[PATCH] security: Don't stop restoring labels too early
by Michal Privoznik
The point of virSecurityManagerRestoreAllLabel() function is to
restore ALL labels and be tolerant to possible errors, i.e.
continue restoring seclabels and NOT return early.
Well, in two implementations of this internal API this type of
problem was found:
1) virSecurityDACRestoreAllLabel() returned early if
virSecurityDACRestoreGraphicsLabel() failed, or when
def->sec->sectype equals to an impossible value.
2) virSecuritySELinuxRestoreAllLabel() returned early if
virSecuritySELinuxRestoreMemoryLabel() failed.
Fix all three places.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
Inspired by this Peter's patch:
https://marc.info/?l=libvir-list&m=174169408218982&w=2
src/security/security_dac.c | 4 ++--
src/security/security_selinux.c | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index e07977300f..3ecbc7277d 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -1973,7 +1973,7 @@ virSecurityDACRestoreAllLabel(virSecurityManager *mgr,
for (i = 0; i < def->ngraphics; i++) {
if (virSecurityDACRestoreGraphicsLabel(mgr, def, def->graphics[i]) < 0)
- return -1;
+ rc = -1;
}
for (i = 0; i < def->ninputs; i++) {
@@ -2021,7 +2021,7 @@ virSecurityDACRestoreAllLabel(virSecurityManager *mgr,
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
virReportEnumRangeError(virDomainLaunchSecurity, def->sec->sectype);
- return -1;
+ rc = -1;
}
}
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 38e611f567..64e7f41ce0 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -2969,7 +2969,7 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManager *mgr,
for (i = 0; i < def->nmems; i++) {
if (virSecuritySELinuxRestoreMemoryLabel(mgr, def, def->mems[i]) < 0)
- return -1;
+ rc = -1;
}
for (i = 0; i < def->ntpms; i++) {
--
2.48.1
3 weeks, 1 day
[PATCH 0/3] qemu: Refactor typed parameter list construction in SEV apis
by Peter Krempa
Peter Krempa (3):
qemuDomainGetLaunchSecurityInfo: Don't forget unlock VM object on
(impossible) error
qemuDomainGetLaunchSecurityInfo: Use virTypedParamList to construct
return value
qemuNodeGetSEVInfo: Use virTypedParamList to construct return value
src/qemu/qemu_driver.c | 107 ++++++++++++-----------------------------
1 file changed, 31 insertions(+), 76 deletions(-)
--
2.48.1
3 weeks, 1 day
[PATCH] docs: Correct dbus graphics' accepted p2p values
by Martin Kletzander
The attribute is used (and formatted) as virTristateBool() and even in
schema defined as virYesNo, so the values are supposed to be `yes` and
`no`.
Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
---
docs/formatdomain.rst | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 4d03768c5f4e..3bbf94e192c9 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -6740,7 +6740,7 @@ interaction with the admin.
<graphics type='dbus'/>
- ``p2p`` (accepts ``on`` or ``off``) enables peer-to-peer connections,
+ ``p2p`` (accepts ``yes`` or ``no``) enables peer-to-peer connections,
established through virDomainOpenGraphics() APIs.
``address`` (accepts a `D-Bus address
--
2.48.1
3 weeks, 1 day
[PATCH 0/3] qemu: fix shared memory validation for vhost-user interfaces
by Peter Krempa
Use the common check which produces hard errors instead of the
post-start check adding a warning which wasn't updated with the new
logic.
Peter Krempa (3):
qemuxmlconftest: Include shared memory 'net-vhostuser' test cases
qemuValidateDomainDeviceDefNetwork: Require shared memory for all
vhost-user interfaces
qemu: process: Remove un-updated 'qemuProcessStartWarnShmem'
src/qemu/qemu_process.c | 54 -------------------
src/qemu/qemu_validate.c | 9 ++--
.../net-vhostuser-fail.x86_64-latest.xml | 3 ++
tests/qemuxmlconfdata/net-vhostuser-fail.xml | 3 ++
.../net-vhostuser-multiq.x86_64-latest.args | 2 +-
.../net-vhostuser-multiq.x86_64-latest.xml | 3 ++
.../qemuxmlconfdata/net-vhostuser-multiq.xml | 3 ++
...vhostuser-passt-no-shmem.x86_64-latest.err | 2 +-
.../net-vhostuser.x86_64-latest.args | 2 +-
.../net-vhostuser.x86_64-latest.xml | 3 ++
tests/qemuxmlconfdata/net-vhostuser.xml | 3 ++
11 files changed, 24 insertions(+), 63 deletions(-)
--
2.48.1
3 weeks, 1 day
[PATCH] esx: Refactor esxVI_LookupHostScsiTopologyLunListByTargetName
by Jiri Denemark
With a specific combination of compiler options gcc reported the
following bogus warning (I added a context to it to make the issue
visible):
../src/esx/esx_vi.c: In function ‘esxVI_LookupHostScsiTopologyLunListByTargetName’:
../src/esx/esx_vi.c:4674:32: error: potential null pointer dereference [-Werror=null-dereference]
4671 | if (!found || !hostScsiTopologyTarget)
4672 | goto cleanup;
4673 |
4674 | if (!hostScsiTopologyTarget->lun) {
| ~~~~~~~~~~~~~~~~~~~~~~^~~~~
Most likely this is caused by found and hostScsiTopologyTarget doing
essentially the same thing as found is true if and only if
hostScsiTopologyTarget is non-NULL. The found variable is completely
redundant. Removing it would be enough, but I decided to make the code a
little bit easier to read by not using the iterator variable directly.
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
src/esx/esx_vi.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/src/esx/esx_vi.c b/src/esx/esx_vi.c
index e2589aa69a..aee649b86e 100644
--- a/src/esx/esx_vi.c
+++ b/src/esx/esx_vi.c
@@ -4616,7 +4616,6 @@ esxVI_LookupHostScsiTopologyLunListByTargetName
esxVI_HostScsiTopologyInterface *hostScsiInterfaceList = NULL;
esxVI_HostScsiTopologyInterface *hostScsiInterface = NULL;
esxVI_HostScsiTopologyTarget *hostScsiTopologyTarget = NULL;
- bool found = false;
esxVI_HostInternetScsiTargetTransport *candidate = NULL;
ESX_VI_CHECK_ARG_LIST(hostScsiTopologyLunList);
@@ -4653,22 +4652,21 @@ esxVI_LookupHostScsiTopologyLunListByTargetName
/* See vSphere API documentation about HostScsiTopologyInterface */
for (hostScsiInterface = hostScsiInterfaceList;
- hostScsiInterface && !found;
+ hostScsiInterface && !hostScsiTopologyTarget;
hostScsiInterface = hostScsiInterface->_next) {
- for (hostScsiTopologyTarget = hostScsiInterface->target;
- hostScsiTopologyTarget;
- hostScsiTopologyTarget = hostScsiTopologyTarget->_next) {
+ esxVI_HostScsiTopologyTarget *target;
+ for (target = hostScsiInterface->target; target; target = target->_next) {
candidate = esxVI_HostInternetScsiTargetTransport_DynamicCast
- (hostScsiTopologyTarget->transport);
+ (target->transport);
if (candidate && STREQ(candidate->iScsiName, name)) {
- found = true;
+ hostScsiTopologyTarget = target;
break;
}
}
}
- if (!found || !hostScsiTopologyTarget)
+ if (!hostScsiTopologyTarget)
goto cleanup;
if (!hostScsiTopologyTarget->lun) {
--
2.48.1
3 weeks, 1 day
[PATCH 0/3] Full boot order support on s390x
by Boris Fiuczynski
This series adds on s390x full boot order support which has been
introduced recently in QEMU with the PR
https://lore.kernel.org/qemu-devel/20241023131710.906748-1-thuth@redhat.com/
The replies and xml files are removed from the patch in this series and
are available in https://gitlab.com/fiuczy/libvirt/-/commits/fullbootorder
Boris Fiuczynski (3):
qemu: capabilities: Add QEMU_CAPS_VIRTIO_CCW_DEVICE_LOADPARM
tests: add capabilities for QEMU 9.2.0 on s390x
qemu: command: add multi boot device support on s390x
src/qemu/qemu_capabilities.c | 8 +
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_command.c | 40 +-
src/qemu/qemu_command.h | 6 +-
src/qemu/qemu_hotplug.c | 6 +-
tests/domaincapsdata/qemu_9.2.0.s390x.xml | 311 +
.../caps_5.2.0_s390x.replies | 321 +-
.../caps_6.0.0_s390x.replies | 321 +-
.../caps_8.1.0_s390x.replies | 321 +-
.../caps_8.2.0_s390x.replies | 321 +-
.../caps_9.1.0_s390x.replies | 321 +-
.../caps_9.2.0_s390x.replies | 36741 ++++++++++++++++
.../qemucapabilitiesdata/caps_9.2.0_s390x.xml | 3752 ++
.../machine-loadparm-hostdev.s390x-9.1.0.args | 33 +
.../machine-loadparm-hostdev.s390x-9.1.0.xml | 33 +
...machine-loadparm-hostdev.s390x-latest.args | 4 +-
...-multiple-disks-nets-s390.s390x-9.1.0.args | 40 +
...m-multiple-disks-nets-s390.s390x-9.1.0.xml | 51 +
...multiple-disks-nets-s390.s390x-latest.args | 8 +-
...machine-loadparm-net-s390.s390x-9.1.0.args | 34 +
.../machine-loadparm-net-s390.s390x-9.1.0.xml | 32 +
...achine-loadparm-net-s390.s390x-latest.args | 4 +-
.../machine-loadparm-s390.s390x-9.1.0.args | 34 +
.../machine-loadparm-s390.s390x-9.1.0.xml | 33 +
.../machine-loadparm-s390.s390x-latest.args | 4 +-
tests/qemuxmlconftest.c | 4 +
26 files changed, 42664 insertions(+), 120 deletions(-)
create mode 100644 tests/domaincapsdata/qemu_9.2.0.s390x.xml
create mode 100644 tests/qemucapabilitiesdata/caps_9.2.0_s390x.replies
create mode 100644 tests/qemucapabilitiesdata/caps_9.2.0_s390x.xml
create mode 100644 tests/qemuxmlconfdata/machine-loadparm-hostdev.s390x-9.1.0.args
create mode 100644 tests/qemuxmlconfdata/machine-loadparm-hostdev.s390x-9.1.0.xml
create mode 100644 tests/qemuxmlconfdata/machine-loadparm-multiple-disks-nets-s390.s390x-9.1.0.args
create mode 100644 tests/qemuxmlconfdata/machine-loadparm-multiple-disks-nets-s390.s390x-9.1.0.xml
create mode 100644 tests/qemuxmlconfdata/machine-loadparm-net-s390.s390x-9.1.0.args
create mode 100644 tests/qemuxmlconfdata/machine-loadparm-net-s390.s390x-9.1.0.xml
create mode 100644 tests/qemuxmlconfdata/machine-loadparm-s390.s390x-9.1.0.args
create mode 100644 tests/qemuxmlconfdata/machine-loadparm-s390.s390x-9.1.0.xml
--
2.45.0
3 weeks, 1 day
[PATCH v1 0/3] Introduce qemuDomainSetVcpuTuneParameters API
by yong.huang@smartx.com
From: Hyman Huang <yong.huang(a)smartx.com>
This patchset is the prerequisite for the vCPU dirty-limit feature:
https://patchew.org/Libvirt/cover.1703135535.git.yong.huang@smartx.com/
As suggested by Daniel:
We've generally tried to avoid adding single purpose APIs for
tunable parameters, instead using APIs with virTypedParameter
arrays to allow bulk updates.
I note that we don't appear to have any mechanism currently
to set the VCPU scheduler tunables either
Perhaps we should have a more general
virDomainSetVCPUTuneParameters(virDomainPtr domain,
int vcpu,
virTypedParameterPtr params,
unsigned int params,
unsigned int flags);
Refer the following link to see more details:
https://patchew.org/Libvirt/169397083100.4628.15196043252714532301-0@git....
We present the qemuDomainSetVcpuTuneParameters API separately
because the patchset is somewhat self-contained.
Please review,
Yong
Hyman Huang (3):
libvirt: Add virDomainSetVcpuTuneParameters API
qemu_driver: Implement qemuDomainSetVcpuTuneParameters
virsh: Use the new API to implement cmdSetvcpu
include/libvirt/libvirt-domain.h | 25 ++++++++++++++
src/driver-hypervisor.h | 8 +++++
src/libvirt-domain.c | 56 ++++++++++++++++++++++++++++++++
src/libvirt_public.syms | 5 +++
src/qemu/qemu_driver.c | 29 +++++++++++++++++
src/remote/remote_driver.c | 1 +
src/remote/remote_protocol.x | 20 +++++++++++-
tools/virsh-domain.c | 10 +++++-
8 files changed, 152 insertions(+), 2 deletions(-)
--
2.27.0
3 weeks, 2 days
[PATCH] conf: parse interface/source/@dev for all interface types (with backend type='passt')
by Laine Stump
The original implementation of the passt backend for vhost-user
interfaces erroneously forgot to parse:
<source dev='blah'/>
for interface type='vhostuser', so it wasn't being added to the passt
commandline, and also wasn't being saved to the domain config. Now we
parse it no matter what the interface type, and then throw an error
during validation if source/@dev was specified and backend type !=
'passt' (or if interface type != 'user|vhostuser').
Fixes: 1e9054b9c79d721a55f413c2983c5370044f8f60
Resolves: https://issues.redhat.com/browse/RHEL-82539
Signed-off-by: Laine Stump <laine(a)redhat.com>
---
src/conf/domain_conf.c | 10 +++++++---
src/conf/domain_validate.c | 5 +++++
.../net-vhostuser-passt.x86_64-latest.xml | 2 ++
3 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index d555873848..5daa1f89e8 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -9938,14 +9938,18 @@ virDomainNetDefParseXML(virDomainXMLOption *xmlopt,
break;
case VIR_DOMAIN_NET_TYPE_USER:
- def->sourceDev = virXMLPropString(source_node, "dev");
- break;
-
case VIR_DOMAIN_NET_TYPE_NULL:
case VIR_DOMAIN_NET_TYPE_LAST:
break;
}
+ /* source/@dev is used for two different interface types and *not*
+ * stored inside the union, so we can parse it out always, and
+ * then log an error during validation if it was specified for one
+ * of the interface types that doesn't support it.
+ */
+ def->sourceDev = virXMLPropString(source_node, "dev");
+
if ((virtualport_node = virXPathNode("./virtualport", ctxt))) {
if (virtualport_flags == 0) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index f2a98f143d..9de442d7d7 100644
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -2196,6 +2196,11 @@ virDomainNetDefValidate(const virDomainNetDef *net)
}
}
+ if (net->sourceDev && net->backend.type != VIR_DOMAIN_NET_BACKEND_PASST) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("The 'dev' attribute of the <source> element can only be used with interface type='user' or type='vhostuser' and backend='passt'."));
+ }
+
if (net->nPortForwards > 0) {
size_t p;
diff --git a/tests/qemuxmlconfdata/net-vhostuser-passt.x86_64-latest.xml b/tests/qemuxmlconfdata/net-vhostuser-passt.x86_64-latest.xml
index a1f9366722..529aff11f8 100644
--- a/tests/qemuxmlconfdata/net-vhostuser-passt.x86_64-latest.xml
+++ b/tests/qemuxmlconfdata/net-vhostuser-passt.x86_64-latest.xml
@@ -33,6 +33,7 @@
<controller type='pci' index='0' model='pci-root'/>
<interface type='vhostuser'>
<mac address='00:11:22:33:44:55'/>
+ <source dev='eth42'/>
<ip address='172.17.2.0' family='ipv4' prefix='24'/>
<ip address='2001:db8:ac10:fd01::feed' family='ipv6'/>
<portForward proto='tcp' address='2001:db8:ac10:fd01::1:10'>
@@ -63,6 +64,7 @@
</interface>
<interface type='vhostuser'>
<mac address='00:11:22:33:44:11'/>
+ <source dev='eth43'/>
<model type='virtio'/>
<backend type='passt'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
--
2.48.1
3 weeks, 2 days
[PATCH v3 0/2] Enable SEV SNP support in ch driver
by Praveen K Paladugu
This version introduces virStringFormatHex method and uses this method while sending host_data to cloud-hypervisor.
Praveen K Paladugu (2):
util: Introduce virStringFormatHex
ch: Enable SEV SNP support
src/ch/ch_monitor.c | 65 ++++++++++++++++++++++++++++++++--------
src/libvirt_private.syms | 1 +
src/util/virstring.c | 19 ++++++++++++
src/util/virstring.h | 1 +
4 files changed, 74 insertions(+), 12 deletions(-)
--
2.47.0
3 weeks, 2 days
[PATCH 0/4] hw/s390x: Alias @dump-skeys -> @dump-s390-skey and deprecate
by Philippe Mathieu-Daudé
We are trying to unify all qemu-system-FOO to a single binary.
In order to do that we need to remove QAPI target specific code.
@dump-skeys is only available on qemu-system-s390x. This series
rename it as @dump-s390-skey, making it available on other
binaries. We take care of backward compatibility via deprecation.
Philippe Mathieu-Daudé (4):
hw/s390x: Introduce the @dump-s390-skeys QMP command
hw/s390x: Introduce the 'dump_s390_skeys' HMP command
hw/s390x: Deprecate the HMP 'dump_skeys' command
hw/s390x: Deprecate the QMP @dump-skeys command
docs/about/deprecated.rst | 5 +++++
qapi/misc-target.json | 5 +++++
qapi/misc.json | 18 ++++++++++++++++++
include/monitor/hmp.h | 1 +
hw/s390x/s390-skeys-stub.c | 24 ++++++++++++++++++++++++
hw/s390x/s390-skeys.c | 19 +++++++++++++++++--
hmp-commands.hx | 17 +++++++++++++++--
hw/s390x/meson.build | 5 +++++
8 files changed, 90 insertions(+), 4 deletions(-)
create mode 100644 hw/s390x/s390-skeys-stub.c
--
2.41.0
3 weeks, 2 days
