From e55513c587b131790cff97ad98ebe7c4be4b1133 Mon Sep 17 00:00:00 2001 From: Jiri Denemark Date: Tue, 4 Jun 2024 13:27:39 +0200 Subject: [PATCH] libvirt-10.4.0-1.el9 - Rebased to libvirt-10.4.0 (RHEL-7489) - The rebase also fixes the following bugs: RHEL-29642, RHEL-30373, RHEL-32182, RHEL-33044, RHEL-33082 RHEL-34615, RHEL-35948, RHEL-36565, RHEL-36721, RHEL-39271 RHEL-39400 Resolves: RHEL-29642, RHEL-30373, RHEL-32182, RHEL-33044, RHEL-33082 Resolves: RHEL-34615, RHEL-35948, RHEL-36565, RHEL-36721, RHEL-39271 Resolves: RHEL-39400, RHEL-7489 --- ...mmand-for-pci-hostdevs-and-ramfb-off.patch | 84 ------------------- ...hang-in-virshtest-read-big-pipe-case.patch | 82 ------------------ ...sh-Don-t-init-history-in-cmdComplete.patch | 83 ------------------ libvirt.spec | 55 ++++++++++-- sources | 2 +- symlinks | 1 + 6 files changed, 48 insertions(+), 259 deletions(-) delete mode 100644 libvirt-qemu-fix-qemu-command-for-pci-hostdevs-and-ramfb-off.patch delete mode 100644 libvirt-tests-fix-hang-in-virshtest-read-big-pipe-case.patch delete mode 100644 libvirt-vsh-Don-t-init-history-in-cmdComplete.patch diff --git a/libvirt-qemu-fix-qemu-command-for-pci-hostdevs-and-ramfb-off.patch b/libvirt-qemu-fix-qemu-command-for-pci-hostdevs-and-ramfb-off.patch deleted file mode 100644 index 1a8c59f..0000000 --- a/libvirt-qemu-fix-qemu-command-for-pci-hostdevs-and-ramfb-off.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 36089ebf38b3ffa68af41c7bb0b5d3d49c0c9b14 Mon Sep 17 00:00:00 2001 -Message-ID: <36089ebf38b3ffa68af41c7bb0b5d3d49c0c9b14.1716796433.git.jdenemar@redhat.com> -From: Jonathon Jongsma -Date: Thu, 16 May 2024 16:46:04 -0500 -Subject: [PATCH] qemu: fix qemu command for pci hostdevs and ramfb='off' - -There was no test for this and we mistakenly used 'B' rather than 'T' -when constructing the json value for this parameter. Thus, a value of -'off' was VIR_TRISTATE_SWITCH_OFF=2, which was translated to a boolean -value of 'true'. - -Signed-off-by: Jonathon Jongsma -Reviewed-by: Peter Krempa -(cherry picked from commit 7c8e606b64c73ca56d7134cb16d01257f39c53ef) - -https://issues.redhat.com/browse/RHEL-28808 - -Signed-off-by: Jiri Denemark ---- - src/qemu/qemu_command.c | 2 +- - .../hostdev-pci-display-ramfb.x86_64-latest.args | 1 + - .../hostdev-pci-display-ramfb.x86_64-latest.xml | 6 ++++++ - tests/qemuxmlconfdata/hostdev-pci-display-ramfb.xml | 5 +++++ - 4 files changed, 13 insertions(+), 1 deletion(-) - -diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c -index 8d4442c360..d614884fa4 100644 ---- a/src/qemu/qemu_command.c -+++ b/src/qemu/qemu_command.c -@@ -4777,7 +4777,7 @@ qemuBuildPCIHostdevDevProps(const virDomainDef *def, - "p:bootindex", dev->info->effectiveBootIndex, - "S:failover_pair_id", failover_pair_id, - "S:display", qemuOnOffAuto(pcisrc->display), -- "B:ramfb", pcisrc->ramfb, -+ "T:ramfb", pcisrc->ramfb, - NULL) < 0) - return NULL; - -diff --git a/tests/qemuxmlconfdata/hostdev-pci-display-ramfb.x86_64-latest.args b/tests/qemuxmlconfdata/hostdev-pci-display-ramfb.x86_64-latest.args -index 6a3bfbe6fb..e6e538ef1c 100644 ---- a/tests/qemuxmlconfdata/hostdev-pci-display-ramfb.x86_64-latest.args -+++ b/tests/qemuxmlconfdata/hostdev-pci-display-ramfb.x86_64-latest.args -@@ -29,5 +29,6 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest2/.config \ - -audiodev '{"id":"audio1","driver":"none"}' \ - -vnc 127.0.0.1:0,audiodev=audio1 \ - -device '{"driver":"vfio-pci-nohotplug","host":"0000:06:12.5","id":"hostdev0","display":"on","ramfb":true,"bus":"pci.0","addr":"0x2"}' \ -+-device '{"driver":"vfio-pci","host":"0000:06:13.6","id":"hostdev1","display":"off","ramfb":false,"bus":"pci.0","addr":"0x3"}' \ - -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \ - -msg timestamp=on -diff --git a/tests/qemuxmlconfdata/hostdev-pci-display-ramfb.x86_64-latest.xml b/tests/qemuxmlconfdata/hostdev-pci-display-ramfb.x86_64-latest.xml -index 16e8a1dee2..18b9bfb5bf 100644 ---- a/tests/qemuxmlconfdata/hostdev-pci-display-ramfb.x86_64-latest.xml -+++ b/tests/qemuxmlconfdata/hostdev-pci-display-ramfb.x86_64-latest.xml -@@ -39,6 +39,12 @@ - -
- -+ -+ -+
-+ -+
-+ - - - -diff --git a/tests/qemuxmlconfdata/hostdev-pci-display-ramfb.xml b/tests/qemuxmlconfdata/hostdev-pci-display-ramfb.xml -index 39c84da7e1..d263342b1d 100644 ---- a/tests/qemuxmlconfdata/hostdev-pci-display-ramfb.xml -+++ b/tests/qemuxmlconfdata/hostdev-pci-display-ramfb.xml -@@ -25,6 +25,11 @@ -
- - -+ -+ -+
-+ -+ - --- -2.45.1 diff --git a/libvirt-tests-fix-hang-in-virshtest-read-big-pipe-case.patch b/libvirt-tests-fix-hang-in-virshtest-read-big-pipe-case.patch deleted file mode 100644 index 43c126d..0000000 --- a/libvirt-tests-fix-hang-in-virshtest-read-big-pipe-case.patch +++ /dev/null @@ -1,82 +0,0 @@ -From 52de75b7ad95b76d7ddaba12a4d9a0e196d9de64 Mon Sep 17 00:00:00 2001 -Message-ID: <52de75b7ad95b76d7ddaba12a4d9a0e196d9de64.1715249019.git.jdenemar@redhat.com> -From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= -Date: Wed, 8 May 2024 11:50:09 +0100 -Subject: [PATCH] tests: fix hang in virshtest 'read-big-pipe' case -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The virshtest program testPipeFeeder method is doing this: - - mkfifo("test.fifo", 0600) ; - - int fd = open("test.fifo", O_RDWR); - - char buf[...]; - memset(buf, 'a', sizeof(buf)); - write(fd, buf, sizeof(buf)) == sizeof(buf)); - close(fd); - -while the the 'virsh' child process then ends up doing: - - fd = open("test.fifo", O_RDONLY); - read(fd, buf, sizeof(buf)) == sizeof(buf)); - close(fd); - -The 'virsh' code hangs on open() on at least ppc64 and some other -arches. It can be provoked to hang even on x86 by reducing the size of -the buffer. It can be prevented from hanging on ppc64 by increasing the -size of the buffer. - -What is happening is a result of differing page sizes, altering the -overall pipe capacity size, since pipes on linux default to 16 pages -in size and thus have architecture specific capacity when measured -in bytes. - - * On x86, testPipeFeeder opens R+W, tries to write 140kb and - write() blocks because the pipe is full. This gives time for - virsh to start up, and it can open the pipe for O_RDONLY - since testPipeFeeder still has it open for write. Everything - works as intended. - - * On ppc64, testPipeFeeder opens R+W, tries to write 140kb - and write() succeeds because the larger 64kb page size - resulted in greater buffer capacity for the pipe. It thus - quickly closes the pipe, removing the writer, and triggering - discard of all the unread data. Now virsh starts up, tries - to open the pipe for O_RDONLY and blocks waiting for a new - writer to open it, which will never happen. Meson kills - the test after 30 seconds. - - NB, every now & then, it will not block because virsh starts - up quickly enough that testPipeFeeder has not yet closed the - write end of the pipe, giving the illusion of correctness. - -The key flaw here is that it should not have been using O_RDWR -in testPipeFeeder. Synchronization is required such that both -virsh and testPipeFeeder have their respective ends of the pipe -open before any data is sent. This is trivially arranged by -using O_WRONLY in testPipeFeeder. - -Reviewed-by: Andrea Bolognani -Signed-off-by: Daniel P. Berrangé ---- - tests/virshtest.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tests/virshtest.c b/tests/virshtest.c -index a1ae481316..7a7797647c 100644 ---- a/tests/virshtest.c -+++ b/tests/virshtest.c -@@ -145,7 +145,7 @@ testPipeFeeder(void *opaque) - g_autofree char *doc = g_new0(char, emptyspace + xmlsize + 1); - VIR_AUTOCLOSE fd = -1; - -- if ((fd = open(pipepath, O_RDWR)) < 0) { -+ if ((fd = open(pipepath, O_WRONLY)) < 0) { - fprintf(stderr, "\nfailed to open pipe '%s': %s\n", pipepath, g_strerror(errno)); - return; - } --- -2.45.0 diff --git a/libvirt-vsh-Don-t-init-history-in-cmdComplete.patch b/libvirt-vsh-Don-t-init-history-in-cmdComplete.patch deleted file mode 100644 index dc96cd1..0000000 --- a/libvirt-vsh-Don-t-init-history-in-cmdComplete.patch +++ /dev/null @@ -1,83 +0,0 @@ -From 27ea997a202439da94e4d9ae670f355bfe83e81f Mon Sep 17 00:00:00 2001 -Message-ID: <27ea997a202439da94e4d9ae670f355bfe83e81f.1715249019.git.jdenemar@redhat.com> -From: Michal Privoznik -Date: Sat, 4 May 2024 05:12:54 +0200 -Subject: [PATCH] vsh: Don't init history in cmdComplete() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Recent rework of virshtest uncovered a subtle bug that was -dormant in now vsh but before that even in monolithic virsh. - -In vsh.c there's this vshReadlineInit() function that's supposed -to initialize readline library, i.e. set those global rl_* -pointers. But it also initializes history library. Then, when -virsh/virt-admin quits, vshReadlineDeinit() is called which -writes history into a file (ensuring the parent directory -exists). So far no problem. - -Problem arises when cmdComplete() is called (from a bash -completer, for instance). It does not guard call to -vshReadlineInit() with check for interactive shell (and it should -not), but it sets ctl->historyfile which signals to -vshReadlineDeinit() the history should be written. - -Now, no real history is written, because nothing was entered on -the stdin, but the parent directory is created nevertheless. With -recent movement in virshtest.c this means some test cases might -create virsh history file which breaks our promise of not -touching user's data in test suite. - -Resolves: https://bugs.gentoo.org/931109 -Signed-off-by: Michal Privoznik -Reviewed-by: Ján Tomko ---- - tools/vsh.c | 11 ++++++++--- - 1 file changed, 8 insertions(+), 3 deletions(-) - -diff --git a/tools/vsh.c b/tools/vsh.c -index 58855f63ba..e74045c24e 100644 ---- a/tools/vsh.c -+++ b/tools/vsh.c -@@ -2973,7 +2973,7 @@ vshReadlineInit(vshControl *ctl) - const char *quote_characters = "\"'"; - - /* initialize readline stuff only once */ -- if (ctl->historydir) -+ if (autoCompleteOpaque) - return 0; - - /* Opaque data for autocomplete callbacks. */ -@@ -2989,6 +2989,11 @@ vshReadlineInit(vshControl *ctl) - rl_completer_quote_characters = quote_characters; - rl_char_is_quoted_p = vshReadlineCharIsQuoted; - -+ /* Stuff below is needed only for interactive mode. */ -+ if (!ctl->imode) { -+ return 0; -+ } -+ - histsize_env = g_strdup_printf("%s_HISTSIZE", ctl->env_prefix); - - /* Limit the total size of the history buffer */ -@@ -3149,7 +3154,7 @@ vshInit(vshControl *ctl, const vshCmdGrp *groups) - cmdGroups = groups; - - if (vshInitDebug(ctl) < 0 || -- (ctl->imode && vshReadlineInit(ctl) < 0)) -+ vshReadlineInit(ctl) < 0) - return false; - - return true; -@@ -3168,7 +3173,7 @@ vshInitReload(vshControl *ctl) - - if (ctl->imode) - vshReadlineDeinit(ctl); -- if (ctl->imode && vshReadlineInit(ctl) < 0) -+ if (vshReadlineInit(ctl) < 0) - return false; - - return true; --- -2.45.0 diff --git a/libvirt.spec b/libvirt.spec index eda55e6..faa541e 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -205,6 +205,18 @@ %define with_modular_daemons 1 %endif +# Prefer nftables for future OS releases but keep using iptables +# for existing ones +%if 0%{?rhel} >= 10 || 0%{?fedora} >= 41 + %define prefer_nftables 1 + %define firewall_backend_priority nftables,iptables +%else + %define prefer_nftables 0 + %define firewall_backend_priority iptables,nftables +%endif + + + # Force QEMU to run as non-root %define qemu_user qemu %define qemu_group qemu @@ -276,8 +288,8 @@ Summary: Library providing a simple virtualization API Name: libvirt -Version: 10.3.0 -Release: 2%{?dist}%{?extra_release} +Version: 10.4.0 +Release: 1%{?dist}%{?extra_release} License: GPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND OFL-1.1 URL: https://libvirt.org/ @@ -287,10 +299,6 @@ URL: https://libvirt.org/ Source: https://download.libvirt.org/%{?mainturl}libvirt-%{version}.tar.xz Source1: symlinks -Patch1: libvirt-vsh-Don-t-init-history-in-cmdComplete.patch -Patch2: libvirt-tests-fix-hang-in-virshtest-read-big-pipe-case.patch -Patch3: libvirt-qemu-fix-qemu-command-for-pci-hostdevs-and-ramfb-off.patch - Requires: libvirt-daemon = %{version}-%{release} Requires: libvirt-daemon-config-network = %{version}-%{release} Requires: libvirt-daemon-config-nwfilter = %{version}-%{release} @@ -341,7 +349,7 @@ BuildRequires: gcc %if %{with_libxl} BuildRequires: xen-devel %endif -BuildRequires: glib2-devel >= 2.56 +BuildRequires: glib2-devel >= 2.58 BuildRequires: libxml2-devel BuildRequires: readline-devel BuildRequires: pkgconfig(bash-completion) >= 2.0 @@ -361,8 +369,6 @@ BuildRequires: sanlock-devel >= 2.4 BuildRequires: libpcap-devel >= 1.5.0 BuildRequires: libnl3-devel BuildRequires: libselinux-devel -BuildRequires: iptables -BuildRequires: ebtables # For modprobe BuildRequires: kmod BuildRequires: cyrus-sasl-devel @@ -599,7 +605,11 @@ Summary: Network driver plugin for the libvirtd daemon Requires: libvirt-daemon-common = %{version}-%{release} Requires: libvirt-libs = %{version}-%{release} Requires: dnsmasq >= 2.41 + %if %{prefer_nftables} +Requires: nftables + %else Requires: iptables + %endif %description daemon-driver-network The network driver plugin for the libvirtd daemon, providing @@ -820,6 +830,7 @@ Requires: gzip Requires: bzip2 Requires: lzop Requires: xz +Requires: zstd Requires: systemd-container Requires: swtpm-tools %if %{with_numad} @@ -907,6 +918,7 @@ Requires: libvirt-daemon-driver-nodedev = %{version}-%{release} Requires: libvirt-daemon-driver-nwfilter = %{version}-%{release} Requires: libvirt-daemon-driver-secret = %{version}-%{release} Requires: libvirt-daemon-driver-storage = %{version}-%{release} +Requires: libvirt-ssh-proxy = %{version}-%{release} Requires: qemu %description daemon-qemu @@ -935,6 +947,7 @@ Requires: libvirt-daemon-driver-nodedev = %{version}-%{release} Requires: libvirt-daemon-driver-nwfilter = %{version}-%{release} Requires: libvirt-daemon-driver-secret = %{version}-%{release} Requires: libvirt-daemon-driver-storage = %{version}-%{release} +Requires: libvirt-ssh-proxy = %{version}-%{release} Requires: qemu-kvm %description daemon-kvm @@ -1104,6 +1117,13 @@ Requires: libvirt-daemon-driver-network = %{version}-%{release} Libvirt plugin for NSS for translating domain names into IP addresses. %endif +%package ssh-proxy +Summary: Libvirt SSH proxy +Requires: libvirt-libs = %{version}-%{release} + +%description ssh-proxy +Allows SSH into domains via VSOCK without need for network. + %if %{with_mingw32} %package -n mingw32-libvirt Summary: %{summary} @@ -1393,9 +1413,11 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/libvirt.spec) -Dtls_priority=%{tls_priority} \ -Dsysctl_config=enabled \ %{?arg_userfaultfd_sysctl} \ + -Dssh_proxy=enabled \ %{?enable_werror} \ -Dexpensive_tests=enabled \ -Dinit_script=systemd \ + -Dfirewall_backend_priority=%{firewall_backend_priority} \ -Ddocs=enabled \ -Dtests=enabled \ -Drpath=disabled \ @@ -1477,6 +1499,7 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/libvirt.spec) -Dstorage_zfs=disabled \ -Dsysctl_config=disabled \ -Duserfaultfd_sysctl=disabled \ + -Dssh_proxy=disabled \ -Dtests=disabled \ -Dudev=disabled \ -Dwireshark_dissector=disabled \ @@ -2130,6 +2153,9 @@ exit 0 %config(noreplace) %{_sysconfdir}/libvirt/virtnetworkd.conf %{_datadir}/augeas/lenses/virtnetworkd.aug %{_datadir}/augeas/lenses/tests/test_virtnetworkd.aug +%config(noreplace) %{_sysconfdir}/libvirt/network.conf +%{_datadir}/augeas/lenses/libvirtd_network.aug +%{_datadir}/augeas/lenses/tests/test_libvirtd_network.aug %{_unitdir}/virtnetworkd.service %{_unitdir}/virtnetworkd.socket %{_unitdir}/virtnetworkd-ro.socket @@ -2447,6 +2473,10 @@ exit 0 %{_libdir}/libnss_libvirt.so.2 %{_libdir}/libnss_libvirt_guest.so.2 +%files ssh-proxy +%config(noreplace) %{_sysconfdir}/ssh/ssh_config.d/30-libvirt-ssh-proxy.conf +%{_libexecdir}/libvirt-ssh-proxy + %if %{with_lxc} %files login-shell %attr(4750, root, virtlogin) %{_bindir}/virt-login-shell @@ -2609,6 +2639,13 @@ exit 0 %endif %changelog +* Tue Jun 4 2024 Jiri Denemark - 10.4.0-1 +- Rebased to libvirt-10.4.0 (RHEL-7489) +- The rebase also fixes the following bugs: + RHEL-29642, RHEL-30373, RHEL-32182, RHEL-33044, RHEL-33082 + RHEL-34615, RHEL-35948, RHEL-36565, RHEL-36721, RHEL-39271 + RHEL-39400 + * Mon May 27 2024 Jiri Denemark - 10.3.0-2 - qemu: fix qemu command for pci hostdevs and ramfb='off' (RHEL-28808) diff --git a/sources b/sources index c32eb9b..f84031b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (libvirt-10.3.0.tar.xz) = dd2b151a19877e57e11b582b1c11542319f8b7b7cd3d7d51304442aa7d5eb1a8490d2887d340191c3ecc561320ea453773763083364579de0a40ada9c244fc59 +SHA512 (libvirt-10.4.0.tar.xz) = 711be39f3fb831a5073b25a5b02410676147114f3dcf85b24c8505b611a81bf64cf3b95f66908e0dc3a2f3e66e5fc31b2d95db610ea3f1b747a9fd1f52b1ffa7 diff --git a/symlinks b/symlinks index eddb26f..fa69a53 100644 --- a/symlinks +++ b/symlinks @@ -81,6 +81,7 @@ tests/qemustatusxml2xmldata/vcpus-multi-out.xml vcpus-multi-in.xml tests/qemuvhostuserdata/etc/qemu/vhost-user/40-gpu.json ../../../usr/share/qemu/vhost-user/50-gpu.json tests/qemuvhostuserdata/usr/share/qemu/vhost-user/30-gpu.json 50-gpu.json tests/qemuvhostuserdata/usr/share/qemu/vhost-user/60-gpu.json 50-gpu.json +tests/qemuxmlconfdata/aarch64-features-ras.aarch64-latest.xml aarch64-features-ras.xml tests/qemuxmlconfdata/aarch64-gic-default-both.xml aarch64-gic-default.xml tests/qemuxmlconfdata/aarch64-gic-default-v2.xml aarch64-gic-default.xml tests/qemuxmlconfdata/aarch64-gic-default-v3.xml aarch64-gic-default.xml