February 2023 - Devel - libvirt List Archives

[PATCH V2 0/4] migration: add qemu parallel migration options
by Jiang Jiacheng 09 Feb '23

09 Feb '23

Add qemu parallel migration options to set multifd-compression multifd-zlib-level and multifd-zstd-level. These parameters has been supported by QEMU since 5.0. v2 of: https://listman.redhat.com/archives/libvir-list/2023-January/237088.html diff to v1: * remove VIR_MIGRATE_PARAM_PARALLEL_COMPRESSION and related message * support to reuse VIR_MIGRATE_PARAM_COMPRESSION to set parallel migration compress method * update commit message Jiang Jiacheng (4): Add public API for parallel compression method qemu: Add qemu parallel migration parameters qemu: support set parallel migration compression method virsh: Add migrate options to set parallel compress level docs/manpages/virsh.rst | 22 ++++--- include/libvirt/libvirt-domain.h | 24 +++++++- src/qemu/qemu_migration.h | 2 + src/qemu/qemu_migration_params.c | 100 ++++++++++++++++++++++++++++++- src/qemu/qemu_migration_params.h | 3 + tools/virsh-domain.c | 26 ++++++++ 6 files changed, 166 insertions(+), 11 deletions(-) -- 2.33.0

3 14

[PATCH] qemuProcessRefreshDisks: Don't skip filling of disk information if tray state didn't change
by Peter Krempa 09 Feb '23

09 Feb '23

Commit 5ef2582646eb98 added emitting of even when refreshign disk state, where it wanted to avoid sending the event if disk state didn't change. This was achieved by using 'continue' in the loop filling the information. Unfortunately this skips extraction of whether the device has a tray which is propagated into internal structures, which in turn broke cdrom media change as the code thought there's no tray for the device. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2166411 Fixes: 5ef2582646eb98af208ce37355f82bdef39931fa Signed-off-by: Peter Krempa <pkrempa(a)redhat.com> --- src/qemu/qemu_process.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index e96b7689a3..59aa3f02aa 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -8711,16 +8711,13 @@ qemuProcessRefreshDisks(virDomainObj *vm, continue; if (info->removable) { - virObjectEvent *event = NULL; + bool emitEvent = info->tray_open != disk->tray_status; int reason; if (info->empty) virDomainDiskEmptySource(disk); if (info->tray) { - if (info->tray_open == disk->tray_status) - continue; - if (info->tray_open) { reason = VIR_DOMAIN_EVENT_TRAY_CHANGE_OPEN; disk->tray_status = VIR_DOMAIN_DISK_TRAY_OPEN; @@ -8729,8 +8726,10 @@ qemuProcessRefreshDisks(virDomainObj *vm, disk->tray_status = VIR_DOMAIN_DISK_TRAY_CLOSED; } - event = virDomainEventTrayChangeNewFromObj(vm, disk->info.alias, reason); - virObjectEventStateQueue(driver->domainEventState, event); + if (emitEvent) { + virObjectEvent *event = virDomainEventTrayChangeNewFromObj(vm, disk->info.alias, reason); + virObjectEventStateQueue(driver->domainEventState, event); + } } } -- 2.39.1

3 2

[PATCH] remote_driver: Work around broken clang
by Michal Privoznik 09 Feb '23

09 Feb '23

In recent commit of v9.0.0-191-gc71c159248 I've introduced remoteConnectFormatURI() function and in the function @query variable. Even though, the variable is used, clang-13 fails to see it. Surprisingly, never clang is not affected. Fortunately, swapping the order in which variables are set makes clang happy again. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- src/remote/remote_driver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 58cd0abe8c..a4c60be3d7 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -712,7 +712,7 @@ remoteConnectFormatURI(virURI *uri, virURIParamsSetIgnore(uri, false, names); } - query = tmpuri.query = virURIFormatParams(uri); + tmpuri.query = query = virURIFormatParams(uri); ret = virURIFormat(&tmpuri); -- 2.39.1

2 1

[PATCH v2] Revert ".gitignore: Ignore cscope and other *tags files"
by Martin Kletzander 08 Feb '23

08 Feb '23

This reverts commit f2d379e7cb802f922409c35e4831ee52a2162486. Any tool-related ignores should go to user's global ignore file or the user's local exclude file which is per-project. See git-config(1) and gitignore(5) for more details. Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com> --- .gitignore | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/.gitignore b/.gitignore index 61ea7779b02b..469539134280 100644 --- a/.gitignore +++ b/.gitignore @@ -19,17 +19,7 @@ __pycache__/ # libvirt related ignores /build/ /ci/scratch/ - -# *tags and cscope files -/GPATH -/GRTAGS -/GTAGS -/TAGS -/cscope.files -/cscope.in.out -/cscope.out -/cscope.po.out -/tags +tags # clangd related ignores .clangd -- 2.39.1

2 2

[PATCH v2 0/8] remote: Pass 'mode' and 'socket' URI parameters to virt-ssh-helper
by Michal Privoznik 08 Feb '23

08 Feb '23

v2 of: https://listman.redhat.com/archives/libvir-list/2023-February/237540.html diff to v1: - Dropped "remote_driver: Expose EXTRACT_URI_ARG_* macros" patch - Dropped "src: Unify URI params parsing" patch - Reworked couple of patches as a result of that - Reworded couple of commit messages Michal Prívozník (8): viruri: Search params case insensitively Drop checks for virURIFormat() retval doRemoteOpen(): Rename 'failed' label to 'error' virt-ssh-helper: Accept ?mode= in connection URI virt-ssh-helper: Accept ?socket= in connection URI remote_driver: Move URI re-generation into a function viruri: Introduce virURIParamsSetIgnore() remote: Pass 'mode' and 'socket' URI parameters to virt-ssh-helper src/admin/libvirt-admin.c | 6 +- src/libvirt-host.c | 10 +-- src/libvirt_private.syms | 1 + src/qemu/qemu_block.c | 3 +- src/qemu/qemu_migration.c | 3 +- src/remote/remote_driver.c | 114 ++++++++++++++++---------- src/remote/remote_ssh_helper.c | 32 ++++++-- src/storage/storage_backend_gluster.c | 6 +- src/util/viruri.c | 37 ++++++++- src/util/viruri.h | 2 + tests/viruritest.c | 3 +- 11 files changed, 139 insertions(+), 78 deletions(-) -- 2.39.1

2 11

[libvirt PATCH] ci: Test with latest Avocado again
by Erik Skultety 08 Feb '23

08 Feb '23

Test with the following fix: https://github.com/avocado-framework/avocado/pull/5567/commits Signed-off-by: Erik Skultety <eskultet(a)redhat.com> --- The corresponding change in TCK needed for this was already merged: https://gitlab.com/libvirt/libvirt-tck/-/merge_requests/37 Here's a relevant pipeline with the change applied: https://gitlab.com/eskultety/libvirt/-/pipelines/770989394 Worth noting that because the change in TCK about Avocado wasn't backwards compatible, we need to merge this one soon otherwise the next scheduled CI will fail. ci/integration-template.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/integration-template.yml b/ci/integration-template.yml index 9141d5cedf..efd04b76c1 100644 --- a/ci/integration-template.yml +++ b/ci/integration-template.yml @@ -28,7 +28,7 @@ - sudo dnf install -y libvirt-rpms/* libvirt-perl-rpms/* libvirt-python-rpms/* # Avocado >98.0 fails with the nwfilter TCK tests, so stick with 98.0 for now - - sudo pip3 install --prefix=/usr avocado-framework==98.0 + - sudo pip3 install --prefix=/usr avocado-framework .enable-core-dumps: &enable-core-dumps -- 2.39.1

2 1

[PATCH 1/1] qemu: allow changing disk driver parameters while blockcopying
by jshen28 08 Feb '23

08 Feb '23

QEMU blockdev allows to configure cachemode, discard and detect-zeroes for blockdev-add. The benefit of allowing to change cachemode is copying a shared storage (RBD, writeback) to a local device mapping (SAN, none cache) and still allows live migration. Allowing changing detect-zeroes could be beneficial while copying from SAN to RBD without taking too much space. Signed-off-by: jshen28 <yshxxsjt715(a)163.com> --- src/conf/domain_conf.c | 11 +++++++++++ src/conf/storage_source_conf.h | 6 +++--- src/qemu/qemu_blockjob.c | 13 +++++++++++++ src/qemu/qemu_driver.c | 14 ++++++++++++++ 4 files changed, 41 insertions(+), 3 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index ff1c78ecd1..0533a770c3 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -13962,6 +13962,17 @@ virDomainDiskDefParseSource(const char *xmlStr, if ((driverNode = virXPathNode("./driver", ctxt))) { if (virDomainDiskDefDriverSourceParseXML(src, driverNode, ctxt) < 0) return NULL; + if (virXMLPropEnum(driverNode, "cache", virDomainDiskCacheTypeFromString, + VIR_XML_PROP_NONE, &src->cachemode) < 0) + return NULL; + if (virXMLPropEnum(driverNode, "detect_zeroes", + virDomainDiskDetectZeroesTypeFromString, + VIR_XML_PROP_NONE, &src->detect_zeroes) < 0) + return NULL; + if (virXMLPropEnum(driverNode, "discard", + virDomainDiskDiscardTypeFromString, + VIR_XML_PROP_NONE, &src->discard) < 0) + return NULL; } if (virStorageSourceIsEmpty(src)) { diff --git a/src/conf/storage_source_conf.h b/src/conf/storage_source_conf.h index 14a6825d54..bed3b6570d 100644 --- a/src/conf/storage_source_conf.h +++ b/src/conf/storage_source_conf.h @@ -392,9 +392,9 @@ struct _virStorageSource { * These instances are currently just copies from the parent definition and * are not mapped back to the XML */ int iomode; /* enum virDomainDiskIo */ - int cachemode; /* enum virDomainDiskCache */ - int discard; /* enum virDomainDiskDiscard */ - int detect_zeroes; /* enum virDomainDiskDetectZeroes */ + unsigned int cachemode; /* enum virDomainDiskCache */ + unsigned int discard; /* enum virDomainDiskDiscard */ + unsigned int detect_zeroes; /* enum virDomainDiskDetectZeroes */ bool floppyimg; /* set to true if the storage source is going to be used as a source for floppy drive */ diff --git a/src/qemu/qemu_blockjob.c b/src/qemu/qemu_blockjob.c index cb2d05d71d..f6b85772be 100644 --- a/src/qemu/qemu_blockjob.c +++ b/src/qemu/qemu_blockjob.c @@ -1240,6 +1240,19 @@ qemuBlockJobProcessEventConcludedCopyPivot(virQEMUDriver *driver, qemuBlockJobEventProcessConcludedRemoveChain(driver, vm, asyncJob, job->disk->src); virObjectUnref(job->disk->src); job->disk->src = g_steal_pointer(&job->disk->mirror); + + /* reset cachemode, discard, detect_zeroes to reflect the enforced setting */ + if (job->disk->src->cachemode) { + job->disk->cachemode = job->disk->src->cachemode; + } + + if (job->disk->src->discard) { + job->disk->discard = job->disk->src->discard; + } + + if (job->disk->src->detect_zeroes) { + job->disk->detect_zeroes = job->disk->src->detect_zeroes; + } } diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 6154fe9bfe..4058cdfafe 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -14552,6 +14552,7 @@ qemuDomainBlockCopyCommon(virDomainObj *vm, bool existing = mirror_reuse; qemuBlockJobData *job = NULL; g_autoptr(virStorageSource) mirror = mirrorsrc; + g_autoptr(virStorageSource) mirror_cpy = virStorageSourceCopy(mirror, false); bool supports_create = false; bool supports_access = false; bool supports_detect = false; @@ -14725,6 +14726,19 @@ qemuDomainBlockCopyCommon(virDomainObj *vm, * to modify all callers of 'qemuDomainPrepareStorageSourceBlockdev' */ mirror->detect_zeroes = disk->detect_zeroes; + /* respect input disk configuration */ + if (mirror_cpy->detect_zeroes) { + mirror->detect_zeroes = mirror_cpy->detect_zeroes; + } + + if (mirror_cpy->cachemode) { + mirror->cachemode = mirror_cpy->cachemode; + } + + if (mirror_cpy->discard) { + mirror->discard = mirror_cpy->discard; + } + /* If reusing an external image that includes a backing file but the user * did not enumerate the chain in the XML we need to detect the chain */ if (mirror_reuse && -- 2.17.1

1 0

[PATCH] qemu_process: Produce better debug message wrt domain namespaces
by Michal Privoznik 08 Feb '23

08 Feb '23

When going through debug log of a domain startup process, one can meet the following line: debug : qemuProcessLaunch:7668 : Building mount namespace But this is in fact wrong. Firstly, domain namespaces are just enabled in domain's privateData. Secondly, the debug message says nothing about actual state of namespace - whether it was enabled or not. Therefore, move the debug printing into qemuProcessEnableDomainNamespaces() and tweak it so that the actual value is reflected. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- src/qemu/qemu_process.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index e96b7689a3..68ced01ab2 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -7378,11 +7378,17 @@ qemuProcessEnableDomainNamespaces(virQEMUDriver *driver, virDomainObj *vm) { g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver); + const char *state = "disabled"; if (virBitmapIsBitSet(cfg->namespaces, QEMU_DOMAIN_NS_MOUNT) && qemuDomainEnableNamespace(vm, QEMU_DOMAIN_NS_MOUNT) < 0) return -1; + if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) + state = "enabled"; + + VIR_DEBUG("Mount namespace for domain name=%s are %s", + vm->def->name, state); return 0; } @@ -7706,8 +7712,6 @@ qemuProcessLaunch(virConnectPtr conn, qemuDomainLogContextMarkPosition(logCtxt); - VIR_DEBUG("Building mount namespace"); - if (qemuProcessEnableDomainNamespaces(driver, vm) < 0) goto cleanup; -- 2.39.1

3 2

[libvirt PATCH v4 00/31] Use nbdkit for http/ftp/ssh network drives in libvirt
by Jonathon Jongsma 07 Feb '23

07 Feb '23

This is the fourth version of this patch series. See https://bugzilla.redhat.com/show_bug.cgi?id=2016527 for more information about the goal, but the summary is that RHEL does not want to ship the qemu storage plugins for curl and ssh. Handling them outside of the qemu process provides several advantages such as reduced attack surface and stability. See previous series for more info: https://listman.redhat.com/archives/libvir-list/2022-October/235052.html Note that gitlab CI will not work for this series without changes to the ci definitions due to the addition of libnbd dependency. Changes in v4: - Added new schema that makes ssh disks actually useable with nbdkit. - supports authentication with password or ssh key - enable both http and https protocols together - improve logging and error reporting - adds a dependency on libnbd to validate the storage before launching qemu - nbdkit output logged to a separate file - add missing support for hotplug - lots of smaller changes from Peter's review Jonathon Jongsma (31): schema: allow 'ssh' as a protocol for network disks qemu: Add functions for determining nbdkit availability qemu: expand nbdkit capabilities util: Allow virFileCache data to be any GObject qemu: implement basic virFileCache for nbdkit caps qemu: implement persistent file cache for nbdkit caps qemu: use file cache for nbdkit caps qemu: Add qemuNbdkitProcess qemu: query nbdkit module dir from binary qemu: add functions to start and stop nbdkit qemu: remove unused 'mode' param from qemuDomainLogContextNew() Generalize qemuDomainLogContextNew() qemu: Extract qemuDomainLogContext into a new file qemu: move qemuProcessReadLog() to qemuLogContext qemu: log error output from nbdkit tests: add ability to test various nbdkit capabilities qemu: split qemuDomainSecretStorageSourcePrepare qemu: include nbdkit state in private xml qemu: pass sensitive data to nbdkit via pipe qemu: use nbdkit to serve network disks if available util: make virCommandSetSendBuffer testable tests: add tests for nbdkit invocation qemu: add test for authenticating a https network disk qemu: Monitor nbdkit process for exit qemu: try to connect to nbdkit early to detect errors schema: add password configuration for ssh disk qemu: implement password auth for ssh disks with nbdkit schema: add configuration for host verification of ssh disks qemu: implement knownHosts for ssh disks with nbdkit schema: add keyfile configuration for ssh disks qemu: implement keyfile auth for ssh disk with nbdkit build-aux/syntax-check.mk | 2 +- docs/formatdomain.rst | 41 +- meson.build | 14 + meson_options.txt | 1 + po/POTFILES | 2 + src/conf/domain_conf.c | 32 + src/conf/schemas/domaincommon.rng | 53 + src/conf/storage_source_conf.c | 3 + src/conf/storage_source_conf.h | 6 +- src/libvirt_private.syms | 1 + src/qemu/meson.build | 3 + src/qemu/qemu_block.c | 162 +- src/qemu/qemu_conf.c | 22 + src/qemu/qemu_conf.h | 6 + src/qemu/qemu_domain.c | 415 ++---- src/qemu/qemu_domain.h | 39 +- src/qemu/qemu_driver.c | 3 + src/qemu/qemu_extdevice.c | 56 + src/qemu/qemu_hotplug.c | 7 + src/qemu/qemu_logcontext.c | 329 ++++ src/qemu/qemu_logcontext.h | 41 + src/qemu/qemu_nbdkit.c | 1326 +++++++++++++++++ src/qemu/qemu_nbdkit.h | 116 ++ src/qemu/qemu_nbdkitpriv.h | 31 + src/qemu/qemu_process.c | 119 +- src/util/vircommand.c | 17 +- src/util/vircommand.h | 8 + src/util/vircommandpriv.h | 4 + src/util/virfilecache.c | 14 +- src/util/virfilecache.h | 2 +- tests/meson.build | 1 + tests/qemublocktest.c | 2 +- ...w2-invalid.json => network-ssh-qcow2.json} | 0 ...cow2-invalid.xml => network-ssh-qcow2.xml} | 0 .../disk-cdrom-network.args.disk0 | 6 + .../disk-cdrom-network.args.disk1 | 8 + .../disk-cdrom-network.args.disk1.pipe.778 | 1 + .../disk-cdrom-network.args.disk2 | 8 + .../disk-cdrom-network.args.disk2.pipe.780 | 1 + .../disk-network-http.args.disk0 | 6 + .../disk-network-http.args.disk1 | 5 + .../disk-network-http.args.disk2 | 6 + .../disk-network-http.args.disk2.pipe.778 | 1 + .../disk-network-http.args.disk3 | 7 + .../disk-network-http.args.disk3.pipe.780 | 1 + ...work-source-curl-nbdkit-backing.args.disk0 | 7 + ...ce-curl-nbdkit-backing.args.disk0.pipe.778 | 1 + .../disk-network-source-curl.args.disk0 | 7 + ...sk-network-source-curl.args.disk0.pipe.778 | 1 + .../disk-network-source-curl.args.disk1 | 9 + ...sk-network-source-curl.args.disk1.pipe.780 | 1 + ...sk-network-source-curl.args.disk1.pipe.782 | 1 + .../disk-network-source-curl.args.disk2 | 7 + ...sk-network-source-curl.args.disk2.pipe.782 | 1 + ...sk-network-source-curl.args.disk2.pipe.784 | 1 + .../disk-network-source-curl.args.disk3 | 6 + .../disk-network-source-curl.args.disk4 | 6 + .../disk-network-ssh-key.args.disk0 | 10 + .../disk-network-ssh-password.args.disk0 | 9 + ...k-network-ssh-password.args.disk0.pipe.778 | 1 + .../disk-network-ssh.args.disk0 | 7 + .../disk-network-ssh.args.disk1 | 8 + .../disk-network-ssh.args.disk1.pipe.778 | 1 + .../disk-network-ssh.args.disk2 | 9 + tests/qemunbdkittest.c | 302 ++++ tests/qemustatusxml2xmldata/modern-in.xml | 4 + ...sk-cdrom-network-nbdkit.x86_64-latest.args | 42 + .../disk-cdrom-network-nbdkit.xml | 1 + ...isk-network-http-nbdkit.x86_64-latest.args | 45 + .../disk-network-http-nbdkit.xml | 1 + ...rce-curl-nbdkit-backing.x86_64-latest.args | 38 + ...isk-network-source-curl-nbdkit-backing.xml | 45 + ...work-source-curl-nbdkit.x86_64-latest.args | 50 + .../disk-network-source-curl-nbdkit.xml | 1 + ...isk-network-source-curl.x86_64-latest.args | 54 + .../disk-network-source-curl.xml | 74 + .../qemuxml2argvdata/disk-network-ssh-key.xml | 33 + ...disk-network-ssh-nbdkit.x86_64-latest.args | 36 + .../disk-network-ssh-nbdkit.xml | 1 + ...sk-network-ssh-password.x86_64-latest.args | 36 + .../disk-network-ssh-password.xml | 35 + .../disk-network-ssh.x86_64-latest.args | 36 + tests/qemuxml2argvdata/disk-network-ssh.xml | 32 + tests/qemuxml2argvtest.c | 19 + tests/testutilsqemu.c | 27 + tests/testutilsqemu.h | 5 + 86 files changed, 3463 insertions(+), 475 deletions(-) create mode 100644 src/qemu/qemu_logcontext.c create mode 100644 src/qemu/qemu_logcontext.h create mode 100644 src/qemu/qemu_nbdkit.c create mode 100644 src/qemu/qemu_nbdkit.h create mode 100644 src/qemu/qemu_nbdkitpriv.h rename tests/qemublocktestdata/imagecreate/{network-ssh-qcow2-invalid.json => network-ssh-qcow2.json} (100%) rename tests/qemublocktestdata/imagecreate/{network-ssh-qcow2-invalid.xml => network-ssh-qcow2.xml} (100%) create mode 100644 tests/qemunbdkitdata/disk-cdrom-network.args.disk0 create mode 100644 tests/qemunbdkitdata/disk-cdrom-network.args.disk1 create mode 100644 tests/qemunbdkitdata/disk-cdrom-network.args.disk1.pipe.778 create mode 100644 tests/qemunbdkitdata/disk-cdrom-network.args.disk2 create mode 100644 tests/qemunbdkitdata/disk-cdrom-network.args.disk2.pipe.780 create mode 100644 tests/qemunbdkitdata/disk-network-http.args.disk0 create mode 100644 tests/qemunbdkitdata/disk-network-http.args.disk1 create mode 100644 tests/qemunbdkitdata/disk-network-http.args.disk2 create mode 100644 tests/qemunbdkitdata/disk-network-http.args.disk2.pipe.778 create mode 100644 tests/qemunbdkitdata/disk-network-http.args.disk3 create mode 100644 tests/qemunbdkitdata/disk-network-http.args.disk3.pipe.780 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl-nbdkit-backing.args.disk0 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl-nbdkit-backing.args.disk0.pipe.778 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk0 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk0.pipe.778 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk1 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk1.pipe.780 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk1.pipe.782 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk2 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk2.pipe.782 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk2.pipe.784 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk3 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk4 create mode 100644 tests/qemunbdkitdata/disk-network-ssh-key.args.disk0 create mode 100644 tests/qemunbdkitdata/disk-network-ssh-password.args.disk0 create mode 100644 tests/qemunbdkitdata/disk-network-ssh-password.args.disk0.pipe.778 create mode 100644 tests/qemunbdkitdata/disk-network-ssh.args.disk0 create mode 100644 tests/qemunbdkitdata/disk-network-ssh.args.disk1 create mode 100644 tests/qemunbdkitdata/disk-network-ssh.args.disk1.pipe.778 create mode 100644 tests/qemunbdkitdata/disk-network-ssh.args.disk2 create mode 100644 tests/qemunbdkittest.c create mode 100644 tests/qemuxml2argvdata/disk-cdrom-network-nbdkit.x86_64-latest.args create mode 120000 tests/qemuxml2argvdata/disk-cdrom-network-nbdkit.xml create mode 100644 tests/qemuxml2argvdata/disk-network-http-nbdkit.x86_64-latest.args create mode 120000 tests/qemuxml2argvdata/disk-network-http-nbdkit.xml create mode 100644 tests/qemuxml2argvdata/disk-network-source-curl-nbdkit-backing.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/disk-network-source-curl-nbdkit-backing.xml create mode 100644 tests/qemuxml2argvdata/disk-network-source-curl-nbdkit.x86_64-latest.args create mode 120000 tests/qemuxml2argvdata/disk-network-source-curl-nbdkit.xml create mode 100644 tests/qemuxml2argvdata/disk-network-source-curl.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/disk-network-source-curl.xml create mode 100644 tests/qemuxml2argvdata/disk-network-ssh-key.xml create mode 100644 tests/qemuxml2argvdata/disk-network-ssh-nbdkit.x86_64-latest.args create mode 120000 tests/qemuxml2argvdata/disk-network-ssh-nbdkit.xml create mode 100644 tests/qemuxml2argvdata/disk-network-ssh-password.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/disk-network-ssh-password.xml create mode 100644 tests/qemuxml2argvdata/disk-network-ssh.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/disk-network-ssh.xml -- 2.39.0

2 46

[PATCH] qemu_namespace: Deal with nested mounts when umount()-ing /dev
by Michal Privoznik 07 Feb '23

07 Feb '23

In one of recent commits (v9.0.0-rc1~106) I've made our QEMU namespace code umount the original /dev. One of the reasons was enhanced security, because previously we just mounted a tmpfs over the original /dev. Thus a malicious QEMU could just umount("/dev") and it would get to the original /dev with all nodes. Now, on some systems this introduced a regression: failed to umount devfs on /dev: Device or resource busy But how this could be? We've moved all file systems mounted under /dev to a temporary location. Or have we? As it turns out, not quite. If there are two file systems mounted on the same target, e.g. like this: mount -t tmpfs tmpfs /dev/shm/ && mount -t tmpfs tmpfs /dev/shm/ then only the top most (i.e. the last one) is moved. See qemuDomainUnshareNamespace() for more info. Now, we could enhance our code to deal with these "doubled" mount points. Or, since it is the top most file system that is accessible anyways (and this one is preserved), we can umount("/dev") in a recursive fashion. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2167302 Fixes: 379c0ce4bfed8733dfbde557c359eecc5474ce38 Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- src/qemu/qemu_namespace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c index 5769a4dfe0..5fc043bd62 100644 --- a/src/qemu/qemu_namespace.c +++ b/src/qemu/qemu_namespace.c @@ -777,7 +777,7 @@ qemuDomainUnshareNamespace(virQEMUDriverConfig *cfg, } #if defined(__linux__) - if (umount("/dev") < 0) { + if (umount2("/dev", MNT_DETACH) < 0) { virReportSystemError(errno, "%s", _("failed to umount devfs on /dev")); return -1; } -- 2.39.1

2 1