September 2022 - Devel - libvirt List Archives

[PATCH] meson: Require libssh-0.8.0 or newer
by Michal Privoznik 14 Sep '22

14 Sep '22

According to repology.org: RHEL-8: 0.9.4 RHEL-9: 0.9.6 Debian 11: 0.9.5 openSUSE Leap 15.3: 0.8.7 Ubuntu 20.04: 0.9.3 And the rest of distros has something newer anyways. Requiring 0.8.0 or newer allows us to drop the terrible hack where we rename functions at meson level using #define. Note, 0.8.0 is the version of libssh where the rename happened. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- libvirt.spec.in | 2 +- meson.build | 15 +-------------- 2 files changed, 2 insertions(+), 15 deletions(-) diff --git a/libvirt.spec.in b/libvirt.spec.in index b199c624b8..a46389c78f 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -378,7 +378,7 @@ BuildRequires: wireshark-devel %endif %if %{with_libssh} -BuildRequires: libssh-devel >= 0.7.0 +BuildRequires: libssh-devel >= 0.8.0 %endif BuildRequires: rpcgen diff --git a/meson.build b/meson.build index ed9f4b3f70..11490b8980 100644 --- a/meson.build +++ b/meson.build @@ -1025,24 +1025,11 @@ else libpcap_dep = dependency('', required: false) endif -libssh_version = '0.7' +libssh_version = '0.8.0' if conf.has('WITH_REMOTE') libssh_dep = dependency('libssh', version: '>=' + libssh_version, required: get_option('libssh')) if libssh_dep.found() conf.set('WITH_LIBSSH', 1) - - # Check if new functions exists, if not redefine them with old deprecated ones. - # List of [ new_function, deprecated_function ]. - functions = [ - [ 'ssh_get_server_publickey', 'ssh_get_publickey' ], - [ 'ssh_session_is_known_server', 'ssh_is_server_known' ], - [ 'ssh_session_update_known_hosts', 'ssh_write_knownhost' ], - ] - foreach name : functions - if not cc.has_function(name[0], dependencies: libssh_dep) - conf.set(name[0], name[1]) - endif - endforeach endif else libssh_dep = dependency('', required: false) -- 2.35.1

2 1

[libvirt PATCH] ci: refresh with latest lcitool manifest
by Daniel P. Berrangé 14 Sep '22

14 Sep '22

This updates the FreeBSD 13 image to 13.1 which should fix the symbol lookup errors seen in CI recently. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- Pushing as a CI fix. ci/gitlab/builds.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/gitlab/builds.yml b/ci/gitlab/builds.yml index e51cce65b6..420d7f0211 100644 --- a/ci/gitlab/builds.yml +++ b/ci/gitlab/builds.yml @@ -479,7 +479,7 @@ x86_64-freebsd-13: needs: [] allow_failure: false variables: - CIRRUS_VM_IMAGE_NAME: freebsd-13-0 + CIRRUS_VM_IMAGE_NAME: freebsd-13-1 CIRRUS_VM_IMAGE_SELECTOR: image_family CIRRUS_VM_INSTANCE_TYPE: freebsd_instance INSTALL_COMMAND: pkg install -y -- 2.37.2

1 0

[PATCH] cpu_map: Introduce Neoverse-N1
by Zhenyu Zhang 14 Sep '22

14 Sep '22

From: root <root(a)ampere-mtsnow-altramax-21.khw4.lab.eng.bos.redhat.com> Add Neoverse-N1 as a supported cpu model. Signed-off-by: root <root(a)ampere-mtsnow-altramax-21.khw4.lab.eng.bos.redhat.com> --- src/cpu_map/arm_neoverse-n1.xml | 6 ++++++ src/cpu_map/arm_vendors.xml | 1 + src/cpu_map/index.xml | 3 +++ src/cpu_map/meson.build | 1 + 4 files changed, 11 insertions(+) create mode 100644 src/cpu_map/arm_neoverse-n1.xml diff --git a/src/cpu_map/arm_neoverse-n1.xml b/src/cpu_map/arm_neoverse-n1.xml new file mode 100644 index 0000000000..14c7f7c300 --- /dev/null +++ b/src/cpu_map/arm_neoverse-n1.xml @@ -0,0 +1,6 @@ +<cpus> + <model name='Neoverse-N1'> + <vendor name='Ampere'/> + <pvr value='0xd0c'/> + </model> +</cpus> diff --git a/src/cpu_map/arm_vendors.xml b/src/cpu_map/arm_vendors.xml index 92d10565f4..a9a945584b 100644 --- a/src/cpu_map/arm_vendors.xml +++ b/src/cpu_map/arm_vendors.xml @@ -13,4 +13,5 @@ <vendor name='Marvell' value='0x56'/> <vendor name='Intel' value='0x69'/> <vendor name='Phytium' value='0x70'/> + <vendor name='Ampere' value='0x71'/> </cpus> diff --git a/src/cpu_map/index.xml b/src/cpu_map/index.xml index d533a28865..2419fa0a64 100644 --- a/src/cpu_map/index.xml +++ b/src/cpu_map/index.xml @@ -98,6 +98,9 @@ <include filename='arm_cortex-a57.xml'/> <include filename='arm_cortex-a72.xml'/> +  + <include filename='arm_neoverse-n1.xml'/> +  <include filename='arm_Falkor.xml'/> diff --git a/src/cpu_map/meson.build b/src/cpu_map/meson.build index 99264289e2..c8f2e36eea 100644 --- a/src/cpu_map/meson.build +++ b/src/cpu_map/meson.build @@ -7,6 +7,7 @@ cpumap_data = [ 'arm_FT-2000plus.xml', 'arm_features.xml', 'arm_Kunpeng-920.xml', + 'arm_neoverse-n1.xml', 'arm_Tengyun-S2500.xml', 'arm_ThunderX299xx.xml', 'arm_vendors.xml', -- 2.31.1

1 0

[PATCH] cpu_map: Introduce Neoverse-N1
by Zhenyu Zhang 14 Sep '22

14 Sep '22

From: root <root(a)ampere-mtsnow-altramax-21.khw4.lab.eng.bos.redhat.com> Add Neoverse-N1 as a supported cpu model. Signed-off-by: root <root(a)ampere-mtsnow-altramax-21.khw4.lab.eng.bos.redhat.com> --- src/cpu_map/arm_neoverse-n1.xml | 6 ++++++ src/cpu_map/arm_vendors.xml | 1 + src/cpu_map/index.xml | 3 +++ src/cpu_map/meson.build | 1 + 4 files changed, 11 insertions(+) create mode 100644 src/cpu_map/arm_neoverse-n1.xml diff --git a/src/cpu_map/arm_neoverse-n1.xml b/src/cpu_map/arm_neoverse-n1.xml new file mode 100644 index 0000000000..14c7f7c300 --- /dev/null +++ b/src/cpu_map/arm_neoverse-n1.xml @@ -0,0 +1,6 @@ +<cpus> + <model name='Neoverse-N1'> + <vendor name='Ampere'/> + <pvr value='0xd0c'/> + </model> +</cpus> diff --git a/src/cpu_map/arm_vendors.xml b/src/cpu_map/arm_vendors.xml index 92d10565f4..a9a945584b 100644 --- a/src/cpu_map/arm_vendors.xml +++ b/src/cpu_map/arm_vendors.xml @@ -13,4 +13,5 @@ <vendor name='Marvell' value='0x56'/> <vendor name='Intel' value='0x69'/> <vendor name='Phytium' value='0x70'/> + <vendor name='Ampere' value='0x71'/> </cpus> diff --git a/src/cpu_map/index.xml b/src/cpu_map/index.xml index d533a28865..2419fa0a64 100644 --- a/src/cpu_map/index.xml +++ b/src/cpu_map/index.xml @@ -98,6 +98,9 @@ <include filename='arm_cortex-a57.xml'/> <include filename='arm_cortex-a72.xml'/> +  + <include filename='arm_neoverse-n1.xml'/> +  <include filename='arm_Falkor.xml'/> diff --git a/src/cpu_map/meson.build b/src/cpu_map/meson.build index 99264289e2..c8f2e36eea 100644 --- a/src/cpu_map/meson.build +++ b/src/cpu_map/meson.build @@ -7,6 +7,7 @@ cpumap_data = [ 'arm_FT-2000plus.xml', 'arm_features.xml', 'arm_Kunpeng-920.xml', + 'arm_neoverse-n1.xml', 'arm_Tengyun-S2500.xml', 'arm_ThunderX299xx.xml', 'arm_vendors.xml', -- 2.31.1

1 0

[libvirt][PATCH v15 0/9] Support query and use SGX
by Lin Yang 09 Sep '22

09 Sep '22

The previous v14 version can be found here: https://listman.redhat.com/archives/libvir-list/2022-July/233257.html Diff to v14: - Dropped SGX support for QEMU 6.2.0, only focus on QEMU 7.0.0 (BTW, I noticed the default QEMU version in RHEL9 is still 6.2.0, so those user cannot access this feature unless manually upgrade QEMU) - Removed total EPC size from domain capability, since the corresponding attribute is marked as deprecated in QMP command "query-sgx-capabilities" - Some cleanups to address comments (pin test to 7.0.0, more validations on qemu_validate.c, name issue, use built-in functions, ...) BTW, it still adds SGX EPC as memory device, since basically SGX EPC is one kind of memory. More specifically, a private region of memory, so didn't add additional general memory. QEMU allocate part of them and pass through to guest VM. I don't have a better alternative to represent it in domain definition. Haibin Huang (4): domain_capabilities: Define SGX capabilities structs qemu: Get SGX capabilities form QMP Convert QMP capabilities to domain capabilities conf: expose SGX feature in domain capabilities Lin Yang (2): conf: Introduce SGX EPC element into device memory xml qemu: Add command-line to generate SGX EPC memory backend Michal Prívozník (3): qemu_cgroup: Allow SGX in devices controller qemu_namespace: Create SGX related nodes in domain's namespace security_dac: Set DAC label on SGX /dev nodes docs/formatdomain.rst | 25 +- docs/formatdomaincaps.rst | 40 ++++ src/conf/domain_capabilities.c | 46 ++++ src/conf/domain_capabilities.h | 21 ++ src/conf/domain_conf.c | 30 +++ src/conf/domain_conf.h | 1 + src/conf/domain_postparse.c | 1 + src/conf/domain_validate.c | 9 + src/conf/schemas/domaincaps.rng | 37 +++ src/conf/schemas/domaincommon.rng | 1 + src/libvirt_private.syms | 1 + src/qemu/qemu_alias.c | 6 +- src/qemu/qemu_capabilities.c | 219 ++++++++++++++++++ src/qemu/qemu_capabilities.h | 6 + src/qemu/qemu_cgroup.c | 76 +++++- src/qemu/qemu_command.c | 66 +++++- src/qemu/qemu_domain.c | 48 ++-- src/qemu/qemu_domain.h | 2 + src/qemu/qemu_domain_address.c | 6 + src/qemu/qemu_driver.c | 1 + src/qemu/qemu_monitor.c | 10 + src/qemu/qemu_monitor.h | 3 + src/qemu/qemu_monitor_json.c | 137 ++++++++++- src/qemu/qemu_monitor_json.h | 4 + src/qemu/qemu_namespace.c | 20 +- src/qemu/qemu_process.c | 2 + src/qemu/qemu_validate.c | 40 ++++ src/security/security_apparmor.c | 1 + src/security/security_dac.c | 46 ++-- src/security/security_selinux.c | 2 + tests/domaincapsdata/bhyve_basic.x86_64.xml | 1 + tests/domaincapsdata/bhyve_fbuf.x86_64.xml | 1 + tests/domaincapsdata/bhyve_uefi.x86_64.xml | 1 + tests/domaincapsdata/empty.xml | 1 + tests/domaincapsdata/libxl-xenfv.xml | 1 + tests/domaincapsdata/libxl-xenpv.xml | 1 + .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml | 1 + .../qemu_4.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.s390x.xml | 1 + tests/domaincapsdata/qemu_4.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml | 1 + .../qemu_5.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_5.1.0.sparc.xml | 1 + tests/domaincapsdata/qemu_5.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.2.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.2.0-tcg.x86_64.xml | 1 + .../qemu_5.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_5.2.0.s390x.xml | 1 + tests/domaincapsdata/qemu_5.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_6.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml | 1 + .../qemu_6.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_6.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_6.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_6.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_6.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_6.2.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml | 1 + .../qemu_6.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_6.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_7.0.0-q35.x86_64.xml | 9 + .../domaincapsdata/qemu_7.0.0-tcg.x86_64.xml | 9 + .../qemu_7.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_7.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_7.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_7.0.0.x86_64.xml | 9 + .../domaincapsdata/qemu_7.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_7.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_7.1.0.x86_64.xml | 1 + .../caps_6.2.0.x86_64.replies | 27 ++- .../caps_7.0.0.x86_64.replies | 34 ++- .../caps_7.0.0.x86_64.xml | 10 + .../caps_7.1.0.x86_64.replies | 21 +- .../sgx-epc.x86_64-7.0.0.args | 40 ++++ tests/qemuxml2argvdata/sgx-epc.xml | 64 +++++ tests/qemuxml2argvtest.c | 2 + .../sgx-epc.x86_64-7.0.0.xml | 1 + tests/qemuxml2xmltest.c | 2 + 93 files changed, 1107 insertions(+), 79 deletions(-) create mode 100644 tests/qemuxml2argvdata/sgx-epc.x86_64-7.0.0.args create mode 100644 tests/qemuxml2argvdata/sgx-epc.xml create mode 120000 tests/qemuxml2xmloutdata/sgx-epc.x86_64-7.0.0.xml -- 2.25.1

2 1

[PATCH 0/6] docs: Improve and clarify information how to compile and install libvirt
by Peter Krempa 09 Sep '22

09 Sep '22

As a first step encourage users to use packages provided by the distro rather than risking messing up their system. Improve the rest too especially noting how to ensure that the build has required functionality compiled in. Rendered version: https://pipo.sk.gitlab.io/-/libvirt/-/jobs/3005952997/artifacts/website/com… Peter Krempa (6): docs: compiling: Add a paragraph suggesting installation from repository docs: compiling: Section off block on how to run from build directory docs: compiling: Separate information on how to install libvirt and add disclaimer docs: compiling: Separate 'prepare', 'configure', and 'build' steps docs: compiling: Encourage force-enabling required functionality docs: compiling: Add notes on starting compiled libvirt daemons docs/compiling.rst | 178 ++++++++++++++++++++++++++++++++++----------- 1 file changed, 134 insertions(+), 44 deletions(-) -- 2.37.1

3 9

[PATCH v2 0/9] ix double free in URI alias lookup and fix misleading error with libvirtd
by Peter Krempa 09 Sep '22

09 Sep '22

When libvirtd is built without a driver we report a terrible error message which doesn't really point to what's happening. v2: - propagate that we want to avoid the remote driver internally rather than via a public API flag Peter Krempa (9): virConnectOpenInternal: Avoid double free() when alias is an invalid URI virConnectOpenInternal: Switch to automatic memory cleanup virConnectOpenInternal: Remove 'failed' label remote: remoteOpenConn: Use virConnectOpenAuth instead of virConnectOpen(ReadOnly) remoteConnectOpen: Refactor cleanup remote: doRemoteOpen: Automatically clean up 'priv' lxc: Remove unneeded forward declaration of 'lxcStateInitialize' virStateInitialize: Propagate whether running in monolithic daemon mode to stateful driver init remote: Don't attempt remote connection from libvirtd src/bhyve/bhyve_driver.c | 1 + src/ch/ch_driver.c | 1 + src/driver-state.h | 1 + src/interface/interface_backend_netcf.c | 1 + src/interface/interface_backend_udev.c | 1 + src/libvirt.c | 67 +++++++++++-------------- src/libvirt_internal.h | 1 + src/libxl/libxl_driver.c | 1 + src/lxc/lxc_driver.c | 5 +- src/network/bridge_driver.c | 1 + src/node_device/node_device_udev.c | 1 + src/nwfilter/nwfilter_driver.c | 1 + src/qemu/qemu_driver.c | 1 + src/remote/remote_daemon.c | 6 +++ src/remote/remote_daemon_dispatch.c | 7 ++- src/remote/remote_driver.c | 59 +++++++++++----------- src/secret/secret_driver.c | 1 + src/storage/storage_driver.c | 1 + src/vz/vz_driver.c | 1 + 19 files changed, 83 insertions(+), 75 deletions(-) -- 2.37.1

2 11

[(pushed) PATCH] Revert "build: Decrease maximum stack frame size to 2048"
by Peter Krempa 09 Sep '22

09 Sep '22

The bhyve driver still has some frames larger than 2048 bytes, so we need to keep the limit as is. The CI failure was masked by the Freebsd-13 failing for unrelated reasons. This reverts commit 46302172d47709b169c4b9b4cd6a4847fc2f0b4c Signed-off-by: Peter Krempa <pkrempa(a)redhat.com> --- Pushed as a build fix. Unfortunately I didn't notice that another job failed before pushing . meson.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meson.build b/meson.build index 9d3703a321..ed9f4b3f70 100644 --- a/meson.build +++ b/meson.build @@ -226,7 +226,7 @@ alloc_max = run_command( ) # sanitizer instrumentation may enlarge stack frames -stack_frame_size = get_option('b_sanitize') == 'none' ? 2048 : 32768 +stack_frame_size = get_option('b_sanitize') == 'none' ? 4096 : 32768 # array_bounds=2 check triggers false positive on some GCC # versions when using sanitizers. Seen on Fedora 34 with -- 2.37.1

1 0

[PATCH 0/3] fix some potential memory leak issues
by Jiacheng Jiang 09 Sep '22

09 Sep '22

From: jiangjiacheng <jiangjiacheng(a)huawei.com> *** BLURB HERE *** jiangjiacheng (3): rpc: fix memory leak in virNetServerClientNew and virNetServerProgramDispatchCall qemu: fix memory leak in qemu_driver.c qemu: Fix memory leak fix memory leak in the condition of attaching cdrom src/qemu/qemu_driver.c | 15 +++++++++++++++ src/rpc/virnetserverclient.c | 1 + src/rpc/virnetserverprogram.c | 12 +++++++++--- 3 files changed, 25 insertions(+), 3 deletions(-) -- 2.33.0

2 6

[PATCH 0/2] qemu: Two improvements wrt mount namespaces
by Michal Privoznik 09 Sep '22

09 Sep '22

While investigating a bug (which I believe is just a misconfiguration; linked in 2/2) I've found a problem with memfd (patch 1/2). Michal Prívozník (2): qemu_process: Don't require a hugetlbfs mount for memfd kbase: Document QEMU private mount NS limitations docs/kbase/qemu-passthrough-security.rst | 22 ++++++++++++++++++++++ src/qemu/qemu_process.c | 12 +++++++++++- 2 files changed, 33 insertions(+), 1 deletion(-) -- 2.35.1

2 3