June 2024 - Devel - Libvirt List Archives

[PATCH] network: allow for forward dev to be a transient interface

by Laine Stump

A user reported that if they set <forward mode='nat|route' dev='blah'> starting the network would fail if the device 'blah' didn't already exist. This is caused by using "iif" and "oif" in nftables rules to check for the forwarding device - these two commands work by saving the named interface's ifindex (an unsigned integer) when the rule is added, and comparing it to the ifindex associated with the packet's path at runtime. This works great if the interface both 1) exists when the rule is added, and 2) is never deleted and re-created after the rule is added (since it would end up with a different ifindex). When checking for the network's bridge device, it is okay for us to use "iif" and "oif", because the bridge device is created before the firewall rules are added, and will continue to exist until just after the firewall rules are deleted when the network is shutdown. But since the forward device might be deleted/re-added during the lifetime of the network's firewall rules, we must instead us "oifname" and "iifname" - these are much less efficient than "Xif" because they do a string compare of the interface's name rather than just comparing two integers (ifindex), but they don't require the interface to exist when the rule is added, and they can properly cope with the named interface being deleted and re-added later. Fixes: a4f38f6ffe6a9edc001d18890ccfc3f38e72fb94 Signed-off-by: Laine Stump <laine(a)redhat.com> --- src/network/network_nftables.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/network/network_nftables.c b/src/network/network_nftables.c index 59ab231a06..268d1f12ca 100644 --- a/src/network/network_nftables.c +++ b/src/network/network_nftables.c @@ -362,7 +362,7 @@ nftablesAddForwardAllowOut(virFirewall *fw, "iif", iface, NULL); if (physdev && physdev[0]) - virFirewallCmdAddArgList(fw, fwCmd, "oif", physdev, NULL); + virFirewallCmdAddArgList(fw, fwCmd, "oifname", physdev, NULL); virFirewallCmdAddArgList(fw, fwCmd, "counter", "accept", NULL); @@ -398,7 +398,7 @@ nftablesAddForwardAllowRelatedIn(virFirewall *fw, VIR_NFTABLES_FWD_IN_CHAIN, NULL); if (physdev && physdev[0]) - virFirewallCmdAddArgList(fw, fwCmd, "iif", physdev, NULL); + virFirewallCmdAddArgList(fw, fwCmd, "iifname", physdev, NULL); virFirewallCmdAddArgList(fw, fwCmd, "oif", iface, layerStr, "daddr", networkstr, @@ -437,7 +437,7 @@ nftablesAddForwardAllowIn(virFirewall *fw, layerStr, "daddr", networkstr, NULL); if (physdev && physdev[0]) - virFirewallCmdAddArgList(fw, fwCmd, "iif", physdev, NULL); + virFirewallCmdAddArgList(fw, fwCmd, "iifname", physdev, NULL); virFirewallCmdAddArgList(fw, fwCmd, "oif", iface, "counter", "accept", NULL); @@ -566,7 +566,7 @@ nftablesAddForwardMasquerade(virFirewall *fw, layerStr, "daddr", "!=", networkstr, NULL); if (physdev && physdev[0]) - virFirewallCmdAddArgList(fw, fwCmd, "oif", physdev, NULL); + virFirewallCmdAddArgList(fw, fwCmd, "oifname", physdev, NULL); if (protocol && protocol[0]) { if (port->start == 0 && port->end == 0) { @@ -634,7 +634,7 @@ nftablesAddDontMasquerade(virFirewall *fw, VIR_NFTABLES_NAT_POSTROUTE_CHAIN, NULL); if (physdev && physdev[0]) - virFirewallCmdAddArgList(fw, fwCmd, "oif", physdev, NULL); + virFirewallCmdAddArgList(fw, fwCmd, "oifname", physdev, NULL); virFirewallCmdAddArgList(fw, fwCmd, layerStr, "saddr", networkstr, -- 2.45.1

6 months, 3 weeks

2
2
0 / 0

[PATCH] meson: allow systemd sysusersdir to be changed

by Daniel P. Berrangé

We currently hardcode the systemd sysusersdir, but it is desirable to be able to choose a different location in some cases. For example, Fedora flatpak builds change the RPM %_sysusersdir macro, but we can't currently honour that. Reported-by: Yaakov Selkowitz <yselkowi(a)redhat.com> Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- libvirt.spec.in | 1 + meson.build | 5 +++++ meson_options.txt | 1 + src/qemu/meson.build | 2 +- 4 files changed, 8 insertions(+), 1 deletion(-) diff --git a/libvirt.spec.in b/libvirt.spec.in index 244e5e824c..347a609add 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1328,6 +1328,7 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/libvirt.spec) -Drunstatedir=%{_rundir} \ -Dinitconfdir=%{_sysconfdir}/sysconfig \ -Dunitdir=%{_unitdir} \ + -Dsysusersdir=%{_sysusersdir} \ %{?arg_qemu} \ %{?arg_openvz} \ %{?arg_lxc} \ diff --git a/meson.build b/meson.build index 295613fd93..2fc9ab3e96 100644 --- a/meson.build +++ b/meson.build @@ -100,6 +100,11 @@ if unitdir == '' unitdir = prefix / 'lib' / 'systemd' / 'system' endif +sysusersdir = getoption('sysusersdir') +if sysusersdir == '' + sysusersdir = prefix / 'lib' / 'sysusers.d' +endif + bindir = prefix / get_option('bindir') datadir = prefix / get_option('datadir') includedir = prefix / get_option('includedir') diff --git a/meson_options.txt b/meson_options.txt index a4f1dd769f..50d71427cb 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -5,6 +5,7 @@ option('system', type: 'boolean', value: false, description: 'Set install paths option('runstatedir', type: 'string', value: '', description: 'State directory for temporary sockets, pid files, etc') option('initconfdir', type: 'string', value: '', description: 'directory for init script configuration files') option('unitdir', type: 'string', value: '', description: 'directory for systemd unit files') +option('sysusersdir', type: 'string', value: '', description: 'directory for sysusers files') # dep:tests option('expensive_tests', type: 'feature', value: 'auto', description: 'set the default for enabling expensive tests (long timeouts)') option('test_coverage', type: 'boolean', value: false, description: 'turn on code coverage instrumentation') diff --git a/src/qemu/meson.build b/src/qemu/meson.build index 907893d431..57356451e4 100644 --- a/src/qemu/meson.build +++ b/src/qemu/meson.build @@ -163,7 +163,7 @@ if conf.has('WITH_QEMU') # Install the sysuser config for the qemu driver install_data( 'libvirt-qemu.sysusers.conf', - install_dir: prefix / 'lib' / 'sysusers.d', + install_dir: sysusersdir, rename: [ 'libvirt-qemu.conf' ], ) -- 2.43.0

6 months, 3 weeks

2
1
0 / 0

[PATCH-for-9.1 v2 0/3] rdma: Remove RDMA subsystem and pvrdma device

by Philippe Mathieu-Daudé

Since v1: - split in 3 (Thomas) - justify gluster removal Philippe Mathieu-Daudé (3): hw/rdma: Remove pvrdma device and rdmacm-mux helper migration: Remove RDMA protocol handling block/gluster: Remove RDMA protocol handling MAINTAINERS | 17 - docs/about/deprecated.rst | 9 - docs/about/removed-features.rst | 4 + docs/devel/migration/main.rst | 6 - docs/pvrdma.txt | 345 -- docs/rdma.txt | 420 -- docs/system/device-url-syntax.rst.inc | 4 +- docs/system/loongarch/virt.rst | 2 +- docs/system/qemu-block-drivers.rst.inc | 1 - meson.build | 59 - qapi/machine.json | 17 - qapi/migration.json | 31 +- qapi/qapi-schema.json | 1 - qapi/rdma.json | 38 - contrib/rdmacm-mux/rdmacm-mux.h | 61 - hw/rdma/rdma_backend.h | 129 - hw/rdma/rdma_backend_defs.h | 76 - hw/rdma/rdma_rm.h | 97 - hw/rdma/rdma_rm_defs.h | 146 - hw/rdma/rdma_utils.h | 63 - hw/rdma/trace.h | 1 - hw/rdma/vmw/pvrdma.h | 144 - hw/rdma/vmw/pvrdma_dev_ring.h | 46 - hw/rdma/vmw/pvrdma_qp_ops.h | 28 - hw/rdma/vmw/trace.h | 1 - include/hw/rdma/rdma.h | 37 - include/monitor/hmp.h | 1 - .../infiniband/hw/vmw_pvrdma/pvrdma_dev_api.h | 685 --- .../infiniband/hw/vmw_pvrdma/pvrdma_verbs.h | 348 -- .../standard-headers/rdma/vmw_pvrdma-abi.h | 310 -- migration/migration-stats.h | 6 +- migration/migration.h | 9 - migration/options.h | 2 - migration/rdma.h | 69 - block/gluster.c | 39 - contrib/rdmacm-mux/main.c | 831 ---- hw/core/machine-qmp-cmds.c | 32 - hw/rdma/rdma.c | 30 - hw/rdma/rdma_backend.c | 1401 ------ hw/rdma/rdma_rm.c | 812 ---- hw/rdma/rdma_utils.c | 126 - hw/rdma/vmw/pvrdma_cmd.c | 815 ---- hw/rdma/vmw/pvrdma_dev_ring.c | 141 - hw/rdma/vmw/pvrdma_main.c | 735 --- hw/rdma/vmw/pvrdma_qp_ops.c | 298 -- migration/migration-stats.c | 5 +- migration/migration.c | 31 - migration/options.c | 16 - migration/qemu-file.c | 1 - migration/ram.c | 86 +- migration/rdma.c | 4184 ----------------- migration/savevm.c | 2 +- monitor/qmp-cmds.c | 1 - Kconfig.host | 3 - contrib/rdmacm-mux/meson.build | 7 - hmp-commands-info.hx | 13 - hw/Kconfig | 1 - hw/meson.build | 1 - hw/rdma/Kconfig | 3 - hw/rdma/meson.build | 12 - hw/rdma/trace-events | 31 - hw/rdma/vmw/trace-events | 17 - meson_options.txt | 4 - migration/meson.build | 1 - migration/trace-events | 68 +- qapi/meson.build | 1 - qemu-options.hx | 6 - .../org.centos/stream/8/build-environment.yml | 1 - .../ci/org.centos/stream/8/x86_64/configure | 3 - scripts/ci/setup/build-environment.yml | 4 - scripts/coverity-scan/run-coverity-scan | 2 +- scripts/meson-buildoptions.sh | 6 - scripts/update-linux-headers.sh | 27 - tests/lcitool/projects/qemu.yml | 3 - tests/migration/guestperf/engine.py | 4 +- 75 files changed, 20 insertions(+), 12997 deletions(-) delete mode 100644 docs/pvrdma.txt delete mode 100644 docs/rdma.txt delete mode 100644 qapi/rdma.json delete mode 100644 contrib/rdmacm-mux/rdmacm-mux.h delete mode 100644 hw/rdma/rdma_backend.h delete mode 100644 hw/rdma/rdma_backend_defs.h delete mode 100644 hw/rdma/rdma_rm.h delete mode 100644 hw/rdma/rdma_rm_defs.h delete mode 100644 hw/rdma/rdma_utils.h delete mode 100644 hw/rdma/trace.h delete mode 100644 hw/rdma/vmw/pvrdma.h delete mode 100644 hw/rdma/vmw/pvrdma_dev_ring.h delete mode 100644 hw/rdma/vmw/pvrdma_qp_ops.h delete mode 100644 hw/rdma/vmw/trace.h delete mode 100644 include/hw/rdma/rdma.h delete mode 100644 include/standard-headers/drivers/infiniband/hw/vmw_pvrdma/pvrdma_dev_api.h delete mode 100644 include/standard-headers/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.h delete mode 100644 include/standard-headers/rdma/vmw_pvrdma-abi.h delete mode 100644 migration/rdma.h delete mode 100644 contrib/rdmacm-mux/main.c delete mode 100644 hw/rdma/rdma.c delete mode 100644 hw/rdma/rdma_backend.c delete mode 100644 hw/rdma/rdma_rm.c delete mode 100644 hw/rdma/rdma_utils.c delete mode 100644 hw/rdma/vmw/pvrdma_cmd.c delete mode 100644 hw/rdma/vmw/pvrdma_dev_ring.c delete mode 100644 hw/rdma/vmw/pvrdma_main.c delete mode 100644 hw/rdma/vmw/pvrdma_qp_ops.c delete mode 100644 migration/rdma.c delete mode 100644 contrib/rdmacm-mux/meson.build delete mode 100644 hw/rdma/Kconfig delete mode 100644 hw/rdma/meson.build delete mode 100644 hw/rdma/trace-events delete mode 100644 hw/rdma/vmw/trace-events -- 2.41.0

6 months, 3 weeks

17
80
0 / 0

[PATCH] meson: allow systemd unitdir to be changed

by Daniel P. Berrangé

We currently hardcode the systemd unitdir, but it is desirable to be able to choose a different location in some cases. For examples, Fedora flatpak builds change the RPM %_unitdir macro, but we can't currently honour that. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- libvirt.spec.in | 1 + meson.build | 5 +++++ meson_options.txt | 1 + src/meson.build | 8 +++----- 4 files changed, 10 insertions(+), 5 deletions(-) diff --git a/libvirt.spec.in b/libvirt.spec.in index 1d3240ee6f..0a121515b9 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1329,6 +1329,7 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/libvirt.spec) %meson \ -Drunstatedir=%{_rundir} \ -Dinitconfdir=%{_sysconfdir}/sysconfig \ + -Dunitdir=%{_unitdir} \ %{?arg_qemu} \ %{?arg_openvz} \ %{?arg_lxc} \ diff --git a/meson.build b/meson.build index 62e49be37d..295613fd93 100644 --- a/meson.build +++ b/meson.build @@ -95,6 +95,11 @@ if initconfdir == '' endif endif +unitdir = get_option('unitdir') +if unitdir == '' + unitdir = prefix / 'lib' / 'systemd' / 'system' +endif + bindir = prefix / get_option('bindir') datadir = prefix / get_option('datadir') includedir = prefix / get_option('includedir') diff --git a/meson_options.txt b/meson_options.txt index cdc8687795..a4f1dd769f 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -4,6 +4,7 @@ option('packager_version', type: 'string', value: '', description: 'Extra packag option('system', type: 'boolean', value: false, description: 'Set install paths to system ones') option('runstatedir', type: 'string', value: '', description: 'State directory for temporary sockets, pid files, etc') option('initconfdir', type: 'string', value: '', description: 'directory for init script configuration files') +option('unitdir', type: 'string', value: '', description: 'directory for systemd unit files') # dep:tests option('expensive_tests', type: 'feature', value: 'auto', description: 'set the default for enabling expensive tests (long timeouts)') option('test_coverage', type: 'boolean', value: false, description: 'turn on code coverage instrumentation') diff --git a/src/meson.build b/src/meson.build index dd2682ec19..8cce42c7ad 100644 --- a/src/meson.build +++ b/src/meson.build @@ -812,11 +812,9 @@ endforeach if conf.has('WITH_LIBVIRTD') # Generate systemd service and socket unit files if init_script == 'systemd' - systemd_unit_dir = prefix / 'lib' / 'systemd' / 'system' - install_data( guest_unit_files, - install_dir: systemd_unit_dir, + install_dir: unitdir, ) if conf.has('WITH_POLKIT') @@ -855,7 +853,7 @@ if conf.has('WITH_LIBVIRTD') output: service_out, configuration: unit_conf, install: true, - install_dir: systemd_unit_dir, + install_dir: unitdir, ) foreach socket : unit.get('sockets', [ 'main', 'ro', 'admin' ]) @@ -881,7 +879,7 @@ if conf.has('WITH_LIBVIRTD') output: socket_out, configuration: unit_conf, install: true, - install_dir: systemd_unit_dir, + install_dir: unitdir, ) endforeach endforeach -- 2.43.0

6 months, 3 weeks

2
1
0 / 0

[PATCH] rpm: drop cyrus-sasl dep

by Daniel P. Berrangé

We link to libsasl2.so, so get a dep on cyrus-sasl-libs automatically. The dep on cyrus-sasl-gssapi gets us the mechanism that matches our default config. The 'cyrus-sasl' package merely contains some man pages and the saslauthd daemon, which is not required by libvirt. This dep appears to have been redundant since we first added in commit 1b1d647439059b7e10fb94e1ade227fb695d7110 Author: Daniel P. Berrangé <berrange(a)redhat.com> Date: Wed Dec 5 15:24:15 2007 +0000 Initial integration of SASL authentication, working for Kerberos only Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- libvirt.spec.in | 2 -- 1 file changed, 2 deletions(-) diff --git a/libvirt.spec.in b/libvirt.spec.in index 1d3240ee6f..343015ad1d 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1055,8 +1055,6 @@ with some QEMU specific features of libvirt. %package libs Summary: Client side libraries -# So remote clients can access libvirt over SSH tunnel -Requires: cyrus-sasl # Needed by default sasl.conf - no onerous extra deps, since # 100's of other things on a system already pull in krb5-libs Requires: cyrus-sasl-gssapi -- 2.43.0

6 months, 3 weeks

2
1
0 / 0

Re: [PATCH] qemu_block: Validate number of hosts for iSCSI disk device

by Peter Krempa

On Thu, Jun 06, 2024 at 16:17:41 +0530, Rayhan Faizel wrote: > Hi, Hi, please *always* keep replies on-list (use reply-all). I've re-added the mailing list again. > > On Thu, Jun 6, 2024 at 4:12 PM Peter Krempa <pkrempa(a)redhat.com> wrote: > > > > On Thu, Jun 06, 2024 at 15:45:16 +0530, Rayhan Faizel wrote: > > > An iSCSI device with zero hosts will result in a segmentation fault. This patch > > > adds a check for the number of hosts, which must be one in the case of iSCSI. > > > > > > Minimal reproducing XML: > > > > > > <domain type='qemu'> > > > <name>MyGuest</name> > > > <uuid>4dea22b3-1d52-d8f3-2516-782e98ab3fa0</uuid> > > > <os> > > > <type arch='x86_64'>hvm</type> > > > </os> > > > <memory>4096</memory> > > > <devices> > > > <disk type='network'> > > > <source name='dummy' protocol='iscsi'/> > > > <target dev='vda'/> > > > </disk> > > > </devices> > > > </domain> > > > > Please transform this bit into a test case in qemuxmlconftest to see > > that it's properly rejected. > > > > I did try to add a testcase but the schema tests fail on this > particular XML because it expects one or more <hosts>. Is there a way > to exclude schema validation for certain testcases or should I just > modify the schema and change it from oneOrMore to zeroOrMore? Schema test result can be inverted by naming the file with '-invalid.xml' suffix. In such case the test will require that the XML has invalid schema. Additionally it's also possible by adding an exception in virschematest, but we have more than a few tests with the suffix in qemuxmlconftest.

6 months, 3 weeks

1
0
0 / 0

[PATCH] qemu_block: Validate number of hosts for iSCSI disk device

by Rayhan Faizel

An iSCSI device with zero hosts will result in a segmentation fault. This patch adds a check for the number of hosts, which must be one in the case of iSCSI. Minimal reproducing XML: <domain type='qemu'> <name>MyGuest</name> <uuid>4dea22b3-1d52-d8f3-2516-782e98ab3fa0</uuid> <os> <type arch='x86_64'>hvm</type> </os> <memory>4096</memory> <devices> <disk type='network'> <source name='dummy' protocol='iscsi'/> <target dev='vda'/> </disk> </devices> </domain> Signed-off-by: Rayhan Faizel <rayhan.faizel(a)gmail.com> --- This crashing XML was detected by the WIP fuzzer which is being developed as part of Google Summer of Code 2024. src/qemu/qemu_block.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c index 738b72d7ea..d6cdf521c4 100644 --- a/src/qemu/qemu_block.c +++ b/src/qemu/qemu_block.c @@ -602,6 +602,12 @@ qemuBlockStorageSourceGetISCSIProps(virStorageSource *src, * } */ + if (src->nhosts != 1) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("iSCSI protocol accepts only one host")); + return NULL; + } + target = g_strdup(src->path); /* Separate the target and lun */ -- 2.34.1

6 months, 3 weeks

2
1
0 / 0

[PATCH 0/2] lib: Annotate more functions as NULL terminated

by Michal Privoznik

I'm working on something that's calling qemuMonitorCreateObjectProps() and was getting random errors only to find out I was missing NULL sentinel. This sparked me to look at other functions that might be missing the G_GNUC_NULL_TERMINATED attribute too and found some. Michal Prívozník (2): lib: Annotate more function as NULL terminated qemumonitortestutils: Fix G_GNUC_PRINTF annotation of qemuMonitorTestAddErrorResponse() src/qemu/qemu_monitor.h | 3 ++- src/qemu/qemu_monitor_json.c | 2 +- tests/qemumigrationcookiexmltest.c | 2 +- tests/qemumonitortestutils.c | 2 +- tests/qemumonitortestutils.h | 3 ++- tests/testutils.h | 3 ++- tests/testutilsqemuschema.h | 3 ++- tools/vsh.c | 2 +- 8 files changed, 12 insertions(+), 8 deletions(-) -- 2.44.1

6 months, 3 weeks

2
3
0 / 0

libvirt / Win10.qcow2

by gilada＠adamworld.biz

Hello, hope it works in German. Need some help. My problem: Windows 10 won't boot anymore, automatic repair doesn't work either. Is there a way to repair Win10 and how? Best regards Gilbert Adam

6 months, 3 weeks

1
0
0 / 0

[PATCH] rpm: ensure -Werror is disabled for mingw builds

by Daniel P. Berrangé

Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- libvirt.spec.in | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libvirt.spec.in b/libvirt.spec.in index 0f3c882f05..1d3240ee6f 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1485,8 +1485,9 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/libvirt.spec) -Dtests=disabled \ -Dudev=disabled \ -Dwireshark_dissector=disabled \ - -Dyajl=disabled - %mingw_ninja + -Dyajl=disabled \ + %{?enable_werror} +%mingw_ninja %endif %install -- 2.43.0

6 months, 3 weeks

2
1
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Devel June 2024