January 2025 - Devel - libvirt List Archives

[PATCH 0/3] conf,qemu: add AIA support for RISC-V 'virt'
by Daniel Henrique Barboza 22 Jan '25

22 Jan '25

Hi, This series adds official support for RISC-V AIA (Advanced Interrupt Architecture). AIA and has been supported by the 'virt' RISC-V board, as a machine property, since QEMU 7.0. Daniel Henrique Barboza (3): qemu: add capability for RISC-V AIA feature conf,qemu: implement RISC-V 'aia' virt domain feature qemu: add RISC-V 'aia' command line docs/formatdomain.rst | 8 ++++ src/conf/domain_conf.c | 39 +++++++++++++++++++ src/conf/domain_conf.h | 11 ++++++ src/conf/schemas/domaincommon.rng | 15 +++++++ src/libvirt_private.syms | 2 + src/qemu/qemu_capabilities.c | 2 + src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_command.c | 5 +++ src/qemu/qemu_validate.c | 15 +++++++ .../caps_8.0.0_riscv64.xml | 1 + .../caps_9.1.0_riscv64.xml | 1 + ...cv64-virt-features-aia.riscv64-latest.args | 31 +++++++++++++++ ...scv64-virt-features-aia.riscv64-latest.xml | 1 + .../riscv64-virt-features-aia.xml | 27 +++++++++++++ tests/qemuxmlconftest.c | 2 + 15 files changed, 161 insertions(+) create mode 100644 tests/qemuxmlconfdata/riscv64-virt-features-aia.riscv64-latest.args create mode 120000 tests/qemuxmlconfdata/riscv64-virt-features-aia.riscv64-latest.xml create mode 100644 tests/qemuxmlconfdata/riscv64-virt-features-aia.xml -- 2.45.2

2 8

[PATCH 00/12] Introduce SEV-SNP support
by Michal Privoznik 22 Jan '25

22 Jan '25

SEV-SNP support just landed in QEMU. Here is the first round of patches to incorporate support into libvirt. TODOs (aka problems of future me): - Teach tools/virt-qemu-sev-validate how to deal with SEV-SNP - Try to find a SEV-SNP machine a test these patches in real worl - Write a kbase article on attestation with SEV-SNP Michal Prívozník (12): qemu_monitor_json: Report error in error paths in SEV related code conf: Move some members of virDomainSEVDef into virDomainSEVCommonDef conf: Separate SEV formatting into a function Drop needless typecast to virDomainLaunchSecurity src: Convert some _virDomainSecDef::sectype checks to switch() qemu_monitor: Allow querying SEV-SNP state in 'query-sev' qemu: Report snp-policy in virDomainGetLaunchSecurityInfo() qemu_capabilities: Introduce QEMU_CAPS_SEV_SNP_GUEST conf: Introduce SEV-SNP support qemu: Build cmd line for SEV-SNP qemu: Allow setting launch security for SEV-SNP qemu_firmware: Pick the right firmware for SEV-SNP guests docs/formatdomain.rst | 108 ++++++++++++ include/libvirt/libvirt-domain.h | 10 ++ src/conf/domain_conf.c | 156 ++++++++++++++---- src/conf/domain_conf.h | 28 +++- src/conf/domain_validate.c | 44 +++++ src/conf/schemas/domaincommon.rng | 73 ++++++-- src/conf/virconftypes.h | 4 + src/qemu/qemu_capabilities.c | 4 + src/qemu/qemu_capabilities.h | 3 + src/qemu/qemu_cgroup.c | 19 ++- src/qemu/qemu_command.c | 56 ++++++- src/qemu/qemu_driver.c | 60 +++++-- src/qemu/qemu_firmware.c | 20 ++- src/qemu/qemu_monitor.c | 7 +- src/qemu/qemu_monitor.h | 41 ++++- src/qemu/qemu_monitor_json.c | 67 ++++++-- src/qemu/qemu_monitor_json.h | 8 +- src/qemu/qemu_namespace.c | 3 +- src/qemu/qemu_process.c | 34 ++-- src/qemu/qemu_validate.c | 13 +- src/security/security_dac.c | 34 +++- .../caps_9.1.0_x86_64.xml | 1 + .../firmware/60-edk2-ovmf-x64-amdsev.json | 1 + tests/qemumonitorjsontest.c | 65 +++++++- ...launch-security-sev-snp.x86_64-latest.args | 35 ++++ .../launch-security-sev-snp.x86_64-latest.xml | 1 + .../launch-security-sev-snp.xml | 47 ++++++ tests/qemuxmlconftest.c | 2 + 28 files changed, 817 insertions(+), 127 deletions(-) create mode 100644 tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest.args create mode 120000 tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest.xml create mode 100644 tests/qemuxmlconfdata/launch-security-sev-snp.xml -- 2.44.2

5 31

[PATCH] qemu: Fix hang when migration is canceled at the last moment
by Jiri Denemark 21 Jan '25

21 Jan '25

When a migration is canceled very late once virtual CPUs are already stopped, QEMU will automatically resume them. If this happens after we exited a waiting loop in qemuMigrationSrcWaitForCompletion, but before a loop that tries to make sure CPUs are stopped by waiting for the appropriate event, we may end up waiting forever because the CPUs are running (they were resumed by migrate_cancel), but the STOP event is already gone. This is possible because we enter monitor for fetching migration statistics at which point other APIs can be processed and migration may change its state. We should recheck the state when we get back from the monitor code. https://issues.redhat.com/browse/RHEL-52493 Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com> --- src/qemu/qemu_migration.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c index bb4d11e196..53bbbee629 100644 --- a/src/qemu/qemu_migration.c +++ b/src/qemu/qemu_migration.c @@ -2169,6 +2169,13 @@ qemuMigrationSrcWaitForCompletion(virDomainObj *vm, ignore_value(qemuMigrationAnyFetchStats(vm, asyncJob, jobData, NULL)); + /* We need to recheck migration status here as it might have changed while + * we were fetching statistics. For example, the migration might have been + * canceled. + */ + if ((rv = qemuMigrationAnyCompleted(vm, asyncJob, dconn, flags)) < 0) + return rv; + qemuDomainJobDataUpdateTime(jobData); qemuDomainJobDataUpdateDowntime(jobData); g_clear_pointer(&vm->job->completed, virDomainJobDataFree); -- 2.48.1

2 1

[PATCH] qemu monitor: Fix incorrect error message condition
by Fabian Leditzky 21 Jan '25

21 Jan '25

Fixes 'block_io_throttle inserted entry was not in expected format' error message spam. Without this patch, libvirtd writes an error message every time this function runs for a domain which has CD-ROM drives without a media attached. The 'inserted' key is not present when the drive is empty. The original code incorrectly assumes that the 'inserted' entry is not in the right format (wrong JSON value type, not an 'Object') when virJSONValueObjectGetObject(temp_dev, "inserted") returns NULL. However, NULL is also returned when the 'inserted' entry is simply not present. Signed-off-by: Fabian Leditzky <fabian(a)ldsoft.dev> --- src/qemu/qemu_monitor_json.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index 9f417d27c6..baf934c2af 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -4581,8 +4581,16 @@ qemuMonitorJSONBlockIoThrottleInfo(virJSONValue *io_throttle, found = true; if (!(inserted = virJSONValueObjectGetObject(temp_dev, "inserted"))) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("block_io_throttle inserted entry was not in expected format")); + /* + * Ensure that we only print the error message when the 'inserted' key is actually the wrong type/format. + * Some device types (e.g. SATA CD-ROM) will have no 'inserted' key present if no media is present. + * Avoid spamming this error in such cases. + */ + if (virJSONValueObjectGet(temp_dev, "inserted")) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("block_io_throttle inserted entry was not in expected format")); + } + return -1; } GET_THROTTLE_STATS("bps", total_bytes_sec); -- 2.47.1

2 2

[PATCH] tools: ssh-proxy: Check for domain status before parsing its CID
by Michal Privoznik 21 Jan '25

21 Jan '25

Inactive domain XML can be wildly different to the live XML. For instance, it can have VSOCK CID of that from another (running) domain. Since domain status is not checked for, attempting to ssh into an inactive domain may in fact result in opening a connection to a different live domain that listens on said CID currently. Resolves: https://gitlab.com/libvirt/libvirt/-/issues/737 Resolves: https://issues.redhat.com/browse/RHEL-75577 Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- tools/ssh-proxy/ssh-proxy.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tools/ssh-proxy/ssh-proxy.c b/tools/ssh-proxy/ssh-proxy.c index e60c58d57f..22daffeb63 100644 --- a/tools/ssh-proxy/ssh-proxy.c +++ b/tools/ssh-proxy/ssh-proxy.c @@ -194,7 +194,10 @@ lookupDomainAndFetchCID(const char *uri, if (virStrToLong_i(domname, NULL, 10, &id) >= 0) dom = virDomainLookupByID(conn, id); } - if (!dom) + + /* If no domain is found, return an error. Similarly, inactive domain may + * contain CID of another (running) domain, yielding misleading results. */ + if (!dom || virDomainIsActive(dom) <= 0) return -1; return extractCID(dom, cid); -- 2.45.2

2 1

[PATCH] nss: Skip empty files and avoid use of uninitialized value
by Jiang XueQian 21 Jan '25

21 Jan '25

JSON parser isn't called when reading empty files so `jerr` will be used uninitialized in the original code. Empty files appear when a network has no dhcp clients. This patch checks for such files and skip them. Signed-off-by: Jiang XueQian <jiangxueqian(a)gmail.com> --- tools/nss/libvirt_nss_leases.c | 5 +++++ tools/nss/libvirt_nss_macs.c | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/tools/nss/libvirt_nss_leases.c b/tools/nss/libvirt_nss_leases.c index aea81bb56e..7ffe4a8761 100644 --- a/tools/nss/libvirt_nss_leases.c +++ b/tools/nss/libvirt_nss_leases.c @@ -290,6 +290,11 @@ findLeases(const char *file, jerr = json_tokener_get_error(tok); } while (jerr == json_tokener_continue); + if (nreadTotal == 0) { + ret = 0; + goto cleanup; + } + if (jerr == json_tokener_continue) { ERROR("Cannot parse %s: incomplete json found", file); goto cleanup; diff --git a/tools/nss/libvirt_nss_macs.c b/tools/nss/libvirt_nss_macs.c index 23229a18f3..57c0f79fbb 100644 --- a/tools/nss/libvirt_nss_macs.c +++ b/tools/nss/libvirt_nss_macs.c @@ -152,6 +152,11 @@ findMACs(const char *file, jerr = json_tokener_get_error(tok); } while (jerr == json_tokener_continue); + if (nreadTotal == 0) { + ret = 0; + goto cleanup; + } + if (jerr == json_tokener_continue) { ERROR("Cannot parse %s: incomplete json found", file); goto cleanup; -- 2.48.1

2 2

[libvirt PATCH v2 0/2] meson: error out when ch driver is requested but unsupported
by Ján Tomko 20 Jan '25

20 Jan '25

v1 forgot to define the 'use_ch' variable in some corner case v2 also disables the build for mingw Ján Tomko (2): meson: error out when ch driver is requested but unsupported libvirt.spec: do not build ch driver on mingw libvirt.spec.in | 1 + meson.build | 11 +++++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) -- 2.47.0

2 3

[PATCH 0/2] Fix storage_file_backend_fs demodularization
by Peter Krempa 20 Jan '25

20 Jan '25

2 bugs were missed; brown paper bag was installed Peter Krempa (2): libvirt.spec: Move ownership of 'storage-file' backends directory to gluster storage_file_backend_fs: Compile out 'chown' backend on mingw libvirt.spec.in | 2 +- src/storage_file/storage_file_backend_fs.c | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) -- 2.48.1

2 3

[PATCH v2 0/2] tests: Add qemu-9.2 dev cycle caps on s390x
by Michal Privoznik 20 Jan '25

20 Jan '25

v2 of: https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/WABE… diff to v1: - instead of switching test case from 2.7 machine type to something newer, just drop the test case. Michal Prívozník (2): qemuxmlconftest: Drop s390-default-cpu-...ccw-virtio-2.7 test cases tests: qemucapabilities: Add test data for the qemu-9.2 dev cycle on s390x tests/domaincapsdata/qemu_9.3.0.s390x.xml | 436 + .../caps_9.3.0_s390x.replies | 38101 ++++++++++++++++ .../qemucapabilitiesdata/caps_9.3.0_s390x.xml | 4268 ++ ...-deprecated-features-off.s390x-latest.args | 2 +- ...default-video-type-s390x.s390x-latest.args | 2 +- ...vfio-zpci-ccw-memballoon.s390x-latest.args | 2 +- .../launch-security-s390-pv.s390x-latest.args | 2 +- ...t-cpu-kvm-ccw-virtio-2.7.s390x-latest.args | 32 - ...lt-cpu-kvm-ccw-virtio-2.7.s390x-latest.xml | 25 - .../s390-default-cpu-kvm-ccw-virtio-2.7.xml | 16 - ...t-cpu-kvm-ccw-virtio-4.2.s390x-latest.args | 2 +- ...t-cpu-tcg-ccw-virtio-2.7.s390x-latest.args | 32 - ...lt-cpu-tcg-ccw-virtio-2.7.s390x-latest.xml | 27 - .../s390-default-cpu-tcg-ccw-virtio-2.7.xml | 16 - .../s390-defaultconsole.s390x-latest.args | 2 +- .../s390-panic.s390x-latest.args | 2 +- tests/qemuxmlconftest.c | 2 - 17 files changed, 42812 insertions(+), 157 deletions(-) create mode 100644 tests/domaincapsdata/qemu_9.3.0.s390x.xml create mode 100644 tests/qemucapabilitiesdata/caps_9.3.0_s390x.replies create mode 100644 tests/qemucapabilitiesdata/caps_9.3.0_s390x.xml delete mode 100644 tests/qemuxmlconfdata/s390-default-cpu-kvm-ccw-virtio-2.7.s390x-latest.args delete mode 100644 tests/qemuxmlconfdata/s390-default-cpu-kvm-ccw-virtio-2.7.s390x-latest.xml delete mode 100644 tests/qemuxmlconfdata/s390-default-cpu-kvm-ccw-virtio-2.7.xml delete mode 100644 tests/qemuxmlconfdata/s390-default-cpu-tcg-ccw-virtio-2.7.s390x-latest.args delete mode 100644 tests/qemuxmlconfdata/s390-default-cpu-tcg-ccw-virtio-2.7.s390x-latest.xml delete mode 100644 tests/qemuxmlconfdata/s390-default-cpu-tcg-ccw-virtio-2.7.xml -- 2.45.2

4 6

[PATCH] util: avoid overflow in hextable buffer
by Daniel P. Berrangé 20 Jan '25

20 Jan '25

The assigned string is 17 chars long once the trailing nul is taken into account. This triggers a warning with GCC 15 src/util/virsystemd.c: In function ‘virSystemdEscapeName’: src/util/virsystemd.c:59:38: error: initializer-string for array of ‘char’ is too long [-Werror=unterminated-string-initialization] 59 | static const char hextable[16] = "0123456789abcdef"; | ^~~~~~~~~~~~~~~~~~ Switch to a dynamically sized array as used in all the other places we have a hextable array. See also: https://gcc.gnu.org/PR115185 Reported-by: Yaakov Selkowitz <yselkowi(a)redhat.com> Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- src/util/virsystemd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/util/virsystemd.c b/src/util/virsystemd.c index 5b772e29dd..d46e5f74fc 100644 --- a/src/util/virsystemd.c +++ b/src/util/virsystemd.c @@ -56,7 +56,7 @@ struct _virSystemdActivationEntry { static void virSystemdEscapeName(virBuffer *buf, const char *name) { - static const char hextable[16] = "0123456789abcdef"; + static const char hextable[] = "0123456789abcdef"; #define ESCAPE(c) \ do { \ -- 2.47.1

2 1