July 2021 - Devel - libvirt List Archives

[PATCH v2 0/2] qemu: Ignore RESET/SHUTDOWN events during startup
by Peter Krempa 30 Jul '21

30 Jul '21

Before we resume the CPUs there was no guest code executed so the events emitted by qemu are purely based on libvirt actions. Ignore them since they are emitted when we are resetting the machine so that it picks up hotplugged disks. Peter Krempa (2): qemu: process: Ignore 'RESET' event during startup qemu: process: Ignore 'SHUTDOWN' event during startup src/qemu/qemu_process.c | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) -- 2.31.1

2 3

[libvirt PATCH] gitlab: use custom docker:dind image
by Daniel P. Berrangé 30 Jul '21

30 Jul '21

The current docker:dind container has broken default seccomp filter that results in clone3 being blocked, which in turn breaks Fedora 35 rawhide. This custom image has a workaround that causes the seccomp filter to return ENOSYS for clone3 instad of EPERM, thus triggering glibc to fallback to clone correctly. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- .gitlab-ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 344ecdf3ba..d1609c260d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -21,7 +21,8 @@ stages: stage: containers needs: [] services: - - docker:dind + - name: registry.gitlab.com/libvirt/libvirt-ci/docker-dind:master + alias: docker rules: - if: "$TEMPORARILY_DISABLED" allow_failure: true -- 2.31.1

2 1

Entering freeze for libvirt-7.6.0
by Pavel Hrdina 29 Jul '21

29 Jul '21

I have just tagged v7.6.0-rc1 in the repository and pushed signed tarballs and source RPMs to https://libvirt.org/sources/ Please give the release candidate some testing and in case you find a serious issue which should have a fix in the upcoming release, feel free to reply to this thread to make sure the issue is more visible. If you have not done so yet, please update NEWS.rst to document any significant change you made since the last release. Thanks, Pavel

1 1

[PATCH] util: fix: duplicated index at nested loop in virNVMeDeviceListCreateReAttachList
by Yi Wang 29 Jul '21

29 Jul '21

From: Jia Zhou <zhou.jia2(a)zte.com.cn> When loop in function virNVMeDeviceListCreateReAttachList() there may be reused index @i, this patch fix this by using a new @j. Signed-off-by: Jia Zhou <zhou.jia2(a)zte.com.cn> Signed-off-by: Yi Wang <wang.yi59(a)zte.com.cn> --- src/util/virnvme.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/util/virnvme.c b/src/util/virnvme.c index 49102e3..b54a195 100644 --- a/src/util/virnvme.c +++ b/src/util/virnvme.c @@ -399,7 +399,7 @@ virNVMeDeviceListCreateReAttachList(virNVMeDeviceListPtr activeList, virNVMeDeviceListPtr toReAttachList) { g_autoptr(virPCIDeviceList) pciDevices = NULL; - size_t i; + size_t i, j; if (!(pciDevices = virPCIDeviceListNew())) return NULL; @@ -412,8 +412,8 @@ virNVMeDeviceListCreateReAttachList(virNVMeDeviceListPtr activeList, /* Check if there is any other NVMe device with the same PCI address as * @d. To simplify this, let's just count how many NVMe devices with * the same PCI address there are on the @activeList. */ - for (i = 0; i < activeList->count; i++) { - virNVMeDevicePtr other = activeList->devs[i]; + for (j = 0; j < activeList->count; j++) { + virNVMeDevicePtr other = activeList->devs[j]; if (!virPCIDeviceAddressEqual(&d->address, &other->address)) continue; -- 1.8.3.1

3 3

[PATCH] NEWS: Add haltpolling time statistic interface
by Yang Fei 29 Jul '21

29 Jul '21

Signed-off-by: Yang Fei <yangfei85(a)huawei.com> --- NEWS.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/NEWS.rst b/NEWS.rst index 00f8788536..a5021b386d 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -36,6 +36,12 @@ v7.6.0 (unreleased) of an incorrect definition, e.g. by forgetting to specify ``iommu=on`` on all virtio devices. + * domstats: Add haltpolling time statistic interface + + Domstats now provide the data of cpu haltpolling time. This feature relies + on statistics available after kernel version 5.8. This will allow the user + to get more accurate CPU usage information if needed. + * **Improvements** * **Bug fixes** -- 2.23.0

2 1

[PATCH] NEWS: Fix false positive of sc_prohibit_doubled_word
by Michal Privoznik 28 Jul '21

28 Jul '21

In the previous commit we've added a sentence into NEWS.rst that supposedly contains doubled word. Well, it doesn't really. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- Pushed as trivial. NEWS.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/NEWS.rst b/NEWS.rst index 4f46f92949..00f8788536 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -33,8 +33,8 @@ v7.6.0 (unreleased) Specifying s390-pv as launch security type in an s390 domain prepares for running the guest in protected virtualization secure mode, also known as IBM Secure Execution. This simplifies the definition and reduces the risk - of an incorrect definition, e.g. by forgetting to specify iommu=on on all - virtio devices. + of an incorrect definition, e.g. by forgetting to specify ``iommu=on`` on + all virtio devices. * **Improvements** -- 2.31.1

2 1

[PATCH] rpm: properly disble -Werror
by Daniel P. Berrangé 28 Jul '21

28 Jul '21

Since we use git to manage RPM applied patches, we need to disable both meson's -Werror config knob and libvirt's equivalent. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- libvirt.spec.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libvirt.spec.in b/libvirt.spec.in index cb48dd0be0..b09336b441 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -192,7 +192,7 @@ %if 0%{?rhel} %define enable_werror -Dwerror=true %else - %define enable_werror -Dwerror=false + %define enable_werror -Dwerror=false -Wgit_werror=disabled %endif %define tls_priority "@LIBVIRT,SYSTEM" -- 2.31.1

3 3

[PATCH] NEWS: Add new launch security type s390-pv
by Boris Fiuczynski 28 Jul '21

28 Jul '21

Signed-off-by: Boris Fiuczynski <fiuczy(a)linux.ibm.com> Reviewed-by: Viktor Mihajlovski <mihajlov(a)linux.ibm.com> --- NEWS.rst | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/NEWS.rst b/NEWS.rst index 618f478b81..134444b287 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -28,6 +28,14 @@ v7.6.0 (unreleased) block tracking features (block-dirty-bitmaps) to be able to do incremental backups and management of the checkpoint states via the appropriate APIs. + * qemu: Add support for launch security type s390-pv + + Specifying s390-pv as launch security type in an s390 domain prepares for + running the guest in protected virtualization secure mode, also known as + IBM Secure Execution. This simplifies the definition and reduces the risk + of an incorrect definition, e.g. by forgetting to specify iommu=on on all + virtio devices. + * **Improvements** * **Bug fixes** -- 2.31.1

2 1

[libvirt][PATCH v4 0/4] Support query and use SGX
by Haibin Huang 28 Jul '21

28 Jul '21

This patch series provides support for enabling Intel's Software Guard Extensions (SGX) feature in guest VM. Giving the SGX support in QEMU is still pending for reviewing, this patch series is not submmited for code review, but only describe the SGX enabling solution design that contains changes to virConnectGetDomainCapabilities API response and domain definition. All comments/suggestions would be highly appreciated. Intel Software Guard Extensions (Intel® SGX) is a set of instructions that increases the security of application code and data, giving them more protection from disclosure or modification. Developers can partition sensitive information into enclaves, which are areas of execution in memory with more security protection. The typical flow looks below at very high level: 1. Calls virConnectGetDomainCapabilities API to domain capabilities that includes the following SGX information. <feature> ... <sgx supported='yes'> <epc_size unit=’KiB’>N</epc_size> </sgx> </feature> 2. User requests to start a guest calling virCreateXML() with SGX requirement. It should contain <launchSecurity type='sgx'> <epc_size unit='KiB'>N</epc_size> </launchSecurity> Haibin Huang (1): Support to query SGX capability Lin Yang (3): conf: Introduce SGX related element into domain xml qemu: Add command-line to generate SGX EPC memory backend qemu: Add command-line to enable SGX src/conf/domain_capabilities.c | 29 ++++ src/conf/domain_capabilities.h | 13 ++ src/conf/domain_conf.c | 106 +++++++++---- src/conf/domain_conf.h | 10 ++ src/conf/virconftypes.h | 3 + src/libvirt_private.syms | 2 +- src/qemu/qemu_capabilities.c | 146 ++++++++++++++++++ src/qemu/qemu_capabilities.h | 6 + src/qemu/qemu_command.c | 30 ++++ src/qemu/qemu_monitor.c | 10 ++ src/qemu/qemu_monitor.h | 3 + src/qemu/qemu_monitor_json.c | 91 +++++++++++ src/qemu/qemu_monitor_json.h | 3 + tests/domaincapsdata/bhyve_basic.x86_64.xml | 1 + tests/domaincapsdata/bhyve_fbuf.x86_64.xml | 1 + tests/domaincapsdata/bhyve_uefi.x86_64.xml | 1 + tests/domaincapsdata/empty.xml | 1 + tests/domaincapsdata/libxl-xenfv.xml | 1 + tests/domaincapsdata/libxl-xenpv.xml | 1 + .../domaincapsdata/qemu_1.5.3-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_1.5.3-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_1.5.3.x86_64.xml | 1 + .../domaincapsdata/qemu_1.6.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_1.6.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_1.6.0.x86_64.xml | 1 + .../domaincapsdata/qemu_1.7.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_1.7.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_1.7.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.1.1-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.1.1-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.1.1.x86_64.xml | 1 + .../domaincapsdata/qemu_2.10.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.10.0-tcg.x86_64.xml | 1 + .../qemu_2.10.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.10.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.10.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_2.10.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.10.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.11.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.11.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.11.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.11.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.12.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.12.0-tcg.x86_64.xml | 1 + .../qemu_2.12.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.12.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.12.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_2.12.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.12.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.4.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.4.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.4.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.5.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.5.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.5.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.6.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.6.0-tcg.x86_64.xml | 1 + .../qemu_2.6.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.6.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.6.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_2.6.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.7.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.7.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.7.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.7.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.8.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.8.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.8.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.8.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.9.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.9.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.9.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_2.9.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.9.0.x86_64.xml | 1 + .../domaincapsdata/qemu_3.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_3.0.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_3.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_3.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_3.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_3.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_3.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_3.1.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_3.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.0.0-tcg.x86_64.xml | 1 + .../qemu_4.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_4.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_4.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml | 1 + .../qemu_4.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.s390x.xml | 1 + tests/domaincapsdata/qemu_4.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml | 1 + .../qemu_5.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_5.1.0.x86_64.xml | 1 + 109 files changed, 519 insertions(+), 29 deletions(-) -- 2.17.1

5 25

Turning off -Werror
by Richard W.M. Jones 28 Jul '21

28 Jul '21

commit 3c3c55be66e230ef09ad927eda038dc32f01a166 Author: Daniel P. Berrangé <berrange(a)redhat.com> Date: Thu Apr 8 11:50:30 2021 +0100 meson: don't probe for -Werror if --werror is enabled Builds are failing in Fedora Rawhide at the moment because of a warning being turned into an error. Fedora's spec file has this which is supposed to turn off -Werror, but it no longer works after the above commit was added. https://src.fedoraproject.org/rpms/libvirt/blob/rawhide/f/libvirt.spec#_189 I'm trying to understand how you're supposed to turn off -Werror. According to meson documentation omitting --werror should work. According to some different docs, use --werror=false. Neither are working for me. I'm actually wondering if the commit above is wrong. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-top is 'top' for virtual machines. Tiny program with many powerful monitoring features, net stats, disk stats, logging, etc. http://people.redhat.com/~rjones/virt-top

2 2