Re: [libvirt PATCH 1/2] qemu: Support enabling migration caps unless a flag is used

[Michal Prívozník]

On 12/13/21 15:29, Jiri Denemark wrote:
> So far we were enabling specific migration capabilities when a
> corresponding API flag is set. We need to generalize our code to be able
> to enable some migration capabilities unless a particular API flag is
> used.
> 
> Signed-off-by: Jiri Denemark 
> ---
>  src/qemu/qemu_migration_params.c | 33 +++-
>  1 file changed, 24 insertions(+), 9 deletions(-)
> 
> diff --git a/src/qemu/qemu_migration_params.c 
> b/src/qemu/qemu_migration_params.c
> index 837ee6d635..dfe0253487 100644
> --- a/src/qemu/qemu_migration_params.c
> +++ b/src/qemu/qemu_migration_params.c
> @@ -47,6 +47,11 @@ typedef enum {
>  QEMU_MIGRATION_PARAM_TYPE_STRING,
>  } qemuMigrationParamType;
>  
> +typedef enum {
> +QEMU_MIGRATION_FLAG_REQUIRED,
> +QEMU_MIGRATION_FLAG_FORBIDDEN,
> +} qemuMigrationFlagMatch;
> +
>  typedef struct _qemuMigrationParamValue qemuMigrationParamValue;
>  struct _qemuMigrationParamValue {
>  bool set;
> @@ -119,6 +124,7 @@ struct _qemuMigrationParamsAlwaysOnItem {
>  
>  typedef struct _qemuMigrationParamsFlagMapItem 
> qemuMigrationParamsFlagMapItem;
>  struct _qemuMigrationParamsFlagMapItem {
> +qemuMigrationFlagMatch match;
>  virDomainMigrateFlags flag;
>  qemuMigrationCapability cap;
>  int party; /* bit-wise OR of qemuMigrationParty */
> @@ -146,19 +152,23 @@ static const qemuMigrationParamsAlwaysOnItem 
> qemuMigrationParamsAlwaysOn[] = {
>  
>  /* Translation from virDomainMigrateFlags to qemuMigrationCapability. */
>  static const qemuMigrationParamsFlagMapItem qemuMigrationParamsFlagMap[] = {
> -{VIR_MIGRATE_RDMA_PIN_ALL,
> +{QEMU_MIGRATION_FLAG_REQUIRED,
> + VIR_MIGRATE_RDMA_PIN_ALL,
>   QEMU_MIGRATION_CAP_RDMA_PIN_ALL,
>   QEMU_MIGRATION_SOURCE | QEMU_MIGRATION_DESTINATION},
>  
> -{VIR_MIGRATE_AUTO_CONVERGE,
> +{QEMU_MIGRATION_FLAG_REQUIRED,
> + VIR_MIGRATE_AUTO_CONVERGE,
>   QEMU_MIGRATION_CAP_AUTO_CONVERGE,
>   QEMU_MIGRATION_SOURCE},
>  
> -{VIR_MIGRATE_POSTCOPY,
> +{QEMU_MIGRATION_FLAG_REQUIRED,
> + VIR_MIGRATE_POSTCOPY,
>   QEMU_MIGRATION_CAP_POSTCOPY,
>   QEMU_MIGRATION_SOURCE | QEMU_MIGRATION_DESTINATION},
>  
> -{VIR_MIGRATE_PARALLEL,
> +{QEMU_MIGRATION_FLAG_REQUIRED,
> + VIR_MIGRATE_PARALLEL,
>   QEMU_MIGRATION_CAP_MULTIFD,
>   QEMU_MIGRATION_SOURCE | QEMU_MIGRATION_DESTINATION},
>  };
> @@ -553,13 +563,18 @@ qemuMigrationParamsFromFlags(virTypedParameterPtr 
> params,
>  return NULL;
>  
>  for (i = 0; i < G_N_ELEMENTS(qemuMigrationParamsFlagMap); i++) {
> -qemuMigrationCapability cap = qemuMigrationParamsFlagMap[i].cap;
> +const qemuMigrationParamsFlagMapItem *item = 
> [i];
> +int match;

If you initialize this variable, then ..

> +
> +if (item->match == QEMU_MIGRATION_FLAG_REQUIRED)
> +match = item->flag;
> +else
> +match = 0;

.. this else branch can be dropped.
>  
> -if (qemuMigrationParamsFlagMap[i].party & party &&
> -flags & qemuMigrationParamsFlagMap[i].flag) {
> +if (item->party & party && (flags & item->flag) == match) {
>  VIR_DEBUG("Enabling migration capability '%s'",
> -  qemuMigrationCapabilityTypeToString(cap));
> -ignore_value(virBitmapSetBit(migParams->caps, cap));
> +  qemuMigrationCapabilityTypeToString(item->cap));
> +ignore_value(virBitmapSetBit(migParams->caps, item->cap));
>  }
>  }
>  

Michal

Re: [libvirt PATCH 0/2] qemu: Add support for return-path migration capability

[Michal Prívozník]

On 12/13/21 15:29, Jiri Denemark wrote:
> See 2/2 for more details about the capability.
> 
> Jiri Denemark (2):
>   qemu: Support enabling migration caps unless a flag is used
>   qemu: Add support for return-path migration capability
> 
>  src/qemu/qemu_migration_params.c | 39 
>  src/qemu/qemu_migration_params.h |  1 +
>  2 files changed, 31 insertions(+), 9 deletions(-)
> 

Reviewed-by: Michal Privoznik 

Michal

[libvirt][PATCH v9 5/5] Add unit tests for guest VM creation command with SGX EPC

[Haibin Huang]

From: Lin Yang 

Two unit test files were added to verify qemu command generated
with SGX EPC enabled with 6.2.0 qemu capability.

Signed-off-by: Lin Yang 
---
 .../sgx-epc.x86_64-6.2.0.args | 37 +++
 tests/qemuxml2argvdata/sgx-epc.xml| 36 ++
 tests/qemuxml2argvtest.c  |  2 +
 3 files changed, 75 insertions(+)
 create mode 100644 tests/qemuxml2argvdata/sgx-epc.x86_64-6.2.0.args
 create mode 100644 tests/qemuxml2argvdata/sgx-epc.xml

diff --git a/tests/qemuxml2argvdata/sgx-epc.x86_64-6.2.0.args 
b/tests/qemuxml2argvdata/sgx-epc.x86_64-6.2.0.args
new file mode 100644
index 00..bd3446a25e
--- /dev/null
+++ b/tests/qemuxml2argvdata/sgx-epc.x86_64-6.2.0.args
@@ -0,0 +1,37 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/tmp/lib/domain--1-QEMUGuest1 \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \
+XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \
+XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=QEMUGuest1,debug-threads=on \
+-S \
+-object 
'{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}'
 \
+-machine 
pc-q35-6.2,accel=tcg,usb=off,dump-guest-core=off,memory-backend=pc.ram \
+-cpu qemu64 \
+-m 134 \
+-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":140509184}' \
+-overcommit mem-lock=off \
+-smp 1,sockets=1,cores=1,threads=1 \
+-object 
'{"qom-type":"memory-backend-epc","id":"memepc0","prealloc":true,"size":67108864}'
 \
+-object 
'{"qom-type":"memory-backend-epc","id":"memepc1","prealloc":true,"size":16777216}'
 \
+-M sgx-epc.0.memdev=memepc0,sgx-epc.1.memdev=memepc1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-no-acpi \
+-boot strict=on \
+-device 
'{"driver":"pcie-root-port","port":8,"chassis":1,"id":"pci.1","bus":"pcie.0","multifunction":true,"addr":"0x1"}'
 \
+-device 
'{"driver":"pcie-root-port","port":9,"chassis":2,"id":"pci.2","bus":"pcie.0","addr":"0x1.0x1"}'
 \
+-audiodev id=audio1,driver=none \
+-device 
'{"driver":"virtio-balloon-pci","id":"balloon0","bus":"pci.1","addr":"0x0"}' \
+-sandbox 
on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/sgx-epc.xml 
b/tests/qemuxml2argvdata/sgx-epc.xml
new file mode 100644
index 00..65ae8ae296
--- /dev/null
+++ b/tests/qemuxml2argvdata/sgx-epc.xml
@@ -0,0 +1,36 @@
+
+  QEMUGuest1
+  c7a5fdbd-edaf-9455-926a-d65c16db1809
+  219100
+  219100
+  1
+  
+hvm
+
+  
+  
+  destroy
+  restart
+  destroy
+  
+/usr/bin/qemu-system-x86_64
+
+
+
+  
+
+
+
+
+
+  
+64
+  
+
+
+  
+16
+  
+
+  
+
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index e209b48fce..c272283a1a 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -3438,6 +3438,8 @@ mymain(void)
 
 DO_TEST_CAPS_LATEST("devices-acpi-index");
 
+DO_TEST_CAPS_VER("sgx-epc", "6.2.0");
+
 if (getenv("LIBVIRT_SKIP_CLEANUP") == NULL)
 virFileDeleteTree(fakerootdir);
 
-- 
2.17.1

[libvirt][PATCH v9 4/5] qemu: Add command-line to generate SGX EPC memory backend

[Haibin Huang]

From: Lin Yang 

According to the result parsing from xml, add the argument of
SGX EPC memory backend into QEMU command line:

#qemu-system-x86_64 \
.. \
-object memory-backend-epc,id=mem1,size=64M,prealloc=on \
-object memory-backend-epc,id=mem2,size=28M \
-M sgx-epc.0.memdev=mem1,sgx-epc.1.memdev=mem2

Signed-off-by: Lin Yang 
---
 src/qemu/qemu_alias.c   |  3 ++-
 src/qemu/qemu_command.c | 40 
 src/qemu/qemu_domain.c  | 10 +-
 3 files changed, 47 insertions(+), 6 deletions(-)

diff --git a/src/qemu/qemu_alias.c b/src/qemu/qemu_alias.c
index 5795924754..89afea8778 100644
--- a/src/qemu/qemu_alias.c
+++ b/src/qemu/qemu_alias.c
@@ -489,7 +489,8 @@ qemuDeviceMemoryGetAliasID(virDomainDef *def,
  * valid */
 if (!oldAlias &&
 mem->model != VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM &&
-mem->model != VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM)
+mem->model != VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM &&
+mem->model != VIR_DOMAIN_MEMORY_MODEL_SGX_EPC)
 return mem->info.addr.dimm.slot;
 
 for (i = 0; i < def->nmems; i++) {
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 36281a69e2..ebb3aa1023 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -3555,6 +3555,10 @@ qemuBuildMemoryBackendProps(virJSONValue **backendProps,
 if (systemMemory)
 disableCanonicalPath = true;
 
+} else if (mem->model == VIR_DOMAIN_MEMORY_MODEL_SGX_EPC) {
+backendType = "memory-backend-epc";
+if (!priv->memPrealloc)
+prealloc = true;
 } else {
 backendType = "memory-backend-ram";
 }
@@ -7838,6 +7842,8 @@ qemuBuildMemoryDeviceCommandLine(virCommand *cmd,
  qemuDomainObjPrivate *priv)
 {
 size_t i;
+g_auto(virBuffer) epcBuf = VIR_BUFFER_INITIALIZER;
+int epcNum = 0;
 
 /* memory hotplug requires NUMA to be enabled - we already checked
  * that memory devices are present only when NUMA is */
@@ -7847,11 +7853,37 @@ qemuBuildMemoryDeviceCommandLine(virCommand *cmd,
 if (qemuBuildMemoryDimmBackendStr(cmd, def->mems[i], def, cfg, priv) < 
0)
 return -1;
 
-if (!(props = qemuBuildMemoryDeviceProps(def, def->mems[i])))
-return -1;
+switch ((virDomainMemoryModel) def->mems[i]->model) {
+case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
+case VIR_DOMAIN_MEMORY_MODEL_DIMM:
+case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
+case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM:
+if (!(props = qemuBuildMemoryDeviceProps(def, def->mems[i])))
+return -1;
 
-if (qemuBuildDeviceCommandlineFromJSON(cmd, props, priv->qemuCaps) < 0)
-return -1;
+if (qemuBuildDeviceCommandlineFromJSON(cmd, props, priv->qemuCaps) 
< 0)
+return -1;
+
+break;
+
+case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
+if (virBufferUse() > 0)
+virBufferAddChar(, ',');
+
+virBufferAsprintf(, "sgx-epc.%d.memdev=%s", epcNum++,
+  g_strdup_printf("mem%s", 
def->mems[i]->info.alias));
+
+break;
+
+case VIR_DOMAIN_MEMORY_MODEL_NONE:
+case VIR_DOMAIN_MEMORY_MODEL_LAST:
+break;
+}
+}
+
+if (virBufferUse() > 0) {
+virCommandAddArg(cmd, "-M");
+virCommandAddArgBuffer(cmd, );
 }
 
 return 0;
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index f156d073e5..2db479ee7f 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -8895,13 +8895,21 @@ int
 qemuDomainDefValidateMemoryHotplug(const virDomainDef *def,
const virDomainMemoryDef *mem)
 {
-unsigned int nmems = def->nmems;
+unsigned int nmems = 0;
 unsigned long long hotplugSpace;
 unsigned long long hotplugMemory = 0;
 size_t i;
 
 hotplugSpace = def->mem.max_memory - virDomainDefGetMemoryInitial(def);
 
+for (i = 0; i < def->nmems; i++) {
+if (def->mems[i]->model == VIR_DOMAIN_MEMORY_MODEL_DIMM ||
+def->mems[i]->model == VIR_DOMAIN_MEMORY_MODEL_NVDIMM ||
+def->mems[i]->model == VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM ||
+def->mems[i]->model == VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM)
+nmems++;
+}
+
 if (mem) {
 nmems++;
 hotplugMemory = mem->size;
-- 
2.17.1

[libvirt][PATCH v9 3/5] conf: Introduce SGX EPC element into device memory xml

[Haibin Huang]

From: Lin Yang 


  ...
  

  512

  
  ...


Signed-off-by: Lin Yang 
---
 docs/schemas/domaincommon.rng| 1 +
 src/conf/domain_conf.c   | 6 ++
 src/conf/domain_conf.h   | 1 +
 src/conf/domain_validate.c   | 1 +
 src/qemu/qemu_alias.c| 3 +++
 src/qemu/qemu_command.c  | 1 +
 src/qemu/qemu_domain.c   | 2 ++
 src/qemu/qemu_domain_address.c   | 6 ++
 src/qemu/qemu_driver.c   | 1 +
 src/qemu/qemu_process.c  | 2 ++
 src/qemu/qemu_validate.c | 8 
 src/security/security_apparmor.c | 1 +
 src/security/security_dac.c  | 2 ++
 src/security/security_selinux.c  | 2 ++
 14 files changed, 37 insertions(+)

diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 26990c4d6d..39b02d1cb7 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -6616,6 +6616,7 @@
   nvdimm
   virtio-pmem
   virtio-mem
+  sgx-epc
 
   
   
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 6fcf86ba58..c892865da4 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -1399,6 +1399,7 @@ VIR_ENUM_IMPL(virDomainMemoryModel,
   "nvdimm",
   "virtio-pmem",
   "virtio-mem",
+  "sgx-epc",
 );
 
 VIR_ENUM_IMPL(virDomainShmemModel,
@@ -5508,6 +5509,7 @@ virDomainMemoryDefPostParse(virDomainMemoryDef *mem,
 
 case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM:
 case VIR_DOMAIN_MEMORY_MODEL_DIMM:
+case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
 case VIR_DOMAIN_MEMORY_MODEL_NONE:
 case VIR_DOMAIN_MEMORY_MODEL_LAST:
 break;
@@ -14696,6 +14698,7 @@ virDomainMemorySourceDefParseXML(xmlNodePtr node,
 def->nvdimmPath = virXPathString("string(./path)", ctxt);
 break;
 
+case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
 case VIR_DOMAIN_MEMORY_MODEL_NONE:
 case VIR_DOMAIN_MEMORY_MODEL_LAST:
 break;
@@ -14764,6 +14767,7 @@ virDomainMemoryTargetDefParseXML(xmlNodePtr node,
 case VIR_DOMAIN_MEMORY_MODEL_NONE:
 case VIR_DOMAIN_MEMORY_MODEL_DIMM:
 case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
+case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
 case VIR_DOMAIN_MEMORY_MODEL_LAST:
 break;
 }
@@ -16548,6 +16552,7 @@ virDomainMemoryFindByDefInternal(virDomainDef *def,
 continue;
 break;
 
+case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
 case VIR_DOMAIN_MEMORY_MODEL_NONE:
 case VIR_DOMAIN_MEMORY_MODEL_LAST:
 break;
@@ -25997,6 +26002,7 @@ virDomainMemorySourceDefFormat(virBuffer *buf,
 virBufferEscapeString(, "%s\n", def->nvdimmPath);
 break;
 
+case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
 case VIR_DOMAIN_MEMORY_MODEL_NONE:
 case VIR_DOMAIN_MEMORY_MODEL_LAST:
 break;
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 1ac802feca..58b6ff8355 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2482,6 +2482,7 @@ typedef enum {
 VIR_DOMAIN_MEMORY_MODEL_NVDIMM, /* nvdimm memory device */
 VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM, /* virtio-pmem memory device */
 VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM, /* virtio-mem memory device */
+VIR_DOMAIN_MEMORY_MODEL_SGX_EPC, /* SGX enclave page cache */
 
 VIR_DOMAIN_MEMORY_MODEL_LAST
 } virDomainMemoryModel;
diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index 80401cf8c7..982ecc60d0 100644
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -2066,6 +2066,7 @@ virDomainMemoryDefValidate(const virDomainMemoryDef *mem,
 break;
 
 case VIR_DOMAIN_MEMORY_MODEL_DIMM:
+case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
 break;
 
 case VIR_DOMAIN_MEMORY_MODEL_NONE:
diff --git a/src/qemu/qemu_alias.c b/src/qemu/qemu_alias.c
index 276a03cb56..5795924754 100644
--- a/src/qemu/qemu_alias.c
+++ b/src/qemu/qemu_alias.c
@@ -538,6 +538,9 @@ qemuAssignDeviceMemoryAlias(virDomainDef *def,
 case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM:
 prefix = "virtiomem";
 break;
+case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
+prefix = "epc";
+break;
 case VIR_DOMAIN_MEMORY_MODEL_NONE:
 case VIR_DOMAIN_MEMORY_MODEL_LAST:
 default:
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index dba877a740..36281a69e2 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -3768,6 +3768,7 @@ qemuBuildMemoryDeviceProps(const virDomainDef *def,
 device = "virtio-mem-pci";
 break;
 
+case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
 case VIR_DOMAIN_MEMORY_MODEL_NONE:
 case VIR_DOMAIN_MEMORY_MODEL_LAST:
 default:
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 1bd3730281..f156d073e5 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -8184,6 +8184,7 @@ qemuDomainUpdateMemoryDeviceInfo(virQEMUDriver *driver,
 break;
 
 case 

[libvirt][PATCH v9 2/5] Transfer Qemu SGX Capabilities to XML

[Haibin Huang]

Convert qemu sgx capabilities:
{"sgx": true, "section-size": 0, "flc": false}

to XML format:
 
no
1
 

Signed-off-by: Haibin Huang 
---
 docs/schemas/domaincaps.rng   | 22 ++-
 src/conf/domain_capabilities.c| 19 
 tests/domaincapsdata/bhyve_basic.x86_64.xml   |  1 +
 tests/domaincapsdata/bhyve_fbuf.x86_64.xml|  1 +
 tests/domaincapsdata/bhyve_uefi.x86_64.xml|  1 +
 tests/domaincapsdata/empty.xml|  1 +
 tests/domaincapsdata/libxl-xenfv.xml  |  1 +
 tests/domaincapsdata/libxl-xenpv.xml  |  1 +
 .../domaincapsdata/qemu_2.11.0-q35.x86_64.xml |  1 +
 .../domaincapsdata/qemu_2.11.0-tcg.x86_64.xml |  1 +
 tests/domaincapsdata/qemu_2.11.0.s390x.xml|  1 +
 tests/domaincapsdata/qemu_2.11.0.x86_64.xml   |  1 +
 .../domaincapsdata/qemu_2.12.0-q35.x86_64.xml |  1 +
 .../domaincapsdata/qemu_2.12.0-tcg.x86_64.xml |  1 +
 .../qemu_2.12.0-virt.aarch64.xml  |  1 +
 tests/domaincapsdata/qemu_2.12.0.aarch64.xml  |  1 +
 tests/domaincapsdata/qemu_2.12.0.ppc64.xml|  1 +
 tests/domaincapsdata/qemu_2.12.0.s390x.xml|  1 +
 tests/domaincapsdata/qemu_2.12.0.x86_64.xml   |  1 +
 .../domaincapsdata/qemu_2.4.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_2.4.0-tcg.x86_64.xml  |  1 +
 tests/domaincapsdata/qemu_2.4.0.x86_64.xml|  1 +
 .../domaincapsdata/qemu_2.5.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_2.5.0-tcg.x86_64.xml  |  1 +
 tests/domaincapsdata/qemu_2.5.0.x86_64.xml|  1 +
 .../domaincapsdata/qemu_2.6.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_2.6.0-tcg.x86_64.xml  |  1 +
 .../qemu_2.6.0-virt.aarch64.xml   |  1 +
 tests/domaincapsdata/qemu_2.6.0.aarch64.xml   |  1 +
 tests/domaincapsdata/qemu_2.6.0.ppc64.xml |  1 +
 tests/domaincapsdata/qemu_2.6.0.x86_64.xml|  1 +
 .../domaincapsdata/qemu_2.7.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_2.7.0-tcg.x86_64.xml  |  1 +
 tests/domaincapsdata/qemu_2.7.0.s390x.xml |  1 +
 tests/domaincapsdata/qemu_2.7.0.x86_64.xml|  1 +
 .../domaincapsdata/qemu_2.8.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_2.8.0-tcg.x86_64.xml  |  1 +
 tests/domaincapsdata/qemu_2.8.0.s390x.xml |  1 +
 tests/domaincapsdata/qemu_2.8.0.x86_64.xml|  1 +
 .../domaincapsdata/qemu_2.9.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_2.9.0-tcg.x86_64.xml  |  1 +
 tests/domaincapsdata/qemu_2.9.0.ppc64.xml |  1 +
 tests/domaincapsdata/qemu_2.9.0.s390x.xml |  1 +
 tests/domaincapsdata/qemu_2.9.0.x86_64.xml|  1 +
 .../domaincapsdata/qemu_3.0.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_3.0.0-tcg.x86_64.xml  |  1 +
 tests/domaincapsdata/qemu_3.0.0.ppc64.xml |  1 +
 tests/domaincapsdata/qemu_3.0.0.s390x.xml |  1 +
 tests/domaincapsdata/qemu_3.0.0.x86_64.xml|  1 +
 .../domaincapsdata/qemu_3.1.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_3.1.0-tcg.x86_64.xml  |  1 +
 tests/domaincapsdata/qemu_3.1.0.ppc64.xml |  1 +
 tests/domaincapsdata/qemu_3.1.0.x86_64.xml|  1 +
 .../domaincapsdata/qemu_4.0.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_4.0.0-tcg.x86_64.xml  |  1 +
 .../qemu_4.0.0-virt.aarch64.xml   |  1 +
 tests/domaincapsdata/qemu_4.0.0.aarch64.xml   |  1 +
 tests/domaincapsdata/qemu_4.0.0.ppc64.xml |  1 +
 tests/domaincapsdata/qemu_4.0.0.s390x.xml |  1 +
 tests/domaincapsdata/qemu_4.0.0.x86_64.xml|  1 +
 .../domaincapsdata/qemu_4.1.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_4.1.0-tcg.x86_64.xml  |  1 +
 tests/domaincapsdata/qemu_4.1.0.x86_64.xml|  1 +
 .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml  |  1 +
 .../qemu_4.2.0-virt.aarch64.xml   |  1 +
 tests/domaincapsdata/qemu_4.2.0.aarch64.xml   |  1 +
 tests/domaincapsdata/qemu_4.2.0.ppc64.xml |  1 +
 tests/domaincapsdata/qemu_4.2.0.s390x.xml |  1 +
 tests/domaincapsdata/qemu_4.2.0.x86_64.xml|  1 +
 .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml  |  1 +
 .../qemu_5.0.0-virt.aarch64.xml   |  1 +
 tests/domaincapsdata/qemu_5.0.0.aarch64.xml   |  1 +
 tests/domaincapsdata/qemu_5.0.0.ppc64.xml |  1 +
 tests/domaincapsdata/qemu_5.0.0.x86_64.xml|  1 +
 .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml  |  1 +
 tests/domaincapsdata/qemu_5.1.0.sparc.xml |  1 +
 tests/domaincapsdata/qemu_5.1.0.x86_64.xml|  1 +
 .../domaincapsdata/qemu_5.2.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_5.2.0-tcg.x86_64.xml  |  1 +
 .../qemu_5.2.0-virt.aarch64.xml   |  1 +
 tests/domaincapsdata/qemu_5.2.0.aarch64.xml   |  1 +
 tests/domaincapsdata/qemu_5.2.0.ppc64.xml |  1 +
 tests/domaincapsdata/qemu_5.2.0.s390x.xml |  1 +
 tests/domaincapsdata/qemu_5.2.0.x86_64.xml|  1 +
 .../domaincapsdata/qemu_6.0.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml  |  1 +
 

[libvirt][PATCH v9 1/5] Get SGX Capabilities from QEMU

[Haibin Huang]

The Qemu QMP provide the command "query-sgx-capabilities"
libvirt call the command to get sgx capabilities

{"execute":"query-sgx-capabilities"}
{"return":
  {"sgx": true, "sgx1": true, "sgx2": false, "section-size": 0, \
   "flc": false}}

Signed-off-by: Haibin Huang 
---
 src/conf/domain_capabilities.c|  10 ++
 src/conf/domain_capabilities.h|  13 ++
 src/libvirt_private.syms  |   1 +
 src/qemu/qemu_capabilities.c  | 143 +-
 src/qemu/qemu_capabilities.h  |   4 +
 src/qemu/qemu_monitor.c   |  10 ++
 src/qemu/qemu_monitor.h   |   3 +
 src/qemu/qemu_monitor_json.c  |  83 ++
 src/qemu/qemu_monitor_json.h  |   3 +
 .../caps_6.2.0.x86_64.replies |  22 ++-
 .../caps_6.2.0.x86_64.xml |   5 +
 11 files changed, 292 insertions(+), 5 deletions(-)

diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c
index 22f0963326..d39be55f6a 100644
--- a/src/conf/domain_capabilities.c
+++ b/src/conf/domain_capabilities.c
@@ -78,6 +78,16 @@ virSEVCapabilitiesFree(virSEVCapability *cap)
 }
 
 
+void
+virSGXCapabilitiesFree(virSGXCapability *cap)
+{
+if (!cap)
+return;
+
+VIR_FREE(cap);
+}
+
+
 static void
 virDomainCapsDispose(void *obj)
 {
diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h
index d44acdcd01..b647ff8107 100644
--- a/src/conf/domain_capabilities.h
+++ b/src/conf/domain_capabilities.h
@@ -172,6 +172,13 @@ struct _virDomainCapsCPU {
 virDomainCapsCPUModels *custom;
 };
 
+typedef struct _virSGXCapability virSGXCapability;
+typedef virSGXCapability *virSGXCapabilityPtr;
+struct _virSGXCapability {
+bool flc;
+unsigned int epc_size;
+};
+
 typedef struct _virSEVCapability virSEVCapability;
 struct _virSEVCapability {
 char *pdh;
@@ -215,6 +222,7 @@ struct _virDomainCaps {
 
 virDomainCapsFeatureGIC gic;
 virSEVCapability *sev;
+virSGXCapability *sgx;
 /* add new domain features here */
 
 virTristateBool features[VIR_DOMAIN_CAPS_FEATURE_LAST];
@@ -262,4 +270,9 @@ char * virDomainCapsFormat(const virDomainCaps *caps);
 void
 virSEVCapabilitiesFree(virSEVCapability *capabilities);
 
+void
+virSGXCapabilitiesFree(virSGXCapability *capabilities);
+
 G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSEVCapability, virSEVCapabilitiesFree);
+
+G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSGXCapability, virSGXCapabilitiesFree);
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index c5d788285e..d90d4ee6e1 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -219,6 +219,7 @@ virDomainCapsEnumSet;
 virDomainCapsFormat;
 virDomainCapsNew;
 virSEVCapabilitiesFree;
+virSGXCapabilitiesFree;
 
 
 # conf/domain_conf.h
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index a607f5ea5f..8ce184ce35 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -651,6 +651,7 @@ VIR_ENUM_IMPL(virQEMUCaps,
   "chardev.json", /* QEMU_CAPS_CHARDEV_JSON */
   "device.json", /* QEMU_CAPS_DEVICE_JSON */
   "query-dirty-rate", /* QEMU_CAPS_QUERY_DIRTY_RATE */
+  "sgx-epc", /* QEMU_CAPS_SGX_EPC */
 );
 
 
@@ -731,11 +732,14 @@ struct _virQEMUCaps {
 
 virSEVCapability *sevCapabilities;
 
+virSGXCapability *sgxCapabilities;
+
 /* Capabilities which may differ depending on the accelerator. */
 virQEMUCapsAccel kvm;
 virQEMUCapsAccel tcg;
 };
 
+
 struct virQEMUCapsSearchData {
 virArch arch;
 const char *binaryFilter;
@@ -1367,6 +1371,7 @@ struct virQEMUCapsStringFlags virQEMUCapsObjectTypes[] = {
 { "virtio-vga-gl", QEMU_CAPS_VIRTIO_VGA_GL },
 { "s390-pv-guest", QEMU_CAPS_S390_PV_GUEST },
 { "virtio-mem-pci", QEMU_CAPS_DEVICE_VIRTIO_MEM_PCI },
+{ "sgx-epc", QEMU_CAPS_SGX_EPC },
 };
 
 
@@ -1918,6 +1923,22 @@ virQEMUCapsSEVInfoCopy(virSEVCapability **dst,
 }
 
 
+static int
+virQEMUCapsSGXInfoCopy(virSGXCapabilityPtr *dst,
+   virSGXCapabilityPtr src)
+{
+g_autoptr(virSGXCapability) tmp = NULL;
+
+tmp = g_new0(virSGXCapability, 1);
+
+tmp->flc = src->flc;
+tmp->epc_size = src->epc_size;
+
+*dst = g_steal_pointer();
+return 0;
+}
+
+
 static void
 virQEMUCapsAccelCopyMachineTypes(virQEMUCapsAccel *dst,
  virQEMUCapsAccel *src)
@@ -1997,6 +2018,11 @@ virQEMUCaps *virQEMUCapsNewCopy(virQEMUCaps *qemuCaps)
qemuCaps->sevCapabilities) < 0)
 return NULL;
 
+if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SGX_EPC) &&
+virQEMUCapsSGXInfoCopy(>sgxCapabilities,
+   qemuCaps->sgxCapabilities) < 0)
+return NULL;
+
 return g_steal_pointer();
 }
 
@@ -2033,6 +2059,7 @@ void virQEMUCapsDispose(void *obj)
 g_free(qemuCaps->gicCapabilities);
 
 

[libvirt][PATCH v9 0/5] Support query and use SGX

[Haibin Huang]

This patch series provides support for enabling Intel's Software Guard
Extensions (SGX) feature in guest VM.
Giving the SGX support in QEMU be accepted and will be merged in two
days Intel SGX is a set of instructions that increases the security
of application code and data, giving them more protection from disclosure
or modification.
Developers can partition sensitive information into enclaves, which are
areas of execution in memory with more security protection.

The typical flow looks below at very high level:

1. Calls virConnectGetDomainCapabilities API to domain capabilities that
includes the following SGX information.


...
  
N
  


2. User requests to start a guest calling virCreateXML() with SGX requirement.
It should contain

 
  ...
  

  N

  
  ...
  

Haibin Huang (2):
  Get SGX Capabilities from QEMU
  Transfer Qemu SGX Capabilities to XML

Lin Yang (3):
  conf: Introduce SGX EPC element into device memory xml
  qemu: Add command-line to generate SGX EPC memory backend
  Add unit tests for guest VM creation command with SGX EPC

 docs/schemas/domaincaps.rng   |  22 ++-
 docs/schemas/domaincommon.rng |   1 +
 src/conf/domain_capabilities.c|  29 
 src/conf/domain_capabilities.h|  13 ++
 src/conf/domain_conf.c|   6 +
 src/conf/domain_conf.h|   1 +
 src/conf/domain_validate.c|   1 +
 src/libvirt_private.syms  |   1 +
 src/qemu/qemu_alias.c |   6 +-
 src/qemu/qemu_capabilities.c  | 143 +-
 src/qemu/qemu_capabilities.h  |   4 +
 src/qemu/qemu_command.c   |  41 -
 src/qemu/qemu_domain.c|  12 +-
 src/qemu/qemu_domain_address.c|   6 +
 src/qemu/qemu_driver.c|   1 +
 src/qemu/qemu_monitor.c   |  10 ++
 src/qemu/qemu_monitor.h   |   3 +
 src/qemu/qemu_monitor_json.c  |  83 ++
 src/qemu/qemu_monitor_json.h  |   3 +
 src/qemu/qemu_process.c   |   2 +
 src/qemu/qemu_validate.c  |   8 +
 src/security/security_apparmor.c  |   1 +
 src/security/security_dac.c   |   2 +
 src/security/security_selinux.c   |   2 +
 tests/domaincapsdata/bhyve_basic.x86_64.xml   |   1 +
 tests/domaincapsdata/bhyve_fbuf.x86_64.xml|   1 +
 tests/domaincapsdata/bhyve_uefi.x86_64.xml|   1 +
 tests/domaincapsdata/empty.xml|   1 +
 tests/domaincapsdata/libxl-xenfv.xml  |   1 +
 tests/domaincapsdata/libxl-xenpv.xml  |   1 +
 .../domaincapsdata/qemu_2.11.0-q35.x86_64.xml |   1 +
 .../domaincapsdata/qemu_2.11.0-tcg.x86_64.xml |   1 +
 tests/domaincapsdata/qemu_2.11.0.s390x.xml|   1 +
 tests/domaincapsdata/qemu_2.11.0.x86_64.xml   |   1 +
 .../domaincapsdata/qemu_2.12.0-q35.x86_64.xml |   1 +
 .../domaincapsdata/qemu_2.12.0-tcg.x86_64.xml |   1 +
 .../qemu_2.12.0-virt.aarch64.xml  |   1 +
 tests/domaincapsdata/qemu_2.12.0.aarch64.xml  |   1 +
 tests/domaincapsdata/qemu_2.12.0.ppc64.xml|   1 +
 tests/domaincapsdata/qemu_2.12.0.s390x.xml|   1 +
 tests/domaincapsdata/qemu_2.12.0.x86_64.xml   |   1 +
 .../domaincapsdata/qemu_2.4.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_2.4.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_2.4.0.x86_64.xml|   1 +
 .../domaincapsdata/qemu_2.5.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_2.5.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_2.5.0.x86_64.xml|   1 +
 .../domaincapsdata/qemu_2.6.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_2.6.0-tcg.x86_64.xml  |   1 +
 .../qemu_2.6.0-virt.aarch64.xml   |   1 +
 tests/domaincapsdata/qemu_2.6.0.aarch64.xml   |   1 +
 tests/domaincapsdata/qemu_2.6.0.ppc64.xml |   1 +
 tests/domaincapsdata/qemu_2.6.0.x86_64.xml|   1 +
 .../domaincapsdata/qemu_2.7.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_2.7.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_2.7.0.s390x.xml |   1 +
 tests/domaincapsdata/qemu_2.7.0.x86_64.xml|   1 +
 .../domaincapsdata/qemu_2.8.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_2.8.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_2.8.0.s390x.xml |   1 +
 tests/domaincapsdata/qemu_2.8.0.x86_64.xml|   1 +
 .../domaincapsdata/qemu_2.9.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_2.9.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_2.9.0.ppc64.xml |   1 +
 tests/domaincapsdata/qemu_2.9.0.s390x.xml |   1 +
 tests/domaincapsdata/qemu_2.9.0.x86_64.xml|   1 +
 .../domaincapsdata/qemu_3.0.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_3.0.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_3.0.0.ppc64.xml |   1 +
 tests/domaincapsdata/qemu_3.0.0.s390x.xml |   1 +
 

Re: [libvirt PATCH 00/17] Bump minimum dnsmasq version

[Laine Stump]

On 12/14/21 2:09 PM, Ján Tomko wrote:

This bumps the minimum dnsmasq version to the point where we do not need
capability probing, reducing it to a version check (which I will be
happy to remove on request).

Unless I missed something, this also means we no longer need to spawn
radvd manually.


The code doesn't lie! If removing the bits that were only true for older 
dnsmasq removed the lines that ran radvd, then it's true. (I recall that 
support for RA was added to dnsmasq fairly soon after the original ipv6 
support was added, and radvd was left in libvirt only because there were 
so many downstreams that still had an older dnsmasq).




Note that DNSMASQ_CAPS_BINDTODEVICE was the indication of a downstream
mitigation of a CVE that should no longer be needed if we have
--bind-dynamic

[...]



  17 files changed, 83 insertions(+), 569 deletions(-)


Nice!!!

After the minor fixes I noted in 03/17 and 08/17

Reviewed-by: Laine Stump 

/me ponders what I should idly suggest be removed next...

Re: [libvirt PATCH 08/17] network: assume DNSMASQ_CAPS_RA_PARAM

[Laine Stump]

On 12/14/21 2:09 PM, Ján Tomko wrote:

Introduced by:


"Introduced by dnsmasq commit:"



commit c4cd95df68b573b63d234ecdb675228657d65353
Author: Simon Kelley 
CommitDate: 2013-10-10 20:58:11 +0100

 Add --ra-param and remove --force-fast-ra

git describe: v2.67rc3-3-gc4cd95d contains: v2.67rc4~12

Signed-off-by: Ján Tomko 
---
  src/network/bridge_driver.c | 6 ++
  1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index dffe4e1574..a4535b1b49 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -1197,10 +1197,8 @@ networkDnsmasqConfContents(virNetworkObj *obj,
  if (def->forward.type == VIR_NETWORK_FORWARD_NONE) {
  virBufferAddLit(, "dhcp-option=3\n"
  "no-resolv\n");
-if (dnsmasqCapsGet(caps, DNSMASQ_CAPS_RA_PARAM)) {
-/* interface=* (any), interval=0 (default), lifetime=0 (seconds) */
-virBufferAddLit(, "ra-param=*,0,0\n");
-}
+/* interface=* (any), interval=0 (default), lifetime=0 (seconds) */
+virBufferAddLit(, "ra-param=*,0,0\n");
  }
  
  if (wantDNS) {

Re: [libvirt PATCH 03/17] util: dnsmasq: mandate at least version 2.67

[Laine Stump]

On 12/14/21 2:09 PM, Ján Tomko wrote:

All the capabilities should be supported in 2.67.
Make this the minimum version, since even the oldest
distros we support have moved on:

Debian 8: 2.72
CentOS 7: 2.76
Ubuntu 18.04: 2.79

Signed-off-by: Ján Tomko 
---
  src/util/virdnsmasq.c | 13 +
  1 file changed, 13 insertions(+)

diff --git a/src/util/virdnsmasq.c b/src/util/virdnsmasq.c
index 90a1ea35b6..efe65174f8 100644
--- a/src/util/virdnsmasq.c
+++ b/src/util/virdnsmasq.c
@@ -49,6 +49,9 @@ VIR_LOG_INIT("util.dnsmasq");
  #define DNSMASQ_HOSTSFILE_SUFFIX "hostsfile"
  #define DNSMASQ_ADDNHOSTSFILE_SUFFIX "addnhosts"
  
+#define DNSMASQ_MIN_MAJOR 2

+#define DNSMASQ_MIN_MINOR 67
+
  static void
  dhcphostFreeContent(dnsmasqDhcpHost *host)
  {
@@ -627,6 +630,16 @@ dnsmasqCapsSetFromBuffer(dnsmasqCaps *caps, const char 
*buf)
  if (virParseVersionString(p, >version, true) < 0)
  goto error;
  
+if (caps->version / 100 < DNSMASQ_MIN_MAJOR ||

+caps->version % 100 < DNSMASQ_MIN_MINOR) {


I think you actually want something like:


 if (caps->version
< DNSMASQ_MIN_MAJOR * 100 + DNSMASQ_MIN_MINOR * 1000)

(or if you wanted to avoid giving this file the knowledge of how version 
numbers are represented internally, you could #define 
DNSMASQ_MIN_VERSION "2.67", then use virParseVersionString() to parse 
that into an unsigned long, and then compare that result. That seems 
like overkill though)




+virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+   _("dnsmasq version >= %u.%u required but %lu.%lu 
found"),
+   DNSMASQ_MIN_MAJOR, DNSMASQ_MIN_MINOR,
+   caps->version / 100,
+   caps->version % 100);
+goto error;
+}
+
  if (strstr(buf, "--bind-dynamic"))
  dnsmasqCapsSet(caps, DNSMASQ_CAPS_BIND_DYNAMIC);
  

Re: [libvirt PATCH 09/17] util: dnsmasq: delete assumed capability flags

[Laine Stump]

On 12/14/21 2:09 PM, Ján Tomko wrote:

Signed-off-by: Ján Tomko 
---
  src/util/virdnsmasq.c | 22 ++
  src/util/virdnsmasq.h |  4 
  2 files changed, 2 insertions(+), 24 deletions(-)

diff --git a/src/util/virdnsmasq.c b/src/util/virdnsmasq.c
index efe65174f8..016d9d64a8 100644
--- a/src/util/virdnsmasq.c
+++ b/src/util/virdnsmasq.c
@@ -640,27 +640,9 @@ dnsmasqCapsSetFromBuffer(dnsmasqCaps *caps, const char 
*buf)
  goto error;
  }
  
-if (strstr(buf, "--bind-dynamic"))

-dnsmasqCapsSet(caps, DNSMASQ_CAPS_BIND_DYNAMIC);
-
-/* if this string is a part of the --version output, dnsmasq
- * has been patched to use SO_BINDTODEVICE when listening,
- * so that it will only accept requests that arrived on the
- * listening interface(s)
- */
-if (strstr(buf, "--bind-interfaces with SO_BINDTODEVICE"))
-dnsmasqCapsSet(caps, DNSMASQ_CAPS_BINDTODEVICE);
-
-if (strstr(buf, "--ra-param"))
-dnsmasqCapsSet(caps, DNSMASQ_CAPS_RA_PARAM);
-
-VIR_INFO("dnsmasq version is %d.%d, --bind-dynamic is %spresent, "
- "SO_BINDTODEVICE is %sin use, --ra-param is %spresent",
+VIR_INFO("dnsmasq version is %d.%d",
   (int)caps->version / 100,
- (int)(caps->version % 100) / 1000,
- dnsmasqCapsGet(caps, DNSMASQ_CAPS_BIND_DYNAMIC) ? "" : "NOT ",
- dnsmasqCapsGet(caps, DNSMASQ_CAPS_BINDTODEVICE) ? "" : "NOT ",
- dnsmasqCapsGet(caps, DNSMASQ_CAPS_RA_PARAM) ? "" : "NOT ");
+ (int)(caps->version % 100) / 1000);


One would hope that nobody is actually looking for these strings in a 
script anywhere :-/ (To clarify - I think it's fine to remove).

[libvirt PATCH 15/17] util: remove dnsmasqCapsGetVersion

[Ján Tomko]

It has no callers anymore.

Signed-off-by: Ján Tomko 
---
 src/libvirt_private.syms | 1 -
 src/util/virdnsmasq.c| 9 -
 src/util/virdnsmasq.h| 1 -
 3 files changed, 11 deletions(-)

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 36f826e2ed..8ed50d1c45 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2123,7 +2123,6 @@ dnsmasqAddDhcpHost;
 dnsmasqAddHost;
 dnsmasqCapsGet;
 dnsmasqCapsGetBinaryPath;
-dnsmasqCapsGetVersion;
 dnsmasqCapsNewFromBinary;
 dnsmasqCapsNewFromBuffer;
 dnsmasqContextFree;
diff --git a/src/util/virdnsmasq.c b/src/util/virdnsmasq.c
index 016d9d64a8..d086647362 100644
--- a/src/util/virdnsmasq.c
+++ b/src/util/virdnsmasq.c
@@ -759,15 +759,6 @@ dnsmasqCapsGetBinaryPath(dnsmasqCaps *caps)
 return caps ? caps->binaryPath : DNSMASQ;
 }
 
-unsigned long
-dnsmasqCapsGetVersion(dnsmasqCaps *caps)
-{
-if (caps)
-return caps->version;
-else
-return 0;
-}
-
 bool
 dnsmasqCapsGet(dnsmasqCaps *caps, dnsmasqCapsFlags flag)
 {
diff --git a/src/util/virdnsmasq.h b/src/util/virdnsmasq.h
index 9aa45c3046..10b512cff4 100644
--- a/src/util/virdnsmasq.h
+++ b/src/util/virdnsmasq.h
@@ -99,6 +99,5 @@ dnsmasqCaps *dnsmasqCapsNewFromBuffer(const char *buf);
 dnsmasqCaps *dnsmasqCapsNewFromBinary(void);
 bool dnsmasqCapsGet(dnsmasqCaps *caps, dnsmasqCapsFlags flag);
 const char *dnsmasqCapsGetBinaryPath(dnsmasqCaps *caps);
-unsigned long dnsmasqCapsGetVersion(dnsmasqCaps *caps);
 char *dnsmasqDhcpHostsToString(dnsmasqDhcpHost *hosts,
unsigned int nhosts);
-- 
2.31.1

[libvirt PATCH 16/17] util: dnsmasq: remove caps completely

[Ján Tomko]

Now that we only check whether the dnsmasq version is new enough,
there is no need for the caps field.

Signed-off-by: Ján Tomko 
---
 src/libvirt_private.syms |  1 -
 src/util/virdnsmasq.c| 17 -
 src/util/virdnsmasq.h|  5 -
 3 files changed, 23 deletions(-)

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 8ed50d1c45..e6639f7644 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2121,7 +2121,6 @@ virIsDevMapperDevice;
 # util/virdnsmasq.h
 dnsmasqAddDhcpHost;
 dnsmasqAddHost;
-dnsmasqCapsGet;
 dnsmasqCapsGetBinaryPath;
 dnsmasqCapsNewFromBinary;
 dnsmasqCapsNewFromBuffer;
diff --git a/src/util/virdnsmasq.c b/src/util/virdnsmasq.c
index d086647362..1edc2d711b 100644
--- a/src/util/virdnsmasq.c
+++ b/src/util/virdnsmasq.c
@@ -578,7 +578,6 @@ struct _dnsmasqCaps {
 char *binaryPath;
 bool noRefresh;
 time_t mtime;
-virBitmap *flags;
 unsigned long version;
 };
 
@@ -589,7 +588,6 @@ dnsmasqCapsDispose(void *obj)
 {
 dnsmasqCaps *caps = obj;
 
-virBitmapFree(caps->flags);
 g_free(caps->binaryPath);
 }
 
@@ -603,13 +601,6 @@ static int dnsmasqCapsOnceInit(void)
 
 VIR_ONCE_GLOBAL_INIT(dnsmasqCaps);
 
-static void
-dnsmasqCapsSet(dnsmasqCaps *caps,
-   dnsmasqCapsFlags flag)
-{
-ignore_value(virBitmapSetBit(caps->flags, flag));
-}
-
 
 #define DNSMASQ_VERSION_STR "Dnsmasq version "
 
@@ -718,7 +709,6 @@ dnsmasqCapsNewEmpty(const char *binaryPath)
 return NULL;
 if (!(caps = virObjectNew(dnsmasqCapsClass)))
 return NULL;
-caps->flags = virBitmapNew(DNSMASQ_CAPS_LAST);
 caps->binaryPath = g_strdup(binaryPath ? binaryPath : DNSMASQ);
 return caps;
 }
@@ -759,13 +749,6 @@ dnsmasqCapsGetBinaryPath(dnsmasqCaps *caps)
 return caps ? caps->binaryPath : DNSMASQ;
 }
 
-bool
-dnsmasqCapsGet(dnsmasqCaps *caps, dnsmasqCapsFlags flag)
-{
-return caps && virBitmapIsBitSet(caps->flags, flag);
-}
-
-
 /** dnsmasqDhcpHostsToString:
  *
  *   Turns a vector of dnsmasqDhcpHost into the string that is ought to be
diff --git a/src/util/virdnsmasq.h b/src/util/virdnsmasq.h
index 10b512cff4..c74cc887f8 100644
--- a/src/util/virdnsmasq.h
+++ b/src/util/virdnsmasq.h
@@ -67,10 +67,6 @@ typedef struct
 dnsmasqAddnHostsfile *addnhostsfile;
 } dnsmasqContext;
 
-typedef enum {
-   DNSMASQ_CAPS_LAST, /* this must always be the last item */
-} dnsmasqCapsFlags;
-
 typedef struct _dnsmasqCaps dnsmasqCaps;
 
 G_DEFINE_AUTOPTR_CLEANUP_FUNC(dnsmasqCaps, virObjectUnref);
@@ -97,7 +93,6 @@ int  dnsmasqReload(pid_t pid);
 
 dnsmasqCaps *dnsmasqCapsNewFromBuffer(const char *buf);
 dnsmasqCaps *dnsmasqCapsNewFromBinary(void);
-bool dnsmasqCapsGet(dnsmasqCaps *caps, dnsmasqCapsFlags flag);
 const char *dnsmasqCapsGetBinaryPath(dnsmasqCaps *caps);
 char *dnsmasqDhcpHostsToString(dnsmasqDhcpHost *hosts,
unsigned int nhosts);
-- 
2.31.1

[libvirt PATCH 14/17] spec: do not require radvd

[Ján Tomko]

Signed-off-by: Ján Tomko 
---
 libvirt.spec.in | 2 --
 1 file changed, 2 deletions(-)

diff --git a/libvirt.spec.in b/libvirt.spec.in
index 32b4243d0a..b37c6e17f3 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -283,7 +283,6 @@ BuildRequires: libnl3-devel
 BuildRequires: libselinux-devel
 BuildRequires: dnsmasq >= 2.41
 BuildRequires: iptables
-BuildRequires: radvd
 BuildRequires: ebtables
 BuildRequires: module-init-tools
 BuildRequires: cyrus-sasl-devel
@@ -464,7 +463,6 @@ Summary: Network driver plugin for the libvirtd daemon
 Requires: libvirt-daemon = %{version}-%{release}
 Requires: libvirt-libs = %{version}-%{release}
 Requires: dnsmasq >= 2.41
-Requires: radvd
 Requires: iptables
 
 %description daemon-driver-network
-- 
2.31.1

[libvirt PATCH 17/17] network: remove unused 'driver' parameter

[Ján Tomko]

Signed-off-by: Ján Tomko 
---
 src/network/bridge_driver.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 39f6ed14e1..23d9ed4226 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -2090,8 +2090,7 @@ networkStartNetworkVirtual(virNetworkDriverState *driver,
 
 
 static int
-networkShutdownNetworkVirtual(virNetworkDriverState *driver G_GNUC_UNUSED,
-  virNetworkObj *obj)
+networkShutdownNetworkVirtual(virNetworkObj *obj)
 {
 virNetworkDef *def = virNetworkObjGetDef(obj);
 pid_t dnsmasqPid;
@@ -2419,7 +2418,7 @@ networkShutdownNetwork(virNetworkDriverState *driver,
 case VIR_NETWORK_FORWARD_NAT:
 case VIR_NETWORK_FORWARD_ROUTE:
 case VIR_NETWORK_FORWARD_OPEN:
-ret = networkShutdownNetworkVirtual(driver, obj);
+ret = networkShutdownNetworkVirtual(obj);
 break;
 
 case VIR_NETWORK_FORWARD_BRIDGE:
-- 
2.31.1

[libvirt PATCH 13/17] build: do not search for radvd binary

[Ján Tomko]

Signed-off-by: Ján Tomko 
---
 meson.build | 1 -
 1 file changed, 1 deletion(-)

diff --git a/meson.build b/meson.build
index cea8bbfa0c..0b7a2a69c1 100644
--- a/meson.build
+++ b/meson.build
@@ -860,7 +860,6 @@ optional_programs = [
   'modprobe',
   'ovs-vsctl',
   'pdwtags',
-  'radvd',
   'rmmod',
   'scrub',
   'tc',
-- 
2.31.1

[libvirt PATCH 10/17] network: remove any code dealing with radvd

[Ján Tomko]

Since dnsmasq supports --ra-param for a long time, this code is now
unused.

Signed-off-by: Ján Tomko 
---
 src/network/bridge_driver.c | 248 +---
 1 file changed, 6 insertions(+), 242 deletions(-)

diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index a4535b1b49..39f6ed14e1 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -371,20 +371,6 @@ networkDnsmasqConfigFileName(virNetworkDriverState *driver,
 }
 
 
-static char *
-networkRadvdPidfileBasename(const char *netname)
-{return g_strdup_printf("%s-radvd", netname);
-}
-
-
-static char *
-networkRadvdConfigFileName(virNetworkDriverState *driver,
-   const char *netname)
-{
-return g_strdup_printf("%s/%s-radvd.conf", driver->radvdStateDir, netname);
-}
-
-
 /* do needed cleanup steps and remove the network from the list */
 static int
 networkRemoveInactive(virNetworkDriverState *driver,
@@ -392,15 +378,13 @@ networkRemoveInactive(virNetworkDriverState *driver,
 {
 g_autofree char *leasefile = NULL;
 g_autofree char *customleasefile = NULL;
-g_autofree char *radvdconfigfile = NULL;
 g_autofree char *configfile = NULL;
-g_autofree char *radvdpidbase = NULL;
 g_autofree char *statusfile = NULL;
 g_autofree char *macMapFile = NULL;
 g_autoptr(dnsmasqContext) dctx = NULL;
 virNetworkDef *def = virNetworkObjGetPersistentDef(obj);
 
-/* remove the (possibly) existing dnsmasq and radvd files */
+/* remove the (possibly) existing dnsmasq files */
 if (!(dctx = dnsmasqContextNew(def->name,
driver->dnsmasqStateDir))) {
 return -1;
@@ -412,12 +396,6 @@ networkRemoveInactive(virNetworkDriverState *driver,
 if (!(customleasefile = networkDnsmasqLeaseFileNameCustom(driver, 
def->bridge)))
 return -1;
 
-if (!(radvdconfigfile = networkRadvdConfigFileName(driver, def->name)))
-return -1;
-
-if (!(radvdpidbase = networkRadvdPidfileBasename(def->name)))
-return -1;
-
 if (!(configfile = networkDnsmasqConfigFileName(driver, def->name)))
 return -1;
 
@@ -436,10 +414,6 @@ networkRemoveInactive(virNetworkDriverState *driver,
 /* MAC map manager */
 unlink(macMapFile);
 
-/* radvd */
-unlink(radvdconfigfile);
-virPidFileDelete(driver->pidDir, radvdpidbase);
-
 /* remove status file */
 unlink(statusfile);
 
@@ -556,26 +530,15 @@ networkUpdateState(virNetworkObj *obj,
 
 virNetworkObjPortForEach(obj, networkUpdatePort, obj);
 
-/* Try and read dnsmasq/radvd pids of active networks */
+/* Try and read dnsmasq pids of active networks */
 if (virNetworkObjIsActive(obj) && def->ips && (def->nips > 0)) {
-pid_t radvdPid;
 pid_t dnsmasqPid;
-g_autofree char *radvdpidbase = NULL;
 
 ignore_value(virPidFileReadIfAlive(driver->pidDir,
def->name,
,

dnsmasqCapsGetBinaryPath(dnsmasq_caps)));
 virNetworkObjSetDnsmasqPid(obj, dnsmasqPid);
-
-radvdpidbase = networkRadvdPidfileBasename(def->name);
-if (!radvdpidbase)
-goto cleanup;
-
-ignore_value(virPidFileReadIfAlive(driver->pidDir,
-   radvdpidbase,
-   , RADVD));
-virNetworkObjSetRadvdPid(obj, radvdPid);
 }
 
 ret = 0;
@@ -690,7 +653,6 @@ networkStateInitialize(bool privileged,
 network_driver->stateDir = g_strdup(RUNSTATEDIR "/libvirt/network");
 network_driver->pidDir = g_strdup(RUNSTATEDIR "/libvirt/network");
 network_driver->dnsmasqStateDir = g_strdup(LOCALSTATEDIR 
"/lib/libvirt/dnsmasq");
-network_driver->radvdStateDir = g_strdup(LOCALSTATEDIR 
"/lib/libvirt/radvd");
 } else {
 configdir = virGetUserConfigDirectory();
 rundir = virGetUserRuntimeDirectory();
@@ -700,7 +662,6 @@ networkStateInitialize(bool privileged,
 network_driver->stateDir = g_strdup_printf("%s/network/lib", rundir);
 network_driver->pidDir = g_strdup_printf("%s/network/run", rundir);
 network_driver->dnsmasqStateDir = g_strdup_printf("%s/dnsmasq/lib", 
rundir);
-network_driver->radvdStateDir = g_strdup_printf("%s/radvd/lib", 
rundir);
 }
 
 if (g_mkdir_with_parents(network_driver->stateDir, 0777) < 0) {
@@ -847,7 +808,6 @@ networkStateCleanup(void)
 g_free(network_driver->stateDir);
 g_free(network_driver->pidDir);
 g_free(network_driver->dnsmasqStateDir);
-g_free(network_driver->radvdStateDir);
 
 virObjectUnref(network_driver->dnsmasqCaps);
 
@@ -1697,170 +1657,6 @@ networkRestartDhcpDaemon(virNetworkDriverState *driver,
 }
 
 
-static char radvd1[] = "  AdvOtherConfigFlag off;\n\n";
-static char radvd2[] = "AdvAutonomous off;\n";
-static char radvd3[] = "

[libvirt PATCH 12/17] conf: remove radvdPid from virNetworkObj

[Ján Tomko]

Signed-off-by: Ján Tomko 
---
 src/conf/virnetworkobj.c | 16 
 src/conf/virnetworkobj.h |  7 ---
 src/libvirt_private.syms |  2 --
 3 files changed, 25 deletions(-)

diff --git a/src/conf/virnetworkobj.c b/src/conf/virnetworkobj.c
index 41c7dcba5c..f18eb35ae2 100644
--- a/src/conf/virnetworkobj.c
+++ b/src/conf/virnetworkobj.c
@@ -43,7 +43,6 @@ struct _virNetworkObj {
 virObjectLockable parent;
 
 pid_t dnsmasqPid;
-pid_t radvdPid;
 bool active;
 bool autostart;
 bool persistent;
@@ -211,21 +210,6 @@ virNetworkObjSetDnsmasqPid(virNetworkObj *obj,
 }
 
 
-pid_t
-virNetworkObjGetRadvdPid(virNetworkObj *obj)
-{
-return obj->radvdPid;
-}
-
-
-void
-virNetworkObjSetRadvdPid(virNetworkObj *obj,
- pid_t radvdPid)
-{
-obj->radvdPid = radvdPid;
-}
-
-
 virBitmap *
 virNetworkObjGetClassIdMap(virNetworkObj *obj)
 {
diff --git a/src/conf/virnetworkobj.h b/src/conf/virnetworkobj.h
index d980e9f38d..fadd277cbd 100644
--- a/src/conf/virnetworkobj.h
+++ b/src/conf/virnetworkobj.h
@@ -66,13 +66,6 @@ void
 virNetworkObjSetDnsmasqPid(virNetworkObj *obj,
pid_t dnsmasqPid);
 
-pid_t
-virNetworkObjGetRadvdPid(virNetworkObj *obj);
-
-void
-virNetworkObjSetRadvdPid(virNetworkObj *obj,
- pid_t radvdPid);
-
 virBitmap *
 virNetworkObjGetClassIdMap(virNetworkObj *obj);
 
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index f5a816b002..36f826e2ed 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1248,7 +1248,6 @@ virNetworkObjGetMacMap;
 virNetworkObjGetNewDef;
 virNetworkObjGetPersistentDef;
 virNetworkObjGetPortStatusDir;
-virNetworkObjGetRadvdPid;
 virNetworkObjIsActive;
 virNetworkObjIsAutostart;
 virNetworkObjIsPersistent;
@@ -1276,7 +1275,6 @@ virNetworkObjSetDefTransient;
 virNetworkObjSetDnsmasqPid;
 virNetworkObjSetFloorSum;
 virNetworkObjSetMacMap;
-virNetworkObjSetRadvdPid;
 virNetworkObjTaint;
 virNetworkObjUnrefMacMap;
 virNetworkObjUnsetDefTransient;
-- 
2.31.1

[libvirt PATCH 11/17] network: driver: remove unused radvdStateDir variable

[Ján Tomko]

Signed-off-by: Ján Tomko 
---
 src/network/bridge_driver_platform.h | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/network/bridge_driver_platform.h 
b/src/network/bridge_driver_platform.h
index 884fa82831..de7cbc1195 100644
--- a/src/network/bridge_driver_platform.h
+++ b/src/network/bridge_driver_platform.h
@@ -46,7 +46,6 @@ struct _virNetworkDriverState {
 char *stateDir;
 char *pidDir;
 char *dnsmasqStateDir;
-char *radvdStateDir;
 
 /* Require lock to get a reference on the object,
  * lockless access thereafter
-- 
2.31.1

[libvirt PATCH 09/17] util: dnsmasq: delete assumed capability flags

[Ján Tomko]

Signed-off-by: Ján Tomko 
---
 src/util/virdnsmasq.c | 22 ++
 src/util/virdnsmasq.h |  4 
 2 files changed, 2 insertions(+), 24 deletions(-)

diff --git a/src/util/virdnsmasq.c b/src/util/virdnsmasq.c
index efe65174f8..016d9d64a8 100644
--- a/src/util/virdnsmasq.c
+++ b/src/util/virdnsmasq.c
@@ -640,27 +640,9 @@ dnsmasqCapsSetFromBuffer(dnsmasqCaps *caps, const char 
*buf)
 goto error;
 }
 
-if (strstr(buf, "--bind-dynamic"))
-dnsmasqCapsSet(caps, DNSMASQ_CAPS_BIND_DYNAMIC);
-
-/* if this string is a part of the --version output, dnsmasq
- * has been patched to use SO_BINDTODEVICE when listening,
- * so that it will only accept requests that arrived on the
- * listening interface(s)
- */
-if (strstr(buf, "--bind-interfaces with SO_BINDTODEVICE"))
-dnsmasqCapsSet(caps, DNSMASQ_CAPS_BINDTODEVICE);
-
-if (strstr(buf, "--ra-param"))
-dnsmasqCapsSet(caps, DNSMASQ_CAPS_RA_PARAM);
-
-VIR_INFO("dnsmasq version is %d.%d, --bind-dynamic is %spresent, "
- "SO_BINDTODEVICE is %sin use, --ra-param is %spresent",
+VIR_INFO("dnsmasq version is %d.%d",
  (int)caps->version / 100,
- (int)(caps->version % 100) / 1000,
- dnsmasqCapsGet(caps, DNSMASQ_CAPS_BIND_DYNAMIC) ? "" : "NOT ",
- dnsmasqCapsGet(caps, DNSMASQ_CAPS_BINDTODEVICE) ? "" : "NOT ",
- dnsmasqCapsGet(caps, DNSMASQ_CAPS_RA_PARAM) ? "" : "NOT ");
+ (int)(caps->version % 100) / 1000);
 return 0;
 
  error:
diff --git a/src/util/virdnsmasq.h b/src/util/virdnsmasq.h
index 9b8aeef226..9aa45c3046 100644
--- a/src/util/virdnsmasq.h
+++ b/src/util/virdnsmasq.h
@@ -68,10 +68,6 @@ typedef struct
 } dnsmasqContext;
 
 typedef enum {
-   DNSMASQ_CAPS_BIND_DYNAMIC = 0, /* support for --bind-dynamic */
-   DNSMASQ_CAPS_BINDTODEVICE = 1, /* uses SO_BINDTODEVICE for 
--bind-interfaces */
-   DNSMASQ_CAPS_RA_PARAM = 2, /* support for --ra-param */
-
DNSMASQ_CAPS_LAST, /* this must always be the last item */
 } dnsmasqCapsFlags;
 
-- 
2.31.1

[libvirt PATCH 08/17] network: assume DNSMASQ_CAPS_RA_PARAM

[Ján Tomko]

Introduced by:
commit c4cd95df68b573b63d234ecdb675228657d65353
Author: Simon Kelley 
CommitDate: 2013-10-10 20:58:11 +0100

Add --ra-param and remove --force-fast-ra

git describe: v2.67rc3-3-gc4cd95d contains: v2.67rc4~12

Signed-off-by: Ján Tomko 
---
 src/network/bridge_driver.c | 6 ++
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index dffe4e1574..a4535b1b49 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -1197,10 +1197,8 @@ networkDnsmasqConfContents(virNetworkObj *obj,
 if (def->forward.type == VIR_NETWORK_FORWARD_NONE) {
 virBufferAddLit(, "dhcp-option=3\n"
 "no-resolv\n");
-if (dnsmasqCapsGet(caps, DNSMASQ_CAPS_RA_PARAM)) {
-/* interface=* (any), interval=0 (default), lifetime=0 (seconds) */
-virBufferAddLit(, "ra-param=*,0,0\n");
-}
+/* interface=* (any), interval=0 (default), lifetime=0 (seconds) */
+virBufferAddLit(, "ra-param=*,0,0\n");
 }
 
 if (wantDNS) {
-- 
2.31.1

[libvirt PATCH 07/17] network: assume DNSMASQ_CAPS_BIND_DYNAMIC

[Ján Tomko]

Introduced by dnsmasq commit:
commit 54dd393f3938fc0c19088fbd319b95e37d81a2b0
CommitDate: 2012-06-20 11:23:38 +0100

Add --bind-dynamic

git describe: v2.63test1 contains: v2.63test1^0

Signed-off-by: Ján Tomko 
---
 src/network/bridge_driver.c | 68 ++---
 1 file changed, 11 insertions(+), 57 deletions(-)

diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index e57731742b..dffe4e1574 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -1062,7 +1062,6 @@ networkDnsmasqConfContents(virNetworkObj *obj,
 size_t i;
 virNetworkDNSDef *dns = >dns;
 bool wantDNS = dns->enable != VIR_TRISTATE_BOOL_NO;
-virNetworkIPDef *tmpipdef;
 virNetworkIPDef *ipdef;
 virNetworkIPDef *ipv4def;
 virNetworkIPDef *ipv6def;
@@ -1173,62 +1172,17 @@ networkDnsmasqConfContents(virNetworkObj *obj,
 virBufferAddLit(, "except-interface=lo0\n");
 #endif
 
-if (dnsmasqCapsGet(caps, DNSMASQ_CAPS_BIND_DYNAMIC)) {
-/* using --bind-dynamic with only --interface (no
- * --listen-address) prevents dnsmasq from responding to dns
- * queries that arrive on some interface other than our bridge
- * interface (in other words, requests originating somewhere
- * other than one of the virtual guests connected directly to
- * this network). This was added in response to CVE 2012-3411.
- */
-virBufferAsprintf(,
-  "bind-dynamic\n"
-  "interface=%s\n",
-  def->bridge);
-} else {
-virBufferAddLit(, "bind-interfaces\n");
-/*
- * --interface does not actually work with dnsmasq < 2.47,
- * due to DAD for ipv6 addresses on the interface.
- *
- * virCommandAddArgList(cmd, "--interface", def->bridge, NULL);
- *
- * So listen on all defined IPv[46] addresses
- */
-for (i = 0;
- (tmpipdef = virNetworkDefGetIPByIndex(def, AF_UNSPEC, i));
- i++) {
-g_autofree char *ipaddr = virSocketAddrFormat(>address);
-
-if (!ipaddr)
-return -1;
-
-/* also part of CVE 2012-3411 - if the host's version of
- * dnsmasq doesn't have bind-dynamic, only allow listening on
- * private/local IP addresses (see RFC1918/RFC3484/RFC4193)
- */
-if (!dnsmasqCapsGet(caps, DNSMASQ_CAPS_BINDTODEVICE) &&
-!virSocketAddrIsPrivate(>address)) {
-unsigned long version = dnsmasqCapsGetVersion(caps);
-
-virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
-   _("Publicly routable address %s is prohibited. "
- "The version of dnsmasq on this host (%d.%d) "
- "doesn't support the bind-dynamic option or "
- "use SO_BINDTODEVICE on listening sockets, "
- "one of which is required for safe operation "
- "on a publicly routable subnet "
- "(see CVE-2012-3411). You must either "
- "upgrade dnsmasq, or use a private/local "
- "subnet range for this network "
- "(as described in RFC1918/RFC3484/RFC4193)."),
-   ipaddr, (int)version / 100,
-   (int)(version % 100) / 1000);
-return -1;
-}
-virBufferAsprintf(, "listen-address=%s\n", ipaddr);
-}
-}
+/* using --bind-dynamic with only --interface (no
+ * --listen-address) prevents dnsmasq from responding to dns
+ * queries that arrive on some interface other than our bridge
+ * interface (in other words, requests originating somewhere
+ * other than one of the virtual guests connected directly to
+ * this network). This was added in response to CVE 2012-3411.
+ */
+virBufferAsprintf(,
+  "bind-dynamic\n"
+  "interface=%s\n",
+  def->bridge);
 
 /* If this is an isolated network, set the default route option
  * (3) to be empty to avoid setting a default route that's
-- 
2.31.1

[libvirt PATCH 06/17] util: remove DNSMASQ_RA_SUPPORT

[Ján Tomko]

Now that the macro is unused, delete it.

Signed-off-by: Ján Tomko 
---
 src/util/virdnsmasq.h | 8 
 1 file changed, 8 deletions(-)

diff --git a/src/util/virdnsmasq.h b/src/util/virdnsmasq.h
index 92c5d4129d..9b8aeef226 100644
--- a/src/util/virdnsmasq.h
+++ b/src/util/virdnsmasq.h
@@ -106,11 +106,3 @@ const char *dnsmasqCapsGetBinaryPath(dnsmasqCaps *caps);
 unsigned long dnsmasqCapsGetVersion(dnsmasqCaps *caps);
 char *dnsmasqDhcpHostsToString(dnsmasqDhcpHost *hosts,
unsigned int nhosts);
-
-#define DNSMASQ_RA_MAJOR_REQD 2
-#define DNSMASQ_RA_MINOR_REQD 64
-
-#define DNSMASQ_RA_SUPPORT(CAPS) \
-(dnsmasqCapsGetVersion(CAPS) >= \
- (DNSMASQ_RA_MAJOR_REQD * 100) + \
- (DNSMASQ_RA_MINOR_REQD * 1000))
-- 
2.31.1

[libvirt PATCH 05/17] network: assume DNSMASQ_RA_SUPPORT

[Ján Tomko]

Delete the code that is only run without the capability.

Signed-off-by: Ján Tomko 
---
 src/network/bridge_driver.c | 134 +---
 1 file changed, 19 insertions(+), 115 deletions(-)

diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 526485e3f9..e57731742b 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -1486,21 +1486,18 @@ networkDnsmasqConfContents(virNetworkObj *obj,
 if (def->mtu > 0)
 virBufferAsprintf(, "dhcp-option=option:mtu,%d\n", def->mtu);
 
-/* Are we doing RA instead of radvd? */
-if (DNSMASQ_RA_SUPPORT(caps)) {
-if (ipv6def) {
-virBufferAddLit(, "enable-ra\n");
-} else {
-for (i = 0;
- (ipdef = virNetworkDefGetIPByIndex(def, AF_INET6, i));
- i++) {
-if (!(ipdef->nranges || ipdef->nhosts)) {
-g_autofree char *bridgeaddr = 
virSocketAddrFormat(>address);
-if (!bridgeaddr)
-return -1;
-virBufferAsprintf(,
-  "dhcp-range=%s,ra-only\n", bridgeaddr);
-}
+if (ipv6def) {
+virBufferAddLit(, "enable-ra\n");
+} else {
+for (i = 0;
+ (ipdef = virNetworkDefGetIPByIndex(def, AF_INET6, i));
+ i++) {
+if (!(ipdef->nranges || ipdef->nhosts)) {
+g_autofree char *bridgeaddr = 
virSocketAddrFormat(>address);
+if (!bridgeaddr)
+return -1;
+virBufferAsprintf(,
+  "dhcp-range=%s,ra-only\n", bridgeaddr);
 }
 }
 }
@@ -1860,84 +1857,11 @@ networkRadvdConfWrite(virNetworkDriverState *driver,
 
 
 static int
-networkStartRadvd(virNetworkDriverState *driver,
+networkStartRadvd(virNetworkDriverState *driver G_GNUC_UNUSED,
   virNetworkObj *obj)
 {
-virNetworkDef *def = virNetworkObjGetDef(obj);
-g_autoptr(dnsmasqCaps) dnsmasq_caps = networkGetDnsmasqCaps(driver);
-pid_t radvdPid;
-g_autofree char *pidfile = NULL;
-g_autofree char *radvdpidbase = NULL;
-g_autofree char *configfile = NULL;
-g_autoptr(virCommand) cmd = NULL;
-
 virNetworkObjSetRadvdPid(obj, -1);
 
-/* Is dnsmasq handling RA? */
-if (DNSMASQ_RA_SUPPORT(dnsmasq_caps))
-return 0;
-
-if (!virNetworkDefGetIPByIndex(def, AF_INET6, 0)) {
-/* no IPv6 addresses, so we don't need to run radvd */
-return 0;
-}
-
-if (!virFileIsExecutable(RADVD)) {
-virReportSystemError(errno,
- _("Cannot find %s - "
-   "Possibly the package isn't installed"),
- RADVD);
-return -1;
-}
-
-if (g_mkdir_with_parents(driver->pidDir, 0777) < 0) {
-virReportSystemError(errno,
- _("cannot create directory %s"),
- driver->pidDir);
-return -1;
-}
-
-if (g_mkdir_with_parents(driver->radvdStateDir, 0777) < 0) {
-virReportSystemError(errno,
- _("cannot create directory %s"),
- driver->radvdStateDir);
-return -1;
-}
-
-/* construct pidfile name */
-if (!(radvdpidbase = networkRadvdPidfileBasename(def->name)))
-return -1;
-
-if (!(pidfile = virPidFileBuildPath(driver->pidDir, radvdpidbase)))
-return -1;
-
-if (networkRadvdConfWrite(driver, obj, ) < 0)
-return -1;
-
-/* prevent radvd from daemonizing itself with "--debug 1", and use
- * a dummy pidfile name - virCommand will create the pidfile we
- * want to use (this is necessary because radvd's internal
- * daemonization and pidfile creation causes a race, and the
- * virPidFileRead() below will fail if we use them).
- * Unfortunately, it isn't possible to tell radvd to not create
- * its own pidfile, so we just let it do so, with a slightly
- * different name. Unused, but harmless.
- */
-cmd = virCommandNewArgList(RADVD, "--debug", "1",
-   "--config", configfile,
-   "--pidfile", NULL);
-virCommandAddArgFormat(cmd, "%s-bin", pidfile);
-
-virCommandSetPidFile(cmd, pidfile);
-virCommandDaemonize(cmd);
-
-if (virCommandRun(cmd, NULL) < 0)
-return -1;
-
-if (virPidFileRead(driver->pidDir, radvdpidbase, ) < 0)
-return -1;
-
-virNetworkObjSetRadvdPid(obj, radvdPid);
 return 0;
 }
 
@@ -1947,36 +1871,16 @@ networkRefreshRadvd(virNetworkDriverState *driver,
 virNetworkObj *obj)
 {
 virNetworkDef *def = virNetworkObjGetDef(obj);
-g_autoptr(dnsmasqCaps) dnsmasq_caps = networkGetDnsmasqCaps(driver);
 g_autofree char *radvdpidbase = NULL;
 g_autofree char *pidfile = NULL;
-pid_t radvdPid;
 

[libvirt PATCH 04/17] network: assume DNSMASQ_DHCPv6_SUPPORT

[Ján Tomko]

Remove the (now unreachable) error message and the macro.

Signed-off-by: Ján Tomko 
---
 src/network/bridge_driver.c | 14 --
 src/util/virdnsmasq.h   |  6 --
 2 files changed, 20 deletions(-)

diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 40dccf2c15..526485e3f9 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -1329,20 +1329,6 @@ networkDnsmasqConfContents(virNetworkObj *obj,
 }
 if (VIR_SOCKET_ADDR_IS_FAMILY(>address, AF_INET6)) {
 if (ipdef->nranges || ipdef->nhosts) {
-if (!DNSMASQ_DHCPv6_SUPPORT(caps)) {
-unsigned long version = dnsmasqCapsGetVersion(caps);
-virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
-   _("The version of dnsmasq on this host "
- "(%d.%d) doesn't adequately support "
- "IPv6 dhcp range or dhcp host "
- "specification. Version %d.%d or later "
- "is required."),
-   (int)version / 100,
-   (int)(version % 100) / 1000,
-   DNSMASQ_DHCPv6_MAJOR_REQD,
-   DNSMASQ_DHCPv6_MINOR_REQD);
-return -1;
-}
 if (ipv6def) {
 virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("For IPv6, multiple DHCP definitions "
diff --git a/src/util/virdnsmasq.h b/src/util/virdnsmasq.h
index ee9839cd25..92c5d4129d 100644
--- a/src/util/virdnsmasq.h
+++ b/src/util/virdnsmasq.h
@@ -107,15 +107,9 @@ unsigned long dnsmasqCapsGetVersion(dnsmasqCaps *caps);
 char *dnsmasqDhcpHostsToString(dnsmasqDhcpHost *hosts,
unsigned int nhosts);
 
-#define DNSMASQ_DHCPv6_MAJOR_REQD 2
-#define DNSMASQ_DHCPv6_MINOR_REQD 64
 #define DNSMASQ_RA_MAJOR_REQD 2
 #define DNSMASQ_RA_MINOR_REQD 64
 
-#define DNSMASQ_DHCPv6_SUPPORT(CAPS) \
-(dnsmasqCapsGetVersion(CAPS) >= \
- (DNSMASQ_DHCPv6_MAJOR_REQD * 100) + \
- (DNSMASQ_DHCPv6_MINOR_REQD * 1000))
 #define DNSMASQ_RA_SUPPORT(CAPS) \
 (dnsmasqCapsGetVersion(CAPS) >= \
  (DNSMASQ_RA_MAJOR_REQD * 100) + \
-- 
2.31.1

[libvirt PATCH 02/17] tests: do not test dnsmasq older than 2.67

[Ján Tomko]

Prepare to retire older versions by droping older tests.

Signed-off-by: Ján Tomko 
---
 .../networkxml2confdata/isolated-network.conf |  5 +--
 .../nat-network-dns-srv-record-minimal.conf   | 10 +++---
 .../nat-network-dns-srv-record.conf   |  2 ++
 .../nat-network-dns-txt-record.conf   |  2 ++
 .../nat-network-name-with-quotes.conf | 10 +++---
 .../networkxml2confdata/netboot-network.conf  |  4 +--
 .../netboot-proxy-network.conf|  4 +--
 tests/networkxml2conftest.c   | 32 ---
 8 files changed, 32 insertions(+), 37 deletions(-)

diff --git a/tests/networkxml2confdata/isolated-network.conf 
b/tests/networkxml2confdata/isolated-network.conf
index 693a83d9a0..ea66bb83e6 100644
--- a/tests/networkxml2confdata/isolated-network.conf
+++ b/tests/networkxml2confdata/isolated-network.conf
@@ -6,10 +6,11 @@
 ## dnsmasq conf file created by libvirt
 strict-order
 except-interface=lo
-bind-interfaces
-listen-address=192.168.152.1
+bind-dynamic
+interface=virbr2
 dhcp-option=3
 no-resolv
+ra-param=*,0,0
 dhcp-range=192.168.152.2,192.168.152.254,255.255.255.0
 dhcp-no-override
 dhcp-authoritative
diff --git a/tests/networkxml2confdata/nat-network-dns-srv-record-minimal.conf 
b/tests/networkxml2confdata/nat-network-dns-srv-record-minimal.conf
index 0b2ca6f5aa..bd560ba3f4 100644
--- a/tests/networkxml2confdata/nat-network-dns-srv-record-minimal.conf
+++ b/tests/networkxml2confdata/nat-network-dns-srv-record-minimal.conf
@@ -6,12 +6,8 @@
 ## dnsmasq conf file created by libvirt
 strict-order
 except-interface=lo
-bind-interfaces
-listen-address=192.168.122.1
-listen-address=192.168.123.1
-listen-address=fc00:db8:ac10:fe01::1
-listen-address=fc00:db8:ac10:fd01::1
-listen-address=10.24.10.1
+bind-dynamic
+interface=virbr0
 srv-host=_name._tcp
 dhcp-range=192.168.122.2,192.168.122.254,255.255.255.0
 dhcp-no-override
@@ -19,3 +15,5 @@ dhcp-authoritative
 dhcp-lease-max=253
 dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile
 addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts
+dhcp-range=fc00:db8:ac10:fe01::1,ra-only
+dhcp-range=fc00:db8:ac10:fd01::1,ra-only
diff --git a/tests/networkxml2confdata/nat-network-dns-srv-record.conf 
b/tests/networkxml2confdata/nat-network-dns-srv-record.conf
index a18c09aaa7..22bf3b1de9 100644
--- a/tests/networkxml2confdata/nat-network-dns-srv-record.conf
+++ b/tests/networkxml2confdata/nat-network-dns-srv-record.conf
@@ -21,3 +21,5 @@ dhcp-authoritative
 dhcp-lease-max=253
 dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile
 addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts
+dhcp-range=2001:db8:ac10:fe01::1,ra-only
+dhcp-range=2001:db8:ac10:fd01::1,ra-only
diff --git a/tests/networkxml2confdata/nat-network-dns-txt-record.conf 
b/tests/networkxml2confdata/nat-network-dns-txt-record.conf
index 735c261c01..d9b981a6e5 100644
--- a/tests/networkxml2confdata/nat-network-dns-txt-record.conf
+++ b/tests/networkxml2confdata/nat-network-dns-txt-record.conf
@@ -15,3 +15,5 @@ dhcp-authoritative
 dhcp-lease-max=253
 dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile
 addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts
+dhcp-range=2001:db8:ac10:fe01::1,ra-only
+dhcp-range=2001:db8:ac10:fd01::1,ra-only
diff --git a/tests/networkxml2confdata/nat-network-name-with-quotes.conf 
b/tests/networkxml2confdata/nat-network-name-with-quotes.conf
index 1b06de3066..5c5ea7b48e 100644
--- a/tests/networkxml2confdata/nat-network-name-with-quotes.conf
+++ b/tests/networkxml2confdata/nat-network-name-with-quotes.conf
@@ -6,12 +6,8 @@
 ## dnsmasq conf file created by libvirt
 strict-order
 except-interface=lo
-bind-interfaces
-listen-address=192.168.122.1
-listen-address=192.168.123.1
-listen-address=fc00:db8:ac10:fe01::1
-listen-address=fc00:db8:ac10:fd01::1
-listen-address=10.24.10.1
+bind-dynamic
+interface=virbr0
 srv-host=_name._tcp
 dhcp-range=192.168.122.2,192.168.122.254,255.255.255.0
 dhcp-no-override
@@ -19,3 +15,5 @@ dhcp-authoritative
 dhcp-lease-max=253
 
dhcp-hostsfile=/var/lib/libvirt/dnsmasq/defaultwithquotes.hostsfile
 
addn-hosts=/var/lib/libvirt/dnsmasq/defaultwithquotes.addnhosts
+dhcp-range=fc00:db8:ac10:fe01::1,ra-only
+dhcp-range=fc00:db8:ac10:fd01::1,ra-only
diff --git a/tests/networkxml2confdata/netboot-network.conf 
b/tests/networkxml2confdata/netboot-network.conf
index 99272b9d68..a13239a54f 100644
--- a/tests/networkxml2confdata/netboot-network.conf
+++ b/tests/networkxml2confdata/netboot-network.conf
@@ -8,8 +8,8 @@ strict-order
 domain=example.com
 expand-hosts
 except-interface=lo
-bind-interfaces
-listen-address=192.168.122.1
+bind-dynamic
+interface=virbr1
 dhcp-range=192.168.122.2,192.168.122.254,255.255.255.0
 dhcp-no-override
 dhcp-authoritative
diff --git a/tests/networkxml2confdata/netboot-proxy-network.conf 
b/tests/networkxml2confdata/netboot-proxy-network.conf
index fb0a20cff4..280da323e2 100644
--- a/tests/networkxml2confdata/netboot-proxy-network.conf
+++ 

[libvirt PATCH 03/17] util: dnsmasq: mandate at least version 2.67

[Ján Tomko]

All the capabilities should be supported in 2.67.
Make this the minimum version, since even the oldest
distros we support have moved on:

Debian 8: 2.72
CentOS 7: 2.76
Ubuntu 18.04: 2.79

Signed-off-by: Ján Tomko 
---
 src/util/virdnsmasq.c | 13 +
 1 file changed, 13 insertions(+)

diff --git a/src/util/virdnsmasq.c b/src/util/virdnsmasq.c
index 90a1ea35b6..efe65174f8 100644
--- a/src/util/virdnsmasq.c
+++ b/src/util/virdnsmasq.c
@@ -49,6 +49,9 @@ VIR_LOG_INIT("util.dnsmasq");
 #define DNSMASQ_HOSTSFILE_SUFFIX "hostsfile"
 #define DNSMASQ_ADDNHOSTSFILE_SUFFIX "addnhosts"
 
+#define DNSMASQ_MIN_MAJOR 2
+#define DNSMASQ_MIN_MINOR 67
+
 static void
 dhcphostFreeContent(dnsmasqDhcpHost *host)
 {
@@ -627,6 +630,16 @@ dnsmasqCapsSetFromBuffer(dnsmasqCaps *caps, const char 
*buf)
 if (virParseVersionString(p, >version, true) < 0)
 goto error;
 
+if (caps->version / 100 < DNSMASQ_MIN_MAJOR ||
+caps->version % 100 < DNSMASQ_MIN_MINOR) {
+virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+   _("dnsmasq version >= %u.%u required but %lu.%lu 
found"),
+   DNSMASQ_MIN_MAJOR, DNSMASQ_MIN_MINOR,
+   caps->version / 100,
+   caps->version % 100);
+goto error;
+}
+
 if (strstr(buf, "--bind-dynamic"))
 dnsmasqCapsSet(caps, DNSMASQ_CAPS_BIND_DYNAMIC);
 
-- 
2.31.1

[libvirt PATCH 01/17] util: dnsmasqCapsSetFromBuffer: use error label

[Ján Tomko]

Rename 'fail' to 'error' to match the prevalent usage.

Signed-off-by: Ján Tomko 
---
 src/util/virdnsmasq.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/util/virdnsmasq.c b/src/util/virdnsmasq.c
index b62e353ceb..90a1ea35b6 100644
--- a/src/util/virdnsmasq.c
+++ b/src/util/virdnsmasq.c
@@ -620,12 +620,12 @@ dnsmasqCapsSetFromBuffer(dnsmasqCaps *caps, const char 
*buf)
 
 p = STRSKIP(buf, DNSMASQ_VERSION_STR);
 if (!p)
-   goto fail;
+   goto error;
 
 virSkipToDigit();
 
 if (virParseVersionString(p, >version, true) < 0)
-goto fail;
+goto error;
 
 if (strstr(buf, "--bind-dynamic"))
 dnsmasqCapsSet(caps, DNSMASQ_CAPS_BIND_DYNAMIC);
@@ -650,7 +650,7 @@ dnsmasqCapsSetFromBuffer(dnsmasqCaps *caps, const char *buf)
  dnsmasqCapsGet(caps, DNSMASQ_CAPS_RA_PARAM) ? "" : "NOT ");
 return 0;
 
- fail:
+ error:
 p = strchr(buf, '\n');
 if (!p)
 len = strlen(buf);
-- 
2.31.1

[libvirt PATCH 00/17] Bump minimum dnsmasq version

[Ján Tomko]

This bumps the minimum dnsmasq version to the point where we do not need
capability probing, reducing it to a version check (which I will be
happy to remove on request).

Unless I missed something, this also means we no longer need to spawn
radvd manually.

Note that DNSMASQ_CAPS_BINDTODEVICE was the indication of a downstream
mitigation of a CVE that should no longer be needed if we have
--bind-dynamic

Ján Tomko (17):
  util: dnsmasqCapsSetFromBuffer: use error label
  tests: do not test dnsmasq older than 2.67
  util: dnsmasq: mandate at least version 2.67
  network: assume DNSMASQ_DHCPv6_SUPPORT
  network: assume DNSMASQ_RA_SUPPORT
  util: remove DNSMASQ_RA_SUPPORT
  network: assume DNSMASQ_CAPS_BIND_DYNAMIC
  network: assume DNSMASQ_CAPS_RA_PARAM
  util: dnsmasq: delete assumed capability flags
  network: remove any code dealing with radvd
  network: driver: remove unused radvdStateDir variable
  conf: remove radvdPid from virNetworkObj
  build: do not search for radvd binary
  spec: do not require radvd
  util: remove dnsmasqCapsGetVersion
  util: dnsmasq: remove caps completely
  network: remove unused 'driver' parameter

 libvirt.spec.in   |   2 -
 meson.build   |   1 -
 src/conf/virnetworkobj.c  |  16 -
 src/conf/virnetworkobj.h  |   7 -
 src/libvirt_private.syms  |   4 -
 src/network/bridge_driver.c   | 459 ++
 src/network/bridge_driver_platform.h  |   1 -
 src/util/virdnsmasq.c |  69 +--
 src/util/virdnsmasq.h |  24 -
 .../networkxml2confdata/isolated-network.conf |   5 +-
 .../nat-network-dns-srv-record-minimal.conf   |  10 +-
 .../nat-network-dns-srv-record.conf   |   2 +
 .../nat-network-dns-txt-record.conf   |   2 +
 .../nat-network-name-with-quotes.conf |  10 +-
 .../networkxml2confdata/netboot-network.conf  |   4 +-
 .../netboot-proxy-network.conf|   4 +-
 tests/networkxml2conftest.c   |  32 +-
 17 files changed, 83 insertions(+), 569 deletions(-)

-- 
2.31.1

Re: [PATCH] rpm: don't start/stop -ro.socket units for virtlockd/virtlogd

[Ján Tomko]

On a Tuesday in 2021, Daniel P. Berrangé wrote:

These daemons do not have any support for unprivileged readonly
access, so we must not reference -ro.socket units in scripts.

Signed-off-by: Daniel P. Berrangé 
---
libvirt.spec.in | 18 +++---
1 file changed, 11 insertions(+), 7 deletions(-)



Reviewed-by: Ján Tomko 

Jano


signature.asc
Description: PGP signature

[libvirt PATCH 2/2] virDomainFeaturesHyperVDefParse: Compare hyperv mode

[Tim Wiederhake]

Previous patch neglected the possibility of different modes for hyperv
(e.g. "custom" and "passthrough").

Fixes: 6e83fafe331dd0b4fb19aa384c3dd36b3af62933
Signed-off-by: Tim Wiederhake 
---
 src/conf/domain_conf.c | 9 +
 1 file changed, 9 insertions(+)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 9a21ac10ce..2d8851fa11 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -21734,6 +21734,15 @@ virDomainDefFeaturesCheckABIStability(virDomainDef 
*src,
 }
 
 /* hyperv */
+if (src->features[VIR_DOMAIN_FEATURE_HYPERV] != 
dst->features[VIR_DOMAIN_FEATURE_HYPERV]) {
+virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+   _("State of HyperV enlightenment mode differs: "
+ "source: '%s', destination: '%s'"),
+   
virDomainHyperVModeTypeToString(src->features[VIR_DOMAIN_FEATURE_HYPERV]),
+   
virDomainHyperVModeTypeToString(dst->features[VIR_DOMAIN_FEATURE_HYPERV]));
+return false;
+}
+
 if (src->features[VIR_DOMAIN_FEATURE_HYPERV] != 
VIR_DOMAIN_HYPERV_MODE_NONE) {
 for (i = 0; i < VIR_DOMAIN_HYPERV_LAST; i++) {
 switch ((virDomainHyperv) i) {
-- 
2.31.1

[libvirt PATCH 1/2] docs: domain: Clarify on the dangers of migrating with hyperv-passthrough enabled

[Tim Wiederhake]

Signed-off-by: Tim Wiederhake 
---
 docs/formatdomain.rst | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 0c5e33c78f..2e9c450606 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -1929,7 +1929,14 @@ are:
   Set exactly the specified features.
 
``passthrough``
-  Enable all features currently supported by the hypervisor.
+  Enable all features currently supported by the hypervisor, even those 
that
+  libvirt does not understand. Migration of a guest using passthrough is
+  dangerous if the source and destination hosts are not identical in both
+  hardware, QEMU version, microcode version and configuration. If such a
+  migration is attempted then the guest may hang or crash upon resuming
+  execution on the destination host. Depending on hypervisor version the
+  virtual CPU may or may not contain features which may block migration
+  even to an identical host.
 
The ``mode`` attribute can be omitted and will default to ``custom``.
 
-- 
2.31.1

[libvirt PATCH 0/2] Addendum to hyperv-passthrough

[Tim Wiederhake]

Spotted by Daniel. Patches were already merged though, hence this addendum.

Tim Wiederhake (2):
  docs: domain: Clarify on the dangers of migrating with
hyperv-passthrough enabled
  virDomainFeaturesHyperVDefParse: Compare hyperv mode

 docs/formatdomain.rst  | 9 -
 src/conf/domain_conf.c | 9 +
 2 files changed, 17 insertions(+), 1 deletion(-)

-- 
2.31.1

[PATCH] rpm: don't start/stop -ro.socket units for virtlockd/virtlogd

[Daniel P . Berrangé]

These daemons do not have any support for unprivileged readonly
access, so we must not reference -ro.socket units in scripts.

Signed-off-by: Daniel P. Berrangé 
---
 libvirt.spec.in | 18 +++---
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/libvirt.spec.in b/libvirt.spec.in
index 97030be407..e672fcc3a5 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1279,14 +1279,18 @@ then \
 fi \
 %libvirt_daemon_finish_restart %1
 
+# For daemons with only UNIX sockets
 %define libvirt_daemon_systemd_post() %systemd_post %1.socket %1-ro.socket 
%1-admin.socket %1.service
-
-%define libvirt_daemon_systemd_post_inet() %systemd_post %1.socket 
%1-ro.socket %1-admin.socket %1-tls.socket %1-tcp.socket %1.service
-
 %define libvirt_daemon_systemd_preun() %systemd_preun %1.service %1-ro.socket 
%1-admin.socket %1.socket
 
+# For daemons with UNIX and INET sockets
+%define libvirt_daemon_systemd_post_inet() %systemd_post %1.socket 
%1-ro.socket %1-admin.socket %1-tls.socket %1-tcp.socket %1.service
 %define libvirt_daemon_systemd_preun_inet() %systemd_preun %1.service 
%1-ro.socket %1-admin.socket %1-tls.socket %1-tcp.socket %1.socket
 
+# For daemons with only UNIX sockets and no unprivileged read-only access
+%define libvirt_daemon_systemd_post_priv() %systemd_post %1.socket 
%1-admin.socket %1.service
+%define libvirt_daemon_systemd_preun_priv() %systemd_preun %1.service 
%1-admin.socket %1.socket
+
 %pre daemon
 # 'libvirt' group is just to allow password-less polkit access to
 # libvirtd. The uid number is irrelevant, so we use dynamic allocation
@@ -1296,8 +1300,8 @@ getent group libvirt >/dev/null || groupadd -r libvirt
 exit 0
 
 %post daemon
-%libvirt_daemon_systemd_post virtlogd
-%libvirt_daemon_systemd_post virtlockd
+%libvirt_daemon_systemd_post_priv virtlogd
+%libvirt_daemon_systemd_post_priv virtlockd
 %if %{with_modular_daemons}
 %libvirt_daemon_systemd_post_inet virtproxyd
 %else
@@ -1313,8 +1317,8 @@ exit 0
 
 %libvirt_daemon_systemd_preun_inet libvirtd
 %libvirt_daemon_systemd_preun_inet virtproxyd
-%libvirt_daemon_systemd_preun virtlogd
-%libvirt_daemon_systemd_preun virtlockd
+%libvirt_daemon_systemd_preun_priv virtlogd
+%libvirt_daemon_systemd_preun_priv virtlockd
 
 %postun daemon
 /bin/systemctl daemon-reload >/dev/null 2>&1 || :
-- 
2.33.1

[libvirt PATCH 2/2] qemu: Drop driver parameter from qemuDomainSetFakeReboot

[Jiri Denemark]

And its callers. The parameter is no longer used since virDomainObjSave
was replaced with qemuDomainSaveStatus wrapper.

Signed-off-by: Jiri Denemark 
---
 src/qemu/qemu_domain.c  |  3 +--
 src/qemu/qemu_domain.h  |  3 +--
 src/qemu/qemu_driver.c  | 14 +++---
 src/qemu/qemu_process.c | 13 ++---
 src/qemu/qemu_process.h |  3 +--
 5 files changed, 16 insertions(+), 20 deletions(-)

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index a8bc1252fa..3f10f9306f 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -7161,8 +7161,7 @@ qemuDomainRemoveInactiveJobLocked(virQEMUDriver *driver,
 
 
 void
-qemuDomainSetFakeReboot(virQEMUDriver *driver G_GNUC_UNUSED,
-virDomainObj *vm,
+qemuDomainSetFakeReboot(virDomainObj *vm,
 bool value)
 {
 qemuDomainObjPrivate *priv = vm->privateData;
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index 5474d1dccc..38c6ffb76b 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -641,8 +641,7 @@ int qemuDomainSnapshotDiscardAllMetadata(virQEMUDriver 
*driver,
 void qemuDomainRemoveInactive(virQEMUDriver *driver,
   virDomainObj *vm);
 
-void qemuDomainSetFakeReboot(virQEMUDriver *driver,
- virDomainObj *vm,
+void qemuDomainSetFakeReboot(virDomainObj *vm,
  bool value);
 
 int qemuDomainCheckDiskStartupPolicy(virQEMUDriver *driver,
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index db2b25adbd..c9a372ce2b 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -1902,7 +1902,7 @@ qemuDomainShutdownFlagsAgent(virQEMUDriver *driver,
 if (!qemuDomainAgentAvailable(vm, reportError))
 goto endjob;
 
-qemuDomainSetFakeReboot(driver, vm, false);
+qemuDomainSetFakeReboot(vm, false);
 agent = qemuDomainObjEnterAgent(vm);
 ret = qemuAgentShutdown(agent, agentFlag);
 qemuDomainObjExitAgent(vm, agent);
@@ -1932,7 +1932,7 @@ qemuDomainShutdownFlagsMonitor(virQEMUDriver *driver,
 goto endjob;
 }
 
-qemuDomainSetFakeReboot(driver, vm, isReboot);
+qemuDomainSetFakeReboot(vm, isReboot);
 qemuDomainObjEnterMonitor(driver, vm);
 ret = qemuMonitorSystemPowerdown(priv->mon);
 qemuDomainObjExitMonitor(driver, vm);
@@ -2031,7 +2031,7 @@ qemuDomainRebootAgent(virQEMUDriver *driver,
 if (virDomainObjCheckActive(vm) < 0)
 goto endjob;
 
-qemuDomainSetFakeReboot(driver, vm, false);
+qemuDomainSetFakeReboot(vm, false);
 agent = qemuDomainObjEnterAgent(vm);
 ret = qemuAgentShutdown(agent, agentFlag);
 qemuDomainObjExitAgent(vm, agent);
@@ -2057,7 +2057,7 @@ qemuDomainRebootMonitor(virQEMUDriver *driver,
 if (virDomainObjCheckActive(vm) < 0)
 goto endjob;
 
-qemuDomainSetFakeReboot(driver, vm, isReboot);
+qemuDomainSetFakeReboot(vm, isReboot);
 qemuDomainObjEnterMonitor(driver, vm);
 ret = qemuMonitorSystemPowerdown(priv->mon);
 qemuDomainObjExitMonitor(driver, vm);
@@ -2213,7 +2213,7 @@ qemuDomainDestroyFlags(virDomainPtr dom,
 goto endjob;
 }
 
-qemuDomainSetFakeReboot(driver, vm, false);
+qemuDomainSetFakeReboot(vm, false);
 
 if (priv->job.asyncJob == QEMU_ASYNC_JOB_MIGRATION_IN)
 stopFlags |= VIR_QEMU_PROCESS_STOP_MIGRATED;
@@ -3613,8 +3613,8 @@ processGuestPanicEvent(virQEMUDriver *driver,
 G_GNUC_FALLTHROUGH;
 
 case VIR_DOMAIN_LIFECYCLE_ACTION_RESTART:
-qemuDomainSetFakeReboot(driver, vm, true);
-qemuProcessShutdownOrReboot(driver, vm);
+qemuDomainSetFakeReboot(vm, true);
+qemuProcessShutdownOrReboot(vm);
 break;
 
 case VIR_DOMAIN_LIFECYCLE_ACTION_PRESERVE:
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 8bd7bf8155..de1146251d 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -498,7 +498,7 @@ qemuProcessFakeReboot(void *opaque)
 
  cleanup:
 priv->pausedShutdown = false;
-qemuDomainSetFakeReboot(driver, vm, false);
+qemuDomainSetFakeReboot(vm, false);
 if (ret == -1)
 ignore_value(qemuProcessKill(vm, VIR_QEMU_PROCESS_KILL_FORCE));
 virDomainObjEndAPI();
@@ -506,8 +506,7 @@ qemuProcessFakeReboot(void *opaque)
 
 
 void
-qemuProcessShutdownOrReboot(virQEMUDriver *driver,
-virDomainObj *vm)
+qemuProcessShutdownOrReboot(virDomainObj *vm)
 {
 qemuDomainObjPrivate *priv = vm->privateData;
 
@@ -526,7 +525,7 @@ qemuProcessShutdownOrReboot(virQEMUDriver *driver,
 VIR_ERROR(_("Failed to create reboot thread, killing domain"));
 ignore_value(qemuProcessKill(vm, VIR_QEMU_PROCESS_KILL_NOWAIT));
 priv->pausedShutdown = false;
-qemuDomainSetFakeReboot(driver, vm, false);
+qemuDomainSetFakeReboot(vm, false);
 virObjectUnref(vm);
 }
 } else {
@@ -622,7 +621,7 @@ 

[libvirt PATCH 1/2] qemu: Use qemuDomainSaveStatus

[Jiri Denemark]

It is a nice wrapper around virDomainObjSave which logs a warning, but
otherwise ignores the error. Let's use it where appropriate.

Signed-off-by: Jiri Denemark 
---
 src/qemu/qemu_domain.c| 11 ++---
 src/qemu/qemu_migration.c |  9 +
 src/qemu/qemu_process.c   | 85 +++
 src/qemu/qemu_saveimage.c |  6 +--
 4 files changed, 20 insertions(+), 91 deletions(-)

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 5607d6f581..a8bc1252fa 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -6324,10 +6324,8 @@ void qemuDomainObjTaint(virQEMUDriver *driver,
 virDomainTaintFlags taint,
 qemuDomainLogContext *logCtxt)
 {
-g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
-
 qemuDomainObjTaintMsg(driver, obj, taint, logCtxt, NULL);
-ignore_value(virDomainObjSave(obj, driver->xmlopt, cfg->stateDir));
+qemuDomainSaveStatus(obj);
 }
 
 void qemuDomainObjTaintMsg(virQEMUDriver *driver,
@@ -7163,20 +7161,17 @@ qemuDomainRemoveInactiveJobLocked(virQEMUDriver *driver,
 
 
 void
-qemuDomainSetFakeReboot(virQEMUDriver *driver,
+qemuDomainSetFakeReboot(virQEMUDriver *driver G_GNUC_UNUSED,
 virDomainObj *vm,
 bool value)
 {
 qemuDomainObjPrivate *priv = vm->privateData;
-g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
 
 if (priv->fakeReboot == value)
 return;
 
 priv->fakeReboot = value;
-
-if (virDomainObjSave(vm, driver->xmlopt, cfg->stateDir) < 0)
-VIR_WARN("Failed to save status on vm %s", vm->def->name);
+qemuDomainSaveStatus(vm);
 }
 
 static void
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index e32c5865f9..b9d7d582f5 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -3383,7 +3383,6 @@ qemuMigrationSrcConfirmPhase(virQEMUDriver *driver,
 {
 g_autoptr(qemuMigrationCookie) mig = NULL;
 virObjectEvent *event;
-g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
 qemuDomainObjPrivate *priv = vm->privateData;
 qemuDomainJobPrivate *jobPriv = priv->job.privateData;
 qemuDomainJobInfo *jobInfo = NULL;
@@ -3473,8 +3472,7 @@ qemuMigrationSrcConfirmPhase(virQEMUDriver *driver,
 qemuMigrationParamsReset(driver, vm, QEMU_ASYNC_JOB_MIGRATION_OUT,
  jobPriv->migParams, priv->job.apiFlags);
 
-if (virDomainObjSave(vm, driver->xmlopt, cfg->stateDir) < 0)
-VIR_WARN("Failed to save status on vm %s", vm->def->name);
+qemuDomainSaveStatus(vm);
 }
 
 return 0;
@@ -5627,7 +5625,6 @@ qemuMigrationDstFinish(virQEMUDriver *driver,
 int cookie_flags = 0;
 qemuDomainObjPrivate *priv = vm->privateData;
 qemuDomainJobPrivate *jobPriv = priv->job.privateData;
-g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
 unsigned short port;
 unsigned long long timeReceived = 0;
 virObjectEvent *event;
@@ -5834,9 +5831,7 @@ qemuMigrationDstFinish(virQEMUDriver *driver,
 virObjectEventStateQueue(driver->domainEventState, event);
 }
 
-if (virDomainObjIsActive(vm) &&
-virDomainObjSave(vm, driver->xmlopt, cfg->stateDir) < 0)
-VIR_WARN("Failed to save status on vm %s", vm->def->name);
+qemuDomainSaveStatus(vm);
 
 /* Guest is successfully running, so cancel previous auto destroy */
 qemuProcessAutoDestroyRemove(driver, vm);
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 82d0af5549..8bd7bf8155 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -414,7 +414,6 @@ qemuProcessHandleReset(qemuMonitor *mon G_GNUC_UNUSED,
 virQEMUDriver *driver = opaque;
 virObjectEvent *event = NULL;
 qemuDomainObjPrivate *priv;
-g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
 virDomainState state;
 int reason;
 
@@ -435,8 +434,7 @@ qemuProcessHandleReset(qemuMonitor *mon G_GNUC_UNUSED,
 if (priv->agent)
 qemuAgentNotifyEvent(priv->agent, QEMU_AGENT_EVENT_RESET);
 
-if (virDomainObjSave(vm, driver->xmlopt, cfg->stateDir) < 0)
-VIR_WARN("Failed to save status on vm %s", vm->def->name);
+qemuDomainSaveStatus(vm);
 
  unlock:
 virObjectUnlock(vm);
@@ -458,7 +456,6 @@ qemuProcessFakeReboot(void *opaque)
 virDomainObj *vm = opaque;
 qemuDomainObjPrivate *priv = vm->privateData;
 virQEMUDriver *driver = priv->driver;
-g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
 virDomainRunningReason reason = VIR_DOMAIN_RUNNING_BOOTED;
 int ret = -1, rc;
 
@@ -493,11 +490,7 @@ qemuProcessFakeReboot(void *opaque)
 goto endjob;
 }
 
-if (virDomainObjSave(vm, driver->xmlopt, cfg->stateDir) < 0) {
-VIR_WARN("Unable to save status on vm %s after state change",
- vm->def->name);
-}
-
+

[libvirt PATCH 0/2] qemu: Use qemuDomainSaveStatus

[Jiri Denemark]

Jiri Denemark (2):
  qemu: Use qemuDomainSaveStatus
  qemu: Drop driver parameter from qemuDomainSetFakeReboot

 src/qemu/qemu_domain.c| 12 ++---
 src/qemu/qemu_domain.h|  3 +-
 src/qemu/qemu_driver.c| 14 +++---
 src/qemu/qemu_migration.c |  9 +---
 src/qemu/qemu_process.c   | 98 ---
 src/qemu/qemu_process.h   |  3 +-
 src/qemu/qemu_saveimage.c |  6 +--
 7 files changed, 35 insertions(+), 110 deletions(-)

-- 
2.34.1

Re: [PATCH] rpm: fix typo in daemon name in %post/%preun scripts

[Jiri Denemark]

On Tue, Dec 14, 2021 at 16:17:32 +, Daniel P. Berrangé wrote:
> Signed-off-by: Daniel P. Berrangé 
> ---
>  libvirt.spec.in | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/libvirt.spec.in b/libvirt.spec.in
> index 32b4243d0a..97030be407 100644
> --- a/libvirt.spec.in
> +++ b/libvirt.spec.in
> @@ -1297,7 +1297,7 @@ exit 0
>  
>  %post daemon
>  %libvirt_daemon_systemd_post virtlogd
> -%libvirt_daemon_systemd_post virtlockdd
> +%libvirt_daemon_systemd_post virtlockd
>  %if %{with_modular_daemons}
>  %libvirt_daemon_systemd_post_inet virtproxyd
>  %else
> @@ -1314,7 +1314,7 @@ exit 0
>  %libvirt_daemon_systemd_preun_inet libvirtd
>  %libvirt_daemon_systemd_preun_inet virtproxyd
>  %libvirt_daemon_systemd_preun virtlogd
> -%libvirt_daemon_systemd_preun virtlockdd
> +%libvirt_daemon_systemd_preun virtlockd
>  
>  %postun daemon
>  /bin/systemctl daemon-reload >/dev/null 2>&1 || :

Reviewed-by: Jiri Denemark 

[PATCH] rpm: fix typo in daemon name in %post/%preun scripts

[Daniel P . Berrangé]

Signed-off-by: Daniel P. Berrangé 
---
 libvirt.spec.in | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libvirt.spec.in b/libvirt.spec.in
index 32b4243d0a..97030be407 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1297,7 +1297,7 @@ exit 0
 
 %post daemon
 %libvirt_daemon_systemd_post virtlogd
-%libvirt_daemon_systemd_post virtlockdd
+%libvirt_daemon_systemd_post virtlockd
 %if %{with_modular_daemons}
 %libvirt_daemon_systemd_post_inet virtproxyd
 %else
@@ -1314,7 +1314,7 @@ exit 0
 %libvirt_daemon_systemd_preun_inet libvirtd
 %libvirt_daemon_systemd_preun_inet virtproxyd
 %libvirt_daemon_systemd_preun virtlogd
-%libvirt_daemon_systemd_preun virtlockdd
+%libvirt_daemon_systemd_preun virtlockd
 
 %postun daemon
 /bin/systemctl daemon-reload >/dev/null 2>&1 || :
-- 
2.33.1

[libvirt PATCH v4 2/3] qemu: probe for sev-guest.kernel-hashes property

[Daniel P . Berrangé]

This sev-guest object property indicates whether QEMU should
expose the kernel, ramdisk, cmdline hashes to the firmware
for measurement.

The 6.2.0 capabilities are selectively refreshed to pull in
the kernel-hashes parameter to the schema.

Signed-off-by: Daniel P. Berrangé 
---
 src/qemu/qemu_capabilities.c | 2 ++
 src/qemu/qemu_capabilities.h | 1 +
 tests/qemucapabilitiesdata/caps_6.2.0.x86_64.replies | 5 +
 tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml | 1 +
 4 files changed, 9 insertions(+)

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index ddd61ecfc9..c1b06998af 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -652,6 +652,7 @@ VIR_ENUM_IMPL(virQEMUCaps,
   "device.json", /* QEMU_CAPS_DEVICE_JSON */
   "query-dirty-rate", /* QEMU_CAPS_QUERY_DIRTY_RATE */
   "rbd-encryption", /* QEMU_CAPS_RBD_ENCRYPTION */
+  "sev-guest-kernel-hashes", /* QEMU_CAPS_SEV_GUEST_KERNEL_HASHES 
*/
 );
 
 
@@ -1571,6 +1572,7 @@ static struct virQEMUCapsStringFlags 
virQEMUCapsQMPSchemaQueries[] = {
 { "query-named-block-nodes/arg-type/flat", 
QEMU_CAPS_QMP_QUERY_NAMED_BLOCK_NODES_FLAT },
 { "screendump/arg-type/device", QEMU_CAPS_SCREENDUMP_DEVICE },
 { "set-numa-node/arg-type/+hmat-lb", QEMU_CAPS_NUMA_HMAT },
+{ "object-add/arg-type/+sev-guest/kernel-hashes", 
QEMU_CAPS_SEV_GUEST_KERNEL_HASHES },
 };
 
 typedef struct _virQEMUCapsObjectTypeProps virQEMUCapsObjectTypeProps;
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 716e09123c..aaac20a834 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -631,6 +631,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for 
syntax-check */
 QEMU_CAPS_DEVICE_JSON, /* -device accepts JSON */
 QEMU_CAPS_QUERY_DIRTY_RATE, /* accepts query-dirty-rate */
 QEMU_CAPS_RBD_ENCRYPTION, /* Ceph RBD encryption support */
+QEMU_CAPS_SEV_GUEST_KERNEL_HASHES, /* sev-guest.kernel-hashes= */
 
 QEMU_CAPS_LAST /* this must always be the last item */
 } virQEMUCapsFlags;
diff --git a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.replies 
b/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.replies
index 69d3b1b12a..9de8e3bd66 100644
--- a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.replies
+++ b/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.replies
@@ -13315,6 +13315,11 @@
 {
   "name": "reduced-phys-bits",
   "type": "int"
+},
+{
+  "name": "kernel-hashes",
+  "default": null,
+  "type": "bool"
 }
   ],
   "meta-type": "object"
diff --git a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml 
b/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml
index 39179916c5..5aa65679ee 100644
--- a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml
@@ -240,6 +240,7 @@
   
   
   
+  
   6001050
   0
   43100244
-- 
2.33.1

[libvirt PATCH v4 3/3] qemu: format sev-guest.kernel-hashes property

[Daniel P . Berrangé]

Set the kernel-hashes property on the sev-guest object if the config
asked for it explicitly. While QEMU machine types currently default to
having this setting off, it is not guaranteed to remain this way.

We can't assume that the QEMU capabilities were generated on an AMD host
with SEV, so we must force set the QEMU_CAPS_SEV_GUEST. This also means
that the 'sev' info in the qemuCaps struct might be NULL, but this is
harmless from POV of testing the CLI generator.

Signed-off-by: Daniel P. Berrangé 
---
 src/qemu/qemu_capabilities.c  |  5 +++
 src/qemu/qemu_command.c   |  1 +
 src/qemu/qemu_validate.c  |  7 
 ...nch-security-sev-direct.x86_64-latest.args | 40 +++
 .../launch-security-sev-direct.xml| 39 ++
 tests/qemuxml2argvtest.c  |  5 +++
 tests/testutilsqemu.c | 15 ---
 7 files changed, 107 insertions(+), 5 deletions(-)
 create mode 100644 
tests/qemuxml2argvdata/launch-security-sev-direct.x86_64-latest.args
 create mode 100644 tests/qemuxml2argvdata/launch-security-sev-direct.xml

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index c1b06998af..4f63322a9e 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -1892,6 +1892,11 @@ virQEMUCapsSEVInfoCopy(virSEVCapability **dst,
 {
 g_autoptr(virSEVCapability) tmp = NULL;
 
+if (!src) {
+*dst = NULL;
+return 0;
+}
+
 tmp = g_new0(virSEVCapability, 1);
 
 tmp->pdh = g_strdup(src->pdh);
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 6d00105b24..4d5f7934cb 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -9928,6 +9928,7 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virCommand *cmd,
  "u:policy", sev->policy,
  "S:dh-cert-file", dhpath,
  "S:session-file", sessionpath,
+ "T:kernel-hashes", sev->kernel_hashes,
  NULL) < 0)
 return -1;
 
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index f9a195e991..c1924eb2ad 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -1217,6 +1217,13 @@ qemuValidateDomainDef(const virDomainDef *def,
  "this QEMU binary"));
 return -1;
 }
+
+if (def->sec->data.sev.kernel_hashes != VIR_TRISTATE_BOOL_ABSENT &&
+!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST_KERNEL_HASHES)) {
+virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+   _("SEV measured direct kernel boot is not 
supported with this QEMU binary"));
+return -1;
+}
 break;
 case VIR_DOMAIN_LAUNCH_SECURITY_PV:
 if (!virQEMUCapsGet(qemuCaps, 
QEMU_CAPS_MACHINE_CONFIDENTAL_GUEST_SUPPORT) ||
diff --git 
a/tests/qemuxml2argvdata/launch-security-sev-direct.x86_64-latest.args 
b/tests/qemuxml2argvdata/launch-security-sev-direct.x86_64-latest.args
new file mode 100644
index 00..dac312e301
--- /dev/null
+++ b/tests/qemuxml2argvdata/launch-security-sev-direct.x86_64-latest.args
@@ -0,0 +1,40 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/tmp/lib/domain--1-QEMUGuest1 \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \
+XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \
+XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=QEMUGuest1,debug-threads=on \
+-S \
+-object 
'{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}'
 \
+-machine 
pc,usb=off,dump-guest-core=off,confidential-guest-support=lsec0,memory-backend=pc.ram
 \
+-accel kvm \
+-cpu qemu64 \
+-m 214 \
+-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":224395264}' \
+-overcommit mem-lock=off \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-no-acpi \
+-boot strict=on \
+-kernel /vmlinuz \
+-initrd /initrd \
+-append runme \
+-device 
'{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}' \
+-blockdev 
'{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}'
 \
+-blockdev 
'{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}'
 \
+-device 
'{"driver":"ide-hd","bus":"ide.0","unit":0,"drive":"libvirt-1-format","id":"ide0-0-0","bootindex":1}'
 \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-object 

[libvirt PATCH v4 1/3] conf: add support for setting SEV kernel hashes

[Daniel P . Berrangé]

Normally the SEV measurement only covers the firmware
loader contents. When doing a direct kernel boot, however,
with new enough OVMF it is possible to ask for the
measurement to cover the kernel, ramdisk and command line.

It can't be done automatically as that would break existing
guests using direct kernel boot with old firmware, so there
is a new XML setting allowing this behaviour to be toggled.

Reviewed-by: Peter Krempa 
Signed-off-by: Daniel P. Berrangé 
---
 docs/formatdomain.rst | 7 ++-
 docs/schemas/domaincommon.rng | 5 +
 src/conf/domain_conf.c| 8 
 src/conf/domain_conf.h| 1 +
 4 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 0c5e33c78f..9d064a4af2 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -8215,7 +8215,7 @@ spec 
`__
 

  ...
- 
+ 
0x0001
47
1
@@ -8225,6 +8225,11 @@ spec 
`__
  ...

 
+``kernelHashes``
+   The optional ``kernelHashes`` attribute indicates whether the
+   hashes of the kernel, ramdisk and command line should be included
+   in the measurement done by the firmware. This is only valid if
+   using direct kernel boot. :since:`Since 8.0.0`
 ``cbitpos``
The required ``cbitpos`` element provides the C-bit (aka encryption bit)
location in guest page table entry. The value of ``cbitpos`` is hypervisor
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index ce5018f798..7fa5c2b8b5 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -499,6 +499,11 @@
 
   sev
 
+
+  
+
+  
+
 
   
 
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 9a21ac10ce..bd372190df 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -14804,6 +14804,10 @@ virDomainSEVDefParseXML(virDomainSEVDef *def,
 unsigned long policy;
 int rc;
 
+if (virXMLPropTristateBool(ctxt->node, "kernelHashes", VIR_XML_PROP_NONE,
+   >kernel_hashes) < 0)
+return -1;
+
 if (virXPathULongHex("string(./policy)", ctxt, ) < 0) {
 virReportError(VIR_ERR_XML_ERROR, "%s",
_("failed to get launch security policy"));
@@ -27133,6 +27137,10 @@ virDomainSecDefFormat(virBuffer *buf, virDomainSecDef 
*sec)
 case VIR_DOMAIN_LAUNCH_SECURITY_SEV: {
 virDomainSEVDef *sev = >data.sev;
 
+if (sev->kernel_hashes != VIR_TRISTATE_BOOL_ABSENT)
+virBufferAsprintf(, " kernelHashes='%s'",
+  virTristateBoolTypeToString(sev->kernel_hashes));
+
 if (sev->haveCbitpos)
 virBufferAsprintf(, "%d\n", 
sev->cbitpos);
 
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index afabcd1b4d..144ba4dd12 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2714,6 +2714,7 @@ struct _virDomainSEVDef {
 unsigned int cbitpos;
 bool haveReducedPhysBits;
 unsigned int reduced_phys_bits;
+virTristateBool kernel_hashes;
 };
 
 struct _virDomainSecDef {
-- 
2.33.1

[libvirt PATCH v4 0/3] Support SEV direct kernel boot

[Daniel P . Berrangé]

This is the left over pieces from the rest fo the previous SEV
series. In this version I've changed the way we probe for
capabilities and also changed the way we set the capabilities
in the test suite so we don't rely on them being generated on
an AMD SEV host.

Daniel P. Berrangé (3):
  conf: add support for setting SEV kernel hashes
  qemu: probe for sev-guest.kernel-hashes property
  qemu: format sev-guest.kernel-hashes property

 docs/formatdomain.rst |  7 +++-
 docs/schemas/domaincommon.rng |  5 +++
 src/conf/domain_conf.c|  8 
 src/conf/domain_conf.h|  1 +
 src/qemu/qemu_capabilities.c  |  7 
 src/qemu/qemu_capabilities.h  |  1 +
 src/qemu/qemu_command.c   |  1 +
 src/qemu/qemu_validate.c  |  7 
 .../caps_6.2.0.x86_64.replies |  5 +++
 .../caps_6.2.0.x86_64.xml |  1 +
 ...nch-security-sev-direct.x86_64-latest.args | 40 +++
 .../launch-security-sev-direct.xml| 39 ++
 tests/qemuxml2argvtest.c  |  5 +++
 tests/testutilsqemu.c | 15 ---
 14 files changed, 136 insertions(+), 6 deletions(-)
 create mode 100644 
tests/qemuxml2argvdata/launch-security-sev-direct.x86_64-latest.args
 create mode 100644 tests/qemuxml2argvdata/launch-security-sev-direct.xml

-- 
2.33.1

Re: [libvirt PATCH 04/10] virDomainFeaturesHyperVDefParse: Read attribute "mode" of element "hyperv"

[Daniel P . Berrangé]

On Fri, Nov 26, 2021 at 03:34:56PM +0100, Tim Wiederhake wrote:
> Currently, this attribute may either have a value of "custom", or be absent
> (which defaults to "custom"), for backwards compatibility.
> 
> Signed-off-by: Tim Wiederhake 
> ---
>  src/conf/domain_conf.c   | 11 +--
>  src/qemu/qemu_command.c  |  2 +-
>  src/qemu/qemu_validate.c |  2 +-
>  3 files changed, 11 insertions(+), 4 deletions(-)
> 
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index 74d86a346a..0ea00955c5 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -17453,7 +17453,14 @@ static int
>  virDomainFeaturesHyperVDefParse(virDomainDef *def,
>  xmlNodePtr node)
>  {
> -def->features[VIR_DOMAIN_FEATURE_HYPERV] = VIR_TRISTATE_SWITCH_ON;
> +virDomainHyperVMode mode;
> +
> +if (virXMLPropEnumDefault(node, "mode", 
> virDomainHyperVModeTypeFromString,
> +  VIR_XML_PROP_NONZERO, ,
> +  VIR_DOMAIN_HYPERV_MODE_CUSTOM) < 0)
> +return -1;
> +
> +def->features[VIR_DOMAIN_FEATURE_HYPERV] = mode;
>  
>  node = xmlFirstElementChild(node);
>  while (node != NULL) {
> @@ -21703,7 +21710,7 @@ virDomainDefFeaturesCheckABIStability(virDomainDef 
> *src,
>  }
>  
>  /* hyperv */
> -if (src->features[VIR_DOMAIN_FEATURE_HYPERV] == VIR_TRISTATE_SWITCH_ON) {
> +if (src->features[VIR_DOMAIN_FEATURE_HYPERV] != 
> VIR_DOMAIN_HYPERV_MODE_NONE) {
>  for (i = 0; i < VIR_DOMAIN_HYPERV_LAST; i++) {
>  switch ((virDomainHyperv) i) {
>  case VIR_DOMAIN_HYPERV_RELAXED:

This change is not right. It is silently allowing the mode to be
changed, which certainly affects ABI stability. It needs to
validate src->features[VIR_DOMAIN_FEATURE_HYPERV] ==
dst->features[VIR_DOMAIN_FEATURE_HYPERV]


Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [libvirt PATCH 10/10] docs: domain: Add documentation for hyperv passthrough mode

[Daniel P . Berrangé]

On Fri, Nov 26, 2021 at 03:35:02PM +0100, Tim Wiederhake wrote:
> Signed-off-by: Tim Wiederhake 
> ---
>  docs/formatdomain.rst | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
> index 95ef2e0d05..ec944f89db 100644
> --- a/docs/formatdomain.rst
> +++ b/docs/formatdomain.rst
> @@ -1924,6 +1924,9 @@ are:
> ``custom``
>Set exactly the specified features.
>  
> +   ``passthrough``
> +  Enable all features currently supported by the hypervisor.

This needs to note that this is not migration safe, similar
to how 'host-passthrough' CPU is not migration safe.  If you
don't migrate to a homogeneous host, your VM is likely to
break without warning.

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

[PATCH v4 0/3] remove sysconfig files

[Olaf Hering]

rebased to 359e9f5cf4526eff630d803f68df9733abaef419

Olaf Hering (3):
  libvirt.spec: relocate pre script of daemon-driver-qemu
  remove sysconfig files
  NEWS: mention removal of sysconfig

 NEWS.rst| 10 +++
 docs/daemons.rst| 20 +
 docs/remote.html.in |  6 +-
 libvirt.spec.in | 99 +
 src/ch/meson.build  |  5 --
 src/ch/virtchd.service.in   |  1 +
 src/ch/virtchd.sysconf  |  3 -
 src/interface/meson.build   |  5 --
 src/interface/virtinterfaced.service.in |  1 +
 src/interface/virtinterfaced.sysconf|  3 -
 src/libxl/meson.build   |  5 --
 src/libxl/virtxend.service.in   |  1 +
 src/libxl/virtxend.sysconf  |  3 -
 src/locking/meson.build |  5 --
 src/locking/virtlockd.service.in|  1 +
 src/locking/virtlockd.sysconf   |  3 -
 src/logging/meson.build |  5 --
 src/logging/virtlogd.sysconf|  3 -
 src/lxc/meson.build |  5 --
 src/lxc/virtlxcd.service.in |  1 +
 src/lxc/virtlxcd.sysconf|  3 -
 src/meson.build | 16 
 src/network/meson.build |  5 --
 src/network/virtnetworkd.service.in |  1 +
 src/network/virtnetworkd.sysconf|  3 -
 src/node_device/meson.build |  5 --
 src/node_device/virtnodedevd.service.in |  1 +
 src/node_device/virtnodedevd.sysconf|  3 -
 src/nwfilter/meson.build|  5 --
 src/nwfilter/virtnwfilterd.service.in   |  1 +
 src/nwfilter/virtnwfilterd.sysconf  |  3 -
 src/qemu/meson.build|  5 --
 src/qemu/virtqemud.service.in   |  7 ++
 src/qemu/virtqemud.sysconf  | 12 ---
 src/remote/libvirtd.service.in  |  7 ++
 src/remote/libvirtd.sysconf | 21 --
 src/remote/meson.build  | 10 ---
 src/remote/virtproxyd.service.in|  1 +
 src/remote/virtproxyd.sysconf   |  3 -
 src/secret/meson.build  |  5 --
 src/secret/virtsecretd.service.in   |  1 +
 src/secret/virtsecretd.sysconf  |  3 -
 src/storage/meson.build |  5 --
 src/storage/virtstoraged.service.in |  1 +
 src/storage/virtstoraged.sysconf|  3 -
 src/vbox/meson.build|  5 --
 src/vbox/virtvboxd.service.in   |  1 +
 src/vbox/virtvboxd.sysconf  |  3 -
 src/vz/meson.build  |  5 --
 src/vz/virtvzd.service.in   |  1 +
 src/vz/virtvzd.sysconf  |  3 -
 tools/libvirt-guests.sh.in  | 40 ++
 tools/libvirt-guests.sysconf| 50 -
 tools/meson.build   |  6 --
 54 files changed, 167 insertions(+), 262 deletions(-)
 delete mode 100644 src/ch/virtchd.sysconf
 delete mode 100644 src/interface/virtinterfaced.sysconf
 delete mode 100644 src/libxl/virtxend.sysconf
 delete mode 100644 src/locking/virtlockd.sysconf
 delete mode 100644 src/logging/virtlogd.sysconf
 delete mode 100644 src/lxc/virtlxcd.sysconf
 delete mode 100644 src/network/virtnetworkd.sysconf
 delete mode 100644 src/node_device/virtnodedevd.sysconf
 delete mode 100644 src/nwfilter/virtnwfilterd.sysconf
 delete mode 100644 src/qemu/virtqemud.sysconf
 delete mode 100644 src/remote/libvirtd.sysconf
 delete mode 100644 src/remote/virtproxyd.sysconf
 delete mode 100644 src/secret/virtsecretd.sysconf
 delete mode 100644 src/storage/virtstoraged.sysconf
 delete mode 100644 src/vbox/virtvboxd.sysconf
 delete mode 100644 src/vz/virtvzd.sysconf
 delete mode 100644 tools/libvirt-guests.sysconf

[PATCH v4 3/3] NEWS: mention removal of sysconfig

[Olaf Hering]

Signed-off-by: Olaf Hering 
---
 NEWS.rst | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/NEWS.rst b/NEWS.rst
index 4d1a1501ef..ce324afb8a 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -36,6 +36,16 @@ v8.0.0 (unreleased)
 
 * **Improvements**
 
+  * packaging: sysconfig files no longer installed
+
+libvirt used to provide defaults in various /etc/sysconfig/ files, such
+as /etc/sysconfig/libvirt. Since these files are owned by the admin, this
+made it difficult to change built-in defaults in case such file was
+modified by the admin. The built-in defaults are now part of the provided
+systemd unit files, such as libvirtd.service. These unit files continue
+to parse sysconfig files, in case they are created by the admin and filled
+with the desired key=value pairs.
+
 * **Bug fixes**
 
 

[PATCH v4 1/3] libvirt.spec: relocate pre script of daemon-driver-qemu

[Olaf Hering]

Reduce the delta in an upcoming change.
No change in behavior intended.

Signed-off-by: Olaf Hering 
---
 libvirt.spec.in | 32 +++-
 1 file changed, 15 insertions(+), 17 deletions(-)

diff --git a/libvirt.spec.in b/libvirt.spec.in
index 32b4243d0a..66eff7c7e8 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1464,6 +1464,21 @@ fi
 
 
 %if %{with_qemu}
+%pre daemon-driver-qemu
+# We want soft static allocation of well-known ids, as disk images
+# are commonly shared across NFS mounts by id rather than name; see
+# https://fedoraproject.org/wiki/Packaging:UsersAndGroups
+getent group kvm >/dev/null || groupadd -f -g 36 -r kvm
+getent group qemu >/dev/null || groupadd -f -g 107 -r qemu
+if ! getent passwd qemu >/dev/null; then
+  if ! getent passwd 107 >/dev/null; then
+useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" qemu
+  else
+useradd -r -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" qemu
+  fi
+fi
+exit 0
+
 %post daemon-driver-qemu
 %if %{with_modular_daemons}
 %libvirt_daemon_systemd_post virtqemud
@@ -1585,23 +1600,6 @@ done
 %libvirt_daemon_perform_restart libvirtd
 %libvirt_daemon_perform_restart virtnwfilterd
 
-%if %{with_qemu}
-%pre daemon-driver-qemu
-# We want soft static allocation of well-known ids, as disk images
-# are commonly shared across NFS mounts by id rather than name; see
-# https://fedoraproject.org/wiki/Packaging:UsersAndGroups
-getent group kvm >/dev/null || groupadd -f -g 36 -r kvm
-getent group qemu >/dev/null || groupadd -f -g 107 -r qemu
-if ! getent passwd qemu >/dev/null; then
-  if ! getent passwd 107 >/dev/null; then
-useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" qemu
-  else
-useradd -r -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" qemu
-  fi
-fi
-exit 0
-%endif
-
 %if %{with_lxc}
 %pre login-shell
 getent group virtlogin >/dev/null || groupadd -r virtlogin

[PATCH v4 2/3] remove sysconfig files

[Olaf Hering]

sysconfig files are owned by the admin of the host. They have the
liberty to put anything they want into these files. This makes it
difficult to provide different built-in defaults.

Remove the sysconfig file and place the current desired default into
the service file.

Local customizations can now go either into /etc/sysconfig/name
or /etc/systemd/system/name.service.d/my-knobs.conf

Attempt to handle upgrades in libvirt.spec.
Dirty files which are marked as %config will be renamed to file.rpmsave.
To restore them automatically, move stale .rpmsave files away, and
catch any new rpmsave files in %posttrans.

Signed-off-by: Olaf Hering 
---
 docs/daemons.rst| 20 
 docs/remote.html.in |  6 +--
 libvirt.spec.in | 67 +++--
 src/ch/meson.build  |  5 --
 src/ch/virtchd.service.in   |  1 +
 src/ch/virtchd.sysconf  |  3 --
 src/interface/meson.build   |  5 --
 src/interface/virtinterfaced.service.in |  1 +
 src/interface/virtinterfaced.sysconf|  3 --
 src/libxl/meson.build   |  5 --
 src/libxl/virtxend.service.in   |  1 +
 src/libxl/virtxend.sysconf  |  3 --
 src/locking/meson.build |  5 --
 src/locking/virtlockd.service.in|  1 +
 src/locking/virtlockd.sysconf   |  3 --
 src/logging/meson.build |  5 --
 src/logging/virtlogd.sysconf|  3 --
 src/lxc/meson.build |  5 --
 src/lxc/virtlxcd.service.in |  1 +
 src/lxc/virtlxcd.sysconf|  3 --
 src/meson.build | 16 --
 src/network/meson.build |  5 --
 src/network/virtnetworkd.service.in |  1 +
 src/network/virtnetworkd.sysconf|  3 --
 src/node_device/meson.build |  5 --
 src/node_device/virtnodedevd.service.in |  1 +
 src/node_device/virtnodedevd.sysconf|  3 --
 src/nwfilter/meson.build|  5 --
 src/nwfilter/virtnwfilterd.service.in   |  1 +
 src/nwfilter/virtnwfilterd.sysconf  |  3 --
 src/qemu/meson.build|  5 --
 src/qemu/virtqemud.service.in   |  7 +++
 src/qemu/virtqemud.sysconf  | 12 -
 src/remote/libvirtd.service.in  |  7 +++
 src/remote/libvirtd.sysconf | 21 
 src/remote/meson.build  | 10 
 src/remote/virtproxyd.service.in|  1 +
 src/remote/virtproxyd.sysconf   |  3 --
 src/secret/meson.build  |  5 --
 src/secret/virtsecretd.service.in   |  1 +
 src/secret/virtsecretd.sysconf  |  3 --
 src/storage/meson.build |  5 --
 src/storage/virtstoraged.service.in |  1 +
 src/storage/virtstoraged.sysconf|  3 --
 src/vbox/meson.build|  5 --
 src/vbox/virtvboxd.service.in   |  1 +
 src/vbox/virtvboxd.sysconf  |  3 --
 src/vz/meson.build  |  5 --
 src/vz/virtvzd.service.in   |  1 +
 src/vz/virtvzd.sysconf  |  3 --
 tools/libvirt-guests.sh.in  | 40 +++
 tools/libvirt-guests.sysconf| 50 --
 tools/meson.build   |  6 ---
 53 files changed, 142 insertions(+), 245 deletions(-)
 delete mode 100644 src/ch/virtchd.sysconf
 delete mode 100644 src/interface/virtinterfaced.sysconf
 delete mode 100644 src/libxl/virtxend.sysconf
 delete mode 100644 src/locking/virtlockd.sysconf
 delete mode 100644 src/logging/virtlogd.sysconf
 delete mode 100644 src/lxc/virtlxcd.sysconf
 delete mode 100644 src/network/virtnetworkd.sysconf
 delete mode 100644 src/node_device/virtnodedevd.sysconf
 delete mode 100644 src/nwfilter/virtnwfilterd.sysconf
 delete mode 100644 src/qemu/virtqemud.sysconf
 delete mode 100644 src/remote/libvirtd.sysconf
 delete mode 100644 src/remote/virtproxyd.sysconf
 delete mode 100644 src/secret/virtsecretd.sysconf
 delete mode 100644 src/storage/virtstoraged.sysconf
 delete mode 100644 src/vbox/virtvboxd.sysconf
 delete mode 100644 src/vz/virtvzd.sysconf
 delete mode 100644 tools/libvirt-guests.sysconf

diff --git a/docs/daemons.rst b/docs/daemons.rst
index 8a05ee77a7..1b6396d2af 100644
--- a/docs/daemons.rst
+++ b/docs/daemons.rst
@@ -686,3 +686,23 @@ socket unit names into the service. When using these old 
versions, the
 ``unix_sock_dir`` setting in ``virtlockd.conf`` must be changed in
 lock-step with the equivalent setting in the unit files to ensure that
 ``virtlockd`` can identify the sockets.
+
+Changing command line options for daemons
+=
+
+Two ways exist to override the defaults in the provided service files:
+Either a systemd "drop-in" configuration file, or a ``/etc/sysconfig/$daemon``
+file must be created.  For example, changing the command line option
+for a debug session of ``libvirtd``, create a file

[libvirt PATCH] Fix some typos

[Tim Wiederhake]

Signed-off-by: Tim Wiederhake 
---
 docs/manpages/virsh.rst | 2 +-
 src/qemu/qemu_domain.h  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
index 275f416090..265725d214 100644
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
@@ -3203,7 +3203,7 @@ host. By default only non-shared non-readonly images are 
transferred. Use
 *--migrate-disks* to explicitly specify a list of disk targets to
 transfer via the comma separated ``disk-list`` argument.
 With *--copy-storage-synchronous-writes* flag used the disk data migration will
-synchronously handle guest disk writes to both the original soure and the
+synchronously handle guest disk writes to both the original source and the
 destination to ensure that the disk migration converges at the price of 
possibly
 decreased burst performance.
 
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index 5474d1dccc..6586411919 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -344,7 +344,7 @@ struct _qemuDomainChrSourcePrivate {
 
 int fd; /* file descriptor of the chardev source */
 int logfd; /* file descriptor of the logging source */
-bool wait; /* wait for incomming connections on chardev */
+bool wait; /* wait for incoming connections on chardev */
 
 char *tlsCertPath; /* path to certificates if TLS is requested */
 bool tlsVerify; /* whether server should verify client certificates */
-- 
2.31.1

Re: [libvirt PATCH 2/5] util: dnsmasq: refactor CapsRefresh

[Laine Stump]

On 12/13/21 1:58 PM, Ján Tomko wrote:

Use two variables with automatic cleanup instead of reusing one.

Remove the pointless cleanup label.

Signed-off-by: Ján Tomko 
---
  src/util/virdnsmasq.c | 37 -
  1 file changed, 16 insertions(+), 21 deletions(-)

diff --git a/src/util/virdnsmasq.c b/src/util/virdnsmasq.c
index 2dd9a20377..b62e353ceb 100644
--- a/src/util/virdnsmasq.c
+++ b/src/util/virdnsmasq.c
@@ -666,9 +666,9 @@ dnsmasqCapsSetFromBuffer(dnsmasqCaps *caps, const char *buf)
  static int
  dnsmasqCapsRefreshInternal(dnsmasqCaps *caps, bool force)
  {
-int ret = -1;
  struct stat sb;
-virCommand *cmd = NULL;
+g_autoptr(virCommand) vercmd = NULL;
+g_autoptr(virCommand) helpcmd = NULL;
  g_autofree char *help = NULL;
  g_autofree char *version = NULL;
  g_autofree char *complete = NULL;
@@ -692,31 +692,26 @@ dnsmasqCapsRefreshInternal(dnsmasqCaps *caps, bool force)
  if (!virFileIsExecutable(caps->binaryPath)) {
  virReportSystemError(errno, _("dnsmasq binary %s is not executable"),
   caps->binaryPath);
-goto cleanup;
+return -1;
  }
  
-cmd = virCommandNewArgList(caps->binaryPath, "--version", NULL);

-virCommandSetOutputBuffer(cmd, );
-virCommandAddEnvPassCommon(cmd);
-virCommandClearCaps(cmd);
-if (virCommandRun(cmd, NULL) < 0)
-goto cleanup;
-virCommandFree(cmd);
+vercmd = virCommandNewArgList(caps->binaryPath, "--version", NULL);
+virCommandSetOutputBuffer(vercmd, );
+virCommandAddEnvPassCommon(vercmd);
+virCommandClearCaps(vercmd);
+if (virCommandRun(vercmd, NULL) < 0)
+return -1;


Hmmm. Every time I run across this code, I wonder if we should keep it 
or just remove it completely - the "newest" feature we're checking for 
was added to dnsmasq in version 2.67, which was released in late 2013. 
So all these extra executions of dnsmasq to get the version# and parse 
the help output are just producing the same results for everyone.


On the other hand, it's possible some new feature could be added to 
dnsmasq in the future that we would want to check for, and that would be 
easier to add if the basic structure of the code was still here. I'm not 
sure how likely that is at this point though - dnsmasq (and libvirt's 
use of dnsmasq) is fairly mature at this point, so keeping the code is 
just creating more maintenance burden for nothing...

[PATCH 0/2] KVM features: two almost trivial cleanups

[Michal Privoznik]

I've noticed these while reviewing a patch that touched this part of
code.

Michal Prívozník (2):
  qemuxml2xmloutdata: Turn kvm-features.xml and kvm-features-off.xml
into symlinks
  domain_conf: Use virXMLFormatElement*() more in
virDomainDefFormatFeatures()

 src/conf/domain_conf.c| 21 +-
 tests/qemuxml2argvdata/kvm-features-off.xml   |  7 +++-
 tests/qemuxml2argvdata/kvm-features.xml   |  7 +++-
 tests/qemuxml2xmloutdata/kvm-features-off.xml | 38 +--
 tests/qemuxml2xmloutdata/kvm-features.xml | 38 +--
 5 files changed, 22 insertions(+), 89 deletions(-)
 mode change 100644 => 12 tests/qemuxml2xmloutdata/kvm-features-off.xml
 mode change 100644 => 12 tests/qemuxml2xmloutdata/kvm-features.xml

-- 
2.32.0

[PATCH 1/2] qemuxml2xmloutdata: Turn kvm-features.xml and kvm-features-off.xml into symlinks

[Michal Privoznik]

There's no real difference between input and output XMLs for
kvm-features and kvm-features-off test cases. Do what we usually
do in such case - turn the output file into a symlink of the
input file.

Signed-off-by: Michal Privoznik 
---
 tests/qemuxml2argvdata/kvm-features-off.xml   |  7 +++-
 tests/qemuxml2argvdata/kvm-features.xml   |  7 +++-
 tests/qemuxml2xmloutdata/kvm-features-off.xml | 38 +--
 tests/qemuxml2xmloutdata/kvm-features.xml | 38 +--
 4 files changed, 12 insertions(+), 78 deletions(-)
 mode change 100644 => 12 tests/qemuxml2xmloutdata/kvm-features-off.xml
 mode change 100644 => 12 tests/qemuxml2xmloutdata/kvm-features.xml

diff --git a/tests/qemuxml2argvdata/kvm-features-off.xml 
b/tests/qemuxml2argvdata/kvm-features-off.xml
index fb7cbaf061..7ee6525cd9 100644
--- a/tests/qemuxml2argvdata/kvm-features-off.xml
+++ b/tests/qemuxml2argvdata/kvm-features-off.xml
@@ -18,17 +18,20 @@
   
 
   
-  
+  
   
   destroy
   restart
   destroy
   
 /usr/bin/qemu-system-i386
-
+
+  
+
 
 
 
+
 
   
 
diff --git a/tests/qemuxml2argvdata/kvm-features.xml 
b/tests/qemuxml2argvdata/kvm-features.xml
index 900431c4ff..8ce3a2b987 100644
--- a/tests/qemuxml2argvdata/kvm-features.xml
+++ b/tests/qemuxml2argvdata/kvm-features.xml
@@ -18,17 +18,20 @@
   
 
   
-  
+  
   
   destroy
   restart
   destroy
   
 /usr/bin/qemu-system-i386
-
+
+  
+
 
 
 
+
 
   
 
diff --git a/tests/qemuxml2xmloutdata/kvm-features-off.xml 
b/tests/qemuxml2xmloutdata/kvm-features-off.xml
deleted file mode 100644
index 7ee6525cd9..00
--- a/tests/qemuxml2xmloutdata/kvm-features-off.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-
-  QEMUGuest1
-  c7a5fdbd-edaf-9455-926a-d65c16db1809
-  219100
-  219100
-  6
-  
-hvm
-
-  
-  
-
-
-  
-  
-  
-  
-  
-
-  
-  
-  
-  destroy
-  restart
-  destroy
-  
-/usr/bin/qemu-system-i386
-
-  
-
-
-
-
-
-
-  
-
diff --git a/tests/qemuxml2xmloutdata/kvm-features-off.xml 
b/tests/qemuxml2xmloutdata/kvm-features-off.xml
new file mode 12
index 00..047170b59a
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/kvm-features-off.xml
@@ -0,0 +1 @@
+../qemuxml2argvdata/kvm-features-off.xml
\ No newline at end of file
diff --git a/tests/qemuxml2xmloutdata/kvm-features.xml 
b/tests/qemuxml2xmloutdata/kvm-features.xml
deleted file mode 100644
index 8ce3a2b987..00
--- a/tests/qemuxml2xmloutdata/kvm-features.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-
-  QEMUGuest1
-  c7a5fdbd-edaf-9455-926a-d65c16db1809
-  219100
-  219100
-  6
-  
-hvm
-
-  
-  
-
-
-  
-  
-  
-  
-  
-
-  
-  
-  
-  destroy
-  restart
-  destroy
-  
-/usr/bin/qemu-system-i386
-
-  
-
-
-
-
-
-
-  
-
diff --git a/tests/qemuxml2xmloutdata/kvm-features.xml 
b/tests/qemuxml2xmloutdata/kvm-features.xml
new file mode 12
index 00..bda3acffac
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/kvm-features.xml
@@ -0,0 +1 @@
+../qemuxml2argvdata/kvm-features.xml
\ No newline at end of file
-- 
2.32.0

[PATCH 2/2] domain_conf: Use virXMLFormatElement*() more in virDomainDefFormatFeatures()

[Michal Privoznik]

There are few places in virDomainDefFormatFeatures() which can
use virXMLFormatElement() or virXMLFormatElementEmpty() instead
of writing directly into the output buffer.

After this, there are still a lot of places left, but that is
much bigger task.

Signed-off-by: Michal Privoznik 
---
 src/conf/domain_conf.c | 21 ++---
 1 file changed, 10 insertions(+), 11 deletions(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index cd87057524..060bd70de2 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -27783,12 +27783,12 @@ virDomainDefFormatFeatures(virBuffer *buf,
 break;
 
 case VIR_TRISTATE_SWITCH_ON:
-   virBufferAsprintf(, "<%s state='on'/>\n", name);
-   break;
-
 case VIR_TRISTATE_SWITCH_OFF:
-   virBufferAsprintf(, "<%s state='off'/>\n", name);
-   break;
+virBufferAsprintf(, " state='%s'",
+  
virTristateSwitchTypeToString(def->features[i]));
+
+virXMLFormatElement(, name, , NULL);
+break;
 }
 
 break;
@@ -27816,12 +27816,12 @@ virDomainDefFormatFeatures(virBuffer *buf,
 
 case VIR_DOMAIN_FEATURE_APIC:
 if (def->features[i] == VIR_TRISTATE_SWITCH_ON) {
-virBufferAddLit(, "apic_eoi) {
-virBufferAsprintf(, " eoi='%s'",
+virBufferAsprintf(, " eoi='%s'",
   
virTristateSwitchTypeToString(def->apic_eoi));
 }
-virBufferAddLit(, "/>\n");
+
+virXMLFormatElementEmpty(, "apic", , NULL);
 }
 break;
 
@@ -27999,11 +27999,10 @@ virDomainDefFormatFeatures(virBuffer *buf,
 
 case VIR_DOMAIN_FEATURE_GIC:
 if (def->features[i] == VIR_TRISTATE_SWITCH_ON) {
-virBufferAddLit(, "gic_version != VIR_GIC_VERSION_NONE)
-virBufferAsprintf(, " version='%s'",
+virBufferAsprintf(, " version='%s'",
   
virGICVersionTypeToString(def->gic_version));
-virBufferAddLit(, "/>\n");
+virXMLFormatElementEmpty(, "gic", , NULL);
 }
 break;
 
-- 
2.32.0

Re: [libvirt PATCH v3 10/13] qemu: report max number of SEV guests

[Daniel P . Berrangé]

On Tue, Dec 14, 2021 at 11:44:00AM +0100, Peter Krempa wrote:
> On Fri, Dec 10, 2021 at 16:47:10 +, Daniel P. Berrangé wrote:
> > Different CPU generations have different limits on the number
> > of SEV/SEV-ES guests that can be run. Since both limits come
> > from the same overall set, there is typically also BIOS config
> > to set the tradeoff betweeen SEV and SEV-ES guest limits.
> > 
> > This is important information to expose for a mgmt application
> > scheduling guests to hosts.
> > 
> > Signed-off-by: Daniel P. Berrangé 
> > ---
> >  src/qemu/qemu_capabilities.c  | 39 +++
> >  src/qemu/qemu_driver.c| 10 +
> >  .../domaincapsdata/qemu_2.12.0-q35.x86_64.xml |  4 +-
> >  .../domaincapsdata/qemu_2.12.0-tcg.x86_64.xml |  4 +-
> >  tests/domaincapsdata/qemu_2.12.0.x86_64.xml   |  4 +-
> >  .../domaincapsdata/qemu_6.0.0-q35.x86_64.xml  |  4 +-
> >  .../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml  |  4 +-
> >  tests/domaincapsdata/qemu_6.0.0.x86_64.xml|  4 +-
> >  tests/testutilsqemu.c | 21 ++
> >  9 files changed, 82 insertions(+), 12 deletions(-)
> 
> [...]
> 
> > diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> > index ee23e10543..8ee0939295 100644
> > --- a/src/qemu/qemu_driver.c
> > +++ b/src/qemu/qemu_driver.c
> > @@ -19918,6 +19918,16 @@ qemuGetSEVInfoToParams(virQEMUCaps *qemuCaps,
> >  sev->reduced_phys_bits) < 0)
> >  goto cleanup;
> >  
> > +if (virTypedParamsAddUInt(, , ,
> > +VIR_NODE_SEV_MAX_GUESTS,
> > +sev->max_guests) < 0)
> > +goto cleanup;
> > +
> > +if (virTypedParamsAddUInt(, , ,
> > +VIR_NODE_SEV_MAX_ES_GUESTS,
> > +sev->max_es_guests) < 0)
> > +goto cleanup;
> 
> Both calls have broken alignment.

This is consistent with the alignment of all existing code
in this method.


> > diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c
> > index 5bd1d40ad4..7f848f158e 100644
> > --- a/tests/testutilsqemu.c
> > +++ b/tests/testutilsqemu.c
> > @@ -143,6 +143,27 @@ virCapabilitiesHostNUMANewHost(void)
> >  return virTestCapsBuildNUMATopology(3);
> >  }
> >  
> > +void
> 
> This form of overriding functions looked a bit unorthodox but prior art
> is right above, so it's okay.

It is basically relying on the linker method resolution ordering
to have same effect as LD_PRELOAD, without having to jump through
the hoops of creating a preload .so library.

> 
> > +virHostCPUX86GetCPUID(uint32_t leaf,
> > +  uint32_t extended,
> > +  uint32_t *eax,
> > +  uint32_t *ebx,
> > +  uint32_t *ecx,
> > +  uint32_t *edx)
> > +{
> > +if (eax)
> > +*eax = 0;
> > +if (ebx)
> > +*ebx = 0;
> > +if (ecx)
> > +*ecx = 0;
> > +if (edx)
> > +*edx = 0;
> > +if (leaf == 0x801F && extended == 0) {
> > +*ecx = 509;
> > +*edx = 451;
> 
> ecx/edx are unconditionally dereferenced here. Okay at this point but
> possibly unextensible. Consider adding pointer checks at least to avoid
> coverity moaning.

Hmm, yes will do.

> Reviewed-by: Peter Krempa 

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [PATCH v7 1/2] qemu: support dirty ring feature

[Hyman Huang]

On 12/14/21 20:21, Michal Prívozník wrote:

On 12/14/21 10:22, Michal Prívozník wrote:

On 11/23/21 15:36, huang...@chinatelecom.cn wrote:

From: Hyman Huang(黄勇) 

Dirty ring feature was introduced in qemu-6.1.0, this patch
add the corresponding feature named 'dirty-ring', which enable
dirty ring feature when starting vm.

To implement the dirty-ring feature, dirty_ring_size in struct
"_virDomainDef" is introduced to hold the dirty ring size
configured in xml, and it will be used as dirty-ring-size
property of kvm accelerator when building qemu commandline,
it is something like "-accel dirty-ring-size=xxx".

To enable the feature, the following XML needs to be added to
the guest's domain description:



  



If property "state=on", property "size" must be specified, which
should be power of 2 and range in [1024, 65526].

Signed-off-by: Hyman Huang(黄勇) 
---
  docs/formatdomain.rst | 18 ++--
  docs/schemas/domaincommon.rng | 10 +++
  src/conf/domain_conf.c| 54 +++
  src/conf/domain_conf.h|  4 +++
  src/qemu/qemu_command.c   | 12 
  5 files changed, 90 insertions(+), 8 deletions(-)





So here's what I suggest doing - let me post a patch that changes 'int
kvm_features' into a separate struct. I would squash it into yours but
it turned out to be quite lengthy change. Then I'll do changes necessary
for your patch (which will be trivial after that).


Merged now. Congratulations on your first libvirt contribution!

Michal


Thanks :)

--
Best Regards
Hyman Huang(黄勇)

RE: [libvirt][PATCH v8 3/5] conf: Introduce SGX EPC element into device memory xml

[Huang, Haibin]

Ok, I will fix it.
Thank you!

> -Original Message-
> From: Ani Sinha 
> Sent: Tuesday, December 14, 2021 2:54 PM
> To: Huang, Haibin 
> Cc: libvir-list@redhat.com; Ding, Jian-feng ; Yang,
> Lin A ; Lu, Lianhao ; Zhong,
> Yang 
> Subject: Re: [libvirt][PATCH v8 3/5] conf: Introduce SGX EPC element into
> device memory xml
> 
> SOB is missing ...
> 
> On Tue, Dec 14, 2021 at 9:16 AM Haibin Huang 
> wrote:
> >
> > From: Lin Yang 
> >
> > 
> >   ...
> >   
> > 
> >   512
> > 
> >   
> >   ...
> > 
> > ---
> >  docs/schemas/domaincommon.rng| 1 +
> >  src/conf/domain_conf.c   | 6 ++
> >  src/conf/domain_conf.h   | 1 +
> >  src/conf/domain_validate.c   | 1 +
> >  src/qemu/qemu_alias.c| 3 +++
> >  src/qemu/qemu_command.c  | 1 +
> >  src/qemu/qemu_domain.c   | 2 ++
> >  src/qemu/qemu_domain_address.c   | 6 ++
> >  src/qemu/qemu_driver.c   | 1 +
> >  src/qemu/qemu_process.c  | 2 ++
> >  src/qemu/qemu_validate.c | 8 
> >  src/security/security_apparmor.c | 1 +
> >  src/security/security_dac.c  | 2 ++
> >  src/security/security_selinux.c  | 2 ++
> >  14 files changed, 37 insertions(+)
> >
> > diff --git a/docs/schemas/domaincommon.rng
> > b/docs/schemas/domaincommon.rng index 26990c4d6d..39b02d1cb7
> 100644
> > --- a/docs/schemas/domaincommon.rng
> > +++ b/docs/schemas/domaincommon.rng
> > @@ -6616,6 +6616,7 @@
> >nvdimm
> >virtio-pmem
> >virtio-mem
> > +  sgx-epc
> >  
> >
> >
> > diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index
> > 6fcf86ba58..c892865da4 100644
> > --- a/src/conf/domain_conf.c
> > +++ b/src/conf/domain_conf.c
> > @@ -1399,6 +1399,7 @@ VIR_ENUM_IMPL(virDomainMemoryModel,
> >"nvdimm",
> >"virtio-pmem",
> >"virtio-mem",
> > +  "sgx-epc",
> >  );
> >
> >  VIR_ENUM_IMPL(virDomainShmemModel,
> > @@ -5508,6 +5509,7 @@
> virDomainMemoryDefPostParse(virDomainMemoryDef
> > *mem,
> >
> >  case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM:
> >  case VIR_DOMAIN_MEMORY_MODEL_DIMM:
> > +case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
> >  case VIR_DOMAIN_MEMORY_MODEL_NONE:
> >  case VIR_DOMAIN_MEMORY_MODEL_LAST:
> >  break;
> > @@ -14696,6 +14698,7 @@
> virDomainMemorySourceDefParseXML(xmlNodePtr node,
> >  def->nvdimmPath = virXPathString("string(./path)", ctxt);
> >  break;
> >
> > +case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
> >  case VIR_DOMAIN_MEMORY_MODEL_NONE:
> >  case VIR_DOMAIN_MEMORY_MODEL_LAST:
> >  break;
> > @@ -14764,6 +14767,7 @@
> virDomainMemoryTargetDefParseXML(xmlNodePtr node,
> >  case VIR_DOMAIN_MEMORY_MODEL_NONE:
> >  case VIR_DOMAIN_MEMORY_MODEL_DIMM:
> >  case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
> > +case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
> >  case VIR_DOMAIN_MEMORY_MODEL_LAST:
> >  break;
> >  }
> > @@ -16548,6 +16552,7 @@
> virDomainMemoryFindByDefInternal(virDomainDef *def,
> >  continue;
> >  break;
> >
> > +case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
> >  case VIR_DOMAIN_MEMORY_MODEL_NONE:
> >  case VIR_DOMAIN_MEMORY_MODEL_LAST:
> >  break;
> > @@ -25997,6 +26002,7 @@ virDomainMemorySourceDefFormat(virBuffer
> *buf,
> >  virBufferEscapeString(, "%s\n", def-
> >nvdimmPath);
> >  break;
> >
> > +case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
> >  case VIR_DOMAIN_MEMORY_MODEL_NONE:
> >  case VIR_DOMAIN_MEMORY_MODEL_LAST:
> >  break;
> > diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index
> > 1ac802feca..58b6ff8355 100644
> > --- a/src/conf/domain_conf.h
> > +++ b/src/conf/domain_conf.h
> > @@ -2482,6 +2482,7 @@ typedef enum {
> >  VIR_DOMAIN_MEMORY_MODEL_NVDIMM, /* nvdimm memory device
> */
> >  VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM, /* virtio-pmem
> memory device */
> >  VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM, /* virtio-mem memory
> device
> > */
> > +VIR_DOMAIN_MEMORY_MODEL_SGX_EPC, /* SGX enclave page cache
> */
> >
> >  VIR_DOMAIN_MEMORY_MODEL_LAST
> >  } virDomainMemoryModel;
> > diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
> > index 80401cf8c7..982ecc60d0 100644
> > --- a/src/conf/domain_validate.c
> > +++ b/src/conf/domain_validate.c
> > @@ -2066,6 +2066,7 @@ virDomainMemoryDefValidate(const
> virDomainMemoryDef *mem,
> >  break;
> >
> >  case VIR_DOMAIN_MEMORY_MODEL_DIMM:
> > +case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
> >  break;
> >
> >  case VIR_DOMAIN_MEMORY_MODEL_NONE:
> > diff --git a/src/qemu/qemu_alias.c b/src/qemu/qemu_alias.c index
> > 276a03cb56..5795924754 100644
> > --- a/src/qemu/qemu_alias.c
> > +++ b/src/qemu/qemu_alias.c
> > @@ -538,6 +538,9 @@ qemuAssignDeviceMemoryAlias(virDomainDef
> *def,
> >  case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM:
> >  prefix = "virtiomem";
> 

Re: [PATCH v7 1/2] qemu: support dirty ring feature

[Michal Prívozník]

On 12/14/21 10:22, Michal Prívozník wrote:
> On 11/23/21 15:36, huang...@chinatelecom.cn wrote:
>> From: Hyman Huang(黄勇) 
>>
>> Dirty ring feature was introduced in qemu-6.1.0, this patch
>> add the corresponding feature named 'dirty-ring', which enable
>> dirty ring feature when starting vm.
>>
>> To implement the dirty-ring feature, dirty_ring_size in struct
>> "_virDomainDef" is introduced to hold the dirty ring size
>> configured in xml, and it will be used as dirty-ring-size
>> property of kvm accelerator when building qemu commandline,
>> it is something like "-accel dirty-ring-size=xxx".
>>
>> To enable the feature, the following XML needs to be added to
>> the guest's domain description:
>>
>> 
>>
>>  
>>
>> 
>>
>> If property "state=on", property "size" must be specified, which
>> should be power of 2 and range in [1024, 65526].
>>
>> Signed-off-by: Hyman Huang(黄勇) 
>> ---
>>  docs/formatdomain.rst | 18 ++--
>>  docs/schemas/domaincommon.rng | 10 +++
>>  src/conf/domain_conf.c| 54 +++
>>  src/conf/domain_conf.h|  4 +++
>>  src/qemu/qemu_command.c   | 12 
>>  5 files changed, 90 insertions(+), 8 deletions(-)
>>


> So here's what I suggest doing - let me post a patch that changes 'int
> kvm_features' into a separate struct. I would squash it into yours but
> it turned out to be quite lengthy change. Then I'll do changes necessary
> for your patch (which will be trivial after that).

Merged now. Congratulations on your first libvirt contribution!

Michal

Re: [libvirt PATCH 0/5] use g_auto for virCommand (Episode II.V: Goodbye, Galaxy!)

[Michal Prívozník]

On 12/13/21 19:58, Ján Tomko wrote:
> Fear not, the end is near.
> 
> Ján Tomko (5):
>   docs: use g_auto in virCommand example
>   util: dnsmasq: refactor CapsRefresh
>   util: iscsi: use two vars in CreateIfaceIQN
>   util: refactor virNodeSuspendSetNodeWakeup
>   util: use g_auto in virNodeSuspendHelper
> 
>  docs/internals/command.html.in | 12 +++
>  src/util/virdnsmasq.c  | 37 +++---
>  src/util/viriscsi.c| 34 +++
>  src/util/virnodesuspend.c  | 16 +++
>  4 files changed, 39 insertions(+), 60 deletions(-)
> 

Reviewed-by: Michal Privoznik 

Michal

Re: [libvirt PATCH 00/20] use g_auto for virCommand (Episode II: The Sequel)

[Michal Prívozník]

On 12/13/21 19:42, Ján Tomko wrote:
> TBD: docs/ and src/util
> 
> Ján Tomko (20):
>   openvz: refactor openvzExtractVersionInfo
>   openvz: refactor openvzLoadDomains
>   openvz: refactor openvzGetVEID
>   openvz: refactor openvzDomainDefineCmd
>   openvz: refactor openvzSetInitialConfig
>   openvz: refactor openvzSetDiskQuota
>   openvz: refactor openvzDomainSetNetwork
>   openvz: refactor openvzConnectListDomains
>   openvz: refactor openvzConnectListDefinedDomains
>   openvz: refactor openvzDomainGetBarrierLimit
>   openvz: refactor openvzDomainSetBarrierLimit
>   openvz: refactor openvzGetVEStatus
>   openvz: use g_auto in openvzDomainMigratePerform3Params
>   openvz: refactor openvzVEGetStringParam
>   vz: utils: use g_auto for virCommand
>   vmware: refactor vmwareUpdateVMStatus
>   vmware: use g_auto in vmwareLoadDomains
>   vmware: refactor vmwareExtractVersion
>   tests: use g_auto in testCompareXMLToConfFiles
>   tests: storagevolxml2argvtest: do not reuse cmd
> 
>  src/openvz/openvz_conf.c   |  62 ---
>  src/openvz/openvz_driver.c | 197 +
>  src/openvz/openvz_util.c   |  23 ++--
>  src/vmware/vmware_conf.c   |  33 ++
>  src/vmware/vmware_driver.c |  19 +---
>  src/vz/vz_utils.c  |   3 +-
>  tests/networkxml2conftest.c|   5 +-
>  tests/storagevolxml2argvtest.c |   4 +-
>  8 files changed, 125 insertions(+), 221 deletions(-)
> 

Reviewed-by: Michal Privoznik 

Michal

Re: [PATCH] conf: Turn virDomainDef.kvm_features into a struct

[Ján Tomko]

On a Tuesday in 2021, Michal Privoznik wrote:

In future commits we will need to store not just an array of
VIR_TRISTATE_SWITCH_* but also an additional integer. Follow the
example of TCG and introduce a structure where both the array an
integer can live.

Signed-off-by: Michal Privoznik 
---
src/conf/domain_conf.c  | 20 +---
src/conf/domain_conf.h  |  7 ++-
src/qemu/qemu_command.c |  8 
3 files changed, 23 insertions(+), 12 deletions(-)



Reviewed-by: Ján Tomko 

Jano


signature.asc
Description: PGP signature

Re: [PATCH v7 1/2] qemu: support dirty ring feature

[Michal Prívozník]

On 12/14/21 12:20, Hyman Huang wrote:
> 


> Ok, i'll rebase the master once the changes get merged and test if the
> dirty ring still works.
> 

You can find all the patches applied in my branch:

https://gitlab.com/MichalPrivoznik/libvirt/-/commits/review/

Michal

Re: [PATCH v7 1/2] qemu: support dirty ring feature

[Hyman Huang]

On 12/14/21 17:22, Michal Prívozník wrote:

On 11/23/21 15:36, huang...@chinatelecom.cn wrote:

From: Hyman Huang(黄勇) 

Dirty ring feature was introduced in qemu-6.1.0, this patch
add the corresponding feature named 'dirty-ring', which enable
dirty ring feature when starting vm.

To implement the dirty-ring feature, dirty_ring_size in struct
"_virDomainDef" is introduced to hold the dirty ring size
configured in xml, and it will be used as dirty-ring-size
property of kvm accelerator when building qemu commandline,
it is something like "-accel dirty-ring-size=xxx".

To enable the feature, the following XML needs to be added to
the guest's domain description:



  



If property "state=on", property "size" must be specified, which
should be power of 2 and range in [1024, 65526].

Signed-off-by: Hyman Huang(黄勇) 
---
  docs/formatdomain.rst | 18 ++--
  docs/schemas/domaincommon.rng | 10 +++
  src/conf/domain_conf.c| 54 +++
  src/conf/domain_conf.h|  4 +++
  src/qemu/qemu_command.c   | 12 
  5 files changed, 90 insertions(+), 8 deletions(-)

diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index eb8c973cf1..ea69b61c70 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -1843,6 +1843,7 @@ Hypervisors may allow certain CPU / machine features to 
be toggled on/off.
 
 
 
+   


I was confused at first, what units is @size in but looking into the
qemu docs it's unit-less number:

   "[dirty-ring-size] it controls the size of the per-vCPU dirty page
ring buffer (number of entries for each vCPU)."

Therefore I'm okay with having it as a plain attribute. Otherwise for
values with units (traditionally size units like KiB/MiB/...) I would
advise to go with an extra element.


   
   
 
@@ -1925,14 +1926,15 @@ are:
  ``kvm``
 Various features to change the behavior of the KVM hypervisor.
  
-   ==  === 

-   FeatureDescription  
Value   Since
-   == 
 
=== 
-   hidden Hide the KVM hypervisor from standard MSR based discovery
on, off :since:`1.2.8 (QEMU 2.1.0)`
-   hint-dedicated Allows a guest to enable optimizations when running on 
dedicated vCPUs   on, off :since:`5.7.0 (QEMU 2.12.0)`
-   poll-control   Decrease IO completion latency by introducing a grace period 
of busy waiting on, off :since:`6.10.0 (QEMU 4.2)`
-   pv-ipi Paravirtualized send IPIs
on, off :since:`7.10.0 (QEMU 3.1)`
-   == 
 
=== 
+   == 
 
== 

+   FeatureDescription  
Value  Since
+   == 
 
== 

+   hidden Hide the KVM hypervisor from standard MSR based discovery
on, off
:since:`1.2.8 (QEMU 2.1.0)`
+   hint-dedicated Allows a guest to enable optimizations when running on 
dedicated vCPUs   on, off
:since:`5.7.0 (QEMU 2.12.0)`
+   poll-control   Decrease IO completion latency by introducing a grace period 
of busy waiting on, off
:since:`6.10.0 (QEMU 4.2)`
+   pv-ipi Paravirtualized send IPIs
on, off
:since:`7.10.0 (QEMU 3.1)`
+   dirty-ring Enable dirty ring feature
on, off; size - must be power of 2, range [1024,65536] 
:since:`7.10.0 (QEMU 6.1)`
+   == 
 
== 

  
  ``xen``

 Various features to change the behavior of the Xen hypervisor.
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index f01b7a6470..5f9fe3cc58 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -7212,6 +7212,16 @@
  

  
+
+  
+

[libvirt PATCH] examples: hellolibvirt: fix argc check

[Ján Tomko]

https://gitlab.com/libvirt/libvirt/-/issues/255

Reported-by: Jeremy Alcim
Signed-off-by: Ján Tomko 
---
Pushed as trivial.

 examples/c/misc/hellolibvirt.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/examples/c/misc/hellolibvirt.c b/examples/c/misc/hellolibvirt.c
index a598e01be2..39cefe934c 100644
--- a/examples/c/misc/hellolibvirt.c
+++ b/examples/c/misc/hellolibvirt.c
@@ -107,11 +107,12 @@ main(int argc, char *argv[])
 {
 int ret = 0;
 virConnectPtr conn;
-char *uri;
+char *uri = NULL;
 
 printf("Attempting to connect to hypervisor\n");
 
-uri = (argc > 0 ? argv[1] : NULL);
+if (argc > 1)
+uri = argv[1];
 
 /* virConnectOpenAuth is called here with all default parameters,
  * except, possibly, the URI of the hypervisor. */
-- 
2.31.1

Re: [libvirt PATCH v3 13/13] qemu: format sev-guest.kernel-hashes property

[Daniel P . Berrangé]

On Tue, Dec 14, 2021 at 12:08:37PM +0100, Peter Krempa wrote:
> On Fri, Dec 10, 2021 at 16:47:13 +, Daniel P. Berrangé wrote:
> > Set the kernel-hashes property on the sev-guest object if
> > the config asked for it explicitly. While QEMU machine
> > types currently default to having this setting off, it
> > is not guaranteed to remain this way.
> > 
> > Signed-off-by: Daniel P. Berrangé 
> > ---
> >  src/qemu/qemu_command.c   |  1 +
> >  src/qemu/qemu_validate.c  |  7 
> >  ...unch-security-sev-direct.x86_64-6.2.0.args | 40 +++
> >  .../launch-security-sev-direct.xml| 39 ++
> >  tests/qemuxml2argvtest.c  |  1 +
> >  5 files changed, 88 insertions(+)
> >  create mode 100644 
> > tests/qemuxml2argvdata/launch-security-sev-direct.x86_64-6.2.0.args
> >  create mode 100644 tests/qemuxml2argvdata/launch-security-sev-direct.xml
> > 
> > diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
> > index 613f7a5d2a..dfbf4973f5 100644
> > --- a/src/qemu/qemu_command.c
> > +++ b/src/qemu/qemu_command.c
> > @@ -9894,6 +9894,7 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virCommand 
> > *cmd,
> >   "u:policy", sev->policy,
> >   "S:dh-cert-file", dhpath,
> >   "S:session-file", sessionpath,
> > + "T:kernel-hashes", sev->kernel_hashes,
> 
> Since this is an '-object' ...
> 
> >   NULL) < 0)
> >  return -1;
> >  
> > diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
> > index 29b01495ad..c0dc1f7b53 100644
> > --- a/src/qemu/qemu_validate.c
> > +++ b/src/qemu/qemu_validate.c
> > @@ -1200,6 +1200,13 @@ qemuValidateDomainDef(const virDomainDef *def,
> >   "this QEMU binary"));
> >  return -1;
> >  }
> > +
> > +if (def->sec->data.sev.kernel_hashes == VIR_TRISTATE_BOOL_YES 
> > &&
> > +!virQEMUCapsGet(qemuCaps, 
> > QEMU_CAPS_SEV_GUEST_KERNEL_HASHES)) {
> 
> ... and this flag means that the 'sev-guest' actually has the
> 'kernel-hashes' property, the above check should be
> 
> if (def->sec->data.sev.kernel_hashes != VIR_TRISTATE_BOOL_ABSENT && ...

Lets do this, since if the user gave an explicit disable we want
to pass that through to the CLI, in case qemu changes the future
default for machine types to be enabled

> as an explicit disable will also cause a qemu error when the property is
> not defined inside sev-guest.
> 
> Other option is to use 'B:kernel-hashes' above and extract the value of
> sev->kernel_hashes into a temporary bool initialized to false via
> virTristateBoolToBool which preserves the default. In such case it will
> be always omitted when not enabled.
> 
> 
> 
> Reviewed-by: Peter Krempa 
> 

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [libvirt PATCH v3 12/13] qemu: probe for sev-guest.kernel-hashes property

[Daniel P . Berrangé]

On Tue, Dec 14, 2021 at 12:04:17PM +0100, Peter Krempa wrote:
> On Fri, Dec 10, 2021 at 16:47:12 +, Daniel P. Berrangé wrote:
> > This sev-guest object property indicates whether QEMU should
> > expose the kernel, ramdisk, cmdline hashes to the firmware
> > for measurement.
> > 
> > The 6.2.0 capabilities are hacked to look as if they were
> > generated with sev-guest support.
> > 
> > Reviewed-by: Peter Krempa 
> > Signed-off-by: Daniel P. Berrangé 
> > ---
> >  src/qemu/qemu_capabilities.c  |   8 ++
> >  src/qemu/qemu_capabilities.h  |   1 +
> >  .../domaincapsdata/qemu_6.2.0-q35.x86_64.xml  |   7 +-
> >  .../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml  |   7 +-
> >  tests/domaincapsdata/qemu_6.2.0.x86_64.xml|   7 +-
> >  .../caps_2.12.0.x86_64.replies|  97 
> >  .../caps_3.0.0.x86_64.replies |  97 
> >  .../caps_3.1.0.x86_64.replies |  97 
> >  .../caps_4.0.0.x86_64.replies |  97 
> >  .../caps_4.1.0.x86_64.replies |  89 ++
> >  .../caps_4.2.0.x86_64.replies |  89 ++
> >  .../caps_5.0.0.x86_64.replies |  89 ++
> >  .../caps_5.1.0.x86_64.replies |  89 ++
> >  .../caps_5.2.0.x86_64.replies |  89 ++
> >  .../caps_6.0.0.x86_64.replies |  89 ++
> >  .../caps_6.1.0.x86_64.replies |  89 ++
> >  .../caps_6.2.0.x86_64.replies | 109 ++
> >  .../caps_6.2.0.x86_64.xml |   8 ++
> >  18 files changed, 895 insertions(+), 263 deletions(-)
> > 
> > diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
> > index ddd61ecfc9..9553e6e5b8 100644
> > --- a/src/qemu/qemu_capabilities.c
> > +++ b/src/qemu/qemu_capabilities.c
> > @@ -652,6 +652,7 @@ VIR_ENUM_IMPL(virQEMUCaps,
> >"device.json", /* QEMU_CAPS_DEVICE_JSON */
> >"query-dirty-rate", /* QEMU_CAPS_QUERY_DIRTY_RATE */
> >"rbd-encryption", /* QEMU_CAPS_RBD_ENCRYPTION */
> > +  "sev-guest-kernel-hashes", /* 
> > QEMU_CAPS_SEV_GUEST_KERNEL_HASHES */
> >  );
> >  
> >  
> > @@ -1718,6 +1719,10 @@ static struct virQEMUCapsStringFlags 
> > virQEMUCapsObjectPropsMaxCPU[] = {
> >  { "migratable", QEMU_CAPS_CPU_MIGRATABLE },
> >  };
> >  
> > +static struct virQEMUCapsStringFlags virQEMUCapsObjectPropsSEVGuest[] = {
> > +{ "kernel-hashes", QEMU_CAPS_SEV_GUEST_KERNEL_HASHES },
> > +};
> > +
> >  static virQEMUCapsObjectTypeProps virQEMUCapsObjectProps[] = {
> >  { "memory-backend-file", virQEMUCapsObjectPropsMemoryBackendFile,
> >G_N_ELEMENTS(virQEMUCapsObjectPropsMemoryBackendFile),
> > @@ -1731,6 +1736,9 @@ static virQEMUCapsObjectTypeProps 
> > virQEMUCapsObjectProps[] = {
> >  { "max-arm-cpu", virQEMUCapsObjectPropsMaxCPU,
> >G_N_ELEMENTS(virQEMUCapsObjectPropsMaxCPU),
> >QEMU_CAPS_ARM_MAX_CPU },
> > +{ "sev-guest", virQEMUCapsObjectPropsSEVGuest,
> > +  G_N_ELEMENTS(virQEMUCapsObjectPropsSEVGuest),
> > +  QEMU_CAPS_SEV_GUEST },
> 
> Actually, when reviewing the last patch I've noticed that 'sev-guest'
> which you are querying is actually an '-object', so you don't need any
> of this complicated query machinery which modifies all .replies files
> but rather it's enough to use the QMP schema query:
> 
> Once you add to virQEMUCapsQMPSchemaQueries[] the following line:
> 
> { "object-add/arg-type/+sev-guest/kernel-hashes", 
> QEMU_CAPS_SEV_GUEST_KERNEL_HASHES },
> 
> The result is the same information. I actually see you also hacked the
> schema to add the field because I presume the QAPI schema validation
> failed if that was not the case.

Oh right, we don't need to query objects anymore since Kevin's recentish
work to map QOM into QAPI.

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [libvirt PATCH v3 13/13] qemu: format sev-guest.kernel-hashes property

[Peter Krempa]

On Fri, Dec 10, 2021 at 16:47:13 +, Daniel P. Berrangé wrote:
> Set the kernel-hashes property on the sev-guest object if
> the config asked for it explicitly. While QEMU machine
> types currently default to having this setting off, it
> is not guaranteed to remain this way.
> 
> Signed-off-by: Daniel P. Berrangé 
> ---
>  src/qemu/qemu_command.c   |  1 +
>  src/qemu/qemu_validate.c  |  7 
>  ...unch-security-sev-direct.x86_64-6.2.0.args | 40 +++
>  .../launch-security-sev-direct.xml| 39 ++
>  tests/qemuxml2argvtest.c  |  1 +
>  5 files changed, 88 insertions(+)
>  create mode 100644 
> tests/qemuxml2argvdata/launch-security-sev-direct.x86_64-6.2.0.args
>  create mode 100644 tests/qemuxml2argvdata/launch-security-sev-direct.xml
> 
> diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
> index 613f7a5d2a..dfbf4973f5 100644
> --- a/src/qemu/qemu_command.c
> +++ b/src/qemu/qemu_command.c
> @@ -9894,6 +9894,7 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virCommand 
> *cmd,
>   "u:policy", sev->policy,
>   "S:dh-cert-file", dhpath,
>   "S:session-file", sessionpath,
> + "T:kernel-hashes", sev->kernel_hashes,

Since this is an '-object' ...

>   NULL) < 0)
>  return -1;
>  
> diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
> index 29b01495ad..c0dc1f7b53 100644
> --- a/src/qemu/qemu_validate.c
> +++ b/src/qemu/qemu_validate.c
> @@ -1200,6 +1200,13 @@ qemuValidateDomainDef(const virDomainDef *def,
>   "this QEMU binary"));
>  return -1;
>  }
> +
> +if (def->sec->data.sev.kernel_hashes == VIR_TRISTATE_BOOL_YES &&
> +!virQEMUCapsGet(qemuCaps, 
> QEMU_CAPS_SEV_GUEST_KERNEL_HASHES)) {

... and this flag means that the 'sev-guest' actually has the
'kernel-hashes' property, the above check should be

if (def->sec->data.sev.kernel_hashes != VIR_TRISTATE_BOOL_ABSENT && ...


as an explicit disable will also cause a qemu error when the property is
not defined inside sev-guest.

Other option is to use 'B:kernel-hashes' above and extract the value of
sev->kernel_hashes into a temporary bool initialized to false via
virTristateBoolToBool which preserves the default. In such case it will
be always omitted when not enabled.



Reviewed-by: Peter Krempa 

Re: [libvirt PATCH v3 12/13] qemu: probe for sev-guest.kernel-hashes property

[Peter Krempa]

On Fri, Dec 10, 2021 at 16:47:12 +, Daniel P. Berrangé wrote:
> This sev-guest object property indicates whether QEMU should
> expose the kernel, ramdisk, cmdline hashes to the firmware
> for measurement.
> 
> The 6.2.0 capabilities are hacked to look as if they were
> generated with sev-guest support.
> 
> Reviewed-by: Peter Krempa 
> Signed-off-by: Daniel P. Berrangé 
> ---
>  src/qemu/qemu_capabilities.c  |   8 ++
>  src/qemu/qemu_capabilities.h  |   1 +
>  .../domaincapsdata/qemu_6.2.0-q35.x86_64.xml  |   7 +-
>  .../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml  |   7 +-
>  tests/domaincapsdata/qemu_6.2.0.x86_64.xml|   7 +-
>  .../caps_2.12.0.x86_64.replies|  97 
>  .../caps_3.0.0.x86_64.replies |  97 
>  .../caps_3.1.0.x86_64.replies |  97 
>  .../caps_4.0.0.x86_64.replies |  97 
>  .../caps_4.1.0.x86_64.replies |  89 ++
>  .../caps_4.2.0.x86_64.replies |  89 ++
>  .../caps_5.0.0.x86_64.replies |  89 ++
>  .../caps_5.1.0.x86_64.replies |  89 ++
>  .../caps_5.2.0.x86_64.replies |  89 ++
>  .../caps_6.0.0.x86_64.replies |  89 ++
>  .../caps_6.1.0.x86_64.replies |  89 ++
>  .../caps_6.2.0.x86_64.replies | 109 ++
>  .../caps_6.2.0.x86_64.xml |   8 ++
>  18 files changed, 895 insertions(+), 263 deletions(-)
> 
> diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
> index ddd61ecfc9..9553e6e5b8 100644
> --- a/src/qemu/qemu_capabilities.c
> +++ b/src/qemu/qemu_capabilities.c
> @@ -652,6 +652,7 @@ VIR_ENUM_IMPL(virQEMUCaps,
>"device.json", /* QEMU_CAPS_DEVICE_JSON */
>"query-dirty-rate", /* QEMU_CAPS_QUERY_DIRTY_RATE */
>"rbd-encryption", /* QEMU_CAPS_RBD_ENCRYPTION */
> +  "sev-guest-kernel-hashes", /* 
> QEMU_CAPS_SEV_GUEST_KERNEL_HASHES */
>  );
>  
>  
> @@ -1718,6 +1719,10 @@ static struct virQEMUCapsStringFlags 
> virQEMUCapsObjectPropsMaxCPU[] = {
>  { "migratable", QEMU_CAPS_CPU_MIGRATABLE },
>  };
>  
> +static struct virQEMUCapsStringFlags virQEMUCapsObjectPropsSEVGuest[] = {
> +{ "kernel-hashes", QEMU_CAPS_SEV_GUEST_KERNEL_HASHES },
> +};
> +
>  static virQEMUCapsObjectTypeProps virQEMUCapsObjectProps[] = {
>  { "memory-backend-file", virQEMUCapsObjectPropsMemoryBackendFile,
>G_N_ELEMENTS(virQEMUCapsObjectPropsMemoryBackendFile),
> @@ -1731,6 +1736,9 @@ static virQEMUCapsObjectTypeProps 
> virQEMUCapsObjectProps[] = {
>  { "max-arm-cpu", virQEMUCapsObjectPropsMaxCPU,
>G_N_ELEMENTS(virQEMUCapsObjectPropsMaxCPU),
>QEMU_CAPS_ARM_MAX_CPU },
> +{ "sev-guest", virQEMUCapsObjectPropsSEVGuest,
> +  G_N_ELEMENTS(virQEMUCapsObjectPropsSEVGuest),
> +  QEMU_CAPS_SEV_GUEST },

Actually, when reviewing the last patch I've noticed that 'sev-guest'
which you are querying is actually an '-object', so you don't need any
of this complicated query machinery which modifies all .replies files
but rather it's enough to use the QMP schema query:

Once you add to virQEMUCapsQMPSchemaQueries[] the following line:

{ "object-add/arg-type/+sev-guest/kernel-hashes", 
QEMU_CAPS_SEV_GUEST_KERNEL_HASHES },

The result is the same information. I actually see you also hacked the
schema to add the field because I presume the QAPI schema validation
failed if that was not the case.

So my R-b applies only on this simpler version as we should not re-query
data we already have from the QMP schema.

Re: [libvirt PATCH v3 10/13] qemu: report max number of SEV guests

[Peter Krempa]

On Fri, Dec 10, 2021 at 16:47:10 +, Daniel P. Berrangé wrote:
> Different CPU generations have different limits on the number
> of SEV/SEV-ES guests that can be run. Since both limits come
> from the same overall set, there is typically also BIOS config
> to set the tradeoff betweeen SEV and SEV-ES guest limits.
> 
> This is important information to expose for a mgmt application
> scheduling guests to hosts.
> 
> Signed-off-by: Daniel P. Berrangé 
> ---
>  src/qemu/qemu_capabilities.c  | 39 +++
>  src/qemu/qemu_driver.c| 10 +
>  .../domaincapsdata/qemu_2.12.0-q35.x86_64.xml |  4 +-
>  .../domaincapsdata/qemu_2.12.0-tcg.x86_64.xml |  4 +-
>  tests/domaincapsdata/qemu_2.12.0.x86_64.xml   |  4 +-
>  .../domaincapsdata/qemu_6.0.0-q35.x86_64.xml  |  4 +-
>  .../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml  |  4 +-
>  tests/domaincapsdata/qemu_6.0.0.x86_64.xml|  4 +-
>  tests/testutilsqemu.c | 21 ++
>  9 files changed, 82 insertions(+), 12 deletions(-)

[...]

> diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> index ee23e10543..8ee0939295 100644
> --- a/src/qemu/qemu_driver.c
> +++ b/src/qemu/qemu_driver.c
> @@ -19918,6 +19918,16 @@ qemuGetSEVInfoToParams(virQEMUCaps *qemuCaps,
>  sev->reduced_phys_bits) < 0)
>  goto cleanup;
>  
> +if (virTypedParamsAddUInt(, , ,
> +VIR_NODE_SEV_MAX_GUESTS,
> +sev->max_guests) < 0)
> +goto cleanup;
> +
> +if (virTypedParamsAddUInt(, , ,
> +VIR_NODE_SEV_MAX_ES_GUESTS,
> +sev->max_es_guests) < 0)
> +goto cleanup;

Both calls have broken alignment.


[...]

> diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c
> index 5bd1d40ad4..7f848f158e 100644
> --- a/tests/testutilsqemu.c
> +++ b/tests/testutilsqemu.c
> @@ -143,6 +143,27 @@ virCapabilitiesHostNUMANewHost(void)
>  return virTestCapsBuildNUMATopology(3);
>  }
>  
> +void

This form of overriding functions looked a bit unorthodox but prior art
is right above, so it's okay.

> +virHostCPUX86GetCPUID(uint32_t leaf,
> +  uint32_t extended,
> +  uint32_t *eax,
> +  uint32_t *ebx,
> +  uint32_t *ecx,
> +  uint32_t *edx)
> +{
> +if (eax)
> +*eax = 0;
> +if (ebx)
> +*ebx = 0;
> +if (ecx)
> +*ecx = 0;
> +if (edx)
> +*edx = 0;
> +if (leaf == 0x801F && extended == 0) {
> +*ecx = 509;
> +*edx = 451;

ecx/edx are unconditionally dereferenced here. Okay at this point but
possibly unextensible. Consider adding pointer checks at least to avoid
coverity moaning.

Reviewed-by: Peter Krempa 

Re: [libvirt PATCH v3 12/13] qemu: probe for sev-guest.kernel-hashes property

[Peter Krempa]

On Fri, Dec 10, 2021 at 16:47:12 +, Daniel P. Berrangé wrote:
> This sev-guest object property indicates whether QEMU should
> expose the kernel, ramdisk, cmdline hashes to the firmware
> for measurement.
> 
> The 6.2.0 capabilities are hacked to look as if they were
> generated with sev-guest support.
> 
> Reviewed-by: Peter Krempa 

Don't forget that due to the hack of adding SEV to the caps output data
my R-b applies only after qemu-6.2 is released and libvirt's test data
updated.

[PATCH] conf: Turn virDomainDef.kvm_features into a struct

[Michal Privoznik]

In future commits we will need to store not just an array of
VIR_TRISTATE_SWITCH_* but also an additional integer. Follow the
example of TCG and introduce a structure where both the array an
integer can live.

Signed-off-by: Michal Privoznik 
---
 src/conf/domain_conf.c  | 20 +---
 src/conf/domain_conf.h  |  7 ++-
 src/qemu/qemu_command.c |  8 
 3 files changed, 23 insertions(+), 12 deletions(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index b6249aa76f..07cbfa24bc 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -3713,6 +3713,7 @@ void virDomainDefFree(virDomainDef *def)
 g_free(def->emulator);
 g_free(def->description);
 g_free(def->title);
+g_free(def->kvm_features);
 g_free(def->hyperv_vendor_id);
 g_free(def->tcg_features);
 
@@ -17532,7 +17533,9 @@ static int
 virDomainFeaturesKVMDefParse(virDomainDef *def,
  xmlNodePtr node)
 {
-def->features[VIR_DOMAIN_FEATURE_KVM] = VIR_TRISTATE_SWITCH_ON;
+g_autofree virDomainFeatureKVM *kvm = NULL;
+
+kvm = g_new0(virDomainFeatureKVM, 1);
 
 node = xmlFirstElementChild(node);
 while (node) {
@@ -17551,11 +17554,14 @@ virDomainFeaturesKVMDefParse(virDomainDef *def,
  ) < 0)
 return -1;
 
-def->kvm_features[feature] = value;
+kvm->features[feature] = value;
 
 node = xmlNextElementSibling(node);
 }
 
+def->features[VIR_DOMAIN_FEATURE_KVM] = VIR_TRISTATE_SWITCH_ON;
+def->kvm_features = g_steal_pointer();
+
 return 0;
 }
 
@@ -21803,13 +21809,13 @@ virDomainDefFeaturesCheckABIStability(virDomainDef 
*src,
 case VIR_DOMAIN_KVM_DEDICATED:
 case VIR_DOMAIN_KVM_POLLCONTROL:
 case VIR_DOMAIN_KVM_PVIPI:
-if (src->kvm_features[i] != dst->kvm_features[i]) {
+if (src->kvm_features->features[i] != 
dst->kvm_features->features[i]) {
 virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("State of KVM feature '%s' differs: "
  "source: '%s', destination: '%s'"),
virDomainKVMTypeToString(i),
-   
virTristateSwitchTypeToString(src->kvm_features[i]),
-   
virTristateSwitchTypeToString(dst->kvm_features[i]));
+   
virTristateSwitchTypeToString(src->kvm_features->features[i]),
+   
virTristateSwitchTypeToString(dst->kvm_features->features[i]));
 return false;
 }
 
@@ -27873,11 +27879,11 @@ virDomainDefFormatFeatures(virBuffer *buf,
 case VIR_DOMAIN_KVM_DEDICATED:
 case VIR_DOMAIN_KVM_POLLCONTROL:
 case VIR_DOMAIN_KVM_PVIPI:
-if (def->kvm_features[j])
+if (def->kvm_features->features[j])
 virBufferAsprintf(, "<%s state='%s'/>\n",
   virDomainKVMTypeToString(j),
   virTristateSwitchTypeToString(
-  def->kvm_features[j]));
+  def->kvm_features->features[j]));
 break;
 
 case VIR_DOMAIN_KVM_LAST:
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index b410922f68..5613d621bb 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2263,6 +2263,11 @@ typedef enum {
 
 VIR_ENUM_DECL(virDomainIBS);
 
+typedef struct _virDomainFeatureKVM virDomainFeatureKVM;
+struct _virDomainFeatureKVM {
+int features[VIR_DOMAIN_KVM_LAST];
+};
+
 typedef struct _virDomainFeatureTCG virDomainFeatureTCG;
 struct _virDomainFeatureTCG {
 unsigned long long tb_cache; /* Stored in KiB */
@@ -2819,7 +2824,7 @@ struct _virDomainDef {
 int features[VIR_DOMAIN_FEATURE_LAST];
 int caps_features[VIR_DOMAIN_PROCES_CAPS_FEATURE_LAST];
 int hyperv_features[VIR_DOMAIN_HYPERV_LAST];
-int kvm_features[VIR_DOMAIN_KVM_LAST];
+virDomainFeatureKVM *kvm_features;
 int msrs_features[VIR_DOMAIN_MSRS_LAST];
 int xen_features[VIR_DOMAIN_XEN_LAST];
 virDomainXenPassthroughMode xen_passthrough_mode;
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index ce22372749..7cdec9f910 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -6765,22 +6765,22 @@ qemuBuildCpuCommandLine(virCommand *cmd,
 for (i = 0; i < VIR_DOMAIN_KVM_LAST; i++) {
 switch ((virDomainKVM) i) {
 case VIR_DOMAIN_KVM_HIDDEN:
-if (def->kvm_features[i] == VIR_TRISTATE_SWITCH_ON)
+if (def->kvm_features->features[i] == VIR_TRISTATE_SWITCH_ON)
 virBufferAddLit(, ",kvm=off");
 break;
 
 case 

Re: [PATCH v7 1/2] qemu: support dirty ring feature

[Michal Prívozník]

On 11/23/21 15:36, huang...@chinatelecom.cn wrote:
> From: Hyman Huang(黄勇) 
> 
> Dirty ring feature was introduced in qemu-6.1.0, this patch
> add the corresponding feature named 'dirty-ring', which enable
> dirty ring feature when starting vm.
> 
> To implement the dirty-ring feature, dirty_ring_size in struct
> "_virDomainDef" is introduced to hold the dirty ring size
> configured in xml, and it will be used as dirty-ring-size
> property of kvm accelerator when building qemu commandline,
> it is something like "-accel dirty-ring-size=xxx".
> 
> To enable the feature, the following XML needs to be added to
> the guest's domain description:
> 
> 
>
>  
>
> 
> 
> If property "state=on", property "size" must be specified, which
> should be power of 2 and range in [1024, 65526].
> 
> Signed-off-by: Hyman Huang(黄勇) 
> ---
>  docs/formatdomain.rst | 18 ++--
>  docs/schemas/domaincommon.rng | 10 +++
>  src/conf/domain_conf.c| 54 +++
>  src/conf/domain_conf.h|  4 +++
>  src/qemu/qemu_command.c   | 12 
>  5 files changed, 90 insertions(+), 8 deletions(-)
> 
> diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
> index eb8c973cf1..ea69b61c70 100644
> --- a/docs/formatdomain.rst
> +++ b/docs/formatdomain.rst
> @@ -1843,6 +1843,7 @@ Hypervisors may allow certain CPU / machine features to 
> be toggled on/off.
> 
> 
> 
> +   

I was confused at first, what units is @size in but looking into the
qemu docs it's unit-less number:

  "[dirty-ring-size] it controls the size of the per-vCPU dirty page
   ring buffer (number of entries for each vCPU)."

Therefore I'm okay with having it as a plain attribute. Otherwise for
values with units (traditionally size units like KiB/MiB/...) I would
advise to go with an extra element.

>   
>   
> 
> @@ -1925,14 +1926,15 @@ are:
>  ``kvm``
> Various features to change the behavior of the KVM hypervisor.
>  
> -   == 
>  
> === 
> -   FeatureDescription
>   Value   Since
> -   == 
>  
> === 
> -   hidden Hide the KVM hypervisor from standard MSR based discovery  
>   on, off :since:`1.2.8 (QEMU 2.1.0)`
> -   hint-dedicated Allows a guest to enable optimizations when running on 
> dedicated vCPUs   on, off :since:`5.7.0 (QEMU 2.12.0)`
> -   poll-control   Decrease IO completion latency by introducing a grace 
> period of busy waiting on, off :since:`6.10.0 (QEMU 4.2)`
> -   pv-ipi Paravirtualized send IPIs  
>   on, off :since:`7.10.0 (QEMU 3.1)`
> -   == 
>  
> === 
> +   == 
>  
> == 
> 
> +   FeatureDescription
>   Value  Since
> +   == 
>  
> == 
> 
> +   hidden Hide the KVM hypervisor from standard MSR based discovery  
>   on, off
> :since:`1.2.8 (QEMU 2.1.0)`
> +   hint-dedicated Allows a guest to enable optimizations when running on 
> dedicated vCPUs   on, off
> :since:`5.7.0 (QEMU 2.12.0)`
> +   poll-control   Decrease IO completion latency by introducing a grace 
> period of busy waiting on, off
> :since:`6.10.0 (QEMU 4.2)`
> +   pv-ipi Paravirtualized send IPIs  
>   on, off
> :since:`7.10.0 (QEMU 3.1)`
> +   dirty-ring Enable dirty ring feature  
>   on, off; size - must be power of 2, range [1024,65536] 
> :since:`7.10.0 (QEMU 6.1)`
> +   == 
>  
> == 
> 
>  
>  ``xen``
> Various features to change the behavior of the Xen hypervisor.
> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
> index f01b7a6470..5f9fe3cc58 100644
> --- a/docs/schemas/domaincommon.rng

Re: [libvirt PATCH v3 09/13] util: pull CPUID helper function out of CPU driver

[Peter Krempa]

On Fri, Dec 10, 2021 at 16:47:09 +, Daniel P. Berrangé wrote:
> This will be needed directly in the QEMU driver in a later patch.
> 
> Signed-off-by: Daniel P. Berrangé 
> ---
>  src/cpu/cpu_x86.c| 34 +--
>  src/libvirt_private.syms |  1 +
>  src/util/virhostcpu.c| 58 
>  src/util/virhostcpu.h|  7 +
>  4 files changed, 72 insertions(+), 28 deletions(-)

Reviewed-by: Peter Krempa 

Re: [PATCH] libxl: Implement domainGetMessages API

[Peter Krempa]

On Tue, Dec 14, 2021 at 09:14:38 +, Daniel P. Berrangé wrote:
> On Tue, Dec 14, 2021 at 10:05:26AM +0100, Peter Krempa wrote:
> > On Mon, Dec 13, 2021 at 17:35:36 -0700, Jim Fehlig wrote:
> > > Since commit 46783e6307a, the 'virsh dominfo' command calls
> > > virDomainGetMessages to report any messages from the domain.
> > > Hypervisors not implementing the API now get the following
> > > log message when clients invoke 'virsh dominfo'
> > > 
> > > this function is not supported by the connection driver: 
> > > virDomainGetMessages
> > > 
> > > Although libxl currently does not support any tainting or
> > > deprecation messages, provide an implementation to squelch
> > > the previously unseen error message when collecting dominfo.
> > 
> > So you are fixing a symptom, but IMO the proper fix is to just make
> > virsh ignore errors when virDomainGetMessages is not supported.
> > 
> > I have nothing against the code itself, but I wouldn't describe it as a
> > fix for virsh showing an error.
> 
> I interpreted it as meaning that message appears in logs on
> libvirtd side ?

Yeah, I got to that on a second read which I did after sending the
original reply and looking at the code. The commit message put too much
emphasis on virsh and mentions 'log' only once so that's why I missed
it.

Re: [PATCH] libxl: Implement domainGetMessages API

[Daniel P . Berrangé]

On Tue, Dec 14, 2021 at 10:05:26AM +0100, Peter Krempa wrote:
> On Mon, Dec 13, 2021 at 17:35:36 -0700, Jim Fehlig wrote:
> > Since commit 46783e6307a, the 'virsh dominfo' command calls
> > virDomainGetMessages to report any messages from the domain.
> > Hypervisors not implementing the API now get the following
> > log message when clients invoke 'virsh dominfo'
> > 
> > this function is not supported by the connection driver: 
> > virDomainGetMessages
> > 
> > Although libxl currently does not support any tainting or
> > deprecation messages, provide an implementation to squelch
> > the previously unseen error message when collecting dominfo.
> 
> So you are fixing a symptom, but IMO the proper fix is to just make
> virsh ignore errors when virDomainGetMessages is not supported.
> 
> I have nothing against the code itself, but I wouldn't describe it as a
> fix for virsh showing an error.

I interpreted it as meaning that message appears in logs on
libvirtd side ?

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [PATCH] libxl: Implement domainGetMessages API

[Peter Krempa]

On Tue, Dec 14, 2021 at 10:05:51 +0100, Peter Krempa wrote:
> On Mon, Dec 13, 2021 at 17:35:36 -0700, Jim Fehlig wrote:
> > Since commit 46783e6307a, the 'virsh dominfo' command calls
> > virDomainGetMessages to report any messages from the domain.
> > Hypervisors not implementing the API now get the following
> > log message when clients invoke 'virsh dominfo'
> > 
> > this function is not supported by the connection driver: 
> > virDomainGetMessages
> > 
> > Although libxl currently does not support any tainting or
> > deprecation messages, provide an implementation to squelch
> > the previously unseen error message when collecting dominfo.
> 
> So you are fixing a symptom, but IMO the proper fix is to just make
> virsh ignore errors when virDomainGetMessages is not supported.

Okay, so I misread that because the error message you've posted here
doesn't look like message from the log. Spamming logs is not good, so
as said it's okay.

Re: [PATCH] libxl: Implement domainGetMessages API

[Peter Krempa]

On Mon, Dec 13, 2021 at 17:35:36 -0700, Jim Fehlig wrote:
> Since commit 46783e6307a, the 'virsh dominfo' command calls
> virDomainGetMessages to report any messages from the domain.
> Hypervisors not implementing the API now get the following
> log message when clients invoke 'virsh dominfo'
> 
> this function is not supported by the connection driver: virDomainGetMessages
> 
> Although libxl currently does not support any tainting or
> deprecation messages, provide an implementation to squelch
> the previously unseen error message when collecting dominfo.

So you are fixing a symptom, but IMO the proper fix is to just make
virsh ignore errors when virDomainGetMessages is not supported.

I have nothing against the code itself, but I wouldn't describe it as a
fix for virsh showing an error.

> 
> Signed-off-by: Jim Fehlig 
> ---
>  src/libxl/libxl_driver.c | 24 
>  1 file changed, 24 insertions(+)

Re: [PATCH] libxl: Implement domainGetMessages API

[Michal Prívozník]

On 12/14/21 01:35, Jim Fehlig wrote:
> Since commit 46783e6307a, the 'virsh dominfo' command calls
> virDomainGetMessages to report any messages from the domain.
> Hypervisors not implementing the API now get the following
> log message when clients invoke 'virsh dominfo'
> 
> this function is not supported by the connection driver: virDomainGetMessages
> 
> Although libxl currently does not support any tainting or
> deprecation messages, provide an implementation to squelch
> the previously unseen error message when collecting dominfo.
> 
> Signed-off-by: Jim Fehlig 
> ---
>  src/libxl/libxl_driver.c | 24 
>  1 file changed, 24 insertions(+)

Reviewed-by: Michal Privoznik 

Michal