[PATCH v1 00/12] Bhyve driver improvements
by Ryan Moeller
Rebased and updated from previous patch set to address feedback:
* Tried to match local convention for subjects where obvious
* Split patch 01 into two patches, with updated messages
* Use g_autofree to fix use after free in conf/virnetworkobj
* Add missing newline in one of the tests args files
* Fix failing schema tests after schema change
gmake check now reports no failing tests on FreeBSD for each patch.
Ryan Moeller (12):
bhyve: process: remove unneeded header
conf: fix use after free
bhyve: process: don't bother seeking to end of log
bhyve: monitor: Make bhyveMonitor a virClass
bhyve: monitor: refactor register/unregister
bhyve: add hooks
bhyve: add reboot support
bhyve: command: refactor virBhyveProcessBuildBhyveCmd
bhyve: parse_command: slot,bus,func -> bus,slot,func
add hostdev handling for bhyve
bhyve: command: enable booting from hostdevs
Allow PCI functions up to 255 for PCI ARI
docs/schemas/basictypes.rng | 10 +-
docs/schemas/domaincommon.rng | 30 +++
src/bhyve/bhyve_capabilities.c | 14 +
src/bhyve/bhyve_capabilities.h | 1 +
src/bhyve/bhyve_command.c | 241 ++++++++++++++----
src/bhyve/bhyve_driver.c | 30 +++
src/bhyve/bhyve_monitor.c | 157 ++++++++----
src/bhyve/bhyve_monitor.h | 2 +
src/bhyve/bhyve_parse_command.c | 124 +++++++--
src/bhyve/bhyve_process.c | 83 ++++--
src/bhyve/bhyve_process.h | 3 +
src/conf/domain_audit.c | 5 +
src/conf/domain_conf.c | 131 ++++++++++
src/conf/domain_conf.h | 29 ++-
src/conf/virconftypes.h | 3 +
src/conf/virnetworkobj.c | 5 +-
src/qemu/qemu_command.c | 2 +
src/qemu/qemu_domain.c | 5 +
src/qemu/qemu_hostdev.c | 1 +
src/qemu/qemu_hotplug.c | 2 +
src/qemu/qemu_migration.c | 1 +
src/security/security_apparmor.c | 1 +
src/security/security_dac.c | 28 ++
src/security/security_selinux.c | 8 +
src/util/virhook.c | 15 ++
src/util/virhook.h | 11 +
src/util/virpci.c | 4 +-
.../bhyveargv2xml-passthru.args | 8 +
.../bhyveargv2xml-passthru.xml | 26 ++
.../bhyveargv2xml-virtio-scsi.args | 9 +
.../bhyveargv2xml-virtio-scsi.xml | 20 ++
tests/bhyveargv2xmltest.c | 2 +
.../bhyvexml2argv-passthru.args | 11 +
.../bhyvexml2argv-passthru.ldargs | 1 +
.../bhyvexml2argv-passthru.xml | 22 ++
.../bhyvexml2argv-virtio-scsi.args | 9 +
.../bhyvexml2argv-virtio-scsi.ldargs | 1 +
.../bhyvexml2argv-virtio-scsi.xml | 21 ++
tests/bhyvexml2argvtest.c | 4 +-
.../bhyvexml2xmlout-passthru.xml | 29 +++
.../bhyvexml2xmlout-virtio-scsi.xml | 23 ++
tests/bhyvexml2xmltest.c | 2 +
.../qemuxml2argvdata/pci-function-invalid.xml | 2 +-
43 files changed, 983 insertions(+), 153 deletions(-)
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-passthru.args
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-passthru.xml
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-virtio-scsi.args
create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-virtio-scsi.xml
create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-passthru.args
create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-passthru.ldargs
create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-passthru.xml
create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-virtio-scsi.args
create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-virtio-scsi.ldargs
create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-virtio-scsi.xml
create mode 100644 tests/bhyvexml2xmloutdata/bhyvexml2xmlout-passthru.xml
create mode 100644 tests/bhyvexml2xmloutdata/bhyvexml2xmlout-virtio-scsi.xml
--
2.24.1
4 years, 3 months
network: bridge_driver: Use new helpers for storing libvirt errors
by Gaurav Agrawal
>From c2028d3b27e20eb0d15a553139d2c987325d977e Mon Sep 17 00:00:00 2001
From: Gaurav Agrawal <agrawalgaurav(a)gnome.org>
Date: Mon, 24 Feb 2020 22:49:21 +0530
Subject: [PATCH] network: bridge_driver: Use new helpers for storing libvirt
errors
Signed-off-by: Gaurav Agrawal <agrawalgaurav(a)gnome.org>
---
src/network/bridge_driver_linux.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/network/bridge_driver_linux.c
b/src/network/bridge_driver_linux.c
index 7bbde5c6a9..fde33b5d38 100644
--- a/src/network/bridge_driver_linux.c
+++ b/src/network/bridge_driver_linux.c
@@ -22,6 +22,7 @@
#include <config.h>
#include "viralloc.h"
+#include "virerror.h"
#include "virfile.h"
#include "viriptables.h"
#include "virstring.h"
@@ -53,7 +54,7 @@ static void networkSetupPrivateChains(void)
if (rc < 0) {
VIR_DEBUG("Failed to create global IPv4 chains: %s",
virGetLastErrorMessage());
- errInitV4 = virSaveLastError();
+ virErrorPreserveLast(&errInitV4);
virResetLastError();
} else {
virFreeError(errInitV4);
@@ -70,7 +71,7 @@ static void networkSetupPrivateChains(void)
if (rc < 0) {
VIR_DEBUG("Failed to create global IPv6 chains: %s",
virGetLastErrorMessage());
- errInitV6 = virSaveLastError();
+ virErrorPreserveLast(&errInitV6);
virResetLastError();
} else {
virFreeError(errInitV6);
--
2.24.1
4 years, 3 months
[libvirt PATCH 0/3] Remove usage of virHexToBin (glib chronicles)
by Ján Tomko
Prefer g_ascii_xdigit_value
Ján Tomko (3):
util: uuid: remove use of virHexToBin
Remove all use of virHexToBin
util: remove virHexToBin
src/libvirt_private.syms | 1 -
src/util/virbitmap.c | 3 +--
src/util/virmacaddr.c | 5 ++---
src/util/virutil.c | 15 ---------------
src/util/virutil.h | 2 --
src/util/viruuid.c | 11 +++++------
src/vmx/vmx.c | 4 ++--
7 files changed, 10 insertions(+), 31 deletions(-)
--
2.24.1
4 years, 3 months
[PATCH 0/3] Tighten qemu-img rules on missing backing format
by Eric Blake
In the past, we have had CVEs caused by qemu probing one image type
when an image started out as another but the guest was able to modify
content. The solution to those CVEs was to encode backing format
information into qcow2, to ensure that once we make a decision, we
don't have to probe any further. However, we failed to enforce this
at the time. And now that libvirt is switching to -blockdev, it has
come back to bite us: with -block, libvirt had no easy way (other than
json:{} pseudoprotocol) to force a backing file, but with -blockdev,
libvirt HAS to use blockdev-open on the backing chain and supply a
backing format there, and thus has to probe images. If libvirt ever
probes differently than qemu, we are back to the potential
guest-visible data corruption or potential host CVEs.
It's time to deprecate images without backing formats. This patch
series does two things: 1. record an implicit backing format where one
is learned (although sadly, not all qemu-img commands are able to
learn a format), 2. warn to the user any time a probe had ambiguous
results or a backing format is omitted from an image. All previous
images without a backing format are still usable, but hopefully the
warnings (along with libvirt's complaints about images without a
backing format) help us pinpoint remaining applications that are
creating images on their own without recording a backing format.
Perhaps I need to amend patch 3 and/or add a followup patch 4 that
adds further iotest coverage of all the new warnings (patch 1 touched
all the './check -qcow2' tests that were affected by the new warnings,
except for 114 which actually wanted to trigger the warning, if you
want to apply the series out of order to see the impact of the
warnings).
Eric Blake (3):
iotests: Specify explicit backing format where sensible
block: Add support to warn on backing file change without format
qemu-img: Deprecate use of -b without -F
block.c | 31 ++++++++++++++++++++---
block/qcow2.c | 2 +-
block/stream.c | 2 +-
blockdev.c | 3 ++-
include/block/block.h | 4 +--
qemu-deprecated.texi | 12 +++++++++
qemu-img.c | 10 ++++++--
tests/qemu-iotests/017 | 2 +-
tests/qemu-iotests/017.out | 2 +-
tests/qemu-iotests/018 | 2 +-
tests/qemu-iotests/018.out | 2 +-
tests/qemu-iotests/019 | 5 ++--
tests/qemu-iotests/019.out | 2 +-
tests/qemu-iotests/020 | 2 +-
tests/qemu-iotests/020.out | 2 +-
tests/qemu-iotests/024 | 8 +++---
tests/qemu-iotests/024.out | 5 ++--
tests/qemu-iotests/028 | 4 +--
tests/qemu-iotests/028.out | 2 +-
tests/qemu-iotests/030 | 26 +++++++++++++------
tests/qemu-iotests/034 | 2 +-
tests/qemu-iotests/034.out | 2 +-
tests/qemu-iotests/037 | 2 +-
tests/qemu-iotests/037.out | 2 +-
tests/qemu-iotests/038 | 2 +-
tests/qemu-iotests/038.out | 2 +-
tests/qemu-iotests/039 | 3 ++-
tests/qemu-iotests/039.out | 2 +-
tests/qemu-iotests/040 | 47 +++++++++++++++++++++++++----------
tests/qemu-iotests/041 | 37 ++++++++++++++++++---------
tests/qemu-iotests/042 | 4 +--
tests/qemu-iotests/043 | 18 +++++++-------
tests/qemu-iotests/043.out | 16 +++++++-----
tests/qemu-iotests/046 | 2 +-
tests/qemu-iotests/046.out | 2 +-
tests/qemu-iotests/050 | 4 +--
tests/qemu-iotests/050.out | 2 +-
tests/qemu-iotests/051 | 2 +-
tests/qemu-iotests/051.out | 2 +-
tests/qemu-iotests/051.pc.out | 2 +-
tests/qemu-iotests/060 | 2 +-
tests/qemu-iotests/060.out | 2 +-
tests/qemu-iotests/061 | 10 ++++----
tests/qemu-iotests/061.out | 10 ++++----
tests/qemu-iotests/069 | 2 +-
tests/qemu-iotests/069.out | 2 +-
tests/qemu-iotests/073 | 2 +-
tests/qemu-iotests/073.out | 2 +-
tests/qemu-iotests/082 | 16 +++++++-----
tests/qemu-iotests/082.out | 16 ++++++------
tests/qemu-iotests/085 | 4 +--
tests/qemu-iotests/085.out | 6 ++---
tests/qemu-iotests/089 | 2 +-
tests/qemu-iotests/089.out | 2 +-
tests/qemu-iotests/095 | 4 +--
tests/qemu-iotests/095.out | 4 +--
tests/qemu-iotests/097 | 4 +--
tests/qemu-iotests/097.out | 16 ++++++------
tests/qemu-iotests/098 | 2 +-
tests/qemu-iotests/098.out | 8 +++---
tests/qemu-iotests/110 | 4 +--
tests/qemu-iotests/110.out | 4 +--
tests/qemu-iotests/114 | 4 +--
tests/qemu-iotests/114.out | 1 +
tests/qemu-iotests/122 | 27 ++++++++++++--------
tests/qemu-iotests/122.out | 8 +++---
tests/qemu-iotests/126 | 4 +--
tests/qemu-iotests/126.out | 4 +--
tests/qemu-iotests/127 | 4 +--
tests/qemu-iotests/127.out | 4 +--
tests/qemu-iotests/129 | 3 ++-
tests/qemu-iotests/133 | 2 +-
tests/qemu-iotests/133.out | 2 +-
tests/qemu-iotests/139 | 2 +-
tests/qemu-iotests/141 | 4 +--
tests/qemu-iotests/141.out | 4 +--
tests/qemu-iotests/142 | 2 +-
tests/qemu-iotests/142.out | 2 +-
tests/qemu-iotests/153 | 14 +++++------
tests/qemu-iotests/153.out | 35 ++++++++++++++------------
tests/qemu-iotests/154 | 42 +++++++++++++++----------------
tests/qemu-iotests/154.out | 42 +++++++++++++++----------------
tests/qemu-iotests/155 | 12 ++++++---
tests/qemu-iotests/156 | 9 ++++---
tests/qemu-iotests/156.out | 6 ++---
tests/qemu-iotests/158 | 2 +-
tests/qemu-iotests/158.out | 2 +-
tests/qemu-iotests/161 | 8 +++---
tests/qemu-iotests/161.out | 8 +++---
tests/qemu-iotests/176 | 4 +--
tests/qemu-iotests/176.out | 32 ++++++++++++------------
tests/qemu-iotests/177 | 2 +-
tests/qemu-iotests/177.out | 2 +-
tests/qemu-iotests/179 | 2 +-
tests/qemu-iotests/179.out | 2 +-
tests/qemu-iotests/189 | 2 +-
tests/qemu-iotests/189.out | 2 +-
tests/qemu-iotests/191 | 12 ++++-----
tests/qemu-iotests/191.out | 12 ++++-----
tests/qemu-iotests/195 | 6 ++---
tests/qemu-iotests/195.out | 6 ++---
tests/qemu-iotests/198 | 2 +-
tests/qemu-iotests/198.out | 3 ++-
tests/qemu-iotests/204 | 2 +-
tests/qemu-iotests/204.out | 2 +-
tests/qemu-iotests/216 | 2 +-
tests/qemu-iotests/224 | 4 +--
tests/qemu-iotests/228 | 5 ++--
tests/qemu-iotests/245 | 3 ++-
tests/qemu-iotests/249 | 4 +--
tests/qemu-iotests/249.out | 4 +--
tests/qemu-iotests/252 | 2 +-
tests/qemu-iotests/257 | 3 ++-
tests/qemu-iotests/267 | 4 +--
tests/qemu-iotests/267.out | 6 ++---
tests/qemu-iotests/270 | 2 +-
tests/qemu-iotests/270.out | 2 +-
tests/qemu-iotests/273 | 4 +--
tests/qemu-iotests/273.out | 4 +--
tests/qemu-iotests/279 | 4 +--
tests/qemu-iotests/279.out | 4 +--
121 files changed, 466 insertions(+), 348 deletions(-)
--
2.24.1
4 years, 3 months
[libvirt PATCH 0/4] Do not depend on conf/ in util/
by Ján Tomko
Ján Tomko (4):
syntax-check: inclusion rule for src/hypervisor
conf: move virHostdevIs functions
virhostdev: move to src/hypervisor
virclosecallbacks: move to src/hypervisor
build-aux/syntax-check.mk | 5 +-
po/POTFILES.in | 4 +-
src/bhyve/Makefile.inc.am | 1 +
src/conf/domain_conf.c | 44 ++++++++++-
src/conf/domain_conf.h | 10 +++
src/hypervisor/Makefile.inc.am | 4 +
src/{util => hypervisor}/virclosecallbacks.c | 0
src/{util => hypervisor}/virclosecallbacks.h | 0
src/{util => hypervisor}/virhostdev.c | 43 ----------
src/{util => hypervisor}/virhostdev.h | 9 ---
src/libvirt_private.syms | 83 ++++++++++----------
src/libxl/Makefile.inc.am | 1 +
src/util/Makefile.inc.am | 4 -
tests/Makefile.am | 1 +
14 files changed, 105 insertions(+), 104 deletions(-)
rename src/{util => hypervisor}/virclosecallbacks.c (100%)
rename src/{util => hypervisor}/virclosecallbacks.h (100%)
rename src/{util => hypervisor}/virhostdev.c (98%)
rename src/{util => hypervisor}/virhostdev.h (97%)
--
2.24.1
4 years, 3 months
[libvirt PATCH] ci: Fix handling of $PKG_CONFIG_LIBDIR
by Andrea Bolognani
There are two environment variables that are baked into our
cross-compilation container images at build time, $CONFIGURE_OPTS
and $PKG_CONFIG_LIBDIR: the former contain the options necessary
to convince configure to perform a cross build rather than a
native one, and the latter is necessary so that pkg-config will
locate the .pc files for MinGW libraries. Container images that
are not intended for cross-compilation will not have either one
defined.
The problem is that, while an empty $CONFIGURE_OPTS is completely
harmless, setting $PKG_CONFIG_LIBDIR to an emtpy value will
result in pkg-config not looking in its default search path, thus
not finding any library, and subsequently breaking native builds.
To work around this issue, only pass $PKG_CONFIG_LIBDIR to sudo
when the value is set in the calling environment.
Fixes: 71517ae4db35c4dcc6c358d60d3a6d5da0615d39
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
Pushed as a CI fix.
ci/Makefile | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/ci/Makefile b/ci/Makefile
index 03799924b4..577b130d2f 100644
--- a/ci/Makefile
+++ b/ci/Makefile
@@ -216,12 +216,15 @@ ci-run-command@%: ci-prepare-tree
$(CI_ENGINE) run $(CI_ENGINE_ARGS) $(CI_IMAGE_PREFIX)$*$(CI_IMAGE_TAG) \
/bin/bash -c ' \
$(CI_USER_HOME)/prepare || exit 1; \
+ if test "$$PKG_CONFIG_LIBDIR"; then \
+ pkgconfig_env="PKG_CONFIG_LIBDIR=$$PKG_CONFIG_LIBDIR"; \
+ fi; \
sudo \
--login \
--user="#$(CI_UID)" \
--group="#$(CI_GID)" \
CONFIGURE_OPTS="$$CONFIGURE_OPTS" \
- PKG_CONFIG_LIBDIR="$$PKG_CONFIG_LIBDIR" \
+ $$pkgconfig_env \
CI_CONT_SRCDIR="$(CI_CONT_SRCDIR)" \
CI_CONT_BUILDDIR="$(CI_CONT_BUILDDIR)" \
CI_SMP="$(CI_SMP)" \
--
2.24.1
4 years, 3 months
[PATCH] apparmor: allow to call vhost-user-gpu
by Christian Ehrhardt
Configuring vhost-user-gpu like:
<video>
<driver name='vhostuser'/>
<model type='virtio' heads='1'/>
</video>
Triggers an apparmor denial like:
apparmor="DENIED" operation="exec" profile="libvirtd"
name="/usr/lib/qemu/vhost-user-gpu" pid=888257 comm="libvirtd"
requested_mask="x" denied_mask="x" fsuid=0 ouid=0
This helper is provided by qemu for vhost-user-gpu and thereby being
in the same path as qemu_bridge_helper. Due to that adding a rule allowing
to call uses the same path list.
Signed-off-by: Christian Ehrhardt <christian.ehrhardt(a)canonical.com>
---
src/security/apparmor/usr.sbin.libvirtd.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/apparmor/usr.sbin.libvirtd.in
index b384b7213b..1e137039e9 100644
--- a/src/security/apparmor/usr.sbin.libvirtd.in
+++ b/src/security/apparmor/usr.sbin.libvirtd.in
@@ -86,6 +86,7 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) {
/usr/{lib,lib64}/xen-common/bin/xen-toolstack PUx,
/usr/{lib,lib64}/xen/bin/* Ux,
/usr/lib/xen-*/bin/libxl-save-helper PUx,
+ /usr/{lib,lib64,lib/qemu,libexec}/vhost-user-gpu PUx,
# Required by nwfilter_ebiptables_driver.c:ebiptablesWriteToTempFile() to
# read and run an ebtables script.
--
2.25.0
4 years, 3 months
[libvirt PATCH] qemu: use correct backendType when checking memfd capability
by Ján Tomko
The backend name is memory-backend-memfd but we've been checking
for memory-backend-memory.
Reported by GCC on rawhide:
../../../src/internal.h:75:22: error: 'strcmp' of a string of length 21 and
an array of size 21 evaluates to nonzero [-Werror=string-compare]
../../../src/qemu/qemu_command.c:3525:20: note: in expansion of macro 'STREQ'
3525 | } else if (STREQ(backendType, "memory-backend-memory") &&
| ^~~~~
Signed-off-by: Ján Tomko <jtomko(a)redhat.com>
Fixes: 24b74d187cab48a9dc9f409ea78900154c709579
---
src/qemu/qemu_command.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index f69a9e651c..6d5b53d30a 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -3522,7 +3522,7 @@ qemuBuildMemoryBackendProps(virJSONValuePtr *backendProps,
_("this qemu doesn't support the "
"memory-backend-ram object"));
return -1;
- } else if (STREQ(backendType, "memory-backend-memory") &&
+ } else if (STREQ(backendType, "memory-backend-memfd") &&
!virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_MEMORY_MEMFD)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("this qemu doesn't support the "
--
2.24.1
4 years, 3 months
[libvirt RFC PATCH] util: vireventglibwatch: watch for G_IO_HUP and G_IO_ERR
by Ján Tomko
To more closely match the previous usage in virEventPollDispatchHandles,
where called the handle callback for any revents returned by poll.
This should fix the virtlogd error on subsequent domain startup:
error: can't connect to virtlogd: Cannot open log file:
'/var/log/libvirt/qemu/f28live.log': Device or resource busy
as well as virtlogd spinning caused by virLogHandlerDomainLogFileEvent
never being called on hangup.
Signed-off-by: Ján Tomko <jtomko(a)redhat.com>
Fixes: f8ab47cb4491dd72d866c1a96a9d94b8c3341de9
Fixes: 946a25274c46ffff46323c62f567ae7e753aa921
---
src/util/vireventglibwatch.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/util/vireventglibwatch.c b/src/util/vireventglibwatch.c
index 7694e74f23..178707f6b7 100644
--- a/src/util/vireventglibwatch.c
+++ b/src/util/vireventglibwatch.c
@@ -89,11 +89,11 @@ GSource *virEventGLibCreateSocketWatch(int fd,
sizeof(virEventGLibFDSource));
ssource = (virEventGLibFDSource *)source;
- ssource->condition = condition;
+ ssource->condition = condition | G_IO_HUP | G_IO_ERR;
ssource->fd = fd;
ssource->pollfd.fd = fd;
- ssource->pollfd.events = condition;
+ ssource->pollfd.events = condition | G_IO_HUP | G_IO_ERR;
g_source_add_poll(source, &ssource->pollfd);
--
2.24.1
4 years, 3 months