett Holman P.S. This is my first post on this mailing list, I believe that I've followed

1 year

5
8
0 / 0

[PATCH] Extend libvirt-guests to shutdown only persistent VMs

by Benjamin Taubmann

At the moment, there is no configuration option for the libvirt-guests service that allows users to define that only persistent virtual machines should be shutdown on host shutdown. Currently, the service config allows to choose between two ON_SHUTDOWN actions that are executed on running virtual machines when the host goes down: shutdown, suspend. The ON_SHUTDOWN action should be orthogonal to the type of the virtual machine. However, the existing implementation, does not suspend transient virtual machines. This is the matrix of actions that is executed on virtual machines based on the configured ON_SHUTDOWN action and the type of a virtual machine. | persistent | transient shutdown | shutdown | shutdown (what we want to change) suspend | suspend | nothing Add config option PERSISTENT_ONLY to libvirt-guests config that allows users to define if the ON_SHUTDOWN action should be applied only on persistent virtual machines. PERSISTENT_ONLY can be set to true, false, default. The default option will implement the already existing logic. Case 1: PERSISTENT_ONLY=default | persistent | transient shutdown | shutdown | shutdown suspend | suspend | nothing Case 2: PERSISTENT_ONLY=true | persistent | transient shutdown | shutdown | nothing suspend | suspend | nothing Case 3: PERSISTENT_ONLY=false | persistent | transient shutdown | shutdown | shutdown suspend | suspend | suspend Change-Id: Ib03013d00b3ec60716287dad4743a038cf000763 --- tools/libvirt-guests.sh.in | 37 ++++++++++++++++++++++++++++++------- 1 file changed, 30 insertions(+), 7 deletions(-) diff --git a/tools/libvirt-guests.sh.in b/tools/libvirt-guests.sh.in index 344b54390a..c3c5954e17 100644 --- a/tools/libvirt-guests.sh.in +++ b/tools/libvirt-guests.sh.in @@ -38,6 +38,7 @@ PARALLEL_SHUTDOWN=0 START_DELAY=0 BYPASS_CACHE=0 SYNC_TIME=0 +PERSISTENT_ONLY="default" test -f "$initconfdir"/libvirt-guests && . "$initconfdir"/libvirt-guests @@ -438,14 +439,16 @@ shutdown_guests_parallel() # stop # Shutdown or save guests on the configured uris stop() { - local suspending="true" local uri= + local action="suspend" + local persistent_only="default" + # last stop was not followed by start [ -f "$LISTFILE" ] && return 0 if [ "x$ON_SHUTDOWN" = xshutdown ]; then - suspending="false" + action="shutdown" if [ $SHUTDOWN_TIMEOUT -lt 0 ]; then gettext "SHUTDOWN_TIMEOUT must be equal or greater than 0" echo @@ -454,6 +457,22 @@ stop() { fi fi + case "x$PERSISTENT_ONLY" in + xtrue) + persistent_only="true" + ;; + xfalse) + persistent_only="false" + ;; + *) + if [ "x$action" = xshutdown ]; then + persistent_only="false" + elif [ "x$action" = xsuspend ]; then + persistent_only="true" + fi + ;; + esac + : >"$LISTFILE" set -f for uri in $URIS; do @@ -478,7 +497,7 @@ stop() { echo fi - if "$suspending"; then + if "$persistent_only"; then local transient="$(list_guests "$uri" "--transient")" if [ $? -eq 0 ]; then local empty="true" @@ -486,7 +505,11 @@ stop() { for uuid in $transient; do if "$empty"; then - eval_gettext "Not suspending transient guests on URI: \$uri: " + if [ "x$action" = xsuspend ]; then + eval_gettext "Not suspending transient guests on URI: \$uri: " + else + eval_gettext "Not shutting down transient guests on URI: \$uri: " + fi empty="false" else printf ", " @@ -520,19 +543,19 @@ stop() { if [ -s "$LISTFILE" ]; then while read uri list; do - if "$suspending"; then + if [ "x$action" = xsuspend ]; then eval_gettext "Suspending guests on \$uri URI..."; echo else eval_gettext "Shutting down guests on \$uri URI..."; echo fi if [ "$PARALLEL_SHUTDOWN" -gt 1 ] && - ! "$suspending"; then + [ "x$action" = xshutdown ]; then shutdown_guests_parallel "$uri" "$list" else local guest= for guest in $list; do - if "$suspending"; then + if [ "x$action" = xsuspend ]; then suspend_guest "$uri" "$guest" else shutdown_guest "$uri" "$guest" -- 2.39.2

1 year

4
5
0 / 0

[PATCH for-9.0] docs/about: Mark the iaspc machine type as deprecated

by Igor Mammedov

ISAPC machine was introduced 25 years ago and it's a lot of time since such machine was around with real ISA only PC hardware practically defunct. Also it's slowly bit-rots (for example: I was able to boot RHEL6 on RHEL9 host in only TCG mode, while in KVM mode it hung in the middle of boot) Rather than spending time on fixing 'the oldest' no longer tested machine type, deprecate it so we can clean up QEMU code from legacy fixups and hopefully make it easier to follow. Folks who have to use ancient guest that requires ISAPC can still use older QEMU to play with it. Signed-off-by: Igor Mammedov <imammedo(a)redhat.com> --- docs/about/deprecated.rst | 7 +++++++ hw/i386/pc_piix.c | 1 + 2 files changed, 8 insertions(+) diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst index 7b548519b5..5708296991 100644 --- a/docs/about/deprecated.rst +++ b/docs/about/deprecated.rst @@ -226,6 +226,13 @@ These old machine types are quite neglected nowadays and thus might have various pitfalls with regards to live migration. Use a newer machine type instead. +``isapc`` (since 9.0) +''''''''''''''''''''''''''''''''''''''''''''''''''''' + +These old machine type are quite neglected nowadays and thus might have +various pitfalls with regards to live migration. Use a newer machine type +instead. + Nios II ``10m50-ghrd`` and ``nios2-generic-nommu`` machines (since 8.2) ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c index 18ba076609..96f72384dd 100644 --- a/hw/i386/pc_piix.c +++ b/hw/i386/pc_piix.c @@ -921,6 +921,7 @@ static void isapc_machine_options(MachineClass *m) m->default_nic = "ne2k_isa"; m->default_cpu_type = X86_CPU_TYPE_NAME("486"); m->no_parallel = !module_object_class_by_name(TYPE_ISA_PARALLEL); + m->deprecation_reason = "old and unattended - use a newer version instead"; } DEFINE_PC_MACHINE(isapc, "isapc", pc_init_isa, -- 2.43.0

1 year

10
22
0 / 0

[PATCH v2 1/1] remote: properly initialize objects in ACL helpers

by Denis V. Lunev

Commit 2ecdf259299813c2c674377e22a0acbce5ccbbb2 was intended to implement two things: reduce stack usage inside ACL helpers and minimally initialize virDomainDef object to avoid passing garbage inside validation framework. Though original commit has not touched other ACL helpers. This patch adds proper clauses to remoteRelayNetworkEventCheckACL remoteRelayStoragePoolEventCheckACL remoteRelayNodeDeviceEventCheckACL remoteRelaySecretEventCheckACL Signed-off-by: Denis V. Lunev <den(a)openvz.org> CC: Peter Krempa <pkrempa(a)redhat.com> CC: Roman Grigoriev <rgrigoriev(a)astralinux.ru> --- src/remote/remote_daemon_dispatch.c | 32 ++++++++++++++--------------- 1 file changed, 16 insertions(+), 16 deletions(-) Changes from v1: * g_autoptr is replaced with g_autofree upon reached consensus * patch 1 in series has been dropped diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon_dispatch.c index aaabd1e56c..b566a510b8 100644 --- a/src/remote/remote_daemon_dispatch.c +++ b/src/remote/remote_daemon_dispatch.c @@ -180,21 +180,21 @@ static bool remoteRelayNetworkEventCheckACL(virNetServerClient *client, virConnectPtr conn, virNetworkPtr net) { - virNetworkDef def; + g_autofree virNetworkDef *def = g_new0(virNetworkDef, 1); g_autoptr(virIdentity) identity = NULL; bool ret = false; /* For now, we just create a virNetworkDef with enough contents to * satisfy what viraccessdriverpolkit.c references. This is a bit * fragile, but I don't know of anything better. */ - def.name = net->name; - memcpy(def.uuid, net->uuid, VIR_UUID_BUFLEN); + def->name = net->name; + memcpy(def->uuid, net->uuid, VIR_UUID_BUFLEN); if (!(identity = virNetServerClientGetIdentity(client))) goto cleanup; if (virIdentitySetCurrent(identity) < 0) goto cleanup; - ret = virConnectNetworkEventRegisterAnyCheckACL(conn, &def); + ret = virConnectNetworkEventRegisterAnyCheckACL(conn, def); cleanup: ignore_value(virIdentitySetCurrent(NULL)); @@ -206,21 +206,21 @@ remoteRelayStoragePoolEventCheckACL(virNetServerClient *client, virConnectPtr conn, virStoragePoolPtr pool) { - virStoragePoolDef def; + g_autofree virStoragePoolDef *def = g_new0(virStoragePoolDef, 1); g_autoptr(virIdentity) identity = NULL; bool ret = false; /* For now, we just create a virStoragePoolDef with enough contents to * satisfy what viraccessdriverpolkit.c references. This is a bit * fragile, but I don't know of anything better. */ - def.name = pool->name; - memcpy(def.uuid, pool->uuid, VIR_UUID_BUFLEN); + def->name = pool->name; + memcpy(def->uuid, pool->uuid, VIR_UUID_BUFLEN); if (!(identity = virNetServerClientGetIdentity(client))) goto cleanup; if (virIdentitySetCurrent(identity) < 0) goto cleanup; - ret = virConnectStoragePoolEventRegisterAnyCheckACL(conn, &def); + ret = virConnectStoragePoolEventRegisterAnyCheckACL(conn, def); cleanup: ignore_value(virIdentitySetCurrent(NULL)); @@ -232,20 +232,20 @@ remoteRelayNodeDeviceEventCheckACL(virNetServerClient *client, virConnectPtr conn, virNodeDevicePtr dev) { - virNodeDeviceDef def; + g_autofree virNodeDeviceDef *def = g_new0(virNodeDeviceDef, 1); g_autoptr(virIdentity) identity = NULL; bool ret = false; /* For now, we just create a virNodeDeviceDef with enough contents to * satisfy what viraccessdriverpolkit.c references. This is a bit * fragile, but I don't know of anything better. */ - def.name = dev->name; + def->name = dev->name; if (!(identity = virNetServerClientGetIdentity(client))) goto cleanup; if (virIdentitySetCurrent(identity) < 0) goto cleanup; - ret = virConnectNodeDeviceEventRegisterAnyCheckACL(conn, &def); + ret = virConnectNodeDeviceEventRegisterAnyCheckACL(conn, def); cleanup: ignore_value(virIdentitySetCurrent(NULL)); @@ -257,22 +257,22 @@ remoteRelaySecretEventCheckACL(virNetServerClient *client, virConnectPtr conn, virSecretPtr secret) { - virSecretDef def; + g_autofree virSecretDef *def = g_new0(virSecretDef, 1); g_autoptr(virIdentity) identity = NULL; bool ret = false; /* For now, we just create a virSecretDef with enough contents to * satisfy what viraccessdriverpolkit.c references. This is a bit * fragile, but I don't know of anything better. */ - memcpy(def.uuid, secret->uuid, VIR_UUID_BUFLEN); - def.usage_type = secret->usageType; - def.usage_id = secret->usageID; + memcpy(def->uuid, secret->uuid, VIR_UUID_BUFLEN); + def->usage_type = secret->usageType; + def->usage_id = secret->usageID; if (!(identity = virNetServerClientGetIdentity(client))) goto cleanup; if (virIdentitySetCurrent(identity) < 0) goto cleanup; - ret = virConnectSecretEventRegisterAnyCheckACL(conn, &def); + ret = virConnectSecretEventRegisterAnyCheckACL(conn, def); cleanup: ignore_value(virIdentitySetCurrent(NULL)); -- 2.40.1

1 year

3
4
0 / 0

[PATCH] security: Ensure kernel/initrd exist before restoring label

by Jim Fehlig

When performing an install, it's common for tooling such as virt-install to remove the install kernel/initrd once they are successfully booted and the domain has been redefined to boot without them. After the installation is complete and the domain is rebooted/shutdown, the DAC and selinux security drivers attempt to restore labels on the now deleted files. It's harmles wrt functionality, but results in error messages such as Mar 08 12:40:37 virtqemud[5639]: internal error: child reported (status=125): unable to stat: /var/lib/libvirt/boot/vir> Mar 08 12:40:37 virtqemud[5639]: unable to stat: /var/lib/libvirt/boot/virtinst-yvp19moo-linux: No such file or directo> Mar 08 12:40:37 virtqemud[5639]: Unable to run security manager transaction Avoid the messages by checking if the kernel and initrd still exist before including them in the restore label transaction. Signed-off-by: Jim Fehlig <jfehlig(a)suse.com> --- src/security/security_dac.c | 4 ++-- src/security/security_selinux.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 4b8130630f..be606c6f33 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -1993,11 +1993,11 @@ virSecurityDACRestoreAllLabel(virSecurityManager *mgr, rc = -1; } - if (def->os.kernel && + if (def->os.kernel && virFileExists(def->os.kernel) && virSecurityDACRestoreFileLabel(mgr, def->os.kernel) < 0) rc = -1; - if (def->os.initrd && + if (def->os.initrd && virFileExists(def->os.initrd) && virSecurityDACRestoreFileLabel(mgr, def->os.initrd) < 0) rc = -1; diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index ffad058d9a..b21986cb7e 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -2915,11 +2915,11 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManager *mgr, rc = -1; } - if (def->os.kernel && + if (def->os.kernel && virFileExists(def->os.kernel) && virSecuritySELinuxRestoreFileLabel(mgr, def->os.kernel, true) < 0) rc = -1; - if (def->os.initrd && + if (def->os.initrd && virFileExists(def->os.initrd) && virSecuritySELinuxRestoreFileLabel(mgr, def->os.initrd, true) < 0) rc = -1; -- 2.44.0

1 year

3
7
0 / 0

[PATCH-for-9.0 v2] hw/i386/pc: Deprecate 64-bit CPUs on ISA-only PC machine

by Philippe Mathieu-Daudé

Per Daniel suggestion [*]: > isapc could arguably be restricted to just 32-bit CPU models, > because we should not need it to support any feature that didn't > exist prior to circa 1995. eg refuse to start with isapc, if 'lm' > is present in the CPU model for example. Display a warning when such CPU is used: $ qemu-system-x86_64 -monitor stdio -S -M isapc -cpu Westmere qemu-system-x86_64: warning: Use of 64-bit CPU 'Westmere' is deprecated on the ISA-only PC machine QEMU 8.2.91 monitor - type 'help' for more information (qemu) q $ qemu-system-x86_64 -monitor stdio -S -M isapc -cpu athlon QEMU 8.2.91 monitor - type 'help' for more information (qemu) q [*] https://lore.kernel.org/qemu-devel/ZgQkS4RPmSt5Xa08@redhat.com/ Suggested-by: Daniel P. Berrangé <berrange(a)redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd(a)linaro.org> --- docs/about/deprecated.rst | 7 +++++++ include/hw/i386/pc.h | 1 + hw/i386/pc_piix.c | 14 ++++++++++++++ 3 files changed, 22 insertions(+) diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst index 7b548519b5..345c35507f 100644 --- a/docs/about/deprecated.rst +++ b/docs/about/deprecated.rst @@ -208,6 +208,13 @@ is no longer packaged in any distro making it harder to run the ``check-tcg`` tests. Unless we can improve the testing situation there is a chance the code will bitrot without anyone noticing. +64-bit (x86_64) CPUs on the ``isapc`` machine (since 9.0) +''''''''''''''''''''''''''''''''''''''''''''''''''''''''' + +The ``isapc`` machine aims to emulate old PC machine without PCI was +generalized, so hardware available around 1995, before 64-bit intel +CPUs were produced. + System emulator machines ------------------------ diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h index 27a68071d7..2d202b9549 100644 --- a/include/hw/i386/pc.h +++ b/include/hw/i386/pc.h @@ -96,6 +96,7 @@ struct PCMachineClass { const char *default_south_bridge; /* Compat options: */ + bool deprecate_64bit_cpu; /* Specific to the 'isapc' machine */ /* Default CPU model version. See x86_cpu_set_default_version(). */ int default_cpu_version; diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c index 18ba076609..2e5b2efc33 100644 --- a/hw/i386/pc_piix.c +++ b/hw/i386/pc_piix.c @@ -182,7 +182,20 @@ static void pc_init1(MachineState *machine, const char *pci_type) } pc_machine_init_sgx_epc(pcms); + x86_cpus_init(x86ms, pcmc->default_cpu_version); + if (pcmc->deprecate_64bit_cpu) { + X86CPU *cpu = X86_CPU(first_cpu); + + if (cpu->env.features[FEAT_8000_0001_EDX] & CPUID_EXT2_LM) { + const char *cpu_type = object_get_typename(OBJECT(first_cpu)); + int cpu_len = strlen(cpu_type) - strlen(X86_CPU_TYPE_SUFFIX); + + warn_report("Use of 64-bit CPU '%.*s' is deprecated" + " on the ISA-only PC machine", + cpu_len, cpu_type); + } + } if (kvm_enabled()) { kvmclock_create(pcmc->kvmclock_create_always); @@ -918,6 +931,7 @@ static void isapc_machine_options(MachineClass *m) pcmc->gigabyte_align = false; pcmc->smbios_legacy_mode = true; pcmc->has_reserved_memory = false; + pcmc->deprecate_64bit_cpu = true; m->default_nic = "ne2k_isa"; m->default_cpu_type = X86_CPU_TYPE_NAME("486"); m->no_parallel = !module_object_class_by_name(TYPE_ISA_PARALLEL); -- 2.41.0

1 year

5
6
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Devel March 2024