[libvirt] [PATCH] RFC: security: Make sure to decrease ref count label value
by Stefan Berger
I noticed that if a domain fails to restore, the ref count in the xattr
'trusted.libvirt.security.ref_selinux' keeps on increasing indefinitely
and the VM will never restore even if the root cause for the restore
failure has been removed. The reason seems to be that the code to decrease
the ref count never gets called because the block above it fails due
to virSecuritySELinuxTransactionAppend() failing. The simple solution
seems to be to revert the order in which things are done.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
src/security/security_selinux.c | 19 +++++++++++--------
1 file changed, 11 insertions(+), 8 deletions(-)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index ea20373a90..9fd29e9bca 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1499,14 +1499,9 @@ virSecuritySELinuxRestoreFileLabel(virSecurityManagerPtr mgr,
goto cleanup;
}
- if ((rc = virSecuritySELinuxTransactionAppend(path, NULL,
- false, recall, true)) < 0) {
- goto cleanup;
- } else if (rc > 0) {
- ret = 0;
- goto cleanup;
- }
-
+ /* Recall the label so the ref count label decreases its counter
+ * even if transaction append below fails.
+ */
if (recall) {
rc = virSecuritySELinuxRecallLabel(newpath, &fcon);
if (rc == -2) {
@@ -1519,6 +1514,14 @@ virSecuritySELinuxRestoreFileLabel(virSecurityManagerPtr mgr,
}
}
+ if ((rc = virSecuritySELinuxTransactionAppend(path, NULL,
+ false, recall, true)) < 0) {
+ goto cleanup;
+ } else if (rc > 0) {
+ ret = 0;
+ goto cleanup;
+ }
+
if (!recall || rc == -2) {
if (stat(newpath, &buf) != 0) {
VIR_WARN("cannot stat %s: %s", newpath,
--
2.20.1
5 years, 4 months
[libvirt] [PATCH] news: add entry for new max_threads_per_process option in qemu.conf
by Jim Fehlig
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
---
docs/news.xml | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/docs/news.xml b/docs/news.xml
index 82a4ec9c84..3a20f95a0d 100644
--- a/docs/news.xml
+++ b/docs/news.xml
@@ -74,6 +74,17 @@
which portions of a disk have changed since a point in time.
</description>
</change>
+ <change>
+ <summary>
+ qemu: Add support for overriding max threads per process limit
+ </summary>
+ <description>
+ systemd-based systems impose a limit on the number of threads a
+ process can spawn, which in some cases can be exceeded by qemu
+ processes running VMs. Add a <code>max_threads_per_process</code>
+ option to qemu.conf to override the system default.
+ </description>
+ </change>
</section>
<section title="Removed features">
<change>
--
2.22.0
5 years, 4 months
[libvirt] [jenkins-ci PATCH 0/6] Update libosinfo (& friends) dependencies
by Fabiano Fidêncio
libsoup & mingw-libsoup are new dependencies for both libosinfo &
osinfo-db-tools since v1.6.0 release
libcurl & mingw-curl are no longer a dependency for libosinfo since
v1.5.0 release
Fabiano Fidêncio (6):
mappings: Add mingw*-libsoup
mingw*-libosinfo: Add mingw*-libsoup as dependency
mingw*-osinfo-db-tools: Add mingw*-libsoup as dependency
osinfo-db-tools: Add libsoup as dependency
mingw*-libosinfo: Remove mingw*-curl dependency
ibosinfo: Remove libcurl dependency
guests/vars/mappings.yml | 6 ++++++
guests/vars/projects/libosinfo+mingw32.yml | 2 +-
guests/vars/projects/libosinfo+mingw64.yml | 2 +-
guests/vars/projects/libosinfo.yml | 1 -
guests/vars/projects/osinfo-db-tools+mingw32.yml | 1 +
guests/vars/projects/osinfo-db-tools+mingw64.yml | 1 +
guests/vars/projects/osinfo-db-tools.yml | 1 +
7 files changed, 11 insertions(+), 3 deletions(-)
--
2.21.0
5 years, 4 months
[libvirt] [PATCH v2 0/3] misc virhostdevs cleanups
by Daniel Henrique Barboza
changes in v2:
- changed the parameter order in the function calls
- gave up on moving virPCIDeviceSetX(pci, true) calls to
virPCIDeviceReattach(). The attributes being set changes
the behavior of virPCIDeviceReattach() in a more complex
way than I expected. I still believe a simplification
can be done there, but it became out of scope for a more
simplistic cleanup such as this one.
These are cleanups that I made together with an attempt to
enable parcial PCI Multifunction assignment with managed=true.
That work will be scrapped after discussions with Laine in
[1], but these cleanups kind of make sense on their own, so
here they are.
[1] https://www.redhat.com/archives/libvir-list/2019-July/msg01175.html
*** BLURB HERE ***
Daniel Henrique Barboza (3):
virhostdev: introduce virHostdevResetAllPCIDevices
virhostdev: remove virHostdevReattachPCIDevice
virhostdev: introduce virHostdevReattachAllPCIDevices
src/util/virhostdev.c | 148 +++++++++++++++++-------------------------
src/util/virpci.c | 14 ++++
2 files changed, 75 insertions(+), 87 deletions(-)
--
2.21.0
5 years, 4 months
[libvirt] [PATCH] backup: Add news entry for checkpoints
by Eric Blake
Checkpoints are definitely a news-worthy addition, even if the
virDomainBackup API is not going to make it until a later release.
Signed-off-by: Eric Blake <eblake(a)redhat.com>
---
docs/news.xml | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/docs/news.xml b/docs/news.xml
index 1134309ec2..c7ac960523 100644
--- a/docs/news.xml
+++ b/docs/news.xml
@@ -63,6 +63,17 @@
<code>bochs-display</code> device that was added in qemu version 3.0.
</description>
</change>
+ <change>
+ <summary>
+ api: new virDomainCheckpoint APIs
+ </summary>
+ <description>
+ Introduce several new APIs for creating and managing
+ checkpoints in the test and qemu drivers (the latter
+ requires qcow2 images). Checkpoints serve as a way to tell
+ which portions of a disk have changed since a point in time.
+ </description>
+ </change>
</section>
<section title="Removed features">
<change>
--
2.20.1
5 years, 4 months
[libvirt] [PATCH 0/6] Relax PCI domain limitation
by Michal Privoznik
As reported here [1], a PCI domain can be just any number. Well, not in
case of traditional 32-bit PCI, bit in case of PCI-X (64-bit PCI; not to
be confused with PCI Express), the PCI domain number can really be just
anything. I wanted to download the specification from PCI SIG web but
it's paid (why on earth would somebody create a standard and then make
it not widely available is beyond me).
1: https://www.redhat.com/archives/libvir-list/2019-July/msg01732.html
Michal Prívozník (6):
qemuBuildPCIHostdevDevStr: Always format PCI domain onto cmd line
virPCIDeviceNew: Prefer VIR_RETURN_PTR
virPCIDevice: Make @name dynamically allocated
lib: Unify PCI address formatting
lib: Format PCI address differently
virpci: Allow greater PCI domain value in virPCIDeviceAddressIsValid
docs/schemas/basictypes.rng | 2 +-
src/conf/device_conf.c | 4 +-
src/conf/domain_addr.c | 10 ++--
src/conf/domain_audit.c | 3 +-
src/conf/domain_conf.c | 12 ++---
src/conf/node_device_conf.c | 12 ++---
src/libxl/libxl_driver.c | 14 +++--
src/qemu/qemu_command.c | 9 ++--
src/qemu/qemu_hotplug.c | 5 +-
src/util/virpci.c | 52 +++++++++----------
src/util/virpci.h | 2 +
.../hostdev-pci-address-device.args | 2 +-
.../qemuxml2argvdata/hostdev-pci-address.args | 2 +-
.../hostdev-vfio-zpci-autogenerate.args | 2 +-
.../hostdev-vfio-zpci-boundaries.args | 2 +-
tests/qemuxml2argvdata/hostdev-vfio-zpci.args | 2 +-
tests/qemuxml2argvdata/hostdev-vfio.args | 2 +-
.../net-hostdev-bootorder.args | 3 +-
tests/qemuxml2argvdata/net-hostdev-vfio.args | 2 +-
tests/qemuxml2argvdata/net-hostdev.args | 2 +-
tests/qemuxml2argvdata/pci-domain-invalid.xml | 2 +-
tests/qemuxml2argvdata/pci-rom.args | 4 +-
tools/virsh-domain.c | 4 +-
23 files changed, 81 insertions(+), 73 deletions(-)
--
2.21.0
5 years, 4 months
[libvirt] PCI domain space need be enlarge to support domain great than FFFF
by Changlimin
For some servers, PCI domain is great than FFFF
# lspci
10000:00:00.0 PCI bridge: Intel Corporation Sky Lake-E PCI Express Root Port A (rev 04)
10000:00:01.0 PCI bridge: Intel Corporation Sky Lake-E PCI Express Root Port B (rev 04)
10000:00:02.0 PCI bridge: Intel Corporation Sky Lake-E PCI Express Root Port C (rev 04)
10000:00:03.0 PCI bridge: Intel Corporation Sky Lake-E PCI Express Root Port D (rev 04)
10000:01:00.0 Non-Volatile memory controller: Samsung Electronics Co Ltd NVMe SSD Controller SM961/PM961
10000:02:00.0 Non-Volatile memory controller: Samsung Electronics Co Ltd NVMe SSD Controller SM961/PM961
So some code need to match the larger domain.
#define PCI_ADDR_LEN 13 /* "XXXX:XX:XX.X" */
snprintf(dev->name, sizeof(dev->name), "%.4x:%.2x:%.2x.%.1x",
domain, bus, slot, function)
if (addr->domain > 0xFFFF) {
5 years, 4 months
[libvirt] [PATCH] news: Allow xml validation for snapshot creation
by Han Han
Signed-off-by: Han Han <hhan(a)redhat.com>
---
docs/news.xml | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/docs/news.xml b/docs/news.xml
index 1134309ec2..6d90ea8389 100644
--- a/docs/news.xml
+++ b/docs/news.xml
@@ -76,6 +76,16 @@
</change>
</section>
<section title="Improvements">
+ <change>
+ <summary>
+ qemu: Allow to validate xml for snapshot creation
+ </summary>
+ <description>
+ Add flag <code>VIR_DOMAIN_SNAPSHOT_CREATE_VALIDATE</code> to validate
+ snapshot input xml. For virsh, users can use it as <code>virsh
+ snapshot-create --validate</code>.
+ </description>
+ </change>
</section>
<section title="Bug fixes">
</section>
--
2.20.1
5 years, 4 months
