July 2019 - Devel - libvirt List Archives

[libvirt] [PATCH 0/4] Blind rbd driver fixes
by Ján Tomko 12 Jul '19

12 Jul '19

Sadly I haven't had the time to get a working RBD setup but I believe these patches should fix some recently introduced bugs https://bugzilla.redhat.com/show_bug.cgi?id=1724065 https://bugzilla.redhat.com/show_bug.cgi?id=1729292 If you can test them, please do. Ján Tomko (4): storage: rbd: use VIR_REALLOC in the loop storage: rbd: actually index the array when iterating over it Revert "conf: Remove volOptions for VIR_STORAGE_POOL_RBD" docs: RBD pool only supports raw volumes docs/storage.html.in | 2 +- src/conf/storage_conf.c | 5 +++++ src/storage/storage_backend_rbd.c | 4 ++-- tests/storagepoolcapsschemadata/poolcaps-fs.xml | 5 +++++ tests/storagepoolcapsschemadata/poolcaps-full.xml | 5 +++++ 5 files changed, 18 insertions(+), 3 deletions(-) -- 2.20.1

2 8

[libvirt] [PATCH 0/3] virnetworkobj: Couple of small fixes and improvements
by Michal Privoznik 12 Jul '19

12 Jul '19

Almost trivial, not pushed though. Michal Prívozník (3): virnetworkobj: Free retval of virNetworkObjGetPortStatusDir() virnetworkobj: Drop needless cleanup label in virNetworkObjAddPort virnetworkobj: Drop needless cleanup label in virNetworkObjDeletePort src/conf/virnetworkobj.c | 37 ++++++++++++++----------------------- 1 file changed, 14 insertions(+), 23 deletions(-) -- 2.21.0

2 4

[libvirt] Problem configuring selective dropping of root
by Stephan von Krawczynski 12 Jul '19

12 Jul '19

Hello list, I came across a fundamental flaw in the libvirt user configuration lately and try to find a solution now. Here is the problem: I run several qemu instances on arch linux all configured via libvirt. The default config as user nobody:kvm was fine up to the day I tried to use a host filesystem via 9p. If you want to gain all user rights on the guest inside that fs you have to run qemu as root. So far so good. But if you have several qemus running and only one needs to be root, what to do? You can try to give a -runas by using <qemu:args>. But that does not work, qemu instantly crashes. I think this is because to have _one_ root qemu, you have to configure libvirt to use root user. This means all rights to fs and so on are set to root and this is what lets qemu probably go crazy if dropping root by -runas. The whole thing would be a lot easier and more transparent if the user in libvirt wouldn't be a global config, but instead be part of the domain xml. This way every qemu started could use a different user and have different rights. In my case all but one could be nobody:kvm, and one root:root. This should not be to complicated based on whats already there, is it? -- Regards, Stephan

6 17

[libvirt] [PATCH 0/4] qemu: blockdev-related cleanups and refactors (blockdev-add saga)
by Peter Krempa 12 Jul '19

12 Jul '19

Peter Krempa (4): qemu: blockjob: Don't reset state when entering sync blockjob qemu: blockjob: Don't emit traditional disk events for jobs without disk qemu: Refactor variables for extracting flags in qemuDomainBlockCopyCommon qemu: block: Split up qemuBlockStorageSourceAttachApply src/qemu/qemu_block.c | 86 +++++++++++++++++++++++++++++----------- src/qemu/qemu_blockjob.c | 5 ++- src/qemu/qemu_driver.c | 20 +++++----- 3 files changed, 77 insertions(+), 34 deletions(-) -- 2.21.0

2 6

[libvirt] [jenkins-ci PATCH] guests: Always install the freshest point release
by Andrea Bolognani 12 Jul '19

12 Jul '19

Sometimes the original URL might even stop working, as is the case for Ubuntu 16.04 this very moment. We want the lastest point release anyway. Signed-off-by: Andrea Bolognani <abologna(a)redhat.com> --- guests/host_vars/libvirt-debian-10/install.yml | 2 +- guests/host_vars/libvirt-debian-9/install.yml | 2 +- guests/host_vars/libvirt-ubuntu-16/install.yml | 2 +- guests/host_vars/libvirt-ubuntu-18/install.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/guests/host_vars/libvirt-debian-10/install.yml b/guests/host_vars/libvirt-debian-10/install.yml index 0a30571..d6452b6 100644 --- a/guests/host_vars/libvirt-debian-10/install.yml +++ b/guests/host_vars/libvirt-debian-10/install.yml @@ -1,2 +1,2 @@ --- -install_url: http://deb.debian.org/debian/dists/buster/main/installer-amd64/ +install_url: http://deb.debian.org/debian/dists/buster-updates/main/installer-amd64/ diff --git a/guests/host_vars/libvirt-debian-9/install.yml b/guests/host_vars/libvirt-debian-9/install.yml index 7641753..a8c5d25 100644 --- a/guests/host_vars/libvirt-debian-9/install.yml +++ b/guests/host_vars/libvirt-debian-9/install.yml @@ -1,2 +1,2 @@ --- -install_url: http://deb.debian.org/debian/dists/stretch/main/installer-amd64/ +install_url: http://deb.debian.org/debian/dists/stretch-updates/main/installer-amd64/ diff --git a/guests/host_vars/libvirt-ubuntu-16/install.yml b/guests/host_vars/libvirt-ubuntu-16/install.yml index d8ce841..c3edf40 100644 --- a/guests/host_vars/libvirt-ubuntu-16/install.yml +++ b/guests/host_vars/libvirt-ubuntu-16/install.yml @@ -1,2 +1,2 @@ --- -install_url: http://archive.ubuntu.com/ubuntu/dists/xenial/main/installer-amd64/ +install_url: http://archive.ubuntu.com/ubuntu/dists/xenial-updates/main/installer-amd64/ diff --git a/guests/host_vars/libvirt-ubuntu-18/install.yml b/guests/host_vars/libvirt-ubuntu-18/install.yml index 544b3f2..f8a18f6 100644 --- a/guests/host_vars/libvirt-ubuntu-18/install.yml +++ b/guests/host_vars/libvirt-ubuntu-18/install.yml @@ -1,2 +1,2 @@ --- -install_url: http://archive.ubuntu.com/ubuntu/dists/bionic/main/installer-amd64/ +install_url: http://archive.ubuntu.com/ubuntu/dists/bionic-updates/main/installer-amd64/ -- 2.21.0

2 4

[libvirt] [PATCH v4 00/23] Add support for vTPM state encryption
by Stefan Berger 12 Jul '19

12 Jul '19

This series of patches addresses the RFE in BZ 172830: https://bugzilla.redhat.com/show_bug.cgi?id=1728030 This series of patches adds support for vTPM state encryption by passing the read-end of a pipe's file descriptor to 'swtpm_setup' and 'swtpm' where they can read a passphrase from and derive a key from that passphrase. The TPM's domain XML looks to enable state encryption looks like this: <tpm model='tpm-tis'> <backend type='emulator' version='1.2'> <encryption format='vtpm'> <secret type='passphrase' uuid='2c9ceaba-c6ef-4f38-86fd-6e3adb2df5cd'/> </encryption> </backend> <alias name='tpm0'/> </tpm> The vTPM secret holding the passphrase looks like this: <secret ephemeral='no' private='yes'> <uuid>2c9ceaba-c6ef-4f38-86fd-6e3adb2df5cd</uuid> <description>vTPM passphrase example</description> <usage type='vtpm'> <name>vtpm_example</name> </usage> </secret> The swtpm v0.2 (upcoming) is needed that supports the command line option --print-capabilities returning a JSON object that identifies features added since v0.1. One such features is the possibility to pass a passphrase via a file descriptor. The patches do some refactoring of existing code on the way. Stefan v1->v2: - Added Marc-André's R-bs - Addressed comments - Added patches to extend virCommand to be able to write contents of multiple buffers to file descriptors for a spawned process to read from v2->v3: - Fixed some pointer issues following conversion to use VIR_AUTOFREE v3->v4: - Added test case for virCommandSetSendBuffer() to commantest.c - Addressed other issues raised by Marc-André Stefan Berger (23): secret: Add support for usage type vTPM, extend schema and test case tests: Add already existing test case tpm-emulator-tpm2 util: Add VIR_STORAGE_ENCRYPTION_FORMAT_VTPM conf: Extend TPM XML parser with encryption support schema: Extend the TPM XML schema with support for encryption tests: Add test for TPM XML encryption parser and formatter tests: Add tests for QEMU command line generation with encrypted TPM tpm: Move virtpm.c from utils dir to own tpm dir tpm: Move qemuTPMEmulatorInit to virTPMEmulatorInit in virtpm.c tpm: Refactor virTPMEmulatorInit to use loop tpm: Check whether previously found executables were updated tpm: Parse the capabilities supported by swtpm and swtpm_setup utils: Implement function to pass a buffer to send via a fd to virCommand utils: Convert pollfd array to be allocated utils: Write a maximum of MAX_PIPE_WRITE_BYTES into a pipe utils: Mark inpipe as non-blocking utils: Extend virCommandProcessIO to include the send buffers tests: Extend command test to transfer large data to process on multiple fds tpm: Use fd to pass password to swtpm_setup and swtpm tpm: Pass migration key passphrase via fd to swtpm tpm: Check TPM XML device configuration changes after edit docs: Extend Secret XML documentation with vtpm usage type docs: Extend TPM docs with new encryption element docs/formatdomain.html.in | 16 + docs/formatsecret.html.in | 61 +++- docs/schemas/domaincommon.rng | 30 ++ docs/schemas/secret.rng | 10 + include/libvirt/libvirt-secret.h | 1 + po/POTFILES | 2 +- src/Makefile.am | 1 + src/conf/Makefile.inc.am | 7 + src/conf/domain_conf.c | 96 +++++- src/conf/domain_conf.h | 5 + src/conf/secret_conf.c | 13 + src/conf/virtpm_conf.c | 36 ++ src/conf/virtpm_conf.h | 36 ++ src/libvirt_private.syms | 21 +- src/qemu/Makefile.inc.am | 1 + src/qemu/qemu_block.c | 1 + src/qemu/qemu_driver.c | 28 ++ src/qemu/qemu_extdevice.c | 2 +- src/qemu/qemu_extdevice.h | 3 + src/qemu/qemu_tpm.c | 196 ++++++----- src/security/Makefile.inc.am | 1 + src/tpm/Makefile.inc.am | 20 ++ src/tpm/virtpm.c | 326 ++++++++++++++++++ src/{util => tpm}/virtpm.h | 8 + src/util/Makefile.inc.am | 2 - src/util/vircommand.c | 153 +++++++- src/util/vircommand.h | 5 + src/util/virsecret.c | 2 +- src/util/virstorageencryption.c | 2 +- src/util/virstorageencryption.h | 1 + src/util/virtpm.c | 74 ---- tests/Makefile.am | 1 + tests/commandhelper.c | 64 +++- tests/commandtest.c | 112 ++++++ .../tpm-emulator-tpm2-enc.x86_64-latest.args | 35 ++ .../tpm-emulator-tpm2-enc.xml | 34 ++ tests/qemuxml2argvtest.c | 1 + .../tpm-emulator-tpm2-enc.xml | 38 ++ tests/qemuxml2xmltest.c | 2 + tests/secretxml2xmlin/usage-vtpm.xml | 7 + tests/secretxml2xmltest.c | 1 + 41 files changed, 1283 insertions(+), 172 deletions(-) create mode 100644 src/conf/virtpm_conf.c create mode 100644 src/conf/virtpm_conf.h create mode 100644 src/tpm/Makefile.inc.am create mode 100644 src/tpm/virtpm.c rename src/{util => tpm}/virtpm.h (77%) delete mode 100644 src/util/virtpm.c create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.xml create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator-tpm2-enc.xml create mode 100644 tests/secretxml2xmlin/usage-vtpm.xml -- 2.20.1

3 33

[libvirt] [PATCH v2 00/19] Enable proper use of systemd socket activation with libvirtd
by Daniel P. Berrangé 12 Jul '19

12 Jul '19

The libvirtd daemon has some support for systemd socket activation from: commit 27a7081c2968ca0d7fbd590629b5a5303851f4a3 Author: Martin Kletzander <mkletzan(a)redhat.com> Date: Tue Jul 15 15:28:53 2014 +0200 daemon: support passing FDs from the calling process First FD is the RW unix socket to listen on, second one (if applicable) is the RO unix socket. This was originally intended for use by the libvirt client when doing auto-spawning of libvirtd, but we later deleted that client side code in commit be78814ae07f092d9c4e71fd82dd1947aba2f029 Author: Michal Privoznik <mprivozn(a)redhat.com> Date: Thu Apr 2 14:41:17 2015 +0200 virNetSocketNewConnectUNIX: Use flocks when spawning a daemon We never added systemd socket units before as we need libvirtd to start on boot to perform autostart. It was recently pointed out by Lennart that these two features are not mutually exclusive though. Libvirtd can be set to start on boot, and also have socket unit files. The idea is that we start libvirtd on boot, perform autostart, and then libvirtd can exit if nothing is running. The socket unit files are then there to start it again when a mgmt app connects. This series implements that strategy. In doing so the current socket activation support was rewritten to be more flexible, able to cope with the admin socket and the TCP/TLS sockets, all passed in any order. NB, I don't believe I have got the RPM upgrade procedure right yet. As there are alot of scenario to test for upgrades, I need more validation of that. The series is long enough now though, that it would benefit from code review already This socket activation is also going to be important when we split out the daemons, as we will use the same libvirtd codebase for these new daemons, simply compiled with different options. Changed in v2: - Merge 4 patches already ACKd by Jan - Drop VIR_AUTOSTRUCT patch - Fix patch ordering to be bisectable with "make check" Daniel P. Berrangé (19): rpc: ensure all sockets bind to same port when service is NULL util: add APIs for facilitating use of systemd activation FDs rpc: refactor RPC service constructors to share more code rpc: allow creating RPC service from an array of FDs rpc: avoid unlinking sockets passed in from systemd rpc: add helper APIs for adding services with systemd activation rpc: add API for checking whether an auth scheme is in use on a server remote: simplify libvirtd code for deciding if SASL auth is needed remote: fix handling of systemd activation wrt socket ordering rpc: remove unused API for creating services from FDs remote: add systemd socket units for UNIX/TCP sockets remote: make system libvirtd exit when idle via timeout remote: update config files to note usage wrt systemd socket activation util: remove code spawning with systemd activation env vars locking: convert lock daemon to use systemd activation APIs logging: convert log daemon to use systemd activation APIs util: move code for getting listen FDs into systemd module util: remove unused helper for getting UNIX socket path rpc: remove unused typedef for auto shutdown function callback libvirt.spec.in | 24 +- src/libvirt_private.syms | 8 +- src/libvirt_remote.syms | 6 +- src/locking/lock_daemon.c | 121 ++--- src/logging/log_daemon.c | 121 ++--- src/remote/Makefile.inc.am | 35 ++ src/remote/libvirtd-admin.socket.in | 15 + src/remote/libvirtd-ro.socket.in | 15 + src/remote/libvirtd-tcp.socket.in | 14 + src/remote/libvirtd-tls.socket.in | 14 + src/remote/libvirtd.conf | 31 ++ src/remote/libvirtd.service.in | 16 +- src/remote/libvirtd.socket.in | 13 + src/remote/libvirtd.sysconf | 3 +- src/remote/remote_daemon.c | 255 +++++----- src/rpc/virnetdaemon.h | 2 - src/rpc/virnetserver.c | 162 +++++++ src/rpc/virnetserver.h | 26 ++ src/rpc/virnetserverservice.c | 238 ++++------ src/rpc/virnetserverservice.h | 24 +- src/rpc/virnetsocket.c | 83 +++- src/rpc/virnetsocket.h | 1 + src/util/vircommand.c | 99 ---- src/util/vircommand.h | 2 - src/util/virsystemd.c | 434 ++++++++++++++++++ src/util/virsystemd.h | 32 ++ src/util/virutil.c | 116 ----- src/util/virutil.h | 3 - tests/commanddata/test24.log | 8 - tests/commandtest.c | 58 --- .../input-data-anon-clients.json | 12 +- .../output-data-admin-server-names.json | 24 +- tests/virnetdaemondata/output-data-admin.json | 24 +- .../output-data-anon-clients.json | 12 +- .../output-data-client-auth-pending.json | 12 +- .../output-data-client-ids.json | 12 +- .../output-data-client-timestamp.json | 12 +- .../virnetdaemondata/output-data-initial.json | 12 +- .../output-data-no-keepalive-required.json | 24 +- tests/virsystemdtest.c | 169 +++++++ 40 files changed, 1464 insertions(+), 828 deletions(-) create mode 100644 src/remote/libvirtd-admin.socket.in create mode 100644 src/remote/libvirtd-ro.socket.in create mode 100644 src/remote/libvirtd-tcp.socket.in create mode 100644 src/remote/libvirtd-tls.socket.in create mode 100644 src/remote/libvirtd.socket.in delete mode 100644 tests/commanddata/test24.log -- 2.21.0

2 21

[libvirt] [PATCH v2] logging: ensure virtlogd rollover takes priority over logrotate
by Daniel P. Berrangé 12 Jul '19

12 Jul '19

The virtlogd config is set to rollover logs every 2 MB. Normally a logrotate config file is also installed to handle cases where virtlogd is disabled. This is set to rollover weekly with no size constraint. As a result logrotate can interfere with virtlogd's, rolling over files that virtlogd has already taken care of. This changes logrotate configs to rollover based on a max size constraint of 2 MB + 1 byte. When virtlogd is running the log files will never get this large, making logrotate a no-op. If the user changes the size in virtlogd's config to something larger, they are responsible for also changing the logrotate config suitably. The LXC driver doesn't use virtlogd, but its logrotate config is altered to match the QEMU driver logrotate, just for the sake of consistency. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- src/logging/virtlogd.conf | 6 ++++++ src/remote/libvirtd.libxl.logrotate.in | 2 +- src/remote/libvirtd.lxc.logrotate.in | 2 +- src/remote/libvirtd.qemu.logrotate.in | 10 +++++++++- 4 files changed, 17 insertions(+), 3 deletions(-) diff --git a/src/logging/virtlogd.conf b/src/logging/virtlogd.conf index 72da7f0705..bc41edbc6b 100644 --- a/src/logging/virtlogd.conf +++ b/src/logging/virtlogd.conf @@ -90,6 +90,12 @@ #admin_max_clients = 5 # Maximum file size before rolling over. Defaults to 2 MB +# +# Beware that a logrotate config file might be installed too, +# to handle cases where virtlogd is disabled. To ensure that +# the logrotate config is a no-op when virtlogd is running, +# make sure that max_size here is smaller than size listed +# in the logrotate config. #max_size = 2097152 # Maximum number of backup files to keep. Defaults to 3, diff --git a/src/remote/libvirtd.libxl.logrotate.in b/src/remote/libvirtd.libxl.logrotate.in index cb7f07d846..1461c1efa1 100644 --- a/src/remote/libvirtd.libxl.logrotate.in +++ b/src/remote/libvirtd.libxl.logrotate.in @@ -1,5 +1,5 @@ @localstatedir@/log/libvirt/libxl/*.log { - weekly + size 2097153 missingok rotate 4 compress diff --git a/src/remote/libvirtd.lxc.logrotate.in b/src/remote/libvirtd.lxc.logrotate.in index 2bb9dfba12..b88dabb58e 100644 --- a/src/remote/libvirtd.lxc.logrotate.in +++ b/src/remote/libvirtd.lxc.logrotate.in @@ -1,5 +1,5 @@ @localstatedir@/log/libvirt/lxc/*.log { - weekly + size 2097153 missingok rotate 4 compress diff --git a/src/remote/libvirtd.qemu.logrotate.in b/src/remote/libvirtd.qemu.logrotate.in index cdb399ef23..78f2ca875e 100644 --- a/src/remote/libvirtd.qemu.logrotate.in +++ b/src/remote/libvirtd.qemu.logrotate.in @@ -1,5 +1,13 @@ @localstatedir@/log/libvirt/qemu/*.log { - weekly + # The QEMU driver is configured to use virtlogd by + # default, which will perform log rollover. + # This logrotate config is still installed for cases + # where the user has switched off virtlogd. + # + # If virtlogd is active, ensure that size here is + # larger than 'max_size' in the virtlogd config + # so that logrotate becomes a no-op + size 2097153 missingok rotate 4 compress -- 2.21.0

2 2

[libvirt] [PATCH v2 00/21] Add support for vTPM state encryption
by Stefan Berger 11 Jul '19

11 Jul '19

This series of patches addresses the RFE in BZ 172830: https://bugzilla.redhat.com/show_bug.cgi?id=1728030 This series of patches adds support for vTPM state encryption by passing the read-end of a pipe's file descriptor to 'swtpm_setup' and 'swtpm' where they can read a passphrase from and derive a key from that passphrase. The TPM's domain XML looks to enable state encryption looks like this: <tpm model='tpm-tis'> <backend type='emulator' version='1.2'> <encryption format='vtpm'> <secret type='passphrase' uuid='2c9ceaba-c6ef-4f38-86fd-6e3adb2df5cd'/> </encryption> </backend> <alias name='tpm0'/> </tpm> The vTPM secret holding the passphrase looks like this: <secret ephemeral='no' private='yes'> <uuid>2c9ceaba-c6ef-4f38-86fd-6e3adb2df5cd</uuid> <description>vTPM passphrase example</description> <usage type='vtpm'> <name>vtpm_example</name> </usage> </secret> The swtpm v0.2 (upcoming) is needed that supports the command line option --print-capabilities returning a JSON object that identifies features added since v0.1. One such features is the possibility to pass a passphrase via a file descriptor. The patches do some refactoring of existing code on the way. Stefan v1->v2: - Added Marc-André's R-bs - Addressed comments - Added patches to extend virCommand to be able to write contents of multiple buffers to file descriptors for a spawned process to read from Stefan Berger (21): secret: Add support for usage type vTPM, extend schema and test case tests: Add already existing test case tpm-emulator-tpm2 util: Add VIR_STORAGE_ENCRYPTION_FORMAT_VTPM conf: Extend TPM XML parser with encryption support schema: Extend the TPM XML schema with support for encryption tests: Add test for TPM XML encryption parser and formatter tests: Add tests for QEMU command line generation with encrypted TPM tpm: Move virtpm.c from utils dir to own tpm dir tpm: Move qemuTPMEmulatorInit to virTPMEmulatorInit in virtpm.c tpm: Refactor virTPMEmulatorInit to use loop tpm: Check whether previously found executables were updated tpm: Parse the capabilities supported by swtpm and swtpm_setup utils: Implement function to pass a buffer to send via a fd to virCommand utils: Convert pollfd array to be allocated utils: Write a maximum of MAX_PIPE_FEED_BYTES into a pipe utils: Extend virCommandProcessIO to including the send buffers tpm: Use fd to pass password to swtpm_setup and swtpm tpm: Pass migration key passphrase via fd to swtpm tpm: Check TPM XML device configuration changes after edit docs: Extend Secret XML documentation with vtpm usage type docs: Extend TPM docs with new encryption element docs/formatdomain.html.in | 16 + docs/formatsecret.html.in | 61 +++- docs/schemas/domaincommon.rng | 30 ++ docs/schemas/secret.rng | 10 + include/libvirt/libvirt-secret.h | 1 + po/POTFILES | 2 +- src/Makefile.am | 1 + src/conf/Makefile.inc.am | 7 + src/conf/domain_conf.c | 96 +++++- src/conf/domain_conf.h | 5 + src/conf/secret_conf.c | 13 + src/conf/virtpm_conf.c | 36 ++ src/conf/virtpm_conf.h | 36 ++ src/libvirt_private.syms | 21 +- src/qemu/Makefile.inc.am | 1 + src/qemu/qemu_block.c | 1 + src/qemu/qemu_driver.c | 28 ++ src/qemu/qemu_extdevice.c | 2 +- src/qemu/qemu_extdevice.h | 3 + src/qemu/qemu_tpm.c | 197 ++++++----- src/security/Makefile.inc.am | 1 + src/tpm/Makefile.inc.am | 20 ++ src/tpm/virtpm.c | 325 ++++++++++++++++++ src/{util => tpm}/virtpm.h | 8 + src/util/Makefile.inc.am | 2 - src/util/vircommand.c | 139 +++++++- src/util/vircommand.h | 5 + src/util/virsecret.c | 2 +- src/util/virstorageencryption.c | 2 +- src/util/virstorageencryption.h | 1 + src/util/virtpm.c | 74 ---- tests/Makefile.am | 1 + .../tpm-emulator-tpm2-enc.x86_64-latest.args | 35 ++ .../tpm-emulator-tpm2-enc.xml | 34 ++ tests/qemuxml2argvtest.c | 1 + .../tpm-emulator-tpm2-enc.xml | 38 ++ tests/qemuxml2xmltest.c | 2 + tests/secretxml2xmlin/usage-vtpm.xml | 7 + tests/secretxml2xmltest.c | 1 + 39 files changed, 1099 insertions(+), 166 deletions(-) create mode 100644 src/conf/virtpm_conf.c create mode 100644 src/conf/virtpm_conf.h create mode 100644 src/tpm/Makefile.inc.am create mode 100644 src/tpm/virtpm.c rename src/{util => tpm}/virtpm.h (77%) delete mode 100644 src/util/virtpm.c create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.xml create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator-tpm2-enc.xml create mode 100644 tests/secretxml2xmlin/usage-vtpm.xml -- 2.20.1

3 30

[libvirt] [PATCH] virsh emulatorpin, vcpupin: omit offline CPUs from affinity map
by Scott Cheloha 11 Jul '19

11 Jul '19

Each host CPU is not necessarily online. Including CPUs that are known to be offline in the default affinity map doesn't make much sense. We can try to omit those CPUs if the host supports CPU bitmaps, i.e. virHostCPUHasBitmap() is true. Otherwise we can return a full map as we do now. For example, given the following lscpu(1): Architecture: ppc64le Byte Order: Little Endian CPU(s): 128 On-line CPU(s) list: 0,8,16,24,32,40,48,56,64,72,80,88,96,104,112,120 Off-line CPU(s) list: 1-7,9-15,17-23,25-31,33-39,41-47,49-55,57-63,65-71,73-79,81-87,89-95,97-103,105-111,113-119,121-127 Thread(s) per core: 1 Core(s) per socket: 4 Socket(s): 4 NUMA node(s): 4 Model: 2.1 (pvr 004b 0201) Model name: POWER8E (raw), altivec supported CPU max MHz: 4322.0000 CPU min MHz: 2061.0000 L1d cache: 64K L1i cache: 32K L2 cache: 512K L3 cache: 8192K NUMA node0 CPU(s): 0,8,16,24 NUMA node1 CPU(s): 32,40,48,56 NUMA node16 CPU(s): 64,72,80,88 NUMA node17 CPU(s): 96,104,112,120 the current behavior for a guest with no VCPU configuration is: $ virsh vcpupin myvm ---------------------------------- 0: 0-127 but this patch instead you get: VCPU CPU Affinity ---------------------------------- 0 0,8,16,24,32,40,48,56,64,72,80,88,96,104,112,120 which is more consistent with the lscpu(1) output. Fixes: ibm bz174632 (rhbz#1434276) Signed-off-by: Scott Cheloha <cheloha(a)linux.vnet.ibm.com> --- I'm unsure whether it's better to automatically fall back to the full map if virHostCPUGetOnlineBitmap() fails, or to fail loudly as I do in this patch. Preferences? src/conf/domain_conf.c | 8 ++++++++ src/qemu/qemu_driver.c | 4 ++++ 2 files changed, 12 insertions(+) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 3323c9a5b1..0ea6f69574 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -1989,6 +1989,7 @@ virDomainDefGetVcpuPinInfoHelper(virDomainDefPtr def, int maxvcpus = virDomainDefGetVcpusMax(def); size_t i; VIR_AUTOPTR(virBitmap) allcpumap = NULL; + VIR_AUTOPTR(virBitmap) onlinemap = NULL; if (hostcpus < 0) return -1; @@ -1998,6 +1999,11 @@ virDomainDefGetVcpuPinInfoHelper(virDomainDefPtr def, virBitmapSetAll(allcpumap); + if (virHostCPUHasBitmap()) { + if (!(onlinemap = virHostCPUGetOnlineBitmap())) + return -1; + } + for (i = 0; i < maxvcpus && i < ncpumaps; i++) { virDomainVcpuDefPtr vcpu = virDomainDefGetVcpu(def, i); virBitmapPtr bitmap = NULL; @@ -2009,6 +2015,8 @@ virDomainDefGetVcpuPinInfoHelper(virDomainDefPtr def, bitmap = autoCpuset; else if (def->cpumask) bitmap = def->cpumask; + else if (onlinemap) + bitmap = onlinemap; else bitmap = allcpumap; diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 5a75f23981..2c59513929 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -5377,6 +5377,10 @@ qemuDomainGetEmulatorPinInfo(virDomainPtr dom, } else if (vm->def->placement_mode == VIR_DOMAIN_CPU_PLACEMENT_MODE_AUTO && autoCpuset) { cpumask = autoCpuset; + } else if (virHostCPUHasBitmap()) { + if (!(bitmap = virHostCPUGetOnlineBitmap())) + goto cleanup; + cpumask = bitmap; } else { if (!(bitmap = virBitmapNew(hostcpus))) goto cleanup; -- 2.20.1

1 0