[libvirt PATCH] qemu: forbid readonly attribute for externally launched virtiofsd
by Ján Tomko
From: Ján Tomko <jtomko(a)redhat.com>
In that case, libvirtd cannot set it on the command line because
virtiofsd is not launched by libvirt.
https://issues.redhat.com/browse/RHEL-87522
Signed-off-by: Ján Tomko <jtomko(a)redhat.com>
---
src/qemu/qemu_validate.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index 87588024ce..013ff14d75 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -4684,6 +4684,11 @@ qemuValidateDomainDeviceDefFS(virDomainFSDef *fs,
_("virtiofs does not support wrpolicy"));
return -1;
}
+ if (fs->readonly) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("readonly mode cannot be set for extrenally started virtiofsd"));
+ return -1;
+ }
}
if (fs->model != VIR_DOMAIN_FS_MODEL_DEFAULT) {
--
2.49.0
2 months
libvirt TLS certificates letsencrypt
by Jani Heikkinen
Hello! I am part of infrastructure team at BFH and we are building an
openstack installation.
A couple of months ago I was experimenting with setting up noVNC
consoles with encryption.
Connecting until the novncproxy service with TLS can be done with no
issues, but the connection between libvirt and the proxy turned out to
be problematic.
We would really love to use letsencrypt certificates which are generated
for each server/container, instead of relying on creating own CA and
generate certificates.
With libvirt, using letsencrypt is impossible, since the code does bunch
of checks for properties of the TLS certificates, see:
https://github.com/libvirt/libvirt/blob/bf79a021a6437b4f85469a53f650bff62...
Does anybody know, why these checks exist? They de facto prevent using
anything else than self-generated certificates for securing vnc console
traffic.
Is using my own self-created CA somehow more trustworthy than
LetsEncrypt root CA?
Best, Jani Heikkinen
--
Berner Fachhochschule / Bern University of Applied Sciences
IT-Services / Team Linux & Infrastructure Services
Jani Heikkinen
IT Linux Engineer
___________________________________________________________
Dammweg 3, CH-3013 Bern
Telefon direkt +41 31 848 68 14
Telefon Servicedesk +41 31 848 48 48
jani.heikkinen(a)bfh.ch
2 months, 1 week
[PATCH 0/3] qemu: fix validation of 'fd' passing for backup job and improve debugability of passed FDs
by Peter Krempa
Peter Krempa (3):
qemuBackupPrepare: Actually allow 'VIR_STORAGE_NET_HOST_TRANS_FD'
docs: backup: Hint at proper selinux labelling of the FD-passed NBD
socket
qemu: fd: Log information about passed file descriptor
docs/formatbackup.rst | 4 +++
src/qemu/qemu_backup.c | 4 ++-
src/qemu/qemu_fd.c | 62 ++++++++++++++++++++++++++++++++++++++++++
3 files changed, 69 insertions(+), 1 deletion(-)
--
2.49.0
2 months, 1 week
[PATCH v1 0/2] Disable Deprecated Features by Default on s390 CPU Models
by Collin Walling
The intention of reporting deprecated features and modifying the guest
CPU model was to alleviate the user from the burden of preparing a guest
with the necessary amendments to assure migration to newer hardware.
While that goal was met by way of the "deprecated_features='on|off'"
attribute, it still adds an extra step that the user must be aware to
prepare a guest for migration and the errors that stem from an
unsuccessful migration (due to feature incompatibility) is not always
clear how to resolve.
These patches make s390 CPU host models migration ready from the get-go
by disabling deprecated features by default. They may still be disabled
for other model types via the respective attribute, or reenabled if
desired.
Collin Walling (2):
qemu: caps: add virCPUFeaturePolicy param to
virQEMUCapsUpdateCPUDeprecatedFeatures
qemu: caps: disable deprecated features for s390 models by default
src/qemu/qemu_capabilities.c | 10 +++++++---
src/qemu/qemu_capabilities.h | 3 ++-
src/qemu/qemu_driver.c | 3 ++-
src/qemu/qemu_process.c | 19 ++++++++++++-------
tests/domaincapsdata/qemu_10.0.0.s390x.xml | 8 ++++----
tests/domaincapsdata/qemu_9.1.0.s390x.xml | 8 ++++----
tests/domaincapsdata/qemu_9.2.0.s390x.xml | 8 ++++----
...default-video-type-s390x.s390x-latest.args | 2 +-
...vfio-zpci-ccw-memballoon.s390x-latest.args | 2 +-
.../launch-security-s390-pv.s390x-latest.args | 2 +-
...t-cpu-kvm-ccw-virtio-4.2.s390x-latest.args | 2 +-
.../s390-defaultconsole.s390x-latest.args | 2 +-
.../s390-panic.s390x-latest.args | 2 +-
13 files changed, 41 insertions(+), 30 deletions(-)
--
2.47.1
2 months, 1 week
[libvirt PATCH 0/2] Remove 'inline' keyword from C files
by Ján Tomko
Ján Tomko (2):
build: prohibit inline functions in C files by syntax-check
build: do not use -Winline
build-aux/syntax-check.mk | 10 ++++++++++
meson.build | 6 ------
src/hyperv/hyperv_wmi.c | 2 +-
src/locking/lock_daemon.c | 4 ++--
src/qemu/qemu_block.c | 2 +-
src/qemu/qemu_command.c | 2 +-
src/qemu/qemu_saveimage.c | 2 +-
src/rpc/virnetserver.c | 8 ++++----
src/storage/storage_util.c | 4 ++--
src/util/virhashcode.c | 4 ++--
src/util/virthreadpool.c | 2 +-
src/util/virxml.c | 2 +-
tools/nss/libvirt_nss.c | 2 +-
13 files changed, 27 insertions(+), 23 deletions(-)
--
2.49.0
2 months, 1 week
[PATCH 0/1] virsh: Add option '--no-pkttyagent'
by Jens Schmidt
As discussed in https://gitlab.com/libvirt/libvirt/-/issues/757.
I'm not quite sure about using a long-only-option, since that's
a first in virsh. But OTOH this option seems too insignificant
to also use one of the precious short option characters for it.
Please check and let me know what you think.
Thanks!
Jens Schmidt (1):
virsh: Add option '--no-pkttyagent'
NEWS.rst | 4 ++++
docs/manpages/virsh.rst | 8 ++++++++
tools/virsh.c | 13 ++++++++++++-
tools/vsh.h | 1 +
4 files changed, 25 insertions(+), 1 deletion(-)
--
2.39.5
2 months, 1 week
[PATCH v3 0/3] Add virt machine support for configuring PCI high memory MMIO size
by Matthew R. Ochs
This patch series adds support for configuring the PCI high memory MMIO
window size for aarch64 virt machine types using the highmem-mmio-size
feature introduced in QEMU v10.0.0 [1]. It allows users to configure the
size of the high memory MMIO window above 4GB, which can be required to
support PCI passthrough with devices that have a large BARs.
The feature is exposed through the existing pcihole64 element associated
with the PCIe root controller:
<controller type='pci' index='0' model='pcie-root'>
<pcihole64 unit='GiB'>512</pcihole64>
</controller>
This existing schema supports the same semantics for the QEMU PC
machine pci-hole64-size parameter and is a natural fit for supporting
the highmem-mmio-size feature on the aarch64 virt machine.
This series is applied over master and depends on the recently merged
patch [2] that added support for QEMU v10.0.0 aarch64 capabilities.
For your convenience, this series is also available on Github [3].
[1] https://github.com/qemu/qemu/commit/f10104aeae3a17f181d5bb37b7fd7dad7fe86cba
[2] https://github.com/nvmochs/libvirt/commit/cea2ee1d28780808172911e5c586478...
[3] git fetch https://github.com/nvmochs/libvirt.git pci_highmem_mmio_size_pcihole64
Signed-off-by: Matthew R. Ochs <mochs(a)nvidia.com>
Changelog:
v3
- Patch 2 updates:
+ Use positive check in qemuBuildGlobalControllerCommandLine
+ Only allow pcihole64 for PCIe root controllers with arm virt
- Added review tags from Daniel P. Berrangé for patch 1 and 3
v2
- Use existing XML scmhema (pcihole64 element) instead of a new one
Matthew R. Ochs (3):
qemu: Add capability for PCI high memory MMIO size
qemu: Add command line support for PCI high memory MMIO size
tests: Add pcihole64 test for virt machine
src/qemu/qemu_capabilities.c | 2 ++
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_command.c | 14 ++++++++-
src/qemu/qemu_validate.c | 4 ++-
.../caps_10.0.0_aarch64.xml | 1 +
.../pcihole64-virt.aarch64-latest.args | 31 +++++++++++++++++++
.../pcihole64-virt.aarch64-latest.xml | 29 +++++++++++++++++
tests/qemuxmlconfdata/pcihole64-virt.xml | 17 ++++++++++
tests/qemuxmlconftest.c | 1 +
9 files changed, 98 insertions(+), 2 deletions(-)
create mode 100644 tests/qemuxmlconfdata/pcihole64-virt.aarch64-latest.args
create mode 100644 tests/qemuxmlconfdata/pcihole64-virt.aarch64-latest.xml
create mode 100644 tests/qemuxmlconfdata/pcihole64-virt.xml
--
2.46.0
2 months, 1 week
[PATCH] cpu_x86: Do not inline cpuidCall()
by Fabio Estevam
The following build error is observed with DEBUG_BUILD = 1:
src/cpu/cpu_x86.c: In function 'cpuidSetLeaf4':
src/cpu/cpu_x86.c:2563:1: error: inlining failed in call to 'cpuidCall': function not considered for inlining [-Werror=inline]
2563 | cpuidCall(virCPUx86CPUID *cpuid)
| ^~~~~~~~~
Remove the 'inline' specifier to avoid the problem.
Reported-by: Hongxu Jia <hongxu.jia(a)windriver.com>
Signed-off-by: Fabio Estevam <festevam(a)gmail.com>
---
src/cpu/cpu_x86.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/cpu/cpu_x86.c b/src/cpu/cpu_x86.c
index 213af67ea478..0f7eb8f48b35 100644
--- a/src/cpu/cpu_x86.c
+++ b/src/cpu/cpu_x86.c
@@ -2564,7 +2564,7 @@ virCPUx86DataCheckFeature(const virCPUData *data,
#if defined(__i386__) || defined(__x86_64__)
-static inline void
+static void
cpuidCall(virCPUx86CPUID *cpuid)
{
virHostCPUX86GetCPUID(cpuid->eax_in,
--
2.34.1
2 months, 1 week
[PATCH v2] cpu_x86: Do not inline cpuidCall()
by Fabio Estevam
The following build error is observed when the DEBUG_BUILD variable
is enabled in OpenEmbedded:
src/cpu/cpu_x86.c: In function 'cpuidSetLeaf4':
src/cpu/cpu_x86.c:2563:1: error: inlining failed in call to 'cpuidCall': function not considered for inlining [-Werror=inline]
2563 | cpuidCall(virCPUx86CPUID *cpuid)
| ^~~~~~~~~
Remove the 'inline' specifier to avoid the problem.
Reported-by: Hongxu Jia <hongxu.jia(a)windriver.com>
Signed-off-by: Fabio Estevam <festevam(a)gmail.com>
Reviewed-by: Ján Tomko <jtomko(a)redhat.com>
---
Changes since v1:
- Improve the commit log by explaining where DEBUG_BUILD comes from. (Ján)
src/cpu/cpu_x86.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/cpu/cpu_x86.c b/src/cpu/cpu_x86.c
index 213af67ea478..0f7eb8f48b35 100644
--- a/src/cpu/cpu_x86.c
+++ b/src/cpu/cpu_x86.c
@@ -2564,7 +2564,7 @@ virCPUx86DataCheckFeature(const virCPUData *data,
#if defined(__i386__) || defined(__x86_64__)
-static inline void
+static void
cpuidCall(virCPUx86CPUID *cpuid)
{
virHostCPUX86GetCPUID(cpuid->eax_in,
--
2.34.1
2 months, 1 week
[PATCH 0/2] spec: Bump min_rhel and min_fedora
by Michal Privoznik
Per our support policy [1], the minimal version we aim to support is
RHEL-9 and Fedora 41. Reflect this in the spec file.
1: https://libvirt.org/platforms.html
Michal Prívozník (2):
spec: Bump min_rhel
spec: Bump min_fedora
libvirt.spec.in | 38 ++++++++++++--------------------------
1 file changed, 12 insertions(+), 26 deletions(-)
--
2.49.0
2 months, 1 week
