[libvirt] libvirt question
Hello,I wrote a program using libvirt API to get vm information like this: /*dom is virDomainPtr type*/ dom=virDomainLookupByID(conn,activeDomains[i]); if(dom!=NULL) printf("%d--%s\n",activeDomains[i],dom->name); .. but when compile it,error occured like this: vm_eraser_detect.c:125:54: error: dereferencing pointer to incomplete type printf("%d--%s\n",activeDomains[i],dom->name); what is the reason of it??? thanka a lot! zhun...@gmail.com -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] datatypes: removing unnecessary return statement.
On 05/17/2017 09:53 PM, Julio Faracco wrote: > There is a wrong 'return' statement after a 'goto' statement inside the > function virConnectCloseCallbackDataRegister(). This commit only removes > the 'return'. > > Signed-off-by: Julio Faracco> --- > src/datatypes.c | 1 - > 1 file changed, 1 deletion(-) > Reviewed-by: John Ferlan (and pushed) Tks - John -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] qemu: allow to control host side link status of network device
2017-05-17 15:28 GMT+03:00 Peter Krempa: >> >> Well, *I* think I've given sufficient reasons for having the two link >> states controlled separately, but since Dan and Peter had questioned its >> usefulness, we should see whether or not I've swayed their opinions :-) > > I think we should have two elements in this case. I just don't consider > setting the host link side to be very useful. > Sorry, Laine. As i understand you already have alternative patch for such feature, can you share it? I'm really interesting how much it different from my. -- Vasiliy Tolstov, e-mail: v.tols...@selfip.ru -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 7/8] appmor, libvirt-qemu: Add 9p support
Quoting Guido Günther (a...@sigxcpu.org): > On Thu, May 18, 2017 at 11:21:54AM -0500, Serge E. Hallyn wrote: > > Mind you I'm not crazy about this. If this could be toggled with a > > default-off config option that would seem better than always giving > > these caps to libvirt-qemu. > > virt-aa-helper could add these if it detects a 9pfs file system. That > would be better than always adding it. Agreed > Cheers, > -- Guido > > > > > Quoting Stefan Bader (stefan.ba...@canonical.com): > > > From: Serge Hallyn> > > > > > Add fowner and fsetid to libvirt-qemu profile. > > > > > > Bug-Ubuntu: https://bugs.launchpad.net/bugs/1378434 > > > > > > Signed-off-by: Christian Ehrhardt > > > Signed-off-by: Stefan Bader > > > --- > > > examples/apparmor/libvirt-qemu | 4 > > > 1 file changed, 4 insertions(+) > > > > > > diff --git a/examples/apparmor/libvirt-qemu > > > b/examples/apparmor/libvirt-qemu > > > index 89466c9..f04ce04 100644 > > > --- a/examples/apparmor/libvirt-qemu > > > +++ b/examples/apparmor/libvirt-qemu > > > @@ -13,6 +13,10 @@ > > >capability setgid, > > >capability setuid, > > > > > > + # for 9p > > > + capability fsetid, > > > + capability fowner, > > > + > > >network inet stream, > > >network inet6 stream, > > > > > > -- > > > 2.7.4 > > -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 7/8] appmor, libvirt-qemu: Add 9p support
On Thu, May 18, 2017 at 11:21:54AM -0500, Serge E. Hallyn wrote: > Mind you I'm not crazy about this. If this could be toggled with a > default-off config option that would seem better than always giving > these caps to libvirt-qemu. virt-aa-helper could add these if it detects a 9pfs file system. That would be better than always adding it. Cheers, -- Guido > > Quoting Stefan Bader (stefan.ba...@canonical.com): > > From: Serge Hallyn> > > > Add fowner and fsetid to libvirt-qemu profile. > > > > Bug-Ubuntu: https://bugs.launchpad.net/bugs/1378434 > > > > Signed-off-by: Christian Ehrhardt > > Signed-off-by: Stefan Bader > > --- > > examples/apparmor/libvirt-qemu | 4 > > 1 file changed, 4 insertions(+) > > > > diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu > > index 89466c9..f04ce04 100644 > > --- a/examples/apparmor/libvirt-qemu > > +++ b/examples/apparmor/libvirt-qemu > > @@ -13,6 +13,10 @@ > >capability setgid, > >capability setuid, > > > > + # for 9p > > + capability fsetid, > > + capability fowner, > > + > >network inet stream, > >network inet6 stream, > > > > -- > > 2.7.4 > -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 7/8] appmor, libvirt-qemu: Add 9p support
Mind you I'm not crazy about this. If this could be toggled with a default-off config option that would seem better than always giving these caps to libvirt-qemu. Quoting Stefan Bader (stefan.ba...@canonical.com): > From: Serge Hallyn> > Add fowner and fsetid to libvirt-qemu profile. > > Bug-Ubuntu: https://bugs.launchpad.net/bugs/1378434 > > Signed-off-by: Christian Ehrhardt > Signed-off-by: Stefan Bader > --- > examples/apparmor/libvirt-qemu | 4 > 1 file changed, 4 insertions(+) > > diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu > index 89466c9..f04ce04 100644 > --- a/examples/apparmor/libvirt-qemu > +++ b/examples/apparmor/libvirt-qemu > @@ -13,6 +13,10 @@ >capability setgid, >capability setuid, > > + # for 9p > + capability fsetid, > + capability fowner, > + >network inet stream, >network inet6 stream, > > -- > 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] Various apparmor related changes (part 1), version 2
Quoting Stefan Bader (stefan.ba...@canonical.com): > > Over the years there have been a bunch of changes to the > > apparmor profiles and/or virt-aa-helper which have been > > carried in Debian/Ubuntu but never made it upstream. > > > > In an attempt to clean this up and generally improve the > > apparmor based environments, we (Christian and I) went > > over the changes, cleaned out cruft as much as possible > > and would be sending out hunks of changes to this list > > for upstream inclusion. > > > > I hope doing multiple but smaller rounds of submissions > > will make it simpler to get those reviewed and hopefully > > accepted. > > For the second version I added acks, merged the patches > related to explicit device denials and local apparmor > profiles, and split the 9p support one (holding back the > part allowing link access for later or to be replaced by > a safer solution). > I also tried to improve the explanation in the description > of patch #1 (virt-aa-helper: Ask for no deny rule for readonly > disk elements). > > Thanks, > Stefan Thanks, Acked-by: Serge HallynI don't like the added capabilities in the one patch, but I'm not nacking it on that account. Still a toggle would be comforting. Make people who want 9p consciously sign in to the added privs. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 1/3] virfile: Provide stub for virFileInData
Some older systems (such as RHEL6) lack SEEK_HOLE and SEEK_DATA which virFileInData relies on. Provide a stub for these systems. Signed-off-by: Michal Privoznik--- configure.ac | 5 + src/util/virfile.c | 15 +++ 2 files changed, 20 insertions(+) diff --git a/configure.ac b/configure.ac index f20b9ea4d..2e6051354 100644 --- a/configure.ac +++ b/configure.ac @@ -352,6 +352,11 @@ AC_CHECK_DECLS([ETH_FLAG_TXVLAN, ETH_FLAG_NTUPLE, ETH_FLAG_RXHASH, ETH_FLAG_LRO, [], [], [[#include ]]) +AC_CHECK_DECLS([SEEK_HOLE], [], [], + [#include +#include ]) + + dnl Our only use of libtasn1.h is in the testsuite, and can be skipped dnl if the header is not present. Assume -ltasn1 is present if the dnl header could be found. diff --git a/src/util/virfile.c b/src/util/virfile.c index 2f4bc42b6..b7645fbfc 100644 --- a/src/util/virfile.c +++ b/src/util/virfile.c @@ -3798,6 +3798,7 @@ virFileComparePaths(const char *p1, const char *p2) } +#if HAVE_DECL_SEEK_HOLE /** * virFileInData: * @fd: file to check @@ -3904,6 +3905,20 @@ virFileInData(int fd, return ret; } +#else /* !HAVE_DECL_SEEK_HOLE */ + +int +virFileInData(int fd ATTRIBUTE_UNUSED, + int *inData ATTRIBUTE_UNUSED, + long long *length ATTRIBUTE_UNUSED) +{ +virReportSystemError(ENOSYS, "%s", + _("sparse files not supported")); +return -1; +} + +#endif /* !HAVE_DECL_SEEK_HOLE */ + /** * virFileReadValueInt: -- 2.13.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 0/3] Couple of build fixes after sparse streams
Some systems lack the symbols we need or have them in different header files. Michal Privoznik (3): virfile: Provide stub for virFileInData virfiletest: Test virFileInData iff SEEK_HOLE is defined virfiletest: include linux/falloc.h configure.ac| 5 + src/util/virfile.c | 15 +++ tests/virfiletest.c | 40 +++- 3 files changed, 47 insertions(+), 13 deletions(-) -- 2.13.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 2/3] virfiletest: Test virFileInData iff SEEK_HOLE is defined
Yet another place where we need to wrap code in HAVE_DECL_SEEK_HOLE block. Signed-off-by: Michal Privoznik--- tests/virfiletest.c | 36 +++- 1 file changed, 23 insertions(+), 13 deletions(-) diff --git a/tests/virfiletest.c b/tests/virfiletest.c index a93bee01a..d6a526c13 100644 --- a/tests/virfiletest.c +++ b/tests/virfiletest.c @@ -123,7 +123,11 @@ static int makeSparseFile(const off_t offsets[], const bool startData); -#ifdef __linux__ +static bool +holesSupported(void); + +#if HAVE_DECL_SEEK_HOLE + /* Create a sparse file. @offsets in KiB. */ static int makeSparseFile(const off_t offsets[], @@ -188,19 +192,8 @@ makeSparseFile(const off_t offsets[], return -1; } -#else /* !__linux__ */ -static int -makeSparseFile(const off_t offsets[] ATTRIBUTE_UNUSED, - const bool startData ATTRIBUTE_UNUSED) -{ -return -1; -} - -#endif /* !__linux__ */ - - -#define EXTENT 4 +# define EXTENT 4 static bool holesSupported(void) { @@ -245,6 +238,23 @@ holesSupported(void) return ret; } +#else /* !HAVE_DECL_SEEK_HOLE */ + +static int +makeSparseFile(const off_t offsets[] ATTRIBUTE_UNUSED, + const bool startData ATTRIBUTE_UNUSED) +{ +return -1; +} + + +static bool +holesSupported(void) +{ +return false; +} + +#endif /* !HAVE_DECL_SEEK_HOLE */ struct testFileInData { bool startData; /* whether the list of offsets starts with data section */ -- 2.13.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 3/3] virfiletest: include linux/falloc.h
On systems with older glibc including fcntl.h for getting FALLOC_FL_PUNCH_HOLE defined is not enough. We must also include linux/falloc.h. Signed-off-by: Michal Privoznik--- tests/virfiletest.c | 4 1 file changed, 4 insertions(+) diff --git a/tests/virfiletest.c b/tests/virfiletest.c index d6a526c13..d5bded00e 100644 --- a/tests/virfiletest.c +++ b/tests/virfiletest.c @@ -27,6 +27,10 @@ #include "virfile.h" #include "virstring.h" +#ifdef __linux__ +# include +#endif + #if defined HAVE_MNTENT_H && defined HAVE_GETMNTENT_R static int testFileCheckMounts(const char *prefix, -- 2.13.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] nodedev: mdev: Fix build caused by symbol shadowing
GCC 4.6 complains about a local declaration shadowing a global symbol. Signed-off-by: Erik Skultety--- Pushed as build breaker. src/node_device/node_device_udev.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/node_device/node_device_udev.c b/src/node_device/node_device_udev.c index 8288be1cb..4ecb0b18f 100644 --- a/src/node_device/node_device_udev.c +++ b/src/node_device/node_device_udev.c @@ -1076,16 +1076,16 @@ udevProcessMediatedDevice(struct udev_device *dev, const char *uuidstr = NULL; int iommugrp = -1; char *linkpath = NULL; -char *realpath = NULL; +char *canonicalpath = NULL; virNodeDevCapMdevPtr data = >caps->data.mdev; if (virAsprintf(, "%s/mdev_type", udev_device_get_syspath(dev)) < 0) goto cleanup; -if (virFileResolveLink(linkpath, ) < 0) +if (virFileResolveLink(linkpath, ) < 0) goto cleanup; -if (VIR_STRDUP(data->type, last_component(realpath)) < 0) +if (VIR_STRDUP(data->type, last_component(canonicalpath)) < 0) goto cleanup; uuidstr = udev_device_get_sysname(dev); @@ -1100,7 +1100,7 @@ udevProcessMediatedDevice(struct udev_device *dev, ret = 0; cleanup: VIR_FREE(linkpath); -VIR_FREE(realpath); +VIR_FREE(canonicalpath); return ret; } -- 2.13.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] cpu_ppc64: Add support for host-model on POWER9
Signed-off-by: Jiri Denemark--- src/cpu/cpu_ppc64.c| 8 .../qemuxml2argv-pseries-cpu-compat-power9.args| 24 ++ .../qemuxml2argv-pseries-cpu-compat-power9.xml | 21 +++ tests/qemuxml2argvtest.c | 7 +++ tests/testutilsqemu.c | 13 +++- tests/testutilsqemu.h | 1 + 6 files changed, 69 insertions(+), 5 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-pseries-cpu-compat-power9.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-pseries-cpu-compat-power9.xml diff --git a/src/cpu/cpu_ppc64.c b/src/cpu/cpu_ppc64.c index f64592b55..bf0859904 100644 --- a/src/cpu/cpu_ppc64.c +++ b/src/cpu/cpu_ppc64.c @@ -92,22 +92,22 @@ ppc64CheckCompatibilityMode(const char *host_model, if (!compat_mode) return VIR_CPU_COMPARE_IDENTICAL; -/* Valid host CPUs: POWER6, POWER7, POWER8 */ +/* Valid host CPUs: POWER6, POWER7, POWER8, POWER9 */ if (!STRPREFIX(host_model, "POWER") || !(tmp = (char *) host_model + strlen("POWER")) || virStrToLong_i(tmp, NULL, 10, ) < 0 || -host < 6 || host > 8) { +host < 6 || host > 9) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Host CPU does not support compatibility modes")); goto out; } -/* Valid compatibility modes: power6, power7, power8 */ +/* Valid compatibility modes: power6, power7, power8, power9 */ if (!STRPREFIX(compat_mode, "power") || !(tmp = (char *) compat_mode + strlen("power")) || virStrToLong_i(tmp, NULL, 10, ) < 0 || -compat < 6 || compat > 8) { +compat < 6 || compat > 9) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Unknown compatibility mode %s"), compat_mode); diff --git a/tests/qemuxml2argvdata/qemuxml2argv-pseries-cpu-compat-power9.args b/tests/qemuxml2argvdata/qemuxml2argv-pseries-cpu-compat-power9.args new file mode 100644 index 0..af93d63dc --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-pseries-cpu-compat-power9.args @@ -0,0 +1,24 @@ +LC_ALL=C \ +PATH=/bin \ +HOME=/home/test \ +USER=test \ +LOGNAME=test \ +QEMU_AUDIO_DRV=none \ +/usr/bin/qemu-system-ppc64 \ +-name QEMUGuest1 \ +-S \ +-M pseries \ +-cpu host,compat=power9 \ +-m 256 \ +-smp 4,sockets=4,cores=1,threads=1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-nographic \ +-nodefconfig \ +-nodefaults \ +-chardev socket,id=charmonitor,path=/tmp/lib/domain--1-QEMUGuest1/monitor.sock,\ +server,nowait \ +-mon chardev=charmonitor,id=monitor,mode=readline \ +-boot c \ +-usb \ +-chardev pty,id=charserial0 \ +-device spapr-vty,chardev=charserial0,reg=0x3000 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-pseries-cpu-compat-power9.xml b/tests/qemuxml2argvdata/qemuxml2argv-pseries-cpu-compat-power9.xml new file mode 100644 index 0..30ab5c267 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-pseries-cpu-compat-power9.xml @@ -0,0 +1,21 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219100 + 219100 + 4 + +hvm + + +power9 + + + + /usr/bin/qemu-system-ppc64 + + + + + + diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 426959857..669caa0e4 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -1673,6 +1673,13 @@ mymain(void) QEMU_CAPS_CHARDEV, QEMU_CAPS_NODEFCONFIG); DO_TEST("pseries-cpu-le", QEMU_CAPS_KVM, QEMU_CAPS_CHARDEV, QEMU_CAPS_NODEFCONFIG); +DO_TEST_FAILURE("pseries-cpu-compat-power9", QEMU_CAPS_KVM); + +qemuTestSetHostCPU(driver.caps, cpuPower9); +DO_TEST("pseries-cpu-compat-power9", +QEMU_CAPS_KVM, QEMU_CAPS_CHARDEV, QEMU_CAPS_NODEFCONFIG); +qemuTestSetHostCPU(driver.caps, NULL); + qemuTestSetHostArch(driver.caps, VIR_ARCH_NONE); DO_TEST("pseries-panic-missing", diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c index 709e291bd..ee4853841 100644 --- a/tests/testutilsqemu.c +++ b/tests/testutilsqemu.c @@ -17,6 +17,7 @@ virCPUDefPtr cpuDefault; virCPUDefPtr cpuHaswell; virCPUDefPtr cpuPower8; +virCPUDefPtr cpuPower9; static virCPUFeatureDef cpuDefaultFeatures[] = { { (char *) "ds",-1 }, @@ -94,6 +95,15 @@ static virCPUDef cpuPower8Data = { .threads = 8, }; +static virCPUDef cpuPower9Data = { +.type = VIR_CPU_TYPE_HOST, +.arch = VIR_ARCH_PPC64, +.model = (char *) "POWER9", +.sockets = 1, +.cores = 16, +.threads = 1, +}; + typedef enum { TEST_UTILS_QEMU_BIN_I686, TEST_UTILS_QEMU_BIN_X86_64, @@ -467,7 +477,8 @@ virCapsPtr testQemuCapsInit(void) if (!(cpuDefault = virCPUDefCopy()) || !(cpuHaswell = virCPUDefCopy()) || -!(cpuPower8 =
Re: [libvirt] [PATCH] qemu: monitor: Don't bother extracting vCPU halted state in text monitor
On Thu, May 18, 2017 at 13:53:55 +0200, Ján Tomko wrote: > On Thu, May 18, 2017 at 01:47:03PM +0200, Peter Krempa wrote: > > The code causes the 'offset' variable to be overwritten (possibly with > > NULL if neither of the vCPUs is halted) which causes a crash since the > > variable is still used after that part. > > > > Additionally there's a bug, since strstr() would look up the '(halted)' > > string in the whole string rather than just the currently processed line > > the returned data is completely bogus. > > > > Rather than switching to single line parsing let's remove the code > > altogether since it has a commonly used JSON monitor alternative and > > the data itself is not very useful to report. > > > > The code was introduced in commit cc5e695bde > > > > Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1452106 > > --- > > src/qemu/qemu_monitor_text.c | 6 -- > > 1 file changed, 6 deletions(-) > > > > ACK > > When will we able to kill the whole file? Once we finaly decide, that centos 6.0 + upstream libvirt is an insane configuration. signature.asc Description: PGP signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 0/2] Couple of sparse streams improvements
On Thu, May 18, 2017 at 08:53:34AM +0200, Michal Privoznik wrote: News entry & one simple fix. Michal Privoznik (2): news: Document sparse streams virStream: Forbid negative seeks docs/news.xml| 10 ++ src/internal.h | 7 +++ src/rpc/virnetclientstream.c | 1 + src/util/virfdstream.c | 1 + 4 files changed, 19 insertions(+) ACK series Jan signature.asc Description: Digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] qemu: monitor: Don't bother extracting vCPU halted state in text monitor
On Thu, May 18, 2017 at 01:47:03PM +0200, Peter Krempa wrote: The code causes the 'offset' variable to be overwritten (possibly with NULL if neither of the vCPUs is halted) which causes a crash since the variable is still used after that part. Additionally there's a bug, since strstr() would look up the '(halted)' string in the whole string rather than just the currently processed line the returned data is completely bogus. Rather than switching to single line parsing let's remove the code altogether since it has a commonly used JSON monitor alternative and the data itself is not very useful to report. The code was introduced in commit cc5e695bde Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1452106 --- src/qemu/qemu_monitor_text.c | 6 -- 1 file changed, 6 deletions(-) ACK When will we able to kill the whole file? Jan signature.asc Description: Digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] qemu: monitor: Don't bother extracting vCPU halted state in text monitor
The code causes the 'offset' variable to be overwritten (possibly with NULL if neither of the vCPUs is halted) which causes a crash since the variable is still used after that part. Additionally there's a bug, since strstr() would look up the '(halted)' string in the whole string rather than just the currently processed line the returned data is completely bogus. Rather than switching to single line parsing let's remove the code altogether since it has a commonly used JSON monitor alternative and the data itself is not very useful to report. The code was introduced in commit cc5e695bde Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1452106 --- src/qemu/qemu_monitor_text.c | 6 -- 1 file changed, 6 deletions(-) diff --git a/src/qemu/qemu_monitor_text.c b/src/qemu/qemu_monitor_text.c index 9c9eeea01..66c94fbcd 100644 --- a/src/qemu/qemu_monitor_text.c +++ b/src/qemu/qemu_monitor_text.c @@ -552,12 +552,6 @@ qemuMonitorTextQueryCPUs(qemuMonitorPtr mon, cpu.qemu_id = cpuid; cpu.tid = tid; -/* Extract halted indicator */ -if ((offset = strstr(line, "(halted)")) != NULL) -cpu.halted = true; -else -cpu.halted = false; - if (VIR_APPEND_ELEMENT_COPY(cpus, ncpus, cpu) < 0) { ret = -1; goto cleanup; -- 2.12.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v2 2/2] util: do not leak handles in stop netlink event service
On 05/18/2017 12:06 AM, Wang King wrote: > handles stored in virNetlinkEventSrvPrivatePtr should be freed when > stop netlink event service. Altered the commit message to describe which commit introduced and just fit that into the text... > --- > src/util/virnetlink.c | 1 + > 1 file changed, 1 insertion(+) > Reviewed-by: John FerlanWill push soon - tks, John > diff --git a/src/util/virnetlink.c b/src/util/virnetlink.c > index fad1e8e..7988312 100644 > --- a/src/util/virnetlink.c > +++ b/src/util/virnetlink.c > @@ -758,6 +758,7 @@ virNetlinkEventServiceStop(unsigned int protocol) > } > > server[protocol] = NULL; > +VIR_FREE(srv->handles); > virNetlinkEventServerUnlock(srv); > > virMutexDestroy(>lock); > -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [RFC] Fixing a regression caused by recent CPU driver changes
On Thu, May 18, 2017 at 11:14:50AM +0200, Pavel Hrdina wrote: On Thu, May 18, 2017 at 10:22:59AM +0200, Jiri Denemark wrote: Hi all, when I was enhancing libvirt's guest CPU configuration code to be able to really ensure stable guest CPU ABI, I added a new attribute //cpu/@check which is nicely backward compatible... an old libvirt will just ignore it. However, even if check='full' will be ignored, an old libvirt will still see the updated CPU definition (features added or removed by the hypervisor will be shown there). And because we need QEMU 2.9.0 to check what features are going to be added or removed before we actually start the domain, migrating such domain to an older libvirt or QEMU may fail if QEMU enables a feature which is not supported by the host CPU. Known features causing problems are, e.g., x2apic, hypervisor, and arat. To make things even worse, updating a CPU definition with the automatically added/removed features can be done since QEMU 1.5.0. Even save/restore or snapshot revert on a single host running new libvirt and QEMU < 2.9.0 is now affected by this regression. The big question is how to fix the regression in a backward compatible way and still keep the ability to properly check guest CPU ABI with new enough libvirt and QEMU. Clearly, we need to keep both the original and the updated CPU definition (or one of them and a diff against the other). I came up with the following options: 1. When migrating a domain, the domain XML would contain the original CPU def while the updated one would be transferred in a migration cookie. - doesn't fix save/restore or snapshot revert - could be fixed by not updating the CPU with QEMU < 2.9.0, but it won't work when restore is done on a different host with older QEMU (and yes, this happens in real life, e.g., with oVirt) - doesn't even fix migration after save/restore or snapshot revert This is clearly not good enough. 2. Use migration cookie and change the save image format to contain additional data (something like migration cookie) which a new libvirt could make use of while old libvirt would ignore any additional data it doesn't know about - snapshot XML would need to be updated too, but that's trivial - cleanly changing save image format requires its version to be increased and old libvirt will just refuse to read such image - this would fix save/restore on the same host or on a host with older QEMU - doesn't fix restore on a different host running older libvirt - even this is done by oVirt This would be the best solution, however we might need to go with option 3. The CPU updating is a new feature but it's enabled automatically without any way how to disable it and in this case we should not break anything. Changing the save image format by introducing new feature to seve/restore APIs is valid reason to increase a version so old libvirt will fail if the new feature of save/restore is used. Unfortunately this is not the case, we need to update the save image format to make different feature backward compatible which should not break the save image compatibility. 3. Use migration cookie and change the save image format without increasing its version (and update snapshot XML) - this fixes all cases - technically possible by using one of the unused 32b ints and adding \0 at the end of the domain XML followed by anothe XML with the additional data (pointed to by the formerly unused uint32_t) - very ugly hack It's not that ugly. We just need to workaround a bad design used to store domain XML in the save image. Currently there is no easy and nice way how to add additional data into the XML without breaking backward compatibility and using \0 is the only backward compatible way of doing it. Luckily we have another 15 unused 32b ints :). The ideal solution would be to use proper XML: ... ... ... ... but since we store the domain XML directly as binary data the only way how to store additional data for backward compatible features we need to "extend" the current binary data with additional XML: ... \0 ... ... ... and the newly used 32b int will just point to the beginning of the additional data. Actually, one bit is enough. It would just say that there are newer save image data after the first one. It could be daisy chained as the next one would just have that field as well. I'm ambivalent between 3 and 4. 4. Format both CPUs in domain XML by adding a new subelement in which would list all extra features disabled or enabled by QEMU - fixes all cases without the need to use migration cookie, change save image format, or snapshot XML - but it may be very confusing for users and it would need to be documented as "output only, don't touch staff" I don't like it, this just puts an extra noise into the XML that is irrelevant for users. 5. Add the additional data in
Re: [libvirt] [PATCH v2 1/2] util: Deduplicate code in virNetlinkEventServiceStopAll
On 05/18/2017 12:06 AM, Wang King wrote: > Commit 15a71e60 introduced the virNetlinkEventServiceStopAll function, and > the code in virNetlinkEventServiceStop is copied to this function. can use > virNetlinkEventServiceStop instead. > --- > src/util/virnetlink.c | 25 +++-- > 1 file changed, 3 insertions(+), 22 deletions(-) > > diff --git a/src/util/virnetlink.c b/src/util/virnetlink.c > index 92ecf77..fad1e8e 100644 > --- a/src/util/virnetlink.c > +++ b/src/util/virnetlink.c > @@ -775,32 +775,13 @@ virNetlinkEventServiceStop(unsigned int protocol) > int > virNetlinkEventServiceStopAll(void) > { > -size_t i, j; > +size_t i; > virNetlinkEventSrvPrivatePtr srv = NULL; ^^^ This wasn't necessary either... I'll remove it before pushing. Reviewed-by: John FerlanJohn > > VIR_INFO("stopping all netlink event services"); > > -for (i = 0; i < MAX_LINKS; i++) { > -srv = server[i]; > -if (!srv) > -continue; > - > -virNetlinkEventServerLock(srv); > -nl_close(srv->netlinknh); > -virNetlinkFree(srv->netlinknh); > -virEventRemoveHandle(srv->eventwatch); > - > -for (j = 0; j < srv->handlesCount; j++) { > -if (srv->handles[j].deleted == VIR_NETLINK_HANDLE_VALID) > -virNetlinkEventRemoveClientPrimitive(j, i); > -} > - > -server[i] = NULL; > -virNetlinkEventServerUnlock(srv); > - > -virMutexDestroy(>lock); > -VIR_FREE(srv); > -} > +for (i = 0; i < MAX_LINKS; i++) > +virNetlinkEventServiceStop(i); > > return 0; > } > -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v4 4/6] nodedev: Introduce the mdev capability to a PCI parent device
On Thu, May 18, 2017 at 06:48:48AM -0400, John Ferlan wrote: > [...] > > >>> +static int > >>> +udevFillMdevType(struct udev_device *device, > >>> + const char *dir, > >>> + virNodeDevCapMdevTypePtr type) > >>> +{ > >>> +int ret = -1; > >>> +char *attrpath = NULL; > >>> + > >>> +#define MDEV_GET_SYSFS_ATTR(attr_name, cb, ...) > >>>\ > >>> +do { > >>>\ > >>> +if (virAsprintf(, "%s/%s", dir, #attr_name) < 0) > >>>\ > >>> +goto cleanup; > >>>\ > >>> + > >>>\ > >>> +if (cb(device, attrpath, __VA_ARGS__) < 0) > >>>\ > >>> +goto cleanup; > >>>\ > >>> + > >>>\ > >>> +VIR_FREE(attrpath); > >>>\ > >>> +} while (0) > >>>\ > >>> + > >>> +if (VIR_STRDUP(type->id, last_component(dir)) < 0) > >>> +goto cleanup; > >>> + > >>> +/* query udev for the attributes under subdirectories using the > >>> relative > >>> + * path stored in @dir, i.e. 'mdev_supported_types/' > >>> + */ > >>> +MDEV_GET_SYSFS_ATTR(name, udevGetStringSysfsAttr, >name); > >> > >> Does this imply that name isn't necessarily optional as defined in RNG? > >> Can '@name' not exist and if it is optional how does that adjust the macro? > > > > There's no need for the macro to be changed - type->name == NULL in that > > case > > which means it won't be formatted to the XML, there's no issue in that the > > NULL's going to be handled gracefully all the way down from > > udevGetStringSysfsAttr. > > > > O > >> > >>> +MDEV_GET_SYSFS_ATTR(device_api, udevGetStringSysfsAttr, > >>> >device_api); > >>> +MDEV_GET_SYSFS_ATTR(available_instances, udevGetUintSysfsAttr, > >>> +>available_instances, 10); > >>> + > >>> +#undef MDEV_GET_SYSFS_ATTR > >>> + > >>> +ret = 0; > >>> + cleanup: > >>> +VIR_FREE(attrpath); > >>> +return ret; > >>> +} > >>> + > >> > >> > >> With changes to > >> > >> 1. fix the Coverity issues > >> 2. determine whether the virNodeDeviceObjHasCap change is needed > >> 3. address the optional name > > ^ see my comment above > > > >> > >> You have my: > >> > >> Reviewed-by: John Ferlan> >> > >> While I'm not a fan of 'deviceAPI' > > > > Why so? I'm open to any suggestions, choosing the right name for basically > > anything is a gift I unfortunately do not possess, but truly desire to. > > > > Hmm... Looks like I got distracted whilst writing and didn't finish my > though I too have the gift of choosing names that cause angst for > reviewers. Anyway - it's just a strange name for something that I think > ends up being (what I call) the adapter or controller, e.g. in an .args > file: > > -device vfio-pci,id=hostdev0,\ > sysfsdev=/sys/bus/mdev/devices/53764d0e-85a0-42b4-af5c-2046b460b1dc,bus=pci.0,\ > addr=0x3 > > the "vfio-pci" is less a "deviceAPI" to me and more the "device > mechanism or name" to handle the traffic. But I see that "device_api" is You're right, but this way, we at least stay consistent with arguably poor naming under sysfs - I know, might have been better off with letting the fantasy off the leash, but hopefully this one's going to bite us in the back less than usualyeah, right > what the file name ends up being and that I assume was agreed upon by > the consortium of those who have been arguing about the vGPU/mdev sysfs > layout for far longer than I wanted to pay close attention, so we just > get to deal with it. > > Now as for availableInstances - thankfully there's cut-n-paste to deal > with that long name. Ironically the name is far longer than the value > as opposed to something like uuid/wwnn/wwpn where the name is far > shorter than what the value turns out to be. Glad I don't have to type a > uuid/wwnn/wwpn value too often and even happier I have cut-n-paste > Thanks for review, I'm going to push the series in a moment. I also created BZ 1452072 to track the feature and pasted the URL to patches 3-6. Erik > > John -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v4 4/6] nodedev: Introduce the mdev capability to a PCI parent device
[...] >>> +static int >>> +udevFillMdevType(struct udev_device *device, >>> + const char *dir, >>> + virNodeDevCapMdevTypePtr type) >>> +{ >>> +int ret = -1; >>> +char *attrpath = NULL; >>> + >>> +#define MDEV_GET_SYSFS_ATTR(attr_name, cb, ...) >>> \ >>> +do { >>> \ >>> +if (virAsprintf(, "%s/%s", dir, #attr_name) < 0) >>> \ >>> +goto cleanup; >>> \ >>> + >>> \ >>> +if (cb(device, attrpath, __VA_ARGS__) < 0) >>> \ >>> +goto cleanup; >>> \ >>> + >>> \ >>> +VIR_FREE(attrpath); >>> \ >>> +} while (0) >>> \ >>> + >>> +if (VIR_STRDUP(type->id, last_component(dir)) < 0) >>> +goto cleanup; >>> + >>> +/* query udev for the attributes under subdirectories using the >>> relative >>> + * path stored in @dir, i.e. 'mdev_supported_types/' >>> + */ >>> +MDEV_GET_SYSFS_ATTR(name, udevGetStringSysfsAttr, >name); >> >> Does this imply that name isn't necessarily optional as defined in RNG? >> Can '@name' not exist and if it is optional how does that adjust the macro? > > There's no need for the macro to be changed - type->name == NULL in that case > which means it won't be formatted to the XML, there's no issue in that the > NULL's going to be handled gracefully all the way down from > udevGetStringSysfsAttr. > O >> >>> +MDEV_GET_SYSFS_ATTR(device_api, udevGetStringSysfsAttr, >>> >device_api); >>> +MDEV_GET_SYSFS_ATTR(available_instances, udevGetUintSysfsAttr, >>> +>available_instances, 10); >>> + >>> +#undef MDEV_GET_SYSFS_ATTR >>> + >>> +ret = 0; >>> + cleanup: >>> +VIR_FREE(attrpath); >>> +return ret; >>> +} >>> + >> >> >> With changes to >> >> 1. fix the Coverity issues >> 2. determine whether the virNodeDeviceObjHasCap change is needed >> 3. address the optional name > ^ see my comment above > >> >> You have my: >> >> Reviewed-by: John Ferlan>> >> While I'm not a fan of 'deviceAPI' > > Why so? I'm open to any suggestions, choosing the right name for basically > anything is a gift I unfortunately do not possess, but truly desire to. > Hmm... Looks like I got distracted whilst writing and didn't finish my though I too have the gift of choosing names that cause angst for reviewers. Anyway - it's just a strange name for something that I think ends up being (what I call) the adapter or controller, e.g. in an .args file: -device vfio-pci,id=hostdev0,\ sysfsdev=/sys/bus/mdev/devices/53764d0e-85a0-42b4-af5c-2046b460b1dc,bus=pci.0,\ addr=0x3 the "vfio-pci" is less a "deviceAPI" to me and more the "device mechanism or name" to handle the traffic. But I see that "device_api" is what the file name ends up being and that I assume was agreed upon by the consortium of those who have been arguing about the vGPU/mdev sysfs layout for far longer than I wanted to pay close attention, so we just get to deal with it. Now as for availableInstances - thankfully there's cut-n-paste to deal with that long name. Ironically the name is far longer than the value as opposed to something like uuid/wwnn/wwpn where the name is far shorter than what the value turns out to be. Glad I don't have to type a uuid/wwnn/wwpn value too often and even happier I have cut-n-paste John -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v4 4/6] nodedev: Introduce the mdev capability to a PCI parent device
On Wed, May 17, 2017 at 05:22:45PM -0400, John Ferlan wrote: > > > On 05/15/2017 08:10 AM, Erik Skultety wrote: > > The parent device needs to report the generic stuff about the supported > > mediated devices types, like device API, available instances, type name, > > etc. Therefore this patch introduces a new nested capability element of > > type 'mdev_types' with the resulting XML of the following format: > > > > > > ... > > > > ... > > > > > > optional_vendor_supplied_codename > > vfio-pci > > NUM > > > > ... > > > > ... > > > > > > > > ... > > > > I haven't followed all the discussions that closely - so a comment from > the peanut gallery... Since mdev_types is a sub-capability of > type='pci', does the "vfio-pci" feel redundant? Ok just the -pci part... Well, that would be mangling of the value we query from the sysfs and that would again bring us to the point where people would rely on it. IMHO we should expose the values verbatim as we find it under sysfs, do we actually do adjust the attribute values after querying them from sysfs?? Anyhow, during one of the VFIO meetings we've also discussed a possibility of someone coming up with vfio-pci v2 backend (though unlikely), in that aspect, you really want to know what is the exact device API supported by that mdev type (I have another unlikely and extremely 'visionary' scenario to support my argument, but I'd rather keep it for myself :)). > > > > > Signed-off-by: Erik Skultety> > --- > > docs/schemas/nodedev.rng | 26 + > > src/conf/node_device_conf.c| 97 + > > src/conf/node_device_conf.h| 15 +++ > > src/conf/virnodedeviceobj.c| 7 ++ > > src/libvirt_private.syms | 1 + > > src/node_device/node_device_udev.c | 119 > > + > > .../pci__02_10_7_mdev_types.xml| 32 ++ > > tests/nodedevxml2xmltest.c | 1 + > > 8 files changed, 298 insertions(+) > > create mode 100644 tests/nodedevschemadata/pci__02_10_7_mdev_types.xml > > > > diff --git a/docs/schemas/nodedev.rng b/docs/schemas/nodedev.rng > > index 0f90a73c8..e0a2c5032 100644 > > --- a/docs/schemas/nodedev.rng > > +++ b/docs/schemas/nodedev.rng > > @@ -205,6 +205,32 @@ > > > > > > > > + > > + > > + mdev_types > > + > > + > > + > > + > > + > > + > > + > > + > > + > > + > > + > > +vfio-pci > > + > > + > > + > > + > > + > > + > > + > > + > > + > > + > > + > > > > > > > > diff --git a/src/conf/node_device_conf.c b/src/conf/node_device_conf.c > > index 40d71f277..f26b1ffc7 100644 > > --- a/src/conf/node_device_conf.c > > +++ b/src/conf/node_device_conf.c > > @@ -89,6 +89,19 @@ virNodeDevCapsDefParseString(const char *xpath, > > > > > > void > > +virNodeDevCapMdevTypeFree(virNodeDevCapMdevTypePtr type) > > +{ > > +if (!type) > > +return; > > + > > +VIR_FREE(type->id); > > +VIR_FREE(type->name); > > +VIR_FREE(type->device_api); > > +VIR_FREE(type); > > +} > > + > > + > > +void > > virNodeDeviceDefFree(virNodeDeviceDefPtr def) > > { > > virNodeDevCapsDefPtr caps; > > @@ -265,6 +278,27 @@ virNodeDeviceCapPCIDefFormat(virBufferPtr buf, > > virBufferAsprintf(buf, "\n", > >virPCIHeaderTypeToString(data->pci_dev.hdrType)); > > } > > +if (data->pci_dev.flags & VIR_NODE_DEV_CAP_FLAG_PCI_MDEV) { > > +virBufferAddLit(buf, "\n"); > > +virBufferAdjustIndent(buf, 2); > > +for (i = 0; i < data->pci_dev.nmdev_types; i++) { > > +virNodeDevCapMdevTypePtr type = data->pci_dev.mdev_types[i]; > > +virBufferEscapeString(buf, "\n", type->id); > > +virBufferAdjustIndent(buf, 2); > > +if (type->name) > > +virBufferEscapeString(buf, "%s\n", > > + type->name); > > +virBufferEscapeString(buf, "%s\n", > > + type->device_api); > > +virBufferAsprintf(buf, > > + > > "%u\n", > > + type->available_instances); > > +virBufferAdjustIndent(buf, -2); > > +virBufferAddLit(buf, "\n"); > > +} > > +virBufferAdjustIndent(buf, -2); > > +virBufferAddLit(buf, "\n"); > > +} > > if (data->pci_dev.nIommuGroupDevices) { > > virBufferAsprintf(buf, "\n", > >data->pci_dev.iommuGroupNumber); > >
Re: [libvirt] [RFC] Fixing a regression caused by recent CPU driver changes
On Thu, May 18, 2017 at 10:22:59AM +0200, Jiri Denemark wrote: > Hi all, > > when I was enhancing libvirt's guest CPU configuration code to be able > to really ensure stable guest CPU ABI, I added a new attribute > //cpu/@check which is nicely backward compatible... an old libvirt will > just ignore it. However, even if check='full' will be ignored, an old > libvirt will still see the updated CPU definition (features added or > removed by the hypervisor will be shown there). And because we need QEMU > 2.9.0 to check what features are going to be added or removed before we > actually start the domain, migrating such domain to an older libvirt or > QEMU may fail if QEMU enables a feature which is not supported by the > host CPU. Known features causing problems are, e.g., x2apic, hypervisor, > and arat. To make things even worse, updating a CPU definition with the > automatically added/removed features can be done since QEMU 1.5.0. > > Even save/restore or snapshot revert on a single host running new > libvirt and QEMU < 2.9.0 is now affected by this regression. > > The big question is how to fix the regression in a backward compatible > way and still keep the ability to properly check guest CPU ABI with new > enough libvirt and QEMU. Clearly, we need to keep both the original and > the updated CPU definition (or one of them and a diff against the > other). > > I came up with the following options: > > 1. When migrating a domain, the domain XML would contain the original >CPU def while the updated one would be transferred in a migration >cookie. >- doesn't fix save/restore or snapshot revert > - could be fixed by not updating the CPU with QEMU < 2.9.0, but it >won't work when restore is done on a different host with older >QEMU (and yes, this happens in real life, e.g., with oVirt) >- doesn't even fix migration after save/restore or snapshot revert This is clearly not good enough. > 2. Use migration cookie and change the save image format to contain >additional data (something like migration cookie) which a new libvirt >could make use of while old libvirt would ignore any additional data >it doesn't know about >- snapshot XML would need to be updated too, but that's trivial >- cleanly changing save image format requires its version to be > increased and old libvirt will just refuse to read such image >- this would fix save/restore on the same host or on a host with > older QEMU >- doesn't fix restore on a different host running older libvirt > - even this is done by oVirt This would be the best solution, however we might need to go with option 3. The CPU updating is a new feature but it's enabled automatically without any way how to disable it and in this case we should not break anything. Changing the save image format by introducing new feature to seve/restore APIs is valid reason to increase a version so old libvirt will fail if the new feature of save/restore is used. Unfortunately this is not the case, we need to update the save image format to make different feature backward compatible which should not break the save image compatibility. > 3. Use migration cookie and change the save image format without >increasing its version (and update snapshot XML) >- this fixes all cases >- technically possible by using one of the unused 32b ints and > adding \0 at the end of the domain XML followed by anothe XML with > the additional data (pointed to by the formerly unused uint32_t) >- very ugly hack It's not that ugly. We just need to workaround a bad design used to store domain XML in the save image. Currently there is no easy and nice way how to add additional data into the XML without breaking backward compatibility and using \0 is the only backward compatible way of doing it. Luckily we have another 15 unused 32b ints :). The ideal solution would be to use proper XML: ... ... ... ... but since we store the domain XML directly as binary data the only way how to store additional data for backward compatible features we need to "extend" the current binary data with additional XML: ... \0 ... ... ... and the newly used 32b int will just point to the beginning of the additional data. > 4. Format both CPUs in domain XML by adding a new subelement in >which would list all extra features disabled or enabled by QEMU >- fixes all cases without the need to use migration cookie, change > save image format, or snapshot XML >- but it may be very confusing for users and it would need to be > documented as "output only, don't touch staff" I don't like it, this just puts an extra noise into the XML that is irrelevant for users. > 5. Add the additional data in >- a bad joke really > > > So my preferred solution is 2. It breaks restore on a host with older > libvirt, but it was never guaranteed to work, even
[libvirt] [PATCH 1/2] conf: add eim attribute to
Add an attribute to control extended interrupt mode. https://bugzilla.redhat.com/show_bug.cgi?id=1451282 --- docs/formatdomain.html.in | 10 +++ docs/schemas/domaincommon.rng | 5 src/conf/domain_conf.c | 20 ++ src/conf/domain_conf.h | 1 + .../qemuxml2argv-intel-iommu-eim.xml | 31 ++ .../qemuxml2xmlout-intel-iommu-eim.xml | 1 + tests/qemuxml2xmltest.c| 1 + 7 files changed, 69 insertions(+) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-intel-iommu-eim.xml create mode 12 tests/qemuxml2xmloutdata/qemuxml2xmlout-intel-iommu-eim.xml diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 3135db4..b5026b1 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -7436,6 +7436,16 @@ qemu-kvm -net nic,model=? /dev/null Since 3.4.0 (QEMU/KVM only) + eim + + + The eim attribute with possible values + on and off can be used to + turn on extended interrupt mode. In combination with intremap + and split I/O APIC, this allows for more vCPUs to be used. + Since 3.4.0 (QEMU/KVM only) + + diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index f88e84a..144c281 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -3959,6 +3959,11 @@ + + + + + diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 9eba70a..2264d96 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -14184,6 +14184,14 @@ virDomainIOMMUDefParseXML(xmlNodePtr node, } iommu->caching_mode = val; } +VIR_FREE(tmp); +if ((tmp = virXPathString("string(./driver/@eim)", ctxt))) { +if ((val = virTristateSwitchTypeFromString(tmp)) < 0) { +virReportError(VIR_ERR_XML_ERROR, _("unknown eim value: %s"), tmp); +goto cleanup; +} +iommu->eim = val; +} ret = iommu; iommu = NULL; @@ -19856,6 +19864,14 @@ virDomainIOMMUDefCheckABIStability(virDomainIOMMUDefPtr src, virTristateSwitchTypeToString(src->caching_mode)); return false; } +if (src->eim != dst->eim) { +virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("Target domain IOMMU device eim value '%s' " + "does not match source '%s'"), + virTristateSwitchTypeToString(dst->eim), + virTristateSwitchTypeToString(src->eim)); +return false; +} return true; } @@ -24199,6 +24215,10 @@ virDomainIOMMUDefFormat(virBufferPtr buf, virBufferAsprintf(, " caching_mode='%s'", virTristateSwitchTypeToString(iommu->caching_mode)); } +if (iommu->eim != VIR_TRISTATE_SWITCH_ABSENT) { +virBufferAsprintf(, " eim='%s'", + virTristateSwitchTypeToString(iommu->eim)); +} virBufferAddLit(, "/>\n"); } diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 34a3596..83e0672 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -2211,6 +2211,7 @@ struct _virDomainIOMMUDef { virDomainIOMMUModel model; virTristateSwitch intremap; virTristateSwitch caching_mode; +virTristateSwitch eim; }; /* * Guest VM main configuration diff --git a/tests/qemuxml2argvdata/qemuxml2argv-intel-iommu-eim.xml b/tests/qemuxml2argvdata/qemuxml2argv-intel-iommu-eim.xml new file mode 100644 index 000..8642ed3 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-intel-iommu-eim.xml @@ -0,0 +1,31 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219100 + 219100 + 288 + +hvm + + + + + + + destroy + restart + destroy + +/usr/bin/qemu-system-x86_64 + + + + + + + + + + + + diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-intel-iommu-eim.xml b/tests/qemuxml2xmloutdata/qemuxml2xmlout-intel-iommu-eim.xml new file mode 12 index 000..9fbec36 --- /dev/null +++ b/tests/qemuxml2xmloutdata/qemuxml2xmlout-intel-iommu-eim.xml @@ -0,0 +1 @@ +../qemuxml2argvdata/qemuxml2argv-intel-iommu-eim.xml \ No newline at end of file diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c index fed74d0..fff13e2 100644 --- a/tests/qemuxml2xmltest.c +++ b/tests/qemuxml2xmltest.c @@ -1127,6 +1127,7 @@ mymain(void) QEMU_CAPS_MACHINE_IOMMU); DO_TEST("intel-iommu-ioapic", NONE); DO_TEST("intel-iommu-caching-mode", NONE); +
[libvirt] [PATCH 0/2] Add eim attribute to iommu device
Extended interrupt mode allows >255 vCPUs with q35-based machine types. https://bugzilla.redhat.com/show_bug.cgi?id=1451282 Ján Tomko (2): conf: add eim attribute to qemu: format eim on intel-iommu command line docs/formatdomain.html.in | 10 +++ docs/schemas/domaincommon.rng | 5 src/conf/domain_conf.c | 20 ++ src/conf/domain_conf.h | 1 + src/qemu/qemu_capabilities.c | 2 ++ src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_command.c| 11 src/qemu/qemu_domain.c | 20 ++ tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml | 1 + .../qemuxml2argv-intel-iommu-eim.args | 19 + .../qemuxml2argv-intel-iommu-eim.xml | 31 ++ tests/qemuxml2argvtest.c | 7 + .../qemuxml2xmlout-intel-iommu-eim.xml | 1 + tests/qemuxml2xmltest.c| 1 + 15 files changed, 131 insertions(+) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-intel-iommu-eim.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-intel-iommu-eim.xml create mode 12 tests/qemuxml2xmloutdata/qemuxml2xmlout-intel-iommu-eim.xml -- 2.10.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 2/2] qemu: format eim on intel-iommu command line
This option turns on extended interrupt mode, which allows more than 255 vCPUs. https://bugzilla.redhat.com/show_bug.cgi?id=1451282 --- src/qemu/qemu_capabilities.c | 2 ++ src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_command.c | 11 +++ src/qemu/qemu_domain.c | 20 tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml | 1 + .../qemuxml2argv-intel-iommu-eim.args| 19 +++ tests/qemuxml2argvtest.c | 7 +++ 8 files changed, 62 insertions(+) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-intel-iommu-eim.args diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index 546dfd7..7ea8505 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -371,6 +371,7 @@ VIR_ENUM_IMPL(virQEMUCaps, QEMU_CAPS_LAST, "kernel-irqchip.split", "intel-iommu.intremap", "intel-iommu.caching-mode", + "intel-iommu.eim", ); @@ -1728,6 +1729,7 @@ static struct virQEMUCapsStringFlags virQEMUCapsObjectPropsUSBNECXHCI[] = { static struct virQEMUCapsStringFlags virQEMUCapsObjectPropsIntelIOMMU[] = { { "intremap", QEMU_CAPS_INTEL_IOMMU_INTREMAP }, { "caching-mode", QEMU_CAPS_INTEL_IOMMU_CACHING_MODE }, +{ "eim", QEMU_CAPS_INTEL_IOMMU_EIM }, }; /* see documentation for virQEMUCapsQMPSchemaGetByPath for the query format */ diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h index aa99fda..eba9814 100644 --- a/src/qemu/qemu_capabilities.h +++ b/src/qemu/qemu_capabilities.h @@ -409,6 +409,7 @@ typedef enum { QEMU_CAPS_MACHINE_KERNEL_IRQCHIP_SPLIT, /* -machine kernel_irqchip=split */ QEMU_CAPS_INTEL_IOMMU_INTREMAP, /* intel-iommu.intremap */ QEMU_CAPS_INTEL_IOMMU_CACHING_MODE, /* intel-iommu.caching-mode */ +QEMU_CAPS_INTEL_IOMMU_EIM, /* intel-iommu.eim */ QEMU_CAPS_LAST /* this must always be the last item */ } virQEMUCapsFlags; diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 4c1a266..f190d51 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -6701,6 +6701,13 @@ qemuBuildIOMMUCommandLine(virCommandPtr cmd, "with this QEMU binary")); return -1; } +if (iommu->eim != VIR_TRISTATE_SWITCH_ABSENT && +!virQEMUCapsGet(qemuCaps, QEMU_CAPS_INTEL_IOMMU_EIM)) { +virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("iommu: eim is not supported " + "with this QEMU binary")); +return -1; +} break; case VIR_DOMAIN_IOMMU_MODEL_LAST: break; @@ -6734,6 +6741,10 @@ qemuBuildIOMMUCommandLine(virCommandPtr cmd, virBufferAsprintf(, ",caching-mode=%s", virTristateSwitchTypeToString(iommu->caching_mode)); } +if (iommu->eim != VIR_TRISTATE_SWITCH_ABSENT) { +virBufferAsprintf(, ",eim=%s", + virTristateSwitchTypeToString(iommu->eim)); +} case VIR_DOMAIN_IOMMU_MODEL_LAST: break; } diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 7c54f69..cd1825e 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -2663,6 +2663,9 @@ qemuDomainRecheckInternalPaths(virDomainDefPtr def, } +#define QEMU_MAX_VCPUS_WITHOUT_EIM 255 + + static int qemuDomainDefVcpusPostParse(virDomainDefPtr def) { @@ -3071,6 +3074,23 @@ qemuDomainDefValidate(const virDomainDef *def, } } +if (ARCH_IS_X86(def->os.arch) && +virDomainDefGetVcpusMax(def) > QEMU_MAX_VCPUS_WITHOUT_EIM) { +if (!qemuDomainIsQ35(def)) { +virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("more than %d vCPUs are only supported on " + "q35-based machine types"), + QEMU_MAX_VCPUS_WITHOUT_EIM); +goto cleanup; +} +if (!def->iommu || def->iommu->eim != VIR_TRISTATE_SWITCH_ON) { +virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("more than %d vCPUs require extended interrupt " + "mode enabled on the iommu device"), + QEMU_MAX_VCPUS_WITHOUT_EIM); +} +} + if (qemuDomainDefValidateVideo(def) < 0) goto cleanup; diff --git a/tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml index e515678..01edbc8 100644 --- a/tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml @@ -206,6 +206,7 @@ + 2008000 0 (v2.8.0) diff --git
[libvirt] [PATCH 6/8] apparmor: include local apparmor profiles
From: Felix GeyerLocal overrides is a feature Debian/Ubuntu libvirt provided for a while. This allows the user to have a non-conffile that he can use to extend the package delivered rules with extra content matching his special case. This change adds the include directives to the apparmor profiles for virt-aa-helper and libvirtd. Additionally extended the build environment to carry template local profiles and install them into the correct places. Without that the include directives would prevent the profile from loading. Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader Acked-by: Jamie Strandboge --- examples/Makefile.am | 14 ++ examples/apparmor/local-usr.lib.libvirt.virt-aa-helper | 2 ++ examples/apparmor/local-usr.sbin.libvirtd | 2 ++ examples/apparmor/usr.lib.libvirt.virt-aa-helper | 3 +++ examples/apparmor/usr.sbin.libvirtd| 3 +++ 5 files changed, 24 insertions(+) create mode 100644 examples/apparmor/local-usr.lib.libvirt.virt-aa-helper create mode 100644 examples/apparmor/local-usr.sbin.libvirtd diff --git a/examples/Makefile.am b/examples/Makefile.am index 2956e14..16c7bf6 100644 --- a/examples/Makefile.am +++ b/examples/Makefile.am @@ -25,6 +25,8 @@ EXTRA_DIST = \ apparmor/libvirt-lxc \ apparmor/usr.lib.libvirt.virt-aa-helper \ apparmor/usr.sbin.libvirtd \ + apparmor/local-usr.sbin.libvirtd \ + apparmor/local-usr.lib.libvirt.virt-aa-helper \ lxcconvert/virt-lxc-convert \ polkit/libvirt-acl.rules \ $(wildcard $(srcdir)/systemtap/*.stp) \ @@ -74,6 +76,18 @@ apparmor_DATA = \ apparmor/usr.sbin.libvirtd \ $(NULL) +localdir = $(apparmordir)/local +local_DATA = \ + apparmor/local-usr.sbin.libvirtd \ + apparmor/local-usr.lib.libvirt.virt-aa-helper \ + $(NULL) + +install-data-hook: + mv $(DESTDIR)$(localdir)/local-usr.sbin.libvirtd \ + $(DESTDIR)$(localdir)/usr.sbin.libvirtd + mv $(DESTDIR)$(localdir)/local-usr.lib.libvirt.virt-aa-helper \ + $(DESTDIR)$(localdir)/usr.lib.libvirt.virt-aa-helper + abstractionsdir = $(apparmordir)/abstractions abstractions_DATA = \ apparmor/libvirt-qemu \ diff --git a/examples/apparmor/local-usr.lib.libvirt.virt-aa-helper b/examples/apparmor/local-usr.lib.libvirt.virt-aa-helper new file mode 100644 index 000..82c9c39 --- /dev/null +++ b/examples/apparmor/local-usr.lib.libvirt.virt-aa-helper @@ -0,0 +1,2 @@ +# Site-specific additions and overrides for usr.lib.libvirt.virt-aa-helper. +# For more details, please see /etc/apparmor.d/local/README. diff --git a/examples/apparmor/local-usr.sbin.libvirtd b/examples/apparmor/local-usr.sbin.libvirtd new file mode 100644 index 000..6e19f20 --- /dev/null +++ b/examples/apparmor/local-usr.sbin.libvirtd @@ -0,0 +1,2 @@ +# Site-specific additions and overrides for usr.sbin.libvirtd. +# For more details, please see /etc/apparmor.d/local/README. diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper b/examples/apparmor/usr.lib.libvirt.virt-aa-helper index 012080c..93ba74e 100644 --- a/examples/apparmor/usr.lib.libvirt.virt-aa-helper +++ b/examples/apparmor/usr.lib.libvirt.virt-aa-helper @@ -56,4 +56,7 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper { /**.vmdk r, /**.[iI][sS][oO] r, /**/disk{,.*} r, + + # Site-specific additions and overrides. See local/README for details. + #include } diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd index 353b039..c37d5ee 100644 --- a/examples/apparmor/usr.sbin.libvirtd +++ b/examples/apparmor/usr.sbin.libvirtd @@ -85,4 +85,7 @@ /usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix, } + + # Site-specific additions and overrides. See local/README for details. + #include } -- 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 7/8] appmor, libvirt-qemu: Add 9p support
From: Serge HallynAdd fowner and fsetid to libvirt-qemu profile. Bug-Ubuntu: https://bugs.launchpad.net/bugs/1378434 Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader --- examples/apparmor/libvirt-qemu | 4 1 file changed, 4 insertions(+) diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu index 89466c9..f04ce04 100644 --- a/examples/apparmor/libvirt-qemu +++ b/examples/apparmor/libvirt-qemu @@ -13,6 +13,10 @@ capability setgid, capability setuid, + # for 9p + capability fsetid, + capability fowner, + network inet stream, network inet6 stream, -- 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 1/8] virt-aa-helper: Ask for no deny rule for readonly disk elements
From: Serge HallynJust because a disk element only requests read access doesn't mean there may not be another readwrite request. Using 'R' when creating the apparmor rule will prevent an implicit write-deny rule to be created alongside. This does not mean write is allowed but it would cause a denial message and probably more relevant, allows to add write access later. Bug-Ubuntu: https://bugs.launchpad.net/bugs/1554031 Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader --- src/security/virt-aa-helper.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 5f5d1cd..d976a00 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -888,11 +888,11 @@ add_file_path(virDomainDiskDefPtr disk, if (depth == 0) { if (disk->src->readonly) -ret = vah_add_file(buf, path, "r"); +ret = vah_add_file(buf, path, "R"); else ret = vah_add_file(buf, path, "rw"); } else { -ret = vah_add_file(buf, path, "r"); +ret = vah_add_file(buf, path, "R"); } if (ret != 0) -- 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 3/8] apparmor, virt-aa-helper: Allow aarch64 UEFI.
From: William GrantAllow access to aarch64 UEFI images. Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader Acked-by: Guido Günther --- examples/apparmor/libvirt-qemu | 2 ++ src/security/virt-aa-helper.c | 4 +++- tests/virt-aa-helper-test | 2 ++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu index e0988bb..89466c9 100644 --- a/examples/apparmor/libvirt-qemu +++ b/examples/apparmor/libvirt-qemu @@ -71,6 +71,8 @@ /usr/share/seabios/** r, /usr/share/ovmf/** r, /usr/share/OVMF/** r, + /usr/share/AAVMF/** r, + /usr/share/qemu-efi/** r, # access PKI infrastructure /etc/pki/libvirt-vnc/** r, diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index dd166c2..a2d5c21 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -513,7 +513,9 @@ valid_path(const char *path, const bool readonly) "/initrd", "/initrd.img", "/usr/share/OVMF/", /* for OVMF images */ -"/usr/share/ovmf/" /* for OVMF images */ +"/usr/share/ovmf/", /* for OVMF images */ +"/usr/share/AAVMF/", /* for AAVMF images */ +"/usr/share/qemu-efi/" /* for AAVMF images */ }; /* override the above with these */ const char * const override[] = { diff --git a/tests/virt-aa-helper-test b/tests/virt-aa-helper-test index 73f3080..51072f6 100755 --- a/tests/virt-aa-helper-test +++ b/tests/virt-aa-helper-test @@ -307,6 +307,8 @@ testme "0" "kernel" "-r -u $valid_uuid" "$test_xml" testfw "ovmf (old path)" "/usr/share/ovmf/OVMF.fd" testfw "OVMF (new path)" "/usr/share/OVMF/OVMF_CODE.fd" +testfw "AAVMF" "/usr/share/AAVMF/AAVMF_CODE.fd" +testfw "qemu-efi" "/usr/share/qemu-efi/QEMU_EFI.fd" sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,$tmpdir/initrd,g" "$template_xml" > "$test_xml" touch "$tmpdir/initrd" -- 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 8/8] apparmor, libvirt-qemu: Add ppc64el related changes
From: Serge HallynUpdates profile to allow running on ppc64el. Bug-Ubuntu: https://bugs.launchpad.net/bugs/1374554 Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader --- examples/apparmor/libvirt-qemu | 7 +++ 1 file changed, 7 insertions(+) diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu index f04ce04..2791dfc 100644 --- a/examples/apparmor/libvirt-qemu +++ b/examples/apparmor/libvirt-qemu @@ -77,6 +77,7 @@ /usr/share/OVMF/** r, /usr/share/AAVMF/** r, /usr/share/qemu-efi/** r, + /usr/share/slof/** r, # access PKI infrastructure /etc/pki/libvirt-vnc/** r, @@ -102,6 +103,7 @@ /usr/bin/qemu-system-or32 rmix, /usr/bin/qemu-system-ppc rmix, /usr/bin/qemu-system-ppc64 rmix, + /usr/bin/qemu-system-ppc64le rmix, /usr/bin/qemu-system-ppcemb rmix, /usr/bin/qemu-system-s390x rmix, /usr/bin/qemu-system-sh4 rmix, @@ -158,3 +160,8 @@ /etc/udev/udev.conf r, /sys/bus/ r, /sys/class/ r, + + # for ppc device-tree access + @{PROC}/device-tree/ r, + @{PROC}/device-tree/** r, + /sys/firmware/devicetree/** r, -- 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 4/8] apparmor, virt-aa-helper: Allow access to libnl-3 config files
From: Felix GeyerAllow access to libnl-3 config files Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader Acked-by: Guido Günther --- examples/apparmor/usr.lib.libvirt.virt-aa-helper | 2 ++ 1 file changed, 2 insertions(+) diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper b/examples/apparmor/usr.lib.libvirt.virt-aa-helper index 4a8f197..ee53c2c 100644 --- a/examples/apparmor/usr.lib.libvirt.virt-aa-helper +++ b/examples/apparmor/usr.lib.libvirt.virt-aa-helper @@ -16,6 +16,8 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper { owner @{PROC}/[0-9]*/status r, @{PROC}/filesystems r, + /etc/libnl-3/classid r, + # for hostdev /sys/devices/ r, /sys/devices/** r, -- 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 2/8] apparmor, virt-aa-helper: allow /usr/share/OVMF/ too
From: Simon McVittieThe split firmware and variables files introduced by https://bugs.debian.org/764918 are in a different directory for some reason. Let the virtual machine read both. Extended by Christian Ehrhardt to generalize FW test (simplifies additional testing on firmware files in future). Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader Acked-by: Guido Günther --- examples/apparmor/libvirt-qemu | 1 + src/security/virt-aa-helper.c | 1 + tests/virt-aa-helper-test | 24 3 files changed, 18 insertions(+), 8 deletions(-) diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu index a9020aa..e0988bb 100644 --- a/examples/apparmor/libvirt-qemu +++ b/examples/apparmor/libvirt-qemu @@ -70,6 +70,7 @@ /usr/share/vgabios/** r, /usr/share/seabios/** r, /usr/share/ovmf/** r, + /usr/share/OVMF/** r, # access PKI infrastructure /etc/pki/libvirt-vnc/** r, diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index d976a00..dd166c2 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -512,6 +512,7 @@ valid_path(const char *path, const bool readonly) "/vmlinuz", "/initrd", "/initrd.img", +"/usr/share/OVMF/", /* for OVMF images */ "/usr/share/ovmf/" /* for OVMF images */ }; /* override the above with these */ diff --git a/tests/virt-aa-helper-test b/tests/virt-aa-helper-test index 68e9399..73f3080 100755 --- a/tests/virt-aa-helper-test +++ b/tests/virt-aa-helper-test @@ -145,6 +145,20 @@ testme() { fi } +testfw() { +title="$1" +fwpath="$2" + +if [ -f "$fwpath" ]; then +sed -e "s,###UUID###,$uuid,g" \ +-e "s,###DISK###,$disk1,g" \ +-e "s,,$fwpath,g" "$template_xml" > "$test_xml" +testme "0" "$title" "-r -u $valid_uuid" "$test_xml" +else +echo "Skipping FW $title test. Could not find $fwpath" +fi +} + # Expected failures echo "Expected failures:" >$output testme "1" "invalid arg" "-z" @@ -291,14 +305,8 @@ sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,$tm touch "$tmpdir/kernel" testme "0" "kernel" "-r -u $valid_uuid" "$test_xml" -if [ -f /usr/share/ovmf/OVMF.fd ]; then -sed -e "s,###UUID###,$uuid,g" \ --e "s,###DISK###,$disk1,g" \ --e "s,,/usr/share/ovmf/OVMF.fd,g" "$template_xml" > "$test_xml" -testme "0" "ovmf" "-r -u $valid_uuid" "$test_xml" -else -echo "Skipping OVMF test. Could not find /usr/share/ovmf/OVMF.fd" -fi +testfw "ovmf (old path)" "/usr/share/ovmf/OVMF.fd" +testfw "OVMF (new path)" "/usr/share/OVMF/OVMF_CODE.fd" sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,$tmpdir/initrd,g" "$template_xml" > "$test_xml" touch "$tmpdir/initrd" -- 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 5/8] apparmor, virt-aa-helper: Explicit denies for host devices
From: Felix GeyerAdd explicit denies for disk devices to avoid cluttering dmesg with (acceptable) denials (merged with a second patch which added more disk device names). Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader Acked-by: Guido Günther --- examples/apparmor/usr.lib.libvirt.virt-aa-helper | 9 + 1 file changed, 9 insertions(+) diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper b/examples/apparmor/usr.lib.libvirt.virt-aa-helper index ee53c2c..012080c 100644 --- a/examples/apparmor/usr.lib.libvirt.virt-aa-helper +++ b/examples/apparmor/usr.lib.libvirt.virt-aa-helper @@ -21,6 +21,15 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper { # for hostdev /sys/devices/ r, /sys/devices/** r, + deny /dev/sd* r, + deny /dev/vd* r, + deny /dev/dm-* r, + deny /dev/drbd[0-9]* r, + deny /dev/dasd* r, + deny /dev/nvme* r, + deny /dev/zd[0-9]* r, + deny /dev/mapper/ r, + deny /dev/mapper/* r, /usr/{lib,lib64}/libvirt/virt-aa-helper mr, /{usr/,}sbin/apparmor_parser Ux, -- 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] Various apparmor related changes (part 1), version 2
> Over the years there have been a bunch of changes to the > apparmor profiles and/or virt-aa-helper which have been > carried in Debian/Ubuntu but never made it upstream. > > In an attempt to clean this up and generally improve the > apparmor based environments, we (Christian and I) went > over the changes, cleaned out cruft as much as possible > and would be sending out hunks of changes to this list > for upstream inclusion. > > I hope doing multiple but smaller rounds of submissions > will make it simpler to get those reviewed and hopefully > accepted. For the second version I added acks, merged the patches related to explicit device denials and local apparmor profiles, and split the 9p support one (holding back the part allowing link access for later or to be replaced by a safer solution). I also tried to improve the explanation in the description of patch #1 (virt-aa-helper: Ask for no deny rule for readonly disk elements). Thanks, Stefan -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] pci: fix link maximum speed detection
On 05/16/2017 03:19 PM, Marek Marczykowski-Górecki wrote: > Commit 8e09663 "pci: recognize/report GEN4 (PCIe 4.0) card 16GT/s Link > speed" introduced another speed into enum, but mistakenly also altered > field width, so one bit of link width was included there. > > Signed-off-by: Marek Marczykowski-Górecki> --- > src/util/virpci.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/util/virpci.c b/src/util/virpci.c > index 83c7e74..2c1b758 100644 > --- a/src/util/virpci.c > +++ b/src/util/virpci.c > @@ -147,7 +147,7 @@ struct _virPCIDeviceList { > #define PCI_EXP_DEVCAP 0x4 /* Device capabilities */ > #define PCI_EXP_DEVCAP_FLR (1<<28) /* Function Level Reset */ > #define PCI_EXP_LNKCAP 0xc /* Link Capabilities */ > -#define PCI_EXP_LNKCAP_SPEED0x0001f /* Maximum Link Speed */ > +#define PCI_EXP_LNKCAP_SPEED0xf /* Maximum Link Speed */ > #define PCI_EXP_LNKCAP_WIDTH0x003f0 /* Maximum Link Width */ > #define PCI_EXP_LNKSTA 0x12/* Link Status */ > #define PCI_EXP_LNKSTA_SPEED0x000f /* Negotiated Link Speed */ > ACKed and pushed. Michal -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [RFC] Fixing a regression caused by recent CPU driver changes
Hi all, when I was enhancing libvirt's guest CPU configuration code to be able to really ensure stable guest CPU ABI, I added a new attribute //cpu/@check which is nicely backward compatible... an old libvirt will just ignore it. However, even if check='full' will be ignored, an old libvirt will still see the updated CPU definition (features added or removed by the hypervisor will be shown there). And because we need QEMU 2.9.0 to check what features are going to be added or removed before we actually start the domain, migrating such domain to an older libvirt or QEMU may fail if QEMU enables a feature which is not supported by the host CPU. Known features causing problems are, e.g., x2apic, hypervisor, and arat. To make things even worse, updating a CPU definition with the automatically added/removed features can be done since QEMU 1.5.0. Even save/restore or snapshot revert on a single host running new libvirt and QEMU < 2.9.0 is now affected by this regression. The big question is how to fix the regression in a backward compatible way and still keep the ability to properly check guest CPU ABI with new enough libvirt and QEMU. Clearly, we need to keep both the original and the updated CPU definition (or one of them and a diff against the other). I came up with the following options: 1. When migrating a domain, the domain XML would contain the original CPU def while the updated one would be transferred in a migration cookie. - doesn't fix save/restore or snapshot revert - could be fixed by not updating the CPU with QEMU < 2.9.0, but it won't work when restore is done on a different host with older QEMU (and yes, this happens in real life, e.g., with oVirt) - doesn't even fix migration after save/restore or snapshot revert 2. Use migration cookie and change the save image format to contain additional data (something like migration cookie) which a new libvirt could make use of while old libvirt would ignore any additional data it doesn't know about - snapshot XML would need to be updated too, but that's trivial - cleanly changing save image format requires its version to be increased and old libvirt will just refuse to read such image - this would fix save/restore on the same host or on a host with older QEMU - doesn't fix restore on a different host running older libvirt - even this is done by oVirt 3. Use migration cookie and change the save image format without increasing its version (and update snapshot XML) - this fixes all cases - technically possible by using one of the unused 32b ints and adding \0 at the end of the domain XML followed by anothe XML with the additional data (pointed to by the formerly unused uint32_t) - very ugly hack 4. Format both CPUs in domain XML by adding a new subelement in which would list all extra features disabled or enabled by QEMU - fixes all cases without the need to use migration cookie, change save image format, or snapshot XML - but it may be very confusing for users and it would need to be documented as "output only, don't touch staff" 5. Add the additional data in - a bad joke really So my preferred solution is 2. It breaks restore on a host with older libvirt, but it was never guaranteed to work, even though it usually just worked. And we could just tell oVirt to fix there usage :-) Also additional data in save image header may be very useful in the future; I think I remember someone sighing about the inability to store more than just domain XML in a saved image when they were trying to fix some compatibility issues. Any thoughts about the options or even completely new ideas are very welcome. Thanks, Jirka -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] virDomainDefCheckABIStabilityFlags: Check for memoryBacking
On Thu, May 18, 2017 at 10:05:55 +0200, Michal Privoznik wrote: > https://bugzilla.redhat.com/show_bug.cgi?id=1450349 > > Problem is, memoryBacking is part of guest ABI. Therefore > changing it on migration/restore from an image can lead > qemu/guest to rejecting the image. > > At the same time, move other partial checks of virDomainMemtune > into the same function: virDomainMemtuneCheckABIStability. > > Signed-off-by: Michal Privoznik> --- > src/conf/domain_conf.c | 101 > - > 1 file changed, 75 insertions(+), 26 deletions(-) > > diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c > index 9eba70a95..89b93f4ad 100644 > --- a/src/conf/domain_conf.c > +++ b/src/conf/domain_conf.c > @@ -19786,6 +19786,80 @@ virDomainTPMDefCheckABIStability(virDomainTPMDefPtr > src, > return virDomainDeviceInfoCheckABIStability(>info, >info); > } > > + > +static bool > +virDomainMemtuneCheckABIStability(const virDomainDef *src, > + const virDomainDef *dst, > + unsigned int flags) > +{ > +if (virDomainDefGetMemoryInitial(src) != > virDomainDefGetMemoryInitial(dst)) { > +virReportError(VIR_ERR_CONFIG_UNSUPPORTED, > + _("Target domain max memory %lld " > + "does not match source %lld"), > + virDomainDefGetMemoryInitial(dst), > + virDomainDefGetMemoryInitial(src)); > +return false; > +} > + > +if (!(flags & VIR_DOMAIN_DEF_ABI_CHECK_SKIP_VOLATILE) && > +src->mem.cur_balloon != dst->mem.cur_balloon) { > +virReportError(VIR_ERR_CONFIG_UNSUPPORTED, > + _("Target domain current memory %lld " > + "does not match source %lld"), > + dst->mem.cur_balloon, > + src->mem.cur_balloon); > +return false; > +} > + > +if (src->mem.max_memory != dst->mem.max_memory) { > +virReportError(VIR_ERR_CONFIG_UNSUPPORTED, > + _("Target maximum memory size '%llu' " > + "doesn't match source '%llu'"), > + dst->mem.max_memory, > + src->mem.max_memory); > +return false; > +} > + > +if (src->mem.memory_slots != dst->mem.memory_slots) { > +virReportError(VIR_ERR_CONFIG_UNSUPPORTED, > + _("Target domain memory slots " > + "count '%u' doesn't match source '%u'"), > + dst->mem.memory_slots, > + src->mem.memory_slots); > +return false; > +} > + > +if (src->mem.source != dst->mem.source) { > +virReportError(VIR_ERR_CONFIG_UNSUPPORTED, > + _("Target memoryBacking source '%s' doesn't " > + "match source memoryBacking source'%s'"), > + virDomainMemorySourceTypeToString(dst->mem.source), > + virDomainMemorySourceTypeToString(src->mem.source)); > +return false; > +} AFAIK this is guest ABI only because qemu uses this to generate hugepages rather than regular memory, not that it would be guest ABI per se. > + > +if (src->mem.access != dst->mem.access) { > +virReportError(VIR_ERR_CONFIG_UNSUPPORTED, > + _("Target memoryBacking access '%s' doesn't " > + "match access memoryBacking access'%s'"), > + virDomainMemoryAccessTypeToString(dst->mem.access), > + virDomainMemoryAccessTypeToString(src->mem.access)); > +return false; Same here, shared access does not really transform to guest ABI. > +} > + > +if (src->mem.allocation != dst->mem.allocation) { > +virReportError(VIR_ERR_CONFIG_UNSUPPORTED, > + _("Target memoryBacking allocation '%s' doesn't " > + "match allocation memoryBacking allocation'%s'"), > + > virDomainMemoryAllocationTypeToString(dst->mem.allocation), > + > virDomainMemoryAllocationTypeToString(src->mem.allocation)); > +return false; This is definitely not guest ABI. Note that there's a difference between guest ABI and differences in configurations which are rejected by qemu. I think we need a mechanism to deal with these in a different way because it's possible that other hypervisors will have different ideas on the compatibility of these options. signature.asc Description: PGP signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] virDomainDefCheckABIStabilityFlags: Check for memoryBacking
https://bugzilla.redhat.com/show_bug.cgi?id=1450349 Problem is, memoryBacking is part of guest ABI. Therefore changing it on migration/restore from an image can lead qemu/guest to rejecting the image. At the same time, move other partial checks of virDomainMemtune into the same function: virDomainMemtuneCheckABIStability. Signed-off-by: Michal Privoznik--- src/conf/domain_conf.c | 101 - 1 file changed, 75 insertions(+), 26 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 9eba70a95..89b93f4ad 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -19786,6 +19786,80 @@ virDomainTPMDefCheckABIStability(virDomainTPMDefPtr src, return virDomainDeviceInfoCheckABIStability(>info, >info); } + +static bool +virDomainMemtuneCheckABIStability(const virDomainDef *src, + const virDomainDef *dst, + unsigned int flags) +{ +if (virDomainDefGetMemoryInitial(src) != virDomainDefGetMemoryInitial(dst)) { +virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("Target domain max memory %lld " + "does not match source %lld"), + virDomainDefGetMemoryInitial(dst), + virDomainDefGetMemoryInitial(src)); +return false; +} + +if (!(flags & VIR_DOMAIN_DEF_ABI_CHECK_SKIP_VOLATILE) && +src->mem.cur_balloon != dst->mem.cur_balloon) { +virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("Target domain current memory %lld " + "does not match source %lld"), + dst->mem.cur_balloon, + src->mem.cur_balloon); +return false; +} + +if (src->mem.max_memory != dst->mem.max_memory) { +virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("Target maximum memory size '%llu' " + "doesn't match source '%llu'"), + dst->mem.max_memory, + src->mem.max_memory); +return false; +} + +if (src->mem.memory_slots != dst->mem.memory_slots) { +virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("Target domain memory slots " + "count '%u' doesn't match source '%u'"), + dst->mem.memory_slots, + src->mem.memory_slots); +return false; +} + +if (src->mem.source != dst->mem.source) { +virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("Target memoryBacking source '%s' doesn't " + "match source memoryBacking source'%s'"), + virDomainMemorySourceTypeToString(dst->mem.source), + virDomainMemorySourceTypeToString(src->mem.source)); +return false; +} + +if (src->mem.access != dst->mem.access) { +virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("Target memoryBacking access '%s' doesn't " + "match access memoryBacking access'%s'"), + virDomainMemoryAccessTypeToString(dst->mem.access), + virDomainMemoryAccessTypeToString(src->mem.access)); +return false; +} + +if (src->mem.allocation != dst->mem.allocation) { +virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("Target memoryBacking allocation '%s' doesn't " + "match allocation memoryBacking allocation'%s'"), + virDomainMemoryAllocationTypeToString(dst->mem.allocation), + virDomainMemoryAllocationTypeToString(src->mem.allocation)); +return false; +} + +return true; +} + + static bool virDomainMemoryDefCheckABIStability(virDomainMemoryDefPtr src, virDomainMemoryDefPtr dst) @@ -19940,37 +20014,12 @@ virDomainDefCheckABIStabilityFlags(virDomainDefPtr src, goto error; } -if (virDomainDefGetMemoryInitial(src) != virDomainDefGetMemoryInitial(dst)) { -virReportError(VIR_ERR_CONFIG_UNSUPPORTED, - _("Target domain max memory %lld does not match source %lld"), - virDomainDefGetMemoryInitial(dst), - virDomainDefGetMemoryInitial(src)); +if (!virDomainMemtuneCheckABIStability(src, dst, flags)) goto error; -} -if (!(flags & VIR_DOMAIN_DEF_ABI_CHECK_SKIP_VOLATILE) && -src->mem.cur_balloon != dst->mem.cur_balloon) { -virReportError(VIR_ERR_CONFIG_UNSUPPORTED, - _("Target domain current memory %lld does not match source %lld"), - dst->mem.cur_balloon, src->mem.cur_balloon); -goto error; -} if (!virDomainNumaCheckABIStability(src->numa, dst->numa))
[libvirt] [PATCH 2/2] virStream: Forbid negative seeks
Currently, we don't assign any meaning to that. Our current view on virStream is that it's merely a pipe. And pipes don't support seeking. Signed-off-by: Michal Privoznik--- src/internal.h | 7 +++ src/rpc/virnetclientstream.c | 1 + src/util/virfdstream.c | 1 + 3 files changed, 9 insertions(+) diff --git a/src/internal.h b/src/internal.h index 5a5a430a2..9e7ef553d 100644 --- a/src/internal.h +++ b/src/internal.h @@ -527,6 +527,13 @@ goto label; \ } \ } while (0) +# define virCheckPositiveArgReturn(argname, retval) \ +do {\ +if (argname <= 0) { \ +virReportInvalidPositiveArg(argname); \ +return retval; \ +} \ +} while (0) # define virCheckNonZeroArgGoto(argname, label) \ do {\ if (argname == 0) { \ diff --git a/src/rpc/virnetclientstream.c b/src/rpc/virnetclientstream.c index 7b28d63db..a9bf271dc 100644 --- a/src/rpc/virnetclientstream.c +++ b/src/rpc/virnetclientstream.c @@ -367,6 +367,7 @@ virNetClientStreamSetHole(virNetClientStreamPtr st, unsigned int flags) { virCheckFlags(0, -1); +virCheckPositiveArgReturn(length, -1); /* Shouldn't happen, But it's better to safe than sorry. */ if (st->holeLength) { diff --git a/src/util/virfdstream.c b/src/util/virfdstream.c index 6870d8846..7ee58be13 100644 --- a/src/util/virfdstream.c +++ b/src/util/virfdstream.c @@ -950,6 +950,7 @@ virFDStreamSendHole(virStreamPtr st, int ret = -1; virCheckFlags(0, -1); +virCheckPositiveArgReturn(length, -1); virObjectLock(fdst); if (fdst->length) { -- 2.13.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 1/2] news: Document sparse streams
Signed-off-by: Michal Privoznik--- docs/news.xml | 10 ++ 1 file changed, 10 insertions(+) diff --git a/docs/news.xml b/docs/news.xml index 4cf14b0d5..52915ee2e 100644 --- a/docs/news.xml +++ b/docs/news.xml @@ -35,6 +35,16 @@ + + + Improved streams to efficiently transfer sparseness + + + New extension to virStream was implemented so that + virStorageVolDownload and virStorageVolUpload can preserve file + sparseness. + + -- 2.13.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 0/2] Couple of sparse streams improvements
News entry & one simple fix. Michal Privoznik (2): news: Document sparse streams virStream: Forbid negative seeks docs/news.xml| 10 ++ src/internal.h | 7 +++ src/rpc/virnetclientstream.c | 1 + src/util/virfdstream.c | 1 + 4 files changed, 19 insertions(+) -- 2.13.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list