November 2024 - Devel - libvirt List Archives

[PATCH v4 00/11] swtpm: Add support for profiles
by Stefan Berger 16 Dec '24

16 Dec '24

Upcoming libtpms v0.10 and swtpm v0.10 will have TPM profile support that allows to restrict a TPM's provided set of crypto algorithms and commands and through which backwards compatibility and migration from newer versions of libtpms to older ones (up to libtpms v0.9) is supported. For the latter to work it is necessary that the user chooses the right ('null') profile. This series adds support for passing a profile choice to swtpm_setup by setting it in the domain XML using the <profile/> XML node. An optional attribute 'remove_disabled' can be set in this node and accepts two values: "check": test a few crypto algorithms (tdes, camellia, unpadded encryption, and others) for whether they are currently disabled due to FIPS mode on the host and remove these algorithms in the 'custom' profile if they are disabled; "fips-host": do not test but remove all the possibly disabled crypto algorithms (from list above) Also extend the documentation but point the user to swtpm and libtpms documentation for further details. Follow Deniel's suggestions there's now a PR for swtpm_setup to support searching for profiles though a configurable local directory, distro directory and if no profile could be found there (with appended ".json" suffix) it will fall back to try to use a built-in profile by the provided name: https://github.com/stefanberger/swtpm/pull/918 Stefan v4: - Renamed previous 'name' attribute in profile XML node to 'source' to indicate that the profile was created from some sort of 'source'. The 'name' is now set from the name of the profile read from the swtpm instance's state once it has been created. v3: - 2/10: Adjustments to due rebase - Applied Marc-André's R-b tags - 10/10: Read back profile name from swtpm and adjust it in emulator defs Stefan Berger (11): conf: Move TPM emulator parameters into own struct qemu: Pass virQEMUDriverConfig rather than some of its fields util: Add parsing support for swtpm_setup's cmdarg-profile capability conf: Define enum virDomainTPMProfileRemoveDisabled schema: Extend schema for TPM emulator profile node conf: Add support for profile parameter on TPM emulator in domain XML docs: Add documentation for the TPM backend profile node qemu: Extend swtpm_setup command line to set a profile by its name qemu: Move adding of keys to swtpm command line into own function qemu: Move adding --tpmstate to swtpm command line into own function qemu: Read back the profile name after creation of a TPM instance docs/formatdomain.rst | 32 +++ src/conf/domain_conf.c | 47 ++++ src/conf/domain_conf.h | 38 ++-- src/conf/domain_validate.c | 7 + src/conf/schemas/domaincommon.rng | 32 +++ src/conf/virconftypes.h | 2 + src/qemu/qemu_extdevice.c | 5 +- src/qemu/qemu_tpm.c | 344 ++++++++++++++++++++---------- src/qemu/qemu_tpm.h | 3 +- src/util/virtpm.c | 2 + src/util/virtpm.h | 2 + tests/testutilsqemu.c | 1 + 12 files changed, 386 insertions(+), 129 deletions(-) -- 2.47.0

3 22

[PATCH safe for 10.10.0] qemu: re-use existing ActualNetDef for more interface types during update-device
by Laine Stump 13 Dec '24

13 Dec '24

For the full history behind this patch, look at the following: https://issues.redhat.com/browse/RHEL-7036 commit v10.7.0-101-ga37bd2a15b commit v10.8.0-rc2-8-gbcd5ae4e73 Summary: original problem was unexpected failure of update-device when the user hadn't changed anything other than online status of the guest NIC (which should always be allowed). The first commit "fixed" this by avoiding the allocation of a new ActualNetDef (i.e. creating a new networkport) for *all* network device updates (because that was inappropriately changing which ethernet physdev should be used for a macvtap connection, which by design can't be handled in an update-device). But this commit caused a regression for update-device of bridge-based network devices (because some the updates of certain attributes *do* require the ActualNetDef be re-allocated), so... The 2nd commit narrowed the list of network types that get the "don't allocate new ActualNetDef" treatment (so that only interfaces connected to a network that uses a pool of ethernet VFs *being used in passthrough mode* qualify). But then it was pointed out that this re-broke simple updates of devices that used a direct/macvtap network in "bridge" mode (because it's possible to list multiple physdevs to use for bridge mode, in which case the network driver attempts to "load balance" (and so a new allocation might have a different ethernet physdev which, again, can't be supported in a device-update). So this (single line of code) patch *widens* the list of network types that don't allocate a new ActualNetDef to also include the other direct (macvtap) modes, e.g. bridge, private, etc. Signed-off-by: Laine Stump <laine(a)redhat.com> --- There is a more comprehensive fix that also, e.g., makes updating the bandwidth or vlan info of a direct interface work correctly, but that is much more invasive (and also isn't done yet). This patch fixes the case of updating a direct interface's online status (for example) without breaking anything else. src/qemu/qemu_hotplug.c | 38 +++++++++++++++++++++----------------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 3c18af6b0c..ff8c1263c6 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -3935,25 +3935,29 @@ qemuDomainChangeNet(virQEMUDriver *driver, if (newdev->type == VIR_DOMAIN_NET_TYPE_NETWORK) { if (olddev->type == VIR_DOMAIN_NET_TYPE_NETWORK && oldType == VIR_DOMAIN_NET_TYPE_DIRECT && - virDomainNetGetActualDirectMode(olddev) == VIR_NETDEV_MACVLAN_MODE_PASSTHRU && STREQ(olddev->data.network.name, newdev->data.network.name)) { /* old and new are type='network', and the network name - * hasn't changed *and* this is a network where each - * connection is allocated exclusive use of a VF - * device. In this case we *don't* want to get a new port - * ("actual device") from the network because attempting - * to allocate a new device would also allocate a - * new/different VF, causing the update to fail. And - * anyway we can use olddev's actualNetDef (since it - * hasn't changed). - * - * So instead we just duplicate *the pointer to* the - * actualNetDef from olddev to newdev so that comparisons - * of actualNetDef will show no change. If the update is - * successful, we will clear the actualNetDef pointer from - * olddev before destroying it (or if the update fails, - * then we need to clear the pointer from newdev before - * destroying it) + * hasn't changed *and* this is a "direct" network (a pool + * of 1 or more host ethernet devices where each guest + * interface is allocated one device that it connects to + * via macvtap. In this case we *don't* want to get a new + * port ("actual device") from the network because + * attempting to allocate a new device would also allocate + * a new/different ethernet, causing the update to fail + * (because the physical device of a macvtap-based + * interface can't be changed without completely + * unplugging and re-plugging the guest NIC). + + + * We can work around this issue by just re-using olddev's + * actualNetDef (since it hasn't changed) rather than + * allocating a new one. We just duplicate *the pointer + * to* the actualNetDef from olddev to newdev so that + * comparisons of actualNetDef will show no change. If the + * update is successful, we will clear the actualNetDef + * pointer from olddev before destroying it (or if the + * update fails, then we need to clear the pointer from + * newdev before destroying it) */ newdev->data.network.actual = olddev->data.network.actual; memcpy(newdev->data.network.portid, olddev->data.network.portid, -- 2.47.0

2 2

[PATCH] Change return type of functions that use VIR_EXPAND_N and never fail to void
by Alexander Kuznetsov 13 Dec '24

13 Dec '24

These functions return value is invariant since VIR_EXPAND_N check removal in 7d2fd6e, so change its type and remove all dependent checks. Found by Linux Verification Center (linuxtesting.org) with Svace. Reported-by: Pavel Nekrasov <p.nekrasov(a)fobos-nt.ru> Signed-off-by: Alexander Kuznetsov <kuznetsovam(a)altlinux.org> --- src/access/viraccessdriverstack.c | 4 +--- src/access/viraccessdriverstack.h | 2 +- src/access/viraccessmanager.c | 5 +---- src/admin/admin_remote.c | 3 +-- src/hyperv/hyperv_wmi.c | 13 ++++------- src/locking/lock_daemon.c | 10 ++------- src/locking/lock_driver_lockd.c | 3 +-- src/logging/log_daemon.c | 10 ++------- src/logging/log_manager.c | 3 +-- src/lxc/lxc_monitor.c | 4 +--- src/remote/remote_daemon.c | 20 ++++------------- src/remote/remote_driver.c | 17 +++++--------- src/rpc/gendispatch.pl | 5 +---- src/rpc/virnetclient.c | 6 ++--- src/rpc/virnetclient.h | 4 ++-- src/rpc/virnetserver.c | 3 +-- src/rpc/virnetserver.h | 2 +- src/util/virsysinfo.c | 37 ++++++++++--------------------- 18 files changed, 43 insertions(+), 108 deletions(-) diff --git a/src/access/viraccessdriverstack.c b/src/access/viraccessdriverstack.c index fb9ea71665..9d6a0d4d1b 100644 --- a/src/access/viraccessdriverstack.c +++ b/src/access/viraccessdriverstack.c @@ -32,7 +32,7 @@ struct _virAccessDriverStackPrivate { }; -int virAccessDriverStackAppend(virAccessManager *manager, +void virAccessDriverStackAppend(virAccessManager *manager, virAccessManager *child) { virAccessDriverStackPrivate *priv = virAccessManagerGetPrivateData(manager); @@ -40,8 +40,6 @@ int virAccessDriverStackAppend(virAccessManager *manager, VIR_EXPAND_N(priv->managers, priv->managersLen, 1); priv->managers[priv->managersLen-1] = child; - - return 0; } diff --git a/src/access/viraccessdriverstack.h b/src/access/viraccessdriverstack.h index abcfc30ec3..f878ef1989 100644 --- a/src/access/viraccessdriverstack.h +++ b/src/access/viraccessdriverstack.h @@ -23,7 +23,7 @@ #include "access/viraccessdriver.h" -int virAccessDriverStackAppend(virAccessManager *manager, +void virAccessDriverStackAppend(virAccessManager *manager, virAccessManager *child); extern virAccessDriver accessDriverStack; diff --git a/src/access/viraccessmanager.c b/src/access/viraccessmanager.c index 481528c3b9..6d9fdee5f1 100644 --- a/src/access/viraccessmanager.c +++ b/src/access/viraccessmanager.c @@ -164,10 +164,7 @@ virAccessManager *virAccessManagerNewStack(const char **names) if (!child) goto error; - if (virAccessDriverStackAppend(manager, child) < 0) { - virObjectUnref(child); - goto error; - } + virAccessDriverStackAppend(manager, child); } return manager; diff --git a/src/admin/admin_remote.c b/src/admin/admin_remote.c index 3291a1e965..5c4913a76e 100644 --- a/src/admin/admin_remote.c +++ b/src/admin/admin_remote.c @@ -214,8 +214,7 @@ remoteAdminPrivNew(const char *sock_path) NULL, 0, NULL))) goto error; - if (virNetClientAddProgram(priv->client, priv->program) < 0) - goto error; + virNetClientAddProgram(priv->client, priv->program); return priv; error: diff --git a/src/hyperv/hyperv_wmi.c b/src/hyperv/hyperv_wmi.c index 8bc376e22f..0b82f1f131 100644 --- a/src/hyperv/hyperv_wmi.c +++ b/src/hyperv/hyperv_wmi.c @@ -184,14 +184,12 @@ hypervFreeInvokeParams(hypervInvokeParamsList *params) } -static inline int +static inline void hypervCheckParams(hypervInvokeParamsList *params) { if (params->nbParams + 1 > params->nbAvailParams) { VIR_EXPAND_N(params->params, params->nbAvailParams, 5); } - - return 0; } @@ -212,8 +210,7 @@ hypervAddSimpleParam(hypervInvokeParamsList *params, const char *name, { hypervParam *p = NULL; - if (hypervCheckParams(params) < 0) - return -1; + hypervCheckParams(params); p = &params->params[params->nbParams]; p->type = HYPERV_SIMPLE_PARAM; @@ -245,8 +242,7 @@ hypervAddEprParam(hypervInvokeParamsList *params, { hypervParam *p = NULL; - if (hypervCheckParams(params) < 0) - return -1; + hypervCheckParams(params); p = &params->params[params->nbParams]; p->type = HYPERV_EPR_PARAM; @@ -333,8 +329,7 @@ hypervAddEmbeddedParam(hypervInvokeParamsList *params, { hypervParam *p = NULL; - if (hypervCheckParams(params) < 0) - return -1; + hypervCheckParams(params); p = &params->params[params->nbParams]; p->type = HYPERV_EMBEDDED_PARAM; diff --git a/src/locking/lock_daemon.c b/src/locking/lock_daemon.c index ba52ce7d77..0b86300b43 100644 --- a/src/locking/lock_daemon.c +++ b/src/locking/lock_daemon.c @@ -1066,10 +1066,7 @@ int main(int argc, char **argv) { goto cleanup; } - if (virNetServerAddProgram(lockSrv, lockProgram) < 0) { - ret = VIR_DAEMON_ERR_INIT; - goto cleanup; - } + virNetServerAddProgram(lockSrv, lockProgram); if (adminSrv != NULL) { if (!(adminProgram = virNetServerProgramNew(ADMIN_PROGRAM, @@ -1079,10 +1076,7 @@ int main(int argc, char **argv) { ret = VIR_DAEMON_ERR_INIT; goto cleanup; } - if (virNetServerAddProgram(adminSrv, adminProgram) < 0) { - ret = VIR_DAEMON_ERR_INIT; - goto cleanup; - } + virNetServerAddProgram(adminSrv, adminProgram); } /* Disable error func, now logging is setup */ diff --git a/src/locking/lock_driver_lockd.c b/src/locking/lock_driver_lockd.c index d75302dd0a..0b6c720477 100644 --- a/src/locking/lock_driver_lockd.c +++ b/src/locking/lock_driver_lockd.c @@ -213,8 +213,7 @@ static virNetClient *virLockManagerLockDaemonConnectionNew(bool privileged, NULL))) goto error; - if (virNetClientAddProgram(client, *prog) < 0) - goto error; + virNetClientAddProgram(client, *prog); return client; diff --git a/src/logging/log_daemon.c b/src/logging/log_daemon.c index 5a9be4a44e..16a5dcea9a 100644 --- a/src/logging/log_daemon.c +++ b/src/logging/log_daemon.c @@ -864,10 +864,7 @@ int main(int argc, char **argv) { ret = VIR_DAEMON_ERR_INIT; goto cleanup; } - if (virNetServerAddProgram(logSrv, logProgram) < 0) { - ret = VIR_DAEMON_ERR_INIT; - goto cleanup; - } + virNetServerAddProgram(logSrv, logProgram); if (adminSrv != NULL) { if (!(adminProgram = virNetServerProgramNew(ADMIN_PROGRAM, @@ -877,10 +874,7 @@ int main(int argc, char **argv) { ret = VIR_DAEMON_ERR_INIT; goto cleanup; } - if (virNetServerAddProgram(adminSrv, adminProgram) < 0) { - ret = VIR_DAEMON_ERR_INIT; - goto cleanup; - } + virNetServerAddProgram(adminSrv, adminProgram); } /* Disable error func, now logging is setup */ diff --git a/src/logging/log_manager.c b/src/logging/log_manager.c index d8490f4e5a..19e23d65c5 100644 --- a/src/logging/log_manager.c +++ b/src/logging/log_manager.c @@ -88,8 +88,7 @@ virLogManagerConnect(bool privileged, NULL))) goto error; - if (virNetClientAddProgram(client, *prog) < 0) - goto error; + virNetClientAddProgram(client, *prog); VIR_FREE(daemonPath); VIR_FREE(logdpath); diff --git a/src/lxc/lxc_monitor.c b/src/lxc/lxc_monitor.c index 811d6685e5..cf2fd1897f 100644 --- a/src/lxc/lxc_monitor.c +++ b/src/lxc/lxc_monitor.c @@ -169,9 +169,7 @@ virLXCMonitor *virLXCMonitorNew(virDomainObj *vm, mon))) goto error; - if (virNetClientAddProgram(mon->client, - mon->program) < 0) - goto error; + virNetClientAddProgram(mon->client, mon->program); mon->vm = virObjectRef(vm); memcpy(&mon->cb, cb, sizeof(mon->cb)); diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c index 9e82132654..1d079c7e4b 100644 --- a/src/remote/remote_daemon.c +++ b/src/remote/remote_daemon.c @@ -1063,10 +1063,7 @@ int main(int argc, char **argv) { ret = VIR_DAEMON_ERR_INIT; goto cleanup; } - if (virNetServerAddProgram(srv, remoteProgram) < 0) { - ret = VIR_DAEMON_ERR_INIT; - goto cleanup; - } + virNetServerAddProgram(srv, remoteProgram); if (!(lxcProgram = virNetServerProgramNew(LXC_PROGRAM, LXC_PROTOCOL_VERSION, @@ -1075,10 +1072,7 @@ int main(int argc, char **argv) { ret = VIR_DAEMON_ERR_INIT; goto cleanup; } - if (virNetServerAddProgram(srv, lxcProgram) < 0) { - ret = VIR_DAEMON_ERR_INIT; - goto cleanup; - } + virNetServerAddProgram(srv, lxcProgram); if (!(qemuProgram = virNetServerProgramNew(QEMU_PROGRAM, QEMU_PROTOCOL_VERSION, @@ -1087,10 +1081,7 @@ int main(int argc, char **argv) { ret = VIR_DAEMON_ERR_INIT; goto cleanup; } - if (virNetServerAddProgram(srv, qemuProgram) < 0) { - ret = VIR_DAEMON_ERR_INIT; - goto cleanup; - } + virNetServerAddProgram(srv, qemuProgram); if (!(srvAdm = virNetServerNew("admin", 1, config->admin_min_workers, @@ -1120,10 +1111,7 @@ int main(int argc, char **argv) { ret = VIR_DAEMON_ERR_INIT; goto cleanup; } - if (virNetServerAddProgram(srvAdm, adminProgram) < 0) { - ret = VIR_DAEMON_ERR_INIT; - goto cleanup; - } + virNetServerAddProgram(srvAdm, adminProgram); if (timeout > 0) { if (virNetDaemonAutoShutdown(dmn, timeout) < 0) diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index e76d9e9ba4..307f9ca945 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -1160,10 +1160,9 @@ doRemoteOpen(virConnectPtr conn, conn))) goto error; - if (virNetClientAddProgram(priv->client, priv->remoteProgram) < 0 || - virNetClientAddProgram(priv->client, priv->lxcProgram) < 0 || - virNetClientAddProgram(priv->client, priv->qemuProgram) < 0) - goto error; + virNetClientAddProgram(priv->client, priv->remoteProgram); + virNetClientAddProgram(priv->client, priv->lxcProgram); + virNetClientAddProgram(priv->client, priv->qemuProgram); /* Try and authenticate with server */ VIR_DEBUG("Trying authentication"); @@ -5664,10 +5663,7 @@ remoteDomainMigratePrepareTunnel3(virConnectPtr dconn, false))) return -1; - if (virNetClientAddStream(priv->client, netst) < 0) { - virObjectUnref(netst); - return -1; - } + virNetClientAddStream(priv->client, netst); st->driver = &remoteStreamDrv; st->privateData = netst; @@ -6433,10 +6429,7 @@ remoteDomainMigratePrepareTunnel3Params(virConnectPtr dconn, false))) goto cleanup; - if (virNetClientAddStream(priv->client, netst) < 0) { - virObjectUnref(netst); - goto cleanup; - } + virNetClientAddStream(priv->client, netst); st->driver = &remoteStreamDrv; st->privateData = netst; diff --git a/src/rpc/gendispatch.pl b/src/rpc/gendispatch.pl index c5842dc796..724a6aed6e 100755 --- a/src/rpc/gendispatch.pl +++ b/src/rpc/gendispatch.pl @@ -1822,10 +1822,7 @@ elsif ($mode eq "client") { print " if (!(netst = virNetClientStreamNew(priv->remoteProgram, $call->{constname}, priv->counter, sparse)))\n"; print " goto cleanup;\n"; print "\n"; - print " if (virNetClientAddStream(priv->client, netst) < 0) {\n"; - print " virObjectUnref(netst);\n"; - print " goto cleanup;\n"; - print " }"; + print " virNetClientAddStream(priv->client, netst);\n"; print "\n"; print " st->driver = &remoteStreamDrv;\n"; print " st->privateData = netst;\n"; diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c index 6d424eb599..39ccbd739c 100644 --- a/src/rpc/virnetclient.c +++ b/src/rpc/virnetclient.c @@ -1053,7 +1053,7 @@ bool virNetClientIsOpen(virNetClient *client) } -int virNetClientAddProgram(virNetClient *client, +void virNetClientAddProgram(virNetClient *client, virNetClientProgram *prog) { virObjectLock(client); @@ -1062,11 +1062,10 @@ int virNetClientAddProgram(virNetClient *client, client->programs[client->nprograms-1] = virObjectRef(prog); virObjectUnlock(client); - return 0; } -int virNetClientAddStream(virNetClient *client, +void virNetClientAddStream(virNetClient *client, virNetClientStream *st) { virObjectLock(client); @@ -1075,7 +1074,6 @@ int virNetClientAddStream(virNetClient *client, client->streams[client->nstreams-1] = virObjectRef(st); virObjectUnlock(client); - return 0; } diff --git a/src/rpc/virnetclient.h b/src/rpc/virnetclient.h index 1647a6cc71..29099791a0 100644 --- a/src/rpc/virnetclient.h +++ b/src/rpc/virnetclient.h @@ -117,10 +117,10 @@ int virNetClientDupFD(virNetClient *client, bool cloexec); bool virNetClientHasPassFD(virNetClient *client); -int virNetClientAddProgram(virNetClient *client, +void virNetClientAddProgram(virNetClient *client, virNetClientProgram *prog); -int virNetClientAddStream(virNetClient *client, +void virNetClientAddStream(virNetClient *client, virNetClientStream *st); void virNetClientRemoveStream(virNetClient *client, diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c index a6c6443c55..91219c3eed 100644 --- a/src/rpc/virnetserver.c +++ b/src/rpc/virnetserver.c @@ -768,7 +768,7 @@ virNetServerAddServiceUNIX(virNetServer *srv, } -int +void virNetServerAddProgram(virNetServer *srv, virNetServerProgram *prog) { @@ -776,7 +776,6 @@ virNetServerAddProgram(virNetServer *srv, VIR_EXPAND_N(srv->programs, srv->nprograms, 1); srv->programs[srv->nprograms-1] = virObjectRef(prog); - return 0; } diff --git a/src/rpc/virnetserver.h b/src/rpc/virnetserver.h index 7756a1dd6c..c14d8bd10f 100644 --- a/src/rpc/virnetserver.h +++ b/src/rpc/virnetserver.h @@ -84,7 +84,7 @@ int virNetServerAddServiceUNIX(virNetServer *srv, size_t max_queued_clients, size_t nrequests_client_max); -int virNetServerAddProgram(virNetServer *srv, +void virNetServerAddProgram(virNetServer *srv, virNetServerProgram *prog); int virNetServerSetTLSContext(virNetServer *srv, diff --git a/src/util/virsysinfo.c b/src/util/virsysinfo.c index dbcbca62ed..3575669ac3 100644 --- a/src/util/virsysinfo.c +++ b/src/util/virsysinfo.c @@ -263,7 +263,7 @@ virSysinfoParsePPCSystem(const char *base, virSysinfoSystemDef **sysdef) return ret; } -static int +static void virSysinfoParsePPCProcessor(const char *base, virSysinfoDef *ret) { const char *cur; @@ -303,8 +303,6 @@ virSysinfoParsePPCProcessor(const char *base, virSysinfoDef *ret) } } - - return 0; } /* virSysinfoRead for PowerPC @@ -325,8 +323,7 @@ virSysinfoReadPPC(void) ret->nprocessor = 0; ret->processor = NULL; - if (virSysinfoParsePPCProcessor(outbuf, ret) < 0) - return NULL; + virSysinfoParsePPCProcessor(outbuf, ret); if (virSysinfoParsePPCSystem(outbuf, &ret->system) < 0) return NULL; @@ -383,7 +380,7 @@ virSysinfoParseARMSystem(const char *base, virSysinfoSystemDef **sysdef) return ret; } -static int +static void virSysinfoParseARMProcessor(const char *base, virSysinfoDef *ret) { const char *cur; @@ -393,7 +390,7 @@ virSysinfoParseARMProcessor(const char *base, virSysinfoDef *ret) if (!(tmp_base = strstr(base, "model name")) && !(tmp_base = strstr(base, "Processor"))) - return 0; + return; eol = strchr(tmp_base, '\n'); cur = strchr(tmp_base, ':') + 1; @@ -420,7 +417,7 @@ virSysinfoParseARMProcessor(const char *base, virSysinfoDef *ret) } VIR_FREE(processor_type); - return 0; + return; } /* virSysinfoRead for ARMv7 @@ -451,8 +448,7 @@ virSysinfoReadARM(void) ret->nprocessor = 0; ret->processor = NULL; - if (virSysinfoParseARMProcessor(outbuf, ret) < 0) - return NULL; + virSysinfoParseARMProcessor(outbuf, ret); if (virSysinfoParseARMSystem(outbuf, &ret->system) < 0) return NULL; @@ -753,7 +749,7 @@ virSysinfoParseX86System(const char *base, virSysinfoSystemDef **sysdef) return ret; } -static int +static void virSysinfoParseX86BaseBoard(const char *base, virSysinfoBaseBoardDef **baseBoard, size_t *nbaseBoard) @@ -827,7 +823,6 @@ virSysinfoParseX86BaseBoard(const char *base, *nbaseBoard = nboards; *baseBoard = g_steal_pointer(&boards); - return 0; } @@ -1006,7 +1001,7 @@ virSysinfoParseOEMStrings(const char *base, } -static int +static void virSysinfoParseX86Processor(const char *base, virSysinfoDef *ret) { const char *cur, *tmp_base; @@ -1102,11 +1097,9 @@ virSysinfoParseX86Processor(const char *base, virSysinfoDef *ret) base += strlen("Processor Information"); } - - return 0; } -static int +static void virSysinfoParseX86Memory(const char *base, virSysinfoDef *ret) { const char *cur, *tmp_base; @@ -1197,8 +1190,6 @@ virSysinfoParseX86Memory(const char *base, virSysinfoDef *ret) next: base += strlen("Memory Device"); } - - return 0; } virSysinfoDef * @@ -1223,8 +1214,7 @@ virSysinfoReadDMI(void) if (virSysinfoParseX86System(outbuf, &ret->system) < 0) return NULL; - if (virSysinfoParseX86BaseBoard(outbuf, &ret->baseBoard, &ret->nbaseBoard) < 0) - return NULL; + virSysinfoParseX86BaseBoard(outbuf, &ret->baseBoard, &ret->nbaseBoard); if (virSysinfoParseX86Chassis(outbuf, &ret->chassis) < 0) return NULL; @@ -1234,13 +1224,10 @@ virSysinfoReadDMI(void) ret->nprocessor = 0; ret->processor = NULL; - if (virSysinfoParseX86Processor(outbuf, ret) < 0) - return NULL; - + virSysinfoParseX86Processor(outbuf, ret); ret->nmemory = 0; ret->memory = NULL; - if (virSysinfoParseX86Memory(outbuf, ret) < 0) - return NULL; + virSysinfoParseX86Memory(outbuf, ret); return g_steal_pointer(&ret); } -- 2.42.2

3 17

[PATCH v2 0/5] Allow Guest CPU Model with Deprecated Features Disabled
by Collin Walling 09 Dec '24

09 Dec '24

# Changelog v2 - rebased on latest master changes # Description Add support for libvirt to query and cache an array of deprecated CPU features (aka CPU properties) for the host-model. This data is queried via a full query-cpu-model-expansion and cached in the QEMU capabilities file. This model expansion will depend on the availability of the "deprecated-props" field resulting from a query-cpu-model-expansion command. Currently, only s390x supports this field. The purpose of these patches is to make it easy for users to create guests with a CPU model that will be compatible & migratable with future hardware. An updated host CPU model with deprecated features paired with the policy "disable" may be visable via an update to the virsh domcapabilities command with the --disable-deprecated-features flag. An example is shown below. Note: other CPU model queries (e.g. baseline and comparison) currently do not consider deprecated features, as their outputs do not consider feature policy. If implementation is desired, it will require a discussion on how these commands should report policies. Examples: virsh domcapabilities --disable-deprecated-features e.g. output (trimmed): <mode name='host-model' supported='yes'> <model fallback='forbid'>z14.2-base</model> <feature policy='require' name='aen'/> <feature policy='require' name='cmmnt'/> <feature policy='require' name='aefsi'/> <feature policy='require' name='diag318'/> <feature policy='require' name='mepoch'/> <feature policy='require' name='msa8'/> <feature policy='require' name='msa7'/> <feature policy='require' name='msa6'/> <feature policy='require' name='msa5'/> <feature policy='require' name='msa4'/> <feature policy='require' name='msa3'/> <feature policy='require' name='msa2'/> <feature policy='require' name='msa1'/> <feature policy='require' name='sthyi'/> <feature policy='require' name='edat'/> <feature policy='require' name='ri'/> <feature policy='require' name='edat2'/> <feature policy='require' name='etoken'/> <feature policy='require' name='vx'/> <feature policy='require' name='ipter'/> <feature policy='require' name='mepochptff'/> <feature policy='require' name='ap'/> <feature policy='require' name='vxeh'/> <feature policy='require' name='vxpd'/> <feature policy='require' name='esop'/> <feature policy='require' name='apqi'/> <feature policy='require' name='apft'/> <feature policy='require' name='els'/> <feature policy='require' name='iep'/> <feature policy='require' name='apqci'/> <feature policy='disable' name='cte'/> <feature policy='require' name='ais'/> <feature policy='disable' name='bpb'/> <feature policy='require' name='ctop'/> <feature policy='require' name='gs'/> <feature policy='require' name='ppa15'/> <feature policy='require' name='zpci'/> <feature policy='require' name='sea_esop2'/> <feature policy='disable' name='te'/> <feature policy='require' name='cmm'/> <feature policy='disable' name='csske'/> </mode> A domain may be defined with a new <cpu> XML attribute, deprecated_features='on|off': <cpu mode='host-model' check='partial' deprecated_features='off'/> e.g. after guest has started (trimmed): <cpu mode='custom' match='exact' check='partial' deprecated_features='off'> <model fallback='forbid'>z14.2-base</model> <feature policy='require' name='aen'/> <feature policy='require' name='cmmnt'/> <feature policy='require' name='aefsi'/> <feature policy='require' name='diag318'/> <feature policy='require' name='mepoch'/> <feature policy='require' name='msa8'/> <feature policy='require' name='msa7'/> <feature policy='require' name='msa6'/> <feature policy='require' name='msa5'/> <feature policy='require' name='msa4'/> <feature policy='require' name='msa3'/> <feature policy='require' name='msa2'/> <feature policy='require' name='msa1'/> <feature policy='require' name='sthyi'/> <feature policy='require' name='edat'/> <feature policy='require' name='ri'/> <feature policy='require' name='edat2'/> <feature policy='require' name='etoken'/> <feature policy='require' name='vx'/> <feature policy='require' name='ipter'/> <feature policy='require' name='mepochptff'/> <feature policy='require' name='ap'/> <feature policy='require' name='vxeh'/> <feature policy='require' name='vxpd'/> <feature policy='require' name='esop'/> <feature policy='require' name='apqi'/> <feature policy='require' name='apft'/> <feature policy='require' name='els'/> <feature policy='require' name='iep'/> <feature policy='require' name='apqci'/> <feature policy='disable' name='cte'/> <feature policy='require' name='ais'/> <feature policy='disable' name='bpb'/> <feature policy='require' name='ctop'/> <feature policy='require' name='gs'/> <feature policy='require' name='ppa15'/> <feature policy='require' name='zpci'/> <feature policy='require' name='sea_esop2'/> <feature policy='disable' name='te'/> <feature policy='require' name='cmm'/> <feature policy='disable' name='csske'/> </cpu> Collin Walling (5): qemuMonitorJSONGetCPUModelExpansion: refactor parsing functions qemu: parse deprecated-props from query-cpu-model-expansion response qemu_capabilities: query deprecated features for host-model virsh: add --disable-deprecated-features flag to domcapabilities conf: add deprecated_features attribute docs/manpages/virsh.rst | 6 + include/libvirt/libvirt-domain.h | 12 + src/conf/cpu_conf.c | 10 + src/conf/cpu_conf.h | 1 + src/conf/schemas/cputypes.rng | 12 + src/libvirt-domain.c | 2 +- src/qemu/qemu_capabilities.c | 89 +++++ src/qemu/qemu_capabilities.h | 4 + src/qemu/qemu_driver.c | 8 +- src/qemu/qemu_monitor.c | 10 + src/qemu/qemu_monitor.h | 1 + src/qemu/qemu_monitor_json.c | 64 +++- src/qemu/qemu_process.c | 4 + .../caps_9.1.0_s390x.replies | 348 +++++++++++++++++- .../qemucapabilitiesdata/caps_9.1.0_s390x.xml | 13 + .../caps_9.2.0_s390x.replies | 348 +++++++++++++++++- .../qemucapabilitiesdata/caps_9.2.0_s390x.xml | 13 + tools/virsh-host.c | 9 +- 18 files changed, 940 insertions(+), 14 deletions(-) -- 2.45.1

3 16

[PATCH 0/5] cpu_map: Add missing -v1 models
by Jiri Denemark 05 Dec '24

05 Dec '24

CPU models that do not have a list of versions attached are still advertised as aliases to corresponding -v1 variants. We should add the missing variants to the CPU map. Available on gitlab: git fetch https://gitlab.com/jirkade/libvirt.git cpu-versions Pipeline: https://gitlab.com/jirkade/libvirt/-/pipelines/1564399375 Jiri Denemark (5): cpu_map: Sort data files in meson.build sync_qemu_models_i386: Update meson.build sync_qemu_models_i386: Ignore old models sync_qemu_models_i386: Generate missing -v1 variants cpu_map: Add missing -v1 models src/cpu_map/index.xml | 2 + src/cpu_map/meson.build | 18 +++--- src/cpu_map/sync_qemu_models_i386.py | 58 +++++++++++++++++++ src/cpu_map/x86_EPYC-Genoa-v1.xml | 6 ++ src/cpu_map/x86_KnightsMill-v1.xml | 6 ++ .../domaincapsdata/qemu_5.2.0-q35.x86_64.xml | 14 ++++- .../domaincapsdata/qemu_5.2.0-tcg.x86_64.xml | 20 ++++++- tests/domaincapsdata/qemu_5.2.0.x86_64.xml | 14 ++++- .../domaincapsdata/qemu_6.0.0-q35.x86_64.xml | 14 ++++- .../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml | 20 ++++++- tests/domaincapsdata/qemu_6.0.0.x86_64.xml | 14 ++++- .../domaincapsdata/qemu_6.1.0-q35.x86_64.xml | 14 ++++- .../domaincapsdata/qemu_6.1.0-tcg.x86_64.xml | 20 ++++++- tests/domaincapsdata/qemu_6.1.0.x86_64.xml | 14 ++++- .../domaincapsdata/qemu_6.2.0-q35.x86_64.xml | 14 ++++- .../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml | 20 ++++++- tests/domaincapsdata/qemu_6.2.0.x86_64.xml | 14 ++++- .../domaincapsdata/qemu_7.0.0-q35.x86_64.xml | 14 ++++- .../domaincapsdata/qemu_7.0.0-tcg.x86_64.xml | 20 ++++++- tests/domaincapsdata/qemu_7.0.0.x86_64.xml | 14 ++++- .../domaincapsdata/qemu_7.1.0-q35.x86_64.xml | 14 ++++- .../domaincapsdata/qemu_7.1.0-tcg.x86_64.xml | 20 ++++++- tests/domaincapsdata/qemu_7.1.0.x86_64.xml | 14 ++++- .../domaincapsdata/qemu_7.2.0-q35.x86_64.xml | 14 ++++- .../qemu_7.2.0-tcg.x86_64+hvf.xml | 16 ++++- .../domaincapsdata/qemu_7.2.0-tcg.x86_64.xml | 16 ++++- tests/domaincapsdata/qemu_7.2.0.x86_64.xml | 14 ++++- .../domaincapsdata/qemu_8.0.0-q35.x86_64.xml | 14 ++++- .../domaincapsdata/qemu_8.0.0-tcg.x86_64.xml | 16 ++++- tests/domaincapsdata/qemu_8.0.0.x86_64.xml | 14 ++++- .../domaincapsdata/qemu_8.1.0-q35.x86_64.xml | 46 ++++++++++++++- .../domaincapsdata/qemu_8.1.0-tcg.x86_64.xml | 56 +++++++++++++++++- tests/domaincapsdata/qemu_8.1.0.x86_64.xml | 46 ++++++++++++++- .../domaincapsdata/qemu_8.2.0-q35.x86_64.xml | 46 ++++++++++++++- .../domaincapsdata/qemu_8.2.0-tcg.x86_64.xml | 55 +++++++++++++++++- tests/domaincapsdata/qemu_8.2.0.x86_64.xml | 46 ++++++++++++++- .../domaincapsdata/qemu_9.0.0-q35.x86_64.xml | 46 ++++++++++++++- .../domaincapsdata/qemu_9.0.0-tcg.x86_64.xml | 54 ++++++++++++++++- tests/domaincapsdata/qemu_9.0.0.x86_64.xml | 46 ++++++++++++++- .../domaincapsdata/qemu_9.1.0-q35.x86_64.xml | 46 ++++++++++++++- .../domaincapsdata/qemu_9.1.0-tcg.x86_64.xml | 54 ++++++++++++++++- tests/domaincapsdata/qemu_9.1.0.x86_64.xml | 46 ++++++++++++++- .../domaincapsdata/qemu_9.2.0-q35.x86_64.xml | 46 ++++++++++++++- .../domaincapsdata/qemu_9.2.0-tcg.x86_64.xml | 54 ++++++++++++++++- tests/domaincapsdata/qemu_9.2.0.x86_64.xml | 46 ++++++++++++++- 45 files changed, 1152 insertions(+), 63 deletions(-) create mode 100644 src/cpu_map/x86_EPYC-Genoa-v1.xml create mode 100644 src/cpu_map/x86_KnightsMill-v1.xml -- 2.47.0

3 10

[PATCH v3 0/5] ch: handle events from cloud-hypervisor
by Purna Pavan Chandra Aekkaladevi 03 Dec '24

03 Dec '24

changes from v2->v3: * Remove patch 'utils: Implement virFileIsNamedPipe' as it is no more needed. * Remove the eventmonitorpath only if it exists * Added domain name as a prefix to logs from ch_events.c. This will make debugging easier. * Simplified event parsing logic by reserving a byte for null char. changes from v1->v2: * Rebase on latest master * Use /* */ for comments * Remove fifo file if already exists * Address other comments from Praveen Paladugu cloud-hypervisor raises various events, including VM lifecylce operations such as boot, shutdown, pause, resume, etc. Libvirt will now read these events and take the necessary actions, such as correctly updating the domain state. A FIFO file is passed to `--event-monitor` option of cloud-hypervisor. Libvirt creates a new thread that acts as the reader of the fifo file and continuously monitors for new events. Currently, shutdown events are handled by updating the domain state appropriately. Purna Pavan Chandra Aekkaladevi (5): ch: pass --event-monitor option to cloud-hypervisor ch: start a new thread for handling ch events ch: events: Read and parse cloud-hypervisor events ch: events: facilitate lifecycle events handling NEWS: Mention event handling support in ch driver NEWS.rst | 7 + po/POTFILES | 1 + src/ch/ch_events.c | 329 ++++++++++++++++++++++++++++++++++++++++++++ src/ch/ch_events.h | 54 ++++++++ src/ch/ch_monitor.c | 52 ++++++- src/ch/ch_monitor.h | 11 ++ src/ch/meson.build | 2 + 7 files changed, 449 insertions(+), 7 deletions(-) create mode 100644 src/ch/ch_events.c create mode 100644 src/ch/ch_events.h -- 2.34.1

3 14

[PATCH] qemu:qemu_snapshot: Fix a libvirtd cransh when delete snapshot
by jungle man 29 Nov '24

29 Nov '24

qemuDomainDiskByName() can return a NULL pointer on failure, but this returned value in qemuSnapshotDeleteValidate is not checked. It will make libvirtd crash. diff --git a/src/qemu/qemu_snapshot.c b/src/qemu/qemu_snapshot.c index 5b3aadcbf0..52312b4a7b 100644 --- a/src/qemu/qemu_snapshot.c +++ b/src/qemu/qemu_snapshot.c @@ -4235,8 +4235,11 @@ qemuSnapshotDeleteValidate(virDomainObj *vm, virDomainDiskDef *vmdisk = NULL; virDomainDiskDef *disk = NULL; - vmdisk = qemuDomainDiskByName(vm->def, snapDisk->name); - disk = qemuDomainDiskByName(snapdef->parent.dom, snapDisk->name); + if (!(vmdisk = qemuDomainDiskByName(vm->def, snapDisk->name))) + return -1; + + if (!(disk = qemuDomainDiskByName(snapdef->parent.dom, snapDisk->name))) + return -1; if (!virStorageSourceIsSameLocation(vmdisk->src, disk->src)) { virReportError(VIR_ERR_OPERATION_UNSUPPORTED,

2 2

[PATCH] qemu: enable QEMU core dump by default on Linux
by Daniel P. Berrangé 29 Nov '24

29 Nov '24

The Linux MADV_DONTDUMP flag was added to Linux kernels > 3.3, back in 2012, and the dump-guest-core flag was added to QEMU > 1.0 at the same time. IOW, on Linux we have long been able to assume that QEMU core dumps will exclude guest memory, unless the user has overridden the host level defaults in the domain XML. It is desirable to permit QEMU core dumps out of the box to make it easier for users to report crashes to their OS vendor without having to reconfigure and restart libvirt daemons and their running guests. While there is a risk that an admin may have set 'dump_guest_core' to true, while leaving 'max_core' to 0, on balance the benefits of easier troubleshooting outweigh the risk of changing the defaults to permit core dumps. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- src/qemu/qemu.conf.in | 8 +++++--- src/qemu/qemu_conf.c | 10 +++++++--- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/src/qemu/qemu.conf.in b/src/qemu/qemu.conf.in index 89c9b6b913..d853136f10 100644 --- a/src/qemu/qemu.conf.in +++ b/src/qemu/qemu.conf.in @@ -709,7 +709,9 @@ # As a special case it can be set to the string "unlimited" to # to allow arbitrarily sized core dumps. # -# By default the core dump size is set to 0 disabling all dumps +# By default the core dump size is set to unlimited on +# Linux where 'dump_guest_core' defaults to false, and +# is set to 0 on other platforms, disabling all dumps # # Size is a positive integer specifying bytes or the # string "unlimited" @@ -717,8 +719,8 @@ #max_core = "unlimited" # Determine if guest RAM is included in QEMU core dumps. By -# default guest RAM will be excluded if a new enough QEMU is -# present and host kernel supports it. Setting this to '1' will +# default guest RAM will be excluded on Linux platforms, +# and included on all other patforms. Setting this to '1' will # force guest RAM to always be included in QEMU core dumps. # # This setting will be ignored if the guest XML has set the diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index 7c15c521c7..8b9fe4e381 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -291,10 +291,14 @@ virQEMUDriverConfig *virQEMUDriverConfigNew(bool privileged, cfg->deprecationBehavior = g_strdup("none"); cfg->storageUseNbdkit = USE_NBDKIT_DEFAULT; -#ifndef MADV_DONTDUMP +#ifdef MADV_DONTDUMP + cfg->maxCore = ULLONG_MAX; +#else /* QEMU uses Linux extensions to madvise() (MADV_DODUMP/MADV_DONTDUMP) to - * include/exclude guest memory from core dump. These might be unavailable - * on some systems. Provide sane default. */ + * include/exclude guest memory from core dump. On non-Linux systems + * core dumps will unavoidably include all guest RAM, so toggle the + * default to reflect this and warn the admin. + */ VIR_INFO("Host kernel doesn't support MADV_DONTDUMP. Enabling dump_guest_core"); cfg->dumpGuestCore = true; #endif -- 2.46.0

2 1

[PATCH] docs: Document how to enable coredumps for session qemu
by Richard W.M. Jones 29 Nov '24

29 Nov '24

Thanks: Daniel P. Berrangé Signed-off-by: Richard W.M. Jones <rjones(a)redhat.com> --- docs/kbase/qemu-core-dump.rst | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/kbase/qemu-core-dump.rst b/docs/kbase/qemu-core-dump.rst index 5c3781cf90..4bd3ff0b9d 100644 --- a/docs/kbase/qemu-core-dump.rst +++ b/docs/kbase/qemu-core-dump.rst @@ -53,6 +53,13 @@ that may get interrupted. In particular long running jobs like live migration or block device copy jobs may abort. It is thus wise to check that the host is mostly idle before restarting the daemons. +Session mode qemu +================= + +For session mode (non-root) qemu, you have to create a new file called +``$HOME/.config/libvirt/qemu.conf``, add the line(s) above, and kill +the user ``virtqemud`` instance. + Guest core dump configuration ============================= -- 2.46.0

1 0

Entering freeze for libvirt-10.10.0
by Jiri Denemark 28 Nov '24

28 Nov '24

I have just tagged v10.10.0-rc1 in the repository and pushed signed tarballs to https://download.libvirt.org/ Please give the release candidate some testing and in case you find a serious issue which should have a fix in the upcoming release, feel free to reply to this thread to make sure the issue is more visible. If you have not done so yet, please update NEWS.rst to document any significant change you made since the last release. Thanks, Jirka

1 1