rpms/libvirt
6
0
Fork 1
Code Issues Pull Requests Releases Activity

Merge branch 'c10s' into a10s

Browse Source
This commit is contained in:
eabdullin 2024-10-21 11:57:16 +03:00
commit d5267af71a
21 changed files with 1007 additions and 1684 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

178
libvirt-Revert-network-support-setting-firewalld-zone-for-bridge-device-of-open-networks.patch Normal file
View File

@ -0,0 +1,178 @@
From b6684fe79ec6b119a1ff7ade68149bf65b127b1a Mon Sep 17 00:00:00 2001
Message-ID: <b6684fe79ec6b119a1ff7ade68149bf65b127b1a.1728560653.git.jdenemar@redhat.com>
From: Laine Stump <laine@redhat.com>
Date: Fri, 4 Oct 2024 13:46:20 -0400
Subject: [PATCH] Revert "network: support setting firewalld zone for bridge
device of open networks"
This reverts commit 1a72b83d566df952033529001b0f88a66d7f4393. That
patch had made the incorrect assumption that the firewalld zone of a
bridge would not be changed/removed when firewalld reloaded its rules
(e.g. with "killall -HUP firewalld"). It turns out my memory was
faulty, and this *does* remove the bridge interface's zone, which
results in guest networking failure after a firewalld reload, until
the virtual network is restarted.
The functionality reverted as a result of this patch reversion will be
added back in an upcoming patch that keeps the zone setting in
networkAddFirewallRules() (rather than moving it into a separate
function) so that it is called every time the network's firewall rules
are reloaded (including the reload that happens in response to a
reload notification from firewalld).
Signed-off-by: Laine Stump
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit ef760a413361a8992a3e56884a1ec09290954c71)
https://issues.redhat.com/browse/RHEL-61752
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/network/bridge_driver.c | 4 --
src/network/bridge_driver_linux.c | 61 ++++++++++++----------------
src/network/bridge_driver_nop.c | 13 ------
src/network/bridge_driver_platform.h | 2 -
4 files changed, 26 insertions(+), 54 deletions(-)
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index c9c6fcbccc..fe053f423a 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -1999,10 +1999,6 @@ networkStartNetworkVirtual(virNetworkDriverState *driver,
if (networkSetIPv6Sysctls(obj) < 0)
goto error;
- /* set the firewall zone for the bridge device on the host */
- if (networkSetBridgeZone(def) < 0)
- goto error;
-
/* Add "once per network" rules */
if (def->forward.type != VIR_NETWORK_FORWARD_OPEN &&
networkAddFirewallRules(def, cfg->firewallBackend, &fwRemoval) < 0) {
diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_linux.c
index af758d4f3d..5981e3bd19 100644
--- a/src/network/bridge_driver_linux.c
+++ b/src/network/bridge_driver_linux.c
@@ -333,8 +333,28 @@ int networkCheckRouteCollision(virNetworkDef *def)
int
-networkSetBridgeZone(virNetworkDef *def)
+networkAddFirewallRules(virNetworkDef *def,
+ virFirewallBackend firewallBackend,
+ virFirewall **fwRemoval)
{
+
+ networkSetupPrivateChains(firewallBackend, false);
+
+ if (errInitV4 &&
+ (virNetworkDefGetIPByIndex(def, AF_INET, 0) ||
+ virNetworkDefGetRouteByIndex(def, AF_INET, 0))) {
+ virSetError(errInitV4);
+ return -1;
+ }
+
+ if (errInitV6 &&
+ (virNetworkDefGetIPByIndex(def, AF_INET6, 0) ||
+ virNetworkDefGetRouteByIndex(def, AF_INET6, 0) ||
+ def->ipv6nogw)) {
+ virSetError(errInitV6);
+ return -1;
+ }
+
if (def->bridgeZone) {
/* if a firewalld zone has been specified, fail/log an error
@@ -350,14 +370,12 @@ networkSetBridgeZone(virNetworkDef *def)
if (virFirewallDInterfaceSetZone(def->bridge, def->bridgeZone) < 0)
return -1;
- } else if (def->forward.type != VIR_NETWORK_FORWARD_OPEN) {
+ } else {
- /* if firewalld is active, try to set the "libvirt" zone by
- * default (forward mode='open' networks have no zone set by
- * default, but we honor it if one is specified). This is
- * desirable (for consistency) if firewalld is using the
- * iptables backend, but is necessary (for basic network
- * connectivity) if firewalld is using the nftables backend
+ /* if firewalld is active, try to set the "libvirt" zone. This is
+ * desirable (for consistency) if firewalld is using the iptables
+ * backend, but is necessary (for basic network connectivity) if
+ * firewalld is using the nftables backend
*/
if (virFirewallDIsRegistered() == 0) {
@@ -388,33 +406,6 @@ networkSetBridgeZone(virNetworkDef *def)
}
}
- return 0;
-}
-
-
-int
-networkAddFirewallRules(virNetworkDef *def,
- virFirewallBackend firewallBackend,
- virFirewall **fwRemoval)
-{
-
- networkSetupPrivateChains(firewallBackend, false);
-
- if (errInitV4 &&
- (virNetworkDefGetIPByIndex(def, AF_INET, 0) ||
- virNetworkDefGetRouteByIndex(def, AF_INET, 0))) {
- virSetError(errInitV4);
- return -1;
- }
-
- if (errInitV6 &&
- (virNetworkDefGetIPByIndex(def, AF_INET6, 0) ||
- virNetworkDefGetRouteByIndex(def, AF_INET6, 0) ||
- def->ipv6nogw)) {
- virSetError(errInitV6);
- return -1;
- }
-
switch (firewallBackend) {
case VIR_FIREWALL_BACKEND_NONE:
virReportError(VIR_ERR_NO_SUPPORT, "%s",
diff --git a/src/network/bridge_driver_nop.c b/src/network/bridge_driver_nop.c
index 20c7a2a595..8bf3367bff 100644
--- a/src/network/bridge_driver_nop.c
+++ b/src/network/bridge_driver_nop.c
@@ -38,19 +38,6 @@ int networkCheckRouteCollision(virNetworkDef *def G_GNUC_UNUSED)
return 0;
}
-
-int
-networkSetBridgeZone(virNetworkDef *def)
-{
- if (def->bridgeZone) {
- virReportError(VIR_ERR_NO_SUPPORT, "%s",
- _("This platform does not support setting the bridge device zone"));
- return -1;
- }
- return 0;
-}
-
-
int networkAddFirewallRules(virNetworkDef *def G_GNUC_UNUSED,
virFirewallBackend firewallBackend,
virFirewall **fwRemoval G_GNUC_UNUSED)
diff --git a/src/network/bridge_driver_platform.h b/src/network/bridge_driver_platform.h
index 02abdc197f..cd2e3fa7b5 100644
--- a/src/network/bridge_driver_platform.h
+++ b/src/network/bridge_driver_platform.h
@@ -32,8 +32,6 @@ void networkPostReloadFirewallRules(bool startup);
int networkCheckRouteCollision(virNetworkDef *def);
-int networkSetBridgeZone(virNetworkDef *def);
-
int networkAddFirewallRules(virNetworkDef *def,
virFirewallBackend firewallBackend,
virFirewall **fwRemoval);
--
2.47.0

161
libvirt-Revert-network-un-set-the-firewalld-zone-while-shutting-down-a-network.patch Normal file
View File

@ -0,0 +1,161 @@
From 645dab5d9dde36dcef8527bb4aedc2b1cd007890 Mon Sep 17 00:00:00 2001
Message-ID: <645dab5d9dde36dcef8527bb4aedc2b1cd007890.1728560653.git.jdenemar@redhat.com>
From: Laine Stump <laine@redhat.com>
Date: Fri, 4 Oct 2024 13:44:32 -0400
Subject: [PATCH] Revert "network: *un*set the firewalld zone while shutting
down a network"
This reverts commit 200f60b2e12e68d618f6d59f0173bb507b678838. The same
functionality will be re-added in a different way in an upcoming patch.
Signed-off-by: Laine Stump
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit 816876f51740da8b73c2176de3a64646772218f3)
https://issues.redhat.com/browse/RHEL-61752
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/libvirt_private.syms | 1 -
src/network/bridge_driver.c | 4 ----
src/network/bridge_driver_linux.c | 14 --------------
src/network/bridge_driver_nop.c | 6 ------
src/network/bridge_driver_platform.h | 2 --
src/util/virfirewalld.c | 23 -----------------------
src/util/virfirewalld.h | 2 --
7 files changed, 52 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 02dacea857..d186dc40df 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2451,7 +2451,6 @@ virFirewallDGetPolicies;
virFirewallDGetVersion;
virFirewallDGetZones;
virFirewallDInterfaceSetZone;
-virFirewallDInterfaceUnsetZone;
virFirewallDIsRegistered;
virFirewallDPolicyExists;
virFirewallDSynchronize;
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 74ba59b4e9..c9c6fcbccc 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -2127,8 +2127,6 @@ networkStartNetworkVirtual(virNetworkDriverState *driver,
def->forward.type != VIR_NETWORK_FORWARD_OPEN)
networkRemoveFirewallRules(obj);
- networkUnsetBridgeZone(def);
-
virNetworkObjUnrefMacMap(obj);
ignore_value(virNetDevBridgeDelete(def->bridge));
@@ -2167,8 +2165,6 @@ networkShutdownNetworkVirtual(virNetworkObj *obj)
if (def->forward.type != VIR_NETWORK_FORWARD_OPEN)
networkRemoveFirewallRules(obj);
- networkUnsetBridgeZone(def);
-
ignore_value(virNetDevBridgeDelete(def->bridge));
/* See if its still alive and really really kill it */
diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_linux.c
index 3b3608c085..af758d4f3d 100644
--- a/src/network/bridge_driver_linux.c
+++ b/src/network/bridge_driver_linux.c
@@ -392,20 +392,6 @@ networkSetBridgeZone(virNetworkDef *def)
}
-void
-networkUnsetBridgeZone(virNetworkDef *def)
-{
- /* If there is a libvirt-managed bridge device remove it from any
- * zone it had been placed in as a part of deleting the bridge.
- * DO NOT CALL THIS FOR 'bridge' forward mode, since that
- * bridge is not managed by libvirt.
- */
- if (def->bridge && def->forward.type != VIR_NETWORK_FORWARD_BRIDGE
- && virFirewallDIsRegistered() == 0) {
- virFirewallDInterfaceUnsetZone(def->bridge);
- }
-}
-
int
networkAddFirewallRules(virNetworkDef *def,
virFirewallBackend firewallBackend,
diff --git a/src/network/bridge_driver_nop.c b/src/network/bridge_driver_nop.c
index 831a5a5010..20c7a2a595 100644
--- a/src/network/bridge_driver_nop.c
+++ b/src/network/bridge_driver_nop.c
@@ -51,12 +51,6 @@ networkSetBridgeZone(virNetworkDef *def)
}
-void
-networkUnsetBridgeZone(virNetworkDef *def G_GNUC_UNUSED)
-{
-}
-
-
int networkAddFirewallRules(virNetworkDef *def G_GNUC_UNUSED,
virFirewallBackend firewallBackend,
virFirewall **fwRemoval G_GNUC_UNUSED)
diff --git a/src/network/bridge_driver_platform.h b/src/network/bridge_driver_platform.h
index a0291532a1..02abdc197f 100644
--- a/src/network/bridge_driver_platform.h
+++ b/src/network/bridge_driver_platform.h
@@ -38,6 +38,4 @@ int networkAddFirewallRules(virNetworkDef *def,
virFirewallBackend firewallBackend,
virFirewall **fwRemoval);
-void networkUnsetBridgeZone(virNetworkDef *def);
-
void networkRemoveFirewallRules(virNetworkObj *obj);
diff --git a/src/util/virfirewalld.c b/src/util/virfirewalld.c
index 4aec33ac45..827e201dbb 100644
--- a/src/util/virfirewalld.c
+++ b/src/util/virfirewalld.c
@@ -449,29 +449,6 @@ virFirewallDInterfaceSetZone(const char *iface,
}
-int
-virFirewallDInterfaceUnsetZone(const char *iface)
-{
- GDBusConnection *sysbus = virGDBusGetSystemBus();
- g_autoptr(GVariant) message = NULL;
-
- if (!sysbus)
- return -1;
-
- message = g_variant_new("(ss)", "", iface);
-
- return virGDBusCallMethod(sysbus,
- NULL,
- NULL,
- NULL,
- VIR_FIREWALL_FIREWALLD_SERVICE,
- "/org/fedoraproject/FirewallD1",
- "org.fedoraproject.FirewallD1.zone",
- "removeInterface",
- message);
-}
-
-
void
virFirewallDSynchronize(void)
{
diff --git a/src/util/virfirewalld.h b/src/util/virfirewalld.h
index 0dbe66d435..0e94d3507b 100644
--- a/src/util/virfirewalld.h
+++ b/src/util/virfirewalld.h
@@ -46,6 +46,4 @@ int virFirewallDApplyRule(virFirewallLayer layer,
int virFirewallDInterfaceSetZone(const char *iface,
const char *zone);
-int virFirewallDInterfaceUnsetZone(const char *iface);
-
void virFirewallDSynchronize(void);
--
2.47.0

136
libvirt-network-a-different-implementation-of-un-setting-firewalld-zone-when-network-is-destroyed.patch Normal file
View File

@ -0,0 +1,136 @@
From e143cec8c08e42995198dc1c75fba7d3379751bd Mon Sep 17 00:00:00 2001
Message-ID: <e143cec8c08e42995198dc1c75fba7d3379751bd.1728560653.git.jdenemar@redhat.com>
From: Laine Stump <laine@redhat.com>
Date: Fri, 4 Oct 2024 18:43:02 -0400
Subject: [PATCH] network: a different implementation of *un*setting firewalld
zone when network is destroyed
(this is a remake of commit v10.7.0-78-g200f60b2e1, which was reverted
due to a regression in another patch it was dependent on. The new
implementation just adds the call to virFirewallDInterfaceUnsetZone()
into the existing networkRemoveFirewallRules() (but only if we had set
a zone when the network was first started).
Replaces: 200f60b2e12e68d618f6d59f0173bb507b678838
Resolves: https://issues.redhat.com/browse/RHEL-61576
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit c0ba3ed69d14a4b9a03475d1ba1d734b27a141f8)
https://issues.redhat.com/browse/RHEL-61752
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/libvirt_private.syms | 1 +
src/network/bridge_driver_linux.c | 30 ++++++++++++++++++++++++------
src/util/virfirewalld.c | 23 +++++++++++++++++++++++
src/util/virfirewalld.h | 2 ++
4 files changed, 50 insertions(+), 6 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index d186dc40df..02dacea857 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2451,6 +2451,7 @@ virFirewallDGetPolicies;
virFirewallDGetVersion;
virFirewallDGetZones;
virFirewallDInterfaceSetZone;
+virFirewallDInterfaceUnsetZone;
virFirewallDIsRegistered;
virFirewallDPolicyExists;
virFirewallDSynchronize;
diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_linux.c
index 8956d38ab1..6c3ec403a4 100644
--- a/src/network/bridge_driver_linux.c
+++ b/src/network/bridge_driver_linux.c
@@ -459,19 +459,37 @@ networkRemoveFirewallRules(virNetworkObj *obj)
} else {
if ((fw = virNetworkObjGetFwRemoval(obj)) == NULL) {
+
/* No information about firewall rules in the network status,
* so we assume the old iptables-based rules from 10.2.0 and
* earlier.
*/
VIR_DEBUG("No firewall info in status of network '%s', assuming old-style iptables", def->name);
iptablesRemoveFirewallRules(def);
- return;
+
+ } else {
+
+ /* fwRemoval info was stored in the network status, so use that to
+ * remove the firewall
+ */
+ VIR_DEBUG("Removing firewall rules of network '%s' using commands saved in status", def->name);
+ virFirewallApply(fw);
}
+ }
- /* fwRemoval info was stored in the network status, so use that to
- * remove the firewall
- */
- VIR_DEBUG("Removing firewall rules of network '%s' using commands saved in status", def->name);
- virFirewallApply(fw);
+ /* all forward modes could have had a zone set, even 'open' mode
+ * iff it was specified in the config. firewalld preserves the
+ * name of an interface in a zone's list even after the interface
+ * has been deleted, which is problematic if the next use of that
+ * same interface name wants *no* zone set. To avoid this, we must
+ * "unset" the zone if we set it when the network was started.
+ */
+ if (virFirewallDIsRegistered() == 0 &&
+ (def->forward.type != VIR_NETWORK_FORWARD_OPEN ||
+ def->bridgeZone)) {
+
+ VIR_DEBUG("unsetting zone for '%s' (current zone is '%s')",
+ def->bridge, def->bridgeZone);
+ virFirewallDInterfaceUnsetZone(def->bridge);
}
}
diff --git a/src/util/virfirewalld.c b/src/util/virfirewalld.c
index 827e201dbb..ca61ed5ac0 100644
--- a/src/util/virfirewalld.c
+++ b/src/util/virfirewalld.c
@@ -449,6 +449,29 @@ virFirewallDInterfaceSetZone(const char *iface,
}
+int
+virFirewallDInterfaceUnsetZone(const char *iface)
+{
+ GDBusConnection *sysbus = virGDBusGetSystemBus();
+ g_autoptr(GVariant) message = NULL;
+
+ if (!sysbus)
+ return -1;
+
+ message = g_variant_new("(ss)", "", iface);
+
+ return virGDBusCallMethod(sysbus,
+ NULL,
+ NULL,
+ NULL,
+ VIR_FIREWALL_FIREWALLD_SERVICE,
+ "/org/fedoraproject/FirewallD1",
+ "org.fedoraproject.FirewallD1.zone",
+ "removeInterface",
+ message);
+}
+
+
void
virFirewallDSynchronize(void)
{
diff --git a/src/util/virfirewalld.h b/src/util/virfirewalld.h
index 0e94d3507b..0dbe66d435 100644
--- a/src/util/virfirewalld.h
+++ b/src/util/virfirewalld.h
@@ -46,4 +46,6 @@ int virFirewallDApplyRule(virFirewallLayer layer,
int virFirewallDInterfaceSetZone(const char *iface,
const char *zone);
+int virFirewallDInterfaceUnsetZone(const char *iface);
+
void virFirewallDSynchronize(void);
--
2.47.0

171
libvirt-network-a-different-way-of-supporting-firewalld-zone-for-mode-open-networks.patch Normal file
View File

@ -0,0 +1,171 @@
From d0efb1123f1e2d4b4792e5eca8ff3d69fa9d46e7 Mon Sep 17 00:00:00 2001
Message-ID: <d0efb1123f1e2d4b4792e5eca8ff3d69fa9d46e7.1728560653.git.jdenemar@redhat.com>
From: Laine Stump <laine@redhat.com>
Date: Fri, 4 Oct 2024 18:14:36 -0400
Subject: [PATCH] network: a different way of supporting firewalld zone for
mode='open' networks
Now that networkAddFirewallRules and networkRemoveFirewallRules() are
being called for mode='open' networks, we just need to move the code
that sets the zone outside of the if (mode != ...OPEN) clause, so that
it's done for all forward modes, with the exception of setting the
implied 'libvirt*' zones, which are set when no zone is specified for
all forward modes *except* 'open'.
This was previously done in commit v10.7.0-76-g1a72b83d56, but in a
manner that caused the zone to be unset whenever firewalld reloaded
its rules. That patch was reverted, and this new better patch takes
its place.
Replaces: 1a72b83d566df952033529001b0f88a66d7f4393
Resolves: https://issues.redhat.com/browse/RHEL-61576
Re-Resolves: https://gitlab.com/libvirt/libvirt/-/issues/215
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit cb4e38d4b1e947d0718232a59f964f35ad156c74)
https://issues.redhat.com/browse/RHEL-61752
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/network/bridge_driver_linux.c | 111 ++++++++++++++++--------------
1 file changed, 60 insertions(+), 51 deletions(-)
diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_linux.c
index 31feec9c9f..8956d38ab1 100644
--- a/src/network/bridge_driver_linux.c
+++ b/src/network/bridge_driver_linux.c
@@ -337,6 +337,64 @@ networkAddFirewallRules(virNetworkDef *def,
virFirewallBackend firewallBackend,
virFirewall **fwRemoval)
{
+ /* If firewalld is running on the system, a firewalld zone is
+ * always set for the bridge device of all bridge-based managed
+ * networks of all forward modes *except* 'open', which is only
+ * set if specifically requested in the config.
+ */
+ if (def->bridgeZone) {
+
+ /* if a firewalld zone has been specified, fail/log an error
+ * if we can't honor it
+ */
+ if (virFirewallDIsRegistered() < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("zone %1$s requested for network %2$s but firewalld is not active"),
+ def->bridgeZone, def->name);
+ return -1;
+ }
+
+ if (virFirewallDInterfaceSetZone(def->bridge, def->bridgeZone) < 0)
+ return -1;
+
+ } else if (def->forward.type != VIR_NETWORK_FORWARD_OPEN) {
+
+ /* if firewalld is active, try to set the "libvirt" zone by
+ * default (forward mode='open' networks have no zone set by
+ * default, but we honor it if one is specified). This is
+ * desirable (for consistency) if firewalld is using the
+ * iptables backend, but is necessary (for basic network
+ * connectivity) if firewalld is using the nftables backend
+ */
+ if (virFirewallDIsRegistered() == 0) {
+
+ /* if the "libvirt" zone exists, then set it. If not, and
+ * if firewalld is using the nftables backend, then we
+ * need to log an error because the combination of
+ * nftables + default zone means that traffic cannot be
+ * forwarded (and even DHCP and DNS from guest to host
+ * will probably no be permitted by the default zone
+ *
+ * Routed networks use a different zone and policy which we also
+ * need to verify exist. Probing for the policy guarantees the
+ * running firewalld has support for policies (firewalld >= 0.9.0).
+ */
+ if (def->forward.type == VIR_NETWORK_FORWARD_ROUTE &&
+ virFirewallDPolicyExists("libvirt-routed-out") &&
+ virFirewallDZoneExists("libvirt-routed")) {
+ if (virFirewallDInterfaceSetZone(def->bridge, "libvirt-routed") < 0)
+ return -1;
+ } else if (virFirewallDZoneExists("libvirt")) {
+ if (virFirewallDInterfaceSetZone(def->bridge, "libvirt") < 0)
+ return -1;
+ } else {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("firewalld can't find the 'libvirt' zone that should have been installed with libvirt"));
+ return -1;
+ }
+ }
+ }
+
if (def->forward.type == VIR_NETWORK_FORWARD_OPEN) {
VIR_DEBUG("No firewall rules to add for mode='open' network '%s'", def->name);
@@ -348,6 +406,7 @@ networkAddFirewallRules(virNetworkDef *def,
def->name,
virFirewallBackendTypeToString(firewallBackend));
+ /* one-time (per system boot) initialization */
networkSetupPrivateChains(firewallBackend, false);
if (errInitV4 &&
@@ -365,57 +424,7 @@ networkAddFirewallRules(virNetworkDef *def,
return -1;
}
- if (def->bridgeZone) {
-
- /* if a firewalld zone has been specified, fail/log an error
- * if we can't honor it
- */
- if (virFirewallDIsRegistered() < 0) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("zone %1$s requested for network %2$s but firewalld is not active"),
- def->bridgeZone, def->name);
- return -1;
- }
-
- if (virFirewallDInterfaceSetZone(def->bridge, def->bridgeZone) < 0)
- return -1;
-
- } else {
-
- /* if firewalld is active, try to set the "libvirt" zone. This is
- * desirable (for consistency) if firewalld is using the iptables
- * backend, but is necessary (for basic network connectivity) if
- * firewalld is using the nftables backend
- */
- if (virFirewallDIsRegistered() == 0) {
-
- /* if the "libvirt" zone exists, then set it. If not, and
- * if firewalld is using the nftables backend, then we
- * need to log an error because the combination of
- * nftables + default zone means that traffic cannot be
- * forwarded (and even DHCP and DNS from guest to host
- * will probably no be permitted by the default zone
- *
- * Routed networks use a different zone and policy which we also
- * need to verify exist. Probing for the policy guarantees the
- * running firewalld has support for policies (firewalld >= 0.9.0).
- */
- if (def->forward.type == VIR_NETWORK_FORWARD_ROUTE &&
- virFirewallDPolicyExists("libvirt-routed-out") &&
- virFirewallDZoneExists("libvirt-routed")) {
- if (virFirewallDInterfaceSetZone(def->bridge, "libvirt-routed") < 0)
- return -1;
- } else if (virFirewallDZoneExists("libvirt")) {
- if (virFirewallDInterfaceSetZone(def->bridge, "libvirt") < 0)
- return -1;
- } else {
- virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("firewalld can't find the 'libvirt' zone that should have been installed with libvirt"));
- return -1;
- }
- }
- }
-
+ /* now actually add the rules */
switch (firewallBackend) {
case VIR_FIREWALL_BACKEND_NONE:
virReportError(VIR_ERR_NO_SUPPORT, "%s",
--
2.47.0

333
libvirt-network-call-network-Add-Remove-FirewallRules-for-forward-mode-open.patch Normal file
View File

@ -0,0 +1,333 @@
From 383ace4feee4ae610917edf8a583257a67a7d52c Mon Sep 17 00:00:00 2001
Message-ID: <383ace4feee4ae610917edf8a583257a67a7d52c.1728560653.git.jdenemar@redhat.com>
From: Laine Stump <laine@redhat.com>
Date: Fri, 4 Oct 2024 17:17:59 -0400
Subject: [PATCH] network: call network(Add|Remove)FirewallRules() for forward
mode='open'
Previously networkAddFirewallRules() and networkRemoveFirewallRules()
were only called if the forward mode was none, 'route', or 'nat', so
those functions didn't check the forward mode. Although their current
contents shouldn't be executed for forward mode='open', soon they will
have extra functionality that should be executed for all the current
forward modes and also mode='open'.
This patch modifies all places either of the functions are called to
make sure they are called for mode='open' in addition to current modes
(by either adding 'case ..._OPEN:' to the case of a switch statement,
or just removing an 'if (mode != ...OPEN)' around the calls; to
balance out for that, it puts the entirety of the contents of both
functions inside if (mode != ...OPEN) to retain current behavior. (an
upcoming patch will add code outside that if clause).
debug log messages were also added to make it easier to test that the
right thing is being done in all cases.
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit d552d810b97d478675eac830164349d8a1a35e63)
https://issues.redhat.com/browse/RHEL-61752
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/network/bridge_driver.c | 26 ++---
src/network/bridge_driver_linux.c | 175 +++++++++++++++++-------------
2 files changed, 110 insertions(+), 91 deletions(-)
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index fe053f423a..f604b2695c 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -1735,10 +1735,15 @@ networkReloadFirewallRulesHelper(virNetworkObj *obj,
case VIR_NETWORK_FORWARD_NONE:
case VIR_NETWORK_FORWARD_NAT:
case VIR_NETWORK_FORWARD_ROUTE:
- /* Only three of the L3 network types that are configured by
- * libvirt need to have iptables rules reloaded. The 4th L3
- * network type, forward='open', doesn't need this because it
- * has no iptables rules.
+ case VIR_NETWORK_FORWARD_OPEN:
+ /* even 'open' forward type networks need to call
+ * networkAdd/RemoveFirewallRules() in spite of the fact
+ * that, by definition, libvirt doesn't add any firewall
+ * rules for those networks.. This is because libvirt
+ * *does* support explicitly naming (in the config) a
+ * firewalld zone the network's bridge should be added to,
+ * and this functionality is also handled by
+ * networkAdd/RemoveFirewallRules()
*/
networkRemoveFirewallRules(obj);
ignore_value(networkAddFirewallRules(def, cfg->firewallBackend, &fwRemoval));
@@ -1746,7 +1751,6 @@ networkReloadFirewallRulesHelper(virNetworkObj *obj,
saveStatus = true;
break;
- case VIR_NETWORK_FORWARD_OPEN:
case VIR_NETWORK_FORWARD_BRIDGE:
case VIR_NETWORK_FORWARD_PRIVATE:
case VIR_NETWORK_FORWARD_VEPA:
@@ -2000,10 +2004,8 @@ networkStartNetworkVirtual(virNetworkDriverState *driver,
goto error;
/* Add "once per network" rules */
- if (def->forward.type != VIR_NETWORK_FORWARD_OPEN &&
- networkAddFirewallRules(def, cfg->firewallBackend, &fwRemoval) < 0) {
+ if (networkAddFirewallRules(def, cfg->firewallBackend, &fwRemoval) < 0)
goto error;
- }
virNetworkObjSetFwRemoval(obj, fwRemoval);
firewalRulesAdded = true;
@@ -2119,8 +2121,7 @@ networkStartNetworkVirtual(virNetworkDriverState *driver,
if (devOnline)
ignore_value(virNetDevSetOnline(def->bridge, false));
- if (firewalRulesAdded &&
- def->forward.type != VIR_NETWORK_FORWARD_OPEN)
+ if (firewalRulesAdded)
networkRemoveFirewallRules(obj);
virNetworkObjUnrefMacMap(obj);
@@ -2158,8 +2159,7 @@ networkShutdownNetworkVirtual(virNetworkObj *obj)
ignore_value(virNetDevSetOnline(def->bridge, false));
- if (def->forward.type != VIR_NETWORK_FORWARD_OPEN)
- networkRemoveFirewallRules(obj);
+ networkRemoveFirewallRules(obj);
ignore_value(virNetDevBridgeDelete(def->bridge));
@@ -3307,6 +3307,7 @@ networkUpdate(virNetworkPtr net,
case VIR_NETWORK_FORWARD_NONE:
case VIR_NETWORK_FORWARD_NAT:
case VIR_NETWORK_FORWARD_ROUTE:
+ case VIR_NETWORK_FORWARD_OPEN:
switch (section) {
case VIR_NETWORK_SECTION_FORWARD:
case VIR_NETWORK_SECTION_FORWARD_INTERFACE:
@@ -3325,7 +3326,6 @@ networkUpdate(virNetworkPtr net,
}
break;
- case VIR_NETWORK_FORWARD_OPEN:
case VIR_NETWORK_FORWARD_BRIDGE:
case VIR_NETWORK_FORWARD_PRIVATE:
case VIR_NETWORK_FORWARD_VEPA:
diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_linux.c
index 5981e3bd19..31feec9c9f 100644
--- a/src/network/bridge_driver_linux.c
+++ b/src/network/bridge_driver_linux.c
@@ -337,90 +337,101 @@ networkAddFirewallRules(virNetworkDef *def,
virFirewallBackend firewallBackend,
virFirewall **fwRemoval)
{
+ if (def->forward.type == VIR_NETWORK_FORWARD_OPEN) {
- networkSetupPrivateChains(firewallBackend, false);
+ VIR_DEBUG("No firewall rules to add for mode='open' network '%s'", def->name);
- if (errInitV4 &&
- (virNetworkDefGetIPByIndex(def, AF_INET, 0) ||
- virNetworkDefGetRouteByIndex(def, AF_INET, 0))) {
- virSetError(errInitV4);
- return -1;
- }
+ } else {
- if (errInitV6 &&
- (virNetworkDefGetIPByIndex(def, AF_INET6, 0) ||
- virNetworkDefGetRouteByIndex(def, AF_INET6, 0) ||
- def->ipv6nogw)) {
- virSetError(errInitV6);
- return -1;
- }
+ VIR_DEBUG("Adding firewall rules for mode='%s' network '%s' using %s",
+ virNetworkForwardTypeToString(def->forward.type),
+ def->name,
+ virFirewallBackendTypeToString(firewallBackend));
- if (def->bridgeZone) {
+ networkSetupPrivateChains(firewallBackend, false);
- /* if a firewalld zone has been specified, fail/log an error
- * if we can't honor it
- */
- if (virFirewallDIsRegistered() < 0) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("zone %1$s requested for network %2$s but firewalld is not active"),
- def->bridgeZone, def->name);
+ if (errInitV4 &&
+ (virNetworkDefGetIPByIndex(def, AF_INET, 0) ||
+ virNetworkDefGetRouteByIndex(def, AF_INET, 0))) {
+ virSetError(errInitV4);
return -1;
}
- if (virFirewallDInterfaceSetZone(def->bridge, def->bridgeZone) < 0)
+ if (errInitV6 &&
+ (virNetworkDefGetIPByIndex(def, AF_INET6, 0) ||
+ virNetworkDefGetRouteByIndex(def, AF_INET6, 0) ||
+ def->ipv6nogw)) {
+ virSetError(errInitV6);
return -1;
+ }
- } else {
+ if (def->bridgeZone) {
- /* if firewalld is active, try to set the "libvirt" zone. This is
- * desirable (for consistency) if firewalld is using the iptables
- * backend, but is necessary (for basic network connectivity) if
- * firewalld is using the nftables backend
- */
- if (virFirewallDIsRegistered() == 0) {
-
- /* if the "libvirt" zone exists, then set it. If not, and
- * if firewalld is using the nftables backend, then we
- * need to log an error because the combination of
- * nftables + default zone means that traffic cannot be
- * forwarded (and even DHCP and DNS from guest to host
- * will probably no be permitted by the default zone
- *
- * Routed networks use a different zone and policy which we also
- * need to verify exist. Probing for the policy guarantees the
- * running firewalld has support for policies (firewalld >= 0.9.0).
+ /* if a firewalld zone has been specified, fail/log an error
+ * if we can't honor it
*/
- if (def->forward.type == VIR_NETWORK_FORWARD_ROUTE &&
- virFirewallDPolicyExists("libvirt-routed-out") &&
- virFirewallDZoneExists("libvirt-routed")) {
- if (virFirewallDInterfaceSetZone(def->bridge, "libvirt-routed") < 0)
- return -1;
- } else if (virFirewallDZoneExists("libvirt")) {
- if (virFirewallDInterfaceSetZone(def->bridge, "libvirt") < 0)
- return -1;
- } else {
- virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("firewalld can't find the 'libvirt' zone that should have been installed with libvirt"));
+ if (virFirewallDIsRegistered() < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("zone %1$s requested for network %2$s but firewalld is not active"),
+ def->bridgeZone, def->name);
return -1;
}
+
+ if (virFirewallDInterfaceSetZone(def->bridge, def->bridgeZone) < 0)
+ return -1;
+
+ } else {
+
+ /* if firewalld is active, try to set the "libvirt" zone. This is
+ * desirable (for consistency) if firewalld is using the iptables
+ * backend, but is necessary (for basic network connectivity) if
+ * firewalld is using the nftables backend
+ */
+ if (virFirewallDIsRegistered() == 0) {
+
+ /* if the "libvirt" zone exists, then set it. If not, and
+ * if firewalld is using the nftables backend, then we
+ * need to log an error because the combination of
+ * nftables + default zone means that traffic cannot be
+ * forwarded (and even DHCP and DNS from guest to host
+ * will probably no be permitted by the default zone
+ *
+ * Routed networks use a different zone and policy which we also
+ * need to verify exist. Probing for the policy guarantees the
+ * running firewalld has support for policies (firewalld >= 0.9.0).
+ */
+ if (def->forward.type == VIR_NETWORK_FORWARD_ROUTE &&
+ virFirewallDPolicyExists("libvirt-routed-out") &&
+ virFirewallDZoneExists("libvirt-routed")) {
+ if (virFirewallDInterfaceSetZone(def->bridge, "libvirt-routed") < 0)
+ return -1;
+ } else if (virFirewallDZoneExists("libvirt")) {
+ if (virFirewallDInterfaceSetZone(def->bridge, "libvirt") < 0)
+ return -1;
+ } else {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("firewalld can't find the 'libvirt' zone that should have been installed with libvirt"));
+ return -1;
+ }
+ }
}
- }
- switch (firewallBackend) {
- case VIR_FIREWALL_BACKEND_NONE:
- virReportError(VIR_ERR_NO_SUPPORT, "%s",
- _("No firewall backend is available"));
- return -1;
+ switch (firewallBackend) {
+ case VIR_FIREWALL_BACKEND_NONE:
+ virReportError(VIR_ERR_NO_SUPPORT, "%s",
+ _("No firewall backend is available"));
+ return -1;
- case VIR_FIREWALL_BACKEND_IPTABLES:
- return iptablesAddFirewallRules(def, fwRemoval);
+ case VIR_FIREWALL_BACKEND_IPTABLES:
+ return iptablesAddFirewallRules(def, fwRemoval);
- case VIR_FIREWALL_BACKEND_NFTABLES:
- return nftablesAddFirewallRules(def, fwRemoval);
+ case VIR_FIREWALL_BACKEND_NFTABLES:
+ return nftablesAddFirewallRules(def, fwRemoval);
- case VIR_FIREWALL_BACKEND_LAST:
- virReportEnumRangeError(virFirewallBackend, firewallBackend);
- return -1;
+ case VIR_FIREWALL_BACKEND_LAST:
+ virReportEnumRangeError(virFirewallBackend, firewallBackend);
+ return -1;
+ }
}
return 0;
}
@@ -429,21 +440,29 @@ networkAddFirewallRules(virNetworkDef *def,
void
networkRemoveFirewallRules(virNetworkObj *obj)
{
+ virNetworkDef *def = virNetworkObjGetDef(obj);
virFirewall *fw;
- if ((fw = virNetworkObjGetFwRemoval(obj)) == NULL) {
- /* No information about firewall rules in the network status,
- * so we assume the old iptables-based rules from 10.2.0 and
- * earlier.
+ if (def->forward.type == VIR_NETWORK_FORWARD_OPEN) {
+
+ VIR_DEBUG("No firewall rules to remove for mode='open' network '%s'", def->name);
+
+ } else {
+
+ if ((fw = virNetworkObjGetFwRemoval(obj)) == NULL) {
+ /* No information about firewall rules in the network status,
+ * so we assume the old iptables-based rules from 10.2.0 and
+ * earlier.
+ */
+ VIR_DEBUG("No firewall info in status of network '%s', assuming old-style iptables", def->name);
+ iptablesRemoveFirewallRules(def);
+ return;
+ }
+
+ /* fwRemoval info was stored in the network status, so use that to
+ * remove the firewall
*/
- VIR_DEBUG("No firewall info in network status, assuming old-style iptables");
- iptablesRemoveFirewallRules(virNetworkObjGetDef(obj));
- return;
+ VIR_DEBUG("Removing firewall rules of network '%s' using commands saved in status", def->name);
+ virFirewallApply(fw);
}
-
- /* fwRemoval info was stored in the network status, so use that to
- * remove the firewall
- */
- VIR_DEBUG("Removing firewall rules with commands saved in network status");
- virFirewallApply(fw);
}
--
2.47.0

124
libvirt-qemu-Don-t-leave-beingDestroyed-true-on-inactive-domain.patch
View File

@ -1,124 +0,0 @@
From 53b691e4d85f8a442f14ecf4b3bf0b17d607fb2b Mon Sep 17 00:00:00 2001
Message-ID: <53b691e4d85f8a442f14ecf4b3bf0b17d607fb2b.1720800605.git.jdenemar@redhat.com>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Thu, 11 Jul 2024 13:49:09 +0200
Subject: [PATCH] qemu: Don't leave beingDestroyed=true on inactive domain
Recent commit v10.4.0-87-gd9935a5c4f made a reasonable change to only
reset beingDestroyed back to false when vm->def->id is reset to make
sure other code can detect a domain is (about to become) inactive. It
even added a comment saying any caller of qemuProcessBeginStopJob is
supposed to call qemuProcessStop to clear beingDestroyed. But not every
caller really does so because they first call qemuProcessBeginStopJob
and then check whether a domain is still running. If not the
qemuProcessStop call is skipped leaving beingDestroyed=true. In case of
a persistent domain this may block incoming migrations of such domain as
the migration code would think the domain died unexpectedly (even though
it's still running).
The qemuProcessBeginStopJob function is a wrapper around
virDomainObjBeginJob, but virDomainObjEndJob was used directly for
cleanup. This patch introduces a new qemuProcessEndStopJob wrapper
around virDomainObjEndJob to properly undo everything
qemuProcessBeginStopJob did.
https://issues.redhat.com/browse/RHEL-43309
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
(cherry picked from commit bec903cae84c21850d47a1b4d3ab57ca81189519)
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_driver.c | 4 ++--
src/qemu/qemu_process.c | 20 ++++++++++++++++----
src/qemu/qemu_process.h | 1 +
3 files changed, 19 insertions(+), 6 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index fc1704f4fc..d9073b2154 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -2115,7 +2115,7 @@ qemuDomainDestroyFlags(virDomainPtr dom,
endjob:
if (ret == 0)
qemuDomainRemoveInactive(driver, vm, 0, false);
- virDomainObjEndJob(vm);
+ qemuProcessEndStopJob(vm);
cleanup:
virDomainObjEndAPI(&vm);
@@ -3901,7 +3901,7 @@ processMonitorEOFEvent(virQEMUDriver *driver,
endjob:
qemuDomainRemoveInactive(driver, vm, 0, false);
- virDomainObjEndJob(vm);
+ qemuProcessEndStopJob(vm);
}
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index b9b6ccf1de..bea42d38c6 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -8422,7 +8422,8 @@ qemuProcessKill(virDomainObj *vm, unsigned int flags)
* qemuProcessBeginStopJob:
*
* Stop all current jobs by killing the domain and start a new one for
- * qemuProcessStop.
+ * qemuProcessStop. The caller has to make sure qemuProcessEndStopJob is
+ * called to properly cleanup the job.
*/
int
qemuProcessBeginStopJob(virDomainObj *vm,
@@ -8449,8 +8450,9 @@ qemuProcessBeginStopJob(virDomainObj *vm,
goto error;
/* priv->beingDestroyed is deliberately left set to 'true' here. Caller
- * is supposed to call qemuProcessStop, which will reset it after
- * 'vm->def->id' is set to -1 */
+ * is supposed to call qemuProcessStop (which will reset it after
+ * 'vm->def->id' is set to -1) and/or qemuProcessEndStopJob to do proper
+ * cleanup. */
return 0;
error:
@@ -8459,6 +8461,16 @@ qemuProcessBeginStopJob(virDomainObj *vm,
}
+void
+qemuProcessEndStopJob(virDomainObj *vm)
+{
+ if (!virDomainObjIsActive(vm))
+ QEMU_DOMAIN_PRIVATE(vm)->beingDestroyed = false;
+
+ virDomainObjEndJob(vm);
+}
+
+
void qemuProcessStop(virQEMUDriver *driver,
virDomainObj *vm,
virDomainShutoffReason reason,
@@ -8801,7 +8813,7 @@ qemuProcessAutoDestroy(virDomainObj *dom,
qemuDomainRemoveInactive(driver, dom, 0, false);
- virDomainObjEndJob(dom);
+ qemuProcessEndStopJob(dom);
virObjectEventStateQueue(driver->domainEventState, event);
}
diff --git a/src/qemu/qemu_process.h b/src/qemu/qemu_process.h
index c1ea949215..cb67bfcd2d 100644
--- a/src/qemu/qemu_process.h
+++ b/src/qemu/qemu_process.h
@@ -169,6 +169,7 @@ typedef enum {
int qemuProcessBeginStopJob(virDomainObj *vm,
virDomainJob job,
bool forceKill);
+void qemuProcessEndStopJob(virDomainObj *vm);
void qemuProcessStop(virQEMUDriver *driver,
virDomainObj *vm,
virDomainShutoffReason reason,
--
2.45.2

128
libvirt-qemu-do-not-use-deprecated-options-for-new-virtiofsd.patch
View File

@ -1,128 +0,0 @@
From c30b3dd904c094c478c5b362de6b3580379edd8b Mon Sep 17 00:00:00 2001
Message-ID: <c30b3dd904c094c478c5b362de6b3580379edd8b.1720800605.git.jdenemar@redhat.com>
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
Date: Thu, 4 Jul 2024 15:54:29 +0200
Subject: [PATCH] qemu: do not use deprecated options for new virtiofsd
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Use the to-be-introduced virtiofsd capability to mark whether
new options are safe to use.
Depends on:
https://gitlab.com/virtio-fs/virtiofsd/-/merge_requests/231
https://issues.redhat.com/browse/RHEL-7108
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 8dc04cafecd2432c071c73366e4c6eb3b7bff495)
https://issues.redhat.com/browse/RHEL-7108
Signed-off-by: Ján Tomko <jtomko@redhat.com>
---
src/qemu/qemu_virtiofs.c | 83 +++++++++++++++++++++++++++-------------
1 file changed, 57 insertions(+), 26 deletions(-)
diff --git a/src/qemu/qemu_virtiofs.c b/src/qemu/qemu_virtiofs.c
index 0df8d67b1b..0e3c7dbb58 100644
--- a/src/qemu/qemu_virtiofs.c
+++ b/src/qemu/qemu_virtiofs.c
@@ -139,36 +139,67 @@ qemuVirtioFSBuildCommandLine(virQEMUDriverConfig *cfg,
virCommandPassFD(cmd, *fd, VIR_COMMAND_PASS_FD_CLOSE_PARENT);
*fd = -1;
- virCommandAddArg(cmd, "-o");
- virBufferAddLit(&opts, "source=");
- virQEMUBuildBufferEscapeComma(&opts, fs->src->path);
- if (fs->cache)
- virBufferAsprintf(&opts, ",cache=%s", virDomainFSCacheModeTypeToString(fs->cache));
- if (fs->sandbox)
- virBufferAsprintf(&opts, ",sandbox=%s", virDomainFSSandboxModeTypeToString(fs->sandbox));
-
- if (fs->xattr == VIR_TRISTATE_SWITCH_ON)
- virBufferAddLit(&opts, ",xattr");
- else if (fs->xattr == VIR_TRISTATE_SWITCH_OFF)
- virBufferAddLit(&opts, ",no_xattr");
-
- if (fs->flock == VIR_TRISTATE_SWITCH_ON)
- virBufferAddLit(&opts, ",flock");
- else if (fs->flock == VIR_TRISTATE_SWITCH_OFF)
- virBufferAddLit(&opts, ",no_flock");
-
- if (fs->posix_lock == VIR_TRISTATE_SWITCH_ON)
- virBufferAddLit(&opts, ",posix_lock");
- else if (fs->posix_lock == VIR_TRISTATE_SWITCH_OFF)
- virBufferAddLit(&opts, ",no_posix_lock");
-
- virCommandAddArgBuffer(cmd, &opts);
+ if (virBitmapIsBitSet(fs->caps, QEMU_VHOST_USER_FS_FEATURE_SEPARATE_OPTIONS)) {
+ /* Note that this option format is used by the Rust version of the daemon
+ * since v1.0.0, which is way longer than the capability existed.
+ * The -o style of options can be removed once we bump the minimal
+ * QEMU version to 8.0.0, which dropped the C virtiofsd daemon */
+ virCommandAddArg(cmd, "--shared-dir");
+ virCommandAddArg(cmd, fs->src->path);
+
+ if (fs->cache) {
+ virCommandAddArg(cmd, "--cache");
+ virCommandAddArg(cmd, virDomainFSCacheModeTypeToString(fs->cache));
+ }
+ if (fs->sandbox) {
+ virCommandAddArg(cmd, "--sandbox");
+ virCommandAddArg(cmd, virDomainFSSandboxModeTypeToString(fs->sandbox));
+ }
+
+ if (fs->xattr == VIR_TRISTATE_SWITCH_ON)
+ virCommandAddArg(cmd, "--xattr");
+
+ if (fs->posix_lock != VIR_TRISTATE_SWITCH_ABSENT ||
+ fs->flock != VIR_TRISTATE_SWITCH_ABSENT) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("locking options are not supported by this virtiofsd"));
+ return NULL;
+ }
+ } else {
+ virCommandAddArg(cmd, "-o");
+ virBufferAddLit(&opts, "source=");
+ virQEMUBuildBufferEscapeComma(&opts, fs->src->path);
+ if (fs->cache)
+ virBufferAsprintf(&opts, ",cache=%s", virDomainFSCacheModeTypeToString(fs->cache));
+ if (fs->sandbox)
+ virBufferAsprintf(&opts, ",sandbox=%s", virDomainFSSandboxModeTypeToString(fs->sandbox));
+
+ if (fs->xattr == VIR_TRISTATE_SWITCH_ON)
+ virBufferAddLit(&opts, ",xattr");
+ else if (fs->xattr == VIR_TRISTATE_SWITCH_OFF)
+ virBufferAddLit(&opts, ",no_xattr");
+
+ if (fs->flock == VIR_TRISTATE_SWITCH_ON)
+ virBufferAddLit(&opts, ",flock");
+ else if (fs->flock == VIR_TRISTATE_SWITCH_OFF)
+ virBufferAddLit(&opts, ",no_flock");
+
+ if (fs->posix_lock == VIR_TRISTATE_SWITCH_ON)
+ virBufferAddLit(&opts, ",posix_lock");
+ else if (fs->posix_lock == VIR_TRISTATE_SWITCH_OFF)
+ virBufferAddLit(&opts, ",no_posix_lock");
+
+ virCommandAddArgBuffer(cmd, &opts);
+ }
if (fs->thread_pool_size >= 0)
virCommandAddArgFormat(cmd, "--thread-pool-size=%i", fs->thread_pool_size);
- if (cfg->virtiofsdDebug)
- virCommandAddArg(cmd, "-d");
+ if (cfg->virtiofsdDebug) {
+ if (virBitmapIsBitSet(fs->caps, QEMU_VHOST_USER_FS_FEATURE_SEPARATE_OPTIONS))
+ virCommandAddArgList(cmd, "--log-level", "debug", NULL);
+ else
+ virCommandAddArg(cmd, "-d");
+ }
for (i = 0; i < fs->idmap.nuidmap; i++) {
virCommandAddArgFormat(cmd, "--uid-map=:%u:%u:%u:",
--
2.45.2

208
libvirt-qemu-fill-capabilities-for-virtiofsd.patch
View File

@ -1,208 +0,0 @@
From 26c0a729f2ae6dcd932a42bd437fc76da9e6b2cc Mon Sep 17 00:00:00 2001
Message-ID: <26c0a729f2ae6dcd932a42bd437fc76da9e6b2cc.1720800605.git.jdenemar@redhat.com>
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
Date: Thu, 4 Jul 2024 15:54:28 +0200
Subject: [PATCH] qemu: fill capabilities for virtiofsd
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Run the daemon with --print-capabilities first, to see what it supports.
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 730eaafaace6b9202f9f694b732196299a0baec2)
https://issues.redhat.com/browse/RHEL-7108
https://issues.redhat.com/browse/RHEL-40135
Signed-off-by: Ján Tomko <jtomko@redhat.com>
---
src/conf/domain_conf.c | 1 +
src/conf/domain_conf.h | 1 +
src/qemu/qemu_vhost_user.c | 58 +++++++++++++++++++
src/qemu/qemu_vhost_user.h | 11 ++++
src/qemu/qemu_virtiofs.c | 9 ++-
.../qemu/vhost-user/50-qemu-virtiofsd.json | 2 +-
tests/qemuxmlconftest.c | 2 +
7 files changed, 81 insertions(+), 3 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 8a3c63b1fc..1523341b34 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -2600,6 +2600,7 @@ void virDomainFSDefFree(virDomainFSDef *def)
g_free(def->sock);
g_free(def->idmap.uidmap);
g_free(def->idmap.gidmap);
+ virBitmapFree(def->caps);
g_free(def);
}
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 2818a9f1f5..b3a0d26cde 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -899,6 +899,7 @@ struct _virDomainFSDef {
virDomainIdMapDef idmap;
virDomainVirtioOptions *virtio;
virObject *privateData;
+ virBitmap *caps;
};
diff --git a/src/qemu/qemu_vhost_user.c b/src/qemu/qemu_vhost_user.c
index 0294daab80..de3ef640a3 100644
--- a/src/qemu/qemu_vhost_user.c
+++ b/src/qemu/qemu_vhost_user.c
@@ -22,6 +22,7 @@
#include "qemu_vhost_user.h"
#include "qemu_interop_config.h"
+#include "virbitmap.h"
#include "virjson.h"
#include "virlog.h"
#include "viralloc.h"
@@ -90,6 +91,12 @@ VIR_ENUM_IMPL(qemuVhostUserGPUFeature,
"render-node",
);
+VIR_ENUM_IMPL(qemuVhostUserFSFeature,
+ QEMU_VHOST_USER_FS_FEATURE_LAST,
+ "migrate-precopy",
+ "separate-options",
+);
+
typedef struct _qemuVhostUserGPU qemuVhostUserGPU;
struct _qemuVhostUserGPU {
size_t nfeatures;
@@ -414,6 +421,52 @@ qemuVhostUserFillDomainGPU(virQEMUDriver *driver,
return ret;
}
+int
+qemuVhostUserFillFSCapabilities(virBitmap **caps,
+ const char *binary)
+{
+ g_autoptr(virJSONValue) doc = NULL;
+ g_autofree char *output = NULL;
+ g_autoptr(virCommand) cmd = NULL;
+ virJSONValue *featuresJSON;
+ size_t nfeatures;
+ size_t i;
+ g_autoptr(virBitmap) features = NULL;
+
+ cmd = virCommandNewArgList(binary, "--print-capabilities", NULL);
+ virCommandSetOutputBuffer(cmd, &output);
+ if (virCommandRun(cmd, NULL) < 0)
+ return -2;
+
+ if (!(doc = virJSONValueFromString(output))) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("unable to parse json capabilities '%1$s'"),
+ binary);
+ return -1;
+ }
+
+ /* Older virtiofsd did not print any features */
+ if (!(featuresJSON = virJSONValueObjectGetArray(doc, "features")))
+ return 0;
+
+ features = virBitmapNew(0);
+ nfeatures = virJSONValueArraySize(featuresJSON);
+
+ for (i = 0; i < nfeatures; i++) {
+ virJSONValue *item = virJSONValueArrayGet(featuresJSON, i);
+ const char *tmpStr = virJSONValueGetString(item);
+ int tmp;
+
+ if ((tmp = qemuVhostUserFSFeatureTypeFromString(tmpStr)) < 0) {
+ VIR_DEBUG("ignoring unknown virtiofs feature '%s'", tmpStr);
+ continue;
+ }
+ virBitmapSetBitExpand(features, tmp);
+ }
+
+ *caps = g_steal_pointer(&features);
+ return 0;
+}
int
qemuVhostUserFillDomainFS(virQEMUDriver *driver,
@@ -435,6 +488,11 @@ qemuVhostUserFillDomainFS(virQEMUDriver *driver,
continue;
fs->binary = g_strdup(vu->binary);
+
+ /* skip binaries that can't report their capabilities */
+ if (qemuVhostUserFillFSCapabilities(&fs->caps,
+ vu->binary) == -1)
+ continue;
break;
}
diff --git a/src/qemu/qemu_vhost_user.h b/src/qemu/qemu_vhost_user.h
index d1aa6ca189..c39fbfebe8 100644
--- a/src/qemu/qemu_vhost_user.h
+++ b/src/qemu/qemu_vhost_user.h
@@ -46,3 +46,14 @@ qemuVhostUserFillDomainGPU(virQEMUDriver *driver,
int
qemuVhostUserFillDomainFS(virQEMUDriver *driver,
virDomainFSDef *fs);
+
+int
+qemuVhostUserFillFSCapabilities(virBitmap **caps,
+ const char *binary);
+typedef enum {
+ QEMU_VHOST_USER_FS_FEATURE_MIGRATE_PRECOPY = 0,
+ QEMU_VHOST_USER_FS_FEATURE_SEPARATE_OPTIONS,
+ QEMU_VHOST_USER_FS_FEATURE_LAST
+} qemuVhostUserFSFeature;
+
+VIR_ENUM_DECL(qemuVhostUserFSFeature);
diff --git a/src/qemu/qemu_virtiofs.c b/src/qemu/qemu_virtiofs.c
index 78897d8177..0df8d67b1b 100644
--- a/src/qemu/qemu_virtiofs.c
+++ b/src/qemu/qemu_virtiofs.c
@@ -446,8 +446,13 @@ qemuVirtioFSPrepareDomain(virQEMUDriver *driver,
if (fs->sock)
return 0;
- if (!fs->binary && qemuVhostUserFillDomainFS(driver, fs) < 0)
- return -1;
+ if (fs->binary) {
+ if (qemuVhostUserFillFSCapabilities(&fs->caps, fs->binary) < 0)
+ return -1;
+ } else {
+ if (qemuVhostUserFillDomainFS(driver, fs) < 0)
+ return -1;
+ }
if (!driver->privileged && !fs->idmap.uidmap) {
if (qemuVirtioFSPrepareIdMap(fs) < 0)
diff --git a/tests/qemuvhostuserdata/usr/share/qemu/vhost-user/50-qemu-virtiofsd.json b/tests/qemuvhostuserdata/usr/share/qemu/vhost-user/50-qemu-virtiofsd.json
index b908bc6b30..5cf2c986f8 100644
--- a/tests/qemuvhostuserdata/usr/share/qemu/vhost-user/50-qemu-virtiofsd.json
+++ b/tests/qemuvhostuserdata/usr/share/qemu/vhost-user/50-qemu-virtiofsd.json
@@ -1,5 +1,5 @@
{
"description": "virtiofsd vhost-user-fs",
"type": "fs",
- "binary": "/usr/libexec/qemu/vhost-user/test-vhost-user-gpu"
+ "binary": "/usr/libexec/qemu/vhost-user/test-virtiofsd"
}
diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
index 8e0d47c6fd..a3a399e16c 100644
--- a/tests/qemuxmlconftest.c
+++ b/tests/qemuxmlconftest.c
@@ -1079,6 +1079,8 @@ mymain(void)
virFileWrapperAddPrefix("/usr/libexec/qemu/vhost-user",
abs_srcdir "/qemuvhostuserdata/usr/libexec/qemu/vhost-user");
+ virFileWrapperAddPrefix("/usr/libexec/virtiofsd",
+ abs_srcdir "/qemuvhostuserdata/usr/libexec/qemu/vhost-user/test-virtiofsd");
if (!(conn = virGetConnect()))
return EXIT_FAILURE;
--
2.45.2

52
libvirt-qemu-migration-allow-migration-for-virtiofs.patch
View File

@ -1,52 +0,0 @@
From 5f73e98cc870b13a053fd99d4d2707fed50e57d0 Mon Sep 17 00:00:00 2001
Message-ID: <5f73e98cc870b13a053fd99d4d2707fed50e57d0.1720800605.git.jdenemar@redhat.com>
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
Date: Thu, 4 Jul 2024 15:54:30 +0200
Subject: [PATCH] qemu: migration: allow migration for virtiofs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Allow migration if the "migrate-precopy" capability is present or
libvirt is not the one running the virtiofs daemon.
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit d94b31a68ab94f27f8a1d6d216817b49881c38ae)
https://issues.redhat.com/browse/RHEL-40135
Signed-off-by: Ján Tomko <jtomko@redhat.com>
---
src/qemu/qemu_migration.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 26c082fc08..4fd7a0aafb 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -39,6 +39,7 @@
#include "qemu_slirp.h"
#include "qemu_block.h"
#include "qemu_tpm.h"
+#include "qemu_vhost_user.h"
#include "domain_audit.h"
#include "virlog.h"
@@ -1576,8 +1577,12 @@ qemuMigrationSrcIsAllowed(virDomainObj *vm,
virDomainFSDef *fs = vm->def->fss[i];
if (fs->fsdriver == VIR_DOMAIN_FS_DRIVER_TYPE_VIRTIOFS) {
- virReportError(VIR_ERR_OPERATION_INVALID, "%s",
- _("migration with virtiofs device is not supported"));
+ if (fs->sock ||
+ virBitmapIsBitSet(fs->caps, QEMU_VHOST_USER_FS_FEATURE_MIGRATE_PRECOPY))
+ continue;
+
+ virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
+ _("migration with this virtiofs device is not supported"));
return false;
}
}
--
2.45.2

49
libvirt-qemu-virtiofs-cache-use-never-instead-of-none.patch
View File

@ -1,49 +0,0 @@
From d7285cb688e4f6b61dd842be7d0a2e773ad7d21b Mon Sep 17 00:00:00 2001
Message-ID: <d7285cb688e4f6b61dd842be7d0a2e773ad7d21b.1723213495.git.jdenemar@redhat.com>
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
Date: Tue, 23 Jul 2024 14:14:13 +0200
Subject: [PATCH] qemu: virtiofs: cache: use 'never' instead of 'none'
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The new option style renamed one of the cache modes.
https://issues.redhat.com/browse/RHEL-50329
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 8d3b2397372111d15d6b79138c5c5a80203f85f5)
Signed-off-by: Ján Tomko <jtomko@redhat.com>
---
src/qemu/qemu_virtiofs.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_virtiofs.c b/src/qemu/qemu_virtiofs.c
index 0e3c7dbb58..c7be2766a2 100644
--- a/src/qemu/qemu_virtiofs.c
+++ b/src/qemu/qemu_virtiofs.c
@@ -147,10 +147,20 @@ qemuVirtioFSBuildCommandLine(virQEMUDriverConfig *cfg,
virCommandAddArg(cmd, "--shared-dir");
virCommandAddArg(cmd, fs->src->path);
- if (fs->cache) {
+ switch (fs->cache) {
+ case VIR_DOMAIN_FS_CACHE_MODE_DEFAULT:
+ case VIR_DOMAIN_FS_CACHE_MODE_LAST:
+ break;
+ case VIR_DOMAIN_FS_CACHE_MODE_NONE:
+ virCommandAddArg(cmd, "--cache");
+ virCommandAddArg(cmd, "never");
+ break;
+ case VIR_DOMAIN_FS_CACHE_MODE_ALWAYS:
virCommandAddArg(cmd, "--cache");
virCommandAddArg(cmd, virDomainFSCacheModeTypeToString(fs->cache));
+ break;
}
+
if (fs->sandbox) {
virCommandAddArg(cmd, "--sandbox");
virCommandAddArg(cmd, virDomainFSSandboxModeTypeToString(fs->sandbox));
--
2.46.0

105
libvirt-qemu_domain-Strip-acpi-from-s390-x-definitions.patch
View File

@ -1,105 +0,0 @@
From f34372c108e5b4f1e37c333a7ff2c50faa9f534e Mon Sep 17 00:00:00 2001
Message-ID: <f34372c108e5b4f1e37c333a7ff2c50faa9f534e.1723213495.git.jdenemar@redhat.com>
From: Peter Krempa <pkrempa@redhat.com>
Date: Wed, 31 Jul 2024 11:34:59 +0200
Subject: [PATCH] qemu_domain: Strip <acpi/> from s390(x) definitions
The s390(x) machines never supported ACPI. That didn't stop users
enabling ACPI in their config. As of libvirt-9.2 (98c4e3d073) with new
enough qemu we reject configs which require ACPI, but qemu can't satisfy
it.
This breaks migration of existing VMs with the old wrong configs to new
libvirt installations.
To address this introduce a post-parse fixup removing the ACPI flag
specifically for s390 machines which do enable it in the definition.
The advantage of doing it in post-parse, rather than simply relaxing the
ABI stability check to allow users providing an fixed XML when migrating
(allowing change of the ACPI flag for s390 in ABI stability check, as it
doesn't impact ABI), is that only the destination installation needs to
be patched in order to preserve migration.
To mitigate the disadvantage of simply stripping it from all s390(x)
configs the hack is not applied when defining or starting a new domain
from the XML, to preserve the error about unsupported configuration.
Resolves: https://issues.redhat.com/browse/RHEL-49516
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
(cherry picked from commit 4ba4f659e42a30c3fa8ece414616a23a992acfaa)
---
src/qemu/qemu_domain.c | 49 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 49 insertions(+)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 1a90311ca5..1bafe3708a 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -5013,6 +5013,53 @@ qemuDomainDefPostParseBasic(virDomainDef *def,
}
+/**
+ * qemuDomainDefACPIPostParse:
+ * @def: domain definition
+ * @qemuCaps: qemu capabilities object
+ *
+ * Fixup the use of ACPI flag on certain architectures that never supported it
+ * and users for some reason used it, which would break migration to newer
+ * libvirt versions which check whether given machine type supports ACPI.
+ *
+ * The fixup is done in post-parse as it's hard to update the ABI stability
+ * check on source of the migration.
+ */
+static void
+qemuDomainDefACPIPostParse(virDomainDef *def,
+ virQEMUCaps *qemuCaps,
+ unsigned int parseFlags)
+{
+ /* Only cases when ACPI is enabled need to be fixed up */
+ if (def->features[VIR_DOMAIN_FEATURE_ACPI] != VIR_TRISTATE_SWITCH_ON)
+ return;
+
+ /* Strip the <acpi/> feature only for non-fresh configs, in order to still
+ * produce an error if the feature is present in a newly defined one.
+ *
+ * The use of the VIR_DOMAIN_DEF_PARSE_ABI_UPDATE looks counter-intuitive,
+ * but it's used only in qemuDomainCreateXML/qemuDomainDefineXMLFlags APIs
+ * */
+ if (parseFlags & VIR_DOMAIN_DEF_PARSE_ABI_UPDATE)
+ return;
+
+ /* This fixup is applicable _only_ on architectures which were present as of
+ * libvirt-9.2 and *never* supported ACPI. The fixup is currently done only
+ * for existing users of s390(x) to fix migration for configs which had
+ * <acpi/> despite being ignored.
+ */
+ if (def->os.arch != VIR_ARCH_S390 &&
+ def->os.arch != VIR_ARCH_S390X)
+ return;
+
+ /* To be sure, we only strip ACPI if given machine type doesn't support it */
+ if (virQEMUCapsMachineSupportsACPI(qemuCaps, def->virtType, def->os.machine) != VIR_TRISTATE_BOOL_NO)
+ return;
+
+ def->features[VIR_DOMAIN_FEATURE_ACPI] = VIR_TRISTATE_SWITCH_ABSENT;
+}
+
+
static int
qemuDomainDefPostParse(virDomainDef *def,
unsigned int parseFlags,
@@ -5033,6 +5080,8 @@ qemuDomainDefPostParse(virDomainDef *def,
if (qemuDomainDefMachinePostParse(def, qemuCaps) < 0)
return -1;
+ qemuDomainDefACPIPostParse(def, qemuCaps, parseFlags);
+
if (qemuDomainDefBootPostParse(def, driver, parseFlags) < 0)
return -1;
--
2.46.0

435
libvirt-qemuxmlconftest-Add-tests-for-the-ACPI-stripping-hack-on-s390.patch
View File

@ -1,435 +0,0 @@
From 94915522e99b56933fd792dfd801f70a188f3534 Mon Sep 17 00:00:00 2001
Message-ID: <94915522e99b56933fd792dfd801f70a188f3534.1723213495.git.jdenemar@redhat.com>
From: Peter Krempa <pkrempa@redhat.com>
Date: Wed, 31 Jul 2024 12:38:23 +0200
Subject: [PATCH] qemuxmlconftest: Add tests for the ACPI stripping hack on
s390
Replace the 'misc-acpi' case by testing a bunch of architectures for how
ACPI is handled including a test for the s390 ACPI strip hack added in
previous commit.
The input files are adapted from the corresponding '-minimal.xml' files.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
(cherry picked from commit 432e442ca8eeb4ed8c0dcc3a3c7d723f85b38c40)
https://issues.redhat.com/browse/RHEL-49516
---
.../aarch64-noacpi-acpi.aarch64-latest.err | 1 +
tests/qemuxmlconfdata/aarch64-noacpi-acpi.xml | 18 ++++++++
.../misc-acpi.x86_64-latest.args | 34 ---------------
.../misc-acpi.x86_64-latest.xml | 41 -------------------
tests/qemuxmlconfdata/misc-acpi.xml | 33 ---------------
.../riscv64-virt-acpi.riscv64-latest.args | 33 +++++++++++++++
.../riscv64-virt-acpi.riscv64-latest.xml | 36 ++++++++++++++++
tests/qemuxmlconfdata/riscv64-virt-acpi.xml | 15 +++++++
...s390x-ccw-acpi.s390x-latest.abi-update.err | 1 +
.../s390x-ccw-acpi.s390x-latest.args | 32 +++++++++++++++
.../s390x-ccw-acpi.s390x-latest.xml | 27 ++++++++++++
tests/qemuxmlconfdata/s390x-ccw-acpi.xml | 15 +++++++
tests/qemuxmlconftest.c | 18 +++++++-
13 files changed, 195 insertions(+), 109 deletions(-)
create mode 100644 tests/qemuxmlconfdata/aarch64-noacpi-acpi.aarch64-latest.err
create mode 100644 tests/qemuxmlconfdata/aarch64-noacpi-acpi.xml
delete mode 100644 tests/qemuxmlconfdata/misc-acpi.x86_64-latest.args
delete mode 100644 tests/qemuxmlconfdata/misc-acpi.x86_64-latest.xml
delete mode 100644 tests/qemuxmlconfdata/misc-acpi.xml
create mode 100644 tests/qemuxmlconfdata/riscv64-virt-acpi.riscv64-latest.args
create mode 100644 tests/qemuxmlconfdata/riscv64-virt-acpi.riscv64-latest.xml
create mode 100644 tests/qemuxmlconfdata/riscv64-virt-acpi.xml
create mode 100644 tests/qemuxmlconfdata/s390x-ccw-acpi.s390x-latest.abi-update.err
create mode 100644 tests/qemuxmlconfdata/s390x-ccw-acpi.s390x-latest.args
create mode 100644 tests/qemuxmlconfdata/s390x-ccw-acpi.s390x-latest.xml
create mode 100644 tests/qemuxmlconfdata/s390x-ccw-acpi.xml
diff --git a/tests/qemuxmlconfdata/aarch64-noacpi-acpi.aarch64-latest.err b/tests/qemuxmlconfdata/aarch64-noacpi-acpi.aarch64-latest.err
new file mode 100644
index 0000000000..5f379d56ce
--- /dev/null
+++ b/tests/qemuxmlconfdata/aarch64-noacpi-acpi.aarch64-latest.err
@@ -0,0 +1 @@
+unsupported configuration: machine type 'borzoi' does not support ACPI
diff --git a/tests/qemuxmlconfdata/aarch64-noacpi-acpi.xml b/tests/qemuxmlconfdata/aarch64-noacpi-acpi.xml
new file mode 100644
index 0000000000..10dbeabd6d
--- /dev/null
+++ b/tests/qemuxmlconfdata/aarch64-noacpi-acpi.xml
@@ -0,0 +1,18 @@
+<domain type='kvm'>
+ <name>aarch64test</name>
+ <uuid>6ba410c5-1e5c-4d57-bee7-2228e7ffa32f</uuid>
+ <memory unit='KiB'>1048576</memory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <!-- machine type doesn't matter as long as it has no ACPI -->
+ <type arch='aarch64' machine='borzoi'>hvm</type>
+ </os>
+ <features>
+ <acpi/>
+ </features>
+ <cpu mode='host-passthrough'/>
+ <devices>
+ <emulator>/usr/bin/qemu-system-aarch64</emulator>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxmlconfdata/misc-acpi.x86_64-latest.args b/tests/qemuxmlconfdata/misc-acpi.x86_64-latest.args
deleted file mode 100644
index c4e09c0af2..0000000000
--- a/tests/qemuxmlconfdata/misc-acpi.x86_64-latest.args
+++ /dev/null
@@ -1,34 +0,0 @@
-LC_ALL=C \
-PATH=/bin \
-HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1 \
-USER=test \
-LOGNAME=test \
-XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.local/share \
-XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.cache \
-XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-/usr/bin/qemu-system-x86_64 \
--name guest=QEMUGuest1,debug-threads=on \
--S \
--object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-QEMUGuest1/master-key.aes"}' \
--machine pc,usb=off,dump-guest-core=off,memory-backend=pc.ram,acpi=on \
--accel tcg \
--cpu qemu64 \
--m size=219136k \
--object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":224395264}' \
--overcommit mem-lock=off \
--smp 1,sockets=1,cores=1,threads=1 \
--uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
--display none \
--no-user-config \
--nodefaults \
--chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
--mon chardev=charmonitor,id=monitor,mode=control \
--rtc base=utc \
--no-shutdown \
--boot strict=on \
--device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}' \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \
--device '{"driver":"ide-hd","bus":"ide.0","unit":0,"drive":"libvirt-1-storage","id":"ide0-0-0","bootindex":1}' \
--audiodev '{"id":"audio1","driver":"none"}' \
--sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
--msg timestamp=on
diff --git a/tests/qemuxmlconfdata/misc-acpi.x86_64-latest.xml b/tests/qemuxmlconfdata/misc-acpi.x86_64-latest.xml
deleted file mode 100644
index 176926bb60..0000000000
--- a/tests/qemuxmlconfdata/misc-acpi.x86_64-latest.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<domain type='qemu'>
- <name>QEMUGuest1</name>
- <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
- <memory unit='KiB'>219136</memory>
- <currentMemory unit='KiB'>219136</currentMemory>
- <vcpu placement='static'>1</vcpu>
- <os>
- <type arch='x86_64' machine='pc'>hvm</type>
- <boot dev='hd'/>
- </os>
- <features>
- <acpi/>
- </features>
- <cpu mode='custom' match='exact' check='none'>
- <model fallback='forbid'>qemu64</model>
- </cpu>
- <clock offset='utc'/>
- <on_poweroff>destroy</on_poweroff>
- <on_reboot>restart</on_reboot>
- <on_crash>destroy</on_crash>
- <devices>
- <emulator>/usr/bin/qemu-system-x86_64</emulator>
- <disk type='block' device='disk'>
- <driver name='qemu' type='raw'/>
- <source dev='/dev/HostVG/QEMUGuest1'/>
- <target dev='hda' bus='ide'/>
- <address type='drive' controller='0' bus='0' target='0' unit='0'/>
- </disk>
- <controller type='usb' index='0' model='piix3-uhci'>
- <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
- </controller>
- <controller type='ide' index='0'>
- <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
- </controller>
- <controller type='pci' index='0' model='pci-root'/>
- <input type='mouse' bus='ps2'/>
- <input type='keyboard' bus='ps2'/>
- <audio id='1' type='none'/>
- <memballoon model='none'/>
- </devices>
-</domain>
diff --git a/tests/qemuxmlconfdata/misc-acpi.xml b/tests/qemuxmlconfdata/misc-acpi.xml
deleted file mode 100644
index 59fbe471ff..0000000000
--- a/tests/qemuxmlconfdata/misc-acpi.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<domain type='qemu'>
- <name>QEMUGuest1</name>
- <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
- <memory unit='KiB'>219136</memory>
- <currentMemory unit='KiB'>219136</currentMemory>
- <vcpu placement='static'>1</vcpu>
- <os>
- <type arch='x86_64' machine='pc'>hvm</type>
- <boot dev='hd'/>
- </os>
- <features>
- <acpi/>
- </features>
- <clock offset='utc'/>
- <on_poweroff>destroy</on_poweroff>
- <on_reboot>restart</on_reboot>
- <on_crash>destroy</on_crash>
- <devices>
- <emulator>/usr/bin/qemu-system-x86_64</emulator>
- <disk type='block' device='disk'>
- <driver name='qemu' type='raw'/>
- <source dev='/dev/HostVG/QEMUGuest1'/>
- <target dev='hda' bus='ide'/>
- <address type='drive' controller='0' bus='0' target='0' unit='0'/>
- </disk>
- <controller type='usb' index='0'/>
- <controller type='ide' index='0'/>
- <controller type='pci' index='0' model='pci-root'/>
- <input type='mouse' bus='ps2'/>
- <input type='keyboard' bus='ps2'/>
- <memballoon model='none'/>
- </devices>
-</domain>
diff --git a/tests/qemuxmlconfdata/riscv64-virt-acpi.riscv64-latest.args b/tests/qemuxmlconfdata/riscv64-virt-acpi.riscv64-latest.args
new file mode 100644
index 0000000000..fcb80b009e
--- /dev/null
+++ b/tests/qemuxmlconfdata/riscv64-virt-acpi.riscv64-latest.args
@@ -0,0 +1,33 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/var/lib/libvirt/qemu/domain--1-guest \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
+XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
+XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
+/usr/bin/qemu-system-riscv64 \
+-name guest=guest,debug-threads=on \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
+-machine virt,usb=off,dump-guest-core=off,memory-backend=riscv_virt_board.ram \
+-accel tcg \
+-m size=4194304k \
+-object '{"qom-type":"memory-backend-ram","id":"riscv_virt_board.ram","size":4294967296}' \
+-overcommit mem-lock=off \
+-smp 4,sockets=4,cores=1,threads=1 \
+-uuid 1ccfd97d-5eb4-478a-bbe6-88d254c16db7 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-boot strict=on \
+-device '{"driver":"pcie-root-port","port":8,"chassis":1,"id":"pci.1","bus":"pcie.0","multifunction":true,"addr":"0x1"}' \
+-device '{"driver":"pcie-root-port","port":9,"chassis":2,"id":"pci.2","bus":"pcie.0","addr":"0x1.0x1"}' \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-device '{"driver":"virtio-balloon-pci","id":"balloon0","bus":"pci.1","addr":"0x0"}' \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+-msg timestamp=on
diff --git a/tests/qemuxmlconfdata/riscv64-virt-acpi.riscv64-latest.xml b/tests/qemuxmlconfdata/riscv64-virt-acpi.riscv64-latest.xml
new file mode 100644
index 0000000000..075708df9c
--- /dev/null
+++ b/tests/qemuxmlconfdata/riscv64-virt-acpi.riscv64-latest.xml
@@ -0,0 +1,36 @@
+<domain type='qemu'>
+ <name>guest</name>
+ <uuid>1ccfd97d-5eb4-478a-bbe6-88d254c16db7</uuid>
+ <memory unit='KiB'>4194304</memory>
+ <currentMemory unit='KiB'>4194304</currentMemory>
+ <vcpu placement='static'>4</vcpu>
+ <os>
+ <type arch='riscv64' machine='virt'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <features>
+ <acpi/>
+ </features>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-riscv64</emulator>
+ <controller type='pci' index='0' model='pcie-root'/>
+ <controller type='pci' index='1' model='pcie-root-port'>
+ <model name='pcie-root-port'/>
+ <target chassis='1' port='0x8'/>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0' multifunction='on'/>
+ </controller>
+ <controller type='pci' index='2' model='pcie-root-port'>
+ <model name='pcie-root-port'/>
+ <target chassis='2' port='0x9'/>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
+ </controller>
+ <audio id='1' type='none'/>
+ <memballoon model='virtio'>
+ <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
+ </memballoon>
+ </devices>
+</domain>
diff --git a/tests/qemuxmlconfdata/riscv64-virt-acpi.xml b/tests/qemuxmlconfdata/riscv64-virt-acpi.xml
new file mode 100644
index 0000000000..72fc0d8e1c
--- /dev/null
+++ b/tests/qemuxmlconfdata/riscv64-virt-acpi.xml
@@ -0,0 +1,15 @@
+<domain type='qemu'>
+ <name>guest</name>
+ <uuid>1ccfd97d-5eb4-478a-bbe6-88d254c16db7</uuid>
+ <memory>4194304</memory>
+ <vcpu>4</vcpu>
+ <os>
+ <type arch='riscv64' machine='virt'>hvm</type>
+ </os>
+ <features>
+ <acpi/>
+ </features>
+ <devices>
+ <emulator>/usr/bin/qemu-system-riscv64</emulator>
+ </devices>
+</domain>
diff --git a/tests/qemuxmlconfdata/s390x-ccw-acpi.s390x-latest.abi-update.err b/tests/qemuxmlconfdata/s390x-ccw-acpi.s390x-latest.abi-update.err
new file mode 100644
index 0000000000..4ca9af1de0
--- /dev/null
+++ b/tests/qemuxmlconfdata/s390x-ccw-acpi.s390x-latest.abi-update.err
@@ -0,0 +1 @@
+unsupported configuration: machine type 's390-ccw-virtio' does not support ACPI
diff --git a/tests/qemuxmlconfdata/s390x-ccw-acpi.s390x-latest.args b/tests/qemuxmlconfdata/s390x-ccw-acpi.s390x-latest.args
new file mode 100644
index 0000000000..84098e580e
--- /dev/null
+++ b/tests/qemuxmlconfdata/s390x-ccw-acpi.s390x-latest.args
@@ -0,0 +1,32 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/var/lib/libvirt/qemu/domain--1-guest \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
+XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
+XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
+/usr/bin/qemu-system-s390x \
+-name guest=guest,debug-threads=on \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
+-machine s390-ccw-virtio,usb=off,dump-guest-core=off,memory-backend=s390.ram \
+-accel tcg \
+-cpu qemu \
+-m size=4194304k \
+-object '{"qom-type":"memory-backend-ram","id":"s390.ram","size":4294967296}' \
+-overcommit mem-lock=off \
+-smp 4,sockets=4,cores=1,threads=1 \
+-uuid 1ccfd97d-5eb4-478a-bbe6-88d254c16db7 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-boot strict=on \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-device '{"driver":"virtio-balloon-ccw","id":"balloon0","devno":"fe.0.0000"}' \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+-msg timestamp=on
diff --git a/tests/qemuxmlconfdata/s390x-ccw-acpi.s390x-latest.xml b/tests/qemuxmlconfdata/s390x-ccw-acpi.s390x-latest.xml
new file mode 100644
index 0000000000..df8e578212
--- /dev/null
+++ b/tests/qemuxmlconfdata/s390x-ccw-acpi.s390x-latest.xml
@@ -0,0 +1,27 @@
+<domain type='qemu'>
+ <name>guest</name>
+ <uuid>1ccfd97d-5eb4-478a-bbe6-88d254c16db7</uuid>
+ <memory unit='KiB'>4194304</memory>
+ <currentMemory unit='KiB'>4194304</currentMemory>
+ <vcpu placement='static'>4</vcpu>
+ <os>
+ <type arch='s390x' machine='s390-ccw-virtio'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <cpu mode='custom' match='exact' check='none'>
+ <model fallback='forbid'>qemu</model>
+ </cpu>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-s390x</emulator>
+ <controller type='pci' index='0' model='pci-root'/>
+ <audio id='1' type='none'/>
+ <memballoon model='virtio'>
+ <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0000'/>
+ </memballoon>
+ <panic model='s390'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxmlconfdata/s390x-ccw-acpi.xml b/tests/qemuxmlconfdata/s390x-ccw-acpi.xml
new file mode 100644
index 0000000000..b7be060c66
--- /dev/null
+++ b/tests/qemuxmlconfdata/s390x-ccw-acpi.xml
@@ -0,0 +1,15 @@
+<domain type='qemu'>
+ <name>guest</name>
+ <uuid>1ccfd97d-5eb4-478a-bbe6-88d254c16db7</uuid>
+ <memory>4194304</memory>
+ <vcpu>4</vcpu>
+ <features>
+ <acpi/>
+ </features>
+ <os>
+ <type arch='s390x' machine='s390-ccw-virtio'>hvm</type>
+ </os>
+ <devices>
+ <emulator>/usr/bin/qemu-system-s390x</emulator>
+ </devices>
+</domain>
diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
index a3a399e16c..0f2afad6c4 100644
--- a/tests/qemuxmlconftest.c
+++ b/tests/qemuxmlconftest.c
@@ -1740,7 +1740,23 @@ mymain(void)
DO_TEST_CAPS_LATEST("input-usbmouse");
DO_TEST_CAPS_LATEST("input-usbtablet");
- DO_TEST_CAPS_LATEST("misc-acpi");
+
+ /* tests for ACPI support handling:
+ * - existing positive test cases enabling ACPI for aarch64/x86_64/loongarch:
+ * - firmware-manual-efi-acpi-q35
+ * - firmware-manual-efi-acpi-aarch64
+ * - firmware-auto-efi-loongarch64
+ *
+ * - negative case for aarch64 with 'borzoi' machine not supporting ACPI
+ *
+ * - s390x has hack to strip ACPI to preserve migration of old configs,
+ * but should produce error when ABI_UPDATE is requested
+ */
+ DO_TEST_CAPS_ARCH_LATEST_PARSE_ERROR("aarch64-noacpi-acpi", "aarch64");
+ DO_TEST_CAPS_ARCH_LATEST("riscv64-virt-acpi", "riscv64");
+ DO_TEST_CAPS_ARCH_LATEST("s390x-ccw-acpi", "s390x");
+ DO_TEST_CAPS_ARCH_LATEST_ABI_UPDATE_PARSE_ERROR("s390x-ccw-acpi", "s390x");
+
DO_TEST_CAPS_LATEST("misc-disable-s3");
DO_TEST_CAPS_LATEST("misc-disable-suspends");
DO_TEST_CAPS_LATEST("misc-enable-s4");
--
2.46.0

46
libvirt-tests-qemuxmlconf-adjust-test-case-to-new-virtiofsd.patch
View File

@ -1,46 +0,0 @@
From fa4a66a178829bcd66ae91732204540111fa9e7b Mon Sep 17 00:00:00 2001
Message-ID: <fa4a66a178829bcd66ae91732204540111fa9e7b.1720800605.git.jdenemar@redhat.com>
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
Date: Thu, 4 Jul 2024 15:54:27 +0200
Subject: [PATCH] tests: qemuxmlconf: adjust test case to new virtiofsd
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Now that we have a fake virtiofsd json descriptor in our vhost-user
test data, we can remove the explicitly specified binary and our
mocking will ensure this test won't be affected by the host state.
Also remove the locking options, since they were never supported
by the Rust version of virtiofsd.
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 132bf6d89b0eb744db6255e18494b493bd998d1d)
https://issues.redhat.com/browse/RHEL-7108
https://issues.redhat.com/browse/RHEL-40135
Signed-off-by: Ján Tomko <jtomko@redhat.com>
---
tests/qemuxmlconfdata/vhost-user-fs-fd-memory.xml | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/tests/qemuxmlconfdata/vhost-user-fs-fd-memory.xml b/tests/qemuxmlconfdata/vhost-user-fs-fd-memory.xml
index 1d0bc26c46..b0b1b44081 100644
--- a/tests/qemuxmlconfdata/vhost-user-fs-fd-memory.xml
+++ b/tests/qemuxmlconfdata/vhost-user-fs-fd-memory.xml
@@ -28,10 +28,9 @@
<controller type='pci' index='0' model='pci-root'/>
<filesystem type='mount' accessmode='passthrough'>
<driver type='virtiofs' queue='1024'/>
- <binary path='/usr/libexec/virtiofsd' xattr='on'>
+ <binary xattr='on'>
<cache mode='always'/>
<sandbox mode='chroot'/>
- <lock posix='off' flock='off'/>
<thread_pool size='16'/>
</binary>
<idmap>
--
2.45.2

69
libvirt-tests-vhostuser-add-virtiofsd-json-descriptor.patch
View File

@ -1,69 +0,0 @@
From d0bdafd019e0071149e5bc294389386c789a66bd Mon Sep 17 00:00:00 2001
Message-ID: <d0bdafd019e0071149e5bc294389386c789a66bd.1720800605.git.jdenemar@redhat.com>
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
Date: Thu, 4 Jul 2024 15:54:26 +0200
Subject: [PATCH] tests: vhostuser: add virtiofsd json descriptor
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Add the capabilities from the latest virtiofsd main branch and adjust
the order in the priority test accordingly.
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit f64e658df04e9cf5b99fbe5c846ba3478e13d826)
https://issues.redhat.com/browse/RHEL-7108
https://issues.redhat.com/browse/RHEL-40135
Signed-off-by: Ján Tomko <jtomko@redhat.com>
---
.../usr/libexec/qemu/vhost-user/test-virtiofsd | 10 ++++++++++
.../usr/share/qemu/vhost-user/50-qemu-virtiofsd.json | 5 +++++
tests/qemuvhostusertest.c | 1 +
3 files changed, 16 insertions(+)
create mode 100755 tests/qemuvhostuserdata/usr/libexec/qemu/vhost-user/test-virtiofsd
create mode 100644 tests/qemuvhostuserdata/usr/share/qemu/vhost-user/50-qemu-virtiofsd.json
diff --git a/tests/qemuvhostuserdata/usr/libexec/qemu/vhost-user/test-virtiofsd b/tests/qemuvhostuserdata/usr/libexec/qemu/vhost-user/test-virtiofsd
new file mode 100755
index 0000000000..90b38187c9
--- /dev/null
+++ b/tests/qemuvhostuserdata/usr/libexec/qemu/vhost-user/test-virtiofsd
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+cat <<EOF
+{
+ "type": "fs",
+ "features": [
+ "migrate-precopy"
+ ]
+}
+EOF
diff --git a/tests/qemuvhostuserdata/usr/share/qemu/vhost-user/50-qemu-virtiofsd.json b/tests/qemuvhostuserdata/usr/share/qemu/vhost-user/50-qemu-virtiofsd.json
new file mode 100644
index 0000000000..b908bc6b30
--- /dev/null
+++ b/tests/qemuvhostuserdata/usr/share/qemu/vhost-user/50-qemu-virtiofsd.json
@@ -0,0 +1,5 @@
+{
+ "description": "virtiofsd vhost-user-fs",
+ "type": "fs",
+ "binary": "/usr/libexec/qemu/vhost-user/test-vhost-user-gpu"
+}
diff --git a/tests/qemuvhostusertest.c b/tests/qemuvhostusertest.c
index 4bbad94f74..1f8553fc2d 100644
--- a/tests/qemuvhostusertest.c
+++ b/tests/qemuvhostusertest.c
@@ -60,6 +60,7 @@ testVUPrecedence(const void *opaque G_GNUC_UNUSED)
const char *expected[] = {
PREFIX "/share/qemu/vhost-user/30-gpu.json",
SYSCONFDIR "/qemu/vhost-user/40-gpu.json",
+ PREFIX "/share/qemu/vhost-user/50-qemu-virtiofsd.json",
PREFIX "/share/qemu/vhost-user/60-gpu.json",
NULL
};
--
2.45.2

85
libvirt-virt-host-validate-Allow-longer-list-of-CPU-flags.patch
View File

@ -1,85 +0,0 @@
From f122faf68c4921d44b98700209766cae7507deec Mon Sep 17 00:00:00 2001
Message-ID: <f122faf68c4921d44b98700209766cae7507deec.1721740702.git.jdenemar@redhat.com>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 23 Jul 2024 10:31:27 +0200
Subject: [PATCH] virt-host-validate: Allow longer list of CPU flags
On various occasions, virt-host-validate parses /proc/cpuinfo to
learn about CPU flags (see virHostValidateGetCPUFlags()). It does
so, by reading the file line by line until the line with CPU
flags is reached. Then the line is split into individual flags
(using space as a delimiter) and the list of flags is then
iterated over.
This works, except for cases when the line with CPU flags is too
long. Problem is - the line is capped at 1024 bytes and on newer
CPUs (and newer kernels), the line can be significantly longer.
I've seen a line that's ~1200 characters long (with 164 flags
reported).
Switch to unbounded read from the file (getline()).
Resolves: https://issues.redhat.com/browse/RHEL-39969
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit e5232f6fd691668decd5be1b3a76cdbd3666d032)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
tools/virt-host-validate-common.c | 18 +++++++-----------
1 file changed, 7 insertions(+), 11 deletions(-)
diff --git a/tools/virt-host-validate-common.c b/tools/virt-host-validate-common.c
index 591143c24d..63cc3dbe7b 100644
--- a/tools/virt-host-validate-common.c
+++ b/tools/virt-host-validate-common.c
@@ -106,21 +106,19 @@ virBitmap *virHostValidateGetCPUFlags(void)
{
FILE *fp;
virBitmap *flags = NULL;
+ g_autofree char *line = NULL;
+ size_t linelen = 0;
if (!(fp = fopen("/proc/cpuinfo", "r")))
return NULL;
flags = virBitmapNew(VIR_HOST_VALIDATE_CPU_FLAG_LAST);
- do {
- char line[1024];
+ while (getline(&line, &linelen, fp) > 0) {
char *start;
g_auto(GStrv) tokens = NULL;
GStrv next;
- if (!fgets(line, sizeof(line), fp))
- break;
-
/* The line we're interested in is marked differently depending
* on the architecture, so check possible prefixes */
if (!STRPREFIX(line, "flags") &&
@@ -129,11 +127,9 @@ virBitmap *virHostValidateGetCPUFlags(void)
!STRPREFIX(line, "facilities"))
continue;
- /* fgets() includes the trailing newline in the output buffer,
- * so we need to clean that up ourselves. We can safely access
- * line[strlen(line) - 1] because the checks above would cause
- * us to skip empty strings */
- line[strlen(line) - 1] = '\0';
+ /* getline() may include the trailing newline in the output
+ * buffer, so we need to clean that up ourselves. */
+ virStringTrimOptionalNewline(line);
/* Skip to the separator */
if (!(start = strchr(line, ':')))
@@ -153,7 +149,7 @@ virBitmap *virHostValidateGetCPUFlags(void)
if ((value = virHostValidateCPUFlagTypeFromString(*next)) >= 0)
ignore_value(virBitmapSetBit(flags, value));
}
- } while (1);
+ }
VIR_FORCE_FCLOSE(fp);
--
2.45.2

46
libvirt-virt-host-validate-Drop-extra-PASS.patch
View File

@ -1,46 +0,0 @@
From d1d455fe81027fee79666b3af2551e98b68b619b Mon Sep 17 00:00:00 2001
Message-ID: <d1d455fe81027fee79666b3af2551e98b68b619b.1720800605.git.jdenemar@redhat.com>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Thu, 11 Jul 2024 09:32:40 +0200
Subject: [PATCH] virt-host-validate: Drop extra "PASS"
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
If virt-host-validate is ran on a SEV-SNP capable machine, an
extra "PASS" is printed out. This is because
virHostValidateAMDSev() prints "PASS" and then returns 1
(indicating success) which in turn makes the caller
(virHostValidateSecureGuests()) print "PASS" again. Just drop the
extra printing in the caller and let virHostValidateAMDSev() do
all the printing.
Fixes: 1a8f646f291775d2423ce4e4df62ad69f06ab827
Resolves: https://issues.redhat.com/browse/RHEL-46868
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit c9fa43c48cdb1b8505929e3287975445f3004f32)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
tools/virt-host-validate-common.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/tools/virt-host-validate-common.c b/tools/virt-host-validate-common.c
index a29a5b6d5f..591143c24d 100644
--- a/tools/virt-host-validate-common.c
+++ b/tools/virt-host-validate-common.c
@@ -488,11 +488,7 @@ int virHostValidateSecureGuests(const char *hvname,
return VIR_VALIDATE_FAILURE(level);
}
} else if (hasAMDSev) {
- int rc = virHostValidateAMDSev(hvname, level);
-
- if (rc > 0)
- virValidatePass();
- return rc;
+ return virHostValidateAMDSev(hvname, level);
}
virValidateFail(level,
--
2.45.2

97
libvirt-vmx-Be-even-more-lax-when-trying-to-comprehend-serial-ports.patch
View File

@ -1,97 +0,0 @@
From b65fb6c87242f9bdb55821217da941c33ec245d5 Mon Sep 17 00:00:00 2001
Message-ID: <b65fb6c87242f9bdb55821217da941c33ec245d5.1721637067.git.jdenemar@redhat.com>
From: Martin Kletzander <mkletzan@redhat.com>
Date: Fri, 12 Jul 2024 10:36:37 +0200
Subject: [PATCH] vmx: Be even more lax when trying to comprehend serial ports
So much can happen in the fileName field of the VMX that the easiest
thing is to silently report a serial type="null".
This effectively reverts commits de81bdb8d4cd and 62c53db0421a, but
keeps the test files to show the fix is still in place.
There is one instance where an error gets reset, but since that is a
rare case on its own and on top of that does not happen in any of our
long-running daemons with a logfile that might get monitored it should
be fine to leave it there.
Resolves: https://issues.redhat.com/browse/RHEL-32182
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 239669049d9904e5e8da2d8b2a38d4d927a167e9)
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
---
src/vmx/vmx.c | 30 +++++++++++++-----------------
1 file changed, 13 insertions(+), 17 deletions(-)
diff --git a/src/vmx/vmx.c b/src/vmx/vmx.c
index e5bc2d793c..227744d062 100644
--- a/src/vmx/vmx.c
+++ b/src/vmx/vmx.c
@@ -2975,9 +2975,6 @@ virVMXParseSerial(virVMXContext *ctx, virConf *conf, int port,
char fileName_name[48] = "";
g_autofree char *fileName = NULL;
- char vspc_name[48] = "";
- g_autofree char *vspc = NULL;
-
char network_endPoint_name[48] = "";
g_autofree char *network_endPoint = NULL;
@@ -3000,7 +2997,6 @@ virVMXParseSerial(virVMXContext *ctx, virConf *conf, int port,
VMX_BUILD_NAME(startConnected);
VMX_BUILD_NAME(fileType);
VMX_BUILD_NAME(fileName);
- VMX_BUILD_NAME(vspc);
VMX_BUILD_NAME_EXTRA(network_endPoint, "network.endPoint");
/* vmx:present */
@@ -3030,10 +3026,6 @@ virVMXParseSerial(virVMXContext *ctx, virConf *conf, int port,
if (virVMXGetConfigString(conf, fileName_name, &fileName, true) < 0)
goto cleanup;
- /* vmx:fileName -> def:data.file.path */
- if (virVMXGetConfigString(conf, vspc_name, &vspc, true) < 0)
- goto cleanup;
-
/* vmx:network.endPoint -> def:data.tcp.listen */
if (virVMXGetConfigString(conf, network_endPoint_name, &network_endPoint,
true) < 0) {
@@ -3065,21 +3057,25 @@ virVMXParseSerial(virVMXContext *ctx, virConf *conf, int port,
(*def)->target.port = port;
(*def)->source->type = VIR_DOMAIN_CHR_TYPE_PIPE;
(*def)->source->data.file.path = g_steal_pointer(&fileName);
- } else if (STRCASEEQ(fileType, "network") && (vspc || !fileName || STREQ(fileName, ""))) {
- (*def)->target.port = port;
- (*def)->source->type = VIR_DOMAIN_CHR_TYPE_NULL;
} else if (STRCASEEQ(fileType, "network")) {
(*def)->target.port = port;
(*def)->source->type = VIR_DOMAIN_CHR_TYPE_TCP;
- if (!(parsedUri = virURIParse(fileName)))
- goto cleanup;
+ if (!(parsedUri = virURIParse(fileName))) {
+ /*
+ * Ignore anything we cannot parse since there are many variations
+ * that could lead to unusable or non-representable serial ports
+ * which are very commonly seen and the main consumer of this driver
+ * (virt-v2v) ignores them anyway, so let's at least not error out.
+ */
+ virResetLastError();
+ (*def)->source->type = VIR_DOMAIN_CHR_TYPE_NULL;
+ return 0;
+ }
if (parsedUri->port == 0) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("VMX entry '%1$s' doesn't contain a port part"),
- fileName_name);
- goto cleanup;
+ (*def)->source->type = VIR_DOMAIN_CHR_TYPE_NULL;
+ return 0;
}
(*def)->source->data.tcp.host = g_strdup(parsedUri->server);
--
2.45.2

171
libvirt-vmx-Do-not-require-all-ID-data-for-VMWare-Distributed-Switch.patch
View File

@ -1,171 +0,0 @@
From 945895b9af739a93690b1771e0e604b3a23fb7e0 Mon Sep 17 00:00:00 2001
Message-ID: <945895b9af739a93690b1771e0e604b3a23fb7e0.1720800605.git.jdenemar@redhat.com>
From: Martin Kletzander <mkletzan@redhat.com>
Date: Mon, 8 Jul 2024 13:04:13 +0200
Subject: [PATCH] vmx: Do not require all ID data for VMWare Distributed Switch
Similarly to commit 2482801608b8 we can safely ignore connectionId,
portId and portgroupId in both XML and VMX as they are only a blind
pass-through between XML and VMX and an ethernet without such parameters
was spotted in the wild. On top of that even our documentation says the
whole VMWare Distrubuted Switch configuration is a best-effort.
Resolves: https://issues.redhat.com/browse/RHEL-46099
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit db622081e0fa55b481da1fc7fb81279224a60f88)
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
---
src/conf/domain_conf.c | 11 ++++-----
src/conf/schemas/domaincommon.rng | 24 ++++++++++++-------
src/vmx/vmx.c | 24 ++++++++++++-------
...-portid.vmx => ethernet-vds-no-params.vmx} | 2 --
...-portid.xml => ethernet-vds-no-params.xml} | 2 +-
5 files changed, 37 insertions(+), 26 deletions(-)
rename tests/vmx2xmldata/{ethernet-vds-no-portid.vmx => ethernet-vds-no-params.vmx} (76%)
rename tests/vmx2xmldata/{ethernet-vds-no-portid.xml => ethernet-vds-no-params.xml} (82%)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index cb1154b23f..8a3c63b1fc 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -9576,15 +9576,14 @@ virDomainNetDefParseXML(virDomainXMLOption *xmlopt,
def->data.vds.switch_id) < 0)
return NULL;
- if (virXMLPropLongLong(source_node, "portid", 0, VIR_XML_PROP_REQUIRED,
- &def->data.vds.port_id, def->data.vds.port_id) < 0)
+ if (virXMLPropLongLong(source_node, "portid", 0, VIR_XML_PROP_NONE,
+ &def->data.vds.port_id, 0) < 0)
return NULL;
- if (!(def->data.vds.portgroup_id = virXMLPropStringRequired(source_node, "portgroupid")))
- return NULL;
+ def->data.vds.portgroup_id = virXMLPropString(source_node, "portgroupid");
- if (virXMLPropLongLong(source_node, "connectionid", 0, VIR_XML_PROP_REQUIRED,
- &def->data.vds.connection_id, def->data.vds.connection_id) < 0)
+ if (virXMLPropLongLong(source_node, "connectionid", 0, VIR_XML_PROP_NONE,
+ &def->data.vds.connection_id, 0) < 0)
return NULL;
break;
diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng
index 844a931deb..51572f3e70 100644
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@@ -3684,15 +3684,21 @@
<attribute name="switchid">
<ref name="UUID"/>
</attribute>
- <attribute name="portid">
- <data type="long"/>
- </attribute>
- <attribute name="portgroupid">
- <data type="string"/>
- </attribute>
- <attribute name="connectionid">
- <data type="long"/>
- </attribute>
+ <optional>
+ <attribute name="portid">
+ <data type="long"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="portgroupid">
+ <data type="string"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="connectionid">
+ <data type="long"/>
+ </attribute>
+ </optional>
</element>
<ref name="interface-options"/>
</interleave>
diff --git a/src/vmx/vmx.c b/src/vmx/vmx.c
index d082a07660..e5bc2d793c 100644
--- a/src/vmx/vmx.c
+++ b/src/vmx/vmx.c
@@ -2896,7 +2896,7 @@ virVMXParseEthernet(virConf *conf, int controller, virDomainNetDef **def)
if (virVMXGetConfigString(conf,
portgroupId_name,
&(*def)->data.vds.portgroup_id,
- false) < 0 ||
+ true) < 0 ||
virVMXGetConfigLong(conf,
portId_name,
&(*def)->data.vds.port_id,
@@ -2906,7 +2906,7 @@ virVMXParseEthernet(virConf *conf, int controller, virDomainNetDef **def)
connectionId_name,
&(*def)->data.vds.connection_id,
0,
- false) < 0)
+ true) < 0)
goto cleanup;
} else if (connectionType == NULL && networkName == NULL) {
(*def)->type = VIR_DOMAIN_NET_TYPE_NULL;
@@ -4038,14 +4038,22 @@ virVMXFormatEthernet(virDomainNetDef *def, int controller,
uuid[5], uuid[6], uuid[7], uuid[8], uuid[9], uuid[10],
uuid[11], uuid[12], uuid[13], uuid[14], uuid[15]);
- virBufferAsprintf(buffer, "ethernet%d.dvs.portId = \"%lld\"\n",
- controller, def->data.vds.port_id);
+ if (def->data.vds.port_id) {
+ virBufferAsprintf(buffer, "ethernet%d.dvs.portId = \"%lld\"\n",
+ controller, def->data.vds.port_id);
+ }
+
+ if (def->data.vds.portgroup_id) {
+ virBufferAsprintf(buffer, "ethernet%d.dvs.", controller);
+ virBufferEscapeString(buffer, "portgroupId = \"%s\"\n",
+ def->data.vds.portgroup_id);
+ }
- virBufferAsprintf(buffer, "ethernet%d.dvs.", controller);
- virBufferEscapeString(buffer, "portgroupId = \"%s\"\n", def->data.vds.portgroup_id);
+ if (def->data.vds.connection_id) {
+ virBufferAsprintf(buffer, "ethernet%d.dvs.connectionId = \"%lld\"\n",
+ controller, def->data.vds.connection_id);
+ }
- virBufferAsprintf(buffer, "ethernet%d.dvs.connectionId = \"%lld\"\n",
- controller, def->data.vds.connection_id);
break;
}
diff --git a/tests/vmx2xmldata/ethernet-vds-no-portid.vmx b/tests/vmx2xmldata/ethernet-vds-no-params.vmx
similarity index 76%
rename from tests/vmx2xmldata/ethernet-vds-no-portid.vmx
rename to tests/vmx2xmldata/ethernet-vds-no-params.vmx
index 7761accb3a..90afbdac30 100644
--- a/tests/vmx2xmldata/ethernet-vds-no-portid.vmx
+++ b/tests/vmx2xmldata/ethernet-vds-no-params.vmx
@@ -5,6 +5,4 @@ ethernet0.virtualDev = "e1000e"
ethernet0.addressType = "vpx"
ethernet0.generatedAddress = "00:50:56:87:65:43"
ethernet0.dvs.switchId = "50 34 26 b2 94 e9 3b 16-1d 68 87 bf ff 4a 54 40"
-ethernet0.dvs.portgroupId = "dvportgroup-1285"
-ethernet0.dvs.connectionId = "408217997"
displayName = "test"
diff --git a/tests/vmx2xmldata/ethernet-vds-no-portid.xml b/tests/vmx2xmldata/ethernet-vds-no-params.xml
similarity index 82%
rename from tests/vmx2xmldata/ethernet-vds-no-portid.xml
rename to tests/vmx2xmldata/ethernet-vds-no-params.xml
index 60fd9c99fe..0011ba471a 100644
--- a/tests/vmx2xmldata/ethernet-vds-no-portid.xml
+++ b/tests/vmx2xmldata/ethernet-vds-no-params.xml
@@ -14,7 +14,7 @@
<devices>
<interface type='vds'>
<mac address='00:50:56:87:65:43' type='generated'/>
- <source switchid='503426b2-94e9-3b16-1d68-87bfff4a5440' portid='0' portgroupid='dvportgroup-1285' connectionid='408217997'/>
+ <source switchid='503426b2-94e9-3b16-1d68-87bfff4a5440'/>
<model type='e1000e'/>
</interface>
<video>
--
2.45.2

43
libvirt-vsh-Allow-vshReadlineInit-to-be-called-multiple-times.patch
View File

@ -1,43 +0,0 @@
From b7ffa3df0ad680739fce603ba0e6d83d743f193b Mon Sep 17 00:00:00 2001
Message-ID: <b7ffa3df0ad680739fce603ba0e6d83d743f193b.1723213495.git.jdenemar@redhat.com>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Thu, 8 Aug 2024 14:21:20 +0200
Subject: [PATCH] vsh: Allow vshReadlineInit() to be called multiple times
Thing about vshReadlineInit() is - it's called multiple times.
The first time from vshInit(), when @ctl was filled only
partially (most notably, before any argv parsing is done, hence
ctl->imode is set to false). The second time after argv parsing,
from virshInit() -> vshInitReload(). In here, ctl->imode might
have changed and thus vshReadlineInit() can't exit early - it
needs to set up stuff for interactive mode (history basically).
To allow vshReadlineInit() to be called again,
vshReadlineDeinit() must set @autoCompleteOpaque to NULL.
Fixes: cab1e71f0161fd24c5d6ff4c379d3a242ea8c2d9
Resolves: https://issues.redhat.com/browse/RHEL-53560
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit 18fd4899f3ddd8873842ab24cf39bf51b1bf3a02)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
tools/vsh.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/tools/vsh.c b/tools/vsh.c
index 9fbb1f9349..5f5e2f281d 100644
--- a/tools/vsh.c
+++ b/tools/vsh.c
@@ -3040,6 +3040,9 @@ vshReadlineDeinit(vshControl *ctl)
g_clear_pointer(&ctl->historydir, g_free);
g_clear_pointer(&ctl->historyfile, g_free);
+
+ /* Allow vshReadlineInit() to be called again. */
+ autoCompleteOpaque = NULL;
}
char *
--
2.46.0

52
libvirt.spec
View File

@ -6,7 +6,7 @@
%define min_rhel 8 %define min_rhel 8
%define min_fedora 37 %define min_fedora 37
%define arches_qemu_kvm %{ix86} x86_64 %{power64} %{arm} aarch64 s390x %define arches_qemu_kvm %{ix86} x86_64 %{power64} %{arm} aarch64 s390x riscv64
%if 0%{?rhel} %if 0%{?rhel}
%if 0%{?rhel} > 8 %if 0%{?rhel} > 8
%define arches_qemu_kvm x86_64 aarch64 s390x %define arches_qemu_kvm x86_64 aarch64 s390x
@ -292,8 +292,8 @@
Summary: Library providing a simple virtualization API Summary: Library providing a simple virtualization API
Name: libvirt Name: libvirt
Version: 10.5.0 Version: 10.8.0
Release: 5%{?dist}%{?extra_release}.alma.1 Release: 2%{?dist}%{?extra_release}.alma.1
License: GPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND OFL-1.1 License: GPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND OFL-1.1
URL: https://libvirt.org/ URL: https://libvirt.org/
@ -301,20 +301,11 @@ URL: https://libvirt.org/
%define mainturl stable_updates/ %define mainturl stable_updates/
%endif %endif
Source: https://download.libvirt.org/%{?mainturl}libvirt-%{version}.tar.xz Source: https://download.libvirt.org/%{?mainturl}libvirt-%{version}.tar.xz
Patch1: libvirt-vmx-Do-not-require-all-ID-data-for-VMWare-Distributed-Switch.patch Patch1: libvirt-Revert-network-un-set-the-firewalld-zone-while-shutting-down-a-network.patch
Patch2: libvirt-tests-vhostuser-add-virtiofsd-json-descriptor.patch Patch2: libvirt-Revert-network-support-setting-firewalld-zone-for-bridge-device-of-open-networks.patch
Patch3: libvirt-tests-qemuxmlconf-adjust-test-case-to-new-virtiofsd.patch Patch3: libvirt-network-call-network-Add-Remove-FirewallRules-for-forward-mode-open.patch
Patch4: libvirt-qemu-fill-capabilities-for-virtiofsd.patch Patch4: libvirt-network-a-different-way-of-supporting-firewalld-zone-for-mode-open-networks.patch
Patch5: libvirt-qemu-do-not-use-deprecated-options-for-new-virtiofsd.patch Patch5: libvirt-network-a-different-implementation-of-un-setting-firewalld-zone-when-network-is-destroyed.patch
Patch6: libvirt-qemu-migration-allow-migration-for-virtiofs.patch
Patch7: libvirt-virt-host-validate-Drop-extra-PASS.patch
Patch8: libvirt-qemu-Don-t-leave-beingDestroyed-true-on-inactive-domain.patch
Patch9: libvirt-vmx-Be-even-more-lax-when-trying-to-comprehend-serial-ports.patch
Patch10: libvirt-virt-host-validate-Allow-longer-list-of-CPU-flags.patch
Patch11: libvirt-qemu-virtiofs-cache-use-never-instead-of-none.patch
Patch12: libvirt-qemu_domain-Strip-acpi-from-s390-x-definitions.patch
Patch13: libvirt-qemuxmlconftest-Add-tests-for-the-ACPI-stripping-hack-on-s390.patch
Patch14: libvirt-vsh-Allow-vshReadlineInit-to-be-called-multiple-times.patch
Requires: libvirt-daemon = %{version}-%{release} Requires: libvirt-daemon = %{version}-%{release}
@ -380,7 +371,7 @@ BuildRequires: libblkid-devel >= 2.17
BuildRequires: augeas BuildRequires: augeas
BuildRequires: systemd-devel >= 185 BuildRequires: systemd-devel >= 185
BuildRequires: libpciaccess-devel >= 0.10.9 BuildRequires: libpciaccess-devel >= 0.10.9
BuildRequires: yajl-devel BuildRequires: json-c-devel
%if %{with_sanlock} %if %{with_sanlock}
BuildRequires: sanlock-devel >= 2.4 BuildRequires: sanlock-devel >= 2.4
%endif %endif
@ -444,12 +435,10 @@ BuildRequires: libcurl-devel
BuildRequires: libwsman-devel >= 2.6.3 BuildRequires: libwsman-devel >= 2.6.3
%endif %endif
BuildRequires: audit-libs-devel BuildRequires: audit-libs-devel
# we need /usr/sbin/dtrace
BuildRequires: systemtap-sdt-devel BuildRequires: systemtap-sdt-devel
BuildRequires: /usr/bin/dtrace
# For mount/umount in FS driver # For mount/umount in FS driver
BuildRequires: util-linux BuildRequires: util-linux
# For showmount in FS driver (netfs discovery)
BuildRequires: nfs-utils
%if %{with_numad} %if %{with_numad}
BuildRequires: numad BuildRequires: numad
%endif %endif
@ -688,7 +677,7 @@ an implementation of the secret key APIs.
Summary: Storage driver plugin including base backends for the libvirtd daemon Summary: Storage driver plugin including base backends for the libvirtd daemon
Requires: libvirt-daemon-common = %{version}-%{release} Requires: libvirt-daemon-common = %{version}-%{release}
Requires: libvirt-libs = %{version}-%{release} Requires: libvirt-libs = %{version}-%{release}
Requires: nfs-utils Recommends: nfs-utils
# For mkfs # For mkfs
Requires: util-linux Requires: util-linux
# For storage wiping with different algorithms # For storage wiping with different algorithms
@ -1391,7 +1380,7 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/libvirt.spec)
-Dapparmor_profiles=disabled \ -Dapparmor_profiles=disabled \
-Dsecdriver_apparmor=disabled \ -Dsecdriver_apparmor=disabled \
-Dudev=enabled \ -Dudev=enabled \
-Dyajl=enabled \ -Djson_c=enabled \
%{?arg_sanlock} \ %{?arg_sanlock} \
-Dlibpcap=enabled \ -Dlibpcap=enabled \
%{?arg_nbdkit} \ %{?arg_nbdkit} \
@ -1463,6 +1452,7 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/libvirt.spec)
-Dfuse=disabled \ -Dfuse=disabled \
-Dglusterfs=disabled \ -Dglusterfs=disabled \
-Dhost_validate=disabled \ -Dhost_validate=disabled \
-Djson_c=disabled \
-Dlibiscsi=disabled \ -Dlibiscsi=disabled \
-Dnbdkit=disabled \ -Dnbdkit=disabled \
-Dnbdkit_config_default=disabled \ -Dnbdkit_config_default=disabled \
@ -1505,7 +1495,6 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/libvirt.spec)
-Dtests=disabled \ -Dtests=disabled \
-Dudev=disabled \ -Dudev=disabled \
-Dwireshark_dissector=disabled \ -Dwireshark_dissector=disabled \
-Dyajl=disabled \
%{?enable_werror} %{?enable_werror}
%mingw_ninja %mingw_ninja
%endif %endif
@ -2643,9 +2632,22 @@ exit 0
%endif %endif
%changelog %changelog
* Thu Sep 05 2024 Eduard Abdullin <eabdullin@almalinux.org> - 10.5.0-5.alma.1 * Mon Oct 21 2024 Eduard Abdullin <eabdullin@almalinux.org> - 10.8.0-2.alma.1
- Enable building for ppc64le - Enable building for ppc64le
* Thu Oct 10 2024 Jiri Denemark <jdenemar@redhat.com> - 10.8.0-2
- Revert "network: *un*set the firewalld zone while shutting down a network" (RHEL-61752)
- Revert "network: support setting firewalld zone for bridge device of open networks" (RHEL-61752)
- network: call network(Add|Remove)FirewallRules() for forward mode='open' (RHEL-61752)
- network: a different way of supporting firewalld zone for mode='open' networks (RHEL-61752)
- network: a different implementation of *un*setting firewalld zone when network is destroyed (RHEL-61752)
* Tue Oct 1 2024 Jiri Denemark <jdenemar@redhat.com> - 10.8.0-1
- Rebased to libvirt-10.8.0 (RHEL-50577)
- The rebase also fixes the following bugs:
RHEL-45518, RHEL-49607, RHEL-50968, RHEL-52449, RHEL-54235
RHEL-55707, RHEL-55749, RHEL-55769, RHEL-56699
* Fri Aug 9 2024 Jiri Denemark <jdenemar@redhat.com> - 10.5.0-5 * Fri Aug 9 2024 Jiri Denemark <jdenemar@redhat.com> - 10.5.0-5
- Synchronize with libvirt-10.5.0-4.el9 (RHEL-30177) - Synchronize with libvirt-10.5.0-4.el9 (RHEL-30177)
- qemu: virtiofs: cache: use 'never' instead of 'none' - qemu: virtiofs: cache: use 'never' instead of 'none'

2
sources
View File

@ -1 +1 @@
SHA512 (libvirt-10.5.0.tar.xz) = e4976849cff7bdae0b7fda0644490f0ca743efc11c35a2fae45bb0f6f467b85644c1d04d1f3d1b10affdc6d9b8dcc0a3c255e527e0bdd73cdd4d1c81d5c418e7 SHA512 (libvirt-10.8.0.tar.xz) = 4979565015d69d078e532944d1d1cdfbb28e2d5625168a80f7b56a323949cf6072c4b8cfb96b92dbae263ee166d1c514651455389f33c90d04cc615865009eee