May 2022 - Devel - libvirt List Archives

[libvirt][PATCH v11 0/4] Support query and use SGX
by Lin Yang 25 Jul '22

25 Jul '22

This patch series provides support for enabling Intel's Software Guard Extensions (SGX) feature in guest VM. Giving the SGX support in QEMU had been merged. Intel SGX is a set of instructions that increases the security of application code and data, giving them more protection from disclosure or modification. Developers can partition sensitive information into enclaves, which are areas of execution in memory with more security protection. It depends on QEMU fixing[1], which will move cpu QOM object from /machine/unattached/device[nn] to /machine/cpu[nn]. It requires libvirt to change the default cpu QOM object location once QEMU patch gets accepted, but it is out of this SGX patch scope. The typical flow looks below at very high level: 1. Calls virConnectGetDomainCapabilities API to domain capabilities that includes the following SGX information. <feature> ... <sgx supported='yes'> <epc_size unit='KiB'>N</epc_size> </sgx> ... </feature> 2. User requests to start a guest calling virCreateXML() with SGX requirement. It does not support NUMA yet, since latest QEMU 6.2 release does not support NUMA. It should contain <devices> ... <memory model='sgx-epc'> <target> <size unit='KiB'>N</size> </target> </memory> ... </devices> Please note that SGX NUMA support will be implemented in future patches. [1] https://lists.nongnu.org/archive/html/qemu-devel/2022-01/msg03534.html Haibin Huang (2): qemu: provide support to query the SGX capability conf: expose SGX feature in domain capabilities Lin Yang (2): conf: Introduce SGX EPC element into device memory xml qemu: Add command-line to generate SGX EPC memory backend docs/formatdomain.rst | 9 +- docs/formatdomaincaps.rst | 26 ++++ src/conf/domain_capabilities.c | 29 ++++ src/conf/domain_capabilities.h | 13 ++ src/conf/domain_conf.c | 6 + src/conf/domain_conf.h | 1 + src/conf/domain_validate.c | 16 ++ src/conf/schemas/domaincaps.rng | 22 ++- src/conf/schemas/domaincommon.rng | 1 + src/libvirt_private.syms | 1 + src/qemu/qemu_alias.c | 6 +- src/qemu/qemu_capabilities.c | 143 ++++++++++++++++++ src/qemu/qemu_capabilities.h | 6 + src/qemu/qemu_capspriv.h | 4 + src/qemu/qemu_command.c | 54 ++++++- src/qemu/qemu_domain.c | 38 +++-- src/qemu/qemu_domain_address.c | 6 + src/qemu/qemu_driver.c | 1 + src/qemu/qemu_monitor.c | 10 ++ src/qemu/qemu_monitor.h | 3 + src/qemu/qemu_monitor_json.c | 104 ++++++++++++- src/qemu/qemu_monitor_json.h | 9 ++ src/qemu/qemu_process.c | 2 + src/qemu/qemu_validate.c | 8 + src/security/security_apparmor.c | 1 + src/security/security_dac.c | 2 + src/security/security_selinux.c | 2 + tests/domaincapsdata/bhyve_basic.x86_64.xml | 1 + tests/domaincapsdata/bhyve_fbuf.x86_64.xml | 1 + tests/domaincapsdata/bhyve_uefi.x86_64.xml | 1 + tests/domaincapsdata/empty.xml | 1 + tests/domaincapsdata/libxl-xenfv.xml | 1 + tests/domaincapsdata/libxl-xenpv.xml | 1 + .../domaincapsdata/qemu_2.11.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.11.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.11.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.11.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.12.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.12.0-tcg.x86_64.xml | 1 + .../qemu_2.12.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.12.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.12.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_2.12.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.12.0.x86_64.xml | 1 + .../domaincapsdata/qemu_3.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_3.0.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_3.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_3.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_3.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_3.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_3.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_3.1.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_3.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.0.0-tcg.x86_64.xml | 1 + .../qemu_4.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_4.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_4.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml | 1 + .../qemu_4.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.s390x.xml | 1 + tests/domaincapsdata/qemu_4.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml | 1 + .../qemu_5.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_5.1.0.sparc.xml | 1 + tests/domaincapsdata/qemu_5.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.2.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.2.0-tcg.x86_64.xml | 1 + .../qemu_5.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_5.2.0.s390x.xml | 1 + tests/domaincapsdata/qemu_5.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_6.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml | 1 + .../qemu_6.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_6.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_6.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_6.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_6.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_6.2.0-q35.x86_64.xml | 4 + .../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml | 4 + .../qemu_6.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_6.2.0.x86_64.xml | 4 + .../domaincapsdata/qemu_7.0.0-q35.x86_64.xml | 4 + .../domaincapsdata/qemu_7.0.0-tcg.x86_64.xml | 4 + .../qemu_7.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_7.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_7.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_7.0.0.x86_64.xml | 4 + .../caps_6.2.0.x86_64.replies | 22 ++- .../caps_6.2.0.x86_64.xml | 5 + .../caps_7.0.0.x86_64.replies | 22 ++- .../caps_7.0.0.x86_64.xml | 5 + .../sgx-epc.x86_64-6.2.0.args | 37 +++++ tests/qemuxml2argvdata/sgx-epc.xml | 36 +++++ tests/qemuxml2argvtest.c | 2 + .../sgx-epc.x86_64-latest.xml | 52 +++++++ tests/qemuxml2xmltest.c | 2 + 117 files changed, 769 insertions(+), 36 deletions(-) create mode 100644 tests/qemuxml2argvdata/sgx-epc.x86_64-6.2.0.args create mode 100644 tests/qemuxml2argvdata/sgx-epc.xml create mode 100644 tests/qemuxml2xmloutdata/sgx-epc.x86_64-latest.xml -- 2.25.1

7 17

[PATCH] cmdQemuMonitorCommandQMPWrap: Reset ignored errors from JSON parsing
by Peter Krempa 25 Jul '22

25 Jul '22

'cmdQemuMonitorCommandQMPWrap' is checking whether the user provided string is not valid JSON to avoid wrapping it. In cases where it's not JSON we ignore the error and add the wrapper. If the caller then reports a different non-libvirt error the error from the JSON parsing would be printed as well. Reset errors we ignore: # virsh qemu-monitor-command cd --pass-fds a asdf error: Unable to parse FD number 'a' error: internal error: cannot parse json asdf: lexical error: invalid char in json text. asdf (right here) ------^ In the above case 'asdf' is not valid JSON, but the code did wrap it into '{"execute":"asdf"}', the only problem is the argument for --pass-fds. Signed-off-by: Peter Krempa <pkrempa(a)redhat.com> --- tools/virsh-domain.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c index 9b1b14cdc2..743660e794 100644 --- a/tools/virsh-domain.c +++ b/tools/virsh-domain.c @@ -9769,6 +9769,8 @@ cmdQemuMonitorCommandQMPWrap(vshControl *ctl, if (virJSONValueIsObject(fullcmdjson)) return g_steal_pointer(&fullcmd); + vshResetLibvirtError(); + /* we try to wrap the command and possible arguments into a JSON object, if * we as fall back we pass through what we've got from the user */ @@ -9787,6 +9789,8 @@ cmdQemuMonitorCommandQMPWrap(vshControl *ctl, * JSON object wrapper and try using that */ g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER; + vshResetLibvirtError(); + virBufferAddLit(&buf, "{"); /* opt points to the _ARGV option bit containing the command so we'll * iterate through the arguments now */ -- 2.35.1

2 2

[PATCH v3 0/5] Introduce network backed NVRAM
by Rohit Kumar 14 Jun '22

14 Jun '22

Libvirt domain XML currently allows only local filepaths that can be used to specify a NVRAM disk. It should be possible to support NVRAM disks on network storage as it would give flexibility to start the VM on any host without having to worry about where to get the latest nvram image. This series extends the NVRAM element to support hosting over network-backed disks. It achieves this by embedding virStorageSource pointer for nvram into _virDomainLoaderDef. It introduces a 'type' attribute for NVRAM element to specify 'file' vs 'network' backed NVRAM. XML with new annotation: <nvram type='network'> <source protocol='iscsi' name='iqn.2013-07.com.example:iscsi-nopool/0'> <host name='example.com' port='6000'/> <auth username='myname'> <secret type='iscsi' usage='mycluster_myname'/> </auth> </host> </source> </nvram> or <nvram type='network'> <source protocol='nbd' name='bar'> <host name='example.org' port='6000'/> </source> </nvram> or <nvram type='file'> <source file='/var/lib/libvirt/nvram/guest_VARS.fd'/> </nvram> Changes v1->v2: - Split the patch into smaller patches - Added unit test - Updated the doc - Addressed Peter's comment on v1 (https://listman.redhat.com/archives/libvir-list/2022-March/229684.html) Changes v2->v3: - Added authentication with 'iscsi' protocol unit test - Updated the validation logic - Addressed Peter's other comments on v2 patch(https://listman.redhat.com/archives/libvir-list/2022-April/229971.htm… Rohit Kumar (5): Make NVRAM a virStorageSource type. Add support to parse/format/validate virStorageSource type NVRAM Update schema, docs, and validation logic to support network backed NVRAM Add unit tests for network backed NVRAM Add unit test to support new 'file' type NVRAM NEWS.rst | 5 + docs/formatdomain.rst | 34 +++++- src/conf/domain_conf.c | 115 +++++++++++++++--- src/conf/domain_conf.h | 3 +- src/conf/schemas/domaincommon.rng | 21 +++- src/qemu/qemu_cgroup.c | 3 +- src/qemu/qemu_command.c | 2 +- src/qemu/qemu_domain.c | 23 +++- src/qemu/qemu_driver.c | 5 +- src/qemu/qemu_firmware.c | 23 +++- src/qemu/qemu_namespace.c | 5 +- src/qemu/qemu_process.c | 5 +- src/qemu/qemu_validate.c | 71 +++++++++++ src/security/security_dac.c | 6 +- src/security/security_selinux.c | 6 +- src/security/virt-aa-helper.c | 5 +- src/vbox/vbox_common.c | 3 +- .../bios-nvram-file.x86_64-latest.args | 37 ++++++ tests/qemuxml2argvdata/bios-nvram-file.xml | 23 ++++ .../bios-nvram-network-iscsi.x86_64-4.1.0.err | 1 + ...ios-nvram-network-iscsi.x86_64-latest.args | 38 ++++++ .../bios-nvram-network-iscsi.xml | 31 +++++ .../bios-nvram-network-nbd.x86_64-latest.args | 37 ++++++ .../bios-nvram-network-nbd.xml | 28 +++++ tests/qemuxml2argvtest.c | 4 + .../bios-nvram-file.x86_64-latest.xml | 39 ++++++ ...bios-nvram-network-iscsi.x86_64-latest.xml | 44 +++++++ .../bios-nvram-network-nbd.x86_64-latest.xml | 41 +++++++ tests/qemuxml2xmltest.c | 3 + 29 files changed, 618 insertions(+), 43 deletions(-) create mode 100644 tests/qemuxml2argvdata/bios-nvram-file.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/bios-nvram-file.xml create mode 100644 tests/qemuxml2argvdata/bios-nvram-network-iscsi.x86_64-4.1.0.err create mode 100644 tests/qemuxml2argvdata/bios-nvram-network-iscsi.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/bios-nvram-network-iscsi.xml create mode 100644 tests/qemuxml2argvdata/bios-nvram-network-nbd.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/bios-nvram-network-nbd.xml create mode 100644 tests/qemuxml2xmloutdata/bios-nvram-file.x86_64-latest.xml create mode 100644 tests/qemuxml2xmloutdata/bios-nvram-network-iscsi.x86_64-latest.xml create mode 100644 tests/qemuxml2xmloutdata/bios-nvram-network-nbd.x86_64-latest.xml -- 2.25.1

3 15

[libvirt PATCH v2 0/7] ci: Drop Fedora 34, add Fedora 36
by Andrea Bolognani 09 Jun '22

09 Jun '22

Test pipeline: https://gitlab.com/abologna/libvirt/-/pipelines/548848259 Only patches 1-5 should be pushed until the issues outlined in https://listman.redhat.com/archives/libvir-list/2022-May/231851.html have been addressed. Changes from [v1] * handle integration tests separately; * don't stop publishing RPMs from the Fedora 35 job [v1] https://listman.redhat.com/archives/libvir-list/2022-May/231838.html Andrea Bolognani (7): ci: Drop Fedora 34 ci: Refresh generated files ci: Add Fedora 36 ci: Move MinGW jobs to Fedora 36 ci: Don't mark any Fedora 36 job as optional ci: Add Fedora 36 to integration tests ci: Move upstream QEMU integration test to Fedora 36 ...ile => fedora-36-cross-mingw32.Dockerfile} | 2 +- ...ile => fedora-36-cross-mingw64.Dockerfile} | 2 +- ...ora-34.Dockerfile => fedora-36.Dockerfile} | 3 +- ci/gitlab.yml | 767 +----------------- ci/gitlab/build-templates.yml | 45 + ci/gitlab/builds.yml | 406 +++++++++ ci/gitlab/container-templates.yml | 52 ++ ci/gitlab/containers.yml | 325 ++++++++ ci/gitlab/sanity-checks.yml | 18 + ci/integration.yml | 24 +- ci/manifest.yml | 5 +- 11 files changed, 869 insertions(+), 780 deletions(-) rename ci/containers/{fedora-35-cross-mingw32.Dockerfile => fedora-36-cross-mingw32.Dockerfile} (98%) rename ci/containers/{fedora-35-cross-mingw64.Dockerfile => fedora-36-cross-mingw64.Dockerfile} (98%) rename ci/containers/{fedora-34.Dockerfile => fedora-36.Dockerfile} (97%) create mode 100644 ci/gitlab/build-templates.yml create mode 100644 ci/gitlab/builds.yml create mode 100644 ci/gitlab/container-templates.yml create mode 100644 ci/gitlab/containers.yml create mode 100644 ci/gitlab/sanity-checks.yml -- 2.35.3

2 17

[PATCH v2 00/30] Remove some unused includes
by Peng Liang 08 Jun '22

08 Jun '22

2 38

[libvirt][PATCH RESEND v12 0/6] Support query and use SGX
by Haibin Huang 06 Jun '22

06 Jun '22

This patch series provides support for enabling Intel's Software Guard Extensions (SGX) feature in guest VM. Giving the SGX support in QEMU had been merged. Intel SGX is a set of instructions that increases the security of application code and data, giving them more protection from disclosure or modification. Developers can partition sensitive information into enclaves, which are areas of execution in memory with more security protection. The typical flow looks below at very high level: 1. Calls virConnectGetDomainCapabilities API to domain capabilities that includes the following SGX information. <feature> ... <sgx supported='yes'> <epc_size unit='KiB'>N</epc_size> </sgx> ... </feature> 2. User requests to start a guest calling virCreateXML() with SGX requirement. It does not support NUMA yet, since latest QEMU 6.2 release does not support NUMA. It should contain <devices> ... <memory model='sgx-epc'> <target> <size unit='KiB'>N</size> </target> </memory> ... </devices> Please note that SGX NUMA support will be implemented in future patches. Haibin Huang (4): Define SGX capabilities structs Get SGX capabilities form QMP Convert QMP capabilities to domain capabilities conf: expose SGX feature in domain capabilities Lin Yang (2): conf: Introduce SGX EPC element into device memory xml qemu: Add command-line to generate SGX EPC memory backend docs/formatdomain.rst | 9 +- docs/formatdomaincaps.rst | 26 ++++ src/conf/domain_capabilities.c | 33 ++++ src/conf/domain_capabilities.h | 13 ++ src/conf/domain_conf.c | 6 + src/conf/domain_conf.h | 1 + src/conf/domain_validate.c | 16 ++ src/conf/schemas/domaincaps.rng | 22 ++- src/conf/schemas/domaincommon.rng | 1 + src/libvirt_private.syms | 1 + src/qemu/qemu_alias.c | 6 +- src/qemu/qemu_capabilities.c | 145 ++++++++++++++++++ src/qemu/qemu_capabilities.h | 4 + src/qemu/qemu_capspriv.h | 4 + src/qemu/qemu_command.c | 54 ++++++- src/qemu/qemu_domain.c | 38 +++-- src/qemu/qemu_domain_address.c | 6 + src/qemu/qemu_driver.c | 1 + src/qemu/qemu_monitor.c | 10 ++ src/qemu/qemu_monitor.h | 3 + src/qemu/qemu_monitor_json.c | 104 ++++++++++++- src/qemu/qemu_monitor_json.h | 9 ++ src/qemu/qemu_process.c | 2 + src/qemu/qemu_validate.c | 8 + src/security/security_apparmor.c | 1 + src/security/security_dac.c | 2 + src/security/security_selinux.c | 2 + tests/domaincapsdata/bhyve_basic.x86_64.xml | 1 + tests/domaincapsdata/bhyve_fbuf.x86_64.xml | 1 + tests/domaincapsdata/bhyve_uefi.x86_64.xml | 1 + tests/domaincapsdata/empty.xml | 1 + tests/domaincapsdata/libxl-xenfv.xml | 1 + tests/domaincapsdata/libxl-xenpv.xml | 1 + .../domaincapsdata/qemu_2.11.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.11.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_2.11.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.11.0.x86_64.xml | 1 + .../domaincapsdata/qemu_2.12.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_2.12.0-tcg.x86_64.xml | 1 + .../qemu_2.12.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.12.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_2.12.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_2.12.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.12.0.x86_64.xml | 1 + .../domaincapsdata/qemu_3.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_3.0.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_3.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_3.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_3.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_3.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_3.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_3.1.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_3.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.0.0-tcg.x86_64.xml | 1 + .../qemu_4.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_4.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_4.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml | 1 + .../qemu_4.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.s390x.xml | 1 + tests/domaincapsdata/qemu_4.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml | 1 + .../qemu_5.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_5.1.0.sparc.xml | 1 + tests/domaincapsdata/qemu_5.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.2.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.2.0-tcg.x86_64.xml | 1 + .../qemu_5.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_5.2.0.s390x.xml | 1 + tests/domaincapsdata/qemu_5.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_6.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml | 1 + .../qemu_6.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_6.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_6.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_6.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_6.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_6.2.0-q35.x86_64.xml | 4 + .../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml | 4 + .../qemu_6.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_6.2.0.x86_64.xml | 4 + .../domaincapsdata/qemu_7.0.0-q35.x86_64.xml | 4 + .../domaincapsdata/qemu_7.0.0-tcg.x86_64.xml | 4 + .../qemu_7.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_7.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_7.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_7.0.0.x86_64.xml | 4 + .../domaincapsdata/qemu_7.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_7.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_7.1.0.x86_64.xml | 1 + .../caps_6.2.0.x86_64.replies | 22 ++- .../caps_6.2.0.x86_64.xml | 5 + .../caps_7.0.0.x86_64.replies | 22 ++- .../caps_7.0.0.x86_64.xml | 5 + .../caps_7.1.0.x86_64.replies | 21 ++- .../sgx-epc.x86_64-6.2.0.args | 37 +++++ tests/qemuxml2argvdata/sgx-epc.xml | 36 +++++ tests/qemuxml2argvtest.c | 2 + .../sgx-epc.x86_64-6.2.0.xml | 52 +++++++ tests/qemuxml2xmltest.c | 2 + 121 files changed, 793 insertions(+), 40 deletions(-) create mode 100644 tests/qemuxml2argvdata/sgx-epc.x86_64-6.2.0.args create mode 100644 tests/qemuxml2argvdata/sgx-epc.xml create mode 100644 tests/qemuxml2xmloutdata/sgx-epc.x86_64-6.2.0.xml -- 2.17.1

4 23

[PATCH REBASE 00/17] Use virXMLPropEnum() more (part I)
by Michal Privoznik 01 Jun '22

01 Jun '22

This is rebased version of: https://listman.redhat.com/archives/libvir-list/2022-April/229941.html Michal Prívozník (17): Drop needless typecast to virStorageType enum virStorageSourceGetActualType: Change type of retval virDomainBackupDefParse: Switch to virXMLPropEnumDefault() virDomainDeviceAddressParseXML: Switch to virXMLPropEnumDefault() virDomainStorageNetworkParseHost: Switch to virXMLPropEnumDefault() virDomainHostdevSubsysSCSIDefParseXML: Switch to virXMLPropEnumDefault() virDomainHostdevSubsysSCSIVHostDefParseXML: Switch to virXMLPropEnumDefault() virDomainDiskSourceNVMeParse: Switch to virXMLPropEnumDefault() virDomainDiskDefMirrorParse: Switch to virXMLPropEnumDefault() virDomainDiskSourcePoolDefParse: Switch to virXMLPropEnumDefault() virDomainDiskDefParseSourceXML: Switch to virXMLPropEnumDefault() virDomainChrDefParseXML: Switch to virXMLPropEnumDefault() virDomainTPMDefParseXML: Switch to virXMLPropEnumDefault() virDomainPanicDefParseXML: Switch to virXMLPropEnumDefault() virDomainInputDefParseXML: Switch to virXMLPropEnumDefault() virDomainHubDefParseXML: Switch to virXMLPropEnumDefault() virDomainTimerDefParseXML: Switch to virXMLPropEnumDefault() src/ch/ch_monitor.c | 2 +- src/conf/backup_conf.c | 16 +- src/conf/backup_conf.h | 2 +- src/conf/device_conf.c | 12 +- src/conf/device_conf.h | 4 +- src/conf/domain_audit.c | 2 +- src/conf/domain_conf.c | 494 ++++++------------ src/conf/domain_conf.h | 54 +- src/conf/domain_validate.c | 6 +- src/conf/storage_source_conf.c | 2 +- src/conf/storage_source_conf.h | 8 +- src/conf/virchrdev.c | 29 + src/libxl/libxl_conf.c | 32 +- src/libxl/libxl_domain.c | 2 +- src/libxl/xen_common.c | 29 +- src/libxl/xen_xl.c | 7 +- src/libxl/xen_xm.c | 3 + src/locking/domain_lock.c | 2 +- src/lxc/lxc_cgroup.c | 2 +- src/lxc/lxc_controller.c | 2 +- src/qemu/qemu_backup.c | 2 +- src/qemu/qemu_block.c | 14 +- src/qemu/qemu_cgroup.c | 12 + src/qemu/qemu_command.c | 49 +- src/qemu/qemu_domain.c | 44 +- src/qemu/qemu_domain_address.c | 4 +- src/qemu/qemu_driver.c | 4 +- src/qemu/qemu_hotplug.c | 4 +- src/qemu/qemu_migration.c | 6 +- src/qemu/qemu_monitor.c | 54 +- src/qemu/qemu_monitor_json.c | 4 +- src/qemu/qemu_process.c | 10 +- src/qemu/qemu_snapshot.c | 16 +- src/qemu/qemu_validate.c | 19 +- src/security/security_apparmor.c | 6 +- src/security/security_dac.c | 8 +- src/security/security_selinux.c | 28 +- .../storage_file_backend_gluster.c | 2 +- src/storage_file/storage_source.c | 4 +- .../storage_source_backingstore.c | 16 +- src/vmx/vmx.c | 26 + tests/qemuxml2argvtest.c | 2 +- tests/testutilsqemu.c | 2 +- 43 files changed, 557 insertions(+), 489 deletions(-) -- 2.35.1

3 39

[PATCH 00/15] docs: Convert some pages to rST and clean up (part 6)
by Peter Krempa 01 Jun '22

01 Jun '22

After this series only 2 non-generated HTML files remain: - index.html.in - 404.html.in It is possible to convert these but the utility of doing so may not be great for now. Additionally this series cleans up some long-broken links and removes unneeded raw HTML passthrough to declare anchors. Pavel Hrdina (2): docs: storage: rename headers to remove duplicate names docs: Convert 'storage' page to rst Peter Krempa (13): docs: formatsecret: Correct link to storage volume XML definition Correct links to TLS certificate setup page docs: Convert 'remote' page to rst docs: remote: Remove 'Limitations' paragraph docs: Convert 'uri' page to rst docs: uri: Remove old 'NULL URI' section docs: uri: Consolidate paragraphs on Xen URIs docs: uri: Move the 'test' hypervisor under a 'local hypervisors heading docs: uri: Rewrite section about transport protocols and extra parameters docs: governance: Remove unused HTML anchors docs: contact: Remove HTML anchors and adjust documents using them docs: bugs: Remove raw HTML anchor 'quality' docs: formatdomain: Remove old unreferenced HTML anchors .gitlab/issue_templates/bug.md | 2 +- docs/bugs.rst | 5 - docs/contact.rst | 11 +- docs/contribute.rst | 10 +- docs/drvesx.rst | 5 +- docs/formatdomain.rst | 112 ----- docs/formatsecret.rst | 8 +- docs/governance.rst | 5 - docs/kbase/tlscerts.rst | 4 +- docs/meson.build | 6 +- docs/page.xsl | 2 +- docs/remote.html.in | 297 ------------ docs/remote.rst | 209 +++++++++ docs/securityprocess.rst | 4 +- docs/storage.html.in | 833 --------------------------------- docs/storage.rst | 790 +++++++++++++++++++++++++++++++ docs/uri.html.in | 507 -------------------- docs/uri.rst | 405 ++++++++++++++++ tools/virt-pki-validate.in | 10 +- 19 files changed, 1431 insertions(+), 1794 deletions(-) delete mode 100644 docs/remote.html.in create mode 100644 docs/remote.rst delete mode 100644 docs/storage.html.in create mode 100644 docs/storage.rst delete mode 100644 docs/uri.html.in create mode 100644 docs/uri.rst -- 2.35.1

3 20

[PATCH RESEND 0/3] network: Generate TFTP config regardless of DHCP
by Michal Privoznik 01 Jun '22

01 Jun '22

This is rebased version of: https://listman.redhat.com/archives/libvir-list/2021-December/226045.html Michal Prívozník (3): network: Initialize variables in networkDnsmasqConfContents() network: Separate DHCP config generator into a function network: Generate TFTP config regardless of DHCP src/network/bridge_driver.c | 259 ++++++++++-------- .../networkxml2confdata/netboot-network.conf | 4 +- tests/networkxml2confdata/netboot-tftp.conf | 13 + tests/networkxml2confdata/netboot-tftp.xml | 9 + tests/networkxml2conftest.c | 1 + tests/networkxml2xmlin/netboot-tftp.xml | 1 + tests/networkxml2xmlout/netboot-tftp.xml | 1 + tests/networkxml2xmltest.c | 1 + 8 files changed, 170 insertions(+), 119 deletions(-) create mode 100644 tests/networkxml2confdata/netboot-tftp.conf create mode 100644 tests/networkxml2confdata/netboot-tftp.xml create mode 120000 tests/networkxml2xmlin/netboot-tftp.xml create mode 120000 tests/networkxml2xmlout/netboot-tftp.xml -- 2.35.1

2 4

[PATCH 00/67] docs: Fix and clean up anchor links
by Peter Krempa 01 Jun '22

01 Jun '22

First 50 patches remove the use of raw HTML passthrough in formatdomain.rst, which is the only outstanding place which still does. Most of the work was done by a ad-hoc bash script, but manual tweaks were needed. Since this series also contains a test script which validates linking I'm not going to publish the conversion script. The rest of the series then cleans up pre-existing broken links and adds the aforementioned checker script. One more change is to prevent the use of external references in RST to refer to the same file. All usage was converted to local references and a syntax check was added. One slight drawback of the checker script is that it works on generated HTML files and thus the error message contains the output file name and not the source RST document. Output after the fixes can be browsed at: https://gitlab.com/pipo.sk/libvirt/-/jobs/2528184702/artifacts/browse/websi… Peter Krempa (67): docs: formatdomain: Remove 'elements' anchor docs: formatdomain: Remove 'elementsMetadata' anchor docs: formatdomain: Remove 'elementsOS' anchor docs: formatdomain: Remove 'elementsOSBIOS' anchor docs: formatdomain: Remove 'elementsOSContainer' anchor docs: formatdomain: Remove 'elementsSysinfo' anchor docs: formatdomain: Remove 'elementsCPUAllocation' anchor docs: formatdomain: Remove 'elementsIOThreadsAllocation' anchor docs: formatdomain: Remove 'elementsCPUTuning' anchor docs: formatdomain: Remove 'elementsMemoryAllocation' anchor docs: formatdomain: Remove 'elementsMemoryBacking' anchor docs: formatdomain: Remove 'elementsMemoryTuning' anchor docs: formatdomain: Remove 'elementsNUMATuning' anchor docs: formatdomain: Remove 'elementsBlockTuning' anchor docs: formatdomain: Remove 'elementsCPU' anchor docs: formatdomain: Remove 'hmat' anchor docs: formatdomain: Remove 'elementsEvents' anchor docs: formatdomain: Remove 'elementsFeatures' anchor docs: formatdomain: Remove 'elementsDevices' anchor docs: formatdomain: Remove 'elementsDisks' anchor docs: formatdomain: Remove 'elementsAddress' anchor docs: formatdomain: Remove 'elementsVirtio' anchor docs: formatdomain: Remove 'elementsVirtioTransitional' anchor docs: formatdomain: Remove 'elementsControllers' anchor docs: formatdomain: Remove 'elementsHostDev' anchor docs: formatdomain: Remove 'elementsNICS' anchor docs: formatdomain: Remove 'elementsNICSDirect' anchor docs: formatdomain: Remove 'elementsNICSTargetOverride' anchor docs: formatdomain: Remove 'elementQoS' anchor docs: formatdomain: Remove 'elementVlanTag' anchor docs: formatdomain: Remove 'elementPort' anchor docs: formatdomain: Remove 'mtu' anchor docs: formatdomain: Remove 'coalesce' anchor docs: formatdomain: Remove 'elementVhostuser' anchor docs: formatdomain: Remove 'elementsGraphics' anchor docs: formatdomain: Remove 'elementsVideo' anchor docs: formatdomain: Remove 'elementsConsole' anchor docs: formatdomain: Remove 'elementCharSerial' anchor docs: formatdomain: Remove 'elementCharSerialAndConsole' anchor docs: formatdomain: Remove 'elementsCharHostInterface' anchor docs: formatdomain: Remove 'elementsCharHost' anchor docs: formatdomain: Remove 'elementsAudio' anchor docs: formatdomain: Remove 'elementsTpm' anchor docs: formatdomain: Remove 'elementsMemory' anchor docs: formatdomain: Remove 'elementsIommu' anchor docs: formatdomain: Remove 'vsock' anchor docs: formatdomain: Remove 'seclabel' anchor docs: formatdomain: Remove 'keywrap' anchor docs: formatdomain: Remove 'launchSecurity' anchor docs: formatdomain: Remove the 'anchor' role docs: formatdomain: Use local reference directly docs: uri: Fix link to libvirtd configuration section syntax-check: Add check prohibiting remote reference to local file docs: page.xsl: Fix link to 'mailing-lists' section docs: domainstatecapture: Fix broken links docs: rpc: Fix broken headings docs: formatcaps: Fix anchors of links into formatdomain.rst scripts: hvsupport: Remove link into the 'html' directory docs: Fix link to 'tlscerts' article docs: Remove extra leading slash in 'api' and 'formatdomaincaps' pages docs: Fix links in kbase/internals docs: kbase/kvm-realtime: Fix few links docs: kbase/tlscerts: Fix links docs: remote: Fix anchor names in links to uri.html uri: Fix link to qemu KVM example config docs: formatstorageencryption: Use correct anchor into formatsecret page docs: Add HTML reference checker build-aux/syntax-check.mk | 7 + docs/api.rst | 2 +- docs/docs.rst | 2 +- docs/drvlxc.rst | 2 +- docs/formatbackup.rst | 6 +- docs/formatcaps.rst | 10 +- docs/formatcheckpoint.rst | 2 +- docs/formatdomain.rst | 360 ++++++++++++----------------- docs/formatdomaincaps.rst | 20 +- docs/formatnetwork.rst | 8 +- docs/formatnetworkport.rst | 4 +- docs/formatnode.rst | 2 +- docs/formatsecret.rst | 12 +- docs/formatsnapshot.rst | 8 +- docs/formatstorageencryption.rst | 2 +- docs/kbase/domainstatecapture.rst | 12 +- docs/kbase/internals/eventloop.rst | 2 +- docs/kbase/internals/migration.rst | 2 +- docs/kbase/internals/rpc.rst | 16 +- docs/kbase/kvm-realtime.rst | 10 +- docs/kbase/launch_security_sev.rst | 2 +- docs/kbase/locking-sanlock.rst | 2 +- docs/kbase/memorydevices.rst | 2 +- docs/kbase/s390_protected_virt.rst | 2 +- docs/kbase/tlscerts.rst | 8 +- docs/manpages/virsh.rst | 8 +- docs/meson.build | 11 + docs/page.xsl | 2 +- docs/remote.rst | 4 +- docs/storage.rst | 6 +- docs/uri.rst | 4 +- scripts/check-html-references.py | 153 ++++++++++++ scripts/hvsupport.py | 2 +- scripts/meson.build | 1 + 34 files changed, 402 insertions(+), 294 deletions(-) create mode 100755 scripts/check-html-references.py -- 2.35.3

2 81