Instead of trying to match devices passed in based on the monitor
detecting the number of devices that were used in the domain
definition, use the deviceValidateCallback to evaluate if
unsupported devices are used.
This allows the compiler to detect when new device types are added
that need to be
On 6/15/21 2:42 AM, Daniel P. Berrangé wrote:
On Mon, Jun 14, 2021 at 05:22:22PM -0600, Jim Fehlig wrote:
On 6/10/21 7:43 AM, Daniel P. Berrangé wrote:
This series first improves driver probing when using modular daemons.
Currently when URI is NULL, we connect to virtproxyd and it looks
at
On 6/18/21 8:09 AM, Daniel P. Berrangé wrote:
The libxl driver supports xen:///system URLs and the daemon socket
uses 'virtxend' as the socket prefix.
Reported-by: Jim Fehlig
Signed-off-by: Daniel P. Berrangé
---
src/remote/remote_daemon_dispatch.c | 2 +-
1 file changed, 1 insertion(+), 1
On Thu, Jun 17, 2021 at 02:30:27PM -0600, Jim Fehlig wrote:
> Patch 1 removes the use of LIBXL_HAVE_* that are present in Xen >= 4.9.
> Patch 2 mentions the version bump in News.
>
> Thanks danpb for a little prodding to take a closer look at potential
> code reduction! After following through
Am Thu, 17 Jun 2021 14:30:27 -0600
schrieb Jim Fehlig :
> Patch 1 removes the use of LIBXL_HAVE_* that are present in Xen >= 4.9.
Thanks, this compiles for, and looks good to me.
Olaf
pgpsQtL1UiylY.pgp
Description: Digitale Signatur von OpenPGP
On Fri, 18 Jun 2021 10:43:07 -0400
Laine Stump wrote:
> On 6/16/21 4:15 PM, Daniel Henrique Barboza wrote:
> >
> >
> > On 6/9/21 4:38 PM, Manish Mishra wrote:
> >> Hi Everyone,
> >>
> >> We want to add extra options to device xml to skip reattach of pci
> >> passthrough devices. Following
On 6/16/21 4:15 PM, Daniel Henrique Barboza wrote:
On 6/9/21 4:38 PM, Manish Mishra wrote:
Hi Everyone,
We want to add extra options to device xml to skip reattach of pci
passthrough devices. Following is xml format for pci passthrough
devices added to domain as of now.
The libxl driver supports xen:///system URLs and the daemon socket
uses 'virtxend' as the socket prefix.
Reported-by: Jim Fehlig
Signed-off-by: Daniel P. Berrangé
---
src/remote/remote_daemon_dispatch.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
On 24. 05. 21 14:36, Daniel P. Berrangé wrote:
On Mon, May 24, 2021 at 05:25:19AM -0700, Andrea Bolognani wrote:
On Fri, May 21, 2021 at 03:37:00PM +0100, Daniel P. Berrangé wrote:
On Fri, May 21, 2021 at 04:22:59PM +0200, Vit Mojzis wrote:
On 4/30/21 10:28 PM, Vit Mojzis wrote:
On 4/26/21
On 6/18/21 1:45 PM, Ján Tomko wrote:
> See patch 2/3.
>
> Ján Tomko (3):
> Introduce virPidFileForceCleanupPathDelay
> qemu: wait more for virtiofsd to exit
> util: fix typo
>
> src/libvirt_private.syms | 1 +
> src/qemu/qemu_virtiofs.c | 2 +-
> src/util/virpidfile.c| 16
On 6/18/21 1:45 PM, Ján Tomko wrote:
> In some cases, such as doing intense I/O on slow filesystems,
> it can take virtiofsd as long as 42 seconds to exit.
>
> Add a delay of extra 45 seconds before we forcefully kill it.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1940276
This is
On 6/18/21 3:04 PM, Peter Krempa wrote:
> Count the elements in advance rather than using VIR_APPEND_ELEMENT and
> ensure that there's a NULL terminator for the string list so it's GStrv
> compatible.
>
> Signed-off-by: Peter Krempa
> ---
> src/storage/storage_backend_iscsi_direct.c | 29
On Fri, Jun 18, 2021 at 15:20:24 +0200, Boris Fiuczynski wrote:
> To allow other types of launch security the SEV type specific
> parameters like e.g. policy need to be optional and be separated
> from other new launch security types. A test is added to ensure
> the previously required and now
On 6/18/21 3:04 PM, Peter Krempa wrote:
> Peter Krempa (4):
> conf: storage: Introduce virStoragePoolSourceListFree
> virStorageBackendISCSIDirectFindPoolSources: Use allocated
> virStoragePoolSourceList
> virISCSIDirectUpdateTargets: Rework to simplify cleanup and return
> GStrv
>
Add launch security type 's390-pv' as well as some tests.
Signed-off-by: Boris Fiuczynski
Reviewed-by: Daniel Henrique Barboza
---
docs/schemas/domaincommon.rng | 1 +
src/conf/domain_conf.c| 8 +
src/conf/domain_conf.h| 1
This patch series introduces the launch security type s390-pv.
Specifying s390-pv as launch security type in an s390 domain prepares for
running the guest in protected virtualization secure mode, also known as
IBM Secure Execution.
diff to v1:
- Rebased to current master
- Added verification
Add s390-pv-guest capability.
Signed-off-by: Boris Fiuczynski
Reviewed-by: Daniel Henrique Barboza
---
src/qemu/qemu_capabilities.c| 2 ++
src/qemu/qemu_capabilities.h| 1 +
tests/qemucapabilitiesdata/caps_6.0.0.s390x.xml | 1 +
3 files changed, 4
Add documentation for launch security type s390-pv.
Signed-off-by: Boris Fiuczynski
Reviewed-by: Daniel Henrique Barboza
---
docs/formatdomain.rst | 7
docs/kbase/s390_protected_virt.rst | 55 +-
2 files changed, 54 insertions(+), 8 deletions(-)
To allow other types of launch security the SEV type specific
parameters like e.g. policy need to be optional and be separated
from other new launch security types. A test is added to ensure
the previously required and now optional launch security policy
remains required when launch security type
virISCSIDirectScanTargets now returns a GStrv, so we can use automatic
cleanup for it and get rid of the cleanup section.
Signed-off-by: Peter Krempa
---
src/storage/storage_backend_iscsi_direct.c | 20 ++--
1 file changed, 6 insertions(+), 14 deletions(-)
diff --git
Count the elements in advance rather than using VIR_APPEND_ELEMENT and
ensure that there's a NULL terminator for the string list so it's GStrv
compatible.
Signed-off-by: Peter Krempa
---
src/storage/storage_backend_iscsi_direct.c | 29 --
1 file changed, 11 insertions(+), 18
Using an allocated version together with copying the
host/initiator/device portions into it allows us to switch to automatic
clearing rather than open-coding it.
Signed-off-by: Peter Krempa
---
src/storage/storage_backend_iscsi_direct.c | 42 ++
1 file changed, 19
Signed-off-by: Peter Krempa
---
src/conf/storage_conf.c | 16
src/conf/storage_conf.h | 5 +
src/libvirt_private.syms | 1 +
3 files changed, 22 insertions(+)
diff --git a/src/conf/storage_conf.c b/src/conf/storage_conf.c
index 0ecdb0969a..2aa9a3d8f9 100644
---
Peter Krempa (4):
conf: storage: Introduce virStoragePoolSourceListFree
virStorageBackendISCSIDirectFindPoolSources: Use allocated
virStoragePoolSourceList
virISCSIDirectUpdateTargets: Rework to simplify cleanup and return
GStrv
virStorageBackendISCSIDirectFindPoolSources: Rework
On Fri, Jun 18, 2021 at 04:50:46PM +0800, Zhenzhong Duan wrote:
> QEMU provides support for launching an encrypted VMs on Intel x86
> platform using Trust Domain Extension (TDX) feature. This patch adds
> support to query the TDX capabilities from the QEMU.
>
> Currently there is no elements in
On Fri, Jun 18, 2021 at 04:50:50PM +0800, Zhenzhong Duan wrote:
> TDX guest need a specific firmware TDVF to bootup, add a new element
> in TrustDomain element for that purpose, like below:
>
>
>0x0001
>/path/to/TDVF-binary
>
Looking into QEMU patches and if I understand it correctly
On Fri, Jun 18, 2021 at 04:50:48PM +0800, Zhenzhong Duan wrote:
> The TrustDomain element can be used to define the security model to
> use when launching a domain. Only type 'tdx' is supported currently.
>
> When 'tdx' is used, the VM will launched with Intel TDX feature enabled.
> TDX feature
Signed-off-by: Ján Tomko
---
src/util/virprocess.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/util/virprocess.c b/src/util/virprocess.c
index 01d5d01d02..5fad0db63d 100644
--- a/src/util/virprocess.c
+++ b/src/util/virprocess.c
@@ -368,7 +368,7 @@ int
See patch 2/3.
Ján Tomko (3):
Introduce virPidFileForceCleanupPathDelay
qemu: wait more for virtiofsd to exit
util: fix typo
src/libvirt_private.syms | 1 +
src/qemu/qemu_virtiofs.c | 2 +-
src/util/virpidfile.c| 16 +++-
src/util/virpidfile.h| 2 ++
Add a version of virPidFileForceCleanupPath with an extradelay
parameter for processes where the default timeout is not enough.
Signed-off-by: Ján Tomko
---
src/libvirt_private.syms | 1 +
src/util/virpidfile.c| 16 +++-
src/util/virpidfile.h| 2 ++
3 files changed, 18
In some cases, such as doing intense I/O on slow filesystems,
it can take virtiofsd as long as 42 seconds to exit.
Add a delay of extra 45 seconds before we forcefully kill it.
https://bugzilla.redhat.com/show_bug.cgi?id=1940276
Signed-off-by: Ján Tomko
---
src/qemu/qemu_virtiofs.c | 2 +-
1
On Fri, Jun 18, 2021 at 16:50:51 +0800, Zhenzhong Duan wrote:
> TDX guest requires some special parameters in qemu command line.
> They are "pic=no,kernel_irqchip=split" without which guest fails to
> bootup.
>
> PMU has a big impact to the performance of TDX guest. So always
> disable PMU except
On Fri, Jun 18, 2021 at 16:50:50 +0800, Zhenzhong Duan wrote:
> TDX guest need a specific firmware TDVF to bootup, add a new element
> in TrustDomain element for that purpose, like below:
>
>
>0x0001
>/path/to/TDVF-binary
>
>
> Qemu command line looks like:
>
> $QEMU ... \
> -device
On Fri, Jun 18, 2021 at 16:50:48 +0800, Zhenzhong Duan wrote:
> The TrustDomain element can be used to define the security model to
> use when launching a domain. Only type 'tdx' is supported currently.
>
> When 'tdx' is used, the VM will launched with Intel TDX feature enabled.
> TDX feature
On Fri, Jun 18, 2021 at 16:50:45 +0800, Zhenzhong Duan wrote:
> * What's TDX?
> TDX stands for Trust Domain Extensions which isolates VMs from
> the virtual-machine manager (VMM)/hypervisor and any other software on
> the platform.
>
> To support TDX, multiple software components, not only KVM
It is possible to define/edit(in shut off state) a domain XML with
same hostdev device repeated more than once, as shown below. This
behavior is not expected. So, this patch fixes it.
vser1:
[...]
[...]
[...]
TDX guest requires some special parameters in qemu command line.
They are "pic=no,kernel_irqchip=split" without which guest fails to
bootup.
PMU has a big impact to the performance of TDX guest. So always
disable PMU except it's forcely enabled.
Signed-off-by: Zhenzhong Duan
---
TDX guest need a specific firmware TDVF to bootup, add a new element
in TrustDomain element for that purpose, like below:
0x0001
/path/to/TDVF-binary
Qemu command line looks like:
$QEMU ... \
-device loader,file= /path/to/TDVF-binary,id=fd0
Signed-off-by: Zhenzhong Duan
---
The TrustDomain element can be used to define the security model to
use when launching a domain. Only type 'tdx' is supported currently.
When 'tdx' is used, the VM will launched with Intel TDX feature enabled.
TDX feature supports running encrypted VM (Trust Domain, TD) under the
control of KVM.
QEMU will provides 'tdx-guest' object which is used to launch encrypted
VMs on Intel platform using TDX feature. The tag can be
used to launch a TDX guest. A typical TDX guest launch command line
looks like:
$QEMU ... \
-object tdx-guest,id=tdx0,debug=on \
-machine q35,
QEMU provides support for launching an encrypted VMs on Intel x86
platform using Trust Domain Extension (TDX) feature. This patch adds
support to query the TDX capabilities from the QEMU.
Currently there is no elements in TDX capabilities except a placeholder.
Signed-off-by: Chenyi Qiang
Implement trust domain check for INTEL TDX (Trust Domain eXtention)
in order to invalidate the qemu capabilities cache in case the
availability of the feature changed.
For INTEL TDX the verification is:
- checking if /sys/module/kvm_intel/parameters/tdx contains the
value 'Y': meaning TDX is
Extend hypervisor capabilities to include tdx feature. When available,
hypervisor can launch an encrypted VM on Intel platform.
Signed-off-by: Chenyi Qiang
Signed-off-by: Zhenzhong Duan
---
docs/formatdomaincaps.html.in| 16
docs/schemas/domaincaps.rng
* What's TDX?
TDX stands for Trust Domain Extensions which isolates VMs from
the virtual-machine manager (VMM)/hypervisor and any other software on
the platform.
To support TDX, multiple software components, not only KVM but also QEMU,
guest Linux and virtual bios, need to be updated. For more
We are getting close to the next release of libvirt. To aim for the
release on Jul 01 I suggest entering the freeze on Friday Jun 25 and
tagging RC2 on Tuesday Jun 29.
I hope this works for everyone.
Jirka
On Wed, Jun 16, 2021 at 21:16:01 -0700, William Douglas wrote:
> Instead of trying to match devices passed in based on the monitor
> detecting the number of devices that were used in the domain
> definition, use the devicesPostParseCallback to evaluate if
> unsupported devices are used.
>
> This
On 6/18/21 2:46 AM, Douglas, William wrote:
> Ick sorry for the malformed mail...
>
> On 6/17/21 10:33 AM, Michal Prívozník wrote:
>> On 6/17/21 9:00 AM, Peter Krempa wrote:
>>> On Wed, Jun 16, 2021 at 21:16:01 -0700, William Douglas wrote:
Instead of trying to match devices passed in based
On Fri, Jun 18, 2021 at 00:46:03 +, Douglas, William wrote:
> Ick sorry for the malformed mail...
>
> On 6/17/21 10:33 AM, Michal Prívozník wrote:
> > On 6/17/21 9:00 AM, Peter Krempa wrote:
> >> On Wed, Jun 16, 2021 at 21:16:01 -0700, William Douglas wrote:
> >>> Instead of trying to match
48 matches
Mail list logo
