Hello community, here is the log from the commit of package libvirt for openSUSE:Factory checked in at 2019-11-18 20:02:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libvirt (Old) and /work/SRC/openSUSE:Factory/.libvirt.new.26869 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libvirt" Mon Nov 18 20:02:48 2019 rev:292 rq:748739 version:5.9.0 Changes: -------- --- /work/SRC/openSUSE:Factory/libvirt/libvirt.changes 2019-11-11 12:58:20.213559840 +0100 +++ /work/SRC/openSUSE:Factory/.libvirt.new.26869/libvirt.changes 2019-11-18 20:02:54.201818455 +0100 @@ -1,0 +2,23 @@ +Thu Nov 14 17:31:35 UTC 2019 - James Fehlig <[email protected]> + +- libxl: Fix lock manager lock ordering + 2552752f-libxl-fix-lock-manager-lock-ordering.patch + bsc#1145774 + +------------------------------------------------------------------- +Tue Nov 12 22:51:54 UTC 2019 - James Fehlig <[email protected]> + +- spec: Forcibly remove '--listen' option from LIBVIRTD_ARGS in + /etc/sysconfig/libvirtd since it is incompatible with socket + activation. Also add '--timeout' option for consistency with + upstream. + boo#1156161 + +------------------------------------------------------------------- +Mon Nov 11 23:32:43 UTC 2019 - James Fehlig <[email protected]> + +- Enable automatic firmware seletction and add the new smm + flavor to the build-time firmware list + jsc#SLE-6997 + +------------------------------------------------------------------- New: ---- 2552752f-libxl-fix-lock-manager-lock-ordering.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libvirt.spec ++++++ --- /var/tmp/diff_new_pack.cr9JRu/_old 2019-11-18 20:02:57.317816890 +0100 +++ /var/tmp/diff_new_pack.cr9JRu/_new 2019-11-18 20:02:57.329816884 +0100 @@ -338,6 +338,7 @@ Source99: baselibs.conf Source100: %{name}-rpmlintrc # Upstream patches +Patch0: 2552752f-libxl-fix-lock-manager-lock-ordering.patch # Patches pending upstream review Patch100: libxl-dom-reset.patch Patch101: network-don-t-use-dhcp-authoritative-on-static-netwo.patch @@ -871,6 +872,7 @@ %prep %setup -q +%patch0 -p1 %patch100 -p1 %patch101 -p1 %patch150 -p1 @@ -1003,20 +1005,25 @@ %define arg_selinux_mount --with-selinux-mount="/selinux" -# x86_64 UEFI firmwares -# To more closely resemble actual hardware, we use the firmwares with -# embedded Microsoft keys -# -# The Windows HCK test requires a bigger variable store, so 4MB firmware -# images have been introduced. They are advertised first and will be -# used by default for new VM installations. The 2MB images are still -# available for existing VMs, and can be selected for new installations -# as well. -LOADERS="/usr/share/qemu/ovmf-x86_64-ms-4m-code.bin:/usr/share/qemu/ovmf-x86_64-ms-4m-vars.bin" -LOADERS="$LOADERS:/usr/share/qemu/ovmf-x86_64-ms-code.bin:/usr/share/qemu/ovmf-x86_64-ms-vars.bin" -# aarch64 UEFI firmwares -LOADERS="$LOADERS:/usr/share/qemu/aavmf-aarch64-code.bin:/usr/share/qemu/aavmf-aarch64-vars.bin" -%define arg_loader_nvram --with-loader-nvram="$LOADERS" +# UEFI firmwares +# For SLE15 SP2 (Leap 15.2) and newer, use firmware descriptor files from the +# firmware packages, otherwise define firmwares via configure option +%if ! (0%{?suse_version} > 1500 || 0%{?sle_version} > 150100) + # x86_64 UEFI firmwares + # To more closely resemble actual hardware, we use the firmwares with + # embedded Microsoft keys + # + # The Windows HCK test requires a bigger variable store, so 4MB firmware + # images have been introduced. They are advertised first and will be + # used by default for new VM installations. The 2MB images are still + # available for existing VMs, and can be selected for new installations + # as well. + LOADERS="/usr/share/qemu/ovmf-x86_64-ms-4m-code.bin:/usr/share/qemu/ovmf-x86_64-ms-4m-vars.bin" + LOADERS="$LOADERS:/usr/share/qemu/ovmf-x86_64-ms-code.bin:/usr/share/qemu/ovmf-x86_64-ms-vars.bin" + # aarch64 UEFI firmwares + LOADERS="$LOADERS:/usr/share/qemu/aavmf-aarch64-code.bin:/usr/share/qemu/aavmf-aarch64-vars.bin" + %define arg_loader_nvram --with-loader-nvram="$LOADERS" +%endif autoreconf -f -i export CFLAGS="%{optflags}" @@ -1252,6 +1259,14 @@ %{fillup_only -n libvirtd} %{fillup_only -n virtlockd} %{fillup_only -n virtlogd} +# The '--listen' option is incompatible with socket activation. +# We need to forcibly remove it from /etc/sysconfig/libvirtd. +# Also add the --timeout option to be consistent with upstream. +# See boo#1156161 for details +sed -i -e '/^\s*LIBVIRTD_ARGS=/s/--listen//g' %{_sysconfdir}/sysconfig/libvirtd +if ! grep -q -E '^\s*LIBVIRTD_ARGS=.*--timeout' %{_sysconfdir}/sysconfig/libvirtd ; then + sed -i 's/^\s*LIBVIRTD_ARGS="\(.*\)"/LIBVIRTD_ARGS="\1 --timeout 120"/' %{_sysconfdir}/sysconfig/libvirtd +fi %preun daemon %service_del_preun libvirtd.service libvirtd.socket libvirtd-ro.socket libvirtd-admin.socket libvirtd-tcp.socket libvirtd-tls.socket virtlockd.service virtlockd.socket virtlogd.service virtlogd.socket virtlockd-admin.socket virtlogd-admin.socket @@ -1271,7 +1286,7 @@ # All connection drivers should be installed post transaction. # Time to restart libvirtd. With new socket activation we need to be a bit # smarter on update. Old libvirtd owns the sockets and will delete them on -# shutdown. We can't use try-restart as libvirtd will one the sockets again +# shutdown. We can't use try-restart as libvirtd will own the sockets again # after restart. So we must instead shutdown libvirtd, start the sockets, # then start libvirtd. if test "$YAST_IS_RUNNING" != "instsys" -a "$DISABLE_RESTART_ON_UPDATE" != yes ; then ++++++ 2552752f-libxl-fix-lock-manager-lock-ordering.patch ++++++ commit 2552752f0b6504a80f6306e5aae2c7063d24f1ab Author: Jim Fehlig <[email protected]> Date: Mon Oct 14 14:01:00 2019 -0600 libxl: Fix lock manager lock ordering The ordering of lock manager locks in the libxl driver has a flaw that was uncovered by a migration error path. In the perform phase of migration, the source host calls virDomainLockProcessPause to release the lock before sending the VM to the destination host. If the send fails an attempt is made to reacquire the lock with virDomainLockProcessResume, but that too can fail if the destination host has not finished cleaning up the failed VM and releasing the lock it acquired when starting to receive the VM. This change delays calling virDomainLockProcessResume in libxlDomainStart until the VM is successfully created, but before it is unpaused. A similar approach is used by the qemu driver, avoiding the need to release the lock if VM creation fails. In the migration perform phase, releasing the lock with virDomainLockProcessPause is delayed until the VM is successfully sent to the destination, which avoids reacquiring the lock if the send fails. Signed-off-by: Jim Fehlig <[email protected]> Reviewed-by: Cole Robinson <[email protected]> Index: libvirt-5.9.0/src/libxl/libxl_domain.c =================================================================== --- libvirt-5.9.0.orig/src/libxl/libxl_domain.c +++ libvirt-5.9.0/src/libxl/libxl_domain.c @@ -1347,13 +1347,6 @@ libxlDomainStart(libxlDriverPrivatePtr d NULL) < 0) goto cleanup; - if (virDomainLockProcessResume(driver->lockManager, - "xen:///system", - vm, - priv->lockState) < 0) - goto cleanup; - VIR_FREE(priv->lockState); - if (libxlNetworkPrepareDevices(vm->def) < 0) goto cleanup_dom; @@ -1436,6 +1429,13 @@ libxlDomainStart(libxlDriverPrivatePtr d libxlLoggerOpenFile(cfg->logger, domid, vm->def->name, config_json); + if (virDomainLockProcessResume(driver->lockManager, + "xen:///system", + vm, + priv->lockState) < 0) + goto destroy_dom; + VIR_FREE(priv->lockState); + /* Always enable domain death events */ if (libxl_evenable_domain_death(cfg->ctx, vm->def->id, 0, &priv->deathW)) goto destroy_dom; Index: libvirt-5.9.0/src/libxl/libxl_migration.c =================================================================== --- libvirt-5.9.0.orig/src/libxl/libxl_migration.c +++ libvirt-5.9.0/src/libxl/libxl_migration.c @@ -1240,20 +1240,16 @@ libxlDomainMigrationSrcPerform(libxlDriv sockfd = virNetSocketDupFD(sock, true); virObjectUnref(sock); - if (virDomainLockProcessPause(driver->lockManager, vm, &priv->lockState) < 0) - VIR_WARN("Unable to release lease on %s", vm->def->name); - VIR_DEBUG("Preserving lock state '%s'", NULLSTR(priv->lockState)); - /* suspend vm and send saved data to dst through socket fd */ virObjectUnlock(vm); ret = libxlDoMigrateSrcSend(driver, vm, flags, sockfd); virObjectLock(vm); - if (ret < 0) { - virDomainLockProcessResume(driver->lockManager, - "xen:///system", - vm, - priv->lockState); + if (ret == 0) { + if (virDomainLockProcessPause(driver->lockManager, vm, &priv->lockState) < 0) + VIR_WARN("Unable to release lease on %s", vm->def->name); + VIR_DEBUG("Preserving lock state '%s'", NULLSTR(priv->lockState)); + } else { /* * Confirm phase will not be executed if perform fails. End the * job started in begin phase. ++++++ libxl-set-migration-constraints.patch ++++++ --- /var/tmp/diff_new_pack.cr9JRu/_old 2019-11-18 20:02:57.565816765 +0100 +++ /var/tmp/diff_new_pack.cr9JRu/_new 2019-11-18 20:02:57.565816765 +0100 @@ -255,7 +255,7 @@ { libxlDomainObjPrivatePtr priv = vm->privateData; char *hostname = NULL; -@@ -1246,7 +1267,7 @@ libxlDomainMigrationSrcPerform(libxlDriv +@@ -1242,7 +1263,7 @@ libxlDomainMigrationSrcPerform(libxlDriv /* suspend vm and send saved data to dst through socket fd */ virObjectUnlock(vm); @@ -263,7 +263,7 @@ + ret = libxlDoMigrateSrcSend(driver, vm, props, sockfd); virObjectLock(vm); - if (ret < 0) { + if (ret == 0) { Index: libvirt-5.9.0/src/libxl/libxl_migration.h =================================================================== --- libvirt-5.9.0.orig/src/libxl/libxl_migration.h
