On 3/3/23 10:44 AM, Daniel P. Berrangé wrote:
On Fri, Mar 03, 2023 at 10:03:02AM -0500, Laine Stump wrote:
On 2/23/23 5:47 AM, Daniel P. Berrangé wrote:
This really isn't difficult to do in the security manager IMHO. It is
just a variation on the existing virSecurityManagerSetChildProcessLabel
On 3/3/23 1:36 PM, Daniel P. Berrangé wrote:
On Fri, Mar 03, 2023 at 10:18:39AM -0800, Andrea Bolognani wrote:
On Fri, Mar 03, 2023 at 06:06:05PM +, Daniel P. Berrangé wrote:
On Fri, Mar 03, 2023 at 09:56:55AM -0800, Andrea Bolognani wrote:
Right, but wouldn't the idea of poking at the fil
On Fri, Mar 03, 2023 at 10:18:39AM -0800, Andrea Bolognani wrote:
> On Fri, Mar 03, 2023 at 06:06:05PM +, Daniel P. Berrangé wrote:
> > On Fri, Mar 03, 2023 at 09:56:55AM -0800, Andrea Bolognani wrote:
> > > Right, but wouldn't the idea of poking at the filesystem to retrieve
> > > the label fr
On Fri, Mar 03, 2023 at 06:06:05PM +, Daniel P. Berrangé wrote:
> On Fri, Mar 03, 2023 at 09:56:55AM -0800, Andrea Bolognani wrote:
> > Right, but wouldn't the idea of poking at the filesystem to retrieve
> > the label from the binary (passt_exec_t) and then applying a text
> > transformation t
On Fri, Mar 03, 2023 at 09:56:55AM -0800, Andrea Bolognani wrote:
> On Fri, Mar 03, 2023 at 05:15:43PM +, Daniel P. Berrangé wrote:
> > On Fri, Mar 03, 2023 at 09:06:38AM -0800, Andrea Bolognani wrote:
> > > > > Since we know that we're launching passt and not some other random
> > > > > helper
On Fri, Mar 03, 2023 at 05:15:43PM +, Daniel P. Berrangé wrote:
> On Fri, Mar 03, 2023 at 09:06:38AM -0800, Andrea Bolognani wrote:
> > > > Since we know that we're launching passt and not some other random
> > > > helper, why can't we simply use passt_t directly here? It feels like
> > > > tha
On Fri, Mar 03, 2023 at 09:06:38AM -0800, Andrea Bolognani wrote:
> On Fri, Mar 03, 2023 at 03:47:23PM +, Daniel P. Berrangé wrote:
> > On Fri, Mar 03, 2023 at 07:23:41AM -0800, Andrea Bolognani wrote:
> > > I'm in no way a SELinux expert, but the idea of figuring out the
> > > runtime label fo
On Fri, Mar 03, 2023 at 03:47:23PM +, Daniel P. Berrangé wrote:
> On Fri, Mar 03, 2023 at 07:23:41AM -0800, Andrea Bolognani wrote:
> > I'm in no way a SELinux expert, but the idea of figuring out the
> > runtime label for the process based on information found on the
> > filesystem makes me un
On Fri, Mar 03, 2023 at 07:23:41AM -0800, Andrea Bolognani wrote:
> On Fri, Mar 03, 2023 at 10:03:02AM -0500, Laine Stump wrote:
> > On 2/23/23 5:47 AM, Daniel P. Berrangé wrote:
> > > This really isn't difficult to do in the security manager IMHO. It is
> > > just a variation on the existing virSe
On Fri, Mar 03, 2023 at 10:03:02AM -0500, Laine Stump wrote:
> On 2/23/23 5:47 AM, Daniel P. Berrangé wrote:
> >
> > This really isn't difficult to do in the security manager IMHO. It is
> > just a variation on the existing virSecurityManagerSetChildProcessLabel
> > method, which instead of using
On Fri, Mar 03, 2023 at 10:03:02AM -0500, Laine Stump wrote:
> On 2/23/23 5:47 AM, Daniel P. Berrangé wrote:
> > This really isn't difficult to do in the security manager IMHO. It is
> > just a variation on the existing virSecurityManagerSetChildProcessLabel
> > method, which instead of using the s
On 2/23/23 5:47 AM, Daniel P. Berrangé wrote:
On Thu, Feb 23, 2023 at 11:40:00AM +0100, Jiri Denemark wrote:
On Wed, Feb 22, 2023 at 14:21:29 +0100, Stefano Brivio wrote:
qemuSecurityCommandRun() causes an explicit domain transition of the
new process, but passt ships with its own SELinux polic
Some APIs (migration, save/restore, snapshot, ...) require a domain to
be suspended temporarily. In case resuming the domain fails, the domain
will be unexpectedly left paused when the API finishes. This situation
is reported via VIR_DOMAIN_EVENT_SUSPENDED event with
VIR_DOMAIN_EVENT_SUSPENDED_API_
Other APIs that internally use QEMU migration and need to temporarily
suspend a domain already report failure to resume vCPUs by setting
VIR_DOMAIN_PAUSED_API_ERROR state reason and emitting
VIR_DOMAIN_EVENT_SUSPENDED event with
VIR_DOMAIN_EVENT_SUSPENDED_API_ERROR.
Let's do the same in qemuMigrat
Signed-off-by: Jiri Denemark
---
include/libvirt/libvirt-domain.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-domain.h
index 5152ed4551..53cab6bd4c 100644
--- a/include/libvirt/libvirt-domain.h
+++ b/include/libvir
See patch 2/3 for details.
Jiri Denemark (3):
Clarify VIR_DOMAIN_EVENT_SUSPENDED_API_ERROR semantics
Introduce VIR_DOMAIN_PAUSED_API_ERROR
qemu_migration: Use VIR_DOMAIN_PAUSED_API_ERROR
include/libvirt/libvirt-domain.h | 3 ++-
src/conf/domain_conf.c | 1 +
src/qemu/qemu_domai
Both functions always return 0.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_capabilities.c | 23 ---
1 file changed, 8 insertions(+), 15 deletions(-)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 35f8e9828a..826293a879 100644
--- a/src/qemu
The function now can't fail.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_capabilities.c | 3 ---
tests/qemucapabilitiestest.c | 3 +--
tests/testutilsqemu.c| 10 ++
3 files changed, 3 insertions(+), 13 deletions(-)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_ca
All tests were converted to use real capabilities so there's no need to
support the infrastructure for fake tests.
Signed-off-by: Peter Krempa
---
tests/testutilsqemu.c | 7 ---
1 file changed, 7 deletions(-)
diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c
index b54bb43731..c5057
Convert the only outstanding test case for a 'sparc' machine to modern
test infrastructure.
'sparc' machine type also needs to be added to the list of supported
arches in testQemuGetLatestCaps.
Signed-off-by: Peter Krempa
---
.../{sparc-minimal.args => sparc-minimal.sparc-latest.args}| 1 +
All tests were converted to use real capabilities so there's no need to
support the infrastructure for fake tests.
Signed-off-by: Peter Krempa
---
tests/testutilsqemu.c | 8
1 file changed, 8 deletions(-)
diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c
index c5057fb051..8006
'qemu-system-aarch64' is superset of the soon to be deprecated
'qemu-system-arm' binary. We can move over all of our fake-caps tests to
real caps on aarch64.
Signed-off-by: Peter Krempa
---
... aarch64-kvm-32-on-64.aarch64-latest.args} | 15 --
.../qemuxml2argvdata/aarch64-kvm-32-on-64.xml |
Signed-off-by: Peter Krempa
---
src/qemu/qemu_capabilities.c | 5 +
src/qemu/qemu_capabilities.h | 2 +-
tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml | 1 -
tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml | 1 -
tests/qemucapabilitiesdata/caps_
Convert the 'ppc-dtb' and 'ppce500-serial' to use real capabilities
albeit captured from a non-native machine. Thus the XML needs to be
converted to use virt type 'qemu'.
Signed-off-by: Peter Krempa
---
.../{ppc-dtb.args => ppc-dtb.ppc-latest.args}| 12 +++-
tests/qemuxml2argvdat
We always assert the flag for aarch64 qemus and in qemu the 'aarch64'
cpu property doesn't seem to be optional.
Remove checks and remove impossible test case.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_validate.c| 9 -
tests/qemuxml2argvdata/aarch64-kvm-32-on-
All tests were converted to use real capabilities so there's no need to
support the infrastructure for fake tests.
Signed-off-by: Peter Krempa
---
tests/testutilsqemu.c | 5 -
1 file changed, 5 deletions(-)
diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c
index 54fa347d18..1f1f5ef
Preserve testing of the MMIO use case in case when GPEX is complied out
of qemu.
Signed-off-by: Peter Krempa
---
...s => riscv64-virt-pci.riscv64-latest.args} | 8 +---
args => riscv64-virt.riscv64-latest.args} | 10 ++
tests/qemuxml2argvtest.c | 10 ++--
In certain cases we want to use as-real capabilities as possible but
that doesn't allow testing certain fallback scenarios of features that
can be complied out of QEMU.
ARG_QEMU_CAPS_DEL can be used similarly to ARG_QEMU_CAPS but the flag
arguments are actually masked out of the resulting caps.
S
Rather that populate a virQEMUCaps object we now populate a bitmap with
the fake capabilities and transfer it into the virQEMUCaps later.
This unifies the code paths between the fully fake caps tests and real
caps + fake flags.
Also the same approach will be used in upcomming patch to add
possibi
There's just one case when we're populating the cache with empty caps so
that can allocate a dummy virQEMUCaps object rather than having the
logic inside qemuTestCapsCacheInsertImpl.
Signed-off-by: Peter Krempa
---
tests/testutilsqemu.c | 12 ++--
1 file changed, 6 insertions(+), 6 delet
The function now always returns 0.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_capabilities.c | 11 ---
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 5341f5c1da..aba52cc10d 100644
--- a/src/qemu/qemu_capa
The function can't fail at this point. Remove the last outstanding
pointless error check and turn the return type into 'void'.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_capabilities.c | 12
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/src/qemu/qemu_capabilities.
Make all callers always pass a valid pointer which in turn allows us to
remove return value check from the callers.
Signed-off-by: Peter Krempa
---
src/conf/cpu_conf.c | 7 +--
src/conf/cpu_conf.h | 3 ++-
src/cpu/cpu_ppc64.c | 8 ++--
src/cpu/cp
Make all callers always pass a valid pointer which in turn allows us to
remove return value check from the callers.
Signed-off-by: Peter Krempa
---
src/conf/cpu_conf.c | 7 +++
src/conf/cpu_conf.h | 3 ++-
src/cpu/cpu_arm.c | 5 +
src/cpu/cpu_s390.c | 5 +
src/
The functions were always returning 0.
Signed-off-by: Peter Krempa
---
src/conf/cpu_conf.c | 11 ---
src/conf/cpu_conf.h | 4 ++--
src/cpu/cpu_arm.c| 3 +--
src/cpu/cpu_s390.c | 3 +--
src/cpu/cpu_x86.c| 11 +--
src/qemu/qemu
All tests were converted to use real capabilities so there's no need to
support the infrastructure for fake tests.
Signed-off-by: Peter Krempa
---
tests/testutilsqemu.c | 6 --
1 file changed, 6 deletions(-)
diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c
index b22540dfa4..b5bf68
Do the two fixups of CPU as one block and split up the return value
checks to separate conditions. This will make the upcoming refactors
simpler.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_domain.c | 32 ++--
1 file changed, 18 insertions(+), 14 deletions(-)
diff
Make callers use virFileCacheClear to clear the cache before populating
it rather than trying to overwrite what's in it.
Signed-off-by: Peter Krempa
---
tests/qemusecuritytest.c | 2 ++
tests/qemustatusxml2xmltest.c | 2 ++
tests/qemuxml2argvtest.c | 2 ++
tests/qemuxml2xmltest.c
The allocation of the object itself can't fail. What can fail is the
creation of the class on a programmign error. Rather than punting the
error up the stack abort() directly on the first occurence as the error
can't be fixed during runtime.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_capabili
Both 'kvm_machines' and 'qemu_machines' now have the same members so we
can simply drop kvm_machines.
Signed-off-by: Peter Krempa
---
tests/testutilsqemu.c | 62 +++
1 file changed, 22 insertions(+), 40 deletions(-)
diff --git a/tests/testutilsqemu.c b/te
In tests we need to be able to populate the cache with a deterministic
set of entries. This means we need to drop the contents of the cache
between runs to prevent spillage between test cases.
virFileCacheClear drops all entries from the hash table used for the
cache.
Signed-off-by: Peter Krempa
Real capabilities populate the binary name, while fake don't. We can
directly insert the capabilities using the real binary name.
This will allow to remove 'qemu_emulators' entries once all tests are
converted to real capabilties.
Signed-off-by: Peter Krempa
---
tests/testutilsqemu.c | 34 +
All tests were converted to use real capabilities so there's no need to
support the infrastructure for fake tests.
Signed-off-by: Peter Krempa
---
tests/testutilsqemu.c | 6 --
1 file changed, 6 deletions(-)
diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c
index 6d2d2dc83e..3acad3
Use x86_64 emulator and machine and remove the nocaps version of the
test.
Fixes: 80a37e96a95
Signed-off-by: Peter Krempa
---
tests/qemuxml2argvdata/serial-unix-missing-source.err | 1 -
.../serial-unix-missing-source.x86_64-latest.err | 2 +-
tests/qemuxml2argvdata/serial-u
Integrate the two special cases used for schema testing into the more
useful qemuxml2argvtest, whose input data is still tested against the
schema.
Add also a xml output variant.
Signed-off-by: Peter Krempa
---
tests/domainschemadata/default-cache-mode.xml | 26
.../domain-disk-sou
The schema tested by removed test cases is tested by other, more useful,
test cases:
- 'maxMemory'
- qemuxmlargvdata/memory-hotplug*
- 'backingChains'
- qemuxmlargvdata/disk-backing-chains*
- 'timers'
- qemuxml2argvdata/kvm-pit-delay.xml
- qemuxml2argvdata/clock-catchup.xml
- '
The idea of this series is to start cleaning out fake caps testing as
much as possible in favor of real capabilities (as much as possible).
The end goal is to replace all fake caps test cases with real caps.
This series was inspired by the effort to remove/deprecate
qemu-system-i386 and qemu-syst
On Thu, Mar 02, 2023 at 04:59:36PM +0100, Michal Prívozník wrote:
> On 2/15/23 11:42, Andrea Bolognani wrote:
> > +static int
> > +qemuDomainDefBootPostParse(virDomainDef *def,
> > + virQEMUDriverConfig *cfg)
> > +{
> > +if (def->os.bootloader || def->os.bootloaderArgs
Hello!
On Fri, 2023-03-03 at 10:48 +0100, Thomas Huth wrote:
> x86 ==> deprecate both, user and system emulation support on
> 32-bit hosts
> arm ==> deprecate only system emulation on 32-bit hosts.
I would recommend against dropping support for 32-bit hosts for qemu-user
as there are som
Hi Thomas!
On Fri, 2023-03-03 at 12:22 +0100, Thomas Huth wrote:
> The ticket is very long and hard to read, but ... oh my, does that mean you
> need to compile qemu-user in 32-bit mode on a 64-bit x86 host to properly
> run 32-bit binaries from other architectures? ... uh, that's ugly ... and
On Fri, Mar 03, 2023 at 12:31:42PM +0100, Thomas Huth wrote:
> On 03/03/2023 12.16, Peter Maydell wrote:
> > On Thu, 2 Mar 2023 at 16:31, Thomas Huth wrote:
> > >
> > > qemu-system-aarch64 is a proper superset of qemu-system-arm,
> > > and the latter was mainly still required for 32-bit KVM suppo
On 03/03/2023 12.16, Peter Maydell wrote:
On Thu, 2 Mar 2023 at 16:31, Thomas Huth wrote:
qemu-system-aarch64 is a proper superset of qemu-system-arm,
and the latter was mainly still required for 32-bit KVM support.
But this 32-bit KVM arm support has been dropped in the Linux
kernel a couple
On Fri, 3 Mar 2023 at 11:09, John Paul Adrian Glaubitz
wrote:
>
> Hello!
>
> On Fri, 2023-03-03 at 10:48 +0100, Thomas Huth wrote:
> > x86 ==> deprecate both, user and system emulation support on
> > 32-bit hosts
> > arm ==> deprecate only system emulation on 32-bit hosts.
>
> I would rec
On 03/03/2023 12.09, John Paul Adrian Glaubitz wrote:
Hello!
On Fri, 2023-03-03 at 10:48 +0100, Thomas Huth wrote:
x86 ==> deprecate both, user and system emulation support on
32-bit hosts
arm ==> deprecate only system emulation on 32-bit hosts.
I would recommend against dropping su
On Thu, 2 Mar 2023 at 16:31, Thomas Huth wrote:
>
> qemu-system-aarch64 is a proper superset of qemu-system-arm,
> and the latter was mainly still required for 32-bit KVM support.
> But this 32-bit KVM arm support has been dropped in the Linux
> kernel a couple of years ago already, so we don't re
On 3/3/23 11:14, Thomas Huth wrote:
Hardly anybody still uses 32-bit x86 environments for running QEMU,
so let's stop wasting our scarce CI minutes with these jobs.
(There are still the 32-bit MinGW and TCI jobs around for having
some compile test coverage on 32-bit, and the dockerfile can stay
qemu-system-aarch64 is a proper superset of qemu-system-arm,
and the latter was mainly still required for 32-bit KVM support.
But this 32-bit KVM arm support has been dropped in the Linux
kernel a couple of years ago already, so we don't really need
qemu-system-arm anymore, thus deprecated it now.
Hardly anybody still uses 32-bit arm environments for running QEMU,
so let's stop wasting our scarce CI minutes with these jobs.
Reviewed-by: Daniel P. Berrangé
Reviewed-by: Philippe Mathieu-Daudé
Reviewed-by: Wilfred Mallawa
Signed-off-by: Thomas Huth
---
.gitlab-ci.d/crossbuilds.yml | 14 --
For running QEMU in system emulation mode, the user needs a rather
strong host system, i.e. not only an embedded low-frequency controller.
All recent beefy arm host machines should support 64-bit now, it's
unlikely that anybody is still seriously using QEMU on a 32-bit arm
CPU, so we deprecate the
Hardly anybody still uses 32-bit x86 environments for running QEMU,
so let's stop wasting our scarce CI minutes with these jobs.
(There are still the 32-bit MinGW and TCI jobs around for having
some compile test coverage on 32-bit, and the dockerfile can stay
in case someone wants to reproduce a f
Hardly anybody still uses 32-bit x86 hosts today, so we should start
deprecating them to stop wasting our time and CI minutes here.
For example, there are also still some unresolved problems with these:
When emulating 64-bit binaries in user mode, TCG does not honor atomicity
for 64-bit accesses, w
Aside from not supporting KVM on 32-bit hosts, the qemu-system-x86_64
binary is a proper superset of the qemu-system-i386 binary. With the
32-bit host support being deprecated, it is now also possible to
deprecate the qemu-system-i386 binary.
With regards to 32-bit KVM support in the x86 Linux ker
We're struggling quite badly with our CI minutes on the shared
gitlab runners, so we urgently need to think of ways to cut down
our supported build and target environments. qemu-system-i386 and
qemu-system-arm are not really required anymore, since nobody uses
KVM on the corresponding systems for p
On a Tuesday in 2023, Peter Krempa wrote:
Peter Krempa (6):
remote_protocol: Fix list of supported ACL object names
apibuild: Add infrastructure for generating ACL flag info into
function docs
scripts/apibuild: Extract and format API ACLs
docs/newapi.xsl: Take API flag data from libvirt-ap
On a Monday in 2023, Michal Privoznik wrote:
Way back, in v6.2.0-rc1~67 we removed the code that reads slip's
*slirp
stderr on failed startup. However, we forgot to remove
corresponding virCommandSetErrorFD() call and variable
declaration. Do that now.
While this may seem like a step in wron
On a Monday in 2023, Michal Privoznik wrote:
In a lot of places we catch errors from qemuSecurityCommandRun() only to
produce an error report. But we can let virCommand module do the same.
Michal Prívozník (4):
qemu_slirp: Don't set errfd when starting slirp helper
qemu: Don't overwrite error
On 02/03/2023 23.07, Philippe Mathieu-Daudé wrote:
On 2/3/23 17:31, Thomas Huth wrote:
We're struggling quite badly with our CI minutes on the shared
gitlab runners, so we urgently need to think of ways to cut down
our supported build and target environments. qemu-system-i386 and
qemu-system-arm
On a Wednesday in 2023, Jonathon Jongsma wrote:
This function allows you to specify a default value to return if the
property is not found rather than always setting *result to 0.
Signed-off-by: Jonathon Jongsma
---
src/conf/cpu_conf.c| 9 +++--
src/conf/domain_conf.c | 6 +-
src/co
On a Wednesday in 2023, Jonathon Jongsma wrote:
Ensure that new virDomainVideoDef objects have their 'type' set to
VIR_DOMAIN_VIDEO_TYPE_DEFAULT and remove places that this value is set
after construction. Since virDomainVideoDefNew() uses g_new0() allocate
the instance, all fields are initialize
On Thu, 2023-03-02 at 17:31 +0100, Thomas Huth wrote:
> Hardly anybody still uses 32-bit arm environments for running QEMU,
> so let's stop wasting our scarce CI minutes with these jobs.
>
> Signed-off-by: Thomas Huth
> ---
> .gitlab-ci.d/crossbuilds.yml | 14 --
> 1 file changed, 14
On Thu, 2023-03-02 at 17:31 +0100, Thomas Huth wrote:
> Hardly anybody still uses 32-bit x86 hosts today, so we should start
> deprecating them to stop wasting our time and CI minutes here.
> For example, there are also still some unresolved problems with
> these:
> When emulating 64-bit binaries i
On Thu, 2023-03-02 at 17:31 +0100, Thomas Huth wrote:
> For running QEMU in system emulation mode, the user needs a rather
> strong host system, i.e. not only an embedded low-frequency
> controller.
> All recent beefy arm host machines should support 64-bit now, it's
> unlikely that anybody is stil
On Thu, 2023-03-02 at 17:31 +0100, Thomas Huth wrote:
> qemu-system-aarch64 is a proper superset of qemu-system-arm,
> and the latter was mainly still required for 32-bit KVM support.
> But this 32-bit KVM arm support has been dropped in the Linux
> kernel a couple of years ago already, so we don't
On Thu, 2023-03-02 at 17:31 +0100, Thomas Huth wrote:
> Hardly anybody still uses 32-bit x86 environments for running QEMU,
> so let's stop wasting our scarce CI minutes with these jobs.
>
> Signed-off-by: Thomas Huth
> ---
> .gitlab-ci.d/crossbuilds.yml | 16
> 1 file changed,
On Thu, 2023-03-02 at 18:05 +, Daniel P. Berrangé wrote:
> On Thu, Mar 02, 2023 at 05:31:01PM +0100, Thomas Huth wrote:
> > Hardly anybody really requires the i386 binary anymore, since the
> > qemu-system-x86_64 binary is a proper superset. So let's deprecate
> > the 32-bit variant now, so tha
75 matches
Mail list logo
