Commit dbf1f68410 ("security: do not remember/recall labels for VFIO")
rightly changed the DAC and SELinux labeling parameters to fix a problem
with "VFIO hostdevs" but really only addressed the PCI codepaths.
As a result, we can still encounter this with VFIO MDEVs such as
vfio-ccw and vfio-ap,
On Fri, Mar 31, 2023 at 05:56:52PM +0200, Jiri Denemark wrote:
> On Fri, Mar 31, 2023 at 16:52:50 +0100, Daniel P. Berrangé wrote:
> > On Fri, Mar 31, 2023 at 05:43:16PM +0200, Jiri Denemark wrote:
> > > On Fri, Mar 31, 2023 at 16:26:42 +0100, Daniel P. Berrangé wrote:
> > > > On Thu, Mar 30, 2023
On Fri, Mar 31, 2023 at 16:52:50 +0100, Daniel P. Berrangé wrote:
> On Fri, Mar 31, 2023 at 05:43:16PM +0200, Jiri Denemark wrote:
> > On Fri, Mar 31, 2023 at 16:26:42 +0100, Daniel P. Berrangé wrote:
> > > On Thu, Mar 30, 2023 at 11:37:55AM +0200, Jiri Denemark wrote:
> > > > On Mon, Mar 27, 2023
On Fri, Mar 31, 2023 at 05:43:16PM +0200, Jiri Denemark wrote:
> On Fri, Mar 31, 2023 at 16:26:42 +0100, Daniel P. Berrangé wrote:
> > On Thu, Mar 30, 2023 at 11:37:55AM +0200, Jiri Denemark wrote:
> > > On Mon, Mar 27, 2023 at 15:37:34 +0100, Daniel P. Berrangé wrote:
> > > > On Mon, Mar 27, 2023
On Fri, Mar 31, 2023 at 16:26:42 +0100, Daniel P. Berrangé wrote:
> On Thu, Mar 30, 2023 at 11:37:55AM +0200, Jiri Denemark wrote:
> > On Mon, Mar 27, 2023 at 15:37:34 +0100, Daniel P. Berrangé wrote:
> > > On Mon, Mar 27, 2023 at 01:08:09PM +0200, Jiri Denemark wrote:
> > > > On Fri, Mar 10, 2023
On Thu, Mar 30, 2023 at 11:37:55AM +0200, Jiri Denemark wrote:
> On Mon, Mar 27, 2023 at 15:37:34 +0100, Daniel P. Berrangé wrote:
> > On Mon, Mar 27, 2023 at 01:08:09PM +0200, Jiri Denemark wrote:
> > > On Fri, Mar 10, 2023 at 17:14:32 +, Daniel P. Berrangé wrote:
> > > > Even if fixed, it
On Fri, Mar 31, 2023 at 03:48:44PM +0200, Martin Kletzander wrote:
> Signed-off-by: Martin Kletzander
> ---
> Not pushing as trivial since after today I am so unsure and it's pre-release
> time =)
It is only the test name that gets printed out on console
>
> tests/vircryptotest.c | 2 +-
> 1
Signed-off-by: Martin Kletzander
---
Not pushing as trivial since after today I am so unsure and it's pre-release
time =)
tests/vircryptotest.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/vircryptotest.c b/tests/vircryptotest.c
index 9fbaf2f636e5..9ffe70756e6e
Indent the example XML block so that it belongs to the paragraph talking
about it.
Signed-off-by: Peter Krempa
---
docs/formatdomain.rst | 42 --
1 file changed, 20 insertions(+), 22 deletions(-)
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
Implement the support for the persisted poll parameters and remove
restrictions on saving config when modifying them during runtime.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_command.c | 18 +++
src/qemu/qemu_driver.c| 30
Currently we allow configuring the 'poll-max-ns', 'poll-grow', and
'poll-shrink' parameters of qemu iothreads only during runtime and they
are not persisted. Add XML machinery to persist them.
Signed-off-by: Peter Krempa
---
docs/formatdomain.rst | 11 -
Peter Krempa (3):
conf: Store the iothread 'poll' settings in the XML
qemu: Use configured iothread poll parameters on startup
docs: formatdomain: Properly indent example XML for setting
'metadata_cache'
docs/formatdomain.rst | 53 +++
Use real capabilities.
Signed-off-by: Peter Krempa
---
...ch-virt-console-native.aarch64-latest.xml} | 4 +++
...ch-virt-console-virtio.aarch64-latest.xml} | 16 +++-
...-serial+console-native.aarch64-latest.xml} | 4 +++
...ach-virt-serial-compat.aarch64-latest.xml} | 4 +++
Replace them with full files so that potential fallout from conversion
to real capabilities is more obvious and the test is simpler to add.
Signed-off-by: Peter Krempa
---
.../mach-virt-console-native.xml | 33 ++-
.../mach-virt-serial+console-native.xml | 33
Signed-off-by: Peter Krempa
---
...ch64-aavmf-virtio-mmio.aarch64-latest.xml} | 1 +
... => aarch64-pci-serial.aarch64-latest.xml} | 19 ++-
...arch64-traditional-pci.aarch64-latest.xml} | 3 ++
... aarch64-video-default.aarch64-latest.xml} | 22 ++---
Upcoming patch will be modifying all of them to use real capabilities.
This way it will be more obvious what will change.
Keeping the symlinks around is tedious for humans to do. Waste some
storage instead.
Signed-off-by: Peter Krempa
---
.../aarch64-gic-default-both.xml | 26
Use real capabilities.
Signed-off-by: Peter Krempa
---
...h-virt-console-native.aarch64-latest.args} | 7 +++-
...h-virt-console-virtio.aarch64-latest.args} | 13 +--
...serial+console-native.aarch64-latest.args} | 7 +++-
...ch-virt-serial-compat.aarch64-latest.args} | 7 +++-
All supported qemu versions at this point support both 'qemu-xhci' and
'nec-xhci' controllers. To allow using real capabilities restructure the
tests so that we test both controllers explicitly as well as the
selection of the default model.
Also add a xml2xml test invocation of the unified test.
Now that all tests were converted to use real capabilities we don't need
it any more. Remove it so that no new tests are added with it.
Signed-off-by: Peter Krempa
---
tests/testutilsqemu.c | 6 --
1 file changed, 6 deletions(-)
diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c
Use real capabilities for them.
Signed-off-by: Peter Krempa
---
...h64-aavmf-virtio-mmio.aarch64-latest.args} | 20 +-
...rch64-cpu-passthrough.aarch64-latest.args} | 10 +++--
...=> aarch64-pci-serial.aarch64-latest.args} | 15 ---
...arch64-tpm-wrong-model.aarch64-latest.err} | 0
Use real capabilities for them.
Signed-off-by: Peter Krempa
---
...rch64-gic-default-both.aarch64-latest.xml} | 1 +
...aarch64-gic-default-v2.aarch64-latest.xml} | 1 +
...aarch64-gic-default-v3.aarch64-latest.xml} | 1 +
...=> aarch64-gic-default.aarch64-latest.xml} | 1 +
The fake-caps version was kept as an example that the code behaves the
same with real capabilities. Now it's not needed any more.
Signed-off-by: Peter Krempa
---
.../aarch64-virtio-pci-manual-addresses.args | 47
tests/qemuxml2argvtest.c | 10 ---
With all supported qemu versions we'll pick PCIe to use for the implicit
address busses (those lacking an explicit controller) and thus the
addresses must reflect that.
Update the test to add the new flags, and fix the addresses.
Additionally add a real-caps version of the test.
Signed-off-by:
Use real caps and clear out flags for PCIe so that we have a real-ish
example of an aarch64 machine using mmio.
Signed-off-by: Peter Krempa
---
...ch64-virt-virtio-MMIO.aarch64.latest.args} | 20 ++-
tests/qemuxml2argvtest.c | 12 +++
2 files
Make the output changes of upcoming modernization more visible.
Signed-off-by: Peter Krempa
---
.../mach-virt-console-native.args | 32 ++-
.../mach-virt-serial+console-native.args | 32 ++-
.../mach-virt-serial-compat.args | 32
Use real capabilities and mask-out support for PCIe.
Signed-off-by: Peter Krempa
---
...e.args => balloon-mmio-deflate.aarch64-latest.args} | 8 +---
tests/qemuxml2argvtest.c | 10 +++---
2 files changed, 12 insertions(+), 6 deletions(-)
rename
Signed-off-by: Peter Krempa
---
.../aarch64-gic-default-both.args | 6 +-
.../aarch64-gic-default-v2.args | 6 +-
.../aarch64-gic-default-v3.args | 6 +-
tests/qemuxml2argvdata/aarch64-gic-host.args | 6 +-
.../aarch64-gic-none-both.args
The test data is effectively identical to the
'aarch64-virtio-pci-default' case.
Signed-off-by: Peter Krempa
---
.../aarch64-virt-2.6-virtio-pci-default.args | 50 ---
.../aarch64-virt-2.6-virtio-pci-default.xml | 46 -
tests/qemuxml2argvtest.c
Add a version for 'latest' caps as well as '4.2.0'. The test
demonstrates that with a real qemu PCIe will be used instead of MMIO.
Signed-off-by: Peter Krempa
---
.../aarch64-virt-virtio.aarch64-4.2.0.args| 54 ++
.../aarch64-virt-virtio.aarch64-latest.args | 55
Upcoming patches will be modifying the tests for selecting the GIC
version to use real capabilities. This in certain cases will show that a
different version is picked.
Using symlinks makes it inconvenient to do the modifications and
unobvious what changed.
Remove the symlinks and replace them
Convert the two negative cases to use real capapbilities as well as the
positive case for situations when KVM is not used by stripping the
QEMU_CAPS_KVM flag.
Signed-off-by: Peter Krempa
---
...err => aarch64-gic-invalid.aarch64-latest.err} | 0
tests/qemuxml2argvdata/aarch64-gic-none-tcg.args
The function always returns 0. Remove the return value and refactor
caller.
Signed-off-by: Peter Krempa
---
src/conf/domain_addr.c | 13 +++--
1 file changed, 3 insertions(+), 10 deletions(-)
diff --git a/src/conf/domain_addr.c b/src/conf/domain_addr.c
index b6534f502c..cf30ad297c
Convert 'aarch64-gic-default' and 'aarch64-gic-none' cases to use real
capabilities both latest and locked to 4.2.0 to show what would happen
with a real qemu.
Note that the qemuTestSetHostArch() calls are needed as real caps
override the setting once used. Once we convert all tests to real data
This series applies on top of 'part 4' fetch everything from my repo:
git fetch https://gitlab.com/pipo.sk/libvirt.git aarch-send
In this part tests for the 'aarch64' platform are converted to use real
capabilities.
Peter Krempa (21):
virDomainPCIAddressSetExtensionAlloc: Remove return value
On a Friday in 2023, Peter Krempa wrote:
This series applies on top of 'part3' fetch everything from my repo:
git fetch https://gitlab.com/pipo.sk/libvirt.git s390-send
In this part tests for the 's390' platform are converted to use real
capabilities.
Only three more platforms to go ;)
Use real capabilities for the CPU test. The negative test case for QEMUs
without QEMU_CAPS_QUERY_CPU_MODEL_EXPANSION is removed as the feature is
now supported by all supported qemu versions.
Signed-off-by: Peter Krempa
---
tests/qemuxml2argvdata/cpu-s390-features.err | 1 -
Now that all tests were converted to use real capabilities we don't need
it any more. Remove it so that no new tests are added with it.
Signed-off-by: Peter Krempa
---
tests/testutilsqemu.c | 6 --
1 file changed, 6 deletions(-)
diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c
Use latest caps for the tests.
Signed-off-by: Peter Krempa
---
...ne-loadparm-multiple-disks-nets-s390.s390x-latest.args} | 7 +--
...90.args => machine-loadparm-net-s390.s390x-latest.args} | 7 +--
...m-s390.args => machine-loadparm-s390.s390x-latest.args} | 7 +--
The 'hostdev-subsys-mdev-vfio-ccw', 'hostdev-vfio-zpci', and
'hostdev-vfio-zpci-autogenerate-fids' test cases have negative versions
which are invoked without capabilities. This does not make sense going
forward as the tests are going to be switched to real capabilities.
Remove them.
Convert the rest of the outstanding tests to use real capabilities.
Signed-off-by: Peter Krempa
---
...dev-scsi-vhost-scsi-ccw.s390x-latest.args} | 7 +-
...io-ccw-duplicate-address.s390x-latest.err} | 0
...vfio-ccw-invalid-address.s390x-latest.err} | 0
Signed-off-by: Peter Krempa
---
...=> disk-virtio-s390-zpci.s390x-latest.xml} | 3 +
...tdev-scsi-vhost-scsi-ccw.s390x-latest.xml} | 4 +
...tdev-subsys-mdev-vfio-ap.s390x-latest.xml} | 4 +
...dev-subsys-mdev-vfio-ccw.s390x-latest.xml} | 4 +
...o-zpci-autogenerate-fids.s390x-latest.xml} |
Use latest caps for the tests.
Signed-off-by: Peter Krempa
---
...hine-aeskeywrap-off-cap.s390x-latest.args} | 7 +++-
...ine-aeskeywrap-off-caps.s390x-latest.args} | 7 +++-
...chine-aeskeywrap-on-cap.s390x-latest.args} | 7 +++-
...hine-aeskeywrap-on-caps.s390x-latest.args} | 7 +++-
This series applies on top of 'part3' fetch everything from my repo:
git fetch https://gitlab.com/pipo.sk/libvirt.git s390-send
In this part tests for the 's390' platform are converted to use real
capabilities.
Peter Krempa (7):
qemuxml2argvtest: Remove obsolete negative tests
43 matches
Mail list logo
