[libvirt PATCH] docs: fix syntax errors in IPv6 NAT example XML
by Daniel P. Berrangé
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
docs/formatnetwork.rst | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/docs/formatnetwork.rst b/docs/formatnetwork.rst
index 044c239985..b5dc29db07 100644
--- a/docs/formatnetwork.rst
+++ b/docs/formatnetwork.rst
@@ -930,13 +930,13 @@ routing.
<nat ipv6='yes'>
<port start='1024' end='65535'/>
</nat>
-
+ </forward>
<ip address="192.168.122.1" netmask="255.255.255.0">
<dhcp>
<range start="192.168.122.2" end="192.168.122.254"/>
</dhcp>
</ip>
- <ip family="ipv6" address="fdXX:XXXX:XXXX:NNNN:: prefix="64"/>
+ <ip family="ipv6" address="fdXX:XXXX:XXXX:NNNN::" prefix="64"/>
</network>
IPv6 NAT addressing has some caveats over the more straight forward IPv4 case.
--
2.37.2
2 years, 4 months
[PATCH] virhostcpu: Fix build with clang and newest kernel headers
by Peter Krempa
The most recent environment e.g. present in our Fedora Rawhide builds
fail to build the tree with clang with the following error:
../src/util/virhostcpu.c:1291:25: error: field 'header' with variable sized type 'struct kvm_msrs' not at the end of a struct or class is a GNU extension [-Werror,-Wgnu-variable-sized-type-not-at-end]
struct kvm_msrs header;
^
The problem seems to be that clang doesn't like the new way the
'entries' field in struct kvm_msrs is declared.
To work around the issue we can simply allocate the variable dynamically
and use the 'entries' member as it was intended to to access the
members.
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
src/util/virhostcpu.c | 15 ++++++---------
1 file changed, 6 insertions(+), 9 deletions(-)
diff --git a/src/util/virhostcpu.c b/src/util/virhostcpu.c
index 54d0166b85..c1e8dc8078 100644
--- a/src/util/virhostcpu.c
+++ b/src/util/virhostcpu.c
@@ -1287,25 +1287,22 @@ virHostCPUGetMSRFromKVM(unsigned long index,
uint64_t *result)
{
VIR_AUTOCLOSE fd = -1;
- struct {
- struct kvm_msrs header;
- struct kvm_msr_entry entry;
- } msr = {
- .header = { .nmsrs = 1 },
- .entry = { .index = index },
- };
+ g_autofree struct kvm_msrs *msr = g_malloc0(sizeof(struct kvm_msrs) +
+ sizeof(struct kvm_msr_entry));
+ msr->nmsrs = 1;
+ msr->entries[0].index = index;
if ((fd = open(KVM_DEVICE, O_RDONLY)) < 0) {
virReportSystemError(errno, _("Unable to open %s"), KVM_DEVICE);
return -1;
}
- if (ioctl(fd, KVM_GET_MSRS, &msr) < 0) {
+ if (ioctl(fd, KVM_GET_MSRS, msr) < 0) {
VIR_DEBUG("Cannot get MSR 0x%lx from KVM", index);
return 1;
}
- *result = msr.entry.data;
+ *result = msr->entries[0].data;
return 0;
}
--
2.37.1
2 years, 4 months
[PATCH 0/7] qemu: tpm: Add support for migration across shared storage
by Stefan Berger
This series of patches adds support for migrating vTPMs across hosts whose
storage has been set up to share the directory structure holding the state
of the TPM (swtpm). The domain XML is extended with a shared_storage
attribute that must be set to 'yes' when shared storage is used. It
influences the management of the directory structure holding the TPM state,
which for example is only to be removed when a domain is undefined (virsh
undefine) and not when a VM is removed on the migration source host.
Further, when shared storage is used security labeling on the destination
side is skipped assuming that the labeling was already done on the source
side.
I have tested this with an NFS setup where I had to turn SELinux off on
the hosts since the SELinux MLS range labeling is not supported.
Share storage migration requires the upcoming swtpm v0.8 with the PR
for shared storage merged: https://github.com/stefanberger/swtpm/pull/732
Stefan
Stefan Berger (7):
qemu: tpm: Pass parameter indicating reason for domain removal
util: Add parsing support for swtpm's cmdarg-migration capability
qemu: tpm: Conditionally create storage on incoming migration
qemu: tpm: Pass --migration option to swtpm when using shared storage
qemu: tpm: Avoid security labels on incoming migration with shared
storage
qemu: tpm: Remove TPM state files and directory only when undefining a
VM
qemu: config: Extend TPM domain XML with shared storage support
docs/formatdomain.rst | 16 ++++++++
src/conf/domain_conf.c | 13 +++++++
src/conf/domain_conf.h | 1 +
src/conf/schemas/domaincommon.rng | 5 +++
src/qemu/qemu_domain.c | 12 +++---
src/qemu/qemu_domain.h | 8 +++-
src/qemu/qemu_driver.c | 20 +++++-----
src/qemu/qemu_extdevice.c | 5 ++-
src/qemu/qemu_extdevice.h | 3 +-
src/qemu/qemu_migration.c | 13 ++++---
src/qemu/qemu_process.c | 4 +-
src/qemu/qemu_snapshot.c | 4 +-
src/qemu/qemu_tpm.c | 61 ++++++++++++++++++++++++++-----
src/qemu/qemu_tpm.h | 3 +-
src/util/virtpm.c | 1 +
src/util/virtpm.h | 1 +
16 files changed, 131 insertions(+), 39 deletions(-)
--
2.37.1
2 years, 4 months
[PATCH 0/4] docs: Fix generation of hyperlinks and improve backup/checkpoint docs
by Peter Krempa
Peter Krempa (4):
docs: newapi: Consider also 'https://' links in the API generator XSL
virDomainCheckpointCreateXML: Don't use HTML in function docs and fix
link
virDomainCheckpointCreateXML: Add disclaimer about creating
checkpoints
virDomainBackupGetXMLDesc: Fix and use full link to XML documentation
docs/newapi.xsl | 5 +++++
src/libvirt-domain-checkpoint.c | 12 +++++++++++-
src/libvirt-domain.c | 2 +-
3 files changed, 17 insertions(+), 2 deletions(-)
--
2.37.1
2 years, 4 months
[PATCH] lib: Don't check for retval for virCommandNew*()
by Michal Privoznik
The virCommand module is specifically designed so that no caller
has to check for retval of individual virCommand*() APIs except
for virCommandRun() where the actual error is reported. Moreover,
virCommandNew*() use g_new0() to allocate memory and thus it's
not really possible for those APIs to return NULL. Which is why
they are even marked as ATTRIBUTE_NONNULL. But there are few
places where we do check the retval which is a dead code
effectively. Drop those checks.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/qemu_slirp.c | 3 +--
src/qemu/qemu_tpm.c | 10 ----------
src/qemu/qemu_vhost_user_gpu.c | 2 --
src/qemu/qemu_virtiofs.c | 3 +--
src/util/virtpm.c | 3 +--
tests/virshtest.c | 3 +--
6 files changed, 4 insertions(+), 20 deletions(-)
diff --git a/src/qemu/qemu_slirp.c b/src/qemu/qemu_slirp.c
index c802ef7fa8..3f83db03bf 100644
--- a/src/qemu/qemu_slirp.c
+++ b/src/qemu/qemu_slirp.c
@@ -268,8 +268,7 @@ qemuSlirpStart(virDomainObj *vm,
if (!(pidfile = qemuSlirpCreatePidFilename(cfg, vm->def, net->info.alias)))
return -1;
- if (!(cmd = virCommandNew(cfg->slirpHelperName)))
- return -1;
+ cmd = virCommandNew(cfg->slirpHelperName);
virCommandClearCaps(cmd);
virCommandSetPidFile(cmd, pidfile);
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index 584c787b70..d0aed7fa2e 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -279,8 +279,6 @@ qemuTPMCreateConfigFiles(const char *swtpm_setup)
return 0;
cmd = virCommandNew(swtpm_setup);
- if (!cmd)
- return -1;
virCommandAddArgList(cmd, "--create-config-files", "skip-if-exist", NULL);
virCommandClearCaps(cmd);
@@ -388,8 +386,6 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
return -1;
cmd = virCommandNew(swtpm_setup);
- if (!cmd)
- return -1;
virUUIDFormat(vmuuid, uuid);
vmid = g_strdup_printf("%s:%s", vmname, uuid);
@@ -500,8 +496,6 @@ qemuTPMEmulatorReconfigure(const char *storagepath,
return 0;
cmd = virCommandNew(swtpm_setup);
- if (!cmd)
- return -1;
virCommandSetUID(cmd, swtpm_user);
virCommandSetGID(cmd, swtpm_group);
@@ -592,8 +586,6 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
unlink(tpm->data.emulator.source->data.nix.path);
cmd = virCommandNew(swtpm);
- if (!cmd)
- goto error;
virCommandClearCaps(cmd);
@@ -806,8 +798,6 @@ qemuTPMEmulatorStop(const char *swtpmStateDir,
return;
cmd = virCommandNew(swtpm_ioctl);
- if (!cmd)
- return;
virCommandAddArgList(cmd, "--unix", pathname, "-s", NULL);
diff --git a/src/qemu/qemu_vhost_user_gpu.c b/src/qemu/qemu_vhost_user_gpu.c
index 7c5be4098e..bc5a1dc3ec 100644
--- a/src/qemu/qemu_vhost_user_gpu.c
+++ b/src/qemu/qemu_vhost_user_gpu.c
@@ -133,8 +133,6 @@ int qemuExtVhostUserGPUStart(virQEMUDriver *driver,
goto error;
cmd = virCommandNew(video->driver->vhost_user_binary);
- if (!cmd)
- goto error;
virCommandClearCaps(cmd);
virCommandSetPidFile(cmd, pidfile);
diff --git a/src/qemu/qemu_virtiofs.c b/src/qemu/qemu_virtiofs.c
index ce55286ab5..a04aa08e39 100644
--- a/src/qemu/qemu_virtiofs.c
+++ b/src/qemu/qemu_virtiofs.c
@@ -132,8 +132,7 @@ qemuVirtioFSBuildCommandLine(virQEMUDriverConfig *cfg,
g_autoptr(virCommand) cmd = NULL;
g_auto(virBuffer) opts = VIR_BUFFER_INITIALIZER;
- if (!(cmd = virCommandNew(fs->binary)))
- return NULL;
+ cmd = virCommandNew(fs->binary);
virCommandAddArgFormat(cmd, "--fd=%d", *fd);
virCommandPassFD(cmd, *fd, VIR_COMMAND_PASS_FD_CLOSE_PARENT);
diff --git a/src/util/virtpm.c b/src/util/virtpm.c
index 2f2b061fee..91db0f31eb 100644
--- a/src/util/virtpm.c
+++ b/src/util/virtpm.c
@@ -252,8 +252,7 @@ virTPMGetCaps(virTPMBinaryCapsParse capsParse,
{
g_autoptr(virCommand) cmd = NULL;
- if (!(cmd = virCommandNew(exec)))
- return NULL;
+ cmd = virCommandNew(exec);
if (param1)
virCommandAddArg(cmd, param1);
diff --git a/tests/virshtest.c b/tests/virshtest.c
index a53a6273b9..3d297a1db2 100644
--- a/tests/virshtest.c
+++ b/tests/virshtest.c
@@ -116,8 +116,7 @@ testCompareOutputLit(const char *expectData,
g_autoptr(virCommand) cmd = NULL;
g_autofree char *errbuf = NULL;
- if (!(cmd = virCommandNewArgs(argv)))
- return -1;
+ cmd = virCommandNewArgs(argv);
virCommandAddEnvString(cmd, "LANG=C");
virCommandSetInputBuffer(cmd, empty);
--
2.35.1
2 years, 4 months
[PATCH v14 00/15] Support query and use SGX
by Michal Privoznik
As agreed here, I've taken posted patches, did some changes and fixes
and posted them:
https://listman.redhat.com/archives/libvir-list/2022-July/233164.html
The v13 version can be found here:
https://listman.redhat.com/archives/libvir-list/2022-July/232679.html
diff to v13:
- I've worked my comments in (couple of memleaks, naming issues, ...)
- Fixed problem with CGroups and namespaces
- Fixed a problem with <memoryBacking> <source type='memfd'/>, which
prevented domain from starting. Simply because wrong memory-backend
was picked for SGX (-memfd was picked instead of -sgx).
- Some cleanups, formatted before original patches (more tests,
validation, code separation, ...)
You can find these patches on my gitlab (among with green pipeline):
https://gitlab.com/MichalPrivoznik/libvirt/-/commits/sgx_rework
Haibin Huang (4):
domain_capabilities: Define SGX capabilities structs
qemu: Get SGX capabilities form QMP
Convert QMP capabilities to domain capabilities
conf: expose SGX feature in domain capabilities
Lin Yang (2):
conf: Introduce SGX EPC element into device memory xml
qemu: Add command-line to generate SGX EPC memory backend
Michal Prívozník (9):
qemuxml2argvtest: Switch memory-hotplug-dimm-addr to latest caps
qemuxml2xmltest: Test memory-hotplug-dimm-addr
conf: Validate virDomainMemoryDef::targetNode
qemu_command: Separate domain features building into a helper
qemu_command: Separate domain memory building into a helper
qemu_cgroup: Don't ignore ENOENT in qemuCgroupAllowDevicesPaths()
qemu_cgroup: Allow SGX in devices controller
qemu_namespace: Create SGX related nodes in domain's namespace
security_dac: Set DAC label on SGX /dev nodes
docs/formatdomain.rst | 25 +-
docs/formatdomaincaps.rst | 40 +++
src/conf/domain_capabilities.c | 46 +++
src/conf/domain_capabilities.h | 22 ++
src/conf/domain_conf.c | 30 ++
src/conf/domain_conf.h | 1 +
src/conf/domain_postparse.c | 1 +
src/conf/domain_validate.c | 22 ++
src/conf/schemas/domaincaps.rng | 40 +++
src/conf/schemas/domaincommon.rng | 1 +
src/libvirt_private.syms | 1 +
src/qemu/qemu_alias.c | 6 +-
src/qemu/qemu_capabilities.c | 222 +++++++++++++
src/qemu/qemu_capabilities.h | 6 +
src/qemu/qemu_cgroup.c | 82 ++++-
src/qemu/qemu_command.c | 293 +++++++++++-------
src/qemu/qemu_domain.c | 48 ++-
src/qemu/qemu_domain.h | 2 +
src/qemu/qemu_domain_address.c | 6 +
src/qemu/qemu_driver.c | 1 +
src/qemu/qemu_monitor.c | 10 +
src/qemu/qemu_monitor.h | 3 +
src/qemu/qemu_monitor_json.c | 148 ++++++++-
src/qemu/qemu_monitor_json.h | 4 +
src/qemu/qemu_namespace.c | 20 +-
src/qemu/qemu_process.c | 2 +
src/qemu/qemu_validate.c | 8 +
src/security/security_apparmor.c | 1 +
src/security/security_dac.c | 44 ++-
src/security/security_selinux.c | 2 +
tests/domaincapsdata/bhyve_basic.x86_64.xml | 1 +
tests/domaincapsdata/bhyve_fbuf.x86_64.xml | 1 +
tests/domaincapsdata/bhyve_uefi.x86_64.xml | 1 +
tests/domaincapsdata/empty.xml | 1 +
tests/domaincapsdata/libxl-xenfv.xml | 1 +
tests/domaincapsdata/libxl-xenpv.xml | 1 +
.../domaincapsdata/qemu_3.1.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_3.1.0-tcg.x86_64.xml | 1 +
tests/domaincapsdata/qemu_3.1.0.ppc64.xml | 1 +
tests/domaincapsdata/qemu_3.1.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_4.0.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_4.0.0-tcg.x86_64.xml | 1 +
.../qemu_4.0.0-virt.aarch64.xml | 1 +
tests/domaincapsdata/qemu_4.0.0.aarch64.xml | 1 +
tests/domaincapsdata/qemu_4.0.0.ppc64.xml | 1 +
tests/domaincapsdata/qemu_4.0.0.s390x.xml | 1 +
tests/domaincapsdata/qemu_4.0.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_4.1.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_4.1.0-tcg.x86_64.xml | 1 +
tests/domaincapsdata/qemu_4.1.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_4.2.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml | 1 +
.../qemu_4.2.0-virt.aarch64.xml | 1 +
tests/domaincapsdata/qemu_4.2.0.aarch64.xml | 1 +
tests/domaincapsdata/qemu_4.2.0.ppc64.xml | 1 +
tests/domaincapsdata/qemu_4.2.0.s390x.xml | 1 +
tests/domaincapsdata/qemu_4.2.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_5.0.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml | 1 +
.../qemu_5.0.0-virt.aarch64.xml | 1 +
tests/domaincapsdata/qemu_5.0.0.aarch64.xml | 1 +
tests/domaincapsdata/qemu_5.0.0.ppc64.xml | 1 +
tests/domaincapsdata/qemu_5.0.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_5.1.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml | 1 +
tests/domaincapsdata/qemu_5.1.0.sparc.xml | 1 +
tests/domaincapsdata/qemu_5.1.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_5.2.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_5.2.0-tcg.x86_64.xml | 1 +
.../qemu_5.2.0-virt.aarch64.xml | 1 +
tests/domaincapsdata/qemu_5.2.0.aarch64.xml | 1 +
tests/domaincapsdata/qemu_5.2.0.ppc64.xml | 1 +
tests/domaincapsdata/qemu_5.2.0.s390x.xml | 1 +
tests/domaincapsdata/qemu_5.2.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_6.0.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml | 1 +
.../qemu_6.0.0-virt.aarch64.xml | 1 +
tests/domaincapsdata/qemu_6.0.0.aarch64.xml | 1 +
tests/domaincapsdata/qemu_6.0.0.s390x.xml | 1 +
tests/domaincapsdata/qemu_6.0.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_6.1.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_6.1.0-tcg.x86_64.xml | 1 +
tests/domaincapsdata/qemu_6.1.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_6.2.0-q35.x86_64.xml | 6 +
.../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml | 6 +
.../qemu_6.2.0-virt.aarch64.xml | 1 +
tests/domaincapsdata/qemu_6.2.0.aarch64.xml | 1 +
tests/domaincapsdata/qemu_6.2.0.ppc64.xml | 1 +
tests/domaincapsdata/qemu_6.2.0.x86_64.xml | 6 +
.../domaincapsdata/qemu_7.0.0-q35.x86_64.xml | 10 +
.../domaincapsdata/qemu_7.0.0-tcg.x86_64.xml | 10 +
.../qemu_7.0.0-virt.aarch64.xml | 1 +
tests/domaincapsdata/qemu_7.0.0.aarch64.xml | 1 +
tests/domaincapsdata/qemu_7.0.0.ppc64.xml | 1 +
tests/domaincapsdata/qemu_7.0.0.x86_64.xml | 10 +
.../domaincapsdata/qemu_7.1.0-q35.x86_64.xml | 10 +
.../domaincapsdata/qemu_7.1.0-tcg.x86_64.xml | 10 +
tests/domaincapsdata/qemu_7.1.0.x86_64.xml | 10 +
.../caps_6.2.0.x86_64.replies | 24 +-
.../caps_6.2.0.x86_64.xml | 7 +
.../caps_7.0.0.x86_64.replies | 34 +-
.../caps_7.0.0.x86_64.xml | 11 +
.../caps_7.1.0.x86_64.replies | 34 +-
.../caps_7.1.0.x86_64.xml | 11 +
.../aarch64-aavmf-virtio-mmio.args | 2 +-
.../aarch64-cpu-passthrough.args | 2 +-
...fault-cpu-kvm-virt-4.2.aarch64-latest.args | 2 +-
...fault-cpu-tcg-virt-4.2.aarch64-latest.args | 2 +-
.../aarch64-features-sve.aarch64-latest.args | 2 +-
tests/qemuxml2argvdata/aarch64-gic-host.args | 2 +-
.../aarch64-gic-none-tcg.args | 2 +-
tests/qemuxml2argvdata/aarch64-gic-v2.args | 2 +-
tests/qemuxml2argvdata/aarch64-gic-v3.args | 2 +-
.../qemuxml2argvdata/aarch64-pci-serial.args | 2 +-
.../aarch64-tpm.aarch64-latest.args | 2 +-
.../aarch64-traditional-pci.args | 2 +-
.../aarch64-usb-controller-nec-xhci.args | 2 +-
.../aarch64-usb-controller-qemu-xhci.args | 2 +-
.../aarch64-video-default.args | 2 +-
.../aarch64-video-virtio-gpu-pci.args | 2 +-
.../aarch64-virt-2.6-virtio-pci-default.args | 2 +-
.../aarch64-virt-default-nic.args | 2 +-
.../aarch64-virt-graphics.aarch64-latest.args | 2 +-
.../aarch64-virt-headless.aarch64-latest.args | 2 +-
.../qemuxml2argvdata/aarch64-virt-virtio.args | 2 +-
.../aarch64-virtio-pci-default.args | 2 +-
.../aarch64-virtio-pci-manual-addresses.args | 2 +-
.../balloon-mmio-deflate.args | 2 +-
.../clock-timer-armvtimer.aarch64-latest.args | 2 +-
...ult-video-type-aarch64.aarch64-latest.args | 2 +-
...mware-auto-efi-aarch64.aarch64-latest.args | 2 +-
...-auto-efi-enrolled-keys.x86_64-latest.args | 2 +-
...-auto-efi-loader-secure.x86_64-latest.args | 2 +-
...to-efi-no-enrolled-keys.x86_64-latest.args | 2 +-
...are-auto-efi-no-secboot.x86_64-latest.args | 2 +-
...firmware-auto-efi-nvram.x86_64-latest.args | 2 +-
...rmware-auto-efi-secboot.x86_64-latest.args | 2 +-
...ware-auto-efi-stateless.x86_64-latest.args | 2 +-
.../firmware-auto-efi.x86_64-latest.args | 2 +-
...manual-bios-rw-implicit.x86_64-latest.args | 2 +-
...firmware-manual-bios-rw.x86_64-latest.args | 2 +-
.../firmware-manual-efi-acpi-aarch64.args | 2 +-
.../firmware-manual-efi-noacpi-aarch64.args | 2 +-
...e-manual-efi-nvram-file.x86_64-latest.args | 2 +-
...efi-nvram-network-iscsi.x86_64-latest.args | 2 +-
...l-efi-nvram-network-nbd.x86_64-latest.args | 2 +-
...nual-efi-nvram-template.x86_64-latest.args | 2 +-
...re-manual-efi-stateless.x86_64-latest.args | 2 +-
.../firmware-manual-noefi-noacpi-aarch64.args | 2 +-
.../hvf-aarch64-virt-headless.args | 2 +-
.../intel-iommu-aw-bits.x86_64-latest.args | 2 +-
...ntel-iommu-caching-mode.x86_64-latest.args | 2 +-
...ntel-iommu-device-iotlb.x86_64-latest.args | 2 +-
.../intel-iommu-eim.x86_64-latest.args | 2 +-
.../iommu-smmuv3.aarch64-latest.args | 2 +-
.../launch-security-s390-pv.s390x-latest.args | 2 +-
...nch-security-sev-direct.x86_64-latest.args | 2 +-
...ev-missing-platform-info.x86_64-6.0.0.args | 2 +-
.../launch-security-sev.x86_64-6.0.0.args | 2 +-
.../mach-virt-console-virtio.args | 2 +-
.../mach-virt-serial-native.args | 2 +-
.../mach-virt-serial-pci.args | 2 +-
.../mach-virt-serial-usb.args | 2 +-
.../machine-aeskeywrap-off-cap.args | 2 +-
.../machine-aeskeywrap-off-caps.args | 2 +-
.../machine-aeskeywrap-on-cap.args | 2 +-
.../machine-aeskeywrap-on-caps.args | 2 +-
.../machine-deakeywrap-off-cap.args | 2 +-
.../machine-deakeywrap-off-caps.args | 2 +-
.../machine-deakeywrap-on-cap.args | 2 +-
.../machine-deakeywrap-on-caps.args | 2 +-
...emory-hotplug-dimm-addr.x86_64-latest.args | 42 +++
.../memory-hotplug-dimm-addr.xml | 2 +-
.../memory-hotplug-invalid-targetnode.err | 1 +
.../memory-hotplug-invalid-targetnode.xml | 42 +++
...e-expander-bus-aarch64.aarch64-latest.args | 2 +-
...eries-cpu-compat-power10.ppc64-latest.args | 2 +-
...series-cpu-compat-power9.ppc64-latest.args | 2 +-
tests/qemuxml2argvdata/pseries-features.args | 2 +-
.../sgx-epc-numa.x86_64-latest.args | 40 +++
tests/qemuxml2argvdata/sgx-epc-numa.xml | 64 ++++
...mm-addr.args => sgx-epc.x86_64-6.2.0.args} | 29 +-
tests/qemuxml2argvdata/sgx-epc.xml | 52 ++++
.../virtio-iommu-aarch64.aarch64-latest.args | 2 +-
tests/qemuxml2argvtest.c | 7 +-
...memory-hotplug-dimm-addr.x86_64-latest.xml | 63 ++++
.../sgx-epc-numa.x86_64-latest.xml | 1 +
.../sgx-epc.x86_64-6.2.0.xml | 1 +
tests/qemuxml2xmltest.c | 4 +
189 files changed, 1621 insertions(+), 266 deletions(-)
create mode 100644 tests/qemuxml2argvdata/memory-hotplug-dimm-addr.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/memory-hotplug-invalid-targetnode.err
create mode 100644 tests/qemuxml2argvdata/memory-hotplug-invalid-targetnode.xml
create mode 100644 tests/qemuxml2argvdata/sgx-epc-numa.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/sgx-epc-numa.xml
rename tests/qemuxml2argvdata/{memory-hotplug-dimm-addr.args => sgx-epc.x86_64-6.2.0.args} (39%)
create mode 100644 tests/qemuxml2argvdata/sgx-epc.xml
create mode 100644 tests/qemuxml2xmloutdata/memory-hotplug-dimm-addr.x86_64-latest.xml
create mode 120000 tests/qemuxml2xmloutdata/sgx-epc-numa.x86_64-latest.xml
create mode 120000 tests/qemuxml2xmloutdata/sgx-epc.x86_64-6.2.0.xml
--
2.35.1
2 years, 4 months
Plans for the next release
by Jiri Denemark
We are getting close to the next release of libvirt. To aim for the
release on Sep 01 I suggest entering the freeze on Friday Aug 26 and
tagging RC2 on Tuesday Aug 30.
I hope this works for everyone.
Jirka
2 years, 4 months
[libvirt PATCH] nwfilter: Fix timeout data type reported by coverity
by Erik Skultety
Coverity reports:
virNWFilterSnoopIPLeaseUpdate(virNWFilterSnoopIPLease *ipl,
time_t timeout)
{
if (timeout < ipl->timeout)
return; /* no take-backs */
virNWFilterSnoopIPLeaseTimerDel(ipl);
>>> CID 396747: High impact quality (Y2K38_SAFETY)
>>> A "time_t" value is stored in an integer with too few bits
to accommodate it. The expression "timeout" is cast to
"unsigned int".
ipl->timeout = timeout;
virNWFilterSnoopIPLeaseTimerAdd(ipl);
}
This is a safe fix, since time_t is just long int and scales
automatically with platform (more specifically it's 64bit on all
platforms we care about).
Signed-off-by: Erik Skultety <eskultet(a)redhat.com>
---
src/nwfilter/nwfilter_dhcpsnoop.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/nwfilter/nwfilter_dhcpsnoop.c b/src/nwfilter/nwfilter_dhcpsnoop.c
index a10a14cfc1..4133d4c672 100644
--- a/src/nwfilter/nwfilter_dhcpsnoop.c
+++ b/src/nwfilter/nwfilter_dhcpsnoop.c
@@ -146,7 +146,7 @@ struct _virNWFilterSnoopIPLease {
virSocketAddr ipAddress;
virSocketAddr ipServer;
virNWFilterSnoopReq * snoopReq;
- unsigned int timeout;
+ time_t timeout;
/* timer list */
virNWFilterSnoopIPLease *prev;
virNWFilterSnoopIPLease *next;
@@ -1580,7 +1580,7 @@ virNWFilterSnoopLeaseFileWrite(int lfd, const char *ifkey,
return -1;
/* time intf ip dhcpserver */
- lbuf = g_strdup_printf("%u %s %s %s\n", ipl->timeout, ifkey, ipstr, dhcpstr);
+ lbuf = g_strdup_printf("%lu %s %s %s\n", ipl->timeout, ifkey, ipstr, dhcpstr);
len = strlen(lbuf);
if (safewrite(lfd, lbuf, len) != len) {
@@ -1739,7 +1739,7 @@ virNWFilterSnoopLeaseFileLoad(void)
}
ln++;
/* key len 54 = "VMUUID"+'-'+"MAC" */
- if (sscanf(line, "%u %54s %15s %15s", &ipl.timeout,
+ if (sscanf(line, "%lu %54s %15s %15s", &ipl.timeout,
ifkey, ipstr, srvstr) < 4) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("virNWFilterSnoopLeaseFileLoad lease file "
--
2.37.2
2 years, 4 months
[libvirt PATCH] qemu: adjust memlock for multiple vfio/vdpa devices
by Jonathon Jongsma
When multiple VFIO or VDPA devices are assigned to a guest, the guest
can fail to start because the guest fails to map enough memory. For
example, the case mentioned in
https://bugzilla.redhat.com/show_bug.cgi?id=1994893 results in this
failure:
2021-08-05T09:51:47.692578Z qemu-kvm: failed to write, fd=24, errno=14 (Bad address)
2021-08-05T09:51:47.692590Z qemu-kvm: vhost vdpa map fail!
2021-08-05T09:51:47.692594Z qemu-kvm: vhost-vdpa: DMA mapping failed, unable to continue
The current memlock limit calculation does not work for scenarios where
there are multiple such devices assigned to a guest. The root causes are
a little bit different between VFIO and VDPA devices.
For VFIO devices, the issue only occurs when a vIOMMU is present. In
this scenario, each vfio device is assigned a separate AddressSpace
fully mapping guest RAM. When there is no vIOMMU, the devices are all
within the same AddressSpace so no additional memory limit is needed.
For VDPA devices, each device requires the full memory to be mapped
regardless of whether there is a vIOMMU or not.
In order to enable these scenarios, we need to multiply memlock limit
by the number of VDPA devices plus the number of VFIO devices for guests
with a vIOMMU. This has the potential for pushing the memlock limit
above the host physical memory and negating any protection that these
locked memory limits are providing, but there is no other short-term
solution.
In the future, there should be have a revised userspace iommu interface
(iommufd) that the VFIO and VDPA backends can make use of. This will be
able to share locked memory limits between both vfio and vdpa use cases
and address spaces and then we can disable these short term hacks. But
this is still in development upstream.
Signed-off-by: Jonathon Jongsma <jjongsma(a)redhat.com>
---
src/qemu/qemu_domain.c | 56 ++++++++++++++++++++++++++++++++++++++++--
1 file changed, 54 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 45f00e162d..a1e91ef48f 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -9233,6 +9233,40 @@ getPPC64MemLockLimitBytes(virDomainDef *def,
}
+static int
+qemuDomainGetNumVFIODevices(const virDomainDef *def)
+{
+ int i;
+ int n = 0;
+
+ for (i = 0; i < def->nhostdevs; i++) {
+ if (virHostdevIsVFIODevice(def->hostdevs[i]) ||
+ virHostdevIsMdevDevice(def->hostdevs[i]))
+ n++;
+ }
+ for (i = 0; i < def->ndisks; i++) {
+ if (virStorageSourceChainHasNVMe(def->disks[i]->src))
+ n++;
+ }
+ return n;
+}
+
+
+static int
+qemuDomainGetNumVDPANetDevices(const virDomainDef *def)
+{
+ int i;
+ int n = 0;
+
+ for (i = 0; i < def->nnets; i++) {
+ if (virDomainNetGetActualType(def->nets[i]) == VIR_DOMAIN_NET_TYPE_VDPA)
+ n++;
+ }
+
+ return n;
+}
+
+
/**
* qemuDomainGetMemLockLimitBytes:
* @def: domain definition
@@ -9252,6 +9286,8 @@ qemuDomainGetMemLockLimitBytes(virDomainDef *def,
bool forceVFIO)
{
unsigned long long memKB = 0;
+ int nvfio;
+ int nvdpa;
/* prefer the hard limit */
if (virMemoryLimitIsSet(def->mem.hard_limit)) {
@@ -9270,6 +9306,8 @@ qemuDomainGetMemLockLimitBytes(virDomainDef *def,
if (ARCH_IS_PPC64(def->os.arch) && def->virtType == VIR_DOMAIN_VIRT_KVM)
return getPPC64MemLockLimitBytes(def, forceVFIO);
+ nvfio = qemuDomainGetNumVFIODevices(def);
+ nvdpa = qemuDomainGetNumVDPANetDevices(def);
/* For device passthrough using VFIO the guest memory and MMIO memory
* regions need to be locked persistent in order to allow DMA.
*
@@ -9288,8 +9326,22 @@ qemuDomainGetMemLockLimitBytes(virDomainDef *def,
*
* Note that this may not be valid for all platforms.
*/
- if (forceVFIO || qemuDomainNeedsVFIO(def) || virDomainDefHasVDPANet(def))
- memKB = virDomainDefGetMemoryTotal(def) + 1024 * 1024;
+ if (forceVFIO || nvfio || nvdpa) {
+ /* At present, the full memory needs to be locked for each VFIO / VDPA
+ * device. For VFIO devices, this only applies when there is a vIOMMU
+ * present. Yes, this may result in a memory limit that is greater than
+ * the host physical memory, which is not ideal. The long-term solution
+ * is a new userspace iommu interface (iommufd) which should eliminate
+ * this duplicate memory accounting. But for now this is the only way
+ * to enable configurations with e.g. multiple vdpa devices.
+ */
+ int factor = nvdpa;
+
+ if (def->iommu)
+ factor += nvfio;
+
+ memKB = MAX(factor, 1) * virDomainDefGetMemoryTotal(def) + 1024 * 1024;
+ }
return memKB << 10;
}
--
2.37.1
2 years, 4 months
[libvirt PATCH] libxl: Fix build with recent Xen that introduces new disk backend type
by Oleksandr Tyshchenko
From: Oleksandr Tyshchenko <oleksandr_tyshchenko(a)epam.com>
Xen toolstack has gained basic Virtio support recently which becides
adding various virtio related stuff introduces new disk backend type
LIBXL_DISK_BACKEND_STANDALONE [1].
Unfortunately, this caused a regression in libvirt build with Xen support
enabled, reported by the osstest today [2]:
CC libxl/libvirt_driver_libxl_impl_la-xen_xl.lo
../../src/libxl/xen_xl.c: In function 'xenParseXLDisk':
../../src/libxl/xen_xl.c:779:17: error: enumeration value 'LIBXL_DISK_BACKEND_STANDALONE'
not handled in switch [-Werror=switch-enum]
switch (libxldisk->backend) {
^~~~~~
cc1: all warnings being treated as errors
The interesting fact is that switch already has a default branch (which ought
to cover such new addition), but the error is triggered as -Wswitch-enum
gives a warning about an omitted enumeration code even if there is a default
label.
Also there is a similar issue in libxlUpdateDiskDef() which I have reproduced
after fixing the first one, but it that case the corresponding switch doesn't
have a default branch.
Fix both issues by inserting required enumeration item to make the compiler
happy and adding ifdef guard to be able to build against old Xen libraries
as well (without LIBXL_HAVE_DEVICE_DISK_SPECIFICATION). Also add a default
branch to switch in libxlUpdateDiskDef().
Please note, that current patch doesn't implement the proper handling of
LIBXL_DISK_BACKEND_STANDALONE and friends, it is just intended to fix
the regression immediately to unblock the osstest. Also it worth mentioning
that current patch won't solve the possible additions in the future.
[1] https://lore.kernel.org/xen-devel/20220716163745.28712-1-olekstysh@gmail....
[2] https://lore.kernel.org/xen-devel/E1oHEQO-0008GA-Uo@osstest.test-lab.xenp...
Signed-off-by: Oleksandr Tyshchenko <oleksandr_tyshchenko(a)epam.com>
---
Cc: Julien Grall <julien(a)xen.org>
Cc: Anthony PERARD <anthony.perard(a)citrix.com>
Cc: Michal Privoznik <mprivozn(a)redhat.com>
Please note, the patch is tested on:
https://xenbits.xen.org/gitweb/?p=libvirt.git;a=shortlog;h=refs/heads/xen...
but should work on the master as well (as the same code is present here).
---
src/libxl/libxl_conf.c | 4 ++++
src/libxl/xen_xl.c | 3 +++
2 files changed, 7 insertions(+)
diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c
index aa3d7925ec..526f0b2b08 100644
--- a/src/libxl/libxl_conf.c
+++ b/src/libxl/libxl_conf.c
@@ -1240,6 +1240,10 @@ libxlUpdateDiskDef(virDomainDiskDef *l_disk, libxl_device_disk *x_disk)
driver = "phy";
break;
case LIBXL_DISK_BACKEND_UNKNOWN:
+#ifdef LIBXL_HAVE_DEVICE_DISK_SPECIFICATION
+ case LIBXL_DISK_BACKEND_STANDALONE:
+#endif
+ default:
break;
}
if (driver)
diff --git a/src/libxl/xen_xl.c b/src/libxl/xen_xl.c
index 4de4e3140f..6919325623 100644
--- a/src/libxl/xen_xl.c
+++ b/src/libxl/xen_xl.c
@@ -715,6 +715,9 @@ xenParseXLDisk(virConf *conf, virDomainDef *def)
virDomainDiskSetDriver(disk, "phy");
virDomainDiskSetType(disk, VIR_STORAGE_TYPE_BLOCK);
break;
+#ifdef LIBXL_HAVE_DEVICE_DISK_SPECIFICATION
+ case LIBXL_DISK_BACKEND_STANDALONE:
+#endif
default:
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("disk backend not supported: %s"),
--
2.25.1
2 years, 4 months