[PATCH v2 00/13] Implement support for QCOW2 data files
by Nikolai Barybin
Hello everyone!
With help of Peter's review and after researching Cole's patches I've
come up with the second version.
Changes since last revision:
- properly taken in account (while probing disk chain) usecase when we have
data-file as part of some backing image
- added proper integration with security drivers instead of call to
chown
- data-file is added to qemu cmdline as a reference to blockdev
- added XML formatiing and parsing
- added basic tests to qemublocktest
Nikolai Barybin (13):
conf: add data-file feature and related fields to virStorageSource
storage file: add getDataFile function to FileTypeInfo
storage file: add qcow2 data-file path parsing from header
storage file: fill in src->dataFileStore during file probe
security: DAC: handle qcow2 data-file on image label set/restore
security: selinux: handle qcow2 data-file on image label set/restore
security: apparmor: handle qcow2 data-file
qemu: put data-file path to VM's cgroup and namespace
qemu: factor out qemuDomainPrepareStorageSource()
qemu: enable basic qcow2 data-file feature support
conf: schemas: add data-file store to domain rng schema
conf: implement XML parsing/formatingo for dataFileStore
tests: add qcow2 data-file basic tests to qemublocktest
src/conf/domain_conf.c | 98 +++++++++++++++++++
src/conf/domain_conf.h | 13 +++
src/conf/schemas/domaincommon.rng | 15 +++
src/conf/storage_source_conf.c | 11 +++
src/conf/storage_source_conf.h | 5 +
src/qemu/qemu_block.c | 7 ++
src/qemu/qemu_cgroup.c | 4 +
src/qemu/qemu_command.c | 5 +
src/qemu/qemu_domain.c | 50 +++++++---
src/qemu/qemu_namespace.c | 5 +
src/security/security_dac.c | 26 ++++-
src/security/security_selinux.c | 20 +++-
src/security/virt-aa-helper.c | 4 +
src/storage_file/storage_file_probe.c | 85 ++++++++++++----
src/storage_file/storage_source.c | 28 ++++++
src/storage_file/storage_source.h | 3 +
tests/qemublocktest.c | 78 +++++++++------
...backing-with-data-file-noopts-srconly.json | 27 +++++
...e-qcow2-backing-with-data-file-noopts.json | 41 ++++++++
...le-qcow2-backing-with-data-file-noopts.xml | 35 +++++++
.../file-qcow2-data-file-noopts-srconly.json | 18 ++++
.../xml2json/file-qcow2-data-file-noopts.json | 27 +++++
.../xml2json/file-qcow2-data-file-noopts.xml | 24 +++++
23 files changed, 558 insertions(+), 71 deletions(-)
create mode 100644 tests/qemublocktestdata/xml2json/file-qcow2-backing-with-data-file-noopts-srconly.json
create mode 100644 tests/qemublocktestdata/xml2json/file-qcow2-backing-with-data-file-noopts.json
create mode 100644 tests/qemublocktestdata/xml2json/file-qcow2-backing-with-data-file-noopts.xml
create mode 100644 tests/qemublocktestdata/xml2json/file-qcow2-data-file-noopts-srconly.json
create mode 100644 tests/qemublocktestdata/xml2json/file-qcow2-data-file-noopts.json
create mode 100644 tests/qemublocktestdata/xml2json/file-qcow2-data-file-noopts.xml
--
2.43.5
4 months, 3 weeks
Re: [PATCH RFC v4 11/17] qemu: block: Support block disk along with
throttle filters
by Peter Krempa
On Mon, Sep 30, 2024 at 10:14:59 +0000, Edward Arulanadam wrote:
> Dear All,
>
> My sincere apologies on reaching out regarding this change as I know, someone would be reviewing the change and provide review comments as per the community guidelines. Since this change is very critical for us to move forward, may I request for a review and let us know if this is good now.
Hi,
when this last iteration was posted I got a note (off-list) from the
author stating that they might not be able to continue work on that
series.
Are you going to pick up the work on that series? If so make sure to
configure your mail client to avoid breaking threads (as you did with
this mail). I'll use the existing convention of using 'reply-all' to the
patches so you might not get CC'd for the postings which are already
on-list. If that's a problem please re-post the series (obviously
keeping authorship intact).
I'm keeping it on my to-do list but due to personal reasons I'm really
backlogged in reviews so please be patient.
4 months, 3 weeks
[PATCH v2] chardev: introduce 'reconnect-ms' and deprecate 'reconnect'
by Daniil Tatianin
The 'reconnect' option only allows to specify the time in seconds,
which is way too long for certain workflows.
We have a lightweight disk backend server, which takes about 20ms to
live update, but due to this limitation in QEMU, previously the guest
disk controller would hang for one second because it would take this
long for QEMU to reinitialize the socket connection.
Introduce a new option called 'reconnect-ms', which is the same as
'reconnect', except the value is treated as milliseconds. These are
mutually exclusive and specifying both results in an error.
'reconnect' is also deprecated by this commit to make it possible to
remove it in the future as to not keep two options that control the
same thing.
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov(a)yandex-team.ru>
Acked-by: Peter Krempa <pkrempa(a)redhat.com>
Signed-off-by: Daniil Tatianin <d-tatianin(a)yandex-team.ru>
---
Changes since v0:
- Mention the deprecation in docs (Paolo)
Changes since v1:
- Move option validation to qmp_chardev_validate_socket as qemu_chr_parse_socket
is only called for the command line and not QMP. (thanks to Markus Armbruster for spotting)
---
chardev/char-socket.c | 33 ++++++++++++++++++++++++---------
chardev/char.c | 3 +++
docs/about/deprecated.rst | 6 ++++++
include/chardev/char-socket.h | 2 +-
qapi/char.json | 17 +++++++++++++++--
5 files changed, 49 insertions(+), 12 deletions(-)
diff --git a/chardev/char-socket.c b/chardev/char-socket.c
index 1ca9441b1b..91496ceda9 100644
--- a/chardev/char-socket.c
+++ b/chardev/char-socket.c
@@ -74,7 +74,7 @@ static void qemu_chr_socket_restart_timer(Chardev *chr)
assert(!s->reconnect_timer);
name = g_strdup_printf("chardev-socket-reconnect-%s", chr->label);
s->reconnect_timer = qemu_chr_timeout_add_ms(chr,
- s->reconnect_time * 1000,
+ s->reconnect_time_ms,
socket_reconnect_timeout,
chr);
g_source_set_name(s->reconnect_timer, name);
@@ -481,7 +481,7 @@ static void tcp_chr_disconnect_locked(Chardev *chr)
if (emit_close) {
qemu_chr_be_event(chr, CHR_EVENT_CLOSED);
}
- if (s->reconnect_time && !s->reconnect_timer) {
+ if (s->reconnect_time_ms && !s->reconnect_timer) {
qemu_chr_socket_restart_timer(chr);
}
}
@@ -1080,9 +1080,9 @@ static int tcp_chr_wait_connected(Chardev *chr, Error **errp)
} else {
Error *err = NULL;
if (tcp_chr_connect_client_sync(chr, &err) < 0) {
- if (s->reconnect_time) {
+ if (s->reconnect_time_ms) {
error_free(err);
- g_usleep(s->reconnect_time * 1000ULL * 1000ULL);
+ g_usleep(s->reconnect_time_ms * 1000ULL);
} else {
error_propagate(errp, err);
return -1;
@@ -1267,13 +1267,13 @@ skip_listen:
static int qmp_chardev_open_socket_client(Chardev *chr,
- int64_t reconnect,
+ int64_t reconnect_ms,
Error **errp)
{
SocketChardev *s = SOCKET_CHARDEV(chr);
- if (reconnect > 0) {
- s->reconnect_time = reconnect;
+ if (reconnect_ms > 0) {
+ s->reconnect_time_ms = reconnect_ms;
tcp_chr_connect_client_async(chr);
return 0;
} else {
@@ -1354,6 +1354,12 @@ static bool qmp_chardev_validate_socket(ChardevSocket *sock,
}
}
+ if (sock->has_reconnect_ms && sock->has_reconnect) {
+ error_setg(errp,
+ "'reconnect' and 'reconnect-ms' are mutually exclusive");
+ return false;
+ }
+
return true;
}
@@ -1371,7 +1377,7 @@ static void qmp_chardev_open_socket(Chardev *chr,
bool is_tn3270 = sock->has_tn3270 ? sock->tn3270 : false;
bool is_waitconnect = sock->has_wait ? sock->wait : false;
bool is_websock = sock->has_websocket ? sock->websocket : false;
- int64_t reconnect = sock->has_reconnect ? sock->reconnect : 0;
+ int64_t reconnect_ms = 0;
SocketAddress *addr;
s->is_listen = is_listen;
@@ -1443,7 +1449,13 @@ static void qmp_chardev_open_socket(Chardev *chr,
return;
}
} else {
- if (qmp_chardev_open_socket_client(chr, reconnect, errp) < 0) {
+ if (sock->has_reconnect) {
+ reconnect_ms = sock->reconnect * 1000ULL;
+ } else if (sock->has_reconnect_ms) {
+ reconnect_ms = sock->reconnect_ms;
+ }
+
+ if (qmp_chardev_open_socket_client(chr, reconnect_ms, errp) < 0) {
return;
}
}
@@ -1509,6 +1521,9 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
sock->wait = qemu_opt_get_bool(opts, "wait", true);
sock->has_reconnect = qemu_opt_find(opts, "reconnect");
sock->reconnect = qemu_opt_get_number(opts, "reconnect", 0);
+ sock->has_reconnect_ms = qemu_opt_find(opts, "reconnect-ms");
+ sock->reconnect_ms = qemu_opt_get_number(opts, "reconnect-ms", 0);
+
sock->tls_creds = g_strdup(qemu_opt_get(opts, "tls-creds"));
sock->tls_authz = g_strdup(qemu_opt_get(opts, "tls-authz"));
diff --git a/chardev/char.c b/chardev/char.c
index ba847b6e9e..35623c78a3 100644
--- a/chardev/char.c
+++ b/chardev/char.c
@@ -888,6 +888,9 @@ QemuOptsList qemu_chardev_opts = {
},{
.name = "reconnect",
.type = QEMU_OPT_NUMBER,
+ },{
+ .name = "reconnect-ms",
+ .type = QEMU_OPT_NUMBER,
},{
.name = "telnet",
.type = QEMU_OPT_BOOL,
diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index 88f0f03786..e5db9bc6e9 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -430,6 +430,12 @@ Backend ``memory`` (since 9.0)
``memory`` is a deprecated synonym for ``ringbuf``.
+``reconnect`` (since 9.2)
+^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The ``reconnect`` option only allows specifiying second granularity timeouts,
+which is not enough for all types of use cases, use ``reconnect-ms`` instead.
+
CPU device properties
'''''''''''''''''''''
diff --git a/include/chardev/char-socket.h b/include/chardev/char-socket.h
index 0708ca6fa9..d6d13ad37f 100644
--- a/include/chardev/char-socket.h
+++ b/include/chardev/char-socket.h
@@ -74,7 +74,7 @@ struct SocketChardev {
bool is_websock;
GSource *reconnect_timer;
- int64_t reconnect_time;
+ int64_t reconnect_time_ms;
bool connect_err_reported;
QIOTask *connect_task;
diff --git a/qapi/char.json b/qapi/char.json
index ef58445cee..7f117438c6 100644
--- a/qapi/char.json
+++ b/qapi/char.json
@@ -273,7 +273,19 @@
#
# @reconnect: For a client socket, if a socket is disconnected, then
# attempt a reconnect after the given number of seconds. Setting
-# this to zero disables this function. (default: 0) (Since: 2.2)
+# this to zero disables this function. The use of this member is
+# deprecated, use @reconnect-ms instead. (default: 0) (Since: 2.2)
+#
+# @reconnect-ms: For a client socket, if a socket is disconnected,
+# then attempt a reconnect after the given number of milliseconds.
+# Setting this to zero disables this function. This member is
+# mutually exclusive with @reconnect.
+# (default: 0) (Since: 9.2)
+#
+# Features:
+#
+# @deprecated: Member @reconnect is deprecated. Use @reconnect-ms
+# instead.
#
# Since: 1.4
##
@@ -287,7 +299,8 @@
'*telnet': 'bool',
'*tn3270': 'bool',
'*websocket': 'bool',
- '*reconnect': 'int' },
+ '*reconnect': { 'type': 'int', 'features': [ 'deprecated' ] },
+ '*reconnect-ms': 'int' },
'base': 'ChardevCommon' }
##
--
2.34.1
4 months, 4 weeks
[PATCH V2 0/2] qemu: Clarify purpose of image format settings
by Jim Fehlig
The current documentation of the various foo_image_format settings in
qemu.conf subtly implies they are only used for specifying compression.
Patch1 of this small series attempts to clarify and improve the description
of the settings. It defines image format as a way to specify the desired
layout of guest memory blocks on disk.
Patch2 changes the use of 'compressed' with 'format' throughout the
code, removing implication that format == compressed.
V2:
Replace more uses of 'compressed' with 'format' in patch2
Jim Fehlig (2):
qemu: conf: Improve the foo_image_format setting descriptions
qemu: Use consistent naming for save image format
src/qemu/qemu.conf.in | 40 +++++++++++++++++++++++----------------
src/qemu/qemu_driver.c | 30 ++++++++++++++---------------
src/qemu/qemu_saveimage.c | 32 +++++++++++++++----------------
src/qemu/qemu_saveimage.h | 4 ++--
src/qemu/qemu_snapshot.c | 6 +++---
5 files changed, 60 insertions(+), 52 deletions(-)
--
2.35.3
4 months, 4 weeks
[PATCH v2 0/1] Add support for RAPL MSRs feature in QEMU
by Anthony Harivel
Hi,
First of all, kudos to Peter Krempa for his fast review!
In this v2, I've addressed the following points:
- The socket is *not* mandatory and my code totally confused Peter.
Sorry about that!
here a snippet of the QEMU code to understand:
/* Compute the socket path if necessary */
if (s->msr_energy.socket_path == NULL) {
s->msr_energy.socket_path = vmsr_compute_default_paths();
}
So I made all the modification to make it not necessary.
- Change the socket name to "rapl_helper_socket"
- Change the socket to be absFilePath
- I did not add anything to honour the _OFF state, because it is not
necessary to explicitly disable it.
That's about it.
Regards,
Anthony
Anthony Harivel (1):
qemu: Add support for RAPL MSRs feature
docs/formatdomain.rst | 2 ++
src/conf/domain_conf.c | 18 ++++++++++++++++++
src/conf/domain_conf.h | 2 ++
src/conf/schemas/domaincommon.rng | 10 ++++++++++
src/qemu/qemu_command.c | 11 +++++++++++
tests/qemuxmlconfdata/kvm-features-off.xml | 1 +
.../kvm-features.x86_64-latest.args | 2 +-
tests/qemuxmlconfdata/kvm-features.xml | 1 +
8 files changed, 46 insertions(+), 1 deletion(-)
--
2.46.0
5 months
[PATCH v2 0/4] Add TPM emulator <source file=''/>
by marcandre.lureau@redhat.com
From: Marc-André Lureau <marcandre.lureau(a)redhat.com>
Hi,
When swtpm capabilities reports "nvram-backend-dir", it can accepts a single
file or block device where TPM state will be stored.
--tpmstate must be backend-uri=file://.
v2:
- add <source dir='..'/> support as well (Daniel)
Related: https://issues.redhat.com/browse/CNV-35250
Marc-André Lureau (4):
util: check swtpm nvram-backend-dir capability
schema: add TPM emulator <source file='..'>
schema: add TPM emulator <source dir='..'>
qemu_tpm: handle file/block storage source
docs/formatdomain.rst | 18 +++++
src/conf/domain_conf.c | 28 +++++++
src/conf/domain_conf.h | 7 ++
src/conf/schemas/domaincommon.rng | 20 +++++
src/qemu/qemu_tpm.c | 76 +++++++++++++++----
src/util/virtpm.c | 1 +
src/util/virtpm.h | 1 +
.../qemuxmlconfdata/tpm-emulator-tpm2-enc.xml | 1 +
tests/qemuxmlconfdata/tpm-emulator-tpm2.xml | 1 +
9 files changed, 140 insertions(+), 13 deletions(-)
--
2.45.2.827.g557ae147e6
5 months
[PATCH V2 0/4] Rework qemu internal active snapshots to use QMP
by Nikolai Barybin
Den, Peter, Daniel thank you for your comments!
I'm sending v2 of this patchset.
Changes since last revision:
- dropped [PATCH 4/4] qemu monitor: reap qemu_monitor_text
- added new patch: qemu capabilities: add QEMU_CAPS_SNAPSHOT_SAVE/_DELETE
- preserved old-style snapshotting (HMP savevm) in case we have QEMU < 6.0
- enhanced requirements for allowing snapshotting. All writable disks
should be qcow2, non-shared. If such disks exist and we have qcow2
NVRAM, add NVRAM device to the list of wrdevs. But never save vmstate
to NVRAM
- make char** wrdevs list allocation inside
qemuSnapshotActiveInternalGetWrdevListHelper()
Nikolai Barybin (4):
qemu monitor: add snaphot-save/delete QMP commands
qemu blockjob: add snapshot-save/delete job types
qemu capabilities: add QEMU_CAPS_SNAPSHOT_SAVE/_DELETE
qemu snapshot: use QMP snapshot-save/delete for internal snapshots
src/qemu/qemu_block.c | 2 +
src/qemu/qemu_blockjob.c | 6 +-
src/qemu/qemu_blockjob.h | 2 +
src/qemu/qemu_capabilities.c | 4 +
src/qemu/qemu_capabilities.h | 2 +
src/qemu/qemu_domain.c | 4 +
src/qemu/qemu_monitor.c | 30 +++
src/qemu/qemu_monitor.h | 13 ++
src/qemu/qemu_monitor_json.c | 66 ++++++
src/qemu/qemu_monitor_json.h | 13 ++
src/qemu/qemu_snapshot.c | 207 ++++++++++++++++--
.../caps_6.0.0_aarch64.xml | 2 +
.../qemucapabilitiesdata/caps_6.0.0_s390x.xml | 2 +
.../caps_6.0.0_x86_64.xml | 2 +
.../caps_6.1.0_x86_64.xml | 2 +
.../caps_6.2.0_aarch64.xml | 2 +
.../qemucapabilitiesdata/caps_6.2.0_ppc64.xml | 2 +
.../caps_6.2.0_x86_64.xml | 2 +
.../caps_7.0.0_aarch64+hvf.xml | 2 +
.../caps_7.0.0_aarch64.xml | 2 +
.../qemucapabilitiesdata/caps_7.0.0_ppc64.xml | 2 +
.../caps_7.0.0_x86_64.xml | 2 +
.../qemucapabilitiesdata/caps_7.1.0_ppc64.xml | 2 +
.../caps_7.1.0_x86_64.xml | 2 +
tests/qemucapabilitiesdata/caps_7.2.0_ppc.xml | 2 +
.../caps_7.2.0_x86_64+hvf.xml | 2 +
.../caps_7.2.0_x86_64.xml | 2 +
.../caps_8.0.0_riscv64.xml | 2 +
.../caps_8.0.0_x86_64.xml | 2 +
.../qemucapabilitiesdata/caps_8.1.0_s390x.xml | 2 +
.../caps_8.1.0_x86_64.xml | 2 +
.../caps_8.2.0_aarch64.xml | 2 +
.../caps_8.2.0_armv7l.xml | 2 +
.../caps_8.2.0_loongarch64.xml | 2 +
.../qemucapabilitiesdata/caps_8.2.0_s390x.xml | 2 +
.../caps_8.2.0_x86_64.xml | 2 +
.../qemucapabilitiesdata/caps_9.0.0_sparc.xml | 2 +
.../caps_9.0.0_x86_64.xml | 2 +
.../caps_9.1.0_x86_64.xml | 2 +
39 files changed, 391 insertions(+), 14 deletions(-)
--
2.43.5
5 months
[PATCH 0/2] add NIC hotplug support to test hypervisor
by John Levon
These two patches add basic support for NIC hot[un]plug to the test hypervisor,
based on the qemu driver; only ethernet and bridge type VNICS are currently
supported.
John Levon (2):
test_driver: provide basic NIC hotplug support
test_driver: provide basic NIC hotunplug support
src/test/test_driver.c | 305 ++++++++++++++++++++++++++++++++++++++---
1 file changed, 283 insertions(+), 22 deletions(-)
--
2.34.1
5 months
[PATCH v6 00/13] qemu: Introduce shared_filesystems configuration option
by Andrea Bolognani
The need to have something like this in the first place is driven by
KubeVirt (see [1] and [2]). A draft version of this series has been
integrated into KubeVirt and it has been confirmed that it was
effective in removing the need to use LD_PRELOAD hacks in the storage
provider.
Changes from [v5]:
* make migration of domains with TPM work (patches 12 and 13);
* fixed all typos for "remember";
* added R-bs for Peter's patches.
Changes from [v4] (v5 was posted by Peter):
* added patch 7 cleaning up a helper function (noticed just while
reading the code)
* added patch 8 properly unrefing security labels in dac/selinux
drivers on outgoing migration
* patch 11: added handling of the 'nvram' image file (and refactored
the function to
allow reuse)
Changes from [v3] (v4 was posted by Peter):
* patch 2/8 was modified to change the docs for the new option.
* patches 1-5 will get an R-b by me as I've adopted them.
* patches 6, 9-11 are new.
* patches 7, 8 were not part of v3
Changes from [v2]:
* added canonicalization for user-provided paths;
* fixed compilation issues when AppArmor support is enabled.
Changes from [v1]:
* documented more explicitly that the newly introduced option is
intended for very specific scenarios and not general usage; as
part of this, the NEWS update has been dropped too;
* made a few tweaks and addressed a few oversight based on review
feedback;
* several preparatory cleanup patches have been pushed.
Changes from [v0]:
* reworked approach.
[v5] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/H...
[v4] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/F...
[v3] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/P...
[v2] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/XP...
[v1] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/XE...
[v0] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/MM...
[1] https://issues.redhat.com/browse/CNV-34322
[2] https://issues.redhat.com/browse/CNV-39370
Andrea Bolognani (7):
security: Fix alignment
qemu: Introduce shared_filesystems configuration option
qemu: Propagate shared_filesystems
utils: Use overrides in virFileIsSharedFS()
qemu: Always set labels for TPM state
security: Always forget labels for TPM state directory
qemu: Don't lock TPM state directory for incoming migration
Peter Krempa (6):
virFileIsSharedFSOverride: Export
virParseOwnershipIds: Refactor
virSecuritySELinuxRestoreImageLabelInt: Move FD image relabeling after
'migrated' check
security_(dac|selinux): Unref remembered security labels on outgoing
migration
storage_source: Add field for skipping seclabel remembering
qemu: migration: Don't remember seclabel for images shared from
current host
src/conf/storage_source_conf.c | 3 +
src/conf/storage_source_conf.h | 9 ++
src/libvirt_private.syms | 1 +
src/lxc/lxc_controller.c | 3 +-
src/lxc/lxc_driver.c | 2 +-
src/lxc/lxc_process.c | 4 +-
src/qemu/libvirtd_qemu.aug | 3 +
src/qemu/qemu.conf.in | 26 +++++
src/qemu/qemu_conf.c | 31 ++++++
src/qemu/qemu_conf.h | 2 +
src/qemu/qemu_domain.c | 7 +-
src/qemu/qemu_extdevice.c | 2 +-
src/qemu/qemu_migration.c | 86 ++++++++++++++---
src/qemu/qemu_security.c | 95 +++++++++++++-----
src/qemu/qemu_security.h | 6 +-
src/qemu/qemu_tpm.c | 50 ++++++----
src/qemu/qemu_tpm.h | 10 +-
src/qemu/test_libvirtd_qemu.aug.in | 5 +
src/security/security_apparmor.c | 8 +-
src/security/security_dac.c | 53 +++++++++--
src/security/security_driver.h | 8 +-
src/security/security_manager.c | 33 +++++--
src/security/security_manager.h | 9 +-
src/security/security_nop.c | 5 +
src/security/security_selinux.c | 148 +++++++++++++++++++++++------
src/security/security_stack.c | 32 +++++--
src/util/virfile.c | 63 +++++++++++-
src/util/virfile.h | 5 +-
src/util/virutil.c | 20 ++--
tests/securityselinuxlabeltest.c | 2 +-
tests/virfiletest.c | 2 +-
31 files changed, 594 insertions(+), 139 deletions(-)
--
2.46.0
5 months
[PATCH v2] domain_validate: Validate dma_translation for iommu models
by Han Han
The attribute dma_translation is only supported by intel-iommu device.
Report an error when it is used for the other iommu devices.
Fixes: 6866f958c1
Signed-off-by: Han Han <hhan(a)redhat.com>
---
v2: update the tests
v1: https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/6C...
src/conf/domain_validate.c | 3 ++-
...io-iommu-dma-translation.x86_64-latest.err | 1 +
.../virtio-iommu-dma-translation.xml | 20 +++++++++++++++++++
tests/qemuxmlconftest.c | 1 +
4 files changed, 24 insertions(+), 1 deletion(-)
create mode 100644 tests/qemuxmlconfdata/virtio-iommu-dma-translation.x86_64-latest.err
create mode 100644 tests/qemuxmlconfdata/virtio-iommu-dma-translation.xml
diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index eddb4a5e74..b8ae9ed79d 100644
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -2980,7 +2980,8 @@ virDomainIOMMUDefValidate(const virDomainIOMMUDef *iommu)
iommu->caching_mode != VIR_TRISTATE_SWITCH_ABSENT ||
iommu->eim != VIR_TRISTATE_SWITCH_ABSENT ||
iommu->iotlb != VIR_TRISTATE_SWITCH_ABSENT ||
- iommu->aw_bits != 0) {
+ iommu->aw_bits != 0 ||
+ iommu->dma_translation != VIR_TRISTATE_SWITCH_ABSENT) {
virReportError(VIR_ERR_XML_ERROR,
_("iommu model '%1$s' doesn't support additional attributes"),
virDomainIOMMUModelTypeToString(iommu->model));
diff --git a/tests/qemuxmlconfdata/virtio-iommu-dma-translation.x86_64-latest.err b/tests/qemuxmlconfdata/virtio-iommu-dma-translation.x86_64-latest.err
new file mode 100644
index 0000000000..2c3a272725
--- /dev/null
+++ b/tests/qemuxmlconfdata/virtio-iommu-dma-translation.x86_64-latest.err
@@ -0,0 +1 @@
+XML error: iommu model 'virtio' doesn't support additional attributes
diff --git a/tests/qemuxmlconfdata/virtio-iommu-dma-translation.xml b/tests/qemuxmlconfdata/virtio-iommu-dma-translation.xml
new file mode 100644
index 0000000000..a3723f266b
--- /dev/null
+++ b/tests/qemuxmlconfdata/virtio-iommu-dma-translation.xml
@@ -0,0 +1,20 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219100</memory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='x86_64' machine='q35'>hvm</type>
+ </os>
+ <features>
+ <acpi/>
+ </features>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' model='none'/>
+ <memballoon model='none'/>
+ <iommu model='virtio'>
+ <driver dma_translation='on'/>
+ </iommu>
+ </devices>
+</domain>
diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
index 61eb4cda75..dfcf67d2d0 100644
--- a/tests/qemuxmlconftest.c
+++ b/tests/qemuxmlconftest.c
@@ -2766,6 +2766,7 @@ mymain(void)
DO_TEST_CAPS_LATEST_PARSE_ERROR("virtio-iommu-no-acpi");
DO_TEST_CAPS_LATEST_PARSE_ERROR("virtio-iommu-invalid-address-type");
DO_TEST_CAPS_LATEST_PARSE_ERROR("virtio-iommu-invalid-address");
+ DO_TEST_CAPS_LATEST_PARSE_ERROR("virtio-iommu-dma-translation");
DO_TEST_CAPS_LATEST("cpu-hotplug-startup");
DO_TEST_CAPS_ARCH_LATEST_PARSE_ERROR("cpu-hotplug-granularity", "ppc64");
--
2.46.1
5 months
