On 09/10/2018 02:55 PM, Chen Hanxiao wrote:
At 2018-09-07 18:44:53, "Lin Ma" wrote:
>When we call qemuARPGetInterfaces to get IP from host's arp table, The
>iface's type has nothing to do with it, We should allow all of type.
>
>Signed-off-by: Lin Ma
Hi,
with my limited tests,
we can't get
Hi,
> > type_register_static(_pci_dev_info);
> > +type_register_static(_pci_ramfb_dev_info);
> My concern here is still all of the extra tooling that needs to be
> added to management layers above QEMU for this device that exists only
> because we can't hotplug the primary display in
All backingStore XML definitions have a XML tag with the timestamp. This
timestamp is not defined insinde RNG volume storage schema and it is
causing some problems to validate and check volume XMLs.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1594266
Signed-off-by: Julio Faracco
---
On 2018-09-11 at 01:17, John Ferlan wrote:
>[...]
>
>>>
>>> I would say:
>>>
>>> * Returns 0 on success, -1 on error. Additionally, if the @error is
>>> * non-zero, then the failure occurred during virNetlinkCommand, but
>>> * no error message generated leaving it up to the caller to handle
>>>
On Mon, Sep 10, 2018 at 04:45:50PM -0600, Jim Fehlig wrote:
> On 09/10/2018 04:02 PM, Marek Marczykowski-Górecki wrote:
> > On Mon, Sep 10, 2018 at 03:44:33PM -0600, Jim Fehlig wrote:
> > > On 08/05/2018 03:48 PM, Marek Marczykowski-Górecki wrote:
> > > > Since this is something between PV and
On Mon, Sep 10, 2018 at 05:13:00PM -0600, Jim Fehlig wrote:
> Currently the libxl driver claims support for Xen >= 4.4, but
> Xen 4.4 and 4.5 are no longer supported upstream. Let's increase
> the minimum supported version to 4.6.
>
> Since Xen 4.6 contains a pkgconfig file, drop the now unused
V1: https://www.redhat.com/archives/libvir-list/2018-March/msg01704.html
Jim Fehlig (2):
libxl: drop support for Xen < 4.6
news: Announce dropping support for Xen 4.4 and 4.5
docs/drvxen.html.in | 2 +-
docs/news.xml | 9 +
m4/virt-driver-libxl.m4 | 22
Signed-off-by: Jim Fehlig
---
docs/news.xml | 9 +
1 file changed, 9 insertions(+)
diff --git a/docs/news.xml b/docs/news.xml
index b8bee35df0..950f3093bc 100644
--- a/docs/news.xml
+++ b/docs/news.xml
@@ -35,6 +35,15 @@
+
+
+ Xen: Drop support for Xen
Currently the libxl driver claims support for Xen >= 4.4, but
Xen 4.4 and 4.5 are no longer supported upstream. Let's increase
the minimum supported version to 4.6.
Since Xen 4.6 contains a pkgconfig file, drop the now unused code
that falls back to using LIBVIRT_CHECK_LIB in the absence of
On 09/07/2018 07:32 AM, marcandre.lur...@redhat.com wrote:
> From: Marc-André Lureau
>
> Check anonymous memory is backed by memfd if qemu is capable.
>
> Signed-off-by: Marc-André Lureau
> ---
> tests/qemuxml2argvdata/memfd-memory-numa.args | 28 +++
>
"non-anonymous"
On 09/07/2018 07:32 AM, marcandre.lur...@redhat.com wrote:
> From: Marc-André Lureau
>
> memfd is able to allocate hugepage anonymous memory.
>
> Signed-off-by: Marc-André Lureau
> ---
> src/conf/domain_conf.c | 7 ---
> 1 file changed, 7 deletions(-)
>
> diff --git
On 09/07/2018 07:32 AM, marcandre.lur...@redhat.com wrote:
> From: Marc-André Lureau
>
> QEMU 3.1 should only expose the property if the host is actually
> capable of creating hugetable-backed memfd. However, it may fail
> at runtime depending on requested "hugetlbsize".
>
> Signed-off-by:
On 09/07/2018 07:32 AM, marcandre.lur...@redhat.com wrote:
> From: Marc-André Lureau
>
Would be nice to have a few more words here. If you provide them I can
add them... The if statement is difficult to read unless you know what
each field really means.
secondary question - should we document
On 09/10/2018 04:02 PM, Marek Marczykowski-Górecki wrote:
On Mon, Sep 10, 2018 at 03:44:33PM -0600, Jim Fehlig wrote:
On 08/05/2018 03:48 PM, Marek Marczykowski-Górecki wrote:
Since this is something between PV and HVM, it makes sense to put the
setting in place where domain type is specified.
On 09/07/2018 07:32 AM, marcandre.lur...@redhat.com wrote:
> From: Marc-André Lureau
>
> Check availability of "-object memory-backend-memfd".
>
> Signed-off-by: Marc-André Lureau
> ---
> src/qemu/qemu_capabilities.c | 2 ++
> src/qemu/qemu_capabilities.h
On Mon, Sep 10, 2018 at 03:44:33PM -0600, Jim Fehlig wrote:
> On 08/05/2018 03:48 PM, Marek Marczykowski-Górecki wrote:
> > Since this is something between PV and HVM, it makes sense to put the
> > setting in place where domain type is specified.
> > To enable it, use It is
> > also included
On 08/05/2018 03:48 PM, Marek Marczykowski-Górecki wrote:
Since this is something between PV and HVM, it makes sense to put the
setting in place where domain type is specified.
To enable it, use It is
also included in capabilities.xml, for every supported HVM guest type - it
doesn't seems
On 09/05/2018 11:09 PM, Yi Wang wrote:
> When doing some job holding state lock for a long time,
> we may come across error:
blank line
> "Timed out during operation: cannot acquire state change lock"
blank line
> Well, sometimes it's not a problem and users want to continue
> to wait, and
> -Original Message-
> From: John Ferlan [mailto:jfer...@redhat.com]
> Sent: Saturday, September 8, 2018 1:14 AM
> To: Wang, Huaqiang ; libvir-list@redhat.com
> Cc: Feng, Shaohe ; Niu, Bing ;
> Ding, Jian-feng ; Zang, Rui
> Subject: Re: [libvirt] [PATCH 04/10] test: add test case for
> -Original Message-
> From: John Ferlan [mailto:jfer...@redhat.com]
> Sent: Saturday, September 8, 2018 1:41 AM
> To: Wang, Huaqiang ; libvir-list@redhat.com
> Cc: Feng, Shaohe ; Niu, Bing ;
> Ding, Jian-feng ; Zang, Rui
> Subject: Re: [libvirt] [PATCH 05/10] util: resctrl:
> -Original Message-
> From: John Ferlan [mailto:jfer...@redhat.com]
> Sent: Saturday, September 8, 2018 1:11 AM
> To: Wang, Huaqiang ; libvir-list@redhat.com
> Cc: Feng, Shaohe ; Niu, Bing ;
> Ding, Jian-feng ; Zang, Rui
> Subject: Re: [libvirt] [PATCH 03/10] conf: Add CMT capability
> -Original Message-
> From: John Ferlan [mailto:jfer...@redhat.com]
> Sent: Saturday, September 8, 2018 12:49 AM
> To: Wang, Huaqiang ; libvir-list@redhat.com
> Cc: Feng, Shaohe ; Niu, Bing ;
> Ding, Jian-feng ; Zang, Rui
> Subject: Re: [libvirt] [PATCH 02/10] util: add interface
On Mon, 10 Sep 2018 08:43:40 +0200
Gerd Hoffmann wrote:
> So we have a boot display when using a vgpu as primary display.
>
> Use vfio-pci-ramfb instead of vfio-pci to enable it.
>
> Signed-off-by: Gerd Hoffmann
> ---
> include/hw/vfio/vfio-common.h | 2 ++
> hw/vfio/display.c |
> -Original Message-
> From: John Ferlan [mailto:jfer...@redhat.com]
> Sent: Thursday, September 6, 2018 12:39 AM
> To: Wang, Huaqiang ; libvir-list@redhat.com
> Cc: Feng, Shaohe ; Niu, Bing ;
> Ding, Jian-feng ; Zang, Rui
> Subject: Re: [libvirt] [PATCH 08/10] conf: introduce resctrl
> -Original Message-
> From: John Ferlan [mailto:jfer...@redhat.com]
> Sent: Wednesday, September 5, 2018 11:49 PM
> To: Wang, Huaqiang ; libvir-list@redhat.com
> Cc: Feng, Shaohe ; Niu, Bing ;
> Ding, Jian-feng ; Zang, Rui
> Subject: Re: [libvirt] [PATCH 07/10] conf: refactor
> -Original Message-
> From: John Ferlan [mailto:jfer...@redhat.com]
> Sent: Wednesday, September 5, 2018 11:00 PM
> To: Wang, Huaqiang ; libvir-list@redhat.com
> Cc: Feng, Shaohe ; Niu, Bing ;
> Ding, Jian-feng ; Zang, Rui
> Subject: Re: [libvirt] [PATCH 06/10] util: Introduce resctrl
On 9/10/18 12:49 PM, Eduardo Habkost wrote:
I was considering something like this:
Signed-off-by: Eduardo Habkost
---
diff --git a/qemu-deprecated.texi b/qemu-deprecated.texi
index 060e015be6..74f6a64b8b 100644
--- a/qemu-deprecated.texi
+++ b/qemu-options.hx
@@ -155,8 +155,13 @@ to 4.
On 9/4/18 8:22 AM, Igor Mammedov wrote:
-smp [cpus],sockets/cores/threads[,maxcpus] should describe topology
so that total number of logical CPUs [sockets * cores * threads]
would be equal to [maxcpus], however historically we didn't have
such check in QEMU and it is possible to start VM with an
On Thu, Sep 06, 2018 at 10:02:13AM +0200, Igor Mammedov wrote:
> On Wed, 5 Sep 2018 10:45:12 -0300
> Eduardo Habkost wrote:
>
> > On Wed, Sep 05, 2018 at 11:25:11AM +0200, Igor Mammedov wrote:
> > > On Tue, 4 Sep 2018 23:12:55 -0300
> > > Eduardo Habkost wrote:
> > >
> > > > On Tue, Sep 04,
On 2018-09-10 at 22:39, Erik Skultety wrote:
>On Fri, Sep 07, 2018 at 03:17:26PM +0800, Shi Lei wrote:
>> This patch simplifies virNetDevBridgeCreate and virNetDevMacVLanCreate
>> by using virNetlinkNewLink.
>>
>> Signed-off-by: Shi Lei
>> ---
>
>I'll make a tiny cosmetic change to the commit
On 2018-09-10 at 22:39, Erik Skultety wrote:
>On Fri, Sep 07, 2018 at 03:17:25PM +0800, Shi Lei wrote:
>> This patch adds wrapper macros around nla_nest_[start|end] and nla_put
>> which can make virNetlinkNewLink more readable.
>>
>> Signed-off-by: Shi Lei
>> ---
>> src/util/virnetlink.c | 43
[...]
>>
>> I would say:
>>
>> * Returns 0 on success, -1 on error. Additionally, if the @error is
>> * non-zero, then the failure occurred during virNetlinkCommand, but
>> * no error message generated leaving it up to the caller to handle
>> * the condition.
>
> "is generated" I guess?
>
>
On Mon, Sep 10, 2018 at 11:03:04AM -0400, John Ferlan wrote:
>
>
> On 09/10/2018 10:38 AM, Erik Skultety wrote:
> > On Fri, Sep 07, 2018 at 03:17:24PM +0800, Shi Lei wrote:
> >> This patch introduces virNetlinkNewLink helper which wraps the common
> >> libnl/netlink code to create a new link.
> >>
On 2018-09-10 at 22:38, Erik Skultety wrote:
>On Fri, Sep 07, 2018 at 03:17:24PM +0800, Shi Lei wrote:
>> This patch introduces virNetlinkNewLink helper which wraps the common
>> libnl/netlink code to create a new link.
>>
>> Signed-off-by: Shi Lei
>> ---
>> src/libvirt_private.syms | 1 +
>>
Signed-off-by: Jim Fehlig
---
docs/news.xml | 9 +
1 file changed, 9 insertions(+)
diff --git a/docs/news.xml b/docs/news.xml
index b8bee35df0..9d16b2930b 100644
--- a/docs/news.xml
+++ b/docs/news.xml
@@ -35,6 +35,15 @@
+
+
+ Xen: Support PM Suspend
On Mon, Sep 10, 2018 at 10:06:09AM -0600, Jim Fehlig wrote:
> On 09/07/2018 01:29 PM, Marek Marczykowski-Górecki wrote:
> > Signed-off-by: Marek Marczykowski-Górecki
> > ---
> > Changes in v2:
> > - use virDomainObjEndAPI
> > - drop duplicated error reporting on virDomainObjIsActive
> > -
On 09/07/2018 01:29 PM, Marek Marczykowski-Górecki wrote:
Signed-off-by: Marek Marczykowski-Górecki
---
Changes in v2:
- use virDomainObjEndAPI
- drop duplicated error reporting on virDomainObjIsActive
- bump version comment to 4.8.0
Changes in v3:
- fix virDomainObjIsActive ->
On Mon, Sep 10, 2018 at 16:30:59 +0200, Roland Schulz wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=1524230
Please describe your change in the commit message. A bugzilla may not
give enough reasoning for it.
>
> Signed-off-by: Roland Schulz
> ---
> src/qemu/qemu_command.c | 15
On 09/10/2018 10:38 AM, Erik Skultety wrote:
> On Fri, Sep 07, 2018 at 03:17:24PM +0800, Shi Lei wrote:
>> This patch introduces virNetlinkNewLink helper which wraps the common
>> libnl/netlink code to create a new link.
>>
>> Signed-off-by: Shi Lei
>> ---
>> src/libvirt_private.syms | 1 +
On Fri, Sep 07, 2018 at 03:17:25PM +0800, Shi Lei wrote:
> This patch adds wrapper macros around nla_nest_[start|end] and nla_put
> which can make virNetlinkNewLink more readable.
>
> Signed-off-by: Shi Lei
> ---
> src/util/virnetlink.c | 43 +++
>
On Fri, Sep 07, 2018 at 03:17:26PM +0800, Shi Lei wrote:
> This patch simplifies virNetDevBridgeCreate and virNetDevMacVLanCreate
> by using virNetlinkNewLink.
>
> Signed-off-by: Shi Lei
> ---
I'll make a tiny cosmetic change to the commit message before merging.
Reviewed-by: Erik Skultety
--
On Fri, Sep 07, 2018 at 03:17:24PM +0800, Shi Lei wrote:
> This patch introduces virNetlinkNewLink helper which wraps the common
> libnl/netlink code to create a new link.
>
> Signed-off-by: Shi Lei
> ---
> src/libvirt_private.syms | 1 +
> src/util/virnetlink.c| 117
https://bugzilla.redhat.com/show_bug.cgi?id=1524230
Signed-off-by: Roland Schulz
---
src/qemu/qemu_command.c | 15 +++
1 file changed, 15 insertions(+)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index ff9589f593..284c2709fc 100644
--- a/src/qemu/qemu_command.c
On 09/10/2018 02:19 PM, Bjoern Walk wrote:
> Michal Privoznik [2018-09-10, 11:36AM +0200]:
>> +int
>> +virSecurityManagerMetadataLock(virSecurityManagerPtr mgr,
>> + const char * const *paths,
>> + size_t npaths)
>> +{
>> +
Michal Privoznik [2018-09-10, 11:36AM +0200]:
> +int
> +virSecurityManagerMetadataLock(virSecurityManagerPtr mgr,
> + const char * const *paths,
> + size_t npaths)
> +{
> +virLockManagerPtr lock;
> +virTimeBackOffVar timebackoff;
This config option allows users to set and enable lock manager
for domain metadata. The lock manager is going to be used by
security drivers to serialize each other when changing a file
ownership or changing the SELinux label. The only supported lock
manager is 'lockd' for now.
Signed-off-by:
Lock all the paths we want to relabel to mutually exclude other
libvirt daemons.
The only culprit here hitch here is that directories can't be
locked. Therefore, when relabeling a directory do not lock it
(this happens only when setting up some domain private paths
anyway, e.g. huge pages
In some cases we might want to not load the lock driver config.
Alter virLockManagerPluginNew() and the lock drivers to cope with
this fact.
Signed-off-by: Michal Privoznik
Reviewed-by: John Ferlan
---
src/locking/lock_driver.h | 4
src/locking/lock_driver_lockd.c | 4 +++-
Soon there will be a virtlockd client that wants to either lock
all the resources or none (in order to avoid virtlockd killing
the client on connection close). Because on the RPC layer we can
only acquire one resource at a time, we have to perform a
rollback once we hit a resource that can't be
This label is used in both successful and error paths. Therefore
it should be named 'cleanup' and not 'err'.
Signed-off-by: Michal Privoznik
---
src/security/security_selinux.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/security/security_selinux.c
Lock all the paths we want to relabel to mutually exclude other
libvirt daemons.
The only culprit here hitch here is that directories can't be
locked. Therefore, when relabeling a directory do not lock it
(this happens only when setting up some domain private paths
anyway, e.g. huge pages
This is a new type of object that lock drivers can handle.
Currently, it is supported by lockd driver only.
Signed-off-by: Michal Privoznik
Reviewed-by: John Ferlan
---
src/locking/lock_driver.h | 2 ++
src/locking/lock_driver_lockd.c | 47 ---
So far the virLockSpaceAcquireResource() locks the first byte in
the underlying file. But caller might want to lock other range.
Signed-off-by: Michal Privoznik
Reviewed-by: John Ferlan
Reviewed-by: Daniel P. Berrangé
---
src/locking/lock_daemon_dispatch.c | 3 +++
src/util/virlockspace.c
The fact whether domain has or doesn't have RW disks is specific
to VIR_LOCK_MANAGER_OBJECT_TYPE_DOMAIN and therefore should
reside in union specific to it.
Signed-off-by: Michal Privoznik
---
src/locking/lock_driver_lockd.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff
So far the whole transaction handling is done
virSecuritySELinuxSetFileconHelper(). This needs to change for
the sake of security label remembering and locking. Otherwise we
would be locking a path when only appending it to transaction
list and not when actually relabelling it.
Signed-off-by:
Firstly, the following code pattern is harder to follow:
if (func() < 0) {
error();
} else {
/* success */
}
We should put 'goto cleanup' into the error branch and move the
else branch one level up.
Secondly, 'rc' should really be named 'ret' because it holds
return value of
We will want virtlockd to lock files on behalf of libvirtd and
not qemu process, because it is libvirtd that needs an exclusive
access not qemu. This requires new lock context.
Signed-off-by: Michal Privoznik
---
src/locking/lock_driver.h | 2 +
src/locking/lock_driver_lockd.c | 291
So far the whole transaction handling is done
virSecurityDACSetOwnershipInternal(). This needs to change for
the sake of security label remembering and locking. Otherwise we
would be locking a path when only appending it to transaction
list and not when actually relabelling it.
Signed-off-by:
At the beginning of each dispatch function we check if owner
attributes were registered (these consist of ID, UUID, PID and
name). The check then consists of checking if ID is not zero.
This is not going to work with
VIR_LOCK_MANAGER_OBJECT_TYPE_DAEMON which doesn't set ID. Switch
to setting PID
Two new APIs are added so that security driver can lock and
unlock paths it wishes to touch. These APIs are not for other
drivers to call but security drivers (DAC and SELinux). That is
the reason these APIs are not exposed through our
libvirt_private.syms file.
Three interesting things happen in
Now that we know what metadata lock manager user wishes to use we
can load it when initializing security driver. This is achieved
by adding new argument to virSecurityManagerNewDriver() and
subsequently to all functions that end up calling it.
The cfg.mk change is needed in order to allow
This flag causes virtlockd to use different offset when locking
the file.
Signed-off-by: Michal Privoznik
Reviewed-by: John Ferlan
---
src/locking/lock_daemon_dispatch.c | 10 --
src/locking/lock_driver_lockd.c| 3 ++-
src/locking/lock_driver_lockd.h| 1 +
3 files changed, 11
Firstly, the message that says we're setting uid:gid shouldn't be
called from virSecurityDACSetOwnershipInternal() because
virSecurityDACRestoreFileLabelInternal() is calling it too.
Secondly, there are places between us reporting label restore and
us actually doing it where we can quit. Don't say
In the future, the transactions are not going to be optional and
they will be run regardless of domain using namespace to collect
list of paths to be relabeled.
To make sure there won't be an API that goes behind transaction
code back update the comment that serves as decision manual
whether an
It will be desirable to run transactions more often than we
currently do. Even if the domain we're relabeling the paths for
does not run in a namespace. If that's the case, there is no need
to fork() as we are already running in the right namespace. To
differentiate whether transaction code should
And by "more frequently" I mean always. This is needed so that we
have a single place where all the paths a thread wants to relabel
are stored. This enables us to lock them all at once (for
metadata), do the relabel and unlock at once again.
Signed-off-by: Michal Privoznik
---
Technically, this is v4 of:
https://www.redhat.com/archives/libvir-list/2018-August/msg01627.html
However, this is implementing different approach than any of the
previous versions.
One of the problems with previous version was that it was too
complicated. The main reason for that was that we
Even though the current use of the functions does not require full
implementation with transactions (none of the callers passes a path
somewhere under /dev), it doesn't hurt either. Moreover, in
future patches the paradigm is going to shift so that any API
that touches a file is required to use
Even though the current use of the function does not require full
implementation with transactions (none of the callers pass a path
somewhere under /dev), it doesn't hurt either. Moreover, in
future patches the paradigm is going to shift so that any API
that touches a file is required to use
At 2018-09-07 18:44:53, "Lin Ma" wrote:
>When we call qemuARPGetInterfaces to get IP from host's arp table, The
>iface's type has nothing to do with it, We should allow all of type.
>
>Signed-off-by: Lin Ma
Hi,
with my limited tests,
we can't get useful info by arp query from other kind
At 2018-09-07 18:44:54, "Lin Ma" wrote:
>commit b00c9c39 removed the label end_of_netlink_messages and 'return
>table' statement, It causes the function virArpTableGet doesn't return
>a proper virArpTable pointer.
>
>How to reproduce:
> # virsh domiflist sles12sp3
>Interface Type Source
71 matches
Mail list logo