[PATCH 0/2] Fix mocking around networkxml2firewalltest
by Michal Privoznik
*** BLURB HERE ***
Michal Prívozník (2):
util: include virfirewall.h in virfirewalld.h
virfirewallmock: Replace virFindFileInPath() with
virFirewallDIsRegistered()
src/util/virfirewalld.h | 2 ++
tests/virfirewallmock.c | 16 ++++------------
2 files changed, 6 insertions(+), 12 deletions(-)
--
2.39.2
1 year
[RFC PATCH] hostdev:Introduce vDPA device to hostdev subsystem as a new subtype
by libai
The following is the xml of vdpa device:
<devices>
<hostdev mode='subsystem' type='vdpa'>
<source dev='/dev/vhost-vdpa-0'/>
</hostdev>
</devices>
And the command line passed to QEMU is as follows:
-device {"driver":"vhost-vdpa-device-pci","vhostdev":"/dev/vhost-vdpa-0"}
This solution is selected according to the previous discussion
on the solution of supporting the vDPA device.
For details, see the following:
https://listman.redhat.com/archives/libvir-list/2023-March/239018.html
Signed-off-by: libai <libai12(a)huawei.com>
---
src/conf/domain_audit.c | 4 +++
src/conf/domain_conf.c | 47 +++++++++++++++++++++++++++++++++
src/conf/domain_conf.h | 6 +++++
src/conf/domain_validate.c | 1 +
src/conf/virconftypes.h | 2 ++
src/qemu/qemu_command.c | 19 +++++++++++++
src/qemu/qemu_command.h | 3 +++
src/qemu/qemu_domain.c | 6 +++++
src/qemu/qemu_hotplug.c | 1 +
src/qemu/qemu_migration.c | 2 ++
src/qemu/qemu_validate.c | 2 ++
src/security/security_dac.c | 2 ++
src/security/security_selinux.c | 2 ++
13 files changed, 97 insertions(+)
diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
index ae875188bd..6906ce7ade 100644
--- a/src/conf/domain_audit.c
+++ b/src/conf/domain_audit.c
@@ -344,6 +344,7 @@ virDomainAuditHostdev(virDomainObj *vm, virDomainHostdevDef *hostdev,
virDomainHostdevSubsysSCSI *scsisrc = &hostdev->source.subsys.u.scsi;
virDomainHostdevSubsysSCSIVHost *hostsrc = &hostdev->source.subsys.u.scsi_host;
virDomainHostdevSubsysMediatedDev *mdevsrc = &hostdev->source.subsys.u.mdev;
+ virDomainHostdevSubsysVDPA *vdpasrc = &hostdev->source.subsys.u.vdpa;
virUUIDFormat(vm->def->uuid, uuidstr);
if (!(vmname = virAuditEncode("vm", vm->def->name))) {
@@ -383,6 +384,9 @@ virDomainAuditHostdev(virDomainObj *vm, virDomainHostdevDef *hostdev,
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV:
address = g_strdup(mdevsrc->uuidstr);
break;
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA:
+ address = g_strdup(vdpasrc->devpath);
+ break;
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
default:
VIR_WARN("Unexpected hostdev type while encoding audit message: %d",
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index b03a3ff011..e8f6d1457b 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -1047,6 +1047,7 @@ VIR_ENUM_IMPL(virDomainHostdevSubsys,
"scsi",
"scsi_host",
"mdev",
+ "vdpa",
);
VIR_ENUM_IMPL(virDomainHostdevSubsysPCIBackend,
@@ -2641,6 +2642,9 @@ virDomainHostdevDefClear(virDomainHostdevDef *def)
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI:
g_clear_pointer(&def->source.subsys.u.pci.origstates, virBitmapFree);
break;
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA:
+ VIR_FREE(def->source.subsys.u.vdpa.devpath);
+ break;
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB:
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV:
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
@@ -6160,6 +6164,22 @@ virDomainHostdevSubsysMediatedDevDefParseXML(virDomainHostdevDef *def,
return 0;
}
+static int
+virDomainHostdevSubsysVDPADefParseXML(xmlNodePtr sourcenode,
+ virDomainHostdevDef *def)
+{
+ g_autofree char *devpath = NULL;
+ virDomainHostdevSubsysVDPA *vdpa = &def->source.subsys.u.vdpa;
+
+ if(!(devpath = virXMLPropString(sourcenode, "dev"))) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Missing 'dev' attribute for element <source>"));
+ return -1;
+ }
+ vdpa->devpath = g_steal_pointer(&devpath);
+ return 0;
+}
+
static int
virDomainHostdevDefParseXMLSubsys(xmlNodePtr node,
xmlXPathContextPtr ctxt,
@@ -6317,6 +6337,11 @@ virDomainHostdevDefParseXMLSubsys(xmlNodePtr node,
if (virDomainHostdevSubsysMediatedDevDefParseXML(def, ctxt) < 0)
return -1;
break;
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA:
+ if (virDomainHostdevSubsysVDPADefParseXML(sourcenode, def) < 0) {
+ return -1;
+ }
+ break;
default:
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
@@ -12979,6 +13004,7 @@ virDomainHostdevDefParseXML(virDomainXMLOption *xmlopt,
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI:
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI_HOST:
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV:
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA:
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
break;
}
@@ -14101,6 +14127,13 @@ virDomainHostdevMatchSubsys(virDomainHostdevDef *a,
return 0;
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV:
return virDomainHostdevMatchSubsysMediatedDev(a, b);
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA:
+ if (STREQ(a->source.subsys.u.vdpa.devpath,
+ b->source.subsys.u.vdpa.devpath)) {
+ return 1;
+ } else {
+ return 0;
+ }
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
return 0;
}
@@ -23290,6 +23323,16 @@ virDomainHostdevDefFormatSubsysMdev(virBuffer *buf,
virXMLFormatElement(buf, "source", NULL, &sourceChildBuf);
}
+static void
+virDomainHostdevDefFormatSubsysVDPA(virBuffer *buf,
+ virDomainHostdevDef *def)
+{
+ g_auto(virBuffer) sourceAttrBuf = VIR_BUFFER_INITIALIZER;
+ virDomainHostdevSubsysVDPA *vdpasrc = &def->source.subsys.u.vdpa;
+ virBufferAsprintf(&sourceAttrBuf, " dev='%s'", vdpasrc->devpath);
+ virXMLFormatElement(buf, "source", &sourceAttrBuf, NULL);
+}
+
static int
virDomainHostdevDefFormatSubsys(virBuffer *buf,
@@ -23317,6 +23360,10 @@ virDomainHostdevDefFormatSubsys(virBuffer *buf,
virDomainHostdevDefFormatSubsysMdev(buf, def);
return 0;
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA:
+ virDomainHostdevDefFormatSubsysVDPA(buf, def);
+ return 0;
+
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
default:
virReportEnumRangeError(virDomainHostdevSubsysType, def->source.subsys.type);
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 511067a050..ade8b0edec 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -197,6 +197,7 @@ typedef enum {
VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI,
VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI_HOST,
VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV,
+ VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA,
VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST
} virDomainHostdevSubsysType;
@@ -289,6 +290,10 @@ struct _virDomainHostdevSubsysMediatedDev {
virTristateSwitch ramfb;
};
+struct _virDomainHostdevSubsysVDPA {
+ char *devpath; /* vDPA device path */
+};
+
typedef enum {
VIR_DOMAIN_HOSTDEV_SUBSYS_SCSI_HOST_PROTOCOL_TYPE_NONE,
VIR_DOMAIN_HOSTDEV_SUBSYS_SCSI_HOST_PROTOCOL_TYPE_VHOST,
@@ -323,6 +328,7 @@ struct _virDomainHostdevSubsys {
virDomainHostdevSubsysSCSI scsi;
virDomainHostdevSubsysSCSIVHost scsi_host;
virDomainHostdevSubsysMediatedDev mdev;
+ virDomainHostdevSubsysVDPA vdpa;
} u;
};
diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index e04b85fee4..4af84c4f0c 100644
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -2214,6 +2214,7 @@ virDomainHostdevDefValidate(const virDomainHostdevDef *hostdev)
}
break;
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV:
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA:
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
break;
}
diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h
index e07f967814..1756c54e7a 100644
--- a/src/conf/virconftypes.h
+++ b/src/conf/virconftypes.h
@@ -120,6 +120,8 @@ typedef struct _virDomainHostdevSubsys virDomainHostdevSubsys;
typedef struct _virDomainHostdevSubsysMediatedDev virDomainHostdevSubsysMediatedDev;
+typedef struct _virDomainHostdevSubsysVDPA virDomainHostdevSubsysVDPA;
+
typedef struct _virDomainHostdevSubsysPCI virDomainHostdevSubsysPCI;
typedef struct _virDomainHostdevSubsysSCSI virDomainHostdevSubsysSCSI;
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 4ca93bf3dc..121214f4d5 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -4958,6 +4958,18 @@ qemuBuildHostdevMediatedDevProps(const virDomainDef *def,
return g_steal_pointer(&props);
}
+virJSONValue *
+qemuBuildHostdevVDPADevProps(virDomainHostdevDef *dev)
+{
+ g_autoptr(virJSONValue) props = NULL;
+ virDomainHostdevSubsysVDPA *vdpasrc = &dev->source.subsys.u.vdpa;
+ if (virJSONValueObjectAdd(&props,
+ "s:driver", "vhost-vdpa-device-pci",
+ "s:vhostdev", vdpasrc->devpath,
+ NULL) < 0)
+ return NULL;
+ return g_steal_pointer(&props);
+}
qemuBlockStorageSourceAttachData *
qemuBuildHostdevSCSIDetachPrepare(virDomainHostdevDef *hostdev,
@@ -5154,6 +5166,13 @@ qemuBuildHostdevCommandLine(virCommand *cmd,
return -1;
break;
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA:
+ if (!(devprops = qemuBuildHostdevVDPADevProps(hostdev)))
+ return -1;
+ if (qemuBuildDeviceCommandlineFromJSON(cmd, devprops, def, qemuCaps) < 0)
+ return -1;
+ break;
+
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
break;
}
diff --git a/src/qemu/qemu_command.h b/src/qemu/qemu_command.h
index 5fdb138030..dff18350b5 100644
--- a/src/qemu/qemu_command.h
+++ b/src/qemu/qemu_command.h
@@ -198,6 +198,9 @@ virJSONValue *
qemuBuildHostdevMediatedDevProps(const virDomainDef *def,
virDomainHostdevDef *dev);
+virJSONValue *
+qemuBuildHostdevVDPADevProps(virDomainHostdevDef *dev);
+
virJSONValue *
qemuBuildRedirdevDevProps(const virDomainDef *def,
virDomainRedirdevDef *dev);
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 63b13b6875..0cd485a459 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -10533,6 +10533,8 @@ qemuDomainGetHostdevPath(virDomainHostdevDef *dev,
virDomainHostdevSubsysSCSI *scsisrc = &dev->source.subsys.u.scsi;
virDomainHostdevSubsysSCSIVHost *hostsrc = &dev->source.subsys.u.scsi_host;
virDomainHostdevSubsysMediatedDev *mdevsrc = &dev->source.subsys.u.mdev;
+ virDomainHostdevSubsysVDPA *vdpasrc = &dev->source.subsys.u.vdpa;
+
g_autoptr(virUSBDevice) usb = NULL;
g_autoptr(virSCSIDevice) scsi = NULL;
g_autoptr(virSCSIVHostDevice) host = NULL;
@@ -10603,6 +10605,10 @@ qemuDomainGetHostdevPath(virDomainHostdevDef *dev,
if (!(tmpPath = virMediatedDeviceGetIOMMUGroupDev(mdevsrc->uuidstr)))
return -1;
+ perm = VIR_CGROUP_DEVICE_RW;
+ break;
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA:
+ tmpPath = g_strdup(vdpasrc->devpath);
perm = VIR_CGROUP_DEVICE_RW;
break;
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 5072798cb7..7d89899223 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -4546,6 +4546,7 @@ qemuDomainRemoveHostDevice(virQEMUDriver *driver,
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV:
qemuDomainRemoveMediatedDevice(driver, vm, hostdev);
break;
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA:
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
break;
}
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index ed41a03851..9220ef1ab1 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -1295,6 +1295,8 @@ qemuMigrationSrcIsAllowedHostdev(const virDomainDef *def)
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI:
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI_HOST:
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV:
+ /* The vDPA devices don't support migration for now */
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA:
virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
_("cannot migrate a domain with <hostdev mode='subsystem' type='%1$s'>"),
virDomainHostdevSubsysTypeToString(hostdev->source.subsys.type));
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index b8d5e9bd74..ea3d4e1a39 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -2566,6 +2566,8 @@ qemuValidateDomainDeviceDefHostdev(const virDomainHostdevDef *hostdev,
break;
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV:
return qemuValidateDomainMdevDef(hostdev, def, qemuCaps);
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA:
+ break;
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
default:
virReportEnumRangeError(virDomainHostdevSubsysType,
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index c7dc145621..24f3de5d15 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -1313,6 +1313,7 @@ virSecurityDACSetHostdevLabel(virSecurityManager *mgr,
break;
}
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA:
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
ret = 0;
break;
@@ -1469,6 +1470,7 @@ virSecurityDACRestoreHostdevLabel(virSecurityManager *mgr,
break;
}
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA:
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
ret = 0;
break;
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index e3e6a6115f..5cb6612fbc 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -2265,6 +2265,7 @@ virSecuritySELinuxSetHostdevSubsysLabel(virSecurityManager *mgr,
break;
}
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA:
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
ret = 0;
break;
@@ -2493,6 +2494,7 @@ virSecuritySELinuxRestoreHostdevSubsysLabel(virSecurityManager *mgr,
break;
}
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA:
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
ret = 0;
break;
--
2.33.0
1 year
[libvirt PATCH 00/28] native support for nftables in virtual network driver
by Laine Stump
This patch series enables libvirt to use nftables rules rather than
iptables *when setting up virtual networks* (it does *not* add
nftables support to the nwfilter driver). It accomplishes this by
abstracting several iptables functions (from viriptables.[ch] called
by the virtual network driver into a rudimentary "virNetfilter API"
(in virnetfilter.[ch], having the virtual network driver call the
virNetFilter API rather than calling the existing iptables functions
directly, and then finally adding an equivalent virNftables backend
that can be used instead of iptables (selected manually via a
network.conf setting, or automatically if iptables isn't found on the
host).
A first look at the result may have you thinking that it's filled with
a lot of bad decisions. While I would agree with that in many cases, I
think that overall they are the "least bad" decisions, or at least
"bad within acceptable limits / no worse than something else", and
point out that it's been done in a way that minimizes (actually
eliminates) the need for immediate changes to nwfilter (the other
consumer of iptables, which *also* needs to be updated to use native
nftables), and makes it much easier to change our mind about the
details in the future.
When I first started on this (long, protracted, repeatedly interrupted
for extended periods - many of these patches are > a year old) task, I
considered doing an all-at-once complete replacement of iptables with
nftables, since all the Linux distros we support have had nftables for
several years, and I'm pretty sure nobody has it disabled (not even
sure if it's possible to disable nftables while still enabling
iptables, since they both use xtables in the kernel). But due to
libvirt's use of "-t mangle -j CHECKSUM --checksum-fill" (see commit
fd5b15ff all the way back in July 2010 for details) which has no
equivalent in nftables rules (and we don't *want* it to!!), and the
desire to be able to easily switch back to iptables in case of an
unforeseen regression, we decided that both iptables and nftables need
to be supported (for now), with the default (for now) remaining as
iptables.
Just allowing for dual backends complicated matters, since it means
that we have to have a config file, a setting, detection of which
backends are available, and of course some sort of concept of an
abstracted frontend that can use either backend based on the config
setting (and/or auto-detection). Combining that with the fact that it
would just be "too big" of a project to switch over nwfilter's
iptables usage at the same time means that we have to keep around a
lot of existing code for compatibility's sake rather than just wiping
it all away and starting over.
So, what I've ended up with is:
1) a network.conf file (didn't exist before) with a single setting
"firewall_backend". If unset, the network driver tries to use iptables
on the backend, and if that's missing, then tries to use nftables.
2) a new (internal-only, so transient!) virNetFilterXXX API that is
used by the network driver in place of the iptablesXXX API, and calls
either iptablesXXX or:
3) a virNftablesXXX API that exactly replicates the filtering rules of
the existing iptablesXXX API (except in the custom "libvirt" base
table rather than the system "filter" and "nat" tables). This means
that:
4) when the nftables backend is used, the rules added are *exactly the
same* (functionally speaking) as we currently add for iptables (except
they are in the "libvirt" table).
We had spent some time in IRC discussing different ways of using new
functionality available in nftables to make a more
efficient/performant implemention of the desired filtering, and there
are some really great possibilities that need to be explored, but in
the end there were too many details up in the air, and I decided that
it would be more "accomplishable" (coined a new word there!) to first
replicate existing behavior with nftables, but do it inside a
framework that makes it easy to modify the details in the future (in
particular making it painless to switch back and forth between builds
with differing filter models at runtime) - this way we'll be able to
separate the infrastructure work from the details of the rules (which
we can then more easily work on and experiment with). (This implies
that the main objective right now is "get rid of iptables
dependencies", not "make the filtering faster and more efficient").
Notable features of this patchset:
* allows switching between iptables/nftables backends without
rebooting or restarting networks/guests.
Because the commands required to remove a network's filter rules are
now saved in the network status XML, each time libvirtd (or
virtnetworkd) is restarted, it will execute exactly the commands
needed to remove the filter rules that had been added by the
previous libvirtd/virtnetworkd (rather than just making a guess, as
we've always done up until now), and then add new rules using the
current backend+binary's set of rules (while also saving the info
needed for future removal of these new rules back into the network's
status XML).
* firewall_backend can be explicitly set in (new)
/etc/libvirt/network.conf, but if it's not explicitly set, libvirt
will default to the iptables backend if the iptables binary is
found, and otherwise fall back to nftables as long as the nft
binary is found; otherwise the first attempt to start a network will
fail with an appropriate error.
Things that seem ugly / that I would like to clean up / that I think
are just fine as they are:
* virFirewall does *not* provide a backend-agnostic interface [this is fine]
* We need to maintain a backward-compatible API for virFirewall so
that we don't have to touch nwfilter code. Trying to make its API
backend-agnostic would require individually considering/changing
every nwfilter use of virFirewall.
* instead virFirewall objects are just a way to build a collection
of commands to execute to build a firewall, then execute them
while collecting info for and building a collection of commands
that will tear down that firewall in the future.
Do I want to "fix" this in the future by making virFirewall a higher
level interface that accepts tokens describing the type of rule to
add (rather than backend-specific arguments to a backend-specific
command)? No. I think I like the way virFirewall works (as
described in that previous bullet-point), instead I'm thinking that
it is just slightly mis-named - I've lately been thinking of it as a
"virNetFilterCmdList". Similarly, the virFirewallRules that it has a
list of aren't really "rules", they are better described as commands
or actions, so maybe they should be renamed to virNetfilterCmd or
virNetfilterAction. But that is just cosmetic, so I didn't want to
get into it in these patches (especially in case someone disagrees,
or has a better idea for naming).
* Speaking of renaming - I should probably rename all the
"iptablesXXX" functions to "virIptablesXXX" to be consistent with so
much of our other code. I lost the ambition to deal with it right
now though, so I'm leaving that for later cleanup (or I could do it
now if it really makes someone's day :-).
* I could have chosen a higher place in the callchain to make the
virNetfilter abstraction, e.g. at the level of
"networkAddXXXFirewallRules()" rather than at the lower level of
iptablesXXX(). That is actually probably what will happen in the
future (since it will be necessary in order for an nftables-based
firewall to be significantly different in structure from an
iptables-based firewall). But that's the beauty of an API being
private - we can freely add/remove things as needed. the important
thing is that we now have the basic structure there.
For now, the split is just above the existing iptablesXXX API
(util/viriptables.[ch], which seems like a "narrow" enough
place. Most iptablesXXX functions are written in terms of just 10
*other* iptablesXXX functions that add iptables-specific commands -
I've just moved those functions into virnetfilter.[ch]
(appropriately renamed), and changed them to call the 10
virNetfilterXXX functions that will in-turn call those 10
iptablesXXX (or equivalent virNftablesXXX) functions.
* Some people may dislike that the 10 virNetfilterXXX functions are
each written with a switch statement that has cases to directly call
each backend, rather than each backend driver having a table of
pointers to API functions, with the virNetfilter API function
calling backends[fwBackend]->XXX() (ie the pattern for so many
drivers in libvirt). But for just 2 backends, that really seemed
like overkill and unnecessary obfuscation.
* As implemented here, I am storing a "<fwRemoval>" element in the
network status XML - it contains a serialized virFirewall object
that directly contains the commands necessary to remove the
firewall. I could instead just store "<firewall>", which would
include all the commands that were used to *create* the firewall in
addition to the commands needed to remove the firewall. The way it's
done currently takes up less space; switching to storing the full
firewall *might* be more informative to somebody, but on the other
hand would make the network status XML *very* long. If anybody has
an opinion about this, now is the time to bring it up - do you think
it's worth having a separate list of all the commands that were used
to create a network's firewall (keeping in mind that there is no
public API to access it)? Or is it enough to just store what's
needed to remove the firewall?
* Several months ago Eric Garver posted patches for a pure firewalld
backend, and I requested that they not be pushed because I wanted
that to be integrated with my nftables backend support. Due to the
fact that the firewalld backend is almost entirely implemented by
putting the bridge into a new firewalld "zone", with no individual
rules added, that won't happen as just another backend driver file
in parallel to iptables and nftables; it will instead work by
checking firewall_backend at a higher level in the network driver,
thus avoiding the calls to virNetfilterXXX() entirely. I have
locally merged Eric's patches over the top of these patches, and
there are surprisingly few conflicts, but since his patches didn't
account for a user-settable config (but instead just always used the
firewalld backend if firewalld was active), some of the patches are
going to require a bit of rework, which I'll take care of after
getting these patches in.
Laine Stump (28):
util: add -w/--concurrent when applying the rule rather than when
building it
util: new virFirewallRuleGet*() APIs
util: determine ignoreErrors value when creating rule, not when
applying
util: rename iptables helpers that will become the frontend for
ip&nftables
util: move backend-agnostic virNetfilter*() functions to their own
file
util: make netfilter action a proper typedefed (virFirewall) enum
util: #define the names used for private packet filter chains
util: move/rename virFirewallApplyRuleDirect to
virIptablesApplyFirewallRule
util/network: reintroduce virFirewallBackend, but different
network: add (empty) network.conf file to distribution files
network: allow setting firewallBackend from network.conf
network: do not add DHCP checksum mangle rule unless using iptables
network: call backend agnostic function to init private filter chains
util: setup functions in virnetfilter which will call appropriate
backend
build: add nft to the list of binaries we attempt to locate
util: add nftables backend to virnetfilter API used by network driver
tests: test cases for nftables backend
util: new functions to support adding individual rollback rules
util: check for 0 args when applying iptables rule
util: implement rollback rule autosave for iptables backend
util: implement rollback rule autosave for nftables backend
network: turn on auto-rollback for the rules added for virtual
networks
util: new function virFirewallNewFromRollback()
util: new functions virFirewallParseXML() and virFirewallFormat()
conf: add a virFirewall object to virNetworkObj
network: use previously saved list of firewall rules when removing
network: save network status when firewall rules are reloaded
network: improve log message when reloading virtual network firewall
rules
libvirt.spec.in | 5 +
meson.build | 1 +
po/POTFILES | 2 +
src/conf/virnetworkobj.c | 40 +
src/conf/virnetworkobj.h | 11 +
src/libvirt_private.syms | 68 +-
src/network/bridge_driver.c | 40 +-
src/network/bridge_driver_conf.c | 44 +
src/network/bridge_driver_conf.h | 3 +
src/network/bridge_driver_linux.c | 241 +++--
src/network/bridge_driver_nop.c | 6 +-
src/network/bridge_driver_platform.h | 6 +-
src/network/libvirtd_network.aug | 39 +
src/network/meson.build | 11 +
src/network/network.conf | 24 +
src/network/test_libvirtd_network.aug.in | 5 +
src/nwfilter/nwfilter_ebiptables_driver.c | 16 +-
src/util/meson.build | 2 +
src/util/virebtables.c | 4 +-
src/util/virfirewall.c | 490 ++++++++--
src/util/virfirewall.h | 51 +-
src/util/viriptables.c | 762 ++++-----------
src/util/viriptables.h | 222 ++---
src/util/virnetfilter.c | 892 ++++++++++++++++++
src/util/virnetfilter.h | 159 ++++
src/util/virnftables.c | 698 ++++++++++++++
src/util/virnftables.h | 118 +++
.../{base.args => base.iptables} | 0
tests/networkxml2firewalldata/base.nftables | 256 +++++
...-linux.args => nat-default-linux.iptables} | 0
.../nat-default-linux.nftables | 248 +++++
...pv6-linux.args => nat-ipv6-linux.iptables} | 0
.../nat-ipv6-linux.nftables | 384 ++++++++
...rgs => nat-ipv6-masquerade-linux.iptables} | 0
.../nat-ipv6-masquerade-linux.nftables | 456 +++++++++
...linux.args => nat-many-ips-linux.iptables} | 0
.../nat-many-ips-linux.nftables | 472 +++++++++
...-linux.args => nat-no-dhcp-linux.iptables} | 0
.../nat-no-dhcp-linux.nftables | 384 ++++++++
...ftp-linux.args => nat-tftp-linux.iptables} | 0
.../nat-tftp-linux.nftables | 274 ++++++
...inux.args => route-default-linux.iptables} | 0
.../route-default-linux.nftables | 162 ++++
tests/networkxml2firewalltest.c | 56 +-
tests/virfirewalltest.c | 20 +-
45 files changed, 5718 insertions(+), 954 deletions(-)
create mode 100644 src/network/libvirtd_network.aug
create mode 100644 src/network/network.conf
create mode 100644 src/network/test_libvirtd_network.aug.in
create mode 100644 src/util/virnetfilter.c
create mode 100644 src/util/virnetfilter.h
create mode 100644 src/util/virnftables.c
create mode 100644 src/util/virnftables.h
rename tests/networkxml2firewalldata/{base.args => base.iptables} (100%)
create mode 100644 tests/networkxml2firewalldata/base.nftables
rename tests/networkxml2firewalldata/{nat-default-linux.args => nat-default-linux.iptables} (100%)
create mode 100644 tests/networkxml2firewalldata/nat-default-linux.nftables
rename tests/networkxml2firewalldata/{nat-ipv6-linux.args => nat-ipv6-linux.iptables} (100%)
create mode 100644 tests/networkxml2firewalldata/nat-ipv6-linux.nftables
rename tests/networkxml2firewalldata/{nat-ipv6-masquerade-linux.args => nat-ipv6-masquerade-linux.iptables} (100%)
create mode 100644 tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables
rename tests/networkxml2firewalldata/{nat-many-ips-linux.args => nat-many-ips-linux.iptables} (100%)
create mode 100644 tests/networkxml2firewalldata/nat-many-ips-linux.nftables
rename tests/networkxml2firewalldata/{nat-no-dhcp-linux.args => nat-no-dhcp-linux.iptables} (100%)
create mode 100644 tests/networkxml2firewalldata/nat-no-dhcp-linux.nftables
rename tests/networkxml2firewalldata/{nat-tftp-linux.args => nat-tftp-linux.iptables} (100%)
create mode 100644 tests/networkxml2firewalldata/nat-tftp-linux.nftables
rename tests/networkxml2firewalldata/{route-default-linux.args => route-default-linux.iptables} (100%)
create mode 100644 tests/networkxml2firewalldata/route-default-linux.nftables
--
2.39.2
1 year
[libvirt PATCH 0/5] qemu: Find helpers at runtime
by Andrea Bolognani
This removes the need to have them present in the build environment
and makes things more flexible.
Note that we currently *do not* have the helpers available in most CI
environments, or have BuildRequires for them in the spec file. That
only works for Fedora and RHEL because the hardcoded fallback paths
happen to match those used on those distributions: everywhere else,
the choice is to either ensure that the additional packages are
installed in the build environment or to produce a build of libvirt
that can't use the corresponding features out of the box.
Andrea Bolognani (5):
util: Small refactor
util: Introduce virFileFindInPathFull()
qemu: Find helpers at runtime
meson: Stop looking for QEMU helpers
qemu: Update documentation for qemu.conf keys
meson.build | 24 ---------------
src/libvirt_private.syms | 1 +
src/qemu/qemu.conf.in | 8 +++--
src/qemu/qemu_conf.c | 4 +++
src/qemu/qemu_interface.c | 15 ++++++++--
src/qemu/qemu_process.c | 17 ++++++++---
src/qemu/test_libvirtd_qemu.aug.in | 4 +--
src/util/virfile.c | 47 ++++++++++++++++++++++++++----
src/util/virfile.h | 3 ++
9 files changed, 83 insertions(+), 40 deletions(-)
--
2.40.1
1 year
[PATCH 0/3] Audio test cleanups
by Peter Krempa
Few things I've cleaned up before realizing that:
https://gitlab.com/libvirt/libvirt/-/issues/473
can't really be solved without qemu assistance.
Peter Krempa (3):
qemuxml2xmlout: Replace symlinks of all 'audio-' tests by real files
qemuxml2argvtest: Use real caps instead of fake caps for
'audio-default-*' cases
qemuxml2xmltest: Modernize all 'audio-' cases
...gs => audio-default-sdl.x86_64-4.2.0.args} | 6 +-
... => audio-default-spice.x86_64-4.2.0.args} | 6 +-
...gs => audio-default-vnc.x86_64-4.2.0.args} | 6 +-
tests/qemuxml2argvtest.c | 6 +-
.../audio-alsa-best.x86_64-latest.xml | 46 ++++++++++++++
tests/qemuxml2xmloutdata/audio-alsa-best.xml | 1 -
.../audio-alsa-full.x86_64-latest.xml | 46 ++++++++++++++
tests/qemuxml2xmloutdata/audio-alsa-full.xml | 1 -
.../audio-alsa-minimal.x86_64-latest.xml | 39 ++++++++++++
.../qemuxml2xmloutdata/audio-alsa-minimal.xml | 1 -
.../audio-coreaudio-best.x86_64-latest.xml | 46 ++++++++++++++
.../audio-coreaudio-best.xml | 1 -
.../audio-coreaudio-full.x86_64-latest.xml | 46 ++++++++++++++
.../audio-coreaudio-full.xml | 1 -
.../audio-coreaudio-minimal.x86_64-latest.xml | 39 ++++++++++++
.../audio-coreaudio-minimal.xml | 1 -
.../audio-file-best.x86_64-latest.xml | 46 ++++++++++++++
tests/qemuxml2xmloutdata/audio-file-best.xml | 1 -
.../audio-file-full.x86_64-latest.xml | 46 ++++++++++++++
tests/qemuxml2xmloutdata/audio-file-full.xml | 1 -
.../audio-file-minimal.x86_64-latest.xml | 39 ++++++++++++
.../qemuxml2xmloutdata/audio-file-minimal.xml | 1 -
.../audio-jack-full.x86_64-latest.xml | 46 ++++++++++++++
tests/qemuxml2xmloutdata/audio-jack-full.xml | 1 -
.../audio-many-backends.x86_64-latest.xml | 61 ++++++++++++++++++-
.../audio-none-best.x86_64-latest.xml | 46 ++++++++++++++
tests/qemuxml2xmloutdata/audio-none-best.xml | 1 -
.../audio-none-full.x86_64-latest.xml | 46 ++++++++++++++
tests/qemuxml2xmloutdata/audio-none-full.xml | 1 -
.../audio-none-minimal.x86_64-latest.xml | 39 ++++++++++++
.../qemuxml2xmloutdata/audio-none-minimal.xml | 1 -
.../audio-oss-best.x86_64-latest.xml | 46 ++++++++++++++
tests/qemuxml2xmloutdata/audio-oss-best.xml | 1 -
.../audio-oss-full.x86_64-latest.xml | 46 ++++++++++++++
tests/qemuxml2xmloutdata/audio-oss-full.xml | 1 -
.../audio-oss-minimal.x86_64-latest.xml | 39 ++++++++++++
.../qemuxml2xmloutdata/audio-oss-minimal.xml | 1 -
.../audio-pulseaudio-best.x86_64-latest.xml | 46 ++++++++++++++
.../audio-pulseaudio-best.xml | 1 -
.../audio-pulseaudio-full.x86_64-latest.xml | 46 ++++++++++++++
.../audio-pulseaudio-full.xml | 1 -
...audio-pulseaudio-minimal.x86_64-latest.xml | 39 ++++++++++++
.../audio-pulseaudio-minimal.xml | 1 -
.../audio-sdl-best.x86_64-latest.xml | 46 ++++++++++++++
tests/qemuxml2xmloutdata/audio-sdl-best.xml | 1 -
.../audio-sdl-full.x86_64-latest.xml | 46 ++++++++++++++
tests/qemuxml2xmloutdata/audio-sdl-full.xml | 1 -
.../audio-sdl-minimal.x86_64-latest.xml | 39 ++++++++++++
.../qemuxml2xmloutdata/audio-sdl-minimal.xml | 1 -
.../audio-spice-best.x86_64-latest.xml | 53 ++++++++++++++++
tests/qemuxml2xmloutdata/audio-spice-best.xml | 1 -
.../audio-spice-full.x86_64-latest.xml | 53 ++++++++++++++++
tests/qemuxml2xmloutdata/audio-spice-full.xml | 1 -
.../audio-spice-minimal.x86_64-latest.xml | 46 ++++++++++++++
.../audio-spice-minimal.xml | 1 -
tests/qemuxml2xmltest.c | 56 ++++++++---------
56 files changed, 1215 insertions(+), 66 deletions(-)
rename tests/qemuxml2argvdata/{audio-default-sdl.args => audio-default-sdl.x86_64-4.2.0.args} (86%)
rename tests/qemuxml2argvdata/{audio-default-spice.args => audio-default-spice.x86_64-4.2.0.args} (86%)
rename tests/qemuxml2argvdata/{audio-default-vnc.args => audio-default-vnc.x86_64-4.2.0.args} (86%)
create mode 100644 tests/qemuxml2xmloutdata/audio-alsa-best.x86_64-latest.xml
delete mode 120000 tests/qemuxml2xmloutdata/audio-alsa-best.xml
create mode 100644 tests/qemuxml2xmloutdata/audio-alsa-full.x86_64-latest.xml
delete mode 120000 tests/qemuxml2xmloutdata/audio-alsa-full.xml
create mode 100644 tests/qemuxml2xmloutdata/audio-alsa-minimal.x86_64-latest.xml
delete mode 120000 tests/qemuxml2xmloutdata/audio-alsa-minimal.xml
create mode 100644 tests/qemuxml2xmloutdata/audio-coreaudio-best.x86_64-latest.xml
delete mode 120000 tests/qemuxml2xmloutdata/audio-coreaudio-best.xml
create mode 100644 tests/qemuxml2xmloutdata/audio-coreaudio-full.x86_64-latest.xml
delete mode 120000 tests/qemuxml2xmloutdata/audio-coreaudio-full.xml
create mode 100644 tests/qemuxml2xmloutdata/audio-coreaudio-minimal.x86_64-latest.xml
delete mode 120000 tests/qemuxml2xmloutdata/audio-coreaudio-minimal.xml
create mode 100644 tests/qemuxml2xmloutdata/audio-file-best.x86_64-latest.xml
delete mode 120000 tests/qemuxml2xmloutdata/audio-file-best.xml
create mode 100644 tests/qemuxml2xmloutdata/audio-file-full.x86_64-latest.xml
delete mode 120000 tests/qemuxml2xmloutdata/audio-file-full.xml
create mode 100644 tests/qemuxml2xmloutdata/audio-file-minimal.x86_64-latest.xml
delete mode 120000 tests/qemuxml2xmloutdata/audio-file-minimal.xml
create mode 100644 tests/qemuxml2xmloutdata/audio-jack-full.x86_64-latest.xml
delete mode 120000 tests/qemuxml2xmloutdata/audio-jack-full.xml
mode change 120000 => 100644 tests/qemuxml2xmloutdata/audio-many-backends.x86_64-latest.xml
create mode 100644 tests/qemuxml2xmloutdata/audio-none-best.x86_64-latest.xml
delete mode 120000 tests/qemuxml2xmloutdata/audio-none-best.xml
create mode 100644 tests/qemuxml2xmloutdata/audio-none-full.x86_64-latest.xml
delete mode 120000 tests/qemuxml2xmloutdata/audio-none-full.xml
create mode 100644 tests/qemuxml2xmloutdata/audio-none-minimal.x86_64-latest.xml
delete mode 120000 tests/qemuxml2xmloutdata/audio-none-minimal.xml
create mode 100644 tests/qemuxml2xmloutdata/audio-oss-best.x86_64-latest.xml
delete mode 120000 tests/qemuxml2xmloutdata/audio-oss-best.xml
create mode 100644 tests/qemuxml2xmloutdata/audio-oss-full.x86_64-latest.xml
delete mode 120000 tests/qemuxml2xmloutdata/audio-oss-full.xml
create mode 100644 tests/qemuxml2xmloutdata/audio-oss-minimal.x86_64-latest.xml
delete mode 120000 tests/qemuxml2xmloutdata/audio-oss-minimal.xml
create mode 100644 tests/qemuxml2xmloutdata/audio-pulseaudio-best.x86_64-latest.xml
delete mode 120000 tests/qemuxml2xmloutdata/audio-pulseaudio-best.xml
create mode 100644 tests/qemuxml2xmloutdata/audio-pulseaudio-full.x86_64-latest.xml
delete mode 120000 tests/qemuxml2xmloutdata/audio-pulseaudio-full.xml
create mode 100644 tests/qemuxml2xmloutdata/audio-pulseaudio-minimal.x86_64-latest.xml
delete mode 120000 tests/qemuxml2xmloutdata/audio-pulseaudio-minimal.xml
create mode 100644 tests/qemuxml2xmloutdata/audio-sdl-best.x86_64-latest.xml
delete mode 120000 tests/qemuxml2xmloutdata/audio-sdl-best.xml
create mode 100644 tests/qemuxml2xmloutdata/audio-sdl-full.x86_64-latest.xml
delete mode 120000 tests/qemuxml2xmloutdata/audio-sdl-full.xml
create mode 100644 tests/qemuxml2xmloutdata/audio-sdl-minimal.x86_64-latest.xml
delete mode 120000 tests/qemuxml2xmloutdata/audio-sdl-minimal.xml
create mode 100644 tests/qemuxml2xmloutdata/audio-spice-best.x86_64-latest.xml
delete mode 120000 tests/qemuxml2xmloutdata/audio-spice-best.xml
create mode 100644 tests/qemuxml2xmloutdata/audio-spice-full.x86_64-latest.xml
delete mode 120000 tests/qemuxml2xmloutdata/audio-spice-full.xml
create mode 100644 tests/qemuxml2xmloutdata/audio-spice-minimal.x86_64-latest.xml
delete mode 120000 tests/qemuxml2xmloutdata/audio-spice-minimal.xml
--
2.40.1
1 year
[PATCH 0/5] qemu: Clean up testing of sound devices and implement 'multichannel' support for 'usb-audio'
by Peter Krempa
Peter Krempa (5):
docs: formatdomain: Use code blocks to emphasize various sound device
options
qemuxml2(argv|xml)test: Remove 'sound' case
qemuxml2(argv|xml)test: Modernize 'sound-device' case
conf: Register autoptr cleanup for 'virDomainSoundDef' and refactor
virDomainSoundDefParseXML
conf: qemu: Add support for multi-channel mode for 'usb' sound cards
docs/formatdomain.rst | 55 ++++++++++---------
src/conf/domain_conf.c | 42 ++++++++++----
src/conf/domain_conf.h | 5 ++
src/conf/schemas/domaincommon.rng | 5 ++
src/qemu/qemu_command.c | 3 +
...ce.args => sound-device.x86_64-4.2.0.args} | 13 ++---
.../sound-device.x86_64-latest.args | 50 +++++++++++++++++
tests/qemuxml2argvdata/sound-device.xml | 12 +---
tests/qemuxml2argvdata/sound.args | 37 -------------
tests/qemuxml2argvdata/sound.xml | 34 ------------
tests/qemuxml2argvtest.c | 8 +--
...ice.xml => sound-device.x86_64-latest.xml} | 17 +++---
tests/qemuxml2xmloutdata/sound.xml | 43 ---------------
tests/qemuxml2xmltest.c | 8 +--
14 files changed, 142 insertions(+), 190 deletions(-)
rename tests/qemuxml2argvdata/{sound-device.args => sound-device.x86_64-4.2.0.args} (80%)
create mode 100644 tests/qemuxml2argvdata/sound-device.x86_64-latest.args
delete mode 100644 tests/qemuxml2argvdata/sound.args
delete mode 100644 tests/qemuxml2argvdata/sound.xml
rename tests/qemuxml2xmloutdata/{sound-device.xml => sound-device.x86_64-latest.xml} (82%)
delete mode 100644 tests/qemuxml2xmloutdata/sound.xml
--
2.40.0
1 year
[PATCH] qemu: Report domain name in unexpectedly closed monitor message
by Michal Privoznik
When QEMU closes the monitor suddenly, the following error
message is reported:
internal error: qemu unexpectedly closed the monitor: ...
And this works. But other error messages produced in the same
function include domain name too. Do that for the unexpectedly
closed monitor message too.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/qemu_monitor.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index 71ebd356ad..dacf161971 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -513,15 +513,18 @@ qemuMonitorIO(GSocket *socket G_GNUC_UNUSED,
if (error || mon->goteof) {
if (hangup && mon->logFunc != NULL) {
+ g_autofree char *errmsg = NULL;
+
/* Check if an error message from qemu is available and if so, use
* it to overwrite the actual message. It's done only in early
* startup phases or during incoming migration when the message
* from qemu is certainly more interesting than a
* "connection reset by peer" message.
*/
- mon->logFunc(mon,
- _("qemu unexpectedly closed the monitor"),
- mon->logOpaque);
+
+ errmsg = g_strdup_printf(_("QEMU unexpectedly closed the monitor (vm='%1$s')"),
+ mon->domainName);
+ mon->logFunc(mon, errmsg, mon->logOpaque);
virCopyLastError(&mon->lastError);
virResetLastError();
}
--
2.39.3
1 year
[PATCH] logging: Provide empty VIRTLOGD_ARGS in the unit file
by Michal Privoznik
For all our daemons, we provide VIRXXXD_ARGS env var in the unit
file. The variable can then be overridden in corresponding file:
EnvironmentFile=-@initconfdir@/virtxxxd
The daemon is then executed as:
ExecStart=@sbindir@/virtxxxd $VIRTXXXD_ARGS
But virlogd is exception, for no good reason. And while there are
probably no arguments we want to pass to virtlogd by default,
just mimic what we do for say virtlockd, where we also don't pass
any default argument.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/logging/virtlogd.service.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/logging/virtlogd.service.in b/src/logging/virtlogd.service.in
index 158124e4d3..e4aecd46a7 100644
--- a/src/logging/virtlogd.service.in
+++ b/src/logging/virtlogd.service.in
@@ -7,6 +7,7 @@ Documentation=man:virtlogd(8)
Documentation=https://libvirt.org
[Service]
+Environment=VIRTLOGD_ARGS=
EnvironmentFile=-@initconfdir@/virtlogd
ExecStart=@sbindir@/virtlogd $VIRTLOGD_ARGS
ExecReload=/bin/kill -USR1 $MAINPID
--
2.39.3
1 year
[RFC PATCH] hostdev:Introduce vDPA device to hostdev subsystem as a new subtype
by libai
The following is the xml of vdpa device:
<devices>
<hostdev mode='subsystem' type='vdpa'>
<source dev='/dev/vhost-vdpa-0'/>
</hostdev>
</devices>
And the command line passed to QEMU is as follows:
-device {"driver":"vhost-vdpa-device-pci","vhostdev":"/dev/vhost-vdpa-0"}
This solution is selected according to the previous discussion
on the solution of supporting the vDPA device.
For details, see the following:
https://listman.redhat.com/archives/libvir-list/2023-March/239018.html
Signed-off-by: libai <libai12(a)huawei.com>
---
src/conf/domain_audit.c | 4 +++
src/conf/domain_conf.c | 47 +++++++++++++++++++++++++++++++++
src/conf/domain_conf.h | 6 +++++
src/conf/domain_validate.c | 1 +
src/conf/virconftypes.h | 2 ++
src/qemu/qemu_command.c | 19 +++++++++++++
src/qemu/qemu_command.h | 3 +++
src/qemu/qemu_domain.c | 6 +++++
src/qemu/qemu_hotplug.c | 1 +
src/qemu/qemu_migration.c | 2 ++
src/qemu/qemu_validate.c | 2 ++
src/security/security_dac.c | 2 ++
src/security/security_selinux.c | 2 ++
13 files changed, 97 insertions(+)
diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
index ae875188bd..6906ce7ade 100644
--- a/src/conf/domain_audit.c
+++ b/src/conf/domain_audit.c
@@ -344,6 +344,7 @@ virDomainAuditHostdev(virDomainObj *vm, virDomainHostdevDef *hostdev,
virDomainHostdevSubsysSCSI *scsisrc = &hostdev->source.subsys.u.scsi;
virDomainHostdevSubsysSCSIVHost *hostsrc = &hostdev->source.subsys.u.scsi_host;
virDomainHostdevSubsysMediatedDev *mdevsrc = &hostdev->source.subsys.u.mdev;
+ virDomainHostdevSubsysVDPA *vdpasrc = &hostdev->source.subsys.u.vdpa;
virUUIDFormat(vm->def->uuid, uuidstr);
if (!(vmname = virAuditEncode("vm", vm->def->name))) {
@@ -383,6 +384,9 @@ virDomainAuditHostdev(virDomainObj *vm, virDomainHostdevDef *hostdev,
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV:
address = g_strdup(mdevsrc->uuidstr);
break;
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA:
+ address = g_strdup(vdpasrc->devpath);
+ break;
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
default:
VIR_WARN("Unexpected hostdev type while encoding audit message: %d",
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index b03a3ff011..e8f6d1457b 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -1047,6 +1047,7 @@ VIR_ENUM_IMPL(virDomainHostdevSubsys,
"scsi",
"scsi_host",
"mdev",
+ "vdpa",
);
VIR_ENUM_IMPL(virDomainHostdevSubsysPCIBackend,
@@ -2641,6 +2642,9 @@ virDomainHostdevDefClear(virDomainHostdevDef *def)
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI:
g_clear_pointer(&def->source.subsys.u.pci.origstates, virBitmapFree);
break;
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA:
+ VIR_FREE(def->source.subsys.u.vdpa.devpath);
+ break;
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB:
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV:
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
@@ -6160,6 +6164,22 @@ virDomainHostdevSubsysMediatedDevDefParseXML(virDomainHostdevDef *def,
return 0;
}
+static int
+virDomainHostdevSubsysVDPADefParseXML(xmlNodePtr sourcenode,
+ virDomainHostdevDef *def)
+{
+ g_autofree char *devpath = NULL;
+ virDomainHostdevSubsysVDPA *vdpa = &def->source.subsys.u.vdpa;
+
+ if(!(devpath = virXMLPropString(sourcenode, "dev"))) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Missing 'dev' attribute for element <source>"));
+ return -1;
+ }
+ vdpa->devpath = g_steal_pointer(&devpath);
+ return 0;
+}
+
static int
virDomainHostdevDefParseXMLSubsys(xmlNodePtr node,
xmlXPathContextPtr ctxt,
@@ -6317,6 +6337,11 @@ virDomainHostdevDefParseXMLSubsys(xmlNodePtr node,
if (virDomainHostdevSubsysMediatedDevDefParseXML(def, ctxt) < 0)
return -1;
break;
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA:
+ if (virDomainHostdevSubsysVDPADefParseXML(sourcenode, def) < 0) {
+ return -1;
+ }
+ break;
default:
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
@@ -12979,6 +13004,7 @@ virDomainHostdevDefParseXML(virDomainXMLOption *xmlopt,
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI:
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI_HOST:
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV:
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA:
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
break;
}
@@ -14101,6 +14127,13 @@ virDomainHostdevMatchSubsys(virDomainHostdevDef *a,
return 0;
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV:
return virDomainHostdevMatchSubsysMediatedDev(a, b);
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA:
+ if (STREQ(a->source.subsys.u.vdpa.devpath,
+ b->source.subsys.u.vdpa.devpath)) {
+ return 1;
+ } else {
+ return 0;
+ }
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
return 0;
}
@@ -23290,6 +23323,16 @@ virDomainHostdevDefFormatSubsysMdev(virBuffer *buf,
virXMLFormatElement(buf, "source", NULL, &sourceChildBuf);
}
+static void
+virDomainHostdevDefFormatSubsysVDPA(virBuffer *buf,
+ virDomainHostdevDef *def)
+{
+ g_auto(virBuffer) sourceAttrBuf = VIR_BUFFER_INITIALIZER;
+ virDomainHostdevSubsysVDPA *vdpasrc = &def->source.subsys.u.vdpa;
+ virBufferAsprintf(&sourceAttrBuf, " dev='%s'", vdpasrc->devpath);
+ virXMLFormatElement(buf, "source", &sourceAttrBuf, NULL);
+}
+
static int
virDomainHostdevDefFormatSubsys(virBuffer *buf,
@@ -23317,6 +23360,10 @@ virDomainHostdevDefFormatSubsys(virBuffer *buf,
virDomainHostdevDefFormatSubsysMdev(buf, def);
return 0;
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA:
+ virDomainHostdevDefFormatSubsysVDPA(buf, def);
+ return 0;
+
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
default:
virReportEnumRangeError(virDomainHostdevSubsysType, def->source.subsys.type);
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 511067a050..ade8b0edec 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -197,6 +197,7 @@ typedef enum {
VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI,
VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI_HOST,
VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV,
+ VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA,
VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST
} virDomainHostdevSubsysType;
@@ -289,6 +290,10 @@ struct _virDomainHostdevSubsysMediatedDev {
virTristateSwitch ramfb;
};
+struct _virDomainHostdevSubsysVDPA {
+ char *devpath; /* vDPA device path */
+};
+
typedef enum {
VIR_DOMAIN_HOSTDEV_SUBSYS_SCSI_HOST_PROTOCOL_TYPE_NONE,
VIR_DOMAIN_HOSTDEV_SUBSYS_SCSI_HOST_PROTOCOL_TYPE_VHOST,
@@ -323,6 +328,7 @@ struct _virDomainHostdevSubsys {
virDomainHostdevSubsysSCSI scsi;
virDomainHostdevSubsysSCSIVHost scsi_host;
virDomainHostdevSubsysMediatedDev mdev;
+ virDomainHostdevSubsysVDPA vdpa;
} u;
};
diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index e04b85fee4..4af84c4f0c 100644
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -2214,6 +2214,7 @@ virDomainHostdevDefValidate(const virDomainHostdevDef *hostdev)
}
break;
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV:
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA:
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
break;
}
diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h
index e07f967814..1756c54e7a 100644
--- a/src/conf/virconftypes.h
+++ b/src/conf/virconftypes.h
@@ -120,6 +120,8 @@ typedef struct _virDomainHostdevSubsys virDomainHostdevSubsys;
typedef struct _virDomainHostdevSubsysMediatedDev virDomainHostdevSubsysMediatedDev;
+typedef struct _virDomainHostdevSubsysVDPA virDomainHostdevSubsysVDPA;
+
typedef struct _virDomainHostdevSubsysPCI virDomainHostdevSubsysPCI;
typedef struct _virDomainHostdevSubsysSCSI virDomainHostdevSubsysSCSI;
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 4ca93bf3dc..121214f4d5 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -4958,6 +4958,18 @@ qemuBuildHostdevMediatedDevProps(const virDomainDef *def,
return g_steal_pointer(&props);
}
+virJSONValue *
+qemuBuildHostdevVDPADevProps(virDomainHostdevDef *dev)
+{
+ g_autoptr(virJSONValue) props = NULL;
+ virDomainHostdevSubsysVDPA *vdpasrc = &dev->source.subsys.u.vdpa;
+ if (virJSONValueObjectAdd(&props,
+ "s:driver", "vhost-vdpa-device-pci",
+ "s:vhostdev", vdpasrc->devpath,
+ NULL) < 0)
+ return NULL;
+ return g_steal_pointer(&props);
+}
qemuBlockStorageSourceAttachData *
qemuBuildHostdevSCSIDetachPrepare(virDomainHostdevDef *hostdev,
@@ -5154,6 +5166,13 @@ qemuBuildHostdevCommandLine(virCommand *cmd,
return -1;
break;
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA:
+ if (!(devprops = qemuBuildHostdevVDPADevProps(hostdev)))
+ return -1;
+ if (qemuBuildDeviceCommandlineFromJSON(cmd, devprops, def, qemuCaps) < 0)
+ return -1;
+ break;
+
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
break;
}
diff --git a/src/qemu/qemu_command.h b/src/qemu/qemu_command.h
index 5fdb138030..dff18350b5 100644
--- a/src/qemu/qemu_command.h
+++ b/src/qemu/qemu_command.h
@@ -198,6 +198,9 @@ virJSONValue *
qemuBuildHostdevMediatedDevProps(const virDomainDef *def,
virDomainHostdevDef *dev);
+virJSONValue *
+qemuBuildHostdevVDPADevProps(virDomainHostdevDef *dev);
+
virJSONValue *
qemuBuildRedirdevDevProps(const virDomainDef *def,
virDomainRedirdevDef *dev);
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 63b13b6875..0cd485a459 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -10533,6 +10533,8 @@ qemuDomainGetHostdevPath(virDomainHostdevDef *dev,
virDomainHostdevSubsysSCSI *scsisrc = &dev->source.subsys.u.scsi;
virDomainHostdevSubsysSCSIVHost *hostsrc = &dev->source.subsys.u.scsi_host;
virDomainHostdevSubsysMediatedDev *mdevsrc = &dev->source.subsys.u.mdev;
+ virDomainHostdevSubsysVDPA *vdpasrc = &dev->source.subsys.u.vdpa;
+
g_autoptr(virUSBDevice) usb = NULL;
g_autoptr(virSCSIDevice) scsi = NULL;
g_autoptr(virSCSIVHostDevice) host = NULL;
@@ -10603,6 +10605,10 @@ qemuDomainGetHostdevPath(virDomainHostdevDef *dev,
if (!(tmpPath = virMediatedDeviceGetIOMMUGroupDev(mdevsrc->uuidstr)))
return -1;
+ perm = VIR_CGROUP_DEVICE_RW;
+ break;
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA:
+ tmpPath = g_strdup(vdpasrc->devpath);
perm = VIR_CGROUP_DEVICE_RW;
break;
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 5072798cb7..7d89899223 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -4546,6 +4546,7 @@ qemuDomainRemoveHostDevice(virQEMUDriver *driver,
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV:
qemuDomainRemoveMediatedDevice(driver, vm, hostdev);
break;
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA:
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
break;
}
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index ed41a03851..9220ef1ab1 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -1295,6 +1295,8 @@ qemuMigrationSrcIsAllowedHostdev(const virDomainDef *def)
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI:
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI_HOST:
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV:
+ /* The vDPA devices don't support migration for now */
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA:
virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
_("cannot migrate a domain with <hostdev mode='subsystem' type='%1$s'>"),
virDomainHostdevSubsysTypeToString(hostdev->source.subsys.type));
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index b8d5e9bd74..ea3d4e1a39 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -2566,6 +2566,8 @@ qemuValidateDomainDeviceDefHostdev(const virDomainHostdevDef *hostdev,
break;
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV:
return qemuValidateDomainMdevDef(hostdev, def, qemuCaps);
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA:
+ break;
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
default:
virReportEnumRangeError(virDomainHostdevSubsysType,
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index c7dc145621..24f3de5d15 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -1313,6 +1313,7 @@ virSecurityDACSetHostdevLabel(virSecurityManager *mgr,
break;
}
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA:
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
ret = 0;
break;
@@ -1469,6 +1470,7 @@ virSecurityDACRestoreHostdevLabel(virSecurityManager *mgr,
break;
}
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA:
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
ret = 0;
break;
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index e3e6a6115f..5cb6612fbc 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -2265,6 +2265,7 @@ virSecuritySELinuxSetHostdevSubsysLabel(virSecurityManager *mgr,
break;
}
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA:
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
ret = 0;
break;
@@ -2493,6 +2494,7 @@ virSecuritySELinuxRestoreHostdevSubsysLabel(virSecurityManager *mgr,
break;
}
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_VDPA:
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
ret = 0;
break;
--
2.33.0
1 year
[libvirt PATCH] .gitlab-ci.yml: Fix Leap 15.4 codestyle job
by Erik Skultety
Commit a3cc0e9ceb3e forgot to tweak the codestyle job so that we refer
to Leap 15.4 as Leap 15 (with the recent change in lcitool). However,
it was easy to miss as that job is not managed by the manifest.
Signed-off-by: Erik Skultety <eskultet(a)redhat.com>
---
.gitlab-ci.yml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 3a36c0ef18..2378b1a39f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -118,10 +118,10 @@ codestyle_prebuilt_env:
- .codestyle_job
- .gitlab_native_build_job_prebuilt_env
needs:
- - job: x86_64-opensuse-leap-154-container
+ - job: x86_64-opensuse-leap-15-container
optional: true
variables:
- NAME: opensuse-leap-154
+ NAME: opensuse-leap-15
codestyle_local_env:
extends:
@@ -129,7 +129,7 @@ codestyle_local_env:
- .gitlab_native_build_job_local_env
variables:
IMAGE: registry.opensuse.org/opensuse/leap:15.4
- NAME: opensuse-leap-154
+ NAME: opensuse-leap-15
# This artifact published by this job is downloaded to push to Weblate
--
2.40.1
1 year