March 2017 - Devel - libvirt List Archives

[libvirt] [PATCH] docs: document virt-host-validate bhyve support
by Roman Bogorodskiy 13 Mar '17

13 Mar '17

Add an entry about virt-host-validate bhyve support and update the driver's page. --- docs/drvbhyve.html.in | 13 ++++++++++++- docs/news.xml | 10 +++++++++- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/docs/drvbhyve.html.in b/docs/drvbhyve.html.in index da6f1e0b2..64a1ff694 100644 --- a/docs/drvbhyve.html.in +++ b/docs/drvbhyve.html.in @@ -13,9 +13,20 @@ of bhyve are supported. In order to enable bhyve on your FreeBSD host, you'll need to load the <code>vmm</code> kernel module. Additionally, <code>if_tap</code> and <code>if_bridge</code> modules -should be loaded for networking support. +should be loaded for networking support. Also, <span class="since">since 3.2.0</span> the +<code>virt-host-validate(1)</code> supports the bhyve host validation and could be +used like this: </p> +<pre> +$ virt-host-validate bhyve + BHYVE: Checking for vmm module : PASS + BHYVE: Checking for if_tap module : PASS + BHYVE: Checking for if_bridge module : PASS + BHYVE: Checking for nmdm module : PASS +$ +</pre> + <p> Additional information on bhyve could be obtained on <a href="http://bhyve.org/">bhyve.org</a>. </p> diff --git a/docs/news.xml b/docs/news.xml index 951539575..57fafebb8 100644 --- a/docs/news.xml +++ b/docs/news.xml @@ -12,7 +12,15 @@ <libvirt> <release version="v3.2.0" date="unreleased"> <section title="New features"> - <change/> + <change> + <summary> + virt-host-validate: Add bhyve support + </summary> + <description> + Add support for validation of the bhyve hypervisor hosts + using the virt-host-validate tool. + </description> + </change> </section> <section title="Improvements"> <change> -- 2.11.0

2 2

[libvirt] [PATCH] Switch to GSSAPI (kerberos) instead of the insecure DIGEST-MD5
by Daniel P. Berrange 13 Mar '17

13 Mar '17

RFC 6331 documents a number of serious security weaknesses in the SASL DIGEST-MD5 mechanism. As such, libvirtd should not by using it as a default mechanism. GSSAPI is the only other viable SASL mechanism that can provide secure session encryption so enable that by defalt as the replacement. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> --- daemon/libvirtd.sasl | 44 +++++++++++++++++--------- docs/auth.html.in | 89 +++++++++++++++++++++++++++++++++++++++++----------- libvirt.spec.in | 6 ++-- 3 files changed, 102 insertions(+), 37 deletions(-) diff --git a/daemon/libvirtd.sasl b/daemon/libvirtd.sasl index 5e2528d..2be99ef 100644 --- a/daemon/libvirtd.sasl +++ b/daemon/libvirtd.sasl @@ -1,31 +1,45 @@ -# If you want to use the non-TLS socket, then you *must* include -# the GSSAPI or DIGEST-MD5 mechanisms, because they are the only -# ones that can offer session encryption as well as authentication. +# If you want to use the non-TLS socket, then you *must* pick a +# mechanism which provides session encryption as well as +# authentication. # -# If you're only using TLS, then you can turn on any mechanisms +# If you are only using TLS, then you can turn on any mechanisms # you like for authentication, because TLS provides the encryption # -# Default to a simple username+password mechanism -mech_list: digest-md5 +# If you are only using UNIX, sockets then encryption is not +# required at all. +# +# Since SASL is the default for the libvirtd non-TLS socket, we +# pick a strong mechanism by default. +# +# NB, previously DIGEST-MD5 was set as the default mechanism for +# libvirt. Per RFC 6331 this is vulnerable to many serious security +# flaws as should no longer be used. Thus GSSAPI is now the default. +# +# To use GSSAPI requires that a libvirtd service principal is +# added to the Kerberos server for each host running libvirtd. +# This principal needs to be exported to the keytab file listed below +mech_list: gssapi + +# If using a TLS socket or UNIX socket only, it is possible to +# enable plugins which don't provide session encryption. The +# 'scram-sha-1' plugin allows plain username/password authentication +# to be performed +# +#mech_list: scram-sha-1 -# Before you can use GSSAPI, you need a service principle on the -# KDC server for libvirt, and that to be exported to the keytab -# file listed below -#mech_list: gssapi # # You can also list many mechanisms at once, then the user can choose # by adding '?auth=sasl.gssapi' to their libvirt URI, eg # qemu+tcp://hostname/system?auth=sasl.gssapi -#mech_list: digest-md5 gssapi +#mech_list: scram-sha-1 gssapi # Some older builds of MIT kerberos on Linux ignore this option & # instead need KRB5_KTNAME env var. # For modern Linux, and other OS, this should be sufficient # -# There is no default value here, uncomment if you need this -#keytab: /etc/libvirt/krb5.tab +keytab: /etc/libvirt/krb5.tab -# If using digest-md5 for username/passwds, then this is the file +# If using scram-sha-1 for username/passwds, then this is the file # containing the passwds. Use 'saslpasswd2 -a libvirt [username]' # to add entries, and 'sasldblistusers2 -f [sasldb_path]' to browse it -sasldb_path: /etc/libvirt/passwd.db +#sasldb_path: /etc/libvirt/passwd.db diff --git a/docs/auth.html.in b/docs/auth.html.in index 08feacc..9f2e317 100644 --- a/docs/auth.html.in +++ b/docs/auth.html.in @@ -204,16 +204,71 @@ ResultActive=yes</pre> Further examples of PolicyKit setup can be found on the <a href="http://wiki.libvirt.org/page/SSHPolicyKitSetup">wiki page</a>. </p> - <h2><a name="ACL_server_username">Username/password auth</a></h2> + <h2><a name="ACL_server_sasl">SASL pluggable authentication</a></h2> + <p> -The plain TCP socket of the libvirt daemon defaults to using SASL for authentication. -The SASL mechanism configured by default is DIGEST-MD5, which provides a basic -username+password style authentication. It also provides for encryption of the data -stream, so the security of the plain TCP socket is on a par with that of the TLS -socket. If desired the UNIX socket and TLS socket can also have SASL enabled by -setting the <code>auth_unix_ro</code>, <code>auth_unix_rw</code>, <code>auth_tls</code> -config params in <code>libvirt.conf</code>. -</p> +Libvirt integrates with the cyrus-sasl library to provide a pluggable authentication +system using the SASL protocol. SASL can be used in combination with libvirtd's TLS +or TCP socket listeners. When used with the TCP listener, the SASL mechanism is +rqeuired to provide session encryption in addition to authentication. Only a very +few SASL mechanisms are able todo this, and of those that can do it, only the +GSSAPI plugin is considered acceptably secure by modern standards: + </p> + + <dl> + <dt>GSSAPI</dt> + <dd><strong>This is the current default mechanism to use with libvirtd</strong>. + It uses the Kerberos v5 authentication protocol underneath, and assuming + the Kerberos client/server are configured with modern ciphers (AES), + it provides strong session encryption capabilities.</dd> + + <dt>DIGEST-MD5</dt> + <dd>This was previously set as the default mechanism to use with libvirtd. + It provides a simple username/password based authentication mechanism + that includes session encryption. + <a href="https://tools.ietf.org/html/rfc6331">RFC 6331</a>, however, + documents a number of serious security flaws with DIGEST-MD5 and as a + result marks it as <code>OBSOLETE</code>. Specific concerns are that + it is vulnerable to MITM attacks and the MD5 hash can be brute-forced + to reveal the password. A replacement is provided via the SCRAM mechanism, + however, note that this is does not provide encryption, so the SCRAM + mechanism can only be used on the libvirtd TLS listener. + </dd> + + <dt>PASSDSS-3DES-1</dt> + <dd>This provides a simple username/password based authentication + mechanism that includes session encryption. The current cyrus-sasl + implementation does not provide a way to validate the server's + public key identity, thus it is susceptible to a MITM attacker + impersonating the server.</dd> + + <dt>KERBEROS_V4</dt> + <dd>This uses the obsolete Kerberos v4 protocol to provide both authentication + and session encryption. Kerberos v4 protocol has been obsolete since the + early 1990's and has known security vulnerabilities so this will never be + used in practice.</dd> + </dl> + + <p> + Other SASL mechanisms, not listed above, can only be used when the libvirtd + TLS or UNIX socket listeners. + </p> + + <h3><a name="ACL_server_username">Username/password auth</a></h3> + <p> +As noted above, the DIGEST-MD5 mechanism is considered obsolete and should +not be used anymore. To provide a simple username/password auth scheme on +the libvirt UNIX socket or TLS listeners, however, it is possible to use +the SCRAM mechanism. The <code>auth_unix_ro</code>, <code>auth_unix_rw</code>, +<code>auth_tls</code> config params in <code>libvirt.conf</code> can be used +to turn on SASL auth in these listeners. + </p> + <p> +Since the libvirt SASL config file defaults to using GSSAPI (Kerberos), a +config change is rquired to enable plain password auth. This is done by +editting <code>/etc/sasl2/libvirt.conf</code> to set the <code>mech_list</code> +parameter to <code>scram-sha-1</code>. + </p> <p> Out of the box, no user accounts are defined, so no clients will be able to authenticate on the TCP socket. Adding users and setting their passwords is done with the <code>saslpasswd2</code> @@ -241,17 +296,13 @@ again: <pre> # saslpasswd2 -a libvirt -d fred </pre> - <h2><a name="ACL_server_kerberos">Kerberos auth</a></h2> + <h3><a name="ACL_server_kerberos">GSSAPI/Kerberos auth</a></h3> <p> -The plain TCP socket of the libvirt daemon defaults to using SASL for authentication. -The SASL mechanism configured by default is DIGEST-MD5, which provides a basic -username+password style authentication. To enable Kerberos single-sign-on instead, -the libvirt SASL configuration file must be changed. This is <code>/etc/sasl2/libvirt.conf</code>. -The <code>mech_list</code> parameter must first be changed to <code>gssapi</code> -instead of the default <code>digest-md5</code>, and keytab should be set to -<code>/etc/libvirt/krb5.tab</code> . If SASL is enabled on the UNIX -and/or TLS sockets, Kerberos will also be used for them. Like DIGEST-MD5, the Kerberos -mechanism provides data encryption of the session. +The plain TCP listener of the libvirt daemon defaults to using SASL for authentication. +The libvirt SASL config also defaults to GSSAPI, so there is no need to edit the +SASL config when using GSSAPI. If the libvirtd TLS or UNIX listeners are used, +then the Kerberos session encryption will be disabled since it is not required +in these scenarios - only the plain TCP listener needs encryption </p> <p> Some operating systems do not install the SASL kerberos plugin by default. It diff --git a/libvirt.spec.in b/libvirt.spec.in index 57ac88e..1d24985 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -979,9 +979,9 @@ Group: Development/Libraries # (client invokes 'nc' against the UNIX socket on the server) Requires: nc Requires: cyrus-sasl -# Not technically required, but makes 'out-of-box' config -# work correctly & doesn't have onerous dependencies -Requires: cyrus-sasl-md5 +# Needed by default sasl.conf - no onerous extra deps, since +# 100's of other things on a system already pull in krb5-libs +Requires: cyrus-sasl-gssapi %description libs Shared libraries for accessing the libvirt daemon. -- 2.9.3

3 2

[libvirt] [PATCH 0/7] qemu: Report better host-model CPUs in domain caps
by Jiri Denemark 13 Mar '17

13 Mar '17

One of the main reasons for introducing host-model CPU definition in a domain capabilities XML was the inability to express disabled features in a host capabilities XML. That is, when a host CPU is, e.g., Haswell without x2apic support, host capabilities XML will have to report it as Westmere + a bunch of additional features., but we really want to use Haswell - x2apic when creating a host-model CPU. Unfortunately, I somehow forgot to do the last step and the code would just copy the CPU definition found in the host capabilities XML. This changed recently for new QEMU versions which allow us to query host CPU, but any slightly older QEMU will not benefit from any change I did. This patch makes sure the right CPU model is filled in the domain capabilities even with old QEMU. The issue was reported in https://bugzilla.redhat.com/show_bug.cgi?id=1426456 Jiri Denemark (7): Do not format <arch> in guest CPU XML cpu: Replace cpuNodeData with virCPUGetHost cpu: Add virCPUType parameter to virCPUGetHost cpu: Add list of allowed CPU models to virCPUGetHost qemu: Refactor virQEMUCapsInitCPU qemu: Report better host-model CPUs in domain caps cputest: New test for Intel Core i7-4510U src/bhyve/bhyve_capabilities.c | 35 +--- src/conf/cpu_conf.c | 2 +- src/cpu/cpu.c | 100 ++++++++-- src/cpu/cpu.h | 16 +- src/cpu/cpu_arm.c | 1 - src/cpu/cpu_ppc64.c | 30 +-- src/cpu/cpu_s390.c | 1 - src/cpu/cpu_x86.c | 29 ++- src/libvirt_private.syms | 2 +- src/qemu/qemu_capabilities.c | 61 +++---- src/qemu/qemu_capspriv.h | 5 + src/vmware/vmware_conf.c | 20 +- src/vz/vz_driver.c | 22 +-- tests/Makefile.am | 11 +- tests/cputest.c | 1 + tests/cputestdata/x86_64-cpuid-A10-5800K-guest.xml | 1 - tests/cputestdata/x86_64-cpuid-A10-5800K-json.xml | 1 - tests/cputestdata/x86_64-cpuid-Atom-D510-guest.xml | 1 - tests/cputestdata/x86_64-cpuid-Atom-N450-guest.xml | 1 - .../x86_64-cpuid-Core-i5-2500-guest.xml | 1 - .../cputestdata/x86_64-cpuid-Core-i5-2500-json.xml | 1 - .../x86_64-cpuid-Core-i5-2540M-guest.xml | 1 - .../x86_64-cpuid-Core-i5-2540M-json.xml | 1 - .../x86_64-cpuid-Core-i5-4670T-guest.xml | 1 - .../x86_64-cpuid-Core-i5-4670T-json.xml | 1 - .../x86_64-cpuid-Core-i5-6600-guest.xml | 1 - .../cputestdata/x86_64-cpuid-Core-i5-6600-json.xml | 1 - .../x86_64-cpuid-Core-i7-2600-guest.xml | 1 - .../cputestdata/x86_64-cpuid-Core-i7-2600-json.xml | 1 - .../x86_64-cpuid-Core-i7-3520M-guest.xml | 1 - .../x86_64-cpuid-Core-i7-3740QM-guest.xml | 1 - .../x86_64-cpuid-Core-i7-3740QM-json.xml | 1 - .../x86_64-cpuid-Core-i7-3770-guest.xml | 1 - .../cputestdata/x86_64-cpuid-Core-i7-3770-json.xml | 1 - .../x86_64-cpuid-Core-i7-4510U-guest.xml | 29 +++ .../x86_64-cpuid-Core-i7-4510U-host.xml | 44 +++++ .../x86_64-cpuid-Core-i7-4510U-json.xml | 15 ++ tests/cputestdata/x86_64-cpuid-Core-i7-4510U.json | 203 +++++++++++++++++++++ tests/cputestdata/x86_64-cpuid-Core-i7-4510U.xml | 34 ++++ .../x86_64-cpuid-Core-i7-4600U-guest.xml | 1 - .../x86_64-cpuid-Core-i7-4600U-json.xml | 1 - .../x86_64-cpuid-Core-i7-5600U-guest.xml | 1 - .../x86_64-cpuid-Core-i7-5600U-json.xml | 1 - .../cputestdata/x86_64-cpuid-Core2-E6850-guest.xml | 1 - .../cputestdata/x86_64-cpuid-Core2-E6850-json.xml | 1 - .../cputestdata/x86_64-cpuid-Core2-Q9500-guest.xml | 1 - tests/cputestdata/x86_64-cpuid-FX-8150-guest.xml | 1 - .../x86_64-cpuid-Opteron-1352-guest.xml | 1 - .../x86_64-cpuid-Opteron-2350-guest.xml | 1 - .../cputestdata/x86_64-cpuid-Opteron-2350-json.xml | 1 - .../x86_64-cpuid-Opteron-6234-guest.xml | 1 - .../cputestdata/x86_64-cpuid-Opteron-6234-json.xml | 1 - .../x86_64-cpuid-Opteron-6282-guest.xml | 1 - .../x86_64-cpuid-Pentium-P6100-guest.xml | 1 - .../cputestdata/x86_64-cpuid-Phenom-B95-guest.xml | 1 - tests/cputestdata/x86_64-cpuid-Phenom-B95-json.xml | 1 - tests/cputestdata/x86_64-cpuid-Xeon-5110-guest.xml | 1 - .../x86_64-cpuid-Xeon-E3-1245-guest.xml | 1 - .../cputestdata/x86_64-cpuid-Xeon-E3-1245-json.xml | 1 - .../x86_64-cpuid-Xeon-E5-2630-guest.xml | 1 - .../cputestdata/x86_64-cpuid-Xeon-E5-2630-json.xml | 1 - .../x86_64-cpuid-Xeon-E5-2650-guest.xml | 1 - .../cputestdata/x86_64-cpuid-Xeon-E5-2650-json.xml | 1 - .../x86_64-cpuid-Xeon-E7-4820-guest.xml | 1 - .../cputestdata/x86_64-cpuid-Xeon-E7-4820-json.xml | 1 - .../x86_64-cpuid-Xeon-E7-8890-guest.xml | 1 - .../cputestdata/x86_64-cpuid-Xeon-W3520-guest.xml | 1 - tests/cputestdata/x86_64-cpuid-Xeon-W3520-json.xml | 1 - .../cputestdata/x86_64-cpuid-Xeon-X5460-guest.xml | 1 - tests/domaincapstest.c | 6 + tests/qemucpumock.c | 35 ++++ tests/qemuxml2argvtest.c | 6 +- 72 files changed, 560 insertions(+), 197 deletions(-) create mode 100644 tests/cputestdata/x86_64-cpuid-Core-i7-4510U-guest.xml create mode 100644 tests/cputestdata/x86_64-cpuid-Core-i7-4510U-host.xml create mode 100644 tests/cputestdata/x86_64-cpuid-Core-i7-4510U-json.xml create mode 100644 tests/cputestdata/x86_64-cpuid-Core-i7-4510U.json create mode 100644 tests/cputestdata/x86_64-cpuid-Core-i7-4510U.xml create mode 100644 tests/qemucpumock.c -- 2.12.0

2 8

[libvirt] [PATCH] qemuDomainBuildNamespace: Handle file mount points
by Michal Privoznik 13 Mar '17

13 Mar '17

https://bugzilla.redhat.com/show_bug.cgi?id=1431112 Yeah, that's right. A mount point doesn't have to be a directory. It can be a file too. However, the code that tries to preserve mount points under /dev for new namespace for qemu does not count with that option. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- src/qemu/qemu_domain.c | 37 +++++++++++++++++++++++++++++++++---- 1 file changed, 33 insertions(+), 4 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index d5833b026..07ce22417 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -7741,10 +7741,21 @@ qemuDomainBuildNamespace(virQEMUDriverConfigPtr cfg, /* Save some mount points because we want to share them with the host */ for (i = 0; i < ndevMountsPath; i++) { + struct stat sb; + if (devMountsSavePath[i] == devPath) continue; - if (virFileMakePath(devMountsSavePath[i]) < 0) { + if (stat(devMountsPath[i], &sb) < 0) { + virReportSystemError(errno, + _("Unable to stat: %s"), + devMountsPath[i]); + goto cleanup; + } + + /* At this point, devMountsPath is either a regular file or a directory. */ + if ((S_ISDIR(sb.st_mode) && virFileMakePath(devMountsSavePath[i]) < 0) || + (S_ISREG(sb.st_mode) && virFileTouch(devMountsSavePath[i], sb.st_mode) < 0)) { virReportSystemError(errno, _("Failed to create %s"), devMountsSavePath[i]); @@ -7780,15 +7791,33 @@ qemuDomainBuildNamespace(virQEMUDriverConfigPtr cfg, goto cleanup; for (i = 0; i < ndevMountsPath; i++) { + struct stat sb; + if (devMountsSavePath[i] == devPath) continue; - if (virFileMakePath(devMountsPath[i]) < 0) { - virReportSystemError(errno, _("Cannot create %s"), - devMountsPath[i]); + if (stat(devMountsSavePath[i], &sb) < 0) { + virReportSystemError(errno, + _("Unable to stat: %s"), + devMountsSavePath[i]); goto cleanup; } + if (S_ISDIR(sb.st_mode)) { + if (virFileMakePath(devMountsPath[i]) < 0) { + virReportSystemError(errno, _("Cannot create %s"), + devMountsPath[i]); + goto cleanup; + } + } else { + if (virFileMakeParentPath(devMountsPath[i]) < 0 || + virFileTouch(devMountsPath[i], sb.st_mode) < 0) { + virReportSystemError(errno, _("Cannot create %s"), + devMountsPath[i]); + goto cleanup; + } + } + if (virFileMoveMount(devMountsSavePath[i], devMountsPath[i]) < 0) goto cleanup; } -- 2.11.0

2 1

[libvirt] [PATCH] Enable forgotten VIR_CONNECT_LIST_STORAGE_POOLS_* flags
by Jiri Denemark 13 Mar '17

13 Mar '17

VIR_CONNECT_LIST_STORAGE_POOLS_VSTORAGE and VIR_CONNECT_LIST_STORAGE_POOLS_ZFS were added to libvirt but the listing API was not properly updated to use them. https://bugzilla.redhat.com/show_bug.cgi?id=1431543 Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com> --- src/conf/storage_conf.c | 6 +++++- src/conf/storage_conf.h | 3 ++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/conf/storage_conf.c b/src/conf/storage_conf.c index a52eeba07..3cfaf2b9b 100644 --- a/src/conf/storage_conf.c +++ b/src/conf/storage_conf.c @@ -2671,7 +2671,11 @@ virStoragePoolMatch(virStoragePoolObjPtr poolobj, (MATCH(VIR_CONNECT_LIST_STORAGE_POOLS_SHEEPDOG) && (poolobj->def->type == VIR_STORAGE_POOL_SHEEPDOG)) || (MATCH(VIR_CONNECT_LIST_STORAGE_POOLS_GLUSTER) && - (poolobj->def->type == VIR_STORAGE_POOL_GLUSTER)))) + (poolobj->def->type == VIR_STORAGE_POOL_GLUSTER)) || + (MATCH(VIR_CONNECT_LIST_STORAGE_POOLS_ZFS) && + poolobj->def->type == VIR_STORAGE_POOL_ZFS) || + (MATCH(VIR_CONNECT_LIST_STORAGE_POOLS_VSTORAGE) && + poolobj->def->type == VIR_STORAGE_POOL_VSTORAGE))) return false; } diff --git a/src/conf/storage_conf.h b/src/conf/storage_conf.h index 1723afc0a..c3a88d284 100644 --- a/src/conf/storage_conf.h +++ b/src/conf/storage_conf.h @@ -544,7 +544,8 @@ VIR_ENUM_DECL(virStoragePartedFs) VIR_CONNECT_LIST_STORAGE_POOLS_RBD | \ VIR_CONNECT_LIST_STORAGE_POOLS_SHEEPDOG | \ VIR_CONNECT_LIST_STORAGE_POOLS_GLUSTER | \ - VIR_CONNECT_LIST_STORAGE_POOLS_ZFS) + VIR_CONNECT_LIST_STORAGE_POOLS_ZFS | \ + VIR_CONNECT_LIST_STORAGE_POOLS_VSTORAGE) # define VIR_CONNECT_LIST_STORAGE_POOLS_FILTERS_ALL \ (VIR_CONNECT_LIST_STORAGE_POOLS_FILTERS_ACTIVE | \ -- 2.12.0

2 1

[libvirt] [PATCH 7/7] docs: moved 'timestamps' and 'encryption' sub-element description in formatstorage doc
by Alexander Vasilenko 12 Mar '17

12 Mar '17

--- docs/formatstorage.html.in | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/docs/formatstorage.html.in b/docs/formatstorage.html.in index c787a059d..225e19000 100644 --- a/docs/formatstorage.html.in +++ b/docs/formatstorage.html.in @@ -456,24 +456,6 @@ will be filled with the values used by the existing directory. <span class="since">Since 1.2.16</span> </dd> - <dt><code>timestamps</code></dt> - <dd>Provides timing information about the volume. Up to four - sub-elements are present, - where <code>atime</code>, <code>btime</code>, <code>ctime</code> - and <code>mtime</code> hold the access, birth, change and - modification time of the volume, where known. The used time - format is <seconds>.<nanoseconds> since the - beginning of the epoch (1 Jan 1970). If nanosecond resolution - is 0 or otherwise unsupported by the host OS or filesystem, - then the nanoseconds part is omitted. This is a readonly - attribute and is ignored when creating a volume. - <span class="since">Since 0.10.0</span> - </dd> - <dt><code>encryption</code></dt> - <dd>If present, specifies how the volume is encrypted. See - the <a href="formatstorageencryption.html">Storage Encryption</a> page - for more information. - </dd> </dl> <h3><a name="StoragePoolExtents">Device extents</a></h3> @@ -658,6 +640,24 @@ will be filled with the values used by the existing file. <span class="since">Since 0.4.1</span> </dd> + <dt><code>timestamps</code></dt> + <dd>Provides timing information about the volume. Up to four + sub-elements are present, + where <code>atime</code>, <code>btime</code>, <code>ctime</code> + and <code>mtime</code> hold the access, birth, change and + modification time of the volume, where known. The used time + format is <seconds>.<nanoseconds> since the + beginning of the epoch (1 Jan 1970). If nanosecond resolution + is 0 or otherwise unsupported by the host OS or filesystem, + then the nanoseconds part is omitted. This is a readonly + attribute and is ignored when creating a volume. + <span class="since">Since 0.10.0</span> + </dd> + <dt><code>encryption</code></dt> + <dd>If present, specifies how the volume is encrypted. See + the <a href="formatstorageencryption.html">Storage Encryption</a> page + for more information. + </dd> <dt><code>compat</code></dt> <dd>Specify compatibility level. So far, this is only used for <code>type='qcow2'</code> volumes. Valid values are <code>0.10</code> -- 2.12.0

1 0

[libvirt] [PATCH 0/6] bhyve UEFI and graphics support
by Roman Bogorodskiy 12 Mar '17

12 Mar '17

Fabian Freyer (5): bhyve: virBhyveProbeCaps: BHYVE_CAP_LPC_BOOTROM bhyve: add support for booting from UEFI bhyve: test cases for UEFI bhyvexml2argvtest bhyve: enumerate UEFI firmwares bhyve: add video support Roman Bogorodskiy (1): bhyve: test cases for VNC docs/formatdomain.html.in | 3 +- docs/schemas/domaincommon.rng | 1 + po/POTFILES.in | 1 + src/bhyve/bhyve_capabilities.c | 93 ++++++++++++++++ src/bhyve/bhyve_capabilities.h | 2 + src/bhyve/bhyve_command.c | 130 +++++++++++++++++++++- src/bhyve/bhyve_device.c | 11 ++ src/bhyve/bhyve_driver.c | 27 ++++- src/bhyve/bhyve_process.c | 55 ++++----- src/conf/domain_conf.c | 5 +- src/conf/domain_conf.h | 1 + src/qemu/qemu_command.c | 9 +- src/qemu/qemu_domain_address.c | 1 + tests/bhyvexml2argvdata/bhyvexml2argv-uefi.args | 11 ++ tests/bhyvexml2argvdata/bhyvexml2argv-uefi.ldargs | 1 + tests/bhyvexml2argvdata/bhyvexml2argv-uefi.xml | 23 ++++ tests/bhyvexml2argvdata/bhyvexml2argv-vnc.args | 12 ++ tests/bhyvexml2argvdata/bhyvexml2argv-vnc.ldargs | 1 + tests/bhyvexml2argvdata/bhyvexml2argv-vnc.xml | 26 +++++ tests/bhyvexml2argvtest.c | 18 ++- tests/domaincapsschemadata/full.xml | 1 + 21 files changed, 394 insertions(+), 38 deletions(-) create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-uefi.args create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-uefi.ldargs create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-uefi.xml create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-vnc.args create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-vnc.ldargs create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-vnc.xml -- 2.11.0

4 18

[libvirt] [PATCH] virt-host-validate: add bhyve support
by Roman Bogorodskiy 11 Mar '17

11 Mar '17

Add bhyve support to virt-host-validate(1). It checks for the essential kernel modules to be available so that user can actually start VMs, have networking and console access. It uses the kldnext(2)/kldstat(2) routines to retrieve modules list. As bhyve is only available on FreeBSD and these routines were available long before bhyve appeared, not adding any specific configure checks for that. --- po/POTFILES.in | 1 + tools/Makefile.am | 1 + tools/virt-host-validate-bhyve.c | 78 ++++++++++++++++++++++++++++++++++++++++ tools/virt-host-validate-bhyve.h | 27 ++++++++++++++ tools/virt-host-validate.c | 12 +++++++ tools/virt-host-validate.pod | 4 +-- 6 files changed, 121 insertions(+), 2 deletions(-) create mode 100644 tools/virt-host-validate-bhyve.c create mode 100644 tools/virt-host-validate-bhyve.h diff --git a/po/POTFILES.in b/po/POTFILES.in index 9f66697d7..51b5859cb 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -306,6 +306,7 @@ tools/virsh-snapshot.c tools/virsh-volume.c tools/virsh.c tools/virt-admin.c +tools/virt-host-validate-bhyve.c tools/virt-host-validate-common.c tools/virt-host-validate-lxc.c tools/virt-host-validate-qemu.c diff --git a/tools/Makefile.am b/tools/Makefile.am index e6ae15025..a8bd3d1c2 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -142,6 +142,7 @@ virt_host_validate_SOURCES = \ virt-host-validate-common.c virt-host-validate-common.h \ virt-host-validate-qemu.c virt-host-validate-qemu.h \ virt-host-validate-lxc.c virt-host-validate-lxc.h \ + virt-host-validate-bhyve.c virt-host-validate-bhyve.h \ $(NULL) virt_host_validate_LDFLAGS = \ diff --git a/tools/virt-host-validate-bhyve.c b/tools/virt-host-validate-bhyve.c new file mode 100644 index 000000000..c7bf96f05 --- /dev/null +++ b/tools/virt-host-validate-bhyve.c @@ -0,0 +1,78 @@ +/* + * virt-host-validate-bhyve.c: Sanity check a bhyve hypervisor host + * + * Copyright (C) 2017 Roman Bogorodskiy + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * <http://www.gnu.org/licenses/>. + * + */ + +#include <config.h> + +#include <sys/param.h> +#include <sys/linker.h> +#include <stdio.h> + +#include "virt-host-validate-bhyve.h" +#include "virt-host-validate-common.h" + +#define MODULE_STATUS(mod, err_msg, err_code) \ + virHostMsgCheck("BHYVE", _("for %s module"), #mod); \ + if (mod ## _loaded) { \ + virHostMsgPass(); \ + } else { \ + virHostMsgFail(err_code, \ + _("%s module is not loaded, " err_msg), \ + #mod); \ + ret = -1; \ + } \ + +#define MODULE_STATUS_FAIL(mod, err_msg) \ + MODULE_STATUS(mod, err_msg, VIR_HOST_VALIDATE_FAIL) + +#define MODULE_STATUS_WARN(mod, err_msg) \ + MODULE_STATUS(mod, err_msg, VIR_HOST_VALIDATE_WARN) + + +int virHostValidateBhyve(void) +{ + int ret = 0; + int fileid = 0; + struct kld_file_stat stat; + bool vmm_loaded = false, if_tap_loaded = false; + bool if_bridge_loaded = false, nmdm_loaded = false; + + for (fileid = kldnext(0); fileid > 0; fileid = kldnext(fileid)) { + stat.version = sizeof(struct kld_file_stat); + if (kldstat(fileid, &stat) < 0) + continue; + + if (STREQ(stat.name, "vmm.ko")) + vmm_loaded = true; + else if (STREQ(stat.name, "if_tap.ko")) + if_tap_loaded = true; + else if (STREQ(stat.name, "if_bridge.ko")) + if_bridge_loaded = true; + else if (STREQ(stat.name, "nmdm.ko")) + nmdm_loaded = true; + } + + MODULE_STATUS_FAIL(vmm, "will not be able to start VMs"); + MODULE_STATUS_WARN(if_tap, "networking will not work"); + MODULE_STATUS_WARN(if_bridge, "bridged networking will not work"); + MODULE_STATUS_WARN(nmdm, "nmdm console will not work"); + + return ret; +} diff --git a/tools/virt-host-validate-bhyve.h b/tools/virt-host-validate-bhyve.h new file mode 100644 index 000000000..290d4336f --- /dev/null +++ b/tools/virt-host-validate-bhyve.h @@ -0,0 +1,27 @@ +/* + * virt-host-validate-bhyve.h: Sanity check a bhyve hypervisor host + * + * Copyright (C) 2017 Roman Bogorodskiy + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * <http://www.gnu.org/licenses/>. + * + */ + +#ifndef __VIRT_HOST_VALIDATE_BHYVE_H__ +# define __VIRT_HOST_VALIDATE_BHYVE_H__ + +int virHostValidateBhyve(void); + +#endif /* __VIRT_HOST_VALIDATE_BHYVE_H__ */ diff --git a/tools/virt-host-validate.c b/tools/virt-host-validate.c index f09282412..29d2482b6 100644 --- a/tools/virt-host-validate.c +++ b/tools/virt-host-validate.c @@ -36,6 +36,9 @@ #if WITH_LXC # include "virt-host-validate-lxc.h" #endif +#if WITH_BHYVE +# include "virt-host-validate-bhyve.h" +#endif static void show_help(FILE *out, const char *argv0) @@ -48,6 +51,7 @@ show_help(FILE *out, const char *argv0) "\n" " - qemu\n" " - lxc\n" + " - bhyve\n" "\n" " Options:\n" " -h, --help Display command line help\n" @@ -130,6 +134,14 @@ main(int argc, char **argv) } #endif +#if WITH_BHYVE + if (!hvname || STREQ(hvname, "bhyve")) { + usedHvname = true; + if (virHostValidateBhyve() < 0) + ret = EXIT_FAILURE; + } +#endif + if (hvname && !usedHvname) { fprintf(stderr, _("%s: unsupported hypervisor name %s\n"), argv[0], hvname); diff --git a/tools/virt-host-validate.pod b/tools/virt-host-validate.pod index 84917c83b..910114175 100644 --- a/tools/virt-host-validate.pod +++ b/tools/virt-host-validate.pod @@ -12,8 +12,8 @@ This tool validates that the host is configured in a suitable way to run libvirt hypervisor drivers. If invoked without any arguments it will check support for all hypervisor drivers it is aware of. Optionally it can be given a particular hypervisor -type ('qemu' or 'lxc') to restrict the checks to those relevant -for that virtualization technology +type ('qemu', 'lxc' or 'bhyve') to restrict the checks +to those relevant for that virtualization technology =head1 OPTIONS -- 2.11.0

2 2

[libvirt] [REPOST PATCHv2 0/6] Converge Storage Pool vHBA logic with Node Device
by John Ferlan 10 Mar '17

10 Mar '17

Repost to merge in recent changes (thru commit id 'dec6d9df') v1: http://www.redhat.com/archives/libvir-list/2017-February/msg00963.html Changes since v1: NB: Former Patch 1 - was pushed Patch 1 - Was the old patch 2... Similar for rest of series... Altered to match the adjusted testNodeDeviceMockCreateVport from commit 2a862092 Patch 2 - reworked the code to not place the new module in src/util, but rather in src/conf as storage_adapter_conf.{c,h}. The concepts didn't change - only the name/location. Removed the changes for util/virvirscsi.c since virSCSIHostGetNameByParentaddr wouldn't be allowed to use virStorageAdapterSCSIHostPtr since it's a conf definition. Patch 3 - Unchanged, ACK'd in v1 Patch 4 - Unchanged, ACK'd in v1 Patch 5 - Unchanged... Even though there is concern over usage of API's in this manner (e.g. calling virNodeDeviceLookupSCSIHostByWWN as well as virNodeDeviceCreateXML) - the "purpose" of the exercise is a means to have the StoragePool code use the same algorithms as the node device code instead of what could be a potentially long slow journey through the sysfs file system. The key piece being the replication of the API's that find the parent in the node device object list. I suppose it would be possible to add even more API's to get that answer, but I'm not sure it'd be worthwhile at this point. As for the concern about deadlock - I understand it, but since the whole purpose of the API is to essentially utilize the nodedev create algorithm there'd be no reason for nodedev to call it. If it doesn't get ACK'd - that's OK - I can hold onto it and reconsider some other means at some point in time in the future (probably distant future too). Patch 6 - Unchanged The former patch 8 is dropped for now - needs some more "discussion" as to viability and/or need. John Ferlan (6): tests: Add createVHBAByStoragePool-by-parent to fchosttest conf: Convert virStoragePoolSourceAdapter to virStorageAdapter util: Rename virFileWaitForDevices conf: Move/rename createVport and deleteVport util: Alter virNodeDevice{Create|Delete}Vport to use nodedev APIs tests: Add more storage pool vHBA tests po/POTFILES.in | 1 + src/Makefile.am | 1 + src/conf/node_device_conf.c | 332 +++++++++++++++++++++++++++++++++ src/conf/node_device_conf.h | 9 + src/conf/storage_adapter_conf.c | 291 +++++++++++++++++++++++++++++ src/conf/storage_adapter_conf.h | 89 +++++++++ src/conf/storage_conf.c | 333 ++++++++-------------------------- src/conf/storage_conf.h | 35 +--- src/libvirt_private.syms | 20 +- src/node_device/node_device_driver.c | 2 +- src/phyp/phyp_driver.c | 3 +- src/storage/storage_backend_disk.c | 6 +- src/storage/storage_backend_iscsi.c | 2 +- src/storage/storage_backend_logical.c | 4 +- src/storage/storage_backend_mpath.c | 2 +- src/storage/storage_backend_scsi.c | 267 +++++---------------------- src/storage/storage_util.c | 2 +- src/test/test_driver.c | 99 +++++++++- src/util/virfile.h | 2 - src/util/virutil.c | 4 +- src/util/virutil.h | 2 + tests/fchosttest.c | 111 ++++++++++++ 22 files changed, 1087 insertions(+), 530 deletions(-) create mode 100644 src/conf/storage_adapter_conf.c create mode 100644 src/conf/storage_adapter_conf.h -- 2.9.3

2 9

[libvirt] [PATCH for-2.9 v3 0/3] Use non-blacklisted family/model/stepping for Haswell CPU model
by Eduardo Habkost 10 Mar '17

10 Mar '17

I plan to merge this bug fix into 2.9. Changes v2 -> v3: * Rebase to latest master * Don't touch max_x86_cpu_initfn() to reduce risk post hard freeze Changes v1 -> v2: * Coding style fixes * Make series simpler: * Don't use trick: char vendor[static (CPUID_VENDOR_SZ + 1)] because it confuses checkpatch.pl * Removed patch "Add explicit array size to x86_cpu_vendor_words2str()" * Rebased on top of my x86-next branch: https://github.com/ehabkost/qemu x86-next Git branch for testing: https://github.com/ehabkost/qemu-hacks work/x86-rtm-blacklist Diff from v1: diff --git a/target/i386/cpu.h b/target/i386/cpu.h index cd94726e43..647435a1d9 100644 --- a/target/i386/cpu.h +++ b/target/i386/cpu.h @@ -1431,7 +1431,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count, void cpu_clear_apic_feature(CPUX86State *env); void host_cpuid(uint32_t function, uint32_t count, uint32_t *eax, uint32_t *ebx, uint32_t *ecx, uint32_t *edx); -void host_vendor_fms(char vendor[static (CPUID_VENDOR_SZ + 1)], int *family, int *model, int *stepping); +void host_vendor_fms(char *vendor, int *family, int *model, int *stepping); /* helper.c */ int x86_cpu_handle_mmu_fault(CPUState *cpu, vaddr addr, diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 25c6c5e115..eab1ad7935 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -682,7 +682,7 @@ void host_cpuid(uint32_t function, uint32_t count, *edx = vec[3]; } -void host_vendor_fms(char vendor[static (CPUID_VENDOR_SZ + 1)], int *family, int *model, int *stepping) +void host_vendor_fms(char *vendor, int *family, int *model, int *stepping) { uint32_t eax, ebx, ecx, edx; @@ -1570,7 +1570,8 @@ static void host_x86_cpu_class_init(ObjectClass *oc, void *data) xcc->kvm_required = true; xcc->ordering = 9; - host_vendor_fms(host_cpudef.vendor, &host_cpudef.family, &host_cpudef.model, &host_cpudef.stepping); + host_vendor_fms(host_cpudef.vendor, &host_cpudef.family, + &host_cpudef.model, &host_cpudef.stepping); cpu_x86_fill_model_id(host_cpudef.model_id); --- A recent glibc commit[1] added a blacklist to ensure it won't use TSX on hosts that are known to have a broken TSX implementation. Our existing Haswell CPU model has a blacklisted family/model/stepping combination, so it has to be updated to make sure guests will really use TSX. This is done by patch 5/5. However, to do this safely we need to ensure the host CPU is not a blacklisted one, so we won't mislead guests by exposing known-to-be-good FMS values on a known-to-be-broken host. This is done by patch 3/5. [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=2702856bf45c82cf8e69f206… --- Cc: dgilbert(a)redhat.com Cc: fweimer(a)redhat.com Cc: carlos(a)redhat.com Cc: triegel(a)redhat.com Cc: berrange(a)redhat.com Cc: jdenemar(a)redhat.com Cc: pbonzini(a)redhat.com Eduardo Habkost (3): i386: host_vendor_fms() helper function i386/kvm: Blacklist TSX on known broken hosts i386: Change stepping of Haswell to non-blacklisted value include/hw/i386/pc.h | 5 +++++ target/i386/cpu.h | 1 + target/i386/cpu.c | 21 ++++++++++++++++++++- target/i386/kvm.c | 17 +++++++++++++++++ 4 files changed, 43 insertions(+), 1 deletion(-) -- 2.11.0.259.g40922b1

1 4