September 2024 - Devel - libvirt List Archives

[PATCH] news: Mention 'showmount' dependency change and overflow/memleak fixes
by Peter Krempa 30 Sep '24

30 Sep '24

Signed-off-by: Peter Krempa <pkrempa(a)redhat.com> --- Note: applies on top of Laine's NEWS patch. NEWS.rst | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/NEWS.rst b/NEWS.rst index 617af915b3..6869136325 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -32,6 +32,13 @@ v10.8.0 (unreleased) the bridge interface (normally it would not be set, as is done with other forward modes). + * storage: Lessen dependancy on the ``showmount`` program + + Libvirt now automatically detects presence of ``showmount`` during runtime + as we do with other helper programs and also the + ``daemon-driver-storage-core`` RPM package now doesn't strongly depend on it + if the users wish for a more minimal deployment. + * **Bug fixes** * virsh: Fix script-friedly output of ``virsh list --uuid`` @@ -58,6 +65,17 @@ v10.8.0 (unreleased) host bridge to an OVS bridge. This (and the opposite direction) now works. + * qemu: backup: Fix possible crashes when running monitoring commands during backup job + + The qemu monitor code was fixed to not crash in specific cases when + monitoing APIs are called during a backup job. + + * Fix various memleaks and overflows + + Multiple memory leaks and overflows in corner cases were fixed based on + upstream issues reported. + + v10.7.0 (2024-09-02) ==================== -- 2.46.0

2 1

[RFC PATCH 0/5] Implement amd-iommu device to libvirt
by Han Han 27 Sep '24

27 Sep '24

Here is a draft patch series for amd-iommu device. It will implement amd-iommu device and its attributes: intremap, device-iotlb, xtsup. However, its secret device AMDVI-PCI will occupy a PCIe slot and cause VM failed to start: Domain XML: <domain type='kvm'> ... <video> <model type='virtio' heads='1' primary='yes'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/> </video> <iommu model='amd'/> ... </domain> ➜ ~ virsh create /tmp/fedora.xml error: Failed to create domain from /tmp/fedora.xml error: internal error: QEMU unexpectedly closed the monitor (vm='fedora'): 2024-09-27T07:55:46.132886Z qemu-system-x86_64: -device {"driver":"virtio-vga","id":"video0","max_outputs":1,"bus":"pcie.0","addr":"0x1"}: PCI: slot 1 function 0 not available for virtio-vga, in use by AMDVI-PCI,id=(null) I'll update the series when QEMU fixes the blocker. Han Han (5): qemu_capabilities: Introduce QEMU_CAPS_AMD_IOMMU qemu_capabilities: Introduce QEMU_CAPS_AMD_IOMMU_INTREMAP qemu_capabilities: Introduce QEMU_CAPS_AMD_IOMMU_DEVICE_IOTLB qemu_capabilities: Introduce QEMU_CAPS_AMD_IOMMU_XTSUP qemu: Add suppport for amd-iommu device and xtsup attrib docs/formatdomain.rst | 20 +++- src/conf/domain_conf.c | 16 +++ src/conf/domain_conf.h | 2 + src/conf/domain_validate.c | 39 +++++++- src/conf/schemas/domaincommon.rng | 6 ++ src/qemu/qemu_capabilities.c | 16 +++ src/qemu/qemu_capabilities.h | 6 ++ src/qemu/qemu_command.c | 15 +++ src/qemu/qemu_domain_address.c | 2 + src/qemu/qemu_validate.c | 1 + .../caps_5.2.0_x86_64.replies | 90 +++++++++++------ .../caps_5.2.0_x86_64.xml | 3 + .../caps_6.0.0_x86_64.replies | 90 +++++++++++------ .../caps_6.0.0_x86_64.xml | 3 + .../caps_6.1.0_x86_64.replies | 90 +++++++++++------ .../caps_6.1.0_x86_64.xml | 3 + .../caps_6.2.0_x86_64.xml | 3 + .../caps_7.0.0_x86_64.replies | 94 ++++++++++++------ .../caps_7.0.0_x86_64.xml | 3 + .../caps_7.1.0_x86_64.replies | 94 ++++++++++++------ .../caps_7.1.0_x86_64.xml | 3 + .../caps_7.2.0_x86_64+hvf.replies | 94 ++++++++++++------ .../caps_7.2.0_x86_64+hvf.xml | 3 + .../caps_7.2.0_x86_64.replies | 94 ++++++++++++------ .../caps_7.2.0_x86_64.xml | 3 + .../caps_8.0.0_x86_64.replies | 94 ++++++++++++------ .../caps_8.0.0_x86_64.xml | 3 + .../caps_8.1.0_x86_64.replies | 90 +++++++++++------ .../caps_8.1.0_x86_64.xml | 3 + .../caps_8.2.0_x86_64.replies | 86 ++++++++++------ .../caps_8.2.0_x86_64.xml | 3 + .../caps_9.0.0_x86_64.replies | 99 +++++++++++++------ .../caps_9.0.0_x86_64.xml | 4 + .../caps_9.1.0_x86_64.replies | 79 ++++++++++----- .../caps_9.1.0_x86_64.xml | 4 + tests/qemuxmlconfdata/amd-iommu-aw-bits.err | 1 + tests/qemuxmlconfdata/amd-iommu-aw-bits.xml | 32 ++++++ .../amd-iommu-caching-mode.err | 1 + .../amd-iommu-caching-mode.xml | 32 ++++++ .../amd-iommu-device-iotlb.x86_64-latest.args | 34 +++++++ .../amd-iommu-device-iotlb.xml | 37 +++++++ .../amd-iommu-dma-translation.err | 1 + .../amd-iommu-dma-translation.xml | 32 ++++++ tests/qemuxmlconfdata/amd-iommu-eim.err | 1 + tests/qemuxmlconfdata/amd-iommu-eim.xml | 32 ++++++ .../amd-iommu-xtsup.x86_64-latest.args | 34 +++++++ tests/qemuxmlconfdata/amd-iommu-xtsup.xml | 32 ++++++ .../amd-iommu.x86_64-latest.args | 34 +++++++ tests/qemuxmlconfdata/amd-iommu.xml | 32 ++++++ tests/qemuxmlconfdata/intel-iommu-xtsup.err | 1 + tests/qemuxmlconfdata/intel-iommu-xtsup.xml | 38 +++++++ tests/qemuxmlconftest.c | 8 ++ 52 files changed, 1275 insertions(+), 365 deletions(-) create mode 100644 tests/qemuxmlconfdata/amd-iommu-aw-bits.err create mode 100644 tests/qemuxmlconfdata/amd-iommu-aw-bits.xml create mode 100644 tests/qemuxmlconfdata/amd-iommu-caching-mode.err create mode 100644 tests/qemuxmlconfdata/amd-iommu-caching-mode.xml create mode 100644 tests/qemuxmlconfdata/amd-iommu-device-iotlb.x86_64-latest.args create mode 100644 tests/qemuxmlconfdata/amd-iommu-device-iotlb.xml create mode 100644 tests/qemuxmlconfdata/amd-iommu-dma-translation.err create mode 100644 tests/qemuxmlconfdata/amd-iommu-dma-translation.xml create mode 100644 tests/qemuxmlconfdata/amd-iommu-eim.err create mode 100644 tests/qemuxmlconfdata/amd-iommu-eim.xml create mode 100644 tests/qemuxmlconfdata/amd-iommu-xtsup.x86_64-latest.args create mode 100644 tests/qemuxmlconfdata/amd-iommu-xtsup.xml create mode 100644 tests/qemuxmlconfdata/amd-iommu.x86_64-latest.args create mode 100644 tests/qemuxmlconfdata/amd-iommu.xml create mode 100644 tests/qemuxmlconfdata/intel-iommu-xtsup.err create mode 100644 tests/qemuxmlconfdata/intel-iommu-xtsup.xml -- 2.46.2

3 10

[PATCH 00/10] maintainer updates (testing, gdbstub)
by Alex Bennée 25 Sep '24

25 Sep '24

Welcome to the first post KVM forum series. We have: - fix from Ilya for microblaze atomics - Pierrick's tsan updates - I've added my testing and gdbstub trees to MAINTAINERS - enabled a very basic aarch64_be-linux-user test - fixed the missing gdb XML fails that cause aarch64_be-linux-user to assert - finally I've made the mips64el cross compiler bookworm and allow_fail Alex Bennée (6): testing: bump mips64el cross to bookworm and allow to fail tests/docker: add NOFETCH env variable for testing MAINTAINERS: mention my testing/next tree MAINTAINERS: mention my gdbstub/next tree config/targets: update aarch64_be-linux-user gdb XML list tests/tcg: enable basic testing for aarch64_be-linux-user Ilya Leoshkevich (1): tests/docker: Fix microblaze atomics Pierrick Bouvier (3): meson: hide tsan related warnings target/i386: fix build warning (gcc-12 -fsanitize=thread) docs/devel: update tsan build documentation MAINTAINERS | 2 ++ docs/devel/testing/main.rst | 26 +++++++++++--- configure | 5 +++ configs/targets/aarch64_be-linux-user.mak | 2 +- meson.build | 10 +++++- target/i386/kvm/kvm.c | 4 +-- tests/tcg/aarch64_be/hello.c | 35 +++++++++++++++++++ .gitlab-ci.d/container-cross.yml | 3 ++ tests/docker/Makefile.include | 5 +-- .../build-toolchain.sh | 8 +++++ .../dockerfiles/debian-mips64el-cross.docker | 10 +++--- .../dockerfiles/debian-toolchain.docker | 7 ++++ tests/lcitool/refresh | 2 +- tests/tcg/Makefile.target | 7 +++- tests/tcg/aarch64_be/Makefile.target | 17 +++++++++ 15 files changed, 125 insertions(+), 18 deletions(-) create mode 100644 tests/tcg/aarch64_be/hello.c create mode 100644 tests/tcg/aarch64_be/Makefile.target -- 2.39.5

2 11

[libvirt PATCHv2] ci: adapt to 'dtrace' package split
by Ján Tomko 25 Sep '24

25 Sep '24

Fedora has decided to separate dtrace out of the systemtap-sdt-devel package: https://fedoraproject.org/wiki/Changes/Separate_dtrace_package Similarly, these are split in OpenSUSE Tumbleweed, however in a backward-compatbile way: https://build.opensuse.org/package/show/openSUSE:Factory/systemtap Require the new 'systemtap' package mapping, as well as the old 'dtrace'. Signed-off-by: Ján Tomko <jtomko(a)redhat.com> --- v2: use 'systemtap' instead of 'systemtap-sdt' to match what was finally merged in libvirt-ci ci/buildenv/fedora-rawhide.sh | 1 + ci/buildenv/opensuse-tumbleweed.sh | 3 ++- ci/containers/fedora-rawhide.Dockerfile | 1 + ci/containers/opensuse-tumbleweed.Dockerfile | 3 ++- ci/lcitool/projects/libvirt.yml | 1 + 5 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ci/buildenv/fedora-rawhide.sh b/ci/buildenv/fedora-rawhide.sh index f89a87ad63..1706ec27f4 100644 --- a/ci/buildenv/fedora-rawhide.sh +++ b/ci/buildenv/fedora-rawhide.sh @@ -82,6 +82,7 @@ function install_buildenv() { systemd-devel \ systemd-rpm-macros \ systemtap-sdt-devel \ + systemtap-sdt-dtrace \ wireshark-devel \ xen-devel \ yajl-devel diff --git a/ci/buildenv/opensuse-tumbleweed.sh b/ci/buildenv/opensuse-tumbleweed.sh index ac566d349f..5117ea4ddb 100644 --- a/ci/buildenv/opensuse-tumbleweed.sh +++ b/ci/buildenv/opensuse-tumbleweed.sh @@ -81,7 +81,8 @@ function install_buildenv() { sanlock-devel \ sed \ systemd-rpm-macros \ - systemtap-sdt-devel \ + systemtap-dtrace \ + systemtap-headers \ wireshark-devel \ xen-devel rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED diff --git a/ci/containers/fedora-rawhide.Dockerfile b/ci/containers/fedora-rawhide.Dockerfile index 6f06843985..ef91b6acc7 100644 --- a/ci/containers/fedora-rawhide.Dockerfile +++ b/ci/containers/fedora-rawhide.Dockerfile @@ -93,6 +93,7 @@ exec "$@"\n' > /usr/bin/nosync && \ systemd-devel \ systemd-rpm-macros \ systemtap-sdt-devel \ + systemtap-sdt-dtrace \ wireshark-devel \ xen-devel \ yajl-devel && \ diff --git a/ci/containers/opensuse-tumbleweed.Dockerfile b/ci/containers/opensuse-tumbleweed.Dockerfile index 2b7cdb4af5..6a992e2039 100644 --- a/ci/containers/opensuse-tumbleweed.Dockerfile +++ b/ci/containers/opensuse-tumbleweed.Dockerfile @@ -82,7 +82,8 @@ RUN zypper dist-upgrade -y && \ sanlock-devel \ sed \ systemd-rpm-macros \ - systemtap-sdt-devel \ + systemtap-dtrace \ + systemtap-headers \ wireshark-devel \ xen-devel && \ zypper clean --all && \ diff --git a/ci/lcitool/projects/libvirt.yml b/ci/lcitool/projects/libvirt.yml index 5e0bd66958..cb501f5c85 100644 --- a/ci/lcitool/projects/libvirt.yml +++ b/ci/lcitool/projects/libvirt.yml @@ -75,6 +75,7 @@ packages: - sed - showmount - systemd-rpm-macros + - systemtap - tc - wireshark - xen -- 2.46.1

2 1

[PATCH] cpu_map: Fix SierraForest CPU model
by Jiri Denemark 25 Sep '24

25 Sep '24

The model was defined with two CPU features that cannot be explicitly configured in QEMU (it knows the MSR bits, but there's no name associated with them). The features should have never existed in the CPU map. While removing them from the list of features and existing CPU models is not trivial (to avoid compatibility issues), we can at least fix the SierraForest CPU model added in this release cycle. The rest will be handled later in a separate series. Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com> --- src/cpu_map/x86_SierraForest.xml | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/cpu_map/x86_SierraForest.xml b/src/cpu_map/x86_SierraForest.xml index 3fc3049be1..caa6956e94 100644 --- a/src/cpu_map/x86_SierraForest.xml +++ b/src/cpu_map/x86_SierraForest.xml @@ -108,7 +108,6 @@ <feature name='vmx-ept-1gb'/> <feature name='vmx-ept-2mb'/> <feature name='vmx-ept-execonly'/> - <feature name='vmx-ept-wb'/> <feature name='vmx-eptad'/> <feature name='vmx-eptp-switching'/> <feature name='vmx-exit-ack-intr'/> @@ -131,7 +130,6 @@ <feature name='vmx-invvpid'/> <feature name='vmx-invvpid-all-context'/> <feature name='vmx-invvpid-single-addr'/> - <feature name='vmx-invvpid-single-context'/> <feature name='vmx-invvpid-single-context-noglobals'/> <feature name='vmx-io-bitmap'/> <feature name='vmx-io-exit'/> -- 2.46.1

2 1

[PATCH] domain_validate: Validate dma_translation for iommu models
by Han Han 25 Sep '24

25 Sep '24

The attribute dma_translation is only supported by intel-iommu device. Report an error when it is used for the other iommu devices. Fixes: 6866f958c1 Signed-off-by: Han Han <hhan(a)redhat.com> --- src/conf/domain_validate.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c index eddb4a5e74..b8ae9ed79d 100644 --- a/src/conf/domain_validate.c +++ b/src/conf/domain_validate.c @@ -2980,7 +2980,8 @@ virDomainIOMMUDefValidate(const virDomainIOMMUDef *iommu) iommu->caching_mode != VIR_TRISTATE_SWITCH_ABSENT || iommu->eim != VIR_TRISTATE_SWITCH_ABSENT || iommu->iotlb != VIR_TRISTATE_SWITCH_ABSENT || - iommu->aw_bits != 0) { + iommu->aw_bits != 0 || + iommu->dma_translation != VIR_TRISTATE_SWITCH_ABSENT) { virReportError(VIR_ERR_XML_ERROR, _("iommu model '%1$s' doesn't support additional attributes"), virDomainIOMMUModelTypeToString(iommu->model)); -- 2.46.1

1 0

[PATCH] docs: Mark "gluster" support in QEMU as deprecated
by Thomas Huth 24 Sep '24

24 Sep '24

According to https://marc.info/?l=fedora-devel-list&m=171934833215726 the GlusterFS development effectively ended. Thus mark it as deprecated in QEMU, so we can remove it in a future release if the project does not gain momentum again. Signed-off-by: Thomas Huth <thuth(a)redhat.com> --- docs/about/deprecated.rst | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst index ed31d4b0b2..b231aa3948 100644 --- a/docs/about/deprecated.rst +++ b/docs/about/deprecated.rst @@ -395,6 +395,15 @@ Specifying the iSCSI password in plain text on the command line using the used instead, to refer to a ``--object secret...`` instance that provides a password via a file, or encrypted. +``gluster`` backend (since 9.2) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +According to https://marc.info/?l=fedora-devel-list&m=171934833215726 +the GlusterFS development effectively ended. Unless the development +gains momentum again, the QEMU project might remove the gluster backend +in a future release. + + Character device options '''''''''''''''''''''''' -- 2.46.0

3 3

[RFC PATCH v1 0/6] swtpm: Add support for profiles
by Stefan Berger 24 Sep '24

24 Sep '24

Upcoming libtpms v0.10 and swtpm v0.10 will have TPM profile support that allows to restrict a TPM's provided set of crypto algorithms and commands and through which backwards compatibility and migration from newer versions of libtpms to older ones (up to libtpms v0.9) is supported. For the latter to work it is necessary that the user chooses the right profile. This series adds support for passing a profile choice to swtpm_setup by setting it in the domain XML using the <profile/> XML node. An optional attribute 'remove_disabled' can be set in this node and accepts two values: "check": test a few crypto algorithms (tdes, camellia, unpadded encryption, and others) for whether they are currently disabled due to FIPS mode on the host and remove these algorithms in the 'custom' profile if they are disabled; "fips-host": do not test but remove all potentially disabled crypto algorithms Also extend the documentation but point the user to swtpm and libtpms documentation for further details. Stefan Stefan Berger (6): util: Add parsing support for swtpm_setup's cmdarg-profile capability conf: Define enum virDomainTPMProfileRemoveDisabled schema: Extend schema for TPM emulator profile node conf: Add support for profile parameter on TPM emulator in domain XML docs: Add documentation for the TPM backend profile node qemu: Run swtpm_setup with --profile option if profile given docs/formatdomain.rst | 20 ++++++++++++++++ src/conf/domain_conf.c | 39 +++++++++++++++++++++++++++++++ src/conf/domain_conf.h | 11 +++++++++ src/conf/domain_validate.c | 7 ++++++ src/conf/schemas/basictypes.rng | 6 +++++ src/conf/schemas/domaincommon.rng | 17 ++++++++++++++ src/qemu/qemu_tpm.c | 26 +++++++++++++++++++-- src/util/virtpm.c | 1 + src/util/virtpm.h | 1 + tests/testutilsqemu.c | 1 + 10 files changed, 127 insertions(+), 2 deletions(-) -- 2.46.0

4 19

[PATCH] rpc: ssh: Allow SSH_ASKPASS_REQUIRE
by Cole Robinson 24 Sep '24

24 Sep '24

openssh 8.4p1 released in Sep 2020 added a feature to force use of SSH_ASKPASS https://man.openbsd.org/ssh.1#SSH_ASKPASS_REQUIRE Don't strip it from the environment Signed-off-by: Cole Robinson <crobinso(a)redhat.com> --- src/rpc/virnetsocket.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c index 79bf8e511a..e8fc2d5f7d 100644 --- a/src/rpc/virnetsocket.c +++ b/src/rpc/virnetsocket.c @@ -850,6 +850,7 @@ int virNetSocketNewConnectSSH(const char *nodename, virCommandAddEnvPass(cmd, "KRB5CCNAME"); virCommandAddEnvPass(cmd, "SSH_AUTH_SOCK"); virCommandAddEnvPass(cmd, "SSH_ASKPASS"); + virCommandAddEnvPass(cmd, "SSH_ASKPASS_REQUIRE"); virCommandAddEnvPass(cmd, "OPENSSL_CONF"); virCommandAddEnvPass(cmd, "DISPLAY"); virCommandAddEnvPass(cmd, "XAUTHORITY"); -- 2.46.0

2 1

[libvirt PATCH] ci: refresh generated files
by Ján Tomko 24 Sep '24

24 Sep '24

Signed-off-by: Ján Tomko <jtomko(a)redhat.com> --- ci/buildenv/fedora-rawhide.sh | 2 +- ci/buildenv/opensuse-tumbleweed.sh | 2 +- ci/containers/fedora-rawhide.Dockerfile | 2 +- ci/containers/opensuse-tumbleweed.Dockerfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ci/buildenv/fedora-rawhide.sh b/ci/buildenv/fedora-rawhide.sh index f89a87ad63..17ed6fe7a4 100644 --- a/ci/buildenv/fedora-rawhide.sh +++ b/ci/buildenv/fedora-rawhide.sh @@ -81,7 +81,7 @@ function install_buildenv() { sed \ systemd-devel \ systemd-rpm-macros \ - systemtap-sdt-devel \ + systemtap-sdt-dtrace \ wireshark-devel \ xen-devel \ yajl-devel diff --git a/ci/buildenv/opensuse-tumbleweed.sh b/ci/buildenv/opensuse-tumbleweed.sh index ac566d349f..59a786efac 100644 --- a/ci/buildenv/opensuse-tumbleweed.sh +++ b/ci/buildenv/opensuse-tumbleweed.sh @@ -81,7 +81,7 @@ function install_buildenv() { sanlock-devel \ sed \ systemd-rpm-macros \ - systemtap-sdt-devel \ + systemtap-dtrace \ wireshark-devel \ xen-devel rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED diff --git a/ci/containers/fedora-rawhide.Dockerfile b/ci/containers/fedora-rawhide.Dockerfile index 6f06843985..90f2372663 100644 --- a/ci/containers/fedora-rawhide.Dockerfile +++ b/ci/containers/fedora-rawhide.Dockerfile @@ -92,7 +92,7 @@ exec "$@"\n' > /usr/bin/nosync && \ sed \ systemd-devel \ systemd-rpm-macros \ - systemtap-sdt-devel \ + systemtap-sdt-dtrace \ wireshark-devel \ xen-devel \ yajl-devel && \ diff --git a/ci/containers/opensuse-tumbleweed.Dockerfile b/ci/containers/opensuse-tumbleweed.Dockerfile index 2b7cdb4af5..5d0bd77113 100644 --- a/ci/containers/opensuse-tumbleweed.Dockerfile +++ b/ci/containers/opensuse-tumbleweed.Dockerfile @@ -82,7 +82,7 @@ RUN zypper dist-upgrade -y && \ sanlock-devel \ sed \ systemd-rpm-macros \ - systemtap-sdt-devel \ + systemtap-dtrace \ wireshark-devel \ xen-devel && \ zypper clean --all && \ -- 2.46.1

2 2