July 2023 - Devel - Libvirt List Archives

[RFC] Adding timestamp to guest's serial console log

by Shaleen Bathla

Hi, Need some comments regarding the following feature : Addition of timestamp support for serial console logs of a guest. We can implement it as a configurable attribute in xml. For example : <serial type='pty'> <log file='$PATH/$GUESTNAME-serial0.log' append='on' timestamp="on/off"/> <target type='isa-serial' port='0'> <model name='isa-serial'/> </target> </serial> We can add a timestamp after every '\n' character received from qemu. Can I have some comments regarding this change like what I should keep in mind while implementing, whether it is a welcome addition or not, issues I might face, any qemu changes required. Thanks and Regards, Shaleen Bathla

8 months, 3 weeks

4
5
0 / 0

[libvirt PATCH 00/20] ci: Move GitLab build recipes to a standalone script

by Erik Skultety

This is a follow up to: https://listman.redhat.com/archives/libvir-list/2023-January/237201.html The effort here is to unify the way builds/tests are executed in GitLab CI vs local container executions and make another step forward in terms of reproducibility of (specifically) GitLab environments. Even though code to run all but one (coverity) jobs from GitLab via the build.sh script is added with this series, local behavior remains the same as before this series. The reason for that is that that will require more patches ridding of the Makefile which is currently used and instead integrate usage of lcitool with the ci/helper Python script which is currently the entry point for local container executions. Pipeline: https://gitlab.com/eskultety/libvirt/-/pipelines/768645158 Ubuntu is having some repo connection issues today, so the one failed ^job can be ignored Erik Skultety (20): gitlab-ci.yml: Replace all explicit calls to ninja with meson commands gitlab-ci.yml: potfile: Consolidate the meson compile calls gitlab-ci.yml: Use $HOME for rpmbuild's topdir instead of PWD ci: build.sh: Drop the commentary about CI_BUILD_SCRIPT ci: build.sh: Use 'meson setup' explicitly ci: build.sh: Always assume -Dsystem=true ci: build.sh: Drop the CI prefix from the CI_{MESON,NINJA}_ARGS vars ci: build.sh: Move off of ninja command to directly calling meson ci: build.sh: Join MESON_ARGS and MESON_OPTS ci: build.sh: Break the script functionality into helper functions ci: build.sh: Move the necessary env variables to build.sh ci: build.sh: Add support for individual GitLab jobs ci: build.sh: Wire up the individual job functions to the CLI ci: build.sh: Document CI_CONT_SRCDIR ci: build.sh: Make the build script fail ASAP with 'set -e' ci: build.sh: Update git index in local container environments on 'dist' ci: build.sh: Make the script executable gitlab-ci.yml: Add 'after_script' stage to prep for artifact collection gitlab-ci.yml: Adopt job execution via a Bash script gitlab-ci.yml: Drop the usage of script variables reference .gitlab-ci.yml | 56 ++++++++++------------- ci/Makefile | 16 ++++--- ci/build.sh | 121 +++++++++++++++++++++++++++++++++++++++++++------ ci/helper | 21 ++++++--- 4 files changed, 155 insertions(+), 59 deletions(-) mode change 100644 => 100755 ci/build.sh -- 2.39.1

8 months, 4 weeks

3
40
0 / 0

[libvirt PATCH v6 00/36] Use nbdkit for http/ftp/ssh network drives in libvirt

by Jonathon Jongsma

This is the sixth version of this patch series. See https://bugzilla.redhat.com/show_bug.cgi?id=2016527 for more information about the goal, but the summary is that RHEL does not want to ship the qemu storage plugins for curl and ssh. Handling them outside of the qemu process provides several advantages such as reduced attack surface and stability. Pretty much all of the patches have already been reviewed by Peter but I have been waiting for selinux policy changes before pushing it upstream. The selinux changes are not fully done, but there is a new policy in development that has allowed me to run with selinux in enforcing mode for the common cases. See https://bugzilla.redhat.com/show_bug.cgi?id=2182505 for more information. For me, the following scenarios work now with selinux enabled using the selinux policy from that bug: - http/https disks - ssh disks with password authentication - ssh disks with passwordless keyfile The one major thing that doesn't work and is difficult to get working with selinux enabled is the ssh-agent. This is because there doesn't seem to be any selinux policy for ssh-agent, so by default the ssh-agent socket is labeled unconfined_t. We cannot allow access from the libvirt/qemu to unconfined_t because that would open up access to just about anything on the host. So additional work will likely be necessary for ssh-agent/libvirt interaction in the future. Fortunately ssh-agent is something that never was really supported with the old qemu block driver either, so I think we could potentially merge this patchset either without the ssh-agent patches or with a note that ssh-agent won't work with selinux enabled. Note also that gitlab CI will not work for this series without changes to the ci definitions due to the addition of libnbd dependency. It also will require changes to selinux policy to enable nbdkit to execute in the proper context. Changes in v6: - rebased to latest master - slightly improved error reporting - removed polling fallback if pidfd_open is unavailable - split ssh-agent feature into separate patches - other smaller changes suggested by Peter in v5 Jonathon Jongsma (36): schema: allow 'ssh' as a protocol for network disks qemu: Add functions for determining nbdkit availability qemu: expand nbdkit capabilities util: Allow virFileCache data to be any GObject qemu: implement basic virFileCache for nbdkit caps qemu: implement persistent file cache for nbdkit caps qemu: use file cache for nbdkit caps qemu: Add qemuNbdkitProcess qemu: query nbdkit module dir from binary qemu: add functions to start and stop nbdkit qemu: remove unused 'mode' param from qemuDomainLogContextNew() Generalize qemuDomainLogContextNew() qemu: Extract qemuDomainLogContext into a new file qemu: move qemuProcessReadLog() to qemuLogContext qemu: log error output from nbdkit tests: add ability to test various nbdkit capabilities qemu: split qemuDomainSecretStorageSourcePrepare qemu: include nbdkit state in private xml util: secure erase virCommand send buffers qemu: pass sensitive data to nbdkit via pipe qemu: use nbdkit to serve network disks if available util: make virCommandSetSendBuffer testable tests: add tests for nbdkit invocation qemu: add test for authenticating a https network disk qemu: Monitor nbdkit process for exit qemu: try to connect to nbdkit early to detect errors schema: add password configuration for ssh disk qemu: implement password auth for ssh disks with nbdkit schema: add configuration for host verification of ssh disks qemu: implement knownHosts for ssh disks with nbdkit schema: add keyfile configuration for ssh disks qemu: implement keyfile auth for ssh disks with nbdkit schema: add ssh-agent configuration for ssh disks qemu: implement ssh-agent auth for ssh disks with nbdkit run: add ability to set selinux context rpm: update spec file for for nbdkit support build-aux/syntax-check.mk | 2 +- docs/formatdomain.rst | 45 +- libvirt.spec.in | 8 + meson.build | 14 + meson_options.txt | 1 + po/POTFILES | 2 + run.in | 100 +- src/conf/domain_conf.c | 33 + src/conf/schemas/domaincommon.rng | 55 + src/conf/storage_source_conf.c | 3 + src/conf/storage_source_conf.h | 6 +- src/libvirt_private.syms | 1 + src/qemu/meson.build | 3 + src/qemu/qemu_block.c | 162 ++- src/qemu/qemu_conf.c | 22 + src/qemu/qemu_conf.h | 6 + src/qemu/qemu_domain.c | 439 +++--- src/qemu/qemu_domain.h | 37 +- src/qemu/qemu_driver.c | 3 + src/qemu/qemu_extdevice.c | 62 + src/qemu/qemu_hotplug.c | 7 + src/qemu/qemu_logcontext.c | 329 +++++ src/qemu/qemu_logcontext.h | 41 + src/qemu/qemu_nbdkit.c | 1280 +++++++++++++++++ src/qemu/qemu_nbdkit.h | 115 ++ src/qemu/qemu_nbdkitpriv.h | 31 + src/qemu/qemu_process.c | 114 +- src/util/vircommand.c | 19 +- src/util/vircommand.h | 8 + src/util/vircommandpriv.h | 4 + src/util/virfilecache.c | 14 +- src/util/virfilecache.h | 2 +- tests/meson.build | 1 + tests/qemublocktest.c | 2 +- ...w2-invalid.json => network-ssh-qcow2.json} | 0 ...cow2-invalid.xml => network-ssh-qcow2.xml} | 0 .../disk-cdrom-network.args.disk0 | 6 + .../disk-cdrom-network.args.disk1 | 8 + .../disk-cdrom-network.args.disk1.pipe.778 | 1 + .../disk-cdrom-network.args.disk2 | 8 + .../disk-cdrom-network.args.disk2.pipe.780 | 1 + .../disk-network-http.args.disk0 | 6 + .../disk-network-http.args.disk1 | 5 + .../disk-network-http.args.disk2 | 6 + .../disk-network-http.args.disk2.pipe.778 | 1 + .../disk-network-http.args.disk3 | 7 + .../disk-network-http.args.disk3.pipe.780 | 1 + ...work-source-curl-nbdkit-backing.args.disk0 | 7 + ...ce-curl-nbdkit-backing.args.disk0.pipe.778 | 1 + .../disk-network-source-curl.args.disk0 | 7 + ...sk-network-source-curl.args.disk0.pipe.778 | 1 + .../disk-network-source-curl.args.disk1 | 9 + ...sk-network-source-curl.args.disk1.pipe.780 | 1 + ...sk-network-source-curl.args.disk1.pipe.782 | 1 + .../disk-network-source-curl.args.disk2 | 7 + ...sk-network-source-curl.args.disk2.pipe.782 | 1 + ...sk-network-source-curl.args.disk2.pipe.784 | 1 + .../disk-network-source-curl.args.disk3 | 6 + .../disk-network-source-curl.args.disk4 | 6 + .../disk-network-ssh-key.args.disk0 | 9 + .../disk-network-ssh-key.args.disk1 | 9 + .../disk-network-ssh-password.args.disk0 | 9 + ...k-network-ssh-password.args.disk0.pipe.778 | 1 + .../disk-network-ssh.args.disk0 | 7 + .../disk-network-ssh.args.disk1 | 8 + .../disk-network-ssh.args.disk1.pipe.778 | 1 + .../disk-network-ssh.args.disk2 | 9 + tests/qemunbdkittest.c | 310 ++++ tests/qemustatusxml2xmldata/modern-in.xml | 4 + ...sk-cdrom-network-nbdkit.x86_64-latest.args | 42 + .../disk-cdrom-network-nbdkit.xml | 1 + ...isk-network-http-nbdkit.x86_64-latest.args | 44 + .../disk-network-http-nbdkit.xml | 1 + ...rce-curl-nbdkit-backing.x86_64-latest.args | 37 + ...isk-network-source-curl-nbdkit-backing.xml | 45 + ...work-source-curl-nbdkit.x86_64-latest.args | 49 + .../disk-network-source-curl-nbdkit.xml | 1 + ...isk-network-source-curl.x86_64-latest.args | 53 + .../disk-network-source-curl.xml | 74 + .../qemuxml2argvdata/disk-network-ssh-key.xml | 44 + ...disk-network-ssh-nbdkit.x86_64-latest.args | 35 + .../disk-network-ssh-nbdkit.xml | 1 + ...sk-network-ssh-password.x86_64-latest.args | 35 + .../disk-network-ssh-password.xml | 35 + .../disk-network-ssh.x86_64-latest.args | 35 + tests/qemuxml2argvdata/disk-network-ssh.xml | 32 + tests/qemuxml2argvtest.c | 19 + tests/testutilsqemu.c | 26 + tests/testutilsqemu.h | 4 + 89 files changed, 3545 insertions(+), 504 deletions(-) create mode 100644 src/qemu/qemu_logcontext.c create mode 100644 src/qemu/qemu_logcontext.h create mode 100644 src/qemu/qemu_nbdkit.c create mode 100644 src/qemu/qemu_nbdkit.h create mode 100644 src/qemu/qemu_nbdkitpriv.h rename tests/qemublocktestdata/imagecreate/{network-ssh-qcow2-invalid.json => network-ssh-qcow2.json} (100%) rename tests/qemublocktestdata/imagecreate/{network-ssh-qcow2-invalid.xml => network-ssh-qcow2.xml} (100%) create mode 100644 tests/qemunbdkitdata/disk-cdrom-network.args.disk0 create mode 100644 tests/qemunbdkitdata/disk-cdrom-network.args.disk1 create mode 100644 tests/qemunbdkitdata/disk-cdrom-network.args.disk1.pipe.778 create mode 100644 tests/qemunbdkitdata/disk-cdrom-network.args.disk2 create mode 100644 tests/qemunbdkitdata/disk-cdrom-network.args.disk2.pipe.780 create mode 100644 tests/qemunbdkitdata/disk-network-http.args.disk0 create mode 100644 tests/qemunbdkitdata/disk-network-http.args.disk1 create mode 100644 tests/qemunbdkitdata/disk-network-http.args.disk2 create mode 100644 tests/qemunbdkitdata/disk-network-http.args.disk2.pipe.778 create mode 100644 tests/qemunbdkitdata/disk-network-http.args.disk3 create mode 100644 tests/qemunbdkitdata/disk-network-http.args.disk3.pipe.780 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl-nbdkit-backing.args.disk0 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl-nbdkit-backing.args.disk0.pipe.778 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk0 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk0.pipe.778 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk1 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk1.pipe.780 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk1.pipe.782 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk2 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk2.pipe.782 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk2.pipe.784 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk3 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk4 create mode 100644 tests/qemunbdkitdata/disk-network-ssh-key.args.disk0 create mode 100644 tests/qemunbdkitdata/disk-network-ssh-key.args.disk1 create mode 100644 tests/qemunbdkitdata/disk-network-ssh-password.args.disk0 create mode 100644 tests/qemunbdkitdata/disk-network-ssh-password.args.disk0.pipe.778 create mode 100644 tests/qemunbdkitdata/disk-network-ssh.args.disk0 create mode 100644 tests/qemunbdkitdata/disk-network-ssh.args.disk1 create mode 100644 tests/qemunbdkitdata/disk-network-ssh.args.disk1.pipe.778 create mode 100644 tests/qemunbdkitdata/disk-network-ssh.args.disk2 create mode 100644 tests/qemunbdkittest.c create mode 100644 tests/qemuxml2argvdata/disk-cdrom-network-nbdkit.x86_64-latest.args create mode 120000 tests/qemuxml2argvdata/disk-cdrom-network-nbdkit.xml create mode 100644 tests/qemuxml2argvdata/disk-network-http-nbdkit.x86_64-latest.args create mode 120000 tests/qemuxml2argvdata/disk-network-http-nbdkit.xml create mode 100644 tests/qemuxml2argvdata/disk-network-source-curl-nbdkit-backing.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/disk-network-source-curl-nbdkit-backing.xml create mode 100644 tests/qemuxml2argvdata/disk-network-source-curl-nbdkit.x86_64-latest.args create mode 120000 tests/qemuxml2argvdata/disk-network-source-curl-nbdkit.xml create mode 100644 tests/qemuxml2argvdata/disk-network-source-curl.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/disk-network-source-curl.xml create mode 100644 tests/qemuxml2argvdata/disk-network-ssh-key.xml create mode 100644 tests/qemuxml2argvdata/disk-network-ssh-nbdkit.x86_64-latest.args create mode 120000 tests/qemuxml2argvdata/disk-network-ssh-nbdkit.xml create mode 100644 tests/qemuxml2argvdata/disk-network-ssh-password.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/disk-network-ssh-password.xml create mode 100644 tests/qemuxml2argvdata/disk-network-ssh.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/disk-network-ssh.xml -- 2.41.0

9 months

3
46
0 / 0

[libvirt PATCH v2 00/24] introduce external snapshot revert support

by Pavel Hrdina

This implements virDomainRevertToSnapshot to work with external snapshots. In addition it modifies virDomainSnapshotDelete to work correctly when we revert to non-leaf snapshot or when there is non-linear snapshot tree with multiple branches. Gitlab repo with the patches: https://gitlab.com/phrdina/libvirt/-/tree/snapshot-revert-external Pavel Hrdina (24): libvirt_private: list virDomainMomentDefPostParse snapshot_conf: export virDomainSnapshotDiskDefClear snapshot_conf: use alternate domain definition in virDomainSnapshotDefAssignExternalNames snapshot_conf: introduce <revertDisks> metadata element snapshot_conf: add new argument to virDomainSnapshotAlignDisks qemu_snapshot: introduce qemuSnapshotDomainDefUpdateDisk qemu_snapshot: use virDomainDiskByName while updating domain def qemu_snapshot: introduce qemuSnapshotCreateQcow2Files qemu_snapshot: allow using alternate domain definition when creating qcow2 files qemu_snapshot: move external disk prepare to single function qemu_snapshot: use VIR_ASYNC_JOB_SNAPSHOT when reverting snapshot qemu_snapshot: introduce external snapshot revert support qemu_snapshot: rename qemuSnapshotDeleteExternalPrepare qemu_snapshot: extract external snapshot delete prepare to function qemu_snapshot: add merge to external snapshot delete prepare data qemu_snapshot: prepare data for non-active leaf external snapshot deletion qemu_snapshot: add support to delete external snapshot without block commit qemu_snapshot: delete: properly update parent snapshot with revert data qemu_snapshot: remove revertdisks when creating new snapshot virdomainmomentobjlist: introduce virDomainMomentIsAncestor qemu_snapshot: update backing store after deleting external snapshot qemu_snapshot: check only once if snapshot is external qemu_snapshot: add checks for external snapshot deletion qemu_snapshot: allow snapshot revert for external snapshots src/conf/schemas/domainsnapshot.rng | 7 + src/conf/snapshot_conf.c | 52 +- src/conf/snapshot_conf.h | 11 +- src/conf/virdomainmomentobjlist.c | 17 + src/conf/virdomainmomentobjlist.h | 4 + src/libvirt_private.syms | 6 + src/qemu/qemu_snapshot.c | 874 ++++++++++++++++++++++------ src/test/test_driver.c | 2 +- 8 files changed, 780 insertions(+), 193 deletions(-) -- 2.41.0

9 months, 2 weeks

2
38
0 / 0

[PATCH 0/2] libvirt-guests: small improvments

by Jim Fehlig

The first patch is trivial. I suppose the second is debatable. If I build libvirt with -Dremote_default_mode=legacy but deploy modular daemons, /run/libvirt/libvirt-sock is provided by virtproxyd, which may or may not be running when libvirt-guests starts/stops. I added an 'After=virtproxyd.socket' ordering dependency to libvirt-guests, but it hasn't fixed an issue I'm seeing when using libvirt-guests+virtproxyd libvirt-guests.sh[2607]: Can't connect to default. Skipping I'm still investigating that issue but think the dependency issue is worth discussing independently. Jim Fehlig (2): libvirt-guests: Remove unused variable 'libvirtd' libvirt-guests: Add systemd odering dependency to virtproxyd tools/libvirt-guests.service.in | 1 + tools/libvirt-guests.sh.in | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) -- 2.41.0

9 months, 2 weeks

3
8
0 / 0

[PATCH] Fix some typos in documentation and comments

by Stefan Weil

Signed-off-by: Stefan Weil <sw(a)weilnetz.de> --- This patch was triggered by a spelling check for the generated QEMU documentation using codespell. It does not try to fix all typos which still exist in the QEMU code, but has a focus on those required to fix the documentation. Nevertheless some code comments with the same typos were fixed, too. I think the patch is trivial, so maybe it can still be included in the upcoming release, but that's not strictly necessary. Stefan docs/about/deprecated.rst | 2 +- docs/devel/qom.rst | 2 +- docs/system/devices/nvme.rst | 2 +- hw/core/loader.c | 4 ++-- include/exec/memory.h | 2 +- ui/vnc-enc-tight.c | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst index 1c35f55666..92a2bafd2b 100644 --- a/docs/about/deprecated.rst +++ b/docs/about/deprecated.rst @@ -369,7 +369,7 @@ mapping permissions et al by using its 'mapped' security model option. Nowadays it would make sense to reimplement the ``proxy`` backend by using QEMU's ``vhost`` feature, which would eliminate the high latency costs under which the 9p ``proxy`` backend currently suffers. However as of to date nobody -has indicated plans for such kind of reimplemention unfortunately. +has indicated plans for such kind of reimplementation unfortunately. Block device options diff --git a/docs/devel/qom.rst b/docs/devel/qom.rst index 0b506426d7..9918fac7f2 100644 --- a/docs/devel/qom.rst +++ b/docs/devel/qom.rst @@ -30,7 +30,7 @@ user configuration. Creating a QOM class ==================== -A simple minimal device implementation may look something like bellow: +A simple minimal device implementation may look something like below: .. code-block:: c :caption: Creating a minimal type diff --git a/docs/system/devices/nvme.rst b/docs/system/devices/nvme.rst index a8bb8d729c..2a3af268f7 100644 --- a/docs/system/devices/nvme.rst +++ b/docs/system/devices/nvme.rst @@ -232,7 +232,7 @@ parameters: Set the number of Reclaim Groups. ``fdp.nruh`` (default: ``0``) - Set the number of Reclaim Unit Handles. This is a mandatory paramater and + Set the number of Reclaim Unit Handles. This is a mandatory parameter and must be non-zero. ``fdp.runs`` (default: ``96M``) diff --git a/hw/core/loader.c b/hw/core/loader.c index 8b7fd9e9e5..4dd5a71fb7 100644 --- a/hw/core/loader.c +++ b/hw/core/loader.c @@ -863,7 +863,7 @@ ssize_t load_image_gzipped(const char *filename, hwaddr addr, uint64_t max_sz) /* * The Linux header magic number for a EFI PE/COFF - * image targetting an unspecified architecture. + * image targeting an unspecified architecture. */ #define EFI_PE_LINUX_MAGIC "\xcd\x23\x82\x81" @@ -1492,7 +1492,7 @@ RomGap rom_find_largest_gap_between(hwaddr base, size_t size) if (rom->mr || rom->fw_file) { continue; } - /* ignore anything finishing bellow base */ + /* ignore anything finishing below base */ if (rom->addr + rom->romsize <= base) { continue; } diff --git a/include/exec/memory.h b/include/exec/memory.h index 7f5c11a0cc..68284428f8 100644 --- a/include/exec/memory.h +++ b/include/exec/memory.h @@ -942,7 +942,7 @@ struct MemoryListener { * * @listener: The #MemoryListener. * @last_stage: The last stage to synchronize the log during migration. - * The caller should gurantee that the synchronization with true for + * The caller should guarantee that the synchronization with true for * @last_stage is triggered for once after all VCPUs have been stopped. */ void (*log_sync_global)(MemoryListener *listener, bool last_stage); diff --git a/ui/vnc-enc-tight.c b/ui/vnc-enc-tight.c index 09200d71b8..ee853dcfcb 100644 --- a/ui/vnc-enc-tight.c +++ b/ui/vnc-enc-tight.c @@ -77,7 +77,7 @@ static int tight_send_framebuffer_update(VncState *vs, int x, int y, #ifdef CONFIG_VNC_JPEG static const struct { - double jpeg_freq_min; /* Don't send JPEG if the freq is bellow */ + double jpeg_freq_min; /* Don't send JPEG if the freq is below */ double jpeg_freq_threshold; /* Always send JPEG if the freq is above */ int jpeg_idx; /* Allow indexed JPEG */ int jpeg_full; /* Allow full color JPEG */ -- 2.39.2

9 months, 3 weeks

4
4
0 / 0

[PATCH RFC 0/3] Reflect MAC change in live domain XML

by Michal Privoznik

These are RFC patches. I'd like to start a discussion on the following problem: A mgmt application has info tied to an <interface/> (stored elsewhere, not important right now). And they use basically the only piece of information that's visible in both host and guest: MAC address. No, user aliases are not visible in the guest. Therefore, when they query the guest-agent (e.g. via 'virsh domifaddr --source agent') they can reconstruct their knowledge on NICs. But there's a catch - if user decides to change MAC address form inside of the VM. Then the only link between host and guest is broken. Now, we could make the guest-agent report both current and permanent MAC address. But unfortunately, libvirt's virDomainInterfaceAddresses() is not prepared for that. Now, I don't recall why we decided to not update MAC address in the live XML on change, but maybe somebody else does. Or we can pass the event from QEMU to the mgmt application so that it can update its state. Michal Prívozník (3): qemu: Reflect MAC address change in live domain XML Introduce NIC_MAC_CHANGE event qemu: Emit NIC_MAC_CHANGE event examples/c/misc/event-test.c | 14 +++++ include/libvirt/libvirt-domain.h | 28 +++++++++ src/conf/domain_event.c | 93 +++++++++++++++++++++++++++++ src/conf/domain_event.h | 12 ++++ src/libvirt_private.syms | 2 + src/qemu/qemu_domain.c | 34 ++++++++++- src/qemu/qemu_domain.h | 3 +- src/qemu/qemu_driver.c | 11 ++-- src/qemu/qemu_process.c | 2 +- src/remote/remote_daemon_dispatch.c | 32 ++++++++++ src/remote/remote_driver.c | 34 +++++++++++ src/remote/remote_protocol.x | 17 +++++- tools/virsh-domain-event.c | 20 +++++++ 13 files changed, 294 insertions(+), 8 deletions(-) -- 2.39.3

9 months, 3 weeks

3
9
0 / 0

[libvirt PATCH 0/9] src: some improvements to systemd unit files

by Daniel P. Berrangé

These were suggested by Lennart in https://gitlab.com/libvirt/libvirt/-/issues/489 Daniel P. Berrangé (9): src: remove After=local-fs.target from systemd units src: remote deps on ip[6]tables/firewalld.service from systemd units util: remove pointless wrappers for setrlimit/getrlimit util: add helper for raising the max files limit rpc: automatically raise max file limit in all daemons src: set max open file limit to match systemd >= 240 defaults util: relax requirement for logind to be running src: remove dep on systemd-logind.service from unit files util: add logging about node suspend availability src/ch/virtchd.service.in | 11 ++--- src/interface/virtinterfaced.service.in | 1 - src/libvirt_private.syms | 1 + src/libxl/virtxend.service.in | 1 - src/locking/virtlockd.service.in | 8 ++-- src/logging/virtlogd.service.in | 11 ++--- src/lxc/virtlxcd.service.in | 11 ++--- src/network/virtnetworkd.service.in | 4 -- src/node_device/virtnodedevd.service.in | 1 - src/nwfilter/virtnwfilterd.service.in | 1 - src/qemu/virtqemud.service.in | 11 ++--- src/remote/libvirtd.service.in | 14 ++----- src/remote/virtproxyd.service.in | 1 - src/rpc/virnetdaemon.c | 3 ++ src/secret/virtsecretd.service.in | 1 - src/storage/virtstoraged.service.in | 1 - src/util/virnodesuspend.c | 3 ++ src/util/virprocess.c | 56 ++++++++++++++++--------- src/util/virprocess.h | 1 + src/util/virstring.c | 6 +++ src/util/virsystemd.c | 12 ++++++ src/vbox/virtvboxd.service.in | 1 - src/vz/virtvzd.service.in | 1 - tests/virshtest.c | 1 + tools/virsh.c | 2 +- 25 files changed, 88 insertions(+), 76 deletions(-) -- 2.40.1

9 months, 3 weeks

4
26
0 / 0

[PATCH] NEWS: Mention CVE-2023-3750 and BeeGFS migration support

by Peter Krempa

Signed-off-by: Peter Krempa <pkrempa(a)redhat.com> --- NEWS.rst | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/NEWS.rst b/NEWS.rst index 8f0c67f779..e31448e829 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -13,6 +13,13 @@ v9.6.0 (unreleased) * **Security** + * ``CVE-2023-3750``: Fix race condition in storage driver leading to a crash + + In **libvirt-8.3** a bug was introduced which in rare cases could cause + ``libvirtd`` or ``virtstoraged`` to crash if multiple clients attempted to + look up a storage volume by key, path or target path, while other clients + attempted to access something from the same storage pool. + * **Removed features** * **New features** @@ -38,6 +45,11 @@ v9.6.0 (unreleased) Users no longer need to specify guest NUMA node in the domain XML when enabling memory hotplug, libvirt automatically adds one when it is missing. + * qemu: Consider ``BeeGFS`` as a shared filesystem + + Allow migration with non-shared storage for VMs accessing storage via + ``BeeGFS``. + * **Bug fixes** * qemu: Adapt to new way of specifying PC speaker -- 2.41.0

9 months, 3 weeks

2
1
0 / 0

[PATCH Libvirt 00/11] Support dirty page rate upper limit

by ~hyman

QEMU introduced the dirty page rate limit feature in 7.1.0, see the details in the following link: https://lore.kernel.org/qemu- devel/cover.1656177590.git.huangy81(a)chinatelecom.cn/ So maybe it's the right time to enable this feature in libvirt and the upper user can play with it, expecting the upper app can use this feature to do a virtual CPU Qos or whatever else. Introduce the virsh API as follows: # virsh limit-dirty-page-rate <domain> [--rate <number>] [--vcpu <number>] [--cancel] Examples: To set the dirty page rate upper limit 60MB/s for all virtual CPUs in c81_node1, use: # virsh limit-dirty-page-rate c81_node1 --rate 60 Set dirty page rate limit 60(MB/s) on all virtual CPUs successfully To set the dirty page rate upper limit 35MB/s for virtual CPU 1 in c81_node1, use: # virsh limit-dirty-page-rate c81_node1 --rate 35 --vcpu 1 Set vcpu[1] dirty page rate upper limit 35(MB/s) successfully Specify the 'cancel' option to do the reverse, the optional option 'vcpu' is used to specify the CPU index to be set. To query the dirty page rate upper limit, use: # virsh vcpuinfo c81_node1 VCPU: 0 CPU: 14 State: running CPU time: 27.1s CPU Affinity: yyyyyyyyyyyyyyyy DirtyRate limit: 60 DirtyRate current: 0 VCPU: 1 CPU: 1 State: running CPU time: 25.1s CPU Affinity: yyyyyyyyyyyyyyyy DirtyRate limit: 35 DirtyRate current: 0 VCPU: 2 CPU: 7 State: running CPU time: 6.0s CPU Affinity: yyyyyyyyyyyyyyyy DirtyRate limit: 60 DirtyRate current: 0 VCPU: 3 CPU: 8 State: running CPU time: 3.5s CPU Affinity: yyyyyyyyyyyyyyyy DirtyRate limit: 60 DirtyRate current: 0 The patch set adds two new APIs to implement a dirty page rate limit: 1. virDomainSetVcpuDirtyLimit, which set virtual CPU dirty page rate limit. virsh command 'limit-dirty-page-rate' correspondingly. 2. virDomainCancelVcpuDirtyLimit, which cancel virtual CPU dirty page rate limit. 'cancel' option was introduced to 'limit-dirty-page-rate' to cancel the limit correspondingly. In addition, function 'qemuMonitorQueryVcpuDirtyLimit' was implemented to query the dirty page rate upper limit, the virsh command 'vcpuinfo' was extended. So that the user can query dirty page rate limit info via 'vcpuinfo'. This series makes the main modifications as follows: - introduce QEMU_CAPS_VCPU_DIRTY_LIMIT capability so that libvirt can probe before using dirty page rate upper limit feature. - implement virsh command 'limit-dirty-page-rate' to set/cancel dirty page rate upper limit. - extend 'vcpuinfo' API so that it can display dirty page rate upper limit. - document dirty page rate limit feature. Please review, and hoping the comments, thanks ! Yong Hyman Huang(黄勇) (11): qemu_capabilities: Introduce QEMU_CAPS_VCPU_DIRTY_LIMIT capability libvirt: Add virDomainSetVcpuDirtyLimit API qemu_driver: Implement qemuDomainSetVcpuDirtyLimit virsh: Introduce limit-dirty-page-rate api qemu_monitor: Implement qemuMonitorQueryVcpuDirtyLimit qemu_driver: Extend qemuDomainGetVcpus virsh: Extend vcpuinfo api libvirt: Add virDomainCancelVcpuDirtyLimit API qemu_driver: Implement qemuDomainCancelVcpuDirtyLimit virsh: Add cancel option of limit-dirty-page-rate api NEWS: Document limit dirty page rate APIs NEWS.rst | 16 ++ include/libvirt/libvirt-domain.h | 22 +++ src/driver-hypervisor.h | 13 ++ src/libvirt-domain.c | 106 ++++++++++++ src/libvirt_public.syms | 6 + src/qemu/qemu_capabilities.c | 2 + src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_driver.c | 154 ++++++++++++++++++ src/qemu/qemu_monitor.c | 36 ++++ src/qemu/qemu_monitor.h | 26 +++ src/qemu/qemu_monitor_json.c | 150 +++++++++++++++++ src/qemu/qemu_monitor_json.h | 13 ++ src/remote/remote_daemon_dispatch.c | 2 + src/remote/remote_driver.c | 4 + src/remote/remote_protocol.x | 28 +++- src/remote_protocol-structs | 13 ++ .../qemucapabilitiesdata/caps_7.1.0_ppc64.xml | 1 + .../caps_7.1.0_x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_7.2.0_ppc.xml | 1 + .../caps_7.2.0_x86_64+hvf.xml | 1 + .../caps_7.2.0_x86_64.xml | 1 + .../caps_8.0.0_riscv64.xml | 1 + .../caps_8.0.0_x86_64.xml | 1 + .../qemucapabilitiesdata/caps_8.1.0_s390x.xml | 1 + .../caps_8.1.0_x86_64.xml | 1 + tools/virsh-domain.c | 123 ++++++++++++++ 26 files changed, 723 insertions(+), 1 deletion(-) -- 2.38.5

9 months, 3 weeks

3
17
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Devel July 2023