Re: [libvirt] [PATCH v4 00/14] Introduce vGPU mdev framework to libvirt

Verify Summary: * the none rooted mode starting a high-privileges VM actually. The configurations is source generated default value except tls disabled. 1. rooted virsh define ./libvirt/vgpu-win10.xml Domain vgpu-win10 defined from ./libvirt/vgpu-win10.xml ubuntu@z-nuc-11:~/vgpu-meta/libvirt-stage$ virsh start vgpu-win10 2017-03-26 23:28:57.385+0000: 2886: info : libvirt version: 3.2.0 2017-03-26 23:28:57.385+0000: 2886: info : hostname: z-nuc-11.maas 2017-03-26 23:28:57.385+0000: 2886: warning : qemuDomainObjTaint:4155 : Domain id=1 name='vgpu-win10' uuid=916c5c36-0437-11e7-a23d-830ed1295d00 is tainted: high-privileges 2017-03-26 23:28:58.010+0000: 2886: warning : virDomainAuditHostdev:456 : Unexpected hostdev type while encoding audit message: 4 Domain vgpu-win10 started 2. None rooted virsh -c qemu:///session Welcome to lt-virsh, the virtualization interactive terminal. virsh # define ./libvirt/vgpu-win10.xml Domain vgpu-win10 defined from ./libvirt/vgpu-win10.xml virsh # start vgpu-win10 2017-03-26 23:38:11.220+0000: 2882: warning : qemuDomainObjTaint:4155 : Domain id=4 name='vgpu-win10' uuid=916c5c36-0437-11e7-a23d-830ed1295d00 is tainted: high-privileges 2017-03-26 23:38:12.356+0000: 2882: warning : virDomainAuditHostdev:456 : Unexpected hostdev type while encoding audit message: 4 Domain vgpu-win10 started

Regards Yongli He > since v1: > - new <hostdev> attribute model introduced which tells libvirt which > device API > should be considered when auto-assigning guest address > - device_api is properly checked, thus taking the 'model' attribute > only as a > hint to assign "some" address > - new address type 'mdev' is introduced rather than using plain > <uuid> element, > since the address element is more conveniently extendable. > - the emulated mtty driver now works as well out of the box, so no HW > needed to > review this series --> let's try it :) > - fixed all the nits from v1 > > since v2: > - dropped the patch introducing new address type 'mdev' since I added by > mistake and only after that realized that the device address type > enum is used > for guest addresses only > --> the mdevs are still identified by address element containing > an 'uuid' > attribute, I just dropped the enum > - resolved the driver hostdev list race condition raised by Pavel in > his review > --> the device API is now checked every time our internal mdev > object is > created as opposed to the previous version where because of the > model being > checked separately, the locking issues arose. > - rewrote the docs, reflecting the mdev address type drop change > - squashed all security related stuff into 1 patch, also added > app-armor bits > - as Pavel suggested, moved most of the mdev-related functions out of > virhostdev.c to virmdev.c > - added a few more test cases > - created a new branch 'mdev-next' on my github (more suitable name > than a > strict version number) on > https://github.com/eskultety/libvirt/commits/mdev-next > > since v3: > - 'undo' an accidental squash of virmdev.{c,h} module introduction > into patch > 4/15 and made it a separate patch again > - squash 5/15 into 4/15 as Pavel suggested > - dropped the NEWS patch, as I've so far got at least 4 merge > conflicts because > of it when rebasing...I'll add it before the series is ready to be > merged...or I'll forget about it like I usually do and add it later :/ > > Erik > > Erik Skultety (14): > conf: hostdev: Enforce enum-in-switch compile-time checks > conf: hostdev: Introduce virDomainHostdevSubsysSCSIClear > conf: Introduce virDomainHostdevDefPostParse > util: Introduce new module virmdev > conf: Introduce new hostdev device type mdev > security: Enable labeling of vfio mediated devices > conf: Enable cold-plug of a mediated device > qemu: Assign PCI addresses for mediated devices as well > hostdev: Maintain a driver list of active mediated devices > qemu: cgroup: Adjust cgroups' logic to allow mediated devices > qemu: Bump the memory locking limit for mdevs as well > qemu: Format mdevs on qemu command line > test: Add some test cases for our test suite regarding the mdevs > docs: Document the new hostdev and address type 'mdev' > > docs/formatdomain.html.in | 46 +- > docs/schemas/domaincommon.rng | 22 + > po/POTFILES.in | 1 + > src/Makefile.am | 1 + > src/conf/domain_conf.c | 225 ++++++++-- > src/conf/domain_conf.h | 9 + > src/libvirt_private.syms | 25 ++ > src/qemu/qemu_command.c | 45 ++ > src/qemu/qemu_command.h | 5 + > src/qemu/qemu_domain.c | 24 +- > src/qemu/qemu_domain.h | 1 + > src/qemu/qemu_domain_address.c | 14 +- > src/qemu/qemu_hostdev.c | 56 +++ > src/qemu/qemu_hostdev.h | 10 + > src/qemu/qemu_hotplug.c | 2 + > src/security/security_apparmor.c | 22 + > src/security/security_dac.c | 43 ++ > src/security/security_selinux.c | 45 ++ > src/util/virhostdev.c | 165 ++++++- > src/util/virhostdev.h | 23 + > src/util/virmdev.c | 487 > +++++++++++++++++++++ > src/util/virmdev.h | 123 ++++++ > tests/domaincapsschemadata/full.xml | 1 + > ...ml2argv-hostdev-mdev-invalid-target-address.xml | 33 ++ > ...muxml2argv-hostdev-mdev-src-address-invalid.xml | 35 ++ > .../qemuxml2argv-hostdev-mdev-unmanaged.args | 25 ++ > .../qemuxml2argv-hostdev-mdev-unmanaged.xml | 35 ++ > tests/qemuxml2argvtest.c | 9 + > .../qemuxml2xmlout-hostdev-mdev-unmanaged.xml | 40 ++ > tests/qemuxml2xmltest.c | 1 + > 30 files changed, 1518 insertions(+), 55 deletions(-) > create mode 100644 src/util/virmdev.c > create mode 100644 src/util/virmdev.h > create mode 100644 > tests/qemuxml2argvdata/qemuxml2argv-hostdev-mdev-invalid-target-address.xml > create mode 100644 > tests/qemuxml2argvdata/qemuxml2argv-hostdev-mdev-src-address-invalid.xml > create mode 100644 > tests/qemuxml2argvdata/qemuxml2argv-hostdev-mdev-unmanaged.args > create mode 100644 > tests/qemuxml2argvdata/qemuxml2argv-hostdev-mdev-unmanaged.xml > create mode 100644 > tests/qemuxml2xmloutdata/qemuxml2xmlout-hostdev-mdev-unmanaged.xml > -- libvir-list mailing list libvir-list(a)redhat.com https://www.redhat.com/mailman/listinfo/libvir-list