October 2019 - Devel - libvirt List Archives

[libvirt] [PATCH v2 0/3] unplug timeout changes for PPC64
by Daniel Henrique Barboza 15 Oct '19

15 Oct '19

This is a redesign of the previous patch series [1]. After the reviews of the first version, I ended up discarding the idea of a qemu user configuration for the unplug timeout value. Instead, this patch series now handles the problematic case of PPC64 guests with an exclusive PPC64 only timeout value of 10 seconds. Patch 3 now changes how the 'unplug timeout' message is reported, using VIR_ERR_OPERATION_TIMEOUT instead of VIR_ERR_OPERATION_FAILED and making it clearer that the timeout does not equal to unplug failed. [1] https://www.redhat.com/archives/libvir-list/2019-August/msg00698.html Daniel Henrique Barboza (3): qemu: use a bigger unplug timeout for PPC64 guests qemu: Remove qemu_hotplugpriv.h and qemuDomainRemoveDeviceWaitTime qemu_hotplug: make setvcpus timeout error message user-friendlier src/qemu/Makefile.inc.am | 1 - src/qemu/qemu_conf.h | 3 +++ src/qemu/qemu_driver.c | 11 +++++++++++ src/qemu/qemu_hotplug.c | 21 +++++++++------------ src/qemu/qemu_hotplugpriv.h | 32 -------------------------------- tests/qemuhotplugtest.c | 3 +-- 6 files changed, 24 insertions(+), 47 deletions(-) delete mode 100644 src/qemu/qemu_hotplugpriv.h -- 2.21.0

2 7

[libvirt] libvirt doc - missing entry in input devices section
by Ruth Netser 13 Oct '19

13 Oct '19

The option <input type='tablet' bus='usb'/> is missing from code box under https://libvirt.org/formatdomain.html#elementsInput section. (Exists for the other devices). -- Ruty Netser

2 2

Re: [libvirt] [PATCH v2 1/1] IDE: deprecate ide-drive
by Peter Krempa 12 Oct '19

12 Oct '19

On Thu, Oct 10, 2019 at 13:22:37 +0200, Philippe Mathieu-Daudé wrote: > On 10/10/19 12:43 AM, John Snow wrote: > > It's an old compatibility shim that just delegates to ide-cd or ide-hd. > > I'd like to refactor these some day, and getting rid of the super-object > > will make that easier. > > > > Either way, we don't need this. > > > > Libvirt-checked-by: Peter Krempa <pkrempa(a)redhat.com> > > Peter made a comment regarding Laszlo's Regression-tested-by tag: > > [...] nobody else is using > this convention (there are exactly 0 instances of > "Regression-tested-by" in the project git log as far as > I can see), and so in practice people reading the commits > won't really know what you meant by it. Everybody else > on the project uses "Tested-by" to mean either of the > two cases you describe above, without distinction... > > It probably applies to 'Libvirt-checked-by' too. I certainly didn't test it. So feel free to drop that line altogether.

3 5

Re: [libvirt] [PATCH 0/4] PCI multifunction partial assignment support
by Abdulla Bubshait 12 Oct '19

12 Oct '19

On Mon, 7 Oct 2019 18:11:32 -0300 Daniel Henrique Barboza <danielhb413 gmail com> wrote: > These series tries to solve the partial assignment of multifunction > hostdev PCI devices by introducing a new hostdev attribute called > 'assigned'. This is how it works: > > - it is a boolean value that will be efffective just for > multifunction hostdev PCI devices, since there's no other > occurrence for this kind of use in Libvirt. Trying to > declare assign='yes|no' in any other PCI hostdev device > will cause parse errors; I think this functionality should be available to all hostdev PCI devices and not just multifunction ones. You might have several devices that are part of the same IOMMU group that you don't mind giving up from the host, but don't want to supply all of them to the guest. This would be an alternative to using ACS patch in these situations. One example is having two nvme drives in a single IOMMU group, you will be able to pass a single one to the guest rather than being forced to pass both.

2 1

[libvirt] [PATCH v5 0/1] add test for driver.c:virConnectValidateURIPath()
by Daniel Henrique Barboza 12 Oct '19

12 Oct '19

changes from v4: - other patches got merged, this is the last survivor - enhanced the code by attending to all suggestions from Cole Robinson v4: https://www.redhat.com/archives/libvir-list/2019-September/msg01164.html Daniel Henrique Barboza (1): tests: add a test for driver.c:virConnectValidateURIPath() tests/Makefile.am | 7 ++- tests/virdriverconnvalidatetest.c | 90 +++++++++++++++++++++++++++++++ 2 files changed, 96 insertions(+), 1 deletion(-) create mode 100644 tests/virdriverconnvalidatetest.c -- 2.21.0

2 2

[libvirt] [PATCH 0/3] security: Don't remember labels for TPM
by Michal Privoznik 12 Oct '19

12 Oct '19

As it turns out, /dev/tpm0 can't be opened more than once. This doesn't fit into our seclabel remembering approach and thus disable it for TPM devices. There's also another type of files which can't be opened more than once - /dev/vfio/N. Usually, this won't be a problem unless users try to attach/detach some devices from the same IOMMU group. This will require more treatment though because it's broken on more levels. 1) we remove /dev/vfio/N in private devtmpfs on device detach, even though there is another device still attached to domain from the same IOMMU group, 2) we remove the IOMMU group from CGroups, i.e. we effectively deny access to qemu 3) we restore seclabels (regardless of seclabel remembering) Therefore, I'm only addressing TPM issue here and will continue work on hostdevs. Michal Prívozník (3): security: Try to lock only paths with remember == true security_dac: Allow selective remember/recall for chardevs security: Don't remember labels for TPM src/security/security_dac.c | 91 ++++++++++++++++++++++----------- src/security/security_selinux.c | 16 +++--- 2 files changed, 71 insertions(+), 36 deletions(-) -- 2.21.0

2 7

[libvirt] [PATCH] security: apparmor: Allow RO /usr/share/edk2/
by Cole Robinson 11 Oct '19

11 Oct '19

On Fedora, already whitelisted paths to AAVMF and OVMF binaries are symlinks to binaries under /usr/share/edk2/. Add that directory to the RO whitelist so virt-aa-helper-test passes Signed-off-by: Cole Robinson <crobinso(a)redhat.com> --- I don't know if anyone is actually using apparmor on Fedora, but I have the libs installed now for testing. I think the better thing to do would be to adjust virt-aa-helper-test to not touch host state src/security/virt-aa-helper.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index d9f6b5638b..509187ac36 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -505,6 +505,7 @@ valid_path(const char *path, const bool readonly) "/vmlinuz", "/initrd", "/initrd.img", + "/usr/share/edk2/", "/usr/share/OVMF/", /* for OVMF images */ "/usr/share/ovmf/", /* for OVMF images */ "/usr/share/AAVMF/", /* for AAVMF images */ -- 2.23.0

2 1

[libvirt] [PATCH 0/2] tests: Add capabilities for QEMU 4.2.0 on ppc64 and aarch64
by Andrea Bolognani 11 Oct '19

11 Oct '19

This will be useful to test Jirka's changes to how we handle default CPU models on more architectures. The version posted to the list is heavily snipped, but you can grab the full one with $ git fetch https://gitlab.com/abologna/libvirt caps-4.2.0 Andrea Bolognani (2): tests: Add capabilitie for QEMU 4.2.0 on ppc64 tests: Add capabilitie for QEMU 4.2.0 on aarch64 .../caps_4.2.0.aarch64.replies | 20684 +++++++++++++ .../caps_4.2.0.aarch64.xml | 321 + .../caps_4.2.0.ppc64.replies | 24406 ++++++++++++++++ .../qemucapabilitiesdata/caps_4.2.0.ppc64.xml | 1087 + 4 files changed, 46498 insertions(+) create mode 100644 tests/qemucapabilitiesdata/caps_4.2.0.aarch64.replies create mode 100644 tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml create mode 100644 tests/qemucapabilitiesdata/caps_4.2.0.ppc64.replies create mode 100644 tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml -- 2.21.0

3 6

[libvirt] [jenkins-ci PATCH] lcitool: Force LANG=en_US.UTF-8 for the containers
by Fabiano Fidêncio 11 Oct '19

11 Oct '19

As we cannot and should not rely on how the containers were generated, let's force the container LANG to be en_US.UTF-8 otherwise some containers (Debian 9, Ubuntu 16, and Ubuntu 18) would simply bail when dealing with environment variables inherited from Gitlab CI which contains non-POSIX characteres, such as "Fidêncio". Unfortunately, there's no standard way to do this accross different distros, leaving us with this "happy little accident" of setting up LANG in the way it's done right now. Signed-off-by: Fabiano Fidêncio <fidencio(a)redhat.com> --- guests/lcitool | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/guests/lcitool b/guests/lcitool index 49bb50b..a630971 100755 --- a/guests/lcitool +++ b/guests/lcitool @@ -735,6 +735,10 @@ class Application: RUN pip3 install {pip_pkgs} """).format(**varmap)) + sys.stdout.write(textwrap.dedent(""" + ENV LANG "en_US.UTF-8" + """).format(**varmap)) + if args.cross_arch: sys.stdout.write(textwrap.dedent(""" ENV ABI "{cross_abi}" -- 2.23.0

3 3

[libvirt] Fwd: Libvirt-QEMU : Multiplex the output from qemu's serial port to a pty as well as a file (basically redirect console to file as well as pty device)
by gokul cg 11 Oct '19

11 Oct '19

+dev Hi Folks , As per https://libvirt.org/formatdomain.html#elementsConsole Regardless of the type, character devices can have an optional log file associated with them. Whether the lgging functionality is same as mapping device to file ? Whether libvirt xml syntax below both 1 and 2 are same ? 1) <serial type='pty'> <log file='/var/lib/nova/instances/7151c8b7-1ea5-4701-bb79-b482d9e253b8/console.log' append='off'/> <target port='0'/> </serial> 2) <serial type='pty'> <source path='/tmp/serial.log'/> <target port='0'/> </serial> is it possible to multiplex the output from qemu's serial port to a pty as well as a file (basically redirect console to file as well as pty device)? Regards Gokul

1 1