From: "Dr. David Alan Gilbert"
There's a nice new Rust implementation out there; recommend people
do new work on that.
Signed-off-by: Dr. David Alan Gilbert
---
docs/about/deprecated.rst | 14 ++
1 file changed, 14 insertions(+)
diff --git a/docs/about/deprecated.rst b/docs/about/
From: "Dr. David Alan Gilbert"
The following changes since commit aeb0ae95b7f18c66158792641cb6ba0cde5789ab:
Merge remote-tracking branch 'remotes/jsnow-gitlab/tags/python-pull-request'
into staging (2022-01-22 12:03:22 +)
are available in the Git repository at:
https://gitlab.com/dagr
From: Vivek Goyal
At the start, drop membership of all supplementary groups. This is
not required.
If we have membership of "root" supplementary group and when we switch
uid/gid using setresuid/setsgid, we still retain membership of existing
supplemntary groups. And that can allow some operation
From: Daniel P. Berrangé
We need to encode just the address bytes, not the whole struct sockaddr
data. Add a test case to validate that we're matching on SAN IP
addresses correctly.
Signed-off-by: Daniel P. Berrangé
Message-Id: <20220426160048.812266-2-berra...@redhat.com>
Reviewed-by: Dr. Davi
From: "Dr. David Alan Gilbert"
The following changes since commit 178bacb66d98d9ee7a702b9f2a4dfcd88b72a9ab:
Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into
staging (2022-05-09 11:07:04 -0700)
are available in the Git repository at:
https://gitlab.com/dagrh/qemu.git
From: Daniel P. Berrangé
Most of the multifd migration test logic is common with the rest of the
precopy tests, so it can use the helper without difficulty. The only
exception of the multifd cancellation test which tries to run multiple
migrations in a row.
Reviewed-by: Peter Xu
Signed-off-by:
From: Daniel P. Berrangé
These macros are more suited to the general consumers of certs in the
test suite, where we don't need to exercise every single possible
permutation.
Signed-off-by: Daniel P. Berrangé
Message-Id: <20220426160048.812266-3-berra...@redhat.com>
Reviewed-by: Eric Blake
Sign
From: Daniel P. Berrangé
This validates that we correctly handle multifd migration success
and failure scenarios when using TLS with x509 certificates. There
are quite a few different scenarios that matter in relation to
hostname validation, but we skip a couple as we can assume that
the non-mult
From: Daniel P. Berrangé
This validates that we correctly handle migration success and failure
scenarios when using TLS with pre shared keys.
Signed-off-by: Daniel P. Berrangé
Message-Id: <20220426160048.812266-4-berra...@redhat.com>
Reviewed-by: Eric Blake
Signed-off-by: Dr. David Alan Gilber
From: Daniel P. Berrangé
This validates that we correctly handle migration success and failure
scenarios when using TLS with x509 certificates. There are quite a few
different scenarios that matter in relation to hostname validation.
Signed-off-by: Daniel P. Berrangé
Message-Id: <20220426160048
From: Leonardo Bras
Even though multifd_send_sync_main() currently emits error_reports, it's
callers don't really check it before continuing.
Change multifd_send_sync_main() to return -1 on error and 0 on success.
Also change all it's callers to make use of this change and possibly fail
earlier.
From: Daniel P. Berrangé
Most of the XBZRLE migration test logic is common with the rest of the
precopy tests, so it can use the helper with just one small tweak.
Reviewed-by: Peter Xu
Signed-off-by: Daniel P. Berrangé
Message-Id: <20220426160048.812266-6-berra...@redhat.com>
Signed-off-by: Dr
From: Daniel P. Berrangé
This validates that we correctly handle multifd migration success
and failure scenarios when using TLS with pre shared keys.
Signed-off-by: Daniel P. Berrangé
Message-Id: <20220426160048.812266-8-berra...@redhat.com>
Reviewed-by: Eric Blake
Signed-off-by: Dr. David Ala
From: Leonardo Bras
Implement zero copy send on nocomp_send_write(), by making use of QIOChannel
writev + flags & flush interface.
Change multifd_send_sync_main() so flush_zero_copy() can be called
after each iteration in order to make sure all dirty pages are sent before
a new iteration is star
From: Leonardo Bras
Since d48c3a0445 ("multifd: Use a single writev on the send side"),
sending the header packet and the memory pages happens in the same
writev, which can potentially make the migration faster.
Using channel-socket as example, this works well with the default copying
mechanism
From: Daniel P. Berrangé
Various methods in the migration test call 'query_migrate' to fetch the
current status and then access a particular field. Almost all of these
cases expect the migration to be in a non-failed state. In the case of
'wait_for_migration_pass' in particular, if the status is
From: Leonardo Bras
Add flags to io_writev and introduce io_flush as optional callback to
QIOChannelClass, allowing the implementation of zero copy writes by
subclasses.
How to use them:
- Write data using qio_channel_writev*(...,QIO_CHANNEL_WRITE_FLAG_ZERO_COPY),
- Wait write completion with qi
From: Leonardo Bras
Add property that allows zero-copy migration of memory pages
on the sending side, and also includes a helper function
migrate_use_zero_copy_send() to check if it's enabled.
No code is introduced to actually do the migration, but it allow
future implementations to enable/disab
From: Leonardo Bras
For CONFIG_LINUX, implement the new zero copy flag and the optional callback
io_flush on QIOChannelSocket, but enables it only when MSG_ZEROCOPY
feature is available in the host kernel, which is checked on
qio_channel_socket_connect_sync()
qio_channel_socket_flush() was imple
From: Leonardo Bras
A lot of places check parameters.tls_creds in order to evaluate if TLS is
in use, and sometimes call migrate_get_current() just for that test.
Add new helper function migrate_use_tls() in order to simplify testing
for TLS usage.
Signed-off-by: Leonardo Bras
Reviewed-by: Jua
From: Leonardo Bras
For CONFIG_LINUX, implement the new zero copy flag and the optional callback
io_flush on QIOChannelSocket, but enables it only when MSG_ZEROCOPY
feature is available in the host kernel, which is checked on
qio_channel_socket_connect_sync()
qio_channel_socket_flush() was imple
From: Daniel P. Berrangé
Most of the XBZRLE migration test logic is common with the rest of the
precopy tests, so it can use the helper with just one small tweak.
Reviewed-by: Peter Xu
Signed-off-by: Daniel P. Berrangé
Message-Id: <20220426160048.812266-6-berra...@redhat.com>
Signed-off-by: Dr
From: Daniel P. Berrangé
This validates that we correctly handle migration success and failure
scenarios when using TLS with x509 certificates. There are quite a few
different scenarios that matter in relation to hostname validation.
Signed-off-by: Daniel P. Berrangé
Message-Id: <20220426160048
From: "Dr. David Alan Gilbert"
The following changes since commit 10c2a0c5e7d48e590d945c017b5b8af5b4c89a3c:
Merge tag 'or1k-pull-request-20220515' of https://github.com/stffrdhrn/qemu
into staging (2022-05-15 16:56:27 -0700)
are available in the Git repository at:
https://gitlab.com/dagrh
From: Leonardo Bras
Even though multifd_send_sync_main() currently emits error_reports, it's
callers don't really check it before continuing.
Change multifd_send_sync_main() to return -1 on error and 0 on success.
Also change all it's callers to make use of this change and possibly fail
earlier.
From: Daniel P. Berrangé
We need to encode just the address bytes, not the whole struct sockaddr
data. Add a test case to validate that we're matching on SAN IP
addresses correctly.
Signed-off-by: Daniel P. Berrangé
Message-Id: <20220426160048.812266-2-berra...@redhat.com>
Reviewed-by: Dr. Davi
From: Daniel P. Berrangé
These macros are more suited to the general consumers of certs in the
test suite, where we don't need to exercise every single possible
permutation.
Signed-off-by: Daniel P. Berrangé
Message-Id: <20220426160048.812266-3-berra...@redhat.com>
Reviewed-by: Eric Blake
Sign
From: Daniel P. Berrangé
This validates that we correctly handle multifd migration success
and failure scenarios when using TLS with pre shared keys.
Signed-off-by: Daniel P. Berrangé
Message-Id: <20220426160048.812266-8-berra...@redhat.com>
Reviewed-by: Eric Blake
Signed-off-by: Dr. David Ala
From: Daniel P. Berrangé
Various methods in the migration test call 'query_migrate' to fetch the
current status and then access a particular field. Almost all of these
cases expect the migration to be in a non-failed state. In the case of
'wait_for_migration_pass' in particular, if the status is
From: Leonardo Bras
Since d48c3a0445 ("multifd: Use a single writev on the send side"),
sending the header packet and the memory pages happens in the same
writev, which can potentially make the migration faster.
Using channel-socket as example, this works well with the default copying
mechanism
From: Daniel P. Berrangé
This validates that we correctly handle migration success and failure
scenarios when using TLS with pre shared keys.
Signed-off-by: Daniel P. Berrangé
Message-Id: <20220426160048.812266-4-berra...@redhat.com>
Reviewed-by: Eric Blake
Signed-off-by: Dr. David Alan Gilber
From: Leonardo Bras
Implement zero copy send on nocomp_send_write(), by making use of QIOChannel
writev + flags & flush interface.
Change multifd_send_sync_main() so flush_zero_copy() can be called
after each iteration in order to make sure all dirty pages are sent before
a new iteration is star
From: Daniel P. Berrangé
Most of the multifd migration test logic is common with the rest of the
precopy tests, so it can use the helper without difficulty. The only
exception of the multifd cancellation test which tries to run multiple
migrations in a row.
Reviewed-by: Peter Xu
Signed-off-by:
From: Daniel P. Berrangé
This validates that we correctly handle multifd migration success
and failure scenarios when using TLS with x509 certificates. There
are quite a few different scenarios that matter in relation to
hostname validation, but we skip a couple as we can assume that
the non-mult
From: Leonardo Bras
A build error happens in alpine CI when linux/errqueue.h is included
in io/channel-socket.c, due to redefining of 'struct __kernel_timespec':
===
ninja: job failed: [...]
In file included from /usr/include/linux/errqueue.h:6,
from ../io/channel-socket.c:29:
/
From: Leonardo Bras
Add flags to io_writev and introduce io_flush as optional callback to
QIOChannelClass, allowing the implementation of zero copy writes by
subclasses.
How to use them:
- Write data using qio_channel_writev*(...,QIO_CHANNEL_WRITE_FLAG_ZERO_COPY),
- Wait write completion with qi
From: Leonardo Bras
Add property that allows zero-copy migration of memory pages
on the sending side, and also includes a helper function
migrate_use_zero_copy_send() to check if it's enabled.
No code is introduced to actually do the migration, but it allow
future implementations to enable/disab
From: Leonardo Bras
A lot of places check parameters.tls_creds in order to evaluate if TLS is
in use, and sometimes call migrate_get_current() just for that test.
Add new helper function migrate_use_tls() in order to simplify testing
for TLS usage.
Signed-off-by: Leonardo Bras
Reviewed-by: Jua
From: Vivek Goyal
We have open coded logic to take locks and push element on virtqueue at
three places. Add a helper and use it everywhere. Code is easier to read and
less number of lines of code.
Signed-off-by: Vivek Goyal
Message-Id: <20210930153037.1194279-5-vgo...@redhat.com>
Reviewed-by: S
From: Vivek Goyal
Use a helper to stop all the queues. Later in the patch series I am
planning to use this helper at one more place later in the patch series.
Signed-off-by: Vivek Goyal
Message-Id: <20210930153037.1194279-6-vgo...@redhat.com>
Reviewed-by: Stefan Hajnoczi
Signed-off-by: Dr. Dav
From: "Dr. David Alan Gilbert"
The following changes since commit c5b2f559814104f4145f8bc310f4d33c7ead8f49:
Merge remote-tracking branch
'remotes/vivier/tags/trivial-branch-for-6.2-pull-request' into staging
(2021-10-23 14:30:10 -0700)
are available in the Git repository at:
https://gitl
From: Vivek Goyal
Right now for xattr remapping, we support types of "prefix", "ok" or "bad".
Type "bad" returns -EPERM on setxattr and hides xattr in listxattr. For
getxattr, mapping code returns -EPERM but getxattr code converts it to -ENODATA.
I need a new semantics where if an xattr is unsup
From: Vivek Goyal
"struct virtio_fs_config" definition seems to be unused in fuse_virtio.c.
Remove it.
Signed-off-by: Vivek Goyal
Message-Id: <20210930153037.1194279-4-vgo...@redhat.com>
Reviewed-by: Stefan Hajnoczi
Signed-off-by: Dr. David Alan Gilbert
---
tools/virtiofsd/fuse_virtio.c | 6
From: "Dr. David Alan Gilbert"
Make the '--socket-group=' option fail if the group name is unknown:
./tools/virtiofsd/virtiofsd --socket-group=zaphod
vhost socket: unable to find group 'zaphod'
Reported-by: Xiaoling Gao
Signed-off-by: Dr. David Alan Gilbert
Message-Id: <20211014122554.34
From: "Dr. David Alan Gilbert"
Add the missing VMSTATE_END_OF_LIST to vmstate_muldiv
Fixes: 99abcbc7600 ("clock: Provide builtin multiplier/divider")
Signed-off-by: Dr. David Alan Gilbert
---
hw/core/clock-vmstate.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/core/clock-vmstate.c b/
From: "Dr. David Alan Gilbert"
We fairly regularly forget VMSTATE_END_OF_LIST markers off descriptions;
given that the current check is only for ->name being NULL, sometimes
we get unlucky and the code apparently works and no one spots the error.
Explicitly add a flag, VMS_END that should be set
From: "Dr. David Alan Gilbert"
The pbr403 subsection is part of the tlb6xx state, so I believe it's
name needs to be:
.name = "cpu/tlb6xx/pbr403",
Signed-off-by: Dr. David Alan Gilbert
---
target/ppc/machine.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/ppc/
From: "Dr. David Alan Gilbert"
Perform a check on vmsd structures during test runs in the hope
of catching any missing terminators and other simple screwups.
Signed-off-by: Dr. David Alan Gilbert
---
migration/savevm.c | 39 +++
1 file changed, 39 insertions
From: "Dr. David Alan Gilbert"
Aftern the patch the other day where I added a missing END_OF_LIST,
Peter suggested adding something more robust.
Here I:
add a check for a flag at the end of the list
add a check that's performed in vmstate_register_with_alias_id
only within qtest recursiv
From: "Dr. David Alan Gilbert"
We fairly regularly forget VMSTATE_END_OF_LIST markers off descriptions;
given that the current check is only for ->name being NULL, sometimes
we get unlucky and the code apparently works and no one spots the error.
Explicitly add a flag, VMS_END that should be set
From: "Dr. David Alan Gilbert"
There's a nice new Rust implementation out there; recommend people
do new work on that.
Signed-off-by: Dr. David Alan Gilbert
---
docs/about/deprecated.rst | 17 +
1 file changed, 17 insertions(+)
diff --git a/docs/about/deprecated.rst b/docs/abo
From: "Dr. David Alan Gilbert"
We've been using q35 heavily for a while now and it generally works
quite nicely; downstream in RH we prefer it as our default, and I wanted
to see what people think of making it the default.
The only pain really is that it requires some more setup for hotplug;
so
From: "Dr. David Alan Gilbert"
For tests that rely on old hardware, e.g. floppies or IDE drives,
explicitly select the 'pc' machine type.
Signed-off-by: Dr. David Alan Gilbert
---
tests/qtest/fdc-test.c| 2 +-
tests/qtest/hd-geo-test.c | 12 +---
tests/qtest/i440fx-test.c | 2 +-
From: "Dr. David Alan Gilbert"
The 'q35' machine type series has been around for a few years now, and
is getting heavily used downstream without many problems; lets flip
to using it as the default.
While it is of course newer and shinier than it's old i440fx cousin,
the main reasons are:
* PC
From: "Dr. David Alan Gilbert"
Hotplug tests need a bridge setting up on q35, for now
keep them on 'pc'.
Signed-off-by: Dr. David Alan Gilbert
---
tests/qtest/device-plug-test.c | 20 +--
tests/qtest/drive_del-test.c | 35 +-
tests/qtest/hd-geo
From: "Dr. David Alan Gilbert"
We've been using q35 heavily for a while now and it generally works
quite nicely; downstream in RH we prefer it as our default, and I wanted
to see what people think of making it the default.
The only pain really is that it requires some more setup for hotplug;
so
From: "Dr. David Alan Gilbert"
For tests that rely on old hardware, e.g. floppies or IDE drives,
explicitly select the 'pc' machine type.
Signed-off-by: Dr. David Alan Gilbert
---
tests/qtest/fdc-test.c| 2 +-
tests/qtest/hd-geo-test.c | 12 +---
tests/qtest/i440fx-test.c | 2 +-
From: "Dr. David Alan Gilbert"
Hotplug tests need a bridge setting up on q35, for now
keep them on 'pc'.
Signed-off-by: Dr. David Alan Gilbert
---
tests/qtest/device-plug-test.c | 20 +--
tests/qtest/drive_del-test.c | 35 +-
tests/qtest/hd-geo
From: "Dr. David Alan Gilbert"
The 'q35' machine type series has been around for a few years now, and
is getting heavily used downstream without many problems; lets flip
to using it as the default.
While it is of course newer and shinier than it's old i440fx cousin,
the main reasons are:
* PC
From: Vivek Goyal
Kernel version 5.17 has increased the size of "struct fuse_init_in" struct.
Previously this struct was 16 bytes and now it has been extended to
64 bytes in size.
Once qemu headers are updated to latest, it will expect to receive 64 byte
size struct (for protocol version major 7
From: "Dr. David Alan Gilbert"
The following changes since commit c13b8e9973635f34f3ce4356af27a311c993729c:
Merge remote-tracking branch
'remotes/alistair/tags/pull-riscv-to-apply-20220216' into staging (2022-02-16
09:57:11 +)
are available in the Git repository at:
https://gitlab.co
From: Sebastian Hasler
With the current implementation, blocking flock can lead to
deadlock. Thus, it's better to return EOPNOTSUPP if a user attempts
to perform a blocking flock request.
Signed-off-by: Sebastian Hasler
Message-Id: <20220113153249.710216-1-sebastian.has...@stuvus.uni-stuttgart.
From: Vivek Goyal
Move core file creation bits in a separate function. Soon this is going
to get more complex as file creation need to set security context also.
And there will be multiple modes of file creation in next patch.
Reviewed-by: Dr. David Alan Gilbert
Signed-off-by: Vivek Goyal
Mess
From: Vivek Goyal
This patch adds support for creating new file with security context
as sent by client. It basically takes three paths.
- If no security context enabled, then it continues to create files without
security context.
- If security context is enabled and but security.selinux has
From: Vivek Goyal
Add some code to parse extended "struct fuse_init_in". And use a local
variable "flag" to represent 64 bit flags. This will make it easier
to add more features without having to worry about two 32bit flags (->flags
and ->flags2) in "fuse_struct_in".
Signed-off-by: Vivek Goyal
From: Vivek Goyal
Soon we will be able to create and also set security context on the file
atomically using /proc/self/task/tid/attr/fscreate knob. If this knob
is available on the system, first set the knob with the desired context
and then create the file. It will be created with the context se
From: Vivek Goyal
Provide an option "-o security_label/no_security_label" to enable/disable
security label functionality. By default these are turned off.
If enabled, server will indicate to client that it is capable of handling
one security label during file creation. Typically this is expected
From: Vivek Goyal
->capable keeps track of what capabilities kernel supports and ->wants keep
track of what capabilities filesytem wants.
Right now these fields are 32bit in size. But now fuse has run out of
bits and capabilities can now have bit number which are higher than 31.
That means 32 b
From: Greg Kurz
Honor the expected behavior of syncfs() to synchronously flush all data
and metadata to disk on linux systems.
If virtiofsd is started with '-o announce_submounts', the client is
expected to send a FUSE_SYNCFS request for each individual submount.
In this case, we just create a n
From: Vivek Goyal
Update headers to 5.17-rc1. I need latest fuse changes.
Reviewed-by: Dr. David Alan Gilbert
Signed-off-by: Vivek Goyal
Message-Id: <20220208204813.682906-3-vgo...@redhat.com>
Signed-off-by: Dr. David Alan Gilbert
---
include/standard-headers/asm-x86/kvm_para.h | 1 +
in
From: Vivek Goyal
Add capability to enable and parse security context as sent by client
and put into fuse_req. Filesystems now can get security context from
request and set it on files during creation.
Signed-off-by: Vivek Goyal
Message-Id: <20220208204813.682906-6-vgo...@redhat.com>
Reviewed-b
From: Vivek Goyal
If guest and host policies can't work with each other, then guest security
context (selinux label) needs to be set into an xattr. Say remap guest
security.selinux xattr to trusted.virtiofs.security.selinux.
That means setting "fscreate" is not going to help as that's ony useful
From: "Dr. David Alan Gilbert"
The following changes since commit c13b8e9973635f34f3ce4356af27a311c993729c:
Merge remote-tracking branch
'remotes/alistair/tags/pull-riscv-to-apply-20220216' into staging (2022-02-16
09:57:11 +)
are available in the Git repository at:
https://gitlab.co
From: Vivek Goyal
Kernel version 5.17 has increased the size of "struct fuse_init_in" struct.
Previously this struct was 16 bytes and now it has been extended to
64 bytes in size.
Once qemu headers are updated to latest, it will expect to receive 64 byte
size struct (for protocol version major 7
From: Sebastian Hasler
With the current implementation, blocking flock can lead to
deadlock. Thus, it's better to return EOPNOTSUPP if a user attempts
to perform a blocking flock request.
Signed-off-by: Sebastian Hasler
Message-Id: <20220113153249.710216-1-sebastian.has...@stuvus.uni-stuttgart.
From: Vivek Goyal
Update headers to 5.17-rc1. I need latest fuse changes.
Reviewed-by: Dr. David Alan Gilbert
Signed-off-by: Vivek Goyal
Message-Id: <20220208204813.682906-3-vgo...@redhat.com>
Signed-off-by: Dr. David Alan Gilbert
---
include/standard-headers/asm-x86/kvm_para.h | 1 +
in
From: Vivek Goyal
Add capability to enable and parse security context as sent by client
and put into fuse_req. Filesystems now can get security context from
request and set it on files during creation.
Signed-off-by: Vivek Goyal
Message-Id: <20220208204813.682906-6-vgo...@redhat.com>
Reviewed-b
From: Vivek Goyal
Add some code to parse extended "struct fuse_init_in". And use a local
variable "flag" to represent 64 bit flags. This will make it easier
to add more features without having to worry about two 32bit flags (->flags
and ->flags2) in "fuse_struct_in".
Signed-off-by: Vivek Goyal
From: Vivek Goyal
If guest and host policies can't work with each other, then guest security
context (selinux label) needs to be set into an xattr. Say remap guest
security.selinux xattr to trusted.virtiofs.security.selinux.
That means setting "fscreate" is not going to help as that's ony useful
From: Vivek Goyal
Soon we will be able to create and also set security context on the file
atomically using /proc/self/task/tid/attr/fscreate knob. If this knob
is available on the system, first set the knob with the desired context
and then create the file. It will be created with the context se
From: Vivek Goyal
Provide an option "-o security_label/no_security_label" to enable/disable
security label functionality. By default these are turned off.
If enabled, server will indicate to client that it is capable of handling
one security label during file creation. Typically this is expected
From: Greg Kurz
Honor the expected behavior of syncfs() to synchronously flush all data
and metadata to disk on linux systems.
If virtiofsd is started with '-o announce_submounts', the client is
expected to send a FUSE_SYNCFS request for each individual submount.
In this case, we just create a n
From: Vivek Goyal
This patch adds support for creating new file with security context
as sent by client. It basically takes three paths.
- If no security context enabled, then it continues to create files without
security context.
- If security context is enabled and but security.selinux has
From: Vivek Goyal
->capable keeps track of what capabilities kernel supports and ->wants keep
track of what capabilities filesytem wants.
Right now these fields are 32bit in size. But now fuse has run out of
bits and capabilities can now have bit number which are higher than 31.
That means 32 b
From: Vivek Goyal
Move core file creation bits in a separate function. Soon this is going
to get more complex as file creation need to set security context also.
And there will be multiple modes of file creation in next patch.
Reviewed-by: Dr. David Alan Gilbert
Signed-off-by: Vivek Goyal
Mess
From: "Dr. David Alan Gilbert"
The following changes since commit c13b8e9973635f34f3ce4356af27a311c993729c:
Merge remote-tracking branch
'remotes/alistair/tags/pull-riscv-to-apply-20220216' into staging (2022-02-16
09:57:11 +)
are available in the Git repository at:
https://gitlab.co
From: Sebastian Hasler
With the current implementation, blocking flock can lead to
deadlock. Thus, it's better to return EOPNOTSUPP if a user attempts
to perform a blocking flock request.
Signed-off-by: Sebastian Hasler
Message-Id: <20220113153249.710216-1-sebastian.has...@stuvus.uni-stuttgart.
From: Vivek Goyal
Kernel version 5.17 has increased the size of "struct fuse_init_in" struct.
Previously this struct was 16 bytes and now it has been extended to
64 bytes in size.
Once qemu headers are updated to latest, it will expect to receive 64 byte
size struct (for protocol version major 7
From: Vivek Goyal
Update headers to 5.17-rc1. I need latest fuse changes.
Reviewed-by: Dr. David Alan Gilbert
Signed-off-by: Vivek Goyal
Message-Id: <20220208204813.682906-3-vgo...@redhat.com>
Signed-off-by: Dr. David Alan Gilbert
---
include/standard-headers/asm-x86/kvm_para.h | 1 +
in
From: Vivek Goyal
->capable keeps track of what capabilities kernel supports and ->wants keep
track of what capabilities filesytem wants.
Right now these fields are 32bit in size. But now fuse has run out of
bits and capabilities can now have bit number which are higher than 31.
That means 32 b
From: Vivek Goyal
Add capability to enable and parse security context as sent by client
and put into fuse_req. Filesystems now can get security context from
request and set it on files during creation.
Signed-off-by: Vivek Goyal
Message-Id: <20220208204813.682906-6-vgo...@redhat.com>
Reviewed-b
From: Vivek Goyal
Move core file creation bits in a separate function. Soon this is going
to get more complex as file creation need to set security context also.
And there will be multiple modes of file creation in next patch.
Reviewed-by: Dr. David Alan Gilbert
Signed-off-by: Vivek Goyal
Mess
From: Vivek Goyal
Add some code to parse extended "struct fuse_init_in". And use a local
variable "flag" to represent 64 bit flags. This will make it easier
to add more features without having to worry about two 32bit flags (->flags
and ->flags2) in "fuse_struct_in".
Signed-off-by: Vivek Goyal
From: Vivek Goyal
Soon we will be able to create and also set security context on the file
atomically using /proc/self/task/tid/attr/fscreate knob. If this knob
is available on the system, first set the knob with the desired context
and then create the file. It will be created with the context se
From: Vivek Goyal
Provide an option "-o security_label/no_security_label" to enable/disable
security label functionality. By default these are turned off.
If enabled, server will indicate to client that it is capable of handling
one security label during file creation. Typically this is expected
From: Vivek Goyal
This patch adds support for creating new file with security context
as sent by client. It basically takes three paths.
- If no security context enabled, then it continues to create files without
security context.
- If security context is enabled and but security.selinux has
From: Greg Kurz
Honor the expected behavior of syncfs() to synchronously flush all data
and metadata to disk on linux systems.
If virtiofsd is started with '-o announce_submounts', the client is
expected to send a FUSE_SYNCFS request for each individual submount.
In this case, we just create a n
From: Vivek Goyal
If guest and host policies can't work with each other, then guest security
context (selinux label) needs to be set into an xattr. Say remap guest
security.selinux xattr to trusted.virtiofs.security.selinux.
That means setting "fscreate" is not going to help as that's ony useful
From: Leonardo Bras
Even though multifd_send_sync_main() currently emits error_reports, it's
callers don't really check it before continuing.
Change multifd_send_sync_main() to return -1 on error and 0 on success.
Also change all it's callers to make use of this change and possibly fail
earlier.
From: Daniel P. Berrangé
Various methods in the migration test call 'query_migrate' to fetch the
current status and then access a particular field. Almost all of these
cases expect the migration to be in a non-failed state. In the case of
'wait_for_migration_pass' in particular, if the status is
1101 - 1200 of 3600 matches
Mail list logo