May 2019 - Devel - libvirt List Archives

[libvirt] [PATCH] virt-aa-helper: clean old reference to libvirt-sandbox
by Christian Ehrhardt 16 May '19

16 May '19

It came up that libvirt-sandbox is a failed (and removed) experiment. Let us clean up and remove it from the virt-aa-helper source as well. Signed-off-by: Christian Ehrhardt <christian.ehrhardt(a)canonical.com> --- src/security/virt-aa-helper.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index ad9a7dda94..fea4da80dc 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -511,8 +511,7 @@ valid_path(const char *path, const bool readonly) /* override the above with these */ const char * const override[] = { "/sys/devices/pci", /* for hostdev pci devices */ - "/sys/kernel/config/target/vhost", /* for hostdev vhost_scsi devices */ - "/etc/libvirt-sandbox/services/" /* for virt-sandbox service config */ + "/sys/kernel/config/target/vhost" /* for hostdev vhost_scsi devices */ }; const int nropaths = ARRAY_CARDINALITY(restricted); -- 2.21.0

2 2

[libvirt] [PATCH v2] test_driver: implement virDomainGetDiskErrors
by Ilias Stamatis 16 May '19

16 May '19

Return the number of disks present in the configuration of the test domain when called with @errors as NULL and @maxerrors as 0. Otherwise report an error for every second disk, assigning available error codes in a cyclic order. Signed-off-by: Ilias Stamatis <stamatis.iliass(a)gmail.com> --- src/test/test_driver.c | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/src/test/test_driver.c b/src/test/test_driver.c index a06d1fc402..527c2f5d3b 100644 --- a/src/test/test_driver.c +++ b/src/test/test_driver.c @@ -3046,6 +3046,47 @@ static int testDomainSetAutostart(virDomainPtr domain, return 0; } +static int testDomainGetDiskErrors(virDomainPtr dom, + virDomainDiskErrorPtr errors, + unsigned int maxerrors, + unsigned int flags) +{ + virDomainObjPtr vm = NULL; + int ret = -1; + size_t i; + int n = 0; + int codes[] = {VIR_DOMAIN_DISK_ERROR_UNSPEC, VIR_DOMAIN_DISK_ERROR_NO_SPACE}; + size_t ncodes = sizeof(codes) / sizeof(codes[0]); + + virCheckFlags(0, -1); + + if (!(vm = testDomObjFromDomain(dom))) + goto cleanup; + + if (virDomainObjCheckActive(vm) < 0) + goto cleanup; + + if (!errors) { + ret = vm->def->ndisks; + } else { + for (i = 1; i < vm->def->ndisks && n < maxerrors; i += 2) { + if (VIR_STRDUP(errors[n].disk, vm->def->disks[i]->dst) < 0) + goto cleanup; + errors[n].error = codes[n % ncodes]; + n++; + } + ret = n; + } + + cleanup: + virDomainObjEndAPI(&vm); + if (ret < 0) { + for (i = 0; i < n; i++) + VIR_FREE(errors[i].disk); + } + return ret; +} + static char *testDomainGetSchedulerType(virDomainPtr domain ATTRIBUTE_UNUSED, int *nparams) { @@ -6832,6 +6873,7 @@ static virHypervisorDriver testHypervisorDriver = { .domainUndefineFlags = testDomainUndefineFlags, /* 0.9.4 */ .domainGetAutostart = testDomainGetAutostart, /* 0.3.2 */ .domainSetAutostart = testDomainSetAutostart, /* 0.3.2 */ + .domainGetDiskErrors = testDomainGetDiskErrors, /* 5.4.0 */ .domainGetSchedulerType = testDomainGetSchedulerType, /* 0.3.2 */ .domainGetSchedulerParameters = testDomainGetSchedulerParameters, /* 0.3.2 */ .domainGetSchedulerParametersFlags = testDomainGetSchedulerParametersFlags, /* 0.9.2 */ -- 2.21.0

4 11

[libvirt] [PATCH] virt-aa-helper: allow sysfs path used for vhost-scsi
by Christian Ehrhardt 16 May '19

16 May '19

When a vhost scsi device is hotplugged virt-aa-helper is called to add the respective path. For example the config: <hostdev mode='subsystem' type='scsi_host' managed='no'> <source protocol='vhost' wwpn='naa.50014059de6fba4f'/> </hostdev> Will call it to add: /sys/kernel/config/target/vhost//naa.50014059de6fba4f But in general /sys paths are filtered in virt-aa-helper.c:valid_path To allow the path used for vhost-scsi we need to add it to the list of known and accepted overrides. Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1829223 Signed-off-by: Christian Ehrhardt <christian.ehrhardt(a)canonical.com> --- src/security/virt-aa-helper.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index d0fe86cefc..ad9a7dda94 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -510,8 +510,9 @@ valid_path(const char *path, const bool readonly) }; /* override the above with these */ const char * const override[] = { - "/sys/devices/pci", /* for hostdev pci devices */ - "/etc/libvirt-sandbox/services/" /* for virt-sandbox service config */ + "/sys/devices/pci", /* for hostdev pci devices */ + "/sys/kernel/config/target/vhost", /* for hostdev vhost_scsi devices */ + "/etc/libvirt-sandbox/services/" /* for virt-sandbox service config */ }; const int nropaths = ARRAY_CARDINALITY(restricted); -- 2.21.0

2 2

[libvirt] [PATCH] qemu: Do not override config XML in case of snapshot revert
by Maxiwell S. Garcia 15 May '19

15 May '19

Snapshot create operation saves the live XML and uses it to replace the domain definition in case of revert. But the VM config XML is not saved and the revert operation does not address this issue. This commit prevents the config XML from being overridden by snapshot definition. An active domain stores both current and new definitions. The current definition (vm->def) stores the live XML and the new definition (vm->newDef) stores the config XML. In an inactive domain, only the config XML is persistent, and it's saved in vm->def. The revert operation uses the virDomainObjAssignDef() to set the snapshot definition in vm->newDef, if domain is active, or in vm->def otherwise. But before that, it saves the old value to return to caller. This return is used here to restore the config XML after all snapshot startup process finish. Signed-off-by: Maxiwell S. Garcia <maxiwell(a)linux.ibm.com> --- src/qemu/qemu_driver.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index b2ac737d1f..a73122454a 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -16251,6 +16251,7 @@ qemuDomainRevertToSnapshot(virDomainSnapshotPtr snapshot, qemuDomainObjPrivatePtr priv; int rc; virDomainDefPtr config = NULL; + virDomainDefPtr inactiveConfig = NULL; virQEMUDriverConfigPtr cfg = NULL; virCapsPtr caps = NULL; bool was_stopped = false; @@ -16465,7 +16466,7 @@ qemuDomainRevertToSnapshot(virDomainSnapshotPtr snapshot, goto endjob; } if (config) { - virDomainObjAssignDef(vm, config, false, NULL); + virDomainObjAssignDef(vm, config, false, &inactiveConfig); virCPUDefFree(priv->origCPU); VIR_STEAL_PTR(priv->origCPU, origCPU); } @@ -16474,7 +16475,7 @@ qemuDomainRevertToSnapshot(virDomainSnapshotPtr snapshot, load: was_stopped = true; if (config) - virDomainObjAssignDef(vm, config, false, NULL); + virDomainObjAssignDef(vm, config, false, &inactiveConfig); /* No cookie means libvirt which saved the domain was too old to * mess up the CPU definitions. @@ -16533,6 +16534,9 @@ qemuDomainRevertToSnapshot(virDomainSnapshotPtr snapshot, detail); } } + if (inactiveConfig) + VIR_STEAL_PTR(vm->newDef, inactiveConfig); + break; case VIR_DOMAIN_SNAPSHOT_SHUTDOWN: @@ -16560,8 +16564,11 @@ qemuDomainRevertToSnapshot(virDomainSnapshotPtr snapshot, qemuProcessEndJob(driver, vm); goto cleanup; } - if (config) - virDomainObjAssignDef(vm, config, false, NULL); + if (config) { + virDomainObjAssignDef(vm, config, false, &inactiveConfig); + if (inactiveConfig) + VIR_STEAL_PTR(vm->newDef, inactiveConfig); + } if (flags & (VIR_DOMAIN_SNAPSHOT_REVERT_RUNNING | VIR_DOMAIN_SNAPSHOT_REVERT_PAUSED)) { -- 2.20.1

4 9

[libvirt] [PATCH 0/2] introduction of version attribute for VFIO live migration
by Yan Zhao 15 May '19

15 May '19

This patchset introduces a version attribute under sysfs of VFIO Mediated devices. This version attribute is used by user space software like libvirt to determine whether two mdev devices are compatible for live migration before starting live migration. Patch 1 defines version attribute as mandatory for VFIO live migration. It means if version attribute is missing or it returns errno, the corresponding mdev device is regarded as not supporting live migration. samples for vfio-mdev are modified to demonstrate it. Patch 2 uses GVT as an example to show how to expose version attribute and check device compatibility in vendor driver. Yan Zhao (2): vfio/mdev: add version field as mandatory attribute for mdev device drm/i915/gvt: export mdev device version to sysfs for Intel vGPU Documentation/vfio-mediated-device.txt | 36 +++++++++ drivers/gpu/drm/i915/gvt/Makefile | 2 +- drivers/gpu/drm/i915/gvt/device_version.c | 94 +++++++++++++++++++++++ drivers/gpu/drm/i915/gvt/gvt.c | 55 +++++++++++++ drivers/gpu/drm/i915/gvt/gvt.h | 6 ++ samples/vfio-mdev/mbochs.c | 17 ++++ samples/vfio-mdev/mdpy.c | 16 ++++ samples/vfio-mdev/mtty.c | 16 ++++ 8 files changed, 241 insertions(+), 1 deletion(-) create mode 100644 drivers/gpu/drm/i915/gvt/device_version.c -- 2.17.1

8 33

[libvirt] [PATCH 0/2] Avoid issues due to qemu dropping osxsave and ospke
by Christian Ehrhardt 15 May '19

15 May '19

Hi, this series tries to address a drop of commandline options by qemu in regard to osxsave [1] and ospke [2]. This was already discussed in [3] late last year but got forgotten afterwards. The Ubuntu bug is at [4] and an older Fedora bug is at [5]. TL;DR: - osxsave/ospke features were never really configurable - KVM never returned the bits on GET_SUPPORTED_CPUID - very rare to be seen in the wild - avoid issues with newer qemu and old/odd XMLs to be sure Details: I checked various use cases from virt-install to openstack and some in between. The only cases I found that would define osxsave/ospke is virt-install pior to version 2.0 and even there only when used with --cpu=host-model or --cpu=host-copy. If you ever really enabled the feature you'd have got: error: the CPU is incompatible with host CPU: Host CPU does not provide required features: ospke The problem lies in domain XMLs that explicitly disable it. That would be <feature policy='disable' name='osxsave'/> But due to almost (or actually none) no host exposing this the following also triggers: <feature policy='optional' name='ospke'/> This will make libvirt add it to the qemu commandline like: -cpu ...,osxsave=off,ospke=off And that will crash when qemu starts with: error: internal error: process exited while connecting to monitor: 2019-04-25T12:12:01.698646Z qemu-system-x86_64: can't apply global core2duo-x86_64-cpu.osxsave=off: Property '.osxsave' not found There are much more long term discussions about demoting and dropping qemu features and I'd like to avoid those discussions being mixed. The reason to drop it more or less without notice was that it never did anything to begin with. Due to that our solution might in a similar fashion be more trivial - just stop defining those two features to qemu commandline. [1]: https://git.qemu.org/?p=qemu.git;a=commit;h=f1a23522b03a569f13aad49294bb4c4… [2]: https://git.qemu.org/?p=qemu.git;a=commit;h=9ccb9784b57804f5c74434ad6ccb666… [3]: https://www.mail-archive.com/qemu-devel@nongnu.org/msg561877.html [4]: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1825195 [5]: https://bugzilla.redhat.com/show_bug.cgi?id=1644848 Christian Ehrhardt (2): qemu: do not define known no-op features qemuxml2argvtest: add test for remove cpu features src/qemu/qemu_command.c | 23 +++++++++++++++ .../qemuxml2argvdata/cpu-host-model-cmt.args | 2 +- .../cpu-no-removed-features.args | 29 +++++++++++++++++++ .../cpu-no-removed-features.xml | 23 +++++++++++++++ tests/qemuxml2argvdata/cpu-tsc-frequency.args | 4 +-- tests/qemuxml2argvtest.c | 1 + 6 files changed, 79 insertions(+), 3 deletions(-) create mode 100644 tests/qemuxml2argvdata/cpu-no-removed-features.args create mode 100644 tests/qemuxml2argvdata/cpu-no-removed-features.xml -- 2.17.1

2 11

[libvirt] [PATCH 0/2] Mitigation for Microarchitectural Data Sampling CPU flaws
by Jiri Denemark 14 May '19

14 May '19

This series introduces the libvirt side of mitigations for Microarchitectural Data Sampling microprocessor flaws (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091) which were published earlier today. To protect your system against possible attacks exploiting these flaws updates to the CPU microcode, Linux kernel, and virtualization stack (QEMU, libvirt, and higher management apps) are required. See https://access.redhat.com/security/vulnerabilities/mds for more details and additional links. Both patches have already been pushed. Jiri Denemark (2): cputest: Add data for Intel(R) Xeon(R) CPU E3-1225 v5 cpu_map: Define md-clear CPUID bit src/cpu_map/x86_features.xml | 3 + tests/cputest.c | 1 + .../x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml | 7 + .../x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml | 8 + .../x86_64-cpuid-Xeon-E3-1225-v5-guest.xml | 29 + .../x86_64-cpuid-Xeon-E3-1225-v5-host.xml | 30 + .../x86_64-cpuid-Xeon-E3-1225-v5-json.xml | 12 + .../x86_64-cpuid-Xeon-E3-1225-v5.json | 652 ++++++++++++++++++ .../x86_64-cpuid-Xeon-E3-1225-v5.sig | 4 + .../x86_64-cpuid-Xeon-E3-1225-v5.xml | 47 ++ .../x86_64-cpuid-Xeon-Platinum-8268-guest.xml | 1 + .../x86_64-cpuid-Xeon-Platinum-8268-host.xml | 1 + 12 files changed, 795 insertions(+) create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml -- 2.21.0

2 3

[libvirt] [PATCH] qemuDomainSnapshotCreateXML: Don't leak parsed snapshot definition
by Michal Privoznik 14 May '19

14 May '19

This function gets snapshot XML (provided by used) as an argument. It parses it into a local variable @def and then sets some more members (e.g. it creates a copy of live domain XML). Then it proceeds to checking if snapshot XML is valid (e.g. it contains as many disks as currently in the domain). If this fails then the control jumps to endjob label and subsequently return from the function. This is where AUTOFREE function for @def is ran. Well, because the code says to run plain VIR_FREE() we leak some memory because @def is actually an object and therefore it should have been declared as AUTOUNREF. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- src/qemu/qemu_driver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index f01282a037..0a425b82e5 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -15563,7 +15563,7 @@ qemuDomainSnapshotCreateXML(virDomainPtr domain, virCapsPtr caps = NULL; qemuDomainObjPrivatePtr priv; virDomainSnapshotState state; - VIR_AUTOFREE(virDomainSnapshotDefPtr) def = NULL; + VIR_AUTOUNREF(virDomainSnapshotDefPtr) def = NULL; virCheckFlags(VIR_DOMAIN_SNAPSHOT_CREATE_REDEFINE | VIR_DOMAIN_SNAPSHOT_CREATE_CURRENT | -- 2.21.0

3 2

[libvirt] [PATCH 0/4] Couple of allocation fixes
by Michal Privoznik 14 May '19

14 May '19

These stem from me playing with OOM testing. I've discovered more bugs, but they're mostly in tests themselves, e.g. use without check. Michal Prívozník (4): virstorageobj: Don't clear vols if they weren't initialized virNetServerPreExecRestart: Check for retval of virJSONValueNewArray() virCommand: Make virCommandPassFDGetFDIndex fail if passed command is in error state storagepoolxml2argvtest: Avoid double free src/conf/virstorageobj.c | 6 ++++-- src/rpc/virnetserver.c | 8 ++++++-- src/util/vircommand.c | 3 +++ tests/storagepoolxml2argvtest.c | 1 - 4 files changed, 13 insertions(+), 5 deletions(-) -- 2.21.0

3 9

[libvirt] [PATCH 0/2] node device cleanup
by Pavel Hrdina 13 May '19

13 May '19

Pavel Hrdina (2): node_device_udev: remove deprecated logging function src: remove HAL node device driver configure.ac | 3 +- docs/drvnodedev.html.in | 3 +- docs/hvsupport.pl | 2 +- libvirt.spec.in | 1 - m4/virt-hal.m4 | 10 +- m4/virt-udev.m4 | 5 - po/POTFILES | 1 - src/node_device/Makefile.inc.am | 12 - src/node_device/node_device_driver.c | 10 +- src/node_device/node_device_driver.h | 5 - src/node_device/node_device_hal.c | 804 --------------------------- src/node_device/node_device_hal.h | 22 - src/node_device/node_device_udev.c | 41 -- 13 files changed, 9 insertions(+), 910 deletions(-) delete mode 100644 src/node_device/node_device_hal.c delete mode 100644 src/node_device/node_device_hal.h -- 2.21.0

3 4