February 2020 - Devel - libvirt List Archives

[libvirt PATCH 0/8] Reduce usage of virutil.h (include epistles)
by Ján Tomko 24 Feb '20

24 Feb '20

2 9

[PATCH v1 00/12] Bhyve driver improvements
by Ryan Moeller 24 Feb '20

24 Feb '20

Rebased and updated from previous patch set to address feedback: * Tried to match local convention for subjects where obvious * Split patch 01 into two patches, with updated messages * Use g_autofree to fix use after free in conf/virnetworkobj * Add missing newline in one of the tests args files * Fix failing schema tests after schema change gmake check now reports no failing tests on FreeBSD for each patch. Ryan Moeller (12): bhyve: process: remove unneeded header conf: fix use after free bhyve: process: don't bother seeking to end of log bhyve: monitor: Make bhyveMonitor a virClass bhyve: monitor: refactor register/unregister bhyve: add hooks bhyve: add reboot support bhyve: command: refactor virBhyveProcessBuildBhyveCmd bhyve: parse_command: slot,bus,func -> bus,slot,func add hostdev handling for bhyve bhyve: command: enable booting from hostdevs Allow PCI functions up to 255 for PCI ARI docs/schemas/basictypes.rng | 10 +- docs/schemas/domaincommon.rng | 30 +++ src/bhyve/bhyve_capabilities.c | 14 + src/bhyve/bhyve_capabilities.h | 1 + src/bhyve/bhyve_command.c | 241 ++++++++++++++---- src/bhyve/bhyve_driver.c | 30 +++ src/bhyve/bhyve_monitor.c | 157 ++++++++---- src/bhyve/bhyve_monitor.h | 2 + src/bhyve/bhyve_parse_command.c | 124 +++++++-- src/bhyve/bhyve_process.c | 83 ++++-- src/bhyve/bhyve_process.h | 3 + src/conf/domain_audit.c | 5 + src/conf/domain_conf.c | 131 ++++++++++ src/conf/domain_conf.h | 29 ++- src/conf/virconftypes.h | 3 + src/conf/virnetworkobj.c | 5 +- src/qemu/qemu_command.c | 2 + src/qemu/qemu_domain.c | 5 + src/qemu/qemu_hostdev.c | 1 + src/qemu/qemu_hotplug.c | 2 + src/qemu/qemu_migration.c | 1 + src/security/security_apparmor.c | 1 + src/security/security_dac.c | 28 ++ src/security/security_selinux.c | 8 + src/util/virhook.c | 15 ++ src/util/virhook.h | 11 + src/util/virpci.c | 4 +- .../bhyveargv2xml-passthru.args | 8 + .../bhyveargv2xml-passthru.xml | 26 ++ .../bhyveargv2xml-virtio-scsi.args | 9 + .../bhyveargv2xml-virtio-scsi.xml | 20 ++ tests/bhyveargv2xmltest.c | 2 + .../bhyvexml2argv-passthru.args | 11 + .../bhyvexml2argv-passthru.ldargs | 1 + .../bhyvexml2argv-passthru.xml | 22 ++ .../bhyvexml2argv-virtio-scsi.args | 9 + .../bhyvexml2argv-virtio-scsi.ldargs | 1 + .../bhyvexml2argv-virtio-scsi.xml | 21 ++ tests/bhyvexml2argvtest.c | 4 +- .../bhyvexml2xmlout-passthru.xml | 29 +++ .../bhyvexml2xmlout-virtio-scsi.xml | 23 ++ tests/bhyvexml2xmltest.c | 2 + .../qemuxml2argvdata/pci-function-invalid.xml | 2 +- 43 files changed, 983 insertions(+), 153 deletions(-) create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-passthru.args create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-passthru.xml create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-virtio-scsi.args create mode 100644 tests/bhyveargv2xmldata/bhyveargv2xml-virtio-scsi.xml create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-passthru.args create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-passthru.ldargs create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-passthru.xml create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-virtio-scsi.args create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-virtio-scsi.ldargs create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-virtio-scsi.xml create mode 100644 tests/bhyvexml2xmloutdata/bhyvexml2xmlout-passthru.xml create mode 100644 tests/bhyvexml2xmloutdata/bhyvexml2xmlout-virtio-scsi.xml -- 2.24.1

2 27

network: bridge_driver: Use new helpers for storing libvirt errors
by Gaurav Agrawal 24 Feb '20

24 Feb '20

>From c2028d3b27e20eb0d15a553139d2c987325d977e Mon Sep 17 00:00:00 2001 From: Gaurav Agrawal <agrawalgaurav(a)gnome.org> Date: Mon, 24 Feb 2020 22:49:21 +0530 Subject: [PATCH] network: bridge_driver: Use new helpers for storing libvirt errors Signed-off-by: Gaurav Agrawal <agrawalgaurav(a)gnome.org> --- src/network/bridge_driver_linux.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_linux.c index 7bbde5c6a9..fde33b5d38 100644 --- a/src/network/bridge_driver_linux.c +++ b/src/network/bridge_driver_linux.c @@ -22,6 +22,7 @@ #include <config.h> #include "viralloc.h" +#include "virerror.h" #include "virfile.h" #include "viriptables.h" #include "virstring.h" @@ -53,7 +54,7 @@ static void networkSetupPrivateChains(void) if (rc < 0) { VIR_DEBUG("Failed to create global IPv4 chains: %s", virGetLastErrorMessage()); - errInitV4 = virSaveLastError(); + virErrorPreserveLast(&errInitV4); virResetLastError(); } else { virFreeError(errInitV4); @@ -70,7 +71,7 @@ static void networkSetupPrivateChains(void) if (rc < 0) { VIR_DEBUG("Failed to create global IPv6 chains: %s", virGetLastErrorMessage()); - errInitV6 = virSaveLastError(); + virErrorPreserveLast(&errInitV6); virResetLastError(); } else { virFreeError(errInitV6); -- 2.24.1

1 0

[libvirt PATCH 0/3] Remove usage of virHexToBin (glib chronicles)
by Ján Tomko 24 Feb '20

24 Feb '20

Prefer g_ascii_xdigit_value Ján Tomko (3): util: uuid: remove use of virHexToBin Remove all use of virHexToBin util: remove virHexToBin src/libvirt_private.syms | 1 - src/util/virbitmap.c | 3 +-- src/util/virmacaddr.c | 5 ++--- src/util/virutil.c | 15 --------------- src/util/virutil.h | 2 -- src/util/viruuid.c | 11 +++++------ src/vmx/vmx.c | 4 ++-- 7 files changed, 10 insertions(+), 31 deletions(-) -- 2.24.1

3 5

[PATCH 0/3] Tighten qemu-img rules on missing backing format
by Eric Blake 24 Feb '20

24 Feb '20

In the past, we have had CVEs caused by qemu probing one image type when an image started out as another but the guest was able to modify content. The solution to those CVEs was to encode backing format information into qcow2, to ensure that once we make a decision, we don't have to probe any further. However, we failed to enforce this at the time. And now that libvirt is switching to -blockdev, it has come back to bite us: with -block, libvirt had no easy way (other than json:{} pseudoprotocol) to force a backing file, but with -blockdev, libvirt HAS to use blockdev-open on the backing chain and supply a backing format there, and thus has to probe images. If libvirt ever probes differently than qemu, we are back to the potential guest-visible data corruption or potential host CVEs. It's time to deprecate images without backing formats. This patch series does two things: 1. record an implicit backing format where one is learned (although sadly, not all qemu-img commands are able to learn a format), 2. warn to the user any time a probe had ambiguous results or a backing format is omitted from an image. All previous images without a backing format are still usable, but hopefully the warnings (along with libvirt's complaints about images without a backing format) help us pinpoint remaining applications that are creating images on their own without recording a backing format. Perhaps I need to amend patch 3 and/or add a followup patch 4 that adds further iotest coverage of all the new warnings (patch 1 touched all the './check -qcow2' tests that were affected by the new warnings, except for 114 which actually wanted to trigger the warning, if you want to apply the series out of order to see the impact of the warnings). Eric Blake (3): iotests: Specify explicit backing format where sensible block: Add support to warn on backing file change without format qemu-img: Deprecate use of -b without -F block.c | 31 ++++++++++++++++++++--- block/qcow2.c | 2 +- block/stream.c | 2 +- blockdev.c | 3 ++- include/block/block.h | 4 +-- qemu-deprecated.texi | 12 +++++++++ qemu-img.c | 10 ++++++-- tests/qemu-iotests/017 | 2 +- tests/qemu-iotests/017.out | 2 +- tests/qemu-iotests/018 | 2 +- tests/qemu-iotests/018.out | 2 +- tests/qemu-iotests/019 | 5 ++-- tests/qemu-iotests/019.out | 2 +- tests/qemu-iotests/020 | 2 +- tests/qemu-iotests/020.out | 2 +- tests/qemu-iotests/024 | 8 +++--- tests/qemu-iotests/024.out | 5 ++-- tests/qemu-iotests/028 | 4 +-- tests/qemu-iotests/028.out | 2 +- tests/qemu-iotests/030 | 26 +++++++++++++------ tests/qemu-iotests/034 | 2 +- tests/qemu-iotests/034.out | 2 +- tests/qemu-iotests/037 | 2 +- tests/qemu-iotests/037.out | 2 +- tests/qemu-iotests/038 | 2 +- tests/qemu-iotests/038.out | 2 +- tests/qemu-iotests/039 | 3 ++- tests/qemu-iotests/039.out | 2 +- tests/qemu-iotests/040 | 47 +++++++++++++++++++++++++---------- tests/qemu-iotests/041 | 37 ++++++++++++++++++--------- tests/qemu-iotests/042 | 4 +-- tests/qemu-iotests/043 | 18 +++++++------- tests/qemu-iotests/043.out | 16 +++++++----- tests/qemu-iotests/046 | 2 +- tests/qemu-iotests/046.out | 2 +- tests/qemu-iotests/050 | 4 +-- tests/qemu-iotests/050.out | 2 +- tests/qemu-iotests/051 | 2 +- tests/qemu-iotests/051.out | 2 +- tests/qemu-iotests/051.pc.out | 2 +- tests/qemu-iotests/060 | 2 +- tests/qemu-iotests/060.out | 2 +- tests/qemu-iotests/061 | 10 ++++---- tests/qemu-iotests/061.out | 10 ++++---- tests/qemu-iotests/069 | 2 +- tests/qemu-iotests/069.out | 2 +- tests/qemu-iotests/073 | 2 +- tests/qemu-iotests/073.out | 2 +- tests/qemu-iotests/082 | 16 +++++++----- tests/qemu-iotests/082.out | 16 ++++++------ tests/qemu-iotests/085 | 4 +-- tests/qemu-iotests/085.out | 6 ++--- tests/qemu-iotests/089 | 2 +- tests/qemu-iotests/089.out | 2 +- tests/qemu-iotests/095 | 4 +-- tests/qemu-iotests/095.out | 4 +-- tests/qemu-iotests/097 | 4 +-- tests/qemu-iotests/097.out | 16 ++++++------ tests/qemu-iotests/098 | 2 +- tests/qemu-iotests/098.out | 8 +++--- tests/qemu-iotests/110 | 4 +-- tests/qemu-iotests/110.out | 4 +-- tests/qemu-iotests/114 | 4 +-- tests/qemu-iotests/114.out | 1 + tests/qemu-iotests/122 | 27 ++++++++++++-------- tests/qemu-iotests/122.out | 8 +++--- tests/qemu-iotests/126 | 4 +-- tests/qemu-iotests/126.out | 4 +-- tests/qemu-iotests/127 | 4 +-- tests/qemu-iotests/127.out | 4 +-- tests/qemu-iotests/129 | 3 ++- tests/qemu-iotests/133 | 2 +- tests/qemu-iotests/133.out | 2 +- tests/qemu-iotests/139 | 2 +- tests/qemu-iotests/141 | 4 +-- tests/qemu-iotests/141.out | 4 +-- tests/qemu-iotests/142 | 2 +- tests/qemu-iotests/142.out | 2 +- tests/qemu-iotests/153 | 14 +++++------ tests/qemu-iotests/153.out | 35 ++++++++++++++------------ tests/qemu-iotests/154 | 42 +++++++++++++++---------------- tests/qemu-iotests/154.out | 42 +++++++++++++++---------------- tests/qemu-iotests/155 | 12 ++++++--- tests/qemu-iotests/156 | 9 ++++--- tests/qemu-iotests/156.out | 6 ++--- tests/qemu-iotests/158 | 2 +- tests/qemu-iotests/158.out | 2 +- tests/qemu-iotests/161 | 8 +++--- tests/qemu-iotests/161.out | 8 +++--- tests/qemu-iotests/176 | 4 +-- tests/qemu-iotests/176.out | 32 ++++++++++++------------ tests/qemu-iotests/177 | 2 +- tests/qemu-iotests/177.out | 2 +- tests/qemu-iotests/179 | 2 +- tests/qemu-iotests/179.out | 2 +- tests/qemu-iotests/189 | 2 +- tests/qemu-iotests/189.out | 2 +- tests/qemu-iotests/191 | 12 ++++----- tests/qemu-iotests/191.out | 12 ++++----- tests/qemu-iotests/195 | 6 ++--- tests/qemu-iotests/195.out | 6 ++--- tests/qemu-iotests/198 | 2 +- tests/qemu-iotests/198.out | 3 ++- tests/qemu-iotests/204 | 2 +- tests/qemu-iotests/204.out | 2 +- tests/qemu-iotests/216 | 2 +- tests/qemu-iotests/224 | 4 +-- tests/qemu-iotests/228 | 5 ++-- tests/qemu-iotests/245 | 3 ++- tests/qemu-iotests/249 | 4 +-- tests/qemu-iotests/249.out | 4 +-- tests/qemu-iotests/252 | 2 +- tests/qemu-iotests/257 | 3 ++- tests/qemu-iotests/267 | 4 +-- tests/qemu-iotests/267.out | 6 ++--- tests/qemu-iotests/270 | 2 +- tests/qemu-iotests/270.out | 2 +- tests/qemu-iotests/273 | 4 +-- tests/qemu-iotests/273.out | 4 +-- tests/qemu-iotests/279 | 4 +-- tests/qemu-iotests/279.out | 4 +-- 121 files changed, 466 insertions(+), 348 deletions(-) -- 2.24.1

2 9

[libvirt PATCH 0/4] Do not depend on conf/ in util/
by Ján Tomko 24 Feb '20

24 Feb '20

Ján Tomko (4): syntax-check: inclusion rule for src/hypervisor conf: move virHostdevIs functions virhostdev: move to src/hypervisor virclosecallbacks: move to src/hypervisor build-aux/syntax-check.mk | 5 +- po/POTFILES.in | 4 +- src/bhyve/Makefile.inc.am | 1 + src/conf/domain_conf.c | 44 ++++++++++- src/conf/domain_conf.h | 10 +++ src/hypervisor/Makefile.inc.am | 4 + src/{util => hypervisor}/virclosecallbacks.c | 0 src/{util => hypervisor}/virclosecallbacks.h | 0 src/{util => hypervisor}/virhostdev.c | 43 ---------- src/{util => hypervisor}/virhostdev.h | 9 --- src/libvirt_private.syms | 83 ++++++++++---------- src/libxl/Makefile.inc.am | 1 + src/util/Makefile.inc.am | 4 - tests/Makefile.am | 1 + 14 files changed, 105 insertions(+), 104 deletions(-) rename src/{util => hypervisor}/virclosecallbacks.c (100%) rename src/{util => hypervisor}/virclosecallbacks.h (100%) rename src/{util => hypervisor}/virhostdev.c (98%) rename src/{util => hypervisor}/virhostdev.h (97%) -- 2.24.1

2 6

[libvirt PATCH] ci: Fix handling of $PKG_CONFIG_LIBDIR
by Andrea Bolognani 24 Feb '20

24 Feb '20

There are two environment variables that are baked into our cross-compilation container images at build time, $CONFIGURE_OPTS and $PKG_CONFIG_LIBDIR: the former contain the options necessary to convince configure to perform a cross build rather than a native one, and the latter is necessary so that pkg-config will locate the .pc files for MinGW libraries. Container images that are not intended for cross-compilation will not have either one defined. The problem is that, while an empty $CONFIGURE_OPTS is completely harmless, setting $PKG_CONFIG_LIBDIR to an emtpy value will result in pkg-config not looking in its default search path, thus not finding any library, and subsequently breaking native builds. To work around this issue, only pass $PKG_CONFIG_LIBDIR to sudo when the value is set in the calling environment. Fixes: 71517ae4db35c4dcc6c358d60d3a6d5da0615d39 Signed-off-by: Andrea Bolognani <abologna(a)redhat.com> --- Pushed as a CI fix. ci/Makefile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ci/Makefile b/ci/Makefile index 03799924b4..577b130d2f 100644 --- a/ci/Makefile +++ b/ci/Makefile @@ -216,12 +216,15 @@ ci-run-command@%: ci-prepare-tree $(CI_ENGINE) run $(CI_ENGINE_ARGS) $(CI_IMAGE_PREFIX)$*$(CI_IMAGE_TAG) \ /bin/bash -c ' \ $(CI_USER_HOME)/prepare || exit 1; \ + if test "$$PKG_CONFIG_LIBDIR"; then \ + pkgconfig_env="PKG_CONFIG_LIBDIR=$$PKG_CONFIG_LIBDIR"; \ + fi; \ sudo \ --login \ --user="#$(CI_UID)" \ --group="#$(CI_GID)" \ CONFIGURE_OPTS="$$CONFIGURE_OPTS" \ - PKG_CONFIG_LIBDIR="$$PKG_CONFIG_LIBDIR" \ + $$pkgconfig_env \ CI_CONT_SRCDIR="$(CI_CONT_SRCDIR)" \ CI_CONT_BUILDDIR="$(CI_CONT_BUILDDIR)" \ CI_SMP="$(CI_SMP)" \ -- 2.24.1

1 0

[PATCH] apparmor: allow to call vhost-user-gpu
by Christian Ehrhardt 24 Feb '20

24 Feb '20

Configuring vhost-user-gpu like: <video> <driver name='vhostuser'/> <model type='virtio' heads='1'/> </video> Triggers an apparmor denial like: apparmor="DENIED" operation="exec" profile="libvirtd" name="/usr/lib/qemu/vhost-user-gpu" pid=888257 comm="libvirtd" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 This helper is provided by qemu for vhost-user-gpu and thereby being in the same path as qemu_bridge_helper. Due to that adding a rule allowing to call uses the same path list. Signed-off-by: Christian Ehrhardt <christian.ehrhardt(a)canonical.com> --- src/security/apparmor/usr.sbin.libvirtd.in | 1 + 1 file changed, 1 insertion(+) diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/apparmor/usr.sbin.libvirtd.in index b384b7213b..1e137039e9 100644 --- a/src/security/apparmor/usr.sbin.libvirtd.in +++ b/src/security/apparmor/usr.sbin.libvirtd.in @@ -86,6 +86,7 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) { /usr/{lib,lib64}/xen-common/bin/xen-toolstack PUx, /usr/{lib,lib64}/xen/bin/* Ux, /usr/lib/xen-*/bin/libxl-save-helper PUx, + /usr/{lib,lib64,lib/qemu,libexec}/vhost-user-gpu PUx, # Required by nwfilter_ebiptables_driver.c:ebiptablesWriteToTempFile() to # read and run an ebtables script. -- 2.25.0

2 4

[libvirt PATCH 0/2] travis: Use dedicated images for MinGW builds
by Andrea Bolognani 24 Feb '20

24 Feb '20

Andrea Bolognani (2): ci: Make container environment available to scripts travis: Use dedicated images for MinGW builds .travis.yml | 10 ++++------ ci/Makefile | 2 ++ 2 files changed, 6 insertions(+), 6 deletions(-) -- 2.24.1

1 3

[libvirt PATCH] qemu: use correct backendType when checking memfd capability
by Ján Tomko 24 Feb '20

24 Feb '20

The backend name is memory-backend-memfd but we've been checking for memory-backend-memory. Reported by GCC on rawhide: ../../../src/internal.h:75:22: error: 'strcmp' of a string of length 21 and an array of size 21 evaluates to nonzero [-Werror=string-compare] ../../../src/qemu/qemu_command.c:3525:20: note: in expansion of macro 'STREQ' 3525 | } else if (STREQ(backendType, "memory-backend-memory") && | ^~~~~ Signed-off-by: Ján Tomko <jtomko(a)redhat.com> Fixes: 24b74d187cab48a9dc9f409ea78900154c709579 --- src/qemu/qemu_command.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index f69a9e651c..6d5b53d30a 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -3522,7 +3522,7 @@ qemuBuildMemoryBackendProps(virJSONValuePtr *backendProps, _("this qemu doesn't support the " "memory-backend-ram object")); return -1; - } else if (STREQ(backendType, "memory-backend-memory") && + } else if (STREQ(backendType, "memory-backend-memfd") && !virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_MEMORY_MEMFD)) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("this qemu doesn't support the " -- 2.24.1

2 1