[PATCH v3 0/5] Introduce network backed NVRAM
by Rohit Kumar
Libvirt domain XML currently allows only local filepaths
that can be used to specify a NVRAM disk. It should be
possible to support NVRAM disks on network storage as
it would give flexibility to start the VM on any host
without having to worry about where to get the latest
nvram image.
This series extends the NVRAM element to support hosting over
network-backed disks.
It achieves this by embedding virStorageSource pointer for
nvram into _virDomainLoaderDef.
It introduces a 'type' attribute for NVRAM element to
specify 'file' vs 'network' backed NVRAM.
XML with new annotation:
<nvram type='network'>
<source protocol='iscsi' name='iqn.2013-07.com.example:iscsi-nopool/0'>
<host name='example.com' port='6000'/>
<auth username='myname'>
<secret type='iscsi' usage='mycluster_myname'/>
</auth>
</host>
</source>
</nvram>
or
<nvram type='network'>
<source protocol='nbd' name='bar'>
<host name='example.org' port='6000'/>
</source>
</nvram>
or
<nvram type='file'>
<source file='/var/lib/libvirt/nvram/guest_VARS.fd'/>
</nvram>
Changes v1->v2:
- Split the patch into smaller patches
- Added unit test
- Updated the doc
- Addressed Peter's comment on v1 (https://listman.redhat.com/archives/libvir-list/2022-March/229684.html)
Changes v2->v3:
- Added authentication with 'iscsi' protocol unit test
- Updated the validation logic
- Addressed Peter's other comments on v2 patch(https://listman.redhat.com/archives/libvir-list/2022-April/229971.h...
Rohit Kumar (5):
Make NVRAM a virStorageSource type.
Add support to parse/format/validate virStorageSource type NVRAM
Update schema, docs, and validation logic to support network backed
NVRAM
Add unit tests for network backed NVRAM
Add unit test to support new 'file' type NVRAM
NEWS.rst | 5 +
docs/formatdomain.rst | 34 +++++-
src/conf/domain_conf.c | 115 +++++++++++++++---
src/conf/domain_conf.h | 3 +-
src/conf/schemas/domaincommon.rng | 21 +++-
src/qemu/qemu_cgroup.c | 3 +-
src/qemu/qemu_command.c | 2 +-
src/qemu/qemu_domain.c | 23 +++-
src/qemu/qemu_driver.c | 5 +-
src/qemu/qemu_firmware.c | 23 +++-
src/qemu/qemu_namespace.c | 5 +-
src/qemu/qemu_process.c | 5 +-
src/qemu/qemu_validate.c | 71 +++++++++++
src/security/security_dac.c | 6 +-
src/security/security_selinux.c | 6 +-
src/security/virt-aa-helper.c | 5 +-
src/vbox/vbox_common.c | 3 +-
.../bios-nvram-file.x86_64-latest.args | 37 ++++++
tests/qemuxml2argvdata/bios-nvram-file.xml | 23 ++++
.../bios-nvram-network-iscsi.x86_64-4.1.0.err | 1 +
...ios-nvram-network-iscsi.x86_64-latest.args | 38 ++++++
.../bios-nvram-network-iscsi.xml | 31 +++++
.../bios-nvram-network-nbd.x86_64-latest.args | 37 ++++++
.../bios-nvram-network-nbd.xml | 28 +++++
tests/qemuxml2argvtest.c | 4 +
.../bios-nvram-file.x86_64-latest.xml | 39 ++++++
...bios-nvram-network-iscsi.x86_64-latest.xml | 44 +++++++
.../bios-nvram-network-nbd.x86_64-latest.xml | 41 +++++++
tests/qemuxml2xmltest.c | 3 +
29 files changed, 618 insertions(+), 43 deletions(-)
create mode 100644 tests/qemuxml2argvdata/bios-nvram-file.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/bios-nvram-file.xml
create mode 100644 tests/qemuxml2argvdata/bios-nvram-network-iscsi.x86_64-4.1.0.err
create mode 100644 tests/qemuxml2argvdata/bios-nvram-network-iscsi.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/bios-nvram-network-iscsi.xml
create mode 100644 tests/qemuxml2argvdata/bios-nvram-network-nbd.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/bios-nvram-network-nbd.xml
create mode 100644 tests/qemuxml2xmloutdata/bios-nvram-file.x86_64-latest.xml
create mode 100644 tests/qemuxml2xmloutdata/bios-nvram-network-iscsi.x86_64-latest.xml
create mode 100644 tests/qemuxml2xmloutdata/bios-nvram-network-nbd.x86_64-latest.xml
--
2.25.1
2 years, 6 months
[libvirt PATCH] Fix incorrect uses of g_clear_pointer() introduced in 8.1.0
by Mark Mielke
This is a partial revert of 87a43a907f0ad4897a28ad7c216bc70f37270b93.
The change to use g_clear_pointer() in more places was accidentally
applied to cases involving vir_g_source_unref().
In some cases, the ordering of g_source_destroy() and
vir_g_source_unref() was reversed, which resulted in the source being
marked as destroyed, after it is already unreferenced. This
use-after-free case might work in many cases, but with versions of
glibc older than 2.64.0 it may defer unref to run within the main
thread to avoid a race condition, which creates a large distance
between the g_source_unref() and g_source_destroy().
In some cases, the call to vir_g_source_unref() was replaced with a
second call to g_source_destroy(), leading to a memory leak or worse.
In our experience, the symptoms were that use of libvirt-python became
slower over time, with OpenStack nova-compute initially taking around
one second to periodically query the host PCI devices, and within an
hour it was taking over a minute to complete the same operation, until
it is was eventually running this query back-to-back, resulting in the
nova-compute process consuming 100% of one CPU thread, losing its
RabbitMQ connection frequently, and showing up as down to the control
plane.
---
src/qemu/qemu_agent.c | 3 ++-
src/qemu/qemu_monitor.c | 3 ++-
src/util/vireventglib.c | 12 ++++++++----
3 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c
index f57a8d5f25..e6e92c7dc4 100644
--- a/src/qemu/qemu_agent.c
+++ b/src/qemu/qemu_agent.c
@@ -452,8 +452,9 @@ static void
qemuAgentUnregister(qemuAgent *agent)
{
if (agent->watch) {
+ g_source_destroy(agent->watch);
vir_g_source_unref(agent->watch, agent->context);
- g_clear_pointer(&agent->watch, g_source_destroy);
+ agent->watch = NULL;
}
}
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index 37bcbde31e..32c993a941 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -794,8 +794,9 @@ void
qemuMonitorUnregister(qemuMonitor *mon)
{
if (mon->watch) {
+ g_source_destroy(mon->watch);
vir_g_source_unref(mon->watch, mon->context);
- g_clear_pointer(&mon->watch, g_source_destroy);
+ mon->watch = NULL;
}
}
diff --git a/src/util/vireventglib.c b/src/util/vireventglib.c
index fc04d8f712..983787932f 100644
--- a/src/util/vireventglib.c
+++ b/src/util/vireventglib.c
@@ -228,7 +228,8 @@ virEventGLibHandleUpdate(int watch,
VIR_DEBUG("Removed old handle source=%p", data->source);
g_source_destroy(data->source);
- g_clear_pointer(&data->source, g_source_destroy);
+ vir_g_source_unref(data->source, NULL);
+ data->source = NULL;
data->events = 0;
}
@@ -275,8 +276,9 @@ virEventGLibHandleRemove(int watch)
data, watch, data->fd);
if (data->source != NULL) {
+ g_source_destroy(data->source);
vir_g_source_unref(data->source, NULL);
- g_clear_pointer(&data->source, g_source_destroy);
+ data->source = NULL;
data->events = 0;
}
@@ -417,8 +419,9 @@ virEventGLibTimeoutUpdate(int timer,
if (data->source == NULL)
goto cleanup;
+ g_source_destroy(data->source);
vir_g_source_unref(data->source, NULL);
- g_clear_pointer(&data->source, g_source_destroy);
+ data->source = NULL;
}
cleanup:
@@ -465,8 +468,9 @@ virEventGLibTimeoutRemove(int timer)
data, timer);
if (data->source != NULL) {
+ g_source_destroy(data->source);
vir_g_source_unref(data->source, NULL);
- g_clear_pointer(&data->source, g_source_destroy);
+ data->source = NULL;
}
/* since the actual timeout deletion is done asynchronously, a timeoutUpdate call may
--
2.36.1
2 years, 6 months
[PATCH 0/2] Two <interface type='direct'/> related fixes
by Michal Privoznik
Except not really. Only the first one is strictly related to that type
of <interface/>. The other one fixes a regression introduced in 8.4.0
and it just so happens that I'm able to reproduce it 100% on my
(SRIOV-less) machine.
Michal Prívozník (2):
virNetDevSaveNetConfig: Pass mode to virFileWriteStr()
qemuBuildInterfaceConnect: Initialize @tapfd array
src/qemu/qemu_command.c | 2 ++
src/util/virnetdev.c | 2 +-
2 files changed, 3 insertions(+), 1 deletion(-)
--
2.35.1
2 years, 6 months
[PATCH] spec: Xen arches have changed on Fedora 36+
by Cole Robinson
Latest fedora 36+ xen builds have dropped i686 and armv7hl builds.
Signed-off-by: Cole Robinson <crobinso(a)redhat.com>
---
libvirt.spec.in | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 59d2f96709..c4ea02fc8e 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -21,6 +21,9 @@
%define arches_systemtap_64bit %{arches_64bit}
%define arches_dmidecode %{arches_x86}
%define arches_xen %{arches_x86} aarch64
+%if 0%{?fedora} >= 36
+%define arches_xen x86_64 aarch64
+%endif
%define arches_vbox %{arches_x86}
%define arches_ceph %{arches_64bit}
%define arches_zfs %{arches_x86} %{power64} %{arm}
--
2.36.1
2 years, 6 months
[PATCH] kbase: launch_security_sev: Break up overly long line
by Peter Krempa
Standard text is aligned to 80 colums in all .rst files.
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
Pushed as trivial.
docs/kbase/launch_security_sev.rst | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/docs/kbase/launch_security_sev.rst b/docs/kbase/launch_security_sev.rst
index 51b3e14dbf..2734832487 100644
--- a/docs/kbase/launch_security_sev.rst
+++ b/docs/kbase/launch_security_sev.rst
@@ -295,9 +295,9 @@ In order to make virtio devices work, we need to use
``<driver iommu='on'/>`` inside the given device XML element in order
to enable DMA API in the virtio driver.
-Starting with QEMU 6.0.0 QEMU will set this for us by default. For earlier versions though, you will need to explicitly enable this in the device XML as follows:
-
-::
+Starting with QEMU 6.0.0 QEMU will set this for us by default. For earlier
+versions though, you will need to explicitly enable this in the device XML as
+follows::
# virsh edit <domain>
<domain>
--
2.36.1
2 years, 6 months
[libvirt PATCH 0/2] qemu: virtiofs: add --thread-pool-size option
by Ján Tomko
Ján Tomko (2):
conf: virtiofs: add thread_pool element
qemu: virtiofs: format --thread-pool-size
docs/formatdomain.rst | 6 ++++++
src/conf/domain_conf.c | 14 ++++++++++++++
src/conf/domain_conf.h | 1 +
src/conf/schemas/domaincommon.rng | 9 +++++++++
src/qemu/qemu_virtiofs.c | 4 ++++
tests/qemuxml2argvdata/vhost-user-fs-fd-memory.xml | 1 +
6 files changed, 35 insertions(+)
--
2.35.1
2 years, 6 months
[PATCH] docs: kbase/launch_security_sev: QEMU 6.0+ sets iommu=on for us
by Cole Robinson
Signed-off-by: Cole Robinson <crobinso(a)redhat.com>
---
docs/kbase/launch_security_sev.rst | 2 ++
1 file changed, 2 insertions(+)
diff --git a/docs/kbase/launch_security_sev.rst b/docs/kbase/launch_security_sev.rst
index 3ebb01ad80..9f6330a1ca 100644
--- a/docs/kbase/launch_security_sev.rst
+++ b/docs/kbase/launch_security_sev.rst
@@ -295,6 +295,8 @@ In order to make virtio devices work, we need to use
``<driver iommu='on'/>`` inside the given device XML element in order
to enable DMA API in the virtio driver.
+QEMU 6.0 and later will `set this by default <https://gitlab.com/qemu-project/qemu/-/commit/9f88a7a3df>`__. For earlier QEMU versions, you will need to explicitly enable this in the device XML:
+
::
# virsh edit <domain>
--
2.36.1
2 years, 6 months
[libvirt PATCH] util: Fix error reporting in virProcessSetMaxMemLock
by Jiri Denemark
Commit v7.1.0-136-g6a6d6bb520 refactored virProcessSetMaxMemLock by
moving its part into a new virProcessSetLimit, but lost "return -1" on
error;
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
src/util/virprocess.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/util/virprocess.c b/src/util/virprocess.c
index 5ed0b5d0db..013afd91b4 100644
--- a/src/util/virprocess.c
+++ b/src/util/virprocess.c
@@ -926,6 +926,7 @@ virProcessSetMaxMemLock(pid_t pid, unsigned long long bytes)
_("cannot limit locked memory "
"of process %lld to %llu"),
(long long int)pid, bytes);
+ return -1;
}
VIR_DEBUG("Locked memory for process %lld limited to %llu bytes",
--
2.35.1
2 years, 6 months
[libvirt PATCH 0/3] firmware: Small fixes and cleanups
by Andrea Bolognani
Andrea Bolognani (3):
vmx: Declare support for firmware autoselection
conf: Fix virDomainDefOSValidate()
qemu: Simplify handling of virTristateBool values
src/conf/domain_validate.c | 6 +++---
src/qemu/qemu_firmware.c | 38 ++++++++++++++++----------------------
src/vmx/vmx.c | 1 +
3 files changed, 20 insertions(+), 25 deletions(-)
--
2.35.3
2 years, 6 months
[libvirt PATCH v2 0/7] ci: Drop Fedora 34, add Fedora 36
by Andrea Bolognani
Test pipeline:
https://gitlab.com/abologna/libvirt/-/pipelines/548848259
Only patches 1-5 should be pushed until the issues outlined in
https://listman.redhat.com/archives/libvir-list/2022-May/231851.html
have been addressed.
Changes from [v1]
* handle integration tests separately;
* don't stop publishing RPMs from the Fedora 35 job
[v1] https://listman.redhat.com/archives/libvir-list/2022-May/231838.html
Andrea Bolognani (7):
ci: Drop Fedora 34
ci: Refresh generated files
ci: Add Fedora 36
ci: Move MinGW jobs to Fedora 36
ci: Don't mark any Fedora 36 job as optional
ci: Add Fedora 36 to integration tests
ci: Move upstream QEMU integration test to Fedora 36
...ile => fedora-36-cross-mingw32.Dockerfile} | 2 +-
...ile => fedora-36-cross-mingw64.Dockerfile} | 2 +-
...ora-34.Dockerfile => fedora-36.Dockerfile} | 3 +-
ci/gitlab.yml | 767 +-----------------
ci/gitlab/build-templates.yml | 45 +
ci/gitlab/builds.yml | 406 +++++++++
ci/gitlab/container-templates.yml | 52 ++
ci/gitlab/containers.yml | 325 ++++++++
ci/gitlab/sanity-checks.yml | 18 +
ci/integration.yml | 24 +-
ci/manifest.yml | 5 +-
11 files changed, 869 insertions(+), 780 deletions(-)
rename ci/containers/{fedora-35-cross-mingw32.Dockerfile => fedora-36-cross-mingw32.Dockerfile} (98%)
rename ci/containers/{fedora-35-cross-mingw64.Dockerfile => fedora-36-cross-mingw64.Dockerfile} (98%)
rename ci/containers/{fedora-34.Dockerfile => fedora-36.Dockerfile} (97%)
create mode 100644 ci/gitlab/build-templates.yml
create mode 100644 ci/gitlab/builds.yml
create mode 100644 ci/gitlab/container-templates.yml
create mode 100644 ci/gitlab/containers.yml
create mode 100644 ci/gitlab/sanity-checks.yml
--
2.35.3
2 years, 6 months