Luke Yue [Mon, 12 Jul 2021 11:32:16 +0000 (19:32 +0800)]
test_driver: Introduce testDomainObjCheckTaint
In order to test the virDomainGetMessages for test driver, we need to
check some taints or deprecations, so introduce testDomainObjCheckTaint
for checking taints.
As we introduced testDomainObjCheckTaint for test driver, the `dominfo`
command in virshtest will now print tainting messages, so add them for
test.
Signed-off-by: Luke Yue <lukedyue@gmail.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
The current docker:dind container has broken default seccomp filter that
results in clone3 being blocked, which in turn breaks Fedora 35 rawhide.
This custom image has a workaround that causes the seccomp filter to
return ENOSYS for clone3 instad of EPERM, thus triggering glibc to
fallback to clone correctly.
Reviewed-by: Erik Skultety <eskultet@redhat> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Michal Privoznik [Wed, 28 Jul 2021 11:32:10 +0000 (13:32 +0200)]
vmx: Parse vm.genid
The VMware metadata file contains genid but we are not parsing
and thus reporting it in domain XML. However, it's not as
straightforward as one might think. The UUID reported by VMware
is not in its usual string form, but split into two signed long
longs. That means, we have to do a bit of trickery when parsing.
But looking around it's the same magic that libguestfs does:
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1598348 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
virnvme: Duplicate index in nested loop in virNVMeDeviceListCreateReAttachList
When loop in function virNVMeDeviceListCreateReAttachList() there may be
reused index @i, this patch fix this by using a new @j.
Signed-off-by: Jia Zhou <zhou.jia2@zte.com.cn> Signed-off-by: Yi Wang <wang.yi59@zte.com.cn> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Boris Fiuczynski [Wed, 28 Jul 2021 12:36:00 +0000 (14:36 +0200)]
NEWS: Add new launch security type s390-pv
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com> Reviewed-by: Viktor Mihajlovski <mihajlov@linux.ibm.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Peter Krempa [Wed, 28 Jul 2021 07:38:44 +0000 (09:38 +0200)]
NEWS: Mention fix for 'copy_on_read' disks with trimming enabled
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Peter Krempa [Tue, 27 Jul 2021 17:12:09 +0000 (19:12 +0200)]
qemu: block: Pass discard requests through the copy-on-read block filter
We need to pass the 'trim' requests through the copy-on-read filter so
if a user configures a discard policy on the disk the requests get
through to the appropriate format layer in the blockdev tree.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1986509 Reported-by: Richard W.M. Jones <rjones@redhat.com> Tested-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Ján Tomko [Tue, 27 Jul 2021 10:39:50 +0000 (12:39 +0200)]
schema: make target mandatory for filesystems
Commit 12967c3e13 incorrectly made the target optional.
The validation was re-introduced by commit e8863b91f (which
put it into FSDefValidate instead of the parser), but
it did not amend the schema to make it mandatory again.
The nature of Fedora rawhide means that it will inevitably have failures
periodically. Currently it is failing to even update packages due to
glibc switching to use of clone3 syscall, which is mistakenly blocked by
seccomp in container runtimes using EPERM instead of ENOSYS.
When we fail to build the rawhide containers, it is quite likely that we
still have the previous build available in the gitlab registry, so it is
reasonable to allow the container job to fail and try the build job
anyway.
Ideally we would ignore the container build failure if-and-only-if the
previous container was build with the same list of packages. We don't
record the original dependency package list though, so that's not
currently possible.
Reviewed-by: Peter Krempa <pkrempa@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Yang Fei [Thu, 22 Jul 2021 08:05:01 +0000 (16:05 +0800)]
util: Add virHostCPUGetHaltPollTime
Add helper function virHostCPUGetHaltPollTime to obtain halt polling
time. If the kernel support halt polling time statistic, and mount
debugfs. This function will take effect on KVM VMs.
Signed-off-by: Yang Fei <yangfei85@huawei.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Peter Krempa [Mon, 22 Feb 2021 16:55:12 +0000 (17:55 +0100)]
qemuBlockReopenFormatMon: Adapt to new argument format of 'blockdev-reopen'
This function was added prior 'blockdev-reopen' being stable and qemu
changed the arguments to actually contain an array of block node
definitions to reopen.
In our case we are just changing between read-only and read-write modes
and thus we can keep operating on the nodes one-by-one.
Modify the code to add the wrapper array.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Notable changes are:
- stabilization of 'blockdev-reopen'
- addition of the 'vmx-tsc-scaling' cpu flag
- Supported display types are now in the schema only if they are compiled in.
- rbd image encryption
- 'aio-max-batch' iothread property
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
qemu_vhost_user: don't raise error for unknown features
Similar to what was done for qemu_firmware.c in 61d95a1073, don't
report an error for unknown vhost-user features, just log it and
correctly continue on
Reviewed-by: Peter Krempa <pkrempa@redhat.com> Signed-off-by: Cole Robinson <crobinso@redhat.com>
Additional cleanup paths add the possibility of not freeing earlier
stuff. Add an AUTOPTR handler for qemuDomainObjPrivate and use it in
qemuDomainObjPrivateAlloc
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Tim Wiederhake <twiederh@redhat.com>
'obj->classIdMap' is a bitmap with size of '16', thus the first 3 bits
are guaranteed to be available. Use 'virBitmapSetBit' instead of
'virBitmapSetBitExpand' since we don't need any expansion and ignore
errors as they are impossible.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Tim Wiederhake <twiederh@redhat.com>
Michal Privoznik [Thu, 22 Jul 2021 12:26:00 +0000 (14:26 +0200)]
virSetUIDGIDWithCaps: Set bounding capabilities only with CAP_SETPCAP
In one of my previous patches I've tried to postpone dropping
CAP_SETPCAP until the very end because it's needed for
capng_apply(). What I did not realize back then was that we might
not have the capability to begin with. Because of unknown reasons
capng_apply() pollutes logs only for CAPNG_SELECT_BOUNDS and not
for CAPNG_SELECT_CAPS.
Reproducer is really simple: run libvirtd as a regular user.
During its initialization, libvirtd will spawn some binaries
(dnsmasq, qemu-*, etc.) and while doing so it will try to drop
capabilities.
Anyway, let's call capng_apply(CAPNG_SELECT_BOUNDS) only if we
have the CAP_SETPCAP (which is tracked in need_setpcap variable).
Michal Privoznik [Thu, 22 Jul 2021 12:12:14 +0000 (14:12 +0200)]
virSetUIDGIDWithCaps: Drop redundant parenthesis around capng_apply()
After all capabilities were set (except for CAP_SETGID,
CAP_SETUID and CAP_SETPCAP) and after UID:GID was changed we drop
the last aforementioned capabilities (we couldn't drop them
before because we needed UID:GID and capabilities change).
Therefore, there's final capng_apply() call. However, it is
wrapped in one layer of parenthesis more than needed.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Libvirt is using the G_GNUC_FALLTHROUGH macro provided by glib since
version 2.60. Since we need to support older glib, we also have some
compatibility code to define it if missing.
We set the GLIB_VERSION_MAX_ALLOWED macro to ensure we get warnings
when we use an API that dates from a glib version newer than our
minimum benchmark. Historically this didn't get enforced for (most)
macros, but GLib 2.69 has addressed that gap.
This causes our usage of G_GNUC_FALLTHROUGH to trigger warnings.
GLib is right to warn, because it does not know that we have added
our own fallback for older versions.
The only way to squelch this warning though, is to fully undefine
the GLib provided G_GNUC_FALLTHROUGH and use our own in its place.
We'll be able to remove all this compat burden when we finally
update the min glib version to be >= 2.60
Reviewed-by: Peter Krempa <pkrempa@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
If lvcreate found an existing signature when trying to create a
new logical volume (E.g. left after some deleted volume), the
action failed due to inability to answer interactive question to
wiping it (lvcreate assumed 'no' was the answer). With added
option --yes to the command line, the answer to any interactive
question is assumed to be yes. Therefore, lvcreate wipes the
signature and the new volume is created successfully.
Tim Wiederhake [Tue, 6 Jul 2021 08:35:27 +0000 (10:35 +0200)]
virNWFilterParseParamAttributes: Iterate over "element" children
"xmlNextElementSibling()" skips attribute nodes, making the explicit
check for the type of `cur` redundant. This prepares for the removal
of this check in the next commit.
Signed-off-by: Tim Wiederhake <twiederh@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
projects / thirdparty / libvirt.git / log
