Downstream CI recently encountered failures of libxlxml2domconfigtest when
building libvirt packages against Xen 4.17 rc3 packages. The test fails on
vnuma_hvm config, where suddently the actual json produced by
libxl_domain_config_to_json() contains a 'pnode' entry in the 'vnuma_nodes'
list, which
From: Michal Privoznik
As advertised in previous commits, QEMU needs to access
/dev/sgx_vepc and /dev/sgx_provision files when SGX memory
backend is configured. And if it weren't for QEMU's namespaces,
we wouldn't dare to relabel them, because they are system wide
files. But if namespaces are use
According to the result parsing from xml, add the argument of
SGX EPC memory backend into QEMU command line.
$ qemu-system-x86_64 \
.. \
-object
'{"qom-type":"memory-backend-epc","id":"memepc0","prealloc":true,"size":67108864,"host-nodes":[0,1],"policy":"bind"}'
\
-object
'{"qom
...
0-1
512
0
...
Signed-off-by: Lin Yang
Signed-off-by: Michal Privoznik
Signed-off-by: Haibin Huang
---
docs/formatdomain.rst | 25 ++-
src/conf/domain_conf.c| 30 +
src/conf/domain_
From: Michal Privoznik
This is similar to the previous commit. SGX memory backend needs
to access /dev/sgx_vepc and /dev/sgx_provision. Create these
nodes in domain's private /dev when required by domain's config.
Signed-off-by: Michal Privoznik
Signed-off-by: Haibin Huang
---
src/qemu/qemu_n
From: Haibin Huang
Extend hypervisor capabilities to include sgx feature. When available,
the hypervisor supports launching an VM with SGX on Intel platfrom.
The SGX feature tag privides additional details like section size and
sgx1 or sgx2.
Signed-off-by: Haibin Huang
Signed-off-by: Michal Pri
From: Haibin Huang
Generate the QMP command for query-sgx-capabilities and the command
return SGX capabilities from QMP.
{"execute":"query-sgx-capabilities"}
the right reply:
{"return":
{
"sgx": true,
"section-size": 197132288,
"flc": true
}
}
the error reply:
{
From: Michal Privoznik
SGX memory backend needs to access /dev/sgx_vepc (which allows
userspace to allocate "raw" EPC without an associated enclave)
and /dev/sgx_provision (which allows creating provisioning
enclaves). Allow these two devices in CGroups if a domain is
configured so.
Signed-off-b
From: Haibin Huang
the QMP capabilities:
{"return":
{
"sgx": true,
"section-size": 1024,
"flc": true
}
}
the domain capabilities:
yes
1
Signed-off-by: Michal Privoznik
Signed-off-by: Haibin Huang
---
src/qemu/qemu_capabilities.c |
From: Haibin Huang
Signed-off-by: Michal Privoznik
Reviewed-by: Peter Krempa
Signed-off-by: Haibin Huang
---
src/conf/domain_capabilities.c | 11 +++
src/conf/domain_capabilities.h | 22 ++
src/libvirt_private.syms | 1 +
3 files changed, 34 insertions(+)
d
Diff to v16:
* Included SGX EPC in the calculation and validation of maximum
memory space in qemuDomainDefValidateMemoryHotplug. Removed
all hacking in this function, but only skip
qemuDomainDefValidateMemoryHotplugDevice validation for SGX EPC,
since it is not hotpluggable.
* Added SGX fie
On 11/9/22, 11:37 PM, "Peter Krempa" wrote:
> On Thu, Nov 10, 2022 at 06:09:46 +, Yang, Lin A wrote:
> > On 11/8/22, 5:16 AM, "Peter Krempa" wrote:
> > > On Tue, Nov 08, 2022 at 12:25:26 +, Daniel P. Berrangé wrote:
> > > > On Fri, Oct 14, 2022 at 01:12:28PM +0200, Michal Prívozník wrote:
Signed-off-by: Eric Garver
---
libvirt.spec.in| 1 +
src/network/libvirt-nat-out.policy | 13 +
src/network/libvirt-to-host.policy | 1 +
src/network/meson.build| 5 +
4 files changed, 20 insertions(+)
create mode 100644 src/network/libvirt-nat-
The firewalld backend for routed networks can now use a native
implementation. The hybrid of iptables + firewalld is no longer
necessary. When full native firewalld is in use there are zero iptables
rules add by libvirt.
This is accomplished by returning early in networkAddFirewallRules() and
avoi
This zone will be used for the NAT network by default.
Note that this zone definition omits "forward" aka intra-zone
forwarding, because it requires firewalld >= 0.9.0.
Signed-off-by: Eric Garver
---
libvirt.spec.in | 1 +
src/network/libvirt-nat.zone | 10 ++
src/network/
Signed-off-by: Eric Garver
---
src/libvirt_private.syms | 1 +
src/util/virfirewalld.c | 44
src/util/virfirewalld.h | 4
3 files changed, 49 insertions(+)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index c5882c535210..8fddb
This factors out the firewalld pieces of the iptables + firewalld
backend.
Signed-off-by: Eric Garver
---
src/network/bridge_driver_linux.c | 117 --
1 file changed, 61 insertions(+), 56 deletions(-)
diff --git a/src/network/bridge_driver_linux.c
b/src/network/bridg
This series further improves the firewalld backend by converting to a
fully native implementation for NAT and routed networks. That is, there
are no iptables rules added by libvirt when the running firewalld is
0.9.0 or later.
The major advantage is that firewalld users can use firewall-cmd to
fil
If the running firewalld doesn't support getPolicies() then we fallback
to the "libvirt" zone. Throwing an error log is excessive since we
gracefully fallback.
Avoids these logs:
error : virGDBusCallMethod:242 : error from service: \
GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod
Fixes: ab
Signed-off-by: Eric Garver
---
src/libvirt_private.syms | 1 +
src/util/virfirewalld.c | 24
src/util/virfirewalld.h | 2 ++
3 files changed, 27 insertions(+)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 97ff2a43e48a..c5882c535210 100644
---
Use the new "libvirt-nat" zone for native NAT networks.
The "libvirt" zone is still in use, but only to handle DHCP packets.
Those won't be dispatched to the "libvirt-zone" because said zone is
using sources (instead of interfaces). DHCP packets don't have a valid
source address.
The use of "libv
On 11/10/22 11:32, Andrea Bolognani wrote:
> On Thu, Nov 10, 2022 at 08:57:25AM +, Daniel P. Berrangé wrote:
>> On Wed, Nov 09, 2022 at 09:17:08PM +0100, Olaf Hering wrote:
>>> Wed, 9 Nov 2022 09:04:12 -0800 Andrea Bolognani :
Olaf, can you please remind me why the files we dropped were
>>
On 11/10/22 10:36, christian.ehrha...@canonical.com wrote:
> From: Christian Ehrhardt
>
> Certain udev entries might be of a size that makes libudev emit EINVAL
> which right now leads to udevEventHandleThread exiting. Due to no more
> handling events other elements of libvirt will start pushing
On 11/9/22 18:18, Peter Krempa wrote:
> JSON args for -netdev were added as precursor for adding the 'dgram'
> network backend type. Enable the detection and update test cases using
> DO_TEST_CAPS_LATEST.
>
> Enabling the capability also ensures that the -netdev argument is
> validated against the
On Thu, Nov 10, 2022 at 08:57:25AM +, Daniel P. Berrangé wrote:
> On Wed, Nov 09, 2022 at 09:17:08PM +0100, Olaf Hering wrote:
> > Wed, 9 Nov 2022 09:04:12 -0800 Andrea Bolognani :
> > > Olaf, can you please remind me why the files we dropped were
> > > problematic but these ones apparently are
From: Christian Ehrhardt
Certain udev entries might be of a size that makes libudev emit EINVAL
which right now leads to udevEventHandleThread exiting. Due to no more
handling events other elements of libvirt will start pushing for events
to be consumed which never happens causing a busy loop bur
On Wed, Nov 09, 2022 at 09:17:08PM +0100, Olaf Hering wrote:
> Wed, 9 Nov 2022 09:04:12 -0800 Andrea Bolognani :
>
> > Olaf, can you please remind me why the files we dropped were
> > problematic but these ones apparently aren't?
>
> These are equally problematic because they are owned by the adm
On Wed, Nov 09, 2022 at 18:18:16 +0100, Peter Krempa wrote:
> JSON args for -netdev were added as precursor for adding the 'dgram'
> network backend type. Enable the detection and update test cases using
> DO_TEST_CAPS_LATEST.
>
> Enabling the capability also ensures that the -netdev argument is
>
28 matches
Mail list logo
