date:20231004

Re: [PATCH] hw/rdma: Deprecate the pvrdma device and the rdma subsystem

2023-10-04 Thread Philippe Mathieu-Daudé


On 27/9/23 15:30, Thomas Huth wrote:

This subsystem is said to be in a bad shape (see e.g. [1], [2]
and [3]), and nobody seems to feel responsible to pick up patches
for this and send them via a pull request. For example there is
a patch for a CVE-worthy bug posted more than half a year ago [4]
which has never been merged.

Quoting Markus: "Given the shape it is in, I wouldn't let friends
use it in production" - we shouldn't expose this to our users in
the current state. Thus let's mark it as deprecated and finally
remove it unless somebody steps up and improves the code quality
and adds proper regression tests.

[1] 
https://lore.kernel.org/qemu-devel/20230918144206.560120-1-arm...@redhat.com/
[2] https://lore.kernel.org/qemu-devel/zqnojjoqofu73...@redhat.com/
[3] 
https://lore.kernel.org/qemu-devel/1054981c-e8ae-c676-3b04-eeb030e11...@tls.msk.ru/
[4] 
https://lore.kernel.org/qemu-devel/20230301142926.18686-1-yuval.shaia...@gmail.com/
[5] https://lore.kernel.org/qemu-devel/8734z9f086@pond.sub.org/

Signed-off-by: Thomas Huth 
---
  MAINTAINERS   | 2 +-
  docs/about/deprecated.rst | 8 
  hw/rdma/vmw/pvrdma_main.c | 2 ++
  3 files changed, 11 insertions(+), 1 deletion(-)


Reviewed-by: Philippe Mathieu-Daudé

[libvirt PATCH] meson: Improve nbdkit configurability

2023-10-04 Thread Andrea Bolognani

Currently, nbdkit support will automatically be enabled as long as
the pidfd_open(2) syscall is available. Optionally, libnbd is used
to generate more user-friendly error messages.

In theory this is all good, since use of nbdkit is supposed to be
transparent to the user. In practice, however, there is a problem:
if support for it is enabled at build time and the necessary
runtime components are installed, nbdkit will always be preferred,
with no way for the user to opt out.

This will arguably be fine in the long run, but right now none of
the platforms that we target ships with a SELinux policy that
allows libvirt to launch nbdkit, and the AppArmor policy that we
maintain ourselves hasn't been updated either.

So, in practice, as of today having nbdkit installed on the host
makes network disks completely unusable unless you're willing to
compromise the overall security of the system by disabling
SELinux/AppArmor.

In order to make the transition smoother, provide a convenient
way for users and distro packagers to disable nbdkit support at
compile time until SELinux and AppArmor are ready.

In the process, detection is completely overhauled. libnbd is
made mandatory when nbdkit support is enabled, since availability
across operating systems is comparable and offering users the
option to make error messages worse doesn't make a lot of sense;
we also make sure that an explicit request from the user to
enable/disable nbdkit support is either complied with, or results
in a build failure when that's not possible. Last but not least,
we avoid linking against libnbd when nbdkit support is disabled.

At the RPM level, we disable the feature when building against
RHEL 8, which doesn't have pidfd_open(2), and also allow it to
be disabled at build time the same as other optional features,
that is, by passing "--define '_without_nbdkit 1'" to rpmbuild.
Finally, if nbdkit support has been disabled, installing libvirt
will no longer drag it in as a (weak) dependency.

Signed-off-by: Andrea Bolognani 
---
 libvirt.spec.in| 23 ---
 meson.build| 29 +
 meson_options.txt  |  2 +-
 src/qemu/qemu_nbdkit.c |  6 +++---
 4 files changed, 45 insertions(+), 15 deletions(-)

diff --git a/libvirt.spec.in b/libvirt.spec.in
index f3d21ccc8f..2ea465348c 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -95,6 +95,7 @@
 %define with_fuse 0
 %define with_sanlock  0
 %define with_numad0
+%define with_nbdkit   0
 %define with_firewalld_zone   0
 %define with_netcf0
 %define with_libssh2  0
@@ -173,6 +174,13 @@
 %endif
 %endif
 
+# nbdkit support requires pidfd_open(2), which is not in RHEL 8
+%if %{with_qemu}
+%if 0%{?fedora} || 0%{?rhel} >= 9
+%define with_nbdkit 0%{!?_without_nbdkit:1}
+%endif
+%endif
+
 %ifarch %{arches_dmidecode}
 %define with_dmidecode 0%{!?_without_dmidecode:1}
 %endif
@@ -312,6 +320,9 @@ BuildRequires: util-linux
 BuildRequires: libacl-devel
 # From QEMU RPMs, used by virstoragetest
 BuildRequires: /usr/bin/qemu-img
+%endif
+# nbdkit support requires libnbd
+%if %{with_nbdkit}
 BuildRequires: libnbd-devel
 %endif
 # For LVM drivers
@@ -769,9 +780,11 @@ Requires: numad
 Recommends: passt
 Recommends: passt-selinux
 %endif
+%if %{with_nbdkit}
 Recommends: nbdkit
 Recommends: nbdkit-curl-plugin
 Recommends: nbdkit-ssh-plugin
+%endif
 
 %description daemon-driver-qemu
 The qemu driver plugin for the libvirtd daemon, providing
@@ -1078,10 +1091,8 @@ exit 1
 
 %if %{with_qemu}
 %define arg_qemu -Ddriver_qemu=enabled
-%define arg_libnbd -Dlibnbd=enabled
 %else
 %define arg_qemu -Ddriver_qemu=disabled
-%define arg_libnbd -Dlibnbd=disabled
 %endif
 
 %if %{with_openvz}
@@ -1158,6 +1169,12 @@ exit 1
 %define arg_numad -Dnumad=disabled
 %endif
 
+%if %{with_nbdkit}
+%define arg_nbdkit -Dnbdkit=enabled
+%else
+%define arg_nbdkit -Dnbdkit=disabled
+%endif
+
 %if %{with_fuse}
 %define arg_fuse -Dfuse=enabled
 %else
@@ -1270,7 +1287,7 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' 
%{_specdir}/libvirt.spec)
-Dyajl=enabled \
%{?arg_sanlock} \
-Dlibpcap=enabled \
-   %{?arg_libnbd} \
+   %{?arg_nbdkit} \
-Dlibnl=enabled \
-Daudit=enabled \
-Ddtrace=enabled \
diff --git a/meson.build b/meson.build
index 6fa1f74670..de23fbda1e 100644
--- a/meson.build
+++ b/meson.build
@@ -1011,10 +1011,27 @@ endif
 libiscsi_version = '1.18.0'
 libiscsi_dep = dependency('libiscsi', version: '>=' + libiscsi_version, 
required: get_option('libiscsi'))
 
-libnbd_version = '1.0'
-libnbd_dep = dependency('libnbd', version: '>=' + libnbd_version, required: 
get_option('libnbd'))
-if libnbd_dep.found()
-  conf.set('WITH_LIBNBD', 1)
+if not get_option('nbdkit').disabled()
+  libnbd_version = '1.0'
+  libnbd_dep = dependency('libnbd', version: '>=' + libnbd_version, requir

Re: [PATCH] hw/rdma: Deprecate the pvrdma device and the rdma subsystem

2023-10-04 Thread Juan Quintela

Thomas Huth  wrote:
> This subsystem is said to be in a bad shape (see e.g. [1], [2]
> and [3]), and nobody seems to feel responsible to pick up patches
> for this and send them via a pull request. For example there is
> a patch for a CVE-worthy bug posted more than half a year ago [4]
> which has never been merged.
>
> Quoting Markus: "Given the shape it is in, I wouldn't let friends
> use it in production" - we shouldn't expose this to our users in
> the current state. Thus let's mark it as deprecated and finally
> remove it unless somebody steps up and improves the code quality
> and adds proper regression tests.
>
> [1] 
> https://lore.kernel.org/qemu-devel/20230918144206.560120-1-arm...@redhat.com/
> [2] https://lore.kernel.org/qemu-devel/zqnojjoqofu73...@redhat.com/
> [3] 
> https://lore.kernel.org/qemu-devel/1054981c-e8ae-c676-3b04-eeb030e11...@tls.msk.ru/
> [4] 
> https://lore.kernel.org/qemu-devel/20230301142926.18686-1-yuval.shaia...@gmail.com/
> [5] https://lore.kernel.org/qemu-devel/8734z9f086@pond.sub.org/
>
> Signed-off-by: Thomas Huth 

Acked-by: Juan Quintela

[PATCH] util:hostcpu: Report physical address size based on Architecture

2023-10-04 Thread Narayana Murty N

The function virHostCPUGetPhysAddrSize was introduced with commit be1b7d5b18e
fails on architectures other than x86 and SuperH. The commit 8417c1394cd4d
fixed the issue only for s390 but the problem is still seen on other
architectures like ppc which does not report Physical address size in their
cpuinfo output.

command:
systemctl restart libvirtd.service
Output :

dnsmasq[2377]: read /var/lib/libvirt/dnsmasq/default.addnhosts - 0
addresses
dnsmasq-dhcp[2377]: read /var/lib/libvirt/dnsmasq/default.hostsfile
libvirtd[3163]: libvirt version: 9.8.0
libvirtd[3163]: hostname: xx
libvirtd[3163]: internal error: Missing or invalid CPU address size in
/proc/cpuinfo
 libvirtd.service: Deactivated successfully.
 

This patch fixes this issue by returning the size=0 for architectures
other than x86 and SuperH.

Signed-off-by: Narayana Murty N 
---
 src/util/virarch.h| 3 +++
 src/util/virhostcpu.c | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/util/virarch.h b/src/util/virarch.h
index 81b1b27a57..747f77c48e 100644
--- a/src/util/virarch.h
+++ b/src/util/virarch.h
@@ -103,6 +103,9 @@ typedef enum {
 #define ARCH_IS_MIPS64(arch) ((arch) == VIR_ARCH_MIPS64 ||\
   (arch) == VIR_ARCH_MIPS64EL)
 
+#define ARCH_IS_SH4(arch) ((arch) == VIR_ARCH_SH4 ||\
+   (arch) == VIR_ARCH_SH4EB)
+
 typedef enum {
 VIR_ARCH_LITTLE_ENDIAN,
 VIR_ARCH_BIG_ENDIAN,
diff --git a/src/util/virhostcpu.c b/src/util/virhostcpu.c
index 0389012ef7..4027547e1e 100644
--- a/src/util/virhostcpu.c
+++ b/src/util/virhostcpu.c
@@ -1650,7 +1650,7 @@ virHostCPUGetPhysAddrSize(const virArch hostArch,
 {
 g_autoptr(FILE) cpuinfo = NULL;
 
-if (ARCH_IS_S390(hostArch)) {
+if (!(ARCH_IS_X86(hostArch) || ARCH_IS_SH4(hostArch))) {
 /* Ensure size is set to 0 as physical address size is unknown */
 *size = 0;
 return 0;
-- 
2.39.2

Re: [PATCH] hw/rdma: Deprecate the pvrdma device and the rdma subsystem

[libvirt PATCH] meson: Improve nbdkit configurability

Re: [PATCH] hw/rdma: Deprecate the pvrdma device and the rdma subsystem

[PATCH] util:hostcpu: Report physical address size based on Architecture

4 matches

Site Navigation

Mail list logo

Footer information