[libvirt PATCH] build-aux: Get rid of 'make syntax-check' reference
by Erik Skultety
Change the 'make syntax-check' reference after the switch to
meson/ninja.
Signed-off-by: Erik Skultety <eskultet(a)redhat.com>
---
This is a follow-up to
https://www.redhat.com/archives/libvir-list/2020-August/msg00328.html.
Pushed as trivial.
build-aux/syntax-check.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/build-aux/syntax-check.mk b/build-aux/syntax-check.mk
index 6eb59cf90e..16c70750e8 100644
--- a/build-aux/syntax-check.mk
+++ b/build-aux/syntax-check.mk
@@ -675,7 +675,7 @@ msg_gen_function += virReportErrorHelper
msg_gen_function += virReportSystemError
msg_gen_function += virLastErrorPrefixMessage
-# Uncomment the following and run "make syntax-check" to see diagnostics
+# Uncomment the following and run "ninja test" to see diagnostics
# that are not yet marked for translation, but that need to be rewritten
# so that they are translatable.
# msg_gen_function += fprintf
--
2.26.2
4 years, 4 months
[PATCH 0/4] remove 'make check' references from code
by Daniel Henrique Barboza
Simple series that removes the references of the now former
'make check', replacing it to 'ninja test'.
Daniel Henrique Barboza (4):
docs: get rid of 'make check' references
ci/Makefile: get rid of 'make check' references
tests: get rid of 'make check' references
vbox_XPCOMCGlue.c: get rid of 'make check' reference
ci/Makefile | 6 +++---
docs/advanced-tests.rst | 2 +-
docs/api_extension.html.in | 9 ++++-----
docs/testsuites.html.in | 3 ++-
src/vbox/vbox_XPCOMCGlue.c | 2 +-
tests/domaincapstest.c | 2 +-
tests/qemucapabilitiestest.c | 2 +-
tests/test-lib.sh | 2 +-
8 files changed, 14 insertions(+), 14 deletions(-)
--
2.26.2
4 years, 4 months
[PATCH V3 0/3] Xen: Support PCI permissive setting with writeFiltering attribute
by Jim Fehlig
This is V3 of Marek's series to support the xl.cfg(5) permissive setting on
PCI devices. V2 can be found here
https://www.redhat.com/archives/libvir-list/2020-April/msg01230.html
Changes from V2:
Instead of using a permisssive attribute on the <hostdev> element, use a
writeFiltering attribute on the <hostdev>'s <source> element. Rational
being that the filtering of writes to the PCI config space is done at
the source.
Jim Fehlig (3):
Xen: Add writeFiltering option for PCI devices
Xen: Add support for writeFiltering in config converter
News: Advertise support for writeFiltering attribute of PCI hostdevs
NEWS.rst | 7 +++
docs/formatdomain.rst | 7 ++-
docs/schemas/domaincommon.rng | 5 ++
src/conf/domain_conf.c | 14 +++++
src/conf/domain_conf.h | 1 +
src/libxl/libxl_conf.c | 1 +
src/libxl/xen_common.c | 52 ++++++++++++++++--
.../libxlxml2domconfigdata/moredevs-hvm.json | 6 +++
tests/libxlxml2domconfigdata/moredevs-hvm.xml | 5 ++
tests/xlconfigdata/test-fullvirt-pci.cfg | 25 +++++++++
tests/xlconfigdata/test-fullvirt-pci.xml | 53 +++++++++++++++++++
tests/xlconfigtest.c | 1 +
12 files changed, 171 insertions(+), 6 deletions(-)
create mode 100644 tests/xlconfigdata/test-fullvirt-pci.cfg
create mode 100644 tests/xlconfigdata/test-fullvirt-pci.xml
--
2.28.0
4 years, 4 months
[PATCH 0/3] batch: don't require checking retvalue of some bitmap ops
by Nikolay Shirokovskiy
Most of bitmap setBit/clearBit/getBit users know that the bitmap index is
not out of bound and thus don't check the return value. More precisely
the stats is next:
Method all check
===================================
virBitmapSetBit 85 14
virBitmapClearBit 15 3
virBitmapGetBit 15 6
where 'all' is the number of all occurences of the method and 'check' is the
number of occurences with 'if (method' pattern.
Thus keeping the retvalue checking requirement produces more
noise then helps. I guess we even can make these function return
void as users can simply compare the index with the bitmap size.
The removing of ignore_value was done by sed together with several manual
editings where methods calls were splitted across two lines.
FILES=`git grep -l 'ignore_value(virBitmapGetBit('`
sed -ibak -re 's/ignore_value\(virBitmapGetBit\((.*)\)\);/virBitmapGetBit(\1\);/' "$FILES"
Nikolay Shirokovskiy (3):
batch: don't require checking retvalue for virBitmapSetBit
batch: don't require checking retvalue for virBitmapClearBit
batch: don't require checking retvalue for virBitmapGetBit
src/conf/capabilities.c | 2 +-
src/conf/checkpoint_conf.c | 2 +-
src/conf/domain_addr.c | 8 ++++----
src/conf/domain_conf.c | 9 ++++-----
src/conf/node_device_conf.c | 2 +-
src/conf/snapshot_conf.c | 2 +-
src/conf/storage_conf.c | 2 +-
src/libxl/libxl_capabilities.c | 2 +-
src/network/bridge_driver.c | 6 +++---
src/qemu/qemu_capabilities.c | 4 ++--
src/qemu/qemu_domain.c | 2 +-
src/qemu/qemu_domain_address.c | 4 ++--
src/qemu/qemu_driver.c | 8 ++++----
src/qemu/qemu_hotplug.c | 6 +++---
src/qemu/qemu_migration_cookie.c | 8 ++++----
src/qemu/qemu_migration_params.c | 28 +++++++++++++---------------
src/qemu/qemu_monitor.c | 2 +-
src/qemu/qemu_slirp.c | 2 +-
src/test/test_driver.c | 2 +-
src/util/virbitmap.h | 6 +++---
src/util/vircommand.c | 2 +-
src/util/virdnsmasq.c | 2 +-
src/util/virhostcpu.c | 2 +-
src/util/virjson.c | 2 +-
src/util/virnetdev.c | 10 +++++-----
src/util/virnuma.c | 4 ++--
src/util/virprocess.c | 4 ++--
src/util/virresctrl.c | 2 +-
src/util/virstoragefile.c | 2 +-
src/vmx/vmx.c | 2 +-
tests/qemumonitorjsontest.c | 2 +-
tests/testutils.c | 2 +-
tests/virbitmaptest.c | 28 ++++++++++++++--------------
tools/virsh-domain.c | 4 ++--
tools/virt-host-validate-common.c | 2 +-
35 files changed, 87 insertions(+), 90 deletions(-)
--
1.8.3.1
4 years, 4 months
[PATCH 1/2] apparmor: allow adding permanent per guest rules
by Christian Ehrhardt
The design of apparmor in libvirt always had a way to define custom
per-guest rules as described in docs/drvqemu.html and [1].
A fix meant to clean the profiles after guest shutdown was a bit
overzealous and accidentially removed this important admin feature as
well.
Therefore reduce the --delete option of virt-aa-helper to only delete
the .files that would be re-generated in any case.
Users/Admins are always free to clean the profiles themselve if they
prefer a clean directory - they will be regenerated as needed. But
libvirt should never remove the base profile meant to allow per-guest
overrides and thereby break a documented feature.
[1]: https://gitlab.com/apparmor/apparmor/-/wikis/Libvirt#advanced-usage
Fixes: eba2225b "apparmor: delete profile on VM shutdown"
Signed-off-by: Christian Ehrhardt <christian.ehrhardt(a)canonical.com>
---
src/security/virt-aa-helper.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index dadb9d1614..4b66422b8f 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -99,7 +99,7 @@ vah_usage(void)
" Modes:\n"
" -a | --add load profile\n"
" -c | --create create profile from template\n"
- " -D | --delete unload and delete profile\n"
+ " -D | --delete unload profile and delete generated rules\n"
" -r | --replace reload profile\n"
" -R | --remove unload profile\n"
" Options:\n"
@@ -1491,7 +1491,6 @@ main(int argc, char **argv)
rc = parserRemove(ctl->uuid);
if (ctl->cmd == 'D') {
unlink(include_file);
- unlink(profile);
}
} else if (ctl->cmd == 'c' || ctl->cmd == 'r') {
char *included_files = NULL;
--
2.27.0
4 years, 4 months
Plans for the next release
by Jiri Denemark
I'm sending this quite early this month as I'm on vacation tomorrow and
next week and I wanted to make sure the plan for the release is
advertised earlier than just a day or two before the freeze.
To aim for the release on Sep 01 I suggest entering the freeze in two
weeks on Wednesday Aug 26 and tagging RC2 on Friday Aug 28 in the
afternoon.
I hope this works for everyone.
Jirka
4 years, 4 months
[libvirt PATCH] qemu: fix crash in qemuDomainSetBlkioParameters without cgroups
by Pavel Hrdina
If we don't have cgroups available and user tries to update blkio
parameters for running VM it will crash.
It should have been protected by the virCgroupHasController() check but
it was never called if the API was executed without any flags.
We call virDomainObjGetDefs() which sets `def` and `persistentDef` based
on the flags and these two variables should be used to figure out if we
need to update LIVE, CONFIG or both states.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1808293
Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com>
---
src/qemu/qemu_driver.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 07e9518a9b..8008da6d16 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -9356,7 +9356,7 @@ qemuDomainSetBlkioParameters(virDomainPtr dom,
if (virDomainObjGetDefs(vm, flags, &def, &persistentDef) < 0)
goto endjob;
- if (flags & VIR_DOMAIN_AFFECT_LIVE) {
+ if (def) {
if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_BLKIO)) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
_("blkio cgroup isn't mounted"));
--
2.26.2
4 years, 4 months
[libvirt PATCH] docs: formatdomain: fix superscripts
by Ján Tomko
There needs to be a space before the :sup: directive.
Signed-off-by: Ján Tomko <jtomko(a)redhat.com>
---
Pushed as trivial.
docs/formatdomain.rst | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 218f0c1718..8365fc8bbb 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -896,12 +896,12 @@ Memory Allocation
hotplugged later. The units for this value are determined by the optional
attribute ``unit``, which defaults to "KiB" (kibibytes, 2\ :sup:`10` or
blocks of 1024 bytes). Valid units are "b" or "bytes" for bytes, "KB" for
- kilobytes (10:sup:`3` or 1,000 bytes), "k" or "KiB" for kibibytes (1024
- bytes), "MB" for megabytes (10:sup:`6` or 1,000,000 bytes), "M" or "MiB" for
- mebibytes (2:sup:`20` or 1,048,576 bytes), "GB" for gigabytes (10:sup:`9` or
- 1,000,000,000 bytes), "G" or "GiB" for gibibytes (2:sup:`30` or 1,073,741,824
- bytes), "TB" for terabytes (10:sup:`12` or 1,000,000,000,000 bytes), or "T"
- or "TiB" for tebibytes (2:sup:`40` or 1,099,511,627,776 bytes). However, the
+ kilobytes (10\ :sup:`3` or 1,000 bytes), "k" or "KiB" for kibibytes (1024
+ bytes), "MB" for megabytes (10\ :sup:`6` or 1,000,000 bytes), "M" or "MiB" for
+ mebibytes (2\ :sup:`20` or 1,048,576 bytes), "GB" for gigabytes (10\ :sup:`9` or
+ 1,000,000,000 bytes), "G" or "GiB" for gibibytes (2\ :sup:`30` or 1,073,741,824
+ bytes), "TB" for terabytes (10\ :sup:`12` or 1,000,000,000,000 bytes), or "T"
+ or "TiB" for tebibytes (2\ :sup:`40` or 1,099,511,627,776 bytes). However, the
value will be rounded up to the nearest kibibyte by libvirt, and may be
further rounded to the granularity supported by the hypervisor. Some
hypervisors also enforce a minimum, such as 4000KiB. In case
--
2.26.2
4 years, 4 months
[libvirt PATCH v2] kbase: sev: Provide more details on virtio-net configuration
by Erik Skultety
With virtio-net we also need to disable the iPXE option ROM otherwise
a SEV-enabled guest would not boot. While at it, fix the full machine
XML examples accordingly.
Reported-by: Dr. David Alan Gilbert <dgilbert(a)redhat.com>
Signed-off-by: Erik Skultety <eskultet(a)redhat.com>
---
since v1:
- ditched any mentions of vhost, since we can assume all the supported
distros to have the latest QEMU-2.12 build containing the bugfix to make
vhost work with SEV
docs/kbase/launch_security_sev.rst | 28 ++++++++++++++++++++++++++--
1 file changed, 26 insertions(+), 2 deletions(-)
diff --git a/docs/kbase/launch_security_sev.rst b/docs/kbase/launch_security_sev.rst
index cfdc2a6120..4a37c0c379 100644
--- a/docs/kbase/launch_security_sev.rst
+++ b/docs/kbase/launch_security_sev.rst
@@ -291,8 +291,9 @@ can still perform DoS on each other.
Virtio
------
-In order to make virtio devices work, we need to enable emulated IOMMU
-on the devices so that virtual DMA can work.
+In order to make virtio devices work, we need to use
+``<driver iommu='on'/>`` inside the given device XML element in order
+to enable DMA API in the virtio driver.
::
@@ -337,6 +338,26 @@ model, which means that virtio GPU cannot be used.
...
</domain>
+Virtio-net
+~~~~~~~~~~
+With virtio-net it's also necessary to disable the iPXE option ROM as
+iPXE is not aware of SEV (at the time of this writing). This translates to the
+following XML:
+
+::
+
+ <domain>
+ ...
+ <interface type='network'>
+ ...
+ <model type='virtio'/>
+ <driver iommu='on'/>
+ <rom enabled='no'/>
+ </interface>
+ ...
+ <domain>
+
+
Checking SEV from within the guest
==================================
@@ -424,6 +445,7 @@ Q35 machine
<source network='default'/>
<model type='virtio'/>
<driver iommu='on'/>
+ <rom enabled='no'/>
</interface>
<graphics type='spice' autoport='yes'>
<listen type='address'/>
@@ -496,6 +518,8 @@ PC-i440fx machine
<mac address='52:54:00:d8:96:c8'/>
<source network='default'/>
<model type='virtio-non-transitional'/>
+ <driver iommu='on'/>
+ <rom enabled='no'/>
</interface>
<serial type='pty'>
<target type='isa-serial' port='0'>
--
2.26.2
4 years, 4 months
[libvirt PATCH] vircgroupv2devices: fix counting entries in BPF map
by Pavel Hrdina
BPF syscall BPF_MAP_GET_NEXT_KEY returns -1 if something fails but it
will also return -1 if trying to get next key using the last key in the
map with errno set to ENOENT.
If there are VMs running and libvirtd is restarted and user tries to
call some cgroup devices operation on a VM we need to get the count of
entries in BPF map and it fails which will result in error when trying
to attach/detech devices.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1833321
Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com>
---
src/util/vircgroupv2devices.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/util/vircgroupv2devices.c b/src/util/vircgroupv2devices.c
index d62ee12a05..234e0f2278 100644
--- a/src/util/vircgroupv2devices.c
+++ b/src/util/vircgroupv2devices.c
@@ -342,7 +342,7 @@ virCgroupV2DevicesCountMapEntries(int mapfd)
prevKey = key;
}
- if (rc < 0)
+ if (rc < 0 && errno != ENOENT)
return -1;
return ret;
--
2.26.2
4 years, 4 months