[PATCH] Remove the deprecated "-runas" command line option
by Thomas Huth
It has been marked as deprecated two releases ago, so it should
be fine now to remove this command line option.
Signed-off-by: Thomas Huth <thuth(a)redhat.com>
---
docs/about/deprecated.rst | 6 ------
docs/about/removed-features.rst | 6 ++++++
system/vl.c | 9 ---------
qemu-options.hx | 15 +--------------
4 files changed, 7 insertions(+), 29 deletions(-)
diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index d6809f94ea..63b46fd520 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -74,12 +74,6 @@ configurations (e.g. -smp drawers=1,books=1,clusters=1 for x86 PC machine) is
marked deprecated since 9.0, users have to ensure that all the topology members
described with -smp are supported by the target machine.
-``-runas`` (since 9.1)
-''''''''''''''''''''''
-
-Use ``-run-with user=..`` instead.
-
-
User-mode emulator command line arguments
-----------------------------------------
diff --git a/docs/about/removed-features.rst b/docs/about/removed-features.rst
index cb1388049a..c6616ce05e 100644
--- a/docs/about/removed-features.rst
+++ b/docs/about/removed-features.rst
@@ -555,6 +555,12 @@ to produce an odd effect (rotating input but not display output). But
this was never intended or documented behaviour, so we have dropped
the options along with the machine models they were intended for.
+``-runas`` (removed in 10.0)
+''''''''''''''''''''''''''''
+
+Use ``-run-with user=..`` instead.
+
+
User-mode emulator command line arguments
-----------------------------------------
diff --git a/system/vl.c b/system/vl.c
index 0843b7ab49..3c5bd36d7d 100644
--- a/system/vl.c
+++ b/system/vl.c
@@ -3611,15 +3611,6 @@ void qemu_init(int argc, char **argv)
/* Nothing to be parsed here. Especially, do not error out below. */
break;
#if defined(CONFIG_POSIX)
- case QEMU_OPTION_runas:
- warn_report("-runas is deprecated, use '-run-with user=...' instead");
- if (!os_set_runas(optarg)) {
- error_report("User \"%s\" doesn't exist"
- " (and is not <uid>:<gid>)",
- optarg);
- exit(1);
- }
- break;
case QEMU_OPTION_daemonize:
os_set_daemonize(true);
break;
diff --git a/qemu-options.hx b/qemu-options.hx
index cc694d3b89..7090d59f6f 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -4976,19 +4976,6 @@ SRST
``-nodefaults`` option will disable all those default devices.
ERST
-#ifndef _WIN32
-DEF("runas", HAS_ARG, QEMU_OPTION_runas, \
- "-runas user change to user id user just before starting the VM\n" \
- " user can be numeric uid:gid instead\n",
- QEMU_ARCH_ALL)
-#endif
-SRST
-``-runas user``
- Immediately before starting guest execution, drop root privileges,
- switching to the specified user. This option is deprecated, use
- ``-run-with user=...`` instead.
-ERST
-
DEF("prom-env", HAS_ARG, QEMU_OPTION_prom_env,
"-prom-env variable=value\n"
" set OpenBIOS nvram variables\n",
@@ -5176,7 +5163,7 @@ SRST
``chroot=dir`` can be used for doing a chroot to the specified directory
immediately before starting the guest execution. This is especially useful
- in combination with -runas.
+ in combination with ``user=...``.
``user=username`` or ``user=uid:gid`` can be used to drop root privileges
before starting guest execution. QEMU will use the ``setuid`` and ``setgid``
--
2.47.1
10 hours, 4 minutes
[PATCH v2 0/3] po: handle translation of polkit policy file strings
by Daniel P. Berrangé
There was a proposal
https://gitlab.com/libvirt/libvirt/-/merge_requests/387
to add translations for the polkit files. In reviewing this we came
to the conclusion the approach was undesirable. After getting misled
by a Debian/Ubuntu specific downstream only patch to polkit which
auto-translated polkit files at runtime, this implements the manual
approach of merging translations into the polkit files at build time.
Changed in v2:
- Fix introduction of 'polkitactionsdir'
- Also introduce 'polkitrulesdir'
- Fix syntax check rules for POFILES with generated polkit
- Remove incorrect 'install: true' rule for policy.in file
Daniel P. Berrangé (3):
po: add its rules for translating polkit file strings
meson: remove duplication of polkit dirs construction
remote: apply translations to polkit files
build-aux/syntax-check.mk | 5 +++--
meson.build | 6 ++++++
po/POTFILES | 2 ++
po/its/polkit.its | 8 ++++++++
po/its/polkit.loc | 6 ++++++
po/meson.build | 5 ++---
src/access/meson.build | 20 +++++++++++++++----
.../{libvirtd.policy => libvirtd.policy.in} | 0
src/remote/meson.build | 15 ++++++++------
9 files changed, 52 insertions(+), 15 deletions(-)
create mode 100644 po/its/polkit.its
create mode 100644 po/its/polkit.loc
rename src/remote/{libvirtd.policy => libvirtd.policy.in} (100%)
--
2.47.1
10 hours, 4 minutes
[PATCH 0/2] po: handle translatin of polkit policy file strings
by Daniel P. Berrangé
There was a proposal
https://gitlab.com/libvirt/libvirt/-/merge_requests/387
to add translations for the polkit files. In reviewing this we came
to the conclusion the approach was undesirable. After getting misled
by a Debian/Ubuntu specific downstream only patch to polkit which
auto-translated polkit files at runtime, this implements the manual
approach of merging translations into the polkit files at build time.
Daniel P. Berrangé (2):
po: add its rules for translating polkit file strings
remote: apply translations to polkit files
meson.build | 5 +++++
po/POTFILES | 2 ++
po/its/polkit.its | 8 ++++++++
po/its/polkit.loc | 6 ++++++
po/meson.build | 3 +--
src/access/meson.build | 18 ++++++++++++++----
.../{libvirtd.policy => libvirtd.policy.in} | 0
src/remote/meson.build | 13 ++++++++-----
8 files changed, 44 insertions(+), 11 deletions(-)
create mode 100644 po/its/polkit.its
create mode 100644 po/its/polkit.loc
rename src/remote/{libvirtd.policy => libvirtd.policy.in} (100%)
--
2.46.0
10 hours, 46 minutes
[PATCH] virtiofs: allow read only mode
by Adam Julis
Resolves: https://issues.redhat.com/browse/RHEL-72192
Signed-off-by: Adam Julis <ajulis(a)redhat.com>
---
docs/formatdomain.rst | 2 +-
src/qemu/qemu_validate.c | 11 -----
src/qemu/qemu_virtiofs.c | 3 ++
.../vhost-user-fs-readonly.x86_64-latest.args | 34 ++++++++++++++
.../vhost-user-fs-readonly.x86_64-latest.err | 1 -
.../vhost-user-fs-readonly.x86_64-latest.xml | 45 +++++++++++++++++++
.../vhost-user-fs-readonly.xml | 1 +
tests/qemuxmlconftest.c | 2 +-
8 files changed, 85 insertions(+), 14 deletions(-)
create mode 100644 tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.args
delete mode 100644 tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.err
create mode 100644 tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.xml
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 8d787ef59a..e8e8336708 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -3824,7 +3824,7 @@ A directory on the host that can be accessed directly from the guest.
:since:`Since 10.0.0`
``readonly``
Enables exporting filesystem as a readonly mount for guest, by default
- read-write access is given (currently only works for QEMU/KVM driver; not
+ read-write access is given (works for QEMU/KVM driver and :since:`Since 11.0.0`
with virtiofs).
``space_hard_limit``
Maximum space available to this guest's filesystem. :since:`Since 0.9.13`
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index aaa056379e..086c66b602 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -4540,11 +4540,6 @@ qemuValidateDomainDeviceDefFS(virDomainFSDef *fs,
case VIR_DOMAIN_FS_DRIVER_TYPE_VIRTIOFS:
if (!fs->sock) {
- if (fs->readonly) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("virtiofs does not yet support read-only mode"));
- return -1;
- }
if (fs->accessmode != VIR_DOMAIN_FS_ACCESSMODE_PASSTHROUGH) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("virtiofs only supports passthrough accessmode"));
@@ -4557,12 +4552,6 @@ qemuValidateDomainDeviceDefFS(virDomainFSDef *fs,
}
}
- if (fs->readonly) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("virtiofs does not support read-only access"));
- return -1;
- }
-
if (fs->model != VIR_DOMAIN_FS_MODEL_DEFAULT) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("virtiofs does not support model"));
diff --git a/src/qemu/qemu_virtiofs.c b/src/qemu/qemu_virtiofs.c
index 87226be288..dd3e0dd9fe 100644
--- a/src/qemu/qemu_virtiofs.c
+++ b/src/qemu/qemu_virtiofs.c
@@ -228,6 +228,9 @@ qemuVirtioFSBuildCommandLine(virQEMUDriverConfig *cfg,
fs->idmap.gidmap[i].count);
}
+ if (fs->readonly)
+ virCommandAddArg(cmd, "--readonly");
+
return g_steal_pointer(&cmd);
}
diff --git a/tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.args b/tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.args
new file mode 100644
index 0000000000..d3c71544f8
--- /dev/null
+++ b/tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.args
@@ -0,0 +1,34 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/var/lib/libvirt/qemu/domain--1-guest \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
+XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
+XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=guest,debug-threads=on \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
+-machine pc,usb=off,dump-guest-core=off,acpi=off \
+-accel kvm \
+-cpu qemu64 \
+-m size=14680064k \
+-overcommit mem-lock=off \
+-smp 2,sockets=2,cores=1,threads=1 \
+-object '{"qom-type":"memory-backend-file","id":"ram-node0","mem-path":"/var/lib/libvirt/qemu/ram/-1-guest/ram-node0","share":true,"size":15032385536}' \
+-numa node,nodeid=0,cpus=0-1,memdev=ram-node0 \
+-uuid 126f2720-6f8e-45ab-a886-ec9277079a67 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-boot strict=on \
+-chardev socket,id=chr-vu-fs0,path=/var/lib/libvirt/qemu/domain--1-guest/fs0-fs.sock \
+-device '{"driver":"vhost-user-fs-pci","id":"fs0","chardev":"chr-vu-fs0","queue-size":1024,"tag":"mount_tag","bus":"pci.0","addr":"0x2"}' \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+-msg timestamp=on
diff --git a/tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.err b/tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.err
deleted file mode 100644
index fff45fac4b..0000000000
--- a/tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.err
+++ /dev/null
@@ -1 +0,0 @@
-unsupported configuration: virtiofs does not yet support read-only mode
diff --git a/tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.xml b/tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.xml
new file mode 100644
index 0000000000..c9c1e5c3d2
--- /dev/null
+++ b/tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.xml
@@ -0,0 +1,45 @@
+<domain type='kvm'>
+ <name>guest</name>
+ <uuid>126f2720-6f8e-45ab-a886-ec9277079a67</uuid>
+ <memory unit='KiB'>14680064</memory>
+ <currentMemory unit='KiB'>14680064</currentMemory>
+ <memoryBacking>
+ <source type='file'/>
+ <access mode='shared'/>
+ </memoryBacking>
+ <vcpu placement='static'>2</vcpu>
+ <os>
+ <type arch='x86_64' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <cpu mode='custom' match='exact' check='none'>
+ <model fallback='forbid'>qemu64</model>
+ <numa>
+ <cell id='0' cpus='0-1' memory='14680064' unit='KiB' memAccess='shared'/>
+ </numa>
+ </cpu>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' index='0' model='none'/>
+ <controller type='pci' index='0' model='pci-root'/>
+ <filesystem type='mount' accessmode='passthrough'>
+ <driver type='virtiofs' queue='1024'/>
+ <binary path='/usr/libexec/virtiofsd' xattr='on'>
+ <cache mode='always'/>
+ <lock posix='off' flock='off'/>
+ </binary>
+ <source dir='/path'/>
+ <target dir='mount_tag'/>
+ <readonly/>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
+ </filesystem>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <audio id='1' type='none'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxmlconfdata/vhost-user-fs-readonly.xml b/tests/qemuxmlconfdata/vhost-user-fs-readonly.xml
index 003ed41eb3..c9c1e5c3d2 100644
--- a/tests/qemuxmlconfdata/vhost-user-fs-readonly.xml
+++ b/tests/qemuxmlconfdata/vhost-user-fs-readonly.xml
@@ -39,6 +39,7 @@
</filesystem>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
+ <audio id='1' type='none'/>
<memballoon model='none'/>
</devices>
</domain>
diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
index 21b56dc94e..6a46bfc7a3 100644
--- a/tests/qemuxmlconftest.c
+++ b/tests/qemuxmlconftest.c
@@ -2880,7 +2880,7 @@ mymain(void)
DO_TEST_CAPS_LATEST("vhost-user-fs-fd-memory");
DO_TEST_CAPS_LATEST("vhost-user-fs-fd-openfiles");
DO_TEST_CAPS_LATEST("vhost-user-fs-hugepages");
- DO_TEST_CAPS_LATEST_PARSE_ERROR("vhost-user-fs-readonly");
+ DO_TEST_CAPS_LATEST("vhost-user-fs-readonly");
DO_TEST_CAPS_ARCH_LATEST("vhost-user-fs-ccw", "s390x");
DO_TEST_CAPS_ARCH_LATEST_PARSE_ERROR("vhost-user-fs-ccw-bootindex", "s390x");
--
2.47.1
13 hours, 8 minutes
[PATCH] qemu monitor: Fix incorrect error message condition
by Fabian Leditzky
Fixes 'block_io_throttle inserted entry was not in expected format'
error message spam.
Without this patch, libvirtd writes an error message every time this
function runs for a domain which has CD-ROM drives without a media
attached. The 'inserted' key is not present when the drive is empty.
The original code incorrectly assumes that the 'inserted' entry is not
in the right format (wrong JSON value type, not an 'Object') when
virJSONValueObjectGetObject(temp_dev, "inserted") returns NULL. However,
NULL is also returned when the 'inserted' entry is simply not present.
Signed-off-by: Fabian Leditzky <fabian(a)ldsoft.dev>
---
src/qemu/qemu_monitor_json.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index 9f417d27c6..baf934c2af 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -4581,8 +4581,16 @@ qemuMonitorJSONBlockIoThrottleInfo(virJSONValue *io_throttle,
found = true;
if (!(inserted = virJSONValueObjectGetObject(temp_dev, "inserted"))) {
- virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("block_io_throttle inserted entry was not in expected format"));
+ /*
+ * Ensure that we only print the error message when the 'inserted' key is actually the wrong type/format.
+ * Some device types (e.g. SATA CD-ROM) will have no 'inserted' key present if no media is present.
+ * Avoid spamming this error in such cases.
+ */
+ if (virJSONValueObjectGet(temp_dev, "inserted")) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("block_io_throttle inserted entry was not in expected format"));
+ }
+
return -1;
}
GET_THROTTLE_STATS("bps", total_bytes_sec);
--
2.47.1
1 day, 11 hours
[PATCH] apparmor: Allow running loongarch64 VMs on Debian 12
by Xianglai Li
Allows to load firmware in the qemu-efi-loongarch64 directory
Allows the binary qemu-system-loongarch64 to be run
This makes it impossible to run loongarch64 VMs when AppArmor is enabled
Signed-off-by: Xianglai Li <lixianglai(a)loongson.cn>
---
src/security/apparmor/libvirt-qemu.in | 1 +
src/security/virt-aa-helper.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/src/security/apparmor/libvirt-qemu.in b/src/security/apparmor/libvirt-qemu.in
index 694da26dea..c63077574e 100644
--- a/src/security/apparmor/libvirt-qemu.in
+++ b/src/security/apparmor/libvirt-qemu.in
@@ -144,6 +144,7 @@
/usr/bin/qemu-system-hppa rmix,
/usr/bin/qemu-system-i386 rmix,
/usr/bin/qemu-system-lm32 rmix,
+ /usr/bin/qemu-system-loongarch64 rmix,
/usr/bin/qemu-system-m68k rmix,
/usr/bin/qemu-system-microblaze rmix,
/usr/bin/qemu-system-microblazeel rmix,
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 1cf9d7ad3d..94a28bf331 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -481,6 +481,7 @@ valid_path(const char *path, const bool readonly)
"/usr/share/AAVMF/",
"/usr/share/qemu-efi/", /* for AAVMF images */
"/usr/share/qemu-efi-aarch64/",
+ "/usr/share/qemu-efi-loongarch64/",
"/usr/share/qemu-efi-riscv64/",
"/usr/share/qemu/", /* SUSE path for OVMF and AAVMF images */
"/usr/lib/u-boot/",
--
2.39.1
1 day, 13 hours
[PATCH 00/19] hw/microblaze: Allow running cross-endian vCPUs
by Philippe Mathieu-Daudé
Make machines endianness-agnostic, allowing to run a big-endian vCPU
on the little-endian 'qemu-system-microblazeel' binary, and a little
endian one on the big-endian 'qemu-system-microblaze' binary.
Tests added, following combinations covered:
- little-endian vCPU using little-endian binary (in-tree)
- little-endian vCPU using big-endian binary (new)
- big-endian vCPU using little-endian binary (new)
- big-endian vCPU using big-endian binary (in-tree)
Deprecate untested big-endian machines, likely build on the big
endian binary by mistake:
- petalogix-ml605
- xlnx-zynqmp-pmu
To make a target endian-agnostic we need to remove the MO_TE uses.
In order to do that, we propagate the MemOp from earlier in the
call stack, or we extract it from the vCPU env (on MicroBlaze the
CPU endianness is exposed by the 'ENDI' bit).
Note, since vCPU can run in any endianness, the
MemoryRegionOps::endianness should not be DEVICE_NATIVE_ENDIAN
anymore, because this definition expand to the binary endianness,
swapping data regardless how the vcpu access it.
See adjust_endianness() -> devend_memop(). Something to keep in
mind, possibly requiring further work and optimizations (avoid
double-swap).
Next step: Look at unifying binaries.
Please review,
Phil.
Philippe Mathieu-Daudé (19):
target/microblaze: Rename CPU endianness property as 'little-endian'
hw/microblaze: Deprecate big-endian petalogix-ml605 & xlnx-zynqmp-pmu
hw/microblaze/s3adsp1800: Explicit CPU endianness
hw/microblaze/s3adsp1800: Rename unimplemented MMIO region as xps_gpio
hw/microblaze/s3adsp1800: Declare machine type using DEFINE_TYPES
macro
hw/microblaze: Fix MemoryRegionOps coding style
hw/microblaze: Restrict MemoryRegionOps are implemented as 32-bit
hw/microblaze: Propagate CPU endianness to microblaze_load_kernel()
hw/intc/xilinx_intc: Only expect big-endian accesses
hw/timer/xilinx_timer: Only expect big-endian accesses
hw/timer/xilinx_timer: Allow down to 8-bit memory access
hw/net/xilinx_ethlite: Only expect big-endian accesses
target/microblaze: Explode MO_TExx -> MO_TE | MO_xx
target/microblaze: Set MO_TE once in do_load() / do_store()
target/microblaze: Introduce mo_endian() helper
target/microblaze: Consider endianness while translating code
hw/microblaze: Support various endianness for s3adsp1800 machines
tests/functional: Explicit endianness of microblaze assets
tests/functional: Add microblaze cross-endianness tests
docs/about/deprecated.rst | 6 ++
.../devices/microblaze-softmmu/default.mak | 2 -
.../devices/microblazeel-softmmu/default.mak | 5 +-
hw/microblaze/boot.h | 4 +-
target/microblaze/cpu.h | 7 ++
hw/char/xilinx_uartlite.c | 8 ++-
hw/intc/xilinx_intc.c | 23 +++++--
hw/microblaze/boot.c | 8 +--
hw/microblaze/petalogix_ml605_mmu.c | 11 ++-
hw/microblaze/petalogix_s3adsp1800_mmu.c | 67 +++++++++++++++++--
hw/microblaze/xlnx-zynqmp-pmu.c | 12 ++--
hw/net/xilinx_ethlite.c | 28 ++++++--
hw/timer/xilinx_timer.c | 15 +++--
target/microblaze/cpu.c | 2 +-
target/microblaze/translate.c | 49 ++++++++------
.../functional/test_microblaze_s3adsp1800.py | 27 +++++++-
.../test_microblazeel_s3adsp1800.py | 25 ++++++-
17 files changed, 236 insertions(+), 63 deletions(-)
--
2.45.2
1 day, 14 hours
[RFC v3 PATCH 0/4] iproute2 bridge vlan support
by Leigh Brown
As requested by Laine, I have converted the code to use netlink rather
than executing bridge vlan commands. I have also checked it compiles
under FreeBSD.
Description
-----------
The iproute2 bridge command supports the capability for VLAN filtering
that allows each interface connected to a standard linux bridge to be
configured to use one or more VLANs. For simple setups, this capability
is enough to allow virtual machines or containers to be put onto
separate VLANs without creating multiple bridges and VLANs on the host.
The first patch adds a new function virNetDevBridgeSetupVlans() that
will, given a virNetDevVlan structure, execute the required bridge vlan
commands to configure the given interface accordingly.
The second patch updates the virNetDevBridgeAddPort() function to allow
a virNetDevVlan parameter to be passed, and to call the
virNetDevBridgeSetupVlans() function.
The third patch updates the lxc and tap code to pass the virNetDevLan
parameter from the configuration and to update the XML domain and
network validation to permit the VLAN-related tags for standard
bridges.
The fourth patch updates documentation to match the new capability.
Changes since v2
----------------
- Convert to use netlink rather than executing bridge vlan commands.
- Add unsupported on this platform error message on FreeBSD.
Changes since v1
----------------
- Fix bug in virNetDevSetupVlans where bridge port has no native vlan.
- Update bridge network validation to permit vlan configuration.
- Update documentation to match the functionality.
- Tweak some of the commit descriptions for clarity.
Usage example
-------------
Configure the host with systemd-networkd as follows:
/etc/systemd/network/br0.netdev (br0.network not shown)
[NetDev]
Name=br0
Kind=bridge
MACAddress=xx:xx:xx:xx:xx:xx
[Bridge]
VLANFiltering=on
/etc/systemd/network/eno1.network
[Match]
Name=eno1
[Network]
Bridge=br0
[Link]
MTUBytes=9000
[BridgeVLAN]
VLAN=40
[BridgeVLAN]
VLAN=60
Then add <vlan> tags into the lxc or qemu config:
lxc interface definition:
<interface type='bridge'>
<mac address='xx:xx:xx:xx:xx:xx'/>
<source bridge='br0'/>
<vlan>
<tag id='40'/>
</vlan>
</interface>
qemu interface definition:
<interface type='network'>
<mac address='xx:xx:xx:xx:xx:xx'/>
<source network='br0'/>
<vlan>
<tag id='60'/>
</vlan>
<model type='virtio'/>
<address type='pci' domain='0x0000'
bus='0x01' slot='0x00' function='0x0'/>
</interface>
Then, after starting them, you will see the following
$ sudo bridge vlan
port vlan-id
eno1 1 PVID Egress Untagged
40
60
br0 1 PVID Egress Untagged
vnet0 60 PVID Egress Untagged
vnet1 40 PVID Egress Untagged
Regards,
Leigh Brown (4):
util: add netlink bridge vlan filtering
util: Add vlan support to virNetDevBridgeAddPort
Enable vlan support for standard linux bridges
docs: standard linux bridges now support vlans
docs/formatdomain.rst | 37 +++++++++---------
docs/formatnetwork.rst | 45 +++++++++++-----------
src/conf/domain_validate.c | 3 +-
src/lxc/lxc_process.c | 3 +-
src/network/bridge_driver.c | 13 ++++---
src/util/virnetdevbridge.c | 75 +++++++++++++++++++++++++++++++++++--
src/util/virnetdevbridge.h | 4 +-
src/util/virnetdevtap.c | 2 +-
src/util/virnetlink.c | 66 ++++++++++++++++++++++++++++++++
src/util/virnetlink.h | 7 ++++
10 files changed, 202 insertions(+), 53 deletions(-)
--
2.39.5
1 day, 17 hours
[PATCH] nodedev: udev: Hook up virFileWaitForExist to address uevent,
race of pci device
by Guoyi Tu
this commit addresses the same issue that as commit 1af45804 does.
the following message is copying from that commit:
If we find ourselves in the situation that the 'add' uevent has been
fired earlier than the sysfs tree for a device was created, we should
use the best-effort approach and give kernel some predetermined amount
of time, thus waiting for the attributes to be ready rather than
discarding the device from our device list forever. If those don't appear
in the given time frame, we need to move on, since libvirt can't wait
indefinitely.
Signed-off-by: Guoyi Tu <tugy(a)chinatelecom.cn>
---
src/node_device/node_device_udev.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/node_device/node_device_udev.c
b/src/node_device/node_device_udev.c
index 1d8486f623..4a1786c21c 100644
--- a/src/node_device/node_device_udev.c
+++ b/src/node_device/node_device_udev.c
@@ -427,10 +427,19 @@ udevProcessPCI(virNodeDeviceDriverState *driver_state,
virPCIEDeviceInfo *pci_express = NULL;
virPCIDevice *pciDev = NULL;
virPCIDeviceAddress devAddr = { 0 };
+ g_autofree char *linkpath = NULL;
int ret = -1;
char *p;
bool privileged = false;
+ linkpath = g_strdup_printf("%s/config",
udev_device_get_syspath(device));
+ if (virFileWaitForExists(linkpath, 10, 100) < 0) {
+ virReportSystemError(errno,
+ _("failed to wait for file '%1$s' to appear"),
+ linkpath);
+ goto cleanup;
+ }
+
VIR_WITH_MUTEX_LOCK_GUARD(&driver_state->lock) {
privileged = driver_state->privileged;
}
--
2.27.0
--
Guoyi
1 day, 19 hours