May 2024 - Devel - Libvirt List Archives

[PATCH v2 0/5] qemu: Introduce shared_filesystems configuration option

by Andrea Bolognani

The need to have something like this in the first place is driven by KubeVirt (see [1] and [2]). A draft version of this series has been integrated into KubeVirt and it has been confirmed that it was effective in removing the need to use LD_PRELOAD hacks in the storage provider. Changes from [v1]: * documented more explicitly that the newly introduced option is intended for very specific scenarios and not general usage; as part of this, the NEWS update has been dropped too; * made a few tweaks and addressed a few oversight based on review feedback; * several preparatory cleanup patches have been pushed. Changes from [v0]: * reworked approach. CC'ing Stefan so he can have a look at the TPM part and shout if I've gotten anything wrong :) [v1] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/XE... [v0] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/MM... [1] https://issues.redhat.com/browse/CNV-34322 [2] https://issues.redhat.com/browse/CNV-39370 Andrea Bolognani (5): security: Fix alignment qemu: Introduce shared_filesystems configuration option qemu: Propagate shared_filesystems utils: Use overrides in virFileIsSharedFS() qemu: Always set labels for TPM state src/lxc/lxc_controller.c | 3 +- src/lxc/lxc_driver.c | 2 +- src/lxc/lxc_process.c | 4 +- src/qemu/libvirtd_qemu.aug | 3 ++ src/qemu/qemu.conf.in | 23 ++++++++ src/qemu/qemu_conf.c | 17 ++++++ src/qemu/qemu_conf.h | 2 + src/qemu/qemu_domain.c | 7 ++- src/qemu/qemu_extdevice.c | 2 +- src/qemu/qemu_migration.c | 23 ++++---- src/qemu/qemu_security.c | 85 +++++++++++++++++++++++------- src/qemu/qemu_tpm.c | 38 +++++++------ src/qemu/qemu_tpm.h | 10 ++-- src/qemu/test_libvirtd_qemu.aug.in | 5 ++ src/security/security_apparmor.c | 2 + src/security/security_dac.c | 47 +++++++++++++---- src/security/security_driver.h | 8 ++- src/security/security_manager.c | 33 +++++++++--- src/security/security_manager.h | 9 +++- src/security/security_nop.c | 5 ++ src/security/security_selinux.c | 56 +++++++++++++++----- src/security/security_stack.c | 32 ++++++++--- src/util/virfile.c | 53 +++++++++++++++++-- src/util/virfile.h | 3 +- tests/securityselinuxlabeltest.c | 2 +- tests/virfiletest.c | 2 +- 26 files changed, 370 insertions(+), 106 deletions(-) -- 2.44.0

10 months, 3 weeks

2
13
0 / 0

[PATCH v4 00/30] [PATCH v3 00/27] native support for nftables in virtual network driver

by Laine Stump

V3: https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/HO... V2: https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/5R... This patch series enables libvirt to use nftables rules rather than iptables *when setting up virtual networks* (it does *not* add nftables support to the nwfilter driver). Changes from V3: * Fixed a bug (newly added in V3) that resulted in the firewall name attribute not being added to the XML. * renamed the table to "libvirt_network" (new patch 28) * renamed the chains to be more descriptive, and lower case rather than all caps. (new patch 29) * eliminated all the guest->host and host->guest rules since they are redundant in nftables. (new patch 30) Laine Stump (30): util/network: move viriptables.[ch] from util to network directory network: move all functions manipulating iptables rules into network_iptables.c network: make all iptables functions used only in network_iptables.c static util: #define the names used for private packet filter chains util: change name of virFirewallRule to virFirewallCmd util: rename virNetFilterAction to iptablesAction, and add VIR_ENUM_DECL/IMPL util: check for 0 args when applying iptables rule util: add -w/--concurrent when applying a FirewallCmd rather than when building it util: determine ignoreErrors value when creating virFirewallCmd, not when applying util/network: new virFirewallBackend enum network: add (empty) network.conf file to distribution files network: support setting firewallBackend from network.conf network: framework to call backend-specific function to init private filter chains util: new functions to support adding individual firewall rollback commands util: implement rollback rule autocreation for iptables commands network: turn on auto-rollback for the rules added for virtual networks util: add name attribute to virFirewall util: new function virFirewallNewFromRollback() util: new functions virFirewallParseXML() and virFirewallFormat() conf: add a virFirewall object to virNetworkObj network: use previously saved list of firewall removal commands network: save network status when firewall rules are reloaded meson: stop looking for iptables/ip6tables/ebtables at build time network: add an nftables backend for network driver's firewall construction tests: test cases for nftables backend network: prefer the nftables backend over iptables spec: require either iptables or nftables if network driver is installed network: name the nftables table "libvirt_network" rather than "libvirt" network: rename chains used by network driver nftables backend network: eliminate pointless host input/output rules from nftables backend libvirt.spec.in | 7 +- meson.build | 10 +- meson_options.txt | 1 + po/POTFILES | 3 +- src/conf/virnetworkobj.c | 41 + src/conf/virnetworkobj.h | 8 + src/libvirt_private.syms | 58 +- src/network/bridge_driver.c | 39 +- src/network/bridge_driver_conf.c | 64 + src/network/bridge_driver_conf.h | 3 + src/network/bridge_driver_linux.c | 630 +------ src/network/bridge_driver_nop.c | 6 +- src/network/bridge_driver_platform.h | 6 +- src/network/libvirtd_network.aug | 39 + src/network/meson.build | 36 + src/network/network.conf.in | 28 + src/network/network_iptables.c | 1677 +++++++++++++++++ src/network/network_iptables.h | 30 + src/network/network_nftables.c | 968 ++++++++++ src/network/network_nftables.h | 28 + src/network/test_libvirtd_network.aug.in | 5 + src/nwfilter/nwfilter_ebiptables_driver.c | 1004 +++++----- src/util/meson.build | 1 - src/util/virebtables.c | 36 +- src/util/virfirewall.c | 820 ++++++-- src/util/virfirewall.h | 87 +- src/util/viriptables.c | 1072 ----------- src/util/viriptables.h | 155 -- .../{base.args => base.iptables} | 0 tests/networkxml2firewalldata/base.nftables | 256 +++ ...-linux.args => nat-default-linux.iptables} | 0 .../nat-default-linux.nftables | 144 ++ ...pv6-linux.args => nat-ipv6-linux.iptables} | 0 .../nat-ipv6-linux.nftables | 202 ++ ...rgs => nat-ipv6-masquerade-linux.iptables} | 0 .../nat-ipv6-masquerade-linux.nftables | 274 +++ ...linux.args => nat-many-ips-linux.iptables} | 0 .../nat-many-ips-linux.nftables | 368 ++++ ...-linux.args => nat-no-dhcp-linux.iptables} | 0 .../nat-no-dhcp-linux.nftables | 202 ++ ...ftp-linux.args => nat-tftp-linux.iptables} | 0 .../nat-tftp-linux.nftables | 144 ++ ...inux.args => route-default-linux.iptables} | 0 .../route-default-linux.nftables | 58 + tests/networkxml2firewalltest.c | 56 +- tests/virfirewalltest.c | 424 ++--- 46 files changed, 6239 insertions(+), 2751 deletions(-) create mode 100644 src/network/libvirtd_network.aug create mode 100644 src/network/network.conf.in create mode 100644 src/network/network_iptables.c create mode 100644 src/network/network_iptables.h create mode 100644 src/network/network_nftables.c create mode 100644 src/network/network_nftables.h create mode 100644 src/network/test_libvirtd_network.aug.in delete mode 100644 src/util/viriptables.c delete mode 100644 src/util/viriptables.h rename tests/networkxml2firewalldata/{base.args => base.iptables} (100%) create mode 100644 tests/networkxml2firewalldata/base.nftables rename tests/networkxml2firewalldata/{nat-default-linux.args => nat-default-linux.iptables} (100%) create mode 100644 tests/networkxml2firewalldata/nat-default-linux.nftables rename tests/networkxml2firewalldata/{nat-ipv6-linux.args => nat-ipv6-linux.iptables} (100%) create mode 100644 tests/networkxml2firewalldata/nat-ipv6-linux.nftables rename tests/networkxml2firewalldata/{nat-ipv6-masquerade-linux.args => nat-ipv6-masquerade-linux.iptables} (100%) create mode 100644 tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables rename tests/networkxml2firewalldata/{nat-many-ips-linux.args => nat-many-ips-linux.iptables} (100%) create mode 100644 tests/networkxml2firewalldata/nat-many-ips-linux.nftables rename tests/networkxml2firewalldata/{nat-no-dhcp-linux.args => nat-no-dhcp-linux.iptables} (100%) create mode 100644 tests/networkxml2firewalldata/nat-no-dhcp-linux.nftables rename tests/networkxml2firewalldata/{nat-tftp-linux.args => nat-tftp-linux.iptables} (100%) create mode 100644 tests/networkxml2firewalldata/nat-tftp-linux.nftables rename tests/networkxml2firewalldata/{route-default-linux.args => route-default-linux.iptables} (100%) create mode 100644 tests/networkxml2firewalldata/route-default-linux.nftables -- 2.44.0

10 months, 3 weeks

2
43
0 / 0

[PATCH v3 0/6] migration removals & deprecations

by Fabiano Rosas

since v2: - removed some more stuff which I missed: blk/inc options from hmp-commands.hx the entire ram-compress.h unused declarations from options.h unused compression functions from qemu-file.c - removed must_remove_block_options earlier in the 'blk' patch - added a deprecation warning to outgoing/incoming fd CI run: https://gitlab.com/farosas/qemu/-/pipelines/1272385260 v2: https://lore.kernel.org/r/20240426131408.25410-1-farosas@suse.de v1: https://lore.kernel.org/r/20240425150939.19268-1-farosas@suse.de Hi everyone, Here's some cleaning up of deprecated code. It removes the old block migration and compression code. Both have suitable replacements in the form of the blockdev-mirror driver and multifd compression, respectively. There's also a deprecation for fd: + file to cope with the fact that the new MigrationAddress API defines transports instead of protocols (loose terms) like the old string API did. So we cannot map 1:1 from fd: to any transport because fd: allows *both* file migration and socket migration. Fabiano Rosas (6): migration: Remove 'skipped' field from MigrationStats migration: Remove 'inc' option from migrate command migration: Remove 'blk/-b' option from migrate commands migration: Remove block migration migration: Remove non-multifd compression migration: Deprecate fd: for file migration .gitlab-ci.d/buildtest.yml | 2 +- MAINTAINERS | 1 - docs/about/deprecated.rst | 51 +- docs/about/removed-features.rst | 103 +++ docs/devel/migration/main.rst | 2 +- hmp-commands.hx | 17 +- hw/core/machine.c | 1 - include/migration/misc.h | 6 - meson.build | 2 - meson_options.txt | 2 - migration/block.c | 1019 ------------------------------ migration/block.h | 52 -- migration/colo.c | 1 - migration/fd.c | 12 + migration/meson.build | 4 - migration/migration-hmp-cmds.c | 97 +-- migration/migration.c | 70 +- migration/migration.h | 11 - migration/options.c | 229 ------- migration/options.h | 13 - migration/qemu-file.c | 78 --- migration/qemu-file.h | 4 - migration/ram-compress.c | 564 ----------------- migration/ram-compress.h | 77 --- migration/ram.c | 169 +---- migration/savevm.c | 5 - qapi/migration.json | 205 +----- scripts/meson-buildoptions.sh | 4 - tests/qemu-iotests/183 | 147 ----- tests/qemu-iotests/183.out | 66 -- tests/qemu-iotests/common.filter | 7 - tests/qtest/migration-test.c | 139 ---- 32 files changed, 147 insertions(+), 3013 deletions(-) delete mode 100644 migration/block.c delete mode 100644 migration/block.h delete mode 100644 migration/ram-compress.c delete mode 100644 migration/ram-compress.h delete mode 100755 tests/qemu-iotests/183 delete mode 100644 tests/qemu-iotests/183.out base-commit: fd87be1dada5672f877e03c2ca8504458292c479 -- 2.35.3

10 months, 3 weeks

4
10
0 / 0

[PATCH v2 0/3] qemu: Add support for virtio sound model

by Rayhan Faizel

virtio-sound-pci and virtio-sound-device were recently introduced in QEMU 8.2.0. The full documentation of the virtio sound implementation in QEMU can be found here: https://www.qemu.org/docs/master/system/devices/virtio-snd.html Example: <sound model='virtio' streams='2'/> [Changes in v2] - Added missing break statement that went overlooked. Rayhan Faizel (3): qemu_capabilities: Add QEMU_CAPS_DEVICE_VIRTIO_SOUND capability conf: Introduce support for virtio-sound devices qemu: Generate command line for sound devices with model 'virtio' docs/formatdomain.rst | 11 ++++- src/conf/domain_conf.c | 25 +++++++++++ src/conf/domain_conf.h | 4 ++ src/conf/domain_postparse.c | 13 +++++- src/conf/schemas/domaincommon.rng | 11 +++++ src/libxl/libxl_domain.c | 1 + src/qemu/qemu_capabilities.c | 3 ++ src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_command.c | 25 ++++++++++- src/qemu/qemu_domain_address.c | 9 ++++ src/qemu/qemu_validate.c | 8 ++++ .../caps_8.2.0_aarch64.xml | 1 + .../caps_8.2.0_armv7l.xml | 1 + .../caps_8.2.0_loongarch64.xml | 1 + .../qemucapabilitiesdata/caps_8.2.0_s390x.xml | 1 + .../caps_8.2.0_x86_64.xml | 1 + .../caps_9.0.0_x86_64.xml | 1 + .../arm-vexpressa9-virtio.aarch64-latest.args | 1 + .../arm-vexpressa9-virtio.aarch64-latest.xml | 3 ++ .../qemuxmlconfdata/arm-vexpressa9-virtio.xml | 3 +- .../sound-device-virtio.x86_64-latest.args | 36 +++++++++++++++ .../sound-device-virtio.x86_64-latest.xml | 44 +++++++++++++++++++ tests/qemuxmlconfdata/sound-device-virtio.xml | 28 ++++++++++++ tests/qemuxmlconftest.c | 1 + 24 files changed, 227 insertions(+), 6 deletions(-) create mode 100644 tests/qemuxmlconfdata/sound-device-virtio.x86_64-latest.args create mode 100644 tests/qemuxmlconfdata/sound-device-virtio.x86_64-latest.xml create mode 100644 tests/qemuxmlconfdata/sound-device-virtio.xml -- 2.34.1

10 months, 3 weeks

2
7
0 / 0

[PATCH] rpc: ensure temporary GSource is removed from client event loop

by Daniel P. Berrangé

Users are seeing periodic segfaults from libvirt client apps, especially thread heavy ones like virt-manager. A typical stack trace would end up in the virNetClientIOEventFD method, with illegal access to stale stack data. eg ==238721==ERROR: AddressSanitizer: stack-use-after-return on address 0x75cd18709788 at pc 0x75cd3111f907 bp 0x75cd181ff550 sp 0x75cd181ff548 WRITE of size 4 at 0x75cd18709788 thread T11 #0 0x75cd3111f906 in virNetClientIOEventFD /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/rpc/virnetclient.c:1634:15 #1 0x75cd3210d198 (/usr/lib/libglib-2.0.so.0+0x5a198) (BuildId: 0a2311dfbbc6c215dc36f4b6bdd2b4b6fbae55a2) #2 0x75cd3216c3be (/usr/lib/libglib-2.0.so.0+0xb93be) (BuildId: 0a2311dfbbc6c215dc36f4b6bdd2b4b6fbae55a2) #3 0x75cd3210ddc6 in g_main_loop_run (/usr/lib/libglib-2.0.so.0+0x5adc6) (BuildId: 0a2311dfbbc6c215dc36f4b6bdd2b4b6fbae55a2) #4 0x75cd3111a47c in virNetClientIOEventLoop /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/rpc/virnetclient.c:1722:9 #5 0x75cd3111a47c in virNetClientIO /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/rpc/virnetclient.c:2002:10 #6 0x75cd3111a47c in virNetClientSendInternal /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/rpc/virnetclient.c:2170:11 #7 0x75cd311198a8 in virNetClientSendWithReply /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/rpc/virnetclient.c:2198:11 #8 0x75cd31111653 in virNetClientProgramCall /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/rpc/virnetclientprogram.c:318:9 #9 0x75cd31241c8f in callFull /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/remote/remote_driver.c:6054:10 #10 0x75cd31241c8f in call /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/remote/remote_driver.c:6076:12 #11 0x75cd31241c8f in remoteNetworkGetXMLDesc /usr/src/debug/libvirt/libvirt-10.2.0/build/src/remote/remote_client_bodies.h:5959:9 #12 0x75cd31410ff7 in virNetworkGetXMLDesc /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/libvirt-network.c:952:15 The root cause is a bad assumption in the virNetClientIOEventLoop method. This method is run by whichever thread currently owns the buck, and is responsible for handling I/O. Inside a for(;;) loop, this method creates a temporary GSource, adds it to the event loop and runs g_main_loop_run(). When I/O is ready, the GSource callback (virNetClientIOEventFD) will fire and call g_main_loop_quit(), and return G_SOURCE_REMOVE which results in the temporary GSource being destroyed. A g_autoptr() will then remove the last reference. What was overlooked, is that a second thread can come along and while it can't enter virNetClientIOEventLoop, it will register an idle source that uses virNetClientIOWakeup to interrupt the original thread's 'g_main_loop_run' call. When this happens the virNetClientIOEventFD callback never runs, and so the temporary GSource is not destroyed. The g_autoptr() will remove a reference, but by virtue of still being attached to the event context, there is an extra reference held causing GSource to be leaked. The next time 'g_main_loop_run' is called, the original GSource will trigger its callback, and access data that was allocated on the stack by the previous thread, and likely SEGV. To solve this, the thread calling 'g_main_loop_run' must call g_source_destroy, immediately upon return, to guarantee that the temporary GSource is removed. CVE-2024-4418 Reported-by: Martin Shirokov <shirokovmartin(a)gmail.com> Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- src/rpc/virnetclient.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c index 68098b1c8d..147b0d661a 100644 --- a/src/rpc/virnetclient.c +++ b/src/rpc/virnetclient.c @@ -1657,7 +1657,7 @@ static int virNetClientIOEventLoop(virNetClient *client, #endif /* !WIN32 */ int timeout = -1; virNetMessage *msg = NULL; - g_autoptr(GSource) G_GNUC_UNUSED source = NULL; + g_autoptr(GSource) source = NULL; GIOCondition ev = 0; struct virNetClientIOEventData data = { .client = client, @@ -1721,6 +1721,18 @@ static int virNetClientIOEventLoop(virNetClient *client, g_main_loop_run(client->eventLoop); + /* + * If virNetClientIOEventFD ran, this GSource will already be + * destroyed due to G_SOURCE_REMOVE. It is harmless to re-destroy + * it, since we still own a reference. + * + * If virNetClientIOWakeup ran, it will have interrupted the + * g_main_loop_run call, before virNetClientIOEventFD could + * run, and thus the GSource is still registered, and we need + * to destroy it since it is referencing stack memory for 'data' + */ + g_source_destroy(source); + #ifndef WIN32 ignore_value(pthread_sigmask(SIG_SETMASK, &oldmask, NULL)); #endif /* !WIN32 */ -- 2.43.0

10 months, 3 weeks

2
1
0 / 0

[PATCH v4 20/22] hw/i386/pc: Remove deprecated pc-i440fx-2.3 machine

by Philippe Mathieu-Daudé

The pc-i440fx-2.3 machine was deprecated for the 8.2 release (see commit c7437f0ddb "docs/about: Mark the old pc-i440fx-2.0 - 2.3 machine types as deprecated"), time to remove it. Signed-off-by: Philippe Mathieu-Daudé <philmd(a)linaro.org> --- docs/about/deprecated.rst | 4 ++-- docs/about/removed-features.rst | 2 +- hw/i386/pc.c | 25 ------------------------- hw/i386/pc_piix.c | 19 ------------------- 4 files changed, 3 insertions(+), 47 deletions(-) diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst index 75bf0f4886..cb6ca372f2 100644 --- a/docs/about/deprecated.rst +++ b/docs/about/deprecated.rst @@ -219,8 +219,8 @@ deprecated; use the new name ``dtb-randomness`` instead. The new name better reflects the way this property affects all random data within the device tree blob, not just the ``kaslr-seed`` node. -``pc-i440fx-2.3`` up to ``pc-i440fx-2.3`` (since 8.2) and ``pc-i440fx-2.4`` up to ``pc-i440fx-2.12`` (since 9.1) -'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' +``pc-i440fx-2.4`` up to ``pc-i440fx-2.12`` (since 9.1) +'''''''''''''''''''''''''''''''''''''''''''''''''''''' These old machine types are quite neglected nowadays and thus might have various pitfalls with regards to live migration. Use a newer machine type diff --git a/docs/about/removed-features.rst b/docs/about/removed-features.rst index 4664974a8b..0caa6a63e4 100644 --- a/docs/about/removed-features.rst +++ b/docs/about/removed-features.rst @@ -816,7 +816,7 @@ mips ``fulong2e`` machine alias (removed in 6.0) This machine has been renamed ``fuloong2e``. -``pc-0.10`` up to ``pc-i440fx-2.2`` (removed in 4.0 up to 9.0) +``pc-0.10`` up to ``pc-i440fx-2.3`` (removed in 4.0 up to 9.0) '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' These machine types were very old and likely could not be used for live diff --git a/hw/i386/pc.c b/hw/i386/pc.c index a1b0e94523..2e2146f42b 100644 --- a/hw/i386/pc.c +++ b/hw/i386/pc.c @@ -256,31 +256,6 @@ GlobalProperty pc_compat_2_4[] = { }; const size_t pc_compat_2_4_len = G_N_ELEMENTS(pc_compat_2_4); -GlobalProperty pc_compat_2_3[] = { - PC_CPU_MODEL_IDS("2.3.0") - { TYPE_X86_CPU, "arat", "off" }, - { "qemu64" "-" TYPE_X86_CPU, "min-level", "4" }, - { "kvm64" "-" TYPE_X86_CPU, "min-level", "5" }, - { "pentium3" "-" TYPE_X86_CPU, "min-level", "2" }, - { "n270" "-" TYPE_X86_CPU, "min-level", "5" }, - { "Conroe" "-" TYPE_X86_CPU, "min-level", "4" }, - { "Penryn" "-" TYPE_X86_CPU, "min-level", "4" }, - { "Nehalem" "-" TYPE_X86_CPU, "min-level", "4" }, - { "n270" "-" TYPE_X86_CPU, "min-xlevel", "0x8000000a" }, - { "Penryn" "-" TYPE_X86_CPU, "min-xlevel", "0x8000000a" }, - { "Conroe" "-" TYPE_X86_CPU, "min-xlevel", "0x8000000a" }, - { "Nehalem" "-" TYPE_X86_CPU, "min-xlevel", "0x8000000a" }, - { "Westmere" "-" TYPE_X86_CPU, "min-xlevel", "0x8000000a" }, - { "SandyBridge" "-" TYPE_X86_CPU, "min-xlevel", "0x8000000a" }, - { "IvyBridge" "-" TYPE_X86_CPU, "min-xlevel", "0x8000000a" }, - { "Haswell" "-" TYPE_X86_CPU, "min-xlevel", "0x8000000a" }, - { "Haswell-noTSX" "-" TYPE_X86_CPU, "min-xlevel", "0x8000000a" }, - { "Broadwell" "-" TYPE_X86_CPU, "min-xlevel", "0x8000000a" }, - { "Broadwell-noTSX" "-" TYPE_X86_CPU, "min-xlevel", "0x8000000a" }, - { TYPE_X86_CPU, "kvm-no-smi-migration", "on" }, -}; -const size_t pc_compat_2_3_len = G_N_ELEMENTS(pc_compat_2_3); - GSIState *pc_gsi_create(qemu_irq **irqs, bool pci_enabled) { GSIState *s; diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c index 30bcd86ee6..370d130a6d 100644 --- a/hw/i386/pc_piix.c +++ b/hw/i386/pc_piix.c @@ -421,14 +421,6 @@ static void pc_set_south_bridge(Object *obj, int value, Error **errp) * hw_compat_*, pc_compat_*, or * pc_*_machine_options(). */ -static void pc_compat_2_3_fn(MachineState *machine) -{ - X86MachineState *x86ms = X86_MACHINE(machine); - if (kvm_enabled()) { - x86ms->smm = ON_OFF_AUTO_OFF; - } -} - #ifdef CONFIG_ISAPC static void pc_init_isa(MachineState *machine) { @@ -812,17 +804,6 @@ static void pc_i440fx_2_4_machine_options(MachineClass *m) DEFINE_I440FX_MACHINE(v2_4, "pc-i440fx-2.4", NULL, pc_i440fx_2_4_machine_options) -static void pc_i440fx_2_3_machine_options(MachineClass *m) -{ - pc_i440fx_2_4_machine_options(m); - m->hw_version = "2.3.0"; - compat_props_add(m->compat_props, hw_compat_2_3, hw_compat_2_3_len); - compat_props_add(m->compat_props, pc_compat_2_3, pc_compat_2_3_len); -} - -DEFINE_I440FX_MACHINE(v2_3, "pc-i440fx-2.3", pc_compat_2_3_fn, - pc_i440fx_2_3_machine_options); - #ifdef CONFIG_ISAPC static void isapc_machine_options(MachineClass *m) { -- 2.41.0

10 months, 3 weeks

2
1
0 / 0

[PATCH v4 01/22] hw/i386/pc: Deprecate 2.4 to 2.12 pc-i440fx machines

by Philippe Mathieu-Daudé

Similarly to the commit c7437f0ddb "docs/about: Mark the old pc-i440fx-2.0 - 2.3 machine types as deprecated", deprecate the 2.4 to 2.12 machines. Suggested-by: Thomas Huth <thuth(a)redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd(a)linaro.org> Reviewed-by: Thomas Huth <thuth(a)redhat.com> Reviewed-by: Zhao Liu <zhao1.liu(a)intel.com> --- docs/about/deprecated.rst | 4 ++-- hw/i386/pc_piix.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst index 7b548519b5..47234da329 100644 --- a/docs/about/deprecated.rst +++ b/docs/about/deprecated.rst @@ -219,8 +219,8 @@ deprecated; use the new name ``dtb-randomness`` instead. The new name better reflects the way this property affects all random data within the device tree blob, not just the ``kaslr-seed`` node. -``pc-i440fx-2.0`` up to ``pc-i440fx-2.3`` (since 8.2) -''''''''''''''''''''''''''''''''''''''''''''''''''''' +``pc-i440fx-2.0`` up to ``pc-i440fx-2.3`` (since 8.2) and ``pc-i440fx-2.4`` up to ``pc-i440fx-2.12`` (since 9.1) +'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' These old machine types are quite neglected nowadays and thus might have various pitfalls with regards to live migration. Use a newer machine type diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c index 18ba076609..817d99c0ce 100644 --- a/hw/i386/pc_piix.c +++ b/hw/i386/pc_piix.c @@ -727,6 +727,7 @@ DEFINE_I440FX_MACHINE(v3_0, "pc-i440fx-3.0", NULL, static void pc_i440fx_2_12_machine_options(MachineClass *m) { pc_i440fx_3_0_machine_options(m); + m->deprecation_reason = "old and unattended - use a newer version instead"; compat_props_add(m->compat_props, hw_compat_2_12, hw_compat_2_12_len); compat_props_add(m->compat_props, pc_compat_2_12, pc_compat_2_12_len); } @@ -832,7 +833,6 @@ static void pc_i440fx_2_3_machine_options(MachineClass *m) { pc_i440fx_2_4_machine_options(m); m->hw_version = "2.3.0"; - m->deprecation_reason = "old and unattended - use a newer version instead"; compat_props_add(m->compat_props, hw_compat_2_3, hw_compat_2_3_len); compat_props_add(m->compat_props, pc_compat_2_3, pc_compat_2_3_len); } -- 2.41.0

10 months, 3 weeks

2
1
0 / 0

[PATCH] scripts/meson-dist.py: Git builddir from env too

by Michal Privoznik

When meson runs a dist script it set both MESON_BUILD_ROOT and MESON_DIST_ROOT envvars [1]. But for some reason, we took the former as an argument and obtained the latter via env. Well, obtain both via env. 1: https://mesonbuild.com/Reference-manual_builtin_meson.html#mesonadd_dist_... Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- Another option is to pass both directories as arguments. But this inconsistent solution bothers me. Especially since I want to copy the script somewhere else (stay tuned to learn more). meson.build | 4 ++-- scripts/meson-dist.py | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/meson.build b/meson.build index 1518afa1cb..5aa50e0d64 100644 --- a/meson.build +++ b/meson.build @@ -2195,8 +2195,8 @@ if git foreach file : dist_files meson.add_dist_script( - meson_python_prog.full_path(), python3_prog.full_path(), meson_dist_prog.full_path(), - meson.project_build_root(), file + meson_python_prog.full_path(), python3_prog.full_path(), + meson_dist_prog.full_path(), file ) endforeach endif diff --git a/scripts/meson-dist.py b/scripts/meson-dist.py index bb751b97d3..39dd4fbab0 100755 --- a/scripts/meson-dist.py +++ b/scripts/meson-dist.py @@ -4,9 +4,9 @@ import os import shutil import sys -meson_build_root = sys.argv[1] -file_name = sys.argv[2] +file_name = sys.argv[1] +meson_build_root = os.environ['MESON_BUILD_ROOT'] meson_dist_root = os.environ['MESON_DIST_ROOT'] shutil.copy(os.path.join(meson_build_root, file_name), -- 2.43.2

10 months, 3 weeks

2
1
0 / 0

[PATCH 0/4] Enable removing features from CPU models and remove mpx

by Jiri Denemark

See 3/4 for details. Jiri Denemark (3): conf: Change return value of some CPU feature APIs cpu: Add removedPolicy parameter to virCPUUpdate qemu: Enable removing features from CPU models Tim Wiederhake (1): cpu_map: Drop 'mpx' from x86 cpu models src/conf/cpu_conf.c | 12 +-- src/conf/cpu_conf.h | 4 +- src/cpu/cpu.c | 10 ++- src/cpu/cpu.h | 6 +- src/cpu/cpu_arm.c | 3 +- src/cpu/cpu_loongarch.c | 3 +- src/cpu/cpu_ppc64.c | 3 +- src/cpu/cpu_riscv64.c | 3 +- src/cpu/cpu_s390.c | 10 +-- src/cpu/cpu_x86.c | 83 +++++++++---------- src/cpu_map/x86_Cascadelake-Server-noTSX.xml | 2 +- src/cpu_map/x86_Cascadelake-Server.xml | 2 +- src/cpu_map/x86_Icelake-Server-noTSX.xml | 2 +- src/cpu_map/x86_Icelake-Server.xml | 2 +- src/cpu_map/x86_Skylake-Client-IBRS.xml | 2 +- src/cpu_map/x86_Skylake-Client-noTSX-IBRS.xml | 2 +- src/cpu_map/x86_Skylake-Client.xml | 2 +- src/cpu_map/x86_Skylake-Server-IBRS.xml | 2 +- src/cpu_map/x86_Skylake-Server-noTSX-IBRS.xml | 2 +- src/cpu_map/x86_Skylake-Server.xml | 2 +- src/qemu/qemu_capabilities.c | 5 +- src/qemu/qemu_domain.c | 6 +- src/qemu/qemu_process.c | 36 +++++++- tests/cputest.c | 4 +- .../x86_64-cpuid-Core-i5-6600-guest.xml | 1 + .../x86_64-cpuid-Core-i5-6600-host.xml | 1 + .../x86_64-cpuid-Core-i5-6600-json.xml | 1 + .../x86_64-cpuid-Core-i7-7600U-guest.xml | 1 + .../x86_64-cpuid-Core-i7-7600U-host.xml | 1 + .../x86_64-cpuid-Core-i7-7600U-json.xml | 1 + .../x86_64-cpuid-Core-i7-7700-guest.xml | 1 + .../x86_64-cpuid-Core-i7-7700-host.xml | 1 + .../x86_64-cpuid-Core-i7-7700-json.xml | 1 + .../x86_64-cpuid-Core-i7-8550U-guest.xml | 1 + .../x86_64-cpuid-Core-i7-8550U-host.xml | 1 + .../x86_64-cpuid-Core-i7-8550U-json.xml | 1 + .../x86_64-cpuid-Core-i7-8700-guest.xml | 1 + .../x86_64-cpuid-Core-i7-8700-host.xml | 1 + .../x86_64-cpuid-Core-i7-8700-json.xml | 1 + .../x86_64-cpuid-Ice-Lake-Server-guest.xml | 1 + .../x86_64-cpuid-Ice-Lake-Server-host.xml | 1 + .../x86_64-cpuid-Ice-Lake-Server-json.xml | 1 + .../x86_64-cpuid-Xeon-E3-1225-v5-guest.xml | 1 + .../x86_64-cpuid-Xeon-E3-1225-v5-host.xml | 1 + .../x86_64-cpuid-Xeon-E3-1225-v5-json.xml | 1 + .../x86_64-cpuid-Xeon-E3-1245-v5-guest.xml | 1 + .../x86_64-cpuid-Xeon-E3-1245-v5-host.xml | 1 + .../x86_64-cpuid-Xeon-E3-1245-v5-json.xml | 1 + .../x86_64-cpuid-Xeon-Gold-5115-guest.xml | 1 + .../x86_64-cpuid-Xeon-Gold-5115-host.xml | 1 + .../x86_64-cpuid-Xeon-Gold-5115-json.xml | 1 + .../x86_64-cpuid-Xeon-Gold-6130-guest.xml | 1 + .../x86_64-cpuid-Xeon-Gold-6130-host.xml | 1 + .../x86_64-cpuid-Xeon-Gold-6130-json.xml | 1 + .../x86_64-cpuid-Xeon-Gold-6148-guest.xml | 1 + .../x86_64-cpuid-Xeon-Gold-6148-host.xml | 1 + .../x86_64-cpuid-Xeon-Gold-6148-json.xml | 1 + .../x86_64-cpuid-Xeon-Platinum-8268-guest.xml | 1 + .../x86_64-cpuid-Xeon-Platinum-8268-host.xml | 1 + .../x86_64-cpuid-Xeon-Platinum-8268-json.xml | 1 + .../x86_64-cpuid-Xeon-Platinum-9242-guest.xml | 1 + .../x86_64-cpuid-Xeon-Platinum-9242-host.xml | 1 + .../x86_64-cpuid-Xeon-Platinum-9242-json.xml | 1 + ..._64-cpuid-baseline-Cascadelake+Icelake.xml | 1 + ...puid-baseline-Cascadelake+Skylake-IBRS.xml | 1 + ..._64-cpuid-baseline-Cascadelake+Skylake.xml | 1 + ...-cpuid-baseline-Cooperlake+Cascadelake.xml | 1 + ...6_64-cpuid-baseline-Cooperlake+Icelake.xml | 1 + ...4-cpuid-baseline-Skylake-Client+Server.xml | 1 + .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.x86_64.xml | 1 + ...-Icelake-Server-pconfig.x86_64-latest.args | 2 +- ...-host-model-fallback-kvm.x86_64-4.2.0.args | 2 +- ...-host-model-fallback-kvm.x86_64-5.0.0.args | 2 +- .../cpu-host-model-kvm.x86_64-4.2.0.args | 2 +- .../cpu-host-model-kvm.x86_64-5.0.0.args | 2 +- ...ost-model-nofallback-kvm.x86_64-4.2.0.args | 2 +- ...ost-model-nofallback-kvm.x86_64-5.0.0.args | 2 +- 80 files changed, 174 insertions(+), 97 deletions(-) -- 2.44.0

10 months, 3 weeks

2
5
0 / 0

[PATCH v2 0/4] implement 'ras' feature support

by Kristina Hanicova

This is v2 of: https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/VX... changes since v1: * edited documentation * added validation for when the feature is ON as well as OFF (the first version checked just for the case when the feature was ON) Kristina Hanicova (4): qemu: introduce QEMU_CAPS_MACHINE_VIRT_RAS capability conf: parse and format machine virt ras feature qemu: validate machine virt ras feature qemu: format machine virt ras feature and test it docs/formatdomain.rst | 6 ++++ src/conf/domain_conf.c | 6 +++- src/conf/domain_conf.h | 1 + src/conf/schemas/domaincommon.rng | 5 +++ src/qemu/qemu_capabilities.c | 2 ++ src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_command.c | 5 +++ src/qemu/qemu_validate.c | 16 ++++++++++ .../caps_5.2.0_aarch64.xml | 1 + .../caps_6.0.0_aarch64.xml | 1 + .../caps_6.2.0_aarch64.xml | 1 + .../caps_7.0.0_aarch64+hvf.xml | 1 + .../caps_7.0.0_aarch64.xml | 1 + .../caps_8.2.0_aarch64.xml | 1 + .../caps_8.2.0_armv7l.xml | 1 + .../aarch64-features-ras.aarch64-latest.args | 31 +++++++++++++++++++ .../aarch64-features-ras.aarch64-latest.xml | 1 + .../qemuxmlconfdata/aarch64-features-ras.xml | 26 ++++++++++++++++ tests/qemuxmlconftest.c | 2 ++ 19 files changed, 108 insertions(+), 1 deletion(-) create mode 100644 tests/qemuxmlconfdata/aarch64-features-ras.aarch64-latest.args create mode 120000 tests/qemuxmlconfdata/aarch64-features-ras.aarch64-latest.xml create mode 100644 tests/qemuxmlconfdata/aarch64-features-ras.xml -- 2.42.0

10 months, 3 weeks

2
5
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Devel May 2024