rpms/libvirt
7
0
Fork 1
Code Issues Pull Requests Releases Activity

import libvirt-4.5.0-24.module+el8.1.0+3205+41ff0a42

Browse Source
This commit is contained in:
CentOS Sources 2019-08-06 14:16:05 -04:00 committed by Stepan Oksanichenko
commit abe0c88101
215 changed files with 102125 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/libvirt-4.5.0.tar.xz

1
.libvirt.metadata Normal file
View File

@ -0,0 +1 @@
5f097d246c0fba04d18ac7ec951ad56ffa1a8958 SOURCES/libvirt-4.5.0.tar.xz

183
SOURCES/libvirt-PPC64-support-for-NVIDIA-V100-GPU-with-NVLink2-passthrough.patch Normal file
View File

@ -0,0 +1,183 @@
From 5347b12008842b5c86f766e391c6f3756afbff7d Mon Sep 17 00:00:00 2001
Message-Id: <5347b12008842b5c86f766e391c6f3756afbff7d@dist-git>
From: Daniel Henrique Barboza <danielhb413@gmail.com>
Date: Fri, 3 May 2019 13:54:53 +0200
Subject: [PATCH] PPC64 support for NVIDIA V100 GPU with NVLink2 passthrough
The NVIDIA V100 GPU has an onboard RAM that is mapped into the
host memory and accessible as normal RAM via an NVLink2 bridge. When
passed through in a guest, QEMU puts the NVIDIA RAM window in a
non-contiguous area, above the PCI MMIO area that starts at 32TiB.
This means that the NVIDIA RAM window starts at 64TiB and go all the
way to 128TiB.
This means that the guest might request a 64-bit window, for each PCI
Host Bridge, that goes all the way to 128TiB. However, the NVIDIA RAM
window isn't counted as regular RAM, thus this window is considered
only for the allocation of the Translation and Control Entry (TCE).
For more information about how NVLink2 support works in QEMU,
refer to the accepted implementation [1].
This memory layout differs from the existing VFIO case, requiring its
own formula. This patch changes the PPC64 code of
@qemuDomainGetMemLockLimitBytes to:
- detect if we have a NVLink2 bridge being passed through to the
guest. This is done by using the @ppc64VFIODeviceIsNV2Bridge function
added in the previous patch. The existence of the NVLink2 bridge in
the guest means that we are dealing with the NVLink2 memory layout;
- if an IBM NVLink2 bridge exists, passthroughLimit is calculated in a
different way to account for the extra memory the TCE table can alloc.
The 64TiB..128TiB window is more than enough to fit all possible
GPUs, thus the memLimit is the same regardless of passing through 1 or
multiple V100 GPUs.
Further reading explaining the background
[1] https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg03700.html
[2] https://www.redhat.com/archives/libvir-list/2019-March/msg00660.html
[3] https://www.redhat.com/archives/libvir-list/2019-April/msg00527.html
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
(cherry picked from commit 1a922648f67f56c4374d647feebf2adb9a642f96)
https://bugzilla.redhat.com/show_bug.cgi?id=1505998
Conflicts:
The upstream commit relied on:
- v4.7.0-37-gb72183223f
- v4.7.0-38-ga14f597266
which were not backported so virPCIDeviceAddressAsString had to
swapped for the former virDomainPCIAddressAsString in order to
compile.
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Message-Id: <03c00ebf46d85b0615134ef8655e67a4c909b7da.1556884443.git.eskultet@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
---
src/qemu/qemu_domain.c | 80 ++++++++++++++++++++++++++++++++----------
1 file changed, 61 insertions(+), 19 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index a8bc618389..21f0722495 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -9813,7 +9813,7 @@ qemuDomainUpdateCurrentMemorySize(virQEMUDriverPtr driver,
* such as '0004:04:00.0', and tells if the device is a NVLink2
* bridge.
*/
-static ATTRIBUTE_UNUSED bool
+static bool
ppc64VFIODeviceIsNV2Bridge(const char *device)
{
const char *nvlink2Files[] = {"ibm,gpu", "ibm,nvlink",
@@ -9851,7 +9851,9 @@ getPPC64MemLockLimitBytes(virDomainDefPtr def)
unsigned long long maxMemory = 0;
unsigned long long passthroughLimit = 0;
size_t i, nPCIHostBridges = 0;
+ virPCIDeviceAddressPtr pciAddr;
bool usesVFIO = false;
+ bool nvlink2Capable = false;
for (i = 0; i < def->ncontrollers; i++) {
virDomainControllerDefPtr cont = def->controllers[i];
@@ -9869,7 +9871,17 @@ getPPC64MemLockLimitBytes(virDomainDefPtr def)
dev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI &&
dev->source.subsys.u.pci.backend == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
usesVFIO = true;
- break;
+
+ pciAddr = &dev->source.subsys.u.pci.addr;
+ if (virPCIDeviceAddressIsValid(pciAddr, false)) {
+ VIR_AUTOFREE(char *) pciAddrStr = NULL;
+
+ pciAddrStr = virDomainPCIAddressAsString(pciAddr);
+ if (ppc64VFIODeviceIsNV2Bridge(pciAddrStr)) {
+ nvlink2Capable = true;
+ break;
+ }
+ }
}
}
@@ -9896,29 +9908,59 @@ getPPC64MemLockLimitBytes(virDomainDefPtr def)
4096 * nPCIHostBridges +
8192;
- /* passthroughLimit := max( 2 GiB * #PHBs, (c)
- * memory (d)
- * + memory * 1/512 * #PHBs + 8 MiB ) (e)
+ /* NVLink2 support in QEMU is a special case of the passthrough
+ * mechanics explained in the usesVFIO case below. The GPU RAM
+ * is placed with a gap after maxMemory. The current QEMU
+ * implementation puts the NVIDIA RAM above the PCI MMIO, which
+ * starts at 32TiB and is the MMIO reserved for the guest main RAM.
*
- * (c) is the pre-DDW VFIO DMA window accounting. We're allowing 2 GiB
- * rather than 1 GiB
+ * This window ends at 64TiB, and this is where the GPUs are being
+ * placed. The next available window size is at 128TiB, and
+ * 64TiB..128TiB will fit all possible NVIDIA GPUs.
*
- * (d) is the with-DDW (and memory pre-registration and related
- * features) DMA window accounting - assuming that we only account RAM
- * once, even if mapped to multiple PHBs
+ * The same assumption as the most common case applies here:
+ * the guest will request a 64-bit DMA window, per PHB, that is
+ * big enough to map all its RAM, which is now at 128TiB due
+ * to the GPUs.
*
- * (e) is the with-DDW userspace view and overhead for the 64-bit DMA
- * window. This is based a bit on expected guest behaviour, but there
- * really isn't a way to completely avoid that. We assume the guest
- * requests a 64-bit DMA window (per PHB) just big enough to map all
- * its RAM. 4 kiB page size gives the 1/512; it will be less with 64
- * kiB pages, less still if the guest is mapped with hugepages (unlike
- * the default 32-bit DMA window, DDW windows can use large IOMMU
- * pages). 8 MiB is for second and further level overheads, like (b) */
- if (usesVFIO)
+ * Note that the NVIDIA RAM window must be accounted for the TCE
+ * table size, but *not* for the main RAM (maxMemory). This gives
+ * us the following passthroughLimit for the NVLink2 case:
+ *
+ * passthroughLimit = maxMemory +
+ * 128TiB/512KiB * #PHBs + 8 MiB */
+ if (nvlink2Capable) {
+ passthroughLimit = maxMemory +
+ 128 * (1ULL<<30) / 512 * nPCIHostBridges +
+ 8192;
+ } else if (usesVFIO) {
+ /* For regular (non-NVLink2 present) VFIO passthrough, the value
+ * of passthroughLimit is:
+ *
+ * passthroughLimit := max( 2 GiB * #PHBs, (c)
+ * memory (d)
+ * + memory * 1/512 * #PHBs + 8 MiB ) (e)
+ *
+ * (c) is the pre-DDW VFIO DMA window accounting. We're allowing 2
+ * GiB rather than 1 GiB
+ *
+ * (d) is the with-DDW (and memory pre-registration and related
+ * features) DMA window accounting - assuming that we only account
+ * RAM once, even if mapped to multiple PHBs
+ *
+ * (e) is the with-DDW userspace view and overhead for the 64-bit
+ * DMA window. This is based a bit on expected guest behaviour, but
+ * there really isn't a way to completely avoid that. We assume the
+ * guest requests a 64-bit DMA window (per PHB) just big enough to
+ * map all its RAM. 4 kiB page size gives the 1/512; it will be
+ * less with 64 kiB pages, less still if the guest is mapped with
+ * hugepages (unlike the default 32-bit DMA window, DDW windows
+ * can use large IOMMU pages). 8 MiB is for second and further level
+ * overheads, like (b) */
passthroughLimit = MAX(2 * 1024 * 1024 * nPCIHostBridges,
memory +
memory / 512 * nPCIHostBridges + 8192);
+ }
memKB = baseLimit + passthroughLimit;
--
2.21.0

35
SOURCES/libvirt-RHEL-Add-rhel-machine-types-to-qemuDomainMachineNeedsFDC.patch Normal file
View File

@ -0,0 +1,35 @@
From 74b69d4a7240c601fcd12c18d5e8d95d641ae922 Mon Sep 17 00:00:00 2001
Message-Id: <74b69d4a7240c601fcd12c18d5e8d95d641ae922@dist-git>
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
Date: Mon, 22 Feb 2016 12:51:51 +0100
Subject: [PATCH] RHEL: Add rhel machine types to qemuDomainMachineNeedsFDC
RHEL-only.
pc-q35-rhel7.0.0 and pc-q35-rhel7.1.0 do not need an explicit
isa-fdc controller.
https://bugzilla.redhat.com/show_bug.cgi?id=1227880
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_domain.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 4c15d5a36a..4c2a162b85 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -9239,6 +9239,9 @@ qemuDomainMachineNeedsFDC(const char *machine)
STRPREFIX(p, "2.2") ||
STRPREFIX(p, "2.3"))
return false;
+ if (STRPREFIX(p, "rhel7.0.0") ||
+ STRPREFIX(p, "rhel7.1.0"))
+ return false;
return true;
}
return false;
--
2.18.0

46
SOURCES/libvirt-RHEL-Fix-virConnectGetMaxVcpus-output.patch Normal file
View File

@ -0,0 +1,46 @@
From 72c5455c00fcec50bae3e71a6fbd6330e524be0a Mon Sep 17 00:00:00 2001
Message-Id: <72c5455c00fcec50bae3e71a6fbd6330e524be0a@dist-git>
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
Date: Mon, 27 Aug 2018 13:09:38 +0200
Subject: [PATCH] RHEL: Fix virConnectGetMaxVcpus output
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
https://bugzilla.redhat.com/show_bug.cgi?id=1092363
RHEL-only.
Ignore the maximum vcpu limit (KVM_CAP_MAX_VCPUS) on RHEL,
since RHEL QEMU treats the recommended limit (KVM_CAP_NR_VCPUS)
as the maximum, see:
https://bugzilla.redhat.com/show_bug.cgi?id=998708
(cherry picked from commit 7dff909fa34bdd93ad200dbffe70c0c1ee931925)
Signed-off-by: Ján Tomko <jtomko@redhat.com>
https: //bugzilla.redhat.com/show_bug.cgi?id=1582222
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
---
src/util/virhostcpu.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/util/virhostcpu.c b/src/util/virhostcpu.c
index 1e31be5900..effe04ca3a 100644
--- a/src/util/virhostcpu.c
+++ b/src/util/virhostcpu.c
@@ -1186,6 +1186,11 @@ virHostCPUGetKVMMaxVCPUs(void)
return -1;
}
+/* Ignore KVM_CAP_MAX_VCPUS on RHEL - the recommended maximum
+ * is treated as a hard limit.
+ */
+# undef KVM_CAP_MAX_VCPUS
+
# ifdef KVM_CAP_MAX_VCPUS
/* at first try KVM_CAP_MAX_VCPUS to determine the maximum count */
if ((ret = ioctl(fd, KVM_CHECK_EXTENSION, KVM_CAP_MAX_VCPUS)) > 0)
--
2.18.0

165
SOURCES/libvirt-RHEL-Hack-around-changed-Broadwell-Haswell-CPUs.patch Normal file
View File

@ -0,0 +1,165 @@
From 498389f6b88547c352add4b209d61896a5143c00 Mon Sep 17 00:00:00 2001
Message-Id: <498389f6b88547c352add4b209d61896a5143c00@dist-git>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Fri, 27 Mar 2015 12:48:40 +0100
Subject: [PATCH] RHEL: Hack around changed Broadwell/Haswell CPUs
RHEL-only
Upstream tried to solve the change of Broadwell and Haswell CPUs by
removing rtm and hle features from the corresponding CPU models for new
machine types. Then they reverted this and introduced new *-noTSX models
instead. However, the original fix was backported to RHEL.
This patch makes sure Broadwell and Haswell will always contain rtm and
hle features regardless on RHEL version or machine type used.
https://bugzilla.redhat.com/show_bug.cgi?id=1199446
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_command.c | 29 +++++++++++++++++++
tests/qemuxml2argvdata/cpu-Haswell.args | 2 +-
.../qemuxml2argvdata/cpu-host-model-cmt.args | 3 +-
tests/qemuxml2argvdata/cpu-tsc-frequency.args | 2 +-
tests/qemuxml2argvdata/q35-acpi-nouefi.args | 2 +-
tests/qemuxml2argvdata/q35-acpi-uefi.args | 2 +-
tests/qemuxml2argvdata/q35-noacpi-nouefi.args | 2 +-
7 files changed, 36 insertions(+), 6 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 4fc3176ad3..c1eefca639 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -6677,6 +6677,8 @@ qemuBuildCpuModelArgStr(virQEMUDriverPtr driver,
size_t i;
virCapsPtr caps = NULL;
virCPUDefPtr cpu = def->cpu;
+ bool hle = false;
+ bool rtm = false;
if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
goto cleanup;
@@ -6734,6 +6736,11 @@ qemuBuildCpuModelArgStr(virQEMUDriverPtr driver,
virBufferAsprintf(buf, ",vendor=%s", cpu->vendor_id);
for (i = 0; i < cpu->nfeatures; i++) {
+ if (STREQ("rtm", cpu->features[i].name))
+ rtm = true;
+ if (STREQ("hle", cpu->features[i].name))
+ hle = true;
+
switch ((virCPUFeaturePolicy) cpu->features[i].policy) {
case VIR_CPU_FEATURE_FORCE:
case VIR_CPU_FEATURE_REQUIRE:
@@ -6757,6 +6764,28 @@ qemuBuildCpuModelArgStr(virQEMUDriverPtr driver,
}
}
+ /* Some versions of qemu-kvm in RHEL provide Broadwell and Haswell CPU
+ * models which lack rtm and hle features when used with some machine
+ * types. Let's make sure Broadwell and Haswell will always have these
+ * features. But only if the features were not explicitly mentioned in
+ * the guest CPU definition.
+ */
+ if (STREQ_NULLABLE(cpu->model, "Broadwell") ||
+ STREQ_NULLABLE(cpu->model, "Haswell")) {
+ if (!rtm) {
+ if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_QUERY_CPU_MODEL_EXPANSION))
+ virBufferAddLit(buf, ",rtm=on");
+ else
+ virBufferAddLit(buf, ",+rtm");
+ }
+ if (!hle) {
+ if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_QUERY_CPU_MODEL_EXPANSION))
+ virBufferAddLit(buf, ",hle=on");
+ else
+ virBufferAddLit(buf, ",+hle");
+ }
+ }
+
ret = 0;
cleanup:
virObjectUnref(caps);
diff --git a/tests/qemuxml2argvdata/cpu-Haswell.args b/tests/qemuxml2argvdata/cpu-Haswell.args
index c7ce396d05..6f20359524 100644
--- a/tests/qemuxml2argvdata/cpu-Haswell.args
+++ b/tests/qemuxml2argvdata/cpu-Haswell.args
@@ -8,7 +8,7 @@ QEMU_AUDIO_DRV=none \
-name QEMUGuest1 \
-S \
-machine pc,accel=kvm,usb=off,dump-guest-core=off \
--cpu Haswell \
+-cpu Haswell,+rtm,+hle \
-m 214 \
-smp 6,sockets=6,cores=1,threads=1 \
-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
diff --git a/tests/qemuxml2argvdata/cpu-host-model-cmt.args b/tests/qemuxml2argvdata/cpu-host-model-cmt.args
index 8767278d11..d236aa9e09 100644
--- a/tests/qemuxml2argvdata/cpu-host-model-cmt.args
+++ b/tests/qemuxml2argvdata/cpu-host-model-cmt.args
@@ -9,7 +9,8 @@ QEMU_AUDIO_DRV=none \
-S \
-machine pc,accel=tcg,usb=off,dump-guest-core=off \
-cpu Haswell,+vme,+ds,+acpi,+ss,+ht,+tm,+pbe,+dtes64,+monitor,+ds_cpl,+vmx,\
-+smx,+est,+tm2,+xtpr,+pdcm,+osxsave,+f16c,+rdrand,+pdpe1gb,+abm,+lahf_lm \
++smx,+est,+tm2,+xtpr,+pdcm,+osxsave,+f16c,+rdrand,+pdpe1gb,+abm,+lahf_lm,+rtm,\
++hle \
-m 214 \
-smp 6,sockets=6,cores=1,threads=1 \
-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
diff --git a/tests/qemuxml2argvdata/cpu-tsc-frequency.args b/tests/qemuxml2argvdata/cpu-tsc-frequency.args
index 7824dea96f..216fd43014 100644
--- a/tests/qemuxml2argvdata/cpu-tsc-frequency.args
+++ b/tests/qemuxml2argvdata/cpu-tsc-frequency.args
@@ -10,7 +10,7 @@ QEMU_AUDIO_DRV=none \
-machine pc,accel=kvm,usb=off,dump-guest-core=off \
-cpu Haswell,+vme,+ds,+acpi,+ss,+ht,+tm,+pbe,+dtes64,+monitor,+ds_cpl,+vmx,\
+smx,+est,+tm2,+xtpr,+pdcm,+osxsave,+f16c,+rdrand,+pdpe1gb,+abm,+lahf_lm,\
-+invtsc,tsc-frequency=3504000000 \
++invtsc,+rtm,+hle,tsc-frequency=3504000000 \
-m 214 \
-smp 1,sockets=1,cores=1,threads=1 \
-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
diff --git a/tests/qemuxml2argvdata/q35-acpi-nouefi.args b/tests/qemuxml2argvdata/q35-acpi-nouefi.args
index caef49ea16..a9375a35db 100644
--- a/tests/qemuxml2argvdata/q35-acpi-nouefi.args
+++ b/tests/qemuxml2argvdata/q35-acpi-nouefi.args
@@ -8,7 +8,7 @@ QEMU_AUDIO_DRV=none \
-name guest \
-S \
-machine q35,accel=tcg,usb=off,dump-guest-core=off \
--cpu Haswell \
+-cpu Haswell,+rtm,+hle \
-m 1024 \
-smp 1,sockets=1,cores=1,threads=1 \
-uuid 496d7ea8-9739-544b-4ebd-ef08be936e8b \
diff --git a/tests/qemuxml2argvdata/q35-acpi-uefi.args b/tests/qemuxml2argvdata/q35-acpi-uefi.args
index a3293aeb9d..8e3368b9e9 100644
--- a/tests/qemuxml2argvdata/q35-acpi-uefi.args
+++ b/tests/qemuxml2argvdata/q35-acpi-uefi.args
@@ -8,7 +8,7 @@ QEMU_AUDIO_DRV=none \
-name guest \
-S \
-machine q35,accel=tcg,usb=off,dump-guest-core=off \
--cpu Haswell \
+-cpu Haswell,+rtm,+hle \
-drive file=/usr/share/OVMF/OVMF_CODE.fd,if=pflash,format=raw,unit=0,\
readonly=on \
-drive file=/var/lib/libvirt/qemu/nvram/guest_VARS.fd,if=pflash,format=raw,\
diff --git a/tests/qemuxml2argvdata/q35-noacpi-nouefi.args b/tests/qemuxml2argvdata/q35-noacpi-nouefi.args
index fab2a6fcb0..0dd61840ef 100644
--- a/tests/qemuxml2argvdata/q35-noacpi-nouefi.args
+++ b/tests/qemuxml2argvdata/q35-noacpi-nouefi.args
@@ -8,7 +8,7 @@ QEMU_AUDIO_DRV=none \
-name guest \
-S \
-machine q35,accel=tcg,usb=off,dump-guest-core=off \
--cpu Haswell \
+-cpu Haswell,+rtm,+hle \
-m 1024 \
-smp 1,sockets=1,cores=1,threads=1 \
-uuid 496d7ea8-9739-544b-4ebd-ef08be936e8b \
--
2.18.0

146
SOURCES/libvirt-RHEL-network-regain-guest-network-connectivity-after-firewalld-switch-to-nftables.patch Normal file
View File

@ -0,0 +1,146 @@
From 54e270d7fb68b41002654374d395e4f260a24add Mon Sep 17 00:00:00 2001
Message-Id: <54e270d7fb68b41002654374d395e4f260a24add@dist-git>
From: Laine Stump <laine@redhat.com>
Date: Mon, 15 Oct 2018 20:31:02 -0400
Subject: [PATCH] RHEL: network: regain guest network connectivity after
firewalld switch to nftables
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This is a DOWNSTREAM ONLY patch to temporarily get back guest network
connectivity while still allowing the firewalld backend to use
nftables (which is the default with RHEL8).
The circumstances that cause the problem:
In the past (when both libvirt and firewalld used iptables), if either
libvirt's rules *OR* firewalld's rules accepted a packet, it would be
accepted.
But now firewalld uses nftables for its backend, while libvirt's
firewall rules are still using iptables; iptables rules are still
processed, but at a different time during packet processing than the
firewalld nftables hooks. The result is that a packet must be accepted
by *BOTH* the libvirt iptables rules *AND* the firewalld nftable rules
in order to be accepted.
This causes pain for two types of traffic:
1) libvirt always adds rules to permit DNS and DHCP (and sometimes
TFTP) from guests to the host. But libvirt's bridges are in
firewalld's "default" zone (which is usually the zone called
"public"). The public zone allows ssh, but doesn't allow DNS, DHCP, or
TFTP. So guests connected to libvirt's bridges can't acquire an IP
address from DHCP, nor can they make DNS queries to the DNS server
libvirt has setup on the host.
2) firewalld's higher level "rich rules" don't yet have the ability to
configure the acceptance of forwarded traffic (traffic that is going
somewhere beyond the host), so any traffic that needs to be forwarded
is rejected.
libvirt can't send "direct" nftables rules (firewalld only supports
that for iptables), so we can't solve this problem by just sending
direct nftables rules instead of iptables rules.
However, we can take advantage of a quirk in firewalld zones that have
a default policy of accept (meaning any packet that doesn't match a
specific rule in the zone will be accepted) - this default accept will
also accept forwarded traffic (not just traffic destined for the host).
So, as a temporary solution to get all network traffic flowing, this
patch creates a new firewalld zone called "libvirt" which is setup to
include interfaces named virbr0-virbr9, and has a default policy of
accept. With this zone installed, libvirt networks that use the names
virbr0-virbr9 will have *all* their traffic accepted, both to the host
and to/from the rest of the network.
firewalld zones can't normally be added to the runtime config of
firewalld, so we have to reload all of the permanent config for it to
be recognized. This is done with a call to "firewall-cmd --reload"
during postinstall and postuninstall. In the case that firewalld is
inactive, firewall-cmd exits without doing anything (i.e. it doesn't
start up firewalld.service if it's not already started).
This obviously can't be a permanent solution, since it allows guests
to have access to *all* services on the host. However, it doesn't
allow QE and beta testers to test firewalld with an nftables backend
(which is important for firewalld and nftables devs) without breaking
network connectivity for libvirt managed virtual machines (so testing
of those can also take place.
Resolves: https://bugzilla.redhat.com/1638864
This problem is discussed in more detail in this message thread:
https://post-office.corp.redhat.com/mailman/private/virt-devel/2018-September/msg00145.html
https://post-office.corp.redhat.com/mailman/private/virt-devel/2018-October/msg00042.html
and in the BZ assigned to firewalld: https://bugzilla.redhat.com/1623841
Signed-off-by: Laine Stump <laine@laine.org>
Acked-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
libvirt.spec.in | 14 ++++++++++++++
src/network/Makefile.inc.am | 10 +++++++++-
src/network/libvirt.zone | 15 +++++++++++++++
3 files changed, 38 insertions(+), 1 deletion(-)
create mode 100644 src/network/libvirt.zone
diff --git a/src/network/Makefile.inc.am b/src/network/Makefile.inc.am
index 508c8c0422..20d899e699 100644
--- a/src/network/Makefile.inc.am
+++ b/src/network/Makefile.inc.am
@@ -87,6 +87,11 @@ install-data-network:
( cd $(DESTDIR)$(confdir)/qemu/networks/autostart && \
rm -f default.xml && \
$(LN_S) ../default.xml default.xml )
+if HAVE_FIREWALLD
+ $(MKDIR_P) "$(DESTDIR)$(prefix)/lib/firewalld/zones"
+ $(INSTALL_DATA) $(srcdir)/network/libvirt.zone \
+ $(DESTDIR)$(prefix)/lib/firewalld/zones/libvirt.xml
+endif HAVE_FIREWALLD
uninstall-data-network:
rm -f $(DESTDIR)$(confdir)/qemu/networks/autostart/default.xml
@@ -95,10 +100,13 @@ uninstall-data-network:
rmdir "$(DESTDIR)$(confdir)/qemu/networks" || :
rmdir "$(DESTDIR)$(localstatedir)/lib/libvirt/network" ||:
rmdir "$(DESTDIR)$(localstatedir)/run/libvirt/network" ||:
+if HAVE_FIREWALLD
+ rm -f $(DESTDIR)$(prefix)/lib/firewalld/zones/libvirt.xml
+endif HAVE_FIREWALLD
endif WITH_NETWORK
-EXTRA_DIST += network/default.xml
+EXTRA_DIST += network/default.xml network/libvirt.zone
.PHONY: \
install-data-network \
diff --git a/src/network/libvirt.zone b/src/network/libvirt.zone
new file mode 100644
index 0000000000..355a70b4da
--- /dev/null
+++ b/src/network/libvirt.zone
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="utf-8"?>
+<zone target="ACCEPT">
+ <short>libvirt</short>
+ <description>All network connections are accepted. This also permits packets to/from interfaces in the zone to be forwarded. This zone is intended to be used only by libvirt virtual networks.</description>
+ <interface name="virbr0"/>
+ <interface name="virbr1"/>
+ <interface name="virbr2"/>
+ <interface name="virbr3"/>
+ <interface name="virbr4"/>
+ <interface name="virbr5"/>
+ <interface name="virbr6"/>
+ <interface name="virbr7"/>
+ <interface name="virbr8"/>
+ <interface name="virbr9"/>
+</zone>
--
2.19.1

77
SOURCES/libvirt-RHEL-qemu-Add-ability-to-set-sgio-values-for-hostdev.patch Normal file
View File

@ -0,0 +1,77 @@
From 2d4b19613c462e876ee1327d600f5cbbb998c540 Mon Sep 17 00:00:00 2001
Message-Id: <2d4b19613c462e876ee1327d600f5cbbb998c540@dist-git>
From: John Ferlan <jferlan@redhat.com>
Date: Mon, 17 Dec 2018 20:42:30 -0500
Subject: [PATCH] RHEL: qemu: Add ability to set sgio values for hostdev
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
https://bugzilla.redhat.com/show_bug.cgi?id=1582424
RHEL-only
Add necessary checks in order to allow setting sgio values for a scsi
host device
Signed-off-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit f2cf0ae7bc371c75f6c0e79192711f2b1d201b10)
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/qemu/qemu_conf.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index a4f545ef92..3ea9784854 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -1633,6 +1633,7 @@ qemuSetUnprivSGIO(virDomainDeviceDefPtr dev)
virDomainDiskDefPtr disk = NULL;
virDomainHostdevDefPtr hostdev = NULL;
char *sysfs_path = NULL;
+ char *hostdev_path = NULL;
const char *path = NULL;
int val = -1;
int ret = -1;
@@ -1654,14 +1655,10 @@ qemuSetUnprivSGIO(virDomainDeviceDefPtr dev)
if (!qemuIsSharedHostdev(hostdev))
return 0;
- if (hostdev->source.subsys.u.scsi.sgio) {
- virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("'sgio' is not supported for SCSI "
- "generic device yet "));
+ if (!(hostdev_path = qemuGetHostdevPath(hostdev)))
goto cleanup;
- }
- return 0;
+ path = hostdev_path;
} else {
return 0;
}
@@ -1670,7 +1667,11 @@ qemuSetUnprivSGIO(virDomainDeviceDefPtr dev)
goto cleanup;
/* By default, filter the SG_IO commands, i.e. set unpriv_sgio to 0. */
- val = (disk->sgio == VIR_DOMAIN_DEVICE_SGIO_UNFILTERED);
+ if (dev->type == VIR_DOMAIN_DEVICE_DISK)
+ val = (disk->sgio == VIR_DOMAIN_DEVICE_SGIO_UNFILTERED);
+ else
+ val = (hostdev->source.subsys.u.scsi.sgio ==
+ VIR_DOMAIN_DEVICE_SGIO_UNFILTERED);
/* Do not do anything if unpriv_sgio is not supported by the kernel and the
* whitelist is enabled. But if requesting unfiltered access, always call
@@ -1683,6 +1684,7 @@ qemuSetUnprivSGIO(virDomainDeviceDefPtr dev)
ret = 0;
cleanup:
+ VIR_FREE(hostdev_path);
VIR_FREE(sysfs_path);
return ret;
}
--
2.20.1

64
SOURCES/libvirt-RHEL-qemu-Add-check-for-unpriv-sgio-for-SCSI-generic-host-device.patch Normal file
View File

@ -0,0 +1,64 @@
From c39257f41ccb22272c6161777bf71390676bf7f0 Mon Sep 17 00:00:00 2001
Message-Id: <c39257f41ccb22272c6161777bf71390676bf7f0@dist-git>
From: John Ferlan <jferlan@redhat.com>
Date: Mon, 17 Dec 2018 20:42:31 -0500
Subject: [PATCH] RHEL: qemu: Add check for unpriv sgio for SCSI generic host
device
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
https://bugzilla.redhat.com/show_bug.cgi?id=1582424
RHEL-only
Check if the hostdev has set the sgio filtered/unfiltered and handle
appropriately.
This restores functionality removed by upstream commit id 'ce346623'
to remove sgio support for the SCSI generic host device.
Signed-off-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit 712005bcf26190dc6fd1fe56283377987909cc4b)
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/qemu/qemu_conf.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 3ea9784854..7d15af9c0b 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -1473,6 +1473,8 @@ qemuAddSharedHostdev(virQEMUDriverPtr driver,
{
char *dev_path = NULL;
char *key = NULL;
+ virDomainHostdevSubsysSCSIPtr scsisrc = &hostdev->source.subsys.u.scsi;
+ virDomainHostdevSubsysSCSIHostPtr scsihostsrc = &scsisrc->u.host;
int ret = -1;
if (!qemuIsSharedHostdev(hostdev))
@@ -1481,6 +1483,19 @@ qemuAddSharedHostdev(virQEMUDriverPtr driver,
if (!(dev_path = qemuGetHostdevPath(hostdev)))
goto cleanup;
+ if ((ret = qemuCheckUnprivSGIO(driver->sharedDevices, dev_path,
+ scsisrc->sgio)) < 0) {
+ if (ret == -2) {
+ virReportError(VIR_ERR_OPERATION_INVALID,
+ _("sgio of shared scsi host device '%s-%u-%u-%llu' "
+ "conflicts with other active domains"),
+ scsihostsrc->adapter, scsihostsrc->bus,
+ scsihostsrc->target, scsihostsrc->unit);
+ ret = -1;
+ }
+ goto cleanup;
+ }
+
if (!(key = qemuGetSharedDeviceKey(dev_path)))
goto cleanup;
--
2.20.1

45
SOURCES/libvirt-RHEL-qemu-Fix-crash-trying-to-use-iSCSI-hostdev.patch Normal file
View File

@ -0,0 +1,45 @@
From 11bfd4f26c090b95a100aaf056ecfa799dfce979 Mon Sep 17 00:00:00 2001
Message-Id: <11bfd4f26c090b95a100aaf056ecfa799dfce979@dist-git>
From: John Ferlan <jferlan@redhat.com>
Date: Fri, 25 Jan 2019 12:19:12 -0500
Subject: [PATCH] RHEL: qemu: Fix crash trying to use iSCSI hostdev
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
https://bugzilla.redhat.com/show_bug.cgi?id=1669424
https://bugzilla.redhat.com/show_bug.cgi?id=1669966
RHEL-only
Commit 861a1a4d2 moved the qemuIsSharedHostdev filter in the
HOSTDEV half of the logic to allow calling qemuGetHostdevPath;
however, that neglected to check whether the SCSI hostdev was
using the iSCSI protocol which has a different overlayed struct
format (u.iscsi vs. u.host) resulting in attempted access of
u.host when calling virSCSIDeviceGetDevName.
Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/qemu/qemu_conf.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 768e9d8308..a81298326f 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -1667,6 +1667,10 @@ qemuSetUnprivSGIO(virDomainDeviceDefPtr dev)
} else if (dev->type == VIR_DOMAIN_DEVICE_HOSTDEV) {
hostdev = dev->data.hostdev;
+ if (hostdev->source.subsys.u.scsi.protocol ==
+ VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI)
+ return 0;
+
if (!(hostdev_path = qemuGetHostdevPath(hostdev)))
goto cleanup;
--
2.20.1

84
SOURCES/libvirt-Revert-RHEL-network-regain-guest-network-connectivity-after-firewalld-switch-to-nftables.patch Normal file
View File

@ -0,0 +1,84 @@
From 195908ad66fc52643d94eca0f45e5740f25e3e78 Mon Sep 17 00:00:00 2001
Message-Id: <195908ad66fc52643d94eca0f45e5740f25e3e78@dist-git>
From: Laine Stump <laine@laine.org>
Date: Fri, 1 Feb 2019 20:29:26 -0500
Subject: [PATCH] Revert "RHEL: network: regain guest network connectivity
after firewalld switch to nftables"
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This reverts commit 54e270d7fb68b41002654374d395e4f260a24add.
This patch appeared in libvirt-4.5.0-11.el8 (RHEL git commit id
2fb53957). It was a downstream-only temporary fix to the networking
issues resulting from firewalld's switch to using nftables. Now that
there is a permanent fix upstream we can revert this patch and use the
upstream patches instead.
https://bugzilla.redhat.com/1650320
Signed-off-by: Laine Stump <laine@laine.org>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
libvirt.spec.in | 14 --------------
src/network/Makefile.inc.am | 10 +---------
src/network/libvirt.zone | 15 ---------------
3 files changed, 1 insertion(+), 38 deletions(-)
delete mode 100644 src/network/libvirt.zone
diff --git a/src/network/Makefile.inc.am b/src/network/Makefile.inc.am
index 20d899e699..508c8c0422 100644
--- a/src/network/Makefile.inc.am
+++ b/src/network/Makefile.inc.am
@@ -87,11 +87,6 @@ install-data-network:
( cd $(DESTDIR)$(confdir)/qemu/networks/autostart && \
rm -f default.xml && \
$(LN_S) ../default.xml default.xml )
-if HAVE_FIREWALLD
- $(MKDIR_P) "$(DESTDIR)$(prefix)/lib/firewalld/zones"
- $(INSTALL_DATA) $(srcdir)/network/libvirt.zone \
- $(DESTDIR)$(prefix)/lib/firewalld/zones/libvirt.xml
-endif HAVE_FIREWALLD
uninstall-data-network:
rm -f $(DESTDIR)$(confdir)/qemu/networks/autostart/default.xml
@@ -100,13 +95,10 @@ uninstall-data-network:
rmdir "$(DESTDIR)$(confdir)/qemu/networks" || :
rmdir "$(DESTDIR)$(localstatedir)/lib/libvirt/network" ||:
rmdir "$(DESTDIR)$(localstatedir)/run/libvirt/network" ||:
-if HAVE_FIREWALLD
- rm -f $(DESTDIR)$(prefix)/lib/firewalld/zones/libvirt.xml
-endif HAVE_FIREWALLD
endif WITH_NETWORK
-EXTRA_DIST += network/default.xml network/libvirt.zone
+EXTRA_DIST += network/default.xml
.PHONY: \
install-data-network \
diff --git a/src/network/libvirt.zone b/src/network/libvirt.zone
deleted file mode 100644
index 355a70b4da..0000000000
--- a/src/network/libvirt.zone
+++ /dev/null
@@ -1,15 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<zone target="ACCEPT">
- <short>libvirt</short>
- <description>All network connections are accepted. This also permits packets to/from interfaces in the zone to be forwarded. This zone is intended to be used only by libvirt virtual networks.</description>
- <interface name="virbr0"/>
- <interface name="virbr1"/>
- <interface name="virbr2"/>
- <interface name="virbr3"/>
- <interface name="virbr4"/>
- <interface name="virbr5"/>
- <interface name="virbr6"/>
- <interface name="virbr7"/>
- <interface name="virbr8"/>
- <interface name="virbr9"/>
-</zone>
--
2.20.1

163
SOURCES/libvirt-Revert-access-Modify-the-VIR_ERR_ACCESS_DENIED-to-include-driverName.patch Normal file
View File

@ -0,0 +1,163 @@
From 6af885a53e425b88c7d9c123f64bbc4f8517b8a8 Mon Sep 17 00:00:00 2001
Message-Id: <6af885a53e425b88c7d9c123f64bbc4f8517b8a8@dist-git>
From: John Ferlan <jferlan@redhat.com>
Date: Thu, 15 Nov 2018 06:43:58 -0500
Subject: [PATCH] Revert "access: Modify the VIR_ERR_ACCESS_DENIED to include
driverName"
https://bugzilla.redhat.com/show_bug.cgi?id=1631608 (RHEL8)
https://bugzilla.redhat.com/show_bug.cgi?id=1631606 (RHEL7)
This reverts commit ccc72d5cbdd85f66cb737134b3be40aac1df03ef.
Based on upstream comment to a follow-up patch, this didn't take the
right approach and the right thing to do is revert and rework.
Signed-off-by: John Ferlan <jferlan@redhat.com>
(cherry picked from commit b08396a5feab02fb3bb595603c888ee733aa178e)
Reviewed-by: Erik Skultety <eskultet@redhat.com>
---
src/access/viraccessmanager.c | 25 ++++++++++++-------------
src/rpc/gendispatch.pl | 2 +-
src/util/virerror.c | 4 ++--
3 files changed, 15 insertions(+), 16 deletions(-)
diff --git a/src/access/viraccessmanager.c b/src/access/viraccessmanager.c
index 1dfff32b9d..e7b5bf38da 100644
--- a/src/access/viraccessmanager.c
+++ b/src/access/viraccessmanager.c
@@ -196,12 +196,11 @@ static void virAccessManagerDispose(void *object)
* should the admin need to debug things
*/
static int
-virAccessManagerSanitizeError(int ret,
- const char *driverName)
+virAccessManagerSanitizeError(int ret)
{
if (ret < 0) {
virResetLastError();
- virAccessError(VIR_ERR_ACCESS_DENIED, driverName, NULL);
+ virAccessError(VIR_ERR_ACCESS_DENIED, NULL);
}
return ret;
@@ -218,7 +217,7 @@ int virAccessManagerCheckConnect(virAccessManagerPtr manager,
if (manager->drv->checkConnect)
ret = manager->drv->checkConnect(manager, driverName, perm);
- return virAccessManagerSanitizeError(ret, driverName);
+ return virAccessManagerSanitizeError(ret);
}
@@ -234,7 +233,7 @@ int virAccessManagerCheckDomain(virAccessManagerPtr manager,
if (manager->drv->checkDomain)
ret = manager->drv->checkDomain(manager, driverName, domain, perm);
- return virAccessManagerSanitizeError(ret, driverName);
+ return virAccessManagerSanitizeError(ret);
}
int virAccessManagerCheckInterface(virAccessManagerPtr manager,
@@ -249,7 +248,7 @@ int virAccessManagerCheckInterface(virAccessManagerPtr manager,
if (manager->drv->checkInterface)
ret = manager->drv->checkInterface(manager, driverName, iface, perm);
- return virAccessManagerSanitizeError(ret, driverName);
+ return virAccessManagerSanitizeError(ret);
}
int virAccessManagerCheckNetwork(virAccessManagerPtr manager,
@@ -264,7 +263,7 @@ int virAccessManagerCheckNetwork(virAccessManagerPtr manager,
if (manager->drv->checkNetwork)
ret = manager->drv->checkNetwork(manager, driverName, network, perm);
- return virAccessManagerSanitizeError(ret, driverName);
+ return virAccessManagerSanitizeError(ret);
}
int virAccessManagerCheckNodeDevice(virAccessManagerPtr manager,
@@ -279,7 +278,7 @@ int virAccessManagerCheckNodeDevice(virAccessManagerPtr manager,
if (manager->drv->checkNodeDevice)
ret = manager->drv->checkNodeDevice(manager, driverName, nodedev, perm);
- return virAccessManagerSanitizeError(ret, driverName);
+ return virAccessManagerSanitizeError(ret);
}
int virAccessManagerCheckNWFilter(virAccessManagerPtr manager,
@@ -294,7 +293,7 @@ int virAccessManagerCheckNWFilter(virAccessManagerPtr manager,
if (manager->drv->checkNWFilter)
ret = manager->drv->checkNWFilter(manager, driverName, nwfilter, perm);
- return virAccessManagerSanitizeError(ret, driverName);
+ return virAccessManagerSanitizeError(ret);
}
int virAccessManagerCheckNWFilterBinding(virAccessManagerPtr manager,
@@ -309,7 +308,7 @@ int virAccessManagerCheckNWFilterBinding(virAccessManagerPtr manager,
if (manager->drv->checkNWFilterBinding)
ret = manager->drv->checkNWFilterBinding(manager, driverName, binding, perm);
- return virAccessManagerSanitizeError(ret, driverName);
+ return virAccessManagerSanitizeError(ret);
}
int virAccessManagerCheckSecret(virAccessManagerPtr manager,
@@ -324,7 +323,7 @@ int virAccessManagerCheckSecret(virAccessManagerPtr manager,
if (manager->drv->checkSecret)
ret = manager->drv->checkSecret(manager, driverName, secret, perm);
- return virAccessManagerSanitizeError(ret, driverName);
+ return virAccessManagerSanitizeError(ret);
}
int virAccessManagerCheckStoragePool(virAccessManagerPtr manager,
@@ -339,7 +338,7 @@ int virAccessManagerCheckStoragePool(virAccessManagerPtr manager,
if (manager->drv->checkStoragePool)
ret = manager->drv->checkStoragePool(manager, driverName, pool, perm);
- return virAccessManagerSanitizeError(ret, driverName);
+ return virAccessManagerSanitizeError(ret);
}
int virAccessManagerCheckStorageVol(virAccessManagerPtr manager,
@@ -355,5 +354,5 @@ int virAccessManagerCheckStorageVol(virAccessManagerPtr manager,
if (manager->drv->checkStorageVol)
ret = manager->drv->checkStorageVol(manager, driverName, pool, vol, perm);
- return virAccessManagerSanitizeError(ret, driverName);
+ return virAccessManagerSanitizeError(ret);
}
diff --git a/src/rpc/gendispatch.pl b/src/rpc/gendispatch.pl
index f599002056..0c4648c0fb 100755
--- a/src/rpc/gendispatch.pl
+++ b/src/rpc/gendispatch.pl
@@ -2199,7 +2199,7 @@ elsif ($mode eq "client") {
print " virObjectUnref(mgr);\n";
if ($action eq "Ensure") {
print " if (rv == 0)\n";
- print " virReportError(VIR_ERR_ACCESS_DENIED, conn->driver->name, NULL);\n";
+ print " virReportError(VIR_ERR_ACCESS_DENIED, NULL);\n";
print " return $fail;\n";
} else {
print " virResetLastError();\n";
diff --git a/src/util/virerror.c b/src/util/virerror.c
index 5f50fa0349..f198f27957 100644
--- a/src/util/virerror.c
+++ b/src/util/virerror.c
@@ -1439,9 +1439,9 @@ virErrorMsg(virErrorNumber error, const char *info)
break;
case VIR_ERR_ACCESS_DENIED:
if (info == NULL)
- errmsg = _("access denied from '%s'");
+ errmsg = _("access denied");
else
- errmsg = _("access denied from '%s': %s");
+ errmsg = _("access denied: %s");
break;
case VIR_ERR_DBUS_SERVICE:
if (info == NULL)
--
2.19.2

60
SOURCES/libvirt-access-Fix-nwfilter-binding-ACL-access-API-name-generation.patch Normal file
View File

@ -0,0 +1,60 @@
From 254da75ea1a9c2cade909534153f444bb8981c2a Mon Sep 17 00:00:00 2001
Message-Id: <254da75ea1a9c2cade909534153f444bb8981c2a@dist-git>
From: John Ferlan <jferlan@redhat.com>
Date: Mon, 27 Aug 2018 08:27:47 -0400
Subject: [PATCH] access: Fix nwfilter-binding ACL access API name generation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
https://bugzilla.redhat.com/show_bug.cgi?id=1611320
Generation of the ACL API policy is a "automated process"
based on this perl script which "worked" with the changes to
add nwfilter binding API's because they had the "nwfilter"
prefix; however, the generated output name was incorrect
based on the remote protocol algorithm which expected to
generate names such as 'nwfilter-binding.action' instead
of 'nwfilter.binding-action'.
This effectively changes src/access/org.libvirt.api.policy entries:
org.libvirt.api.nwfilter.binding-create ==>
org.libvirt.api.nwfilter-binding.create
org.libvirt.api.nwfilter.binding-delete ==>
org.libvirt.api.nwfilter-binding.delete
org.libvirt.api.nwfilter.binding-getattr ==>
org.libvirt.api.nwfilter-binding.getattr
org.libvirt.api.nwfilter.binding-read ==>
org.libvirt.api.nwfilter-binding.read
Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 6ef65e3c96d5d1f16a16daca83b81b818d461e64)
https: //bugzilla.redhat.com/show_bug.cgi?id=1622540
Reviewed-by: Erik Skultety <eskultet@redhat.com>
---
src/access/genpolkit.pl | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/access/genpolkit.pl b/src/access/genpolkit.pl
index 968cb8c55c..e074c90eb6 100755
--- a/src/access/genpolkit.pl
+++ b/src/access/genpolkit.pl
@@ -22,8 +22,8 @@ use warnings;
my @objects = (
"CONNECT", "DOMAIN", "INTERFACE",
- "NETWORK","NODE_DEVICE", "NWFILTER",
- "SECRET", "STORAGE_POOL", "STORAGE_VOL",
+ "NETWORK","NODE_DEVICE", "NWFILTER_BINDING", "NWFILTER",
+ "SECRET", "STORAGE_POOL", "STORAGE_VOL",
);
my $objects = join ("|", @objects);
--
2.18.0

173
SOURCES/libvirt-access-Modify-the-VIR_ERR_ACCESS_DENIED-to-include-driverName.patch Normal file
View File

@ -0,0 +1,173 @@
From 85750b0466aa3719d3d2447abaab2e87db92f552 Mon Sep 17 00:00:00 2001
Message-Id: <85750b0466aa3719d3d2447abaab2e87db92f552@dist-git>
From: John Ferlan <jferlan@redhat.com>
Date: Mon, 5 Nov 2018 07:48:37 -0500
Subject: [PATCH] access: Modify the VIR_ERR_ACCESS_DENIED to include
driverName
https://bugzilla.redhat.com/show_bug.cgi?id=1631608 (RHEL 8.0)
https://bugzilla.redhat.com/show_bug.cgi?id=1631606 (RHEL 7.7)
Changes made to manage and utilize a secondary connection
driver to APIs outside the scope of the primary connection
driver have resulted in some confusion processing polkit rules
since the simple "access denied" error message doesn't provide
enough of a clue when combined with the "authentication failed:
access denied by policy" as to which connection driver refused
or failed the ACL check.
In order to provide some context, let's modify the existing
"access denied" error returne from the various vir*EnsureACL
API's to provide the connection driver name that is causing
the failure. This should provide the context for writing the
polkit rules that would allow access via the driver.
Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit ccc72d5cbdd85f66cb737134b3be40aac1df03ef)
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
src/access/viraccessmanager.c | 25 +++++++++++++------------
src/rpc/gendispatch.pl | 2 +-
src/util/virerror.c | 4 ++--
3 files changed, 16 insertions(+), 15 deletions(-)
diff --git a/src/access/viraccessmanager.c b/src/access/viraccessmanager.c
index e7b5bf38da..1dfff32b9d 100644
--- a/src/access/viraccessmanager.c
+++ b/src/access/viraccessmanager.c
@@ -196,11 +196,12 @@ static void virAccessManagerDispose(void *object)
* should the admin need to debug things
*/
static int
-virAccessManagerSanitizeError(int ret)
+virAccessManagerSanitizeError(int ret,
+ const char *driverName)
{
if (ret < 0) {
virResetLastError();
- virAccessError(VIR_ERR_ACCESS_DENIED, NULL);
+ virAccessError(VIR_ERR_ACCESS_DENIED, driverName, NULL);
}
return ret;
@@ -217,7 +218,7 @@ int virAccessManagerCheckConnect(virAccessManagerPtr manager,
if (manager->drv->checkConnect)
ret = manager->drv->checkConnect(manager, driverName, perm);
- return virAccessManagerSanitizeError(ret);
+ return virAccessManagerSanitizeError(ret, driverName);
}
@@ -233,7 +234,7 @@ int virAccessManagerCheckDomain(virAccessManagerPtr manager,
if (manager->drv->checkDomain)
ret = manager->drv->checkDomain(manager, driverName, domain, perm);
- return virAccessManagerSanitizeError(ret);
+ return virAccessManagerSanitizeError(ret, driverName);
}
int virAccessManagerCheckInterface(virAccessManagerPtr manager,
@@ -248,7 +249,7 @@ int virAccessManagerCheckInterface(virAccessManagerPtr manager,
if (manager->drv->checkInterface)
ret = manager->drv->checkInterface(manager, driverName, iface, perm);
- return virAccessManagerSanitizeError(ret);
+ return virAccessManagerSanitizeError(ret, driverName);
}
int virAccessManagerCheckNetwork(virAccessManagerPtr manager,
@@ -263,7 +264,7 @@ int virAccessManagerCheckNetwork(virAccessManagerPtr manager,
if (manager->drv->checkNetwork)
ret = manager->drv->checkNetwork(manager, driverName, network, perm);
- return virAccessManagerSanitizeError(ret);
+ return virAccessManagerSanitizeError(ret, driverName);
}
int virAccessManagerCheckNodeDevice(virAccessManagerPtr manager,
@@ -278,7 +279,7 @@ int virAccessManagerCheckNodeDevice(virAccessManagerPtr manager,
if (manager->drv->checkNodeDevice)
ret = manager->drv->checkNodeDevice(manager, driverName, nodedev, perm);
- return virAccessManagerSanitizeError(ret);
+ return virAccessManagerSanitizeError(ret, driverName);
}
int virAccessManagerCheckNWFilter(virAccessManagerPtr manager,
@@ -293,7 +294,7 @@ int virAccessManagerCheckNWFilter(virAccessManagerPtr manager,
if (manager->drv->checkNWFilter)
ret = manager->drv->checkNWFilter(manager, driverName, nwfilter, perm);
- return virAccessManagerSanitizeError(ret);
+ return virAccessManagerSanitizeError(ret, driverName);
}
int virAccessManagerCheckNWFilterBinding(virAccessManagerPtr manager,
@@ -308,7 +309,7 @@ int virAccessManagerCheckNWFilterBinding(virAccessManagerPtr manager,
if (manager->drv->checkNWFilterBinding)
ret = manager->drv->checkNWFilterBinding(manager, driverName, binding, perm);
- return virAccessManagerSanitizeError(ret);
+ return virAccessManagerSanitizeError(ret, driverName);
}
int virAccessManagerCheckSecret(virAccessManagerPtr manager,
@@ -323,7 +324,7 @@ int virAccessManagerCheckSecret(virAccessManagerPtr manager,
if (manager->drv->checkSecret)
ret = manager->drv->checkSecret(manager, driverName, secret, perm);
- return virAccessManagerSanitizeError(ret);
+ return virAccessManagerSanitizeError(ret, driverName);
}
int virAccessManagerCheckStoragePool(virAccessManagerPtr manager,
@@ -338,7 +339,7 @@ int virAccessManagerCheckStoragePool(virAccessManagerPtr manager,
if (manager->drv->checkStoragePool)
ret = manager->drv->checkStoragePool(manager, driverName, pool, perm);
- return virAccessManagerSanitizeError(ret);
+ return virAccessManagerSanitizeError(ret, driverName);
}
int virAccessManagerCheckStorageVol(virAccessManagerPtr manager,
@@ -354,5 +355,5 @@ int virAccessManagerCheckStorageVol(virAccessManagerPtr manager,
if (manager->drv->checkStorageVol)
ret = manager->drv->checkStorageVol(manager, driverName, pool, vol, perm);
- return virAccessManagerSanitizeError(ret);
+ return virAccessManagerSanitizeError(ret, driverName);
}
diff --git a/src/rpc/gendispatch.pl b/src/rpc/gendispatch.pl
index 0c4648c0fb..f599002056 100755
--- a/src/rpc/gendispatch.pl
+++ b/src/rpc/gendispatch.pl
@@ -2199,7 +2199,7 @@ elsif ($mode eq "client") {
print " virObjectUnref(mgr);\n";
if ($action eq "Ensure") {
print " if (rv == 0)\n";
- print " virReportError(VIR_ERR_ACCESS_DENIED, NULL);\n";
+ print " virReportError(VIR_ERR_ACCESS_DENIED, conn->driver->name, NULL);\n";
print " return $fail;\n";
} else {
print " virResetLastError();\n";
diff --git a/src/util/virerror.c b/src/util/virerror.c
index f198f27957..5f50fa0349 100644
--- a/src/util/virerror.c
+++ b/src/util/virerror.c
@@ -1439,9 +1439,9 @@ virErrorMsg(virErrorNumber error, const char *info)
break;
case VIR_ERR_ACCESS_DENIED:
if (info == NULL)
- errmsg = _("access denied");
+ errmsg = _("access denied from '%s'");
else
- errmsg = _("access denied: %s");
+ errmsg = _("access denied from '%s': %s");
break;
case VIR_ERR_DBUS_SERVICE:
if (info == NULL)
--
2.19.1

159
SOURCES/libvirt-access-Modify-the-VIR_ERR_ACCESS_DENIED-to-include-driverName_1.patch Normal file
View File

@ -0,0 +1,159 @@
From 541a154e0f98604f63cb22356287dfa3858748c9 Mon Sep 17 00:00:00 2001
Message-Id: <541a154e0f98604f63cb22356287dfa3858748c9@dist-git>
From: John Ferlan <jferlan@redhat.com>
Date: Thu, 15 Nov 2018 06:43:59 -0500
Subject: [PATCH] access: Modify the VIR_ERR_ACCESS_DENIED to include
driverName
https://bugzilla.redhat.com/show_bug.cgi?id=1631608 (RHEL8)
https://bugzilla.redhat.com/show_bug.cgi?id=1631606 (RHEL7)
Changes made to manage and utilize a secondary connection
driver to APIs outside the scope of the primary connection
driver have resulted in some confusion processing polkit rules
since the simple "access denied" error message doesn't provide
enough of a clue when combined with the "authentication failed:
access denied by policy" as to which connection driver refused
or failed the ACL check.
In order to provide some context, let's modify the existing
"access denied" error returned from the various vir*EnsureACL
API's to provide the connection driver name that is causing
the failure. This should provide the context for writing the
polkit rules that would allow access via the driver, but yet
still adhere to the virAccessManagerSanitizeError commentary
regarding not telling the user why access was denied.
Signed-off-by: John Ferlan <jferlan@redhat.com>
(cherry picked from commit 605496be609e153526fcdd3e98df8cf5244bc8fa)
Reviewed-by: Erik Skultety <eskultet@redhat.com>
---
src/access/viraccessmanager.c | 26 ++++++++++++++------------
src/rpc/gendispatch.pl | 3 ++-
2 files changed, 16 insertions(+), 13 deletions(-)
diff --git a/src/access/viraccessmanager.c b/src/access/viraccessmanager.c
index e7b5bf38da..f5d62604cf 100644
--- a/src/access/viraccessmanager.c
+++ b/src/access/viraccessmanager.c
@@ -196,11 +196,13 @@ static void virAccessManagerDispose(void *object)
* should the admin need to debug things
*/
static int
-virAccessManagerSanitizeError(int ret)
+virAccessManagerSanitizeError(int ret,
+ const char *driverName)
{
if (ret < 0) {
virResetLastError();
- virAccessError(VIR_ERR_ACCESS_DENIED, NULL);
+ virAccessError(VIR_ERR_ACCESS_DENIED,
+ _("'%s' denied access"), driverName);
}
return ret;
@@ -217,7 +219,7 @@ int virAccessManagerCheckConnect(virAccessManagerPtr manager,
if (manager->drv->checkConnect)
ret = manager->drv->checkConnect(manager, driverName, perm);
- return virAccessManagerSanitizeError(ret);
+ return virAccessManagerSanitizeError(ret, driverName);
}
@@ -233,7 +235,7 @@ int virAccessManagerCheckDomain(virAccessManagerPtr manager,
if (manager->drv->checkDomain)
ret = manager->drv->checkDomain(manager, driverName, domain, perm);
- return virAccessManagerSanitizeError(ret);
+ return virAccessManagerSanitizeError(ret, driverName);
}
int virAccessManagerCheckInterface(virAccessManagerPtr manager,
@@ -248,7 +250,7 @@ int virAccessManagerCheckInterface(virAccessManagerPtr manager,
if (manager->drv->checkInterface)
ret = manager->drv->checkInterface(manager, driverName, iface, perm);
- return virAccessManagerSanitizeError(ret);
+ return virAccessManagerSanitizeError(ret, driverName);
}
int virAccessManagerCheckNetwork(virAccessManagerPtr manager,
@@ -263,7 +265,7 @@ int virAccessManagerCheckNetwork(virAccessManagerPtr manager,
if (manager->drv->checkNetwork)
ret = manager->drv->checkNetwork(manager, driverName, network, perm);
- return virAccessManagerSanitizeError(ret);
+ return virAccessManagerSanitizeError(ret, driverName);
}
int virAccessManagerCheckNodeDevice(virAccessManagerPtr manager,
@@ -278,7 +280,7 @@ int virAccessManagerCheckNodeDevice(virAccessManagerPtr manager,
if (manager->drv->checkNodeDevice)
ret = manager->drv->checkNodeDevice(manager, driverName, nodedev, perm);
- return virAccessManagerSanitizeError(ret);
+ return virAccessManagerSanitizeError(ret, driverName);
}
int virAccessManagerCheckNWFilter(virAccessManagerPtr manager,
@@ -293,7 +295,7 @@ int virAccessManagerCheckNWFilter(virAccessManagerPtr manager,
if (manager->drv->checkNWFilter)
ret = manager->drv->checkNWFilter(manager, driverName, nwfilter, perm);
- return virAccessManagerSanitizeError(ret);
+ return virAccessManagerSanitizeError(ret, driverName);
}
int virAccessManagerCheckNWFilterBinding(virAccessManagerPtr manager,
@@ -308,7 +310,7 @@ int virAccessManagerCheckNWFilterBinding(virAccessManagerPtr manager,
if (manager->drv->checkNWFilterBinding)
ret = manager->drv->checkNWFilterBinding(manager, driverName, binding, perm);
- return virAccessManagerSanitizeError(ret);
+ return virAccessManagerSanitizeError(ret, driverName);
}
int virAccessManagerCheckSecret(virAccessManagerPtr manager,
@@ -323,7 +325,7 @@ int virAccessManagerCheckSecret(virAccessManagerPtr manager,
if (manager->drv->checkSecret)
ret = manager->drv->checkSecret(manager, driverName, secret, perm);
- return virAccessManagerSanitizeError(ret);
+ return virAccessManagerSanitizeError(ret, driverName);
}
int virAccessManagerCheckStoragePool(virAccessManagerPtr manager,
@@ -338,7 +340,7 @@ int virAccessManagerCheckStoragePool(virAccessManagerPtr manager,
if (manager->drv->checkStoragePool)
ret = manager->drv->checkStoragePool(manager, driverName, pool, perm);
- return virAccessManagerSanitizeError(ret);
+ return virAccessManagerSanitizeError(ret, driverName);
}
int virAccessManagerCheckStorageVol(virAccessManagerPtr manager,
@@ -354,5 +356,5 @@ int virAccessManagerCheckStorageVol(virAccessManagerPtr manager,
if (manager->drv->checkStorageVol)
ret = manager->drv->checkStorageVol(manager, driverName, pool, vol, perm);
- return virAccessManagerSanitizeError(ret);
+ return virAccessManagerSanitizeError(ret, driverName);
}
diff --git a/src/rpc/gendispatch.pl b/src/rpc/gendispatch.pl
index 0c4648c0fb..a8b9f5aeca 100755
--- a/src/rpc/gendispatch.pl
+++ b/src/rpc/gendispatch.pl
@@ -2199,7 +2199,8 @@ elsif ($mode eq "client") {
print " virObjectUnref(mgr);\n";
if ($action eq "Ensure") {
print " if (rv == 0)\n";
- print " virReportError(VIR_ERR_ACCESS_DENIED, NULL);\n";
+ print " virReportError(VIR_ERR_ACCESS_DENIED,\n";
+ print" _(\"'%s' denied access\"), conn->driver->name);\n";
print " return $fail;\n";
} else {
print " virResetLastError();\n";
--
2.19.2

76
SOURCES/libvirt-conf-Add-validation-of-input-devices.patch Normal file
View File

@ -0,0 +1,76 @@
From c2afbedc310ac1a65a5ee96c8fa4103e926483c4 Mon Sep 17 00:00:00 2001
Message-Id: <c2afbedc310ac1a65a5ee96c8fa4103e926483c4@dist-git>
From: Han Han <hhan@redhat.com>
Date: Tue, 28 Aug 2018 10:30:51 +0200
Subject: [PATCH] conf: Add validation of input devices
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
https://bugzilla.redhat.com/show_bug.cgi?id=1591151
Add function virDomainInputDefValidate to validate input devices.
Make sure evdev attribute of source element is not used by mouse,
keyboard, and tablet input device.
Signed-off-by: Han Han <hhan@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
(cherry picked from commit deb057fd364cb57614c6dea7b05c247231f9ae4f)
Signed-off-by: Ján Tomko <jtomko@redhat.com>
https: //bugzilla.redhat.com/show_bug.cgi?id=1591240
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
---
src/conf/domain_conf.c | 27 ++++++++++++++++++++++++++-
1 file changed, 26 insertions(+), 1 deletion(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 51a79ad8b1..16e52d149d 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -5760,6 +5760,29 @@ virDomainVsockDefValidate(const virDomainVsockDef *vsock)
return 0;
}
+static int
+virDomainInputDefValidate(const virDomainInputDef *input)
+{
+ switch ((virDomainInputType) input->type) {
+ case VIR_DOMAIN_INPUT_TYPE_MOUSE:
+ case VIR_DOMAIN_INPUT_TYPE_TABLET:
+ case VIR_DOMAIN_INPUT_TYPE_KBD:
+ case VIR_DOMAIN_INPUT_TYPE_LAST:
+ if (input->source.evdev) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("setting source evdev path only supported for "
+ "passthrough input devices"));
+ return -1;
+ }
+ break;
+
+ case VIR_DOMAIN_INPUT_TYPE_PASSTHROUGH:
+ break;
+ }
+
+ return 0;
+}
+
static int
virDomainDeviceDefValidateInternal(const virDomainDeviceDef *dev,
@@ -5799,9 +5822,11 @@ virDomainDeviceDefValidateInternal(const virDomainDeviceDef *dev,
case VIR_DOMAIN_DEVICE_VSOCK:
return virDomainVsockDefValidate(dev->data.vsock);
+ case VIR_DOMAIN_DEVICE_INPUT:
+ return virDomainInputDefValidate(dev->data.input);
+
case VIR_DOMAIN_DEVICE_LEASE:
case VIR_DOMAIN_DEVICE_FS:
- case VIR_DOMAIN_DEVICE_INPUT:
case VIR_DOMAIN_DEVICE_SOUND:
case VIR_DOMAIN_DEVICE_WATCHDOG:
case VIR_DOMAIN_DEVICE_GRAPHICS:
--
2.18.0

69
SOURCES/libvirt-conf-Expose-virDomainSCSIDriveAddressIsUsed.patch Normal file
View File

@ -0,0 +1,69 @@
From 2e3774564235a185a2cc4b7a22c17de17498db68 Mon Sep 17 00:00:00 2001
Message-Id: <2e3774564235a185a2cc4b7a22c17de17498db68@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Thu, 18 Apr 2019 19:36:31 +0200
Subject: [PATCH] conf: Expose virDomainSCSIDriveAddressIsUsed
RHEl-7.7: https://bugzilla.redhat.com/show_bug.cgi?id=1692296
RHEL-8.1.0: https://bugzilla.redhat.com/show_bug.cgi?id=1692354
This function checks if given drive address is already present in
passed domain definition. Expose the function as it will be used
shortly.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Tested-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
(cherry picked from commit 89237d534f0fe950d06a2081089154160c6c2224)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Message-Id: <ef6c1d914a1f6bf0cdb44006b9adf6edf7bb4d41.1555608962.git.mprivozn@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
src/conf/domain_conf.c | 2 +-
src/conf/domain_conf.h | 4 ++++
src/libvirt_private.syms | 1 +
3 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index d431441f62..e62f78471c 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -4404,7 +4404,7 @@ virDomainDriveAddressIsUsedByHostdev(const virDomainDef *def,
* Return true if the SCSI drive address is already in use, false
* otherwise.
*/
-static bool
+bool
virDomainSCSIDriveAddressIsUsed(const virDomainDef *def,
const virDomainDeviceDriveAddress *addr)
{
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index f05fca284f..dbccf2cf24 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2789,6 +2789,10 @@ virDomainXMLNamespacePtr
virDomainXMLOptionGetNamespace(virDomainXMLOptionPtr xmlopt)
ATTRIBUTE_NONNULL(1);
+bool
+virDomainSCSIDriveAddressIsUsed(const virDomainDef *def,
+ const virDomainDeviceDriveAddress *addr);
+
int virDomainDefPostParse(virDomainDefPtr def,
virCapsPtr caps,
unsigned int parseFlags,
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 624151056a..df27ac4b3a 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -520,6 +520,7 @@ virDomainRunningReasonTypeToString;
virDomainSaveConfig;
virDomainSaveStatus;
virDomainSaveXML;
+virDomainSCSIDriveAddressIsUsed;
virDomainSeclabelTypeFromString;
virDomainSeclabelTypeToString;
virDomainShmemDefEquals;
--
2.21.0

35
SOURCES/libvirt-conf-Fix-a-error-msg-typo-in-virDomainVideoDefValidate.patch Normal file
View File

@ -0,0 +1,35 @@
From b1c91c78451c59b0ebe3aafa17eef764e69be28c Mon Sep 17 00:00:00 2001
Message-Id: <b1c91c78451c59b0ebe3aafa17eef764e69be28c@dist-git>
From: Han Han <hhan@redhat.com>
Date: Tue, 31 Jul 2018 10:42:27 +0200
Subject: [PATCH] conf: Fix a error msg typo in virDomainVideoDefValidate
https://bugzilla.redhat.com/show_bug.cgi?id=1607825
Introduced by commit d48813e8.
Signed-off-by: Han Han <hhan@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
(cherry picked from commit d1c4480390da7243e37daee37f8a40cb439a6a7c)
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
src/conf/domain_conf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 23288aa01b..a05aad056d 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -5697,7 +5697,7 @@ virDomainVideoDefValidate(const virDomainVideoDef *video,
if (def->videos[i]->type == VIR_DOMAIN_VIDEO_TYPE_NONE &&
def->nvideos > 1) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("a '%s' video type must be the only video device "
+ _("a 'none' video type must be the only video device "
"defined for the domain"));
return -1;
}
--
2.18.0

113
SOURCES/libvirt-conf-Fix-check-for-chardev-source-path.patch Normal file
View File

@ -0,0 +1,113 @@
From 27213f01f9320cf0fec49980f78a100e64025ba4 Mon Sep 17 00:00:00 2001
Message-Id: <27213f01f9320cf0fec49980f78a100e64025ba4@dist-git>
From: Andrea Bolognani <abologna@redhat.com>
Date: Fri, 7 Sep 2018 17:53:32 +0200
Subject: [PATCH] conf: Fix check for chardev source path
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Attempting to use a chardev definition like
<serial type='unix'>
<target type='isa-serial'/>
</serial>
correctly results in an error being reported, since the source
path - a required piece of information - is missing; however,
the very similar
<serial type='unix'>
<target type='pci-serial'/>
</serial>
was happily accepted by libvirt, only to result in libvirtd
crashing as soon as the guest was started.
The issue was caused by checking the chardev's targetType
against whitelisted values from virDomainChrChannelTargetType
without first checking the chardev's deviceType to make sure
it is actually a channel, for which the check makes sense,
rather than a different type of chardev.
The only reason this wasn't spotted earlier is that the
whitelisted values just so happen to correspond to USB and
PCI serial devices and Xen and UML consoles respectively,
all of which are fairly uncommon.
https://bugzilla.redhat.com/show_bug.cgi?id=1609720
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 614193fac67445a7e92bf620ffef726ed1bd6f07)
https://bugzilla.redhat.com/show_bug.cgi?id=1609723
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
---
src/conf/domain_conf.c | 11 +++++++----
.../serial-unix-missing-source.xml | 15 +++++++++++++++
tests/qemuxml2argvtest.c | 1 +
3 files changed, 23 insertions(+), 4 deletions(-)
create mode 100644 tests/qemuxml2argvdata/serial-unix-missing-source.xml
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index a881b43b51..240b33f28c 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -5523,11 +5523,14 @@ virDomainChrSourceDefValidate(const virDomainChrSourceDef *def,
break;
case VIR_DOMAIN_CHR_TYPE_UNIX:
- /* path can be auto generated */
+ /* The source path can be auto generated for certain specific
+ * types of channels, but in most cases we should report an
+ * error if the user didn't provide it */
if (!def->data.nix.path &&
- (!chr_def ||
- (chr_def->targetType != VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_XEN &&
- chr_def->targetType != VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_VIRTIO))) {
+ !(chr_def &&
+ chr_def->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CHANNEL &&
+ (chr_def->targetType == VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_XEN ||
+ chr_def->targetType == VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_VIRTIO))) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("Missing source path attribute for char device"));
return -1;
diff --git a/tests/qemuxml2argvdata/serial-unix-missing-source.xml b/tests/qemuxml2argvdata/serial-unix-missing-source.xml
new file mode 100644
index 0000000000..1e1221f12d
--- /dev/null
+++ b/tests/qemuxml2argvdata/serial-unix-missing-source.xml
@@ -0,0 +1,15 @@
+<domain type='qemu'>
+ <name>guest</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>1048576</memory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='aarch64' machine='virt'>hvm</type>
+ </os>
+ <devices>
+ <emulator>/usr/bin/qemu-system-aarch64</emulator>
+ <serial type='unix'>
+ <target type='pci-serial'/>
+ </serial>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 608a2b6ce3..ebe9c8a131 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1363,6 +1363,7 @@ mymain(void)
DO_TEST("serial-unix-chardev",
QEMU_CAPS_DEVICE_ISA_SERIAL);
DO_TEST_CAPS_LATEST("serial-unix-chardev");
+ DO_TEST_PARSE_ERROR("serial-unix-missing-source", NONE);
DO_TEST("serial-tcp-chardev",
QEMU_CAPS_DEVICE_ISA_SERIAL);
DO_TEST("serial-udp-chardev",
--
2.19.1

416
SOURCES/libvirt-conf-Introduce-new-hostdev-attribute-display.patch Normal file
View File

@ -0,0 +1,416 @@
From 5ad0f7cc1b2444ee9355229316fb008919d22c71 Mon Sep 17 00:00:00 2001
Message-Id: <5ad0f7cc1b2444ee9355229316fb008919d22c71@dist-git>
From: Erik Skultety <eskultet@redhat.com>
Date: Thu, 19 Jul 2018 15:04:02 +0200
Subject: [PATCH] conf: Introduce new <hostdev> attribute 'display'
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
QEMU 2.12 introduced a new type of display for mediated devices using
vfio-pci backend which allows a mediated device to be used as a VGA
compatible device as an alternative to an emulated video device. QEMU
exposes this feature via a vfio device property 'display' with supported
values 'on/off/auto' (libvirt will default to 'off').
This patch adds the necessary bits to domain config handling in order to
expose this feature. Since there's no convenient way for libvirt to come
up with usable defaults for the display setting, simply because libvirt
is not able to figure out which of the display implementations - dma-buf
which requires OpenGL support vs vfio regions which doesn't need OpenGL
(works with OpenGL enabled too) - the underlying mdev uses.
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Erik Skultety <eskultet@redhat.com>
(cherry picked from commit d54e45b6edd7623e488a19e30bc4148a21fa8b03)
https://bugzilla.redhat.com/show_bug.cgi?id=1475770
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
docs/formatdomain.html.in | 20 +++-
docs/schemas/domaincommon.rng | 5 +
src/conf/domain_conf.c | 19 +++-
src/conf/domain_conf.h | 1 +
src/qemu/qemu_domain.c | 98 ++++++++++++++++++-
.../qemuxml2argvdata/hostdev-mdev-display.xml | 39 ++++++++
.../hostdev-mdev-display.xml | 47 +++++++++
tests/qemuxml2xmltest.c | 1 +
8 files changed, 222 insertions(+), 8 deletions(-)
create mode 100644 tests/qemuxml2argvdata/hostdev-mdev-display.xml
create mode 100644 tests/qemuxml2xmloutdata/hostdev-mdev-display.xml
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 9dd22554ad..3554c3dc30 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -4510,9 +4510,23 @@
guest. Currently, <code>model='vfio-pci'</code> and
<code>model='vfio-ccw'</code> (<span class="since">Since 4.4.0</span>)
is supported. Refer <a href="drvnodedev.html#MDEV">MDEV</a> to create
- a mediated device on the host. There are also some implications on the
- usage of guest's address type depending on the <code>model</code>
- attribute, see the <code>address</code> element below.
+ a mediated device on the host.
+ <span class="since">Since 4.6.0 (QEMU 2.12)</span> an optional
+ <code>display</code> attribute may be used to enable or disable
+ support for an accelerated remote desktop backed by a mediated
+ device (such as NVIDIA vGPU or Intel GVT-g) as an alternative to
+ emulated <a href="#elementsVideo">video devices</a>. This attribute
+ is limited to <code>model='vfio-pci'</code> only. Supported values
+ are either <code>on</code> or <code>off</code> (default is 'off').
+ It is required to use a
+ <a href="#elementsGraphics">graphical framebuffer</a> in order to
+ use this attribute, currently only supported with VNC, Spice and
+ egl-headless graphics devices.
+ <p>
+ Note: There are also some implications on the usage of guest's
+ address type depending on the <code>model</code> attribute,
+ see the <code>address</code> element below.
+ </p>
</dd>
</dl>
<p>
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 157726752c..be8430ab22 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -4579,6 +4579,11 @@
<value>vfio-ccw</value>
</choice>
</attribute>
+ <optional>
+ <attribute name="display">
+ <ref name="virOnOff"/>
+ </attribute>
+ </optional>
<element name="source">
<ref name="mdevaddress"/>
</element>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 72086f9e86..830c298158 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -7656,6 +7656,7 @@ virDomainHostdevDefParseXMLSubsys(xmlNodePtr node,
char *rawio = NULL;
char *backendStr = NULL;
char *model = NULL;
+ char *display = NULL;
int backend;
int ret = -1;
virDomainHostdevSubsysPCIPtr pcisrc = &def->source.subsys.u.pci;
@@ -7675,6 +7676,7 @@ virDomainHostdevDefParseXMLSubsys(xmlNodePtr node,
sgio = virXMLPropString(node, "sgio");
rawio = virXMLPropString(node, "rawio");
model = virXMLPropString(node, "model");
+ display = virXMLPropString(node, "display");
/* @type is passed in from the caller rather than read from the
* xml document, because it is specified in different places for
@@ -7762,6 +7764,15 @@ virDomainHostdevDefParseXMLSubsys(xmlNodePtr node,
model);
goto cleanup;
}
+
+ if (display &&
+ (mdevsrc->display = virTristateSwitchTypeFromString(display)) <= 0) {
+ virReportError(VIR_ERR_XML_ERROR,
+ _("unknown value '%s' for <hostdev> attribute "
+ "'display'"),
+ display);
+ goto cleanup;
+ }
}
switch (def->source.subsys.type) {
@@ -7815,6 +7826,7 @@ virDomainHostdevDefParseXMLSubsys(xmlNodePtr node,
VIR_FREE(rawio);
VIR_FREE(backendStr);
VIR_FREE(model);
+ VIR_FREE(display);
return ret;
}
@@ -26568,9 +26580,14 @@ virDomainHostdevDefFormat(virBufferPtr buf,
virTristateBoolTypeToString(scsisrc->rawio));
}
- if (def->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV)
+ if (def->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV) {
virBufferAsprintf(buf, " model='%s'",
virMediatedDeviceModelTypeToString(mdevsrc->model));
+ if (mdevsrc->display != VIR_TRISTATE_SWITCH_ABSENT)
+ virBufferAsprintf(buf, " display='%s'",
+ virTristateSwitchTypeToString(mdevsrc->display));
+ }
+
}
virBufferAddLit(buf, ">\n");
virBufferAdjustIndent(buf, 2);
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 3deda1d978..8ca9558ceb 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -382,6 +382,7 @@ typedef struct _virDomainHostdevSubsysMediatedDev virDomainHostdevSubsysMediated
typedef virDomainHostdevSubsysMediatedDev *virDomainHostdevSubsysMediatedDevPtr;
struct _virDomainHostdevSubsysMediatedDev {
int model; /* enum virMediatedDeviceModelType */
+ int display; /* virTristateSwitch */
char uuidstr[VIR_UUID_STRING_BUFLEN]; /* mediated device's uuid string */
};
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 9498594857..5337f1ce55 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -4451,9 +4451,48 @@ qemuDomainDeviceDefValidateNetwork(const virDomainNetDef *net)
static int
-qemuDomainDeviceDefValidateHostdev(const virDomainHostdevDef *hostdev,
- const virDomainDef *def)
+qemuDomainMdevDefValidate(const virDomainHostdevSubsysMediatedDev *mdevsrc,
+ const virDomainDef *def,
+ virQEMUCapsPtr qemuCaps)
{
+ if (mdevsrc->display == VIR_TRISTATE_SWITCH_ABSENT)
+ return 0;
+
+ if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_VFIO_PCI_DISPLAY)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("display property of device vfio-pci is "
+ "not supported by this version of QEMU"));
+ return -1;
+ }
+
+ if (mdevsrc->model != VIR_MDEV_MODEL_TYPE_VFIO_PCI) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("<hostdev> attribute 'display' is only supported"
+ " with model='vfio-pci'"));
+
+ return -1;
+ }
+
+ if (mdevsrc->display == VIR_TRISTATE_SWITCH_ON) {
+ if (def->ngraphics == 0) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("graphics device is needed for attribute value "
+ "'display=on' in <hostdev>"));
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+
+static int
+qemuDomainDeviceDefValidateHostdev(const virDomainHostdevDef *hostdev,
+ const virDomainDef *def,
+ virQEMUCapsPtr qemuCaps)
+{
+ const virDomainHostdevSubsysMediatedDev *mdevsrc;
+
/* forbid capabilities mode hostdev in this kind of hypervisor */
if (hostdev->mode == VIR_DOMAIN_HOSTDEV_MODE_CAPABILITIES) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
@@ -4463,6 +4502,24 @@ qemuDomainDeviceDefValidateHostdev(const virDomainHostdevDef *hostdev,
return -1;
}
+ if (hostdev->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS) {
+ switch ((virDomainHostdevSubsysType) hostdev->source.subsys.type) {
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB:
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI:
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI:
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI_HOST:
+ break;
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV:
+ mdevsrc = &hostdev->source.subsys.u.mdev;
+ return qemuDomainMdevDefValidate(mdevsrc, def, qemuCaps);
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
+ default:
+ virReportEnumRangeError(virDomainHostdevSubsysType,
+ hostdev->source.subsys.type);
+ return -1;
+ }
+ }
+
return 0;
}
@@ -5595,7 +5652,8 @@ qemuDomainDeviceDefValidate(const virDomainDeviceDef *dev,
break;
case VIR_DOMAIN_DEVICE_HOSTDEV:
- ret = qemuDomainDeviceDefValidateHostdev(dev->data.hostdev, def);
+ ret = qemuDomainDeviceDefValidateHostdev(dev->data.hostdev, def,
+ qemuCaps);
break;
case VIR_DOMAIN_DEVICE_VIDEO:
@@ -6205,6 +6263,35 @@ qemuDomainVsockDefPostParse(virDomainVsockDefPtr vsock)
}
+static int
+qemuDomainHostdevDefMdevPostParse(virDomainHostdevSubsysMediatedDevPtr mdevsrc,
+ virQEMUCapsPtr qemuCaps)
+{
+ /* QEMU 2.12 added support for vfio-pci display type, we default to
+ * 'display=off' to stay safe from future changes */
+ if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_VFIO_PCI_DISPLAY) &&
+ mdevsrc->display == VIR_TRISTATE_SWITCH_ABSENT)
+ mdevsrc->display = VIR_TRISTATE_SWITCH_OFF;
+
+ return 0;
+}
+
+
+static int
+qemuDomainHostdevDefPostParse(virDomainHostdevDefPtr hostdev,
+ virQEMUCapsPtr qemuCaps)
+{
+ virDomainHostdevSubsysPtr subsys = &hostdev->source.subsys;
+
+ if (hostdev->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS &&
+ hostdev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV &&
+ qemuDomainHostdevDefMdevPostParse(&subsys->u.mdev, qemuCaps) < 0)
+ return -1;
+
+ return 0;
+}
+
+
static int
qemuDomainDeviceDefPostParse(virDomainDeviceDefPtr dev,
const virDomainDef *def,
@@ -6255,11 +6342,14 @@ qemuDomainDeviceDefPostParse(virDomainDeviceDefPtr dev,
ret = qemuDomainVsockDefPostParse(dev->data.vsock);
break;
+ case VIR_DOMAIN_DEVICE_HOSTDEV:
+ ret = qemuDomainHostdevDefPostParse(dev->data.hostdev, qemuCaps);
+ break;
+
case VIR_DOMAIN_DEVICE_LEASE:
case VIR_DOMAIN_DEVICE_FS:
case VIR_DOMAIN_DEVICE_INPUT:
case VIR_DOMAIN_DEVICE_SOUND:
- case VIR_DOMAIN_DEVICE_HOSTDEV:
case VIR_DOMAIN_DEVICE_WATCHDOG:
case VIR_DOMAIN_DEVICE_GRAPHICS:
case VIR_DOMAIN_DEVICE_HUB:
diff --git a/tests/qemuxml2argvdata/hostdev-mdev-display.xml b/tests/qemuxml2argvdata/hostdev-mdev-display.xml
new file mode 100644
index 0000000000..f37e08e1b9
--- /dev/null
+++ b/tests/qemuxml2argvdata/hostdev-mdev-display.xml
@@ -0,0 +1,39 @@
+<domain type='qemu'>
+ <name>QEMUGuest2</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-i686</emulator>
+ <disk type='block' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source dev='/dev/HostVG/QEMUGuest2'/>
+ <target dev='hda' bus='ide'/>
+ <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+ </disk>
+ <controller type='usb' index='0'>
+ </controller>
+ <controller type='pci' index='0' model='pci-root'/>
+ <controller type='ide' index='0'>
+ </controller>
+ <graphics type='vnc'/>
+ <hostdev mode='subsystem' type='mdev' model='vfio-pci' display='on'>
+ <source>
+ <address uuid='53764d0e-85a0-42b4-af5c-2046b460b1dc'/>
+ </source>
+ </hostdev>
+ <video>
+ <model type='qxl' heads='1'/>
+ </video>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2xmloutdata/hostdev-mdev-display.xml b/tests/qemuxml2xmloutdata/hostdev-mdev-display.xml
new file mode 100644
index 0000000000..94c11b1199
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/hostdev-mdev-display.xml
@@ -0,0 +1,47 @@
+<domain type='qemu'>
+ <name>QEMUGuest2</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-i686</emulator>
+ <disk type='block' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source dev='/dev/HostVG/QEMUGuest2'/>
+ <target dev='hda' bus='ide'/>
+ <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+ </disk>
+ <controller type='usb' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
+ </controller>
+ <controller type='pci' index='0' model='pci-root'/>
+ <controller type='ide' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
+ </controller>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <graphics type='vnc' port='-1' autoport='yes'>
+ <listen type='address'/>
+ </graphics>
+ <video>
+ <model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
+ </video>
+ <hostdev mode='subsystem' type='mdev' managed='no' model='vfio-pci' display='on'>
+ <source>
+ <address uuid='53764d0e-85a0-42b4-af5c-2046b460b1dc'/>
+ </source>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
+ </hostdev>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index fa57221d62..e418e67f6c 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -479,6 +479,7 @@ mymain(void)
DO_TEST("hostdev-pci-address", NONE);
DO_TEST("hostdev-vfio", NONE);
DO_TEST("hostdev-mdev-precreated", NONE);
+ DO_TEST("hostdev-mdev-display", QEMU_CAPS_VFIO_PCI_DISPLAY);
DO_TEST("pci-rom", NONE);
DO_TEST("pci-rom-disabled", NONE);
DO_TEST("pci-rom-disabled-invalid", NONE);
--
2.18.0

504
SOURCES/libvirt-conf-Introduce-new-video-type-none.patch Normal file
View File

@ -0,0 +1,504 @@
From 2010df9c6a8a4ff984e3f1b697398da648342953 Mon Sep 17 00:00:00 2001
Message-Id: <2010df9c6a8a4ff984e3f1b697398da648342953@dist-git>
From: Erik Skultety <eskultet@redhat.com>
Date: Thu, 19 Jul 2018 15:04:05 +0200
Subject: [PATCH] conf: Introduce new video type 'none'
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Historically, we've always enabled an emulated video device every time we
see that graphics should be supported with a guest. With the appearance
of mediated devices which can support QEMU's vfio-display capability,
users might want to use such a device as the only video device.
Therefore introduce a new, effectively a 'disable', type for video
device.
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Erik Skultety <eskultet@redhat.com>
(cherry picked from commit d48813e81af798e3027edcc2f41be2630111ba65)
https://bugzilla.redhat.com/show_bug.cgi?id=1475770
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
docs/formatdomain.html.in | 13 +++-
docs/schemas/domaincommon.rng | 1 +
src/conf/domain_conf.c | 61 +++++++++++++------
src/conf/domain_conf.h | 1 +
src/qemu/qemu_command.c | 12 +++-
src/qemu/qemu_domain.c | 2 +
src/qemu/qemu_domain_address.c | 7 ++-
tests/domaincapsschemadata/full.xml | 1 +
.../video-invalid-multiple-devices.xml | 33 ++++++++++
tests/qemuxml2argvdata/video-none-device.args | 27 ++++++++
tests/qemuxml2argvdata/video-none-device.xml | 39 ++++++++++++
tests/qemuxml2argvtest.c | 4 +-
.../qemuxml2xmloutdata/video-none-device.xml | 42 +++++++++++++
tests/qemuxml2xmltest.c | 1 +
14 files changed, 220 insertions(+), 24 deletions(-)
create mode 100644 tests/qemuxml2argvdata/video-invalid-multiple-devices.xml
create mode 100644 tests/qemuxml2argvdata/video-none-device.args
create mode 100644 tests/qemuxml2argvdata/video-none-device.xml
create mode 100644 tests/qemuxml2xmloutdata/video-none-device.xml
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 0e8f0a125f..42acf7a828 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -6666,9 +6666,18 @@ qemu-kvm -net nic,model=? /dev/null
The <code>model</code> element has a mandatory <code>type</code>
attribute which takes the value "vga", "cirrus", "vmvga", "xen",
"vbox", "qxl" (<span class="since">since 0.8.6</span>),
- "virtio" (<span class="since">since 1.3.0</span>)
- or "gop" (<span class="since">since 3.2.0</span>)
+ "virtio" (<span class="since">since 1.3.0</span>),
+ "gop" (<span class="since">since 3.2.0</span>), or
+ "none" (<span class="since">since 4.6.0</span>)
depending on the hypervisor features available.
+ The purpose of the type <code>none</code> is to instruct libvirt not
+ to add a default video device in the guest (see the paragraph above).
+ This legacy behaviour can be inconvenient in cases where GPU mediated
+ devices are meant to be the only rendering device within a guest and
+ so specifying another <code>video</code> device along with type
+ <code>none</code>.
+ Refer to <a id="elementsHostDev">Host device assignment</a> to see
+ how to add a mediated device into a guest.
</p>
<p>
You can provide the amount of video memory in kibibytes (blocks of
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index be8430ab22..ac04af51a1 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -3454,6 +3454,7 @@
<value>vbox</value>
<value>virtio</value>
<value>gop</value>
+ <value>none</value>
</choice>
</attribute>
<group>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 830c298158..23288aa01b 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -590,7 +590,8 @@ VIR_ENUM_IMPL(virDomainVideo, VIR_DOMAIN_VIDEO_TYPE_LAST,
"qxl",
"parallels",
"virtio",
- "gop")
+ "gop",
+ "none")
VIR_ENUM_IMPL(virDomainVideoVGAConf, VIR_DOMAIN_VIDEO_VGACONF_LAST,
"io",
@@ -5106,22 +5107,30 @@ virDomainDefPostParseVideo(virDomainDefPtr def,
if (def->nvideos == 0)
return 0;
- virDomainDeviceDef device = {
- .type = VIR_DOMAIN_DEVICE_VIDEO,
- .data.video = def->videos[0],
- };
+ if (def->videos[0]->type == VIR_DOMAIN_VIDEO_TYPE_NONE) {
+ /* we don't want to format any values we automatically fill in for
+ * videos into the XML, so clear them
+ */
+ virDomainVideoDefClear(def->videos[0]);
+ def->videos[0]->type = VIR_DOMAIN_VIDEO_TYPE_NONE;
+ } else {
+ virDomainDeviceDef device = {
+ .type = VIR_DOMAIN_DEVICE_VIDEO,
+ .data.video = def->videos[0],
+ };
- /* Mark the first video as primary. If the user specified
- * primary="yes", the parser already inserted the device at
- * def->videos[0]
- */
- def->videos[0]->primary = true;
+ /* Mark the first video as primary. If the user specified
+ * primary="yes", the parser already inserted the device at
+ * def->videos[0]
+ */
+ def->videos[0]->primary = true;
- /* videos[0] might have been added in AddImplicitDevices, after we've
- * done the per-device post-parse */
- if (virDomainDefPostParseDeviceIterator(def, &device,
- NULL, opaque) < 0)
- return -1;
+ /* videos[0] might have been added in AddImplicitDevices, after we've
+ * done the per-device post-parse */
+ if (virDomainDefPostParseDeviceIterator(def, &device,
+ NULL, opaque) < 0)
+ return -1;
+ }
return 0;
}
@@ -5670,13 +5679,30 @@ virDomainHostdevDefValidate(const virDomainHostdevDef *hostdev)
static int
-virDomainVideoDefValidate(const virDomainVideoDef *video)
+virDomainVideoDefValidate(const virDomainVideoDef *video,
+ const virDomainDef *def)
{
+ size_t i;
+
if (video->type == VIR_DOMAIN_VIDEO_TYPE_DEFAULT) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("missing video model and cannot determine default"));
return -1;
}
+
+ /* it doesn't make sense to pair video device type 'none' with any other
+ * types, there can be only a single video device in such case
+ */
+ for (i = 0; i < def->nvideos; i++) {
+ if (def->videos[i]->type == VIR_DOMAIN_VIDEO_TYPE_NONE &&
+ def->nvideos > 1) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("a '%s' video type must be the only video device "
+ "defined for the domain"));
+ return -1;
+ }
+ }
+
return 0;
}
@@ -5738,7 +5764,7 @@ virDomainDeviceDefValidateInternal(const virDomainDeviceDef *dev,
return virDomainHostdevDefValidate(dev->data.hostdev);
case VIR_DOMAIN_DEVICE_VIDEO:
- return virDomainVideoDefValidate(dev->data.video);
+ return virDomainVideoDefValidate(dev->data.video, def);
case VIR_DOMAIN_DEVICE_MEMORY:
return virDomainMemoryDefValidate(dev->data.memory);
@@ -15048,6 +15074,7 @@ virDomainVideoDefaultRAM(const virDomainDef *def,
case VIR_DOMAIN_VIDEO_TYPE_PARALLELS:
case VIR_DOMAIN_VIDEO_TYPE_VIRTIO:
case VIR_DOMAIN_VIDEO_TYPE_GOP:
+ case VIR_DOMAIN_VIDEO_TYPE_NONE:
case VIR_DOMAIN_VIDEO_TYPE_LAST:
default:
return 0;
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 8ca9558ceb..5e2f21dea3 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1424,6 +1424,7 @@ typedef enum {
VIR_DOMAIN_VIDEO_TYPE_PARALLELS, /* pseudo device for VNC in containers */
VIR_DOMAIN_VIDEO_TYPE_VIRTIO,
VIR_DOMAIN_VIDEO_TYPE_GOP,
+ VIR_DOMAIN_VIDEO_TYPE_NONE,
VIR_DOMAIN_VIDEO_TYPE_LAST
} virDomainVideoType;
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 1fce45134f..954265feb0 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -105,7 +105,8 @@ VIR_ENUM_IMPL(qemuVideo, VIR_DOMAIN_VIDEO_TYPE_LAST,
"qxl",
"", /* don't support parallels */
"", /* no need for virtio */
- "" /* don't support gop */);
+ "" /* don't support gop */,
+ "" /* 'none' doesn't make sense here */);
VIR_ENUM_DECL(qemuDeviceVideo)
@@ -119,7 +120,8 @@ VIR_ENUM_IMPL(qemuDeviceVideo, VIR_DOMAIN_VIDEO_TYPE_LAST,
"qxl-vga",
"", /* don't support parallels */
"virtio-vga",
- "" /* don't support gop */);
+ "" /* don't support gop */,
+ "" /* 'none' doesn't make sense here */);
VIR_ENUM_DECL(qemuDeviceVideoSecondary)
@@ -133,7 +135,8 @@ VIR_ENUM_IMPL(qemuDeviceVideoSecondary, VIR_DOMAIN_VIDEO_TYPE_LAST,
"qxl",
"", /* don't support parallels */
"virtio-gpu",
- "" /* don't support gop */);
+ "" /* don't support gop */,
+ "" /* 'none' doesn't make sense here */);
VIR_ENUM_DECL(qemuSoundCodec)
@@ -4421,6 +4424,9 @@ qemuBuildVideoCommandLine(virCommandPtr cmd,
char *str = NULL;
virDomainVideoDefPtr video = def->videos[i];
+ if (video->type == VIR_DOMAIN_VIDEO_TYPE_NONE)
+ continue;
+
if (video->primary) {
if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_VIDEO_PRIMARY)) {
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 5337f1ce55..508846116b 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -4528,6 +4528,8 @@ static int
qemuDomainDeviceDefValidateVideo(const virDomainVideoDef *video)
{
switch ((virDomainVideoType) video->type) {
+ case VIR_DOMAIN_VIDEO_TYPE_NONE:
+ return 0;
case VIR_DOMAIN_VIDEO_TYPE_XEN:
case VIR_DOMAIN_VIDEO_TYPE_VBOX:
case VIR_DOMAIN_VIDEO_TYPE_PARALLELS:
diff --git a/src/qemu/qemu_domain_address.c b/src/qemu/qemu_domain_address.c
index ab2ac022f1..e6996934b8 100644
--- a/src/qemu/qemu_domain_address.c
+++ b/src/qemu/qemu_domain_address.c
@@ -821,6 +821,7 @@ qemuDomainDeviceCalculatePCIConnectFlags(virDomainDeviceDefPtr dev,
case VIR_DOMAIN_VIDEO_TYPE_DEFAULT:
case VIR_DOMAIN_VIDEO_TYPE_GOP:
+ case VIR_DOMAIN_VIDEO_TYPE_NONE:
case VIR_DOMAIN_VIDEO_TYPE_LAST:
return 0;
}
@@ -1532,7 +1533,8 @@ qemuDomainValidateDevicePCISlotsPIIX3(virDomainDefPtr def,
goto cleanup;
}
- if (def->nvideos > 0) {
+ if (def->nvideos > 0 &&
+ def->videos[0]->type != VIR_DOMAIN_VIDEO_TYPE_NONE) {
/* Because the PIIX3 integrated IDE/USB controllers are
* already at slot 1, when qemu looks for the first free slot
* to place the VGA controller (which is always the first
@@ -1540,6 +1542,7 @@ qemuDomainValidateDevicePCISlotsPIIX3(virDomainDefPtr def,
* at slot 2.
*/
virDomainVideoDefPtr primaryVideo = def->videos[0];
+
if (virDeviceInfoPCIAddressWanted(&primaryVideo->info)) {
memset(&tmp_addr, 0, sizeof(tmp_addr));
tmp_addr.slot = 2;
@@ -2105,6 +2108,8 @@ qemuDomainAssignDevicePCISlots(virDomainDefPtr def,
/* Video devices */
for (i = 0; i < def->nvideos; i++) {
+ if (def->videos[i]->type == VIR_DOMAIN_VIDEO_TYPE_NONE)
+ continue;
if (!virDeviceInfoPCIAddressWanted(&def->videos[i]->info))
continue;
diff --git a/tests/domaincapsschemadata/full.xml b/tests/domaincapsschemadata/full.xml
index 154c4a6fe9..eafba1ae5b 100644
--- a/tests/domaincapsschemadata/full.xml
+++ b/tests/domaincapsschemadata/full.xml
@@ -74,6 +74,7 @@
<value>parallels</value>
<value>virtio</value>
<value>gop</value>
+ <value>none</value>
</enum>
</video>
<hostdev supported='yes'>
diff --git a/tests/qemuxml2argvdata/video-invalid-multiple-devices.xml b/tests/qemuxml2argvdata/video-invalid-multiple-devices.xml
new file mode 100644
index 0000000000..3f105efaae
--- /dev/null
+++ b/tests/qemuxml2argvdata/video-invalid-multiple-devices.xml
@@ -0,0 +1,33 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219100</memory>
+ <currentMemory unit='KiB'>219100</currentMemory>
+ <vcpu placement='static' cpuset='1-4,8-20,525'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-i686</emulator>
+ <disk type='block' device='disk'>
+ <source dev='/dev/HostVG/QEMUGuest1'/>
+ <target dev='hda' bus='ide'/>
+ <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+ </disk>
+ <controller type='usb' index='0'/>
+ <controller type='ide' index='0'/>
+ <controller type='pci' index='0' model='pci-root'/>
+ <video>
+ <model type='qxl'/>
+ </video>
+ <video>
+ <model type='none'/>
+ </video>
+ <memballoon model='virtio'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvdata/video-none-device.args b/tests/qemuxml2argvdata/video-none-device.args
new file mode 100644
index 0000000000..1b03c0cb97
--- /dev/null
+++ b/tests/qemuxml2argvdata/video-none-device.args
@@ -0,0 +1,27 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/home/test \
+USER=test \
+LOGNAME=test \
+QEMU_AUDIO_DRV=none \
+/usr/bin/qemu-system-i686 \
+-name QEMUGuest1 \
+-S \
+-machine pc,accel=tcg,usb=off,dump-guest-core=off \
+-m 214 \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,path=/tmp/lib/domain--1-QEMUGuest1/monitor.sock,\
+server,nowait \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-no-acpi \
+-boot c \
+-usb \
+-drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-ide0-0-0 \
+-device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 \
+-vnc 127.0.0.1:0 \
+-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3
diff --git a/tests/qemuxml2argvdata/video-none-device.xml b/tests/qemuxml2argvdata/video-none-device.xml
new file mode 100644
index 0000000000..4b591562b7
--- /dev/null
+++ b/tests/qemuxml2argvdata/video-none-device.xml
@@ -0,0 +1,39 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-i686</emulator>
+ <disk type='block' device='disk'>
+ <source dev='/dev/HostVG/QEMUGuest1'/>
+ <target dev='hda' bus='ide'/>
+ <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+ </disk>
+ <controller type='usb' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
+ </controller>
+ <controller type='ide' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
+ </controller>
+ <controller type='pci' index='0' model='pci-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <graphics type='vnc'/>
+ <video>
+ <model type='none'/>
+ </video>
+ <memballoon model='virtio'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
+ </memballoon>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 9237a4fb89..3cff4ffb5e 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1998,7 +1998,9 @@ mymain(void)
QEMU_CAPS_DEVICE_VIRTIO_VGA,
QEMU_CAPS_DEVICE_VIDEO_PRIMARY,
QEMU_CAPS_VIRTIO_GPU_MAX_OUTPUTS);
- DO_TEST_PARSE_ERROR("video-invalid", NONE);
+ DO_TEST("video-none-device",
+ QEMU_CAPS_VNC);
+ DO_TEST_PARSE_ERROR("video-invalid-multiple-devices", NONE);
DO_TEST("virtio-rng-default",
QEMU_CAPS_DEVICE_VIRTIO_RNG,
diff --git a/tests/qemuxml2xmloutdata/video-none-device.xml b/tests/qemuxml2xmloutdata/video-none-device.xml
new file mode 100644
index 0000000000..6e76b394fe
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/video-none-device.xml
@@ -0,0 +1,42 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-i686</emulator>
+ <disk type='block' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source dev='/dev/HostVG/QEMUGuest1'/>
+ <target dev='hda' bus='ide'/>
+ <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+ </disk>
+ <controller type='usb' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
+ </controller>
+ <controller type='ide' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
+ </controller>
+ <controller type='pci' index='0' model='pci-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <graphics type='vnc' port='-1' autoport='yes'>
+ <listen type='address'/>
+ </graphics>
+ <video>
+ <model type='none'/>
+ </video>
+ <memballoon model='virtio'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
+ </memballoon>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index e418e67f6c..e35644d479 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -1145,6 +1145,7 @@ mymain(void)
QEMU_CAPS_VIRTIO_GPU_MAX_OUTPUTS,
QEMU_CAPS_VNC,
QEMU_CAPS_DEVICE_VIRTIO_GPU_CCW);
+ DO_TEST("video-none-device", NONE);
DO_TEST("intel-iommu",
QEMU_CAPS_DEVICE_INTEL_IOMMU);
--
2.18.0

210
SOURCES/libvirt-conf-Introduce-virDomainDefPostParseMemtune.patch Normal file
View File

@ -0,0 +1,210 @@
From cb0d627bf064a14c83f3d34e8b73d77ed1733843 Mon Sep 17 00:00:00 2001
Message-Id: <cb0d627bf064a14c83f3d34e8b73d77ed1733843@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Mon, 13 Aug 2018 19:21:54 +0200
Subject: [PATCH] conf: Introduce virDomainDefPostParseMemtune
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Previously we were ignoring "nodeset" attribute for hugepage pages
if there was no guest NUMA topology configured in the domain XML.
Commit <fa6bdf6afa878b8d7c5ed71664ee72be8967cdc5> partially fixed
that issue but it introduced a somehow valid regression.
In case that there is no guest NUMA topology configured and the
"nodeset" attribute is set to "0" it was accepted and was working
properly even though it was not completely valid XML.
This patch introduces a workaround that it will ignore the nodeset="0"
only in case that there is no guest NUMA topology in order not to
hit the validation error.
After this commit the following XML configuration is valid:
<memoryBacking>
<hugepages>
<page size='2048' unit='KiB' nodeset='0'/>
</hugepages>
</memoryBacking>
but this configuration remains invalid:
<memoryBacking>
<hugepages>
<page size='2048' unit='KiB' nodeset='0'/>
<page size='1048576' unit='KiB'/>
</hugepages>
</memoryBacking>
The issue with the second configuration is that it was originally
working, however changing the order of the <page> elements resolved
into using different page size for the guest. The code is written
in a way that it expect only one page configured and always uses only
the first page in case that there is no guest NUMA topology configured.
See qemuBuildMemPathStr() function for details.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1591235
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
(cherry picked from commit 0a476f152150f62306f9f8d124aa44e4adb9158c)
Conflicts:
tests/qemuxml2argvdata/hugepages-nodeset.args
- missing upstream commit <caccbba64a>
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1615461
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/conf/domain_conf.c | 27 +++++++++++++++++
tests/qemuxml2argvdata/hugepages-nodeset.args | 26 ++++++++++++++++
tests/qemuxml2argvtest.c | 2 +-
.../qemuxml2xmloutdata/hugepages-nodeset.xml | 30 +++++++++++++++++++
tests/qemuxml2xmltest.c | 1 +
5 files changed, 85 insertions(+), 1 deletion(-)
create mode 100644 tests/qemuxml2argvdata/hugepages-nodeset.args
create mode 100644 tests/qemuxml2xmloutdata/hugepages-nodeset.xml
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 98e833c5bb..8a43e607e9 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -4088,6 +4088,31 @@ virDomainDefPostParseMemory(virDomainDefPtr def,
}
+static void
+virDomainDefPostParseMemtune(virDomainDefPtr def)
+{
+ size_t i;
+
+ if (virDomainNumaGetNodeCount(def->numa) == 0) {
+ /* If guest NUMA is not configured and any hugepage page has nodemask
+ * set to "0" free and clear that nodemas, otherwise we would rise
+ * an error that there is no guest NUMA node configured. */
+ for (i = 0; i < def->mem.nhugepages; i++) {
+ ssize_t nextBit;
+
+ if (!def->mem.hugepages[i].nodemask)
+ continue;
+
+ nextBit = virBitmapNextSetBit(def->mem.hugepages[i].nodemask, 0);
+ if (nextBit < 0) {
+ virBitmapFree(def->mem.hugepages[i].nodemask);
+ def->mem.hugepages[i].nodemask = NULL;
+ }
+ }
+ }
+}
+
+
static int
virDomainDefAddConsoleCompat(virDomainDefPtr def)
{
@@ -5155,6 +5180,8 @@ virDomainDefPostParseCommon(virDomainDefPtr def,
if (virDomainDefPostParseMemory(def, data->parseFlags) < 0)
return -1;
+ virDomainDefPostParseMemtune(def);
+
if (virDomainDefRejectDuplicateControllers(def) < 0)
return -1;
diff --git a/tests/qemuxml2argvdata/hugepages-nodeset.args b/tests/qemuxml2argvdata/hugepages-nodeset.args
new file mode 100644
index 0000000000..d094be1252
--- /dev/null
+++ b/tests/qemuxml2argvdata/hugepages-nodeset.args
@@ -0,0 +1,26 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/home/test \
+USER=test \
+LOGNAME=test \
+QEMU_AUDIO_DRV=none \
+/usr/bin/qemu-system-i686 \
+-name SomeDummyHugepagesGuest \
+-S \
+-machine pc,accel=tcg,usb=off,dump-guest-core=off \
+-m 1024 \
+-mem-prealloc \
+-mem-path /dev/hugepages2M/libvirt/qemu/-1-SomeDummyHugepagesGu \
+-smp 2,sockets=2,cores=1,threads=1 \
+-uuid ef1bdff4-27f3-4e85-a807-5fb4d58463cc \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,\
+path=/tmp/lib/domain--1-SomeDummyHugepagesGu/monitor.sock,server,nowait \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-no-acpi \
+-boot c \
+-usb
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index f82bca2637..e6c0120670 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -960,7 +960,7 @@ mymain(void)
DO_TEST("hugepages-default-2M", NONE);
DO_TEST("hugepages-default-system-size", NONE);
DO_TEST_PARSE_ERROR("hugepages-default-1G-nodeset-2M", NONE);
- DO_TEST_PARSE_ERROR("hugepages-nodeset", NONE);
+ DO_TEST("hugepages-nodeset", NONE);
DO_TEST_PARSE_ERROR("hugepages-nodeset-nonexist",
QEMU_CAPS_DEVICE_PC_DIMM,
QEMU_CAPS_OBJECT_MEMORY_FILE,
diff --git a/tests/qemuxml2xmloutdata/hugepages-nodeset.xml b/tests/qemuxml2xmloutdata/hugepages-nodeset.xml
new file mode 100644
index 0000000000..ac219a7800
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/hugepages-nodeset.xml
@@ -0,0 +1,30 @@
+<domain type='qemu'>
+ <name>SomeDummyHugepagesGuest</name>
+ <uuid>ef1bdff4-27f3-4e85-a807-5fb4d58463cc</uuid>
+ <memory unit='KiB'>1048576</memory>
+ <currentMemory unit='KiB'>1048576</currentMemory>
+ <memoryBacking>
+ <hugepages>
+ <page size='2048' unit='KiB'/>
+ </hugepages>
+ </memoryBacking>
+ <vcpu placement='static'>2</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-i686</emulator>
+ <controller type='usb' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
+ </controller>
+ <controller type='pci' index='0' model='pci-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index aa543e9e51..b76410b2c1 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -336,6 +336,7 @@ mymain(void)
DO_TEST("hugepages-default", NONE);
DO_TEST("hugepages-default-2M", NONE);
DO_TEST("hugepages-default-system-size", NONE);
+ DO_TEST("hugepages-nodeset", NONE);
DO_TEST("hugepages-numa-default-2M", NONE);
DO_TEST("hugepages-numa-default-dimm", NONE);
DO_TEST("hugepages-numa-nodeset", NONE);
--
2.18.0

89
SOURCES/libvirt-conf-Introduce-virDomainDefPostParseVideo-helper.patch Normal file
View File

@ -0,0 +1,89 @@
From 2f954b30573d57ab0b5d68364afa6168d00ca3e6 Mon Sep 17 00:00:00 2001
Message-Id: <2f954b30573d57ab0b5d68364afa6168d00ca3e6@dist-git>
From: Erik Skultety <eskultet@redhat.com>
Date: Thu, 19 Jul 2018 15:03:52 +0200
Subject: [PATCH] conf: Introduce virDomainDefPostParseVideo helper
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Move the video post parse bits into a separate helper as the logic is
going to be extended in the future.
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
(cherry picked from commit 75aa179ad68f5845955128b9f047a43c8e5c9066)
https://bugzilla.redhat.com/show_bug.cgi?id=1475770
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/conf/domain_conf.c | 45 ++++++++++++++++++++++++++++--------------
1 file changed, 30 insertions(+), 15 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index d23b2861ef..db8e17dac4 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -5097,6 +5097,34 @@ virDomainDefBootOrderPostParse(virDomainDefPtr def)
}
+static int
+virDomainDefPostParseVideo(virDomainDefPtr def,
+ void *opaque)
+{
+ if (def->nvideos == 0)
+ return 0;
+
+ virDomainDeviceDef device = {
+ .type = VIR_DOMAIN_DEVICE_VIDEO,
+ .data.video = def->videos[0],
+ };
+
+ /* Mark the first video as primary. If the user specified
+ * primary="yes", the parser already inserted the device at
+ * def->videos[0]
+ */
+ def->videos[0]->primary = true;
+
+ /* videos[0] might have been added in AddImplicitDevices, after we've
+ * done the per-device post-parse */
+ if (virDomainDefPostParseDeviceIterator(def, &device,
+ NULL, opaque) < 0)
+ return -1;
+
+ return 0;
+}
+
+
static int
virDomainDefPostParseCommon(virDomainDefPtr def,
struct virDomainDefPostParseDeviceIteratorData *data)
@@ -5133,21 +5161,8 @@ virDomainDefPostParseCommon(virDomainDefPtr def,
if (virDomainDefAddImplicitDevices(def) < 0)
return -1;
- if (def->nvideos != 0) {
- virDomainDeviceDef device = {
- .type = VIR_DOMAIN_DEVICE_VIDEO,
- .data.video = def->videos[0],
- };
-
- /* Mark the first video as primary. If the user specified primary="yes",
- * the parser already inserted the device at def->videos[0] */
- def->videos[0]->primary = true;
-
- /* videos[0] might have been added in AddImplicitDevices, after we've
- * done the per-device post-parse */
- if (virDomainDefPostParseDeviceIterator(def, &device, NULL, data) < 0)
- return -1;
- }
+ if (virDomainDefPostParseVideo(def, data) < 0)
+ return -1;
if (def->nserials != 0) {
virDomainDeviceDef device = {
--
2.18.0

105
SOURCES/libvirt-conf-Introduce-virDomainGraphicsDefHasOpenGL-helper.patch Normal file
View File

@ -0,0 +1,105 @@
From e6b37b93dd6e7ec133378aec04dd9c96e0ab57cb Mon Sep 17 00:00:00 2001
Message-Id: <e6b37b93dd6e7ec133378aec04dd9c96e0ab57cb@dist-git>
From: Erik Skultety <eskultet@redhat.com>
Date: Thu, 19 Jul 2018 15:04:00 +0200
Subject: [PATCH] conf: Introduce virDomainGraphicsDefHasOpenGL helper
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
A simple helper which will loop through all the graphics elements and
checks whether at least one of them enables OpenGL support, either by
containing <gl enable='yes'/> or being of type 'egl-headless'.
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 425329181f1db19f34a8ffffc1da9afa7f323f13)
https://bugzilla.redhat.com/show_bug.cgi?id=1475770
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/conf/domain_conf.c | 43 ++++++++++++++++++++++++++++++++++++++++
src/conf/domain_conf.h | 3 +++
src/libvirt_private.syms | 1 +
3 files changed, 47 insertions(+)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index fa4dfafcff..08654ab41d 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -30284,3 +30284,46 @@ virDomainDefHasManagedPR(const virDomainDef *def)
return false;
}
+
+
+/**
+ * virDomainGraphicsDefHasOpenGL:
+ * @def: domain definition
+ *
+ * Returns true if a domain config contains at least one <graphics> element
+ * with OpenGL support enabled, false otherwise.
+ */
+bool
+virDomainGraphicsDefHasOpenGL(const virDomainDef *def)
+{
+ size_t i;
+
+ for (i = 0; i < def->ngraphics; i++) {
+ virDomainGraphicsDefPtr graphics = def->graphics[i];
+
+ /* we only care about OpenGL support for a given type here */
+ switch (graphics->type) {
+ case VIR_DOMAIN_GRAPHICS_TYPE_VNC:
+ case VIR_DOMAIN_GRAPHICS_TYPE_RDP:
+ case VIR_DOMAIN_GRAPHICS_TYPE_DESKTOP:
+ continue;
+ case VIR_DOMAIN_GRAPHICS_TYPE_SDL:
+ if (graphics->data.sdl.gl == VIR_TRISTATE_BOOL_YES)
+ return true;
+
+ continue;
+ case VIR_DOMAIN_GRAPHICS_TYPE_SPICE:
+ if (graphics->data.spice.gl == VIR_TRISTATE_BOOL_YES)
+ return true;
+
+ continue;
+ case VIR_DOMAIN_GRAPHICS_TYPE_EGL_HEADLESS:
+ return true;
+
+ case VIR_DOMAIN_GRAPHICS_TYPE_LAST:
+ break;
+ }
+ }
+
+ return false;
+}
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 26f75b15d0..3deda1d978 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -3642,4 +3642,7 @@ virDomainDiskGetDetectZeroesMode(virDomainDiskDiscard discard,
bool
virDomainDefHasManagedPR(const virDomainDef *def);
+bool
+virDomainGraphicsDefHasOpenGL(const virDomainDef *def);
+
#endif /* __DOMAIN_CONF_H */
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 5bd08d3f67..86846f3b08 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -368,6 +368,7 @@ virDomainGetFilesystemForTarget;
virDomainGraphicsAuthConnectedTypeFromString;
virDomainGraphicsAuthConnectedTypeToString;
virDomainGraphicsDefFree;
+virDomainGraphicsDefHasOpenGL;
virDomainGraphicsGetListen;
virDomainGraphicsListenAppendAddress;
virDomainGraphicsListenAppendSocket;
--
2.18.0

84
SOURCES/libvirt-conf-Introduce-virDomainVideoDefClear-helper.patch Normal file
View File

@ -0,0 +1,84 @@
From f60ad6c8636b58d8559963aaf2e445bb4dd3db63 Mon Sep 17 00:00:00 2001
Message-Id: <f60ad6c8636b58d8559963aaf2e445bb4dd3db63@dist-git>
From: Erik Skultety <eskultet@redhat.com>
Date: Thu, 19 Jul 2018 15:03:51 +0200
Subject: [PATCH] conf: Introduce virDomainVideoDefClear helper
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Future patches rely on the ability to reset the contents of the
virDomainVideoDef structure rather than re-allocating it.
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
(cherry picked from commit f317b1e5c57291644c841cb620eda86dac8642a1)
https://bugzilla.redhat.com/show_bug.cgi?id=1475770
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/conf/domain_conf.c | 14 +++++++++++++-
src/conf/domain_conf.h | 1 +
src/libvirt_private.syms | 1 +
3 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 70eb45f03a..d23b2861ef 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -2538,7 +2538,8 @@ virDomainVideoDefNew(void)
}
-void virDomainVideoDefFree(virDomainVideoDefPtr def)
+void
+virDomainVideoDefClear(virDomainVideoDefPtr def)
{
if (!def)
return;
@@ -2548,6 +2549,17 @@ void virDomainVideoDefFree(virDomainVideoDefPtr def)
VIR_FREE(def->accel);
VIR_FREE(def->virtio);
VIR_FREE(def->driver);
+
+ memset(def, 0, sizeof(*def));
+}
+
+
+void virDomainVideoDefFree(virDomainVideoDefPtr def)
+{
+ if (!def)
+ return;
+
+ virDomainVideoDefClear(def);
VIR_FREE(def);
}
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 41d27482fb..1fc1734bcc 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2884,6 +2884,7 @@ void virDomainNVRAMDefFree(virDomainNVRAMDefPtr def);
void virDomainWatchdogDefFree(virDomainWatchdogDefPtr def);
virDomainVideoDefPtr virDomainVideoDefNew(void);
void virDomainVideoDefFree(virDomainVideoDefPtr def);
+void virDomainVideoDefClear(virDomainVideoDefPtr def);
virDomainHostdevDefPtr virDomainHostdevDefNew(void);
void virDomainHostdevDefClear(virDomainHostdevDefPtr def);
void virDomainHostdevDefFree(virDomainHostdevDefPtr def);
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 5499a368c0..5bd08d3f67 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -567,6 +567,7 @@ virDomainTPMModelTypeToString;
virDomainUSBDeviceDefForeach;
virDomainVideoDefaultRAM;
virDomainVideoDefaultType;
+virDomainVideoDefClear;
virDomainVideoDefFree;
virDomainVideoDefNew;
virDomainVideoTypeFromString;
--
2.18.0

122
SOURCES/libvirt-conf-Move-VFIO-AP-validation-from-post-parse-to-QEMU-validation-code.patch Normal file
View File

@ -0,0 +1,122 @@
From 680d10a61dfab864b5e1bca9e1f197ae06e62d87 Mon Sep 17 00:00:00 2001
Message-Id: <680d10a61dfab864b5e1bca9e1f197ae06e62d87@dist-git>
From: Erik Skultety <eskultet@redhat.com>
Date: Fri, 30 Nov 2018 15:49:26 +0100
Subject: [PATCH] conf: Move VFIO AP validation from post parse to QEMU
validation code
VFIO AP has a limitation on a single device per domain, however, when
commit 11708641 added the support for vfio-ap, check for this limitation
was performed as part of the post parse code. Generally, checks like that
should be performed within the driver's validation callback to eliminate
any slight chance of failing in post parse, which could potentially
result in the domain XML config vanishing.
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
(cherry picked from commit 25dde373730545894f60ce5b1497f19d61714c69)
https://bugzilla.redhat.com/show_bug.cgi?id=1508146
Signed-off-by: Pino Toscano <ptoscano@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
src/conf/domain_conf.c | 28 ----------------------------
src/qemu/qemu_domain.c | 28 +++++++++++++++++++++++++++-
2 files changed, 27 insertions(+), 29 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index ea7152eb94..e013e9f0c5 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -4325,31 +4325,6 @@ virDomainDefPostParseGraphics(virDomainDef *def)
}
-static int
-virDomainDefPostParseHostdev(virDomainDefPtr def)
-{
- size_t i;
- bool vfioap_found = false;
-
- /* verify settings of hostdevs vfio-ap */
- for (i = 0; i < def->nhostdevs; i++) {
- virDomainHostdevDefPtr hostdev = def->hostdevs[i];
-
- if (virHostdevIsMdevDevice(hostdev) &&
- hostdev->source.subsys.u.mdev.model == VIR_MDEV_MODEL_TYPE_VFIO_AP) {
- if (vfioap_found) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("Only one hostdev of model vfio-ap is "
- "supported"));
- return -1;
- }
- vfioap_found = true;
- }
- }
- return 0;
-}
-
-
/**
* virDomainDriveAddressIsUsedByDisk:
* @def: domain definition containing the disks to check
@@ -5262,9 +5237,6 @@ virDomainDefPostParseCommon(virDomainDefPtr def,
virDomainDefPostParseGraphics(def);
- if (virDomainDefPostParseHostdev(def) < 0)
- return -1;
-
if (virDomainDefPostParseCPU(def) < 0)
return -1;
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 4898d58733..08f479fa1d 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -4486,6 +4486,32 @@ qemuDomainMdevDefVFIOPCIValidate(const virDomainHostdevSubsysMediatedDev *dev,
}
+static int
+qemuDomainMdevDefVFIOAPValidate(const virDomainDef *def)
+{
+ size_t i;
+ bool vfioap_found = false;
+
+ /* VFIO-AP is restricted to a single mediated device only */
+ for (i = 0; i < def->nhostdevs; i++) {
+ virDomainHostdevDefPtr hostdev = def->hostdevs[i];
+
+ if (virHostdevIsMdevDevice(hostdev) &&
+ hostdev->source.subsys.u.mdev.model == VIR_MDEV_MODEL_TYPE_VFIO_AP) {
+ if (vfioap_found) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Only one hostdev of model vfio-ap is "
+ "supported"));
+ return -1;
+ }
+ vfioap_found = true;
+ }
+ }
+
+ return 0;
+}
+
+
static int
qemuDomainMdevDefValidate(const virDomainHostdevSubsysMediatedDev *mdevsrc,
const virDomainDef *def,
@@ -4495,7 +4521,7 @@ qemuDomainMdevDefValidate(const virDomainHostdevSubsysMediatedDev *mdevsrc,
case VIR_MDEV_MODEL_TYPE_VFIO_PCI:
return qemuDomainMdevDefVFIOPCIValidate(mdevsrc, def, qemuCaps);
case VIR_MDEV_MODEL_TYPE_VFIO_AP:
- break;
+ return qemuDomainMdevDefVFIOAPValidate(def);
case VIR_MDEV_MODEL_TYPE_VFIO_CCW:
break;
case VIR_MDEV_MODEL_TYPE_LAST:
--
2.19.2

247
SOURCES/libvirt-conf-Move-hugepage-XML-validation-check-out-of-qemu_command.patch Normal file
View File

@ -0,0 +1,247 @@
From d1a499f071b2a223641d2e4f0783eda1ad67d1ae Mon Sep 17 00:00:00 2001
Message-Id: <d1a499f071b2a223641d2e4f0783eda1ad67d1ae@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Mon, 13 Aug 2018 19:21:52 +0200
Subject: [PATCH] conf: Move hugepage XML validation check out of qemu_command
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
We can safely validate the hugepage nodeset attribute at a define time.
This validation is not done for already existing domains when the daemon
is restarted.
All the changes to the tests are necessary because we move the error
from domain start into XML parse.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
(cherry picked from commit 5c93dfb46d9dff623707994f115b6bd7ca4f0682)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1615461
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/conf/domain_conf.c | 32 +++++++++++++++++
src/qemu/qemu_command.c | 34 -------------------
.../seclabel-dynamic-none-relabel.xml | 2 +-
tests/qemuxml2argvtest.c | 18 +++++-----
.../hugepages-default-1G-nodeset-2M.xml | 1 -
.../qemuxml2xmloutdata/hugepages-nodeset.xml | 1 -
.../hugepages-numa-nodeset-nonexist.xml | 1 -
.../seclabel-dynamic-none-relabel.xml | 2 +-
tests/qemuxml2xmltest.c | 3 --
9 files changed, 43 insertions(+), 51 deletions(-)
delete mode 120000 tests/qemuxml2xmloutdata/hugepages-default-1G-nodeset-2M.xml
delete mode 120000 tests/qemuxml2xmloutdata/hugepages-nodeset.xml
delete mode 120000 tests/qemuxml2xmloutdata/hugepages-numa-nodeset-nonexist.xml
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index a05aad056d..280bbdf35c 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -6142,6 +6142,35 @@ virDomainDefLifecycleActionValidate(const virDomainDef *def)
}
+static int
+virDomainDefMemtuneValidate(const virDomainDef *def)
+{
+ const virDomainMemtune *mem = &(def->mem);
+ size_t i;
+ ssize_t pos = virDomainNumaGetNodeCount(def->numa) - 1;
+
+ for (i = 0; i < mem->nhugepages; i++) {
+ ssize_t nextBit;
+
+ if (!mem->hugepages[i].nodemask) {
+ /* This is the master hugepage to use. Skip it as it has no
+ * nodemask anyway. */
+ continue;
+ }
+
+ nextBit = virBitmapNextSetBit(mem->hugepages[i].nodemask, pos);
+ if (nextBit >= 0) {
+ virReportError(VIR_ERR_XML_DETAIL,
+ _("hugepages: node %zd not found"),
+ nextBit);
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+
static int
virDomainDefValidateInternal(const virDomainDef *def)
{
@@ -6177,6 +6206,9 @@ virDomainDefValidateInternal(const virDomainDef *def)
if (virDomainDefLifecycleActionValidate(def) < 0)
return -1;
+ if (virDomainDefMemtuneValidate(def) < 0)
+ return -1;
+
return 0;
}
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 954265feb0..f2b64ed720 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -7482,16 +7482,6 @@ qemuBuildMemPathStr(virQEMUDriverConfigPtr cfg,
if (!def->mem.nhugepages)
return 0;
- if (def->mem.hugepages[0].nodemask) {
- ssize_t next_bit = virBitmapNextSetBit(def->mem.hugepages[0].nodemask, -1);
- if (next_bit >= 0) {
- virReportError(VIR_ERR_XML_DETAIL,
- _("hugepages: node %zd not found"),
- next_bit);
- return -1;
- }
- }
-
/* There is one special case: if user specified "huge"
* pages of regular system pages size.
* And there is nothing to do in this case.
@@ -7624,30 +7614,6 @@ qemuBuildNumaArgStr(virQEMUDriverConfigPtr cfg,
if (!virDomainNumatuneNodesetIsAvailable(def->numa, priv->autoNodeset))
goto cleanup;
- for (i = 0; i < def->mem.nhugepages; i++) {
- ssize_t next_bit, pos = 0;
-
- if (!def->mem.hugepages[i].nodemask) {
- /* This is the master hugepage to use. Skip it as it has no
- * nodemask anyway. */
- continue;
- }
-
- if (ncells) {
- /* Fortunately, we allow only guest NUMA nodes to be continuous
- * starting from zero. */
- pos = ncells - 1;
- }
-
- next_bit = virBitmapNextSetBit(def->mem.hugepages[i].nodemask, pos);
- if (next_bit >= 0) {
- virReportError(VIR_ERR_XML_DETAIL,
- _("hugepages: node %zd not found"),
- next_bit);
- goto cleanup;
- }
- }
-
if (VIR_ALLOC_N(nodeBackends, ncells) < 0)
goto cleanup;
diff --git a/tests/qemuxml2argvdata/seclabel-dynamic-none-relabel.xml b/tests/qemuxml2argvdata/seclabel-dynamic-none-relabel.xml
index 47f253b5f7..e954250009 100644
--- a/tests/qemuxml2argvdata/seclabel-dynamic-none-relabel.xml
+++ b/tests/qemuxml2argvdata/seclabel-dynamic-none-relabel.xml
@@ -5,7 +5,7 @@
<currentMemory unit='KiB'>262144</currentMemory>
<memoryBacking>
<hugepages>
- <page size='2048' unit='KiB' nodeset='0'/>
+ <page size='2048' unit='KiB'/>
</hugepages>
</memoryBacking>
<vcpu placement='static'>4</vcpu>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index bd5fdf9412..f82bca2637 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -959,12 +959,12 @@ mymain(void)
DO_TEST("hugepages-default", NONE);
DO_TEST("hugepages-default-2M", NONE);
DO_TEST("hugepages-default-system-size", NONE);
- DO_TEST("hugepages-default-1G-nodeset-2M", NONE);
- DO_TEST_FAILURE("hugepages-nodeset", NONE);
- DO_TEST_FAILURE("hugepages-nodeset-nonexist",
- QEMU_CAPS_DEVICE_PC_DIMM,
- QEMU_CAPS_OBJECT_MEMORY_FILE,
- QEMU_CAPS_OBJECT_MEMORY_FILE_DISCARD);
+ DO_TEST_PARSE_ERROR("hugepages-default-1G-nodeset-2M", NONE);
+ DO_TEST_PARSE_ERROR("hugepages-nodeset", NONE);
+ DO_TEST_PARSE_ERROR("hugepages-nodeset-nonexist",
+ QEMU_CAPS_DEVICE_PC_DIMM,
+ QEMU_CAPS_OBJECT_MEMORY_FILE,
+ QEMU_CAPS_OBJECT_MEMORY_FILE_DISCARD);
DO_TEST("hugepages-numa-default",
QEMU_CAPS_OBJECT_MEMORY_FILE);
DO_TEST("hugepages-numa-default-2M",
@@ -979,9 +979,9 @@ mymain(void)
DO_TEST("hugepages-numa-nodeset-part",
QEMU_CAPS_OBJECT_MEMORY_RAM,
QEMU_CAPS_OBJECT_MEMORY_FILE);
- DO_TEST_FAILURE("hugepages-numa-nodeset-nonexist",
- QEMU_CAPS_OBJECT_MEMORY_RAM,
- QEMU_CAPS_OBJECT_MEMORY_FILE);
+ DO_TEST_PARSE_ERROR("hugepages-numa-nodeset-nonexist",
+ QEMU_CAPS_OBJECT_MEMORY_RAM,
+ QEMU_CAPS_OBJECT_MEMORY_FILE);
DO_TEST("hugepages-shared",
QEMU_CAPS_OBJECT_MEMORY_RAM,
QEMU_CAPS_OBJECT_MEMORY_FILE);
diff --git a/tests/qemuxml2xmloutdata/hugepages-default-1G-nodeset-2M.xml b/tests/qemuxml2xmloutdata/hugepages-default-1G-nodeset-2M.xml
deleted file mode 120000
index 3d8eb7616e..0000000000
--- a/tests/qemuxml2xmloutdata/hugepages-default-1G-nodeset-2M.xml
+++ /dev/null
@@ -1 +0,0 @@
-../qemuxml2argvdata/hugepages-default-1G-nodeset-2M.xml
\ No newline at end of file
diff --git a/tests/qemuxml2xmloutdata/hugepages-nodeset.xml b/tests/qemuxml2xmloutdata/hugepages-nodeset.xml
deleted file mode 120000
index b55838b780..0000000000
--- a/tests/qemuxml2xmloutdata/hugepages-nodeset.xml
+++ /dev/null
@@ -1 +0,0 @@
-../qemuxml2argvdata/hugepages-nodeset.xml
\ No newline at end of file
diff --git a/tests/qemuxml2xmloutdata/hugepages-numa-nodeset-nonexist.xml b/tests/qemuxml2xmloutdata/hugepages-numa-nodeset-nonexist.xml
deleted file mode 120000
index d490edca69..0000000000
--- a/tests/qemuxml2xmloutdata/hugepages-numa-nodeset-nonexist.xml
+++ /dev/null
@@ -1 +0,0 @@
-../qemuxml2argvdata/hugepages-numa-nodeset-nonexist.xml
\ No newline at end of file
diff --git a/tests/qemuxml2xmloutdata/seclabel-dynamic-none-relabel.xml b/tests/qemuxml2xmloutdata/seclabel-dynamic-none-relabel.xml
index 050967b4ee..bfa66b8deb 100644
--- a/tests/qemuxml2xmloutdata/seclabel-dynamic-none-relabel.xml
+++ b/tests/qemuxml2xmloutdata/seclabel-dynamic-none-relabel.xml
@@ -5,7 +5,7 @@
<currentMemory unit='KiB'>262144</currentMemory>
<memoryBacking>
<hugepages>
- <page size='2048' unit='KiB' nodeset='0'/>
+ <page size='2048' unit='KiB'/>
</hugepages>
</memoryBacking>
<vcpu placement='static'>4</vcpu>
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index acbe2f7133..aa543e9e51 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -336,13 +336,10 @@ mymain(void)
DO_TEST("hugepages-default", NONE);
DO_TEST("hugepages-default-2M", NONE);
DO_TEST("hugepages-default-system-size", NONE);
- DO_TEST("hugepages-default-1G-nodeset-2M", NONE);
- DO_TEST("hugepages-nodeset", NONE);
DO_TEST("hugepages-numa-default-2M", NONE);
DO_TEST("hugepages-numa-default-dimm", NONE);
DO_TEST("hugepages-numa-nodeset", NONE);
DO_TEST("hugepages-numa-nodeset-part", NONE);
- DO_TEST("hugepages-numa-nodeset-nonexist", NONE);
DO_TEST("hugepages-shared", NONE);
DO_TEST("hugepages-memaccess", NONE);
DO_TEST("hugepages-memaccess2", NONE);
--
2.18.0

126
SOURCES/libvirt-conf-Move-hugepages-validation-out-of-XML-parser.patch Normal file
View File

@ -0,0 +1,126 @@
From a4ddc9b4213809cbab4abce609441975ae433dae Mon Sep 17 00:00:00 2001
Message-Id: <a4ddc9b4213809cbab4abce609441975ae433dae@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Mon, 13 Aug 2018 19:21:53 +0200
Subject: [PATCH] conf: Move hugepages validation out of XML parser
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
(cherry picked from commit 82327038390bfae117dc6e1d9062e38901cd4c97)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1615461
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/conf/domain_conf.c | 75 ++++++++++++++++++++++--------------------
1 file changed, 40 insertions(+), 35 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 280bbdf35c..98e833c5bb 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -6149,9 +6149,49 @@ virDomainDefMemtuneValidate(const virDomainDef *def)
size_t i;
ssize_t pos = virDomainNumaGetNodeCount(def->numa) - 1;
+ if (mem->nhugepages == 0)
+ return 0;
+
+ if (mem->allocation == VIR_DOMAIN_MEMORY_ALLOCATION_ONDEMAND) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("hugepages are not allowed with memory "
+ "allocation ondemand"));
+ return -1;
+ }
+
+ if (mem->source == VIR_DOMAIN_MEMORY_SOURCE_ANONYMOUS) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("hugepages are not allowed with anonymous "
+ "memory source"));
+ return -1;
+ }
+
for (i = 0; i < mem->nhugepages; i++) {
+ size_t j;
ssize_t nextBit;
+ for (j = 0; j < i; j++) {
+ if (mem->hugepages[i].nodemask &&
+ mem->hugepages[j].nodemask &&
+ virBitmapOverlaps(mem->hugepages[i].nodemask,
+ mem->hugepages[j].nodemask)) {
+ virReportError(VIR_ERR_XML_DETAIL,
+ _("nodeset attribute of hugepages "
+ "of sizes %llu and %llu intersect"),
+ mem->hugepages[i].size,
+ mem->hugepages[j].size);
+ return -1;
+ } else if (!mem->hugepages[i].nodemask &&
+ !mem->hugepages[j].nodemask) {
+ virReportError(VIR_ERR_XML_DETAIL,
+ _("two master hugepages detected: "
+ "%llu and %llu"),
+ mem->hugepages[i].size,
+ mem->hugepages[j].size);
+ return -1;
+ }
+ }
+
if (!mem->hugepages[i].nodemask) {
/* This is the master hugepage to use. Skip it as it has no
* nodemask anyway. */
@@ -19414,19 +19454,6 @@ virDomainDefParseXML(xmlDocPtr xml,
if (virXPathNode("./memoryBacking/hugepages", ctxt)) {
/* hugepages will be used */
-
- if (def->mem.allocation == VIR_DOMAIN_MEMORY_ALLOCATION_ONDEMAND) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("hugepages are not allowed with memory allocation ondemand"));
- goto error;
- }
-
- if (def->mem.source == VIR_DOMAIN_MEMORY_SOURCE_ANONYMOUS) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("hugepages are not allowed with anonymous memory source"));
- goto error;
- }
-
if ((n = virXPathNodeSet("./memoryBacking/hugepages/page", ctxt, &nodes)) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("cannot extract hugepages nodes"));
@@ -19442,28 +19469,6 @@ virDomainDefParseXML(xmlDocPtr xml,
&def->mem.hugepages[i]) < 0)
goto error;
def->mem.nhugepages++;
-
- for (j = 0; j < i; j++) {
- if (def->mem.hugepages[i].nodemask &&
- def->mem.hugepages[j].nodemask &&
- virBitmapOverlaps(def->mem.hugepages[i].nodemask,
- def->mem.hugepages[j].nodemask)) {
- virReportError(VIR_ERR_XML_DETAIL,
- _("nodeset attribute of hugepages "
- "of sizes %llu and %llu intersect"),
- def->mem.hugepages[i].size,
- def->mem.hugepages[j].size);
- goto error;
- } else if (!def->mem.hugepages[i].nodemask &&
- !def->mem.hugepages[j].nodemask) {
- virReportError(VIR_ERR_XML_DETAIL,
- _("two master hugepages detected: "
- "%llu and %llu"),
- def->mem.hugepages[i].size,
- def->mem.hugepages[j].size);
- goto error;
- }
- }
}
VIR_FREE(nodes);
--
2.18.0

152
SOURCES/libvirt-conf-Parse-and-format-nested-hv-feature.patch Normal file
View File

@ -0,0 +1,152 @@
From 742667e7f0a55f3a8042840e2995982a003dc2fc Mon Sep 17 00:00:00 2001
Message-Id: <742667e7f0a55f3a8042840e2995982a003dc2fc@dist-git>
From: Andrea Bolognani <abologna@redhat.com>
Date: Tue, 4 Dec 2018 16:46:19 +0100
Subject: [PATCH] conf: Parse and format nested-hv feature
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
(cherry picked from commit bfa2bd7e38f2777260b63200ef12804e13a7a5c2)
https://bugzilla.redhat.com/show_bug.cgi?id=1647822
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
docs/formatdomain.html.in | 12 ++++++++++++
docs/schemas/domaincommon.rng | 5 +++++
src/conf/domain_conf.c | 4 ++++
src/conf/domain_conf.h | 1 +
src/qemu/qemu_domain.c | 1 +
tests/qemuxml2argvdata/pseries-features.xml | 1 +
tests/qemuxml2xmloutdata/pseries-features.xml | 1 +
7 files changed, 25 insertions(+)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 54eb298414..02d0ac4241 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -2191,6 +2191,18 @@
defined, the hypervisor default will be used.
<span class="since">Since 4.6.0</span> (QEMU/KVM only)
</dd>
+ <dt><code>nested-hv</code></dt>
+ <dd>Configure nested HV availability for pSeries guests. This needs to
+ be enabled from the host (L0) in order to be effective; having HV
+ support in the (L1) guest is very desiderable if it's planned to
+ run nested (L2) guests inside it, because it will result in those
+ nested guests having much better performance than they would when
+ using KVM PR or TCG.
+ Possible values for the <code>state</code> attribute are
+ <code>on</code> and <code>off</code>. If the attribute is not
+ defined, the hypervisor default will be used.
+ <span class="since">Since 4.10.0</span> (QEMU/KVM only)
+ </dd>
</dl>
<h3><a id="elementsTime">Time keeping</a></h3>
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index e4ce7804b9..70a7767d9c 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -4925,6 +4925,11 @@
<ref name="featurestate"/>
</element>
</optional>
+ <optional>
+ <element name="nested-hv">
+ <ref name="featurestate"/>
+ </element>
+ </optional>
</interleave>
</element>
</optional>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index e013e9f0c5..660e1523fe 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -153,6 +153,7 @@ VIR_ENUM_IMPL(virDomainFeature, VIR_DOMAIN_FEATURE_LAST,
"hpt",
"vmcoreinfo",
"htm",
+ "nested-hv",
);
VIR_ENUM_IMPL(virDomainCapabilitiesPolicy, VIR_DOMAIN_CAPABILITIES_POLICY_LAST,
@@ -19987,6 +19988,7 @@ virDomainDefParseXML(xmlDocPtr xml,
break;
case VIR_DOMAIN_FEATURE_HTM:
+ case VIR_DOMAIN_FEATURE_NESTED_HV:
if (!(tmp = virXMLPropString(nodes[i], "state"))) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("missing state attribute '%s' of feature '%s'"),
@@ -22147,6 +22149,7 @@ virDomainDefFeaturesCheckABIStability(virDomainDefPtr src,
case VIR_DOMAIN_FEATURE_SMM:
case VIR_DOMAIN_FEATURE_VMCOREINFO:
case VIR_DOMAIN_FEATURE_HTM:
+ case VIR_DOMAIN_FEATURE_NESTED_HV:
if (src->features[i] != dst->features[i]) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("State of feature '%s' differs: "
@@ -27823,6 +27826,7 @@ virDomainDefFormatInternal(virDomainDefPtr def,
case VIR_DOMAIN_FEATURE_PVSPINLOCK:
case VIR_DOMAIN_FEATURE_VMPORT:
case VIR_DOMAIN_FEATURE_HTM:
+ case VIR_DOMAIN_FEATURE_NESTED_HV:
switch ((virTristateSwitch) def->features[i]) {
case VIR_TRISTATE_SWITCH_LAST:
case VIR_TRISTATE_SWITCH_ABSENT:
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index d32514e7e6..f05fca284f 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1775,6 +1775,7 @@ typedef enum {
VIR_DOMAIN_FEATURE_HPT,
VIR_DOMAIN_FEATURE_VMCOREINFO,
VIR_DOMAIN_FEATURE_HTM,
+ VIR_DOMAIN_FEATURE_NESTED_HV,
VIR_DOMAIN_FEATURE_LAST
} virDomainFeature;
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 4fcca1e05a..0ddc6ef4a7 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -3819,6 +3819,7 @@ qemuDomainDefValidateFeatures(const virDomainDef *def,
case VIR_DOMAIN_FEATURE_HPT:
case VIR_DOMAIN_FEATURE_HTM:
+ case VIR_DOMAIN_FEATURE_NESTED_HV:
if (def->features[i] != VIR_TRISTATE_SWITCH_ABSENT &&
!qemuDomainIsPSeries(def)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
diff --git a/tests/qemuxml2argvdata/pseries-features.xml b/tests/qemuxml2argvdata/pseries-features.xml
index 5c842fe87b..6f7d32b065 100644
--- a/tests/qemuxml2argvdata/pseries-features.xml
+++ b/tests/qemuxml2argvdata/pseries-features.xml
@@ -11,6 +11,7 @@
<maxpagesize unit='GiB'>1</maxpagesize>
</hpt>
<htm state='on'/>
+ <nested-hv state='off'/>
</features>
<devices>
<emulator>/usr/bin/qemu-system-ppc64</emulator>
diff --git a/tests/qemuxml2xmloutdata/pseries-features.xml b/tests/qemuxml2xmloutdata/pseries-features.xml
index 55a44c75a0..7e12bc9c03 100644
--- a/tests/qemuxml2xmloutdata/pseries-features.xml
+++ b/tests/qemuxml2xmloutdata/pseries-features.xml
@@ -13,6 +13,7 @@
<maxpagesize unit='KiB'>1048576</maxpagesize>
</hpt>
<htm state='on'/>
+ <nested-hv state='off'/>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
--
2.20.1

194
SOURCES/libvirt-conf-Parse-and-format-the-HTM-pSeries-feature.patch Normal file
View File

@ -0,0 +1,194 @@
From cb462f891f39ff47179e6fe65437450f9d8c7824 Mon Sep 17 00:00:00 2001
Message-Id: <cb462f891f39ff47179e6fe65437450f9d8c7824@dist-git>
From: Andrea Bolognani <abologna@redhat.com>
Date: Tue, 3 Jul 2018 15:25:16 +0200
Subject: [PATCH] conf: Parse and format the HTM pSeries feature
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
(cherry picked from commit 9f3b9100f33036cb14296aa0a788788743b75a23)
https: //bugzilla.redhat.com/show_bug.cgi?id=1525599
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: David Gibson <dgibson@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
docs/formatdomain.html.in | 8 ++++++++
docs/schemas/domaincommon.rng | 5 +++++
src/conf/domain_conf.c | 19 +++++++++++++++++++
src/conf/domain_conf.h | 1 +
src/qemu/qemu_domain.c | 1 +
tests/qemuxml2argvdata/pseries-features.xml | 1 +
tests/qemuxml2argvtest.c | 1 +
tests/qemuxml2xmloutdata/pseries-features.xml | 1 +
tests/qemuxml2xmltest.c | 1 +
9 files changed, 38 insertions(+)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 0d68596991..a3afe137bf 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -1929,6 +1929,7 @@
&lt;smm state='on'&gt;
&lt;tseg unit='MiB'&gt;48&lt;/tseg&gt;
&lt;/smm&gt;
+ &lt;htm state='on'/&gt;
&lt;/features&gt;
...</pre>
@@ -2162,6 +2163,13 @@
<dd>Enable QEMU vmcoreinfo device to let the guest kernel save debug
details. <span class="since">Since 4.4.0</span> (QEMU only)
</dd>
+ <dt><code>htm</code></dt>
+ <dd>Configure HTM (Hardware Transational Memory) availability for
+ pSeries guests. Possible values for the <code>state</code> attribute
+ are <code>on</code> and <code>off</code>. If the attribute is not
+ defined, the hypervisor default will be used.
+ <span class="since">Since 4.6.0</span> (QEMU/KVM only)
+ </dd>
</dl>
<h3><a id="elementsTime">Time keeping</a></h3>
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index f46145cf9b..bd687ce9d3 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -4907,6 +4907,11 @@
<optional>
<ref name="vmcoreinfo"/>
</optional>
+ <optional>
+ <element name="htm">
+ <ref name="featurestate"/>
+ </element>
+ </optional>
</interleave>
</element>
</optional>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index b8b53450fa..f4e59f6c91 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -152,6 +152,7 @@ VIR_ENUM_IMPL(virDomainFeature, VIR_DOMAIN_FEATURE_LAST,
"ioapic",
"hpt",
"vmcoreinfo",
+ "htm",
);
VIR_ENUM_IMPL(virDomainCapabilitiesPolicy, VIR_DOMAIN_CAPABILITIES_POLICY_LAST,
@@ -19827,6 +19828,22 @@ virDomainDefParseXML(xmlDocPtr xml,
}
break;
+ case VIR_DOMAIN_FEATURE_HTM:
+ if (!(tmp = virXMLPropString(nodes[i], "state"))) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("missing state attribute '%s' of feature '%s'"),
+ tmp, virDomainFeatureTypeToString(val));
+ goto error;
+ }
+ if ((def->features[val] = virTristateSwitchTypeFromString(tmp)) < 0) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("unknown state attribute '%s' of feature '%s'"),
+ tmp, virDomainFeatureTypeToString(val));
+ goto error;
+ }
+ VIR_FREE(tmp);
+ break;
+
/* coverity[dead_error_begin] */
case VIR_DOMAIN_FEATURE_LAST:
break;
@@ -21961,6 +21978,7 @@ virDomainDefFeaturesCheckABIStability(virDomainDefPtr src,
case VIR_DOMAIN_FEATURE_VMPORT:
case VIR_DOMAIN_FEATURE_SMM:
case VIR_DOMAIN_FEATURE_VMCOREINFO:
+ case VIR_DOMAIN_FEATURE_HTM:
if (src->features[i] != dst->features[i]) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("State of feature '%s' differs: "
@@ -27626,6 +27644,7 @@ virDomainDefFormatInternal(virDomainDefPtr def,
case VIR_DOMAIN_FEATURE_PMU:
case VIR_DOMAIN_FEATURE_PVSPINLOCK:
case VIR_DOMAIN_FEATURE_VMPORT:
+ case VIR_DOMAIN_FEATURE_HTM:
switch ((virTristateSwitch) def->features[i]) {
case VIR_TRISTATE_SWITCH_LAST:
case VIR_TRISTATE_SWITCH_ABSENT:
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 71437dc485..41d27482fb 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1771,6 +1771,7 @@ typedef enum {
VIR_DOMAIN_FEATURE_IOAPIC,
VIR_DOMAIN_FEATURE_HPT,
VIR_DOMAIN_FEATURE_VMCOREINFO,
+ VIR_DOMAIN_FEATURE_HTM,
VIR_DOMAIN_FEATURE_LAST
} virDomainFeature;
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 4c2a162b85..0eacad1e44 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -3865,6 +3865,7 @@ qemuDomainDefValidateFeatures(const virDomainDef *def,
case VIR_DOMAIN_FEATURE_PMU:
case VIR_DOMAIN_FEATURE_VMPORT:
case VIR_DOMAIN_FEATURE_VMCOREINFO:
+ case VIR_DOMAIN_FEATURE_HTM:
case VIR_DOMAIN_FEATURE_LAST:
break;
}
diff --git a/tests/qemuxml2argvdata/pseries-features.xml b/tests/qemuxml2argvdata/pseries-features.xml
index 30cee5b81c..5c842fe87b 100644
--- a/tests/qemuxml2argvdata/pseries-features.xml
+++ b/tests/qemuxml2argvdata/pseries-features.xml
@@ -10,6 +10,7 @@
<hpt resizing='required'>
<maxpagesize unit='GiB'>1</maxpagesize>
</hpt>
+ <htm state='on'/>
</features>
<devices>
<emulator>/usr/bin/qemu-system-ppc64</emulator>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index c279ac4975..d6911f9344 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1850,6 +1850,7 @@ mymain(void)
DO_TEST("pseries-features",
QEMU_CAPS_DEVICE_SPAPR_PCI_HOST_BRIDGE,
QEMU_CAPS_MACHINE_PSERIES_CAP_HPT_MAX_PAGE_SIZE,
+ QEMU_CAPS_MACHINE_PSERIES_CAP_HTM,
QEMU_CAPS_MACHINE_PSERIES_RESIZE_HPT);
DO_TEST_FAILURE("pseries-features",
QEMU_CAPS_DEVICE_SPAPR_PCI_HOST_BRIDGE);
diff --git a/tests/qemuxml2xmloutdata/pseries-features.xml b/tests/qemuxml2xmloutdata/pseries-features.xml
index f36705f011..55a44c75a0 100644
--- a/tests/qemuxml2xmloutdata/pseries-features.xml
+++ b/tests/qemuxml2xmloutdata/pseries-features.xml
@@ -12,6 +12,7 @@
<hpt resizing='required'>
<maxpagesize unit='KiB'>1048576</maxpagesize>
</hpt>
+ <htm state='on'/>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index eac6d5b073..bbb995656e 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -620,6 +620,7 @@ mymain(void)
DO_TEST("pseries-features",
QEMU_CAPS_DEVICE_SPAPR_PCI_HOST_BRIDGE,
QEMU_CAPS_MACHINE_PSERIES_CAP_HPT_MAX_PAGE_SIZE,
+ QEMU_CAPS_MACHINE_PSERIES_CAP_HTM,
QEMU_CAPS_MACHINE_PSERIES_RESIZE_HPT);
DO_TEST("pseries-serial-native",
--
2.18.0

48
SOURCES/libvirt-conf-Parse-guestfwd-channel-device-info-again.patch Normal file
View File

@ -0,0 +1,48 @@
From ac3ea7982236832f5f2ae86b631aface267d035c Mon Sep 17 00:00:00 2001
Message-Id: <ac3ea7982236832f5f2ae86b631aface267d035c@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 21 Aug 2018 14:23:40 +0200
Subject: [PATCH] conf: Parse guestfwd channel device info again
https://bugzilla.redhat.com/show_bug.cgi?id=1610072
Due to historical reasons we were not parsing device info on
guestfwd channel. Sure, it doesn't make much sense to parse
<address/> but it surely makes sense to parse its alias (which
might be an user alias).
This reverts commit 47a3dd46ead20e6fdc30bcdc1b8e707e250d33da
which fixed https://bugzilla.redhat.com/show_bug.cgi?id=1172526.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
(cherry picked from commit cab1843914d9ce5d1ca28477d2b48e5304e9e6f2)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
src/conf/domain_conf.c | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 8a43e607e9..51a79ad8b1 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -12760,14 +12760,8 @@ virDomainChrDefParseXML(virDomainXMLOptionPtr xmlopt,
}
}
- if (def->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CHANNEL &&
- def->targetType == VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_GUESTFWD) {
- VIR_DEBUG("Ignoring device address for gustfwd channel");
- } else if (virDomainDeviceInfoParseXML(xmlopt, node,
- &def->info, flags) < 0) {
+ if (virDomainDeviceInfoParseXML(xmlopt, node, &def->info, flags) < 0)
goto error;
- }
-
if (def->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_SERIAL &&
def->targetType == VIR_DOMAIN_CHR_SERIAL_TARGET_TYPE_USB &&
--
2.18.0

175
SOURCES/libvirt-conf-Replace-error-with-cleanup-in-virDomainHostdevDefParseXMLSubsys.patch Normal file
View File

@ -0,0 +1,175 @@
From fd6fae19231031f3feb83c854efdf2f1abfa7847 Mon Sep 17 00:00:00 2001
Message-Id: <fd6fae19231031f3feb83c854efdf2f1abfa7847@dist-git>
From: Erik Skultety <eskultet@redhat.com>
Date: Thu, 19 Jul 2018 15:04:01 +0200
Subject: [PATCH] conf: Replace 'error' with 'cleanup' in
virDomainHostdevDefParseXMLSubsys
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The exit path is the same for both success and failure, so the label
should be called cleanup.
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit f1f6f4858260a77416ed5e0c86c4e0614aaf0a5e)
https://bugzilla.redhat.com/show_bug.cgi?id=1475770
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/conf/domain_conf.c | 38 +++++++++++++++++++-------------------
1 file changed, 19 insertions(+), 19 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 08654ab41d..72086f9e86 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -7690,18 +7690,18 @@ virDomainHostdevDefParseXMLSubsys(xmlNodePtr node,
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("unknown host device source address type '%s'"),
type);
- goto error;
+ goto cleanup;
}
} else {
virReportError(VIR_ERR_XML_ERROR,
"%s", _("missing source address type"));
- goto error;
+ goto cleanup;
}
if (!(sourcenode = virXPathNode("./source", ctxt))) {
virReportError(VIR_ERR_XML_ERROR, "%s",
_("Missing <source> element in hostdev device"));
- goto error;
+ goto cleanup;
}
if (def->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB &&
@@ -7709,20 +7709,20 @@ virDomainHostdevDefParseXMLSubsys(xmlNodePtr node,
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("Setting startupPolicy is only allowed for USB"
" devices"));
- goto error;
+ goto cleanup;
}
if (sgio) {
if (def->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI) {
virReportError(VIR_ERR_XML_ERROR, "%s",
_("sgio is only supported for scsi host device"));
- goto error;
+ goto cleanup;
}
if ((scsisrc->sgio = virDomainDeviceSGIOTypeFromString(sgio)) <= 0) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("unknown sgio mode '%s'"), sgio);
- goto error;
+ goto cleanup;
}
}
@@ -7730,14 +7730,14 @@ virDomainHostdevDefParseXMLSubsys(xmlNodePtr node,
if (def->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI) {
virReportError(VIR_ERR_XML_ERROR, "%s",
_("rawio is only supported for scsi host device"));
- goto error;
+ goto cleanup;
}
if ((scsisrc->rawio = virTristateBoolTypeFromString(rawio)) <= 0) {
virReportError(VIR_ERR_XML_ERROR,
_("unknown hostdev rawio setting '%s'"),
rawio);
- goto error;
+ goto cleanup;
}
}
@@ -7746,28 +7746,28 @@ virDomainHostdevDefParseXMLSubsys(xmlNodePtr node,
virReportError(VIR_ERR_XML_ERROR, "%s",
_("'model' attribute in <hostdev> is only supported "
"when type='mdev'"));
- goto error;
+ goto cleanup;
}
} else {
if (!model) {
virReportError(VIR_ERR_XML_ERROR, "%s",
_("Missing 'model' attribute in mediated device's "
"<hostdev> element"));
- goto error;
+ goto cleanup;
}
if ((mdevsrc->model = virMediatedDeviceModelTypeFromString(model)) < 0) {
virReportError(VIR_ERR_XML_ERROR,
_("unknown hostdev model '%s'"),
model);
- goto error;
+ goto cleanup;
}
}
switch (def->source.subsys.type) {
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI:
if (virDomainHostdevSubsysPCIDefParseXML(sourcenode, def, flags) < 0)
- goto error;
+ goto cleanup;
backend = VIR_DOMAIN_HOSTDEV_PCI_BACKEND_DEFAULT;
if ((backendStr = virXPathString("string(./driver/@name)", ctxt)) &&
@@ -7776,7 +7776,7 @@ virDomainHostdevDefParseXMLSubsys(xmlNodePtr node,
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("Unknown PCI device <driver name='%s'/> "
"has been specified"), backendStr);
- goto error;
+ goto cleanup;
}
pcisrc->backend = backend;
@@ -7784,32 +7784,32 @@ virDomainHostdevDefParseXMLSubsys(xmlNodePtr node,
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB:
if (virDomainHostdevSubsysUSBDefParseXML(sourcenode, def) < 0)
- goto error;
+ goto cleanup;
break;
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI:
if (virDomainHostdevSubsysSCSIDefParseXML(sourcenode, scsisrc, ctxt) < 0)
- goto error;
+ goto cleanup;
break;
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI_HOST:
if (virDomainHostdevSubsysSCSIVHostDefParseXML(sourcenode, def) < 0)
- goto error;
+ goto cleanup;
break;
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV:
if (virDomainHostdevSubsysMediatedDevDefParseXML(def, ctxt) < 0)
- goto error;
+ goto cleanup;
break;
default:
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("address type='%s' not supported in hostdev interfaces"),
virDomainHostdevSubsysTypeToString(def->source.subsys.type));
- goto error;
+ goto cleanup;
}
ret = 0;
- error:
+ cleanup:
VIR_FREE(managed);
VIR_FREE(sgio);
VIR_FREE(rawio);
--
2.18.0

214
SOURCES/libvirt-conf-correct-false-boot-order-error-during-domain-parse.patch Normal file
View File

@ -0,0 +1,214 @@
From b56deb73400af9518bdc86802b8ac8da0670d806 Mon Sep 17 00:00:00 2001
Message-Id: <b56deb73400af9518bdc86802b8ac8da0670d806@dist-git>
From: Laine Stump <laine@laine.org>
Date: Thu, 10 Jan 2019 09:44:45 -0500
Subject: [PATCH] conf: correct false boot order error during domain parse
virDomainDefCollectBootOrder() is called for every item on the list
for each type of device. One of the checks it makes is to gather the
order attributes from the <boot> element of all devices, and assure
that no two devices have been given the same order.
Since (internally to libvirt, *not* in the domain XML) an <interface
type='hostdev'> is on both the list of hostdev devices and the list of
network devices, it will be counted twice, and the code that checks
for multiple devices with the same boot order will give a false
positive.
To remedy this, we make sure to return early for hostdev devices that
have a parent.type != NONE.
This was introduced in commit 5b75a4, which was first in libvirt-4.4.0.
Resolves: https://bugzilla.redhat.com/1630393 (RHEL8)
Resolves: https://bugzilla.redhat.com/1601318 (RHEL7)
Change from upstream: upstream has eliminated QEMU_CAPS_BOOTINDEX and
QEMU_CAPS_PCI_BOOTINDEX so they're no longer necessary in test cases.
Signed-off-by: Laine Stump <laine@laine.org>
(cherry picked from commit 7ea7342996d74591e00bcbf14b1eb3995f77a199)
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
src/conf/domain_conf.c | 8 ++++
.../net-hostdev-bootorder.args | 27 ++++++++++++
.../net-hostdev-bootorder.xml | 36 ++++++++++++++++
tests/qemuxml2argvtest.c | 3 ++
.../net-hostdev-bootorder.xml | 42 +++++++++++++++++++
tests/qemuxml2xmltest.c | 1 +
6 files changed, 117 insertions(+)
create mode 100644 tests/qemuxml2argvdata/net-hostdev-bootorder.args
create mode 100644 tests/qemuxml2argvdata/net-hostdev-bootorder.xml
create mode 100644 tests/qemuxml2xmloutdata/net-hostdev-bootorder.xml
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 660e1523fe..d431441f62 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -5076,6 +5076,14 @@ virDomainDefCollectBootOrder(virDomainDefPtr def ATTRIBUTE_UNUSED,
if (info->bootIndex == 0)
return 0;
+ if (dev->type == VIR_DOMAIN_DEVICE_HOSTDEV &&
+ dev->data.hostdev->parent.type != VIR_DOMAIN_DEVICE_NONE) {
+ /* This hostdev is a child of a higher level device
+ * (e.g. interface), and thus already being counted on the
+ * list for the other device type.
+ */
+ return 0;
+ }
if (virAsprintf(&order, "%u", info->bootIndex) < 0)
goto cleanup;
diff --git a/tests/qemuxml2argvdata/net-hostdev-bootorder.args b/tests/qemuxml2argvdata/net-hostdev-bootorder.args
new file mode 100644
index 0000000000..e632d9b195
--- /dev/null
+++ b/tests/qemuxml2argvdata/net-hostdev-bootorder.args
@@ -0,0 +1,27 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/home/test \
+USER=test \
+LOGNAME=test \
+QEMU_AUDIO_DRV=none \
+/usr/bin/qemu-system-i686 \
+-name QEMUGuest1 \
+-S \
+-machine pc,accel=tcg,usb=off,dump-guest-core=off \
+-m 214 \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,path=/tmp/lib/domain--1-QEMUGuest1/monitor.sock,\
+server,nowait \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-no-acpi \
+-usb \
+-drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-ide0-0-0 \
+-device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,\
+bootindex=2 \
+-device pci-assign,host=03:07.1,id=hostdev0,bootindex=1,bus=pci.0,addr=0x3
diff --git a/tests/qemuxml2argvdata/net-hostdev-bootorder.xml b/tests/qemuxml2argvdata/net-hostdev-bootorder.xml
new file mode 100644
index 0000000000..cd9f32b2f3
--- /dev/null
+++ b/tests/qemuxml2argvdata/net-hostdev-bootorder.xml
@@ -0,0 +1,36 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-i686</emulator>
+ <disk type='block' device='disk'>
+ <source dev='/dev/HostVG/QEMUGuest1'/>
+ <target dev='hda' bus='ide'/>
+ <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+ <boot order='2'/>
+ </disk>
+ <controller type='usb' index='0'/>
+ <controller type='ide' index='0'/>
+ <controller type='pci' index='0' model='pci-root'/>
+ <interface type='hostdev' managed='yes'>
+ <mac address='00:11:22:33:44:55'/>
+ <source>
+ <address type='pci' domain='0x0000' bus='0x03' slot='0x07' function='0x1'/>
+ </source>
+ <boot order='1'/>
+ </interface>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index bd4aa1266d..690a39054e 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1324,6 +1324,9 @@ mymain(void)
DO_TEST("net-mcast", NONE);
DO_TEST("net-udp", NONE);
DO_TEST("net-hostdev", NONE);
+ DO_TEST("net-hostdev-bootorder",
+ QEMU_CAPS_BOOTINDEX,
+ QEMU_CAPS_PCI_BOOTINDEX);
DO_TEST("net-hostdev-multidomain", NONE);
DO_TEST("net-hostdev-vfio",
QEMU_CAPS_DEVICE_VFIO_PCI);
diff --git a/tests/qemuxml2xmloutdata/net-hostdev-bootorder.xml b/tests/qemuxml2xmloutdata/net-hostdev-bootorder.xml
new file mode 100644
index 0000000000..d9ecf40cf0
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/net-hostdev-bootorder.xml
@@ -0,0 +1,42 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-i686</emulator>
+ <disk type='block' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source dev='/dev/HostVG/QEMUGuest1'/>
+ <target dev='hda' bus='ide'/>
+ <boot order='2'/>
+ <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+ </disk>
+ <controller type='usb' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
+ </controller>
+ <controller type='ide' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
+ </controller>
+ <controller type='pci' index='0' model='pci-root'/>
+ <interface type='hostdev' managed='yes'>
+ <mac address='00:11:22:33:44:55'/>
+ <source>
+ <address type='pci' domain='0x0000' bus='0x03' slot='0x07' function='0x1'/>
+ </source>
+ <boot order='1'/>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
+ </interface>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index db088fff6b..dbac863239 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -454,6 +454,7 @@ mymain(void)
DO_TEST("net-virtio-network-portgroup", NONE);
DO_TEST("net-virtio-rxtxqueuesize", NONE);
DO_TEST("net-hostdev", NONE);
+ DO_TEST("net-hostdev-bootorder", NONE);
DO_TEST("net-hostdev-vfio", NONE);
DO_TEST("net-midonet", NONE);
DO_TEST("net-openvswitch", NONE);
--
2.20.1

262
SOURCES/libvirt-conf-qemu-add-support-for-Hyper-V-PV-TLB-flush.patch Normal file
View File

@ -0,0 +1,262 @@
From efc0312e1edb3d8196806606fbb639bbbd0bd6d4 Mon Sep 17 00:00:00 2001
Message-Id: <efc0312e1edb3d8196806606fbb639bbbd0bd6d4@dist-git>
From: Vitaly Kuznetsov <vkuznets@redhat.com>
Date: Thu, 9 Aug 2018 15:14:21 +0200
Subject: [PATCH] conf: qemu: add support for Hyper-V PV TLB flush
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Qemu-3.0 supports Hyper-V-style PV TLB flush, Windows guests can benefit
from this feature as KVM knows which vCPUs are not currently scheduled (and
thus don't require any immediate action).
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
(cherry picked from commit f4c39db7366376bd95e1751b0e3ced9c73c14f5b)
https://bugzilla.redhat.com/show_bug.cgi?id=1589702
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
docs/formatdomain.html.in | 7 +++++++
docs/schemas/domaincommon.rng | 5 +++++
src/conf/domain_conf.c | 6 +++++-
src/conf/domain_conf.h | 1 +
src/cpu/cpu_x86.c | 3 +++
src/cpu/cpu_x86_data.h | 1 +
src/qemu/qemu_command.c | 1 +
src/qemu/qemu_parse_command.c | 1 +
src/qemu/qemu_process.c | 1 +
tests/qemuxml2argvdata/hyperv-off.xml | 1 +
tests/qemuxml2argvdata/hyperv.args | 2 +-
tests/qemuxml2argvdata/hyperv.xml | 1 +
tests/qemuxml2xmloutdata/hyperv-off.xml | 1 +
tests/qemuxml2xmloutdata/hyperv.xml | 1 +
14 files changed, 30 insertions(+), 2 deletions(-)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 43a1067501..c019b26644 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -1917,6 +1917,7 @@
&lt;vendor_id state='on' value='KVM Hv'/&gt;
&lt;frequencies state='on'/&gt;
&lt;reenlightenment state='on'/&gt;
+ &lt;tlbflush state='on'/&gt;
&lt;/hyperv&gt;
&lt;kvm&gt;
&lt;hidden state='on'/&gt;
@@ -2051,6 +2052,12 @@
<td> on, off</td>
<td><span class="since">4.7.0 (QEMU 3.0)</span></td>
</tr>
+ <tr>
+ <td>tlbflush</td>
+ <td>Enable PV TLB flush support</td>
+ <td> on, off</td>
+ <td><span class="since">4.7.0 (QEMU 3.0)</span></td>
+ </tr>
</table>
</dd>
<dt><code>pvspinlock</code></dt>
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index ceee7a8efe..1c6f2a295d 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -5723,6 +5723,11 @@
<ref name="featurestate"/>
</element>
</optional>
+ <optional>
+ <element name="tlbflush">
+ <ref name="featurestate"/>
+ </element>
+ </optional>
</interleave>
</element>
</define>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 18b4d03a61..e013e9f0c5 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -171,7 +171,8 @@ VIR_ENUM_IMPL(virDomainHyperv, VIR_DOMAIN_HYPERV_LAST,
"reset",
"vendor_id",
"frequencies",
- "reenlightenment")
+ "reenlightenment",
+ "tlbflush")
VIR_ENUM_IMPL(virDomainKVM, VIR_DOMAIN_KVM_LAST,
"hidden")
@@ -20055,6 +20056,7 @@ virDomainDefParseXML(xmlDocPtr xml,
case VIR_DOMAIN_HYPERV_RESET:
case VIR_DOMAIN_HYPERV_FREQUENCIES:
case VIR_DOMAIN_HYPERV_REENLIGHTENMENT:
+ case VIR_DOMAIN_HYPERV_TLBFLUSH:
break;
case VIR_DOMAIN_HYPERV_SPINLOCKS:
@@ -22248,6 +22250,7 @@ virDomainDefFeaturesCheckABIStability(virDomainDefPtr src,
case VIR_DOMAIN_HYPERV_RESET:
case VIR_DOMAIN_HYPERV_FREQUENCIES:
case VIR_DOMAIN_HYPERV_REENLIGHTENMENT:
+ case VIR_DOMAIN_HYPERV_TLBFLUSH:
if (src->hyperv_features[i] != dst->hyperv_features[i]) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("State of HyperV enlightenment "
@@ -27898,6 +27901,7 @@ virDomainDefFormatInternal(virDomainDefPtr def,
case VIR_DOMAIN_HYPERV_RESET:
case VIR_DOMAIN_HYPERV_FREQUENCIES:
case VIR_DOMAIN_HYPERV_REENLIGHTENMENT:
+ case VIR_DOMAIN_HYPERV_TLBFLUSH:
break;
case VIR_DOMAIN_HYPERV_SPINLOCKS:
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index e450923019..d32514e7e6 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1793,6 +1793,7 @@ typedef enum {
VIR_DOMAIN_HYPERV_VENDOR_ID,
VIR_DOMAIN_HYPERV_FREQUENCIES,
VIR_DOMAIN_HYPERV_REENLIGHTENMENT,
+ VIR_DOMAIN_HYPERV_TLBFLUSH,
VIR_DOMAIN_HYPERV_LAST
} virDomainHyperv;
diff --git a/src/cpu/cpu_x86.c b/src/cpu/cpu_x86.c
index 7a48b78eb9..7fa84f6014 100644
--- a/src/cpu/cpu_x86.c
+++ b/src/cpu/cpu_x86.c
@@ -113,6 +113,8 @@ KVM_FEATURE_DEF(VIR_CPU_x86_KVM_HV_FREQUENCIES,
0x40000003, 0x00000800);
KVM_FEATURE_DEF(VIR_CPU_x86_KVM_HV_REENLIGHTENMENT,
0x40000003, 0x00002000);
+KVM_FEATURE_DEF(VIR_CPU_x86_KVM_HV_TLBFLUSH,
+ 0x40000004, 0x00000004);
static virCPUx86Feature x86_kvm_features[] =
{
@@ -135,6 +137,7 @@ static virCPUx86Feature x86_kvm_features[] =
KVM_FEATURE(VIR_CPU_x86_KVM_HV_RESET),
KVM_FEATURE(VIR_CPU_x86_KVM_HV_FREQUENCIES),
KVM_FEATURE(VIR_CPU_x86_KVM_HV_REENLIGHTENMENT),
+ KVM_FEATURE(VIR_CPU_x86_KVM_HV_TLBFLUSH),
};
typedef struct _virCPUx86Model virCPUx86Model;
diff --git a/src/cpu/cpu_x86_data.h b/src/cpu/cpu_x86_data.h
index a810c64fc9..090a21156f 100644
--- a/src/cpu/cpu_x86_data.h
+++ b/src/cpu/cpu_x86_data.h
@@ -65,6 +65,7 @@ struct _virCPUx86CPUID {
# define VIR_CPU_x86_KVM_HV_RESET "__kvm_hv_reset"
# define VIR_CPU_x86_KVM_HV_FREQUENCIES "__kvm_hv_frequencies"
# define VIR_CPU_x86_KVM_HV_REENLIGHTENMENT "__kvm_hv_reenlightenment"
+# define VIR_CPU_x86_KVM_HV_TLBFLUSH "__kvm_hv_tlbflush"
# define VIR_CPU_X86_DATA_INIT { 0 }
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 48f3b09ec9..a3d605c00f 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -6921,6 +6921,7 @@ qemuBuildCpuCommandLine(virCommandPtr cmd,
case VIR_DOMAIN_HYPERV_RESET:
case VIR_DOMAIN_HYPERV_FREQUENCIES:
case VIR_DOMAIN_HYPERV_REENLIGHTENMENT:
+ case VIR_DOMAIN_HYPERV_TLBFLUSH:
if (def->hyperv_features[i] == VIR_TRISTATE_SWITCH_ON)
virBufferAsprintf(&buf, ",hv_%s",
virDomainHypervTypeToString(i));
diff --git a/src/qemu/qemu_parse_command.c b/src/qemu/qemu_parse_command.c
index 1e67a5a8c8..fdc1d34068 100644
--- a/src/qemu/qemu_parse_command.c
+++ b/src/qemu/qemu_parse_command.c
@@ -1538,6 +1538,7 @@ qemuParseCommandLineCPU(virDomainDefPtr dom,
case VIR_DOMAIN_HYPERV_RESET:
case VIR_DOMAIN_HYPERV_FREQUENCIES:
case VIR_DOMAIN_HYPERV_REENLIGHTENMENT:
+ case VIR_DOMAIN_HYPERV_TLBFLUSH:
if (value) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("HyperV feature '%s' should not "
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 990d4d3046..23958bcbce 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -3925,6 +3925,7 @@ qemuProcessVerifyHypervFeatures(virDomainDefPtr def,
case VIR_DOMAIN_HYPERV_RESET:
case VIR_DOMAIN_HYPERV_FREQUENCIES:
case VIR_DOMAIN_HYPERV_REENLIGHTENMENT:
+ case VIR_DOMAIN_HYPERV_TLBFLUSH:
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("host doesn't support hyperv '%s' feature"),
virDomainHypervTypeToString(i));
diff --git a/tests/qemuxml2argvdata/hyperv-off.xml b/tests/qemuxml2argvdata/hyperv-off.xml
index b2e3612df9..dc5777355f 100644
--- a/tests/qemuxml2argvdata/hyperv-off.xml
+++ b/tests/qemuxml2argvdata/hyperv-off.xml
@@ -22,6 +22,7 @@
<vendor_id state='off'/>
<frequencies state='off'/>
<reenlightenment state='off'/>
+ <tlbflush state='off'/>
</hyperv>
</features>
<clock offset='utc'/>
diff --git a/tests/qemuxml2argvdata/hyperv.args b/tests/qemuxml2argvdata/hyperv.args
index 4feafad8e2..6ee6198fb0 100644
--- a/tests/qemuxml2argvdata/hyperv.args
+++ b/tests/qemuxml2argvdata/hyperv.args
@@ -10,7 +10,7 @@ QEMU_AUDIO_DRV=none \
-machine pc,accel=tcg,usb=off,dump-guest-core=off \
-cpu 'qemu32,hv_relaxed,hv_vapic,hv_spinlocks=0x2fff,hv_vpindex,hv_runtime,\
hv_synic,hv_stimer,hv_reset,hv_vendor_id=KVM Hv,hv_frequencies,\
-hv_reenlightenment' \
+hv_reenlightenment,hv_tlbflush' \
-m 214 \
-smp 6,sockets=6,cores=1,threads=1 \
-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
diff --git a/tests/qemuxml2argvdata/hyperv.xml b/tests/qemuxml2argvdata/hyperv.xml
index 20fcdba59e..816adf6907 100644
--- a/tests/qemuxml2argvdata/hyperv.xml
+++ b/tests/qemuxml2argvdata/hyperv.xml
@@ -22,6 +22,7 @@
<vendor_id state='on' value='KVM Hv'/>
<frequencies state='on'/>
<reenlightenment state='on'/>
+ <tlbflush state='on'/>
</hyperv>
</features>
<clock offset='utc'/>
diff --git a/tests/qemuxml2xmloutdata/hyperv-off.xml b/tests/qemuxml2xmloutdata/hyperv-off.xml
index 4a41e0c37e..77a8dac810 100644
--- a/tests/qemuxml2xmloutdata/hyperv-off.xml
+++ b/tests/qemuxml2xmloutdata/hyperv-off.xml
@@ -22,6 +22,7 @@
<vendor_id state='off'/>
<frequencies state='off'/>
<reenlightenment state='off'/>
+ <tlbflush state='off'/>
</hyperv>
</features>
<clock offset='utc'/>
diff --git a/tests/qemuxml2xmloutdata/hyperv.xml b/tests/qemuxml2xmloutdata/hyperv.xml
index 183b45980b..fc8c59a557 100644
--- a/tests/qemuxml2xmloutdata/hyperv.xml
+++ b/tests/qemuxml2xmloutdata/hyperv.xml
@@ -22,6 +22,7 @@
<vendor_id state='on' value='KVM Hv'/>
<frequencies state='on'/>
<reenlightenment state='on'/>
+ <tlbflush state='on'/>
</hyperv>
</features>
<clock offset='utc'/>
--
2.19.1

262
SOURCES/libvirt-conf-qemu-add-support-for-Hyper-V-frequency-MSRs.patch Normal file
View File

@ -0,0 +1,262 @@
From b4335c3290082dd8aa0915e340b625197d80fdc3 Mon Sep 17 00:00:00 2001
Message-Id: <b4335c3290082dd8aa0915e340b625197d80fdc3@dist-git>
From: Vitaly Kuznetsov <vkuznets@redhat.com>
Date: Thu, 9 Aug 2018 15:14:19 +0200
Subject: [PATCH] conf: qemu: add support for Hyper-V frequency MSRs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Qemu-2.12 gained 'hv-frequencies' cpu flag to enable Hyper-V frequency
MSRs. These MSRs are required (but not sufficient) to make Hyper-V on
KVM pass stable TSC page clocksource to L2 guests.
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
(cherry picked from commit 8253bca9615233f670c7dad659c120e4556a748a)
https://bugzilla.redhat.com/show_bug.cgi?id=1589702
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
docs/formatdomain.html.in | 7 +++++++
docs/schemas/domaincommon.rng | 5 +++++
src/conf/domain_conf.c | 6 +++++-
src/conf/domain_conf.h | 1 +
src/cpu/cpu_x86.c | 3 +++
src/cpu/cpu_x86_data.h | 1 +
src/qemu/qemu_command.c | 1 +
src/qemu/qemu_parse_command.c | 1 +
src/qemu/qemu_process.c | 1 +
tests/qemuxml2argvdata/hyperv-off.xml | 1 +
tests/qemuxml2argvdata/hyperv.args | 2 +-
tests/qemuxml2argvdata/hyperv.xml | 1 +
tests/qemuxml2xmloutdata/hyperv-off.xml | 1 +
tests/qemuxml2xmloutdata/hyperv.xml | 1 +
14 files changed, 30 insertions(+), 2 deletions(-)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 42acf7a828..3b493a98ac 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -1915,6 +1915,7 @@
&lt;synic state='on'/&gt;
&lt;reset state='on'/&gt;
&lt;vendor_id state='on' value='KVM Hv'/&gt;
+ &lt;frequencies state='on'/&gt;
&lt;/hyperv&gt;
&lt;kvm&gt;
&lt;hidden state='on'/&gt;
@@ -2037,6 +2038,12 @@
<td>on, off; value - string, up to 12 characters</td>
<td><span class="since">1.3.3 (QEMU 2.5)</span></td>
</tr>
+ <tr>
+ <td>frequencies</td>
+ <td>Expose frequency MSRs</td>
+ <td> on, off</td>
+ <td><span class="since">4.7.0 (QEMU 2.12)</span></td>
+ </tr>
</table>
</dd>
<dt><code>pvspinlock</code></dt>
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index ac04af51a1..f156a6b7c4 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -5713,6 +5713,11 @@
</optional>
</element>
</optional>
+ <optional>
+ <element name="frequencies">
+ <ref name="featurestate"/>
+ </element>
+ </optional>
</interleave>
</element>
</define>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 240b33f28c..150dd8acc8 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -169,7 +169,8 @@ VIR_ENUM_IMPL(virDomainHyperv, VIR_DOMAIN_HYPERV_LAST,
"synic",
"stimer",
"reset",
- "vendor_id")
+ "vendor_id",
+ "frequencies")
VIR_ENUM_IMPL(virDomainKVM, VIR_DOMAIN_KVM_LAST,
"hidden")
@@ -20051,6 +20052,7 @@ virDomainDefParseXML(xmlDocPtr xml,
case VIR_DOMAIN_HYPERV_SYNIC:
case VIR_DOMAIN_HYPERV_STIMER:
case VIR_DOMAIN_HYPERV_RESET:
+ case VIR_DOMAIN_HYPERV_FREQUENCIES:
break;
case VIR_DOMAIN_HYPERV_SPINLOCKS:
@@ -22242,6 +22244,7 @@ virDomainDefFeaturesCheckABIStability(virDomainDefPtr src,
case VIR_DOMAIN_HYPERV_SYNIC:
case VIR_DOMAIN_HYPERV_STIMER:
case VIR_DOMAIN_HYPERV_RESET:
+ case VIR_DOMAIN_HYPERV_FREQUENCIES:
if (src->hyperv_features[i] != dst->hyperv_features[i]) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("State of HyperV enlightenment "
@@ -27890,6 +27893,7 @@ virDomainDefFormatInternal(virDomainDefPtr def,
case VIR_DOMAIN_HYPERV_SYNIC:
case VIR_DOMAIN_HYPERV_STIMER:
case VIR_DOMAIN_HYPERV_RESET:
+ case VIR_DOMAIN_HYPERV_FREQUENCIES:
break;
case VIR_DOMAIN_HYPERV_SPINLOCKS:
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 5e2f21dea3..97d38ff7b9 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1791,6 +1791,7 @@ typedef enum {
VIR_DOMAIN_HYPERV_STIMER,
VIR_DOMAIN_HYPERV_RESET,
VIR_DOMAIN_HYPERV_VENDOR_ID,
+ VIR_DOMAIN_HYPERV_FREQUENCIES,
VIR_DOMAIN_HYPERV_LAST
} virDomainHyperv;
diff --git a/src/cpu/cpu_x86.c b/src/cpu/cpu_x86.c
index 809da94117..a2fbfb577d 100644
--- a/src/cpu/cpu_x86.c
+++ b/src/cpu/cpu_x86.c
@@ -109,6 +109,8 @@ KVM_FEATURE_DEF(VIR_CPU_x86_KVM_HV_VPINDEX,
0x40000003, 0x00000040);
KVM_FEATURE_DEF(VIR_CPU_x86_KVM_HV_RESET,
0x40000003, 0x00000080);
+KVM_FEATURE_DEF(VIR_CPU_x86_KVM_HV_FREQUENCIES,
+ 0x40000003, 0x00000800);
static virCPUx86Feature x86_kvm_features[] =
{
@@ -129,6 +131,7 @@ static virCPUx86Feature x86_kvm_features[] =
KVM_FEATURE(VIR_CPU_x86_KVM_HV_VAPIC),
KVM_FEATURE(VIR_CPU_x86_KVM_HV_VPINDEX),
KVM_FEATURE(VIR_CPU_x86_KVM_HV_RESET),
+ KVM_FEATURE(VIR_CPU_x86_KVM_HV_FREQUENCIES),
};
typedef struct _virCPUx86Model virCPUx86Model;
diff --git a/src/cpu/cpu_x86_data.h b/src/cpu/cpu_x86_data.h
index b89110f16c..c01eb41be5 100644
--- a/src/cpu/cpu_x86_data.h
+++ b/src/cpu/cpu_x86_data.h
@@ -63,6 +63,7 @@ struct _virCPUx86CPUID {
# define VIR_CPU_x86_KVM_HV_VAPIC "__kvm_hv_vapic"
# define VIR_CPU_x86_KVM_HV_VPINDEX "__kvm_hv_vpindex"
# define VIR_CPU_x86_KVM_HV_RESET "__kvm_hv_reset"
+# define VIR_CPU_x86_KVM_HV_FREQUENCIES "__kvm_hv_frequencies"
# define VIR_CPU_X86_DATA_INIT { 0 }
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 028f48310b..82c349819e 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -6919,6 +6919,7 @@ qemuBuildCpuCommandLine(virCommandPtr cmd,
case VIR_DOMAIN_HYPERV_SYNIC:
case VIR_DOMAIN_HYPERV_STIMER:
case VIR_DOMAIN_HYPERV_RESET:
+ case VIR_DOMAIN_HYPERV_FREQUENCIES:
if (def->hyperv_features[i] == VIR_TRISTATE_SWITCH_ON)
virBufferAsprintf(&buf, ",hv_%s",
virDomainHypervTypeToString(i));
diff --git a/src/qemu/qemu_parse_command.c b/src/qemu/qemu_parse_command.c
index 351425fedd..ffea9a26bd 100644
--- a/src/qemu/qemu_parse_command.c
+++ b/src/qemu/qemu_parse_command.c
@@ -1536,6 +1536,7 @@ qemuParseCommandLineCPU(virDomainDefPtr dom,
case VIR_DOMAIN_HYPERV_SYNIC:
case VIR_DOMAIN_HYPERV_STIMER:
case VIR_DOMAIN_HYPERV_RESET:
+ case VIR_DOMAIN_HYPERV_FREQUENCIES:
if (value) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("HyperV feature '%s' should not "
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 2d51c0fa25..dd92a6c179 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -3923,6 +3923,7 @@ qemuProcessVerifyHypervFeatures(virDomainDefPtr def,
case VIR_DOMAIN_HYPERV_SYNIC:
case VIR_DOMAIN_HYPERV_STIMER:
case VIR_DOMAIN_HYPERV_RESET:
+ case VIR_DOMAIN_HYPERV_FREQUENCIES:
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("host doesn't support hyperv '%s' feature"),
virDomainHypervTypeToString(i));
diff --git a/tests/qemuxml2argvdata/hyperv-off.xml b/tests/qemuxml2argvdata/hyperv-off.xml
index ba9c978848..d3a8455ac3 100644
--- a/tests/qemuxml2argvdata/hyperv-off.xml
+++ b/tests/qemuxml2argvdata/hyperv-off.xml
@@ -20,6 +20,7 @@
<stimer state='off'/>
<reset state='off'/>
<vendor_id state='off'/>
+ <frequencies state='off'/>
</hyperv>
</features>
<clock offset='utc'/>
diff --git a/tests/qemuxml2argvdata/hyperv.args b/tests/qemuxml2argvdata/hyperv.args
index a1acbb63de..53026bb2d5 100644
--- a/tests/qemuxml2argvdata/hyperv.args
+++ b/tests/qemuxml2argvdata/hyperv.args
@@ -9,7 +9,7 @@ QEMU_AUDIO_DRV=none \
-S \
-machine pc,accel=tcg,usb=off,dump-guest-core=off \
-cpu 'qemu32,hv_relaxed,hv_vapic,hv_spinlocks=0x2fff,hv_vpindex,hv_runtime,\
-hv_synic,hv_stimer,hv_reset,hv_vendor_id=KVM Hv' \
+hv_synic,hv_stimer,hv_reset,hv_vendor_id=KVM Hv,hv_frequencies' \
-m 214 \
-smp 6,sockets=6,cores=1,threads=1 \
-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
diff --git a/tests/qemuxml2argvdata/hyperv.xml b/tests/qemuxml2argvdata/hyperv.xml
index 09f6d21024..27372d1636 100644
--- a/tests/qemuxml2argvdata/hyperv.xml
+++ b/tests/qemuxml2argvdata/hyperv.xml
@@ -20,6 +20,7 @@
<stimer state='on'/>
<reset state='on'/>
<vendor_id state='on' value='KVM Hv'/>
+ <frequencies state='on'/>
</hyperv>
</features>
<clock offset='utc'/>
diff --git a/tests/qemuxml2xmloutdata/hyperv-off.xml b/tests/qemuxml2xmloutdata/hyperv-off.xml
index 07eaf7219d..3ba0b827c3 100644
--- a/tests/qemuxml2xmloutdata/hyperv-off.xml
+++ b/tests/qemuxml2xmloutdata/hyperv-off.xml
@@ -20,6 +20,7 @@
<stimer state='off'/>
<reset state='off'/>
<vendor_id state='off'/>
+ <frequencies state='off'/>
</hyperv>
</features>
<clock offset='utc'/>
diff --git a/tests/qemuxml2xmloutdata/hyperv.xml b/tests/qemuxml2xmloutdata/hyperv.xml
index f9ae9504de..1e47a946d6 100644
--- a/tests/qemuxml2xmloutdata/hyperv.xml
+++ b/tests/qemuxml2xmloutdata/hyperv.xml
@@ -20,6 +20,7 @@
<stimer state='on'/>
<reset state='on'/>
<vendor_id state='on' value='KVM Hv'/>
+ <frequencies state='on'/>
</hyperv>
</features>
<clock offset='utc'/>
--
2.19.1

264
SOURCES/libvirt-conf-qemu-add-support-for-Hyper-V-reenlightenment-notifications.patch Normal file
View File

@ -0,0 +1,264 @@
From 7b4320c2371e10cf717c7bc28f83485cf176e03d Mon Sep 17 00:00:00 2001
Message-Id: <7b4320c2371e10cf717c7bc28f83485cf176e03d@dist-git>
From: Vitaly Kuznetsov <vkuznets@redhat.com>
Date: Thu, 9 Aug 2018 15:14:20 +0200
Subject: [PATCH] conf: qemu: add support for Hyper-V reenlightenment
notifications
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Qemu-3.0 supports so-called 'Reenlightenment' notifications and this (in
conjunction with 'hv-frequencies') can be used make Hyper-V on KVM pass
stable TSC page clocksource to L2 guests.
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
(cherry picked from commit b5d770e155cbb7eec036b3d33ee0d81863ffc9a1)
https://bugzilla.redhat.com/show_bug.cgi?id=1589702
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
docs/formatdomain.html.in | 7 +++++++
docs/schemas/domaincommon.rng | 5 +++++
src/conf/domain_conf.c | 6 +++++-
src/conf/domain_conf.h | 1 +
src/cpu/cpu_x86.c | 3 +++
src/cpu/cpu_x86_data.h | 1 +
src/qemu/qemu_command.c | 1 +
src/qemu/qemu_parse_command.c | 1 +
src/qemu/qemu_process.c | 1 +
tests/qemuxml2argvdata/hyperv-off.xml | 1 +
tests/qemuxml2argvdata/hyperv.args | 3 ++-
tests/qemuxml2argvdata/hyperv.xml | 1 +
tests/qemuxml2xmloutdata/hyperv-off.xml | 1 +
tests/qemuxml2xmloutdata/hyperv.xml | 1 +
14 files changed, 31 insertions(+), 2 deletions(-)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 3b493a98ac..43a1067501 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -1916,6 +1916,7 @@
&lt;reset state='on'/&gt;
&lt;vendor_id state='on' value='KVM Hv'/&gt;
&lt;frequencies state='on'/&gt;
+ &lt;reenlightenment state='on'/&gt;
&lt;/hyperv&gt;
&lt;kvm&gt;
&lt;hidden state='on'/&gt;
@@ -2044,6 +2045,12 @@
<td> on, off</td>
<td><span class="since">4.7.0 (QEMU 2.12)</span></td>
</tr>
+ <tr>
+ <td>reenlightenment</td>
+ <td>Enable re-enlightenment notification on migration</td>
+ <td> on, off</td>
+ <td><span class="since">4.7.0 (QEMU 3.0)</span></td>
+ </tr>
</table>
</dd>
<dt><code>pvspinlock</code></dt>
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index f156a6b7c4..ceee7a8efe 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -5718,6 +5718,11 @@
<ref name="featurestate"/>
</element>
</optional>
+ <optional>
+ <element name="reenlightenment">
+ <ref name="featurestate"/>
+ </element>
+ </optional>
</interleave>
</element>
</define>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 150dd8acc8..18b4d03a61 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -170,7 +170,8 @@ VIR_ENUM_IMPL(virDomainHyperv, VIR_DOMAIN_HYPERV_LAST,
"stimer",
"reset",
"vendor_id",
- "frequencies")
+ "frequencies",
+ "reenlightenment")
VIR_ENUM_IMPL(virDomainKVM, VIR_DOMAIN_KVM_LAST,
"hidden")
@@ -20053,6 +20054,7 @@ virDomainDefParseXML(xmlDocPtr xml,
case VIR_DOMAIN_HYPERV_STIMER:
case VIR_DOMAIN_HYPERV_RESET:
case VIR_DOMAIN_HYPERV_FREQUENCIES:
+ case VIR_DOMAIN_HYPERV_REENLIGHTENMENT:
break;
case VIR_DOMAIN_HYPERV_SPINLOCKS:
@@ -22245,6 +22247,7 @@ virDomainDefFeaturesCheckABIStability(virDomainDefPtr src,
case VIR_DOMAIN_HYPERV_STIMER:
case VIR_DOMAIN_HYPERV_RESET:
case VIR_DOMAIN_HYPERV_FREQUENCIES:
+ case VIR_DOMAIN_HYPERV_REENLIGHTENMENT:
if (src->hyperv_features[i] != dst->hyperv_features[i]) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("State of HyperV enlightenment "
@@ -27894,6 +27897,7 @@ virDomainDefFormatInternal(virDomainDefPtr def,
case VIR_DOMAIN_HYPERV_STIMER:
case VIR_DOMAIN_HYPERV_RESET:
case VIR_DOMAIN_HYPERV_FREQUENCIES:
+ case VIR_DOMAIN_HYPERV_REENLIGHTENMENT:
break;
case VIR_DOMAIN_HYPERV_SPINLOCKS:
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 97d38ff7b9..e450923019 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1792,6 +1792,7 @@ typedef enum {
VIR_DOMAIN_HYPERV_RESET,
VIR_DOMAIN_HYPERV_VENDOR_ID,
VIR_DOMAIN_HYPERV_FREQUENCIES,
+ VIR_DOMAIN_HYPERV_REENLIGHTENMENT,
VIR_DOMAIN_HYPERV_LAST
} virDomainHyperv;
diff --git a/src/cpu/cpu_x86.c b/src/cpu/cpu_x86.c
index a2fbfb577d..7a48b78eb9 100644
--- a/src/cpu/cpu_x86.c
+++ b/src/cpu/cpu_x86.c
@@ -111,6 +111,8 @@ KVM_FEATURE_DEF(VIR_CPU_x86_KVM_HV_RESET,
0x40000003, 0x00000080);
KVM_FEATURE_DEF(VIR_CPU_x86_KVM_HV_FREQUENCIES,
0x40000003, 0x00000800);
+KVM_FEATURE_DEF(VIR_CPU_x86_KVM_HV_REENLIGHTENMENT,
+ 0x40000003, 0x00002000);
static virCPUx86Feature x86_kvm_features[] =
{
@@ -132,6 +134,7 @@ static virCPUx86Feature x86_kvm_features[] =
KVM_FEATURE(VIR_CPU_x86_KVM_HV_VPINDEX),
KVM_FEATURE(VIR_CPU_x86_KVM_HV_RESET),
KVM_FEATURE(VIR_CPU_x86_KVM_HV_FREQUENCIES),
+ KVM_FEATURE(VIR_CPU_x86_KVM_HV_REENLIGHTENMENT),
};
typedef struct _virCPUx86Model virCPUx86Model;
diff --git a/src/cpu/cpu_x86_data.h b/src/cpu/cpu_x86_data.h
index c01eb41be5..a810c64fc9 100644
--- a/src/cpu/cpu_x86_data.h
+++ b/src/cpu/cpu_x86_data.h
@@ -64,6 +64,7 @@ struct _virCPUx86CPUID {
# define VIR_CPU_x86_KVM_HV_VPINDEX "__kvm_hv_vpindex"
# define VIR_CPU_x86_KVM_HV_RESET "__kvm_hv_reset"
# define VIR_CPU_x86_KVM_HV_FREQUENCIES "__kvm_hv_frequencies"
+# define VIR_CPU_x86_KVM_HV_REENLIGHTENMENT "__kvm_hv_reenlightenment"
# define VIR_CPU_X86_DATA_INIT { 0 }
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 82c349819e..48f3b09ec9 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -6920,6 +6920,7 @@ qemuBuildCpuCommandLine(virCommandPtr cmd,
case VIR_DOMAIN_HYPERV_STIMER:
case VIR_DOMAIN_HYPERV_RESET:
case VIR_DOMAIN_HYPERV_FREQUENCIES:
+ case VIR_DOMAIN_HYPERV_REENLIGHTENMENT:
if (def->hyperv_features[i] == VIR_TRISTATE_SWITCH_ON)
virBufferAsprintf(&buf, ",hv_%s",
virDomainHypervTypeToString(i));
diff --git a/src/qemu/qemu_parse_command.c b/src/qemu/qemu_parse_command.c
index ffea9a26bd..1e67a5a8c8 100644
--- a/src/qemu/qemu_parse_command.c
+++ b/src/qemu/qemu_parse_command.c
@@ -1537,6 +1537,7 @@ qemuParseCommandLineCPU(virDomainDefPtr dom,
case VIR_DOMAIN_HYPERV_STIMER:
case VIR_DOMAIN_HYPERV_RESET:
case VIR_DOMAIN_HYPERV_FREQUENCIES:
+ case VIR_DOMAIN_HYPERV_REENLIGHTENMENT:
if (value) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("HyperV feature '%s' should not "
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index dd92a6c179..990d4d3046 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -3924,6 +3924,7 @@ qemuProcessVerifyHypervFeatures(virDomainDefPtr def,
case VIR_DOMAIN_HYPERV_STIMER:
case VIR_DOMAIN_HYPERV_RESET:
case VIR_DOMAIN_HYPERV_FREQUENCIES:
+ case VIR_DOMAIN_HYPERV_REENLIGHTENMENT:
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("host doesn't support hyperv '%s' feature"),
virDomainHypervTypeToString(i));
diff --git a/tests/qemuxml2argvdata/hyperv-off.xml b/tests/qemuxml2argvdata/hyperv-off.xml
index d3a8455ac3..b2e3612df9 100644
--- a/tests/qemuxml2argvdata/hyperv-off.xml
+++ b/tests/qemuxml2argvdata/hyperv-off.xml
@@ -21,6 +21,7 @@
<reset state='off'/>
<vendor_id state='off'/>
<frequencies state='off'/>
+ <reenlightenment state='off'/>
</hyperv>
</features>
<clock offset='utc'/>
diff --git a/tests/qemuxml2argvdata/hyperv.args b/tests/qemuxml2argvdata/hyperv.args
index 53026bb2d5..4feafad8e2 100644
--- a/tests/qemuxml2argvdata/hyperv.args
+++ b/tests/qemuxml2argvdata/hyperv.args
@@ -9,7 +9,8 @@ QEMU_AUDIO_DRV=none \
-S \
-machine pc,accel=tcg,usb=off,dump-guest-core=off \
-cpu 'qemu32,hv_relaxed,hv_vapic,hv_spinlocks=0x2fff,hv_vpindex,hv_runtime,\
-hv_synic,hv_stimer,hv_reset,hv_vendor_id=KVM Hv,hv_frequencies' \
+hv_synic,hv_stimer,hv_reset,hv_vendor_id=KVM Hv,hv_frequencies,\
+hv_reenlightenment' \
-m 214 \
-smp 6,sockets=6,cores=1,threads=1 \
-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
diff --git a/tests/qemuxml2argvdata/hyperv.xml b/tests/qemuxml2argvdata/hyperv.xml
index 27372d1636..20fcdba59e 100644
--- a/tests/qemuxml2argvdata/hyperv.xml
+++ b/tests/qemuxml2argvdata/hyperv.xml
@@ -21,6 +21,7 @@
<reset state='on'/>
<vendor_id state='on' value='KVM Hv'/>
<frequencies state='on'/>
+ <reenlightenment state='on'/>
</hyperv>
</features>
<clock offset='utc'/>
diff --git a/tests/qemuxml2xmloutdata/hyperv-off.xml b/tests/qemuxml2xmloutdata/hyperv-off.xml
index 3ba0b827c3..4a41e0c37e 100644
--- a/tests/qemuxml2xmloutdata/hyperv-off.xml
+++ b/tests/qemuxml2xmloutdata/hyperv-off.xml
@@ -21,6 +21,7 @@
<reset state='off'/>
<vendor_id state='off'/>
<frequencies state='off'/>
+ <reenlightenment state='off'/>
</hyperv>
</features>
<clock offset='utc'/>
diff --git a/tests/qemuxml2xmloutdata/hyperv.xml b/tests/qemuxml2xmloutdata/hyperv.xml
index 1e47a946d6..183b45980b 100644
--- a/tests/qemuxml2xmloutdata/hyperv.xml
+++ b/tests/qemuxml2xmloutdata/hyperv.xml
@@ -21,6 +21,7 @@
<reset state='on'/>
<vendor_id state='on' value='KVM Hv'/>
<frequencies state='on'/>
+ <reenlightenment state='on'/>
</hyperv>
</features>
<clock offset='utc'/>
--
2.19.1

110
SOURCES/libvirt-configure-change-HAVE_FIREWALLD-to-WITH_FIREWALLD.patch Normal file
View File

@ -0,0 +1,110 @@
From 5b3cf2163da13ac79129ca2bb85ae1908922644c Mon Sep 17 00:00:00 2001
Message-Id: <5b3cf2163da13ac79129ca2bb85ae1908922644c@dist-git>
From: Laine Stump <laine@laine.org>
Date: Fri, 1 Feb 2019 20:29:27 -0500
Subject: [PATCH] configure: change HAVE_FIREWALLD to WITH_FIREWALLD
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Support for firewalld is a feature that can be selectively enabled or
disabled (using --with-firewalld/--without-firewalld), not merely
something that must be accounted for in the code if it is present with
no exceptions. It is more consistent with other usage in libvirt to
use WITH_FIREWALLD rather than HAVE_FIREWALLD.
Signed-off-by: Laine Stump <laine@laine.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 4bf0f390ed57307050a213f3f6364061f2717b00)
https://bugzilla.redhat.com/1650320
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
m4/virt-firewalld.m4 | 4 ++--
src/network/bridge_driver.c | 6 +++---
src/nwfilter/nwfilter_driver.c | 6 +++---
3 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/m4/virt-firewalld.m4 b/m4/virt-firewalld.m4
index 08d2ff83d6..89efa47589 100644
--- a/m4/virt-firewalld.m4
+++ b/m4/virt-firewalld.m4
@@ -32,10 +32,10 @@ AC_DEFUN([LIBVIRT_CHECK_FIREWALLD], [
if test "x$with_dbus" != "xyes" ; then
AC_MSG_ERROR([You must have dbus enabled for firewalld support])
fi
- AC_DEFINE_UNQUOTED([HAVE_FIREWALLD], [1], [whether firewalld support is enabled])
+ AC_DEFINE_UNQUOTED([WITH_FIREWALLD], [1], [whether firewalld support is enabled])
fi
- AM_CONDITIONAL([HAVE_FIREWALLD], [test "x$with_firewalld" != "xno"])
+ AM_CONDITIONAL([WITH_FIREWALLD], [test "x$with_firewalld" != "xno"])
])
AC_DEFUN([LIBVIRT_RESULT_FIREWALLD], [
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 1ad95d524c..d153a8cdb6 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -538,7 +538,7 @@ networkAutostartConfig(virNetworkObjPtr obj,
}
-#if HAVE_FIREWALLD
+#ifdef WITH_FIREWALLD
static DBusHandlerResult
firewalld_dbus_filter_bridge(DBusConnection *connection ATTRIBUTE_UNUSED,
DBusMessage *message,
@@ -659,7 +659,7 @@ networkStateInitialize(bool privileged,
int ret = -1;
char *configdir = NULL;
char *rundir = NULL;
-#ifdef HAVE_FIREWALLD
+#ifdef WITH_FIREWALLD
DBusConnection *sysbus = NULL;
#endif
@@ -757,7 +757,7 @@ networkStateInitialize(bool privileged,
network_driver->networkEventState = virObjectEventStateNew();
-#ifdef HAVE_FIREWALLD
+#ifdef WITH_FIREWALLD
if (!(sysbus = virDBusGetSystemBus())) {
VIR_WARN("DBus not available, disabling firewalld support "
"in bridge_network_driver: %s", virGetLastErrorMessage());
diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c
index ed34586105..a657b750e6 100644
--- a/src/nwfilter/nwfilter_driver.c
+++ b/src/nwfilter/nwfilter_driver.c
@@ -79,7 +79,7 @@ static void nwfilterDriverUnlock(void)
virMutexUnlock(&driver->lock);
}
-#if HAVE_FIREWALLD
+#ifdef WITH_FIREWALLD
static DBusHandlerResult
nwfilterFirewalldDBusFilter(DBusConnection *connection ATTRIBUTE_UNUSED,
@@ -148,7 +148,7 @@ nwfilterDriverInstallDBusMatches(DBusConnection *sysbus)
return ret;
}
-#else /* HAVE_FIREWALLD */
+#else /* WITH_FIREWALLD */
static void
nwfilterDriverRemoveDBusMatches(void)
@@ -161,7 +161,7 @@ nwfilterDriverInstallDBusMatches(DBusConnection *sysbus ATTRIBUTE_UNUSED)
return 0;
}
-#endif /* HAVE_FIREWALLD */
+#endif /* WITH_FIREWALLD */
static int
virNWFilterTriggerRebuildImpl(void *opaque)
--
2.20.1

280
SOURCES/libvirt-configure-selectively-install-a-firewalld-libvirt-zone.patch Normal file
View File

@ -0,0 +1,280 @@
From f89135129d722dca4e5eb7dbcc6845ab757f2e08 Mon Sep 17 00:00:00 2001
Message-Id: <f89135129d722dca4e5eb7dbcc6845ab757f2e08@dist-git>
From: Laine Stump <laine@laine.org>
Date: Fri, 1 Feb 2019 20:29:30 -0500
Subject: [PATCH] configure: selectively install a firewalld 'libvirt' zone
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In the past (when both libvirt and firewalld used iptables), if either
libvirt's rules *OR* firewalld's rules accepted a packet, it would
be accepted. This was because libvirt and firewalld rules were
processed during the same kernel hook, and a single ACCEPT result
would terminate the rule traversal and cause the packet to be
accepted.
But now firewalld can use nftables for its backend, while libvirt's
firewall rules are still using iptables; iptables rules are still
processed, but at a different time during packet processing
(i.e. during a different hook) than the firewalld nftables rules. The
result is that a packet must be accepted by *BOTH* the libvirt
iptables rules *AND* the firewalld nftable rules in order to be
accepted.
This causes pain because
1) libvirt always adds rules to permit DNS and DHCP (and sometimes
TFTP) from guests to the host network's bridge interface. But
libvirt's bridges are in firewalld's "default" zone (which is usually
the zone called "public"). The public zone allows ssh, but doesn't
allow DNS, DHCP, or TFTP. So even though libvirt's rules allow the
DHCP and DNS traffic, the firewalld rules (now processed during a
different hook) dont, thus guests connected to libvirt's bridges can't
acquire an IP address from DHCP, nor can they make DNS queries to the
DNS server libvirt has setup on the host. (This could be solved by
modifying the default firewalld zone to allow DNS and DHCP, but that
would open *all* interfaces in the default zone to those services,
which is most likely not what the host's admin wants.)
2) Even though libvirt adds iptables rules to allow forwarded traffic
to pass the iptables hook, firewalld's higher level "rich rules" don't
yet have the ability to configure the acceptance of forwarded traffic
(traffic that is going somewhere beyond the host), so any traffic that
needs to be forwarded from guests to the network beyond the host is
rejected during the nftables hook by the default zone's "default
reject" policy (which rejects all traffic in the zone not specifically
allowed by the rules in the zone, whether that traffic is destined to
be forwarded or locally received by the host).
libvirt can't send "direct" nftables rules (firewalld only supports
direct/passthrough rules for iptables), so we can't solve this problem
by just sending explicit nftables rules instead of explicit iptables
rules (which, if it could be done, would place libvirt's rules in the
same hook as firewalld's native rules, and thus eliminate the need for
packets to be accepted by both libvirt's and firewalld's own rules).
However, we can take advantage of a quirk in firewalld zones that have
a default policy of "accept" (meaning any packet that doesn't match a
specific rule in the zone will be *accepted*) - this default accept will
also accept forwarded traffic (not just traffic destined for the host).
Of course we don't want to modify firewalld's default zone in that
way, because that would affect the filtering of traffic coming into
the host from other interfaces using that zone. Instead, we will
create a new zone called "libvirt". The libvirt zone will have a
default policy of accept so that forwarded traffic can pass and list
specific services that will be allowed into the host from guests (DNS,
DHCP, SSH, and TFTP).
But the same default accept policy that fixes forwarded traffic also
causes *all* traffic from guest to host to be accepted. To close this
new hole, the libvirt zone can take advantage of a new feature in
firewalld (currently slated for firewalld-0.7.0) - priorities for rich
rules - to add a low priority rule that rejects all local traffic (but
leaves alone all forwarded traffic).
So, our new zone will start with a list of services that are allowed
(dhcp, dns, tftp, and ssh to start, but configurable via any firewalld
management application, or direct editing of the zone file in
/etc/firewalld/zones/libvirt.xml), followed by a low priority
<reject/> rule (to reject all other traffic from guest to host), and
finally with a default policy of accept (to allow forwarded traffic).
This patch only creates the zonefile for the new zone, and implements
a configure.ac option to selectively enable/disable installation of
the new zone. A separate patch contains the necessary code to actually
place bridge interfaces in the libvirt zone.
Why do we need a configure option to disable installation of the new
libvirt zone? It uses a new firewalld attribute that sets the priority
of a rich rule; this feature first appears in firewalld-0.7.0 (unless
it has been backported to am earlier firewalld by a downstream
maintainer). If the file were installed on a system with firewalld
that didn't support rule priorities, firewalld would log an error
every time it restarted, causing confusion and lots of extra bug
reports.
So we add two new configure.ac switches to avoid polluting the system
logs with this error on systems that don't support rule priorities -
"--with-firewalld-zone" and "--without-firewalld-zone". A package
builder can use these to include/exclude the libvirt zone file in the
installation. If firewalld is enabled (--with-firewalld), the default
is --with-firewalld-zone, but it can be disabled during configure
(using --without-firewalld-zone). Targets that are using a firewalld
version too old to support the rule priority setting in the libvirt
zone file can simply add --without-firewalld-zone to their configure
commandline.
These switches only affect whether or not the libvirt zone file is
*installed* in /usr/lib/firewalld/zones, but have no effect on whether
or not libvirt looks for a zone called libvirt and tries to use it.
NB: firewalld zones can only be added to the permanent config of
firewalld, and won't be loaded/enabled until firewalld is restarted,
so at package install/upgrade time we have to restart firewalld. For
rpm-based distros, this is done in the libvirt.spec file by calling
the %firewalld_restart rpm macro, which is a part of the
firewalld-filesystem package. (For distros that don't use rpm
packages, the command "firewalld-cmd --reload" will have the same
effect).
Signed-off-by: Laine Stump <laine@laine.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 3b71f2e42dc6c5453d09136578bfb868874da088)
https://bugzilla.redhat.com/1650320
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
configure.ac | 3 +++
libvirt.spec.in | 31 +++++++++++++++++++++++++
m4/virt-firewalld-zone.m4 | 45 +++++++++++++++++++++++++++++++++++++
src/network/Makefile.inc.am | 10 ++++++++-
src/network/libvirt.zone | 23 +++++++++++++++++++
5 files changed, 111 insertions(+), 1 deletion(-)
create mode 100644 m4/virt-firewalld-zone.m4
create mode 100644 src/network/libvirt.zone
diff --git a/configure.ac b/configure.ac
index e25bf0a6ec..3da26484d0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -247,6 +247,7 @@ LIBVIRT_ARG_CAPNG
LIBVIRT_ARG_CURL
LIBVIRT_ARG_DBUS
LIBVIRT_ARG_FIREWALLD
+LIBVIRT_ARG_FIREWALLD_ZONE
LIBVIRT_ARG_FUSE
LIBVIRT_ARG_GLUSTER
LIBVIRT_ARG_HAL
@@ -286,6 +287,7 @@ LIBVIRT_CHECK_DBUS
LIBVIRT_CHECK_DEVMAPPER
LIBVIRT_CHECK_DLOPEN
LIBVIRT_CHECK_FIREWALLD
+LIBVIRT_CHECK_FIREWALLD_ZONE
LIBVIRT_CHECK_FUSE
LIBVIRT_CHECK_GLUSTER
LIBVIRT_CHECK_GNUTLS
@@ -959,6 +961,7 @@ LIBVIRT_RESULT_CURL
LIBVIRT_RESULT_DBUS
LIBVIRT_RESULT_DLOPEN
LIBVIRT_RESULT_FIREWALLD
+LIBVIRT_RESULT_FIREWALLD_ZONE
LIBVIRT_RESULT_FUSE
LIBVIRT_RESULT_GLUSTER
LIBVIRT_RESULT_GNUTLS
diff --git a/m4/virt-firewalld-zone.m4 b/m4/virt-firewalld-zone.m4
new file mode 100644
index 0000000000..b67d1a0b2f
--- /dev/null
+++ b/m4/virt-firewalld-zone.m4
@@ -0,0 +1,45 @@
+dnl firewalld_zone check - whether or not to install the firewall "libvirt" zone
+dnl
+dnl Copyright (C) 2019 Red Hat, Inc.
+dnl
+dnl This library is free software; you can redistribute it and/or
+dnl modify it under the terms of the GNU Lesser General Public
+dnl License as published by the Free Software Foundation; either
+dnl version 2.1 of the License, or (at your option) any later version.
+dnl
+dnl This library is distributed in the hope that it will be useful,
+dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+dnl Lesser General Public License for more details.
+dnl
+dnl You should have received a copy of the GNU Lesser General Public
+dnl License along with this library. If not, see
+dnl <http://www.gnu.org/licenses/>.
+dnl
+
+AC_DEFUN([LIBVIRT_ARG_FIREWALLD_ZONE], [
+ LIBVIRT_ARG_WITH([FIREWALLD_ZONE], [Whether to install firewalld libvirt zone], [check])
+])
+
+AC_DEFUN([LIBVIRT_CHECK_FIREWALLD_ZONE], [
+ AC_REQUIRE([LIBVIRT_CHECK_FIREWALLD])
+ AC_MSG_CHECKING([for whether to install firewalld libvirt zone])
+
+ if test "x$with_firewalld_zone" = "xcheck" ; then
+ with_firewalld_zone=$with_firewalld
+ fi
+
+ if test "x$with_firewalld_zone" = "xyes" ; then
+ if test "x$with_firewalld" != "xyes" ; then
+ AC_MSG_ERROR([You must have firewalld support enabled to enable firewalld-zone])
+ fi
+ AC_DEFINE_UNQUOTED([WITH_FIREWALLD_ZONE], [1], [whether firewalld libvirt zone is installed])
+ fi
+
+ AM_CONDITIONAL([WITH_FIREWALLD_ZONE], [test "x$with_firewalld_zone" != "xno"])
+ AC_MSG_RESULT($with_firewalld_zone)
+])
+
+AC_DEFUN([LIBVIRT_RESULT_FIREWALLD_ZONE], [
+ LIBVIRT_RESULT([firewalld-zone], [$with_firewalld_zone])
+])
diff --git a/src/network/Makefile.inc.am b/src/network/Makefile.inc.am
index 508c8c0422..cbaaa7ea68 100644
--- a/src/network/Makefile.inc.am
+++ b/src/network/Makefile.inc.am
@@ -87,6 +87,11 @@ install-data-network:
( cd $(DESTDIR)$(confdir)/qemu/networks/autostart && \
rm -f default.xml && \
$(LN_S) ../default.xml default.xml )
+if WITH_FIREWALLD_ZONE
+ $(MKDIR_P) "$(DESTDIR)$(prefix)/lib/firewalld/zones"
+ $(INSTALL_DATA) $(srcdir)/network/libvirt.zone \
+ $(DESTDIR)$(prefix)/lib/firewalld/zones/libvirt.xml
+endif WITH_FIREWALLD_ZONE
uninstall-data-network:
rm -f $(DESTDIR)$(confdir)/qemu/networks/autostart/default.xml
@@ -95,10 +100,13 @@ uninstall-data-network:
rmdir "$(DESTDIR)$(confdir)/qemu/networks" || :
rmdir "$(DESTDIR)$(localstatedir)/lib/libvirt/network" ||:
rmdir "$(DESTDIR)$(localstatedir)/run/libvirt/network" ||:
+if WITH_FIREWALLD_ZONE
+ rm -f $(DESTDIR)$(prefix)/lib/firewalld/zones/libvirt.xml
+endif WITH_FIREWALLD_ZONE
endif WITH_NETWORK
-EXTRA_DIST += network/default.xml
+EXTRA_DIST += network/default.xml network/libvirt.zone
.PHONY: \
install-data-network \
diff --git a/src/network/libvirt.zone b/src/network/libvirt.zone
new file mode 100644
index 0000000000..bf81db1b6e
--- /dev/null
+++ b/src/network/libvirt.zone
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="utf-8"?>
+<zone target="ACCEPT">
+ <short>libvirt</short>
+
+ <description>
+ The default policy of "ACCEPT" allows all packets to/from
+ interfaces in the zone to be forwarded, while the (*low priority*)
+ reject rule blocks any traffic destined for the host, except those
+ services explicitly listed (that list can be modified as required
+ by the local admin). This zone is intended to be used only by
+ libvirt virtual networks - libvirt will add the bridge devices for
+ all new virtual networks to this zone by default.
+ </description>
+
+<rule priority='32767'>
+ <reject/>
+</rule>
+<service name='dhcp'/>
+<service name='dhcpv6'/>
+<service name='dns'/>
+<service name='ssh'/>
+<service name='tftp'/>
+</zone>
--
2.20.1

202
SOURCES/libvirt-cpu-Add-support-for-stibp-x86_64-feature.patch Normal file
View File

@ -0,0 +1,202 @@
From 41a79702b10fc039aa76524626b77f91dc01edbd Mon Sep 17 00:00:00 2001
Message-Id: <41a79702b10fc039aa76524626b77f91dc01edbd@dist-git>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Mon, 17 Dec 2018 16:24:32 +0100
Subject: [PATCH] cpu: Add support for "stibp" x86_64 feature
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
QEMU commit v3.1.0-4-g0e89165829
KVM patch: https://lore.kernel.org/lkml/20181205191956.31480-1-ehabkost@redhat.com/
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit eb1b551d21e316c1e80aba0b2af6969fdd849f0c)
Conflicts:
src/cpu_map/x86_features.xml
- cpu_map.xml is still monolithic in RHEL-8
https://bugzilla.redhat.com/show_bug.cgi?id=1655032
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/cpu/cpu_map.xml | 3 +++
tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-disabled.xml | 2 +-
tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-guest.xml | 1 +
tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-host.xml | 1 +
tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3-disabled.xml | 2 +-
tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3-guest.xml | 1 +
tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3-host.xml | 1 +
tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-disabled.xml | 2 +-
tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-guest.xml | 1 +
tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-host.xml | 1 +
tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-disabled.xml | 2 +-
tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-guest.xml | 1 +
tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-host.xml | 1 +
13 files changed, 15 insertions(+), 4 deletions(-)
diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml
index cdb023e936..095d49a69a 100644
--- a/src/cpu/cpu_map.xml
+++ b/src/cpu/cpu_map.xml
@@ -328,6 +328,9 @@
<feature name='spec-ctrl'>
<cpuid eax_in='0x07' ecx_in='0x00' edx='0x04000000'/>
</feature>
+ <feature name='stibp'>
+ <cpuid eax_in='0x07' ecx_in='0x00' edx='0x08000000'/>
+ </feature>
<feature name='ssbd'>
<cpuid eax_in='0x07' ecx_in='0x00' edx='0x80000000'/>
</feature>
diff --git a/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-disabled.xml b/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-disabled.xml
index e033bb141f..5c9cfa9bd6 100644
--- a/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-disabled.xml
+++ b/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-disabled.xml
@@ -1,6 +1,6 @@
<!-- Features disabled by QEMU -->
<cpudata arch='x86'>
<cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x0800c1dc' edx='0xb0600000'/>
- <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x04000000'/>
+ <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x0c000000'/>
<cpuid eax_in='0x80000007' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000100'/>
</cpudata>
diff --git a/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-guest.xml b/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-guest.xml
index 4fa4770208..5d3093cec1 100644
--- a/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-guest.xml
+++ b/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-guest.xml
@@ -23,6 +23,7 @@
<feature policy='require' name='arat'/>
<feature policy='require' name='tsc_adjust'/>
<feature policy='require' name='intel-pt'/>
+ <feature policy='require' name='stibp'/>
<feature policy='require' name='xsaveopt'/>
<feature policy='require' name='pdpe1gb'/>
<feature policy='require' name='abm'/>
diff --git a/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-host.xml b/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-host.xml
index 25690c099c..a534d2dec5 100644
--- a/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-host.xml
+++ b/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-host.xml
@@ -24,6 +24,7 @@
<feature name='arat'/>
<feature name='tsc_adjust'/>
<feature name='intel-pt'/>
+ <feature name='stibp'/>
<feature name='xsaveopt'/>
<feature name='pdpe1gb'/>
<feature name='abm'/>
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3-disabled.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3-disabled.xml
index aacc7a2b14..ec299652f7 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3-disabled.xml
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3-disabled.xml
@@ -1,6 +1,6 @@
<!-- Features disabled by QEMU -->
<cpudata arch='x86'>
<cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x0804c1fc' edx='0xb0600000'/>
- <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x00001000' ecx='0x00000000' edx='0x00000000'/>
+ <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x00001000' ecx='0x00000000' edx='0x08000000'/>
<cpuid eax_in='0x80000007' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000100'/>
</cpudata>
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3-guest.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3-guest.xml
index a66c7a5644..d8aaaad29d 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3-guest.xml
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3-guest.xml
@@ -24,6 +24,7 @@
<feature policy='require' name='arat'/>
<feature policy='require' name='tsc_adjust'/>
<feature policy='require' name='cmt'/>
+ <feature policy='require' name='stibp'/>
<feature policy='require' name='xsaveopt'/>
<feature policy='require' name='pdpe1gb'/>
<feature policy='require' name='abm'/>
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3-host.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3-host.xml
index 624d71db20..9bac4b4648 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3-host.xml
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3-host.xml
@@ -25,6 +25,7 @@
<feature name='arat'/>
<feature name='tsc_adjust'/>
<feature name='cmt'/>
+ <feature name='stibp'/>
<feature name='xsaveopt'/>
<feature name='pdpe1gb'/>
<feature name='abm'/>
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-disabled.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-disabled.xml
index d904808cec..85369d755c 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-disabled.xml
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-disabled.xml
@@ -1,7 +1,7 @@
<!-- Features disabled by QEMU -->
<cpudata arch='x86'>
<cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x0804c1fc' edx='0xb0600000'/>
- <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x00001000' ecx='0x00000000' edx='0x00000000'/>
+ <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x00001000' ecx='0x00000000' edx='0x08000000'/>
<cpuid eax_in='0x0000000f' ecx_in='0x01' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000006'/>
<cpuid eax_in='0x80000007' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000100'/>
</cpudata>
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-guest.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-guest.xml
index 7b93df3f1b..7718d7ca59 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-guest.xml
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-guest.xml
@@ -21,6 +21,7 @@
<feature policy='require' name='tsc_adjust'/>
<feature policy='require' name='cmt'/>
<feature policy='require' name='intel-pt'/>
+ <feature policy='require' name='stibp'/>
<feature policy='require' name='mbm_total'/>
<feature policy='require' name='mbm_local'/>
<feature policy='require' name='pdpe1gb'/>
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-host.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-host.xml
index 5078420c7a..43a0b93ab4 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-host.xml
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-host.xml
@@ -26,6 +26,7 @@
<feature name='tsc_adjust'/>
<feature name='cmt'/>
<feature name='intel-pt'/>
+ <feature name='stibp'/>
<feature name='xsaveopt'/>
<feature name='mbm_total'/>
<feature name='mbm_local'/>
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-disabled.xml b/tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-disabled.xml
index b5c70a9dc4..a5b85a15c2 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-disabled.xml
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-disabled.xml
@@ -1,7 +1,7 @@
<!-- Features disabled by QEMU -->
<cpudata arch='x86'>
<cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x0804c1fc' edx='0xb0600000'/>
- <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x00001000' ecx='0x00000008' edx='0x00000000'/>
+ <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x00001000' ecx='0x00000008' edx='0x08000000'/>
<cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000008' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
<cpuid eax_in='0x0000000f' ecx_in='0x01' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000006'/>
<cpuid eax_in='0x80000007' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000100'/>
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-guest.xml b/tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-guest.xml
index 480127f341..8f014f6e28 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-guest.xml
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-guest.xml
@@ -23,6 +23,7 @@
<feature policy='require' name='clflushopt'/>
<feature policy='require' name='intel-pt'/>
<feature policy='require' name='pku'/>
+ <feature policy='require' name='stibp'/>
<feature policy='require' name='xsaves'/>
<feature policy='require' name='mbm_total'/>
<feature policy='require' name='mbm_local'/>
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-host.xml b/tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-host.xml
index 680b10acef..9de76fd640 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-host.xml
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-host.xml
@@ -24,6 +24,7 @@
<feature name='clflushopt'/>
<feature name='intel-pt'/>
<feature name='pku'/>
+ <feature name='stibp'/>
<feature name='xsaves'/>
<feature name='mbm_total'/>
<feature name='mbm_local'/>
--
2.20.1

219
SOURCES/libvirt-cpu_map-Add-Icelake-CPU-models.patch Normal file
View File

@ -0,0 +1,219 @@
From 08c5219ec08bf4383278e3de8e86768f5148f0e0 Mon Sep 17 00:00:00 2001
Message-Id: <08c5219ec08bf4383278e3de8e86768f5148f0e0@dist-git>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Wed, 29 Aug 2018 14:29:20 +0200
Subject: [PATCH] cpu_map: Add Icelake CPU models
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Introduced in QEMU by commit v3.0.0-156-g8a11c62da9.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit 993d85ae5e2422a664ba5f700ed3bf7abd989cfc)
https://bugzilla.redhat.com/show_bug.cgi?id=1526625
Conflicts:
src/cpu_map/x86_Icelake-Client.xml
src/cpu_map/x86_Icelake-Server.xml
- cpu_map.xml is still monolithic in RHEL-8
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/cpu/cpu_map.xml | 178 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 178 insertions(+)
diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml
index 4d19a7c811..cdb023e936 100644
--- a/src/cpu/cpu_map.xml
+++ b/src/cpu/cpu_map.xml
@@ -1955,6 +1955,184 @@
<feature name='xsaveopt'/>
</model>
+ <model name='Icelake-Client'>
+ <signature family='6' model='126'/>
+ <vendor name='Intel'/>
+ <feature name='3dnowprefetch'/>
+ <feature name='abm'/>
+ <feature name='adx'/>
+ <feature name='aes'/>
+ <feature name='apic'/>
+ <feature name='arat'/>
+ <feature name='avx'/>
+ <feature name='avx2'/>
+ <feature name='avx512-vpopcntdq'/>
+ <feature name='avx512bitalg'/>
+ <feature name='avx512vbmi'/>
+ <feature name='avx512vbmi2'/>
+ <feature name='avx512vnni'/>
+ <feature name='bmi1'/>
+ <feature name='bmi2'/>
+ <feature name='clflush'/>
+ <feature name='cmov'/>
+ <feature name='cx16'/>
+ <feature name='cx8'/>
+ <feature name='de'/>
+ <feature name='erms'/>
+ <feature name='f16c'/>
+ <feature name='fma'/>
+ <feature name='fpu'/>
+ <feature name='fsgsbase'/>
+ <feature name='fxsr'/>
+ <feature name='gfni'/>
+ <feature name='hle'/>
+ <feature name='intel-pt'/>
+ <feature name='invpcid'/>
+ <feature name='lahf_lm'/>
+ <feature name='lm'/>
+ <feature name='mca'/>
+ <feature name='mce'/>
+ <feature name='mmx'/>
+ <feature name='movbe'/>
+ <feature name='mpx'/>
+ <feature name='msr'/>
+ <feature name='mtrr'/>
+ <feature name='nx'/>
+ <!-- 'ospke' is a dynamic feature and cannot be enabled manually
+ see QEMU's commit 9ccb9784b57 for more details -->
+ <feature name='pae'/>
+ <feature name='pat'/>
+ <feature name='pcid'/>
+ <feature name='pclmuldq'/>
+ <feature name='pge'/>
+ <feature name='pku'/>
+ <feature name='pni'/>
+ <feature name='popcnt'/>
+ <feature name='pse'/>
+ <feature name='pse36'/>
+ <feature name='rdrand'/>
+ <feature name='rdseed'/>
+ <feature name='rdtscp'/>
+ <feature name='rtm'/>
+ <feature name='sep'/>
+ <feature name='smap'/>
+ <feature name='smep'/>
+ <feature name='spec-ctrl'/>
+ <feature name='ssbd'/>
+ <feature name='sse'/>
+ <feature name='sse2'/>
+ <feature name='sse4.1'/>
+ <feature name='sse4.2'/>
+ <feature name='ssse3'/>
+ <feature name='syscall'/>
+ <feature name='tsc'/>
+ <feature name='tsc-deadline'/>
+ <feature name='umip'/>
+ <feature name='vaes'/>
+ <feature name='vme'/>
+ <feature name='vpclmulqdq'/>
+ <feature name='wbnoinvd'/>
+ <feature name='x2apic'/>
+ <feature name='xgetbv1'/>
+ <feature name='xsave'/>
+ <feature name='xsavec'/>
+ <feature name='xsaveopt'/>
+ </model>
+
+ <model name='Icelake-Server'>
+ <signature family='6' model='134'/>
+ <vendor name='Intel'/>
+ <feature name='3dnowprefetch'/>
+ <feature name='abm'/>
+ <feature name='adx'/>
+ <feature name='aes'/>
+ <feature name='apic'/>
+ <feature name='arat'/>
+ <feature name='avx'/>
+ <feature name='avx2'/>
+ <feature name='avx512-vpopcntdq'/>
+ <feature name='avx512bitalg'/>
+ <feature name='avx512bw'/>
+ <feature name='avx512cd'/>
+ <feature name='avx512dq'/>
+ <feature name='avx512f'/>
+ <feature name='avx512vbmi'/>
+ <feature name='avx512vbmi2'/>
+ <feature name='avx512vl'/>
+ <feature name='avx512vnni'/>
+ <feature name='bmi1'/>
+ <feature name='bmi2'/>
+ <feature name='clflush'/>
+ <feature name='clflushopt'/>
+ <feature name='clwb'/>
+ <feature name='cmov'/>
+ <feature name='cx16'/>
+ <feature name='cx8'/>
+ <feature name='de'/>
+ <feature name='erms'/>
+ <feature name='f16c'/>
+ <feature name='fma'/>
+ <feature name='fpu'/>
+ <feature name='fsgsbase'/>
+ <feature name='fxsr'/>
+ <feature name='gfni'/>
+ <feature name='hle'/>
+ <feature name='intel-pt'/>
+ <feature name='invpcid'/>
+ <feature name='la57'/>
+ <feature name='lahf_lm'/>
+ <feature name='lm'/>
+ <feature name='mca'/>
+ <feature name='mce'/>
+ <feature name='mmx'/>
+ <feature name='movbe'/>
+ <feature name='mpx'/>
+ <feature name='msr'/>
+ <feature name='mtrr'/>
+ <feature name='nx'/>
+ <!-- 'ospke' is a dynamic feature and cannot be enabled manually
+ see QEMU's commit 9ccb9784b57 for more details -->
+ <feature name='pae'/>
+ <feature name='pat'/>
+ <feature name='pcid'/>
+ <feature name='pclmuldq'/>
+ <feature name='pconfig'/>
+ <feature name='pdpe1gb'/>
+ <feature name='pge'/>
+ <feature name='pku'/>
+ <feature name='pni'/>
+ <feature name='popcnt'/>
+ <feature name='pse'/>
+ <feature name='pse36'/>
+ <feature name='rdrand'/>
+ <feature name='rdseed'/>
+ <feature name='rdtscp'/>
+ <feature name='rtm'/>
+ <feature name='sep'/>
+ <feature name='smap'/>
+ <feature name='smep'/>
+ <feature name='spec-ctrl'/>
+ <feature name='ssbd'/>
+ <feature name='sse'/>
+ <feature name='sse2'/>
+ <feature name='sse4.1'/>
+ <feature name='sse4.2'/>
+ <feature name='ssse3'/>
+ <feature name='syscall'/>
+ <feature name='tsc'/>
+ <feature name='tsc-deadline'/>
+ <feature name='umip'/>
+ <feature name='vaes'/>
+ <feature name='vme'/>
+ <feature name='vpclmulqdq'/>
+ <feature name='wbnoinvd'/>
+ <feature name='x2apic'/>
+ <feature name='xgetbv1'/>
+ <feature name='xsave'/>
+ <feature name='xsavec'/>
+ <feature name='xsaveopt'/>
+ </model>
+
<!-- AMD CPUs -->
<model name='athlon'>
<vendor name='AMD'/>
--
2.19.1

379
SOURCES/libvirt-cpu_map-Add-features-for-Icelake-CPUs.patch Normal file
View File

@ -0,0 +1,379 @@
From fe47728e25c3e12ea5b22a07902bf19a4b3afb43 Mon Sep 17 00:00:00 2001
Message-Id: <fe47728e25c3e12ea5b22a07902bf19a4b3afb43@dist-git>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Wed, 29 Aug 2018 14:28:39 +0200
Subject: [PATCH] cpu_map: Add features for Icelake CPUs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
QEMU commits:
e37a5c7fa4 (v2.12.0)
i386: Add Intel Processor Trace feature support
c2f193b538 (v2.7.0)
target-i386: Add support for UMIP and RDPID CPUID bits
aff9e6e46a (v2.12.0)
x86/cpu: Enable new SSE/AVX/AVX512 cpu features
f77543772d (v2.9.0)
x86: add AVX512_VPOPCNTDQ features
5131dc433d (v3.1.0)
i386: Add CPUID bit for PCONFIG
59a80a19ca (v3.1.0)
i386: Add CPUID bit for WBNOINVD
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit 9813081119b6727c8b6067a783465addef06525e)
https://bugzilla.redhat.com/show_bug.cgi?id=1526625
https://bugzilla.redhat.com/show_bug.cgi?id=1527657
Conflicts:
src/cpu_map/x86_features.xml
- cpu_map.xml is still monolithic in RHEL-8
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/cpu/cpu_map.xml | 33 +++++++++++++++++++
.../x86_64-cpuid-Core-i5-6600-guest.xml | 1 +
.../x86_64-cpuid-Core-i5-6600-host.xml | 1 +
.../x86_64-cpuid-Core-i7-5600U-arat-guest.xml | 1 +
.../x86_64-cpuid-Core-i7-5600U-arat-host.xml | 1 +
.../x86_64-cpuid-Core-i7-5600U-guest.xml | 1 +
.../x86_64-cpuid-Core-i7-5600U-host.xml | 1 +
.../x86_64-cpuid-Core-i7-5600U-ibrs-guest.xml | 1 +
.../x86_64-cpuid-Core-i7-5600U-ibrs-host.xml | 1 +
.../x86_64-cpuid-Core-i7-7700-guest.xml | 1 +
.../x86_64-cpuid-Core-i7-7700-host.xml | 1 +
.../x86_64-cpuid-Xeon-E3-1245-v5-guest.xml | 1 +
.../x86_64-cpuid-Xeon-E3-1245-v5-host.xml | 1 +
.../x86_64-cpuid-Xeon-E5-2623-v4-guest.xml | 1 +
.../x86_64-cpuid-Xeon-E5-2623-v4-host.xml | 1 +
.../x86_64-cpuid-Xeon-E5-2650-v4-guest.xml | 1 +
.../x86_64-cpuid-Xeon-E5-2650-v4-host.xml | 1 +
.../x86_64-cpuid-Xeon-Gold-5115-guest.xml | 1 +
.../x86_64-cpuid-Xeon-Gold-5115-host.xml | 1 +
.../x86_64-cpuid-Xeon-Gold-6148-guest.xml | 1 +
.../x86_64-cpuid-Xeon-Gold-6148-host.xml | 1 +
21 files changed, 53 insertions(+)
diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml
index 96daa0f9af..4d19a7c811 100644
--- a/src/cpu/cpu_map.xml
+++ b/src/cpu/cpu_map.xml
@@ -257,6 +257,9 @@
<feature name='clwb'>
<cpuid eax_in='0x07' ecx_in='0x00' ebx='0x01000000'/>
</feature>
+ <feature name='intel-pt'>
+ <cpuid eax_in='0x07' ecx_in='0x00' ebx='0x02000000'/>
+ </feature>
<feature name='avx512pf'>
<cpuid eax_in='0x07' ecx_in='0x00' ebx='0x04000000'/>
</feature>
@@ -279,12 +282,36 @@
<feature name='avx512vbmi'>
<cpuid eax_in='0x07' ecx_in='0x00' ecx='0x00000002'/>
</feature>
+ <feature name='umip'>
+ <cpuid eax_in='0x07' ecx_in='0x00' ecx='0x00000004'/>
+ </feature>
<feature name='pku'>
<cpuid eax_in='0x07' ecx_in='0x00' ecx='0x00000008'/>
</feature>
<feature name='ospke'>
<cpuid eax_in='0x07' ecx_in='0x00' ecx='0x00000010'/>
</feature>
+ <feature name='avx512vbmi2'>
+ <cpuid eax_in='0x07' ecx_in='0x00' ecx='0x00000040'/>
+ </feature>
+ <feature name='gfni'>
+ <cpuid eax_in='0x07' ecx_in='0x00' ecx='0x00000100'/>
+ </feature>
+ <feature name='vaes'>
+ <cpuid eax_in='0x07' ecx_in='0x00' ecx='0x00000200'/>
+ </feature>
+ <feature name='vpclmulqdq'>
+ <cpuid eax_in='0x07' ecx_in='0x00' ecx='0x00000400'/>
+ </feature>
+ <feature name='avx512vnni'>
+ <cpuid eax_in='0x07' ecx_in='0x00' ecx='0x00000800'/>
+ </feature>
+ <feature name='avx512bitalg'>
+ <cpuid eax_in='0x07' ecx_in='0x00' ecx='0x00001000'/>
+ </feature>
+ <feature name='avx512-vpopcntdq'>
+ <cpuid eax_in='0x07' ecx_in='0x00' ecx='0x00004000'/>
+ </feature>
<feature name='la57'>
<cpuid eax_in='0x07' ecx_in='0x00' ecx='0x00010000'/>
</feature>
@@ -295,6 +322,9 @@
<feature name='avx512-4fmaps'>
<cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000008'/>
</feature>
+ <feature name='pconfig'>
+ <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00040000'/>
+ </feature>
<feature name='spec-ctrl'>
<cpuid eax_in='0x07' ecx_in='0x00' edx='0x04000000'/>
</feature>
@@ -430,6 +460,9 @@
</feature>
<!-- More AMD-specific features -->
+ <feature name='wbnoinvd'>
+ <cpuid eax_in='0x80000008' ebx='0x00000200'/>
+ </feature>
<feature name='ibpb'>
<cpuid eax_in='0x80000008' ebx='0x00001000'/>
</feature>
diff --git a/tests/cputestdata/x86_64-cpuid-Core-i5-6600-guest.xml b/tests/cputestdata/x86_64-cpuid-Core-i5-6600-guest.xml
index c3561d5971..5777a0bfba 100644
--- a/tests/cputestdata/x86_64-cpuid-Core-i5-6600-guest.xml
+++ b/tests/cputestdata/x86_64-cpuid-Core-i5-6600-guest.xml
@@ -19,6 +19,7 @@
<feature policy='require' name='osxsave'/>
<feature policy='require' name='tsc_adjust'/>
<feature policy='require' name='clflushopt'/>
+ <feature policy='require' name='intel-pt'/>
<feature policy='require' name='xsaves'/>
<feature policy='require' name='pdpe1gb'/>
<feature policy='require' name='invtsc'/>
diff --git a/tests/cputestdata/x86_64-cpuid-Core-i5-6600-host.xml b/tests/cputestdata/x86_64-cpuid-Core-i5-6600-host.xml
index c799394eaf..faaa07f19b 100644
--- a/tests/cputestdata/x86_64-cpuid-Core-i5-6600-host.xml
+++ b/tests/cputestdata/x86_64-cpuid-Core-i5-6600-host.xml
@@ -20,6 +20,7 @@
<feature name='osxsave'/>
<feature name='tsc_adjust'/>
<feature name='clflushopt'/>
+ <feature name='intel-pt'/>
<feature name='xsaves'/>
<feature name='pdpe1gb'/>
<feature name='invtsc'/>
diff --git a/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-arat-guest.xml b/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-arat-guest.xml
index 877895cf15..e825e2a0fb 100644
--- a/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-arat-guest.xml
+++ b/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-arat-guest.xml
@@ -22,6 +22,7 @@
<feature policy='require' name='rdrand'/>
<feature policy='require' name='arat'/>
<feature policy='require' name='tsc_adjust'/>
+ <feature policy='require' name='intel-pt'/>
<feature policy='require' name='xsaveopt'/>
<feature policy='require' name='pdpe1gb'/>
<feature policy='require' name='abm'/>
diff --git a/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-arat-host.xml b/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-arat-host.xml
index 9b24941e0e..ea622c87c7 100644
--- a/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-arat-host.xml
+++ b/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-arat-host.xml
@@ -23,6 +23,7 @@
<feature name='rdrand'/>
<feature name='arat'/>
<feature name='tsc_adjust'/>
+ <feature name='intel-pt'/>
<feature name='xsaveopt'/>
<feature name='pdpe1gb'/>
<feature name='abm'/>
diff --git a/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-guest.xml b/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-guest.xml
index 877895cf15..e825e2a0fb 100644
--- a/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-guest.xml
+++ b/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-guest.xml
@@ -22,6 +22,7 @@
<feature policy='require' name='rdrand'/>
<feature policy='require' name='arat'/>
<feature policy='require' name='tsc_adjust'/>
+ <feature policy='require' name='intel-pt'/>
<feature policy='require' name='xsaveopt'/>
<feature policy='require' name='pdpe1gb'/>
<feature policy='require' name='abm'/>
diff --git a/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-host.xml b/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-host.xml
index 9b24941e0e..ea622c87c7 100644
--- a/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-host.xml
+++ b/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-host.xml
@@ -23,6 +23,7 @@
<feature name='rdrand'/>
<feature name='arat'/>
<feature name='tsc_adjust'/>
+ <feature name='intel-pt'/>
<feature name='xsaveopt'/>
<feature name='pdpe1gb'/>
<feature name='abm'/>
diff --git a/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-guest.xml b/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-guest.xml
index a70cb6d46a..4fa4770208 100644
--- a/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-guest.xml
+++ b/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-guest.xml
@@ -22,6 +22,7 @@
<feature policy='require' name='rdrand'/>
<feature policy='require' name='arat'/>
<feature policy='require' name='tsc_adjust'/>
+ <feature policy='require' name='intel-pt'/>
<feature policy='require' name='xsaveopt'/>
<feature policy='require' name='pdpe1gb'/>
<feature policy='require' name='abm'/>
diff --git a/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-host.xml b/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-host.xml
index b8e3399103..25690c099c 100644
--- a/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-host.xml
+++ b/tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-host.xml
@@ -23,6 +23,7 @@
<feature name='rdrand'/>
<feature name='arat'/>
<feature name='tsc_adjust'/>
+ <feature name='intel-pt'/>
<feature name='xsaveopt'/>
<feature name='pdpe1gb'/>
<feature name='abm'/>
diff --git a/tests/cputestdata/x86_64-cpuid-Core-i7-7700-guest.xml b/tests/cputestdata/x86_64-cpuid-Core-i7-7700-guest.xml
index c3561d5971..5777a0bfba 100644
--- a/tests/cputestdata/x86_64-cpuid-Core-i7-7700-guest.xml
+++ b/tests/cputestdata/x86_64-cpuid-Core-i7-7700-guest.xml
@@ -19,6 +19,7 @@
<feature policy='require' name='osxsave'/>
<feature policy='require' name='tsc_adjust'/>
<feature policy='require' name='clflushopt'/>
+ <feature policy='require' name='intel-pt'/>
<feature policy='require' name='xsaves'/>
<feature policy='require' name='pdpe1gb'/>
<feature policy='require' name='invtsc'/>
diff --git a/tests/cputestdata/x86_64-cpuid-Core-i7-7700-host.xml b/tests/cputestdata/x86_64-cpuid-Core-i7-7700-host.xml
index c799394eaf..faaa07f19b 100644
--- a/tests/cputestdata/x86_64-cpuid-Core-i7-7700-host.xml
+++ b/tests/cputestdata/x86_64-cpuid-Core-i7-7700-host.xml
@@ -20,6 +20,7 @@
<feature name='osxsave'/>
<feature name='tsc_adjust'/>
<feature name='clflushopt'/>
+ <feature name='intel-pt'/>
<feature name='xsaves'/>
<feature name='pdpe1gb'/>
<feature name='invtsc'/>
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1245-v5-guest.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1245-v5-guest.xml
index c3561d5971..5777a0bfba 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1245-v5-guest.xml
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1245-v5-guest.xml
@@ -19,6 +19,7 @@
<feature policy='require' name='osxsave'/>
<feature policy='require' name='tsc_adjust'/>
<feature policy='require' name='clflushopt'/>
+ <feature policy='require' name='intel-pt'/>
<feature policy='require' name='xsaves'/>
<feature policy='require' name='pdpe1gb'/>
<feature policy='require' name='invtsc'/>
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1245-v5-host.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1245-v5-host.xml
index c799394eaf..faaa07f19b 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1245-v5-host.xml
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1245-v5-host.xml
@@ -20,6 +20,7 @@
<feature name='osxsave'/>
<feature name='tsc_adjust'/>
<feature name='clflushopt'/>
+ <feature name='intel-pt'/>
<feature name='xsaves'/>
<feature name='pdpe1gb'/>
<feature name='invtsc'/>
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-guest.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-guest.xml
index 60609f5c70..7b93df3f1b 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-guest.xml
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-guest.xml
@@ -20,6 +20,7 @@
<feature policy='require' name='osxsave'/>
<feature policy='require' name='tsc_adjust'/>
<feature policy='require' name='cmt'/>
+ <feature policy='require' name='intel-pt'/>
<feature policy='require' name='mbm_total'/>
<feature policy='require' name='mbm_local'/>
<feature policy='require' name='pdpe1gb'/>
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-host.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-host.xml
index 357cafd10a..5078420c7a 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-host.xml
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-host.xml
@@ -25,6 +25,7 @@
<feature name='arat'/>
<feature name='tsc_adjust'/>
<feature name='cmt'/>
+ <feature name='intel-pt'/>
<feature name='xsaveopt'/>
<feature name='mbm_total'/>
<feature name='mbm_local'/>
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E5-2650-v4-guest.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E5-2650-v4-guest.xml
index 2fac54355c..cd7e25b52a 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E5-2650-v4-guest.xml
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E5-2650-v4-guest.xml
@@ -20,6 +20,7 @@
<feature policy='require' name='osxsave'/>
<feature policy='require' name='tsc_adjust'/>
<feature policy='require' name='cmt'/>
+ <feature policy='require' name='intel-pt'/>
<feature policy='require' name='mbm_total'/>
<feature policy='require' name='mbm_local'/>
<feature policy='require' name='pdpe1gb'/>
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E5-2650-v4-host.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E5-2650-v4-host.xml
index f482864a98..5dd8d749de 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E5-2650-v4-host.xml
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E5-2650-v4-host.xml
@@ -25,6 +25,7 @@
<feature name='arat'/>
<feature name='tsc_adjust'/>
<feature name='cmt'/>
+ <feature name='intel-pt'/>
<feature name='xsaveopt'/>
<feature name='mbm_total'/>
<feature name='mbm_local'/>
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-guest.xml b/tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-guest.xml
index 5f51dea631..480127f341 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-guest.xml
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-guest.xml
@@ -21,6 +21,7 @@
<feature policy='require' name='tsc_adjust'/>
<feature policy='require' name='cmt'/>
<feature policy='require' name='clflushopt'/>
+ <feature policy='require' name='intel-pt'/>
<feature policy='require' name='pku'/>
<feature policy='require' name='xsaves'/>
<feature policy='require' name='mbm_total'/>
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-host.xml b/tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-host.xml
index a11b31369d..680b10acef 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-host.xml
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-host.xml
@@ -22,6 +22,7 @@
<feature name='tsc_adjust'/>
<feature name='cmt'/>
<feature name='clflushopt'/>
+ <feature name='intel-pt'/>
<feature name='pku'/>
<feature name='xsaves'/>
<feature name='mbm_total'/>
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-Gold-6148-guest.xml b/tests/cputestdata/x86_64-cpuid-Xeon-Gold-6148-guest.xml
index f72bcea68b..f31ca1ffc5 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-Gold-6148-guest.xml
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-Gold-6148-guest.xml
@@ -21,6 +21,7 @@
<feature policy='require' name='tsc_adjust'/>
<feature policy='require' name='cmt'/>
<feature policy='require' name='clflushopt'/>
+ <feature policy='require' name='intel-pt'/>
<feature policy='require' name='pku'/>
<feature policy='require' name='xsaves'/>
<feature policy='require' name='mbm_total'/>
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-Gold-6148-host.xml b/tests/cputestdata/x86_64-cpuid-Xeon-Gold-6148-host.xml
index 1a68e35c19..b18ceddc60 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-Gold-6148-host.xml
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-Gold-6148-host.xml
@@ -22,6 +22,7 @@
<feature name='tsc_adjust'/>
<feature name='cmt'/>
<feature name='clflushopt'/>
+ <feature name='intel-pt'/>
<feature name='pku'/>
<feature name='xsaves'/>
<feature name='mbm_total'/>
--
2.19.1

46
SOURCES/libvirt-cpu_map-Add-support-for-cldemote-CPU-feature.patch Normal file
View File

@ -0,0 +1,46 @@
From e7f71788bb7c3534b97fe50b05212e64aa9d1412 Mon Sep 17 00:00:00 2001
Message-Id: <e7f71788bb7c3534b97fe50b05212e64aa9d1412@dist-git>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Thu, 25 Apr 2019 16:36:43 +0200
Subject: [PATCH] cpu_map: Add support for cldemote CPU feature
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Added in QEMU by v2.12.0-481-g0da0fb0628 (released in 3.0).
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 8feeee9ee23f0500cc2585e1b11231c54de8e93d)
https://bugzilla.redhat.com/show_bug.cgi?id=1537731
https://bugzilla.redhat.com/show_bug.cgi?id=1537777
Conflicts:
src/cpu_map/x86_features.xml
- features are defined in src/cpu/cpu_map.xml downstream
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Message-Id: <bb26b8e5c8323be651bae3d1c15aa04528f2c26d.1556202959.git.jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/cpu/cpu_map.xml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml
index 095d49a69a..79c40cff34 100644
--- a/src/cpu/cpu_map.xml
+++ b/src/cpu/cpu_map.xml
@@ -315,6 +315,9 @@
<feature name='la57'>
<cpuid eax_in='0x07' ecx_in='0x00' ecx='0x00010000'/>
</feature>
+ <feature name='cldemote'>
+ <cpuid eax_in='0x07' ecx_in='0x00' ecx='0x02000000'/>
+ </feature>
<feature name='avx512-4vnniw'>
<cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000004'/>
--
2.21.0

102
SOURCES/libvirt-cpu_map-Define-md-clear-CPUID-bit.patch Normal file
View File

@ -0,0 +1,102 @@
From 28c9a09d1f42513344c546ac344f90ae3280fd5b Mon Sep 17 00:00:00 2001
Message-Id: <28c9a09d1f42513344c546ac344f90ae3280fd5b@dist-git>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Fri, 5 Apr 2019 15:11:20 +0200
Subject: [PATCH] cpu_map: Define md-clear CPUID bit
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
The bit is set when microcode provides the mechanism to invoke a flush
of various exploitable CPU buffers by invoking the VERW instruction.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 538d873571d7a682852dc1d70e5f4478f4d64e85)
Conflicts:
src/cpu_map/x86_features.xml
- no CPU map split downstream
tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-guest.xml
tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-host.xml
- test data missing downstream
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/cpu/cpu_map.xml | 3 +++
tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml | 2 +-
tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml | 1 +
tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml | 1 +
tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml | 1 +
5 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml
index 79c40cff34..ceee0ae489 100644
--- a/src/cpu/cpu_map.xml
+++ b/src/cpu/cpu_map.xml
@@ -325,6 +325,9 @@
<feature name='avx512-4fmaps'>
<cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000008'/>
</feature>
+ <feature name='md-clear'> <!-- md_clear -->
+ <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000400'/>
+ </feature>
<feature name='pconfig'>
<cpuid eax_in='0x07' ecx_in='0x00' edx='0x00040000'/>
</feature>
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
index 0deca9fba6..74763a462b 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
@@ -2,7 +2,7 @@
<cpudata arch='x86'>
<cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0xf7fa3203' edx='0x0f8bfbff'/>
<cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x00000004' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
- <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000000'/>
+ <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000400'/>
<cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000007' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
<cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/>
</cpudata>
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
index 70a0fc3286..867970d2c7 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
@@ -20,6 +20,7 @@
<feature policy='require' name='tsc_adjust'/>
<feature policy='require' name='clflushopt'/>
<feature policy='require' name='intel-pt'/>
+ <feature policy='require' name='md-clear'/>
<feature policy='require' name='stibp'/>
<feature policy='require' name='ssbd'/>
<feature policy='require' name='xsaves'/>
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
index bbdfb6aa61..e7ced42797 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
@@ -21,6 +21,7 @@
<feature name='tsc_adjust'/>
<feature name='clflushopt'/>
<feature name='intel-pt'/>
+ <feature name='md-clear'/>
<feature name='stibp'/>
<feature name='ssbd'/>
<feature name='xsaves'/>
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
index 1f321db273..a5591278df 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
@@ -5,6 +5,7 @@
<feature policy='require' name='hypervisor'/>
<feature policy='require' name='tsc_adjust'/>
<feature policy='require' name='clflushopt'/>
+ <feature policy='require' name='md-clear'/>
<feature policy='require' name='stibp'/>
<feature policy='require' name='ssbd'/>
<feature policy='require' name='pdpe1gb'/>
--
2.21.0

60
SOURCES/libvirt-cpu_x86-Do-not-cache-microcode-version.patch Normal file
View File

@ -0,0 +1,60 @@
From f574d83a57b54248bc1f1c7fd3b25894d579c8e3 Mon Sep 17 00:00:00 2001
Message-Id: <f574d83a57b54248bc1f1c7fd3b25894d579c8e3@dist-git>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Fri, 5 Apr 2019 11:33:32 +0200
Subject: [PATCH] cpu_x86: Do not cache microcode version
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The microcode version checks are used to invalidate cached CPU data we
get from QEMU. To minimize /proc/cpuinfo parsing the microcode version
was only read when libvirtd started and cached for the daemon's
lifetime. However, the CPU microcode can change anytime (updating the
microcode package can automatically upload it to the CPU) and we need to
stop caching it to avoid using stale CPU model data.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit be46f613261d3b655a1f15afd635087e68a9c39b)
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/cpu/cpu_x86.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/src/cpu/cpu_x86.c b/src/cpu/cpu_x86.c
index 7fa84f6014..89baf94d7d 100644
--- a/src/cpu/cpu_x86.c
+++ b/src/cpu/cpu_x86.c
@@ -163,7 +163,6 @@ struct _virCPUx86Map {
};
static virCPUx86MapPtr cpuMap;
-static unsigned int microcodeVersion;
int virCPUx86DriverOnceInit(void);
VIR_ONCE_GLOBAL_INIT(virCPUx86Driver);
@@ -1422,8 +1421,6 @@ virCPUx86DriverOnceInit(void)
if (!(cpuMap = virCPUx86LoadMap()))
return -1;
- microcodeVersion = virHostCPUGetMicrocodeVersion();
-
return 0;
}
@@ -2463,7 +2460,7 @@ virCPUx86GetHost(virCPUDefPtr cpu,
goto cleanup;
ret = x86DecodeCPUData(cpu, cpuData, models);
- cpu->microcodeVersion = microcodeVersion;
+ cpu->microcodeVersion = virHostCPUGetMicrocodeVersion();
cleanup:
virCPUx86DataFree(cpuData);
--
2.21.0

885
SOURCES/libvirt-cputest-Add-data-for-Intel-R-Xeon-R-CPU-E3-1225-v5.patch Normal file
View File

@ -0,0 +1,885 @@
From cd7339269704e58b78c1033d46a336448256b4e7 Mon Sep 17 00:00:00 2001
Message-Id: <cd7339269704e58b78c1033d46a336448256b4e7@dist-git>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Fri, 5 Apr 2019 11:19:30 +0200
Subject: [PATCH] cputest: Add data for Intel(R) Xeon(R) CPU E3-1225 v5
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 5cd9db3ac11e88846cbcf95fad9f6fae9d880dee)
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
tests/cputest.c | 1 +
.../x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml | 7 +
.../x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml | 8 +
.../x86_64-cpuid-Xeon-E3-1225-v5-guest.xml | 28 +
.../x86_64-cpuid-Xeon-E3-1225-v5-host.xml | 29 +
.../x86_64-cpuid-Xeon-E3-1225-v5-json.xml | 11 +
.../x86_64-cpuid-Xeon-E3-1225-v5.json | 652 ++++++++++++++++++
.../x86_64-cpuid-Xeon-E3-1225-v5.sig | 4 +
.../x86_64-cpuid-Xeon-E3-1225-v5.xml | 47 ++
9 files changed, 787 insertions(+)
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml
diff --git a/tests/cputest.c b/tests/cputest.c
index baf2b3c648..fbb2a86af8 100644
--- a/tests/cputest.c
+++ b/tests/cputest.c
@@ -1190,6 +1190,7 @@ mymain(void)
DO_TEST_CPUID(VIR_ARCH_X86_64, "Phenom-B95", JSON_HOST);
DO_TEST_CPUID(VIR_ARCH_X86_64, "Ryzen-7-1800X-Eight-Core", JSON_HOST);
DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-5110", JSON_NONE);
+ DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E3-1225-v5", JSON_MODELS);
DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E3-1245-v5", JSON_MODELS);
DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E5-2609-v3", JSON_MODELS);
DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E5-2623-v4", JSON_MODELS);
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml
new file mode 100644
index 0000000000..ce51903e53
--- /dev/null
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml
@@ -0,0 +1,7 @@
+<!-- Features disabled by QEMU -->
+<cpudata arch='x86'>
+ <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x0800c1fc' edx='0xb0600000'/>
+ <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x02000000' ecx='0x00000000' edx='0x00000000'/>
+ <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000008' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+ <cpuid eax_in='0x80000007' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000100'/>
+</cpudata>
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
new file mode 100644
index 0000000000..0deca9fba6
--- /dev/null
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
@@ -0,0 +1,8 @@
+<!-- Features enabled by QEMU -->
+<cpudata arch='x86'>
+ <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0xf7fa3203' edx='0x0f8bfbff'/>
+ <cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x00000004' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+ <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000000'/>
+ <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000007' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+ <cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/>
+</cpudata>
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
new file mode 100644
index 0000000000..70a0fc3286
--- /dev/null
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
@@ -0,0 +1,28 @@
+<cpu mode='custom' match='exact'>
+ <model fallback='forbid'>Skylake-Client-IBRS</model>
+ <vendor>Intel</vendor>
+ <feature policy='require' name='ds'/>
+ <feature policy='require' name='acpi'/>
+ <feature policy='require' name='ss'/>
+ <feature policy='require' name='ht'/>
+ <feature policy='require' name='tm'/>
+ <feature policy='require' name='pbe'/>
+ <feature policy='require' name='dtes64'/>
+ <feature policy='require' name='monitor'/>
+ <feature policy='require' name='ds_cpl'/>
+ <feature policy='require' name='vmx'/>
+ <feature policy='require' name='smx'/>
+ <feature policy='require' name='est'/>
+ <feature policy='require' name='tm2'/>
+ <feature policy='require' name='xtpr'/>
+ <feature policy='require' name='pdcm'/>
+ <feature policy='require' name='osxsave'/>
+ <feature policy='require' name='tsc_adjust'/>
+ <feature policy='require' name='clflushopt'/>
+ <feature policy='require' name='intel-pt'/>
+ <feature policy='require' name='stibp'/>
+ <feature policy='require' name='ssbd'/>
+ <feature policy='require' name='xsaves'/>
+ <feature policy='require' name='pdpe1gb'/>
+ <feature policy='require' name='invtsc'/>
+</cpu>
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
new file mode 100644
index 0000000000..bbdfb6aa61
--- /dev/null
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
@@ -0,0 +1,29 @@
+<cpu>
+ <arch>x86_64</arch>
+ <model>Skylake-Client-IBRS</model>
+ <vendor>Intel</vendor>
+ <feature name='ds'/>
+ <feature name='acpi'/>
+ <feature name='ss'/>
+ <feature name='ht'/>
+ <feature name='tm'/>
+ <feature name='pbe'/>
+ <feature name='dtes64'/>
+ <feature name='monitor'/>
+ <feature name='ds_cpl'/>
+ <feature name='vmx'/>
+ <feature name='smx'/>
+ <feature name='est'/>
+ <feature name='tm2'/>
+ <feature name='xtpr'/>
+ <feature name='pdcm'/>
+ <feature name='osxsave'/>
+ <feature name='tsc_adjust'/>
+ <feature name='clflushopt'/>
+ <feature name='intel-pt'/>
+ <feature name='stibp'/>
+ <feature name='ssbd'/>
+ <feature name='xsaves'/>
+ <feature name='pdpe1gb'/>
+ <feature name='invtsc'/>
+</cpu>
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
new file mode 100644
index 0000000000..1f321db273
--- /dev/null
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
@@ -0,0 +1,11 @@
+<cpu mode='custom' match='exact'>
+ <model fallback='forbid'>Skylake-Client-IBRS</model>
+ <vendor>Intel</vendor>
+ <feature policy='require' name='ss'/>
+ <feature policy='require' name='hypervisor'/>
+ <feature policy='require' name='tsc_adjust'/>
+ <feature policy='require' name='clflushopt'/>
+ <feature policy='require' name='stibp'/>
+ <feature policy='require' name='ssbd'/>
+ <feature policy='require' name='pdpe1gb'/>
+</cpu>
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json
new file mode 100644
index 0000000000..084747556b
--- /dev/null
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json
@@ -0,0 +1,652 @@
+{
+ "return": {
+ "model": {
+ "name": "base",
+ "props": {
+ "phys-bits": 0,
+ "core-id": -1,
+ "xlevel": 2147483656,
+ "cmov": true,
+ "ia64": false,
+ "aes": true,
+ "mmx": true,
+ "rdpid": false,
+ "arat": true,
+ "gfni": false,
+ "pause-filter": false,
+ "xsavec": true,
+ "intel-pt": false,
+ "osxsave": false,
+ "hv-frequencies": false,
+ "tsc-frequency": 0,
+ "xd": true,
+ "hv-vendor-id": "",
+ "kvm-asyncpf": true,
+ "kvm_asyncpf": true,
+ "perfctr_core": false,
+ "perfctr-core": false,
+ "mpx": true,
+ "pbe": false,
+ "decodeassists": false,
+ "avx512cd": false,
+ "sse4_1": true,
+ "sse4.1": true,
+ "sse4-1": true,
+ "family": 6,
+ "legacy-cache": true,
+ "vmware-cpuid-freq": true,
+ "avx512f": false,
+ "msr": true,
+ "mce": true,
+ "mca": true,
+ "hv-runtime": false,
+ "xcrypt": false,
+ "thread-id": -1,
+ "min-level": 13,
+ "xgetbv1": true,
+ "cid": false,
+ "hv-relaxed": false,
+ "hv-crash": false,
+ "ds": false,
+ "fxsr": true,
+ "xsaveopt": true,
+ "xtpr": false,
+ "avx512vl": false,
+ "avx512-vpopcntdq": false,
+ "phe": false,
+ "extapic": false,
+ "3dnowprefetch": true,
+ "avx512vbmi2": false,
+ "cr8legacy": false,
+ "stibp": true,
+ "cpuid-0xb": true,
+ "xcrypt-en": false,
+ "kvm_pv_eoi": true,
+ "apic-id": 4294967295,
+ "pn": false,
+ "dca": false,
+ "vendor": "GenuineIntel",
+ "pku": false,
+ "smx": false,
+ "cmp_legacy": false,
+ "cmp-legacy": false,
+ "node-id": -1,
+ "avx512-4fmaps": false,
+ "vmcb_clean": false,
+ "vmcb-clean": false,
+ "3dnowext": false,
+ "hle": true,
+ "npt": false,
+ "memory": "/machine/unattached/system[0]",
+ "clwb": false,
+ "lbrv": false,
+ "adx": true,
+ "ss": true,
+ "pni": true,
+ "svm_lock": false,
+ "svm-lock": false,
+ "pfthreshold": false,
+ "smep": true,
+ "smap": true,
+ "x2apic": true,
+ "avx512vbmi": false,
+ "avx512vnni": false,
+ "hv-stimer": false,
+ "i64": true,
+ "flushbyasid": false,
+ "f16c": true,
+ "ace2-en": false,
+ "pat": true,
+ "pae": true,
+ "sse": true,
+ "phe-en": false,
+ "kvm_nopiodelay": true,
+ "kvm-nopiodelay": true,
+ "tm": false,
+ "kvmclock-stable-bit": true,
+ "hypervisor": true,
+ "socket-id": -1,
+ "pcommit": false,
+ "syscall": true,
+ "level": 13,
+ "avx512dq": false,
+ "svm": false,
+ "full-cpuid-auto-level": true,
+ "hv-reset": false,
+ "invtsc": false,
+ "sse3": true,
+ "sse2": true,
+ "ssbd": true,
+ "est": false,
+ "avx512ifma": false,
+ "tm2": false,
+ "kvm-pv-eoi": true,
+ "cx8": true,
+ "kvm_mmu": false,
+ "kvm-mmu": false,
+ "sse4_2": true,
+ "sse4.2": true,
+ "sse4-2": true,
+ "pge": true,
+ "fill-mtrr-mask": true,
+ "avx512bitalg": false,
+ "nodeid_msr": false,
+ "pdcm": false,
+ "movbe": true,
+ "model": 94,
+ "nrip_save": false,
+ "nrip-save": false,
+ "kvm_pv_unhalt": true,
+ "ssse3": true,
+ "sse4a": false,
+ "invpcid": true,
+ "pdpe1gb": true,
+ "tsc-deadline": true,
+ "fma": true,
+ "cx16": true,
+ "de": true,
+ "enforce": false,
+ "stepping": 3,
+ "xsave": true,
+ "clflush": true,
+ "skinit": false,
+ "tsc": true,
+ "tce": false,
+ "fpu": true,
+ "ibs": false,
+ "ds_cpl": false,
+ "ds-cpl": false,
+ "host-phys-bits": true,
+ "fma4": false,
+ "la57": false,
+ "osvw": false,
+ "check": true,
+ "hv-spinlocks": -1,
+ "pmu": false,
+ "pmm": false,
+ "apic": true,
+ "spec-ctrl": true,
+ "min-xlevel2": 0,
+ "tsc-adjust": true,
+ "tsc_adjust": true,
+ "kvm-steal-time": true,
+ "kvm_steal_time": true,
+ "kvmclock": true,
+ "l3-cache": true,
+ "lwp": false,
+ "ibpb": false,
+ "xop": false,
+ "avx": true,
+ "ospke": false,
+ "ace2": false,
+ "avx512bw": false,
+ "acpi": false,
+ "hv-vapic": false,
+ "fsgsbase": true,
+ "ht": false,
+ "nx": true,
+ "pclmulqdq": true,
+ "mmxext": false,
+ "vaes": false,
+ "popcnt": true,
+ "xsaves": false,
+ "tcg-cpuid": true,
+ "lm": true,
+ "umip": false,
+ "pse": true,
+ "avx2": true,
+ "sep": true,
+ "pclmuldq": true,
+ "virt-ssbd": false,
+ "x-hv-max-vps": -1,
+ "nodeid-msr": false,
+ "md-clear": true,
+ "kvm": true,
+ "misalignsse": false,
+ "min-xlevel": 2147483656,
+ "kvm-pv-unhalt": true,
+ "bmi2": true,
+ "bmi1": true,
+ "realized": false,
+ "tsc_scale": false,
+ "tsc-scale": false,
+ "topoext": false,
+ "hv-vpindex": false,
+ "xlevel2": 0,
+ "clflushopt": true,
+ "kvm-no-smi-migration": false,
+ "monitor": false,
+ "avx512er": false,
+ "pmm-en": false,
+ "pcid": true,
+ "3dnow": false,
+ "erms": true,
+ "lahf-lm": true,
+ "lahf_lm": true,
+ "vpclmulqdq": false,
+ "fxsr-opt": false,
+ "hv-synic": false,
+ "xstore": false,
+ "fxsr_opt": false,
+ "kvm-hint-dedicated": false,
+ "rtm": true,
+ "lmce": true,
+ "hv-time": false,
+ "perfctr-nb": false,
+ "perfctr_nb": false,
+ "ffxsr": false,
+ "rdrand": true,
+ "rdseed": true,
+ "avx512-4vnniw": false,
+ "vmx": false,
+ "vme": true,
+ "dtes64": false,
+ "mtrr": true,
+ "rdtscp": true,
+ "pse36": true,
+ "kvm-pv-tlb-flush": false,
+ "tbm": false,
+ "wdt": false,
+ "pause_filter": false,
+ "sha-ni": false,
+ "model-id": "Intel(R) Xeon(R) CPU E3-1225 v5 @ 3.30GHz",
+ "abm": true,
+ "avx512pf": false,
+ "xstore-en": false
+ }
+ }
+ },
+ "id": "model-expansion"
+}
+
+{
+ "return": [
+ {
+ "name": "max",
+ "typename": "max-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": false
+ },
+ {
+ "name": "host",
+ "typename": "host-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": false
+ },
+ {
+ "name": "base",
+ "typename": "base-x86_64-cpu",
+ "unavailable-features": [],
+ "static": true,
+ "migration-safe": true
+ },
+ {
+ "name": "qemu64",
+ "typename": "qemu64-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "qemu32",
+ "typename": "qemu32-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "phenom",
+ "typename": "phenom-x86_64-cpu",
+ "unavailable-features": [
+ "mmxext",
+ "fxsr-opt",
+ "3dnowext",
+ "3dnow",
+ "sse4a",
+ "npt"
+ ],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "pentium3",
+ "typename": "pentium3-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "pentium2",
+ "typename": "pentium2-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "pentium",
+ "typename": "pentium-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "n270",
+ "typename": "n270-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "kvm64",
+ "typename": "kvm64-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "kvm32",
+ "typename": "kvm32-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "cpu64-rhel6",
+ "typename": "cpu64-rhel6-x86_64-cpu",
+ "unavailable-features": [
+ "sse4a"
+ ],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "coreduo",
+ "typename": "coreduo-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "core2duo",
+ "typename": "core2duo-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "athlon",
+ "typename": "athlon-x86_64-cpu",
+ "unavailable-features": [
+ "mmxext",
+ "3dnowext",
+ "3dnow"
+ ],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "Westmere",
+ "typename": "Westmere-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "Westmere-IBRS",
+ "typename": "Westmere-IBRS-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "Skylake-Server",
+ "typename": "Skylake-Server-x86_64-cpu",
+ "unavailable-features": [
+ "avx512f",
+ "avx512dq",
+ "clwb",
+ "avx512cd",
+ "avx512bw",
+ "avx512vl",
+ "avx512f",
+ "avx512f",
+ "avx512f"
+ ],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "Skylake-Server-IBRS",
+ "typename": "Skylake-Server-IBRS-x86_64-cpu",
+ "unavailable-features": [
+ "avx512f",
+ "avx512dq",
+ "clwb",
+ "avx512cd",
+ "avx512bw",
+ "avx512vl",
+ "avx512f",
+ "avx512f",
+ "avx512f"
+ ],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "Skylake-Client",
+ "typename": "Skylake-Client-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "Skylake-Client-IBRS",
+ "typename": "Skylake-Client-IBRS-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "SandyBridge",
+ "typename": "SandyBridge-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "SandyBridge-IBRS",
+ "typename": "SandyBridge-IBRS-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "Penryn",
+ "typename": "Penryn-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "Opteron_G5",
+ "typename": "Opteron_G5-x86_64-cpu",
+ "unavailable-features": [
+ "sse4a",
+ "misalignsse",
+ "xop",
+ "fma4",
+ "tbm"
+ ],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "Opteron_G4",
+ "typename": "Opteron_G4-x86_64-cpu",
+ "unavailable-features": [
+ "sse4a",
+ "misalignsse",
+ "xop",
+ "fma4"
+ ],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "Opteron_G3",
+ "typename": "Opteron_G3-x86_64-cpu",
+ "unavailable-features": [
+ "sse4a",
+ "misalignsse"
+ ],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "Opteron_G2",
+ "typename": "Opteron_G2-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "Opteron_G1",
+ "typename": "Opteron_G1-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "Nehalem",
+ "typename": "Nehalem-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "Nehalem-IBRS",
+ "typename": "Nehalem-IBRS-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "IvyBridge",
+ "typename": "IvyBridge-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "IvyBridge-IBRS",
+ "typename": "IvyBridge-IBRS-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "Haswell",
+ "typename": "Haswell-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "Haswell-noTSX",
+ "typename": "Haswell-noTSX-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "Haswell-noTSX-IBRS",
+ "typename": "Haswell-noTSX-IBRS-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "Haswell-IBRS",
+ "typename": "Haswell-IBRS-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "EPYC",
+ "typename": "EPYC-x86_64-cpu",
+ "unavailable-features": [
+ "sha-ni",
+ "mmxext",
+ "fxsr-opt",
+ "cr8legacy",
+ "sse4a",
+ "misalignsse",
+ "osvw"
+ ],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "EPYC-IBPB",
+ "typename": "EPYC-IBPB-x86_64-cpu",
+ "unavailable-features": [
+ "sha-ni",
+ "mmxext",
+ "fxsr-opt",
+ "cr8legacy",
+ "sse4a",
+ "misalignsse",
+ "osvw",
+ "ibpb"
+ ],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "Conroe",
+ "typename": "Conroe-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "Broadwell",
+ "typename": "Broadwell-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "Broadwell-noTSX",
+ "typename": "Broadwell-noTSX-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "Broadwell-noTSX-IBRS",
+ "typename": "Broadwell-noTSX-IBRS-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "Broadwell-IBRS",
+ "typename": "Broadwell-IBRS-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": true
+ },
+ {
+ "name": "486",
+ "typename": "486-x86_64-cpu",
+ "unavailable-features": [],
+ "static": false,
+ "migration-safe": true
+ }
+ ],
+ "id": "definitions"
+}
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig
new file mode 100644
index 0000000000..7e57c2ded6
--- /dev/null
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig
@@ -0,0 +1,4 @@
+0506e3
+family: 6 (0x06)
+model: 94 (0x5e)
+stepping: 3 (0x03)
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml
new file mode 100644
index 0000000000..437429d61d
--- /dev/null
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml
@@ -0,0 +1,47 @@
+<!-- Intel(R) Xeon(R) CPU E3-1225 v5 @ 3.30GHz -->
+<cpudata arch='x86'>
+ <cpuid eax_in='0x00000000' ecx_in='0x00' eax='0x00000016' ebx='0x756e6547' ecx='0x6c65746e' edx='0x49656e69'/>
+ <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x000506e3' ebx='0x06100800' ecx='0x7ffafbff' edx='0xbfebfbff'/>
+ <cpuid eax_in='0x00000002' ecx_in='0x00' eax='0x76036301' ebx='0x00f0b6ff' ecx='0x00000000' edx='0x00c30000'/>
+ <cpuid eax_in='0x00000003' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+ <cpuid eax_in='0x00000004' ecx_in='0x00' eax='0x1c004121' ebx='0x01c0003f' ecx='0x0000003f' edx='0x00000000'/>
+ <cpuid eax_in='0x00000004' ecx_in='0x01' eax='0x1c004122' ebx='0x01c0003f' ecx='0x0000003f' edx='0x00000000'/>
+ <cpuid eax_in='0x00000004' ecx_in='0x02' eax='0x1c004143' ebx='0x00c0003f' ecx='0x000003ff' edx='0x00000000'/>
+ <cpuid eax_in='0x00000004' ecx_in='0x03' eax='0x1c03c163' ebx='0x03c0003f' ecx='0x00001fff' edx='0x00000006'/>
+ <cpuid eax_in='0x00000005' ecx_in='0x00' eax='0x00000040' ebx='0x00000040' ecx='0x00000003' edx='0x00142120'/>
+ <cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x000027f7' ebx='0x00000002' ecx='0x00000009' edx='0x00000000'/>
+ <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x029c6fbf' ecx='0x00000000' edx='0x9c002400'/>
+ <cpuid eax_in='0x00000008' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+ <cpuid eax_in='0x00000009' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+ <cpuid eax_in='0x0000000a' ecx_in='0x00' eax='0x07300804' ebx='0x00000000' ecx='0x00000000' edx='0x00000603'/>
+ <cpuid eax_in='0x0000000b' ecx_in='0x00' eax='0x00000001' ebx='0x00000001' ecx='0x00000100' edx='0x00000006'/>
+ <cpuid eax_in='0x0000000b' ecx_in='0x01' eax='0x00000004' ebx='0x00000004' ecx='0x00000201' edx='0x00000006'/>
+ <cpuid eax_in='0x0000000c' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+ <cpuid eax_in='0x0000000d' ecx_in='0x00' eax='0x0000001f' ebx='0x00000440' ecx='0x00000440' edx='0x00000000'/>
+ <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x0000000f' ebx='0x000003c0' ecx='0x00000100' edx='0x00000000'/>
+ <cpuid eax_in='0x0000000d' ecx_in='0x02' eax='0x00000100' ebx='0x00000240' ecx='0x00000000' edx='0x00000000'/>
+ <cpuid eax_in='0x0000000d' ecx_in='0x03' eax='0x00000040' ebx='0x000003c0' ecx='0x00000000' edx='0x00000000'/>
+ <cpuid eax_in='0x0000000d' ecx_in='0x04' eax='0x00000040' ebx='0x00000400' ecx='0x00000000' edx='0x00000000'/>
+ <cpuid eax_in='0x0000000d' ecx_in='0x08' eax='0x00000080' ebx='0x00000000' ecx='0x00000001' edx='0x00000000'/>
+ <cpuid eax_in='0x0000000e' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+ <cpuid eax_in='0x0000000f' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+ <cpuid eax_in='0x00000010' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+ <cpuid eax_in='0x00000011' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+ <cpuid eax_in='0x00000012' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+ <cpuid eax_in='0x00000013' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+ <cpuid eax_in='0x00000014' ecx_in='0x00' eax='0x00000001' ebx='0x0000000f' ecx='0x00000007' edx='0x00000000'/>
+ <cpuid eax_in='0x00000014' ecx_in='0x01' eax='0x02490002' ebx='0x003f3fff' ecx='0x00000000' edx='0x00000000'/>
+ <cpuid eax_in='0x00000015' ecx_in='0x00' eax='0x00000002' ebx='0x00000114' ecx='0x00000000' edx='0x00000000'/>
+ <cpuid eax_in='0x00000016' ecx_in='0x00' eax='0x00000ce4' ebx='0x00000e74' ecx='0x00000064' edx='0x00000000'/>
+ <cpuid eax_in='0x80000000' ecx_in='0x00' eax='0x80000008' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+ <cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/>
+ <cpuid eax_in='0x80000002' ecx_in='0x00' eax='0x65746e49' ebx='0x2952286c' ecx='0x6f655820' edx='0x2952286e'/>
+ <cpuid eax_in='0x80000003' ecx_in='0x00' eax='0x55504320' ebx='0x2d334520' ecx='0x35323231' edx='0x20357620'/>
+ <cpuid eax_in='0x80000004' ecx_in='0x00' eax='0x2e332040' ebx='0x48473033' ecx='0x0000007a' edx='0x00000000'/>
+ <cpuid eax_in='0x80000005' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+ <cpuid eax_in='0x80000006' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x01006040' edx='0x00000000'/>
+ <cpuid eax_in='0x80000007' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000100'/>
+ <cpuid eax_in='0x80000008' ecx_in='0x00' eax='0x00003027' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+ <cpuid eax_in='0x80860000' ecx_in='0x00' eax='0x00000ce4' ebx='0x00000e74' ecx='0x00000064' edx='0x00000000'/>
+ <cpuid eax_in='0xc0000000' ecx_in='0x00' eax='0x00000ce4' ebx='0x00000e74' ecx='0x00000064' edx='0x00000000'/>
+</cpudata>
--
2.21.0

39
SOURCES/libvirt-docs-Drop-dev-net-tun-from-the-list-of-shared-devices.patch Normal file
View File

@ -0,0 +1,39 @@
From 7194b00ad873e4b0c8b6b69fac840ae56bda1e91 Mon Sep 17 00:00:00 2001
Message-Id: <7194b00ad873e4b0c8b6b69fac840ae56bda1e91@dist-git>
From: Erik Skultety <eskultet@redhat.com>
Date: Fri, 1 Feb 2019 17:21:53 +0100
Subject: [PATCH] docs: Drop /dev/net/tun from the list of shared devices
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This was a left-over that should have been dropped along the change in
qemu.conf.
Signed-off-by: Erik Skultety <eskultet@redhat.com>
(cherry picked from commit 13500ee28922077010481305b5b55851f310d477)
https: //bugzilla.redhat.com/show_bug.cgi?id=1665400
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
docs/drvqemu.html.in | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/docs/drvqemu.html.in b/docs/drvqemu.html.in
index 13adb5c22b..d51ccf2412 100644
--- a/docs/drvqemu.html.in
+++ b/docs/drvqemu.html.in
@@ -396,8 +396,7 @@ chmod o+x /path/to/directory
/dev/null, /dev/full, /dev/zero,
/dev/random, /dev/urandom,
/dev/ptmx, /dev/kvm, /dev/kqemu,
-/dev/rtc, /dev/hpet, /dev/net/tun,
-/dev/sev
+/dev/rtc, /dev/hpet, /dev/sev
</pre>
<p>
--
2.20.1

173
SOURCES/libvirt-docs-Enhance-polkit-documentation-to-describe-secondary-connection.patch Normal file
View File

@ -0,0 +1,173 @@
From 075028e74f4d11c8b0d3bb3e857e4811b148a4e1 Mon Sep 17 00:00:00 2001
Message-Id: <075028e74f4d11c8b0d3bb3e857e4811b148a4e1@dist-git>
From: John Ferlan <jferlan@redhat.com>
Date: Mon, 5 Nov 2018 07:48:38 -0500
Subject: [PATCH] docs: Enhance polkit documentation to describe secondary
connection
https://bugzilla.redhat.com/show_bug.cgi?id=1631608 (RHEL 8.0)
https://bugzilla.redhat.com/show_bug.cgi?id=1631606 (RHEL 7.7)
Since commit 8259255 usage of a primary connection driver for
a virConnect has been modified to open (virConnectOpen) and use
a connection to the specific driver in order to handle the API
calls to/for that driver. This causes some confusion and issues
for ACL polkit rule scripts to know exactly which driver by
name will be used.
Add some documentation describing the processing of the primary
and secondary connection as well as the list of the connect_driver
names used for each driver.
Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 4f1107614dc1384c4aa7a5582a16aecba8b9310f)
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
docs/aclpolkit.html.in | 117 +++++++++++++++++++++++++++++++++++++++++
docs/libvirt.css | 1 +
2 files changed, 118 insertions(+)
diff --git a/docs/aclpolkit.html.in b/docs/aclpolkit.html.in
index ee00b98461..ac54f125da 100644
--- a/docs/aclpolkit.html.in
+++ b/docs/aclpolkit.html.in
@@ -287,6 +287,123 @@
</tbody>
</table>
+ <h2><a id="connect_driver">Hypervisor Driver connect_driver</a></h2>
+ <p>
+ The <code>connect_driver</code> parameter describes the
+ client's <a href="remote.html">remote Connection Driver</a>
+ name based on the <a href="uri.html">URI</a> used for the
+ connection.
+ </p>
+ <p>
+ <span class="since">Since 4.1.0</span>, when calling an API
+ outside the scope of the primary connection driver, the
+ primary driver will attempt to open a secondary connection
+ to the specific API driver in order to process the API. For
+ example, when hypervisor domain processing needs to make an
+ API call within the storage driver or the network filter driver
+ an attempt to open a connection to the "storage" or "nwfilter"
+ driver will be made. Similarly, a "storage" primary connection
+ may need to create a connection to the "secret" driver in order
+ to process secrets for the API. If successful, then calls to
+ those API's will occur in the <code>connect_driver</code> context
+ of the secondary connection driver rather than in the context of
+ the primary driver. This affects the <code>connect_driver</code>
+ returned from rule generation from the <code>action.loookup</code>
+ function. The following table provides a list of the various
+ connection drivers and the <code>connect_driver</code> name
+ used by each regardless of primary or secondary connection.
+ The access denied error message from libvirt will list the
+ connection driver by name that denied the access.
+ </p>
+
+ <h3><a id="object_connect_driver">Connection Driver Name</a></h3>
+ <table class="acl">
+ <thead>
+ <tr>
+ <th>Connection Driver</th>
+ <th><code>connect_driver</code> name</th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td>bhyve</td>
+ <td>bhyve</td>
+ </tr>
+ <tr>
+ <td>esx</td>
+ <td>ESX</td>
+ </tr>
+ <tr>
+ <td>hyperv</td>
+ <td>Hyper-V</td>
+ </tr>
+ <tr>
+ <td>interface</td>
+ <td>interface</td>
+ </tr>
+ <tr>
+ <td>libxl</td>
+ <td>xenlight</td>
+ </tr>
+ <tr>
+ <td>lxc</td>
+ <td>LXC</td>
+ </tr>
+ <tr>
+ <td>network</td>
+ <td>network</td>
+ </tr>
+ <tr>
+ <td>nodedev</td>
+ <td>nodedev</td>
+ </tr>
+ <tr>
+ <td>nwfilter</td>
+ <td>NWFilter</td>
+ </tr>
+ <tr>
+ <td>openvz</td>
+ <td>OPENVZ</td>
+ </tr>
+ <tr>
+ <td>phyp</td>
+ <td>PHYP</td>
+ </tr>
+ <tr>
+ <td>qemu</td>
+ <td>QEMU</td>
+ </tr>
+ <tr>
+ <td>secret</td>
+ <td>secret</td>
+ </tr>
+ <tr>
+ <td>storage</td>
+ <td>storage</td>
+ </tr>
+ <tr>
+ <td>uml</td>
+ <td>UML</td>
+ </tr>
+ <tr>
+ <td>vbox</td>
+ <td>VBOX</td>
+ </tr>
+ <tr>
+ <td>vmware</td>
+ <td>VMWARE</td>
+ </tr>
+ <tr>
+ <td>vz</td>
+ <td>vz</td>
+ </tr>
+ <tr>
+ <td>xenapi</td>
+ <td>XenAPI</td>
+ </tr>
+ </tbody>
+ </table>
+
<h2><a id="user">User identity attributes</a></h2>
diff --git a/docs/libvirt.css b/docs/libvirt.css
index b2ed33926a..e590b33cfb 100644
--- a/docs/libvirt.css
+++ b/docs/libvirt.css
@@ -393,6 +393,7 @@ table.acl {
table.acl tr, table.acl td {
padding: 0.3em;
+ border: 1px solid #ccc;
}
table.acl thead {
--
2.19.1

44
SOURCES/libvirt-docs-Rephrase-the-mediated-devices-hostdev-section-a-bit.patch Normal file
View File

@ -0,0 +1,44 @@
From 504df691c5175e21a379cb340e88556d2b6cc508 Mon Sep 17 00:00:00 2001
Message-Id: <504df691c5175e21a379cb340e88556d2b6cc508@dist-git>
From: Erik Skultety <eskultet@redhat.com>
Date: Thu, 19 Jul 2018 15:04:04 +0200
Subject: [PATCH] docs: Rephrase the mediated devices hostdev section a bit
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Currently it reads:
Refer MDEV to create a mediated device on the host
...even though it resembles English, it's not a proper English.
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Erik Skultety <eskultet@redhat.com>
(cherry picked from commit 32b52ed838dd393b4249ddcb9d4b17f1deafbc2b)
https://bugzilla.redhat.com/show_bug.cgi?id=1475770
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
docs/formatdomain.html.in | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 3554c3dc30..0e8f0a125f 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -4509,8 +4509,9 @@
determines how the host's vfio driver will expose the device to the
guest. Currently, <code>model='vfio-pci'</code> and
<code>model='vfio-ccw'</code> (<span class="since">Since 4.4.0</span>)
- is supported. Refer <a href="drvnodedev.html#MDEV">MDEV</a> to create
- a mediated device on the host.
+ is supported. <a href="drvnodedev.html#MDEV">MDEV</a> section
+ provides more information about mediated devices as well as how to
+ create mediated devices on the host.
<span class="since">Since 4.6.0 (QEMU 2.12)</span> an optional
<code>display</code> attribute may be used to enable or disable
support for an accelerated remote desktop backed by a mediated
--
2.18.0

39
SOURCES/libvirt-docs-schema-Add-missing-alias-to-vsock-device.patch Normal file
View File

@ -0,0 +1,39 @@
From a998757a131ac8ee6db448bd9806efa4b3a0b11b Mon Sep 17 00:00:00 2001
Message-Id: <a998757a131ac8ee6db448bd9806efa4b3a0b11b@dist-git>
From: Han Han <hhan@redhat.com>
Date: Fri, 13 Jul 2018 13:08:27 +0200
Subject: [PATCH] docs: schema: Add missing <alias> to vsock device
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1600345
Signed-off-by: Han Han <hhan@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
(cherry picked from commit c03d36b91d62890b376a2ff8f9d65fac069dce42)
https: //bugzilla.redhat.com/show_bug.cgi?id=1600345
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
docs/schemas/domaincommon.rng | 3 +++
1 file changed, 3 insertions(+)
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index bd687ce9d3..f24a56392a 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -4234,6 +4234,9 @@
<optional>
<ref name="address"/>
</optional>
+ <optional>
+ <ref name="alias"/>
+ </optional>
</interleave>
</element>
</define>
--
2.18.0

46
SOURCES/libvirt-domain_nwfilter-Return-early-if-net-has-no-name-in-virDomainConfNWFilterTeardownImpl.patch Normal file
View File

@ -0,0 +1,46 @@
From 9996e3dd0e17e3019881e097bc38ac25527cddb1 Mon Sep 17 00:00:00 2001
Message-Id: <9996e3dd0e17e3019881e097bc38ac25527cddb1@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Wed, 25 Jul 2018 13:52:55 +0200
Subject: [PATCH] domain_nwfilter: Return early if net has no name in
virDomainConfNWFilterTeardownImpl
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
https://bugzilla.redhat.com/show_bug.cgi?id=1607831
This function is called from various clean up paths (e.g.
from qemuBuildInterfaceCommandLine). However, depending on the
stage the interface creation process failed at, net->ifname might
still be not filled in when control jumps to cleanup label. If
that is the case return early (avoiding useless error message
produced in virNWFilterBindingLookupByPortDev) as there is no
NWFilter to tear down anyway.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
(cherry picked from commit 3087b27cffdd46ad0e953e061d6f3c519aefd5d8)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/conf/domain_nwfilter.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/conf/domain_nwfilter.c b/src/conf/domain_nwfilter.c
index 24b5f42ddd..f39c8a1f9b 100644
--- a/src/conf/domain_nwfilter.c
+++ b/src/conf/domain_nwfilter.c
@@ -133,6 +133,9 @@ virDomainConfNWFilterTeardownImpl(virConnectPtr conn,
{
virNWFilterBindingPtr binding;
+ if (!net->ifname)
+ return;
+
binding = virNWFilterBindingLookupByPortDev(conn, net->ifname);
if (!binding)
return;
--
2.18.0

42
SOURCES/libvirt-esx-storage-Fix-typo-lsilogic-lsiLogic.patch Normal file
View File

@ -0,0 +1,42 @@
From 19a946157484d0c2e3af38b46401114664da3b48 Mon Sep 17 00:00:00 2001
Message-Id: <19a946157484d0c2e3af38b46401114664da3b48@dist-git>
From: Marcos Paulo de Souza <marcos.souza.org@gmail.com>
Date: Wed, 25 Jul 2018 13:33:50 +0200
Subject: [PATCH] esx storage: Fix typo lsilogic -> lsiLogic
Commit 77298458d027db4d3e082213355e2d792f65158d changed the esx storage
adapter from busLogic to lsilogic, introducing a typo. Changing it back
to lsiLogic (with capital L) solves the issue. With this change, libvirt can now
create volumes in ESX again.
Thanks to Jaroslav Suchanek who figured out what was the issue in the
first place.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1571759
Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>
(cherry picked from commit a1450d774f9412b6589418bf8bcafd12690d098a)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
---
src/esx/esx_storage_backend_vmfs.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/esx/esx_storage_backend_vmfs.c b/src/esx/esx_storage_backend_vmfs.c
index 630a6aa8c9..bb2de4b69f 100644
--- a/src/esx/esx_storage_backend_vmfs.c
+++ b/src/esx/esx_storage_backend_vmfs.c
@@ -967,9 +967,9 @@ esxStorageVolCreateXML(virStoragePoolPtr pool,
/*
* FIXME: The adapter type is a required parameter, but there is no
* way to let the user specify it in the volume XML config. Therefore,
- * default to 'lsilogic' here.
+ * default to 'lsiLogic' here.
*/
- virtualDiskSpec->adapterType = (char *)"lsilogic";
+ virtualDiskSpec->adapterType = (char *)"lsiLogic";
virtualDiskSpec->capacityKb->value =
VIR_DIV_UP(def->target.capacity, 1024); /* Scale from byte to kilobyte */
--
2.18.0

77
SOURCES/libvirt-examples-Add-clean-traffic-gateway-into-nwfilters.patch Normal file
View File

@ -0,0 +1,77 @@
From 8eb23363ec3f89792c638c72832ff99ae5ec8169 Mon Sep 17 00:00:00 2001
Message-Id: <8eb23363ec3f89792c638c72832ff99ae5ec8169@dist-git>
From: Ales Musil <amusil@redhat.com>
Date: Sun, 29 Jul 2018 16:56:18 +0200
Subject: [PATCH] examples: Add clean-traffic-gateway into nwfilters
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The filter purpose is to simulate isolated private VLAN.
The behavior can be achieved by limiting network traffic
to traffic between VM and gateway. Because there is no
concept of the PVLAN in the linux bridge.
The filter also contains parts from clean-traffic
to prevent VM from spoofing its IP and MAC address.
To use this filter the user just needs to set
the GATEWAY_MAC variable to gateway MAC address.
Signed-off-by: Ales Musil <amusil@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit ac01fbc90b7eb4ccc7a6140d618d1a3859365155)
https://bugzilla.redhat.com/show_bug.cgi?id=1603115
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
.../xml/nwfilter/clean-traffic-gateway.xml | 34 +++++++++++++++++++
1 file changed, 34 insertions(+)
create mode 100644 examples/xml/nwfilter/clean-traffic-gateway.xml
diff --git a/examples/xml/nwfilter/clean-traffic-gateway.xml b/examples/xml/nwfilter/clean-traffic-gateway.xml
new file mode 100644
index 0000000000..b8c204041a
--- /dev/null
+++ b/examples/xml/nwfilter/clean-traffic-gateway.xml
@@ -0,0 +1,34 @@
+<filter name='clean-traffic-gateway'>
+ <!-- An example of a traffic filter enforcing clean traffic
+ from a VM by
+ - preventing MAC spoofing -->
+ <filterref filter='no-mac-spoofing'/>
+
+ <!-- preventing IP spoofing on outgoing -->
+ <filterref filter='no-ip-spoofing'/>
+
+ <!-- preventing ARP spoofing/poisoning -->
+ <filterref filter='no-arp-spoofing'/>
+
+ <!-- accept all other incoming and outgoing ARP traffic -->
+ <rule action='accept' direction='inout' priority='-500'>
+ <mac protocolid='arp'/>
+ </rule>
+
+ <!-- accept traffic only from specified MAC address -->
+ <rule action='accept' direction='in'>
+ <mac match='yes' srcmacaddr='$GATEWAY_MAC'/>
+ </rule>
+
+ <!-- allow traffic only to specified MAC address -->
+ <rule action='accept' direction='out'>
+ <mac match='yes' dstmacaddr='$GATEWAY_MAC'/>
+ </rule>
+
+ <!-- preventing any other traffic than between specified MACs
+ and ARP -->
+ <filterref filter='no-other-l2-traffic'/>
+
+ <!-- allow qemu to send a self-announce upon migration end -->
+ <filterref filter='qemu-announce-self'/>
+</filter>
--
2.18.0

332
SOURCES/libvirt-network-allow-configuring-firewalld-zone-for-virtual-network-bridge-device.patch Normal file
View File

@ -0,0 +1,332 @@
From 69de85ec80efd714528955e9c0ab67ee6811c824 Mon Sep 17 00:00:00 2001
Message-Id: <69de85ec80efd714528955e9c0ab67ee6811c824@dist-git>
From: Laine Stump <laine@laine.org>
Date: Fri, 1 Feb 2019 20:29:32 -0500
Subject: [PATCH] network: allow configuring firewalld zone for virtual network
bridge device
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Since we're setting the zone anyway, it will be useful to allow
setting a different (custom) zone for each network. This will be done
by adding a "zone" attribute to the "bridge" element, e.g.:
...
<bridge name='virbr0' zone='myzone'/>
...
If a zone is specified in the config and it can't be honored, this
will be an error.
Signed-off-by: Laine Stump <laine@laine.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 30a6f9168634f8ce269f1ef294c4a18d9c95939c)
Conflicts:
src/conf/network_conf.c - upstream added a new bool called
hasBridge that is the equivalent of all the comparisons in the
if() just following the line that adds "zone='blah'" to the xml
string.
https://bugzilla.redhat.com/1650320
Signed-off-by: Laine Stump <laine@laine.org>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
docs/firewall.html.in | 5 ++
docs/formatnetwork.html.in | 17 ++++
docs/schemas/basictypes.rng | 6 ++
docs/schemas/network.rng | 6 ++
src/conf/network_conf.c | 14 +++-
src/conf/network_conf.h | 1 +
src/network/bridge_driver_linux.c | 95 +++++++++++++---------
tests/networkxml2xmlin/routed-network.xml | 2 +-
tests/networkxml2xmlout/routed-network.xml | 2 +-
9 files changed, 106 insertions(+), 42 deletions(-)
diff --git a/docs/firewall.html.in b/docs/firewall.html.in
index 5d584e582e..e86ab0d974 100644
--- a/docs/firewall.html.in
+++ b/docs/firewall.html.in
@@ -151,6 +151,11 @@ MASQUERADE all -- * * 192.168.122.0/24 !192.168.122.0/24</pre>
iptables rules regardless of which backend is in use by
firewalld.
</p>
+ <p>
+ NB: It is possible to manually set the firewalld zone for a
+ network's interface with the "zone" attribute of the network's
+ "bridge" element.
+ </p>
<p>
NB: Prior to libvirt 5.1.0, the firewalld "libvirt" zone did not
exist, and prior to firewalld 0.7.0 a feature crucial to making
diff --git a/docs/formatnetwork.html.in b/docs/formatnetwork.html.in
index 363a72bbc9..7ddcfee127 100644
--- a/docs/formatnetwork.html.in
+++ b/docs/formatnetwork.html.in
@@ -152,6 +152,23 @@
<span class="since">Since 1.2.11, requires kernel 3.17 or
newer</span>
</p>
+
+ <p>
+ The optional <code>zone</code> attribute of
+ the <code>bridge</code> element is used to specify
+ the <a href="https://firewalld.org">firewalld</a>
+ zone for the bridge of a network with <code>forward</code>
+ mode of "nat", "route", "open", or one with
+ no <code>forward</code> specified. By default, the bridges
+ of all virtual networks with these forward modes are placed
+ in the firewalld zone named "libvirt", which permits
+ incoming DNS, DHCP, TFTP, and SSH to the host from guests on
+ the network. This behavior can be changed either by
+ modifying the libvirt zone (using firewalld management
+ tools), or by placing the network in a different zone (which
+ will also be managed using firewalld tools).
+ <span class="since">Since 5.1.0</span>
+ </p>
</dd>
<dt><code>mtu</code></dt>
diff --git a/docs/schemas/basictypes.rng b/docs/schemas/basictypes.rng
index 1a18cd31b1..b45a7fcdc8 100644
--- a/docs/schemas/basictypes.rng
+++ b/docs/schemas/basictypes.rng
@@ -252,6 +252,12 @@
</data>
</define>
+ <define name="zoneName">
+ <data type="string">
+ <param name="pattern">[a-zA-Z0-9_\-]+</param>
+ </data>
+ </define>
+
<define name="filePath">
<data type="string">
<param name="pattern">.+</param>
diff --git a/docs/schemas/network.rng b/docs/schemas/network.rng
index f37c422bf3..2a6e3358fd 100644
--- a/docs/schemas/network.rng
+++ b/docs/schemas/network.rng
@@ -58,6 +58,12 @@
</attribute>
</optional>
+ <optional>
+ <attribute name="zone">
+ <ref name="zoneName"/>
+ </attribute>
+ </optional>
+
<optional>
<attribute name="stp">
<ref name="virOnOff"/>
diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c
index 630a87fc07..1e3650b70f 100644
--- a/src/conf/network_conf.c
+++ b/src/conf/network_conf.c
@@ -206,6 +206,7 @@ virNetworkDefFree(virNetworkDefPtr def)
VIR_FREE(def->name);
VIR_FREE(def->bridge);
+ VIR_FREE(def->bridgeZone);
VIR_FREE(def->domain);
virNetworkForwardDefClear(&def->forward);
@@ -1689,6 +1690,7 @@ virNetworkDefParseXML(xmlXPathContextPtr ctxt)
/* Parse bridge information */
def->bridge = virXPathString("string(./bridge[1]/@name)", ctxt);
+ def->bridgeZone = virXPathString("string(./bridge[1]/@zone)", ctxt);
stp = virXPathString("string(./bridge[1]/@stp)", ctxt);
def->stp = (stp && STREQ(stp, "off")) ? false : true;
@@ -1925,6 +1927,13 @@ virNetworkDefParseXML(xmlXPathContextPtr ctxt)
def->name);
goto error;
}
+ if (def->bridgeZone) {
+ virReportError(VIR_ERR_XML_ERROR,
+ _("bridge zone not allowed in %s mode (network '%s')"),
+ virNetworkForwardTypeToString(def->forward.type),
+ def->name);
+ goto error;
+ }
if (def->macTableManager) {
virReportError(VIR_ERR_XML_ERROR,
_("bridge macTableManager setting not allowed "
@@ -1936,9 +1945,9 @@ virNetworkDefParseXML(xmlXPathContextPtr ctxt)
ATTRIBUTE_FALLTHROUGH;
case VIR_NETWORK_FORWARD_BRIDGE:
- if (def->delay || stp) {
+ if (def->delay || stp || def->bridgeZone) {
virReportError(VIR_ERR_XML_ERROR,
- _("bridge delay/stp options only allowed in "
+ _("bridge delay/stp/zone options only allowed in "
"route, nat, and isolated mode, not in %s "
"(network '%s')"),
virNetworkForwardTypeToString(def->forward.type),
@@ -2478,6 +2487,7 @@ virNetworkDefFormatBuf(virBufferPtr buf,
virBufferAddLit(buf, "<bridge");
virBufferEscapeString(buf, " name='%s'", def->bridge);
+ virBufferEscapeString(buf, " zone='%s'", def->bridgeZone);
if (def->forward.type == VIR_NETWORK_FORWARD_NONE ||
def->forward.type == VIR_NETWORK_FORWARD_NAT ||
def->forward.type == VIR_NETWORK_FORWARD_ROUTE ||
diff --git a/src/conf/network_conf.h b/src/conf/network_conf.h
index 54c8ed1c4c..415792166f 100644
--- a/src/conf/network_conf.h
+++ b/src/conf/network_conf.h
@@ -237,6 +237,7 @@ struct _virNetworkDef {
int connections; /* # of guest interfaces connected to this network */
char *bridge; /* Name of bridge device */
+ char *bridgeZone; /* name of firewalld zone for bridge */
int macTableManager; /* enum virNetworkBridgeMACTableManager */
char *domain;
int domainLocalOnly; /* enum virTristateBool: yes disables dns forwarding */
diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_linux.c
index 823d5a9742..121d42b646 100644
--- a/src/network/bridge_driver_linux.c
+++ b/src/network/bridge_driver_linux.c
@@ -642,49 +642,68 @@ int networkAddFirewallRules(virNetworkDefPtr def)
virFirewallPtr fw = NULL;
int ret = -1;
- /* if firewalld is active, try to set the "libvirt" zone. This is
- * desirable (for consistency) if firewalld is using the iptables
- * backend, but is necessary (for basic network connectivity) if
- * firewalld is using the nftables backend
- */
- if (virFirewallDIsRegistered() == 0) {
+ if (def->bridgeZone) {
- /* if the "libvirt" zone exists, then set it. If not, and
- * if firewalld is using the nftables backend, then we
- * need to log an error because the combination of
- * nftables + default zone means that traffic cannot be
- * forwarded (and even DHCP and DNS from guest to host
- * will probably no be permitted by the default zone
+ /* if a firewalld zone has been specified, fail/log an error
+ * if we can't honor it
*/
- if (virFirewallDZoneExists("libvirt")) {
- if (virFirewallDInterfaceSetZone(def->bridge, "libvirt") < 0)
- goto cleanup;
- } else {
- unsigned long version;
- int vresult = virFirewallDGetVersion(&version);
+ if (virFirewallDIsRegistered() < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("zone %s requested for network %s "
+ "but firewalld is not active"),
+ def->bridgeZone, def->name);
+ goto cleanup;
+ }
- if (vresult < 0)
- goto cleanup;
+ if (virFirewallDInterfaceSetZone(def->bridge, def->bridgeZone) < 0)
+ goto cleanup;
- /* Support for nftables backend was added in firewalld
- * 0.6.0. Support for rule priorities (required by the
- * 'libvirt' zone, which should be installed by a
- * libvirt package, *not* by firewalld) was not added
- * until firewalld 0.7.0 (unless it was backported).
+ } else {
+
+ /* if firewalld is active, try to set the "libvirt" zone. This is
+ * desirable (for consistency) if firewalld is using the iptables
+ * backend, but is necessary (for basic network connectivity) if
+ * firewalld is using the nftables backend
+ */
+ if (virFirewallDIsRegistered() == 0) {
+
+ /* if the "libvirt" zone exists, then set it. If not, and
+ * if firewalld is using the nftables backend, then we
+ * need to log an error because the combination of
+ * nftables + default zone means that traffic cannot be
+ * forwarded (and even DHCP and DNS from guest to host
+ * will probably no be permitted by the default zone
*/
- if (version >= 6000 &&
- virFirewallDGetBackend() == VIR_FIREWALLD_BACKEND_NFTABLES) {
- virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("firewalld is set to use the nftables "
- "backend, but the required firewalld "
- "'libvirt' zone is missing. Either set "
- "the firewalld backend to 'iptables', or "
- "ensure that firewalld has a 'libvirt' "
- "zone by upgrading firewalld to a "
- "version supporting rule priorities "
- "(0.7.0+) and/or rebuilding "
- "libvirt with --with-firewalld-zone"));
- goto cleanup;
+ if (virFirewallDZoneExists("libvirt")) {
+ if (virFirewallDInterfaceSetZone(def->bridge, "libvirt") < 0)
+ goto cleanup;
+ } else {
+ unsigned long version;
+ int vresult = virFirewallDGetVersion(&version);
+
+ if (vresult < 0)
+ goto cleanup;
+
+ /* Support for nftables backend was added in firewalld
+ * 0.6.0. Support for rule priorities (required by the
+ * 'libvirt' zone, which should be installed by a
+ * libvirt package, *not* by firewalld) was not added
+ * until firewalld 0.7.0 (unless it was backported).
+ */
+ if (version >= 6000 &&
+ virFirewallDGetBackend() == VIR_FIREWALLD_BACKEND_NFTABLES) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("firewalld is set to use the nftables "
+ "backend, but the required firewalld "
+ "'libvirt' zone is missing. Either set "
+ "the firewalld backend to 'iptables', or "
+ "ensure that firewalld has a 'libvirt' "
+ "zone by upgrading firewalld to a "
+ "version supporting rule priorities "
+ "(0.7.0+) and/or rebuilding "
+ "libvirt with --with-firewalld-zone"));
+ goto cleanup;
+ }
}
}
}
diff --git a/tests/networkxml2xmlin/routed-network.xml b/tests/networkxml2xmlin/routed-network.xml
index ab5e15b1f6..fce01df132 100644
--- a/tests/networkxml2xmlin/routed-network.xml
+++ b/tests/networkxml2xmlin/routed-network.xml
@@ -1,7 +1,7 @@
<network>
<name>local</name>
<uuid>81ff0d90-c91e-6742-64da-4a736edb9a9b</uuid>
- <bridge name="virbr1"/>
+ <bridge name="virbr1" zone="myzone"/>
<mac address='12:34:56:78:9A:BC'/>
<forward mode="route" dev="eth1"/>
<ip address="192.168.122.1" netmask="255.255.255.0">
diff --git a/tests/networkxml2xmlout/routed-network.xml b/tests/networkxml2xmlout/routed-network.xml
index 81abf06e9f..2e13cf4ffa 100644
--- a/tests/networkxml2xmlout/routed-network.xml
+++ b/tests/networkxml2xmlout/routed-network.xml
@@ -4,7 +4,7 @@
<forward dev='eth1' mode='route'>
<interface dev='eth1'/>
</forward>
- <bridge name='virbr1' stp='on' delay='0'/>
+ <bridge name='virbr1' zone='myzone' stp='on' delay='0'/>
<mac address='12:34:56:78:9a:bc'/>
<ip address='192.168.122.1' netmask='255.255.255.0'>
</ip>
--
2.20.1

61
SOURCES/libvirt-network-explicitly-allow-icmp-icmpv6-in-libvirt-zonefile.patch Normal file
View File

@ -0,0 +1,61 @@
From f649b1f8a050402bbd1d28ee78e1522121347977 Mon Sep 17 00:00:00 2001
Message-Id: <f649b1f8a050402bbd1d28ee78e1522121347977@dist-git>
From: Laine Stump <laine@laine.org>
Date: Thu, 14 Feb 2019 15:26:55 -0500
Subject: [PATCH] network: explicitly allow icmp/icmpv6 in libvirt zonefile
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The libvirt zonefile for firewalld (added in commit 3b71f2e4) does the
following:
1) lists specific services it wants to allow, then
2) uses a lower priority <reject/> rule to block all other services to
the host, and then finally,
3) relies on the zone's default "accept" policy to, accept all
forwarded traffic (since forwarded traffic is ignored by the
slightly higher priority <reject/> rule in (2)).
I had assumed that icmp traffic was either being allowed at the top of
the rules, or that it would be ignored by the <reject/> rule and
passed by the default accept policy (similar to forwarded traffic),
but this assumption was incorrect; the <reject/> rule does block icmp
traffic. This became apparent when DHCPv6 which requires ICMPv6 in
addition to udp/dhcpv6) failed to work.
This all means that in order to achieve our original goal of "similar
behavior to a default reject policy, but also allowing forwarded
traffic", we need to add rules to allow all icmp and icmpv6 traffic to
the libvirt zone, and that's what this patch does.
This is a further refinement of the resolution to
https://bugzilla.redhat.com/1650320
Signed-off-by: Laine Stump <laine@laine.org>
Acked-by: Eric Garver <eric@garver.life>
(cherry picked from commit 41adfe8ca932e9fa34cd1b3f238c17b52e6b3888)
Message-Id: <20190214202655.22715-1-laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/network/libvirt.zone | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/network/libvirt.zone b/src/network/libvirt.zone
index bf81db1b6e..b1e84b52ec 100644
--- a/src/network/libvirt.zone
+++ b/src/network/libvirt.zone
@@ -15,6 +15,8 @@
<rule priority='32767'>
<reject/>
</rule>
+<protocol value='icmp'/>
+<protocol value='ipv6-icmp'/>
<service name='dhcp'/>
<service name='dhcpv6'/>
<service name='dns'/>
--
2.20.1

174
SOURCES/libvirt-network-set-firewalld-zone-of-bridges-to-libvirt-zone-when-appropriate.patch Normal file
View File

@ -0,0 +1,174 @@
From 8cc240a1652a465727d5b66d9fb6a5fa71656dba Mon Sep 17 00:00:00 2001
Message-Id: <8cc240a1652a465727d5b66d9fb6a5fa71656dba@dist-git>
From: Laine Stump <laine@redhat.com>
Date: Fri, 1 Feb 2019 20:29:31 -0500
Subject: [PATCH] network: set firewalld zone of bridges to "libvirt" zone when
appropriate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This patch restores broken guest network connectivity after a host
firewalld is switched to using an nftables backend. It does this by
adding libvirt networks' bridge interfaces to the new "libvirt" zone
in firewalld.
After this patch, the bridge interface of any network created by
libvirt (when firewalld is active) will be added to the firewalld
zone called "libvirt" if it exists (regardless of the firewalld
backend setting). This behavior does *not* depend on whether or not
libvirt has installed the libvirt zone file (set with
"--with[out]-firewalld-zone" during the configure phase of the package
build).
If the libvirt zone doesn't exist (either because the package was
configured to not install it, or possibly it was installed, but
firewalld doesn't support rule priorities, resulting in a parse
error), the bridge will remain in firewalld's default zone, which
could be innocuous (in the case that the firewalld backend is
iptables, guest networking will still function properly with the
bridge in the default zone), or it could be disastrous (if the
firewalld backend is nftables, we can be assured that guest networking
will fail). In order to be unobtrusive in the former case, and
informative in the latter, when the libvirt zone doesn't exist we
then check the firewalld version to see if it's new enough to support
the nftables backend, and then if the backend is actually set to
nftables, before logging an error (and failing the net-start
operation, since the network couldn't possibly work anyway).
When the libvirt zone is used, network behavior is *slightly*
different from behavior of previous libvirt. In the past, libvirt
network behavior would be affected by the configuration of firewalld's
default zone (usually "public"), but now it is affected only by the
"libvirt" zone), and thus almost surely warrants a release note for
any distro upgrading to libvirt 5.1 or above. Although it's
unfortunate that we have to deal with a mandatory behavior change, the
architecture of multiple hooks makes it impossible to *not* change
behavior in some way, and the new behavior is arguably better (since
it will now be possible to manage access to the host from virtual
machines vs from public interfaces separately).
Creates-and-Resolves: https://bugzilla.redhat.com/1650320
Resolves: https://bugzilla.redhat.com/1638342
Signed-off-by: Laine Stump <laine@laine.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit ae05211a360077f56883cd0a6c0f82ed57f746cb)
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
docs/firewall.html.in | 33 +++++++++++++++++++++
src/network/bridge_driver_linux.c | 48 +++++++++++++++++++++++++++++++
2 files changed, 81 insertions(+)
diff --git a/docs/firewall.html.in b/docs/firewall.html.in
index 0a50687c26..5d584e582e 100644
--- a/docs/firewall.html.in
+++ b/docs/firewall.html.in
@@ -129,6 +129,39 @@ MASQUERADE all -- * * 192.168.122.0/24 !192.168.122.0/24</pre>
</li>
</ul>
+ <h3><a id="fw-firewalld-and-virtual-network-driver">firewalld and the virtual network driver</a>
+ </h3>
+ <p>
+ If <a href="https://firewalld.org">firewalld</a> is active on
+ the host, libvirt will attempt to place the bridge interface of
+ a libvirt virtual network into the firewalld zone named
+ "libvirt" (thus making all guest->host traffic on that network
+ subject to the rules of the "libvirt" zone). This is done
+ because, if firewalld is using its nftables backend (available
+ since firewalld 0.6.0) the default firewalld zone (which would
+ be used if libvirt didn't explicitly set the zone) prevents
+ forwarding traffic from guests through the bridge, as well as
+ preventing DHCP, DNS, and most other traffic from guests to
+ host. The zone named "libvirt" is installed into the firewalld
+ configuration by libvirt (not by firewalld), and allows
+ forwarded traffic through the bridge as well as DHCP, DNS, TFTP,
+ and SSH traffic to the host - depending on firewalld's backend
+ this will be implemented via either iptables or nftables
+ rules. libvirt's own rules outlined above will *always* be
+ iptables rules regardless of which backend is in use by
+ firewalld.
+ </p>
+ <p>
+ NB: Prior to libvirt 5.1.0, the firewalld "libvirt" zone did not
+ exist, and prior to firewalld 0.7.0 a feature crucial to making
+ the "libvirt" zone operate properly (rich rule priority
+ settings) was not implemented in firewalld. In cases where one
+ or the other of the two packages is missing the necessary
+ functionality, it's still possible to have functional guest
+ networking by setting the firewalld backend to "iptables" (in
+ firewalld prior to 0.6.0, this was the only backend available).
+ </p>
+
<h3><a id="fw-network-filter-driver">The network filter driver</a>
</h3>
<p>This driver provides a fully configurable network filtering capability
diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_linux.c
index 3effcdce22..823d5a9742 100644
--- a/src/network/bridge_driver_linux.c
+++ b/src/network/bridge_driver_linux.c
@@ -29,6 +29,7 @@
#include "virstring.h"
#include "virlog.h"
#include "virfirewall.h"
+#include "virfirewalld.h"
#define VIR_FROM_THIS VIR_FROM_NONE
@@ -641,6 +642,53 @@ int networkAddFirewallRules(virNetworkDefPtr def)
virFirewallPtr fw = NULL;
int ret = -1;
+ /* if firewalld is active, try to set the "libvirt" zone. This is
+ * desirable (for consistency) if firewalld is using the iptables
+ * backend, but is necessary (for basic network connectivity) if
+ * firewalld is using the nftables backend
+ */
+ if (virFirewallDIsRegistered() == 0) {
+
+ /* if the "libvirt" zone exists, then set it. If not, and
+ * if firewalld is using the nftables backend, then we
+ * need to log an error because the combination of
+ * nftables + default zone means that traffic cannot be
+ * forwarded (and even DHCP and DNS from guest to host
+ * will probably no be permitted by the default zone
+ */
+ if (virFirewallDZoneExists("libvirt")) {
+ if (virFirewallDInterfaceSetZone(def->bridge, "libvirt") < 0)
+ goto cleanup;
+ } else {
+ unsigned long version;
+ int vresult = virFirewallDGetVersion(&version);
+
+ if (vresult < 0)
+ goto cleanup;
+
+ /* Support for nftables backend was added in firewalld
+ * 0.6.0. Support for rule priorities (required by the
+ * 'libvirt' zone, which should be installed by a
+ * libvirt package, *not* by firewalld) was not added
+ * until firewalld 0.7.0 (unless it was backported).
+ */
+ if (version >= 6000 &&
+ virFirewallDGetBackend() == VIR_FIREWALLD_BACKEND_NFTABLES) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("firewalld is set to use the nftables "
+ "backend, but the required firewalld "
+ "'libvirt' zone is missing. Either set "
+ "the firewalld backend to 'iptables', or "
+ "ensure that firewalld has a 'libvirt' "
+ "zone by upgrading firewalld to a "
+ "version supporting rule priorities "
+ "(0.7.0+) and/or rebuilding "
+ "libvirt with --with-firewalld-zone"));
+ goto cleanup;
+ }
+ }
+ }
+
fw = virFirewallNew();
virFirewallStartTransaction(fw, 0);
--
2.20.1

59
SOURCES/libvirt-networkGetDHCPLeases-Don-t-always-report-error-if-unable-to-read-leases-file.patch Normal file
View File

@ -0,0 +1,59 @@
From dfd454d377c90f5a039c6a8487703dd604bffabc Mon Sep 17 00:00:00 2001
Message-Id: <dfd454d377c90f5a039c6a8487703dd604bffabc@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Thu, 26 Jul 2018 11:41:09 +0200
Subject: [PATCH] networkGetDHCPLeases: Don't always report error if unable to
read leases file
https://bugzilla.redhat.com/show_bug.cgi?id=1600468
If we are unable to read leases file (no matter what the reason
is), we return 0 - just like if there were no leases. However,
because we use virFileReadAll() an error is printed into the log.
Note that not all networks have leases file - only those for
which we start dnsmasq.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
(cherry picked from commit 142c4b10fd8f55b7d2e86f5a184608da70f2edd3)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
---
src/network/bridge_driver.c | 21 ++++++++++++++-------
1 file changed, 14 insertions(+), 7 deletions(-)
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index ac849581ec..1ad95d524c 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -4157,13 +4157,20 @@ networkGetDHCPLeases(virNetworkPtr net,
custom_lease_file = networkDnsmasqLeaseFileNameCustom(driver, def->bridge);
/* Read entire contents */
- if ((custom_lease_file_len = virFileReadAll(custom_lease_file,
- VIR_NETWORK_DHCP_LEASE_FILE_SIZE_MAX,
- &lease_entries)) < 0) {
- /* Even though src/network/leaseshelper.c guarantees the existence of
- * leases file (even if no leases are present), and the control reaches
- * here, instead of reporting error, return 0 leases */
- rv = 0;
+ if ((custom_lease_file_len = virFileReadAllQuiet(custom_lease_file,
+ VIR_NETWORK_DHCP_LEASE_FILE_SIZE_MAX,
+ &lease_entries)) < 0) {
+ /* Not all networks are guaranteed to have leases file.
+ * Only those which run dnsmasq. Therefore, if we failed
+ * to read the leases file, don't report error. Return 0
+ * leases instead. */
+ if (errno == ENOENT) {
+ rv = 0;
+ } else {
+ virReportSystemError(errno,
+ _("Unable to read leases file: %s"),
+ custom_lease_file);
+ }
goto error;
}
--
2.18.0

79
SOURCES/libvirt-nwfilter-Resolve-SEGV-for-NWFilter-Snoop-processing.patch Normal file
View File

@ -0,0 +1,79 @@
From 6293887f71e7db7ea8a3923aacf7d0fb27b47559 Mon Sep 17 00:00:00 2001
Message-Id: <6293887f71e7db7ea8a3923aacf7d0fb27b47559@dist-git>
From: John Ferlan <jferlan@redhat.com>
Date: Thu, 26 Jul 2018 09:39:32 -0400
Subject: [PATCH] nwfilter: Resolve SEGV for NWFilter Snoop processing
https://bugzilla.redhat.com/show_bug.cgi?id=1599973
Commit id fca9afa08 changed the @req->ifname to use
@req->binding->portdevname fillingin the @req->binding
in a similar way that @req->ifname would have been
filled in during virNWFilterDHCPSnoopReq processing.
However, in doing so it did not take into account some
code paths where the @req->binding should be checked
instead of @req->binding->portdevname. These checks
led to SEGVs in some cases during libvirtd reload
processing in virNWFilterSnoopRemAllReqIter (for
stop during nwfilterStateCleanup processing) and
virNWFilterSnoopReqLeaseDel (for start during
nwfilterStateInitialize processing).
In particular, when reading the nwfilter.leases file
a new @req is created, but the @req->binding is not
filled in. That's left to virNWFilterDHCPSnoopReq
processing which checks if the @req already exists
in the @virNWFilterSnoopState.snoopReqs hash table
after adding a virNWFilterSnoopState.ifnameToKey
entry for the @req->binding->portdevname by a
@ref->ikey value.
NB: virNWFilterSnoopIPLeaseInstallRule and
virNWFilterDHCPSnoopThread do not need the
req->binding check since they can only be called
after the filter->binding is created/assigned.
Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 5229494b01acf97dbc6f3028e9718667e9e1426a)
Reviewed-by: Erik Skultety <eskultet@redhat.com>
---
src/nwfilter/nwfilter_dhcpsnoop.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/nwfilter/nwfilter_dhcpsnoop.c b/src/nwfilter/nwfilter_dhcpsnoop.c
index 533c45f080..2ae134ed19 100644
--- a/src/nwfilter/nwfilter_dhcpsnoop.c
+++ b/src/nwfilter/nwfilter_dhcpsnoop.c
@@ -846,7 +846,7 @@ virNWFilterSnoopReqLeaseDel(virNWFilterSnoopReqPtr req,
int ret = 0;
virNWFilterSnoopIPLeasePtr ipl;
char *ipstr = NULL;
- int ipAddrLeft;
+ int ipAddrLeft = 0;
/* protect req->start, req->ifname and the lease */
virNWFilterSnoopReqLock(req);
@@ -867,7 +867,8 @@ virNWFilterSnoopReqLeaseDel(virNWFilterSnoopReqPtr req,
if (update_leasefile)
virNWFilterSnoopLeaseFileSave(ipl);
- ipAddrLeft = virNWFilterIPAddrMapDelIPAddr(req->binding->portdevname, ipstr);
+ if (req->binding)
+ ipAddrLeft = virNWFilterIPAddrMapDelIPAddr(req->binding->portdevname, ipstr);
if (!req->threadkey || !instantiate)
goto skip_instantiate;
@@ -2037,7 +2038,7 @@ virNWFilterSnoopRemAllReqIter(const void *payload,
/* protect req->binding->portdevname */
virNWFilterSnoopReqLock(req);
- if (req->binding->portdevname) {
+ if (req->binding && req->binding->portdevname) {
ignore_value(virHashRemoveEntry(virNWFilterSnoopState.ifnameToKey,
req->binding->portdevname));
--
2.18.0

80
SOURCES/libvirt-qemu-Add-capability-for-the-HTM-pSeries-feature.patch Normal file
View File

@ -0,0 +1,80 @@
From 2069f9ba35378cf58c5636583ce76e68bead5a03 Mon Sep 17 00:00:00 2001
Message-Id: <2069f9ba35378cf58c5636583ce76e68bead5a03@dist-git>
From: Andrea Bolognani <abologna@redhat.com>
Date: Tue, 3 Jul 2018 15:25:15 +0200
Subject: [PATCH] qemu: Add capability for the HTM pSeries feature
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
(cherry picked from commit 755a5765accf8fe9b2b8ec3fb01c37ac91313c7c)
https: //bugzilla.redhat.com/show_bug.cgi?id=1525599
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: David Gibson <dgibson@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_capabilities.c | 2 ++
src/qemu/qemu_capabilities.h | 1 +
tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml | 1 +
tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml | 1 +
4 files changed, 5 insertions(+)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 37c8fbe3d3..c7da916f9a 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -501,6 +501,7 @@ VIR_ENUM_IMPL(virQEMUCaps, QEMU_CAPS_LAST,
/* 310 */
"sev-guest",
"machine.pseries.cap-hpt-max-page-size",
+ "machine.pseries.cap-htm",
);
@@ -1431,6 +1432,7 @@ static struct virQEMUCapsStringFlags virQEMUCapsObjectPropsMemoryBackendFile[] =
static struct virQEMUCapsStringFlags virQEMUCapsObjectPropsSPAPRMachine[] = {
{ "cap-hpt-max-page-size", QEMU_CAPS_MACHINE_PSERIES_CAP_HPT_MAX_PAGE_SIZE },
+ { "cap-htm", QEMU_CAPS_MACHINE_PSERIES_CAP_HTM },
};
static virQEMUCapsObjectTypeProps virQEMUCapsObjectProps[] = {
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index df9bf49abb..a048a1cf02 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -485,6 +485,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */
/* 310 */
QEMU_CAPS_SEV_GUEST, /* -object sev-guest,... */
QEMU_CAPS_MACHINE_PSERIES_CAP_HPT_MAX_PAGE_SIZE, /* -machine pseries.cap-hpt-max-page-size */
+ QEMU_CAPS_MACHINE_PSERIES_CAP_HTM, /* -machine pseries.cap-htm */
QEMU_CAPS_LAST /* this must always be the last item */
} virQEMUCapsFlags;
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml b/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml
index 2ee582f343..7139179304 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml
@@ -166,6 +166,7 @@
<flag name='vhost-vsock'/>
<flag name='chardev-fd-pass'/>
<flag name='tpm-emulator'/>
+ <flag name='machine.pseries.cap-htm'/>
<version>2011090</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>428334</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml b/tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml
index 7e958b2efc..33cd00e613 100644
--- a/tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml
@@ -166,6 +166,7 @@
<flag name='chardev-fd-pass'/>
<flag name='tpm-emulator'/>
<flag name='machine.pseries.cap-hpt-max-page-size'/>
+ <flag name='machine.pseries.cap-htm'/>
<version>2012050</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>446771</microcodeVersion>
--
2.18.0

343
SOURCES/libvirt-qemu-Add-ccw-support-for-vhost-vsock.patch Normal file
View File

@ -0,0 +1,343 @@
From 31a61d20cc35f444b2b49deb146d667fb122668d Mon Sep 17 00:00:00 2001
Message-Id: <31a61d20cc35f444b2b49deb146d667fb122668d@dist-git>
From: Boris Fiuczynski <fiuczy@linux.ibm.com>
Date: Wed, 17 Apr 2019 14:46:01 +0200
Subject: [PATCH] qemu: Add ccw support for vhost-vsock
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Add support and tests for vhost-vsock-ccw.
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
(cherry picked from commit 927ef9f2a6ba22213501e99dcf5ecb5f62f8f72d)
Signed-off-by: Ján Tomko <jtomko@redhat.com>
RHEL 8.1: https://bugzilla.redhat.com/show_bug.cgi?id=1698855
Message-Id: <ec91ac8fd92152e31ce4af53b4d38725cff805a7.1555505143.git.jtomko@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
---
src/qemu/qemu_command.c | 8 +++--
src/qemu/qemu_domain.c | 10 ++++--
src/qemu/qemu_domain_address.c | 7 +++-
.../vhost-vsock-ccw-auto.s390x-latest.args | 32 +++++++++++++++++++
.../qemuxml2argvdata/vhost-vsock-ccw-auto.xml | 25 +++++++++++++++
.../vhost-vsock-ccw.s390x-latest.args | 32 +++++++++++++++++++
tests/qemuxml2argvdata/vhost-vsock-ccw.xml | 32 +++++++++++++++++++
tests/qemuxml2argvtest.c | 2 ++
.../vhost-vsock-ccw-auto.xml | 32 +++++++++++++++++++
tests/qemuxml2xmloutdata/vhost-vsock-ccw.xml | 1 +
tests/qemuxml2xmltest.c | 5 +++
11 files changed, 181 insertions(+), 5 deletions(-)
create mode 100644 tests/qemuxml2argvdata/vhost-vsock-ccw-auto.s390x-latest.args
create mode 100644 tests/qemuxml2argvdata/vhost-vsock-ccw-auto.xml
create mode 100644 tests/qemuxml2argvdata/vhost-vsock-ccw.s390x-latest.args
create mode 100644 tests/qemuxml2argvdata/vhost-vsock-ccw.xml
create mode 100644 tests/qemuxml2xmloutdata/vhost-vsock-ccw-auto.xml
create mode 120000 tests/qemuxml2xmloutdata/vhost-vsock-ccw.xml
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 66abd3fe86..a8c832bad8 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -10219,10 +10219,14 @@ qemuBuildVsockDevStr(virDomainDefPtr def,
{
qemuDomainVsockPrivatePtr priv = (qemuDomainVsockPrivatePtr)vsock->privateData;
virBuffer buf = VIR_BUFFER_INITIALIZER;
- const char *device = "vhost-vsock-pci";
char *ret = NULL;
- virBufferAsprintf(&buf, "%s", device);
+ if (vsock->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_CCW) {
+ virBufferAddLit(&buf, "vhost-vsock-ccw");
+ } else {
+ virBufferAddLit(&buf, "vhost-vsock-pci");
+ }
+
virBufferAsprintf(&buf, ",id=%s", vsock->info.alias);
virBufferAsprintf(&buf, ",guest-cid=%u", vsock->guest_cid);
virBufferAsprintf(&buf, ",vhostfd=%s%u", fdprefix, priv->vhostfd);
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index c530733e97..be3477bf8a 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -5559,7 +5559,8 @@ qemuDomainDeviceDefValidateMemory(const virDomainMemoryDef *memory ATTRIBUTE_UNU
static int
-qemuDomainDeviceDefValidateVsock(const virDomainVsockDef *vsock ATTRIBUTE_UNUSED,
+qemuDomainDeviceDefValidateVsock(const virDomainVsockDef *vsock,
+ const virDomainDef *def,
virQEMUCapsPtr qemuCaps)
{
if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_VHOST_VSOCK)) {
@@ -5568,6 +5569,11 @@ qemuDomainDeviceDefValidateVsock(const virDomainVsockDef *vsock ATTRIBUTE_UNUSED
"with this QEMU binary"));
return -1;
}
+
+ if (!qemuDomainCheckCCWS390AddressSupport(def, vsock->info, qemuCaps,
+ "vsock"))
+ return -1;
+
return 0;
}
@@ -5715,7 +5721,7 @@ qemuDomainDeviceDefValidate(const virDomainDeviceDef *dev,
break;
case VIR_DOMAIN_DEVICE_VSOCK:
- ret = qemuDomainDeviceDefValidateVsock(dev->data.vsock, qemuCaps);
+ ret = qemuDomainDeviceDefValidateVsock(dev->data.vsock, def, qemuCaps);
break;
case VIR_DOMAIN_DEVICE_TPM:
diff --git a/src/qemu/qemu_domain_address.c b/src/qemu/qemu_domain_address.c
index 3e50521c11..79d2b9f9c4 100644
--- a/src/qemu/qemu_domain_address.c
+++ b/src/qemu/qemu_domain_address.c
@@ -310,7 +310,8 @@ qemuDomainPrimeVirtioDeviceAddresses(virDomainDefPtr def,
declare address-less virtio devices to be of address type 'type'
disks, networks, videos, consoles, controllers, memballoon and rng
in this order
- if type is ccw filesystem devices are declared to be of address type ccw
+ if type is ccw filesystem and vsock devices are declared to be of
+ address type ccw
*/
size_t i;
@@ -377,6 +378,10 @@ qemuDomainPrimeVirtioDeviceAddresses(virDomainDefPtr def,
if (def->fss[i]->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE)
def->fss[i]->info.type = type;
}
+ if (def->vsock &&
+ def->vsock->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE) {
+ def->vsock->info.type = type;
+ }
}
}
diff --git a/tests/qemuxml2argvdata/vhost-vsock-ccw-auto.s390x-latest.args b/tests/qemuxml2argvdata/vhost-vsock-ccw-auto.s390x-latest.args
new file mode 100644
index 0000000000..6092f8e85c
--- /dev/null
+++ b/tests/qemuxml2argvdata/vhost-vsock-ccw-auto.s390x-latest.args
@@ -0,0 +1,32 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/home/test \
+USER=test \
+LOGNAME=test \
+QEMU_AUDIO_DRV=none \
+/usr/bin/qemu-system-s390x \
+-name guest=QEMUGuest1,debug-threads=on \
+-S \
+-object secret,id=masterKey0,format=raw,\
+file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \
+-machine s390-ccw-virtio,accel=tcg,usb=off,dump-guest-core=off \
+-m 214 \
+-realtime mlock=off \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server,nowait \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-boot strict=on \
+-drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-virtio-disk0 \
+-device virtio-blk-ccw,scsi=off,devno=fe.0.0000,drive=drive-virtio-disk0,\
+id=virtio-disk0,bootindex=1 \
+-device virtio-balloon-ccw,id=balloon0,devno=fe.0.0001 \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,\
+resourcecontrol=deny \
+-device vhost-vsock-ccw,id=vsock0,guest-cid=42,vhostfd=6789,devno=fe.0.0002 \
+-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/vhost-vsock-ccw-auto.xml b/tests/qemuxml2argvdata/vhost-vsock-ccw-auto.xml
new file mode 100644
index 0000000000..e5b60765ab
--- /dev/null
+++ b/tests/qemuxml2argvdata/vhost-vsock-ccw-auto.xml
@@ -0,0 +1,25 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='s390x' machine='s390-ccw-virtio'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-s390x</emulator>
+ <disk type='block' device='disk'>
+ <source dev='/dev/HostVG/QEMUGuest1'/>
+ <target dev='hda' bus='virtio'/>
+ </disk>
+ <vsock>
+ <cid auto='yes'/>
+ </vsock>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvdata/vhost-vsock-ccw.s390x-latest.args b/tests/qemuxml2argvdata/vhost-vsock-ccw.s390x-latest.args
new file mode 100644
index 0000000000..93eb3f3430
--- /dev/null
+++ b/tests/qemuxml2argvdata/vhost-vsock-ccw.s390x-latest.args
@@ -0,0 +1,32 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/home/test \
+USER=test \
+LOGNAME=test \
+QEMU_AUDIO_DRV=none \
+/usr/bin/qemu-system-s390x \
+-name guest=QEMUGuest1,debug-threads=on \
+-S \
+-object secret,id=masterKey0,format=raw,\
+file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \
+-machine s390-ccw-virtio,accel=tcg,usb=off,dump-guest-core=off \
+-m 214 \
+-realtime mlock=off \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server,nowait \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-boot strict=on \
+-drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-virtio-disk0 \
+-device virtio-blk-ccw,scsi=off,devno=fe.0.0000,drive=drive-virtio-disk0,\
+id=virtio-disk0,bootindex=1 \
+-device virtio-balloon-ccw,id=balloon0,devno=fe.0.0001 \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,\
+resourcecontrol=deny \
+-device vhost-vsock-ccw,id=vsock0,guest-cid=4,vhostfd=6789,devno=fe.0.0003 \
+-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/vhost-vsock-ccw.xml b/tests/qemuxml2argvdata/vhost-vsock-ccw.xml
new file mode 100644
index 0000000000..083061c6cc
--- /dev/null
+++ b/tests/qemuxml2argvdata/vhost-vsock-ccw.xml
@@ -0,0 +1,32 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='s390x' machine='s390-ccw-virtio'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-s390x</emulator>
+ <disk type='block' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source dev='/dev/HostVG/QEMUGuest1'/>
+ <target dev='hda' bus='virtio'/>
+ <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0000'/>
+ </disk>
+ <memballoon model='virtio'>
+ <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0001'/>
+ </memballoon>
+ <panic model='s390'/>
+ <vsock model='virtio'>
+ <cid auto='no' address='4'/>
+ <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0003'/>
+ </vsock>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index abb256c913..7f25cccf9d 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -2972,6 +2972,8 @@ mymain(void)
DO_TEST_CAPS_LATEST("vhost-vsock");
DO_TEST_CAPS_LATEST("vhost-vsock-auto");
+ DO_TEST_CAPS_ARCH_LATEST("vhost-vsock-ccw", "s390x");
+ DO_TEST_CAPS_ARCH_LATEST("vhost-vsock-ccw-auto", "s390x");
DO_TEST_CAPS_VER("launch-security-sev", "2.12.0");
diff --git a/tests/qemuxml2xmloutdata/vhost-vsock-ccw-auto.xml b/tests/qemuxml2xmloutdata/vhost-vsock-ccw-auto.xml
new file mode 100644
index 0000000000..38a0fb3808
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/vhost-vsock-ccw-auto.xml
@@ -0,0 +1,32 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='s390x' machine='s390-ccw-virtio'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-s390x</emulator>
+ <disk type='block' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source dev='/dev/HostVG/QEMUGuest1'/>
+ <target dev='hda' bus='virtio'/>
+ <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0000'/>
+ </disk>
+ <memballoon model='virtio'>
+ <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0001'/>
+ </memballoon>
+ <panic model='s390'/>
+ <vsock model='virtio'>
+ <cid auto='yes'/>
+ <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0002'/>
+ </vsock>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2xmloutdata/vhost-vsock-ccw.xml b/tests/qemuxml2xmloutdata/vhost-vsock-ccw.xml
new file mode 120000
index 0000000000..e0fa69dba9
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/vhost-vsock-ccw.xml
@@ -0,0 +1 @@
+../qemuxml2argvdata/vhost-vsock-ccw.xml
\ No newline at end of file
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index dbac863239..2a2bf01ffa 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -1231,6 +1231,11 @@ mymain(void)
DO_TEST("vhost-vsock", QEMU_CAPS_DEVICE_VHOST_VSOCK);
DO_TEST("vhost-vsock-auto", QEMU_CAPS_DEVICE_VHOST_VSOCK);
+ DO_TEST("vhost-vsock-ccw", QEMU_CAPS_DEVICE_VHOST_VSOCK,
+ QEMU_CAPS_CCW);
+ DO_TEST("vhost-vsock-ccw-auto", QEMU_CAPS_DEVICE_VHOST_VSOCK,
+ QEMU_CAPS_CCW);
+
if (getenv("LIBVIRT_SKIP_CLEANUP") == NULL)
virFileDeleteTree(fakerootdir);
--
2.21.0

162
SOURCES/libvirt-qemu-Add-check-for-whether-KVM-nesting-is-enabled.patch Normal file
View File

@ -0,0 +1,162 @@
From 2e68dbce9f8d49e57a0e16a202483b59e9497054 Mon Sep 17 00:00:00 2001
Message-Id: <2e68dbce9f8d49e57a0e16a202483b59e9497054@dist-git>
From: John Ferlan <jferlan@redhat.com>
Date: Thu, 13 Dec 2018 10:54:33 -0500
Subject: [PATCH] qemu: Add check for whether KVM nesting is enabled
https://bugzilla.redhat.com/show_bug.cgi?id=1645139
Support for nested KVM is handled via a kernel module configuration
parameters values for kvm_intel, kvm_amd, kvm_hv (PPC), or kvm (s390).
While it's possible to fetch the kmod config values via virKModConfig,
unfortunately that is the static value and we need to get the
current/dynamic value from the kernel file system.
So this patch adds a new API virHostKVMSupportsNesting that will
search the 3 kernel modules to get the nesting value and check if
it is 'Y' (or 'y' just in case) to return a true/false whether
the KVM kernel supports nesting.
We need to do this in order to handle cases where adjustments to
the value are made after libvirtd is started to force a refetch of
the latest QEMU capabilities since the correct CPU settings need
to be made for a guest to add the "vmx=on" to/for the guest config.
Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit b183a75319b90d0af5512be513743e1eab950612)
NB:
Handled merge/build conflict/issue where VIR_AUTOFREE isn't defined
(or backported to RHEL git). So rather than relying on the automatic
free of memory, prior to each possible return add a VIR_FREE. It was
that or adjust the logic to set a retval and use goto cleanup type
logic. This way just seemed cleaner.
Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_capabilities.c | 58 ++++++++++++++++++++++++++++++++++++
1 file changed, 58 insertions(+)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 57b1b99076..ba8c717e22 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -550,6 +550,7 @@ struct _virQEMUCaps {
virObject parent;
bool usedQMP;
+ bool kvmSupportsNesting;
char *binary;
time_t ctime;
@@ -1606,6 +1607,7 @@ virQEMUCapsPtr virQEMUCapsNewCopy(virQEMUCapsPtr qemuCaps)
return NULL;
ret->usedQMP = qemuCaps->usedQMP;
+ ret->kvmSupportsNesting = qemuCaps->kvmSupportsNesting;
if (VIR_STRDUP(ret->binary, qemuCaps->binary) < 0)
goto error;
@@ -3597,6 +3599,9 @@ virQEMUCapsLoadCache(virArch hostArch,
virQEMUCapsInitHostCPUModel(qemuCaps, hostArch, VIR_DOMAIN_VIRT_KVM);
virQEMUCapsInitHostCPUModel(qemuCaps, hostArch, VIR_DOMAIN_VIRT_QEMU);
+ if (virXPathBoolean("boolean(./kvmSupportsNesting)", ctxt) > 0)
+ qemuCaps->kvmSupportsNesting = true;
+
ret = 0;
cleanup:
VIR_FREE(str);
@@ -3813,6 +3818,9 @@ virQEMUCapsFormatCache(virQEMUCapsPtr qemuCaps)
if (qemuCaps->sevCapabilities)
virQEMUCapsFormatSEVInfo(qemuCaps, &buf);
+ if (qemuCaps->kvmSupportsNesting)
+ virBufferAddLit(&buf, "<kvmSupportsNesting/>\n");
+
virBufferAdjustIndent(&buf, -2);
virBufferAddLit(&buf, "</qemuCaps>\n");
@@ -3853,6 +3861,45 @@ virQEMUCapsSaveFile(void *data,
}
+/* Check the kernel module parameters 'nested' file to determine if enabled
+ *
+ * Intel: 'kvm_intel' uses 'Y'
+ * AMD: 'kvm_amd' uses '1'
+ * PPC64: 'kvm_hv' uses 'Y'
+ * S390: 'kvm' uses '1'
+ */
+static bool
+virQEMUCapsKVMSupportsNesting(void)
+{
+ static char const * const kmod[] = {"kvm_intel", "kvm_amd",
+ "kvm_hv", "kvm"};
+ char * value = NULL;
+ int rc;
+ size_t i;
+
+ for (i = 0; i < ARRAY_CARDINALITY(kmod); i++) {
+ VIR_FREE(value);
+ rc = virFileReadValueString(&value, "/sys/module/%s/parameters/nested",
+ kmod[i]);
+ if (rc == -2)
+ continue;
+ if (rc < 0) {
+ virResetLastError();
+ VIR_FREE(value);
+ return false;
+ }
+
+ if (value[0] == 'Y' || value[0] == 'y' || value[0] == '1') {
+ VIR_FREE(value);
+ return true;
+ }
+ }
+
+ VIR_FREE(value);
+ return false;
+}
+
+
static bool
virQEMUCapsIsValid(void *data,
void *privData)
@@ -3861,6 +3908,7 @@ virQEMUCapsIsValid(void *data,
virQEMUCapsCachePrivPtr priv = privData;
bool kvmUsable;
struct stat sb;
+ bool kvmSupportsNesting;
if (!qemuCaps->binary)
return true;
@@ -3938,6 +3986,14 @@ virQEMUCapsIsValid(void *data,
qemuCaps->kernelVersion);
return false;
}
+
+ kvmSupportsNesting = virQEMUCapsKVMSupportsNesting();
+ if (kvmSupportsNesting != qemuCaps->kvmSupportsNesting) {
+ VIR_DEBUG("Outdated capabilities for '%s': kvm kernel nested "
+ "value changed from %d",
+ qemuCaps->binary, qemuCaps->kvmSupportsNesting);
+ return false;
+ }
}
return true;
@@ -4591,6 +4647,8 @@ virQEMUCapsNewForBinaryInternal(virArch hostArch,
if (VIR_STRDUP(qemuCaps->kernelVersion, kernelVersion) < 0)
goto error;
+
+ qemuCaps->kvmSupportsNesting = virQEMUCapsKVMSupportsNesting();
}
cleanup:
--
2.20.1

76
SOURCES/libvirt-qemu-Allow-creating-ppc64-guests-with-graphics-and-no-USB-mouse.patch Normal file
View File

@ -0,0 +1,76 @@
From 1c58390619bfdd6174b1d24bc5b64caae45487b0 Mon Sep 17 00:00:00 2001
Message-Id: <1c58390619bfdd6174b1d24bc5b64caae45487b0@dist-git>
From: Andrea Bolognani <abologna@redhat.com>
Date: Wed, 17 Apr 2019 11:21:25 +0200
Subject: [PATCH] qemu: Allow creating ppc64 guests with graphics and no USB
mouse
The existing behavior for ppc64 guests is to always add a USB
keyboard and mouse combo if graphics are present; unfortunately,
this means any attempt to use a USB tablet will cause both pointing
devices to show up in the guest, which in turn will result in poor
user experience.
We can't just stop adding the USB mouse or start adding a USB tablet
instead, because existing applications and users might rely on the
current behavior; however, we can avoid adding the USB mouse if a USB
tablet is already present, thus allowing users and applications to
create guests that contain a single pointing device.
https://bugzilla.redhat.com/show_bug.cgi?id=1683681
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
(cherry picked from commit 186bb479d0f409dc75175bea48a760838c479a6c)
Conflicts:
* src/qemu/qemu_domain.c
+ context in qemuDomainDefAddDefaultDevices()
- missing 6427bfc8b3bb
Deleted:
* tests/qemuxml2argvdata/ppc64-pseries-graphics.ppc64-latest.args
+ doesn't exist downstream
- missing 4d7ea75e1e73
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Message-Id: <20190417092125.10277-2-abologna@redhat.com>
---
src/qemu/qemu_domain.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index be3477bf8a..cc2a896a07 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -3323,6 +3323,26 @@ qemuDomainDefAddDefaultDevices(virDomainDefPtr def,
def->memballoon = memballoon;
}
+ if (addDefaultUSBMouse) {
+ bool hasUSBTablet = false;
+ size_t j;
+
+ for (j = 0; j < def->ninputs; j++) {
+ if (def->inputs[j]->type == VIR_DOMAIN_INPUT_TYPE_TABLET &&
+ def->inputs[j]->bus == VIR_DOMAIN_INPUT_BUS_USB) {
+ hasUSBTablet = true;
+ break;
+ }
+ }
+
+ /* Historically, we have automatically added USB keyboard and
+ * mouse to some guests. While the former device is generally
+ * safe to have, adding the latter is undesiderable if a USB
+ * tablet is already present in the guest */
+ if (hasUSBTablet)
+ addDefaultUSBMouse = false;
+ }
+
if (addDefaultUSBKBD &&
def->ngraphics > 0 &&
virDomainDefMaybeAddInput(def,
--
2.21.0

53
SOURCES/libvirt-qemu-Alter-qemuSetUnprivSGIO-hostdev-shareable-logic.patch Normal file
View File

@ -0,0 +1,53 @@
From 861a1a4d299c57f31fa091c6b74cddf80681bdf0 Mon Sep 17 00:00:00 2001
Message-Id: <861a1a4d299c57f31fa091c6b74cddf80681bdf0@dist-git>
From: John Ferlan <jferlan@redhat.com>
Date: Mon, 17 Dec 2018 20:42:33 -0500
Subject: [PATCH] qemu: Alter qemuSetUnprivSGIO hostdev shareable logic
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
https://bugzilla.redhat.com/show_bug.cgi?id=1656362 (RHEL8)
https://bugzilla.redhat.com/show_bug.cgi?id=1656360 (RHEL7)
RHEL-only
Fix the logic to handle the case where if the <shareable/> element
was removed from the domain <hostdev.../>, then we have to reset the
SGIO value back to 0. Without this patch the check for not shareable
and return 0 would bypass resetting the value back to 0.
Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/qemu/qemu_conf.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index de0cbca083..5971f3eb64 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -1667,9 +1667,6 @@ qemuSetUnprivSGIO(virDomainDeviceDefPtr dev)
} else if (dev->type == VIR_DOMAIN_DEVICE_HOSTDEV) {
hostdev = dev->data.hostdev;
- if (!qemuIsSharedHostdev(hostdev))
- return 0;
-
if (!(hostdev_path = qemuGetHostdevPath(hostdev)))
goto cleanup;
@@ -1686,7 +1683,9 @@ qemuSetUnprivSGIO(virDomainDeviceDefPtr dev)
disk->sgio == VIR_DOMAIN_DEVICE_SGIO_UNFILTERED) {
val = 1;
} else {
- if (hostdev->source.subsys.u.scsi.sgio ==
+ /* Only settable if <shareable/> was present for hostdev */
+ if (qemuIsSharedHostdev(hostdev) &&
+ hostdev->source.subsys.u.scsi.sgio ==
VIR_DOMAIN_DEVICE_SGIO_UNFILTERED)
val = 1;
}
--
2.20.1

60
SOURCES/libvirt-qemu-Alter-val-usage-in-qemuSetUnprivSGIO.patch Normal file
View File

@ -0,0 +1,60 @@
From c0f26a13c6ddd9aca729012d3a31347f77d52c68 Mon Sep 17 00:00:00 2001
Message-Id: <c0f26a13c6ddd9aca729012d3a31347f77d52c68@dist-git>
From: John Ferlan <jferlan@redhat.com>
Date: Mon, 17 Dec 2018 20:42:32 -0500
Subject: [PATCH] qemu: Alter @val usage in qemuSetUnprivSGIO
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
https://bugzilla.redhat.com/show_bug.cgi?id=1656362 (RHEL8)
https://bugzilla.redhat.com/show_bug.cgi?id=1656360 (RHEL7)
RHEL-only
Rather than initializing to -1 and then setting to the result
of a boolean check (either 0 or 1), let's just initialize @val
to 0 and then only change to 1 if conditions are "right".
Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/qemu/qemu_conf.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 7d15af9c0b..de0cbca083 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -1650,7 +1650,7 @@ qemuSetUnprivSGIO(virDomainDeviceDefPtr dev)
char *sysfs_path = NULL;
char *hostdev_path = NULL;
const char *path = NULL;
- int val = -1;
+ int val = 0;
int ret = -1;
/* "sgio" is only valid for block disk; cdrom
@@ -1682,11 +1682,14 @@ qemuSetUnprivSGIO(virDomainDeviceDefPtr dev)
goto cleanup;
/* By default, filter the SG_IO commands, i.e. set unpriv_sgio to 0. */
- if (dev->type == VIR_DOMAIN_DEVICE_DISK)
- val = (disk->sgio == VIR_DOMAIN_DEVICE_SGIO_UNFILTERED);
- else
- val = (hostdev->source.subsys.u.scsi.sgio ==
- VIR_DOMAIN_DEVICE_SGIO_UNFILTERED);
+ if (dev->type == VIR_DOMAIN_DEVICE_DISK &&
+ disk->sgio == VIR_DOMAIN_DEVICE_SGIO_UNFILTERED) {
+ val = 1;
+ } else {
+ if (hostdev->source.subsys.u.scsi.sgio ==
+ VIR_DOMAIN_DEVICE_SGIO_UNFILTERED)
+ val = 1;
+ }
/* Do not do anything if unpriv_sgio is not supported by the kernel and the
* whitelist is enabled. But if requesting unfiltered access, always call
--
2.20.1

243
SOURCES/libvirt-qemu-Avoid-duplicate-resume-events-and-state-changes.patch Normal file
View File

@ -0,0 +1,243 @@
From 69532ea0b55b307884add6d95d70b998adcea60a Mon Sep 17 00:00:00 2001
Message-Id: <69532ea0b55b307884add6d95d70b998adcea60a@dist-git>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Wed, 12 Sep 2018 14:34:33 +0200
Subject: [PATCH] qemu: Avoid duplicate resume events and state changes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The only place where VIR_DOMAIN_EVENT_RESUMED should be generated is the
RESUME event handler to make sure we don't generate duplicate events or
state changes. In the worse case the duplicity can revert or cover
changes done by other event handlers.
For example, after QEMU sent RESUME, BLOCK_IO_ERROR, and STOP events
we could happily mark the domain as running and report
VIR_DOMAIN_EVENT_RESUMED to registered clients.
https://bugzilla.redhat.com/show_bug.cgi?id=1612943
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
(cherry picked from commit e6d77a75c4bf0c017d62b717b75e4bb6aa7a456b)
https://bugzilla.redhat.com/show_bug.cgi?id=1634758
https://bugzilla.redhat.com/show_bug.cgi?id=1634759
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/qemu/qemu_driver.c | 13 -----------
src/qemu/qemu_migration.c | 49 ++++++++++++++++-----------------------
src/qemu/qemu_process.c | 10 ++++----
3 files changed, 24 insertions(+), 48 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index ec1a43d41d..bafef1e3b5 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -1863,7 +1863,6 @@ static int qemuDomainResume(virDomainPtr dom)
virQEMUDriverPtr driver = dom->conn->privateData;
virDomainObjPtr vm;
int ret = -1;
- virObjectEventPtr event = NULL;
int state;
int reason;
virQEMUDriverConfigPtr cfg = NULL;
@@ -1902,9 +1901,6 @@ static int qemuDomainResume(virDomainPtr dom)
"%s", _("resume operation failed"));
goto endjob;
}
- event = virDomainEventLifecycleNewFromObj(vm,
- VIR_DOMAIN_EVENT_RESUMED,
- VIR_DOMAIN_EVENT_RESUMED_UNPAUSED);
}
if (virDomainSaveStatus(driver->xmlopt, cfg->stateDir, vm, driver->caps) < 0)
goto endjob;
@@ -1915,7 +1911,6 @@ static int qemuDomainResume(virDomainPtr dom)
cleanup:
virDomainObjEndAPI(&vm);
- virObjectEventStateQueue(driver->domainEventState, event);
virObjectUnref(cfg);
return ret;
}
@@ -16033,7 +16028,6 @@ qemuDomainRevertToSnapshot(virDomainSnapshotPtr snapshot,
virDomainDefPtr config = NULL;
virQEMUDriverConfigPtr cfg = NULL;
virCapsPtr caps = NULL;
- bool was_running = false;
bool was_stopped = false;
qemuDomainSaveCookiePtr cookie;
virCPUDefPtr origCPU = NULL;
@@ -16224,7 +16218,6 @@ qemuDomainRevertToSnapshot(virDomainSnapshotPtr snapshot,
priv = vm->privateData;
if (virDomainObjGetState(vm, NULL) == VIR_DOMAIN_RUNNING) {
/* Transitions 5, 6 */
- was_running = true;
if (qemuProcessStopCPUs(driver, vm,
VIR_DOMAIN_PAUSED_FROM_SNAPSHOT,
QEMU_ASYNC_JOB_START) < 0)
@@ -16321,12 +16314,6 @@ qemuDomainRevertToSnapshot(virDomainSnapshotPtr snapshot,
event = virDomainEventLifecycleNewFromObj(vm,
VIR_DOMAIN_EVENT_STARTED,
detail);
- } else if (!was_running) {
- /* Transition 8 */
- detail = VIR_DOMAIN_EVENT_RESUMED_FROM_SNAPSHOT;
- event = virDomainEventLifecycleNewFromObj(vm,
- VIR_DOMAIN_EVENT_RESUMED,
- detail);
}
}
break;
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 825a9d399b..67940330aa 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -2982,14 +2982,10 @@ qemuMigrationSrcConfirmPhase(virQEMUDriverPtr driver,
virFreeError(orig_err);
if (virDomainObjGetState(vm, &reason) == VIR_DOMAIN_PAUSED &&
- reason == VIR_DOMAIN_PAUSED_POSTCOPY) {
+ reason == VIR_DOMAIN_PAUSED_POSTCOPY)
qemuMigrationAnyPostcopyFailed(driver, vm);
- } else if (qemuMigrationSrcRestoreDomainState(driver, vm)) {
- event = virDomainEventLifecycleNewFromObj(vm,
- VIR_DOMAIN_EVENT_RESUMED,
- VIR_DOMAIN_EVENT_RESUMED_MIGRATED);
- virObjectEventStateQueue(driver->domainEventState, event);
- }
+ else
+ qemuMigrationSrcRestoreDomainState(driver, vm);
qemuMigrationParamsReset(driver, vm, QEMU_ASYNC_JOB_MIGRATION_OUT,
priv->job.migParams, priv->job.apiFlags);
@@ -4624,11 +4620,7 @@ qemuMigrationSrcPerformJob(virQEMUDriverPtr driver,
qemuMigrationParamsReset(driver, vm, QEMU_ASYNC_JOB_MIGRATION_OUT,
priv->job.migParams, priv->job.apiFlags);
- if (qemuMigrationSrcRestoreDomainState(driver, vm)) {
- event = virDomainEventLifecycleNewFromObj(vm,
- VIR_DOMAIN_EVENT_RESUMED,
- VIR_DOMAIN_EVENT_RESUMED_MIGRATED);
- }
+ qemuMigrationSrcRestoreDomainState(driver, vm);
qemuMigrationJobFinish(driver, vm);
if (!virDomainObjIsActive(vm) && ret == 0) {
@@ -4672,7 +4664,6 @@ qemuMigrationSrcPerformPhase(virQEMUDriverPtr driver,
unsigned long resource)
{
qemuDomainObjPrivatePtr priv = vm->privateData;
- virObjectEventPtr event = NULL;
int ret = -1;
/* If we didn't start the job in the begin phase, start it now. */
@@ -4694,11 +4685,7 @@ qemuMigrationSrcPerformPhase(virQEMUDriverPtr driver,
nmigrate_disks, migrate_disks, migParams);
if (ret < 0) {
- if (qemuMigrationSrcRestoreDomainState(driver, vm)) {
- event = virDomainEventLifecycleNewFromObj(vm,
- VIR_DOMAIN_EVENT_RESUMED,
- VIR_DOMAIN_EVENT_RESUMED_MIGRATED);
- }
+ qemuMigrationSrcRestoreDomainState(driver, vm);
goto endjob;
}
@@ -4722,7 +4709,6 @@ qemuMigrationSrcPerformPhase(virQEMUDriverPtr driver,
cleanup:
virDomainObjEndAPI(&vm);
- virObjectEventStateQueue(driver->domainEventState, event);
return ret;
}
@@ -5074,13 +5060,8 @@ qemuMigrationDstFinish(virQEMUDriverPtr driver,
goto endjob;
}
- if (inPostCopy) {
+ if (inPostCopy)
doKill = false;
- event = virDomainEventLifecycleNewFromObj(vm,
- VIR_DOMAIN_EVENT_RESUMED,
- VIR_DOMAIN_EVENT_RESUMED_POSTCOPY);
- virObjectEventStateQueue(driver->domainEventState, event);
- }
}
if (mig->jobInfo) {
@@ -5111,10 +5092,20 @@ qemuMigrationDstFinish(virQEMUDriverPtr driver,
dom = virGetDomain(dconn, vm->def->name, vm->def->uuid, vm->def->id);
- event = virDomainEventLifecycleNewFromObj(vm,
- VIR_DOMAIN_EVENT_RESUMED,
- VIR_DOMAIN_EVENT_RESUMED_MIGRATED);
- virObjectEventStateQueue(driver->domainEventState, event);
+ if (inPostCopy) {
+ /* The only RESUME event during post-copy migration is triggered by
+ * QEMU when the running domain moves from the source to the
+ * destination host, but then the migration keeps running until all
+ * modified memory is transferred from the source host. This will
+ * result in VIR_DOMAIN_EVENT_RESUMED with RESUMED_POSTCOPY detail.
+ * However, our API documentation says we need to fire another RESUMED
+ * event at the very end of migration with RESUMED_MIGRATED detail.
+ */
+ event = virDomainEventLifecycleNewFromObj(vm,
+ VIR_DOMAIN_EVENT_RESUMED,
+ VIR_DOMAIN_EVENT_RESUMED_MIGRATED);
+ virObjectEventStateQueue(driver->domainEventState, event);
+ }
if (virDomainObjGetState(vm, NULL) == VIR_DOMAIN_PAUSED) {
virDomainObjSetState(vm, VIR_DOMAIN_PAUSED, VIR_DOMAIN_PAUSED_USER);
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 37568165b7..2d51c0fa25 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -436,7 +436,6 @@ qemuProcessFakeReboot(void *opaque)
virDomainObjPtr vm = opaque;
qemuDomainObjPrivatePtr priv = vm->privateData;
virQEMUDriverPtr driver = priv->driver;
- virObjectEventPtr event = NULL;
virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
virDomainRunningReason reason = VIR_DOMAIN_RUNNING_BOOTED;
int ret = -1, rc;
@@ -473,9 +472,6 @@ qemuProcessFakeReboot(void *opaque)
goto endjob;
}
priv->gotShutdown = false;
- event = virDomainEventLifecycleNewFromObj(vm,
- VIR_DOMAIN_EVENT_RESUMED,
- VIR_DOMAIN_EVENT_RESUMED_UNPAUSED);
if (virDomainSaveStatus(driver->xmlopt, cfg->stateDir, vm, driver->caps) < 0) {
VIR_WARN("Unable to save status on vm %s after state change",
@@ -491,7 +487,6 @@ qemuProcessFakeReboot(void *opaque)
if (ret == -1)
ignore_value(qemuProcessKill(vm, VIR_QEMU_PROCESS_KILL_FORCE));
virDomainObjEndAPI(&vm);
- virObjectEventStateQueue(driver->domainEventState, event);
virObjectUnref(cfg);
}
@@ -3073,7 +3068,10 @@ qemuProcessStartCPUs(virQEMUDriverPtr driver, virDomainObjPtr vm,
if (ret < 0)
goto release;
- virDomainObjSetState(vm, VIR_DOMAIN_RUNNING, reason);
+ /* The RESUME event handler will change the domain state with the reason
+ * saved in priv->runningReason and it will also emit corresponding domain
+ * lifecycle event.
+ */
cleanup:
virObjectUnref(cfg);
--
2.19.1

45
SOURCES/libvirt-qemu-Avoid-probing-non-native-binaries-all-the-time.patch Normal file
View File

@ -0,0 +1,45 @@
From f8257195c948438cec0956ec4cc246d00d576d92 Mon Sep 17 00:00:00 2001
Message-Id: <f8257195c948438cec0956ec4cc246d00d576d92@dist-git>
From: Andrea Bolognani <abologna@redhat.com>
Date: Mon, 17 Sep 2018 18:00:51 +0200
Subject: [PATCH] qemu: Avoid probing non-native binaries all the time
A side effect of recent changes is that we would always try
to regenerate the capabilities cache for non-native QEMU
binaries based on /dev/kvm availability, which is of course
complete nonsense. Make sure that doesn't happen.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit 55e5eb94788be06dd366de4987523bbc731672db)
https://bugzilla.redhat.com/show_bug.cgi?id=1629862
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_capabilities.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 14d7b8fbf7..9b3f35553b 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -3905,6 +3905,14 @@ virQEMUCapsIsValid(void *data,
return false;
}
+ if (!virQEMUCapsGuestIsNative(priv->hostArch, qemuCaps->arch)) {
+ VIR_DEBUG("Guest arch (%s) is not native to host arch (%s), "
+ "skipping KVM-related checks",
+ virArchToString(qemuCaps->arch),
+ virArchToString(priv->hostArch));
+ return true;
+ }
+
kvmUsable = virFileAccessibleAs("/dev/kvm", R_OK | W_OK,
priv->runUid, priv->runGid) == 0;
--
2.19.1

88
SOURCES/libvirt-qemu-Clarify-QEMU_CAPS_KVM.patch Normal file
View File

@ -0,0 +1,88 @@
From b8ca3f396e09f0ba190656363c0d1fc6a0dd9cd6 Mon Sep 17 00:00:00 2001
Message-Id: <b8ca3f396e09f0ba190656363c0d1fc6a0dd9cd6@dist-git>
From: Andrea Bolognani <abologna@redhat.com>
Date: Mon, 17 Sep 2018 18:00:52 +0200
Subject: [PATCH] qemu: Clarify QEMU_CAPS_KVM
This capability is documented as having one meaning (whether
KVM is enabled by default) but is actually assigned two other
meanings over its life: whether the query-kvm QMP command is
available at first, and later on whether KVM is usable / was
used during probing.
Since the query-kvm QMP command was available in 1.5.0, we
can avoid probing for it; additionally, we can simplify the
logic by setting the flag when it applies instead of initially
setting it and then clearing it when it doesn't.
The flag's description is also updated to reflect reality.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit c3be8bb4235b447dc29568f96b8c31cc741fc358)
https://bugzilla.redhat.com/show_bug.cgi?id=1629862
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_capabilities.c | 19 ++-----------------
src/qemu/qemu_capabilities.h | 2 +-
2 files changed, 3 insertions(+), 18 deletions(-)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 9b3f35553b..c7ece21dd2 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -1003,7 +1003,6 @@ struct virQEMUCapsStringFlags virQEMUCapsCommands[] = {
{ "block-stream", QEMU_CAPS_BLOCKJOB_ASYNC },
{ "dump-guest-memory", QEMU_CAPS_DUMP_GUEST_MEMORY },
{ "query-spice", QEMU_CAPS_SPICE },
- { "query-kvm", QEMU_CAPS_KVM },
{ "block-commit", QEMU_CAPS_BLOCK_COMMIT },
{ "query-vnc", QEMU_CAPS_VNC },
{ "drive-mirror", QEMU_CAPS_DRIVE_MIRROR },
@@ -2584,25 +2583,11 @@ virQEMUCapsProbeQMPKVMState(virQEMUCapsPtr qemuCaps,
bool enabled = false;
bool present = false;
- if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_KVM))
- return 0;
-
if (qemuMonitorGetKVMState(mon, &enabled, &present) < 0)
return -1;
- /* The QEMU_CAPS_KVM flag was initially set according to the QEMU
- * reporting the recognition of 'query-kvm' QMP command. That merely
- * indicates existence of the command though, not whether KVM support
- * is actually available, nor whether it is enabled by default.
- *
- * If it is not present we need to clear the flag, and if it is
- * not enabled by default we need to change the flag.
- */
- if (!present) {
- virQEMUCapsClear(qemuCaps, QEMU_CAPS_KVM);
- } else if (!enabled) {
- virQEMUCapsClear(qemuCaps, QEMU_CAPS_KVM);
- }
+ if (present && enabled)
+ virQEMUCapsSet(qemuCaps, QEMU_CAPS_KVM);
return 0;
}
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 98668115d6..6acd9fe825 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -65,7 +65,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */
X_QEMU_CAPS_MIGRATE_QEMU_TCP, /* have qemu tcp migration */
X_QEMU_CAPS_MIGRATE_QEMU_EXEC, /* have qemu exec migration */
X_QEMU_CAPS_DRIVE_CACHE_V2, /* cache= flag wanting new v2 values */
- QEMU_CAPS_KVM, /* Whether KVM is enabled by default */
+ QEMU_CAPS_KVM, /* Whether KVM is usable / was used during probing */
X_QEMU_CAPS_DRIVE_FORMAT, /* Is -drive format= avail */
/* 15 */
--
2.19.1

154
SOURCES/libvirt-qemu-Don-t-cache-microcode-version.patch Normal file
View File

@ -0,0 +1,154 @@
From 6832d9d8dd0963f4865801a29e848ff3256b3282 Mon Sep 17 00:00:00 2001
Message-Id: <6832d9d8dd0963f4865801a29e848ff3256b3282@dist-git>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Fri, 12 Apr 2019 21:21:05 +0200
Subject: [PATCH] qemu: Don't cache microcode version
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
My earlier commit be46f61326 was incomplete. It removed caching of
microcode version in the CPU driver, which means the capabilities XML
will see the correct microcode version. But it is also cached in the
QEMU capabilities cache where it is used to detect whether we need to
reprobe QEMU. By missing the second place, the original commit
be46f61326 made the situation even worse since libvirt would report
correct microcode version while still using the old host CPU model
(visible in domain capabilities XML).
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 673c62a3b7855a0685d8f116e227c402720b9ee9)
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
Conflicts:
src/qemu/qemu_capabilities.c
- virQEMUCapsCacheLookupByArch refactoring (commits
7948ad4129a and 1a3de67001c) are missing
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_capabilities.c | 12 ++++++++----
src/qemu/qemu_capabilities.h | 3 +--
src/qemu/qemu_driver.c | 9 +--------
tests/testutilsqemu.c | 2 +-
4 files changed, 11 insertions(+), 15 deletions(-)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 912f758bcd..0d6fa02560 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -4684,7 +4684,7 @@ virQEMUCapsNewData(const char *binary,
priv->libDir,
priv->runUid,
priv->runGid,
- priv->microcodeVersion,
+ virHostCPUGetMicrocodeVersion(),
priv->kernelVersion);
}
@@ -4767,8 +4767,7 @@ virFileCachePtr
virQEMUCapsCacheNew(const char *libDir,
const char *cacheDir,
uid_t runUid,
- gid_t runGid,
- unsigned int microcodeVersion)
+ gid_t runGid)
{
char *capsCacheDir = NULL;
virFileCachePtr cache = NULL;
@@ -4792,7 +4791,6 @@ virQEMUCapsCacheNew(const char *libDir,
priv->runUid = runUid;
priv->runGid = runGid;
- priv->microcodeVersion = microcodeVersion;
if (uname(&uts) == 0 &&
virAsprintf(&priv->kernelVersion, "%s %s", uts.release, uts.version) < 0)
@@ -4813,8 +4811,11 @@ virQEMUCapsPtr
virQEMUCapsCacheLookup(virFileCachePtr cache,
const char *binary)
{
+ virQEMUCapsCachePrivPtr priv = virFileCacheGetPriv(cache);
virQEMUCapsPtr ret = NULL;
+ priv->microcodeVersion = virHostCPUGetMicrocodeVersion();
+
ret = virFileCacheLookup(cache, binary);
VIR_DEBUG("Returning caps %p for %s", ret, binary);
@@ -4860,10 +4861,13 @@ virQEMUCapsPtr
virQEMUCapsCacheLookupByArch(virFileCachePtr cache,
virArch arch)
{
+ virQEMUCapsCachePrivPtr priv = virFileCacheGetPriv(cache);
virQEMUCapsPtr ret = NULL;
virArch target;
struct virQEMUCapsSearchData data = { .arch = arch };
+ priv->microcodeVersion = virHostCPUGetMicrocodeVersion();
+
ret = virFileCacheLookupByFunc(cache, virQEMUCapsCompareArch, &data);
if (!ret) {
/* If the first attempt at finding capabilities has failed, try
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 0c06081107..9550df2cd5 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -574,8 +574,7 @@ void virQEMUCapsFilterByMachineType(virQEMUCapsPtr qemuCaps,
virFileCachePtr virQEMUCapsCacheNew(const char *libDir,
const char *cacheDir,
uid_t uid,
- gid_t gid,
- unsigned int microcodeVersion);
+ gid_t gid);
virQEMUCapsPtr virQEMUCapsCacheLookup(virFileCachePtr cache,
const char *binary);
virQEMUCapsPtr virQEMUCapsCacheLookupCopy(virFileCachePtr cache,
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index bafef1e3b5..88c08f88ee 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -592,8 +592,6 @@ qemuStateInitialize(bool privileged,
char *hugepagePath = NULL;
char *memoryBackingPath = NULL;
size_t i;
- virCPUDefPtr hostCPU = NULL;
- unsigned int microcodeVersion = 0;
if (VIR_ALLOC(qemu_driver) < 0)
return -1;
@@ -813,15 +811,10 @@ qemuStateInitialize(bool privileged,
run_gid = cfg->group;
}
- if ((hostCPU = virCPUProbeHost(virArchFromHost())))
- microcodeVersion = hostCPU->microcodeVersion;
- virCPUDefFree(hostCPU);
-
qemu_driver->qemuCapsCache = virQEMUCapsCacheNew(cfg->libDir,
cfg->cacheDir,
run_uid,
- run_gid,
- microcodeVersion);
+ run_gid);
if (!qemu_driver->qemuCapsCache)
goto error;
diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c
index dc7e90b952..3e0b753549 100644
--- a/tests/testutilsqemu.c
+++ b/tests/testutilsqemu.c
@@ -617,7 +617,7 @@ int qemuTestDriverInit(virQEMUDriver *driver)
/* Using /dev/null for libDir and cacheDir automatically produces errors
* upon attempt to use any of them */
- driver->qemuCapsCache = virQEMUCapsCacheNew("/dev/null", "/dev/null", 0, 0, 0);
+ driver->qemuCapsCache = virQEMUCapsCacheNew("/dev/null", "/dev/null", 0, 0);
if (!driver->qemuCapsCache)
goto error;
--
2.21.0

45
SOURCES/libvirt-qemu-Don-t-check-for-dev-kvm-presence.patch Normal file
View File

@ -0,0 +1,45 @@
From 748e6ba76086dbb122d6cd750ced935405194fc5 Mon Sep 17 00:00:00 2001
Message-Id: <748e6ba76086dbb122d6cd750ced935405194fc5@dist-git>
From: Andrea Bolognani <abologna@redhat.com>
Date: Mon, 17 Sep 2018 18:00:53 +0200
Subject: [PATCH] qemu: Don't check for /dev/kvm presence
The file being present doesn't necessarily mean anything these
days, as it's created independently of whether the kvm module
has been loaded[1]; moreover, we're already gathering all the
information we need through QMP, so poking the filesystem at
all is entirely unnecessary.
[1] https://github.com/systemd/systemd/commit/d35d6249d5a7ed3228
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit 2f8b91ee74ff617aba322d034119427cad977af9)
https://bugzilla.redhat.com/show_bug.cgi?id=1629862
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_capabilities.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index c7ece21dd2..5fd10c2d40 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -832,9 +832,8 @@ virQEMUCapsInitGuestFromBinary(virCapsPtr caps,
if (!binary)
return 0;
- if (virFileExists("/dev/kvm") &&
- (virQEMUCapsGet(qemubinCaps, QEMU_CAPS_KVM) ||
- kvmbin))
+ if (virQEMUCapsGet(qemubinCaps, QEMU_CAPS_KVM) ||
+ kvmbin)
haskvm = true;
if (virQEMUCapsGetMachineTypesCaps(qemubinCaps, &nmachines, &machines) < 0)
--
2.19.1

68
SOURCES/libvirt-qemu-Don-t-ignore-resume-events.patch Normal file
View File

@ -0,0 +1,68 @@
From f1857a275fc589565d1665c1a7239911ec72b9da Mon Sep 17 00:00:00 2001
Message-Id: <f1857a275fc589565d1665c1a7239911ec72b9da@dist-git>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Wed, 7 Nov 2018 14:34:52 +0100
Subject: [PATCH] qemu: Don't ignore resume events
Since commit v4.7.0-302-ge6d77a75c4 processing RESUME event is mandatory
for updating domain state. But the event handler explicitly ignored this
event in some cases. Thus the state would be wrong after a fake reboot
or when a domain was rebooted after it crashed.
BTW, the code to ignore RESUME event after SHUTDOWN didn't make sense
even before making RESUME event mandatory. Most likely it was there as a
result of careless copy&paste from qemuProcessHandleStop.
The corresponding debug message was clarified since the original state
does not have to be "paused" only and while we have a "resumed" event,
the state is called "running".
https://bugzilla.redhat.com/show_bug.cgi?id=1612943
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit e47949357ba268e7e8c3adea7c262b84fa002302)
https://bugzilla.redhat.com/show_bug.cgi?id=1634759
https://bugzilla.redhat.com/show_bug.cgi?id=1634758
https://bugzilla.redhat.com/show_bug.cgi?id=1643338
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
---
src/qemu/qemu_process.c | 12 +++---------
1 file changed, 3 insertions(+), 9 deletions(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 23958bcbce..e4b19b938c 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -699,15 +699,10 @@ qemuProcessHandleResume(qemuMonitorPtr mon ATTRIBUTE_UNUSED,
priv->runningReason = VIR_DOMAIN_RUNNING_UNKNOWN;
}
- if (virDomainObjGetState(vm, NULL) == VIR_DOMAIN_PAUSED) {
- if (priv->gotShutdown) {
- VIR_DEBUG("Ignoring RESUME event after SHUTDOWN");
- goto unlock;
- }
-
+ if (virDomainObjGetState(vm, NULL) != VIR_DOMAIN_RUNNING) {
eventDetail = qemuDomainRunningReasonToResumeEvent(reason);
- VIR_DEBUG("Transitioned guest %s out of paused into resumed state, "
- "reason '%s', event detail %d",
+ VIR_DEBUG("Transitioned guest %s into running state, reason '%s', "
+ "event detail %d",
vm->def->name, virDomainRunningReasonTypeToString(reason),
eventDetail);
@@ -722,7 +717,6 @@ qemuProcessHandleResume(qemuMonitorPtr mon ATTRIBUTE_UNUSED,
}
}
- unlock:
virObjectUnlock(vm);
virObjectEventStateQueue(driver->domainEventState, event);
virObjectUnref(cfg);
--
2.19.1

108
SOURCES/libvirt-qemu-Drop-QEMU_CAPS_ENABLE_KVM.patch Normal file
View File

@ -0,0 +1,108 @@
From ab9d2e264ba8a544eadb9e1b72a4a5d0f4789815 Mon Sep 17 00:00:00 2001
Message-Id: <ab9d2e264ba8a544eadb9e1b72a4a5d0f4789815@dist-git>
From: Andrea Bolognani <abologna@redhat.com>
Date: Mon, 17 Sep 2018 18:00:50 +0200
Subject: [PATCH] qemu: Drop QEMU_CAPS_ENABLE_KVM
It was already available in 1.5.0.
Moreover, we're not even formatting it on the QEMU command
line, ever: we just use it as part of some logic that decides
whether KVM support should be advertised, and as it turns out
that logic is actually buggy and dropping this capability
fixes it.
https://bugzilla.redhat.com/show_bug.cgi?id=1628469
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit 88983855d5496a74b97551860db737c2b17b100e)
https://bugzilla.redhat.com/show_bug.cgi?id=1629862
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_capabilities.c | 3 ---
src/qemu/qemu_capabilities.h | 2 +-
tests/qemuxml2argvtest.c | 11 +++++------
3 files changed, 6 insertions(+), 10 deletions(-)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 1321696d11..14d7b8fbf7 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -834,7 +834,6 @@ virQEMUCapsInitGuestFromBinary(virCapsPtr caps,
if (virFileExists("/dev/kvm") &&
(virQEMUCapsGet(qemubinCaps, QEMU_CAPS_KVM) ||
- virQEMUCapsGet(qemubinCaps, QEMU_CAPS_ENABLE_KVM) ||
kvmbin))
haskvm = true;
@@ -2603,7 +2602,6 @@ virQEMUCapsProbeQMPKVMState(virQEMUCapsPtr qemuCaps,
virQEMUCapsClear(qemuCaps, QEMU_CAPS_KVM);
} else if (!enabled) {
virQEMUCapsClear(qemuCaps, QEMU_CAPS_KVM);
- virQEMUCapsSet(qemuCaps, QEMU_CAPS_ENABLE_KVM);
}
return 0;
@@ -3911,7 +3909,6 @@ virQEMUCapsIsValid(void *data,
priv->runUid, priv->runGid) == 0;
if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_KVM) &&
- virQEMUCapsGet(qemuCaps, QEMU_CAPS_ENABLE_KVM) &&
kvmUsable) {
VIR_DEBUG("KVM was not enabled when probing '%s', "
"but it should be usable now",
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 9e8ad5f5c3..98668115d6 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -79,7 +79,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */
X_QEMU_CAPS_XEN_DOMID, /* -xen-domid */
X_QEMU_CAPS_MIGRATE_QEMU_UNIX, /* qemu migration via unix sockets */
X_QEMU_CAPS_CHARDEV, /* Is the new -chardev arg available */
- QEMU_CAPS_ENABLE_KVM, /* -enable-kvm flag */
+ X_QEMU_CAPS_ENABLE_KVM, /* -enable-kvm flag */
X_QEMU_CAPS_MONITOR_JSON, /* JSON mode for monitor */
/* 25 */
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index ebe9c8a131..13e95fe28a 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -912,16 +912,15 @@ mymain(void)
DO_TEST("clock-france", NONE);
DO_TEST("clock-hpet-off", NONE);
DO_TEST("clock-catchup", QEMU_CAPS_KVM_PIT_TICK_POLICY);
- DO_TEST("cpu-kvmclock", QEMU_CAPS_ENABLE_KVM);
- DO_TEST("cpu-host-kvmclock", QEMU_CAPS_ENABLE_KVM);
+ DO_TEST("cpu-kvmclock", NONE);
+ DO_TEST("cpu-host-kvmclock", NONE);
DO_TEST("kvmclock", QEMU_CAPS_KVM);
DO_TEST("clock-timer-hyperv-rtc", QEMU_CAPS_KVM);
- DO_TEST("cpu-eoi-disabled", QEMU_CAPS_ENABLE_KVM);
- DO_TEST("cpu-eoi-enabled", QEMU_CAPS_ENABLE_KVM);
+ DO_TEST("cpu-eoi-disabled", NONE);
+ DO_TEST("cpu-eoi-enabled", NONE);
DO_TEST("controller-order",
QEMU_CAPS_KVM,
- QEMU_CAPS_ENABLE_KVM,
QEMU_CAPS_PIIX3_USB_UHCI,
QEMU_CAPS_CCID_PASSTHRU,
QEMU_CAPS_SPICE,
@@ -933,7 +932,7 @@ mymain(void)
DO_TEST("eoi-enabled", NONE);
DO_TEST("pv-spinlock-disabled", NONE);
DO_TEST("pv-spinlock-enabled", NONE);
- DO_TEST("kvmclock+eoi-disabled", QEMU_CAPS_ENABLE_KVM);
+ DO_TEST("kvmclock+eoi-disabled", NONE);
DO_TEST("hyperv", NONE);
DO_TEST("hyperv-off", NONE);
--
2.19.1

60
SOURCES/libvirt-qemu-Drop-duplicated-code-from-qemuDomainDefValidateFeatures.patch Normal file
View File

@ -0,0 +1,60 @@
From cc56efa7f1681ae29b8a5de14bd31d35029a249a Mon Sep 17 00:00:00 2001
Message-Id: <cc56efa7f1681ae29b8a5de14bd31d35029a249a@dist-git>
From: Andrea Bolognani <abologna@redhat.com>
Date: Tue, 4 Dec 2018 16:46:16 +0100
Subject: [PATCH] qemu: Drop duplicated code from
qemuDomainDefValidateFeatures()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Both VIR_DOMAIN_FEATURE_HPT and VIR_DOMAIN_FEATURE_HTM are
handled in the exact same way, so we can remove some duplicated
code without losing any functionality.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
(cherry picked from commit 094c97ffadda41bb2ce2dfe699710630218975f2)
https://bugzilla.redhat.com/show_bug.cgi?id=1647822
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/qemu/qemu_domain.c | 14 +-------------
1 file changed, 1 insertion(+), 13 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 08f479fa1d..4fcca1e05a 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -3818,6 +3818,7 @@ qemuDomainDefValidateFeatures(const virDomainDef *def,
break;
case VIR_DOMAIN_FEATURE_HPT:
+ case VIR_DOMAIN_FEATURE_HTM:
if (def->features[i] != VIR_TRISTATE_SWITCH_ABSENT &&
!qemuDomainIsPSeries(def)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
@@ -3852,19 +3853,6 @@ qemuDomainDefValidateFeatures(const virDomainDef *def,
}
break;
- case VIR_DOMAIN_FEATURE_HTM:
- if (def->features[i] != VIR_TRISTATE_SWITCH_ABSENT &&
- !qemuDomainIsPSeries(def)) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
- _("The '%s' feature is not supported for "
- "architecture '%s' or machine type '%s'"),
- featureName,
- virArchToString(def->os.arch),
- def->os.machine);
- return -1;
- }
- break;
-
case VIR_DOMAIN_FEATURE_ACPI:
case VIR_DOMAIN_FEATURE_APIC:
case VIR_DOMAIN_FEATURE_PAE:
--
2.20.1

45
SOURCES/libvirt-qemu-Exempt-video-model-none-from-getting-a-PCI-address-on-Q35.patch Normal file
View File

@ -0,0 +1,45 @@
From 2ef60f04d9beea2d46cfd4344a8c5482276979c2 Mon Sep 17 00:00:00 2001
Message-Id: <2ef60f04d9beea2d46cfd4344a8c5482276979c2@dist-git>
From: Erik Skultety <eskultet@redhat.com>
Date: Tue, 31 Jul 2018 10:38:54 +0200
Subject: [PATCH] qemu: Exempt video model 'none' from getting a PCI address on
Q35
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Commit d48813e8 made sure we wouldn't get one for i440fx, but not for Q35
machine type. If the primary video didn't get the assumed 0:0:1.0 PCI
address, the evaluation then failed with: "Cannot automatically add a
new PCI bus for a device with connect flags 00"
https: //bugzilla.redhat.com/show_bug.cgi?id=1609087
Signed-off-by: Erik Skultety <eskultet@redhat.com>
(cherry picked from commit e9024b0cec3a66ac11784034bb62abe8ec7b46a1)
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/qemu/qemu_domain_address.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_domain_address.c b/src/qemu/qemu_domain_address.c
index e6996934b8..0cb5af4a87 100644
--- a/src/qemu/qemu_domain_address.c
+++ b/src/qemu/qemu_domain_address.c
@@ -1723,10 +1723,11 @@ qemuDomainValidateDevicePCISlotsQ35(virDomainDefPtr def,
goto cleanup;
}
- if (def->nvideos > 0) {
+ if (def->nvideos > 0 &&
+ def->videos[0]->type != VIR_DOMAIN_VIDEO_TYPE_NONE) {
/* NB: unlike the pc machinetypes, on q35 machinetypes the
* integrated devices are at slot 0x1f, so when qemu looks for
- * the first free lot for the first VGA, it will always be at
+ * the first free slot for the first VGA, it will always be at
* slot 1 (which was used up by the integrated PIIX3 devices
* on pc machinetypes).
*/
--
2.18.0

93
SOURCES/libvirt-qemu-Extract-MDEV-VFIO-PCI-validation-code-into-a-separate-helper.patch Normal file
View File

@ -0,0 +1,93 @@
From 46dc4f557546c024c273e0e21110698cdfffe8ae Mon Sep 17 00:00:00 2001
Message-Id: <46dc4f557546c024c273e0e21110698cdfffe8ae@dist-git>
From: Erik Skultety <eskultet@redhat.com>
Date: Fri, 30 Nov 2018 15:49:25 +0100
Subject: [PATCH] qemu: Extract MDEV VFIO PCI validation code into a separate
helper
Since we'll need to validate other models apart from VFIO PCI too,
having a helper for each model should keep the code base cleaner.
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
(cherry picked from commit 208d6e6f5aafa102d04ce300c6338b0736bb52df)
https://bugzilla.redhat.com/show_bug.cgi?id=1508146
Signed-off-by: Pino Toscano <ptoscano@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_domain.c | 35 +++++++++++++++++++++++++++++------
1 file changed, 29 insertions(+), 6 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index d80f9b393e..4898d58733 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -4451,11 +4451,11 @@ qemuDomainDeviceDefValidateNetwork(const virDomainNetDef *net)
static int
-qemuDomainMdevDefValidate(const virDomainHostdevSubsysMediatedDev *mdevsrc,
- const virDomainDef *def,
- virQEMUCapsPtr qemuCaps)
+qemuDomainMdevDefVFIOPCIValidate(const virDomainHostdevSubsysMediatedDev *dev,
+ const virDomainDef *def,
+ virQEMUCapsPtr qemuCaps)
{
- if (mdevsrc->display == VIR_TRISTATE_SWITCH_ABSENT)
+ if (dev->display == VIR_TRISTATE_SWITCH_ABSENT)
return 0;
if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_VFIO_PCI_DISPLAY)) {
@@ -4465,7 +4465,7 @@ qemuDomainMdevDefValidate(const virDomainHostdevSubsysMediatedDev *mdevsrc,
return -1;
}
- if (mdevsrc->model != VIR_MDEV_MODEL_TYPE_VFIO_PCI) {
+ if (dev->model != VIR_MDEV_MODEL_TYPE_VFIO_PCI) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("<hostdev> attribute 'display' is only supported"
" with model='vfio-pci'"));
@@ -4473,7 +4473,7 @@ qemuDomainMdevDefValidate(const virDomainHostdevSubsysMediatedDev *mdevsrc,
return -1;
}
- if (mdevsrc->display == VIR_TRISTATE_SWITCH_ON) {
+ if (dev->display == VIR_TRISTATE_SWITCH_ON) {
if (def->ngraphics == 0) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("graphics device is needed for attribute value "
@@ -4486,6 +4486,29 @@ qemuDomainMdevDefValidate(const virDomainHostdevSubsysMediatedDev *mdevsrc,
}
+static int
+qemuDomainMdevDefValidate(const virDomainHostdevSubsysMediatedDev *mdevsrc,
+ const virDomainDef *def,
+ virQEMUCapsPtr qemuCaps)
+{
+ switch ((virMediatedDeviceModelType) mdevsrc->model) {
+ case VIR_MDEV_MODEL_TYPE_VFIO_PCI:
+ return qemuDomainMdevDefVFIOPCIValidate(mdevsrc, def, qemuCaps);
+ case VIR_MDEV_MODEL_TYPE_VFIO_AP:
+ break;
+ case VIR_MDEV_MODEL_TYPE_VFIO_CCW:
+ break;
+ case VIR_MDEV_MODEL_TYPE_LAST:
+ default:
+ virReportEnumRangeError(virMediatedDeviceModelType,
+ mdevsrc->model);
+ return -1;
+ }
+
+ return 0;
+}
+
+
static int
qemuDomainDeviceDefValidateHostdev(const virDomainHostdevDef *hostdev,
const virDomainDef *def,
--
2.19.2

104
SOURCES/libvirt-qemu-Fetch-pr-helper-process-info-on-reconnect.patch Normal file
View File

@ -0,0 +1,104 @@
From deb8789da55b84c99df417f3cd07db52cac8f89b Mon Sep 17 00:00:00 2001
Message-Id: <deb8789da55b84c99df417f3cd07db52cac8f89b@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Wed, 11 Jul 2018 17:27:28 +0200
Subject: [PATCH] qemu: Fetch pr-helper process info on reconnect
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
https://bugzilla.redhat.com/show_bug.cgi?id=1470007
If qemu-pr-helper process died while libvirtd was not running no
event is emitted. Therefore, when reconnecting to the monitor we
must check the qemu-pr-helper process status and act accordingly.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit ab435a4be4673a9a38e0315864b9cf4f9bee03e7)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/qemu/qemu_process.c | 60 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 60 insertions(+)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index fbc8529f3b..c903a8e5c8 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -2071,6 +2071,63 @@ qemuRefreshVirtioChannelState(virQEMUDriverPtr driver,
return ret;
}
+
+static int
+qemuProcessRefreshPRManagerState(virDomainObjPtr vm,
+ virHashTablePtr info)
+{
+ qemuDomainObjPrivatePtr priv = vm->privateData;
+ qemuMonitorPRManagerInfoPtr prManagerInfo;
+ const char *managedAlias = qemuDomainGetManagedPRAlias();
+ int ret = -1;
+
+ if (!(prManagerInfo = virHashLookup(info, managedAlias))) {
+ virReportError(VIR_ERR_OPERATION_FAILED,
+ _("missing info on pr-manager %s"),
+ managedAlias);
+ goto cleanup;
+ }
+
+ priv->prDaemonRunning = prManagerInfo->connected;
+
+ if (!priv->prDaemonRunning &&
+ qemuProcessStartManagedPRDaemon(vm) < 0)
+ goto cleanup;
+
+ ret = 0;
+ cleanup:
+ return ret;
+}
+
+
+static int
+qemuRefreshPRManagerState(virQEMUDriverPtr driver,
+ virDomainObjPtr vm)
+{
+ qemuDomainObjPrivatePtr priv = vm->privateData;
+ virHashTablePtr info = NULL;
+ int ret = -1;
+
+ if (!virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_PR_MANAGER_HELPER) ||
+ !virDomainDefHasManagedPR(vm->def))
+ return 0;
+
+ qemuDomainObjEnterMonitor(driver, vm);
+ ret = qemuMonitorGetPRManagerInfo(priv->mon, &info);
+ if (qemuDomainObjExitMonitor(driver, vm) < 0)
+ ret = -1;
+
+ if (ret < 0)
+ goto cleanup;
+
+ ret = qemuProcessRefreshPRManagerState(vm, info);
+
+ cleanup:
+ virHashFree(info);
+ return ret;
+}
+
+
static void
qemuRefreshRTC(virQEMUDriverPtr driver,
virDomainObjPtr vm)
@@ -7736,6 +7793,9 @@ qemuProcessReconnect(void *opaque)
if (qemuProcessUpdateDevices(driver, obj) < 0)
goto error;
+ if (qemuRefreshPRManagerState(driver, obj) < 0)
+ goto error;
+
qemuProcessReconnectCheckMemAliasOrderMismatch(obj);
if (qemuConnectAgent(driver, obj) < 0)
--
2.18.0

41
SOURCES/libvirt-qemu-Filter-non-SCSI-hostdevs-in-qemuHostdevPrepareSCSIDevices.patch Normal file
View File

@ -0,0 +1,41 @@
From 057c1927b6d652591931d1cf2bc0217834b30e12 Mon Sep 17 00:00:00 2001
Message-Id: <057c1927b6d652591931d1cf2bc0217834b30e12@dist-git>
From: John Ferlan <jferlan@redhat.com>
Date: Fri, 11 Jan 2019 09:15:38 -0500
Subject: [PATCH] qemu: Filter non SCSI hostdevs in
qemuHostdevPrepareSCSIDevices
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
https://bugzilla.redhat.com/show_bug.cgi?id=1665244
When commit 1d94b3e7 added code to walk the [n]hostdevs list looking
to add shared hostdevs, it should've filtered any hostdevs that were
not SCSI hostdev's.
Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit f30ac207ad96a567ade0d8a49023ade9233b2b72)
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_hostdev.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/qemu/qemu_hostdev.c b/src/qemu/qemu_hostdev.c
index 1e040f98b7..8b1ad6b447 100644
--- a/src/qemu/qemu_hostdev.c
+++ b/src/qemu/qemu_hostdev.c
@@ -278,6 +278,9 @@ qemuHostdevPrepareSCSIDevices(virQEMUDriverPtr driver,
for (i = 0; i < nhostdevs; i++) {
virDomainDeviceDef dev;
+ if (!virHostdevIsSCSIDevice(hostdevs[i]))
+ continue;
+
dev.type = VIR_DOMAIN_DEVICE_HOSTDEV;
dev.data.hostdev = hostdevs[i];
--
2.20.1

41
SOURCES/libvirt-qemu-Fix-ATTRIBUTE_NONNULL-for-qemuMonitorAddObject.patch Normal file
View File

@ -0,0 +1,41 @@
From ea272bb13a0ef6ab04c78ca671f009506211523b Mon Sep 17 00:00:00 2001
Message-Id: <ea272bb13a0ef6ab04c78ca671f009506211523b@dist-git>
From: John Ferlan <jferlan@redhat.com>
Date: Fri, 13 Jul 2018 10:02:34 +0200
Subject: [PATCH] qemu: Fix ATTRIBUTE_NONNULL for qemuMonitorAddObject
Commit id fac0dacd was trying to make things more robust;
however, the ATTRIBUTE_NONNULL(1) would be for the @mon,
not the intended (2) and the @props argument as described
in the commit message.
Found by Coverity build.
Signed-off-by: John Ferlan <jferlan@redhat.com>
(cherry picked from commit 7406ab691ffe0fbe051f6ae57614737e193df6a5)
The broken commit described in the original commit message was
backported as 1d60f6832c8b14c9a
https: //bugzilla.redhat.com/show_bug.cgi?id=1598015
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_monitor.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
index e8ed2d044c..81474a04f6 100644
--- a/src/qemu/qemu_monitor.h
+++ b/src/qemu/qemu_monitor.h
@@ -824,7 +824,7 @@ int qemuMonitorCreateObjectProps(virJSONValuePtr *propsret,
int qemuMonitorAddObject(qemuMonitorPtr mon,
virJSONValuePtr *props,
char **alias)
- ATTRIBUTE_NONNULL(1);
+ ATTRIBUTE_NONNULL(2);
int qemuMonitorDelObject(qemuMonitorPtr mon,
const char *objalias);
--
2.18.0

59
SOURCES/libvirt-qemu-Fix-logic-error-in-qemuSetUnprivSGIO.patch Normal file
View File

@ -0,0 +1,59 @@
From d0f2fffa7c1a86f56f18143a1a14b9a32f8bcf16 Mon Sep 17 00:00:00 2001
Message-Id: <d0f2fffa7c1a86f56f18143a1a14b9a32f8bcf16@dist-git>
From: John Ferlan <jferlan@redhat.com>
Date: Wed, 16 Jan 2019 15:54:31 -0500
Subject: [PATCH] qemu: Fix logic error in qemuSetUnprivSGIO
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
https://bugzilla.redhat.com/show_bug.cgi?id=1666605
RHEL-only
Commit c0f26a13c6 had a logic error with using both DISK and
sgio which resulted in a DISK that didn't have sgio set falling
into the else clause and trying to deref a NULL @hostdev resulting
in a libvirtd crash:
Thread 1 (Thread 0x7ffbc6353700 (LWP 12642)):
0 0x00007ffb958e7d7a in qemuSetUnprivSGIO
1 0x00007ffb958d9d92 in qemuDomainAttachDeviceDiskLive
2 0x00007ffb9594fce8 in qemuDomainAttachDeviceFlags
3 0x00007ffbde399d71 in virDomainAttachDevice
4 0x0000563b73ded4b2 in remoteDispatchDomainAttachDeviceHelper
for hotplug of XML:
<disk device="lun" type="block">
<source dev="/dev/sdb"/>
<driver name="qemu" type="raw"/>
<target bus="scsi" dev="sdb"/>
</disk>
Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/qemu/qemu_conf.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 5971f3eb64..768e9d8308 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -1679,9 +1679,9 @@ qemuSetUnprivSGIO(virDomainDeviceDefPtr dev)
goto cleanup;
/* By default, filter the SG_IO commands, i.e. set unpriv_sgio to 0. */
- if (dev->type == VIR_DOMAIN_DEVICE_DISK &&
- disk->sgio == VIR_DOMAIN_DEVICE_SGIO_UNFILTERED) {
- val = 1;
+ if (dev->type == VIR_DOMAIN_DEVICE_DISK) {
+ if (disk->sgio == VIR_DOMAIN_DEVICE_SGIO_UNFILTERED)
+ val = 1;
} else {
/* Only settable if <shareable/> was present for hostdev */
if (qemuIsSharedHostdev(hostdev) &&
--
2.20.1

110
SOURCES/libvirt-qemu-Fix-post-copy-migration-on-the-source.patch Normal file
View File

@ -0,0 +1,110 @@
From 91a37e3641afbd29067cd945ca14a6572e4d4897 Mon Sep 17 00:00:00 2001
Message-Id: <91a37e3641afbd29067cd945ca14a6572e4d4897@dist-git>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Thu, 15 Nov 2018 11:16:43 +0100
Subject: [PATCH] qemu: Fix post-copy migration on the source
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Post-copy migration has been broken on the source since commit
v3.8.0-245-g32c29f10db which implemented support for
pause-before-switchover QEMU migration capability.
Even though the migration itself went well, the source did not really
know when it switched to the post-copy mode despite the messages logged
by MIGRATION event handler. As a result of this, the events emitted by
source libvirtd were not accurate and statistics of the completed
migration would cover only the pre-copy part of migration. Moreover, if
migration failed during the post-copy phase for some reason, the source
libvirtd would just happily resume the domain, which could lead to disk
corruption.
With the pause-before-switchover capability enabled, the order of events
emitted by QEMU changed:
pause-before-switchover
disabled enabled
MIGRATION, postcopy-active STOP
STOP MIGRATION, pre-switchover
MIGRATION, postcopy-active
The STOP even handler checks the migration status (postcopy-active) and
sets the domain state accordingly. Which is sufficient when
pause-before-switchover is disabled, but once we enable it, the
migration status is still active when we get STOP from QEMU. Thus the
domain state set in the STOP handler has to be corrected once we are
notified that migration changed to postcopy-active.
This results in two SUSPENDED events to be emitted by the source
libvirtd during post-copy migration. The first one with
VIR_DOMAIN_EVENT_SUSPENDED_MIGRATED detail, while the second one reports
the corrected VIR_DOMAIN_EVENT_SUSPENDED_POSTCOPY detail. This is
inevitable because we don't know whether migration will eventually
switch to post-copy at the time we emit the first event.
https://bugzilla.redhat.com/show_bug.cgi?id=1647365
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit eca9d21e6cc8129ec4426fbf1ace30e215b9cfbc)
https://bugzilla.redhat.com/show_bug.cgi?id=1649169
https://bugzilla.redhat.com/show_bug.cgi?id=1654732
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_process.c | 26 +++++++++++++++++++++++++-
1 file changed, 25 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 4b99fbd835..2d2954ba18 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -1522,9 +1522,13 @@ static int
qemuProcessHandleMigrationStatus(qemuMonitorPtr mon ATTRIBUTE_UNUSED,
virDomainObjPtr vm,
int status,
- void *opaque ATTRIBUTE_UNUSED)
+ void *opaque)
{
qemuDomainObjPrivatePtr priv;
+ virQEMUDriverPtr driver = opaque;
+ virObjectEventPtr event = NULL;
+ virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
+ int reason;
virObjectLock(vm);
@@ -1541,8 +1545,28 @@ qemuProcessHandleMigrationStatus(qemuMonitorPtr mon ATTRIBUTE_UNUSED,
priv->job.current->stats.mig.status = status;
virDomainObjBroadcast(vm);
+ if (status == QEMU_MONITOR_MIGRATION_STATUS_POSTCOPY &&
+ virDomainObjGetState(vm, &reason) == VIR_DOMAIN_PAUSED &&
+ reason == VIR_DOMAIN_PAUSED_MIGRATION) {
+ VIR_DEBUG("Correcting paused state reason for domain %s to %s",
+ vm->def->name,
+ virDomainPausedReasonTypeToString(VIR_DOMAIN_PAUSED_POSTCOPY));
+
+ virDomainObjSetState(vm, VIR_DOMAIN_PAUSED, VIR_DOMAIN_PAUSED_POSTCOPY);
+ event = virDomainEventLifecycleNewFromObj(vm,
+ VIR_DOMAIN_EVENT_SUSPENDED,
+ VIR_DOMAIN_EVENT_SUSPENDED_POSTCOPY);
+
+ if (virDomainSaveStatus(driver->xmlopt, cfg->stateDir, vm, driver->caps) < 0) {
+ VIR_WARN("Unable to save status on vm %s after state change",
+ vm->def->name);
+ }
+ }
+
cleanup:
virObjectUnlock(vm);
+ virObjectEventStateQueue(driver->domainEventState, event);
+ virObjectUnref(cfg);
return 0;
}
--
2.19.2

143
SOURCES/libvirt-qemu-Fix-probing-of-AMD-SEV-support.patch Normal file
View File

@ -0,0 +1,143 @@
From fb28fc398e318509452a50f59d78d90584ca0c27 Mon Sep 17 00:00:00 2001
Message-Id: <fb28fc398e318509452a50f59d78d90584ca0c27@dist-git>
From: Erik Skultety <eskultet@redhat.com>
Date: Mon, 20 Aug 2018 17:18:52 +0200
Subject: [PATCH] qemu: Fix probing of AMD SEV support
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
So the procedure to detect SEV support works like this:
1) we detect that sev-guest is among the QOM types and set the cap flag
2) we probe the monitor for SEV support
- this is tricky, because QEMU with compiled SEV support will always
report -object sev-guest and query-sev-capabilities command, that
however doesn't mean SEV is supported
3) depending on what the monitor returned, we either keep or clear the
capability flag for SEV
Commit a349c6c21c6 added an explicit check for "GenericError" in the
monitor reply to prevent libvirtd to spam logs about missing
'query-sev-capabilities' command. At the same time though, it returned
success in this case which means that we didn't clear the capability
flag afterwards and happily formatted SEV into qemuCaps. Therefore,
adjust all the relevant callers to handle -1 on errors, 0 on SEV being
unsupported and 1 on SEV being supported.
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
(cherry picked from commit 764491c9dddf063292adf1433769ccccb1a50db6)
https://bugzilla.redhat.com/show_bug.cgi?id=1612009
https://bugzilla.redhat.com/show_bug.cgi?id=1619150
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/qemu/qemu_capabilities.c | 15 ++++++++++----
src/qemu/qemu_monitor_json.c | 20 +++++++++++++++----
.../caps_3.0.0.x86_64.xml | 1 -
3 files changed, 27 insertions(+), 9 deletions(-)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 0fb800589a..55024ad735 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -2695,18 +2695,20 @@ virQEMUCapsProbeQMPGICCapabilities(virQEMUCapsPtr qemuCaps,
}
+/* Returns -1 on error, 0 if SEV is not supported, 1 if SEV is supported */
static int
virQEMUCapsProbeQMPSEVCapabilities(virQEMUCapsPtr qemuCaps,
qemuMonitorPtr mon)
{
+ int rc = -1;
virSEVCapability *caps = NULL;
- if (qemuMonitorGetSEVCapabilities(mon, &caps) < 0)
- return -1;
+ if ((rc = qemuMonitorGetSEVCapabilities(mon, &caps)) <= 0)
+ return rc;
virSEVCapabilitiesFree(qemuCaps->sevCapabilities);
qemuCaps->sevCapabilities = caps;
- return 0;
+ return rc;
}
@@ -4116,7 +4118,12 @@ virQEMUCapsInitQMPMonitor(virQEMUCapsPtr qemuCaps,
/* Probe for SEV capabilities */
if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST)) {
- if (virQEMUCapsProbeQMPSEVCapabilities(qemuCaps, mon) < 0)
+ int rc = virQEMUCapsProbeQMPSEVCapabilities(qemuCaps, mon);
+
+ if (rc < 0)
+ goto cleanup;
+
+ if (rc == 0)
virQEMUCapsClear(qemuCaps, QEMU_CAPS_SEV_GUEST);
}
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index 66c525ed0c..8199556166 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -6425,6 +6425,20 @@ qemuMonitorJSONGetGICCapabilities(qemuMonitorPtr mon,
}
+/**
+ * qemuMonitorJSONGetSEVCapabilities:
+ * @mon: qemu monitor object
+ * @capabilities: pointer to pointer to a SEV capability structure to be filled
+ *
+ * This function queries and fills in AMD's SEV platform-specific data.
+ * Note that from QEMU's POV both -object sev-guest and query-sev-capabilities
+ * can be present even if SEV is not available, which basically leaves us with
+ * checking for JSON "GenericError" in order to differentiate between
+ * compiled-in support and actual SEV support on the platform.
+ *
+ * Returns -1 on error, 0 if SEV is not supported, and 1 if SEV is supported on
+ * the platform.
+ */
int
qemuMonitorJSONGetSEVCapabilities(qemuMonitorPtr mon,
virSEVCapability **capabilities)
@@ -6446,8 +6460,7 @@ qemuMonitorJSONGetSEVCapabilities(qemuMonitorPtr mon,
if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0)
goto cleanup;
- /* Both -object sev-guest and query-sev-capabilities can be present
- * even if SEV is not available */
+ /* QEMU has only compiled-in support of SEV */
if (qemuMonitorJSONHasError(reply, "GenericError")) {
ret = 0;
goto cleanup;
@@ -6499,8 +6512,7 @@ qemuMonitorJSONGetSEVCapabilities(qemuMonitorPtr mon,
capability->cbitpos = cbitpos;
capability->reduced_phys_bits = reduced_phys_bits;
VIR_STEAL_PTR(*capabilities, capability);
- ret = 0;
-
+ ret = 1;
cleanup:
virSEVCapabilitiesFree(capability);
virJSONValueFree(cmd);
diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml
index 4bc7cfeebc..8992d645e7 100644
--- a/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml
@@ -212,7 +212,6 @@
<flag name='tpm-emulator'/>
<flag name='mch'/>
<flag name='mch.extended-tseg-mbytes'/>
- <flag name='sev-guest'/>
<flag name='usb-storage.werror'/>
<flag name='egl-headless'/>
<flag name='vfio-pci.display'/>
--
2.18.0

40
SOURCES/libvirt-qemu-Fix-setting-global_period-cputune-element.patch Normal file
View File

@ -0,0 +1,40 @@
From 2f149d2853b4c8184ed75c82dd7bda1036e7f571 Mon Sep 17 00:00:00 2001
Message-Id: <2f149d2853b4c8184ed75c82dd7bda1036e7f571@dist-git>
From: Katerina Koukiou <kkoukiou@redhat.com>
Date: Mon, 16 Jul 2018 15:45:17 +0200
Subject: [PATCH] qemu: Fix setting global_period cputune element
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When VIR_DOMAIN_SCHEDULER_GLOBAL_PERIOD is matched "cputune.global_period"
should be updated and not "cputune.period".
Signed-off-by: Katerina Koukiou <kkoukiou@redhat.com>
https://bugzilla.redhat.com/show_bug.cgi?id=1600427
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 74b5634b77b388a454303a2be0b4d704e261305f)
Signed-off-by: Katerina Koukiou <kkoukiou@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/qemu/qemu_driver.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 868ef9d406..670651a75d 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -10570,7 +10570,7 @@ qemuDomainSetSchedulerParametersFlags(virDomainPtr dom,
}
if (persistentDef)
- persistentDefCopy->cputune.period = value_ul;
+ persistentDefCopy->cputune.global_period = value_ul;
} else if (STREQ(param->field, VIR_DOMAIN_SCHEDULER_GLOBAL_QUOTA)) {
SCHED_RANGE_CHECK(value_l, VIR_DOMAIN_SCHEDULER_GLOBAL_QUOTA,
--
2.18.0

68
SOURCES/libvirt-qemu-Format-nested-hv-feature-on-the-command-line.patch Normal file
View File

@ -0,0 +1,68 @@
From eaa86279ad7a2a0e341b5270060f250e24d47af4 Mon Sep 17 00:00:00 2001
Message-Id: <eaa86279ad7a2a0e341b5270060f250e24d47af4@dist-git>
From: Andrea Bolognani <abologna@redhat.com>
Date: Tue, 4 Dec 2018 16:46:20 +0100
Subject: [PATCH] qemu: Format nested-hv feature on the command line
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
(cherry picked from commit c54d3d00ae1f9cd3f983d8e8c1def551d6ddf9b7)
https://bugzilla.redhat.com/show_bug.cgi?id=1647822
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/qemu/qemu_command.c | 20 ++++++++++++++++++++
tests/qemuxml2argvdata/pseries-features.args | 2 +-
2 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 320ecd902c..c706a4b095 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -7399,6 +7399,26 @@ qemuBuildMachineCommandLine(virCommandPtr cmd,
virBufferAsprintf(&buf, ",cap-htm=%s", str);
}
+ if (def->features[VIR_DOMAIN_FEATURE_NESTED_HV] != VIR_TRISTATE_SWITCH_ABSENT) {
+ const char *str;
+
+ if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_MACHINE_PSERIES_CAP_NESTED_HV)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Nested HV configuration is not supported by "
+ "this QEMU binary"));
+ goto cleanup;
+ }
+
+ str = virTristateSwitchTypeToString(def->features[VIR_DOMAIN_FEATURE_NESTED_HV]);
+ if (!str) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Invalid setting for nested HV state"));
+ goto cleanup;
+ }
+
+ virBufferAsprintf(&buf, ",cap-nested-hv=%s", str);
+ }
+
if (cpu && cpu->model &&
cpu->mode == VIR_CPU_MODE_HOST_MODEL &&
qemuDomainIsPSeries(def) &&
diff --git a/tests/qemuxml2argvdata/pseries-features.args b/tests/qemuxml2argvdata/pseries-features.args
index 226d43df44..2b0a2aa93b 100644
--- a/tests/qemuxml2argvdata/pseries-features.args
+++ b/tests/qemuxml2argvdata/pseries-features.args
@@ -8,7 +8,7 @@ QEMU_AUDIO_DRV=none \
-name guest \
-S \
-machine pseries,accel=tcg,usb=off,dump-guest-core=off,resize-hpt=required,\
-cap-hpt-max-page-size=1048576k,cap-htm=on \
+cap-hpt-max-page-size=1048576k,cap-htm=on,cap-nested-hv=off \
-m 512 \
-smp 1,sockets=1,cores=1,threads=1 \
-uuid 1ccfd97d-5eb4-478a-bbe6-88d254c16db7 \
--
2.20.1

102
SOURCES/libvirt-qemu-Format-the-HTM-pSeries-feature.patch Normal file
View File

@ -0,0 +1,102 @@
From 62e42f5b6d56ac400274695dc3bd6499219e41b7 Mon Sep 17 00:00:00 2001
Message-Id: <62e42f5b6d56ac400274695dc3bd6499219e41b7@dist-git>
From: Andrea Bolognani <abologna@redhat.com>
Date: Tue, 3 Jul 2018 15:25:17 +0200
Subject: [PATCH] qemu: Format the HTM pSeries feature
This makes the feature fully operational.
https://bugzilla.redhat.com/show_bug.cgi?id=1525599
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
(cherry picked from commit d4c11171076edfb2e603804e79edf7ccc3cce5dc)
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: David Gibson <dgibson@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_command.c | 20 ++++++++++++++++++++
src/qemu/qemu_domain.c | 14 +++++++++++++-
tests/qemuxml2argvdata/pseries-features.args | 2 +-
3 files changed, 34 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index c1eefca639..4120e4f983 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -7327,6 +7327,26 @@ qemuBuildMachineCommandLine(virCommandPtr cmd,
}
}
+ if (def->features[VIR_DOMAIN_FEATURE_HTM] != VIR_TRISTATE_SWITCH_ABSENT) {
+ const char *str;
+
+ if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_MACHINE_PSERIES_CAP_HTM)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("HTM configuration is not supported by this "
+ "QEMU binary"));
+ goto cleanup;
+ }
+
+ str = virTristateSwitchTypeToString(def->features[VIR_DOMAIN_FEATURE_HTM]);
+ if (!str) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Invalid setting for HTM state"));
+ goto cleanup;
+ }
+
+ virBufferAsprintf(&buf, ",cap-htm=%s", str);
+ }
+
if (cpu && cpu->model &&
cpu->mode == VIR_CPU_MODE_HOST_MODEL &&
qemuDomainIsPSeries(def) &&
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 0eacad1e44..3f3bb94685 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -3852,6 +3852,19 @@ qemuDomainDefValidateFeatures(const virDomainDef *def,
}
break;
+ case VIR_DOMAIN_FEATURE_HTM:
+ if (def->features[i] != VIR_TRISTATE_SWITCH_ABSENT &&
+ !qemuDomainIsPSeries(def)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("The '%s' feature is not supported for "
+ "architecture '%s' or machine type '%s'"),
+ featureName,
+ virArchToString(def->os.arch),
+ def->os.machine);
+ return -1;
+ }
+ break;
+
case VIR_DOMAIN_FEATURE_ACPI:
case VIR_DOMAIN_FEATURE_APIC:
case VIR_DOMAIN_FEATURE_PAE:
@@ -3865,7 +3878,6 @@ qemuDomainDefValidateFeatures(const virDomainDef *def,
case VIR_DOMAIN_FEATURE_PMU:
case VIR_DOMAIN_FEATURE_VMPORT:
case VIR_DOMAIN_FEATURE_VMCOREINFO:
- case VIR_DOMAIN_FEATURE_HTM:
case VIR_DOMAIN_FEATURE_LAST:
break;
}
diff --git a/tests/qemuxml2argvdata/pseries-features.args b/tests/qemuxml2argvdata/pseries-features.args
index 12c14715c6..226d43df44 100644
--- a/tests/qemuxml2argvdata/pseries-features.args
+++ b/tests/qemuxml2argvdata/pseries-features.args
@@ -8,7 +8,7 @@ QEMU_AUDIO_DRV=none \
-name guest \
-S \
-machine pseries,accel=tcg,usb=off,dump-guest-core=off,resize-hpt=required,\
-cap-hpt-max-page-size=1048576k \
+cap-hpt-max-page-size=1048576k,cap-htm=on \
-m 512 \
-smp 1,sockets=1,cores=1,threads=1 \
-uuid 1ccfd97d-5eb4-478a-bbe6-88d254c16db7 \
--
2.18.0

88
SOURCES/libvirt-qemu-Ignore-nwfilter-binding-instantiation-issues-during-reconnect.patch Normal file
View File

@ -0,0 +1,88 @@
From d749a84b9728b4c1a46c9e6efbab5732688d03c2 Mon Sep 17 00:00:00 2001
Message-Id: <d749a84b9728b4c1a46c9e6efbab5732688d03c2@dist-git>
From: John Ferlan <jferlan@redhat.com>
Date: Sat, 10 Nov 2018 08:50:06 -0500
Subject: [PATCH] qemu: Ignore nwfilter binding instantiation issues during
reconnect
https://bugzilla.redhat.com/show_bug.cgi?id=1648544 (RHEL8)
https://bugzilla.redhat.com/show_bug.cgi?id=1607202 (RHEL7)
It's essentially stated in the nwfilterBindingDelete that we
will allow the admin to shoot themselves in the foot by deleting
the nwfilter binding which then allows them to undefine the
nwfilter that is in use for the running guest...
However, by allowing this we cause a problem for libvirtd
restart reconnect processing which would then try to recreate
the missing binding attempting to use the deleted filter
resulting in an error and thus shutting the guest down.
So rather than keep adding virDomainConfNWFilterInstantiate
flags to "ignore" specific error conditions, modify the logic
to ignore, but VIR_WARN errors other than ignoreExists. This
will at least allow the guest to not shutdown for only nwfilter
binding errors that we can now perhaps recover from since we
have the binding create/delete capability.
Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 9e52c6496650d1412662a9e6cf98301141fbbbca)
Reviewed-by: Erik Skultety <eskultet@redhat.com>
---
src/qemu/qemu_process.c | 24 ++++++++++++++++--------
1 file changed, 16 insertions(+), 8 deletions(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index e4b19b938c..8ba14abfa4 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -3136,20 +3136,29 @@ qemuProcessNotifyNets(virDomainDefPtr def)
}
}
-static int
-qemuProcessFiltersInstantiate(virDomainDefPtr def, bool ignoreExists)
+/* Attempt to instantiate the filters. Ignore failures because it's
+ * possible that someone deleted a filter binding and the associated
+ * filter while the guest was running and we don't want that action
+ * to cause failure to keep the guest running during the reconnection
+ * processing. Nor do we necessarily want other failures to do the
+ * same. We'll just log the error conditions other than of course
+ * ignoreExists possibility (e.g. the true flag) */
+static void
+qemuProcessFiltersInstantiate(virDomainDefPtr def)
{
size_t i;
for (i = 0; i < def->nnets; i++) {
virDomainNetDefPtr net = def->nets[i];
if ((net->filter) && (net->ifname)) {
- if (virDomainConfNWFilterInstantiate(def->name, def->uuid, net, ignoreExists) < 0)
- return 1;
+ if (virDomainConfNWFilterInstantiate(def->name, def->uuid, net,
+ true) < 0) {
+ VIR_WARN("filter '%s' instantiation for '%s' failed '%s'",
+ net->filter, net->ifname, virGetLastErrorMessage());
+ virResetLastError();
+ }
}
}
-
- return 0;
}
static int
@@ -7782,8 +7791,7 @@ qemuProcessReconnect(void *opaque)
qemuProcessNotifyNets(obj->def);
- if (qemuProcessFiltersInstantiate(obj->def, true))
- goto error;
+ qemuProcessFiltersInstantiate(obj->def);
if (qemuProcessRefreshDisks(driver, obj, QEMU_ASYNC_JOB_NONE) < 0)
goto error;
--
2.19.2

109
SOURCES/libvirt-qemu-Introduce-QEMU_CAPS_MACHINE_PSERIES_CAP_NESTED_HV.patch Normal file
View File

@ -0,0 +1,109 @@
From 445b61e0c0f68d91a5e7bad7fb12b82005dd0e85 Mon Sep 17 00:00:00 2001
Message-Id: <445b61e0c0f68d91a5e7bad7fb12b82005dd0e85@dist-git>
From: Andrea Bolognani <abologna@redhat.com>
Date: Tue, 4 Dec 2018 16:46:18 +0100
Subject: [PATCH] qemu: Introduce QEMU_CAPS_MACHINE_PSERIES_CAP_NESTED_HV
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
(cherry picked from commit 0029eace520bfc0cbb1b176611304401ea9eae8f)
Conflicts in
src/qemu/qemu_capabilities.c
src/qemu/qemu_capabilities.h
because we're missing
29ad952f7e qemu: Introduce zPCI capability
21b18ea5d9 qemu: add memory-backend-memfd capability check
a6fd5b596a qemu: check memory-backend-memfd.hugetlb capability
9aec374b01 qemu: Detect whether iothread polling is supported
downstream.
https://bugzilla.redhat.com/show_bug.cgi?id=1647822
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/qemu/qemu_capabilities.c | 2 ++
src/qemu/qemu_capabilities.h | 1 +
tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml | 1 +
tests/qemuxml2argvtest.c | 1 +
tests/qemuxml2xmltest.c | 1 +
5 files changed, 6 insertions(+)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index feef102874..57b1b99076 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -508,6 +508,7 @@ VIR_ENUM_IMPL(virQEMUCaps, QEMU_CAPS_LAST,
/* 315 */
"vfio-pci.display",
"vfio-ap",
+ "machine.pseries.cap-nested-hv",
);
@@ -1439,6 +1440,7 @@ static struct virQEMUCapsStringFlags virQEMUCapsObjectPropsMemoryBackendFile[] =
static struct virQEMUCapsStringFlags virQEMUCapsObjectPropsSPAPRMachine[] = {
{ "cap-hpt-max-page-size", QEMU_CAPS_MACHINE_PSERIES_CAP_HPT_MAX_PAGE_SIZE },
{ "cap-htm", QEMU_CAPS_MACHINE_PSERIES_CAP_HTM },
+ { "cap-nested-hv", QEMU_CAPS_MACHINE_PSERIES_CAP_NESTED_HV },
};
static virQEMUCapsObjectTypeProps virQEMUCapsObjectProps[] = {
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 1a9e5386a8..0c06081107 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -492,6 +492,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */
/* 315 */
QEMU_CAPS_VFIO_PCI_DISPLAY, /* -device vfio-pci.display */
QEMU_CAPS_DEVICE_VFIO_AP, /* -device vfio-ap */
+ QEMU_CAPS_MACHINE_PSERIES_CAP_NESTED_HV, /* -machine pseries.cap-nested-hv */
QEMU_CAPS_LAST /* this must always be the last item */
} virQEMUCapsFlags;
diff --git a/tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml b/tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml
index bdd339c54a..279e946e2a 100644
--- a/tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml
@@ -171,6 +171,7 @@
<flag name='usb-storage.werror'/>
<flag name='egl-headless'/>
<flag name='vfio-pci.display'/>
+ <flag name='machine.pseries.cap-nested-hv'/>
<version>3000091</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>439018</microcodeVersion>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 13e95fe28a..0908bc5d08 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1886,6 +1886,7 @@ mymain(void)
QEMU_CAPS_DEVICE_SPAPR_PCI_HOST_BRIDGE,
QEMU_CAPS_MACHINE_PSERIES_CAP_HPT_MAX_PAGE_SIZE,
QEMU_CAPS_MACHINE_PSERIES_CAP_HTM,
+ QEMU_CAPS_MACHINE_PSERIES_CAP_NESTED_HV,
QEMU_CAPS_MACHINE_PSERIES_RESIZE_HPT);
DO_TEST_FAILURE("pseries-features",
QEMU_CAPS_DEVICE_SPAPR_PCI_HOST_BRIDGE);
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index b76410b2c1..db088fff6b 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -627,6 +627,7 @@ mymain(void)
QEMU_CAPS_DEVICE_SPAPR_PCI_HOST_BRIDGE,
QEMU_CAPS_MACHINE_PSERIES_CAP_HPT_MAX_PAGE_SIZE,
QEMU_CAPS_MACHINE_PSERIES_CAP_HTM,
+ QEMU_CAPS_MACHINE_PSERIES_CAP_NESTED_HV,
QEMU_CAPS_MACHINE_PSERIES_RESIZE_HPT);
DO_TEST("pseries-serial-native",
--
2.20.1

908
SOURCES/libvirt-qemu-Introduce-a-new-graphics-display-type-headless.patch Normal file
View File

@ -0,0 +1,908 @@
From d6226c73df11563b6ea1ae1454ca57561b3ea665 Mon Sep 17 00:00:00 2001
Message-Id: <d6226c73df11563b6ea1ae1454ca57561b3ea665@dist-git>
From: Erik Skultety <eskultet@redhat.com>
Date: Thu, 19 Jul 2018 15:03:58 +0200
Subject: [PATCH] qemu: Introduce a new graphics display type 'headless'
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Since 2.10 QEMU supports a new display type egl-headless which uses the
drm nodes for OpenGL rendering copying back the rendered bits back to
QEMU into a dma-buf which can be accessed by standard "display" apps
like VNC or SPICE. Although this display type can be used on its own,
for any practical use case it makes sense to pair it with either VNC or
SPICE display. The clear benefit of this display is that VNC gains
OpenGL support, which it natively doesn't have, and SPICE gains remote
OpenGL support (native OpenGL support only works locally through a UNIX
socket, i.e. listen type=socket/none).
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Erik Skultety <eskultet@redhat.com>
(cherry picked from commit d8266ebe1615c4b043db6b8d486465722cdd0ef8)
https://bugzilla.redhat.com/show_bug.cgi?id=1475770
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
docs/formatdomain.html.in | 33 +++++++++-
docs/schemas/domaincommon.rng | 3 +
src/conf/domain_conf.c | 6 +-
src/conf/domain_conf.h | 1 +
src/libxl/libxl_conf.c | 1 +
src/qemu/qemu_command.c | 14 ++++-
src/qemu/qemu_domain.c | 60 ++++++++++++++++++-
src/qemu/qemu_driver.c | 2 +
src/qemu/qemu_hotplug.c | 1 +
src/qemu/qemu_process.c | 4 ++
src/vmx/vmx.c | 1 +
tests/domaincapsschemadata/full.xml | 1 +
.../graphics-egl-headless.args | 26 ++++++++
.../graphics-egl-headless.xml | 31 ++++++++++
.../graphics-sdl-egl-headless.xml | 35 +++++++++++
.../graphics-spice-egl-headless.args | 31 ++++++++++
.../graphics-spice-egl-headless.xml | 36 +++++++++++
.../graphics-spice-invalid-egl-headless.xml | 37 ++++++++++++
.../graphics-vnc-egl-headless.args | 28 +++++++++
.../graphics-vnc-egl-headless.xml | 37 ++++++++++++
tests/qemuxml2argvtest.c | 17 ++++++
.../graphics-spice-egl-headless.xml | 44 ++++++++++++++
.../graphics-vnc-egl-headless.xml | 42 +++++++++++++
tests/qemuxml2xmltest.c | 2 +
24 files changed, 488 insertions(+), 5 deletions(-)
create mode 100644 tests/qemuxml2argvdata/graphics-egl-headless.args
create mode 100644 tests/qemuxml2argvdata/graphics-egl-headless.xml
create mode 100644 tests/qemuxml2argvdata/graphics-sdl-egl-headless.xml
create mode 100644 tests/qemuxml2argvdata/graphics-spice-egl-headless.args
create mode 100644 tests/qemuxml2argvdata/graphics-spice-egl-headless.xml
create mode 100644 tests/qemuxml2argvdata/graphics-spice-invalid-egl-headless.xml
create mode 100644 tests/qemuxml2argvdata/graphics-vnc-egl-headless.args
create mode 100644 tests/qemuxml2argvdata/graphics-vnc-egl-headless.xml
create mode 100644 tests/qemuxml2xmloutdata/graphics-spice-egl-headless.xml
create mode 100644 tests/qemuxml2xmloutdata/graphics-vnc-egl-headless.xml
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index a3afe137bf..9dd22554ad 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -6299,7 +6299,8 @@ qemu-kvm -net nic,model=? /dev/null
<p>
The <code>graphics</code> element has a mandatory <code>type</code>
attribute which takes the value <code>sdl</code>, <code>vnc</code>,
- <code>spice</code>, <code>rdp</code> or <code>desktop</code>:
+ <code>spice</code>, <code>rdp</code>, <code>desktop</code> or
+ <code>egl-headless</code>:
</p>
<dl>
<dt><code>sdl</code></dt>
@@ -6358,6 +6359,11 @@ qemu-kvm -net nic,model=? /dev/null
auto-allocation and <code>autoport</code> having no effect due to
security reasons) <span class="since">Since 1.0.6</span>.
</p>
+ <p>
+ Although VNC doesn't support OpenGL natively, it can be paired
+ with graphics type <code>egl-headless</code> (see below) which
+ will instruct QEMU to open and use drm nodes for OpenGL rendering.
+ </p>
</dd>
<dt><code>spice</code> <span class="since">Since 0.8.6</span></dt>
<dd>
@@ -6463,6 +6469,12 @@ qemu-kvm -net nic,model=? /dev/null
You can enable or disable OpenGL support explicitly with
the <code>gl</code> element, by setting the <code>enable</code>
property. (QEMU only, <span class="since">since 1.3.3</span>).
+ Note that this only works locally, since this requires usage of
+ UNIX sockets, i.e. using <code>listen</code> types 'socket' or
+ 'none'. For accelerated OpenGL with remote support, consider
+ pairing this element with type <code>egl-headless</code>
+ (see below). However, this will deliver weaker performance
+ compared to native Spice OpenGL support.
</p>
<p>
By default, QEMU will pick the first available GPU DRM render node.
@@ -6498,6 +6510,25 @@ qemu-kvm -net nic,model=? /dev/null
<code>fullscreen</code>.
</p>
</dd>
+ <dt><code>egl-headless</code><span class="since">Since 4.6.0</span></dt>
+ <dd>
+ <p>
+ This display type provides support for an OpenGL accelerated
+ display accessible both locally and remotely (for comparison,
+ Spice's native OpenGL support only works locally using UNIX
+ sockets at the moment, but has better performance). Since this
+ display type doesn't provide any window or graphical console like
+ the other types, for practical reasons it should be paired with
+ either <code>vnc</code> or <code>spice</code> graphics types.
+ This display type is only supported by QEMU domains
+ (needs QEMU <span class="since">2.10</span> or newer) and doesn't
+ accept any attributes.
+ </p>
+ <pre>
+&lt;graphics type='spice' autoport='yes'/&gt;
+&lt;graphics type='egl-headless'/&gt;
+ </pre>
+ </dd>
</dl>
</dd>
</dl>
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index f24a56392a..157726752c 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -3366,6 +3366,9 @@
</attribute>
</optional>
</group>
+ <attribute name="type">
+ <value>egl-headless</value>
+ </attribute>
</choice>
</element>
</define>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index db8e17dac4..fa4dfafcff 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -615,7 +615,8 @@ VIR_ENUM_IMPL(virDomainGraphics, VIR_DOMAIN_GRAPHICS_TYPE_LAST,
"vnc",
"rdp",
"desktop",
- "spice")
+ "spice",
+ "egl-headless")
VIR_ENUM_IMPL(virDomainGraphicsListen, VIR_DOMAIN_GRAPHICS_LISTEN_TYPE_LAST,
"none",
@@ -1426,6 +1427,7 @@ void virDomainGraphicsDefFree(virDomainGraphicsDefPtr def)
virDomainGraphicsAuthDefClear(&def->data.spice.auth);
break;
+ case VIR_DOMAIN_GRAPHICS_TYPE_EGL_HEADLESS:
case VIR_DOMAIN_GRAPHICS_TYPE_LAST:
break;
}
@@ -14172,6 +14174,7 @@ virDomainGraphicsDefParseXML(xmlNodePtr node,
if (virDomainGraphicsDefParseXMLSpice(def, node, ctxt, flags) < 0)
goto error;
break;
+ case VIR_DOMAIN_GRAPHICS_TYPE_EGL_HEADLESS:
case VIR_DOMAIN_GRAPHICS_TYPE_LAST:
break;
}
@@ -26404,6 +26407,7 @@ virDomainGraphicsDefFormat(virBufferPtr buf,
virDomainGraphicsAuthDefFormatAttr(buf, &def->data.spice.auth, flags);
break;
+ case VIR_DOMAIN_GRAPHICS_TYPE_EGL_HEADLESS:
case VIR_DOMAIN_GRAPHICS_TYPE_LAST:
break;
}
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 0f10e242fd..26f75b15d0 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1473,6 +1473,7 @@ typedef enum {
VIR_DOMAIN_GRAPHICS_TYPE_RDP,
VIR_DOMAIN_GRAPHICS_TYPE_DESKTOP,
VIR_DOMAIN_GRAPHICS_TYPE_SPICE,
+ VIR_DOMAIN_GRAPHICS_TYPE_EGL_HEADLESS,
VIR_DOMAIN_GRAPHICS_TYPE_LAST
} virDomainGraphicsType;
diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c
index 452a77f3b8..cda4eb9d31 100644
--- a/src/libxl/libxl_conf.c
+++ b/src/libxl/libxl_conf.c
@@ -1441,6 +1441,7 @@ libxlMakeVfb(virPortAllocatorRangePtr graphicsports,
case VIR_DOMAIN_GRAPHICS_TYPE_RDP:
case VIR_DOMAIN_GRAPHICS_TYPE_DESKTOP:
case VIR_DOMAIN_GRAPHICS_TYPE_SPICE:
+ case VIR_DOMAIN_GRAPHICS_TYPE_EGL_HEADLESS:
case VIR_DOMAIN_GRAPHICS_TYPE_LAST:
break;
}
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index fed4f8faf9..8915040c6a 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -8212,6 +8212,7 @@ qemuBuildGraphicsSPICECommandLine(virQEMUDriverConfigPtr cfg,
return -1;
}
+
static int
qemuBuildGraphicsCommandLine(virQEMUDriverConfigPtr cfg,
virCommandPtr cmd,
@@ -8241,6 +8242,11 @@ qemuBuildGraphicsCommandLine(virQEMUDriverConfigPtr cfg,
qemuCaps, graphics) < 0)
return -1;
+ break;
+ case VIR_DOMAIN_GRAPHICS_TYPE_EGL_HEADLESS:
+ virCommandAddArg(cmd, "-display");
+ virCommandAddArg(cmd, "egl-headless");
+
break;
case VIR_DOMAIN_GRAPHICS_TYPE_RDP:
case VIR_DOMAIN_GRAPHICS_TYPE_DESKTOP:
@@ -10068,6 +10074,7 @@ qemuBuildCommandLineValidate(virQEMUDriverPtr driver,
int sdl = 0;
int vnc = 0;
int spice = 0;
+ int egl_headless = 0;
if (!virQEMUDriverIsPrivileged(driver)) {
/* If we have no cgroups then we can have no tunings that
@@ -10109,6 +10116,9 @@ qemuBuildCommandLineValidate(virQEMUDriverPtr driver,
case VIR_DOMAIN_GRAPHICS_TYPE_SPICE:
++spice;
break;
+ case VIR_DOMAIN_GRAPHICS_TYPE_EGL_HEADLESS:
+ ++egl_headless;
+ break;
case VIR_DOMAIN_GRAPHICS_TYPE_RDP:
case VIR_DOMAIN_GRAPHICS_TYPE_DESKTOP:
case VIR_DOMAIN_GRAPHICS_TYPE_LAST:
@@ -10116,10 +10126,10 @@ qemuBuildCommandLineValidate(virQEMUDriverPtr driver,
}
}
- if (sdl > 1 || vnc > 1 || spice > 1) {
+ if (sdl > 1 || vnc > 1 || spice > 1 || egl_headless > 1) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("only 1 graphics device of each type "
- "(sdl, vnc, spice) is supported"));
+ "(sdl, vnc, spice, headless) is supported"));
return -1;
}
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index a42a6df91b..9498594857 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -5502,6 +5502,60 @@ qemuDomainDeviceDefValidateTPM(virDomainTPMDef *tpm,
}
+static int
+qemuDomainDeviceDefValidateGraphics(const virDomainGraphicsDef *graphics,
+ const virDomainDef *def,
+ virQEMUCapsPtr qemuCaps)
+{
+ bool have_egl_headless = false;
+ size_t i;
+
+ for (i = 0; i < def->ngraphics; i++) {
+ graphics = def->graphics[i];
+
+ if (graphics->type == VIR_DOMAIN_GRAPHICS_TYPE_EGL_HEADLESS) {
+ have_egl_headless = true;
+ break;
+ }
+ }
+
+ /* Only VNC and SPICE can be paired with egl-headless, the other types
+ * either don't make sense to pair with egl-headless or aren't even
+ * supported by QEMU.
+ */
+ if (have_egl_headless) {
+ if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_EGL_HEADLESS)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("egl-headless display is not supported with this "
+ "QEMU binary"));
+ return -1;
+ }
+
+ if (graphics->type != VIR_DOMAIN_GRAPHICS_TYPE_EGL_HEADLESS &&
+ graphics->type != VIR_DOMAIN_GRAPHICS_TYPE_VNC &&
+ graphics->type != VIR_DOMAIN_GRAPHICS_TYPE_SPICE) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("graphics type 'egl-headless' is only supported "
+ "with one of: 'vnc', 'spice' graphics types"));
+ return -1;
+ }
+
+ /* '-spice gl=on' and '-display egl-headless' are mutually
+ * exclusive
+ */
+ if (graphics->type == VIR_DOMAIN_GRAPHICS_TYPE_SPICE &&
+ graphics->data.spice.gl == VIR_TRISTATE_BOOL_YES) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("multiple OpenGL displays are not supported "
+ "by QEMU"));
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+
static int
qemuDomainDeviceDefValidate(const virDomainDeviceDef *dev,
const virDomainDef *def,
@@ -5569,11 +5623,15 @@ qemuDomainDeviceDefValidate(const virDomainDeviceDef *dev,
ret = qemuDomainDeviceDefValidateTPM(dev->data.tpm, def);
break;
+ case VIR_DOMAIN_DEVICE_GRAPHICS:
+ ret = qemuDomainDeviceDefValidateGraphics(dev->data.graphics, def,
+ qemuCaps);
+ break;
+
case VIR_DOMAIN_DEVICE_LEASE:
case VIR_DOMAIN_DEVICE_FS:
case VIR_DOMAIN_DEVICE_INPUT:
case VIR_DOMAIN_DEVICE_SOUND:
- case VIR_DOMAIN_DEVICE_GRAPHICS:
case VIR_DOMAIN_DEVICE_HUB:
case VIR_DOMAIN_DEVICE_MEMBALLOON:
case VIR_DOMAIN_DEVICE_NVRAM:
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 670651a75d..3158f217fa 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -18118,6 +18118,7 @@ qemuDomainOpenGraphics(virDomainPtr dom,
case VIR_DOMAIN_GRAPHICS_TYPE_SDL:
case VIR_DOMAIN_GRAPHICS_TYPE_RDP:
case VIR_DOMAIN_GRAPHICS_TYPE_DESKTOP:
+ case VIR_DOMAIN_GRAPHICS_TYPE_EGL_HEADLESS:
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("Can only open VNC or SPICE graphics backends, not %s"),
virDomainGraphicsTypeToString(vm->def->graphics[idx]->type));
@@ -18186,6 +18187,7 @@ qemuDomainOpenGraphicsFD(virDomainPtr dom,
case VIR_DOMAIN_GRAPHICS_TYPE_SDL:
case VIR_DOMAIN_GRAPHICS_TYPE_RDP:
case VIR_DOMAIN_GRAPHICS_TYPE_DESKTOP:
+ case VIR_DOMAIN_GRAPHICS_TYPE_EGL_HEADLESS:
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("Can only open VNC or SPICE graphics backends, not %s"),
virDomainGraphicsTypeToString(vm->def->graphics[idx]->type));
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 91a751a2fe..053ddb14ec 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -3699,6 +3699,7 @@ qemuDomainChangeGraphics(virQEMUDriverPtr driver,
case VIR_DOMAIN_GRAPHICS_TYPE_SDL:
case VIR_DOMAIN_GRAPHICS_TYPE_RDP:
case VIR_DOMAIN_GRAPHICS_TYPE_DESKTOP:
+ case VIR_DOMAIN_GRAPHICS_TYPE_EGL_HEADLESS:
virReportError(VIR_ERR_INTERNAL_ERROR,
_("unable to change config on '%s' graphics type"), type);
break;
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index c903a8e5c8..a4b1f97df5 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -4467,6 +4467,7 @@ qemuProcessGraphicsReservePorts(virDomainGraphicsDefPtr graphics,
case VIR_DOMAIN_GRAPHICS_TYPE_SDL:
case VIR_DOMAIN_GRAPHICS_TYPE_RDP:
case VIR_DOMAIN_GRAPHICS_TYPE_DESKTOP:
+ case VIR_DOMAIN_GRAPHICS_TYPE_EGL_HEADLESS:
case VIR_DOMAIN_GRAPHICS_TYPE_LAST:
break;
}
@@ -4505,6 +4506,7 @@ qemuProcessGraphicsAllocatePorts(virQEMUDriverPtr driver,
case VIR_DOMAIN_GRAPHICS_TYPE_SDL:
case VIR_DOMAIN_GRAPHICS_TYPE_RDP:
case VIR_DOMAIN_GRAPHICS_TYPE_DESKTOP:
+ case VIR_DOMAIN_GRAPHICS_TYPE_EGL_HEADLESS:
case VIR_DOMAIN_GRAPHICS_TYPE_LAST:
break;
}
@@ -4657,6 +4659,7 @@ qemuProcessGraphicsSetupListen(virQEMUDriverPtr driver,
case VIR_DOMAIN_GRAPHICS_TYPE_SDL:
case VIR_DOMAIN_GRAPHICS_TYPE_RDP:
case VIR_DOMAIN_GRAPHICS_TYPE_DESKTOP:
+ case VIR_DOMAIN_GRAPHICS_TYPE_EGL_HEADLESS:
case VIR_DOMAIN_GRAPHICS_TYPE_LAST:
break;
}
@@ -4944,6 +4947,7 @@ qemuProcessStartValidateGraphics(virDomainObjPtr vm)
case VIR_DOMAIN_GRAPHICS_TYPE_SDL:
case VIR_DOMAIN_GRAPHICS_TYPE_RDP:
case VIR_DOMAIN_GRAPHICS_TYPE_DESKTOP:
+ case VIR_DOMAIN_GRAPHICS_TYPE_EGL_HEADLESS:
case VIR_DOMAIN_GRAPHICS_TYPE_LAST:
break;
}
diff --git a/src/vmx/vmx.c b/src/vmx/vmx.c
index fe24b060d7..937bf0c96b 100644
--- a/src/vmx/vmx.c
+++ b/src/vmx/vmx.c
@@ -3282,6 +3282,7 @@ virVMXFormatConfig(virVMXContext *ctx, virDomainXMLOptionPtr xmlopt, virDomainDe
case VIR_DOMAIN_GRAPHICS_TYPE_RDP:
case VIR_DOMAIN_GRAPHICS_TYPE_DESKTOP:
case VIR_DOMAIN_GRAPHICS_TYPE_SPICE:
+ case VIR_DOMAIN_GRAPHICS_TYPE_EGL_HEADLESS:
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("Unsupported graphics type '%s'"),
virDomainGraphicsTypeToString(def->graphics[i]->type));
diff --git a/tests/domaincapsschemadata/full.xml b/tests/domaincapsschemadata/full.xml
index d3faf38da0..154c4a6fe9 100644
--- a/tests/domaincapsschemadata/full.xml
+++ b/tests/domaincapsschemadata/full.xml
@@ -59,6 +59,7 @@
<value>rdp</value>
<value>desktop</value>
<value>spice</value>
+ <value>egl-headless</value>
</enum>
</graphics>
<video supported='yes'>
diff --git a/tests/qemuxml2argvdata/graphics-egl-headless.args b/tests/qemuxml2argvdata/graphics-egl-headless.args
new file mode 100644
index 0000000000..fdf540ddfc
--- /dev/null
+++ b/tests/qemuxml2argvdata/graphics-egl-headless.args
@@ -0,0 +1,26 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/home/test \
+USER=test \
+LOGNAME=test \
+/usr/bin/qemu-system-i686 \
+-name QEMUGuest1 \
+-S \
+-machine pc,accel=tcg,usb=off,dump-guest-core=off \
+-m 214 \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,path=/tmp/lib/domain--1-QEMUGuest1/monitor.sock,\
+server,nowait \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-no-acpi \
+-boot c \
+-usb \
+-drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-ide0-0-0 \
+-device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 \
+-display egl-headless \
+-vga cirrus
diff --git a/tests/qemuxml2argvdata/graphics-egl-headless.xml b/tests/qemuxml2argvdata/graphics-egl-headless.xml
new file mode 100644
index 0000000000..7b001cd2eb
--- /dev/null
+++ b/tests/qemuxml2argvdata/graphics-egl-headless.xml
@@ -0,0 +1,31 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219100</memory>
+ <currentMemory unit='KiB'>219100</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-i686</emulator>
+ <disk type='block' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source dev='/dev/HostVG/QEMUGuest1'/>
+ <target dev='hda' bus='ide'/>
+ <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+ </disk>
+ <controller type='usb' index='0'/>
+ <controller type='ide' index='0'/>
+ <controller type='pci' index='0' model='pci-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <graphics type='egl-headless'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvdata/graphics-sdl-egl-headless.xml b/tests/qemuxml2argvdata/graphics-sdl-egl-headless.xml
new file mode 100644
index 0000000000..955dfeb3c2
--- /dev/null
+++ b/tests/qemuxml2argvdata/graphics-sdl-egl-headless.xml
@@ -0,0 +1,35 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-i686</emulator>
+ <disk type='block' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source dev='/dev/HostVG/QEMUGuest1'/>
+ <target dev='hda' bus='ide'/>
+ <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+ </disk>
+ <controller type='usb' index='0'/>
+ <controller type='ide' index='0'/>
+ <controller type='pci' index='0' model='pci-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <graphics type='sdl' display=':0.1' xauth='/root/.Xauthority'/>
+ <graphics type='egl-headless'/>
+ <video>
+ <model type='vga' vram='16384' heads='1'/>
+ </video>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvdata/graphics-spice-egl-headless.args b/tests/qemuxml2argvdata/graphics-spice-egl-headless.args
new file mode 100644
index 0000000000..4886ee05f6
--- /dev/null
+++ b/tests/qemuxml2argvdata/graphics-spice-egl-headless.args
@@ -0,0 +1,31 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/home/test \
+USER=test \
+LOGNAME=test \
+QEMU_AUDIO_DRV=spice \
+/usr/bin/qemu-system-i686 \
+-name QEMUGuest1 \
+-S \
+-machine pc,accel=tcg,usb=off,dump-guest-core=off \
+-m 214 \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,path=/tmp/lib/domain--1-QEMUGuest1/monitor.sock,\
+server,nowait \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-no-acpi \
+-boot c \
+-usb \
+-drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-ide0-0-0 \
+-device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 \
+-spice port=5903,addr=127.0.0.1 \
+-display egl-headless \
+-vga qxl \
+-global qxl-vga.ram_size=67108864 \
+-global qxl-vga.vram_size=33554432 \
+-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3
diff --git a/tests/qemuxml2argvdata/graphics-spice-egl-headless.xml b/tests/qemuxml2argvdata/graphics-spice-egl-headless.xml
new file mode 100644
index 0000000000..fafae13a0f
--- /dev/null
+++ b/tests/qemuxml2argvdata/graphics-spice-egl-headless.xml
@@ -0,0 +1,36 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-i686</emulator>
+ <disk type='block' device='disk'>
+ <source dev='/dev/HostVG/QEMUGuest1'/>
+ <target dev='hda' bus='ide'/>
+ <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+ </disk>
+ <controller type='usb' index='0'/>
+ <controller type='ide' index='0'/>
+ <controller type='pci' index='0' model='pci-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <graphics type='spice' port='5903' autoport='no' listen='127.0.0.1'>
+ <listen type='address' address='127.0.0.1'/>
+ </graphics>
+ <graphics type='egl-headless'/>
+ <video>
+ <model type='qxl' ram='65536' vram='32768' vgamem='8192' heads='1'/>
+ </video>
+ <memballoon model='virtio'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvdata/graphics-spice-invalid-egl-headless.xml b/tests/qemuxml2argvdata/graphics-spice-invalid-egl-headless.xml
new file mode 100644
index 0000000000..25ae61cef6
--- /dev/null
+++ b/tests/qemuxml2argvdata/graphics-spice-invalid-egl-headless.xml
@@ -0,0 +1,37 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-i686</emulator>
+ <disk type='block' device='disk'>
+ <source dev='/dev/HostVG/QEMUGuest1'/>
+ <target dev='hda' bus='ide'/>
+ <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+ </disk>
+ <controller type='usb' index='0'/>
+ <controller type='ide' index='0'/>
+ <controller type='pci' index='0' model='pci-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <graphics type='spice'>
+ <listen type='none'/>
+ <gl enable='yes'/>
+ </graphics>
+ <graphics type='egl-headless'/>
+ <video>
+ <model type='qxl' ram='65536' vram='32768' vgamem='8192' heads='1'/>
+ </video>
+ <memballoon model='virtio'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvdata/graphics-vnc-egl-headless.args b/tests/qemuxml2argvdata/graphics-vnc-egl-headless.args
new file mode 100644
index 0000000000..2d2b3cf0fb
--- /dev/null
+++ b/tests/qemuxml2argvdata/graphics-vnc-egl-headless.args
@@ -0,0 +1,28 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/home/test \
+USER=test \
+LOGNAME=test \
+QEMU_AUDIO_DRV=none \
+/usr/bin/qemu-system-i686 \
+-name QEMUGuest1 \
+-S \
+-machine pc,accel=tcg,usb=off,dump-guest-core=off \
+-m 214 \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,path=/tmp/lib/domain--1-QEMUGuest1/monitor.sock,\
+server,nowait \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-no-acpi \
+-boot c \
+-usb \
+-drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-ide0-0-0 \
+-device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 \
+-vnc '[2001:1:2:3:4:5:1234:1234]:3' \
+-display egl-headless \
+-vga cirrus
diff --git a/tests/qemuxml2argvdata/graphics-vnc-egl-headless.xml b/tests/qemuxml2argvdata/graphics-vnc-egl-headless.xml
new file mode 100644
index 0000000000..570cf2e50f
--- /dev/null
+++ b/tests/qemuxml2argvdata/graphics-vnc-egl-headless.xml
@@ -0,0 +1,37 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219100</memory>
+ <currentMemory unit='KiB'>219100</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-i686</emulator>
+ <disk type='block' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source dev='/dev/HostVG/QEMUGuest1'/>
+ <target dev='hda' bus='ide'/>
+ <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+ </disk>
+ <controller type='usb' index='0'/>
+ <controller type='ide' index='0'/>
+ <controller type='pci' index='0' model='pci-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <graphics type='vnc' port='5903' autoport='no' listen='2001:1:2:3:4:5:1234:1234'>
+ <listen type='address' address='2001:1:2:3:4:5:1234:1234'/>
+ </graphics>
+ <graphics type='egl-headless'/>
+ <video>
+ <model type='cirrus' vram='16384' heads='1'/>
+ </video>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 3be5af03aa..848e40440a 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1167,6 +1167,10 @@ mymain(void)
DO_TEST_PARSE_ERROR("disk-scsi-incompatible-address",
QEMU_CAPS_VIRTIO_SCSI);
+ DO_TEST("graphics-egl-headless",
+ QEMU_CAPS_EGL_HEADLESS,
+ QEMU_CAPS_DEVICE_CIRRUS_VGA);
+
DO_TEST("graphics-vnc", QEMU_CAPS_VNC, QEMU_CAPS_DEVICE_CIRRUS_VGA);
DO_TEST("graphics-vnc-socket", QEMU_CAPS_VNC, QEMU_CAPS_DEVICE_CIRRUS_VGA);
DO_TEST("graphics-vnc-websocket", QEMU_CAPS_VNC, QEMU_CAPS_VNC_WEBSOCKET,
@@ -1198,9 +1202,14 @@ mymain(void)
driver.config->vncSASL = driver.config->vncTLSx509verify = driver.config->vncTLS = 0;
VIR_FREE(driver.config->vncSASLdir);
VIR_FREE(driver.config->vncTLSx509certdir);
+ DO_TEST("graphics-vnc-egl-headless",
+ QEMU_CAPS_VNC,
+ QEMU_CAPS_EGL_HEADLESS,
+ QEMU_CAPS_DEVICE_CIRRUS_VGA);
DO_TEST("graphics-sdl",
QEMU_CAPS_DEVICE_VGA);
+ DO_TEST_FAILURE("graphics-sdl-egl-headless", NONE);
DO_TEST("graphics-sdl-fullscreen",
QEMU_CAPS_DEVICE_CIRRUS_VGA);
DO_TEST("graphics-spice",
@@ -1255,6 +1264,14 @@ mymain(void)
QEMU_CAPS_SPICE_UNIX,
QEMU_CAPS_DEVICE_CIRRUS_VGA);
driver.config->spiceAutoUnixSocket = false;
+ DO_TEST("graphics-spice-egl-headless",
+ QEMU_CAPS_SPICE,
+ QEMU_CAPS_EGL_HEADLESS,
+ QEMU_CAPS_DEVICE_QXL);
+ DO_TEST_FAILURE("graphics-spice-invalid-egl-headless",
+ QEMU_CAPS_SPICE,
+ QEMU_CAPS_EGL_HEADLESS,
+ QEMU_CAPS_DEVICE_QXL);
DO_TEST("input-usbmouse", NONE);
DO_TEST("input-usbtablet", NONE);
diff --git a/tests/qemuxml2xmloutdata/graphics-spice-egl-headless.xml b/tests/qemuxml2xmloutdata/graphics-spice-egl-headless.xml
new file mode 100644
index 0000000000..6d96264914
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/graphics-spice-egl-headless.xml
@@ -0,0 +1,44 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-i686</emulator>
+ <disk type='block' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source dev='/dev/HostVG/QEMUGuest1'/>
+ <target dev='hda' bus='ide'/>
+ <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+ </disk>
+ <controller type='usb' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
+ </controller>
+ <controller type='ide' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
+ </controller>
+ <controller type='pci' index='0' model='pci-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <graphics type='spice' port='5903' autoport='no' listen='127.0.0.1'>
+ <listen type='address' address='127.0.0.1'/>
+ </graphics>
+ <graphics type='egl-headless'/>
+ <video>
+ <model type='qxl' ram='65536' vram='32768' vgamem='8192' heads='1' primary='yes'/>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
+ </video>
+ <memballoon model='virtio'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
+ </memballoon>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2xmloutdata/graphics-vnc-egl-headless.xml b/tests/qemuxml2xmloutdata/graphics-vnc-egl-headless.xml
new file mode 100644
index 0000000000..4155c10397
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/graphics-vnc-egl-headless.xml
@@ -0,0 +1,42 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219100</memory>
+ <currentMemory unit='KiB'>219100</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-i686</emulator>
+ <disk type='block' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source dev='/dev/HostVG/QEMUGuest1'/>
+ <target dev='hda' bus='ide'/>
+ <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+ </disk>
+ <controller type='usb' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
+ </controller>
+ <controller type='ide' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
+ </controller>
+ <controller type='pci' index='0' model='pci-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <graphics type='vnc' port='5903' autoport='no' listen='2001:1:2:3:4:5:1234:1234'>
+ <listen type='address' address='2001:1:2:3:4:5:1234:1234'/>
+ </graphics>
+ <graphics type='egl-headless'/>
+ <video>
+ <model type='cirrus' vram='16384' heads='1' primary='yes'/>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
+ </video>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index bbb995656e..fa57221d62 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -417,6 +417,7 @@ mymain(void)
cfg->vncAutoUnixSocket = false;
DO_TEST("graphics-vnc-socket", NONE);
DO_TEST("graphics-vnc-auto-socket", NONE);
+ DO_TEST("graphics-vnc-egl-headless", NONE);
DO_TEST("graphics-sdl", NONE);
DO_TEST("graphics-sdl-fullscreen", NONE);
@@ -428,6 +429,7 @@ mymain(void)
cfg->spiceAutoUnixSocket = true;
DO_TEST("graphics-spice-auto-socket-cfg", NONE);
cfg->spiceAutoUnixSocket = false;
+ DO_TEST("graphics-spice-egl-headless", NONE);
DO_TEST("input-usbmouse", NONE);
DO_TEST("input-usbtablet", NONE);
--
2.18.0

121
SOURCES/libvirt-qemu-Map-running-reason-to-resume-event-detail.patch Normal file
View File

@ -0,0 +1,121 @@
From 281b3fe785078497e4bb3156fe4da9af91f204c2 Mon Sep 17 00:00:00 2001
Message-Id: <281b3fe785078497e4bb3156fe4da9af91f204c2@dist-git>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Tue, 11 Sep 2018 15:13:08 +0200
Subject: [PATCH] qemu: Map running reason to resume event detail
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Thanks to the previous commit the RESUME event handler knows what reason
should be used when changing the domain state to VIR_DOMAIN_RUNNING, but
the emitted VIR_DOMAIN_EVENT_RESUMED event still uses a generic
VIR_DOMAIN_EVENT_RESUMED_UNPAUSED detail. Luckily, the event detail can
be easily deduced from the running reason, which saves us from having to
pass one more value to the handler.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
(cherry picked from commit 8ae9b49f5a4a02f57a1dfa20d4fe04c3d40a4665)
https://bugzilla.redhat.com/show_bug.cgi?id=1634758
https://bugzilla.redhat.com/show_bug.cgi?id=1634759
Conflicts:
src/qemu/qemu_domain.c
src/qemu/qemu_domain.h
- nodenames code is not backported
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/qemu/qemu_domain.c | 29 +++++++++++++++++++++++++++++
src/qemu/qemu_domain.h | 3 +++
src/qemu/qemu_process.c | 11 +++++++----
3 files changed, 39 insertions(+), 4 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 17be6e5537..d80f9b393e 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -13149,3 +13149,32 @@ qemuDomainGetManagedPRSocketPath(qemuDomainObjPrivatePtr priv)
return ret;
}
+
+
+virDomainEventResumedDetailType
+qemuDomainRunningReasonToResumeEvent(virDomainRunningReason reason)
+{
+ switch (reason) {
+ case VIR_DOMAIN_RUNNING_RESTORED:
+ case VIR_DOMAIN_RUNNING_FROM_SNAPSHOT:
+ return VIR_DOMAIN_EVENT_RESUMED_FROM_SNAPSHOT;
+
+ case VIR_DOMAIN_RUNNING_MIGRATED:
+ case VIR_DOMAIN_RUNNING_MIGRATION_CANCELED:
+ return VIR_DOMAIN_EVENT_RESUMED_MIGRATED;
+
+ case VIR_DOMAIN_RUNNING_POSTCOPY:
+ return VIR_DOMAIN_EVENT_RESUMED_POSTCOPY;
+
+ case VIR_DOMAIN_RUNNING_UNKNOWN:
+ case VIR_DOMAIN_RUNNING_SAVE_CANCELED:
+ case VIR_DOMAIN_RUNNING_BOOTED:
+ case VIR_DOMAIN_RUNNING_UNPAUSED:
+ case VIR_DOMAIN_RUNNING_WAKEUP:
+ case VIR_DOMAIN_RUNNING_CRASHED:
+ case VIR_DOMAIN_RUNNING_LAST:
+ break;
+ }
+
+ return VIR_DOMAIN_EVENT_RESUMED_UNPAUSED;
+}
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index 6a96f27a5f..cc406e3ca0 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -1066,4 +1066,7 @@ qemuDomainDiskCachemodeFlags(int cachemode,
char * qemuDomainGetManagedPRSocketPath(qemuDomainObjPrivatePtr priv);
+virDomainEventResumedDetailType
+qemuDomainRunningReasonToResumeEvent(virDomainRunningReason reason);
+
#endif /* __QEMU_DOMAIN_H__ */
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 7325bc4c90..37568165b7 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -694,6 +694,7 @@ qemuProcessHandleResume(qemuMonitorPtr mon ATTRIBUTE_UNUSED,
virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
qemuDomainObjPrivatePtr priv;
virDomainRunningReason reason = VIR_DOMAIN_RUNNING_UNPAUSED;
+ virDomainEventResumedDetailType eventDetail;
virObjectLock(vm);
@@ -709,14 +710,16 @@ qemuProcessHandleResume(qemuMonitorPtr mon ATTRIBUTE_UNUSED,
goto unlock;
}
+ eventDetail = qemuDomainRunningReasonToResumeEvent(reason);
VIR_DEBUG("Transitioned guest %s out of paused into resumed state, "
- "reason '%s'",
- vm->def->name, virDomainRunningReasonTypeToString(reason));
+ "reason '%s', event detail %d",
+ vm->def->name, virDomainRunningReasonTypeToString(reason),
+ eventDetail);
virDomainObjSetState(vm, VIR_DOMAIN_RUNNING, reason);
event = virDomainEventLifecycleNewFromObj(vm,
- VIR_DOMAIN_EVENT_RESUMED,
- VIR_DOMAIN_EVENT_RESUMED_UNPAUSED);
+ VIR_DOMAIN_EVENT_RESUMED,
+ eventDetail);
if (virDomainSaveStatus(driver->xmlopt, cfg->stateDir, vm, driver->caps) < 0) {
VIR_WARN("Unable to save status on vm %s after state change",
--
2.19.1

123
SOURCES/libvirt-qemu-Pass-running-reason-to-RESUME-event-handler.patch Normal file
View File

@ -0,0 +1,123 @@
From a2e308060512eb7d4ee00f7baddb7394d6e9e4e6 Mon Sep 17 00:00:00 2001
Message-Id: <a2e308060512eb7d4ee00f7baddb7394d6e9e4e6@dist-git>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Mon, 10 Sep 2018 19:41:53 +0200
Subject: [PATCH] qemu: Pass running reason to RESUME event handler
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Whenever we get the RESUME event from QEMU, we change the state of the
affected domain to VIR_DOMAIN_RUNNING with VIR_DOMAIN_RUNNING_UNPAUSED
reason. This is fine if the domain is resumed unexpectedly, but when we
sent "cont" to QEMU we usually have a better reason for the state
change. The better reason is used in qemuProcessStartCPUs which also
sets the domain state to running if qemuMonitorStartCPUs reports
success. Thus we may end up with two state updates in a row, but the
final reason is correct.
This patch is a preparation for dropping the state change done in
qemuMonitorStartCPUs for which we need to pass the actual running reason
to the RESUME event handler and use it there instead of
VIR_DOMAIN_RUNNING_UNPAUSED.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
(cherry picked from commit 5dab984ed0cd0332e59d719420ab2f9d009b952f)
https://bugzilla.redhat.com/show_bug.cgi?id=1634758
https://bugzilla.redhat.com/show_bug.cgi?id=1634759
Conflicts:
src/qemu/qemu_domain.h
- nodenames code is not backported
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/qemu/qemu_domain.h | 4 ++++
src/qemu/qemu_process.c | 23 +++++++++++++++++------
2 files changed, 21 insertions(+), 6 deletions(-)
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index e748d78adb..6a96f27a5f 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -363,6 +363,10 @@ struct _qemuDomainObjPrivate {
/* true if qemu-pr-helper process is running for the domain */
bool prDaemonRunning;
+
+ /* qemuProcessStartCPUs stores the reason for starting vCPUs here for the
+ * RESUME event handler to use it */
+ virDomainRunningReason runningReason;
};
# define QEMU_DOMAIN_PRIVATE(vm) \
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 26979faa72..7325bc4c90 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -692,21 +692,28 @@ qemuProcessHandleResume(qemuMonitorPtr mon ATTRIBUTE_UNUSED,
virQEMUDriverPtr driver = opaque;
virObjectEventPtr event = NULL;
virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
+ qemuDomainObjPrivatePtr priv;
+ virDomainRunningReason reason = VIR_DOMAIN_RUNNING_UNPAUSED;
virObjectLock(vm);
- if (virDomainObjGetState(vm, NULL) == VIR_DOMAIN_PAUSED) {
- qemuDomainObjPrivatePtr priv = vm->privateData;
+ priv = vm->privateData;
+ if (priv->runningReason != VIR_DOMAIN_RUNNING_UNKNOWN) {
+ reason = priv->runningReason;
+ priv->runningReason = VIR_DOMAIN_RUNNING_UNKNOWN;
+ }
+
+ if (virDomainObjGetState(vm, NULL) == VIR_DOMAIN_PAUSED) {
if (priv->gotShutdown) {
VIR_DEBUG("Ignoring RESUME event after SHUTDOWN");
goto unlock;
}
- VIR_DEBUG("Transitioned guest %s out of paused into resumed state",
- vm->def->name);
+ VIR_DEBUG("Transitioned guest %s out of paused into resumed state, "
+ "reason '%s'",
+ vm->def->name, virDomainRunningReasonTypeToString(reason));
- virDomainObjSetState(vm, VIR_DOMAIN_RUNNING,
- VIR_DOMAIN_RUNNING_UNPAUSED);
+ virDomainObjSetState(vm, VIR_DOMAIN_RUNNING, reason);
event = virDomainEventLifecycleNewFromObj(vm,
VIR_DOMAIN_EVENT_RESUMED,
VIR_DOMAIN_EVENT_RESUMED_UNPAUSED);
@@ -3051,6 +3058,8 @@ qemuProcessStartCPUs(virQEMUDriverPtr driver, virDomainObjPtr vm,
}
VIR_FREE(priv->lockState);
+ priv->runningReason = reason;
+
if (qemuDomainObjEnterMonitorAsync(driver, vm, asyncJob) < 0)
goto release;
@@ -3068,6 +3077,7 @@ qemuProcessStartCPUs(virQEMUDriverPtr driver, virDomainObjPtr vm,
return ret;
release:
+ priv->runningReason = VIR_DOMAIN_RUNNING_UNKNOWN;
if (virDomainLockProcessPause(driver->lockManager, vm, &priv->lockState) < 0)
VIR_WARN("Unable to release lease on %s", vm->def->name);
VIR_DEBUG("Preserving lock state '%s'", NULLSTR(priv->lockState));
@@ -5928,6 +5938,7 @@ qemuProcessPrepareDomain(virQEMUDriverPtr driver,
priv->monError = false;
priv->monStart = 0;
priv->gotShutdown = false;
+ priv->runningReason = VIR_DOMAIN_RUNNING_UNKNOWN;
VIR_DEBUG("Updating guest CPU definition");
if (qemuProcessUpdateGuestCPU(vm->def, priv->qemuCaps, caps, flags) < 0)
--
2.19.1

42
SOURCES/libvirt-qemu-Properly-report-VIR_DOMAIN_EVENT_RESUMED_FROM_SNAPSHOT.patch Normal file
View File

@ -0,0 +1,42 @@
From 330e6224d11cbdef798c36ee5244f3b17d95d7cf Mon Sep 17 00:00:00 2001
Message-Id: <330e6224d11cbdef798c36ee5244f3b17d95d7cf@dist-git>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Mon, 10 Sep 2018 15:10:54 +0200
Subject: [PATCH] qemu: Properly report VIR_DOMAIN_EVENT_RESUMED_FROM_SNAPSHOT
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
VIR_DOMAIN_EVENT_RESUMED_FROM_SNAPSHOT was defined but not used anywhere
in our event generation code. This fixes qemuDomainRevertToSnapshot to
properly report why the domain was resumed.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
(cherry picked from commit 55af06187c48a01192764d8638b85739b0178fe0)
https://bugzilla.redhat.com/show_bug.cgi?id=1634758
https://bugzilla.redhat.com/show_bug.cgi?id=1634759
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/qemu/qemu_driver.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index f85248e3c7..ec1a43d41d 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -16323,7 +16323,7 @@ qemuDomainRevertToSnapshot(virDomainSnapshotPtr snapshot,
detail);
} else if (!was_running) {
/* Transition 8 */
- detail = VIR_DOMAIN_EVENT_RESUMED;
+ detail = VIR_DOMAIN_EVENT_RESUMED_FROM_SNAPSHOT;
event = virDomainEventLifecycleNewFromObj(vm,
VIR_DOMAIN_EVENT_RESUMED,
detail);
--
2.19.1

48
SOURCES/libvirt-qemu-Remove-duplicated-qemuAgentCheckError.patch Normal file
View File

@ -0,0 +1,48 @@
From c39dd7dec2fe7ab631de9ef02a1d654385810750 Mon Sep 17 00:00:00 2001
Message-Id: <c39dd7dec2fe7ab631de9ef02a1d654385810750@dist-git>
From: John Ferlan <jferlan@redhat.com>
Date: Thu, 10 Jan 2019 12:49:10 +0100
Subject: [PATCH] qemu: Remove duplicated qemuAgentCheckError
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Commit 5b3492fadb moved qemuAgentCheckError calls into
qemuAgentCommand for various reasons; however, subsequent
commit 0977b8aa0 adding a new command made call again
So let's just remove the duplicitous call from
qemuAgentGetInterfaces.
Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 9ed175fbc2deecfdaeabca7bc77c7e7ae33a3377)
Signed-off-by: Ján Tomko <jtomko@redhat.com>
7.7: https://bugzilla.redhat.com/show_bug.cgi?id=1663051
8.0: https://bugzilla.redhat.com/show_bug.cgi?id=1665000
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_agent.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c
index 10c6ef09fa..986e37b07d 100644
--- a/src/qemu/qemu_agent.c
+++ b/src/qemu/qemu_agent.c
@@ -1987,10 +1987,9 @@ qemuAgentGetInterfaces(qemuAgentPtr mon,
if (!(cmd = qemuAgentMakeCommand("guest-network-get-interfaces", NULL)))
goto cleanup;
- if (qemuAgentCommand(mon, cmd, &reply, false, VIR_DOMAIN_QEMU_AGENT_COMMAND_BLOCK) < 0 ||
- qemuAgentCheckError(cmd, reply) < 0) {
+ if (qemuAgentCommand(mon, cmd, &reply, false,
+ VIR_DOMAIN_QEMU_AGENT_COMMAND_BLOCK) < 0)
goto cleanup;
- }
if (!(ret_array = virJSONValueObjectGet(reply, "return"))) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
--
2.20.1

157
SOURCES/libvirt-qemu-Remove-unused-bypassSecurityDriver-from-qemuOpenFileAs.patch Normal file
View File

@ -0,0 +1,157 @@
From 81f9a452639c8f910f9a73fa6687834332bc9c7e Mon Sep 17 00:00:00 2001
Message-Id: <81f9a452639c8f910f9a73fa6687834332bc9c7e@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Wed, 25 Jul 2018 08:27:09 +0200
Subject: [PATCH] qemu: Remove unused bypassSecurityDriver from qemuOpenFileAs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
https://bugzilla.redhat.com/show_bug.cgi?id=1589115
This argument is not used anymore. The only function that is
passing non-NULL (qemuDomainSaveMemory) does not actually care
for the value (after 23087cfdb) and every other caller just
passes NULL anyway.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
(cherry picked from commit 8677a476c7e5cbf7b344329d54d0b1a2d666ffc3)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/qemu/qemu_driver.c | 32 +++++++++-----------------------
1 file changed, 9 insertions(+), 23 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 3158f217fa..e8a595f17e 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -152,7 +152,7 @@ static int qemuDomainManagedSaveLoad(virDomainObjPtr vm,
static int qemuOpenFileAs(uid_t fallback_uid, gid_t fallback_gid,
bool dynamicOwnership,
const char *path, int oflags,
- bool *needUnlink, bool *bypassSecurityDriver);
+ bool *needUnlink);
static int qemuGetDHCPInterfaces(virDomainPtr dom,
virDomainObjPtr vm,
@@ -2984,9 +2984,6 @@ qemuCompressGetCommand(virQEMUSaveFormat compression)
* @path: path to file to open
* @oflags: flags for opening/creation of the file
* @needUnlink: set to true if file was created by this function
- * @bypassSecurityDriver: optional pointer to a boolean that will be set to true
- * if security driver operations are pointless (due to
- * NFS mount)
*
* Internal function to properly create or open existing files, with
* ownership affected by qemu driver setup and domain DAC label.
@@ -3001,8 +2998,7 @@ qemuOpenFile(virQEMUDriverPtr driver,
virDomainObjPtr vm,
const char *path,
int oflags,
- bool *needUnlink,
- bool *bypassSecurityDriver)
+ bool *needUnlink)
{
int ret = -1;
virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
@@ -3021,7 +3017,7 @@ qemuOpenFile(virQEMUDriverPtr driver,
goto cleanup;
ret = qemuOpenFileAs(user, group, dynamicOwnership,
- path, oflags, needUnlink, bypassSecurityDriver);
+ path, oflags, needUnlink);
cleanup:
return ret;
@@ -3031,12 +3027,11 @@ static int
qemuOpenFileAs(uid_t fallback_uid, gid_t fallback_gid,
bool dynamicOwnership,
const char *path, int oflags,
- bool *needUnlink, bool *bypassSecurityDriver)
+ bool *needUnlink)
{
struct stat sb;
bool is_reg = true;
bool need_unlink = false;
- bool bypass_security = false;
unsigned int vfoflags = 0;
int fd = -1;
int path_shared = virFileIsSharedFS(path);
@@ -3134,19 +3129,11 @@ qemuOpenFileAs(uid_t fallback_uid, gid_t fallback_gid,
path);
goto cleanup;
}
-
- /* Since we had to setuid to create the file, and the fstype
- is NFS, we assume it's a root-squashing NFS share, and that
- the security driver stuff would have failed anyway */
-
- bypass_security = true;
}
}
cleanup:
if (needUnlink)
*needUnlink = need_unlink;
- if (bypassSecurityDriver)
- *bypassSecurityDriver = bypass_security;
return fd;
error:
@@ -3198,7 +3185,6 @@ qemuDomainSaveMemory(virQEMUDriverPtr driver,
unsigned int flags,
qemuDomainAsyncJob asyncJob)
{
- bool bypassSecurityDriver = false;
bool needUnlink = false;
int ret = -1;
int fd = -1;
@@ -3218,7 +3204,7 @@ qemuDomainSaveMemory(virQEMUDriverPtr driver,
}
fd = qemuOpenFile(driver, vm, path,
O_WRONLY | O_TRUNC | O_CREAT | directFlag,
- &needUnlink, &bypassSecurityDriver);
+ &needUnlink);
if (fd < 0)
goto cleanup;
@@ -3249,7 +3235,7 @@ qemuDomainSaveMemory(virQEMUDriverPtr driver,
if (qemuFileWrapperFDClose(vm, wrapperFd) < 0)
goto cleanup;
- if ((fd = qemuOpenFile(driver, vm, path, O_WRONLY, NULL, NULL)) < 0 ||
+ if ((fd = qemuOpenFile(driver, vm, path, O_WRONLY, NULL)) < 0 ||
virQEMUSaveDataFinish(data, &fd, path) < 0)
goto cleanup;
@@ -3809,7 +3795,7 @@ doCoreDump(virQEMUDriverPtr driver,
* created. */
if ((fd = qemuOpenFile(driver, vm, path,
O_CREAT | O_TRUNC | O_WRONLY | directFlag,
- NULL, NULL)) < 0)
+ NULL)) < 0)
goto cleanup;
if (!(wrapperFd = virFileWrapperFdNew(&fd, path, flags)))
@@ -6436,7 +6422,7 @@ qemuDomainSaveImageOpen(virQEMUDriverPtr driver,
if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
goto error;
- if ((fd = qemuOpenFile(driver, NULL, path, oflags, NULL, NULL)) < 0)
+ if ((fd = qemuOpenFile(driver, NULL, path, oflags, NULL)) < 0)
goto error;
if (bypass_cache &&
!(*wrapperFd = virFileWrapperFdNew(&fd, path,
@@ -11880,7 +11866,7 @@ qemuDomainStorageOpenStat(virQEMUDriverPtr driver,
{
if (virStorageSourceIsLocalStorage(src)) {
if ((*ret_fd = qemuOpenFile(driver, vm, src->path, O_RDONLY,
- NULL, NULL)) < 0)
+ NULL)) < 0)
return -1;
if (fstat(*ret_fd, ret_sb) < 0) {
--
2.18.0

61
SOURCES/libvirt-qemu-Report-more-appropriate-running-reasons.patch Normal file
View File

@ -0,0 +1,61 @@
From d9922630f62b27e5fea978e2b0903ab0f72d88d4 Mon Sep 17 00:00:00 2001
Message-Id: <d9922630f62b27e5fea978e2b0903ab0f72d88d4@dist-git>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Tue, 11 Sep 2018 19:26:07 +0200
Subject: [PATCH] qemu: Report more appropriate running reasons
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This patch replaces some rather generic VIR_DOMAIN_RUNNING_UNPAUSED
reasons when changing domain state to running with more specific ones.
All of them are done when libvirtd reconnects to an existing domain
after being restarted and sees an unfinished migration or save.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
(cherry picked from commit 54b5b0ac3945ad5417b67bec8443cf6e7b3d482b)
https://bugzilla.redhat.com/show_bug.cgi?id=1634758
https://bugzilla.redhat.com/show_bug.cgi?id=1634759
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/qemu/qemu_process.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index a4b1f97df5..26979faa72 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -3247,7 +3247,7 @@ qemuProcessRecoverMigrationIn(virQEMUDriverPtr driver,
VIR_DEBUG("Incoming migration finished, resuming domain %s",
vm->def->name);
if (qemuProcessStartCPUs(driver, vm,
- VIR_DOMAIN_RUNNING_UNPAUSED,
+ VIR_DOMAIN_RUNNING_MIGRATED,
QEMU_ASYNC_JOB_NONE) < 0) {
VIR_WARN("Could not resume domain %s", vm->def->name);
}
@@ -3354,7 +3354,7 @@ qemuProcessRecoverMigrationOut(virQEMUDriverPtr driver,
(reason == VIR_DOMAIN_PAUSED_MIGRATION ||
reason == VIR_DOMAIN_PAUSED_UNKNOWN)) {
if (qemuProcessStartCPUs(driver, vm,
- VIR_DOMAIN_RUNNING_UNPAUSED,
+ VIR_DOMAIN_RUNNING_MIGRATION_CANCELED,
QEMU_ASYNC_JOB_NONE) < 0) {
VIR_WARN("Could not resume domain %s", vm->def->name);
}
@@ -3412,7 +3412,7 @@ qemuProcessRecoverJob(virQEMUDriverPtr driver,
reason == VIR_DOMAIN_PAUSED_MIGRATION)) ||
reason == VIR_DOMAIN_PAUSED_UNKNOWN)) {
if (qemuProcessStartCPUs(driver, vm,
- VIR_DOMAIN_RUNNING_UNPAUSED,
+ VIR_DOMAIN_RUNNING_SAVE_CANCELED,
QEMU_ASYNC_JOB_NONE) < 0) {
VIR_WARN("Could not resume domain '%s' after migration to file",
vm->def->name);
--
2.19.1

94
SOURCES/libvirt-qemu-Set-identity-for-the-reconnect-all-thread.patch Normal file
View File

@ -0,0 +1,94 @@
From 4df55f75bf523e3c1964198299713bdfa85fbad2 Mon Sep 17 00:00:00 2001
Message-Id: <4df55f75bf523e3c1964198299713bdfa85fbad2@dist-git>
From: John Ferlan <jferlan@redhat.com>
Date: Wed, 14 Nov 2018 14:41:31 -0500
Subject: [PATCH] qemu: Set identity for the reconnect all thread
https://bugzilla.redhat.com/show_bug.cgi?id=1648546 (RHEL8)
https://bugzilla.redhat.com/show_bug.cgi?id=1631622 (RHEL7)
If polkit authentication is enabled, an attempt to open
the connection failed during virAccessDriverPolkitGetCaller
when the call to virIdentityGetCurrent returned NULL resulting
in the errors:
virAccessDriverPolkitGetCaller:87 : access denied:
Policy kit denied action org.libvirt.api.connect.getattr from <anonymous>
Because qemuProcessReconnect runs in a thread during
daemonRunStateInit processing it doesn't have the thread
local identity. Thus when the virGetConnectNWFilter is
called as part of the qemuProcessFiltersInstantiate when
virDomainConfNWFilterInstantiate is run the attempt to get
the idenity fails and results in the anonymous error above.
To fix this, let's grab/use the virIdenityPtr of the process
that will be creating the thread, e.g. what daemonRunStateInit
has set and use that for our thread. That way any other similar
processing that uses/requires an identity for any other call
that would have previously been successfully run won't fail in
a similar manner.
Signed-off-by: John Ferlan <jferlan@redhat.com>
(cherry picked from commit b04b82f8cb671f067bad2d5e922acf88f13f0934)
Reviewed-by: Erik Skultety <eskultet@redhat.com>
---
src/qemu/qemu_process.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 8ba14abfa4..4b99fbd835 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -81,6 +81,7 @@
#include "netdev_bandwidth_conf.h"
#include "virresctrl.h"
#include "virvsock.h"
+#include "viridentity.h"
#define VIR_FROM_THIS VIR_FROM_QEMU
@@ -7609,6 +7610,7 @@ qemuProcessRefreshCPU(virQEMUDriverPtr driver,
struct qemuProcessReconnectData {
virQEMUDriverPtr driver;
virDomainObjPtr obj;
+ virIdentityPtr identity;
};
/*
* Open an existing VM's monitor, re-detect VCPU threads
@@ -7645,6 +7647,8 @@ qemuProcessReconnect(void *opaque)
virCapsPtr caps = NULL;
bool retry = true;
+ virIdentitySetCurrent(data->identity);
+ virObjectUnref(data->identity);
VIR_FREE(data);
qemuDomainObjRestoreJob(obj, &oldjob);
@@ -7865,6 +7869,7 @@ qemuProcessReconnect(void *opaque)
virObjectUnref(cfg);
virObjectUnref(caps);
virNWFilterUnlockFilterUpdates();
+ virIdentitySetCurrent(NULL);
return;
error:
@@ -7902,6 +7907,7 @@ qemuProcessReconnectHelper(virDomainObjPtr obj,
memcpy(data, src, sizeof(*data));
data->obj = obj;
+ data->identity = virIdentityGetCurrent();
virNWFilterReadLockFilterUpdates();
@@ -7925,6 +7931,7 @@ qemuProcessReconnectHelper(virDomainObjPtr obj,
virDomainObjEndAPI(&obj);
virNWFilterUnlockFilterUpdates();
+ virObjectUnref(data->identity);
VIR_FREE(data);
return -1;
}
--
2.19.2

275
SOURCES/libvirt-qemu-Wire-up-PR_MANAGER_STATUS_CHANGED-event.patch Normal file
View File

@ -0,0 +1,275 @@
From 89bfdeacefd0160080ab98a41109c75db6d5e913 Mon Sep 17 00:00:00 2001
Message-Id: <89bfdeacefd0160080ab98a41109c75db6d5e913@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Wed, 11 Jul 2018 17:27:26 +0200
Subject: [PATCH] qemu: Wire up PR_MANAGER_STATUS_CHANGED event
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
https://bugzilla.redhat.com/show_bug.cgi?id=1470007
This event is emitted on the monitor if one of pr-managers lost
connection to its pr-helper process. What libvirt needs to do is
restart the pr-helper process iff it corresponds to managed
pr-manager.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 6fbda83330293ed8bec1ea9e3ba7273c4ee2b9e2)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/qemu/qemu_domain.c | 1 +
src/qemu/qemu_domain.h | 1 +
src/qemu/qemu_driver.c | 17 +++++++++++
src/qemu/qemu_monitor.c | 15 ++++++++++
src/qemu/qemu_monitor.h | 11 ++++++++
src/qemu/qemu_monitor_json.c | 23 +++++++++++++++
src/qemu/qemu_process.c | 55 ++++++++++++++++++++++++++++++++++++
7 files changed, 123 insertions(+)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index cfecbaca74..dec057e021 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -12979,6 +12979,7 @@ qemuProcessEventFree(struct qemuProcessEvent *event)
case QEMU_PROCESS_EVENT_MONITOR_EOF:
VIR_FREE(event->data);
break;
+ case QEMU_PROCESS_EVENT_PR_DISCONNECT:
case QEMU_PROCESS_EVENT_LAST:
break;
}
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index 30d186a921..e748d78adb 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -477,6 +477,7 @@ typedef enum {
QEMU_PROCESS_EVENT_SERIAL_CHANGED,
QEMU_PROCESS_EVENT_BLOCK_JOB,
QEMU_PROCESS_EVENT_MONITOR_EOF,
+ QEMU_PROCESS_EVENT_PR_DISCONNECT,
QEMU_PROCESS_EVENT_LAST
} qemuProcessEventType;
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 825b2b27e6..868ef9d406 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -4792,6 +4792,20 @@ processMonitorEOFEvent(virQEMUDriverPtr driver,
}
+static void
+processPRDisconnectEvent(virDomainObjPtr vm)
+{
+ qemuDomainObjPrivatePtr priv = vm->privateData;
+
+ if (!virDomainObjIsActive(vm))
+ return;
+
+ if (!priv->prDaemonRunning &&
+ virDomainDefHasManagedPR(vm->def))
+ qemuProcessStartManagedPRDaemon(vm);
+}
+
+
static void qemuProcessEventHandler(void *data, void *opaque)
{
struct qemuProcessEvent *processEvent = data;
@@ -4829,6 +4843,9 @@ static void qemuProcessEventHandler(void *data, void *opaque)
case QEMU_PROCESS_EVENT_MONITOR_EOF:
processMonitorEOFEvent(driver, vm);
break;
+ case QEMU_PROCESS_EVENT_PR_DISCONNECT:
+ processPRDisconnectEvent(vm);
+ break;
case QEMU_PROCESS_EVENT_LAST:
break;
}
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index ae5b23b9fc..86b2b6e985 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -1669,6 +1669,21 @@ qemuMonitorEmitDumpCompleted(qemuMonitorPtr mon,
}
+int
+qemuMonitorEmitPRManagerStatusChanged(qemuMonitorPtr mon,
+ const char *prManager,
+ bool connected)
+{
+ int ret = -1;
+ VIR_DEBUG("mon=%p, prManager='%s', connected=%d", mon, prManager, connected);
+
+ QEMU_MONITOR_CALLBACK(mon, ret, domainPRManagerStatusChanged,
+ mon->vm, prManager, connected);
+
+ return ret;
+}
+
+
int
qemuMonitorSetCapabilities(qemuMonitorPtr mon)
{
diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
index e8adda8aa0..a906bc8410 100644
--- a/src/qemu/qemu_monitor.h
+++ b/src/qemu/qemu_monitor.h
@@ -273,6 +273,12 @@ typedef int (*qemuMonitorDomainDumpCompletedCallback)(qemuMonitorPtr mon,
const char *error,
void *opaque);
+typedef int (*qemuMonitorDomainPRManagerStatusChangedCallback)(qemuMonitorPtr mon,
+ virDomainObjPtr vm,
+ const char *prManager,
+ bool connected,
+ void *opaque);
+
typedef struct _qemuMonitorCallbacks qemuMonitorCallbacks;
typedef qemuMonitorCallbacks *qemuMonitorCallbacksPtr;
struct _qemuMonitorCallbacks {
@@ -305,6 +311,7 @@ struct _qemuMonitorCallbacks {
qemuMonitorDomainAcpiOstInfoCallback domainAcpiOstInfo;
qemuMonitorDomainBlockThresholdCallback domainBlockThreshold;
qemuMonitorDomainDumpCompletedCallback domainDumpCompleted;
+ qemuMonitorDomainPRManagerStatusChangedCallback domainPRManagerStatusChanged;
};
char *qemuMonitorEscapeArg(const char *in);
@@ -433,6 +440,10 @@ int qemuMonitorEmitDumpCompleted(qemuMonitorPtr mon,
qemuMonitorDumpStatsPtr stats,
const char *error);
+int qemuMonitorEmitPRManagerStatusChanged(qemuMonitorPtr mon,
+ const char *prManager,
+ bool connected);
+
int qemuMonitorStartCPUs(qemuMonitorPtr mon);
int qemuMonitorStopCPUs(qemuMonitorPtr mon);
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index 3e90279b71..03c94cd88b 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -91,6 +91,7 @@ static void qemuMonitorJSONHandleMigrationPass(qemuMonitorPtr mon, virJSONValueP
static void qemuMonitorJSONHandleAcpiOstInfo(qemuMonitorPtr mon, virJSONValuePtr data);
static void qemuMonitorJSONHandleBlockThreshold(qemuMonitorPtr mon, virJSONValuePtr data);
static void qemuMonitorJSONHandleDumpCompleted(qemuMonitorPtr mon, virJSONValuePtr data);
+static void qemuMonitorJSONHandlePRManagerStatusChanged(qemuMonitorPtr mon, virJSONValuePtr data);
typedef struct {
const char *type;
@@ -113,6 +114,7 @@ static qemuEventHandler eventHandlers[] = {
{ "MIGRATION_PASS", qemuMonitorJSONHandleMigrationPass, },
{ "NIC_RX_FILTER_CHANGED", qemuMonitorJSONHandleNicRxFilterChanged, },
{ "POWERDOWN", qemuMonitorJSONHandlePowerdown, },
+ { "PR_MANAGER_STATUS_CHANGED", qemuMonitorJSONHandlePRManagerStatusChanged, },
{ "RESET", qemuMonitorJSONHandleReset, },
{ "RESUME", qemuMonitorJSONHandleResume, },
{ "RTC_CHANGE", qemuMonitorJSONHandleRTCChange, },
@@ -1297,6 +1299,27 @@ qemuMonitorJSONHandleDumpCompleted(qemuMonitorPtr mon,
}
+static void qemuMonitorJSONHandlePRManagerStatusChanged(qemuMonitorPtr mon,
+ virJSONValuePtr data)
+{
+ const char *name;
+ bool connected;
+
+ if (!(name = virJSONValueObjectGetString(data, "id"))) {
+ VIR_WARN("missing pr-manager alias in PR_MANAGER_STATUS_CHANGED event");
+ return;
+ }
+
+ if (virJSONValueObjectGetBoolean(data, "connected", &connected) < 0) {
+ VIR_WARN("missing connected state for %s "
+ "in PR_MANAGER_STATUS_CHANGED event", name);
+ return;
+ }
+
+ qemuMonitorEmitPRManagerStatusChanged(mon, name, connected);
+}
+
+
int
qemuMonitorJSONHumanCommandWithFd(qemuMonitorPtr mon,
const char *cmd_str,
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index f200729cb1..fbc8529f3b 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -1615,6 +1615,60 @@ qemuProcessHandleDumpCompleted(qemuMonitorPtr mon ATTRIBUTE_UNUSED,
}
+static int
+qemuProcessHandlePRManagerStatusChanged(qemuMonitorPtr mon ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm,
+ const char *prManager,
+ bool connected,
+ void *opaque)
+{
+ virQEMUDriverPtr driver = opaque;
+ qemuDomainObjPrivatePtr priv;
+ struct qemuProcessEvent *processEvent = NULL;
+ const char *managedAlias = qemuDomainGetManagedPRAlias();
+ int ret = -1;
+
+ virObjectLock(vm);
+
+ VIR_DEBUG("pr-manager %s status changed for domain %p %s connected=%d",
+ prManager, vm, vm->def->name, connected);
+
+ if (connected) {
+ /* Connect events are boring. */
+ ret = 0;
+ goto cleanup;
+ }
+ /* Disconnect events are more interesting. */
+
+ if (STRNEQ(prManager, managedAlias)) {
+ VIR_DEBUG("pr-manager %s not managed, ignoring event",
+ prManager);
+ ret = 0;
+ goto cleanup;
+ }
+
+ priv = vm->privateData;
+ priv->prDaemonRunning = false;
+
+ if (VIR_ALLOC(processEvent) < 0)
+ goto cleanup;
+
+ processEvent->eventType = QEMU_PROCESS_EVENT_PR_DISCONNECT;
+ processEvent->vm = virObjectRef(vm);
+
+ if (virThreadPoolSendJob(driver->workerPool, 0, processEvent) < 0) {
+ qemuProcessEventFree(processEvent);
+ virObjectUnref(vm);
+ goto cleanup;
+ }
+
+ ret = 0;
+ cleanup:
+ virObjectUnlock(vm);
+ return ret;
+}
+
+
static qemuMonitorCallbacks monitorCallbacks = {
.eofNotify = qemuProcessHandleMonitorEOF,
.errorNotify = qemuProcessHandleMonitorError,
@@ -1643,6 +1697,7 @@ static qemuMonitorCallbacks monitorCallbacks = {
.domainAcpiOstInfo = qemuProcessHandleAcpiOstInfo,
.domainBlockThreshold = qemuProcessHandleBlockThreshold,
.domainDumpCompleted = qemuProcessHandleDumpCompleted,
+ .domainPRManagerStatusChanged = qemuProcessHandlePRManagerStatusChanged,
};
static void
--
2.18.0

58
SOURCES/libvirt-qemu-add-vfio-ap-capability.patch Normal file
View File

@ -0,0 +1,58 @@
From 393120dca767f8a8dc5b60a46dd2c6124208e4df Mon Sep 17 00:00:00 2001
Message-Id: <393120dca767f8a8dc5b60a46dd2c6124208e4df@dist-git>
From: Boris Fiuczynski <fiuczy@linux.ibm.com>
Date: Fri, 30 Nov 2018 15:49:23 +0100
Subject: [PATCH] qemu: add vfio-ap capability
Introduce vfio-ap capability.
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Chris Venteicher <cventeic@redhat.com>
(cherry picked from commit dc788d254017d51c6a3ccb5e5c9663ce82a4683b)
https://bugzilla.redhat.com/show_bug.cgi?id=1508146
Signed-off-by: Pino Toscano <ptoscano@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_capabilities.c | 2 ++
src/qemu/qemu_capabilities.h | 1 +
2 files changed, 3 insertions(+)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 5fd10c2d40..feef102874 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -507,6 +507,7 @@ VIR_ENUM_IMPL(virQEMUCaps, QEMU_CAPS_LAST,
/* 315 */
"vfio-pci.display",
+ "vfio-ap",
);
@@ -1145,6 +1146,7 @@ struct virQEMUCapsStringFlags virQEMUCapsObjectTypes[] = {
{ "vhost-vsock-device", QEMU_CAPS_DEVICE_VHOST_VSOCK },
{ "mch", QEMU_CAPS_DEVICE_MCH },
{ "sev-guest", QEMU_CAPS_SEV_GUEST },
+ { "vfio-ap", QEMU_CAPS_DEVICE_VFIO_AP },
};
static struct virQEMUCapsStringFlags virQEMUCapsDevicePropsVirtioBalloon[] = {
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 6acd9fe825..1a9e5386a8 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -491,6 +491,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */
/* 315 */
QEMU_CAPS_VFIO_PCI_DISPLAY, /* -device vfio-pci.display */
+ QEMU_CAPS_DEVICE_VFIO_AP, /* -device vfio-ap */
QEMU_CAPS_LAST /* this must always be the last item */
} virQEMUCapsFlags;
--
2.19.2

52
SOURCES/libvirt-qemu-address-Handle-all-the-video-devices-within-a-single-loop.patch Normal file
View File

@ -0,0 +1,52 @@
From 9743e1100067451a20fe1373c1d3b828f416320b Mon Sep 17 00:00:00 2001
Message-Id: <9743e1100067451a20fe1373c1d3b828f416320b@dist-git>
From: Erik Skultety <eskultet@redhat.com>
Date: Thu, 19 Jul 2018 15:03:50 +0200
Subject: [PATCH] qemu: address: Handle all the video devices within a single
loop
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Since 133fb140 moved the validation of a video device into a separate
function, the code handling PCI slot assignment for video devices has
been the same for both the primary device and the secondary devices.
Let's merge these and thus handle all the devices within the existing
'for' loop.
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
(cherry picked from commit 3e90bd67a215adcb997b8c2be5d1d6b83251409f)
https://bugzilla.redhat.com/show_bug.cgi?id=1475770
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/qemu/qemu_domain_address.c | 10 ++--------
1 file changed, 2 insertions(+), 8 deletions(-)
diff --git a/src/qemu/qemu_domain_address.c b/src/qemu/qemu_domain_address.c
index e9f460d77a..ab2ac022f1 100644
--- a/src/qemu/qemu_domain_address.c
+++ b/src/qemu/qemu_domain_address.c
@@ -2103,15 +2103,9 @@ qemuDomainAssignDevicePCISlots(virDomainDefPtr def,
goto error;
}
- /* Assign a PCI slot to the primary video card if there is not an
- * assigned address. */
- if (def->nvideos > 0 &&
- virDeviceInfoPCIAddressWanted(&def->videos[0]->info)) {
- if (qemuDomainPCIAddressReserveNextAddr(addrs, &def->videos[0]->info) < 0)
- goto error;
- }
+ /* Video devices */
+ for (i = 0; i < def->nvideos; i++) {
- for (i = 1; i < def->nvideos; i++) {
if (!virDeviceInfoPCIAddressWanted(&def->videos[i]->info))
continue;
--
2.18.0

73
SOURCES/libvirt-qemu-capabilities-Add-capability-for-werror-rerror-for-usb-device-frontend.patch Normal file
View File

@ -0,0 +1,73 @@
From 81505bfde8f4acf9b94a1c6dc010d707dcd49b6a Mon Sep 17 00:00:00 2001
Message-Id: <81505bfde8f4acf9b94a1c6dc010d707dcd49b6a@dist-git>
From: Peter Krempa <pkrempa@redhat.com>
Date: Thu, 19 Jul 2018 15:03:48 +0200
Subject: [PATCH] qemu: capabilities: Add capability for werror/rerror for
'usb-device' frontend
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Support for specifying it with the -device frontend was added recently.
Add a capability for it.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit a087a8e60ad62a719165e3c2c9970480b9531062)
https://bugzilla.redhat.com/show_bug.cgi?id=1475770
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/qemu/qemu_capabilities.c | 2 ++
src/qemu/qemu_capabilities.h | 1 +
tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml | 1 +
3 files changed, 4 insertions(+)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index c7da916f9a..23b483349f 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -502,6 +502,7 @@ VIR_ENUM_IMPL(virQEMUCaps, QEMU_CAPS_LAST,
"sev-guest",
"machine.pseries.cap-hpt-max-page-size",
"machine.pseries.cap-htm",
+ "usb-storage.werror",
);
@@ -1240,6 +1241,7 @@ static struct virQEMUCapsStringFlags virQEMUCapsDevicePropsUSBStorage[] = {
{ "removable", QEMU_CAPS_USB_STORAGE_REMOVABLE },
{ "share-rw", QEMU_CAPS_DISK_SHARE_RW },
{ "write-cache", QEMU_CAPS_DISK_WRITE_CACHE },
+ { "werror", QEMU_CAPS_USB_STORAGE_WERROR },
};
static struct virQEMUCapsStringFlags virQEMUCapsDevicePropsKVMPit[] = {
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index a048a1cf02..1fa0ebfea3 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -486,6 +486,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */
QEMU_CAPS_SEV_GUEST, /* -object sev-guest,... */
QEMU_CAPS_MACHINE_PSERIES_CAP_HPT_MAX_PAGE_SIZE, /* -machine pseries.cap-hpt-max-page-size */
QEMU_CAPS_MACHINE_PSERIES_CAP_HTM, /* -machine pseries.cap-htm */
+ QEMU_CAPS_USB_STORAGE_WERROR, /* -device usb-storage,werror=..,rerror=.. */
QEMU_CAPS_LAST /* this must always be the last item */
} virQEMUCapsFlags;
diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml
index 07e3de8677..d7c25c65dd 100644
--- a/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml
@@ -209,6 +209,7 @@
<flag name='mch'/>
<flag name='mch.extended-tseg-mbytes'/>
<flag name='sev-guest'/>
+ <flag name='usb-storage.werror'/>
<version>2012050</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>437827</microcodeVersion>
--
2.18.0

142
SOURCES/libvirt-qemu-caps-Add-vfio-pci.display-capability.patch Normal file
View File

@ -0,0 +1,142 @@
From 93a2ea36d65b36b542b1a96f16ea0ef271baad37 Mon Sep 17 00:00:00 2001
Message-Id: <93a2ea36d65b36b542b1a96f16ea0ef271baad37@dist-git>
From: Erik Skultety <eskultet@redhat.com>
Date: Thu, 19 Jul 2018 15:03:59 +0200
Subject: [PATCH] qemu: caps: Add vfio-pci.display capability
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
QEMU 2.12 introduced a new vfio-pci device option 'display=on/off/auto'.
This patch introduces the necessary capability.
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 11c7bdac6dbe8659c2f8bf7a35b97288b0acb207)
https://bugzilla.redhat.com/show_bug.cgi?id=1475770
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/qemu/qemu_capabilities.c | 4 ++++
src/qemu/qemu_capabilities.h | 3 +++
tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml | 1 +
tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml | 1 +
tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml | 1 +
8 files changed, 13 insertions(+)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index df358f8967..0fb800589a 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -504,6 +504,9 @@ VIR_ENUM_IMPL(virQEMUCaps, QEMU_CAPS_LAST,
"machine.pseries.cap-htm",
"usb-storage.werror",
"egl-headless",
+
+ /* 315 */
+ "vfio-pci.display",
);
@@ -1197,6 +1200,7 @@ static struct virQEMUCapsStringFlags virQEMUCapsDevicePropsPCIAssign[] = {
static struct virQEMUCapsStringFlags virQEMUCapsDevicePropsVfioPCI[] = {
{ "bootindex", QEMU_CAPS_VFIO_PCI_BOOTINDEX },
+ { "display", QEMU_CAPS_VFIO_PCI_DISPLAY },
};
static struct virQEMUCapsStringFlags virQEMUCapsDevicePropsSCSIDisk[] = {
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 55221e7e57..9e8ad5f5c3 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -489,6 +489,9 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */
QEMU_CAPS_USB_STORAGE_WERROR, /* -device usb-storage,werror=..,rerror=.. */
QEMU_CAPS_EGL_HEADLESS, /* -display egl-headless */
+ /* 315 */
+ QEMU_CAPS_VFIO_PCI_DISPLAY, /* -device vfio-pci.display */
+
QEMU_CAPS_LAST /* this must always be the last item */
} virQEMUCapsFlags;
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml b/tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml
index 80e7afec04..0cc6327573 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml
@@ -170,6 +170,7 @@
<flag name='chardev-fd-pass'/>
<flag name='tpm-emulator'/>
<flag name='egl-headless'/>
+ <flag name='vfio-pci.display'/>
<version>2011090</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>347550</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml b/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml
index c4b09c0003..a88da6193e 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml
@@ -168,6 +168,7 @@
<flag name='tpm-emulator'/>
<flag name='machine.pseries.cap-htm'/>
<flag name='egl-headless'/>
+ <flag name='vfio-pci.display'/>
<version>2011090</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>428334</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml b/tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml
index 1ff2fe45e1..7121da27a0 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml
@@ -134,6 +134,7 @@
<flag name='chardev-fd-pass'/>
<flag name='tpm-emulator'/>
<flag name='egl-headless'/>
+ <flag name='vfio-pci.display'/>
<version>2012000</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>375999</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml
index 37d17786cf..78889facce 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml
@@ -212,6 +212,7 @@
<flag name='mch.extended-tseg-mbytes'/>
<flag name='sev-guest'/>
<flag name='egl-headless'/>
+ <flag name='vfio-pci.display'/>
<version>2011090</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>416196</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml b/tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml
index 57bf5dba11..01bb968938 100644
--- a/tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml
@@ -168,6 +168,7 @@
<flag name='machine.pseries.cap-hpt-max-page-size'/>
<flag name='machine.pseries.cap-htm'/>
<flag name='egl-headless'/>
+ <flag name='vfio-pci.display'/>
<version>2012050</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>446771</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml
index 431910a9e3..4bc7cfeebc 100644
--- a/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml
@@ -215,6 +215,7 @@
<flag name='sev-guest'/>
<flag name='usb-storage.werror'/>
<flag name='egl-headless'/>
+ <flag name='vfio-pci.display'/>
<version>2012090</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>438109</microcodeVersion>
--
2.18.0

39
SOURCES/libvirt-qemu-caps-Don-t-try-to-ask-for-CAP_DAC_OVERRIDE-if-non-root.patch Normal file
View File

@ -0,0 +1,39 @@
From e22ab3412457f4d804ad7b0f62bd37ae07ec186d Mon Sep 17 00:00:00 2001
Message-Id: <e22ab3412457f4d804ad7b0f62bd37ae07ec186d@dist-git>
From: Peter Krempa <pkrempa@redhat.com>
Date: Tue, 5 Feb 2019 10:20:33 +0100
Subject: [PATCH] qemu: caps: Don't try to ask for CAP_DAC_OVERRIDE if non-root
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
It will not work. This breaks qemu capabilities probing as a user.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
(cherry picked from commit 620d9dd598fde388f56ac37bcd3b31168c2f9fc6)
https: //bugzilla.redhat.com/show_bug.cgi?id=1665400
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/qemu/qemu_capabilities.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index f71cd08f4d..912f758bcd 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -4482,7 +4482,8 @@ virQEMUCapsInitQMPCommandRun(virQEMUCapsInitQMPCommandPtr cmd,
#if WITH_CAPNG
/* QEMU might run into permission issues, e.g. /dev/sev (0600), override
* them just for the purpose of probing */
- virCommandAllowCap(cmd->cmd, CAP_DAC_OVERRIDE);
+ if (geteuid() == 0)
+ virCommandAllowCap(cmd->cmd, CAP_DAC_OVERRIDE);
#endif
virCommandSetGID(cmd->cmd, cmd->runGid);
--
2.20.1

238
SOURCES/libvirt-qemu-caps-Format-SEV-platform-data-into-qemuCaps-cache.patch Normal file
View File

@ -0,0 +1,238 @@
From 9f03a9e4bf2c5aad056f44ef1fe6c57eac3a7e74 Mon Sep 17 00:00:00 2001
Message-Id: <9f03a9e4bf2c5aad056f44ef1fe6c57eac3a7e74@dist-git>
From: Erik Skultety <eskultet@redhat.com>
Date: Mon, 20 Aug 2018 17:18:53 +0200
Subject: [PATCH] qemu: caps: Format SEV platform data into qemuCaps cache
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Since we're not saving the platform-specific data into a cache, we're
not going to populate the structure, which in turn will cause a crash
upon calling virNodeGetSEVInfo because of a NULL pointer dereference.
Ultimately, we should start caching this data along with host-specific
capabilities like NUMA and SELinux stuff into a separate cache, but for
the time being, this is a semi-proper fix for a potential crash.
Backtrace (requires libvirtd restart to load qemu caps from cache):
#0 qemuGetSEVInfoToParams
#1 qemuNodeGetSEVInfo
#2 virNodeGetSEVInfo
#3 remoteDispatchNodeGetSevInfo
#4 remoteDispatchNodeGetSevInfoHelper
#5 virNetServerProgramDispatchCall
#6 virNetServerProgramDispatch
#7 virNetServerProcessMsg
#8 virNetServerHandleJob
#9 virThreadPoolWorker
#10 virThreadHelper
https: //bugzilla.redhat.com/show_bug.cgi?id=1612009
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
Tested-by: Brijesh Singh <brijesh.singh@amd.com>
(cherry picked from commit 77f51ab52049734d80a8ccb79b80189c7fb95c41)
https://bugzilla.redhat.com/show_bug.cgi?id=1612009
https://bugzilla.redhat.com/show_bug.cgi?id=1619150
Amend:
- fixed the VIR_AUTOPTR bits which downstream doesn't support
and wouldn't compile
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/qemu/qemu_capabilities.c | 109 ++++++++++++++++++
.../qemu_2.12.0.x86_64.xml | 5 +-
.../caps_2.12.0.x86_64.xml | 6 +
3 files changed, 119 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 55024ad735..1321696d11 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -1572,6 +1572,30 @@ virQEMUCapsHostCPUDataClear(virQEMUCapsHostCPUDataPtr cpuData)
}
+static int
+virQEMUCapsSEVInfoCopy(virSEVCapabilityPtr *dst,
+ virSEVCapabilityPtr src)
+{
+ int ret = -1;
+ virSEVCapabilityPtr tmp = NULL;
+
+ if (VIR_ALLOC(tmp) < 0 ||
+ VIR_STRDUP(tmp->pdh, src->pdh) < 0 ||
+ VIR_STRDUP(tmp->cert_chain, src->cert_chain) < 0)
+ goto cleanup;
+
+ tmp->cbitpos = src->cbitpos;
+ tmp->reduced_phys_bits = src->reduced_phys_bits;
+
+ VIR_STEAL_PTR(*dst, tmp);
+
+ ret = 0;
+ cleanup:
+ virSEVCapabilitiesFree(tmp);
+ return ret;
+}
+
+
virQEMUCapsPtr virQEMUCapsNewCopy(virQEMUCapsPtr qemuCaps)
{
virQEMUCapsPtr ret = virQEMUCapsNew();
@@ -1634,6 +1658,11 @@ virQEMUCapsPtr virQEMUCapsNewCopy(virQEMUCapsPtr qemuCaps)
for (i = 0; i < qemuCaps->ngicCapabilities; i++)
ret->gicCapabilities[i] = qemuCaps->gicCapabilities[i];
+ if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST) &&
+ virQEMUCapsSEVInfoCopy(&ret->sevCapabilities,
+ qemuCaps->sevCapabilities) < 0)
+ goto error;
+
return ret;
error:
@@ -3272,6 +3301,62 @@ virQEMUCapsCachePrivFree(void *privData)
}
+static int
+virQEMUCapsParseSEVInfo(virQEMUCapsPtr qemuCaps, xmlXPathContextPtr ctxt)
+{
+ int ret = -1;
+ virSEVCapabilityPtr sev = NULL;
+
+ if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST))
+ return 0;
+
+ if (virXPathBoolean("boolean(./sev)", ctxt) == 0) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("missing SEV platform data in QEMU "
+ "capabilities cache"));
+ return -1;
+ }
+
+ if (VIR_ALLOC(sev) < 0)
+ return -1;
+
+ if (virXPathUInt("string(./sev/cbitpos)", ctxt, &sev->cbitpos) < 0) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("missing or malformed SEV cbitpos information "
+ "in QEMU capabilities cache"));
+ goto cleanup;
+ }
+
+ if (virXPathUInt("string(./sev/reducedPhysBits)", ctxt,
+ &sev->reduced_phys_bits) < 0) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("missing or malformed SEV reducedPhysBits information "
+ "in QEMU capabilities cache"));
+ goto cleanup;
+ }
+
+ if (!(sev->pdh = virXPathString("string(./sev/pdh)", ctxt))) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("missing SEV pdh information "
+ "in QEMU capabilities cache"));
+ goto cleanup;
+ }
+
+ if (!(sev->cert_chain = virXPathString("string(./sev/certChain)", ctxt))) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("missing SEV certChain information "
+ "in QEMU capabilities cache"));
+ goto cleanup;
+ }
+
+ VIR_STEAL_PTR(qemuCaps->sevCapabilities, sev);
+ ret = 0;
+ cleanup:
+ virSEVCapabilitiesFree(sev);
+ return ret;
+}
+
+
/*
* Parsing a doc that looks like
*
@@ -3520,6 +3605,9 @@ virQEMUCapsLoadCache(virArch hostArch,
}
VIR_FREE(nodes);
+ if (virQEMUCapsParseSEVInfo(qemuCaps, ctxt) < 0)
+ goto cleanup;
+
virQEMUCapsInitHostCPUModel(qemuCaps, hostArch, VIR_DOMAIN_VIRT_KVM);
virQEMUCapsInitHostCPUModel(qemuCaps, hostArch, VIR_DOMAIN_VIRT_QEMU);
@@ -3637,6 +3725,24 @@ virQEMUCapsFormatCPUModels(virQEMUCapsPtr qemuCaps,
}
+static void
+virQEMUCapsFormatSEVInfo(virQEMUCapsPtr qemuCaps, virBufferPtr buf)
+{
+ virSEVCapabilityPtr sev = virQEMUCapsGetSEVCapabilities(qemuCaps);
+
+ virBufferAddLit(buf, "<sev>\n");
+ virBufferAdjustIndent(buf, 2);
+ virBufferAsprintf(buf, "<cbitpos>%u</cbitpos>\n", sev->cbitpos);
+ virBufferAsprintf(buf, "<reducedPhysBits>%u</reducedPhysBits>\n",
+ sev->reduced_phys_bits);
+ virBufferEscapeString(buf, "<pdh>%s</pdh>\n", sev->pdh);
+ virBufferEscapeString(buf, "<certChain>%s</certChain>\n",
+ sev->cert_chain);
+ virBufferAdjustIndent(buf, -2);
+ virBufferAddLit(buf, "</sev>\n");
+}
+
+
char *
virQEMUCapsFormatCache(virQEMUCapsPtr qemuCaps)
{
@@ -3718,6 +3824,9 @@ virQEMUCapsFormatCache(virQEMUCapsPtr qemuCaps)
emulated ? "yes" : "no");
}
+ if (qemuCaps->sevCapabilities)
+ virQEMUCapsFormatSEVInfo(qemuCaps, &buf);
+
virBufferAdjustIndent(&buf, -2);
virBufferAddLit(&buf, "</qemuCaps>\n");
diff --git a/tests/domaincapsschemadata/qemu_2.12.0.x86_64.xml b/tests/domaincapsschemadata/qemu_2.12.0.x86_64.xml
index 7a1be4c093..a8d6a4d629 100644
--- a/tests/domaincapsschemadata/qemu_2.12.0.x86_64.xml
+++ b/tests/domaincapsschemadata/qemu_2.12.0.x86_64.xml
@@ -142,6 +142,9 @@
<gic supported='no'/>
<vmcoreinfo supported='yes'/>
<genid supported='yes'/>
- <sev supported='no'/>
+ <sev supported='yes'>
+ <cbitpos>47</cbitpos>
+ <reducedPhysBits>1</reducedPhysBits>
+ </sev>
</features>
</domainCapabilities>
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml
index 78889facce..f0dc082640 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml
@@ -1254,4 +1254,10 @@
<machine name='pc-0.11' hotplugCpus='yes' maxCpus='255'/>
<machine name='pc-0.12' hotplugCpus='yes' maxCpus='255'/>
<machine name='pc-0.10' hotplugCpus='yes' maxCpus='255'/>
+ <sev>
+ <cbitpos>47</cbitpos>
+ <reducedPhysBits>1</reducedPhysBits>
+ <pdh>AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA</pdh>
+ <certChain>AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA</certChain>
+ </sev>
</qemuCaps>
--
2.18.0

223
SOURCES/libvirt-qemu-caps-Introduce-a-capability-for-egl-headless.patch Normal file
View File

@ -0,0 +1,223 @@
From 4628d3e178430d418703f39e86d63e22a6af209f Mon Sep 17 00:00:00 2001
Message-Id: <4628d3e178430d418703f39e86d63e22a6af209f@dist-git>
From: Erik Skultety <eskultet@redhat.com>
Date: Thu, 19 Jul 2018 15:03:57 +0200
Subject: [PATCH] qemu: caps: Introduce a capability for egl-headless
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Since QEMU 2.10, it's possible to use a new type of display -
egl-headless which uses drm nodes to provide OpenGL support. This patch
adds a capability for that. However, since QEMU doesn't provide a QMP
command to probe it, we have to base the capability on specific QEMU
version.
Acked-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Erik Skultety <eskultet@redhat.com>
(cherry picked from commit 7ab7d0ed49d8501198b33c655cc646667d333f8c)
https://bugzilla.redhat.com/show_bug.cgi?id=1475770
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/qemu/qemu_capabilities.c | 6 ++++++
src/qemu/qemu_capabilities.h | 1 +
tests/qemucapabilitiesdata/caps_2.10.0.aarch64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.10.0.ppc64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.10.0.s390x.xml | 1 +
tests/qemucapabilitiesdata/caps_2.10.0.x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml | 1 +
tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml | 1 +
tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml | 1 +
tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml | 1 +
14 files changed, 19 insertions(+)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 23b483349f..df358f8967 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -503,6 +503,7 @@ VIR_ENUM_IMPL(virQEMUCaps, QEMU_CAPS_LAST,
"machine.pseries.cap-hpt-max-page-size",
"machine.pseries.cap-htm",
"usb-storage.werror",
+ "egl-headless",
);
@@ -4030,6 +4031,11 @@ virQEMUCapsInitQMPMonitor(virQEMUCapsPtr qemuCaps,
virQEMUCapsSet(qemuCaps, QEMU_CAPS_MACHINE_PSERIES_RESIZE_HPT);
}
+ /* '-display egl-headless' cmdline option is supported since QEMU 2.10, but
+ * there's no way to probe it */
+ if (qemuCaps->version >= 2010000)
+ virQEMUCapsSet(qemuCaps, QEMU_CAPS_EGL_HEADLESS);
+
/* no way to query for -numa dist */
if (qemuCaps->version >= 2010000)
virQEMUCapsSet(qemuCaps, QEMU_CAPS_NUMA_DIST);
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 1fa0ebfea3..55221e7e57 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -487,6 +487,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */
QEMU_CAPS_MACHINE_PSERIES_CAP_HPT_MAX_PAGE_SIZE, /* -machine pseries.cap-hpt-max-page-size */
QEMU_CAPS_MACHINE_PSERIES_CAP_HTM, /* -machine pseries.cap-htm */
QEMU_CAPS_USB_STORAGE_WERROR, /* -device usb-storage,werror=..,rerror=.. */
+ QEMU_CAPS_EGL_HEADLESS, /* -display egl-headless */
QEMU_CAPS_LAST /* this must always be the last item */
} virQEMUCapsFlags;
diff --git a/tests/qemucapabilitiesdata/caps_2.10.0.aarch64.xml b/tests/qemucapabilitiesdata/caps_2.10.0.aarch64.xml
index 169641063c..a70e050765 100644
--- a/tests/qemucapabilitiesdata/caps_2.10.0.aarch64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.10.0.aarch64.xml
@@ -159,6 +159,7 @@
<flag name='hda-output'/>
<flag name='blockdev-del'/>
<flag name='vhost-vsock'/>
+ <flag name='egl-headless'/>
<version>2010000</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>307647</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_2.10.0.ppc64.xml b/tests/qemucapabilitiesdata/caps_2.10.0.ppc64.xml
index 92c095abd2..72709905d8 100644
--- a/tests/qemucapabilitiesdata/caps_2.10.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.10.0.ppc64.xml
@@ -158,6 +158,7 @@
<flag name='hda-output'/>
<flag name='blockdev-del'/>
<flag name='vhost-vsock'/>
+ <flag name='egl-headless'/>
<version>2010000</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>386992</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_2.10.0.s390x.xml b/tests/qemucapabilitiesdata/caps_2.10.0.s390x.xml
index 5e22e21224..7347f5683f 100644
--- a/tests/qemucapabilitiesdata/caps_2.10.0.s390x.xml
+++ b/tests/qemucapabilitiesdata/caps_2.10.0.s390x.xml
@@ -119,6 +119,7 @@
<flag name='sdl-gl'/>
<flag name='blockdev-del'/>
<flag name='vhost-vsock'/>
+ <flag name='egl-headless'/>
<version>2010000</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>307899</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_2.10.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_2.10.0.x86_64.xml
index 10b066bff1..d69a148cd2 100644
--- a/tests/qemucapabilitiesdata/caps_2.10.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.10.0.x86_64.xml
@@ -203,6 +203,7 @@
<flag name='vmgenid'/>
<flag name='vhost-vsock'/>
<flag name='mch'/>
+ <flag name='egl-headless'/>
<version>2010000</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>367995</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml b/tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml
index 6ca2e57ef8..b359f9a049 100644
--- a/tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml
+++ b/tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml
@@ -126,6 +126,7 @@
<flag name='blockdev-del'/>
<flag name='vhost-vsock'/>
<flag name='tpm-emulator'/>
+ <flag name='egl-headless'/>
<version>2011000</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>346751</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml
index c52e44a498..210f774c4e 100644
--- a/tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml
@@ -207,6 +207,7 @@
<flag name='tpm-emulator'/>
<flag name='mch'/>
<flag name='mch.extended-tseg-mbytes'/>
+ <flag name='egl-headless'/>
<version>2011000</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>371455</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml b/tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml
index ecc029f403..80e7afec04 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml
@@ -169,6 +169,7 @@
<flag name='vhost-vsock'/>
<flag name='chardev-fd-pass'/>
<flag name='tpm-emulator'/>
+ <flag name='egl-headless'/>
<version>2011090</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>347550</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml b/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml
index 7139179304..c4b09c0003 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml
@@ -167,6 +167,7 @@
<flag name='chardev-fd-pass'/>
<flag name='tpm-emulator'/>
<flag name='machine.pseries.cap-htm'/>
+ <flag name='egl-headless'/>
<version>2011090</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>428334</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml b/tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml
index 87d189e58d..1ff2fe45e1 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml
@@ -133,6 +133,7 @@
<flag name='vhost-vsock'/>
<flag name='chardev-fd-pass'/>
<flag name='tpm-emulator'/>
+ <flag name='egl-headless'/>
<version>2012000</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>375999</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml
index 9c1f6c327c..37d17786cf 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml
@@ -211,6 +211,7 @@
<flag name='mch'/>
<flag name='mch.extended-tseg-mbytes'/>
<flag name='sev-guest'/>
+ <flag name='egl-headless'/>
<version>2011090</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>416196</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml b/tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml
index 33cd00e613..57bf5dba11 100644
--- a/tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml
@@ -167,6 +167,7 @@
<flag name='tpm-emulator'/>
<flag name='machine.pseries.cap-hpt-max-page-size'/>
<flag name='machine.pseries.cap-htm'/>
+ <flag name='egl-headless'/>
<version>2012050</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>446771</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml
index cd036d9323..431910a9e3 100644
--- a/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml
@@ -214,6 +214,7 @@
<flag name='mch.extended-tseg-mbytes'/>
<flag name='sev-guest'/>
<flag name='usb-storage.werror'/>
+ <flag name='egl-headless'/>
<version>2012090</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>438109</microcodeVersion>
--
2.18.0

Some files were not shown because too many files have changed in this diff Show More