rpms/libvirt
7
0
Fork 1
Code Issues Pull Requests Releases Activity

import libvirt-9.0.0-10.el9_2

Browse Source
This commit is contained in:
CentOS Sources 2023-05-09 05:17:35 +00:00 committed by Stepan Oksanichenko
parent 96c82c5239
commit ed2a7929e3
102 changed files with 91318 additions and 4448 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/libvirt-8.5.0.tar.xz
SOURCES/libvirt-9.0.0.tar.xz

2
.libvirt.metadata
View File

@ -1 +1 @@
d5fc6173368e7c32cd87d6c8e3c9cfd9d5622860 SOURCES/libvirt-8.5.0.tar.xz
43b6ebfd7dc0ff360e75a89b25012f734c76b653 SOURCES/libvirt-9.0.0.tar.xz

63
SOURCES/libvirt-conf-clarify-some-external-TPM-error-messages.patch Normal file
View File

@ -0,0 +1,63 @@
From 0c35c1c0495a953268719ad83cf2f368ab53018b Mon Sep 17 00:00:00 2001
Message-Id: <0c35c1c0495a953268719ad83cf2f368ab53018b@dist-git>
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
Date: Fri, 20 Jan 2023 12:56:48 +0100
Subject: [PATCH] conf: clarify some external TPM error messages
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Two of the messages referred to 'backend type' when dealing
with the source type and one mentioned the 'client' attribute
from an earlier iteration of the patches, even though the attribute
was later changed to 'connect'.
https://bugzilla.redhat.com/show_bug.cgi?id=2063723
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit 1c7476c8797b7f0d6e8d607f6a42c5bf43441677)
Signed-off-by: Ján Tomko <jtomko@redhat.com>
---
src/conf/domain_conf.c | 4 ++--
src/conf/domain_validate.c | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 45965fa0fa..733399e6da 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -10545,7 +10545,7 @@ virDomainTPMDefParseXML(virDomainXMLOption *xmlopt,
case VIR_DOMAIN_TPM_TYPE_EXTERNAL:
if (!(type = virXPathString("string(./backend/source/@type)", ctxt))) {
virReportError(VIR_ERR_XML_ERROR, "%s",
- _("missing external TPM backend type"));
+ _("missing external TPM backend source type"));
goto error;
}
@@ -10555,7 +10555,7 @@ virDomainTPMDefParseXML(virDomainXMLOption *xmlopt,
def->data.external.source->type = virDomainChrTypeFromString(type);
if (def->data.external.source->type < 0) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
- _("unknown backend type '%s' for external TPM"),
+ _("unknown backend source type '%s' for external TPM"),
type);
goto error;
}
diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index 39d924d4ed..1c13929281 100644
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -2757,7 +2757,7 @@ virDomainTPMDevValidate(const virDomainTPMDef *tpm)
}
if (tpm->data.external.source->data.nix.listen) {
virReportError(VIR_ERR_XML_ERROR, "%s",
- _("only 'client' mode is supported for external TPM device"));
+ _("only 'connect' mode is supported for external TPM device"));
return -1;
}
if (tpm->data.external.source->data.nix.path == NULL) {
--
2.39.1

62
SOURCES/libvirt-docs-Document-TPM-portion-of-domcaps.patch
View File

@ -1,62 +0,0 @@
From b5a226f307b01bb1b58a88c95d29da34c246757f Mon Sep 17 00:00:00 2001
Message-Id: <b5a226f307b01bb1b58a88c95d29da34c246757f@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 12 Jul 2022 16:10:08 +0200
Subject: [PATCH] docs: Document TPM portion of domcaps
Surprisingly, we don't document TPM part of domain capabilities.
Fortunately, the information exposed is pretty much self
explanatory, but we should document it regardless.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
(cherry picked from commit 6a00c565c4d0f0ec970e043ea2686bd30396ed79)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2103119
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
docs/formatdomaincaps.rst | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/docs/formatdomaincaps.rst b/docs/formatdomaincaps.rst
index 933469b2a2..3c425a9a4a 100644
--- a/docs/formatdomaincaps.rst
+++ b/docs/formatdomaincaps.rst
@@ -494,6 +494,35 @@ instance:
``driverType``
Options for the ``type`` attribute of the <filesystem><driver> element.
+TPM device
+^^^^^^^^^^
+
+TPM device capabilities are exposed under the ``tpm`` element. For instance:
+
+::
+
+ <domainCapabilities>
+ ...
+ <devices>
+ <tpm supported='yes'>
+ <enum name='model'>
+ <value>tpm-tis</value>
+ <value>tpm-crb</value>
+ </enum>
+ <enum name='backendModel'>
+ <value>passthrough</value>
+ <value>emulator</value>
+ </enum>
+ </tpm>
+ ...
+ </devices>
+ </domainCapabilities>
+
+``model``
+ Options for the ``model`` attribute of the ``<tpm/>`` element.
+``backendModel``
+ Options for the ``type`` attribute of the ``<tpm><backend/>`` element.
+
Features
~~~~~~~~
--
2.35.1

135
SOURCES/libvirt-docs-Fix-examples-in-virt-qemu-sev-validate-man-page.patch Normal file
View File

@ -0,0 +1,135 @@
From 00ccf9be0bbb96155131cbf199539d9ad2d5ae3d Mon Sep 17 00:00:00 2001
Message-Id: <00ccf9be0bbb96155131cbf199539d9ad2d5ae3d@dist-git>
From: Jim Fehlig <jfehlig@suse.com>
Date: Thu, 2 Feb 2023 11:00:18 -0700
Subject: [PATCH] docs: Fix examples in virt-qemu-sev-validate man page
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Some of the examples refer to virt-dom-sev-validate. Replace them with
the proper name.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 8eb54255ec9fb933902322c4e0ed4b21cb8a5bf4)
https://bugzilla.redhat.com/show_bug.cgi?id=2172347
---
docs/manpages/virt-qemu-sev-validate.rst | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/docs/manpages/virt-qemu-sev-validate.rst b/docs/manpages/virt-qemu-sev-validate.rst
index fcbe84b0ee..9eff387aea 100644
--- a/docs/manpages/virt-qemu-sev-validate.rst
+++ b/docs/manpages/virt-qemu-sev-validate.rst
@@ -257,7 +257,7 @@ Validate the measurement of a SEV guest with direct kernel boot:
::
- # virt-dom-sev-validate \
+ # virt-qemu-sev-validate \
--firmware OVMF.sev.fd \
--kernel vmlinuz-5.11.12 \
--initrd initramfs-5.11.12 \
@@ -273,7 +273,7 @@ Validate the measurement of a SEV-ES SMP guest booting from disk:
::
- # virt-dom-sev-validate \
+ # virt-qemu-sev-validate \
--firmware OVMF.sev.fd \
--num-cpus 2 \
--vmsa-cpu0 vmsa0.bin \
@@ -290,7 +290,7 @@ automatically constructed VMSA:
::
- # virt-dom-sev-validate \
+ # virt-qemu-sev-validate \
--firmware OVMF.sev.fd \
--num-cpus 2 \
--cpu-family 23 \
@@ -308,7 +308,7 @@ inject a disk password on success:
::
- # virt-dom-sev-validate \
+ # virt-qemu-sev-validate \
--loader OVMF.sev.fd \
--tk this-guest-tk.bin \
--measurement Zs2pf19ubFSafpZ2WKkwquXvACx9Wt/BV+eJwQ/taO8jhyIj/F8swFrybR1fZ2ID \
@@ -347,7 +347,7 @@ Validate the measurement of a SEV guest with direct kernel boot:
::
- # virt-dom-sev-validate \
+ # virt-qemu-sev-validate \
--connect qemu+ssh://root@some.remote.host/system \
--firmware OVMF.sev.fd \
--kernel vmlinuz-5.11.12 \
@@ -360,7 +360,7 @@ Validate the measurement of a SEV-ES SMP guest booting from disk:
::
- # virt-dom-sev-validate \
+ # virt-qemu-sev-validate \
--connect qemu+ssh://root@some.remote.host/system \
--firmware OVMF.sev.fd \
--num-cpus 2 \
@@ -374,7 +374,7 @@ automatically constructed VMSA:
::
- # virt-dom-sev-validate \
+ # virt-qemu-sev-validate \
--connect qemu+ssh://root@some.remote.host/system \
--firmware OVMF.sev.fd \
--cpu-family 23 \
@@ -388,7 +388,7 @@ inject a disk password on success:
::
- # virt-dom-sev-validate \
+ # virt-qemu-sev-validate \
--connect qemu+ssh://root@some.remote.host/system \
--loader OVMF.sev.fd \
--tk this-guest-tk.bin \
@@ -419,7 +419,7 @@ Validate the measurement of a SEV guest with direct kernel boot:
::
- # virt-dom-sev-validate \
+ # virt-qemu-sev-validate \
--insecure \
--tk this-guest-tk.bin \
--domain fedora34x86_64
@@ -428,7 +428,7 @@ Validate the measurement of a SEV-ES SMP guest booting from disk:
::
- # virt-dom-sev-validate \
+ # virt-qemu-sev-validate \
--insecure \
--vmsa-cpu0 vmsa0.bin \
--vmsa-cpu1 vmsa1.bin \
@@ -440,7 +440,7 @@ automatically constructed VMSA:
::
- # virt-dom-sev-validate \
+ # virt-qemu-sev-validate \
--insecure \
--tk this-guest-tk.bin \
--domain fedora34x86_64
@@ -450,7 +450,7 @@ inject a disk password on success:
::
- # virt-dom-sev-validate \
+ # virt-qemu-sev-validate \
--insecure \
--tk this-guest-tk.bin \
--domain fedora34x86_64 \
--
2.39.2

53
SOURCES/libvirt-docs-document-correct-cpu-shares-limits-with-both-cgroups-v1-and-v2.patch Normal file
View File

@ -0,0 +1,53 @@
From 31f2edcd7f42cda4173eabad879bfc318c202c9e Mon Sep 17 00:00:00 2001
Message-Id: <31f2edcd7f42cda4173eabad879bfc318c202c9e@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Tue, 17 Jan 2023 10:33:22 +0100
Subject: [PATCH] docs: document correct cpu shares limits with both cgroups v1
and v2
The limits are different with cgroups v1 and v2 but our XML
documentation and virsh manpage mentioned only cgroups v1 limits without
explicitly saying it only applies to cgroups v1.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit ead6e1b00285cbd98e0f0727efb8adcb29ebc1ba)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2037998
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
docs/formatdomain.rst | 2 +-
docs/manpages/virsh.rst | 3 ++-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 490a954745..8fc8aeb928 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -849,7 +849,7 @@ CPU Tuning
There is no unit for the value, it's a relative measure based on the setting
of other VM, e.g. A VM configured with value 2048 will get twice as much CPU
time as a VM configured with value 1024. The value should be in range
- [2, 262144]. :since:`Since 0.9.0`
+ [2, 262144] using cgroups v1, [1, 10000] using cgroups v2. :since:`Since 0.9.0`
``period``
The optional ``period`` element specifies the enforcement interval (unit:
microseconds). Within ``period``, each vCPU of the domain will not be allowed
diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
index 88b7fa1da8..d5b614dc03 100644
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
@@ -4054,7 +4054,8 @@ If *--config* is specified, affect the next start of a persistent guest.
If *--current* is specified, it is equivalent to either *--live* or
*--config*, depending on the current state of the guest.
-``Note``: The cpu_shares parameter has a valid value range of 2-262144.
+``Note``: The cpu_shares parameter has a valid value range of 2-262144
+with cgroups v1, 1-10000 with cgroups v2.
``Note``: The weight and cap parameters are defined only for the
XEN_CREDIT scheduler.
--
2.39.1

47
SOURCES/libvirt-docs-kbase-fix-example-for-SEV-validation.patch Normal file
View File

@ -0,0 +1,47 @@
From 33d57465bc7d0c23c281c4db27fc7eb2ed62b24a Mon Sep 17 00:00:00 2001
Message-Id: <33d57465bc7d0c23c281c4db27fc7eb2ed62b24a@dist-git>
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Thu, 16 Feb 2023 15:51:03 +0000
Subject: [PATCH] docs/kbase: fix example for SEV validation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The offline validation example needs to include the firmware path,
and is also missing line continuation markers.
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 9541ce080a0896411bebb299f47e39112810a648)
https://bugzilla.redhat.com/show_bug.cgi?id=2172347
---
docs/kbase/launch_security_sev.rst | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/docs/kbase/launch_security_sev.rst b/docs/kbase/launch_security_sev.rst
index 7f692af748..f3c8695f73 100644
--- a/docs/kbase/launch_security_sev.rst
+++ b/docs/kbase/launch_security_sev.rst
@@ -465,12 +465,13 @@ scope of this document. Fortunately, libvirt provides a tool that can be used
to perform this validation::
$ virt-qemu-sev-validate \
- --measurement LMnv8i8N2QejezMPkscShF0cyPYCslgUoCxGWRqQuyt0Q0aUjVkH/T6NcmkwZkWp
- --api-major 0
- --api-minor 24
- --build-id 15
- --policy 3
- --tik ${myvmname}_tik.bin
+ --measurement LMnv8i8N2QejezMPkscShF0cyPYCslgUoCxGWRqQuyt0Q0aUjVkH/T6NcmkwZkWp \
+ --api-major 0 \
+ --api-minor 24 \
+ --build-id 15 \
+ --policy 3 \
+ --firmware /path/to/OVMF.sev.fd \
+ --tik ${myvmname}_tik.bin \
--tek ${myvmname}_tek.bin
OK: Looks good to me
--
2.39.2

45
SOURCES/libvirt-docs-refer-to-firmware-instead-of-loader.patch Normal file
View File

@ -0,0 +1,45 @@
From 53d7c205d38497ffb17fcbd81bedf61897ddbc8d Mon Sep 17 00:00:00 2001
Message-Id: <53d7c205d38497ffb17fcbd81bedf61897ddbc8d@dist-git>
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Thu, 16 Feb 2023 14:55:11 +0000
Subject: [PATCH] docs: refer to --firmware instead of --loader
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The --loader syntax was left over from an earlier version of the code
before it was renamed to --firmware.
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 4d3b2d77d014fe4a7a1fa8123b71cc7b41ee5beb)
https://bugzilla.redhat.com/show_bug.cgi?id=2172347
---
docs/manpages/virt-qemu-sev-validate.rst | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/docs/manpages/virt-qemu-sev-validate.rst b/docs/manpages/virt-qemu-sev-validate.rst
index 9eff387aea..b1392e0a50 100644
--- a/docs/manpages/virt-qemu-sev-validate.rst
+++ b/docs/manpages/virt-qemu-sev-validate.rst
@@ -309,7 +309,7 @@ inject a disk password on success:
::
# virt-qemu-sev-validate \
- --loader OVMF.sev.fd \
+ --firmware OVMF.sev.fd \
--tk this-guest-tk.bin \
--measurement Zs2pf19ubFSafpZ2WKkwquXvACx9Wt/BV+eJwQ/taO8jhyIj/F8swFrybR1fZ2ID \
--api-major 0 \
@@ -390,7 +390,7 @@ inject a disk password on success:
# virt-qemu-sev-validate \
--connect qemu+ssh://root@some.remote.host/system \
- --loader OVMF.sev.fd \
+ --firmware OVMF.sev.fd \
--tk this-guest-tk.bin \
--domain fedora34x86_64 \
--disk-password passwd.txt
--
2.39.2

96
SOURCES/libvirt-domain_conf-Format-defaultiothread-more-often.patch
View File

@ -1,96 +0,0 @@
From a39ce54007de67ce6909c1770a7759b09c41bfd6 Mon Sep 17 00:00:00 2001
Message-Id: <a39ce54007de67ce6909c1770a7759b09c41bfd6@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Thu, 7 Jul 2022 16:29:18 +0200
Subject: [PATCH] domain_conf: Format <defaultiothread/> more often
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The <defaultiothread/> element is formatted inside
virDomainDefaultIOThreadDefFormat() which is called only from
virDomainDefIOThreadsFormat() (so that IOThread related stuff is
formatted calling one function). However, when there are no
<iothreadids/> defined (or only autoallocated ones are present),
then the outer formatting function exits early never calling the
<defaultiothread/> formatter.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 24fa7004e47ce86b92bc23c1f2ef9c3d6152c3a8)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2059511
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/conf/domain_conf.c | 46 ++++++++++++++++++++----------------------
1 file changed, 22 insertions(+), 24 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 709ca53790..207a45d9ae 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -27763,40 +27763,38 @@ static void
virDomainDefIOThreadsFormat(virBuffer *buf,
const virDomainDef *def)
{
- g_auto(virBuffer) childrenBuf = VIR_BUFFER_INIT_CHILD(buf);
- size_t i;
-
- if (def->niothreadids == 0)
- return;
+ if (def->niothreadids > 0) {
+ virBufferAsprintf(buf, "<iothreads>%zu</iothreads>\n",
+ def->niothreadids);
+ }
- virBufferAsprintf(buf, "<iothreads>%zu</iothreads>\n",
- def->niothreadids);
+ if (virDomainDefIothreadShouldFormat(def)) {
+ g_auto(virBuffer) childrenBuf = VIR_BUFFER_INIT_CHILD(buf);
+ size_t i;
- if (!virDomainDefIothreadShouldFormat(def))
- return;
+ for (i = 0; i < def->niothreadids; i++) {
+ virDomainIOThreadIDDef *iothread = def->iothreadids[i];
+ g_auto(virBuffer) attrBuf = VIR_BUFFER_INITIALIZER;
- for (i = 0; i < def->niothreadids; i++) {
- virDomainIOThreadIDDef *iothread = def->iothreadids[i];
- g_auto(virBuffer) attrBuf = VIR_BUFFER_INITIALIZER;
+ virBufferAsprintf(&attrBuf, " id='%u'",
+ iothread->iothread_id);
- virBufferAsprintf(&attrBuf, " id='%u'",
- iothread->iothread_id);
+ if (iothread->thread_pool_min >= 0) {
+ virBufferAsprintf(&attrBuf, " thread_pool_min='%d'",
+ iothread->thread_pool_min);
+ }
- if (iothread->thread_pool_min >= 0) {
- virBufferAsprintf(&attrBuf, " thread_pool_min='%d'",
- iothread->thread_pool_min);
- }
+ if (iothread->thread_pool_max >= 0) {
+ virBufferAsprintf(&attrBuf, " thread_pool_max='%d'",
+ iothread->thread_pool_max);
+ }
- if (iothread->thread_pool_max >= 0) {
- virBufferAsprintf(&attrBuf, " thread_pool_max='%d'",
- iothread->thread_pool_max);
+ virXMLFormatElement(&childrenBuf, "iothread", &attrBuf, NULL);
}
- virXMLFormatElement(&childrenBuf, "iothread", &attrBuf, NULL);
+ virXMLFormatElement(buf, "iothreadids", NULL, &childrenBuf);
}
- virXMLFormatElement(buf, "iothreadids", NULL, &childrenBuf);
-
virDomainDefaultIOThreadDefFormat(buf, def);
}
--
2.35.1

61
SOURCES/libvirt-domain_conf-Format-iothread-IDs-more-often.patch
View File

@ -1,61 +0,0 @@
From 711cf329b9847c4d42994389d89a7e7b83c71596 Mon Sep 17 00:00:00 2001
Message-Id: <711cf329b9847c4d42994389d89a7e7b83c71596@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Thu, 7 Jul 2022 16:29:33 +0200
Subject: [PATCH] domain_conf: Format iothread IDs more often
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When formatting IOThreads (in virDomainDefIOThreadsFormat()), we
may only output the number of IOThreads, or the full list of IOThreads too:
<iothreads>4</iothreads>
<iothreadids>
<iothread id='1' thread_pool_max='10'/>
<iothread id='2' thread_pool_min='2' thread_pool_max='10'/>
<iothread id='3'/>
<iothread id='4'/>
</iothreadids>
Now, the deciding factor here is whether those individual
IOThreads were so called 'autofill-ed' or user provided. Well, we
need to take another factor in: if an IOThread has pool size
limit set, then we ought to format the full list.
But how can we get into a situation when a thread is autofilled
(i.e. not provided by user in the XML) and yet it has pool size
limit set? virDomainSetIOThreadParams() is the answer.
Sure, we could also unset the autofill flag whenever a pool size
limit is being set. But this approach allows us to not format
anything if the limits are reset (we don't lose the autofill
information).
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 5aa24958546c94a48fb8f8d6022213ca7c07c8a7)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2059511
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/conf/domain_conf.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 207a45d9ae..fbc285d981 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -27728,7 +27728,9 @@ virDomainDefIothreadShouldFormat(const virDomainDef *def)
size_t i;
for (i = 0; i < def->niothreadids; i++) {
- if (!def->iothreadids[i]->autofill)
+ if (!def->iothreadids[i]->autofill ||
+ def->iothreadids[i]->thread_pool_min >= 0 ||
+ def->iothreadids[i]->thread_pool_max >= 0)
return true;
}
--
2.35.1

50
SOURCES/libvirt-domain_validate-drop-cpu.shares-cgroup-check.patch Normal file
View File

@ -0,0 +1,50 @@
From fbf5f9bce43e19f8827e5cdef0e456b74ccc2f7d Mon Sep 17 00:00:00 2001
Message-Id: <fbf5f9bce43e19f8827e5cdef0e456b74ccc2f7d@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Tue, 17 Jan 2023 10:08:08 +0100
Subject: [PATCH] domain_validate: drop cpu.shares cgroup check
This check is done when VM is defined but doesn't take into account what
cgroups version is currently used on the host system so it doesn't work
correctly.
To make proper check at this point we would have to figure out cgroups
version while defining a VM but that will still not guarantee that the
VM will start correctly in the future as the host may be rebooted with
different cgroups version.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit 38af6497610075e5fe386734b87186731d4c17ac)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2037998
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
src/conf/domain_validate.c | 10 ----------
1 file changed, 10 deletions(-)
diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index 5a9bf20d3f..39d924d4ed 100644
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -1725,16 +1725,6 @@ virDomainDefOSValidate(const virDomainDef *def,
static int
virDomainDefCputuneValidate(const virDomainDef *def)
{
- if (def->cputune.shares > 0 &&
- (def->cputune.shares < VIR_CGROUP_CPU_SHARES_MIN ||
- def->cputune.shares > VIR_CGROUP_CPU_SHARES_MAX)) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
- _("Value of cputune 'shares' must be in range [%llu, %llu]"),
- VIR_CGROUP_CPU_SHARES_MIN,
- VIR_CGROUP_CPU_SHARES_MAX);
- return -1;
- }
-
CPUTUNE_VALIDATE_PERIOD(period);
CPUTUNE_VALIDATE_PERIOD(global_period);
CPUTUNE_VALIDATE_PERIOD(emulator_period);
--
2.39.1

74
SOURCES/libvirt-domcaps-Introduce-TPM-backendVersion.patch
View File

@ -1,74 +0,0 @@
From 266e8c9174249b4d5a53dc8a43a3d7d9481d8b1c Mon Sep 17 00:00:00 2001
Message-Id: <266e8c9174249b4d5a53dc8a43a3d7d9481d8b1c@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 12 Jul 2022 15:58:12 +0200
Subject: [PATCH] domcaps: Introduce TPM backendVersion
We accept TPM version in the domain XML. However, supported
version depends on the host (swtpm_setup binary) and thus it may
be tricky for users (or mgmt applications) chose a version.
Introduce machinery for reporting supported version in domain
capabilities.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
(cherry picked from commit 1277a9c884039e92765c977917420511f45e52e8)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2103119
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
docs/formatdomaincaps.rst | 6 ++++++
src/conf/domain_capabilities.c | 1 +
src/conf/domain_capabilities.h | 1 +
3 files changed, 8 insertions(+)
diff --git a/docs/formatdomaincaps.rst b/docs/formatdomaincaps.rst
index 3c425a9a4a..70f46b972a 100644
--- a/docs/formatdomaincaps.rst
+++ b/docs/formatdomaincaps.rst
@@ -513,6 +513,10 @@ TPM device capabilities are exposed under the ``tpm`` element. For instance:
<value>passthrough</value>
<value>emulator</value>
</enum>
+ <enum name='backendVersion'>
+ <value>1.2</value>
+ <value>2.0</value>
+ </enum>
</tpm>
...
</devices>
@@ -522,6 +526,8 @@ TPM device capabilities are exposed under the ``tpm`` element. For instance:
Options for the ``model`` attribute of the ``<tpm/>`` element.
``backendModel``
Options for the ``type`` attribute of the ``<tpm><backend/>`` element.
+``backendVersion``
+ Options for the ``version`` attribute of the ``<tpm><backend/>`` element.
Features
~~~~~~~~
diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c
index 895e8d00e8..33570a51db 100644
--- a/src/conf/domain_capabilities.c
+++ b/src/conf/domain_capabilities.c
@@ -539,6 +539,7 @@ virDomainCapsDeviceTPMFormat(virBuffer *buf,
ENUM_PROCESS(tpm, model, virDomainTPMModelTypeToString);
ENUM_PROCESS(tpm, backendModel, virDomainTPMBackendTypeToString);
+ ENUM_PROCESS(tpm, backendVersion, virDomainTPMVersionTypeToString);
FORMAT_EPILOGUE(tpm);
}
diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h
index f2eed80b15..a526969cda 100644
--- a/src/conf/domain_capabilities.h
+++ b/src/conf/domain_capabilities.h
@@ -127,6 +127,7 @@ struct _virDomainCapsDeviceTPM {
virTristateBool supported;
virDomainCapsEnum model; /* virDomainTPMModel */
virDomainCapsEnum backendModel; /* virDomainTPMBackendType */
+ virDomainCapsEnum backendVersion; /* virDomainTPMVersion */
};
STATIC_ASSERT_ENUM(VIR_DOMAIN_FS_DRIVER_TYPE_LAST);
--
2.35.1

59
SOURCES/libvirt-kbase-Document-QEMU-private-mount-NS-limitations.patch
View File

@ -1,59 +0,0 @@
From 332386ae7bc02618d1860f726065448324a6734a Mon Sep 17 00:00:00 2001
Message-Id: <332386ae7bc02618d1860f726065448324a6734a@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Mon, 5 Sep 2022 12:37:16 +0200
Subject: [PATCH] kbase: Document QEMU private mount NS limitations
There are two points I've taken for granted:
1) the mount points are set before starting a guest,
2) the / and its submounts are marked as shared, so that mount
events propagate into child namespaces when assumption 1) is
not held.
But what's obvious to me might not be obvious to our users.
Document these known limitations.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2123196
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit d3397885d589c25b8962ae221fd0a71ced5597cb)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2152083
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
docs/kbase/qemu-passthrough-security.rst | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/docs/kbase/qemu-passthrough-security.rst b/docs/kbase/qemu-passthrough-security.rst
index 4381d9f3a6..106c3cc5b9 100644
--- a/docs/kbase/qemu-passthrough-security.rst
+++ b/docs/kbase/qemu-passthrough-security.rst
@@ -156,3 +156,25 @@ will affect all virtual machines. These settings are all made in
* Cgroups - set ``cgroup_device_acl`` to include the desired device node, or
``cgroup_controllers = [...]`` to exclude the ``devices`` controller.
+
+Private monunt namespace
+----------------------------
+
+As mentioned above, libvirt launches each QEMU process in its own ``mount``
+namespace. It's recommended that all mount points are set up prior starting any
+guest. For cases when that can't be assured, mount points in the namespace are
+marked as slave so that mount events happening in the parent namespace are
+propagated into this child namespace. But this may require an additional step:
+mounts in the parent namespace need to be marked as shared (if the distribution
+doesn't do that by default). This can be achieved by running the following
+command before any guest is started:
+
+::
+
+ # mount --make-rshared /
+
+Another requirement for dynamic mount point propagation is to not place
+``hugetlbfs`` mount points under ``/dev`` because these won't be propagated as
+corresponding directories do not exist in the private namespace. Or just use
+``memfd`` memory backend instead which does not require ``hugetlbfs`` mount
+points.
--
2.39.0

48
SOURCES/libvirt-nodedev-wait-a-bit-longer-for-new-node-devices.patch
View File

@ -1,48 +0,0 @@
From 08c8ef5eb30983d6ca004e84a11fe7f2547f984e Mon Sep 17 00:00:00 2001
Message-Id: <08c8ef5eb30983d6ca004e84a11fe7f2547f984e@dist-git>
From: Jonathon Jongsma <jjongsma@redhat.com>
Date: Tue, 23 Aug 2022 12:28:02 -0500
Subject: [PATCH] nodedev: wait a bit longer for new node devices
Openstack developers reported that newly-created mdevs were not
recognized by libvirt until after a libvirt daemon restart. The source
of the problem appears to be that when libvirt gets the udev 'add'
event, the sysfs tree for that device might not be ready and so libvirt
waits 100ms for it to appear (max 100 waits of 1ms each). But in the
OpenStack environment, the sysfs tree for new mediated devices was
taking closer to 250ms to appear and therefore libvirt gave up waiting
and didn't add these new devices to its list of nodedevs.
By changing the wait time to 1 second (max 100 waits of 10ms each), this
should provide enough time to enable these deployments to recognize
newly-created mediated devices, but it shouldn't increase the delay for
more traditional deployments too much.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2109450
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
(cherry picked from commit e4f9682ebc442bb5dfee807ba618c8863355776d)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2141364
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
---
src/node_device/node_device_udev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/node_device/node_device_udev.c b/src/node_device/node_device_udev.c
index 3d69bdedae..1f63162e23 100644
--- a/src/node_device/node_device_udev.c
+++ b/src/node_device/node_device_udev.c
@@ -1036,7 +1036,7 @@ udevProcessMediatedDevice(struct udev_device *dev,
linkpath = g_strdup_printf("%s/mdev_type", udev_device_get_syspath(dev));
- if (virFileWaitForExists(linkpath, 1, 100) < 0) {
+ if (virFileWaitForExists(linkpath, 10, 100) < 0) {
virReportSystemError(errno,
_("failed to wait for file '%s' to appear"),
linkpath);
--
2.38.1

75472
SOURCES/libvirt-po-Updated-translation-files-from-upstream.patch Normal file
View File

File diff suppressed because it is too large Load Diff

183
SOURCES/libvirt-qemu-Always-assume-support-for-QEMU_CAPS_MIGRATION_PARAM_XBZRLE_CACHE_SIZE.patch
View File

@ -1,183 +0,0 @@
From b020ddee84458afd8de70d9f296b91fa2b6a95fd Mon Sep 17 00:00:00 2001
Message-Id: <b020ddee84458afd8de70d9f296b91fa2b6a95fd@dist-git>
From: Peter Krempa <pkrempa@redhat.com>
Date: Fri, 15 Jul 2022 14:16:54 +0200
Subject: [PATCH] qemu: Always assume support for
QEMU_CAPS_MIGRATION_PARAM_XBZRLE_CACHE_SIZE
The 'xbzrle-cache-size' parameter was added in qemu-2.11 thus all
supported qemu versions now use the new code path.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 06e0ba3da71ec6c58024efe57d0f55d3d1352d60)
This commit is not strictly needed for fixing the following BZ, but it
removes a code which will be never executed in RHEL 9 and backporting it
avoids conflicts with the actual bug fix.
https://bugzilla.redhat.com/show_bug.cgi?id=2107892
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_driver.c | 56 +++++++++-----------------------
src/qemu/qemu_migration_params.c | 18 ----------
2 files changed, 16 insertions(+), 58 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 17e4c23199..256e126ae1 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -13172,10 +13172,8 @@ qemuDomainMigrateGetCompressionCache(virDomainPtr dom,
{
virQEMUDriver *driver = dom->conn->privateData;
virDomainObj *vm;
- qemuDomainObjPrivate *priv;
g_autoptr(qemuMigrationParams) migParams = NULL;
int ret = -1;
- int rc;
virCheckFlags(0, -1);
@@ -13191,8 +13189,6 @@ qemuDomainMigrateGetCompressionCache(virDomainPtr dom,
if (virDomainObjCheckActive(vm) < 0)
goto endjob;
- priv = vm->privateData;
-
if (!qemuMigrationCapsGet(vm, QEMU_MIGRATION_CAP_XBZRLE)) {
virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
_("Compressed migration is not supported by "
@@ -13200,22 +13196,14 @@ qemuDomainMigrateGetCompressionCache(virDomainPtr dom,
goto endjob;
}
- if (virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_MIGRATION_PARAM_XBZRLE_CACHE_SIZE)) {
- if (qemuMigrationParamsFetch(driver, vm, VIR_ASYNC_JOB_NONE,
- &migParams) < 0)
- goto endjob;
+ if (qemuMigrationParamsFetch(driver, vm, VIR_ASYNC_JOB_NONE,
+ &migParams) < 0)
+ goto endjob;
- if (qemuMigrationParamsGetULL(migParams,
- QEMU_MIGRATION_PARAM_XBZRLE_CACHE_SIZE,
- cacheSize) < 0)
- goto endjob;
- } else {
- qemuDomainObjEnterMonitor(driver, vm);
- rc = qemuMonitorGetMigrationCacheSize(priv->mon, cacheSize);
- qemuDomainObjExitMonitor(vm);
- if (rc < 0)
- goto endjob;
- }
+ if (qemuMigrationParamsGetULL(migParams,
+ QEMU_MIGRATION_PARAM_XBZRLE_CACHE_SIZE,
+ cacheSize) < 0)
+ goto endjob;
ret = 0;
@@ -13234,10 +13222,8 @@ qemuDomainMigrateSetCompressionCache(virDomainPtr dom,
{
virQEMUDriver *driver = dom->conn->privateData;
virDomainObj *vm;
- qemuDomainObjPrivate *priv;
g_autoptr(qemuMigrationParams) migParams = NULL;
int ret = -1;
- int rc;
virCheckFlags(0, -1);
@@ -13253,8 +13239,6 @@ qemuDomainMigrateSetCompressionCache(virDomainPtr dom,
if (virDomainObjCheckActive(vm) < 0)
goto endjob;
- priv = vm->privateData;
-
if (!qemuMigrationCapsGet(vm, QEMU_MIGRATION_CAP_XBZRLE)) {
virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
_("Compressed migration is not supported by "
@@ -13263,25 +13247,17 @@ qemuDomainMigrateSetCompressionCache(virDomainPtr dom,
}
VIR_DEBUG("Setting compression cache to %llu B", cacheSize);
- if (virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_MIGRATION_PARAM_XBZRLE_CACHE_SIZE)) {
- if (!(migParams = qemuMigrationParamsNew()))
- goto endjob;
+ if (!(migParams = qemuMigrationParamsNew()))
+ goto endjob;
- if (qemuMigrationParamsSetULL(migParams,
- QEMU_MIGRATION_PARAM_XBZRLE_CACHE_SIZE,
- cacheSize) < 0)
- goto endjob;
+ if (qemuMigrationParamsSetULL(migParams,
+ QEMU_MIGRATION_PARAM_XBZRLE_CACHE_SIZE,
+ cacheSize) < 0)
+ goto endjob;
- if (qemuMigrationParamsApply(driver, vm, VIR_ASYNC_JOB_NONE,
- migParams, 0) < 0)
- goto endjob;
- } else {
- qemuDomainObjEnterMonitor(driver, vm);
- rc = qemuMonitorSetMigrationCacheSize(priv->mon, cacheSize);
- qemuDomainObjExitMonitor(vm);
- if (rc < 0)
- goto endjob;
- }
+ if (qemuMigrationParamsApply(driver, vm, VIR_ASYNC_JOB_NONE,
+ migParams, 0) < 0)
+ goto endjob;
ret = 0;
diff --git a/src/qemu/qemu_migration_params.c b/src/qemu/qemu_migration_params.c
index 6ea0bde13a..0bce358ac3 100644
--- a/src/qemu/qemu_migration_params.c
+++ b/src/qemu/qemu_migration_params.c
@@ -886,10 +886,8 @@ qemuMigrationParamsApply(virQEMUDriver *driver,
unsigned long apiFlags)
{
qemuDomainObjPrivate *priv = vm->privateData;
- bool xbzrleCacheSize_old = false;
g_autoptr(virJSONValue) params = NULL;
g_autoptr(virJSONValue) caps = NULL;
- qemuMigrationParam xbzrle = QEMU_MIGRATION_PARAM_XBZRLE_CACHE_SIZE;
bool postcopyResume = !!(apiFlags & VIR_MIGRATE_POSTCOPY_RESUME);
int ret = -1;
@@ -917,19 +915,6 @@ qemuMigrationParamsApply(virQEMUDriver *driver,
}
}
- /* If QEMU is too old to support xbzrle-cache-size migration parameter,
- * we need to set it via migrate-set-cache-size and tell
- * qemuMonitorSetMigrationParams to ignore this parameter.
- */
- if (migParams->params[xbzrle].set &&
- !virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_MIGRATION_PARAM_XBZRLE_CACHE_SIZE)) {
- if (qemuMonitorSetMigrationCacheSize(priv->mon,
- migParams->params[xbzrle].value.ull) < 0)
- goto cleanup;
- xbzrleCacheSize_old = true;
- migParams->params[xbzrle].set = false;
- }
-
if (!(params = qemuMigrationParamsToJSON(migParams, postcopyResume)))
goto cleanup;
@@ -942,9 +927,6 @@ qemuMigrationParamsApply(virQEMUDriver *driver,
cleanup:
qemuDomainObjExitMonitor(vm);
- if (xbzrleCacheSize_old)
- migParams->params[xbzrle].set = true;
-
return ret;
}
--
2.35.1

86
SOURCES/libvirt-qemu-Implement-qemuDomainGetStatsCpu-fallback-for-qemu-session.patch
View File

@ -1,86 +0,0 @@
From 5da85fb944db3dd8213a7302deaffa3b294acd64 Mon Sep 17 00:00:00 2001
Message-Id: <5da85fb944db3dd8213a7302deaffa3b294acd64@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 9 Aug 2022 16:16:09 +0200
Subject: [PATCH] qemu: Implement qemuDomainGetStatsCpu fallback for
qemu:///session
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
For domains started under session URI, we don't set up CGroups
(well, how could we since we're not running as root anyways).
Nevertheless, fetching CPU statistics exits early because of
lacking cpuacct controller. But with recent extension to
virProcessGetStatInfo() we can get the values we need from the
proc filesystem. Implement the fallback for the session URI as
some of virt tools rely on cpu.* stats to be reported (virt-top,
virt-manager).
Resolves: https://gitlab.com/libvirt/libvirt/-/issues/353
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1693707
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 044b8744d65f8571038f85685b3c4b241162977b)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2157094
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_driver.c | 35 +++++++++++++++++++++++++++++++++--
1 file changed, 33 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 84cf2c6a4f..ac210d8069 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -18042,6 +18042,30 @@ qemuDomainGetStatsCpuCgroup(virDomainObj *dom,
return 0;
}
+
+static int
+qemuDomainGetStatsCpuProc(virDomainObj *vm,
+ virTypedParamList *params)
+{
+ unsigned long long cpuTime = 0;
+ unsigned long long sysTime = 0;
+ unsigned long long userTime = 0;
+
+ if (virProcessGetStatInfo(&cpuTime, &sysTime, &userTime,
+ NULL, NULL, vm->pid, 0) < 0) {
+ /* ignore error */
+ return 0;
+ }
+
+ if (virTypedParamListAddULLong(params, cpuTime, "cpu.time") < 0 ||
+ virTypedParamListAddULLong(params, userTime, "cpu.user") < 0 ||
+ virTypedParamListAddULLong(params, sysTime, "cpu.system") < 0)
+ return -1;
+
+ return 0;
+}
+
+
static int
qemuDomainGetStatsCpuHaltPollTime(virDomainObj *dom,
virTypedParamList *params)
@@ -18066,8 +18090,15 @@ qemuDomainGetStatsCpu(virQEMUDriver *driver,
virTypedParamList *params,
unsigned int privflags G_GNUC_UNUSED)
{
- if (qemuDomainGetStatsCpuCgroup(dom, params) < 0)
- return -1;
+ qemuDomainObjPrivate *priv = dom->privateData;
+
+ if (priv->cgroup) {
+ if (qemuDomainGetStatsCpuCgroup(dom, params) < 0)
+ return -1;
+ } else {
+ if (qemuDomainGetStatsCpuProc(dom, params) < 0)
+ return -1;
+ }
if (qemuDomainGetStatsCpuCache(driver, dom, params) < 0)
return -1;
--
2.39.0

195
SOURCES/libvirt-qemu-Make-IOThread-changing-more-robust.patch
View File

@ -1,195 +0,0 @@
From 5853ac5261b2934ca300b24a7bd78cc4b377c90c Mon Sep 17 00:00:00 2001
Message-Id: <5853ac5261b2934ca300b24a7bd78cc4b377c90c@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Thu, 7 Jul 2022 17:37:46 +0200
Subject: [PATCH] qemu: Make IOThread changing more robust
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
There are three APIs that allow changing IOThreads:
virDomainAddIOThread()
virDomainDelIOThread()
virDomainSetIOThreadParams()
In case of QEMU driver these are handled by
qemuDomainChgIOThread() which attempts to be versatile enough to
work on both inactive and live domain definitions at the same
time. However, it's a bit clumsy - when a change to live
definition succeeds but fails in inactive definition then there's
no rollback. And somewhat rightfully so - changes to live
definition are in general harder to roll back. Therefore, do what
we do elsewhere (qemuDomainAttachDeviceLiveAndConfig(),
qemuDomainDetachDeviceAliasLiveAndConfig(), ...):
1) do the change to inactive XML first,
2) in fact, do the change to a copy of inactive XML,
3) swap inactive XML and its copy only after everything
succeeded.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 6db9c95a45d4e24cdcd5c009b7fe5da3745b5d59)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2059511
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_driver.c | 74 ++++++++++++++++++++++++------------------
1 file changed, 43 insertions(+), 31 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 3b5c3db67c..2c627396f1 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -5594,6 +5594,7 @@ qemuDomainChgIOThread(virQEMUDriver *driver,
{
g_autoptr(virQEMUDriverConfig) cfg = NULL;
qemuDomainObjPrivate *priv;
+ g_autoptr(virDomainDef) defcopy = NULL;
virDomainDef *def;
virDomainDef *persistentDef;
virDomainIOThreadIDDef *iothreaddef = NULL;
@@ -5609,34 +5610,34 @@ qemuDomainChgIOThread(virQEMUDriver *driver,
if (virDomainObjGetDefs(vm, flags, &def, &persistentDef) < 0)
goto endjob;
- if (def) {
- if (!virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_IOTHREAD)) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("IOThreads not supported with this binary"));
- goto endjob;
- }
+ if (persistentDef) {
+ /* Make a copy of persistent definition and do all the changes there.
+ * Swap the definitions only after changes to live definition
+ * succeeded. */
+ if (!(defcopy = virDomainObjCopyPersistentDef(vm, driver->xmlopt,
+ priv->qemuCaps)))
+ return -1;
switch (action) {
case VIR_DOMAIN_IOTHREAD_ACTION_ADD:
- if (virDomainDriverAddIOThreadCheck(def, iothread.iothread_id) < 0)
+ if (virDomainDriverAddIOThreadCheck(defcopy, iothread.iothread_id) < 0)
goto endjob;
- if (qemuDomainHotplugAddIOThread(driver, vm, iothread.iothread_id) < 0)
+ if (!virDomainIOThreadIDAdd(defcopy, iothread.iothread_id))
goto endjob;
break;
case VIR_DOMAIN_IOTHREAD_ACTION_DEL:
- if (virDomainDriverDelIOThreadCheck(def, iothread.iothread_id) < 0)
+ if (virDomainDriverDelIOThreadCheck(defcopy, iothread.iothread_id) < 0)
goto endjob;
- if (qemuDomainHotplugDelIOThread(driver, vm, iothread.iothread_id) < 0)
- goto endjob;
+ virDomainIOThreadIDDel(defcopy, iothread.iothread_id);
break;
case VIR_DOMAIN_IOTHREAD_ACTION_MOD:
- iothreaddef = virDomainIOThreadIDFind(def, iothread.iothread_id);
+ iothreaddef = virDomainIOThreadIDFind(defcopy, iothread.iothread_id);
if (!iothreaddef) {
virReportError(VIR_ERR_INVALID_ARG,
@@ -5645,41 +5646,47 @@ qemuDomainChgIOThread(virQEMUDriver *driver,
goto endjob;
}
- if (qemuDomainIOThreadValidate(iothreaddef, iothread, true) < 0)
+ if (qemuDomainIOThreadValidate(iothreaddef, iothread, false) < 0)
goto endjob;
- if (qemuDomainHotplugModIOThread(driver, vm, iothread) < 0)
+ if (qemuDomainHotplugModIOThreadIDDef(iothreaddef, iothread) < 0) {
+ virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
+ _("configuring persistent polling values is not supported"));
goto endjob;
+ }
- qemuDomainHotplugModIOThreadIDDef(iothreaddef, iothread);
break;
-
}
-
- qemuDomainSaveStatus(vm);
}
- if (persistentDef) {
+ if (def) {
+ if (!virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_IOTHREAD)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("IOThreads not supported with this binary"));
+ goto endjob;
+ }
+
switch (action) {
case VIR_DOMAIN_IOTHREAD_ACTION_ADD:
- if (virDomainDriverAddIOThreadCheck(persistentDef, iothread.iothread_id) < 0)
+ if (virDomainDriverAddIOThreadCheck(def, iothread.iothread_id) < 0)
goto endjob;
- if (!virDomainIOThreadIDAdd(persistentDef, iothread.iothread_id))
+ if (qemuDomainHotplugAddIOThread(driver, vm, iothread.iothread_id) < 0)
goto endjob;
break;
case VIR_DOMAIN_IOTHREAD_ACTION_DEL:
- if (virDomainDriverDelIOThreadCheck(persistentDef, iothread.iothread_id) < 0)
+ if (virDomainDriverDelIOThreadCheck(def, iothread.iothread_id) < 0)
goto endjob;
- virDomainIOThreadIDDel(persistentDef, iothread.iothread_id);
+ if (qemuDomainHotplugDelIOThread(driver, vm, iothread.iothread_id) < 0)
+ goto endjob;
break;
case VIR_DOMAIN_IOTHREAD_ACTION_MOD:
- iothreaddef = virDomainIOThreadIDFind(persistentDef, iothread.iothread_id);
+ iothreaddef = virDomainIOThreadIDFind(def, iothread.iothread_id);
if (!iothreaddef) {
virReportError(VIR_ERR_INVALID_ARG,
@@ -5688,21 +5695,26 @@ qemuDomainChgIOThread(virQEMUDriver *driver,
goto endjob;
}
- if (qemuDomainIOThreadValidate(iothreaddef, iothread, false) < 0)
+ if (qemuDomainIOThreadValidate(iothreaddef, iothread, true) < 0)
goto endjob;
- if (qemuDomainHotplugModIOThreadIDDef(iothreaddef, iothread) < 0) {
- virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
- _("configuring persistent polling values is not supported"));
+ if (qemuDomainHotplugModIOThread(driver, vm, iothread) < 0)
goto endjob;
- }
+ qemuDomainHotplugModIOThreadIDDef(iothreaddef, iothread);
break;
+
}
- if (virDomainDefSave(persistentDef, driver->xmlopt,
- cfg->configDir) < 0)
+ qemuDomainSaveStatus(vm);
+ }
+
+ /* Finally, if no error until here, we can save config. */
+ if (defcopy) {
+ if (virDomainDefSave(defcopy, driver->xmlopt, cfg->configDir) < 0)
goto endjob;
+
+ virDomainObjAssignDef(vm, &defcopy, false, NULL);
}
ret = 0;
--
2.35.1

148
SOURCES/libvirt-qemu-Pass-migration-flags-to-qemuMigrationParamsApply.patch
View File

@ -1,148 +0,0 @@
From 4c906acec14efe3893491d749465ed7e285a825c Mon Sep 17 00:00:00 2001
Message-Id: <4c906acec14efe3893491d749465ed7e285a825c@dist-git>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Wed, 29 Jun 2022 12:00:03 +0200
Subject: [PATCH] qemu: Pass migration flags to qemuMigrationParamsApply
The flags will later be used to determine which parameters should
actually be applied.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 0eae541257cd4f01c9d90db62056ad8d03c5af23)
https://bugzilla.redhat.com/show_bug.cgi?id=2111070
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_driver.c | 6 +++---
src/qemu/qemu_migration.c | 8 ++++----
src/qemu/qemu_migration_params.c | 11 ++++++++---
src/qemu/qemu_migration_params.h | 3 ++-
4 files changed, 17 insertions(+), 11 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 847c96639d..17e4c23199 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -13091,7 +13091,7 @@ qemuDomainMigrateSetMaxDowntime(virDomainPtr dom,
goto endjob;
if (qemuMigrationParamsApply(driver, vm, VIR_ASYNC_JOB_NONE,
- migParams) < 0)
+ migParams, 0) < 0)
goto endjob;
} else {
qemuDomainObjEnterMonitor(driver, vm);
@@ -13273,7 +13273,7 @@ qemuDomainMigrateSetCompressionCache(virDomainPtr dom,
goto endjob;
if (qemuMigrationParamsApply(driver, vm, VIR_ASYNC_JOB_NONE,
- migParams) < 0)
+ migParams, 0) < 0)
goto endjob;
} else {
qemuDomainObjEnterMonitor(driver, vm);
@@ -13360,7 +13360,7 @@ qemuDomainMigrateSetMaxSpeed(virDomainPtr dom,
goto endjob;
if (qemuMigrationParamsApply(driver, vm, VIR_ASYNC_JOB_NONE,
- migParams) < 0)
+ migParams, 0) < 0)
goto endjob;
} else {
int rc;
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 76903d612b..8cbd73a809 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -3259,7 +3259,7 @@ qemuMigrationDstPrepareActive(virQEMUDriver *driver,
}
if (qemuMigrationParamsApply(driver, vm, VIR_ASYNC_JOB_MIGRATION_IN,
- migParams) < 0)
+ migParams, flags) < 0)
goto error;
if (mig->nbd &&
@@ -4847,7 +4847,7 @@ qemuMigrationSrcRun(virQEMUDriver *driver,
goto error;
if (qemuMigrationParamsApply(driver, vm, VIR_ASYNC_JOB_MIGRATION_OUT,
- migParams) < 0)
+ migParams, flags) < 0)
goto error;
if (flags & VIR_MIGRATE_ZEROCOPY) {
@@ -6941,7 +6941,7 @@ qemuMigrationSrcToFile(virQEMUDriver *driver, virDomainObj *vm,
QEMU_DOMAIN_MIG_BANDWIDTH_MAX * 1024 * 1024) < 0)
return -1;
- if (qemuMigrationParamsApply(driver, vm, asyncJob, migParams) < 0)
+ if (qemuMigrationParamsApply(driver, vm, asyncJob, migParams, 0) < 0)
return -1;
priv->migMaxBandwidth = QEMU_DOMAIN_MIG_BANDWIDTH_MAX;
@@ -7037,7 +7037,7 @@ qemuMigrationSrcToFile(virQEMUDriver *driver, virDomainObj *vm,
QEMU_MIGRATION_PARAM_MAX_BANDWIDTH,
saveMigBandwidth * 1024 * 1024) == 0)
ignore_value(qemuMigrationParamsApply(driver, vm, asyncJob,
- migParams));
+ migParams, 0));
} else {
if (qemuDomainObjEnterMonitorAsync(driver, vm, asyncJob) == 0) {
qemuMonitorSetMigrationSpeed(priv->mon, saveMigBandwidth);
diff --git a/src/qemu/qemu_migration_params.c b/src/qemu/qemu_migration_params.c
index cc66ed8229..398c07efd0 100644
--- a/src/qemu/qemu_migration_params.c
+++ b/src/qemu/qemu_migration_params.c
@@ -833,8 +833,10 @@ qemuMigrationCapsToJSON(virBitmap *caps,
* @vm: domain object
* @asyncJob: migration job
* @migParams: migration parameters to send to QEMU
+ * @apiFlags: migration flags, some of them may affect which parameters are applied
*
- * Send all parameters stored in @migParams to QEMU.
+ * Send parameters stored in @migParams to QEMU. If @apiFlags is non-zero, some
+ * parameters that do not make sense for the enabled flags will be ignored.
*
* Returns 0 on success, -1 on failure.
*/
@@ -842,7 +844,8 @@ int
qemuMigrationParamsApply(virQEMUDriver *driver,
virDomainObj *vm,
int asyncJob,
- qemuMigrationParams *migParams)
+ qemuMigrationParams *migParams,
+ unsigned long apiFlags G_GNUC_UNUSED)
{
qemuDomainObjPrivate *priv = vm->privateData;
bool xbzrleCacheSize_old = false;
@@ -1245,7 +1248,9 @@ qemuMigrationParamsReset(virQEMUDriver *driver,
if (!virDomainObjIsActive(vm) || !origParams)
goto cleanup;
- if (qemuMigrationParamsApply(driver, vm, asyncJob, origParams) < 0)
+ /* Do not pass apiFlags to qemuMigrationParamsApply here to make sure all
+ * parameters and capabilities are reset. */
+ if (qemuMigrationParamsApply(driver, vm, asyncJob, origParams, 0) < 0)
goto cleanup;
qemuMigrationParamsResetTLS(driver, vm, asyncJob, origParams, apiFlags);
diff --git a/src/qemu/qemu_migration_params.h b/src/qemu/qemu_migration_params.h
index d1184acded..9e990e09bd 100644
--- a/src/qemu/qemu_migration_params.h
+++ b/src/qemu/qemu_migration_params.h
@@ -98,7 +98,8 @@ int
qemuMigrationParamsApply(virQEMUDriver *driver,
virDomainObj *vm,
int asyncJob,
- qemuMigrationParams *migParams);
+ qemuMigrationParams *migParams,
+ unsigned long apiFlags);
int
qemuMigrationParamsEnableTLS(virQEMUDriver *driver,
--
2.35.1

38
SOURCES/libvirt-qemu-Properly-release-job-in-qemuDomainSaveInternal.patch
View File

@ -1,38 +0,0 @@
From b35eb8dd4800be4dba22eb0a38da4d4d1c54521f Mon Sep 17 00:00:00 2001
Message-Id: <b35eb8dd4800be4dba22eb0a38da4d4d1c54521f@dist-git>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Wed, 27 Jul 2022 15:40:12 +0200
Subject: [PATCH] qemu: Properly release job in qemuDomainSaveInternal
The function would fail to release the job in case
qemuMigrationSrcIsAllowed failed.
Fixes v8.5.0-157-g69e0e33873
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
(cherry picked from commit 9c3d398df11024ef6c00a50c98fcc0f1f66c16a1)
https://bugzilla.redhat.com/show_bug.cgi?id=1497907
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_driver.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 256e126ae1..ebd6365f52 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -2655,7 +2655,7 @@ qemuDomainSaveInternal(virQEMUDriver *driver,
goto cleanup;
if (!qemuMigrationSrcIsAllowed(driver, vm, false, VIR_ASYNC_JOB_SAVE, 0))
- goto cleanup;
+ goto endjob;
if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
--
2.35.1

105
SOURCES/libvirt-qemu-Provide-virDomainGetCPUStats-implementation-for-session-connection.patch Normal file
View File

@ -0,0 +1,105 @@
From ec03aa23ac417797f9b53d51b6f999f5e966f9d7 Mon Sep 17 00:00:00 2001
Message-Id: <ec03aa23ac417797f9b53d51b6f999f5e966f9d7@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Mon, 16 Jan 2023 12:46:09 +0100
Subject: [PATCH] qemu: Provide virDomainGetCPUStats() implementation for
session connection
We have virDomainGetCPUStats() API which offers querying
statistics on host CPU usage by given guest. And it works in two
modes: getting overall stats (@start_cpu == -1, @ncpus == 1) or
getting per host CPU usage.
For the QEMU driver it is implemented by looking into values
stored in corresponding cpuacct CGroup controller. Well, this
works for system instances, where libvirt has permissions to
create CGroups and place QEMU process into them. But it does not
fly for session connection, where no CGroups are set up.
Fortunately, we can do something similar to v8.8.0-rc1~95 and use
virProcessGetStatInfo() to fill the overall stats. Unfortunately,
I haven't found any source of per host CPU usage, so we just
continue throwing an error in that case.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit 8865c42771600a40eddf40663f73b458423059a4)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2148266
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_driver.c | 52 ++++++++++++++++++++++++++++++++++++++++--
1 file changed, 50 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index c576c601ad..0603af6a35 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -16009,6 +16009,50 @@ qemuDomainGetMetadata(virDomainPtr dom,
return ret;
}
+#define QEMU_CPU_STATS_PROC_TOTAL 3
+
+static int
+qemuDomainGetCPUStatsProc(virDomainObj *vm,
+ virTypedParameterPtr params,
+ unsigned int nparams)
+{
+ unsigned long long cpuTime = 0;
+ unsigned long long userTime = 0;
+ unsigned long long sysTime = 0;
+
+ if (nparams == 0) {
+ /* return supported number of params */
+ return QEMU_CPU_STATS_PROC_TOTAL;
+ }
+
+ if (virProcessGetStatInfo(&cpuTime, &userTime, &sysTime,
+ NULL, NULL, vm->pid, 0) < 0) {
+ virReportError(VIR_ERR_OPERATION_FAILED, "%s",
+ _("cannot read cputime for domain"));
+ return -1;
+ }
+
+ if (virTypedParameterAssign(&params[0], VIR_DOMAIN_CPU_STATS_CPUTIME,
+ VIR_TYPED_PARAM_ULLONG, cpuTime) < 0)
+ return -1;
+
+ if (nparams > 1 &&
+ virTypedParameterAssign(&params[1], VIR_DOMAIN_CPU_STATS_USERTIME,
+ VIR_TYPED_PARAM_ULLONG, userTime) < 0)
+ return -1;
+
+ if (nparams > 2 &&
+ virTypedParameterAssign(&params[2], VIR_DOMAIN_CPU_STATS_SYSTEMTIME,
+ VIR_TYPED_PARAM_ULLONG, sysTime) < 0)
+ return -1;
+
+ if (nparams > 3)
+ nparams = 3;
+
+ return nparams;
+}
+
+#undef QEMU_CPU_STATS_PROC_TOTAL
static int
qemuDomainGetCPUStats(virDomainPtr domain,
@@ -16037,8 +16081,12 @@ qemuDomainGetCPUStats(virDomainPtr domain,
goto cleanup;
if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_CPUACCT)) {
- virReportError(VIR_ERR_OPERATION_INVALID,
- "%s", _("cgroup CPUACCT controller is not mounted"));
+ if (start_cpu == -1) {
+ ret = qemuDomainGetCPUStatsProc(vm, params, nparams);
+ } else {
+ virReportError(VIR_ERR_OPERATION_INVALID, "%s",
+ _("cgroup CPUACCT controller is not mounted"));
+ }
goto cleanup;
}
--
2.39.1

77
SOURCES/libvirt-qemu-Remove-memAliasOrderMismatch-field-from-VM-private-data.patch Normal file
View File

@ -0,0 +1,77 @@
From e0e6c7375855e09c45591d0b5ab23cddaa230ad8 Mon Sep 17 00:00:00 2001
Message-Id: <e0e6c7375855e09c45591d0b5ab23cddaa230ad8@dist-git>
From: Peter Krempa <pkrempa@redhat.com>
Date: Thu, 19 Jan 2023 15:18:45 +0100
Subject: [PATCH] qemu: Remove 'memAliasOrderMismatch' field from VM private
data
The field is no longer used so we can remove it and the code filling it.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit 5764930463eb8f450e45fa982651ef6b7a7afd7c)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2158701
---
src/qemu/qemu_domain.h | 3 ---
src/qemu/qemu_process.c | 24 ------------------------
2 files changed, 27 deletions(-)
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index 08430b67b9..eca5404cdc 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -177,9 +177,6 @@ struct _qemuDomainObjPrivate {
uint8_t *masterKey;
size_t masterKeyLen;
- /* note whether memory device alias does not correspond to slot number */
- bool memAliasOrderMismatch;
-
/* for migrations using TLS with a secret (not to be saved in our */
/* private XML). */
qemuDomainSecretInfo *migSecinfo;
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index ee9f0784d3..29716ecb19 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -3896,28 +3896,6 @@ qemuDomainPerfRestart(virDomainObj *vm)
}
-static void
-qemuProcessReconnectCheckMemAliasOrderMismatch(virDomainObj *vm)
-{
- size_t i;
- int aliasidx;
- virDomainDef *def = vm->def;
- qemuDomainObjPrivate *priv = vm->privateData;
-
- if (!virDomainDefHasMemoryHotplug(def) || def->nmems == 0)
- return;
-
- for (i = 0; i < def->nmems; i++) {
- aliasidx = qemuDomainDeviceAliasIndex(&def->mems[i]->info, "dimm");
-
- if (def->mems[i]->info.addr.dimm.slot != aliasidx) {
- priv->memAliasOrderMismatch = true;
- break;
- }
- }
-}
-
-
static bool
qemuProcessDomainMemoryDefNeedHugepagesPath(const virDomainMemoryDef *mem,
const long system_pagesize)
@@ -9091,8 +9069,6 @@ qemuProcessReconnect(void *opaque)
if (qemuProcessRefreshFdsetIndex(obj) < 0)
goto error;
- qemuProcessReconnectCheckMemAliasOrderMismatch(obj);
-
if (qemuConnectAgent(driver, obj) < 0)
goto error;
--
2.39.1

49
SOURCES/libvirt-qemu-Report-supported-TPM-version-in-domcaps.patch
View File

@ -1,49 +0,0 @@
From b3d2dae261768c00b5d92203351ff6dd7cde468e Mon Sep 17 00:00:00 2001
Message-Id: <b3d2dae261768c00b5d92203351ff6dd7cde468e@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 12 Jul 2022 15:58:17 +0200
Subject: [PATCH] qemu: Report supported TPM version in domcaps
Now that we have everything prepared, we can start detecting
supported TPM versions and setting corresponding values in
backendModel struct.
Resolves: https://gitlab.com/libvirt/libvirt/-/issues/340
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2103119
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
(cherry picked from commit 430ab88ab17727ac9774ee5b47f09f69c57add73)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_capabilities.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 2c3be3ecec..8586930266 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -6368,9 +6368,18 @@ virQEMUCapsFillDomainDeviceTPMCaps(virQEMUCaps *qemuCaps,
if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_TPM_PASSTHROUGH))
VIR_DOMAIN_CAPS_ENUM_SET(tpm->backendModel, VIR_DOMAIN_TPM_TYPE_PASSTHROUGH);
- if (virTPMHasSwtpm() &&
- virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_TPM_EMULATOR))
- VIR_DOMAIN_CAPS_ENUM_SET(tpm->backendModel, VIR_DOMAIN_TPM_TYPE_EMULATOR);
+ if (virTPMHasSwtpm()) {
+ if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_TPM_EMULATOR))
+ VIR_DOMAIN_CAPS_ENUM_SET(tpm->backendModel, VIR_DOMAIN_TPM_TYPE_EMULATOR);
+ if (virTPMSwtpmSetupCapsGet(VIR_TPM_SWTPM_SETUP_FEATURE_TPM_1_2)) {
+ VIR_DOMAIN_CAPS_ENUM_SET(tpm->backendVersion, VIR_DOMAIN_TPM_VERSION_1_2);
+ tpm->backendVersion.report = true;
+ }
+ if (virTPMSwtpmSetupCapsGet(VIR_TPM_SWTPM_SETUP_FEATURE_TPM_2_0)) {
+ VIR_DOMAIN_CAPS_ENUM_SET(tpm->backendVersion, VIR_DOMAIN_TPM_VERSION_2_0);
+ tpm->backendVersion.report = true;
+ }
+ }
/*
* Need at least one frontend if it is to be usable by applications
--
2.35.1

85
SOURCES/libvirt-qemu-Restore-original-memory-locking-limit-on-reconnect.patch
View File

@ -1,85 +0,0 @@
From a1d825e5dcb8cbe0854fa852d25e5997a52d57cd Mon Sep 17 00:00:00 2001
Message-Id: <a1d825e5dcb8cbe0854fa852d25e5997a52d57cd@dist-git>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Wed, 27 Jul 2022 14:33:23 +0200
Subject: [PATCH] qemu: Restore original memory locking limit on reconnect
Commit v8.4.0-287-gd4d3bb8130 tried to make sure the original
pre-migration memory locking limit is restored at the end of migration,
but it missed the case when libvirt daemon is restarted during
migration which needs to be aborted on reconnect.
And if this was not enough, I forgot to actually save the status XML
after setting the field in priv (in the commit mentioned above and also
in v8.4.0-291-gd375993ab3).
https://bugzilla.redhat.com/show_bug.cgi?id=2107424
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit bb9badb9168ad0d40bca86b6463ef504624f096d)
Conflicts:
src/qemu/qemu_migration.c
- commit v8.5.0-2-gf9dcc01a0f not backported
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_migration.c | 13 +++++++++----
src/qemu/qemu_process.c | 2 ++
2 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 9289df81eb..61fcaf4258 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -4672,10 +4672,12 @@ qemuMigrationSrcStart(virDomainObj *vm,
switch (spec->destType) {
case MIGRATION_DEST_HOST:
if (STREQ(spec->dest.host.protocol, "rdma") &&
- vm->def->mem.hard_limit > 0 &&
- qemuDomainSetMaxMemLock(vm, vm->def->mem.hard_limit << 10,
- &priv->preMigrationMemlock) < 0) {
- return -1;
+ vm->def->mem.hard_limit > 0) {
+ if (qemuDomainSetMaxMemLock(vm, vm->def->mem.hard_limit << 10,
+ &priv->preMigrationMemlock) < 0)
+ return -1;
+ /* Store the original memory locking limit */
+ qemuDomainSaveStatus(vm);
}
return qemuMonitorMigrateToHost(priv->mon, migrateFlags,
spec->dest.host.protocol,
@@ -4870,6 +4872,9 @@ qemuMigrationSrcRun(virQEMUDriver *driver,
if (qemuDomainSetMaxMemLock(vm, limit << 10, &priv->preMigrationMemlock) < 0)
goto error;
+
+ /* Store the original memory locking limit */
+ qemuDomainSaveStatus(vm);
}
if (storageMigration) {
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 771a623ef7..1c28d4b102 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -3677,6 +3677,7 @@ qemuProcessRecoverMigration(virQEMUDriver *driver,
{
virDomainJobStatus migStatus = VIR_DOMAIN_JOB_STATUS_NONE;
qemuDomainJobPrivate *jobPriv = job->privateData;
+ qemuDomainObjPrivate *priv = vm->privateData;
virDomainState state;
int reason;
int rc;
@@ -3726,6 +3727,7 @@ qemuProcessRecoverMigration(virQEMUDriver *driver,
qemuMigrationParamsReset(driver, vm, VIR_ASYNC_JOB_NONE,
jobPriv->migParams, job->apiFlags);
+ qemuDomainSetMaxMemLock(vm, 0, &priv->preMigrationMemlock);
return 0;
}
--
2.35.1

139
SOURCES/libvirt-qemu-add-reconnect-5-to-passt-qemu-commandline-options-when-available.patch Normal file
View File

@ -0,0 +1,139 @@
From 86d2fda1a16bc6d2566acfb6a566e13d704fd25a Mon Sep 17 00:00:00 2001
Message-Id: <86d2fda1a16bc6d2566acfb6a566e13d704fd25a@dist-git>
From: Laine Stump <laine@redhat.com>
Date: Mon, 20 Feb 2023 18:26:51 -0500
Subject: [PATCH] qemu: add reconnect=5 to passt qemu commandline options when
available
QEMU's "reconnect" option of "-netdev stream" tells QEMU to
periodically (period is given in seconds as an argument to the option)
attempt to reconnect to the same passt socket to which it had
originally connected to. This is useful in cases where the passt
process terminates, and libvirtd starts a new passt process in its
place (which doesn't happen yet, but will happen automatically after
an upcoming patch in this series).
Since there is no real hueristic for determining the "best" value of
the reconnect interval, rather than clutter up config with a knob that
nobody knows how to properly twiddle, we just set the reconnect timer
to 5 seconds.
"-netdev stream" first appeared in QEMU 7.2.0, but the reconnect
option won't be available until QEMU 8.0.0, so we need to check QEMU
capabilities just in case someone is using QEMU 7.2.0 (and thus can
support passt backend, but not reconnect)
Resolves: https://bugzilla.redhat.com/2172098
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit acd8333f763f1e45728fac4e727fef4e33141ebf)
Signed-off-by: Laine Stump <laine@redhat.com>
---
src/qemu/qemu_passt.c | 11 ++++++
.../net-user-passt.x86_64-7.2.0.args | 37 +++++++++++++++++++
.../net-user-passt.x86_64-latest.args | 2 +-
tests/qemuxml2argvtest.c | 1 +
4 files changed, 50 insertions(+), 1 deletion(-)
create mode 100644 tests/qemuxml2argvdata/net-user-passt.x86_64-7.2.0.args
diff --git a/src/qemu/qemu_passt.c b/src/qemu/qemu_passt.c
index 88b7df4453..8d28a55455 100644
--- a/src/qemu/qemu_passt.c
+++ b/src/qemu/qemu_passt.c
@@ -83,6 +83,8 @@ qemuPasstAddNetProps(virDomainObj *vm,
{
g_autofree char *passtSocketName = qemuPasstCreateSocketPath(vm, net);
g_autoptr(virJSONValue) addrprops = NULL;
+ qemuDomainObjPrivate *priv = vm->privateData;
+ virQEMUCaps *qemuCaps = priv->qemuCaps;
if (virJSONValueObjectAdd(&addrprops,
"s:type", "unix",
@@ -98,6 +100,15 @@ qemuPasstAddNetProps(virDomainObj *vm,
NULL) < 0) {
return -1;
}
+
+ /* a narrow range of QEMU releases support -netdev stream, but
+ * don't support its "reconnect" option
+ */
+ if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_NETDEV_STREAM_RECONNECT) &&
+ virJSONValueObjectAdd(netprops, "u:reconnect", 5, NULL) < 0) {
+ return -1;
+ }
+
return 0;
}
diff --git a/tests/qemuxml2argvdata/net-user-passt.x86_64-7.2.0.args b/tests/qemuxml2argvdata/net-user-passt.x86_64-7.2.0.args
new file mode 100644
index 0000000000..037dabb87d
--- /dev/null
+++ b/tests/qemuxml2argvdata/net-user-passt.x86_64-7.2.0.args
@@ -0,0 +1,37 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/tmp/lib/domain--1-QEMUGuest1 \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \
+XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \
+XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=QEMUGuest1,debug-threads=on \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}' \
+-machine pc-i440fx-7.2,usb=off,dump-guest-core=off,memory-backend=pc.ram \
+-accel tcg \
+-cpu qemu64 \
+-m 214 \
+-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":224395264}' \
+-overcommit mem-lock=off \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-no-acpi \
+-boot strict=on \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
+-device '{"driver":"ide-hd","bus":"ide.0","unit":0,"drive":"libvirt-1-format","id":"ide0-0-0","bootindex":1}' \
+-netdev '{"type":"stream","addr":{"type":"unix","path":"/bad-test-used-env-xdg-runtime-dir/libvirt/qemu/run/passt/-1-QEMUGuest1-net0.socket"},"server":false,"id":"hostnet0"}' \
+-device '{"driver":"rtl8139","netdev":"hostnet0","id":"net0","mac":"00:11:22:33:44:55","bus":"pci.0","addr":"0x2"}' \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/net-user-passt.x86_64-latest.args b/tests/qemuxml2argvdata/net-user-passt.x86_64-latest.args
index 48e3e8ca8b..f84bec2ec1 100644
--- a/tests/qemuxml2argvdata/net-user-passt.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/net-user-passt.x86_64-latest.args
@@ -30,7 +30,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
-device '{"driver":"ide-hd","bus":"ide.0","unit":0,"drive":"libvirt-1-format","id":"ide0-0-0","bootindex":1}' \
--netdev '{"type":"stream","addr":{"type":"unix","path":"/bad-test-used-env-xdg-runtime-dir/libvirt/qemu/run/passt/-1-QEMUGuest1-net0.socket"},"server":false,"id":"hostnet0"}' \
+-netdev '{"type":"stream","addr":{"type":"unix","path":"/bad-test-used-env-xdg-runtime-dir/libvirt/qemu/run/passt/-1-QEMUGuest1-net0.socket"},"server":false,"reconnect":5,"id":"hostnet0"}' \
-device '{"driver":"rtl8139","netdev":"hostnet0","id":"net0","mac":"00:11:22:33:44:55","bus":"pci.0","addr":"0x2"}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 8c52feb83c..e23b32e96a 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1471,6 +1471,7 @@ mymain(void)
DO_TEST_CAPS_ARCH_LATEST_FULL("net-user", "x86_64", ARG_FLAGS, FLAG_SLIRP_HELPER);
DO_TEST_NOCAPS("net-user-addr");
DO_TEST_CAPS_LATEST("net-user-passt");
+ DO_TEST_CAPS_VER("net-user-passt", "7.2.0");
DO_TEST_NOCAPS("net-virtio");
DO_TEST_NOCAPS("net-virtio-device");
DO_TEST_NOCAPS("net-virtio-disable-offloads");
--
2.39.2

46
SOURCES/libvirt-qemu-agent-Make-fetching-of-can-offline-member-from-guest-query-vcpus-optional.patch Normal file
View File

@ -0,0 +1,46 @@
From 0173f19a17ac694fee1e2c0bbb4b89ba0ff85920 Mon Sep 17 00:00:00 2001
Message-Id: <0173f19a17ac694fee1e2c0bbb4b89ba0ff85920@dist-git>
From: Peter Krempa <pkrempa@redhat.com>
Date: Wed, 1 Mar 2023 16:51:42 +0100
Subject: [PATCH] qemu: agent: Make fetching of 'can-offline' member from
'guest-query-vcpus' optional
The 'can-offline' member is optional according to agent's schema and in
fact in certain cases it's not returned. Libvirt then spams the logs
if something is polling the bulk guest stats API.
Noticed when going through oVirt logs which appears to call the bulk
stats API repeatedly.
Instead of requiring it we simply reply that the vCPU can't be offlined.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
(cherry picked from commit 790ea58153b9ef1120a577d1a87a4ca2e988ee5c)
https://bugzilla.redhat.com/show_bug.cgi?id=2174446
---
src/qemu/qemu_agent.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c
index fa2c0bf915..72898d3fae 100644
--- a/src/qemu/qemu_agent.c
+++ b/src/qemu/qemu_agent.c
@@ -1366,12 +1366,8 @@ qemuAgentGetVCPUs(qemuAgent *agent,
return -1;
}
- if (virJSONValueObjectGetBoolean(entry, "can-offline",
- &in->offlinable) < 0) {
- virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("'can-offline' missing in reply of guest-get-vcpus"));
- return -1;
- }
+ in->offlinable = false;
+ ignore_value(virJSONValueObjectGetBoolean(entry, "can-offline", &in->offlinable));
}
return ndata;
--
2.39.2

108
SOURCES/libvirt-qemu-alias-Remove-oldAlias-argument-of-qemuAssignDeviceMemoryAlias.patch Normal file
View File

@ -0,0 +1,108 @@
From 9271efe525e9cfaf1aad931ffccf61d6d17e5273 Mon Sep 17 00:00:00 2001
Message-Id: <9271efe525e9cfaf1aad931ffccf61d6d17e5273@dist-git>
From: Peter Krempa <pkrempa@redhat.com>
Date: Thu, 19 Jan 2023 15:16:58 +0100
Subject: [PATCH] qemu: alias: Remove 'oldAlias' argument of
qemuAssignDeviceMemoryAlias
All callers pass 'false' so we no longer need it.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit 6d3f0b11b2b056313b123510c96f2924689341f9)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2158701
---
src/qemu/qemu_alias.c | 13 ++++---------
src/qemu/qemu_alias.h | 3 +--
src/qemu/qemu_hotplug.c | 2 +-
3 files changed, 6 insertions(+), 12 deletions(-)
diff --git a/src/qemu/qemu_alias.c b/src/qemu/qemu_alias.c
index ef8e87ab58..0f1310a0e5 100644
--- a/src/qemu/qemu_alias.c
+++ b/src/qemu/qemu_alias.c
@@ -454,7 +454,6 @@ qemuAssignDeviceRNGAlias(virDomainDef *def,
static int
qemuDeviceMemoryGetAliasID(virDomainDef *def,
virDomainMemoryDef *mem,
- bool oldAlias,
const char *prefix)
{
size_t i;
@@ -462,8 +461,7 @@ qemuDeviceMemoryGetAliasID(virDomainDef *def,
/* virtio-pmem and virtio-mem go onto PCI bus and thus DIMM address is not
* valid */
- if (!oldAlias &&
- mem->model != VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM &&
+ if (mem->model != VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM &&
mem->model != VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM &&
mem->model != VIR_DOMAIN_MEMORY_MODEL_SGX_EPC)
return mem->info.addr.dimm.slot;
@@ -482,8 +480,6 @@ qemuDeviceMemoryGetAliasID(virDomainDef *def,
* qemuAssignDeviceMemoryAlias:
* @def: domain definition. Necessary only if @oldAlias is true.
* @mem: memory device definition
- * @oldAlias: Generate the alias according to the order of the device in @def
- * rather than according to the slot number for legacy reasons.
*
* Generates alias for a memory device according to slot number if @oldAlias is
* false or according to order in @def->mems otherwise.
@@ -492,8 +488,7 @@ qemuDeviceMemoryGetAliasID(virDomainDef *def,
*/
int
qemuAssignDeviceMemoryAlias(virDomainDef *def,
- virDomainMemoryDef *mem,
- bool oldAlias)
+ virDomainMemoryDef *mem)
{
const char *prefix = NULL;
int idx = 0;
@@ -525,7 +520,7 @@ qemuAssignDeviceMemoryAlias(virDomainDef *def,
break;
}
- idx = qemuDeviceMemoryGetAliasID(def, mem, oldAlias, prefix);
+ idx = qemuDeviceMemoryGetAliasID(def, mem, prefix);
mem->info.alias = g_strdup_printf("%s%d", prefix, idx);
return 0;
@@ -685,7 +680,7 @@ qemuAssignDeviceAliases(virDomainDef *def)
qemuAssignDeviceTPMAlias(def->tpms[i], i);
}
for (i = 0; i < def->nmems; i++) {
- if (qemuAssignDeviceMemoryAlias(def, def->mems[i], false) < 0)
+ if (qemuAssignDeviceMemoryAlias(def, def->mems[i]) < 0)
return -1;
}
if (def->vsock) {
diff --git a/src/qemu/qemu_alias.h b/src/qemu/qemu_alias.h
index 6433ae4cec..af9c3f62d3 100644
--- a/src/qemu/qemu_alias.h
+++ b/src/qemu/qemu_alias.h
@@ -55,8 +55,7 @@ void qemuAssignDeviceRNGAlias(virDomainDef *def,
virDomainRNGDef *rng);
int qemuAssignDeviceMemoryAlias(virDomainDef *def,
- virDomainMemoryDef *mems,
- bool oldAlias);
+ virDomainMemoryDef *mems);
void qemuAssignDeviceShmemAlias(virDomainDef *def,
virDomainShmemDef *shmem,
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 5840504d13..2df59873db 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -2275,7 +2275,7 @@ qemuDomainAttachMemory(virQEMUDriver *driver,
goto cleanup;
releaseaddr = true;
- if (qemuAssignDeviceMemoryAlias(vm->def, mem, false) < 0)
+ if (qemuAssignDeviceMemoryAlias(vm->def, mem) < 0)
goto cleanup;
objalias = g_strdup_printf("mem%s", mem->info.alias);
--
2.39.1

53
SOURCES/libvirt-qemu-block-Properly-handle-FD-passed-disk-hot-un-plug.patch Normal file
View File

@ -0,0 +1,53 @@
From bf15c630b7c54637220af65ac84cfd007c1c798a Mon Sep 17 00:00:00 2001
Message-Id: <bf15c630b7c54637220af65ac84cfd007c1c798a@dist-git>
From: Peter Krempa <pkrempa@redhat.com>
Date: Tue, 31 Jan 2023 15:35:05 +0100
Subject: [PATCH] qemu: block: Properly handle FD-passed disk hot-(un-)plug
The hotplug code paths need to be able to pass the FDs to the monitor to
ensure that hotplug works.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit 3b8d669d557bd2ce8874f61e83b6d6074d365ec2)
https://bugzilla.redhat.com/show_bug.cgi?id=2040272
---
src/qemu/qemu_block.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index e865aa17f9..c218262691 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -1410,6 +1410,9 @@ qemuBlockStorageSourceAttachApplyStorageDeps(qemuMonitor *mon,
qemuMonitorAddObject(mon, &data->tlsProps, &data->tlsAlias) < 0)
return -1;
+ if (qemuFDPassTransferMonitor(data->fdpass, mon) < 0)
+ return -1;
+
return 0;
}
@@ -1559,6 +1562,8 @@ qemuBlockStorageSourceAttachRollback(qemuMonitor *mon,
if (data->tlsKeySecretAlias)
ignore_value(qemuMonitorDelObject(mon, data->tlsKeySecretAlias, false));
+ qemuFDPassTransferMonitorRollback(data->fdpass, mon);
+
virErrorRestore(&orig_err);
}
@@ -1609,6 +1614,8 @@ qemuBlockStorageSourceDetachPrepare(virStorageSource *src)
if (srcpriv->tlsKeySecret)
data->tlsKeySecretAlias = g_strdup(srcpriv->tlsKeySecret->alias);
+
+ data->fdpass = srcpriv->fdpass;
}
return g_steal_pointer(&data);
--
2.39.1

117
SOURCES/libvirt-qemu-blockjob-Handle-pending-blockjob-state-only-when-we-need-it.patch Normal file
View File

@ -0,0 +1,117 @@
From 11dd7c99fa96364962f81d4efae0ed220c7a7190 Mon Sep 17 00:00:00 2001
Message-Id: <11dd7c99fa96364962f81d4efae0ed220c7a7190@dist-git>
From: Peter Krempa <pkrempa@redhat.com>
Date: Fri, 10 Feb 2023 17:16:43 +0100
Subject: [PATCH] qemu: blockjob: Handle 'pending' blockjob state only when we
need it
The 'pending' state needs to be handled by the blockjob code only when
the snapshot code requests a block-commit without auto-finalization.
If we always handle it we fail to properly remove the blockjob data for
the 'blockdev-create' job as that also transitions trhough 'pending' but
we'd never update it once it reaches 'concluded' as the code already
thinks that the job has finished and is no longer watching it.
Introduce a 'processPending' property into block job data and set it
only when we know that we need to process 'pending'.
Fixes: 90d9bc9d74a5157167548b26c00b1a016655e295
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2168769
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
(cherry picked from commit c433c2434c0459df98ed3355ef615e341acd9009)
---
src/qemu/qemu_block.c | 1 +
src/qemu/qemu_blockjob.c | 19 ++++++++++---------
src/qemu/qemu_blockjob.h | 4 ++++
3 files changed, 15 insertions(+), 9 deletions(-)
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index c218262691..d8ca50d618 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -3374,6 +3374,7 @@ qemuBlockCommit(virDomainObj *vm,
if (!(job = qemuBlockJobDiskNewCommit(vm, disk, top_parent, topSource,
baseSource,
flags & VIR_DOMAIN_BLOCK_COMMIT_DELETE,
+ autofinalize,
flags)))
goto cleanup;
diff --git a/src/qemu/qemu_blockjob.c b/src/qemu/qemu_blockjob.c
index cb2d05d71d..a20cf1db62 100644
--- a/src/qemu/qemu_blockjob.c
+++ b/src/qemu/qemu_blockjob.c
@@ -274,6 +274,7 @@ qemuBlockJobDiskNewCommit(virDomainObj *vm,
virStorageSource *top,
virStorageSource *base,
bool delete_imgs,
+ virTristateBool autofinalize,
unsigned int jobflags)
{
g_autoptr(qemuBlockJobData) job = NULL;
@@ -290,6 +291,7 @@ qemuBlockJobDiskNewCommit(virDomainObj *vm,
job->data.commit.top = top;
job->data.commit.base = base;
job->data.commit.deleteCommittedImages = delete_imgs;
+ job->processPending = autofinalize == VIR_TRISTATE_BOOL_NO;
job->jobflags = jobflags;
if (qemuBlockJobRegister(job, vm, disk, true) < 0)
@@ -532,8 +534,6 @@ qemuBlockJobRefreshJobs(virDomainObj *vm)
if (job->state == QEMU_BLOCKJOB_STATE_NEW ||
job->state == QEMU_BLOCKJOB_STATE_RUNNING)
job->newstate = newstate;
- } else if (newstate == QEMU_BLOCKJOB_STATE_PENDING) {
- job->newstate = newstate;
}
/* don't update the job otherwise */
}
@@ -1568,13 +1568,14 @@ qemuBlockJobEventProcess(virQEMUDriver *driver,
case QEMU_BLOCKJOB_STATE_PENDING:
/* Similarly as for 'ready' state we should handle it only when
- * previous state was 'new' or 'running' as there are other cases
- * when it can be emitted by QEMU. Currently we need this only when
- * deleting non-active external snapshots. */
- if (job->state == QEMU_BLOCKJOB_STATE_NEW ||
- job->state == QEMU_BLOCKJOB_STATE_RUNNING) {
- job->state = job->newstate;
- qemuDomainSaveStatus(vm);
+ * previous state was 'new' or 'running' and only if the blockjob code
+ * is handling finalization of the job explicitly. */
+ if (job->processPending) {
+ if (job->state == QEMU_BLOCKJOB_STATE_NEW ||
+ job->state == QEMU_BLOCKJOB_STATE_RUNNING) {
+ job->state = job->newstate;
+ qemuDomainSaveStatus(vm);
+ }
}
job->newstate = -1;
break;
diff --git a/src/qemu/qemu_blockjob.h b/src/qemu/qemu_blockjob.h
index e9b283da20..f1ac43b4c7 100644
--- a/src/qemu/qemu_blockjob.h
+++ b/src/qemu/qemu_blockjob.h
@@ -138,6 +138,9 @@ struct _qemuBlockJobData {
int brokentype; /* the previous type of a broken blockjob qemuBlockJobType */
+ bool processPending; /* process the 'pending' state of the job, if the job
+ should not be auto-finalized */
+
bool invalidData; /* the job data (except name) is not valid */
bool reconnected; /* internal field for tracking whether job is live after reconnect to qemu */
};
@@ -175,6 +178,7 @@ qemuBlockJobDiskNewCommit(virDomainObj *vm,
virStorageSource *top,
virStorageSource *base,
bool delete_imgs,
+ virTristateBool autofinalize,
unsigned int jobflags);
qemuBlockJobData *
--
2.39.1

75
SOURCES/libvirt-qemu-capabilities-Introduce-QEMU_CAPS_NETDEV_STREAM_RECONNECT.patch Normal file
View File

@ -0,0 +1,75 @@
From 3bd15e7694b6ad69832e17cf03ac09b2363cba78 Mon Sep 17 00:00:00 2001
Message-Id: <3bd15e7694b6ad69832e17cf03ac09b2363cba78@dist-git>
From: Peter Krempa <pkrempa@redhat.com>
Date: Mon, 20 Feb 2023 17:25:08 +0100
Subject: [PATCH] qemu: capabilities: Introduce
QEMU_CAPS_NETDEV_STREAM_RECONNECT
Detect that the 'stream' netdev backend supports reconnecting.
src/qemu/qemu_capabilities.c
tests/qemucapabilitiesdata/caps_8.0.0.x86_64.xml
both of these files had the usual merge conflicts caused by
unrelated caps flags added upstream but not in RHEL.
Resolves: https://bugzilla.redhat.com/2172098
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 70747222a73ffed5cdadcab492bef67fe7e49aa4)
Signed-off-by: Laine Stump <laine@redhat.com>
---
src/qemu/qemu_capabilities.c | 2 ++
src/qemu/qemu_capabilities.h | 1 +
tests/qemucapabilitiesdata/caps_8.0.0.x86_64.xml | 1 +
3 files changed, 4 insertions(+)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 56cad891cc..61aa99dfc6 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -684,6 +684,7 @@ VIR_ENUM_IMPL(virQEMUCaps,
/* 440 */
"machine-hpet", /* QEMU_CAPS_MACHINE_HPET */
"netdev.stream", /* QEMU_CAPS_NETDEV_STREAM */
+ "netdev.stream.reconnect", /* QEMU_CAPS_NETDEV_STREAM_RECONNECT */
);
@@ -1552,6 +1553,7 @@ static struct virQEMUCapsStringFlags virQEMUCapsQMPSchemaQueries[] = {
{ "nbd-server-start/arg-type/tls-creds", QEMU_CAPS_NBD_TLS },
{ "nbd-server-add/arg-type/bitmap", QEMU_CAPS_NBD_BITMAP },
{ "netdev_add/arg-type/+stream", QEMU_CAPS_NETDEV_STREAM },
+ { "netdev_add/arg-type/+stream/reconnect", QEMU_CAPS_NETDEV_STREAM_RECONNECT },
{ "netdev_add/arg-type/+vhost-vdpa", QEMU_CAPS_NETDEV_VHOST_VDPA },
/* JSON support for -netdev was introduced for the 'dgram' netdev type */
{ "netdev_add/arg-type/type/^dgram", QEMU_CAPS_NETDEV_JSON },
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 15dddd3ea9..8543af868e 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -663,6 +663,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */
/* 440 */
QEMU_CAPS_MACHINE_HPET, /* the HPET timer is configured via -machine, rather than -no-hpet */
QEMU_CAPS_NETDEV_STREAM, /* -netdev stream */
+ QEMU_CAPS_NETDEV_STREAM_RECONNECT, /* -netdev stream supports reconnect */
QEMU_CAPS_LAST /* this must always be the last item */
} virQEMUCapsFlags;
diff --git a/tests/qemucapabilitiesdata/caps_8.0.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_8.0.0.x86_64.xml
index a383075d4d..6d07d07822 100644
--- a/tests/qemucapabilitiesdata/caps_8.0.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_8.0.0.x86_64.xml
@@ -202,6 +202,7 @@
<flag name='screenshot-format-png'/>
<flag name='machine-hpet'/>
<flag name='netdev.stream'/>
+ <flag name='netdev.stream.reconnect'/>
<version>7002050</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>43100244</microcodeVersion>
--
2.39.2

117
SOURCES/libvirt-qemu-command-Handle-FD-passing-commandline-via-qemuBuildBlockStorageSourceAttachDataCommandline.patch Normal file
View File

@ -0,0 +1,117 @@
From 659a0e3cda2f5561abe45ccc10afc41014d1a331 Mon Sep 17 00:00:00 2001
Message-Id: <659a0e3cda2f5561abe45ccc10afc41014d1a331@dist-git>
From: Peter Krempa <pkrempa@redhat.com>
Date: Tue, 31 Jan 2023 14:37:40 +0100
Subject: [PATCH] qemu: command: Handle FD passing commandline via
qemuBuildBlockStorageSourceAttachDataCommandline
Copy the pointer to qemuFDPass into struct qemuBlockStorageSourceAttachData
so that it can be used from qemuBuildBlockStorageSourceAttachDataCommandline
rather than looping again in qemuBuildDiskSourceCommandLineFDs.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit 65f14232fb031b57fad085a2e8792da87c97173f)
https://bugzilla.redhat.com/show_bug.cgi?id=2040272
---
src/qemu/qemu_block.h | 2 ++
src/qemu/qemu_command.c | 26 +++----------------
.../disk-source-fd.x86_64-latest.args | 6 ++---
3 files changed, 9 insertions(+), 25 deletions(-)
diff --git a/src/qemu/qemu_block.h b/src/qemu/qemu_block.h
index eac986e0f0..5a61a19da2 100644
--- a/src/qemu/qemu_block.h
+++ b/src/qemu/qemu_block.h
@@ -99,6 +99,8 @@ struct qemuBlockStorageSourceAttachData {
char *tlsAlias;
virJSONValue *tlsKeySecretProps;
char *tlsKeySecretAlias;
+
+ qemuFDPass *fdpass;
};
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index b96f2d33c1..5edad046d5 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -2119,6 +2119,8 @@ qemuBuildBlockStorageSourceAttachDataCommandline(virCommand *cmd,
return -1;
}
+ qemuFDPassTransferCommand(data->fdpass, cmd);
+
if (data->storageProps) {
if (!(tmp = virJSONValueToString(data->storageProps, false)))
return -1;
@@ -2147,25 +2149,6 @@ qemuBuildBlockStorageSourceAttachDataCommandline(virCommand *cmd,
}
-static int
-qemuBuildDiskSourceCommandLineFDs(virCommand *cmd,
- virDomainDiskDef *disk)
-{
- virStorageSource *n;
-
- for (n = disk->src; virStorageSourceIsBacking(n); n = n->backingStore) {
- qemuDomainStorageSourcePrivate *srcpriv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(n);
-
- if (!srcpriv || !srcpriv->fdpass)
- continue;
-
- qemuFDPassTransferCommand(srcpriv->fdpass, cmd);
- }
-
- return 0;
-}
-
-
static int
qemuBuildDiskSourceCommandLine(virCommand *cmd,
virDomainDiskDef *disk,
@@ -2183,9 +2166,6 @@ qemuBuildDiskSourceCommandLine(virCommand *cmd,
if (virStorageSourceIsEmpty(disk->src))
return 0;
- if (qemuBuildDiskSourceCommandLineFDs(cmd, disk) < 0)
- return -1;
-
if (!(data = qemuBuildStorageSourceChainAttachPrepareBlockdev(disk->src)))
return -1;
@@ -10537,6 +10517,8 @@ qemuBuildStorageSourceAttachPrepareCommon(virStorageSource *src,
tlsKeySecretAlias = srcpriv->tlsKeySecret->alias;
}
+
+ data->fdpass = srcpriv->fdpass;
}
if (src->haveTLS == VIR_TRISTATE_BOOL_YES &&
diff --git a/tests/qemuxml2argvdata/disk-source-fd.x86_64-latest.args b/tests/qemuxml2argvdata/disk-source-fd.x86_64-latest.args
index b4a81acfc7..a7ddd65000 100644
--- a/tests/qemuxml2argvdata/disk-source-fd.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/disk-source-fd.x86_64-latest.args
@@ -33,13 +33,13 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
-blockdev '{"driver":"file","filename":"/dev/fdset/2","node-name":"libvirt-4-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-4-format","read-only":false,"driver":"qcow2","file":"libvirt-4-storage"}' \
-device '{"driver":"virtio-blk-pci","bus":"pci.0","addr":"0x2","drive":"libvirt-4-format","id":"virtio-disk4","bootindex":1}' \
--add-fd set=0,fd=704,opaque=libvirt-1-storage0 \
--add-fd set=1,fd=777,opaque=libvirt-2-storage0 \
--add-fd set=1,fd=778,opaque=libvirt-2-storage1 \
-blockdev '{"driver":"file","filename":"/var/lib/libvirt/images/rhel7.1484071876","node-name":"libvirt-3-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-3-format","read-only":true,"driver":"qcow2","file":"libvirt-3-storage","backing":null}' \
+-add-fd set=1,fd=777,opaque=libvirt-2-storage0 \
+-add-fd set=1,fd=778,opaque=libvirt-2-storage1 \
-blockdev '{"driver":"file","filename":"/dev/fdset/1","node-name":"libvirt-2-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-2-format","read-only":true,"driver":"qcow2","file":"libvirt-2-storage","backing":"libvirt-3-format"}' \
+-add-fd set=0,fd=704,opaque=libvirt-1-storage0 \
-blockdev '{"driver":"file","filename":"/dev/fdset/0","node-name":"libvirt-1-storage","read-only":false,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"qcow2","file":"libvirt-1-storage","backing":"libvirt-2-format"}' \
-device '{"driver":"virtio-blk-pci","bus":"pci.0","addr":"0x3","drive":"libvirt-1-format","id":"virtio-disk5"}' \
--
2.39.1

39
SOURCES/libvirt-qemu-domain-Fix-logic-when-tainting-domain.patch Normal file
View File

@ -0,0 +1,39 @@
From d0f4b44754db733db8a180aa18c06bb17dd21b1a Mon Sep 17 00:00:00 2001
Message-Id: <d0f4b44754db733db8a180aa18c06bb17dd21b1a@dist-git>
From: Peter Krempa <pkrempa@redhat.com>
Date: Wed, 1 Mar 2023 17:09:42 +0100
Subject: [PATCH] qemu: domain: Fix logic when tainting domain
Originally the code was skipping all repeated taints with the same taint
flag but a logic bug introduced in commit 30626ed15b239c424ae inverted
the condition. This caused that actually the first occurence was NOT
logged but any subsequent was.
This was noticed when going through oVirt logs as they use custom guest
agent commands and the logs are totally spammed with this message.
Fixes: 30626ed15b239c424ae891f096057a696eadd715
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
(cherry picked from commit 9134b40d0b43a5e1a9928b0a0d948205941d9807)
https://bugzilla.redhat.com/show_bug.cgi?id=2174446
---
src/qemu/qemu_domain.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 26408b90a2..374b881146 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -6591,7 +6591,7 @@ void qemuDomainObjTaintMsg(virQEMUDriver *driver,
const char *extrasuffix = "";
va_list args;
- if (virDomainObjTaint(obj, taint)) {
+ if (!virDomainObjTaint(obj, taint)) {
/* If an extra message was given we must always
* emit the taint warning, otherwise it is a
* one-time only warning per VM
--
2.39.2

103
SOURCES/libvirt-qemu-domain-Store-fdset-ID-for-disks-passed-to-qemu-via-FD.patch Normal file
View File

@ -0,0 +1,103 @@
From 0fe11b92a8278ffab202033a61340649b0296368 Mon Sep 17 00:00:00 2001
Message-Id: <0fe11b92a8278ffab202033a61340649b0296368@dist-git>
From: Peter Krempa <pkrempa@redhat.com>
Date: Tue, 31 Jan 2023 15:30:51 +0100
Subject: [PATCH] qemu: domain: Store fdset ID for disks passed to qemu via FD
To ensure that we can hot-unplug the disk including the associated fdset
we need to store the fdset ID in the status XML.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit f730b1e4f203cbabe363aab246d8a1679063f756)
https://bugzilla.redhat.com/show_bug.cgi?id=2040272
---
src/qemu/qemu_domain.c | 17 ++++++++++++++++-
tests/qemustatusxml2xmldata/modern-in.xml | 3 +++
2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 226d4d6dc1..247134672b 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1941,6 +1941,8 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt,
g_autofree char *httpcookiealias = NULL;
g_autofree char *tlskeyalias = NULL;
g_autofree char *thresholdEventWithIndex = NULL;
+ bool fdsetPresent = false;
+ unsigned int fdSetID;
src->nodestorage = virXPathString("string(./nodenames/nodename[@type='storage']/@name)", ctxt);
src->nodeformat = virXPathString("string(./nodenames/nodename[@type='format']/@name)", ctxt);
@@ -1957,7 +1959,9 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt,
httpcookiealias = virXPathString("string(./objects/secret[@type='httpcookie']/@alias)", ctxt);
tlskeyalias = virXPathString("string(./objects/secret[@type='tlskey']/@alias)", ctxt);
- if (authalias || encalias || httpcookiealias || tlskeyalias) {
+ fdsetPresent = virXPathUInt("string(./fdsets/fdset[@type='storage']/@id)", ctxt, &fdSetID) == 0;
+
+ if (authalias || encalias || httpcookiealias || tlskeyalias || fdsetPresent) {
if (!src->privateData &&
!(src->privateData = qemuDomainStorageSourcePrivateNew()))
return -1;
@@ -1975,6 +1979,9 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt,
if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->tlsKeySecret, &tlskeyalias) < 0)
return -1;
+
+ if (fdsetPresent)
+ priv->fdpass = qemuFDPassNewPassed(fdSetID);
}
if (virStorageSourcePrivateDataParseRelPath(ctxt, src) < 0)
@@ -2008,6 +2015,7 @@ qemuStorageSourcePrivateDataFormat(virStorageSource *src,
qemuDomainStorageSourcePrivate *srcPriv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(src);
g_auto(virBuffer) nodenamesChildBuf = VIR_BUFFER_INIT_CHILD(buf);
g_auto(virBuffer) objectsChildBuf = VIR_BUFFER_INIT_CHILD(buf);
+ g_auto(virBuffer) fdsetsChildBuf = VIR_BUFFER_INIT_CHILD(buf);
virBufferEscapeString(&nodenamesChildBuf, "<nodename type='storage' name='%s'/>\n", src->nodestorage);
virBufferEscapeString(&nodenamesChildBuf, "<nodename type='format' name='%s'/>\n", src->nodeformat);
@@ -2025,10 +2033,15 @@ qemuStorageSourcePrivateDataFormat(virStorageSource *src,
return -1;
if (srcPriv) {
+ unsigned int fdSetID;
+
qemuStorageSourcePrivateDataFormatSecinfo(&objectsChildBuf, srcPriv->secinfo, "auth");
qemuStorageSourcePrivateDataFormatSecinfo(&objectsChildBuf, srcPriv->encinfo, "encryption");
qemuStorageSourcePrivateDataFormatSecinfo(&objectsChildBuf, srcPriv->httpcookie, "httpcookie");
qemuStorageSourcePrivateDataFormatSecinfo(&objectsChildBuf, srcPriv->tlsKeySecret, "tlskey");
+
+ if (qemuFDPassIsPassed(srcPriv->fdpass, &fdSetID))
+ virBufferAsprintf(&fdsetsChildBuf, "<fdset type='storage' id='%u'/>\n", fdSetID);
}
if (src->tlsAlias)
@@ -2036,6 +2049,8 @@ qemuStorageSourcePrivateDataFormat(virStorageSource *src,
virXMLFormatElement(buf, "objects", NULL, &objectsChildBuf);
+ virXMLFormatElement(buf, "fdsets", NULL, &fdsetsChildBuf);
+
if (src->thresholdEventWithIndex)
virBufferAddLit(buf, "<thresholdEvent indexUsed='yes'/>\n");
diff --git a/tests/qemustatusxml2xmldata/modern-in.xml b/tests/qemustatusxml2xmldata/modern-in.xml
index 7759034f7a..f5beab722b 100644
--- a/tests/qemustatusxml2xmldata/modern-in.xml
+++ b/tests/qemustatusxml2xmldata/modern-in.xml
@@ -341,6 +341,9 @@
<secret type='tlskey' alias='tls-certificate-key-alias'/>
<TLSx509 alias='transport-alias'/>
</objects>
+ <fdsets>
+ <fdset type='storage' id='1337'/>
+ </fdsets>
<thresholdEvent indexUsed='yes'/>
</privateData>
</source>
--
2.39.1

61
SOURCES/libvirt-qemu-don-t-call-qemuMigrationSrcIsAllowedHostdev-from-qemuMigrationDstPrepareFresh.patch
View File

@ -1,61 +0,0 @@
From d51e6092ed7977daf662ed1def0f6cd5cc6ba33d Mon Sep 17 00:00:00 2001
Message-Id: <d51e6092ed7977daf662ed1def0f6cd5cc6ba33d@dist-git>
From: Laine Stump <laine@redhat.com>
Date: Wed, 27 Jul 2022 12:14:10 -0400
Subject: [PATCH] qemu: don't call qemuMigrationSrcIsAllowedHostdev() from
qemuMigrationDstPrepareFresh()
This call to qemuMigrationSrcIsAllowedHostdev() (which does a
hardcoded fail of the migration if there is any PCI or mdev hostdev
device in the domain) while doing the destination side of migration
prep was found once the call to that same function was removed from
the source side migration prep (commit 25883cd5).
According to jdenemar, for the V2 migration protocol, prep of the
destination is the first step, so this *was* the proper place to do
the check, but for V3 migration this is in a way redundant (since we
will have already done the check on the source side (updated by
25883cd5 to query QEMU rather than do a hardcoded fail)).
Of course it's possible that the source could support migration of a
particular VFIO device, but the destination doesn't. But the current
check on the destination side is worthless even in that case, since it
is just *always* failing rather than querying QEMU; and QEMU can't be
queried at the point where the destination check is happening, since
it isn't yet running.
Anyway QEMU should complain when it's started if it's going to fail,
so removing this check should just move the failure to happen a bit
later. So the best solution to this problem is to simply remove the
hardcoded check/fail from qemuMigrationDstPrepareFresh() and rely on
QEMU to fail if it needs to.
Fixes: 25883cd5f0b188f2417f294b7d219a77b219f7c2
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit 640d185f01858b7a8db401235c929ac4798592d0)
https://bugzilla.redhat.com/show_bug.cgi?id=1497907
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_migration.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 61fcaf4258..e3ba4c3f78 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -3382,9 +3382,6 @@ qemuMigrationDstPrepareFresh(virQEMUDriver *driver,
QEMU_MIGRATION_COOKIE_CAPS;
}
- if (!qemuMigrationSrcIsAllowedHostdev(*def))
- goto cleanup;
-
/* Let migration hook filter domain XML */
if (virHookPresent(VIR_HOOK_DRIVER_QEMU)) {
g_autofree char *xml = NULL;
--
2.35.1

87
SOURCES/libvirt-qemu-don-t-try-to-query-QEMU-about-migration-blockers-during-offline-migration.patch
View File

@ -1,87 +0,0 @@
From 80ac99d0f947f5e2fe4ff7fe9fb63b6dc6cbc1bb Mon Sep 17 00:00:00 2001
Message-Id: <80ac99d0f947f5e2fe4ff7fe9fb63b6dc6cbc1bb@dist-git>
From: Laine Stump <laine@redhat.com>
Date: Thu, 21 Jul 2022 01:56:11 -0400
Subject: [PATCH] qemu: don't try to query QEMU about migration blockers during
offline migration
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The new code that queries QEMU about migration blockers was put at the
top of qemuMigrationSrcIsAllowed(), but that function can also be
called in the case of offline migration (ie when the domain is
inactive / QEMU isn't running). This check should have been put inside
the "if (!(flags & VIR_MIGRATE_OFFLINE))" conditional, so let's move
it there.
Fixes: 156e99f686690855be4e45d9b8b3194191a8bc31
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit 2dd5587f1dc8e2cf4e6e0a4e4cf576b8183b33cd)
Resolves: https://bugzilla.redhat.com/2092833
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
---
src/qemu/qemu_migration.c | 39 +++++++++++++++++++++------------------
1 file changed, 21 insertions(+), 18 deletions(-)
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 735eb02673..96c4c0f1da 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -1458,24 +1458,6 @@ qemuMigrationSrcIsAllowed(virQEMUDriver *driver,
int nsnapshots;
int pauseReason;
size_t i;
- bool blockedReasonsCap = virQEMUCapsGet(priv->qemuCaps,
- QEMU_CAPS_MIGRATION_BLOCKED_REASONS);
-
- /* Ask qemu if it has a migration blocker */
- if (blockedReasonsCap) {
- g_auto(GStrv) blockers = NULL;
- if (qemuDomainGetMigrationBlockers(driver, vm,
- VIR_ASYNC_JOB_MIGRATION_OUT,
- &blockers) < 0)
- return false;
-
- if (blockers && blockers[0]) {
- g_autofree char *reasons = g_strjoinv("; ", blockers);
- virReportError(VIR_ERR_OPERATION_INVALID,
- _("cannot migrate domain: %s"), reasons);
- return false;
- }
- }
/* perform these checks only when migrating to remote hosts */
if (remote) {
@@ -1493,6 +1475,27 @@ qemuMigrationSrcIsAllowed(virQEMUDriver *driver,
/* following checks don't make sense for offline migration */
if (!(flags & VIR_MIGRATE_OFFLINE)) {
+ bool blockedReasonsCap = virQEMUCapsGet(priv->qemuCaps,
+ QEMU_CAPS_MIGRATION_BLOCKED_REASONS);
+
+ /* Ask qemu if it has a migration blocker */
+ if (blockedReasonsCap) {
+ g_auto(GStrv) blockers = NULL;
+
+ if (qemuDomainGetMigrationBlockers(driver, vm,
+ VIR_ASYNC_JOB_MIGRATION_OUT,
+ &blockers) < 0) {
+ return false;
+ }
+
+ if (blockers && blockers[0]) {
+ g_autofree char *reasons = g_strjoinv("; ", blockers);
+ virReportError(VIR_ERR_OPERATION_INVALID,
+ _("cannot migrate domain: %s"), reasons);
+ return false;
+ }
+ }
+
if (remote) {
/* cancel migration if disk I/O error is emitted while migrating */
if (flags & VIR_MIGRATE_ABORT_ON_ERROR &&
--
2.35.1

97
SOURCES/libvirt-qemu-fd-Add-helpers-allowing-storing-FD-set-data-in-status-XML.patch Normal file
View File

@ -0,0 +1,97 @@
From f7d193539a8a7194ee3506642b68e0e52619cdf9 Mon Sep 17 00:00:00 2001
Message-Id: <f7d193539a8a7194ee3506642b68e0e52619cdf9@dist-git>
From: Peter Krempa <pkrempa@redhat.com>
Date: Tue, 31 Jan 2023 15:25:57 +0100
Subject: [PATCH] qemu: fd: Add helpers allowing storing FD set data in status
XML
Rollback of FD sets passed to qemu is also needed after possible restart
of libvirtd when we need to serialize the data into status XML. For this
purpose we need to access the fdset ID once it was passed to qemu and
potentially re-create a 'qemuFDPass' struct in passed state.
Introduce 'qemuFDPassNewPassed' and 'qemuFDPassIsPassed'.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit 5598c10c6464887a99928de48fb2fc3e4f1696dc)
https://bugzilla.redhat.com/show_bug.cgi?id=2040272
---
src/qemu/qemu_fd.c | 41 +++++++++++++++++++++++++++++++++++++++++
src/qemu/qemu_fd.h | 7 +++++++
2 files changed, 48 insertions(+)
diff --git a/src/qemu/qemu_fd.c b/src/qemu/qemu_fd.c
index ebeeb65505..f5eedb88ec 100644
--- a/src/qemu/qemu_fd.c
+++ b/src/qemu/qemu_fd.c
@@ -96,6 +96,47 @@ qemuFDPassNew(const char *prefix,
}
+/**
+ * qemuFDPassNewPassed:
+ * @fdSetID: ID of an FDset which was allready passed to qemu
+ *
+ * Create qemuFDPass pointing to an already passed FD. Useful to usw with
+ * qemuFDPassTransferMonitorRollback, when restoring after restart.
+ */
+qemuFDPass *
+qemuFDPassNewPassed(unsigned int fdSetID)
+{
+ qemuFDPass *fdpass = g_new0(qemuFDPass, 1);
+
+ fdpass->fdSetID = fdSetID;
+ fdpass->passed = true;
+
+ return fdpass;
+}
+
+
+/**
+ * qemuFDPassIsPassed:
+ * @fdpass: The fd passing helper struct
+ * @id: when non-NULL filled with the fdset ID
+ *
+ * Returns true if @fdpass was passed to qemu. In such case @id is also filled
+ * with the ID of the fdset if non-NULL.
+ */
+bool
+qemuFDPassIsPassed(qemuFDPass *fdpass,
+ unsigned *id)
+{
+ if (!fdpass || !fdpass->passed)
+ return false;
+
+ if (id)
+ *id = fdpass->fdSetID;
+
+ return true;
+}
+
+
/**
* qemuFDPassAddFD:
* @fdpass: The fd passing helper struct
diff --git a/src/qemu/qemu_fd.h b/src/qemu/qemu_fd.h
index 032b9442ee..cd0ff2c690 100644
--- a/src/qemu/qemu_fd.h
+++ b/src/qemu/qemu_fd.h
@@ -31,6 +31,13 @@ qemuFDPass *
qemuFDPassNew(const char *prefix,
void *dompriv);
+qemuFDPass *
+qemuFDPassNewPassed(unsigned int fdSetID);
+
+bool
+qemuFDPassIsPassed(qemuFDPass *fdpass,
+ unsigned *id);
+
void
qemuFDPassAddFD(qemuFDPass *fdpass,
int *fd,
--
2.39.1

51
SOURCES/libvirt-qemu-hotplug-Remove-legacy-quirk-for-dimm-address-generation.patch Normal file
View File

@ -0,0 +1,51 @@
From b6eb914119af7e724cbee27951cfba0a6afb3b97 Mon Sep 17 00:00:00 2001
Message-Id: <b6eb914119af7e724cbee27951cfba0a6afb3b97@dist-git>
From: Peter Krempa <pkrempa@redhat.com>
Date: Thu, 19 Jan 2023 15:06:11 +0100
Subject: [PATCH] qemu: hotplug: Remove legacy quirk for 'dimm' address
generation
Commit b7798a07f93 (in fall of 2016) changed the way we generate aliases
for 'dimm' memory devices as the alias itself is part of the migration
stream section naming and thus must be treated as ABI.
The code added compatibility layer for VMs with memory hotplug started
with the old scheme to prevent from generating wrong aliases. The
compatibility layer broke though later when 'nvdimm' and 'pmem' devices
were introduced as it wrongly detected them as old configuration.
Now rather than attempting to fix the legacy compat layer to treat other
devices properly we'll be better off simply removing it as it's
extremely unlikely that somebody has a VM started in 2016 running with
today's libvirt and attempts to hotplug more memory.
This fixes a corner case when a user hot-adds a 'dimm' into a VM with a
'dimm' and a 'nvdimm' after restart of libvirtd and then attempts to
migrate the VM.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2158701
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit 50ce3463d514950350143f03e8421c8c31889c5d)
---
src/qemu/qemu_hotplug.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 026e1ee5ad..5840504d13 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -2275,9 +2275,7 @@ qemuDomainAttachMemory(virQEMUDriver *driver,
goto cleanup;
releaseaddr = true;
- /* in cases where we are using a VM with aliases generated according to the
- * index of the memory device we need to keep continue using that scheme */
- if (qemuAssignDeviceMemoryAlias(vm->def, mem, priv->memAliasOrderMismatch) < 0)
+ if (qemuAssignDeviceMemoryAlias(vm->def, mem, false) < 0)
goto cleanup;
objalias = g_strdup_printf("mem%s", mem->info.alias);
--
2.39.1

206
SOURCES/libvirt-qemu-introduce-capability-QEMU_CAPS_MIGRATION_BLOCKED_REASONS.patch
View File

@ -1,206 +0,0 @@
From 81f8b07ed1e4e485ded7f366739c110351120785 Mon Sep 17 00:00:00 2001
Message-Id: <81f8b07ed1e4e485ded7f366739c110351120785@dist-git>
From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
Date: Thu, 21 Jul 2022 19:29:05 +0200
Subject: [PATCH] qemu: introduce capability
QEMU_CAPS_MIGRATION_BLOCKED_REASONS
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
since qemu 6.0, if migration is blocked for some reason, 'query-migrate'
will return an array of error strings describing the migration blockers.
This can be used to check whether there are any devices blocking
migration, etc.
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
(cherry picked from commit 1e9d84d9f9513a73572842db30e3d1445e892291)
Resolves: https://bugzilla.redhat.com/2092833
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
---
src/qemu/qemu_capabilities.c | 2 ++
src/qemu/qemu_capabilities.h | 1 +
tests/qemucapabilitiesdata/caps_6.0.0.aarch64.xml | 1 +
tests/qemucapabilitiesdata/caps_6.0.0.s390x.xml | 1 +
tests/qemucapabilitiesdata/caps_6.0.0.x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_6.2.0.aarch64.xml | 1 +
tests/qemucapabilitiesdata/caps_6.2.0.ppc64.xml | 1 +
tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_7.0.0.aarch64.xml | 1 +
tests/qemucapabilitiesdata/caps_7.0.0.ppc64.xml | 1 +
tests/qemucapabilitiesdata/caps_7.0.0.x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_7.1.0.x86_64.xml | 1 +
13 files changed, 14 insertions(+)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 8586930266..48002f3b58 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -671,6 +671,7 @@ VIR_ENUM_IMPL(virQEMUCaps,
"chardev.qemu-vdagent", /* QEMU_CAPS_CHARDEV_QEMU_VDAGENT */
"display-dbus", /* QEMU_CAPS_DISPLAY_DBUS */
"iothread.thread-pool-max", /* QEMU_CAPS_IOTHREAD_THREAD_POOL_MAX */
+ "migration.blocked-reasons", /* QEMU_CAPS_MIGRATION_BLOCKED_REASONS */
);
@@ -1623,6 +1624,7 @@ static struct virQEMUCapsStringFlags virQEMUCapsQMPSchemaQueries[] = {
{ "chardev-add/arg-type/backend/+qemu-vdagent", QEMU_CAPS_CHARDEV_QEMU_VDAGENT },
{ "query-display-options/ret-type/+dbus", QEMU_CAPS_DISPLAY_DBUS },
{ "object-add/arg-type/+iothread/thread-pool-max", QEMU_CAPS_IOTHREAD_THREAD_POOL_MAX },
+ { "query-migrate/ret-type/blocked-reasons", QEMU_CAPS_MIGRATION_BLOCKED_REASONS },
};
typedef struct _virQEMUCapsObjectTypeProps virQEMUCapsObjectTypeProps;
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 6f35ba1485..570e43292d 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -650,6 +650,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */
QEMU_CAPS_CHARDEV_QEMU_VDAGENT, /* -chardev qemu-vdagent */
QEMU_CAPS_DISPLAY_DBUS, /* -display dbus */
QEMU_CAPS_IOTHREAD_THREAD_POOL_MAX, /* -object iothread.thread-pool-max */
+ QEMU_CAPS_MIGRATION_BLOCKED_REASONS, /* query-migrate returns 'blocked-reasons */
QEMU_CAPS_LAST /* this must always be the last item */
} virQEMUCapsFlags;
diff --git a/tests/qemucapabilitiesdata/caps_6.0.0.aarch64.xml b/tests/qemucapabilitiesdata/caps_6.0.0.aarch64.xml
index 4b4cc2d3aa..3e48d17811 100644
--- a/tests/qemucapabilitiesdata/caps_6.0.0.aarch64.xml
+++ b/tests/qemucapabilitiesdata/caps_6.0.0.aarch64.xml
@@ -189,6 +189,7 @@
<flag name='memory-backend-file.prealloc-threads'/>
<flag name='virtio-iommu-pci'/>
<flag name='virtio-net.rss'/>
+ <flag name='migration.blocked-reasons'/>
<version>6000000</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>61700242</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_6.0.0.s390x.xml b/tests/qemucapabilitiesdata/caps_6.0.0.s390x.xml
index 06543071aa..790b7221d4 100644
--- a/tests/qemucapabilitiesdata/caps_6.0.0.s390x.xml
+++ b/tests/qemucapabilitiesdata/caps_6.0.0.s390x.xml
@@ -147,6 +147,7 @@
<flag name='memory-backend-file.prealloc-threads'/>
<flag name='virtio-iommu-pci'/>
<flag name='virtio-net.rss'/>
+ <flag name='migration.blocked-reasons'/>
<version>6000000</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>39100242</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_6.0.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_6.0.0.x86_64.xml
index 8c61bf8a84..86c3732c72 100644
--- a/tests/qemucapabilitiesdata/caps_6.0.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_6.0.0.x86_64.xml
@@ -231,6 +231,7 @@
<flag name='memory-backend-file.prealloc-threads'/>
<flag name='virtio-iommu-pci'/>
<flag name='virtio-net.rss'/>
+ <flag name='migration.blocked-reasons'/>
<version>6000000</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>43100242</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml
index afd8f606eb..bd76a7a398 100644
--- a/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml
@@ -236,6 +236,7 @@
<flag name='virtio-iommu-pci'/>
<flag name='virtio-net.rss'/>
<flag name='chardev.qemu-vdagent'/>
+ <flag name='migration.blocked-reasons'/>
<version>6001000</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>43100243</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_6.2.0.aarch64.xml b/tests/qemucapabilitiesdata/caps_6.2.0.aarch64.xml
index 86fc46918f..6ed51ec796 100644
--- a/tests/qemucapabilitiesdata/caps_6.2.0.aarch64.xml
+++ b/tests/qemucapabilitiesdata/caps_6.2.0.aarch64.xml
@@ -201,6 +201,7 @@
<flag name='virtio-iommu-pci'/>
<flag name='virtio-net.rss'/>
<flag name='chardev.qemu-vdagent'/>
+ <flag name='migration.blocked-reasons'/>
<version>6001050</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>61700244</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_6.2.0.ppc64.xml b/tests/qemucapabilitiesdata/caps_6.2.0.ppc64.xml
index 983b54430d..1a98fe122e 100644
--- a/tests/qemucapabilitiesdata/caps_6.2.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_6.2.0.ppc64.xml
@@ -196,6 +196,7 @@
<flag name='memory-backend-file.prealloc-threads'/>
<flag name='virtio-iommu-pci'/>
<flag name='virtio-net.rss'/>
+ <flag name='migration.blocked-reasons'/>
<version>6002000</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>42900244</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml
index 19605d93ae..a77efaaa37 100644
--- a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml
@@ -238,6 +238,7 @@
<flag name='virtio-iommu-pci'/>
<flag name='virtio-net.rss'/>
<flag name='chardev.qemu-vdagent'/>
+ <flag name='migration.blocked-reasons'/>
<version>6002000</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>43100244</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_7.0.0.aarch64.xml b/tests/qemucapabilitiesdata/caps_7.0.0.aarch64.xml
index e24e2235fb..6848a075a8 100644
--- a/tests/qemucapabilitiesdata/caps_7.0.0.aarch64.xml
+++ b/tests/qemucapabilitiesdata/caps_7.0.0.aarch64.xml
@@ -209,6 +209,7 @@
<flag name='virtio-iommu.boot-bypass'/>
<flag name='virtio-net.rss'/>
<flag name='chardev.qemu-vdagent'/>
+ <flag name='migration.blocked-reasons'/>
<version>6002092</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>61700243</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_7.0.0.ppc64.xml b/tests/qemucapabilitiesdata/caps_7.0.0.ppc64.xml
index 83e0f50e3a..cf4286b78b 100644
--- a/tests/qemucapabilitiesdata/caps_7.0.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_7.0.0.ppc64.xml
@@ -213,6 +213,7 @@
<flag name='virtio-iommu.boot-bypass'/>
<flag name='virtio-net.rss'/>
<flag name='chardev.qemu-vdagent'/>
+ <flag name='migration.blocked-reasons'/>
<version>7000000</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>42900243</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_7.0.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_7.0.0.x86_64.xml
index 05f844fd5b..8e2c1652f9 100644
--- a/tests/qemucapabilitiesdata/caps_7.0.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_7.0.0.x86_64.xml
@@ -243,6 +243,7 @@
<flag name='virtio-net.rss'/>
<flag name='chardev.qemu-vdagent'/>
<flag name='display-dbus'/>
+ <flag name='migration.blocked-reasons'/>
<version>7000000</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>43100243</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_7.1.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_7.1.0.x86_64.xml
index 3707d9b7c9..9bdb207c4e 100644
--- a/tests/qemucapabilitiesdata/caps_7.1.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_7.1.0.x86_64.xml
@@ -244,6 +244,7 @@
<flag name='chardev.qemu-vdagent'/>
<flag name='display-dbus'/>
<flag name='iothread.thread-pool-max'/>
+ <flag name='migration.blocked-reasons'/>
<version>7000050</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>43100244</microcodeVersion>
--
2.35.1

140
SOURCES/libvirt-qemu-new-function-to-retrieve-migration-blocker-reasons-from-QEMU.patch
View File

@ -1,140 +0,0 @@
From 90d326f60706a990db3ed49ba338d911471578c0 Mon Sep 17 00:00:00 2001
Message-Id: <90d326f60706a990db3ed49ba338d911471578c0@dist-git>
From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
Date: Thu, 21 Jul 2022 19:29:10 +0200
Subject: [PATCH] qemu: new function to retrieve migration blocker reasons from
QEMU
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Since QEMU 6.0, if migration is blocked for some reason,
'query-migrate' will return an array of error strings describing the
migration blockers. This can be used to check whether there are any
devices, or other conditions, that would cause migration to fail.
This patch adds a function that sends this query via a QMP command and
returns the resulting array of reasons. qemuMigrationSrcIsAllowed()
will be able to use the new function to ask QEMU for migration
blockers, instead of the hardcoded guesses that libvirt currently has.
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
(cherry picked from commit 7e52c4839fabac2d19c6f22c99142e992e3d898e)
Resolves: https://bugzilla.redhat.com/2092833
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
---
src/qemu/qemu_monitor.c | 12 ++++++++++
src/qemu/qemu_monitor.h | 4 ++++
src/qemu/qemu_monitor_json.c | 46 ++++++++++++++++++++++++++++++++++++
src/qemu/qemu_monitor_json.h | 3 +++
4 files changed, 65 insertions(+)
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index fda5d2f368..865a3e69ed 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -4541,3 +4541,15 @@ qemuMonitorMigrateRecover(qemuMonitor *mon,
return qemuMonitorJSONMigrateRecover(mon, uri);
}
+
+
+int
+qemuMonitorGetMigrationBlockers(qemuMonitor *mon,
+ char ***blockers)
+{
+ VIR_DEBUG("blockers=%p", blockers);
+
+ QEMU_CHECK_MONITOR(mon);
+
+ return qemuMonitorJSONGetMigrationBlockers(mon, blockers);
+}
diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
index 95267ec6c7..0c3f023419 100644
--- a/src/qemu/qemu_monitor.h
+++ b/src/qemu/qemu_monitor.h
@@ -1554,3 +1554,7 @@ qemuMonitorChangeMemoryRequestedSize(qemuMonitor *mon,
int
qemuMonitorMigrateRecover(qemuMonitor *mon,
const char *uri);
+
+int
+qemuMonitorGetMigrationBlockers(qemuMonitor *mon,
+ char ***blockers);
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index 3aad2ab212..84f4589c42 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -3434,6 +3434,52 @@ int qemuMonitorJSONMigrate(qemuMonitor *mon,
return 0;
}
+
+/*
+ * Get the exposed migration blockers.
+ *
+ * This function assume qemu has the capability of request them.
+ *
+ * It returns a NULL terminated array on blockers if there are any, or it set
+ * it to NULL otherwise.
+ */
+int
+qemuMonitorJSONGetMigrationBlockers(qemuMonitor *mon,
+ char ***blockers)
+{
+ g_autoptr(virJSONValue) cmd = NULL;
+ g_autoptr(virJSONValue) reply = NULL;
+ virJSONValue *data;
+ virJSONValue *jblockers;
+ size_t i;
+
+ *blockers = NULL;
+ if (!(cmd = qemuMonitorJSONMakeCommand("query-migrate", NULL)))
+ return -1;
+
+ if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0)
+ return -1;
+
+ if (qemuMonitorJSONCheckReply(cmd, reply, VIR_JSON_TYPE_OBJECT) < 0)
+ return -1;
+
+ data = virJSONValueObjectGetObject(reply, "return");
+
+ if (!(jblockers = virJSONValueObjectGetArray(data, "blocked-reasons")))
+ return 0;
+
+ *blockers = g_new0(char *, virJSONValueArraySize(jblockers) + 1);
+ for (i = 0; i < virJSONValueArraySize(jblockers); i++) {
+ virJSONValue *jblocker = virJSONValueArrayGet(jblockers, i);
+ const char *blocker = virJSONValueGetString(jblocker);
+
+ (*blockers)[i] = g_strdup(blocker);
+ }
+
+ return 0;
+}
+
+
int qemuMonitorJSONMigrateCancel(qemuMonitor *mon)
{
g_autoptr(virJSONValue) cmd = qemuMonitorJSONMakeCommand("migrate_cancel", NULL);
diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h
index ad3853ae69..4e7d6a1a8d 100644
--- a/src/qemu/qemu_monitor_json.h
+++ b/src/qemu/qemu_monitor_json.h
@@ -199,6 +199,9 @@ qemuMonitorJSONMigrate(qemuMonitor *mon,
unsigned int flags,
const char *uri);
int
+qemuMonitorJSONGetMigrationBlockers(qemuMonitor *mon,
+ char ***blockers);
+int
qemuMonitorJSONGetSpiceMigrationStatus(qemuMonitor *mon,
bool *spice_migrated);
--
2.35.1

80
SOURCES/libvirt-qemu-query-QEMU-for-migration-blockers-before-our-own-harcoded-checks.patch
View File

@ -1,80 +0,0 @@
From 9764a6c484d4f3586b0e0be33e8c53de63b11edd Mon Sep 17 00:00:00 2001
Message-Id: <9764a6c484d4f3586b0e0be33e8c53de63b11edd@dist-git>
From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
Date: Thu, 21 Jul 2022 19:29:13 +0200
Subject: [PATCH] qemu: query QEMU for migration blockers before our own
harcoded checks
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Since QEMU 6.0, if QEMU knows that a migration would fail,
'query-migrate' will return an array of error strings describing the
migration blockers. This can be used to check whether there are any
devices/conditions blocking migration.
This patch adds a call to this query at the top of
qemuMigrationSrcIsAllowed().
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
(cherry picked from commit 156e99f686690855be4e45d9b8b3194191a8bc31)
Resolves: https://bugzilla.redhat.com/2092833
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
---
src/qemu/qemu_migration.c | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 2a6b7b7819..cfb7626bb0 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -1415,6 +1415,22 @@ qemuMigrationSrcIsAllowedHostdev(const virDomainDef *def)
}
+static int
+qemuDomainGetMigrationBlockers(virQEMUDriver *driver,
+ virDomainObj *vm,
+ char ***blockers)
+{
+ qemuDomainObjPrivate *priv = vm->privateData;
+ int rc;
+
+ qemuDomainObjEnterMonitor(driver, vm);
+ rc = qemuMonitorGetMigrationBlockers(priv->mon, blockers);
+ qemuDomainObjExitMonitor(vm);
+
+ return rc;
+}
+
+
/**
* qemuMigrationSrcIsAllowed:
* @driver: qemu driver struct
@@ -1440,6 +1456,20 @@ qemuMigrationSrcIsAllowed(virQEMUDriver *driver,
int pauseReason;
size_t i;
+ /* Ask qemu if it has a migration blocker */
+ if (virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_MIGRATION_BLOCKED_REASONS)) {
+ g_auto(GStrv) blockers = NULL;
+ if (qemuDomainGetMigrationBlockers(driver, vm, &blockers) < 0)
+ return false;
+
+ if (blockers && blockers[0]) {
+ g_autofree char *reasons = g_strjoinv("; ", blockers);
+ virReportError(VIR_ERR_OPERATION_INVALID,
+ _("cannot migrate domain: %s"), reasons);
+ return false;
+ }
+ }
+
/* perform these checks only when migrating to remote hosts */
if (remote) {
nsnapshots = virDomainSnapshotObjListNum(vm->snapshots, NULL, 0);
--
2.35.1

58
SOURCES/libvirt-qemu-remove-hardcoded-migration-fail-for-vDPA-devices-if-we-can-ask-QEMU.patch
View File

@ -1,58 +0,0 @@
From 0ba11af2300d0aaf80456575e03848f843ae29de Mon Sep 17 00:00:00 2001
Message-Id: <0ba11af2300d0aaf80456575e03848f843ae29de@dist-git>
From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
Date: Thu, 21 Jul 2022 19:29:15 +0200
Subject: [PATCH] qemu: remove hardcoded migration fail for vDPA devices if we
can ask QEMU
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
vDPA devices will be migratable soon, so we shouldn't unconditionally
block migration of any domain with a vDPA device. Instead, we should
rely on QEMU to make the decision when that info is available from the
query-migrate QMP command (QEMU versions too old to have that info in
the results of query-migrate don't support migration of vDPA devices,
so in that case we will continue to unconditionally block migration).
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
(cherry picked from commit 2103807e330487952f423d86f541a7a28e003e95)
Resolves: https://bugzilla.redhat.com/2092833
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
---
src/qemu/qemu_migration.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index cfb7626bb0..2f77e45abf 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -1455,9 +1455,11 @@ qemuMigrationSrcIsAllowed(virQEMUDriver *driver,
int nsnapshots;
int pauseReason;
size_t i;
+ bool blockedReasonsCap = virQEMUCapsGet(priv->qemuCaps,
+ QEMU_CAPS_MIGRATION_BLOCKED_REASONS);
- /* Ask qemu if it has a migration blocker */
- if (virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_MIGRATION_BLOCKED_REASONS)) {
+ /* Ask qemu if it have a migration blocker */
+ if (blockedReasonsCap) {
g_auto(GStrv) blockers = NULL;
if (qemuDomainGetMigrationBlockers(driver, vm, &blockers) < 0)
return false;
@@ -1576,7 +1578,7 @@ qemuMigrationSrcIsAllowed(virQEMUDriver *driver,
virDomainNetDef *net = vm->def->nets[i];
qemuSlirp *slirp;
- if (net->type == VIR_DOMAIN_NET_TYPE_VDPA) {
+ if (!blockedReasonsCap && net->type == VIR_DOMAIN_NET_TYPE_VDPA) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
_("vDPA devices cannot be migrated"));
return false;
--
2.35.1

308
SOURCES/libvirt-qemu-respond-to-NETDEV_STREAM_DISCONNECTED-event.patch Normal file
View File

@ -0,0 +1,308 @@
From 8a8d77f47e838413c829ee6202eb1f64613d12e1 Mon Sep 17 00:00:00 2001
Message-Id: <8a8d77f47e838413c829ee6202eb1f64613d12e1@dist-git>
From: Laine Stump <laine@redhat.com>
Date: Tue, 21 Feb 2023 01:16:04 -0500
Subject: [PATCH] qemu: respond to NETDEV_STREAM_DISCONNECTED event
When a QEMU netdev is of type "stream", if the socket it uses for
connectivity to the host network gets closed, then QEMU will send a
NETDEV_STREAM_DISCONNECTED event. We know that any stream netdev we've
created is backed by a passt process, and if the socket was closed,
that means the passt process has disappeared.
When we receive this event, we can respond by starting a new passt
process with the same options (including socket path) we originally
used. If we have previously created the stream netdev device with a
"reconnect" option, then QEMU will automatically reconnect to this new
passt process. (If we hadn't used "reconnect", then QEMU will never
try to reconnect to the new passt process, so there's no point in
starting it.)
Note that NETDEV_STREAM_DISCONNECTED is an event sent for the netdev
(ie "host side") of the network device, and so it sends the
"netdev-id" to specify which device was disconnected. But libvirt's
virDomainNetDef (the object used to keep track of network devices) is
the internal representation of both the host-side "netdev", and the
guest side device, and virDomainNetDef doesn't directly keep track of
the netdev-id, only of the device's "alias" (which is the "id"
parameter of the *guest* side of the device). Fortunately, by convention
libvirt always names the host-side of devices as "host" + alias, so in
order to search for the affected NetDef, all we need to do is trim the
1st 4 characters from the netdev-id and look for the NetDef having
that resulting trimmed string as its alias. (Contrast this to
NIC_RX_FILTER_CHANGED, which is an event received for the guest side
of the device, and so directly contains the device alias.)
Resolves: https://bugzilla.redhat.com/2172098
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit f62ce81b8a57d8033be4c661e071cbd12b83bf7b)
Signed-off-by: Laine Stump <laine@redhat.com>
---
src/qemu/qemu_domain.c | 1 +
src/qemu/qemu_domain.h | 1 +
src/qemu/qemu_driver.c | 76 ++++++++++++++++++++++++++++++++++++
src/qemu/qemu_monitor.c | 11 ++++++
src/qemu/qemu_monitor.h | 6 +++
src/qemu/qemu_monitor_json.c | 16 ++++++++
src/qemu/qemu_process.c | 18 +++++++++
7 files changed, 129 insertions(+)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 247134672b..26408b90a2 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -11165,6 +11165,7 @@ qemuProcessEventFree(struct qemuProcessEvent *event)
break;
case QEMU_PROCESS_EVENT_WATCHDOG:
case QEMU_PROCESS_EVENT_DEVICE_DELETED:
+ case QEMU_PROCESS_EVENT_NETDEV_STREAM_DISCONNECTED:
case QEMU_PROCESS_EVENT_NIC_RX_FILTER_CHANGED:
case QEMU_PROCESS_EVENT_SERIAL_CHANGED:
case QEMU_PROCESS_EVENT_MONITOR_EOF:
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index eca5404cdc..fb9ab4c5ed 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -442,6 +442,7 @@ typedef enum {
QEMU_PROCESS_EVENT_WATCHDOG = 0,
QEMU_PROCESS_EVENT_GUESTPANIC,
QEMU_PROCESS_EVENT_DEVICE_DELETED,
+ QEMU_PROCESS_EVENT_NETDEV_STREAM_DISCONNECTED,
QEMU_PROCESS_EVENT_NIC_RX_FILTER_CHANGED,
QEMU_PROCESS_EVENT_SERIAL_CHANGED,
QEMU_PROCESS_EVENT_JOB_STATUS_CHANGE,
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 0603af6a35..d00b91fe0b 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -40,6 +40,7 @@
#include "qemu_hostdev.h"
#include "qemu_hotplug.h"
#include "qemu_monitor.h"
+#include "qemu_passt.h"
#include "qemu_process.h"
#include "qemu_migration.h"
#include "qemu_migration_params.h"
@@ -3622,6 +3623,78 @@ processDeviceDeletedEvent(virQEMUDriver *driver,
}
+static void
+processNetdevStreamDisconnectedEvent(virDomainObj *vm,
+ const char *netdevId)
+{
+ virDomainDeviceDef dev;
+ virDomainNetDef *def;
+ virQEMUCaps *qemuCaps = QEMU_DOMAIN_PRIVATE(vm)->qemuCaps;
+ const char *devAlias = STRSKIP(netdevId, "host");
+
+ /* The event sends us the "netdev-id", but we don't store the
+ * netdev-id in the NetDef and thus can't use it to find the
+ * correct NetDef. We *do* keep the device alias in the NetDef,
+ * and by convention the netdev-id is always "host" + devAlias, so
+ * we just need to remove "host" from the front of netdev-id to
+ * get the alias, which we can then use to find the proper NetDef.
+ */
+
+ if (!devAlias) {
+ VIR_WARN("Received NETDEV_STREAM_DISCONNECTED event for unrecognized netdev %s from domain %p %s",
+ netdevId, vm, vm->def->name);
+ return;
+ }
+
+ VIR_DEBUG("Received NETDEV_STREAM_DISCONNECTED event for device %s from domain %p %s",
+ devAlias, vm, vm->def->name);
+
+ if (virDomainObjBeginJob(vm, VIR_JOB_QUERY) < 0)
+ return;
+
+ if (!virDomainObjIsActive(vm)) {
+ VIR_DEBUG("Domain is not running");
+ goto endjob;
+ }
+
+ if (virDomainDefFindDevice(vm->def, devAlias, &dev, true) < 0) {
+ VIR_WARN("NETDEV_STREAM_DISCONNECTED event received for non-existent device %s in domain %s",
+ devAlias, vm->def->name);
+ goto endjob;
+ }
+ if (dev.type != VIR_DOMAIN_DEVICE_NET) {
+ VIR_WARN("NETDEV_STREAM_DISCONNECTED event received for non-network device %s in domain %s",
+ devAlias, vm->def->name);
+ goto endjob;
+ }
+ def = dev.data.net;
+
+ if (def->backend.type != VIR_DOMAIN_NET_BACKEND_PASST) {
+ VIR_DEBUG("ignore NETDEV_STREAM_DISCONNECTED event for non-passt network device %s in domain %s",
+ def->info.alias, vm->def->name);
+ goto endjob;
+ }
+
+ if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_NETDEV_STREAM_RECONNECT)) {
+ VIR_WARN("ignore NETDEV_STREAM_DISCONNECTED event for passt network device %s in domain %s - QEMU binary does not support reconnect",
+ def->info.alias, vm->def->name);
+ goto endjob;
+ }
+
+ /* handle the event - restart the passt process with its original
+ * parameters
+ */
+ VIR_DEBUG("process NETDEV_STREAM_DISCONNECTED event for network device %s in domain %s",
+ def->info.alias, vm->def->name);
+
+ if (qemuPasstStart(vm, def) < 0)
+ goto endjob;
+
+ endjob:
+ virDomainObjEndJob(vm);
+}
+
+
static void
processNicRxFilterChangedEvent(virDomainObj *vm,
const char *devAlias)
@@ -3971,6 +4044,9 @@ static void qemuProcessEventHandler(void *data, void *opaque)
case QEMU_PROCESS_EVENT_DEVICE_DELETED:
processDeviceDeletedEvent(driver, vm, processEvent->data);
break;
+ case QEMU_PROCESS_EVENT_NETDEV_STREAM_DISCONNECTED:
+ processNetdevStreamDisconnectedEvent(vm, processEvent->data);
+ break;
case QEMU_PROCESS_EVENT_NIC_RX_FILTER_CHANGED:
processNicRxFilterChangedEvent(vm, processEvent->data);
break;
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index 38f89167e0..1fa35f03cc 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -1265,6 +1265,17 @@ qemuMonitorEmitNicRxFilterChanged(qemuMonitor *mon,
}
+void
+qemuMonitorEmitNetdevStreamDisconnected(qemuMonitor *mon,
+ const char *devAlias)
+{
+ VIR_DEBUG("mon=%p", mon);
+
+ QEMU_MONITOR_CALLBACK(mon, domainNetdevStreamDisconnected,
+ mon->vm, devAlias);
+}
+
+
void
qemuMonitorEmitSerialChange(qemuMonitor *mon,
const char *devAlias,
diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
index 2d16214ba2..2fa06b99a3 100644
--- a/src/qemu/qemu_monitor.h
+++ b/src/qemu/qemu_monitor.h
@@ -250,6 +250,9 @@ typedef void (*qemuMonitorDomainDeviceUnplugErrCallback)(qemuMonitor *mon,
virDomainObj *vm,
const char *devPath,
const char *devAlias);
+typedef void (*qemuMonitorDomainNetdevStreamDisconnectedCallback)(qemuMonitor *mon,
+ virDomainObj *vm,
+ const char *devAlias);
typedef void (*qemuMonitorDomainNicRxFilterChangedCallback)(qemuMonitor *mon,
virDomainObj *vm,
const char *devAlias);
@@ -397,6 +400,7 @@ struct _qemuMonitorCallbacks {
qemuMonitorDomainMemoryFailureCallback domainMemoryFailure;
qemuMonitorDomainMemoryDeviceSizeChange domainMemoryDeviceSizeChange;
qemuMonitorDomainDeviceUnplugErrCallback domainDeviceUnplugError;
+ qemuMonitorDomainNetdevStreamDisconnectedCallback domainNetdevStreamDisconnected;
};
qemuMonitor *qemuMonitorOpen(virDomainObj *vm,
@@ -480,6 +484,8 @@ void qemuMonitorEmitDeviceDeleted(qemuMonitor *mon,
void qemuMonitorEmitDeviceUnplugErr(qemuMonitor *mon,
const char *devPath,
const char *devAlias);
+void qemuMonitorEmitNetdevStreamDisconnected(qemuMonitor *mon,
+ const char *devAlias);
void qemuMonitorEmitNicRxFilterChanged(qemuMonitor *mon,
const char *devAlias);
void qemuMonitorEmitSerialChange(qemuMonitor *mon,
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index db99017555..4510d0d3c9 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -84,6 +84,7 @@ static void qemuMonitorJSONHandleRdmaGidStatusChanged(qemuMonitor *mon, virJSONV
static void qemuMonitorJSONHandleMemoryFailure(qemuMonitor *mon, virJSONValue *data);
static void qemuMonitorJSONHandleMemoryDeviceSizeChange(qemuMonitor *mon, virJSONValue *data);
static void qemuMonitorJSONHandleDeviceUnplugErr(qemuMonitor *mon, virJSONValue *data);
+static void qemuMonitorJSONHandleNetdevStreamDisconnected(qemuMonitor *mon, virJSONValue *data);
typedef struct {
const char *type;
@@ -106,6 +107,7 @@ static qemuEventHandler eventHandlers[] = {
{ "MEMORY_FAILURE", qemuMonitorJSONHandleMemoryFailure, },
{ "MIGRATION", qemuMonitorJSONHandleMigrationStatus, },
{ "MIGRATION_PASS", qemuMonitorJSONHandleMigrationPass, },
+ { "NETDEV_STREAM_DISCONNECTED", qemuMonitorJSONHandleNetdevStreamDisconnected, },
{ "NIC_RX_FILTER_CHANGED", qemuMonitorJSONHandleNicRxFilterChanged, },
{ "PR_MANAGER_STATUS_CHANGED", qemuMonitorJSONHandlePRManagerStatusChanged, },
{ "RDMA_GID_STATUS_CHANGED", qemuMonitorJSONHandleRdmaGidStatusChanged, },
@@ -1021,6 +1023,20 @@ qemuMonitorJSONHandleDeviceUnplugErr(qemuMonitor *mon, virJSONValue *data)
}
+static void
+qemuMonitorJSONHandleNetdevStreamDisconnected(qemuMonitor *mon, virJSONValue *data)
+{
+ const char *name;
+
+ if (!(name = virJSONValueObjectGetString(data, "netdev-id"))) {
+ VIR_WARN("missing device in NETDEV_STREAM_DISCONNECTED event");
+ return;
+ }
+
+ qemuMonitorEmitNetdevStreamDisconnected(mon, name);
+}
+
+
static void
qemuMonitorJSONHandleNicRxFilterChanged(qemuMonitor *mon, virJSONValue *data)
{
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 7ae859d68f..298904fe2e 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -1360,6 +1360,23 @@ qemuProcessHandleBlockThreshold(qemuMonitor *mon G_GNUC_UNUSED,
}
+static void
+qemuProcessHandleNetdevStreamDisconnected(qemuMonitor *mon G_GNUC_UNUSED,
+ virDomainObj *vm,
+ const char *devAlias)
+{
+ virObjectLock(vm);
+
+ VIR_DEBUG("Device %s Netdev Stream Disconnected in domain %p %s",
+ devAlias, vm, vm->def->name);
+
+ qemuProcessEventSubmit(vm, QEMU_PROCESS_EVENT_NETDEV_STREAM_DISCONNECTED,
+ 0, 0, g_strdup(devAlias));
+
+ virObjectUnlock(vm);
+}
+
+
static void
qemuProcessHandleNicRxFilterChanged(qemuMonitor *mon G_GNUC_UNUSED,
virDomainObj *vm,
@@ -1801,6 +1818,7 @@ static qemuMonitorCallbacks monitorCallbacks = {
.domainMemoryFailure = qemuProcessHandleMemoryFailure,
.domainMemoryDeviceSizeChange = qemuProcessHandleMemoryDeviceSizeChange,
.domainDeviceUnplugError = qemuProcessHandleDeviceUnplugErr,
+ .domainNetdevStreamDisconnected = qemuProcessHandleNetdevStreamDisconnected,
};
static void
--
2.39.2

48
SOURCES/libvirt-qemu-set-SELinux-label-of-passt-process-to-its-own-binary-s-label.patch Normal file
View File

@ -0,0 +1,48 @@
From accd96c210d9c45ec9bae0d9259cf713eb574d52 Mon Sep 17 00:00:00 2001
Message-Id: <accd96c210d9c45ec9bae0d9259cf713eb574d52@dist-git>
From: Laine Stump <laine@redhat.com>
Date: Wed, 1 Mar 2023 15:58:24 -0500
Subject: [PATCH] qemu: set SELinux label of passt process to its own binary's
label
set useBinarySpecificLabel = true when calling qemuSecurityCommandRun
for the passt process, so that the new process context will include
the binary-specific label that should be used for passt (passt_t)
rather than svirt_t (as would happen if useBinarySpecificLabel was
false). (The MCS part of the label, which is common to all child
processes related to a particular qemu domain instance, is also set).
Resolves: https://bugzilla.redhat.com/2172267
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 8419dd3b69cfada783a2e6df315e45dd294b0d18)
Conflicts:
src/qemu/qemu_passt.c
Another conflict caused by upstream-only change to arglist of
qemuSecurityCommandRun().
https://bugzilla.redhat.com/2172267
Signed-off-by: Laine Stump <laine@redhat.com>
---
src/qemu/qemu_passt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/qemu/qemu_passt.c b/src/qemu/qemu_passt.c
index ed7b518212..ecf1c8cb6c 100644
--- a/src/qemu/qemu_passt.c
+++ b/src/qemu/qemu_passt.c
@@ -285,7 +285,7 @@ qemuPasstStart(virDomainObj *vm,
if (qemuExtDeviceLogCommand(driver, vm, cmd, "passt") < 0)
return -1;
- if (qemuSecurityCommandRun(driver, vm, cmd, -1, -1, false,
+ if (qemuSecurityCommandRun(driver, vm, cmd, -1, -1, true,
&exitstatus, &cmdret) < 0) {
goto error;
}
--
2.40.0

62
SOURCES/libvirt-qemu-skip-hardcoded-hostdev-migration-check-if-QEMU-can-do-it-for-us.patch
View File

@ -1,62 +0,0 @@
From 8f2cd77dc208cfa90b37faa18b092ca4a76a0716 Mon Sep 17 00:00:00 2001
Message-Id: <8f2cd77dc208cfa90b37faa18b092ca4a76a0716@dist-git>
From: Laine Stump <laine@redhat.com>
Date: Thu, 21 Jul 2022 02:03:49 -0400
Subject: [PATCH] qemu: skip hardcoded hostdev migration check if QEMU can do
it for us
libvirt currently will block migration for any vfio-assigned device
unless it is a network device that is associated with a virtio-net
failover device (ie. if the hostdev object has a teaming->type ==
VIR_DOMAIN_NET_TEAMING_TYPE_TRANSIENT).
In the future there will be other vfio devices that can be migrated,
so we don't want to rely on this hardcoded block. QEMU 6.0+ will
anyway inform us of any devices that will block migration (as a part
of qemuDomainGetMigrationBlockers()), so we only need to do the
hardcoded check in the case of old QEMU that can't provide that
information.
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit 25883cd5f0b188f2417f294b7d219a77b219f7c2)
https://bugzilla.redhat.com/show_bug.cgi?id=1497907
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_migration.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index f571c9eb27..76903d612b 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -1495,6 +1495,14 @@ qemuMigrationSrcIsAllowed(virQEMUDriver *driver,
_("cannot migrate domain: %s"), reasons);
return false;
}
+ } else {
+ /* checks here are for anything that doesn't need to be
+ * checked by libvirt if running QEMU that can be queried
+ * about migration blockers.
+ */
+
+ if (!qemuMigrationSrcIsAllowedHostdev(vm->def))
+ return false;
}
if (remote) {
@@ -1521,9 +1529,6 @@ qemuMigrationSrcIsAllowed(virQEMUDriver *driver,
return false;
}
- if (!qemuMigrationSrcIsAllowedHostdev(vm->def))
- return false;
-
if (vm->def->cpu) {
/* QEMU blocks migration and save with invariant TSC enabled
* unless TSC frequency is explicitly set.
--
2.35.1

119
SOURCES/libvirt-qemu-validate-Fix-logic-for-validating-presence-of-the-HPET-timer.patch Normal file
View File

@ -0,0 +1,119 @@
From a0dbc4911d7012f7ac6295998c4ea2439cf34f39 Mon Sep 17 00:00:00 2001
Message-Id: <a0dbc4911d7012f7ac6295998c4ea2439cf34f39@dist-git>
From: Peter Krempa <pkrempa@redhat.com>
Date: Mon, 6 Mar 2023 15:38:15 +0100
Subject: [PATCH] qemu: validate: Fix logic for validating presence of the HPET
timer
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Commit 24cc9cda826 switched over to use -machine hpet, but one of the
steps it did was to clear the QEMU_CAPS_NO_HPET capability.
The validation check still uses the old capability though which means
that for configs which would explicitly enable HPET we'd report an error.
Since HPET is an x86(_64) platform specific device, convert the
validation check to an architecture check as all supported qemu versions
actually support it.
Modify a test case to request HPET to catch posible future problems.
Fixes: 24cc9cda826
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 4ee4809907e63e83db032b5f90261f51ec864aa9)
https://bugzilla.redhat.com/show_bug.cgi?id=2175813
Conflicts:
tests/qemuxml2argvdata/q35-virt-manager-basic.x86_64-latest.args
- retirement of '-no-acpi' wasn't backported
---
src/qemu/qemu_validate.c | 14 +++++++-------
.../q35-virt-manager-basic.x86_64-4.2.0.args | 1 -
.../q35-virt-manager-basic.x86_64-latest.args | 2 +-
tests/qemuxml2argvdata/q35-virt-manager-basic.xml | 2 +-
.../q35-virt-manager-basic.x86_64-latest.xml | 2 +-
5 files changed, 10 insertions(+), 11 deletions(-)
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index 6e04b22da4..fa088d6bcf 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -608,13 +608,13 @@ qemuValidateDomainDefClockTimers(const virDomainDef *def,
break;
case VIR_DOMAIN_TIMER_NAME_HPET:
- /* no hpet timer available. The only possible action
- is to raise an error if present="yes" */
- if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_NO_HPET) &&
- timer->present == VIR_TRISTATE_BOOL_YES) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
- "%s", _("hpet timer is not supported"));
- return -1;
+ if (timer->present == VIR_TRISTATE_BOOL_YES) {
+ if (def->os.arch != VIR_ARCH_I686 &&
+ def->os.arch != VIR_ARCH_X86_64) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("hpet timer is not supported by this architecture"));
+ return -1;
+ }
}
break;
diff --git a/tests/qemuxml2argvdata/q35-virt-manager-basic.x86_64-4.2.0.args b/tests/qemuxml2argvdata/q35-virt-manager-basic.x86_64-4.2.0.args
index 14093a3f80..f09d01a7cb 100644
--- a/tests/qemuxml2argvdata/q35-virt-manager-basic.x86_64-4.2.0.args
+++ b/tests/qemuxml2argvdata/q35-virt-manager-basic.x86_64-4.2.0.args
@@ -23,7 +23,6 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-virt-manager-basic/.config \
-mon chardev=charmonitor,id=monitor,mode=control \
-rtc base=utc,driftfix=slew \
-global kvm-pit.lost_tick_policy=delay \
--no-hpet \
-no-shutdown \
-global ICH9-LPC.disable_s3=1 \
-global ICH9-LPC.disable_s4=1 \
diff --git a/tests/qemuxml2argvdata/q35-virt-manager-basic.x86_64-latest.args b/tests/qemuxml2argvdata/q35-virt-manager-basic.x86_64-latest.args
index 8446abdb6e..ecfbf3d0a5 100644
--- a/tests/qemuxml2argvdata/q35-virt-manager-basic.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/q35-virt-manager-basic.x86_64-latest.args
@@ -10,7 +10,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-virt-manager-basic/.config \
-name guest=virt-manager-basic,debug-threads=on \
-S \
-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-virt-manager-basic/master-key.aes"}' \
--machine q35,usb=off,vmport=off,dump-guest-core=off,memory-backend=pc.ram,hpet=off \
+-machine q35,usb=off,vmport=off,dump-guest-core=off,memory-backend=pc.ram,hpet=on \
-accel kvm \
-cpu qemu64 \
-m 4096 \
diff --git a/tests/qemuxml2argvdata/q35-virt-manager-basic.xml b/tests/qemuxml2argvdata/q35-virt-manager-basic.xml
index c2d82c2c47..75075d0ab4 100644
--- a/tests/qemuxml2argvdata/q35-virt-manager-basic.xml
+++ b/tests/qemuxml2argvdata/q35-virt-manager-basic.xml
@@ -16,7 +16,7 @@
<clock offset='utc'>
<timer name='rtc' tickpolicy='catchup'/>
<timer name='pit' tickpolicy='delay'/>
- <timer name='hpet' present='no'/>
+ <timer name='hpet' present='yes'/>
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
diff --git a/tests/qemuxml2xmloutdata/q35-virt-manager-basic.x86_64-latest.xml b/tests/qemuxml2xmloutdata/q35-virt-manager-basic.x86_64-latest.xml
index 62289d4800..997b42370a 100644
--- a/tests/qemuxml2xmloutdata/q35-virt-manager-basic.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/q35-virt-manager-basic.x86_64-latest.xml
@@ -19,7 +19,7 @@
<clock offset='utc'>
<timer name='rtc' tickpolicy='catchup'/>
<timer name='pit' tickpolicy='delay'/>
- <timer name='hpet' present='no'/>
+ <timer name='hpet' present='yes'/>
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
--
2.39.2

58
SOURCES/libvirt-qemuAgentGetDisks-Don-t-use-virJSONValueObjectGetStringArray-for-optional-data.patch
View File

@ -1,58 +0,0 @@
From 198f38fa5540c7545607b9d1beb0bfb689d56c3d Mon Sep 17 00:00:00 2001
Message-Id: <198f38fa5540c7545607b9d1beb0bfb689d56c3d@dist-git>
From: Peter Krempa <pkrempa@redhat.com>
Date: Thu, 1 Dec 2022 17:02:42 +0100
Subject: [PATCH] qemuAgentGetDisks: Don't use virJSONValueObjectGetStringArray
for optional data
The 'dependencies' field in the return data may be missing in some
cases. Historically 'virJSONValueObjectGetStringArray' didn't report
error in such case, but later refactor (commit 043b50b948ef3c2 ) added
an error in order to use it in other places too.
Unfortunately this results in the error log being spammed with an
irrelevant error in case when qemuAgentGetDisks is invoked on a VM
running windows.
Replace the use of virJSONValueObjectGetStringArray by fetching the
array first and calling virJSONValueArrayToStringList only when we have
an array.
Fixes: 043b50b948ef3c2a4adf5fa32a93ec2589851ac6
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2149752
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 3b576601dfb924bb518870a01de5d1a421cbb467)
https://bugzilla.redhat.com/show_bug.cgi?id=2154410
---
src/qemu/qemu_agent.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c
index d81f01ba77..7afef06694 100644
--- a/src/qemu/qemu_agent.c
+++ b/src/qemu/qemu_agent.c
@@ -2544,6 +2544,7 @@ int qemuAgentGetDisks(qemuAgent *agent,
for (i = 0; i < ndata; i++) {
virJSONValue *addr;
virJSONValue *entry = virJSONValueArrayGet(data, i);
+ virJSONValue *dependencies;
qemuAgentDiskInfo *disk;
if (!entry) {
@@ -2569,7 +2570,11 @@ int qemuAgentGetDisks(qemuAgent *agent,
goto error;
}
- disk->dependencies = virJSONValueObjectGetStringArray(entry, "dependencies");
+ if ((dependencies = virJSONValueObjectGetArray(entry, "dependencies"))) {
+ if (!(disk->dependencies = virJSONValueArrayToStringList(dependencies)))
+ goto error;
+ }
+
disk->alias = g_strdup(virJSONValueObjectGetString(entry, "alias"));
addr = virJSONValueObjectGetObject(entry, "address");
if (addr) {
--
2.39.0

41
SOURCES/libvirt-qemuDomainSetIOThreadParams-Accept-VIR_DOMAIN_AFFECT_CONFIG-flag.patch
View File

@ -1,41 +0,0 @@
From 9b00b5666a014999a3bc9e2e8a6a844ca7a4326f Mon Sep 17 00:00:00 2001
Message-Id: <9b00b5666a014999a3bc9e2e8a6a844ca7a4326f@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Fri, 8 Jul 2022 09:35:39 +0200
Subject: [PATCH] qemuDomainSetIOThreadParams: Accept VIR_DOMAIN_AFFECT_CONFIG
flag
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
It was always possible to modify the inactive XML, because
VIR_DOMAIN_AFFECT_CURRENT (= 0) is accepted implicitly. But now
that the logic when changing both config and live XMLs is more
robust we can accept VIR_DOMAIN_AFFECT_CONFIG flag too.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 3096965ce78923b099fa39e4950279b2f21ab60a)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2059511
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_driver.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 2c627396f1..654b5d65e5 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -5818,7 +5818,8 @@ qemuDomainSetIOThreadParams(virDomainPtr dom,
qemuMonitorIOThreadInfo iothread = {0};
int ret = -1;
- virCheckFlags(VIR_DOMAIN_AFFECT_LIVE, -1);
+ virCheckFlags(VIR_DOMAIN_AFFECT_LIVE |
+ VIR_DOMAIN_AFFECT_CONFIG, -1);
if (iothread_id == 0) {
virReportError(VIR_ERR_INVALID_ARG, "%s",
--
2.35.1

51
SOURCES/libvirt-qemuExtTPMStop-Restore-TPM-state-label-more-often.patch Normal file
View File

@ -0,0 +1,51 @@
From 01d7e15c8c4a33a379e8297182dc474bb2046d2a Mon Sep 17 00:00:00 2001
Message-Id: <01d7e15c8c4a33a379e8297182dc474bb2046d2a@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Fri, 27 Jan 2023 10:46:55 +0100
Subject: [PATCH] qemuExtTPMStop: Restore TPM state label more often
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When stopping swtpm we can restore the label either on just the
swtpm's domain specific logfile (/var/log/swtpm/libvirt/qemu/...),
or on the logfile and the state too (/var/lib/libvirt/swtpm/...).
The deciding factor is whether the guest is stopped because of
outgoing migration OR the state is on a shared filesystem.
But this is not correct condition, because for instance saving the
guest into a file (virsh save) is also an outgoing migration.
Alternatively, when the swtpm state is stored on a shared
filesystem, but the guest is destroyed (virsh destroy), i.e.
stopped because of different reason than migration, we want to
restore the seclabels.
The correct condition is: skip restoring the state on outgoing
migration AND shared filesystem.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2161557
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 794fddf866676ef4119b3acf43b5547a9e868bb9)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_tpm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index b2748eb6a4..5831ffc32e 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -1142,7 +1142,7 @@ qemuExtTPMStop(virQEMUDriver *driver,
return;
qemuTPMEmulatorStop(cfg->swtpmStateDir, shortName);
- if (outgoingMigration || qemuTPMHasSharedStorage(vm->def))
+ if (outgoingMigration && qemuTPMHasSharedStorage(vm->def))
restoreTPMStateLabel = false;
if (qemuSecurityRestoreTPMLabels(driver, vm, restoreTPMStateLabel) < 0)
--
2.39.1

38
SOURCES/libvirt-qemuFDPassTransferCommand-Mark-that-FD-was-passed.patch Normal file
View File

@ -0,0 +1,38 @@
From d96dc2b87c220298d4de031cff72fd9a458dad74 Mon Sep 17 00:00:00 2001
Message-Id: <d96dc2b87c220298d4de031cff72fd9a458dad74@dist-git>
From: Peter Krempa <pkrempa@redhat.com>
Date: Tue, 31 Jan 2023 17:26:43 +0100
Subject: [PATCH] qemuFDPassTransferCommand: Mark that FD was passed
Until now the code didn't expect that we'd want to rollback/detach a FD
passed on the commandline, but whith disk backend FD passing this can
happen.
Properly mark the 'qemuFDPass' object as passed to qemu even when it was
done on the commandline.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit 3b7b201b95f2facc01bd9f8a42aed0fad96789fa)
https://bugzilla.redhat.com/show_bug.cgi?id=2040272
---
src/qemu/qemu_fd.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/qemu/qemu_fd.c b/src/qemu/qemu_fd.c
index 51a8133fde..ebeeb65505 100644
--- a/src/qemu/qemu_fd.c
+++ b/src/qemu/qemu_fd.c
@@ -151,6 +151,8 @@ qemuFDPassTransferCommand(qemuFDPass *fdpass,
fdpass->fds[i].fd = -1;
virCommandAddArgList(cmd, "-add-fd", arg, NULL);
}
+
+ fdpass->passed = true;
}
--
2.39.1

69
SOURCES/libvirt-qemuProcessLaunch-Tighten-rules-for-external-devices-wrt-incoming-migration.patch Normal file
View File

@ -0,0 +1,69 @@
From dd64ec40a29739464cfe886818588bb9946b8d8d Mon Sep 17 00:00:00 2001
Message-Id: <dd64ec40a29739464cfe886818588bb9946b8d8d@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Fri, 27 Jan 2023 13:59:08 +0100
Subject: [PATCH] qemuProcessLaunch: Tighten rules for external devices wrt
incoming migration
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When starting a guest, helper processes are started first. But
they need a bit of special handling. Just consider a regular cold
boot and an incoming migration. For instance, in case of swtpm
with its state on a shared volume, we want to set label on the
state for the cold boot case, but don't want to touch the label
in case of incoming migration (because the source very
specifically did not restore it either).
Until now, these two cases were differentiated by testing
@incoming against NULL. And while that makes sense for other
aspects of domain startup, for external devices we need a bit
more, because a restore from a save file is also 'incoming
migration'.
Now, there is a difference between regular migration and restore
from a save file. In the former case we do not want to set
seclabels in the save state. BUT, in the latter case we do need
to set them, because the code that saves the machine restored
seclabels.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2161557
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 5c4007ddc6c29632b5cc96ab4ef81ebb7797d1bb)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_process.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 2de87211fb..1217fb1856 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -7620,6 +7620,7 @@ qemuProcessLaunch(virConnectPtr conn,
size_t nnicindexes = 0;
g_autofree int *nicindexes = NULL;
unsigned long long maxMemLock = 0;
+ bool incomingMigrationExtDevices = false;
VIR_DEBUG("conn=%p driver=%p vm=%p name=%s id=%d asyncJob=%d "
"incoming.uri=%s "
@@ -7674,7 +7675,13 @@ qemuProcessLaunch(virConnectPtr conn,
if (qemuDomainSchedCoreStart(cfg, vm) < 0)
goto cleanup;
- if (qemuExtDevicesStart(driver, vm, incoming != NULL) < 0)
+ /* For external devices the rules of incoming migration are a bit stricter,
+ * than plain @incoming != NULL. They need to differentiate between
+ * incoming migration and restore from a save file. */
+ incomingMigrationExtDevices = incoming &&
+ vmop == VIR_NETDEV_VPORT_PROFILE_OP_MIGRATE_IN_START;
+
+ if (qemuExtDevicesStart(driver, vm, incomingMigrationExtDevices) < 0)
goto cleanup;
if (!(cmd = qemuBuildCommandLine(vm,
--
2.39.1

57
SOURCES/libvirt-qemuProcessReconnect-Don-t-build-memory-paths.patch
View File

@ -1,57 +0,0 @@
From b76623b5921238c9a4db9b3e1958b51a4d7e8b52 Mon Sep 17 00:00:00 2001
Message-Id: <b76623b5921238c9a4db9b3e1958b51a4d7e8b52@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Wed, 28 Sep 2022 10:12:36 +0200
Subject: [PATCH] qemuProcessReconnect: Don't build memory paths
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Let me take you on a short trip to history. A long time ago,
libvirt would configure all QEMUs to use $hugetlbfs/libvirt/qemu
for their hugepages setup. This was problematic, because it did
not allow enough separation between guests. Therefore in
v3.0.0-rc1~367 the path changed to a per-domain basis:
$hugetlbfs/libvirt/qemu/$domainShortName
And to help with migration on daemon restart a call to
qemuProcessBuildDestroyMemoryPaths() was added to
qemuProcessReconnect() (well, it was named
qemuProcessBuildDestroyHugepagesPath() back then, see
v3.10.0-rc1~174). This was desirable then, because the memory
hotplug code did not call the function, it simply assumes
per-domain paths to exist. But this changed in v3.5.0-rc1~92
after which the per-domain paths are created on memory hotplug
too.
Therefore, it's no longer necessary to create these paths in
qemuProcessReconnect(). They are created exactly when needed
(domain startup and memory hotplug).
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 3478cca80ea7382cfdbff836d5d0b92aa014297b)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2152083
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_process.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 062a0b6dac..979ad99f5a 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -9004,9 +9004,6 @@ qemuProcessReconnect(void *opaque)
goto cleanup;
}
- if (qemuProcessBuildDestroyMemoryPaths(driver, obj, NULL, true) < 0)
- goto error;
-
if ((qemuDomainAssignAddresses(obj->def, priv->qemuCaps,
driver, obj, false)) < 0) {
goto error;
--
2.39.0

62
SOURCES/libvirt-qemuProcessRefreshDisks-Don-t-skip-filling-of-disk-information-if-tray-state-didn-t-change.patch Normal file
View File

@ -0,0 +1,62 @@
From b53d7b7150f81ee6f014815fa7ee3f1106c491d5 Mon Sep 17 00:00:00 2001
Message-Id: <b53d7b7150f81ee6f014815fa7ee3f1106c491d5@dist-git>
From: Peter Krempa <pkrempa@redhat.com>
Date: Thu, 9 Feb 2023 09:40:32 +0100
Subject: [PATCH] qemuProcessRefreshDisks: Don't skip filling of disk
information if tray state didn't change
Commit 5ef2582646eb98 added emitting of even when refreshign disk state,
where it wanted to avoid sending the event if disk state didn't change.
This was achieved by using 'continue' in the loop filling the
information. Unfortunately this skips extraction of whether the device
has a tray which is propagated into internal structures, which in turn
broke cdrom media change as the code thought there's no tray for the
device.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2166411
Fixes: 5ef2582646eb98af208ce37355f82bdef39931fa
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Kristina Hanicova <khanicov@redhat.com>
(cherry picked from commit 86cfe93ef7fdc2d665a2fc88b79af89e7978ba78)
---
src/qemu/qemu_process.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 32083de563..7ae859d68f 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -8713,16 +8713,13 @@ qemuProcessRefreshDisks(virDomainObj *vm,
continue;
if (info->removable) {
- virObjectEvent *event = NULL;
+ bool emitEvent = info->tray_open != disk->tray_status;
int reason;
if (info->empty)
virDomainDiskEmptySource(disk);
if (info->tray) {
- if (info->tray_open == disk->tray_status)
- continue;
-
if (info->tray_open) {
reason = VIR_DOMAIN_EVENT_TRAY_CHANGE_OPEN;
disk->tray_status = VIR_DOMAIN_DISK_TRAY_OPEN;
@@ -8731,8 +8728,10 @@ qemuProcessRefreshDisks(virDomainObj *vm,
disk->tray_status = VIR_DOMAIN_DISK_TRAY_CLOSED;
}
- event = virDomainEventTrayChangeNewFromObj(vm, disk->info.alias, reason);
- virObjectEventStateQueue(driver->domainEventState, event);
+ if (emitEvent) {
+ virObjectEvent *event = virDomainEventTrayChangeNewFromObj(vm, disk->info.alias, reason);
+ virObjectEventStateQueue(driver->domainEventState, event);
+ }
}
}
--
2.39.1

46
SOURCES/libvirt-qemuProcessStop-Fix-detection-of-outgoing-migration-for-external-devices.patch Normal file
View File

@ -0,0 +1,46 @@
From 102efebe3cd2bfebace026744a7835309cf124fa Mon Sep 17 00:00:00 2001
Message-Id: <102efebe3cd2bfebace026744a7835309cf124fa@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Fri, 27 Jan 2023 10:45:50 +0100
Subject: [PATCH] qemuProcessStop: Fix detection of outgoing migration for
external devices
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When cleaning up host in qemuProcessStop(), our external helper
processes (e.g. swtpm) want to know whether the domain is being
migrated out or not (so that they restore seclabels on a device
state that's on a shared storage).
This fact is reflected in the @outgoingMigration variable which
is set to true if asyncJob is anything but
VIR_ASYNC_JOB_MIGRATION_IN. Well, we have a specific job for
outgoing migration (VIR_ASYNC_JOB_MIGRATION_OUT) and thus we
should check for that.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 88f0fbf63851c6ae80ad03b2a05a966d8a2f296c)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2161557
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_process.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 29716ecb19..2de87211fb 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -8397,7 +8397,7 @@ void qemuProcessStop(virQEMUDriver *driver,
qemuDomainCleanupRun(driver, vm);
outgoingMigration = (flags & VIR_QEMU_PROCESS_STOP_MIGRATED) &&
- (asyncJob != VIR_ASYNC_JOB_MIGRATION_IN);
+ (asyncJob == VIR_ASYNC_JOB_MIGRATION_OUT);
qemuExtDevicesStop(driver, vm, outgoingMigration);
qemuDBusStop(driver, vm);
--
2.39.1

59
SOURCES/libvirt-qemuStorageSourcePrivateDataFormat-Rename-tmp-to-objectsChildBuf.patch Normal file
View File

@ -0,0 +1,59 @@
From deb6aad4f6bcfd95235d3149e9d69b95fe011294 Mon Sep 17 00:00:00 2001
Message-Id: <deb6aad4f6bcfd95235d3149e9d69b95fe011294@dist-git>
From: Peter Krempa <pkrempa@redhat.com>
Date: Tue, 31 Jan 2023 15:19:58 +0100
Subject: [PATCH] qemuStorageSourcePrivateDataFormat: Rename 'tmp' to
'objectsChildBuf'
Be consistent with other children buffer variable naming scheme.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit 531adf32743b6045f44964ec5e1f8bdb9c913797)
https://bugzilla.redhat.com/show_bug.cgi?id=2040272
---
src/qemu/qemu_domain.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 2eb5653254..226d4d6dc1 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -2005,9 +2005,9 @@ static int
qemuStorageSourcePrivateDataFormat(virStorageSource *src,
virBuffer *buf)
{
- g_auto(virBuffer) tmp = VIR_BUFFER_INIT_CHILD(buf);
qemuDomainStorageSourcePrivate *srcPriv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(src);
g_auto(virBuffer) nodenamesChildBuf = VIR_BUFFER_INIT_CHILD(buf);
+ g_auto(virBuffer) objectsChildBuf = VIR_BUFFER_INIT_CHILD(buf);
virBufferEscapeString(&nodenamesChildBuf, "<nodename type='storage' name='%s'/>\n", src->nodestorage);
virBufferEscapeString(&nodenamesChildBuf, "<nodename type='format' name='%s'/>\n", src->nodeformat);
@@ -2025,16 +2025,16 @@ qemuStorageSourcePrivateDataFormat(virStorageSource *src,
return -1;
if (srcPriv) {
- qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->secinfo, "auth");
- qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->encinfo, "encryption");
- qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->httpcookie, "httpcookie");
- qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->tlsKeySecret, "tlskey");
+ qemuStorageSourcePrivateDataFormatSecinfo(&objectsChildBuf, srcPriv->secinfo, "auth");
+ qemuStorageSourcePrivateDataFormatSecinfo(&objectsChildBuf, srcPriv->encinfo, "encryption");
+ qemuStorageSourcePrivateDataFormatSecinfo(&objectsChildBuf, srcPriv->httpcookie, "httpcookie");
+ qemuStorageSourcePrivateDataFormatSecinfo(&objectsChildBuf, srcPriv->tlsKeySecret, "tlskey");
}
if (src->tlsAlias)
- virBufferAsprintf(&tmp, "<TLSx509 alias='%s'/>\n", src->tlsAlias);
+ virBufferAsprintf(&objectsChildBuf, "<TLSx509 alias='%s'/>\n", src->tlsAlias);
- virXMLFormatElement(buf, "objects", NULL, &tmp);
+ virXMLFormatElement(buf, "objects", NULL, &objectsChildBuf);
if (src->thresholdEventWithIndex)
virBufferAddLit(buf, "<thresholdEvent indexUsed='yes'/>\n");
--
2.39.1

44
SOURCES/libvirt-qemu_extdevice-Do-cleanup-host-only-for-VIR_DOMAIN_TPM_TYPE_EMULATOR.patch Normal file
View File

@ -0,0 +1,44 @@
From d78fc22fb96e0050a419623bf27639c63624c998 Mon Sep 17 00:00:00 2001
Message-Id: <d78fc22fb96e0050a419623bf27639c63624c998@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Fri, 10 Feb 2023 09:47:05 +0100
Subject: [PATCH] qemu_extdevice: Do cleanup host only for
VIR_DOMAIN_TPM_TYPE_EMULATOR
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
We only set up host for VIR_DOMAIN_TPM_TYPE_EMULATOR and thus
similarly, we should do cleanup for the same type. This also
fixes a crasher, in which qemuTPMEmulatorCleanupHost() accesses
tpm->data.emulator.storagepath which is NULL for
VIR_DOMAIN_TPM_TYPE_EXTERNAL.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2168762
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 03f76e577d66f8eea6aa7cc513e75026527b4cda)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_extdevice.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_extdevice.c b/src/qemu/qemu_extdevice.c
index f7b2e2e653..fdefe59215 100644
--- a/src/qemu/qemu_extdevice.c
+++ b/src/qemu/qemu_extdevice.c
@@ -162,7 +162,10 @@ qemuExtDevicesCleanupHost(virQEMUDriver *driver,
return;
for (i = 0; i < def->ntpms; i++) {
- qemuExtTPMCleanupHost(def->tpms[i], flags, outgoingMigration);
+ virDomainTPMDef *tpm = def->tpms[i];
+
+ if (tpm->type == VIR_DOMAIN_TPM_TYPE_EMULATOR)
+ qemuExtTPMCleanupHost(tpm, flags, outgoingMigration);
}
}
--
2.39.1

34
SOURCES/libvirt-qemu_fd-Remove-declaration-for-qemuFDPassNewDirect.patch Normal file
View File

@ -0,0 +1,34 @@
From bf949f570a232423c7cf01831dfbe7034a4f49d8 Mon Sep 17 00:00:00 2001
Message-Id: <bf949f570a232423c7cf01831dfbe7034a4f49d8@dist-git>
From: Peter Krempa <pkrempa@redhat.com>
Date: Tue, 31 Jan 2023 15:23:54 +0100
Subject: [PATCH] qemu_fd: Remove declaration for 'qemuFDPassNewDirect'
The function doesn't exist any more.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit 51dc38fe31beb252cc0fa2780210cdedc698f57f)
https://bugzilla.redhat.com/show_bug.cgi?id=2040272
---
src/qemu/qemu_fd.h | 3 ---
1 file changed, 3 deletions(-)
diff --git a/src/qemu/qemu_fd.h b/src/qemu/qemu_fd.h
index 6f165b6be9..032b9442ee 100644
--- a/src/qemu/qemu_fd.h
+++ b/src/qemu/qemu_fd.h
@@ -30,9 +30,6 @@ G_DEFINE_AUTOPTR_CLEANUP_FUNC(qemuFDPass, qemuFDPassFree);
qemuFDPass *
qemuFDPassNew(const char *prefix,
void *dompriv);
-qemuFDPass *
-qemuFDPassNewDirect(const char *prefix,
- void *dompriv);
void
qemuFDPassAddFD(qemuFDPass *fdpass,
--
2.39.1

56
SOURCES/libvirt-qemu_interface-Fix-managed-no-case-when-creating-an-ethernet-interface.patch Normal file
View File

@ -0,0 +1,56 @@
From 25de0ead0194159a6d9a769f34ec5b092e9b718c Mon Sep 17 00:00:00 2001
Message-Id: <25de0ead0194159a6d9a769f34ec5b092e9b718c@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Mon, 23 Jan 2023 11:42:18 +0100
Subject: [PATCH] qemu_interface: Fix managed='no' case when creating an
ethernet interface
In a recent commit of v9.0.0-rc1~192 I've tried to forbid case
where a TAP device already exists, but at the same time it's
managed by Libvirt (<interface type='ethernet'> <target
dev='tap0' managed='yes'/> </interface>). NB, if @managed
attribute is missing then it's assumed to be managed by Libvirt.
Anyway, I've mistakenly put setting of
VIR_NETDEV_TAP_CREATE_ALLOW_EXISTING flag into managed='yes'
branch instead of managed='no' branch in
qemuInterfaceEthernetConnect().
Move the setting of the flag into the correct branch.
Fixes: a2ae3d299cf9c5ada8aa42ec4271748eb479dc27
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit d6a8b9eef70887e01fa5fd292580e14ca5eab08c)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2144738
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_interface.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_interface.c b/src/qemu/qemu_interface.c
index b6895cedde..ed2c209167 100644
--- a/src/qemu/qemu_interface.c
+++ b/src/qemu/qemu_interface.c
@@ -443,6 +443,9 @@ qemuInterfaceEthernetConnect(virDomainDef *def,
_("target managed='no' but specified dev doesn't exist"));
goto cleanup;
}
+
+ tap_create_flags |= VIR_NETDEV_TAP_CREATE_ALLOW_EXISTING;
+
if (virNetDevMacVLanIsMacvtap(net->ifname)) {
auditdev = net->ifname;
if (virNetDevMacVLanTapOpen(net->ifname, tapfd, tapfdSize) < 0)
@@ -461,8 +464,6 @@ qemuInterfaceEthernetConnect(virDomainDef *def,
if (!net->ifname)
template_ifname = true;
- tap_create_flags |= VIR_NETDEV_TAP_CREATE_ALLOW_EXISTING;
-
if (virNetDevTapCreate(&net->ifname, tunpath, tapfd, tapfdSize,
tap_create_flags) < 0) {
goto cleanup;
--
2.39.1

132
SOURCES/libvirt-qemu_migration-Acquire-correct-job-in-qemuMigrationSrcIsAllowed.patch
View File

@ -1,132 +0,0 @@
From d4c4660b097695916244307d1125a17c30c0c9ef Mon Sep 17 00:00:00 2001
Message-Id: <d4c4660b097695916244307d1125a17c30c0c9ef@dist-git>
From: Martin Kletzander <mkletzan@redhat.com>
Date: Fri, 22 Jul 2022 12:20:04 +0200
Subject: [PATCH] qemu_migration: Acquire correct job in
qemuMigrationSrcIsAllowed
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Commit 62627524607f added the acquiring of a job, but it is not always
VIR_ASYNC_JOB_MIGRATION_OUT, so the code fails when doing save or anything else.
Correct the async job by passing it from the caller as another parameter.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit 69e0e33873f1aec55df77f12fb0197d50dca3319)
Resolves: https://bugzilla.redhat.com/2092833
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
---
src/qemu/qemu_driver.c | 8 ++++----
src/qemu/qemu_migration.c | 7 ++++---
src/qemu/qemu_migration.h | 1 +
src/qemu/qemu_snapshot.c | 4 ++--
4 files changed, 11 insertions(+), 9 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 654b5d65e5..847c96639d 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -2650,13 +2650,13 @@ qemuDomainSaveInternal(virQEMUDriver *driver,
virQEMUSaveData *data = NULL;
g_autoptr(qemuDomainSaveCookie) cookie = NULL;
- if (!qemuMigrationSrcIsAllowed(driver, vm, false, 0))
- goto cleanup;
-
if (qemuDomainObjBeginAsyncJob(driver, vm, VIR_ASYNC_JOB_SAVE,
VIR_DOMAIN_JOB_OPERATION_SAVE, flags) < 0)
goto cleanup;
+ if (!qemuMigrationSrcIsAllowed(driver, vm, false, VIR_ASYNC_JOB_SAVE, 0))
+ goto cleanup;
+
if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("guest unexpectedly quit"));
@@ -3176,7 +3176,7 @@ doCoreDump(virQEMUDriver *driver,
goto cleanup;
}
- if (!qemuMigrationSrcIsAllowed(driver, vm, false, 0))
+ if (!qemuMigrationSrcIsAllowed(driver, vm, false, VIR_ASYNC_JOB_DUMP, 0))
goto cleanup;
if (qemuMigrationSrcToFile(driver, vm, fd, compressor,
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 96c4c0f1da..f571c9eb27 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -1452,6 +1452,7 @@ bool
qemuMigrationSrcIsAllowed(virQEMUDriver *driver,
virDomainObj *vm,
bool remote,
+ int asyncJob,
unsigned int flags)
{
qemuDomainObjPrivate *priv = vm->privateData;
@@ -1483,7 +1484,7 @@ qemuMigrationSrcIsAllowed(virQEMUDriver *driver,
g_auto(GStrv) blockers = NULL;
if (qemuDomainGetMigrationBlockers(driver, vm,
- VIR_ASYNC_JOB_MIGRATION_OUT,
+ asyncJob,
&blockers) < 0) {
return false;
}
@@ -2632,7 +2633,7 @@ qemuMigrationSrcBeginPhase(virQEMUDriver *driver,
qemuMigrationJobStartPhase(vm, QEMU_MIGRATION_PHASE_BEGIN3) < 0)
return NULL;
- if (!qemuMigrationSrcIsAllowed(driver, vm, true, flags))
+ if (!qemuMigrationSrcIsAllowed(driver, vm, true, priv->job.asyncJob, flags))
return NULL;
if (!(flags & (VIR_MIGRATE_UNSAFE | VIR_MIGRATE_OFFLINE)) &&
@@ -6033,7 +6034,7 @@ qemuMigrationSrcPerformJob(virQEMUDriver *driver,
if (!(flags & VIR_MIGRATE_OFFLINE) && virDomainObjCheckActive(vm) < 0)
goto endjob;
- if (!qemuMigrationSrcIsAllowed(driver, vm, true, flags))
+ if (!qemuMigrationSrcIsAllowed(driver, vm, true, VIR_ASYNC_JOB_MIGRATION_OUT, flags))
goto endjob;
if (!(flags & (VIR_MIGRATE_UNSAFE | VIR_MIGRATE_OFFLINE)) &&
diff --git a/src/qemu/qemu_migration.h b/src/qemu/qemu_migration.h
index 81cc1e91c0..61d12d6eb1 100644
--- a/src/qemu/qemu_migration.h
+++ b/src/qemu/qemu_migration.h
@@ -229,6 +229,7 @@ bool
qemuMigrationSrcIsAllowed(virQEMUDriver *driver,
virDomainObj *vm,
bool remote,
+ int asyncJob,
unsigned int flags);
int
diff --git a/src/qemu/qemu_snapshot.c b/src/qemu/qemu_snapshot.c
index 833f880252..0733d44faa 100644
--- a/src/qemu/qemu_snapshot.c
+++ b/src/qemu/qemu_snapshot.c
@@ -291,7 +291,7 @@ qemuSnapshotCreateActiveInternal(virQEMUDriver *driver,
virDomainSnapshotDef *snapdef = virDomainSnapshotObjGetDef(snap);
int ret = -1;
- if (!qemuMigrationSrcIsAllowed(driver, vm, false, 0))
+ if (!qemuMigrationSrcIsAllowed(driver, vm, false, VIR_ASYNC_JOB_SNAPSHOT, 0))
goto cleanup;
if (virDomainObjGetState(vm, NULL) == VIR_DOMAIN_RUNNING) {
@@ -1422,7 +1422,7 @@ qemuSnapshotCreateActiveExternal(virQEMUDriver *driver,
/* do the memory snapshot if necessary */
if (memory) {
/* check if migration is possible */
- if (!qemuMigrationSrcIsAllowed(driver, vm, false, 0))
+ if (!qemuMigrationSrcIsAllowed(driver, vm, false, VIR_ASYNC_JOB_SNAPSHOT, 0))
goto cleanup;
qemuDomainJobSetStatsType(priv->job.current,
--
2.35.1

229
SOURCES/libvirt-qemu_migration-Apply-max-postcopy-bandwidth-on-post-copy-resume.patch
View File

@ -1,229 +0,0 @@
From b8c791a3fc2767e6d899e3e0c590a93cb0ee7e03 Mon Sep 17 00:00:00 2001
Message-Id: <b8c791a3fc2767e6d899e3e0c590a93cb0ee7e03@dist-git>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Thu, 30 Jun 2022 12:52:38 +0200
Subject: [PATCH] qemu_migration: Apply max-postcopy-bandwidth on post-copy
resume
When resuming post-copy migration users may want to limit the bandwidth
used by the migration and use a value that is different from the one
specified when the migration was originally started.
Resolves: https://gitlab.com/libvirt/libvirt/-/issues/333
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 766abdc291ba606379a7d197bff477fef25fb508)
https://bugzilla.redhat.com/show_bug.cgi?id=2111070
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_migration.c | 12 ++++++--
src/qemu/qemu_migration_params.c | 45 ++++++++++++++++++----------
src/qemu/qemu_migration_paramspriv.h | 3 +-
tests/qemumigparamstest.c | 2 +-
tests/qemumigrationcookiexmltest.c | 2 +-
5 files changed, 42 insertions(+), 22 deletions(-)
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 285a49c5ff..8a2f5b09a1 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -5097,12 +5097,13 @@ qemuMigrationSrcRun(virQEMUDriver *driver,
static int
qemuMigrationSrcResume(virDomainObj *vm,
- qemuMigrationParams *migParams G_GNUC_UNUSED,
+ qemuMigrationParams *migParams,
const char *cookiein,
int cookieinlen,
char **cookieout,
int *cookieoutlen,
- qemuMigrationSpec *spec)
+ qemuMigrationSpec *spec,
+ unsigned long flags)
{
qemuDomainObjPrivate *priv = vm->privateData;
virQEMUDriver *driver = priv->driver;
@@ -5119,6 +5120,10 @@ qemuMigrationSrcResume(virDomainObj *vm,
if (!mig)
return -1;
+ if (qemuMigrationParamsApply(driver, vm, VIR_ASYNC_JOB_MIGRATION_OUT,
+ migParams, flags) < 0)
+ return -1;
+
if (qemuDomainObjEnterMonitorAsync(driver, vm,
VIR_ASYNC_JOB_MIGRATION_OUT) < 0)
return -1;
@@ -5200,6 +5205,7 @@ qemuMigrationSrcPerformNative(virQEMUDriver *driver,
if (STREQ(uribits->scheme, "unix")) {
if ((flags & VIR_MIGRATE_TLS) &&
+ !(flags & VIR_MIGRATE_POSTCOPY_RESUME) &&
!qemuMigrationParamsTLSHostnameIsSet(migParams)) {
virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
_("Explicit destination hostname is required "
@@ -5231,7 +5237,7 @@ qemuMigrationSrcPerformNative(virQEMUDriver *driver,
if (flags & VIR_MIGRATE_POSTCOPY_RESUME) {
ret = qemuMigrationSrcResume(vm, migParams, cookiein, cookieinlen,
- cookieout, cookieoutlen, &spec);
+ cookieout, cookieoutlen, &spec, flags);
} else {
ret = qemuMigrationSrcRun(driver, vm, persist_xml, cookiein, cookieinlen,
cookieout, cookieoutlen, flags, resource,
diff --git a/src/qemu/qemu_migration_params.c b/src/qemu/qemu_migration_params.c
index a68aed9aa4..6ea0bde13a 100644
--- a/src/qemu/qemu_migration_params.c
+++ b/src/qemu/qemu_migration_params.c
@@ -141,6 +141,7 @@ struct _qemuMigrationParamsTPMapItem {
typedef struct _qemuMigrationParamInfoItem qemuMigrationParamInfoItem;
struct _qemuMigrationParamInfoItem {
qemuMigrationParamType type;
+ bool applyOnPostcopyResume;
};
/* Migration capabilities which should always be enabled as long as they
@@ -265,6 +266,7 @@ static const qemuMigrationParamInfoItem qemuMigrationParamInfo[] = {
},
[QEMU_MIGRATION_PARAM_MAX_POSTCOPY_BANDWIDTH] = {
.type = QEMU_MIGRATION_PARAM_TYPE_ULL,
+ .applyOnPostcopyResume = true,
},
[QEMU_MIGRATION_PARAM_MULTIFD_CHANNELS] = {
.type = QEMU_MIGRATION_PARAM_TYPE_INT,
@@ -782,7 +784,8 @@ qemuMigrationParamsFromJSON(virJSONValue *params)
virJSONValue *
-qemuMigrationParamsToJSON(qemuMigrationParams *migParams)
+qemuMigrationParamsToJSON(qemuMigrationParams *migParams,
+ bool postcopyResume)
{
g_autoptr(virJSONValue) params = virJSONValueNewObject();
size_t i;
@@ -795,6 +798,9 @@ qemuMigrationParamsToJSON(qemuMigrationParams *migParams)
if (!pv->set)
continue;
+ if (postcopyResume && !qemuMigrationParamInfo[i].applyOnPostcopyResume)
+ continue;
+
switch (qemuMigrationParamInfo[i].type) {
case QEMU_MIGRATION_PARAM_TYPE_INT:
rc = virJSONValueObjectAppendNumberInt(params, name, pv->value.i);
@@ -868,6 +874,7 @@ qemuMigrationCapsToJSON(virBitmap *caps,
*
* Send parameters stored in @migParams to QEMU. If @apiFlags is non-zero, some
* parameters that do not make sense for the enabled flags will be ignored.
+ * VIR_MIGRATE_POSTCOPY_RESUME is the only flag checked currently.
*
* Returns 0 on success, -1 on failure.
*/
@@ -876,32 +883,38 @@ qemuMigrationParamsApply(virQEMUDriver *driver,
virDomainObj *vm,
int asyncJob,
qemuMigrationParams *migParams,
- unsigned long apiFlags G_GNUC_UNUSED)
+ unsigned long apiFlags)
{
qemuDomainObjPrivate *priv = vm->privateData;
bool xbzrleCacheSize_old = false;
g_autoptr(virJSONValue) params = NULL;
g_autoptr(virJSONValue) caps = NULL;
qemuMigrationParam xbzrle = QEMU_MIGRATION_PARAM_XBZRLE_CACHE_SIZE;
+ bool postcopyResume = !!(apiFlags & VIR_MIGRATE_POSTCOPY_RESUME);
int ret = -1;
if (qemuDomainObjEnterMonitorAsync(driver, vm, asyncJob) < 0)
return -1;
- if (asyncJob == VIR_ASYNC_JOB_NONE) {
- if (!virBitmapIsAllClear(migParams->caps)) {
- virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("Migration capabilities can only be set by "
- "a migration job"));
- goto cleanup;
- }
- } else {
- if (!(caps = qemuMigrationCapsToJSON(priv->migrationCaps, migParams->caps)))
- goto cleanup;
+ /* Changing capabilities is only allowed before migration starts, we need
+ * to skip them when resuming post-copy migration.
+ */
+ if (!postcopyResume) {
+ if (asyncJob == VIR_ASYNC_JOB_NONE) {
+ if (!virBitmapIsAllClear(migParams->caps)) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("Migration capabilities can only be set by "
+ "a migration job"));
+ goto cleanup;
+ }
+ } else {
+ if (!(caps = qemuMigrationCapsToJSON(priv->migrationCaps, migParams->caps)))
+ goto cleanup;
- if (virJSONValueArraySize(caps) > 0 &&
- qemuMonitorSetMigrationCapabilities(priv->mon, &caps) < 0)
- goto cleanup;
+ if (virJSONValueArraySize(caps) > 0 &&
+ qemuMonitorSetMigrationCapabilities(priv->mon, &caps) < 0)
+ goto cleanup;
+ }
}
/* If QEMU is too old to support xbzrle-cache-size migration parameter,
@@ -917,7 +930,7 @@ qemuMigrationParamsApply(virQEMUDriver *driver,
migParams->params[xbzrle].set = false;
}
- if (!(params = qemuMigrationParamsToJSON(migParams)))
+ if (!(params = qemuMigrationParamsToJSON(migParams, postcopyResume)))
goto cleanup;
if (virJSONValueObjectKeysNumber(params) > 0 &&
diff --git a/src/qemu/qemu_migration_paramspriv.h b/src/qemu/qemu_migration_paramspriv.h
index f7e0f51fbd..34d51231ff 100644
--- a/src/qemu/qemu_migration_paramspriv.h
+++ b/src/qemu/qemu_migration_paramspriv.h
@@ -26,7 +26,8 @@
#pragma once
virJSONValue *
-qemuMigrationParamsToJSON(qemuMigrationParams *migParams);
+qemuMigrationParamsToJSON(qemuMigrationParams *migParams,
+ bool postcopyResume);
qemuMigrationParams *
qemuMigrationParamsFromJSON(virJSONValue *params);
diff --git a/tests/qemumigparamstest.c b/tests/qemumigparamstest.c
index bcdee5f32b..5d45a9dd58 100644
--- a/tests/qemumigparamstest.c
+++ b/tests/qemumigparamstest.c
@@ -155,7 +155,7 @@ qemuMigParamsTestJSON(const void *opaque)
if (!(migParams = qemuMigrationParamsFromJSON(paramsIn)))
return -1;
- if (!(paramsOut = qemuMigrationParamsToJSON(migParams)) ||
+ if (!(paramsOut = qemuMigrationParamsToJSON(migParams, false)) ||
!(actualJSON = virJSONValueToString(paramsOut, true)))
return -1;
diff --git a/tests/qemumigrationcookiexmltest.c b/tests/qemumigrationcookiexmltest.c
index 316bfedd15..9731348b53 100644
--- a/tests/qemumigrationcookiexmltest.c
+++ b/tests/qemumigrationcookiexmltest.c
@@ -333,7 +333,7 @@ testQemuMigrationCookieBlockDirtyBitmaps(const void *opaque)
qemuMigrationParamsSetBlockDirtyBitmapMapping(migParams, &migParamsBitmaps);
- if (!(paramsOut = qemuMigrationParamsToJSON(migParams)) ||
+ if (!(paramsOut = qemuMigrationParamsToJSON(migParams, false)) ||
!(actualJSON = virJSONValueToString(paramsOut, true)))
return -1;
--
2.35.1

70
SOURCES/libvirt-qemu_migration-Pass-migParams-to-qemuMigrationSrcResume.patch
View File

@ -1,70 +0,0 @@
From d24586ede83472f850d1a0c520d482ac5f908696 Mon Sep 17 00:00:00 2001
Message-Id: <d24586ede83472f850d1a0c520d482ac5f908696@dist-git>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Thu, 30 Jun 2022 12:51:55 +0200
Subject: [PATCH] qemu_migration: Pass migParams to qemuMigrationSrcResume
So the we can apply selected migration parameters even when resuming
post-copy migration.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 8c335b5530194dbcef719a4d88c89b8723b831a5)
https://bugzilla.redhat.com/show_bug.cgi?id=2111070
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_migration.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 8cbd73a809..285a49c5ff 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -5097,6 +5097,7 @@ qemuMigrationSrcRun(virQEMUDriver *driver,
static int
qemuMigrationSrcResume(virDomainObj *vm,
+ qemuMigrationParams *migParams G_GNUC_UNUSED,
const char *cookiein,
int cookieinlen,
char **cookieout,
@@ -5229,7 +5230,7 @@ qemuMigrationSrcPerformNative(virQEMUDriver *driver,
spec.fwdType = MIGRATION_FWD_DIRECT;
if (flags & VIR_MIGRATE_POSTCOPY_RESUME) {
- ret = qemuMigrationSrcResume(vm, cookiein, cookieinlen,
+ ret = qemuMigrationSrcResume(vm, migParams, cookiein, cookieinlen,
cookieout, cookieoutlen, &spec);
} else {
ret = qemuMigrationSrcRun(driver, vm, persist_xml, cookiein, cookieinlen,
@@ -6124,6 +6125,7 @@ qemuMigrationSrcPerformResume(virQEMUDriver *driver,
virConnectPtr conn,
virDomainObj *vm,
const char *uri,
+ qemuMigrationParams *migParams,
const char *cookiein,
int cookieinlen,
char **cookieout,
@@ -6148,7 +6150,7 @@ qemuMigrationSrcPerformResume(virQEMUDriver *driver,
ret = qemuMigrationSrcPerformNative(driver, vm, NULL, uri,
cookiein, cookieinlen,
cookieout, cookieoutlen, flags,
- 0, NULL, NULL, 0, NULL, NULL, NULL);
+ 0, NULL, NULL, 0, NULL, migParams, NULL);
if (virCloseCallbacksSet(driver->closeCallbacks, vm, conn,
qemuMigrationAnyConnectionClosed) < 0)
@@ -6188,7 +6190,7 @@ qemuMigrationSrcPerformPhase(virQEMUDriver *driver,
int ret = -1;
if (flags & VIR_MIGRATE_POSTCOPY_RESUME) {
- return qemuMigrationSrcPerformResume(driver, conn, vm, uri,
+ return qemuMigrationSrcPerformResume(driver, conn, vm, uri, migParams,
cookiein, cookieinlen,
cookieout, cookieoutlen, flags);
}
--
2.35.1

51
SOURCES/libvirt-qemu_migration-Store-original-migration-params-in-status-XML.patch
View File

@ -1,51 +0,0 @@
From c50cae68f0d083ad0c5ffcf85908cc62eeaa866d Mon Sep 17 00:00:00 2001
Message-Id: <c50cae68f0d083ad0c5ffcf85908cc62eeaa866d@dist-git>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Tue, 19 Jul 2022 13:48:44 +0200
Subject: [PATCH] qemu_migration: Store original migration params in status XML
We keep original values of migration parameters so that we can restore
them at the end of migration to make sure later migration does not use
some random values. However, this does not really work when libvirt
daemon is restarted on the source host because we failed to explicitly
save the status XML after getting the migration parameters from QEMU.
Actually it might work if the status XML is written later for some other
reason such as domain state change, but that's not how it should work.
https://bugzilla.redhat.com/show_bug.cgi?id=2107892
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit c7238941357f0d2e94524cf8c5ad7d9c82dcf2f9)
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_migration.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 8a2f5b09a1..9289df81eb 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -3245,6 +3245,9 @@ qemuMigrationDstPrepareActive(virQEMUDriver *driver,
migParams, mig->caps->automatic) < 0)
goto error;
+ /* Save original migration parameters */
+ qemuDomainSaveStatus(vm);
+
/* Migrations using TLS need to add the "tls-creds-x509" object and
* set the migration TLS parameters */
if (flags & VIR_MIGRATE_TLS) {
@@ -4822,6 +4825,9 @@ qemuMigrationSrcRun(virQEMUDriver *driver,
migParams, mig->caps->automatic) < 0)
goto error;
+ /* Save original migration parameters */
+ qemuDomainSaveStatus(vm);
+
if (flags & VIR_MIGRATE_TLS) {
const char *hostname = NULL;
--
2.35.1

64
SOURCES/libvirt-qemu_migration-Use-EnterMonitorAsync-in-qemuDomainGetMigrationBlockers.patch
View File

@ -1,64 +0,0 @@
From 25fe3cf8990b654fd568f580b8885102b3f92789 Mon Sep 17 00:00:00 2001
Message-Id: <25fe3cf8990b654fd568f580b8885102b3f92789@dist-git>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Thu, 21 Jul 2022 15:00:28 +0200
Subject: [PATCH] qemu_migration: Use EnterMonitorAsync in
qemuDomainGetMigrationBlockers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The code is run with an async job and thus needs to make sure a nested
job is acquired before entering the monitor.
While touching the code in qemuMigrationSrcIsAllowed I also fixed the
grammar which was accidentally broken by v8.5.0-140-g2103807e33.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 62627524607f214e724a48fcac575737f49a271c)
Resolves: https://bugzilla.redhat.com/2092833
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
---
src/qemu/qemu_migration.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 2f77e45abf..735eb02673 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -1418,12 +1418,15 @@ qemuMigrationSrcIsAllowedHostdev(const virDomainDef *def)
static int
qemuDomainGetMigrationBlockers(virQEMUDriver *driver,
virDomainObj *vm,
+ int asyncJob,
char ***blockers)
{
qemuDomainObjPrivate *priv = vm->privateData;
int rc;
- qemuDomainObjEnterMonitor(driver, vm);
+ if (qemuDomainObjEnterMonitorAsync(driver, vm, asyncJob) < 0)
+ return -1;
+
rc = qemuMonitorGetMigrationBlockers(priv->mon, blockers);
qemuDomainObjExitMonitor(vm);
@@ -1458,10 +1461,12 @@ qemuMigrationSrcIsAllowed(virQEMUDriver *driver,
bool blockedReasonsCap = virQEMUCapsGet(priv->qemuCaps,
QEMU_CAPS_MIGRATION_BLOCKED_REASONS);
- /* Ask qemu if it have a migration blocker */
+ /* Ask qemu if it has a migration blocker */
if (blockedReasonsCap) {
g_auto(GStrv) blockers = NULL;
- if (qemuDomainGetMigrationBlockers(driver, vm, &blockers) < 0)
+ if (qemuDomainGetMigrationBlockers(driver, vm,
+ VIR_ASYNC_JOB_MIGRATION_OUT,
+ &blockers) < 0)
return false;
if (blockers && blockers[0]) {
--
2.35.1

62
SOURCES/libvirt-qemu_migration_params-Avoid-deadlock-in-qemuMigrationParamsReset.patch
View File

@ -1,62 +0,0 @@
From 0022c9aef2ecf60e9091e6df57e56065b14b67c5 Mon Sep 17 00:00:00 2001
Message-Id: <0022c9aef2ecf60e9091e6df57e56065b14b67c5@dist-git>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Thu, 28 Jul 2022 15:35:45 +0200
Subject: [PATCH] qemu_migration_params: Avoid deadlock in
qemuMigrationParamsReset
In my recent comnmit v8.5.0-188-gc47f1abb81 I accidentally moved
qemuMigrationParamsResetTLS after qemuDomainObjEnterMonitorAsync not
noticing qemuMigrationParamsResetTLS will try to enter the monitor
again. The second call will time out and return with a domain object
locked. But we're still in monitor section and the object should be
unlocked which means qemuDomainObjExitMonitor will deadlock trying to
lock it again.
Fixes: c47f1abb81194461377a0c608a7ecd87f9ce9146
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 8cb19a9b9a56ab6ebefc1f913c545e0bb86d4364)
https://bugzilla.redhat.com/show_bug.cgi?id=2107892
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_migration_params.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_migration_params.c b/src/qemu/qemu_migration_params.c
index 4a824ff5e1..4766d16e64 100644
--- a/src/qemu/qemu_migration_params.c
+++ b/src/qemu/qemu_migration_params.c
@@ -1291,6 +1291,7 @@ qemuMigrationParamsReset(virQEMUDriver *driver,
{
virErrorPtr err;
g_autoptr(virBitmap) clearCaps = NULL;
+ int rc;
virErrorPreserveLast(&err);
@@ -1305,11 +1306,16 @@ qemuMigrationParamsReset(virQEMUDriver *driver,
clearCaps = virBitmapNew(0);
- if (qemuMigrationParamsApplyCaps(vm, clearCaps) == 0 &&
- qemuMigrationParamsApplyValues(vm, origParams, false) == 0)
- qemuMigrationParamsResetTLS(driver, vm, asyncJob, origParams, apiFlags);
+ rc = 0;
+ if (qemuMigrationParamsApplyCaps(vm, clearCaps) < 0 ||
+ qemuMigrationParamsApplyValues(vm, origParams, false) < 0)
+ rc = -1;
qemuDomainObjExitMonitor(vm);
+ if (rc < 0)
+ goto cleanup;
+
+ qemuMigrationParamsResetTLS(driver, vm, asyncJob, origParams, apiFlags);
cleanup:
virErrorRestore(&err);
--
2.35.1

107
SOURCES/libvirt-qemu_migration_params-Refactor-qemuMigrationParamsApply.patch
View File

@ -1,107 +0,0 @@
From 852927ea725deae6d4ef8a87383a78d9b0b1cd83 Mon Sep 17 00:00:00 2001
Message-Id: <852927ea725deae6d4ef8a87383a78d9b0b1cd83@dist-git>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Thu, 21 Jul 2022 15:59:51 +0200
Subject: [PATCH] qemu_migration_params: Refactor qemuMigrationParamsApply
qemuMigrationParamsApply restricts when capabilities can be set, but
this is not useful in all cases. Let's create new helpers for setting
migration capabilities and parameters which can be reused in more places
without the restriction.
https://bugzilla.redhat.com/show_bug.cgi?id=2107892
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit c0824fd03802085db698c10fe62c98cc95a57941)
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_migration_params.c | 55 +++++++++++++++++++++++---------
1 file changed, 40 insertions(+), 15 deletions(-)
diff --git a/src/qemu/qemu_migration_params.c b/src/qemu/qemu_migration_params.c
index 0bce358ac3..7b9e5453f6 100644
--- a/src/qemu/qemu_migration_params.c
+++ b/src/qemu/qemu_migration_params.c
@@ -864,6 +864,43 @@ qemuMigrationCapsToJSON(virBitmap *caps,
}
+static int
+qemuMigrationParamsApplyCaps(virDomainObj *vm,
+ virBitmap *states)
+{
+ qemuDomainObjPrivate *priv = vm->privateData;
+ g_autoptr(virJSONValue) json = NULL;
+
+ if (!(json = qemuMigrationCapsToJSON(priv->migrationCaps, states)))
+ return -1;
+
+ if (virJSONValueArraySize(json) > 0 &&
+ qemuMonitorSetMigrationCapabilities(priv->mon, &json) < 0)
+ return -1;
+
+ return 0;
+}
+
+
+static int
+qemuMigrationParamsApplyValues(virDomainObj *vm,
+ qemuMigrationParams *params,
+ bool postcopyResume)
+{
+ qemuDomainObjPrivate *priv = vm->privateData;
+ g_autoptr(virJSONValue) json = NULL;
+
+ if (!(json = qemuMigrationParamsToJSON(params, postcopyResume)))
+ return -1;
+
+ if (virJSONValueObjectKeysNumber(json) > 0 &&
+ qemuMonitorSetMigrationParams(priv->mon, &json) < 0)
+ return -1;
+
+ return 0;
+}
+
+
/**
* qemuMigrationParamsApply
* @driver: qemu driver
@@ -885,9 +922,6 @@ qemuMigrationParamsApply(virQEMUDriver *driver,
qemuMigrationParams *migParams,
unsigned long apiFlags)
{
- qemuDomainObjPrivate *priv = vm->privateData;
- g_autoptr(virJSONValue) params = NULL;
- g_autoptr(virJSONValue) caps = NULL;
bool postcopyResume = !!(apiFlags & VIR_MIGRATE_POSTCOPY_RESUME);
int ret = -1;
@@ -905,21 +939,12 @@ qemuMigrationParamsApply(virQEMUDriver *driver,
"a migration job"));
goto cleanup;
}
- } else {
- if (!(caps = qemuMigrationCapsToJSON(priv->migrationCaps, migParams->caps)))
- goto cleanup;
-
- if (virJSONValueArraySize(caps) > 0 &&
- qemuMonitorSetMigrationCapabilities(priv->mon, &caps) < 0)
- goto cleanup;
+ } else if (qemuMigrationParamsApplyCaps(vm, migParams->caps) < 0) {
+ goto cleanup;
}
}
- if (!(params = qemuMigrationParamsToJSON(migParams, postcopyResume)))
- goto cleanup;
-
- if (virJSONValueObjectKeysNumber(params) > 0 &&
- qemuMonitorSetMigrationParams(priv->mon, &params) < 0)
+ if (qemuMigrationParamsApplyValues(vm, migParams, postcopyResume) < 0)
goto cleanup;
ret = 0;
--
2.35.1

63
SOURCES/libvirt-qemu_migration_params-Refactor-qemuMigrationParamsReset.patch
View File

@ -1,63 +0,0 @@
From 2a05454cd2d6ba283c128158f44d84d65832ebf7 Mon Sep 17 00:00:00 2001
Message-Id: <2a05454cd2d6ba283c128158f44d84d65832ebf7@dist-git>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Thu, 21 Jul 2022 16:49:09 +0200
Subject: [PATCH] qemu_migration_params: Refactor qemuMigrationParamsReset
Because qemuMigrationParamsReset used to call qemuMigrationParamsApply
for resetting migration capabilities and parameters, it did not work
well since commit v5.1.0-83-ga1dec315c9 which only allowed capabilities
to be set from an async job. However, when reconnecting to running
domains after daemon restart we do not have an async job. Thus the
capabilities were not properly reset in case the daemon was restarted
during an ongoing migration. We need to avoid calling
qemuMigrationParamsApply to make sure both parameters and capabilities
can be reset by a normal job.
https://bugzilla.redhat.com/show_bug.cgi?id=2107892
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit c47f1abb81194461377a0c608a7ecd87f9ce9146)
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_migration_params.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/src/qemu/qemu_migration_params.c b/src/qemu/qemu_migration_params.c
index 7b9e5453f6..4a824ff5e1 100644
--- a/src/qemu/qemu_migration_params.c
+++ b/src/qemu/qemu_migration_params.c
@@ -1290,6 +1290,7 @@ qemuMigrationParamsReset(virQEMUDriver *driver,
unsigned long apiFlags)
{
virErrorPtr err;
+ g_autoptr(virBitmap) clearCaps = NULL;
virErrorPreserveLast(&err);
@@ -1299,13 +1300,16 @@ qemuMigrationParamsReset(virQEMUDriver *driver,
if (!virDomainObjIsActive(vm) || !origParams)
goto cleanup;
- /* Do not pass apiFlags to qemuMigrationParamsApply here to make sure all
- * parameters and capabilities are reset. */
- if (qemuMigrationParamsApply(driver, vm, asyncJob, origParams, 0) < 0)
+ if (qemuDomainObjEnterMonitorAsync(driver, vm, asyncJob) < 0)
goto cleanup;
- qemuMigrationParamsResetTLS(driver, vm, asyncJob, origParams, apiFlags);
- /* We don't reset 'block-bitmap-mapping' as it can't be unset */
+ clearCaps = virBitmapNew(0);
+
+ if (qemuMigrationParamsApplyCaps(vm, clearCaps) == 0 &&
+ qemuMigrationParamsApplyValues(vm, origParams, false) == 0)
+ qemuMigrationParamsResetTLS(driver, vm, asyncJob, origParams, apiFlags);
+
+ qemuDomainObjExitMonitor(vm);
cleanup:
virErrorRestore(&err);
--
2.35.1

176
SOURCES/libvirt-qemu_migration_params-Replace-qemuMigrationParamTypes-array.patch
View File

@ -1,176 +0,0 @@
From aa4b6b4877d60218c24d4ae713786f5ee37ac6dc Mon Sep 17 00:00:00 2001
Message-Id: <aa4b6b4877d60218c24d4ae713786f5ee37ac6dc@dist-git>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Wed, 29 Jun 2022 15:12:20 +0200
Subject: [PATCH] qemu_migration_params: Replace qemuMigrationParamTypes array
We will need to annotate individual parameters a bit more than just
noting their type. Let's introduce qemuMigrationParamInfo replacing
simple qemuMigrationParamTypes with an array of structs.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 184749691f27f30a39f6f6c77828ffb951af0255)
https://bugzilla.redhat.com/show_bug.cgi?id=2111070
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_migration_params.c | 77 ++++++++++++++++++++++----------
1 file changed, 54 insertions(+), 23 deletions(-)
diff --git a/src/qemu/qemu_migration_params.c b/src/qemu/qemu_migration_params.c
index 398c07efd0..a68aed9aa4 100644
--- a/src/qemu/qemu_migration_params.c
+++ b/src/qemu/qemu_migration_params.c
@@ -138,6 +138,11 @@ struct _qemuMigrationParamsTPMapItem {
int party; /* bit-wise OR of qemuMigrationParty */
};
+typedef struct _qemuMigrationParamInfoItem qemuMigrationParamInfoItem;
+struct _qemuMigrationParamInfoItem {
+ qemuMigrationParamType type;
+};
+
/* Migration capabilities which should always be enabled as long as they
* are supported by QEMU. If the capability is supposed to be enabled on both
* sides of migration, it won't be enabled unless both sides support it.
@@ -224,22 +229,48 @@ static const qemuMigrationParamsTPMapItem qemuMigrationParamsTPMap[] = {
.party = QEMU_MIGRATION_SOURCE},
};
-static const qemuMigrationParamType qemuMigrationParamTypes[] = {
- [QEMU_MIGRATION_PARAM_COMPRESS_LEVEL] = QEMU_MIGRATION_PARAM_TYPE_INT,
- [QEMU_MIGRATION_PARAM_COMPRESS_THREADS] = QEMU_MIGRATION_PARAM_TYPE_INT,
- [QEMU_MIGRATION_PARAM_DECOMPRESS_THREADS] = QEMU_MIGRATION_PARAM_TYPE_INT,
- [QEMU_MIGRATION_PARAM_THROTTLE_INITIAL] = QEMU_MIGRATION_PARAM_TYPE_INT,
- [QEMU_MIGRATION_PARAM_THROTTLE_INCREMENT] = QEMU_MIGRATION_PARAM_TYPE_INT,
- [QEMU_MIGRATION_PARAM_TLS_CREDS] = QEMU_MIGRATION_PARAM_TYPE_STRING,
- [QEMU_MIGRATION_PARAM_TLS_HOSTNAME] = QEMU_MIGRATION_PARAM_TYPE_STRING,
- [QEMU_MIGRATION_PARAM_MAX_BANDWIDTH] = QEMU_MIGRATION_PARAM_TYPE_ULL,
- [QEMU_MIGRATION_PARAM_DOWNTIME_LIMIT] = QEMU_MIGRATION_PARAM_TYPE_ULL,
- [QEMU_MIGRATION_PARAM_BLOCK_INCREMENTAL] = QEMU_MIGRATION_PARAM_TYPE_BOOL,
- [QEMU_MIGRATION_PARAM_XBZRLE_CACHE_SIZE] = QEMU_MIGRATION_PARAM_TYPE_ULL,
- [QEMU_MIGRATION_PARAM_MAX_POSTCOPY_BANDWIDTH] = QEMU_MIGRATION_PARAM_TYPE_ULL,
- [QEMU_MIGRATION_PARAM_MULTIFD_CHANNELS] = QEMU_MIGRATION_PARAM_TYPE_INT,
+static const qemuMigrationParamInfoItem qemuMigrationParamInfo[] = {
+ [QEMU_MIGRATION_PARAM_COMPRESS_LEVEL] = {
+ .type = QEMU_MIGRATION_PARAM_TYPE_INT,
+ },
+ [QEMU_MIGRATION_PARAM_COMPRESS_THREADS] = {
+ .type = QEMU_MIGRATION_PARAM_TYPE_INT,
+ },
+ [QEMU_MIGRATION_PARAM_DECOMPRESS_THREADS] = {
+ .type = QEMU_MIGRATION_PARAM_TYPE_INT,
+ },
+ [QEMU_MIGRATION_PARAM_THROTTLE_INITIAL] = {
+ .type = QEMU_MIGRATION_PARAM_TYPE_INT,
+ },
+ [QEMU_MIGRATION_PARAM_THROTTLE_INCREMENT] = {
+ .type = QEMU_MIGRATION_PARAM_TYPE_INT,
+ },
+ [QEMU_MIGRATION_PARAM_TLS_CREDS] = {
+ .type = QEMU_MIGRATION_PARAM_TYPE_STRING,
+ },
+ [QEMU_MIGRATION_PARAM_TLS_HOSTNAME] = {
+ .type = QEMU_MIGRATION_PARAM_TYPE_STRING,
+ },
+ [QEMU_MIGRATION_PARAM_MAX_BANDWIDTH] = {
+ .type = QEMU_MIGRATION_PARAM_TYPE_ULL,
+ },
+ [QEMU_MIGRATION_PARAM_DOWNTIME_LIMIT] = {
+ .type = QEMU_MIGRATION_PARAM_TYPE_ULL,
+ },
+ [QEMU_MIGRATION_PARAM_BLOCK_INCREMENTAL] = {
+ .type = QEMU_MIGRATION_PARAM_TYPE_BOOL,
+ },
+ [QEMU_MIGRATION_PARAM_XBZRLE_CACHE_SIZE] = {
+ .type = QEMU_MIGRATION_PARAM_TYPE_ULL,
+ },
+ [QEMU_MIGRATION_PARAM_MAX_POSTCOPY_BANDWIDTH] = {
+ .type = QEMU_MIGRATION_PARAM_TYPE_ULL,
+ },
+ [QEMU_MIGRATION_PARAM_MULTIFD_CHANNELS] = {
+ .type = QEMU_MIGRATION_PARAM_TYPE_INT,
+ },
};
-G_STATIC_ASSERT(G_N_ELEMENTS(qemuMigrationParamTypes) == QEMU_MIGRATION_PARAM_LAST);
+G_STATIC_ASSERT(G_N_ELEMENTS(qemuMigrationParamInfo) == QEMU_MIGRATION_PARAM_LAST);
virBitmap *
@@ -281,7 +312,7 @@ qemuMigrationParamsFree(qemuMigrationParams *migParams)
return;
for (i = 0; i < QEMU_MIGRATION_PARAM_LAST; i++) {
- if (qemuMigrationParamTypes[i] == QEMU_MIGRATION_PARAM_TYPE_STRING)
+ if (qemuMigrationParamInfo[i].type == QEMU_MIGRATION_PARAM_TYPE_STRING)
g_free(migParams->params[i].value.s);
}
@@ -295,7 +326,7 @@ static int
qemuMigrationParamsCheckType(qemuMigrationParam param,
qemuMigrationParamType type)
{
- if (qemuMigrationParamTypes[param] != type) {
+ if (qemuMigrationParamInfo[param].type != type) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("Type mismatch for '%s' migration parameter"),
qemuMigrationParamTypeToString(param));
@@ -595,7 +626,7 @@ qemuMigrationParamsFromFlags(virTypedParameterPtr params,
VIR_DEBUG("Setting migration parameter '%s' from '%s'",
qemuMigrationParamTypeToString(item->param), item->typedParam);
- switch (qemuMigrationParamTypes[item->param]) {
+ switch (qemuMigrationParamInfo[item->param].type) {
case QEMU_MIGRATION_PARAM_TYPE_INT:
if (qemuMigrationParamsGetTPInt(migParams, item->param, params,
nparams, item->typedParam,
@@ -671,7 +702,7 @@ qemuMigrationParamsDump(qemuMigrationParams *migParams,
if (!(item->party & QEMU_MIGRATION_DESTINATION))
continue;
- switch (qemuMigrationParamTypes[item->param]) {
+ switch (qemuMigrationParamInfo[item->param].type) {
case QEMU_MIGRATION_PARAM_TYPE_INT:
if (qemuMigrationParamsSetTPInt(migParams, item->param,
params, nparams, maxparams,
@@ -721,7 +752,7 @@ qemuMigrationParamsFromJSON(virJSONValue *params)
name = qemuMigrationParamTypeToString(i);
pv = &migParams->params[i];
- switch (qemuMigrationParamTypes[i]) {
+ switch (qemuMigrationParamInfo[i].type) {
case QEMU_MIGRATION_PARAM_TYPE_INT:
if (virJSONValueObjectGetNumberInt(params, name, &pv->value.i) == 0)
pv->set = true;
@@ -764,7 +795,7 @@ qemuMigrationParamsToJSON(qemuMigrationParams *migParams)
if (!pv->set)
continue;
- switch (qemuMigrationParamTypes[i]) {
+ switch (qemuMigrationParamInfo[i].type) {
case QEMU_MIGRATION_PARAM_TYPE_INT:
rc = virJSONValueObjectAppendNumberInt(params, name, pv->value.i);
break;
@@ -1280,7 +1311,7 @@ qemuMigrationParamsFormat(virBuffer *buf,
virBufferAsprintf(buf, "<param name='%s' ",
qemuMigrationParamTypeToString(i));
- switch (qemuMigrationParamTypes[i]) {
+ switch (qemuMigrationParamInfo[i].type) {
case QEMU_MIGRATION_PARAM_TYPE_INT:
virBufferAsprintf(buf, "value='%d'", pv->value.i);
break;
@@ -1357,7 +1388,7 @@ qemuMigrationParamsParse(xmlXPathContextPtr ctxt,
}
rc = 0;
- switch (qemuMigrationParamTypes[param]) {
+ switch (qemuMigrationParamInfo[param].type) {
case QEMU_MIGRATION_PARAM_TYPE_INT:
rc = virStrToLong_i(value, NULL, 10, &pv->value.i);
break;
--
2.35.1

59
SOURCES/libvirt-qemu_namespace-Deal-with-nested-mounts-when-umount-ing-dev.patch Normal file
View File

@ -0,0 +1,59 @@
From fd06fc3affcda0d7af1721c26915b8d87e0b2614 Mon Sep 17 00:00:00 2001
Message-Id: <fd06fc3affcda0d7af1721c26915b8d87e0b2614@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 7 Feb 2023 15:06:32 +0100
Subject: [PATCH] qemu_namespace: Deal with nested mounts when umount()-ing
/dev
In one of recent commits (v9.0.0-rc1~106) I've made our QEMU
namespace code umount the original /dev. One of the reasons was
enhanced security, because previously we just mounted a tmpfs
over the original /dev. Thus a malicious QEMU could just
umount("/dev") and it would get to the original /dev with all
nodes.
Now, on some systems this introduced a regression:
failed to umount devfs on /dev: Device or resource busy
But how this could be? We've moved all file systems mounted under
/dev to a temporary location. Or have we? As it turns out, not
quite. If there are two file systems mounted on the same target,
e.g. like this:
mount -t tmpfs tmpfs /dev/shm/ && mount -t tmpfs tmpfs /dev/shm/
then only the top most (i.e. the last one) is moved. See
qemuDomainUnshareNamespace() for more info.
Now, we could enhance our code to deal with these "doubled" mount
points. Or, since it is the top most file system that is
accessible anyways (and this one is preserved), we can
umount("/dev") in a recursive fashion.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2167302
Fixes: 379c0ce4bfed8733dfbde557c359eecc5474ce38
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
(cherry picked from commit 5155ab4b2a704285505dfea6ffee8b980fdaa29e)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_namespace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
index 5769a4dfe0..5fc043bd62 100644
--- a/src/qemu/qemu_namespace.c
+++ b/src/qemu/qemu_namespace.c
@@ -777,7 +777,7 @@ qemuDomainUnshareNamespace(virQEMUDriverConfig *cfg,
}
#if defined(__linux__)
- if (umount("/dev") < 0) {
+ if (umount2("/dev", MNT_DETACH) < 0) {
virReportSystemError(errno, "%s", _("failed to umount devfs on /dev"));
return -1;
}
--
2.39.1

80
SOURCES/libvirt-qemu_namespace-Fix-a-corner-case-in-qemuDomainGetPreservedMounts.patch
View File

@ -1,80 +0,0 @@
From 6b3a0480cf2de402abce168aa0b093a8dc4f7a57 Mon Sep 17 00:00:00 2001
Message-Id: <6b3a0480cf2de402abce168aa0b093a8dc4f7a57@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 6 Sep 2022 13:43:22 +0200
Subject: [PATCH] qemu_namespace: Fix a corner case in
qemuDomainGetPreservedMounts()
When setting up namespace for QEMU we look at mount points under
/dev (like /dev/pts, /dev/mqueue/, etc.) because we want to
preserve those (which is done by moving them to a temp location,
unshare(), and then moving them back). We have a convenience
helper - qemuDomainGetPreservedMounts() - that processes the
mount table and (optionally) moves the other filesystems too.
This helper is also used when attempting to create a path in NS,
because the path, while starting with "/dev/" prefix, may
actually lead to one of those filesystems that we preserved.
And here comes the corner case: while we require the parent mount
table to be in shared mode (equivalent of `mount --make-rshared /'),
these mount events propagate iff the target path exist inside the
slave mount table (= QEMU's private namespace). And since we
create only a subset of /dev nodes, well, that assumption is not
always the case.
For instance, assume that a domain is already running, no
hugepages were configured for it nor any hugetlbfs is mounted.
Now, when a hugetlbfs is mounted into '/dev/hugepages', this is
propagated into the QEMU's namespace, but since the target dir
does not exist in the private /dev, the FS is not mounted in the
namespace.
Fortunately, this difference between namespaces is visible when
comparing /proc/mounts and /proc/$PID/mounts (where PID is the
QEMU's PID). Therefore, if possible we should look at the latter.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit 46b03819ae8d833b11c2aaccb2c2a0361727f51b)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2152083
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_namespace.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
index 71e3366ca5..807ec37c91 100644
--- a/src/qemu/qemu_namespace.c
+++ b/src/qemu/qemu_namespace.c
@@ -109,6 +109,8 @@ qemuDomainGetPreservedMountPath(virQEMUDriverConfig *cfg,
* b) generate backup path for all the entries in a)
*
* Any of the return pointers can be NULL. Both arrays are NULL-terminated.
+ * Get the mount table either from @vm's PID (if running), or from the
+ * namespace we're in (if @vm's not running).
*
* Returns 0 on success, -1 otherwise (with error reported)
*/
@@ -123,12 +125,18 @@ qemuDomainGetPreservedMounts(virQEMUDriverConfig *cfg,
size_t nmounts = 0;
g_auto(GStrv) paths = NULL;
g_auto(GStrv) savePaths = NULL;
+ g_autofree char *mountsPath = NULL;
size_t i;
if (ndevPath)
*ndevPath = 0;
- if (virFileGetMountSubtree(QEMU_PROC_MOUNTS, "/dev", &mounts, &nmounts) < 0)
+ if (vm->pid > 0)
+ mountsPath = g_strdup_printf("/proc/%lld/mounts", (long long) vm->pid);
+ else
+ mountsPath = g_strdup(QEMU_PROC_MOUNTS);
+
+ if (virFileGetMountSubtree(mountsPath, "/dev", &mounts, &nmounts) < 0)
return -1;
if (nmounts == 0)
--
2.39.0

68
SOURCES/libvirt-qemu_namespace-Introduce-qemuDomainNamespaceSetupPath.patch
View File

@ -1,68 +0,0 @@
From c8379fdd0f13af84f4b2ed449f8de77117fd8bc7 Mon Sep 17 00:00:00 2001
Message-Id: <c8379fdd0f13af84f4b2ed449f8de77117fd8bc7@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 6 Sep 2022 13:43:58 +0200
Subject: [PATCH] qemu_namespace: Introduce qemuDomainNamespaceSetupPath()
Sometimes it may come handy to just bind mount a directory/file
into domain's namespace. Implement a thin wrapper over
qemuNamespaceMknodPaths() which has all the logic we need.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit 5853d707189005a4ea5b2215e80853867b822fd9)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2152083
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_namespace.c | 19 +++++++++++++++++++
src/qemu/qemu_namespace.h | 4 ++++
2 files changed, 23 insertions(+)
diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
index 807ec37c91..09e235e120 100644
--- a/src/qemu/qemu_namespace.c
+++ b/src/qemu/qemu_namespace.c
@@ -1424,6 +1424,25 @@ qemuNamespaceUnlinkPaths(virDomainObj *vm,
}
+int
+qemuDomainNamespaceSetupPath(virDomainObj *vm,
+ const char *path,
+ bool *created)
+{
+ g_autoptr(virGSListString) paths = NULL;
+
+ if (!qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
+ return 0;
+
+ paths = g_slist_prepend(paths, g_strdup(path));
+
+ if (qemuNamespaceMknodPaths(vm, paths, created) < 0)
+ return -1;
+
+ return 0;
+}
+
+
int
qemuDomainNamespaceSetupDisk(virDomainObj *vm,
virStorageSource *src,
diff --git a/src/qemu/qemu_namespace.h b/src/qemu/qemu_namespace.h
index fbea865c70..85d990f460 100644
--- a/src/qemu/qemu_namespace.h
+++ b/src/qemu/qemu_namespace.h
@@ -48,6 +48,10 @@ void qemuDomainDestroyNamespace(virQEMUDriver *driver,
bool qemuDomainNamespaceAvailable(qemuDomainNamespace ns);
+int qemuDomainNamespaceSetupPath(virDomainObj *vm,
+ const char *path,
+ bool *created);
+
int qemuDomainNamespaceSetupDisk(virDomainObj *vm,
virStorageSource *src,
bool *created);
--
2.39.0

45
SOURCES/libvirt-qemu_namespace-Tolerate-missing-ACLs-when-creating-a-path-in-namespace.patch
View File

@ -1,45 +0,0 @@
From 1f0a6e441617da6a95e2188408ad1ed2dd4665e4 Mon Sep 17 00:00:00 2001
Message-Id: <1f0a6e441617da6a95e2188408ad1ed2dd4665e4@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 6 Sep 2022 13:37:23 +0200
Subject: [PATCH] qemu_namespace: Tolerate missing ACLs when creating a path in
namespace
When creating a path in a domain's mount namespace we try to set
ACLs on it, so that it's a verbatim copy of the path in parent's
namespace. The ACLs are queried upfront (by
qemuNamespaceMknodItemInit()) but this is fault tolerant so the
pointer to ACLs might be NULL (meaning no ACLs were queried, for
instance because the underlying filesystem does not support
them). But then we take this NULL and pass it to virFileSetACLs()
which immediately returns an error because NULL is invalid value.
Mimic what we do with SELinux label - only set ACLs if they are
non-NULL which includes symlinks.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit 687374959e160dc566bd4b6d43c7bf1beb470c59)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2152083
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_namespace.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
index 98cd794666..71e3366ca5 100644
--- a/src/qemu/qemu_namespace.c
+++ b/src/qemu/qemu_namespace.c
@@ -1040,8 +1040,7 @@ qemuNamespaceMknodOne(qemuNamespaceMknodItem *data)
goto cleanup;
}
- /* Symlinks don't have ACLs. */
- if (!isLink &&
+ if (data->acl &&
virFileSetACLs(data->file, data->acl) < 0 &&
errno != ENOTSUP) {
virReportSystemError(errno,
--
2.39.0

35
SOURCES/libvirt-qemu_passt-Avoid-double-daemonizing-passt.patch Normal file
View File

@ -0,0 +1,35 @@
From 47a82ef5bef2e549b9d6f7d20ad369b272e2c060 Mon Sep 17 00:00:00 2001
Message-Id: <47a82ef5bef2e549b9d6f7d20ad369b272e2c060@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Thu, 16 Feb 2023 12:00:58 +0100
Subject: [PATCH] qemu_passt: Avoid double daemonizing passt
When passt is started, it daemonizes itself by default. There's
no point in having our virCommand module daemonize it too.
Resolves: https://bugzilla.redhat.com/2169244
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
(cherry picked from commit c0efdbdb9f66ab5a7334fd1dc75cdfdc28a7393d)
Signed-off-by: Laine Stump <laine@redhat.com>
---
src/qemu/qemu_passt.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/qemu/qemu_passt.c b/src/qemu/qemu_passt.c
index 78830fdc26..adc69fc052 100644
--- a/src/qemu/qemu_passt.c
+++ b/src/qemu/qemu_passt.c
@@ -156,7 +156,6 @@ qemuPasstStart(virDomainObj *vm,
virCommandClearCaps(cmd);
virCommandSetPidFile(cmd, pidfile);
virCommandSetErrorFD(cmd, &errfd);
- virCommandDaemonize(cmd);
virCommandAddArgList(cmd,
"--one-off",
--
2.39.2

84
SOURCES/libvirt-qemu_passt-Deduplicate-passt-killing-code.patch Normal file
View File

@ -0,0 +1,84 @@
From 42803b023873d2e416a58b4663c4679006f03253 Mon Sep 17 00:00:00 2001
Message-Id: <42803b023873d2e416a58b4663c4679006f03253@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Thu, 16 Feb 2023 12:07:42 +0100
Subject: [PATCH] qemu_passt: Deduplicate passt killing code
There are two places where we kill passt:
1) qemuPasstStop() - called transitively from qemuProcessStop(),
2) qemuPasstStart() - after failed start.
Now, the code from 2) lack error preservation (so if there's
another error during cleanup we might overwrite the original
error). Therefore, move the internals of qemuPasstStop() into a
separate function and call it from both places.
Resolves: https://bugzilla.redhat.com/2169244
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
(cherry picked from commit e5bfc661bc181a36fa70250470554b20002fb84d)
Signed-off-by: Laine Stump <laine@redhat.com>
---
src/qemu/qemu_passt.c | 23 +++++++++++++----------
1 file changed, 13 insertions(+), 10 deletions(-)
diff --git a/src/qemu/qemu_passt.c b/src/qemu/qemu_passt.c
index c082c149cd..2733f8e03f 100644
--- a/src/qemu/qemu_passt.c
+++ b/src/qemu/qemu_passt.c
@@ -102,11 +102,9 @@ qemuPasstAddNetProps(virDomainObj *vm,
}
-void
-qemuPasstStop(virDomainObj *vm,
- virDomainNetDef *net)
+static void
+qemuPasstKill(const char *pidfile)
{
- g_autofree char *pidfile = qemuPasstCreatePidFilename(vm, net);
virErrorPtr orig_err;
virErrorPreserveLast(&orig_err);
@@ -118,6 +116,16 @@ qemuPasstStop(virDomainObj *vm,
}
+void
+qemuPasstStop(virDomainObj *vm,
+ virDomainNetDef *net)
+{
+ g_autofree char *pidfile = qemuPasstCreatePidFilename(vm, net);
+
+ qemuPasstKill(pidfile);
+}
+
+
int
qemuPasstSetupCgroup(virDomainObj *vm,
virDomainNetDef *net,
@@ -147,7 +155,6 @@ qemuPasstStart(virDomainObj *vm,
g_autofree char *errbuf = NULL;
char macaddr[VIR_MAC_STRING_BUFLEN];
size_t i;
- pid_t pid = (pid_t) -1;
int exitstatus = 0;
int cmdret = 0;
@@ -273,10 +280,6 @@ qemuPasstStart(virDomainObj *vm,
return 0;
error:
- ignore_value(virPidFileReadPathIfLocked(pidfile, &pid));
- if (pid != -1)
- virProcessKillPainfully(pid, true);
- unlink(pidfile);
-
+ qemuPasstKill(pidfile);
return -1;
}
--
2.39.2

81
SOURCES/libvirt-qemu_passt-Let-passt-write-the-PID-file.patch Normal file
View File

@ -0,0 +1,81 @@
From 23c8e64cbbd9fe642f47808b19aba6cd5177fdd2 Mon Sep 17 00:00:00 2001
Message-Id: <23c8e64cbbd9fe642f47808b19aba6cd5177fdd2@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Thu, 16 Feb 2023 11:46:55 +0100
Subject: [PATCH] qemu_passt: Let passt write the PID file
The way we start passt currently is: we use
virCommandSetPidFile() to use our virCommand machinery to acquire
the PID file and leak opened FD into passt. Then, we use
virPidFile*() APIs to read the PID file (which is needed when
placing it into CGroups or killing it). But this does not fly
really because passt daemonizes itself. Thus the process we
started dies soon and thus the PID file is closed and unlocked.
We could work around this by passing '--foreground' argument, but
that weakens passt as it can't create new PID namespace (because
it doesn't fork()).
The solution is to let passt write the PID file, but since it
does not lock the file and closes it as soon as it is written, we
have to switch to those virPidFile APIs which don't expect PID
file to be locked.
Resolves: https://bugzilla.redhat.com/2169244
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
(cherry picked from commit 029a892abdb2fe508f3fb77af00a14464b98b824)
Signed-off-by: Laine Stump <laine@redhat.com>
---
src/qemu/qemu_passt.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/src/qemu/qemu_passt.c b/src/qemu/qemu_passt.c
index 2733f8e03f..1217a6a087 100644
--- a/src/qemu/qemu_passt.c
+++ b/src/qemu/qemu_passt.c
@@ -72,7 +72,7 @@ qemuPasstGetPid(virDomainObj *vm,
{
g_autofree char *pidfile = qemuPasstCreatePidFilename(vm, net);
- return virPidFileReadPathIfLocked(pidfile, pid);
+ return virPidFileReadPath(pidfile, pid);
}
@@ -106,11 +106,14 @@ static void
qemuPasstKill(const char *pidfile)
{
virErrorPtr orig_err;
+ pid_t pid = 0;
virErrorPreserveLast(&orig_err);
- if (virPidFileForceCleanupPath(pidfile) < 0)
- VIR_WARN("Unable to kill passt process");
+ ignore_value(virPidFileReadPath(pidfile, &pid));
+ if (pid != 0)
+ virProcessKillPainfully(pid, true);
+ unlink(pidfile);
virErrorRestore(&orig_err);
}
@@ -161,13 +164,13 @@ qemuPasstStart(virDomainObj *vm,
cmd = virCommandNew(PASST);
virCommandClearCaps(cmd);
- virCommandSetPidFile(cmd, pidfile);
virCommandSetErrorBuffer(cmd, &errbuf);
virCommandAddArgList(cmd,
"--one-off",
"--socket", passtSocketName,
"--mac-addr", virMacAddrFormat(&net->mac, macaddr),
+ "--pid", pidfile,
NULL);
if (net->mtu) {
--
2.39.2

67
SOURCES/libvirt-qemu_passt-Remove-passt-socket-file-on-exit.patch Normal file
View File

@ -0,0 +1,67 @@
From 0c6f42b53f9b8f9ee60fd35d787528d0604d0bbb Mon Sep 17 00:00:00 2001
Message-Id: <0c6f42b53f9b8f9ee60fd35d787528d0604d0bbb@dist-git>
From: Stefano Brivio <sbrivio@redhat.com>
Date: Tue, 21 Feb 2023 20:19:07 +0100
Subject: [PATCH] qemu_passt: Remove passt socket file on exit
Just like it can't remove its own PID files, passt can't unlink its
own socket upon exit (unless the initialisation fails), because it
has no access to the filesystem at runtime.
Remove the socket file in qemuPasstKill().
Resolves: https://bugzilla.redhat.com/2169244
Fixes: a56f0168d576 ("qemu: hook up passt config to qemu domains")
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
(cherry picked from commit b7a18787de7c193dc68640668cc176ef9d887bc1)
Signed-off-by: Laine Stump <laine@redhat.com>
---
src/qemu/qemu_passt.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_passt.c b/src/qemu/qemu_passt.c
index 1217a6a087..88b7df4453 100644
--- a/src/qemu/qemu_passt.c
+++ b/src/qemu/qemu_passt.c
@@ -103,7 +103,7 @@ qemuPasstAddNetProps(virDomainObj *vm,
static void
-qemuPasstKill(const char *pidfile)
+qemuPasstKill(const char *pidfile, const char *passtSocketName)
{
virErrorPtr orig_err;
pid_t pid = 0;
@@ -115,6 +115,8 @@ qemuPasstKill(const char *pidfile)
virProcessKillPainfully(pid, true);
unlink(pidfile);
+ unlink(passtSocketName);
+
virErrorRestore(&orig_err);
}
@@ -124,8 +126,9 @@ qemuPasstStop(virDomainObj *vm,
virDomainNetDef *net)
{
g_autofree char *pidfile = qemuPasstCreatePidFilename(vm, net);
+ g_autofree char *passtSocketName = qemuPasstCreateSocketPath(vm, net);
- qemuPasstKill(pidfile);
+ qemuPasstKill(pidfile, passtSocketName);
}
@@ -283,6 +286,6 @@ qemuPasstStart(virDomainObj *vm,
return 0;
error:
- qemuPasstKill(pidfile);
+ qemuPasstKill(pidfile, passtSocketName);
return -1;
}
--
2.39.2

40
SOURCES/libvirt-qemu_passt-Report-error-when-getting-passt-PID-failed.patch Normal file
View File

@ -0,0 +1,40 @@
From 8e1bca7aacacedb0aa34eef1723f1d2d13958c10 Mon Sep 17 00:00:00 2001
Message-Id: <8e1bca7aacacedb0aa34eef1723f1d2d13958c10@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Mon, 13 Feb 2023 16:05:04 +0100
Subject: [PATCH] qemu_passt: Report error when getting passt PID failed
If qemuPasstGetPid() fails, or the passt's PID is -1 then
qemuPasstSetupCgroup() returns early without any error message
set. Report an appropriate error.
Resolves: https://bugzilla.redhat.com/2169244
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
(cherry picked from commit 598a73335d70b4ef70b84f9730d708c116f88b15)
Signed-off-by: Laine Stump <laine@redhat.com>
---
src/qemu/qemu_passt.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_passt.c b/src/qemu/qemu_passt.c
index 0f09bf3db8..78830fdc26 100644
--- a/src/qemu/qemu_passt.c
+++ b/src/qemu/qemu_passt.c
@@ -125,8 +125,11 @@ qemuPasstSetupCgroup(virDomainObj *vm,
{
pid_t pid = (pid_t) -1;
- if (qemuPasstGetPid(vm, net, &pid) < 0 || pid <= 0)
+ if (qemuPasstGetPid(vm, net, &pid) < 0 || pid <= 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("Could not get process ID of passt"));
return -1;
+ }
return virCgroupAddProcess(cgroup, pid);
}
--
2.39.2

63
SOURCES/libvirt-qemu_passt-Report-passt-s-error-on-failed-start.patch Normal file
View File

@ -0,0 +1,63 @@
From 78a9316063050d84b39324470102330a89a1f76b Mon Sep 17 00:00:00 2001
Message-Id: <78a9316063050d84b39324470102330a89a1f76b@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Thu, 16 Feb 2023 12:19:26 +0100
Subject: [PATCH] qemu_passt: Report passt's error on failed start
When starting passt, it may write something onto its stderr
(convincing it to print even more is addressed later). Pass this
string we read to user.
Since we're not daemonizing passt anymore (see previous commit),
we can let virCommand module do all the heavy lifting and switch
to virCommandSetErrorBuffer() instead of reading error from an
FD.
Resolves: https://bugzilla.redhat.com/2169244
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
(cherry picked from commit 02355840ced2af18df1aa9ba387a6137a515eede)
Signed-off-by: Laine Stump <laine@redhat.com>
---
src/qemu/qemu_passt.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_passt.c b/src/qemu/qemu_passt.c
index adc69fc052..c082c149cd 100644
--- a/src/qemu/qemu_passt.c
+++ b/src/qemu/qemu_passt.c
@@ -144,18 +144,18 @@ qemuPasstStart(virDomainObj *vm,
g_autofree char *passtSocketName = qemuPasstCreateSocketPath(vm, net);
g_autoptr(virCommand) cmd = NULL;
g_autofree char *pidfile = qemuPasstCreatePidFilename(vm, net);
+ g_autofree char *errbuf = NULL;
char macaddr[VIR_MAC_STRING_BUFLEN];
size_t i;
pid_t pid = (pid_t) -1;
int exitstatus = 0;
int cmdret = 0;
- VIR_AUTOCLOSE errfd = -1;
cmd = virCommandNew(PASST);
virCommandClearCaps(cmd);
virCommandSetPidFile(cmd, pidfile);
- virCommandSetErrorFD(cmd, &errfd);
+ virCommandSetErrorBuffer(cmd, &errbuf);
virCommandAddArgList(cmd,
"--one-off",
@@ -266,7 +266,7 @@ qemuPasstStart(virDomainObj *vm,
if (cmdret < 0 || exitstatus != 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("Could not start 'passt'. exitstatus: %d"), exitstatus);
+ _("Could not start 'passt': %s"), NULLSTR(errbuf));
goto error;
}
--
2.39.2

40
SOURCES/libvirt-qemu_process-Destroy-domain-s-namespace-after-killing-QEMU.patch
View File

@ -1,40 +0,0 @@
From f030ed332be8742918127fa3cc27aebb47b56c19 Mon Sep 17 00:00:00 2001
Message-Id: <f030ed332be8742918127fa3cc27aebb47b56c19@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Wed, 3 Aug 2022 12:27:19 +0200
Subject: [PATCH] qemu_process: Destroy domain's namespace after killing QEMU
After QEMU is killed in qemuProcessStop() its mount namespace
doesn't exist anymore, because it was the only process running
there. Thus we should clear our internal flag that the domain has
namespace enabled so that seclabel restore code does not try to
enter it. We do the same in qemuProcessHandleMonitorEOF() but
when it is us, who decides to kill QEMU rather than QEMU quitting
we haven't seen EOF by the time qemuProcessStop() is called.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit 589536e75d2af745c8f27134b466b23e4fbe3e95)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2121141
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_process.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 1c28d4b102..4b52d664c7 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -8276,6 +8276,9 @@ void qemuProcessStop(virQEMUDriver *driver,
VIR_QEMU_PROCESS_KILL_FORCE|
VIR_QEMU_PROCESS_KILL_NOCHECK));
+ /* Its namespace is also gone then. */
+ qemuDomainDestroyNamespace(driver, vm);
+
qemuDomainCleanupRun(driver, vm);
qemuExtDevicesStop(driver, vm);
--
2.37.2

64
SOURCES/libvirt-qemu_process-Produce-better-debug-message-wrt-domain-namespaces.patch Normal file
View File

@ -0,0 +1,64 @@
From 99f69000a1ecacc2f064043993ece8ddba366976 Mon Sep 17 00:00:00 2001
Message-Id: <99f69000a1ecacc2f064043993ece8ddba366976@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 7 Feb 2023 10:34:40 +0100
Subject: [PATCH] qemu_process: Produce better debug message wrt domain
namespaces
When going through debug log of a domain startup process, one can
meet the following line:
debug : qemuProcessLaunch:7668 : Building mount namespace
But this is in fact wrong. Firstly, domain namespaces are just
enabled in domain's privateData. Secondly, the debug message says
nothing about actual state of namespace - whether it was enabled
or not.
Therefore, move the debug printing into
qemuProcessEnableDomainNamespaces() and tweak it so that the
actual value is reflected.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
(cherry picked from commit 697c16e39ae9a9e18ce7cad0729bf2293b12a307)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2167302
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_process.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 1217fb1856..32083de563 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -7377,11 +7377,17 @@ qemuProcessEnableDomainNamespaces(virQEMUDriver *driver,
virDomainObj *vm)
{
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
+ const char *state = "disabled";
if (virBitmapIsBitSet(cfg->namespaces, QEMU_DOMAIN_NS_MOUNT) &&
qemuDomainEnableNamespace(vm, QEMU_DOMAIN_NS_MOUNT) < 0)
return -1;
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
+ state = "enabled";
+
+ VIR_DEBUG("Mount namespace for domain name=%s is %s",
+ vm->def->name, state);
return 0;
}
@@ -7705,8 +7711,6 @@ qemuProcessLaunch(virConnectPtr conn,
qemuDomainLogContextMarkPosition(logCtxt);
- VIR_DEBUG("Building mount namespace");
-
if (qemuProcessEnableDomainNamespaces(driver, vm) < 0)
goto cleanup;
--
2.39.1

73
SOURCES/libvirt-qemu_process.c-Propagate-hugetlbfs-mounts-on-reconnect.patch
View File

@ -1,73 +0,0 @@
From 9842eb7301f985e4cc08001aff48c269492b2456 Mon Sep 17 00:00:00 2001
Message-Id: <9842eb7301f985e4cc08001aff48c269492b2456@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 6 Sep 2022 13:45:51 +0200
Subject: [PATCH] qemu_process.c: Propagate hugetlbfs mounts on reconnect
When reconnecting to a running QEMU process, we construct the
per-domain path in all hugetlbfs mounts. This is a relict from
the past (v3.4.0-100-g5b24d25062) where we switched to a
per-domain path and we want to create those paths when libvirtd
restarts on upgrade.
And with namespaces enabled there is one corner case where the
path is not created. In fact an error is reported and the
reconnect fails. Ideally, all mount events are propagated into
the QEMU's namespace. And they probably are, except when the
target path does not exist inside the namespace. Now, it's pretty
common for users to mount hugetlbfs under /dev (e.g.
/dev/hugepages), but if domain is started without hugepages (or
more specifically - private hugetlbfs path wasn't created on
domain startup), then the reconnect code tries to create it.
But it fails to do so, well, it fails to set seclabels on the
path because, because the path does not exist in the private
namespace. And it doesn't exist because we specifically create
only a subset of all possible /dev nodes. Therefore, the mount
event, whilst propagated, is not successful and hence the
filesystem is not mounted. We have to do it ourselves.
If hugetlbfs is mount anywhere else there's no problem and this
is effectively a dead code.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2123196
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit 0377177c7856bb87a9d8aa1324b54f5fbe9f1e5b)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2152083
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
docs/kbase/qemu-passthrough-security.rst | 6 ------
src/qemu/qemu_process.c | 3 +++
2 files changed, 3 insertions(+), 6 deletions(-)
diff --git a/docs/kbase/qemu-passthrough-security.rst b/docs/kbase/qemu-passthrough-security.rst
index 106c3cc5b9..ef10d8af9b 100644
--- a/docs/kbase/qemu-passthrough-security.rst
+++ b/docs/kbase/qemu-passthrough-security.rst
@@ -172,9 +172,3 @@ command before any guest is started:
::
# mount --make-rshared /
-
-Another requirement for dynamic mount point propagation is to not place
-``hugetlbfs`` mount points under ``/dev`` because these won't be propagated as
-corresponding directories do not exist in the private namespace. Or just use
-``memfd`` memory backend instead which does not require ``hugetlbfs`` mount
-points.
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 4b52d664c7..062a0b6dac 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -4039,6 +4039,9 @@ qemuProcessBuildDestroyMemoryPathsImpl(virQEMUDriver *driver,
return -1;
}
+ if (qemuDomainNamespaceSetupPath(vm, path, NULL) < 0)
+ return -1;
+
if (qemuSecurityDomainSetPathLabel(driver, vm, path, true) < 0)
return -1;
} else {
--
2.39.0

141
SOURCES/libvirt-qemu_snapshot-refactor-qemuSnapshotDeleteExternalPrepare.patch Normal file
View File

@ -0,0 +1,141 @@
From 7289999ecc435bcc65881c64b49efba9746a9571 Mon Sep 17 00:00:00 2001
Message-Id: <7289999ecc435bcc65881c64b49efba9746a9571@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Tue, 21 Feb 2023 16:52:28 +0100
Subject: [PATCH] qemu_snapshot: refactor qemuSnapshotDeleteExternalPrepare
When user creates external snapshot with making only memory snapshot
without any disks deleting that snapshot failed without reporting any
meaningful error.
The issue is that the qemuSnapshotDeleteExternalPrepare function
returns NULL because the returned list is empty. This will not change
so to make it clear if the function fails or not return int instead and
have another parameter where we can pass the list.
With the fixed memory snapshot deletion it will now correctly delete
memory only snapshot as well.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2170826
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
(cherry picked from commit e3957c22462bc52c37c94ca4d6fe3d26f8202119)
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
src/qemu/qemu_snapshot.c | 28 +++++++++++++++-------------
1 file changed, 15 insertions(+), 13 deletions(-)
diff --git a/src/qemu/qemu_snapshot.c b/src/qemu/qemu_snapshot.c
index 5cdcbc6290..cfa531edef 100644
--- a/src/qemu/qemu_snapshot.c
+++ b/src/qemu/qemu_snapshot.c
@@ -2301,9 +2301,10 @@ qemuSnapshotFindParentSnapForDisk(virDomainMomentObj *snap,
}
-static GSList*
+static int
qemuSnapshotDeleteExternalPrepare(virDomainObj *vm,
- virDomainMomentObj *snap)
+ virDomainMomentObj *snap,
+ GSList **externalData)
{
ssize_t i;
virDomainSnapshotDef *snapdef = virDomainSnapshotObjGetDef(snap);
@@ -2320,7 +2321,7 @@ qemuSnapshotDeleteExternalPrepare(virDomainObj *vm,
virReportError(VIR_ERR_OPERATION_INVALID,
_("snapshot disk '%s' was target of not completed snapshot delete"),
snapDisk->name);
- return NULL;
+ return -1;
}
data = g_new0(qemuSnapshotDeleteExternalData, 1);
@@ -2328,18 +2329,18 @@ qemuSnapshotDeleteExternalPrepare(virDomainObj *vm,
data->domDisk = qemuDomainDiskByName(vm->def, snapDisk->name);
if (!data->domDisk)
- return NULL;
+ return -1;
data->diskSrc = virStorageSourceChainLookupBySource(data->domDisk->src,
data->snapDisk->src,
&data->prevDiskSrc);
if (!data->diskSrc)
- return NULL;
+ return -1;
if (!virStorageSourceIsSameLocation(data->diskSrc, data->snapDisk->src)) {
virReportError(VIR_ERR_OPERATION_FAILED, "%s",
_("VM disk source and snapshot disk source are not the same"));
- return NULL;
+ return -1;
}
data->parentDomDisk = virDomainDiskByTarget(snapdef->parent.dom,
@@ -2348,7 +2349,7 @@ qemuSnapshotDeleteExternalPrepare(virDomainObj *vm,
virReportError(VIR_ERR_OPERATION_FAILED,
_("failed to find disk '%s' in snapshot VM XML"),
snapDisk->name);
- return NULL;
+ return -1;
}
if (virDomainObjIsActive(vm)) {
@@ -2356,13 +2357,13 @@ qemuSnapshotDeleteExternalPrepare(virDomainObj *vm,
if (!virStorageSourceIsBacking(data->parentDiskSrc)) {
virReportError(VIR_ERR_OPERATION_FAILED, "%s",
_("failed to find parent disk source in backing chain"));
- return NULL;
+ return -1;
}
if (!virStorageSourceIsSameLocation(data->parentDiskSrc, data->parentDomDisk->src)) {
virReportError(VIR_ERR_OPERATION_FAILED, "%s",
_("snapshot VM disk source and parent disk source are not the same"));
- return NULL;
+ return -1;
}
}
@@ -2371,15 +2372,16 @@ qemuSnapshotDeleteExternalPrepare(virDomainObj *vm,
if (data->parentSnap && !virDomainSnapshotIsExternal(data->parentSnap)) {
virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
_("deleting external snapshot that has internal snapshot as parent not supported"));
- return NULL;
+ return -1;
}
ret = g_slist_prepend(ret, g_steal_pointer(&data));
}
ret = g_slist_reverse(ret);
+ *externalData = g_steal_pointer(&ret);
- return g_steal_pointer(&ret);
+ return 0;
}
@@ -3159,7 +3161,7 @@ qemuSnapshotDelete(virDomainObj *vm,
g_autoslist(qemuSnapshotDeleteExternalData) tmpData = NULL;
/* this also serves as validation whether the snapshot can be deleted */
- if (!(tmpData = qemuSnapshotDeleteExternalPrepare(vm, snap)))
+ if (qemuSnapshotDeleteExternalPrepare(vm, snap, &tmpData) < 0)
goto endjob;
if (!virDomainObjIsActive(vm)) {
@@ -3174,7 +3176,7 @@ qemuSnapshotDelete(virDomainObj *vm,
/* Call the prepare again as some data require that the VM is
* running to get everything we need. */
- if (!(externalData = qemuSnapshotDeleteExternalPrepare(vm, snap)))
+ if (qemuSnapshotDeleteExternalPrepare(vm, snap, &externalData) < 0)
goto endjob;
} else {
qemuDomainJobPrivate *jobPriv = vm->job->privateData;
--
2.39.1

73
SOURCES/libvirt-qemu_snapshot-remove-memory-snapshot-when-deleting-external-snapshot.patch Normal file
View File

@ -0,0 +1,73 @@
From 3ef43d47b0a5a49b0896b1725476b4b6ec0629b0 Mon Sep 17 00:00:00 2001
Message-Id: <3ef43d47b0a5a49b0896b1725476b4b6ec0629b0@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Tue, 21 Feb 2023 16:10:56 +0100
Subject: [PATCH] qemu_snapshot: remove memory snapshot when deleting external
snapshot
When deleting external snapshot we should remove the memory snapshot
file as well.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
(cherry picked from commit 356e227208ec66fff178b91ed4b1197c7e6cf974)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2170826
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
src/qemu/qemu_snapshot.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_snapshot.c b/src/qemu/qemu_snapshot.c
index b8416808b3..5cdcbc6290 100644
--- a/src/qemu/qemu_snapshot.c
+++ b/src/qemu/qemu_snapshot.c
@@ -2684,9 +2684,11 @@ qemuSnapshotSetInvalid(virDomainObj *vm,
static int
qemuSnapshotDiscardExternal(virDomainObj *vm,
+ virDomainMomentObj *snap,
GSList *externalData)
{
GSList *cur = NULL;
+ virDomainSnapshotDef *snapdef = virDomainSnapshotObjGetDef(snap);
for (cur = externalData; cur; cur = g_slist_next(cur)) {
qemuSnapshotDeleteExternalData *data = cur->data;
@@ -2756,6 +2758,14 @@ qemuSnapshotDiscardExternal(virDomainObj *vm,
goto error;
}
+ if (snapdef->memory == VIR_DOMAIN_SNAPSHOT_LOCATION_EXTERNAL &&
+ snapdef->memorysnapshotfile) {
+ if (unlink(snapdef->memorysnapshotfile) < 0) {
+ VIR_WARN("failed to remove memory snapshot '%s'",
+ snapdef->memorysnapshotfile);
+ }
+ }
+
return 0;
error:
@@ -2886,7 +2896,7 @@ qemuSnapshotDiscardImpl(virQEMUDriver *driver,
}
if (virDomainSnapshotIsExternal(snap)) {
- if (qemuSnapshotDiscardExternal(vm, externalData) < 0)
+ if (qemuSnapshotDiscardExternal(vm, snap, externalData) < 0)
return -1;
} else {
if (qemuDomainSnapshotForEachQcow2(driver, def, snap, "-d", true) < 0)
@@ -2894,7 +2904,7 @@ qemuSnapshotDiscardImpl(virQEMUDriver *driver,
}
} else {
if (virDomainSnapshotIsExternal(snap)) {
- if (qemuSnapshotDiscardExternal(vm, externalData) < 0)
+ if (qemuSnapshotDiscardExternal(vm, snap, externalData) < 0)
return -1;
} else {
/* Similarly as internal snapshot creation we would use a regular job
--
2.39.1

55
SOURCES/libvirt-rpc-Don-t-warn-about-max_client_requests-in-single-threaded-daemons.patch Normal file
View File

@ -0,0 +1,55 @@
From 64dbfdfe3ed2fc8f252ce138f6213b529edb2407 Mon Sep 17 00:00:00 2001
Message-Id: <64dbfdfe3ed2fc8f252ce138f6213b529edb2407@dist-git>
From: Peter Krempa <pkrempa@redhat.com>
Date: Wed, 15 Feb 2023 10:48:31 +0100
Subject: [PATCH] rpc: Don't warn about "max_client_requests" in
single-threaded daemons
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The warning about max_client_requests is hit inside virtlogd every time
a VM starts which spams the logs.
Emit the warning only when the client request limit is not 1 and add a
warning into the daemon config to not configure it too low instead.
Fixes: 031878c2364
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2145188
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit b3f8e072fe08a6beaf3ec3d27e02efee4358b2ca)
---
src/remote/libvirtd.conf.in | 1 +
src/rpc/virnetserverclient.c | 3 ++-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/remote/libvirtd.conf.in b/src/remote/libvirtd.conf.in
index 80a98b1529..32a680317a 100644
--- a/src/remote/libvirtd.conf.in
+++ b/src/remote/libvirtd.conf.in
@@ -374,6 +374,7 @@
# connection. To avoid one client monopolizing the server
# this should be a small fraction of the global max_workers
# parameter.
+# Setting this too low may cause keepalive timeouts.
#max_client_requests = 5
# Same processing controls, but this time for the admin interface.
diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c
index b5c764b1b0..bdb3552c5d 100644
--- a/src/rpc/virnetserverclient.c
+++ b/src/rpc/virnetserverclient.c
@@ -1261,7 +1261,8 @@ static virNetMessage *virNetServerClientDispatchRead(virNetServerClient *client)
client->rx->bufferLength = VIR_NET_MESSAGE_LEN_MAX;
client->rx->buffer = g_new0(char, client->rx->bufferLength);
client->nrequests++;
- } else if (!client->nrequests_warning) {
+ } else if (!client->nrequests_warning &&
+ client->nrequests_max > 1) {
client->nrequests_warning = true;
VIR_WARN("Client hit max requests limit %zd. This may result "
"in keep-alive timeouts. Consider tuning the "
--
2.39.1

43
SOURCES/libvirt-rpc-Fix-error-message-in-virNetServerSetClientLimits.patch Normal file
View File

@ -0,0 +1,43 @@
From f26e30ecb3d0e25d5cf648755e2b4e1db0476b52 Mon Sep 17 00:00:00 2001
Message-Id: <f26e30ecb3d0e25d5cf648755e2b4e1db0476b52@dist-git>
From: Martin Kletzander <mkletzan@redhat.com>
Date: Tue, 24 Jan 2023 13:45:09 +0100
Subject: [PATCH] rpc: Fix error message in virNetServerSetClientLimits
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Commit f007940cb25a tried to change the error message so that it is unified
later in 35afa1d2d6c1, but various rewrites missed this particular error message
which does not make sense. Fix it so that it is the same as the other two
messages checking the same thing in this file.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2033879
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 1e2605c934b80c3e9c30e929834d38fee86f184e)
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
---
src/rpc/virnetserver.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c
index bf0fda04ee..e97dfe8136 100644
--- a/src/rpc/virnetserver.c
+++ b/src/rpc/virnetserver.c
@@ -1127,9 +1127,8 @@ virNetServerSetClientLimits(virNetServer *srv,
if (max < max_unauth) {
virReportError(VIR_ERR_INVALID_ARG, "%s",
- _("The overall maximum number of clients waiting "
- "for authentication must not be less than the overall "
- "maximum number of clients"));
+ _("The overall maximum number of clients must not be less "
+ "than the number of clients waiting for authentication"));
return -1;
}
--
2.39.1

82
SOURCES/libvirt-rpc-Pass-OPENSSL_CONF-through-to-ssh-invocations.patch
View File

@ -1,82 +0,0 @@
From c6ea67c481a2f447951449bd9b2746cfaaf385fd Mon Sep 17 00:00:00 2001
Message-Id: <c6ea67c481a2f447951449bd9b2746cfaaf385fd@dist-git>
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Mon, 25 Jul 2022 14:09:39 +0100
Subject: [PATCH] rpc: Pass OPENSSL_CONF through to ssh invocations
It's no longer possible for libvirt to connect over the ssh transport
from RHEL 9 to RHEL 5. This is because SHA1 signatures have been
effectively banned in RHEL 9 at the openssl level. They are required
to check the RHEL 5 host key. Note this is a separate issue from
openssh requiring additional configuration in order to connect to
older servers.
Connecting from a RHEL 9 client to RHEL 5 server:
$ cat ~/.ssh/config
Host 192.168.0.91
KexAlgorithms +diffie-hellman-group14-sha1
MACs +hmac-sha1
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
$ virsh -c 'qemu+ssh://root@192.168.0.91/system' list
error: failed to connect to the hypervisor
error: Cannot recv data: ssh_dispatch_run_fatal: Connection to 192.168.0.91 port 22: error in libcrypto: Connection reset by peer
"error in libcrypto: Connection reset by peer" is the characteristic
error of openssl having been modified to disable SHA1 by default.
(You will not see this on non-RHEL-derived distros.)
You could enable the legacy crypto policy which downgrades security on
the entire host, but a more fine-grained way to do this is to create
an alternate openssl configuration file that enables the "forbidden"
signatures. However this requires passing the OPENSSL_CONF
environment variable through to ssh to specify the alternate
configuration. Libvirt filters out this environment variable, but
this commit allows it through. With this commit:
$ cat /var/tmp/openssl.cnf
.include /etc/ssl/openssl.cnf
[openssl_init]
alg_section = evp_properties
[evp_properties]
rh-allow-sha1-signatures = yes
$ OPENSSL_CONF=/var/tmp/openssl.cnf ./run virsh -c 'qemu+ssh://root@192.168.0.91/system' list
root@192.168.0.91's password:
Id Name State
--------------------
Essentially my argument here is that OPENSSL_CONF is sufficiently
similar in nature to KRB5CCNAME, SSH* and XAUTHORITY that we should
permit it to be passed through.
virt-v2v bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2062360
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 45912ac399abd9d4eba21fa3f15cb7587351f959)
Libvirt BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2112348
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/rpc/virnetsocket.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
index 32f506d2d4..8280bda007 100644
--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
@@ -855,6 +855,7 @@ int virNetSocketNewConnectSSH(const char *nodename,
virCommandAddEnvPass(cmd, "KRB5CCNAME");
virCommandAddEnvPass(cmd, "SSH_AUTH_SOCK");
virCommandAddEnvPass(cmd, "SSH_ASKPASS");
+ virCommandAddEnvPass(cmd, "OPENSSL_CONF");
virCommandAddEnvPass(cmd, "DISPLAY");
virCommandAddEnvPass(cmd, "XAUTHORITY");
virCommandClearCaps(cmd);
--
2.35.1

45
SOURCES/libvirt-rpc-client-Don-t-check-return-value-of-virNetMessageNew.patch Normal file
View File

@ -0,0 +1,45 @@
From c07df2b480134357e6ecb53f61eb1d8295b2b406 Mon Sep 17 00:00:00 2001
Message-Id: <c07df2b480134357e6ecb53f61eb1d8295b2b406@dist-git>
From: Peter Krempa <pkrempa@redhat.com>
Date: Wed, 15 Feb 2023 10:43:53 +0100
Subject: [PATCH] rpc: client: Don't check return value of virNetMessageNew
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
virNetServerClientDispatchRead checked the return value but it's not
necessary any more as it can't return NULL nowadays.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 761cb8a0876d32445951791030c77afa147c0de1)
https://bugzilla.redhat.com/show_bug.cgi?id=2145188
---
src/rpc/virnetserverclient.c | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c
index c9a4eb521e..b5c764b1b0 100644
--- a/src/rpc/virnetserverclient.c
+++ b/src/rpc/virnetserverclient.c
@@ -1257,13 +1257,10 @@ static virNetMessage *virNetServerClientDispatchRead(virNetServerClient *client)
/* Possibly need to create another receive buffer */
if (client->nrequests < client->nrequests_max) {
- if (!(client->rx = virNetMessageNew(true))) {
- client->wantClose = true;
- } else {
- client->rx->bufferLength = VIR_NET_MESSAGE_LEN_MAX;
- client->rx->buffer = g_new0(char, client->rx->bufferLength);
- client->nrequests++;
- }
+ client->rx = virNetMessageNew(true);
+ client->rx->bufferLength = VIR_NET_MESSAGE_LEN_MAX;
+ client->rx->buffer = g_new0(char, client->rx->bufferLength);
+ client->nrequests++;
} else if (!client->nrequests_warning) {
client->nrequests_warning = true;
VIR_WARN("Client hit max requests limit %zd. This may result "
--
2.39.1

39
SOURCES/libvirt-security-make-args-to-virSecuritySELinuxContextAddRange-const.patch Normal file
View File

@ -0,0 +1,39 @@
From d1aa4fb37896b2abb92b4d0e0409459820e726a4 Mon Sep 17 00:00:00 2001
Message-Id: <d1aa4fb37896b2abb92b4d0e0409459820e726a4@dist-git>
From: Laine Stump <laine@redhat.com>
Date: Wed, 8 Mar 2023 12:50:38 -0500
Subject: [PATCH] security: make args to virSecuritySELinuxContextAddRange()
const
Neither of these are modified anywhere in the function, and the
function will soon be called with an arg that actually is a const.
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 60afe39576abc9b26f5f8c1dfed39bbc783fb78c)
https://bugzilla.redhat.com/2172267
Signed-off-by: Laine Stump <laine@redhat.com>
---
src/security/security_selinux.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 4d4a1705e6..a0b3a5e147 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -523,8 +523,8 @@ virSecuritySELinuxMCSGetProcessRange(char **sens,
}
static char *
-virSecuritySELinuxContextAddRange(char *src,
- char *dst)
+virSecuritySELinuxContextAddRange(const char *src,
+ const char *dst)
{
const char *str = NULL;
char *ret = NULL;
--
2.40.0

412
SOURCES/libvirt-security-make-it-possible-to-set-SELinux-label-of-child-process-from-its-binary.patch Normal file
View File

@ -0,0 +1,412 @@
From 75c9ad56f08bfa0d86737f8872ea7cf7a5426bad Mon Sep 17 00:00:00 2001
Message-Id: <75c9ad56f08bfa0d86737f8872ea7cf7a5426bad@dist-git>
From: Laine Stump <laine@redhat.com>
Date: Wed, 1 Mar 2023 15:34:32 -0500
Subject: [PATCH] security: make it possible to set SELinux label of child
process from its binary
Normally when a child process is started by libvirt, the SELinux label
of that process is set to virtd_t (plus an MCS range). In at least one
case (passt) we need for the SELinux label of a child process label to
match the label that the binary would have transitioned to
automatically if it had been run standalone (in the case of passt,
that label is passt_t).
This patch modifies virSecuritySELinuxSetChildProcessLabel() (and all
the functions above it in the call chain) so that the toplevel
function can set a new argument "useBinarySpecificLabel" to true. If
it is true, then virSecuritySELinuxSetChildProcessLabel() will call
the new function virSecuritySELinuxContextSetFromFile(), which uses
the selinux library function security_compute_create() to determine
what would be the label of the new process if it had been run
standalone (rather than being run by libvirt) - the MCS range from the
normally-used label is added to this newly derived label, and that is
what is used for the new process rather than whatever is in the
domain's security label (which will usually be virtd_t).
In order to easily verify that nothing was broken by these changes to
the call chain, all callers currently set useBinarySpecificPath =
false, so all behavior should be completely unchanged. (The next
patch will set it to true only for the case of running passt.)
https://bugzilla.redhat.com/2172267
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 75056f61f12d6efec51f699f2b901f8d02cd075c)
Conflicts:
src/qemu/qemu_dbus.c
src/qemu/qemu_passt.c
src/qemu/qemu_security.c
src/qemu/qemu_security.h
src/qemu/qemu_slirp.c
src/qemu/qemu_tpm.c
src/qemu/qemu_vhost_user_gpu.c
The argument list for qemuSecurityCommandRun changed upstream to
remove one of the arguments, but that changeset has not been
backported to the rhel-9.2.0 branch. (see the 4 commits starting at
upstream commit 0634d640)
https://bugzilla.redhat.com/2172267
Signed-off-by: Laine Stump <laine@redhat.com>
---
src/qemu/qemu_dbus.c | 5 ++-
src/qemu/qemu_passt.c | 4 +-
src/qemu/qemu_process.c | 2 +-
src/qemu/qemu_security.c | 5 ++-
src/qemu/qemu_security.h | 1 +
src/qemu/qemu_slirp.c | 4 +-
src/qemu/qemu_tpm.c | 3 +-
src/qemu/qemu_vhost_user_gpu.c | 4 +-
src/security/security_apparmor.c | 1 +
src/security/security_dac.c | 1 +
src/security/security_driver.h | 1 +
src/security/security_manager.c | 8 +++-
src/security/security_manager.h | 1 +
src/security/security_nop.c | 1 +
src/security/security_selinux.c | 73 +++++++++++++++++++++++++++++++-
src/security/security_stack.c | 5 ++-
16 files changed, 107 insertions(+), 12 deletions(-)
diff --git a/src/qemu/qemu_dbus.c b/src/qemu/qemu_dbus.c
index cb2694795e..f13c792956 100644
--- a/src/qemu/qemu_dbus.c
+++ b/src/qemu/qemu_dbus.c
@@ -219,9 +219,10 @@ qemuDBusStart(virQEMUDriver *driver,
virCommandDaemonize(cmd);
virCommandAddArgFormat(cmd, "--config-file=%s", configfile);
- if (qemuSecurityCommandRun(driver, vm, cmd, -1, -1,
- &exitstatus, &cmdret) < 0)
+ if (qemuSecurityCommandRun(driver, vm, cmd, -1, -1, false,
+ &exitstatus, &cmdret) < 0) {
goto cleanup;
+ }
if (cmdret < 0 || exitstatus != 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
diff --git a/src/qemu/qemu_passt.c b/src/qemu/qemu_passt.c
index 8d28a55455..ed7b518212 100644
--- a/src/qemu/qemu_passt.c
+++ b/src/qemu/qemu_passt.c
@@ -285,8 +285,10 @@ qemuPasstStart(virDomainObj *vm,
if (qemuExtDeviceLogCommand(driver, vm, cmd, "passt") < 0)
return -1;
- if (qemuSecurityCommandRun(driver, vm, cmd, -1, -1, &exitstatus, &cmdret) < 0)
+ if (qemuSecurityCommandRun(driver, vm, cmd, -1, -1, false,
+ &exitstatus, &cmdret) < 0) {
goto error;
+ }
if (cmdret < 0 || exitstatus != 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 298904fe2e..e5c438aa26 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -7764,7 +7764,7 @@ qemuProcessLaunch(virConnectPtr conn,
VIR_DEBUG("Setting up security labelling");
if (qemuSecuritySetChildProcessLabel(driver->securityManager,
- vm->def, cmd) < 0)
+ vm->def, false, cmd) < 0)
goto cleanup;
virCommandSetOutputFD(cmd, &logfile);
diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
index beada669f7..a5c05b86a9 100644
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -637,6 +637,7 @@ qemuSecurityCommandRun(virQEMUDriver *driver,
virCommand *cmd,
uid_t uid,
gid_t gid,
+ bool useBinarySpecificLabel,
int *exitstatus,
int *cmdret)
{
@@ -644,8 +645,10 @@ qemuSecurityCommandRun(virQEMUDriver *driver,
qemuDomainObjPrivate *priv = vm->privateData;
if (virSecurityManagerSetChildProcessLabel(driver->securityManager,
- vm->def, cmd) < 0)
+ vm->def, useBinarySpecificLabel,
+ cmd) < 0) {
return -1;
+ }
if (uid != (uid_t) -1)
virCommandSetUID(cmd, uid);
diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h
index 8d1c6b38c3..a7ba16e076 100644
--- a/src/qemu/qemu_security.h
+++ b/src/qemu/qemu_security.h
@@ -115,6 +115,7 @@ int qemuSecurityCommandRun(virQEMUDriver *driver,
virCommand *cmd,
uid_t uid,
gid_t gid,
+ bool useBinarySpecificLabel,
int *exitstatus,
int *cmdret);
diff --git a/src/qemu/qemu_slirp.c b/src/qemu/qemu_slirp.c
index 3f83db03bf..e22d86b521 100644
--- a/src/qemu/qemu_slirp.c
+++ b/src/qemu/qemu_slirp.c
@@ -329,8 +329,10 @@ qemuSlirpStart(virDomainObj *vm,
if (qemuExtDeviceLogCommand(driver, vm, cmd, "slirp") < 0)
goto error;
- if (qemuSecurityCommandRun(driver, vm, cmd, -1, -1, &exitstatus, &cmdret) < 0)
+ if (qemuSecurityCommandRun(driver, vm, cmd, -1, -1, false,
+ &exitstatus, &cmdret) < 0) {
goto error;
+ }
if (cmdret < 0 || exitstatus != 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index 5831ffc32e..d4a87921d3 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -963,8 +963,9 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
return -1;
if (qemuSecurityCommandRun(driver, vm, cmd, cfg->swtpm_user,
- cfg->swtpm_group, NULL, &cmdret) < 0)
+ cfg->swtpm_group, false, NULL, &cmdret) < 0) {
goto error;
+ }
if (cmdret < 0) {
/* virCommandRun() hidden in qemuSecurityCommandRun()
diff --git a/src/qemu/qemu_vhost_user_gpu.c b/src/qemu/qemu_vhost_user_gpu.c
index bc5a1dc3ec..7909fffe64 100644
--- a/src/qemu/qemu_vhost_user_gpu.c
+++ b/src/qemu/qemu_vhost_user_gpu.c
@@ -153,8 +153,10 @@ int qemuExtVhostUserGPUStart(virQEMUDriver *driver,
virCommandAddArgFormat(cmd, "--render-node=%s", video->accel->rendernode);
}
- if (qemuSecurityCommandRun(driver, vm, cmd, -1, -1, &exitstatus, &cmdret) < 0)
+ if (qemuSecurityCommandRun(driver, vm, cmd, -1, -1, false,
+ &exitstatus, &cmdret) < 0) {
goto error;
+ }
if (cmdret < 0 || exitstatus != 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index b63b248975..b5642c9a28 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -570,6 +570,7 @@ AppArmorSetSecurityProcessLabel(virSecurityManager *mgr G_GNUC_UNUSED,
static int
AppArmorSetSecurityChildProcessLabel(virSecurityManager *mgr G_GNUC_UNUSED,
virDomainDef *def,
+ bool useBinarySpecificLabel G_GNUC_UNUSED,
virCommand *cmd)
{
g_autofree char *profile_name = NULL;
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 9be8f458d1..ca3f4d2dc5 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -2273,6 +2273,7 @@ virSecurityDACSetProcessLabel(virSecurityManager *mgr,
static int
virSecurityDACSetChildProcessLabel(virSecurityManager *mgr,
virDomainDef *def,
+ bool useBinarySpecificLabel G_GNUC_UNUSED,
virCommand *cmd)
{
virSecurityDACData *priv = virSecurityManagerGetPrivateData(mgr);
diff --git a/src/security/security_driver.h b/src/security/security_driver.h
index fe6982ceca..aa1fb2125d 100644
--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
@@ -96,6 +96,7 @@ typedef int (*virSecurityDomainSetProcessLabel) (virSecurityManager *mgr,
virDomainDef *def);
typedef int (*virSecurityDomainSetChildProcessLabel) (virSecurityManager *mgr,
virDomainDef *def,
+ bool useBinarySpecificLabel,
virCommand *cmd);
typedef int (*virSecurityDomainSecurityVerify) (virSecurityManager *mgr,
virDomainDef *def);
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index 2f8e89cb04..b0578d7209 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -885,10 +885,14 @@ virSecurityManagerSetProcessLabel(virSecurityManager *mgr,
int
virSecurityManagerSetChildProcessLabel(virSecurityManager *mgr,
virDomainDef *vm,
+ bool useBinarySpecificLabel,
virCommand *cmd)
{
- if (mgr->drv->domainSetSecurityChildProcessLabel)
- return mgr->drv->domainSetSecurityChildProcessLabel(mgr, vm, cmd);
+ if (mgr->drv->domainSetSecurityChildProcessLabel) {
+ return mgr->drv->domainSetSecurityChildProcessLabel(mgr, vm,
+ useBinarySpecificLabel,
+ cmd);
+ }
virReportUnsupportedError();
return -1;
diff --git a/src/security/security_manager.h b/src/security/security_manager.h
index 4afdcc167b..97add3294d 100644
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -145,6 +145,7 @@ int virSecurityManagerSetProcessLabel(virSecurityManager *mgr,
virDomainDef *def);
int virSecurityManagerSetChildProcessLabel(virSecurityManager *mgr,
virDomainDef *def,
+ bool useBinarySpecificLabel,
virCommand *cmd);
int virSecurityManagerVerify(virSecurityManager *mgr,
virDomainDef *def);
diff --git a/src/security/security_nop.c b/src/security/security_nop.c
index 0dbc547feb..1413f43d57 100644
--- a/src/security/security_nop.c
+++ b/src/security/security_nop.c
@@ -152,6 +152,7 @@ virSecurityDomainSetProcessLabelNop(virSecurityManager *mgr G_GNUC_UNUSED,
static int
virSecurityDomainSetChildProcessLabelNop(virSecurityManager *mgr G_GNUC_UNUSED,
virDomainDef *vm G_GNUC_UNUSED,
+ bool useBinarySpecificLabel G_GNUC_UNUSED,
virCommand *cmd G_GNUC_UNUSED)
{
return 0;
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index a0b3a5e147..7ea4ff5c1a 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -560,6 +560,52 @@ virSecuritySELinuxContextAddRange(const char *src,
return ret;
}
+
+static char *
+virSecuritySELinuxContextSetFromFile(const char *origLabel,
+ const char *binaryPath)
+{
+ g_autofree char *currentCon = NULL;
+ g_autofree char *binaryCon = NULL;
+ g_autofree char *naturalLabel = NULL;
+ g_autofree char *updatedLabel = NULL;
+
+ /* First learn what would be the context set
+ * if binaryPath was exec'ed from this process.
+ */
+ if (getcon(&currentCon) < 0) {
+ virReportSystemError(errno, "%s",
+ _("unable to get SELinux context for current process"));
+ return NULL;
+ }
+
+ if (getfilecon(binaryPath, &binaryCon) < 0) {
+ virReportSystemError(errno, _("unable to get SELinux context for '%s'"),
+ binaryPath);
+ return NULL;
+ }
+
+ if (security_compute_create(currentCon, binaryCon,
+ string_to_security_class("process"),
+ &naturalLabel) < 0) {
+ virReportSystemError(errno,
+ _("unable create new SELinux label based on label '%s' and file '%s'"),
+ origLabel, binaryPath);
+ return NULL;
+ }
+
+ /* now get the type from the original label
+ * (which already has proper MCS set) and add it to
+ * the new label
+ */
+ updatedLabel = virSecuritySELinuxContextAddRange(origLabel, naturalLabel);
+
+ VIR_DEBUG("original label: '%s' binary: '%s' binary-specific label: '%s'",
+ origLabel, binaryPath, NULLSTR(updatedLabel));
+ return g_steal_pointer(&updatedLabel);
+}
+
+
static char *
virSecuritySELinuxGenNewContext(const char *basecontext,
const char *mcs,
@@ -2984,10 +3030,13 @@ virSecuritySELinuxSetProcessLabel(virSecurityManager *mgr G_GNUC_UNUSED,
static int
virSecuritySELinuxSetChildProcessLabel(virSecurityManager *mgr G_GNUC_UNUSED,
virDomainDef *def,
+ bool useBinarySpecificLabel G_GNUC_UNUSED,
virCommand *cmd)
{
/* TODO: verify DOI */
virSecurityLabelDef *secdef;
+ g_autofree char *tmpLabel = NULL;
+ const char *label = NULL;
secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
if (!secdef || !secdef->label)
@@ -3004,8 +3053,30 @@ virSecuritySELinuxSetChildProcessLabel(virSecurityManager *mgr G_GNUC_UNUSED,
return -1;
}
+ /* pick either the common label used by most binaries exec'ed by
+ * libvirt, or the specific label of this binary.
+ */
+ if (useBinarySpecificLabel) {
+ const char *binaryPath = virCommandGetBinaryPath(cmd);
+
+ if (!binaryPath)
+ return -1; /* error was already logged */
+
+ tmpLabel = virSecuritySELinuxContextSetFromFile(secdef->label,
+ binaryPath);
+ if (!tmpLabel)
+ return -1;
+
+ label = tmpLabel;
+
+ } else {
+
+ label = secdef->label;
+
+ }
+
/* save in cmd to be set after fork/before child process is exec'ed */
- virCommandSetSELinuxLabel(cmd, secdef->label);
+ virCommandSetSELinuxLabel(cmd, label);
return 0;
}
diff --git a/src/security/security_stack.c b/src/security/security_stack.c
index 560f797030..369b5dd3a6 100644
--- a/src/security/security_stack.c
+++ b/src/security/security_stack.c
@@ -458,6 +458,7 @@ virSecurityStackSetProcessLabel(virSecurityManager *mgr,
static int
virSecurityStackSetChildProcessLabel(virSecurityManager *mgr,
virDomainDef *vm,
+ bool useBinarySpecificLabel,
virCommand *cmd)
{
virSecurityStackData *priv = virSecurityManagerGetPrivateData(mgr);
@@ -465,8 +466,10 @@ virSecurityStackSetChildProcessLabel(virSecurityManager *mgr,
int rc = 0;
for (; item; item = item->next) {
- if (virSecurityManagerSetChildProcessLabel(item->securityManager, vm, cmd) < 0)
+ if (virSecurityManagerSetChildProcessLabel(item->securityManager, vm,
+ useBinarySpecificLabel, cmd) < 0) {
rc = -1;
+ }
}
return rc;
--
2.40.0

66
SOURCES/libvirt-security_selinux-Don-t-ignore-NVMe-disks-when-setting-image-label.patch
View File

@ -1,66 +0,0 @@
From 6b11a6113bb62c9280de3122f223a7a7a1be04ba Mon Sep 17 00:00:00 2001
Message-Id: <6b11a6113bb62c9280de3122f223a7a7a1be04ba@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Wed, 21 Sep 2022 15:56:13 +0200
Subject: [PATCH] security_selinux: Don't ignore NVMe disks when setting image
label
For NVMe disks we skip setting SELinux label on corresponding
VFIO group (/dev/vfio/X). This bug is only visible with
namespaces and goes as follows:
1) libvirt assigns NVMe disk to vfio-pci driver,
2) kernel creates /dev/vfio/X node with generic device_t SELinux
label,
3) our namespace code creates the exact copy of the node in
domain's private /dev,
4) SELinux policy kicks in an changes the label on the node to
vfio_device_t (in the top most namespace),
5) libvirt tells QEMU to attach the NVMe disk, which is denied by
SELinux policy.
While one can argue that kernel should have created the
/dev/vfio/X node with the correct SELinux label from the
beginning (step 2), libvirt can't rely on that and needs to set
label on its own.
Surprisingly, I already wrote the code that aims on this specific
case (v6.0.0-rc1~241), but because of a shortcut we take earlier
it is never ran. The reason is that
virStorageSourceIsLocalStorage() considers NVMe disks as
non-local because their source is not accessible via src->path
(or even if it is, it's not a local path).
Therefore, do not exit early for NVMe disks and let the function
continue.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2121441
Fixes: 284a12bae0e4cf93ea72797965d6c12e3a103f40
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
(cherry picked from commit 68e93e3180ad4e51bf9f86850dc86d8f528d6564)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/security/security_selinux.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index e2f34a27dc..6cd3e845fd 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1818,7 +1818,11 @@ virSecuritySELinuxSetImageLabelInternal(virSecurityManager *mgr,
const char *path = src->path;
int ret;
- if (!src->path || !virStorageSourceIsLocalStorage(src))
+ /* Special case NVMe. Per virStorageSourceIsLocalStorage() it's
+ * considered not local, but we still want the code below to set
+ * label on VFIO group. */
+ if (src->type != VIR_STORAGE_TYPE_NVME &&
+ (!src->path || !virStorageSourceIsLocalStorage(src)))
return 0;
secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
--
2.37.3

61
SOURCES/libvirt-src-Don-t-use-virReportSystemError-on-virProcessGetStatInfo-failure.patch Normal file
View File

@ -0,0 +1,61 @@
From a967747fcdf7d78425d218625ddb42606451c2ab Mon Sep 17 00:00:00 2001
Message-Id: <a967747fcdf7d78425d218625ddb42606451c2ab@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Wed, 18 Jan 2023 09:03:29 +0100
Subject: [PATCH] src: Don't use virReportSystemError() on
virProcessGetStatInfo() failure
Firstly, the virProcessGetStatInfo() does not fail really. But
even if it did, it sets correct errno only sometimes (and even
that is done in a helper it's calling - virProcessGetStat() and
even there it's the case only in very few error paths).
Therefore, using virReportSystemError() to report errors is very
misleading. Use plain virReportError() instead. Luckily, there
are only two places where the former was used:
chDomainHelperGetVcpus() and qemuDomainHelperGetVcpus() (not a
big surprise since CH driver is heavily inspired by QEMU driver).
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit 818c9717c53446ca7abbaa7b3fd7925e1c5ab663)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2148266
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/ch/ch_driver.c | 4 ++--
src/qemu/qemu_driver.c | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/ch/ch_driver.c b/src/ch/ch_driver.c
index db2a66d131..12fbe31c24 100644
--- a/src/ch/ch_driver.c
+++ b/src/ch/ch_driver.c
@@ -1079,8 +1079,8 @@ chDomainHelperGetVcpus(virDomainObj *vm,
NULL, NULL,
&vcpuinfo->cpu, NULL,
vm->pid, vcpupid) < 0) {
- virReportSystemError(errno, "%s",
- _("cannot get vCPU placement & pCPU time"));
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("cannot get vCPU placement & pCPU time"));
return -1;
}
}
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index d6879175fe..c576c601ad 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -1355,8 +1355,8 @@ qemuDomainHelperGetVcpus(virDomainObj *vm,
NULL, NULL,
&vcpuinfo->cpu, NULL,
vm->pid, vcpupid) < 0) {
- virReportSystemError(errno, "%s",
- _("cannot get vCPU placement & pCPU time"));
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("cannot get vCPU placement & pCPU time"));
return -1;
}
}
--
2.39.1

11235
SOURCES/libvirt-tests-qemucapabilitiesdata-Update-for-the-qemu-8.0-development-cycle.patch Normal file
View File

File diff suppressed because it is too large Load Diff

65
SOURCES/libvirt-tools-Fix-install_mode-for-some-scripts.patch
View File

@ -1,65 +0,0 @@
From d9b1f47fc3139bccd08838064f4b233b7cff5f29 Mon Sep 17 00:00:00 2001
Message-Id: <d9b1f47fc3139bccd08838064f4b233b7cff5f29@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Thu, 8 Dec 2022 08:39:24 +0100
Subject: [PATCH] tools: Fix install_mode for some scripts
Scripts from the following list were installed with group write
bit set: virt-xml-validate, virt-pki-validate,
virt-sanlock-cleanup, libvirt-guests.sh. This is very unusual and
in contrast with the way other scripts/binaries are installed.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2151202
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit e771e32f15ff2b263ca70306d93080541a96792b)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2158208
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
tools/meson.build | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/tools/meson.build b/tools/meson.build
index bb28a904dc..8a3dd63271 100644
--- a/tools/meson.build
+++ b/tools/meson.build
@@ -249,7 +249,7 @@ configure_file(
configuration: tools_conf,
install: true,
install_dir: bindir,
- install_mode: 'rwxrwxr-x',
+ install_mode: 'rwxr-xr-x',
)
configure_file(
@@ -258,7 +258,7 @@ configure_file(
configuration: tools_conf,
install: true,
install_dir: bindir,
- install_mode: 'rwxrwxr-x',
+ install_mode: 'rwxr-xr-x',
)
executable(
@@ -295,7 +295,7 @@ if conf.has('WITH_SANLOCK')
configuration: tools_conf,
install: true,
install_dir: sbindir,
- install_mode: 'rwxrwxr-x',
+ install_mode: 'rwxr-xr-x',
)
endif
@@ -306,7 +306,7 @@ if conf.has('WITH_LIBVIRTD')
configuration: tools_conf,
install: true,
install_dir: libexecdir,
- install_mode: 'rwxrwxr-x',
+ install_mode: 'rwxr-xr-x',
)
if init_script == 'systemd'
--
2.39.1

165
SOURCES/libvirt-util-Extend-virProcessGetStatInfo-for-sysTime-and-userTime.patch
View File

@ -1,165 +0,0 @@
From b7a08f453fc448415ce320532907e61fa34f95b7 Mon Sep 17 00:00:00 2001
Message-Id: <b7a08f453fc448415ce320532907e61fa34f95b7@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 9 Aug 2022 16:15:55 +0200
Subject: [PATCH] util: Extend virProcessGetStatInfo() for sysTime and userTime
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The virProcessGetStatInfo() helper parses /proc stat file for
given PID and/or TID and reports cumulative cpuTime which is just
a sum of user and sys times. But in near future, we'll need those
times separately, so make the function return them too (if caller
desires).
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit cdc22d9a21e472a02dae8157e3cca5832f161feb)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2157094
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/ch/ch_driver.c | 1 +
src/qemu/qemu_driver.c | 4 +++-
src/util/virprocess.c | 33 ++++++++++++++++++++++-----------
src/util/virprocess.h | 2 ++
4 files changed, 28 insertions(+), 12 deletions(-)
diff --git a/src/ch/ch_driver.c b/src/ch/ch_driver.c
index e7c172c894..bde148075d 100644
--- a/src/ch/ch_driver.c
+++ b/src/ch/ch_driver.c
@@ -1075,6 +1075,7 @@ chDomainHelperGetVcpus(virDomainObj *vm,
vcpuinfo->number = i;
vcpuinfo->state = VIR_VCPU_RUNNING;
if (virProcessGetStatInfo(&vcpuinfo->cpuTime,
+ NULL, NULL,
&vcpuinfo->cpu, NULL,
vm->pid, vcpupid) < 0) {
virReportSystemError(errno, "%s",
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index ebd6365f52..84cf2c6a4f 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -1359,6 +1359,7 @@ qemuDomainHelperGetVcpus(virDomainObj *vm,
vcpuinfo->state = VIR_VCPU_RUNNING;
if (virProcessGetStatInfo(&vcpuinfo->cpuTime,
+ NULL, NULL,
&vcpuinfo->cpu, NULL,
vm->pid, vcpupid) < 0) {
virReportSystemError(errno, "%s",
@@ -2528,6 +2529,7 @@ qemuDomainGetInfo(virDomainPtr dom,
if (virDomainObjIsActive(vm)) {
if (virProcessGetStatInfo(&(info->cpuTime), NULL, NULL,
+ NULL, NULL,
vm->pid, 0) < 0) {
virReportError(VIR_ERR_OPERATION_FAILED, "%s",
_("cannot read cputime for domain"));
@@ -10770,7 +10772,7 @@ qemuDomainMemoryStatsInternal(virQEMUDriver *driver,
ret = 0;
}
- if (virProcessGetStatInfo(NULL, NULL, &rss, vm->pid, 0) < 0) {
+ if (virProcessGetStatInfo(NULL, NULL, NULL, NULL, &rss, vm->pid, 0) < 0) {
virReportError(VIR_ERR_OPERATION_FAILED, "%s",
_("cannot get RSS for domain"));
} else {
diff --git a/src/util/virprocess.c b/src/util/virprocess.c
index 013afd91b4..11f36e00a8 100644
--- a/src/util/virprocess.c
+++ b/src/util/virprocess.c
@@ -1737,32 +1737,37 @@ virProcessGetStat(pid_t pid,
#ifdef __linux__
int
virProcessGetStatInfo(unsigned long long *cpuTime,
+ unsigned long long *userTime,
+ unsigned long long *sysTime,
int *lastCpu,
long *vm_rss,
pid_t pid,
pid_t tid)
{
g_auto(GStrv) proc_stat = virProcessGetStat(pid, tid);
- unsigned long long usertime = 0, systime = 0;
+ unsigned long long utime = 0;
+ unsigned long long stime = 0;
+ const unsigned long long jiff2nsec = 1000ull * 1000ull * 1000ull /
+ (unsigned long long) sysconf(_SC_CLK_TCK);
long rss = 0;
int cpu = 0;
if (!proc_stat ||
- virStrToLong_ullp(proc_stat[VIR_PROCESS_STAT_UTIME], NULL, 10, &usertime) < 0 ||
- virStrToLong_ullp(proc_stat[VIR_PROCESS_STAT_STIME], NULL, 10, &systime) < 0 ||
+ virStrToLong_ullp(proc_stat[VIR_PROCESS_STAT_UTIME], NULL, 10, &utime) < 0 ||
+ virStrToLong_ullp(proc_stat[VIR_PROCESS_STAT_STIME], NULL, 10, &stime) < 0 ||
virStrToLong_l(proc_stat[VIR_PROCESS_STAT_RSS], NULL, 10, &rss) < 0 ||
virStrToLong_i(proc_stat[VIR_PROCESS_STAT_PROCESSOR], NULL, 10, &cpu) < 0) {
VIR_WARN("cannot parse process status data");
}
- /* We got jiffies
- * We want nanoseconds
- * _SC_CLK_TCK is jiffies per second
- * So calculate thus....
- */
+ utime *= jiff2nsec;
+ stime *= jiff2nsec;
if (cpuTime)
- *cpuTime = 1000ull * 1000ull * 1000ull * (usertime + systime)
- / (unsigned long long) sysconf(_SC_CLK_TCK);
+ *cpuTime = utime + stime;
+ if (userTime)
+ *userTime = utime;
+ if (sysTime)
+ *sysTime = stime;
if (lastCpu)
*lastCpu = cpu;
@@ -1771,7 +1776,7 @@ virProcessGetStatInfo(unsigned long long *cpuTime,
VIR_DEBUG("Got status for %d/%d user=%llu sys=%llu cpu=%d rss=%ld",
- (int) pid, tid, usertime, systime, cpu, rss);
+ (int) pid, tid, utime, stime, cpu, rss);
return 0;
}
@@ -1844,6 +1849,8 @@ virProcessGetSchedInfo(unsigned long long *cpuWait,
#else
int
virProcessGetStatInfo(unsigned long long *cpuTime,
+ unsigned long long *userTime,
+ unsigned long long *sysTime,
int *lastCpu,
long *vm_rss,
pid_t pid G_GNUC_UNUSED,
@@ -1853,6 +1860,10 @@ virProcessGetStatInfo(unsigned long long *cpuTime,
* platforms, so just report neutral values */
if (cpuTime)
*cpuTime = 0;
+ if (userTime)
+ *userTime = 0;
+ if (sysTime)
+ *sysTime = 0;
if (lastCpu)
*lastCpu = 0;
if (vm_rss)
diff --git a/src/util/virprocess.h b/src/util/virprocess.h
index 086fbe0e4d..f5a4a4e508 100644
--- a/src/util/virprocess.h
+++ b/src/util/virprocess.h
@@ -195,6 +195,8 @@ typedef enum {
int virProcessNamespaceAvailable(unsigned int ns);
int virProcessGetStatInfo(unsigned long long *cpuTime,
+ unsigned long long *userTime,
+ unsigned long long *sysTime,
int *lastCpu,
long *vm_rss,
pid_t pid,
--
2.39.0

150
SOURCES/libvirt-util-add-an-API-to-retrieve-the-resolved-path-to-a-virCommand-s-binary.patch Normal file
View File

@ -0,0 +1,150 @@
From 54806234834ab5f2a1ada02afc5ad5ef6a789dc9 Mon Sep 17 00:00:00 2001
Message-Id: <54806234834ab5f2a1ada02afc5ad5ef6a789dc9@dist-git>
From: Laine Stump <laine@redhat.com>
Date: Wed, 1 Mar 2023 11:34:24 -0500
Subject: [PATCH] util: add an API to retrieve the resolved path to a
virCommand's binary
The binary to be exec'ed by virExec() is stored in
virCommand::args[0], and is resolved to a full absolute path (stored
in a local of virExec() just prior to execve().
Since we will have another use for the full absolute path, lets make
an API to resolve/retrieve the absolute path, and cache it in
virCommand::binaryPath so we only have to do the resolution once.
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit a53c1d6f842ba0f516bbacff8250ba0d7a10074a)
https://bugzilla.redhat.com/2172267
Signed-off-by: Laine Stump <laine@redhat.com>
---
src/libvirt_private.syms | 1 +
src/util/vircommand.c | 51 +++++++++++++++++++++++++++++++---------
src/util/vircommand.h | 1 +
3 files changed, 42 insertions(+), 11 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 576ec8f95f..e20421e7cd 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2076,6 +2076,7 @@ virCommandDryRunTokenNew;
virCommandExec;
virCommandFree;
virCommandGetArgList;
+virCommandGetBinaryPath;
virCommandGetGID;
virCommandGetUID;
virCommandHandshakeNotify;
diff --git a/src/util/vircommand.c b/src/util/vircommand.c
index 0917bc9cfb..a31509e977 100644
--- a/src/util/vircommand.c
+++ b/src/util/vircommand.c
@@ -88,6 +88,7 @@ struct _virCommandSendBuffer {
struct _virCommand {
int has_error; /* 0 on success, -1 on error */
+ char *binaryPath; /* only valid if args[0] isn't absolute path */
char **args;
size_t nargs;
size_t maxargs;
@@ -630,6 +631,7 @@ virCommandMassClose(virCommand *cmd,
# endif /* ! __FreeBSD__ */
+
/*
* virExec:
* @cmd virCommand * containing all information about the program to
@@ -646,22 +648,13 @@ virExec(virCommand *cmd)
int childin = cmd->infd;
int childout = -1;
int childerr = -1;
- g_autofree char *binarystr = NULL;
const char *binary = NULL;
int ret;
g_autofree gid_t *groups = NULL;
int ngroups;
- if (!g_path_is_absolute(cmd->args[0])) {
- if (!(binary = binarystr = virFindFileInPath(cmd->args[0]))) {
- virReportSystemError(ENOENT,
- _("Cannot find '%s' in path"),
- cmd->args[0]);
- return -1;
- }
- } else {
- binary = cmd->args[0];
- }
+ if (!(binary = virCommandGetBinaryPath(cmd)))
+ return -1;
if (childin < 0) {
if (getDevNull(&null) < 0)
@@ -2164,6 +2157,40 @@ virCommandGetArgList(virCommand *cmd,
}
+/*
+ * virCommandGetBinaryPath:
+ * @cmd: virCommand* containing all information about the program
+ *
+ * If args[0] is an absolute path, return that. If not, then resolve
+ * args[0] to a full absolute path, cache that in binaryPath, and
+ * return a pointer to this resolved string. binaryPath is only set by
+ * calling this function, so even other virCommand functions should
+ * access binaryPath via this function.
+ *
+ * returns const char* with the full path of the binary to be
+ * executed, or NULL on failure.
+ */
+const char *
+virCommandGetBinaryPath(virCommand *cmd)
+{
+
+ if (cmd->binaryPath)
+ return cmd->binaryPath;
+
+ if (g_path_is_absolute(cmd->args[0]))
+ return cmd->args[0];
+
+ if (!(cmd->binaryPath = virFindFileInPath(cmd->args[0]))) {
+ virReportSystemError(ENOENT,
+ _("Cannot find '%s' in path"),
+ cmd->args[0]);
+ return NULL;
+ }
+
+ return cmd->binaryPath;
+}
+
+
#ifndef WIN32
/*
* Manage input and output to the child process.
@@ -3015,6 +3042,8 @@ virCommandFree(virCommand *cmd)
VIR_FORCE_CLOSE(cmd->outfd);
VIR_FORCE_CLOSE(cmd->errfd);
+ g_free(cmd->binaryPath);
+
for (i = 0; i < cmd->nargs; i++)
g_free(cmd->args[i]);
g_free(cmd->args);
diff --git a/src/util/vircommand.h b/src/util/vircommand.h
index e0002103b6..d51449ac90 100644
--- a/src/util/vircommand.h
+++ b/src/util/vircommand.h
@@ -170,6 +170,7 @@ int virCommandToStringBuf(virCommand *cmd,
bool linebreaks,
bool stripCommandPath);
+const char *virCommandGetBinaryPath(virCommand *cmd);
int virCommandGetArgList(virCommand *cmd, char ***args);
int virCommandExec(virCommand *cmd, gid_t *groups, int ngroups) G_GNUC_WARN_UNUSED_RESULT;
--
2.40.0

124
SOURCES/libvirt-util-json-Split-out-array-strinlist-conversion-from-virJSONValueObjectGetStringArray.patch
View File

@ -1,124 +0,0 @@
From 38ad84afdbeab479d0beee24e7bef87a64db1ce3 Mon Sep 17 00:00:00 2001
Message-Id: <38ad84afdbeab479d0beee24e7bef87a64db1ce3@dist-git>
From: Peter Krempa <pkrempa@redhat.com>
Date: Thu, 1 Dec 2022 13:32:07 +0100
Subject: [PATCH] util: json: Split out array->strinlist conversion from
virJSONValueObjectGetStringArray
Introduce virJSONValueArrayToStringList which does only the conversion
from an array to a stringlist.
This will allow refactoring the callers to be more careful in case when
they want to handle the existance of the member in the parent object
differently.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 6765bdeaf7e9cbdb4c39d47f3b77fb28a498408a)
https://bugzilla.redhat.com/show_bug.cgi?id=2154410
---
src/libvirt_private.syms | 1 +
src/util/virjson.c | 43 ++++++++++++++++++++++------------------
src/util/virjson.h | 2 ++
3 files changed, 27 insertions(+), 19 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 76bcc64eb0..288310b75a 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2543,6 +2543,7 @@ virJSONValueArrayForeachSteal;
virJSONValueArrayGet;
virJSONValueArraySize;
virJSONValueArraySteal;
+virJSONValueArrayToStringList;
virJSONValueCopy;
virJSONValueFree;
virJSONValueFromString;
diff --git a/src/util/virjson.c b/src/util/virjson.c
index 53f8cdff95..fcbc173ffa 100644
--- a/src/util/virjson.c
+++ b/src/util/virjson.c
@@ -1316,10 +1316,7 @@ virJSONValueObjectStealObject(virJSONValue *object,
char **
virJSONValueObjectGetStringArray(virJSONValue *object, const char *key)
{
- g_auto(GStrv) ret = NULL;
virJSONValue *data;
- size_t n;
- size_t i;
data = virJSONValueObjectGetArray(object, key);
if (!data) {
@@ -1329,32 +1326,40 @@ virJSONValueObjectGetStringArray(virJSONValue *object, const char *key)
return NULL;
}
- n = virJSONValueArraySize(data);
- ret = g_new0(char *, n + 1);
+ return virJSONValueArrayToStringList(data);
+}
+
+
+/**
+ * virJSONValueArrayToStringList:
+ * @data: a JSON array containing strings to convert
+ *
+ * Converts @data a JSON array containing strings to a NULL-terminated string
+ * list. @data must be a JSON array. In case @data is doesn't contain only
+ * strings an error is reported.
+ */
+char **
+virJSONValueArrayToStringList(virJSONValue *data)
+{
+ size_t n = virJSONValueArraySize(data);
+ g_auto(GStrv) ret = g_new0(char *, n + 1);
+ size_t i;
+
for (i = 0; i < n; i++) {
virJSONValue *child = virJSONValueArrayGet(data, i);
- const char *tmp;
- if (!child) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("%s array element is missing item %zu"),
- key, i);
+ if (!child ||
+ !(ret[i] = g_strdup(virJSONValueGetString(child)))) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("JSON string array contains non-string element"));
return NULL;
}
-
- if (!(tmp = virJSONValueGetString(child))) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("%s array element does not contain a string"),
- key);
- return NULL;
- }
-
- ret[i] = g_strdup(tmp);
}
return g_steal_pointer(&ret);
}
+
/**
* virJSONValueObjectForeachKeyValue:
* @object: JSON object to iterate
diff --git a/src/util/virjson.h b/src/util/virjson.h
index aced48a538..c9f83ab2bc 100644
--- a/src/util/virjson.h
+++ b/src/util/virjson.h
@@ -172,6 +172,8 @@ virJSONValueObjectGetString(virJSONValue *object,
char **
virJSONValueObjectGetStringArray(virJSONValue *object,
const char *key);
+char **
+virJSONValueArrayToStringList(virJSONValue *data);
const char *
virJSONValueObjectGetStringOrNumber(virJSONValue *object,
const char *key);
--
2.39.0

59
SOURCES/libvirt-vircgroupv2-fix-cpu.weight-limits-check.patch Normal file
View File

@ -0,0 +1,59 @@
From 28bd414db666463dca0a26bbb969fd6bc784ec8e Mon Sep 17 00:00:00 2001
Message-Id: <28bd414db666463dca0a26bbb969fd6bc784ec8e@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Tue, 17 Jan 2023 10:02:07 +0100
Subject: [PATCH] vircgroupv2: fix cpu.weight limits check
The cgroup v2 cpu.weight limits are different than cgroup v1 cpu.shares
limits.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit cf3414a85b8383d71d6ae2a53daf63c331cc2230)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2037998
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
src/util/vircgroup.h | 2 ++
src/util/vircgroupv2.c | 8 ++++----
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/src/util/vircgroup.h b/src/util/vircgroup.h
index 690f09465c..adf3850b22 100644
--- a/src/util/vircgroup.h
+++ b/src/util/vircgroup.h
@@ -235,6 +235,8 @@ int virCgroupGetCpuShares(virCgroup *group, unsigned long long *shares);
/* Based on kernel code ((1ULL << MAX_BW_BITS) - 1) where MAX_BW_BITS is
* (64 - BW_SHIFT) and BW_SHIFT is 20 */
#define VIR_CGROUP_CPU_QUOTA_MAX 17592186044415LL
+#define VIR_CGROUPV2_WEIGHT_MIN 1LL
+#define VIR_CGROUPV2_WEIGHT_MAX 10000LL
int virCgroupSetCpuCfsPeriod(virCgroup *group, unsigned long long cfs_period);
int virCgroupGetCpuCfsPeriod(virCgroup *group, unsigned long long *cfs_period);
diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c
index b1f562aa52..219b9c7f21 100644
--- a/src/util/vircgroupv2.c
+++ b/src/util/vircgroupv2.c
@@ -1499,13 +1499,13 @@ static int
virCgroupV2SetCpuShares(virCgroup *group,
unsigned long long shares)
{
- if (shares < VIR_CGROUP_CPU_SHARES_MIN ||
- shares > VIR_CGROUP_CPU_SHARES_MAX) {
+ if (shares < VIR_CGROUPV2_WEIGHT_MIN ||
+ shares > VIR_CGROUPV2_WEIGHT_MAX) {
virReportError(VIR_ERR_INVALID_ARG,
_("shares '%llu' must be in range [%llu, %llu]"),
shares,
- VIR_CGROUP_CPU_SHARES_MIN,
- VIR_CGROUP_CPU_SHARES_MAX);
+ VIR_CGROUPV2_WEIGHT_MIN,
+ VIR_CGROUPV2_WEIGHT_MAX);
return -1;
}
--
2.39.1

64
SOURCES/libvirt-vircpi-Add-PCIe-5.0-and-6.0-link-speeds.patch
View File

@ -1,64 +0,0 @@
From e13ab5c97f266eb688bc22e1124291563770370d Mon Sep 17 00:00:00 2001
Message-Id: <e13ab5c97f266eb688bc22e1124291563770370d@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Fri, 8 Jul 2022 14:29:32 +0200
Subject: [PATCH] vircpi: Add PCIe 5.0 and 6.0 link speeds
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The PCIe 5.0 and PCIe 6.0 standards define new link speeds:
32GT/s and 64GT/s, respectively. Update our internal enum to
include these new speeds. Otherwise we format incorrect XML:
<pci-express>
<link validity='cap' port='0' speed='(null)' width='16'/>
<link validity='sta' speed='16' width='16'/>
</pci-express>
Like all "good" specifications, these are also locked behind a
login portal. But we can look at pciutils' source code: [1] and
[2].
1: https://git.kernel.org/pub/scm/utils/pciutils/pciutils.git/commit/ls-caps.c?id=caca31a0eea41c7b051705704c1158fddc02fbd2
2: https://git.kernel.org/pub/scm/utils/pciutils/pciutils.git/commit/ls-caps.c?id=5bdf63b6b1bc35b59c4b3f47f7ca83ca1868155b
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2105231
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit d33c2a9e2f933b31f8e96e9938c237bdffe27f84)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/util/virpci.c | 2 +-
src/util/virpci.h | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/util/virpci.c b/src/util/virpci.c
index 03d1d7b074..7800966963 100644
--- a/src/util/virpci.c
+++ b/src/util/virpci.c
@@ -45,7 +45,7 @@ VIR_LOG_INIT("util.pci");
VIR_ENUM_IMPL(virPCIELinkSpeed,
VIR_PCIE_LINK_SPEED_LAST,
- "", "2.5", "5", "8", "16",
+ "", "2.5", "5", "8", "16", "32", "64"
);
VIR_ENUM_IMPL(virPCIStubDriver,
diff --git a/src/util/virpci.h b/src/util/virpci.h
index b9b9cd7b34..4d9193f24e 100644
--- a/src/util/virpci.h
+++ b/src/util/virpci.h
@@ -83,6 +83,8 @@ typedef enum {
VIR_PCIE_LINK_SPEED_5,
VIR_PCIE_LINK_SPEED_8,
VIR_PCIE_LINK_SPEED_16,
+ VIR_PCIE_LINK_SPEED_32,
+ VIR_PCIE_LINK_SPEED_64,
VIR_PCIE_LINK_SPEED_LAST
} virPCIELinkSpeed;
--
2.35.1

62
SOURCES/libvirt-virsh-Implement-config-for-iothreadset.patch
View File

@ -1,62 +0,0 @@
From 02ebd15a48da7a53560bbea5e530a5b9c929daee Mon Sep 17 00:00:00 2001
Message-Id: <02ebd15a48da7a53560bbea5e530a5b9c929daee@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Thu, 7 Jul 2022 17:44:32 +0200
Subject: [PATCH] virsh: Implement --config for iothreadset
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Our man page already documents that iothreadset has --config
argument. Well, it doesn't really. Normally, I'd just fix the man
page, but with recent work on the API it's possible to tweak
values for inactive XML too. Therefore, implement the --config
argument for the command.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 3ff558c1c171f66da84b10c81937c1a6895ec6fb)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2059511
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
tools/virsh-domain.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index 43034f2f81..da63cc95ff 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -7831,6 +7831,7 @@ static const vshCmdOptDef opts_iothreadset[] = {
.type = VSH_OT_INT,
.help = N_("upper boundary for worker thread pool")
},
+ VIRSH_COMMON_OPT_DOMAIN_CONFIG,
VIRSH_COMMON_OPT_DOMAIN_LIVE,
VIRSH_COMMON_OPT_DOMAIN_CURRENT,
{.name = NULL}
@@ -7842,6 +7843,8 @@ cmdIOThreadSet(vshControl *ctl, const vshCmd *cmd)
g_autoptr(virshDomain) dom = NULL;
int id = 0;
bool ret = false;
+ bool current = vshCommandOptBool(cmd, "current");
+ bool config = vshCommandOptBool(cmd, "config");
bool live = vshCommandOptBool(cmd, "live");
unsigned int flags = VIR_DOMAIN_AFFECT_CURRENT;
virTypedParameterPtr params = NULL;
@@ -7852,8 +7855,13 @@ cmdIOThreadSet(vshControl *ctl, const vshCmd *cmd)
int thread_val;
int rc;
+ VSH_EXCLUSIVE_OPTIONS_VAR(current, live);
+ VSH_EXCLUSIVE_OPTIONS_VAR(current, config);
+
if (live)
flags |= VIR_DOMAIN_AFFECT_LIVE;
+ if (config)
+ flags |= VIR_DOMAIN_AFFECT_CONFIG;
if (!(dom = virshCommandOptDomain(ctl, cmd, NULL)))
return false;
--
2.35.1

47
SOURCES/libvirt-virsh-Make-domif-setlink-work-more-than-once.patch Normal file
View File

@ -0,0 +1,47 @@
From f895d23743a65141a2db7f816e56d18c9c4de6df Mon Sep 17 00:00:00 2001
Message-Id: <f895d23743a65141a2db7f816e56d18c9c4de6df@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Mon, 30 Jan 2023 10:55:22 +0100
Subject: [PATCH] virsh: Make domif-setlink work more than once
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In virsh, we have this convenient domif-setlink command, which is
just a wrapper over virDomainUpdateDeviceFlags() and which allows
setting link state of given guest NIC. It does so by fetching
corresponding <interface/> XML snippet and either putting <link
state=''/> into it, OR if the element already exists setting the
attribute to desired value. The XML is then fed into the update
API.
There's, however, a small bug in detecting the pre-existence of
the element and its attribute. The code looks at "link"
attribute, while in fact, the attribute is called "state".
Resolves: https://gitlab.com/libvirt/libvirt/-/issues/426
Fixes: e575bf082ed4889280be07c986375f1ca15bb7ee
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 6f3f6c0f763b9ffd8ef93eb124c88dd0b79138fc)
https://bugzilla.redhat.com/show_bug.cgi?id=2165466
---
tools/virsh-domain.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index 6b431bd1e5..59b2b3ce60 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -3209,7 +3209,7 @@ cmdDomIfSetLink(vshControl *ctl, const vshCmd *cmd)
}
}
- if (xmlHasProp(linkNode, BAD_CAST "link"))
+ if (xmlHasProp(linkNode, BAD_CAST "state"))
stateAttr = xmlSetProp(linkNode, BAD_CAST "state", BAD_CAST state);
else
stateAttr = xmlNewProp(linkNode, BAD_CAST "state", BAD_CAST state);
--
2.39.1

215
SOURCES/libvirt-virsh-Require-xpath-for-dumpxml.patch
View File

@ -1,215 +0,0 @@
From 045c3fbdc6f4a5b98013a00fcaefcd3481c1df39 Mon Sep 17 00:00:00 2001
Message-Id: <045c3fbdc6f4a5b98013a00fcaefcd3481c1df39@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Fri, 8 Jul 2022 12:45:42 +0200
Subject: [PATCH] virsh: Require --xpath for *dumpxml
Historically, the dumpxml command reject any unknown arguments,
for instance:
virsh dumpxml fedora xxx
However, after v8.5.0-rc1~31 the second argument ('xxx') is
treated as an XPath, but it's not that clearly visible.
Therefore, require the --xpath switch, like this:
virsh dumpxml fedora --xpath xxx
Yes, this breaks already released virsh, but I think we can argue
that the pool of users of this particular function is very small.
We also document the argument being mandatory:
dumpxml [--inactive] [--security-info] [--update-cpu] [--migratable]
[--xpath EXPRESSION] [--wrap] domain
The sooner we do this change, the better.
The same applies for other *dumpxml functions (net-dumpxml,
pool-dumpxml, vol-dumpxl to name a few).
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2103524
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
(cherry picked from commit e90d48ae6e22eaf1650f920abc0a6b87d2daa82b)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
tools/virsh-backup.c | 1 +
tools/virsh-checkpoint.c | 1 +
tools/virsh-domain.c | 3 +++
tools/virsh-interface.c | 1 +
tools/virsh-network.c | 2 ++
tools/virsh-nodedev.c | 1 +
tools/virsh-nwfilter.c | 2 ++
tools/virsh-pool.c | 1 +
tools/virsh-secret.c | 1 +
tools/virsh-snapshot.c | 1 +
tools/virsh-volume.c | 1 +
11 files changed, 15 insertions(+)
diff --git a/tools/virsh-backup.c b/tools/virsh-backup.c
index db122abc09..1bb2c63113 100644
--- a/tools/virsh-backup.c
+++ b/tools/virsh-backup.c
@@ -117,6 +117,7 @@ static const vshCmdOptDef opts_backup_dumpxml[] = {
VIRSH_COMMON_OPT_DOMAIN_FULL(VIR_CONNECT_LIST_DOMAINS_ACTIVE),
{.name = "xpath",
.type = VSH_OT_STRING,
+ .flags = VSH_OFLAG_REQ_OPT,
.completer = virshCompleteEmpty,
.help = N_("xpath expression to filter the XML document")
},
diff --git a/tools/virsh-checkpoint.c b/tools/virsh-checkpoint.c
index a7ef39849d..9605c893af 100644
--- a/tools/virsh-checkpoint.c
+++ b/tools/virsh-checkpoint.c
@@ -854,6 +854,7 @@ static const vshCmdOptDef opts_checkpoint_dumpxml[] = {
},
{.name = "xpath",
.type = VSH_OT_STRING,
+ .flags = VSH_OFLAG_REQ_OPT,
.completer = virshCompleteEmpty,
.help = N_("xpath expression to filter the XML document")
},
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index da63cc95ff..76d12d2b70 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -4529,6 +4529,7 @@ static const vshCmdOptDef opts_save_image_dumpxml[] = {
},
{.name = "xpath",
.type = VSH_OT_STRING,
+ .flags = VSH_OFLAG_REQ_OPT,
.completer = virshCompleteEmpty,
.help = N_("xpath expression to filter the XML document")
},
@@ -4961,6 +4962,7 @@ static const vshCmdOptDef opts_managed_save_dumpxml[] = {
},
{.name = "xpath",
.type = VSH_OT_STRING,
+ .flags = VSH_OFLAG_REQ_OPT,
.completer = virshCompleteEmpty,
.help = N_("xpath expression to filter the XML document")
},
@@ -10469,6 +10471,7 @@ static const vshCmdOptDef opts_dumpxml[] = {
},
{.name = "xpath",
.type = VSH_OT_STRING,
+ .flags = VSH_OFLAG_REQ_OPT,
.completer = virshCompleteEmpty,
.help = N_("xpath expression to filter the XML document")
},
diff --git a/tools/virsh-interface.c b/tools/virsh-interface.c
index b29ffc9bef..39ea53ec9d 100644
--- a/tools/virsh-interface.c
+++ b/tools/virsh-interface.c
@@ -472,6 +472,7 @@ static const vshCmdOptDef opts_interface_dumpxml[] = {
},
{.name = "xpath",
.type = VSH_OT_STRING,
+ .flags = VSH_OFLAG_REQ_OPT,
.completer = virshCompleteEmpty,
.help = N_("xpath expression to filter the XML document")
},
diff --git a/tools/virsh-network.c b/tools/virsh-network.c
index 99ced6ccc6..004719dad6 100644
--- a/tools/virsh-network.c
+++ b/tools/virsh-network.c
@@ -351,6 +351,7 @@ static const vshCmdOptDef opts_network_dumpxml[] = {
},
{.name = "xpath",
.type = VSH_OT_STRING,
+ .flags = VSH_OFLAG_REQ_OPT,
.completer = virshCompleteEmpty,
.help = N_("xpath expression to filter the XML document")
},
@@ -1556,6 +1557,7 @@ static const vshCmdOptDef opts_network_port_dumpxml[] = {
VIRSH_COMMON_OPT_NETWORK_PORT(0),
{.name = "xpath",
.type = VSH_OT_STRING,
+ .flags = VSH_OFLAG_REQ_OPT,
.completer = virshCompleteEmpty,
.help = N_("xpath expression to filter the XML document")
},
diff --git a/tools/virsh-nodedev.c b/tools/virsh-nodedev.c
index 37e361c701..2adcad9c10 100644
--- a/tools/virsh-nodedev.c
+++ b/tools/virsh-nodedev.c
@@ -567,6 +567,7 @@ static const vshCmdOptDef opts_node_device_dumpxml[] = {
},
{.name = "xpath",
.type = VSH_OT_STRING,
+ .flags = VSH_OFLAG_REQ_OPT,
.completer = virshCompleteEmpty,
.help = N_("xpath expression to filter the XML document")
},
diff --git a/tools/virsh-nwfilter.c b/tools/virsh-nwfilter.c
index ff7f6f4026..d4112c8620 100644
--- a/tools/virsh-nwfilter.c
+++ b/tools/virsh-nwfilter.c
@@ -188,6 +188,7 @@ static const vshCmdOptDef opts_nwfilter_dumpxml[] = {
},
{.name = "xpath",
.type = VSH_OT_STRING,
+ .flags = VSH_OFLAG_REQ_OPT,
.completer = virshCompleteEmpty,
.help = N_("xpath expression to filter the XML document")
},
@@ -610,6 +611,7 @@ static const vshCmdOptDef opts_nwfilter_binding_dumpxml[] = {
},
{.name = "xpath",
.type = VSH_OT_STRING,
+ .flags = VSH_OFLAG_REQ_OPT,
.completer = virshCompleteEmpty,
.help = N_("xpath expression to filter the XML document")
},
diff --git a/tools/virsh-pool.c b/tools/virsh-pool.c
index 820a61f889..8a98c6ae40 100644
--- a/tools/virsh-pool.c
+++ b/tools/virsh-pool.c
@@ -777,6 +777,7 @@ static const vshCmdOptDef opts_pool_dumpxml[] = {
},
{.name = "xpath",
.type = VSH_OT_STRING,
+ .flags = VSH_OFLAG_REQ_OPT,
.completer = virshCompleteEmpty,
.help = N_("xpath expression to filter the XML document")
},
diff --git a/tools/virsh-secret.c b/tools/virsh-secret.c
index 79fa3faf5a..17d2bbd88d 100644
--- a/tools/virsh-secret.c
+++ b/tools/virsh-secret.c
@@ -140,6 +140,7 @@ static const vshCmdOptDef opts_secret_dumpxml[] = {
},
{.name = "xpath",
.type = VSH_OT_STRING,
+ .flags = VSH_OFLAG_REQ_OPT,
.completer = virshCompleteEmpty,
.help = N_("xpath expression to filter the XML document")
},
diff --git a/tools/virsh-snapshot.c b/tools/virsh-snapshot.c
index 83fdfb9616..8fa64ba903 100644
--- a/tools/virsh-snapshot.c
+++ b/tools/virsh-snapshot.c
@@ -1609,6 +1609,7 @@ static const vshCmdOptDef opts_snapshot_dumpxml[] = {
},
{.name = "xpath",
.type = VSH_OT_STRING,
+ .flags = VSH_OFLAG_REQ_OPT,
.completer = virshCompleteEmpty,
.help = N_("xpath expression to filter the XML document")
},
diff --git a/tools/virsh-volume.c b/tools/virsh-volume.c
index bf72d8135f..300a0aa8e5 100644
--- a/tools/virsh-volume.c
+++ b/tools/virsh-volume.c
@@ -1161,6 +1161,7 @@ static const vshCmdOptDef opts_vol_dumpxml[] = {
VIRSH_COMMON_OPT_POOL_OPTIONAL,
{.name = "xpath",
.type = VSH_OT_STRING,
+ .flags = VSH_OFLAG_REQ_OPT,
.completer = virshCompleteEmpty,
.help = N_("xpath expression to filter the XML document")
},
--
2.35.1

48
SOURCES/libvirt-virtpm-Introduce-TPM-1.2-and-TPM-2.0-capabilieis.patch
View File

@ -1,48 +0,0 @@
From 6d21624edd73edb9b59e5dac0d98d0812e9bf0ad Mon Sep 17 00:00:00 2001
Message-Id: <6d21624edd73edb9b59e5dac0d98d0812e9bf0ad@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 12 Jul 2022 15:46:50 +0200
Subject: [PATCH] virtpm: Introduce TPM-1.2 and TPM-2.0 capabilieis
These new capabilities will be used only to track whether
swtpm_setup is capable of TPM-1.2 and/or TPM-2.0.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
(cherry picked from commit 7b37763278c44887789e80a6058ee27953c0e5e6)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2103119
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/util/virtpm.c | 2 ++
src/util/virtpm.h | 2 ++
2 files changed, 4 insertions(+)
diff --git a/src/util/virtpm.c b/src/util/virtpm.c
index b898f3a6db..3c961c11cb 100644
--- a/src/util/virtpm.c
+++ b/src/util/virtpm.c
@@ -47,6 +47,8 @@ VIR_ENUM_IMPL(virTPMSwtpmSetupFeature,
"cmdarg-create-config-files",
"tpm12-not-need-root",
"cmdarg-reconfigure-pcr-banks",
+ "tpm-1.2",
+ "tpm-2.0",
);
/**
diff --git a/src/util/virtpm.h b/src/util/virtpm.h
index 0a82a03b69..bbf379a54a 100644
--- a/src/util/virtpm.h
+++ b/src/util/virtpm.h
@@ -42,6 +42,8 @@ typedef enum {
VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_CREATE_CONFIG_FILES,
VIR_TPM_SWTPM_SETUP_FEATURE_TPM12_NOT_NEED_ROOT,
VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_RECONFIGURE_PCR_BANKS,
+ VIR_TPM_SWTPM_SETUP_FEATURE_TPM_1_2,
+ VIR_TPM_SWTPM_SETUP_FEATURE_TPM_2_0,
VIR_TPM_SWTPM_SETUP_FEATURE_LAST
} virTPMSwtpmSetupFeature;
--
2.35.1

Some files were not shown because too many files have changed in this diff Show More