Re: device compatibility interface for live migration with assigned devices

> > As you indicate, the vendor driver is responsible for checking version > > information embedded within the migration stream. Therefore a > > migration should fail early if the devices are incompatible. Is it > but as I know, currently in VFIO migration protocol, we have no way to > get vendor

libvirt-python: Extending libvirt-*override-api.xml?

Hello, Am 25.07.20 um 23:45 schrieb Philipp Hahn: > Am 27.04.20 um 15:44 schrieb Philipp Hahn: >> I'm working on adding PEP 484 type hints >> to the Python binding of >> libvirt. ... > I just opened a merge request >

[PATCH for 6.6.0] news: Document recent CVE fix

Document the fix of leaking /dev/mapper/control to QEMU (fixed in v6.6.0-rc1-3-g2249455654). Signed-off-by: Michal Privoznik --- NEWS.rst | 7 +++ 1 file changed, 7 insertions(+) diff --git a/NEWS.rst b/NEWS.rst index ff977968c7..8b53d21b8a 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -33,6 +33,

Re: [PATCH for 6.6.0] news: Document recent CVE fix

On Mon, Jul 27, 2020 at 09:54:50 +0200, Michal Privoznik wrote: > Document the fix of leaking /dev/mapper/control to QEMU (fixed in > v6.6.0-rc1-3-g2249455654). > > Signed-off-by: Michal Privoznik > --- > NEWS.rst | 7 +++ > 1 file changed, 7 insertions(+) > > diff --git a/NEWS.rst b/NEWS.r

Re: [PATCH for 6.6.0] news: Document recent CVE fix

On 7/27/20 10:04 AM, Peter Krempa wrote: On Mon, Jul 27, 2020 at 09:54:50 +0200, Michal Privoznik wrote: Document the fix of leaking /dev/mapper/control to QEMU (fixed in v6.6.0-rc1-3-g2249455654). Signed-off-by: Michal Privoznik --- NEWS.rst | 7 +++ 1 file changed, 7 insertions(+) di

[PATCH 1/4] virdevmapper.c: Join two WITH_DEVMAPPER sections together

There are two distinct WITH_DEVMAPPER sections in the file, for different functions each. Rearrange the code to make some of future commits smaller. Signed-off-by: Michal Privoznik Reviewed-by: Daniel P. Berrangé --- src/util/virdevmapper.c | 21 + 1 file changed, 9 insertio

[PATCH 3/4] virdevmapper: Don't use libdevmapper to obtain dependencies

CVE-2020-14339 When building domain's private /dev in a namespace, libdevmapper is consulted for getting full dependency tree of domain's disks. The reason is that for a multipath devices all dependent devices must be created in the namespace and allowed in CGroups. However, this approach is very

[PATCH 0/4] Don't leak /dev/mapper/control to QEMU

These were sent to the libvirt-security list, where they were reviewed. And before that, I've sent them to the public list: https://www.redhat.com/archives/libvir-list/2020-July/msg01500.html Anyway, I'm resending here for future reference. Patches are merged so no need to review. We are still u

[PATCH 4/4] virDevMapperGetTargets: Don't ignore EBADF

Signed-off-by: Michal Privoznik Reviewed-by: Daniel P. Berrangé --- src/qemu/qemu_cgroup.c | 2 +- src/qemu/qemu_domain.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index 914bf640ca..e88da02341 100644 --- a/src/qemu/qe

[PATCH 2/4] virDevMapperGetTargetsImpl: Use VIR_AUTOSTRINGLIST

Since we have VIR_AUTOSTRINGLIST we can use it to free string lists used in the function automatically. Signed-off-by: Michal Privoznik Reviewed-by: Daniel P. Berrangé --- src/util/virdevmapper.c | 16 +++- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/src/util/vird

Re: [PATCH for 6.6.0] news: Document recent CVE fix

On Mon, 2020-07-27 at 09:54 +0200, Michal Privoznik wrote: > Document the fix of leaking /dev/mapper/control to QEMU (fixed in > v6.6.0-rc1-3-g2249455654). > > Signed-off-by: Michal Privoznik > --- > NEWS.rst | 7 +++ > 1 file changed, 7 insertions(+) Reviewed-by: Andrea Bolognani -- And

[PATCH] migration: fix xml file residual during vm crash with migration

From: Zheng Chuan when migration is cancelled (such as kill -9 vmpid in Src, etc), it could do virDomainSaveStatus() to save xml file after qemuProcessStop(), which results in xml residulal. Fix it by that do not do virDomainSaveStatus() if vm is not active. Signed-off-by: Zheng Chuan --- src

[RESEND][PATCH] migration: fix xml file residual during vm crash with migration

>From 935ec812b822ca978631e72bb9b9a5d00df24a42 Mon Sep 17 00:00:00 2001 From: Zheng Chuan Date: Mon, 27 Jul 2020 14:39:05 +0800 Subject: [PATCH] migration: fix xml file residual during vm crash with migration when migration is cancelled (such as kill -9 vmpid in Src, etc), it could do virDomainS

Re: libvirt-python: API change List → (Named)Tuple?

On Mon, Jul 27, 2020 at 08:32:29AM +0200, Philipp Hahn wrote: > Hello, > > Am 25.07.20 um 23:45 schrieb Philipp Hahn: > > Am 27.04.20 um 15:44 schrieb Philipp Hahn: > >> I'm working on adding PEP 484 type hints > >> to the Python binding of > >> libvirt.

Re: libvirt-python: API change List → (Named)Tuple?

On Mon, Jul 27, 2020 at 11:19:46AM +0200, Erik Skultety wrote: > On Mon, Jul 27, 2020 at 08:32:29AM +0200, Philipp Hahn wrote: > > Hello, > > > > Am 25.07.20 um 23:45 schrieb Philipp Hahn: > > > Am 27.04.20 um 15:44 schrieb Philipp Hahn: > > >> I'm working on adding PEP 484 type hints > > >>

[libvirt PATCH 0/3] conf: do not use %s as a part of a word in translatable strings

Ján Tomko (3): conf: rename 'name' in scheduler parser conf: pass elementName to virDomainThreadSchedParseHelper conf: scheduler parser: do not hardcode element name src/conf/domain_conf.c | 29 ++--- 1 file changed, 18 insertions(+), 11 deletions(-) -- 2.26.2

[libvirt PATCH 1/3] conf: rename 'name' in scheduler parser

virDomainThreadSchedParseHelper is used for parsing both iothread and vcpu scheduling settings. Rename its 'name' attribute to make it obvious this refers to the attribute name, not the name of the element (which is currently constructed from the attribute name). Signed-off-by: Ján Tomko --- src

[libvirt PATCH 2/3] conf: pass elementName to virDomainThreadSchedParseHelper

Pass the scheduler element name instead of trying to reconstructing it from the attribute name. This has the benefit of not mixing '%s' with regular text in translatable strings as well as preventing the confusion when the 's' marking the plural in the element name ('vcpus') is taken as a first le

[libvirt PATCH 3/3] conf: scheduler parser: do not hardcode element name

When trying to parse an XML with overlapping iothread scheduler settings, the error message was rather confusing: error: iothreadssched attributes 'vcpus' must not overlap Pass the correct element name. Signed-off-by: Ján Tomko --- src/conf/domain_conf.c | 4 ++-- 1 file changed, 2 insertio

Re: [libvirt PATCH 0/3] conf: do not use %s as a part of a word in translatable strings

On Mon, Jul 27, 2020 at 03:15:43PM +0200, Ján Tomko wrote: > Ján Tomko (3): > conf: rename 'name' in scheduler parser > conf: pass elementName to virDomainThreadSchedParseHelper > conf: scheduler parser: do not hardcode element name > > src/conf/domain_conf.c | 29 ++

Re: [PATCH v4 1/2] conf: add 'isa' controller type

On Wed, Jul 15, 2020 at 07:25:44PM +0400, Roman Bogorodskiy wrote: > Introduce 'isa' controller type. In domain XML it looks this way: > > ... > > function='0x0'/> > > ... > > Currently, this is needed for the bhyve driver to allow choosing a > specific PCI

Re: [PATCH v4 2/2] bhyve: support 'isa' controller for LPC

On Wed, Jul 15, 2020 at 07:25:45PM +0400, Roman Bogorodskiy wrote: > Support modeling of the 'isa' controller for bhyve. User can manually > define any PCI slot for the 'isa' controller, including PCI slot 1, > but other devices are not allowed to use this address. > > When domain configuration re

Re: [libvirt PATCH 3/3] conf: scheduler parser: do not hardcode element name

On Monday, 27 July 2020 15:15:46 CEST Ján Tomko wrote: > When trying to parse an XML with overlapping iothread scheduler > settings, the error message was rather confusing: > >error: iothreadssched attributes 'vcpus' must not overlap > > Pass the correct element name. > > Signed-off-by: Ján

Re: [PATCH v4 2/2] bhyve: support 'isa' controller for LPC

Daniel P. Berrangé wrote: > On Wed, Jul 15, 2020 at 07:25:45PM +0400, Roman Bogorodskiy wrote: > > Support modeling of the 'isa' controller for bhyve. User can manually > > define any PCI slot for the 'isa' controller, including PCI slot 1, > > but other devices are not allowed to use this addre

Re: [PATCH 00/32] docs: convert formatdomain.html.in to rst and split it up

On Thu, Jul 23, 2020 at 15:21:05 +0200, Peter Krempa wrote: > This is full version of: > > https://www.redhat.com/archives/libvir-list/2020-July/msg00717.html > > where I've split out all the subelements into individual files. > > This version is also based on top of Pavel's rewrite to the meson

Re: [libvirt PATCH 222/351] meson: src: add support for installing libvirt conf and augeas files

On Thu, Jul 16, 2020 at 11:57:38 +0200, Pavel Hrdina wrote: > Signed-off-by: Pavel Hrdina > --- > src/Makefile.am| 5 -- > src/meson.build| 103 + > src/remote/meson.build | 26 +++ > 3 files changed, 129 insertions(+), 5 deletion

Re: [PATCH 06/32] docs: formatdomain: Split out

On 7/27/20 2:58 AM, Peter Krempa wrote: On Fri, Jul 24, 2020 at 11:23:58 -0500, Jonathon Jongsma wrote: On Thu, 2020-07-23 at 15:21 +0200, Peter Krempa wrote: Start splitting the massive document into smaller pieces using the .. include:: directive. Signed-off-by: Peter Krempa --- docs/form

Re: Entering freeze for libvirt-6.6.0

On 7/24/20 5:06 PM, Jiri Denemark wrote: I have just tagged v6.6.0-rc1 in the repository and pushed signed tarballs and source RPMs to https://libvirt.org/sources/ I'm not having much luck finding your public key used for signing. At https://pgp.key-server.io/ I've found 1024D/8A42DBE1 associa

Re: [PATCH 2/2] qemu_capabilities.c: drop 'kvm_pr' support for non-Power8 hosts

On Fri, Jun 19, 2020 at 06:04:33PM -0300, Daniel Henrique Barboza wrote: > PPC64 has two KVM modules: kvm_hv and kvm_pr. The official supported > module was always kvm_hv, while kvm_pr was used for internal testing > or for very niche cases in Power 8 hosts, always without official > IBM or distro

Re: [libvirt PATCH 000/351] port libvirt to Meson build system

On Fri, Jul 17, 2020 at 15:02:10 +0100, Daniel Berrange wrote: > On Thu, Jul 16, 2020 at 03:44:25PM +0200, Pavel Hrdina wrote: > > On Thu, Jul 16, 2020 at 01:59:00PM +0100, Daniel P. Berrangé wrote: > > > Personally I'd really like to avoid squashing them, because splitting > > > up big patches is

Re: Entering freeze for libvirt-6.6.0

On a Monday in 2020, Jim Fehlig wrote: On 7/24/20 5:06 PM, Jiri Denemark wrote: I have just tagged v6.6.0-rc1 in the repository and pushed signed tarballs and source RPMs to https://libvirt.org/sources/ I'm not having much luck finding your public key used for signing. At https://pgp.key-serv

Re: Entering freeze for libvirt-6.6.0

On 7/27/20 10:23 AM, Ján Tomko wrote: On a Monday in 2020, Jim Fehlig wrote: On 7/24/20 5:06 PM, Jiri Denemark wrote: I have just tagged v6.6.0-rc1 in the repository and pushed signed tarballs and source RPMs to https://libvirt.org/sources/ I'm not having much luck finding your public key us

Re: [PATCH 2/2] qemu_capabilities.c: drop 'kvm_pr' support for non-Power8 hosts

On 7/27/20 12:29 PM, Daniel P. Berrangé wrote: On Fri, Jun 19, 2020 at 06:04:33PM -0300, Daniel Henrique Barboza wrote: PPC64 has two KVM modules: kvm_hv and kvm_pr. The official supported module was always kvm_hv, while kvm_pr was used for internal testing or for very niche cases in Power 8

Re: [PATCH 2/2] qemu_capabilities.c: drop 'kvm_pr' support for non-Power8 hosts

On Mon, Jul 27, 2020 at 01:44:07PM -0300, Daniel Henrique Barboza wrote: > > > On 7/27/20 12:29 PM, Daniel P. Berrangé wrote: > > On Fri, Jun 19, 2020 at 06:04:33PM -0300, Daniel Henrique Barboza wrote: > > > PPC64 has two KVM modules: kvm_hv and kvm_pr. The official supported > > > module was al

Re: [PATCH 2/2] qemu_capabilities.c: drop 'kvm_pr' support for non-Power8 hosts

On Mon, 27 Jul 2020 16:29:20 +0100 Daniel P. Berrangé wrote: > On Fri, Jun 19, 2020 at 06:04:33PM -0300, Daniel Henrique Barboza wrote: > > PPC64 has two KVM modules: kvm_hv and kvm_pr. The official supported > > module was always kvm_hv, while kvm_pr was used for internal testing > > or for very

Re: device compatibility interface for live migration with assigned devices

On Mon, 27 Jul 2020 15:24:40 +0800 Yan Zhao wrote: > > > As you indicate, the vendor driver is responsible for checking version > > > information embedded within the migration stream. Therefore a > > > migration should fail early if the devices are incompatible. Is it > > but as I know, curre

Re: [libvirt PATCH 000/351] port libvirt to Meson build system

On Mon, Jul 27, 2020 at 12:11 PM Peter Krempa wrote: > > On Fri, Jul 17, 2020 at 15:02:10 +0100, Daniel Berrange wrote: > > On Thu, Jul 16, 2020 at 03:44:25PM +0200, Pavel Hrdina wrote: > > > On Thu, Jul 16, 2020 at 01:59:00PM +0100, Daniel P. Berrangé wrote: > > > > Personally I'd really like to

Re: [libvirt PATCH 000/351] port libvirt to Meson build system

On Mon, Jul 27, 2020 at 20:43:05 -0400, Neal Gompa wrote: > On Mon, Jul 27, 2020 at 12:11 PM Peter Krempa wrote: > > On Fri, Jul 17, 2020 at 15:02:10 +0100, Daniel Berrange wrote: [...] > > I agree. It's definitely necessary that the build is complete at any > > point in time. > > > > I'm reluct