February 2020 - Devel - libvirt List Archives

[libvirt] [PATCH] Fix python error reporting for some storage operations
by Cole Robinson 07 Mar '25

07 Mar '25

In the python bindings, all vir* classes expect to be passed a virConnect object when instantiated. Before the storage stuff, these classes were only instantiated in virConnect methods, so the generator is hardcoded to pass 'self' as the connection instance to these classes. Problem is there are some methods that return pool or vol instances which aren't called from virConnect: you can lookup a storage volume's associated pool, and can lookup volumes from a pool. In these cases passing 'self' doesn't give the vir* instance a connection, so when it comes time to raise an exception crap hits the fan. Rather than rework the generator to accomodate this edge case, I just fixed the init functions for virStorage* to pull the associated connection out of the passed value if it's not a virConnect instance. Thanks, Cole diff --git a/python/generator.py b/python/generator.py index 01a17da..c706b19 100755 --- a/python/generator.py +++ b/python/generator.py @@ -962,8 +962,12 @@ def buildWrappers(): list = reference_keepers[classname] for ref in list: classes.write(" self.%s = None\n" % ref[1]) - if classname in [ "virDomain", "virNetwork", "virStoragePool", "virStorageVol" ]: + if classname in [ "virDomain", "virNetwork" ]: classes.write(" self._conn = conn\n") + elif classname in [ "virStorageVol", "virStoragePool" ]: + classes.write(" self._conn = conn\n" + \ + " if not isinstance(conn, virConnect):\n" + \ + " self._conn = conn._conn\n") classes.write(" if _obj != None:self._o = _obj;return\n") classes.write(" self._o = None\n\n"); destruct=None

4 3

Re: [libvirt] [Qemu-devel] Qemu migration with vhost-user-blk on top of local storage
by Stefan Hajnoczi 27 Oct '23

27 Oct '23

On Wed, Jan 09, 2019 at 06:23:42PM +0800, wuzhouhui wrote: > Hi everyone, > > I'm working qemu with vhost target (e.g. spdk), and I attempt to migrate VM with > 2 local storages. One local storage is a regular file, e.g. /tmp/c74.qcow2, and > the other is a malloc bdev that spdk created. This malloc bdev will exported to > VM via vhost-user-blk. When I execute following command: > > virsh migrate --live --persistent --unsafe --undefinesource --copy-storage-all \ > --p2p --auto-converge --verbose --desturi qemu+tcp://<uri>/system vm0 > > The libvirt reports: > > qemu-2.12.1: error: internal error: unable to execute QEMU command \ > 'nbd-server-add': Cannot find device=drive-virtio-disk1 nor \ > node_name=drive-virtio-disk1 Please post your libvirt domain XML. > Does it means that qemu with spdk on top of local storage don't support migration? > > QEMU: 2.12.1 > SPDK: 18.10 vhost-user-blk bypasses the QEMU block layer, so NBD storage migration at the QEMU level will not work for the vhost-user-blk disk. Stefan

4 4

[libvirt] [PATCH v3] openvswitch: Add new port VLAN mode "dot1q-tunnel"
by luzhipeng＠uniudc.com 27 Oct '23

27 Oct '23

From: ZhiPeng Lu <luzhipeng(a)uniudc.com> Signed-off-by: ZhiPeng Lu <luzhipeng(a)uniudc.com> --- v1->v2: 1. Fix "make syntax-check" failure v2->v3: 1. remove other_config when updating vlan docs/formatnetwork.html.in | 17 +++++++++-------- docs/schemas/networkcommon.rng | 1 + src/conf/netdev_vlan_conf.c | 2 +- src/util/virnetdevopenvswitch.c | 7 +++++++ src/util/virnetdevvlan.h | 1 + 5 files changed, 19 insertions(+), 9 deletions(-) diff --git a/docs/formatnetwork.html.in b/docs/formatnetwork.html.in index 363a72b..3c1ae62 100644 --- a/docs/formatnetwork.html.in +++ b/docs/formatnetwork.html.in @@ -688,16 +688,17 @@ </p> <p> For network connections using Open vSwitch it is also possible - to configure 'native-tagged' and 'native-untagged' VLAN modes + to configure 'native-tagged' and 'native-untagged' and 'dot1q-tunnel' + VLAN modes. <span class="since">Since 1.1.0.</span> This is done with the - optional <code>nativeMode</code> attribute on - the <code><tag></code> subelement: <code>nativeMode</code> - may be set to 'tagged' or 'untagged'. The <code>id</code> - attribute of the <code><tag></code> subelement - containing <code>nativeMode</code> sets which VLAN is considered - to be the "native" VLAN for this interface, and + optional <code>nativeMode</code> attribute on the + <code><tag></code> subelement: <code>nativeMode</code> + may be set to 'tagged' or 'untagged' or 'dot1q-tunnel'. + The <code>id</code> attribute of the <code><tag></code> + subelement containing <code>nativeMode</code> sets which VLAN is + considered to be the "native" VLAN for this interface, and the <code>nativeMode</code> attribute determines whether or not - traffic for that VLAN will be tagged. + traffic for that VLAN will be tagged or QinQ. </p> <p> <code><vlan></code> elements can also be specified in diff --git a/docs/schemas/networkcommon.rng b/docs/schemas/networkcommon.rng index 2699555..11c48ff 100644 --- a/docs/schemas/networkcommon.rng +++ b/docs/schemas/networkcommon.rng @@ -223,6 +223,7 @@ <choice> <value>tagged</value> <value>untagged</value> + <value>dot1q-tunnel</value> </choice> </attribute> </optional> diff --git a/src/conf/netdev_vlan_conf.c b/src/conf/netdev_vlan_conf.c index dff49c6..79710d9 100644 --- a/src/conf/netdev_vlan_conf.c +++ b/src/conf/netdev_vlan_conf.c @@ -29,7 +29,7 @@ #define VIR_FROM_THIS VIR_FROM_NONE VIR_ENUM_IMPL(virNativeVlanMode, VIR_NATIVE_VLAN_MODE_LAST, - "default", "tagged", "untagged") + "default", "tagged", "untagged", "dot1q-tunnel") int virNetDevVlanParse(xmlNodePtr node, xmlXPathContextPtr ctxt, virNetDevVlanPtr def) diff --git a/src/util/virnetdevopenvswitch.c b/src/util/virnetdevopenvswitch.c index 8fe06fd..9fec30b 100644 --- a/src/util/virnetdevopenvswitch.c +++ b/src/util/virnetdevopenvswitch.c @@ -91,6 +91,11 @@ virNetDevOpenvswitchConstructVlans(virCommandPtr cmd, virNetDevVlanPtr virtVlan) virCommandAddArg(cmd, "vlan_mode=native-untagged"); virCommandAddArgFormat(cmd, "tag=%d", virtVlan->nativeTag); break; + case VIR_NATIVE_VLAN_MODE_DOT1Q_TUNNEL: + virCommandAddArg(cmd, "vlan_mode=dot1q-tunnel"); + virCommandAddArg(cmd, "other_config:qinq-ethtype=802.1q"); + virCommandAddArgFormat(cmd, "tag=%d", virtVlan->nativeTag); + break; case VIR_NATIVE_VLAN_MODE_DEFAULT: default: break; @@ -504,6 +509,8 @@ int virNetDevOpenvswitchUpdateVlan(const char *ifname, "--", "--if-exists", "clear", "Port", ifname, "tag", "--", "--if-exists", "clear", "Port", ifname, "trunk", "--", "--if-exists", "clear", "Port", ifname, "vlan_mode", + "--", "--if-exists", "remove", "Port", ifname, "other_config", + "qinq-ethtype", NULL, "--", "--if-exists", "set", "Port", ifname, NULL); if (virNetDevOpenvswitchConstructVlans(cmd, virtVlan) < 0) diff --git a/src/util/virnetdevvlan.h b/src/util/virnetdevvlan.h index be85f59..0667f9d 100644 --- a/src/util/virnetdevvlan.h +++ b/src/util/virnetdevvlan.h @@ -29,6 +29,7 @@ typedef enum { VIR_NATIVE_VLAN_MODE_DEFAULT = 0, VIR_NATIVE_VLAN_MODE_TAGGED, VIR_NATIVE_VLAN_MODE_UNTAGGED, + VIR_NATIVE_VLAN_MODE_DOT1Q_TUNNEL, VIR_NATIVE_VLAN_MODE_LAST } virNativeVlanMode; -- 1.8.3.1

3 2

[libvirt] [PATCH] Fix compile error for stable 1.2.9
by Yang hongyang 27 Oct '23

27 Oct '23

Seems a backport miss. An extra member is passed to struct virLXCBasicMountInfo. Signed-off-by: Yang hongyang <hongyang.yang(a)easystack.cn> --- src/lxc/lxc_container.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index 28dabec..1c65fa9 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -760,7 +760,7 @@ typedef struct { static const virLXCBasicMountInfo lxcBasicMounts[] = { { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false, false }, - { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false, false, false }, + { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false, false }, { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false, false }, { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true }, #if WITH_SELINUX -- 1.7.1

3 2

[libvirt] [PATCH] web docs -- macvtap mode explanation
by Stefan Berger 27 Oct '23

27 Oct '23

This adds more information about the different macvtap device modes. Regards, Stefan

3 2

[libvirt] Supporting vhost-net and macvtap in libvirt for QEMU
by Anthony Liguori 27 Oct '23

27 Oct '23

Disclaimer: I am neither an SR-IOV nor a vhost-net expert, but I've CC'd people that are who can throw tomatoes at me for getting bits wrong :-) I wanted to start a discussion about supporting vhost-net in libvirt. vhost-net has not yet been merged into qemu but I expect it will be soon so it's a good time to start this discussion. There are two modes worth supporting for vhost-net in libvirt. The first mode is where vhost-net backs to a tun/tap device. This is behaves in very much the same way that -net tap behaves in qemu today. Basically, the difference is that the virtio backend is in the kernel instead of in qemu so there should be some performance improvement. Current, libvirt invokes qemu with -net tap,fd=X where X is an already open fd to a tun/tap device. I suspect that after we merge vhost-net, libvirt could support vhost-net in this mode by just doing -net vhost,fd=X. I think the only real question for libvirt is whether to provide a user visible switch to use vhost or to just always use vhost when it's available and it makes sense. Personally, I think the later makes sense. The more interesting invocation of vhost-net though is one where the vhost-net device backs directly to a physical network card. In this mode, vhost should get considerably better performance than the current implementation. I don't know the syntax yet, but I think it's reasonable to assume that it will look something like -net tap,dev=eth0. The effect will be that eth0 is dedicated to the guest. On most modern systems, there is a small number of network devices so this model is not all that useful except when dealing with SR-IOV adapters. In that case, each physical device can be exposed as many virtual devices (VFs). There are a few restrictions here though. The biggest is that currently, you can only change the number of VFs by reloading a kernel module so it's really a parameter that must be set at startup time. I think there are a few ways libvirt could support vhost-net in this second mode. The simplest would be to introduce a new tag similar to <source network='br0'>. In fact, if you probed the device type for the network parameter, you could probably do something like <source network='eth0'> and have it Just Work. Another model would be to have libvirt see an SR-IOV adapter as a network pool whereas it handled all of the VF management. Considering how inflexible SR-IOV is today, I'm not sure whether this is the best model. Has anyone put any more thought into this problem or how this should be modeled in libvirt? Michael, could you share your current thinking for -net syntax? -- Regards, Anthony Liguori

8 26

[libvirt] Semantic change in v4.3 slows down image creation and snapshots (on ZFS)
by Christian Ehrhardt 31 Jul '22

31 Jul '22

Hi, when discussing bug [1] triggered by [2] Daniel and I have found that the change [3] which is in since v4.3 was a semantic change to the behavior of libvirt. virt-manager used and still does issue a volume XML like: <volume> <name>disk.qcow2</name> <capacity>16106127360</capacity> <allocation>16106127360</allocation> <target> <format type="qcow2"/> <features> <lazy_refcounts/> </features> </target> </volume> Up until the commit above that was using preallocation=metadata, but now uses preallocation=falloc. In many cases (read: Fileystems) that won't be very user-visible, but if you are running on ZFS (or anything else that can't fallocate well) this is made worse by [4] slowing down these operations a lot. After the POV for virt-manager seems to have settled on the bug [1] referenced the remaining question is if libvirt should revert/modify the change [3] - and that we agreed required a wider discussion to be had here, hence this mail. [1]: https://bugzilla.redhat.com/show_bug.cgi?id=1759454 [2]: https://bugs.launchpad.net/virt-manager/+bug/1847105 [3]: https://libvirt.org/git/?p=libvirt.git;a=commit;h=c9ec7088c7a3f4cd26bb471f1… [4]: https://github.com/zfsonlinux/zfs/issues/326 -- Christian Ehrhardt Software Engineer, Ubuntu Server Canonical Ltd

4 3

[libvirt] [PATCH-for-4.2] hw/mips: Deprecate the r4k machine
by Philippe Mathieu-Daudé 10 Sep '20

10 Sep '20

The r4k machine was introduced in 2005 (6af0bf9c7) and its last logical change was in 2005 (9542611a6). After we can count 164 maintenance commits (QEMU API changes) with the exception of 1 fix in 2015 (memory leak, commit 3ad9fd5a). This machine was introduced as a proof of concept to run a MIPS CPU. 2 years later, the Malta machine was add (commit 5856de80) modeling a real platform. Note also this machine has no specification except 5 lines in the header of this file: * emulates a simple machine with ISA-like bus. * ISA IO space mapped to the 0x14000000 (PHYS) and * ISA memory at the 0x10000000 (PHYS, 16Mb in size). * All peripherial devices are attached to this "bus" with * the standard PC ISA addresses. It is time to deprecate this obsolete machine. Users are recommended to use the Malta board, which hardware is well documented. Signed-off-by: Philippe Mathieu-Daudé <philmd(a)redhat.com> --- qemu-deprecated.texi | 5 +++++ hw/mips/mips_r4k.c | 1 + MAINTAINERS | 2 +- 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/qemu-deprecated.texi b/qemu-deprecated.texi index 4b4b7425ac..05265b43c8 100644 --- a/qemu-deprecated.texi +++ b/qemu-deprecated.texi @@ -266,6 +266,11 @@ The 'scsi-disk' device is deprecated. Users should use 'scsi-hd' or @section System emulator machines +@subsection mips r4k platform (since 4.2) + +This machine type is very old and unmaintained. Users should use the 'malta' +machine type instead. + @subsection pc-0.12, pc-0.13, pc-0.14 and pc-0.15 (since 4.0) These machine types are very old and likely can not be used for live migration diff --git a/hw/mips/mips_r4k.c b/hw/mips/mips_r4k.c index 70024235ae..0b79ad26cb 100644 --- a/hw/mips/mips_r4k.c +++ b/hw/mips/mips_r4k.c @@ -294,6 +294,7 @@ void mips_r4k_init(MachineState *machine) static void mips_machine_init(MachineClass *mc) { + mc->deprecation_reason = "use malta machine type instead"; mc->desc = "mips r4k platform"; mc->init = mips_r4k_init; mc->block_default_type = IF_IDE; diff --git a/MAINTAINERS b/MAINTAINERS index 5e5e3e52d6..3b3a88e264 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -972,7 +972,7 @@ F: hw/net/mipsnet.c R4000 M: Aurelien Jarno <aurelien(a)aurel32.net> R: Aleksandar Rikalo <aleksandar.rikalo(a)rt-rk.com> -S: Maintained +S: Obsolete F: hw/mips/mips_r4k.c Fulong 2E -- 2.21.0

8 21

[libvirt] [python] WIP-FYI: mypy annotations for libvirt-python
by Philipp Hahn 20 Apr '20

20 Apr '20

Hello, Maybe you already have heads about mypy <http://mypy-lang.org/>, which "is an experimental optional static type checker for Python that aims to combine the benefits of dynamic (or "duck") typing and static typing". I started to write a manual annotation file for the Python binding of libvirt. I've attached my current version, so others can benefit from it, too. It is far from complete, but it already helped my to find some errors in my code. (My latest version is also available at <https://github.com/univention/typeshed/blob/libvirt/third_party/2and3/libvi…>) Long-term it probably would be better to teach the Python binding "generator.py" to add the type information (PEP 484 <https://www.python.org/dev/peps/pep-0484/>) directly into the generated "libvirt.py" file, but that's for another day. If someone else is interested in helping with that, please feel free to get in contact. Philipp -- Philipp Hahn Open Source Software Engineer Univention GmbH be open. Mary-Somerville-Str. 1 D-28359 Bremen Tel.: +49 421 22232-0 Fax : +49 421 22232-99 hahn(a)univention.de http://www.univention.de/ Geschäftsführer: Peter H. Ganten HRB 20755 Amtsgericht Bremen Steuer-Nr.: 71-597-02876

2 2

[libvirt] [PATCH v2 1/1] qemu: hide details of fake reboot
by Nikolay Shirokovskiy 08 Apr '20

08 Apr '20

If we use fake reboot then domain goes thru running->shutdown->running state changes with shutdown state only for short period of time. At least this is implementation details leaking into API. And also there is one real case when this is not convinient. I'm doing a backup with the help of temporary block snapshot (with the help of qemu's API which is used in the newly created libvirt's backup API). If guest is shutdowned I want to continue to backup so I don't kill the process and domain is in shutdown state. Later when backup is finished I want to destroy qemu process. So I check if it is in shutdowned state and destroy it if it is. Now if instead of shutdown domain got fake reboot then I can destroy process in the middle of fake reboot process. After shutdown event we also get stop event and now as domain state is running it will be transitioned to paused state and back to running later. Though this is not critical for the described case I guess it is better not to leak these details to user too. So let's leave domain in running state on stop event if fake reboot is in process. Reconnection code handles this patch without modification. It detects that qemu is not running due to shutdown and then calls qemuProcessShutdownOrReboot which reboots as fake reboot flag is set. Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy(a)virtuozzo.com> --- Changes from v1[1]: - rebase on current master - add comments - use special flag to check if we should go paused or not* - add notes about reconnection to commit message * Using just fake reboot flag is not reliable. What if ACPI shutdown is ignored by guest? Reboot flag will remain set and now domain state will remain running on plain pause. [1] https://www.redhat.com/archives/libvir-list/2019-October/msg01827.html src/qemu/qemu_domain.h | 1 + src/qemu/qemu_process.c | 61 ++++++++++++++++++++++++----------------- 2 files changed, 37 insertions(+), 25 deletions(-) diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index a32852047c..a39b9546ae 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -319,6 +319,7 @@ struct _qemuDomainObjPrivate { char *lockState; bool fakeReboot; + bool pausedShutdown; virTristateBool allowReboot; int jobs_queued; diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 7e1db50e8f..3e5fe3b6de 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -505,6 +505,7 @@ qemuProcessFakeReboot(void *opaque) qemuDomainObjEndJob(driver, vm); cleanup: + priv->pausedShutdown = false; if (ret == -1) ignore_value(qemuProcessKill(vm, VIR_QEMU_PROCESS_KILL_FORCE)); virDomainObjEndAPI(&vm); @@ -528,6 +529,7 @@ qemuProcessShutdownOrReboot(virQEMUDriverPtr driver, vm) < 0) { VIR_ERROR(_("Failed to create reboot thread, killing domain")); ignore_value(qemuProcessKill(vm, VIR_QEMU_PROCESS_KILL_NOWAIT)); + priv->pausedShutdown = false; virObjectUnref(vm); } } else { @@ -589,35 +591,41 @@ qemuProcessHandleShutdown(qemuMonitorPtr mon G_GNUC_UNUSED, goto unlock; } - VIR_DEBUG("Transitioned guest %s to shutdown state", - vm->def->name); - virDomainObjSetState(vm, - VIR_DOMAIN_SHUTDOWN, - VIR_DOMAIN_SHUTDOWN_UNKNOWN); + /* In case of fake reboot qemu shutdown state is transient so don't + * change domain state nor send events. */ + if (!priv->fakeReboot) { + VIR_DEBUG("Transitioned guest %s to shutdown state", + vm->def->name); + virDomainObjSetState(vm, + VIR_DOMAIN_SHUTDOWN, + VIR_DOMAIN_SHUTDOWN_UNKNOWN); - switch (guest_initiated) { - case VIR_TRISTATE_BOOL_YES: - detail = VIR_DOMAIN_EVENT_SHUTDOWN_GUEST; - break; + switch (guest_initiated) { + case VIR_TRISTATE_BOOL_YES: + detail = VIR_DOMAIN_EVENT_SHUTDOWN_GUEST; + break; - case VIR_TRISTATE_BOOL_NO: - detail = VIR_DOMAIN_EVENT_SHUTDOWN_HOST; - break; + case VIR_TRISTATE_BOOL_NO: + detail = VIR_DOMAIN_EVENT_SHUTDOWN_HOST; + break; - case VIR_TRISTATE_BOOL_ABSENT: - case VIR_TRISTATE_BOOL_LAST: - default: - detail = VIR_DOMAIN_EVENT_SHUTDOWN_FINISHED; - break; - } + case VIR_TRISTATE_BOOL_ABSENT: + case VIR_TRISTATE_BOOL_LAST: + default: + detail = VIR_DOMAIN_EVENT_SHUTDOWN_FINISHED; + break; + } - event = virDomainEventLifecycleNewFromObj(vm, - VIR_DOMAIN_EVENT_SHUTDOWN, - detail); + event = virDomainEventLifecycleNewFromObj(vm, + VIR_DOMAIN_EVENT_SHUTDOWN, + detail); - if (virDomainObjSave(vm, driver->xmlopt, cfg->stateDir) < 0) { - VIR_WARN("Unable to save status on vm %s after state change", - vm->def->name); + if (virDomainObjSave(vm, driver->xmlopt, cfg->stateDir) < 0) { + VIR_WARN("Unable to save status on vm %s after state change", + vm->def->name); + } + } else { + priv->pausedShutdown = true; } if (priv->agent) @@ -651,7 +659,10 @@ qemuProcessHandleStop(qemuMonitorPtr mon G_GNUC_UNUSED, reason = priv->pausedReason; priv->pausedReason = VIR_DOMAIN_PAUSED_UNKNOWN; - if (virDomainObjGetState(vm, NULL) == VIR_DOMAIN_RUNNING) { + /* In case of fake reboot qemu paused state is transient so don't + * reveal it in domain state nor sent events */ + if (virDomainObjGetState(vm, NULL) == VIR_DOMAIN_RUNNING && + !priv->pausedShutdown) { if (priv->job.asyncJob == QEMU_ASYNC_JOB_MIGRATION_OUT) { if (priv->job.current->status == QEMU_DOMAIN_JOB_STATUS_POSTCOPY) reason = VIR_DOMAIN_PAUSED_POSTCOPY; -- 2.23.0

4 5

RFC: qemu: use uuid instead of name for misc filenames
by Nikolay Shirokovskiy 30 Mar '20

30 Mar '20

Hi, everyone. I'm working on supporting domain renaming when it has snapshots which is not supported now. And it strikes me things will be much simplier to manage on renaming if we use uuid in filenames instead of domain names. 1. Renaming will only involve saving updated config. The saving is atomic thanx to tmp file and rename(2) approach. In constast current renaming on error paths can leave config with old or new name. Thus on libvirt restart extra VM will appear. And we don't need to rename autostart links, snapshot directories etc. 2. Renaming will be possible for running domains with no efforts. We only need to pass uuid instead of name in '-name guest=...' command line. 3. Mgmt can stop using autogenerated names for domains. I guess openstack for example uses names like instance-000002ff because we have many limitations on domain renaming. And if these limitations are removed then openstack can just use user supplied names for domains. 4. No issues with long domain names and filename length limit If the above conversion makes sense I guess the good time to apply it is on domain start (and rename to support renaming with snapshots). I guess we can also have tool (some virsh command) for developers to generate symlinks so one can access logs, configs etc by name instead of uuid. Nikolay

3 8

[libvirt] [PATCH 0/3] qemu: support -overcommit cpu-pm=on|off
by Menno Lageman 27 Mar '20

27 Mar '20

QEMU introduced a CPU power management feature with commit 6f131f13e68d ("kvm: support -overcommit cpu-pm=on|off"). With this flag, kvm allows guest to control host CPU power state. This increases latency for other processes using same host CPU in an unpredictable way, but if decreases idle entry/exit times for the running VCPU, so to use it QEMU needs a hint about whether host CPU is overcommitted, hence the flag name. This patch series adds a new kvm feature 'cpu-pm' for controlling "-overcommit cpu-pm=[on|off]" <features> <kvm> <cpu-pm state='on'/> </kvm> </features> Menno Lageman (2): qemu: introduce qemuBuildOvercommitCommandLine() tests: add tests for cpu-pm feature Wim ten Have (1): qemu: add hypervisor feature cpu-pm support for kvm docs/formatdomain.html.in | 7 ++++ docs/schemas/domaincommon.rng | 5 +++ src/conf/domain_conf.c | 4 ++ src/conf/domain_conf.h | 1 + src/libvirt_private.syms | 1 + src/qemu/qemu_command.c | 39 +++++++++++++++++-- src/qemu/qemu_domain.c | 25 ++++++++---- tests/qemuxml2argvdata/kvm-features-off.args | 2 +- tests/qemuxml2argvdata/kvm-features-off.xml | 1 + tests/qemuxml2argvdata/kvm-features.args | 2 +- tests/qemuxml2argvdata/kvm-features.xml | 1 + tests/qemuxml2argvtest.c | 4 +- tests/qemuxml2xmloutdata/kvm-features-off.xml | 1 + tests/qemuxml2xmloutdata/kvm-features.xml | 1 + 14 files changed, 79 insertions(+), 15 deletions(-) -- 2.21.0

3 7

[libvirt] [PATCH v4 0/2] introduction of migration_version attribute for VFIO live migration
by Yan Zhao 25 Mar '20

25 Mar '20

This patchset introduces a migration_version attribute under sysfs of VFIO Mediated devices. This migration_version attribute is used to check migration compatibility between two mdev devices of the same mdev type. Patch 1 defines migration_version attribute in Documentation/vfio-mediated-device.txt Patch 2 uses GVT as an example to show how to expose migration_version attribute and check migration compatibility in vendor driver. v4: 1. fixed indentation/spell errors, reworded several error messages 2. added a missing memory free for error handling in patch 2 v3: 1. renamed version to migration_version 2. let errno to be freely defined by vendor driver 3. let checking mdev_type be prerequisite of migration compatibility check 4. reworded most part of patch 1 5. print detailed error log in patch 2 and generate migration_version string at init time v2: 1. renamed patched 1 2. made definition of device version string completely private to vendor driver 3. reverted changes to sample mdev drivers 4. described intent and usage of version attribute more clearly. Yan Zhao (2): vfio/mdev: add migration_version attribute for mdev device drm/i915/gvt: export migration_version to mdev sysfs for Intel vGPU Documentation/vfio-mediated-device.txt | 113 +++++++++++++ drivers/gpu/drm/i915/gvt/Makefile | 2 +- drivers/gpu/drm/i915/gvt/gvt.c | 39 +++++ drivers/gpu/drm/i915/gvt/gvt.h | 5 + drivers/gpu/drm/i915/gvt/migration_version.c | 168 +++++++++++++++++++ drivers/gpu/drm/i915/gvt/vgpu.c | 13 +- 6 files changed, 337 insertions(+), 3 deletions(-) create mode 100644 drivers/gpu/drm/i915/gvt/migration_version.c -- 2.17.1

3 9

[PATCH] util: virhostcpu: Fail when fetching CPU Stats for invalid cpu
by Mauro S. M. Rodrigues 24 Mar '20

24 Mar '20

virHostCPUGetStatsLinux walks through every cpu in /proc/stat until it finds cpu%cpuNum that matches with the requested cpu. If none is found it logs the error but it should return -1, instead of 0. Otherwise virsh nodecpustats --cpu <invalid cpu number> and API bindings don't fail properly, printing a blank line instead of an error message. This patch also includes an additional test for virhostcputest to avoid this regression to happen again in the future. Reported-by: Satheesh Rajendran <satheera(a)in.ibm.com> Signed-off-by: Mauro S. M. Rodrigues <maurosr(a)linux.vnet.ibm.com> --- src/util/virhostcpu.c | 2 +- tests/virhostcputest.c | 9 ++++++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/src/util/virhostcpu.c b/src/util/virhostcpu.c index 81293eea8c..20c8d0ce6c 100644 --- a/src/util/virhostcpu.c +++ b/src/util/virhostcpu.c @@ -847,7 +847,7 @@ virHostCPUGetStatsLinux(FILE *procstat, _("Invalid cpuNum in %s"), __FUNCTION__); - return 0; + return -1; } diff --git a/tests/virhostcputest.c b/tests/virhostcputest.c index 7865b61578..2f569d8bd4 100644 --- a/tests/virhostcputest.c +++ b/tests/virhostcputest.c @@ -258,14 +258,17 @@ mymain(void) if (virTestRun(nodeData[i].testName, linuxTestHostCPU, &nodeData[i]) != 0) ret = -1; -# define DO_TEST_CPU_STATS(name, ncpus) \ +# define DO_TEST_CPU_STATS(name, ncpus, shouldFail) \ do { \ static struct nodeCPUStatsData data = { name, ncpus }; \ - if (virTestRun("CPU stats " name, linuxTestNodeCPUStats, &data) < 0) \ + if ((virTestRun("CPU stats " name, \ + linuxTestNodeCPUStats, \ + &data) < 0) != shouldFail) \ ret = -1; \ } while (0) - DO_TEST_CPU_STATS("24cpu", 24); + DO_TEST_CPU_STATS("24cpu", 24, false); + DO_TEST_CPU_STATS("24cpu", 25, true); return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; } -- 2.24.1

3 2

[libvirt PATCH v2 0/9] Second take on slirp-helper & dbus-vmstate
by marcandre.lureau＠redhat.com 13 Mar '20

13 Mar '20

From: Marc-André Lureau <marcandre.lureau(a)redhat.com> Hi, The series "[libvirt] [PATCH v2 00/23] Use a slirp helper process" has been merged and partially reverted. Meanwhile, qemu dbus-vmstate design has been changed and merged upstream. This new series fixes the slirp-helper support. The significant change is that dbus-vmstate now requires a bus (instead of the earlier peer-to-peer connection). The current series doesn't attempt to enforce strict policies on the bus. As long as you can connect to the bus, you can send/receive from/to anyone. A follow-up series should implement the recommendations from https://qemu.readthedocs.io/en/latest/interop/dbus.html#security. The libslirp-rs slirp-helper hasn't yet received an official release. For testing, you may: $ cargo install --features=all --git https://gitlab.freedesktop.org/slirp/libslirp-rs The resulting binary should be ~/.cargo/bin/slirp-helper, so qemu.conf slirp_helper location should be adjusted. With that in place, a VM with user networking (slirp) should now start with the helper process. thanks v2: - merge most suggestions/changes from Michal Privoznik review of v1. - added "WIP: qemu_slirp: update to follow current spec" Marc-André Lureau (9): qemu: remove dbus-vmstate code qemu-conf: add configurable dbus-daemon location qemu-conf: add dbusStateDir qemu: add a DBus daemon helper unit domain: save/restore the state of dbus-daemon running qemu: prepare and stop the dbus daemon qemu: add dbus-vmstate helper migration support qemu-slirp: register helper for migration WIP: qemu-slirp: update to follow current spec m4/virt-driver-qemu.m4 | 6 + src/qemu/libvirtd_qemu.aug | 1 + src/qemu/qemu.conf | 3 + src/qemu/qemu_alias.c | 17 +- src/qemu/qemu_alias.h | 3 +- src/qemu/qemu_command.c | 81 +++------ src/qemu/qemu_command.h | 6 +- src/qemu/qemu_conf.c | 7 + src/qemu/qemu_conf.h | 2 + src/qemu/qemu_dbus.c | 264 +++++++++++++++++++++++++---- src/qemu/qemu_dbus.h | 25 ++- src/qemu/qemu_domain.c | 30 ++-- src/qemu/qemu_domain.h | 8 +- src/qemu/qemu_extdevice.c | 4 +- src/qemu/qemu_hotplug.c | 165 +++++++++--------- src/qemu/qemu_hotplug.h | 17 +- src/qemu/qemu_migration.c | 57 ++++++- src/qemu/qemu_monitor.c | 21 +++ src/qemu/qemu_monitor.h | 3 + src/qemu/qemu_monitor_json.c | 15 ++ src/qemu/qemu_monitor_json.h | 5 + src/qemu/qemu_process.c | 6 + src/qemu/qemu_slirp.c | 157 +++-------------- src/qemu/qemu_slirp.h | 4 +- src/qemu/test_libvirtd_qemu.aug.in | 1 + 25 files changed, 544 insertions(+), 364 deletions(-) -- 2.25.0.rc2.1.g09a9a1a997

5 15

[libvirt] [PATCH] virt-host-validate: warn if kvm_hv is not loaded for POWER hosts
by Daniel Henrique Barboza 13 Mar '20

13 Mar '20

POWER hosts does not implement CPU virtualization extensions like x86 or s390x. Instead, all bare-metal POWER hosts are considered to be virtualization ready. For POWER, the validation is done by checking the virtualization kernel modules, kvm_hv and kvm_pr, to see if they are either not installed or not loaded in the host. If the KVM modules aren't present, we should not just warn but fail to validate. This patch implements this support. If kvm_hv is not installed, which can be determined by 'modinfo' returning not-zero return code, fail the verification. If kvm_hv is installed but not loaded, show a warning. The exception are POWER8 hosts, which can work with kvm_pr. In its case, ACK the use of kvm_pr if kvm_hv is not loaded/present. Signed-off-by: Daniel Henrique Barboza <danielhb413(a)gmail.com> --- tools/virt-host-validate-common.c | 136 ++++++++++++++++++++++++++++++ tools/virt-host-validate-common.h | 2 + tools/virt-host-validate-qemu.c | 6 ++ 3 files changed, 144 insertions(+) diff --git a/tools/virt-host-validate-common.c b/tools/virt-host-validate-common.c index bce0f14917..e6d7986758 100644 --- a/tools/virt-host-validate-common.c +++ b/tools/virt-host-validate-common.c @@ -411,3 +411,139 @@ int virHostValidateIOMMU(const char *hvname, virHostMsgPass(); return 0; } + + +static bool virHostCPUIsPower8(void) +{ + FILE *fp; + bool ret = false; + + if (!(fp = fopen("/proc/cpuinfo", "r"))) + return false; + + do { + char line[1024]; + + if (!fgets(line, sizeof(line), fp)) + break; + + /* Looks for the 'model name' line. This is more common for + * Intel /proc/cpuinfo formats, but let's account for it + * too. */ + if (STRPREFIX(line, "model name")) { + if (strstr(line, "POWER8")) + ret = true; + break; + } + + /* Looks for the 'cpu:' line which is more commonly present + * in /proc/cpuinfo Power systems. To ensure this is not + * 'cpu id' or any other cpu attribute, peek at the next char + * after the first whitespace. A tab, whitespace or ':' + * indicates we're on the right line */ + if (STRPREFIX(line, "cpu") && + (line[3] == '\t' || line[3] == ':' || line[3] == ' ')) { + if (strstr(line, "POWER8")) + ret = true; + break; + } + + } while (1); + + VIR_FORCE_FCLOSE(fp); + + return ret; +} + + +static bool virHostKernelModuleExists(const char *module) +{ + g_autofree char *cmd = g_strdup_printf("modinfo %s", module); + g_autofree char *stdout = NULL; + g_autofree char *stderr = NULL; + g_autoptr(GError) err = NULL; + int errStatus; + + if (g_spawn_command_line_sync(cmd, &stdout, &stderr, &errStatus, &err)) + return true; + + return false; +} + + +static bool virHostKernelModuleIsLoaded(const char *module) +{ + FILE *fp; + bool ret = false; + + if (!(fp = fopen("/proc/modules", "r"))) + return false; + + do { + char line[1024]; + + if (!fgets(line, sizeof(line), fp)) + break; + + if (STRPREFIX(line, module)) { + ret = true; + break; + } + + } while (1); + + VIR_FORCE_FCLOSE(fp); + + return ret; +} + + +int virHostValidatePowerPCModules(void) +{ + bool kvm_pr_exists = virHostKernelModuleExists("kvm_pr"); + bool kvm_pr_loaded = kvm_pr_exists && virHostKernelModuleIsLoaded("kvm_pr"); + bool kvm_hv_exists = virHostKernelModuleExists("kvm_hv"); + bool kvm_hv_loaded = kvm_hv_exists && virHostKernelModuleIsLoaded("kvm_hv"); + bool hostIsP8 = virHostCPUIsPower8(); + + virHostMsgCheck("QEMU", "%s", _("for PowerPC KVM modules loaded")); + + /* No Power KVM virtualization modules present on the host. */ + if (!kvm_hv_exists && !kvm_pr_exists) { + virHostMsgFail(VIR_HOST_VALIDATE_FAIL, + _("No kvm_hv or kvm_pr module present in " + "the host")); + return -1; + } + + /* Bail out for all non-Power8 CPUs if kvm_hv is not present. */ + if (!kvm_hv_exists && !hostIsP8) { + virHostMsgFail(VIR_HOST_VALIDATE_FAIL, + _("No kvm_hv module present in the host")); + return -1; + } + + /* Power8 CPUs virtualization works with any of kvm_hv and kvm_pr. + * Issue a warning if none are loaded. */ + if (hostIsP8) { + if (!kvm_hv_loaded && !kvm_pr_loaded) { + virHostMsgFail(VIR_HOST_VALIDATE_WARN, + _("Load kvm_hv or kvm_pr module " + "for better performance")); + return 0; + } + + virHostMsgPass(); + return 0; + } + + /* For non-Power8 hosts, show a warning if kvm_hv is not loaded. */ + if (!kvm_hv_loaded) { + virHostMsgFail(VIR_HOST_VALIDATE_WARN, + _("Load kvm_hv for better performance")); + return 0; + } + + virHostMsgPass(); + return 0; +} diff --git a/tools/virt-host-validate-common.h b/tools/virt-host-validate-common.h index 1b7e93e520..7a2933c8fd 100644 --- a/tools/virt-host-validate-common.h +++ b/tools/virt-host-validate-common.h @@ -83,3 +83,5 @@ int virHostValidateCGroupControllers(const char *hvname, int virHostValidateIOMMU(const char *hvname, virHostValidateLevel level); + +int virHostValidatePowerPCModules(void); \ No newline at end of file diff --git a/tools/virt-host-validate-qemu.c b/tools/virt-host-validate-qemu.c index ff3c1f0231..8753c6a31d 100644 --- a/tools/virt-host-validate-qemu.c +++ b/tools/virt-host-validate-qemu.c @@ -57,6 +57,12 @@ int virHostValidateQEMU(void) if (virBitmapIsBitSet(flags, VIR_HOST_VALIDATE_CPU_FLAG_SIE)) hasHwVirt = true; break; + case VIR_ARCH_PPC64: + case VIR_ARCH_PPC64LE: + hasVirtFlag = true; + if (virHostValidatePowerPCModules() == 0) + hasHwVirt = true; + break; default: hasHwVirt = false; } -- 2.23.0

2 3

Re: [PATCH V4 0/5] Introduce Advanced Watch Dog module
by Zhang, Chen 12 Mar '20

12 Mar '20

On 2/12/2020 10:56 AM, Jason Wang wrote: > On 2020/2/11 下午4:58, Zhang, Chen wrote: >>> -----Original Message----- >>> From: Jason Wang<jasowang(a)redhat.com> >>> Sent: Monday, January 20, 2020 10:57 AM >>> To: Zhang, Chen<chen.zhang(a)intel.com>; Paolo Bonzini >>> <pbonzini(a)redhat.com>; Philippe Mathieu-Daudé<philmd(a)redhat.com>; >>> qemu-dev<qemu-devel(a)nongnu.org> >>> Cc: Zhang Chen<zhangckid(a)gmail.com> >>> Subject: Re: [PATCH V4 0/5] Introduce Advanced Watch Dog module >>> >>> >>> On 2020/1/19 下午5:10, Zhang, Chen wrote: >>>> Hi~ >>>> >>>> Anyone have comments about this module? >>> Hi Chen: >>> >>> I will take a look at this series. >> Sorry for slow reply due to CNY and extend leave. >> OK, waiting your comments~ Thanks~ >> >>> Two general questions: >>> >>> - if it can detect more than network stall, it should not belong to /net >> This module use network connection status to detect all the issue(Host to Guest/Host to Host/Host to Admin...). >> The target is more than network but all use network way. So it is looks a tricky problem. > > Ok. > > >>> - need to convince libvirt guys for this proposal, since usually it's the duty of >>> upper layer instead of qemu itself >>> >> Yes, It looks a upper layer responsibility, but In the cover latter I have explained the reason why we need this in Qemu. >> try to make this module as simple as possible. This module give upper layer software a new way to connect/monitoring Qemu. >> And due to all the COLO code implement in Qemu side, Many customer want to use this FT solution without other dependencies, >> it is very easy to integrated to real product. >> >> Thanks >> Zhang Chen > > I would like to hear from libvirt about such design. Hi Jason, OK. I add the libvirt mailing list in this thread. The full mail discussion and patches: https://lists.nongnu.org/archive/html/qemu-devel/2020-02/msg02611.html By the way, I noticed Eric is libvirt maintianer. Hi Eric and Paolo, Can you give some comments about this series? Thanks Zhang Chen > > Thanks >

2 4

[PATCH] conf: Don't generate machine names with a dot
by Michal Privoznik 11 Mar '20

11 Mar '20

According to the linked BZ, machined expects either valid hostname or valid FQDN. While in case of multiple dots, a trailing one doesn't violate FQDN, it does violate the rule in case of something simple, like "domain.". But it's safe to remove it in both cases. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1721804 Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- src/conf/domain_conf.c | 4 ++-- tests/virsystemdtest.c | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 17867eeece..9371153618 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -30838,8 +30838,8 @@ virDomainMachineNameAppendValid(virBufferPtr buf, virBufferAddChar(buf, *name); } - /* trailing dashes are not allowed */ - virBufferTrimChars(buf, "-"); + /* trailing dashes or dots are not allowed */ + virBufferTrimChars(buf, "-."); } #undef HOSTNAME_CHARS diff --git a/tests/virsystemdtest.c b/tests/virsystemdtest.c index b7dfd64d06..9847f255ac 100644 --- a/tests/virsystemdtest.c +++ b/tests/virsystemdtest.c @@ -744,6 +744,7 @@ mymain(void) "qemu-100-kstest-network-device-default-httpksc9eed63e-981e-48ec"); TEST_MACHINE("kstest-network-device-default-httpks_(c9eed63e-981e-48ec--cdc-56b3f8c5f678)", 10, "qemu-10-kstest-network-device-default-httpksc9eed63e-981e-48ec"); + TEST_MACHINE("demo.test.", 11, "qemu-11-demo.test"); # define TESTS_PM_SUPPORT_HELPER(name, function) \ do { \ -- 2.24.1

2 2

[libvirt] [PATCH] net: Remove deprecated [hub_id name] tuple of 'hostfwd_add' / 'hostfwd_remove'
by Thomas Huth 09 Mar '20

09 Mar '20

It's been deprecated since QEMU v3.1.0. Time to finally remove it now. Signed-off-by: Thomas Huth <thuth(a)redhat.com> --- hmp-commands.hx | 8 ++++---- net/hub.c | 23 ----------------------- net/hub.h | 2 -- net/slirp.c | 44 ++++++++++++-------------------------------- qemu-deprecated.texi | 13 ++++++++----- 5 files changed, 24 insertions(+), 66 deletions(-) diff --git a/hmp-commands.hx b/hmp-commands.hx index cfcc044ce4..14ccc685d7 100644 --- a/hmp-commands.hx +++ b/hmp-commands.hx @@ -1463,8 +1463,8 @@ ETEXI #ifdef CONFIG_SLIRP { .name = "hostfwd_add", - .args_type = "arg1:s,arg2:s?,arg3:s?", - .params = "[hub_id name]|[netdev_id] [tcp|udp]:[hostaddr]:hostport-[guestaddr]:guestport", + .args_type = "arg1:s,arg2:s?", + .params = "[netdev_id] [tcp|udp]:[hostaddr]:hostport-[guestaddr]:guestport", .help = "redirect TCP or UDP connections from host to guest (requires -net user)", .cmd = hmp_hostfwd_add, }, @@ -1478,8 +1478,8 @@ ETEXI #ifdef CONFIG_SLIRP { .name = "hostfwd_remove", - .args_type = "arg1:s,arg2:s?,arg3:s?", - .params = "[hub_id name]|[netdev_id] [tcp|udp]:[hostaddr]:hostport", + .args_type = "arg1:s,arg2:s?", + .params = "[netdev_id] [tcp|udp]:[hostaddr]:hostport", .help = "remove host-to-guest TCP or UDP redirection", .cmd = hmp_hostfwd_remove, }, diff --git a/net/hub.c b/net/hub.c index 5795a678ed..88cfb876f3 100644 --- a/net/hub.c +++ b/net/hub.c @@ -193,29 +193,6 @@ NetClientState *net_hub_add_port(int hub_id, const char *name, return &port->nc; } -/** - * Find a specific client on a hub - */ -NetClientState *net_hub_find_client_by_name(int hub_id, const char *name) -{ - NetHub *hub; - NetHubPort *port; - NetClientState *peer; - - QLIST_FOREACH(hub, &hubs, next) { - if (hub->id == hub_id) { - QLIST_FOREACH(port, &hub->ports, next) { - peer = port->nc.peer; - - if (peer && strcmp(peer->name, name) == 0) { - return peer; - } - } - } - } - return NULL; -} - /** * Find a available port on a hub; otherwise create one new port */ diff --git a/net/hub.h b/net/hub.h index 66d3322fac..ce45f7b399 100644 --- a/net/hub.h +++ b/net/hub.h @@ -15,10 +15,8 @@ #ifndef NET_HUB_H #define NET_HUB_H - NetClientState *net_hub_add_port(int hub_id, const char *name, NetClientState *hubpeer); -NetClientState *net_hub_find_client_by_name(int hub_id, const char *name); void net_hub_info(Monitor *mon); void net_hub_check_clients(void); bool net_hub_flush(NetClientState *nc); diff --git a/net/slirp.c b/net/slirp.c index c4334ee876..77042e6df7 100644 --- a/net/slirp.c +++ b/net/slirp.c @@ -610,25 +610,13 @@ error: return -1; } -static SlirpState *slirp_lookup(Monitor *mon, const char *hub_id, - const char *name) +static SlirpState *slirp_lookup(Monitor *mon, const char *id) { - if (name) { - NetClientState *nc; - if (hub_id) { - nc = net_hub_find_client_by_name(strtol(hub_id, NULL, 0), name); - if (!nc) { - monitor_printf(mon, "unrecognized (hub-id, stackname) pair\n"); - return NULL; - } - warn_report("Using 'hub-id' is deprecated, specify the netdev id " - "directly instead"); - } else { - nc = qemu_find_netdev(name); - if (!nc) { - monitor_printf(mon, "unrecognized netdev id '%s'\n", name); - return NULL; - } + if (id) { + NetClientState *nc = qemu_find_netdev(id); + if (!nc) { + monitor_printf(mon, "unrecognized netdev id '%s'\n", id); + return NULL; } if (strcmp(nc->model, "user")) { monitor_printf(mon, "invalid device specified\n"); @@ -655,16 +643,12 @@ void hmp_hostfwd_remove(Monitor *mon, const QDict *qdict) int err; const char *arg1 = qdict_get_str(qdict, "arg1"); const char *arg2 = qdict_get_try_str(qdict, "arg2"); - const char *arg3 = qdict_get_try_str(qdict, "arg3"); - if (arg3) { - s = slirp_lookup(mon, arg1, arg2); - src_str = arg3; - } else if (arg2) { - s = slirp_lookup(mon, NULL, arg1); + if (arg2) { + s = slirp_lookup(mon, arg1); src_str = arg2; } else { - s = slirp_lookup(mon, NULL, NULL); + s = slirp_lookup(mon, NULL); src_str = arg1; } if (!s) { @@ -784,16 +768,12 @@ void hmp_hostfwd_add(Monitor *mon, const QDict *qdict) SlirpState *s; const char *arg1 = qdict_get_str(qdict, "arg1"); const char *arg2 = qdict_get_try_str(qdict, "arg2"); - const char *arg3 = qdict_get_try_str(qdict, "arg3"); - if (arg3) { - s = slirp_lookup(mon, arg1, arg2); - redir_str = arg3; - } else if (arg2) { - s = slirp_lookup(mon, NULL, arg1); + if (arg2) { + s = slirp_lookup(mon, arg1); redir_str = arg2; } else { - s = slirp_lookup(mon, NULL, NULL); + s = slirp_lookup(mon, NULL); redir_str = arg1; } if (s) { diff --git a/qemu-deprecated.texi b/qemu-deprecated.texi index 66d2b22a94..e407cc085e 100644 --- a/qemu-deprecated.texi +++ b/qemu-deprecated.texi @@ -206,11 +206,6 @@ the 'wait' field, which is only applicable to sockets in server mode @section Human Monitor Protocol (HMP) commands -@subsection The hub_id parameter of 'hostfwd_add' / 'hostfwd_remove' (since 3.1) - -The @option{[hub_id name]} parameter tuple of the 'hostfwd_add' and -'hostfwd_remove' HMP commands has been replaced by @option{netdev_id}. - @subsection cpu-add (since 4.0) Use ``device_add'' for hotplugging vCPUs instead of ``cpu-add''. See @@ -376,6 +371,14 @@ What follows is a record of recently removed, formerly deprecated features that serves as a record for users who have encountered trouble after a recent upgrade. +@section Human Monitor Protocol (HMP) commands + +@subsection The hub_id parameter of 'hostfwd_add' / 'hostfwd_remove' (removed in 5.0) + +The @option{[hub_id name]} parameter tuple of the 'hostfwd_add' and +'hostfwd_remove' HMP commands has been replaced by the single option +@option{netdev_id}. + @section QEMU Machine Protocol (QMP) commands @subsection block-dirty-bitmap-add "autoload" parameter (since 4.2.0) -- 2.18.1

2 4

[PATCH 0/8] qemu: Show willingness to use blockdev-reopen
by Peter Krempa 09 Mar '20

09 Mar '20

To break the chicken and egg problem loop between qemu and libvirt in using new features introduce experimental support for blockdev-reopen (or actually x-blockdev-reopen for the time being). This patchset adds QEMU_CAPS_BLOCKDEV_REOPEN capability which is currently not asserted until qemu stabilizes the blockdev-reopen interface but implements all the handlers to use it. This is a similar approach we used to add all of the bits required to use -blockdev with qemu. To show it's usefullnes two real problems are addressed using reopening: - Checkpoint deletion in backing chain, where we need to reopen the read-only backing images to allow modification of bitmaps. Using this approach will prevent qemu from having to introduce yet another ad-hoc interface to deal with the bitmaps. (note that checkpoints are also experimental themselves since they are part of the not-yet-finished incremental backup feature) - Late open of backing files for virDomainBlockCopy oVirt abuses a quirk in the old handling of block-copy when drive-mirror is used as qemu opens the backing images of the destination of the copy only once block-job-complete is called. Without blockdev-reopen it's impossible to replicate the old semantics as we need to install a backing file for the mirror copy and that is possible only using blockdev-reopen. (this change will stay disabled until blockdev-reopen is stabilized) There are a few other problems which this will deal with mostly related to bitmap handling which would also require ad-hoc qemu functionality otherwise. Since we have an existing interface we can show we are willing to use it to prevent wasting more engieering on qemu's side on partial solutions. This patchset applies on top of: https://www.redhat.com/archives/libvir-list/2020-February/msg01062.html It can be fetched from my repo: git fetch https://gitlab.com/pipo.sk/libvirt.git reopen-impl https://gitlab.com/pipo.sk/libvirt/-/commits/reopen-impl Note the above branch contains also patches which enable the feature and also enable incremental backup to facilitate simple testing without the need to use the qemu namespace. Successful use requires the following qemu patches: https://lists.gnu.org/archive/html/qemu-block/2020-02/msg01423.html https://lists.gnu.org/archive/html/qemu-block/2020-02/msg01467.html A qemu repo containing the above patches and patch to enable the detection done in my private brnch mentioned above can be fetched at: git fetch https://gitlab.com/pipo.sk/qemu.git bitmap-reopen https://gitlab.com/pipo.sk/qemu/-/commits/bitmap-reopen Peter Krempa (8): qemu: capabilities: Add QEMU_CAPS_BLOCKDEV_REOPEN qemu: monitor: Add handler for blockdev-reopen qemu: block: implement helpers for blockdev-reopen qemuCheckpointDiscardBitmaps: Reopen images for bitmap modifications qemuCheckpointDiscardBitmaps: Use correct field for checkpoint bitmap name qemuDomainBlockPivot: Move check prior to executing the pivot steps qemuDomainBlockCopyCommon: Record updated flags to block job qemu: blockcopy: Allow late opening of the backing chain of a shallow copy src/qemu/qemu_block.c | 121 +++++++++++++++++++++++++++++++++++ src/qemu/qemu_block.h | 14 ++++ src/qemu/qemu_capabilities.c | 1 + src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_checkpoint.c | 6 +- src/qemu/qemu_driver.c | 67 ++++++++++++++++--- src/qemu/qemu_monitor.c | 13 ++++ src/qemu/qemu_monitor.h | 3 + src/qemu/qemu_monitor_json.c | 21 ++++++ src/qemu/qemu_monitor_json.h | 4 ++ 10 files changed, 241 insertions(+), 10 deletions(-) -- 2.24.1

2 10

[libvirt PATCH 0/7] valgrind-inspired fixes
by Ján Tomko 06 Mar '20

06 Mar '20

First, clean up some valgrind noise. Then, fix some reported leaks in the test suite. Last, refactor some touched tests. Ján Tomko (7): tests: valgrind.supp: suppress g_type_register_static leaks tests: valgrind: do not trace system binaries qemumonitorjsontest: do not leak qapiData.schema qemumonitorjsontest: use virCPUDefNew() virsystemdtest: do not leak socket path qemumonitorjsontest: GetCPUModelComparison: use g_auto qemumonitorjsontest: GetCPUModelBaseline: use g_auto tests/.valgrind.supp | 13 +++++++++++++ tests/Makefile.am | 2 +- tests/qemumonitorjsontest.c | 29 ++++++++--------------------- tests/virsystemdtest.c | 5 ++++- 4 files changed, 26 insertions(+), 23 deletions(-) -- 2.24.1

2 8

[PATCH 0/3] remove dimm auto-align on hotplug/unplug
by Daniel Henrique Barboza 06 Mar '20

06 Mar '20

This series fixes bug [1]. See patch 2 for details. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1780506 Daniel Henrique Barboza (3): qemu_domain.c: make qemuDomainGetMemoryModuleSizeAlignment() public qemu_hotplug.c: remove dimm auto-align on hotplug/unplug qemu_domain.c: remove qemuDomainMemoryDeviceAlignSize() src/qemu/qemu_domain.c | 23 +++-------------------- src/qemu/qemu_domain.h | 4 ++-- src/qemu/qemu_hotplug.c | 23 +++++++++++++++++++++-- 3 files changed, 26 insertions(+), 24 deletions(-) -- 2.24.1

1 4

[PATCH v2 0/3] Tighten qemu-img rules on missing backing format
by Eric Blake 05 Mar '20

05 Mar '20

3 14

[libvirt PATCH] docs: add page describing the libvirt daemons
by Daniel P. Berrangé 05 Mar '20

05 Mar '20

Now that we have more than just the libvirtd daemon, we should be explaining to users what they are all for & important aspects of their configuration. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- docs/daemons.rst | 682 ++++++++++++++++++++++++++++++++++++++++++++++ docs/docs.html.in | 3 + 2 files changed, 685 insertions(+) create mode 100644 docs/daemons.rst diff --git a/docs/daemons.rst b/docs/daemons.rst new file mode 100644 index 0000000000..a74b228025 --- /dev/null +++ b/docs/daemons.rst @@ -0,0 +1,682 @@ +=============== +Libvirt Daemons +=============== + +.. contents:: + +A libvirt deployment for accessing one of the stateful drivers will require +one or more daemons to be deployed on the virtualization host. There are a +number of ways the daemons can be configured which will be outlined in this +page. + +Architectural options +===================== + +Monolithic vs modular daemons +----------------------------- + +Traditionally libvirt provided a single monolithic daemon called ``libvirtd`` +which exposed support for all the stateful drivers, both primary hypervisor +drivers and secondary supporting drivers. It also enables secure remote access +from clients running off host. + +Work is underway for the monolithic daemon to be replaced by a new set of +modular daemons ``virt${DRIVER}d``, each one servicing a single stateful +driver. A further ``virtproxyd`` daemon will provide secure remote access, as +well as backcompatibility for clients using the UNIX socket path of the +monolithic daemon. + +The change to modular daemons should not affect API functionality used by +management applications. It will, however, have an impact on host provisioning +tools since there are new systemd services and configuration files to be +managed. + +Currently both monolithic and modular daemons are built by default, but the RPC +client still prefers connecting to the monolithic daemon. It is intended to +switch the RPC client to prefer the modular daemons in the near future. At +least 1 year after this switch (but not more than 2 years), the monolithic +daemon will be deleted entirely. + +Operating modes +--------------- + +The libvirt daemons, whether monolithic or modular, can often operate in two +modes + +* *System mode* - the daemon is running as the root user account, enabling + access to its full range of functionality. A read-write connection to + daemons in system mode **typically implies privileges equivalent to having + a root shell**. Suitable `authentication mechanisms <auth.html>`__ **must + be enabled** to secure it against untrustworthy clients/users. + +* *Session mode* - the daemon is running as any non-root user account, + providing access to a more restricted range of functionality. Only client + apps/users running under **the same UID are permitted to connect**, thus a + connection does not imply any elevation of privileges. + + Not all drivers support session mode and as such the corresponding + modular daemon may not support running in this mode + + +Monolithic driver daemon +======================== + +The monolithic daemon is known as ``libvirtd`` and has historically been the +default in libvirt. It is configured via the file ``/etc/libvirt/libvirtd.conf`` + + +Monolithic sockets +------------------ + +When running in system mode, ``libvirtd`` exposes three UNIX domain sockets, and +optionally, one or two TCP sockets + +* ``/var/run/libvirt/libvirt-sock`` - the primary socket for accessing libvirt + APIs, with full read-write privileges. A connection to this socket gives the + client privileges that are equivalent to having a root shell. This is the + socket that most management applications connect to by default. + +* ``/var/run/libvirt/libvirt-sock-ro`` - the secondary socket for accessing + libvirt APIs, with limited read-only privileges. A connection to this socket + gives the ability to query the existance of objects and monitor some aspects + of their operation. This is the socket that most management applications + connect to when requesting read only mode. Typically this is what a + monitoring app would use. + +* ``/var/run/libvirt/libvirt-admin-sock`` - the administrative socket for + controlling operation of the daemon itself (as opposed to drivers it is + running). This can be used to dynamically reconfigure some aspects of the + daemon and monitor/control connected clients. + +* ``TCP 16509`` - the non-TLS socket for remotely accessing the libvirt APIs, + with full read-write privileges. A connection to this socket gives the + client privileges that are equivalent to having a root shell. Since it does + not use TLS, an `authentication mechanism <auth.html>`__ that provides + encryption must be used. Only the GSSAPI/Kerberos mechanism is capable of + satisfying this requirement. In general applications should not use this + socket except for debugging in a development/test environment. + +* ``TCP 16514`` - the TLS socket for remotely accessing the libvirt APIs, + with full read-write privileges. A connection to this socket gives the + client privileges that are equivalent to having a root shell. Access control + can be enforced either through validation of `x509 certificates + <tlscerts.html>`__, and/or by enabling an `authentication mechanism + <auth.html>`__. + +NB, some distros will use ``/run`` instead of ``/var/run``. + +When running in session mode, ``libvirtd`` exposes two UNIX domain sockets + +* ``$XDG_RUNTIME_DIR/libvirt/libvirt-sock`` - the primary socket for accessing + libvirt APIs, with full read-write privileges. A connection to this socket + does not alter the privileges that the client already has. This is the + socket that most management applications connect to by default. + +* ``$XDG_RUNTIME_DIR/libvirt/libvirt-admin-sock`` - the administrative socket + for controlling operation of the daemon itself (as opposed to drivers it is + running). This can be used to dynamically reconfigure some aspects of the + daemon and monitor/control connected clients. + +Notice that the session mode does not have a separate read-only socket. Since +the clients must be running as the same user as the daemon itself, there is +not any security benefit from attempting to enforce a read-only mode. + +``$XDG_RUNTIME_DIR`` commonly points to a per-user private location on tmpfs, +such as ``/run/user/$UID``. + + +Monolithic Systemd Integration +------------------------------ + +When the ``libvirtd`` daemon is managed by ``systemd`` a number of desirable +features are available, most notably socket activation. + +Libvirt ships a number of unit files for controlling libvirtd + +* ``libvirtd.service`` - the main unit file for launching the libvirtd daemon + in system mode. The command line arguments passed can be configured by + editting ``/etc/sysconfig/libvirtd``. This is typically only needed to control + the use of the auto shutdown timeout value. It is recommended that this + service unit be configured to start on boot. This is because various + libvirt drivers support autostart of their objects. If it is known that + autostart is not required, this unit can be left to start on demand. + +* ``libvirtd.socket`` - the unit file corresponding to the main read-write + UNIX socket ``/var/run/libvirt/libvirt-sock``. This socket is recommended to + be started on boot by default. + +* ``libvirtd-ro.socket`` - the unit file corresponding to the main read-write + UNIX socket ``/var/run/libvirt/libvirt-sock-ro``. This socket is recommended + to be started on boot by default. + +* ``libvirtd-admin.socket`` - the unit file corresponding to the administrative + UNIX socket ``/var/run/libvirt/libvirt-admin-sock``. This socket is + recommended to be started on boot by default. + +* ``libvirtd-tcp.socket`` - the unit file corresponding to the TCP 16509 port + for non-TLS remote access. This socket should not be configured to start on + boot until the administrator has configured a suitable authentication + mechanism. + +* ``libvirtd-tls.socket`` - the unit file corresponding to the TCP 16509 port + for TLS remote access. This socket should not be configured to start on boot + until the administrator has deployed x509 certificates and optionally + configured a suitable authentication mechanism. + +The socket unit files are newly introduced in 5.6.0. On newly installed hosts +the UNIX socket units should be enabled by default. When upgrading an existing +host from a previous version of libvirt, the socket unit files will be masked +if libvirtd is currently configured to use the ``--listen`` argument, since the +``--listen`` argument is mutually exclusive with use of socket activation. + +When systemd socket activation is used a number of configuration settings in +``libvirtd.conf`` are no longer honoured. Instead these settings must be +controlled via the system unit files + +* ``listen_tcp`` - TCP socket usage is enabled by starting the + ``libvirtd-tcp.socket`` unit file. + +* ``listen_tls`` - TLS socket usage is enabled by starting the + ``libvirtd-tls.socket`` unit file. + +* ``tcp_port`` - Port for the non-TLS TCP socket, controlled via the + ``ListenStream`` parameter in the ``libvirtd-tcp.socket`` unit file. + +* ``tls_port`` - Port for the TLS TCP socket, controlled via the + ``ListenStream`` parameter in the ``libvirtd-tls.socket`` unit file. + +* ``listen_addr`` - IP address to listen on, independently controlled via the + ``ListenStream`` parameter in the ``libvirtd-tcp.socket`` or + ``libvirtd-tls.socket`` unit files. + +* ``unix_sock_group`` - UNIX socket group owner, controlled via the + ``SocketGroup`` parameter in the ``libvirtd.socket`` and + ``libvirtd-ro.socket`` unit files + +* ``unix_sock_ro_perms`` - read-only UNIX socket permissions, controlled via the + ``SocketMode`` parameter in the ``libvirtd-ro.socket`` unit file + +* ``unix_sock_rw_perms`` - read-write UNIX socket permissions, controlled via + the ``SocketMode`` parameter in the ``libvirtd.socket`` unit file + +* ``unix_sock_admin_perms`` - admin UNIX socket permissions, controlled via the + ``SocketMode`` parameter in the ``libvirtd-admin.socket`` unit file + +* ``unix_sock_dir`` - directory in which all UNIX sockets are created + independently controlled via the ``ListenStream`` parameter in any of the + ``libvirtd.socket``, ``libvirtd-ro.socket`` and ``libvirtd-admin.socket`` unit + files. + +Systemd releases prior to version 227 lacked support for passing the activation +socket unit names into the service. When using these old versions, the +``tcp_port``, ``tls_port`` and ``unix_sock_dir`` settings in ``libvirtd.conf`` +must be changed in lock-step with the equivalent settings in the unit files to +ensure that ``libvirtd`` can identify the sockets. + + +Modular driver daemons +====================== + +The modular daemons are named after the driver which they are running, with +the pattern ``virt${DRIVER}d`` and will become the default in future libvirt. +They are configured via the files ``/etc/libvirt/virt${DRIVER}d.conf`` + +The following modular daemons currently exist for hypervisor drivers + +* ``virtqemud`` - the QEMU management daemon, for running virtual machines + on UNIX platforms, optionally with KVM acceleration, in either system or + session mode +* ``virtxend`` - the Xen management daemon, for running virtual machines + on the Xen hypervisor, in system mode only +* ``virtlxcd`` - the Linux Container management daemon, for running LXC guests + in system mode only +* ``virtbhyved`` - the BHyve management daemon, for running virtual machines + on FreeBSD with the BHyve hypervisor, in system mode. +* ``virtvboxd`` - the VirtualBox management daemon, for running virtual machines + on UNIX platforms. + +The additional modular daemons service secondary drivers + +* ``virtinterfaced`` - the host NIC management daemon, in system mode only +* ``virtnetworkd`` - the virtual network management daemon, in system mode only +* ``virtnodedevd`` - the host physical device management daemon, in system mode + only +* ``virtnwfilterd`` - the host firewall management daemon, in system mode only +* ``virtsecretd`` - the host secret management daemon, in system or session mode +* ``virtstoraged`` - the host storage management daemon, in system or session + mode + + +Modular Sockets +--------------- + +When running in system mode, ``virt${DRIVER}d`` exposes three UNIX domain +sockets: + +* ``/var/run/libvirt/virt${DRIVER}d-sock`` - the primary socket for accessing + libvirt APIs, with full read-write privileges. For many of the daemons, a + connection to this socket gives the client privileges that are equivalent to + having a root shell. This is the socket that most management applications + connect to by default. + +* ``/var/run/libvirt/virt${DRIVER}d-sock-ro`` - the secondary socket for + accessing libvirt APIs, with limited read-only privileges. A connection to + this socket gives the ability to query the existance of objects and monitor + some aspects of their operation. This is the socket that most management + applications connect to when requesting read only mode. Typically this is + what a monitoring app would use. + +* ``/var/run/libvirt/virt${DRIVER}d-admin-sock`` - the administrative socket for + controlling operation of the daemon itself (as opposed to drivers it is + running). This can be used to dynamically reconfigure some aspects of the + daemon and monitor/control connected clients. + +NB, some distros will use ``/run`` instead of ``/var/run``. + +When running in session mode, ``virt${DRIVER}d`` exposes two UNIX domain sockets + +* ``$XDG_RUNTIME_DIR/libvirt/virt${DRIVER}d-sock`` - the primary socket for + accessing libvirt APIs, with full read-write privileges. A connection to this + socket does not alter the privileges that the client already has. This is the + socket that most management applications connect to by default. + +* ``$XDG_RUNTIME_DIR/libvirt/virt${DRIVER}d-admin-sock`` - the administrative + socket for controlling operation of the daemon itself (as opposed to drivers + it is running). This can be used to dynamically reconfigure some aspects of + the daemon and monitor/control connected clients. + +Notice that the session mode does not have a separate read-only socket. Since +the clients must be running as the same user as the daemon itself, there is +not any security benefit from attempting to enforce a read-only mode. + +``$XDG_RUNTIME_DIR`` commonly points to a per-user private location on tmpfs, +such as ``/run/user/$UID``. + +Modular Systemd Integration +--------------------------- + +When the ``virt${DRIVER}d`` daemon is managed by ``systemd`` a number of +desirable features are available, most notably socket activation. + +Libvirt ships a number of unit files for controlling virt${DRIVER}d + +* ``virt${DRIVER}d.service`` - the main unit file for launching the + ``virt${DRIVER}d daemon`` in system mode. The command line arguments passed + can be configured by editting ``/etc/sysconfig/virt${DRIVER}d``. This is + typically only needed to control the use of the auto shutdown timeout value. + It is recommended that this service unit be configured to start on boot. + This is because various libvirt drivers support autostart of their objects. + If it is known that autostart is not required, this unit can be left to start + on demand. + +* ``virt${DRIVER}d.socket`` - the unit file corresponding to the main read-write + UNIX socket ``/var/run/libvirt/virt${DRIVER}d-sock``. This socket is + recommended to be started on boot by default. + +* ``virt${DRIVER}d-ro.socket`` - the unit file corresponding to the main + read-write UNIX socket ``/var/run/libvirt/virt${DRIVER}d-sock-ro``. This + socket is recommended to be started on boot by default. + +* ``virt${DRIVER}d-admin.socket`` - the unit file corresponding to the + administrative UNIX socket ``/var/run/libvirt/virt${DRIVER}d-admin-sock``. + This socket is recommended to be started on boot by default. + +The socket unit files are newly introduced in 5.6.0. On newly installed hosts +the UNIX socket units should be enabled by default. When upgrading an existing +host from a previous version of libvirt, the socket unit files will be masked +if virt${DRIVER}d is currently configured to use the ``--listen`` argument, +since the ``--listen`` argument is mutually exclusive with use of socket +activation. + +When systemd socket activation is used a number of configuration settings in +``virt${DRIVER}d.conf`` are no longer honoured. Instead these settings must be +controlled via the system unit files + +* ``unix_sock_group`` - UNIX socket group owner, controlled via the + ``SocketGroup`` parameter in the ``virt${DRIVER}d.socket`` and + ``virt${DRIVER}d-ro.socket`` unit files + +* ``unix_sock_ro_perms`` - read-only UNIX socket permissions, controlled via the + ``SocketMode`` parameter in the ``virt${DRIVER}d-ro.socket`` unit file + +* ``unix_sock_rw_perms`` - read-write UNIX socket permissions, controlled via + the ``SocketMode`` parameter in the ``virt${DRIVER}d.socket`` unit file + +* ``unix_sock_admin_perms`` - admin UNIX socket permissions, controlled via the + ``SocketMode`` parameter in the ``virt${DRIVER}d-admin.socket`` unit file + +* ``unix_sock_dir`` - directory in which all UNIX sockets are created + independently controlled via the ``ListenStream`` parameter in any of the + ``virt${DRIVER}d.socket``, ``virt${DRIVER}d-ro.socket`` and + ``virt${DRIVER}d-admin.socket`` unit files. + +Systemd releases prior to version 227 lacked support for passing the activation +socket unit names into the service. When using these old versions, the +``unix_sock_dir`` setting in ``virt${DRIVER}d.conf`` must be changed in +lock-step with the equivalent setting in the unit files to ensure that +``virt${DRIVER}d`` can identify the sockets. + + +Switching to modular daemons +---------------------------- + +If a host is currently set to use the monolithic ``libvirtd`` daemon and needs +to be migrated to the monolithic daemons a number of services need to be +changed. The steps below outline the process on hosts using the systemd init +service. + +While it is technically possible todo this while virtual machines are running, +it is recommended that virtual machines be stopped or live migrated to a new +host first. + +#. Stop the current monolithic daemon and its socket units + + :: + + $ systemctl stop libvirtd.service + $ systemctl stop libvirtd{,-ro,-admin,-tcp,-tls}.socket + +#. Disable future start of the monolithic daemon + + :: + + $ systemctl disable libvirtd.service + $ systemctl disable libvirtd{,-ro,-admin,-tcp,-tls}.socket + + For stronger protection it is valid to use ``mask`` instead of ``disable`` + too. + +#. Enable the new daemons for the particular virtualizationd driver desired, + and any of the secondary drivers to accompany it. The following example + enables the QEMU driver and all the secondary drivers: + + :: + + $ for drv in qemu interface network nodedev nwfilter secret storage + do + systemctl unmask virt${drv}d.service + systemctl unmask virt${drv}d{,-ro,-admin}.socket + systemctl enable virt${drv}d.service + systemctl enable virt${drv}d{,-ro,-admin}.socket + done + +#. Start the sockets for the same set of daemons. There is no need to start the + services as they will get started when the first socket connection is + established + + :: + + $ for drv in qemu network nodedev nwfilter secret storage + do + systemctl start virt${drv}d{,-ro,-admin}.socket + done + +#. If connections from remote hosts need to be supported the proxy daemon + must be enabled and started + + :: + + $ systemctl unmask virtproxyd.service + $ systemctl unmask virtproxyd{,-ro,-admin}.socket + $ systemctl enable virtproxyd.service + $ systemctl enable virtproxyd{,-ro,-admin}.socket + $ systemctl start virtproxyd{,-ro,-admin}.socket + + The UNIX sockets allow for remote access using SSH tunneling. If ``libvirtd`` + had TCP or TLS sockets configured, those should be started too + + :: + + $ systemctl unmask virtproxyd-tls.socket + $ systemctl enable virtproxyd-tls.socket + $ systemctl start virtproxyd-tls.socket + + +Proxy daemon +============ + +The monolithic daemon is known as ``libvirtd`` and has historically been the +default in libvirt. It is configured via the file ``/etc/libvirt/libvirtd.conf`` + + +Proxy sockets +------------- + +When running in system mode, ``virtproxyd`` exposes three UNIX domain sockets, +and optionally, one or two TCP sockets. These sockets are identical to those +provided by the traditional ``libvirtd`` so refer to earlier documentation in +this page. + +When running in session mode, ``virtproxyd`` exposes two UNIX domain sockets, +which are again identical to those provided by ``libvirtd``. + +Proxy Systemd Integration +------------------------- + +When the ``virtproxyd`` daemon is managed by ``systemd`` a number of desirable +features are available, most notably socket activation. + +Libvirt ships a number of unit files for controlling virtproxyd + +* ``virtproxyd.service`` - the main unit file for launching the virtproxyd + daemon in system mode. The command line arguments passed can be configured by + editting ``/etc/sysconfig/virtproxyd``. This is typically only needed to + control the use of the auto shutdown timeout value. + +* ``virtproxyd.socket`` - the unit file corresponding to the main read-write + UNIX socket ``/var/run/libvirt/libvirt-sock``. This socket is recommended to + be started on boot by default. + +* ``virtproxyd-ro.socket`` - the unit file corresponding to the main read-write + UNIX socket ``/var/run/libvirt/libvirt-sock-ro``. This socket is recommended + to be started on boot by default. + +* ``virtproxyd-admin.socket`` - the unit file corresponding to the + administrative UNIX socket ``/var/run/libvirt/libvirt-admin-sock``. This + socket is recommended to be started on boot by default. + +* ``virtproxyd-tcp.socket`` - the unit file corresponding to the TCP 16509 port + for non-TLS remote access. This socket should not be configured to start on + boot until the administrator has configured a suitable authentication + mechanism. + +* ``virtproxyd-tls.socket`` - the unit file corresponding to the TCP 16509 port + for TLS remote access. This socket should not be configured to start on boot + until the administrator has deployed x509 certificates and optionally + configured a suitable authentication mechanism. + +The socket unit files are newly introduced in 5.6.0. On newly installed hosts +the UNIX socket units should be enabled by default. When upgrading an existing +host from a previous version of libvirt, the socket unit files will be masked +if virtproxyd is currently configured to use the ``--listen`` argument, since +the ``--listen`` argument is mutually exclusive with use of socket activation. + +When systemd socket activation is used a number of configuration settings in +``virtproxyd.conf`` are no longer honoured. Instead these settings must be +controlled via the system unit files. Refer to the earlier documentation on +the ``libvirtd`` service socket configuration for further information. + + +Logging daemon +============== + +The ``virtlogd`` daemon provides a service for managing log files associated +with QEMU virtual machines. The QEMU process is given one or more pipes, the +other end of which are owned by the ``virtlogd`` daemon. It will then write +data on those pipes to log files, while enforcing a maximum file size and +performing log rollover at the size limit. + +Since the daemon holds open anoymous pipe file descriptors, it must never be +stopped while any QEMU virtual machines are running. To enable software updates +to be applied, the daemon is capable of re-executing itself while keeping all +file descriptors open. This can be triggered by sending the daemon ``SIGUSR1`` + +Logging Sockets +--------------- + +When running in system mode, ``virtlogd`` exposes two UNIX domain sockets: + +* ``/var/run/libvirt/virtlogd-sock`` - the primary socket for accessing + libvirt APIs, with full read-write privileges. Access to the socket is + restricted to the root user. + +* ``/var/run/libvirt/virtlogd-admin-sock`` - the administrative socket for + controlling operation of the daemon itself (as opposed to drivers it is + running). This can be used to dynamically reconfigure some aspects of the + daemon and monitor/control connected clients. + +NB, some distros will use ``/run`` instead of ``/var/run``. + +When running in session mode, ``virtlogd`` exposes two UNIX domain sockets + +* ``$XDG_RUNTIME_DIR/libvirt/virtlogd-sock`` - the primary socket for + accessing libvirt APIs, with full read-write privileges. Access to the + socket is restricted to the unprivileged user running the daemon. + +* ``$XDG_RUNTIME_DIR/libvirt/virtlogd-admin-sock`` - the administrative + socket for controlling operation of the daemon itself (as opposed to drivers + it is running). This can be used to dynamically reconfigure some aspects of + the daemon and monitor/control connected clients. + +``$XDG_RUNTIME_DIR`` commonly points to a per-user private location on tmpfs, +such as ``/run/user/$UID``. + +Logging Systemd Integration +--------------------------- + +When the ``virtlogd`` daemon is managed by ``systemd`` a number of desirable +features are available, most notably socket activation. + +Libvirt ships a number of unit files for controlling virtlogd + +* ``virtlogd.service`` - the main unit file for launching the + ``virtlogd daemon`` in system mode. The command line arguments passed + can be configured by editting ``/etc/sysconfig/virtlogd``. This is + typically only needed to control the use of the auto shutdown timeout value. + +* ``virtlogd.socket`` - the unit file corresponding to the main read-write + UNIX socket ``/var/run/libvirt/virtlogd-sock``. This socket is recommended + to be started on boot by default. + +* ``virtlogd-admin.socket`` - the unit file corresponding to the administrative + UNIX socket ``/var/run/libvirt/virtlogd-admin-sock``. This socket is + recommended to be started on boot by default. + +When systemd socket activation is used a number of configuration settings in +``virtlogd.conf`` are no longer honoured. Instead these settings must be +controlled via the system unit files + +* ``unix_sock_group`` - UNIX socket group owner, controlled via the + ``SocketGroup`` parameter in the ``virtlogd.socket`` and + ``virtlogd-ro.socket`` unit files + +* ``unix_sock_ro_perms`` - read-only UNIX socket permissions, controlled via the + ``SocketMode`` parameter in the ``virtlogd-ro.socket`` unit file + +* ``unix_sock_rw_perms`` - read-write UNIX socket permissions, controlled via + the ``SocketMode`` parameter in the ``virtlogd.socket`` unit file + +* ``unix_sock_admin_perms`` - admin UNIX socket permissions, controlled via the + ``SocketMode`` parameter in the ``virtlogd-admin.socket`` unit file + +* ``unix_sock_dir`` - directory in which all UNIX sockets are created + independently controlled via the ``ListenStream`` parameter in any of the + ``virtlogd.socket`` and ``virtlogd-admin.socket`` unit files. + +Systemd releases prior to version 227 lacked support for passing the activation +socket unit names into the service. When using these old versions, the +``unix_sock_dir`` setting in ``virtlogd.conf`` must be changed in +lock-step with the equivalent setting in the unit files to ensure that +``virtlogd`` can identify the sockets. + +Locking daemon +============== + +The ``virtlockd`` daemon provides a service for holding locks against file +images and devices serving as backing storage for virtual disks. The locks +will be held for as long as there is a QEMU process running with the disk +open. + +To ensure continuity of locking, the daemon holds open anoymous file +descriptors, it must never be stopped while any QEMU virtual machines are +running. To enable software updates to be applied, the daemon is capable of +re-executing itself while keeping all file descriptors open. This can be +triggered by sending the daemon ``SIGUSR1`` + +Locking Sockets +--------------- + +When running in system mode, ``virtlockd`` exposes two UNIX domain sockets: + +* ``/var/run/libvirt/virtlockd-sock`` - the primary socket for accessing + libvirt APIs, with full read-write privileges. Access to the socket is + restricted to the root user. + +* ``/var/run/libvirt/virtlockd-admin-sock`` - the administrative socket for + controlling operation of the daemon itself (as opposed to drivers it is + running). This can be used to dynamically reconfigure some aspects of the + daemon and monitor/control connected clients. + +NB, some distros will use ``/run`` instead of ``/var/run``. + +When running in session mode, ``virtlockd`` exposes two UNIX domain sockets + +* ``$XDG_RUNTIME_DIR/libvirt/virtlockd-sock`` - the primary socket for + accessing libvirt APIs, with full read-write privileges. Access to the + socket is restricted to the unprivileged user running the daemon. + +* ``$XDG_RUNTIME_DIR/libvirt/virtlockd-admin-sock`` - the administrative + socket for controlling operation of the daemon itself (as opposed to drivers + it is running). This can be used to dynamically reconfigure some aspects of + the daemon and monitor/control connected clients. + +``$XDG_RUNTIME_DIR`` commonly points to a per-user private location on tmpfs, +such as ``/run/user/$UID``. + +Locking Systemd Integration +--------------------------- + +When the ``virtlockd`` daemon is managed by ``systemd`` a number of desirable +features are available, most notably socket activation. + +Libvirt ships a number of unit files for controlling virtlockd + +* ``virtlockd.service`` - the main unit file for launching the + ``virtlockd daemon`` in system mode. The command line arguments passed + can be configured by editting ``/etc/sysconfig/virtlockd``. This is + typically only needed to control the use of the auto shutdown timeout value. + +* ``virtlockd.socket`` - the unit file corresponding to the main read-write + UNIX socket ``/var/run/libvirt/virtlockd-sock``. This socket is recommended + to be started on boot by default. + +* ``virtlockd-admin.socket`` - the unit file corresponding to the administrative + UNIX socket ``/var/run/libvirt/virtlockd-admin-sock``. This socket is + recommended to be started on boot by default. + +When systemd socket activation is used a number of configuration settings in +``virtlockd.conf`` are no longer honoured. Instead these settings must be +controlled via the system unit files + +* ``unix_sock_group`` - UNIX socket group owner, controlled via the + ``SocketGroup`` parameter in the ``virtlockd.socket`` and + ``virtlockd-ro.socket`` unit files + +* ``unix_sock_ro_perms`` - read-only UNIX socket permissions, controlled via the + ``SocketMode`` parameter in the ``virtlockd-ro.socket`` unit file + +* ``unix_sock_rw_perms`` - read-write UNIX socket permissions, controlled via + the ``SocketMode`` parameter in the ``virtlockd.socket`` unit file + +* ``unix_sock_admin_perms`` - admin UNIX socket permissions, controlled via the + ``SocketMode`` parameter in the ``virtlockd-admin.socket`` unit file + +* ``unix_sock_dir`` - directory in which all UNIX sockets are created + independently controlled via the ``ListenStream`` parameter in any of the + ``virtlockd.socket`` and ``virtlockd-admin.socket`` unit files. + +Systemd releases prior to version 227 lacked support for passing the activation +socket unit names into the service. When using these old versions, the +``unix_sock_dir`` setting in ``virtlockd.conf`` must be changed in +lock-step with the equivalent setting in the unit files to ensure that +``virtlockd`` can identify the sockets. diff --git a/docs/docs.html.in b/docs/docs.html.in index 004f099a9f..142c79bfa9 100644 --- a/docs/docs.html.in +++ b/docs/docs.html.in @@ -18,6 +18,9 @@ <dt><a href="migration.html">Migration</a></dt> <dd>Migrating guests between machines</dd> + <dt><a href="daemons.html">Daemons</a></dt> + <dd>Overview of the daemons provided by libvirt</dd> + <dt><a href="remote.html">Remote access</a></dt> <dd>Enable remote access over TCP</dd> -- 2.24.1

3 6

[PATCH 0/2] qemu_shim: Two simple fixes
by Michal Privoznik 05 Mar '20

05 Mar '20

Actually, 2/2 suggests we need to tweak SELinux policy too. Should I file a bug? Michal Prívozník (2): qemu_shim: Allow other users to enter the root dir qemu_shim: Ignore SIGPIPE src/qemu/qemu_shim.c | 7 +++++++ 1 file changed, 7 insertions(+) -- 2.24.1

3 6

[libvirt PATCH 0/6] Introduce Local Migration Support in Libvirt
by Daniel P. Berrangé 03 Mar '20

03 Mar '20

I'm (re-)sending this patch series on behalf of Shaju Abraham <shaju.abraham(a)nutanix.com> who has tried to send this several times already. Red Hat's email infrastructure is broken, accepting the mails and then failing to deliver them to mailman, or any other Red Hat address. Unfortunately it means that while we can send comments back to Shaju on this thread, subscribers will then probably fail to see any responses Shaju tries to give :-( To say this is bad is an understatement. I have yet another ticket open tracking & escalating this awful problem but can't give any ETA on a fix :-( Anyway, with that out of the way, here's Shaju's original cover letter below.... 1) What is this patch series about? Local live migration of a VM is about Live migrating a VM instance with in the same node. Traditional libvirt live migration involves migrating the VM from a source node to a remote node. The local migrations are forbidden in Libvirt for a myriad of reasons. This patch series is to enable local migration in Libvirt. 2) Why Local Migration is important? The ability to Live migrate a VM locally paves the way for hypervisor upgrades without shutting down the VM. For example to upgrade qemu after a security upgrade, we can locally migrate the VM to the new qemu instance. By utilising capabilities like "bypass-shared-memory" in qemu, the hypervisor upgrades are faster. 3) Why is local migration difficult in Libvirt? Libvirt always assumes that the name/UUID pair is unique with in a node. During local migration there will be two different VMs with the same UUID/name pair which will confuse the management stack. There are other path variables like monitor path, config paths etc which assumes that the name/UUID pair is unique. So during migration the same monitor will be used by both the source and the target. We cannot assign a temporary UUID to the target VM, since UUID is a part of the machine ABI which is immutable. To decouple the dependecy on UUID/name, a new field (the domain id) is included in all the PATHs that Libvirt uses. This will ensure that all instances of the VM gets a unique PATH. 4) How is the Local Migration Designed ? Libvirt manages all the VM domain objects using two hash tables which are indexed using either the UUID or Name.During the Live migration the domain entry in the source node gets deleted and a new entry gets populated in the target node, which are indexed using the same name/UUID.But for the Local migration, there is no remote node. Both the source and the target nodes are same. So inorder to model the remote node, two more hashtables are introduced which represents the hash tables of the remote node during migration. The Libvirt migration involves 5 stages 1) Begin 2) Prepare 3) Perform 4) Finish 5) Confirm Begin,Perform and Confirm gets executed on the source node where as Prepare and Finish gets executed on the target node. In the case of Local Migration Perform and Finish stages uses the newly introduced 'remote hash table' and rest of the stages uses the 'source hash tables'. Once the migration is completed, that is after the confirm phase, the VM domain object is moved from the 'remote hash table' to the 'source hash table'. This is required so that other Libvirt commands like 'virsh list' can display all the VMs running in the node. 5) How to test Local Migration? A new flag 'local' is added to the 'virsh migrate' command to enable local migration. The syntax is virsh migrate --live --local 'domain-id' qemu+ssh://ip-address/system 6) What are the known issues? SeLinux policies is know to have issues with the creating /dev/hugepages entries during VM launch. In order to test local migration disable SeLinux using 'setenforce 0'. Shaju Abraham (6): Add VIR_MIGRATE_LOCAL flag to virsh migrate command Introduce remote hash tables and helper routines Add local migration support in QEMU Migration framework Modify close callback routines to handle local migration Make PATHs unique for a VM object instance Move the domain object from remote to source hash table include/libvirt/libvirt-domain.h | 6 + src/conf/virdomainobjlist.c | 232 +++++++++++++++++++++++++++++-- src/conf/virdomainobjlist.h | 10 ++ src/libvirt_private.syms | 4 + src/qemu/qemu_conf.c | 4 +- src/qemu/qemu_domain.c | 28 +++- src/qemu/qemu_domain.h | 2 + src/qemu/qemu_driver.c | 46 +++++- src/qemu/qemu_migration.c | 59 +++++--- src/qemu/qemu_migration.h | 5 + src/qemu/qemu_migration_cookie.c | 121 ++++++++-------- src/qemu/qemu_migration_cookie.h | 2 + src/qemu/qemu_process.c | 3 +- src/qemu/qemu_process.h | 2 + src/util/virclosecallbacks.c | 48 +++++-- src/util/virclosecallbacks.h | 3 + tools/virsh-domain.c | 7 + 17 files changed, 471 insertions(+), 111 deletions(-) -- 2.24.1

6 18

Entering freeze for libvirt 6.1.0
by Daniel Veillard 29 Feb '20

29 Feb '20

As suggested yesterday, I just tagged RC1 in git and pushed signed tarball and source rpm to the usual place: https://libvirt.org/sources/ Seems to work fine in my limited testing, CI is green (amazing !) https://ci.centos.org/view/libvirt/ so looks fine so far, please give it some testing, planning RC2 on Friday with a possible delivery next Monday, thanks, Daniel -- Daniel Veillard | Red Hat Developers Tools http://developer.redhat.com/ veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | virtualization library http://libvirt.org/

2 3

[libvirt PATCH 0/3] gitdm: Fixes and updates
by Andrea Bolognani 29 Feb '20

29 Feb '20

blurb.com *** BLURB HERE ***, Inc. Andrea Bolognani (3): gitdm: Add entry for example.com gitdm: Fix sorting gitdm: Add missing entries docs/gitdm/companies/others | 5 ++++- docs/gitdm/groups/unaffiliated | 5 +++++ 2 files changed, 9 insertions(+), 1 deletion(-) -- 2.24.1

2 4

[PATCH] admin: use g_autofree
by Gaurav Agrawal 29 Feb '20

29 Feb '20

From: GAURAV AGRAWAL <agrawalgaurav(a)gnome.org> Signed-off-by: Gaurav Agrawal <agrawalgaurav(a)gnome.org> --- src/admin/libvirt-admin.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/src/admin/libvirt-admin.c b/src/admin/libvirt-admin.c index 4099a54854..d841a15f95 100644 --- a/src/admin/libvirt-admin.c +++ b/src/admin/libvirt-admin.c @@ -111,7 +111,7 @@ getSocketPath(virURIPtr uri) virURIParamPtr param = &uri->params[i]; if (STREQ(param->name, "socket")) { - VIR_FREE(sock_path); + g_free(sock_path); sock_path = g_strdup(param->value); } else { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, @@ -203,11 +203,11 @@ virAdmGetDefaultURI(virConfPtr conf, char **uristr) virAdmConnectPtr virAdmConnectOpen(const char *name, unsigned int flags) { - char *sock_path = NULL; + g_autofree char *sock_path = NULL; char *alias = NULL; virAdmConnectPtr conn = NULL; g_autoptr(virConf) conf = NULL; - char *uristr = NULL; + g_autofree char *uristr = NULL; if (virAdmInitialize() < 0) goto error; @@ -233,7 +233,7 @@ virAdmConnectOpen(const char *name, unsigned int flags) goto error; if (alias) { - VIR_FREE(uristr); + g_free(uristr); uristr = alias; } @@ -251,14 +251,11 @@ virAdmConnectOpen(const char *name, unsigned int flags) if (remoteAdminConnectOpen(conn, flags) < 0) goto error; - cleanup: - VIR_FREE(sock_path); - VIR_FREE(uristr); +cleanup: return conn; error: virDispatchError(NULL); - virObjectUnref(conn); conn = NULL; goto cleanup; } -- 2.24.1

2 1

[libvirt PATCH] news: Update for libvirt 6.1.0
by Andrea Bolognani 29 Feb '20

29 Feb '20

Signed-off-by: Andrea Bolognani <abologna(a)redhat.com> --- I probably won't be able to check my computer between now and the release, so if anyone gets a chance to review the patch in the meantime please feel free to push it as well :) docs/news.xml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/docs/news.xml b/docs/news.xml index cdcf450b48..af157887d3 100644 --- a/docs/news.xml +++ b/docs/news.xml @@ -124,6 +124,15 @@ subelement. </description> </change> + <change> + <summary> + qemu: Introduce the 'tpm-spapr' TPM model + </summary> + <description> + This device, available starting from QEMU 5.0, is limited to + pSeries guests. + </description> + </change> </section> <section title="Improvements"> <change> @@ -138,8 +147,35 @@ to rectify the problem. </description> </change> + <change> + <summary> + qemu: Support "dies" in CPU topology + </summary> + <description> + This CPU topology concept, new in QEMU 4.1.0, sits between the + existing "socket" and "core". + </description> + </change> + <change> + <summary> + libxl: Add support for Credit2 scheduler parameters + </summary> + </change> + <change> + <summary> + lxc: Add support LXC 3 network configuration format + </summary> + </change> </section> <section title="Bug fixes"> + <change> + <summary> + conf: Do not generate machine names ending with a dash + </summary> + <description> + Recent systemd version do not allow them. + </description> + </change> </section> <section title="Packaging changes"> <change> -- 2.24.1

2 1

[libvirt] [PATCH 0/8] Second take on slirp-helper & dbus-vmstate
by marcandre.lureau＠redhat.com 29 Feb '20

29 Feb '20

From: Marc-André Lureau <marcandre.lureau(a)redhat.com> Hi, The series "[libvirt] [PATCH v2 00/23] Use a slirp helper process" has been merged and partially reverted. Meanwhile, qemu dbus-vmstate design has been changed and merged upstream. This new series fixes the slirp-helper support. The significant change is that dbus-vmstate now requires a bus (instead of the earlier peer-to-peer connection). The current series doesn't attempt to enforce strict policies on the bus. As long as you can connect to the bus, you can send/receive from/to anyone. A follow-up series should implement the recommendations from https://qemu.readthedocs.io/en/latest/interop/dbus.html#security. The libslirp-rs slirp-helper hasn't yet received an official release. For testing, you may: $ cargo install --features=all --git https://gitlab.freedesktop.org/slirp/libslirp-rs The resulting binary should be ~/.cargo/bin/slirp-helper, so qemu.conf slirp_helper location should be adjusted. With that in place, a VM with user networking (slirp) should now start with the helper process. thanks Marc-André Lureau (8): qemu: remove dbus-vmstate code qemu-conf: add configurable dbus-daemon location qemu-conf: add dbusStateDir qemu: add a DBus daemon helper unit domain: save/restore the state of dbus-daemon running qemu: prepare and stop the dbus daemon qemu: add dbus-vmstate helper migration support qemu-slirp: register helper for migration m4/virt-driver-qemu.m4 | 6 + src/qemu/Makefile.inc.am | 6 +- src/qemu/libvirtd_qemu.aug | 1 + src/qemu/qemu.conf | 3 + src/qemu/qemu_alias.c | 17 +- src/qemu/qemu_alias.h | 3 +- src/qemu/qemu_command.c | 65 +++---- src/qemu/qemu_command.h | 6 +- src/qemu/qemu_conf.c | 9 + src/qemu/qemu_conf.h | 2 + src/qemu/qemu_dbus.c | 283 +++++++++++++++++++++++++---- src/qemu/qemu_dbus.h | 30 +-- src/qemu/qemu_domain.c | 30 +-- src/qemu/qemu_domain.h | 9 +- src/qemu/qemu_extdevice.c | 4 +- src/qemu/qemu_hotplug.c | 165 +++++++++-------- src/qemu/qemu_hotplug.h | 17 +- src/qemu/qemu_migration.c | 57 +++++- src/qemu/qemu_monitor.c | 21 +++ src/qemu/qemu_monitor.h | 3 + src/qemu/qemu_monitor_json.c | 15 ++ src/qemu/qemu_monitor_json.h | 5 + src/qemu/qemu_process.c | 6 + src/qemu/qemu_slirp.c | 126 ++----------- src/qemu/qemu_slirp.h | 4 +- src/qemu/test_libvirtd_qemu.aug.in | 1 + tests/Makefile.am | 1 + 27 files changed, 564 insertions(+), 331 deletions(-) -- 2.25.0.rc2.1.g09a9a1a997

6 31

[PATCH] admin: use g_autofree
by Gaurav Agrawal 28 Feb '20

28 Feb '20

From: GAURAV AGRAWAL <agrawalgaurav(a)gnome.org> Signed-off-by: Gaurav Agrawal <agrawalgaurav(a)gnome.org> --- src/admin/libvirt-admin.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/src/admin/libvirt-admin.c b/src/admin/libvirt-admin.c index 4099a54854..17d0eb39fe 100644 --- a/src/admin/libvirt-admin.c +++ b/src/admin/libvirt-admin.c @@ -111,7 +111,7 @@ getSocketPath(virURIPtr uri) virURIParamPtr param = &uri->params[i]; if (STREQ(param->name, "socket")) { - VIR_FREE(sock_path); + g_free(sock_path); sock_path = g_strdup(param->value); } else { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, @@ -203,11 +203,11 @@ virAdmGetDefaultURI(virConfPtr conf, char **uristr) virAdmConnectPtr virAdmConnectOpen(const char *name, unsigned int flags) { - char *sock_path = NULL; + g_autofree char *sock_path = NULL; char *alias = NULL; virAdmConnectPtr conn = NULL; g_autoptr(virConf) conf = NULL; - char *uristr = NULL; + g_autofree char *uristr = NULL; if (virAdmInitialize() < 0) goto error; @@ -233,7 +233,7 @@ virAdmConnectOpen(const char *name, unsigned int flags) goto error; if (alias) { - VIR_FREE(uristr); + g_free(uristr); uristr = alias; } @@ -251,16 +251,11 @@ virAdmConnectOpen(const char *name, unsigned int flags) if (remoteAdminConnectOpen(conn, flags) < 0) goto error; - cleanup: - VIR_FREE(sock_path); - VIR_FREE(uristr); return conn; error: virDispatchError(NULL); - virObjectUnref(conn); - conn = NULL; - goto cleanup; + return NULL; } /** -- 2.24.1

2 1

[PATCH 0/2] security: Handle non top parents better
by Michal Privoznik 28 Feb '20

28 Feb '20

See 2/2 for explanation. Michal Prívozník (2): security: Introduce VIR_SECURITY_DOMAIN_IMAGE_TOP_PARENT flag qemu: Tell secdrivers which images are top parent src/qemu/qemu_backup.c | 4 ++-- src/qemu/qemu_blockjob.c | 6 ++++-- src/qemu/qemu_checkpoint.c | 6 ++++-- src/qemu/qemu_domain.c | 15 +++++++++++++-- src/qemu/qemu_domain.h | 3 ++- src/qemu/qemu_driver.c | 15 ++++++++++----- src/qemu/qemu_process.c | 2 +- src/qemu/qemu_security.c | 6 +++++- src/qemu/qemu_security.h | 3 ++- src/security/security_dac.c | 16 +++++++++++----- src/security/security_manager.h | 1 + src/security/security_selinux.c | 18 ++++++++++++------ 12 files changed, 67 insertions(+), 28 deletions(-) -- 2.24.1

2 4

[PATCH v4 0/5] lxc: Add VCPU features for LXC
by Julio Faracco 27 Feb '20

27 Feb '20

This series cover a lots of functionalities to LXC VCPUs. It enables sharing some timer devices between host and LXC guest using `timer` settings. It still has other improvements related to VCPU and LXC such as virtual cpuinfo content based on VCPU settings and some better resource limits. Each patch has the description of the problem and what it is trying to fix. v1-v2: Add Daniel's comments and some cleanups. v2-v3: Remove dependency from patch 4 and 5. v3-v4: Missing cpuinfo file from Fuse Getattr handler. Julio Faracco (5): lxc: Add Real Time Clock device into allowed devices lxc: Add HPET device into allowed devices lxc: Replacing default strings definitions by g_autofree statement lxc: Implement virtual /proc/cpuinfo via LXC fuse lxc: Count max VCPUs based on cpuset.cpus in native config docs/formatdomain.html.in | 4 +- src/lxc/lxc_cgroup.c | 91 ++++++++- src/lxc/lxc_container.c | 62 ++++-- src/lxc/lxc_container.h | 2 + src/lxc/lxc_controller.c | 187 ++++++++++++------ src/lxc/lxc_fuse.c | 114 +++++++++-- src/lxc/lxc_native.c | 24 ++- .../lxcconf2xml-cpusettune.xml | 2 +- 8 files changed, 374 insertions(+), 112 deletions(-) -- 2.20.1

2 11

[libvirt PATCHv5 00/15] add virtiofs support (virtio-fs epopee)
by Ján Tomko 27 Feb '20

27 Feb '20

v4: https://www.redhat.com/archives/libvir-list/2020-February/msg00707.html v5: use priv->libDir for the pid file more validation checks cmd line escaping and memory leak fixes Ján Tomko (15): schema: wrap fsDriver in a choice group qemuExtDevicesStart: pass logManager qemu: pass virDomainObjPtr to qemuExtDevicesSetupCgroup qemuxml2xmltest: set driver as privileged qemu: add QEMU_CAPS_DEVICE_VHOST_USER_FS docs: add virtiofs kbase conf: qemu: add virtiofs fsdriver type conf: add virtiofs-related elements and attributes qemu: add virtiofsd_debug to qemu.conf qemu: validate virtiofs filesystems qemu: forbid migration with vhost-user-fs device qemu: add code for handling virtiofsd qemu: put virtiofsd in the emulator cgroup qemu: use the vhost-user schemas to find binary qemu: build vhost-user-fs device command line docs/formatdomain.html.in | 35 +- docs/kbase.html.in | 3 + docs/kbase/virtiofs.rst | 152 ++++++++ docs/schemas/domaincommon.rng | 88 ++++- po/POTFILES.in | 1 + src/conf/domain_conf.c | 105 +++++- src/conf/domain_conf.h | 16 + src/libvirt_private.syms | 1 + src/qemu/Makefile.inc.am | 2 + src/qemu/libvirtd_qemu.aug | 1 + src/qemu/qemu.conf | 7 + src/qemu/qemu_capabilities.c | 4 + src/qemu/qemu_capabilities.h | 3 + src/qemu/qemu_cgroup.c | 2 +- src/qemu/qemu_command.c | 48 ++- src/qemu/qemu_conf.c | 2 + src/qemu/qemu_conf.h | 1 + src/qemu/qemu_domain.c | 87 ++++- src/qemu/qemu_domain.h | 2 +- src/qemu/qemu_domain_address.c | 4 + src/qemu/qemu_extdevice.c | 46 ++- src/qemu/qemu_extdevice.h | 3 +- src/qemu/qemu_migration.c | 10 + src/qemu/qemu_process.c | 4 +- src/qemu/qemu_vhost_user.c | 39 ++ src/qemu/qemu_vhost_user.h | 4 + src/qemu/qemu_virtiofs.c | 338 ++++++++++++++++++ src/qemu/qemu_virtiofs.h | 46 +++ src/qemu/test_libvirtd_qemu.aug.in | 1 + .../caps_4.2.0.aarch64.xml | 1 + .../qemucapabilitiesdata/caps_4.2.0.s390x.xml | 1 + .../caps_4.2.0.x86_64.xml | 1 + .../caps_5.0.0.aarch64.xml | 1 + .../caps_5.0.0.x86_64.xml | 1 + ...vhost-user-fs-fd-memory.x86_64-latest.args | 39 ++ .../vhost-user-fs-fd-memory.xml | 43 +++ ...vhost-user-fs-hugepages.x86_64-latest.args | 47 +++ .../vhost-user-fs-hugepages.xml | 75 ++++ tests/qemuxml2argvtest.c | 14 + .../vhost-user-fs-fd-memory.x86_64-latest.xml | 1 + .../vhost-user-fs-hugepages.x86_64-latest.xml | 1 + tests/qemuxml2xmltest.c | 4 + 42 files changed, 1257 insertions(+), 27 deletions(-) create mode 100644 docs/kbase/virtiofs.rst create mode 100644 src/qemu/qemu_virtiofs.c create mode 100644 src/qemu/qemu_virtiofs.h create mode 100644 tests/qemuxml2argvdata/vhost-user-fs-fd-memory.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/vhost-user-fs-fd-memory.xml create mode 100644 tests/qemuxml2argvdata/vhost-user-fs-hugepages.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/vhost-user-fs-hugepages.xml create mode 120000 tests/qemuxml2xmloutdata/vhost-user-fs-fd-memory.x86_64-latest.xml create mode 120000 tests/qemuxml2xmloutdata/vhost-user-fs-hugepages.x86_64-latest.xml -- 2.24.1

5 24

[PATCH 0/2] (for 6.1) docs: kbase/news additions
by Peter Krempa 27 Feb '20

27 Feb '20

Peter Krempa (2): kbase: backing_chains: Add steps how to securely probe image format news: Document recent storage improvements docs/kbase/backing_chains.rst | 15 +++++++++++++++ docs/news.xml | 23 +++++++++++++++++++++++ 2 files changed, 38 insertions(+) -- 2.24.1

2 4

[libvirt PATCH] ci: Drop handling of $PKG_CONFIG_LIBDIR
by Andrea Bolognani 27 Feb '20

27 Feb '20

As of libvirt-jenkins-ci commit e41e341f0d8f, we no longer bake this environment variable into our container images. Signed-off-by: Andrea Bolognani <abologna(a)redhat.com> --- ci/Makefile | 4 ---- 1 file changed, 4 deletions(-) diff --git a/ci/Makefile b/ci/Makefile index 577b130d2f..bc1dac11e3 100644 --- a/ci/Makefile +++ b/ci/Makefile @@ -216,15 +216,11 @@ ci-run-command@%: ci-prepare-tree $(CI_ENGINE) run $(CI_ENGINE_ARGS) $(CI_IMAGE_PREFIX)$*$(CI_IMAGE_TAG) \ /bin/bash -c ' \ $(CI_USER_HOME)/prepare || exit 1; \ - if test "$$PKG_CONFIG_LIBDIR"; then \ - pkgconfig_env="PKG_CONFIG_LIBDIR=$$PKG_CONFIG_LIBDIR"; \ - fi; \ sudo \ --login \ --user="#$(CI_UID)" \ --group="#$(CI_GID)" \ CONFIGURE_OPTS="$$CONFIGURE_OPTS" \ - $$pkgconfig_env \ CI_CONT_SRCDIR="$(CI_CONT_SRCDIR)" \ CI_CONT_BUILDDIR="$(CI_CONT_BUILDDIR)" \ CI_SMP="$(CI_SMP)" \ -- 2.24.1

2 1

[libvirt PATCH 0/2] conf: only allow virtio bus for input passthrough
by Ján Tomko 26 Feb '20

26 Feb '20

https://bugzilla.redhat.com/show_bug.cgi?id=1724928 Ján Tomko (2): conf: only allow virtio bus for input passthrough conf: default to virtio bus for input passthrough src/conf/domain_conf.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) -- 2.24.1

2 3

[libvirt PATCH] daemon: set default memlock limit for systemd service
by Pavel Hrdina 26 Feb '20

26 Feb '20

The default memlock limit is 64k which is not enough to start a single VM. The requirements for one VM are 12k, 8k for eBPF map and 4k for eBPF program, however, it fails to create eBPF map and program with 64k limit. By testing I figured out that the minimal limit is 80k to start a single VM with functional eBPF and if I add 12k I can start another one. This leads into following calculation: 80k as memlock limit worked to start a VM with eBPF which means there is 68k of lock memory that I was not able to figure out what was using it. So to get a number for 4096 VMs: 68 + 12 * 4096 = 49220 If we round it up we will get 49M of memory lock limit to support 4096 VMs with default map size which can hold 64 entries for devices. This should be good enough as a sane default and users can change it if the need to. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1807090 Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com> --- src/remote/libvirtd.service.in | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/remote/libvirtd.service.in b/src/remote/libvirtd.service.in index 9c8c54a2ef..8a3ace5bdb 100644 --- a/src/remote/libvirtd.service.in +++ b/src/remote/libvirtd.service.in @@ -40,6 +40,11 @@ LimitNOFILE=8192 # A conservative default of 8 tasks per guest results in a TasksMax of # 32k to support 4096 guests. TasksMax=32768 +# With cgroups v2 there is no devices controller anymore, we have to use +# eBPF to control access to devices. In order to do that we create a eBPF +# hash MAP which locked memory. The default map size for 64 devices together +# with program takes 12k per guest which results in 49M to support 4096 guests. +LimitMEMLOCK=49M [Install] WantedBy=multi-user.target -- 2.24.1

4 5

[libvirt PATCH] docs: fix docs about bandwidth setting with bridge networks
by Daniel P. Berrangé 26 Feb '20

26 Feb '20

We now support setting bandwidth on networks with type bridge. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- docs/formatnetwork.html.in | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/formatnetwork.html.in b/docs/formatnetwork.html.in index 3d807ecab6..ec055c8360 100644 --- a/docs/formatnetwork.html.in +++ b/docs/formatnetwork.html.in @@ -548,10 +548,10 @@ (<span class="since">since 0.9.4</span>). Setting <code>bandwidth</code> for a network is supported only for networks with a <code><forward></code> mode - of <code>route</code>, <code>nat</code>, or no mode at all - (i.e. an "isolated" network). Setting <code>bandwidth</code> - is <b>not</b> supported for forward modes - of <code>bridge</code>, <code>passthrough</code>, <code>private</code>, + of <code>route</code>, <code>nat</code>, <code>bridge</code>, + or no mode at all (i.e. an "isolated" network). Setting + <code>bandwidth</code> is <b>not</b> supported for forward modes + <code>passthrough</code>, <code>private</code>, or <code>hostdev</code>. Attempts to do this will lead to a failure to define the network or to create a transient network. </p> -- 2.24.1

2 1

[PATCH] docs: document port isolated property in domain/network/networkport
by Laine Stump 26 Feb '20

26 Feb '20

Signed-off-by: Laine Stump <laine(a)redhat.com> --- I had thought I'd included documentation with the patch that added parsing/formatting for this, but after crobinso noticed it was missing, I realized that I had only put documentation in an earlier version of the patches (that put the option inside <virtualport>). Oops :-/ docs/formatdomain.html.in | 31 +++++++++++++++++++++++++++++++ docs/formatnetwork.html.in | 25 +++++++++++++++++++++++++ docs/formatnetworkport.html.in | 11 +++++++++++ 3 files changed, 67 insertions(+) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 4fef2a0a97..28770188dd 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -6539,6 +6539,37 @@ qemu-kvm -net nic,model=? /dev/null traffic for that VLAN will be tagged. </p> + <h5><a id="elementPort">Isolating guests's network traffic from each other</a></h5> + +<pre> +... +<devices> + <interface type='network'> + <source network='default'/> + <b><port isolated='yes'/></b> + </interface> +</devices> +...</pre> + + <p> + <span class="since">Since 6.1.0.</span> The <code>port</code> + element property <code>isolated</code>, when set + to <code>yes</code> (default setting is <code>no</code>) is used + to isolate this interface's network traffic from that of other + guest interfaces connected to the same network that also + have <code><port isolated='yes'/></code>. This setting is + only supported for emulated interface devices that use a + standard tap device to connect to the network via a Linux host + bridge. This property can be inherited from a libvirt network, + so if all guests that will be connected to the network should be + isolated, it is better to put the setting in the network + configuration. (NB: this only prevents guests that + have <code>isolated='yes'</code> from communicating with each + other; if there is a guest on the same bridge that doesn't + have <code>isolated='yes'</code>, even the isolated guests will + be able to communicate with it.) + </p> + <h5><a id="elementLink">Modifying virtual link state</a></h5> <pre> ... diff --git a/docs/formatnetwork.html.in b/docs/formatnetwork.html.in index 3d807ecab6..f1e7ce5e4e 100644 --- a/docs/formatnetwork.html.in +++ b/docs/formatnetwork.html.in @@ -729,6 +729,31 @@ or <code><interface></code>. </p> + <h5><a id="elementPort">Isolating ports from one another</a></h5> + +<pre> +<network> + <name>isolated-ports</name> + <forward mode='bridge'/> + <bridge name='br0'/> + <port isolated='yes'/> +</network> +</pre> + + <p> + <span class="since">Since 6.1.0.</span> The <code>port</code> + element property <code>isolated</code>, when set + to <code>yes</code> (default setting is <code>no</code>) is used + to isolate the network traffic of each guest on the network from + all other guests connected to the network; it does not have an + effect on communication between the guests and the host, or + between the guests and destinations beyond this network. This + setting is only supported for networks that use a Linux host + bridge to connect guest interfaces via a standard tap device + (i.e. those with a forward mode of nat, route, open, bridge, or + no forward mode). + </p> + <h5><a id="elementsPortgroup">Portgroups</a></h5> <pre> diff --git a/docs/formatnetworkport.html.in b/docs/formatnetworkport.html.in index 0425e069ce..199a05f929 100644 --- a/docs/formatnetworkport.html.in +++ b/docs/formatnetworkport.html.in @@ -84,6 +84,7 @@ <outbound average='128' peak='256' burst='256'/> </bandwidth> <rxfilters trustGuest='yes'/> + <port isolated='yes'/> <virtualport type='802.1Qbg'> <parameters managerid='11' typeid='1193047' typeidversion='2'/> </virtualport> @@ -110,6 +111,16 @@ only supported for the virtio device model and for macvtap connections on the host. </dd> + <dt><code>port</code></dt> + <dd> <span class="since">Since 6.1.0.</span> + The <code>port</code> element property + <code>isolated</code>, when set to <code>yes</code> (default + setting is <code>no</code>) is used to isolate this port's + network traffic from other ports on the same network that also + have <code><port isolated='yes'/></code>. This setting + is only supported for emulated network devices connected to a + Linux host bridge via a standard tap device. + </dd> <dt><code>virtualport</code></dt> <dd>The <code>virtualport</code> element describes metadata that needs to be provided to the underlying network subsystem. It -- 2.24.1

2 1

[PATCH 0/7] qemu: Use 'flat' version of query-named-block-nodes
by Peter Krempa 26 Feb '20

26 Feb '20

Don't request the recursive output since we don't use it. Peter Krempa (7): tests: qemucapabilities: Update capabilities of qemu-5.0.0 on x86_64 qemu: monitor: Remove leftovers from password callback qemu: capabilities: Add capability for the 'flat' argument of 'query-named-block-nodes' qemu: monitor: Refactor variable cleanup in qemuMonitorJSONQueryNamedBlockNodes qemuCheckpointDiscardBitmaps: Use qemuBlockGetNamedNodeData qemu: monitor: Add 'flat' parameter for qemuMonitorJSONQueryNamedBlockNodes qemu: Don't request nested entries in qemuBlockGetNamedNodeData src/qemu/qemu_block.c | 4 +- src/qemu/qemu_capabilities.c | 4 + src/qemu/qemu_capabilities.h | 3 + src/qemu/qemu_checkpoint.c | 4 +- src/qemu/qemu_monitor.c | 9 +- src/qemu/qemu_monitor.h | 12 +- src/qemu/qemu_monitor_json.c | 31 +- src/qemu/qemu_monitor_json.h | 6 +- .../caps_5.0.0.x86_64.replies | 6185 +++++++++-------- .../caps_5.0.0.x86_64.xml | 3 +- 10 files changed, 3388 insertions(+), 2873 deletions(-) -- 2.24.1

2 14

[libvirt PATCHv4 00/15] add virtiofs support (virtio-fs epopee)
by Ján Tomko 26 Feb '20

26 Feb '20

For: https://bugzilla.redhat.com/show_bug.cgi?id=1694166 v3: https://www.redhat.com/archives/libvir-list/2020-January/msg01401.html v4: * place virtiofsd into the emulator cgroup * do not leak the log file descriptor * better validation of the path existence and shared memory support * run as root:root explicitly * correctly use listification in RST document bonus: 15/15 wip for SELinux integration Avaliable on my repo (except for the bonus round) git fetch https://repo.or.cz/libvirt/jtomko.git virtiofs-v4 TODO: * a bug against selinux-policy * address the inconsistency of some downstreams wrt placing the json files into /usr/share/qemu vs. /usr/share/qemu-kvm: https://bugzilla.redhat.com/show_bug.cgi?id=1804196 Daniel P. Berrangé (1): docs: reduce excessive spacing in ToC for RST files Ján Tomko (14): schema: wrap fsDriver in a choice group qemuExtDevicesStart: pass logManager qemu: add QEMU_CAPS_VHOST_USER_FS docs: add virtiofs kbase conf: qemu: add virtiofs fsdriver type conf: add virtiofs-related elements and attributes qemu: add virtiofsd_debug to qemu.conf qemu: validate virtiofs filesystems qemu: forbid migration with vhost-user-fs device qemu: add code for handling virtiofsd qemu: put virtiofsd in the emulator cgroup qemu: use the vhost-user schemas to find binary qemu: build vhost-user-fs device command line wip: SELinux integration for virtiofsd docs/formatdomain.html.in | 35 +- docs/kbase.html.in | 3 + docs/kbase/virtiofs.rst | 152 ++++++++ docs/libvirt.css | 4 + docs/schemas/domaincommon.rng | 88 ++++- po/POTFILES.in | 1 + src/conf/domain_conf.c | 108 +++++- src/conf/domain_conf.h | 16 + src/libvirt_private.syms | 2 + src/qemu/Makefile.inc.am | 2 + src/qemu/libvirtd_qemu.aug | 1 + src/qemu/qemu.conf | 7 + src/qemu/qemu_capabilities.c | 4 + src/qemu/qemu_capabilities.h | 3 + src/qemu/qemu_command.c | 47 ++- src/qemu/qemu_conf.c | 2 + src/qemu/qemu_conf.h | 1 + src/qemu/qemu_domain.c | 66 +++- src/qemu/qemu_domain.h | 2 +- src/qemu/qemu_domain_address.c | 4 + src/qemu/qemu_extdevice.c | 43 +++ src/qemu/qemu_extdevice.h | 1 + src/qemu/qemu_migration.c | 10 + src/qemu/qemu_process.c | 4 +- src/qemu/qemu_security.c | 40 ++ src/qemu/qemu_security.h | 7 + src/qemu/qemu_vhost_user.c | 40 ++ src/qemu/qemu_vhost_user.h | 4 + src/qemu/qemu_virtiofs.c | 341 ++++++++++++++++++ src/qemu/qemu_virtiofs.h | 48 +++ src/qemu/test_libvirtd_qemu.aug.in | 1 + src/security/security_dac.c | 20 + src/security/security_driver.h | 2 + src/security/security_manager.c | 12 + src/security/security_manager.h | 4 + src/security/security_nop.c | 1 + src/security/security_selinux.c | 69 ++++ src/security/security_stack.c | 19 + .../caps_4.2.0.aarch64.xml | 1 + .../qemucapabilitiesdata/caps_4.2.0.s390x.xml | 1 + .../caps_4.2.0.x86_64.xml | 1 + .../caps_5.0.0.aarch64.xml | 1 + .../caps_5.0.0.x86_64.xml | 1 + ...vhost-user-fs-fd-memory.x86_64-latest.args | 39 ++ .../vhost-user-fs-fd-memory.xml | 43 +++ ...vhost-user-fs-hugepages.x86_64-latest.args | 47 +++ .../vhost-user-fs-hugepages.xml | 75 ++++ tests/qemuxml2argvtest.c | 14 + .../vhost-user-fs-fd-memory.x86_64-latest.xml | 1 + .../vhost-user-fs-hugepages.x86_64-latest.xml | 1 + tests/qemuxml2xmltest.c | 3 + 51 files changed, 1420 insertions(+), 22 deletions(-) create mode 100644 docs/kbase/virtiofs.rst create mode 100644 src/qemu/qemu_virtiofs.c create mode 100644 src/qemu/qemu_virtiofs.h create mode 100644 tests/qemuxml2argvdata/vhost-user-fs-fd-memory.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/vhost-user-fs-fd-memory.xml create mode 100644 tests/qemuxml2argvdata/vhost-user-fs-hugepages.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/vhost-user-fs-hugepages.xml create mode 120000 tests/qemuxml2xmloutdata/vhost-user-fs-fd-memory.x86_64-latest.xml create mode 120000 tests/qemuxml2xmloutdata/vhost-user-fs-hugepages.x86_64-latest.xml -- 2.24.1

4 34

[PATCH] network: bridge_driver: Use new helpers for storing libvirt errors
by Gaurav Agrawal 25 Feb '20

25 Feb '20

From: GAURAV AGRAWAL <agrawalgaurav(a)gnome.org> Signed-off-by: Gaurav Agrawal <agrawalgaurav(a)gnome.org> --- src/network/bridge_driver_linux.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_linux.c index 7bbde5c6a9..fde33b5d38 100644 --- a/src/network/bridge_driver_linux.c +++ b/src/network/bridge_driver_linux.c @@ -22,6 +22,7 @@ #include <config.h> #include "viralloc.h" +#include "virerror.h" #include "virfile.h" #include "viriptables.h" #include "virstring.h" @@ -53,7 +54,7 @@ static void networkSetupPrivateChains(void) if (rc < 0) { VIR_DEBUG("Failed to create global IPv4 chains: %s", virGetLastErrorMessage()); - errInitV4 = virSaveLastError(); + virErrorPreserveLast(&errInitV4); virResetLastError(); } else { virFreeError(errInitV4); @@ -70,7 +71,7 @@ static void networkSetupPrivateChains(void) if (rc < 0) { VIR_DEBUG("Failed to create global IPv6 chains: %s", virGetLastErrorMessage()); - errInitV6 = virSaveLastError(); + virErrorPreserveLast(&errInitV6); virResetLastError(); } else { virFreeError(errInitV6); -- 2.24.1

3 5

Plans for next release
by Daniel Veillard 25 Feb '20

25 Feb '20

I'm a bit late, but it seems that if we freeze tomorrow, then RC2 could be provided on Friday and if everythig looks fine we can push 6.1.0 on Monday 2nd, so that's the plan, I hope this works for everyone ! Daniel -- Daniel Veillard | Red Hat Developers Tools http://developer.redhat.com/ veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | virtualization library http://libvirt.org/

1 0

[libvirt PATCH 0/8] Include networkportdef.h in domain_conf.h
by Ján Tomko 25 Feb '20

25 Feb '20

The netdev_bandwidth_conf module contains XML parsing and formatting functions operating on types from util/virnetdevbandwidth.h as well as helper functions using types from domain_conf.h and network_conf.h It does not, however, introduce any new types, so there's no need to include its header in other header files. Move its inclusion in networkportdef.h to the corresponding networkportdef.c file, where it's used, which clears the path for networkportdef.h inclusion in domain_conf.h. Patch 1 is unrelated; Patch 5 was intended to help remove the dependency of the header file on network_conf.h (by passing int instead of enum) and patch 6 would lessen the dependency from domain_conf.h to virconftypes.h, but later I realized this might not be necessary. (Thanks, Pavel!) Ján Tomko (8): conf: virnwfilterbindingdef: include virxml.h bridge: include netdev_bandwidth_conf.h conf: virnetworkportdef: include virnetdevmacvlan conf: rename virNetDevSupportBandwidth to virNetDevSupportsBandwidth conf: virNetDevSupportsBandwidth: move into the C file conf: do not pass vm object to virDomainClearNetBandwidth conf: reduce includes in virnetworkportdef.h conf: include virnetworkportdef.h in domain_conf.h src/conf/domain_conf.h | 6 +----- src/conf/netdev_bandwidth_conf.c | 35 ++++++++++++++++++++++++++------ src/conf/netdev_bandwidth_conf.h | 26 ++---------------------- src/conf/virnetworkportdef.c | 5 +++++ src/conf/virnetworkportdef.h | 3 --- src/conf/virnwfilterbindingdef.h | 1 + src/libvirt_private.syms | 1 + src/lxc/lxc_driver.c | 4 ++-- src/lxc/lxc_process.c | 2 +- src/network/bridge_driver.c | 2 ++ src/qemu/qemu_command.c | 2 +- src/qemu/qemu_driver.c | 4 ++-- src/qemu/qemu_hotplug.c | 4 ++-- src/qemu/qemu_process.c | 2 +- 14 files changed, 50 insertions(+), 47 deletions(-) -- 2.24.1

3 12

[libvirt PATCH] qemu: Do not set default CPU for archs without CPU driver
by Jiri Denemark 25 Feb '20

25 Feb '20

Whenever there is a guest CPU configured in domain XML, we will call some CPU driver APIs to validate the CPU definition and check its compatibility with the hypervisor. Thus domains with guest CPU specification can only be started if the guest architecture is supported by the CPU driver. But we would add a default CPU to any domain as long as QEMU reports it causing failures to start any domain on affected architectures. https://bugzilla.redhat.com/show_bug.cgi?id=1805755 Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com> --- src/cpu/cpu.c | 24 ++++++++++++++++++++++++ src/cpu/cpu.h | 3 +++ src/libvirt_private.syms | 1 + src/qemu/qemu_domain.c | 3 +++ 4 files changed, 31 insertions(+) diff --git a/src/cpu/cpu.c b/src/cpu/cpu.c index ae3a0acc10..6d6191fe4e 100644 --- a/src/cpu/cpu.c +++ b/src/cpu/cpu.c @@ -1096,3 +1096,27 @@ virCPUDataAddFeature(virCPUDataPtr cpuData, return driver->dataAddFeature(cpuData, name); } + + +/** + * virCPUArchIsSupported: + * + * @arch: CPU architecture + * + * Returns true if the architecture is supported by any CPU driver. + */ +bool +virCPUArchIsSupported(virArch arch) +{ + size_t i; + size_t j; + + for (i = 0; i < G_N_ELEMENTS(drivers); i++) { + for (j = 0; j < drivers[i]->narch; j++) { + if (arch == drivers[i]->arch[j]) + return true; + } + } + + return false; +} diff --git a/src/cpu/cpu.h b/src/cpu/cpu.h index 2e8b8923ae..f779d2be17 100644 --- a/src/cpu/cpu.h +++ b/src/cpu/cpu.h @@ -265,6 +265,9 @@ int virCPUDataAddFeature(virCPUDataPtr cpuData, const char *name); +bool +virCPUArchIsSupported(virArch arch); + /* virCPUDataFormat and virCPUDataParse are implemented for unit tests only and * have no real-life usage */ diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 9d172d3bd0..e27b6f29bc 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1309,6 +1309,7 @@ virStoragePoolObjVolumeListExport; # cpu/cpu.h cpuDecode; cpuEncode; +virCPUArchIsSupported; virCPUBaseline; virCPUCheckFeature; virCPUCompare; diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 446a517df9..7d274a4fa5 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -4576,6 +4576,9 @@ qemuDomainDefSetDefaultCPU(virDomainDefPtr def, def->cpu->model)) return 0; + if (!virCPUArchIsSupported(def->os.arch)) + return 0; + /* Default CPU model info from QEMU is usable for TCG only except for * x86, s390, and ppc64. */ if (!ARCH_IS_X86(def->os.arch) && -- 2.25.1

2 1

[PATCH] virt-aa-helper: Fix build by including virutil.h
by Jim Fehlig 25 Feb '20

25 Feb '20

Commit fb01e1a44d missed including virutil.h, causing the following compilation error ../../src/security/virt-aa-helper.c:1055:43: error: implicit declaration of function 'virHostGetDRMRenderNode' [-Werror=implicit-function-declaration] 1055 | char *defaultRenderNode = virHostGetDRMRenderNode(); Signed-off-by: Jim Fehlig <jfehlig(a)suse.com> --- Pushing under the build-breaker rule. src/security/virt-aa-helper.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 6f36652c7c..b6f58efdea 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -41,6 +41,7 @@ #include "virxml.h" #include "viruuid.h" #include "virusb.h" +#include "virutil.h" #include "virpci.h" #include "virfile.h" #include "configmake.h" -- 2.25.0

3 3

[libvirt PATCH] tests: fix missing test data for network port XML
by Daniel P. Berrangé 25 Feb '20

25 Feb '20

The network port XML files were not including any usage of vlan tags or port options, and one of the files was not even processed. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- tests/virnetworkportxml2xmldata/plug-network.xml | 5 +++++ tests/virnetworkportxml2xmltest.c | 1 + 2 files changed, 6 insertions(+) diff --git a/tests/virnetworkportxml2xmldata/plug-network.xml b/tests/virnetworkportxml2xmldata/plug-network.xml index a3a8899148..8e7fc6d010 100644 --- a/tests/virnetworkportxml2xmldata/plug-network.xml +++ b/tests/virnetworkportxml2xmldata/plug-network.xml @@ -10,6 +10,11 @@ <inbound average='1000' peak='4000' floor='2000' burst='1024'/> <outbound average='128' peak='256' burst='32768'/> </bandwidth> + <vlan trunk='yes'> + <tag id='2'/> + <tag id='1729'/> + </vlan> + <port isolated='yes'/> <rxfilters trustGuest='yes'/> <plug type='network' bridge='virbr0'/> </networkport> diff --git a/tests/virnetworkportxml2xmltest.c b/tests/virnetworkportxml2xmltest.c index 1b2175dd9d..039da96490 100644 --- a/tests/virnetworkportxml2xmltest.c +++ b/tests/virnetworkportxml2xmltest.c @@ -94,6 +94,7 @@ mymain(void) DO_TEST("plug-bridge-mactbl"); DO_TEST("plug-direct"); DO_TEST("plug-hostdev-pci"); + DO_TEST("plug-network"); return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; } -- 2.24.1

2 1

[libvirt-dockerfiles PATCH] Refresh after changes to cross-building environments
by Andrea Bolognani 25 Feb '20

25 Feb '20

The new configurations are simpler and more reliable. The corresponding libvirt-jenkins-ci commit is 483dfc62c86f. Signed-off-by: Andrea Bolognani <abologna(a)redhat.com> --- As usual, this is merely the plain-text representation of a binary patch. Pushed under the Dockerfile update rule. ...denv-libosinfo-fedora-30-cross-mingw32.zip | Bin 687 -> 629 bytes ...denv-libosinfo-fedora-30-cross-mingw64.zip | Bin 689 -> 631 bytes buildenv-libvirt-debian-10-cross-aarch64.zip | Bin 1021 -> 982 bytes buildenv-libvirt-debian-10-cross-armv6l.zip | Bin 1014 -> 974 bytes buildenv-libvirt-debian-10-cross-armv7l.zip | Bin 1019 -> 983 bytes buildenv-libvirt-debian-10-cross-i686.zip | Bin 1016 -> 981 bytes buildenv-libvirt-debian-10-cross-mips.zip | Bin 1011 -> 974 bytes buildenv-libvirt-debian-10-cross-mips64el.zip | Bin 1022 -> 985 bytes buildenv-libvirt-debian-10-cross-mipsel.zip | Bin 1016 -> 982 bytes buildenv-libvirt-debian-10-cross-ppc64le.zip | Bin 1024 -> 985 bytes buildenv-libvirt-debian-10-cross-s390x.zip | Bin 1011 -> 977 bytes buildenv-libvirt-debian-9-cross-aarch64.zip | Bin 1053 -> 1018 bytes buildenv-libvirt-debian-9-cross-armv6l.zip | Bin 1045 -> 1009 bytes buildenv-libvirt-debian-9-cross-armv7l.zip | Bin 1050 -> 1014 bytes buildenv-libvirt-debian-9-cross-mips.zip | Bin 1044 -> 1010 bytes buildenv-libvirt-debian-9-cross-mips64el.zip | Bin 1056 -> 1021 bytes buildenv-libvirt-debian-9-cross-mipsel.zip | Bin 1048 -> 1014 bytes buildenv-libvirt-debian-9-cross-ppc64le.zip | Bin 1057 -> 1017 bytes buildenv-libvirt-debian-9-cross-s390x.zip | Bin 1045 -> 1013 bytes buildenv-libvirt-debian-sid-cross-aarch64.zip | Bin 1020 -> 986 bytes buildenv-libvirt-debian-sid-cross-armv6l.zip | Bin 1013 -> 978 bytes buildenv-libvirt-debian-sid-cross-armv7l.zip | Bin 1019 -> 982 bytes buildenv-libvirt-debian-sid-cross-i686.zip | Bin 1016 -> 981 bytes ...denv-libvirt-debian-sid-cross-mips64el.zip | Bin 1022 -> 985 bytes buildenv-libvirt-debian-sid-cross-mipsel.zip | Bin 1013 -> 974 bytes buildenv-libvirt-debian-sid-cross-ppc64le.zip | Bin 1023 -> 986 bytes buildenv-libvirt-debian-sid-cross-s390x.zip | Bin 1011 -> 977 bytes buildenv-libvirt-fedora-30-cross-mingw32.zip | Bin 958 -> 897 bytes buildenv-libvirt-fedora-30-cross-mingw64.zip | Bin 960 -> 899 bytes 29 files changed, 0 insertions(+), 0 deletions(-) diff --git a/buildenv-libosinfo-fedora-30-cross-mingw32.zip b/buildenv-libosinfo-fedora-30-cross-mingw32.zip index f70be8d..ff8776c 100644 --- a/buildenv-libosinfo-fedora-30-cross-mingw32.zip +++ b/buildenv-libosinfo-fedora-30-cross-mingw32.zip @@ -65,6 +65,4 @@ RUN dnf install -y \ ENV LANG "en_US.UTF-8" ENV ABI "i686-w64-mingw32" -ENV CONFIGURE_OPTS "--host=i686-w64-mingw32 \ - --target=i686-w64-mingw32" -ENV PKG_CONFIG_LIBDIR "/usr/i686-w64-mingw32/sys-root/mingw/lib/pkgconfig:/usr/i686-w64-mingw32/sys-root/mingw/share/pkgconfig" +ENV CONFIGURE_OPTS "--host=i686-w64-mingw32" diff --git a/buildenv-libosinfo-fedora-30-cross-mingw64.zip b/buildenv-libosinfo-fedora-30-cross-mingw64.zip index 7f75981..24f38bc 100644 --- a/buildenv-libosinfo-fedora-30-cross-mingw64.zip +++ b/buildenv-libosinfo-fedora-30-cross-mingw64.zip @@ -65,6 +65,4 @@ RUN dnf install -y \ ENV LANG "en_US.UTF-8" ENV ABI "x86_64-w64-mingw32" -ENV CONFIGURE_OPTS "--host=x86_64-w64-mingw32 \ - --target=x86_64-w64-mingw32" -ENV PKG_CONFIG_LIBDIR "/usr/x86_64-w64-mingw32/sys-root/mingw/lib/pkgconfig:/usr/x86_64-w64-mingw32/sys-root/mingw/share/pkgconfig" +ENV CONFIGURE_OPTS "--host=x86_64-w64-mingw32" diff --git a/buildenv-libvirt-debian-10-cross-aarch64.zip b/buildenv-libvirt-debian-10-cross-aarch64.zip index 6ae4014..9bdfe9c 100644 --- a/buildenv-libvirt-debian-10-cross-aarch64.zip +++ b/buildenv-libvirt-debian-10-cross-aarch64.zip @@ -64,6 +64,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ dpkg --add-architecture arm64 && \ apt-get update && \ apt-get dist-upgrade -y && \ + apt-get install --no-install-recommends -y dpkg-dev && \ apt-get install --no-install-recommends -y \ gcc-aarch64-linux-gnu \ libacl1-dev:arm64 \ @@ -108,6 +109,4 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ ENV LANG "en_US.UTF-8" ENV ABI "aarch64-linux-gnu" -ENV CONFIGURE_OPTS "--host=aarch64-linux-gnu \ - --target=aarch64-linux-gnu" -ENV PKG_CONFIG_LIBDIR "/usr/lib/aarch64-linux-gnu/pkgconfig" +ENV CONFIGURE_OPTS "--host=aarch64-linux-gnu" diff --git a/buildenv-libvirt-debian-10-cross-armv6l.zip b/buildenv-libvirt-debian-10-cross-armv6l.zip index bc4512a..84df535 100644 --- a/buildenv-libvirt-debian-10-cross-armv6l.zip +++ b/buildenv-libvirt-debian-10-cross-armv6l.zip @@ -64,6 +64,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ dpkg --add-architecture armel && \ apt-get update && \ apt-get dist-upgrade -y && \ + apt-get install --no-install-recommends -y dpkg-dev && \ apt-get install --no-install-recommends -y \ gcc-arm-linux-gnueabi \ libacl1-dev:armel \ @@ -106,6 +107,4 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ ENV LANG "en_US.UTF-8" ENV ABI "arm-linux-gnueabi" -ENV CONFIGURE_OPTS "--host=arm-linux-gnueabi \ - --target=arm-linux-gnueabi" -ENV PKG_CONFIG_LIBDIR "/usr/lib/arm-linux-gnueabi/pkgconfig" +ENV CONFIGURE_OPTS "--host=arm-linux-gnueabi" diff --git a/buildenv-libvirt-debian-10-cross-armv7l.zip b/buildenv-libvirt-debian-10-cross-armv7l.zip index ad30527..fa1b9ce 100644 --- a/buildenv-libvirt-debian-10-cross-armv7l.zip +++ b/buildenv-libvirt-debian-10-cross-armv7l.zip @@ -64,6 +64,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ dpkg --add-architecture armhf && \ apt-get update && \ apt-get dist-upgrade -y && \ + apt-get install --no-install-recommends -y dpkg-dev && \ apt-get install --no-install-recommends -y \ gcc-arm-linux-gnueabihf \ libacl1-dev:armhf \ @@ -107,6 +108,4 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ ENV LANG "en_US.UTF-8" ENV ABI "arm-linux-gnueabihf" -ENV CONFIGURE_OPTS "--host=arm-linux-gnueabihf \ - --target=arm-linux-gnueabihf" -ENV PKG_CONFIG_LIBDIR "/usr/lib/arm-linux-gnueabihf/pkgconfig" +ENV CONFIGURE_OPTS "--host=arm-linux-gnueabihf" diff --git a/buildenv-libvirt-debian-10-cross-i686.zip b/buildenv-libvirt-debian-10-cross-i686.zip index 9cd596a..22903cf 100644 --- a/buildenv-libvirt-debian-10-cross-i686.zip +++ b/buildenv-libvirt-debian-10-cross-i686.zip @@ -64,6 +64,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ dpkg --add-architecture i386 && \ apt-get update && \ apt-get dist-upgrade -y && \ + apt-get install --no-install-recommends -y dpkg-dev && \ apt-get install --no-install-recommends -y \ gcc-i686-linux-gnu \ libacl1-dev:i386 \ @@ -107,6 +108,4 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ ENV LANG "en_US.UTF-8" ENV ABI "i686-linux-gnu" -ENV CONFIGURE_OPTS "--host=i686-linux-gnu \ - --target=i686-linux-gnu" -ENV PKG_CONFIG_LIBDIR "/usr/lib/i386-linux-gnu/pkgconfig" +ENV CONFIGURE_OPTS "--host=i686-linux-gnu" diff --git a/buildenv-libvirt-debian-10-cross-mips.zip b/buildenv-libvirt-debian-10-cross-mips.zip index 2258a26..2beba75 100644 --- a/buildenv-libvirt-debian-10-cross-mips.zip +++ b/buildenv-libvirt-debian-10-cross-mips.zip @@ -64,6 +64,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ dpkg --add-architecture mips && \ apt-get update && \ apt-get dist-upgrade -y && \ + apt-get install --no-install-recommends -y dpkg-dev && \ apt-get install --no-install-recommends -y \ gcc-mips-linux-gnu \ libacl1-dev:mips \ @@ -107,6 +108,4 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ ENV LANG "en_US.UTF-8" ENV ABI "mips-linux-gnu" -ENV CONFIGURE_OPTS "--host=mips-linux-gnu \ - --target=mips-linux-gnu" -ENV PKG_CONFIG_LIBDIR "/usr/lib/mips-linux-gnu/pkgconfig" +ENV CONFIGURE_OPTS "--host=mips-linux-gnu" diff --git a/buildenv-libvirt-debian-10-cross-mips64el.zip b/buildenv-libvirt-debian-10-cross-mips64el.zip index 14e5cec..c900d7a 100644 --- a/buildenv-libvirt-debian-10-cross-mips64el.zip +++ b/buildenv-libvirt-debian-10-cross-mips64el.zip @@ -64,6 +64,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ dpkg --add-architecture mips64el && \ apt-get update && \ apt-get dist-upgrade -y && \ + apt-get install --no-install-recommends -y dpkg-dev && \ apt-get install --no-install-recommends -y \ gcc-mips64el-linux-gnuabi64 \ libacl1-dev:mips64el \ @@ -107,6 +108,4 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ ENV LANG "en_US.UTF-8" ENV ABI "mips64el-linux-gnuabi64" -ENV CONFIGURE_OPTS "--host=mips64el-linux-gnuabi64 \ - --target=mips64el-linux-gnuabi64" -ENV PKG_CONFIG_LIBDIR "/usr/lib/mips64el-linux-gnuabi64/pkgconfig" +ENV CONFIGURE_OPTS "--host=mips64el-linux-gnuabi64" diff --git a/buildenv-libvirt-debian-10-cross-mipsel.zip b/buildenv-libvirt-debian-10-cross-mipsel.zip index 4d666fc..ae436b6 100644 --- a/buildenv-libvirt-debian-10-cross-mipsel.zip +++ b/buildenv-libvirt-debian-10-cross-mipsel.zip @@ -64,6 +64,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ dpkg --add-architecture mipsel && \ apt-get update && \ apt-get dist-upgrade -y && \ + apt-get install --no-install-recommends -y dpkg-dev && \ apt-get install --no-install-recommends -y \ gcc-mipsel-linux-gnu \ libacl1-dev:mipsel \ @@ -107,6 +108,4 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ ENV LANG "en_US.UTF-8" ENV ABI "mipsel-linux-gnu" -ENV CONFIGURE_OPTS "--host=mipsel-linux-gnu \ - --target=mipsel-linux-gnu" -ENV PKG_CONFIG_LIBDIR "/usr/lib/mipsel-linux-gnu/pkgconfig" +ENV CONFIGURE_OPTS "--host=mipsel-linux-gnu" diff --git a/buildenv-libvirt-debian-10-cross-ppc64le.zip b/buildenv-libvirt-debian-10-cross-ppc64le.zip index 03ff6a3..475681a 100644 --- a/buildenv-libvirt-debian-10-cross-ppc64le.zip +++ b/buildenv-libvirt-debian-10-cross-ppc64le.zip @@ -64,6 +64,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ dpkg --add-architecture ppc64el && \ apt-get update && \ apt-get dist-upgrade -y && \ + apt-get install --no-install-recommends -y dpkg-dev && \ apt-get install --no-install-recommends -y \ gcc-powerpc64le-linux-gnu \ libacl1-dev:ppc64el \ @@ -107,6 +108,4 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ ENV LANG "en_US.UTF-8" ENV ABI "powerpc64le-linux-gnu" -ENV CONFIGURE_OPTS "--host=powerpc64le-linux-gnu \ - --target=powerpc64le-linux-gnu" -ENV PKG_CONFIG_LIBDIR "/usr/lib/powerpc64le-linux-gnu/pkgconfig" +ENV CONFIGURE_OPTS "--host=powerpc64le-linux-gnu" diff --git a/buildenv-libvirt-debian-10-cross-s390x.zip b/buildenv-libvirt-debian-10-cross-s390x.zip index c64bc88..6e88d47 100644 --- a/buildenv-libvirt-debian-10-cross-s390x.zip +++ b/buildenv-libvirt-debian-10-cross-s390x.zip @@ -64,6 +64,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ dpkg --add-architecture s390x && \ apt-get update && \ apt-get dist-upgrade -y && \ + apt-get install --no-install-recommends -y dpkg-dev && \ apt-get install --no-install-recommends -y \ gcc-s390x-linux-gnu \ libacl1-dev:s390x \ @@ -107,6 +108,4 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ ENV LANG "en_US.UTF-8" ENV ABI "s390x-linux-gnu" -ENV CONFIGURE_OPTS "--host=s390x-linux-gnu \ - --target=s390x-linux-gnu" -ENV PKG_CONFIG_LIBDIR "/usr/lib/s390x-linux-gnu/pkgconfig" +ENV CONFIGURE_OPTS "--host=s390x-linux-gnu" diff --git a/buildenv-libvirt-debian-9-cross-aarch64.zip b/buildenv-libvirt-debian-9-cross-aarch64.zip index ba2709a..37752fc 100644 --- a/buildenv-libvirt-debian-9-cross-aarch64.zip +++ b/buildenv-libvirt-debian-9-cross-aarch64.zip @@ -65,6 +65,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ dpkg --add-architecture arm64 && \ apt-get update && \ apt-get dist-upgrade -y && \ + apt-get install --no-install-recommends -y dpkg-dev && \ apt-get install --no-install-recommends -y \ gcc-aarch64-linux-gnu \ glusterfs-common:arm64 \ @@ -112,6 +113,4 @@ RUN pip3 install \ ENV LANG "en_US.UTF-8" ENV ABI "aarch64-linux-gnu" -ENV CONFIGURE_OPTS "--host=aarch64-linux-gnu \ - --target=aarch64-linux-gnu" -ENV PKG_CONFIG_LIBDIR "/usr/lib/aarch64-linux-gnu/pkgconfig" +ENV CONFIGURE_OPTS "--host=aarch64-linux-gnu" diff --git a/buildenv-libvirt-debian-9-cross-armv6l.zip b/buildenv-libvirt-debian-9-cross-armv6l.zip index d5f8f13..66c50ae 100644 --- a/buildenv-libvirt-debian-9-cross-armv6l.zip +++ b/buildenv-libvirt-debian-9-cross-armv6l.zip @@ -65,6 +65,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ dpkg --add-architecture armel && \ apt-get update && \ apt-get dist-upgrade -y && \ + apt-get install --no-install-recommends -y dpkg-dev && \ apt-get install --no-install-recommends -y \ gcc-arm-linux-gnueabi \ glusterfs-common:armel \ @@ -110,6 +111,4 @@ RUN pip3 install \ ENV LANG "en_US.UTF-8" ENV ABI "arm-linux-gnueabi" -ENV CONFIGURE_OPTS "--host=arm-linux-gnueabi \ - --target=arm-linux-gnueabi" -ENV PKG_CONFIG_LIBDIR "/usr/lib/arm-linux-gnueabi/pkgconfig" +ENV CONFIGURE_OPTS "--host=arm-linux-gnueabi" diff --git a/buildenv-libvirt-debian-9-cross-armv7l.zip b/buildenv-libvirt-debian-9-cross-armv7l.zip index 995d558..8102db9 100644 --- a/buildenv-libvirt-debian-9-cross-armv7l.zip +++ b/buildenv-libvirt-debian-9-cross-armv7l.zip @@ -65,6 +65,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ dpkg --add-architecture armhf && \ apt-get update && \ apt-get dist-upgrade -y && \ + apt-get install --no-install-recommends -y dpkg-dev && \ apt-get install --no-install-recommends -y \ gcc-arm-linux-gnueabihf \ glusterfs-common:armhf \ @@ -111,6 +112,4 @@ RUN pip3 install \ ENV LANG "en_US.UTF-8" ENV ABI "arm-linux-gnueabihf" -ENV CONFIGURE_OPTS "--host=arm-linux-gnueabihf \ - --target=arm-linux-gnueabihf" -ENV PKG_CONFIG_LIBDIR "/usr/lib/arm-linux-gnueabihf/pkgconfig" +ENV CONFIGURE_OPTS "--host=arm-linux-gnueabihf" diff --git a/buildenv-libvirt-debian-9-cross-mips.zip b/buildenv-libvirt-debian-9-cross-mips.zip index cf69157..739fc5e 100644 --- a/buildenv-libvirt-debian-9-cross-mips.zip +++ b/buildenv-libvirt-debian-9-cross-mips.zip @@ -65,6 +65,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ dpkg --add-architecture mips && \ apt-get update && \ apt-get dist-upgrade -y && \ + apt-get install --no-install-recommends -y dpkg-dev && \ apt-get install --no-install-recommends -y \ gcc-mips-linux-gnu \ glusterfs-common:mips \ @@ -111,6 +112,4 @@ RUN pip3 install \ ENV LANG "en_US.UTF-8" ENV ABI "mips-linux-gnu" -ENV CONFIGURE_OPTS "--host=mips-linux-gnu \ - --target=mips-linux-gnu" -ENV PKG_CONFIG_LIBDIR "/usr/lib/mips-linux-gnu/pkgconfig" +ENV CONFIGURE_OPTS "--host=mips-linux-gnu" diff --git a/buildenv-libvirt-debian-9-cross-mips64el.zip b/buildenv-libvirt-debian-9-cross-mips64el.zip index 7f5b029..3d38e7c 100644 --- a/buildenv-libvirt-debian-9-cross-mips64el.zip +++ b/buildenv-libvirt-debian-9-cross-mips64el.zip @@ -65,6 +65,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ dpkg --add-architecture mips64el && \ apt-get update && \ apt-get dist-upgrade -y && \ + apt-get install --no-install-recommends -y dpkg-dev && \ apt-get install --no-install-recommends -y \ gcc-mips64el-linux-gnuabi64 \ glusterfs-common:mips64el \ @@ -111,6 +112,4 @@ RUN pip3 install \ ENV LANG "en_US.UTF-8" ENV ABI "mips64el-linux-gnuabi64" -ENV CONFIGURE_OPTS "--host=mips64el-linux-gnuabi64 \ - --target=mips64el-linux-gnuabi64" -ENV PKG_CONFIG_LIBDIR "/usr/lib/mips64el-linux-gnuabi64/pkgconfig" +ENV CONFIGURE_OPTS "--host=mips64el-linux-gnuabi64" diff --git a/buildenv-libvirt-debian-9-cross-mipsel.zip b/buildenv-libvirt-debian-9-cross-mipsel.zip index 300eaed..d8af5f5 100644 --- a/buildenv-libvirt-debian-9-cross-mipsel.zip +++ b/buildenv-libvirt-debian-9-cross-mipsel.zip @@ -65,6 +65,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ dpkg --add-architecture mipsel && \ apt-get update && \ apt-get dist-upgrade -y && \ + apt-get install --no-install-recommends -y dpkg-dev && \ apt-get install --no-install-recommends -y \ gcc-mipsel-linux-gnu \ glusterfs-common:mipsel \ @@ -111,6 +112,4 @@ RUN pip3 install \ ENV LANG "en_US.UTF-8" ENV ABI "mipsel-linux-gnu" -ENV CONFIGURE_OPTS "--host=mipsel-linux-gnu \ - --target=mipsel-linux-gnu" -ENV PKG_CONFIG_LIBDIR "/usr/lib/mipsel-linux-gnu/pkgconfig" +ENV CONFIGURE_OPTS "--host=mipsel-linux-gnu" diff --git a/buildenv-libvirt-debian-9-cross-ppc64le.zip b/buildenv-libvirt-debian-9-cross-ppc64le.zip index d889960..b53581c 100644 --- a/buildenv-libvirt-debian-9-cross-ppc64le.zip +++ b/buildenv-libvirt-debian-9-cross-ppc64le.zip @@ -65,6 +65,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ dpkg --add-architecture ppc64el && \ apt-get update && \ apt-get dist-upgrade -y && \ + apt-get install --no-install-recommends -y dpkg-dev && \ apt-get install --no-install-recommends -y \ gcc-powerpc64le-linux-gnu \ glusterfs-common:ppc64el \ @@ -111,6 +112,4 @@ RUN pip3 install \ ENV LANG "en_US.UTF-8" ENV ABI "powerpc64le-linux-gnu" -ENV CONFIGURE_OPTS "--host=powerpc64le-linux-gnu \ - --target=powerpc64le-linux-gnu" -ENV PKG_CONFIG_LIBDIR "/usr/lib/powerpc64le-linux-gnu/pkgconfig" +ENV CONFIGURE_OPTS "--host=powerpc64le-linux-gnu" diff --git a/buildenv-libvirt-debian-9-cross-s390x.zip b/buildenv-libvirt-debian-9-cross-s390x.zip index 0c80277..2c9273f 100644 --- a/buildenv-libvirt-debian-9-cross-s390x.zip +++ b/buildenv-libvirt-debian-9-cross-s390x.zip @@ -65,6 +65,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ dpkg --add-architecture s390x && \ apt-get update && \ apt-get dist-upgrade -y && \ + apt-get install --no-install-recommends -y dpkg-dev && \ apt-get install --no-install-recommends -y \ gcc-s390x-linux-gnu \ glusterfs-common:s390x \ @@ -111,6 +112,4 @@ RUN pip3 install \ ENV LANG "en_US.UTF-8" ENV ABI "s390x-linux-gnu" -ENV CONFIGURE_OPTS "--host=s390x-linux-gnu \ - --target=s390x-linux-gnu" -ENV PKG_CONFIG_LIBDIR "/usr/lib/s390x-linux-gnu/pkgconfig" +ENV CONFIGURE_OPTS "--host=s390x-linux-gnu" diff --git a/buildenv-libvirt-debian-sid-cross-aarch64.zip b/buildenv-libvirt-debian-sid-cross-aarch64.zip index b1c152a..79262a1 100644 --- a/buildenv-libvirt-debian-sid-cross-aarch64.zip +++ b/buildenv-libvirt-debian-sid-cross-aarch64.zip @@ -64,6 +64,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ dpkg --add-architecture arm64 && \ apt-get update && \ apt-get dist-upgrade -y && \ + apt-get install --no-install-recommends -y dpkg-dev && \ apt-get install --no-install-recommends -y \ gcc-aarch64-linux-gnu \ libacl1-dev:arm64 \ @@ -108,6 +109,4 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ ENV LANG "en_US.UTF-8" ENV ABI "aarch64-linux-gnu" -ENV CONFIGURE_OPTS "--host=aarch64-linux-gnu \ - --target=aarch64-linux-gnu" -ENV PKG_CONFIG_LIBDIR "/usr/lib/aarch64-linux-gnu/pkgconfig" +ENV CONFIGURE_OPTS "--host=aarch64-linux-gnu" diff --git a/buildenv-libvirt-debian-sid-cross-armv6l.zip b/buildenv-libvirt-debian-sid-cross-armv6l.zip index 92921d9..682334f 100644 --- a/buildenv-libvirt-debian-sid-cross-armv6l.zip +++ b/buildenv-libvirt-debian-sid-cross-armv6l.zip @@ -64,6 +64,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ dpkg --add-architecture armel && \ apt-get update && \ apt-get dist-upgrade -y && \ + apt-get install --no-install-recommends -y dpkg-dev && \ apt-get install --no-install-recommends -y \ gcc-arm-linux-gnueabi \ libacl1-dev:armel \ @@ -106,6 +107,4 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ ENV LANG "en_US.UTF-8" ENV ABI "arm-linux-gnueabi" -ENV CONFIGURE_OPTS "--host=arm-linux-gnueabi \ - --target=arm-linux-gnueabi" -ENV PKG_CONFIG_LIBDIR "/usr/lib/arm-linux-gnueabi/pkgconfig" +ENV CONFIGURE_OPTS "--host=arm-linux-gnueabi" diff --git a/buildenv-libvirt-debian-sid-cross-armv7l.zip b/buildenv-libvirt-debian-sid-cross-armv7l.zip index 2929d4a..529676e 100644 --- a/buildenv-libvirt-debian-sid-cross-armv7l.zip +++ b/buildenv-libvirt-debian-sid-cross-armv7l.zip @@ -64,6 +64,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ dpkg --add-architecture armhf && \ apt-get update && \ apt-get dist-upgrade -y && \ + apt-get install --no-install-recommends -y dpkg-dev && \ apt-get install --no-install-recommends -y \ gcc-arm-linux-gnueabihf \ libacl1-dev:armhf \ @@ -107,6 +108,4 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ ENV LANG "en_US.UTF-8" ENV ABI "arm-linux-gnueabihf" -ENV CONFIGURE_OPTS "--host=arm-linux-gnueabihf \ - --target=arm-linux-gnueabihf" -ENV PKG_CONFIG_LIBDIR "/usr/lib/arm-linux-gnueabihf/pkgconfig" +ENV CONFIGURE_OPTS "--host=arm-linux-gnueabihf" diff --git a/buildenv-libvirt-debian-sid-cross-i686.zip b/buildenv-libvirt-debian-sid-cross-i686.zip index 67d620d..46abb22 100644 --- a/buildenv-libvirt-debian-sid-cross-i686.zip +++ b/buildenv-libvirt-debian-sid-cross-i686.zip @@ -64,6 +64,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ dpkg --add-architecture i386 && \ apt-get update && \ apt-get dist-upgrade -y && \ + apt-get install --no-install-recommends -y dpkg-dev && \ apt-get install --no-install-recommends -y \ gcc-i686-linux-gnu \ libacl1-dev:i386 \ @@ -107,6 +108,4 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ ENV LANG "en_US.UTF-8" ENV ABI "i686-linux-gnu" -ENV CONFIGURE_OPTS "--host=i686-linux-gnu \ - --target=i686-linux-gnu" -ENV PKG_CONFIG_LIBDIR "/usr/lib/i386-linux-gnu/pkgconfig" +ENV CONFIGURE_OPTS "--host=i686-linux-gnu" diff --git a/buildenv-libvirt-debian-sid-cross-mips64el.zip b/buildenv-libvirt-debian-sid-cross-mips64el.zip index 3aa0305..799c6f1 100644 --- a/buildenv-libvirt-debian-sid-cross-mips64el.zip +++ b/buildenv-libvirt-debian-sid-cross-mips64el.zip @@ -64,6 +64,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ dpkg --add-architecture mips64el && \ apt-get update && \ apt-get dist-upgrade -y && \ + apt-get install --no-install-recommends -y dpkg-dev && \ apt-get install --no-install-recommends -y \ gcc-mips64el-linux-gnuabi64 \ libacl1-dev:mips64el \ @@ -107,6 +108,4 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ ENV LANG "en_US.UTF-8" ENV ABI "mips64el-linux-gnuabi64" -ENV CONFIGURE_OPTS "--host=mips64el-linux-gnuabi64 \ - --target=mips64el-linux-gnuabi64" -ENV PKG_CONFIG_LIBDIR "/usr/lib/mips64el-linux-gnuabi64/pkgconfig" +ENV CONFIGURE_OPTS "--host=mips64el-linux-gnuabi64" diff --git a/buildenv-libvirt-debian-sid-cross-mipsel.zip b/buildenv-libvirt-debian-sid-cross-mipsel.zip index 815772b..2cfbe46 100644 --- a/buildenv-libvirt-debian-sid-cross-mipsel.zip +++ b/buildenv-libvirt-debian-sid-cross-mipsel.zip @@ -64,6 +64,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ dpkg --add-architecture mipsel && \ apt-get update && \ apt-get dist-upgrade -y && \ + apt-get install --no-install-recommends -y dpkg-dev && \ apt-get install --no-install-recommends -y \ gcc-mipsel-linux-gnu \ libacl1-dev:mipsel \ @@ -106,6 +107,4 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ ENV LANG "en_US.UTF-8" ENV ABI "mipsel-linux-gnu" -ENV CONFIGURE_OPTS "--host=mipsel-linux-gnu \ - --target=mipsel-linux-gnu" -ENV PKG_CONFIG_LIBDIR "/usr/lib/mipsel-linux-gnu/pkgconfig" +ENV CONFIGURE_OPTS "--host=mipsel-linux-gnu" diff --git a/buildenv-libvirt-debian-sid-cross-ppc64le.zip b/buildenv-libvirt-debian-sid-cross-ppc64le.zip index 28f0a94..da70b99 100644 --- a/buildenv-libvirt-debian-sid-cross-ppc64le.zip +++ b/buildenv-libvirt-debian-sid-cross-ppc64le.zip @@ -64,6 +64,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ dpkg --add-architecture ppc64el && \ apt-get update && \ apt-get dist-upgrade -y && \ + apt-get install --no-install-recommends -y dpkg-dev && \ apt-get install --no-install-recommends -y \ gcc-powerpc64le-linux-gnu \ libacl1-dev:ppc64el \ @@ -107,6 +108,4 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ ENV LANG "en_US.UTF-8" ENV ABI "powerpc64le-linux-gnu" -ENV CONFIGURE_OPTS "--host=powerpc64le-linux-gnu \ - --target=powerpc64le-linux-gnu" -ENV PKG_CONFIG_LIBDIR "/usr/lib/powerpc64le-linux-gnu/pkgconfig" +ENV CONFIGURE_OPTS "--host=powerpc64le-linux-gnu" diff --git a/buildenv-libvirt-debian-sid-cross-s390x.zip b/buildenv-libvirt-debian-sid-cross-s390x.zip index 7ef7862..d5b1174 100644 --- a/buildenv-libvirt-debian-sid-cross-s390x.zip +++ b/buildenv-libvirt-debian-sid-cross-s390x.zip @@ -64,6 +64,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ dpkg --add-architecture s390x && \ apt-get update && \ apt-get dist-upgrade -y && \ + apt-get install --no-install-recommends -y dpkg-dev && \ apt-get install --no-install-recommends -y \ gcc-s390x-linux-gnu \ libacl1-dev:s390x \ @@ -107,6 +108,4 @@ RUN export DEBIAN_FRONTEND=noninteractive && \ ENV LANG "en_US.UTF-8" ENV ABI "s390x-linux-gnu" -ENV CONFIGURE_OPTS "--host=s390x-linux-gnu \ - --target=s390x-linux-gnu" -ENV PKG_CONFIG_LIBDIR "/usr/lib/s390x-linux-gnu/pkgconfig" +ENV CONFIGURE_OPTS "--host=s390x-linux-gnu" diff --git a/buildenv-libvirt-fedora-30-cross-mingw32.zip b/buildenv-libvirt-fedora-30-cross-mingw32.zip index b933ad3..df8f7a7 100644 --- a/buildenv-libvirt-fedora-30-cross-mingw32.zip +++ b/buildenv-libvirt-fedora-30-cross-mingw32.zip @@ -115,6 +115,4 @@ RUN dnf install -y \ ENV LANG "en_US.UTF-8" ENV ABI "i686-w64-mingw32" -ENV CONFIGURE_OPTS "--host=i686-w64-mingw32 \ - --target=i686-w64-mingw32" -ENV PKG_CONFIG_LIBDIR "/usr/i686-w64-mingw32/sys-root/mingw/lib/pkgconfig:/usr/i686-w64-mingw32/sys-root/mingw/share/pkgconfig" +ENV CONFIGURE_OPTS "--host=i686-w64-mingw32" diff --git a/buildenv-libvirt-fedora-30-cross-mingw64.zip b/buildenv-libvirt-fedora-30-cross-mingw64.zip index 13ebb52..d2b79b8 100644 --- a/buildenv-libvirt-fedora-30-cross-mingw64.zip +++ b/buildenv-libvirt-fedora-30-cross-mingw64.zip @@ -115,6 +115,4 @@ RUN dnf install -y \ ENV LANG "en_US.UTF-8" ENV ABI "x86_64-w64-mingw32" -ENV CONFIGURE_OPTS "--host=x86_64-w64-mingw32 \ - --target=x86_64-w64-mingw32" -ENV PKG_CONFIG_LIBDIR "/usr/x86_64-w64-mingw32/sys-root/mingw/lib/pkgconfig:/usr/x86_64-w64-mingw32/sys-root/mingw/share/pkgconfig" +ENV CONFIGURE_OPTS "--host=x86_64-w64-mingw32" -- 2.24.1

1 0

[PATCH v2 0/3] Re-think stance towards image format probing
by Peter Krempa 25 Feb '20

25 Feb '20

We decided that use of qemu-img would not be possible for this case. I'm thus re-sending the patch with fixes to docs and the ISO image format probe. This approach is the simplest and most straightforward and deals with most cases. Specifically we don't have to fix half of blockjob code by doing this as opposed if we wanted to have qemu open the image itself by looking into the overlay's metadata. Peter Krempa (3): qemu: domain: Convert detected 'iso' image format into 'raw' virStorageFileGetMetadataRecurse: Allow format probing under special circumstances kbase: backing_chains: Clarify some aspects of image probing docs/kbase/backing_chains.rst | 16 +++++++++-- src/qemu/qemu_domain.c | 4 +++ src/util/virstoragefile.c | 52 ++++++++++++++++++++--------------- 3 files changed, 48 insertions(+), 24 deletions(-) -- 2.24.1

2 6

[libvirt-jenkins-ci PATCH 0/4] Fixes and improvements to cross-build environments
by Andrea Bolognani 25 Feb '20

25 Feb '20

The first two commits are necessary to build container images that can successfully be used in libosinfo's GitLab CI setup, which is currently not performing MinGW builds because of the issues they address. Andrea Bolognani (4): lcitool: Install dpkg-dev when doing cross-builds on Debian Don't set $PKG_CONFIG_LIBDIR anywhere lcitool: Drop duplicated code lcitool: Don't specify --target in $CONFIGURE_OPTS guests/lcitool | 15 +++------------ guests/playbooks/build/jobs/defaults.yml | 2 -- jenkins/jobs/defaults.yaml | 2 -- 3 files changed, 3 insertions(+), 16 deletions(-) -- 2.24.1

2 5

[PATCH 0/9] Re-think the stance towards image format probing
by Peter Krempa 25 Feb '20

25 Feb '20

Few recent changes broke wrong, but apparently widely used configurations as used didn't really record the image format into the image. It turns out we can safely probe the image format in few limited circumstances which on the other hand should fix the majority of the problems. Please see patch 8/9 for further explanation. Peter Krempa (9): util: storagefile: Drop image format probing by file suffix virStorageFileGetMetadataRecurse: Remove impossible error report virStorageFileGetMetadataRecurse: Shuffle around assignment of backing chain depth virStorageFileGetMetadataRecurse: Expect NULL src->path virStorageFileGetMetadataRecurse: Use virHashHasEntry instead of fake pointers virStorageFileGetMetadataRecurse: Extract storage access virStorageFileGetMetadataRecurse: Remove 'cleanup' label virStorageFileGetMetadataRecurse: Allow format probing under special circumstances WIP: Add tool for probing images src/util/virstoragefile.c | 231 ++++++++++++++++++-------------------- tests/Makefile.am | 13 ++- tests/qemublockprobe.c | 130 +++++++++++++++++++++ 3 files changed, 251 insertions(+), 123 deletions(-) create mode 100644 tests/qemublockprobe.c -- 2.24.1

3 31

[PATCH] network: bridge_driver: Use new helpers for storing libvirt errors
by Gaurav Agrawal 25 Feb '20

25 Feb '20

From: GAURAV AGRAWAL <agrawalgaurav(a)gnome.org> Signed-off-by: Gaurav Agrawal <agrawalgaurav(a)gnome.org> --- src/network/bridge_driver_linux.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_linux.c index 7bbde5c6a9..ac92d884b9 100644 --- a/src/network/bridge_driver_linux.c +++ b/src/network/bridge_driver_linux.c @@ -22,6 +22,7 @@ #include <config.h> #include "viralloc.h" +#include "virerror.h" #include "virfile.h" #include "viriptables.h" #include "virstring.h" @@ -53,7 +54,7 @@ static void networkSetupPrivateChains(void) if (rc < 0) { VIR_DEBUG("Failed to create global IPv4 chains: %s", virGetLastErrorMessage()); - errInitV4 = virSaveLastError(); + virErrorPreserveLast(&errInitV4); virResetLastError(); } else { virFreeError(errInitV4); @@ -70,7 +71,7 @@ static void networkSetupPrivateChains(void) if (rc < 0) { VIR_DEBUG("Failed to create global IPv6 chains: %s", virGetLastErrorMessage()); - errInitV6 = virSaveLastError(); + virErrorPreserveLast(&errInitV6); virResetLastError(); } else { virFreeError(errInitV6); @@ -790,7 +791,7 @@ int networkAddFirewallRules(virNetworkDefPtr def) if (errInitV4 && (virNetworkDefGetIPByIndex(def, AF_INET, 0) || virNetworkDefGetRouteByIndex(def, AF_INET, 0))) { - virSetError(errInitV4); + virErrorRestore(&errInitV4); return -1; } @@ -798,7 +799,7 @@ int networkAddFirewallRules(virNetworkDefPtr def) (virNetworkDefGetIPByIndex(def, AF_INET6, 0) || virNetworkDefGetRouteByIndex(def, AF_INET6, 0) || def->ipv6nogw)) { - virSetError(errInitV6); + virErrorRestore(&errInitV6); return -1; } -- 2.24.1

1 0

[libvirt PATCH] src: add virutil.h to more source files for geteuid() compat
by Daniel P. Berrangé 25 Feb '20

25 Feb '20

The virutil.h header defines a geteuid() macro for Windows platforms. This fixes a few missed cases from: commit b11e8cccdd5163727fd4cecda0076ac2b63fe32d Author: Ján Tomko <jtomko(a)redhat.com> Date: Sun Feb 16 23:09:15 2020 +0100 Remove virutil.h from all header files Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- Pushed to fix Windows build src/admin/admin_server_dispatch.c | 1 + src/driver.c | 1 + src/util/virnetdevbandwidth.c | 1 + src/util/virstoragefile.c | 1 + tests/virlockspacetest.c | 1 + 5 files changed, 5 insertions(+) diff --git a/src/admin/admin_server_dispatch.c b/src/admin/admin_server_dispatch.c index 485f7d967c..7b3bd697f3 100644 --- a/src/admin/admin_server_dispatch.c +++ b/src/admin/admin_server_dispatch.c @@ -34,6 +34,7 @@ #include "virstring.h" #include "virthreadjob.h" #include "virtypedparam.h" +#include "virutil.h" #define VIR_FROM_THIS VIR_FROM_ADMIN diff --git a/src/driver.c b/src/driver.c index 2392fd7d5f..a2047beaef 100644 --- a/src/driver.c +++ b/src/driver.c @@ -31,6 +31,7 @@ #include "virmodule.h" #include "virstring.h" #include "virthread.h" +#include "virutil.h" #include "configmake.h" VIR_LOG_INIT("driver"); diff --git a/src/util/virnetdevbandwidth.c b/src/util/virnetdevbandwidth.c index d00ef57606..5fd7186760 100644 --- a/src/util/virnetdevbandwidth.c +++ b/src/util/virnetdevbandwidth.c @@ -24,6 +24,7 @@ #include "viralloc.h" #include "virerror.h" #include "virstring.h" +#include "virutil.h" #define VIR_FROM_THIS VIR_FROM_NONE diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c index 831ce30d4d..d75d2a689a 100644 --- a/src/util/virstoragefile.c +++ b/src/util/virstoragefile.c @@ -39,6 +39,7 @@ #include "virjson.h" #include "virstorageencryption.h" #include "virsecret.h" +#include "virutil.h" #define VIR_FROM_THIS VIR_FROM_STORAGE diff --git a/tests/virlockspacetest.c b/tests/virlockspacetest.c index 1f156ba3d6..82aef8bc2b 100644 --- a/tests/virlockspacetest.c +++ b/tests/virlockspacetest.c @@ -27,6 +27,7 @@ #include "viralloc.h" #include "virfile.h" #include "virlog.h" +#include "virutil.h" #include "virlockspace.h" -- 2.24.1

1 0

[PATCH 0/3] security: Don't fail if locking a file on NFS mount fails
by Michal Privoznik 25 Feb '20

25 Feb '20

*** BLURB HERE *** Michal Prívozník (3): virSecurityManagerMetadataLock: Store locked paths security: Don't remember seclabel for paths we haven't locked successfully security: Don't fail if locking a file on NFS mount fails src/security/security_dac.c | 14 ++++++++++++++ src/security/security_manager.c | 29 ++++++++++++++++++----------- src/security/security_manager.h | 6 ++++++ src/security/security_selinux.c | 14 ++++++++++++++ 4 files changed, 52 insertions(+), 11 deletions(-) -- 2.24.1

2 4

[libvirt PATCH] node_device: hal: include virutil.h
by Ján Tomko 25 Feb '20

25 Feb '20

Signed-off-by: Ján Tomko <jtomko(a)redhat.com> Fixes: b11e8cccdd5163727fd4cecda0076ac2b63fe32d --- Pushed as a build fix. Also re-ran configure on my FreeBSD guest to pick up HAL. src/node_device/node_device_hal.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/node_device/node_device_hal.c b/src/node_device/node_device_hal.c index c3ca310bb7..a48b4ffcd1 100644 --- a/src/node_device/node_device_hal.c +++ b/src/node_device/node_device_hal.c @@ -38,6 +38,7 @@ #include "virlog.h" #include "virdbus.h" #include "virstring.h" +#include "virutil.h" #include "configmake.h" -- 2.24.1

1 0

[libvirt PATCH 0/7] tests: libxl: clean up test mocking
by Ján Tomko 24 Feb '20

24 Feb '20

Refactor libxlDriverConfigNew to remove the need for mocking virFilePath and add libxlDomainGetEmulatorType to the mock to remove the need to invoke a binary for nearly every domain we parse Ján Tomko (7): testutilsxen: error out on initialization failure libxl: conf: move default keepalive settings to libxlDriverConfigNew libxl: StateInitialize: use g_autofree libxl: split out DriverConfigInit out of DriverConfigNew libxl: do not mock virFileMakePath tests: link the libxl tests with libxltestdriver.la tests: libxl: do not run the emulator src/libxl/libxl_capabilities.h | 3 +- src/libxl/libxl_conf.c | 85 ++++++++++++++++++---------------- src/libxl/libxl_conf.h | 2 + src/libxl/libxl_driver.c | 7 +-- tests/Makefile.am | 9 ++-- tests/libxlmock.c | 18 +++---- tests/testutilsxen.c | 9 +++- 7 files changed, 75 insertions(+), 58 deletions(-) -- 2.24.1

2 9

[PATCH] build: stop running aclocal manually
by Daniel P. Berrangé 24 Feb '20

24 Feb '20

The autoreconf script will already run aclocal for us, so there's no need todo that ahead of time. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- autogen.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/autogen.sh b/autogen.sh index 671dd63eb6..4e1bbceb0a 100755 --- a/autogen.sh +++ b/autogen.sh @@ -15,7 +15,6 @@ cd "$srcdir" git submodule update --init || exit 1 -aclocal --install || exit 1 autoreconf --verbose --force --install || exit 1 if test "x$1" = "x--system"; then -- 2.24.1

2 1

[libvirt PATCH] bhyve: utils: use relative path for virclosecallbacks.h
by Ján Tomko 24 Feb '20

24 Feb '20

When moving virclosecallbacks to src/hypervisor, I did not adjust all the possible includes in Makefiles. Use a path relative to src to fix the build. Signed-off-by: Ján Tomko <jtomko(a)redhat.com> Fixes: 25c29ac2f5842a7d48d9f9619317f68acf5d9995 --- Pushed as a build fix. src/bhyve/bhyve_utils.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/bhyve/bhyve_utils.h b/src/bhyve/bhyve_utils.h index 8dda6062b5..f3e80b6121 100644 --- a/src/bhyve/bhyve_utils.h +++ b/src/bhyve/bhyve_utils.h @@ -26,7 +26,7 @@ #include "configmake.h" #include "virdomainobjlist.h" #include "virthread.h" -#include "virclosecallbacks.h" +#include "hypervisor/virclosecallbacks.h" #include "virportallocator.h" #define BHYVE_AUTOSTART_DIR SYSCONFDIR "/libvirt/bhyve/autostart" -- 2.24.1

1 0

[libvirt PATCH 0/8] Reduce usage of virutil.h (include epistles)
by Ján Tomko 24 Feb '20

24 Feb '20

2 9

[PATCH v1 00/12] Bhyve driver improvements
by Ryan Moeller 24 Feb '20

24 Feb '20

Rebased and updated from previous patch set to address feedback: * Tried to match local convention for subjects where obvious * Split patch 01 into two patches, with updated messages * Use g_autofree to fix use after free in conf/virnetworkobj * Add missing newline in one of the tests args files * Fix failing schema tests after schema change gmake check now reports no failing tests on FreeBSD for each patch. Ryan Moeller (12): bhyve: process: remove unneeded header conf: fix use after free bhyve: process: don't bother seeking to end of log bhyve: monitor: Make bhyveMonitor a virClass bhyve: monitor: refactor register/unregister bhyve: add hooks bhyve: add reboot support bhyve: command: refactor virBhyveProcessBuildBhyveCmd bhyve: parse_command: slot,bus,func -> bus,slot,func add hostdev handling for bhyve bhyve: command: enable booting from hostdevs Allow PCI functions up to 255 for PCI ARI docs/schemas/basictypes.rng | 10 +- docs/schemas/domaincommon.rng | 30 +++ src/bhyve/bhyve_capabilities.c | 14 + src/bhyve/bhyve_capabilities.h | 1 + src/bhyve/bhyve_command.c | 241 ++++++++++++++---- src/bhyve/bhyve_driver.c | 30 +++ src/bhyve/bhyve_monitor.c | 157 ++++++++---- src/bhyve/bhyve_monitor.h | 2 + src/bhyve/bhyve_parse_command.c | 124 +++++++-- src/bhyve/bhyve_process.c | 83 ++++-- src/bhyve/bhyve_process.h | 3 + src/conf/domain_audit.c | 5 + src/conf/domain_conf.c | 131 ++++++++++ src/conf/domain_conf.h | 29 ++- src/conf/virconftypes.h | 3 + src/conf/virnetworkobj.c | 5 +- src/qemu/qemu_command.c | 2 + src/qemu/qemu_domain.c | 5 + src/qemu/qemu_hostdev.c | 1 + src/qemu/qemu_hotplug.c | 2 + src/qemu/qemu_migration.c | 1 + src/security/security_apparmor.c | 1 + src/security/security_dac.c | 28 ++ src/security/security_selinux.c | 8 + src/util/virhook.c | 15 ++ src/util/virhook.h | 11 + src/util/virpci.c | 4 +- .../bhyveargv2xml-passthru.args | 8 + .../bhyveargv2xml-passthru.xml | 26 ++ .../bhyveargv2xml-virtio-scsi.args | 9 + .../bhyveargv2xml-virtio-scsi.xml | 20 ++ tests/bhyveargv2xmltest.c | 2 + .../bhyvexml2argv-passthru.args | 11 + .../bhyvexml2argv-passthru.ldargs | 1 + .../bhyvexml2argv-passthru.xml | 22 ++ .../bhyvexml2argv-virtio-scsi.args | 9 + .../bhyvexml2argv-virtio-scsi.ldargs | 1 + .../bhyvexml2argv-virtio-scsi.xml | 21 ++ tests/bhyvexml2argvtest.c | 4 +- .../bhyvexml2xmlout-passthru.xml | 29 +++ .../bhyvexml2xmlout-virtio-scsi.xml | 23 ++ tests/bhyvexml2xmltest.c | 2 + .../qemuxml2argvdata/pci-function-invalid.xml | 2 +- 43 files changed, 983 insertions(+), 153 deletions(-) create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-passthru.args create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-passthru.xml create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-virtio-scsi.args create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-virtio-scsi.xml create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-passthru.args create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-passthru.ldargs create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-passthru.xml create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-virtio-scsi.args create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-virtio-scsi.ldargs create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-virtio-scsi.xml create mode 100644 tests/bhyvexml2xmloutdata/bhyvexml2xmlout-passthru.xml create mode 100644 tests/bhyvexml2xmloutdata/bhyvexml2xmlout-virtio-scsi.xml -- 2.24.1

2 27

network: bridge_driver: Use new helpers for storing libvirt errors
by Gaurav Agrawal 24 Feb '20

24 Feb '20

>From c2028d3b27e20eb0d15a553139d2c987325d977e Mon Sep 17 00:00:00 2001 From: Gaurav Agrawal <agrawalgaurav(a)gnome.org> Date: Mon, 24 Feb 2020 22:49:21 +0530 Subject: [PATCH] network: bridge_driver: Use new helpers for storing libvirt errors Signed-off-by: Gaurav Agrawal <agrawalgaurav(a)gnome.org> --- src/network/bridge_driver_linux.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_linux.c index 7bbde5c6a9..fde33b5d38 100644 --- a/src/network/bridge_driver_linux.c +++ b/src/network/bridge_driver_linux.c @@ -22,6 +22,7 @@ #include <config.h> #include "viralloc.h" +#include "virerror.h" #include "virfile.h" #include "viriptables.h" #include "virstring.h" @@ -53,7 +54,7 @@ static void networkSetupPrivateChains(void) if (rc < 0) { VIR_DEBUG("Failed to create global IPv4 chains: %s", virGetLastErrorMessage()); - errInitV4 = virSaveLastError(); + virErrorPreserveLast(&errInitV4); virResetLastError(); } else { virFreeError(errInitV4); @@ -70,7 +71,7 @@ static void networkSetupPrivateChains(void) if (rc < 0) { VIR_DEBUG("Failed to create global IPv6 chains: %s", virGetLastErrorMessage()); - errInitV6 = virSaveLastError(); + virErrorPreserveLast(&errInitV6); virResetLastError(); } else { virFreeError(errInitV6); -- 2.24.1

1 0

[libvirt PATCH 0/3] Remove usage of virHexToBin (glib chronicles)
by Ján Tomko 24 Feb '20

24 Feb '20

Prefer g_ascii_xdigit_value Ján Tomko (3): util: uuid: remove use of virHexToBin Remove all use of virHexToBin util: remove virHexToBin src/libvirt_private.syms | 1 - src/util/virbitmap.c | 3 +-- src/util/virmacaddr.c | 5 ++--- src/util/virutil.c | 15 --------------- src/util/virutil.h | 2 -- src/util/viruuid.c | 11 +++++------ src/vmx/vmx.c | 4 ++-- 7 files changed, 10 insertions(+), 31 deletions(-) -- 2.24.1

3 5

[PATCH 0/3] Tighten qemu-img rules on missing backing format
by Eric Blake 24 Feb '20

24 Feb '20

In the past, we have had CVEs caused by qemu probing one image type when an image started out as another but the guest was able to modify content. The solution to those CVEs was to encode backing format information into qcow2, to ensure that once we make a decision, we don't have to probe any further. However, we failed to enforce this at the time. And now that libvirt is switching to -blockdev, it has come back to bite us: with -block, libvirt had no easy way (other than json:{} pseudoprotocol) to force a backing file, but with -blockdev, libvirt HAS to use blockdev-open on the backing chain and supply a backing format there, and thus has to probe images. If libvirt ever probes differently than qemu, we are back to the potential guest-visible data corruption or potential host CVEs. It's time to deprecate images without backing formats. This patch series does two things: 1. record an implicit backing format where one is learned (although sadly, not all qemu-img commands are able to learn a format), 2. warn to the user any time a probe had ambiguous results or a backing format is omitted from an image. All previous images without a backing format are still usable, but hopefully the warnings (along with libvirt's complaints about images without a backing format) help us pinpoint remaining applications that are creating images on their own without recording a backing format. Perhaps I need to amend patch 3 and/or add a followup patch 4 that adds further iotest coverage of all the new warnings (patch 1 touched all the './check -qcow2' tests that were affected by the new warnings, except for 114 which actually wanted to trigger the warning, if you want to apply the series out of order to see the impact of the warnings). Eric Blake (3): iotests: Specify explicit backing format where sensible block: Add support to warn on backing file change without format qemu-img: Deprecate use of -b without -F block.c | 31 ++++++++++++++++++++--- block/qcow2.c | 2 +- block/stream.c | 2 +- blockdev.c | 3 ++- include/block/block.h | 4 +-- qemu-deprecated.texi | 12 +++++++++ qemu-img.c | 10 ++++++-- tests/qemu-iotests/017 | 2 +- tests/qemu-iotests/017.out | 2 +- tests/qemu-iotests/018 | 2 +- tests/qemu-iotests/018.out | 2 +- tests/qemu-iotests/019 | 5 ++-- tests/qemu-iotests/019.out | 2 +- tests/qemu-iotests/020 | 2 +- tests/qemu-iotests/020.out | 2 +- tests/qemu-iotests/024 | 8 +++--- tests/qemu-iotests/024.out | 5 ++-- tests/qemu-iotests/028 | 4 +-- tests/qemu-iotests/028.out | 2 +- tests/qemu-iotests/030 | 26 +++++++++++++------ tests/qemu-iotests/034 | 2 +- tests/qemu-iotests/034.out | 2 +- tests/qemu-iotests/037 | 2 +- tests/qemu-iotests/037.out | 2 +- tests/qemu-iotests/038 | 2 +- tests/qemu-iotests/038.out | 2 +- tests/qemu-iotests/039 | 3 ++- tests/qemu-iotests/039.out | 2 +- tests/qemu-iotests/040 | 47 +++++++++++++++++++++++++---------- tests/qemu-iotests/041 | 37 ++++++++++++++++++--------- tests/qemu-iotests/042 | 4 +-- tests/qemu-iotests/043 | 18 +++++++------- tests/qemu-iotests/043.out | 16 +++++++----- tests/qemu-iotests/046 | 2 +- tests/qemu-iotests/046.out | 2 +- tests/qemu-iotests/050 | 4 +-- tests/qemu-iotests/050.out | 2 +- tests/qemu-iotests/051 | 2 +- tests/qemu-iotests/051.out | 2 +- tests/qemu-iotests/051.pc.out | 2 +- tests/qemu-iotests/060 | 2 +- tests/qemu-iotests/060.out | 2 +- tests/qemu-iotests/061 | 10 ++++---- tests/qemu-iotests/061.out | 10 ++++---- tests/qemu-iotests/069 | 2 +- tests/qemu-iotests/069.out | 2 +- tests/qemu-iotests/073 | 2 +- tests/qemu-iotests/073.out | 2 +- tests/qemu-iotests/082 | 16 +++++++----- tests/qemu-iotests/082.out | 16 ++++++------ tests/qemu-iotests/085 | 4 +-- tests/qemu-iotests/085.out | 6 ++--- tests/qemu-iotests/089 | 2 +- tests/qemu-iotests/089.out | 2 +- tests/qemu-iotests/095 | 4 +-- tests/qemu-iotests/095.out | 4 +-- tests/qemu-iotests/097 | 4 +-- tests/qemu-iotests/097.out | 16 ++++++------ tests/qemu-iotests/098 | 2 +- tests/qemu-iotests/098.out | 8 +++--- tests/qemu-iotests/110 | 4 +-- tests/qemu-iotests/110.out | 4 +-- tests/qemu-iotests/114 | 4 +-- tests/qemu-iotests/114.out | 1 + tests/qemu-iotests/122 | 27 ++++++++++++-------- tests/qemu-iotests/122.out | 8 +++--- tests/qemu-iotests/126 | 4 +-- tests/qemu-iotests/126.out | 4 +-- tests/qemu-iotests/127 | 4 +-- tests/qemu-iotests/127.out | 4 +-- tests/qemu-iotests/129 | 3 ++- tests/qemu-iotests/133 | 2 +- tests/qemu-iotests/133.out | 2 +- tests/qemu-iotests/139 | 2 +- tests/qemu-iotests/141 | 4 +-- tests/qemu-iotests/141.out | 4 +-- tests/qemu-iotests/142 | 2 +- tests/qemu-iotests/142.out | 2 +- tests/qemu-iotests/153 | 14 +++++------ tests/qemu-iotests/153.out | 35 ++++++++++++++------------ tests/qemu-iotests/154 | 42 +++++++++++++++---------------- tests/qemu-iotests/154.out | 42 +++++++++++++++---------------- tests/qemu-iotests/155 | 12 ++++++--- tests/qemu-iotests/156 | 9 ++++--- tests/qemu-iotests/156.out | 6 ++--- tests/qemu-iotests/158 | 2 +- tests/qemu-iotests/158.out | 2 +- tests/qemu-iotests/161 | 8 +++--- tests/qemu-iotests/161.out | 8 +++--- tests/qemu-iotests/176 | 4 +-- tests/qemu-iotests/176.out | 32 ++++++++++++------------ tests/qemu-iotests/177 | 2 +- tests/qemu-iotests/177.out | 2 +- tests/qemu-iotests/179 | 2 +- tests/qemu-iotests/179.out | 2 +- tests/qemu-iotests/189 | 2 +- tests/qemu-iotests/189.out | 2 +- tests/qemu-iotests/191 | 12 ++++----- tests/qemu-iotests/191.out | 12 ++++----- tests/qemu-iotests/195 | 6 ++--- tests/qemu-iotests/195.out | 6 ++--- tests/qemu-iotests/198 | 2 +- tests/qemu-iotests/198.out | 3 ++- tests/qemu-iotests/204 | 2 +- tests/qemu-iotests/204.out | 2 +- tests/qemu-iotests/216 | 2 +- tests/qemu-iotests/224 | 4 +-- tests/qemu-iotests/228 | 5 ++-- tests/qemu-iotests/245 | 3 ++- tests/qemu-iotests/249 | 4 +-- tests/qemu-iotests/249.out | 4 +-- tests/qemu-iotests/252 | 2 +- tests/qemu-iotests/257 | 3 ++- tests/qemu-iotests/267 | 4 +-- tests/qemu-iotests/267.out | 6 ++--- tests/qemu-iotests/270 | 2 +- tests/qemu-iotests/270.out | 2 +- tests/qemu-iotests/273 | 4 +-- tests/qemu-iotests/273.out | 4 +-- tests/qemu-iotests/279 | 4 +-- tests/qemu-iotests/279.out | 4 +-- 121 files changed, 466 insertions(+), 348 deletions(-) -- 2.24.1

2 9

[libvirt PATCH 0/4] Do not depend on conf/ in util/
by Ján Tomko 24 Feb '20

24 Feb '20

Ján Tomko (4): syntax-check: inclusion rule for src/hypervisor conf: move virHostdevIs functions virhostdev: move to src/hypervisor virclosecallbacks: move to src/hypervisor build-aux/syntax-check.mk | 5 +- po/POTFILES.in | 4 +- src/bhyve/Makefile.inc.am | 1 + src/conf/domain_conf.c | 44 ++++++++++- src/conf/domain_conf.h | 10 +++ src/hypervisor/Makefile.inc.am | 4 + src/{util => hypervisor}/virclosecallbacks.c | 0 src/{util => hypervisor}/virclosecallbacks.h | 0 src/{util => hypervisor}/virhostdev.c | 43 ---------- src/{util => hypervisor}/virhostdev.h | 9 --- src/libvirt_private.syms | 83 ++++++++++---------- src/libxl/Makefile.inc.am | 1 + src/util/Makefile.inc.am | 4 - tests/Makefile.am | 1 + 14 files changed, 105 insertions(+), 104 deletions(-) rename src/{util => hypervisor}/virclosecallbacks.c (100%) rename src/{util => hypervisor}/virclosecallbacks.h (100%) rename src/{util => hypervisor}/virhostdev.c (98%) rename src/{util => hypervisor}/virhostdev.h (97%) -- 2.24.1

2 6

[libvirt PATCH] ci: Fix handling of $PKG_CONFIG_LIBDIR
by Andrea Bolognani 24 Feb '20

24 Feb '20

There are two environment variables that are baked into our cross-compilation container images at build time, $CONFIGURE_OPTS and $PKG_CONFIG_LIBDIR: the former contain the options necessary to convince configure to perform a cross build rather than a native one, and the latter is necessary so that pkg-config will locate the .pc files for MinGW libraries. Container images that are not intended for cross-compilation will not have either one defined. The problem is that, while an empty $CONFIGURE_OPTS is completely harmless, setting $PKG_CONFIG_LIBDIR to an emtpy value will result in pkg-config not looking in its default search path, thus not finding any library, and subsequently breaking native builds. To work around this issue, only pass $PKG_CONFIG_LIBDIR to sudo when the value is set in the calling environment. Fixes: 71517ae4db35c4dcc6c358d60d3a6d5da0615d39 Signed-off-by: Andrea Bolognani <abologna(a)redhat.com> --- Pushed as a CI fix. ci/Makefile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ci/Makefile b/ci/Makefile index 03799924b4..577b130d2f 100644 --- a/ci/Makefile +++ b/ci/Makefile @@ -216,12 +216,15 @@ ci-run-command@%: ci-prepare-tree $(CI_ENGINE) run $(CI_ENGINE_ARGS) $(CI_IMAGE_PREFIX)$*$(CI_IMAGE_TAG) \ /bin/bash -c ' \ $(CI_USER_HOME)/prepare || exit 1; \ + if test "$$PKG_CONFIG_LIBDIR"; then \ + pkgconfig_env="PKG_CONFIG_LIBDIR=$$PKG_CONFIG_LIBDIR"; \ + fi; \ sudo \ --login \ --user="#$(CI_UID)" \ --group="#$(CI_GID)" \ CONFIGURE_OPTS="$$CONFIGURE_OPTS" \ - PKG_CONFIG_LIBDIR="$$PKG_CONFIG_LIBDIR" \ + $$pkgconfig_env \ CI_CONT_SRCDIR="$(CI_CONT_SRCDIR)" \ CI_CONT_BUILDDIR="$(CI_CONT_BUILDDIR)" \ CI_SMP="$(CI_SMP)" \ -- 2.24.1

1 0

[PATCH] apparmor: allow to call vhost-user-gpu
by Christian Ehrhardt 24 Feb '20

24 Feb '20

Configuring vhost-user-gpu like: <video> <driver name='vhostuser'/> <model type='virtio' heads='1'/> </video> Triggers an apparmor denial like: apparmor="DENIED" operation="exec" profile="libvirtd" name="/usr/lib/qemu/vhost-user-gpu" pid=888257 comm="libvirtd" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 This helper is provided by qemu for vhost-user-gpu and thereby being in the same path as qemu_bridge_helper. Due to that adding a rule allowing to call uses the same path list. Signed-off-by: Christian Ehrhardt <christian.ehrhardt(a)canonical.com> --- src/security/apparmor/usr.sbin.libvirtd.in | 1 + 1 file changed, 1 insertion(+) diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/apparmor/usr.sbin.libvirtd.in index b384b7213b..1e137039e9 100644 --- a/src/security/apparmor/usr.sbin.libvirtd.in +++ b/src/security/apparmor/usr.sbin.libvirtd.in @@ -86,6 +86,7 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) { /usr/{lib,lib64}/xen-common/bin/xen-toolstack PUx, /usr/{lib,lib64}/xen/bin/* Ux, /usr/lib/xen-*/bin/libxl-save-helper PUx, + /usr/{lib,lib64,lib/qemu,libexec}/vhost-user-gpu PUx, # Required by nwfilter_ebiptables_driver.c:ebiptablesWriteToTempFile() to # read and run an ebtables script. -- 2.25.0

2 4

[libvirt PATCH 0/2] travis: Use dedicated images for MinGW builds
by Andrea Bolognani 24 Feb '20

24 Feb '20

Andrea Bolognani (2): ci: Make container environment available to scripts travis: Use dedicated images for MinGW builds .travis.yml | 10 ++++------ ci/Makefile | 2 ++ 2 files changed, 6 insertions(+), 6 deletions(-) -- 2.24.1

1 3

[libvirt PATCH] qemu: use correct backendType when checking memfd capability
by Ján Tomko 24 Feb '20

24 Feb '20

The backend name is memory-backend-memfd but we've been checking for memory-backend-memory. Reported by GCC on rawhide: ../../../src/internal.h:75:22: error: 'strcmp' of a string of length 21 and an array of size 21 evaluates to nonzero [-Werror=string-compare] ../../../src/qemu/qemu_command.c:3525:20: note: in expansion of macro 'STREQ' 3525 | } else if (STREQ(backendType, "memory-backend-memory") && | ^~~~~ Signed-off-by: Ján Tomko <jtomko(a)redhat.com> Fixes: 24b74d187cab48a9dc9f409ea78900154c709579 --- src/qemu/qemu_command.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index f69a9e651c..6d5b53d30a 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -3522,7 +3522,7 @@ qemuBuildMemoryBackendProps(virJSONValuePtr *backendProps, _("this qemu doesn't support the " "memory-backend-ram object")); return -1; - } else if (STREQ(backendType, "memory-backend-memory") && + } else if (STREQ(backendType, "memory-backend-memfd") && !virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_MEMORY_MEMFD)) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("this qemu doesn't support the " -- 2.24.1

2 1

[libvirt RFC PATCH] util: vireventglibwatch: watch for G_IO_HUP and G_IO_ERR
by Ján Tomko 24 Feb '20

24 Feb '20

To more closely match the previous usage in virEventPollDispatchHandles, where called the handle callback for any revents returned by poll. This should fix the virtlogd error on subsequent domain startup: error: can't connect to virtlogd: Cannot open log file: '/var/log/libvirt/qemu/f28live.log': Device or resource busy as well as virtlogd spinning caused by virLogHandlerDomainLogFileEvent never being called on hangup. Signed-off-by: Ján Tomko <jtomko(a)redhat.com> Fixes: f8ab47cb4491dd72d866c1a96a9d94b8c3341de9 Fixes: 946a25274c46ffff46323c62f567ae7e753aa921 --- src/util/vireventglibwatch.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/util/vireventglibwatch.c b/src/util/vireventglibwatch.c index 7694e74f23..178707f6b7 100644 --- a/src/util/vireventglibwatch.c +++ b/src/util/vireventglibwatch.c @@ -89,11 +89,11 @@ GSource *virEventGLibCreateSocketWatch(int fd, sizeof(virEventGLibFDSource)); ssource = (virEventGLibFDSource *)source; - ssource->condition = condition; + ssource->condition = condition | G_IO_HUP | G_IO_ERR; ssource->fd = fd; ssource->pollfd.fd = fd; - ssource->pollfd.events = condition; + ssource->pollfd.events = condition | G_IO_HUP | G_IO_ERR; g_source_add_poll(source, &ssource->pollfd); -- 2.24.1

4 3

[libvirt-dockerfiles PATCH 0/2] Update for MinGW changes
by Andrea Bolognani 24 Feb '20

24 Feb '20

Pushed under the Dockerfile refresh rule. As usual, these patches cannot be applied to the git repository and are posted to the list for humans' convenience only. Andrea Bolognani (2): Refresh after turning MinGW into a cross-building target Add Dockerfiles for MinGW cross-compilation buildenv-libosinfo-fedora-30-cross-mingw32.zip | Bin 0 -> 687 bytes buildenv-libosinfo-fedora-30-cross-mingw64.zip | Bin 0 -> 689 bytes buildenv-libosinfo-fedora-30.zip | Bin 605 -> 544 bytes buildenv-libvirt-fedora-30-cross-mingw32.zip | Bin 0 -> 958 bytes buildenv-libvirt-fedora-30-cross-mingw64.zip | Bin 0 -> 960 bytes buildenv-libvirt-fedora-30.zip | Bin 897 -> 776 bytes 6 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 buildenv-libosinfo-fedora-30-cross-mingw32.zip create mode 100644 buildenv-libosinfo-fedora-30-cross-mingw64.zip create mode 100644 buildenv-libvirt-fedora-30-cross-mingw32.zip create mode 100644 buildenv-libvirt-fedora-30-cross-mingw64.zip -- 2.24.1

1 2

[dockerfiles PATCH] refresh: Drop MinGW hacks
by Andrea Bolognani 24 Feb '20

24 Feb '20

Up until now we have had to hardcode some information in our refresh script, but with the recent improvements to lcitool that's no longer necessary. Signed-off-by: Andrea Bolognani <abologna(a)redhat.com> --- This patch needs https://www.redhat.com/archives/libvir-list/2020-February/msg00409.html to be merged into libvirt-jenkins-ci. refresh | 37 ++++++++++++------------------------- 1 file changed, 12 insertions(+), 25 deletions(-) diff --git a/refresh b/refresh index 5f3f5e3..6b644de 100755 --- a/refresh +++ b/refresh @@ -31,22 +31,19 @@ class Dockerfile: CROSS = "-cross-" SUFFIX = ".zip" - # PROJECTS is a dictionary of dictionaries. + # PROJECTS is a dictionary of lists. # The key is the project name, as present in the Dockerfile name and - # the value is a dictionary containing the subprojects which the - # dependencies should be installed together as the key and their value - # being whether they support mingw builds or not. - # This hack is needed till the moment libvirt-jenkins-ci treats mingw - # builds in the very same way as cross-builds are treated. + # the value is a list containing the subprojects which the + # dependencies should be installed together as. PROJECTS = { - "libvirt" : { - "libvirt" : True - }, - "libosinfo" : { - "libosinfo" : True, - "osinfo-db" : False, - "osinfo-db-tools" : True - }, + "libvirt" : [ + "libvirt" + ], + "libosinfo" : [ + "libosinfo", + "osinfo-db", + "osinfo-db-tools", + ], } def __init__(self, path): @@ -91,17 +88,7 @@ class Dockerfile: self.os = stem self.cross_arch = None - self.projects = [] - - for project in Dockerfile.PROJECTS[project_name]: - self.projects += [project] - # Fedora 30 is special in that we use it to perform MinGW - # builds, so we need to add the corresponding projects as well. - # If a specific project needs to have the MinGW variant included, - # the corresponding value in the dictionary will be True - if (self.os == "fedora-30" and - Dockerfile.PROJECTS[project_name][project]): - self.projects += [project + "+mingw*"] + self.projects = Dockerfile.PROJECTS[project_name] def refresh(self, lcitool): -- 2.24.1

1 1

[libvirt PATCH 00/11] qemu: introduce a per-VM event loop thread
by Daniel P. Berrangé 24 Feb '20

24 Feb '20

This series changes the way we manage the QEMU monitor and QEMU agent, such that all I/O is processed by a dedicated event loop thread. Many times in the past years people are reported issues where long running monitor event callbacks block the main libvirtd event loop for an unacceptably long period of time. In the best case, this delays other work being completed, but in bad cases it leads to mgmt app failures when keepalive times trigger a client disconnect. With this series, when we spawn QEMU, we also spawn a dedicated thread running a GMainLoop instance. Then QEMU monitor and QEMU agent UNIX sockets are switched to use GMainContext for events instead of the traditional libvirt event loop APIs. We kill off the event thread when we see EOF on the QEMU monitor during shutdown. The cost of this approach is one extra thread per VM, which incurs a new OS process and a new stack allocation. The QEMU driver already delegates some QMP event handling to a thread pool for certain types of event. This was a previous hack to mitigate the impact on the main event loop. It is likely that we can remove this thread pool from the QEMU driver & rely on the per-VM event threads to do all the work. This will, however, require careful analysis of each handler we pushed into the thread pool to make sure its work doesn't have a dependency on the event loop running in parallel. This should also eliminate the need to have the libvirt event loop registered when using the embedded QEMU driver. This has not yet been validated, however, so it is left for a future patch to relax the constraint. Daniel P. Berrangé (11): qemu: drop support for agent connections on PTYs qemu: drop ability to open monitor from FD src: set the OS level thread name src: improve thread naming with human targetted names src: introduce an abstraction for running event loops qemu: start/stop an event loop thread for domains qemu: start/stop an event thread for QMP probing tests: start/stop an event thread for QEMU monitor/agent tests qemu: convert monitor to use the per-VM event loop qemu: fix variable naming in agent code qemu: convert agent to use the per-VM event loop po/POTFILES.in | 1 + src/libvirt_private.syms | 6 + src/libxl/libxl_domain.c | 10 +- src/libxl/libxl_migration.c | 23 +- src/lxc/lxc_fuse.c | 4 +- src/node_device/node_device_udev.c | 7 +- src/nwfilter/nwfilter_dhcpsnoop.c | 11 +- src/nwfilter/nwfilter_learnipaddr.c | 10 +- src/qemu/qemu_agent.c | 634 ++++++++++++++-------------- src/qemu/qemu_agent.h | 1 + src/qemu/qemu_domain.c | 33 ++ src/qemu/qemu_domain.h | 6 + src/qemu/qemu_driver.c | 3 +- src/qemu/qemu_migration.c | 8 +- src/qemu/qemu_monitor.c | 155 +++---- src/qemu/qemu_monitor.h | 8 +- src/qemu/qemu_process.c | 61 ++- src/qemu/qemu_process.h | 2 + src/remote/remote_daemon.c | 9 +- src/rpc/virnetserver.c | 9 +- src/storage/storage_backend_scsi.c | 4 +- src/storage/storage_driver.c | 4 +- src/util/Makefile.inc.am | 2 + src/util/vircommand.c | 5 +- src/util/vireventthread.c | 175 ++++++++ src/util/vireventthread.h | 31 ++ src/util/virfdstream.c | 10 +- src/util/virnodesuspend.c | 8 +- src/util/virthread.c | 44 +- src/util/virthread.h | 4 +- src/util/virthreadpool.c | 14 +- src/util/virthreadpool.h | 2 +- tests/qemumonitortestutils.c | 15 + 33 files changed, 832 insertions(+), 487 deletions(-) create mode 100644 src/util/vireventthread.c create mode 100644 src/util/vireventthread.h -- 2.24.1

4 22

[libvirt PATCH] vz: Fix return value in error path
by Rikard Falkeborn 24 Feb '20

24 Feb '20

If PrlVmDev_GetType(), PrlVmDev_GetIndex() or PrlVmCfg_GetBootDevCount() fails, return false to indicate error. Returning -1 would be interpreted as true when used in an if-statement. Fixes: 8c9252aa6d95247537da0939b54fdd2f31695e32 Signed-off-by: Rikard Falkeborn <rikard.falkeborn(a)gmail.com> --- src/vz/vz_sdk.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/vz/vz_sdk.c b/src/vz/vz_sdk.c index 877692aeba..2c68c7cb27 100644 --- a/src/vz/vz_sdk.c +++ b/src/vz/vz_sdk.c @@ -1609,13 +1609,13 @@ prlsdkInBootList(PRL_HANDLE sdkdom, size_t i; pret = PrlVmDev_GetType(sdktargetdev, &targetType); - prlsdkCheckRetExit(pret, -1); + prlsdkCheckRetExit(pret, false); pret = PrlVmDev_GetIndex(sdktargetdev, &targetIndex); - prlsdkCheckRetExit(pret, -1); + prlsdkCheckRetExit(pret, false); pret = PrlVmCfg_GetBootDevCount(sdkdom, &bootNum); - prlsdkCheckRetExit(pret, -1); + prlsdkCheckRetExit(pret, false); for (i = 0; i < bootNum; ++i) { pret = PrlVmCfg_GetBootDev(sdkdom, i, &bootDev); -- 2.25.1

2 1

[libvirt PATCH] esx: Same order of arguments in definition and declaration
by Rikard Falkeborn 24 Feb '20

24 Feb '20

The order of arguments were not the same in the definition and declaration. All callers use the same order as the definition, so there is no bug, but change the function declaration to match the implementation to avoid confusion. Signed-off-by: Rikard Falkeborn <rikard.falkeborn(a)gmail.com> --- src/esx/esx_vi.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/esx/esx_vi.h b/src/esx/esx_vi.h index 5c60fd58f4..b960c0900a 100644 --- a/src/esx/esx_vi.h +++ b/src/esx/esx_vi.h @@ -204,8 +204,8 @@ struct _esxVI_Context { int esxVI_Context_Alloc(esxVI_Context **ctx); void esxVI_Context_Free(esxVI_Context **ctx); -int esxVI_Context_Connect(esxVI_Context *ctx, const char *ipAddress, - const char *url, const char *username, +int esxVI_Context_Connect(esxVI_Context *ctx, const char *url, + const char *ipAddress, const char *username, const char *password, esxUtil_ParsedUri *parsedUri); int esxVI_Context_LookupManagedObjects(esxVI_Context *ctx); int esxVI_Context_LookupManagedObjectsByPath(esxVI_Context *ctx, const char *path); -- 2.25.1

2 1

Requesting Guidance
by Ritish kr singh 24 Feb '20

24 Feb '20

Hello, Sir My name is Ritish Singh. I am currently pursuing my Bachelor of Technology in Computer Science. After going through a lot of GSoC Projects I found Libvirt project to be quite interesting and challenging for me and I want to contribute to this project this summer in GSoC. I want to contribute to Test driver API coverage. I would be grateful to you if you could guide me in the project and help me to get started on the project. Thanks

2 1

[PATCH 00/16] Bhyve driver improvements
by Ryan Moeller 24 Feb '20

24 Feb '20

Ryan Moeller (16): Fix build errors on FreeBSD Simplify bhyve driver caps helpers Remove redundant parameter to virBhyveProcessStart() Fix indentation Eliminate rc variable Factor out conn Don't bother seeking to the end of a file opened O_APPEND Make bhyveMonitor a virClass Refactor bhyve monitor register/unregister Add hooks for bhyve backend Add reboot support for bhyve backend Refactor virBhyveProcessBuildBhyveCmd a bit Reorder slot,bus,func -> bus,slot,func in parsers Add hostdev handling for bhyve Enable booting from hostdevs with bhyve Allow PCI functions up to 255 for PCI ARI docs/schemas/basictypes.rng | 10 +- docs/schemas/domaincommon.rng | 30 ++ src/bhyve/bhyve_capabilities.c | 14 + src/bhyve/bhyve_capabilities.h | 1 + src/bhyve/bhyve_command.c | 285 +++++++++++++----- src/bhyve/bhyve_command.h | 4 +- src/bhyve/bhyve_driver.c | 67 ++-- src/bhyve/bhyve_driver.h | 4 +- src/bhyve/bhyve_monitor.c | 165 ++++++---- src/bhyve/bhyve_monitor.h | 2 + src/bhyve/bhyve_parse_command.c | 124 ++++++-- src/bhyve/bhyve_process.c | 107 +++++-- src/bhyve/bhyve_process.h | 4 +- src/conf/domain_audit.c | 5 + src/conf/domain_conf.c | 131 ++++++++ src/conf/domain_conf.h | 29 +- src/conf/virconftypes.h | 3 + src/conf/virnetworkobj.c | 5 +- src/qemu/qemu_command.c | 2 + src/qemu/qemu_domain.c | 5 + src/qemu/qemu_hostdev.c | 1 + src/qemu/qemu_hotplug.c | 2 + src/qemu/qemu_migration.c | 1 + src/security/security_apparmor.c | 1 + src/security/security_dac.c | 28 ++ src/security/security_selinux.c | 8 + src/util/virhook.c | 15 + src/util/virhook.h | 11 + src/util/virpci.c | 4 +- .../bhyveargv2xml-passthru.args | 8 + .../bhyveargv2xml-passthru.xml | 26 ++ .../bhyveargv2xml-virtio-scsi.args | 9 + .../bhyveargv2xml-virtio-scsi.xml | 20 ++ tests/bhyveargv2xmltest.c | 2 + .../bhyvexml2argv-passthru.args | 11 + .../bhyvexml2argv-passthru.ldargs | 1 + .../bhyvexml2argv-passthru.xml | 22 ++ .../bhyvexml2argv-virtio-scsi.args | 9 + .../bhyvexml2argv-virtio-scsi.ldargs | 1 + .../bhyvexml2argv-virtio-scsi.xml | 21 ++ tests/bhyvexml2argvtest.c | 8 +- .../bhyvexml2xmlout-passthru.xml | 29 ++ .../bhyvexml2xmlout-virtio-scsi.xml | 23 ++ tests/bhyvexml2xmltest.c | 2 + 44 files changed, 1041 insertions(+), 219 deletions(-) create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-passthru.args create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-passthru.xml create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-virtio-scsi.args create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-virtio-scsi.xml create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-passthru.args create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-passthru.ldargs create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-passthru.xml create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-virtio-scsi.args create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-virtio-scsi.ldargs create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-virtio-scsi.xml create mode 100644 tests/bhyvexml2xmloutdata/bhyvexml2xmlout-passthru.xml create mode 100644 tests/bhyvexml2xmloutdata/bhyvexml2xmlout-virtio-scsi.xml -- 2.24.1

2 25

[PATCH v3 0/5] lxc: Add VCPU features for LXC
by Julio Faracco 24 Feb '20

24 Feb '20

This series cover a lots of functionalities to LXC VCPUs. It enables sharing some timer devices between host and LXC guest using `timer` settings. It still has other improvements related to VCPU and LXC such as virtual cpuinfo content based on VCPU settings and some better resource limits. Each patch has the description of the problem and what it is trying to fix. v1-v2: Add Daniel's comments and some cleanups. v2-v3: Remove dependency from patch 4 and 5. Julio Faracco (5): lxc: Add Real Time Clock device into allowed devices lxc: Add HPET device into allowed devices lxc: Replacing default strings definitions by g_autofree statement. lxc: Implement virtual /proc/cpuinfo via LXC fuse lxc: Count max VCPUs based on cpuset.cpus in native config. docs/formatdomain.html.in | 4 +- src/lxc/lxc_cgroup.c | 91 ++++++++- src/lxc/lxc_container.c | 62 ++++-- src/lxc/lxc_container.h | 2 + src/lxc/lxc_controller.c | 187 ++++++++++++------ src/lxc/lxc_fuse.c | 107 ++++++++-- src/lxc/lxc_native.c | 24 ++- .../lxcconf2xml-cpusettune.xml | 2 +- 8 files changed, 368 insertions(+), 111 deletions(-) -- 2.20.1

1 5

[PATCH v2 0/5] lxc: Add VCPU features for LXC
by Julio Faracco 24 Feb '20

24 Feb '20

This series cover a lots of functionalities to LXC VCPUs. It enables sharing some timer devices between host and LXC guest using `timer` settings. It still has other improvements related to VCPU and LXC such as virtual cpuinfo content based on VCPU settings and some better resource limits. Each patch has the description of the problem and what it is trying to fix. v1-v2: Add Daniel's comments and some cleanups. Julio Faracco (5): lxc: Add Real Time Clock device into allowed devices lxc: Add HPET device into allowed devices lxc: Replacing default strings definitions by g_autofree statement. lxc: Implement virtual /proc/cpuinfo via LXC fuse lxc: Count max VCPUs based on cpuset.cpus in native config. docs/formatdomain.html.in | 4 +- src/lxc/lxc_cgroup.c | 91 ++++++++- src/lxc/lxc_container.c | 60 ++++-- src/lxc/lxc_container.h | 2 + src/lxc/lxc_controller.c | 187 ++++++++++++------ src/lxc/lxc_fuse.c | 107 ++++++++-- src/lxc/lxc_native.c | 24 ++- .../lxcconf2xml-cpusettune.xml | 2 +- 8 files changed, 367 insertions(+), 110 deletions(-) -- 2.20.1

1 5

[libvirt PATCH] docs: add a kbase explaining security protections for QEMU passthrough
by Daniel P. Berrangé 24 Feb '20

24 Feb '20

When using command line passthrough users will often trip up over the security protections like SELinux, DAC, namespaces, etc which will deny access to files they are passing. This document explains the various protections and how to deal with their policy, and/or how to disable them. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- docs/kbase.html.in | 4 + docs/kbase/qemu-passthrough-security.rst | 157 +++++++++++++++++++++++ 2 files changed, 161 insertions(+) create mode 100644 docs/kbase/qemu-passthrough-security.rst diff --git a/docs/kbase.html.in b/docs/kbase.html.in index c156414c41..db84b95b60 100644 --- a/docs/kbase.html.in +++ b/docs/kbase.html.in @@ -29,6 +29,10 @@ <dt><a href="kbase/backing_chains.html">Backing chain management</a></dt> <dd>Explanation of how disk backing chain specification impacts libvirt's behaviour and basic troubleshooting steps of disk problems.</dd> + + <dt><a href="kbase/qemu-passthrough-security.html">Security with QEMU passthrough</a></dt> + <dd>Examination of the security protections used for QEMU and how they need + configuring to allow use of QEMU passthrough with host files/devices.</dd> </dl> </div> diff --git a/docs/kbase/qemu-passthrough-security.rst b/docs/kbase/qemu-passthrough-security.rst new file mode 100644 index 0000000000..7fb1f6fbdd --- /dev/null +++ b/docs/kbase/qemu-passthrough-security.rst @@ -0,0 +1,157 @@ +============================= +QEMU command line passthrough +============================= + +.. contents:: + +Libvirt aims to provide explicit modelling of virtualization features in +the domain XML document schema. QEMU has a very broad range of features +and not all of these can be mapped to elements in the domain XML. Libvirt +would like to reduce the gap to QEMU, however, with finite resources there +will always be cases which aren't covered by the domain XML schema. + + +XML document additions +====================== + +To deal with the problem, libvirt introduced support for command line +passthrough of QEMU arguments. This is achieved by supporting a custom +XML namespace, under which some QEMU driver specific elements are defined. + +The canonical place to declare the namespace is on the top level ``<domain>`` +element. At the very end of the document, arbitrary command line arguments +can now be added, using the namespace prefix ``qemu:`` + +:: + + <domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + ... + <qemu:commandline> + <qemu:arg value='-newarg'/> + <qemu:arg value='parameter'/> + <qemu:env name='ID' value='wibble'/> + <qemu:env name='BAR'/> + </qemu:commandline> + </domain> + +Note that when an argument takes a value eg ``-newarg parameter``, the argument +and the value must be passed as separate ``<qemu:arg>`` entries. + +Instead of declaring the XML namespace on the top level ``<domain>`` it is also +possible to declare it at time of use, which is more convenient for humans +writing the XML documents manually. So the following example is functionally +identical: + +:: + + <domain type='kvm'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + ... + <commandline xmlns="http://libvirt.org/schemas/domain/qemu/1.0"> + <arg value='-newarg'/> + <arg value='parameter'/> + <env name='ID' value='wibble'/> + <env name='BAR'/> + </commandline> + </domain> + +Note that when querying the XML from libvirt, it will have been translated into +the canonical syntax once more with the namespace on the top level element. + +Security confinement / sandboxing +================================= + +When libvirt launches a QEMU process it makes use of a number of security +technologies to confine QEMU and thus protect the host from malicious VM +breakouts. + +When configuring security protection, however, libvirt generally needs to know +exactly which host resources the VM is permitted to access. It gets this +information from the domain XML document. This only works for elements in the +regular schema, the arguments used with command line passthrough are completely +opaque to libvirt. + +As a result, if command line passthrough is used to expose a file on the host +to QEMU, the security protections will activate and either kill QEMU or deny it +access. + +There are two strategies for dealing with this problem, either figure out what +steps are needed to grant QEMU access to the device, or disable the security +protections. The former is harder, but more secure, while the latter is simple. + +Granting access per VM +---------------------- + +* SELinux - the file on the host needs an SELinux label that will grant access + to QEMU's ``svirt_t`` policy. + + - Read only access - use the ``virt_content_t`` label + - Shared, write access - use the ``svirt_image_t:s0`` label (ie no MCS + category appended) + - Exclusive, write access - use the ``svirt_image_t:s0:MCS`` label for the VM. + The MCS is auto-generatd at boot time, so this may require re-configuring + the VM to have a fixed MCS label + +* DAC - the file on the host needs to be readable/writable to the ``qemu`` + user or ``qemu`` group. This can be done by changing the file ownership to + ``qemu``, or relaxing the permissions to allow world read, or adding file + ACLs to allow access to ``qemu``. + +* Namespaces - a private ``mount`` namespace is used for QEMU by default + which populates a new ``/dev`` with only the device nodes needed by QEMU. + There is no way to augment the set of device nodes ahead of time. + +* Seccomp - libvirt launches QEMU with its built-in seccomp policy enabled with + ``obsolete=deny``, ``elevateprivileges=deny``, ``spawn=deny`` and + ``resourcecontrol=deny`` settings active. There is no way to change this + policy on a per VM basis + +* Cgroups - a custom cgroup is created per VM and this will either use the + ``devices`` controller or an ``BPF`` rule to whitelist a set of device nodes. + There is no way to change this policy on a per VM basis. + +Disabling security protection per VM +------------------------------------ + +Some of the security protections can be disabled per-VM: + +* SELinux - in the domain XML the ``<seclabel>`` model can be changed to + ``none`` instead of ``selinux``, which will make the VM run unconfined. + +* DAC - in the domain XML an ``<seclabel>`` element with the ``dac`` model can + be added, configured with a user / group account of ``root`` to make QEMU run + with full privileges + +* Namespaces - there is no way to disable this per VM + +* Seccomp - there is no way to disable this per VM + +* Cgroups - there is no way to disable this per VM + +Disabling security protection host-wide +--------------------------------------- + +As a last resort it is possible to disable security protection host wide which +will affect all virtual machines. These settings are all made in +``/etc/libvirt/qemu.conf`` + +* SELinux - set ``security_default_confied = 0`` to make QEMU run unconfined by + default, while still allowing explicit opt-in to SELinux for VMs. + +* DAC - set ``user = root`` and ``group = root`` to make QEMU run as the root + account + +* SELinux, DAC - set ``security_driver = []`` to entirely disable both the + SELinux and DAC security drivers. + +* Namespaces - set ``namespaces = []`` to disable use of the ``mount`` + namespaces, causing QEMU to see the normal fully popualated ``dev`` + +* Seccomp - set ``seccomp_sandbox = 0`` to disable use of the Seccomp sandboxing + in QEMU + +* Cgroups - set ``cgroup_device_acl`` to include the desired device node, or + ``cgroup_controllers = [...]`` to exclude the ``devices`` controller. -- 2.24.1

3 2

[jenkins-ci PATCH 0/8] lcitool: Support MinGW cross-build Dockerfiles
by Andrea Bolognani 24 Feb '20

24 Feb '20

More details in the commit message for patch 7/8. Pavel pointed out today that the current method of triggering MinGW builds using our CI scaffolding, eg. $ make ci-build@fedora-30 CI_CONFIGURE=mingw64-configure is easy to get wrong and not very discoverable, so I took that as motivation to implement a change that I had been thinking about for a long time anyway. The new usage will be $ make ci-build@fedora-30-cross-mingw64 which aligns with how we're already doing cross-builds for other architectures and is discoverable via 'make ci-list-images'. The implementation is not the prettiest, but the Dockerfile generator in general could use some love so I don't think this improvement should be blocked because of that; I'll try to spend some time refactoring and cleaning up once this has been merged. Andrea Bolognani (8): lcitool: Introduce cross_arch local variable lcitool: Change check for pip_pkgs formatting lcitool: Separate computation and formatting lcitool: Introduce _dockerfile_format() lcitool: Introduce _dockerfile_build_varmap() lcitool: Add RPM-specific _dockerfile_build_varmap() variant lcitool: Support MinGW cross-build Dockerfiles on Fedora lcitool: Add more checks to _action_dockerfile() guests/lcitool | 219 ++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 172 insertions(+), 47 deletions(-) -- 2.24.1

2 10

[PATCH] storage: Add support to set{uid,gid} and sticky bit
by Julio Faracco 24 Feb '20

24 Feb '20

This commit add more features to storages that supports setuid, setgid and sticky bit. This extend some permission levels of volumes when you run an hypervisor using a specific user that can run but cannot delete volumes for instance. Additionally, when you create a directory without `pool-build` command, you cannot import those extra permissions. Example: # mkdir /var/lib/libvirt/images/ # chmod 0755 /var/lib/libvirt/images/ # chmod u+s /var/lib/libvirt/images/ # pool-start default # pool-dumpxml default No setuid from `<mode>0755</mode>`. Output should expect `<mode>4755</mode>`. Signed-off-by: Julio Faracco <jcfaracco(a)gmail.com> --- src/conf/storage_conf.c | 11 ++++++++--- src/storage/storage_util.c | 12 ++++++++---- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/src/conf/storage_conf.c b/src/conf/storage_conf.c index 252d28cbfb..54e4a60ded 100644 --- a/src/conf/storage_conf.c +++ b/src/conf/storage_conf.c @@ -746,7 +746,7 @@ virStorageDefParsePerms(xmlXPathContextPtr ctxt, if ((mode = virXPathString("string(./mode)", ctxt))) { int tmp; - if (virStrToLong_i(mode, NULL, 8, &tmp) < 0 || (tmp & ~0777)) { + if (virStrToLong_i(mode, NULL, 8, &tmp) < 0 || (tmp & ~07777)) { virReportError(VIR_ERR_XML_ERROR, "%s", _("malformed octal mode")); goto error; @@ -1187,9 +1187,14 @@ virStoragePoolDefFormatBuf(virBufferPtr buf, def->target.perms.label) { virBufferAddLit(buf, "<permissions>\n"); virBufferAdjustIndent(buf, 2); - if (def->target.perms.mode != (mode_t) -1) - virBufferAsprintf(buf, "<mode>0%o</mode>\n", + if (def->target.perms.mode != (mode_t) -1) { + if (def->target.perms.mode & (S_ISUID | S_ISGID | S_ISVTX)) + virBufferAsprintf(buf, "<mode>%4o</mode>\n", def->target.perms.mode); + else + virBufferAsprintf(buf, "<mode>0%o</mode>\n", + def->target.perms.mode); + } if (def->target.perms.uid != (uid_t) -1) virBufferAsprintf(buf, "<owner>%d</owner>\n", (int) def->target.perms.uid); diff --git a/src/storage/storage_util.c b/src/storage/storage_util.c index c2754dbb93..5352ab9120 100644 --- a/src/storage/storage_util.c +++ b/src/storage/storage_util.c @@ -82,6 +82,10 @@ VIR_LOG_INIT("storage.storage_util"); # define S_IRWXUGO (S_IRWXU | S_IRWXG | S_IRWXO) #endif +#ifndef S_IALLUGO +# define S_IALLUGO (S_ISUID | S_ISGID | S_ISVTX | S_IRWXUGO) +#endif + /* virStorageBackendNamespaceInit: * @poolType: virStoragePoolType * @xmlns: Storage Pool specific namespace callback methods @@ -512,7 +516,7 @@ virStorageBackendCreateExecCommand(virStoragePoolObjPtr pool, virCommandSetUID(cmd, vol->target.perms->uid); virCommandSetGID(cmd, vol->target.perms->gid); - virCommandSetUmask(cmd, S_IRWXUGO ^ mode); + virCommandSetUmask(cmd, S_IALLUGO ^ mode); if (virCommandRun(cmd, NULL) == 0) { /* command was successfully run, check if the file was created */ @@ -523,7 +527,7 @@ virStorageBackendCreateExecCommand(virStoragePoolObjPtr pool, * If that doesn't match what we expect, then let's try to * re-open the file and attempt to force the mode change. */ - if (mode != (st.st_mode & S_IRWXUGO)) { + if (mode != (st.st_mode & S_IALLUGO)) { VIR_AUTOCLOSE fd = -1; int flags = VIR_FILE_OPEN_FORK | VIR_FILE_OPEN_FORCE_MODE; @@ -569,7 +573,7 @@ virStorageBackendCreateExecCommand(virStoragePoolObjPtr pool, goto cleanup; } - if (mode != (st.st_mode & S_IRWXUGO) && + if (mode != (st.st_mode & S_IALLUGO) && chmod(vol->target.path, mode) < 0) { virReportSystemError(errno, _("cannot set mode of '%s' to %04o"), @@ -1825,7 +1829,7 @@ virStorageBackendUpdateVolTargetInfoFD(virStorageSourcePtr target, if (!target->perms && VIR_ALLOC(target->perms) < 0) return -1; - target->perms->mode = sb->st_mode & S_IRWXUGO; + target->perms->mode = sb->st_mode & S_IALLUGO; target->perms->uid = sb->st_uid; target->perms->gid = sb->st_gid; -- 2.20.1

2 3

[PATCH 0/7] util: More storage file detection cleanups
by Peter Krempa 24 Feb '20

24 Feb '20

Found while investigating options of how to improve image detection. Peter Krempa (7): tests: virstorage: Fix backing file format of created image virStorageSourceUpdateCapacity: Drop 'probe' argument util: storage: Store backing store format in virStorageSource virStorageSourceNewFromBacking: Also transfer the format virStorageBackendGlusterRefreshVol: Refactor handling of backing store virStorageFileGetMetadataFromBuf: Remove 'backingFormat' argument virStorageFileGetMetadataFromFD: Remove unused 'backingFormat' argument src/qemu/qemu_driver.c | 2 +- src/storage/storage_backend_gluster.c | 12 ++--- src/storage/storage_util.c | 8 +-- src/util/virstoragefile.c | 75 +++++++++------------------ src/util/virstoragefile.h | 10 ++-- tests/virstoragetest.c | 2 +- 6 files changed, 36 insertions(+), 73 deletions(-) -- 2.24.1

2 14

[libvirt PATCH] bhyve: command: remove unused includes
by Ján Tomko 23 Feb '20

23 Feb '20

These were needed for virBhyveTapGetRealDeviceName but were not deleted after the function was moved to src/util. Signed-off-by: Ján Tomko <jtomko(a)redhat.com> Fixes: a1bd8d2546c3e469f6a5ce119fad7da1cd473db5 --- Pushed as trivial. src/bhyve/bhyve_command.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/bhyve/bhyve_command.c b/src/bhyve/bhyve_command.c index 2df7b60115..03bb99d496 100644 --- a/src/bhyve/bhyve_command.c +++ b/src/bhyve/bhyve_command.c @@ -21,10 +21,6 @@ #include <config.h> -#include <sys/types.h> -#include <net/if.h> -#include <net/if_tap.h> - #include "bhyve_capabilities.h" #include "bhyve_command.h" #include "bhyve_domain.h" -- 2.24.1

1 0

[libvirt PATCH] syms: fix comment for domain_driver.h
by Ján Tomko 23 Feb '20

23 Feb '20

Signed-off-by: Ján Tomko <jtomko(a)redhat.com> Fixes: 8595948bc855bc5fb65c8362a5e5832a30f97f7e --- Pushed as trivial. src/libvirt_private.syms | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 28a3553bcf..907cef2390 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1397,7 +1397,7 @@ virDomainCgroupSetupDomainBlkioParameters; virDomainCgroupSetupMemtune; -# hypervisor/domain_cgroup.h +# hypervisor/domain_driver.h virDomainDriverMergeBlkioDevice; virDomainDriverParseBlkioDeviceStr; virDomainDriverSetupPersistentDefBlkioParams; -- 2.24.1

1 0

[PATCH v2 00/14] vircgroup code duplication purge
by Daniel Henrique Barboza 23 Feb '20

23 Feb '20

Based on the feedback from version 1 [1], we can't put cross directory dependencies in the utils files, but ATM we have no good spot to put common driver code as well. The solution then was to add a new directory structure, as proposed in [2], to put the common cgroup and driver code between LXC and QEMU into. changes from v1: - introduced src/hypervisor/domain_cgroup.c/h. Cgroup duplicated code that depends on /conf includes now goes to this file - introduced src/hypervisor/domain_driver.c/h. Common driver code now goes to this file instead of putting more stuff in domain_conf.c [1] https://www.redhat.com/archives/libvir-list/2020-February/msg00425.html [2] https://www.redhat.com/archives/libvir-list/2019-December/msg00817.html Daniel Henrique Barboza (14): vircgroup.c: adding virCgroupSetupBlkioDevice* helpers lxc,qemu: use virCgroupSetupBlkioDevice* helpers vircgroup.c: turn virCgroup{Get/Set}BlkioDevice* into static src: introducing hypervisor/domain_cgroup.c domain_cgroup.c: add virDomainCgroupSetupMemtune() vircgroup.c: add virCgroupSetupCpusetCpus() vircgroup.c: add virCgroupSetupCpuShares() vircgroup.c: add virCgroupSetupCpuPeriodQuota() src/hypervisor: introduce domain_driver.c domain_driver.c: add virDomainDriverParseBlkioDeviceStr() domain_cgroup.c: add virDomainCgroupSetupDomainBlkioParameters() domain_driver.c: add virDomainDriverSetupPersistentDefBlkioParams() domain_cgroup.c: add virDomainCgroupSetMemoryLimitParameters() vircgroup: add virCgroupGetCpuPeriodQuota() po/POTFILES.in | 2 + src/Makefile.am | 1 + src/hypervisor/Makefile.inc.am | 16 ++ src/hypervisor/domain_cgroup.c | 268 ++++++++++++++++++++ src/hypervisor/domain_cgroup.h | 38 +++ src/hypervisor/domain_driver.c | 252 +++++++++++++++++++ src/hypervisor/domain_driver.h | 36 +++ src/libvirt_private.syms | 32 ++- src/lxc/Makefile.inc.am | 2 + src/lxc/lxc_cgroup.c | 91 +------ src/lxc/lxc_driver.c | 430 ++------------------------------- src/qemu/Makefile.inc.am | 1 + src/qemu/qemu_cgroup.c | 112 +-------- src/qemu/qemu_driver.c | 401 +----------------------------- src/util/vircgroup.c | 212 ++++++++++++++-- src/util/vircgroup.h | 53 ++-- 16 files changed, 894 insertions(+), 1053 deletions(-) create mode 100644 src/hypervisor/Makefile.inc.am create mode 100644 src/hypervisor/domain_cgroup.c create mode 100644 src/hypervisor/domain_cgroup.h create mode 100644 src/hypervisor/domain_driver.c create mode 100644 src/hypervisor/domain_driver.h -- 2.24.1

2 29

[libvirt PATCH] fix paths to openrc.init.in files
by Ján Tomko 23 Feb '20

23 Feb '20

The inc.am Makfiles are included by src/Makefile.am. Adjust the paths added to OPENRC_INIT_FILES_IN accordingly. Signed-off-by: Ján Tomko <jtomko(a)redhat.com> Fixes: f4b1c020a2c8493473bf868231cee6a952d57e6f --- Pushed as a build fix. src/locking/Makefile.inc.am | 2 +- src/logging/Makefile.inc.am | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/locking/Makefile.inc.am b/src/locking/Makefile.inc.am index d0e36705b2..d1bf49cd3f 100644 --- a/src/locking/Makefile.inc.am +++ b/src/locking/Makefile.inc.am @@ -83,7 +83,7 @@ OPENRC_INIT_FILES += \ virtlockd.init \ $(NULL) OPENRC_INIT_FILES_IN += \ - virtlockd.init.in \ + locking/virtlockd.init.in \ $(NULL) noinst_LTLIBRARIES += libvirt_driver_lock.la diff --git a/src/logging/Makefile.inc.am b/src/logging/Makefile.inc.am index 083d8773cb..dc09cfe3fa 100644 --- a/src/logging/Makefile.inc.am +++ b/src/logging/Makefile.inc.am @@ -59,7 +59,7 @@ OPENRC_INIT_FILES += \ virtlogd.init \ $(NULL) OPENRC_INIT_FILES_IN += \ - virtlogd.init.in \ + logging/virtlogd.init.in \ $(NULL) noinst_LTLIBRARIES += libvirt_driver_log.la -- 2.24.1

1 0

Re: [PATCH] Add missing files for OpenRC
by Michal Prívozník 22 Feb '20

22 Feb '20

On 2/22/20 4:04 PM, Ryan Moeller wrote: > On Sat, Feb 22, 2020 at 9:24 AM Michal Prívozník <mprivozn(a)redhat.com> wrote: >> >> However, I have done fixes locally. How do you feel about me squashing >> this in and then pushing? >> > > That sounds terrific! Thank you :) > Alright then. Squashed in, and pushed. Reviewed-by: Michal Privoznik <mprivozn(a)redhat.com> Congratulations on your first libvirt contribution! Michal

1 0

[PATCH] Add missing files for OpenRC
by Ryan Moeller 22 Feb '20

22 Feb '20

Signed-off-by: Ryan Moeller <ryan(a)iXsystems.com> --- src/locking/Makefile.inc.am | 7 +++++++ src/locking/virtlockd.init.in | 14 ++++++++++++++ src/logging/Makefile.inc.am | 10 ++++++++++ src/logging/virtlogd.init.in | 14 ++++++++++++++ 4 files changed, 45 insertions(+) create mode 100644 src/locking/virtlockd.init.in create mode 100644 src/logging/virtlogd.init.in diff --git a/src/locking/Makefile.inc.am b/src/locking/Makefile.inc.am index e663d7146b..243e3ae767 100644 --- a/src/locking/Makefile.inc.am +++ b/src/locking/Makefile.inc.am @@ -79,6 +79,13 @@ VIRTLOCKD_UNIT_FILES_IN = \ SYSTEMD_UNIT_FILES += $(notdir $(VIRTLOCKD_UNIT_FILES_IN:%.in=%)) SYSTEMD_UNIT_FILES_IN += $(VIRTLOCKD_UNIT_FILES_IN) +OPENRC_INIT_FILES += \ + virtlockd.init \ + $(NULL) +OPENRC_INIT_FILES_IN += \ + virtlockd.init.in \ + $(NULL) + noinst_LTLIBRARIES += libvirt_driver_lock.la libvirt_la_BUILT_LIBADD += libvirt_driver_lock.la diff --git a/src/locking/virtlockd.init.in b/src/locking/virtlockd.init.in new file mode 100644 index 0000000000..45eaed7971 --- /dev/null +++ b/src/locking/virtlockd.init.in @@ -0,0 +1,14 @@ +#!/sbin/openrc-run + +name=virtlogd + +command=@sbindir@/virtlockd +pidfile="@runstatedir@/virtlockd.pid" +command_args="--daemon --pid-file=${pidfile}" +PATH="${PATH}:@sbindir@:@bindir@" +supervisor=supervise-daemon + +depend() { + provide virtlockd + keyword -shutdown +} diff --git a/src/logging/Makefile.inc.am b/src/logging/Makefile.inc.am index c4fa49106e..083d8773cb 100644 --- a/src/logging/Makefile.inc.am +++ b/src/logging/Makefile.inc.am @@ -55,6 +55,13 @@ VIRTLOGD_UNIT_FILES_IN = \ SYSTEMD_UNIT_FILES += $(notdir $(VIRTLOGD_UNIT_FILES_IN:%.in=%)) SYSTEMD_UNIT_FILES_IN += $(VIRTLOGD_UNIT_FILES_IN) +OPENRC_INIT_FILES += \ + virtlogd.init \ + $(NULL) +OPENRC_INIT_FILES_IN += \ + virtlogd.init.in \ + $(NULL) + noinst_LTLIBRARIES += libvirt_driver_log.la libvirt_la_BUILT_LIBADD += libvirt_driver_log.la @@ -126,6 +133,9 @@ logging/log_daemon_dispatch_stubs.h: $(LOG_PROTOCOL) \ virLogManagerProtocol VIR_LOG_MANAGER_PROTOCOL \ $(LOG_PROTOCOL) > logging/log_daemon_dispatch_stubs.h +virtlogd.init: logging/virtlogd.init.in $(top_builddir)/config.status + $(AM_V_GEN)$(SED) $(COMMON_UNIT_VARS) $< > $@-t && mv $@-t $@ + virtlogd.service: logging/virtlogd.service.in $(top_builddir)/config.status $(AM_V_GEN)sed $(COMMON_UNIT_VARS) $< > $@-t && mv $@-t $@ diff --git a/src/logging/virtlogd.init.in b/src/logging/virtlogd.init.in new file mode 100644 index 0000000000..61e41f7689 --- /dev/null +++ b/src/logging/virtlogd.init.in @@ -0,0 +1,14 @@ +#!/sbin/openrc-run + +name=virtlogd + +command=@sbindir@/virtlogd +pidfile="@runstatedir@/virtlogd.pid" +command_args="--daemon --pid-file=${pidfile}" +PATH="${PATH}:@sbindir@:@bindir@" +supervisor=supervise-daemon + +depend() { + provide virtlogd + keyword -shutdown +} -- 2.24.1

2 1

[jenkins-ci PATCH] guests: Update vault
by Andrea Bolognani 21 Feb '20

21 Feb '20

Add secrets for libvirt-centos-8, libvirt-opensuse-151, libvirt-ubuntu-1604 and libvirt-ubuntu-1804 Jenkins builders. Signed-off-by: Andrea Bolognani <abologna(a)redhat.com> --- Pushed under the unreviewable vault update rule. guests/vars/vault.yml | 100 +++++++++++++++++++++++++----------------- 1 file changed, 59 insertions(+), 41 deletions(-) diff --git a/guests/vars/vault.yml b/guests/vars/vault.yml index b6e591d..f1ee165 100644 --- a/guests/vars/vault.yml +++ b/guests/vars/vault.yml @@ -1,42 +1,60 @@ $ANSIBLE_VAULT;1.1;AES256 -65623833636335376266323136336664373431636637626132386363623335383730353431353066 -3037623836326161356332663335383132336432376132330a346664316165636132653830373939 -61653035306563323135303962343336383161336238623130653865303933626165303239616338 -3965636431663438310a343661323736343030323665346463316332333239323465313366333461 -38633833333230316435663131336161303638366462663236376364313631313463366635396332 -63366636653533653663343234633961633234323431656361373038616638316338363930363761 -31376237636262336435386339303139363966343337303564373530396630303062343431616161 -34353034393061396635323236663438316137396661626337353439353363353866346630323433 -39623764313535623331313232623464356439363037363436346232386333633834306630346632 -39343934343238626333323762353863316465303930653130656261643538393438333038666532 -38366464666362643236376335393032353138393833376362666233323930383963356531303535 -66326266623038373238366338306439306239633836346162303261646638353933643965376236 -66376630363035633663376339363132323836636436663565376537326235333531323632613333 -62333932633235336161333331373266326231626331383837343433633133623762633034363932 -30653433346634646232363966383433393131656364336532653135373862633562343230616466 -32633434323963363138666533623930666566393831643133353731646335343466306237376634 -34336133333131373134653438333766326432613636643938353966643336643663363763646230 -63636165663734643930323932643066663737383961346530653166313439663363363332373638 -63643364373137366261626366366435373034333065396236383737323265333435316166303336 -37333432336530616137663931643430303261653433366639633137656261616134326337346566 -37623036393766636631333766613134363135383434343737306339393061383737373832303033 -34393834373365336239323431646363636134653738393634613134363863663765666565303535 -30316331333437373264636265633364656163306533346339343262646465343465373365643962 -38323430613065666331313538353165326336393865346663633764333032363461343961353634 -61313330323639386264323233396465376333306466313562303332376162613739323833343864 -36326430386134323163363134646537386665626666663630663166323336623732373765353939 -64386233663831613736336230363136303539663962623935356436393834383734356164356666 -31366164663836626464333763323230336663633965326364653730393536633036313333336439 -38376638303336333731633037313839306335343364656133666331663862373232306337653638 -30653465366236356463656162336339656337393664666437623264396432303933663232356430 -62373236633936626666343866623936323934666331316632366664323166366362303530643737 -65346463333432613237353034616635366534666133656432383639363632316363343533363333 -33306533393764343963343663653164313033366162383232386636303063623964343337323137 -32316534313938343132653332373938383062646461366562313030623065613930396538613536 -61396230313534626139316165643938643365326133366664363361656631363438633036393733 -64313639623436373666643464626432316566336330646535616132613864316135363039363064 -61353135366530653166636365346237653033616431646635393461306339636662356532323732 -33616630396536636234303230653433386432393130636538313665643338373138393930386539 -64383334326435633666323762353462646264316265666535346134353862656164306331336363 -32303264303038656633613539343438366166343830643337373563636565336331326635613530 -66616235656161346230653031623331333830616164663333613137656636386635 +37333237623832363064323432326164363235616266636532363061616365363934333134376661 +3265306535343462616137356632383537626537366436630a636464303935636664383466663837 +61643362333631383263343461383130663764646433323465353434323935346637343639386334 +3163393931663364390a656436383233383633323964306233306131653164326264643231616339 +62613737663432343630613539306362356664363236396238386532323035393966663038656362 +33623764373139393936633236343033623064343531373239663562376330366139633935613832 +30623862663266383433323937353730313965333835346636326633663838363735373331353434 +37386230653138346333316232316164353938663538623833323839633732663333633031623935 +32393765646439643939623263326538366664393433316165643465333335653736396564656661 +31653834623265326464333333316533636236613766656132363936356335316638383865353266 +65616537306538393661306334336530353639343363313935383134356434346137613234663031 +39363364656561656134643734613737666664386164363663316635313431303337343262326161 +31323937643034653465613734383031623262386336346165383133366534653265346333323564 +61303763363563346537666364373832663466333535633435356562636338323361643666653663 +39336433323234306338393461383233313536373938313633396639656532646235383230636131 +61306462646131623963316165643830613731356639376435363537366236316634306430643338 +61656238373566383436643930303133643532363535346530363461643233313030343635393730 +38613538363166653562633738313962623330653532396431623630336438386435383365623230 +65393962333835363933623833393863343836393865623030346361653234646666616131623738 +30646330353731636238333235663838393762356432353634653036313732366262336230653637 +63303535643363633331326636363063653135386666646264303434396562353138653661633032 +61336237646531376339643765323135373738373161643034386163366538326236323335616230 +63613364323430356237663039393037313237326364346134623830613962613937356235383131 +30383432613432303636393032326534643264663962306539303065623261306538303961653033 +30393734643237623931323738343130626537636366383562646164386137663565323238363364 +35313239313333396461646234643330316266303939306639616631653962386530353331366338 +36613537353464613732393166336532666230643761336263653465353534373866303165373237 +30333633613938343266356334313230343166626638316433353636373835666237303438323065 +66326338326562383537616563313462643534373362653933656164666339346564343331653862 +36393134336233376265616135393063613832393064323265663561623361323637623963616539 +65666630316262376464373038303935346437623138663832623765653165366330323037363934 +61353534646466386535623063343234393865636462343930396366346535363362613130623432 +32623832306430383931393335373664653830386262623337646564633966316464316239366332 +31386132323137396436643764613938313262623661363766363632353561663336393231366632 +35383633356139313031666237313530666264633539343930306534646138396135356464616237 +30326139303338656133386234333034336561323237613131303965383031326262646665393031 +31343236643865373636353437613230386538376133643634363965326334376661643335376136 +35646666333363333161366237653635373565623737653961616232376135363732366662356434 +62373465373931636637346463633038656637393034393835643364303137643738633132313239 +31663065336566373466386636666164396264666634636539616539326539373638616438313737 +37373731643736393431303033613264346364313062333062313930636561633162636466616634 +33313035393264643039373563626466613764653262323064666530326264303633626337333936 +63643465653664373434643530386161653030613734656663613136643161316432366561396439 +66616565366539343966386338356438316263613732306335333734333966383432626565343463 +30343334646463646334383963383465313665353930386435323038313033393639373832353236 +66656537663762663138353363386539373732346238613362333035613431383461646166336332 +62626637663664363931653664303965633139663463396561336364373339623333343966393439 +65353034326166613036336134383062393664313765353062396261376336313631373163656130 +32343038663837393561363264313631656334613236383963333235353864643264383735636537 +37613330616136313632363035653863363936623163663831393935333439373237663432613165 +36653834643739656465343966343731323461616435373562393130663932666339633632656639 +35313835326438623866303362373734363831613661363535656531626165386463613932333363 +37636663623136356334393334623733636563383336326333303738303935613766366633376231 +62373961383463393465623035303439386262623036666632316237363566653161313164343863 +31326532656635633735326165333365646566663365646164636463613261326133363432636238 +32303962656563306134343564383462666563656531326136316662366633636364626463623135 +66323338643735336366326534383161326335616365646533646132613063303037663234353065 +38366234316435393262343535306333363835303139306630643532616536313965383663383961 +633836366539336630316533376133353239 -- 2.24.1

1 0

Libvirt got accepted to GSoC 2020
by Michal Privoznik 21 Feb '20

21 Feb '20

I'd like to share great news. Libvirt got accepted again to this year's Google Summer of Code [1]. We can expect to see e-mails, irc discussions with potential candidates. If you have any idea for a project please add it to our Ideas page [2], even if you don't feel like mentoring it. I will find mentors later. Likewise, if you want to mentor a project then add your name there. Student application doesn't start until March 16 and is due March 31. Michal 1: https://summerofcode.withgoogle.com/organizations/6335698124144640/ 2: https://wiki.libvirt.org/page/Google_Summer_of_Code_Ideas

1 0

[ruby PATCH] Fix cpumap allocation for virDomainGetVcpus and use return value
by Charlie Smurthwaite 21 Feb '20

21 Feb '20

This patch fixes a bug in which only enough memory for one cpumap is allocated for virDomainGetVcpus instead of one per virtual CPU. This Fixes an overflow. Additionally, it uses the return value of virDomainGetVcpus to determine how many cpuinfo structs were actually populated rather than assuming they all are. Finally, it uses the logical CPU number from the cpuinfo struct in the retrurn data instead of assuming CPU numbers are sequential. This should handle cases where arbitrary CPUs are offline. Signed-off-by: Charlie Smurthwaite <charlie(a)atechmedia.com> --- ext/libvirt/domain.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ext/libvirt/domain.c b/ext/libvirt/domain.c index d665907..c6de1bf 100644 --- a/ext/libvirt/domain.c +++ b/ext/libvirt/domain.c @@ -803,7 +803,7 @@ static VALUE libvirt_domain_vcpus(VALUE d) cpumaplen = VIR_CPU_MAPLEN(maxcpus); - cpumap = alloca(sizeof(unsigned char) * cpumaplen); + cpumap = alloca(sizeof(unsigned char) * cpumaplen * dominfo.nrVirtCpu); r = virDomainGetVcpus(ruby_libvirt_domain_get(d), cpuinfo, dominfo.nrVirtCpu, cpumap, cpumaplen); @@ -832,15 +832,16 @@ static VALUE libvirt_domain_vcpus(VALUE d) result = rb_ary_new(); - for (i = 0; i < dominfo.nrVirtCpu; i++) { + for (i = 0; i < r; i++) { vcpuinfo = rb_class_new_instance(0, NULL, c_domain_vcpuinfo); - rb_iv_set(vcpuinfo, "@number", UINT2NUM(i)); if (cpuinfo != NULL) { + rb_iv_set(vcpuinfo, "@number", INT2NUM(cpuinfo[i].number)); rb_iv_set(vcpuinfo, "@state", INT2NUM(cpuinfo[i].state)); rb_iv_set(vcpuinfo, "@cpu_time", ULL2NUM(cpuinfo[i].cpuTime)); rb_iv_set(vcpuinfo, "@cpu", INT2NUM(cpuinfo[i].cpu)); } else { + rb_iv_set(vcpuinfo, "@number", Qnil); rb_iv_set(vcpuinfo, "@state", Qnil); rb_iv_set(vcpuinfo, "@cpu_time", Qnil); rb_iv_set(vcpuinfo, "@cpu", Qnil); -- 2.25.0

2 1

[PATCH 0/3] Couple of memleak fixes
by Michal Privoznik 21 Feb '20

21 Feb '20

*** BLURB HERE *** Michal Prívozník (3): virDomainFSDefFree: Unref private data virDomainNetDefClear: Free @persistent name qemuTestParseCapabilitiesArch: Free @binary src/conf/domain_conf.c | 2 ++ tests/testutilsqemu.c | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) -- 2.24.1

2 6

[libvirt PATCH] docs: Expand documentation for the tickpolicy timer attribute
by Andrea Bolognani 21 Feb '20

21 Feb '20

The current documentation is fairly terse and not easy to decode for someone who's not intimately familiar with the inner workings of timer devices. Expand on it by providing a somewhat verbose description of what behavior each policy will result in, as seen from both the guest OS and host point of view. This is lifted directly from QEMU commit commit 2a7d957596786404c4ed16b089273de95a9580ad Author: Andrea Bolognani <abologna(a)redhat.com> Date: Tue Feb 11 19:37:44 2020 +0100 qapi: Expand documentation for LostTickPolicy v4.2.0-1442-g2a7d957596 The original text also matched word for word the documentation found in QEMU. Signed-off-by: Andrea Bolognani <abologna(a)redhat.com> --- docs/formatdomain.html.in | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index f4af65f13f..4fef2a0a97 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -2487,26 +2487,36 @@ <p> The <code>tickpolicy</code> attribute determines what happens when QEMU misses a deadline for injecting a - tick to the guest: + tick to the guest. This can happen, for example, because the + guest was paused. </p> <dl> <dt><code>delay</code></dt> - <dd>Continue to deliver ticks at the normal rate. - The guest time will be delayed due to the late - tick</dd> + <dd>Continue to deliver ticks at the normal rate. The guest OS + will not notice anything is amiss, as from its point of view + time will have continued to flow normally. The time in the + guest should now be behind the time in the host by exactly + the amount of time during which ticks have been missed.</dd> <dt><code>catchup</code></dt> - <dd>Deliver ticks at a higher rate to catch up - with the missed tick. The guest time should - not be delayed once catchup is complete.</dd> + <dd>Deliver ticks at a higher rate to catch up with the missed + ticks. The guest OS will not notice anything is amiss, as + from its point of view time will have continued to flow + normally. Once the timer has managed to catch up with all + the missing ticks, the time in the guest and in the host + should match.</dd> <dt><code>merge</code></dt> <dd>Merge the missed tick(s) into one tick and inject. The guest time may be delayed, depending on how the OS reacts to the merging of ticks</dd> <dt><code>discard</code></dt> - <dd>Throw away the missed tick(s) and continue - with future injection normally. The guest time - may be delayed, unless the OS has explicit - handling of lost ticks</dd> + <dd>Throw away the missed ticks and continue with future + injection normally. The guest OS will see the timer jump + ahead by a potentially quite significant amount all at once, + as if the intervening chunk of time had simply not existed; + needless to say, such a sudden jump can easily confuse a + guest OS which is not specifically prepared to deal with it. + Assuming the guest OS can deal correctly with the time jump, + the time in the guest and in the host should now match.</dd> </dl> <p>If the policy is "catchup", there can be further details in the <code>catchup</code> sub-element.</p> -- 2.24.1

2 1

[PATCH v1 0/3] qemumonitorjson tests for cpu compare and baseline
by Collin Walling 21 Feb '20

21 Feb '20

These patches implement tests for the libvirt qemu_monitor_json API for the hypervisor-cpu-compare and -baseline commands. The input and output data is mocked with arbitrary values. A prerequisite patch is included to load the capabilities schema for a specific architecture. Originally, only the x86 capabilities were loaded for the qemu_monitor_json tests. By accepting a string denoting which architecture's QEMU capabilities we'd like to load, we can now test the comparison and baseline code that is currently only supported on s390. Collin Walling (3): qemumonitorjsontest: load schema based on specified arch qemumonitorjsontest: add tests for cpu comparison qemumonitorjsontest: add test for cpu baseline tests/qemublocktest.c | 2 +- tests/qemuhotplugtest.c | 2 +- tests/qemumonitorjsontest.c | 131 +++++++++++++++++++++++++++++++++++++++++++- tests/testutilsqemuschema.c | 8 +-- tests/testutilsqemuschema.h | 4 +- 5 files changed, 137 insertions(+), 10 deletions(-) -- 2.7.4

2 4

[libvirt PATCH] m4: libxl: properly fail when libxl is required
by Ján Tomko 20 Feb '20

20 Feb '20

We specify "true" as the fail-action for LIBVIRT_CHECK_PKG. This was used when we had a fallback to non-pkg-config detection, then removed in commit 5bdcef13d13560512c7d6d8c9e8822e456889e0c later re-introduced in commit dc3d2c9f8c7678a950abedd227b1587ca62335c4 and then left in when removing the old detection again in commit 18981877d2e20390a79d068861a24e716f8ee422 Remove it to properly error out when libxl was requested but not detected. Signed-off-by: Ján Tomko <jtomko(a)redhat.com> Fixes: 18981877d2e20390a79d068861a24e716f8ee422 --- m4/virt-driver-libxl.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/m4/virt-driver-libxl.m4 b/m4/virt-driver-libxl.m4 index 2f3565f1d5..a958cb26fa 100644 --- a/m4/virt-driver-libxl.m4 +++ b/m4/virt-driver-libxl.m4 @@ -30,7 +30,7 @@ AC_DEFUN([LIBVIRT_DRIVER_CHECK_LIBXL], [ dnl search for libxl, aka libxenlight old_with_libxl="$with_libxl" - LIBVIRT_CHECK_PKG([LIBXL], [xenlight], [4.6.0], [true]) + LIBVIRT_CHECK_PKG([LIBXL], [xenlight], [4.6.0]) if test "x$with_libxl" = "xyes" ; then LIBXL_FIRMWARE_DIR=$($PKG_CONFIG --variable xenfirmwaredir xenlight) LIBXL_EXECBIN_DIR=$($PKG_CONFIG --variable libexec_bin xenlight) -- 2.24.1

2 1

[PATCH 0/3] Couple of almost trivial patches
by Michal Privoznik 20 Feb '20

20 Feb '20

These stem out from my review of Marc-André's patches: https://www.redhat.com/archives/libvir-list/2020-January/msg00648.html Michal Prívozník (3): virpidfile: Set correct retval in virPidFileReadPath() qemu: Don't explicitly remove pidfile after virPidFileForceCleanupPath() qemu_migration: Rearrange some checks in qemuMigrationSrcIsAllowed() src/qemu/qemu_migration.c | 66 +++++++++++++++++----------------- src/qemu/qemu_process.c | 9 +---- src/qemu/qemu_vhost_user_gpu.c | 10 +----- src/util/virpidfile.c | 2 +- 4 files changed, 36 insertions(+), 51 deletions(-) -- 2.24.1

2 4

[libvirt PATCH 00/10] support BR_ISOLATED flag for guest interfaces attached to a Linux host bridge
by Laine Stump 20 Feb '20

20 Feb '20

https://bugzilla.redhat.com/1727263 Since Linux kernel 4.18, the Linux host bridge has had a flag BR_ISOLATED that can be applied to individual ports. When this flag is set for a port, traffic is blocked between that port and any other port that also has the BR_ISOLATED flag set. libvirt domain interface config now supports setting this flag via the <portOptions isolated='yes'/> setting. It can also be set for all connections to a particular libvirt network by setting the same option in the network config - since the port for the host itself does not have BR_ISOLATED set, the guests can communicate with the host and the outside world, but guests on that network can't communicate with each other. This feature works for QEMU and LXC guests with interfaces attached to a Linux host bridge. (I had contemplated (and experimented with) putting this new flag in the <virtualport> element to avoid creating a new element, but that ended up creating lots of extra code since none of the existing virtualport types would support this new flag, Linux host bridges already work with *no* <virtualport> (much less a virtualport type), and there are some attributes in the <virtualport> parameters subelement that are always autogenerated if there is no virtualport type specified, so I would needed to add a new virtualport type for Linux host bridge, which seems redundant as that information is already implicit in the interface's connection type. etc. etc. It all just turned into a big mess, and starting over fresh with something generic (and hopefully expandable in a sensible way) seemed cleaner). (I am of course open to suggestions though!) Laine Stump (10): schema: trivial indentation fix schema: add missing vlan element to networkport RNG qemu: save/restore original error when recovering from failed bridge attach util: query/set BR_ISOLATED flag on netdevs attached to bridge conf: parse/format <portOptions isolated='yes|no'/> network: propagate <portOptions isolated='yes'/> between network and domain qemu/lxc: plumb isolatedPort from config down through bridge attachment qemu: support updating <portOptions isolated='yes|no'/> during device update conf: extra validation for <portOptions isolated='yes'/> docs: add info about <portOptions isolated='yes'/> to news file docs/news.xml | 21 +++++ docs/schemas/domaincommon.rng | 3 + docs/schemas/network.rng | 9 ++- docs/schemas/networkcommon.rng | 11 +++ docs/schemas/networkport.rng | 6 ++ src/bhyve/bhyve_command.c | 1 + src/conf/domain_conf.c | 79 +++++++++++++++++++ src/conf/domain_conf.h | 4 + src/conf/network_conf.c | 32 ++++++++ src/conf/network_conf.h | 9 +++ src/conf/virnetworkportdef.c | 3 + src/conf/virnetworkportdef.h | 1 + src/libvirt_private.syms | 3 + src/lxc/lxc_process.c | 10 +++ src/network/bridge_driver.c | 4 + src/qemu/qemu_hotplug.c | 47 +++++++++-- src/qemu/qemu_interface.c | 1 + src/util/virnetdevbridge.c | 46 +++++++++++ src/util/virnetdevbridge.h | 9 +++ src/util/virnetdevtap.c | 17 +++- src/util/virnetdevtap.h | 3 + tests/bhyvexml2argvmock.c | 1 + tests/networkxml2xmlin/isolated-ports.xml | 7 ++ tests/networkxml2xmlout/isolated-ports.xml | 7 ++ tests/networkxml2xmltest.c | 1 + tests/qemuxml2argvdata/net-isolated-port.xml | 34 ++++++++ .../net-isolated-port.x86_64-latest.xml | 63 +++++++++++++++ tests/qemuxml2xmltest.c | 1 + 28 files changed, 423 insertions(+), 10 deletions(-) create mode 100644 tests/networkxml2xmlin/isolated-ports.xml create mode 100644 tests/networkxml2xmlout/isolated-ports.xml create mode 100644 tests/qemuxml2argvdata/net-isolated-port.xml create mode 100644 tests/qemuxml2xmloutdata/net-isolated-port.x86_64-latest.xml -- 2.24.1

2 25

[PATCH 0/4] lxc: Add VCPU features for LXC
by Julio Faracco 19 Feb '20

19 Feb '20

This series cover a lots of functionalities to LXC VCPUs. It enables sharing some timer devices between host and LXC guest using `timer` settings. It still has other improvements related to VCPU and LXC such as virtual cpuinfo content based on VCPU settings and some better resource limits. Each patch has the description of the problem and what it is trying to fix. Julio Faracco (4): lxc: Add Real Time Clock device into allowed devices lxc: Add HPET device into allowed devices lxc: Implement virtual /proc/cpuinfo via LXC fuse lxc: Count max VCPUs based on cpuset.cpus in native config. docs/formatdomain.html.in | 4 +- src/lxc/lxc_cgroup.c | 76 ++++++++++++++ src/lxc/lxc_container.c | 38 +++++++ src/lxc/lxc_container.h | 2 + src/lxc/lxc_controller.c | 98 +++++++++++++++++++ src/lxc/lxc_fuse.c | 78 ++++++++++++++- src/lxc/lxc_native.c | 24 ++++- .../lxcconf2xml-cpusettune.xml | 2 +- 8 files changed, 313 insertions(+), 9 deletions(-) -- 2.20.1

2 8

Re: [PATCH v2 0/2] finish qemu-nbd --partition deprecation
by Eric Blake 19 Feb '20

19 Feb '20

ping On 1/23/20 10:46 AM, Eric Blake wrote: > Based-on: <20200116141511.16849-1-peter.maydell(a)linaro.org> > (0/3 convert qemu-nbd, qemu-block-drivers to rST) > > In v2: > - rebased on top of rST doc changes > - patch 1 added > > Eric Blake (2): > docs: Fix typo in qemu-nbd -P replacement > qemu-nbd: Removed deprecated --partition option > > docs/interop/qemu-nbd.rst | 15 ++--- > qemu-deprecated.texi | 49 ++++++-------- > qemu-nbd.c | 133 +------------------------------------- > 3 files changed, 24 insertions(+), 173 deletions(-) > -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org

2 2

[libvirt PATCH 0/2] cpu_conf: Format vendor_id for host-model CPUs
by Jiri Denemark 19 Feb '20

19 Feb '20

In commit v5.9.0-400-gaf8e39921a I removed printing model's fallback and vendor_id attributes when no model is specified. However, vendor_id makes sense even without a specific CPU model (for host-model CPUs). https://bugzilla.redhat.com/show_bug.cgi?id=1804549 Jiri Denemark (2): qemuxml2xmltest: Add case for host-model vendor_id cpu_conf: Format vendor_id for host-model CPUs src/conf/cpu_conf.c | 14 +++++---- .../cpu-host-model-vendor.xml | 30 +++++++++++++++++++ tests/qemuxml2xmltest.c | 1 + 3 files changed, 40 insertions(+), 5 deletions(-) create mode 100644 tests/qemuxml2xmloutdata/cpu-host-model-vendor.xml -- 2.25.0

2 4

[PATCH] qemuDomainGetStatsIOThread: Don't leak array with 0 iothreads
by Peter Krempa 19 Feb '20

19 Feb '20

qemuMonitorGetIOThreads returns a NULL terminated list even when 0 iothreads are present. The caller didn't perform cleanup if there were 0 iothreads leaking the array. https://bugzilla.redhat.com/show_bug.cgi?id=1804548 Reported-by: Jing Yan <jiyan(a)redhat.com> Signed-off-by: Peter Krempa <pkrempa(a)redhat.com> --- src/qemu/qemu_driver.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index f686b858cf..39e1f044e0 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -21759,8 +21759,12 @@ qemuDomainGetStatsIOThread(virQEMUDriverPtr driver, if ((niothreads = qemuDomainGetIOThreadsMon(driver, dom, &iothreads)) < 0) return -1; - if (niothreads == 0) - return 0; + /* qemuDomainGetIOThreadsMon returns a NULL-terminated list, so we must free + * it even if it returns 0 */ + if (niothreads == 0) { + ret = 0; + goto cleanup; + } if (virTypedParamListAddUInt(params, niothreads, "iothread.count") < 0) goto cleanup; -- 2.24.1

2 1

virtlogd spinning on 100% CPU with the latest libvirt
by Richard W.M. Jones 19 Feb '20

19 Feb '20

Build libvirt from git (ccf7567329f). Using the libvirt ‘run’ script, run something like libguestfs-test-tool. I think basically any command which runs a guest will do. NB These commands are all run as NON-root: killall libvirtd lt-libvirtd virtlogd lt-virtlogd ./build/run libguestfs-test-tool Now there will be a lt-virtlogd process using 100% of CPU: PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 2572972 rjones 20 0 47880 16256 14516 R 100.0 0.1 0:19.27 lt-virt+ $ ls /proc/2572972/fd -l total 0 lrwx------. 1 rjones rjones 64 Feb 17 17:45 0 -> /dev/null lrwx------. 1 rjones rjones 64 Feb 17 17:45 1 -> /dev/null lr-x------. 1 rjones rjones 64 Feb 17 17:45 11 -> /var/lib/sss/mc/passwd lr-x------. 1 rjones rjones 64 Feb 17 17:45 12 -> /var/lib/sss/mc/group lrwx------. 1 rjones rjones 64 Feb 17 17:45 13 -> 'socket:[48299994]' lr-x------. 1 rjones rjones 64 Feb 17 17:45 14 -> 'pipe:[48299995]' l-wx------. 1 rjones rjones 64 Feb 17 17:45 16 -> /home/rjones/.cache/libvirt/qemu/log/guestfs-xllxycje1blj4nmd.log l-wx------. 1 rjones rjones 64 Feb 17 17:45 17 -> /run/systemd/inhibit/1620.ref lrwx------. 1 rjones rjones 64 Feb 17 17:45 2 -> /dev/null lrwx------. 1 rjones rjones 64 Feb 17 17:45 3 -> 'socket:[48299981]' l-wx------. 1 rjones rjones 64 Feb 17 17:45 4 -> /run/user/1000/libvirt/virtlogd.pid lrwx------. 1 rjones rjones 64 Feb 17 17:45 5 -> 'socket:[48299984]' lrwx------. 1 rjones rjones 64 Feb 17 17:45 6 -> 'socket:[48299986]' lr-x------. 1 rjones rjones 64 Feb 17 17:45 7 -> 'pipe:[48299988]' l-wx------. 1 rjones rjones 64 Feb 17 17:45 8 -> 'pipe:[48299988]' lrwx------. 1 rjones rjones 64 Feb 17 17:45 9 -> 'anon_inode:[eventfd]' $ ls -ltr /home/rjones/.cache/libvirt/qemu/log/guestfs-xllxycje1blj4nmd.log -rw-------. 1 rjones rjones 4003 Feb 17 17:44 /home/rjones/.cache/libvirt/qemu/log/guestfs-xllxycje1blj4nmd.log Only one thread running with this stack trace: Thread 1 (Thread 0x7fa51f219b40 (LWP 2572972)): #0 virObjectGetLockableObj (anyobj=0x55fb2896c200) at ../../src/util/virobject.c:393 #1 virObjectLock (anyobj=0x55fb2896c200) at ../../src/util/virobject.c:427 #2 0x00007fa520fda48f in virNetServerHasClients (srv=0x55fb2896c200) at ../../src/rpc/virnetserver.c:966 #3 0x00007fa520fd7b69 in daemonServerHasClients (payload=<optimized out>, key=<optimized out>, opaque=0x7ffc8adb5a47) at ../../src/rpc/virnetdaemon.c:916 #4 0x00007fa520ea7140 in virHashForEach (data=<optimized out>, iter=<optimized out>, table=<optimized out>) at ../../src/util/virhash.c:639 #5 virHashForEach (table=0x55fb289571a0, iter=iter@entry=0x7fa520fd7b60 <daemonServerHasClients>, data=data@entry=0x7ffc8adb5a47) at ../../src/util/virhash.c:627 #6 0x00007fa520fd89ee in virNetDaemonHasClients (dmn=<optimized out>) at ../../src/rpc/virnetdaemon.c:927 #7 0x00007fa520fd8aa5 in virNetDaemonRun (dmn=0x55fb28957110) at ../../src/rpc/virnetdaemon.c:842 #8 0x000055fb27b5c8e9 in main (argc=<optimized out>, argv=0x7ffc8adb6188) at ../../src/logging/log_daemon.c:1153 pstack shows it's fairly busy and the stack trace is not very consistent, eg: #0 0x00007fa52032aaed in g_free () at /lib64/libglib-2.0.so.0 #1 0x00007fa520e73d1b in virFree (ptrptr=ptrptr@entry=0x55fb2896c1a8) at ../../src/util/viralloc.c:348 #2 0x00007fa520e982d2 in virResetError (err=0x55fb2896c1a0) at ../../src/util/virerror.c:472 #3 virResetError (err=0x55fb2896c1a0) at ../../src/util/virerror.c:468 #4 0x00007fa520e9963c in virEventRunDefaultImpl () at ../../src/util/virevent.c:341 #5 0x00007fa520fd8abd in virNetDaemonRun (dmn=0x55fb28957110) at ../../src/rpc/virnetdaemon.c:858 #6 0x000055fb27b5c8e9 in main (argc=<optimized out>, argv=0x7ffc8adb6188) at ../../src/logging/log_daemon.c:1153 #0 0x00007fa520184a37 in poll () at /lib64/libc.so.6 #1 0x00007fa520324e3e in g_main_context_iterate.isra () at /lib64/libglib-2.0.so.0 #2 0x00007fa520324f73 in g_main_context_iteration () at /lib64/libglib-2.0.so.0 #3 0x00007fa520e9a4f0 in virEventGLibRunOnce () at ../../src/util/vireventglib.c:496 #4 0x00007fa520e99645 in virEventRunDefaultImpl () at ../../src/util/virevent.c:343 #5 0x00007fa520fd8abd in virNetDaemonRun (dmn=0x55fb28957110) at ../../src/rpc/virnetdaemon.c:858 #6 0x000055fb27b5c8e9 in main (argc=<optimized out>, argv=0x7ffc8adb6188) at ../../src/logging/log_daemon.c:1153 #0 0x00007fa520322d9d in g_source_ref () at /lib64/libglib-2.0.so.0 #1 0x00007fa520322e71 in g_source_iter_next () at /lib64/libglib-2.0.so.0 #2 0x00007fa52032479f in g_main_context_check () at /lib64/libglib-2.0.so.0 #3 0x00007fa520324de2 in g_main_context_iterate.isra () at /lib64/libglib-2.0.so.0 #4 0x00007fa520324f73 in g_main_context_iteration () at /lib64/libglib-2.0.so.0 #5 0x00007fa520e9a4f0 in virEventGLibRunOnce () at ../../src/util/vireventglib.c:496 #6 0x00007fa520e99645 in virEventRunDefaultImpl () at ../../src/util/virevent.c:343 #7 0x00007fa520fd8abd in virNetDaemonRun (dmn=0x55fb28957110) at ../../src/rpc/virnetdaemon.c:858 #8 0x000055fb27b5c8e9 in main (argc=<optimized out>, argv=0x7ffc8adb6188) at ../../src/logging/log_daemon.c:1153 Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-builder quickly builds VMs from scratch http://libguestfs.org/virt-builder.1.html

3 2

[libvirt PATCH] docs: reduce excessive spacing in ToC for RST files
by Daniel P. Berrangé 18 Feb '20

18 Feb '20

The table of contents in the RST based files uses <p> tags inside the <li>, which results in 1em's worth of spacing above & below each entry. This results in way too much whitespace in the ToC. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- docs/libvirt.css | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/libvirt.css b/docs/libvirt.css index 2fe123395c..18e55dac59 100644 --- a/docs/libvirt.css +++ b/docs/libvirt.css @@ -579,3 +579,7 @@ ul.news-section-content li dl dd { font-family: monospace; background: #eeeeee; } + +.contents li p { + margin: 2px; +} -- 2.24.1

2 1

[libvirt PATCH v2 0/6] qemu: add stricter checks of permissibility of the QoS parameter 'floor'
by Pavel Mores 17 Feb '20

17 Feb '20

v2 is mostly just integrating requests from Michal's review. The initial two commits introduce new utility functions to be used in the following two commits. The final two commits have no substantial changes since v1. The only exception are long lines caused by error messages which stay unbroken in v2 as per libvirt's contributor's guidelines (as was also pointed out during review). Pavel Mores (6): qemu: test if bandwidth has 'floor' factored out to separate function qemu: add function to test if network supports setting 'floor' qemu: fail on attempt to set 'floor' if interface type is not 'network' qemu: check if 'floor' is supported for given interface and network qemu: call networkPlugBandwidth() for all types of network docs: QoS parameter 'floor' is supported for 'open' networks too docs/formatnetwork.html.in | 2 +- src/conf/netdev_bandwidth_conf.h | 27 +++++++++++++++++++++++++++ src/network/bridge_driver.c | 27 +++++++++++++++++++-------- src/qemu/qemu_driver.c | 18 +++++++++++++++--- 4 files changed, 62 insertions(+), 12 deletions(-) -- 2.24.1

2 9

[PATCH v3 00/15] qemu: Handle 'size' and 'offset' attributes of 'raw' format
by Peter Krempa 17 Feb '20

17 Feb '20

This series fixes and improves the 'json:' pseudo-protocol parser and implements the 'offset' and 'size' attributes and exposes them as <slice> in the XML. The previous version attempted an easy route, but that didn't cover all cases. This version adds storage slice support for everything except image creation. https://bugzilla.redhat.com/show_bug.cgi?id=1791788 Peter Krempa (15): qemu: domain: Refactor formatting of node names into status XML docs: formatdomain: Close <source> on one of disk examples tests: virstorage: Add test data for json specified raw image with offset/size util: virstoragefile: Add data structure for storing storage source slices qemuBlockStorageSourceGetFormatRawProps: format 'offset' and 'size' for slice qemuDomainValidateStorageSource: Reject unsupported slices qemu: block: forbid creation of storage sources with <slice> docs: Document the new <slices> sub-element of disk's <source> conf: Implement support for <slices> of disk source qemu: domain: Store nodenames of slice in status XML qemu: block: Properly format storage slice into backing store strings tests: qemublock: Add cases for creating image overlays on top of disks with <slice> qemu: Add support for slices of type 'storage' tests: qemu: Add test data for the new <slice> element virStorageSourceParseBackingJSONRaw: Parse 'offset' and 'size' attributes docs/formatdomain.html.in | 14 ++ docs/schemas/domaincommon.rng | 19 ++ src/conf/domain_conf.c | 86 +++++++++ src/qemu/qemu_block.c | 169 ++++++++++++++---- src/qemu/qemu_block.h | 4 + src/qemu/qemu_blockjob.c | 1 + src/qemu/qemu_command.c | 8 + src/qemu/qemu_domain.c | 36 +++- src/util/virstoragefile.c | 49 +++++ src/util/virstoragefile.h | 12 ++ tests/qemublocktest.c | 2 + .../qcow2-backing-qcow2-slice.json | 15 ++ .../imagecreate/qcow2-backing-qcow2-slice.xml | 1 + .../imagecreate/qcow2-backing-raw-slice.json | 15 ++ .../imagecreate/qcow2-backing-raw-slice.xml | 1 + .../imagecreate/qcow2-slice.xml | 14 ++ .../imagecreate/raw-slice.xml | 14 ++ tests/qemustatusxml2xmldata/modern-in.xml | 4 + .../disk-slices.x86_64-latest.args | 53 ++++++ tests/qemuxml2argvdata/disk-slices.xml | 45 +++++ tests/qemuxml2argvtest.c | 2 + .../disk-slices.x86_64-latest.xml | 56 ++++++ tests/qemuxml2xmltest.c | 2 + tests/virstoragetest.c | 13 ++ 24 files changed, 590 insertions(+), 45 deletions(-) create mode 100644 tests/qemublocktestdata/imagecreate/qcow2-backing-qcow2-slice.json create mode 120000 tests/qemublocktestdata/imagecreate/qcow2-backing-qcow2-slice.xml create mode 100644 tests/qemublocktestdata/imagecreate/qcow2-backing-raw-slice.json create mode 120000 tests/qemublocktestdata/imagecreate/qcow2-backing-raw-slice.xml create mode 100644 tests/qemublocktestdata/imagecreate/qcow2-slice.xml create mode 100644 tests/qemublocktestdata/imagecreate/raw-slice.xml create mode 100644 tests/qemuxml2argvdata/disk-slices.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/disk-slices.xml create mode 100644 tests/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml -- 2.24.1

3 34

[libvirt PATCH v2] docs: add news item about gnulib removal
by Daniel P. Berrangé 17 Feb '20

17 Feb '20

While we have CI testing coverage for many platforms, we don't test any non-glibc based Linux and there are other non-Linux platforms we don't officially target, both of which might hit regressions. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- docs/news.xml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/docs/news.xml b/docs/news.xml index 5aa9d081a7..13812a1234 100644 --- a/docs/news.xml +++ b/docs/news.xml @@ -97,6 +97,25 @@ </section> <section title="Bug fixes"> </section> + <section title="Packaging changes"> + <change> + <summary> + use of gnulib has been completely eliminated + </summary> + <description> + Historically libvirt has embedded gnulib to provide fixes for + various platform portability problems. This usage has now been + eliminated and alternative approaches for platform portability + problems adopted where required. This has been validated on the + set of platforms covered by automated CI build testing. Other + modern Linux distros using glibc are expected to work. Linux + distros using non-glibc packages, and other non-Linux platforms + may encounter regressions when building this release. Please + report any build problems encountered back to the project + maintainers for evaluation. + </description> + </change> + </section> </release> <release version="v6.0.0" date="2020-01-15"> <section title="Packaging changes"> -- 2.24.1

2 1

[rust PATCH] Implement virStoragePoolListAllVolumes and virStoragePoolListVolumes for StoragePool
by mathias＠pius.io 15 Feb '20

15 Feb '20

From: Mathias Pius <mathias(a)pius.io> Now as a single patch, and with Signed-off-by tag in accordance with DCO. This patch implements virStoragePoolListAllVolumes and virStoragePoolListVolumes for the StoragePool object. I'm not too familiar with the libvirt codebase, so I've used similar functions from connect.rs and domain.rs for so the implementations should (hopefully) be as correct as those. I've taken the liberty of using Vec::with_capacity when allocating vectors to store the result of these operations in, to prevent reallocations while converting the object types from the internal type to StorageVol and Strings. Signed-off-by: Mathias Pius <mathias(a)pius.io> --- src/storage_pool.rs | 55 ++++++++++++++++++++++++++++++++++++++++++- tests/storage_pool.rs | 34 ++++++++++++++++++++++++++ 2 files changed, 88 insertions(+), 1 deletion(-) diff --git a/src/storage_pool.rs b/src/storage_pool.rs index 96258f0..571fabd 100644 --- a/src/storage_pool.rs +++ b/src/storage_pool.rs @@ -18,7 +18,7 @@ extern crate libc; -use std::str; +use std::{mem, ptr, str}; use connect::sys::virConnectPtr; use storage_vol::sys::virStorageVolPtr; @@ -78,6 +78,16 @@ extern "C" { fn virStoragePoolFree(ptr: sys::virStoragePoolPtr) -> libc::c_int; fn virStoragePoolIsActive(ptr: sys::virStoragePoolPtr) -> libc::c_int; fn virStoragePoolIsPersistent(ptr: sys::virStoragePoolPtr) -> libc::c_int; + fn virStoragePoolListAllVolumes( + ptr: sys::virStoragePoolPtr, + vols: *mut *mut virStorageVolPtr, + flags: libc::c_uint, + ) -> libc::c_int; + fn virStoragePoolListVolumes( + ptr: sys::virStoragePoolPtr, + names: *mut *mut libc::c_char, + maxnames: libc::c_int, + ) -> libc::c_int; fn virStoragePoolGetName(ptr: sys::virStoragePoolPtr) -> *const libc::c_char; fn virStoragePoolGetXMLDesc( ptr: sys::virStoragePoolPtr, @@ -119,6 +129,8 @@ pub const VIR_STORAGE_POOL_RUNNING: StoragePoolState = 2; pub const VIR_STORAGE_POOL_DEGRADED: StoragePoolState = 3; pub const VIR_STORAGE_POOL_INACCESSIBLE: StoragePoolState = 4; +pub type StoragePoolListAllVolumesFlags = self::libc::c_uint; + #[derive(Clone, Debug)] pub struct StoragePoolInfo { /// A `StoragePoolState` flags @@ -373,6 +385,47 @@ impl StoragePool { } } + pub fn list_all_volumes( + &self, + flags: StoragePoolListAllVolumesFlags, + ) -> Result<Vec<StorageVol>, Error> { + unsafe { + let mut volumes: *mut virStorageVolPtr = ptr::null_mut(); + + let size = + virStoragePoolListAllVolumes(self.as_ptr(), &mut volumes, flags as libc::c_uint); + if size == -1 { + return Err(Error::new()); + } + + mem::forget(volumes); + + let mut array: Vec<StorageVol> = Vec::with_capacity(size as usize); + for x in 0..size as isize { + array.push(StorageVol::new(*volumes.offset(x))); + } + libc::free(volumes as *mut libc::c_void); + + Ok(array) + } + } + + pub fn list_volumes(&self) -> Result<Vec<String>, Error> { + unsafe { + let mut names: [*mut libc::c_char; 1024] = [ptr::null_mut(); 1024]; + let size = virStoragePoolListVolumes(self.as_ptr(), names.as_mut_ptr(), 1024); + if size == -1 { + return Err(Error::new()); + } + + let mut array: Vec<String> = Vec::with_capacity(size as usize); + for x in 0..size as usize { + array.push(c_chars_to_string!(names[x])); + } + return Ok(array); + } + } + pub fn refresh(&self, flags: u32) -> Result<u32, Error> { unsafe { let ret = virStoragePoolRefresh(self.as_ptr(), flags as libc::c_uint); diff --git a/tests/storage_pool.rs b/tests/storage_pool.rs index 4bfa71d..21c1139 100644 --- a/tests/storage_pool.rs +++ b/tests/storage_pool.rs @@ -58,3 +58,37 @@ fn test_lookup_storage_pool_by_name() { } common::close(c); } + +#[test] +fn test_list_volumes() { + match Connect::open("test:///default") { + Ok(mut conn) => { + let sp = conn.list_storage_pools().unwrap_or(vec![]); + match StoragePool::lookup_by_name(&conn, &sp[0]) { + Ok(storage_pool) => { + storage_pool.list_volumes().unwrap(); + } + Err(e) => panic!("failed with code {}, message: {}", e.code, e.message), + } + assert_eq!(0, conn.close().unwrap_or(-1)); + } + Err(e) => panic!("failed with code {}, message: {}", e.code, e.message), + } +} + +#[test] +fn test_list_all_volumes() { + match Connect::open("test:///default") { + Ok(mut conn) => { + let sp = conn.list_storage_pools().unwrap_or(vec![]); + match StoragePool::lookup_by_name(&conn, &sp[0]) { + Ok(storage_pool) => { + storage_pool.list_all_volumes(0).unwrap(); + } + Err(e) => panic!("failed with code {}, message: {}", e.code, e.message), + } + assert_eq!(0, conn.close().unwrap_or(-1)); + } + Err(e) => panic!("failed with code {}, message: {}", e.code, e.message), + } +} -- 2.25.0

1 0

Questions about using qemuProcess API within a libvirt test
by Collin Walling 14 Feb '20

14 Feb '20

Hello, I am working on implementing libvirt test cases for the hypervisor-cpu-compare and -baseline commands. Ideally, I would like to take advantage of the qemuProcess API to spin up a QEMU instance and run these commands to test real data queried from the hypervisor. However, I am having issues with my libvirt tests communicating with a QEMU instance. The API can successfully spin an instance, but no commands can be sent to QEMU -- not even the qmp_capabilities handshake. The test case hangs forever with no indication that something went wrong. The hang occurs specifically within the qemuProcessQMPLaunch phase of the qemuProcessQMPStart function. Eventually the libvirt API will get to qemuMonitorSend, and at this loop... while (!mon->msg->finished) { if (virCondWait(&mon->notify, &mon->parent.lock) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Unable to wait on monitor condition")); goto cleanup; } } ...the program will hang at conditional wait. I kept the QEMU instance alive after killing my test and connected to the monitor socket that was still lingering. The qmp_capabilities command was never sent, thus leading me to believe that the libvirt tests cannot communicate with a QEMU instance. As s390x is currently the only arch to have implemented these commands, I believe it would be beneficial to have an easy way to test both the expected QEMU response and libvirt parsing within a single test case if/when other archs decide to implement these commands. I'd like to ask two questions: 1: does it make sense for libvirt tests to communicate with an external binary (specifically QEMU)? 2: if so, is there some sort of conflict between a libvirt test and a QEMU binary? I afraid to say that I am at a loss how to repair this or perhaps how to use the API properly. I appreciate anyone's help with looking into this. Note: in case I am not clear, by "libvirt test" I am referring to a test implemented in the tests directory of the libvirt project. -- Respectfully, - Collin Walling

3 3

[libvirt PATCH] docs: add news item about GNULIB removal
by Daniel P. Berrangé 14 Feb '20

14 Feb '20

While we have CI testing coverage for many platforms, we don't test any non-GLibC based Linux and there are other non-Linux platforms we don't officially target, both of which might hit regressions. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- docs/news.xml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/docs/news.xml b/docs/news.xml index f567a1182e..54ccc31abe 100644 --- a/docs/news.xml +++ b/docs/news.xml @@ -84,6 +84,25 @@ </change> </section> <section title="Improvements"> + <change> + <summary> + use of GNULIB has been completely eliminated + </summary> + <description> + Historically libvirt has embedded GNULIB to provide fixes for + various platform portability problems. This usage has now been + eliminated and alternative approaches for platform portability + problems adopted where required. This has been validated on the + set of platforms covered by automated CI build testing: Fedora + 30, 31 and rawhide; CentOS 7 and 8; Debian 9 and 10; Ubuntu 18.04; + FreeBSD 11 and 12; Mingw-w64; macOS 10.14 with XCode 10.3 and 11.3. + Other Linux distros of a similar vintage using GLibC are expected + to work. Linux distros using non-GLibC packages, and other + non-Linux platforms may encounter regressions when building this + release. Please report any build problems encountered back to the + project maintainers for resolution. + </description> + </change> </section> <section title="Bug fixes"> </section> -- 2.24.1

2 3

[PATCH] qemu_domain: Modify access to a NVMe disk iff needed
by Michal Privoznik 14 Feb '20

14 Feb '20

If a domain has a NVMe disk it already has the access configured. Trying to configure it again on a commit or some other operation is wrong and condemned to failure. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- src/qemu/qemu_domain.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 72f03c3a35..b0e90f818d 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -11676,13 +11676,13 @@ qemuDomainStorageSourceAccessModify(virQEMUDriverPtr driver, revoke_lockspace = true; - if (qemuDomainStorageSourceAccessModifyNVMe(driver, vm, src, false) < 0) - goto revoke; - - revoke_nvme = true; - /* When modifying access of existing @src namespace does not need update */ if (!(flags & QEMU_DOMAIN_STORAGE_SOURCE_ACCESS_MODIFY_ACCESS)) { + if (qemuDomainStorageSourceAccessModifyNVMe(driver, vm, src, false) < 0) + goto revoke; + + revoke_nvme = true; + if (qemuDomainNamespaceSetupDisk(vm, src) < 0) goto revoke; -- 2.24.1

2 1

[libvirt PATCH v2 0/8] qemu: Add support for the armvtimer timer
by Andrea Bolognani 14 Feb '20

14 Feb '20

This new timer model can be used to control the behavior of the virtual timer for KVM ARM/virt guests. Changes from [v1]: * redesign the XML interface completely, notably moving the configuration knob from <cpu> to <clock>. [v1] https://www.redhat.com/archives/libvir-list/2020-January/msg01475.html Andrea Bolognani (8): qemu: Use switch statement in qemuBuildCpuCommandLine() qemu: Add the QEMU_CAPS_CPU_KVM_NO_ADJVTIME capability conf: Introduce VIR_DOMAIN_TIMER_NAME_ARMVTIMER qemu: Validate configuration for the armvtimer timer qemu: Format the armvtimer timer on the command line tests: Add test case for the armvtimer timer docs: List the armvtimer timer among all others news: Mention the armvtimer timer docs/formatdomain.html.in | 6 +-- docs/news.xml | 10 ++++ docs/schemas/domaincommon.rng | 1 + src/conf/domain_conf.c | 1 + src/conf/domain_conf.h | 1 + src/libxl/libxl_conf.c | 1 + src/libxl/xen_common.c | 1 + src/qemu/qemu_capabilities.c | 2 + src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_command.c | 49 +++++++++++++++---- src/qemu/qemu_domain.c | 36 ++++++++++++++ .../caps_5.0.0.aarch64.xml | 1 + .../clock-timer-armvtimer.aarch64-latest.args | 32 ++++++++++++ .../clock-timer-armvtimer.xml | 27 ++++++++++ tests/qemuxml2argvtest.c | 2 + .../clock-timer-armvtimer.aarch64-latest.xml | 1 + tests/qemuxml2xmltest.c | 1 + 17 files changed, 160 insertions(+), 13 deletions(-) create mode 100644 tests/qemuxml2argvdata/clock-timer-armvtimer.aarch64-latest.args create mode 100644 tests/qemuxml2argvdata/clock-timer-armvtimer.xml create mode 120000 tests/qemuxml2xmloutdata/clock-timer-armvtimer.aarch64-latest.xml -- 2.24.1

4 27

[PULL 00/10] Ui 20200212 patches
by Gerd Hoffmann 13 Feb '20

13 Feb '20

The following changes since commit e18e5501d8ac692d32657a3e1ef545b14e72b730: Merge remote-tracking branch 'remotes/dgilbert-gitlab/tags/pull-virtiofs-20200210' into staging (2020-02-10 18:09:14 +0000) are available in the Git repository at: git://git.kraxel.org/qemu tags/ui-20200212-pull-request for you to fetch changes up to 483644c25b932360018d15818d8bcd8c85ba70b8: ui/cocoa: Drop workarounds for pre-10.12 OSX (2020-02-12 13:27:08 +0100) ---------------------------------------------------------------- gtk: refresh rate fix. cocoa: drop pre-10.12 support. ui: rework show-cursor option. ---------------------------------------------------------------- Gerd Hoffmann (7): ui: add show-cursor option ui: wire up legacy -show-cursor option ui/sdl: switch to new show-cursor option ui/cocoa: switch to new show-cursor option ui/gtk: implement show-cursor option ui: drop curor_hide global variable. ui: deprecate legacy -show-cursor option Peter Maydell (1): ui/cocoa: Drop workarounds for pre-10.12 OSX Philippe Mathieu-Daudé (2): ui/gtk: Update gd_refresh_rate_millihz() to handle VirtualConsole ui/gtk: Fix gd_refresh_rate_millihz() when widget window is not realized include/sysemu/sysemu.h | 1 - ui/gtk.c | 27 +++++++++++------- ui/sdl2.c | 16 +++++------ vl.c | 16 +++++++++-- qapi/ui.json | 3 ++ qemu-deprecated.texi | 5 ++++ ui/cocoa.m | 63 +++-------------------------------------- 7 files changed, 51 insertions(+), 80 deletions(-) -- 2.18.2

2 11

[rust PATCH 0/3] Implement virStoragePoolListVolumes and virStoragePoolListAllVolumes
by mathias＠pius.io 13 Feb '20

13 Feb '20

From: Mathias Pius <mathias(a)pius.io> This patch implements virStoragePoolListAllVolumes and virStoragePoolListVolumes for the StoragePool object. I'm not too familiar with the libvirt codebase, so I've used similar functions from connect.rs and domain.rs for so the implementations should (hopefully) be as correct as those. I've taken the liberty of using Vec::with_capacity when allocating vectors to store the result of these operations in, to prevent reallocations while converting the object types from the internal type to StorageVol and Strings. Feedback is very welcome! Mathias Pius (3): Implement virStoragePoolListAllVolumes and virStoragePoolListVolumes for StoragePool cargo fmt Newline at end of file src/storage_pool.rs | 55 ++++++++++++++++++++++++++++++++++++++++++- tests/storage_pool.rs | 34 ++++++++++++++++++++++++++ 2 files changed, 88 insertions(+), 1 deletion(-) -- 2.25.0

2 4

[PATCH v2 0/7] Couple of apparmor fixes
by Michal Privoznik 12 Feb '20

12 Feb '20

v2 of: https://www.redhat.com/archives/libvir-list/2020-January/msg01068.html diff to v1: - Keep old paths to virt-aa-helper in profiles as SUSE still uses it. - patch 7/7 is new Michal Prívozník (7): apparmor: Fix parthelper, iohelper and virt-aa-helper paths in profiles apparmor: Allow libvirt to spawn virt-aa-helper and libvirt_lxc docs: Fix virt-aa-helper location apparmor: Rename virt-aa-helper profile apparmor: Sort paths in blocks in libvirt-qemu profile apparmor: Allow some more BIOS/UEFI paths apparmor: Drop 'Last modified' comment from profiles docs/drvqemu.html.in | 2 +- src/security/Makefile.inc.am | 10 +-- src/security/apparmor/libvirt-lxc | 2 - src/security/apparmor/libvirt-qemu | 80 +++++++++---------- ...t-aa-helper => usr.libexec.virt-aa-helper} | 7 +- src/security/apparmor/usr.sbin.libvirtd | 7 +- 6 files changed, 53 insertions(+), 55 deletions(-) rename src/security/apparmor/{usr.lib.libvirt.virt-aa-helper => usr.libexec.virt-aa-helper} (88%) -- 2.24.1

2 17

[libvirt PATCH v2] qemu: drop support for monitor connections on PTYs
by Daniel P. Berrangé 12 Feb '20

12 Feb '20

Libvirt switched to using a UNIX socket for monitors in 2009 for version 0.7.0. It seems unlikely that there is a running QEMU process that hasn't been restarted for 11 years while also taking a libvirt upgrade. Therefore we can drop support for opening a PTY for the QEMU monitor. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- In v2: - Now with all changes actually committed src/qemu/qemu_monitor.c | 60 +++++++---------------------------------- 1 file changed, 9 insertions(+), 51 deletions(-) diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index 802ad20aa1..008d4a0e75 100644 --- a/src/qemu/qemu_monitor.c +++ b/src/qemu/qemu_monitor.c @@ -77,7 +77,6 @@ struct _qemuMonitor { * = 0: not registered * < 0: an error occurred during the registration of @fd */ int watch; - int hasSendFD; virDomainObjPtr vm; @@ -303,21 +302,6 @@ qemuMonitorOpenUnix(const char *monitor, } -static int -qemuMonitorOpenPty(const char *monitor) -{ - int monfd; - - if ((monfd = open(monitor, O_RDWR)) < 0) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("Unable to open monitor path %s"), monitor); - return -1; - } - - return monfd; -} - - /* This method processes data that has been received * from the monitor. Looking for async events and * replies/errors. @@ -434,12 +418,6 @@ qemuMonitorIOWrite(qemuMonitorPtr mon) if (!mon->msg || mon->msg->txOffset == mon->msg->txLength) return 0; - if (mon->msg->txFD != -1 && !mon->hasSendFD) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Monitor does not support sending of file descriptors")); - return -1; - } - buf = mon->msg->txBuffer + mon->msg->txOffset; len = mon->msg->txLength - mon->msg->txOffset; if (mon->msg->txFD == -1) @@ -707,7 +685,6 @@ qemuMonitorIO(int watch, int fd, int events, void *opaque) static qemuMonitorPtr qemuMonitorOpenInternal(virDomainObjPtr vm, int fd, - bool hasSendFD, qemuMonitorCallbacksPtr cb, void *opaque) { @@ -736,7 +713,6 @@ qemuMonitorOpenInternal(virDomainObjPtr vm, goto cleanup; } mon->fd = fd; - mon->hasSendFD = hasSendFD; mon->vm = virObjectRef(vm); mon->waitGreeting = true; mon->cb = cb; @@ -810,7 +786,6 @@ qemuMonitorOpen(virDomainObjPtr vm, void *opaque) { int fd = -1; - bool hasSendFD = false; qemuMonitorPtr ret = NULL; timeout += QEMU_DEFAULT_MONITOR_WAIT; @@ -819,28 +794,18 @@ qemuMonitorOpen(virDomainObjPtr vm, * deleted until the monitor gets its own reference. */ virObjectRef(vm); - switch (config->type) { - case VIR_DOMAIN_CHR_TYPE_UNIX: - hasSendFD = true; - virObjectUnlock(vm); - fd = qemuMonitorOpenUnix(config->data.nix.path, - vm->pid, retry, timeout); - virObjectLock(vm); - break; - - case VIR_DOMAIN_CHR_TYPE_PTY: - virObjectUnlock(vm); - fd = qemuMonitorOpenPty(config->data.file.path); - virObjectLock(vm); - break; - - default: + if (config->type != VIR_DOMAIN_CHR_TYPE_UNIX) { virReportError(VIR_ERR_INTERNAL_ERROR, _("unable to handle monitor type: %s"), virDomainChrTypeToString(config->type)); - break; + goto cleanup; } + virObjectUnlock(vm); + fd = qemuMonitorOpenUnix(config->data.nix.path, + vm->pid, retry, timeout); + virObjectLock(vm); + if (fd < 0) goto cleanup; @@ -850,7 +815,7 @@ qemuMonitorOpen(virDomainObjPtr vm, goto cleanup; } - ret = qemuMonitorOpenInternal(vm, fd, hasSendFD, cb, opaque); + ret = qemuMonitorOpenInternal(vm, fd, cb, opaque); cleanup: if (!ret) VIR_FORCE_CLOSE(fd); @@ -865,7 +830,7 @@ qemuMonitorOpenFD(virDomainObjPtr vm, qemuMonitorCallbacksPtr cb, void *opaque) { - return qemuMonitorOpenInternal(vm, sockfd, true, cb, opaque); + return qemuMonitorOpenInternal(vm, sockfd, cb, opaque); } @@ -2675,13 +2640,6 @@ qemuMonitorSendFileHandle(qemuMonitorPtr mon, return -1; } - if (!mon->hasSendFD) { - virReportError(VIR_ERR_OPERATION_UNSUPPORTED, - _("qemu is not using a unix socket monitor, " - "cannot send fd %s"), fdname); - return -1; - } - return qemuMonitorJSONSendFileHandle(mon, fdname, fd); } -- 2.24.1

2 1

[PATCH 1/2] qemu: monitor:Prevent a NULl pointer from being accessed
by Yi Wang 12 Feb '20

12 Feb '20

From: Huang Zijiang <huang.zijiang(a)zte.com.cn> virJSONValueObjectGetObject maybe return NULL if the key is missing or if value is not the correct TYPE, so we have to prevent a NULl pointer from being accessed. Signed-off-by: Huang Zijiang <huang.zijiang(a)zte.com.cn> Signed-off-by: Yi Wang <wang.yi59(a)zte.com.cn> --- src/qemu/qemu_monitor_json.c | 89 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 88 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index e5164d2..51b40e0 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -1697,7 +1697,12 @@ qemuMonitorJSONGetStatus(qemuMonitorPtr mon, goto cleanup; data = virJSONValueObjectGetObject(reply, "return"); - + if (!data){ + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-status reply was missing return data")); + return -1; + } + if (virJSONValueObjectGetBoolean(data, "running", running) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("query-status reply was missing running state")); @@ -2018,6 +2023,11 @@ int qemuMonitorJSONGetVirtType(qemuMonitorPtr mon, goto cleanup; data = virJSONValueObjectGetObject(reply, "return"); + if (!data) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-kvm reply was missing return data")); + return -1; + } if (virJSONValueObjectGetBoolean(data, "enabled", &val) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", @@ -2179,6 +2189,11 @@ qemuMonitorJSONGetBalloonInfo(qemuMonitorPtr mon, goto cleanup; data = virJSONValueObjectGetObject(reply, "return"); + if (!data) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-balloon reply was missing return data")); + return -1; + } if (virJSONValueObjectGetNumberUlong(data, "actual", &mem) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", @@ -2280,6 +2295,11 @@ int qemuMonitorJSONGetMemoryStats(qemuMonitorPtr mon, goto cleanup; data = virJSONValueObjectGetObject(reply, "return"); + if (!data) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("reply was missing return data")); + return -1; + } if (!(statsdata = virJSONValueObjectGet(data, "stats"))) { VIR_DEBUG("data does not include 'stats'"); @@ -3478,6 +3498,11 @@ qemuMonitorJSONGetMigrationStatsReply(virJSONValuePtr reply, const char *tmp; ret = virJSONValueObjectGetObject(reply, "return"); + if (!ret) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("info migration reply was missing return data")); + return -1; + } if (!(statusstr = virJSONValueObjectGetString(ret, "status"))) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", @@ -3787,6 +3812,11 @@ qemuMonitorJSONQueryDump(qemuMonitorPtr mon, goto cleanup; result = virJSONValueObjectGetObject(reply, "return"); + if (!result) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-dump reply was missing return data")); + return -1; + } ret = qemuMonitorJSONExtractDumpStats(result, stats); @@ -3824,6 +3854,11 @@ qemuMonitorJSONGetDumpGuestMemoryCapability(qemuMonitorPtr mon, goto cleanup; caps = virJSONValueObjectGetObject(reply, "return"); + if (!caps) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-dump-guest-memory-capability reply was missing return data")); + return -1; + } if (!(formats = virJSONValueObjectGetArray(caps, "formats"))) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", @@ -4676,6 +4711,11 @@ qemuMonitorJSONDiskNameLookupOne(virJSONValuePtr image, return NULL; if (top != target) { backing = virJSONValueObjectGetObject(image, "backing-image"); + if (!backing) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("reply was missing return backing-image ")); + return -1; + } return qemuMonitorJSONDiskNameLookupOne(backing, top->backingStore, target); } @@ -5519,6 +5559,12 @@ int qemuMonitorJSONGetVersion(qemuMonitorPtr mon, goto cleanup; data = virJSONValueObjectGetObject(reply, "return"); + if (!data) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-version reply was missing return data")); + return -1; + } + if (!(qemu = virJSONValueObjectGetObject(data, "qemu"))) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", @@ -5972,6 +6018,11 @@ qemuMonitorJSONGetCPUModelExpansion(qemuMonitorPtr mon, return -1; data = virJSONValueObjectGetObject(reply, "return"); + if (!data) { + (VIR_ERR_INTERNAL_ERROR, "%s", + _("query-cpu-model-expansion reply was missing return data")); + return -1; + } if (qemuMonitorJSONParseCPUModelData(data, "query-cpu-model-expansion", fail_no_props, &cpu_model, &cpu_props, @@ -6027,6 +6078,11 @@ qemuMonitorJSONGetCPUModelBaseline(qemuMonitorPtr mon, return -1; data = virJSONValueObjectGetObject(reply, "return"); + if (!data) { + (VIR_ERR_INTERNAL_ERROR, "%s", + _("query-cpu-model-baseline reply was missing return data")); + return -1; + } if (qemuMonitorJSONParseCPUModelData(data, "query-cpu-model-baseline", false, &cpu_model, &cpu_props, @@ -6067,6 +6123,11 @@ qemuMonitorJSONGetCPUModelComparison(qemuMonitorPtr mon, return -1; data = virJSONValueObjectGetObject(reply, "return"); + if (!data) { + (VIR_ERR_INTERNAL_ERROR, "%s", + _("query-cpu-model-comparison reply was missing return data")); + return -1; + } if (!(data_result = virJSONValueObjectGetString(data, "result"))) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", @@ -6342,6 +6403,11 @@ int qemuMonitorJSONGetKVMState(qemuMonitorPtr mon, goto cleanup; data = virJSONValueObjectGetObject(reply, "return"); + if (!data) { + (VIR_ERR_INTERNAL_ERROR, "%s", + _("qemu-kvm reply was missing return data")); + return -1; + } if (virJSONValueObjectGetBoolean(data, "enabled", enabled) < 0 || virJSONValueObjectGetBoolean(data, "present", present) < 0) { @@ -6823,6 +6889,11 @@ qemuMonitorJSONGetTargetArch(qemuMonitorPtr mon) goto cleanup; data = virJSONValueObjectGetObject(reply, "return"); + if (!data) { + (VIR_ERR_INTERNAL_ERROR, "%s", + _("query-target reply was missing return data")); + return -1; + } if (!(arch = virJSONValueObjectGetString(data, "arch"))) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", @@ -7090,6 +7161,11 @@ qemuMonitorJSONGetSEVCapabilities(qemuMonitorPtr mon, goto cleanup; caps = virJSONValueObjectGetObject(reply, "return"); + if (!caps) { + (VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sev-capabilities reply was missing return data")); + return -1; + } if (virJSONValueObjectGetNumberUint(caps, "cbitpos", &cbitpos) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", @@ -7555,6 +7631,12 @@ qemuMonitorJSONAttachCharDev(qemuMonitorPtr mon, if (chr->type == VIR_DOMAIN_CHR_TYPE_PTY) { virJSONValuePtr data = virJSONValueObjectGetObject(reply, "return"); + if (!data) { + (VIR_ERR_INTERNAL_ERROR, "%s", + _("chardev-add reply was missing return data")); + return -1; + } + const char *path; if (!(path = virJSONValueObjectGetString(data, "pty"))) { @@ -9006,6 +9088,11 @@ qemuMonitorJSONGetSEVMeasurement(qemuMonitorPtr mon) goto cleanup; data = virJSONValueObjectGetObject(reply, "return"); + if (!data) { + (VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sev-launch-measure reply was missing return data")); + return -1; + } if (!(tmp = virJSONValueObjectGetString(data, "data"))) goto cleanup; -- 1.9.1

2 1

[PATCH] util: Prevent a NULl pointer from being accessed
by Yi Wang 12 Feb '20

12 Feb '20

From: Huang Zijiang <huang.zijiang(a)zte.com.cn> virJSONValueObjectGetObject maybe return NULL if the key is missing or if value is not the correct TYPE, so we have to prevent a NULl pointer from being accessed. Signed-off-by: Huang Zijiang <huang.zijiang(a)zte.com.cn> Signed-off-by: Yi Wang <wang.yi59(a)zte.com.cn> --- src/util/virstoragefile.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c index e46ac99..53224b5 100644 --- a/src/util/virstoragefile.c +++ b/src/util/virstoragefile.c @@ -3378,6 +3378,11 @@ virStorageSourceParseBackingJSONSheepdog(virStorageSourcePtr src, const char *filename; const char *vdi = virJSONValueObjectGetString(json, "vdi"); virJSONValuePtr server = virJSONValueObjectGetObject(json, "server"); + if (!server) { + virReportError(VIR_ERR_INVALID_ARG, "%s", + _("missing server in JSON backing volume definition")); + return -1; + } /* legacy URI based syntax passed via 'filename' option */ if ((filename = virJSONValueObjectGetString(json, "filename"))) { -- 1.9.1

2 1

[PATCH] util: Prevent a NULl pointer from being accessed
by Yi Wang 12 Feb '20

12 Feb '20

From: Huang Zijiang <huang.zijiang(a)zte.com.cn> virJSONValueObjectGetObject maybe return NULL if the key is missing or if value is not the correct TYPE, so we have to prevent a NULl pointer from being accessed. Signed-off-by: Huang Zijiang <huang.zijiang(a)zte.com.cn> Signed-off-by: Yi Wang <wang.yi59(a)zte.com.cn> --- src/util/virqemu.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/util/virqemu.c b/src/util/virqemu.c index f3a233a..29fbe4e 100644 --- a/src/util/virqemu.c +++ b/src/util/virqemu.c @@ -257,6 +257,11 @@ virQEMUBuildObjectCommandlineFromJSON(virBufferPtr buf, const char *type = virJSONValueObjectGetString(objprops, "qom-type"); const char *alias = virJSONValueObjectGetString(objprops, "id"); virJSONValuePtr props = virJSONValueObjectGetObject(objprops, "props"); + if (!props) { + virReportError(VIR_ERR_INVALID_ARG, "%s", + _("reply was missing return props data")); + return -1; + } return virQEMUBuildObjectCommandlineFromJSONInternal(buf, type, alias, props); } -- 1.9.1

2 1

[PATCH v3 0/7] ui: rework -show-cursor option
by Gerd Hoffmann 12 Feb '20

12 Feb '20

Add -display {sdl,gtk,cocoa},show-cursor=on as replacement for -show-cursor. sdl + cocoa are switched over (no change in behavior), gtk support is added. Gerd Hoffmann (7): ui: add show-cursor option ui: wire up legacy -show-cursor option ui/sdl: switch to new show-cursor option ui/cocoa: switch to new show-cursor option ui/gtk: implement show-cursor option ui: drop curor_hide global variable. ui: deprecate legacy -show-cursor option include/sysemu/sysemu.h | 1 - ui/gtk.c | 8 ++++++-- ui/sdl2.c | 16 ++++++++-------- vl.c | 16 ++++++++++++++-- qapi/ui.json | 3 +++ qemu-deprecated.texi | 5 +++++ ui/cocoa.m | 4 ++++ 7 files changed, 40 insertions(+), 13 deletions(-) -- 2.18.1

4 11

[libvirt PATCH] qemu: drop support for monitor connections on PTYs
by Daniel P. Berrangé 12 Feb '20

12 Feb '20

Libvirt switched to using a UNIX socket for monitors in 2009 for version 0.7.0. It seems unlikely that there is a running QEMU process that hasn't been restarted for 11 years while also taking a libvirt upgrade. Therefore we can drop support for opening a PTY for the QEMU monitor. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- src/qemu/qemu_monitor.c | 43 ++++++++--------------------------------- 1 file changed, 8 insertions(+), 35 deletions(-) diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index 802ad20aa1..e998586a6b 100644 --- a/src/qemu/qemu_monitor.c +++ b/src/qemu/qemu_monitor.c @@ -77,7 +77,6 @@ struct _qemuMonitor { * = 0: not registered * < 0: an error occurred during the registration of @fd */ int watch; - int hasSendFD; virDomainObjPtr vm; @@ -434,12 +433,6 @@ qemuMonitorIOWrite(qemuMonitorPtr mon) if (!mon->msg || mon->msg->txOffset == mon->msg->txLength) return 0; - if (mon->msg->txFD != -1 && !mon->hasSendFD) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Monitor does not support sending of file descriptors")); - return -1; - } - buf = mon->msg->txBuffer + mon->msg->txOffset; len = mon->msg->txLength - mon->msg->txOffset; if (mon->msg->txFD == -1) @@ -707,7 +700,6 @@ qemuMonitorIO(int watch, int fd, int events, void *opaque) static qemuMonitorPtr qemuMonitorOpenInternal(virDomainObjPtr vm, int fd, - bool hasSendFD, qemuMonitorCallbacksPtr cb, void *opaque) { @@ -736,7 +728,6 @@ qemuMonitorOpenInternal(virDomainObjPtr vm, goto cleanup; } mon->fd = fd; - mon->hasSendFD = hasSendFD; mon->vm = virObjectRef(vm); mon->waitGreeting = true; mon->cb = cb; @@ -810,7 +801,6 @@ qemuMonitorOpen(virDomainObjPtr vm, void *opaque) { int fd = -1; - bool hasSendFD = false; qemuMonitorPtr ret = NULL; timeout += QEMU_DEFAULT_MONITOR_WAIT; @@ -819,28 +809,18 @@ qemuMonitorOpen(virDomainObjPtr vm, * deleted until the monitor gets its own reference. */ virObjectRef(vm); - switch (config->type) { - case VIR_DOMAIN_CHR_TYPE_UNIX: - hasSendFD = true; - virObjectUnlock(vm); - fd = qemuMonitorOpenUnix(config->data.nix.path, - vm->pid, retry, timeout); - virObjectLock(vm); - break; - - case VIR_DOMAIN_CHR_TYPE_PTY: - virObjectUnlock(vm); - fd = qemuMonitorOpenPty(config->data.file.path); - virObjectLock(vm); - break; - - default: + if (config->type != VIR_DOMAIN_CHR_TYPE_UNIX) { virReportError(VIR_ERR_INTERNAL_ERROR, _("unable to handle monitor type: %s"), virDomainChrTypeToString(config->type)); - break; + goto cleanup; } + virObjectUnlock(vm); + fd = qemuMonitorOpenUnix(config->data.nix.path, + vm->pid, retry, timeout); + virObjectLock(vm); + if (fd < 0) goto cleanup; @@ -850,7 +830,7 @@ qemuMonitorOpen(virDomainObjPtr vm, goto cleanup; } - ret = qemuMonitorOpenInternal(vm, fd, hasSendFD, cb, opaque); + ret = qemuMonitorOpenInternal(vm, fd, cb, opaque); cleanup: if (!ret) VIR_FORCE_CLOSE(fd); @@ -2675,13 +2655,6 @@ qemuMonitorSendFileHandle(qemuMonitorPtr mon, return -1; } - if (!mon->hasSendFD) { - virReportError(VIR_ERR_OPERATION_UNSUPPORTED, - _("qemu is not using a unix socket monitor, " - "cannot send fd %s"), fdname); - return -1; - } - return qemuMonitorJSONSendFileHandle(mon, fdname, fd); } -- 2.24.1

1 0

[libvirt PATCH 0/5] qemu: add stricter checks of permissibility of the QoS parameter 'floor'
by Pavel Mores 12 Feb '20

12 Feb '20

Aims to fix https://bugzilla.redhat.com/show_bug.cgi?id=1750219 Libvirt previously silently accepted attempts to set 'floor' even for direct bridge interface types where the parameter is not supported. This could happen when manipulating both inactive and active (e.g. via 'virsh domiftune') domain configuration. Pavel Mores (5): qemu: fail on attempt to set 'floor' if interface type is not 'network' qemu: check if 'floor' is supported for given interface and network qemu: call networkPlugBandwidth() for all types of network docs: QoS parameter 'floor' is supported for 'open' networks too qemu: reuse convenience variable introduced in a00b97f27672b3 docs/formatnetwork.html.in | 2 +- src/network/bridge_driver.c | 27 +++++++++++++++++++++------ src/qemu/qemu_driver.c | 13 ++++++++++--- 3 files changed, 32 insertions(+), 10 deletions(-) -- 2.24.1

4 13

[libvirt] [patch v2 1/1] virt-aa-helper: Add support for smartcard host-certificates
by Arnaud Patard 12 Feb '20

12 Feb '20

When emulating smartcard with host certificates, qemu needs to be able to read the certificates files. Add necessary code to add the smartcard certificates file path to the apparmor profile. Passthrough support has been tested with spicevmc and remote-viewer. v2: - Fix CodingStyle - Add support for 'host' case. - Add a comment to mention that the passthrough case doesn't need some configuration - Use one rule with '{,*}' instead of two rules. Signed-off-by: Arnaud Patard <apatard(a)hupstream.com> Index: libvirt/src/security/virt-aa-helper.c =================================================================== --- libvirt.orig/src/security/virt-aa-helper.c +++ libvirt/src/security/virt-aa-helper.c @@ -1271,6 +1271,39 @@ get_files(vahControl * ctl) } } + for (i = 0; i < ctl->def->nsmartcards; i++) { + virDomainSmartcardDefPtr sc = ctl->def->smartcards[i]; + virDomainSmartcardType sc_type = sc->type; + char *sc_db = (char *)VIR_DOMAIN_SMARTCARD_DEFAULT_DATABASE; + if (sc->data.cert.database) + sc_db = sc->data.cert.database; + switch (sc_type) { + /* + * Note: At time of writing, to get this working, qemu seccomp sandbox has + * to be disabled or the host must be running QEMU with commit + * 9a1565a03b79d80b236bc7cc2dbce52a2ef3a1b8. + * It's possibly due to libcacard:vcard_emul_new_event_thread(), which calls + * PR_CreateThread(), which calls {g,s}etpriority(). And resourcecontrol seccomp + * filter forbids it (cf src/qemu/qemu_command.c which seems to always use + * resourcecontrol=deny). + */ + case VIR_DOMAIN_SMARTCARD_TYPE_HOST: + virBufferAddLit(&buf, " \"/etc/pki/nssdb/{,*}\" rk,\n"); + break; + case VIR_DOMAIN_SMARTCARD_TYPE_HOST_CERTIFICATES: + virBufferAsprintf(&buf, " \"%s/{,*}\" rk,\n", sc_db); + break; + /* + * Nothing to do for passthrough, as the smartcard + * access is done through TCP or Spice + */ + case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH: + break; + case VIR_DOMAIN_SMARTCARD_TYPE_LAST: + break; + } + } + if (ctl->def->virtType == VIR_DOMAIN_VIRT_KVM) { for (i = 0; i < ctl->def->nnets; i++) { virDomainNetDefPtr net = ctl->def->nets[i];

3 6

[PATCH v1 00/14] vircgroup code duplication purge
by Daniel Henrique Barboza 11 Feb '20

11 Feb '20

Hi, This is my attempt to a side quest from Cole Robinson reported in the wiki. It started with an innocent code duplication reduction work, then I got dragged into code duplication inside LXC and QEMU drivers. There is a significant amount of code sharing between LXC and QEMU drivers that should be handled in a work on its own, but I didn't shy away from the duplications that are related to vircgroup code in some capacity. Last 3 patches are an attempt to clean up libvirt_private.syms a bit, turning some vircgroup functions to static after the changes made. These are trivial, but annoying changes to review in a single patch - hence 3 patches to allow for happier reviews. The maintainer is free to merge the those together when pushing. Daniel Henrique Barboza (14): vircgroup: add virCgroupSetupBlkioTune() vircgroup: add virCgroupSetupMemtune() vircgroup: add virCgroupSetupCpusetCpus() vircgroup: add virCgroupSetAndRetrieveCpuShares() vircgroup: add virCgroupSetupCpuPeriodQuota() domain_conf: add virDomainMergeBlkioDevice() domain_conf: add virDomainParseBlkioDeviceStr() vircgroup: add virCgroupSetupDomainBlkioParameters() domain_conf: add virDomainParseMergePersistentDefBlkioParams() vircgroup: add virCgroupSetMemoryLimitParameters() vircgroup: add virCgroupGetCpuPeriodQuota() vircgroup: turn virCgroup{Get/Set}BlkioDevice* static vircgroup: turn SetMemory and SetCpusetCpus functions static vircgroup: turn more cgroup functions static src/conf/domain_conf.c | 222 ++++++++++++++++++++ src/conf/domain_conf.h | 13 ++ src/libvirt_private.syms | 31 +-- src/lxc/lxc_cgroup.c | 91 +------- src/lxc/lxc_driver.c | 428 ++------------------------------------ src/qemu/qemu_cgroup.c | 113 +--------- src/qemu/qemu_driver.c | 399 +---------------------------------- src/util/vircgroup.c | 436 +++++++++++++++++++++++++++++++++++---- src/util/vircgroup.h | 75 +++---- 9 files changed, 707 insertions(+), 1101 deletions(-) -- 2.24.1

3 19

[libvirt PATCH] docs: Improve documentation for <serial> and <console>
by Andrea Bolognani 11 Feb '20

11 Feb '20

Users expect to be able to configure the <console> element and see that configuration reflected into the <serial> element or at least sticking, however due to our crazy back-compat code that doesn't always happen. There's really not much we can do to make this kind of corner cases work as the user would expect, especially not without introducing additional complexity in a part of libvirt that already has more than a fair share of it; we can, however, improve the documentation so that it will nudge said users in the right direction. https://bugzilla.redhat.com/show_bug.cgi?id=1770725 Signed-off-by: Andrea Bolognani <abologna(a)redhat.com> --- docs/formatdomain.html.in | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 44e2062d01..5ccf39abd1 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -7510,7 +7510,10 @@ qemu-kvm -net nic,model=? /dev/null <span class="since">since 4.7.0</span>, <code>16550a</code> (usable with the <code>system-serial</code> target type); <code>sclpconsole</code> and <code>sclplmconsole</code> (usable with - the <code>sclp-serial</code> target type). + the <code>sclp-serial</code> target type). Providing a target model is + usually unnecessary: libvirt will automatically pick one that's suitable + for the chosen target type, and overriding that value is generally not + recommended. </p> <p> @@ -7656,7 +7659,8 @@ qemu-kvm -net nic,model=? /dev/null for early boot logging / interactive / recovery use, and one paravirtualized serial console to be used eg. as a side channel. Most people will be fine with having just the first <code>console</code> - element in their configuration. + element in their configuration, but if a specific configuration is + desired then both elements should be specified. </p> <p> -- 2.24.1

2 1

[PATCH 0/6] update tls files without restarting libvirtd
by Zhang Bo 11 Feb '20

11 Feb '20

When a client wants to establish a TLS connection with libvirtd, a CRL file， CA cert and server cert/key are used. Right now, if these files are changed, you must restart libvirtd to make them take effect. The restart behavior of libvirtd will cause clients connecting with libvirtd to fail. In a server cluster, these files, mostly the CRL, may be updated quite frequently dueto the large amount of certificates. If the new file does not take effect in time, there are security risks. So you may need to restart libvirtd frequently to make the CRL etc. take effect in time. However, frequent restarts will affect the reliability of cluster virtual machine management(such as openstack) services. These patches add a virt-admin command to update the tls related files *online*. Zhang Bo (6): virnettlscontext: refactoring virNetTLSContextLoadCredentials virnetserver: Introduce virNetServerUpdateTlsFiles admin: Introduce virAdmServerUpdateTlsFiles admin: support server cert update mode virt-admin: Introduce command srv-update-tls docs: update virt-admin.rst for server-update-tls docs/manpages/virt-admin.rst | 21 ++++ include/libvirt/libvirt-admin.h | 26 ++++ src/admin/admin_protocol.x | 13 +- src/admin/admin_server.c | 8 ++ src/admin/admin_server.h | 4 + src/admin/libvirt-admin.c | 39 ++++++ src/admin/libvirt_admin_private.syms | 1 + src/admin/libvirt_admin_public.syms | 1 + src/libvirt_remote.syms | 1 + src/rpc/virnetserver.c | 81 ++++++++++++ src/rpc/virnetserver.h | 4 + src/rpc/virnetserverclient.c | 4 + src/rpc/virnettlscontext.c | 179 +++++++++++++++++++-------- src/rpc/virnettlscontext.h | 3 + tools/virt-admin.c | 88 +++++++++++++ 15 files changed, 419 insertions(+), 54 deletions(-) -- 2.23.0.windows.1

2 8

[libvirt PATCH 0/7] virshtest: remove virTestCaptureProgramOutput
by Ján Tomko 11 Feb '20

11 Feb '20

Use virCommand instead of open-coding it and do some other cleanups found along the way. Ján Tomko (7): testutils: check return value of g_setenv testutils: use g_autofree testutils: use g_autoptr testutils: remove unnecessary labels virshtest: refactor testCompareOutputLit virshtest: use virCommand instead of custom impl testutils: remove now unused virTestCaptureProgramOutput tests/testutils.c | 171 +++++++++------------------------------------- tests/testutils.h | 2 - tests/virshtest.c | 35 ++++++---- 3 files changed, 54 insertions(+), 154 deletions(-) -- 2.21.1

2 15

[libvirt PATCH 0/9] syntax-check: fix sc-prohibit-cross-inclusion
by Ján Tomko 11 Feb '20

11 Feb '20

And drop some legacy stuff, since I already had to open the file. Ján Tomko (9): syntax-check: do not enforce ChangeLog syntax syntax-check: fix sc-prohibit-cross-inclusion syntax-check: drop vulnerable Makefile checks syntax-check: drop CVS keyword expansion check syntax-check: drop update-NEWS-hash syntax-check: exclude: remove deleted files syntax-check: exclude: remove virstring syntax-check: remove README syntax-check: remove some exception mechanisms build-aux/syntax-check.mk | 73 +++------------------------------------ 1 file changed, 5 insertions(+), 68 deletions(-) -- 2.24.1

2 10

glib crash via eventtest.c
by Cole Robinson 10 Feb '20

10 Feb '20

I attempted to review some patches on Friday and started hitting occasional crashes via eventtest.c. Long story short it's a glib bug: https://gitlab.gnome.org/GNOME/glib/merge_requests/1358 It's a ref counting issue caused when g_source_remove (virEventRemoveHandle) is called from one thread, while the main loop is in a particular state in a different thread. The way vireventglib is implemented means every user initiated g_source_remove is likely called from a different thread so we risk hitting this. Not sure how likely it is in realworld usage, vireventtest.c is pretty pathologic in this area. We could change vireventglib.c to do the final source_unref from the idle callback which would avoid the problem Thanks, Cole

2 1

Fwd: FW: [libvirt PATCH 0/6] Introduce Local Migration Support in Libvirt
by Prerna 10 Feb '20

10 Feb '20

On 2/3/20, 7:16 PM, "Daniel P. Berrangé" <berrange(a)redhat.com> wrote: On Mon, Feb 03, 2020 at 10:42:48AM -0300, Daniel Henrique Barboza wrote: > Hi Daniel, > > I am happy that Libvirt is pushing local migration/live patching support, but > at the same time I am wondering what changed from what you said here: Err, this isn't libvirt pushing local migration. I'm simply re-posting these patches on behalf of Shaju who is unable to post the patches due to our broken mail server. Don't take this as meaning that I approve of the patches. They're simply here for discussion as any other patch proposal is. Thank you for forwarding the patch to the list, Danpb. That is largely still my view. Sure, and we will be happy to discuss this further, as noted below :) > To give you a background, we have live patching enhancements in IBM backlog > since a few years ago, and one on the reasons these were being postponed > time and time again were the lack of Libvirt support and this direction of > "Libvirt is not interested in supporting it". And this message above was being > used internally as the rationale for it. Hi Daniel HB, Thank you for pointing out the fact that this has been in discussion since 2013. While Shaju's patches were independent as an RFC, we will be happy to collaborate to push for a joint solution. The fact that this has been requested time and again, and the fact that most commercial cloud deployments out there already have an in-place upgrade story [1] [2] -- should be good reason we holistically examine the use case once again. [1] https://kb.vmware.com/s/article/2005389 [2] https://dl.acm.org/doi/10.1145/3297858.3304034 Danpb had explained in much detail as to why mangling file and particularly socket paths can be messy in this patchset. However, even if libvirtd blocks in-place migrations for such legacy VMs until apps switch to more stringent XML semantics, it still may help cutting edge apps that intend to leverage this. I understand the presence of collision-causing file and socket paths can easily be checked as pre-migration checks, and should be trivial to implement. We can include a revised patchset with this check in place. Support for this feature has been present in qemu for a while for this use-case, and so maybe it is time we pass on the goodness up the stack as well. Happy to discuss more details on implementation and semantics, Warm regards, Prerna Saxena

1 0

撤回: [PATCH 6/6] docs: update virt-admin.rst for server-update-tls
by Zhangbo (Oscar) 09 Feb '20

09 Feb '20

Zhangbo (Oscar) 将撤回邮件“[PATCH 6/6] docs: update virt-admin.rst for server-update-tls”。

1 0

撤回: [PATCH 5/6] virt-admin: Introduce command srv-update-tls
by Zhangbo (Oscar) 09 Feb '20

09 Feb '20

Zhangbo (Oscar) 将撤回邮件“[PATCH 5/6] virt-admin: Introduce command srv-update-tls”。

1 0

撤回: [PATCH 4/6] admin: support server cert update mode
by Zhangbo (Oscar) 09 Feb '20

09 Feb '20

Zhangbo (Oscar) 将撤回邮件“[PATCH 4/6] admin: support server cert update mode”。

1 0

撤回: [PATCH 3/6] admin: Introduce virAdmServerUpdateTlsFiles
by Zhangbo (Oscar) 09 Feb '20

09 Feb '20

Zhangbo (Oscar) 将撤回邮件“[PATCH 3/6] admin: Introduce virAdmServerUpdateTlsFiles”。

1 0

撤回: [PATCH 2/6] virnetserver: Introduce virNetServerUpdateTlsFiles
by Zhangbo (Oscar) 09 Feb '20

09 Feb '20

Zhangbo (Oscar) 将撤回邮件“[PATCH 2/6] virnetserver: Introduce virNetServerUpdateTlsFiles”。

1 0

撤回: [PATCH 1/6] virnettlscontext: refactoring virNetTLSContextLoadCredentials
by Zhangbo (Oscar) 09 Feb '20

09 Feb '20

Zhangbo (Oscar) 将撤回邮件“[PATCH 1/6] virnettlscontext: refactoring virNetTLSContextLoadCredentials”。

1 0

撤回: [PATCH 0/6] update tls files without restarting libvirtd
by Zhangbo (Oscar) 09 Feb '20

09 Feb '20

Zhangbo (Oscar) 将撤回邮件“[PATCH 0/6] update tls files without restarting libvirtd”。

1 0

[PATCH 6/6] docs: update virt-admin.rst for server-update-tls
by Zhangbo (Oscar) 09 Feb '20

09 Feb '20

Update the manpage for the 'server-update-tls' command --- docs/manpages/virt-admin.rst | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/docs/manpages/virt-admin.rst b/docs/manpages/virt-admin.rst index 51c3d3917e..e19d1f1577 100644 --- a/docs/manpages/virt-admin.rst +++ b/docs/manpages/virt-admin.rst @@ -442,6 +442,27 @@ Set new client-related limits on *server*. *--max-clients*. +server-update-tls +----------------- + +**Syntax:** + +.. code-block:: + + server-update-tls server [--filetypes types] + +Update tls context on *server*. + +- *server* + + Available servers on a daemon. Currently only supports 'libvirtd'. + +- *--filetypes* + + Indicate which TLS related files need to be updated, such as CA cert, CA CRL, + server cert/key. ``types`` is bitwise-OR of tls related files. + + CLIENT COMMANDS =============== -- 2.23.0.windows.1

1 0

[PATCH 5/6] virt-admin: Introduce command srv-update-tls
by Zhangbo (Oscar) 09 Feb '20

09 Feb '20

wire-up virAdmServerUpdateTlsFiles API into virt-admin client. --- tools/virt-admin.c | 88 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) diff --git a/tools/virt-admin.c b/tools/virt-admin.c index 32edfe5757..85235ae03d 100644 --- a/tools/virt-admin.c +++ b/tools/virt-admin.c @@ -957,6 +957,84 @@ cmdSrvClientsSet(vshControl *ctl, const vshCmd *cmd) goto cleanup; } +/* ------------------------ + * Command srv-update-tls + * ------------------------ + */ +static const vshCmdInfo info_srv_update_tls_file[] = { + {.name = "help", + .data = N_("notify server to update TLS related files online.") + }, + {.name = "desc", + .data = N_("notify server to update the CA cert, " + "CA CRL, server cert / key without restarts. " + "See OPTIONS for currently supported attributes.") + }, + {.name = NULL} +}; + +static const vshCmdOptDef opts_srv_update_tls_file[] = { + {.name = "server", + .type = VSH_OT_DATA, + .flags = VSH_OFLAG_REQ, + .help = N_("Available servers on a daemon. " + "Currently only supports 'libvirtd'.") + }, + {.name = "filetypes", + .type = VSH_OT_INT, + .flags = VSH_OFLAG_REQ, + .help = N_("filetypes that need to be updated. " + "bitwise-OR of tls filetypes flags.\n" + " parameter Description:\n" + " --filetypes 1 ===> cacert\n" + " --filetypes 2 ===> cacrl\n" + " --filetypes 4 ===> server-cert\n" + " --filetypes 8 ===> server-key\n" + " or a combination of several values. eg:\n" + " --filetypes 3 ===> cacert | cacrl\n" + " notice:\n" + " server cert and key must be updated together.\n") + }, + {.name = NULL} +}; + +static bool +cmdSrvUpdateTlsFiles(vshControl *ctl, const vshCmd *cmd) +{ + bool ret = false; + const char *srvname = NULL; + unsigned int filetypes; + + virAdmServerPtr srv = NULL; + vshAdmControlPtr priv = ctl->privData; + + if (vshCommandOptStringReq(ctl, cmd, "server", &srvname) < 0) + return false; + + if (vshCommandOptUInt(ctl, cmd, "filetypes", &filetypes) < 0) + return false; + + if (filetypes == 0) { + vshError(ctl, "%s", _("filetypes can not be 0.")); + goto cleanup; + } + + if (!(srv = virAdmConnectLookupServer(priv->conn, srvname, 0))) + goto cleanup; + + if (virAdmServerUpdateTlsFiles(srv, filetypes, VIR_TLS_UPDATE_CLEAR) < 0) { + vshError(ctl, "%s", _("Unable to update server's tls related files.")); + goto cleanup; + } + + ret = true; + vshPrint(ctl, "update tls related files succeed\n"); + + cleanup: + virAdmServerFree(srv); + return ret; +} + /* -------------------------- * Command daemon-log-filters * -------------------------- @@ -1436,6 +1514,16 @@ static const vshCmdDef managementCmds[] = { .info = info_srv_clients_set, .flags = 0 }, + {.name = "srv-update-tls", + .flags = VSH_CMD_FLAG_ALIAS, + .alias = "server-update-tls" + }, + {.name = "server-update-tls", + .handler = cmdSrvUpdateTlsFiles, + .opts = opts_srv_update_tls_file, + .info = info_srv_update_tls_file, + .flags = 0 + }, {.name = "daemon-log-filters", .handler = cmdDaemonLogFilters, .opts = opts_daemon_log_filters, -- 2.23.0.windows.1

1 0

[PATCH 4/6] admin: support server cert update mode
by Zhangbo (Oscar) 09 Feb '20

09 Feb '20

virAdmServerUpdateTlsFiles: @flags specifies how to update server cert/key in tls service. Two modes are currently supported: append mode and clear mode, means whether to clear the original cert then add the new one, or just append to the original one. --- include/libvirt/libvirt-admin.h | 14 ++++++++++++++ src/admin/admin_server.c | 7 +------ src/admin/libvirt-admin.c | 7 ++++++- src/rpc/virnetserver.c | 17 +++++++++++++---- src/rpc/virnetserver.h | 3 ++- src/rpc/virnettlscontext.c | 7 +++++-- src/rpc/virnettlscontext.h | 3 ++- 7 files changed, 43 insertions(+), 15 deletions(-) diff --git a/include/libvirt/libvirt-admin.h b/include/libvirt/libvirt-admin.h index 6e38261129..dfdd81ae83 100644 --- a/include/libvirt/libvirt-admin.h +++ b/include/libvirt/libvirt-admin.h @@ -392,6 +392,20 @@ int virAdmClientClose(virAdmClientPtr client, unsigned int flags); # define VIR_SERVER_CLIENTS_UNAUTH_CURRENT "nclients_unauth" +typedef enum { + /* free old credentials and then set new tls context. + */ + VIR_TLS_UPDATE_CLEAR = 0, + + /* do not clear original certificates and keys. + */ + VIR_TLS_UPDATE_APPEND = 1, + + /* boundary value for flag check (unreachable). + */ + VIR_TLS_UPDATE_FLAG_MAX = 2, +} virServerTlsUpdateFlag; + /* tls related filetype flags. */ typedef enum { VIR_TLS_FILE_TYPE_CA_CERT = (1U << 0), diff --git a/src/admin/admin_server.c b/src/admin/admin_server.c index 558913367b..43c7e00d90 100644 --- a/src/admin/admin_server.c +++ b/src/admin/admin_server.c @@ -373,10 +373,5 @@ adminServerUpdateTlsFiles(virNetServerPtr srv, unsigned int filetypes, unsigned int flags) { - virCheckFlags(0, -1); - - if (virNetServerUpdateTlsFiles(srv, filetypes) < 0) - return -1; - - return 0; + return virNetServerUpdateTlsFiles(srv, filetypes, flags); } diff --git a/src/admin/libvirt-admin.c b/src/admin/libvirt-admin.c index f3f92ed91c..b6ba72b577 100644 --- a/src/admin/libvirt-admin.c +++ b/src/admin/libvirt-admin.c @@ -1086,12 +1086,17 @@ virAdmServerSetClientLimits(virAdmServerPtr srv, * virAdmServerUpdateTlsFiles: * @srv: a valid server object reference * @filetypes: bitwise-OR of virServerTlsFiletype - * @flags: extra flags; not used yet, so callers should always pass 0 + * @flags: mode that specifies the update method * * Notify server to update tls file, such as cacert, cacrl, server cert / key. * Mark the files that need to be updated by the @filetypes parameter. * See virServerTlsFiletype for detailed description of accepted filetypes. * + * @flags specifies how to update server cert/key in tls service, + * and is either the value VIR_TLS_UPDATE_APPEND, or VIR_TLS_UPDATE_CLEAR. + * The default value is VIR_TLS_UPDATE_CLEAR. See virServerTlsUpdateFlag for + * detailed description. + * * Returns 0 if the TLS files have been updated successfully or -1 in case of an * error. */ diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c index 65ec677d0a..72c4d37bc6 100644 --- a/src/rpc/virnetserver.c +++ b/src/rpc/virnetserver.c @@ -1226,7 +1226,8 @@ virNetServerGetTLSContext(virNetServerPtr srv) return ctxt; } -static int virNetServerUpdateTlsFilesCheckParams(unsigned int filetypes) +static int virNetServerUpdateTlsFilesCheckParams(unsigned int filetypes, + unsigned int flags) { bool haveSrvCert = filetypes & VIR_TLS_FILE_TYPE_SERVER_CERT; bool haveSrvKey = filetypes & VIR_TLS_FILE_TYPE_SERVER_KEY; @@ -1239,12 +1240,20 @@ static int virNetServerUpdateTlsFilesCheckParams(unsigned int filetypes) return -1; } + if (flags >= VIR_TLS_UPDATE_FLAG_MAX) { + virReportError(VIR_ERR_SYSTEM_ERROR, + _("don not support flags: %d"), + flags); + return -1; + } + return 0; } int virNetServerUpdateTlsFiles(virNetServerPtr srv, - unsigned int filetypes) + unsigned int filetypes, + unsigned int flags) { int ret = -1; #ifndef WITH_GNUTLS @@ -1254,7 +1263,7 @@ virNetServerUpdateTlsFiles(virNetServerPtr srv, #else virNetTLSContextPtr ctxt = NULL; - if (virNetServerUpdateTlsFilesCheckParams(filetypes)) + if (virNetServerUpdateTlsFilesCheckParams(filetypes, flags)) return -1; virObjectLock(srv); @@ -1266,7 +1275,7 @@ virNetServerUpdateTlsFiles(virNetServerPtr srv, goto cleanup; } - if (virNetTLSContextReload(ctxt, filetypes)) { + if (virNetTLSContextReload(ctxt, filetypes, flags)) { VIR_ERROR(_("reload server's tls context fail")); goto cleanup; } diff --git a/src/rpc/virnetserver.h b/src/rpc/virnetserver.h index 99466dd041..1a905aa483 100644 --- a/src/rpc/virnetserver.h +++ b/src/rpc/virnetserver.h @@ -135,4 +135,5 @@ int virNetServerSetClientLimits(virNetServerPtr srv, long long int maxClientsUnauth); int virNetServerUpdateTlsFiles(virNetServerPtr srv, - unsigned int filetypes); + unsigned int filetypes, + unsigned int flags); diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c index 8baa6a15b2..a66aaece69 100644 --- a/src/rpc/virnettlscontext.c +++ b/src/rpc/virnettlscontext.c @@ -1140,7 +1140,8 @@ void virNetTLSContextDispose(void *obj) } int virNetTLSContextReload(virNetTLSContextPtr ctxt, - unsigned int filetypes) + unsigned int filetypes, + unsigned int flags) { int ret = -1; char *cacert = NULL; @@ -1165,7 +1166,9 @@ int virNetTLSContextReload(virNetTLSContextPtr ctxt, } if (filetypes & VIR_TLS_FILE_TYPE_SERVER_CERT) { - gnutls_certificate_free_keys(ctxt->x509cred); + if (flags == VIR_TLS_UPDATE_CLEAR) + gnutls_certificate_free_keys(ctxt->x509cred); + if (virNetTLSContextSetCertAndKey(ctxt, cert, key, false)) goto cleanup; } diff --git a/src/rpc/virnettlscontext.h b/src/rpc/virnettlscontext.h index 9e83caf255..929487af99 100644 --- a/src/rpc/virnettlscontext.h +++ b/src/rpc/virnettlscontext.h @@ -66,7 +66,8 @@ int virNetTLSContextCheckCertificate(virNetTLSContextPtr ctxt, virNetTLSSessionPtr sess); int virNetTLSContextReload(virNetTLSContextPtr ctxt, - unsigned int filetypes); + unsigned int filetypes, + unsigned int flags); typedef ssize_t (*virNetTLSSessionWriteFunc)(const char *buf, size_t len, void *opaque); -- 2.23.0.windows.1

1 0

[PATCH 3/6] admin: Introduce virAdmServerUpdateTlsFiles
by Zhangbo (Oscar) 09 Feb '20

09 Feb '20

The server needs to use CA certificate, CRL, server certificate/key to complete the TLS handshake. If these files change, we need to restart libvirtd for them to take effect. This API can update the TLS context without restarting libvirtd. --- include/libvirt/libvirt-admin.h | 4 ++++ src/admin/admin_protocol.x | 13 ++++++++++- src/admin/admin_server.c | 13 +++++++++++ src/admin/admin_server.h | 4 ++++ src/admin/libvirt-admin.c | 34 ++++++++++++++++++++++++++++ src/admin/libvirt_admin_private.syms | 1 + src/admin/libvirt_admin_public.syms | 1 + 7 files changed, 69 insertions(+), 1 deletion(-) diff --git a/include/libvirt/libvirt-admin.h b/include/libvirt/libvirt-admin.h index 3edc044490..6e38261129 100644 --- a/include/libvirt/libvirt-admin.h +++ b/include/libvirt/libvirt-admin.h @@ -410,6 +410,10 @@ int virAdmServerSetClientLimits(virAdmServerPtr srv, int nparams, unsigned int flags); +int virAdmServerUpdateTlsFiles(virAdmServerPtr srv, + unsigned int filetypes, + unsigned int flags); + int virAdmConnectGetLoggingOutputs(virAdmConnectPtr conn, char **outputs, unsigned int flags); diff --git a/src/admin/admin_protocol.x b/src/admin/admin_protocol.x index 42e215d23a..0fc8c54c80 100644 --- a/src/admin/admin_protocol.x +++ b/src/admin/admin_protocol.x @@ -181,6 +181,12 @@ struct admin_server_set_client_limits_args { unsigned int flags; }; +struct admin_server_update_tls_files_args { + admin_nonnull_server srv; + unsigned int filetypes; + unsigned int flags; +}; + struct admin_connect_get_logging_outputs_args { unsigned int flags; }; @@ -314,5 +320,10 @@ enum admin_procedure { /** * @generate: both */ - ADMIN_PROC_CONNECT_SET_LOGGING_FILTERS = 17 + ADMIN_PROC_CONNECT_SET_LOGGING_FILTERS = 17, + + /** + * @generate: both + */ + ADMIN_PROC_SERVER_UPDATE_TLS_FILES = 18 }; diff --git a/src/admin/admin_server.c b/src/admin/admin_server.c index ba87f701c3..558913367b 100644 --- a/src/admin/admin_server.c +++ b/src/admin/admin_server.c @@ -367,3 +367,16 @@ adminServerSetClientLimits(virNetServerPtr srv, return 0; } + +int +adminServerUpdateTlsFiles(virNetServerPtr srv, + unsigned int filetypes, + unsigned int flags) +{ + virCheckFlags(0, -1); + + if (virNetServerUpdateTlsFiles(srv, filetypes) < 0) + return -1; + + return 0; +} diff --git a/src/admin/admin_server.h b/src/admin/admin_server.h index 1d5cbec55f..bd355017f2 100644 --- a/src/admin/admin_server.h +++ b/src/admin/admin_server.h @@ -67,3 +67,7 @@ int adminServerSetClientLimits(virNetServerPtr srv, virTypedParameterPtr params, int nparams, unsigned int flags); + +int adminServerUpdateTlsFiles(virNetServerPtr srv, + unsigned int filetypes, + unsigned int flags); diff --git a/src/admin/libvirt-admin.c b/src/admin/libvirt-admin.c index 4099a54854..f3f92ed91c 100644 --- a/src/admin/libvirt-admin.c +++ b/src/admin/libvirt-admin.c @@ -1082,6 +1082,40 @@ virAdmServerSetClientLimits(virAdmServerPtr srv, return ret; } +/** + * virAdmServerUpdateTlsFiles: + * @srv: a valid server object reference + * @filetypes: bitwise-OR of virServerTlsFiletype + * @flags: extra flags; not used yet, so callers should always pass 0 + * + * Notify server to update tls file, such as cacert, cacrl, server cert / key. + * Mark the files that need to be updated by the @filetypes parameter. + * See virServerTlsFiletype for detailed description of accepted filetypes. + * + * Returns 0 if the TLS files have been updated successfully or -1 in case of an + * error. + */ +int +virAdmServerUpdateTlsFiles(virAdmServerPtr srv, + unsigned int filetypes, + unsigned int flags) +{ + int ret = -1; + + VIR_DEBUG("srv=%p, filetypes=%u, flags=0x%x", srv, filetypes, flags); + virResetLastError(); + + virCheckAdmServerGoto(srv, error); + + if ((ret = remoteAdminServerUpdateTlsFiles(srv, filetypes, flags)) < 0) + goto error; + + return ret; + error: + virDispatchError(NULL); + return ret; +} + /** * virAdmConnectGetLoggingOutputs: * @conn: pointer to an active admin connection diff --git a/src/admin/libvirt_admin_private.syms b/src/admin/libvirt_admin_private.syms index 9526412de8..157a45341e 100644 --- a/src/admin/libvirt_admin_private.syms +++ b/src/admin/libvirt_admin_private.syms @@ -31,6 +31,7 @@ xdr_admin_server_lookup_client_args; xdr_admin_server_lookup_client_ret; xdr_admin_server_set_client_limits_args; xdr_admin_server_set_threadpool_parameters_args; +xdr_admin_server_update_tls_files_args; # datatypes.h virAdmClientClass; diff --git a/src/admin/libvirt_admin_public.syms b/src/admin/libvirt_admin_public.syms index 9a3f843780..8126973e5b 100644 --- a/src/admin/libvirt_admin_public.syms +++ b/src/admin/libvirt_admin_public.syms @@ -38,6 +38,7 @@ LIBVIRT_ADMIN_2.0.0 { virAdmClientClose; virAdmServerGetClientLimits; virAdmServerSetClientLimits; + virAdmServerUpdateTlsFiles; }; LIBVIRT_ADMIN_3.0.0 { -- 2.23.0.windows.1

1 0

[PATCH 2/6] virnetserver: Introduce virNetServerUpdateTlsFiles
by Zhangbo (Oscar) 09 Feb '20

09 Feb '20

Add an API to update server's tls context before admin method can be introduced. --- include/libvirt/libvirt-admin.h | 8 ++++ src/libvirt_remote.syms | 1 + src/rpc/virnetserver.c | 72 +++++++++++++++++++++++++++++++++ src/rpc/virnetserver.h | 3 ++ src/rpc/virnetserverclient.c | 4 ++ src/rpc/virnettlscontext.c | 41 +++++++++++++++++++ src/rpc/virnettlscontext.h | 2 + 7 files changed, 131 insertions(+) diff --git a/include/libvirt/libvirt-admin.h b/include/libvirt/libvirt-admin.h index abf2792926..3edc044490 100644 --- a/include/libvirt/libvirt-admin.h +++ b/include/libvirt/libvirt-admin.h @@ -392,6 +392,14 @@ int virAdmClientClose(virAdmClientPtr client, unsigned int flags); # define VIR_SERVER_CLIENTS_UNAUTH_CURRENT "nclients_unauth" +/* tls related filetype flags. */ +typedef enum { + VIR_TLS_FILE_TYPE_CA_CERT = (1U << 0), + VIR_TLS_FILE_TYPE_CA_CRL = (1U << 1), + VIR_TLS_FILE_TYPE_SERVER_CERT = (1U << 2), + VIR_TLS_FILE_TYPE_SERVER_KEY = (1U << 3), +} virServerTlsFiletype; + int virAdmServerGetClientLimits(virAdmServerPtr srv, virTypedParameterPtr *params, int *nparams, diff --git a/src/libvirt_remote.syms b/src/libvirt_remote.syms index 0493467f46..0018a0c41d 100644 --- a/src/libvirt_remote.syms +++ b/src/libvirt_remote.syms @@ -137,6 +137,7 @@ virNetServerSetClientLimits; virNetServerSetThreadPoolParameters; virNetServerSetTLSContext; virNetServerUpdateServices; +virNetServerUpdateTlsFiles; # rpc/virnetserverclient.h diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c index c87dade1a8..65ec677d0a 100644 --- a/src/rpc/virnetserver.c +++ b/src/rpc/virnetserver.c @@ -1207,3 +1207,75 @@ virNetServerSetClientLimits(virNetServerPtr srv, virObjectUnlock(srv); return ret; } + +static virNetTLSContextPtr +virNetServerGetTLSContext(virNetServerPtr srv) +{ + size_t i; + virNetTLSContextPtr ctxt = NULL; + virNetServerServicePtr svc = NULL; + + /* find svcTLS from srv, get svcTLS->tls */ + for (i = 0; i < srv->nservices; i++) { + svc = srv->services[i]; + ctxt = virNetServerServiceGetTLSContext(svc); + if (ctxt != NULL) + break; + } + + return ctxt; +} + +static int virNetServerUpdateTlsFilesCheckParams(unsigned int filetypes) +{ + bool haveSrvCert = filetypes & VIR_TLS_FILE_TYPE_SERVER_CERT; + bool haveSrvKey = filetypes & VIR_TLS_FILE_TYPE_SERVER_KEY; + + if ((haveSrvCert && !haveSrvKey) || + (!haveSrvCert && haveSrvKey)) { + virReportError(VIR_ERR_SYSTEM_ERROR, + _("server cert/key must be updated together. " + "filetypes: %d"), filetypes); + return -1; + } + + return 0; +} + +int +virNetServerUpdateTlsFiles(virNetServerPtr srv, + unsigned int filetypes) +{ + int ret = -1; +#ifndef WITH_GNUTLS + virReportError(VIR_ERR_SYSTEM_ERROR, + _("Don't support GNUTLS, can't to update filetypes: %d"), + filetypes); +#else + virNetTLSContextPtr ctxt = NULL; + + if (virNetServerUpdateTlsFilesCheckParams(filetypes)) + return -1; + + virObjectLock(srv); + + ctxt = virNetServerGetTLSContext(srv); + if (!ctxt) { + VIR_ERROR(_("no tls svc found, can't to update filetypes: %d"), + filetypes); + goto cleanup; + } + + if (virNetTLSContextReload(ctxt, filetypes)) { + VIR_ERROR(_("reload server's tls context fail")); + goto cleanup; + } + + VIR_INFO("update all tls files complete, filetypes: %d", filetypes); + ret = 0; + + cleanup: + virObjectUnlock(srv); +#endif + return ret; +} diff --git a/src/rpc/virnetserver.h b/src/rpc/virnetserver.h index 260c99b22d..99466dd041 100644 --- a/src/rpc/virnetserver.h +++ b/src/rpc/virnetserver.h @@ -133,3 +133,6 @@ size_t virNetServerGetCurrentUnauthClients(virNetServerPtr srv); int virNetServerSetClientLimits(virNetServerPtr srv, long long int maxClients, long long int maxClientsUnauth); + +int virNetServerUpdateTlsFiles(virNetServerPtr srv, + unsigned int filetypes); diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c index 67b3bf9531..f0952cadde 100644 --- a/src/rpc/virnetserverclient.c +++ b/src/rpc/virnetserverclient.c @@ -1117,7 +1117,9 @@ int virNetServerClientInit(virNetServerClientPtr client) client->tls); /* Begin the TLS handshake. */ + virObjectLock(client->tlsCtxt); ret = virNetTLSSessionHandshake(client->tls); + virObjectUnlock(client->tlsCtxt); if (ret == 0) { /* Unlikely, but ... Next step is to check the certificate. */ if (virNetServerClientCheckAccess(client) < 0) @@ -1438,7 +1440,9 @@ virNetServerClientDispatchHandshake(virNetServerClientPtr client) { int ret; /* Continue the handshake. */ + virObjectLock(client->tlsCtxt); ret = virNetTLSSessionHandshake(client->tls); + virObjectUnlock(client->tlsCtxt); if (ret == 0) { /* Finished. Next step is to check the certificate. */ if (virNetServerClientCheckAccess(client) < 0) diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c index 12811bed78..8baa6a15b2 100644 --- a/src/rpc/virnettlscontext.c +++ b/src/rpc/virnettlscontext.c @@ -1139,6 +1139,47 @@ void virNetTLSContextDispose(void *obj) gnutls_certificate_free_credentials(ctxt->x509cred); } +int virNetTLSContextReload(virNetTLSContextPtr ctxt, + unsigned int filetypes) +{ + int ret = -1; + char *cacert = NULL; + char *cacrl = NULL; + char *cert = NULL; + char *key = NULL; + + virObjectLock(ctxt); + + if (virNetTLSContextLocateCredentials(NULL, false, true, + &cacert, &cacrl, &cert, &key) < 0) + goto cleanup; + + if (filetypes & VIR_TLS_FILE_TYPE_CA_CERT) { + if (virNetTLSContextSetCACert(ctxt, cacert, false)) + goto cleanup; + } + + if (filetypes & VIR_TLS_FILE_TYPE_CA_CRL) { + if (virNetTLSContextSetCACRL(ctxt, cacrl, false)) + goto cleanup; + } + + if (filetypes & VIR_TLS_FILE_TYPE_SERVER_CERT) { + gnutls_certificate_free_keys(ctxt->x509cred); + if (virNetTLSContextSetCertAndKey(ctxt, cert, key, false)) + goto cleanup; + } + + ret = 0; + + cleanup: + virObjectUnlock(ctxt); + VIR_FREE(cacert); + VIR_FREE(cacrl); + VIR_FREE(key); + VIR_FREE(cert); + return ret; +} static ssize_t virNetTLSSessionPush(void *opaque, const void *buf, size_t len) diff --git a/src/rpc/virnettlscontext.h b/src/rpc/virnettlscontext.h index f3273bc26a..9e83caf255 100644 --- a/src/rpc/virnettlscontext.h +++ b/src/rpc/virnettlscontext.h @@ -65,6 +65,8 @@ virNetTLSContextPtr virNetTLSContextNewClient(const char *cacert, int virNetTLSContextCheckCertificate(virNetTLSContextPtr ctxt, virNetTLSSessionPtr sess); +int virNetTLSContextReload(virNetTLSContextPtr ctxt, + unsigned int filetypes); typedef ssize_t (*virNetTLSSessionWriteFunc)(const char *buf, size_t len, void *opaque); -- 2.23.0.windows.1

1 0

[PATCH 1/6] virnettlscontext: refactoring virNetTLSContextLoadCredentials
by Zhangbo (Oscar) 09 Feb '20

09 Feb '20

Encapsulate the code for setting TLS-related files into functions, which is convenient for other modules to call. --- src/rpc/virnettlscontext.c | 135 ++++++++++++++++++++++--------------- 1 file changed, 82 insertions(+), 53 deletions(-) diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c index 44f0dfce77..12811bed78 100644 --- a/src/rpc/virnettlscontext.c +++ b/src/rpc/virnettlscontext.c @@ -594,6 +594,85 @@ static int virNetTLSContextSanityCheckCredentials(bool isServer, return ret; } +static int virNetTLSContextSetCACert(virNetTLSContextPtr ctxt, + const char *cacert, + bool allowMissing) +{ + int err; + if (virNetTLSContextCheckCertFile("CA certificate", cacert, allowMissing) < 0) + return -1; + + VIR_DEBUG("loading CA cert from %s", cacert); + err = gnutls_certificate_set_x509_trust_file(ctxt->x509cred, + cacert, + GNUTLS_X509_FMT_PEM); + if (err < 0) { + virReportError(VIR_ERR_SYSTEM_ERROR, + _("Unable to set x509 CA certificate: %s: %s"), + cacert, gnutls_strerror(err)); + return -1; + } + + return 0; +} + +static int virNetTLSContextSetCACRL(virNetTLSContextPtr ctxt, + const char *cacrl, + bool allowMissing) +{ + int rv, err; + if ((rv = virNetTLSContextCheckCertFile("CA revocation list", cacrl, allowMissing)) < 0) + return -1; + + if (rv == 0) { + VIR_DEBUG("loading CRL from %s", cacrl); + err = gnutls_certificate_set_x509_crl_file(ctxt->x509cred, + cacrl, + GNUTLS_X509_FMT_PEM); + if (err < 0) { + virReportError(VIR_ERR_SYSTEM_ERROR, + _("Unable to set x509 certificate revocation list: %s: %s"), + cacrl, gnutls_strerror(err)); + return -1; + } + } else { + VIR_DEBUG("Skipping non-existent CA CRL %s", cacrl); + } + + return 0; +} + +static int virNetTLSContextSetCertAndKey(virNetTLSContextPtr ctxt, + const char *cert, + const char *key, + bool allowMissing) +{ + int rv, err; + if ((rv = virNetTLSContextCheckCertFile("certificate", cert, allowMissing)) < 0) + return -1; + if (rv == 0 && + (rv = virNetTLSContextCheckCertFile("private key", key, allowMissing)) < 0) + return -1; + + if (rv == 0) { + VIR_DEBUG("loading cert and key from %s and %s", cert, key); + err = + gnutls_certificate_set_x509_key_file(ctxt->x509cred, + cert, key, + GNUTLS_X509_FMT_PEM); + if (err < 0) { + virReportError(VIR_ERR_SYSTEM_ERROR, + _("Unable to set x509 key and certificate: %s, %s: %s"), + key, cert, gnutls_strerror(err)); + return -1; + } + } else { + VIR_DEBUG("Skipping non-existent cert %s key %s on client", + cert, key); + } + + return 0; +} static int virNetTLSContextLoadCredentials(virNetTLSContextPtr ctxt, bool isServer, @@ -602,69 +681,19 @@ static int virNetTLSContextLoadCredentials(virNetTLSContextPtr ctxt, const char *cert, const char *key) { - int err; - if (cacert && cacert[0] != '\0') { - if (virNetTLSContextCheckCertFile("CA certificate", cacert, false) < 0) - return -1; - - VIR_DEBUG("loading CA cert from %s", cacert); - err = gnutls_certificate_set_x509_trust_file(ctxt->x509cred, - cacert, - GNUTLS_X509_FMT_PEM); - if (err < 0) { - virReportError(VIR_ERR_SYSTEM_ERROR, - _("Unable to set x509 CA certificate: %s: %s"), - cacert, gnutls_strerror(err)); + if (virNetTLSContextSetCACert(ctxt, cacert, false)) return -1; - } } if (cacrl && cacrl[0] != '\0') { - int rv; - if ((rv = virNetTLSContextCheckCertFile("CA revocation list", cacrl, true)) < 0) + if (virNetTLSContextSetCACRL(ctxt, cacrl, true)) return -1; - - if (rv == 0) { - VIR_DEBUG("loading CRL from %s", cacrl); - err = gnutls_certificate_set_x509_crl_file(ctxt->x509cred, - cacrl, - GNUTLS_X509_FMT_PEM); - if (err < 0) { - virReportError(VIR_ERR_SYSTEM_ERROR, - _("Unable to set x509 certificate revocation list: %s: %s"), - cacrl, gnutls_strerror(err)); - return -1; - } - } else { - VIR_DEBUG("Skipping non-existent CA CRL %s", cacrl); - } } if (cert && cert[0] != '\0' && key && key[0] != '\0') { - int rv; - if ((rv = virNetTLSContextCheckCertFile("certificate", cert, !isServer)) < 0) + if (virNetTLSContextSetCertAndKey(ctxt, cert, key, !isServer)) return -1; - if (rv == 0 && - (rv = virNetTLSContextCheckCertFile("private key", key, !isServer)) < 0) - return -1; - - if (rv == 0) { - VIR_DEBUG("loading cert and key from %s and %s", cert, key); - err = - gnutls_certificate_set_x509_key_file(ctxt->x509cred, - cert, key, - GNUTLS_X509_FMT_PEM); - if (err < 0) { - virReportError(VIR_ERR_SYSTEM_ERROR, - _("Unable to set x509 key and certificate: %s, %s: %s"), - key, cert, gnutls_strerror(err)); - return -1; - } - } else { - VIR_DEBUG("Skipping non-existent cert %s key %s on client", - cert, key); - } } return 0; -- 2.23.0.windows.1

1 0

[PATCH 0/6] update tls files without restarting libvirtd
by Zhangbo (Oscar) 09 Feb '20

09 Feb '20

When a client wants to establish a TLS connection with libvirtd, a CRL file， CA cert and server cert/key are used. Right now, if these files are changed, you must restart libvirtd to make them take effect. The restart behavior of libvirtd will cause clients connecting with libvirtd to fail. In a server cluster, these files, mostly the CRL, may be updated quite frequently dueto the large amount of certificates. If the new file does not take effect in time, there are security risks. So you may need to restart libvirtd frequently to make the CRL etc. take effect in time. However, frequent restarts will affect the reliability of cluster virtual machine management(such as openstack) services. These patches add a virt-admin command to update the tls related files *online*. Zhang Bo (6): virnettlscontext: refactoring virNetTLSContextLoadCredentials virnetserver: Introduce virNetServerUpdateTlsFiles admin: Introduce virAdmServerUpdateTlsFiles admin: support server cert update mode virt-admin: Introduce command srv-update-tls docs: update virt-admin.rst for server-update-tls docs/manpages/virt-admin.rst | 21 ++++ include/libvirt/libvirt-admin.h | 26 ++++ src/admin/admin_protocol.x | 13 +- src/admin/admin_server.c | 8 ++ src/admin/admin_server.h | 4 + src/admin/libvirt-admin.c | 39 ++++++ src/admin/libvirt_admin_private.syms | 1 + src/admin/libvirt_admin_public.syms | 1 + src/libvirt_remote.syms | 1 + src/rpc/virnetserver.c | 81 ++++++++++++ src/rpc/virnetserver.h | 4 + src/rpc/virnetserverclient.c | 4 + src/rpc/virnettlscontext.c | 179 +++++++++++++++++++-------- src/rpc/virnettlscontext.h | 3 + tools/virt-admin.c | 88 +++++++++++++ 15 files changed, 419 insertions(+), 54 deletions(-) -- 2.23.0.windows.1

1 0

[libvirt PATCH] src: use closefrom() for mass closing of FDs
by Daniel P. Berrangé 09 Feb '20

09 Feb '20

On FreeBSD 12 the default ulimit settings allow for 100,000 open file descriptors. As a result spawning processes in libvirt is abominably slow. Fortunately FreeBSD has long since provided a good solution in the form of closefrom(), which closes all FDs equal to or larger than the specified parameter. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- src/util/vircommand.c | 60 ++++++++++++++++++++++++++++++++++++++++--- tests/testutils.c | 9 +++++++ 2 files changed, 66 insertions(+), 3 deletions(-) diff --git a/src/util/vircommand.c b/src/util/vircommand.c index 904a3023c5..764fb2fe43 100644 --- a/src/util/vircommand.c +++ b/src/util/vircommand.c @@ -494,6 +494,59 @@ virCommandMassCloseGetFDsGeneric(virCommandPtr cmd G_GNUC_UNUSED, } # endif /* !__linux__ */ +# ifdef __FreeBSD__ + +static int +virCommandMassClose(virCommandPtr cmd, + int childin, + int childout, + int childerr) +{ + int lastfd = -1; + int fd = -1; + + /* + * Two phases of closing. + * + * The first (inefficient) phase iterates over FDs, + * preserving certain FDs we need to pass down, and + * closing others. The number of iterations is bounded + * to the number of the biggest FD we need to preserve. + * + * The second (speedy) phase uses closefrom() to cull + * all remaining FDs in the process. + * + * Usually the first phase will be fairly quick only + * processing a handful of low FD numbers, and thus using + * closefrom() is a massive win for high ulimit() NFILES + * values. + */ + lastfd = MAX(lastfd, childin); + lastfd = MAX(lastfd, childout); + lastfd = MAX(lastfd, childerr); + + while (fd < cmd->npassfd) + lastfd = MAX(lastfd, cmd->passfd[fd].fd); + + for (fd = 0; fd <= lastfd; fd++) { + if (fd == childin || fd == childout || fd == childerr) + continue; + if (!virCommandFDIsSet(cmd, fd)) { + int tmpfd = fd; + VIR_MASS_CLOSE(tmpfd); + } else if (virSetInherit(fd, true) < 0) { + virReportSystemError(errno, _("failed to preserve fd %d"), fd); + return -1; + } + } + + closefrom(lastfd + 1); + + return 0; +} + +# else /* ! __FreeBSD__ */ + static int virCommandMassClose(virCommandPtr cmd, int childin, @@ -520,13 +573,13 @@ virCommandMassClose(virCommandPtr cmd, if (!(fds = virBitmapNew(openmax))) return -1; -# ifdef __linux__ +# ifdef __linux__ if (virCommandMassCloseGetFDsLinux(cmd, fds) < 0) return -1; -# else +# else if (virCommandMassCloseGetFDsGeneric(cmd, fds) < 0) return -1; -# endif +# endif fd = virBitmapNextSetBit(fds, 2); for (; fd >= 0; fd = virBitmapNextSetBit(fds, fd)) { @@ -544,6 +597,7 @@ virCommandMassClose(virCommandPtr cmd, return 0; } +# endif /* ! __FreeBSD__ */ /* * virExec: diff --git a/tests/testutils.c b/tests/testutils.c index 7b9a5ea05b..662203d707 100644 --- a/tests/testutils.c +++ b/tests/testutils.c @@ -333,8 +333,10 @@ static void virTestCaptureProgramExecChild(const char *const argv[], int pipefd) { +# ifndef __FreeBSD__ size_t i; int open_max; +# endif /* ! __FreeBSD__ */ int stdinfd = -1; const char *const env[] = { "LANG=C", @@ -344,6 +346,7 @@ void virTestCaptureProgramExecChild(const char *const argv[], if ((stdinfd = open("/dev/null", O_RDONLY)) < 0) goto cleanup; +# ifndef __FreeBSD__ open_max = sysconf(_SC_OPEN_MAX); if (open_max < 0) goto cleanup; @@ -356,6 +359,7 @@ void virTestCaptureProgramExecChild(const char *const argv[], VIR_FORCE_CLOSE(tmpfd); } } +# endif /* __FreeBSD__ */ if (dup2(stdinfd, STDIN_FILENO) != STDIN_FILENO) goto cleanup; @@ -364,6 +368,11 @@ void virTestCaptureProgramExecChild(const char *const argv[], if (dup2(pipefd, STDERR_FILENO) != STDERR_FILENO) goto cleanup; +# ifdef __FreeBSD__ + closefrom(STDERR_FILENO); + stdinfd = pipefd = -1; +# endif + /* SUS is crazy here, hence the cast */ execve(argv[0], (char *const*)argv, (char *const*)env); -- 2.24.1

2 1

New release of libvirt-php?
by Neal Gompa 08 Feb '20

08 Feb '20

Hey, It's been a couple of years (!!!) since the last libvirt-php release. Since then, the code has been pretty dramatically restructured to more closely mimic how libvirt and other bindings are structured. With that and the new API add just pushed, could we get a new release of libvirt-php? IMO, it's a bad sign when the Fedora package has gone through 10 builds with a version bump with basically no interaction on my part (automated rebuilds or mass change builds!). -- 真実はいつも一つ！/ Always, there's only one truth!

3 5

Release of libvirt-php-0.5.5
by Michal Prívozník 08 Feb '20

08 Feb '20

After 2.5 years, I'm glad to announce new release of PHP bindings. You can download them from here: https://libvirt.org/sources/php/libvirt-php-0.5.5.tar.gz The changelog contains a lot of code cleanups, bug fixes and some new APIs implemented (virDomainReset and virDomainInterfaceAddresses). Thanks to everybody who helped with the release. Michal

1 0

[PATCH 0/2] virsh: qemu-monitor-command: Improve docs and retrun value handling
by Peter Krempa 07 Feb '20

07 Feb '20

2/2 was already reviewed, but it depends on the docs patch. Peter Krempa (2): docs: virsh: Modernize docs for qemu-monitor-command virsh: Allow extracting 'return' section of QMP command in 'qemu-monitor-command' docs/manpages/virsh.rst | 24 ++++++++++++++-------- tools/virsh-domain.c | 44 ++++++++++++++++++++++++++++++++--------- 2 files changed, 51 insertions(+), 17 deletions(-) -- 2.24.1

2 3

[libvirt PATCH] tests: avoid referencing stale readdir pointer
by Daniel P. Berrangé 07 Feb '20

07 Feb '20

The contents of 'struct dirent' are only valid until the next call to readdir() or closedir(). It is thus invalid to save a pointer to the 'd_name' field. Somehow this hasn't affected the test suite until recently when FreeBSD 12 started showing use of uninitialized memory resulting in test failures. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- Pushed as a build fix tests/testutilsqemu.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c index c17e284930..0cb9a7456d 100644 --- a/tests/testutilsqemu.c +++ b/tests/testutilsqemu.c @@ -497,7 +497,7 @@ testQemuGetLatestCapsForArch(const char *arch, char *tmp = NULL; unsigned long maxver = 0; unsigned long ver; - const char *maxname = NULL; + g_autofree char *maxname = NULL; char *ret = NULL; fullsuffix = g_strdup_printf("%s.%s", arch, suffix); @@ -522,7 +522,8 @@ testQemuGetLatestCapsForArch(const char *arch, } if (ver > maxver) { - maxname = ent->d_name; + g_free(maxname); + maxname = g_strdup(ent->d_name); maxver = ver; } } -- 2.24.1

1 0

[libvirt PATCH 0/2] qemu: fix crash on invalid bandwidth request
by Ján Tomko 07 Feb '20

07 Feb '20

https://bugzilla.redhat.com/show_bug.cgi?id=1800505 Ján Tomko (2): qemu: do not revert to NULL bandwidth qemu: preserve error on bandwidth rollback src/qemu/qemu_driver.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) -- 2.21.1

2 4

[libvirt PATCH 0/3] qemu: Fix default CPU for old s390 machine types
by Jiri Denemark 07 Feb '20

07 Feb '20

See the last patch for detailed description and https://bugzilla.redhat.com/show_bug.cgi?id=1795651 for a discussion about this topic. Jiri Denemark (3): qemu: Pass machine type to virQEMUCapsIsCPUModeSupported qemuxml2*test: Add default CPU tests for s390-ccw-virtio-2.7 machines qemu_capabilities: Disable CPU models on old s390 machine types src/qemu/qemu_capabilities.c | 29 ++++++++++++++--- src/qemu/qemu_capabilities.h | 3 +- src/qemu/qemu_domain.c | 3 +- src/qemu/qemu_process.c | 2 +- ...t-cpu-kvm-ccw-virtio-2.7.s390x-latest.args | 32 +++++++++++++++++++ .../s390-default-cpu-kvm-ccw-virtio-2.7.xml | 16 ++++++++++ ...t-cpu-tcg-ccw-virtio-2.7.s390x-latest.args | 32 +++++++++++++++++++ .../s390-default-cpu-tcg-ccw-virtio-2.7.xml | 16 ++++++++++ tests/qemuxml2argvtest.c | 2 ++ ...lt-cpu-kvm-ccw-virtio-2.7.s390x-latest.xml | 24 ++++++++++++++ ...lt-cpu-tcg-ccw-virtio-2.7.s390x-latest.xml | 26 +++++++++++++++ tests/qemuxml2xmltest.c | 2 ++ 12 files changed, 180 insertions(+), 7 deletions(-) create mode 100644 tests/qemuxml2argvdata/s390-default-cpu-kvm-ccw-virtio-2.7.s390x-latest.args create mode 100644 tests/qemuxml2argvdata/s390-default-cpu-kvm-ccw-virtio-2.7.xml create mode 100644 tests/qemuxml2argvdata/s390-default-cpu-tcg-ccw-virtio-2.7.s390x-latest.args create mode 100644 tests/qemuxml2argvdata/s390-default-cpu-tcg-ccw-virtio-2.7.xml create mode 100644 tests/qemuxml2xmloutdata/s390-default-cpu-kvm-ccw-virtio-2.7.s390x-latest.xml create mode 100644 tests/qemuxml2xmloutdata/s390-default-cpu-tcg-ccw-virtio-2.7.s390x-latest.xml -- 2.25.0

4 9

[libvirt PATCH] testutils: print a helpful summary of failed tests
by Ján Tomko 07 Feb '20

07 Feb '20

When debugging test failures in seven independent test cases, it might be helpful to only gather the debug output of the failing cases. Record the indexes of the tests that fail and print them in the VIR_TEST_RANGE of the command line that will result in only those tests being run. Signed-off-by: Ján Tomko <jtomko(a)redhat.com> --- tests/testutils.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/testutils.c b/tests/testutils.c index 7b9a5ea05b..0cf0ac7e5c 100644 --- a/tests/testutils.c +++ b/tests/testutils.c @@ -54,6 +54,7 @@ static unsigned int testRegenerate = -1; static size_t testCounter; static virBitmapPtr testBitmap; +static virBitmapPtr failedTests; virArch virTestHostArch = VIR_ARCH_X86_64; @@ -172,6 +173,9 @@ virTestRun(const char *title, fprintf(stderr, "!"); } + if (ret != 0) + ignore_value(virBitmapSetBitExpand(failedTests, testCounter)); + g_unsetenv("VIR_TEST_MOCK_TESTNAME"); return ret; } @@ -930,6 +934,9 @@ int virTestMain(int argc, } } + if (!(failedTests = virBitmapNew(1))) + return EXIT_FAILURE; + ret = (func)(); virResetLastError(); @@ -938,6 +945,11 @@ int virTestMain(int argc, fprintf(stderr, "%*s", 40 - (int)(testCounter % 40), ""); fprintf(stderr, " %-3zu %s\n", testCounter, ret == 0 ? "OK" : "FAIL"); } + if (ret == EXIT_FAILURE && !virBitmapIsAllClear(failedTests)) { + g_autofree char *failed = virBitmapFormat(failedTests); + fprintf(stderr, "Some tests failed. Run them using:\n"); + fprintf(stderr, "VIR_TEST_DEBUG=1 VIR_TEST_RANGE=%s %s\n", failed, argv[0]); + } virLogReset(); return ret; } -- 2.21.1

2 1

[libvirt-php PATCH] libvirt-domain: Introduce libvirt_domain_reset()
by Marcus Recck 07 Feb '20

07 Feb '20

We currently have all other power-related functions implemented, but are missing the ability to call virDomainReset from the PHP bindings. This adds that functionality. Signed-off-by: Marcus Recck <mrecck(a)datto.com> --- doc/source/libvirt/entities.functions.xml | 1 + .../functions/libvirt-domain-reboot.xml | 1 + .../functions/libvirt-domain-reset.xml | 82 +++++++++++++++++++ .../functions/libvirt-domain-resume.xml | 1 + .../functions/libvirt-domain-shutdown.xml | 1 + .../functions/libvirt-domain-suspend.xml | 1 + examples/libvirt.php | 9 ++ src/libvirt-domain.c | 24 ++++++ src/libvirt-domain.h | 2 + 9 files changed, 122 insertions(+) create mode 100644 doc/source/libvirt/functions/libvirt-domain-reset.xml diff --git a/doc/source/libvirt/entities.functions.xml b/doc/source/libvirt/entities.functions.xml index 58faefa..0c1c83c 100644 --- a/doc/source/libvirt/entities.functions.xml +++ b/doc/source/libvirt/entities.functions.xml @@ -22,6 +22,7 @@ &reference.libvirt.functions.libvirt-domain-migrate-to-uri; &reference.libvirt.functions.libvirt-domain-migrate; &reference.libvirt.functions.libvirt-domain-reboot; +&reference.libvirt.functions.libvirt-domain-reset; &reference.libvirt.functions.libvirt-domain-resume; &reference.libvirt.functions.libvirt-domain-shutdown; &reference.libvirt.functions.libvirt-domain-suspend; diff --git a/doc/source/libvirt/functions/libvirt-domain-reboot.xml b/doc/source/libvirt/functions/libvirt-domain-reboot.xml index b2531f6..8e00ece 100644 --- a/doc/source/libvirt/functions/libvirt-domain-reboot.xml +++ b/doc/source/libvirt/functions/libvirt-domain-reboot.xml @@ -53,6 +53,7 @@ <member><function>libvirt_domain_shutdown</function></member> <member><function>libvirt_domain_suspend</function></member> <member><function>libvirt_domain_create</function></member> + <member><function>libvirt_domain_reset</function></member> </simplelist> </para> </refsect1> diff --git a/doc/source/libvirt/functions/libvirt-domain-reset.xml b/doc/source/libvirt/functions/libvirt-domain-reset.xml new file mode 100644 index 0000000..51af0c1 --- /dev/null +++ b/doc/source/libvirt/functions/libvirt-domain-reset.xml @@ -0,0 +1,82 @@ +<?xml version="1.0" encoding="utf-8"?> + + +<refentry xml:id="function.libvirt-domain-reset" xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink"> + <refnamediv> + <refname>libvirt_domain_reset</refname> + <refpurpose>Reset a domain</refpurpose> + </refnamediv> + + <refsect1 role="description"> + &reftitle.description; + <methodsynopsis> + <type>bool</type><methodname>libvirt_domain_reset</methodname> + <methodparam ><type>resource</type><parameter>domain</parameter></methodparam> + </methodsynopsis> + <para> + Reset a domain immediately without any guest shutdown. + </para> + + </refsect1> + + <refsect1 role="parameters"> + &reftitle.parameters; + <para> + <variablelist> + <varlistentry> + <term><parameter>domain</parameter></term> + <listitem> + <para> + Domain resource of domain to reset. You can get domain resource using various functions (i.e. <function>libvirt_domain_lookup_by_uuid</function> or <function>libvirt_list_domains</function>). + </para> + </listitem> + </varlistentry> + </variablelist> + </para> + </refsect1> + + <refsect1 role="returnvalues"> + &reftitle.returnvalues; +  + <para> + &true; on success and &false; on failure + </para> + </refsect1> + + + + <refsect1 role="seealso"> + &reftitle.seealso; + <para> + <simplelist> + <member><function>libvirt_domain_reboot</function></member> + <member><function>libvirt_domain_resume</function></member> + <member><function>libvirt_domain_suspend</function></member> + <member><function>libvirt_domain_create</function></member> + <member><function>libvirt_domain_shutdown</function></member> + </simplelist> + </para> + </refsect1> + +</refentry> + + diff --git a/doc/source/libvirt/functions/libvirt-domain-resume.xml b/doc/source/libvirt/functions/libvirt-domain-resume.xml index c7d1ba4..cf6378a 100644 --- a/doc/source/libvirt/functions/libvirt-domain-resume.xml +++ b/doc/source/libvirt/functions/libvirt-domain-resume.xml @@ -53,6 +53,7 @@ <member><function>libvirt_domain_shutdown</function></member> <member><function>libvirt_domain_suspend</function></member> <member><function>libvirt_domain_create</function></member> + <member><function>libvirt_domain_reset</function></member> </simplelist> </para> </refsect1> diff --git a/doc/source/libvirt/functions/libvirt-domain-shutdown.xml b/doc/source/libvirt/functions/libvirt-domain-shutdown.xml index 99d6dde..5ae430b 100644 --- a/doc/source/libvirt/functions/libvirt-domain-shutdown.xml +++ b/doc/source/libvirt/functions/libvirt-domain-shutdown.xml @@ -53,6 +53,7 @@ <member><function>libvirt_domain_resume</function></member> <member><function>libvirt_domain_suspend</function></member> <member><function>libvirt_domain_create</function></member> + <member><function>libvirt_domain_reset</function></member> </simplelist> </para> </refsect1> diff --git a/doc/source/libvirt/functions/libvirt-domain-suspend.xml b/doc/source/libvirt/functions/libvirt-domain-suspend.xml index 6787c7e..6627a5e 100644 --- a/doc/source/libvirt/functions/libvirt-domain-suspend.xml +++ b/doc/source/libvirt/functions/libvirt-domain-suspend.xml @@ -53,6 +53,7 @@ <member><function>libvirt_domain_resume</function></member> <member><function>libvirt_domain_shutdown</function></member> <member><function>libvirt_domain_create</function></member> + <member><function>libvirt_domain_reset</function></member> </simplelist> </para> </refsect1> diff --git a/examples/libvirt.php b/examples/libvirt.php index 8e56327..1b1c9d0 100644 --- a/examples/libvirt.php +++ b/examples/libvirt.php @@ -873,6 +873,15 @@ class Libvirt { return ($tmp) ? $tmp : $this->_set_last_error(); } + function domain_reset($domain) { + $dom = $this->get_domain_object($domain); + if (!$dom) + return false; + + $tmp = libvirt_domain_reset($dom); + return ($tmp) ? $tmp: $this->_set_last_error(); + } + function domain_suspend($domain) { $dom = $this->get_domain_object($domain); if (!$dom) diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c index 701aab3..9a7f28c 100644 --- a/src/libvirt-domain.c +++ b/src/libvirt-domain.c @@ -1496,6 +1496,30 @@ PHP_FUNCTION(libvirt_domain_reboot) RETURN_TRUE; } +/* + * Function name: libvirt_domain_reset + * Since version: 0.5.5 + * Description: Function is used to reset the domain identified by its resource + * Arguments: @res [resource]: libvirt domain resource, e.g. from libvirt_domain_lookup_by_*() + @flags [int]: optional flags + * Returns: TRUE for success, FALSE on error + */ +PHP_FUNCTION(libvirt_domain_reset) +{ + php_libvirt_domain *domain = NULL; + zval *zdomain; + int retval; + zend_long flags = 0; + + GET_DOMAIN_FROM_ARGS("r|l", &zdomain, &flags); + + retval = virDomainReset(domain->domain, flags); + DPRINTF("%s: virDomainReset(%p) returned %d\n", PHPFUNC, domain->domain, retval); + if (retval != 0) + RETURN_FALSE; + RETURN_TRUE; +} + /* * Function name: libvirt_domain_define_xml * Since version: 0.4.1(-1) diff --git a/src/libvirt-domain.h b/src/libvirt-domain.h index f15237f..8b80c9c 100644 --- a/src/libvirt-domain.h +++ b/src/libvirt-domain.h @@ -74,6 +74,7 @@ PHP_FE(libvirt_domain_managedsave, arginfo_libvirt_conn) \ PHP_FE(libvirt_domain_undefine, arginfo_libvirt_conn) \ PHP_FE(libvirt_domain_reboot, arginfo_libvirt_conn_flags) \ + PHP_FE(libvirt_domain_reset, arginfo_libvirt_conn_flags) \ PHP_FE(libvirt_domain_define_xml, arginfo_libvirt_conn_xml) \ PHP_FE(libvirt_domain_create_xml, arginfo_libvirt_conn_xml) \ PHP_FE(libvirt_domain_xml_from_native, arginfo_libvirt_domain_xml_from_native) \ @@ -165,6 +166,7 @@ PHP_FUNCTION(libvirt_domain_suspend); PHP_FUNCTION(libvirt_domain_managedsave); PHP_FUNCTION(libvirt_domain_undefine); PHP_FUNCTION(libvirt_domain_reboot); +PHP_FUNCTION(libvirt_domain_reset); PHP_FUNCTION(libvirt_domain_define_xml); PHP_FUNCTION(libvirt_domain_create_xml); PHP_FUNCTION(libvirt_domain_xml_from_native); -- 2.24.0

3 2

[PATCH v2 0/6] ui: rework -show-cursor option
by Gerd Hoffmann 07 Feb '20

07 Feb '20

Gerd Hoffmann (6): ui: add show-cursor option ui/gtk: implement show-cursor option ui/sdl: implement show-cursor option ui/cocoa: implement show-cursor option ui: wire up legacy -show-cursor option ui: deprecate legacy -show-cursor option include/sysemu/sysemu.h | 1 - ui/gtk.c | 8 +++++++- ui/sdl2.c | 28 ++++++++++++++++++++-------- vl.c | 6 ++++-- qapi/ui.json | 3 +++ qemu-deprecated.texi | 5 +++++ ui/cocoa.m | 4 ++++ 7 files changed, 43 insertions(+), 12 deletions(-) -- 2.18.1

4 11

[PATCH 00/15] qemu: Handle 'size' and 'offset' attributes of 'raw' format
by Peter Krempa 06 Feb '20

06 Feb '20

This series fixes and improves the 'json:' pseudo-protocol parser and implements the 'offset' and 'size' attributes and exposes them as <slice> in the XML. https://bugzilla.redhat.com/show_bug.cgi?id=1791788 Peter Krempa (15): virStorageSourceParseBackingJSON: Pass around original backing file string virStorageSourceParseBackingJSON: Move deflattening of json: URIs out of recursion virStorageSourceJSONDriverParser: annotate 'format' drivers virStorageSourceParseBackingJSON: Allow 'json:' pseudo URIs without 'file' wrapper virStorageSourceParseBackingJSON: Prevent arbitrary nesting with format drivers tests: virstorage: Add test cases for "json:" pseudo-URI without 'file' wrapper tests: virstorage: Add test data for json specified raw image with offset/size util: virstoragefile: Add data structure for storing storage source slices qemuBlockStorageSourceGetFormatRawProps: format 'offset' and 'size' for slice qemuDomainValidateStorageSource: Reject unsupported slices docs: formatdomain: Close <source> on one of disk examples docs: Document the new <slices> sub-element of disk's <source> conf: Implement support for <slices> of disk source tests: qemu: Add test data for the new <slice> element virStorageSourceParseBackingJSONRaw: Parse 'offset' and 'size' attributes docs/formatdomain.html.in | 12 ++ docs/schemas/domaincommon.rng | 33 ++++ src/conf/domain_conf.c | 92 +++++++++++ src/qemu/qemu_block.c | 12 +- src/qemu/qemu_domain.c | 15 ++ src/util/virstoragefile.c | 156 +++++++++++++----- src/util/virstoragefile.h | 12 ++ .../disk-slices.x86_64-latest.args | 50 ++++++ tests/qemuxml2argvdata/disk-slices.xml | 45 +++++ tests/qemuxml2argvtest.c | 2 + .../disk-slices.x86_64-latest.xml | 56 +++++++ tests/qemuxml2xmltest.c | 2 + tests/virstoragetest.c | 23 +++ 13 files changed, 462 insertions(+), 48 deletions(-) create mode 100644 tests/qemuxml2argvdata/disk-slices.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/disk-slices.xml create mode 100644 tests/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml -- 2.24.1

3 35

[PULL 07/46] qemu-deprecated: Remove text about Python 2
by Philippe Mathieu-Daudé 06 Feb '20

06 Feb '20

From: Thomas Huth <thuth(a)redhat.com> Python 2 support has been removed, so we should now also remove the announcement text for the deprecation. Signed-off-by: Thomas Huth <thuth(a)redhat.com> Reviewed by: Aleksandar Markovic <amarkovic(a)wavecomp.com> Reviewed-by: John Snow <jsnow(a)redhat.com> Message-Id: <20200109095116.18201-1-thuth(a)redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd(a)redhat.com> --- qemu-deprecated.texi | 8 -------- 1 file changed, 8 deletions(-) diff --git a/qemu-deprecated.texi b/qemu-deprecated.texi index ea3e10bde3..97668edf92 100644 --- a/qemu-deprecated.texi +++ b/qemu-deprecated.texi @@ -351,14 +351,6 @@ they have no effect when used with @option{-n} to skip image creation. Silently ignored options can be confusing, so this combination of options will be made an error in future versions. -@section Build system - -@subsection Python 2 support (since 4.1.0) - -In the future, QEMU will require Python 3 to be available at -build time. Support for Python 2 in scripts shipped with QEMU -is deprecated. - @section Backwards compatibility @subsection Runnability guarantee of CPU models (since 4.1.0) -- 2.21.1

1 0

[PATCH 0/4] qemu: Fix handling of 'copy-on-read' on hotplug with blockdev
by Peter Krempa 06 Feb '20

06 Feb '20

See patch 4. Peter Krempa (4): qemuMonitorJSONBlockdevAdd: Refactor cleanup qemuMonitorJSONBlockdevDel: Refactor cleanup qemuMonitorBlockdevAdd: Take double pointer argument qemu: hotplug: Fix handling of the 'copy-on-read' layer with blockdev src/qemu/qemu_block.c | 14 ++------------ src/qemu/qemu_hotplug.c | 25 +++++++++++++++--------- src/qemu/qemu_monitor.c | 16 ++++++---------- src/qemu/qemu_monitor.h | 2 +- src/qemu/qemu_monitor_json.c | 37 +++++++++++++----------------------- src/qemu/qemu_monitor_json.h | 2 +- 6 files changed, 39 insertions(+), 57 deletions(-) -- 2.24.1

3 6

[PATCH] qemuBlockStorageSourceGetBackendProps: Report errors on all switch cases
by Peter Krempa 06 Feb '20

06 Feb '20

Few switch cases returned failure but didn't report an error. For a situation when the backingStore type='volume' was not translated the following error would occur: $ virsh start VM error: Failed to start domain VM error: An error occurred, but the cause is unknown After this patch: $ virsh start VM error: Failed to start domain VM error: internal error: storage source pool 'tmp' volume 'pull3.qcow2' is not translated Signed-off-by: Peter Krempa <pkrempa(a)redhat.com> --- src/qemu/qemu_block.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c index 63116ef5f2..0ee10dd770 100644 --- a/src/qemu/qemu_block.c +++ b/src/qemu/qemu_block.c @@ -1081,8 +1081,14 @@ qemuBlockStorageSourceGetBackendProps(virStorageSourcePtr src, break; case VIR_STORAGE_TYPE_VOLUME: + virReportError(VIR_ERR_INTERNAL_ERROR, + _("storage source pool '%s' volume '%s' is not translated"), + src->srcpool->pool, src->srcpool->volume); + return NULL; + case VIR_STORAGE_TYPE_NONE: case VIR_STORAGE_TYPE_LAST: + virReportEnumRangeError(virStorageType, actualType); return NULL; case VIR_STORAGE_TYPE_NETWORK: @@ -1141,6 +1147,7 @@ qemuBlockStorageSourceGetBackendProps(virStorageSourcePtr src, case VIR_STORAGE_NET_PROTOCOL_NONE: case VIR_STORAGE_NET_PROTOCOL_LAST: + virReportEnumRangeError(virStorageNetProtocol, src->protocol); return NULL; } break; -- 2.24.1

3 2

[PATCH] docs: render <span class="literal"> with monospace font
by Daniel P. Berrangé 06 Feb '20

06 Feb '20

When using ``....`` in RST, this results in <span class="literal">...</span> instead of <code>...</code>. We thus need an extra rule to render it with a monospace font. Colouring a light gray also helps the text stand out a little more and matches background of <pre> blocks. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- docs/libvirt.css | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/libvirt.css b/docs/libvirt.css index d2e1842b62..50cf02e348 100644 --- a/docs/libvirt.css +++ b/docs/libvirt.css @@ -574,3 +574,8 @@ ul.news-section-content li dl dd { margin-top: 0.5em; margin-bottom: 0.5em; } + +span.literal, code { + font-family: monospace; + background: #eeeeee; +} -- 2.24.1

2 2

[libvirt PATCH v3 0/7] the gnulib saga: the season finale
by Daniel P. Berrangé 06 Feb '20

06 Feb '20

This is a followup to v1: https://www.redhat.com/archives/libvir-list/2020-January/msg00900.html v2: https://www.redhat.com/archives/libvir-list/2020-January/msg01158.html At the end of this series we have 100% eliminated use of GNULIB from libvirt. Some things to note - I have build tested this on Travis platforms and manually via FreeBSD 11/12. This covers make, make syntax-check & make check - I've validated that virsh still works with mingw64 builds on Windows 2008r2. - I've done basic functional testing on Fedora 31, starting and stopping VMs & other other simple APIs The config.h we generate is much much smaller than before as we eliminated alot of gnulib macros. The risk here is that we are no longer setting some HAVE_XXX in config.h that we rely on. To mitigate this I did a diff of config.h before & after this series to determinw which HAVE_XXX we no longer set. I then grepped the source to see if we actually use any of them. This identified a few mistakes which I fixed in testing this series. The builds times for libvirt after applying this series have some significant gains, improving speed of all stages (autogen, configure & make). Overall while this was time consuming work (due to massive number of builds for testing each step), it is surprising just how easy it was eliminate need for GNULIB. GLib helped a little bit in this respect, but the biggest factor is simply that a large number of issues GNULIB fixes only matter for ancient / obsolete OS platforms. With libvirt only targetting modern Linux, FreeBSD, macOS & MinGW, the only really hard stuff where GNULIB was a big help is the Windows sockets portability. GNULIB was a pretty valuable approach when there were countless flavours of UNIX to worry about with poor levels of POSIX API compatibility. With a typical modern set of platforms, I think it is better to just use a library like GLib and deal with any other portability problems explicitly. Almost certainly someone will appear after next release and complain that libvirt no longer builds on some platform that we don't officially support. My expectation is that when this happens it will be reasonably easy to fix whatever problem they report. Also at that time we can also consider whether the platform needs to be added to CI. Changed in v3: - Merged all the already acked patches which didn't have ordering dependencies - Rewrite way virsh monitor long running jobs to avoid non-portable pipe usage - Improve debug messages in glib event loop - Add dtrace probes to glib event loop - Remove main context acquire/release steps - Fix buck passing mistakes in RPC client event loop conversion - Purge more from syntax-check - Improve event watch to GIOCondition conversions - Fix leak of windows event object HANDLE Daniel P. Berrangé (7): tools: rewrite interactive job monitoring logic src: introduce helper API for creating GSource for socket rpc: convert RPC client to use GMainLoop instead of poll util: import an event loop impl based on GMainContext util: switch to use the GLib event loop impl util: delete the poll() based event loop impl gnulib: delete all gnulib integration .color_coded.in | 2 - .gitignore | 9 +- .gitmodules | 3 - .gnulib | 1 - .ycm_extra_conf.py.in | 2 - Makefile.am | 2 +- README-hacking | 9 +- autogen.sh | 219 +------ bootstrap | 1073 ------------------------------- bootstrap.conf | 100 --- build-aux/syntax-check.mk | 160 +---- ci/build.sh | 4 +- config-post.h | 5 +- configure.ac | 11 +- docs/compiling.html.in | 25 - docs/hacking.html.in | 5 +- gnulib/lib/Makefile.am | 30 - libvirt.spec.in | 2 - m4/virt-compile-warnings.m4 | 18 +- po/POTFILES.in | 1 - src/Makefile.am | 7 +- src/admin/Makefile.inc.am | 1 - src/bhyve/Makefile.inc.am | 1 - src/interface/Makefile.inc.am | 1 - src/libvirt_private.syms | 14 +- src/libvirt_probes.d | 14 + src/libxl/Makefile.inc.am | 1 - src/locking/Makefile.inc.am | 3 - src/logging/Makefile.inc.am | 1 - src/lxc/Makefile.inc.am | 2 - src/network/Makefile.inc.am | 3 +- src/node_device/Makefile.inc.am | 2 - src/nwfilter/Makefile.inc.am | 1 - src/qemu/Makefile.inc.am | 1 - src/remote/Makefile.inc.am | 1 - src/rpc/virnetclient.c | 222 ++++--- src/rpc/virnetsocket.c | 6 - src/secret/Makefile.inc.am | 1 - src/security/Makefile.inc.am | 1 - src/storage/Makefile.inc.am | 16 - src/util/Makefile.inc.am | 6 +- src/util/viralloc.h | 3 +- src/util/virbitmap.c | 4 +- src/util/virevent.c | 21 +- src/util/vireventglib.c | 499 ++++++++++++++ src/util/vireventglib.h | 28 + src/util/vireventglibwatch.c | 249 +++++++ src/util/vireventglibwatch.h | 48 ++ src/util/vireventpoll.c | 772 ---------------------- src/util/vireventpoll.h | 126 ---- src/util/virfile.c | 7 +- src/util/virsocket.h | 15 - src/vbox/Makefile.inc.am | 1 - src/vz/Makefile.inc.am | 1 - tests/Makefile.am | 21 +- tests/virstringtest.c | 3 +- tools/Makefile.am | 9 +- tools/virsh-domain.c | 388 ++++++----- tools/virsh.h | 3 +- 59 files changed, 1268 insertions(+), 2916 deletions(-) delete mode 160000 .gnulib delete mode 100755 bootstrap delete mode 100644 bootstrap.conf delete mode 100644 gnulib/lib/Makefile.am create mode 100644 src/util/vireventglib.c create mode 100644 src/util/vireventglib.h create mode 100644 src/util/vireventglibwatch.c create mode 100644 src/util/vireventglibwatch.h delete mode 100644 src/util/vireventpoll.c delete mode 100644 src/util/vireventpoll.h -- 2.24.1

2 15

[PATCH] lxc: Fix wrong addresses statements for IPv{4, 6} in native network definitions
by Julio Faracco 06 Feb '20

06 Feb '20

After LXC version 3, some settings were changed to new names. Same as network. LXC introduced network indexes and changed IPv{4,6} addresses fields. Before, users should only pass `lxc.network.ipv4` to define an IPv4 address. Now, on version 3, users need to pass `lxc.net.X.ipv4.address` to specify the same thing. Same for IPv6. Signed-off-by: Julio Faracco <jcfaracco(a)gmail.com> --- For further details: https://discuss.linuxcontainers.org/t/lxc-2-1-has-been-released/487 --- --- src/lxc/lxc_native.c | 12 ++++++++---- src/lxc/lxc_native.h | 2 ++ tests/lxcconf2xmldata/lxcconf2xml-ethernet-v3.config | 4 ++-- .../lxcconf2xml-miscnetwork-v3.config | 4 ++-- .../lxcconf2xml-physnetwork-v3.config | 4 ++-- tests/lxcconf2xmldata/lxcconf2xml-simple-v3.config | 4 ++-- 6 files changed, 18 insertions(+), 12 deletions(-) diff --git a/src/lxc/lxc_native.c b/src/lxc/lxc_native.c index 5462b74b85..ea79c90f83 100644 --- a/src/lxc/lxc_native.c +++ b/src/lxc/lxc_native.c @@ -44,10 +44,12 @@ VIR_ENUM_IMPL(virLXCNetworkConfigEntry, "flags", "macvlan.mode", "vlan.id", - "ipv4", + "ipv4", /* Legacy: LXC IPv4 address */ "ipv4.gateway", - "ipv6", - "ipv6.gateway" + "ipv4.address", + "ipv6", /* Legacy: LXC IPv6 address */ + "ipv6.gateway", + "ipv6.address" ); static virDomainFSDefPtr @@ -570,7 +572,7 @@ lxcNetworkParseDataIPs(const char *name, if (VIR_ALLOC(ip) < 0) return -1; - if (STREQ(name, "ipv6")) + if (STREQ(name, "ipv6") || STREQ(name, "ipv6.address")) family = AF_INET6; ipparts = virStringSplit(value->str, "/", 2); @@ -627,7 +629,9 @@ lxcNetworkParseDataSuffix(const char *entry, parseData->name = value->str; break; case VIR_LXC_NETWORK_CONFIG_IPV4: + case VIR_LXC_NETWORK_CONFIG_IPV4_ADDRESS: case VIR_LXC_NETWORK_CONFIG_IPV6: + case VIR_LXC_NETWORK_CONFIG_IPV6_ADDRESS: if (lxcNetworkParseDataIPs(entry, value, parseData) < 0) return -1; break; diff --git a/src/lxc/lxc_native.h b/src/lxc/lxc_native.h index f16407f2e6..813272e129 100644 --- a/src/lxc/lxc_native.h +++ b/src/lxc/lxc_native.h @@ -35,8 +35,10 @@ typedef enum { VIR_LXC_NETWORK_CONFIG_VLAN_ID, VIR_LXC_NETWORK_CONFIG_IPV4, VIR_LXC_NETWORK_CONFIG_IPV4_GATEWAY, + VIR_LXC_NETWORK_CONFIG_IPV4_ADDRESS, VIR_LXC_NETWORK_CONFIG_IPV6, VIR_LXC_NETWORK_CONFIG_IPV6_GATEWAY, + VIR_LXC_NETWORK_CONFIG_IPV6_ADDRESS, VIR_LXC_NETWORK_CONFIG_LAST, } virLXCNetworkConfigEntry; diff --git a/tests/lxcconf2xmldata/lxcconf2xml-ethernet-v3.config b/tests/lxcconf2xmldata/lxcconf2xml-ethernet-v3.config index 0a641549f3..f2ca48f1f2 100644 --- a/tests/lxcconf2xmldata/lxcconf2xml-ethernet-v3.config +++ b/tests/lxcconf2xmldata/lxcconf2xml-ethernet-v3.config @@ -5,9 +5,9 @@ lxc.net.0.type = veth lxc.net.0.flags = up lxc.net.0.hwaddr = 02:00:15:8f:05:c1 lxc.net.0.name = eth0 -lxc.net.0.ipv4 = 192.168.122.2/24 +lxc.net.0.ipv4.address = 192.168.122.2/24 lxc.net.0.ipv4.gateway = 192.168.122.1 -lxc.net.0.ipv6 = 2003:db8:1:0:214:1234:fe0b:3596/64 +lxc.net.0.ipv6.address = 2003:db8:1:0:214:1234:fe0b:3596/64 lxc.net.0.ipv6.gateway = 2003:db8:1:0:214:1234:fe0b:3595 #remove next line if host DNS configuration should not be available to container diff --git a/tests/lxcconf2xmldata/lxcconf2xml-miscnetwork-v3.config b/tests/lxcconf2xmldata/lxcconf2xml-miscnetwork-v3.config index 537da64592..6bc22b8e46 100644 --- a/tests/lxcconf2xmldata/lxcconf2xml-miscnetwork-v3.config +++ b/tests/lxcconf2xmldata/lxcconf2xml-miscnetwork-v3.config @@ -1,9 +1,9 @@ lxc.net.0.type = phys lxc.net.0.link = eth0 lxc.net.0.name = eth1 -lxc.net.0.ipv4 = 192.168.122.2/24 +lxc.net.0.ipv4.address = 192.168.122.2/24 lxc.net.0.ipv4.gateway = 192.168.122.1 -lxc.net.0.ipv6 = 2003:db8:1:0:214:1234:fe0b:3596/64 +lxc.net.0.ipv6.address = 2003:db8:1:0:214:1234:fe0b:3596/64 lxc.net.0.ipv6.gateway = 2003:db8:1:0:214:1234:fe0b:3595 lxc.net.1.type = vlan diff --git a/tests/lxcconf2xmldata/lxcconf2xml-physnetwork-v3.config b/tests/lxcconf2xmldata/lxcconf2xml-physnetwork-v3.config index 9cf96163b3..649b73c8b8 100644 --- a/tests/lxcconf2xmldata/lxcconf2xml-physnetwork-v3.config +++ b/tests/lxcconf2xmldata/lxcconf2xml-physnetwork-v3.config @@ -1,9 +1,9 @@ lxc.net.0.type = phys lxc.net.0.link = eth0 lxc.net.0.name = eth1 -lxc.net.0.ipv4 = 192.168.122.2/24 +lxc.net.0.ipv4.address = 192.168.122.2/24 lxc.net.0.ipv4.gateway = 192.168.122.1 -lxc.net.0.ipv6 = 2003:db8:1:0:214:1234:fe0b:3596/64 +lxc.net.0.ipv6.address = 2003:db8:1:0:214:1234:fe0b:3596/64 lxc.net.0.ipv6.gateway = 2003:db8:1:0:214:1234:fe0b:3595 lxc.rootfs.path = /var/lib/lxc/migrate_test/rootfs diff --git a/tests/lxcconf2xmldata/lxcconf2xml-simple-v3.config b/tests/lxcconf2xmldata/lxcconf2xml-simple-v3.config index b0656571b2..ecd71044f9 100644 --- a/tests/lxcconf2xmldata/lxcconf2xml-simple-v3.config +++ b/tests/lxcconf2xmldata/lxcconf2xml-simple-v3.config @@ -6,9 +6,9 @@ lxc.net.0.flags = up lxc.net.0.link = virbr0 lxc.net.0.hwaddr = 02:00:15:8f:05:c1 lxc.net.0.name = eth0 -lxc.net.0.ipv4 = 192.168.122.2/24 +lxc.net.0.ipv4.address = 192.168.122.2/24 lxc.net.0.ipv4.gateway = 192.168.122.1 -lxc.net.0.ipv6 = 2003:db8:1:0:214:1234:fe0b:3596/64 +lxc.net.0.ipv6.address = 2003:db8:1:0:214:1234:fe0b:3596/64 lxc.net.0.ipv6.gateway = 2003:db8:1:0:214:1234:fe0b:3595 #remove next line if host DNS configuration should not be available to container -- 2.20.1

2 1

[libvirt PATCHv3 00/12] add virtiofs support (virtio-fs epopee)
by Ján Tomko 06 Feb '20

06 Feb '20

https://bugzilla.redhat.com/show_bug.cgi?id=1694166 v1: https://www.redhat.com/archives/libvir-list/2019-November/msg00005.html v2: https://www.redhat.com/archives/libvir-list/2020-January/msg00980.html new in v3: * renamed qemu.conf option * removed cache-size since it was not yet merged in upstream QEMU * use XPath for XML parsing * separated virtiofsd options under the <binary> element [0] * the binary path is now autodetected from vhost-user schemas * log virtiofsd output into a file instead of syslog [0] naming is hard Ján Tomko (12): qemuExtDevicesStart: pass logManager schema: wrap fsDriver in a choice group qemu: add QEMU_CAPS_VHOST_USER_FS docs: add virtiofs kbase conf: qemu: add virtiofs fsdriver type conf: add virtiofs-related elements and attributes qemu: add virtiofsd_debug to qemu.conf qemu: validate virtiofs filesystems qemu: forbid migration with vhost-user-fs device qemu: add code for handling virtiofsd qemu: use the vhost-user schemas to find binary qemu: build vhost-user-fs device command line docs/formatdomain.html.in | 35 +- docs/kbase.html.in | 3 + docs/kbase/virtiofs.rst | 152 +++++++++ docs/schemas/domaincommon.rng | 88 ++++- po/POTFILES.in | 1 + src/conf/domain_conf.c | 108 ++++++- src/conf/domain_conf.h | 16 + src/libvirt_private.syms | 1 + src/qemu/Makefile.inc.am | 2 + src/qemu/libvirtd_qemu.aug | 1 + src/qemu/qemu.conf | 7 + src/qemu/qemu_capabilities.c | 2 + src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_command.c | 47 ++- src/qemu/qemu_conf.c | 2 + src/qemu/qemu_conf.h | 1 + src/qemu/qemu_domain.c | 33 +- src/qemu/qemu_domain.h | 2 +- src/qemu/qemu_domain_address.c | 4 + src/qemu/qemu_extdevice.c | 28 ++ src/qemu/qemu_extdevice.h | 1 + src/qemu/qemu_migration.c | 10 + src/qemu/qemu_process.c | 4 +- src/qemu/qemu_vhost_user.c | 40 +++ src/qemu/qemu_vhost_user.h | 4 + src/qemu/qemu_virtiofs.c | 302 ++++++++++++++++++ src/qemu/qemu_virtiofs.h | 42 +++ src/qemu/test_libvirtd_qemu.aug.in | 1 + .../caps_4.2.0.aarch64.xml | 1 + .../qemucapabilitiesdata/caps_4.2.0.s390x.xml | 1 + .../caps_4.2.0.x86_64.xml | 1 + .../caps_5.0.0.x86_64.xml | 1 + ...vhost-user-fs-fd-memory.x86_64-latest.args | 39 +++ .../vhost-user-fs-fd-memory.xml | 43 +++ ...vhost-user-fs-hugepages.x86_64-latest.args | 47 +++ .../vhost-user-fs-hugepages.xml | 75 +++++ tests/qemuxml2argvtest.c | 14 + .../vhost-user-fs-fd-memory.x86_64-latest.xml | 1 + .../vhost-user-fs-hugepages.x86_64-latest.xml | 1 + tests/qemuxml2xmltest.c | 3 + 40 files changed, 1144 insertions(+), 21 deletions(-) create mode 100644 docs/kbase/virtiofs.rst create mode 100644 src/qemu/qemu_virtiofs.c create mode 100644 src/qemu/qemu_virtiofs.h create mode 100644 tests/qemuxml2argvdata/vhost-user-fs-fd-memory.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/vhost-user-fs-fd-memory.xml create mode 100644 tests/qemuxml2argvdata/vhost-user-fs-hugepages.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/vhost-user-fs-hugepages.xml create mode 120000 tests/qemuxml2xmloutdata/vhost-user-fs-fd-memory.x86_64-latest.xml create mode 120000 tests/qemuxml2xmloutdata/vhost-user-fs-hugepages.x86_64-latest.xml -- 2.21.0

4 36

[PULL 3/3] qemu-nbd: Removed deprecated --partition option
by Eric Blake 06 Feb '20

06 Feb '20

The option was deprecated in 4.0.0 (commit 0ae2d546); it's now been long enough with no complaints to follow through with that process. Signed-off-by: Eric Blake <eblake(a)redhat.com> Message-Id: <20200123164650.1741798-3-eblake(a)redhat.com> Reviewed-by: Ján Tomko <jtomko(a)redhat.com> --- docs/interop/qemu-nbd.rst | 15 ++--- qemu-deprecated.texi | 49 ++++++-------- qemu-nbd.c | 133 +------------------------------------- 3 files changed, 24 insertions(+), 173 deletions(-) diff --git a/docs/interop/qemu-nbd.rst b/docs/interop/qemu-nbd.rst index df7b6b9d0d60..e54840310056 100644 --- a/docs/interop/qemu-nbd.rst +++ b/docs/interop/qemu-nbd.rst @@ -72,13 +72,6 @@ driver options if ``--image-opts`` is specified. Export the disk as read-only. -.. option:: -P, --partition=NUM - - Deprecated: Only expose MBR partition *NUM*. Understands physical - partitions 1-4 and logical partition 5. New code should instead use - :option:`--image-opts` with the raw driver wrapping a subset of the - original image. - .. option:: -B, --bitmap=NAME If *filename* has a qcow2 persistent bitmap *NAME*, expose @@ -224,14 +217,14 @@ a 1 megabyte subset of a raw file, using the export name 'subset': -t -x subset -p 10810 \ --image-opts driver=raw,offset=1M,size=1M,file.driver=file,file.filename=file.raw -Serve a read-only copy of just the first MBR partition of a guest -image over a Unix socket with as many as 5 simultaneous readers, with -a persistent process forked as a daemon: +Serve a read-only copy of a guest image over a Unix socket with as +many as 5 simultaneous readers, with a persistent process forked as a +daemon: :: qemu-nbd --fork --persistent --shared=5 --socket=/path/to/sock \ - --partition=1 --read-only --format=qcow2 file.qcow2 + --read-only --format=qcow2 file.qcow2 Expose the guest-visible contents of a qcow2 file via a block device /dev/nbd0 (and possibly creating /dev/nbd0p1 and friends for diff --git a/qemu-deprecated.texi b/qemu-deprecated.texi index c8ee68a4663a..2634e00ec826 100644 --- a/qemu-deprecated.texi +++ b/qemu-deprecated.texi @@ -313,37 +313,6 @@ The above, converted to the current supported format: @section Related binaries -@subsection qemu-nbd --partition (since 4.0.0) - -The ``qemu-nbd --partition $digit'' code (also spelled @option{-P}) -can only handle MBR partitions, and has never correctly handled -logical partitions beyond partition 5. If you know the offset and -length of the partition (perhaps by using @code{sfdisk} within the -guest), you can achieve the effect of exporting just that subset of -the disk by use of the @option{--image-opts} option with a raw -blockdev using the @code{offset} and @code{size} parameters layered on -top of any other existing blockdev. For example, if partition 1 is -100MiB long starting at 1MiB, the old command: - -@code{qemu-nbd -t -P 1 -f qcow2 file.qcow2} - -can be rewritten as: - -@code{qemu-nbd -t --image-opts driver=raw,offset=1M,size=100M,file.driver=qcow2,file.file.driver=file,file.file.filename=file.qcow2} - -Alternatively, the @code{nbdkit} project provides a more powerful -partition filter on top of its nbd plugin, which can be used to select -an arbitrary MBR or GPT partition on top of any other full-image NBD -export. Using this to rewrite the above example results in: - -@code{qemu-nbd -t -k /tmp/sock -f qcow2 file.qcow2 &} -@code{nbdkit -f --filter=partition nbd socket=/tmp/sock partition=1} - -Note that if you are exposing the export via /dev/nbd0, it is easier -to just export the entire image and then mount only /dev/nbd0p1 than -it is to reinvoke @command{qemu-nbd -c /dev/nbd0} limited to just a -subset of the image. - @subsection qemu-img convert -n -o (since 4.2.0) All options specified in @option{-o} are image creation options, so @@ -400,3 +369,21 @@ trouble after a recent upgrade. The "autoload" parameter has been ignored since 2.12.0. All bitmaps are automatically loaded from qcow2 images. + +@section Related binaries + +@subsection qemu-nbd --partition (removed in 5.0.0) + +The ``qemu-nbd --partition $digit'' code (also spelled @option{-P}) +could only handle MBR partitions, and never correctly handled logical +partitions beyond partition 5. Exporting a partition can still be +done by utilizing the @option{--image-opts} option with a raw blockdev +using the @code{offset} and @code{size} parameters layered on top of +any other existing blockdev. For example, if partition 1 is 100MiB +long starting at 1MiB, the old command: + +@code{qemu-nbd -t -P 1 -f qcow2 file.qcow2} + +can be rewritten as: + +@code{qemu-nbd -t --image-opts driver=raw,offset=1M,size=100M,file.driver=qcow2,file.file.driver=file,file.file.filename=file.qcow2} diff --git a/qemu-nbd.c b/qemu-nbd.c index db29a0d0ed25..4aa005004ebd 100644 --- a/qemu-nbd.c +++ b/qemu-nbd.c @@ -100,7 +100,6 @@ static void usage(const char *name) "\n" "Exposing part of the image:\n" " -o, --offset=OFFSET offset into the image\n" -" -P, --partition=NUM only expose partition NUM\n" " -B, --bitmap=NAME expose a persistent dirty bitmap\n" "\n" "General purpose options:\n" @@ -156,96 +155,6 @@ QEMU_COPYRIGHT "\n" , name); } -struct partition_record -{ - uint8_t bootable; - uint8_t start_head; - uint32_t start_cylinder; - uint8_t start_sector; - uint8_t system; - uint8_t end_head; - uint8_t end_cylinder; - uint8_t end_sector; - uint32_t start_sector_abs; - uint32_t nb_sectors_abs; -}; - -static void read_partition(uint8_t *p, struct partition_record *r) -{ - r->bootable = p[0]; - r->start_head = p[1]; - r->start_cylinder = p[3] | ((p[2] << 2) & 0x0300); - r->start_sector = p[2] & 0x3f; - r->system = p[4]; - r->end_head = p[5]; - r->end_cylinder = p[7] | ((p[6] << 2) & 0x300); - r->end_sector = p[6] & 0x3f; - - r->start_sector_abs = ldl_le_p(p + 8); - r->nb_sectors_abs = ldl_le_p(p + 12); -} - -static int find_partition(BlockBackend *blk, int partition, - uint64_t *offset, uint64_t *size) -{ - struct partition_record mbr[4]; - uint8_t data[MBR_SIZE]; - int i; - int ext_partnum = 4; - int ret; - - ret = blk_pread(blk, 0, data, sizeof(data)); - if (ret < 0) { - error_report("error while reading: %s", strerror(-ret)); - exit(EXIT_FAILURE); - } - - if (data[510] != 0x55 || data[511] != 0xaa) { - return -EINVAL; - } - - for (i = 0; i < 4; i++) { - read_partition(&data[446 + 16 * i], &mbr[i]); - - if (!mbr[i].system || !mbr[i].nb_sectors_abs) { - continue; - } - - if (mbr[i].system == 0xF || mbr[i].system == 0x5) { - struct partition_record ext[4]; - uint8_t data1[MBR_SIZE]; - int j; - - ret = blk_pread(blk, mbr[i].start_sector_abs * MBR_SIZE, - data1, sizeof(data1)); - if (ret < 0) { - error_report("error while reading: %s", strerror(-ret)); - exit(EXIT_FAILURE); - } - - for (j = 0; j < 4; j++) { - read_partition(&data1[446 + 16 * j], &ext[j]); - if (!ext[j].system || !ext[j].nb_sectors_abs) { - continue; - } - - if ((ext_partnum + j + 1) == partition) { - *offset = (uint64_t)ext[j].start_sector_abs << 9; - *size = (uint64_t)ext[j].nb_sectors_abs << 9; - return 0; - } - } - ext_partnum += 4; - } else if ((i + 1) == partition) { - *offset = (uint64_t)mbr[i].start_sector_abs << 9; - *size = (uint64_t)mbr[i].nb_sectors_abs << 9; - return 0; - } - } - - return -ENOENT; -} - static void termsig_handler(int signum) { atomic_cmpxchg(&state, RUNNING, TERMINATE); @@ -617,7 +526,7 @@ int main(int argc, char **argv) int64_t fd_size; QemuOpts *sn_opts = NULL; const char *sn_id_or_name = NULL; - const char *sopt = "hVb:o:p:rsnP:c:dvk:e:f:tl:x:T:D:B:L"; + const char *sopt = "hVb:o:p:rsnc:dvk:e:f:tl:x:T:D:B:L"; struct option lopt[] = { { "help", no_argument, NULL, 'h' }, { "version", no_argument, NULL, 'V' }, @@ -626,7 +535,6 @@ int main(int argc, char **argv) { "socket", required_argument, NULL, 'k' }, { "offset", required_argument, NULL, 'o' }, { "read-only", no_argument, NULL, 'r' }, - { "partition", required_argument, NULL, 'P' }, { "bitmap", required_argument, NULL, 'B' }, { "connect", required_argument, NULL, 'c' }, { "disconnect", no_argument, NULL, 'd' }, @@ -657,7 +565,6 @@ int main(int argc, char **argv) int ch; int opt_ind = 0; int flags = BDRV_O_RDWR; - int partition = 0; int ret = 0; bool seen_cache = false; bool seen_discard = false; @@ -789,15 +696,6 @@ int main(int argc, char **argv) readonly = true; flags &= ~BDRV_O_RDWR; break; - case 'P': - warn_report("The '-P' option is deprecated; use --image-opts with " - "a raw device wrapper for subset exports instead"); - if (qemu_strtoi(optarg, NULL, 0, &partition) < 0 || - partition < 1 || partition > 8) { - error_report("Invalid partition '%s'", optarg); - exit(EXIT_FAILURE); - } - break; case 'B': bitmap = optarg; break; @@ -894,7 +792,7 @@ int main(int argc, char **argv) error_report("List mode is incompatible with a file name"); exit(EXIT_FAILURE); } - if (export_name || export_description || dev_offset || partition || + if (export_name || export_description || dev_offset || device || disconnect || fmt || sn_id_or_name || bitmap || seen_aio || seen_discard || seen_cache) { error_report("List mode is incompatible with per-device settings"); @@ -1158,33 +1056,6 @@ int main(int argc, char **argv) } fd_size -= dev_offset; - if (partition) { - uint64_t limit; - - if (dev_offset) { - error_report("Cannot request partition and offset together"); - exit(EXIT_FAILURE); - } - ret = find_partition(blk, partition, &dev_offset, &limit); - if (ret < 0) { - error_report("Could not find partition %d: %s", partition, - strerror(-ret)); - exit(EXIT_FAILURE); - } - /* - * MBR partition limits are (32-bit << 9); this assert lets - * the compiler know that we can't overflow 64 bits. - */ - assert(dev_offset + limit >= dev_offset); - if (dev_offset + limit > fd_size) { - error_report("Discovered partition %d at offset %" PRIu64 - " size %" PRIu64 ", but size exceeds file length %" - PRId64, partition, dev_offset, limit, fd_size); - exit(EXIT_FAILURE); - } - fd_size = limit; - } - export = nbd_export_new(bs, dev_offset, fd_size, export_name, export_description, bitmap, readonly, shared > 1, nbd_export_closed, writethrough, NULL, -- 2.24.1

1 0

[PULL 2/3] docs: Fix typo in qemu-nbd -P replacement
by Eric Blake 06 Feb '20

06 Feb '20

The suggested replacement for the deprecated 'qemu-nbd -P' refers to 'file.backing.opt' instead of 'file.file.opt'; using the example verbatim results in: qemu-nbd: Failed to blk_new_open 'driver=raw,offset=1m,size=100m,file.driver=qcow2,file.backing.driver=file,file.backing.filename=file4': A block device must be specified for "file" Correct this text, prior to actually finishing the deprecation process. Fixes: 0ae2d54645eb Reported-by: Max Reitz <mreitz(a)redhat.com> Signed-off-by: Eric Blake <eblake(a)redhat.com> Message-Id: <20200123164650.1741798-2-eblake(a)redhat.com> Reviewed-by: Ján Tomko <jtomko(a)redhat.com> --- qemu-deprecated.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qemu-deprecated.texi b/qemu-deprecated.texi index ea3e10bde398..c8ee68a4663a 100644 --- a/qemu-deprecated.texi +++ b/qemu-deprecated.texi @@ -329,7 +329,7 @@ top of any other existing blockdev. For example, if partition 1 is can be rewritten as: -@code{qemu-nbd -t --image-opts driver=raw,offset=1M,size=100M,file.driver=qcow2,file.backing.driver=file,file.backing.filename=file.qcow2} +@code{qemu-nbd -t --image-opts driver=raw,offset=1M,size=100M,file.driver=qcow2,file.file.driver=file,file.file.filename=file.qcow2} Alternatively, the @code{nbdkit} project provides a more powerful partition filter on top of its nbd plugin, which can be used to select -- 2.24.1

1 0

[libvirt PATCH] tests: fix deadlock in eventtest
by Pavel Hrdina 06 Feb '20

06 Feb '20

There is a race deadlock in eventtest after the recent rewrite to drop GNULIB from libvirt code base. The issue happens when the callbacks testPipeReader() or testTimer() are called before waitEvents() starts waiting on `eventThreadCond`. It will never happen because the callbacks are already done and there is nothing that will signal the condition again. Reported-by: Peter Krempa <pkrempa(a)redhat.com> Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com> --- tests/eventtest.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/tests/eventtest.c b/tests/eventtest.c index 9855b578fb..fc814922f2 100644 --- a/tests/eventtest.c +++ b/tests/eventtest.c @@ -43,6 +43,7 @@ VIR_LOG_INIT("tests.eventtest"); static pthread_mutex_t eventThreadMutex = PTHREAD_MUTEX_INITIALIZER; static pthread_cond_t eventThreadCond = PTHREAD_COND_INITIALIZER; +static bool eventThreadSignaled; static struct handleInfo { int pipeFD[2]; @@ -138,8 +139,9 @@ testPipeReader(int watch, int fd, int events, void *data) virEventRemoveHandle(info->delete); cleanup: - pthread_mutex_unlock(&eventThreadMutex); pthread_cond_signal(&eventThreadCond); + eventThreadSignaled = true; + pthread_mutex_unlock(&eventThreadMutex); } @@ -164,8 +166,9 @@ testTimer(int timer, void *data) virEventRemoveTimeout(info->delete); cleanup: - pthread_mutex_unlock(&eventThreadMutex); pthread_cond_signal(&eventThreadCond); + eventThreadSignaled = true; + pthread_mutex_unlock(&eventThreadMutex); } G_GNUC_NORETURN static void *eventThreadLoop(void *data G_GNUC_UNUSED) { @@ -185,7 +188,10 @@ waitEvents(int nhandle, int ntimer) VIR_DEBUG("Wait events nhandle %d ntimer %d", nhandle, ntimer); while (ngothandle != nhandle || ngottimer != ntimer) { - pthread_cond_wait(&eventThreadCond, &eventThreadMutex); + while (!eventThreadSignaled) + pthread_cond_wait(&eventThreadCond, &eventThreadMutex); + + eventThreadSignaled = 0; ngothandle = ngottimer = 0; for (i = 0; i < NUM_FDS; i++) { -- 2.24.1

3 2

[PATCH] lxc: Fix segfault when lxc.network does not start with 'type'
by Julio Faracco 06 Feb '20

06 Feb '20

To configure network settings using config file, legacy LXC settings require starting them with 'lxc.network.type' entry. If someone accidentally starts with 'lxc.network.name', libvirt will crash with segfault. This patch checks if this case is happening. Sample invalid settings: lxc.network.link = eth0 lxc.network.type = phys lxc.network.name = eth1 lxc.network.ipv4 = 192.168.122.2/24 lxc.network.ipv4.gateway = 192.168.122.1 Now, libvirt only see error without segmentation fault. Signed-off-by: Julio Faracco <jcfaracco(a)gmail.com> --- src/lxc/lxc_native.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/lxc/lxc_native.c b/src/lxc/lxc_native.c index 59f3dd4fee..5462b74b85 100644 --- a/src/lxc/lxc_native.c +++ b/src/lxc/lxc_native.c @@ -717,7 +717,11 @@ lxcNetworkGetParseDataByIndexLegacy(lxcNetworkParseDataArray *networks, } /* Return last element added like a stack. */ - return networks->parseData[ndata - 1]; + if (networks->ndata > 0) + return networks->parseData[ndata - 1]; + + /* Not able to retrive an element */ + return NULL; } -- 2.20.1

2 2

[libvirt-TCK] Disabling the vepa VSI test 300-vsitype.t
by Erik Skultety 06 Feb '20

06 Feb '20

Hi list, so since the beginning of this week I've been poking at the last failure [1] in the nwfilter segment of the TCK suite. So, the errors come from libnl although I haven't been able to extract what the true underlying issue is since interface with ID '8' definitely exist on my system. A bit of background (you can either clone the repo or look at the Perl script attached), we're configuring the guest network interface as 'direct' with mode VEPA. IIUC, for proper VEPA support you need a compliant external switch which 1) I don't have 2) upstream CI planned to run in a nested env won't have either. The main issue lies in the test trying to set <virtualport> parameters on the interface. I've tried with regular network interfaces, vlan-tagged interfaces (as one of the other error messages complained about a missing vlan tag - which is something VEPA switches supposedly do on their own), and SR-IOV VFs with no luck. I'd be happy for any networking insights here, but given the setup which had clearly been tested with specialized HW I'd suggest simply disabling the test from the suite for upstream purposes - well, the correct approach would be to introduce a new config option indicating that specialized HW is necessary since currently the test case kind of abuses the config option assigning a virtual interface directly to the guest which in this case is a necessary condition, but not a sufficient one. However, with the Avocado<->TCK joined work happening, I'd rather not spent more time with Perl than necessary. [1] virNetDevVPortProfileOpSetLink:823 : error during virtual port configuration of ifindex 8: No such device or address virNetDevVPortProfileOpCommon:958 : internal error: sending of PortProfileRequest failed. Thanks, Erik

3 4

[libvirt] [PATCH for-5.0 0/4] Remove the deprecated bluetooth subsystem
by Thomas Huth 06 Feb '20

06 Feb '20

This patch series removes the bitrotten bluetooth subsystem. See the patch description of the third patch for the rationale. Thomas Huth (4): hw/arm/nseries: Replace the bluetooth chardev with a "null" chardev hw/usb: Remove the USB bluetooth dongle device Remove the core bluetooth code Remove libbluetooth / bluez from the CI tests .gitlab-ci.yml | 2 +- Makefile.objs | 2 - bt-host.c | 198 -- bt-vhci.c | 167 -- configure | 31 - hw/Kconfig | 1 - hw/Makefile.objs | 1 - hw/arm/nseries.c | 16 +- hw/bt/Kconfig | 2 - hw/bt/Makefile.objs | 3 - hw/bt/core.c | 143 -- hw/bt/hci-csr.c | 512 ----- hw/bt/hci.c | 2263 -------------------- hw/bt/hid.c | 553 ----- hw/bt/l2cap.c | 1367 ------------ hw/bt/sdp.c | 989 --------- hw/usb/Kconfig | 5 - hw/usb/Makefile.objs | 1 - hw/usb/dev-bluetooth.c | 581 ----- include/hw/bt.h | 2177 ------------------- include/sysemu/bt.h | 20 - qemu-deprecated.texi | 7 - qemu-doc.texi | 17 - qemu-options.hx | 79 - tests/docker/dockerfiles/fedora.docker | 1 - tests/docker/dockerfiles/ubuntu.docker | 1 - tests/docker/dockerfiles/ubuntu1804.docker | 1 - vl.c | 136 -- 28 files changed, 8 insertions(+), 9268 deletions(-) delete mode 100644 bt-host.c delete mode 100644 bt-vhci.c delete mode 100644 hw/bt/Kconfig delete mode 100644 hw/bt/Makefile.objs delete mode 100644 hw/bt/core.c delete mode 100644 hw/bt/hci-csr.c delete mode 100644 hw/bt/hci.c delete mode 100644 hw/bt/hid.c delete mode 100644 hw/bt/l2cap.c delete mode 100644 hw/bt/sdp.c delete mode 100644 hw/usb/dev-bluetooth.c delete mode 100644 include/hw/bt.h delete mode 100644 include/sysemu/bt.h -- 2.23.0

7 22

[PATCH v4 0/4] This series implement support for network syntax settings for LXC 3.X.
by Julio Faracco 06 Feb '20

06 Feb '20

Old: lxc.network.type = veth lxc.network.flags = up lxc.network.link = virbr0 New: lxc.net.0.type = veth lxc.net.0.flags = up lxc.net.0.link = virbr0 v1-v2: Moving sscanf to virStrToLong_ull according Daniel's suggestion. v2-v3: Adding missing g_autofree from `suffix` variable. v2-v4: Removing g_autofree inserted above and adding some missing free functions. See Daniel's test results/comments. Julio Faracco (4): lxc: refactor lxcNetworkParseData pointers to use new structures lxc: add LXC version 3 network parser lxc: remove domain definition from lxc network struct tests: update LXC config dataset to support V3 indexes src/lxc/lxc_native.c | 200 ++++++++++++------ .../lxcconf2xml-ethernet-v3.config | 16 +- .../lxcconf2xml-fstab-v3.config | 10 +- .../lxcconf2xml-macvlannetwork-v3.config | 10 +- .../lxcconf2xml-miscnetwork-v3.config | 34 +-- .../lxcconf2xml-nonenetwork-v3.config | 2 +- .../lxcconf2xml-physnetwork-v3.config | 14 +- .../lxcconf2xml-simple-v3.config | 18 +- .../lxcconf2xml-vlannetwork-v3.config | 10 +- 9 files changed, 190 insertions(+), 124 deletions(-) -- 2.20.1

2 8

[PATCH 0/5] ui: rework -show-cursor option
by Gerd Hoffmann 05 Feb '20

05 Feb '20

Gerd Hoffmann (5): ui: add show-cursor option ui/gtk: implement show-cursor option ui/sdl: implement show-cursor option ui: wire up legacy -show-cursor option ui: deprecate legacy -show-cursor option include/sysemu/sysemu.h | 1 - ui/gtk.c | 8 +++++++- ui/sdl2.c | 28 ++++++++++++++++++++-------- vl.c | 6 ++++-- qapi/ui.json | 2 ++ qemu-deprecated.texi | 5 +++++ 6 files changed, 38 insertions(+), 12 deletions(-) -- 2.18.1

3 11

[PATCH v2 2/2] qemu-nbd: Removed deprecated --partition option
by Eric Blake 05 Feb '20

05 Feb '20

The option was deprecated in 4.0.0 (commit 0ae2d546); it's now been long enough with no complaints to follow through with that process. Signed-off-by: Eric Blake <eblake(a)redhat.com> --- docs/interop/qemu-nbd.rst | 15 ++--- qemu-deprecated.texi | 49 ++++++-------- qemu-nbd.c | 133 +------------------------------------- 3 files changed, 24 insertions(+), 173 deletions(-) diff --git a/docs/interop/qemu-nbd.rst b/docs/interop/qemu-nbd.rst index 873bb9e17d56..2e20f84cf025 100644 --- a/docs/interop/qemu-nbd.rst +++ b/docs/interop/qemu-nbd.rst @@ -72,13 +72,6 @@ driver options if ``--image-opts`` is specified. Export the disk as read-only. -.. option:: -P, --partition=NUM - - Deprecated: Only expose MBR partition *NUM*. Understands physical - partitions 1-4 and logical partition 5. New code should instead use - :option:`--image-opts` with the raw driver wrapping a subset of the - original image. - .. option:: -B, --bitmap=NAME If *filename* has a qcow2 persistent bitmap *NAME*, expose @@ -224,14 +217,14 @@ a 1 megabyte subset of a raw file, using the export name 'subset': -t -x subset -p 10810 \ --image-opts driver=raw,offset=1M,size=1M,file.driver=file,file.filename=file.raw -Serve a read-only copy of just the first MBR partition of a guest -image over a Unix socket with as many as 5 simultaneous readers, with -a persistent process forked as a daemon: +Serve a read-only copy of a guest image over a Unix socket with as +many as 5 simultaneous readers, with a persistent process forked as a +daemon: :: qemu-nbd --fork --persistent --shared=5 --socket=/path/to/sock \ - --partition=1 --read-only --format=qcow2 file.qcow2 + --read-only --format=qcow2 file.qcow2 Expose the guest-visible contents of a qcow2 file via a block device /dev/nbd0 (and possibly creating /dev/nbd0p1 and friends for diff --git a/qemu-deprecated.texi b/qemu-deprecated.texi index 358eb6deebdc..f152e8816164 100644 --- a/qemu-deprecated.texi +++ b/qemu-deprecated.texi @@ -319,37 +319,6 @@ The above, converted to the current supported format: @section Related binaries -@subsection qemu-nbd --partition (since 4.0.0) - -The ``qemu-nbd --partition $digit'' code (also spelled @option{-P}) -can only handle MBR partitions, and has never correctly handled -logical partitions beyond partition 5. If you know the offset and -length of the partition (perhaps by using @code{sfdisk} within the -guest), you can achieve the effect of exporting just that subset of -the disk by use of the @option{--image-opts} option with a raw -blockdev using the @code{offset} and @code{size} parameters layered on -top of any other existing blockdev. For example, if partition 1 is -100MiB long starting at 1MiB, the old command: - -@code{qemu-nbd -t -P 1 -f qcow2 file.qcow2} - -can be rewritten as: - -@code{qemu-nbd -t --image-opts driver=raw,offset=1M,size=100M,file.driver=qcow2,file.file.driver=file,file.file.filename=file.qcow2} - -Alternatively, the @code{nbdkit} project provides a more powerful -partition filter on top of its nbd plugin, which can be used to select -an arbitrary MBR or GPT partition on top of any other full-image NBD -export. Using this to rewrite the above example results in: - -@code{qemu-nbd -t -k /tmp/sock -f qcow2 file.qcow2 &} -@code{nbdkit -f --filter=partition nbd socket=/tmp/sock partition=1} - -Note that if you are exposing the export via /dev/nbd0, it is easier -to just export the entire image and then mount only /dev/nbd0p1 than -it is to reinvoke @command{qemu-nbd -c /dev/nbd0} limited to just a -subset of the image. - @subsection qemu-img convert -n -o (since 4.2.0) All options specified in @option{-o} are image creation options, so @@ -406,3 +375,21 @@ trouble after a recent upgrade. The "autoload" parameter has been ignored since 2.12.0. All bitmaps are automatically loaded from qcow2 images. + +@section Related binaries + +@subsection qemu-nbd --partition (removed in 5.0.0) + +The ``qemu-nbd --partition $digit'' code (also spelled @option{-P}) +could only handle MBR partitions, and never correctly handled logical +partitions beyond partition 5. Exporting a partition can still be +done by utilizing the @option{--image-opts} option with a raw blockdev +using the @code{offset} and @code{size} parameters layered on top of +any other existing blockdev. For example, if partition 1 is 100MiB +long starting at 1MiB, the old command: + +@code{qemu-nbd -t -P 1 -f qcow2 file.qcow2} + +can be rewritten as: + +@code{qemu-nbd -t --image-opts driver=raw,offset=1M,size=100M,file.driver=qcow2,file.file.driver=file,file.file.filename=file.qcow2} diff --git a/qemu-nbd.c b/qemu-nbd.c index 108a51f7eb01..a04930770ff7 100644 --- a/qemu-nbd.c +++ b/qemu-nbd.c @@ -100,7 +100,6 @@ static void usage(const char *name) "\n" "Exposing part of the image:\n" " -o, --offset=OFFSET offset into the image\n" -" -P, --partition=NUM only expose partition NUM\n" " -B, --bitmap=NAME expose a persistent dirty bitmap\n" "\n" "General purpose options:\n" @@ -156,96 +155,6 @@ QEMU_COPYRIGHT "\n" , name); } -struct partition_record -{ - uint8_t bootable; - uint8_t start_head; - uint32_t start_cylinder; - uint8_t start_sector; - uint8_t system; - uint8_t end_head; - uint8_t end_cylinder; - uint8_t end_sector; - uint32_t start_sector_abs; - uint32_t nb_sectors_abs; -}; - -static void read_partition(uint8_t *p, struct partition_record *r) -{ - r->bootable = p[0]; - r->start_head = p[1]; - r->start_cylinder = p[3] | ((p[2] << 2) & 0x0300); - r->start_sector = p[2] & 0x3f; - r->system = p[4]; - r->end_head = p[5]; - r->end_cylinder = p[7] | ((p[6] << 2) & 0x300); - r->end_sector = p[6] & 0x3f; - - r->start_sector_abs = ldl_le_p(p + 8); - r->nb_sectors_abs = ldl_le_p(p + 12); -} - -static int find_partition(BlockBackend *blk, int partition, - uint64_t *offset, uint64_t *size) -{ - struct partition_record mbr[4]; - uint8_t data[MBR_SIZE]; - int i; - int ext_partnum = 4; - int ret; - - ret = blk_pread(blk, 0, data, sizeof(data)); - if (ret < 0) { - error_report("error while reading: %s", strerror(-ret)); - exit(EXIT_FAILURE); - } - - if (data[510] != 0x55 || data[511] != 0xaa) { - return -EINVAL; - } - - for (i = 0; i < 4; i++) { - read_partition(&data[446 + 16 * i], &mbr[i]); - - if (!mbr[i].system || !mbr[i].nb_sectors_abs) { - continue; - } - - if (mbr[i].system == 0xF || mbr[i].system == 0x5) { - struct partition_record ext[4]; - uint8_t data1[MBR_SIZE]; - int j; - - ret = blk_pread(blk, mbr[i].start_sector_abs * MBR_SIZE, - data1, sizeof(data1)); - if (ret < 0) { - error_report("error while reading: %s", strerror(-ret)); - exit(EXIT_FAILURE); - } - - for (j = 0; j < 4; j++) { - read_partition(&data1[446 + 16 * j], &ext[j]); - if (!ext[j].system || !ext[j].nb_sectors_abs) { - continue; - } - - if ((ext_partnum + j + 1) == partition) { - *offset = (uint64_t)ext[j].start_sector_abs << 9; - *size = (uint64_t)ext[j].nb_sectors_abs << 9; - return 0; - } - } - ext_partnum += 4; - } else if ((i + 1) == partition) { - *offset = (uint64_t)mbr[i].start_sector_abs << 9; - *size = (uint64_t)mbr[i].nb_sectors_abs << 9; - return 0; - } - } - - return -ENOENT; -} - static void termsig_handler(int signum) { atomic_cmpxchg(&state, RUNNING, TERMINATE); @@ -617,7 +526,7 @@ int main(int argc, char **argv) int64_t fd_size; QemuOpts *sn_opts = NULL; const char *sn_id_or_name = NULL; - const char *sopt = "hVb:o:p:rsnP:c:dvk:e:f:tl:x:T:D:B:L"; + const char *sopt = "hVb:o:p:rsnc:dvk:e:f:tl:x:T:D:B:L"; struct option lopt[] = { { "help", no_argument, NULL, 'h' }, { "version", no_argument, NULL, 'V' }, @@ -626,7 +535,6 @@ int main(int argc, char **argv) { "socket", required_argument, NULL, 'k' }, { "offset", required_argument, NULL, 'o' }, { "read-only", no_argument, NULL, 'r' }, - { "partition", required_argument, NULL, 'P' }, { "bitmap", required_argument, NULL, 'B' }, { "connect", required_argument, NULL, 'c' }, { "disconnect", no_argument, NULL, 'd' }, @@ -657,7 +565,6 @@ int main(int argc, char **argv) int ch; int opt_ind = 0; int flags = BDRV_O_RDWR; - int partition = 0; int ret = 0; bool seen_cache = false; bool seen_discard = false; @@ -793,15 +700,6 @@ int main(int argc, char **argv) readonly = true; flags &= ~BDRV_O_RDWR; break; - case 'P': - warn_report("The '-P' option is deprecated; use --image-opts with " - "a raw device wrapper for subset exports instead"); - if (qemu_strtoi(optarg, NULL, 0, &partition) < 0 || - partition < 1 || partition > 8) { - error_report("Invalid partition '%s'", optarg); - exit(EXIT_FAILURE); - } - break; case 'B': bitmap = optarg; break; @@ -898,7 +796,7 @@ int main(int argc, char **argv) error_report("List mode is incompatible with a file name"); exit(EXIT_FAILURE); } - if (export_name || export_description || dev_offset || partition || + if (export_name || export_description || dev_offset || device || disconnect || fmt || sn_id_or_name || bitmap || seen_aio || seen_discard || seen_cache) { error_report("List mode is incompatible with per-device settings"); @@ -1162,33 +1060,6 @@ int main(int argc, char **argv) } fd_size -= dev_offset; - if (partition) { - uint64_t limit; - - if (dev_offset) { - error_report("Cannot request partition and offset together"); - exit(EXIT_FAILURE); - } - ret = find_partition(blk, partition, &dev_offset, &limit); - if (ret < 0) { - error_report("Could not find partition %d: %s", partition, - strerror(-ret)); - exit(EXIT_FAILURE); - } - /* - * MBR partition limits are (32-bit << 9); this assert lets - * the compiler know that we can't overflow 64 bits. - */ - assert(dev_offset + limit >= dev_offset); - if (dev_offset + limit > fd_size) { - error_report("Discovered partition %d at offset %" PRIu64 - " size %" PRIu64 ", but size exceeds file length %" - PRId64, partition, dev_offset, limit, fd_size); - exit(EXIT_FAILURE); - } - fd_size = limit; - } - export = nbd_export_new(bs, dev_offset, fd_size, export_name, export_description, bitmap, readonly, shared > 1, nbd_export_closed, writethrough, NULL, -- 2.24.1

2 1

[PATCH v2 1/2] docs: Fix typo in qemu-nbd -P replacement
by Eric Blake 05 Feb '20

05 Feb '20

The suggested replacement for the deprecated 'qemu-nbd -P' referw to 'file.backing.opt' instead of 'file.file.opt'; using the example verbatim results in: qemu-nbd: Failed to blk_new_open 'driver=raw,offset=1m,size=100m,file.driver=qcow2,file.backing.driver=file,file.backing.filename=file4': A block device must be specified for "file" Correct this text, prior to actually finishing the deprecation process. Fixes: 0ae2d54645eb Reported-by: Max Reitz <mreitz(a)redhat.com> Signed-off-by: Eric Blake <eblake(a)redhat.com> --- qemu-deprecated.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qemu-deprecated.texi b/qemu-deprecated.texi index 0968d37c745a..358eb6deebdc 100644 --- a/qemu-deprecated.texi +++ b/qemu-deprecated.texi @@ -335,7 +335,7 @@ top of any other existing blockdev. For example, if partition 1 is can be rewritten as: -@code{qemu-nbd -t --image-opts driver=raw,offset=1M,size=100M,file.driver=qcow2,file.backing.driver=file,file.backing.filename=file.qcow2} +@code{qemu-nbd -t --image-opts driver=raw,offset=1M,size=100M,file.driver=qcow2,file.file.driver=file,file.file.filename=file.qcow2} Alternatively, the @code{nbdkit} project provides a more powerful partition filter on top of its nbd plugin, which can be used to select -- 2.24.1

2 1

[PATCH v3 0/6] Add support for SPAPR vTPM for pSeries VM
by Stefan Berger 05 Feb '20

05 Feb '20

QEMU 5.0 will have SPAPR vTPM support. This series of patches adds support for the XML and command line creation of the SPAPR vTPM for pSeries VMs along with test cases. Regards, Stefan v2->v3: - Applied Jan's R-b's - Fixed issue in 4/6. v1->v2: - Applied R-b to unmodified patches - Addressed Ján's comments; added patch is 1/6 Stefan Berger (6): conf: Introduce VIR_DOMAIN_TPM_MODEL_DEFAULT as default model conf: Add support for tpm-spapr to domain XML qemu: Extend QEMU capabilities with 'tpm-spapr' qemu: Extend QEMU with tpm-spapr support tests: Extend ppc64 capabilities data with TPM related XML and responses tests: Add test for domain XML with tpm-spapr TPM device model docs/formatdomain.html.in | 7 +- docs/schemas/domaincommon.rng | 4 + src/conf/domain_conf.c | 2 + src/conf/domain_conf.h | 2 + src/qemu/qemu_capabilities.c | 6 + src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_command.c | 15 +- src/qemu/qemu_domain.c | 27 +- src/qemu/qemu_domain_address.c | 9 + tests/domaincapsdata/qemu_5.0.0.ppc64.xml | 115 + .../caps_5.0.0.ppc64.replies | 24695 ++++++++++++++++ .../qemucapabilitiesdata/caps_5.0.0.ppc64.xml | 1128 + .../tpm-emulator-spapr.ppc64-latest.args | 45 + tests/qemuxml2argvdata/tpm-emulator-spapr.xml | 60 + tests/qemuxml2argvtest.c | 4 + 15 files changed, 26110 insertions(+), 10 deletions(-) create mode 100644 tests/domaincapsdata/qemu_5.0.0.ppc64.xml create mode 100644 tests/qemucapabilitiesdata/caps_5.0.0.ppc64.replies create mode 100644 tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml create mode 100644 tests/qemuxml2argvdata/tpm-emulator-spapr.ppc64-latest.args create mode 100644 tests/qemuxml2argvdata/tpm-emulator-spapr.xml -- 2.17.1

2 7

[hooks PATCH v2] Don't allow @localhost email addresses in commit message
by Daniel P. Berrangé 05 Feb '20

05 Feb '20

Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- update | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/update b/update index 247b008..7f26035 100755 --- a/update +++ b/update @@ -41,6 +41,10 @@ # When this boolean is true, you may not push a merge commit to BRANCH_NAME. # By default, you may. # +# hooks.allowlocalhostemail +# When this boolean is true, commit message email addresses are +# allowed to refer to @localhost +# # --------------------------------------------------------------------- # Allow people to change server-side git config in very specific ways. # To enable this, on the server, you must do something like the following, @@ -264,6 +268,19 @@ if [ $check_diff = yes ]; then fi done fi + + allow_localhost_email=$(git config --bool hooks.allowlocalhostemail) + if [ "$allow_localhost_email" != "true" ]; then + for rev in `git log --format=%h $oldrev..$newrev` + do + git show $rev | grep -E '<.*(a)localhost.*>' >/dev/null 2>&1 + if test $? != 0 + then + echo "*** Update hook: @localhost email address is forbidden $rev" >&2 + exit 1 + fi + done + fi fi # --- Finished -- 2.24.1

3 2

[PATCH v2 0/6] Add support for SPAPR vTPM for pSeries VM
by Stefan Berger 05 Feb '20

05 Feb '20

QEMU 5.0 will have SPAPR vTPM support. This series of patches adds support for the XML and command line creation of the SPAPR vTPM for pSeries VMs along with test cases. Regards, Stefan v1->v2: - Applied R-b to unmodified patches - Addressed Ján's comments; added patch is 1/6 Stefan Berger (6): conf: Introduce VIR_DOMAIN_TPM_MODEL_DEFAULT as default model conf: Add support for tpm-spapr to domain XML qemu: Extend QEMU capabilities with 'tpm-spapr' qemu: Extend QEMU with tpm-spapr support tests: Extend ppc64 capabilities data with TPM related XML and responses tests: Add test for domain XML with tpm-spapr TPM device model docs/formatdomain.html.in | 7 +- docs/schemas/domaincommon.rng | 4 + src/conf/domain_conf.c | 2 + src/conf/domain_conf.h | 2 + src/qemu/qemu_capabilities.c | 6 + src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_command.c | 15 +- src/qemu/qemu_domain.c | 27 +- src/qemu/qemu_domain_address.c | 10 + tests/domaincapsdata/qemu_5.0.0.ppc64.xml | 115 + .../caps_5.0.0.ppc64.replies | 24695 ++++++++++++++++ .../qemucapabilitiesdata/caps_5.0.0.ppc64.xml | 1128 + .../tpm-emulator-spapr.ppc64-latest.args | 45 + tests/qemuxml2argvdata/tpm-emulator-spapr.xml | 60 + tests/qemuxml2argvtest.c | 4 + 15 files changed, 26111 insertions(+), 10 deletions(-) create mode 100644 tests/domaincapsdata/qemu_5.0.0.ppc64.xml create mode 100644 tests/qemucapabilitiesdata/caps_5.0.0.ppc64.replies create mode 100644 tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml create mode 100644 tests/qemuxml2argvdata/tpm-emulator-spapr.ppc64-latest.args create mode 100644 tests/qemuxml2argvdata/tpm-emulator-spapr.xml -- 2.17.1

2 13

[libvirt PATCH v2 00/56] the gnulib saga: the season finale
by Daniel P. Berrangé 05 Feb '20

05 Feb '20

This is a followup to v1: https://www.redhat.com/archives/libvir-list/2020-January/msg00900.html At the end of this series we have 100% eliminated use of GNULIB from libvirt. The first 10 or so patches have been reviewed by Pavel already but I include them here anyway. Rather than wait for all of the series to be review, it is probably more productive to push patches in batches of 10 or so. Some things to note - I have build tested this on Travis platforms and manually via FreeBSD 11/12. This covers make, make syntax-check & make check - I've validated that virsh still works with mingw64 builds on Windows 2008r2. - I've done basic functional testing on Fedora 31, starting and stopping VMs & other other simple APIs The config.h we generate is much much smaller than before as we eliminated alot of gnulib macros. The risk here is that we are no longer setting some HAVE_XXX in config.h that we rely on. To mitigate this I did a diff of config.h before & after this series to determinw which HAVE_XXX we no longer set. I then grepped the source to see if we actually use any of them. This identified a few mistakes which I fixed in testing this series. The builds times for libvirt after applying this series have some significant gains, improving speed of all stages (autogen, configure & make). Overall while this was time consuming work (due to massive number of builds for testing each step), it is surprising just how easy it was eliminate need for GNULIB. GLib helped a little bit in this respect, but the biggest factor is simply that a large number of issues GNULIB fixes only matter for ancient / obsolete OS platforms. With libvirt only targetting modern Linux, FreeBSD, macOS & MinGW, the only really hard stuff where GNULIB was a big help is the Windows sockets portability. GNULIB was a pretty valuable approach when there were countless flavours of UNIX to worry about with poor levels of POSIX API compatibility. With a typical modern set of platforms, I think it is better to just use a library like GLib and deal with any other portability problems explicitly. Almost certainly someone will appear after next release and complain that libvirt no longer builds on some platform that we don't officially support. My expectation is that when this happens it will be reasonably easy to fix whatever problem they report. Also at that time we can also consider whether the platform needs to be added to CI. Daniel P. Berrangé (56): tests: stop setting $SHELL env variable util: add a virArchFromHost() impl for Windows util: add API for reading password from the console src: remove usage of strchrnul function build: generate configmake.h in root directory util: use getgrouplist() directly instead of mgetgroups tools: replace wcwidth() with g_unichar_* APIs src: remove unused sys/utsname.h includes util: explicitly include windows.h storage: remove use of stat-time.h headers src: implement APIs for passing FDs over UNIX sockets rpc: conditionalize signal handling src: only import sys/uio.h when journald is built src: replace mkdir() with g_mkdir() m4: disable polkit build on Windows util: conditionalize more of virCommand on WIN32 src: remove all traces of Cygwin support util: conditionalize virProcess APIs on Windows src: conditionalize use of net/if.h configure: add check for sys/ioctl.h src: conditionalize use of S_ISSOCK macro configure: request system specific extensions src: stop using O_DIRECTORY in resctrl src: ensure O_CLOEXEC is defined on Windows src: conditionalize use of F_DUPFD_CLOEXEC src: conditionalize use of O_DIRECT src: conditionalize use of O_BINARY src: conditionalize use of chown & stat constants src: convert all code to use virsocket.h tests: conditionalize use of SIGPIPE src: conditionalize EAI_ADDRFAMILY bootstrap: remove 18 more gnulib modules src: introduce helper API for creating GSource for socket rpc: convert RPC client to use GMainLoop instead of poll tests: convert eventtest to use public event APIs tests: remove event loop from command test tests: refactor event test to not run lock step tools: convert to use g_poll instead of poll util: import an event loop impl based on GMainContext util: switch to use the GLib event loop impl util: delete the poll() based event loop impl src: conditionalize / remove use of poll.h util: conditionalize FD stream to exclude WIN32 src: remove sys/wait.h from many files configure: request 64-bit APIs on 32-bit platforms examples: remove obsolete workaround for mingw src: introduce a wrapper for the pipe2() system call src: convert code to use virPipe APIs tools: conditionalize use of O_SYNC flag m4: add check for pthread library src: assume sys/sysmacros.h always exists on Linux src: add define of ENOMSG for MinGW src: optionally include xlocale.h header src: ensure use of g_printf / g_fprintf functions src: remove virFilePrintf in favour of g_fprintf gnulib: delete all gnulib integration .color_coded.in | 2 - .gitignore | 9 +- .gitmodules | 3 - .gnulib | 1 - .ycm_extra_conf.py.in | 2 - Makefile.am | 46 +- README-hacking | 9 +- autogen.sh | 219 +---- bootstrap | 1073 ------------------------- bootstrap.conf | 136 ---- build-aux/syntax-check.mk | 132 +-- ci/build.sh | 4 +- config-post.h | 5 +- configure.ac | 49 +- docs/compiling.html.in | 25 - docs/hacking.html.in | 5 +- examples/c/domain/domtop.c | 15 - examples/c/domain/suspend.c | 14 - gnulib/lib/Makefile.am | 30 - libvirt.spec.in | 2 - m4/virt-compile-pie.m4 | 2 +- m4/virt-compile-warnings.m4 | 18 +- m4/virt-polkit.m4 | 4 + m4/virt-pthread.m4 | 26 +- m4/virt-win-common.m4 | 8 +- m4/virt-win-cygwin.m4 | 32 - m4/virt-win-symbols.m4 | 4 +- m4/virt-win-windres.m4 | 4 +- m4/virt-xdr.m4 | 9 +- po/POTFILES.in | 3 +- src/Makefile.am | 17 +- src/admin/Makefile.inc.am | 2 - src/bhyve/Makefile.inc.am | 1 - src/conf/domain_audit.c | 4 +- src/conf/network_conf.c | 2 - src/esx/esx_util.c | 3 +- src/esx/esx_util.h | 1 - src/interface/Makefile.inc.am | 1 - src/internal.h | 30 + src/libvirt-domain.c | 2 + src/libvirt.c | 10 +- src/libvirt_private.syms | 24 +- src/libxl/Makefile.inc.am | 1 - src/libxl/libxl_conf.c | 2 - src/libxl/libxl_migration.c | 6 +- src/locking/Makefile.inc.am | 9 +- src/locking/lock_daemon.c | 2 +- src/logging/Makefile.inc.am | 2 - src/logging/log_daemon.c | 2 +- src/logging/log_handler.c | 6 +- src/lxc/Makefile.inc.am | 2 - src/lxc/lxc_container.c | 1 - src/lxc/lxc_controller.c | 8 +- src/lxc/lxc_driver.c | 8 +- src/lxc/lxc_process.c | 5 +- src/network/Makefile.inc.am | 3 +- src/network/bridge_driver.c | 1 - src/node_device/Makefile.inc.am | 2 - src/nwfilter/Makefile.inc.am | 1 - src/nwfilter/nwfilter_dhcpsnoop.c | 3 - src/nwfilter/nwfilter_learnipaddr.c | 4 +- src/openvz/openvz_conf.c | 5 +- src/openvz/openvz_driver.c | 1 - src/qemu/Makefile.inc.am | 1 - src/qemu/qemu_agent.c | 4 +- src/qemu/qemu_capabilities.c | 1 - src/qemu/qemu_conf.c | 4 +- src/qemu/qemu_domain.c | 4 +- src/qemu/qemu_driver.c | 4 +- src/qemu/qemu_interface.c | 4 +- src/qemu/qemu_migration.c | 28 +- src/qemu/qemu_monitor.c | 3 +- src/qemu/qemu_monitor_json.c | 4 +- src/qemu/qemu_tpm.c | 5 +- src/remote/Makefile.inc.am | 1 - src/remote/qemu_protocol.x | 1 - src/remote/remote_daemon.c | 3 +- src/remote/remote_protocol.x | 2 +- src/rpc/Makefile.inc.am | 3 - src/rpc/genprotocol.pl | 2 +- src/rpc/virnetclient.c | 248 +++--- src/rpc/virnetdaemon.c | 44 +- src/rpc/virnetdaemon.h | 4 + src/rpc/virnetprotocol.x | 2 +- src/rpc/virnetsocket.c | 44 +- src/secret/Makefile.inc.am | 1 - src/security/Makefile.inc.am | 1 - src/security/security_dac.c | 4 + src/security/security_manager.c | 2 + src/security/security_selinux.c | 16 +- src/storage/Makefile.inc.am | 16 - src/storage/storage_backend_iscsi.c | 1 - src/storage/storage_backend_logical.c | 1 - src/storage/storage_util.c | 25 +- src/util/Makefile.inc.am | 6 +- src/util/iohelper.c | 4 + src/util/viralloc.h | 3 +- src/util/virarch.c | 52 +- src/util/virarptable.c | 1 - src/util/virbitmap.c | 4 +- src/util/vircgroup.c | 18 +- src/util/vircommand.c | 183 +++-- src/util/virdevmapper.c | 4 +- src/util/virdnsmasq.c | 9 +- src/util/virevent.c | 21 +- src/util/vireventglib.c | 455 +++++++++++ src/util/vireventglib.h | 28 + src/util/vireventglibwatch.c | 248 ++++++ src/util/vireventglibwatch.h | 48 ++ src/util/vireventpoll.c | 772 ------------------ src/util/vireventpoll.h | 126 --- src/util/virfdstream.c | 131 ++- src/util/virfile.c | 102 +-- src/util/virfile.h | 3 - src/util/virgettext.c | 3 + src/util/virhook.c | 1 - src/util/virhostcpu.c | 1 - src/util/virhostmem.c | 1 - src/util/viriptables.c | 1 - src/util/virlog.c | 8 +- src/util/virnetdev.c | 1 - src/util/virnetdev.h | 4 +- src/util/virnetdevbridge.c | 8 +- src/util/virnetdevip.c | 4 +- src/util/virnetdevmacvlan.c | 3 +- src/util/virnetdevtap.c | 4 +- src/util/virnetdevveth.c | 2 - src/util/virnetdevvportprofile.c | 3 +- src/util/virnetlink.c | 3 +- src/util/virpolkit.c | 4 +- src/util/virprocess.c | 108 ++- src/util/virresctrl.c | 2 +- src/util/virsocket.c | 139 +++- src/util/virsocket.h | 21 +- src/util/virsocketaddr.c | 2 - src/util/virsocketaddr.h | 20 +- src/util/virstring.c | 3 + src/util/virsysinfo.c | 15 +- src/util/virsystemd.c | 9 +- src/util/virutil.c | 146 +++- src/util/virutil.h | 36 + src/util/virxdrdefs.h | 12 +- src/vbox/Makefile.inc.am | 1 - src/vbox/vbox_MSCOMGlue.c | 6 +- src/vz/Makefile.inc.am | 1 - src/vz/vz_driver.c | 1 - tests/Makefile.am | 26 +- tests/commanddata/test27.log | 6 +- tests/commanddata/test3.log | 2 +- tests/commandhelper.c | 5 +- tests/commandtest.c | 115 +-- tests/eventtest.c | 219 +++-- tests/fdstreamtest.c | 42 +- tests/libxlmock.c | 2 +- tests/nsstest.c | 3 +- tests/qemusecuritytest.c | 2 +- tests/shunloadtest.c | 2 +- tests/ssh.c | 3 +- tests/testutils.c | 5 +- tests/testutils.h | 6 - tests/testutilsqemu.c | 4 +- tests/virauthconfigtest.c | 2 + tests/vircgroupmock.c | 8 +- tests/virkeyfiletest.c | 2 + tests/virlockspacetest.c | 4 +- tests/virnetmessagetest.c | 2 + tests/virnetsockettest.c | 3 +- tests/virnettlscontexttest.c | 3 +- tests/virnettlshelpers.c | 1 - tests/virnettlssessiontest.c | 3 +- tests/virportallocatormock.c | 5 +- tests/virstringtest.c | 37 +- tests/virtestmock.c | 9 +- tests/virtimetest.c | 2 + tests/viruritest.c | 2 + tests/vshtabletest.c | 4 + tools/Makefile.am | 9 +- tools/nss/libvirt_nss.c | 7 +- tools/virsh-domain.c | 72 +- tools/virsh.c | 6 - tools/virt-admin.c | 5 - tools/virt-login-shell.c | 6 +- tools/vsh-table.c | 2 +- tools/vsh.c | 31 +- 184 files changed, 2295 insertions(+), 3708 deletions(-) delete mode 160000 .gnulib delete mode 100755 bootstrap delete mode 100644 bootstrap.conf delete mode 100644 gnulib/lib/Makefile.am delete mode 100644 m4/virt-win-cygwin.m4 create mode 100644 src/util/vireventglib.c create mode 100644 src/util/vireventglib.h create mode 100644 src/util/vireventglibwatch.c create mode 100644 src/util/vireventglibwatch.h delete mode 100644 src/util/vireventpoll.c delete mode 100644 src/util/vireventpoll.h -- 2.24.1

3 112

Disabling PCI "hot-unplug" for a guest (and/or a single PCI device)
by Laine Stump 05 Feb '20

05 Feb '20

Although I've never experienced it, due to not running Windows guests, I've recently learned that a Windows guest permits a user (hopefully only one with local admin privileges??!) to "hot-unplug" any PCI device. I've also learned that some hypervisor admins don't want to permit admins of the virtual machines they're managing to unplug PCI devices. I believe this is impossible to prevent on an i440fx-based machinetype, and can only be done on a q35-based machinetype by assigning the devices to the root bus (so that they are seen as integrated devices) rather than to a pcie-root-port. But when libvirt is assigning PCI addresses to devices in a q35-base guest, it will *always* assign a PCIe device to a pcie-root-port specifically so that hotplug is possible (this was done to maintain functional parity with i440fx guests, where all PCI slots support hotplug). To make the above-mentioned admins happy, we need to make it possible to (easily) create guest configurations for q35-based virtual machines where the PCI devices can't be hot-unplugged by the guest OS. Thinking in the context of a management platform (e.g. OpenStack or ovirt) that goes through libvirt to use QEMU (and forgetting about i440fx, concentrating only on q35), I can think of a few different ways this could be done: 1) Rather than leaving the task of assignung the PCI addresses of devices to libvirt (which is what essentially *all* management apps that use libvirt currently do), the management application could itself directly assign the PCI addressed of all devices to be slots on pcie.0. This is problematic because once a management application has taken over the PCI address assignment of a single device, it must learn the rules of what type of device can be plugged into what type of PCI controller (including plugging in new controllers when necessary), and keep track of which slots on which PCI controllers are already in use - effectively tossing that part of libvirt's functionality / embedded knowledge / usefulness to management applications out the window. It's even more of a problem for management applications that have no provision for manually assigning PCI addresses - virt-manager for example only supports this by using "XML mode" where the froopy point-click UI is swapped out for an edit window where the user is simply presented with the full XML for a device and allowed to tweak it around as they see fit (including duplicate addresses, plugging the wrong kind of device into the wrong slot, referencing non-existent controllers, etc). (NB: you could argue that management could just take over PCI address assignment in the case of wanting hotplug disabled, and only care about / support pcie.0 (which makes the task much easier, since you just ignore the existence of any other PCI controllers, leaving you with a homogenous array of 32 slot x 8 functions, but becomes much more complicated if you want to allow a mix of hotpluggable and non-hotpluggable devices, and you *know* someone will) 2) libvirt could gain a knob "somewhere" in the domain XML to force a single device, or all devices, to be assigned to a PCI address on pcie.0 rather than on a pcie-root-port. This could be thought of as a "hint" about device placement, as well as extra validation in the case that a PCI address has been manually assigned. So, for example, let's say a "hotplug='disable'" option is added somewhere at the top level of the domain (maybe "<hotplug enable='no'/>" inside <features> or something like that); when PCI addresses are assigned by libvirt, it would attempt to find a slot on a controller that didn't support hotplug. And/or a similar knob could be added to each device. In both cases, the setting would be used both when assigning PCI addresses and also to validate user-provided PCI addresses to assure that the desired criterion was met (otherwise someone would manually select a PCI address on a controller that supported hotplug, but then set "hotplug='disabled'" and expect hotplug to be magically disabled on the slot). Some of you will remember that I proposed such a knob for libvirt a few years ago when we were first fleshing out support for QEMU's PCI Express controllers and the Q35 machinetype, and it was rejected as "libvirt dictating policy". Of course at that time there weren't actual users demanding the functionality, and now there are. Aside from that, all I can say is that it isn't libvirt dictating this policy, it's the user of libvirt, and libvirt is just following directions :-) (and that I really really dislike the idea of a forced handover of the entire task of assigning/managing device PCI addresses to management apps just because they decide they want to disable guest-initiated hotplug 3) qemu could add a "hotpluggable=no" commandline option to all PCI devices (including vfio-pci) and then do whatever is necessary to make sure this is honored in the emulated hardware (is it possible to set this on a per-slot basis in a PCI controller? Or must it be done for an entire controller? I suppose it's not as much of an issue for pcie-root-port, as long as you're not using multiple functions). libvirt would then need to add this option to the XML for each device, and management applications would need to set it - it would essentially look the same to the management application, but it would be implemented differently - instead of libvirt using that flag to make a choice about which slot to assign, it would assign PCI addresses in the same manner as before, and use the libvirt XML flag to set a QEMU commandline flag for the device. The upside of this is that we would be disabling hotplug by "disabling hotplug" rather than by "assigning the device to a slot that coincidentally doesn't support hotplug", making it all more orthogonal - everything else in a guest's config could remain exactly the same while enabling/disabling hotplug. (Another upside is that it could possibly be made to work for i440fx machine types, but we're not supposed to care about that any more, so I won't mention it :-)) The downside is that it requires a new feature in QEMU (whose difficulty/feasibility I have 0 knowledge of), so there are 3 layers of work rather than 2. So does anyone have any different (and hopefully better) idea of how to do this? Arguments for/against the 3 possibilities I've listed here?

4 7

[libvirt PATCH] rpc: gendispatch: trim Flags from the return struct name
by Ján Tomko 05 Feb '20

05 Feb '20

This lets it generate the remote dispatch for StorageVolGetInfoFlags. Signed-off-by: Ján Tomko <jtomko(a)redhat.com> --- src/remote/remote_daemon_dispatch.c | 35 ----------------------------- src/remote/remote_protocol.x | 2 +- src/rpc/gendispatch.pl | 1 + 3 files changed, 2 insertions(+), 36 deletions(-) diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon_dispatch.c index b08bd5b8ba..2741a32f63 100644 --- a/src/remote/remote_daemon_dispatch.c +++ b/src/remote/remote_daemon_dispatch.c @@ -7162,41 +7162,6 @@ remoteDispatchDomainInterfaceAddresses(virNetServerPtr server G_GNUC_UNUSED, } -static int -remoteDispatchStorageVolGetInfoFlags(virNetServerPtr server G_GNUC_UNUSED, - virNetServerClientPtr client, - virNetMessagePtr msg G_GNUC_UNUSED, - virNetMessageErrorPtr rerr, - remote_storage_vol_get_info_flags_args *args, - remote_storage_vol_get_info_flags_ret *ret) -{ - int rv = -1; - virStorageVolPtr vol = NULL; - virStorageVolInfo tmp; - virConnectPtr conn = remoteGetStorageConn(client); - - if (!conn) - goto cleanup; - - if (!(vol = get_nonnull_storage_vol(conn, args->vol))) - goto cleanup; - - if (virStorageVolGetInfoFlags(vol, &tmp, args->flags) < 0) - goto cleanup; - - ret->type = tmp.type; - ret->capacity = tmp.capacity; - ret->allocation = tmp.allocation; - rv = 0; - - cleanup: - if (rv < 0) - virNetMessageSaveError(rerr); - virObjectUnref(vol); - return rv; -} - - static int remoteDispatchNetworkPortGetParameters(virNetServerPtr server G_GNUC_UNUSED, virNetServerClientPtr client, diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x index 1f7963510a..d4393680e9 100644 --- a/src/remote/remote_protocol.x +++ b/src/remote/remote_protocol.x @@ -6367,7 +6367,7 @@ enum remote_procedure { REMOTE_PROC_NODE_DEVICE_EVENT_UPDATE = 377, /** - * @generate: none + * @generate: server * @priority: high * @acl: storage_vol:read */ diff --git a/src/rpc/gendispatch.pl b/src/rpc/gendispatch.pl index 8656c8f205..987a136566 100755 --- a/src/rpc/gendispatch.pl +++ b/src/rpc/gendispatch.pl @@ -994,6 +994,7 @@ elsif ($mode eq "server") { } else { my $struct_name = $call->{ProcName}; $struct_name =~ s/Get//; + $struct_name =~ s/Flags$//; splice(@args_list, $call->{ret_offset}, 0, ("&tmp")); -- 2.21.0

2 1

[PATCH 0/9] qemu: Properly support 'volume' type backing stores
by Peter Krempa 05 Feb '20

05 Feb '20

We didn't bother to translate the disk source when an user used <backingStore type='volume'>. Peter Krempa (9): virDomainDiskAddISCSIPoolSourceHost: Sanitize handling of string list virDomainDiskAddISCSIPoolSourceHost: use g_new0 instead of VIR_ALLOC_N virDomainDiskAddISCSIPoolSourceHost: Remove 'cleanup' label virDomainDiskAddISCSIPoolSourceHost: Remove ternary operator virDomainDiskAddISCSIPoolSourceHost: Take virStorageSourcePtr instead of virDomainDiskDefPtr virDomainDiskTranslateSourcePoolAuth: Take virStorageSourcePtr instead of virDomainDiskDefPtr virDomainDiskTranslateISCSIDirect: Take virStorageSourcePtr instead of virDomainDiskDefPtr virDomainDiskTranslateSourcePool: split code to setup one storage source virDomainDiskTranslateSourcePool: Translate 'VOLUME' disks in whole backing chain src/conf/domain_conf.c | 188 ++++++++++++++++++++--------------------- 1 file changed, 92 insertions(+), 96 deletions(-) -- 2.24.1

2 18

[libvirt] Designing XML for HMAT
by Michal Privoznik 05 Feb '20

05 Feb '20

Dear list, QEMU gained support for configuring HMAT recently (see v4.2.0-415-g9b12dfa03a and friends). HMAT stands for Heterogeneous Memory Attribute Table and defines various attributes to NUMA. Guest OS/app can read these information and fine tune optimization. See [1] for more info (esp. links in the transcript). QEMU defines so called initiator, which is an attribute to a NUMA node and if specified points to another node that has the best performance to this node. For instance: -machine hmat=on \ -m 2G,slots=2,maxmem=4G \ -object memory-backend-ram,size=1G,id=m0 \ -object memory-backend-ram,size=1G,id=m1 \ -numa node,nodeid=0,memdev=m0 \ -numa node,nodeid=1,memdev=m1,initiator=0 \ -smp 2,sockets=2,maxcpus=2 \ -numa cpu,node-id=0,socket-id=0 \ -numa cpu,node-id=0,socket-id=1 creates a machine with 2 NUMA nodes, node 0 has CPUs and node 1 has memory only and it's initiator is node 0 (yes, HMAT allows you to create CPU-less "NUMA" nodes). The initiator of node 0 is not specified, but since the node has at least one CPU it is initiator to itself (and has to be per specs). This could be represented by an attribute to our /domain/cpu/numa/cell element. For instance like this: <domain> <vcpu>2</vcpu> <cpu> <numa> <cell id='0' cpus='0,1' memory='1' unit='GiB'/> <cell id='1' memory='1' unit='GiB' initiator='0'/> </numa> </cpu> </domain> Then, QEMU allows us to control two other important memory attributes: 1) hmat-lb for Latency and Bandwidth 2) hmat-cache for cache attributes For example: -machine hmat=on \ -m 2G,slots=2,maxmem=4G \ -object memory-backend-ram,size=1G,id=m0 \ -object memory-backend-ram,size=1G,id=m1 \ -smp 2,sockets=2,maxcpus=2 \ -numa node,nodeid=0,memdev=m0 \ -numa node,nodeid=1,memdev=m1,initiator=0 \ -numa cpu,node-id=0,socket-id=0 \ -numa cpu,node-id=0,socket-id=1 \ -numa hmat-lb,initiator=0,target=0,hierarchy=memory,data-type=access-latency,latency=5 \ -numa hmat-lb,initiator=0,target=0,hierarchy=memory,data-type=access-bandwidth,bandwidth=200M \ -numa hmat-lb,initiator=0,target=1,hierarchy=memory,data-type=access-latency,latency=10 \ -numa hmat-lb,initiator=0,target=1,hierarchy=memory,data-type=access-bandwidth,bandwidth=100M \ -numa hmat-cache,node-id=0,size=10K,level=1,associativity=direct,policy=write-back,line=8 \ -numa hmat-cache,node-id=1,size=10K,level=1,associativity=direct,policy=write-back,line=8 This extends previous example by defining some latencies and cache attributes. The node 0 has access latency of 5 ns and bandwidth of 200MB/s and node 1 has access latency of 10ns and bandwidth of only 100MB/s. The memory cache level 1 on both nodes is 10KB, cache line is 8B long with write-back policy and direct associativity (whatever that means). For better future extensibility I'd express these as separate elements, rather than attributes to <cell/> element. For instance like this: <domain> <vcpu>2</vcpu> <cpu> <numa> <cell id='0' cpus='0,1' memory='1' unit='GiB'> <latencies> <latency type='access' value='5'/> <bandwidth type='access' unit='MiB' value='200'/> </latencies> <caches> <cache level='1' associativity='direct' policy='write-back'> <size unit='KiB' value='10'/> <line unit='B' value='8'/> </cache> </caches> </cell> <cell id='1' memory='1' unit='GiB' initiator='0'> <latencies> <latency type='access' value='10'/> <bandwidth type='access' unit='MiB' value='100'/> </latencies> <caches> <cache level='1' associativity='direct' policy='write-back'> <size unit='KiB' value='10'/> <line unit='B' value='8'/> </cache> </caches> </cell> </numa> </cpu> </domain> Thing is, the @hierarchy argument accepts: memory (referring to whole memory), or first-level|second-level|third-level (referring to side caches for each domain). I haven't figured out yet, how to express the levels in XML yet. The @data-type argument accepts access|read|write (this is expressed by @type attribute to <latency/> and <bandwidth/> elements). Latency and bandwidth can be combined with each type: access-latency, read-latency, write-latency, access-bandwidth, read-bandwidth, write-bandwidth. And these 6 can then be combined with aforementioned @hierarchy, producing 24 combinations (if I read qemu cmd line specs correctly [2]). What are your thoughts? Michal 1: https://bugzilla.redhat.com/show_bug.cgi?id=1786303 2: https://git.qemu.org/?p=qemu.git;a=blob;f=qemu-options.hx;h=d4b73ef60c1d458…

2 2

[libvirt PATCH 00/12] virtio failover / vfio auto-plug-on-migrate
by Laine Stump 05 Feb '20

05 Feb '20

https://bugzilla.redhat.com/1693587 'QEMU 4.2.0 and later, combined with a sufficiently recent guest virtio-net driver, supports setting up a simple network bond device comprised of one virtio emulated NIC and one hostdev NIC (which must be an SRIOV VF). The allure of this setup is that the bond will always favor the hostdev device, providing better performance, until the guest is migrated - at that time QEMU will automatically unplug the hostdev NIC and the bond will send all traffic via the virtio NIC until migration is completed, then QEMU on the destination side will hotplug a new hostdev NIC and the bond will switch back to using the hostdev for network traffic. The result is that guests desiring the extra performance of a hostdev NIC are now migratable without network downtime (performance is just degraded during migration) and without requiring a complicated bonding configuration in the guest OS network config and complicated unplug/replug logic in the management application on the host - it can instead all be accomplished in libvirt with the interface <driver> subelement "failover" and "backupAlias" attributes. Patches 1-4 are just simple refactoring with no functional change, 5-10 are the new functionality, patch 11 is documentation, and Patch 12 is an RFC for a method to solve a problem that oVirt has when trying to use this feature - while the virtio guest driver requires the pair of interfaces to have matching MAC addresses, oVirt requires every network interface to have a unique MAC. I'm not sure that I like having this hackishness in libvirt (see the commit log message), but it does solve oVirt's problem, and also makes direct config with libvirt XML simpler (since it removes the need to manually specify any MAC addresses in order to arrive at a working config, which is something that has always been the case before now). I'll leave it up to the jury to decide whether or not it's acceptable :-) Laine Stump (12): conf: refactor hostdev driver subelement format for simpler additions conf: change virDomainVirtioNet*Format() to return void conf: rename two static functions conf: refactor <interface>'s <driver> subelement parse/format qemu: add capabilities flag for failover feature conf: add failover attribute to <driver> subelement of <interface> qemu: add backupAlias attribute to <driver> subelement of hostdev devices conf: add backupAlias attribute to <interface> driver subelement qemu: allow migration with assigned PCI hostdev if backupAlias is set qemu: add wait-unplug to qemu migration status enum docs: document virtio failover / QEMU auto-plug of hostdev during migration conf/qemu: new <driver> attribute "useBackupMAC" docs/formatdomain.html.in | 74 +++ docs/news.xml | 27 + docs/schemas/domaincommon.rng | 15 + src/conf/domain_conf.c | 559 ++++++++++-------- src/conf/domain_conf.h | 57 +- src/libxl/libxl_driver.c | 2 +- src/qemu/qemu_capabilities.c | 2 + src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_command.c | 5 + src/qemu/qemu_domain.c | 21 +- src/qemu/qemu_hostdev.c | 5 +- src/qemu/qemu_hostdev.h | 1 + src/qemu/qemu_hotplug.c | 2 +- src/qemu/qemu_migration.c | 49 +- src/qemu/qemu_monitor.c | 1 + src/qemu/qemu_monitor.h | 1 + src/qemu/qemu_monitor_json.c | 1 + src/util/virhostdev.c | 47 +- src/util/virhostdev.h | 1 + .../caps_4.2.0.aarch64.xml | 1 + .../caps_4.2.0.x86_64.xml | 1 + .../net-virtio-failover-network.xml | 37 ++ .../qemuxml2argvdata/net-virtio-failover.args | 40 ++ .../qemuxml2argvdata/net-virtio-failover.xml | 50 ++ tests/qemuxml2argvtest.c | 4 + .../net-virtio-failover-network.xml | 51 ++ .../net-virtio-failover.xml | 66 +++ tests/qemuxml2xmltest.c | 6 + tests/virhostdevtest.c | 18 +- 29 files changed, 856 insertions(+), 289 deletions(-) create mode 100644 tests/qemuxml2argvdata/net-virtio-failover-network.xml create mode 100644 tests/qemuxml2argvdata/net-virtio-failover.args create mode 100644 tests/qemuxml2argvdata/net-virtio-failover.xml create mode 100644 tests/qemuxml2xmloutdata/net-virtio-failover-network.xml create mode 100644 tests/qemuxml2xmloutdata/net-virtio-failover.xml -- 2.24.1

3 24

[libvirt PATCH] conf: use correct free function for virDomainVsockDef
by Ján Tomko 05 Feb '20

05 Feb '20

Technically, there is no memleak here, since the only allocations are filled by virDomainDeviceInfoParseXML, which cleans up after itself. Signed-off-by: Ján Tomko <jtomko(a)redhat.com> --- src/conf/domain_conf.c | 2 +- src/conf/domain_conf.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index c3214dc4f3..c7cc830c1d 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -16458,7 +16458,7 @@ virDomainVsockDefParseXML(virDomainXMLOptionPtr xmlopt, xmlNodePtr cid; int val; g_autofree char *tmp = NULL; - g_autofree virDomainVsockDefPtr vsock = NULL; + g_autoptr(virDomainVsockDef) vsock = NULL; ctxt->node = node; diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index c3acb29e6f..2bd80c2fbf 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -2891,6 +2891,7 @@ void virDomainFSDefFree(virDomainFSDefPtr def); void virDomainActualNetDefFree(virDomainActualNetDefPtr def); virDomainVsockDefPtr virDomainVsockDefNew(virDomainXMLOptionPtr xmlopt); void virDomainVsockDefFree(virDomainVsockDefPtr vsock); +G_DEFINE_AUTOPTR_CLEANUP_FUNC(virDomainVsockDef, virDomainVsockDefFree); void virDomainNetDefClear(virDomainNetDefPtr def); void virDomainNetDefFree(virDomainNetDefPtr def); void virDomainSmartcardDefFree(virDomainSmartcardDefPtr def); -- 2.21.0

2 1

[libvirt] [PATCH] conf: use virDomainDeviceDefFree free dev
by Xu Yandong 05 Feb '20

05 Feb '20

In function virDomainDeviceDefParse, we shoud use virDomainDeviceDefFree free data structure avoid potential memory leak. Signed-off-by: Xu Yandong <xuyandong2(a)huawei.com> --- src/conf/domain_conf.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 848c831330..8fb9480827 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -16504,7 +16504,8 @@ virDomainDeviceDefParse(const char *xmlStr, return dev; error: - VIR_FREE(dev); + virDomainDeviceDefFree(dev); + dev = NULL; goto cleanup; } -- 2.18.1

4 4

[libvirt PATCH] conf: use correct free function for virDomainDeviceDef
by Ján Tomko 05 Feb '20

05 Feb '20

Simple g_autofree is not enough if we put allocated data into the device structure. Define the AUTOPTR_CLEANUP function and use it here. Signed-off-by: Ján Tomko <jtomko(a)redhat.com> Reported-by: Xu Yandong <xuyandong2(a)huawei.com> --- src/conf/domain_conf.c | 2 +- src/conf/domain_conf.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index c95bd34fb5..c3214dc4f3 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -16516,7 +16516,7 @@ virDomainDeviceDefParse(const char *xmlStr, g_autoptr(xmlDoc) xml = NULL; xmlNodePtr node; g_autoptr(xmlXPathContext) ctxt = NULL; - g_autofree virDomainDeviceDefPtr dev = NULL; + g_autoptr(virDomainDeviceDef) dev = NULL; if (!(xml = virXMLParseStringCtxt(xmlStr, _("(device_definition)"), &ctxt))) return NULL; diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index e144f3aad3..c3acb29e6f 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -2916,6 +2916,7 @@ void virDomainRedirdevDefFree(virDomainRedirdevDefPtr def); void virDomainRedirFilterDefFree(virDomainRedirFilterDefPtr def); void virDomainShmemDefFree(virDomainShmemDefPtr def); void virDomainDeviceDefFree(virDomainDeviceDefPtr def); +G_DEFINE_AUTOPTR_CLEANUP_FUNC(virDomainDeviceDef, virDomainDeviceDefFree); virDomainDeviceDefPtr virDomainDeviceDefCopy(virDomainDeviceDefPtr src, const virDomainDef *def, virDomainXMLOptionPtr xmlopt, -- 2.21.0

2 1

[PATCH] docs: domaincaps: Mention VIR_DOMAIN_UNDEFINE_CHECKPOINTS_METADATA
by Peter Krempa 04 Feb '20

04 Feb '20

The flag for the virDomainUndefine API is supported even if we report that <backup supported='no'/>. Mention it in the docs. Signed-off-by: Peter Krempa <pkrempa(a)redhat.com> --- docs/formatdomaincaps.html.in | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/formatdomaincaps.html.in b/docs/formatdomaincaps.html.in index aa4dece220..66e758501b 100644 --- a/docs/formatdomaincaps.html.in +++ b/docs/formatdomaincaps.html.in @@ -566,7 +566,10 @@ <p>Reports whether the hypervisor supports the backup, checkpoint, and related features. (<code>virDomainBackupBegin</code>, - <code>virDomainCheckpointCreateXML</code> etc). + <code>virDomainCheckpointCreateXML</code> etc). The presence of the + <code>backup</code> element even if <code>supported='no'</code> implies that + the <code>VIR_DOMAIN_UNDEFINE_CHECKPOINTS_METADATA</code> flag for + <code>virDomainUndefine</code> is supported. </p> <h4><a id="elementsSEV">SEV capabilities</a></h4> -- 2.24.1

2 2

[PATCH v3 0/3] Couple of apparmor fixes
by Michal Privoznik 04 Feb '20

04 Feb '20

v3 of: https://www.redhat.com/archives/libvir-list/2020-January/msg01321.html diff to v2: - Instead of hard coding libexec path, generate it according to configure arguments *** BLURB HERE *** Michal Prívozník (3): apparmor: Reflect paths from configure in profiles apparmor: Allow libvirt to spawn virt-aa-helper and libvirt_lxc docs: Fix virt-aa-helper location docs/drvqemu.html.in | 3 +- src/security/Makefile.inc.am | 29 +++++++++++++++---- ...lper => usr.lib.libvirt.virt-aa-helper.in} | 10 +++---- ...usr.sbin.libvirtd => usr.sbin.libvirtd.in} | 14 +++++---- 4 files changed, 39 insertions(+), 17 deletions(-) rename src/security/apparmor/{usr.lib.libvirt.virt-aa-helper => usr.lib.libvirt.virt-aa-helper.in} (85%) rename src/security/apparmor/{usr.sbin.libvirtd => usr.sbin.libvirtd.in} (93%) -- 2.24.1

3 10

[PATCH] qemu: support Panic Crashloaded event handling
by zhenwei pi 04 Feb '20

04 Feb '20

Pvpanic device supports bit 1 as crashloaded event, it means that guest actually panicked and run kexec to handle error by guest side. Handle crashloaded as a lifecyle event in libvirt. Test case: Guest side: before testing, we need make sure kdump is enabled, 1, build new pvpanic driver (with commit from upstream e0b9a42735f2672ca2764cfbea6e55a81098d5ba 191941692a3d1b6a9614502b279be062926b70f5) 2, insmod new kmod 3, enable crash_kexec_post_notifiers, # echo 1 > /sys/module/kernel/parameters/crash_kexec_post_notifiers 4, trigger kernel panic # echo 1 > /proc/sys/kernel/sysrq # echo c > /proc/sysrq-trigger Host side: 1, build new qemu with pvpanic patches (with commit from upstream 600d7b47e8f5085919fd1d1157f25950ea8dbc11 7dc58deea79a343ac3adc5cadb97215086054c86) 2, build libvirt with this patch 3, handle lifecycle event and trigger guest side panic # virsh event stretch --event lifecycle event 'lifecycle' for domain stretch: Crashed Crashloaded events received: 1 Signed-off-by: zhenwei pi <pizhenwei(a)bytedance.com> --- examples/c/misc/event-test.c | 3 +++ include/libvirt/libvirt-domain.h | 1 + src/qemu/qemu_domain.c | 1 + src/qemu/qemu_domain.h | 1 + src/qemu/qemu_driver.c | 17 +++++++++++++++++ src/qemu/qemu_monitor.c | 10 ++++++++++ src/qemu/qemu_monitor.h | 7 +++++++ src/qemu/qemu_monitor_json.c | 12 ++++++++++++ src/qemu/qemu_process.c | 30 ++++++++++++++++++++++++++++++ tools/virsh-domain.c | 3 ++- 10 files changed, 84 insertions(+), 1 deletion(-) diff --git a/examples/c/misc/event-test.c b/examples/c/misc/event-test.c index 7e48cecc92..52caa8ffa8 100644 --- a/examples/c/misc/event-test.c +++ b/examples/c/misc/event-test.c @@ -273,6 +273,9 @@ eventDetailToString(int event, case VIR_DOMAIN_EVENT_CRASHED_PANICKED: return "Panicked"; + case VIR_DOMAIN_EVENT_CRASHED_CRASHLOADED: + return "Crashloaded"; + case VIR_DOMAIN_EVENT_CRASHED_LAST: break; } diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-domain.h index 5846e93d98..b440818ec2 100644 --- a/include/libvirt/libvirt-domain.h +++ b/include/libvirt/libvirt-domain.h @@ -3175,6 +3175,7 @@ typedef enum { */ typedef enum { VIR_DOMAIN_EVENT_CRASHED_PANICKED = 0, /* Guest was panicked */ + VIR_DOMAIN_EVENT_CRASHED_CRASHLOADED = 1, /* Guest was crashloaded */ # ifdef VIR_ENUM_SENTINELS VIR_DOMAIN_EVENT_CRASHED_LAST diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index cb691ca048..4933584cf2 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -16348,6 +16348,7 @@ qemuProcessEventFree(struct qemuProcessEvent *event) case QEMU_PROCESS_EVENT_SERIAL_CHANGED: case QEMU_PROCESS_EVENT_BLOCK_JOB: case QEMU_PROCESS_EVENT_MONITOR_EOF: + case QEMU_PROCESS_EVENT_GUEST_CRASHLOADED: VIR_FREE(event->data); break; case QEMU_PROCESS_EVENT_JOB_STATUS_CHANGE: diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index c581b3a162..f8fb48f2ff 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -583,6 +583,7 @@ typedef enum { QEMU_PROCESS_EVENT_MONITOR_EOF, QEMU_PROCESS_EVENT_PR_DISCONNECT, QEMU_PROCESS_EVENT_RDMA_GID_STATUS_CHANGED, + QEMU_PROCESS_EVENT_GUEST_CRASHLOADED, QEMU_PROCESS_EVENT_LAST } qemuProcessEventType; diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 8bb845298b..def6631fed 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -4877,6 +4877,20 @@ processRdmaGidStatusChangedEvent(virDomainObjPtr vm, } +static void +processGuestCrashloadedEvent(virQEMUDriverPtr driver, + virDomainObjPtr vm) +{ + virObjectEventPtr event = NULL; + + event = virDomainEventLifecycleNewFromObj(vm, + VIR_DOMAIN_EVENT_CRASHED, + VIR_DOMAIN_EVENT_CRASHED_CRASHLOADED); + + virObjectEventStateQueue(driver->domainEventState, event); +} + + static void qemuProcessEventHandler(void *data, void *opaque) { struct qemuProcessEvent *processEvent = data; @@ -4923,6 +4937,9 @@ static void qemuProcessEventHandler(void *data, void *opaque) case QEMU_PROCESS_EVENT_RDMA_GID_STATUS_CHANGED: processRdmaGidStatusChangedEvent(vm, processEvent->data); break; + case QEMU_PROCESS_EVENT_GUEST_CRASHLOADED: + processGuestCrashloadedEvent(driver, vm); + break; case QEMU_PROCESS_EVENT_LAST: break; } diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index ceedcd527a..ba70d01d47 100644 --- a/src/qemu/qemu_monitor.c +++ b/src/qemu/qemu_monitor.c @@ -1591,6 +1591,16 @@ qemuMonitorEmitRdmaGidStatusChanged(qemuMonitorPtr mon, int +qemuMonitorEmitGuestCrashloaded(qemuMonitorPtr mon) +{ + int ret = -1; + VIR_DEBUG("mon=%p", mon); + QEMU_MONITOR_CALLBACK(mon, ret, domainGuestCrashloaded, mon->vm); + return ret; +} + + +int qemuMonitorSetCapabilities(qemuMonitorPtr mon) { QEMU_CHECK_MONITOR(mon); diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h index cca2cdcb27..89197cfe0d 100644 --- a/src/qemu/qemu_monitor.h +++ b/src/qemu/qemu_monitor.h @@ -345,6 +345,10 @@ typedef int (*qemuMonitorDomainRdmaGidStatusChangedCallback)(qemuMonitorPtr mon, unsigned long long interface_id, void *opaque); +typedef int (*qemuMonitorDomainGuestCrashloadedCallback)(qemuMonitorPtr mon, + virDomainObjPtr vm, + void *opaque); + typedef struct _qemuMonitorCallbacks qemuMonitorCallbacks; typedef qemuMonitorCallbacks *qemuMonitorCallbacksPtr; struct _qemuMonitorCallbacks { @@ -380,6 +384,7 @@ struct _qemuMonitorCallbacks { qemuMonitorDomainDumpCompletedCallback domainDumpCompleted; qemuMonitorDomainPRManagerStatusChangedCallback domainPRManagerStatusChanged; qemuMonitorDomainRdmaGidStatusChangedCallback domainRdmaGidStatusChanged; + qemuMonitorDomainGuestCrashloadedCallback domainGuestCrashloaded; }; qemuMonitorPtr qemuMonitorOpen(virDomainObjPtr vm, @@ -512,6 +517,8 @@ int qemuMonitorEmitRdmaGidStatusChanged(qemuMonitorPtr mon, unsigned long long subnet_prefix, unsigned long long interface_id); +int qemuMonitorEmitGuestCrashloaded(qemuMonitorPtr mon); + int qemuMonitorStartCPUs(qemuMonitorPtr mon); int qemuMonitorStopCPUs(qemuMonitorPtr mon); diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index 981d091ba0..385f6c4738 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -99,6 +99,7 @@ static void qemuMonitorJSONHandleBlockJobReady(qemuMonitorPtr mon, virJSONValueP static void qemuMonitorJSONHandleJobStatusChange(qemuMonitorPtr mon, virJSONValuePtr data); static void qemuMonitorJSONHandleBalloonChange(qemuMonitorPtr mon, virJSONValuePtr data); static void qemuMonitorJSONHandlePMSuspendDisk(qemuMonitorPtr mon, virJSONValuePtr data); +static void qemuMonitorJSONHandleGuestCrashloaded(qemuMonitorPtr mon, virJSONValuePtr data); static void qemuMonitorJSONHandleGuestPanic(qemuMonitorPtr mon, virJSONValuePtr data); static void qemuMonitorJSONHandleDeviceDeleted(qemuMonitorPtr mon, virJSONValuePtr data); static void qemuMonitorJSONHandleNicRxFilterChanged(qemuMonitorPtr mon, virJSONValuePtr data); @@ -128,6 +129,7 @@ static qemuEventHandler eventHandlers[] = { { "DEVICE_DELETED", qemuMonitorJSONHandleDeviceDeleted, }, { "DEVICE_TRAY_MOVED", qemuMonitorJSONHandleTrayChange, }, { "DUMP_COMPLETED", qemuMonitorJSONHandleDumpCompleted, }, + { "GUEST_CRASHLOADED", qemuMonitorJSONHandleGuestCrashloaded, }, { "GUEST_PANICKED", qemuMonitorJSONHandleGuestPanic, }, { "JOB_STATUS_CHANGE", qemuMonitorJSONHandleJobStatusChange, }, { "MIGRATION", qemuMonitorJSONHandleMigrationStatus, }, @@ -1543,6 +1545,16 @@ static void qemuMonitorJSONHandleRdmaGidStatusChanged(qemuMonitorPtr mon, } +static void +qemuMonitorJSONHandleGuestCrashloaded(qemuMonitorPtr mon, + virJSONValuePtr data) +{ + VIR_DEBUG("qemuMonitorJSONHandleGuestCrashloaded event, mon %p, data %p", mon, data); + + qemuMonitorEmitGuestCrashloaded(mon); +} + + int qemuMonitorJSONHumanCommand(qemuMonitorPtr mon, const char *cmd_str, diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index ddcc763cfd..458db2c09f 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -1848,6 +1848,35 @@ qemuProcessHandleRdmaGidStatusChanged(qemuMonitorPtr mon G_GNUC_UNUSED, } +static int +qemuProcessHandleGuestCrashloaded(qemuMonitorPtr mon G_GNUC_UNUSED, + virDomainObjPtr vm, + void *opaque) +{ + virQEMUDriverPtr driver = opaque; + struct qemuProcessEvent *processEvent; + + virObjectLock(vm); + if (VIR_ALLOC(processEvent) < 0) + goto cleanup; + + processEvent->eventType = QEMU_PROCESS_EVENT_GUEST_CRASHLOADED; + processEvent->vm = virObjectRef(vm); + + if (virThreadPoolSendJob(driver->workerPool, 0, processEvent) < 0) { + if (!virObjectUnref(vm)) + vm = NULL; + qemuProcessEventFree(processEvent); + } + + cleanup: + if (vm) + virObjectUnlock(vm); + + return 0; +} + + static qemuMonitorCallbacks monitorCallbacks = { .eofNotify = qemuProcessHandleMonitorEOF, .errorNotify = qemuProcessHandleMonitorError, @@ -1879,6 +1908,7 @@ static qemuMonitorCallbacks monitorCallbacks = { .domainDumpCompleted = qemuProcessHandleDumpCompleted, .domainPRManagerStatusChanged = qemuProcessHandlePRManagerStatusChanged, .domainRdmaGidStatusChanged = qemuProcessHandleRdmaGidStatusChanged, + .domainGuestCrashloaded = qemuProcessHandleGuestCrashloaded, }; static void diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c index 32b2792694..f20150a258 100644 --- a/tools/virsh-domain.c +++ b/tools/virsh-domain.c @@ -12910,7 +12910,8 @@ VIR_ENUM_IMPL(virshDomainEventPMSuspended, VIR_ENUM_DECL(virshDomainEventCrashed); VIR_ENUM_IMPL(virshDomainEventCrashed, VIR_DOMAIN_EVENT_CRASHED_LAST, - N_("Panicked")); + N_("Panicked"), + N_("Crashloaded")); static const char * virshDomainEventDetailToString(int event, int detail) -- 2.11.0

1 0

[libvirt PATCH 0/4] qemu: tpm: use g_auto
by Ján Tomko 03 Feb '20

03 Feb '20

Ján Tomko (4): qemu: tpm: remove unused pidfile variable qemu: tpm: use g_autofree qemu: tpm: use g_autoptr where applicable qemu: tpm: remove unused labels src/qemu/qemu_tpm.c | 130 +++++++++++++++----------------------------- 1 file changed, 44 insertions(+), 86 deletions(-) -- 2.19.2

2 6

GSOC 2020
by Satyam Saxena 03 Feb '20

03 Feb '20

Hello everyone, I am a GSOC aspirant and looking forward to contribute to Libvirt. I am interested in *Redfish API Implementation*. I am looking for some guidelines to start contributing to the organization. How can i get started? Regards, Satyam

2 1

[PATCH 0/5] Add support for SPAPR vTPM for pSeries VM
by Stefan Berger 03 Feb '20

03 Feb '20

QEMU 5.0 will have SPAPR vTPM support. This series of patches adds support for the XML and command line creation of the SPAPR vTPM for pSeries VMs along with test cases. Regards, Stefan Stefan Berger (5): conf: Add support for tpm-spapr to domain XML qemu: Extend QEMU capabilities with 'tpm-spapr' qemu: Extend QEMU with tpm-spapr support tests: Extend ppc64 capabilities data with TPM related XML and responses tests: Add test for domain XML with tpm-spapr TPM device model docs/formatdomain.html.in | 4 +- docs/schemas/domaincommon.rng | 4 + src/conf/domain_conf.c | 24 +- src/conf/domain_conf.h | 1 + src/qemu/qemu_capabilities.c | 6 + src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_command.c | 15 +- src/qemu/qemu_domain.c | 8 +- src/qemu/qemu_domain_address.c | 10 + tests/domaincapsdata/qemu_5.0.0.ppc64.xml | 115 + .../caps_5.0.0.ppc64.replies | 24695 ++++++++++++++++ .../qemucapabilitiesdata/caps_5.0.0.ppc64.xml | 1128 + .../tpm-emulator-spapr.ppc64-latest.args | 45 + tests/qemuxml2argvdata/tpm-emulator-spapr.xml | 60 + tests/qemuxml2argvtest.c | 4 + 15 files changed, 26105 insertions(+), 15 deletions(-) create mode 100644 tests/domaincapsdata/qemu_5.0.0.ppc64.xml create mode 100644 tests/qemucapabilitiesdata/caps_5.0.0.ppc64.replies create mode 100644 tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml create mode 100644 tests/qemuxml2argvdata/tpm-emulator-spapr.ppc64-latest.args create mode 100644 tests/qemuxml2argvdata/tpm-emulator-spapr.xml -- 2.17.1

3 8

[PATCH] lib: Prohibit parallel connections with tunneled migration
by Jim Fehlig 03 Feb '20

03 Feb '20

As discussed on the developer list, parallel migration connections are not compatible with tunneled migration https://www.redhat.com/archives/libvir-list/2020-January/msg00463.html Prohibit the concurrent use of parallel and tunneled migration options. Signed-off-by: Jim Fehlig <jfehlig(a)suse.com> --- I added the check to all migration entry points except virDomainMigrate3, where the p2p and tunneled options are already prohibitied. src/libvirt-domain.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c index 4074397b30..b910ba6b4d 100644 --- a/src/libvirt-domain.c +++ b/src/libvirt-domain.c @@ -3546,6 +3546,10 @@ virDomainMigrate(virDomainPtr domain, VIR_MIGRATE_NON_SHARED_INC, error); + VIR_EXCLUSIVE_FLAGS_GOTO(VIR_MIGRATE_TUNNELLED, + VIR_MIGRATE_PARALLEL, + error); + if (flags & VIR_MIGRATE_OFFLINE) { if (!VIR_DRV_SUPPORTS_FEATURE(domain->conn->driver, domain->conn, VIR_DRV_FEATURE_MIGRATION_OFFLINE)) { @@ -3701,6 +3705,10 @@ virDomainMigrate2(virDomainPtr domain, VIR_MIGRATE_NON_SHARED_INC, error); + VIR_EXCLUSIVE_FLAGS_GOTO(VIR_MIGRATE_TUNNELLED, + VIR_MIGRATE_PARALLEL, + error); + if (flags & VIR_MIGRATE_OFFLINE) { if (!VIR_DRV_SUPPORTS_FEATURE(domain->conn->driver, domain->conn, VIR_DRV_FEATURE_MIGRATION_OFFLINE)) { @@ -4087,6 +4095,10 @@ virDomainMigrateToURI(virDomainPtr domain, virCheckReadOnlyGoto(domain->conn->flags, error); virCheckNonNullArgGoto(duri, error); + VIR_EXCLUSIVE_FLAGS_GOTO(VIR_MIGRATE_TUNNELLED, + VIR_MIGRATE_PARALLEL, + error); + if (virDomainMigrateUnmanagedCheckCompat(domain, flags) < 0) goto error; @@ -4159,6 +4171,10 @@ virDomainMigrateToURI2(virDomainPtr domain, virCheckDomainReturn(domain, -1); virCheckReadOnlyGoto(domain->conn->flags, error); + VIR_EXCLUSIVE_FLAGS_GOTO(VIR_MIGRATE_TUNNELLED, + VIR_MIGRATE_PARALLEL, + error); + if (virDomainMigrateUnmanagedCheckCompat(domain, flags) < 0) goto error; @@ -4232,6 +4248,10 @@ virDomainMigrateToURI3(virDomainPtr domain, virCheckDomainReturn(domain, -1); virCheckReadOnlyGoto(domain->conn->flags, error); + VIR_EXCLUSIVE_FLAGS_GOTO(VIR_MIGRATE_TUNNELLED, + VIR_MIGRATE_PARALLEL, + error); + if (virDomainMigrateUnmanagedCheckCompat(domain, flags) < 0) goto error; -- 2.24.1

2 2

[PATCH 00/19] qemu: backup: Add support for checkpoint deletion and block copy with checkpoints
by Peter Krempa 03 Feb '20

03 Feb '20

The first 7 patches are technically v2 of [libvirt] [RFC PATCH 00/16] qemu: checkpoint: Add support for deleting checkpoints accross snapshots https://www.redhat.com/archives/libvir-list/2020-January/msg00430.html as they were not reviewed, but the handling of block copy would conflict with them I'm reposting them with two simple bugfixes. The rest of the series implements handling of bitmaps when doing a block copy. Peter Krempa (19): tests: qemublock: Add test for checkpoint deletion bitmap merge tests: qemublock: Add few more test cases for checkpoint deletion tests: qemublock: Add synthetic snapshot+checkpoint test data qemu: checkpoint: Introduce support for deleting checkpoints accross snapshots tests: qemublock: Add checkpoint deletion test for deep backing chain tests: qemublock: Add checkpoint deletion tests for some special cases qemu: checkpoint: Track and relabel images for bitmap merging qemu: block: Extract calls of qemuBlockGetNamedNodeData into a helper function util: json: Introduce virJSONValueArrayConcat virJSONValueNewArray: Use g_new0 to allocate and remove NULL checks from callers virhash: Make sure that hash key is always copied virHashAddOrUpdateEntry: Simplify allocation of new entry qemu: blockjob: Store 'jobflags' with block job data qemu: blockjob: Store 'flags' for all the block job types qemu: block: Add validator for bitmap chains accross backing chains tests: qemublocktest: Add another synthetic test case for broken bitmaps qemu: block: Introduce function to calculate bitmap handling for block-copy tests: qemublock: Add tests for qemuBlockBitmapsHandleBlockcopy qemuDomainBlockPivot: Copy bitmaps backing checkpoints for virDomainBlockCopy src/conf/domain_addr.c | 5 +- src/libvirt_private.syms | 1 + src/locking/lock_daemon.c | 4 +- src/logging/log_handler.c | 3 +- src/network/leaseshelper.c | 6 +- src/qemu/qemu_agent.c | 6 +- src/qemu/qemu_backup.c | 11 +- src/qemu/qemu_block.c | 208 ++++- src/qemu/qemu_block.h | 16 + src/qemu/qemu_blockjob.c | 16 +- src/qemu/qemu_blockjob.h | 12 +- src/qemu/qemu_checkpoint.c | 146 +++- src/qemu/qemu_checkpoint.h | 6 +- src/qemu/qemu_domain.c | 7 + src/qemu/qemu_driver.c | 54 +- src/qemu/qemu_firmware.c | 12 +- src/qemu/qemu_migration_params.c | 3 +- src/qemu/qemu_monitor_json.c | 3 +- src/rpc/virnetserver.c | 6 +- src/rpc/virnetserverservice.c | 3 +- src/util/virhash.c | 13 +- src/util/virhash.h | 3 +- src/util/virjson.c | 44 +- src/util/virjson.h | 2 + src/util/virlockspace.c | 6 +- src/util/virmacmap.c | 8 +- tests/qemublocktest.c | 250 +++++- .../bitmap/snapshots-synthetic-broken.json | 819 +++++++++++++++++ .../bitmap/snapshots-synthetic-broken.out | 12 + .../snapshots-synthetic-checkpoint.json | 827 ++++++++++++++++++ .../bitmap/snapshots-synthetic-checkpoint.out | 13 + .../bitmapblockcopy/basic-deep-out.json | 117 +++ .../bitmapblockcopy/basic-shallow-out.json | 117 +++ .../bitmapblockcopy/snapshots-deep-out.json | 133 +++ .../snapshots-shallow-out.json | 48 + .../checkpointdelete/basic-current-out.json | 29 + .../basic-intermediate1-out.json | 22 + .../basic-intermediate2-out.json | 22 + .../basic-intermediate3-out.json | 22 + .../checkpointdelete/basic-noparent-out.json | 9 + .../snapshots-current-out.json | 29 + .../snapshots-intermediate1-out.json | 24 + .../snapshots-intermediate2-out.json | 62 ++ .../snapshots-intermediate3-out.json | 61 ++ .../snapshots-noparent-out.json | 27 + ...hots-synthetic-checkpoint-current-out.json | 29 + ...ynthetic-checkpoint-intermediate1-out.json | 31 + ...ynthetic-checkpoint-intermediate2-out.json | 34 + ...ynthetic-checkpoint-intermediate3-out.json | 61 ++ ...ots-synthetic-checkpoint-noparent-out.json | 27 + tests/qemumonitorjsontest.c | 5 +- .../qemustatusxml2xmldata/backup-pull-in.xml | 2 +- .../blockjob-blockdev-in.xml | 8 +- 53 files changed, 3293 insertions(+), 151 deletions(-) create mode 100644 tests/qemublocktestdata/bitmap/snapshots-synthetic-broken.json create mode 100644 tests/qemublocktestdata/bitmap/snapshots-synthetic-broken.out create mode 100644 tests/qemublocktestdata/bitmap/snapshots-synthetic-checkpoint.json create mode 100644 tests/qemublocktestdata/bitmap/snapshots-synthetic-checkpoint.out create mode 100644 tests/qemublocktestdata/bitmapblockcopy/basic-deep-out.json create mode 100644 tests/qemublocktestdata/bitmapblockcopy/basic-shallow-out.json create mode 100644 tests/qemublocktestdata/bitmapblockcopy/snapshots-deep-out.json create mode 100644 tests/qemublocktestdata/bitmapblockcopy/snapshots-shallow-out.json create mode 100644 tests/qemublocktestdata/checkpointdelete/basic-current-out.json create mode 100644 tests/qemublocktestdata/checkpointdelete/basic-intermediate1-out.json create mode 100644 tests/qemublocktestdata/checkpointdelete/basic-intermediate2-out.json create mode 100644 tests/qemublocktestdata/checkpointdelete/basic-intermediate3-out.json create mode 100644 tests/qemublocktestdata/checkpointdelete/basic-noparent-out.json create mode 100644 tests/qemublocktestdata/checkpointdelete/snapshots-current-out.json create mode 100644 tests/qemublocktestdata/checkpointdelete/snapshots-intermediate1-out.json create mode 100644 tests/qemublocktestdata/checkpointdelete/snapshots-intermediate2-out.json create mode 100644 tests/qemublocktestdata/checkpointdelete/snapshots-intermediate3-out.json create mode 100644 tests/qemublocktestdata/checkpointdelete/snapshots-noparent-out.json create mode 100644 tests/qemublocktestdata/checkpointdelete/snapshots-synthetic-checkpoint-current-out.json create mode 100644 tests/qemublocktestdata/checkpointdelete/snapshots-synthetic-checkpoint-intermediate1-out.json create mode 100644 tests/qemublocktestdata/checkpointdelete/snapshots-synthetic-checkpoint-intermediate2-out.json create mode 100644 tests/qemublocktestdata/checkpointdelete/snapshots-synthetic-checkpoint-intermediate3-out.json create mode 100644 tests/qemublocktestdata/checkpointdelete/snapshots-synthetic-checkpoint-noparent-out.json -- 2.24.1

2 38

[libvirt PATCH] qemu: Fix domain ID allocation
by Ján Tomko 03 Feb '20

03 Feb '20

The rewrite to use GLib's atomic ops functions changed the behavior of virAtomicIntInc - before it returned the pre-increment value. Most of the callers using its value were adjusted, but the one in qemuDriverAllocateID was not. If libvirtd would reconnect to a running domain during startup, the next started domain would get the same ID: $ virsh list Id Name State -------------------------- 1 f28live running 1 f28live1 running Use the g_atomic_add function directly (as recommended in viratomic.h) and add 1 to the result. This also restores the usual numbering from 1 instead of 0. Signed-off-by: Ján Tomko <jtomko(a)redhat.com> Fixes: 7b9645a7d127a374b8d1c83fdf9789706dbab2c9 --- src/qemu/qemu_conf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index e5051027fc..0b119cbe78 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -1858,7 +1858,7 @@ qemuSetUnprivSGIO(virDomainDeviceDefPtr dev) int qemuDriverAllocateID(virQEMUDriverPtr driver) { - return virAtomicIntInc(&driver->lastvmid); + return g_atomic_int_add(&driver->lastvmid, 1) + 1; } -- 2.21.0

4 5

[libvirt PATCH 0/5] qemu: Add support for the kvm-no-adjvtime CPU feature
by Andrea Bolognani 03 Feb '20

03 Feb '20

This ARM-specific CPU feature has been recently added to QEMU with https://lists.nongnu.org/archive/html/qemu-devel/2020-01/msg04124.html Patch 1/5 has been trimmed quite liberally: to obtain the unabridged version of this series, use $ git fetch https://gitlab.com/abologna/libvirt kvm-no-adjvtime Andrea Bolognani (5): tests: Add capabilities for QEMU 5.0.0 on aarch64 qemu: Add the QEMU_CAPS_CPU_KVM_NO_ADJVTIME capability cpu: Add the kvm-no-adjvtime CPU feature qemu: Validate the kvm-no-adjvtime CPU feature tests: Add tests for the kvm-no-adjvtime CPU feature src/cpu_map/arm_features.xml | 3 + src/qemu/qemu_capabilities.c | 2 + src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_domain.c | 14 +- .../qemu_5.0.0-virt.aarch64.xml | 156 + tests/domaincapsdata/qemu_5.0.0.aarch64.xml | 150 + .../caps_5.0.0.aarch64.replies | 22717 ++++++++++++++++ .../caps_5.0.0.aarch64.xml | 457 + .../aarch64-features-misc.aarch64-latest.args | 32 + .../aarch64-features-misc.xml | 17 + tests/qemuxml2argvtest.c | 2 + 11 files changed, 23549 insertions(+), 2 deletions(-) create mode 100644 tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml create mode 100644 tests/domaincapsdata/qemu_5.0.0.aarch64.xml create mode 100644 tests/qemucapabilitiesdata/caps_5.0.0.aarch64.replies create mode 100644 tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml create mode 100644 tests/qemuxml2argvdata/aarch64-features-misc.aarch64-latest.args create mode 100644 tests/qemuxml2argvdata/aarch64-features-misc.xml -- 2.24.1

2 11

[libvirt PATCH 0/3] Clean up usage of virBufferTrim
by Ján Tomko 03 Feb '20

03 Feb '20

Before it was possible to supply a matching suffix, a length of chars to trim, or both. However the combination of the two was only used in tests. Split the function into two. Ján Tomko (3): util: introduce virBufferTrimLen Use virBufferTrimLen when applicable virBufferTrim: do not accept len src/conf/domain_addr.c | 2 +- src/conf/domain_conf.c | 6 ++--- src/cpu/cpu_x86.c | 6 ++--- src/libvirt_private.syms | 1 + src/lxc/lxc_container.c | 2 +- src/qemu/qemu_command.c | 8 +++---- src/rpc/virnetsshsession.c | 2 +- src/storage/storage_util.c | 4 ++-- src/util/virbuffer.c | 47 +++++++++++++++++++++---------------- src/util/virbuffer.h | 3 ++- src/util/virqemu.c | 2 +- src/util/virresctrl.c | 4 ++-- tests/qemublocktest.c | 2 +- tests/qemumonitorjsontest.c | 4 ++-- tests/virbuftest.c | 19 +++++++-------- tools/virsh-domain.c | 8 +++---- tools/vsh.c | 6 ++--- 17 files changed, 67 insertions(+), 59 deletions(-) -- 2.19.2

2 4

[PATCH 0/7] Drop virAtomic module
by Michal Privoznik 02 Feb '20

02 Feb '20

Inspired by: https://www.redhat.com/archives/libvir-list/2020-January/msg01446.html Instead of using: #define virAtomicIntXXX g_atomic_int_XXX let's use the GLib directly and drop needless defines. Michal Prívozník (7): test_driver: Replace virAtomicIntAdd() with virAtomicIntInc() tests: Drop viratomictest src: Replace virAtomicIntGet() with g_atomic_int_get() src: Replace virAtomicIntSet() with g_atomic_int_set() src: Replace virAtomicIntInc() with g_atomic_int_add() src: Drop virAtomicIntDecAndTest() with g_atomic_int_dec_and_test() Drop virAtomic module configure.ac | 1 - m4/virt-atomic.m4 | 77 ------------- src/Makefile.am | 6 - src/libvirt_atomic.syms | 11 -- src/libxl/libxl_domain.c | 5 +- src/libxl/libxl_driver.c | 3 +- src/lxc/lxc_process.c | 7 +- src/nwfilter/nwfilter_dhcpsnoop.c | 33 +++--- src/qemu/qemu_conf.c | 1 - src/qemu/qemu_domain.c | 1 - src/qemu/qemu_process.c | 7 +- src/test/test_driver.c | 7 +- src/util/Makefile.inc.am | 2 - src/util/viratomic.c | 35 ------ src/util/viratomic.h | 130 ---------------------- src/util/virobject.c | 9 +- src/util/virprocess.c | 3 +- src/util/virsystemd.c | 17 ++- tests/Makefile.am | 5 - tests/viratomictest.c | 175 ------------------------------ 20 files changed, 41 insertions(+), 494 deletions(-) delete mode 100644 m4/virt-atomic.m4 delete mode 100644 src/libvirt_atomic.syms delete mode 100644 src/util/viratomic.c delete mode 100644 src/util/viratomic.h delete mode 100644 tests/viratomictest.c -- 2.24.1

2 14

HTTPS misconfiguration of libvirt.org
by Michal Prívozník 02 Feb '20

02 Feb '20

Dan, navigating my browser to http://xmlsoft.org gets me libxml homepage. But replacing HTTP with HTTPS (and cancelling a secalert) gets me libvirt.org homepage. Probably worth fixing since a lot of browsers default to HTTPS nowadays. Michal

1 0