[libvirt PATCH v2 0/2] conf: Adjust hyperv tlbflush formatting
by Ján Tomko
Including the refactor.
Ján Tomko (1):
conf: refactor hyperv features formatting
Martin Kletzander (1):
conf: Adjust hyperv tlbflush formatting
src/conf/domain_conf.c | 57 ++++++++++---------
.../qemuxmlconfdata/hyperv.x86_64-latest.xml | 5 +-
2 files changed, 33 insertions(+), 29 deletions(-)
--
2.47.0
4 weeks, 1 day
[PATCH] security: apparmor: Remove hardcoded "libvirtd" profile name
by Jim Fehlig
The apparmor driver probe function checks for an active profile matching
the full path of the running daemon binary. If not found, it checks for
a profile named "libvirtd". This works fine when the running daemon is the
old monolithic libvirtd, but fails with modular daemons.
Remove the check for a hardcoded "libvirtd" profile and replace with the
basename of the running daemon binary.
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
---
src/security/security_apparmor.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index c8e77c6cd2..eed0f265d6 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -239,7 +239,9 @@ use_apparmor(void)
*/
rc = profile_status(libvirt_daemon, 1);
if (rc < 0) {
- rc = profile_status("libvirtd", 1);
+ g_autofree char *basename = g_path_get_basename(libvirt_daemon);
+
+ rc = profile_status(basename, 1);
/* Error or unconfined should all result in -1 */
if (rc < 0)
rc = -1;
--
2.43.0
4 weeks, 1 day
[PATCH] conf: Adjust hyperv tlbflush formatting
by Martin Kletzander
Commi 247357cc292a added support for direct and extended modes for
tlbflush, but forgot to do the formatting as well. Instead of rewriting
the whole hyperv feature formatting to use yet another attribute and
child buffers, just fix it in a way the other features are and leave the
refactoring to later. One reason for that is that we should fix this
ASAP since without this patch the features will be stripped when
formatting the XML on the disk and lost after next daemon reload.
Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
---
src/conf/domain_conf.c | 20 ++++++++++++++++++-
.../qemuxmlconfdata/hyperv.x86_64-latest.xml | 5 ++++-
2 files changed, 23 insertions(+), 2 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 785eb0e539b4..ae56b292ad1e 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -27972,7 +27972,6 @@ virDomainDefFormatFeatures(virBuffer *buf,
case VIR_DOMAIN_HYPERV_RESET:
case VIR_DOMAIN_HYPERV_FREQUENCIES:
case VIR_DOMAIN_HYPERV_REENLIGHTENMENT:
- case VIR_DOMAIN_HYPERV_TLBFLUSH:
case VIR_DOMAIN_HYPERV_IPI:
case VIR_DOMAIN_HYPERV_EVMCS:
case VIR_DOMAIN_HYPERV_AVIC:
@@ -28016,6 +28015,25 @@ virDomainDefFormatFeatures(virBuffer *buf,
def->hyperv_vendor_id);
break;
+ case VIR_DOMAIN_HYPERV_TLBFLUSH:
+ if (def->hyperv_features[j] != VIR_TRISTATE_SWITCH_ON) {
+ virBufferAddLit(&childBuf, "/>\n");
+ break;
+ }
+ if (def->hyperv_tlbflush_direct == VIR_TRISTATE_SWITCH_ON ||
+ def->hyperv_tlbflush_extended == VIR_TRISTATE_SWITCH_ON) {
+ virBufferAddLit(&childBuf, ">\n");
+ virBufferAdjustIndent(&childBuf, 2);
+ if (def->hyperv_tlbflush_direct == VIR_TRISTATE_SWITCH_ON)
+ virBufferAddLit(&childBuf, "<direct state='on'/>\n");
+ if (def->hyperv_tlbflush_extended == VIR_TRISTATE_SWITCH_ON)
+ virBufferAddLit(&childBuf, "<extended state='on'/>\n");
+ virBufferAdjustIndent(&childBuf, -2);
+ virBufferAddLit(&childBuf, "</tlbflush>\n");
+ } else {
+ virBufferAddLit(&childBuf, "/>\n");
+ }
+
case VIR_DOMAIN_HYPERV_LAST:
break;
}
diff --git a/tests/qemuxmlconfdata/hyperv.x86_64-latest.xml b/tests/qemuxmlconfdata/hyperv.x86_64-latest.xml
index 36d9161fa811..49537188af3f 100644
--- a/tests/qemuxmlconfdata/hyperv.x86_64-latest.xml
+++ b/tests/qemuxmlconfdata/hyperv.x86_64-latest.xml
@@ -22,7 +22,10 @@
<vendor_id state='on' value='KVM Hv'/>
<frequencies state='on'/>
<reenlightenment state='on'/>
- <tlbflush state='on'/>
+ <tlbflush state='on'>
+ <direct state='on'/>
+ <extended state='on'/>
+ </tlbflush>
<ipi state='on'/>
<evmcs state='on'/>
<avic state='on'/>
--
2.47.1
4 weeks, 1 day
[PATCH v2 1/3] Revert "qemu: explicit swtpm state locking"
by marcandre.lureau@redhat.com
From: Marc-André Lureau <marcandre.lureau(a)redhat.com>
This reverts commit bb5e26749fe5b5856a3541be2cbe147701e6e121.
swtpm-setup doesn't have "tpmstate-lock", only swtpm.
Signed-off-by: Marc-André Lureau <marcandre.lureau(a)redhat.com>
---
src/qemu/qemu_tpm.c | 11 ++---------
src/util/virtpm.c | 1 -
src/util/virtpm.h | 1 -
tests/testutilsqemu.c | 1 -
4 files changed, 2 insertions(+), 12 deletions(-)
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index f5e0184e54..476e3dd224 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -344,23 +344,16 @@ static char *
qemuTPMGetSwtpmSetupStateArg(const virDomainTPMSourceType source_type,
const char *source_path)
{
- const char *lock = ",lock";
-
- if (!virTPMSwtpmSetupCapsGet(VIR_TPM_SWTPM_SETUP_FEATURE_TPMSTATE_OPT_LOCK)) {
- VIR_WARN("This swtpm version doesn't support explicit locking");
- lock = "";
- }
-
switch (source_type) {
case VIR_DOMAIN_TPM_SOURCE_TYPE_FILE:
/* the file:// prefix is supported since swtpm_setup 0.7.0 */
/* assume the capability check for swtpm is redundant. */
- return g_strdup_printf("file://%s%s", source_path, lock);
+ return g_strdup_printf("file://%s", source_path);
case VIR_DOMAIN_TPM_SOURCE_TYPE_DIR:
case VIR_DOMAIN_TPM_SOURCE_TYPE_DEFAULT:
case VIR_DOMAIN_TPM_SOURCE_TYPE_LAST:
default:
- return g_strdup_printf("%s%s", source_path, lock);
+ return g_strdup_printf("%s", source_path);
}
}
diff --git a/src/util/virtpm.c b/src/util/virtpm.c
index 4016ad8fc4..f90839debe 100644
--- a/src/util/virtpm.c
+++ b/src/util/virtpm.c
@@ -53,7 +53,6 @@ VIR_ENUM_IMPL(virTPMSwtpmSetupFeature,
"cmdarg-reconfigure-pcr-banks",
"tpm-1.2",
"tpm-2.0",
- "tpmstate-opt-lock",
"cmdarg-profile",
);
diff --git a/src/util/virtpm.h b/src/util/virtpm.h
index 03fb92629a..4119a903e5 100644
--- a/src/util/virtpm.h
+++ b/src/util/virtpm.h
@@ -45,7 +45,6 @@ typedef enum {
VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_RECONFIGURE_PCR_BANKS,
VIR_TPM_SWTPM_SETUP_FEATURE_TPM_1_2,
VIR_TPM_SWTPM_SETUP_FEATURE_TPM_2_0,
- VIR_TPM_SWTPM_SETUP_FEATURE_TPMSTATE_OPT_LOCK,
VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PROFILE,
VIR_TPM_SWTPM_SETUP_FEATURE_LAST
diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c
index 5caccbc6b4..abc425b9b7 100644
--- a/tests/testutilsqemu.c
+++ b/tests/testutilsqemu.c
@@ -71,7 +71,6 @@ virTPMSwtpmSetupCapsGet(virTPMSwtpmSetupFeature cap)
case VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_CREATE_CONFIG_FILES:
case VIR_TPM_SWTPM_SETUP_FEATURE_TPM12_NOT_NEED_ROOT:
case VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_RECONFIGURE_PCR_BANKS:
- case VIR_TPM_SWTPM_SETUP_FEATURE_TPMSTATE_OPT_LOCK:
case VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PROFILE:
case VIR_TPM_SWTPM_SETUP_FEATURE_LAST:
break;
--
2.47.0
4 weeks, 1 day
[PATCH] apparmor: Allow running loongarch64 VMs on Debian 12
by Xianglai Li
Allows to load firmware in the qemu-efi-loongarch64 directory
Allows the binary qemu-system-loongarch64 to be run
This makes it impossible to run loongarch64 VMs when AppArmor is enabled
Signed-off-by: Xianglai Li <lixianglai(a)loongson.cn>
---
src/security/apparmor/libvirt-qemu.in | 1 +
src/security/virt-aa-helper.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/src/security/apparmor/libvirt-qemu.in b/src/security/apparmor/libvirt-qemu.in
index 694da26dea..c63077574e 100644
--- a/src/security/apparmor/libvirt-qemu.in
+++ b/src/security/apparmor/libvirt-qemu.in
@@ -144,6 +144,7 @@
/usr/bin/qemu-system-hppa rmix,
/usr/bin/qemu-system-i386 rmix,
/usr/bin/qemu-system-lm32 rmix,
+ /usr/bin/qemu-system-loongarch64 rmix,
/usr/bin/qemu-system-m68k rmix,
/usr/bin/qemu-system-microblaze rmix,
/usr/bin/qemu-system-microblazeel rmix,
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 1cf9d7ad3d..94a28bf331 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -481,6 +481,7 @@ valid_path(const char *path, const bool readonly)
"/usr/share/AAVMF/",
"/usr/share/qemu-efi/", /* for AAVMF images */
"/usr/share/qemu-efi-aarch64/",
+ "/usr/share/qemu-efi-loongarch64/",
"/usr/share/qemu-efi-riscv64/",
"/usr/share/qemu/", /* SUSE path for OVMF and AAVMF images */
"/usr/lib/u-boot/",
--
2.39.1
4 weeks, 1 day
[PATCH] hyperv: Introduce and export 'facility' variable.
by Michal Privoznik
In its upstream commit [1] openwsman dropped 'facility' variable
which is documented as:
* all processes that use the libu must define a "facility" variable somewhere
* to satisfy this external linkage reference.
*
* Such variable will be used as the syslog(3) facility argument.
Well, prior to that commit, openwsman itself declared the
variable (and set it to LOG_DAEMON). Now it's up to us.
Yeah, the variable naming is terrible and also I we are not using
libu directly, but apparently libwsman.so requires it anyway:
$ objdump -T /usr/lib64/libwsman.so | grep facility
0000000000000000 D *UND* 0000000000000000 Base facility
1: https://github.com/Openwsman/openwsman/commit/d72c51f21b9c85a773b7955ac58...
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/hyperv/hyperv_wmi.c | 3 +++
src/libvirt_hyperv.syms | 11 +++++++++++
src/meson.build | 6 ++++++
3 files changed, 20 insertions(+)
create mode 100644 src/libvirt_hyperv.syms
diff --git a/src/hyperv/hyperv_wmi.c b/src/hyperv/hyperv_wmi.c
index 0b82f1f131..040bcfec11 100644
--- a/src/hyperv/hyperv_wmi.c
+++ b/src/hyperv/hyperv_wmi.c
@@ -28,6 +28,7 @@
#include <wsman-soap.h>
#include <wsman-xml.h>
#include <wsman-xml-binding.h>
+#include <u/syslog.h>
#include "internal.h"
#include "virerror.h"
@@ -47,6 +48,8 @@
VIR_LOG_INIT("hyperv.hyperv_wmi");
+int facility = LOG_DAEMON;
+
int
hypervGetWmiClassList(hypervPrivate *priv, hypervWmiClassInfo *wmiInfo,
virBuffer *query, hypervObject **wmiClass)
diff --git a/src/libvirt_hyperv.syms b/src/libvirt_hyperv.syms
new file mode 100644
index 0000000000..60e98db473
--- /dev/null
+++ b/src/libvirt_hyperv.syms
@@ -0,0 +1,11 @@
+#
+# HyperV-specific symbols
+#
+
+# hyperv/hyperv_wmi.c
+facility;
+
+# Let emacs know we want case-insensitive sorting
+# Local Variables:
+# sort-fold-case: t
+# End:
diff --git a/src/meson.build b/src/meson.build
index b53ea2a71f..cce89fac27 100644
--- a/src/meson.build
+++ b/src/meson.build
@@ -125,6 +125,12 @@ else
sym_files += 'libvirt_libssh2.syms'
endif
+if conf.has('WITH_HYPERV')
+ used_sym_files += 'libvirt_hyperv.syms'
+else
+ sym_files += 'libvirt_hyperv.syms'
+endif
+
# variables filled by subdirectories
libvirt_libs = []
--
2.45.2
4 weeks, 1 day
[PATCH v2 0/3] po: handle translation of polkit policy file strings
by Daniel P. Berrangé
There was a proposal
https://gitlab.com/libvirt/libvirt/-/merge_requests/387
to add translations for the polkit files. In reviewing this we came
to the conclusion the approach was undesirable. After getting misled
by a Debian/Ubuntu specific downstream only patch to polkit which
auto-translated polkit files at runtime, this implements the manual
approach of merging translations into the polkit files at build time.
Changed in v2:
- Fix introduction of 'polkitactionsdir'
- Also introduce 'polkitrulesdir'
- Fix syntax check rules for POFILES with generated polkit
- Remove incorrect 'install: true' rule for policy.in file
Daniel P. Berrangé (3):
po: add its rules for translating polkit file strings
meson: remove duplication of polkit dirs construction
remote: apply translations to polkit files
build-aux/syntax-check.mk | 5 +++--
meson.build | 6 ++++++
po/POTFILES | 2 ++
po/its/polkit.its | 8 ++++++++
po/its/polkit.loc | 6 ++++++
po/meson.build | 5 ++---
src/access/meson.build | 20 +++++++++++++++----
.../{libvirtd.policy => libvirtd.policy.in} | 0
src/remote/meson.build | 15 ++++++++------
9 files changed, 52 insertions(+), 15 deletions(-)
create mode 100644 po/its/polkit.its
create mode 100644 po/its/polkit.loc
rename src/remote/{libvirtd.policy => libvirtd.policy.in} (100%)
--
2.47.1
4 weeks, 1 day
[PATCH] Remove the deprecated "-runas" command line option
by Thomas Huth
It has been marked as deprecated two releases ago, so it should
be fine now to remove this command line option.
Signed-off-by: Thomas Huth <thuth(a)redhat.com>
---
docs/about/deprecated.rst | 6 ------
docs/about/removed-features.rst | 6 ++++++
system/vl.c | 9 ---------
qemu-options.hx | 15 +--------------
4 files changed, 7 insertions(+), 29 deletions(-)
diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index d6809f94ea..63b46fd520 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -74,12 +74,6 @@ configurations (e.g. -smp drawers=1,books=1,clusters=1 for x86 PC machine) is
marked deprecated since 9.0, users have to ensure that all the topology members
described with -smp are supported by the target machine.
-``-runas`` (since 9.1)
-''''''''''''''''''''''
-
-Use ``-run-with user=..`` instead.
-
-
User-mode emulator command line arguments
-----------------------------------------
diff --git a/docs/about/removed-features.rst b/docs/about/removed-features.rst
index cb1388049a..c6616ce05e 100644
--- a/docs/about/removed-features.rst
+++ b/docs/about/removed-features.rst
@@ -555,6 +555,12 @@ to produce an odd effect (rotating input but not display output). But
this was never intended or documented behaviour, so we have dropped
the options along with the machine models they were intended for.
+``-runas`` (removed in 10.0)
+''''''''''''''''''''''''''''
+
+Use ``-run-with user=..`` instead.
+
+
User-mode emulator command line arguments
-----------------------------------------
diff --git a/system/vl.c b/system/vl.c
index 0843b7ab49..3c5bd36d7d 100644
--- a/system/vl.c
+++ b/system/vl.c
@@ -3611,15 +3611,6 @@ void qemu_init(int argc, char **argv)
/* Nothing to be parsed here. Especially, do not error out below. */
break;
#if defined(CONFIG_POSIX)
- case QEMU_OPTION_runas:
- warn_report("-runas is deprecated, use '-run-with user=...' instead");
- if (!os_set_runas(optarg)) {
- error_report("User \"%s\" doesn't exist"
- " (and is not <uid>:<gid>)",
- optarg);
- exit(1);
- }
- break;
case QEMU_OPTION_daemonize:
os_set_daemonize(true);
break;
diff --git a/qemu-options.hx b/qemu-options.hx
index cc694d3b89..7090d59f6f 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -4976,19 +4976,6 @@ SRST
``-nodefaults`` option will disable all those default devices.
ERST
-#ifndef _WIN32
-DEF("runas", HAS_ARG, QEMU_OPTION_runas, \
- "-runas user change to user id user just before starting the VM\n" \
- " user can be numeric uid:gid instead\n",
- QEMU_ARCH_ALL)
-#endif
-SRST
-``-runas user``
- Immediately before starting guest execution, drop root privileges,
- switching to the specified user. This option is deprecated, use
- ``-run-with user=...`` instead.
-ERST
-
DEF("prom-env", HAS_ARG, QEMU_OPTION_prom_env,
"-prom-env variable=value\n"
" set OpenBIOS nvram variables\n",
@@ -5176,7 +5163,7 @@ SRST
``chroot=dir`` can be used for doing a chroot to the specified directory
immediately before starting the guest execution. This is especially useful
- in combination with -runas.
+ in combination with ``user=...``.
``user=username`` or ``user=uid:gid`` can be used to drop root privileges
before starting guest execution. QEMU will use the ``setuid`` and ``setgid``
--
2.47.1
1 month
[PATCH 0/2] po: handle translatin of polkit policy file strings
by Daniel P. Berrangé
There was a proposal
https://gitlab.com/libvirt/libvirt/-/merge_requests/387
to add translations for the polkit files. In reviewing this we came
to the conclusion the approach was undesirable. After getting misled
by a Debian/Ubuntu specific downstream only patch to polkit which
auto-translated polkit files at runtime, this implements the manual
approach of merging translations into the polkit files at build time.
Daniel P. Berrangé (2):
po: add its rules for translating polkit file strings
remote: apply translations to polkit files
meson.build | 5 +++++
po/POTFILES | 2 ++
po/its/polkit.its | 8 ++++++++
po/its/polkit.loc | 6 ++++++
po/meson.build | 3 +--
src/access/meson.build | 18 ++++++++++++++----
.../{libvirtd.policy => libvirtd.policy.in} | 0
src/remote/meson.build | 13 ++++++++-----
8 files changed, 44 insertions(+), 11 deletions(-)
create mode 100644 po/its/polkit.its
create mode 100644 po/its/polkit.loc
rename src/remote/{libvirtd.policy => libvirtd.policy.in} (100%)
--
2.46.0
1 month
[PATCH 00/19] hw/microblaze: Allow running cross-endian vCPUs
by Philippe Mathieu-Daudé
Make machines endianness-agnostic, allowing to run a big-endian vCPU
on the little-endian 'qemu-system-microblazeel' binary, and a little
endian one on the big-endian 'qemu-system-microblaze' binary.
Tests added, following combinations covered:
- little-endian vCPU using little-endian binary (in-tree)
- little-endian vCPU using big-endian binary (new)
- big-endian vCPU using little-endian binary (new)
- big-endian vCPU using big-endian binary (in-tree)
Deprecate untested big-endian machines, likely build on the big
endian binary by mistake:
- petalogix-ml605
- xlnx-zynqmp-pmu
To make a target endian-agnostic we need to remove the MO_TE uses.
In order to do that, we propagate the MemOp from earlier in the
call stack, or we extract it from the vCPU env (on MicroBlaze the
CPU endianness is exposed by the 'ENDI' bit).
Note, since vCPU can run in any endianness, the
MemoryRegionOps::endianness should not be DEVICE_NATIVE_ENDIAN
anymore, because this definition expand to the binary endianness,
swapping data regardless how the vcpu access it.
See adjust_endianness() -> devend_memop(). Something to keep in
mind, possibly requiring further work and optimizations (avoid
double-swap).
Next step: Look at unifying binaries.
Please review,
Phil.
Philippe Mathieu-Daudé (19):
target/microblaze: Rename CPU endianness property as 'little-endian'
hw/microblaze: Deprecate big-endian petalogix-ml605 & xlnx-zynqmp-pmu
hw/microblaze/s3adsp1800: Explicit CPU endianness
hw/microblaze/s3adsp1800: Rename unimplemented MMIO region as xps_gpio
hw/microblaze/s3adsp1800: Declare machine type using DEFINE_TYPES
macro
hw/microblaze: Fix MemoryRegionOps coding style
hw/microblaze: Restrict MemoryRegionOps are implemented as 32-bit
hw/microblaze: Propagate CPU endianness to microblaze_load_kernel()
hw/intc/xilinx_intc: Only expect big-endian accesses
hw/timer/xilinx_timer: Only expect big-endian accesses
hw/timer/xilinx_timer: Allow down to 8-bit memory access
hw/net/xilinx_ethlite: Only expect big-endian accesses
target/microblaze: Explode MO_TExx -> MO_TE | MO_xx
target/microblaze: Set MO_TE once in do_load() / do_store()
target/microblaze: Introduce mo_endian() helper
target/microblaze: Consider endianness while translating code
hw/microblaze: Support various endianness for s3adsp1800 machines
tests/functional: Explicit endianness of microblaze assets
tests/functional: Add microblaze cross-endianness tests
docs/about/deprecated.rst | 6 ++
.../devices/microblaze-softmmu/default.mak | 2 -
.../devices/microblazeel-softmmu/default.mak | 5 +-
hw/microblaze/boot.h | 4 +-
target/microblaze/cpu.h | 7 ++
hw/char/xilinx_uartlite.c | 8 ++-
hw/intc/xilinx_intc.c | 23 +++++--
hw/microblaze/boot.c | 8 +--
hw/microblaze/petalogix_ml605_mmu.c | 11 ++-
hw/microblaze/petalogix_s3adsp1800_mmu.c | 67 +++++++++++++++++--
hw/microblaze/xlnx-zynqmp-pmu.c | 12 ++--
hw/net/xilinx_ethlite.c | 28 ++++++--
hw/timer/xilinx_timer.c | 15 +++--
target/microblaze/cpu.c | 2 +-
target/microblaze/translate.c | 49 ++++++++------
.../functional/test_microblaze_s3adsp1800.py | 27 +++++++-
.../test_microblazeel_s3adsp1800.py | 25 ++++++-
17 files changed, 236 insertions(+), 63 deletions(-)
--
2.45.2
1 month
