[PATCH] qemuProcessRefreshDisks: Don't skip filling of disk information if tray state didn't change
by Peter Krempa
Commit 5ef2582646eb98 added emitting of even when refreshign disk state,
where it wanted to avoid sending the event if disk state didn't change.
This was achieved by using 'continue' in the loop filling the
information. Unfortunately this skips extraction of whether the device
has a tray which is propagated into internal structures, which in turn
broke cdrom media change as the code thought there's no tray for the
device.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2166411
Fixes: 5ef2582646eb98af208ce37355f82bdef39931fa
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
src/qemu/qemu_process.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index e96b7689a3..59aa3f02aa 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -8711,16 +8711,13 @@ qemuProcessRefreshDisks(virDomainObj *vm,
continue;
if (info->removable) {
- virObjectEvent *event = NULL;
+ bool emitEvent = info->tray_open != disk->tray_status;
int reason;
if (info->empty)
virDomainDiskEmptySource(disk);
if (info->tray) {
- if (info->tray_open == disk->tray_status)
- continue;
-
if (info->tray_open) {
reason = VIR_DOMAIN_EVENT_TRAY_CHANGE_OPEN;
disk->tray_status = VIR_DOMAIN_DISK_TRAY_OPEN;
@@ -8729,8 +8726,10 @@ qemuProcessRefreshDisks(virDomainObj *vm,
disk->tray_status = VIR_DOMAIN_DISK_TRAY_CLOSED;
}
- event = virDomainEventTrayChangeNewFromObj(vm, disk->info.alias, reason);
- virObjectEventStateQueue(driver->domainEventState, event);
+ if (emitEvent) {
+ virObjectEvent *event = virDomainEventTrayChangeNewFromObj(vm, disk->info.alias, reason);
+ virObjectEventStateQueue(driver->domainEventState, event);
+ }
}
}
--
2.39.1
1 year, 8 months
[PATCH] remote_driver: Work around broken clang
by Michal Privoznik
In recent commit of v9.0.0-191-gc71c159248 I've introduced
remoteConnectFormatURI() function and in the function @query
variable. Even though, the variable is used, clang-13 fails to
see it. Surprisingly, never clang is not affected. Fortunately,
swapping the order in which variables are set makes clang happy
again.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/remote/remote_driver.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 58cd0abe8c..a4c60be3d7 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -712,7 +712,7 @@ remoteConnectFormatURI(virURI *uri,
virURIParamsSetIgnore(uri, false, names);
}
- query = tmpuri.query = virURIFormatParams(uri);
+ tmpuri.query = query = virURIFormatParams(uri);
ret = virURIFormat(&tmpuri);
--
2.39.1
1 year, 8 months
[PATCH v2] Revert ".gitignore: Ignore cscope and other *tags files"
by Martin Kletzander
This reverts commit f2d379e7cb802f922409c35e4831ee52a2162486.
Any tool-related ignores should go to user's global ignore file or the user's
local exclude file which is per-project. See git-config(1) and gitignore(5) for
more details.
Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
---
.gitignore | 12 +-----------
1 file changed, 1 insertion(+), 11 deletions(-)
diff --git a/.gitignore b/.gitignore
index 61ea7779b02b..469539134280 100644
--- a/.gitignore
+++ b/.gitignore
@@ -19,17 +19,7 @@ __pycache__/
# libvirt related ignores
/build/
/ci/scratch/
-
-# *tags and cscope files
-/GPATH
-/GRTAGS
-/GTAGS
-/TAGS
-/cscope.files
-/cscope.in.out
-/cscope.out
-/cscope.po.out
-/tags
+tags
# clangd related ignores
.clangd
--
2.39.1
1 year, 8 months
[PATCH v2 0/8] remote: Pass 'mode' and 'socket' URI parameters to virt-ssh-helper
by Michal Privoznik
v2 of:
https://listman.redhat.com/archives/libvir-list/2023-February/237540.html
diff to v1:
- Dropped "remote_driver: Expose EXTRACT_URI_ARG_* macros" patch
- Dropped "src: Unify URI params parsing" patch
- Reworked couple of patches as a result of that
- Reworded couple of commit messages
Michal Prívozník (8):
viruri: Search params case insensitively
Drop checks for virURIFormat() retval
doRemoteOpen(): Rename 'failed' label to 'error'
virt-ssh-helper: Accept ?mode= in connection URI
virt-ssh-helper: Accept ?socket= in connection URI
remote_driver: Move URI re-generation into a function
viruri: Introduce virURIParamsSetIgnore()
remote: Pass 'mode' and 'socket' URI parameters to virt-ssh-helper
src/admin/libvirt-admin.c | 6 +-
src/libvirt-host.c | 10 +--
src/libvirt_private.syms | 1 +
src/qemu/qemu_block.c | 3 +-
src/qemu/qemu_migration.c | 3 +-
src/remote/remote_driver.c | 114 ++++++++++++++++----------
src/remote/remote_ssh_helper.c | 32 ++++++--
src/storage/storage_backend_gluster.c | 6 +-
src/util/viruri.c | 37 ++++++++-
src/util/viruri.h | 2 +
tests/viruritest.c | 3 +-
11 files changed, 139 insertions(+), 78 deletions(-)
--
2.39.1
1 year, 8 months
[libvirt PATCH] ci: Test with latest Avocado again
by Erik Skultety
Test with the following fix:
https://github.com/avocado-framework/avocado/pull/5567/commits
Signed-off-by: Erik Skultety <eskultet(a)redhat.com>
---
The corresponding change in TCK needed for this was already merged:
https://gitlab.com/libvirt/libvirt-tck/-/merge_requests/37
Here's a relevant pipeline with the change applied:
https://gitlab.com/eskultety/libvirt/-/pipelines/770989394
Worth noting that because the change in TCK about Avocado wasn't backwards
compatible, we need to merge this one soon otherwise the next scheduled CI will
fail.
ci/integration-template.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ci/integration-template.yml b/ci/integration-template.yml
index 9141d5cedf..efd04b76c1 100644
--- a/ci/integration-template.yml
+++ b/ci/integration-template.yml
@@ -28,7 +28,7 @@
- sudo dnf install -y libvirt-rpms/* libvirt-perl-rpms/* libvirt-python-rpms/*
# Avocado >98.0 fails with the nwfilter TCK tests, so stick with 98.0 for now
- - sudo pip3 install --prefix=/usr avocado-framework==98.0
+ - sudo pip3 install --prefix=/usr avocado-framework
.enable-core-dumps: &enable-core-dumps
--
2.39.1
1 year, 8 months
[PATCH 1/1] qemu: allow changing disk driver parameters while blockcopying
by jshen28
QEMU blockdev allows to configure cachemode, discard and detect-zeroes
for blockdev-add. The benefit of allowing to change cachemode is copying
a shared storage (RBD, writeback) to a local device mapping (SAN, none
cache) and still allows live migration. Allowing changing detect-zeroes
could be beneficial while copying from SAN to RBD without taking too
much space.
Signed-off-by: jshen28 <yshxxsjt715(a)163.com>
---
src/conf/domain_conf.c | 11 +++++++++++
src/conf/storage_source_conf.h | 6 +++---
src/qemu/qemu_blockjob.c | 13 +++++++++++++
src/qemu/qemu_driver.c | 14 ++++++++++++++
4 files changed, 41 insertions(+), 3 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index ff1c78ecd1..0533a770c3 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -13962,6 +13962,17 @@ virDomainDiskDefParseSource(const char *xmlStr,
if ((driverNode = virXPathNode("./driver", ctxt))) {
if (virDomainDiskDefDriverSourceParseXML(src, driverNode, ctxt) < 0)
return NULL;
+ if (virXMLPropEnum(driverNode, "cache", virDomainDiskCacheTypeFromString,
+ VIR_XML_PROP_NONE, &src->cachemode) < 0)
+ return NULL;
+ if (virXMLPropEnum(driverNode, "detect_zeroes",
+ virDomainDiskDetectZeroesTypeFromString,
+ VIR_XML_PROP_NONE, &src->detect_zeroes) < 0)
+ return NULL;
+ if (virXMLPropEnum(driverNode, "discard",
+ virDomainDiskDiscardTypeFromString,
+ VIR_XML_PROP_NONE, &src->discard) < 0)
+ return NULL;
}
if (virStorageSourceIsEmpty(src)) {
diff --git a/src/conf/storage_source_conf.h b/src/conf/storage_source_conf.h
index 14a6825d54..bed3b6570d 100644
--- a/src/conf/storage_source_conf.h
+++ b/src/conf/storage_source_conf.h
@@ -392,9 +392,9 @@ struct _virStorageSource {
* These instances are currently just copies from the parent definition and
* are not mapped back to the XML */
int iomode; /* enum virDomainDiskIo */
- int cachemode; /* enum virDomainDiskCache */
- int discard; /* enum virDomainDiskDiscard */
- int detect_zeroes; /* enum virDomainDiskDetectZeroes */
+ unsigned int cachemode; /* enum virDomainDiskCache */
+ unsigned int discard; /* enum virDomainDiskDiscard */
+ unsigned int detect_zeroes; /* enum virDomainDiskDetectZeroes */
bool floppyimg; /* set to true if the storage source is going to be used
as a source for floppy drive */
diff --git a/src/qemu/qemu_blockjob.c b/src/qemu/qemu_blockjob.c
index cb2d05d71d..f6b85772be 100644
--- a/src/qemu/qemu_blockjob.c
+++ b/src/qemu/qemu_blockjob.c
@@ -1240,6 +1240,19 @@ qemuBlockJobProcessEventConcludedCopyPivot(virQEMUDriver *driver,
qemuBlockJobEventProcessConcludedRemoveChain(driver, vm, asyncJob, job->disk->src);
virObjectUnref(job->disk->src);
job->disk->src = g_steal_pointer(&job->disk->mirror);
+
+ /* reset cachemode, discard, detect_zeroes to reflect the enforced setting */
+ if (job->disk->src->cachemode) {
+ job->disk->cachemode = job->disk->src->cachemode;
+ }
+
+ if (job->disk->src->discard) {
+ job->disk->discard = job->disk->src->discard;
+ }
+
+ if (job->disk->src->detect_zeroes) {
+ job->disk->detect_zeroes = job->disk->src->detect_zeroes;
+ }
}
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 6154fe9bfe..4058cdfafe 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -14552,6 +14552,7 @@ qemuDomainBlockCopyCommon(virDomainObj *vm,
bool existing = mirror_reuse;
qemuBlockJobData *job = NULL;
g_autoptr(virStorageSource) mirror = mirrorsrc;
+ g_autoptr(virStorageSource) mirror_cpy = virStorageSourceCopy(mirror, false);
bool supports_create = false;
bool supports_access = false;
bool supports_detect = false;
@@ -14725,6 +14726,19 @@ qemuDomainBlockCopyCommon(virDomainObj *vm,
* to modify all callers of 'qemuDomainPrepareStorageSourceBlockdev' */
mirror->detect_zeroes = disk->detect_zeroes;
+ /* respect input disk configuration */
+ if (mirror_cpy->detect_zeroes) {
+ mirror->detect_zeroes = mirror_cpy->detect_zeroes;
+ }
+
+ if (mirror_cpy->cachemode) {
+ mirror->cachemode = mirror_cpy->cachemode;
+ }
+
+ if (mirror_cpy->discard) {
+ mirror->discard = mirror_cpy->discard;
+ }
+
/* If reusing an external image that includes a backing file but the user
* did not enumerate the chain in the XML we need to detect the chain */
if (mirror_reuse &&
--
2.17.1
1 year, 8 months
[PATCH] qemu_process: Produce better debug message wrt domain namespaces
by Michal Privoznik
When going through debug log of a domain startup process, one can
meet the following line:
debug : qemuProcessLaunch:7668 : Building mount namespace
But this is in fact wrong. Firstly, domain namespaces are just
enabled in domain's privateData. Secondly, the debug message says
nothing about actual state of namespace - whether it was enabled
or not.
Therefore, move the debug printing into
qemuProcessEnableDomainNamespaces() and tweak it so that the
actual value is reflected.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/qemu_process.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index e96b7689a3..68ced01ab2 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -7378,11 +7378,17 @@ qemuProcessEnableDomainNamespaces(virQEMUDriver *driver,
virDomainObj *vm)
{
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
+ const char *state = "disabled";
if (virBitmapIsBitSet(cfg->namespaces, QEMU_DOMAIN_NS_MOUNT) &&
qemuDomainEnableNamespace(vm, QEMU_DOMAIN_NS_MOUNT) < 0)
return -1;
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
+ state = "enabled";
+
+ VIR_DEBUG("Mount namespace for domain name=%s are %s",
+ vm->def->name, state);
return 0;
}
@@ -7706,8 +7712,6 @@ qemuProcessLaunch(virConnectPtr conn,
qemuDomainLogContextMarkPosition(logCtxt);
- VIR_DEBUG("Building mount namespace");
-
if (qemuProcessEnableDomainNamespaces(driver, vm) < 0)
goto cleanup;
--
2.39.1
1 year, 8 months
[libvirt PATCH v4 00/31] Use nbdkit for http/ftp/ssh network drives in libvirt
by Jonathon Jongsma
This is the fourth version of this patch series. See
https://bugzilla.redhat.com/show_bug.cgi?id=2016527 for more information about
the goal, but the summary is that RHEL does not want to ship the qemu storage
plugins for curl and ssh. Handling them outside of the qemu process provides
several advantages such as reduced attack surface and stability.
See previous series for more info:
https://listman.redhat.com/archives/libvir-list/2022-October/235052.html
Note that gitlab CI will not work for this series without changes to the ci
definitions due to the addition of libnbd dependency.
Changes in v4:
- Added new schema that makes ssh disks actually useable with nbdkit.
- supports authentication with password or ssh key
- enable both http and https protocols together
- improve logging and error reporting
- adds a dependency on libnbd to validate the storage before launching qemu
- nbdkit output logged to a separate file
- add missing support for hotplug
- lots of smaller changes from Peter's review
Jonathon Jongsma (31):
schema: allow 'ssh' as a protocol for network disks
qemu: Add functions for determining nbdkit availability
qemu: expand nbdkit capabilities
util: Allow virFileCache data to be any GObject
qemu: implement basic virFileCache for nbdkit caps
qemu: implement persistent file cache for nbdkit caps
qemu: use file cache for nbdkit caps
qemu: Add qemuNbdkitProcess
qemu: query nbdkit module dir from binary
qemu: add functions to start and stop nbdkit
qemu: remove unused 'mode' param from qemuDomainLogContextNew()
Generalize qemuDomainLogContextNew()
qemu: Extract qemuDomainLogContext into a new file
qemu: move qemuProcessReadLog() to qemuLogContext
qemu: log error output from nbdkit
tests: add ability to test various nbdkit capabilities
qemu: split qemuDomainSecretStorageSourcePrepare
qemu: include nbdkit state in private xml
qemu: pass sensitive data to nbdkit via pipe
qemu: use nbdkit to serve network disks if available
util: make virCommandSetSendBuffer testable
tests: add tests for nbdkit invocation
qemu: add test for authenticating a https network disk
qemu: Monitor nbdkit process for exit
qemu: try to connect to nbdkit early to detect errors
schema: add password configuration for ssh disk
qemu: implement password auth for ssh disks with nbdkit
schema: add configuration for host verification of ssh disks
qemu: implement knownHosts for ssh disks with nbdkit
schema: add keyfile configuration for ssh disks
qemu: implement keyfile auth for ssh disk with nbdkit
build-aux/syntax-check.mk | 2 +-
docs/formatdomain.rst | 41 +-
meson.build | 14 +
meson_options.txt | 1 +
po/POTFILES | 2 +
src/conf/domain_conf.c | 32 +
src/conf/schemas/domaincommon.rng | 53 +
src/conf/storage_source_conf.c | 3 +
src/conf/storage_source_conf.h | 6 +-
src/libvirt_private.syms | 1 +
src/qemu/meson.build | 3 +
src/qemu/qemu_block.c | 162 +-
src/qemu/qemu_conf.c | 22 +
src/qemu/qemu_conf.h | 6 +
src/qemu/qemu_domain.c | 415 ++----
src/qemu/qemu_domain.h | 39 +-
src/qemu/qemu_driver.c | 3 +
src/qemu/qemu_extdevice.c | 56 +
src/qemu/qemu_hotplug.c | 7 +
src/qemu/qemu_logcontext.c | 329 ++++
src/qemu/qemu_logcontext.h | 41 +
src/qemu/qemu_nbdkit.c | 1326 +++++++++++++++++
src/qemu/qemu_nbdkit.h | 116 ++
src/qemu/qemu_nbdkitpriv.h | 31 +
src/qemu/qemu_process.c | 119 +-
src/util/vircommand.c | 17 +-
src/util/vircommand.h | 8 +
src/util/vircommandpriv.h | 4 +
src/util/virfilecache.c | 14 +-
src/util/virfilecache.h | 2 +-
tests/meson.build | 1 +
tests/qemublocktest.c | 2 +-
...w2-invalid.json => network-ssh-qcow2.json} | 0
...cow2-invalid.xml => network-ssh-qcow2.xml} | 0
.../disk-cdrom-network.args.disk0 | 6 +
.../disk-cdrom-network.args.disk1 | 8 +
.../disk-cdrom-network.args.disk1.pipe.778 | 1 +
.../disk-cdrom-network.args.disk2 | 8 +
.../disk-cdrom-network.args.disk2.pipe.780 | 1 +
.../disk-network-http.args.disk0 | 6 +
.../disk-network-http.args.disk1 | 5 +
.../disk-network-http.args.disk2 | 6 +
.../disk-network-http.args.disk2.pipe.778 | 1 +
.../disk-network-http.args.disk3 | 7 +
.../disk-network-http.args.disk3.pipe.780 | 1 +
...work-source-curl-nbdkit-backing.args.disk0 | 7 +
...ce-curl-nbdkit-backing.args.disk0.pipe.778 | 1 +
.../disk-network-source-curl.args.disk0 | 7 +
...sk-network-source-curl.args.disk0.pipe.778 | 1 +
.../disk-network-source-curl.args.disk1 | 9 +
...sk-network-source-curl.args.disk1.pipe.780 | 1 +
...sk-network-source-curl.args.disk1.pipe.782 | 1 +
.../disk-network-source-curl.args.disk2 | 7 +
...sk-network-source-curl.args.disk2.pipe.782 | 1 +
...sk-network-source-curl.args.disk2.pipe.784 | 1 +
.../disk-network-source-curl.args.disk3 | 6 +
.../disk-network-source-curl.args.disk4 | 6 +
.../disk-network-ssh-key.args.disk0 | 10 +
.../disk-network-ssh-password.args.disk0 | 9 +
...k-network-ssh-password.args.disk0.pipe.778 | 1 +
.../disk-network-ssh.args.disk0 | 7 +
.../disk-network-ssh.args.disk1 | 8 +
.../disk-network-ssh.args.disk1.pipe.778 | 1 +
.../disk-network-ssh.args.disk2 | 9 +
tests/qemunbdkittest.c | 302 ++++
tests/qemustatusxml2xmldata/modern-in.xml | 4 +
...sk-cdrom-network-nbdkit.x86_64-latest.args | 42 +
.../disk-cdrom-network-nbdkit.xml | 1 +
...isk-network-http-nbdkit.x86_64-latest.args | 45 +
.../disk-network-http-nbdkit.xml | 1 +
...rce-curl-nbdkit-backing.x86_64-latest.args | 38 +
...isk-network-source-curl-nbdkit-backing.xml | 45 +
...work-source-curl-nbdkit.x86_64-latest.args | 50 +
.../disk-network-source-curl-nbdkit.xml | 1 +
...isk-network-source-curl.x86_64-latest.args | 54 +
.../disk-network-source-curl.xml | 74 +
.../qemuxml2argvdata/disk-network-ssh-key.xml | 33 +
...disk-network-ssh-nbdkit.x86_64-latest.args | 36 +
.../disk-network-ssh-nbdkit.xml | 1 +
...sk-network-ssh-password.x86_64-latest.args | 36 +
.../disk-network-ssh-password.xml | 35 +
.../disk-network-ssh.x86_64-latest.args | 36 +
tests/qemuxml2argvdata/disk-network-ssh.xml | 32 +
tests/qemuxml2argvtest.c | 19 +
tests/testutilsqemu.c | 27 +
tests/testutilsqemu.h | 5 +
86 files changed, 3463 insertions(+), 475 deletions(-)
create mode 100644 src/qemu/qemu_logcontext.c
create mode 100644 src/qemu/qemu_logcontext.h
create mode 100644 src/qemu/qemu_nbdkit.c
create mode 100644 src/qemu/qemu_nbdkit.h
create mode 100644 src/qemu/qemu_nbdkitpriv.h
rename tests/qemublocktestdata/imagecreate/{network-ssh-qcow2-invalid.json => network-ssh-qcow2.json} (100%)
rename tests/qemublocktestdata/imagecreate/{network-ssh-qcow2-invalid.xml => network-ssh-qcow2.xml} (100%)
create mode 100644 tests/qemunbdkitdata/disk-cdrom-network.args.disk0
create mode 100644 tests/qemunbdkitdata/disk-cdrom-network.args.disk1
create mode 100644 tests/qemunbdkitdata/disk-cdrom-network.args.disk1.pipe.778
create mode 100644 tests/qemunbdkitdata/disk-cdrom-network.args.disk2
create mode 100644 tests/qemunbdkitdata/disk-cdrom-network.args.disk2.pipe.780
create mode 100644 tests/qemunbdkitdata/disk-network-http.args.disk0
create mode 100644 tests/qemunbdkitdata/disk-network-http.args.disk1
create mode 100644 tests/qemunbdkitdata/disk-network-http.args.disk2
create mode 100644 tests/qemunbdkitdata/disk-network-http.args.disk2.pipe.778
create mode 100644 tests/qemunbdkitdata/disk-network-http.args.disk3
create mode 100644 tests/qemunbdkitdata/disk-network-http.args.disk3.pipe.780
create mode 100644 tests/qemunbdkitdata/disk-network-source-curl-nbdkit-backing.args.disk0
create mode 100644 tests/qemunbdkitdata/disk-network-source-curl-nbdkit-backing.args.disk0.pipe.778
create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk0
create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk0.pipe.778
create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk1
create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk1.pipe.780
create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk1.pipe.782
create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk2
create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk2.pipe.782
create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk2.pipe.784
create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk3
create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk4
create mode 100644 tests/qemunbdkitdata/disk-network-ssh-key.args.disk0
create mode 100644 tests/qemunbdkitdata/disk-network-ssh-password.args.disk0
create mode 100644 tests/qemunbdkitdata/disk-network-ssh-password.args.disk0.pipe.778
create mode 100644 tests/qemunbdkitdata/disk-network-ssh.args.disk0
create mode 100644 tests/qemunbdkitdata/disk-network-ssh.args.disk1
create mode 100644 tests/qemunbdkitdata/disk-network-ssh.args.disk1.pipe.778
create mode 100644 tests/qemunbdkitdata/disk-network-ssh.args.disk2
create mode 100644 tests/qemunbdkittest.c
create mode 100644 tests/qemuxml2argvdata/disk-cdrom-network-nbdkit.x86_64-latest.args
create mode 120000 tests/qemuxml2argvdata/disk-cdrom-network-nbdkit.xml
create mode 100644 tests/qemuxml2argvdata/disk-network-http-nbdkit.x86_64-latest.args
create mode 120000 tests/qemuxml2argvdata/disk-network-http-nbdkit.xml
create mode 100644 tests/qemuxml2argvdata/disk-network-source-curl-nbdkit-backing.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/disk-network-source-curl-nbdkit-backing.xml
create mode 100644 tests/qemuxml2argvdata/disk-network-source-curl-nbdkit.x86_64-latest.args
create mode 120000 tests/qemuxml2argvdata/disk-network-source-curl-nbdkit.xml
create mode 100644 tests/qemuxml2argvdata/disk-network-source-curl.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/disk-network-source-curl.xml
create mode 100644 tests/qemuxml2argvdata/disk-network-ssh-key.xml
create mode 100644 tests/qemuxml2argvdata/disk-network-ssh-nbdkit.x86_64-latest.args
create mode 120000 tests/qemuxml2argvdata/disk-network-ssh-nbdkit.xml
create mode 100644 tests/qemuxml2argvdata/disk-network-ssh-password.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/disk-network-ssh-password.xml
create mode 100644 tests/qemuxml2argvdata/disk-network-ssh.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/disk-network-ssh.xml
--
2.39.0
1 year, 8 months
[PATCH] qemu_namespace: Deal with nested mounts when umount()-ing /dev
by Michal Privoznik
In one of recent commits (v9.0.0-rc1~106) I've made our QEMU
namespace code umount the original /dev. One of the reasons was
enhanced security, because previously we just mounted a tmpfs
over the original /dev. Thus a malicious QEMU could just
umount("/dev") and it would get to the original /dev with all
nodes.
Now, on some systems this introduced a regression:
failed to umount devfs on /dev: Device or resource busy
But how this could be? We've moved all file systems mounted under
/dev to a temporary location. Or have we? As it turns out, not
quite. If there are two file systems mounted on the same target,
e.g. like this:
mount -t tmpfs tmpfs /dev/shm/ && mount -t tmpfs tmpfs /dev/shm/
then only the top most (i.e. the last one) is moved. See
qemuDomainUnshareNamespace() for more info.
Now, we could enhance our code to deal with these "doubled" mount
points. Or, since it is the top most file system that is
accessible anyways (and this one is preserved), we can
umount("/dev") in a recursive fashion.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2167302
Fixes: 379c0ce4bfed8733dfbde557c359eecc5474ce38
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/qemu_namespace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
index 5769a4dfe0..5fc043bd62 100644
--- a/src/qemu/qemu_namespace.c
+++ b/src/qemu/qemu_namespace.c
@@ -777,7 +777,7 @@ qemuDomainUnshareNamespace(virQEMUDriverConfig *cfg,
}
#if defined(__linux__)
- if (umount("/dev") < 0) {
+ if (umount2("/dev", MNT_DETACH) < 0) {
virReportSystemError(errno, "%s", _("failed to umount devfs on /dev"));
return -1;
}
--
2.39.1
1 year, 8 months
[PATCH 00/10] remote: Pass 'mode' and 'socket' URI parameters to virt-ssh-helper
by Michal Privoznik
The first couple of patches are cleanups, mostly. The last 5 patches are
the important ones. Now, the fix I went with in the 10/10 is to format
URI anew, just for the virt-ssh-helper's sake. I did not want to touch
@name as it's passed to sub-daemon's .open() method. If desired, I can
change the @name variable instead as it seems that no driver relies on
?mode or ?socket (they couldn't anyway). Thoughts?
Michal Prívozník (10):
viruri: Search params case insensitively
Drop checks for virURIFormat() retval
doRemoteOpen(): Rename 'failed' label to 'error'
remote_driver: Expose EXTRACT_URI_ARG_* macros
src: Unify URI params parsing
virt-ssh-helper: Accept ?mode= in connection URI
virt-ssh-helper: Accept ?socket= in connection URI
remote_driver: Move URI re-generation into a function
viruri: Introduce virURIParamsSetIgnore()
remote: Pass 'mode' and 'socket' URI parameters to virt-ssh-helper
po/POTFILES | 1 +
src/admin/libvirt-admin.c | 21 ++--
src/esx/esx_util.c | 96 ++++++++--------
src/hyperv/hyperv_util.c | 30 +++--
src/libvirt-host.c | 10 +-
src/libvirt_private.syms | 1 +
src/qemu/qemu_block.c | 3 +-
src/qemu/qemu_migration.c | 24 ++--
src/remote/remote_driver.c | 158 +++++++++++++-------------
src/remote/remote_ssh_helper.c | 27 ++++-
src/storage/storage_backend_gluster.c | 6 +-
src/util/virauth.c | 12 +-
src/util/viruri.c | 24 +++-
src/util/viruri.h | 37 ++++++
tests/viruritest.c | 3 +-
15 files changed, 245 insertions(+), 208 deletions(-)
--
2.39.1
1 year, 8 months