[libvirt PATCH] gitlab: use custom docker:dind image
by Daniel P. Berrangé
The current docker:dind container has broken default seccomp filter that
results in clone3 being blocked, which in turn breaks Fedora 35 rawhide.
This custom image has a workaround that causes the seccomp filter to
return ENOSYS for clone3 instad of EPERM, thus triggering glibc to
fallback to clone correctly.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
.gitlab-ci.yml | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 344ecdf3ba..d1609c260d 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -21,7 +21,8 @@ stages:
stage: containers
needs: []
services:
- - docker:dind
+ - name: registry.gitlab.com/libvirt/libvirt-ci/docker-dind:master
+ alias: docker
rules:
- if: "$TEMPORARILY_DISABLED"
allow_failure: true
--
2.31.1
2 years, 9 months
Entering freeze for libvirt-7.6.0
by Pavel Hrdina
I have just tagged v7.6.0-rc1 in the repository and pushed signed
tarballs and source RPMs to https://libvirt.org/sources/
Please give the release candidate some testing and in case you find a
serious issue which should have a fix in the upcoming release, feel
free to reply to this thread to make sure the issue is more visible.
If you have not done so yet, please update NEWS.rst to document any
significant change you made since the last release.
Thanks,
Pavel
2 years, 9 months
[PATCH] util: fix: duplicated index at nested loop in virNVMeDeviceListCreateReAttachList
by Yi Wang
From: Jia Zhou <zhou.jia2(a)zte.com.cn>
When loop in function virNVMeDeviceListCreateReAttachList() there may be
reused index @i, this patch fix this by using a new @j.
Signed-off-by: Jia Zhou <zhou.jia2(a)zte.com.cn>
Signed-off-by: Yi Wang <wang.yi59(a)zte.com.cn>
---
src/util/virnvme.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/util/virnvme.c b/src/util/virnvme.c
index 49102e3..b54a195 100644
--- a/src/util/virnvme.c
+++ b/src/util/virnvme.c
@@ -399,7 +399,7 @@ virNVMeDeviceListCreateReAttachList(virNVMeDeviceListPtr activeList,
virNVMeDeviceListPtr toReAttachList)
{
g_autoptr(virPCIDeviceList) pciDevices = NULL;
- size_t i;
+ size_t i, j;
if (!(pciDevices = virPCIDeviceListNew()))
return NULL;
@@ -412,8 +412,8 @@ virNVMeDeviceListCreateReAttachList(virNVMeDeviceListPtr activeList,
/* Check if there is any other NVMe device with the same PCI address as
* @d. To simplify this, let's just count how many NVMe devices with
* the same PCI address there are on the @activeList. */
- for (i = 0; i < activeList->count; i++) {
- virNVMeDevicePtr other = activeList->devs[i];
+ for (j = 0; j < activeList->count; j++) {
+ virNVMeDevicePtr other = activeList->devs[j];
if (!virPCIDeviceAddressEqual(&d->address, &other->address))
continue;
--
1.8.3.1
2 years, 9 months
[PATCH] NEWS: Add haltpolling time statistic interface
by Yang Fei
Signed-off-by: Yang Fei <yangfei85(a)huawei.com>
---
NEWS.rst | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/NEWS.rst b/NEWS.rst
index 00f8788536..a5021b386d 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -36,6 +36,12 @@ v7.6.0 (unreleased)
of an incorrect definition, e.g. by forgetting to specify ``iommu=on`` on
all virtio devices.
+ * domstats: Add haltpolling time statistic interface
+
+ Domstats now provide the data of cpu haltpolling time. This feature relies
+ on statistics available after kernel version 5.8. This will allow the user
+ to get more accurate CPU usage information if needed.
+
* **Improvements**
* **Bug fixes**
--
2.23.0
2 years, 9 months
[PATCH] NEWS: Fix false positive of sc_prohibit_doubled_word
by Michal Privoznik
In the previous commit we've added a sentence into NEWS.rst that
supposedly contains doubled word. Well, it doesn't really.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
Pushed as trivial.
NEWS.rst | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/NEWS.rst b/NEWS.rst
index 4f46f92949..00f8788536 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -33,8 +33,8 @@ v7.6.0 (unreleased)
Specifying s390-pv as launch security type in an s390 domain prepares for
running the guest in protected virtualization secure mode, also known as
IBM Secure Execution. This simplifies the definition and reduces the risk
- of an incorrect definition, e.g. by forgetting to specify iommu=on on all
- virtio devices.
+ of an incorrect definition, e.g. by forgetting to specify ``iommu=on`` on
+ all virtio devices.
* **Improvements**
--
2.31.1
2 years, 9 months
[PATCH] rpm: properly disble -Werror
by Daniel P. Berrangé
Since we use git to manage RPM applied patches, we need to disable both
meson's -Werror config knob and libvirt's equivalent.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
libvirt.spec.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libvirt.spec.in b/libvirt.spec.in
index cb48dd0be0..b09336b441 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -192,7 +192,7 @@
%if 0%{?rhel}
%define enable_werror -Dwerror=true
%else
- %define enable_werror -Dwerror=false
+ %define enable_werror -Dwerror=false -Wgit_werror=disabled
%endif
%define tls_priority "@LIBVIRT,SYSTEM"
--
2.31.1
2 years, 9 months
[PATCH] NEWS: Add new launch security type s390-pv
by Boris Fiuczynski
Signed-off-by: Boris Fiuczynski <fiuczy(a)linux.ibm.com>
Reviewed-by: Viktor Mihajlovski <mihajlov(a)linux.ibm.com>
---
NEWS.rst | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/NEWS.rst b/NEWS.rst
index 618f478b81..134444b287 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -28,6 +28,14 @@ v7.6.0 (unreleased)
block tracking features (block-dirty-bitmaps) to be able to do incremental
backups and management of the checkpoint states via the appropriate APIs.
+ * qemu: Add support for launch security type s390-pv
+
+ Specifying s390-pv as launch security type in an s390 domain prepares for
+ running the guest in protected virtualization secure mode, also known as
+ IBM Secure Execution. This simplifies the definition and reduces the risk
+ of an incorrect definition, e.g. by forgetting to specify iommu=on on all
+ virtio devices.
+
* **Improvements**
* **Bug fixes**
--
2.31.1
2 years, 9 months
[libvirt][PATCH v4 0/4] Support query and use SGX
by Haibin Huang
This patch series provides support for enabling Intel's Software Guard Extensions (SGX) feature in guest VM.
Giving the SGX support in QEMU is still pending for reviewing, this patch series is not submmited for code
review, but only describe the SGX enabling solution design that contains changes to virConnectGetDomainCapabilities
API response and domain definition. All comments/suggestions would be highly appreciated.
Intel Software Guard Extensions (Intel® SGX) is a set of instructions that increases the security of application
code and data, giving them more protection from disclosure or modification. Developers can partition sensitive
information into enclaves, which are areas of execution in memory with more security protection.
The typical flow looks below at very high level:
1. Calls virConnectGetDomainCapabilities API to domain capabilities that includes the following SGX information.
<feature>
...
<sgx supported='yes'>
<epc_size unit=’KiB’>N</epc_size>
</sgx>
</feature>
2. User requests to start a guest calling virCreateXML() with SGX requirement.
It should contain
<launchSecurity type='sgx'>
<epc_size unit='KiB'>N</epc_size>
</launchSecurity>
Haibin Huang (1):
Support to query SGX capability
Lin Yang (3):
conf: Introduce SGX related element into domain xml
qemu: Add command-line to generate SGX EPC memory backend
qemu: Add command-line to enable SGX
src/conf/domain_capabilities.c | 29 ++++
src/conf/domain_capabilities.h | 13 ++
src/conf/domain_conf.c | 106 +++++++++----
src/conf/domain_conf.h | 10 ++
src/conf/virconftypes.h | 3 +
src/libvirt_private.syms | 2 +-
src/qemu/qemu_capabilities.c | 146 ++++++++++++++++++
src/qemu/qemu_capabilities.h | 6 +
src/qemu/qemu_command.c | 30 ++++
src/qemu/qemu_monitor.c | 10 ++
src/qemu/qemu_monitor.h | 3 +
src/qemu/qemu_monitor_json.c | 91 +++++++++++
src/qemu/qemu_monitor_json.h | 3 +
tests/domaincapsdata/bhyve_basic.x86_64.xml | 1 +
tests/domaincapsdata/bhyve_fbuf.x86_64.xml | 1 +
tests/domaincapsdata/bhyve_uefi.x86_64.xml | 1 +
tests/domaincapsdata/empty.xml | 1 +
tests/domaincapsdata/libxl-xenfv.xml | 1 +
tests/domaincapsdata/libxl-xenpv.xml | 1 +
.../domaincapsdata/qemu_1.5.3-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_1.5.3-tcg.x86_64.xml | 1 +
tests/domaincapsdata/qemu_1.5.3.x86_64.xml | 1 +
.../domaincapsdata/qemu_1.6.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_1.6.0-tcg.x86_64.xml | 1 +
tests/domaincapsdata/qemu_1.6.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_1.7.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_1.7.0-tcg.x86_64.xml | 1 +
tests/domaincapsdata/qemu_1.7.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_2.1.1-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_2.1.1-tcg.x86_64.xml | 1 +
tests/domaincapsdata/qemu_2.1.1.x86_64.xml | 1 +
.../domaincapsdata/qemu_2.10.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_2.10.0-tcg.x86_64.xml | 1 +
.../qemu_2.10.0-virt.aarch64.xml | 1 +
tests/domaincapsdata/qemu_2.10.0.aarch64.xml | 1 +
tests/domaincapsdata/qemu_2.10.0.ppc64.xml | 1 +
tests/domaincapsdata/qemu_2.10.0.s390x.xml | 1 +
tests/domaincapsdata/qemu_2.10.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_2.11.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_2.11.0-tcg.x86_64.xml | 1 +
tests/domaincapsdata/qemu_2.11.0.s390x.xml | 1 +
tests/domaincapsdata/qemu_2.11.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_2.12.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_2.12.0-tcg.x86_64.xml | 1 +
.../qemu_2.12.0-virt.aarch64.xml | 1 +
tests/domaincapsdata/qemu_2.12.0.aarch64.xml | 1 +
tests/domaincapsdata/qemu_2.12.0.ppc64.xml | 1 +
tests/domaincapsdata/qemu_2.12.0.s390x.xml | 1 +
tests/domaincapsdata/qemu_2.12.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_2.4.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_2.4.0-tcg.x86_64.xml | 1 +
tests/domaincapsdata/qemu_2.4.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_2.5.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_2.5.0-tcg.x86_64.xml | 1 +
tests/domaincapsdata/qemu_2.5.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_2.6.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_2.6.0-tcg.x86_64.xml | 1 +
.../qemu_2.6.0-virt.aarch64.xml | 1 +
tests/domaincapsdata/qemu_2.6.0.aarch64.xml | 1 +
tests/domaincapsdata/qemu_2.6.0.ppc64.xml | 1 +
tests/domaincapsdata/qemu_2.6.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_2.7.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_2.7.0-tcg.x86_64.xml | 1 +
tests/domaincapsdata/qemu_2.7.0.s390x.xml | 1 +
tests/domaincapsdata/qemu_2.7.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_2.8.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_2.8.0-tcg.x86_64.xml | 1 +
tests/domaincapsdata/qemu_2.8.0.s390x.xml | 1 +
tests/domaincapsdata/qemu_2.8.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_2.9.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_2.9.0-tcg.x86_64.xml | 1 +
tests/domaincapsdata/qemu_2.9.0.ppc64.xml | 1 +
tests/domaincapsdata/qemu_2.9.0.s390x.xml | 1 +
tests/domaincapsdata/qemu_2.9.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_3.0.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_3.0.0-tcg.x86_64.xml | 1 +
tests/domaincapsdata/qemu_3.0.0.ppc64.xml | 1 +
tests/domaincapsdata/qemu_3.0.0.s390x.xml | 1 +
tests/domaincapsdata/qemu_3.0.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_3.1.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_3.1.0-tcg.x86_64.xml | 1 +
tests/domaincapsdata/qemu_3.1.0.ppc64.xml | 1 +
tests/domaincapsdata/qemu_3.1.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_4.0.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_4.0.0-tcg.x86_64.xml | 1 +
.../qemu_4.0.0-virt.aarch64.xml | 1 +
tests/domaincapsdata/qemu_4.0.0.aarch64.xml | 1 +
tests/domaincapsdata/qemu_4.0.0.ppc64.xml | 1 +
tests/domaincapsdata/qemu_4.0.0.s390x.xml | 1 +
tests/domaincapsdata/qemu_4.0.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_4.1.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_4.1.0-tcg.x86_64.xml | 1 +
tests/domaincapsdata/qemu_4.1.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_4.2.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml | 1 +
.../qemu_4.2.0-virt.aarch64.xml | 1 +
tests/domaincapsdata/qemu_4.2.0.aarch64.xml | 1 +
tests/domaincapsdata/qemu_4.2.0.ppc64.xml | 1 +
tests/domaincapsdata/qemu_4.2.0.s390x.xml | 1 +
tests/domaincapsdata/qemu_4.2.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_5.0.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml | 1 +
.../qemu_5.0.0-virt.aarch64.xml | 1 +
tests/domaincapsdata/qemu_5.0.0.aarch64.xml | 1 +
tests/domaincapsdata/qemu_5.0.0.ppc64.xml | 1 +
tests/domaincapsdata/qemu_5.0.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_5.1.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml | 1 +
tests/domaincapsdata/qemu_5.1.0.x86_64.xml | 1 +
109 files changed, 519 insertions(+), 29 deletions(-)
--
2.17.1
2 years, 9 months
Turning off -Werror
by Richard W.M. Jones
commit 3c3c55be66e230ef09ad927eda038dc32f01a166
Author: Daniel P. Berrangé <berrange(a)redhat.com>
Date: Thu Apr 8 11:50:30 2021 +0100
meson: don't probe for -Werror if --werror is enabled
Builds are failing in Fedora Rawhide at the moment because of a
warning being turned into an error. Fedora's spec file has this which
is supposed to turn off -Werror, but it no longer works after the
above commit was added.
https://src.fedoraproject.org/rpms/libvirt/blob/rawhide/f/libvirt.spec#_189
I'm trying to understand how you're supposed to turn off -Werror.
According to meson documentation omitting --werror should work.
According to some different docs, use --werror=false. Neither are
working for me.
I'm actually wondering if the commit above is wrong.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top
2 years, 9 months
