[PATCH] run: Use correct SELinux context for modular daemons
by Jiri Denemark
Only libvirtd uses virtd_t/virt_exec_t context, modular daemons use
their specific context each.
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
run.in | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/run.in b/run.in
index 2821b71230..d8db7cf697 100644
--- a/run.in
+++ b/run.in
@@ -202,10 +202,11 @@ else:
stopped_units.append(unit)
if opts.selinux:
+ progname = os.path.basename(prog)
# if using a wrapper command like 'gdb', setting the selinux
# context won't work because the wrapper command will not be a
# valid entrypoint for the virtd_t context
- if os.path.basename(prog) not in ["libvirtd", *modular_daemons]:
+ if progname not in ["libvirtd", *modular_daemons]:
raise Exception("'{}' is not recognized as a valid daemon. "
"Selinux process context can only be set when "
"executing a daemon directly without wrapper "
@@ -216,17 +217,22 @@ else:
"'{}' outside build directory"
.format(progpath))
+ if progname == "libvirtd":
+ context = "virtd"
+ else:
+ context = progname
+
# selinux won't allow us to transition to the virtd_t context from
# e.g. the user_home_t context (the likely label of the local
# executable file)
- if not chcon(progpath, "system_u", "object_r", "virtd_exec_t"):
+ if not chcon(progpath, "system_u", "object_r", f"{context}_exec_t"):
raise Exception("Failed to change selinux context of binary")
dorestorecon = True
args = ['runcon',
'-u', 'system_u',
'-r', 'system_r',
- '-t', 'virtd_t', *args]
+ '-t', f'{context}_t', *args]
print("Running '%s'..." % str(" ".join(args)))
ret = subprocess.call(args, env=env)
--
2.48.1
2 weeks, 2 days
[PATCH] cpu: Do not call g_strv_contains on NULL list
by Jiri Denemark
When virCPUx86UpdateLive checks whether a feature was added to a CPU
model after the model was already released (vmx-* features in most Intel
models), the following assert could be logged by glib:
g_strv_contains: assertion 'strv != NULL' failed
While most of our CPU models have a non-empty list of added feature, new
models added in 2024 and versioned variants of older models have
addedFeatures == NULL.
Fixes: e622970c8785ec1f7e142d72f792d89f870e07d0
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
src/cpu/cpu_x86.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/cpu/cpu_x86.c b/src/cpu/cpu_x86.c
index 67c88ae3b7..32aa01bc14 100644
--- a/src/cpu/cpu_x86.c
+++ b/src/cpu/cpu_x86.c
@@ -3212,6 +3212,7 @@ virCPUx86UpdateLive(virCPUDef *cpu,
* behaved before the features were added.
*/
if (!explicit &&
+ model->addedFeatures &&
g_strv_contains((const char **) model->addedFeatures, feature->name))
ignore = true;
--
2.48.1
2 weeks, 2 days
[PATCH 00/21] qemu: Refactor domstats code to avoid error reporting
by Peter Krempa
The workers of qemuDomainGetStats should not report errors if they can't
fetch data; but rather omit the entries. Refactor the code to
de-incentivize error reporting.
Peter Krempa (21):
qemuDomainGetStatsBlockExportHeader: Remove return value
qemuDomainGetStatsBlockExportFrontend: Remove return value
qemuDomainGetStatsBlockExportBackendStorage: Remove return value
qemuDomainGetStatsOneBlockFallback: Remove return value
qemuDomainGetStatsOneBlock: Remove return value
qemuDomainStorageAlias: Remove NULL checks from callers
qemuDomainGetStatsBlockExportHeader: Remove return value
virBitmapFormat: Clarify returned values
virDomainResctrlMonDefParse: Refactor temporary variables
virDomainCputuneDefFormat: Refactor bitmap formatting
virBitmapFormat: Don't check return value
qemuDomainGetStatsCpuCgroup: Remove return value
qemuDomainGetStatsCpuProc: Remove return value
qemuDomainGetStatsCpuHaltPollTime: Remove return value
qemuDomainGetStatsCpuCache: Don't error out
virPerfReadEvent: Refactor to return -errno on failure
qemuDomainGetStatsPerfOneEvent: Ignore erros from 'virPerfReadEvent'
qemuDomainGetStatsIOThread: Don't error out if fetching iothread info
fails
qemuDomainGetStatsMemoryBandwidth: Don't error out
qemuDomainGetStatsDirtyRate: Don't error out
qemuDomainGetStats: Convert worker functions to void
src/ch/ch_driver.c | 3 +-
src/conf/capabilities.c | 9 +-
src/conf/domain_conf.c | 69 ++-----
src/conf/numa_conf.c | 18 +-
src/conf/virnetworkobj.c | 3 -
src/hypervisor/domain_cgroup.c | 6 +-
src/libxl/libxl_driver.c | 3 +-
src/libxl/xen_common.c | 6 +-
src/qemu/qemu_command.c | 3 +-
src/qemu/qemu_domain.c | 10 +-
src/qemu/qemu_driver.c | 341 ++++++++++++---------------------
src/qemu/qemu_monitor_json.c | 5 +-
src/util/virbitmap.c | 11 +-
src/util/vircgroup.c | 5 +-
src/util/virperf.c | 19 +-
src/vz/vz_sdk.c | 3 +-
16 files changed, 178 insertions(+), 336 deletions(-)
--
2.48.1
2 weeks, 2 days
[PATCH 0/2] schema: fix <interleave> errors when validating <domain> subelements
by Laine Stump
More explanation in 2/2 (such as it is)
Laine Stump (2):
tests: be consistent about following DO_TEST_*() with a ;
schema: fix <interleave> errors when validating <domain> subelements
src/conf/schemas/domaincommon.rng | 53 +++++++---------
...rder-domain-subelements.x86_64-latest.args | 40 ++++++++++++
...order-domain-subelements.x86_64-latest.xml | 62 +++++++++++++++++++
.../schema-reorder-domain-subelements.xml | 62 +++++++++++++++++++
tests/qemuxmlconftest.c | 20 +++---
5 files changed, 196 insertions(+), 41 deletions(-)
create mode 100644 tests/qemuxmlconfdata/schema-reorder-domain-subelements.x86_64-latest.args
create mode 100644 tests/qemuxmlconfdata/schema-reorder-domain-subelements.x86_64-latest.xml
create mode 100644 tests/qemuxmlconfdata/schema-reorder-domain-subelements.xml
--
2.48.1
2 weeks, 2 days
[PATCH v2 00/12] hw/arm/raspi: Allow creating any Raspberry Pi machine
by Philippe Mathieu-Daudé
Full rewrite of v1 [1], addressing Zoltan & Peter suggestion.
Introduce a generic 'raspi' machine, which takes a 'model'
and 'revision' properties, and any memory size. The 'board_rev'
register is filled appropriately.
Before, merge raspi4b.c within raspi.c (more is planned here
with the MPCore refactor [2]).
Regards,
Phil.
[1] https://lore.kernel.org/qemu-devel/20250201091528.1177-1-philmd@linaro.org/
[2] https://lore.kernel.org/qemu-devel/20231212162935.42910-1-philmd@linaro.org/
Philippe Mathieu-Daudé (12):
hw/arm/raspi: Access SoC parent object using BCM283X_BASE() macro
hw/arm/raspi: Merge model 4B with other models
hw/arm/raspi: Unify RASPI_MACHINE types
hw/arm/raspi: Pass board_rev as argument to raspi_base_machine_init()
hw/arm/raspi: Consider processor id in types[] array
hw/arm/raspi: Consider network interface for B models
hw/arm/raspi: Check ramsize is within chipset aperture
hw/arm/raspi: Introduce generic Raspberry Pi machine
hw/arm/raspi: Have the generic machine take a 'revision' property
hw/arm/raspi: List models creatable by the generic 'raspi' machine
hw/arm/raspi: Deprecate old raspiX machine names
hw/arm/raspi: Support more models
docs/about/deprecated.rst | 13 +
include/hw/arm/raspi_platform.h | 5 +-
hw/arm/raspi.c | 383 ++++++++++++++++++++++--
hw/arm/raspi4b.c | 136 ---------
tests/qtest/bcm2835-dma-test.c | 2 +-
tests/qtest/bcm2835-i2c-test.c | 2 +-
tests/qtest/boot-serial-test.c | 3 +-
hw/arm/meson.build | 2 +-
tests/functional/test_aarch64_raspi3.py | 5 +-
tests/functional/test_aarch64_raspi4.py | 4 +-
tests/functional/test_arm_raspi2.py | 4 +-
11 files changed, 385 insertions(+), 174 deletions(-)
delete mode 100644 hw/arm/raspi4b.c
--
2.47.1
2 weeks, 4 days
[PATCH] qemu: forbid a few unsupported things for vhost-user/passt interfaces
by Laine Stump
passt in vhost-user mode doesn't support using multiple queues.
The path of the socket is auto-generated by libvirt for
vhost-user/passt; it can't be set by the user
The passt end of a vhost-user socket is always the server, and the
qemu end is always a client.
Signed-off-by: Laine Stump <laine(a)redhat.com>
---
src/qemu/qemu_validate.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index 3e3e368da3..53affcdcff 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -1824,6 +1824,22 @@ qemuValidateDomainDeviceDefNetwork(const virDomainNetDef *net,
net->backend.type == VIR_DOMAIN_NET_BACKEND_PASST) {
if (qemuValidateDomainDefVhostUserRequireSharedMemory(def, "interface type=\"vhostuser\" backend type=\"passt\"") < 0)
return -1;
+
+ if (net->driver.virtio.queues > 0) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("interface type=\"vhostuser\" backend type=\"passt\" does not support multiple queues"));
+ return -1;
+ }
+ if (net->data.vhostuser->data.nix.path) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("'path' attribute cannot be set for interface type=\"vhostuser\" backend type=\"passt\""));
+ return -1;
+ }
+ if (net->data.vhostuser->data.nix.listen) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("mode=\"server\" is not supported for interface type=\"vhostuser\" backend type=\"passt\""));
+ return -1;
+ }
}
if (net->type == VIR_DOMAIN_NET_TYPE_VDPA) {
--
2.48.1
2 weeks, 5 days
[libvirt PATCH] tools: virsh: metadata: do not report error on missing metadata
by Ján Tomko
Similarly to `desc` and `net-desc`, return an empty string if
there is no metadata to be returned.
https://issues.redhat.com/browse/RHEL-27172
Signed-off-by: Ján Tomko <jtomko(a)redhat.com>
---
tools/virsh-domain.c | 10 ++++++++--
tools/virsh-network.c | 10 ++++++++--
2 files changed, 16 insertions(+), 4 deletions(-)
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index f3da2f903f..e104aa909a 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -8480,8 +8480,14 @@ cmdMetadata(vshControl *ctl, const vshCmd *cmd)
g_autofree char *data = NULL;
/* get */
if (!(data = virDomainGetMetadata(dom, VIR_DOMAIN_METADATA_ELEMENT,
- uri, flags)))
- return false;
+ uri, flags))) {
+ if (virGetLastErrorCode() == VIR_ERR_NO_DOMAIN_METADATA) {
+ virResetLastError();
+ data = g_strdup("");
+ } else {
+ return false;
+ }
+ }
vshPrint(ctl, "%s\n", data);
}
diff --git a/tools/virsh-network.c b/tools/virsh-network.c
index 6fcc7fd8ee..bcdb76ae36 100644
--- a/tools/virsh-network.c
+++ b/tools/virsh-network.c
@@ -604,8 +604,14 @@ cmdNetworkMetadata(vshControl *ctl, const vshCmd *cmd)
/* get */
if (!(data = virNetworkGetMetadata(net, VIR_NETWORK_METADATA_ELEMENT,
- uri, flags)))
- return false;
+ uri, flags))) {
+ if (virGetLastErrorCode() == VIR_ERR_NO_NETWORK_METADATA) {
+ virResetLastError();
+ data = g_strdup("");
+ } else {
+ return false;
+ }
+ }
vshPrint(ctl, "%s\n", data);
}
--
2.48.1
2 weeks, 5 days
[PATCH 00/13] virsh: Enhancements for hypervisor-cpu-* commands and their documentation
by Jiri Denemark
This series originally started as a documentation update for
hypervisor-cpu-compare and hypervisor-cpu-baseline commands with an idea
to print a warning if the commands are used suboptimally. The rest is a
refactor and a lot of fixes of (mostly) error messages printed by virsh.
Jiri Denemark (13):
docs: Clarify documentation of virsh hypervisor-cpu-compare
docs: Clarify documentation of virsh hypervisor-cpu-baseline
virsh: Do not format messages twice
virsh: Make messages printed by vshError properly translatable
virsh: Refactor vshError
virsh: Introduce vshWarn
virsh: Warn when hypervisor-cpu-* is used with host CPU
virsh: Do not require \n in vshDebug messages
virsh: Properly mark all error messages for translation
virsh: Avoid using translated messages without format
virsh: Drop extra newlines at the end of error messages
virsh: Let prohibit_newline_at_end_of_diagnostic check pass
build: Enable syntax checks for vshError and vshWarn
build-aux/syntax-check.mk | 3 +-
docs/manpages/virsh.rst | 47 ++++++++-----
tools/virsh-domain-monitor.c | 16 ++---
tools/virsh-domain.c | 131 ++++++++++++++++++-----------------
tools/virsh-host.c | 22 ++++--
tools/virsh-interface.c | 6 +-
tools/virsh-network.c | 10 +--
tools/virsh-nodedev.c | 6 +-
tools/virsh-nwfilter.c | 10 +--
tools/virsh-pool.c | 10 +--
tools/virsh-secret.c | 8 +--
tools/virsh-snapshot.c | 12 ++--
tools/virsh-util.c | 16 ++---
tools/virsh-volume.c | 24 +++----
tools/virsh.c | 10 +--
tools/virt-admin.c | 16 ++---
tools/vsh.c | 113 +++++++++++++++++-------------
tools/vsh.h | 6 +-
18 files changed, 254 insertions(+), 212 deletions(-)
--
2.48.1
2 weeks, 5 days
[PULL 01/41] docs/about: Change notes on x86 machine type
deprecation into a general one
by Michael S. Tsirkin
From: Thomas Huth <thuth(a)redhat.com>
We now have a general note about versioned machine types getting
deprecated and removed at the beginning of the deprecated.rst file,
so we should also have a general note about this in removed-features.rst
(which will also apply to versioned non-x86 machine types) instead of
listing individual old machine types in the document.
Signed-off-by: Thomas Huth <thuth(a)redhat.com>
Message-Id: <20250116064644.65670-1-thuth(a)redhat.com>
Reviewed-by: Zhao Liu <zhao1.liu(a)intel.com>
Reviewed-by: Michael S. Tsirkin <mst(a)redhat.com>
Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com>
---
docs/about/deprecated.rst | 7 -------
docs/about/removed-features.rst | 11 +++++------
2 files changed, 5 insertions(+), 13 deletions(-)
diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index 4a3c302962..7b42d6eecc 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -236,13 +236,6 @@ deprecated; use the new name ``dtb-randomness`` instead. The new name
better reflects the way this property affects all random data within
the device tree blob, not just the ``kaslr-seed`` node.
-``pc-i440fx-2.4`` up to ``pc-i440fx-2.12`` (since 9.1)
-''''''''''''''''''''''''''''''''''''''''''''''''''''''
-
-These old machine types are quite neglected nowadays and thus might have
-various pitfalls with regards to live migration. Use a newer machine type
-instead.
-
PPC 405 ``ref405ep`` machine (since 9.1)
''''''''''''''''''''''''''''''''''''''''
diff --git a/docs/about/removed-features.rst b/docs/about/removed-features.rst
index c6616ce05e..156c0c253c 100644
--- a/docs/about/removed-features.rst
+++ b/docs/about/removed-features.rst
@@ -972,6 +972,11 @@ from Linux in 2021, and is not supported anymore by QEMU either.
System emulator machines
------------------------
+Note: Versioned machine types that have been introduced in a QEMU version
+that has initially been released more than 6 years before are considered
+obsolete and will be removed without further notice in this document.
+Please use newer machine types instead.
+
``s390-virtio`` (removed in 2.6)
''''''''''''''''''''''''''''''''
@@ -1006,12 +1011,6 @@ mips ``fulong2e`` machine alias (removed in 6.0)
This machine has been renamed ``fuloong2e``.
-``pc-0.10`` up to ``pc-i440fx-2.3`` (removed in 4.0 up to 9.0)
-''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
-
-These machine types were very old and likely could not be used for live
-migration from old QEMU versions anymore. Use a newer machine type instead.
-
Raspberry Pi ``raspi2`` and ``raspi3`` machines (removed in 6.2)
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
--
MST
2 weeks, 5 days
[libvirt PATCHv1 0/4] do not format empty metadata element
by Ján Tomko
https://issues.redhat.com/browse/RHEL-27172
Ján Tomko (4):
conf: networkobj: fix indentation
conf: obj: remove extra empty line
conf: metadata: ignore empty metadata element
conf: metadata: remove metadata node if all metadata is removed
src/conf/domain_conf.c | 8 +++++--
src/conf/network_conf.c | 3 ++-
src/conf/virnetworkobj.c | 48 +++++++++++++++++++++-------------------
3 files changed, 33 insertions(+), 26 deletions(-)
--
2.48.1
2 weeks, 5 days