[libvirt] [PATCH v2 04/11] util: replace virHostdevNetConfigReplace with ...(Save|Set)NetConfig()

These two operations will need to be separated so that saving of the original config is done before detaching the host net driver, and setting the new config is done after attaching vfio-pci. This patch splits the single function into two, but for now calls them together (to make bisecting easier

[libvirt] [PATCH v2 11/11] util: rename virHostdevNetConfigRestore() to virHostdevRestoreNetConfig()

--- src/util/virhostdev.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/util/virhostdev.c b/src/util/virhostdev.c index cf57354..468f079 100644 --- a/src/util/virhostdev.c +++ b/src/util/virhostdev.c @@ -518,7 +518,7 @@

[libvirt] [PATCH v2 02/11] util: use new virNetDev*NetConfig() functions for macvtap setup/teardown

This patch modifies the macvtap passthrough setup to use virNetDevSaveNetConfig()+virNetDevSetConfig() instead of virNetDevReplaceNetConfig() or virNetDevReplaceMacAddress(), and the teardown to use virNetDevReadNetConfig()+virNetDevSetConfig() instead of virNetDevRestoreNetConfig() or

[libvirt] [PATCH v2 08/11] util: if setting admin MAC to 00:00:00:00:00:00 fails, try 02:00:00:00:00:00

Some PF drivers allow setting the admin MAC (that is the MAC address that the VF will be initialized to the next time the VF's driver is loaded) to 00:00:00:00:00:00, and some don't. Multiple drivers initialize the admin MACs to all 0, but don't allow setting it to that very same value. It has

[libvirt] [PATCH v2 07/11] util: remove unused functions from virnetdev.c

The global functions virNetDevReplaceMacAddress(), virNetDevReplaceNetConfig(), virNetDevRestoreMacAddress(), and virNetDevRestoreNetConfig() are no longer used, as their functionality has been replaced by virNetDev(Save|Read|Set)NetConfig(). The static functions virNetDevReplaceVfConfig() and

[libvirt] [PATCH v2 10/11] util: log all setting of MAC addresses and vlan tags

Having this information available will make it easier to determine the culprit when MAC or vlan tag appear to not be set, eg.: https://bugzilla.redhat.com/1364073 (This patch doesn't fix that bug, just makes it easier to diagnose) --- src/util/virnetdev.c | 17 ++--- 1 file

[libvirt] [PATCH v2 03/11] util: use new virNetDev*NetConfig() functions for hostdev setup/teardown

virHostdevNetConfigReplace() and virHostdevNetConfigRestore() are modified to use the new virNetDev*NetConfig() functions. Note that due to the VF's original MAC addresses being saved after it has already been un-bound from the host net driver, the actual current VF MAC address won't be saved

[libvirt] [PATCH v2 09/11] util: try *really* hard to set the MAC address of an SRIOV VF

If an SRIOV VF has previously been used for VFIO device assignment, the "admin MAC" that is stored in the PF driver's table of VF info will have been set to the MAC address that the virtual machine wanted the device to have. Setting the admin MAC for a VF also sets a flag in the PF that is loosely

[libvirt] [PATCH v2 00/11] Fix saving/setting/restoring SR-IOV VF MAC address

I pushed the 1st 10 patches of this series. The rest of the series was ACKed as well, except patch 11, which is patch 01/11 in this repost. Michal had asked that the rewrite of the saving/restoring of MAC and vlan tag data use a more sane format for the data file (it has been just an unformatted

[libvirt] [PATCH v2 05/11] util: save hostdev network device config before unbinding from host driver

In order to properly restore the original state of an SRIOV VF when we're finished with it, we need to save the MAC address of the VF itself (not just the admin MAC address for the VF that is stored in the PF). But that can only be done when the VF is still bound to the host's netdev driver, and

[libvirt] [PATCH v2 06/11] util: after hostdev assignment, restore VF MAC address via setting admin MAC

It takes longer to explain this than to fix it... In the past we weren't able to save the VF's own MAC address *at all* when using it for hostdev assignment, because we had already unbound the VF from the host net driver prior to saving its config. With the previous patch, that problem has been

[libvirt] [PATCH v2 01/11] util: new functions virNetDev(Save|Read|Set)NetConfig()

These three functions are destined to replace virNetDev(Replace|Restore)NetConfig() and virNetDev(Replace|Restore)MacAddress(), which both do the save and set together as a single step. We need to separate the save, read, and set steps because there will be situations where we need to do something

Re: [libvirt] [PATCH 11/19] util: new functions virNetDev(Save|Read|Set)NetConfig()

On 03/21/2017 07:21 AM, Michal Privoznik wrote: > On 03/17/2017 03:40 PM, Michal Privoznik wrote: >> >> As discussed on IRC, I can write the code to save/parse the JSON here. >> You've done your part. However, I'm not sure I will manage to make it >> happen today, but maybe beginning of the next

Re: [libvirt] [PATCH v4 03/14] conf: Introduce virDomainHostdevDefPostParse

On 03/22/2017 11:27 AM, Erik Skultety wrote: > Just to make the code a bit cleaner, move hostdev specific post parse > code to its own function just in case it grows in the future. > > Signed-off-by: Erik Skultety > --- > src/conf/domain_conf.c | 75 >

Re: [libvirt] [PATCH v4 02/14] conf: hostdev: Introduce virDomainHostdevSubsysSCSIClear

On 03/22/2017 11:27 AM, Erik Skultety wrote: > Just a tiny wrapper over the SCSI def clearing logic to drop some > if-else branches from a switch, mainly because extending the switch in > the future would render the current code with branching less readable. > > Signed-off-by: Erik Skultety

Re: [libvirt] [PATCH v4 01/14] conf: hostdev: Enforce enum-in-switch compile-time checks

On 03/22/2017 11:27 AM, Erik Skultety wrote: > Enforce virDomainHostdevSubsysType checking during compilation. Again, > one of a few spots in our code where we should enforce the typecast to > the enum type, thus not forgetting to update *all* switch occurrences > dealing with the give enum. > >

Re: [libvirt] [PATCH resend V10 01/12] Resctrl: Add some utils functions

-- Best regards Eli 天涯无处不重逢 a leaf duckweed belongs to the sea, where not to meet in life Sent with Sparrow (http://www.sparrowmailapp.com/?sig) On Thursday, 16 March 2017 at 3:52 PM, Eli Qiao wrote: > > > -- > Best regards > Eli > > 天涯无处不重逢 > a leaf duckweed belongs to the

[libvirt] [PATCH] network: only check for IPv6 RA routes when the network has an IPv6 address

commit 00d28a78 added a check to see if there were any IPv6 routes added by RA (Router Advertisement) via an interface that had accept_ra set to something other than "2". The check was being done unconditionally, but it's only relevant if IPv6 forwarding is going to be turned on, and that will

[libvirt] [PATCH v4 09/10] qemu: Set up the migration TLS objects for source

https://bugzilla.redhat.com/show_bug.cgi?id=1300769 If the migration flags indicate this migration will be using TLS, then while we have connection in the Begin phase check and setup the TLS environment that will be used by virMigrationRun during the Perform phase for the source to configure TLS.

[libvirt] [PATCH v4 10/10] docs: Add news entry for Migration using TLS

Signed-off-by: John Ferlan --- docs/news.xml | 8 1 file changed, 8 insertions(+) diff --git a/docs/news.xml b/docs/news.xml index f1bfeda..bb8a83c 100644 --- a/docs/news.xml +++ b/docs/news.xml @@ -51,6 +51,14 @@ enhanced check may also be requested when

[libvirt] [PATCH v4 07/10] qemu: Add job for qemuDomain{Add|Del}TLSObjects

Add an asyncJob argument for add/delete TLS Objects. A future patch will add/delete TLS objects from a migration which may have a job to join. Signed-off-by: John Ferlan --- src/qemu/qemu_hotplug.c | 24 src/qemu/qemu_hotplug.h | 2 ++ 2 files

[libvirt] [PATCH v4 08/10] qemu: Set up the migration TLS objects for target

If the migration flags indicate this migration will be using TLS, then set up the destination during the prepare phase once the target domain has been started to add the TLS objects to perform the migration. This will create at least an "-object tls-creds-x509,endpoint=server,..." for TLS

[libvirt] [PATCH v4 06/10] qemu: Add TLS params to _qemuMonitorMigrationParams

Add the fields to support setting tls-creds and tls-hostname during a migration (either source or target). Modify the query migration function to check for the presence and set the field for future consumers to determine which of 3 conditions is being met (NULL, present and set to "", or present

[libvirt] [PATCH v4 05/10] Add new migration flag VIR_MIGRATE_TLS

Signed-off-by: John Ferlan --- include/libvirt/libvirt-domain.h | 8 src/qemu/qemu_migration.h| 3 ++- tools/virsh-domain.c | 7 +++ 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/include/libvirt/libvirt-domain.h

[libvirt] [PATCH v4 04/10] qemu: Update the TLS client verify descriptions for vnc and chardev

Update the descriptions to match the migrate option. Signed-off-by: John Ferlan --- src/qemu/qemu.conf | 19 +-- 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index a609aa4..e6c0832 100644 ---

[libvirt] [PATCH v4 03/10] conf: Introduce migrate_tls_x509_cert_dir

Add a new TLS X.509 certificate type - "migrate". This will handle the creation of a TLS certificate capability (and possibly repository) to be used for migrations. Similar to chardev's, credentials will be handled via a libvirt secrets; however, unlike chardev's enablement and usage will be via a

[libvirt] [PATCH v4 02/10] qemu: Replace macro usage of (false); with just (0)

Signed-off-by: John Ferlan --- src/qemu/qemu_conf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index d3f318d..34646bd 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -275,7 +275,7 @@

[libvirt] [PATCH v4 01/10] qemu: Create #define for TLS configuration setup.

Create GET_CONFIG_TLS_CERT to set up the TLS for 'chardev' TLS setting. Soon to be reused. Signed-off-by: John Ferlan --- src/qemu/qemu_conf.c | 39 +-- 1 file changed, 25 insertions(+), 14 deletions(-) diff --git a/src/qemu/qemu_conf.c

[libvirt] [PATCH v4 00/10] Add TLS support for migration

v3: http://www.redhat.com/archives/libvir-list/2017-March/msg00878.html Changes from v1 Patch 1: Fix the (false); to (0) Patch 2: New to adjust the other (false); in qemu_conf.c Patch 3: Alter the text slightly - also found that the client parameters are only required if

Re: [libvirt] [PATCH 20/23] tests: qemumonitorjson: Add relative image names for node name detection

On 03/15/2017 11:37 AM, Peter Krempa wrote: > oVirt uses relative names with directories in them. Test such > configuration. Also tests a snapshot done with _REUSE_EXTERNAL and a > relative backing file pre-specified in the qcow2 metadata. > --- > .../qemumonitorjson-nodename-relative.json

Re: [libvirt] [PATCH 19/23] tests: qemumonitorjson: Add case for two disks sharing a backing image

On 03/15/2017 11:37 AM, Peter Krempa wrote: > Since we have to match the images by filename a common backing image > will break the detection process. Add a test case to see that the code > correctly did not continue the detection process. Maybe qemu can be enhanced to add a new command that

Re: [libvirt] [PATCH 18/23] tests: qemumonitorjson: Add long backing chain test case for node name detection

On 03/15/2017 11:37 AM, Peter Krempa wrote: > --- > .../qemumonitorjson-nodename-2.json| 2270 > > .../qemumonitorjson-nodename-2.result | 60 + > tests/qemumonitorjsontest.c|1 + > 3 files changed, 2331

Re: [libvirt] [PATCH 17/23] tests: qemumonitorjson: Add test case for node name detection code

On 03/15/2017 11:37 AM, Peter Krempa wrote: > The code is rather magic so a test case will help making sure that > everything works well. The first case is a simple backing chain. > --- > .../qemumonitorjson-nodename-1.json| 268 > + >

Re: [libvirt] [PATCH 16/23] qemu: block: Add code to allow detection of auto-allocated node names

On 03/15/2017 11:37 AM, Peter Krempa wrote: > qemu for some time already sets node names automatically for the block > nodes. This patch adds code that attempts a best-effort detection of the > node names for the backing chain from the output of > 'query-named-block-nodes'. The only drawback is

Re: [libvirt] [PATCH 15/23] qemu: monitor: Add monitor infrastructure for query-named-block-nodes

On 03/15/2017 11:37 AM, Peter Krempa wrote: > Add monitor tooling for calling query-named-block-nodes. The monitor > returns the data as the raw JSON array that is returned from the > monitor. > > Unfortunately the logic to extract the node names for a complete backing > chain will be so complex

Re: [libvirt] [PATCH 14/23] qemu: capabilities: add capability for query-named-block-nodes qmp cmd

On 03/15/2017 11:37 AM, Peter Krempa wrote: > --- > src/qemu/qemu_capabilities.c| 2 ++ > src/qemu/qemu_capabilities.h| 1 + > tests/qemucapabilitiesdata/caps_2.1.1.x86_64.xml| 1 + > tests/qemucapabilitiesdata/caps_2.4.0.x86_64.xml

Re: [libvirt] [PATCH 13/23] qemu: implement qemuDomainSetBlockThreshold

On 03/15/2017 11:37 AM, Peter Krempa wrote: > Add code to call the appropriate monitor command and code to lookup the > given disk backing chain member. > --- > > + > +if (!src->nodebacking) { > +virReportError(VIR_ERR_OPERATION_UNSUPPORTED, > + _("threshold

Re: [libvirt] [PATCH 12/23] qemu: domain: Add helper to look up disk soruce by the backing store string

On 03/15/2017 11:37 AM, Peter Krempa wrote: > --- > src/qemu/qemu_domain.c | 37 + > src/qemu/qemu_domain.h | 3 +++ > 2 files changed, 40 insertions(+) > ACK -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library

Re: [libvirt] [PATCH 11/23] virsh: Implement 'domblkthreshold' command to call virDomainSetBlockThreshold

On 03/15/2017 11:37 AM, Peter Krempa wrote: > Add a simple wrapper which will allow to set the threshold for > delivering the event. > --- > tools/virsh-domain.c | 64 > > tools/virsh.pod | 8 +++ > 2 files changed, 72 insertions(+)

[libvirt] [PATCH 8/8] docs: Improve documentation related to memory locking

--- docs/formatdomain.html.in | 36 +++- 1 file changed, 23 insertions(+), 13 deletions(-) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 4a3123e..5906de6 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -937,14

[libvirt] [PATCH 7/8] tests: Introduce QEMU memory locking limit tests

These tests cover a number of scenarios where we care about the memory locking limit being set correctly for the guest to work properly. --- tests/Makefile.am | 9 ++ .../qemumemlock-pc-hardlimit+hostdev.xml | 20 +++

[libvirt] [PATCH 3/8] qemu: Fix memory locking limit calculation

For guests that use , our only option is to remove the memory locking limit altogether. --- src/qemu/qemu_domain.c | 11 +++ 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 2e2ba4f..01681a5 100644 ---

[libvirt] [PATCH 6/8] tests: Introduce virTestCompareToULL()

This will be used later on in the test suite. --- tests/testutils.c | 27 +++ tests/testutils.h | 2 ++ 2 files changed, 29 insertions(+) diff --git a/tests/testutils.c b/tests/testutils.c index 13eff9e..f3feb6d 100644 --- a/tests/testutils.c +++ b/tests/testutils.c @@

[libvirt] [PATCH 1/8] Revert "qemu: Forbid without "

This reverts commit c2e60ad0e5124482942164e5fec088157f5e716a. Turns out this check is excessively strict: there are ways other than to raise the memory locking limit for QEMU processes, one prominent example being tweaking /etc/security/limits.conf. Resolves:

[libvirt] [PATCH 5/8] command: Introduce virCommandGetMaxMemLock()

This will be used later on in the test suite. --- src/libvirt_private.syms | 1 + src/util/vircommand.c| 9 + src/util/vircommand.h| 2 ++ 3 files changed, 12 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index a1c7624..a978d61 100644 ---

[libvirt] [PATCH 4/8] process: Translate "unlimited" correctly

The value we use internally to represent the lack of a memory locking limit, VIR_DOMAIN_MEMORY_PARAM_UNLIMITED, doesn't match the value setrlimit() and prlimit() use for the same purpose, RLIM_INFINITY, so we have to handle the translation ourselves. --- src/util/virprocess.c | 20

[libvirt] [PATCH 2/8] qemu: Remove qemuDomainRequiresMemLock()

Instead of having a separate function, we can simply return zero from the existing qemuDomainGetMemLockLimitBytes() to signal the caller that the memory locking limit doesn't need to be set for the guest. Having a single function instead of two makes it less likely that we will use the wrong

[libvirt] [PATCH 0/8] Memory locking fixes

A problem reported recently to the mailing list[1] uncovered some flaws in the way we deal with setting the memory locking limit for QEMU guests. This series solves those issues and adds test suite coverage to hopefully prevent more bugs from popping up in the future. [1]

Re: [libvirt] [PATCH 10/23] lib: Add API for setting the threshold size for VIR_DOMAIN_EVENT_ID_BLOCK_THRESHOLD

On 03/15/2017 11:37 AM, Peter Krempa wrote: > The new API can be used to configure the threshold when > VIR_DOMAIN_EVENT_ID_BLOCK_THRESHOLD should be fired. > --- > +++ b/src/libvirt-domain.c > @@ -11822,3 +11822,54 @@ virDomainSetVcpu(virDomainPtr domain, > virDispatchError(domain->conn); >

Re: [libvirt] [PATCH v2] qemu: snapshot: Forbid internal snapshots with pflash firmware

On 03/23/17 15:07, Peter Krempa wrote: > On Thu, Mar 23, 2017 at 11:03:02 +0100, Laszlo Ersek wrote: >> On 03/23/17 10:54, Peter Krempa wrote: >>> On Thu, Mar 23, 2017 at 10:48:01 +0100, Laszlo Ersek wrote: On 03/23/17 10:29, Peter Krempa wrote: > If the variable store () file is raw qemu

Re: [libvirt] [PATCH v2 5/5] network: check accept_ra before enabling ipv6 forwarding

On Thu, 2017-03-23 at 12:09 -0400, John Ferlan wrote: > > On 03/23/2017 04:44 AM, Cedric Bosdonnat wrote: > > On Wed, 2017-03-22 at 07:16 -0400, John Ferlan wrote: > > > [...] > > > > > > > + > > > > +static int > > > > +virNetDevIPCheckIPv6ForwardingCallback(const struct nlmsghdr *resp, > > > >

Re: [libvirt] [PATCH v2 5/5] network: check accept_ra before enabling ipv6 forwarding

On 03/23/2017 04:44 AM, Cedric Bosdonnat wrote: > On Wed, 2017-03-22 at 07:16 -0400, John Ferlan wrote: >> [...] >> >>> + >>> +static int >>> +virNetDevIPCheckIPv6ForwardingCallback(const struct nlmsghdr *resp, >>> + void *opaque) >>> +{ >>> +struct

Re: [libvirt] [PATCH 01/23] qemu: driver: Don't call qemuDomainDetermineDiskChain on block jobs

On Thu, Mar 23, 2017 at 10:31:06 -0500, Eric Blake wrote: > On 03/23/2017 02:13 AM, Peter Krempa wrote: > > On Wed, Mar 22, 2017 at 14:21:29 -0500, Eric Blake wrote: > >> On 03/15/2017 11:37 AM, Peter Krempa wrote: > >>> Our code calls it when starting or re-starting the domain or when > >>>

Re: [libvirt] [PATCH 02/23] util: buffer: Add API to set indentation level to a given value

On 03/23/2017 02:14 AM, Peter Krempa wrote: >> >> No testsuite addition? > > For such trivial operation? I think we have pretty strong coverage of > the indentation code. This simple setter isn't worth it IMO. I don't see how adding one or two lines to the testsuite, to ensure we don't break

Re: [libvirt] [PATCH 01/23] qemu: driver: Don't call qemuDomainDetermineDiskChain on block jobs

On 03/23/2017 02:13 AM, Peter Krempa wrote: > On Wed, Mar 22, 2017 at 14:21:29 -0500, Eric Blake wrote: >> On 03/15/2017 11:37 AM, Peter Krempa wrote: >>> Our code calls it when starting or re-starting the domain or when >>> hotplugging the disk so there's nothing to be detected. >>> --- >>>

[libvirt] [PATCH 0/9] Support more options for intel-iommu

https://bugzilla.redhat.com/show_bug.cgi?id=1427005 Ján Tomko (9): conf: add to qemu: format kernel_irqchip on the command line Split out virDomainIOMMUDefFormat conf: add to qemu: allow conditional device property probing qemu: refactor qemuBuildIOMMUCommandLine qemu: format

[libvirt] [PATCH 5/9] qemu: allow conditional device property probing

Do not probe for devices that QEMU does not know when probing for device options. --- src/qemu/qemu_capabilities.c | 99 ++-- 1 file changed, 68 insertions(+), 31 deletions(-) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index

[libvirt] [PATCH 8/9] conf: add caching attribute to iommu device

Add a new attribute to control the caching mode. https://bugzilla.redhat.com/show_bug.cgi?id=1427005 --- docs/formatdomain.html.in | 9 +++ docs/schemas/domaincommon.rng | 5 src/conf/domain_conf.c | 23

[libvirt] [PATCH 6/9] qemu: refactor qemuBuildIOMMUCommandLine

Introduce a separate buffer for options and use a helper variable for def->iommu. --- src/qemu/qemu_command.c | 21 +++-- 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 58af585..c1c7f1a 100644 ---

[libvirt] [PATCH 7/9] qemu: format intremap= on intel-iommu command line

Add the intremap= option to QEMU command line, corresponding to the attribute of the iommu device. https://bugzilla.redhat.com/show_bug.cgi?id=1427005 --- src/qemu/qemu_capabilities.c | 8 src/qemu/qemu_capabilities.h | 1 +

[libvirt] [PATCH 1/9] conf: add to

Add a new element with a mode attribute. Possible values are off, split or on. https://bugzilla.redhat.com/show_bug.cgi?id=1427005 --- docs/formatdomain.html.in | 10 +++ docs/schemas/domaincommon.rng | 16 ++ src/conf/domain_conf.c

[libvirt] [PATCH 9/9] qemu: format caching-mode on iommu command line

Format the caching-mode option for the intel-iommu device, based on its attribute value. https://bugzilla.redhat.com/show_bug.cgi?id=1427005 --- src/qemu/qemu_capabilities.c | 2 ++ src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_command.c

[libvirt] [PATCH 3/9] Split out virDomainIOMMUDefFormat

Make adding subelements easier. --- src/conf/domain_conf.c | 15 +++ 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index ffc6a68..1245fdd 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -23842,6

[libvirt] [PATCH 4/9] conf: add to

Add a new attribute to control interrupt remapping. https://bugzilla.redhat.com/show_bug.cgi?id=1427005 --- docs/formatdomain.html.in | 22 - docs/schemas/domaincommon.rng | 9 + src/conf/domain_conf.c |

[libvirt] [PATCH 2/9] qemu: format kernel_irqchip on the command line

Add kernel_irqchip=off/split/on to the QEMU command line and a capability that looks for it in query-command-line-options output. https://bugzilla.redhat.com/show_bug.cgi?id=1427005 --- src/libvirt_private.syms | 1 + src/qemu/qemu_capabilities.c

Re: [libvirt] [PATCH v2] qemu: snapshot: Forbid internal snapshots with pflash firmware

On Thu, Mar 23, 2017 at 11:03:02 +0100, Laszlo Ersek wrote: > On 03/23/17 10:54, Peter Krempa wrote: > > On Thu, Mar 23, 2017 at 10:48:01 +0100, Laszlo Ersek wrote: > >> On 03/23/17 10:29, Peter Krempa wrote: > >>> If the variable store () file is raw qemu can't do a snapshot of > >>> it and thus

Re: [libvirt] Live attaching a disk to a VM fails with apparmor enabled

Hello Cedric, Please let me know if you need any additional information. I would also be able to help you test patches regarding this issue. I'm looking forward to your findings. Thanks, Frank Van: Cedric Bosdonnat Verzonden: donderdag

Re: [libvirt] Live attaching a disk to a VM fails with apparmor enabled

Hello Frank, I'm currently investigating some apparmor-related bug with namespaces. This one is surely related. I'll look into it when I'm done with the one I'm working on. -- Cedric On Thu, 2017-03-23 at 12:07 +, Frank Schreuder wrote: > Hello, > > I'm running libvirt 3.1.0 on a Debian 8

[libvirt] Live attaching a disk to a VM fails with apparmor enabled

Hello, I'm running libvirt 3.1.0 on a Debian 8 server. I installed apparmor and configured libvirt to use apparmor as security driver. After booting a VM, virsh dumpxml shows an apparmor seclabel. As soon as I try to attach a second disk to the VM, apparmor blocks this. virsh attach-device

[libvirt] [PATCH] qemu: Fix typo in __QEMU_CAPSPRIV_H_ALLOW__

--- Pushed as trivial. src/qemu/qemu_capabilities.c | 2 +- src/qemu/qemu_capspriv.h | 2 +- tests/cputest.c | 4 ++-- tests/qemucapabilitiestest.c | 2 +- tests/qemucapsprobe.c| 2 +- tests/qemucpumock.c | 4 ++-- tests/qemuxml2argvtest.c | 4 ++--

Re: [libvirt] [PATCH] qemu: forbid migration with an IOMMU device

On Thu, Mar 23, 2017 at 11:16:17AM +0100, Ján Tomko wrote: > https://bugzilla.redhat.com/show_bug.cgi?id=1433994 > --- > src/qemu/qemu_migration.c | 6 ++ > 1 file changed, 6 insertions(+) ACK Pavel signature.asc Description: Digital signature -- libvir-list mailing list

[libvirt] [PATCH] qemu: forbid migration with an IOMMU device

https://bugzilla.redhat.com/show_bug.cgi?id=1433994 --- src/qemu/qemu_migration.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c index f5711bc..15ed830 100644 --- a/src/qemu/qemu_migration.c +++ b/src/qemu/qemu_migration.c @@

Re: [libvirt] [PATCH v2] qemu: snapshot: Forbid internal snapshots with pflash firmware

On Thu, Mar 23, 2017 at 10:54:04 +0100, Peter Krempa wrote: > On Thu, Mar 23, 2017 at 10:48:01 +0100, Laszlo Ersek wrote: > > On 03/23/17 10:29, Peter Krempa wrote: > > > If the variable store () file is raw qemu can't do a snapshot of > > > it and thus the snapshot would be incomplete. QEMU does

Re: [libvirt] [PATCH v2] qemu: snapshot: Forbid internal snapshots with pflash firmware

On 03/23/17 10:54, Peter Krempa wrote: > On Thu, Mar 23, 2017 at 10:48:01 +0100, Laszlo Ersek wrote: >> On 03/23/17 10:29, Peter Krempa wrote: >>> If the variable store () file is raw qemu can't do a snapshot of >>> it and thus the snapshot would be incomplete. QEMU does no reject such >>>

Re: [libvirt] [PATCH v2] qemu: snapshot: Forbid internal snapshots with pflash firmware

On Thu, Mar 23, 2017 at 10:48:01 +0100, Laszlo Ersek wrote: > On 03/23/17 10:29, Peter Krempa wrote: > > If the variable store () file is raw qemu can't do a snapshot of > > it and thus the snapshot would be incomplete. QEMU does no reject such > > snapshot. > > > > Additionally allowing to use a

Re: [libvirt] [PATCH v2] qemu: snapshot: Forbid internal snapshots with pflash firmware

On 03/23/17 10:29, Peter Krempa wrote: > If the variable store () file is raw qemu can't do a snapshot of > it and thus the snapshot would be incomplete. QEMU does no reject such > snapshot. > > Additionally allowing to use a qcow2 variable store backing file would > solve this issue but then it

Re: [libvirt] [PATCH v3 7/7] qemu: Set up the migration TLS objects for source

On Wed, Mar 22, 2017 at 21:42:49 -0400, John Ferlan wrote: > On 03/22/2017 12:26 PM, Jiri Denemark wrote: > > On Fri, Mar 17, 2017 at 14:39:01 -0400, John Ferlan wrote: ... > >> @@ -5075,6 +5086,38 @@ qemuMigrationRun(virQEMUDriverPtr driver, > >> if (qemuDomainMigrateGraphicsRelocate(driver,

[libvirt] [PATCH v2] qemu: snapshot: Forbid internal snapshots with pflash firmware

If the variable store () file is raw qemu can't do a snapshot of it and thus the snapshot would be incomplete. QEMU does no reject such snapshot. Additionally allowing to use a qcow2 variable store backing file would solve this issue but then it would become eligible to become target of the

Re: [libvirt] [PATCH v3 6/7] qemu: Set up the migrate TLS objects for target

On Wed, Mar 22, 2017 at 21:40:04 -0400, John Ferlan wrote: > On 03/22/2017 12:26 PM, Jiri Denemark wrote: > > On Fri, Mar 17, 2017 at 14:39:00 -0400, John Ferlan wrote: ... > >> Since incoming migrations that don't reach the Finish stage will be > >> killed in qemuProcessRecoverMigrationIn and the

Re: [libvirt] [PATCH v2 5/5] network: check accept_ra before enabling ipv6 forwarding

On Wed, 2017-03-22 at 07:16 -0400, John Ferlan wrote: > [...] > > > + > > +static int > > +virNetDevIPCheckIPv6ForwardingCallback(const struct nlmsghdr *resp, > > +   void *opaque) > > +{ > > +struct rtmsg *rtmsg = NLMSG_DATA(resp); > > +int accept_ra =

Re: [libvirt] [PATCH v3 2/7] conf: Introduce migrate_tls_x509_cert_dir

On Wed, Mar 22, 2017 at 14:52:28 -0400, John Ferlan wrote: > > > On 03/22/2017 12:26 PM, Jiri Denemark wrote: > > On Fri, Mar 17, 2017 at 14:38:56 -0400, John Ferlan wrote: > >> Add a new TLS X.509 certificate type - "migrate". This will handle the > >> creation of a TLS certificate capability

Re: [libvirt] [PATCH 02/23] util: buffer: Add API to set indentation level to a given value

On Wed, Mar 22, 2017 at 14:27:18 -0500, Eric Blake wrote: > On 03/15/2017 11:37 AM, Peter Krempa wrote: > > It will be useful to set indentation level to 0 after formatting a > > nested structure rather than having to track the depth. > > --- > > src/libvirt_private.syms | 1 + > >

Re: [libvirt] [PATCH 01/23] qemu: driver: Don't call qemuDomainDetermineDiskChain on block jobs

On Wed, Mar 22, 2017 at 14:21:29 -0500, Eric Blake wrote: > On 03/15/2017 11:37 AM, Peter Krempa wrote: > > Our code calls it when starting or re-starting the domain or when > > hotplugging the disk so there's nothing to be detected. > > --- > > src/qemu/qemu_driver.c | 5 - > > 1 file