On Tue, May 14, 2019 at 08:03:48PM +0200, Jiri Denemark wrote:
> This series introduces the libvirt side of mitigations for
> Microarchitectural Data Sampling microprocessor flaws (CVE-2018-12126,
> CVE-2018-12127, CVE-2018-12130, CVE-2019-11091) which were
> published earlier today.
>
> To
Signed-off-by: Jiri Denemark
Reviewed-by: Daniel P. Berrangé
---
tests/cputest.c | 1 +
.../x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml | 7 +
.../x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml | 8 +
.../x86_64-cpuid-Xeon-E3-1225-v5-guest.xml| 28 +
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
The bit is set when microcode provides the mechanism to invoke a flush
of various exploitable CPU buffers by invoking the VERW instruction.
Signed-off-by: Paolo Bonzini
Signed-off-by: Jiri Denemark
Reviewed-by: Daniel P. Berrangé
This series introduces the libvirt side of mitigations for
Microarchitectural Data Sampling microprocessor flaws (CVE-2018-12126,
CVE-2018-12127, CVE-2018-12130, CVE-2019-11091) which were
published earlier today.
To protect your system against possible attacks exploiting these flaws
updates to
The virNetworkObjPtr state will need to maintain a record of all
virNetworkPortDefPtr objects associated with the network. Record these
in a hash and add APIs for manipulating them.
Signed-off-by: Daniel P. Berrangé
---
src/conf/virnetworkobj.c | 303 +++
The libvirt-daemon-driver-qemu RPM has historically had a hard
dependency on the libvirt-daemon-driver-network and
libvirt-daemon-driver-storage-core packages. This was because the QEMU
driver would directly call into APIs that were part of these drivers.
The dependency to the storage driver was
The various steps involved in reconnecting to a domain may cause updates
to the virDomainObj struct that need to be reflected in the saved status
file.
Signed-off-by: Daniel P. Berrangé
---
src/libxl/libxl_driver.c | 3 +++
src/lxc/lxc_process.c| 5 +
2 files changed, 8 insertions(+)
Change the domain conf so invoke the new network port public APIs instead
of the network callbacks.
Signed-off-by: Daniel P. Berrangé
---
src/conf/domain_conf.c | 211 ++--
src/conf/domain_conf.h | 26 -
src/libvirt_private.syms| 1 -
This initial implementation just wires up the APIs and does tracking of
the port XML definitions. It is not yet integrated into the resource
allocation logic.
Signed-off-by: Daniel P. Berrangé
---
src/network/bridge_driver.c | 400
1 file changed, 400
Signed-off-by: Daniel P. Berrangé
---
src/access/genpolkit.pl| 2 +-
src/access/viraccessdriver.h | 6
src/access/viraccessdrivernop.c| 11
src/access/viraccessdriverpolkit.c | 26 ++
src/access/viraccessdriverstack.c | 25 +
The portid will be the UUID of the virNetworkPort object associated
with the network interface when a guest is running.
Signed-off-by: Daniel P. Berrangé
---
docs/formatdomain.html.in | 8 +++
docs/schemas/domaincommon.rng | 5 +
Separate network port allocation code from the domain driver network
callback implementation.
Reviewed-by: Laine Stump
Signed-off-by: Daniel P. Berrangé
---
src/network/bridge_driver.c | 143 +++-
1 file changed, 77 insertions(+), 66 deletions(-)
diff --git
Separate network port bandwidth update code from the domain driver
network callback implementation.
Reviewed-by: Laine Stump
Signed-off-by: Daniel P. Berrangé
---
src/network/bridge_driver.c | 117
1 file changed, 66 insertions(+), 51 deletions(-)
diff
Helper APIs are needed to
- Populate basic virNetworkPortDef from virDomainNetDef
- Set a virDomainActualNetDef from virNetworkPortDef
- Populate a full virNetworkPortDef from virDomainActualNetDef
Signed-off-by: Daniel P. Berrangé
---
src/conf/domain_conf.c | 290
Separate network port notification code from the domain driver network
callback implementation.
Reviewed-by: Laine Stump
Signed-off-by: Daniel P. Berrangé
---
src/network/bridge_driver.c | 106 +---
1 file changed, 63 insertions(+), 43 deletions(-)
diff --git
Convert the virDomainNetDef object into a virNetworkPortDef object
at the start of networkNotifyActualDevice. This largely decouples
the method impl from the domain object type.
Reviewed-by: Laine Stump
Signed-off-by: Daniel P. Berrangé
---
src/network/bridge_driver.c | 92
The domain conf actual network def stores a element
separately from the . The class ID should really just be
an attribute on the element. We can't change existing
XML, and this isn't visible to users since it is internal XML only.
When we expose the new network port XML to users though, we
Convert the virDomainNetDef object into a virNetworkPortDef object
at the start of networkReleaseActualDevice. This largely decouples
the method impl from the domain object type.
Reviewed-by: Laine Stump
Signed-off-by: Daniel P. Berrangé
---
src/network/bridge_driver.c | 140
Separate network port deletion code from the domain driver network
callback implementation.
Reivewed-by: Laine Stump
Signed-off-by: Daniel P. Berrangé
---
src/network/bridge_driver.c | 90 -
1 file changed, 59 insertions(+), 31 deletions(-)
diff --git
The current qemu driver code for changing bandwidth on a NIC first asks
the network driver if the change is supported, then changes the
bandwidth on the VIF, and then tells the network driver to update the
bandwidth on the bridge.
This is potentially racing if a parallel API call causes the
Introduce a virNetworkPortDefPtr struct to represent the data associated
with a virtual network port. Add APIs for parsing/formatting XML docs
with the data.
Signed-off-by: Daniel P. Berrangé
---
docs/docs.html.in | 1 +
docs/formatnetworkport.html.in
Convert the virDomainNetDef object into a virNetworkPortDef object
at the start of networkAllocateActualDevice. This largely decouples
the method impl from the domain object type.
Reviewed-by: Laine Stump
Signed-off-by: Daniel P. Berrangé
---
src/network/bridge_driver.c | 222
Define the wire protocol for the virNetworkPort APIs and enable the
client/server RPC dispatch.
Signed-off-by: Daniel P. Berrangé
---
src/remote/remote_daemon_dispatch.c | 73
src/remote/remote_driver.c | 69
src/remote/remote_protocol.x| 124
Signed-off-by: Daniel P. Berrangé
---
tools/virsh-completer.c | 50 +
tools/virsh-completer.h | 4 +
tools/virsh-network.c | 399 +++-
tools/virsh-network.h | 5 +
4 files changed, 457 insertions(+), 1 deletion(-)
diff --git
When (un)plugging an interface into a network, the 'plugged'
and 'unplugged' operations are invoked in the hook script.
The data provided to the script contains the network XML, the
domain XML and the domain interface XML. When we strictly split the
drivers up this will no longer be possible and
Introduce a new virNetworPort object that will present an attachment to
a virtual network from a VM.
Signed-off-by: Daniel P. Berrangé
---
include/libvirt/libvirt-network.h | 122
include/libvirt/virterror.h | 3 +
src/datatypes.c | 60
src/datatypes.h
When starting up it is important to notify the network driver of any
NICs which are used by running guests so that it can account for any
resources they are using.
Signed-off-by: Daniel P. Berrangé
---
src/libxl/libxl_driver.c | 30 ++
src/lxc/lxc_process.c| 30
An update to
v1: https://www.redhat.com/archives/libvir-list/2018-December/msg00681.html
v2: https://www.redhat.com/archives/libvir-list/2019-February/msg01581.html
v3: https://www.redhat.com/archives/libvir-list/2019-March/msg01259.html
v4:
Stop passing a virDomainNetDefPtr parameter to networkLogAllocation,
instead just pass in the MAC address. The actual device type is also not
required, since virNetworkForwardIfDefPtr has a type field that can be
used instead.
Reviewed-by: Laine Stump
Signed-off-by: Daniel P. Berrangé
---
On Wed, 8 May 2019 17:27:47 +0200
Boris Fiuczynski wrote:
> On 5/8/19 11:22 PM, Alex Williamson wrote:
> >>> I thought there was a request to make this more specific to migration
> >>> by renaming it to something like migration_version. Also, as an
> >>>
> >> so this attribute may not only
On Tue, May 14, 2019 at 5:04 PM Michal Privoznik wrote:
>
> On 5/14/19 12:50 PM, Ilias Stamatis wrote:
> > On Tue, May 14, 2019 at 12:40 PM John Ferlan wrote:
> >>
> >>
> >>
> >> On 5/13/19 9:04 AM, Ilias Stamatis wrote:
> >>> On Mon, May 13, 2019 at 2:38 PM Michal Privoznik
> >>> wrote:
>
On 5/14/19 5:12 PM, Michal Privoznik wrote:
I was too eager to minimize patch 89320788ac4 and did some mistakes.
Here are the fixes.
Michal Prívozník (2):
test_driver: Don't access @vm after it was set to NULL
test_driver: Don't report VIR_DOMAIN_DISK_ERROR_NONE
src/test/test_driver.c
If something goes wrong in testDomainGetDiskErrors() then we try
to free any strings that were previously allocated in return
array. Problem is, in my review of original patch (89320788ac4)
I've mistakenly did some changes which result in possible NULL
dereference (@vm is set to NULL as the first
I was too eager to minimize patch 89320788ac4 and did some mistakes.
Here are the fixes.
Michal Prívozník (2):
test_driver: Don't access @vm after it was set to NULL
test_driver: Don't report VIR_DOMAIN_DISK_ERROR_NONE
src/test/test_driver.c | 6 +++---
1 file changed, 3 insertions(+), 3
In my review of 89320788ac4 I've simplified assigning disk errors
too much as the code I've changed it to will set
VIR_DOMAIN_DISK_ERROR_NONE. This is in contradiction with our
documentation which specifies that disks with no errors are not
reported.
Signed-off-by: Michal Privoznik
---
On 5/14/19 12:50 PM, Ilias Stamatis wrote:
On Tue, May 14, 2019 at 12:40 PM John Ferlan wrote:
On 5/13/19 9:04 AM, Ilias Stamatis wrote:
On Mon, May 13, 2019 at 2:38 PM Michal Privoznik wrote:
On 5/13/19 1:26 AM, Ilias Stamatis wrote:
Return the number of disks present in the
On Tue, 14 May 2019 09:43:44 +0200
Erik Skultety wrote:
> On Tue, May 14, 2019 at 03:32:19AM -0400, Yan Zhao wrote:
> > On Tue, May 14, 2019 at 03:20:40PM +0800, Erik Skultety wrote:
> > > On Tue, May 14, 2019 at 02:12:35AM -0400, Yan Zhao wrote:
> > > > On Mon, May 13, 2019 at 09:28:04PM
On 5/14/19 8:37 AM, Michal Privoznik wrote:
> On 5/13/19 8:48 PM, Daniel Henrique Barboza wrote:
>> Tried to reproduce the error using my x86 laptop but got hit by
>> https://bugzilla.redhat.com/show_bug.cgi?id=1689216 when trying
>> to create the snapshot using upstream code:
>>
>
> Actually, I
On 5/14/19 8:52 AM, Michal Privoznik wrote:
> This function gets snapshot XML (provided by used) as an
> argument. It parses it into a local variable @def and then sets
> some more members (e.g. it creates a copy of live domain XML).
> Then it proceeds to checking if snapshot XML is valid (e.g. it
On Tue, May 14, 2019 at 03:52:07PM +0200, Michal Privoznik wrote:
> This function gets snapshot XML (provided by used) as an
> argument. It parses it into a local variable @def and then sets
> some more members (e.g. it creates a copy of live domain XML).
> Then it proceeds to checking if snapshot
On Tue, May 14, 2019 at 11:24:11AM +0200, Michal Privoznik wrote:
> The idea of virCommand* APIs is that a possible error that
> occurred while constructing cmd line is kept in virCommand
> struct. If that's the case all subsequent calls to virCommand*()
> are NO-OPs or they return an error. Well,
On 5/13/19 8:48 PM, Daniel Henrique Barboza wrote:
Tried to reproduce the error using my x86 laptop but got hit by
https://bugzilla.redhat.com/show_bug.cgi?id=1689216 when trying
to create the snapshot using upstream code:
$ sudo ./run tools/virsh snapshot-create-as ub1810-cpu-hotplug snap
This function gets snapshot XML (provided by used) as an
argument. It parses it into a local variable @def and then sets
some more members (e.g. it creates a copy of live domain XML).
Then it proceeds to checking if snapshot XML is valid (e.g. it
contains as many disks as currently in the domain).
On Tue, May 14, 2019 at 11:24:12AM +0200, Michal Privoznik wrote:
> A double free may occur in testCompareXMLToArgvFiles() when @def
> is freed right after virStoragePoolObjNew() failed and the second
> time at cleanup label.
>
> Signed-off-by: Michal Privoznik
> ---
Reviewed-by: Erik Skultety
On Tue, May 14, 2019 at 11:24:10AM +0200, Michal Privoznik wrote:
> Signed-off-by: Michal Privoznik
> ---
> src/rpc/virnetserver.c | 8 ++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
Reviewed-by: Erik Skultety
--
libvir-list mailing list
libvir-list@redhat.com
On Tue, May 14, 2019 at 11:24:09AM +0200, Michal Privoznik wrote:
> If virStoragePoolObjNew() fails to create new volume object list
> then virObjectUnref() is called and since refcounter is 1 then
> virStoragePoolObjDispose() is called which in turn calls
> virStoragePoolObjClearVols() which in
On Tue, May 14, 2019 at 11:24:11AM +0200, Michal Privoznik wrote:
> The idea of virCommand* APIs is that a possible error that
> occurred while constructing cmd line is kept in virCommand
> struct. If that's the case all subsequent calls to virCommand*()
> are NO-OPs or they return an error. Well,
On Tue, 14 May 2019 12:01:45 +0100
"Dr. David Alan Gilbert" wrote:
> * Cornelia Huck (coh...@redhat.com) wrote:
> > On Tue, 14 May 2019 03:47:36 -0400
> > Yan Zhao wrote:
> > > hi Cornelia and Dave,
> > > do you also agree on:
> > > 1. "not to define the specific errno returned for a specific
* Cornelia Huck (coh...@redhat.com) wrote:
> On Tue, 14 May 2019 03:47:36 -0400
> Yan Zhao wrote:
>
> > On Tue, May 14, 2019 at 03:43:44PM +0800, Erik Skultety wrote:
> > > On Tue, May 14, 2019 at 03:32:19AM -0400, Yan Zhao wrote:
> > > > On Tue, May 14, 2019 at 03:20:40PM +0800, Erik Skultety
On Tue, May 14, 2019 at 12:40 PM John Ferlan wrote:
>
>
>
> On 5/13/19 9:04 AM, Ilias Stamatis wrote:
> > On Mon, May 13, 2019 at 2:38 PM Michal Privoznik
> > wrote:
> >>
> >> On 5/13/19 1:26 AM, Ilias Stamatis wrote:
> >>> Return the number of disks present in the configuration of the test
>
On Tue, May 14, 2019 at 11:51:35AM +0200, Cornelia Huck wrote:
> On Tue, 14 May 2019 03:47:36 -0400
> Yan Zhao wrote:
>
> > On Tue, May 14, 2019 at 03:43:44PM +0800, Erik Skultety wrote:
> > > On Tue, May 14, 2019 at 03:32:19AM -0400, Yan Zhao wrote:
> > > > On Tue, May 14, 2019 at 03:20:40PM
On 5/13/19 9:04 AM, Ilias Stamatis wrote:
> On Mon, May 13, 2019 at 2:38 PM Michal Privoznik wrote:
>>
>> On 5/13/19 1:26 AM, Ilias Stamatis wrote:
>>> Return the number of disks present in the configuration of the test
>>> domain when called with @errors as NULL and @maxerrors as 0.
>>>
>>>
On Tue, 2019-05-14 at 10:16 +0100, Daniel P. Berrangé wrote:
> On Tue, May 14, 2019 at 09:21:12AM +0200, Andrea Bolognani wrote:
> > On Mon, 2019-05-13 at 16:14 +0100, Daniel P. Berrangé wrote:
> > > I wonder if we should just directly use the _SOURCES vars instead of
> > > making
> > > the
On Tue, 14 May 2019 03:47:36 -0400
Yan Zhao wrote:
> On Tue, May 14, 2019 at 03:43:44PM +0800, Erik Skultety wrote:
> > On Tue, May 14, 2019 at 03:32:19AM -0400, Yan Zhao wrote:
> > > On Tue, May 14, 2019 at 03:20:40PM +0800, Erik Skultety wrote:
> > > > That said, from libvirt POV as a
On Tue, May 14, 2019 at 10:43:31 +0100, Daniel Berrange wrote:
> On Tue, May 14, 2019 at 10:37:55AM +0100, Dr. David Alan Gilbert wrote:
> > * Daniel P. Berrangé (berra...@redhat.com) wrote:
> > > On Tue, May 14, 2019 at 08:02:49AM +0200, Markus Armbruster wrote:
> > > > Eric Blake writes:
[...]
On Tue, May 14, 2019 at 10:37:55AM +0100, Dr. David Alan Gilbert wrote:
> * Daniel P. Berrangé (berra...@redhat.com) wrote:
> > On Tue, May 14, 2019 at 08:02:49AM +0200, Markus Armbruster wrote:
> > > Eric Blake writes:
> > >
> > > > On 5/13/19 8:53 AM, Markus Armbruster wrote:
> > > >
> > > >>>
* Daniel P. Berrangé (berra...@redhat.com) wrote:
> On Tue, May 14, 2019 at 08:02:49AM +0200, Markus Armbruster wrote:
> > Eric Blake writes:
> >
> > > On 5/13/19 8:53 AM, Markus Armbruster wrote:
> > >
> > >>> We have a few options
> > >>>
> > >>> 1. Use string format for values > 2^53-1, int
On Tue, May 14, 2019 at 08:02:49AM +0200, Markus Armbruster wrote:
> Eric Blake writes:
>
> > On 5/13/19 8:53 AM, Markus Armbruster wrote:
> >
> >>> We have a few options
> >>>
> >>> 1. Use string format for values > 2^53-1, int format below that
> >>> 2. Use string format for all fields which
If virStoragePoolObjNew() fails to create new volume object list
then virObjectUnref() is called and since refcounter is 1 then
virStoragePoolObjDispose() is called which in turn calls
virStoragePoolObjClearVols() which in turn dereferences
obj->volumes.
Signed-off-by: Michal Privoznik
---
A double free may occur in testCompareXMLToArgvFiles() when @def
is freed right after virStoragePoolObjNew() failed and the second
time at cleanup label.
Signed-off-by: Michal Privoznik
---
tests/storagepoolxml2argvtest.c | 1 -
1 file changed, 1 deletion(-)
diff --git
The idea of virCommand* APIs is that a possible error that
occurred while constructing cmd line is kept in virCommand
struct. If that's the case all subsequent calls to virCommand*()
are NO-OPs or they return an error. Well,
virCommandPassFDGetFDIndex() is not honoring that.
Signed-off-by: Michal
These stem from me playing with OOM testing. I've discovered more bugs,
but they're mostly in tests themselves, e.g. use without check.
Michal Prívozník (4):
virstorageobj: Don't clear vols if they weren't initialized
virNetServerPreExecRestart: Check for retval of virJSONValueNewArray()
Signed-off-by: Michal Privoznik
---
src/rpc/virnetserver.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c
index 83b871764f..4934dba967 100644
--- a/src/rpc/virnetserver.c
+++ b/src/rpc/virnetserver.c
@@ -629,7 +629,9 @@
On Tue, May 14, 2019 at 09:21:12AM +0200, Andrea Bolognani wrote:
> On Mon, 2019-05-13 at 16:14 +0100, Daniel P. Berrangé wrote:
> > On Mon, May 13, 2019 at 02:55:14PM +0200, Andrea Bolognani wrote:
> > > +# List of example programs. We need to list them here instead of using
> > > +#
On Tue, May 14, 2019 at 03:43:44PM +0800, Erik Skultety wrote:
> On Tue, May 14, 2019 at 03:32:19AM -0400, Yan Zhao wrote:
> > On Tue, May 14, 2019 at 03:20:40PM +0800, Erik Skultety wrote:
> > > On Tue, May 14, 2019 at 02:12:35AM -0400, Yan Zhao wrote:
> > > > On Mon, May 13, 2019 at 09:28:04PM
On Tue, May 14, 2019 at 03:32:19AM -0400, Yan Zhao wrote:
> On Tue, May 14, 2019 at 03:20:40PM +0800, Erik Skultety wrote:
> > On Tue, May 14, 2019 at 02:12:35AM -0400, Yan Zhao wrote:
> > > On Mon, May 13, 2019 at 09:28:04PM +0800, Erik Skultety wrote:
> > > > On Fri, May 10, 2019 at 11:48:38AM
On Tue, May 14, 2019 at 03:20:40PM +0800, Erik Skultety wrote:
> On Tue, May 14, 2019 at 02:12:35AM -0400, Yan Zhao wrote:
> > On Mon, May 13, 2019 at 09:28:04PM +0800, Erik Skultety wrote:
> > > On Fri, May 10, 2019 at 11:48:38AM +0200, Cornelia Huck wrote:
> > > > On Fri, 10 May 2019 10:36:09
On Mon, 2019-05-13 at 16:14 +0100, Daniel P. Berrangé wrote:
> On Mon, May 13, 2019 at 02:55:14PM +0200, Andrea Bolognani wrote:
> > +# List of example programs. We need to list them here instead of using
> > +# $(noinst_PROGRAMS) directly because we want to have access to the
> > +# unmodified
On Tue, May 14, 2019 at 02:12:35AM -0400, Yan Zhao wrote:
> On Mon, May 13, 2019 at 09:28:04PM +0800, Erik Skultety wrote:
> > On Fri, May 10, 2019 at 11:48:38AM +0200, Cornelia Huck wrote:
> > > On Fri, 10 May 2019 10:36:09 +0100
> > > "Dr. David Alan Gilbert" wrote:
> > >
> > > > * Cornelia
On Tue, 14 May 2019 02:12:35 -0400
Yan Zhao wrote:
> On Mon, May 13, 2019 at 09:28:04PM +0800, Erik Skultety wrote:
> > In case of libvirt checking the compatibility, it won't matter how good the
> > error message in the kernel log is and regardless of how many error states
> > you
> > want to
On Mon, May 13, 2019 at 09:28:04PM +0800, Erik Skultety wrote:
> On Fri, May 10, 2019 at 11:48:38AM +0200, Cornelia Huck wrote:
> > On Fri, 10 May 2019 10:36:09 +0100
> > "Dr. David Alan Gilbert" wrote:
> >
> > > * Cornelia Huck (coh...@redhat.com) wrote:
> > > > On Thu, 9 May 2019 17:48:26 +0100
Eric Blake writes:
> On 5/13/19 8:53 AM, Markus Armbruster wrote:
>
>>> We have a few options
>>>
>>> 1. Use string format for values > 2^53-1, int format below that
>>> 2. Use string format for all fields which are 64-bit ints whether
>>> signed or unsigned
>>> 3. Use string format for
72 matches
Mail list logo