On Wed, Feb 26, 2020 at 20:39:26 -0600, Eric Blake wrote:
> There are many existing qcow2 images that specify a backing file but
> no format. This has been the source of CVEs in the past, but has
> become more prominent of a problem now that libvirt has switched to
> -blockdev. With older
On Wed, Feb 26, 2020 at 20:39:27 -0600, Eric Blake wrote:
> For now, this is a mechanical addition; all callers pass false. But
> the next patch will use it to improve 'qemu-img rebase -u' when
> selecting a backing file with no format.
>
> Signed-off-by: Eric Blake
> ---
>
On Wed, Feb 26, 2020 at 20:39:28 -0600, Eric Blake wrote:
> Creating an image that requires format probing of the backing image is
> inherently unsafe (we've had several CVEs over the years based on
> probes leaking information to the guest on a subsequent boot). If our
> probing algorithm ever
For now, this is a mechanical addition; all callers pass false. But
the next patch will use it to improve 'qemu-img rebase -u' when
selecting a backing file with no format.
Signed-off-by: Eric Blake
---
include/block/block.h | 4 ++--
block.c | 13 ++---
block/qcow2.c
In v2:
- patch 3 changes to ALWAYS warn if -b provided without -F (rather
than being silent on raw or json:) [Peter]
- patch 3 changes to ONLY write implied format if probe read raw (all
other probes are still mentioned, but not implicitly written) [Peter]
- couple more tests converted in patch 1
Creating an image that requires format probing of the backing image is
inherently unsafe (we've had several CVEs over the years based on
probes leaking information to the guest on a subsequent boot). If our
probing algorithm ever changes, or if other tools like libvirt
determine a different probe
On 2/25/20 1:29 PM, Ján Tomko wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=1724928
Ján Tomko (2):
conf: only allow virtio bus for input passthrough
conf: default to virtio bus for input passthrough
src/conf/domain_conf.c | 9 -
1 file changed, 8 insertions(+), 1
On 2/26/20 4:58 PM, Pavel Hrdina wrote:
On Wed, Feb 26, 2020 at 04:33:13PM +0100, Michal Prívozník wrote:
On 2/26/20 4:07 PM, Pavel Hrdina wrote:
The default memlock limit is 64k which is not enough to start a single
VM. The requirements for one VM are 12k, 8k for eBPF map and 4k for eBPF
On Wed, Feb 26, 2020 at 10:35:58AM -0500, Cole Robinson wrote:
> On 2/26/20 10:07 AM, Pavel Hrdina wrote:
> > The default memlock limit is 64k which is not enough to start a single
> > VM. The requirements for one VM are 12k, 8k for eBPF map and 4k for eBPF
> > program, however, it fails to create
On 2/25/20 4:49 PM, Daniel P. Berrangé wrote:
We now support setting bandwidth on networks with type bridge.
Signed-off-by: Daniel P. Berrangé
---
docs/formatnetwork.html.in | 8
1 file changed, 4 insertions(+), 4 deletions(-)
Reviewed-by: Michal Privoznik
Michal
On Wed, Feb 26, 2020 at 04:33:13PM +0100, Michal Prívozník wrote:
> On 2/26/20 4:07 PM, Pavel Hrdina wrote:
> > The default memlock limit is 64k which is not enough to start a single
> > VM. The requirements for one VM are 12k, 8k for eBPF map and 4k for eBPF
> > program, however, it fails to
On 2/26/20 10:07 AM, Pavel Hrdina wrote:
> The default memlock limit is 64k which is not enough to start a single
> VM. The requirements for one VM are 12k, 8k for eBPF map and 4k for eBPF
> program, however, it fails to create eBPF map and program with 64k limit.
> By testing I figured out that
On 2/26/20 4:07 PM, Pavel Hrdina wrote:
> The default memlock limit is 64k which is not enough to start a single
> VM. The requirements for one VM are 12k, 8k for eBPF map and 4k for eBPF
> program, however, it fails to create eBPF map and program with 64k limit.
> By testing I figured out that
The default memlock limit is 64k which is not enough to start a single
VM. The requirements for one VM are 12k, 8k for eBPF map and 4k for eBPF
program, however, it fails to create eBPF map and program with 64k limit.
By testing I figured out that the minimal limit is 80k to start a single
VM with
As suggested yesterday, I just tagged RC1 in git and pushed
signed tarball and source rpm to the usual place:
https://libvirt.org/sources/
Seems to work fine in my limited testing, CI is green (amazing !)
https://ci.centos.org/view/libvirt/ so looks fine so far,
please give it some
> On 26 Feb 2020, at 12:57, Ján Tomko wrote:
>
> Add a document describing the usage of virtiofs.
> ---
> docs/kbase.html.in | 3 +
> docs/kbase/virtiofs.rst | 152
> 2 files changed, 155 insertions(+)
> create mode 100644 docs/kbase/virtiofs.rst
On Wed, Feb 26, 2020 at 12:57:04 +0100, Ján Tomko wrote:
> Add a document describing the usage of virtiofs.
> ---
> docs/kbase.html.in | 3 +
> docs/kbase/virtiofs.rst | 152
> 2 files changed, 155 insertions(+)
> create mode 100644
On Wed, Feb 26, 2020 at 12:57:13 +0100, Ján Tomko wrote:
> Format the 'vhost-user-fs' device on the QEMU command line.
>
> This device provides shared file system access using the FUSE protocol
> carried over virtio.
> The actual file server is implemented in an external vhost-user-fs device
>
On Wed, Feb 26, 2020 at 12:57:10 +0100, Ján Tomko wrote:
> Start virtiofsd for each device using it.
>
> Pre-create the socket for communication with QEMU and pass it
> to virtiofsd.
>
> Note that virtiofsd needs to run as root.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1694166
>
>
On Wed, Feb 26, 2020 at 12:57:08 +0100, Ján Tomko wrote:
> Reject unsupported configurations.
>
> Signed-off-by: Ján Tomko
> ---
> src/qemu/qemu_domain.c | 82 +++---
> 1 file changed, 77 insertions(+), 5 deletions(-)
Reviewed-by: Peter Krempa
On Wed, Feb 26, 2020 at 12:57:02 +0100, Ján Tomko wrote:
> Some validation check might reject unprivileged drivers in the future.
>
> Signed-off-by: Ján Tomko
> ---
> tests/qemuxml2xmltest.c | 1 +
> 1 file changed, 1 insertion(+)
Reviewed-by: Peter Krempa
On Wed, Feb 26, 2020 at 12:57:01 +0100, Ján Tomko wrote:
> Signed-off-by: Ján Tomko
> ---
Reviewed-by: Peter Krempa
On 2/26/20 1:49 AM, Laine Stump wrote:
Signed-off-by: Laine Stump
---
I had thought I'd included documentation with the patch that added
parsing/formatting for this, but after crobinso noticed it was
missing, I realized that I had only put documentation in an earlier
version of the patches
On Wed, Feb 26, 2020 at 01:05:03PM +0100, Peter Krempa wrote:
Use the 'flat' flag for 'query-named-block-nodes' if qemu supports
QEMU_CAPS_QMP_QUERY_NAMED_BLOCK_NODES_FLAT in qemuBlockGetNamedNodeData.
We don't need the data so plumb in whether qemu supports the
'flat' output.
Signed-off-by:
On Wed, Feb 26, 2020 at 01:05:02PM +0100, Peter Krempa wrote:
Modern qemu allows to skip the nested redundant data in the output of
query-named-block-nodes. Plumb in the support for the argument that
enables it.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_monitor.c | 2 +-
On Wed, Feb 26, 2020 at 01:05:01PM +0100, Peter Krempa wrote:
Replace qemuMonitorBlockGetNamedNodeData by qemuBlockGetNamedNodeData.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_checkpoint.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
Reviewed-by: Ján Tomko
Jano
On Wed, Feb 26, 2020 at 01:05:00PM +0100, Peter Krempa wrote:
Use g_autoptr to get rid of the cleanup section.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_monitor_json.c | 17 +
1 file changed, 5 insertions(+), 12 deletions(-)
Reviewed-by: Ján Tomko
Jano
signature.asc
On Wed, Feb 26, 2020 at 01:04:59PM +0100, Peter Krempa wrote:
Detect the presence of the flag and make it available internally as
QEMU_CAPS_QMP_QUERY_NAMED_BLOCK_NODES_FLAT.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_capabilities.c | 4
src/qemu/qemu_capabilities.h
On Wed, Feb 26, 2020 at 01:04:58PM +0100, Peter Krempa wrote:
The monitor password callback was removed long time ago but the callback
type and variable were left around. Finish the cleanup.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_monitor.h | 9 -
1 file changed, 9 deletions(-)
On Wed, Feb 26, 2020 at 01:04:57PM +0100, Peter Krempa wrote:
Update to v4.2.0-1858-gdb736e0437 which contains my commit for 'flat'
otuptu of 'query-named-block-nodes'.
*output
Signed-off-by: Peter Krempa
---
.../caps_5.0.0.x86_64.replies | 6185 +
Use g_autoptr to get rid of the cleanup section.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_monitor_json.c | 17 +
1 file changed, 5 insertions(+), 12 deletions(-)
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index 50d93c0c7e..a2f253f731 100644
The monitor password callback was removed long time ago but the callback
type and variable were left around. Finish the cleanup.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_monitor.h | 9 -
1 file changed, 9 deletions(-)
diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
Use the 'flat' flag for 'query-named-block-nodes' if qemu supports
QEMU_CAPS_QMP_QUERY_NAMED_BLOCK_NODES_FLAT in qemuBlockGetNamedNodeData.
We don't need the data so plumb in whether qemu supports the
'flat' output.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_block.c| 4 +++-
Detect the presence of the flag and make it available internally as
QEMU_CAPS_QMP_QUERY_NAMED_BLOCK_NODES_FLAT.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_capabilities.c | 4
src/qemu/qemu_capabilities.h | 3 +++
Don't request the recursive output since we don't use it.
Peter Krempa (7):
tests: qemucapabilities: Update capabilities of qemu-5.0.0 on x86_64
qemu: monitor: Remove leftovers from password callback
qemu: capabilities: Add capability for the 'flat' argument of
'query-named-block-nodes'
Modern qemu allows to skip the nested redundant data in the output of
query-named-block-nodes. Plumb in the support for the argument that
enables it.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_monitor.c | 2 +-
src/qemu/qemu_monitor_json.c | 11 +++
src/qemu/qemu_monitor_json.h
Replace qemuMonitorBlockGetNamedNodeData by qemuBlockGetNamedNodeData.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_checkpoint.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/src/qemu/qemu_checkpoint.c b/src/qemu/qemu_checkpoint.c
index c06bfe6a21..a387e7dfe7 100644
This is not yet supported.
Signed-off-by: Ján Tomko
Reviewed-by: Daniel P. Berrangé
Reviewed-by: Peter Krempa
---
src/qemu/qemu_migration.c | 10 ++
1 file changed, 10 insertions(+)
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 3fc5388d6a..d37a7ec6c7 100644
Introduce a new 'virtiofs' driver type for filesystem.
Signed-off-by: Ján Tomko
Reviewed-by: Daniel P. Berrangé
Reviewed-by: Peter Krempa
---
docs/formatdomain.html.in | 12 ++-
docs/schemas/domaincommon.rng | 6 ++
src/conf/domain_conf.c
Look into /usr/share/qemu/vhost-user to see whether we can find
a suitable virtiofsd binary, in case the user did not provide one
in the domain XML.
Signed-off-by: Ján Tomko
Reviewed-by: Daniel P. Berrangé
Reviewed-by: Peter Krempa
---
src/qemu/qemu_extdevice.c | 9 +
Format the 'vhost-user-fs' device on the QEMU command line.
This device provides shared file system access using the FUSE protocol
carried over virtio.
The actual file server is implemented in an external vhost-user-fs device
backend process.
https://bugzilla.redhat.com/show_bug.cgi?id=1694166
Add a document describing the usage of virtiofs.
---
docs/kbase.html.in | 3 +
docs/kbase/virtiofs.rst | 152
2 files changed, 155 insertions(+)
create mode 100644 docs/kbase/virtiofs.rst
diff --git a/docs/kbase.html.in b/docs/kbase.html.in
index
Wire up the code to put virtiofsd in the emulator cgroup on domain
startup.
Signed-off-by: Ján Tomko
Reviewed-by: Peter Krempa
---
src/qemu/qemu_extdevice.c | 15 +++
src/qemu/qemu_virtiofs.c | 26 ++
src/qemu/qemu_virtiofs.h | 5 +
3 files changed,
Reject unsupported configurations.
Signed-off-by: Ján Tomko
---
src/qemu/qemu_domain.c | 82 +++---
1 file changed, 77 insertions(+), 5 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index e1ee8d4692..d85c089dce 100644
---
Start virtiofsd for each device using it.
Pre-create the socket for communication with QEMU and pass it
to virtiofsd.
Note that virtiofsd needs to run as root.
https://bugzilla.redhat.com/show_bug.cgi?id=1694166
Introduced by QEMU commit a43efa34c7d7b628cbf1ec0fe60043e5c91043ea
Some validation check might reject unprivileged drivers in the future.
Signed-off-by: Ján Tomko
---
tests/qemuxml2xmltest.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index c29dd5053d..914f503516 100644
--- a/tests/qemuxml2xmltest.c
+++
Add a 'virtiofsd_debug' option for tuning whether to run virtiofsd
in debug mode.
Signed-off-by: Ján Tomko
Reviewed-by: Daniel P. Berrangé
Reviewed-by: Peter Krempa
---
src/qemu/libvirtd_qemu.aug | 1 +
src/qemu/qemu.conf | 7 +++
src/qemu/qemu_conf.c
Add more elements for tuning the virtiofsd daemon
and the vhost-user-fs device:
Signed-off-by: Ján Tomko
Reviewed-by: Daniel P. Berrangé
Reviewed-by: Masayoshi Mizuma
Reviewed-by: Peter Krempa
---
docs/formatdomain.html.in | 25 -
Pass logManager to qemuExtDevicesStart for future usage.
Signed-off-by: Ján Tomko
Reviewed-by: Daniel P. Berrangé
---
src/qemu/qemu_extdevice.c | 1 +
src/qemu/qemu_extdevice.h | 1 +
src/qemu/qemu_process.c | 4 +++-
3 files changed, 5 insertions(+), 1 deletion(-)
diff --git
Introduced by QEMU commit 98fc1ada4cf70af0f1df1a2d7183cf786fc7da05
virtio: add vhost-user-fs base device
Released in QEMU v4.2.0.
Signed-off-by: Ján Tomko
Reviewed-by: Peter Krempa
Acked-by: Stefan Hajnoczi
Reviewed-by: Daniel P. Berrangé
---
src/qemu/qemu_capabilities.c
v4: https://www.redhat.com/archives/libvir-list/2020-February/msg00707.html
v5: use priv->libDir for the pid file
more validation checks
cmd line escaping and memory leak fixes
Ján Tomko (15):
schema: wrap fsDriver in a choice group
qemuExtDevicesStart: pass logManager
qemu: pass
Signed-off-by: Ján Tomko
---
src/qemu/qemu_cgroup.c| 2 +-
src/qemu/qemu_extdevice.c | 3 ++-
src/qemu/qemu_extdevice.h | 2 +-
3 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index d550d4f58a..c0e30f6152 100644
---
Allow adding new groups without changing indentation.
Signed-off-by: Ján Tomko
Reviewed-by: Peter Krempa
Acked-by: Stefan Hajnoczi
Reviewed-by: Daniel P. Berrangé
---
docs/schemas/domaincommon.rng | 50 +++
1 file changed, 27 insertions(+), 23 deletions(-)
On Wed, Feb 26, 2020 at 11:34:06AM +0100, Ján Tomko wrote:
> On Wed, Feb 26, 2020 at 09:42:04AM +0100, Peter Krempa wrote:
> > Explicitly CCing danpb to clarify usage of the logging daemon.
> >
> > On Thu, Feb 20, 2020 at 15:32:48 +0100, Ján Tomko wrote:
> > > Start virtiofsd for each device
On Wed, Feb 26, 2020 at 09:42:04AM +0100, Peter Krempa wrote:
Explicitly CCing danpb to clarify usage of the logging daemon.
On Thu, Feb 20, 2020 at 15:32:48 +0100, Ján Tomko wrote:
Start virtiofsd for each device using it.
Pre-create the socket for communication with QEMU and pass it
to
On Wed, Feb 26, 2020 at 09:53:46AM +0100, Peter Krempa wrote:
On Thu, Feb 20, 2020 at 15:32:50 +0100, Ján Tomko wrote:
Look into /usr/share/qemu/vhost-user to see whether we can find
a suitable virtiofsd binary, in case the user did not provide one
in the domain XML.
Signed-off-by: Ján Tomko
[adding dgilbert]
On Wed, Feb 26, 2020 at 10:28:18AM +0100, Peter Krempa wrote:
On Thu, Feb 20, 2020 at 15:32:42 +0100, Ján Tomko wrote:
Add a document describing the usage of virtiofs.
---
docs/kbase.html.in | 3 +
docs/kbase/virtiofs.rst | 152
On Thu, Feb 20, 2020 at 15:32:42 +0100, Ján Tomko wrote:
> Add a document describing the usage of virtiofs.
> ---
> docs/kbase.html.in | 3 +
> docs/kbase/virtiofs.rst | 152
> 2 files changed, 155 insertions(+)
> create mode 100644
On Thu, Feb 20, 2020 at 15:32:51 +0100, Ján Tomko wrote:
> Format the 'vhost-user-fs' device on the QEMU command line.
>
> This device provides shared file system access using the FUSE protocol
> carried over virtio.
> The actual file server is implemented in an external vhost-user-fs device
>
In subject:
You named the capability QEMU_CAPS_DEVICE_VHOST_USER_FS
On Thu, Feb 20, 2020 at 15:32:41 +0100, Ján Tomko wrote:
> Introduced by QEMU commit 98fc1ada4cf70af0f1df1a2d7183cf786fc7da05
> virtio: add vhost-user-fs base device
>
> Released in QEMU v4.2.0.
>
> Signed-off-by: Ján
On Wed, Feb 26, 2020 at 09:44:14 +0100, Ján Tomko wrote:
> On Wed, Feb 26, 2020 at 09:15:17AM +0100, Michal Privoznik wrote:
> > On 2/26/20 8:33 AM, Peter Krempa wrote:
> > > On Thu, Feb 20, 2020 at 15:32:46 +0100, Ján Tomko wrote:
> > > > Reject unsupported configurations.
> > > >
> > > >
On Thu, Feb 20, 2020 at 15:32:50 +0100, Ján Tomko wrote:
> Look into /usr/share/qemu/vhost-user to see whether we can find
> a suitable virtiofsd binary, in case the user did not provide one
> in the domain XML.
>
> Signed-off-by: Ján Tomko
> Reviewed-by: Daniel P. Berrangé
> ---
>
On Thu, Feb 20, 2020 at 15:32:49 +0100, Ján Tomko wrote:
> Wire up the code to put virtiofsd in the emulator cgroup on domain
> startup.
>
> Signed-off-by: Ján Tomko
> ---
> src/qemu/qemu_extdevice.c | 15 +++
> src/qemu/qemu_virtiofs.c | 28
>
On Wed, Feb 26, 2020 at 09:15:17AM +0100, Michal Privoznik wrote:
On 2/26/20 8:33 AM, Peter Krempa wrote:
On Thu, Feb 20, 2020 at 15:32:46 +0100, Ján Tomko wrote:
Reject unsupported configurations.
Signed-off-by: Ján Tomko
---
src/qemu/qemu_domain.c | 61
Explicitly CCing danpb to clarify usage of the logging daemon.
On Thu, Feb 20, 2020 at 15:32:48 +0100, Ján Tomko wrote:
> Start virtiofsd for each device using it.
>
> Pre-create the socket for communication with QEMU and pass it
> to virtiofsd.
>
> Note that virtiofsd needs to run as root.
>
On Wed, Feb 26, 2020 at 08:23:43AM +0100, Peter Krempa wrote:
On Thu, Feb 20, 2020 at 15:32:44 +0100, Ján Tomko wrote:
Add more elements for tuning the virtiofsd daemon
and the vhost-user-fs device:
Signed-off-by: Ján Tomko
Reviewed-by: Daniel P. Berrangé
On 2/26/20 8:33 AM, Peter Krempa wrote:
On Thu, Feb 20, 2020 at 15:32:46 +0100, Ján Tomko wrote:
Reject unsupported configurations.
Signed-off-by: Ján Tomko
---
src/qemu/qemu_domain.c | 61 +++---
1 file changed, 58 insertions(+), 3 deletions(-)
diff
67 matches
Mail list logo
