[libvirt] [PATCH v6 00/19] Add support for vTPM state encryption
by Stefan Berger
This series of patches addresses the RFE in BZ 172830:
https://bugzilla.redhat.com/show_bug.cgi?id=1728030
This series of patches adds support for vTPM state encryption by passing
the read-end of a pipe's file descriptor to 'swtpm_setup' and 'swtpm'
where they can read a passphrase from and derive a key from that passphrase.
The TPM's domain XML looks to enable state encryption looks like this:
<tpm model='tpm-tis'>
<backend type='emulator' version='1.2'>
<encryption secret='2c9ceaba-c6ef-4f38-86fd-6e3adb2df5cd'/>
</backend>
</tpm>
The vTPM secret holding the passphrase looks like this:
<secret ephemeral='no' private='yes'>
<uuid>2c9ceaba-c6ef-4f38-86fd-6e3adb2df5cd</uuid>
<description>vTPM passphrase example</description>
<usage type='vtpm'>
<name>vtpm_example</name>
</usage>
</secret>
The swtpm v0.2 is needed that supports the command line option
--print-capabilities returning a JSON object that identifies features added
since v0.1. One such features is the possibility to pass a passphrase via a
file descriptor.
The patches do some refactoring of existing code on the way.
Stefan
v1->v2:
- Added Marc-André's R-bs
- Addressed comments
- Added patches to extend virCommand to be able to write contents of multiple
buffers to file descriptors for a spawned process to read from
v2->v3:
- Fixed some pointer issues following conversion to use VIR_AUTOFREE
v3->v4:
- Added test case for virCommandSetSendBuffer() to commantest.c
- Addressed other issues raised by Marc-André
v4->v5:
- Simplified encryption node in TPM's domain XML and adapted everything that
depends on this; dropped some patches and removed some R-bs for non-trivial
stuff
- Not limiting write size for fd's with O_NONBLOCK set
v5->v6:
- Addressed comments on v5
Stefan Berger (19):
secret: Add support for usage type vTPM, extend schema and test case
tests: Add already existing test case tpm-emulator-tpm2
conf: Extend TPM XML parser with encryption support
tests: Add test for TPM XML encryption parser and formatter
tests: Add tests for QEMU command line generation with encrypted TPM
tpm: Move qemuTPMEmulatorInit to virTPMEmulatorInit in virtpm.c
tpm: Refactor virTPMEmulatorInit to use loop
tpm: Check whether previously found executables were updated
tpm: Parse the capabilities supported by swtpm and swtpm_setup
utils: Implement function to pass a buffer to send via a fd to
virCommand
utils: Convert pollfd array to be allocated
utils: Mark inpipe as non-blocking
utils: Extend virCommandProcessIO to include the send buffers
tests: Extend command test to transfer large data to process on
multiple fds
tpm: Use fd to pass password to swtpm_setup and swtpm
tpm: Pass migration key passphrase via fd to swtpm
tpm: Check TPM XML device configuration changes after edit
docs: Extend Secret XML documentation with vtpm usage type
docs: Extend TPM docs with new encryption element
docs/formatdomain.html.in | 12 +
docs/formatsecret.html.in | 61 +++-
docs/schemas/domaincommon.rng | 11 +
docs/schemas/secret.rng | 10 +
include/libvirt/libvirt-secret.h | 1 +
include/libvirt/virterror.h | 2 +
src/conf/domain_conf.c | 87 ++++-
src/conf/domain_conf.h | 6 +
src/conf/secret_conf.c | 13 +
src/libvirt_private.syms | 10 +
src/qemu/qemu_driver.c | 28 ++
src/qemu/qemu_extdevice.c | 2 +-
src/qemu/qemu_extdevice.h | 3 +
src/qemu/qemu_tpm.c | 211 ++++++++-----
src/util/vircommand.c | 148 ++++++++-
src/util/vircommand.h | 5 +
src/util/virerror.c | 2 +
src/util/virsecret.c | 2 +-
src/util/virtpm.c | 298 +++++++++++++++++-
src/util/virtpm.h | 23 ++
tests/commandhelper.c | 70 +++-
tests/commandtest.c | 113 +++++++
.../tpm-emulator-tpm2-enc.x86_64-latest.args | 35 ++
.../tpm-emulator-tpm2-enc.xml | 32 ++
tests/qemuxml2argvtest.c | 1 +
.../tpm-emulator-tpm2-enc.xml | 36 +++
tests/qemuxml2xmltest.c | 2 +
tests/secretxml2xmlin/usage-vtpm.xml | 7 +
tests/secretxml2xmltest.c | 1 +
29 files changed, 1145 insertions(+), 87 deletions(-)
create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.xml
create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator-tpm2-enc.xml
create mode 100644 tests/secretxml2xmlin/usage-vtpm.xml
--
2.20.1
5 years, 5 months
[libvirt] [PATCH v3] qapi: add dirty-bitmaps to query-named-block-nodes result
by John Snow
From: Vladimir Sementsov-Ogievskiy <vsementsov(a)virtuozzo.com>
Let's add a possibility to query dirty-bitmaps not only on root nodes.
It is useful when dealing both with snapshots and incremental backups.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov(a)virtuozzo.com>
[Added deprecation information. --js]
Signed-off-by: John Snow <jsnow(a)redhat.com>
---
block/qapi.c | 5 +++++
qapi/block-core.json | 6 +++++-
qemu-deprecated.texi | 12 ++++++++++++
3 files changed, 22 insertions(+), 1 deletion(-)
diff --git a/block/qapi.c b/block/qapi.c
index 917435f022..15f1030264 100644
--- a/block/qapi.c
+++ b/block/qapi.c
@@ -79,6 +79,11 @@ BlockDeviceInfo *bdrv_block_device_info(BlockBackend *blk,
info->backing_file = g_strdup(bs->backing_file);
}
+ if (!QLIST_EMPTY(&bs->dirty_bitmaps)) {
+ info->has_dirty_bitmaps = true;
+ info->dirty_bitmaps = bdrv_query_dirty_bitmaps(bs);
+ }
+
info->detect_zeroes = bs->detect_zeroes;
if (blk && blk_get_public(blk)->throttle_group_member.throttle_state) {
diff --git a/qapi/block-core.json b/qapi/block-core.json
index 0d43d4f37c..9210ae233d 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -360,6 +360,9 @@
# @write_threshold: configured write threshold for the device.
# 0 if disabled. (Since 2.3)
#
+# @dirty-bitmaps: dirty bitmaps information (only present if node
+# has one or more dirty bitmaps) (Since 4.2)
+#
# Since: 0.14.0
#
##
@@ -378,7 +381,7 @@
'*bps_wr_max_length': 'int', '*iops_max_length': 'int',
'*iops_rd_max_length': 'int', '*iops_wr_max_length': 'int',
'*iops_size': 'int', '*group': 'str', 'cache': 'BlockdevCacheInfo',
- 'write_threshold': 'int' } }
+ 'write_threshold': 'int', '*dirty-bitmaps': ['BlockDirtyInfo'] } }
##
# @BlockDeviceIoStatus:
@@ -656,6 +659,7 @@
#
# @dirty-bitmaps: dirty bitmaps information (only present if the
# driver has one or more dirty bitmaps) (Since 2.0)
+# Deprecated in 4.2; see BlockDirtyInfo instead.
#
# @io-status: @BlockDeviceIoStatus. Only present if the device
# supports it and the VM is configured to stop on errors
diff --git a/qemu-deprecated.texi b/qemu-deprecated.texi
index c90b08d553..6374b66546 100644
--- a/qemu-deprecated.texi
+++ b/qemu-deprecated.texi
@@ -134,6 +134,18 @@ The ``status'' field of the ``BlockDirtyInfo'' structure, returned by
the query-block command is deprecated. Two new boolean fields,
``recording'' and ``busy'' effectively replace it.
+@subsection query-block result field dirty-bitmaps (Since 4.2)
+
+The ``dirty-bitmaps`` field of the ``BlockInfo`` structure, returned by
+the query-block command is itself now deprecated. The ``dirty-bitmaps``
+field of the ``BlockDeviceInfo`` struct should be used instead, which is the
+type of the ``inserted`` field in query-block replies, as well as the
+type of array items in query-named-block-nodes.
+
+Since the ``dirty-bitmaps`` field is optionally present in both the old and
+new locations, clients must use introspection to learn where to anticipate
+the field if/when it does appear in command output.
+
@subsection query-cpus (since 2.12.0)
The ``query-cpus'' command is replaced by the ``query-cpus-fast'' command.
--
2.21.0
5 years, 5 months
[libvirt] [PATCH] README: fix license typo
by Jim Fehlig
The README contains a reference to GPL 2.1, which does not exist.
COPYING contains 2.0 so change the README to follow.
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 1271843cb1..4d1e86259d 100644
--- a/README.md
+++ b/README.md
@@ -30,7 +30,7 @@ License
The libvirt C API is distributed under the terms of GNU Lesser General
Public License, version 2.1 (or later). Some parts of the code that are
not part of the C library may have the more restrictive GNU General
-Public License, version 2.1 (or later). See the files `COPYING.LESSER`
+Public License, version 2.0 (or later). See the files `COPYING.LESSER`
and `COPYING` for full license terms & conditions.
--
2.22.0
5 years, 5 months
[libvirt] [PATCH v5 00/20] Add support for vTPM state encryption
by Stefan Berger
This series of patches addresses the RFE in BZ 172830:
https://bugzilla.redhat.com/show_bug.cgi?id=1728030
This series of patches adds support for vTPM state encryption by passing
the read-end of a pipe's file descriptor to 'swtpm_setup' and 'swtpm'
where they can read a passphrase from and derive a key from that passphrase.
The TPM's domain XML looks to enable state encryption looks like this:
<tpm model='tpm-tis'>
<backend type='emulator' version='1.2'>
<encryption secret='2c9ceaba-c6ef-4f38-86fd-6e3adb2df5cd'/>
</backend>
</tpm>
The vTPM secret holding the passphrase looks like this:
<secret ephemeral='no' private='yes'>
<uuid>2c9ceaba-c6ef-4f38-86fd-6e3adb2df5cd</uuid>
<description>vTPM passphrase example</description>
<usage type='vtpm'>
<name>vtpm_example</name>
</usage>
</secret>
The swtpm v0.2 (upcoming) is needed that supports the command line option
--print-capabilities returning a JSON object that identifies features added
since v0.1. One such features is the possibility to pass a passphrase via a
file descriptor.
The patches do some refactoring of existing code on the way.
Stefan
v1->v2:
- Added Marc-André's R-bs
- Addressed comments
- Added patches to extend virCommand to be able to write contents of multiple
buffers to file descriptors for a spawned process to read from
v2->v3:
- Fixed some pointer issues following conversion to use VIR_AUTOFREE
v3->v4:
- Added test case for virCommandSetSendBuffer() to commantest.c
- Addressed other issues raised by Marc-André
v4->v5:
- Simplified encryption node in TPM's domain XML and adapted everything that
depends on this; dropped some patches and removed some R-bs for non-trivial
stuff
- Not limiting write size for fd's with O_NONBLOCK set
Stefan Berger (20):
secret: Add support for usage type vTPM, extend schema and test case
tests: Add already existing test case tpm-emulator-tpm2
conf: Extend TPM XML parser with encryption support
schema: Extend the TPM XML schema with support for encryption
tests: Add test for TPM XML encryption parser and formatter
tests: Add tests for QEMU command line generation with encrypted TPM
tpm: Move qemuTPMEmulatorInit to virTPMEmulatorInit in virtpm.c
tpm: Refactor virTPMEmulatorInit to use loop
tpm: Check whether previously found executables were updated
tpm: Parse the capabilities supported by swtpm and swtpm_setup
utils: Implement function to pass a buffer to send via a fd to
virCommand
utils: Convert pollfd array to be allocated
utils: Mark inpipe as non-blocking
utils: Extend virCommandProcessIO to include the send buffers
tests: Extend command test to transfer large data to process on
multiple fds
tpm: Use fd to pass password to swtpm_setup and swtpm
tpm: Pass migration key passphrase via fd to swtpm
tpm: Check TPM XML device configuration changes after edit
docs: Extend Secret XML documentation with vtpm usage type
docs: Extend TPM docs with new encryption element
docs/formatdomain.html.in | 12 +
docs/formatsecret.html.in | 61 +++-
docs/schemas/domaincommon.rng | 11 +
docs/schemas/secret.rng | 10 +
include/libvirt/libvirt-secret.h | 1 +
src/conf/domain_conf.c | 87 +++++-
src/conf/domain_conf.h | 6 +
src/conf/secret_conf.c | 13 +
src/libvirt_private.syms | 10 +
src/qemu/qemu_driver.c | 28 ++
src/qemu/qemu_extdevice.c | 2 +-
src/qemu/qemu_extdevice.h | 3 +
src/qemu/qemu_tpm.c | 204 ++++++++------
src/util/vircommand.c | 148 +++++++++-
src/util/vircommand.h | 5 +
src/util/virsecret.c | 2 +-
src/util/virtpm.c | 261 ++++++++++++++++++
src/util/virtpm.h | 23 ++
tests/commandhelper.c | 70 ++++-
tests/commandtest.c | 113 ++++++++
.../tpm-emulator-tpm2-enc.x86_64-latest.args | 35 +++
.../tpm-emulator-tpm2-enc.xml | 32 +++
tests/qemuxml2argvtest.c | 1 +
.../tpm-emulator-tpm2-enc.xml | 36 +++
tests/qemuxml2xmltest.c | 2 +
tests/secretxml2xmlin/usage-vtpm.xml | 7 +
tests/secretxml2xmltest.c | 1 +
27 files changed, 1095 insertions(+), 89 deletions(-)
create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.xml
create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator-tpm2-enc.xml
create mode 100644 tests/secretxml2xmlin/usage-vtpm.xml
--
2.20.1
5 years, 5 months
[libvirt] [PATCH 0/3] domain_conf related trivial cleanups
by Ján Tomko
Ján Tomko (3):
virsh: clean up includes
conf: remove outdated comment
conf: remove reference to VIR_DOMAIN_RNG_BACKEND_POOL
src/conf/domain_conf.h | 2 --
tools/virsh.c | 3 ---
tools/vsh.c | 3 ---
3 files changed, 8 deletions(-)
--
2.19.2
5 years, 5 months
[libvirt] [RFC] New domain job control and stat APIs
by Peter Krempa
Currently we don't have a consolidated approach for managing
asynchronous long-running domain jobs. Historically there were
long-running jobs which interlocked with each other and thus there was
only one such job possible at given time (migration, save, restore, dump)
These jobs have a not very flexible set of APIs:
virDomainGetJobInfo, virDomainGetJobStats, virDomainAbortJob.
These don't really allow selecting which job to terminate since there's
only one, thus if we wanted to add different kinds of jobs which not
necessarily interlock but are able to run in parallel we had to
introduce another set of APIs.
This resulted into creation of block job APIs:
virDomainBlockJobAbort, virDomainGetBlockJobInfo
These allow parallel jobs (discriminated by disk to which the job
belongs) but are not universal and nor allow parallel jobs on a single
disk.
Similarly blockjobs can also become detached from the disk e.g. if the
guest unplugs the disk fronted. That way the job would linger in a limbo
and would not be controllable. (This is certainly a possibility with
-blockdev).
With -blockdev we also get a potentially long-running blockdev-create
job which is not bound to any disk as part of kicking of a snapshot or
block copy job. This one might also get stuck and in the current state
is not really controllable.
Additionally the upcomming block-backup job will be a combination of the
above. It's a job which spans multiple disks (thus not really a block
job in libvirt terminology) but not a domain job either as there
can be potentially more than one block backup job. The proposal for
block-backup introduces it's own single-purpose set of APIs for managing
the backup job only, but abuses the block job and domain job events to
distribute the async state updates.
With this series I want to introduce a set of APIs for managing the jobs
which are designed to be universal enough and a new event so that noting
will try to retrofit onto existing infrastructure.
An example of the job XML would be:
<job type='block-commit-active' state='ready'>
<config>
<disk>vda</disk>
<top>vda[1]</top>
<base>vda[5]</base>
</config>
<stats>
<current>12345</current>
<end>12345</current>
</stats>
</job>
but this will be mostly a topic for the second part of this excercise
after we discuss the APIs.
The new infrastructure will also allow adding a flag for all the
existing APIs which kick-off a job so that the job will persist even
after it finishes. This will also properly implement the statistics for
a finished migration and similar.
Obviously we will need to take special care when wiring up these so that
the old APIs work for old situations and also the events are reported
correctly.
The initial idea would be to implement the stats XML both for the domain
jobs (migration, dump) and blockjobs to simplify the job for mgmt apps
so that they won't have to infer whether the given job type is already
reported in the new API.
Additionally we can also implement flags for the XML getter API that
will skip the stats gathering as that may require monitor interactions.
Also one possibility would be to return an abbreviated XML in the
listing API.
---
include/libvirt/libvirt-domain.h | 91 +++++++++++++++++++++++++++++++
src/libvirt-domain.c | 94 ++++++++++++++++++++++++++++++++
2 files changed, 185 insertions(+)
diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-domain.h
index 2dbd74d4f3..dac77771be 100644
--- a/include/libvirt/libvirt-domain.h
+++ b/include/libvirt/libvirt-domain.h
@@ -4485,6 +4485,28 @@ typedef void (*virConnectDomainEventBlockThresholdCallback)(virConnectPtr conn,
unsigned long long excess,
void *opaque);
+/**
+ * virConnectDomainEventJobStateCallback:
+ * @conn: connection object
+ * @dom: domain on which the event occurred
+ * @jobname: name of job which changed state
+ * @jobtype: type of the job
+ * @newstate: the new state the job entered
+ * @opaque: application specified data
+ *
+ * The callback occurs when a long running domain job (see virDomainJobList)
+ * changes state.
+ *
+ * The callback signature to use when registering for an event of type
+ * VIR_DOMAIN_EVENT_ID_JOB_STATE with virConnectDomainEventRegisterAny()
+ */
+typedef void (*virConnectDomainEventJobStateCallback)(virConnectPtr conn,
+ virDomainPtr dom,
+ const char *jobname,
+ virDomainJobType jobtype,
+ virDomainJobState newstate,
+ void *opaque);
+
/**
* VIR_DOMAIN_EVENT_CALLBACK:
*
@@ -4527,6 +4549,7 @@ typedef enum {
VIR_DOMAIN_EVENT_ID_DEVICE_REMOVAL_FAILED = 22, /* virConnectDomainEventDeviceRemovalFailedCallback */
VIR_DOMAIN_EVENT_ID_METADATA_CHANGE = 23, /* virConnectDomainEventMetadataChangeCallback */
VIR_DOMAIN_EVENT_ID_BLOCK_THRESHOLD = 24, /* virConnectDomainEventBlockThresholdCallback */
+ VIR_DOMAIN_EVENT_ID_JOB_STATE = 25, /* virConnectDomainEventJobStateCallback */
# ifdef VIR_ENUM_SENTINELS
VIR_DOMAIN_EVENT_ID_LAST
@@ -4896,4 +4919,72 @@ int virDomainGetLaunchSecurityInfo(virDomainPtr domain,
int *nparams,
unsigned int flags);
+typedef enum {
+ VIR_DOMAIN_JOB_TYPE_NONE = 0,
+ VIR_DOMAIN_JOB_TYPE_MIGRATION = 1,
+ VIR_DOMAIN_JOB_TYPE_BLOCK_PULL = 2,
+ [...]
+
+# ifdef VIR_ENUM_SENTINELS
+ VIR_DOMAIN_JOB_TYPE_LAST
+# endif
+} virDomainJobType;
+
+
+typedef enum {
+ VIR_DOMAIN_JOB_STATE_NONE = 0, /* unknown job state */
+ VIR_DOMAIN_JOB_STATE_RUNNING = 1, /* job is currently running */
+ VIR_DOMAIN_JOB_STATE_READY = 2, /* job reached a synchronized state and may be finalized */
+ VIR_DOMAIN_JOB_STATE_FAILED = 3, /* job has failed */
+ VIR_DOMAIN_JOB_STATE_COMPLETED = 4, /* job has completed successfully */
+ VIR_DOMAIN_JOB_STATE_ABORTED = 5, /* job has been aborted */
+ [...]
+
+# ifdef VIR_ENUM_SENTINELS
+ VIR_DOMAIN_JOB_STATE_LAST
+# endif
+} virDomainJobState;
+
+
+typedef struct _virDomainJob virDomainJob;
+typedef virDomainJob *virDomainJobPtr;
+struct _virDomainJob {
+ char *name;
+ virDomainJobType type;
+ virDomainJobState state;
+
+ /* possibly overkill? - currently empty*/
+ virTypedParameterPtr data;
+ size_t ndata;
+};
+
+
+void virDomainJobFree(virDomainJobPtr job);
+
+int virDomainJobList(virDomainPtr domain,
+ virDomainJobPtr **jobs,
+ unsigned int flags);
+
+int virDomainJobGetXMLDesc(virDomainPtr domain,
+ const char *jobname,
+ unsigned int flags);
+
+typedef enum {
+ VIR_DOMAIN_JOB_CONTROL_OPERATION_NONE = 0,
+ VIR_DOMAIN_JOB_CONTROL_OPERATION_ABORT = 1,
+ VIR_DOMAIN_JOB_CONTROL_OPERATION_FINALIZE = 2,
+ VIR_DOMAIN_JOB_CONTROL_OPERATION_PAUSE = 3,
+ VIR_DOMAIN_JOB_CONTROL_OPERATION_RESUME = 4,
+ VIR_DOMAIN_JOB_CONTROL_OPERATION_DISMISS = 5,
+
+# ifdef VIR_ENUM_SENTINELS
+ VIR_DOMAIN_JOB_CONTROL_OPERATION_LAST
+# endif
+} virDomainJobControlOperation;
+
+int virDomainJobControl(virDomainPtr domain,
+ const char *jobname,
+ virDomainJobControlOperation op,
+ unsigned int flags);
+
#endif /* LIBVIRT_DOMAIN_H */
diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
index 3d12e7c125..aa5571818f 100644
--- a/src/libvirt-domain.c
+++ b/src/libvirt-domain.c
@@ -12362,3 +12362,97 @@ int virDomainGetLaunchSecurityInfo(virDomainPtr domain,
virDispatchError(domain->conn);
return -1;
}
+
+
+/**
+ * virDomainJobFree:
+ * @job: pointer to virDomainJob object
+ *
+ * Frees the memory associated with @job.
+ */
+void
+virDomainJobFree(virDomainJobPtr job)
+{
+ [...]
+}
+
+
+/**
+ * virDomainJobList:
+ * @domain: pointer to a domain
+ * @jobs: Pointer to a variable to store the array containing job description
+ * objects or NULL if the list is not required.
+ * @flags: optional flags (currently unused, callers should always pass 0)
+ *
+ * Collects a list of background jobs associated with @domain and returns it in
+ * an allocated array of virDomainJobPtr structs. The jobs include migration jobs
+ * block jobs and any other possibly long running asynchronous operation.
+ *
+ * The caller is responsible for freeing the members of the returned @jobs array
+ * using virDomainJobFree and the whole array using free();
+ *
+ * Returns the number of jobs running on @domain on success (optionally filling
+ * @jobs if non-NULL) or -1 on error (value of @jobs is set to NULL).
+ */
+int
+virDomainJobList(virDomainPtr domain,
+ virDomainJobPtr **jobs,
+ unsigned int flags)
+{
+ [...]
+}
+
+
+/**
+ * virDomainJobGetXMLDesc:
+ * @domain: pointer to a domain
+ * @jobname: name of the domain job to operate on
+ * @flags: optional flags (currently unused, callers should always pass 0)
+ *
+ * Returns a string containing an UTF-8 encoded XML document describing the
+ * configuration, state and progress of domain job @jobname. Please refer to the
+ * job XML documentation for information on the format of the returned document.
+ *
+ * In case of error NULL is returned. Caller is responsible for free()-ing the
+ * returned string.
+ */
+char *
+virDomainJobGetXMLDesc(virDomainPtr domain,
+ const char *jobname,
+ unsigned int flags)
+{
+ [...]
+}
+
+
+/**
+ * virDomainJobControl:
+ * @domain: pointer to a domain
+ * @jobname: name of the domain job to operate on
+ * @op: operation to perform on @jobname
+ * @flags: optional flags (currently unused, callers should always pass 0)
+ *
+ * Requests change of state of @jobname. Note that it depends on the type of
+ * @jobname whether @op is supported.
+ *
+ * VIR_DOMAIN_JOB_CONTROL_OPERATION_FINALIZE are supported only with
+ * VIR_DOMAIN_JOB_TYPE_BLOCK_COPY and VIR_DOMAIN_JOB_TYPE_BLOCK_COMMIT_ACTIVE.
+ *
+ * VIR_DOMAIN_JOB_CONTROL_OPERATION_PAUSE and VIR_DOMAIN_JOB_CONTROL_OPERATION_RESUME
+ * are supported only with VIR_DOMAIN_JOB_TYPE_BLOCK_* type jobs.
+ *
+ * The request to change state is asynchronous and callers should install an
+ * event callback for VIR_DOMAIN_EVENT_ID_JOB_STATE if they wish to be notified
+ * when the state change occured. (Note that the callback may fire before this
+ * API returns).
+ *
+ * Returns 0 on success or -1 on error.
+ */
+int
+virDomainJobControl(virDomainPtr domain,
+ const char *jobname,
+ virDomainJobControlOperations op,
+ unsigned int flags)
+{
+ [...]
+}
--
2.21.0
5 years, 5 months
[libvirt] [BUG] Hyper-V Enlightenments are broken in 5.5.0+
by Vitaly Kuznetsov
Hi,
when some Hyper-V enlightenments are added to the domain configuration,
e.g.
<features>
...
<hyperv>
..
<vpindex state='on'/>
</hyperv>
...
I'm observing the following:
# virsh create /etc/libvirt/qemu/win2k16.xml
error: Failed to create domain from /etc/libvirt/qemu/win2k16.xml
error: unsupported configuration: host doesn't support hyperv 'vpindex' feature
the feature is, of course, supported in KVM/QEMU.
I've bisected the problem to the particular commit:
commit 63acb7bfd56f117309e4fcaf438639d4d7bc7dcb
Author: Jiri Denemark <jdenemar(a)redhat.com>
Date: Mon Jun 17 23:38:46 2019 +0200
qemu_process: Prefer generic qemuMonitorGetGuestCPU
Any ideas?
--
Vitaly
5 years, 5 months
[libvirt] [PATCH] qemu: Translate features in virQEMUCapsGetCPUFeatures
by Jiri Denemark
Starting with QEMU 4.1 qemuMonitorCPUModelInfo structure in virQEMUCaps
stores only canonical feature names which may differ from the name used
by libvirt. We need translate these canonical names into libvirt names
for further consumption.
This fixes a bug in qemuConnectBaselineHypervisorCPU which would remove
all features for which libvirt's spelling differs from the QEMU's
preferred name. For example, the following result of
qemuConnectBaselineHypervisorCPU on my host with QEMU 4.1 is wrong:
<cpu mode='custom' match='exact'>
<model fallback='forbid'>Skylake-Client</model>
<vendor>Intel</vendor>
<feature policy='require' name='ss'/>
<feature policy='require' name='vmx'/>
<feature policy='require' name='hypervisor'/>
<feature policy='require' name='clflushopt'/>
<feature policy='require' name='umip'/>
<feature policy='require' name='arch-capabilities'/>
<feature policy='require' name='xsaves'/>
<feature policy='require' name='pdpe1gb'/>
<feature policy='require' name='invtsc'/>
<feature policy='disable' name='pclmuldq'/>
<feature policy='disable' name='lahf_lm'/>
</cpu>
The 'pclmuldq' and 'lahf_lm' should not be disabled in the baseline CPU
as they are supported by QEMU on this host.
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
src/qemu/qemu_capabilities.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 65192469da..2388f145af 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -2598,7 +2598,8 @@ virQEMUCapsGetCPUFeatures(virQEMUCapsPtr qemuCaps,
if (migratable && prop->migratable == VIR_TRISTATE_BOOL_NO)
continue;
- if (VIR_STRDUP(list[n++], prop->name) < 0)
+ if (VIR_STRDUP(list[n++],
+ virQEMUCapsCPUFeatureFromQEMU(qemuCaps, prop->name)) < 0)
goto cleanup;
}
--
2.22.0
5 years, 5 months
[libvirt] [PATCH 0/7] qemu: Various blockdev-related fixes (blockdev-add saga)
by Peter Krempa
Peter Krempa (7):
qemu: command: Fix function name in comment
qemu: Add possibility to prepare top image only for attachment via
blockdev
qemu: block: Add helper for generating snapshot transaction for
-blockdev
qemu: Use virStorageSourceIsEmpty in qemuDomainBlockCommit
qemu: block: Use simple backing stores string format if possible
qemu: snapshot: Initialize data for inactive config of snapshot
earlier
qemu: blockjob: Reset 'synchronous' block job handling flag prior to
flushing events
src/qemu/qemu_block.c | 108 ++++++++++++++----
src/qemu/qemu_block.h | 9 ++
src/qemu/qemu_blockjob.c | 2 +-
src/qemu/qemu_command.c | 51 +++++++--
src/qemu/qemu_command.h | 3 +
src/qemu/qemu_driver.c | 34 +++---
.../imagecreate/qcow2-backing-raw-nbd.json | 2 +-
7 files changed, 158 insertions(+), 51 deletions(-)
--
2.21.0
5 years, 5 months
