openSUSE Commits
Threads by month
- ----- 2024 -----
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
October 2020
- 1 participants
- 2708 discussions
Hello community,
here is the log from the commit of package 000update-repos for openSUSE:Factory checked in at 2020-10-30 21:07:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/000update-repos (Old)
and /work/SRC/openSUSE:Factory/.000update-repos.new.3463 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "000update-repos"
Fri Oct 30 21:07:05 2020 rev:1366 rq: version:unknown
Changes:
--------
New Changes file:
NO CHANGES FILE!!!
New:
----
factory_20201028.packages.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
1
0
Hello community,
here is the log from the commit of package libvirt for openSUSE:Leap:15.1:Update checked in at 2020-10-30 18:23:38
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.1:Update/libvirt (Old)
and /work/SRC/openSUSE:Leap:15.1:Update/.libvirt.new.3463 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libvirt"
Fri Oct 30 18:23:38 2020 rev:3 rq:844388 version:unknown
Changes:
--------
New Changes file:
NO CHANGES FILE!!!
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ _link ++++++
--- /var/tmp/diff_new_pack.MCARnx/_old 2020-10-30 18:23:45.797722129 +0100
+++ /var/tmp/diff_new_pack.MCARnx/_new 2020-10-30 18:23:45.797722129 +0100
@@ -1 +1 @@
-<link package='libvirt.11417' cicount='copy' />
+<link package='libvirt.14743' cicount='copy' />
1
0
Hello community,
here is the log from the commit of package libvirt for openSUSE:Leap:15.2:Update checked in at 2020-10-30 18:23:26
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2:Update/libvirt (Old)
and /work/SRC/openSUSE:Leap:15.2:Update/.libvirt.new.3463 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libvirt"
Fri Oct 30 18:23:26 2020 rev:2 rq:844387 version:unknown
Changes:
--------
New Changes file:
NO CHANGES FILE!!!
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ _link ++++++
--- /var/tmp/diff_new_pack.ogyX9C/_old 2020-10-30 18:23:33.181715015 +0100
+++ /var/tmp/diff_new_pack.ogyX9C/_new 2020-10-30 18:23:33.181715015 +0100
@@ -1 +1 @@
-<link package='libvirt.13730' cicount='copy' />
+<link package='libvirt.14632' cicount='copy' />
1
0
Hello community,
here is the log from the commit of package libvirt.14632 for openSUSE:Leap:15.2:Update checked in at 2020-10-30 18:23:21
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2:Update/libvirt.14632 (Old)
and /work/SRC/openSUSE:Leap:15.2:Update/.libvirt.14632.new.3463 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libvirt.14632"
Fri Oct 30 18:23:21 2020 rev:1 rq:844387 version:6.0.0
Changes:
--------
New Changes file:
--- /dev/null 2020-10-22 01:51:33.322291705 +0200
+++ /work/SRC/openSUSE:Leap:15.2:Update/.libvirt.14632.new.3463/libvirt.changes 2020-10-30 18:23:30.381713435 +0100
@@ -0,0 +1,5248 @@
+-------------------------------------------------------------------
+Tue Oct 13 21:51:45 UTC 2020 - James Fehlig <jfehlig(a)suse.com>
+
+- Fix 'make check' with all downstream patches applied. Some
+ patches touch config files and needed the corresponding augeaus
+ test files updated.
+ Updated patches:
+ b196f8fc-CVE-2020-15708-doc.patch,
+ suse-libvirtd-disable-tls.patch,
+ suse-qemu-conf.patch,
+ suse-ovmf-paths.patch,
+ suse-libxl-disable-autoballoon.patch
+ boo#1175574
+
+-------------------------------------------------------------------
+Thu Oct 8 20:35:46 UTC 2020 - James Fehlig <jfehlig(a)suse.com>
+
+- CVE-2020-15708: Add a note to libvirtd.conf about polkit auth in
+ SUSE distros
+ b196f8fc-CVE-2020-15708-doc.patch
+ bsc#1174955
+
+-------------------------------------------------------------------
+Thu Oct 8 16:25:57 UTC 2020 - James Fehlig <jfehlig(a)suse.com>
+
+- CVE-2020-25637: qemu: agent: set ifname to NULL after freeing
+ 955029bd-CVE-2020-25637.patch,
+ 50864dcd-CVE-2020-25637.patch,
+ e4116eaa-CVE-2020-25637.patch,
+ a63b48c5-CVE-2020-25637.patch
+ bsc#1177155
+
+-------------------------------------------------------------------
+Thu Sep 24 04:43:05 UTC 2020 - James Fehlig <jfehlig(a)suse.com>
+
+- Xen: Don't add dom0 twice on driver reload
+ de49d5ba-xen-avoid-multiple-dom0.patch
+ bsc#1176430
+
+-------------------------------------------------------------------
+Tue Aug 25 17:06:46 UTC 2020 - James Fehlig <jfehlig(a)suse.com>
+
+- Xen: Add support for passing arbitrary commands to the qemu
+ device model, similar to the xl.cfg(5) device_model_args setting
+ b0cad42e-xen-dm-cmdline-passthrough.patch,
+ 3d76f4fc-xen-dm-cmdline-config-converter.patch
+ bsc#1174139
+
+-------------------------------------------------------------------
+Wed Aug 19 22:38:11 UTC 2020 - James Fehlig <jfehlig(a)suse.com>
+
+- virdevmapper: Handle kernel without device-mapper support
+ feb8564a-handle-no-devmapper.patch,
+ 53d9af1e-ignore-devmapper-open-errors.patch
+ boo#1175465
+
+-------------------------------------------------------------------
+Wed Aug 19 17:24:59 UTC 2020 - James Fehlig <jfehlig(a)suse.com>
+
+- qemu: Avoid stale capabilities cache host CPU or kernel command
+ line changes
+ c5fffb95-kernel-cmdline-parser.patch,
+ b611b620-check-s390-secure-guest.patch,
+ 657365e7-check-amd-secure-guest.patch,
+ 0254ceab-s390-host-validate-check.patch,
+ 4b561d49-amd-host-validate-check.patch,
+ 2c3ffa37-update-amd-doc.patch,
+ f0d0cd61-update-s390-doc.patch,
+ 8cb9d249-autoptr-file-callback.patch,
+ a551dd5f-intro-virHostCPUGetSignature.patch,
+ 44f826e4-virHostCPUGetSignature-x86.patch,
+ 2a68ceaa-virHostCPUGetSignature-ppc64.patch,
+ d3d87e0c-virHostCPUGetSignature-s390.patch,
+ 004804a7-qemu-invalidate-caps.patch
+ bsc#1173157
+
+-------------------------------------------------------------------
+Thu Jul 30 14:34:11 UTC 2020 - James Fehlig <jfehlig(a)suse.com>
+
+- CVE-2020-14339: Don't leak /dev/mapper/control into QEMU. Use
+ ioctl's to obtain the dependency tree of disks and drop use of
+ libdevmapper.
+ 22494556-CVE-2020-14339.patch
+ bsc#1161883, bsc#1174458
+
+-------------------------------------------------------------------
+Wed Jun 3 16:38:09 UTC 2020 - James Fehlig <jfehlig(a)suse.com>
+
+- libxl: Normalize MAC address in device conf on netdev hotplug
+ ec07aad8-libxl-normalize-mac-addr.patch
+ bsc#1172052
+
+-------------------------------------------------------------------
+Wed Apr 29 17:03:01 UTC 2020 - James Fehlig <jfehlig(a)suse.com>
+
+- qemu: Fix memory leak in qemuDomainGetStatsIOThread
+ CVE-2020-12430
+ 9bf9e0ae-CVE-2020-12430.patch
+ bsc#1170765
+
+-------------------------------------------------------------------
+Tue Apr 21 17:45:36 UTC 2020 - James Fehlig <jfehlig(a)suse.com>
+
+- libxl: Add support for 'passthrough' and 'e820_host' settings
+ b7d6648d-conf-add-e820-host.patch,
+ 5749395b-libxl-e820-host.patch,
+ f3ef7daf-xenconfig-e820-host.patch,
+ 34077c1b-tests-check-e820-host.patch,
+ fadbaa23-conf-add-passthrough.patch,
+ 9529e007-libxl-passthrough.patch,
+ 9cb8bc6f-xenconfig-refactor-features.patch,
+ b523e225-xenconfig-passthrough.patch,
+ bed32525-tests-check-passthrough.patch
+ bsc#1167217
+
+-------------------------------------------------------------------
+Fri Apr 17 05:19:57 UTC 2020 - Lin Ma <lma(a)suse.com>
+
+- qemu: fix hang in p2p + xbzrle compression + parallel migration
+ 93b15ba0-qemu-fix-hang-in-p2p-xbzrle-compression-parallel-mig.patch
+ bsc#1161159
+
+-------------------------------------------------------------------
+Thu Apr 9 22:26:36 UTC 2020 - James Fehlig <jfehlig(a)suse.com>
+
+- api: Disallow virDomainAgentSetResponseTimeout on read-only
+ connections. CVE-2020-10701
+ 4cc90c2e-CVE-2020-10701.patch
+ bsc#1168680
+
+-------------------------------------------------------------------
+Thu Apr 9 22:04:57 UTC 2020 - James Fehlig <jfehlig(a)suse.com>
+
+- libxl: Add support for max event channels with maxEventChannel
+ attribute on the xenbus controller
+ 8e669b38-conf-add-event-channels.patch,
+ a93f55c5-libxl-add-event-channels.patch,
+ 967f4eeb-xenconfig-event-channels.patch
+ bsc#1168767
+
+-------------------------------------------------------------------
+Thu Mar 19 22:59:45 UTC 2020 - James Fehlig <jfehlig(a)suse.com>
+
+- libxl: Bump minimum supported Xen version to 4.9, allowing use
+ of newer libxl APIs for retrieving memory statistics
+ suse-bump-xen-version.patch
+ bsc#1157490, bsc#1167007
+
+-------------------------------------------------------------------
+Tue Mar 17 19:50:01 UTC 2020 - James Fehlig <jfehlig(a)suse.com>
+
+- qemu: Create multipath targets for PRs
+ a30078cb-qemu-create-mp-target.patch,
+ aeb909bf-qemu-multipath-fix.patch
+ bsc#1161883
+
+-------------------------------------------------------------------
+Tue Mar 3 23:22:42 UTC 2020 - James Fehlig <jfehlig(a)suse.com>
+
+- qemu: Allow format probing under special circumstances
+ ae9e6c2a-qemu-allow-cond-format-probe.patch
+ bsc#1165588
+
+-------------------------------------------------------------------
+Wed Feb 5 22:51:48 UTC 2020 - James Fehlig <jfehlig(a)suse.com>
+
+- xen: Fix the list of supported ovmf firmwares
+ suse-xen-ovmf-loaders.patch
+ bsc#1159793
+
+-------------------------------------------------------------------
+Mon Feb 3 18:32:49 UTC 2020 - James Fehlig <jfehlig(a)suse.com>
+
+- lib: Prohibit parallel connections with tunneled migration
+ e092daac-prohib-parallel-tunneled-mig.patch
+ jsc#SLE-6998
+
+-------------------------------------------------------------------
+Mon Feb 3 15:27:17 UTC 2020 - Dominique Leuenberger <dimstar(a)opensuse.org>
+
+- BuildRequire pkgconfig((lib)?udev) instead of (lib)?udev: allow
+ OBS to shortcut through -mini flavors.
+
+-------------------------------------------------------------------
+Thu Jan 30 22:05:24 UTC 2020 - James Fehlig <jfehlig(a)suse.com>
+
+- spec: Fix several rpmlint warnings
+ 72ed254b-drop-exec-perms-bashcompletion.patch
+
+-------------------------------------------------------------------
+Thu Jan 30 00:45:39 UTC 2020 - James Fehlig <jfehlig(a)suse.com>
+
+- xen: Support setting credit2 scheduler parameters
+ 849052ec-libxl-support-credit2.patch
+ bsc#1162160
+
+-------------------------------------------------------------------
++++ 5051 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:Leap:15.2:Update/.libvirt.14632.new.3463/libvirt.changes
New:
----
0001-Extract-stats-functions-from-the-qemu-driver.patch
0001-libxl-add-support-for-BlockResize-API.patch
0002-lxc-implement-connectGetAllDomainStats.patch
004804a7-qemu-invalidate-caps.patch
0254ceab-s390-host-validate-check.patch
22494556-CVE-2020-14339.patch
2a68ceaa-virHostCPUGetSignature-ppc64.patch
2c3ffa37-update-amd-doc.patch
34077c1b-tests-check-e820-host.patch
3d76f4fc-xen-dm-cmdline-config-converter.patch
44f826e4-virHostCPUGetSignature-x86.patch
4b561d49-amd-host-validate-check.patch
4cc90c2e-CVE-2020-10701.patch
50864dcd-CVE-2020-25637.patch
53d9af1e-ignore-devmapper-open-errors.patch
5749395b-libxl-e820-host.patch
657365e7-check-amd-secure-guest.patch
6c1dddaf-libxl-shutdown-inhibit.patch
72ed254b-drop-exec-perms-bashcompletion.patch
849052ec-libxl-support-credit2.patch
8cb9d249-autoptr-file-callback.patch
8e669b38-conf-add-event-channels.patch
93b15ba0-qemu-fix-hang-in-p2p-xbzrle-compression-parallel-mig.patch
9529e007-libxl-passthrough.patch
955029bd-CVE-2020-25637.patch
967f4eeb-xenconfig-event-channels.patch
9bf9e0ae-CVE-2020-12430.patch
9cb8bc6f-xenconfig-refactor-features.patch
a30078cb-qemu-create-mp-target.patch
a551dd5f-intro-virHostCPUGetSignature.patch
a63b48c5-CVE-2020-25637.patch
a93f55c5-libxl-add-event-channels.patch
ae9e6c2a-qemu-allow-cond-format-probe.patch
aeb909bf-qemu-multipath-fix.patch
b0cad42e-xen-dm-cmdline-passthrough.patch
b196f8fc-CVE-2020-15708-doc.patch
b523e225-xenconfig-passthrough.patch
b611b620-check-s390-secure-guest.patch
b7d6648d-conf-add-e820-host.patch
baselibs.conf
bed32525-tests-check-passthrough.patch
c5fffb95-kernel-cmdline-parser.patch
d3d87e0c-virHostCPUGetSignature-s390.patch
de49d5ba-xen-avoid-multiple-dom0.patch
e092daac-prohib-parallel-tunneled-mig.patch
e4116eaa-CVE-2020-25637.patch
ec07aad8-libxl-normalize-mac-addr.patch
f0d0cd61-update-s390-doc.patch
f3ef7daf-xenconfig-e820-host.patch
fadbaa23-conf-add-passthrough.patch
feb8564a-handle-no-devmapper.patch
libvirt-6.0.0.tar.xz
libvirt-6.0.0.tar.xz.asc
libvirt-power8-models.patch
libvirt-rpmlintrc
libvirt-supportconfig
libvirt-suse-netcontrol.patch
libvirt.changes
libvirt.keyring
libvirt.spec
libvirtd-relocation-server.fw
libvirtd-relocation-server.xml
libxl-dom-reset.patch
libxl-set-cach-mode.patch
libxl-set-migration-constraints.patch
libxl-support-block-script.patch
lxc-wait-after-eth-del.patch
network-don-t-use-dhcp-authoritative-on-static-netwo.patch
ppc64le-canonical-name.patch
qemu-apparmor-screenshot.patch
support-managed-pci-xen-driver.patch
suse-apparmor-libnl-paths.patch
suse-bump-xen-version.patch
suse-libvirt-guests-service.patch
suse-libvirtd-disable-tls.patch
suse-libvirtd-sysconfig-settings.patch
suse-libxl-disable-autoballoon.patch
suse-ovmf-paths.patch
suse-qemu-conf.patch
suse-qemu-domain-hook.py
suse-virtlockd-sysconfig-settings.patch
suse-virtlogd-sysconfig-settings.patch
suse-xen-ovmf-loaders.patch
virt-create-rootfs.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libvirt.spec ++++++
++++ 2044 lines (skipped)
++++++ 0001-Extract-stats-functions-from-the-qemu-driver.patch ++++++
>From 6609ed5a377c3beaf8389e870b6851856cee42c7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat(a)suse.com>
Date: Thu, 4 Jan 2018 12:04:07 +0100
Subject: [PATCH 1/3] Extract stats functions from the qemu driver
Some of the qemu functions getting statistics can easily be reused in
other drivers. Create a conf/domain_stats.[ch] pair to host some of
them.
---
src/Makefile.am | 1 +
src/conf/domain_stats.c | 139 +++++++++++++++++++++++++++++++++++++++++
src/conf/domain_stats.h | 64 +++++++++++++++++++
src/libvirt_private.syms | 4 ++
src/qemu/qemu_driver.c | 158 +++--------------------------------------------
src/util/vircgroup.c | 46 ++++++++++++++
src/util/vircgroup.h | 4 ++
7 files changed, 265 insertions(+), 151 deletions(-)
create mode 100644 src/conf/domain_stats.c
create mode 100644 src/conf/domain_stats.h
Index: libvirt-6.0.0/src/conf/domain_stats.c
===================================================================
--- /dev/null
+++ libvirt-6.0.0/src/conf/domain_stats.c
@@ -0,0 +1,119 @@
+/*
+ * domain_stats.c: domain stats extraction helpers
+ *
+ * Copyright (C) 2006-2016 Red Hat, Inc.
+ * Copyright (C) 2006-2008 Daniel P. Berrange
+ * Copyright (c) 2018 SUSE LINUX Products GmbH, Nuernberg, Germany.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * Author: Daniel P. Berrange <berrange(a)redhat.com>
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+
+#include "virlog.h"
+#include "domain_stats.h"
+#include "virtypedparam.h"
+#include "virnetdevtap.h"
+#include "virnetdevopenvswitch.h"
+
+#define VIR_FROM_THIS VIR_FROM_DOMAIN
+
+VIR_LOG_INIT("conf.domain_stats");
+
+int
+virDomainStatsGetState(virDomainObjPtr dom,
+ virTypedParamListPtr params)
+{
+ if (virTypedParamListAddInt(params, dom->state.state, "state.state") < 0)
+ return -1;
+
+ if (virTypedParamListAddInt(params, dom->state.reason, "state.reason") < 0)
+ return -1;
+
+ return 0;
+}
+
+#define STATS_ADD_NET_PARAM(params, num, name, value) \
+ if (value >= 0 && \
+ virTypedParamListAddULLong((params), (value), "net.%zu.%s", (num), (name)) < 0) \
+ return -1;
+
+int
+virDomainStatsGetInterface(virDomainObjPtr dom,
+ virTypedParamListPtr params)
+{
+ size_t i;
+ struct _virDomainInterfaceStats tmp;
+
+ if (!virDomainObjIsActive(dom))
+ return 0;
+
+ if (virTypedParamListAddUInt(params, dom->def->nnets, "net.count") < 0)
+ return -1;
+
+ /* Check the path is one of the domain's network interfaces. */
+ for (i = 0; i < dom->def->nnets; i++) {
+ virDomainNetDefPtr net = dom->def->nets[i];
+ virDomainNetType actualType;
+
+ if (!net->ifname)
+ continue;
+
+ memset(&tmp, 0, sizeof(tmp));
+
+ actualType = virDomainNetGetActualType(net);
+
+ if (virTypedParamListAddString(params, net->ifname, "net.%zu.name", i) < 0)
+ return -1;
+
+ if (actualType == VIR_DOMAIN_NET_TYPE_VHOSTUSER) {
+ if (virNetDevOpenvswitchInterfaceStats(net->ifname, &tmp) < 0) {
+ virResetLastError();
+ continue;
+ }
+ } else {
+ if (virNetDevTapInterfaceStats(net->ifname, &tmp,
+ !virDomainNetTypeSharesHostView(net)) < 0) {
+ virResetLastError();
+ continue;
+ }
+ }
+
+ STATS_ADD_NET_PARAM(params, i,
+ "rx.bytes", tmp.rx_bytes);
+ STATS_ADD_NET_PARAM(params, i,
+ "rx.pkts", tmp.rx_packets);
+ STATS_ADD_NET_PARAM(params, i,
+ "rx.errs", tmp.rx_errs);
+ STATS_ADD_NET_PARAM(params, i,
+ "rx.drop", tmp.rx_drop);
+ STATS_ADD_NET_PARAM(params, i,
+ "tx.bytes", tmp.tx_bytes);
+ STATS_ADD_NET_PARAM(params, i,
+ "tx.pkts", tmp.tx_packets);
+ STATS_ADD_NET_PARAM(params, i,
+ "tx.errs", tmp.tx_errs);
+ STATS_ADD_NET_PARAM(params, i,
+ "tx.drop", tmp.tx_drop);
+ }
+
+ return 0;
+}
+
+#undef STATS_ADD_NET_PARAM
Index: libvirt-6.0.0/src/conf/domain_stats.h
===================================================================
--- /dev/null
+++ libvirt-6.0.0/src/conf/domain_stats.h
@@ -0,0 +1,62 @@
+/*
+ * domain_stats.h: domain stats extraction helpers
+ *
+ * Copyright (C) 2006-2016 Red Hat, Inc.
+ * Copyright (C) 2006-2008 Daniel P. Berrange
+ * Copyright (c) 2018 SUSE LINUX Products GmbH, Nuernberg, Germany.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * Author: Daniel P. Berrange <berrange(a)redhat.com>
+ */
+#ifndef __DOMAIN_STATS_H
+# define __DOMAIN_STATS_H
+
+# include "internal.h"
+# include "domain_conf.h"
+
+
+# define VIR_DOMAIN_STATS_ADD_COUNT_PARAM(record, maxparams, type, count) \
+do { \
+ char param_name[VIR_TYPED_PARAM_FIELD_LENGTH]; \
+ snprintf(param_name, VIR_TYPED_PARAM_FIELD_LENGTH, "%s.count", type); \
+ if (virTypedParamsAddUInt(&(record)->params, \
+ &(record)->nparams, \
+ maxparams, \
+ param_name, \
+ count) < 0) \
+ goto cleanup; \
+} while (0)
+
+# define VIR_DOMAIN_STATS_ADD_NAME_PARAM(record, maxparams, type, subtype, num, name) \
+do { \
+ char param_name[VIR_TYPED_PARAM_FIELD_LENGTH]; \
+ snprintf(param_name, VIR_TYPED_PARAM_FIELD_LENGTH, \
+ "%s.%zu.%s", type, num, subtype); \
+ if (virTypedParamsAddString(&(record)->params, \
+ &(record)->nparams, \
+ maxparams, \
+ param_name, \
+ name) < 0) \
+ goto cleanup; \
+} while (0)
+
+int virDomainStatsGetState(virDomainObjPtr dom,
+ virTypedParamListPtr params);
+
+int virDomainStatsGetInterface(virDomainObjPtr dom,
+ virTypedParamListPtr params);
+
+#endif /* __DOMAIN_STATS_H */
Index: libvirt-6.0.0/src/libvirt_private.syms
===================================================================
--- libvirt-6.0.0.orig/src/libvirt_private.syms
+++ libvirt-6.0.0/src/libvirt_private.syms
@@ -716,6 +716,9 @@ virDomainConfNWFilterInstantiate;
virDomainConfNWFilterTeardown;
virDomainConfVMNWFilterTeardown;
+# conf/domain_stats.h
+virDomainStatsGetInterface;
+virDomainStatsGetState;
# conf/interface_conf.h
virInterfaceDefFormat;
@@ -1693,6 +1696,7 @@ virCgroupGetMemoryUsage;
virCgroupGetMemSwapHardLimit;
virCgroupGetMemSwapUsage;
virCgroupGetPercpuStats;
+virCgroupGetStatsCpu;
virCgroupHasController;
virCgroupHasEmptyTasks;
virCgroupKillPainfully;
Index: libvirt-6.0.0/src/qemu/qemu_driver.c
===================================================================
--- libvirt-6.0.0.orig/src/qemu/qemu_driver.c
+++ libvirt-6.0.0/src/qemu/qemu_driver.c
@@ -67,6 +67,7 @@
#include "virarptable.h"
#include "viruuid.h"
#include "domain_conf.h"
+#include "domain_stats.h"
#include "domain_audit.h"
#include "node_device_conf.h"
#include "virpci.h"
@@ -20584,13 +20585,7 @@ qemuDomainGetStatsState(virQEMUDriverPtr
virTypedParamListPtr params,
unsigned int privflags G_GNUC_UNUSED)
{
- if (virTypedParamListAddInt(params, dom->state.state, "state.state") < 0)
- return -1;
-
- if (virTypedParamListAddInt(params, dom->state.reason, "state.reason") < 0)
- return -1;
-
- return 0;
+ return virDomainStatsGetState(dom, params);
}
@@ -20893,17 +20888,7 @@ qemuDomainGetStatsCpuCgroup(virDomainObj
if (!priv->cgroup)
return 0;
- err = virCgroupGetCpuacctUsage(priv->cgroup, &cpu_time);
- if (!err && virTypedParamListAddULLong(params, cpu_time, "cpu.time") < 0)
- return -1;
-
- err = virCgroupGetCpuacctStat(priv->cgroup, &user_time, &sys_time);
- if (!err && virTypedParamListAddULLong(params, user_time, "cpu.user") < 0)
- return -1;
- if (!err && virTypedParamListAddULLong(params, sys_time, "cpu.system") < 0)
- return -1;
-
- return 0;
+ return virCgroupGetStatsCpu(priv->cgroup, params);
}
@@ -21071,76 +21056,15 @@ qemuDomainGetStatsVcpu(virQEMUDriverPtr
return ret;
}
-#define QEMU_ADD_NET_PARAM(params, num, name, value) \
- if (value >= 0 && \
- virTypedParamListAddULLong((params), (value), "net.%zu.%s", (num), (name)) < 0) \
- return -1;
-
static int
qemuDomainGetStatsInterface(virQEMUDriverPtr driver G_GNUC_UNUSED,
virDomainObjPtr dom,
virTypedParamListPtr params,
unsigned int privflags G_GNUC_UNUSED)
{
- size_t i;
- struct _virDomainInterfaceStats tmp;
-
- if (!virDomainObjIsActive(dom))
- return 0;
-
- if (virTypedParamListAddUInt(params, dom->def->nnets, "net.count") < 0)
- return -1;
-
- /* Check the path is one of the domain's network interfaces. */
- for (i = 0; i < dom->def->nnets; i++) {
- virDomainNetDefPtr net = dom->def->nets[i];
- virDomainNetType actualType;
-
- if (!net->ifname)
- continue;
-
- memset(&tmp, 0, sizeof(tmp));
-
- actualType = virDomainNetGetActualType(net);
-
- if (virTypedParamListAddString(params, net->ifname, "net.%zu.name", i) < 0)
- return -1;
-
- if (actualType == VIR_DOMAIN_NET_TYPE_VHOSTUSER) {
- if (virNetDevOpenvswitchInterfaceStats(net->ifname, &tmp) < 0) {
- virResetLastError();
- continue;
- }
- } else {
- if (virNetDevTapInterfaceStats(net->ifname, &tmp,
- !virDomainNetTypeSharesHostView(net)) < 0) {
- virResetLastError();
- continue;
- }
- }
-
- QEMU_ADD_NET_PARAM(params, i,
- "rx.bytes", tmp.rx_bytes);
- QEMU_ADD_NET_PARAM(params, i,
- "rx.pkts", tmp.rx_packets);
- QEMU_ADD_NET_PARAM(params, i,
- "rx.errs", tmp.rx_errs);
- QEMU_ADD_NET_PARAM(params, i,
- "rx.drop", tmp.rx_drop);
- QEMU_ADD_NET_PARAM(params, i,
- "tx.bytes", tmp.tx_bytes);
- QEMU_ADD_NET_PARAM(params, i,
- "tx.pkts", tmp.tx_packets);
- QEMU_ADD_NET_PARAM(params, i,
- "tx.errs", tmp.tx_errs);
- QEMU_ADD_NET_PARAM(params, i,
- "tx.drop", tmp.tx_drop);
- }
-
- return 0;
+ return virDomainStatsGetInterface(dom,params);
}
-#undef QEMU_ADD_NET_PARAM
/* refresh information by opening images on the disk */
static int
Index: libvirt-6.0.0/src/util/vircgroup.c
===================================================================
--- libvirt-6.0.0.orig/src/util/vircgroup.c
+++ libvirt-6.0.0/src/util/vircgroup.c
@@ -2773,6 +2773,31 @@ virCgroupControllerAvailable(int control
return ret;
}
+int
+virCgroupGetStatsCpu(virCgroupPtr cgroup,
+ virTypedParamListPtr params)
+{
+ unsigned long long cpu_time = 0;
+ unsigned long long user_time = 0;
+ unsigned long long sys_time = 0;
+ int err = 0;
+
+ if (!cgroup)
+ return 0;
+
+ err = virCgroupGetCpuacctUsage(cgroup, &cpu_time);
+ if (!err && virTypedParamListAddULLong(params, cpu_time, "cpu.time") < 0)
+ return -1;
+
+ err = virCgroupGetCpuacctStat(cgroup, &user_time, &sys_time);
+ if (!err && virTypedParamListAddULLong(params, user_time, "cpu.user") < 0)
+ return -1;
+ if (!err && virTypedParamListAddULLong(params, sys_time, "cpu.system") < 0)
+ return -1;
+
+ return 0;
+}
+
#else /* !__linux__ */
bool
@@ -2782,6 +2807,14 @@ virCgroupAvailable(void)
}
+int
+virCgroupGetStatsCpu(virCgroupPtr cgroup,
+ virTypedParamListPtr params)
+{
+ return 0;
+}
+
+
int
virCgroupNewPartition(const char *path G_GNUC_UNUSED,
bool create G_GNUC_UNUSED,
Index: libvirt-6.0.0/src/util/vircgroup.h
===================================================================
--- libvirt-6.0.0.orig/src/util/vircgroup.h
+++ libvirt-6.0.0/src/util/vircgroup.h
@@ -24,6 +24,7 @@
#include "virutil.h"
#include "virbitmap.h"
#include "virenum.h"
+#include "virtypedparam.h"
struct _virCgroup;
typedef struct _virCgroup virCgroup;
@@ -285,3 +286,6 @@ int virCgroupSetOwner(virCgroupPtr cgrou
int virCgroupHasEmptyTasks(virCgroupPtr cgroup, int controller);
bool virCgroupControllerAvailable(int controller);
+
+int virCgroupGetStatsCpu(virCgroupPtr cgroup,
+ virTypedParamListPtr params);
Index: libvirt-6.0.0/src/conf/Makefile.inc.am
===================================================================
--- libvirt-6.0.0.orig/src/conf/Makefile.inc.am
+++ libvirt-6.0.0/src/conf/Makefile.inc.am
@@ -28,6 +28,8 @@ DOMAIN_CONF_SOURCES = \
conf/domain_audit.h \
conf/domain_nwfilter.c \
conf/domain_nwfilter.h \
+ conf/domain_stats.c \
+ conf/domain_stats.h \
conf/virsavecookie.c \
conf/virsavecookie.h \
conf/moment_conf.c \
++++++ 0001-libxl-add-support-for-BlockResize-API.patch ++++++
>From 661298572a5499ccfafcd36d30d66d091a5be9b6 Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig(a)suse.com>
Date: Fri, 23 Mar 2018 17:41:51 -0600
Subject: [PATCH] libxl: add support for BlockResize API
Add support in the libxl driver for the BlockResize API. Use libxl's
libxl_qemu_monitor_command API to issue the block_resize command to qemu.
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
Note: In its current form, this patch is not upstream material IMO. It uses
the unsupported libxl_qemu_monitor_command() API. Before it can be considered
upstream, we need an upstream solution in qemu and Xen. Bruce will work on
the qemu part. Once done we can consider how to do the Xen part. And only
after we have a supported blockresize API in Xen (libxl) can we consider
reworking this patch and submitting it to upstream libvirt.
---
src/libxl/libxl_driver.c | 91 ++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 91 insertions(+)
Index: libvirt-6.0.0/src/libxl/libxl_driver.c
===================================================================
--- libvirt-6.0.0.orig/src/libxl/libxl_driver.c
+++ libvirt-6.0.0/src/libxl/libxl_driver.c
@@ -5323,6 +5323,96 @@ libxlDomainMemoryStats(virDomainPtr dom,
#undef LIBXL_SET_MEMSTAT
+/**
+ * Resize a block device while a guest is running. Resize to a lower size
+ * is supported, but should be used with extreme caution. Note that it
+ * only supports to resize image files, it can't resize block devices
+ * like LVM volumes.
+ */
+static int
+libxlDomainBlockResize(virDomainPtr dom,
+ const char *path,
+ unsigned long long size,
+ unsigned int flags)
+{
+ libxlDriverPrivatePtr driver = dom->conn->privateData;
+ libxlDriverConfigPtr cfg;
+ virDomainObjPtr vm;
+ int ret = -1;
+ virDomainDiskDefPtr disk = NULL;
+ char *moncmd = NULL;
+ char *monreply = NULL;
+
+ virCheckFlags(VIR_DOMAIN_BLOCK_RESIZE_BYTES, -1);
+
+ if (path[0] == '\0') {
+ virReportError(VIR_ERR_INVALID_ARG,
+ "%s", _("empty path"));
+ return -1;
+ }
+
+ /* We prefer operating on bytes. */
+ if ((flags & VIR_DOMAIN_BLOCK_RESIZE_BYTES) == 0) {
+ if (size > ULLONG_MAX / 1024) {
+ virReportError(VIR_ERR_OVERFLOW,
+ _("size must be less than %llu"),
+ ULLONG_MAX / 1024);
+ return -1;
+ }
+ size *= 1024;
+ }
+
+ cfg = libxlDriverConfigGet(driver);
+ if (!(vm = libxlDomObjFromDomain(dom)))
+ goto cleanup;
+
+ if (virDomainBlockResizeEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
+ if (libxlDomainObjBeginJob(driver, vm, LIBXL_JOB_MODIFY) < 0)
+ goto cleanup;
+
+ if (!virDomainObjIsActive(vm)) {
+ virReportError(VIR_ERR_OPERATION_INVALID,
+ "%s", _("domain is not running"));
+ goto endjob;
+ }
+
+ if (!(disk = virDomainDiskByName(vm->def, path, false))) {
+ virReportError(VIR_ERR_INVALID_ARG,
+ _("invalid path: %s"), path);
+ goto endjob;
+ }
+
+ /* qcow2 and qed must be sized on 512 byte blocks/sectors,
+ * so adjust size if necessary to round up.
+ */
+ if (disk->src->format == VIR_STORAGE_FILE_QCOW2 ||
+ disk->src->format == VIR_STORAGE_FILE_QED)
+ size = VIR_ROUND_UP(size, 512);
+
+ moncmd = g_strdup_printf("block_resize %s %lluB", disk->dst, size);
+
+ if (libxl_qemu_monitor_command(cfg->ctx, vm->def->id, moncmd, &monreply) != 0) {
+ virReportError(VIR_ERR_OPERATION_FAILED,
+ _("block_resize command failed for device '%s' on domain '%d'"),
+ disk->dst, vm->def->id);
+ goto endjob;
+ }
+
+ ret = 0;
+
+ endjob:
+ libxlDomainObjEndJob(driver, vm);
+
+ cleanup:
+ VIR_FREE(moncmd);
+ VIR_FREE(monreply);
+ virDomainObjEndAPI(&vm);
+ virObjectUnref(cfg);
+ return ret;
+}
+
static int
libxlDomainGetJobInfo(virDomainPtr dom,
virDomainJobInfoPtr info)
@@ -6741,6 +6831,7 @@ static virHypervisorDriver libxlHypervis
#endif
.nodeGetFreeMemory = libxlNodeGetFreeMemory, /* 0.9.0 */
.nodeGetCellsFreeMemory = libxlNodeGetCellsFreeMemory, /* 1.1.1 */
+ .domainBlockResize = libxlDomainBlockResize, /* 4.2.0 */
.domainGetJobInfo = libxlDomainGetJobInfo, /* 1.3.1 */
.domainGetJobStats = libxlDomainGetJobStats, /* 1.3.1 */
.domainMemoryStats = libxlDomainMemoryStats, /* 1.3.0 */
++++++ 0002-lxc-implement-connectGetAllDomainStats.patch ++++++
>From 1a2be7098cf5acfd893153abb52b65e69631dcec Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat(a)suse.com>
Date: Tue, 2 Jan 2018 14:44:39 +0100
Subject: [PATCH 2/3] lxc: implement connectGetAllDomainStats
LXC containers can also provide some statistics. Allow users to fetch
them using the existing API.
---
src/lxc/lxc_driver.c | 138 +++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 138 insertions(+)
Index: libvirt-6.0.0/src/lxc/lxc_driver.c
===================================================================
--- libvirt-6.0.0.orig/src/lxc/lxc_driver.c
+++ libvirt-6.0.0/src/lxc/lxc_driver.c
@@ -75,6 +75,7 @@
#include "viraccessapichecklxc.h"
#include "virhostdev.h"
#include "netdev_bandwidth_conf.h"
+#include "domain_stats.h"
#define VIR_FROM_THIS VIR_FROM_LXC
@@ -5351,6 +5352,135 @@ lxcDomainHasManagedSaveImage(virDomainPt
return ret;
}
+static int
+lxcDomainGetStatsCpu(virDomainObjPtr dom,
+ virTypedParamListPtr params)
+{
+ virLXCDomainObjPrivatePtr priv = dom->privateData;
+ return virCgroupGetStatsCpu(priv->cgroup, params);
+}
+
+typedef int
+(*lxcDomainGetStatsFunc)(virDomainObjPtr dom,
+ virTypedParamListPtr params);
+
+
+struct lxcDomainGetStatsWorker {
+ lxcDomainGetStatsFunc func;
+ unsigned int stats;
+};
+
+static struct lxcDomainGetStatsWorker lxcDomainGetStatsWorkers[] = {
+ { virDomainStatsGetState, VIR_DOMAIN_STATS_STATE },
+ { lxcDomainGetStatsCpu, VIR_DOMAIN_STATS_CPU_TOTAL },
+ { virDomainStatsGetInterface, VIR_DOMAIN_STATS_INTERFACE },
+ { NULL, 0 }
+};
+
+static int
+lxcDomainGetStats(virConnectPtr conn,
+ virDomainObjPtr dom,
+ unsigned int stats,
+ virDomainStatsRecordPtr *record)
+{
+ g_autofree virDomainStatsRecordPtr tmp = NULL;
+ g_autoptr(virTypedParamList) params = NULL;
+ size_t i;
+
+ if (VIR_ALLOC(params) < 0)
+ return -1;
+
+ for (i = 0; lxcDomainGetStatsWorkers[i].func; i++) {
+ if (stats & lxcDomainGetStatsWorkers[i].stats) {
+ if (lxcDomainGetStatsWorkers[i].func(dom, params) < 0)
+ return -1;
+ }
+ }
+
+ if (VIR_ALLOC(tmp) < 0)
+ return -1;
+
+ if (!(tmp->dom = virGetDomain(conn, dom->def->name,
+ dom->def->uuid, dom->def->id)))
+ return -1;
+
+ tmp->nparams = virTypedParamListStealParams(params, &tmp->params);
+ *record = g_steal_pointer(&tmp);
+ return 0;
+}
+
+static int
+lxcConnectGetAllDomainStats(virConnectPtr conn,
+ virDomainPtr *doms,
+ unsigned int ndoms,
+ unsigned int stats,
+ virDomainStatsRecordPtr **retStats,
+ unsigned int flags)
+{
+ virLXCDriverPtr driver = conn->privateData;
+ virDomainObjPtr *vms = NULL;
+ virDomainObjPtr vm;
+ size_t nvms;
+ virDomainStatsRecordPtr *tmpstats = NULL;
+ int nstats = 0;
+ size_t i;
+ int ret = -1;
+ unsigned int lflags = flags & (VIR_CONNECT_LIST_DOMAINS_FILTERS_ACTIVE |
+ VIR_CONNECT_LIST_DOMAINS_FILTERS_PERSISTENT |
+ VIR_CONNECT_LIST_DOMAINS_FILTERS_STATE);
+
+ virCheckFlags(VIR_CONNECT_LIST_DOMAINS_FILTERS_ACTIVE |
+ VIR_CONNECT_LIST_DOMAINS_FILTERS_PERSISTENT |
+ VIR_CONNECT_LIST_DOMAINS_FILTERS_STATE, -1);
+
+ if (virConnectGetAllDomainStatsEnsureACL(conn) < 0)
+ return -1;
+
+ /* TODO Check stats support */
+
+ if (ndoms) {
+ if (virDomainObjListConvert(driver->domains, conn, doms, ndoms, &vms,
+ &nvms, virConnectGetAllDomainStatsCheckACL,
+ lflags, true) < 0)
+ return -1;
+ } else {
+ if (virDomainObjListCollect(driver->domains, conn, &vms, &nvms,
+ virConnectGetAllDomainStatsCheckACL,
+ lflags) < 0)
+ return -1;
+ }
+
+ if (VIR_ALLOC_N(tmpstats, nvms + 1) < 0)
+ return -1;
+
+ for (i = 0; i < nvms; i++) {
+ virDomainStatsRecordPtr tmp = NULL;
+ vm = vms[i];
+
+ virObjectLock(vm);
+
+ if (lxcDomainGetStats(conn, vm, stats, &tmp) < 0) {
+ virObjectUnlock(vm);
+ goto cleanup;
+ }
+
+ if (tmp)
+ tmpstats[nstats++] = tmp;
+
+ virObjectUnlock(vm);
+ }
+
+ *retStats = tmpstats;
+ tmpstats = NULL;
+
+ ret = nstats;
+
+ cleanup:
+ virDomainStatsRecordListFree(tmpstats);
+ virObjectListFreeCount(vms, nvms);
+
+ return ret;
+}
/* Function Tables */
static virHypervisorDriver lxcHypervisorDriver = {
@@ -5446,6 +5576,7 @@ static virHypervisorDriver lxcHypervisor
.nodeGetFreePages = lxcNodeGetFreePages, /* 1.2.6 */
.nodeAllocPages = lxcNodeAllocPages, /* 1.2.9 */
.domainHasManagedSaveImage = lxcDomainHasManagedSaveImage, /* 1.2.13 */
+ .connectGetAllDomainStats = lxcConnectGetAllDomainStats, /* 3.11.0 */
};
static virConnectDriver lxcConnectDriver = {
++++++ 004804a7-qemu-invalidate-caps.patch ++++++
commit 004804a7d77d0b63ce2f5fcb8499c94b77a5ef5c
Author: Jiri Denemark <jdenemar(a)redhat.com>
Date: Fri May 15 22:00:29 2020 +0200
qemu: Invalidate capabilities when host CPU changes
The host CPU related info stored in the capabilities cache is no longer
valid after the host CPU changes. This is not a frequent situation in
real world, but it can easily happen in nested scenarios when a disk
image is started with various CPUs.
https://bugzilla.redhat.com/show_bug.cgi?id=1778819
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
Reviewed-by: Ján Tomko <jtomko(a)redhat.com>
Index: libvirt-6.0.0/src/qemu/qemu_capabilities.c
===================================================================
--- libvirt-6.0.0.orig/src/qemu/qemu_capabilities.c
+++ libvirt-6.0.0/src/qemu/qemu_capabilities.c
@@ -622,6 +622,7 @@ struct _virQEMUCaps {
unsigned int kvmVersion;
unsigned int libvirtVersion;
unsigned int microcodeVersion;
+ char *hostCPUSignature;
char *package;
char *kernelVersion;
@@ -1780,6 +1781,7 @@ virQEMUCapsPtr virQEMUCapsNewCopy(virQEM
ret->version = qemuCaps->version;
ret->kvmVersion = qemuCaps->kvmVersion;
ret->microcodeVersion = qemuCaps->microcodeVersion;
+ ret->hostCPUSignature = g_strdup(qemuCaps->hostCPUSignature);
ret->package = g_strdup(qemuCaps->package);
ret->kernelVersion = g_strdup(qemuCaps->kernelVersion);
@@ -1836,6 +1838,7 @@ void virQEMUCapsDispose(void *obj)
VIR_FREE(qemuCaps->package);
VIR_FREE(qemuCaps->kernelVersion);
VIR_FREE(qemuCaps->binary);
+ VIR_FREE(qemuCaps->hostCPUSignature);
VIR_FREE(qemuCaps->gicCapabilities);
@@ -3798,6 +3801,7 @@ struct _virQEMUCapsCachePriv {
virArch hostArch;
unsigned int microcodeVersion;
char *kernelVersion;
+ char *hostCPUSignature;
/* cache whether /dev/kvm is usable as runUid:runGuid */
virTristateBool kvmUsable;
@@ -3814,6 +3818,7 @@ virQEMUCapsCachePrivFree(void *privData)
VIR_FREE(priv->libDir);
VIR_FREE(priv->kernelVersion);
+ VIR_FREE(priv->hostCPUSignature);
VIR_FREE(priv);
}
@@ -3991,6 +3996,8 @@ virQEMUCapsLoadCache(virArch hostArch,
goto cleanup;
}
+ qemuCaps->hostCPUSignature = virXPathString("string(./hostCPUSignature)", ctxt);
+
if (virXPathBoolean("boolean(./package)", ctxt) > 0) {
qemuCaps->package = virXPathString("string(./package)", ctxt);
if (!qemuCaps->package)
@@ -4294,6 +4301,8 @@ virQEMUCapsFormatCache(virQEMUCapsPtr qe
virBufferAsprintf(&buf, "<microcodeVersion>%u</microcodeVersion>\n",
qemuCaps->microcodeVersion);
+ virBufferEscapeString(&buf, "<hostCPUSignature>%s</hostCPUSignature>\n",
+ qemuCaps->hostCPUSignature);
if (qemuCaps->package)
virBufferAsprintf(&buf, "<package>%s</package>\n",
@@ -4595,6 +4604,15 @@ virQEMUCapsIsValid(void *data,
}
if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_KVM)) {
+ if (STRNEQ_NULLABLE(priv->hostCPUSignature, qemuCaps->hostCPUSignature)) {
+ VIR_DEBUG("Outdated capabilities for '%s': host CPU changed "
+ "('%s' vs '%s')",
+ qemuCaps->binary,
+ priv->hostCPUSignature,
+ qemuCaps->hostCPUSignature);
+ return false;
+ }
+
if (priv->microcodeVersion != qemuCaps->microcodeVersion) {
VIR_DEBUG("Outdated capabilities for '%s': microcode version "
"changed (%u vs %u)",
@@ -5051,6 +5069,7 @@ virQEMUCapsNewForBinaryInternal(virArch
const char *libDir,
uid_t runUid,
gid_t runGid,
+ const char *hostCPUSignature,
unsigned int microcodeVersion,
const char *kernelVersion)
{
@@ -5089,6 +5108,7 @@ virQEMUCapsNewForBinaryInternal(virArch
virQEMUCapsInitHostCPUModel(qemuCaps, hostArch, VIR_DOMAIN_VIRT_QEMU);
if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_KVM)) {
+ qemuCaps->hostCPUSignature = g_strdup(hostCPUSignature);
qemuCaps->microcodeVersion = microcodeVersion;
qemuCaps->kernelVersion = g_strdup(kernelVersion);
@@ -5116,6 +5136,7 @@ virQEMUCapsNewData(const char *binary,
priv->libDir,
priv->runUid,
priv->runGid,
+ priv->hostCPUSignature,
virHostCPUGetMicrocodeVersion(),
priv->kernelVersion);
}
@@ -5215,6 +5236,9 @@ virQEMUCapsCacheNew(const char *libDir,
priv->hostArch = virArchFromHost();
+ if (virHostCPUGetSignature(&priv->hostCPUSignature) < 0)
+ goto error;
+
priv->runUid = runUid;
priv->runGid = runGid;
priv->kvmUsable = VIR_TRISTATE_BOOL_ABSENT;
Index: libvirt-6.0.0/src/qemu/qemu_capspriv.h
===================================================================
--- libvirt-6.0.0.orig/src/qemu/qemu_capspriv.h
+++ libvirt-6.0.0/src/qemu/qemu_capspriv.h
@@ -33,6 +33,7 @@ virQEMUCapsNewForBinaryInternal(virArch
const char *libDir,
uid_t runUid,
gid_t runGid,
+ const char *hostCPUSignature,
unsigned int microcodeVersion,
const char *kernelVersion);
Index: libvirt-6.0.0/tests/qemucapsprobe.c
===================================================================
--- libvirt-6.0.0.orig/tests/qemucapsprobe.c
+++ libvirt-6.0.0/tests/qemucapsprobe.c
@@ -75,7 +75,7 @@ main(int argc, char **argv)
return EXIT_FAILURE;
if (!(caps = virQEMUCapsNewForBinaryInternal(VIR_ARCH_NONE, argv[1], "/tmp",
- -1, -1, 0, NULL)))
+ -1, -1, NULL, 0, NULL)))
return EXIT_FAILURE;
virObjectUnref(caps);
++++++ 0254ceab-s390-host-validate-check.patch ++++++
commit 0254ceab82f5e1f7b505730586d8c8337ecc5920
Author: Boris Fiuczynski <fiuczy(a)linux.ibm.com>
Date: Mon Jun 15 10:28:09 2020 +0200
tools: Secure guest check on s390 in virt-host-validate
Add checking in virt-host-validate for secure guest support
on s390 for IBM Secure Execution.
Signed-off-by: Boris Fiuczynski <fiuczy(a)linux.ibm.com>
Tested-by: Viktor Mihajlovski <mihajlov(a)linux.ibm.com>
Reviewed-by: Paulo de Rezende Pinatti <ppinatti(a)linux.ibm.com>
Reviewed-by: Bjoern Walk <bwalk(a)linux.ibm.com>
Reviewed-by: Erik Skultety <eskultet(a)redhat.com>
Index: libvirt-6.0.0/tools/virt-host-validate-common.c
===================================================================
--- libvirt-6.0.0.orig/tools/virt-host-validate-common.c
+++ libvirt-6.0.0/tools/virt-host-validate-common.c
@@ -39,7 +39,8 @@ VIR_ENUM_IMPL(virHostValidateCPUFlag,
VIR_HOST_VALIDATE_CPU_FLAG_LAST,
"vmx",
"svm",
- "sie");
+ "sie",
+ "158");
static bool quiet;
@@ -209,7 +210,8 @@ virBitmapPtr virHostValidateGetCPUFlags(
* on the architecture, so check possible prefixes */
if (!STRPREFIX(line, "flags") &&
!STRPREFIX(line, "Features") &&
- !STRPREFIX(line, "features"))
+ !STRPREFIX(line, "features") &&
+ !STRPREFIX(line, "facilities"))
continue;
/* fgets() includes the trailing newline in the output buffer,
@@ -411,3 +413,61 @@ int virHostValidateIOMMU(const char *hvn
virHostMsgPass();
return 0;
}
+
+
+int virHostValidateSecureGuests(const char *hvname,
+ virHostValidateLevel level)
+{
+ virBitmapPtr flags;
+ bool hasFac158 = false;
+ virArch arch = virArchFromHost();
+ g_autofree char *cmdline = NULL;
+ static const char *kIBMValues[] = {"y", "Y", "on", "ON", "oN", "On", "1"};
+
+ flags = virHostValidateGetCPUFlags();
+
+ if (flags && virBitmapIsBitSet(flags, VIR_HOST_VALIDATE_CPU_FLAG_FACILITY_158))
+ hasFac158 = true;
+
+ virBitmapFree(flags);
+
+ virHostMsgCheck(hvname, "%s", _("for secure guest support"));
+ if (ARCH_IS_S390(arch)) {
+ if (hasFac158) {
+ if (!virFileIsDir("/sys/firmware/uv")) {
+ virHostMsgFail(level, "IBM Secure Execution not supported by "
+ "the currently used kernel");
+ return 0;
+ }
+
+ if (virFileReadValueString(&cmdline, "/proc/cmdline") < 0)
+ return -1;
+
+ /* we're prefix matching rather than equality matching here, because
+ * kernel would treat even something like prot_virt='yFOO' as
+ * enabled
+ */
+ if (virKernelCmdlineMatchParam(cmdline, "prot_virt", kIBMValues,
+ G_N_ELEMENTS(kIBMValues),
+ VIR_KERNEL_CMDLINE_FLAGS_SEARCH_FIRST |
+ VIR_KERNEL_CMDLINE_FLAGS_CMP_PREFIX)) {
+ virHostMsgPass();
+ return 1;
+ } else {
+ virHostMsgFail(level,
+ "IBM Secure Execution appears to be disabled "
+ "in kernel. Add prot_virt=1 to kernel cmdline "
+ "arguments");
+ }
+ } else {
+ virHostMsgFail(level, "Hardware or firmware does not provide "
+ "support for IBM Secure Execution");
+ }
+ } else {
+ virHostMsgFail(level,
+ "Unknown if this platform has Secure Guest support");
+ return -1;
+ }
+
+ return 0;
+}
Index: libvirt-6.0.0/tools/virt-host-validate-common.h
===================================================================
--- libvirt-6.0.0.orig/tools/virt-host-validate-common.h
+++ libvirt-6.0.0/tools/virt-host-validate-common.h
@@ -38,6 +38,7 @@ typedef enum {
VIR_HOST_VALIDATE_CPU_FLAG_VMX = 0,
VIR_HOST_VALIDATE_CPU_FLAG_SVM,
VIR_HOST_VALIDATE_CPU_FLAG_SIE,
+ VIR_HOST_VALIDATE_CPU_FLAG_FACILITY_158,
VIR_HOST_VALIDATE_CPU_FLAG_LAST,
} virHostValidateCPUFlag;
@@ -83,3 +84,6 @@ int virHostValidateCGroupControllers(con
int virHostValidateIOMMU(const char *hvname,
virHostValidateLevel level);
+
+int virHostValidateSecureGuests(const char *hvname,
+ virHostValidateLevel level);
Index: libvirt-6.0.0/tools/virt-host-validate-qemu.c
===================================================================
--- libvirt-6.0.0.orig/tools/virt-host-validate-qemu.c
+++ libvirt-6.0.0/tools/virt-host-validate-qemu.c
@@ -112,5 +112,9 @@ int virHostValidateQEMU(void)
VIR_HOST_VALIDATE_WARN) < 0)
ret = -1;
+ if (virHostValidateSecureGuests("QEMU",
+ VIR_HOST_VALIDATE_WARN) < 0)
+ ret = -1;
+
return ret;
}
++++++ 22494556-CVE-2020-14339.patch ++++++
commit 22494556542c676d1b9e7f1c1f2ea13ac17e1e3e
Author: Michal Prívozník <mprivozn(a)redhat.com>
Date: Thu Jul 23 16:02:00 2020 +0200
virdevmapper: Don't use libdevmapper to obtain dependencies
CVE-2020-14339
When building domain's private /dev in a namespace, libdevmapper
is consulted for getting full dependency tree of domain's disks.
The reason is that for a multipath devices all dependent devices
must be created in the namespace and allowed in CGroups.
However, this approach is very fragile as building of namespace
happens in the forked off child process, after mass close of FDs
and just before dropping privileges and execing QEMU. And it so
happens that when calling libdevmapper APIs, one of them opens
/dev/mapper/control and saves the FD into a global variable. The
FD is kept open until the lib is unlinked or dm_lib_release() is
called explicitly. We are doing neither.
However, the virDevMapperGetTargets() function is called also
from libvirtd (when setting up CGroups) and thus has to be thread
safe. Unfortunately, libdevmapper APIs are not thread safe (nor
async signal safe) and thus we can't use them. Reimplement what
libdevmapper would do using plain C (ioctl()-s, /proc/devices
parsing, /dev/mapper dirwalking, and so on).
Fixes: a30078cb832646177defd256e77c632905f1e6d0
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1858260
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange(a)redhat.com>
Index: libvirt-6.0.0/po/POTFILES.in
===================================================================
--- libvirt-6.0.0.orig/po/POTFILES.in
+++ libvirt-6.0.0/po/POTFILES.in
@@ -236,6 +236,7 @@
@SRCDIR@/src/util/virconf.c
@SRCDIR@/src/util/vircrypto.c
@SRCDIR@/src/util/virdbus.c
+@SRCDIR@/src/util/virdevmapper.c
@SRCDIR@/src/util/virdnsmasq.c
@SRCDIR@/src/util/virerror.c
@SRCDIR@/src/util/virerror.h
Index: libvirt-6.0.0/src/util/virdevmapper.c
===================================================================
--- libvirt-6.0.0.orig/src/util/virdevmapper.c
+++ libvirt-6.0.0/src/util/virdevmapper.c
@@ -20,40 +20,67 @@
#include <config.h>
-#ifdef MAJOR_IN_MKDEV
-# include <sys/mkdev.h>
-#elif MAJOR_IN_SYSMACROS
+#include "virdevmapper.h"
+#include "internal.h"
+
+#ifdef __linux__
# include <sys/sysmacros.h>
-#endif
+# include <linux/dm-ioctl.h>
+# include <sys/ioctl.h>
+# include <sys/types.h>
+# include <sys/stat.h>
+# include <fcntl.h>
+
+# include "virthread.h"
+# include "viralloc.h"
+# include "virstring.h"
+# include "virfile.h"
+
+# define VIR_FROM_THIS VIR_FROM_STORAGE
+
+# define PROC_DEVICES "/proc/devices"
+# define DM_NAME "device-mapper"
+# define DEV_DM_DIR "/dev/" DM_DIR
+# define CONTROL_PATH DEV_DM_DIR "/" DM_CONTROL_NODE
+# define BUF_SIZE (16 * 1024)
-#ifdef WITH_DEVMAPPER
-# include <libdevmapper.h>
-#endif
+G_STATIC_ASSERT(BUF_SIZE > sizeof(struct dm_ioctl));
+
+static unsigned int virDMMajor;
-#include "virdevmapper.h"
-#include "internal.h"
-#include "virthread.h"
-#include "viralloc.h"
-#include "virstring.h"
-
-#ifdef WITH_DEVMAPPER
-static void
-virDevMapperDummyLogger(int level G_GNUC_UNUSED,
- const char *file G_GNUC_UNUSED,
- int line G_GNUC_UNUSED,
- int dm_errno G_GNUC_UNUSED,
- const char *fmt G_GNUC_UNUSED,
- ...)
-{
- return;
-}
static int
virDevMapperOnceInit(void)
{
- /* Ideally, we would not need this. But libdevmapper prints
- * error messages to stderr by default. Sad but true. */
- dm_log_with_errno_init(virDevMapperDummyLogger);
+ g_autofree char *buf = NULL;
+ VIR_AUTOSTRINGLIST lines = NULL;
+ size_t i;
+
+ if (virFileReadAll(PROC_DEVICES, BUF_SIZE, &buf) < 0)
+ return -1;
+
+ lines = virStringSplit(buf, "\n", 0);
+ if (!lines)
+ return -1;
+
+ for (i = 0; lines[i]; i++) {
+ g_autofree char *dev = NULL;
+ unsigned int maj;
+
+ if (sscanf(lines[i], "%u %ms\n", &maj, &dev) == 2 &&
+ STREQ(dev, DM_NAME)) {
+ virDMMajor = maj;
+ break;
+ }
+ }
+
+ if (!lines[i]) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Unable to find major for %s"),
+ DM_NAME);
+ return -1;
+ }
+
return 0;
}
@@ -61,82 +88,182 @@ virDevMapperOnceInit(void)
VIR_ONCE_GLOBAL_INIT(virDevMapper);
+static void *
+virDMIoctl(int controlFD, int cmd, struct dm_ioctl *dm, char **buf)
+{
+ size_t bufsize = BUF_SIZE;
+
+ reread:
+ *buf = g_new0(char, bufsize);
+
+ dm->version[0] = DM_VERSION_MAJOR;
+ dm->version[1] = 0;
+ dm->version[2] = 0;
+ dm->data_size = bufsize;
+ dm->data_start = sizeof(struct dm_ioctl);
+
+ memcpy(*buf, dm, sizeof(struct dm_ioctl));
+
+ if (ioctl(controlFD, cmd, *buf) < 0) {
+ VIR_FREE(*buf);
+ return NULL;
+ }
+
+ memcpy(dm, *buf, sizeof(struct dm_ioctl));
+
+ if (dm->flags & DM_BUFFER_FULL_FLAG) {
+ bufsize += BUF_SIZE;
+ VIR_FREE(*buf);
+ goto reread;
+ }
+
+ return *buf + dm->data_start;
+}
+
+
static int
-virDevMapperGetTargetsImpl(const char *path,
+virDMOpen(void)
+{
+ VIR_AUTOCLOSE controlFD = -1;
+ struct dm_ioctl dm;
+ g_autofree char *tmp = NULL;
+ int ret;
+
+ memset(&dm, 0, sizeof(dm));
+
+ if ((controlFD = open(CONTROL_PATH, O_RDWR)) < 0)
+ return -1;
+
+ if (!virDMIoctl(controlFD, DM_VERSION, &dm, &tmp)) {
+ virReportSystemError(errno, "%s",
+ _("Unable to get device-mapper version"));
+ return -1;
+ }
+
+ if (dm.version[0] != DM_VERSION_MAJOR) {
+ virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
+ _("Unsupported device-mapper version. Expected %d got %d"),
+ DM_VERSION_MAJOR, dm.version[0]);
+ return -1;
+ }
+
+ ret = controlFD;
+ controlFD = -1;
+ return ret;
+}
+
+
+static char *
+virDMSanitizepath(const char *path)
+{
+ g_autofree char *dmDirPath = NULL;
+ struct dirent *ent = NULL;
+ struct stat sb[2];
+ DIR *dh = NULL;
+ const char *p;
+ char *ret = NULL;
+ int rc;
+
+ /* If a path is NOT provided then assume it's DM name */
+ p = strrchr(path, '/');
+
+ if (!p)
+ return g_strdup(path);
+ else
+ p++;
+
+ /* It's a path. Check if the last component is DM name */
+ if (stat(path, &sb[0]) < 0) {
+ virReportError(errno,
+ _("Unable to stat %p"),
+ path);
+ return NULL;
+ }
+
+ dmDirPath = g_strdup_printf(DEV_DM_DIR "/%s", p);
+
+ if (stat(dmDirPath, &sb[1]) == 0 &&
+ sb[0].st_rdev == sb[1].st_rdev) {
+ return g_strdup(p);
+ }
+
+ /* The last component of @path wasn't DM name. Let's check if
+ * there's a device under /dev/mapper/ with the same rdev. */
+ if (virDirOpen(&dh, DEV_DM_DIR) < 0)
+ return NULL;
+
+ while ((rc = virDirRead(dh, &ent, DEV_DM_DIR)) > 0) {
+ g_autofree char *tmp = g_strdup_printf(DEV_DM_DIR "/%s", ent->d_name);
+
+ if (stat(tmp, &sb[1]) == 0 &&
+ sb[0].st_rdev == sb[0].st_rdev) {
+ ret = g_steal_pointer(&tmp);
+ break;
+ }
+ }
+
+ virDirClose(&dh);
+ return ret;
+}
+
+
+static int
+virDevMapperGetTargetsImpl(int controlFD,
+ const char *path,
char ***devPaths_ret,
unsigned int ttl)
{
- struct dm_task *dmt = NULL;
- struct dm_deps *deps;
- struct dm_info info;
+ g_autofree char *sanitizedPath = NULL;
+ g_autofree char *buf = NULL;
+ struct dm_ioctl dm;
+ struct dm_target_deps *deps = NULL;
char **devPaths = NULL;
char **recursiveDevPaths = NULL;
size_t i;
int ret = -1;
+ memset(&dm, 0, sizeof(dm));
*devPaths_ret = NULL;
- if (virDevMapperInitialize() < 0)
- return ret;
-
if (ttl == 0) {
errno = ELOOP;
- return ret;
+ return -1;
}
- if (!(dmt = dm_task_create(DM_DEVICE_DEPS))) {
- if (errno == ENOENT || errno == ENODEV) {
- /* It's okay. Kernel is probably built without
- * devmapper support. */
- ret = 0;
- }
- return ret;
- }
+ if (!(sanitizedPath = virDMSanitizepath(path)))
+ return 0;
- if (!dm_task_set_name(dmt, path)) {
- if (errno == ENOENT) {
- /* It's okay, @path is not managed by devmapper =>
- * not a devmapper device. */
- ret = 0;
- }
- goto cleanup;
+ if (virStrncpy(dm.name, sanitizedPath, -1, DM_TABLE_DEPS) < 0) {
+ virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
+ _("Resolved device mapper name too long"));
+ return -1;
}
- dm_task_no_open_count(dmt);
-
- if (!dm_task_run(dmt)) {
- if (errno == ENXIO) {
- /* If @path = "/dev/mapper/control" ENXIO is returned. */
- ret = 0;
- }
- goto cleanup;
+ deps = virDMIoctl(controlFD, DM_TABLE_DEPS, &dm, &buf);
+ if (!deps) {
+ if (errno == ENXIO)
+ return 0;
+
+ virReportSystemError(errno,
+ _("Unable to query dependencies for %s"),
+ path);
+ return -1;
}
- if (!dm_task_get_info(dmt, &info))
- goto cleanup;
-
- if (!info.exists) {
- ret = 0;
- goto cleanup;
- }
-
- if (!(deps = dm_task_get_deps(dmt)))
- goto cleanup;
-
if (VIR_ALLOC_N_QUIET(devPaths, deps->count + 1) < 0)
- goto cleanup;
+ return -1;
for (i = 0; i < deps->count; i++) {
devPaths[i] = g_strdup_printf("/dev/block/%u:%u",
- major(deps->device[i]),
- minor(deps->device[i]));
+ major(deps->dev[i]),
+ minor(deps->dev[i]));
}
recursiveDevPaths = NULL;
for (i = 0; i < deps->count; i++) {
char **tmpPaths;
- if (virDevMapperGetTargetsImpl(devPaths[i], &tmpPaths, ttl - 1) < 0)
+ if (virDevMapperGetTargetsImpl(controlFD, devPaths[i], &tmpPaths, ttl - 1) < 0)
goto cleanup;
if (tmpPaths &&
@@ -154,7 +281,6 @@ virDevMapperGetTargetsImpl(const char *p
cleanup:
virStringListFree(recursiveDevPaths);
virStringListFree(devPaths);
- dm_task_destroy(dmt);
return ret;
}
@@ -174,9 +300,6 @@ virDevMapperGetTargetsImpl(const char *p
* If @path consists of yet another devmapper targets these are
* consulted recursively.
*
- * If we don't have permissions to talk to kernel, -1 is returned
- * and errno is set to EBADF.
- *
* Returns 0 on success,
* -1 otherwise (with errno set, no libvirt error is
* reported)
@@ -185,16 +308,23 @@ int
virDevMapperGetTargets(const char *path,
char ***devPaths)
{
+ VIR_AUTOCLOSE controlFD = -1;
const unsigned int ttl = 32;
/* Arbitrary limit on recursion level. A devmapper target can
* consist of devices or yet another targets. If that's the
* case, we have to stop recursion somewhere. */
- return virDevMapperGetTargetsImpl(path, devPaths, ttl);
+ if (virDevMapperInitialize() < 0)
+ return -1;
+
+ if ((controlFD = virDMOpen()) < 0)
+ return -1;
+
+ return virDevMapperGetTargetsImpl(controlFD, path, devPaths, ttl);
}
-#else /* ! WITH_DEVMAPPER */
+#else /* !defined(__linux__) */
int
virDevMapperGetTargets(const char *path G_GNUC_UNUSED,
@@ -203,4 +333,4 @@ virDevMapperGetTargets(const char *path
errno = ENOSYS;
return -1;
}
-#endif /* ! WITH_DEVMAPPER */
+#endif /* ! defined(__linux__) */
++++++ 2a68ceaa-virHostCPUGetSignature-ppc64.patch ++++++
commit 2a68ceaa6e2e45bbb05ffa15b4cdf45cba38958f
Author: Jiri Denemark <jdenemar(a)redhat.com>
Date: Thu Apr 2 22:35:30 2020 +0200
hostcpu: Implement virHostCPUGetSignature for ppc64
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
Reviewed-by: Ján Tomko <jtomko(a)redhat.com>
Index: libvirt-6.0.0/src/util/virhostcpu.c
===================================================================
--- libvirt-6.0.0.orig/src/util/virhostcpu.c
+++ libvirt-6.0.0/src/util/virhostcpu.c
@@ -1411,8 +1411,9 @@ virHostCPUReadSignature(virArch arch,
g_autofree char *family = NULL;
g_autofree char *model = NULL;
g_autofree char *stepping = NULL;
+ g_autofree char *revision = NULL;
- if (!ARCH_IS_X86(arch))
+ if (!ARCH_IS_X86(arch) && !ARCH_IS_PPC64(arch))
return 0;
while (fgets(line, lineLen, cpuinfo)) {
@@ -1424,27 +1425,42 @@ virHostCPUReadSignature(virArch arch,
g_strstrip(parts[0]);
g_strstrip(parts[1]);
- if (STREQ(parts[0], "vendor_id")) {
- if (!vendor)
- vendor = g_steal_pointer(&parts[1]);
- } else if (STREQ(parts[0], "model name")) {
- if (!name)
- name = g_steal_pointer(&parts[1]);
- } else if (STREQ(parts[0], "cpu family")) {
- if (!family)
- family = g_steal_pointer(&parts[1]);
- } else if (STREQ(parts[0], "model")) {
- if (!model)
- model = g_steal_pointer(&parts[1]);
- } else if (STREQ(parts[0], "stepping")) {
- if (!stepping)
- stepping = g_steal_pointer(&parts[1]);
- }
-
- if (vendor && name && family && model && stepping) {
- *signature = g_strdup_printf("%s, %s, family: %s, model: %s, stepping: %s",
- vendor, name, family, model, stepping);
- return 0;
+ if (ARCH_IS_X86(arch)) {
+ if (STREQ(parts[0], "vendor_id")) {
+ if (!vendor)
+ vendor = g_steal_pointer(&parts[1]);
+ } else if (STREQ(parts[0], "model name")) {
+ if (!name)
+ name = g_steal_pointer(&parts[1]);
+ } else if (STREQ(parts[0], "cpu family")) {
+ if (!family)
+ family = g_steal_pointer(&parts[1]);
+ } else if (STREQ(parts[0], "model")) {
+ if (!model)
+ model = g_steal_pointer(&parts[1]);
+ } else if (STREQ(parts[0], "stepping")) {
+ if (!stepping)
+ stepping = g_steal_pointer(&parts[1]);
+ }
+
+ if (vendor && name && family && model && stepping) {
+ *signature = g_strdup_printf("%s, %s, family: %s, model: %s, stepping: %s",
+ vendor, name, family, model, stepping);
+ return 0;
+ }
+ } else if (ARCH_IS_PPC64(arch)) {
+ if (STREQ(parts[0], "cpu")) {
+ if (!name)
+ name = g_steal_pointer(&parts[1]);
+ } else if (STREQ(parts[0], "revision")) {
+ if (!revision)
+ revision = g_steal_pointer(&parts[1]);
+ }
+
+ if (name && revision) {
+ *signature = g_strdup_printf("%s, rev %s", name, revision);
+ return 0;
+ }
}
}
Index: libvirt-6.0.0/tests/virhostcpudata/linux-ppc64-deconf-cpus.signature
===================================================================
--- /dev/null
+++ libvirt-6.0.0/tests/virhostcpudata/linux-ppc64-deconf-cpus.signature
@@ -0,0 +1 @@
+POWER8E (raw), altivec supported, rev 2.1 (pvr 004b 0201)
\ No newline at end of file
Index: libvirt-6.0.0/tests/virhostcpudata/linux-ppc64-subcores1.signature
===================================================================
--- /dev/null
+++ libvirt-6.0.0/tests/virhostcpudata/linux-ppc64-subcores1.signature
@@ -0,0 +1 @@
+POWER8E (raw), altivec supported, rev 2.1 (pvr 004b 0201)
\ No newline at end of file
Index: libvirt-6.0.0/tests/virhostcpudata/linux-ppc64-subcores2.signature
===================================================================
--- /dev/null
+++ libvirt-6.0.0/tests/virhostcpudata/linux-ppc64-subcores2.signature
@@ -0,0 +1 @@
+POWER8E (raw), altivec supported, rev 2.1 (pvr 004b 0201)
\ No newline at end of file
Index: libvirt-6.0.0/tests/virhostcpudata/linux-ppc64-subcores3.signature
===================================================================
--- /dev/null
+++ libvirt-6.0.0/tests/virhostcpudata/linux-ppc64-subcores3.signature
@@ -0,0 +1 @@
+POWER8E (raw), altivec supported, rev 2.1 (pvr 004b 0201)
\ No newline at end of file
++++++ 2c3ffa37-update-amd-doc.patch ++++++
commit 2c3ffa37284b9fa3d1e6c369fa2bb71c6f6dd92a
Author: Boris Fiuczynski <fiuczy(a)linux.ibm.com>
Date: Mon Jun 15 10:28:11 2020 +0200
docs: Update AMD launch secure description
Update document with changes in qemu capability caching and the added
secure guest support checking for AMD SEV in virt-host-validate.
Signed-off-by: Boris Fiuczynski <fiuczy(a)linux.ibm.com>
Reviewed-by: Erik Skultety <eskultet(a)redhat.com>
Index: libvirt-6.0.0/docs/kbase/launch_security_sev.rst
===================================================================
--- libvirt-6.0.0.orig/docs/kbase/launch_security_sev.rst
+++ libvirt-6.0.0/docs/kbase/launch_security_sev.rst
@@ -30,8 +30,11 @@ Enabling SEV on the host
========================
Before VMs can make use of the SEV feature you need to make sure your
-AMD CPU does support SEV. You can check whether SEV is among the CPU
-flags with:
+AMD CPU does support SEV. You can run ``libvirt-host-validate``
+(libvirt >= 6.5.0) to check if your host supports secure guests or you
+can follow the manual checks below.
+
+You can manually check whether SEV is among the CPU flags with:
::
@@ -109,7 +112,7 @@ following:
</features>
</domainCapabilities>
-Note that if libvirt was already installed and libvirtd running before
+Note that if libvirt (<6.5.0) was already installed and libvirtd running before
enabling SEV in the kernel followed by the host reboot you need to force
libvirtd to re-probe both the host and QEMU capabilities. First stop
libvirtd:
++++++ 34077c1b-tests-check-e820-host.patch ++++++
commit 34077c1b8b62bb61e76b908d0959216da0b3185f
Author: Marek Marczykowski-Górecki <marmarek(a)invisiblethingslab.com>
Date: Tue Apr 14 04:37:07 2020 +0200
tests: check e820_host option handling
Signed-off-by: Marek Marczykowski-Górecki <marmarek(a)invisiblethingslab.com>
Reviewed-by: Jim Fehlig <jfehlig(a)suse.com>
Index: libvirt-6.0.0/tests/xlconfigdata/test-paravirt-e820_host.cfg
===================================================================
--- /dev/null
+++ libvirt-6.0.0/tests/xlconfigdata/test-paravirt-e820_host.cfg
@@ -0,0 +1,13 @@
+name = "XenGuest1"
+uuid = "45b60f51-88a9-47a8-a3b3-5e66d71b2283"
+maxmem = 512
+memory = 512
+vcpus = 4
+e820_host = 1
+localtime = 0
+on_poweroff = "preserve"
+on_reboot = "restart"
+on_crash = "preserve"
+vif = [ "mac=5a:36:0e:be:00:09" ]
+bootloader = "/usr/bin/pygrub"
+disk = [ "format=qcow2,vdev=xvda,access=rw,backendtype=qdisk,target=/var/lib/xen/images/debian/disk.qcow2" ]
Index: libvirt-6.0.0/tests/xlconfigdata/test-paravirt-e820_host.xml
===================================================================
--- /dev/null
+++ libvirt-6.0.0/tests/xlconfigdata/test-paravirt-e820_host.xml
@@ -0,0 +1,37 @@
+<domain type='xen'>
+ <name>XenGuest1</name>
+ <uuid>45b60f51-88a9-47a8-a3b3-5e66d71b2283</uuid>
+ <memory unit='KiB'>524288</memory>
+ <currentMemory unit='KiB'>524288</currentMemory>
+ <vcpu placement='static'>4</vcpu>
+ <bootloader>/usr/bin/pygrub</bootloader>
+ <os>
+ <type arch='x86_64' machine='xenpv'>linux</type>
+ </os>
+ <features>
+ <xen>
+ <e820_host state='on'/>
+ </xen>
+ </features>
+ <clock offset='utc' adjustment='reset'/>
+ <on_poweroff>preserve</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>preserve</on_crash>
+ <devices>
+ <disk type='file' device='disk'>
+ <driver name='qemu' type='qcow2'/>
+ <source file='/var/lib/xen/images/debian/disk.qcow2'/>
+ <target dev='xvda' bus='xen'/>
+ </disk>
+ <controller type='xenbus' index='0'/>
+ <interface type='ethernet'>
+ <mac address='5a:36:0e:be:00:09'/>
+ </interface>
+ <console type='pty'>
+ <target type='xen' port='0'/>
+ </console>
+ <input type='mouse' bus='xen'/>
+ <input type='keyboard' bus='xen'/>
+ <memballoon model='xen'/>
+ </devices>
+</domain>
Index: libvirt-6.0.0/tests/xlconfigtest.c
===================================================================
--- libvirt-6.0.0.orig/tests/xlconfigtest.c
+++ libvirt-6.0.0/tests/xlconfigtest.c
@@ -300,6 +300,7 @@ mymain(void)
DO_TEST("vif-multi-ip");
DO_TEST("usb");
DO_TEST("usbctrl");
+ DO_TEST("paravirt-e820_host");
testXLFreeDriver(driver);
++++++ 3d76f4fc-xen-dm-cmdline-config-converter.patch ++++++
commit 3d76f4fceb35a679c8d770f0a2a29149b6e4ba40
Author: Jim Fehlig <jfehlig(a)suse.com>
Date: Fri Jul 31 09:39:25 2020 -0600
Xen: Add support for qemu commandline passthrough to config converter
Support qemu commandline passthrough in the domXML to native config
converter. Add tests to check the conversion.
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
Reviewed-by: Michal Privoznik <mprivozn(a)redhat.com>
Index: libvirt-6.0.0/src/libxl/xen_xl.c
===================================================================
--- libvirt-6.0.0.orig/src/libxl/xen_xl.c
+++ libvirt-6.0.0/src/libxl/xen_xl.c
@@ -32,6 +32,7 @@
#include "virstoragefile.h"
#include "xen_xl.h"
#include "libxl_capabilities.h"
+#include "libxl_conf.h"
#include "cpu/cpu.h"
#define VIR_FROM_THIS VIR_FROM_XENXL
@@ -1158,6 +1159,42 @@ xenParseXLChannel(virConfPtr conf, virDo
return -1;
}
+static int
+xenParseXLNamespaceData(virConfPtr conf, virDomainDefPtr def)
+{
+ virConfValuePtr list = virConfGetValue(conf, "device_model_args");
+ VIR_AUTOSTRINGLIST args = NULL;
+ size_t nargs;
+ libxlDomainXmlNsDefPtr nsdata = NULL;
+
+ if (list && list->type == VIR_CONF_LIST) {
+ list = list->list;
+ while (list) {
+ if ((list->type != VIR_CONF_STRING) || (list->str == NULL)) {
+ list = list->next;
+ continue;
+ }
+
+ virStringListAdd(&args, list->str);
+ list = list->next;
+ }
+ }
+
+ if (!args)
+ return 0;
+
+ nargs = g_strv_length(args);
+ if (nargs > 0) {
+ nsdata = g_new0(libxlDomainXmlNsDef, 1);
+
+ nsdata->args = g_steal_pointer(&args);
+ nsdata->num_args = nargs;
+ def->namespaceData = nsdata;
+ }
+
+ return 0;
+}
+
virDomainDefPtr
xenParseXL(virConfPtr conf,
virCapsPtr caps,
@@ -1170,6 +1207,7 @@ xenParseXL(virConfPtr conf,
def->virtType = VIR_DOMAIN_VIRT_XEN;
def->id = -1;
+ def->ns = *(virDomainXMLOptionGetNamespace(xmlopt));
if (xenParseConfigCommon(conf, def, caps, XEN_CONFIG_FORMAT_XL,
xmlopt) < 0)
@@ -1207,6 +1245,9 @@ xenParseXL(virConfPtr conf,
if (xenParseXLChannel(conf, def) < 0)
goto cleanup;
+ if (xenParseXLNamespaceData(conf, def) < 0)
+ goto cleanup;
+
if (virDomainDefPostParse(def, VIR_DOMAIN_DEF_PARSE_ABI_UPDATE,
xmlopt, NULL) < 0)
goto cleanup;
@@ -2178,6 +2219,53 @@ xenFormatXLDomainChannels(virConfPtr con
return -1;
}
+static int
+xenFormatXLDomainNamespaceData(virConfPtr conf, virDomainDefPtr def)
+{
+ libxlDomainXmlNsDefPtr nsdata = def->namespaceData;
+ virConfValuePtr args = NULL;
+ size_t i;
+
+ if (!nsdata)
+ return 0;
+
+ if (nsdata->num_args == 0)
+ return 0;
+
+ if (VIR_ALLOC(args) < 0)
+ return -1;
+
+ args->type = VIR_CONF_LIST;
+ args->list = NULL;
+
+ for (i = 0; i < nsdata->num_args; i++) {
+ virConfValuePtr val, tmp;
+
+ if (VIR_ALLOC(val) < 0)
+ goto error;
+
+ val->type = VIR_CONF_STRING;
+ val->str = g_strdup(nsdata->args[i]);
+ tmp = args->list;
+ while (tmp && tmp->next)
+ tmp = tmp->next;
+ if (tmp)
+ tmp->next = val;
+ else
+ args->list = val;
+ }
+
+ if (args->list != NULL)
+ if (virConfSetValue(conf, "device_model_args", args) < 0)
+ goto error;
+
+ return 0;
+
+ error:
+ virConfFreeValue(args);
+ return -1;
+}
+
virConfPtr
xenFormatXL(virDomainDefPtr def, virConnectPtr conn)
{
@@ -2221,5 +2309,8 @@ xenFormatXL(virDomainDefPtr def, virConn
if (xenFormatXLDomainChannels(conf, def) < 0)
return NULL;
+ if (xenFormatXLDomainNamespaceData(conf, def) < 0)
+ return NULL;
+
return g_steal_pointer(&conf);
}
Index: libvirt-6.0.0/tests/xlconfigdata/test-qemu-passthrough.cfg
===================================================================
--- /dev/null
+++ libvirt-6.0.0/tests/xlconfigdata/test-qemu-passthrough.cfg
@@ -0,0 +1,26 @@
+name = "XenGuest2"
+uuid = "c7a5fdb2-cdaf-9455-926a-d65c16db1809"
+maxmem = 579
+memory = 394
+vcpus = 1
+pae = 1
+acpi = 1
+apic = 1
+viridian = 0
+rtc_timeoffset = 0
+localtime = 0
+on_poweroff = "destroy"
+on_reboot = "restart"
+on_crash = "restart"
+device_model = "/usr/lib/xen/bin/qemu-system-i386"
+sdl = 0
+vnc = 1
+vncunused = 1
+vnclisten = "127.0.0.1"
+vif = [ "mac=00:16:3e:66:92:9c,bridge=xenbr1,script=vif-bridge,model=e1000" ]
+parallel = "none"
+serial = "none"
+builder = "hvm"
+boot = "d"
+disk = [ "format=raw,vdev=hda,access=rw,backendtype=qdisk,target=/var/lib/libvirt/images/XenGuest2" ]
+device_model_args = [ "-debugcon", "file:/tmp/debug.log", "-global", "isa-debugcon.iobase=0x402" ]
Index: libvirt-6.0.0/tests/xlconfigdata/test-qemu-passthrough.xml
===================================================================
--- /dev/null
+++ libvirt-6.0.0/tests/xlconfigdata/test-qemu-passthrough.xml
@@ -0,0 +1,53 @@
+<domain type='xen' xmlns:xen='http://libvirt.org/schemas/domain/xen/1.0'>
+ <name>XenGuest2</name>
+ <uuid>c7a5fdb2-cdaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>592896</memory>
+ <currentMemory unit='KiB'>403456</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='x86_64' machine='xenfv'>hvm</type>
+ <loader type='rom'>/usr/lib/xen/boot/hvmloader</loader>
+ <boot dev='cdrom'/>
+ </os>
+ <features>
+ <acpi/>
+ <apic/>
+ <pae/>
+ </features>
+ <clock offset='variable' adjustment='0' basis='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>restart</on_crash>
+ <devices>
+ <emulator>/usr/lib/xen/bin/qemu-system-i386</emulator>
+ <disk type='file' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source file='/var/lib/libvirt/images/XenGuest2'/>
+ <target dev='hda' bus='ide'/>
+ <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+ </disk>
+ <controller type='xenbus' index='0'/>
+ <controller type='ide' index='0'/>
+ <interface type='bridge'>
+ <mac address='00:16:3e:66:92:9c'/>
+ <source bridge='xenbr1'/>
+ <script path='vif-bridge'/>
+ <model type='e1000'/>
+ </interface>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <graphics type='vnc' port='-1' autoport='yes' listen='127.0.0.1'>
+ <listen type='address' address='127.0.0.1'/>
+ </graphics>
+ <video>
+ <model type='cirrus' vram='8192' heads='1' primary='yes'/>
+ </video>
+ <memballoon model='xen'/>
+ </devices>
+ <xen:commandline>
+ <xen:arg value='-debugcon'/>
+ <xen:arg value='file:/tmp/debug.log'/>
+ <xen:arg value='-global'/>
+ <xen:arg value='isa-debugcon.iobase=0x402'/>
+ </xen:commandline>
+</domain>
Index: libvirt-6.0.0/tests/xlconfigtest.c
===================================================================
--- libvirt-6.0.0.orig/tests/xlconfigtest.c
+++ libvirt-6.0.0/tests/xlconfigtest.c
@@ -304,6 +304,7 @@ mymain(void)
#ifdef LIBXL_HAVE_CREATEINFO_PASSTHROUGH
DO_TEST("fullvirt-hypervisor-features");
#endif
+ DO_TEST("qemu-passthrough");
testXLFreeDriver(driver);
++++++ 44f826e4-virHostCPUGetSignature-x86.patch ++++++
commit 44f826e4a0a865fce0059cdd826432b8144f6e3e
Author: Jiri Denemark <jdenemar(a)redhat.com>
Date: Wed Apr 1 19:55:27 2020 +0200
hostcpu: Implement virHostCPUGetSignature for x86
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
Reviewed-by: Ján Tomko <jtomko(a)redhat.com>
Index: libvirt-6.0.0/src/util/virhostcpu.c
===================================================================
--- libvirt-6.0.0.orig/src/util/virhostcpu.c
+++ libvirt-6.0.0/src/util/virhostcpu.c
@@ -1400,10 +1400,54 @@ virHostCPUGetTscInfo(void)
(defined(__linux__) || defined(__FreeBSD__)) */
int
-virHostCPUReadSignature(virArch arch G_GNUC_UNUSED,
- FILE *cpuinfo G_GNUC_UNUSED,
- char **signature G_GNUC_UNUSED)
+virHostCPUReadSignature(virArch arch,
+ FILE *cpuinfo,
+ char **signature)
{
+ size_t lineLen = 1024;
+ g_autofree char *line = g_new0(char, lineLen);
+ g_autofree char *vendor = NULL;
+ g_autofree char *name = NULL;
+ g_autofree char *family = NULL;
+ g_autofree char *model = NULL;
+ g_autofree char *stepping = NULL;
+
+ if (!ARCH_IS_X86(arch))
+ return 0;
+
+ while (fgets(line, lineLen, cpuinfo)) {
+ g_auto(GStrv) parts = g_strsplit(line, ": ", 2);
+
+ if (g_strv_length(parts) != 2)
+ continue;
+
+ g_strstrip(parts[0]);
+ g_strstrip(parts[1]);
+
+ if (STREQ(parts[0], "vendor_id")) {
+ if (!vendor)
+ vendor = g_steal_pointer(&parts[1]);
+ } else if (STREQ(parts[0], "model name")) {
+ if (!name)
+ name = g_steal_pointer(&parts[1]);
+ } else if (STREQ(parts[0], "cpu family")) {
+ if (!family)
+ family = g_steal_pointer(&parts[1]);
+ } else if (STREQ(parts[0], "model")) {
+ if (!model)
+ model = g_steal_pointer(&parts[1]);
+ } else if (STREQ(parts[0], "stepping")) {
+ if (!stepping)
+ stepping = g_steal_pointer(&parts[1]);
+ }
+
+ if (vendor && name && family && model && stepping) {
+ *signature = g_strdup_printf("%s, %s, family: %s, model: %s, stepping: %s",
+ vendor, name, family, model, stepping);
+ return 0;
+ }
+ }
+
return 0;
}
Index: libvirt-6.0.0/tests/virhostcpudata/linux-x86_64-test1.signature
===================================================================
--- /dev/null
+++ libvirt-6.0.0/tests/virhostcpudata/linux-x86_64-test1.signature
@@ -0,0 +1 @@
+GenuineIntel, Intel(R) Xeon(TM) CPU 2.80GHz, family: 15, model: 4, stepping: 8
Index: libvirt-6.0.0/tests/virhostcpudata/linux-x86_64-test2.signature
===================================================================
--- /dev/null
+++ libvirt-6.0.0/tests/virhostcpudata/linux-x86_64-test2.signature
@@ -0,0 +1 @@
+GenuineIntel, Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz, family: 6, model: 23, stepping: 10
Index: libvirt-6.0.0/tests/virhostcpudata/linux-x86_64-test3.signature
===================================================================
--- /dev/null
+++ libvirt-6.0.0/tests/virhostcpudata/linux-x86_64-test3.signature
@@ -0,0 +1 @@
+AuthenticAMD, AMD Opteron(tm) Processor 6172, family: 16, model: 9, stepping: 1
Index: libvirt-6.0.0/tests/virhostcpudata/linux-x86_64-test4.signature
===================================================================
--- /dev/null
+++ libvirt-6.0.0/tests/virhostcpudata/linux-x86_64-test4.signature
@@ -0,0 +1 @@
+GenuineIntel, Intel(R) Xeon(R) CPU E7- 8837 @ 2.67GHz, family: 6, model: 47, stepping: 2
Index: libvirt-6.0.0/tests/virhostcpudata/linux-x86_64-test5.signature
===================================================================
--- /dev/null
+++ libvirt-6.0.0/tests/virhostcpudata/linux-x86_64-test5.signature
@@ -0,0 +1 @@
+GenuineIntel, Intel(R) Xeon(R) CPU E5320 @ 1.86GHz, family: 6, model: 15, stepping: 7
Index: libvirt-6.0.0/tests/virhostcpudata/linux-x86_64-test6.signature
===================================================================
--- /dev/null
+++ libvirt-6.0.0/tests/virhostcpudata/linux-x86_64-test6.signature
@@ -0,0 +1 @@
+GenuineIntel, Intel(R) Xeon(R) CPU E5640 @ 2.67GHz, family: 6, model: 44, stepping: 2
Index: libvirt-6.0.0/tests/virhostcpudata/linux-x86_64-test7.signature
===================================================================
--- /dev/null
+++ libvirt-6.0.0/tests/virhostcpudata/linux-x86_64-test7.signature
@@ -0,0 +1 @@
+AuthenticAMD, AMD Opteron(tm) Processor 6174, family: 16, model: 9, stepping: 1
Index: libvirt-6.0.0/tests/virhostcpudata/linux-x86_64-test8.signature
===================================================================
--- /dev/null
+++ libvirt-6.0.0/tests/virhostcpudata/linux-x86_64-test8.signature
@@ -0,0 +1 @@
+AuthenticAMD, AMD Opteron(tm) Processor 6282 SE, family: 21, model: 1, stepping: 2
Index: libvirt-6.0.0/tests/virhostcpudata/linux-x86_64-with-die.signature
===================================================================
--- /dev/null
+++ libvirt-6.0.0/tests/virhostcpudata/linux-x86_64-with-die.signature
@@ -0,0 +1 @@
+GenuineIntel, QEMU Virtual CPU version 2.5+, family: 6, model: 6, stepping: 3
++++++ 4b561d49-amd-host-validate-check.patch ++++++
commit 4b561d49ad5d6cc45766714253adb798bb99b6e8
Author: Boris Fiuczynski <fiuczy(a)linux.ibm.com>
Date: Mon Jun 15 10:28:10 2020 +0200
tools: Secure guest check for AMD in virt-host-validate
Add checking in virt-host-validate for secure guest support
on x86 for AMD Secure Encrypted Virtualization.
Signed-off-by: Boris Fiuczynski <fiuczy(a)linux.ibm.com>
Reviewed-by: Paulo de Rezende Pinatti <ppinatti(a)linux.ibm.com>
Reviewed-by: Bjoern Walk <bwalk(a)linux.ibm.com>
Reviewed-by: Erik Skultety <eskultet(a)redhat.com>
Index: libvirt-6.0.0/tools/virt-host-validate-common.c
===================================================================
--- libvirt-6.0.0.orig/tools/virt-host-validate-common.c
+++ libvirt-6.0.0/tools/virt-host-validate-common.c
@@ -40,7 +40,8 @@ VIR_ENUM_IMPL(virHostValidateCPUFlag,
"vmx",
"svm",
"sie",
- "158");
+ "158",
+ "sev");
static bool quiet;
@@ -420,14 +421,18 @@ int virHostValidateSecureGuests(const ch
{
virBitmapPtr flags;
bool hasFac158 = false;
+ bool hasAMDSev = false;
virArch arch = virArchFromHost();
g_autofree char *cmdline = NULL;
static const char *kIBMValues[] = {"y", "Y", "on", "ON", "oN", "On", "1"};
+ g_autofree char *mod_value = NULL;
flags = virHostValidateGetCPUFlags();
if (flags && virBitmapIsBitSet(flags, VIR_HOST_VALIDATE_CPU_FLAG_FACILITY_158))
hasFac158 = true;
+ else if (flags && virBitmapIsBitSet(flags, VIR_HOST_VALIDATE_CPU_FLAG_SEV))
+ hasAMDSev = true;
virBitmapFree(flags);
@@ -463,6 +468,29 @@ int virHostValidateSecureGuests(const ch
virHostMsgFail(level, "Hardware or firmware does not provide "
"support for IBM Secure Execution");
}
+ } else if (hasAMDSev) {
+ if (virFileReadValueString(&mod_value, "/sys/module/kvm_amd/parameters/sev") < 0) {
+ virHostMsgFail(level, "AMD Secure Encrypted Virtualization not "
+ "supported by the currently used kernel");
+ return 0;
+ }
+
+ if (mod_value[0] != '1') {
+ virHostMsgFail(level,
+ "AMD Secure Encrypted Virtualization appears to be "
+ "disabled in kernel. Add kvm_amd.sev=1 "
+ "to the kernel cmdline arguments");
+ return 0;
+ }
+
+ if (virFileExists("/dev/sev")) {
+ virHostMsgPass();
+ return 1;
+ } else {
+ virHostMsgFail(level,
+ "AMD Secure Encrypted Virtualization appears to be "
+ "disabled in firemare.");
+ }
} else {
virHostMsgFail(level,
"Unknown if this platform has Secure Guest support");
Index: libvirt-6.0.0/tools/virt-host-validate-common.h
===================================================================
--- libvirt-6.0.0.orig/tools/virt-host-validate-common.h
+++ libvirt-6.0.0/tools/virt-host-validate-common.h
@@ -39,6 +39,7 @@ typedef enum {
VIR_HOST_VALIDATE_CPU_FLAG_SVM,
VIR_HOST_VALIDATE_CPU_FLAG_SIE,
VIR_HOST_VALIDATE_CPU_FLAG_FACILITY_158,
+ VIR_HOST_VALIDATE_CPU_FLAG_SEV,
VIR_HOST_VALIDATE_CPU_FLAG_LAST,
} virHostValidateCPUFlag;
++++++ 4cc90c2e-CVE-2020-10701.patch ++++++
commit 4cc90c2e62df653e909ad31fd810224bf8bcf913
Author: Jonathon Jongsma <jjongsma(a)redhat.com>
Date: Fri Mar 20 09:43:13 2020 -0500
api: disallow virDomainAgentSetResponseTimeout() on read-only connections
This function changes the amount of time that libvirt waits for a
response from the guest agent for all guest agent commands. Since this
is a configuration change, it should not be allowed on read-only
connections.
Signed-off-by: Jonathon Jongsma <jjongsma(a)redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413(a)gmail.com>
Reviewed-by: Michal Privoznik <mprivozn(a)redhat.com>
Index: libvirt-6.0.0/src/libvirt-domain.c
===================================================================
--- libvirt-6.0.0.orig/src/libvirt-domain.c
+++ libvirt-6.0.0/src/libvirt-domain.c
@@ -12574,6 +12574,8 @@ virDomainAgentSetResponseTimeout(virDoma
virCheckDomainReturn(domain, -1);
conn = domain->conn;
+ virCheckReadOnlyGoto(conn->flags, error);
+
if (conn->driver->domainAgentSetResponseTimeout) {
if (conn->driver->domainAgentSetResponseTimeout(domain, timeout, flags) < 0)
goto error;
++++++ 50864dcd-CVE-2020-25637.patch ++++++
commit 50864dcda191eb35732dbd80fb6ca251a6bba923
Author: Ján Tomko <jtomko(a)redhat.com>
Date: Fri Sep 18 16:09:25 2020 +0200
rpc: add support for filtering @acls by uint params
CVE-2020-25637
Add a new field to @acl annotations for filtering by
unsigned int parameters.
Signed-off-by: Ján Tomko <jtomko(a)redhat.com>
Reviewed-by: Jiri Denemark <jdenemar(a)redhat.com>
Index: libvirt-6.0.0/src/remote/remote_protocol.x
===================================================================
--- libvirt-6.0.0.orig/src/remote/remote_protocol.x
+++ libvirt-6.0.0/src/remote/remote_protocol.x
@@ -3805,6 +3805,7 @@ enum remote_procedure {
*
* - @acl: <object>:<permission>
* - @acl: <object>:<permission>:<flagname>
+ * - @acl: <object>:<permission>::<param>:<value>
*
* Declare the access control requirements for the API. May be repeated
* multiple times, if multiple rules are required.
@@ -3814,6 +3815,8 @@ enum remote_procedure {
* <permission> is one of the permissions in access/viraccessperm.h
* <flagname> indicates the rule only applies if the named flag
* is set in the API call
+ * <param> and <value> can be used to check an unsigned int parameter
+ * against value
*
* - @aclfilter: <object>:<permission>
*
Index: libvirt-6.0.0/src/rpc/gendispatch.pl
===================================================================
--- libvirt-6.0.0.orig/src/rpc/gendispatch.pl
+++ libvirt-6.0.0/src/rpc/gendispatch.pl
@@ -2104,10 +2104,12 @@ elsif ($mode eq "client") {
my @acl;
foreach (@{$acl}) {
my @bits = split /:/;
- push @acl, { object => $bits[0], perm => $bits[1], flags => $bits[2] }
+ push @acl, { object => $bits[0], perm => $bits[1], flags => $bits[2],
+ param => $bits[3], value => $bits[4] }
}
my $checkflags = 0;
+ my $paramtocheck = undef;
for (my $i = 1 ; $i <= $#acl ; $i++) {
if ($acl[$i]->{object} ne $acl[0]->{object}) {
die "acl for '$call->{ProcName}' cannot check different objects";
@@ -2115,6 +2117,9 @@ elsif ($mode eq "client") {
if (defined $acl[$i]->{flags} && length $acl[$i]->{flags}) {
$checkflags = 1;
}
+ if (defined $acl[$i]->{param}) {
+ $paramtocheck = $acl[$i]->{param};
+ }
}
my $apiname = $prefix . $call->{ProcName};
@@ -2150,6 +2155,9 @@ elsif ($mode eq "client") {
if ($checkflags) {
push @argdecls, "unsigned int flags";
}
+ if (defined $paramtocheck) {
+ push @argdecls, "unsigned int " . $paramtocheck;
+ }
my $ret;
my $pass;
@@ -2210,6 +2218,17 @@ elsif ($mode eq "client") {
}
print " ";
}
+ if (defined $acl->{param}) {
+ my $param = $acl->{param};
+ my $value = $acl->{value};
+ if ($value =~ /^\!/) {
+ $value = substr $value, 1;
+ print "($param != ($value)) &&\n";
+ } else {
+ print "($param == ($value)) &&\n";
+ }
+ print " ";
+ }
print "(rv = $method(" . join(", ", @argvars, $perm) . ")) <= 0) {\n";
print " virObjectUnref(mgr);\n";
if ($action eq "Ensure") {
++++++ 53d9af1e-ignore-devmapper-open-errors.patch ++++++
commit 53d9af1e7924757e3b5f661131dd707d7110d094
Author: Michal Prívozník <mprivozn(a)redhat.com>
Date: Wed Aug 19 13:35:55 2020 +0200
virdevmapper: Ignore all errors when opening /dev/mapper/control
So far, only ENOENT is ignored (to deal with kernels without
devmapper). However, as reported on the list, under certain
scenarios a different error can occur. For instance, when libvirt
is running inside a container which doesn't have permissions to
talk to the devmapper. If this is the case, then open() returns
-1 and sets errno=EPERM.
Assuming that multipath devices are fairly narrow use case and
using them in a restricted container is even more narrow the best
fix seems to be to ignore all open errors BUT produce a warning
on failure. To avoid flooding logs with warnings on kernels
without devmapper the level is reduced to a plain debug message.
Reported-by: Christian Ehrhardt <christian.ehrhardt(a)canonical.com>
Reviewed-by: Christian Ehrhardt <christian.ehrhardt(a)canonical.com>
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
Index: libvirt-6.0.0/src/util/virdevmapper.c
===================================================================
--- libvirt-6.0.0.orig/src/util/virdevmapper.c
+++ libvirt-6.0.0/src/util/virdevmapper.c
@@ -35,9 +35,12 @@
# include "viralloc.h"
# include "virstring.h"
# include "virfile.h"
+# include "virlog.h"
# define VIR_FROM_THIS VIR_FROM_STORAGE
+VIR_LOG_INIT("util.virdevmapper");
+
# define PROC_DEVICES "/proc/devices"
# define DM_NAME "device-mapper"
# define DEV_DM_DIR "/dev/" DM_DIR
@@ -135,11 +138,15 @@ virDMOpen(void)
memset(&dm, 0, sizeof(dm));
if ((controlFD = open(CONTROL_PATH, O_RDWR)) < 0) {
- if (errno == ENOENT)
- return -2;
-
- virReportSystemError(errno, _("Unable to open %s"), CONTROL_PATH);
- return -1;
+ /* We can't talk to devmapper. Produce a warning and let
+ * the caller decide what to do next. */
+ if (errno == ENOENT) {
+ VIR_DEBUG("device mapper not available");
+ } else {
+ VIR_WARN("unable to open %s: %s",
+ CONTROL_PATH, g_strerror(errno));
+ }
+ return -2;
}
if (!virDMIoctl(controlFD, DM_VERSION, &dm, &tmp)) {
@@ -332,9 +339,9 @@ virDevMapperGetTargets(const char *path,
if ((controlFD = virDMOpen()) < 0) {
if (controlFD == -2) {
- /* The CONTROL_PATH doesn't exist. Probably the
- * module isn't loaded, yet. Don't error out, just
- * exit. */
+ /* The CONTROL_PATH doesn't exist or is unusable.
+ * Probably the module isn't loaded, yet. Don't error
+ * out, just exit. */
return 0;
}
++++++ 5749395b-libxl-e820-host.patch ++++++
commit 5749395bfd03fcdb55a8be6a69637a2acaaad2c9
Author: Marek Marczykowski-Górecki <marmarek(a)invisiblethingslab.com>
Date: Tue Apr 14 04:37:05 2020 +0200
libxl: make use of e820_host feature
Signed-off-by: Marek Marczykowski-Górecki <marmarek(a)invisiblethingslab.com>
Reviewed-by: Jim Fehlig <jfehlig(a)suse.com>
Index: libvirt-6.0.0/src/libxl/libxl_conf.c
===================================================================
--- libvirt-6.0.0.orig/src/libxl/libxl_conf.c
+++ libvirt-6.0.0/src/libxl/libxl_conf.c
@@ -693,6 +693,20 @@ libxlMakeDomBuildInfo(virDomainDefPtr de
b_info->u.pv.kernel = g_strdup(def->os.kernel);
}
b_info->u.pv.ramdisk = g_strdup(def->os.initrd);
+
+ if (def->features[VIR_DOMAIN_FEATURE_XEN] == VIR_TRISTATE_SWITCH_ON) {
+ switch ((virTristateSwitch) def->xen_features[VIR_DOMAIN_XEN_E820_HOST]) {
+ case VIR_TRISTATE_SWITCH_ON:
+ libxl_defbool_set(&b_info->u.pv.e820_host, true);
+ break;
+ case VIR_TRISTATE_SWITCH_OFF:
+ libxl_defbool_set(&b_info->u.pv.e820_host, false);
+ break;
+ case VIR_TRISTATE_SWITCH_ABSENT:
+ case VIR_TRISTATE_SWITCH_LAST:
+ break;
+ }
+ }
}
/* only the 'xen' balloon device model is supported */
++++++ 657365e7-check-amd-secure-guest.patch ++++++
commit 657365e74f489b70bfbf2eb014db63046c5e3888
Author: Paulo de Rezende Pinatti <ppinatti(a)linux.ibm.com>
Date: Mon Jun 15 10:28:08 2020 +0200
qemu: Check if AMD secure guest support is enabled
Implement secure guest check for AMD SEV (Secure Encrypted
Virtualization) in order to invalidate the qemu capabilities
cache in case the availability of the feature changed.
For AMD SEV the verification consists of:
- checking if /sys/module/kvm_amd/parameters/sev contains the
value '1': meaning SEV is enabled in the host kernel;
- checking if /dev/sev exists
Signed-off-by: Paulo de Rezende Pinatti <ppinatti(a)linux.ibm.com>
Signed-off-by: Boris Fiuczynski <fiuczy(a)linux.ibm.com>
Reviewed-by: Bjoern Walk <bwalk(a)linux.ibm.com>
Reviewed-by: Erik Skultety <eskultet(a)redhat.com>
Index: libvirt-6.0.0/src/qemu/qemu_capabilities.c
===================================================================
--- libvirt-6.0.0.orig/src/qemu/qemu_capabilities.c
+++ libvirt-6.0.0/src/qemu/qemu_capabilities.c
@@ -4402,6 +4402,27 @@ virQEMUCapsKVMSupportsSecureGuestS390(vo
/*
+ * Check whether AMD Secure Encrypted Virtualization (x86) is enabled
+ */
+static bool
+virQEMUCapsKVMSupportsSecureGuestAMD(void)
+{
+ g_autofree char *modValue = NULL;
+
+ if (virFileReadValueString(&modValue, "/sys/module/kvm_amd/parameters/sev") < 0)
+ return false;
+
+ if (modValue[0] != '1')
+ return false;
+
+ if (virFileExists(QEMU_DEV_SEV))
+ return true;
+
+ return false;
+}
+
+
+/*
* Check whether the secure guest functionality is enabled.
* See the specific architecture function for details on the verifications made.
*/
@@ -4412,6 +4433,10 @@ virQEMUCapsKVMSupportsSecureGuest(void)
if (ARCH_IS_S390(arch))
return virQEMUCapsKVMSupportsSecureGuestS390();
+
+ if (ARCH_IS_X86(arch))
+ return virQEMUCapsKVMSupportsSecureGuestAMD();
+
return false;
}
++++++ 6c1dddaf-libxl-shutdown-inhibit.patch ++++++
commit 6c1dddaf97b4ef70e27961c9f79b15c79a863ac5
Author: Marek Marczykowski-Górecki <marmarek(a)invisiblethingslab.com>
Date: Sat Jan 18 03:37:42 2020 +0100
libxl: initialize shutdown inhibit callback
The libxl driver already tries to call shutdown inhibit callback in the
right places, but only if it's set. That last part was missing,
resulting in premature shutdown when running libvirtd
--timeout=...
Signed-off-by: Marek Marczykowski-Górecki <marmarek(a)invisiblethingslab.com>
Reviewed-by: Jim Fehlig <jfehlig(a)suse.com>
Index: libvirt-6.0.0/src/libxl/libxl_driver.c
===================================================================
--- libvirt-6.0.0.orig/src/libxl/libxl_driver.c
+++ libvirt-6.0.0/src/libxl/libxl_driver.c
@@ -648,8 +648,8 @@ libxlAddDom0(libxlDriverPrivatePtr drive
static int
libxlStateInitialize(bool privileged,
- virStateInhibitCallback callback G_GNUC_UNUSED,
- void *opaque G_GNUC_UNUSED)
+ virStateInhibitCallback callback,
+ void *opaque)
{
libxlDriverConfigPtr cfg;
char *driverConf = NULL;
@@ -670,6 +670,9 @@ libxlStateInitialize(bool privileged,
return VIR_DRV_STATE_INIT_ERROR;
}
+ libxl_driver->inhibitCallback = callback;
+ libxl_driver->inhibitOpaque = opaque;
+
/* Allocate bitmap for vnc port reservation */
if (!(libxl_driver->reservedGraphicsPorts =
virPortAllocatorRangeNew(_("VNC"),
++++++ 72ed254b-drop-exec-perms-bashcompletion.patch ++++++
commit 72ed254b38571a2139ed2a43607e07750fea459f
Author: Jim Fehlig <jfehlig(a)suse.com>
Date: Thu Jan 30 11:29:41 2020 -0700
build: Drop execute permissions on virsh bash completion command
rpmlint complains about "script-without-shebang" due to the execute
permissions on /usr/share/bash-completion/completions/vsh. Use
INSTALL_DATA instead of INSTALL_SCRIPT to avoid the unnecessary
execute permissions.
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
Reviewed-by: Michal Privoznik <mprivozn(a)redhat.com>
Index: libvirt-6.0.0/tools/Makefile.am
===================================================================
--- libvirt-6.0.0.orig/tools/Makefile.am
+++ libvirt-6.0.0/tools/Makefile.am
@@ -357,7 +357,7 @@ libvirt-guests.service: libvirt-guests.s
if WITH_BASH_COMPLETION
install-bash-completion:
$(MKDIR_P) "$(DESTDIR)$(BASH_COMPLETIONS_DIR)"
- $(INSTALL_SCRIPT) $(srcdir)/bash-completion/vsh \
+ $(INSTALL_DATA) $(srcdir)/bash-completion/vsh \
"$(DESTDIR)$(BASH_COMPLETIONS_DIR)/vsh"
( cd $(DESTDIR)$(BASH_COMPLETIONS_DIR) && \
rm -f virsh virt-admin && \
++++++ 849052ec-libxl-support-credit2.patch ++++++
commit 849052ec61e18780713bec171748e859e32dfd6d
Author: Dario Faggioli <dfaggioli(a)suse.com>
Date: Wed Jan 29 12:05:15 2020 +0100
libxl: support getting and setting parameters for the Credit2
With Credit2 being Xen default scheduler, it's definitely the case to
allow Credit2's scheduling parameters to be get and set via libvirt.
This is easy, as Credit and Credit2 have (at least as of now) the very
same parameters ('weight' and 'cap'). So we can just let credit2 pass
the scheduler-type check and the same code will work for both.
Signed-off-by: Dario Faggioli <dfaggioli(a)suse.com>
Reviewed-by: Jim Fehlig <jfehlig(a)suse.com>
Index: libvirt-6.0.0/src/libxl/libxl_driver.c
===================================================================
--- libvirt-6.0.0.orig/src/libxl/libxl_driver.c
+++ libvirt-6.0.0/src/libxl/libxl_driver.c
@@ -73,7 +73,7 @@ VIR_LOG_INIT("libxl.libxl_driver");
#define HYPERVISOR_CAPABILITIES "/proc/xen/capabilities"
#define HYPERVISOR_XENSTORED "/dev/xen/xenstored"
-/* Number of Xen scheduler parameters */
+/* Number of Xen scheduler parameters. credit and credit2 both support 2 */
#define XEN_SCHED_CREDIT_NPARAM 2
#define LIBXL_CHECK_DOM0_GOTO(name, label) \
@@ -4579,6 +4579,8 @@ libxlDomainGetSchedulerType(virDomainPtr
break;
case LIBXL_SCHEDULER_CREDIT2:
name = "credit2";
+ if (nparams)
+ *nparams = XEN_SCHED_CREDIT_NPARAM;
break;
case LIBXL_SCHEDULER_ARINC653:
name = "arinc653";
@@ -4625,11 +4627,11 @@ libxlDomainGetSchedulerParametersFlags(v
if (virDomainObjCheckActive(vm) < 0)
goto cleanup;
+ /* Only credit and credit2 are supported for now. */
sched_id = libxl_get_scheduler(cfg->ctx);
-
- if (sched_id != LIBXL_SCHEDULER_CREDIT) {
+ if (sched_id != LIBXL_SCHEDULER_CREDIT && sched_id != LIBXL_SCHEDULER_CREDIT2) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("Only 'credit' scheduler is supported"));
+ _("Only 'credit' and 'credit2' schedulers are supported"));
goto cleanup;
}
@@ -4702,11 +4704,11 @@ libxlDomainSetSchedulerParametersFlags(v
if (virDomainObjCheckActive(vm) < 0)
goto endjob;
+ /* Only credit and credit2 are supported for now. */
sched_id = libxl_get_scheduler(cfg->ctx);
-
- if (sched_id != LIBXL_SCHEDULER_CREDIT) {
+ if (sched_id != LIBXL_SCHEDULER_CREDIT && sched_id != LIBXL_SCHEDULER_CREDIT2) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("Only 'credit' scheduler is supported"));
+ _("Only 'credit' and 'credit2' schedulers are supported"));
goto endjob;
}
++++++ 8cb9d249-autoptr-file-callback.patch ++++++
commit 8cb9d2495c0c2921bb7c9fc3059ed268790123b6
Author: Jiri Denemark <jdenemar(a)redhat.com>
Date: Wed Apr 1 01:01:27 2020 +0200
util: Define g_autoptr callback for FILE
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
Reviewed-by: Ján Tomko <jtomko(a)redhat.com>
Index: libvirt-6.0.0/src/util/virfile.h
===================================================================
--- libvirt-6.0.0.orig/src/util/virfile.h
+++ libvirt-6.0.0/src/util/virfile.h
@@ -89,6 +89,7 @@ static inline void virForceCloseHelper(i
*/
#define VIR_AUTOCLOSE __attribute__((cleanup(virForceCloseHelper))) int
+G_DEFINE_AUTOPTR_CLEANUP_FUNC(FILE, fclose);
/* Opaque type for managing a wrapper around a fd. */
struct _virFileWrapperFd;
++++++ 8e669b38-conf-add-event-channels.patch ++++++
commit 8e669b382c3533793356261c6d748df56162a2c6
Author: Jim Fehlig <jfehlig(a)suse.com>
Date: Tue Apr 7 16:37:09 2020 -0600
conf: Add a new xenbus controller option for event channels
Event channels are like PV interrupts and in conjuction with grant frames
form a data transfer mechanism for PV drivers. They are also used for
inter-processor interrupts. Guests with a large number of vcpus and/or
many PV devices many need to increase the maximum default value of 1023.
For this reason the native Xen config format supports the
'max_event_channels' setting. See xl.cfg(5) man page for more details.
Similar to the existing maxGrantFrames option, add a new xenbus controller
option 'maxEventChannels', allowing to adjust the maximum value via libvirt.
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
Reviewed-by: Daniel P. Berrangé <berrange(a)redhat.com>
Index: libvirt-6.0.0/docs/formatdomain.html.in
===================================================================
--- libvirt-6.0.0.orig/docs/formatdomain.html.in
+++ libvirt-6.0.0/docs/formatdomain.html.in
@@ -4309,7 +4309,7 @@
<driver iothread='4'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x0b' function='0x0'/>
</controller>
- <controller type='xenbus' maxGrantFrames='64'/>
+ <controller type='xenbus' maxGrantFrames='64' maxEventChannels='2047'/>
...
</devices>
...</pre>
@@ -4369,7 +4369,11 @@
<dd><span class="since">Since 5.2.0</span>, the <code>xenbus</code>
controller has an optional attribute <code>maxGrantFrames</code>,
which specifies the maximum number of grant frames the controller
- makes available for connected devices.</dd>
+ makes available for connected devices.
+ <span class="since">Since 6.3.0</span>, the xenbus controller
+ supports the optional <code>maxEventChannels</code> attribute,
+ which specifies maximum number of event channels (PV interrupts)
+ that can be used by the guest.</dd>
</dl>
<p>
Index: libvirt-6.0.0/docs/schemas/domaincommon.rng
===================================================================
--- libvirt-6.0.0.orig/docs/schemas/domaincommon.rng
+++ libvirt-6.0.0/docs/schemas/domaincommon.rng
@@ -2404,6 +2404,11 @@
<ref name="unsignedInt"/>
</attribute>
</optional>
+ <optional>
+ <attribute name="maxEventChannels">
+ <ref name="unsignedInt"/>
+ </attribute>
+ </optional>
</group>
</choice>
<optional>
Index: libvirt-6.0.0/src/conf/domain_conf.c
===================================================================
--- libvirt-6.0.0.orig/src/conf/domain_conf.c
+++ libvirt-6.0.0/src/conf/domain_conf.c
@@ -2222,6 +2222,7 @@ virDomainControllerDefNew(virDomainContr
break;
case VIR_DOMAIN_CONTROLLER_TYPE_XENBUS:
def->opts.xenbusopts.maxGrantFrames = -1;
+ def->opts.xenbusopts.maxEventChannels = -1;
break;
case VIR_DOMAIN_CONTROLLER_TYPE_IDE:
case VIR_DOMAIN_CONTROLLER_TYPE_FDC:
@@ -11058,6 +11059,7 @@ virDomainControllerDefParseXML(virDomain
break;
case VIR_DOMAIN_CONTROLLER_TYPE_XENBUS: {
g_autofree char *gntframes = virXMLPropString(node, "maxGrantFrames");
+ g_autofree char *eventchannels = virXMLPropString(node, "maxEventChannels");
if (gntframes) {
int r = virStrToLong_i(gntframes, NULL, 10,
@@ -11068,6 +11070,15 @@ virDomainControllerDefParseXML(virDomain
goto error;
}
}
+ if (eventchannels) {
+ int r = virStrToLong_i(eventchannels, NULL, 10,
+ &def->opts.xenbusopts.maxEventChannels);
+ if (r != 0 || def->opts.xenbusopts.maxEventChannels < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Invalid maxEventChannels: %s"), eventchannels);
+ goto error;
+ }
+ }
break;
}
@@ -24742,6 +24753,10 @@ virDomainControllerDefFormat(virBufferPt
virBufferAsprintf(&attrBuf, " maxGrantFrames='%d'",
def->opts.xenbusopts.maxGrantFrames);
}
+ if (def->opts.xenbusopts.maxEventChannels != -1) {
+ virBufferAsprintf(&attrBuf, " maxEventChannels='%d'",
+ def->opts.xenbusopts.maxEventChannels);
+ }
break;
default:
Index: libvirt-6.0.0/src/conf/domain_conf.h
===================================================================
--- libvirt-6.0.0.orig/src/conf/domain_conf.h
+++ libvirt-6.0.0/src/conf/domain_conf.h
@@ -727,6 +727,7 @@ struct _virDomainUSBControllerOpts {
struct _virDomainXenbusControllerOpts {
int maxGrantFrames; /* -1 == undef */
+ int maxEventChannels; /* -1 == undef */
};
/* Stores the virtual disk controller configuration */
++++++ 93b15ba0-qemu-fix-hang-in-p2p-xbzrle-compression-parallel-mig.patch ++++++
commit 93b15ba0f2eb7858f8d88a5fd7354bd48bb7fc8d
Author: Lin Ma <lma(a)suse.com>
Date: Thu Apr 16 12:44:51 2020 +0800
qemu: fix hang in p2p + xbzrle compression + parallel migration
When we do parallel migration, The multifd-channels migration parameter
needs to be set on the destination side as well before incoming migration
URI, unless we accept the default number of connections(2).
Usually, This can be correctly handled by libvirtd. But in this case if
we use p2p + xbzrle compression without parameter '--comp-xbzrle-cache',
qemuMigrationParamsDump returns too early, The corresponding migration
parameter will not be set on the destination side, It results QEMU hangs.
Reproducer:
virsh migrate --live --p2p --comp-methods xbzrle \
--parallel --parallel-connections 3 GUEST qemu+ssh://dsthost/system
or
virsh migrate --live --p2p --compressed \
--parallel --parallel-connections 3 GUEST qemu+ssh://dsthost/system
Signed-off-by: Lin Ma <lma(a)suse.com>
Message-Id: <20200416044451.21134-1-lma(a)suse.com>
Reviewed-by: Jiri Denemark <jdenemar(a)redhat.com>
Index: libvirt-6.0.0/src/qemu/qemu_migration_params.c
===================================================================
--- libvirt-6.0.0.orig/src/qemu/qemu_migration_params.c
+++ libvirt-6.0.0/src/qemu/qemu_migration_params.c
@@ -630,7 +630,6 @@ qemuMigrationParamsDump(qemuMigrationPar
if (migParams->compMethods == 1ULL << QEMU_MIGRATION_COMPRESS_XBZRLE &&
!migParams->params[QEMU_MIGRATION_PARAM_XBZRLE_CACHE_SIZE].set) {
*flags |= VIR_MIGRATE_COMPRESSED;
- return 0;
}
for (i = 0; i < QEMU_MIGRATION_COMPRESS_LAST; ++i) {
++++++ 9529e007-libxl-passthrough.patch ++++++
commit 9529e0077a3f9002d6bc7f5504ca4583e5d985f1
Author: Jim Fehlig <jfehlig(a)suse.com>
Date: Wed Apr 15 17:18:25 2020 -0600
libxl: make use of passthrough hypervisor feature
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
Reviewed-by: Michal Privoznik <mprivozn(a)redhat.com>
Index: libvirt-6.0.0/src/libxl/libxl_conf.c
===================================================================
--- libvirt-6.0.0.orig/src/libxl/libxl_conf.c
+++ libvirt-6.0.0/src/libxl/libxl_conf.c
@@ -160,6 +160,27 @@ libxlMakeDomCreateInfo(libxl_ctx *ctx,
c_info->type = LIBXL_DOMAIN_TYPE_PV;
}
+#ifdef LIBXL_HAVE_CREATEINFO_PASSTHROUGH
+ if (def->features[VIR_DOMAIN_FEATURE_XEN] == VIR_TRISTATE_SWITCH_ON) {
+ switch ((virTristateSwitch) def->xen_features[VIR_DOMAIN_XEN_PASSTHROUGH]) {
+ case VIR_TRISTATE_SWITCH_ON:
+ if (def->xen_passthrough_mode == VIR_DOMAIN_XEN_PASSTHROUGH_MODE_SYNC_PT)
+ c_info->passthrough = LIBXL_PASSTHROUGH_SYNC_PT;
+ else if (def->xen_passthrough_mode == VIR_DOMAIN_XEN_PASSTHROUGH_MODE_SHARE_PT)
+ c_info->passthrough = LIBXL_PASSTHROUGH_SHARE_PT;
+ else
+ c_info->passthrough = LIBXL_PASSTHROUGH_ENABLED;
+ break;
+ case VIR_TRISTATE_SWITCH_OFF:
+ c_info->passthrough = LIBXL_PASSTHROUGH_DISABLED;
+ break;
+ case VIR_TRISTATE_SWITCH_ABSENT:
+ case VIR_TRISTATE_SWITCH_LAST:
+ break;
+ }
+ }
+#endif
+
c_info->name = g_strdup(def->name);
if (def->nseclabels &&
++++++ 955029bd-CVE-2020-25637.patch ++++++
commit 955029bd0ad7ef96000f529ac38204a8f4a96401
Author: Ján Tomko <jtomko(a)redhat.com>
Date: Fri Sep 18 17:44:56 2020 +0200
rpc: gendispatch: handle empty flags
CVE-2020-25637
Prepare for omission of the <flagname> in remote_protocol.x
@acl annotations:
@acl: <object>:<permission>:<flagname>
so that we can add more fields after, e.g.:
@acl: <object>:<permission>::<field>
Signed-off-by: Ján Tomko <jtomko(a)redhat.com>
Reviewed-by: Jiri Denemark <jdenemar(a)redhat.com>
Index: libvirt-6.0.0/src/rpc/gendispatch.pl
===================================================================
--- libvirt-6.0.0.orig/src/rpc/gendispatch.pl
+++ libvirt-6.0.0/src/rpc/gendispatch.pl
@@ -2112,7 +2112,7 @@ elsif ($mode eq "client") {
if ($acl[$i]->{object} ne $acl[0]->{object}) {
die "acl for '$call->{ProcName}' cannot check different objects";
}
- if (defined $acl[$i]->{flags}) {
+ if (defined $acl[$i]->{flags} && length $acl[$i]->{flags}) {
$checkflags = 1;
}
}
@@ -2200,7 +2200,7 @@ elsif ($mode eq "client") {
my $method = "virAccessManagerCheck" . $object;
my $space = ' ' x length($method);
print " if (";
- if (defined $acl->{flags}) {
+ if (defined $acl->{flags} && length $acl->{flags}) {
my $flags = $acl->{flags};
if ($flags =~ /^\!/) {
$flags = substr $flags, 1;
++++++ 967f4eeb-xenconfig-event-channels.patch ++++++
commit 967f4eebdcfed014fb8ad4569e9a04cdc731e9a6
Author: Jim Fehlig <jfehlig(a)suse.com>
Date: Tue Apr 7 17:33:26 2020 -0600
xenconfig: Add support for max_event_channels
Add support in the domXML<->native config converter for max_event_channels.
The parser and formater functions for max_grant_frames were reworked to
also parse max_event_channels. In doing so the xenbus controller is added
earlier in the config parsing, requiring a small adjustment to one of the
existing tests. Include a new test for the event channel conversion.
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
Reviewed-by: Daniel P. Berrangé <berrange(a)redhat.com>
Index: libvirt-6.0.0/src/libxl/xen_xl.c
===================================================================
--- libvirt-6.0.0.orig/src/libxl/xen_xl.c
+++ libvirt-6.0.0/src/libxl/xen_xl.c
@@ -597,19 +597,12 @@ xenParseXLVnuma(virConfPtr conf,
}
#endif
-#ifdef LIBXL_HAVE_BUILDINFO_GRANT_LIMITS
static int
-xenParseXLGntLimits(virConfPtr conf, virDomainDefPtr def)
+xenParseXLXenbusLimits(virConfPtr conf, virDomainDefPtr def)
{
- unsigned long max_gntframes;
int ctlr_idx;
virDomainControllerDefPtr xenbus_ctlr;
-
- if (xenConfigGetULong(conf, "max_grant_frames", &max_gntframes, 0) < 0)
- return -1;
-
- if (max_gntframes <= 0)
- return 0;
+ unsigned long limit;
ctlr_idx = virDomainControllerFindByType(def, VIR_DOMAIN_CONTROLLER_TYPE_XENBUS);
if (ctlr_idx == -1)
@@ -620,10 +613,20 @@ xenParseXLGntLimits(virConfPtr conf, vir
if (xenbus_ctlr == NULL)
return -1;
- xenbus_ctlr->opts.xenbusopts.maxGrantFrames = max_gntframes;
+ if (xenConfigGetULong(conf, "max_event_channels", &limit, 0) < 0)
+ return -1;
+ if (limit > 0)
+ xenbus_ctlr->opts.xenbusopts.maxEventChannels = limit;
+
+#ifdef LIBXL_HAVE_BUILDINFO_GRANT_LIMITS
+ if (xenConfigGetULong(conf, "max_grant_frames", &limit, 0) < 0)
+ return -1;
+ if (limit > 0)
+ xenbus_ctlr->opts.xenbusopts.maxGrantFrames = limit;
+#endif
+
return 0;
}
-#endif
static int
xenParseXLDiskSrc(virDomainDiskDefPtr disk, char *srcstr)
@@ -1180,10 +1183,8 @@ xenParseXL(virConfPtr conf,
goto cleanup;
#endif
-#ifdef LIBXL_HAVE_BUILDINFO_GRANT_LIMITS
- if (xenParseXLGntLimits(conf, def) < 0)
+ if (xenParseXLXenbusLimits(conf, def) < 0)
goto cleanup;
-#endif
if (xenParseXLCPUID(conf, def) < 0)
goto cleanup;
@@ -1532,23 +1533,31 @@ xenFormatXLDomainVnuma(virConfPtr conf,
}
#endif
-#ifdef LIBXL_HAVE_BUILDINFO_GRANT_LIMITS
static int
-xenFormatXLGntLimits(virConfPtr conf, virDomainDefPtr def)
+xenFormatXLXenbusLimits(virConfPtr conf, virDomainDefPtr def)
{
size_t i;
for (i = 0; i < def->ncontrollers; i++) {
- if (def->controllers[i]->type == VIR_DOMAIN_CONTROLLER_TYPE_XENBUS &&
- def->controllers[i]->opts.xenbusopts.maxGrantFrames > 0) {
- if (xenConfigSetInt(conf, "max_grant_frames",
- def->controllers[i]->opts.xenbusopts.maxGrantFrames) < 0)
- return -1;
+ if (def->controllers[i]->type == VIR_DOMAIN_CONTROLLER_TYPE_XENBUS) {
+ if (def->controllers[i]->opts.xenbusopts.maxEventChannels > 0) {
+ if (xenConfigSetInt(conf, "max_event_channels",
+ def->controllers[i]->opts.xenbusopts.maxEventChannels) < 0)
+ return -1;
+ }
+
+#ifdef LIBXL_HAVE_BUILDINFO_GRANT_LIMITS
+ if (def->controllers[i]->opts.xenbusopts.maxGrantFrames > 0) {
+ if (xenConfigSetInt(conf, "max_grant_frames",
+ def->controllers[i]->opts.xenbusopts.maxGrantFrames) < 0)
+ return -1;
+ }
+#endif
}
}
+
return 0;
}
-#endif
static char *
xenFormatXLDiskSrcNet(virStorageSourcePtr src)
@@ -2191,10 +2200,8 @@ xenFormatXL(virDomainDefPtr def, virConn
return NULL;
#endif
-#ifdef LIBXL_HAVE_BUILDINFO_GRANT_LIMITS
- if (xenFormatXLGntLimits(conf, def) < 0)
+ if (xenFormatXLXenbusLimits(conf, def) < 0)
return NULL;
-#endif
if (xenFormatXLDomainDisks(conf, def) < 0)
return NULL;
Index: libvirt-6.0.0/tests/xlconfigdata/test-max-eventchannels.cfg
===================================================================
--- /dev/null
+++ libvirt-6.0.0/tests/xlconfigdata/test-max-eventchannels.cfg
@@ -0,0 +1,13 @@
+name = "XenGuest1"
+uuid = "45b60f51-88a9-47a8-a3b3-5e66d71b2283"
+maxmem = 512
+memory = 512
+vcpus = 1
+localtime = 0
+on_poweroff = "preserve"
+on_reboot = "restart"
+on_crash = "preserve"
+vif = [ "mac=5a:36:0e:be:00:09" ]
+bootloader = "/usr/bin/pygrub"
+max_event_channels = 2047
+disk = [ "format=qcow2,vdev=xvda,access=rw,backendtype=qdisk,target=/var/lib/xen/images/debian/disk.qcow2" ]
Index: libvirt-6.0.0/tests/xlconfigdata/test-max-eventchannels.xml
===================================================================
--- /dev/null
+++ libvirt-6.0.0/tests/xlconfigdata/test-max-eventchannels.xml
@@ -0,0 +1,32 @@
+<domain type='xen'>
+ <name>XenGuest1</name>
+ <uuid>45b60f51-88a9-47a8-a3b3-5e66d71b2283</uuid>
+ <memory unit='KiB'>524288</memory>
+ <currentMemory unit='KiB'>524288</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <bootloader>/usr/bin/pygrub</bootloader>
+ <os>
+ <type arch='x86_64' machine='xenpv'>linux</type>
+ </os>
+ <clock offset='utc' adjustment='reset'/>
+ <on_poweroff>preserve</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>preserve</on_crash>
+ <devices>
+ <disk type='file' device='disk'>
+ <driver name='qemu' type='qcow2'/>
+ <source file='/var/lib/xen/images/debian/disk.qcow2'/>
+ <target dev='xvda' bus='xen'/>
+ </disk>
+ <controller type='xenbus' index='0' maxEventChannels='2047'/>
+ <interface type='ethernet'>
+ <mac address='5a:36:0e:be:00:09'/>
+ </interface>
+ <console type='pty'>
+ <target type='xen' port='0'/>
+ </console>
+ <input type='mouse' bus='xen'/>
+ <input type='keyboard' bus='xen'/>
+ <memballoon model='xen'/>
+ </devices>
+</domain>
Index: libvirt-6.0.0/tests/xlconfigdata/test-usbctrl.xml
===================================================================
--- libvirt-6.0.0.orig/tests/xlconfigdata/test-usbctrl.xml
+++ libvirt-6.0.0/tests/xlconfigdata/test-usbctrl.xml
@@ -18,8 +18,8 @@
<source file='/var/lib/xen/images/debian/disk.qcow2'/>
<target dev='xvda' bus='xen'/>
</disk>
- <controller type='usb' index='0' model='qusb2' ports='6'/>
<controller type='xenbus' index='0'/>
+ <controller type='usb' index='0' model='qusb2' ports='6'/>
<interface type='ethernet'>
<mac address='5a:36:0e:be:00:09'/>
</interface>
Index: libvirt-6.0.0/tests/xlconfigtest.c
===================================================================
--- libvirt-6.0.0.orig/tests/xlconfigtest.c
+++ libvirt-6.0.0/tests/xlconfigtest.c
@@ -294,6 +294,8 @@ mymain(void)
DO_TEST("max-gntframes");
#endif
+ DO_TEST("max-eventchannels");
+
DO_TEST("vif-typename");
DO_TEST("vif-multi-ip");
DO_TEST("usb");
++++++ 9bf9e0ae-CVE-2020-12430.patch ++++++
commit 9bf9e0ae6af38c806f4672ca7b12a6b38d5a9581
Author: Peter Krempa <pkrempa(a)redhat.com>
Date: Wed Feb 19 08:40:59 2020 +0100
qemuDomainGetStatsIOThread: Don't leak array with 0 iothreads
qemuMonitorGetIOThreads returns a NULL-terminated list even when 0
iothreads are present. The caller didn't perform cleanup if there were 0
iothreads leaking the array.
https://bugzilla.redhat.com/show_bug.cgi?id=1804548
Fixes: d1eac92784573559b6fd56836e33b215c89308e3
Reported-by: Jing Yan <jiyan(a)redhat.com>
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
Reviewed-by: Ján Tomko <jtomko(a)redhat.com>
Index: libvirt-6.0.0/src/qemu/qemu_driver.c
===================================================================
--- libvirt-6.0.0.orig/src/qemu/qemu_driver.c
+++ libvirt-6.0.0/src/qemu/qemu_driver.c
@@ -21511,8 +21511,12 @@ qemuDomainGetStatsIOThread(virQEMUDriver
if ((niothreads = qemuDomainGetIOThreadsMon(driver, dom, &iothreads)) < 0)
return -1;
- if (niothreads == 0)
- return 0;
+ /* qemuDomainGetIOThreadsMon returns a NULL-terminated list, so we must free
+ * it even if it returns 0 */
+ if (niothreads == 0) {
+ ret = 0;
+ goto cleanup;
+ }
if (virTypedParamListAddUInt(params, niothreads, "iothread.count") < 0)
goto cleanup;
++++++ 9cb8bc6f-xenconfig-refactor-features.patch ++++++
commit 9cb8bc6ff1ad80aba4d3c68756166a22e830d481
Author: Jim Fehlig <jfehlig(a)suse.com>
Date: Wed Apr 15 21:48:42 2020 -0600
libxl: refactor cpu and hypervisor feature parser/formatter
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
Reviewed-by: Michal Privoznik <mprivozn(a)redhat.com>
Index: libvirt-6.0.0/src/libxl/xen_common.c
===================================================================
--- libvirt-6.0.0.orig/src/libxl/xen_common.c
+++ libvirt-6.0.0/src/libxl/xen_common.c
@@ -493,15 +493,12 @@ xenParsePCIList(virConfPtr conf, virDoma
static int
-xenParseCPUFeatures(virConfPtr conf,
- virDomainDefPtr def,
- virDomainXMLOptionPtr xmlopt)
+xenParseCPU(virConfPtr conf,
+ virDomainDefPtr def,
+ virDomainXMLOptionPtr xmlopt)
{
unsigned long count = 0;
g_autofree char *cpus = NULL;
- g_autofree char *tsc_mode = NULL;
- int val = 0;
- virDomainTimerDefPtr timer;
if (xenConfigGetULong(conf, "vcpus", &count, 1) < 0)
return -1;
@@ -526,6 +523,17 @@ xenParseCPUFeatures(virConfPtr conf,
if (cpus && (virBitmapParse(cpus, &def->cpumask, 4096) < 0))
return -1;
+ return 0;
+}
+
+
+static int
+xenParseHypervisorFeatures(virConfPtr conf, virDomainDefPtr def)
+{
+ g_autofree char *tsc_mode = NULL;
+ virDomainTimerDefPtr timer;
+ int val = 0;
+
if (xenConfigGetString(conf, "tsc_mode", &tsc_mode, NULL) < 0)
return -1;
@@ -552,27 +560,26 @@ xenParseCPUFeatures(virConfPtr conf,
if (def->os.type == VIR_DOMAIN_OSTYPE_HVM) {
if (xenConfigGetBool(conf, "pae", &val, 1) < 0)
return -1;
-
else if (val)
def->features[VIR_DOMAIN_FEATURE_PAE] = VIR_TRISTATE_SWITCH_ON;
+
if (xenConfigGetBool(conf, "acpi", &val, 1) < 0)
return -1;
-
else if (val)
def->features[VIR_DOMAIN_FEATURE_ACPI] = VIR_TRISTATE_SWITCH_ON;
+
if (xenConfigGetBool(conf, "apic", &val, 1) < 0)
return -1;
-
else if (val)
def->features[VIR_DOMAIN_FEATURE_APIC] = VIR_TRISTATE_SWITCH_ON;
+
if (xenConfigGetBool(conf, "hap", &val, 1) < 0)
return -1;
-
else if (!val)
def->features[VIR_DOMAIN_FEATURE_HAP] = VIR_TRISTATE_SWITCH_OFF;
+
if (xenConfigGetBool(conf, "viridian", &val, 0) < 0)
return -1;
-
else if (val)
def->features[VIR_DOMAIN_FEATURE_VIRIDIAN] = VIR_TRISTATE_SWITCH_ON;
@@ -1483,7 +1490,10 @@ xenParseConfigCommon(virConfPtr conf,
if (xenParseEventsActions(conf, def) < 0)
return -1;
- if (xenParseCPUFeatures(conf, def, xmlopt) < 0)
+ if (xenParseCPU(conf, def, xmlopt) < 0)
+ return -1;
+
+ if (xenParseHypervisorFeatures(conf, def) < 0)
return -1;
if (xenParseTimeOffset(conf, def) < 0)
@@ -2115,7 +2125,7 @@ xenFormatCPUAllocation(virConfPtr conf,
static int
-xenFormatCPUFeatures(virConfPtr conf, virDomainDefPtr def)
+xenFormatHypervisorFeatures(virConfPtr conf, virDomainDefPtr def)
{
size_t i;
bool hvm = !!(def->os.type == VIR_DOMAIN_OSTYPE_HVM);
@@ -2422,7 +2432,7 @@ xenFormatConfigCommon(virConfPtr conf,
if (xenFormatCPUAllocation(conf, def) < 0)
return -1;
- if (xenFormatCPUFeatures(conf, def) < 0)
+ if (xenFormatHypervisorFeatures(conf, def) < 0)
return -1;
if (xenFormatTimeOffset(conf, def) < 0)
++++++ a30078cb-qemu-create-mp-target.patch ++++++
commit a30078cb832646177defd256e77c632905f1e6d0
Author: Michal Prívozník <mprivozn(a)redhat.com>
Date: Wed Nov 13 15:34:50 2019 +0100
qemu: Create multipath targets for PRs
If a disk has persistent reservations enabled, qemu-pr-helper
might open not only /dev/mapper/control but also individual
targets of the multipath device. We are already querying for them
in CGroups, but now we have to create them in the namespace too.
This was brought up in [1].
1: https://bugzilla.redhat.com/show_bug.cgi?id=1711045#c61
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
Tested-by: Lin Ma <LMa(a)suse.com>
Reviewed-by: Jim Fehlig <jfehlig(a)suse.com>
Index: libvirt-6.0.0/src/qemu/qemu_domain.c
===================================================================
--- libvirt-6.0.0.orig/src/qemu/qemu_domain.c
+++ libvirt-6.0.0/src/qemu/qemu_domain.c
@@ -62,6 +62,7 @@
#include "virdomainsnapshotobjlist.h"
#include "virdomaincheckpointobjlist.h"
#include "backup_conf.h"
+#include "virdevmapper.h"
#ifdef MAJOR_IN_MKDEV
# include <sys/mkdev.h>
@@ -14559,6 +14560,9 @@ qemuDomainSetupDisk(virQEMUDriverConfigP
int ret = -1;
for (next = disk->src; virStorageSourceIsBacking(next); next = next->backingStore) {
+ VIR_AUTOSTRINGLIST targetPaths = NULL;
+ size_t i;
+
if (next->type == VIR_STORAGE_TYPE_NVME) {
g_autofree char *nvmePath = NULL;
@@ -14577,6 +14581,19 @@ qemuDomainSetupDisk(virQEMUDriverConfigP
if (qemuDomainCreateDevice(next->path, data, false) < 0)
goto cleanup;
+
+ if (virDevMapperGetTargets(next->path, &targetPaths) < 0 &&
+ errno != ENOSYS && errno != EBADF) {
+ virReportSystemError(errno,
+ _("Unable to get devmapper targets for %s"),
+ next->path);
+ goto cleanup;
+ }
+
+ for (i = 0; targetPaths && targetPaths[i]; i++) {
+ if (qemuDomainCreateDevice(targetPaths[i], data, false) < 0)
+ goto cleanup;
+ }
}
}
@@ -15603,21 +15620,19 @@ qemuDomainNamespaceSetupDisk(virDomainOb
virStorageSourcePtr src)
{
virStorageSourcePtr next;
- char **paths = NULL;
+ VIR_AUTOSTRINGLIST paths = NULL;
size_t npaths = 0;
bool hasNVMe = false;
- g_autofree char *dmPath = NULL;
- g_autofree char *vfioPath = NULL;
- int ret = -1;
for (next = src; virStorageSourceIsBacking(next); next = next->backingStore) {
+ VIR_AUTOSTRINGLIST targetPaths = NULL;
g_autofree char *tmpPath = NULL;
if (next->type == VIR_STORAGE_TYPE_NVME) {
hasNVMe = true;
if (!(tmpPath = virPCIDeviceAddressGetIOMMUGroupDev(&next->nvme->pciAddr)))
- goto cleanup;
+ return -1;
} else {
if (virStorageSourceIsEmpty(next) ||
!virStorageSourceIsLocalStorage(next)) {
@@ -15628,30 +15643,35 @@ qemuDomainNamespaceSetupDisk(virDomainOb
tmpPath = g_strdup(next->path);
}
- if (VIR_APPEND_ELEMENT(paths, npaths, tmpPath) < 0)
- goto cleanup;
+ if (virStringListAdd(&paths, tmpPath) < 0)
+ return -1;
+
+ if (virDevMapperGetTargets(next->path, &targetPaths) < 0 &&
+ errno != ENOSYS && errno != EBADF) {
+ virReportSystemError(errno,
+ _("Unable to get devmapper targets for %s"),
+ next->path);
+ return -1;
+ }
+
+ if (virStringListMerge(&paths, &targetPaths) < 0)
+ return -1;
}
/* qemu-pr-helper might require access to /dev/mapper/control. */
- if (src->pr) {
- dmPath = g_strdup(QEMU_DEVICE_MAPPER_CONTROL_PATH);
- if (VIR_APPEND_ELEMENT_COPY(paths, npaths, dmPath) < 0)
- goto cleanup;
- }
+ if (src->pr &&
+ virStringListAdd(&paths, QEMU_DEVICE_MAPPER_CONTROL_PATH) < 0)
+ return -1;
- if (hasNVMe) {
- vfioPath = g_strdup(QEMU_DEV_VFIO);
- if (VIR_APPEND_ELEMENT(paths, npaths, vfioPath) < 0)
- goto cleanup;
- }
+ if (hasNVMe &&
+ virStringListAdd(&paths, QEMU_DEV_VFIO) < 0)
+ return -1;
+ npaths = virStringListLength((const char **) paths);
if (qemuDomainNamespaceMknodPaths(vm, (const char **) paths, npaths) < 0)
- goto cleanup;
+ return -1;
- ret = 0;
- cleanup:
- virStringListFreeCount(paths, npaths);
- return ret;
+ return 0;
}
Index: libvirt-6.0.0/src/util/virdevmapper.h
===================================================================
--- libvirt-6.0.0.orig/src/util/virdevmapper.h
+++ libvirt-6.0.0/src/util/virdevmapper.h
@@ -20,6 +20,8 @@
#pragma once
+#include "internal.h"
+
int
virDevMapperGetTargets(const char *path,
- char ***devPaths);
+ char ***devPaths) G_GNUC_NO_INLINE;
Index: libvirt-6.0.0/src/util/virutil.h
===================================================================
--- libvirt-6.0.0.orig/src/util/virutil.h
+++ libvirt-6.0.0/src/util/virutil.h
@@ -122,7 +122,7 @@ bool virValidateWWN(const char *wwn);
int virGetDeviceID(const char *path,
int *maj,
- int *min);
+ int *min) G_GNUC_NO_INLINE;
int virSetDeviceUnprivSGIO(const char *path,
const char *sysfs_dir,
int unpriv_sgio);
Index: libvirt-6.0.0/tests/qemuhotplugmock.c
===================================================================
--- libvirt-6.0.0.orig/tests/qemuhotplugmock.c
+++ libvirt-6.0.0/tests/qemuhotplugmock.c
@@ -19,7 +19,24 @@
#include <config.h>
#include "qemu/qemu_hotplug.h"
+#include "qemu/qemu_process.h"
#include "conf/domain_conf.h"
+#include "virdevmapper.h"
+#include "virutil.h"
+#include "virmock.h"
+
+static int (*real_virGetDeviceID)(const char *path, int *maj, int *min);
+static bool (*real_virFileExists)(const char *path);
+
+static void
+init_syms(void)
+{
+ if (real_virFileExists)
+ return;
+
+ VIR_MOCK_REAL_INIT(virGetDeviceID);
+ VIR_MOCK_REAL_INIT(virFileExists);
+}
unsigned long long
qemuDomainGetUnplugTimeout(virDomainObjPtr vm G_GNUC_UNUSED)
@@ -31,3 +48,61 @@ qemuDomainGetUnplugTimeout(virDomainObjP
return 200;
return 100;
}
+
+
+int
+virDevMapperGetTargets(const char *path,
+ char ***devPaths)
+{
+ *devPaths = NULL;
+
+ if (STREQ(path, "/dev/mapper/virt")) {
+ *devPaths = g_new(char *, 4);
+ (*devPaths)[0] = g_strdup("/dev/block/8:0"); /* /dev/sda */
+ (*devPaths)[1] = g_strdup("/dev/block/8:16"); /* /dev/sdb */
+ (*devPaths)[2] = g_strdup("/dev/block/8:32"); /* /dev/sdc */
+ (*devPaths)[3] = NULL;
+ }
+
+ return 0;
+}
+
+
+int
+virGetDeviceID(const char *path, int *maj, int *min)
+{
+ init_syms();
+
+ if (STREQ(path, "/dev/mapper/virt")) {
+ *maj = 254;
+ *min = 0;
+ return 0;
+ }
+
+ return real_virGetDeviceID(path, maj, min);
+}
+
+
+bool
+virFileExists(const char *path)
+{
+ init_syms();
+
+ if (STREQ(path, "/dev/mapper/virt"))
+ return true;
+
+ return real_virFileExists(path);
+}
+
+
+int
+qemuProcessStartManagedPRDaemon(virDomainObjPtr vm G_GNUC_UNUSED)
+{
+ return 0;
+}
+
+
+void
+qemuProcessKillManagedPRDaemon(virDomainObjPtr vm G_GNUC_UNUSED)
+{
+}
Index: libvirt-6.0.0/tests/qemuhotplugtest.c
===================================================================
--- libvirt-6.0.0.orig/tests/qemuhotplugtest.c
+++ libvirt-6.0.0/tests/qemuhotplugtest.c
@@ -87,6 +87,8 @@ qemuHotplugCreateObjects(virDomainXMLOpt
virQEMUCapsSet(priv->qemuCaps, QEMU_CAPS_VNC);
virQEMUCapsSet(priv->qemuCaps, QEMU_CAPS_SPICE);
virQEMUCapsSet(priv->qemuCaps, QEMU_CAPS_SPICE_FILE_XFER_DISABLE);
+ virQEMUCapsSet(priv->qemuCaps, QEMU_CAPS_PR_MANAGER_HELPER);
+ virQEMUCapsSet(priv->qemuCaps, QEMU_CAPS_SCSI_BLOCK);
if (qemuTestCapsCacheInsert(driver.qemuCapsCache, priv->qemuCaps) < 0)
return -1;
@@ -743,6 +745,17 @@ mymain(void)
"device_del", QMP_DEVICE_DELETED("scsi3-0-5-6") QMP_OK,
"human-monitor-command", HMP(""));
+ DO_TEST_ATTACH("base-live", "disk-scsi-multipath", false, true,
+ "object-add", QMP_OK,
+ "human-monitor-command", HMP("OK\\r\\n"),
+ "device_add", QMP_OK);
+ DO_TEST_DETACH("base-live", "disk-scsi-multipath", true, true,
+ "device_del", QMP_OK,
+ "human-monitor-command", HMP(""));
+ DO_TEST_DETACH("base-live", "disk-scsi-multipath", false, false,
+ "device_del", QMP_DEVICE_DELETED("scsi0-0-0-0") QMP_OK,
+ "human-monitor-command", HMP(""));
+
DO_TEST_ATTACH("base-live", "qemu-agent", false, true,
"chardev-add", QMP_OK,
"device_add", QMP_OK);
Index: libvirt-6.0.0/tests/qemuhotplugtestdevices/qemuhotplug-disk-scsi-multipath.xml
===================================================================
--- /dev/null
+++ libvirt-6.0.0/tests/qemuhotplugtestdevices/qemuhotplug-disk-scsi-multipath.xml
@@ -0,0 +1,8 @@
+<disk type='block' device='lun'>
+ <driver name='qemu' type='raw'/>
+ <source dev='/dev/mapper/virt'>
+ <reservations managed='yes'/>
+ </source>
+ <target dev='sda' bus='scsi'/>
+ <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+</disk>
Index: libvirt-6.0.0/tests/qemuhotplugtestdomains/qemuhotplug-base-live+disk-scsi-multipath.xml
===================================================================
--- /dev/null
+++ libvirt-6.0.0/tests/qemuhotplugtestdomains/qemuhotplug-base-live+disk-scsi-multipath.xml
@@ -0,0 +1,62 @@
+<domain type='kvm' id='7'>
+ <name>hotplug</name>
+ <uuid>d091ea82-29e6-2e34-3005-f02617b36e87</uuid>
+ <memory unit='KiB'>4194304</memory>
+ <currentMemory unit='KiB'>4194304</currentMemory>
+ <vcpu placement='static'>4</vcpu>
+ <os>
+ <type arch='x86_64' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <features>
+ <acpi/>
+ <apic/>
+ <pae/>
+ </features>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>restart</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <disk type='block' device='lun'>
+ <driver name='qemu' type='raw'/>
+ <source dev='/dev/mapper/virt'>
+ <reservations managed='yes'>
+ <source type='unix' path='/tmp/lib/domain-7-hotplug/pr-helper0.sock' mode='client'/>
+ </reservations>
+ </source>
+ <backingStore/>
+ <target dev='sda' bus='scsi'/>
+ <alias name='scsi0-0-0-0'/>
+ <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+ </disk>
+ <controller type='usb' index='0'>
+ <alias name='usb'/>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
+ </controller>
+ <controller type='ide' index='0'>
+ <alias name='ide'/>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
+ </controller>
+ <controller type='scsi' index='0' model='virtio-scsi'>
+ <alias name='scsi0'/>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
+ </controller>
+ <controller type='pci' index='0' model='pci-root'>
+ <alias name='pci'/>
+ </controller>
+ <controller type='virtio-serial' index='0'>
+ <alias name='virtio-serial0'/>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
+ </controller>
+ <input type='mouse' bus='ps2'>
+ <alias name='input0'/>
+ </input>
+ <input type='keyboard' bus='ps2'>
+ <alias name='input1'/>
+ </input>
+ <memballoon model='none'/>
+ </devices>
+ <seclabel type='none' model='none'/>
+</domain>
++++++ a551dd5f-intro-virHostCPUGetSignature.patch ++++++
commit a551dd5fdf71b252949e258eb49403df4d8db82d
Author: Jiri Denemark <jdenemar(a)redhat.com>
Date: Wed Apr 1 00:44:00 2020 +0200
hostcpu: Introduce virHostCPUGetSignature
The purpose of this function is to give a short description that would
be change when a host CPU is replaced with a different model. This is
currently implemented by reading /proc/cpuinfo.
It should be implemented for all architectures for which the QEMU driver
stores host CPU data in the capabilities cache. In other words for archs
that support host-model CPUs.
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
Reviewed-by: Ján Tomko <jtomko(a)redhat.com>
Index: libvirt-6.0.0/src/libvirt_private.syms
===================================================================
--- libvirt-6.0.0.orig/src/libvirt_private.syms
+++ libvirt-6.0.0/src/libvirt_private.syms
@@ -2151,9 +2151,11 @@ virHostCPUGetMSR;
virHostCPUGetOnline;
virHostCPUGetOnlineBitmap;
virHostCPUGetPresentBitmap;
+virHostCPUGetSignature;
virHostCPUGetStats;
virHostCPUGetThreadsPerSubcore;
virHostCPUHasBitmap;
+virHostCPUReadSignature;
virHostCPUStatsAssign;
Index: libvirt-6.0.0/src/util/virhostcpu.c
===================================================================
--- libvirt-6.0.0.orig/src/util/virhostcpu.c
+++ libvirt-6.0.0/src/util/virhostcpu.c
@@ -1398,3 +1398,40 @@ virHostCPUGetTscInfo(void)
#endif /* HAVE_LINUX_KVM_H && defined(KVM_GET_MSRS) && \
(defined(__i386__) || defined(__x86_64__)) && \
(defined(__linux__) || defined(__FreeBSD__)) */
+
+int
+virHostCPUReadSignature(virArch arch G_GNUC_UNUSED,
+ FILE *cpuinfo G_GNUC_UNUSED,
+ char **signature G_GNUC_UNUSED)
+{
+ return 0;
+}
+
+#ifdef __linux__
+
+int
+virHostCPUGetSignature(char **signature)
+{
+ g_autoptr(FILE) cpuinfo = NULL;
+
+ *signature = NULL;
+
+ if (!(cpuinfo = fopen(CPUINFO_PATH, "r"))) {
+ virReportSystemError(errno, _("Failed to open cpuinfo file '%s'"),
+ CPUINFO_PATH);
+ return -1;
+ }
+
+ return virHostCPUReadSignature(virArchFromHost(), cpuinfo, signature);
+}
+
+#else
+
+int
+virHostCPUGetSignature(char **signature)
+{
+ *signature = NULL;
+ return 0;
+}
+
+#endif /* __linux__ */
Index: libvirt-6.0.0/src/util/virhostcpu.h
===================================================================
--- libvirt-6.0.0.orig/src/util/virhostcpu.h
+++ libvirt-6.0.0/src/util/virhostcpu.h
@@ -78,3 +78,5 @@ int virHostCPUGetMSR(unsigned long index
uint64_t *msr);
virHostCPUTscInfoPtr virHostCPUGetTscInfo(void);
+
+int virHostCPUGetSignature(char **signature);
Index: libvirt-6.0.0/src/util/virhostcpupriv.h
===================================================================
--- libvirt-6.0.0.orig/src/util/virhostcpupriv.h
+++ libvirt-6.0.0/src/util/virhostcpupriv.h
@@ -42,3 +42,7 @@ int virHostCPUGetStatsLinux(FILE *procst
virNodeCPUStatsPtr params,
int *nparams);
#endif
+
+int virHostCPUReadSignature(virArch arch,
+ FILE *cpuinfo,
+ char **signature);
Index: libvirt-6.0.0/tests/virhostcputest.c
===================================================================
--- libvirt-6.0.0.orig/tests/virhostcputest.c
+++ libvirt-6.0.0/tests/virhostcputest.c
@@ -1,6 +1,7 @@
#include <config.h>
#include <unistd.h>
+#include <fcntl.h>
#include "testutils.h"
#include "internal.h"
@@ -193,6 +194,38 @@ linuxTestHostCPU(const void *opaque)
return result;
}
+
+static int
+hostCPUSignature(const void *opaque)
+{
+ const struct linuxTestHostCPUData *data = opaque;
+ const char *arch = virArchToString(data->arch);
+ g_autofree char *cpuinfo = NULL;
+ g_autofree char *expected = NULL;
+ g_autofree char *signature = NULL;
+ g_autoptr(FILE) f = NULL;
+
+ cpuinfo = g_strdup_printf("%s/virhostcpudata/linux-%s-%s.cpuinfo",
+ abs_srcdir, arch, data->testName);
+ expected = g_strdup_printf("%s/virhostcpudata/linux-%s-%s.signature",
+ abs_srcdir, arch, data->testName);
+
+ if (!(f = fopen(cpuinfo, "r"))) {
+ virReportSystemError(errno,
+ "Failed to open cpuinfo file '%s'", cpuinfo);
+ return -1;
+ }
+
+ if (virHostCPUReadSignature(data->arch, f, &signature) < 0)
+ return -1;
+
+ if (!signature && !virFileExists(expected))
+ return 0;
+
+ return virTestCompareToFile(signature, expected);
+}
+
+
struct nodeCPUStatsData {
const char *name;
int ncpus;
@@ -253,10 +286,17 @@ mymain(void)
if (virInitialize() < 0)
return EXIT_FAILURE;
- for (i = 0; i < G_N_ELEMENTS(nodeData); i++)
+ for (i = 0; i < G_N_ELEMENTS(nodeData); i++) {
+ g_autofree char *sigTest = NULL;
+
if (virTestRun(nodeData[i].testName, linuxTestHostCPU, &nodeData[i]) != 0)
ret = -1;
+ sigTest = g_strdup_printf("%s CPU signature", nodeData[i].testName);
+ if (virTestRun(sigTest, hostCPUSignature, &nodeData[i]) != 0)
+ ret = -1;
+ }
+
# define DO_TEST_CPU_STATS(name, ncpus) \
do { \
static struct nodeCPUStatsData data = { name, ncpus }; \
++++++ a63b48c5-CVE-2020-25637.patch ++++++
commit a63b48c5ecef077bf0f909a85f453a605600cf05
Author: Ján Tomko <jtomko(a)redhat.com>
Date: Fri Sep 18 17:56:37 2020 +0200
qemu: agent: set ifname to NULL after freeing
CVE-2020-25637
Signed-off-by: Ján Tomko <jtomko(a)redhat.com>
Reported-by: Ilja Van Sprundel <ivansprundel(a)ioactive.com>
Fixes: 0977b8aa071de550e1a013d35e2c72615e65d520
Reviewed-by: Mauro Matteo Cascella <mcascell(a)redhat.com>
Reviewed-by: Jiri Denemark <jdenemar(a)redhat.com>
Index: libvirt-6.0.0/src/qemu/qemu_agent.c
===================================================================
--- libvirt-6.0.0.orig/src/qemu/qemu_agent.c
+++ libvirt-6.0.0/src/qemu/qemu_agent.c
@@ -2395,6 +2395,7 @@ qemuAgentGetInterfaces(qemuAgentPtr mon,
/* Has to be freed for each interface. */
virStringListFree(ifname);
+ ifname = NULL;
/* as well as IP address which - moreover -
* can be presented multiple times */
++++++ a93f55c5-libxl-add-event-channels.patch ++++++
commit a93f55c53d83ec63fe703db38cb519465b1d2445
Author: Jim Fehlig <jfehlig(a)suse.com>
Date: Tue Apr 7 17:15:04 2020 -0600
libxl: Add support for max_event_channels
Add support for setting event_channels in libxl domain config object and
include a test to check that it is properly converted from XML to libxl
domain config.
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
Reviewed-by: Daniel P. Berrangé <berrange(a)redhat.com>
Index: libvirt-6.0.0/src/libxl/libxl_conf.c
===================================================================
--- libvirt-6.0.0.orig/src/libxl/libxl_conf.c
+++ libvirt-6.0.0/src/libxl/libxl_conf.c
@@ -381,13 +381,17 @@ libxlMakeDomBuildInfo(virDomainDefPtr de
b_info->max_memkb = virDomainDefGetMemoryInitial(def);
b_info->target_memkb = def->mem.cur_balloon;
-#ifdef LIBXL_HAVE_BUILDINFO_GRANT_LIMITS
for (i = 0; i < def->ncontrollers; i++) {
- if (def->controllers[i]->type == VIR_DOMAIN_CONTROLLER_TYPE_XENBUS &&
- def->controllers[i]->opts.xenbusopts.maxGrantFrames > 0)
- b_info->max_grant_frames = def->controllers[i]->opts.xenbusopts.maxGrantFrames;
- }
+ if (def->controllers[i]->type == VIR_DOMAIN_CONTROLLER_TYPE_XENBUS) {
+ if (def->controllers[i]->opts.xenbusopts.maxEventChannels > 0)
+ b_info->event_channels = def->controllers[i]->opts.xenbusopts.maxEventChannels;
+
+#ifdef LIBXL_HAVE_BUILDINFO_GRANT_LIMITS
+ if (def->controllers[i]->opts.xenbusopts.maxGrantFrames > 0)
+ b_info->max_grant_frames = def->controllers[i]->opts.xenbusopts.maxGrantFrames;
#endif
+ }
+ }
if (hvm || pvh) {
if (caps &&
Index: libvirt-6.0.0/tests/libxlxml2domconfigdata/max-eventchannels-hvm.json
===================================================================
--- /dev/null
+++ libvirt-6.0.0/tests/libxlxml2domconfigdata/max-eventchannels-hvm.json
@@ -0,0 +1,90 @@
+{
+ "c_info": {
+ "type": "hvm",
+ "name": "test-hvm",
+ "uuid": "2147d599-9cc6-c0dc-92ab-4064b5446e9b"
+ },
+ "b_info": {
+ "max_vcpus": 4,
+ "avail_vcpus": [
+ 0,
+ 1,
+ 2,
+ 3
+ ],
+ "max_memkb": 1048576,
+ "target_memkb": 1048576,
+ "video_memkb": 8192,
+ "shadow_memkb": 12288,
+ "event_channels": 2047,
+ "device_model_version": "qemu_xen",
+ "device_model": "/bin/true",
+ "sched_params": {
+
+ },
+ "type.hvm": {
+ "pae": "True",
+ "apic": "True",
+ "acpi": "True",
+ "vga": {
+ "kind": "cirrus"
+ },
+ "vnc": {
+ "enable": "True",
+ "listen": "0.0.0.0",
+ "findunused": "False"
+ },
+ "sdl": {
+ "enable": "False"
+ },
+ "spice": {
+
+ },
+ "boot": "c",
+ "rdm": {
+
+ }
+ },
+ "arch_arm": {
+
+ }
+ },
+ "disks": [
+ {
+ "pdev_path": "/var/lib/xen/images/test-hvm.img",
+ "vdev": "hda",
+ "backend": "qdisk",
+ "format": "raw",
+ "removable": 1,
+ "readwrite": 1
+ }
+ ],
+ "nics": [
+ {
+ "devid": 0,
+ "mac": "00:16:3e:66:12:b4",
+ "bridge": "br0",
+ "script": "/etc/xen/scripts/vif-bridge",
+ "nictype": "vif_ioemu"
+ }
+ ],
+ "vfbs": [
+ {
+ "devid": -1,
+ "vnc": {
+ "enable": "True",
+ "listen": "0.0.0.0",
+ "findunused": "False"
+ },
+ "sdl": {
+ "enable": "False"
+ }
+ }
+ ],
+ "vkbs": [
+ {
+ "devid": -1
+ }
+ ],
+ "on_reboot": "restart"
+}
Index: libvirt-6.0.0/tests/libxlxml2domconfigdata/max-eventchannels-hvm.xml
===================================================================
--- /dev/null
+++ libvirt-6.0.0/tests/libxlxml2domconfigdata/max-eventchannels-hvm.xml
@@ -0,0 +1,37 @@
+<domain type='xen'>
+ <name>test-hvm</name>
+ <description>None</description>
+ <uuid>2147d599-9cc6-c0dc-92ab-4064b5446e9b</uuid>
+ <memory>1048576</memory>
+ <currentMemory>1048576</currentMemory>
+ <vcpu>4</vcpu>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <clock offset='utc'/>
+ <os>
+ <type>hvm</type>
+ <loader>/usr/lib/xen/boot/hvmloader</loader>
+ <boot dev='hd'/>
+ </os>
+ <features>
+ <apic/>
+ <acpi/>
+ <pae/>
+ </features>
+ <devices>
+ <emulator>/bin/true</emulator>
+ <disk type='file' device='disk'>
+ <driver name='qemu'/>
+ <source file='/var/lib/xen/images/test-hvm.img'/>
+ <target dev='hda'/>
+ </disk>
+ <controller type='xenbus' maxEventChannels='2047'/>
+ <interface type='bridge'>
+ <source bridge='br0'/>
+ <mac address='00:16:3e:66:12:b4'/>
+ <script path='/etc/xen/scripts/vif-bridge'/>
+ </interface>
+ <graphics type='vnc' port='-1' autoport='yes' listen='0.0.0.0'/>
+ </devices>
+</domain>
Index: libvirt-6.0.0/tests/libxlxml2domconfigtest.c
===================================================================
--- libvirt-6.0.0.orig/tests/libxlxml2domconfigtest.c
+++ libvirt-6.0.0/tests/libxlxml2domconfigtest.c
@@ -202,6 +202,8 @@ mymain(void)
DO_TEST("max-gntframes-hvm");
# endif
+ DO_TEST("max-eventchannels-hvm");
+
unlink("libxl-driver.log");
testXLFreeDriver(driver);
++++++ ae9e6c2a-qemu-allow-cond-format-probe.patch ++++++
commit ae9e6c2a2b75d958995c661f7bb64ed4353a6404
Author: Peter Krempa <pkrempa(a)redhat.com>
Date: Mon Feb 17 10:08:25 2020 +0100
virStorageFileGetMetadataRecurse: Allow format probing under special circumstances
Allow format probing to work around lazy clients which did not specify
their format in the overlay. Format probing will be allowed only, if we
are able to probe the image, the probing result was successful and the
probed image does not have any backing or data file.
This relaxes the restrictions which were imposed in commit 3615e8b39bad
in cases when we know that the image probing will not result in security
issues or data corruption.
We perform the image format detection and in the case that we were able
to probe the format and the format does not specify a backing store (or
doesn't support backing store) we can use this format.
With pre-blockdev configurations this will restore the previous
behaviour for the images mentioned above as qemu would probe the format
anyways. It also improves error reporting compared to the old state as
we now report that the backing chain will be broken in case when there
is a backing file.
In blockdev configurations this ensures that libvirt will not cause data
corruption by ending the chain prematurely without notifying the user,
but still allows the old semantics when the users forgot to specify the
format.
Users thus don't have to re-invent when image format detection is safe
to do.
The price for this is that libvirt will need to keep the image format
detector still current and working or replace it by invocation of
qemu-img.
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange(a)redhat.com>
Index: libvirt-6.0.0/src/util/virstoragefile.c
===================================================================
--- libvirt-6.0.0.orig/src/util/virstoragefile.c
+++ libvirt-6.0.0/src/util/virstoragefile.c
@@ -4907,6 +4907,7 @@ virStorageFileGetMetadataRecurse(virStor
virHashTablePtr cycle,
unsigned int depth)
{
+ virStorageFileFormat orig_format = src->format;
int ret = -1;
const char *uniqueName;
ssize_t headerLen;
@@ -4919,10 +4920,17 @@ virStorageFileGetMetadataRecurse(virStor
src->path, src->format,
(unsigned int)uid, (unsigned int)gid);
+ if (src->format == VIR_STORAGE_FILE_AUTO_SAFE)
+ src->format = VIR_STORAGE_FILE_AUTO;
+
/* exit if we can't load information about the current image */
rv = virStorageFileSupportsBackingChainTraversal(src);
- if (rv <= 0)
+ if (rv <= 0) {
+ if (orig_format == VIR_STORAGE_FILE_AUTO)
+ return -2;
+
return rv;
+ }
if (virStorageFileInitAs(src, uid, gid) < 0)
return -1;
@@ -4960,6 +4968,18 @@ virStorageFileGetMetadataRecurse(virStor
&backingFormat) < 0)
goto cleanup;
+ /* If we probed the format we MUST ensure that nothing else than the current
+ * image (this includes both backing files and external data store) is
+ * considered for security labelling and/or recursion. */
+ if (orig_format == VIR_STORAGE_FILE_AUTO) {
+ if (src->backingStoreRaw || src->externalDataStoreRaw) {
+ src->format = VIR_STORAGE_FILE_RAW;
+ VIR_FREE(src->backingStoreRaw);
+ VIR_FREE(src->externalDataStoreRaw);
+ return -2;
+ }
+ }
+
if (src->backingStoreRaw) {
if ((rv = virStorageSourceNewFromBacking(src, &backingStore)) < 0)
goto cleanup;
@@ -4972,36 +4992,21 @@ virStorageFileGetMetadataRecurse(virStor
backingStore->format = backingFormat;
- if (backingStore->format == VIR_STORAGE_FILE_AUTO) {
- /* Assuming the backing store to be raw can lead to failures. We do
- * it only when we must not report an error to prevent losing VMs.
- * Otherwise report an error.
- */
- if (report_broken) {
+ if ((rv = virStorageFileGetMetadataRecurse(backingStore, parent,
+ uid, gid,
+ report_broken,
+ cycle, depth + 1)) < 0) {
+ if (!report_broken)
+ return 0;
+
+ if (rv == -2) {
virReportError(VIR_ERR_OPERATION_INVALID,
_("format of backing image '%s' of image '%s' was not specified in the image metadata "
"(See https://libvirt.org/kbase/backing_chains.html for troubleshooting)"),
src->backingStoreRaw, NULLSTR(src->path));
- return -1;
}
- backingStore->format = VIR_STORAGE_FILE_RAW;
- }
-
- if (backingStore->format == VIR_STORAGE_FILE_AUTO_SAFE)
- backingStore->format = VIR_STORAGE_FILE_AUTO;
-
- if ((ret = virStorageFileGetMetadataRecurse(backingStore, parent,
- uid, gid,
- report_broken,
- cycle, depth + 1)) < 0) {
- if (report_broken)
- goto cleanup;
-
- /* if we fail somewhere midway, just accept and return a
- * broken chain */
- ret = 0;
- goto cleanup;
+ return -1;
}
} else {
/* add terminator */
++++++ aeb909bf-qemu-multipath-fix.patch ++++++
commit aeb909bf9b4c3fa48d017475545df94f7c5d3b3a
Author: Michal Prívozník <mprivozn(a)redhat.com>
Date: Thu Mar 19 12:51:55 2020 +0100
qemu: Don't crash when getting targets for a multipath
In one of my previous commits I've introduced code that creates
all devices for given (possible) multipath target. But I've made
a mistake there - the code accesses 'next->path' without checking
if the disk source is local. Note that the 'next->path' is
NULL/doesn't make sense for VIR_STORAGE_TYPE_NVME.
Fixes: a30078cb832646177defd256e77c632905f1e6d0
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1814947
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
Reviewed-by: Peter Krempa <pkrempa(a)redhat.com>
Reviewed-by: Ján Tomko <jtomko(a)redhat.com>
Index: libvirt-6.0.0/src/qemu/qemu_domain.c
===================================================================
--- libvirt-6.0.0.orig/src/qemu/qemu_domain.c
+++ libvirt-6.0.0/src/qemu/qemu_domain.c
@@ -15625,7 +15625,6 @@ qemuDomainNamespaceSetupDisk(virDomainOb
bool hasNVMe = false;
for (next = src; virStorageSourceIsBacking(next); next = next->backingStore) {
- VIR_AUTOSTRINGLIST targetPaths = NULL;
g_autofree char *tmpPath = NULL;
if (next->type == VIR_STORAGE_TYPE_NVME) {
@@ -15634,6 +15633,8 @@ qemuDomainNamespaceSetupDisk(virDomainOb
if (!(tmpPath = virPCIDeviceAddressGetIOMMUGroupDev(&next->nvme->pciAddr)))
return -1;
} else {
+ VIR_AUTOSTRINGLIST targetPaths = NULL;
+
if (virStorageSourceIsEmpty(next) ||
!virStorageSourceIsLocalStorage(next)) {
/* Not creating device. Just continue. */
@@ -15641,20 +15642,20 @@ qemuDomainNamespaceSetupDisk(virDomainOb
}
tmpPath = g_strdup(next->path);
- }
- if (virStringListAdd(&paths, tmpPath) < 0)
- return -1;
+ if (virDevMapperGetTargets(next->path, &targetPaths) < 0 &&
+ errno != ENOSYS && errno != EBADF) {
+ virReportSystemError(errno,
+ _("Unable to get devmapper targets for %s"),
+ next->path);
+ return -1;
+ }
- if (virDevMapperGetTargets(next->path, &targetPaths) < 0 &&
- errno != ENOSYS && errno != EBADF) {
- virReportSystemError(errno,
- _("Unable to get devmapper targets for %s"),
- next->path);
- return -1;
+ if (virStringListMerge(&paths, &targetPaths) < 0)
+ return -1;
}
- if (virStringListMerge(&paths, &targetPaths) < 0)
+ if (virStringListAdd(&paths, tmpPath) < 0)
return -1;
}
++++++ b0cad42e-xen-dm-cmdline-passthrough.patch ++++++
commit b0cad42ef24ad379e2d7bc47cd8cd39dba5f35fa
Author: Jim Fehlig <jfehlig(a)suse.com>
Date: Thu Jul 30 13:25:20 2020 -0600
Xen: Add support for qemu command-line passthrough
Xen supports passing arbitrary arguments to the QEMU device model via
the 'extra' member of the public libxl_domain_build_info structure.
This patch adds a 'xen' namespace extension, similar to the QEMU and
bhyve drivers, to map arbitrary arguments to the 'extra' member. Only
passthrough of arguments is supported. Passthrough of environment
variables or capabilities adjustments is not supported.
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
Reviewed-by: Michal Privoznik <mprivozn(a)redhat.com>
Index: libvirt-6.0.0/docs/drvxen.html.in
===================================================================
--- libvirt-6.0.0.orig/docs/drvxen.html.in
+++ libvirt-6.0.0/docs/drvxen.html.in
@@ -141,6 +141,35 @@ vnclisten = "0.0.0.0"
disk = [ "tap:aio:/var/lib/xen/images/rhel5pv.img,xvda,w", "tap:qcow:/root/qcow1-xen.img,xvdd,w" ]
vif = [ "mac=00:16:3e:60:36:ba,bridge=virbr0,script=vif-bridge,vifname=vif5.0" ]</pre>
+ <h2><a id="xencommand">Pass-through of arbitrary command-line arguments
+ to the qemu device model</a></h2>
+
+ <p><span class="since">Since 6.7.0</span>, the Xen driver supports passing
+ arbitrary command-line arguments to the qemu device model used by Xen with
+ the <code><xen:commandline></code> element under <code>domain</code>.
+ In order to use command-line pass-through, an XML namespace request must be
+ issued that pulls in <code>http://libvirt.org/schemas/domain/xen/1.0</code>.
+ With the namespace in place, it is then possible to add
+ <code><xen:arg></code>sub-elements to
+ <code><xen:commandline></code> describing each argument passed to
+ the device model when starting the domain.
+ </p>
+ <p>The following example illustrates passing agruments to the QEMU device
+ model that define a floppy drive, which Xen does not support through its
+ public APIs:
+ </p>
+ <pre>
+<domain type="xen" xmlns:xen="http://libvirt.org/schemas/domain/xen/1.0">
+ ...
+ <xen:commandline>
+ <xen:arg value='-drive'/>
+ <xen:arg value='file=/path/to/image,format=raw,if=none,id=drive-fdc0-0-0'/>
+ <xen:arg value='-global'/>
+ <xen:arg value='isa-fdc.driveA=drive-fdc0-0-0'/>
+ </xen:commandline>
+</domain>
+ </pre>
+
<h2><a id="xmlconfig">Example domain XML config</a></h2>
<p>
Index: libvirt-6.0.0/docs/schemas/domaincommon.rng
===================================================================
--- libvirt-6.0.0.orig/docs/schemas/domaincommon.rng
+++ libvirt-6.0.0/docs/schemas/domaincommon.rng
@@ -87,6 +87,9 @@
<optional>
<ref name='bhyvecmdline'/>
</optional>
+ <optional>
+ <ref name='xencmdline'/>
+ </optional>
</interleave>
</element>
</define>
@@ -6417,6 +6420,20 @@
<zeroOrMore>
<element name="arg">
<attribute name='value'/>
+ </element>
+ </zeroOrMore>
+ </element>
+ </define>
+
+ <!--
+ Optional hypervisor extensions in their own namespace:
+ Xen
+ -->
+ <define name="xencmdline">
+ <element name="commandline" ns="http://libvirt.org/schemas/domain/xen/1.0">
+ <zeroOrMore>
+ <element name="arg">
+ <attribute name='value'/>
</element>
</zeroOrMore>
</element>
Index: libvirt-6.0.0/src/libxl/libxl_conf.c
===================================================================
--- libvirt-6.0.0.orig/src/libxl/libxl_conf.c
+++ libvirt-6.0.0/src/libxl/libxl_conf.c
@@ -761,6 +761,13 @@ libxlMakeDomBuildInfo(virDomainDefPtr de
libxl_get_required_shadow_memory(b_info->max_memkb,
b_info->max_vcpus);
+ if (def->namespaceData) {
+ libxlDomainXmlNsDefPtr nsdata = def->namespaceData;
+
+ if (nsdata->num_args > 0)
+ b_info->extra = g_strdupv(nsdata->args);
+ }
+
return 0;
}
@@ -2512,5 +2519,6 @@ libxlCreateXMLConf(libxlDriverPrivatePtr
libxlDomainDefParserConfig.priv = driver;
return virDomainXMLOptionNew(&libxlDomainDefParserConfig,
&libxlDomainXMLPrivateDataCallbacks,
- NULL, NULL, NULL);
+ &libxlDriverDomainXMLNamespace,
+ NULL, NULL);
}
Index: libvirt-6.0.0/src/libxl/libxl_conf.h
===================================================================
--- libvirt-6.0.0.orig/src/libxl/libxl_conf.h
+++ libvirt-6.0.0/src/libxl/libxl_conf.h
@@ -162,6 +162,14 @@ struct _libxlSavefileHeader {
uint32_t unused[10];
};
+
+typedef struct _libxlDomainXmlNsDef libxlDomainXmlNsDef;
+typedef libxlDomainXmlNsDef *libxlDomainXmlNsDefPtr;
+struct _libxlDomainXmlNsDef {
+ size_t num_args;
+ char **args;
+};
+
libxlDriverConfigPtr
libxlDriverConfigNew(void);
Index: libvirt-6.0.0/src/libxl/libxl_domain.c
===================================================================
--- libvirt-6.0.0.orig/src/libxl/libxl_domain.c
+++ libvirt-6.0.0/src/libxl/libxl_domain.c
@@ -1562,3 +1562,85 @@ libxlDomainDefCheckABIStability(libxlDri
virDomainDefFree(migratableDefDst);
return ret;
}
+
+
+static void
+libxlDomainDefNamespaceFree(void *nsdata)
+{
+ libxlDomainXmlNsDefPtr def = nsdata;
+
+ if (!def)
+ return;
+
+ g_strfreev(def->args);
+ g_free(def);
+}
+
+
+static int
+libxlDomainDefNamespaceParse(xmlXPathContextPtr ctxt,
+ void **data)
+{
+ libxlDomainXmlNsDefPtr nsdata = NULL;
+ g_autofree xmlNodePtr *nodes = NULL;
+ ssize_t nnodes;
+ size_t i;
+ int ret = -1;
+
+ if ((nnodes = virXPathNodeSet("./xen:commandline/xen:arg", ctxt, &nodes)) < 0)
+ return -1;
+
+ if (nnodes == 0)
+ return 0;
+
+ nsdata = g_new0(libxlDomainXmlNsDef, 1);
+ nsdata->args = g_new0(char *, nnodes + 1);
+
+ for (i = 0; i < nnodes; i++) {
+ if (!(nsdata->args[nsdata->num_args++] = virXMLPropString(nodes[i], "value"))) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("No device model command-line argument specified"));
+ goto cleanup;
+ }
+ }
+
+ *data = g_steal_pointer(&nsdata);
+ ret = 0;
+
+ cleanup:
+ libxlDomainDefNamespaceFree(nsdata);
+ return ret;
+}
+
+
+static int
+libxlDomainDefNamespaceFormatXML(virBufferPtr buf,
+ void *nsdata)
+{
+ libxlDomainXmlNsDefPtr cmd = nsdata;
+ size_t i;
+
+ if (!cmd->num_args)
+ return 0;
+
+ virBufferAddLit(buf, "<xen:commandline>\n");
+ virBufferAdjustIndent(buf, 2);
+
+ for (i = 0; i < cmd->num_args; i++)
+ virBufferEscapeString(buf, "<xen:arg value='%s'/>\n",
+ cmd->args[i]);
+
+ virBufferAdjustIndent(buf, -2);
+ virBufferAddLit(buf, "</xen:commandline>\n");
+
+ return 0;
+}
+
+
+virXMLNamespace libxlDriverDomainXMLNamespace = {
+ .parse = libxlDomainDefNamespaceParse,
+ .free = libxlDomainDefNamespaceFree,
+ .format = libxlDomainDefNamespaceFormatXML,
+ .prefix = "xen",
+ .uri = "http://libvirt.org/schemas/domain/xen/1.0",
+};
Index: libvirt-6.0.0/src/libxl/libxl_domain.h
===================================================================
--- libvirt-6.0.0.orig/src/libxl/libxl_domain.h
+++ libvirt-6.0.0/src/libxl/libxl_domain.h
@@ -77,6 +77,7 @@ struct _libxlDomainObjPrivate {
extern virDomainXMLPrivateDataCallbacks libxlDomainXMLPrivateDataCallbacks;
extern virDomainDefParserConfig libxlDomainDefParserConfig;
+extern virXMLNamespace libxlDriverDomainXMLNamespace;
extern const struct libxl_event_hooks ev_hooks;
int
++++++ b196f8fc-CVE-2020-15708-doc.patch ++++++
libvirtd.conf: Add a note about polkit auth in SUSE
Polkit auth is enabled by default in SUSE distros. As a result,
libvirt's read-write socket has SocketMode=0666. This would
result in an insecure configuration if the user were to disable
polkit. Add a note warning the user to change SocketMode if
disabling polkit auth. See bsc#1174955 for more details.
CVE-2020-15708
Inspired by upstream commit b196f8fcdd
Index: libvirt-6.0.0/src/remote/libvirtd.conf.in
===================================================================
--- libvirt-6.0.0.orig/src/remote/libvirtd.conf.in
+++ libvirt-6.0.0/src/remote/libvirtd.conf.in
@@ -145,20 +145,29 @@
# is allowed read/only access.
#
# Set an authentication scheme for UNIX read-only sockets
+#
# By default socket permissions allow anyone to connect
#
-# To restrict monitoring of domains you may wish to enable
-# an authentication mechanism here
-#auth_unix_ro = "none"
+# SUSE note:
+# Polkit is the default authentication scheme for the read-only
+# socket. libvirt will authenticate read-only socket connections
+# with polkit, but the default polkit policy allows any local
+# user access to libvirt's monitoring APIs.
+#
+# To restrict monitoring of domains you may wish to either
+# enable 'sasl' here, or change the polkit policy definition.
+#auth_unix_ro = "polkit"
# Set an authentication scheme for UNIX read-write sockets
-# By default socket permissions only allow root. If PolicyKit
-# support was compiled into libvirt, the default will be to
-# use 'polkit' auth.
#
-# If the unix_sock_rw_perms are changed you may wish to enable
-# an authentication mechanism here
-#auth_unix_rw = "none"
+# SUSE note:
+# Polkit is the default authentication scheme for the read-write
+# socket. The systemd .socket file uses SocketMode=0666, which
+# allows any user to connect. However, the default polkit policy
+# will only authenticate the root user. If you disable use of
+# 'polkit' here, then it is essential to change the systemd
+# SocketMode parameter to 0600 to avoid an insecure configuration.
+#auth_unix_rw = "polkit"
@CUT_ENABLE_IP@
# Change the authentication scheme for TCP sockets.
Index: libvirt-6.0.0/src/remote/test_libvirtd.aug.in
===================================================================
--- libvirt-6.0.0.orig/src/remote/test_libvirtd.aug.in
+++ libvirt-6.0.0/src/remote/test_libvirtd.aug.in
@@ -14,8 +14,8 @@ module Test_@DAEMON_NAME@ =
{ "unix_sock_rw_perms" = "0770" }
{ "unix_sock_admin_perms" = "0700" }
{ "unix_sock_dir" = "@runstatedir@/libvirt" }
- { "auth_unix_ro" = "none" }
- { "auth_unix_rw" = "none" }
+ { "auth_unix_ro" = "polkit" }
+ { "auth_unix_rw" = "polkit" }
@CUT_ENABLE_IP@
{ "auth_tcp" = "sasl" }
{ "auth_tls" = "none" }
++++++ b523e225-xenconfig-passthrough.patch ++++++
commit b523e22521afe733165869c9e1ae18e88536acd6
Author: Jim Fehlig <jfehlig(a)suse.com>
Date: Thu Apr 16 08:31:48 2020 -0600
xenconfig: Add support for 'passthrough' hypervisor feature
Add support for xl.cfg(5) 'passthrough' option in the domXML-to-xenconfig
configuration converter.
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
Reviewed-by: Michal Privoznik <mprivozn(a)redhat.com>
Index: libvirt-6.0.0/src/libvirt_private.syms
===================================================================
--- libvirt-6.0.0.orig/src/libvirt_private.syms
+++ libvirt-6.0.0/src/libvirt_private.syms
@@ -642,6 +642,8 @@ virDomainWatchdogActionTypeToString;
virDomainWatchdogDefFree;
virDomainWatchdogModelTypeFromString;
virDomainWatchdogModelTypeToString;
+virDomainXenPassthroughModeTypeFromString;
+virDomainXenPassthroughModeTypeToString;
virDomainXMLOptionGetNamespace;
virDomainXMLOptionGetSaveCookie;
virDomainXMLOptionNew;
Index: libvirt-6.0.0/src/libxl/xen_common.c
===================================================================
--- libvirt-6.0.0.orig/src/libxl/xen_common.c
+++ libvirt-6.0.0/src/libxl/xen_common.c
@@ -530,14 +530,14 @@ xenParseCPU(virConfPtr conf,
static int
xenParseHypervisorFeatures(virConfPtr conf, virDomainDefPtr def)
{
- g_autofree char *tsc_mode = NULL;
+ g_autofree char *strval = NULL;
virDomainTimerDefPtr timer;
int val = 0;
- if (xenConfigGetString(conf, "tsc_mode", &tsc_mode, NULL) < 0)
+ if (xenConfigGetString(conf, "tsc_mode", &strval, NULL) < 0)
return -1;
- if (tsc_mode) {
+ if (strval) {
if (VIR_EXPAND_N(def->clock.timers, def->clock.ntimers, 1) < 0 ||
VIR_ALLOC(timer) < 0)
return -1;
@@ -547,16 +547,40 @@ xenParseHypervisorFeatures(virConfPtr co
timer->tickpolicy = -1;
timer->mode = VIR_DOMAIN_TIMER_MODE_AUTO;
timer->track = -1;
- if (STREQ_NULLABLE(tsc_mode, "always_emulate"))
+ if (STREQ_NULLABLE(strval, "always_emulate"))
timer->mode = VIR_DOMAIN_TIMER_MODE_EMULATE;
- else if (STREQ_NULLABLE(tsc_mode, "native"))
+ else if (STREQ_NULLABLE(strval, "native"))
timer->mode = VIR_DOMAIN_TIMER_MODE_NATIVE;
- else if (STREQ_NULLABLE(tsc_mode, "native_paravirt"))
+ else if (STREQ_NULLABLE(strval, "native_paravirt"))
timer->mode = VIR_DOMAIN_TIMER_MODE_PARAVIRT;
def->clock.timers[def->clock.ntimers - 1] = timer;
}
+ if (xenConfigGetString(conf, "passthrough", &strval, NULL) < 0)
+ return -1;
+
+ if (strval) {
+ if (STREQ(strval, "disabled")) {
+ def->features[VIR_DOMAIN_FEATURE_XEN] = VIR_TRISTATE_SWITCH_OFF;
+ def->xen_features[VIR_DOMAIN_XEN_PASSTHROUGH] = VIR_TRISTATE_SWITCH_OFF;
+ } else if (STREQ(strval, "enabled")) {
+ def->features[VIR_DOMAIN_FEATURE_XEN] = VIR_TRISTATE_SWITCH_ON;
+ def->xen_features[VIR_DOMAIN_XEN_PASSTHROUGH] = VIR_TRISTATE_SWITCH_ON;
+ } else if (STREQ(strval, "sync_pt")) {
+ def->features[VIR_DOMAIN_FEATURE_XEN] = VIR_TRISTATE_SWITCH_ON;
+ def->xen_features[VIR_DOMAIN_XEN_PASSTHROUGH] = VIR_TRISTATE_SWITCH_ON;
+ def->xen_passthrough_mode = VIR_DOMAIN_XEN_PASSTHROUGH_MODE_SYNC_PT;
+ } else if (STREQ(strval, "share_pt")) {
+ def->features[VIR_DOMAIN_FEATURE_XEN] = VIR_TRISTATE_SWITCH_ON;
+ def->xen_features[VIR_DOMAIN_XEN_PASSTHROUGH] = VIR_TRISTATE_SWITCH_ON;
+ def->xen_passthrough_mode = VIR_DOMAIN_XEN_PASSTHROUGH_MODE_SHARE_PT;
+ } else {
+ virReportError(VIR_ERR_CONF_SYNTAX,
+ _("Invalid passthrough mode %s"), strval);
+ }
+ }
+
if (def->os.type == VIR_DOMAIN_OSTYPE_HVM) {
if (xenConfigGetBool(conf, "pae", &val, 1) < 0)
return -1;
@@ -2163,6 +2187,20 @@ xenFormatHypervisorFeatures(virConfPtr c
}
}
+ if (def->features[VIR_DOMAIN_FEATURE_XEN] == VIR_TRISTATE_SWITCH_ON) {
+ if (def->xen_features[VIR_DOMAIN_XEN_PASSTHROUGH] == VIR_TRISTATE_SWITCH_ON) {
+ if (def->xen_passthrough_mode == VIR_DOMAIN_XEN_PASSTHROUGH_MODE_SYNC_PT ||
+ def->xen_passthrough_mode == VIR_DOMAIN_XEN_PASSTHROUGH_MODE_SHARE_PT) {
+ if (xenConfigSetString(conf, "passthrough",
+ virDomainXenPassthroughModeTypeToString(def->xen_passthrough_mode)) < 0)
+ return -1;
+ } else {
+ if (xenConfigSetString(conf, "passthrough", "enabled") < 0)
+ return -1;
+ }
+ }
+ }
+
for (i = 0; i < def->clock.ntimers; i++) {
switch ((virDomainTimerNameType)def->clock.timers[i]->name) {
case VIR_DOMAIN_TIMER_NAME_TSC:
++++++ b611b620-check-s390-secure-guest.patch ++++++
commit b611b620ceaf940017ba4d0b8b0638869c751509
Author: Paulo de Rezende Pinatti <ppinatti(a)linux.ibm.com>
Date: Mon Jun 15 10:28:07 2020 +0200
qemu: Check if s390 secure guest support is enabled
This patch introduces a common function to verify if the
availability of the so-called Secure Guest feature on the host
has changed in order to invalidate the qemu capabilities cache.
It can be used as an entry point for verification on different
architectures.
For s390 the verification consists of:
- checking if /sys/firmware/uv is available: meaning the HW
facility is available and the host OS supports it;
- checking if the kernel cmdline contains 'prot_virt=1': meaning
the host OS wants to use the feature.
Whenever the availability of the feature does not match the secure
guest flag in the cache then libvirt will re-build it in order to
pick up the new set of capabilities available.
Signed-off-by: Paulo de Rezende Pinatti <ppinatti(a)linux.ibm.com>
Signed-off-by: Boris Fiuczynski <fiuczy(a)linux.ibm.com>
Tested-by: Viktor Mihajlovski <mihajlov(a)linux.ibm.com>
Reviewed-by: Bjoern Walk <bwalk(a)linux.ibm.com>
Reviewed-by: Erik Skultety <eskultet(a)redhat.com>
Index: libvirt-6.0.0/src/qemu/qemu_capabilities.c
===================================================================
--- libvirt-6.0.0.orig/src/qemu/qemu_capabilities.c
+++ libvirt-6.0.0/src/qemu/qemu_capabilities.c
@@ -23,6 +23,7 @@
#include "qemu_capabilities.h"
#include "viralloc.h"
+#include "virarch.h"
#include "vircrypto.h"
#include "virlog.h"
#include "virerror.h"
@@ -608,6 +609,7 @@ struct _virQEMUCaps {
bool usedQMP;
bool kvmSupportsNesting;
+ bool kvmSupportsSecureGuest;
char *binary;
time_t ctime;
@@ -1769,6 +1771,7 @@ virQEMUCapsPtr virQEMUCapsNewCopy(virQEM
ret->invalidation = qemuCaps->invalidation;
ret->usedQMP = qemuCaps->usedQMP;
ret->kvmSupportsNesting = qemuCaps->kvmSupportsNesting;
+ ret->kvmSupportsSecureGuest = qemuCaps->kvmSupportsSecureGuest;
ret->ctime = qemuCaps->ctime;
@@ -4091,6 +4094,9 @@ virQEMUCapsLoadCache(virArch hostArch,
if (virXPathBoolean("boolean(./kvmSupportsNesting)", ctxt) > 0)
qemuCaps->kvmSupportsNesting = true;
+ if (virXPathBoolean("boolean(./kvmSupportsSecureGuest)", ctxt) > 0)
+ qemuCaps->kvmSupportsSecureGuest = true;
+
ret = 0;
cleanup:
VIR_FREE(str);
@@ -4325,6 +4331,9 @@ virQEMUCapsFormatCache(virQEMUCapsPtr qe
if (qemuCaps->kvmSupportsNesting)
virBufferAddLit(&buf, "<kvmSupportsNesting/>\n");
+ if (qemuCaps->kvmSupportsSecureGuest)
+ virBufferAddLit(&buf, "<kvmSupportsSecureGuest/>\n");
+
virBufferAdjustIndent(&buf, -2);
virBufferAddLit(&buf, "</qemuCaps>\n");
@@ -4364,6 +4373,49 @@ virQEMUCapsSaveFile(void *data,
}
+/*
+ * Check whether IBM Secure Execution (S390) is enabled
+ */
+static bool
+virQEMUCapsKVMSupportsSecureGuestS390(void)
+{
+
+ g_autofree char *cmdline = NULL;
+ static const char *kValues[] = {"y", "Y", "on", "ON", "oN", "On", "1"};
+
+ if (!virFileIsDir("/sys/firmware/uv"))
+ return false;
+
+ if (virFileReadValueString(&cmdline, "/proc/cmdline") < 0)
+ return false;
+
+ /* we're prefix matching rather than equality matching here, because kernel
+ * would treat even something like prot_virt='yFOO' as enabled */
+ if (virKernelCmdlineMatchParam(cmdline, "prot_virt", kValues,
+ G_N_ELEMENTS(kValues),
+ VIR_KERNEL_CMDLINE_FLAGS_SEARCH_FIRST |
+ VIR_KERNEL_CMDLINE_FLAGS_CMP_PREFIX))
+ return true;
+
+ return false;
+}
+
+
+/*
+ * Check whether the secure guest functionality is enabled.
+ * See the specific architecture function for details on the verifications made.
+ */
+static bool
+virQEMUCapsKVMSupportsSecureGuest(void)
+{
+ virArch arch = virArchFromHost();
+
+ if (ARCH_IS_S390(arch))
+ return virQEMUCapsKVMSupportsSecureGuestS390();
+ return false;
+}
+
+
/* Check the kernel module parameters 'nested' file to determine if enabled
*
* Intel: 'kvm_intel' uses 'Y'
@@ -4543,6 +4595,13 @@ virQEMUCapsIsValid(void *data,
qemuCaps->binary, qemuCaps->kvmSupportsNesting);
return false;
}
+
+ if (virQEMUCapsKVMSupportsSecureGuest() != qemuCaps->kvmSupportsSecureGuest) {
+ VIR_DEBUG("Outdated capabilities for '%s': kvm kernel secure guest "
+ "value changed from %d",
+ qemuCaps->binary, qemuCaps->kvmSupportsSecureGuest);
+ return false;
+ }
}
return true;
@@ -5010,6 +5069,8 @@ virQEMUCapsNewForBinaryInternal(virArch
qemuCaps->kernelVersion = g_strdup(kernelVersion);
qemuCaps->kvmSupportsNesting = virQEMUCapsKVMSupportsNesting();
+
+ qemuCaps->kvmSupportsSecureGuest = virQEMUCapsKVMSupportsSecureGuest();
}
return qemuCaps;
++++++ b7d6648d-conf-add-e820-host.patch ++++++
commit b7d6648d436fe0a99d4faf0f99c88a27a7bfea33
Author: Marek Marczykowski-Górecki <marmarek(a)invisiblethingslab.com>
Date: Tue Apr 14 04:37:04 2020 +0200
conf: add xen specific feature: e820_host
e820_host is a Xen-specific option, only available for PV domains, that
provides the domain a virtual e820 memory map based on the host one. It
is enabled with a new Xen hypervisor feature, e.g.
<features>
<xen>
<e820_host state='on'/>
</xen>
</features>
e820_host is required when using PCI passthrough and is generally
considered safe for any PV kernel. e820_host is silently ignored if set
in HVM domain configuration. See xl.cfg(5) man page in the Xen
documentation for more details.
Signed-off-by: Marek Marczykowski-Górecki <marmarek(a)invisiblethingslab.com>
Reviewed-by: Jim Fehlig <jfehlig(a)suse.com>
Index: libvirt-6.0.0/docs/formatdomain.html.in
===================================================================
--- libvirt-6.0.0.orig/docs/formatdomain.html.in
+++ libvirt-6.0.0/docs/formatdomain.html.in
@@ -2053,6 +2053,9 @@
<hidden state='on'/>
<hint-dedicated state='on'/>
</kvm>
+ <xen>
+ <e820_host state='on'/>
+ </xen>
<pvspinlock state='on'/>
<gic version='2'/>
<ioapic driver='qemu'/>
@@ -2234,6 +2237,23 @@
</tr>
</table>
</dd>
+ <dt><code>xen</code></dt>
+ <dd>Various features to change the behavior of the Xen hypervisor.
+ <table class="top_table">
+ <tr>
+ <th>Feature</th>
+ <th>Description</th>
+ <th>Value</th>
+ <th>Since</th>
+ </tr>
+ <tr>
+ <td>e820_host</td>
+ <td>Expose the host e820 to the guest (PV only)</td>
+ <td>on, off</td>
+ <td><span class="since">6.3.0</span></td>
+ </tr>
+ </table>
+ </dd>
<dt><code>pmu</code></dt>
<dd>Depending on the <code>state</code> attribute (values <code>on</code>,
<code>off</code>, default <code>on</code>) enable or disable the
Index: libvirt-6.0.0/docs/schemas/domaincommon.rng
===================================================================
--- libvirt-6.0.0.orig/docs/schemas/domaincommon.rng
+++ libvirt-6.0.0/docs/schemas/domaincommon.rng
@@ -5106,6 +5106,9 @@
<ref name="kvm"/>
</optional>
<optional>
+ <ref name="xen"/>
+ </optional>
+ <optional>
<element name="privnet">
<empty/>
</element>
@@ -6074,6 +6077,19 @@
<ref name="featurestate"/>
</element>
</optional>
+ </interleave>
+ </element>
+ </define>
+
+ <!-- Optional Xen features -->
+ <define name="xen">
+ <element name="xen">
+ <interleave>
+ <optional>
+ <element name="e820_host">
+ <ref name="featurestate"/>
+ </element>
+ </optional>
</interleave>
</element>
</define>
Index: libvirt-6.0.0/src/conf/domain_conf.c
===================================================================
--- libvirt-6.0.0.orig/src/conf/domain_conf.c
+++ libvirt-6.0.0/src/conf/domain_conf.c
@@ -172,6 +172,7 @@ VIR_ENUM_IMPL(virDomainFeature,
"nested-hv",
"msrs",
"ccf-assist",
+ "xen",
);
VIR_ENUM_IMPL(virDomainCapabilitiesPolicy,
@@ -205,6 +206,11 @@ VIR_ENUM_IMPL(virDomainKVM,
"hint-dedicated",
);
+VIR_ENUM_IMPL(virDomainXen,
+ VIR_DOMAIN_XEN_LAST,
+ "e820_host"
+);
+
VIR_ENUM_IMPL(virDomainMsrsUnknown,
VIR_DOMAIN_MSRS_UNKNOWN_LAST,
"ignore",
@@ -20349,6 +20355,7 @@ virDomainDefParseXML(xmlDocPtr xml,
case VIR_DOMAIN_FEATURE_HYPERV:
case VIR_DOMAIN_FEATURE_KVM:
case VIR_DOMAIN_FEATURE_MSRS:
+ case VIR_DOMAIN_FEATURE_XEN:
def->features[val] = VIR_TRISTATE_SWITCH_ON;
break;
@@ -20659,6 +20666,51 @@ virDomainDefParseXML(xmlDocPtr xml,
VIR_FREE(nodes);
}
+ if (def->features[VIR_DOMAIN_FEATURE_XEN] == VIR_TRISTATE_SWITCH_ON) {
+ int feature;
+ int value;
+ if ((n = virXPathNodeSet("./features/xen/*", ctxt, &nodes)) < 0)
+ goto error;
+
+ for (i = 0; i < n; i++) {
+ feature = virDomainXenTypeFromString((const char *)nodes[i]->name);
+ if (feature < 0) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("unsupported Xen feature: %s"),
+ nodes[i]->name);
+ goto error;
+ }
+
+ switch ((virDomainXen) feature) {
+ case VIR_DOMAIN_XEN_E820_HOST:
+ if (!(tmp = virXMLPropString(nodes[i], "state"))) {
+ virReportError(VIR_ERR_XML_ERROR,
+ _("missing 'state' attribute for "
+ "Xen feature '%s'"),
+ nodes[i]->name);
+ goto error;
+ }
+
+ if ((value = virTristateSwitchTypeFromString(tmp)) < 0) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("invalid value of state argument "
+ "for Xen feature '%s'"),
+ nodes[i]->name);
+ goto error;
+ }
+
+ VIR_FREE(tmp);
+ def->xen_features[feature] = value;
+ break;
+
+ /* coverity[dead_error_begin] */
+ case VIR_DOMAIN_XEN_LAST:
+ break;
+ }
+ }
+ VIR_FREE(nodes);
+ }
+
if (def->features[VIR_DOMAIN_FEATURE_SMM] == VIR_TRISTATE_SWITCH_ON) {
int rv = virDomainParseScaledValue("string(./features/smm/tseg)",
"string(./features/smm/tseg/@unit)",
@@ -22651,6 +22703,7 @@ virDomainDefFeaturesCheckABIStability(vi
case VIR_DOMAIN_FEATURE_PRIVNET:
case VIR_DOMAIN_FEATURE_HYPERV:
case VIR_DOMAIN_FEATURE_KVM:
+ case VIR_DOMAIN_FEATURE_XEN:
case VIR_DOMAIN_FEATURE_PVSPINLOCK:
case VIR_DOMAIN_FEATURE_PMU:
case VIR_DOMAIN_FEATURE_VMPORT:
@@ -22822,6 +22875,30 @@ virDomainDefFeaturesCheckABIStability(vi
}
}
+ /* xen */
+ if (src->features[VIR_DOMAIN_FEATURE_XEN] == VIR_TRISTATE_SWITCH_ON) {
+ for (i = 0; i < VIR_DOMAIN_XEN_LAST; i++) {
+ switch ((virDomainXen) i) {
+ case VIR_DOMAIN_XEN_E820_HOST:
+ if (src->xen_features[i] != dst->xen_features[i]) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("State of Xen feature '%s' differs: "
+ "source: '%s', destination: '%s'"),
+ virDomainXenTypeToString(i),
+ virTristateSwitchTypeToString(src->xen_features[i]),
+ virTristateSwitchTypeToString(dst->xen_features[i]));
+ return false;
+ }
+
+ break;
+
+ /* coverity[dead_error_begin] */
+ case VIR_DOMAIN_XEN_LAST:
+ break;
+ }
+ }
+ }
+
/* kvm */
if (src->features[VIR_DOMAIN_FEATURE_KVM] == VIR_TRISTATE_SWITCH_ON) {
for (i = 0; i < VIR_DOMAIN_KVM_LAST; i++) {
@@ -28304,6 +28381,31 @@ virDomainDefFormatFeatures(virBufferPtr
virBufferAddLit(&childBuf, "</kvm>\n");
break;
+ case VIR_DOMAIN_FEATURE_XEN:
+ if (def->features[i] != VIR_TRISTATE_SWITCH_ON)
+ break;
+
+ virBufferAddLit(&childBuf, "<xen>\n");
+ virBufferAdjustIndent(&childBuf, 2);
+ for (j = 0; j < VIR_DOMAIN_XEN_LAST; j++) {
+ switch ((virDomainXen) j) {
+ case VIR_DOMAIN_XEN_E820_HOST:
+ if (def->xen_features[j])
+ virBufferAsprintf(&childBuf, "<%s state='%s'/>\n",
+ virDomainXenTypeToString(j),
+ virTristateSwitchTypeToString(
+ def->xen_features[j]));
+ break;
+
+ /* coverity[dead_error_begin] */
+ case VIR_DOMAIN_XEN_LAST:
+ break;
+ }
+ }
+ virBufferAdjustIndent(&childBuf, -2);
+ virBufferAddLit(&childBuf, "</xen>\n");
+ break;
+
case VIR_DOMAIN_FEATURE_CAPABILITIES:
for (j = 0; j < VIR_DOMAIN_PROCES_CAPS_FEATURE_LAST; j++) {
if (def->caps_features[j] != VIR_TRISTATE_SWITCH_ABSENT)
Index: libvirt-6.0.0/src/conf/domain_conf.h
===================================================================
--- libvirt-6.0.0.orig/src/conf/domain_conf.h
+++ libvirt-6.0.0/src/conf/domain_conf.h
@@ -1765,6 +1765,7 @@ typedef enum {
VIR_DOMAIN_FEATURE_NESTED_HV,
VIR_DOMAIN_FEATURE_MSRS,
VIR_DOMAIN_FEATURE_CCF_ASSIST,
+ VIR_DOMAIN_FEATURE_XEN,
VIR_DOMAIN_FEATURE_LAST
} virDomainFeature;
@@ -1811,6 +1812,12 @@ typedef enum {
} virDomainMsrsUnknown;
typedef enum {
+ VIR_DOMAIN_XEN_E820_HOST = 0,
+
+ VIR_DOMAIN_XEN_LAST
+} virDomainXen;
+
+typedef enum {
VIR_DOMAIN_CAPABILITIES_POLICY_DEFAULT = 0,
VIR_DOMAIN_CAPABILITIES_POLICY_ALLOW,
VIR_DOMAIN_CAPABILITIES_POLICY_DENY,
@@ -2429,6 +2436,7 @@ struct _virDomainDef {
int hyperv_features[VIR_DOMAIN_HYPERV_LAST];
int kvm_features[VIR_DOMAIN_KVM_LAST];
int msrs_features[VIR_DOMAIN_MSRS_LAST];
+ int xen_features[VIR_DOMAIN_XEN_LAST];
unsigned int hyperv_spinlocks;
int hyperv_stimer_direct;
virGICVersion gic_version;
@@ -3467,6 +3475,7 @@ VIR_ENUM_DECL(virDomainGraphicsSpiceMous
VIR_ENUM_DECL(virDomainGraphicsVNCSharePolicy);
VIR_ENUM_DECL(virDomainHyperv);
VIR_ENUM_DECL(virDomainKVM);
+VIR_ENUM_DECL(virDomainXen);
VIR_ENUM_DECL(virDomainMsrsUnknown);
VIR_ENUM_DECL(virDomainRNGModel);
VIR_ENUM_DECL(virDomainRNGBackend);
++++++ baselibs.conf ++++++
libvirt-client
requires -libvirt-<targettype>
libvirt-devel
requires -libvirt-<targettype>
++++++ bed32525-tests-check-passthrough.patch ++++++
commit bed325253681fa61537b01be821538479fa9df60
Author: Jim Fehlig <jfehlig(a)suse.com>
Date: Fri Apr 17 14:19:16 2020 -0600
tests: check conversion of passthrough hypervisor feature
Add a new test to check the 'mode' attribute of the passthrough element
and augment an existing, related test to check enablement of the
passthrough element only.
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
Reviewed-by: Michal Privoznik <mprivozn(a)redhat.com>
Index: libvirt-6.0.0/tests/xlconfigdata/test-fullvirt-hypervisor-features.cfg
===================================================================
--- /dev/null
+++ libvirt-6.0.0/tests/xlconfigdata/test-fullvirt-hypervisor-features.cfg
@@ -0,0 +1,26 @@
+name = "XenGuest2"
+uuid = "c7a5fdb2-cdaf-9455-926a-d65c16db1809"
+maxmem = 579
+memory = 394
+vcpus = 1
+pae = 1
+acpi = 1
+apic = 1
+viridian = 0
+passthrough = "share_pt"
+rtc_timeoffset = 0
+localtime = 0
+on_poweroff = "destroy"
+on_reboot = "restart"
+on_crash = "restart"
+device_model = "/usr/lib/xen/bin/qemu-system-i386"
+sdl = 0
+vnc = 1
+vncunused = 1
+vnclisten = "127.0.0.1"
+vif = [ "mac=00:16:3e:66:92:9c,bridge=xenbr1,script=vif-bridge,model=e1000" ]
+parallel = "none"
+serial = "none"
+builder = "hvm"
+boot = "c"
+disk = [ "format=raw,vdev=hda,access=rw,backendtype=phy,target=/dev/HostVG/XenGuest2" ]
Index: libvirt-6.0.0/tests/xlconfigdata/test-fullvirt-hypervisor-features.xml
===================================================================
--- /dev/null
+++ libvirt-6.0.0/tests/xlconfigdata/test-fullvirt-hypervisor-features.xml
@@ -0,0 +1,50 @@
+<domain type='xen'>
+ <name>XenGuest2</name>
+ <uuid>c7a5fdb2-cdaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>592896</memory>
+ <currentMemory unit='KiB'>403456</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='x86_64' machine='xenfv'>hvm</type>
+ <loader type='rom'>/usr/lib/xen/boot/hvmloader</loader>
+ <boot dev='hd'/>
+ </os>
+ <features>
+ <acpi/>
+ <apic/>
+ <pae/>
+ <xen>
+ <passthrough state='on' mode='share_pt'/>
+ </xen>
+ </features>
+ <clock offset='variable' adjustment='0' basis='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>restart</on_crash>
+ <devices>
+ <emulator>/usr/lib/xen/bin/qemu-system-i386</emulator>
+ <disk type='block' device='disk'>
+ <driver name='phy' type='raw'/>
+ <source dev='/dev/HostVG/XenGuest2'/>
+ <target dev='hda' bus='ide'/>
+ <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+ </disk>
+ <controller type='xenbus' index='0'/>
+ <controller type='ide' index='0'/>
+ <interface type='bridge'>
+ <mac address='00:16:3e:66:92:9c'/>
+ <source bridge='xenbr1'/>
+ <script path='vif-bridge'/>
+ <model type='e1000'/>
+ </interface>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <graphics type='vnc' port='-1' autoport='yes' listen='127.0.0.1'>
+ <listen type='address' address='127.0.0.1'/>
+ </graphics>
+ <video>
+ <model type='cirrus' vram='8192' heads='1' primary='yes'/>
+ </video>
+ <memballoon model='xen'/>
+ </devices>
+</domain>
Index: libvirt-6.0.0/tests/xlconfigdata/test-paravirt-e820_host.cfg
===================================================================
--- libvirt-6.0.0.orig/tests/xlconfigdata/test-paravirt-e820_host.cfg
+++ libvirt-6.0.0/tests/xlconfigdata/test-paravirt-e820_host.cfg
@@ -4,6 +4,7 @@ maxmem = 512
memory = 512
vcpus = 4
e820_host = 1
+passthrough = "enabled"
localtime = 0
on_poweroff = "preserve"
on_reboot = "restart"
Index: libvirt-6.0.0/tests/xlconfigdata/test-paravirt-e820_host.xml
===================================================================
--- libvirt-6.0.0.orig/tests/xlconfigdata/test-paravirt-e820_host.xml
+++ libvirt-6.0.0/tests/xlconfigdata/test-paravirt-e820_host.xml
@@ -11,6 +11,7 @@
<features>
<xen>
<e820_host state='on'/>
+ <passthrough state='on'/>
</xen>
</features>
<clock offset='utc' adjustment='reset'/>
Index: libvirt-6.0.0/tests/xlconfigtest.c
===================================================================
--- libvirt-6.0.0.orig/tests/xlconfigtest.c
+++ libvirt-6.0.0/tests/xlconfigtest.c
@@ -301,6 +301,9 @@ mymain(void)
DO_TEST("usb");
DO_TEST("usbctrl");
DO_TEST("paravirt-e820_host");
+#ifdef LIBXL_HAVE_CREATEINFO_PASSTHROUGH
+ DO_TEST("fullvirt-hypervisor-features");
+#endif
testXLFreeDriver(driver);
++++++ c5fffb95-kernel-cmdline-parser.patch ++++++
commit c5fffb959d93b83d87e70b21d19424e9722700b0
Author: Paulo de Rezende Pinatti <ppinatti(a)linux.ibm.com>
Date: Mon Jun 15 10:28:06 2020 +0200
util: Introduce a parser for kernel cmdline arguments
Introduce two utility functions to parse a kernel command
line string according to the kernel code parsing rules in
order to enable the caller to perform operations such as
verifying whether certain argument=value combinations are
present or retrieving an argument's value.
Signed-off-by: Paulo de Rezende Pinatti <ppinatti(a)linux.ibm.com>
Signed-off-by: Boris Fiuczynski <fiuczy(a)linux.ibm.com>
Reviewed-by: Erik Skultety <eskultet(a)redhat.com>
Index: libvirt-6.0.0/src/libvirt_private.syms
===================================================================
--- libvirt-6.0.0.orig/src/libvirt_private.syms
+++ libvirt-6.0.0/src/libvirt_private.syms
@@ -3393,6 +3393,8 @@ virHostGetDRMRenderNode;
virHostHasIOMMU;
virIndexToDiskName;
virIsDevMapperDevice;
+virKernelCmdlineMatchParam;
+virKernelCmdlineNextParam;
virMemoryLimitIsSet;
virMemoryLimitTruncate;
virMemoryMaxValue;
Index: libvirt-6.0.0/src/util/virutil.c
===================================================================
--- libvirt-6.0.0.orig/src/util/virutil.c
+++ libvirt-6.0.0/src/util/virutil.c
@@ -1712,3 +1712,188 @@ virHostGetDRMRenderNode(void)
VIR_DIR_CLOSE(driDir);
return ret;
}
+
+
+static const char *virKernelCmdlineSkipQuote(const char *cmdline,
+ bool *is_quoted)
+{
+ if (cmdline[0] == '"') {
+ *is_quoted = !(*is_quoted);
+ cmdline++;
+ }
+ return cmdline;
+}
+
+
+/**
+ * virKernelCmdlineFindEqual:
+ * @cmdline: target kernel command line string
+ * @is_quoted: indicates whether the string begins with quotes
+ * @res: pointer to the position immediately after the parsed parameter,
+ * can be used in subsequent calls to process further parameters until
+ * the end of the string.
+ *
+ * Iterate over the provided kernel command line string while honoring
+ * the kernel quoting rules and returns the index of the equal sign
+ * separating argument and value.
+ *
+ * Returns 0 for the cases where no equal sign is found or the argument
+ * itself begins with the equal sign (both cases indicating that the
+ * argument has no value). Otherwise, returns the index of the equal
+ * sign in the string.
+ */
+static size_t virKernelCmdlineFindEqual(const char *cmdline,
+ bool is_quoted,
+ const char **res)
+{
+ size_t i;
+ size_t equal_index = 0;
+
+ for (i = 0; cmdline[i]; i++) {
+ if (!(is_quoted) && g_ascii_isspace(cmdline[i]))
+ break;
+ if (equal_index == 0 && cmdline[i] == '=') {
+ equal_index = i;
+ continue;
+ }
+ virKernelCmdlineSkipQuote(cmdline + i, &is_quoted);
+ }
+ *res = cmdline + i;
+ return equal_index;
+}
+
+
+static char* virKernelArgNormalize(const char *arg)
+{
+ return virStringReplace(arg, "_", "-");
+}
+
+
+/**
+ * virKernelCmdlineNextParam:
+ * @cmdline: kernel command line string to be checked for next parameter
+ * @param: pointer to hold retrieved parameter, will be NULL if none found
+ * @val: pointer to hold retrieved value of @param
+ *
+ * Parse the kernel cmdline and store the next parameter in @param
+ * and the value of @param in @val which can be NULL if @param has
+ * no value. In addition returns the address right after @param=@value
+ * for possible further processing.
+ *
+ * Returns a pointer to address right after @param=@val in the
+ * kernel command line, will point to the string's end (NULL)
+ * in case no next parameter is found
+ */
+const char *virKernelCmdlineNextParam(const char *cmdline,
+ char **param,
+ char **val)
+{
+ const char *next;
+ int equal_index;
+ bool is_quoted = false;
+ *param = NULL;
+ *val = NULL;
+
+ virSkipSpaces(&cmdline);
+ cmdline = virKernelCmdlineSkipQuote(cmdline, &is_quoted);
+ equal_index = virKernelCmdlineFindEqual(cmdline, is_quoted, &next);
+
+ if (next == cmdline)
+ return next;
+
+ /* param has no value */
+ if (equal_index == 0) {
+ if (is_quoted && next[-1] == '"')
+ *param = g_strndup(cmdline, next - cmdline - 1);
+ else
+ *param = g_strndup(cmdline, next - cmdline);
+ return next;
+ }
+
+ *param = g_strndup(cmdline, equal_index);
+
+ if (cmdline[equal_index + 1] == '"') {
+ is_quoted = true;
+ equal_index++;
+ }
+
+ if (is_quoted && next[-1] == '"')
+ *val = g_strndup(cmdline + equal_index + 1,
+ next - cmdline - equal_index - 2);
+ else
+ *val = g_strndup(cmdline + equal_index + 1,
+ next - cmdline - equal_index - 1);
+ return next;
+}
+
+
+static bool virKernelCmdlineStrCmp(const char *kernel_val,
+ const char *caller_val,
+ virKernelCmdlineFlags flags)
+{
+ if (flags & VIR_KERNEL_CMDLINE_FLAGS_CMP_PREFIX)
+ return STRPREFIX(kernel_val, caller_val);
+ return STREQ(kernel_val, caller_val);
+}
+
+
+/**
++ * virKernelCmdlineMatchParam:
++ * @cmdline: kernel command line string to be checked for @arg
++ * @arg: kernel command line argument
++ * @values: array of possible values to match @arg
++ * @len_values: size of array, it can be 0 meaning a match will be positive if
+ * the argument has no value.
+ * @flags: bitwise-OR of virKernelCmdlineFlags
+ *
+ * Try to match the provided kernel cmdline string with the provided @arg
+ * and the list @values of possible values according to the matching strategy
+ * defined in @flags.
+ *
+ *
+ * Returns true if a match is found, false otherwise
+ */
+bool virKernelCmdlineMatchParam(const char *cmdline,
+ const char *arg,
+ const char **values,
+ size_t len_values,
+ virKernelCmdlineFlags flags)
+{
+ bool match = false;
+ size_t i;
+ const char *next = cmdline;
+ g_autofree char *arg_norm = virKernelArgNormalize(arg);
+
+ while (next[0] != '\0') {
+ g_autofree char *kparam = NULL;
+ g_autofree char *kparam_norm = NULL;
+ g_autofree char *kval = NULL;
+
+ next = virKernelCmdlineNextParam(next, &kparam, &kval);
+
+ if (!kparam)
+ break;
+
+ kparam_norm = virKernelArgNormalize(kparam);
+
+ if (STRNEQ(kparam_norm, arg_norm))
+ continue;
+
+ if (!kval) {
+ match = (len_values == 0) ? true : false;
+ } else {
+ match = false;
+ for (i = 0; i < len_values; i++) {
+ if (virKernelCmdlineStrCmp(kval, values[i], flags)) {
+ match = true;
+ break;
+ }
+ }
+ }
+
+ if (match && (flags & VIR_KERNEL_CMDLINE_FLAGS_SEARCH_FIRST))
+ break;
+ }
+
+ return match;
+}
Index: libvirt-6.0.0/src/util/virutil.h
===================================================================
--- libvirt-6.0.0.orig/src/util/virutil.h
+++ libvirt-6.0.0/src/util/virutil.h
@@ -149,6 +149,40 @@ bool virHostHasIOMMU(void);
char *virHostGetDRMRenderNode(void) G_GNUC_NO_INLINE;
+/* Kernel cmdline match and comparison strategy for arg=value pairs */
+typedef enum {
+ /* substring comparison of argument values */
+ VIR_KERNEL_CMDLINE_FLAGS_CMP_PREFIX = 1,
+
+ /* strict string comparison of argument values */
+ VIR_KERNEL_CMDLINE_FLAGS_CMP_EQ = 2,
+
+ /* look for any occurrence of the argument with the expected value,
+ * this should be used when an argument set to the expected value overrides
+ * all the other occurrences of the argument, e.g. when looking for 'arg=1'
+ * in 'arg=0 arg=1 arg=0' the search would succeed with this flag
+ */
+ VIR_KERNEL_CMDLINE_FLAGS_SEARCH_FIRST = 4,
+
+ /* look for the last occurrence of argument with the expected value,
+ * this should be used when the last occurrence of the argument overrides
+ * all the other ones, e.g. when looking for 'arg=1' in 'arg=0 arg=1' the
+ * search would succeed with this flag, but in 'arg=1 arg=0' it would not,
+ * because 'arg=0' overrides all the previous occurrences of 'arg'
+ */
+ VIR_KERNEL_CMDLINE_FLAGS_SEARCH_LAST = 8,
+} virKernelCmdlineFlags;
+
+const char *virKernelCmdlineNextParam(const char *cmdline,
+ char **param,
+ char **val);
+
+bool virKernelCmdlineMatchParam(const char *cmdline,
+ const char *arg,
+ const char **values,
+ size_t len_values,
+ virKernelCmdlineFlags flags);
+
/**
* VIR_ASSIGN_IS_OVERFLOW:
* @rvalue: value that is checked (evaluated twice)
Index: libvirt-6.0.0/tests/utiltest.c
===================================================================
--- libvirt-6.0.0.orig/tests/utiltest.c
+++ libvirt-6.0.0/tests/utiltest.c
@@ -254,6 +254,140 @@ testOverflowCheckMacro(const void *data
}
+struct testKernelCmdlineNextParamData
+{
+ const char *cmdline;
+ const char *param;
+ const char *val;
+ const char *next;
+};
+
+static struct testKernelCmdlineNextParamData kEntries[] = {
+ { "arg1 arg2 arg3=val1", "arg1", NULL, " arg2 arg3=val1" },
+ { "arg1=val1 arg2 arg3=val3 arg4", "arg1", "val1", " arg2 arg3=val3 arg4" },
+ { "arg1=sub1=val1,sub2=val2 arg3=val3 arg4", "arg1", "sub1=val1,sub2=val2", " arg3=val3 arg4" },
+ { "arg3=val3 ", "arg3", "val3", " " },
+ { "arg3=val3", "arg3", "val3", "" },
+ { "arg-3=val3 arg4", "arg-3", "val3", " arg4" },
+ { " arg_3=val3 arg4", "arg_3", "val3", " arg4" },
+ { "arg2=\"value with space\" arg3=val3", "arg2", "value with space", " arg3=val3" },
+ { " arg2=\"value with space\" arg3=val3", "arg2", "value with space", " arg3=val3" },
+ { " \"arg2=value with space\" arg3=val3", "arg2", "value with space", " arg3=val3" },
+ { "arg2=\"val\"ue arg3", "arg2", "val\"ue", " arg3" },
+ { "arg2=value\" long\" arg3", "arg2", "value\" long\"", " arg3" },
+ { " \"arg2 with space=value with space\" arg3", "arg2 with space", "value with space", " arg3" },
+ { " arg2\" with space=val2\" arg3", "arg2\" with space", "val2\"", " arg3" },
+ { " arg2longer=someval\" long\" arg2=val2", "arg2longer", "someval\" long\"", " arg2=val2" },
+ { "=val1 arg2=val2", "=val1", NULL, " arg2=val2" },
+ { " ", NULL, NULL, "" },
+ { "", NULL, NULL, "" },
+};
+
+static int
+testKernelCmdlineNextParam(const void *data G_GNUC_UNUSED)
+{
+ const char *next;
+ size_t i;
+
+ for (i = 0; i < G_N_ELEMENTS(kEntries); ++i) {
+ g_autofree char * param = NULL;
+ g_autofree char * val = NULL;
+
+ next = virKernelCmdlineNextParam(kEntries[i].cmdline, ¶m, &val);
+
+ if (STRNEQ_NULLABLE(param, kEntries[i].param) ||
+ STRNEQ_NULLABLE(val, kEntries[i].val) ||
+ STRNEQ(next, kEntries[i].next)) {
+ VIR_TEST_DEBUG("\nKernel cmdline [%s]", kEntries[i].cmdline);
+ VIR_TEST_DEBUG("Expect param [%s]", kEntries[i].param);
+ VIR_TEST_DEBUG("Actual param [%s]", param);
+ VIR_TEST_DEBUG("Expect value [%s]", kEntries[i].val);
+ VIR_TEST_DEBUG("Actual value [%s]", val);
+ VIR_TEST_DEBUG("Expect next [%s]", kEntries[i].next);
+ VIR_TEST_DEBUG("Actual next [%s]", next);
+
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+
+struct testKernelCmdlineMatchData
+{
+ const char *cmdline;
+ const char *arg;
+ const char *values[2];
+ virKernelCmdlineFlags flags;
+ bool result;
+};
+
+static struct testKernelCmdlineMatchData kMatchEntries[] = {
+ {"arg1 myarg=no arg2=val2 myarg=yes arg4=val4 myarg=no arg5", "myarg", {"1", "y"}, VIR_KERNEL_CMDLINE_FLAGS_SEARCH_FIRST | VIR_KERNEL_CMDLINE_FLAGS_CMP_EQ, false },
+ {"arg1 myarg=no arg2=val2 myarg=yes arg4=val4 myarg=no arg5", "myarg", {"on", "yes"}, VIR_KERNEL_CMDLINE_FLAGS_SEARCH_FIRST | VIR_KERNEL_CMDLINE_FLAGS_CMP_EQ, true },
+ {"arg1 myarg=no arg2=val2 myarg=yes arg4=val4 myarg=no arg5", "myarg", {"1", "y"}, VIR_KERNEL_CMDLINE_FLAGS_SEARCH_FIRST | VIR_KERNEL_CMDLINE_FLAGS_CMP_PREFIX, true },
+ {"arg1 myarg=no arg2=val2 myarg=yes arg4=val4 myarg=no arg5", "myarg", {"a", "b"}, VIR_KERNEL_CMDLINE_FLAGS_SEARCH_FIRST | VIR_KERNEL_CMDLINE_FLAGS_CMP_PREFIX, false },
+ {"arg1 myarg=no arg2=val2 myarg=yes arg4=val4 myarg=no arg5", "myarg", {"on", "yes"}, VIR_KERNEL_CMDLINE_FLAGS_SEARCH_LAST | VIR_KERNEL_CMDLINE_FLAGS_CMP_EQ, false },
+ {"arg1 myarg=no arg2=val2 myarg=yes arg4=val4 myarg=no arg5", "myarg", {"1", "y"}, VIR_KERNEL_CMDLINE_FLAGS_SEARCH_LAST | VIR_KERNEL_CMDLINE_FLAGS_CMP_PREFIX, false },
+ {"arg1 myarg=no arg2=val2 arg4=val4 myarg=yes arg5", "myarg", {"on", "yes"}, VIR_KERNEL_CMDLINE_FLAGS_SEARCH_LAST | VIR_KERNEL_CMDLINE_FLAGS_CMP_EQ, true },
+ {"arg1 myarg=no arg2=val2 arg4=val4 myarg=yes arg5", "myarg", {"1", "y"}, VIR_KERNEL_CMDLINE_FLAGS_SEARCH_LAST | VIR_KERNEL_CMDLINE_FLAGS_CMP_PREFIX, true },
+ {"arg1 myarg=no arg2=val2 arg4=val4 myarg arg5", "myarg", {NULL, NULL}, VIR_KERNEL_CMDLINE_FLAGS_SEARCH_LAST, true },
+ {"arg1 myarg arg2=val2 arg4=val4 myarg=yes arg5", "myarg", {NULL, NULL}, VIR_KERNEL_CMDLINE_FLAGS_SEARCH_FIRST, true },
+ {"arg1 myarg arg2=val2 arg4=val4 myarg=yes arg5", "myarg", {NULL, NULL}, VIR_KERNEL_CMDLINE_FLAGS_SEARCH_LAST, false },
+ {"arg1 my-arg=no arg2=val2 arg4=val4 my_arg=yes arg5", "my-arg", {"on", "yes"}, VIR_KERNEL_CMDLINE_FLAGS_SEARCH_LAST, true },
+ {"arg1 my-arg=no arg2=val2 arg4=val4 my_arg=yes arg5 ", "my-arg", {"on", "yes"}, VIR_KERNEL_CMDLINE_FLAGS_SEARCH_LAST | VIR_KERNEL_CMDLINE_FLAGS_CMP_EQ, true },
+ {"arg1 my-arg arg2=val2 arg4=val4 my_arg=yes arg5", "my_arg", {NULL, NULL}, VIR_KERNEL_CMDLINE_FLAGS_SEARCH_FIRST, true },
+ {"arg1 my-arg arg2=val2 arg4=val4 my-arg=yes arg5", "my_arg", {NULL, NULL}, VIR_KERNEL_CMDLINE_FLAGS_SEARCH_FIRST, true },
+ {"=arg1 my-arg arg2=val2 arg4=val4 my-arg=yes arg5", "my_arg", {NULL, NULL}, VIR_KERNEL_CMDLINE_FLAGS_SEARCH_FIRST, true },
+ {"my-arg =arg1 arg2=val2 arg4=val4 my-arg=yes arg5", "=arg1", {NULL, NULL}, VIR_KERNEL_CMDLINE_FLAGS_SEARCH_LAST, true },
+ {"arg1 arg2=val2 myarg=sub1=val1 arg5", "myarg", {"sub1=val1", NULL}, VIR_KERNEL_CMDLINE_FLAGS_SEARCH_LAST, true },
+ {"arg1 arg2=", "arg2", {"", ""}, VIR_KERNEL_CMDLINE_FLAGS_SEARCH_LAST | VIR_KERNEL_CMDLINE_FLAGS_CMP_EQ, true },
+ {" ", "myarg", {NULL, NULL}, VIR_KERNEL_CMDLINE_FLAGS_SEARCH_LAST, false },
+ {"", "", {NULL, NULL}, VIR_KERNEL_CMDLINE_FLAGS_SEARCH_LAST, false },
+};
+
+
+static int
+testKernelCmdlineMatchParam(const void *data G_GNUC_UNUSED)
+{
+ bool result;
+ size_t i, lenValues;
+
+ for (i = 0; i < G_N_ELEMENTS(kMatchEntries); ++i) {
+ if (kMatchEntries[i].values[0] == NULL)
+ lenValues = 0;
+ else
+ lenValues = G_N_ELEMENTS(kMatchEntries[i].values);
+
+ result = virKernelCmdlineMatchParam(kMatchEntries[i].cmdline,
+ kMatchEntries[i].arg,
+ kMatchEntries[i].values,
+ lenValues,
+ kMatchEntries[i].flags);
+
+ if (result != kMatchEntries[i].result) {
+ VIR_TEST_DEBUG("\nKernel cmdline [%s]", kMatchEntries[i].cmdline);
+ VIR_TEST_DEBUG("Kernel argument [%s]", kMatchEntries[i].arg);
+ VIR_TEST_DEBUG("Kernel values [%s] [%s]", kMatchEntries[i].values[0],
+ kMatchEntries[i].values[1]);
+ if (kMatchEntries[i].flags & VIR_KERNEL_CMDLINE_FLAGS_CMP_PREFIX)
+ VIR_TEST_DEBUG("Flag [VIR_KERNEL_CMDLINE_FLAGS_CMP_PREFIX]");
+ if (kMatchEntries[i].flags & VIR_KERNEL_CMDLINE_FLAGS_CMP_EQ)
+ VIR_TEST_DEBUG("Flag [VIR_KERNEL_CMDLINE_FLAGS_CMP_EQ]");
+ if (kMatchEntries[i].flags & VIR_KERNEL_CMDLINE_FLAGS_SEARCH_FIRST)
+ VIR_TEST_DEBUG("Flag [VIR_KERNEL_CMDLINE_FLAGS_SEARCH_FIRST]");
+ if (kMatchEntries[i].flags & VIR_KERNEL_CMDLINE_FLAGS_SEARCH_LAST)
+ VIR_TEST_DEBUG("Flag [VIR_KERNEL_CMDLINE_FLAGS_SEARCH_LAST]");
+ VIR_TEST_DEBUG("Expect result [%d]", kMatchEntries[i].result);
+ VIR_TEST_DEBUG("Actual result [%d]", result);
+
+ return -1;
+ }
+ }
+
+ return 0;
+}
static int
@@ -277,6 +411,8 @@ mymain(void)
DO_TEST(ParseVersionString);
DO_TEST(RoundValueToPowerOfTwo);
DO_TEST(OverflowCheckMacro);
+ DO_TEST(KernelCmdlineNextParam);
+ DO_TEST(KernelCmdlineMatchParam);
return result == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
}
++++++ d3d87e0c-virHostCPUGetSignature-s390.patch ++++++
commit d3d87e0cefd7144c559dd23fef789e7e37f74e76
Author: Jiri Denemark <jdenemar(a)redhat.com>
Date: Mon Apr 20 15:48:13 2020 +0200
hostcpu: Implement virHostCPUGetSignature for s390
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
Reviewed-by: Ján Tomko <jtomko(a)redhat.com>
Reviewed-by: Boris Fiuczynski <fiuczy(a)linux.ibm.com>
Index: libvirt-6.0.0/src/util/virhostcpu.c
===================================================================
--- libvirt-6.0.0.orig/src/util/virhostcpu.c
+++ libvirt-6.0.0/src/util/virhostcpu.c
@@ -1412,8 +1412,10 @@ virHostCPUReadSignature(virArch arch,
g_autofree char *model = NULL;
g_autofree char *stepping = NULL;
g_autofree char *revision = NULL;
+ g_autofree char *proc = NULL;
+ g_autofree char *facilities = NULL;
- if (!ARCH_IS_X86(arch) && !ARCH_IS_PPC64(arch))
+ if (!ARCH_IS_X86(arch) && !ARCH_IS_PPC64(arch) && !ARCH_IS_S390(arch))
return 0;
while (fgets(line, lineLen, cpuinfo)) {
@@ -1461,6 +1463,23 @@ virHostCPUReadSignature(virArch arch,
*signature = g_strdup_printf("%s, rev %s", name, revision);
return 0;
}
+ } else if (ARCH_IS_S390(arch)) {
+ if (STREQ(parts[0], "vendor_id")) {
+ if (!vendor)
+ vendor = g_steal_pointer(&parts[1]);
+ } else if (STREQ(parts[0], "processor 0")) {
+ if (!proc)
+ proc = g_steal_pointer(&parts[1]);
+ } else if (STREQ(parts[0], "facilities")) {
+ if (!facilities)
+ facilities = g_steal_pointer(&parts[1]);
+ }
+
+ if (vendor && proc && facilities) {
+ *signature = g_strdup_printf("%s, %s, facilities: %s",
+ vendor, proc, facilities);
+ return 0;
+ }
}
}
Index: libvirt-6.0.0/tests/virhostcpudata/linux-s390x-with-frequency.signature
===================================================================
--- /dev/null
+++ libvirt-6.0.0/tests/virhostcpudata/linux-s390x-with-frequency.signature
@@ -0,0 +1 @@
+IBM/S390, version = 00, identification = 145F07, machine = 2964, facilities: 0 1 2 3 4 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 30 31 32 33 34 35 36 37 40 41 42 43 44 45 46 47 48 49 50 51 52 53 55 57 64 65 66 67 68 69 70 71 72 73 75 76 77 78 80 128 129 131 132 142 143
\ No newline at end of file
++++++ de49d5ba-xen-avoid-multiple-dom0.patch ++++++
commit de49d5bad33565544f0ba5cf734b60dbb7fe5948
Author: Jim Fehlig <jfehlig(a)suse.com>
Date: Fri Sep 11 11:35:47 2020 -0600
xen: Don't add dom0 twice on driver reload
When the xen driver loads, it probes libxl for some info about dom0 and
adds it to the virDomainObjList. The driver then looks for any domains
in stateDir and if they are still alive adds them to the list as well.
This logic is a bit flawed wrt handling driver reload and causes the
following error
internal error: unexpected domain Domain-0 already exists
A simple fix is to load all domains from stateDir first and then only
add dom0 if needed.
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
Reviewed-by: Ján Tomko <jtomko(a)redhat.com>
Index: libvirt-6.0.0/src/libxl/libxl_driver.c
===================================================================
--- libvirt-6.0.0.orig/src/libxl/libxl_driver.c
+++ libvirt-6.0.0/src/libxl/libxl_driver.c
@@ -605,27 +605,34 @@ libxlAddDom0(libxlDriverPrivatePtr drive
goto cleanup;
}
- if (!(def = virDomainDefNew()))
- goto cleanup;
-
- def->id = 0;
- def->virtType = VIR_DOMAIN_VIRT_XEN;
- def->name = g_strdup("Domain-0");
-
- def->os.type = VIR_DOMAIN_OSTYPE_XEN;
-
- if (virUUIDParse("00000000-0000-0000-0000-000000000000", def->uuid) < 0)
- goto cleanup;
-
- if (!(vm = virDomainObjListAdd(driver->domains, def,
- driver->xmlopt,
- 0,
- NULL)))
- goto cleanup;
- def = NULL;
+ /*
+ * On a driver reload dom0 will already exist. On host restart it must
+ * created.
+ */
+ if ((vm = virDomainObjListFindByID(driver->domains, 0)) == NULL) {
+ if (!(def = virDomainDefNew()))
+ goto cleanup;
+
+ def->id = 0;
+ def->virtType = VIR_DOMAIN_VIRT_XEN;
+ def->name = g_strdup("Domain-0");
+
+ def->os.type = VIR_DOMAIN_OSTYPE_XEN;
+
+ if (virUUIDParse("00000000-0000-0000-0000-000000000000", def->uuid) < 0)
+ goto cleanup;
+
+ if (!(vm = virDomainObjListAdd(driver->domains, def,
+ driver->xmlopt,
+ 0,
+ NULL)))
+ goto cleanup;
+
+ def = NULL;
+ vm->persistent = 1;
+ virDomainObjSetState(vm, VIR_DOMAIN_RUNNING, VIR_DOMAIN_RUNNING_BOOTED);
+ }
- vm->persistent = 1;
- virDomainObjSetState(vm, VIR_DOMAIN_RUNNING, VIR_DOMAIN_RUNNING_BOOTED);
if (virDomainDefSetVcpusMax(vm->def, d_info.vcpu_max_id + 1, driver->xmlopt))
goto cleanup;
@@ -776,10 +783,6 @@ libxlStateInitialize(bool privileged,
if (!(libxl_driver->xmlopt = libxlCreateXMLConf(libxl_driver)))
goto error;
- /* Add Domain-0 */
- if (libxlAddDom0(libxl_driver) < 0)
- goto error;
-
/* Load running domains first. */
if (virDomainObjListLoadAllConfigs(libxl_driver->domains,
cfg->stateDir,
@@ -789,6 +792,10 @@ libxlStateInitialize(bool privileged,
NULL, NULL) < 0)
goto error;
+ /* Add Domain-0 */
+ if (libxlAddDom0(libxl_driver) < 0)
+ goto error;
+
libxlReconnectDomains(libxl_driver);
/* Then inactive persistent configs */
++++++ e092daac-prohib-parallel-tunneled-mig.patch ++++++
commit e092daacee330b8f758bceaf1e9a0ccfec2e00c8
Author: Jim Fehlig <jfehlig(a)suse.com>
Date: Fri Jan 17 10:36:32 2020 -0700
lib: Prohibit parallel connections with tunneled migration
As discussed on the developer list, parallel migration connections
are not compatible with tunneled migration
https://www.redhat.com/archives/libvir-list/2020-January/msg00463.html
Prohibit the concurrent use of parallel and tunneled migration options.
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
Reviewed-by: Ján Tomko <jtomko(a)redhat.com>
Index: libvirt-6.0.0/src/libvirt-domain.c
===================================================================
--- libvirt-6.0.0.orig/src/libvirt-domain.c
+++ libvirt-6.0.0/src/libvirt-domain.c
@@ -3548,6 +3548,10 @@ virDomainMigrate(virDomainPtr domain,
VIR_MIGRATE_NON_SHARED_INC,
error);
+ VIR_EXCLUSIVE_FLAGS_GOTO(VIR_MIGRATE_TUNNELLED,
+ VIR_MIGRATE_PARALLEL,
+ error);
+
if (flags & VIR_MIGRATE_OFFLINE) {
if (!VIR_DRV_SUPPORTS_FEATURE(domain->conn->driver, domain->conn,
VIR_DRV_FEATURE_MIGRATION_OFFLINE)) {
@@ -3703,6 +3707,10 @@ virDomainMigrate2(virDomainPtr domain,
VIR_MIGRATE_NON_SHARED_INC,
error);
+ VIR_EXCLUSIVE_FLAGS_GOTO(VIR_MIGRATE_TUNNELLED,
+ VIR_MIGRATE_PARALLEL,
+ error);
+
if (flags & VIR_MIGRATE_OFFLINE) {
if (!VIR_DRV_SUPPORTS_FEATURE(domain->conn->driver, domain->conn,
VIR_DRV_FEATURE_MIGRATION_OFFLINE)) {
@@ -4089,6 +4097,10 @@ virDomainMigrateToURI(virDomainPtr domai
virCheckReadOnlyGoto(domain->conn->flags, error);
virCheckNonNullArgGoto(duri, error);
+ VIR_EXCLUSIVE_FLAGS_GOTO(VIR_MIGRATE_TUNNELLED,
+ VIR_MIGRATE_PARALLEL,
+ error);
+
if (virDomainMigrateUnmanagedCheckCompat(domain, flags) < 0)
goto error;
@@ -4161,6 +4173,10 @@ virDomainMigrateToURI2(virDomainPtr doma
virCheckDomainReturn(domain, -1);
virCheckReadOnlyGoto(domain->conn->flags, error);
+ VIR_EXCLUSIVE_FLAGS_GOTO(VIR_MIGRATE_TUNNELLED,
+ VIR_MIGRATE_PARALLEL,
+ error);
+
if (virDomainMigrateUnmanagedCheckCompat(domain, flags) < 0)
goto error;
@@ -4234,6 +4250,10 @@ virDomainMigrateToURI3(virDomainPtr doma
virCheckDomainReturn(domain, -1);
virCheckReadOnlyGoto(domain->conn->flags, error);
+ VIR_EXCLUSIVE_FLAGS_GOTO(VIR_MIGRATE_TUNNELLED,
+ VIR_MIGRATE_PARALLEL,
+ error);
+
if (virDomainMigrateUnmanagedCheckCompat(domain, flags) < 0)
goto error;
++++++ e4116eaa-CVE-2020-25637.patch ++++++
commit e4116eaa44cb366b59f7fe98f4b88d04c04970ad
Author: Ján Tomko <jtomko(a)redhat.com>
Date: Fri Sep 18 17:54:14 2020 +0200
rpc: require write acl for guest agent in virDomainInterfaceAddresses
CVE-2020-25637
Add a requirement for domain:write if source is set to
VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_AGENT.
Signed-off-by: Ján Tomko <jtomko(a)redhat.com>
Reported-by: Ilja Van Sprundel <ivansprundel(a)ioactive.com>
Reviewed-by: Jiri Denemark <jdenemar(a)redhat.com>
Index: libvirt-6.0.0/src/libxl/libxl_driver.c
===================================================================
--- libvirt-6.0.0.orig/src/libxl/libxl_driver.c
+++ libvirt-6.0.0/src/libxl/libxl_driver.c
@@ -6366,7 +6366,7 @@ libxlDomainInterfaceAddresses(virDomainP
if (!(vm = libxlDomObjFromDomain(dom)))
goto cleanup;
- if (virDomainInterfaceAddressesEnsureACL(dom->conn, vm->def) < 0)
+ if (virDomainInterfaceAddressesEnsureACL(dom->conn, vm->def, source) < 0)
goto cleanup;
if (virDomainObjCheckActive(vm) < 0)
Index: libvirt-6.0.0/src/qemu/qemu_driver.c
===================================================================
--- libvirt-6.0.0.orig/src/qemu/qemu_driver.c
+++ libvirt-6.0.0/src/qemu/qemu_driver.c
@@ -22010,7 +22010,7 @@ qemuDomainInterfaceAddresses(virDomainPt
if (!(vm = qemuDomainObjFromDomain(dom)))
goto cleanup;
- if (virDomainInterfaceAddressesEnsureACL(dom->conn, vm->def) < 0)
+ if (virDomainInterfaceAddressesEnsureACL(dom->conn, vm->def, source) < 0)
goto cleanup;
if (virDomainObjCheckActive(vm) < 0)
Index: libvirt-6.0.0/src/remote/remote_protocol.x
===================================================================
--- libvirt-6.0.0.orig/src/remote/remote_protocol.x
+++ libvirt-6.0.0/src/remote/remote_protocol.x
@@ -6211,6 +6211,7 @@ enum remote_procedure {
/**
* @generate: none
* @acl: domain:read
+ * @acl: domain:write::source:VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_AGENT
*/
REMOTE_PROC_DOMAIN_INTERFACE_ADDRESSES = 353,
++++++ ec07aad8-libxl-normalize-mac-addr.patch ++++++
commit ec07aad8f8a6ead8e9363c8deec4845edb5bf112
Author: Jim Fehlig <jfehlig(a)suse.com>
Date: Wed May 27 17:29:33 2020 -0600
libxl: Normalize MAC address in device conf when hotplugging a netdev
Similar to commits 55ce6564634 and 6c17606b7cc in the qemu driver, make
separate copies of persistent and live device config and normalize the MAC
address between the two. This avoids having different MAC address for the
persistent and live config, ensuring the device has the same address when
the persistent config takes affect after a VM restart.
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
Reviewed-by: Laine Stump <laine(a)redhat.com>
Index: libvirt-6.0.0/src/libxl/libxl_driver.c
===================================================================
--- libvirt-6.0.0.orig/src/libxl/libxl_driver.c
+++ libvirt-6.0.0/src/libxl/libxl_driver.c
@@ -4089,6 +4089,31 @@ libxlDomainUpdateDeviceConfig(virDomainD
}
+static void
+libxlDomainAttachDeviceNormalize(const virDomainDeviceDef *devConf,
+ virDomainDeviceDefPtr devLive)
+{
+ /*
+ * Fixup anything that needs to be identical in the live and
+ * config versions of DeviceDef, but might not be. Do this by
+ * changing the contents of devLive. This is done after all
+ * post-parse tweaks and validation, so be very careful about what
+ * changes are made.
+ */
+
+ /* MAC address should be identical in both DeviceDefs, but if it
+ * wasn't specified in the XML, and was instead autogenerated, it
+ * will be different for the two since they are each the result of
+ * a separate parser call. If it *was* specified, it will already
+ * be the same, so copying does no harm.
+ */
+
+ if (devConf->type == VIR_DOMAIN_DEVICE_NET)
+ virMacAddrSet(&devLive->data.net->mac, &devConf->data.net->mac);
+
+}
+
+
static int
libxlDomainAttachDeviceFlags(virDomainPtr dom, const char *xml,
unsigned int flags)
@@ -4097,7 +4122,9 @@ libxlDomainAttachDeviceFlags(virDomainPt
libxlDriverConfigPtr cfg = libxlDriverConfigGet(driver);
virDomainObjPtr vm = NULL;
virDomainDefPtr vmdef = NULL;
- virDomainDeviceDefPtr dev = NULL;
+ virDomainDeviceDefPtr devConf = NULL;
+ virDomainDeviceDef devConfSave = { 0 };
+ virDomainDeviceDefPtr devLive = NULL;
int ret = -1;
virCheckFlags(VIR_DOMAIN_DEVICE_MODIFY_LIVE |
@@ -4116,28 +4143,36 @@ libxlDomainAttachDeviceFlags(virDomainPt
goto endjob;
if (flags & VIR_DOMAIN_DEVICE_MODIFY_CONFIG) {
- if (!(dev = virDomainDeviceDefParse(xml, vm->def,
- driver->xmlopt, NULL,
- VIR_DOMAIN_DEF_PARSE_INACTIVE)))
+ if (!(devConf = virDomainDeviceDefParse(xml, vm->def,
+ driver->xmlopt, NULL,
+ VIR_DOMAIN_DEF_PARSE_INACTIVE)))
goto endjob;
/* Make a copy for updated domain. */
if (!(vmdef = virDomainObjCopyPersistentDef(vm, driver->xmlopt, NULL)))
goto endjob;
- if (libxlDomainAttachDeviceConfig(vmdef, dev) < 0)
+ /*
+ * devConf will be NULLed out by
+ * libxlDomainAttachDeviceConfig(), so save it for later use by
+ * libxlDomainAttachDeviceNormalize()
+ */
+ devConfSave = *devConf;
+
+ if (libxlDomainAttachDeviceConfig(vmdef, devConf) < 0)
goto endjob;
}
if (flags & VIR_DOMAIN_DEVICE_MODIFY_LIVE) {
- /* If dev exists it was created to modify the domain config. Free it. */
- virDomainDeviceDefFree(dev);
- if (!(dev = virDomainDeviceDefParse(xml, vm->def,
+ if (!(devLive = virDomainDeviceDefParse(xml, vm->def,
driver->xmlopt, NULL,
VIR_DOMAIN_DEF_PARSE_INACTIVE)))
goto endjob;
- if (libxlDomainAttachDeviceLive(driver, vm, dev) < 0)
+ if (flags & VIR_DOMAIN_AFFECT_CONFIG)
+ libxlDomainAttachDeviceNormalize(&devConfSave, devLive);
+
+ if (libxlDomainAttachDeviceLive(driver, vm, devLive) < 0)
goto endjob;
/*
@@ -4164,7 +4199,8 @@ libxlDomainAttachDeviceFlags(virDomainPt
cleanup:
virDomainDefFree(vmdef);
- virDomainDeviceDefFree(dev);
+ virDomainDeviceDefFree(devConf);
+ virDomainDeviceDefFree(devLive);
virDomainObjEndAPI(&vm);
virObjectUnref(cfg);
return ret;
++++++ f0d0cd61-update-s390-doc.patch ++++++
commit f0d0cd6179709461b026f24569a688065e90d766
Author: Viktor Mihajlovski <mihajlov(a)linux.ibm.com>
Date: Mon Jun 15 10:28:12 2020 +0200
docs: Describe protected virtualization guest setup
Protected virtualization/IBM Secure Execution for Linux protects
guest memory and state from the host.
Add some basic information about technology and a brief guide
on setting up secure guests with libvirt.
Signed-off-by: Viktor Mihajlovski <mihajlov(a)linux.ibm.com>
Signed-off-by: Boris Fiuczynski <fiuczy(a)linux.ibm.com>
Reviewed-by: Paulo de Rezende Pinatti <ppinatti(a)linux.ibm.com>
Reviewed-by: Erik Skultety <eskultet(a)redhat.com>
Index: libvirt-6.0.0/docs/kbase.html.in
===================================================================
--- libvirt-6.0.0.orig/docs/kbase.html.in
+++ libvirt-6.0.0/docs/kbase.html.in
@@ -14,6 +14,9 @@
<dt><a href="kbase/secureusage.html">Secure usage</a></dt>
<dd>Secure usage of the libvirt APIs</dd>
+ <dt><a href="kbase/s390_protected_virt.html">Protected virtualization on s390</a></dt>
+ <dd>Running secure s390 guests with IBM Secure Execution</dd>
+
<dt><a href="kbase/launch_security_sev.html">Launch security</a></dt>
<dd>Securely launching VMs with AMD SEV</dd>
Index: libvirt-6.0.0/docs/kbase/s390_protected_virt.rst
===================================================================
--- /dev/null
+++ libvirt-6.0.0/docs/kbase/s390_protected_virt.rst
@@ -0,0 +1,189 @@
+================================
+Protected Virtualization on s390
+================================
+
+.. contents::
+
+Overview
+========
+
+Protected virtualization, also known as IBM Secure Execution is a
+hardware-based privacy protection technology for s390x (IBM Z).
+It allows to execute virtual machines such that the host system
+has no access to a VM's state and memory contents.
+
+Unlike other similar technologies, the memory of a running guest
+is not encrypted but protected by hardware access controls, which
+may only be manipulated by trusted system firmware, called
+ultravisor.
+
+For the cases where the host needs access to guest memory (e.g. for
+paging), it can request pages to be exported to it. The exported page
+will be encrypted with a unique key for the running guest by the
+ultravisor. The ultravisor also computes an integrity value for
+the page, and stores it in a special table, together with the page
+index and a counter. This way it can verify the integrity of
+the page content upon re-import into the guest.
+
+In other cases it may be necessary for a guest to grant the host access
+to dedicated memory regions (e.g. for I/O). The guest can request
+that the ultravisor removes the memory protection from individual
+pages, so that they can be shared with the host. Likewise, the
+guest can undo the sharing.
+
+A secure guest will initially start in a regular non-protected VM.
+The start-up is controlled by a small bootstrap program loaded
+into memory together with encrypted operating system components and
+a control structure (the PV header).
+The operating system components (e.g. Linux kernel, initial RAM
+file system, kernel parameters) are encrypted and integrity
+protected. The component encryption keys and integrity values are
+stored in the PV header.
+The PV header is wrapped with a public key belonging to a specific
+system (in fact it can be wrapped with multiple such keys). The
+matching private key is only accessible by trusted hardware and
+firmware in that specific system.
+Consequently, such a secure guest boot image can only be run on the
+systems it has been prepared for. Its contents can't be decrypted
+without access to the private key and it can't be modified as
+it is integrity protected.
+
+Host Requirements
+=================
+
+IBM Secure Execution for Linux has some hardware and firmware
+requirements. The system hardware must be an IBM z15 (or newer),
+or an IBM LinuxONE III (or newer).
+
+It is also necessary that the IBM Secure Execution feature is
+enabled for that system. With libvirt >= 6.5.0 you can run
+``libvirt-host--validate`` or otherwise check for facility '158', e.g.
+
+::
+
+ $ grep facilities /proc/cpuinfo | grep 158
+
+The kernel must include the protected virtualization support
+which can be verified by checking for the presence of directory
+``/sys/firmware/uv``. It will only be present when both the
+hardware and the kernel support are available.
+
+Finally, the host operating system must donate some memory to
+the ultravisor needed to store memory security information.
+This is achieved by specifying the following kernel command
+line parameter to the host boot configuration
+
+::
+
+ prot_virt=1
+
+
+Guest Requirements
+==================
+
+Guest Boot
+----------
+
+To start a guest in protected virtualization secure mode, the
+boot image must have been prepared first with the program
+``genprotimg`` using the correct public key for this host.
+``genprotimg`` is part of the package ``s390-tools``, or
+``s390-utils``, depending on the Linux distribution being used.
+It can also be found at
+`<https://github.com/ibm-s390-tools/s390-tools/tree/master/genprotimg>`_
+
+The guests have to be configured to use the host CPU model, which
+must contain the ``unpack`` facility indicating ultravisor guest support.
+
+With the following command it's possible to check whether the host
+CPU model satisfies the requirement
+
+::
+
+ $ virsh domcapabilities | grep unpack
+
+which should return
+
+::
+
+ <feature policy='require' name='unpack'/>
+
+Note that on hosts with libvirt < 6.5.0 if the check fails despite
+the host system actually supporting protected virtualization guests,
+this can be caused by a stale libvirt capabilities cache.
+To recover, run the following commands
+
+::
+
+ $ systemctl stop libvirtd
+ $ rm /var/cache/libvirt/qemu/capabilities/*.xml
+ $ systemctl start libvirtd
+
+
+Guest I/O
+---------
+
+Protected virtualization guests support I/O using virtio devices.
+As the virtio data structures of secure guests are not accessible
+by the host, it is necessary to use shared memory ('bounce buffers').
+
+To enable virtio devices to use shared buffers, it is necessary
+to configure them with platform_iommu enabled. This can done by adding
+``iommu='on'`` to the driver element of a virtio device definition in the
+guest's XML, e.g.
+
+::
+
+ <interface type='network'>
+ <source network='default'/>
+ <model type='virtio'/>
+ <driver name='vhost' iommu='on'/>
+ </interface>
+
+It is mandatory to define all virtio bus devices in this way to
+prevent the host from attempting to access protected memory.
+Ballooning will not work and is fenced by QEMU. It should be
+disabled by specifying
+
+::
+
+ <memballoon model='none'/>
+
+Finally, the guest Linux must be instructed to allocate I/O
+buffers using memory shared between host and guest using SWIOTLB.
+This is done by adding ``swiotlb=nnn`` to the guest's kernel command
+line string, where ``nnn`` stands for the number of statically
+allocated 2K entries. A commonly used value for swiotlb is 262144.
+
+Example guest definition
+========================
+
+Minimal domain XML for a protected virtualization guest, essentially
+it's mostly about the ``iommu`` property
+
+::
+
+ <domain type='kvm'>
+ <name>protected</name>
+ <memory unit='KiB'>2048000</memory>
+ <currentMemory unit='KiB'>2048000</currentMemory>
+ <vcpu>1</vcpu>
+ <os>
+ <type arch='s390x'>hvm</type>
+ </os>
+ <cpu mode='host-model'/>
+ <devices>
+ <disk type='file' device='disk'>
+ <driver name='qemu' type='qcow2' cache='none' io='native' iommu='on'>
+ <source file='/var/lib/libvirt/images/protected.qcow2'/>
+ <target dev='vda' bus='virtio'/>
+ </disk>
+ <interface type='network'>
+ <driver iommu='on'/>
+ <source network='default'/>
+ <model type='virtio'/>
+ </interface>
+ <console type='pty'/>
+ <memballoon model='none'/>
+ </devices>
+ </domain>
++++++ f3ef7daf-xenconfig-e820-host.patch ++++++
commit f3ef7dafc8a60e6e21ac31cbbc019aa76a34e523
Author: Marek Marczykowski-Górecki <marmarek(a)invisiblethingslab.com>
Date: Tue Apr 14 04:37:06 2020 +0200
xenconfig: parse e820_host option
Signed-off-by: Marek Marczykowski-Górecki <marmarek(a)invisiblethingslab.com>
Reviewed-by: Jim Fehlig <jfehlig(a)suse.com>
Index: libvirt-6.0.0/src/libxl/xen_common.c
===================================================================
--- libvirt-6.0.0.orig/src/libxl/xen_common.c
+++ libvirt-6.0.0/src/libxl/xen_common.c
@@ -592,6 +592,13 @@ xenParseCPUFeatures(virConfPtr conf,
def->clock.timers[def->clock.ntimers - 1] = timer;
}
+ } else {
+ if (xenConfigGetBool(conf, "e820_host", &val, 0) < 0) {
+ return -1;
+ } else if (val) {
+ def->features[VIR_DOMAIN_FEATURE_XEN] = VIR_TRISTATE_SWITCH_ON;
+ def->xen_features[VIR_DOMAIN_XEN_E820_HOST] = VIR_TRISTATE_SWITCH_ON;
+ }
}
return 0;
@@ -2138,6 +2145,12 @@ xenFormatCPUFeatures(virConfPtr conf, vi
(def->features[VIR_DOMAIN_FEATURE_VIRIDIAN] ==
VIR_TRISTATE_SWITCH_ON) ? 1 : 0) < 0)
return -1;
+ } else {
+ if (def->features[VIR_DOMAIN_FEATURE_XEN] == VIR_TRISTATE_SWITCH_ON) {
+ if (def->xen_features[VIR_DOMAIN_XEN_E820_HOST] == VIR_TRISTATE_SWITCH_ON)
+ if (xenConfigSetInt(conf, "e820_host", 1) < 0)
+ return -1;
+ }
}
for (i = 0; i < def->clock.ntimers; i++) {
++++++ fadbaa23-conf-add-passthrough.patch ++++++
commit fadbaa23757ff9dca329bdb8d3447c27599f6884
Author: Jim Fehlig <jfehlig(a)suse.com>
Date: Wed Apr 15 16:34:54 2020 -0600
conf: add xen hypervisor feature 'passthrough'
'passthrough' is Xen-Specific guest configuration option new to Xen 4.13
that enables IOMMU mappings for a guest and hence whether it supports PCI
passthrough. The default is disabled. See the xl.cfg(5) man page and
xen.git commit babde47a3fe for more details.
The default state of disabled prevents hotlugging PCI devices. However,
if the guest configuration contains a PCI passthrough device at time of
creation, libxl will automatically enable 'passthrough' and subsequent
hotplugging of PCI devices will also be possible. It is not possible to
unconditionally enable 'passthrough' since it would introduce a migration
incompatibility due to guest ABI change. Instead, introduce another Xen
hypervisor feature that can be used to enable guest PCI passthrough
<features>
<xen>
<passthrough state='on'/>
</xen>
</features>
To allow finer control over how IOMMU maps to guest P2M table, the
passthrough element also supports a 'mode' attribute with values
restricted to snyc_pt and share_pt, similar to xl.cfg(5) 'passthrough'
setting .
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
Reviewed-by: Michal Privoznik <mprivozn(a)redhat.com>
Index: libvirt-6.0.0/docs/formatdomain.html.in
===================================================================
--- libvirt-6.0.0.orig/docs/formatdomain.html.in
+++ libvirt-6.0.0/docs/formatdomain.html.in
@@ -2055,6 +2055,7 @@
</kvm>
<xen>
<e820_host state='on'/>
+ <passthrough state='on' mode='share_pt'/>
</xen>
<pvspinlock state='on'/>
<gic version='2'/>
@@ -2252,6 +2253,12 @@
<td>on, off</td>
<td><span class="since">6.3.0</span></td>
</tr>
+ <tr>
+ <td>passthrough</td>
+ <td>Enable IOMMU mappings allowing PCI passthrough)</td>
+ <td>on, off; mode - optional string sync_pt or share_pt</td>
+ <td><span class="since">6.3.0</span></td>
+ </tr>
</table>
</dd>
<dt><code>pmu</code></dt>
Index: libvirt-6.0.0/docs/schemas/domaincommon.rng
===================================================================
--- libvirt-6.0.0.orig/docs/schemas/domaincommon.rng
+++ libvirt-6.0.0/docs/schemas/domaincommon.rng
@@ -6090,6 +6090,18 @@
<ref name="featurestate"/>
</element>
</optional>
+ <optional>
+ <element name="passthrough">
+ <ref name="featurestate"/>
+ <optional>
+ <attribute name="mode">
+ <data type="string">
+ <param name='pattern'>(sync_pt|share_pt)</param>
+ </data>
+ </attribute>
+ </optional>
+ </element>
+ </optional>
</interleave>
</element>
</define>
Index: libvirt-6.0.0/src/conf/domain_conf.c
===================================================================
--- libvirt-6.0.0.orig/src/conf/domain_conf.c
+++ libvirt-6.0.0/src/conf/domain_conf.c
@@ -208,7 +208,15 @@ VIR_ENUM_IMPL(virDomainKVM,
VIR_ENUM_IMPL(virDomainXen,
VIR_DOMAIN_XEN_LAST,
- "e820_host"
+ "e820_host",
+ "passthrough",
+);
+
+VIR_ENUM_IMPL(virDomainXenPassthroughMode,
+ VIR_DOMAIN_XEN_PASSTHROUGH_MODE_LAST,
+ "default",
+ "sync_pt",
+ "share_pt",
);
VIR_ENUM_IMPL(virDomainMsrsUnknown,
@@ -20669,6 +20677,8 @@ virDomainDefParseXML(xmlDocPtr xml,
if (def->features[VIR_DOMAIN_FEATURE_XEN] == VIR_TRISTATE_SWITCH_ON) {
int feature;
int value;
+ g_autofree char *ptval = NULL;
+
if ((n = virXPathNodeSet("./features/xen/*", ctxt, &nodes)) < 0)
goto error;
@@ -20681,27 +20691,53 @@ virDomainDefParseXML(xmlDocPtr xml,
goto error;
}
+ if (!(tmp = virXMLPropString(nodes[i], "state"))) {
+ virReportError(VIR_ERR_XML_ERROR,
+ _("missing 'state' attribute for "
+ "Xen feature '%s'"),
+ nodes[i]->name);
+ goto error;
+ }
+
+ if ((value = virTristateSwitchTypeFromString(tmp)) < 0) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("invalid value of state argument "
+ "for Xen feature '%s'"),
+ nodes[i]->name);
+ goto error;
+ }
+
+ VIR_FREE(tmp);
+ def->xen_features[feature] = value;
+
switch ((virDomainXen) feature) {
case VIR_DOMAIN_XEN_E820_HOST:
- if (!(tmp = virXMLPropString(nodes[i], "state"))) {
- virReportError(VIR_ERR_XML_ERROR,
- _("missing 'state' attribute for "
- "Xen feature '%s'"),
- nodes[i]->name);
- goto error;
- }
+ break;
- if ((value = virTristateSwitchTypeFromString(tmp)) < 0) {
+ case VIR_DOMAIN_XEN_PASSTHROUGH:
+ if (value != VIR_TRISTATE_SWITCH_ON)
+ break;
+
+ if ((ptval = virXMLPropString(nodes[i], "mode"))) {
+ int mode = virDomainXenPassthroughModeTypeFromString(ptval);
+
+ if (mode < 0) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
- _("invalid value of state argument "
- "for Xen feature '%s'"),
- nodes[i]->name);
+ _("unsupported mode '%s' for Xen passthrough feature"),
+ ptval);
goto error;
}
- VIR_FREE(tmp);
- def->xen_features[feature] = value;
- break;
+ if (mode != VIR_DOMAIN_XEN_PASSTHROUGH_MODE_SYNC_PT &&
+ mode != VIR_DOMAIN_XEN_PASSTHROUGH_MODE_SHARE_PT) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("'mode' attribute for Xen feature "
+ "'passthrough' must be 'sync_pt' or 'share_pt'"));
+ goto error;
+ }
+ def->xen_passthrough_mode = mode;
+ }
+ break;
/* coverity[dead_error_begin] */
case VIR_DOMAIN_XEN_LAST:
@@ -22878,18 +22914,28 @@ virDomainDefFeaturesCheckABIStability(vi
/* xen */
if (src->features[VIR_DOMAIN_FEATURE_XEN] == VIR_TRISTATE_SWITCH_ON) {
for (i = 0; i < VIR_DOMAIN_XEN_LAST; i++) {
+ if (src->xen_features[i] != dst->xen_features[i]) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("State of Xen feature '%s' differs: "
+ "source: '%s', destination: '%s'"),
+ virDomainXenTypeToString(i),
+ virTristateSwitchTypeToString(src->xen_features[i]),
+ virTristateSwitchTypeToString(dst->xen_features[i]));
+ return false;
+ }
switch ((virDomainXen) i) {
case VIR_DOMAIN_XEN_E820_HOST:
- if (src->xen_features[i] != dst->xen_features[i]) {
+ break;
+
+ case VIR_DOMAIN_XEN_PASSTHROUGH:
+ if (src->xen_passthrough_mode != dst->xen_passthrough_mode) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
- _("State of Xen feature '%s' differs: "
+ _("'mode' of Xen passthrough feature differs: "
"source: '%s', destination: '%s'"),
- virDomainXenTypeToString(i),
- virTristateSwitchTypeToString(src->xen_features[i]),
- virTristateSwitchTypeToString(dst->xen_features[i]));
+ virDomainXenPassthroughModeTypeToString(src->xen_passthrough_mode),
+ virDomainXenPassthroughModeTypeToString(dst->xen_passthrough_mode));
return false;
}
-
break;
/* coverity[dead_error_begin] */
@@ -28388,13 +28434,30 @@ virDomainDefFormatFeatures(virBufferPtr
virBufferAddLit(&childBuf, "<xen>\n");
virBufferAdjustIndent(&childBuf, 2);
for (j = 0; j < VIR_DOMAIN_XEN_LAST; j++) {
+ if (def->xen_features[j] == VIR_TRISTATE_SWITCH_ABSENT)
+ continue;
+
+ virBufferAsprintf(&childBuf, "<%s state='%s'",
+ virDomainXenTypeToString(j),
+ virTristateSwitchTypeToString(
+ def->xen_features[j]));
+
switch ((virDomainXen) j) {
case VIR_DOMAIN_XEN_E820_HOST:
- if (def->xen_features[j])
- virBufferAsprintf(&childBuf, "<%s state='%s'/>\n",
- virDomainXenTypeToString(j),
- virTristateSwitchTypeToString(
- def->xen_features[j]));
+ virBufferAddLit(&childBuf, "/>\n");
+ break;
+ case VIR_DOMAIN_XEN_PASSTHROUGH:
+ if (def->xen_features[j] != VIR_TRISTATE_SWITCH_ON) {
+ virBufferAddLit(&childBuf, "/>\n");
+ break;
+ }
+ if (def->xen_passthrough_mode == VIR_DOMAIN_XEN_PASSTHROUGH_MODE_SYNC_PT ||
+ def->xen_passthrough_mode == VIR_DOMAIN_XEN_PASSTHROUGH_MODE_SHARE_PT) {
+ virBufferEscapeString(&childBuf, " mode='%s'/>\n",
+ virDomainXenPassthroughModeTypeToString(def->xen_passthrough_mode));
+ } else {
+ virBufferAddLit(&childBuf, "/>\n");
+ }
break;
/* coverity[dead_error_begin] */
Index: libvirt-6.0.0/src/conf/domain_conf.h
===================================================================
--- libvirt-6.0.0.orig/src/conf/domain_conf.h
+++ libvirt-6.0.0/src/conf/domain_conf.h
@@ -1813,11 +1813,20 @@ typedef enum {
typedef enum {
VIR_DOMAIN_XEN_E820_HOST = 0,
+ VIR_DOMAIN_XEN_PASSTHROUGH,
VIR_DOMAIN_XEN_LAST
} virDomainXen;
typedef enum {
+ VIR_DOMAIN_XEN_PASSTHROUGH_MODE_DEFAULT = 0,
+ VIR_DOMAIN_XEN_PASSTHROUGH_MODE_SYNC_PT,
+ VIR_DOMAIN_XEN_PASSTHROUGH_MODE_SHARE_PT,
+
+ VIR_DOMAIN_XEN_PASSTHROUGH_MODE_LAST
+} virDomainXenPassthroughMode;
+
+typedef enum {
VIR_DOMAIN_CAPABILITIES_POLICY_DEFAULT = 0,
VIR_DOMAIN_CAPABILITIES_POLICY_ALLOW,
VIR_DOMAIN_CAPABILITIES_POLICY_DENY,
@@ -2437,6 +2446,7 @@ struct _virDomainDef {
int kvm_features[VIR_DOMAIN_KVM_LAST];
int msrs_features[VIR_DOMAIN_MSRS_LAST];
int xen_features[VIR_DOMAIN_XEN_LAST];
+ int xen_passthrough_mode;
unsigned int hyperv_spinlocks;
int hyperv_stimer_direct;
virGICVersion gic_version;
@@ -3476,6 +3486,7 @@ VIR_ENUM_DECL(virDomainGraphicsVNCShareP
VIR_ENUM_DECL(virDomainHyperv);
VIR_ENUM_DECL(virDomainKVM);
VIR_ENUM_DECL(virDomainXen);
+VIR_ENUM_DECL(virDomainXenPassthroughMode);
VIR_ENUM_DECL(virDomainMsrsUnknown);
VIR_ENUM_DECL(virDomainRNGModel);
VIR_ENUM_DECL(virDomainRNGBackend);
++++++ feb8564a-handle-no-devmapper.patch ++++++
commit feb8564a3cc63bc8f68284063d53ec0d2d81a1cc
Author: Michal Prívozník <mprivozn(a)redhat.com>
Date: Tue Aug 18 11:04:24 2020 +0200
virdevmapper: Handle kernel without device-mapper support
In one of my latest patch (v6.6.0~30) I was trying to remove
libdevmapper use in favor of our own implementation. However, the
code did not take into account that device mapper can be not
compiled into the kernel (e.g. be a separate module that's not
loaded) in which case /proc/devices won't have the device-mapper
major number and thus virDevMapperGetTargets() and/or
virIsDevMapperDevice() fails.
However, such failure is safe to ignore, because if device mapper
is missing then there can't be any multipath devices and thus we
don't need to allow the deps in CGroups, nor create them in the
domain private namespace, etc.
Fixes: 22494556542c676d1b9e7f1c1f2ea13ac17e1e3e
Reported-by: Andrea Bolognani <abologna(a)redhat.com>
Reported-by: Christian Ehrhardt <christian.ehrhardt(a)canonical.com>
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
Reviewed-by: Peter Krempa <pkrempa(a)redhat.com>
Reviewed-by: Christian Ehrhardt <christian.ehrhardt(a)canonical.com>
Tested-by: Christian Ehrhardt <christian.ehrhardt(a)canonical.com>
Index: libvirt-6.0.0/src/util/virdevmapper.c
===================================================================
--- libvirt-6.0.0.orig/src/util/virdevmapper.c
+++ libvirt-6.0.0/src/util/virdevmapper.c
@@ -56,6 +56,9 @@ virDevMapperOnceInit(void)
VIR_AUTOSTRINGLIST lines = NULL;
size_t i;
+ if (!virFileExists(CONTROL_PATH))
+ return -2;
+
if (virFileReadAll(PROC_DEVICES, BUF_SIZE, &buf) < 0)
return -1;
@@ -131,8 +134,13 @@ virDMOpen(void)
memset(&dm, 0, sizeof(dm));
- if ((controlFD = open(CONTROL_PATH, O_RDWR)) < 0)
+ if ((controlFD = open(CONTROL_PATH, O_RDWR)) < 0) {
+ if (errno == ENOENT)
+ return -2;
+
+ virReportSystemError(errno, _("Unable to open %s"), CONTROL_PATH);
return -1;
+ }
if (!virDMIoctl(controlFD, DM_VERSION, &dm, &tmp)) {
virReportSystemError(errno, "%s",
@@ -310,16 +318,28 @@ virDevMapperGetTargets(const char *path,
{
VIR_AUTOCLOSE controlFD = -1;
const unsigned int ttl = 32;
+ int ret;
/* Arbitrary limit on recursion level. A devmapper target can
* consist of devices or yet another targets. If that's the
* case, we have to stop recursion somewhere. */
- if (virDevMapperInitialize() < 0)
+ ret = virDevMapperInitialize();
+ if (ret == -2)
+ return 0;
+ if (ret == -1)
return -1;
- if ((controlFD = virDMOpen()) < 0)
+ if ((controlFD = virDMOpen()) < 0) {
+ if (controlFD == -2) {
+ /* The CONTROL_PATH doesn't exist. Probably the
+ * module isn't loaded, yet. Don't error out, just
+ * exit. */
+ return 0;
+ }
+
return -1;
+ }
return virDevMapperGetTargetsImpl(controlFD, path, devPaths, ttl);
}
++++++ libvirt-power8-models.patch ++++++
Add POWER8 v2.0 and v2.1 to cpu map XML
From: <ro(a)suse.de>
Index: libvirt-6.0.0/src/cpu_map/ppc64_POWER8.xml
===================================================================
--- libvirt-6.0.0.orig/src/cpu_map/ppc64_POWER8.xml
+++ libvirt-6.0.0/src/cpu_map/ppc64_POWER8.xml
@@ -4,5 +4,7 @@
<pvr value='0x004b0000' mask='0xffff0000'/>
<pvr value='0x004c0000' mask='0xffff0000'/>
<pvr value='0x004d0000' mask='0xffff0000'/>
+ <pvr value='0x004b0200' mask='0xffffffff'/>
+ <pvr value='0x004b0201' mask='0xffffffff'/>
</model>
</cpus>
++++++ libvirt-rpmlintrc ++++++
addFilter("shlib-policy-name-error")
addFilter("missing-dependency-to-logrotate for logrotate script /etc/logrotate.d/libvirtd.(qemu|lxc|uml|libxl)")
addFilter("incoherent-logrotate-file")
++++++ libvirt-supportconfig ++++++
#!/bin/bash
#############################################################
# Name: Supportconfig Plugin for libvirt
# Description: Gathers important troubleshooting information
# about libvirt
# Author: Jim Fehlig <jfehlig(a)suse.com>
#############################################################
RCFILE="/usr/lib/supportconfig/resources/scplugin.rc"
LIBVIRTD_CONF_FILES="/etc/libvirt/libvirtd.conf /etc/libvirt/virtlockd.conf /etc/libvirt/virtlogd.conf"
VM_CONF_FILES=""
LIBVIRTD_LOG_FILES="$(find -L /var/log/libvirt/ -name libvirtd.log -type f | sort)"
if [ -s $RCFILE ]; then
if ! source $RCFILE; then
echo "ERROR: Initializing resource file: $RCFILE" >&2
exit 1
fi
fi
rpm_installed() {
thisrpm="$1"
if rpm -q "$thisrpm" >/dev/null 2>&1; then
return 0
fi
return 1
}
rpm_verify() {
thisrpm="$1"
local ret=0
echo
echo "#==[ Validating RPM ]=================================#"
if rpm -q "$thisrpm" >/dev/null 2>&1; then
echo "# rpm -V $thisrpm"
if rpm -V "$thisrpm"; then
echo "Status: Passed"
else
echo "Status: WARNING"
fi
else
echo "package $thisrpm is not installed"
ret=1
fi
echo
return $ret
}
if rpm_installed libvirt-daemon-xen; then
LIBVIRTD_CONF_FILES="$LIBVIRTD_CONF_FILES /etc/libvirt/libxl.conf /etc/libvirt/libxl-lockd.conf /etc/libvirt/libxl-sanlock.conf"
test -d /etc/libvirt/libxl && VM_CONF_FILES="$VM_CONF_FILES $(find -L /etc/libvirt/libxl/ -type f | sort)"
test -d /var/log/libvirt/libxl && LIBVIRTD_LOG_FILES="$LIBVIRTD_LOG_FILES $(find -L /var/log/libvirt/libxl/ -type f | sort)"
fi
if rpm_installed libvirt-daemon-qemu; then
LIBVIRTD_CONF_FILES="$LIBVIRTD_CONF_FILES /etc/libvirt/qemu.conf /etc/libvirt/qemu-lockd.conf /etc/libvirt/qemu-sanlock.conf"
test -d /etc/libvirt/qemu && VM_CONF_FILES="$VM_CONF_FILES $(find -L /etc/libvirt/qemu/ -type f | sort)"
test -d /var/log/libvirt/qemu && LIBVIRTD_LOG_FILES="$LIBVIRTD_LOG_FILES $(find -L /var/log/libvirt/qemu/ -type f | sort)"
fi
if rpm_installed libvirt-daemon-lxc; then
LIBVIRTD_CONF_FILES="$LIBVIRTD_CONF_FILES /etc/libvirt/lxc.conf"
test -d /etc/libvirt/lxc && VM_CONF_FILES="$VM_CONF_FILES $(find -L /etc/libvirt/lxc/ -type f | sort)"
test -d /var/log/libvirt/lxc && LIBVIRTD_LOG_FILES="$LIBVIRTD_LOG_FILES $(find -L /var/log/libvirt/lxc/ -type f | sort)"
fi
if rpm_installed libvirt-admin; then
LIBVIRTD_CONF_FILES="$LIBVIRTD_CONF_FILES /etc/libvirt/libvirt-admin.conf"
fi
if ! rpm_verify libvirt-daemon; then
echo "Skipped"
exit 0
fi
if systemctl is-enabled libvirtd.service 2>&1 > /dev/null; then
plugin_command "virsh version"
plugin_command "virsh capabilities"
plugin_command "virsh domcapabilities"
plugin_command "virsh nodeinfo"
plugin_command "virsh nodedev-list"
# print all known domains on default URI
plugin_command "virsh list --all"
echo
# dump configuration info of active domains on default URI
for DOM in $(virsh list --name)
do
plugin_command "virsh dumpxml $DOM"
plugin_command "virsh vcpuinfo $DOM"
plugin_command "virsh dominfo $DOM"
plugin_command "virsh domjobinfo $DOM"
plugin_command "virsh dommemstat $DOM"
plugin_command "virsh snapshot-list $DOM"
echo
done
# dump configuration info of inactive domains on default URI
for DOM in $(virsh list --name --inactive)
do
plugin_command "virsh dumpxml $DOM"
plugin_command "virsh snapshot-list $DOM"
echo
done
# for LXC domains we have to explicitly specify the URI
if rpm_installed libvirt-daemon-lxc; then
for DOM in $(virsh -c lxc:/// list --name --all); do
plugin_command "virsh -c lxc:/// dumpxml $DOM"
plugin_command "virsh -c lxc:/// dominfo $DOM"
echo
done
fi
# dump active networks, interfaces and storage pools
plugin_command "virsh net-list"
plugin_command "virsh iface-list"
plugin_command "virsh pool-list"
fi
# dump libvirtd-related conf files
pconf_files "$LIBVIRTD_CONF_FILES"
# dump VM-related conf files
pconf_files "$VM_CONF_FILES"
# dump hook conf files
test -d /etc/libvirt/hooks && FILES="$(find -L /etc/libvirt/hooks/ -type f | sort)"
pconf_files "$FILES"
# dump all log files
plog_files 0 "$LIBVIRTD_LOG_FILES"
echo "Done"
++++++ libvirt-suse-netcontrol.patch ++++++
Index: libvirt-6.0.0/configure.ac
===================================================================
--- libvirt-6.0.0.orig/configure.ac
+++ libvirt-6.0.0/configure.ac
@@ -285,6 +285,7 @@ LIBVIRT_ARG_LIBSSH
LIBVIRT_ARG_LIBXML
LIBVIRT_ARG_MACVTAP
LIBVIRT_ARG_NETCF
+LIBVIRT_ARG_NETCONTROL
LIBVIRT_ARG_NLS
LIBVIRT_ARG_NSS
LIBVIRT_ARG_NUMACTL
@@ -329,6 +330,7 @@ LIBVIRT_CHECK_LIBSSH
LIBVIRT_CHECK_LIBXML
LIBVIRT_CHECK_MACVTAP
LIBVIRT_CHECK_NETCF
+LIBVIRT_CHECK_NETCONTROL
LIBVIRT_CHECK_NLS
LIBVIRT_CHECK_NUMACTL
LIBVIRT_CHECK_NWFILTER
@@ -1013,6 +1015,7 @@ LIBVIRT_RESULT_LIBXL
LIBVIRT_RESULT_LIBXML
LIBVIRT_RESULT_MACVTAP
LIBVIRT_RESULT_NETCF
+LIBVIRT_RESULT_NETCONTROL
LIBVIRT_RESULT_NLS
LIBVIRT_RESULT_NSS
LIBVIRT_RESULT_NUMACTL
Index: libvirt-6.0.0/tools/virsh.c
===================================================================
--- libvirt-6.0.0.orig/tools/virsh.c
+++ libvirt-6.0.0/tools/virsh.c
@@ -553,6 +553,8 @@ virshShowVersion(vshControl *ctl G_GNUC_
vshPrint(ctl, " Interface");
# if defined(WITH_NETCF)
vshPrint(ctl, " netcf");
+# elif defined(WITH_NETCONTROL)
+ vshPrint(ctl, " netcontrol");
# elif defined(WITH_UDEV)
vshPrint(ctl, " udev");
# endif
Index: libvirt-6.0.0/src/interface/interface_backend_netcf.c
===================================================================
--- libvirt-6.0.0.orig/src/interface/interface_backend_netcf.c
+++ libvirt-6.0.0/src/interface/interface_backend_netcf.c
@@ -21,7 +21,12 @@
#include <config.h>
-#include <netcf.h>
+#ifdef WITH_NETCONTROL
+# include <netcontrol/netcf.h>
+# include <netcontrol/logger.h>
+#else
+# include <netcf.h>
+#endif
#include "virerror.h"
#include "datatypes.h"
@@ -71,6 +76,37 @@ VIR_ONCE_GLOBAL_INIT(virNetcfDriverState
static virNetcfDriverStatePtr driver;
+#ifdef WITH_NETCONTROL
+static void
+interface_nc_log_driver(const char *category ATTRIBUTE_UNUSED,
+ int priority,
+ const char *func,
+ const char *file,
+ long long line,
+ const char *msg,
+ size_t len ATTRIBUTE_UNUSED)
+{
+ int vp;
+
+ switch (priority) {
+ case NC_LOG_FATAL:
+ case NC_LOG_ERROR:
+ vp = VIR_LOG_ERROR;
+ break;
+ case NC_LOG_WARN:
+ vp = VIR_LOG_WARN;
+ break;
+ case NC_LOG_INFO:
+ vp = VIR_LOG_INFO;
+ break;
+ case NC_LOG_DEBUG:
+ default:
+ vp = VIR_LOG_DEBUG;
+ break;
+ }
+ virLogMessage(&virLogSelf, vp, file, line, func, 0, "%s", msg);
+}
+#endif
static void
virNetcfDriverStateDispose(void *obj)
@@ -119,6 +155,10 @@ netcfStateInitialize(bool privileged,
virPidFileAcquire(driver->stateDir, "driver", false, getpid())) < 0)
goto error;
+#ifdef WITH_NETCONTROL
+ nc_logger_redirect_to(interface_nc_log_driver);
+#endif
+
/* open netcf */
if (ncf_init(&driver->netcf, NULL) != 0) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
@@ -1113,6 +1153,7 @@ static int netcfInterfaceIsActive(virInt
return ret;
}
+#ifdef HAVE_NETCF_TRANSACTIONS
static int netcfInterfaceChangeBegin(virConnectPtr conn, unsigned int flags)
{
int ret;
@@ -1187,6 +1228,7 @@ static int netcfInterfaceChangeRollback(
virObjectUnlock(driver);
return ret;
}
+#endif /* HAVE_NETCF_TRANSACTIONS */
static virInterfaceDriver interfaceDriver = {
.name = INTERFACE_DRIVER_NAME,
@@ -1203,9 +1245,11 @@ static virInterfaceDriver interfaceDrive
.interfaceCreate = netcfInterfaceCreate, /* 0.7.0 */
.interfaceDestroy = netcfInterfaceDestroy, /* 0.7.0 */
.interfaceIsActive = netcfInterfaceIsActive, /* 0.7.3 */
+#ifdef HAVE_NETCF_TRANSACTIONS
.interfaceChangeBegin = netcfInterfaceChangeBegin, /* 0.9.2 */
.interfaceChangeCommit = netcfInterfaceChangeCommit, /* 0.9.2 */
.interfaceChangeRollback = netcfInterfaceChangeRollback, /* 0.9.2 */
+#endif /* HAVE_NETCF_TRANSACTIONS */
};
@@ -1236,6 +1280,19 @@ static virStateDriver interfaceStateDriv
int netcfIfaceRegister(void)
{
+ struct netcf *netcf;
+
+ /* Initialization of libnetcontrol will fail if NetworkManager is enabled.
+ * Skip registration if ncf_init fails.
+ * TODO: finer-grained check? E.g. is_nm_enabled()
+ */
+ if (ncf_init(&netcf, NULL) != 0) {
+ VIR_WARN("Failed to initialize libnetcontrol. Management of interface devices is disabled");
+ return 0;
+ }
+
+ ncf_close(netcf);
+
if (virRegisterConnectDriver(&interfaceConnectDriver, false) < 0)
return -1;
if (virSetSharedInterfaceDriver(&interfaceDriver) < 0)
Index: libvirt-6.0.0/src/interface/interface_driver.c
===================================================================
--- libvirt-6.0.0.orig/src/interface/interface_driver.c
+++ libvirt-6.0.0/src/interface/interface_driver.c
@@ -30,8 +30,15 @@ interfaceRegister(void)
if (netcfIfaceRegister() == 0)
return 0;
#endif /* WITH_NETCF */
+#ifdef WITH_NETCONTROL
+ /* Attempt to load the netcontrol based backend, which is a slightly
+ patched netcf backend */
+ if (netcfIfaceRegister() == 0)
+ return 0;
+#endif /* WITH_NETCONTROL */
#if WITH_UDEV
- /* If there's no netcf or it failed to load, register the udev backend */
+ /* If there's no netcf or netcontrol, or it failed to load, register the
+ udev backend */
if (udevIfaceRegister() == 0)
return 0;
#endif /* WITH_UDEV */
Index: libvirt-6.0.0/m4/virt-netcontrol.m4
===================================================================
--- /dev/null
+++ libvirt-6.0.0/m4/virt-netcontrol.m4
@@ -0,0 +1,39 @@
+dnl The libnetcontrol library
+dnl
+dnl Copyright (C) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+dnl
+dnl This library is free software; you can redistribute it and/or
+dnl modify it under the terms of the GNU Lesser General Public
+dnl License as published by the Free Software Foundation; either
+dnl version 2.1 of the License, or (at your option) any later version.
+dnl
+dnl This library is distributed in the hope that it will be useful,
+dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+dnl Lesser General Public License for more details.
+dnl
+dnl You should have received a copy of the GNU Lesser General Public
+dnl License along with this library. If not, see
+dnl <http://www.gnu.org/licenses/>.
+dnl
+
+AC_DEFUN([LIBVIRT_ARG_NETCONTROL],[
+ LIBVIRT_ARG_WITH_FEATURE([NETCONTROL], [netcontrol], [check], [0.2.0])
+])
+
+AC_DEFUN([LIBVIRT_CHECK_NETCONTROL],[
+ LIBVIRT_CHECK_PKG([NETCONTROL], [netcontrol], [0.2.0])
+
+ if test "$with_netcontrol" = "yes" ; then
+ old_CFLAGS="$CFLAGS"
+ old_LIBS="$CFLAGS"
+ CFLAGS="$CFLAGS $NETCONTROL_CFLAGS"
+ LIBS="$LIBS $NETCONTROL_LIBS"
+ CFLAGS="$old_CFLAGS"
+ LIBS="$old_LIBS"
+ fi
+])
+
+AC_DEFUN([LIBVIRT_RESULT_NETCONTROL],[
+ LIBVIRT_RESULT_LIB([NETCONTROL])
+])
Index: libvirt-6.0.0/src/interface/Makefile.inc.am
===================================================================
--- libvirt-6.0.0.orig/src/interface/Makefile.inc.am
+++ libvirt-6.0.0/src/interface/Makefile.inc.am
@@ -6,6 +6,7 @@ INTERFACE_DRIVER_SOURCES = \
$(NULL)
INTERFACE_DRIVER_NETCF_SOURCES = interface/interface_backend_netcf.c
+INTERFACE_DRIVER_NETCONTROL_SOURCES = interface/interface_backend_netcf.c
INTERFACE_DRIVER_UDEV_SOURCES = interface/interface_backend_udev.c
DRIVER_SOURCE_FILES += $(addprefix $(srcdir)/,$(INTERFACE_DRIVER_SOURCES))
@@ -38,6 +39,11 @@ libvirt_driver_interface_la_CFLAGS += $(
libvirt_driver_interface_la_LIBADD += $(NETCF_LIBS)
libvirt_driver_interface_la_SOURCES += $(INTERFACE_DRIVER_NETCF_SOURCES)
endif WITH_NETCF
+if WITH_NETCONTROL
+libvirt_driver_interface_la_CFLAGS += $(NETCONTROL_CFLAGS)
+libvirt_driver_interface_la_LIBADD += $(NETCONTROL_LIBS)
+libvirt_driver_interface_la_SOURCES += $(INTERFACE_DRIVER_NETCONTROL_SOURCES)
+endif WITH_NETCONTROL
if WITH_UDEV
libvirt_driver_interface_la_CFLAGS += $(UDEV_CFLAGS)
libvirt_driver_interface_la_LIBADD += $(UDEV_LIBS)
++++++ libvirt.keyring ++++++
user: "Daniel Veillard (Red Hat work email) <veillard(a)redhat.com>"
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGiBDk1EfQRBACMYQsU1LMs37qOMMJhTkfyb5aruPapu8ICNR4kNk36jT/ld7oN
/0xtqM/e2S9VOzAd165POeEobxTXN234MOhj6PM9uJNOgAq1N1k1eWhGpVw2HIYs
b40BHgKVf9mdrv7375L18Sb8qv3CcBhJfK8oW0Zv2oeruWFDpsMr9ULxxwCgmjap
uDrJDZN7HEtOCcPF8CoNTG8D+wedGbKLvXg6NE5UyrkV3qfYwrPai84EsPY1VaWe
mF+hPch+14r0CUIOVADX87HaIBsTmGZ/u6Ks9ZYALVZbwjQcyNp7MP4ZmvIpfHXd
xgLJ+9DbKs6yTlgA1moUSERyfGq/kMC9nq3dVYgmYmxxRuO8/eVKufvStnxhIr/a
v3o3A/0T4/hPXT2N4WCpvpCxKDIPy9/pqXcYjSEVbS1lfYP6zfxNDKwuF2j4gRWm
unJnPowIGx0+Zhl1dc68B6QOgxqenJNkNbSKUUm23MlzSeT6zyyAJcXW///zxZ7t
7Yq4L9+X6FQtJ8D7kbcB/NQv93UqZKnUplD+35b/xM6zP6UqerQ6RGFuaWVsIFZl
aWxsYXJkIChSZWQgSGF0IHdvcmsgZW1haWwpIDx2ZWlsbGFyZEByZWRoYXQuY29t
PoheBBMRAgAeBQJDUpSLAhsDBgsJCAcDAgMVAgMDFgIBAh4BAheAAAoJEEYGuKXe
lbwfJcAAni8XquAlSF6z8WnJwQ6I7yrVTA6IAJ9NnwyV+dwE1wkDg1eyogC6lcU8
v4kCHAQQAQIABgUCU1n6kgAKCRBZXlskaUZz7ZnBD/9TIGS1KyGL0Bi1WuP01JAM
BzQ4Lgfi90Uwp6RZydZXAddAP3X1NBc8SqfcW8JZuB9BuStkcKvHnXK0+N9qJTrv
Id01FVApfi85W02ZTN1eB3YnVKPIQqzlSPzhsBSf26JNX2zjq8hW8dmKBdBp1AG/
oLVtrim+Jbl5qi8EiqdznDwOyKYPbkN8OwC2q0q5C8V/dCltQENTlkJKUCHHXbP5
v8r0TjIPveOa5MDYPmcoAnDC5D8OJlT6R0VLQzXpFEqET9o0CjDrynHH/8aOFGeI
yesr0L+53VVgK/j2nq3XgduGdtnoWon8/C8sNHmGowoQDT8hdGWjv/qIl3bESRoA
qIEGAwJloD1skJNDNpOdnf+m7mV8HBGkKUlQulXUCcVu608hKc34o+Jpmp2s1+qO
12ta4AyahTJuew6KqTnHaO0xoyI9iPql07jZianekb+TJtXt/a+iTrHJV9lgtw/q
eg9kfMp/AfDLy8dbCVQVtADaPlyBM8DdY7gkpDiH81kRl9A6CLjedHPSDIjdPH74
rVfFf+VZ5ZvYXD2YlNuraYrcp62xfMY8vAjNHMUXk1OKQCwUcxJq39U+j7wIAfak
ziVUuyZS2kK7wSfFFWHWELp2JpK4HswY1uhSHZsP29a0/ixT8ZmgE/ycmK58kG0D
re2/KLGV/nQo4Ll9yUo+/rQoRGFuaWVsIFZlaWxsYXJkIDxEYW5pZWwuVmVpbGxh
cmRAdzMub3JnPohWBBMRAgAWBQI5NRH0BAsKBAMDFQMCAxYCAQIXgAAKCRBGBril
3pW8HyjYAJ0bg3uZHA+/f974QtI0VE+0uKRpDACfTkTeyy9yyRzOOSzPcoyLuvFD
ru6IRgQQEQIABgUCO4F9pQAKCRC76Jcoav2y6MJ9AKDJCqU1ZAuA90uAd9p0FXlR
iziMHgCg3GscwaJNzalDPwP4Bp+Mtls6h2OIRgQQEQIABgUCOXo0KwAKCRDM82+T
KCNErcs7AKCQ1WggBKkliVg8A65tfzUk8+gaoQCeJKID6gSqtfzXrCCHg8HXJEXX
d6iIRgQQEQIABgUCOXo0bwAKCRAdSmEOaXIt7ojgAJ483kh0wLm6IHF9B5Enmw8I
XVHrWwCgjhU6b3FZJlVuO0H0RC/TTrT4VGWIRgQQEQIABgUCOX2ZfwAKCRA5+PYl
r+7+gN8mAKC1n+mEOkw+8X9a1q2xmIUzGTENdACgpOKWC7MeohUbH3GHxaPSXGIv
lzCIRgQQEQIABgUCOX74vAAKCRAkPyCkQ751RGZ2AJ4vEOnRcKyQJOhY1VrIQ8BS
LjlC0QCfTUxpvkdcSaVUBET+CGqi06Q6ABGIRgQQEQIABgUCOX/A4wAKCRBwMzCB
CGyIA9gHAJwOO3orF+dHWGjvdM94woAivQWvawCg0cUr7s3kx71jKHf+BqhiVi6M
jiyIRgQQEQIABgUCOYDj+AAKCRA5lRgWNJaaiRdzAJ9YHs948fbHMEU89WGcVfIx
W/e96gCgtokuC3crN+PCv3XmCm2HhCKm6ySIRgQQEQIABgUCOjUmqAAKCRA3ZR7q
LaQNB32aAKCA0RCogC5bKHo7/6hyPdVSqDBxuQCgsFRv1niYnYcp2NjlNUQukDqt
ipmIRgQQEQIABgUCO4GPvwAKCRBSR6/HAbmhcigJAKCZtDDAcig2+ApcrsK8TgkL
Bpy1SACfWf8654jVvZyiuP7RLKXcr+Ey4RmIRgQQEQIABgUCO4GSTwAKCRCgOnFn
LIp2kbJNAJ45oiVpnqf6PQBaD2D7Y4yubzboXACeLvQud8eHd8+EXchthZ21ozCH
ogGIRgQQEQIABgUCO+VJcgAKCRCe34HuRs12dEKrAJ4hgEFKj742qXijx9Bt1ZMI
V9allACfYYK7K1bwFXl4/rPQXn+z8pdMA92IRgQQEQIABgUCPGEs7gAKCRA5YbqF
NeeFXIQOAKCp1/XxBZAfEXkKMY5cVi2nxKx+7gCdEFccvay99qdDxcAukJ+FesJi
LiSIRgQQEQIABgUCPmU0SwAKCRBUFGa+sS3BmwgjAJ4qqHfGM/xd0ql1pXa8iljp
uhzYrQCfXd8PCmNguMQjc0sQZre1QyUwJFOIRgQQEQIABgUCP4AuDAAKCRB1eGxb
UoEzsMyRAJ4w9gJNAzqNpiAH3dVTDrHZ7vHCuwCbBicIMgKfUzP5zrcRpctCHRyj
Ib2IRgQTEQIABgUCPmU3HgAKCRBRxHllnuFJ/c/3AJ43bk++3FZZCmJSKzx02v5f
a+ae7QCbBWoyLX6sg4YXfyRMVM+50v2cXnCJARwEEAECAAYFAj+ALf0ACgkQ4TXe
g5d+zEV/fAf/Ru604Jm6N7c1RbRJkAKP2jhLPe+8f8LnBCtZqeRt832WvAezrx0A
46MXUMLulIqsHeMCu6N8AU+I5XvESR/XII5Mce2GMgQNRW33xwYbChLOfhFjcrcY
IbSXl78IkJL0830qwJoaL4TuPruKEY/egNHRwbYel7MSdpLsP8EZ6RoArxCXqzhQ
GeRfe1FN48tLcxIpy+h8+z9mKlbzbvwNcb1g9Z5z0wL5QXWOqOObPz76UWDqxCXL
ePDwbTtNkPllSMfd4QW52pgFe3vTBf9C+V6Z2b6OoRHB8a3wu0UctF9GmdeQLrrM
HbpwAd1f4BLCuQW2seVlCFDkEgLxMBkaF4kCHAQQAQIABgUCU1n6lwAKCRBZXlsk
aUZz7fPqD/sHP9Jly99g0lKnXeihGJlOGXSIoSu3tjR3m7lEXsPnu5Gjan9FmMou
G6HSFcNpIutEjY664NCpc9k8me1ybUBhUDgFPbOL9YOf0P9Jf3Pv0dGyERKczw/Z
DK9URiRLuuSgkn8yQI2q8QKZYBTleB9Iy8Nr+VkQfWQpA/SgaUlM0nu3mkr6jKzX
JmBrYDJIl0LAUjnZlSWB/ZBhBl+tqJNY/mcL+SENLZ1LrtLSqHg+k2C7JdOPgb6k
XsbEsKgQ6rFPHKnjCwtsKOc6MetVMwR0N/t34I8xChPHn837O8D//QzC42v5dVLw
PU4v7YQq55qUHLTnwYPD/kKk98KmkQ87o25kgwPT60Fu/d89naV1RJlITsg/g+WE
uuCmPYwRAcLJ53t/YKL5Dflu/ELggFbDK1dOQLIe49XQj0Vi08FGyTJ5K0J9+sY6
ELzs2jzzxjWhyhjWvHyxIZUnVm9ONXeRbVKwCv6hls5OHaY6a1nMBzlawCq37TYl
3Dz1w8QtSwCJSqAp596x/sC6W6JT3vGTGi33564yQmBCABYLNyXJw0SQ/Q/F2x/0
o5sU/4vAuDBuTzV4y3sRlbBBBmP71cO+zmQmatapMO8V8+lINEQc+WKlvcXb36vU
ShphDLtmsBHlmtcqsDxGtgXqtBQ3BOYy/iNlJPFXU/JFEbgevWQg+YhWBBMRAgAW
BQI5NRH0BAsKBAMDFQMCAxYCAQIXgAAKCRBGBril3pW8HyjYAJ0YoZqiRG8uArf9
9f1Lsnq5lUo2tQCeM2Ce2G2zJvy9Yz5BpK+LpHNvZqG5AQ0EOTUR/BAEAOq2lDkr
xxTRuNotrVeNAURKfnsZFzZ01ykupok1LUzY77uYtFQwx65D8r2jPCC0Z4N470XQ
4Yb/7VXJRyWeycpRP/+OWv9V2uX5dyZPLzQ1uYMtTxMIwBQUFIN++TG4HiKcMBEf
vXOlLbADMWL9qNNziA8qu3C6SUKN6dhtDiFHAAMFBADBsm+4DRNa8mqN6TPSoCvv
4sLAIJWgEJvFnfwHbAETh+lstXcENkHHnCeJvX3xNTIQkUKP//FRRhxR0tgtuDA7
JzlSIBFZ1mxCFTM6ebxXwvpCBe0a/Z6twYK+MB6OsvttOBhdVHN69wm9hZ+2FppN
TZ1SerXnpZQ7MU/uzL3zP4hGBBgRAgAGBQI5NRH8AAoJEEYGuKXelbwfOsMAnjy/
rqqTMYYtHaYfYLtIXDTLg5hIAKCG5DsFhM0CVUUzt9OW85SGADr1IrkBDQRYQIkq
AQgA1Srwwfkqd8t5nh+gGwkN9zPNzdaUbnMi4F+T+V0nSDO2CkM21veA8ktTeq6D
nqNEsfP/0wmuM0lqF49wJV5MMaJ9oCcXdDYIuaBlTYdrvOUE7SJBR8DSPTR44m55
EBcG8U4mfOpjTf4RrQqHTo7VCMhXaeOx4VMlwt2iVvwRqfnQvTfqXP+GYk82LQTN
TYZfeoqogHDcMoV2uKR8uGaqGr2nfcMXCfh5O2Z/FSasMnvdMaPNjD6uoVRVQtoQ
4pd1wkbESFw7xTu+JcHANhBCRaGY+7Z0m+wgHQaazziFuwTMsRoAd4zyt2gUQs9W
dyZg8vpHkNJwvWuYzC3G9bw9SQARAQABiQFoBBgRAgAJBQJYQIkqAhsCASkJEEYG
uKXelbwfwF0gBBkBAgAGBQJYQIkqAAoJEBVYiyZZa+pdRCEIALMTkRBVSsXL9sRz
p6G9nOvL526GE/ygl/3bOFiSkquevIGLvlWRwZ990Bcj5GLlezIKDhEftViyA2hf
RQ9Ujbj1VaA5VuD+LGrQz7MvRA2U+byOBRbvIbv06IHOVRfJg8xBBNOzQJveiLA1
gu4DMITU/LLthth5UDOesbUC6G5ph0aQVE3MjH57OUh5A3pgi0lyJtUansnk9/qU
T6kI/IUhAic8yjMySJT8KrI1ift1xPOTAIFbQ3BWp8n4RRpRR3wgMR/uZ2dIIG7r
4CACMYDBOKByrPIs13lU5OepJuCJXUpMwkJoIU9BWO+NOGQ1XDcovdF9NJGk6kVe
VzKrNFfjQQCfdfdj14GJXVmXLfMuVCm9mk6VYhsAnR970ia1+KXLBnz6nTq46FsL
o4ScuQENBFhAiWgBCAC7wL5SvrSOuuXdzlpf6p9O2nRT68Ch8IwLYqOm0s5bsRrB
IlwMSazbqnJiUL1I+kwVFygxQxCG5GtSCYiHASPOqeEyqu6eLMiedso+VFiCcNXW
Ct8xsVEpHsQc9MDpeqcFeSHI+agxxPy3m0mhjdanHzyE97nzAf5etPBzNUr4JQUP
rwJG7rHj6b7UgWN9MyPOPSKcvvM+C3E3HSZN0ym+dkIXPgELfXnnlMz8lILRPI/q
1QL9LCC/w4j62lnazTmcAk8r4+fE1HTXKriCm7lMPpHVWJXQLdw0Up6vKI2G1vGq
HtHs6YI5tujbYx5e2m3S63Lf6/hNzQPyURFQaYwhABEBAAGISQQYEQIACQUCWECJ
aAIbDAAKCRBGBril3pW8H+acAJ9rg9EaUPcWu8T69TmAZjVeB7rbzwCfWI/rxbXv
fhTU6jmxaa6p39kPq3Q=
=cqkL
-----END PGP PUBLIC KEY BLOCK-----
user: "Daniel Veillard (Red Hat work email) <veillard(a)redhat.com>"
1024-bit DSA key, ID DE95BC1F, created 2000-05-31
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.4
Comment: Hostname: pgp.mit.edu
mQGiBDk1EfQRBACMYQsU1LMs37qOMMJhTkfyb5aruPapu8ICNR4kNk36jT/ld7oN/0xtqM/e
2S9VOzAd165POeEobxTXN234MOhj6PM9uJNOgAq1N1k1eWhGpVw2HIYsb40BHgKVf9mdrv73
75L18Sb8qv3CcBhJfK8oW0Zv2oeruWFDpsMr9ULxxwCgmjapuDrJDZN7HEtOCcPF8CoNTG8D
+wedGbKLvXg6NE5UyrkV3qfYwrPai84EsPY1VaWemF+hPch+14r0CUIOVADX87HaIBsTmGZ/
u6Ks9ZYALVZbwjQcyNp7MP4ZmvIpfHXdxgLJ+9DbKs6yTlgA1moUSERyfGq/kMC9nq3dVYgm
YmxxRuO8/eVKufvStnxhIr/av3o3A/0T4/hPXT2N4WCpvpCxKDIPy9/pqXcYjSEVbS1lfYP6
zfxNDKwuF2j4gRWmunJnPowIGx0+Zhl1dc68B6QOgxqenJNkNbSKUUm23MlzSeT6zyyAJcXW
///zxZ7t7Yq4L9+X6FQtJ8D7kbcB/NQv93UqZKnUplD+35b/xM6zP6UqerQoRGFuaWVsIFZl
aWxsYXJkIDxEYW5pZWwuVmVpbGxhcmRAdzMub3JnPohGBBARAgAGBQI5ejQrAAoJEMzzb5Mo
I0StyzsAoJDVaCAEqSWJWDwDrm1/NSTz6BqhAJ4kogPqBKq1/NesIIeDwdckRdd3qIhGBBAR
AgAGBQI5ejRvAAoJEB1KYQ5pci3uiOAAnjzeSHTAubogcX0HkSebDwhdUetbAKCOFTpvcVkm
VW47QfREL9NOtPhUZYhGBBARAgAGBQI5fZl/AAoJEDn49iWv7v6A3yYAoLWf6YQ6TD7xf1rW
rbGYhTMZMQ10AKCk4pYLsx6iFRsfcYfFo9JcYi+XMIhGBBARAgAGBQI5fvi8AAoJECQ/IKRD
vnVEZnYAni8Q6dFwrJAk6FjVWshDwFIuOULRAJ9NTGm+R1xJpVQERP4IaqLTpDoAEYhGBBAR
AgAGBQI5f8DjAAoJEHAzMIEIbIgD2AcAnA47eisX50dYaO90z3jCgCK9Ba9rAKDRxSvuzeTH
vWMod/4GqGJWLoyOLIhGBBARAgAGBQI5gOP4AAoJEDmVGBY0lpqJF3MAn1gez3jx9scwRTz1
YZxV8jFb973qAKC2iS4Ldys348K/deYKbYeEIqbrJIhGBBARAgAGBQI6NSaoAAoJEDdlHuot
pA0HfZoAoIDREKiALlsoejv/qHI91VKoMHG5AKCwVG/WeJidhynY2OU1RC6QOq2KmYhGBBAR
AgAGBQI7gX2lAAoJELvolyhq/bLown0AoMkKpTVkC4D3S4B32nQVeVGLOIweAKDcaxzBok3N
qUM/A/gGn4y2WzqHY4hGBBARAgAGBQI7gY+/AAoJEFJHr8cBuaFyKAkAoJm0MMByKDb4Clyu
wrxOCQsGnLVIAJ9Z/zrniNW9nKK4/tEspdyv4TLhGYhGBBARAgAGBQI7gZJPAAoJEKA6cWcs
inaRsk0AnjmiJWmep/o9AFoPYPtjjK5vNuhcAJ4u9C53x4d3z4RdyG2FnbWjMIeiAYhGBBAR
AgAGBQI75UlyAAoJEJ7fge5GzXZ0QqsAniGAQUqPvjapeKPH0G3VkwhX1qWUAJ9hgrsrVvAV
eXj+s9Bef7Pyl0wD3YhGBBARAgAGBQI8YSzuAAoJEDlhuoU154VchA4AoKnX9fEFkB8ReQox
jlxWLafErH7uAJ0QVxy9rL32p0PFwC6Qn4V6wmIuJIhGBBARAgAGBQI+ZTRLAAoJEFQUZr6x
LcGbCCMAniqod8Yz/F3SqXWldryKWOm6HNitAJ9d3w8KY2C4xCNzSxBmt7VDJTAkU4hGBBAR
AgAGBQI/gC4MAAoJEHV4bFtSgTOwzJEAnjD2Ak0DOo2mIAfd1VMOsdnu8cK7AJsGJwgyAp9T
M/nOtxGly0IdHKMhvYhGBBMRAgAGBQI+ZTceAAoJEFHEeWWe4Un9z/cAnjduT77cVlkKYlIr
PHTa/l9r5p7tAJsFajItfqyDhhd/JExUz7nS/ZxecIhWBBMRAgAWBQI5NRH0BAsKBAMDFQMC
AxYCAQIXgAAKCRBGBril3pW8HyjYAJ0bg3uZHA+/f974QtI0VE+0uKRpDACfTkTeyy9yyRzO
OSzPcoyLuvFDru6IXgQTEQIAFgUCOTUR9AQLCgQDAxUDAgMWAgECF4AAEgkQRga4pd6VvB8H
ZUdQRwABASjYAJ0bg3uZHA+/f974QtI0VE+0uKRpDACfTkTeyy9yyRzOOSzPcoyLuvFDru6J
ARwEEAECAAYFAj+ALf0ACgkQ4TXeg5d+zEV/fAf/Ru604Jm6N7c1RbRJkAKP2jhLPe+8f8Ln
BCtZqeRt832WvAezrx0A46MXUMLulIqsHeMCu6N8AU+I5XvESR/XII5Mce2GMgQNRW33xwYb
ChLOfhFjcrcYIbSXl78IkJL0830qwJoaL4TuPruKEY/egNHRwbYel7MSdpLsP8EZ6RoArxCX
qzhQGeRfe1FN48tLcxIpy+h8+z9mKlbzbvwNcb1g9Z5z0wL5QXWOqOObPz76UWDqxCXLePDw
bTtNkPllSMfd4QW52pgFe3vTBf9C+V6Z2b6OoRHB8a3wu0UctF9GmdeQLrrMHbpwAd1f4BLC
uQW2seVlCFDkEgLxMBkaF4kCHAQQAQIABgUCU1n6lwAKCRBZXlskaUZz7fPqD/sHP9Jly99g
0lKnXeihGJlOGXSIoSu3tjR3m7lEXsPnu5Gjan9FmMouG6HSFcNpIutEjY664NCpc9k8me1y
bUBhUDgFPbOL9YOf0P9Jf3Pv0dGyERKczw/ZDK9URiRLuuSgkn8yQI2q8QKZYBTleB9Iy8Nr
+VkQfWQpA/SgaUlM0nu3mkr6jKzXJmBrYDJIl0LAUjnZlSWB/ZBhBl+tqJNY/mcL+SENLZ1L
rtLSqHg+k2C7JdOPgb6kXsbEsKgQ6rFPHKnjCwtsKOc6MetVMwR0N/t34I8xChPHn837O8D/
/QzC42v5dVLwPU4v7YQq55qUHLTnwYPD/kKk98KmkQ87o25kgwPT60Fu/d89naV1RJlITsg/
g+WEuuCmPYwRAcLJ53t/YKL5Dflu/ELggFbDK1dOQLIe49XQj0Vi08FGyTJ5K0J9+sY6ELzs
2jzzxjWhyhjWvHyxIZUnVm9ONXeRbVKwCv6hls5OHaY6a1nMBzlawCq37TYl3Dz1w8QtSwCJ
SqAp596x/sC6W6JT3vGTGi33564yQmBCABYLNyXJw0SQ/Q/F2x/0o5sU/4vAuDBuTzV4y3sR
lbBBBmP71cO+zmQmatapMO8V8+lINEQc+WKlvcXb36vUShphDLtmsBHlmtcqsDxGtgXqtBQ3
BOYy/iNlJPFXU/JFEbgevWQg+bQ6RGFuaWVsIFZlaWxsYXJkIChSZWQgSGF0IHdvcmsgZW1h
aWwpIDx2ZWlsbGFyZEByZWRoYXQuY29tPoheBBMRAgAeBQJDUpSLAhsDBgsJCAcDAgMVAgMD
FgIBAh4BAheAAAoJEEYGuKXelbwfJcAAni8XquAlSF6z8WnJwQ6I7yrVTA6IAJ9NnwyV+dwE
1wkDg1eyogC6lcU8v4kCHAQQAQIABgUCU1n6kgAKCRBZXlskaUZz7ZnBD/9TIGS1KyGL0Bi1
WuP01JAMBzQ4Lgfi90Uwp6RZydZXAddAP3X1NBc8SqfcW8JZuB9BuStkcKvHnXK0+N9qJTrv
Id01FVApfi85W02ZTN1eB3YnVKPIQqzlSPzhsBSf26JNX2zjq8hW8dmKBdBp1AG/oLVtrim+
Jbl5qi8EiqdznDwOyKYPbkN8OwC2q0q5C8V/dCltQENTlkJKUCHHXbP5v8r0TjIPveOa5MDY
PmcoAnDC5D8OJlT6R0VLQzXpFEqET9o0CjDrynHH/8aOFGeIyesr0L+53VVgK/j2nq3XgduG
dtnoWon8/C8sNHmGowoQDT8hdGWjv/qIl3bESRoAqIEGAwJloD1skJNDNpOdnf+m7mV8HBGk
KUlQulXUCcVu608hKc34o+Jpmp2s1+qO12ta4AyahTJuew6KqTnHaO0xoyI9iPql07jZiane
kb+TJtXt/a+iTrHJV9lgtw/qeg9kfMp/AfDLy8dbCVQVtADaPlyBM8DdY7gkpDiH81kRl9A6
CLjedHPSDIjdPH74rVfFf+VZ5ZvYXD2YlNuraYrcp62xfMY8vAjNHMUXk1OKQCwUcxJq39U+
j7wIAfakziVUuyZS2kK7wSfFFWHWELp2JpK4HswY1uhSHZsP29a0/ixT8ZmgE/ycmK58kG0D
re2/KLGV/nQo4Ll9yUo+/rkBDQQ5NRH8EAQA6raUOSvHFNG42i2tV40BREp+exkXNnTXKS6m
iTUtTNjvu5i0VDDHrkPyvaM8ILRng3jvRdDhhv/tVclHJZ7JylE//45a/1Xa5fl3Jk8vNDW5
gy1PEwjAFBQUg375MbgeIpwwER+9c6UtsAMxYv2o03OIDyq7cLpJQo3p2G0OIUcAAwUEAMGy
b7gNE1ryao3pM9KgK+/iwsAglaAQm8Wd/AdsAROH6Wy1dwQ2QcecJ4m9ffE1MhCRQo//8VFG
HFHS2C24MDsnOVIgEVnWbEIVMzp5vFfC+kIF7Rr9nq3Bgr4wHo6y+204GF1Uc3r3Cb2Fn7YW
mk1NnVJ6teellDsxT+7MvfM/iEYEGBECAAYFAjk1EfwACgkQRga4pd6VvB86wwCePL+uqpMx
hi0dph9gu0hcNMuDmEgAoIbkOwWEzQJVRTO305bzlIYAOvUiiE4EGBECAAYFAjk1EfwAEgkQ
Rga4pd6VvB8HZUdQRwABATrDAJ48v66qkzGGLR2mH2C7SFw0y4OYSACghuQ7BYTNAlVFM7fT
lvOUhgA69SI=
=aP5f
-----END PGP PUBLIC KEY BLOCK-----
user: "James Fehlig (SUSE work email) <jfehlig(a)suse.com>"
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBFkDRwgBCADFsXGkfIAe2SUxscazpo0QsfPP8/IGKUYQEeRk0Y/C/Aww28Q5
aBDhxMUT4TAR+ySLCEgCPjMOhy5RhfmFNno4NytqmJZqGekq/CCQdJ+dA5twT3sr
wUyy3KFX7Zjah0jgIw8+4E/18xXM1C6ikf5+ZI1uPwhQSofpDgTxrHlL9KPuXuKz
iz/9Ke1EqBcNBrj6spI+Vj9JH0UaanshYj0BYqAYUaBvcqwdfHTi2wgScV/+Wo4S
vethdSY0qynR6R38sF9/vI49tdXQBcF9glX4zCyVH66nPVHS4QjjopCBKXoCeslE
X6F7e4fieozVJRk0zDamKqI3SD5cdordWRS7ABEBAAG0H0phbWVzIEZlaGxpZyA8
amZlaGxpZ0BzdXNlLmNvbT6JAVQEEwEIAD4WIQSNSIoQI3HbAaANy81k1VoV2uAu
wAUCWQNHCAIbAwUJA8JnAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBk1VoV
2uAuwO3DB/9ekJqOh9nCS8dYvCcKBS8NxC/JMImMzE6bdJHL3s1hsjUwqINY6sjw
REw1+QeMpYjK/AR6tvlw4l1XuH8bhgh9FHv3YncR+z8v+BVjDQvxDb/GvmgyrgtK
uc4kW2A0gx/X+QDAt0LyUHhq5tZrXJRw5lhIwBUbV/ysRxHpZgfKlOZwlHfLCvIr
/gM7vRM2Yki3vBJyYpIu8RRwLG7qIKCDZJZVoBJeWAOXHKX1T4rNiVq882zGQLxJ
2hS4JXCbYvbH30r+gkDamRiYaHRSjmXeNoXykixR9S03sSdxpZb+ct9/EoxviCbd
5X421k4IfR7KSPrdYLg8L8dK1kF7CYo1uQENBFkDRwgBCAC/cXAVobHKnekeRTA3
IFU4YBc+vsd/HQoLYpEIvKcXKlvXu8aK0KPo7lNF480asEw1Q1skcAiUDKlkmkCd
orPt8aN56wUzOMSbbsQ3sCcHjqp8bkjO/9xvAXxxE5xo717SCFPOklW8zGCLfC3x
ffdLCjbOLz/ceWX9rogPEMTNqV59TZNYIshKJhfrsFFCVPEHApUdFc9+GV3Q/AuR
xGAy3sz5X6A3N3ydcwDfR6K3XDttkpbVTrxRSUu12wovLcwqb7FtHTNYSijF1U04
vINMgcg64Dd6O3WXthpu/ePMw5UQRP7j/iuDUwCR6HFbqc9d66dHS+eVATd7jvqt
VNYVABEBAAGJATwEGAEIACYWIQSNSIoQI3HbAaANy81k1VoV2uAuwAUCWQNHCAIb
DAUJA8JnAAAKCRBk1VoV2uAuwP6+B/9r47oROSj8nItoI/VWgu+F4pH5Dl1MWid2
LICUx8BQ6ZNxSRUxoGlOdbLAfyLqERvOqNpBHa54SgGTvkxADtYMNuB6NCciR7z/
7s49io/jXthUahvorf6l7XI468v9J4b4xsYfKQiofonoY9fGmLism3RPqR8h+n4m
ywmOQMcweZgM4eXhi+SHJctg5mJdd5G/OdgOz+gIISFfrGrYmQCdlRpLP1im9a5c
n+szFhmrIXMGUT5auvbAGIQzuBI/F+fTmg1SN4+YTJLVEdHG5zYhUzqElYNkMwGJ
3aBhP3rFTdF/TXGI9aXs84nW3KYWQV18Av1rw0O+PKkX4fu4Yktc
=9Te5
-----END PGP PUBLIC KEY BLOCK-----
++++++ libvirtd-relocation-server.fw ++++++
## Name: Libvirtd Relocation Server
## Description: Enables libvirtd plain relocation service
TCP="49152:49215"
++++++ libvirtd-relocation-server.xml ++++++
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>libvirtd Migration Server</short>
<description>Enables TCP ports for libvirtd native migration</description>
<port protocol="tcp" port="49152-49215"/>
</service>
++++++ libxl-dom-reset.patch ++++++
commit 3ac6e50943a775c545aa7d4e4bde5fcb8a163b64
Author: Jim Fehlig <jfehlig(a)suse.com>
Date: Mon Jun 23 15:51:20 2014 -0600
libxl: support domainReset
Currently, libxl_send_trigger() does not implement the LIBXL_TRIGGER_RESET
option, but domainReset can be implemented in the libxl driver by
forcibly destroying the domain and starting it again.
Index: libvirt-6.0.0/src/libxl/libxl_driver.c
===================================================================
--- libvirt-6.0.0.orig/src/libxl/libxl_driver.c
+++ libvirt-6.0.0/src/libxl/libxl_driver.c
@@ -1371,6 +1371,61 @@ libxlDomainReboot(virDomainPtr dom, unsi
}
static int
+libxlDomainReset(virDomainPtr dom, unsigned int flags)
+{
+ libxlDriverPrivatePtr driver = dom->conn->privateData;
+ libxlDriverConfigPtr cfg = libxlDriverConfigGet(driver);
+ virDomainObjPtr vm;
+ int ret = -1;
+
+ virCheckFlags(0, -1);
+
+ if (!(vm = libxlDomObjFromDomain(dom)))
+ goto cleanup;
+
+ if (virDomainResetEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
+ if (libxlDomainObjBeginJob(driver, vm, LIBXL_JOB_MODIFY) < 0)
+ goto cleanup;
+
+ if (!virDomainObjIsActive(vm)) {
+ virReportError(VIR_ERR_OPERATION_INVALID,
+ "%s", _("Domain is not running"));
+ goto endjob;
+ }
+
+ /*
+ * The semantics of reset can be achieved by forcibly destroying
+ * the domain and starting it again.
+ */
+ if (libxl_domain_destroy(cfg->ctx, vm->def->id, NULL) < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Failed to reset domain '%d'"), vm->def->id);
+ goto endjob;
+ }
+
+ libxlDomainCleanup(driver, vm);
+
+ if (libxlDomainStartNew(driver, vm, false) < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Failed to start domain '%d' after reset"),
+ vm->def->id);
+ goto endjob;
+ }
+
+ ret = 0;
+
+ endjob:
+ libxlDomainObjEndJob(driver, vm);
+
+ cleanup:
+ virDomainObjEndAPI(&vm);
+ virObjectUnref(cfg);
+ return ret;
+}
+
+static int
libxlDomainDestroyFlags(virDomainPtr dom,
unsigned int flags)
{
@@ -6616,6 +6671,7 @@ static virHypervisorDriver libxlHypervis
.domainShutdown = libxlDomainShutdown, /* 0.9.0 */
.domainShutdownFlags = libxlDomainShutdownFlags, /* 0.9.10 */
.domainReboot = libxlDomainReboot, /* 0.9.0 */
+ .domainReset = libxlDomainReset, /* 1.2.16 */
.domainDestroy = libxlDomainDestroy, /* 0.9.0 */
.domainDestroyFlags = libxlDomainDestroyFlags, /* 0.9.4 */
#ifdef LIBXL_HAVE_DOMAIN_SUSPEND_ONLY
++++++ libxl-set-cach-mode.patch ++++++
https://bugzilla.novell.com/show_bug.cgi?id=879425
---
src/libxl/libxl_conf.c | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
Index: libvirt-6.0.0/src/libxl/libxl_conf.c
===================================================================
--- libvirt-6.0.0.orig/src/libxl/libxl_conf.c
+++ libvirt-6.0.0/src/libxl/libxl_conf.c
@@ -913,6 +913,30 @@ libxlDiskSetDiscard(libxl_device_disk *x
#endif
}
+static void
+libxlDiskSetCacheMode(libxl_device_disk *x_disk, int cachemode)
+{
+ switch (cachemode) {
+#if defined(LIBXL_HAVE_LIBXL_DEVICE_DISK_DISABLE_FLUSH_MAGIC)
+ case VIR_DOMAIN_DISK_CACHE_UNSAFE:
+ if (x_disk->readwrite)
+ x_disk->readwrite = (x_disk->readwrite & LIBXL_HAVE_LIBXL_DEVICE_DISK_DISABLE_FLUSH_MASK) | LIBXL_HAVE_LIBXL_DEVICE_DISK_DISABLE_FLUSH_MAGIC;
+ break;
+#endif
+#if defined(LIBXL_HAVE_DEVICE_DISK_DIRECT_IO_SAFE)
+ case VIR_DOMAIN_DISK_CACHE_DIRECTSYNC:
+ x_disk->direct_io_safe = true;
+ break;
+#endif
+ case VIR_DOMAIN_DISK_CACHE_DEFAULT:
+ case VIR_DOMAIN_DISK_CACHE_DISABLE:
+ case VIR_DOMAIN_DISK_CACHE_WRITETHRU:
+ case VIR_DOMAIN_DISK_CACHE_WRITEBACK:
+ default:
+ break;
+ }
+}
+
static char *
libxlMakeNetworkDiskSrcStr(virStorageSourcePtr src,
const char *username,
@@ -1154,6 +1178,7 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk
x_disk->is_cdrom = l_disk->device == VIR_DOMAIN_DISK_DEVICE_CDROM ? 1 : 0;
if (libxlDiskSetDiscard(x_disk, l_disk->discard) < 0)
return -1;
+ libxlDiskSetCacheMode(x_disk, l_disk->cachemode);
/* An empty CDROM must have the empty format, otherwise libxl fails. */
if (x_disk->is_cdrom && !x_disk->pdev_path)
x_disk->format = LIBXL_DISK_FORMAT_EMPTY;
++++++ libxl-set-migration-constraints.patch ++++++
>From 6409e928eb4c2287dca59b139650fab77ea99fb8 Mon Sep 17 00:00:00 2001
From: Olaf Hering <olaf(a)aepfle.de>
Date: Fri, 9 May 2014 11:55:31 -0600
Subject: [PATCH] libvirt: set migration constraints from cmdline
References: fate#316614
Signed-off-by: Olaf Hering <olaf(a)aepfle.de>
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
---
include/libvirt/libvirt-domain.h | 25 +++++++++++++++++++++++++
src/libxl/libxl_driver.c | 17 ++++++++++++++++-
src/libxl/libxl_migration.c | 29 +++++++++++++++++++++++++----
src/libxl/libxl_migration.h | 14 +++++++++++++-
tools/virsh-domain.c | 38 ++++++++++++++++++++++++++++++++++++++
tools/virsh.pod | 8 ++++++++
6 files changed, 125 insertions(+), 6 deletions(-)
Index: libvirt-6.0.0/include/libvirt/libvirt-domain.h
===================================================================
--- libvirt-6.0.0.orig/include/libvirt/libvirt-domain.h
+++ libvirt-6.0.0/include/libvirt/libvirt-domain.h
@@ -1065,6 +1065,31 @@ typedef enum {
*/
# define VIR_MIGRATE_PARAM_TLS_DESTINATION "tls.destination"
+/**
+ * VIR_MIGRATE_PARAM_SUSE_MAX_ITERS:
+ *
+ * virDomainMigrate* params field: xc_domain_save max_iters
+ */
+#define VIR_MIGRATE_PARAM_SUSE_MAX_ITERS "max_iters"
+/**
+ * VIR_MIGRATE_PARAM_SUSE_MAX_FACTOR:
+ *
+ * virDomainMigrate* params field: xc_domain_save max_factor
+ */
+#define VIR_MIGRATE_PARAM_SUSE_MAX_FACTOR "max_factor"
+/**
+ * VIR_MIGRATE_PARAM_SUSE_MIN_REMAINING:
+ *
+ * virDomainMigrate* params field: xc_domain_save min_remaining
+ */
+#define VIR_MIGRATE_PARAM_SUSE_MIN_REMAINING "min_remaining"
+/**
+ * VIR_MIGRATE_PARAM_SUSE_ABORT_IF_BUSY:
+ *
+ * virDomainMigrate* params field: xc_domain_save abort_if_busy
+ */
+#define VIR_MIGRATE_PARAM_SUSE_ABORT_IF_BUSY "abort_if_busy"
+
/* Domain migration. */
virDomainPtr virDomainMigrate (virDomainPtr domain, virConnectPtr dconn,
unsigned long flags, const char *dname,
Index: libvirt-6.0.0/src/libxl/libxl_driver.c
===================================================================
--- libvirt-6.0.0.orig/src/libxl/libxl_driver.c
+++ libvirt-6.0.0/src/libxl/libxl_driver.c
@@ -6181,6 +6181,9 @@ libxlDomainMigratePerform3Params(virDoma
const char *dname = NULL;
const char *uri = NULL;
int ret = -1;
+ libxlDomainMigrationProps props = {
+ .virFlags = flags,
+ };
#ifdef LIBXL_HAVE_NO_SUSPEND_RESUME
virReportUnsupportedError();
@@ -6197,6 +6200,18 @@ libxlDomainMigratePerform3Params(virDoma
virTypedParamsGetString(params, nparams,
VIR_MIGRATE_PARAM_DEST_NAME,
&dname) < 0 ||
+ virTypedParamsGetUInt(params, nparams,
+ VIR_MIGRATE_PARAM_SUSE_MAX_ITERS,
+ &props.max_iters) < 0 ||
+ virTypedParamsGetUInt(params, nparams,
+ VIR_MIGRATE_PARAM_SUSE_MAX_FACTOR,
+ &props.max_factor) < 0 ||
+ virTypedParamsGetUInt(params, nparams,
+ VIR_MIGRATE_PARAM_SUSE_MIN_REMAINING,
+ &props.min_remaining) < 0 ||
+ virTypedParamsGetUInt(params, nparams,
+ VIR_MIGRATE_PARAM_SUSE_ABORT_IF_BUSY,
+ &props.abort_if_busy) < 0 ||
virTypedParamsGetString(params, nparams,
VIR_MIGRATE_PARAM_URI,
&uri) < 0)
@@ -6211,11 +6226,11 @@ libxlDomainMigratePerform3Params(virDoma
if ((flags & (VIR_MIGRATE_TUNNELLED | VIR_MIGRATE_PEER2PEER))) {
if (libxlDomainMigrationSrcPerformP2P(driver, vm, dom->conn, dom_xml,
- dconnuri, uri, dname, flags) < 0)
+ dconnuri, uri, dname, &props) < 0)
goto cleanup;
} else {
if (libxlDomainMigrationSrcPerform(driver, vm, dom_xml, dconnuri,
- uri, dname, flags) < 0)
+ uri, dname, &props) < 0)
goto cleanup;
}
Index: libvirt-6.0.0/src/libxl/libxl_migration.c
===================================================================
--- libvirt-6.0.0.orig/src/libxl/libxl_migration.c
+++ libvirt-6.0.0/src/libxl/libxl_migration.c
@@ -338,18 +338,39 @@ libxlMigrateDstReceive(virNetSocketPtr s
static int
libxlDoMigrateSrcSend(libxlDriverPrivatePtr driver,
virDomainObjPtr vm,
- unsigned long flags,
+ const libxlDomainMigrationProps *props,
int sockfd)
{
libxlDriverConfigPtr cfg = libxlDriverConfigGet(driver);
+#ifdef LIBXL_HAVE_DOMAIN_SUSPEND_SUSE
+ libxl_domain_suspend_suse_properties libxl_props = {
+ .flags = 0,
+ };
+#else
int xl_flags = 0;
+#endif
int ret;
- if (flags & VIR_MIGRATE_LIVE)
+#ifdef LIBXL_HAVE_DOMAIN_SUSPEND_SUSE
+ if (props->virFlags & VIR_MIGRATE_LIVE)
+ libxl_props.flags |= LIBXL_SUSPEND_LIVE;
+
+ libxl_props.max_iters = props->max_iters;
+ libxl_props.max_factor = props->max_factor;
+ libxl_props.min_remaining = props->min_remaining;
+ if (props->abort_if_busy)
+ libxl_props.flags |= LIBXL_SUSPEND_ABORT_IF_BUSY;
+
+ ret = libxl_domain_suspend_suse(cfg->ctx, vm->def->id, sockfd,
+ &libxl_props, NULL);
+#else
+ if (props->virFlags & VIR_MIGRATE_LIVE)
xl_flags = LIBXL_SUSPEND_LIVE;
ret = libxl_domain_suspend(cfg->ctx, vm->def->id, sockfd,
xl_flags, NULL);
+#endif
+
if (ret != 0) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("Failed to send migration data to destination host"));
@@ -902,7 +923,7 @@ struct libxlTunnelControl {
static int
libxlMigrationSrcStartTunnel(libxlDriverPrivatePtr driver,
virDomainObjPtr vm,
- unsigned long flags,
+ const libxlDomainMigrationProps *props,
virStreamPtr st,
struct libxlTunnelControl **tnl)
{
@@ -935,7 +956,7 @@ libxlMigrationSrcStartTunnel(libxlDriver
virObjectUnlock(vm);
/* Send data to pipe */
- ret = libxlDoMigrateSrcSend(driver, vm, flags, tc->dataFD[1]);
+ ret = libxlDoMigrateSrcSend(driver, vm, props, tc->dataFD[1]);
virObjectLock(vm);
out:
@@ -971,7 +992,7 @@ libxlDoMigrateSrcP2P(libxlDriverPrivateP
const char *dconnuri G_GNUC_UNUSED,
const char *dname,
const char *uri,
- unsigned int flags)
+ const libxlDomainMigrationProps *props)
{
virDomainPtr ddomain = NULL;
virTypedParameterPtr params = NULL;
@@ -1016,11 +1037,11 @@ libxlDoMigrateSrcP2P(libxlDriverPrivateP
/* We don't require the destination to have P2P support
* as it looks to be normal migration from the receiver perspective.
*/
- destflags = flags & ~(VIR_MIGRATE_PEER2PEER);
+ destflags = props->virFlags & ~(VIR_MIGRATE_PEER2PEER);
VIR_DEBUG("Prepare3");
virObjectUnlock(vm);
- if (flags & VIR_MIGRATE_TUNNELLED) {
+ if (props->virFlags & VIR_MIGRATE_TUNNELLED) {
if (!(st = virStreamNew(dconn, 0)))
goto confirm;
ret = dconn->driver->domainMigratePrepareTunnel3Params
@@ -1034,7 +1055,7 @@ libxlDoMigrateSrcP2P(libxlDriverPrivateP
if (ret == -1)
goto confirm;
- if (!(flags & VIR_MIGRATE_TUNNELLED)) {
+ if (!(props->virFlags & VIR_MIGRATE_TUNNELLED)) {
if (uri_out) {
if (virTypedParamsReplaceString(¶ms, &nparams,
VIR_MIGRATE_PARAM_URI, uri_out) < 0) {
@@ -1049,11 +1070,11 @@ libxlDoMigrateSrcP2P(libxlDriverPrivateP
}
VIR_DEBUG("Perform3 uri=%s", NULLSTR(uri_out));
- if (flags & VIR_MIGRATE_TUNNELLED)
- ret = libxlMigrationSrcStartTunnel(driver, vm, flags, st, &tc);
+ if (props->virFlags & VIR_MIGRATE_TUNNELLED)
+ ret = libxlMigrationSrcStartTunnel(driver, vm, props, st, &tc);
else
ret = libxlDomainMigrationSrcPerform(driver, vm, NULL, NULL,
- uri_out, NULL, flags);
+ uri_out, NULL, props);
if (ret < 0) {
notify_source = false;
virErrorPreserveLast(&orig_err);
@@ -1088,7 +1109,7 @@ libxlDoMigrateSrcP2P(libxlDriverPrivateP
confirm:
if (notify_source) {
VIR_DEBUG("Confirm3 cancelled=%d vm=%p", cancelled, vm);
- ret = libxlDomainMigrationSrcConfirm(driver, vm, flags, cancelled);
+ ret = libxlDomainMigrationSrcConfirm(driver, vm, props->virFlags, cancelled);
if (ret < 0)
VIR_WARN("Guest %s probably left in 'paused' state on source",
@@ -1096,7 +1117,7 @@ libxlDoMigrateSrcP2P(libxlDriverPrivateP
}
cleanup:
- if (flags & VIR_MIGRATE_TUNNELLED) {
+ if (props->virFlags & VIR_MIGRATE_TUNNELLED) {
libxlMigrationSrcStopTunnel(tc);
virObjectUnref(st);
}
@@ -1140,7 +1161,7 @@ libxlDomainMigrationSrcPerformP2P(libxlD
const char *dconnuri,
const char *uri_str G_GNUC_UNUSED,
const char *dname,
- unsigned int flags)
+ const libxlDomainMigrationProps *props)
{
int ret = -1;
bool useParams;
@@ -1175,7 +1196,7 @@ libxlDomainMigrationSrcPerformP2P(libxlD
}
ret = libxlDoMigrateSrcP2P(driver, vm, sconn, xmlin, dconn, dconnuri,
- dname, uri_str, flags);
+ dname, uri_str, props);
if (ret < 0) {
/*
@@ -1202,7 +1223,7 @@ libxlDomainMigrationSrcPerform(libxlDriv
const char *dconnuri G_GNUC_UNUSED,
const char *uri_str,
const char *dname G_GNUC_UNUSED,
- unsigned int flags)
+ const libxlDomainMigrationProps *props)
{
libxlDomainObjPrivatePtr priv = vm->privateData;
char *hostname = NULL;
@@ -1238,7 +1259,7 @@ libxlDomainMigrationSrcPerform(libxlDriv
/* suspend vm and send saved data to dst through socket fd */
virObjectUnlock(vm);
- ret = libxlDoMigrateSrcSend(driver, vm, flags, sockfd);
+ ret = libxlDoMigrateSrcSend(driver, vm, props, sockfd);
virObjectLock(vm);
if (ret == 0) {
Index: libvirt-6.0.0/src/libxl/libxl_migration.h
===================================================================
--- libvirt-6.0.0.orig/src/libxl/libxl_migration.h
+++ libvirt-6.0.0/src/libxl/libxl_migration.h
@@ -35,6 +35,10 @@
VIR_MIGRATE_PARAM_URI, VIR_TYPED_PARAM_STRING, \
VIR_MIGRATE_PARAM_DEST_NAME, VIR_TYPED_PARAM_STRING, \
VIR_MIGRATE_PARAM_DEST_XML, VIR_TYPED_PARAM_STRING, \
+ VIR_MIGRATE_PARAM_SUSE_MAX_ITERS, VIR_TYPED_PARAM_UINT, \
+ VIR_MIGRATE_PARAM_SUSE_MAX_FACTOR, VIR_TYPED_PARAM_UINT, \
+ VIR_MIGRATE_PARAM_SUSE_MIN_REMAINING, VIR_TYPED_PARAM_UINT, \
+ VIR_MIGRATE_PARAM_SUSE_ABORT_IF_BUSY, VIR_TYPED_PARAM_UINT, \
NULL
char *
@@ -66,6 +70,14 @@ libxlDomainMigrationDstPrepare(virConnec
int cookieinlen,
unsigned int flags);
+typedef struct {
+ unsigned int virFlags;
+ unsigned int max_iters;
+ unsigned int max_factor;
+ unsigned int min_remaining;
+ unsigned int abort_if_busy;
+} libxlDomainMigrationProps;
+
int
libxlDomainMigrationSrcPerformP2P(libxlDriverPrivatePtr driver,
virDomainObjPtr vm,
@@ -74,7 +86,7 @@ libxlDomainMigrationSrcPerformP2P(libxlD
const char *dconnuri,
const char *uri_str,
const char *dname,
- unsigned int flags);
+ const libxlDomainMigrationProps *props);
int
libxlDomainMigrationSrcPerform(libxlDriverPrivatePtr driver,
@@ -83,7 +95,7 @@ libxlDomainMigrationSrcPerform(libxlDriv
const char *dconnuri,
const char *uri_str,
const char *dname,
- unsigned int flags);
+ const libxlDomainMigrationProps *props);
virDomainPtr
libxlDomainMigrationDstFinish(virConnectPtr dconn,
Index: libvirt-6.0.0/tools/virsh-domain.c
===================================================================
--- libvirt-6.0.0.orig/tools/virsh-domain.c
+++ libvirt-6.0.0/tools/virsh-domain.c
@@ -10589,6 +10589,22 @@ static const vshCmdOptDef opts_migrate[]
.type = VSH_OT_STRING,
.help = N_("override the destination host name used for TLS verification")
},
+ {.name = "max_iters",
+ .type = VSH_OT_INT,
+ .help = N_("SUSE libxl: Number of iterations before final suspend (default: 30).")
+ },
+ {.name = "max_factor",
+ .type = VSH_OT_INT,
+ .help = N_("SUSE libxl: Max amount of memory to transfer before final suspend (default: 3*RAM).")
+ },
+ {.name = "min_remaining",
+ .type = VSH_OT_INT,
+ .help = N_("SUSE libxl: Number of dirty pages before final suspend (default: 50).")
+ },
+ {.name = "abort_if_busy",
+ .type = VSH_OT_BOOL,
+ .help = N_("SUSE libxl: Abort migration instead of doing final suspend.")
+ },
{.name = NULL}
};
@@ -10612,6 +10628,7 @@ doMigrate(void *opaque)
unsigned long long ullOpt = 0;
int rv;
virConnectPtr dconn = data->dconn;
+ unsigned int uint_opt = 0;
sigemptyset(&sigmask);
sigaddset(&sigmask, SIGINT);
@@ -10731,6 +10748,27 @@ doMigrate(void *opaque)
goto save_error;
}
+ if (vshCommandOptUInt(ctl, cmd, "max_iters", &uint_opt) > 0 && uint_opt) {
+ if (virTypedParamsAddUInt(¶ms, &nparams, &maxparams,
+ VIR_MIGRATE_PARAM_SUSE_MAX_ITERS, uint_opt) < 0)
+ goto save_error;
+ }
+ if (vshCommandOptUInt(ctl, cmd, "max_factor", &uint_opt) > 0 && uint_opt) {
+ if (virTypedParamsAddUInt(¶ms, &nparams, &maxparams,
+ VIR_MIGRATE_PARAM_SUSE_MAX_FACTOR, uint_opt) < 0)
+ goto save_error;
+ }
+ if (vshCommandOptUInt(ctl, cmd, "min_remaining", &uint_opt) > 0 && uint_opt) {
+ if (virTypedParamsAddUInt(¶ms, &nparams, &maxparams,
+ VIR_MIGRATE_PARAM_SUSE_MIN_REMAINING, uint_opt) < 0)
+ goto save_error;
+ }
+ if (vshCommandOptBool(cmd, "abort_if_busy")) {
+ if (virTypedParamsAddUInt(¶ms, &nparams, &maxparams,
+ VIR_MIGRATE_PARAM_SUSE_ABORT_IF_BUSY, 1) < 0)
+ goto save_error;
+ }
+
if (vshCommandOptStringReq(ctl, cmd, "xml", &opt) < 0)
goto out;
if (opt) {
Index: libvirt-6.0.0/docs/manpages/virsh.rst
===================================================================
--- libvirt-6.0.0.orig/docs/manpages/virsh.rst
+++ libvirt-6.0.0/docs/manpages/virsh.rst
@@ -3088,6 +3088,8 @@ migrate
[--postcopy-bandwidth bandwidth]
[--parallel [--parallel-connections connections]]
[--bandwidth bandwidth] [--tls-destination hostname]
+ [--max_iters num] [--max_factor num] [--min_remaining num]
+ [--abort_if_busy]
Migrate domain to another host. Add *--live* for live migration; <--p2p>
for peer-2-peer migration; *--direct* for direct migration; or *--tunnelled*
@@ -3193,6 +3195,14 @@ parallel connections. The number of such
network link between the source and the target and thus speeding up the
migration.
+SUSE-specific options for Xen: *--max_iters* allows specifying the maximum
+number of iterations before final suspend. Default is 30. *--max_factor*
+allows specifying the maximum amount of memory to transfer before final suspend.
+Default is (3*VM memory size). *--min_remaining* allows specifying the
+number of dirty pages before final suspend. Default is 50. *--abort_if_busy*
+can be used to abort the migration instead of doing the final suspend for VMs
+with busy workloads.
+
Running migration can be canceled by interrupting virsh (usually using
``Ctrl-C``) or by ``domjobabort`` command sent from another virsh instance.
++++++ libxl-support-block-script.patch ++++++
libxl: set script field of libxl_device_disk
Add a hack to the libvirt libxl driver to set
libxl_device_disk->script when the disk configuration starts
with some well-known Xen external block scripts: dmmd, drbd,
and npiv.
For more details, see bsc#954872 and FATE#319810
Index: libvirt-6.0.0/src/libxl/libxl_conf.c
===================================================================
--- libvirt-6.0.0.orig/src/libxl/libxl_conf.c
+++ libvirt-6.0.0/src/libxl/libxl_conf.c
@@ -913,6 +913,22 @@ libxlDiskSetDiscard(libxl_device_disk *x
#endif
}
+static int
+libxlDiskSetScript(libxl_device_disk *x_disk, const char *disk_spec)
+{
+ if (disk_spec == NULL)
+ return 0;
+
+ if (STRPREFIX(disk_spec, "dmmd:"))
+ x_disk->script = g_strdup("block-dmmd");
+ else if (STRPREFIX(disk_spec, "drbd:"))
+ x_disk->script = g_strdup("block-drbd");
+ else if (STRPREFIX(disk_spec, "npiv:"))
+ x_disk->script = g_strdup("block-npiv");
+
+ return 0;
+}
+
static void
libxlDiskSetCacheMode(libxl_device_disk *x_disk, int cachemode)
{
@@ -1053,6 +1069,7 @@ libxlMakeNetworkDiskSrc(virStorageSource
int
libxlMakeDisk(virDomainDiskDefPtr l_disk, libxl_device_disk *x_disk)
{
+ const char *src = virDomainDiskGetSource(l_disk);
const char *driver = virDomainDiskGetDriver(l_disk);
int format = virDomainDiskGetFormat(l_disk);
int actual_type = virStorageSourceGetActualType(l_disk->src);
@@ -1068,7 +1085,7 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk
if (libxlMakeNetworkDiskSrc(l_disk->src, &x_disk->pdev_path) < 0)
return -1;
} else {
- x_disk->pdev_path = g_strdup(virDomainDiskGetSource(l_disk));
+ x_disk->pdev_path = g_strdup(src);
}
x_disk->vdev = g_strdup(l_disk->dst);
@@ -1179,6 +1196,9 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk
if (libxlDiskSetDiscard(x_disk, l_disk->discard) < 0)
return -1;
libxlDiskSetCacheMode(x_disk, l_disk->cachemode);
+ if (libxlDiskSetScript(x_disk, src) < 0)
+ return -1;
+
/* An empty CDROM must have the empty format, otherwise libxl fails. */
if (x_disk->is_cdrom && !x_disk->pdev_path)
x_disk->format = LIBXL_DISK_FORMAT_EMPTY;
++++++ lxc-wait-after-eth-del.patch ++++++
>From 3bff82b57564ffc1fe4fff23f9d121fcf410dd5a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat(a)suse.com>
Date: Wed, 25 Nov 2015 11:43:56 +0100
Subject: [PATCH] Wait for udev events to be handled after removing veth
As per http://www.redhat.com/archives/libvir-list/2013-July/msg01279.html,
wait for udev events to be handled after removing a virtual NIC.
Any udev rule associated to NIC destroy could happen to run with a new
device with the same name that is being created.
---
src/lxc/lxc_controller.c | 1 +
src/lxc/lxc_driver.c | 2 ++
src/lxc/lxc_process.c | 1 +
3 files changed, 4 insertions(+)
Index: libvirt-6.0.0/src/lxc/lxc_controller.c
===================================================================
--- libvirt-6.0.0.orig/src/lxc/lxc_controller.c
+++ libvirt-6.0.0/src/lxc/lxc_controller.c
@@ -69,6 +69,7 @@
#include "rpc/virnetdaemon.h"
#include "virstring.h"
#include "virgettext.h"
+#include "virutil.h"
#define VIR_FROM_THIS VIR_FROM_LXC
@@ -2009,6 +2010,7 @@ static int virLXCControllerDeleteInterfa
if (virNetDevVethDelete(ctrl->veths[i]) < 0)
ret = -1;
}
+ virWaitForDevices();
return ret;
}
Index: libvirt-6.0.0/src/lxc/lxc_driver.c
===================================================================
--- libvirt-6.0.0.orig/src/lxc/lxc_driver.c
+++ libvirt-6.0.0/src/lxc/lxc_driver.c
@@ -70,6 +70,7 @@
#include "virtime.h"
#include "virtypedparam.h"
#include "viruri.h"
+#include "virutil.h"
#include "virstring.h"
#include "viraccessapicheck.h"
#include "viraccessapichecklxc.h"
@@ -3903,6 +3904,7 @@ lxcDomainAttachDeviceNetLive(virLXCDrive
case VIR_DOMAIN_NET_TYPE_NETWORK:
case VIR_DOMAIN_NET_TYPE_ETHERNET:
ignore_value(virNetDevVethDelete(veth));
+ virWaitForDevices();
break;
case VIR_DOMAIN_NET_TYPE_DIRECT:
@@ -4343,6 +4345,7 @@ lxcDomainDetachDeviceNetLive(virDomainOb
virDomainAuditNet(vm, detach, NULL, "detach", false);
goto cleanup;
}
+ virWaitForDevices();
break;
/* It'd be nice to support this, but with macvlan
Index: libvirt-6.0.0/src/lxc/lxc_process.c
===================================================================
--- libvirt-6.0.0.orig/src/lxc/lxc_process.c
+++ libvirt-6.0.0/src/lxc/lxc_process.c
@@ -51,6 +51,7 @@
#include "viratomic.h"
#include "virprocess.h"
#include "virsystemd.h"
+#include "virutil.h"
#include "netdev_bandwidth_conf.h"
#define VIR_FROM_THIS VIR_FROM_LXC
@@ -231,6 +232,7 @@ static void virLXCProcessCleanup(virLXCD
VIR_WARN("Unable to release network device '%s'", NULLSTR(iface->ifname));
}
}
+ virWaitForDevices();
virDomainConfVMNWFilterTeardown(vm);
++++++ network-don-t-use-dhcp-authoritative-on-static-netwo.patch ++++++
>From 15c7f9a6e7678238ef06f5d805984addb6f8bcdb Mon Sep 17 00:00:00 2001
From: Martin Wilck <mwilck(a)suse.com>
Date: Thu, 15 Dec 2016 10:17:05 +0100
Subject: [PATCH] network: don't use dhcp-authoritative on static networks
"Static" DHCP networks are those where no dynamic DHCP range is
defined, only a list of host entries is used to serve permanent
IP addresses. On such networks, we don't want dnsmasq to reply
to other requests than those statically defined. But
"dhcp-authoritative" will cause dnsmasq to do just that.
Therefore we can't use "dhcp-authoritative" for static networks.
Fixes: 4ac20b3ae "network: add dnsmasq option 'dhcp-authoritative'"
Signed-off-by: Martin Wilck <mwilck(a)suse.com>
---
src/network/bridge_driver.c | 9 ++++++++-
tests/networkxml2confdata/dhcp6host-routed-network.conf | 1 -
2 files changed, 8 insertions(+), 2 deletions(-)
Index: libvirt-6.0.0/src/network/bridge_driver.c
===================================================================
--- libvirt-6.0.0.orig/src/network/bridge_driver.c
+++ libvirt-6.0.0/src/network/bridge_driver.c
@@ -1497,7 +1497,14 @@ networkDnsmasqConfContents(virNetworkObj
if (VIR_SOCKET_ADDR_IS_FAMILY(&ipdef->address, AF_INET)) {
if (ipdef->nranges || ipdef->nhosts) {
virBufferAddLit(&configbuf, "dhcp-no-override\n");
- virBufferAddLit(&configbuf, "dhcp-authoritative\n");
+ /*
+ * Use "dhcp-authoritative" only for dynamic DHCP.
+ * In a static-only network, it would cause dnsmasq
+ * to reply to requests from other hosts than those
+ * statically defined.
+ */
+ if (ipdef->nranges || !ipdef->nhosts)
+ virBufferAddLit(&configbuf, "dhcp-authoritative\n");
}
if (ipdef->tftproot) {
Index: libvirt-6.0.0/tests/networkxml2confdata/dhcp6host-routed-network.conf
===================================================================
--- libvirt-6.0.0.orig/tests/networkxml2confdata/dhcp6host-routed-network.conf
+++ libvirt-6.0.0/tests/networkxml2confdata/dhcp6host-routed-network.conf
@@ -10,7 +10,6 @@ bind-dynamic
interface=virbr1
dhcp-range=192.168.122.1,static
dhcp-no-override
-dhcp-authoritative
dhcp-range=2001:db8:ac10:fd01::1,static,64
dhcp-hostsfile=/var/lib/libvirt/dnsmasq/local.hostsfile
addn-hosts=/var/lib/libvirt/dnsmasq/local.addnhosts
++++++ ppc64le-canonical-name.patch ++++++
Canonicalize hostarch name ppc64le to ppc64
See bnc#894956
Index: libvirt-6.0.0/src/util/virarch.c
===================================================================
--- libvirt-6.0.0.orig/src/util/virarch.c
+++ libvirt-6.0.0/src/util/virarch.c
@@ -172,6 +172,8 @@ virArch virArchFromHost(void)
arch = VIR_ARCH_I686;
} else if (STREQ(ut.machine, "amd64")) {
arch = VIR_ARCH_X86_64;
+ } else if (STREQ(ut.machine, "ppc64le")) {
+ arch = VIR_ARCH_PPC64;
} else {
/* Otherwise assume the canonical name */
if ((arch = virArchFromString(ut.machine)) == VIR_ARCH_NONE) {
++++++ qemu-apparmor-screenshot.patch ++++++
Index: libvirt-6.0.0/src/security/apparmor/libvirt-qemu
===================================================================
--- libvirt-6.0.0.orig/src/security/apparmor/libvirt-qemu
+++ libvirt-6.0.0/src/security/apparmor/libvirt-qemu
@@ -228,3 +228,6 @@
# required for sasl GSSAPI plugin
/etc/gss/mech.d/ r,
/etc/gss/mech.d/* r,
+
+ # Temporary screendump rule -- See bsc#904426
+ /var/cache/libvirt/qemu/qemu.screendump.* rw,
++++++ support-managed-pci-xen-driver.patch ++++++
>From 5aeda96eafd230af55343e7ef835e081ded484aa Mon Sep 17 00:00:00 2001
From: Chunyan Liu <cyliu(a)suse.com>
Date: Fri, 25 Jan 2013 17:37:14 +0800
Subject: [PATCH] support managed pci devices in xen driver
---
src/xenxs/xen_sxpr.c | 22 ++++++++--------------
src/xenxs/xen_xm.c | 28 +++++++++++++++++++++++++++-
2 files changed, 35 insertions(+), 15 deletions(-)
Index: libvirt-6.0.0/src/libxl/xen_common.c
===================================================================
--- libvirt-6.0.0.orig/src/libxl/xen_common.c
+++ libvirt-6.0.0/src/libxl/xen_common.c
@@ -381,12 +381,19 @@ xenParsePCI(char *entry)
int busID;
int slotID;
int funcID;
+ char *opt;
+ int managed = 0;
domain[0] = bus[0] = slot[0] = func[0] = '\0';
/* pci=['0000:00:1b.0','0000:00:13.0'] */
if (!(key = entry))
return NULL;
+
+ opt = strchr(key, ',');
+ if (opt)
+ opt++;
+
if (!(nextkey = strchr(key, ':')))
return NULL;
if (virStrncpy(domain, key, (nextkey - key), sizeof(domain)) < 0) {
@@ -431,10 +438,30 @@ xenParsePCI(char *entry)
if (virStrToLong_i(func, NULL, 16, &funcID) < 0)
return NULL;
+ if (opt) {
+ char opt_managed[2];
+ char *data;
+
+ opt_managed[0] = '\0';
+ data = strchr(opt, '=');
+ data++;
+
+ if (STRPREFIX(opt, "managed=")) {
+ if (virStrncpy(opt_managed, data, 1, sizeof(opt_managed)) < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("managed option %s too big for destination"),
+ data);
+ return NULL;
+ }
+ }
+ if (virStrToLong_i(opt_managed, NULL, 10, &managed) < 0)
+ return NULL;
+ }
+
if (!(hostdev = virDomainHostdevDefNew()))
return NULL;
- hostdev->managed = false;
+ hostdev->managed = managed ? true : false;
hostdev->source.subsys.type = VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI;
hostdev->source.subsys.u.pci.addr.domain = domainID;
hostdev->source.subsys.u.pci.addr.bus = busID;
++++++ suse-apparmor-libnl-paths.patch ++++++
Apparmor: Adjust libnl paths
In SUSE distros, libnl paths generally contain only 'libnl', and
not an embedded version number such as 'libnl-3'. Use 'libnl*' in
the virt-aa-helper profile to accommodate all libnl path variants.
It was also noticed that the per-domain profiles need a libnl rule
to squelch a denial when starting confined domains.
Found while investigating bsc#1058847
Index: libvirt-6.0.0/src/security/apparmor/libvirt-qemu
===================================================================
--- libvirt-6.0.0.orig/src/security/apparmor/libvirt-qemu
+++ libvirt-6.0.0/src/security/apparmor/libvirt-qemu
@@ -63,6 +63,7 @@
#/dev/fb* rw,
/etc/pulse/client.conf r,
+ /etc/libnl*/classid r,
@{HOME}/.pulse-cookie rwk,
owner /root/.pulse-cookie rwk,
owner /root/.pulse/ rw,
Index: libvirt-6.0.0/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
===================================================================
--- libvirt-6.0.0.orig/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
+++ libvirt-6.0.0/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
@@ -20,7 +20,7 @@ profile virt-aa-helper /usr/{lib,lib64}/
# Used when internally running another command (namely apparmor_parser)
@{PROC}/@{pid}/fd/ r,
- /etc/libnl-3/classid r,
+ /etc/libnl*/classid r,
# for gl enabled graphics
/dev/dri/{,*} r,
++++++ suse-bump-xen-version.patch ++++++
Bump minimum supported Xen version to 4.9
There were no changes to the libxl API between 4.8 and 4.9, so
the LIBXL_API_VERSION is set to 0x040800.
Note: xen.git commit c3999835df is needed in any Xen package where
this patch is expected to work. It is included in Xen 4.13, but would
need backporting to anything older. The dependency on xen.git commit
c3999835df makes it hard to upstream this patch.
See bsc#1157490 and bsc#1167007 for more details
Index: libvirt-6.0.0/m4/virt-driver-libxl.m4
===================================================================
--- libvirt-6.0.0.orig/m4/virt-driver-libxl.m4
+++ libvirt-6.0.0/m4/virt-driver-libxl.m4
@@ -26,11 +26,11 @@ AC_DEFUN([LIBVIRT_DRIVER_CHECK_LIBXL], [
LIBXL_CFLAGS=""
LIBXL_FIRMWARE_DIR=""
LIBXL_EXECBIN_DIR=""
- LIBXL_API_VERSION="-DLIBXL_API_VERSION=0x040500"
+ LIBXL_API_VERSION="-DLIBXL_API_VERSION=0x040800"
dnl search for libxl, aka libxenlight
old_with_libxl="$with_libxl"
- LIBVIRT_CHECK_PKG([LIBXL], [xenlight], [4.6.0], [true])
+ LIBVIRT_CHECK_PKG([LIBXL], [xenlight], [4.9.0], [true])
if test "x$with_libxl" = "xyes" ; then
LIBXL_FIRMWARE_DIR=$($PKG_CONFIG --variable xenfirmwaredir xenlight)
LIBXL_EXECBIN_DIR=$($PKG_CONFIG --variable libexec_bin xenlight)
Index: libvirt-6.0.0/src/libxl/libxl_conf.c
===================================================================
--- libvirt-6.0.0.orig/src/libxl/libxl_conf.c
+++ libvirt-6.0.0/src/libxl/libxl_conf.c
@@ -1769,7 +1769,7 @@ libxlDriverConfigNew(void)
{
libxlDriverConfigPtr cfg;
char ebuf[1024];
- unsigned int free_mem;
+ uint64_t free_mem;
if (libxlConfigInitialize() < 0)
return NULL;
Index: libvirt-6.0.0/src/libxl/libxl_domain.c
===================================================================
--- libvirt-6.0.0.orig/src/libxl/libxl_domain.c
+++ libvirt-6.0.0/src/libxl/libxl_domain.c
@@ -1009,8 +1009,8 @@ libxlDomainSetVcpuAffinities(libxlDriver
static int
libxlDomainFreeMem(libxl_ctx *ctx, libxl_domain_config *d_config)
{
- uint32_t needed_mem;
- uint32_t free_mem;
+ uint64_t needed_mem;
+ uint64_t free_mem;
int32_t target_mem;
int tries = 3;
int wait_secs = 10;
@@ -1404,7 +1404,7 @@ libxlDomainStart(libxlDriverPrivatePtr d
params.stream_version = restore_ver;
#endif
ret = libxl_domain_create_restore(cfg->ctx, &d_config, &domid,
- restore_fd, ¶ms, NULL,
+ restore_fd, -1, ¶ms, NULL,
&aop_console_how);
libxl_domain_restore_params_dispose(¶ms);
}
Index: libvirt-6.0.0/tests/libxlmock.c
===================================================================
--- libvirt-6.0.0.orig/tests/libxlmock.c
+++ libvirt-6.0.0/tests/libxlmock.c
@@ -66,7 +66,7 @@ VIR_MOCK_IMPL_RET_ARGS(libxl_get_version
VIR_MOCK_STUB_RET_ARGS(libxl_get_free_memory,
int, 0,
libxl_ctx *, ctx,
- uint32_t *, memkb);
+ uint64_t *, memkb);
VIR_MOCK_STUB_RET_ARGS(xc_interface_close,
int, 0,
++++++ suse-libvirt-guests-service.patch ++++++
Adjust libvirt-guests service to conform to SUSE standards
Index: libvirt-6.0.0/tools/libvirt-guests.sh.in
===================================================================
--- libvirt-6.0.0.orig/tools/libvirt-guests.sh.in
+++ libvirt-6.0.0/tools/libvirt-guests.sh.in
@@ -16,14 +16,13 @@
# License along with this library. If not, see
# <http://www.gnu.org/licenses/>.
+. /etc/rc.status
+rc_reset
+
sysconfdir="@sysconfdir@"
localstatedir="@localstatedir@"
libvirtd="@sbindir@"/libvirtd
-# Source function library.
-test ! -r "$sysconfdir"/rc.d/init.d/functions ||
- . "$sysconfdir"/rc.d/init.d/functions
-
# Source gettext library.
# Make sure this file is recognized as having translations: _("dummy")
. "@bindir@"/gettext.sh
@@ -43,9 +42,11 @@ test -f "$sysconfdir"/sysconfig/libvirt-
. "$sysconfdir"/sysconfig/libvirt-guests
LISTFILE="$localstatedir"/lib/libvirt/libvirt-guests
-VAR_SUBSYS_LIBVIRT_GUESTS="$localstatedir"/lock/subsys/libvirt-guests
-
-RETVAL=0
+if [ -d "$localstatedir"/lock/subsys ]; then
+ VAR_SUBSYS_LIBVIRT_GUESTS="$localstatedir"/lock/subsys/libvirt-guests
+else
+ VAR_SUBSYS_LIBVIRT_GUESTS="$localstatedir"/lock/libvirt-guests
+fi
# retval COMMAND ARGUMENTS...
# run command with arguments and convert non-zero return value to 1 and set
@@ -53,7 +54,7 @@ RETVAL=0
retval() {
"$@"
if [ $? -ne 0 ]; then
- RETVAL=1
+ rc_failed 1
return 1
else
return 0
@@ -82,6 +83,26 @@ run_virsh_c() {
( export LC_ALL=C; run_virsh "$@" )
}
+await_daemon_up()
+{
+ uri=$1
+ i=1
+ rets=10
+ run_virsh $uri list > /dev/null 2>&1
+ while test $? -ne 0 && test $i -lt $rets; do
+ sleep 1
+ echo -n .
+ i=$(($i + 1))
+ run_virsh $uri list > /dev/null 2>&1
+ done
+ if [ $i -eq $rets ]; then
+ eval_gettext "libvirt-guests unable to connect to URI: $uri"
+ echo
+ return 1
+ fi
+ return 0
+}
+
# test_connect URI
# check if URI is reachable
test_connect()
@@ -108,7 +129,7 @@ list_guests() {
list=$(run_virsh_c "$uri" list --uuid $persistent)
if [ $? -ne 0 ]; then
- RETVAL=1
+ rc_failed 1
return 1
fi
@@ -134,7 +155,7 @@ guest_is_on() {
guest_running=false
id=$(run_virsh "$uri" domid "$uuid")
if [ $? -ne 0 ]; then
- RETVAL=1
+ rc_failed 1
return 1
fi
@@ -184,6 +205,13 @@ start() {
test_connect "$uri" || continue
+ await_daemon_up $uri
+ if [ $? -ne 0 ]; then
+ eval_gettext "Ignoring guests on $uri URI, can't connect"
+ echo
+ continue
+ fi
+
eval_gettext "Resuming guests on \$uri URI..."; echo
for guest in $list; do
name=$(guest_name "$uri" "$guest")
@@ -405,7 +433,7 @@ shutdown_guests_parallel()
timeout=$(($timeout - 1))
if [ $timeout -le 0 ]; then
eval_gettext "Timeout expired while shutting down domains"; echo
- RETVAL=1
+ rc_failed 1
return
fi
else
@@ -434,7 +462,7 @@ stop() {
if [ $SHUTDOWN_TIMEOUT -lt 0 ]; then
gettext "SHUTDOWN_TIMEOUT must be equal or greater than 0"
echo
- RETVAL=6
+ rc_failed 6
return
fi
fi
@@ -482,14 +510,14 @@ stop() {
if [ $? -ne 0 ]; then
eval_gettext "Failed to list persistent guests on \$uri"
echo
- RETVAL=1
+ rc_failed 1
set +f
return
fi
else
gettext "Failed to list transient guests"
echo
- RETVAL=1
+ rc_failed 1
set +f
return
fi
@@ -548,14 +576,13 @@ gueststatus() {
rh_status() {
if [ -f "$LISTFILE" ]; then
gettext "stopped, with saved guests"; echo
- RETVAL=3
+ rc_failed 3
else
if [ -f "$VAR_SUBSYS_LIBVIRT_GUESTS" ]; then
gettext "started"; echo
- RETVAL=0
else
gettext "stopped, with no saved guests"; echo
- RETVAL=3
+ rc_failed 3
fi
fi
}
@@ -600,4 +627,4 @@ case "$1" in
usage
;;
esac
-exit $RETVAL
+rc_exit
Index: libvirt-6.0.0/tools/libvirt-guests.sysconf
===================================================================
--- libvirt-6.0.0.orig/tools/libvirt-guests.sysconf
+++ libvirt-6.0.0/tools/libvirt-guests.sysconf
@@ -1,19 +1,29 @@
+## Path: System/Virtualization/libvirt-guests
+
+## Type: string
+## Default: default
# URIs to check for running guests
# example: URIS='default xen:///system vbox+tcp://host/system lxc:///system'
-#URIS=default
+URIS=default
+## Type: string
+## Default: start
# action taken on host boot
# - start all guests which were running on shutdown are started on boot
# regardless on their autostart settings
# - ignore libvirt-guests init script won't start any guest on boot, however,
# guests marked as autostart will still be automatically started by
# libvirtd
-#ON_BOOT=start
+ON_BOOT=start
+## Type: integer
+## Default: 0
# Number of seconds to wait between each guest start. Set to 0 to allow
# parallel startup.
-#START_DELAY=0
+START_DELAY=0
+## Type: string
+## Default: suspend
# action taken on host shutdown
# - suspend all running guests are suspended using virsh managedsave
# - shutdown all running guests are asked to shutdown. Please be careful with
@@ -22,14 +32,18 @@
# which just needs a long time to shutdown. When setting
# ON_SHUTDOWN=shutdown, you must also set SHUTDOWN_TIMEOUT to a
# value suitable for your guests.
-#ON_SHUTDOWN=suspend
+ON_SHUTDOWN=suspend
+## Type: integer
+## Default: 0
# Number of guests will be shutdown concurrently, taking effect when
# "ON_SHUTDOWN" is set to "shutdown". If Set to 0, guests will be shutdown one
# after another. Number of guests on shutdown at any time will not exceed number
# set in this variable.
-#PARALLEL_SHUTDOWN=0
+PARALLEL_SHUTDOWN=0
+## Type: integer
+## Default: 300
# Number of seconds we're willing to wait for a guest to shut down. If parallel
# shutdown is enabled, this timeout applies as a timeout for shutting down all
# guests on a single URI defined in the variable URIS. If this is 0, then there
@@ -37,14 +51,18 @@
# request). The default value is 300 seconds (5 minutes).
#SHUTDOWN_TIMEOUT=300
+## Type: integer
+## Default: 0
# If non-zero, try to bypass the file system cache when saving and
# restoring guests, even though this may give slower operation for
# some file systems.
-#BYPASS_CACHE=0
+BYPASS_CACHE=0
+## Type: integer
+## Default: 0
# If non-zero, try to sync guest time on domain resume. Be aware, that
# this requires guest agent with support for time synchronization
# running in the guest. For instance, qemu-ga doesn't support guest time
# synchronization on Windows guests, but Linux ones. By default, this
# functionality is turned off.
-#SYNC_TIME=1
+SYNC_TIME=0
++++++ suse-libvirtd-disable-tls.patch ++++++
Disable TLS by default
On SUSE distros, the default is for libvirtd to listen only on the
Unix Domain Socket. The libvirt client still provides remote access
via a SSH tunnel.
Index: libvirt-6.0.0/src/remote/remote_daemon_config.c
===================================================================
--- libvirt-6.0.0.orig/src/remote/remote_daemon_config.c
+++ libvirt-6.0.0/src/remote/remote_daemon_config.c
@@ -99,7 +99,7 @@ daemonConfigNew(bool privileged G_GNUC_U
#ifdef WITH_IP
# ifdef LIBVIRTD
- data->listen_tls = 1; /* Only honoured if --listen is set */
+ data->listen_tls = 0; /* Only honoured if --listen is set */
# else /* ! LIBVIRTD */
data->listen_tls = 0; /* Always honoured, --listen doesn't exist. */
# endif /* ! LIBVIRTD */
Index: libvirt-6.0.0/src/remote/libvirtd.conf.in
===================================================================
--- libvirt-6.0.0.orig/src/remote/libvirtd.conf.in
+++ libvirt-6.0.0/src/remote/libvirtd.conf.in
@@ -17,8 +17,8 @@
# It is necessary to setup a CA and issue server certificates before
# using this capability.
#
-# This is enabled by default, uncomment this to disable it
-#listen_tls = 0
+# This is disabled by default, uncomment this to enable it
+#listen_tls = 1
# Listen for unencrypted TCP connections on the public TCP/IP port.
# NB, must pass the --listen flag to the @DAEMON_NAME@ process for this to
Index: libvirt-6.0.0/src/remote/test_libvirtd.aug.in
===================================================================
--- libvirt-6.0.0.orig/src/remote/test_libvirtd.aug.in
+++ libvirt-6.0.0/src/remote/test_libvirtd.aug.in
@@ -3,7 +3,7 @@ module Test_@DAEMON_NAME@ =
test @DAEMON_NAME_UC@.lns get conf =
@CUT_ENABLE_IP@
- { "listen_tls" = "0" }
+ { "listen_tls" = "1" }
{ "listen_tcp" = "1" }
{ "tls_port" = "16514" }
{ "tcp_port" = "16509" }
++++++ suse-libvirtd-sysconfig-settings.patch ++++++
Adjust libvirtd sysconfig file to conform to SUSE standards
Index: libvirt-6.0.0/src/remote/libvirtd.sysconf
===================================================================
--- libvirt-6.0.0.orig/src/remote/libvirtd.sysconf
+++ libvirt-6.0.0/src/remote/libvirtd.sysconf
@@ -1,5 +1,9 @@
+## Path: System/Virtualization/libvirt
# Customizations for the libvirtd.service systemd unit
+## Type: string
+## Default: "--timeout 120"
+# Arguments to pass to libvirtd. Not required if using systemd socket activation.
# Default behaviour is for libvirtd.service to start on boot
# so that VM autostart can be performed. We then want it to
# shutdown again if nothing was started and rely on systemd
@@ -11,9 +15,13 @@ LIBVIRTD_ARGS="--timeout 120"
# can be used to listen on TCP/TLS sockets
#LIBVIRTD_ARGS="--listen"
+## Type: string
+## Default: none
# Override Kerberos service keytab for SASL/GSSAPI
#KRB5_KTNAME=/etc/libvirt/krb5.tab
+## Type: string
+## Default: none
# Override the QEMU/SDL default audio driver probing when
# starting virtual machines using SDL graphics
#
++++++ suse-libxl-disable-autoballoon.patch ++++++
libxl: disable autoballooning
Xen 4.12 introduced a CONFIG_DOM0_MEM option, which our xen package uses
to configure dom0 with a sensible initial memory value and disables
autoballooning. This patch changes libvirt to also disable autoballooning
by default. It can only be enabled with the 'autoballoon' setting in
libxl.conf. See jsc#SLE-3059 for more details.
Index: libvirt-6.0.0/src/libxl/libxl.conf
===================================================================
--- libvirt-6.0.0.orig/src/libxl/libxl.conf
+++ libvirt-6.0.0/src/libxl/libxl.conf
@@ -4,12 +4,11 @@
# Enable autoballooning of domain0
#
-# By default, autoballooning of domain0 is enabled unless its memory
-# is already limited with Xen's "dom0_mem=" parameter, in which case
-# autoballooning is disabled. Override the default behavior with the
-# autoballoon setting.
+# By default, autoballooning of domain0 is disabled. Traditionally it
+# could also be disabled by using Xen's "dom0_mem=" parameter. Set to
+# 1 to enable autoballooning.
#
-#autoballoon = 1
+#autoballoon = 0
# In order to prevent accidentally starting two domains that
Index: libvirt-6.0.0/src/libxl/libxl_conf.c
===================================================================
--- libvirt-6.0.0.orig/src/libxl/libxl_conf.c
+++ libvirt-6.0.0/src/libxl/libxl_conf.c
@@ -1745,15 +1745,12 @@ libxlMakeBuildInfoVfb(virPortAllocatorRa
/*
* Get domain0 autoballoon configuration. Honor user-specified
* setting in libxl.conf first. If not specified, autoballooning
- * is disabled when domain0's memory is set with 'dom0_mem'.
- * Otherwise autoballooning is enabled.
+ * is disabled.
*/
static int
libxlGetAutoballoonConf(libxlDriverConfigPtr cfg,
virConfPtr conf)
{
- g_autoptr(GRegex) regex = NULL;
- g_autoptr(GError) err = NULL;
int res;
res = virConfGetValueBool(conf, "autoballoon", &cfg->autoballoon);
@@ -1762,15 +1759,8 @@ libxlGetAutoballoonConf(libxlDriverConfi
else if (res == 1)
return 0;
- regex = g_regex_new("(^| )dom0_mem=((|min:|max:)[0-9]+[bBkKmMgG]?,?)+($| )",
- 0, 0, &err);
- if (!regex) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("Failed to compile regex %s"), err->message);
- return -1;
- }
-
- cfg->autoballoon = !g_regex_match(regex, cfg->verInfo->commandline, 0, NULL);
+ /* make it explicit */
+ cfg->autoballoon = 0;
return 0;
}
Index: libvirt-6.0.0/src/libxl/test_libvirtd_libxl.aug.in
===================================================================
--- libvirt-6.0.0.orig/src/libxl/test_libvirtd_libxl.aug.in
+++ libvirt-6.0.0/src/libxl/test_libvirtd_libxl.aug.in
@@ -2,7 +2,7 @@ module Test_libvirtd_libxl =
@CONFIG@
test Libvirtd_libxl.lns get conf =
-{ "autoballoon" = "1" }
+{ "autoballoon" = "0" }
{ "lock_manager" = "lockd" }
{ "keepalive_interval" = "5" }
{ "keepalive_count" = "5" }
++++++ suse-ovmf-paths.patch ++++++
Adjust paths of OVMF firmwares on SUSE distros
Index: libvirt-6.0.0/src/qemu/qemu.conf
===================================================================
--- libvirt-6.0.0.orig/src/qemu/qemu.conf
+++ libvirt-6.0.0/src/qemu/qemu.conf
@@ -788,10 +788,9 @@
# for x86_64 and i686, but it's AAVMF for aarch64. The libvirt default
# follows this scheme.
#nvram = [
-# "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd",
-# "/usr/share/OVMF/OVMF_CODE.secboot.fd:/usr/share/OVMF/OVMF_VARS.fd",
-# "/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd",
-# "/usr/share/AAVMF/AAVMF32_CODE.fd:/usr/share/AAVMF/AAVMF32_VARS.fd"
+# "/usr/share/qemu/ovmf-x86_64-ms-4m-code.bin:/usr/share/qemu/ovmf-x86_64-ms-4m-vars.bin",
+# "/usr/share/qemu/ovmf-x86_64-ms-code.bin:/usr/share/qemu/ovmf-x86_64-ms-vars.bin",
+# "/usr/share/qemu/aavmf-aarch64-code.bin:/usr/share/qemu/aavmf-aarch64-vars.bin"
#]
# The backend to use for handling stdout/stderr output from
Index: libvirt-6.0.0/src/qemu/qemu_conf.c
===================================================================
--- libvirt-6.0.0.orig/src/qemu/qemu_conf.c
+++ libvirt-6.0.0/src/qemu/qemu_conf.c
@@ -97,10 +97,9 @@ qemuDriverUnlock(virQEMUDriverPtr driver
#ifndef DEFAULT_LOADER_NVRAM
# define DEFAULT_LOADER_NVRAM \
- "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd:" \
- "/usr/share/OVMF/OVMF_CODE.secboot.fd:/usr/share/OVMF/OVMF_VARS.fd:" \
- "/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd:" \
- "/usr/share/AAVMF/AAVMF32_CODE.fd:/usr/share/AAVMF/AAVMF32_VARS.fd"
+ "/usr/share/qemu/ovmf-x86_64-ms-4m-code.bin:/usr/share/qemu/ovmf-x86_64-ms-4m-vars.bin:" \
+ "/usr/share/qemu/ovmf-x86_64-ms-code.bin:/usr/share/qemu/ovmf-x86_64-ms-vars.bin:" \
+ "/usr/share/qemu/aavmf-aarch64-code.bin:/usr/share/qemu/aavmf-aarch64-vars.bin"
#endif
Index: libvirt-6.0.0/src/security/virt-aa-helper.c
===================================================================
--- libvirt-6.0.0.orig/src/security/virt-aa-helper.c
+++ libvirt-6.0.0/src/security/virt-aa-helper.c
@@ -489,7 +489,8 @@ valid_path(const char *path, const bool
"/usr/share/ovmf/", /* for OVMF images */
"/usr/share/AAVMF/", /* for AAVMF images */
"/usr/share/qemu-efi/", /* for AAVMF images */
- "/usr/share/qemu-efi-aarch64/" /* for AAVMF images */
+ "/usr/share/qemu-efi-aarch64/", /* for AAVMF images */
+ "/usr/share/qemu/" /* SUSE path for OVMF and AAVMF images */
};
/* override the above with these */
const char * const override[] = {
Index: libvirt-6.0.0/src/qemu/test_libvirtd_qemu.aug.in
===================================================================
--- libvirt-6.0.0.orig/src/qemu/test_libvirtd_qemu.aug.in
+++ libvirt-6.0.0/src/qemu/test_libvirtd_qemu.aug.in
@@ -91,10 +91,9 @@ module Test_libvirtd_qemu =
{ "migration_port_max" = "49215" }
{ "log_timestamp" = "0" }
{ "nvram"
- { "1" = "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd" }
- { "2" = "/usr/share/OVMF/OVMF_CODE.secboot.fd:/usr/share/OVMF/OVMF_VARS.fd" }
- { "3" = "/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd" }
- { "4" = "/usr/share/AAVMF/AAVMF32_CODE.fd:/usr/share/AAVMF/AAVMF32_VARS.fd" }
+ { "1" = "/usr/share/qemu/ovmf-x86_64-ms-4m-code.bin:/usr/share/qemu/ovmf-x86_64-ms-4m-vars.bin" }
+ { "2" = "/usr/share/qemu/ovmf-x86_64-ms-code.bin:/usr/share/qemu/ovmf-x86_64-ms-vars.bin" }
+ { "3" = "/usr/share/qemu/aavmf-aarch64-code.bin:/usr/share/qemu/aavmf-aarch64-vars.bin" }
}
{ "stdio_handler" = "logd" }
{ "gluster_debug_level" = "9" }
++++++ suse-qemu-conf.patch ++++++
SUSE adjustments to qemu.conf
This patch contains SUSE-specific adjustments to the upstream
qemu.conf configuration file. In the future, it might make
sense to separate these changes into individual patches (e.g.
suse-qemu-conf-secdriver.patch, suse-qemu-conf-lockmgr.patch,
etc.), but for now they are all lumped together in this
single patch.
Index: libvirt-6.0.0/src/qemu/qemu.conf
===================================================================
--- libvirt-6.0.0.orig/src/qemu/qemu.conf
+++ libvirt-6.0.0/src/qemu/qemu.conf
@@ -420,10 +420,19 @@
# isolation, but it cannot appear in a list of drivers.
#
#security_driver = "selinux"
+#security_driver = "apparmor"
# If set to non-zero, then the default security labeling
# will make guests confined. If set to zero, then guests
-# will be unconfined by default. Defaults to 1.
+# will be unconfined by default. Defaults to 0.
+#
+# SUSE Note:
+# Currently, Apparmor is the default security framework in SUSE
+# distros. If Apparmor is enabled on the host, libvirtd is
+# generously confined but users must opt-in to confine qemu
+# instances. Change this to a non-zero value to enable default
+# Apparmor confinement of qemu instances.
+#
#security_default_confined = 1
# If set to non-zero, then attempts to create unconfined
@@ -659,11 +668,22 @@
#relaxed_acs_check = 1
-# In order to prevent accidentally starting two domains that
-# share one writable disk, libvirt offers two approaches for
-# locking files. The first one is sanlock, the other one,
-# virtlockd, is then our own implementation. Accepted values
-# are "sanlock" and "lockd".
+# SUSE note:
+# Two lock managers are supported: lockd and sanlock. lockd, which
+# is provided by the virtlockd service, uses advisory locks (flock(2))
+# to protect virtual machine disks. sanlock uses the notion of leases
+# to protect virtual machine disks and is more appropriate in a SAN
+# environment.
+#
+# For most deployments that require virtual machine disk protection,
+# lockd is recommended since it is easy to configure and the virtlockd
+# service can be restarted without terminating any running virtual
+# machines. sanlock, which may be preferred in some SAN environments,
+# has the disadvantage of not being able to be restarted without
+# first terminating all virtual machines for which it holds leases.
+#
+# Specify lockd or sanlock to enable protection of virtual machine disk
+# content.
#
#lock_manager = "lockd"
Index: libvirt-6.0.0/src/qemu/qemu_conf.c
===================================================================
--- libvirt-6.0.0.orig/src/qemu/qemu_conf.c
+++ libvirt-6.0.0/src/qemu/qemu_conf.c
@@ -229,7 +229,7 @@ virQEMUDriverConfigPtr virQEMUDriverConf
cfg->prHelperName = g_strdup(QEMU_PR_HELPER);
cfg->slirpHelperName = g_strdup(QEMU_SLIRP_HELPER);
- cfg->securityDefaultConfined = true;
+ cfg->securityDefaultConfined = false;
cfg->securityRequireConfined = false;
cfg->keepAliveInterval = 5;
Index: libvirt-6.0.0/src/qemu/test_libvirtd_qemu.aug.in
===================================================================
--- libvirt-6.0.0.orig/src/qemu/test_libvirtd_qemu.aug.in
+++ libvirt-6.0.0/src/qemu/test_libvirtd_qemu.aug.in
@@ -39,6 +39,7 @@ module Test_libvirtd_qemu =
{ "remote_websocket_port_min" = "5700" }
{ "remote_websocket_port_max" = "65535" }
{ "security_driver" = "selinux" }
+{ "security_driver" = "apparmor" }
{ "security_default_confined" = "1" }
{ "security_require_confined" = "1" }
{ "user" = "root" }
++++++ suse-qemu-domain-hook.py ++++++
#!/usr/bin/python3
# libvirt hook script for QEMU/KVM domains. See the libvirt hooks
# documenation for more details
#
# https://www.libvirt.org/hooks.html
#
# Currently this hook looks for domains with <metadata> containing
# configuration for dmmd <disk> devices. All <metadata> sub-elements
# must have a matching <disk> under <devices>. Those without a matching
# <disk> will be ignored.
#
# The dmmd device syntax is similar to Xen's block-dmmd. E.g.
# md;/dev/md0(/etc/mdadm/mdadm.conf);lvm;/dev/vg/lv
#
# Device pairs (type;dev) are processed in order. The last device
# should match a <source dev=> attribute of a <disk>. The following
# configuration illustrates a domain with two dmmd devices
#
# <domain>
# ...
# <metadata>
# <hook:dmmd xmlns:hook='https://libvirt.org/schemas/domain/hooks/1.0'>
# <disk>md;/dev/md0(/etc/mdadm.conf);lvm;/dev/vg1/lv1</disk>
# <disk>md;/dev/md1(/etc/mdadm.conf);lvm;/dev/vg1/lv2</disk>
# </hook:dmmd>
# </metadata>
# <devices>
# ...
# <disk type='block' device='disk'>
# <driver name='qemu' type='raw'/>
# <source dev='/dev/vg1/lv1'/>
# <target dev='vdb' bus='virtio'/>
# </disk>
# <disk type='block' device='disk'>
# <driver name='qemu' type='raw'/>
# <source dev='/dev/vg1/lv2'/>
# <target dev='vdc' bus='virtio'/>
# </disk>
# </devices>
# </domain>
#
#
# md devices can optionally:
# specify a config file through:
# md;/dev/md100(/var/opt/config/mdadm.conf)
# use an array name (mdadm -N option):
# md;My-MD-name;lvm;/dev/vg1/lv1
import os
import sys
import time
import subprocess
from lxml import etree
from subprocess import check_output
from subprocess import CalledProcessError
COMMAND_TIMEOUT = 60
MDADM_BIN = "/sbin/mdadm"
PVSCAN_BIN = "/sbin/pvscan"
LVCHANGE_BIN = "/sbin/lvchange"
HOOK_NAMESPACE = "https://libvirt.org/schemas/domain/hooks/1.0"
HOOK_NS_TAG = "{%s}" % HOOK_NAMESPACE
DEBUG = False
def write_debug(msg):
if DEBUG:
with open("/var/log/libvirt/qemu/suse-qemu-hook-output.log", "a") as f:
f.write(msg + "\n")
def run_cmd(cmd):
cmd_output = ""
rc = 0
msg = ""
for m in cmd:
msg += m + " "
write_debug("run_cmd executing: " + msg)
try:
cmd_output = check_output(cmd, stderr=subprocess.STDOUT)
except CalledProcessError as err:
write_debug("run_cmd: caught CalledProcessError with output: " + err.output)
rc = err.returncode
if rc != 0:
write_debug("run_cmd failed: " + msg)
return [rc, cmd_output]
def prepare_md(dev):
conf = []
mdadmopts = []
devpath = ""
startcfg = dev.find("(")
# check if MD config specifies a conf file for mdadm
if startcfg != -1:
endcfg = dev.find(")")
conf = ["-c"]
conf.append(dev[startcfg + 1:endcfg])
dev = dev[:startcfg]
# check if MD config contains a device or array name
if not dev.startswith("/"):
mdadmopts = ["-s"]
mdadmopts.append("-N")
devpath = "/dev/md/" + dev
else:
devpath = dev
# check if MD device is already active
cmd = [MDADM_BIN, "-Q"]
cmd.append(devpath)
write_debug("prepare_md: calling mdadm -Q for device " + devpath)
ret, cmd_output = run_cmd(cmd)
if ret == 0:
write_debug("prepare_md: mdadm -Q succeeded for device " + devpath + ". Already activated")
return 0
cmd = [MDADM_BIN, "-A"]
cmd.extend(mdadmopts)
cmd.extend(conf)
cmd.append(devpath)
write_debug("prepare_md: calling mdadm -A for device " + devpath)
ret, cmd_output = run_cmd(cmd)
if ret != 0:
write_debug("prepare_md: mdadm -A failed for device " + devpath)
else:
write_debug("prepare_md: mdadm -A succeeded for device " + devpath)
return ret
def release_md(dev):
conf = []
devpath = ""
startcfg = dev.find("(")
if startcfg != -1:
endcfg = dev.find(")")
conf = ["-c"]
conf.append(dev[startcfg + 1:endcfg])
dev = dev[:startcfg]
# check if MD config contains a device or array name. For
# querying and deactivating a device name is required
if not dev.startswith("/"):
devpath = "/dev/md/" + dev
else:
devpath = dev
# check if device exists
cmd = [MDADM_BIN, "-Q"]
cmd.extend(conf)
cmd.append(devpath)
write_debug("release_md: calling mdadm -Q for device " + devpath)
ret, cmd_output = run_cmd(cmd)
if ret != 0:
write_debug("release_md: mdadm -Q failed for device " + devpath + ". Already deactivated")
return 0
cmd = [MDADM_BIN, "-S"]
cmd.extend(conf)
cmd.append(devpath)
write_debug("release_md: calling mdadm -S for device " + devpath)
ret, cmd_output = run_cmd(cmd)
if ret == 0:
write_debug("release_md: mdadm -S succeeded for device " + devpath)
else:
write_debug("release_md: mdadm -S failed for device " + devpath)
return ret
def prepare_lvm(dev):
cmd = [LVCHANGE_BIN]
cmd.append("-aey")
cmd.append(dev)
endtime = time.time() + COMMAND_TIMEOUT;
while time.time() < endtime:
# When using MD devices for LVM PV, it is best to rescan for PV and VG
run_cmd([PVSCAN_BIN])
ret, cmd_output = run_cmd(cmd)
if ret == 0 and os.path.exists(dev):
write_debug("prepare_lvm: lvchange -aey succeeded on device " + dev)
return 0
else:
write_debug("prepare_lvm: lvchange -aey failed on device " + dev)
time.sleep(0.1)
write_debug("prepare_lvm: lvchange -aey never succeeded for device " + dev)
return 1
def release_lvm(dev):
# Nothing to do if the device doesn't exist or is already deactivated
if not os.path.exists(dev):
write_debug("release_lvm: dev " + dev + " does not exist. Nothing to do!")
return 0
cmd = [LVCHANGE_BIN]
cmd.append("-aen")
cmd.append(dev)
endtime = time.time() + COMMAND_TIMEOUT;
while time.time() < endtime:
ret, cmd_output = run_cmd(cmd)
if ret == 0:
write_debug("release_lvm: lvchange -aen succeeded for device " + dev)
return 0
else:
write_debug("release_lvm: lvchange -aen failed for device " + dev + ". Trying again...")
time.sleep(0.1)
write_debug("release_lvm: lvchange -aen never succeeded for device " + dev)
return 1
def prepare_config(params):
write_debug("prepare_config: called with params " + params)
conf = params.split(";")
i = 0
while i < len(conf):
t = conf[i]
d = conf[i+1]
write_debug("prepare_config: got t = " + t + " and d = " + d)
if t == "md":
if prepare_md(d):
write_debug("prepare_config: failed to prepare MD device " + d)
return 1
if t == "lvm":
if prepare_lvm(d):
write_debug("prepare_config: failed to prepare LVM device " + d)
return 1
i += 2
return 0
def release_config(params):
write_debug("release_config: called with params " + params)
conf = params.split(";")
i = len(conf) - 1
ret = 0
# work backwards through the list when releasing, cleaning
# up LVM first, then MD
while i >= 0:
t = conf[i-1]
d = conf[i]
write_debug("release_config: got t = " + t + " and d = " + d)
if t == "md":
if release_md(d):
write_debug("release_config: failed to release MD device " + d)
ret = 1
if t == "lvm":
if release_lvm(d):
write_debug("release_config: failed to release LVM device " + d)
ret = 1
i -= 2
return ret
if len(sys.argv) < 3:
sys.exit(1)
exit_code = 0
disk_devs = []
phase = sys.argv[2]
vmxml = sys.stdin.read()
tree = etree.fromstring(vmxml.encode("utf-8", "ignore"))
devs = tree.xpath("/domain/devices/disk")
dmmd_configs = tree.xpath("/domain/metadata/hook:dmmd/disk", namespaces={'hook': HOOK_NAMESPACE})
if len(dmmd_configs) == 0:
write_debug("No dmmd configurations found in <metadata>")
sys.exit(0)
write_debug("got phase: " + phase)
# build a list of <disk type='block'> source device names to check against
# dmmd configurations
for d in devs:
val = d.get("type")
if val is None or val != "block":
continue
for child in d:
if child.tag == "source":
disk_devs.append(child.get("dev"))
# For each dmmd configuration in <metadata>, check there is a corresponding
# disk
for config in dmmd_configs:
# check that a disk exists for this config. <disk> devices may have
# been added or removed without a corresponding update to <metadata>
index = config.text.rfind(";")
if index == -1:
continue
disk = config.text[index + 1:]
# remove config file specfied with '(/path/to/conf)'
if disk.endswith(")"):
index = disk.rfind("(")
if index == -1:
continue
disk = disk[:index]
if disk not in disk_devs:
write_debug("Ignoring config '" + config.text + "' with no matching <disk> device")
continue
# TODO: check that migration can be handled by the 'prepare' phase on
# destination and 'release' phase on source
if phase == "prepare":
exit_code = prepare_config(config.text)
if phase == "release":
exit_code = release_config(config.text)
sys.exit(exit_code)
++++++ suse-virtlockd-sysconfig-settings.patch ++++++
Adjust virtlockd sysconfig file to conform to SUSE standards
Index: libvirt-6.0.0/src/locking/virtlockd.sysconf
===================================================================
--- libvirt-6.0.0.orig/src/locking/virtlockd.sysconf
+++ libvirt-6.0.0/src/locking/virtlockd.sysconf
@@ -1,3 +1,7 @@
+## Path: System/Virtualization/virtlockd
+
+## Type: string
+## Default: ""
#
# Pass extra arguments to virtlockd
#VIRTLOCKD_ARGS=
++++++ suse-virtlogd-sysconfig-settings.patch ++++++
Adjust virtlogd sysconfig file to conform to SUSE standards
Index: libvirt-6.0.0/src/logging/virtlogd.sysconf
===================================================================
--- libvirt-6.0.0.orig/src/logging/virtlogd.sysconf
+++ libvirt-6.0.0/src/logging/virtlogd.sysconf
@@ -1,3 +1,7 @@
+## Path: System/Virtualization/virtlogd
+
+## Type: string
+## Default: ""
#
# Pass extra arguments to virtlogd
#VIRTLOGD_ARGS=
++++++ suse-xen-ovmf-loaders.patch ++++++
libxl: Temporarily hardcode paths to ovmf firmwares
This is a quick, hacky fix for bsc#1159793 until there is time to work on
upstream support for firmware autoselection in the xen driver. Sadly, the
upstream efforts to improve firmware handling in the qemu driver broke
the firmware handling in the xen driver.
Index: libvirt-6.0.0/src/libxl/libxl_conf.c
===================================================================
--- libvirt-6.0.0.orig/src/libxl/libxl_conf.c
+++ libvirt-6.0.0/src/libxl/libxl_conf.c
@@ -1822,6 +1822,15 @@ libxlDriverConfigNew(void)
goto error;
}
+ /* Begin hack ---
+ * bsc#1159793: Until there is time to work on proper upstream support for
+ * firmware autoselection in the xen driver we'll go with this minimal fix.
+ */
+#define DEFAULT_LOADER_NVRAM "/usr/share/qemu/ovmf-x86_64-ms-4m.bin:/usr/share/qemu/ovmf-x86_64-ms-4m-vars.bin:/usr/share/qemu/ovmf-x86_64-ms.bin:/usr/share/qemu/ovmf-x86_64-ms-vars.bin"
+ /*
+ * --- End hack
+ */
+
#ifdef DEFAULT_LOADER_NVRAM
if (virFirmwareParseList(DEFAULT_LOADER_NVRAM,
&cfg->firmwares,
++++++ virt-create-rootfs.patch ++++++
Index: libvirt-6.0.0/tools/Makefile.am
===================================================================
--- libvirt-6.0.0.orig/tools/Makefile.am
+++ libvirt-6.0.0/tools/Makefile.am
@@ -71,7 +71,7 @@ MAINTAINERCLEANFILES =
confdir = $(sysconfdir)/libvirt
conf_DATA =
-bin_SCRIPTS = virt-xml-validate virt-pki-validate
+bin_SCRIPTS = virt-xml-validate virt-pki-validate virt-create-rootfs
bin_PROGRAMS = virsh virt-admin
libexec_SCRIPTS = libvirt-guests.sh
Index: libvirt-6.0.0/tools/virt-create-rootfs
===================================================================
--- /dev/null
+++ libvirt-6.0.0/tools/virt-create-rootfs
@@ -0,0 +1,231 @@
+#!/bin/sh
+set -e
+
+function fail
+{
+ echo $1
+ exit 1
+}
+
+function print_help
+{
+cat << EOF
+virt-create-rootfs --root /path/to/rootfs [ARGS]
+
+Create a new root file system to use for distribution containers.
+
+ARGUMENTS
+
+ -h, --help print this help and exit
+ -r, --root path where to create the root FS
+ -d, --distro distribution to install
+ -a, --arch target architecture
+ -u, --url URL of the registration server
+ -c, --regcode registration code for the product
+ --dry-run don't actually run it
+EOF
+}
+
+ARCH=$(uname -i)
+ROOT=
+DISTRO=
+URL=
+REG_CODE=
+DRY_RUN=
+
+while test $# -gt 0
+do
+ case $1 in
+
+ -h | --help)
+ # usage and help
+ print_help
+ ;;
+
+ -r | --root)
+ if test $# -lt 2; then
+ fail "$1 needs a value"
+ fi
+ ROOT="$2"
+ shift
+ ;;
+
+ -a | --arch)
+ if test $# -lt 2; then
+ fail "$1 needs a value"
+ fi
+ case "$2" in
+ i586 | x86_64)
+ ARCH=$2
+ shift
+ ;;
+ *)
+ fail "$1 valid values are 'i586', 'x86_64'"
+ esac
+ # Sanity checks for the arch
+ HOST_ARCH=$(uname -i)
+ case "$HOST_ARCH" in
+ i?86)
+ if test $ARCH = "x86_64"; then
+ fail "Host won't run x86_64 container"
+ fi
+ ;;
+ esac
+ ;;
+
+ -u | --url)
+ if test $# -lt 2; then
+ fail "$1 needs a value"
+ fi
+ URL="$2"
+ shift
+ ;;
+
+ -d | --distro)
+ if test $# -lt 2; then
+ fail "$1 needs a value"
+ fi
+ case "$2" in
+ SLED-* | SLES-* | openSUSE-*)
+ DISTRO=$2
+ shift
+ ;;
+ *)
+ fail "$1 valid values are 'SLED-*', 'SLES-*', 'openSUSE-*'"
+ esac
+ ;;
+
+ -c | --regcode)
+ if test $# -lt 2; then
+ fail "$1 needs a value"
+ fi
+ REG_CODE=$2
+ shift
+ ;;
+
+ --dry-run)
+ DRY_RUN="yes"
+ ;;
+
+ *)
+ fail "Unknown option: $1"
+ ;;
+ esac
+
+ shift
+done
+
+if test -z "$ROOT"; then
+ fail "--root argument need to be provided"
+fi
+
+RUN=
+if test "$DRY_RUN" = "yes"; then
+ RUN="echo"
+fi
+
+function call_zypper
+{
+ $RUN zypper --root "$ROOT" $*
+}
+
+function install_sle
+{
+ PRODUCT="$1"
+ TARGET_VERSION="$2"
+
+ case "$TARGET_VERSION" in
+ 12.0)
+ # Transform into zypper internal version scheme
+ TARGET_VERSION="12"
+ ;;
+ 15.0)
+ TARGET_VERSION="15"
+ ;;
+ 12.*|15.*)
+ ;;
+ *)
+ fail "Unhandled SLE version: $TARGET_VERSION"
+ ;;
+ esac
+
+ # Depending on the distro we run, we may have some preliminary things to do
+ . /etc/os-release
+ case "$VERSION_ID" in
+ 15*)
+ # on SLE 15 we need to symlink the two path to the RPM DB or the GPG
+ # key won't be found.
+ mkdir -p "$ROOT/usr/lib/sysimage/rpm"
+ mkdir -p "$ROOT/var/lib"
+ ln -s ../../usr/lib/sysimage/rpm "$ROOT/var/lib"
+ ;;
+ esac
+
+ # First copy the SUSE GPG keys from the host to the new root
+ rpm -qa gpg-pubkey\* --qf "%{name}-%{version}-%{release}: %{summary}\n" | \
+ grep 'gpg(SuSE Package Signing Key <build(a)suse.de>)' | \
+ while read -r line; do
+ key=$(echo $line | cut -d ':' -f 1)
+ tmpkey=$(mktemp)
+ rpm -qi $key | sed -n '/BEGIN/,/END/p' > "$tmpkey"
+ rpm --root "$ROOT" --import "$tmpkey"
+ rm "$tmpkey"
+ done
+
+ # SUSE Connect adds the repositories, and refreshes them,
+ # but requires the GPG key to be already imported
+ CONNECT_ARGS=
+ if test -n "$REG_CODE"; then
+ CONNECT_ARGS="$CONNECT_ARGS -r $REG_CODE"
+ fi
+ if test -n "$URL"; then
+ CONNECT_ARGS="$CONNECT_ARGS --url $URL"
+ fi
+
+ PATTERN=Minimal
+ case "$TARGET_VERSION" in
+ 12*)
+ $RUN SUSEConnect -p "$PRODUCT/$TARGET_VERSION/$ARCH" --root "$ROOT" $CONNECT_ARGS
+ ;;
+ 15*)
+ # Due to SLE 15 modules we need to add the product first, let it fail,
+ # add the basesystem
+ set +e
+ $RUN SUSEConnect -p "$PRODUCT/$TARGET_VERSION/$ARCH" --root "$ROOT" $CONNECT_ARGS
+ set -e
+ $RUN SUSEConnect -p "sle-module-basesystem/$TARGET_VERSION/$ARCH" --root "$ROOT" $CONNECT_ARGS
+ PATTERN=base
+ ;;
+ esac
+
+ # Then we install what we need
+ call_zypper -n in --auto-agree-with-licenses -t pattern $PATTERN
+
+ # Create the baseproduct symlink if missing
+ if ! test -e "$ROOT/etc/products.d/baseproduct"; then
+ ln -s $PRODUCT.prod "$ROOT/etc/products.d/baseproduct"
+ fi
+}
+
+case "$DISTRO" in
+ SLED-*)
+ install_sle "SLED" "${DISTRO:5}"
+ ;;
+ SLED-* | SLES-*)
+ install_sle "SLES" "${DISTRO:5}"
+ ;;
+
+ openSUSE-*)
+ TARGET_VERSION=${DISTRO:9}
+ REPO="http://download.opensuse.org/distribution/$TARGET_VERSION/repo/oss/"
+ UPDATE_REPO="http://download.opensuse.org/update/$TARGET_VERSION/"
+ call_zypper ar "$REPO" "openSUSE"
+ call_zypper ar "$UPDATE_REPO" "openSUSE udpate"
+ call_zypper in --no-recommends -t pattern base
+ ;;
+esac
+
+if test "$DRY_RUN" != "yes"; then
+ echo "pts/0" >> "$ROOT/etc/securetty"
+ chroot "$ROOT" /usr/bin/passwd
+fi
Index: libvirt-6.0.0/docs/Makefile.am
===================================================================
--- libvirt-6.0.0.orig/docs/Makefile.am
+++ libvirt-6.0.0/docs/Makefile.am
@@ -209,6 +209,7 @@ manpages1_rst = \
manpages/virt-xml-validate.rst \
manpages/virt-admin.rst \
manpages/virsh.rst \
+ manpages/virt-create-rootfs.rst \
$(NULL)
manpages7_rst = \
$(KEYCODES:%=manpages/virkeycode-%.rst) \
Index: libvirt-6.0.0/docs/manpages/virt-create-rootfs.rst
===================================================================
--- /dev/null
+++ libvirt-6.0.0/docs/manpages/virt-create-rootfs.rst
@@ -0,0 +1,88 @@
+==================
+virt-create-rootfs
+==================
+
+---------------------------------------------------------
+A tool to create a root file system for distro containers
+---------------------------------------------------------
+
+:Manual section: 1
+:Manual group: Virtualization Support
+
+.. contents::
+
+SYNOPSIS
+========
+
+
+``virt-create-rootfs`` [*OPTION*]
+
+
+DESCRIPTION
+===========
+
+The ``virt-create-rootfs`` program is a shell script setting up a root file
+system for a distribution container.
+
+The basic structure of most virt-create-rootfs usage is:
+
+ ``virt-create-rootfs`` -r /path/to/root -d distro-name
+
+
+OPTIONS
+=======
+
+``-h``, ``--help``
+
+Display command line help usage then exit.
+
+``-r``, ``--root``
+
+Set the path where to create the new root file system.
+
+``-d``, ``--distro``
+
+Set the name of distribution to use for the root file system.
+
+As of now, only SLED-I<XXX>, SLES-I<XXX> and openSUSE-I<XXX> are implemented
+where I<XXX> is the version number. Note that SUSEConnect is required to
+handle SLE distributions.
+
+``-a``, ``--arch``
+
+Set the target architecture of the root file system to either i586 or x86_64.
+
+``-c``, ``--regcode``
+
+Set the registration code for the product to install in the root file system.
+For SLE distributions, use a registration code from SUSE Customer Center.
+
+``-u``, ``--url``
+
+For SLE distributions, set the registration server to use.
+Default: http://scc.suse.com.
+
+``--dry-run``
+
+Don't do anything, just report what would be done.
+
+
+COPYRIGHT
+=========
+
+Copyright (C) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+
+
+LICENSE
+=======
+
+``virt-create-rootfs`` is distributed under the terms of the GNU LGPL v2+.
+This is free software; see the source for copying conditions. There
+is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
+PURPOSE
+
+
+SEE ALSO
+========
+
+virsh(1), `https://libvirt.org/ <https://libvirt.org/>`_
1
0
Hello community,
here is the log from the commit of package 000product for openSUSE:Factory checked in at 2020-10-30 16:06:33
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/000product (Old)
and /work/SRC/openSUSE:Factory/.000product.new.3463 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "000product"
Fri Oct 30 16:06:33 2020 rev:2447 rq: version:unknown
Changes:
--------
New Changes file:
NO CHANGES FILE!!!
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
MicroOS-dvd5-kubic-dvd-x86_64.kiwi: same change
openSUSE-Addon-NonOss-ftp-ftp-i586_x86_64.kiwi: same change
openSUSE-cd-mini-i586.kiwi: same change
openSUSE-cd-mini-x86_64.kiwi: same change
openSUSE-dvd5-dvd-i586.kiwi: same change
openSUSE-dvd5-dvd-x86_64.kiwi: same change
openSUSE-ftp-ftp-i586_x86_64.kiwi: same change
stub.kiwi: same change
++++++ unsorted.yml ++++++
--- /var/tmp/diff_new_pack.N208A6/_old 2020-10-30 16:06:40.308102536 +0100
+++ /var/tmp/diff_new_pack.N208A6/_new 2020-10-30 16:06:40.312102541 +0100
@@ -5260,6 +5260,9 @@
- gimp-save-for-web-lang
- ginac
- ginac-devel
+ - ginac-doc-html
+ - ginac-doc-pdf
+ - ginac-doc-tutorial
- gio-branding-upstream
- gio-sharp
- gio-sharp-devel
@@ -6839,6 +6842,7 @@
- instlux
- instsource-susedata
- int10h-oldschoolpc-fonts
+ - int10h-oldschoolpc-fonts-stretched
- intel-SINIT
- intel-cmt-cat
- intel-hybrid-driver
@@ -10774,7 +10778,7 @@
- libgig9
- libgimp-2_0-0-32bit: [x86_64]
- libgimpui-2_0-0-32bit: [x86_64]
- - libginac6
+ - libginac11
- libgio-fam
- libgio-fam-32bit: [x86_64]
- libgiomm-2_4-1-32bit: [x86_64]
@@ -22451,6 +22455,7 @@
- python3-libvshadow
- python3-libvslvm
- python3-license-expression
+ - python3-ligo-segments
- python3-lilv
- python3-limnoria
- python3-line_profiler
1
0
Hello community,
here is the log from the commit of package 000release-packages for openSUSE:Factory checked in at 2020-10-30 16:06:28
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/000release-packages (Old)
and /work/SRC/openSUSE:Factory/.000release-packages.new.3463 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "000release-packages"
Fri Oct 30 16:06:28 2020 rev:745 rq: version:unknown
Changes:
--------
New Changes file:
NO CHANGES FILE!!!
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
openSUSE-Addon-NonOss-release.spec: same change
openSUSE-release.spec: same change
stub.spec: same change
++++++ weakremovers.inc ++++++
--- /var/tmp/diff_new_pack.tlJOGE/_old 2020-10-30 16:06:33.460092943 +0100
+++ /var/tmp/diff_new_pack.tlJOGE/_new 2020-10-30 16:06:33.464092948 +0100
@@ -10085,6 +10085,7 @@
Provides: weakremover(libggz2-devel)
Provides: weakremover(libgig7)
Provides: weakremover(libgig8)
+Provides: weakremover(libginac6)
Provides: weakremover(libgiomm-2_52-1)
Provides: weakremover(libgiomm-2_56-1)
Provides: weakremover(libgiomm-2_58-1)
1
0
Hello community,
here is the log from the commit of package strawberry for openSUSE:Leap:15.2:Update checked in at 2020-10-30 12:26:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2:Update/strawberry (Old)
and /work/SRC/openSUSE:Leap:15.2:Update/.strawberry.new.3463 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "strawberry"
Fri Oct 30 12:26:05 2020 rev:5 rq:844271 version:unknown
Changes:
--------
New Changes file:
NO CHANGES FILE!!!
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ _link ++++++
--- /var/tmp/diff_new_pack.ARRND4/_old 2020-10-30 12:26:20.423535949 +0100
+++ /var/tmp/diff_new_pack.ARRND4/_new 2020-10-30 12:26:20.427535951 +0100
@@ -1 +1 @@
-<link package='strawberry.14568' cicount='copy' />
+<link package='strawberry.14754' cicount='copy' />
1
0
Hello community,
here is the log from the commit of package netcdf for openSUSE:Leap:15.1:Update checked in at 2020-10-30 12:25:35
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.1:Update/netcdf (Old)
and /work/SRC/openSUSE:Leap:15.1:Update/.netcdf.new.3463 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "netcdf"
Fri Oct 30 12:25:35 2020 rev:3 rq:844270 version:unknown
Changes:
--------
New Changes file:
NO CHANGES FILE!!!
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ _link ++++++
--- /var/tmp/diff_new_pack.hHppFk/_old 2020-10-30 12:25:37.127513470 +0100
+++ /var/tmp/diff_new_pack.hHppFk/_new 2020-10-30 12:25:37.127513470 +0100
@@ -1 +1 @@
-<link package='netcdf.14048' cicount='copy' />
+<link package='netcdf.14751' cicount='copy' />
1
0
Hello community,
here is the log from the commit of package 000product for openSUSE:Factory checked in at 2020-10-30 12:03:01
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/000product (Old)
and /work/SRC/openSUSE:Factory/.000product.new.3463 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "000product"
Fri Oct 30 12:03:01 2020 rev:2446 rq: version:unknown
Changes:
--------
New Changes file:
NO CHANGES FILE!!!
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ MicroOS-dvd5-dvd-x86_64.kiwi ++++++
--- /var/tmp/diff_new_pack.eOAXt7/_old 2020-10-30 12:03:05.090521501 +0100
+++ /var/tmp/diff_new_pack.eOAXt7/_new 2020-10-30 12:03:05.090521501 +0100
@@ -1,4 +1,4 @@
-<image name="OBS__MicroOS___20201029" schemaversion="4.1">
+<image name="OBS__MicroOS___20201030" schemaversion="4.1">
<description type="system">
<author>The SUSE Team</author>
<contact>build(a)opensuse.org</contact>
@@ -35,11 +35,11 @@
<productvar name="SEPARATE_MEDIA">true</productvar>
<productvar name="SHA1OPT">-x -2</productvar>
<productvar name="VENDOR">openSUSE</productvar>
- <productvar name="VERSION">20201029</productvar>
+ <productvar name="VERSION">20201030</productvar>
<productinfo name="CONTENTSTYLE">11</productinfo>
- <productinfo name="DISTRO">cpe:/o:opensuse:microos:20201029,openSUSE MicroOS</productinfo>
+ <productinfo name="DISTRO">cpe:/o:opensuse:microos:20201030,openSUSE MicroOS</productinfo>
<productinfo name="LINGUAS">en_US </productinfo>
- <productinfo name="REPOID">obsproduct://build.opensuse.org/openSUSE:Factory/MicroOS/20201029/x86_64</productinfo>
+ <productinfo name="REPOID">obsproduct://build.opensuse.org/openSUSE:Factory/MicroOS/20201030/x86_64</productinfo>
<productinfo name="VENDOR">openSUSE</productinfo>
<productoption name="INI_DIR">/usr/share/kiwi/modules/plugins/tumbleweed</productoption>
<productoption name="PLUGIN_DIR">/usr/share/kiwi/modules/plugins/tumbleweed</productoption>
MicroOS-dvd5-kubic-dvd-x86_64.kiwi: same change
++++++ openSUSE-Addon-NonOss-ftp-ftp-i586_x86_64.kiwi ++++++
--- /var/tmp/diff_new_pack.eOAXt7/_old 2020-10-30 12:03:05.142521545 +0100
+++ /var/tmp/diff_new_pack.eOAXt7/_new 2020-10-30 12:03:05.142521545 +0100
@@ -1,4 +1,4 @@
-<image name="OBS__openSUSE-Addon-NonOss___20201029" schemaversion="4.1">
+<image name="OBS__openSUSE-Addon-NonOss___20201030" schemaversion="4.1">
<description type="system">
<author>The SUSE Team</author>
<contact>build(a)opensuse.org</contact>
@@ -36,11 +36,11 @@
<productvar name="SEPARATE_MEDIA">true</productvar>
<productvar name="SHA1OPT">-x -2</productvar>
<productvar name="VENDOR">openSUSE</productvar>
- <productvar name="VERSION">20201029</productvar>
+ <productvar name="VERSION">20201030</productvar>
<productinfo name="CONTENTSTYLE">11</productinfo>
- <productinfo name="DISTRO">cpe:/o:opensuse:opensuse-addon-nonoss:20201029,openSUSE NonOSS Addon</productinfo>
+ <productinfo name="DISTRO">cpe:/o:opensuse:opensuse-addon-nonoss:20201030,openSUSE NonOSS Addon</productinfo>
<productinfo name="LINGUAS">af ar be_BY bg br ca cy el et ga gl gu_IN he hi_IN hr ka km ko lt mk nn pa_IN rw sk sl sr_CS ss st tg th tr uk ve vi xh zu </productinfo>
- <productinfo name="REPOID">obsproduct://build.opensuse.org/openSUSE:Factory/openSUSE-Addon-NonOss/2020… obsproduct://build.opensuse.org/openSUSE:Factory/openSUSE-Addon-NonOss/2020…</productinfo>
+ <productinfo name="REPOID">obsproduct://build.opensuse.org/openSUSE:Factory/openSUSE-Addon-NonOss/2020… obsproduct://build.opensuse.org/openSUSE:Factory/openSUSE-Addon-NonOss/2020…</productinfo>
<productinfo name="VENDOR">openSUSE</productinfo>
<productoption name="INI_DIR">/usr/share/kiwi/modules/plugins/tumbleweed</productoption>
<productoption name="PLUGIN_DIR">/usr/share/kiwi/modules/plugins/tumbleweed</productoption>
++++++ openSUSE-cd-mini-i586.kiwi ++++++
--- /var/tmp/diff_new_pack.eOAXt7/_old 2020-10-30 12:03:05.170521570 +0100
+++ /var/tmp/diff_new_pack.eOAXt7/_new 2020-10-30 12:03:05.170521570 +0100
@@ -1,4 +1,4 @@
-<image name="OBS__openSUSE___20201029" schemaversion="4.1">
+<image name="OBS__openSUSE___20201030" schemaversion="4.1">
<description type="system">
<author>The SUSE Team</author>
<contact>build(a)opensuse.org</contact>
@@ -32,11 +32,11 @@
<productvar name="SEPARATE_MEDIA">true</productvar>
<productvar name="SHA1OPT">-x -2</productvar>
<productvar name="VENDOR">openSUSE</productvar>
- <productvar name="VERSION">20201029</productvar>
+ <productvar name="VERSION">20201030</productvar>
<productinfo name="CONTENTSTYLE">11</productinfo>
- <productinfo name="DISTRO">cpe:/o:opensuse:opensuse:20201029,openSUSE Tumbleweed</productinfo>
+ <productinfo name="DISTRO">cpe:/o:opensuse:opensuse:20201030,openSUSE Tumbleweed</productinfo>
<productinfo name="LINGUAS">cs da de el en en_GB en_US es fr hu it ja pl pt pt_BR ru zh zh_CN zh_TW </productinfo>
- <productinfo name="REPOID">obsproduct://build.opensuse.org/openSUSE:Factory/openSUSE/20201029/i586</productinfo>
+ <productinfo name="REPOID">obsproduct://build.opensuse.org/openSUSE:Factory/openSUSE/20201030/i586</productinfo>
<productinfo name="VENDOR">openSUSE</productinfo>
<productoption name="INI_DIR">/usr/share/kiwi/modules/plugins/tumbleweed</productoption>
<productoption name="PLUGIN_DIR">/usr/share/kiwi/modules/plugins/tumbleweed</productoption>
++++++ openSUSE-cd-mini-x86_64.kiwi ++++++
--- /var/tmp/diff_new_pack.eOAXt7/_old 2020-10-30 12:03:05.186521583 +0100
+++ /var/tmp/diff_new_pack.eOAXt7/_new 2020-10-30 12:03:05.190521587 +0100
@@ -1,4 +1,4 @@
-<image name="OBS__openSUSE___20201029" schemaversion="4.1">
+<image name="OBS__openSUSE___20201030" schemaversion="4.1">
<description type="system">
<author>The SUSE Team</author>
<contact>build(a)opensuse.org</contact>
@@ -35,11 +35,11 @@
<productvar name="SEPARATE_MEDIA">true</productvar>
<productvar name="SHA1OPT">-x -2</productvar>
<productvar name="VENDOR">openSUSE</productvar>
- <productvar name="VERSION">20201029</productvar>
+ <productvar name="VERSION">20201030</productvar>
<productinfo name="CONTENTSTYLE">11</productinfo>
- <productinfo name="DISTRO">cpe:/o:opensuse:opensuse:20201029,openSUSE Tumbleweed</productinfo>
+ <productinfo name="DISTRO">cpe:/o:opensuse:opensuse:20201030,openSUSE Tumbleweed</productinfo>
<productinfo name="LINGUAS">cs da de el en en_GB en_US es fr hu it ja pl pt pt_BR ru zh zh_CN zh_TW </productinfo>
- <productinfo name="REPOID">obsproduct://build.opensuse.org/openSUSE:Factory/openSUSE/20201029/x86_64</productinfo>
+ <productinfo name="REPOID">obsproduct://build.opensuse.org/openSUSE:Factory/openSUSE/20201030/x86_64</productinfo>
<productinfo name="VENDOR">openSUSE</productinfo>
<productoption name="INI_DIR">/usr/share/kiwi/modules/plugins/tumbleweed</productoption>
<productoption name="PLUGIN_DIR">/usr/share/kiwi/modules/plugins/tumbleweed</productoption>
++++++ openSUSE-dvd5-dvd-i586.kiwi ++++++
--- /var/tmp/diff_new_pack.eOAXt7/_old 2020-10-30 12:03:05.206521601 +0100
+++ /var/tmp/diff_new_pack.eOAXt7/_new 2020-10-30 12:03:05.206521601 +0100
@@ -1,4 +1,4 @@
-<image name="OBS__openSUSE___20201029" schemaversion="4.1">
+<image name="OBS__openSUSE___20201030" schemaversion="4.1">
<description type="system">
<author>The SUSE Team</author>
<contact>build(a)opensuse.org</contact>
@@ -32,11 +32,11 @@
<productvar name="SEPARATE_MEDIA">true</productvar>
<productvar name="SHA1OPT">-x -2</productvar>
<productvar name="VENDOR">openSUSE</productvar>
- <productvar name="VERSION">20201029</productvar>
+ <productvar name="VERSION">20201030</productvar>
<productinfo name="CONTENTSTYLE">11</productinfo>
- <productinfo name="DISTRO">cpe:/o:opensuse:opensuse:20201029,openSUSE Tumbleweed</productinfo>
+ <productinfo name="DISTRO">cpe:/o:opensuse:opensuse:20201030,openSUSE Tumbleweed</productinfo>
<productinfo name="LINGUAS">cs da de el en en_GB en_US es fr hu it ja pl pt pt_BR ru zh zh_CN zh_TW </productinfo>
- <productinfo name="REPOID">obsproduct://build.opensuse.org/openSUSE:Factory/openSUSE/20201029/i586</productinfo>
+ <productinfo name="REPOID">obsproduct://build.opensuse.org/openSUSE:Factory/openSUSE/20201030/i586</productinfo>
<productinfo name="VENDOR">openSUSE</productinfo>
<productoption name="INI_DIR">/usr/share/kiwi/modules/plugins/tumbleweed</productoption>
<productoption name="PLUGIN_DIR">/usr/share/kiwi/modules/plugins/tumbleweed</productoption>
++++++ openSUSE-dvd5-dvd-x86_64.kiwi ++++++
--- /var/tmp/diff_new_pack.eOAXt7/_old 2020-10-30 12:03:05.226521618 +0100
+++ /var/tmp/diff_new_pack.eOAXt7/_new 2020-10-30 12:03:05.230521621 +0100
@@ -1,4 +1,4 @@
-<image name="OBS__openSUSE___20201029" schemaversion="4.1">
+<image name="OBS__openSUSE___20201030" schemaversion="4.1">
<description type="system">
<author>The SUSE Team</author>
<contact>build(a)opensuse.org</contact>
@@ -35,11 +35,11 @@
<productvar name="SEPARATE_MEDIA">true</productvar>
<productvar name="SHA1OPT">-x -2</productvar>
<productvar name="VENDOR">openSUSE</productvar>
- <productvar name="VERSION">20201029</productvar>
+ <productvar name="VERSION">20201030</productvar>
<productinfo name="CONTENTSTYLE">11</productinfo>
- <productinfo name="DISTRO">cpe:/o:opensuse:opensuse:20201029,openSUSE Tumbleweed</productinfo>
+ <productinfo name="DISTRO">cpe:/o:opensuse:opensuse:20201030,openSUSE Tumbleweed</productinfo>
<productinfo name="LINGUAS">cs da de el en en_GB en_US es fr hu it ja pl pt pt_BR ru zh zh_CN zh_TW </productinfo>
- <productinfo name="REPOID">obsproduct://build.opensuse.org/openSUSE:Factory/openSUSE/20201029/x86_64</productinfo>
+ <productinfo name="REPOID">obsproduct://build.opensuse.org/openSUSE:Factory/openSUSE/20201030/x86_64</productinfo>
<productinfo name="VENDOR">openSUSE</productinfo>
<productoption name="INI_DIR">/usr/share/kiwi/modules/plugins/tumbleweed</productoption>
<productoption name="PLUGIN_DIR">/usr/share/kiwi/modules/plugins/tumbleweed</productoption>
++++++ openSUSE-ftp-ftp-i586_x86_64.kiwi ++++++
--- /var/tmp/diff_new_pack.eOAXt7/_old 2020-10-30 12:03:05.254521642 +0100
+++ /var/tmp/diff_new_pack.eOAXt7/_new 2020-10-30 12:03:05.254521642 +0100
@@ -1,4 +1,4 @@
-<image name="OBS__openSUSE___20201029" schemaversion="4.1">
+<image name="OBS__openSUSE___20201030" schemaversion="4.1">
<description type="system">
<author>The SUSE Team</author>
<contact>build(a)opensuse.org</contact>
@@ -24,7 +24,7 @@
<productvar name="DISTNAME">openSUSE</productvar>
<productvar name="FLAVOR">ftp</productvar>
<productvar name="MAKE_LISTINGS">true</productvar>
- <productvar name="MEDIUM_NAME">openSUSE-20201029-i586-x86_64</productvar>
+ <productvar name="MEDIUM_NAME">openSUSE-20201030-i586-x86_64</productvar>
<productvar name="MULTIPLE_MEDIA">true</productvar>
<productvar name="PRODUCT_DIR">/</productvar>
<productvar name="PRODUCT_NAME">$DISTNAME-$FLAVOR</productvar>
@@ -36,11 +36,11 @@
<productvar name="SEPARATE_MEDIA">true</productvar>
<productvar name="SHA1OPT">-x -2</productvar>
<productvar name="VENDOR">openSUSE</productvar>
- <productvar name="VERSION">20201029</productvar>
+ <productvar name="VERSION">20201030</productvar>
<productinfo name="CONTENTSTYLE">11</productinfo>
- <productinfo name="DISTRO">cpe:/o:opensuse:opensuse:20201029,openSUSE Tumbleweed</productinfo>
+ <productinfo name="DISTRO">cpe:/o:opensuse:opensuse:20201030,openSUSE Tumbleweed</productinfo>
<productinfo name="LINGUAS">cs da de el en en_GB en_US es fr hu it ja pl pt pt_BR ru zh zh_CN zh_TW </productinfo>
- <productinfo name="REPOID">obsproduct://build.opensuse.org/openSUSE:Factory/openSUSE/20201029/i586 obsproduct://build.opensuse.org/openSUSE:Factory/openSUSE/20201029/x86_64</productinfo>
+ <productinfo name="REPOID">obsproduct://build.opensuse.org/openSUSE:Factory/openSUSE/20201030/i586 obsproduct://build.opensuse.org/openSUSE:Factory/openSUSE/20201030/x86_64</productinfo>
<productinfo name="VENDOR">openSUSE</productinfo>
<productoption name="DEBUGMEDIUM">2</productoption>
<productoption name="INI_DIR">/usr/share/kiwi/modules/plugins/tumbleweed</productoption>
++++++ MicroOS.product ++++++
--- /var/tmp/diff_new_pack.eOAXt7/_old 2020-10-30 12:03:05.310521689 +0100
+++ /var/tmp/diff_new_pack.eOAXt7/_new 2020-10-30 12:03:05.310521689 +0100
@@ -6,7 +6,7 @@
<name>MicroOS</name>
<releasepkgname>MicroOS-release</releasepkgname>
<endoflife/>
- <version>20201029</version>
+ <version>20201030</version>
<!-- release is no longer optional -->
<release>0</release>
<productline>MicroOS</productline>
++++++ openSUSE-Addon-NonOss.product ++++++
--- /var/tmp/diff_new_pack.eOAXt7/_old 2020-10-30 12:03:05.414521778 +0100
+++ /var/tmp/diff_new_pack.eOAXt7/_new 2020-10-30 12:03:05.414521778 +0100
@@ -4,7 +4,7 @@
<product>
<vendor>openSUSE</vendor>
<name>openSUSE-Addon-NonOss</name>
- <version>20201029</version>
+ <version>20201030</version>
<release>0</release>
<summary>openSUSE NonOSS Addon</summary>
<shortsummary>non oss addon</shortsummary>
++++++ openSUSE.product ++++++
--- /var/tmp/diff_new_pack.eOAXt7/_old 2020-10-30 12:03:05.438521798 +0100
+++ /var/tmp/diff_new_pack.eOAXt7/_new 2020-10-30 12:03:05.438521798 +0100
@@ -4,7 +4,7 @@
<product>
<vendor>openSUSE</vendor>
<name>openSUSE</name>
- <version>20201029</version>
+ <version>20201030</version>
<release>0</release>
<productline>openSUSE</productline>
1
0
Hello community,
here is the log from the commit of package 000release-packages for openSUSE:Factory checked in at 2020-10-30 12:02:58
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/000release-packages (Old)
and /work/SRC/openSUSE:Factory/.000release-packages.new.3463 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "000release-packages"
Fri Oct 30 12:02:58 2020 rev:744 rq: version:unknown
Changes:
--------
New Changes file:
NO CHANGES FILE!!!
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ MicroOS-release.spec ++++++
--- /var/tmp/diff_new_pack.2hHCOJ/_old 2020-10-30 12:03:01.094518092 +0100
+++ /var/tmp/diff_new_pack.2hHCOJ/_new 2020-10-30 12:03:01.098518094 +0100
@@ -17,7 +17,7 @@
Name: MicroOS-release
-Version: 20201029
+Version: 20201030
Release: 0
Summary: openSUSE MicroOS
License: GPL-2.0-or-later
@@ -173,9 +173,9 @@
%include %{SOURCE100}
Provides: %name-%version
Provides: product() = MicroOS
-Provides: product(MicroOS) = 20201029-0
+Provides: product(MicroOS) = 20201030-0
Provides: product-label() = openSUSE%20MicroOS
-Provides: product-cpeid() = cpe%3A%2Fo%3Aopensuse%3Amicroos%3A20201029
+Provides: product-cpeid() = cpe%3A%2Fo%3Aopensuse%3Amicroos%3A20201030
Provides: product-url(releasenotes) = http%3A%2F%2Fdoc.opensuse.org%2Frelease%2Dnotes%2Fx86_64%2FopenSUSE%2FTumbleweed%2Frelease%2Dnotes%2DopenSUSE.rpm
Provides: product-endoflife()
Requires: product_flavor(MicroOS)
@@ -191,7 +191,7 @@
Group: System/Fhs
Provides: product_flavor()
Provides: flavor(dvd)
-Provides: product_flavor(MicroOS) = 20201029-0
+Provides: product_flavor(MicroOS) = 20201030-0
Summary: openSUSE MicroOS%{?betaversion: %{betaversion}}
%description dvd
@@ -207,7 +207,7 @@
Group: System/Fhs
Provides: product_flavor()
Provides: flavor(kubic-dvd)
-Provides: product_flavor(MicroOS) = 20201029-0
+Provides: product_flavor(MicroOS) = 20201030-0
Summary: openSUSE MicroOS%{?betaversion: %{betaversion}}
%description kubic-dvd
@@ -223,7 +223,7 @@
Group: System/Fhs
Provides: product_flavor()
Provides: flavor(appliance)
-Provides: product_flavor(MicroOS) = 20201029-0
+Provides: product_flavor(MicroOS) = 20201030-0
Summary: openSUSE MicroOS%{?betaversion: %{betaversion}}
%description appliance
@@ -239,7 +239,7 @@
Group: System/Fhs
Provides: product_flavor()
Provides: flavor(appliance-kubic)
-Provides: product_flavor(MicroOS) = 20201029-0
+Provides: product_flavor(MicroOS) = 20201030-0
Summary: openSUSE MicroOS%{?betaversion: %{betaversion}}
%description appliance-kubic
@@ -298,11 +298,11 @@
<product schemeversion="0">
<vendor>openSUSE</vendor>
<name>MicroOS</name>
- <version>20201029</version>
+ <version>20201030</version>
<release>0</release>
<endoflife></endoflife>
<arch>%{_target_cpu}</arch>
- <cpeid>cpe:/o:opensuse:microos:20201029</cpeid>
+ <cpeid>cpe:/o:opensuse:microos:20201030</cpeid>
<productline>MicroOS</productline>
<register>
<pool>
++++++ openSUSE-Addon-NonOss-release.spec ++++++
--- /var/tmp/diff_new_pack.2hHCOJ/_old 2020-10-30 12:03:01.122518115 +0100
+++ /var/tmp/diff_new_pack.2hHCOJ/_new 2020-10-30 12:03:01.126518119 +0100
@@ -1,5 +1,5 @@
#
-# spec file for package openSUSE-Addon-NonOss-release (Version 20201029)
+# spec file for package openSUSE-Addon-NonOss-release (Version 20201030)
#
# Copyright (c) 2020 openSUSE.
#
@@ -16,16 +16,16 @@
Name: openSUSE-Addon-NonOss-release
%define product openSUSE-Addon-NonOss
Summary: openSUSE NonOSS Addon%{?betaversion: %{betaversion}}
-Version: 20201029
+Version: 20201030
Release: 0
License: BSD-3-Clause
Group: System/Fhs
Provides: %name-%version
Provides: product() = openSUSE-Addon-NonOss
-Provides: product(openSUSE-Addon-NonOss) = 20201029-0
+Provides: product(openSUSE-Addon-NonOss) = 20201030-0
Provides: product-label() = non%20oss%20addon
-Provides: product-cpeid() = cpe%3A%2Fo%3Aopensuse%3Aopensuse%2Daddon%2Dnonoss%3A20201029
+Provides: product-cpeid() = cpe%3A%2Fo%3Aopensuse%3Aopensuse%2Daddon%2Dnonoss%3A20201030
AutoReqProv: on
@@ -49,10 +49,10 @@
<product schemeversion="0">
<vendor>openSUSE</vendor>
<name>openSUSE-Addon-NonOss</name>
- <version>20201029</version>
+ <version>20201030</version>
<release>0</release>
<arch>%{_target_cpu}</arch>
- <cpeid>cpe:/o:opensuse:opensuse-addon-nonoss:20201029</cpeid>
+ <cpeid>cpe:/o:opensuse:opensuse-addon-nonoss:20201030</cpeid>
<register>
<pool>
</pool>
++++++ openSUSE-release.spec ++++++
--- /var/tmp/diff_new_pack.2hHCOJ/_old 2020-10-30 12:03:01.146518136 +0100
+++ /var/tmp/diff_new_pack.2hHCOJ/_new 2020-10-30 12:03:01.150518139 +0100
@@ -20,7 +20,7 @@
#define betaversion %{nil}
%define codename Tumbleweed
Name: openSUSE-release
-Version: 20201029
+Version: 20201030
Release: 0
# 0 is the product release, not the build release of this package
Summary: openSUSE Tumbleweed
@@ -178,7 +178,7 @@
%include %{SOURCE100}
Provides: %name-%version
Provides: product() = openSUSE
-Provides: product(openSUSE) = 20201029-0
+Provides: product(openSUSE) = 20201030-0
%ifarch x86_64
Provides: product-register-target() = openSUSE%2DTumbleweed%2Dx86_64
%endif
@@ -192,7 +192,7 @@
Provides: product-register-target() = openSUSE%2DTumbleweed%2Daarch64
%endif
Provides: product-label() = openSUSE
-Provides: product-cpeid() = cpe%3A%2Fo%3Aopensuse%3Aopensuse%3A20201029
+Provides: product-cpeid() = cpe%3A%2Fo%3Aopensuse%3Aopensuse%3A20201030
Provides: product-url(releasenotes) = http%3A%2F%2Fdoc.opensuse.org%2Frelease%2Dnotes%2Fx86_64%2FopenSUSE%2FTumbleweed%2Frelease%2Dnotes%2DopenSUSE.rpm
Provides: product-url(repository) = http%3A%2F%2Fdownload.opensuse.org%2Ftumbleweed%2Frepo%2Foss%2F
Requires: product_flavor(openSUSE)
@@ -206,7 +206,7 @@
Group: System/Fhs
Provides: product_flavor()
Provides: flavor(ftp)
-Provides: product_flavor(openSUSE) = 20201029-0
+Provides: product_flavor(openSUSE) = 20201030-0
Summary: openSUSE Tumbleweed%{?betaversion: %{betaversion}}
%description ftp
@@ -221,7 +221,7 @@
Group: System/Fhs
Provides: product_flavor()
Provides: flavor(mini)
-Provides: product_flavor(openSUSE) = 20201029-0
+Provides: product_flavor(openSUSE) = 20201030-0
Summary: openSUSE Tumbleweed%{?betaversion: %{betaversion}}
%description mini
@@ -236,7 +236,7 @@
Group: System/Fhs
Provides: product_flavor()
Provides: flavor(dvd)
-Provides: product_flavor(openSUSE) = 20201029-0
+Provides: product_flavor(openSUSE) = 20201030-0
Summary: openSUSE Tumbleweed%{?betaversion: %{betaversion}}
%description dvd
@@ -251,7 +251,7 @@
Group: System/Fhs
Provides: product_flavor()
Provides: flavor(livecd-kde)
-Provides: product_flavor(openSUSE) = 20201029-0
+Provides: product_flavor(openSUSE) = 20201030-0
Summary: openSUSE Tumbleweed%{?betaversion: %{betaversion}}
%description livecd-kde
@@ -266,7 +266,7 @@
Group: System/Fhs
Provides: product_flavor()
Provides: flavor(livecd-x11)
-Provides: product_flavor(openSUSE) = 20201029-0
+Provides: product_flavor(openSUSE) = 20201030-0
Summary: openSUSE Tumbleweed%{?betaversion: %{betaversion}}
%description livecd-x11
@@ -281,7 +281,7 @@
Group: System/Fhs
Provides: product_flavor()
Provides: flavor(livecd-gnome)
-Provides: product_flavor(openSUSE) = 20201029-0
+Provides: product_flavor(openSUSE) = 20201030-0
Summary: openSUSE Tumbleweed%{?betaversion: %{betaversion}}
%description livecd-gnome
@@ -296,7 +296,7 @@
Group: System/Fhs
Provides: product_flavor()
Provides: flavor(livecd-xfce)
-Provides: product_flavor(openSUSE) = 20201029-0
+Provides: product_flavor(openSUSE) = 20201030-0
Summary: openSUSE Tumbleweed%{?betaversion: %{betaversion}}
%description livecd-xfce
@@ -311,7 +311,7 @@
Group: System/Fhs
Provides: product_flavor()
Provides: flavor(usb-kde)
-Provides: product_flavor(openSUSE) = 20201029-0
+Provides: product_flavor(openSUSE) = 20201030-0
Summary: openSUSE Tumbleweed%{?betaversion: %{betaversion}}
%description usb-kde
@@ -326,7 +326,7 @@
Group: System/Fhs
Provides: product_flavor()
Provides: flavor(usb-gnome)
-Provides: product_flavor(openSUSE) = 20201029-0
+Provides: product_flavor(openSUSE) = 20201030-0
Summary: openSUSE Tumbleweed%{?betaversion: %{betaversion}}
%description usb-gnome
@@ -341,7 +341,7 @@
Group: System/Fhs
Provides: product_flavor()
Provides: flavor(usb-x11)
-Provides: product_flavor(openSUSE) = 20201029-0
+Provides: product_flavor(openSUSE) = 20201030-0
Summary: openSUSE Tumbleweed%{?betaversion: %{betaversion}}
%description usb-x11
@@ -356,7 +356,7 @@
Group: System/Fhs
Provides: product_flavor()
Provides: flavor(appliance)
-Provides: product_flavor(openSUSE) = 20201029-0
+Provides: product_flavor(openSUSE) = 20201030-0
Summary: openSUSE Tumbleweed%{?betaversion: %{betaversion}}
%description appliance
@@ -371,7 +371,7 @@
Group: System/Fhs
Provides: product_flavor()
Provides: flavor(appliance-docker)
-Provides: product_flavor(openSUSE) = 20201029-0
+Provides: product_flavor(openSUSE) = 20201030-0
Summary: openSUSE Tumbleweed%{?betaversion: %{betaversion}}
%description appliance-docker
@@ -386,7 +386,7 @@
Group: System/Fhs
Provides: product_flavor()
Provides: flavor(appliance-kvm)
-Provides: product_flavor(openSUSE) = 20201029-0
+Provides: product_flavor(openSUSE) = 20201030-0
Summary: openSUSE Tumbleweed%{?betaversion: %{betaversion}}
%description appliance-kvm
@@ -401,7 +401,7 @@
Group: System/Fhs
Provides: product_flavor()
Provides: flavor(appliance-vmware)
-Provides: product_flavor(openSUSE) = 20201029-0
+Provides: product_flavor(openSUSE) = 20201030-0
Summary: openSUSE Tumbleweed%{?betaversion: %{betaversion}}
%description appliance-vmware
@@ -416,7 +416,7 @@
Group: System/Fhs
Provides: product_flavor()
Provides: flavor(appliance-openstack)
-Provides: product_flavor(openSUSE) = 20201029-0
+Provides: product_flavor(openSUSE) = 20201030-0
Summary: openSUSE Tumbleweed%{?betaversion: %{betaversion}}
%description appliance-openstack
@@ -431,7 +431,7 @@
Group: System/Fhs
Provides: product_flavor()
Provides: flavor(appliance-hyperv)
-Provides: product_flavor(openSUSE) = 20201029-0
+Provides: product_flavor(openSUSE) = 20201030-0
Summary: openSUSE Tumbleweed%{?betaversion: %{betaversion}}
%description appliance-hyperv
@@ -446,7 +446,7 @@
Group: System/Fhs
Provides: product_flavor()
Provides: flavor(appliance-vagrant)
-Provides: product_flavor(openSUSE) = 20201029-0
+Provides: product_flavor(openSUSE) = 20201030-0
Summary: openSUSE Tumbleweed%{?betaversion: %{betaversion}}
%description appliance-vagrant
@@ -461,7 +461,7 @@
Group: System/Fhs
Provides: product_flavor()
Provides: flavor(appliance-wsl)
-Provides: product_flavor(openSUSE) = 20201029-0
+Provides: product_flavor(openSUSE) = 20201030-0
Summary: openSUSE Tumbleweed%{?betaversion: %{betaversion}}
%description appliance-wsl
@@ -476,7 +476,7 @@
Group: System/Fhs
Provides: product_flavor()
Provides: flavor(appliance-custom)
-Provides: product_flavor(openSUSE) = 20201029-0
+Provides: product_flavor(openSUSE) = 20201030-0
Summary: openSUSE Tumbleweed%{?betaversion: %{betaversion}}
%description appliance-custom
@@ -551,10 +551,10 @@
<product schemeversion="0">
<vendor>openSUSE</vendor>
<name>openSUSE</name>
- <version>20201029</version>
+ <version>20201030</version>
<release>0</release>
<arch>%{_target_cpu}</arch>
- <cpeid>cpe:/o:opensuse:opensuse:20201029</cpeid>
+ <cpeid>cpe:/o:opensuse:opensuse:20201030</cpeid>
<productline>openSUSE</productline>
<register>
<pool>
1
0