April 2024 - Devel - Libvirt List Archives

[PATCH v4 00/30] [PATCH v3 00/27] native support for nftables in virtual network driver

by Laine Stump

V3: https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/HO... V2: https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/5R... This patch series enables libvirt to use nftables rules rather than iptables *when setting up virtual networks* (it does *not* add nftables support to the nwfilter driver). Changes from V3: * Fixed a bug (newly added in V3) that resulted in the firewall name attribute not being added to the XML. * renamed the table to "libvirt_network" (new patch 28) * renamed the chains to be more descriptive, and lower case rather than all caps. (new patch 29) * eliminated all the guest->host and host->guest rules since they are redundant in nftables. (new patch 30) Laine Stump (30): util/network: move viriptables.[ch] from util to network directory network: move all functions manipulating iptables rules into network_iptables.c network: make all iptables functions used only in network_iptables.c static util: #define the names used for private packet filter chains util: change name of virFirewallRule to virFirewallCmd util: rename virNetFilterAction to iptablesAction, and add VIR_ENUM_DECL/IMPL util: check for 0 args when applying iptables rule util: add -w/--concurrent when applying a FirewallCmd rather than when building it util: determine ignoreErrors value when creating virFirewallCmd, not when applying util/network: new virFirewallBackend enum network: add (empty) network.conf file to distribution files network: support setting firewallBackend from network.conf network: framework to call backend-specific function to init private filter chains util: new functions to support adding individual firewall rollback commands util: implement rollback rule autocreation for iptables commands network: turn on auto-rollback for the rules added for virtual networks util: add name attribute to virFirewall util: new function virFirewallNewFromRollback() util: new functions virFirewallParseXML() and virFirewallFormat() conf: add a virFirewall object to virNetworkObj network: use previously saved list of firewall removal commands network: save network status when firewall rules are reloaded meson: stop looking for iptables/ip6tables/ebtables at build time network: add an nftables backend for network driver's firewall construction tests: test cases for nftables backend network: prefer the nftables backend over iptables spec: require either iptables or nftables if network driver is installed network: name the nftables table "libvirt_network" rather than "libvirt" network: rename chains used by network driver nftables backend network: eliminate pointless host input/output rules from nftables backend libvirt.spec.in | 7 +- meson.build | 10 +- meson_options.txt | 1 + po/POTFILES | 3 +- src/conf/virnetworkobj.c | 41 + src/conf/virnetworkobj.h | 8 + src/libvirt_private.syms | 58 +- src/network/bridge_driver.c | 39 +- src/network/bridge_driver_conf.c | 64 + src/network/bridge_driver_conf.h | 3 + src/network/bridge_driver_linux.c | 630 +------ src/network/bridge_driver_nop.c | 6 +- src/network/bridge_driver_platform.h | 6 +- src/network/libvirtd_network.aug | 39 + src/network/meson.build | 36 + src/network/network.conf.in | 28 + src/network/network_iptables.c | 1677 +++++++++++++++++ src/network/network_iptables.h | 30 + src/network/network_nftables.c | 968 ++++++++++ src/network/network_nftables.h | 28 + src/network/test_libvirtd_network.aug.in | 5 + src/nwfilter/nwfilter_ebiptables_driver.c | 1004 +++++----- src/util/meson.build | 1 - src/util/virebtables.c | 36 +- src/util/virfirewall.c | 820 ++++++-- src/util/virfirewall.h | 87 +- src/util/viriptables.c | 1072 ----------- src/util/viriptables.h | 155 -- .../{base.args => base.iptables} | 0 tests/networkxml2firewalldata/base.nftables | 256 +++ ...-linux.args => nat-default-linux.iptables} | 0 .../nat-default-linux.nftables | 144 ++ ...pv6-linux.args => nat-ipv6-linux.iptables} | 0 .../nat-ipv6-linux.nftables | 202 ++ ...rgs => nat-ipv6-masquerade-linux.iptables} | 0 .../nat-ipv6-masquerade-linux.nftables | 274 +++ ...linux.args => nat-many-ips-linux.iptables} | 0 .../nat-many-ips-linux.nftables | 368 ++++ ...-linux.args => nat-no-dhcp-linux.iptables} | 0 .../nat-no-dhcp-linux.nftables | 202 ++ ...ftp-linux.args => nat-tftp-linux.iptables} | 0 .../nat-tftp-linux.nftables | 144 ++ ...inux.args => route-default-linux.iptables} | 0 .../route-default-linux.nftables | 58 + tests/networkxml2firewalltest.c | 56 +- tests/virfirewalltest.c | 424 ++--- 46 files changed, 6239 insertions(+), 2751 deletions(-) create mode 100644 src/network/libvirtd_network.aug create mode 100644 src/network/network.conf.in create mode 100644 src/network/network_iptables.c create mode 100644 src/network/network_iptables.h create mode 100644 src/network/network_nftables.c create mode 100644 src/network/network_nftables.h create mode 100644 src/network/test_libvirtd_network.aug.in delete mode 100644 src/util/viriptables.c delete mode 100644 src/util/viriptables.h rename tests/networkxml2firewalldata/{base.args => base.iptables} (100%) create mode 100644 tests/networkxml2firewalldata/base.nftables rename tests/networkxml2firewalldata/{nat-default-linux.args => nat-default-linux.iptables} (100%) create mode 100644 tests/networkxml2firewalldata/nat-default-linux.nftables rename tests/networkxml2firewalldata/{nat-ipv6-linux.args => nat-ipv6-linux.iptables} (100%) create mode 100644 tests/networkxml2firewalldata/nat-ipv6-linux.nftables rename tests/networkxml2firewalldata/{nat-ipv6-masquerade-linux.args => nat-ipv6-masquerade-linux.iptables} (100%) create mode 100644 tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables rename tests/networkxml2firewalldata/{nat-many-ips-linux.args => nat-many-ips-linux.iptables} (100%) create mode 100644 tests/networkxml2firewalldata/nat-many-ips-linux.nftables rename tests/networkxml2firewalldata/{nat-no-dhcp-linux.args => nat-no-dhcp-linux.iptables} (100%) create mode 100644 tests/networkxml2firewalldata/nat-no-dhcp-linux.nftables rename tests/networkxml2firewalldata/{nat-tftp-linux.args => nat-tftp-linux.iptables} (100%) create mode 100644 tests/networkxml2firewalldata/nat-tftp-linux.nftables rename tests/networkxml2firewalldata/{route-default-linux.args => route-default-linux.iptables} (100%) create mode 100644 tests/networkxml2firewalldata/route-default-linux.nftables -- 2.44.0

2 weeks, 3 days

2
43
0 / 0

[PATCH v3 0/6] migration removals & deprecations

by Fabiano Rosas

since v2: - removed some more stuff which I missed: blk/inc options from hmp-commands.hx the entire ram-compress.h unused declarations from options.h unused compression functions from qemu-file.c - removed must_remove_block_options earlier in the 'blk' patch - added a deprecation warning to outgoing/incoming fd CI run: https://gitlab.com/farosas/qemu/-/pipelines/1272385260 v2: https://lore.kernel.org/r/20240426131408.25410-1-farosas@suse.de v1: https://lore.kernel.org/r/20240425150939.19268-1-farosas@suse.de Hi everyone, Here's some cleaning up of deprecated code. It removes the old block migration and compression code. Both have suitable replacements in the form of the blockdev-mirror driver and multifd compression, respectively. There's also a deprecation for fd: + file to cope with the fact that the new MigrationAddress API defines transports instead of protocols (loose terms) like the old string API did. So we cannot map 1:1 from fd: to any transport because fd: allows *both* file migration and socket migration. Fabiano Rosas (6): migration: Remove 'skipped' field from MigrationStats migration: Remove 'inc' option from migrate command migration: Remove 'blk/-b' option from migrate commands migration: Remove block migration migration: Remove non-multifd compression migration: Deprecate fd: for file migration .gitlab-ci.d/buildtest.yml | 2 +- MAINTAINERS | 1 - docs/about/deprecated.rst | 51 +- docs/about/removed-features.rst | 103 +++ docs/devel/migration/main.rst | 2 +- hmp-commands.hx | 17 +- hw/core/machine.c | 1 - include/migration/misc.h | 6 - meson.build | 2 - meson_options.txt | 2 - migration/block.c | 1019 ------------------------------ migration/block.h | 52 -- migration/colo.c | 1 - migration/fd.c | 12 + migration/meson.build | 4 - migration/migration-hmp-cmds.c | 97 +-- migration/migration.c | 70 +- migration/migration.h | 11 - migration/options.c | 229 ------- migration/options.h | 13 - migration/qemu-file.c | 78 --- migration/qemu-file.h | 4 - migration/ram-compress.c | 564 ----------------- migration/ram-compress.h | 77 --- migration/ram.c | 169 +---- migration/savevm.c | 5 - qapi/migration.json | 205 +----- scripts/meson-buildoptions.sh | 4 - tests/qemu-iotests/183 | 147 ----- tests/qemu-iotests/183.out | 66 -- tests/qemu-iotests/common.filter | 7 - tests/qtest/migration-test.c | 139 ---- 32 files changed, 147 insertions(+), 3013 deletions(-) delete mode 100644 migration/block.c delete mode 100644 migration/block.h delete mode 100644 migration/ram-compress.c delete mode 100644 migration/ram-compress.h delete mode 100755 tests/qemu-iotests/183 delete mode 100644 tests/qemu-iotests/183.out base-commit: fd87be1dada5672f877e03c2ca8504458292c479 -- 2.35.3

2 weeks, 3 days

4
10
0 / 0

[PATCH v2 0/3] qemu: Add support for virtio sound model

by Rayhan Faizel

virtio-sound-pci and virtio-sound-device were recently introduced in QEMU 8.2.0. The full documentation of the virtio sound implementation in QEMU can be found here: https://www.qemu.org/docs/master/system/devices/virtio-snd.html Example: <sound model='virtio' streams='2'/> [Changes in v2] - Added missing break statement that went overlooked. Rayhan Faizel (3): qemu_capabilities: Add QEMU_CAPS_DEVICE_VIRTIO_SOUND capability conf: Introduce support for virtio-sound devices qemu: Generate command line for sound devices with model 'virtio' docs/formatdomain.rst | 11 ++++- src/conf/domain_conf.c | 25 +++++++++++ src/conf/domain_conf.h | 4 ++ src/conf/domain_postparse.c | 13 +++++- src/conf/schemas/domaincommon.rng | 11 +++++ src/libxl/libxl_domain.c | 1 + src/qemu/qemu_capabilities.c | 3 ++ src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_command.c | 25 ++++++++++- src/qemu/qemu_domain_address.c | 9 ++++ src/qemu/qemu_validate.c | 8 ++++ .../caps_8.2.0_aarch64.xml | 1 + .../caps_8.2.0_armv7l.xml | 1 + .../caps_8.2.0_loongarch64.xml | 1 + .../qemucapabilitiesdata/caps_8.2.0_s390x.xml | 1 + .../caps_8.2.0_x86_64.xml | 1 + .../caps_9.0.0_x86_64.xml | 1 + .../arm-vexpressa9-virtio.aarch64-latest.args | 1 + .../arm-vexpressa9-virtio.aarch64-latest.xml | 3 ++ .../qemuxmlconfdata/arm-vexpressa9-virtio.xml | 3 +- .../sound-device-virtio.x86_64-latest.args | 36 +++++++++++++++ .../sound-device-virtio.x86_64-latest.xml | 44 +++++++++++++++++++ tests/qemuxmlconfdata/sound-device-virtio.xml | 28 ++++++++++++ tests/qemuxmlconftest.c | 1 + 24 files changed, 227 insertions(+), 6 deletions(-) create mode 100644 tests/qemuxmlconfdata/sound-device-virtio.x86_64-latest.args create mode 100644 tests/qemuxmlconfdata/sound-device-virtio.x86_64-latest.xml create mode 100644 tests/qemuxmlconfdata/sound-device-virtio.xml -- 2.34.1

2 weeks, 3 days

2
7
0 / 0

[PATCH v4 20/22] hw/i386/pc: Remove deprecated pc-i440fx-2.3 machine

by Philippe Mathieu-Daudé

The pc-i440fx-2.3 machine was deprecated for the 8.2 release (see commit c7437f0ddb "docs/about: Mark the old pc-i440fx-2.0 - 2.3 machine types as deprecated"), time to remove it. Signed-off-by: Philippe Mathieu-Daudé <philmd(a)linaro.org> --- docs/about/deprecated.rst | 4 ++-- docs/about/removed-features.rst | 2 +- hw/i386/pc.c | 25 ------------------------- hw/i386/pc_piix.c | 19 ------------------- 4 files changed, 3 insertions(+), 47 deletions(-) diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst index 75bf0f4886..cb6ca372f2 100644 --- a/docs/about/deprecated.rst +++ b/docs/about/deprecated.rst @@ -219,8 +219,8 @@ deprecated; use the new name ``dtb-randomness`` instead. The new name better reflects the way this property affects all random data within the device tree blob, not just the ``kaslr-seed`` node. -``pc-i440fx-2.3`` up to ``pc-i440fx-2.3`` (since 8.2) and ``pc-i440fx-2.4`` up to ``pc-i440fx-2.12`` (since 9.1) -'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' +``pc-i440fx-2.4`` up to ``pc-i440fx-2.12`` (since 9.1) +'''''''''''''''''''''''''''''''''''''''''''''''''''''' These old machine types are quite neglected nowadays and thus might have various pitfalls with regards to live migration. Use a newer machine type diff --git a/docs/about/removed-features.rst b/docs/about/removed-features.rst index 4664974a8b..0caa6a63e4 100644 --- a/docs/about/removed-features.rst +++ b/docs/about/removed-features.rst @@ -816,7 +816,7 @@ mips ``fulong2e`` machine alias (removed in 6.0) This machine has been renamed ``fuloong2e``. -``pc-0.10`` up to ``pc-i440fx-2.2`` (removed in 4.0 up to 9.0) +``pc-0.10`` up to ``pc-i440fx-2.3`` (removed in 4.0 up to 9.0) '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' These machine types were very old and likely could not be used for live diff --git a/hw/i386/pc.c b/hw/i386/pc.c index a1b0e94523..2e2146f42b 100644 --- a/hw/i386/pc.c +++ b/hw/i386/pc.c @@ -256,31 +256,6 @@ GlobalProperty pc_compat_2_4[] = { }; const size_t pc_compat_2_4_len = G_N_ELEMENTS(pc_compat_2_4); -GlobalProperty pc_compat_2_3[] = { - PC_CPU_MODEL_IDS("2.3.0") - { TYPE_X86_CPU, "arat", "off" }, - { "qemu64" "-" TYPE_X86_CPU, "min-level", "4" }, - { "kvm64" "-" TYPE_X86_CPU, "min-level", "5" }, - { "pentium3" "-" TYPE_X86_CPU, "min-level", "2" }, - { "n270" "-" TYPE_X86_CPU, "min-level", "5" }, - { "Conroe" "-" TYPE_X86_CPU, "min-level", "4" }, - { "Penryn" "-" TYPE_X86_CPU, "min-level", "4" }, - { "Nehalem" "-" TYPE_X86_CPU, "min-level", "4" }, - { "n270" "-" TYPE_X86_CPU, "min-xlevel", "0x8000000a" }, - { "Penryn" "-" TYPE_X86_CPU, "min-xlevel", "0x8000000a" }, - { "Conroe" "-" TYPE_X86_CPU, "min-xlevel", "0x8000000a" }, - { "Nehalem" "-" TYPE_X86_CPU, "min-xlevel", "0x8000000a" }, - { "Westmere" "-" TYPE_X86_CPU, "min-xlevel", "0x8000000a" }, - { "SandyBridge" "-" TYPE_X86_CPU, "min-xlevel", "0x8000000a" }, - { "IvyBridge" "-" TYPE_X86_CPU, "min-xlevel", "0x8000000a" }, - { "Haswell" "-" TYPE_X86_CPU, "min-xlevel", "0x8000000a" }, - { "Haswell-noTSX" "-" TYPE_X86_CPU, "min-xlevel", "0x8000000a" }, - { "Broadwell" "-" TYPE_X86_CPU, "min-xlevel", "0x8000000a" }, - { "Broadwell-noTSX" "-" TYPE_X86_CPU, "min-xlevel", "0x8000000a" }, - { TYPE_X86_CPU, "kvm-no-smi-migration", "on" }, -}; -const size_t pc_compat_2_3_len = G_N_ELEMENTS(pc_compat_2_3); - GSIState *pc_gsi_create(qemu_irq **irqs, bool pci_enabled) { GSIState *s; diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c index 30bcd86ee6..370d130a6d 100644 --- a/hw/i386/pc_piix.c +++ b/hw/i386/pc_piix.c @@ -421,14 +421,6 @@ static void pc_set_south_bridge(Object *obj, int value, Error **errp) * hw_compat_*, pc_compat_*, or * pc_*_machine_options(). */ -static void pc_compat_2_3_fn(MachineState *machine) -{ - X86MachineState *x86ms = X86_MACHINE(machine); - if (kvm_enabled()) { - x86ms->smm = ON_OFF_AUTO_OFF; - } -} - #ifdef CONFIG_ISAPC static void pc_init_isa(MachineState *machine) { @@ -812,17 +804,6 @@ static void pc_i440fx_2_4_machine_options(MachineClass *m) DEFINE_I440FX_MACHINE(v2_4, "pc-i440fx-2.4", NULL, pc_i440fx_2_4_machine_options) -static void pc_i440fx_2_3_machine_options(MachineClass *m) -{ - pc_i440fx_2_4_machine_options(m); - m->hw_version = "2.3.0"; - compat_props_add(m->compat_props, hw_compat_2_3, hw_compat_2_3_len); - compat_props_add(m->compat_props, pc_compat_2_3, pc_compat_2_3_len); -} - -DEFINE_I440FX_MACHINE(v2_3, "pc-i440fx-2.3", pc_compat_2_3_fn, - pc_i440fx_2_3_machine_options); - #ifdef CONFIG_ISAPC static void isapc_machine_options(MachineClass *m) { -- 2.41.0

2 weeks, 3 days

2
1
0 / 0

[PATCH v4 01/22] hw/i386/pc: Deprecate 2.4 to 2.12 pc-i440fx machines

by Philippe Mathieu-Daudé

Similarly to the commit c7437f0ddb "docs/about: Mark the old pc-i440fx-2.0 - 2.3 machine types as deprecated", deprecate the 2.4 to 2.12 machines. Suggested-by: Thomas Huth <thuth(a)redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd(a)linaro.org> Reviewed-by: Thomas Huth <thuth(a)redhat.com> Reviewed-by: Zhao Liu <zhao1.liu(a)intel.com> --- docs/about/deprecated.rst | 4 ++-- hw/i386/pc_piix.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst index 7b548519b5..47234da329 100644 --- a/docs/about/deprecated.rst +++ b/docs/about/deprecated.rst @@ -219,8 +219,8 @@ deprecated; use the new name ``dtb-randomness`` instead. The new name better reflects the way this property affects all random data within the device tree blob, not just the ``kaslr-seed`` node. -``pc-i440fx-2.0`` up to ``pc-i440fx-2.3`` (since 8.2) -''''''''''''''''''''''''''''''''''''''''''''''''''''' +``pc-i440fx-2.0`` up to ``pc-i440fx-2.3`` (since 8.2) and ``pc-i440fx-2.4`` up to ``pc-i440fx-2.12`` (since 9.1) +'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' These old machine types are quite neglected nowadays and thus might have various pitfalls with regards to live migration. Use a newer machine type diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c index 18ba076609..817d99c0ce 100644 --- a/hw/i386/pc_piix.c +++ b/hw/i386/pc_piix.c @@ -727,6 +727,7 @@ DEFINE_I440FX_MACHINE(v3_0, "pc-i440fx-3.0", NULL, static void pc_i440fx_2_12_machine_options(MachineClass *m) { pc_i440fx_3_0_machine_options(m); + m->deprecation_reason = "old and unattended - use a newer version instead"; compat_props_add(m->compat_props, hw_compat_2_12, hw_compat_2_12_len); compat_props_add(m->compat_props, pc_compat_2_12, pc_compat_2_12_len); } @@ -832,7 +833,6 @@ static void pc_i440fx_2_3_machine_options(MachineClass *m) { pc_i440fx_2_4_machine_options(m); m->hw_version = "2.3.0"; - m->deprecation_reason = "old and unattended - use a newer version instead"; compat_props_add(m->compat_props, hw_compat_2_3, hw_compat_2_3_len); compat_props_add(m->compat_props, pc_compat_2_3, pc_compat_2_3_len); } -- 2.41.0

2 weeks, 3 days

2
1
0 / 0

[PATCH] scripts/meson-dist.py: Git builddir from env too

by Michal Privoznik

When meson runs a dist script it set both MESON_BUILD_ROOT and MESON_DIST_ROOT envvars [1]. But for some reason, we took the former as an argument and obtained the latter via env. Well, obtain both via env. 1: https://mesonbuild.com/Reference-manual_builtin_meson.html#mesonadd_dist_... Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- Another option is to pass both directories as arguments. But this inconsistent solution bothers me. Especially since I want to copy the script somewhere else (stay tuned to learn more). meson.build | 4 ++-- scripts/meson-dist.py | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/meson.build b/meson.build index 1518afa1cb..5aa50e0d64 100644 --- a/meson.build +++ b/meson.build @@ -2195,8 +2195,8 @@ if git foreach file : dist_files meson.add_dist_script( - meson_python_prog.full_path(), python3_prog.full_path(), meson_dist_prog.full_path(), - meson.project_build_root(), file + meson_python_prog.full_path(), python3_prog.full_path(), + meson_dist_prog.full_path(), file ) endforeach endif diff --git a/scripts/meson-dist.py b/scripts/meson-dist.py index bb751b97d3..39dd4fbab0 100755 --- a/scripts/meson-dist.py +++ b/scripts/meson-dist.py @@ -4,9 +4,9 @@ import os import shutil import sys -meson_build_root = sys.argv[1] -file_name = sys.argv[2] +file_name = sys.argv[1] +meson_build_root = os.environ['MESON_BUILD_ROOT'] meson_dist_root = os.environ['MESON_DIST_ROOT'] shutil.copy(os.path.join(meson_build_root, file_name), -- 2.43.2

2 weeks, 3 days

2
1
0 / 0

[PATCH 0/4] Enable removing features from CPU models and remove mpx

by Jiri Denemark

See 3/4 for details. Jiri Denemark (3): conf: Change return value of some CPU feature APIs cpu: Add removedPolicy parameter to virCPUUpdate qemu: Enable removing features from CPU models Tim Wiederhake (1): cpu_map: Drop 'mpx' from x86 cpu models src/conf/cpu_conf.c | 12 +-- src/conf/cpu_conf.h | 4 +- src/cpu/cpu.c | 10 ++- src/cpu/cpu.h | 6 +- src/cpu/cpu_arm.c | 3 +- src/cpu/cpu_loongarch.c | 3 +- src/cpu/cpu_ppc64.c | 3 +- src/cpu/cpu_riscv64.c | 3 +- src/cpu/cpu_s390.c | 10 +-- src/cpu/cpu_x86.c | 83 +++++++++---------- src/cpu_map/x86_Cascadelake-Server-noTSX.xml | 2 +- src/cpu_map/x86_Cascadelake-Server.xml | 2 +- src/cpu_map/x86_Icelake-Server-noTSX.xml | 2 +- src/cpu_map/x86_Icelake-Server.xml | 2 +- src/cpu_map/x86_Skylake-Client-IBRS.xml | 2 +- src/cpu_map/x86_Skylake-Client-noTSX-IBRS.xml | 2 +- src/cpu_map/x86_Skylake-Client.xml | 2 +- src/cpu_map/x86_Skylake-Server-IBRS.xml | 2 +- src/cpu_map/x86_Skylake-Server-noTSX-IBRS.xml | 2 +- src/cpu_map/x86_Skylake-Server.xml | 2 +- src/qemu/qemu_capabilities.c | 5 +- src/qemu/qemu_domain.c | 6 +- src/qemu/qemu_process.c | 36 +++++++- tests/cputest.c | 4 +- .../x86_64-cpuid-Core-i5-6600-guest.xml | 1 + .../x86_64-cpuid-Core-i5-6600-host.xml | 1 + .../x86_64-cpuid-Core-i5-6600-json.xml | 1 + .../x86_64-cpuid-Core-i7-7600U-guest.xml | 1 + .../x86_64-cpuid-Core-i7-7600U-host.xml | 1 + .../x86_64-cpuid-Core-i7-7600U-json.xml | 1 + .../x86_64-cpuid-Core-i7-7700-guest.xml | 1 + .../x86_64-cpuid-Core-i7-7700-host.xml | 1 + .../x86_64-cpuid-Core-i7-7700-json.xml | 1 + .../x86_64-cpuid-Core-i7-8550U-guest.xml | 1 + .../x86_64-cpuid-Core-i7-8550U-host.xml | 1 + .../x86_64-cpuid-Core-i7-8550U-json.xml | 1 + .../x86_64-cpuid-Core-i7-8700-guest.xml | 1 + .../x86_64-cpuid-Core-i7-8700-host.xml | 1 + .../x86_64-cpuid-Core-i7-8700-json.xml | 1 + .../x86_64-cpuid-Ice-Lake-Server-guest.xml | 1 + .../x86_64-cpuid-Ice-Lake-Server-host.xml | 1 + .../x86_64-cpuid-Ice-Lake-Server-json.xml | 1 + .../x86_64-cpuid-Xeon-E3-1225-v5-guest.xml | 1 + .../x86_64-cpuid-Xeon-E3-1225-v5-host.xml | 1 + .../x86_64-cpuid-Xeon-E3-1225-v5-json.xml | 1 + .../x86_64-cpuid-Xeon-E3-1245-v5-guest.xml | 1 + .../x86_64-cpuid-Xeon-E3-1245-v5-host.xml | 1 + .../x86_64-cpuid-Xeon-E3-1245-v5-json.xml | 1 + .../x86_64-cpuid-Xeon-Gold-5115-guest.xml | 1 + .../x86_64-cpuid-Xeon-Gold-5115-host.xml | 1 + .../x86_64-cpuid-Xeon-Gold-5115-json.xml | 1 + .../x86_64-cpuid-Xeon-Gold-6130-guest.xml | 1 + .../x86_64-cpuid-Xeon-Gold-6130-host.xml | 1 + .../x86_64-cpuid-Xeon-Gold-6130-json.xml | 1 + .../x86_64-cpuid-Xeon-Gold-6148-guest.xml | 1 + .../x86_64-cpuid-Xeon-Gold-6148-host.xml | 1 + .../x86_64-cpuid-Xeon-Gold-6148-json.xml | 1 + .../x86_64-cpuid-Xeon-Platinum-8268-guest.xml | 1 + .../x86_64-cpuid-Xeon-Platinum-8268-host.xml | 1 + .../x86_64-cpuid-Xeon-Platinum-8268-json.xml | 1 + .../x86_64-cpuid-Xeon-Platinum-9242-guest.xml | 1 + .../x86_64-cpuid-Xeon-Platinum-9242-host.xml | 1 + .../x86_64-cpuid-Xeon-Platinum-9242-json.xml | 1 + ..._64-cpuid-baseline-Cascadelake+Icelake.xml | 1 + ...puid-baseline-Cascadelake+Skylake-IBRS.xml | 1 + ..._64-cpuid-baseline-Cascadelake+Skylake.xml | 1 + ...-cpuid-baseline-Cooperlake+Cascadelake.xml | 1 + ...6_64-cpuid-baseline-Cooperlake+Icelake.xml | 1 + ...4-cpuid-baseline-Skylake-Client+Server.xml | 1 + .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.x86_64.xml | 1 + ...-Icelake-Server-pconfig.x86_64-latest.args | 2 +- ...-host-model-fallback-kvm.x86_64-4.2.0.args | 2 +- ...-host-model-fallback-kvm.x86_64-5.0.0.args | 2 +- .../cpu-host-model-kvm.x86_64-4.2.0.args | 2 +- .../cpu-host-model-kvm.x86_64-5.0.0.args | 2 +- ...ost-model-nofallback-kvm.x86_64-4.2.0.args | 2 +- ...ost-model-nofallback-kvm.x86_64-5.0.0.args | 2 +- 80 files changed, 174 insertions(+), 97 deletions(-) -- 2.44.0

2 weeks, 3 days

2
5
0 / 0

[PATCH v2 0/4] implement 'ras' feature support

by Kristina Hanicova

This is v2 of: https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/VX... changes since v1: * edited documentation * added validation for when the feature is ON as well as OFF (the first version checked just for the case when the feature was ON) Kristina Hanicova (4): qemu: introduce QEMU_CAPS_MACHINE_VIRT_RAS capability conf: parse and format machine virt ras feature qemu: validate machine virt ras feature qemu: format machine virt ras feature and test it docs/formatdomain.rst | 6 ++++ src/conf/domain_conf.c | 6 +++- src/conf/domain_conf.h | 1 + src/conf/schemas/domaincommon.rng | 5 +++ src/qemu/qemu_capabilities.c | 2 ++ src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_command.c | 5 +++ src/qemu/qemu_validate.c | 16 ++++++++++ .../caps_5.2.0_aarch64.xml | 1 + .../caps_6.0.0_aarch64.xml | 1 + .../caps_6.2.0_aarch64.xml | 1 + .../caps_7.0.0_aarch64+hvf.xml | 1 + .../caps_7.0.0_aarch64.xml | 1 + .../caps_8.2.0_aarch64.xml | 1 + .../caps_8.2.0_armv7l.xml | 1 + .../aarch64-features-ras.aarch64-latest.args | 31 +++++++++++++++++++ .../aarch64-features-ras.aarch64-latest.xml | 1 + .../qemuxmlconfdata/aarch64-features-ras.xml | 26 ++++++++++++++++ tests/qemuxmlconftest.c | 2 ++ 19 files changed, 108 insertions(+), 1 deletion(-) create mode 100644 tests/qemuxmlconfdata/aarch64-features-ras.aarch64-latest.args create mode 120000 tests/qemuxmlconfdata/aarch64-features-ras.aarch64-latest.xml create mode 100644 tests/qemuxmlconfdata/aarch64-features-ras.xml -- 2.42.0

2 weeks, 3 days

2
5
0 / 0

Revisiting parallel save/restore

by Jim Fehlig

Hi All, While Fabiano has been working on improving save/restore performance in qemu, I've been tinkering with the same in libvirt. The end goal is to introduce a new VIR_DOMAIN_SAVE_PARALLEL flag for save/restore, along with a VIR_DOMAIN_SAVE_PARAM_PARALLEL_CONNECTIONS parameter to specify the number of concurrent channels used for the save/restore. Recall Claudio previously posted a patch series implementing parallel save/restore completely in libvirt, using qemu's multifd functionality [1]. A good starting point on this journey is supporting the new mapped-ram capability in qemu 9.0 [2]. Since mapped-ram is a new on-disk format, I assume we'll need a new QEMU_SAVE_VERSION 3 when using it? Otherwise I'm not sure how to detect if a saved image is in mapped-ram format vs the existing, sequential stream format. IIUC, mapped-ram cannot be used with the exiting 'fd:' migration URI and instead must use 'file:'. Does qemu advertise support for that? I couldn't find it. If not, 'file:' (available in qemu 8.2) predates mapped-ram, so in theory we could live without the advertisement. It's also not clear when we want to enable the mapped-ram capability. Should it always be enabled if supported by the underlying qemu? One motivation for creating the mapped-ram was to support direct-io of the migration stream in qemu, in which case it could be tied to VIR_DOMAIN_SAVE_BYPASS_CACHE. E.g. the mapped-ram capability is enabled when user specifies VIR_DOMAIN_SAVE_BYPASS_CACHE && user-provided path results in a seekable fd && qemu supports mapped-ram? Looking ahead, should the mapped-ram capability be required for supporting the VIR_DOMAIN_SAVE_PARALLEL flag? As I understand, parallel save/restore was another motivation for creating the mapped-ram feature. It allows multifd threads to write exclusively to the offsets provided by mapped-ram. Can multiple multifd threads concurrently write to an fd without mapped-ram? Regards, Jim [1] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/3Y... [2] https://gitlab.com/qemu-project/qemu/-/blob/master/docs/devel/migration/m...

2 weeks, 3 days

4
11
0 / 0

[PATCH] docs/about: Automatically deprecate versioned machine types older than 6 years

by Thomas Huth

Old machine types often have bugs or work-arounds that affect our possibilities to move forward with the QEMU code base (see for example https://gitlab.com/qemu-project/qemu/-/issues/2213 for a bug that likely cannot be fixed without breaking live migration with old machine types, or https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg04516.html or commit ea985d235b86). So instead of going through the process of manually deprecating old machine types again and again, let's rather add an entry that can stay, which declares that machine types older than 6 years are considered as deprecated automatically. Six years should be sufficient to support the release cycles of most Linux distributions. Signed-off-by: Thomas Huth <thuth(a)redhat.com> --- docs/about/deprecated.rst | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst index 6d595de3b6..fe69e2d44c 100644 --- a/docs/about/deprecated.rst +++ b/docs/about/deprecated.rst @@ -220,6 +220,17 @@ is a chance the code will bitrot without anyone noticing. System emulator machines ------------------------ +Versioned machine types older than 6 years +'''''''''''''''''''''''''''''''''''''''''' + +Starting with the release of QEMU 10.0, versioned machine types older than +6 years will automatically be considered as deprecated and might be due to +removal without furthor notice. For example, this affects machine types like +pc-i440fx-X.Y, pc-q35-X.Y, pseries-X.Y, s390-ccw-virtio-X.Y or virt-X.Y where +X is the major number and Y is the minor number of the old QEMU version. +If you are still using machine types from QEMU versions older than 6 years, +please update your setting to use a newer versioned machine type instead. + Arm ``virt`` machine ``dtb-kaslr-seed`` property (since 7.1) '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' -- 2.44.0

2 weeks, 5 days

5
10
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Devel April 2024