From fbe74073fa9ace2eef29f9b26f8eec2a772a512c Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jul 28 2020 06:55:52 +0000 Subject: import libvirt-6.0.0-25.module+el8.3.0+7176+57f10f42 --- diff --git a/.gitignore b/.gitignore index 95d8dbd..7677d22 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/libvirt-4.5.0.tar.xz +SOURCES/libvirt-6.0.0.tar.xz diff --git a/.libvirt.metadata b/.libvirt.metadata index 3fedbbb..4a2f940 100644 --- a/.libvirt.metadata +++ b/.libvirt.metadata @@ -1 +1 @@ -5f097d246c0fba04d18ac7ec951ad56ffa1a8958 SOURCES/libvirt-4.5.0.tar.xz +9939a559e652d44b27e3404a26bcabe58988e4b4 SOURCES/libvirt-6.0.0.tar.xz diff --git a/SOURCES/libvirt-Handle-copying-bitmaps-to-larger-data-buffers.patch b/SOURCES/libvirt-Handle-copying-bitmaps-to-larger-data-buffers.patch deleted file mode 100644 index 4f8ba04..0000000 --- a/SOURCES/libvirt-Handle-copying-bitmaps-to-larger-data-buffers.patch +++ /dev/null @@ -1,56 +0,0 @@ -From e75abae126f9fcaf1e8478f0780ecae736f7d3e1 Mon Sep 17 00:00:00 2001 -Message-Id: -From: "Allen, John" -Date: Tue, 2 Jul 2019 17:05:34 +0200 -Subject: [PATCH] Handle copying bitmaps to larger data buffers -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -If a bitmap of a shorter length than the data buffer is passed to -virBitmapToDataBuf, it will read off the end of the bitmap and copy junk -into the returned buffer. Add a check to only copy the length of the -bitmap to the buffer. - -The problem can be observed after setting a vcpu affinity using the vcpupin -command on a system with a large number of cores: - # virsh vcpupin example_domain 0 0 - # virsh vcpupin example_domain 0 - VCPU CPU Affinity - --------------------------- - 0 0,192,197-198,202 - -Signed-off-by: John Allen -(cherry picked from commit 51f9f80d350e633adf479c6a9b3c55f82ca9cbd4) - -https: //bugzilla.redhat.com/show_bug.cgi?id=1703160 -Signed-off-by: Erik Skultety -Message-Id: <1a487c4f1ba9725eb7325debeeff2861d7047890.1562079635.git.eskultet@redhat.com> -Reviewed-by: Ján Tomko ---- - src/util/virbitmap.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/util/virbitmap.c b/src/util/virbitmap.c -index 49e542a4e6..7df0a2d4f3 100644 ---- a/src/util/virbitmap.c -+++ b/src/util/virbitmap.c -@@ -831,11 +831,15 @@ virBitmapToDataBuf(virBitmapPtr bitmap, - unsigned char *bytes, - size_t len) - { -+ size_t nbytes = bitmap->map_len * (VIR_BITMAP_BITS_PER_UNIT / CHAR_BIT); - unsigned long *l; - size_t i, j; - - memset(bytes, 0, len); - -+ /* If bitmap and buffer differ in size, only fill to the smaller length */ -+ len = MIN(len, nbytes); -+ - /* htole64 is not provided by gnulib, so we do the conversion by hand */ - l = bitmap->map; - for (i = j = 0; i < len; i++, j++) { --- -2.22.0 - diff --git a/SOURCES/libvirt-PPC64-support-for-NVIDIA-V100-GPU-with-NVLink2-passthrough.patch b/SOURCES/libvirt-PPC64-support-for-NVIDIA-V100-GPU-with-NVLink2-passthrough.patch deleted file mode 100644 index d29a9cf..0000000 --- a/SOURCES/libvirt-PPC64-support-for-NVIDIA-V100-GPU-with-NVLink2-passthrough.patch +++ /dev/null @@ -1,183 +0,0 @@ -From 5347b12008842b5c86f766e391c6f3756afbff7d Mon Sep 17 00:00:00 2001 -Message-Id: <5347b12008842b5c86f766e391c6f3756afbff7d@dist-git> -From: Daniel Henrique Barboza -Date: Fri, 3 May 2019 13:54:53 +0200 -Subject: [PATCH] PPC64 support for NVIDIA V100 GPU with NVLink2 passthrough - -The NVIDIA V100 GPU has an onboard RAM that is mapped into the -host memory and accessible as normal RAM via an NVLink2 bridge. When -passed through in a guest, QEMU puts the NVIDIA RAM window in a -non-contiguous area, above the PCI MMIO area that starts at 32TiB. -This means that the NVIDIA RAM window starts at 64TiB and go all the -way to 128TiB. - -This means that the guest might request a 64-bit window, for each PCI -Host Bridge, that goes all the way to 128TiB. However, the NVIDIA RAM -window isn't counted as regular RAM, thus this window is considered -only for the allocation of the Translation and Control Entry (TCE). -For more information about how NVLink2 support works in QEMU, -refer to the accepted implementation [1]. - -This memory layout differs from the existing VFIO case, requiring its -own formula. This patch changes the PPC64 code of -@qemuDomainGetMemLockLimitBytes to: - -- detect if we have a NVLink2 bridge being passed through to the -guest. This is done by using the @ppc64VFIODeviceIsNV2Bridge function -added in the previous patch. The existence of the NVLink2 bridge in -the guest means that we are dealing with the NVLink2 memory layout; - -- if an IBM NVLink2 bridge exists, passthroughLimit is calculated in a -different way to account for the extra memory the TCE table can alloc. -The 64TiB..128TiB window is more than enough to fit all possible -GPUs, thus the memLimit is the same regardless of passing through 1 or -multiple V100 GPUs. - -Further reading explaining the background -[1] https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg03700.html -[2] https://www.redhat.com/archives/libvir-list/2019-March/msg00660.html -[3] https://www.redhat.com/archives/libvir-list/2019-April/msg00527.html - -Signed-off-by: Daniel Henrique Barboza -Reviewed-by: Erik Skultety -(cherry picked from commit 1a922648f67f56c4374d647feebf2adb9a642f96) - -https://bugzilla.redhat.com/show_bug.cgi?id=1505998 - -Conflicts: - The upstream commit relied on: - - v4.7.0-37-gb72183223f - - v4.7.0-38-ga14f597266 - which were not backported so virPCIDeviceAddressAsString had to - swapped for the former virDomainPCIAddressAsString in order to - compile. - -Signed-off-by: Erik Skultety -Message-Id: <03c00ebf46d85b0615134ef8655e67a4c909b7da.1556884443.git.eskultet@redhat.com> -Reviewed-by: Andrea Bolognani ---- - src/qemu/qemu_domain.c | 80 ++++++++++++++++++++++++++++++++---------- - 1 file changed, 61 insertions(+), 19 deletions(-) - -diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c -index a8bc618389..21f0722495 100644 ---- a/src/qemu/qemu_domain.c -+++ b/src/qemu/qemu_domain.c -@@ -9813,7 +9813,7 @@ qemuDomainUpdateCurrentMemorySize(virQEMUDriverPtr driver, - * such as '0004:04:00.0', and tells if the device is a NVLink2 - * bridge. - */ --static ATTRIBUTE_UNUSED bool -+static bool - ppc64VFIODeviceIsNV2Bridge(const char *device) - { - const char *nvlink2Files[] = {"ibm,gpu", "ibm,nvlink", -@@ -9851,7 +9851,9 @@ getPPC64MemLockLimitBytes(virDomainDefPtr def) - unsigned long long maxMemory = 0; - unsigned long long passthroughLimit = 0; - size_t i, nPCIHostBridges = 0; -+ virPCIDeviceAddressPtr pciAddr; - bool usesVFIO = false; -+ bool nvlink2Capable = false; - - for (i = 0; i < def->ncontrollers; i++) { - virDomainControllerDefPtr cont = def->controllers[i]; -@@ -9869,7 +9871,17 @@ getPPC64MemLockLimitBytes(virDomainDefPtr def) - dev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI && - dev->source.subsys.u.pci.backend == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) { - usesVFIO = true; -- break; -+ -+ pciAddr = &dev->source.subsys.u.pci.addr; -+ if (virPCIDeviceAddressIsValid(pciAddr, false)) { -+ VIR_AUTOFREE(char *) pciAddrStr = NULL; -+ -+ pciAddrStr = virDomainPCIAddressAsString(pciAddr); -+ if (ppc64VFIODeviceIsNV2Bridge(pciAddrStr)) { -+ nvlink2Capable = true; -+ break; -+ } -+ } - } - } - -@@ -9896,29 +9908,59 @@ getPPC64MemLockLimitBytes(virDomainDefPtr def) - 4096 * nPCIHostBridges + - 8192; - -- /* passthroughLimit := max( 2 GiB * #PHBs, (c) -- * memory (d) -- * + memory * 1/512 * #PHBs + 8 MiB ) (e) -+ /* NVLink2 support in QEMU is a special case of the passthrough -+ * mechanics explained in the usesVFIO case below. The GPU RAM -+ * is placed with a gap after maxMemory. The current QEMU -+ * implementation puts the NVIDIA RAM above the PCI MMIO, which -+ * starts at 32TiB and is the MMIO reserved for the guest main RAM. - * -- * (c) is the pre-DDW VFIO DMA window accounting. We're allowing 2 GiB -- * rather than 1 GiB -+ * This window ends at 64TiB, and this is where the GPUs are being -+ * placed. The next available window size is at 128TiB, and -+ * 64TiB..128TiB will fit all possible NVIDIA GPUs. - * -- * (d) is the with-DDW (and memory pre-registration and related -- * features) DMA window accounting - assuming that we only account RAM -- * once, even if mapped to multiple PHBs -+ * The same assumption as the most common case applies here: -+ * the guest will request a 64-bit DMA window, per PHB, that is -+ * big enough to map all its RAM, which is now at 128TiB due -+ * to the GPUs. - * -- * (e) is the with-DDW userspace view and overhead for the 64-bit DMA -- * window. This is based a bit on expected guest behaviour, but there -- * really isn't a way to completely avoid that. We assume the guest -- * requests a 64-bit DMA window (per PHB) just big enough to map all -- * its RAM. 4 kiB page size gives the 1/512; it will be less with 64 -- * kiB pages, less still if the guest is mapped with hugepages (unlike -- * the default 32-bit DMA window, DDW windows can use large IOMMU -- * pages). 8 MiB is for second and further level overheads, like (b) */ -- if (usesVFIO) -+ * Note that the NVIDIA RAM window must be accounted for the TCE -+ * table size, but *not* for the main RAM (maxMemory). This gives -+ * us the following passthroughLimit for the NVLink2 case: -+ * -+ * passthroughLimit = maxMemory + -+ * 128TiB/512KiB * #PHBs + 8 MiB */ -+ if (nvlink2Capable) { -+ passthroughLimit = maxMemory + -+ 128 * (1ULL<<30) / 512 * nPCIHostBridges + -+ 8192; -+ } else if (usesVFIO) { -+ /* For regular (non-NVLink2 present) VFIO passthrough, the value -+ * of passthroughLimit is: -+ * -+ * passthroughLimit := max( 2 GiB * #PHBs, (c) -+ * memory (d) -+ * + memory * 1/512 * #PHBs + 8 MiB ) (e) -+ * -+ * (c) is the pre-DDW VFIO DMA window accounting. We're allowing 2 -+ * GiB rather than 1 GiB -+ * -+ * (d) is the with-DDW (and memory pre-registration and related -+ * features) DMA window accounting - assuming that we only account -+ * RAM once, even if mapped to multiple PHBs -+ * -+ * (e) is the with-DDW userspace view and overhead for the 64-bit -+ * DMA window. This is based a bit on expected guest behaviour, but -+ * there really isn't a way to completely avoid that. We assume the -+ * guest requests a 64-bit DMA window (per PHB) just big enough to -+ * map all its RAM. 4 kiB page size gives the 1/512; it will be -+ * less with 64 kiB pages, less still if the guest is mapped with -+ * hugepages (unlike the default 32-bit DMA window, DDW windows -+ * can use large IOMMU pages). 8 MiB is for second and further level -+ * overheads, like (b) */ - passthroughLimit = MAX(2 * 1024 * 1024 * nPCIHostBridges, - memory + - memory / 512 * nPCIHostBridges + 8192); -+ } - - memKB = baseLimit + passthroughLimit; - --- -2.21.0 - diff --git a/SOURCES/libvirt-RHEL-Add-rhel-machine-types-to-qemuDomainMachineNeedsFDC.patch b/SOURCES/libvirt-RHEL-Add-rhel-machine-types-to-qemuDomainMachineNeedsFDC.patch index a32bf30..763b437 100644 --- a/SOURCES/libvirt-RHEL-Add-rhel-machine-types-to-qemuDomainMachineNeedsFDC.patch +++ b/SOURCES/libvirt-RHEL-Add-rhel-machine-types-to-qemuDomainMachineNeedsFDC.patch @@ -1,5 +1,5 @@ -From 74b69d4a7240c601fcd12c18d5e8d95d641ae922 Mon Sep 17 00:00:00 2001 -Message-Id: <74b69d4a7240c601fcd12c18d5e8d95d641ae922@dist-git> +From a04fcb5b463c90c47705ca0f28e40b73c00b6b72 Mon Sep 17 00:00:00 2001 +Message-Id: From: =?UTF-8?q?J=C3=A1n=20Tomko?= Date: Mon, 22 Feb 2016 12:51:51 +0100 Subject: [PATCH] RHEL: Add rhel machine types to qemuDomainMachineNeedsFDC @@ -13,23 +13,24 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1227880 Signed-off-by: Jiri Denemark --- - src/qemu/qemu_domain.c | 3 +++ - 1 file changed, 3 insertions(+) + src/qemu/qemu_domain.c | 4 ++++ + 1 file changed, 4 insertions(+) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c -index 4c15d5a36a..4c2a162b85 100644 +index a6dde15bad..0edf316fff 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c -@@ -9239,6 +9239,9 @@ qemuDomainMachineNeedsFDC(const char *machine) - STRPREFIX(p, "2.2") || - STRPREFIX(p, "2.3")) - return false; -+ if (STRPREFIX(p, "rhel7.0.0") || -+ STRPREFIX(p, "rhel7.1.0")) -+ return false; - return true; +@@ -12631,6 +12631,10 @@ qemuDomainMachineNeedsFDC(const char *machine, + return false; } - return false; + ++ if (STRPREFIX(p, "rhel7.0.0") || ++ STRPREFIX(p, "rhel7.1.0")) ++ return false; ++ + return true; + } + -- -2.18.0 +2.25.0 diff --git a/SOURCES/libvirt-RHEL-Fix-virConnectGetMaxVcpus-output.patch b/SOURCES/libvirt-RHEL-Fix-virConnectGetMaxVcpus-output.patch index 449b106..345c0b2 100644 --- a/SOURCES/libvirt-RHEL-Fix-virConnectGetMaxVcpus-output.patch +++ b/SOURCES/libvirt-RHEL-Fix-virConnectGetMaxVcpus-output.patch @@ -1,5 +1,5 @@ -From 72c5455c00fcec50bae3e71a6fbd6330e524be0a Mon Sep 17 00:00:00 2001 -Message-Id: <72c5455c00fcec50bae3e71a6fbd6330e524be0a@dist-git> +From 3e50b013277c7fa05987ceba440f8c4583b6c634 Mon Sep 17 00:00:00 2001 +Message-Id: <3e50b013277c7fa05987ceba440f8c4583b6c634@dist-git> From: =?UTF-8?q?J=C3=A1n=20Tomko?= Date: Mon, 27 Aug 2018 13:09:38 +0200 Subject: [PATCH] RHEL: Fix virConnectGetMaxVcpus output @@ -26,10 +26,10 @@ Reviewed-by: Andrea Bolognani 1 file changed, 5 insertions(+) diff --git a/src/util/virhostcpu.c b/src/util/virhostcpu.c -index 1e31be5900..effe04ca3a 100644 +index 7f14340f49..256976cce1 100644 --- a/src/util/virhostcpu.c +++ b/src/util/virhostcpu.c -@@ -1186,6 +1186,11 @@ virHostCPUGetKVMMaxVCPUs(void) +@@ -1169,6 +1169,11 @@ virHostCPUGetKVMMaxVCPUs(void) return -1; } @@ -42,5 +42,5 @@ index 1e31be5900..effe04ca3a 100644 /* at first try KVM_CAP_MAX_VCPUS to determine the maximum count */ if ((ret = ioctl(fd, KVM_CHECK_EXTENSION, KVM_CAP_MAX_VCPUS)) > 0) -- -2.18.0 +2.25.0 diff --git a/SOURCES/libvirt-RHEL-Hack-around-changed-Broadwell-Haswell-CPUs.patch b/SOURCES/libvirt-RHEL-Hack-around-changed-Broadwell-Haswell-CPUs.patch index 69fece3..12d8958 100644 --- a/SOURCES/libvirt-RHEL-Hack-around-changed-Broadwell-Haswell-CPUs.patch +++ b/SOURCES/libvirt-RHEL-Hack-around-changed-Broadwell-Haswell-CPUs.patch @@ -1,5 +1,5 @@ -From 498389f6b88547c352add4b209d61896a5143c00 Mon Sep 17 00:00:00 2001 -Message-Id: <498389f6b88547c352add4b209d61896a5143c00@dist-git> +From 0dd015e1aff1a56a4584824d1a97c9eacabf7f03 Mon Sep 17 00:00:00 2001 +Message-Id: <0dd015e1aff1a56a4584824d1a97c9eacabf7f03@dist-git> From: Jiri Denemark Date: Fri, 27 Mar 2015 12:48:40 +0100 Subject: [PATCH] RHEL: Hack around changed Broadwell/Haswell CPUs @@ -18,29 +18,31 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1199446 Signed-off-by: Jiri Denemark --- - src/qemu/qemu_command.c | 29 +++++++++++++++++++ + src/qemu/qemu_command.c | 21 +++++++++++++++++++ tests/qemuxml2argvdata/cpu-Haswell.args | 2 +- - .../qemuxml2argvdata/cpu-host-model-cmt.args | 3 +- - tests/qemuxml2argvdata/cpu-tsc-frequency.args | 2 +- + .../qemuxml2argvdata/cpu-host-model-cmt.args | 2 +- + .../cpu-translation.x86_64-4.0.0.args | 4 ++-- + .../cpu-translation.x86_64-latest.args | 4 ++-- + tests/qemuxml2argvdata/cpu-tsc-frequency.args | 4 ++-- tests/qemuxml2argvdata/q35-acpi-nouefi.args | 2 +- tests/qemuxml2argvdata/q35-acpi-uefi.args | 2 +- tests/qemuxml2argvdata/q35-noacpi-nouefi.args | 2 +- - 7 files changed, 36 insertions(+), 6 deletions(-) + 9 files changed, 32 insertions(+), 11 deletions(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c -index 4fc3176ad3..c1eefca639 100644 +index 904d2beab5..e10cc7fc74 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c -@@ -6677,6 +6677,8 @@ qemuBuildCpuModelArgStr(virQEMUDriverPtr driver, +@@ -6469,6 +6469,8 @@ qemuBuildCpuModelArgStr(virQEMUDriverPtr driver, + { size_t i; - virCapsPtr caps = NULL; virCPUDefPtr cpu = def->cpu; + bool hle = false; + bool rtm = false; - if (!(caps = virQEMUDriverGetCapabilities(driver, false))) - goto cleanup; -@@ -6734,6 +6736,11 @@ qemuBuildCpuModelArgStr(virQEMUDriverPtr driver, + switch ((virCPUMode) cpu->mode) { + case VIR_CPU_MODE_HOST_PASSTHROUGH: +@@ -6524,6 +6526,11 @@ qemuBuildCpuModelArgStr(virQEMUDriverPtr driver, virBufferAsprintf(buf, ",vendor=%s", cpu->vendor_id); for (i = 0; i < cpu->nfeatures; i++) { @@ -52,7 +54,7 @@ index 4fc3176ad3..c1eefca639 100644 switch ((virCPUFeaturePolicy) cpu->features[i].policy) { case VIR_CPU_FEATURE_FORCE: case VIR_CPU_FEATURE_REQUIRE: -@@ -6757,6 +6764,28 @@ qemuBuildCpuModelArgStr(virQEMUDriverPtr driver, +@@ -6541,6 +6548,20 @@ qemuBuildCpuModelArgStr(virQEMUDriverPtr driver, } } @@ -64,81 +66,104 @@ index 4fc3176ad3..c1eefca639 100644 + */ + if (STREQ_NULLABLE(cpu->model, "Broadwell") || + STREQ_NULLABLE(cpu->model, "Haswell")) { -+ if (!rtm) { -+ if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_QUERY_CPU_MODEL_EXPANSION)) -+ virBufferAddLit(buf, ",rtm=on"); -+ else -+ virBufferAddLit(buf, ",+rtm"); -+ } -+ if (!hle) { -+ if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_QUERY_CPU_MODEL_EXPANSION)) -+ virBufferAddLit(buf, ",hle=on"); -+ else -+ virBufferAddLit(buf, ",+hle"); -+ } ++ if (!rtm) ++ qemuBuildCpuFeature(qemuCaps, buf, "rtm", true); ++ if (!hle) ++ qemuBuildCpuFeature(qemuCaps, buf, "hle", true); + } + - ret = 0; - cleanup: - virObjectUnref(caps); + return 0; + } + diff --git a/tests/qemuxml2argvdata/cpu-Haswell.args b/tests/qemuxml2argvdata/cpu-Haswell.args -index c7ce396d05..6f20359524 100644 +index a33b16f7ce..d35de5ea58 100644 --- a/tests/qemuxml2argvdata/cpu-Haswell.args +++ b/tests/qemuxml2argvdata/cpu-Haswell.args -@@ -8,7 +8,7 @@ QEMU_AUDIO_DRV=none \ +@@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name QEMUGuest1 \ -S \ -machine pc,accel=kvm,usb=off,dump-guest-core=off \ --cpu Haswell \ +-cpu Haswell,+rtm,+hle \ -m 214 \ + -realtime mlock=off \ -smp 6,sockets=6,cores=1,threads=1 \ - -uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ diff --git a/tests/qemuxml2argvdata/cpu-host-model-cmt.args b/tests/qemuxml2argvdata/cpu-host-model-cmt.args -index 8767278d11..d236aa9e09 100644 +index 42f969fd62..c8795acb3e 100644 --- a/tests/qemuxml2argvdata/cpu-host-model-cmt.args +++ b/tests/qemuxml2argvdata/cpu-host-model-cmt.args -@@ -9,7 +9,8 @@ QEMU_AUDIO_DRV=none \ +@@ -12,7 +12,7 @@ QEMU_AUDIO_DRV=none \ -S \ -machine pc,accel=tcg,usb=off,dump-guest-core=off \ -cpu Haswell,+vme,+ds,+acpi,+ss,+ht,+tm,+pbe,+dtes64,+monitor,+ds_cpl,+vmx,\ --+smx,+est,+tm2,+xtpr,+pdcm,+osxsave,+f16c,+rdrand,+pdpe1gb,+abm,+lahf_lm \ -++smx,+est,+tm2,+xtpr,+pdcm,+osxsave,+f16c,+rdrand,+pdpe1gb,+abm,+lahf_lm,+rtm,\ -++hle \ +-+smx,+est,+tm2,+xtpr,+pdcm,+f16c,+rdrand,+pdpe1gb,+abm,+lahf_lm \ +++smx,+est,+tm2,+xtpr,+pdcm,+f16c,+rdrand,+pdpe1gb,+abm,+lahf_lm,+rtm,+hle \ -m 214 \ + -realtime mlock=off \ -smp 6,sockets=6,cores=1,threads=1 \ - -uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +diff --git a/tests/qemuxml2argvdata/cpu-translation.x86_64-4.0.0.args b/tests/qemuxml2argvdata/cpu-translation.x86_64-4.0.0.args +index f8e19fca24..08c672fd2c 100644 +--- a/tests/qemuxml2argvdata/cpu-translation.x86_64-4.0.0.args ++++ b/tests/qemuxml2argvdata/cpu-translation.x86_64-4.0.0.args +@@ -14,8 +14,8 @@ QEMU_AUDIO_DRV=none \ + file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ + -machine pc-i440fx-4.0,accel=tcg,usb=off,dump-guest-core=off \ + -cpu Haswell,pclmuldq=on,ds_cpl=on,tsc_adjust=on,fxsr_opt=on,lahf_lm=on,\ +-cmp_legacy=on,nodeid_msr=on,perfctr_core=on,perfctr_nb=on,kvm_pv_eoi=on,\ +-kvm_pv_unhalt=on \ ++cmp_legacy=on,nodeid_msr=on,perfctr_core=on,perfctr_nb=on,rtm=on,hle=on,\ ++kvm_pv_eoi=on,kvm_pv_unhalt=on \ + -m 214 \ + -overcommit mem-lock=off \ + -smp 1,sockets=1,cores=1,threads=1 \ +diff --git a/tests/qemuxml2argvdata/cpu-translation.x86_64-latest.args b/tests/qemuxml2argvdata/cpu-translation.x86_64-latest.args +index 9322b826f4..1dbfc9553b 100644 +--- a/tests/qemuxml2argvdata/cpu-translation.x86_64-latest.args ++++ b/tests/qemuxml2argvdata/cpu-translation.x86_64-latest.args +@@ -14,8 +14,8 @@ QEMU_AUDIO_DRV=none \ + file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ + -machine pc,accel=tcg,usb=off,dump-guest-core=off \ + -cpu Haswell,pclmulqdq=on,ds-cpl=on,tsc-adjust=on,fxsr-opt=on,lahf-lm=on,\ +-cmp-legacy=on,nodeid-msr=on,perfctr-core=on,perfctr-nb=on,kvm-pv-eoi=on,\ +-kvm-pv-unhalt=on \ ++cmp-legacy=on,nodeid-msr=on,perfctr-core=on,perfctr-nb=on,rtm=on,hle=on,\ ++kvm-pv-eoi=on,kvm-pv-unhalt=on \ + -m 214 \ + -overcommit mem-lock=off \ + -smp 1,sockets=1,cores=1,threads=1 \ diff --git a/tests/qemuxml2argvdata/cpu-tsc-frequency.args b/tests/qemuxml2argvdata/cpu-tsc-frequency.args -index 7824dea96f..216fd43014 100644 +index 55b72b4404..45a777d468 100644 --- a/tests/qemuxml2argvdata/cpu-tsc-frequency.args +++ b/tests/qemuxml2argvdata/cpu-tsc-frequency.args -@@ -10,7 +10,7 @@ QEMU_AUDIO_DRV=none \ +@@ -12,8 +12,8 @@ QEMU_AUDIO_DRV=none \ + -S \ -machine pc,accel=kvm,usb=off,dump-guest-core=off \ -cpu Haswell,+vme,+ds,+acpi,+ss,+ht,+tm,+pbe,+dtes64,+monitor,+ds_cpl,+vmx,\ - +smx,+est,+tm2,+xtpr,+pdcm,+osxsave,+f16c,+rdrand,+pdpe1gb,+abm,+lahf_lm,\ --+invtsc,tsc-frequency=3504000000 \ -++invtsc,+rtm,+hle,tsc-frequency=3504000000 \ +-+smx,+est,+tm2,+xtpr,+pdcm,+f16c,+rdrand,+pdpe1gb,+abm,+lahf_lm,+invtsc,\ +-tsc-frequency=3504000000 \ +++smx,+est,+tm2,+xtpr,+pdcm,+f16c,+rdrand,+pdpe1gb,+abm,+lahf_lm,+invtsc,+rtm,\ +++hle,tsc-frequency=3504000000 \ -m 214 \ + -realtime mlock=off \ -smp 1,sockets=1,cores=1,threads=1 \ - -uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ diff --git a/tests/qemuxml2argvdata/q35-acpi-nouefi.args b/tests/qemuxml2argvdata/q35-acpi-nouefi.args -index caef49ea16..a9375a35db 100644 +index 09e06c96ea..aed56fb1fc 100644 --- a/tests/qemuxml2argvdata/q35-acpi-nouefi.args +++ b/tests/qemuxml2argvdata/q35-acpi-nouefi.args -@@ -8,7 +8,7 @@ QEMU_AUDIO_DRV=none \ +@@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest \ -S \ -machine q35,accel=tcg,usb=off,dump-guest-core=off \ --cpu Haswell \ +-cpu Haswell,+rtm,+hle \ -m 1024 \ + -realtime mlock=off \ -smp 1,sockets=1,cores=1,threads=1 \ - -uuid 496d7ea8-9739-544b-4ebd-ef08be936e8b \ diff --git a/tests/qemuxml2argvdata/q35-acpi-uefi.args b/tests/qemuxml2argvdata/q35-acpi-uefi.args -index a3293aeb9d..8e3368b9e9 100644 +index d00fe5bc1d..1f4bfe7f87 100644 --- a/tests/qemuxml2argvdata/q35-acpi-uefi.args +++ b/tests/qemuxml2argvdata/q35-acpi-uefi.args -@@ -8,7 +8,7 @@ QEMU_AUDIO_DRV=none \ +@@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest \ -S \ -machine q35,accel=tcg,usb=off,dump-guest-core=off \ @@ -148,18 +173,18 @@ index a3293aeb9d..8e3368b9e9 100644 readonly=on \ -drive file=/var/lib/libvirt/qemu/nvram/guest_VARS.fd,if=pflash,format=raw,\ diff --git a/tests/qemuxml2argvdata/q35-noacpi-nouefi.args b/tests/qemuxml2argvdata/q35-noacpi-nouefi.args -index fab2a6fcb0..0dd61840ef 100644 +index de34dff1cf..ccea7f91f9 100644 --- a/tests/qemuxml2argvdata/q35-noacpi-nouefi.args +++ b/tests/qemuxml2argvdata/q35-noacpi-nouefi.args -@@ -8,7 +8,7 @@ QEMU_AUDIO_DRV=none \ +@@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest \ -S \ -machine q35,accel=tcg,usb=off,dump-guest-core=off \ --cpu Haswell \ +-cpu Haswell,+rtm,+hle \ -m 1024 \ + -realtime mlock=off \ -smp 1,sockets=1,cores=1,threads=1 \ - -uuid 496d7ea8-9739-544b-4ebd-ef08be936e8b \ -- -2.18.0 +2.25.0 diff --git a/SOURCES/libvirt-RHEL-network-regain-guest-network-connectivity-after-firewalld-switch-to-nftables.patch b/SOURCES/libvirt-RHEL-network-regain-guest-network-connectivity-after-firewalld-switch-to-nftables.patch deleted file mode 100644 index 081d0e9..0000000 --- a/SOURCES/libvirt-RHEL-network-regain-guest-network-connectivity-after-firewalld-switch-to-nftables.patch +++ /dev/null @@ -1,146 +0,0 @@ -From 54e270d7fb68b41002654374d395e4f260a24add Mon Sep 17 00:00:00 2001 -Message-Id: <54e270d7fb68b41002654374d395e4f260a24add@dist-git> -From: Laine Stump -Date: Mon, 15 Oct 2018 20:31:02 -0400 -Subject: [PATCH] RHEL: network: regain guest network connectivity after - firewalld switch to nftables -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This is a DOWNSTREAM ONLY patch to temporarily get back guest network -connectivity while still allowing the firewalld backend to use -nftables (which is the default with RHEL8). - -The circumstances that cause the problem: - -In the past (when both libvirt and firewalld used iptables), if either -libvirt's rules *OR* firewalld's rules accepted a packet, it would be -accepted. - -But now firewalld uses nftables for its backend, while libvirt's -firewall rules are still using iptables; iptables rules are still -processed, but at a different time during packet processing than the -firewalld nftables hooks. The result is that a packet must be accepted -by *BOTH* the libvirt iptables rules *AND* the firewalld nftable rules -in order to be accepted. - -This causes pain for two types of traffic: - -1) libvirt always adds rules to permit DNS and DHCP (and sometimes -TFTP) from guests to the host. But libvirt's bridges are in -firewalld's "default" zone (which is usually the zone called -"public"). The public zone allows ssh, but doesn't allow DNS, DHCP, or -TFTP. So guests connected to libvirt's bridges can't acquire an IP -address from DHCP, nor can they make DNS queries to the DNS server -libvirt has setup on the host. - -2) firewalld's higher level "rich rules" don't yet have the ability to -configure the acceptance of forwarded traffic (traffic that is going -somewhere beyond the host), so any traffic that needs to be forwarded -is rejected. - -libvirt can't send "direct" nftables rules (firewalld only supports -that for iptables), so we can't solve this problem by just sending -direct nftables rules instead of iptables rules. - -However, we can take advantage of a quirk in firewalld zones that have -a default policy of accept (meaning any packet that doesn't match a -specific rule in the zone will be accepted) - this default accept will -also accept forwarded traffic (not just traffic destined for the host). - -So, as a temporary solution to get all network traffic flowing, this -patch creates a new firewalld zone called "libvirt" which is setup to -include interfaces named virbr0-virbr9, and has a default policy of -accept. With this zone installed, libvirt networks that use the names -virbr0-virbr9 will have *all* their traffic accepted, both to the host -and to/from the rest of the network. - -firewalld zones can't normally be added to the runtime config of -firewalld, so we have to reload all of the permanent config for it to -be recognized. This is done with a call to "firewall-cmd --reload" -during postinstall and postuninstall. In the case that firewalld is -inactive, firewall-cmd exits without doing anything (i.e. it doesn't -start up firewalld.service if it's not already started). - -This obviously can't be a permanent solution, since it allows guests -to have access to *all* services on the host. However, it doesn't -allow QE and beta testers to test firewalld with an nftables backend -(which is important for firewalld and nftables devs) without breaking -network connectivity for libvirt managed virtual machines (so testing -of those can also take place. - -Resolves: https://bugzilla.redhat.com/1638864 - -This problem is discussed in more detail in this message thread: - -https://post-office.corp.redhat.com/mailman/private/virt-devel/2018-September/msg00145.html -https://post-office.corp.redhat.com/mailman/private/virt-devel/2018-October/msg00042.html - -and in the BZ assigned to firewalld: https://bugzilla.redhat.com/1623841 - -Signed-off-by: Laine Stump -Acked-by: Daniel P. Berrangé -Reviewed-by: Jiri Denemark ---- - libvirt.spec.in | 14 ++++++++++++++ - src/network/Makefile.inc.am | 10 +++++++++- - src/network/libvirt.zone | 15 +++++++++++++++ - 3 files changed, 38 insertions(+), 1 deletion(-) - create mode 100644 src/network/libvirt.zone - -diff --git a/src/network/Makefile.inc.am b/src/network/Makefile.inc.am -index 508c8c0422..20d899e699 100644 ---- a/src/network/Makefile.inc.am -+++ b/src/network/Makefile.inc.am -@@ -87,6 +87,11 @@ install-data-network: - ( cd $(DESTDIR)$(confdir)/qemu/networks/autostart && \ - rm -f default.xml && \ - $(LN_S) ../default.xml default.xml ) -+if HAVE_FIREWALLD -+ $(MKDIR_P) "$(DESTDIR)$(prefix)/lib/firewalld/zones" -+ $(INSTALL_DATA) $(srcdir)/network/libvirt.zone \ -+ $(DESTDIR)$(prefix)/lib/firewalld/zones/libvirt.xml -+endif HAVE_FIREWALLD - - uninstall-data-network: - rm -f $(DESTDIR)$(confdir)/qemu/networks/autostart/default.xml -@@ -95,10 +100,13 @@ uninstall-data-network: - rmdir "$(DESTDIR)$(confdir)/qemu/networks" || : - rmdir "$(DESTDIR)$(localstatedir)/lib/libvirt/network" ||: - rmdir "$(DESTDIR)$(localstatedir)/run/libvirt/network" ||: -+if HAVE_FIREWALLD -+ rm -f $(DESTDIR)$(prefix)/lib/firewalld/zones/libvirt.xml -+endif HAVE_FIREWALLD - - endif WITH_NETWORK - --EXTRA_DIST += network/default.xml -+EXTRA_DIST += network/default.xml network/libvirt.zone - - .PHONY: \ - install-data-network \ -diff --git a/src/network/libvirt.zone b/src/network/libvirt.zone -new file mode 100644 -index 0000000000..355a70b4da ---- /dev/null -+++ b/src/network/libvirt.zone -@@ -0,0 +1,15 @@ -+ -+ -+ libvirt -+ All network connections are accepted. This also permits packets to/from interfaces in the zone to be forwarded. This zone is intended to be used only by libvirt virtual networks. -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ --- -2.19.1 - diff --git a/SOURCES/libvirt-RHEL-qemu-Add-ability-to-set-sgio-values-for-hostdev.patch b/SOURCES/libvirt-RHEL-qemu-Add-ability-to-set-sgio-values-for-hostdev.patch index 537e868..95cd351 100644 --- a/SOURCES/libvirt-RHEL-qemu-Add-ability-to-set-sgio-values-for-hostdev.patch +++ b/SOURCES/libvirt-RHEL-qemu-Add-ability-to-set-sgio-values-for-hostdev.patch @@ -1,5 +1,5 @@ -From 2d4b19613c462e876ee1327d600f5cbbb998c540 Mon Sep 17 00:00:00 2001 -Message-Id: <2d4b19613c462e876ee1327d600f5cbbb998c540@dist-git> +From fce502cf5233d800479c2efcf7721ab895db8998 Mon Sep 17 00:00:00 2001 +Message-Id: From: John Ferlan Date: Mon, 17 Dec 2018 20:42:30 -0500 Subject: [PATCH] RHEL: qemu: Add ability to set sgio values for hostdev @@ -19,22 +19,22 @@ Signed-off-by: Jiri Denemark (cherry picked from commit f2cf0ae7bc371c75f6c0e79192711f2b1d201b10) Reviewed-by: Ján Tomko --- - src/qemu/qemu_conf.c | 16 +++++++++------- - 1 file changed, 9 insertions(+), 7 deletions(-) + src/qemu/qemu_conf.c | 15 ++++++++------- + 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c -index a4f545ef92..3ea9784854 100644 +index b62dd1df52..ce7869e6be 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c -@@ -1633,6 +1633,7 @@ qemuSetUnprivSGIO(virDomainDeviceDefPtr dev) +@@ -1810,6 +1810,7 @@ qemuSetUnprivSGIO(virDomainDeviceDefPtr dev) virDomainDiskDefPtr disk = NULL; virDomainHostdevDefPtr hostdev = NULL; - char *sysfs_path = NULL; -+ char *hostdev_path = NULL; + g_autofree char *sysfs_path = NULL; ++ g_autofree char *hostdev_path = NULL; const char *path = NULL; int val = -1; - int ret = -1; -@@ -1654,14 +1655,10 @@ qemuSetUnprivSGIO(virDomainDeviceDefPtr dev) + +@@ -1830,14 +1831,10 @@ qemuSetUnprivSGIO(virDomainDeviceDefPtr dev) if (!qemuIsSharedHostdev(hostdev)) return 0; @@ -43,7 +43,7 @@ index a4f545ef92..3ea9784854 100644 - _("'sgio' is not supported for SCSI " - "generic device yet ")); + if (!(hostdev_path = qemuGetHostdevPath(hostdev))) - goto cleanup; + return -1; - } - return 0; @@ -51,8 +51,8 @@ index a4f545ef92..3ea9784854 100644 } else { return 0; } -@@ -1670,7 +1667,11 @@ qemuSetUnprivSGIO(virDomainDeviceDefPtr dev) - goto cleanup; +@@ -1846,7 +1843,11 @@ qemuSetUnprivSGIO(virDomainDeviceDefPtr dev) + return -1; /* By default, filter the SG_IO commands, i.e. set unpriv_sgio to 0. */ - val = (disk->sgio == VIR_DOMAIN_DEVICE_SGIO_UNFILTERED); @@ -64,14 +64,6 @@ index a4f545ef92..3ea9784854 100644 /* Do not do anything if unpriv_sgio is not supported by the kernel and the * whitelist is enabled. But if requesting unfiltered access, always call -@@ -1683,6 +1684,7 @@ qemuSetUnprivSGIO(virDomainDeviceDefPtr dev) - ret = 0; - - cleanup: -+ VIR_FREE(hostdev_path); - VIR_FREE(sysfs_path); - return ret; - } -- -2.20.1 +2.25.0 diff --git a/SOURCES/libvirt-RHEL-qemu-Add-check-for-unpriv-sgio-for-SCSI-generic-host-device.patch b/SOURCES/libvirt-RHEL-qemu-Add-check-for-unpriv-sgio-for-SCSI-generic-host-device.patch index 61a15f5..5f0af94 100644 --- a/SOURCES/libvirt-RHEL-qemu-Add-check-for-unpriv-sgio-for-SCSI-generic-host-device.patch +++ b/SOURCES/libvirt-RHEL-qemu-Add-check-for-unpriv-sgio-for-SCSI-generic-host-device.patch @@ -1,5 +1,5 @@ -From c39257f41ccb22272c6161777bf71390676bf7f0 Mon Sep 17 00:00:00 2001 -Message-Id: +From 5a192657ad4e08fc773fef90c6b07df3620fa1c2 Mon Sep 17 00:00:00 2001 +Message-Id: <5a192657ad4e08fc773fef90c6b07df3620fa1c2@dist-git> From: John Ferlan Date: Mon, 17 Dec 2018 20:42:31 -0500 Subject: [PATCH] RHEL: qemu: Add check for unpriv sgio for SCSI generic host @@ -23,26 +23,29 @@ Signed-off-by: Jiri Denemark (cherry picked from commit 712005bcf26190dc6fd1fe56283377987909cc4b) Reviewed-by: Ján Tomko --- - src/qemu/qemu_conf.c | 15 +++++++++++++++ - 1 file changed, 15 insertions(+) + src/qemu/qemu_conf.c | 20 ++++++++++++++++++-- + 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c -index 3ea9784854..7d15af9c0b 100644 +index ce7869e6be..2a84972fd9 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c -@@ -1473,6 +1473,8 @@ qemuAddSharedHostdev(virQEMUDriverPtr driver, +@@ -1717,13 +1717,29 @@ qemuSharedHostdevAddRemoveInternal(virQEMUDriverPtr driver, { - char *dev_path = NULL; - char *key = NULL; + g_autofree char *dev_path = NULL; + g_autofree char *key = NULL; + virDomainHostdevSubsysSCSIPtr scsisrc = &hostdev->source.subsys.u.scsi; + virDomainHostdevSubsysSCSIHostPtr scsihostsrc = &scsisrc->u.host; int ret = -1; if (!qemuIsSharedHostdev(hostdev)) -@@ -1481,6 +1483,19 @@ qemuAddSharedHostdev(virQEMUDriverPtr driver, - if (!(dev_path = qemuGetHostdevPath(hostdev))) - goto cleanup; + return 0; +- if (!(dev_path = qemuGetHostdevPath(hostdev)) || +- !(key = qemuGetSharedDeviceKey(dev_path))) ++ if (!(dev_path = qemuGetHostdevPath(hostdev))) ++ return -1; ++ + if ((ret = qemuCheckUnprivSGIO(driver->sharedDevices, dev_path, + scsisrc->sgio)) < 0) { + if (ret == -2) { @@ -51,14 +54,14 @@ index 3ea9784854..7d15af9c0b 100644 + "conflicts with other active domains"), + scsihostsrc->adapter, scsihostsrc->bus, + scsihostsrc->target, scsihostsrc->unit); -+ ret = -1; + } -+ goto cleanup; ++ return -1; + } + - if (!(key = qemuGetSharedDeviceKey(dev_path))) - goto cleanup; ++ if (!(key = qemuGetSharedDeviceKey(dev_path))) + return -1; + qemuDriverLock(driver); -- -2.20.1 +2.25.0 diff --git a/SOURCES/libvirt-RHEL-qemu-Alter-qemuSetUnprivSGIO-hostdev-shareable-logic.patch b/SOURCES/libvirt-RHEL-qemu-Alter-qemuSetUnprivSGIO-hostdev-shareable-logic.patch new file mode 100644 index 0000000..2b30707 --- /dev/null +++ b/SOURCES/libvirt-RHEL-qemu-Alter-qemuSetUnprivSGIO-hostdev-shareable-logic.patch @@ -0,0 +1,53 @@ +From e79d54ff8e760ac1a200a37fb05cc9aa758c48d3 Mon Sep 17 00:00:00 2001 +Message-Id: +From: John Ferlan +Date: Mon, 17 Dec 2018 20:42:33 -0500 +Subject: [PATCH] RHEL: qemu: Alter qemuSetUnprivSGIO hostdev shareable logic +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +https://bugzilla.redhat.com/show_bug.cgi?id=1656362 (RHEL8) +https://bugzilla.redhat.com/show_bug.cgi?id=1656360 (RHEL7) + +RHEL-only + +Fix the logic to handle the case where if the element +was removed from the domain , then we have to reset the +SGIO value back to 0. Without this patch the check for not shareable +and return 0 would bypass resetting the value back to 0. + +Signed-off-by: John Ferlan +Reviewed-by: Ján Tomko +--- + src/qemu/qemu_conf.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c +index faabc4d49f..590052b035 100644 +--- a/src/qemu/qemu_conf.c ++++ b/src/qemu/qemu_conf.c +@@ -1844,9 +1844,6 @@ qemuSetUnprivSGIO(virDomainDeviceDefPtr dev) + } else if (dev->type == VIR_DOMAIN_DEVICE_HOSTDEV) { + hostdev = dev->data.hostdev; + +- if (!qemuIsSharedHostdev(hostdev)) +- return 0; +- + if (!(hostdev_path = qemuGetHostdevPath(hostdev))) + return -1; + +@@ -1863,7 +1860,9 @@ qemuSetUnprivSGIO(virDomainDeviceDefPtr dev) + disk->sgio == VIR_DOMAIN_DEVICE_SGIO_UNFILTERED) { + val = 1; + } else { +- if (hostdev->source.subsys.u.scsi.sgio == ++ /* Only settable if was present for hostdev */ ++ if (qemuIsSharedHostdev(hostdev) && ++ hostdev->source.subsys.u.scsi.sgio == + VIR_DOMAIN_DEVICE_SGIO_UNFILTERED) + val = 1; + } +-- +2.25.0 + diff --git a/SOURCES/libvirt-RHEL-qemu-Alter-val-usage-in-qemuSetUnprivSGIO.patch b/SOURCES/libvirt-RHEL-qemu-Alter-val-usage-in-qemuSetUnprivSGIO.patch new file mode 100644 index 0000000..850b5ab --- /dev/null +++ b/SOURCES/libvirt-RHEL-qemu-Alter-val-usage-in-qemuSetUnprivSGIO.patch @@ -0,0 +1,60 @@ +From fa46b5b4d5bb732462d0d5484cc010aa652d821b Mon Sep 17 00:00:00 2001 +Message-Id: +From: John Ferlan +Date: Mon, 17 Dec 2018 20:42:32 -0500 +Subject: [PATCH] RHEL: qemu: Alter @val usage in qemuSetUnprivSGIO +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +https://bugzilla.redhat.com/show_bug.cgi?id=1656362 (RHEL8) +https://bugzilla.redhat.com/show_bug.cgi?id=1656360 (RHEL7) + +RHEL-only + +Rather than initializing to -1 and then setting to the result +of a boolean check (either 0 or 1), let's just initialize @val +to 0 and then only change to 1 if conditions are "right". + +Signed-off-by: John Ferlan +Reviewed-by: Ján Tomko +--- + src/qemu/qemu_conf.c | 15 +++++++++------ + 1 file changed, 9 insertions(+), 6 deletions(-) + +diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c +index 2a84972fd9..faabc4d49f 100644 +--- a/src/qemu/qemu_conf.c ++++ b/src/qemu/qemu_conf.c +@@ -1828,7 +1828,7 @@ qemuSetUnprivSGIO(virDomainDeviceDefPtr dev) + g_autofree char *sysfs_path = NULL; + g_autofree char *hostdev_path = NULL; + const char *path = NULL; +- int val = -1; ++ int val = 0; + + /* "sgio" is only valid for block disk; cdrom + * and floopy disk can have empty source. +@@ -1859,11 +1859,14 @@ qemuSetUnprivSGIO(virDomainDeviceDefPtr dev) + return -1; + + /* By default, filter the SG_IO commands, i.e. set unpriv_sgio to 0. */ +- if (dev->type == VIR_DOMAIN_DEVICE_DISK) +- val = (disk->sgio == VIR_DOMAIN_DEVICE_SGIO_UNFILTERED); +- else +- val = (hostdev->source.subsys.u.scsi.sgio == +- VIR_DOMAIN_DEVICE_SGIO_UNFILTERED); ++ if (dev->type == VIR_DOMAIN_DEVICE_DISK && ++ disk->sgio == VIR_DOMAIN_DEVICE_SGIO_UNFILTERED) { ++ val = 1; ++ } else { ++ if (hostdev->source.subsys.u.scsi.sgio == ++ VIR_DOMAIN_DEVICE_SGIO_UNFILTERED) ++ val = 1; ++ } + + /* Do not do anything if unpriv_sgio is not supported by the kernel and the + * whitelist is enabled. But if requesting unfiltered access, always call +-- +2.25.0 + diff --git a/SOURCES/libvirt-RHEL-qemu-Fix-crash-trying-to-use-iSCSI-hostdev.patch b/SOURCES/libvirt-RHEL-qemu-Fix-crash-trying-to-use-iSCSI-hostdev.patch index c86c563..e0bc6a1 100644 --- a/SOURCES/libvirt-RHEL-qemu-Fix-crash-trying-to-use-iSCSI-hostdev.patch +++ b/SOURCES/libvirt-RHEL-qemu-Fix-crash-trying-to-use-iSCSI-hostdev.patch @@ -1,5 +1,5 @@ -From 11bfd4f26c090b95a100aaf056ecfa799dfce979 Mon Sep 17 00:00:00 2001 -Message-Id: <11bfd4f26c090b95a100aaf056ecfa799dfce979@dist-git> +From 163740bff28c6f1a82663bc652f2cd5df39e4276 Mon Sep 17 00:00:00 2001 +Message-Id: <163740bff28c6f1a82663bc652f2cd5df39e4276@dist-git> From: John Ferlan Date: Fri, 25 Jan 2019 12:19:12 -0500 Subject: [PATCH] RHEL: qemu: Fix crash trying to use iSCSI hostdev @@ -26,10 +26,10 @@ Reviewed-by: Ján Tomko 1 file changed, 4 insertions(+) diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c -index 768e9d8308..a81298326f 100644 +index 0674292fab..3d2f0e7bbb 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c -@@ -1667,6 +1667,10 @@ qemuSetUnprivSGIO(virDomainDeviceDefPtr dev) +@@ -1844,6 +1844,10 @@ qemuSetUnprivSGIO(virDomainDeviceDefPtr dev) } else if (dev->type == VIR_DOMAIN_DEVICE_HOSTDEV) { hostdev = dev->data.hostdev; @@ -38,8 +38,8 @@ index 768e9d8308..a81298326f 100644 + return 0; + if (!(hostdev_path = qemuGetHostdevPath(hostdev))) - goto cleanup; + return -1; -- -2.20.1 +2.25.0 diff --git a/SOURCES/libvirt-RHEL-qemu-Fix-logic-error-in-qemuSetUnprivSGIO.patch b/SOURCES/libvirt-RHEL-qemu-Fix-logic-error-in-qemuSetUnprivSGIO.patch new file mode 100644 index 0000000..b4d84ed --- /dev/null +++ b/SOURCES/libvirt-RHEL-qemu-Fix-logic-error-in-qemuSetUnprivSGIO.patch @@ -0,0 +1,59 @@ +From f6a05ac3cb33c473de8ed49b53d22910fc0140df Mon Sep 17 00:00:00 2001 +Message-Id: +From: John Ferlan +Date: Wed, 16 Jan 2019 15:54:31 -0500 +Subject: [PATCH] RHEL: qemu: Fix logic error in qemuSetUnprivSGIO +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +https://bugzilla.redhat.com/show_bug.cgi?id=1666605 + +RHEL-only + +Commit c0f26a13c6 had a logic error with using both DISK and +sgio which resulted in a DISK that didn't have sgio set falling +into the else clause and trying to deref a NULL @hostdev resulting +in a libvirtd crash: + +Thread 1 (Thread 0x7ffbc6353700 (LWP 12642)): + 0 0x00007ffb958e7d7a in qemuSetUnprivSGIO + 1 0x00007ffb958d9d92 in qemuDomainAttachDeviceDiskLive + 2 0x00007ffb9594fce8 in qemuDomainAttachDeviceFlags + 3 0x00007ffbde399d71 in virDomainAttachDevice + 4 0x0000563b73ded4b2 in remoteDispatchDomainAttachDeviceHelper + +for hotplug of XML: + + + + + + + +Signed-off-by: John Ferlan +Reviewed-by: Ján Tomko +--- + src/qemu/qemu_conf.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c +index 590052b035..0674292fab 100644 +--- a/src/qemu/qemu_conf.c ++++ b/src/qemu/qemu_conf.c +@@ -1856,9 +1856,9 @@ qemuSetUnprivSGIO(virDomainDeviceDefPtr dev) + return -1; + + /* By default, filter the SG_IO commands, i.e. set unpriv_sgio to 0. */ +- if (dev->type == VIR_DOMAIN_DEVICE_DISK && +- disk->sgio == VIR_DOMAIN_DEVICE_SGIO_UNFILTERED) { +- val = 1; ++ if (dev->type == VIR_DOMAIN_DEVICE_DISK) { ++ if (disk->sgio == VIR_DOMAIN_DEVICE_SGIO_UNFILTERED) ++ val = 1; + } else { + /* Only settable if was present for hostdev */ + if (qemuIsSharedHostdev(hostdev) && +-- +2.25.0 + diff --git a/SOURCES/libvirt-RHEL-qemuCheckUnprivSGIO-use-sysfs_path-to-get-unpriv_sgio.patch b/SOURCES/libvirt-RHEL-qemuCheckUnprivSGIO-use-sysfs_path-to-get-unpriv_sgio.patch new file mode 100644 index 0000000..d9855b0 --- /dev/null +++ b/SOURCES/libvirt-RHEL-qemuCheckUnprivSGIO-use-sysfs_path-to-get-unpriv_sgio.patch @@ -0,0 +1,42 @@ +From ef5a82d50464478a302cb59804d03e4a3dada83e Mon Sep 17 00:00:00 2001 +Message-Id: +From: =?UTF-8?q?J=C3=A1n=20Tomko?= +Date: Fri, 6 Mar 2020 15:52:26 +0100 +Subject: [PATCH] RHEL: qemuCheckUnprivSGIO: use @sysfs_path to get unpriv_sgio +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Downstream commit 65f4ff0e2c9a968b7ec65c8d751d4055cc212628 + RHEL: qemuSetUnprivSGIO: Actually use calculated + @sysfs_path to set unpriv_sgio +removed the device_path -> sysfs_path conversion from +both virGetDeviceUnprivSGIO and virSetDeviceUnprivSGIO, +but only adjusted one of the callers. + +https://bugzilla.redhat.com/show_bug.cgi?id=1808400 + +Signed-off-by: Ján Tomko +Signed-off-by: Andrea Bolognani +Message-Id: <20200306145226.1610708-7-abologna@redhat.com> +Reviewed-by: Jiri Denemark +--- + src/qemu/qemu_conf.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c +index b61d7e59fa..6a22d78ac6 100644 +--- a/src/qemu/qemu_conf.c ++++ b/src/qemu/qemu_conf.c +@@ -1430,7 +1430,7 @@ qemuCheckUnprivSGIO(virHashTablePtr sharedDevices, + if (!(virHashLookup(sharedDevices, key))) + return 0; + +- if (virGetDeviceUnprivSGIO(device_path, &val) < 0) ++ if (virGetDeviceUnprivSGIO(sysfs_path, &val) < 0) + return -1; + + /* Error message on failure needs to be handled in caller +-- +2.25.1 + diff --git a/SOURCES/libvirt-RHEL-qemuSetUnprivSGIO-Actually-use-calculated-sysfs_path-to-set-unpriv_sgio.patch b/SOURCES/libvirt-RHEL-qemuSetUnprivSGIO-Actually-use-calculated-sysfs_path-to-set-unpriv_sgio.patch new file mode 100644 index 0000000..b4ed1ae --- /dev/null +++ b/SOURCES/libvirt-RHEL-qemuSetUnprivSGIO-Actually-use-calculated-sysfs_path-to-set-unpriv_sgio.patch @@ -0,0 +1,170 @@ +From 717423e7a452b0715e95b492b15dc08983677d12 Mon Sep 17 00:00:00 2001 +Message-Id: <717423e7a452b0715e95b492b15dc08983677d12@dist-git> +From: Michal Privoznik +Date: Fri, 6 Mar 2020 15:52:25 +0100 +Subject: [PATCH] RHEL: qemuSetUnprivSGIO: Actually use calculated @sysfs_path + to set unpriv_sgio + +In previous commits I've attempted to make qemuSetUnprivSGIO() +construct a generic enough path for SCSI devices to set +unpriv_sgio. However, virSetDeviceUnprivSGIO() does not care +about that - it constructs the path on it's own again. This is +suboptimal in either case - we already have the path constructed. + +https://bugzilla.redhat.com/show_bug.cgi?id=1808390 + +Signed-off-by: Michal Privoznik +Signed-off-by: Andrea Bolognani +Message-Id: <20200306145226.1610708-6-abologna@redhat.com> +Reviewed-by: Jiri Denemark +--- + src/qemu/qemu_conf.c | 8 +++----- + src/util/virutil.c | 24 ++++++------------------ + src/util/virutil.h | 2 -- + 3 files changed, 9 insertions(+), 25 deletions(-) + +diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c +index 6d6feb97cd..b61d7e59fa 100644 +--- a/src/qemu/qemu_conf.c ++++ b/src/qemu/qemu_conf.c +@@ -1430,7 +1430,7 @@ qemuCheckUnprivSGIO(virHashTablePtr sharedDevices, + if (!(virHashLookup(sharedDevices, key))) + return 0; + +- if (virGetDeviceUnprivSGIO(device_path, NULL, &val) < 0) ++ if (virGetDeviceUnprivSGIO(device_path, &val) < 0) + return -1; + + /* Error message on failure needs to be handled in caller +@@ -1789,7 +1789,6 @@ qemuSetUnprivSGIO(virDomainDeviceDefPtr dev) + virDomainDiskDefPtr disk = NULL; + virDomainHostdevDefPtr hostdev = NULL; + g_autofree char *sysfs_path = NULL; +- const char *path = NULL; + int val = 0; + + /* "sgio" is only valid for block disk; cdrom +@@ -1797,13 +1796,12 @@ qemuSetUnprivSGIO(virDomainDeviceDefPtr dev) + */ + if (dev->type == VIR_DOMAIN_DEVICE_DISK) { + disk = dev->data.disk; ++ const char *path = virDomainDiskGetSource(disk); + + if (disk->device != VIR_DOMAIN_DISK_DEVICE_LUN || + !virStorageSourceIsBlockLocal(disk->src)) + return 0; + +- path = virDomainDiskGetSource(disk); +- + if (!(sysfs_path = virGetUnprivSGIOSysfsPath(path, NULL))) + return -1; + +@@ -1843,7 +1841,7 @@ qemuSetUnprivSGIO(virDomainDeviceDefPtr dev) + * virSetDeviceUnprivSGIO, to report an error for unsupported unpriv_sgio. + */ + if ((virFileExists(sysfs_path) || val == 1) && +- virSetDeviceUnprivSGIO(path, NULL, val) < 0) ++ virSetDeviceUnprivSGIO(sysfs_path, val) < 0) + return -1; + + return 0; +diff --git a/src/util/virutil.c b/src/util/virutil.c +index f142951acf..4198473fce 100644 +--- a/src/util/virutil.c ++++ b/src/util/virutil.c +@@ -1421,18 +1421,13 @@ virGetUnprivSGIOSysfsPath(const char *path, + + int + virSetDeviceUnprivSGIO(const char *path, +- const char *sysfs_dir, + int unpriv_sgio) + { +- char *sysfs_path = NULL; + char *val = NULL; + int ret = -1; + int rc; + +- if (!(sysfs_path = virGetUnprivSGIOSysfsPath(path, sysfs_dir))) +- return -1; +- +- if (!virFileExists(sysfs_path)) { ++ if (!virFileExists(path)) { + virReportError(VIR_ERR_OPERATION_INVALID, "%s", + _("unpriv_sgio is not supported by this kernel")); + goto cleanup; +@@ -1440,38 +1435,32 @@ virSetDeviceUnprivSGIO(const char *path, + + val = g_strdup_printf("%d", unpriv_sgio); + +- if ((rc = virFileWriteStr(sysfs_path, val, 0)) < 0) { +- virReportSystemError(-rc, _("failed to set %s"), sysfs_path); ++ if ((rc = virFileWriteStr(path, val, 0)) < 0) { ++ virReportSystemError(-rc, _("failed to set %s"), path); + goto cleanup; + } + + ret = 0; + cleanup: +- VIR_FREE(sysfs_path); + VIR_FREE(val); + return ret; + } + + int + virGetDeviceUnprivSGIO(const char *path, +- const char *sysfs_dir, + int *unpriv_sgio) + { +- char *sysfs_path = NULL; + char *buf = NULL; + char *tmp = NULL; + int ret = -1; + +- if (!(sysfs_path = virGetUnprivSGIOSysfsPath(path, sysfs_dir))) +- return -1; +- +- if (!virFileExists(sysfs_path)) { ++ if (!virFileExists(path)) { + virReportError(VIR_ERR_OPERATION_INVALID, "%s", + _("unpriv_sgio is not supported by this kernel")); + goto cleanup; + } + +- if (virFileReadAll(sysfs_path, 1024, &buf) < 0) ++ if (virFileReadAll(path, 1024, &buf) < 0) + goto cleanup; + + if ((tmp = strchr(buf, '\n'))) +@@ -1479,13 +1468,12 @@ virGetDeviceUnprivSGIO(const char *path, + + if (virStrToLong_i(buf, NULL, 10, unpriv_sgio) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, +- _("failed to parse value of %s"), sysfs_path); ++ _("failed to parse value of %s"), path); + goto cleanup; + } + + ret = 0; + cleanup: +- VIR_FREE(sysfs_path); + VIR_FREE(buf); + return ret; + } +diff --git a/src/util/virutil.h b/src/util/virutil.h +index 1a6ae1787a..a2530e21b5 100644 +--- a/src/util/virutil.h ++++ b/src/util/virutil.h +@@ -124,10 +124,8 @@ int virGetDeviceID(const char *path, + int *maj, + int *min); + int virSetDeviceUnprivSGIO(const char *path, +- const char *sysfs_dir, + int unpriv_sgio); + int virGetDeviceUnprivSGIO(const char *path, +- const char *sysfs_dir, + int *unpriv_sgio); + char *virGetUnprivSGIOSysfsPath(const char *path, + const char *sysfs_dir); +-- +2.25.1 + diff --git a/SOURCES/libvirt-RHEL-virscsi-Check-device-type-before-getting-it-s-dev-node-name.patch b/SOURCES/libvirt-RHEL-virscsi-Check-device-type-before-getting-it-s-dev-node-name.patch new file mode 100644 index 0000000..f371ff8 --- /dev/null +++ b/SOURCES/libvirt-RHEL-virscsi-Check-device-type-before-getting-it-s-dev-node-name.patch @@ -0,0 +1,228 @@ +From f66beef45382be2aed6d021a409e90f8114c8671 Mon Sep 17 00:00:00 2001 +Message-Id: +From: Michal Privoznik +Date: Fri, 6 Mar 2020 15:52:21 +0100 +Subject: [PATCH] RHEL: virscsi: Check device type before getting it's /dev + node name + +Not all SCSI devices are block devices, therefore +/sys/bus/scsi/devices/X:X:X:X/block/ directory does not always +exist. Check if the SCSI device is a block device beforehand. + +https://bugzilla.redhat.com/show_bug.cgi?id=1808390 + +Signed-off-by: Michal Privoznik +Signed-off-by: Andrea Bolognani +Message-Id: <20200306145226.1610708-2-abologna@redhat.com> +Reviewed-by: Jiri Denemark +--- + src/util/virscsi.c | 146 ++++++++++++++++++++++++++++++--- + tests/virscsidata/0-0-0-0/type | 1 + + tests/virscsidata/1-0-0-0/type | 1 + + 3 files changed, 137 insertions(+), 11 deletions(-) + create mode 100644 tests/virscsidata/0-0-0-0/type + create mode 100644 tests/virscsidata/1-0-0-0/type + +diff --git a/src/util/virscsi.c b/src/util/virscsi.c +index 06659c45c7..c40857977f 100644 +--- a/src/util/virscsi.c ++++ b/src/util/virscsi.c +@@ -50,6 +50,32 @@ struct _virUsedByInfo { + typedef struct _virUsedByInfo virUsedByInfo; + typedef virUsedByInfo *virUsedByInfoPtr; + ++ ++/* Keep in sync with scsi/scsi_proto.h */ ++typedef enum { ++ VIR_SCSI_DEVICE_TYPE_NONE = -1, ++ VIR_SCSI_DEVICE_TYPE_DISK = 0x00, ++ VIR_SCSI_DEVICE_TYPE_TAPE = 0x01, ++ VIR_SCSI_DEVICE_TYPE_PRINTER = 0x02, ++ VIR_SCSI_DEVICE_TYPE_PROCESSOR = 0x03, ++ VIR_SCSI_DEVICE_TYPE_WORM = 0x04, ++ VIR_SCSI_DEVICE_TYPE_ROM = 0x05, ++ VIR_SCSI_DEVICE_TYPE_SCANNER = 0x06, ++ VIR_SCSI_DEVICE_TYPE_MOD = 0x07, ++ VIR_SCSI_DEVICE_TYPE_MEDIUM_CHANGER = 0x08, ++ VIR_SCSI_DEVICE_TYPE_COMM = 0x09, ++ VIR_SCSI_DEVICE_TYPE_RAID = 0x0c, ++ VIR_SCSI_DEVICE_TYPE_ENCLOSURE = 0x0d, ++ VIR_SCSI_DEVICE_TYPE_RBC = 0x0e, ++ VIR_SCSI_DEVICE_TYPE_OSD = 0x11, ++ VIR_SCSI_DEVICE_TYPE_ZBC = 0x14, ++ VIR_SCSI_DEVICE_TYPE_WLUN = 0x1e, ++ VIR_SCSI_DEVICE_TYPE_NO_LUN = 0x7f, ++ ++ VIR_SCSI_DEVICE_TYPE_LAST, ++} virSCSIDeviceType; ++ ++ + struct _virSCSIDevice { + unsigned int adapter; + unsigned int bus; +@@ -134,6 +160,84 @@ virSCSIDeviceGetSgName(const char *sysfs_prefix, + return sg; + } + ++ ++static int ++virSCSIDeviceGetType(const char *prefix, ++ unsigned int adapter, ++ unsigned int bus, ++ unsigned int target, ++ unsigned long long unit, ++ virSCSIDeviceType *type) ++{ ++ int intType; ++ ++ if (virFileReadValueInt(&intType, ++ "%s/%d:%u:%u:%llu/type", ++ prefix, adapter, bus, target, unit) < 0) ++ return -1; ++ ++ switch (intType) { ++ case VIR_SCSI_DEVICE_TYPE_DISK: ++ case VIR_SCSI_DEVICE_TYPE_TAPE: ++ case VIR_SCSI_DEVICE_TYPE_PRINTER: ++ case VIR_SCSI_DEVICE_TYPE_PROCESSOR: ++ case VIR_SCSI_DEVICE_TYPE_WORM: ++ case VIR_SCSI_DEVICE_TYPE_ROM: ++ case VIR_SCSI_DEVICE_TYPE_SCANNER: ++ case VIR_SCSI_DEVICE_TYPE_MOD: ++ case VIR_SCSI_DEVICE_TYPE_MEDIUM_CHANGER: ++ case VIR_SCSI_DEVICE_TYPE_COMM: ++ case VIR_SCSI_DEVICE_TYPE_RAID: ++ case VIR_SCSI_DEVICE_TYPE_ENCLOSURE: ++ case VIR_SCSI_DEVICE_TYPE_RBC: ++ case VIR_SCSI_DEVICE_TYPE_OSD: ++ case VIR_SCSI_DEVICE_TYPE_ZBC: ++ case VIR_SCSI_DEVICE_TYPE_WLUN: ++ case VIR_SCSI_DEVICE_TYPE_NO_LUN: ++ *type = intType; ++ break; ++ ++ default: ++ virReportError(VIR_ERR_INTERNAL_ERROR, ++ _("unknown SCSI device type: %x"), ++ intType); ++ return -1; ++ } ++ ++ return 0; ++} ++ ++ ++static char * ++virSCSIDeviceGetDevNameBlock(const char *prefix, ++ unsigned int adapter, ++ unsigned int bus, ++ unsigned int target, ++ unsigned long long unit) ++{ ++ DIR *dir = NULL; ++ struct dirent *entry; ++ g_autofree char *path = NULL; ++ char *name = NULL; ++ ++ path = g_strdup_printf("%s/%d:%u:%u:%llu/block", ++ prefix, adapter, bus, target, unit); ++ ++ if (virDirOpen(&dir, path) < 0) ++ goto cleanup; ++ ++ while (virDirRead(dir, &entry, path) > 0) { ++ name = g_strdup(entry->d_name); ++ break; ++ } ++ ++ cleanup: ++ VIR_DIR_CLOSE(dir); ++ ++ return name; ++} ++ ++ + /* Returns device name (e.g. "sdc") on success, or NULL + * on failure. + */ +@@ -144,32 +248,52 @@ virSCSIDeviceGetDevName(const char *sysfs_prefix, + unsigned int target, + unsigned long long unit) + { +- DIR *dir = NULL; +- struct dirent *entry; +- g_autofree char *path = NULL; + char *name = NULL; + unsigned int adapter_id; ++ virSCSIDeviceType type; + const char *prefix = sysfs_prefix ? sysfs_prefix : SYSFS_SCSI_DEVICES; + + if (virSCSIDeviceGetAdapterId(adapter, &adapter_id) < 0) + return NULL; + +- path = g_strdup_printf("%s/%d:%u:%u:%llu/block", prefix, adapter_id, bus, +- target, unit); ++ if (virSCSIDeviceGetType(prefix, adapter_id, ++ bus, target, unit, &type) < 0) ++ return NULL; + +- if (virDirOpen(&dir, path) < 0) +- goto cleanup; ++ switch (type) { ++ case VIR_SCSI_DEVICE_TYPE_DISK: ++ name = virSCSIDeviceGetDevNameBlock(prefix, adapter_id, bus, target, unit); ++ break; + +- while (virDirRead(dir, &entry, path) > 0) { +- name = g_strdup(entry->d_name); ++ case VIR_SCSI_DEVICE_TYPE_TAPE: ++ case VIR_SCSI_DEVICE_TYPE_PRINTER: ++ case VIR_SCSI_DEVICE_TYPE_PROCESSOR: ++ case VIR_SCSI_DEVICE_TYPE_WORM: ++ case VIR_SCSI_DEVICE_TYPE_ROM: ++ case VIR_SCSI_DEVICE_TYPE_SCANNER: ++ case VIR_SCSI_DEVICE_TYPE_MOD: ++ case VIR_SCSI_DEVICE_TYPE_MEDIUM_CHANGER: ++ case VIR_SCSI_DEVICE_TYPE_COMM: ++ case VIR_SCSI_DEVICE_TYPE_RAID: ++ case VIR_SCSI_DEVICE_TYPE_ENCLOSURE: ++ case VIR_SCSI_DEVICE_TYPE_RBC: ++ case VIR_SCSI_DEVICE_TYPE_OSD: ++ case VIR_SCSI_DEVICE_TYPE_ZBC: ++ case VIR_SCSI_DEVICE_TYPE_WLUN: ++ case VIR_SCSI_DEVICE_TYPE_NO_LUN: ++ case VIR_SCSI_DEVICE_TYPE_NONE: ++ case VIR_SCSI_DEVICE_TYPE_LAST: ++ default: ++ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, ++ _("unsupported SCSI device type: %x"), ++ type); + break; + } + +- cleanup: +- VIR_DIR_CLOSE(dir); + return name; + } + ++ + virSCSIDevicePtr + virSCSIDeviceNew(const char *sysfs_prefix, + const char *adapter, +diff --git a/tests/virscsidata/0-0-0-0/type b/tests/virscsidata/0-0-0-0/type +new file mode 100644 +index 0000000000..573541ac97 +--- /dev/null ++++ b/tests/virscsidata/0-0-0-0/type +@@ -0,0 +1 @@ ++0 +diff --git a/tests/virscsidata/1-0-0-0/type b/tests/virscsidata/1-0-0-0/type +new file mode 100644 +index 0000000000..573541ac97 +--- /dev/null ++++ b/tests/virscsidata/1-0-0-0/type +@@ -0,0 +1 @@ ++0 +-- +2.25.1 + diff --git a/SOURCES/libvirt-RHEL-virscsi-Introduce-and-use-virSCSIDeviceGetUnprivSGIOSysfsPath.patch b/SOURCES/libvirt-RHEL-virscsi-Introduce-and-use-virSCSIDeviceGetUnprivSGIOSysfsPath.patch new file mode 100644 index 0000000..5feb8f5 --- /dev/null +++ b/SOURCES/libvirt-RHEL-virscsi-Introduce-and-use-virSCSIDeviceGetUnprivSGIOSysfsPath.patch @@ -0,0 +1,137 @@ +From c9fc757c867d197c17350b6a9cabc63cc08105d2 Mon Sep 17 00:00:00 2001 +Message-Id: +From: Michal Privoznik +Date: Fri, 6 Mar 2020 15:52:23 +0100 +Subject: [PATCH] RHEL: virscsi: Introduce and use + virSCSIDeviceGetUnprivSGIOSysfsPath() + +When constructing a path to the 'unpriv_sgio' file of given SCSI +device we don't need to go through /dev/* and major() + minor() +path. The generated path points to +/sys/dev/block/MAJ:MIN/queue/unpriv_sgio which is wrong if the +SCSI device in question is not a block device. We can generate a +different path: /sys/bus/scsi/devices/X:X:X:X/unpriv_sgio where +the file is directly accessible regardless of the SCSI device +type. + +https://bugzilla.redhat.com/show_bug.cgi?id=1808390 + +Signed-off-by: Michal Privoznik +Signed-off-by: Andrea Bolognani +Message-Id: <20200306145226.1610708-4-abologna@redhat.com> +Reviewed-by: Jiri Denemark +--- + src/libvirt_private.syms | 1 + + src/qemu/qemu_conf.c | 18 +++++++++++------- + src/util/virscsi.c | 18 ++++++++++++++++++ + src/util/virscsi.h | 5 +++++ + 4 files changed, 35 insertions(+), 7 deletions(-) + +diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms +index 5dc99e03cf..1f97879faa 100644 +--- a/src/libvirt_private.syms ++++ b/src/libvirt_private.syms +@@ -2959,6 +2959,7 @@ virSCSIDeviceGetSgName; + virSCSIDeviceGetShareable; + virSCSIDeviceGetTarget; + virSCSIDeviceGetUnit; ++virSCSIDeviceGetUnprivSGIOSysfsPath; + virSCSIDeviceIsAvailable; + virSCSIDeviceListAdd; + virSCSIDeviceListCount; +diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c +index 7aaf2862a4..6d6feb97cd 100644 +--- a/src/qemu/qemu_conf.c ++++ b/src/qemu/qemu_conf.c +@@ -1789,7 +1789,6 @@ qemuSetUnprivSGIO(virDomainDeviceDefPtr dev) + virDomainDiskDefPtr disk = NULL; + virDomainHostdevDefPtr hostdev = NULL; + g_autofree char *sysfs_path = NULL; +- g_autofree char *hostdev_path = NULL; + const char *path = NULL; + int val = 0; + +@@ -1804,24 +1803,29 @@ qemuSetUnprivSGIO(virDomainDeviceDefPtr dev) + return 0; + + path = virDomainDiskGetSource(disk); ++ ++ if (!(sysfs_path = virGetUnprivSGIOSysfsPath(path, NULL))) ++ return -1; ++ + } else if (dev->type == VIR_DOMAIN_DEVICE_HOSTDEV) { + hostdev = dev->data.hostdev; ++ virDomainHostdevSubsysSCSIPtr scsisrc = &hostdev->source.subsys.u.scsi; ++ virDomainHostdevSubsysSCSIHostPtr scsihostsrc = &scsisrc->u.host; + + if (hostdev->source.subsys.u.scsi.protocol == + VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI) + return 0; + +- if (!(hostdev_path = qemuGetHostdevPath(hostdev))) ++ if (!(sysfs_path = virSCSIDeviceGetUnprivSGIOSysfsPath(NULL, ++ scsihostsrc->adapter, ++ scsihostsrc->bus, ++ scsihostsrc->target, ++ scsihostsrc->unit))) + return -1; +- +- path = hostdev_path; + } else { + return 0; + } + +- if (!(sysfs_path = virGetUnprivSGIOSysfsPath(path, NULL))) +- return -1; +- + /* By default, filter the SG_IO commands, i.e. set unpriv_sgio to 0. */ + if (dev->type == VIR_DOMAIN_DEVICE_DISK) { + if (disk->sgio == VIR_DOMAIN_DEVICE_SGIO_UNFILTERED) +diff --git a/src/util/virscsi.c b/src/util/virscsi.c +index 57958c06ea..1bba4051b6 100644 +--- a/src/util/virscsi.c ++++ b/src/util/virscsi.c +@@ -322,6 +322,24 @@ virSCSIDeviceGetDevName(const char *sysfs_prefix, + } + + ++char * ++virSCSIDeviceGetUnprivSGIOSysfsPath(const char *sysfs_prefix, ++ const char *adapter, ++ unsigned int bus, ++ unsigned int target, ++ unsigned long long unit) ++{ ++ unsigned int adapter_id; ++ const char *prefix = sysfs_prefix ? sysfs_prefix : SYSFS_SCSI_DEVICES; ++ ++ if (virSCSIDeviceGetAdapterId(adapter, &adapter_id) < 0) ++ return NULL; ++ ++ return g_strdup_printf("%s/%d:%u:%u:%llu/unpriv_sgio", ++ prefix, adapter_id, bus, target, unit); ++} ++ ++ + virSCSIDevicePtr + virSCSIDeviceNew(const char *sysfs_prefix, + const char *adapter, +diff --git a/src/util/virscsi.h b/src/util/virscsi.h +index 51627e0c05..c040d76716 100644 +--- a/src/util/virscsi.h ++++ b/src/util/virscsi.h +@@ -42,6 +42,11 @@ char *virSCSIDeviceGetDevName(const char *sysfs_prefix, + unsigned int bus, + unsigned int target, + unsigned long long unit); ++char *virSCSIDeviceGetUnprivSGIOSysfsPath(const char *sysfs_prefix, ++ const char *adapter, ++ unsigned int bus, ++ unsigned int target, ++ unsigned long long unit); + + virSCSIDevicePtr virSCSIDeviceNew(const char *sysfs_prefix, + const char *adapter, +-- +2.25.1 + diff --git a/SOURCES/libvirt-RHEL-virscsi-Support-TAPEs-in-virSCSIDeviceGetDevName.patch b/SOURCES/libvirt-RHEL-virscsi-Support-TAPEs-in-virSCSIDeviceGetDevName.patch new file mode 100644 index 0000000..7724e4d --- /dev/null +++ b/SOURCES/libvirt-RHEL-virscsi-Support-TAPEs-in-virSCSIDeviceGetDevName.patch @@ -0,0 +1,202 @@ +From c481bcacd1f515d2e93036dc452a25e9ff06f7ae Mon Sep 17 00:00:00 2001 +Message-Id: +From: Michal Privoznik +Date: Fri, 6 Mar 2020 15:52:22 +0100 +Subject: [PATCH] RHEL: virscsi: Support TAPEs in virSCSIDeviceGetDevName() + +If the SCSI device we want to get /dev node name for is TAPE +device we need to look at 'tape' symlink in the sysfs dir +corresponding to the device. + +https://bugzilla.redhat.com/show_bug.cgi?id=1808390 + +Signed-off-by: Michal Privoznik +Signed-off-by: Andrea Bolognani +Message-Id: <20200306145226.1610708-3-abologna@redhat.com> +Reviewed-by: Jiri Denemark +--- + src/util/virscsi.c | 28 +++++++++++++++ + tests/virscsidata/2-0-0-0/model | 1 + + tests/virscsidata/2-0-0-0/scsi_tape/st0/dev | 1 + + tests/virscsidata/2-0-0-0/sg3/dev | 1 + + tests/virscsidata/2-0-0-0/tape | 1 + + tests/virscsidata/2-0-0-0/type | 1 + + tests/virscsidata/2-0-0-0/vendor | 1 + + tests/virscsidata/sg3 | 0 + tests/virscsitest.c | 38 ++++++++++++++++++--- + 9 files changed, 67 insertions(+), 5 deletions(-) + create mode 100644 tests/virscsidata/2-0-0-0/model + create mode 100644 tests/virscsidata/2-0-0-0/scsi_tape/st0/dev + create mode 100644 tests/virscsidata/2-0-0-0/sg3/dev + create mode 120000 tests/virscsidata/2-0-0-0/tape + create mode 100644 tests/virscsidata/2-0-0-0/type + create mode 100644 tests/virscsidata/2-0-0-0/vendor + create mode 100644 tests/virscsidata/sg3 + +diff --git a/src/util/virscsi.c b/src/util/virscsi.c +index c40857977f..57958c06ea 100644 +--- a/src/util/virscsi.c ++++ b/src/util/virscsi.c +@@ -238,6 +238,31 @@ virSCSIDeviceGetDevNameBlock(const char *prefix, + } + + ++static char * ++virSCSIDeviceGetDevNameTape(const char *prefix, ++ unsigned int adapter, ++ unsigned int bus, ++ unsigned int target, ++ unsigned long long unit) ++{ ++ g_autofree char *path = NULL; ++ g_autofree char *resolvedPath = NULL; ++ g_autoptr(GError) err = NULL; ++ ++ path = g_strdup_printf("%s/%d:%u:%u:%llu/tape", ++ prefix, adapter, bus, target, unit); ++ ++ if (!(resolvedPath = g_file_read_link(path, &err))) { ++ virReportError(VIR_ERR_SYSTEM_ERROR, ++ _("Unable to read link: %s"), ++ err->message); ++ return NULL; ++ } ++ ++ return g_path_get_basename(resolvedPath); ++} ++ ++ + /* Returns device name (e.g. "sdc") on success, or NULL + * on failure. + */ +@@ -266,6 +291,9 @@ virSCSIDeviceGetDevName(const char *sysfs_prefix, + break; + + case VIR_SCSI_DEVICE_TYPE_TAPE: ++ name = virSCSIDeviceGetDevNameTape(prefix, adapter_id, bus, target, unit); ++ break; ++ + case VIR_SCSI_DEVICE_TYPE_PRINTER: + case VIR_SCSI_DEVICE_TYPE_PROCESSOR: + case VIR_SCSI_DEVICE_TYPE_WORM: +diff --git a/tests/virscsidata/2-0-0-0/model b/tests/virscsidata/2-0-0-0/model +new file mode 100644 +index 0000000000..d2ab4715c3 +--- /dev/null ++++ b/tests/virscsidata/2-0-0-0/model +@@ -0,0 +1 @@ ++scsi_debug +diff --git a/tests/virscsidata/2-0-0-0/scsi_tape/st0/dev b/tests/virscsidata/2-0-0-0/scsi_tape/st0/dev +new file mode 100644 +index 0000000000..3dd777e840 +--- /dev/null ++++ b/tests/virscsidata/2-0-0-0/scsi_tape/st0/dev +@@ -0,0 +1 @@ ++9:0 +diff --git a/tests/virscsidata/2-0-0-0/sg3/dev b/tests/virscsidata/2-0-0-0/sg3/dev +new file mode 100644 +index 0000000000..b369a59b3e +--- /dev/null ++++ b/tests/virscsidata/2-0-0-0/sg3/dev +@@ -0,0 +1 @@ ++21:3 +diff --git a/tests/virscsidata/2-0-0-0/tape b/tests/virscsidata/2-0-0-0/tape +new file mode 120000 +index 0000000000..6ca7f77539 +--- /dev/null ++++ b/tests/virscsidata/2-0-0-0/tape +@@ -0,0 +1 @@ ++scsi_tape/st0 +\ No newline at end of file +diff --git a/tests/virscsidata/2-0-0-0/type b/tests/virscsidata/2-0-0-0/type +new file mode 100644 +index 0000000000..d00491fd7e +--- /dev/null ++++ b/tests/virscsidata/2-0-0-0/type +@@ -0,0 +1 @@ ++1 +diff --git a/tests/virscsidata/2-0-0-0/vendor b/tests/virscsidata/2-0-0-0/vendor +new file mode 100644 +index 0000000000..9b075671ea +--- /dev/null ++++ b/tests/virscsidata/2-0-0-0/vendor +@@ -0,0 +1 @@ ++Linux +diff --git a/tests/virscsidata/sg3 b/tests/virscsidata/sg3 +new file mode 100644 +index 0000000000..e69de29bb2 +diff --git a/tests/virscsitest.c b/tests/virscsitest.c +index d5a0da4753..e501d6d041 100644 +--- a/tests/virscsitest.c ++++ b/tests/virscsitest.c +@@ -32,18 +32,34 @@ VIR_LOG_INIT("tests.scsitest"); + + static char *virscsi_prefix; + ++typedef struct { ++ const char *adapter; ++ unsigned int bus; ++ unsigned int target; ++ unsigned int unit; ++ const char *expectedName; ++} testGetDevNameData; ++ + static int +-test1(const void *data G_GNUC_UNUSED) ++testGetDevName(const void *opaque) + { ++ const testGetDevNameData *data = opaque; + char *name = NULL; + int ret = -1; + + if (!(name = virSCSIDeviceGetDevName(virscsi_prefix, +- "scsi_host1", 0, 0, 0))) ++ data->adapter, ++ data->bus, ++ data->target, ++ data->unit))) + return -1; + +- if (STRNEQ(name, "sdh")) ++ if (STRNEQ(name, data->expectedName)) { ++ fprintf(stderr, ++ "SCSI dev name mismatch, expected %s got %s", ++ data->expectedName, name); + goto cleanup; ++ } + + ret = 0; + cleanup: +@@ -212,15 +228,27 @@ mymain(void) + + CREATE_SYMLINK("0-0-0-0", "0:0:0:0"); + CREATE_SYMLINK("1-0-0-0", "1:0:0:0"); ++ CREATE_SYMLINK("2-0-0-0", "2:0:0:0"); + CREATE_SYMLINK("sg0", "sg0"); ++ CREATE_SYMLINK("sg3", "sg3"); + CREATE_SYMLINK("sg8", "sg8"); + + VIR_FREE(virscsi_prefix); + + virscsi_prefix = g_strdup(tmpdir); + +- if (virTestRun("test1", test1, NULL) < 0) +- ret = -1; ++#define TEST_GET_DEV_NAME(adapter, bus, target, unit, expectedName) \ ++ do { \ ++ testGetDevNameData data = {adapter, bus, target, unit, expectedName}; \ ++ if (virTestRun("test getDevname " expectedName, \ ++ testGetDevName, &data) < 0) \ ++ ret = -1; \ ++ } while (0) ++ ++ TEST_GET_DEV_NAME("scsi_host0", 0, 0, 0, "sda"); ++ TEST_GET_DEV_NAME("scsi_host1", 0, 0, 0, "sdh"); ++ TEST_GET_DEV_NAME("scsi_host2", 0, 0, 0, "st0"); ++ + if (virTestRun("test2", test2, NULL) < 0) + ret = -1; + +-- +2.25.1 + diff --git a/SOURCES/libvirt-RHEL-virutil-Accept-non-block-devices-in-virGetDeviceID.patch b/SOURCES/libvirt-RHEL-virutil-Accept-non-block-devices-in-virGetDeviceID.patch new file mode 100644 index 0000000..4568177 --- /dev/null +++ b/SOURCES/libvirt-RHEL-virutil-Accept-non-block-devices-in-virGetDeviceID.patch @@ -0,0 +1,37 @@ +From cd2640c256389b4041e4cd38fd72f77184bb4414 Mon Sep 17 00:00:00 2001 +Message-Id: +From: Michal Privoznik +Date: Fri, 6 Mar 2020 15:52:24 +0100 +Subject: [PATCH] RHEL: virutil: Accept non-block devices in virGetDeviceID() + +If a caller wants to learn major or minor number for a device, +let them. There's no need to check if the device is a block +device here. + +https://bugzilla.redhat.com/show_bug.cgi?id=1808390 + +Signed-off-by: Michal Privoznik +Signed-off-by: Andrea Bolognani +Message-Id: <20200306145226.1610708-5-abologna@redhat.com> +Reviewed-by: Jiri Denemark +--- + src/util/virutil.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/src/util/virutil.c b/src/util/virutil.c +index a0fd7618ee..f142951acf 100644 +--- a/src/util/virutil.c ++++ b/src/util/virutil.c +@@ -1379,9 +1379,6 @@ virGetDeviceID(const char *path, int *maj, int *min) + if (stat(path, &sb) < 0) + return -errno; + +- if (!S_ISBLK(sb.st_mode)) +- return -EINVAL; +- + if (maj) + *maj = major(sb.st_rdev); + if (min) +-- +2.25.1 + diff --git a/SOURCES/libvirt-Remove-checking-of-return-value-of-virHashNew.patch b/SOURCES/libvirt-Remove-checking-of-return-value-of-virHashNew.patch new file mode 100644 index 0000000..10e8801 --- /dev/null +++ b/SOURCES/libvirt-Remove-checking-of-return-value-of-virHashNew.patch @@ -0,0 +1,62 @@ +From ca7c7a8b07c31dc8bf96f7da6fb53af884e36ddb Mon Sep 17 00:00:00 2001 +Message-Id: +From: Peter Krempa +Date: Tue, 4 Feb 2020 15:08:01 +0100 +Subject: [PATCH] Remove checking of return value of virHashNew +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +There are two calls to virHashNew which check the return value. It's not +necessary any more as virHashNew always returns a valid pointer. + +Signed-off-by: Peter Krempa +Reviewed-by: Michal Privoznik +(cherry picked from commit 6eab924daa243afa67f2cc20dcbdf521904bb62b) + +https://bugzilla.redhat.com/show_bug.cgi?id=1793263 +Message-Id: <08acb2e50b584a75c0131a628ee441f47e8fe823.1580824112.git.pkrempa@redhat.com> +Reviewed-by: Ján Tomko +--- + src/conf/backup_conf.c | 6 +----- + src/qemu/qemu_monitor_json.c | 3 +-- + 2 files changed, 2 insertions(+), 7 deletions(-) + +diff --git a/src/conf/backup_conf.c b/src/conf/backup_conf.c +index b370b686f1..64c8f6cc09 100644 +--- a/src/conf/backup_conf.c ++++ b/src/conf/backup_conf.c +@@ -439,15 +439,11 @@ virDomainBackupAlignDisks(virDomainBackupDefPtr def, + virDomainDefPtr dom, + const char *suffix) + { +- g_autoptr(virHashTable) disks = NULL; ++ g_autoptr(virHashTable) disks = virHashNew(NULL); + size_t i; + int ndisks; + bool backup_all = false; + +- +- if (!(disks = virHashNew(NULL))) +- return -1; +- + /* Unlikely to have a guest without disks but technically possible. */ + if (!dom->ndisks) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", +diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c +index 5d8c7e9b5e..3fc0bcb80c 100644 +--- a/src/qemu/qemu_monitor_json.c ++++ b/src/qemu/qemu_monitor_json.c +@@ -2992,8 +2992,7 @@ qemuMonitorJSONBlockGetNamedNodeDataJSON(virJSONValuePtr nodes) + { + g_autoptr(virHashTable) ret = NULL; + +- if (!(ret = virHashNew((virHashDataFree) qemuMonitorJSONBlockNamedNodeDataFree))) +- return NULL; ++ ret = virHashNew((virHashDataFree) qemuMonitorJSONBlockNamedNodeDataFree); + + if (virJSONValueArrayForeachSteal(nodes, + qemuMonitorJSONBlockGetNamedNodeDataWorker, +-- +2.25.0 + diff --git a/SOURCES/libvirt-Remove-qemuDomainSecretInfoNew.patch b/SOURCES/libvirt-Remove-qemuDomainSecretInfoNew.patch new file mode 100644 index 0000000..4534ae8 --- /dev/null +++ b/SOURCES/libvirt-Remove-qemuDomainSecretInfoNew.patch @@ -0,0 +1,109 @@ +From 160863c5cac5519c287462439b9ce8abc6a8237e Mon Sep 17 00:00:00 2001 +Message-Id: <160863c5cac5519c287462439b9ce8abc6a8237e@dist-git> +From: Peter Krempa +Date: Mon, 16 Mar 2020 22:11:48 +0100 +Subject: [PATCH] Remove qemuDomainSecretInfoNew +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Replace it by a direct call to qemuDomainSecretAESSetupFromSecret. + +Signed-off-by: Peter Krempa +Reviewed-by: Ján Tomko +(cherry picked from commit f742461389c11a7d4cc8bda941814c4128eadf94) +https://bugzilla.redhat.com/show_bug.cgi?id=1804750 +Message-Id: +Reviewed-by: Ján Tomko +--- + src/qemu/qemu_domain.c | 53 +++++++++++------------------------------- + 1 file changed, 13 insertions(+), 40 deletions(-) + +diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c +index c286f50650..af23079d5d 100644 +--- a/src/qemu/qemu_domain.c ++++ b/src/qemu/qemu_domain.c +@@ -1669,33 +1669,6 @@ qemuDomainSecretInfoNewPlain(virSecretUsageType usageType, + } + + +-/* qemuDomainSecretInfoNew: +- * @priv: pointer to domain private object +- * @srcAlias: Alias base to use for TLS object +- * @usageType: Secret usage type +- * @username: username +- * @looupDef: lookup def describing secret +- * @isLuks: boolean for luks lookup +- * +- * Helper function to create a secinfo to be used for secinfo consumers. This +- * sets up encrypted data to be used with qemu's 'secret' object. +- * +- * Returns @secinfo on success, NULL on failure. Caller is responsible +- * to eventually free @secinfo. +- */ +-static qemuDomainSecretInfoPtr +-qemuDomainSecretInfoNew(qemuDomainObjPrivatePtr priv, +- const char *srcAlias, +- virSecretUsageType usageType, +- const char *username, +- virSecretLookupTypeDefPtr lookupDef, +- bool isLuks) +-{ +- return qemuDomainSecretAESSetupFromSecret(priv, srcAlias, usageType, username, +- lookupDef, isLuks); +-} +- +- + /** + * qemuDomainSecretInfoTLSNew: + * @priv: pointer to domain private object +@@ -1722,9 +1695,9 @@ qemuDomainSecretInfoTLSNew(qemuDomainObjPrivatePtr priv, + } + seclookupdef.type = VIR_SECRET_LOOKUP_TYPE_UUID; + +- return qemuDomainSecretInfoNew(priv, srcAlias, +- VIR_SECRET_USAGE_TYPE_TLS, NULL, +- &seclookupdef, false); ++ return qemuDomainSecretAESSetupFromSecret(priv, srcAlias, ++ VIR_SECRET_USAGE_TYPE_TLS, ++ NULL, &seclookupdef, false); + } + + +@@ -1814,11 +1787,11 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivatePtr priv, + src->auth->username, + &src->auth->seclookupdef); + } else { +- srcPriv->secinfo = qemuDomainSecretInfoNew(priv, authalias, +- usageType, +- src->auth->username, +- &src->auth->seclookupdef, +- false); ++ srcPriv->secinfo = qemuDomainSecretAESSetupFromSecret(priv, authalias, ++ usageType, ++ src->auth->username, ++ &src->auth->seclookupdef, ++ false); + } + + if (!srcPriv->secinfo) +@@ -1826,11 +1799,11 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivatePtr priv, + } + + if (hasEnc) { +- if (!(srcPriv->encinfo = +- qemuDomainSecretInfoNew(priv, encalias, +- VIR_SECRET_USAGE_TYPE_VOLUME, NULL, +- &src->encryption->secrets[0]->seclookupdef, +- true))) ++ if (!(srcPriv->encinfo = qemuDomainSecretAESSetupFromSecret(priv, encalias, ++ VIR_SECRET_USAGE_TYPE_VOLUME, ++ NULL, ++ &src->encryption->secrets[0]->seclookupdef, ++ true))) + return -1; + } + +-- +2.25.1 + diff --git a/SOURCES/libvirt-Revert-RHEL-network-regain-guest-network-connectivity-after-firewalld-switch-to-nftables.patch b/SOURCES/libvirt-Revert-RHEL-network-regain-guest-network-connectivity-after-firewalld-switch-to-nftables.patch deleted file mode 100644 index 600d63a..0000000 --- a/SOURCES/libvirt-Revert-RHEL-network-regain-guest-network-connectivity-after-firewalld-switch-to-nftables.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 195908ad66fc52643d94eca0f45e5740f25e3e78 Mon Sep 17 00:00:00 2001 -Message-Id: <195908ad66fc52643d94eca0f45e5740f25e3e78@dist-git> -From: Laine Stump -Date: Fri, 1 Feb 2019 20:29:26 -0500 -Subject: [PATCH] Revert "RHEL: network: regain guest network connectivity - after firewalld switch to nftables" -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This reverts commit 54e270d7fb68b41002654374d395e4f260a24add. - -This patch appeared in libvirt-4.5.0-11.el8 (RHEL git commit id -2fb53957). It was a downstream-only temporary fix to the networking -issues resulting from firewalld's switch to using nftables. Now that -there is a permanent fix upstream we can revert this patch and use the -upstream patches instead. - -https://bugzilla.redhat.com/1650320 - -Signed-off-by: Laine Stump -Reviewed-by: Ján Tomko ---- - libvirt.spec.in | 14 -------------- - src/network/Makefile.inc.am | 10 +--------- - src/network/libvirt.zone | 15 --------------- - 3 files changed, 1 insertion(+), 38 deletions(-) - delete mode 100644 src/network/libvirt.zone - -diff --git a/src/network/Makefile.inc.am b/src/network/Makefile.inc.am -index 20d899e699..508c8c0422 100644 ---- a/src/network/Makefile.inc.am -+++ b/src/network/Makefile.inc.am -@@ -87,11 +87,6 @@ install-data-network: - ( cd $(DESTDIR)$(confdir)/qemu/networks/autostart && \ - rm -f default.xml && \ - $(LN_S) ../default.xml default.xml ) --if HAVE_FIREWALLD -- $(MKDIR_P) "$(DESTDIR)$(prefix)/lib/firewalld/zones" -- $(INSTALL_DATA) $(srcdir)/network/libvirt.zone \ -- $(DESTDIR)$(prefix)/lib/firewalld/zones/libvirt.xml --endif HAVE_FIREWALLD - - uninstall-data-network: - rm -f $(DESTDIR)$(confdir)/qemu/networks/autostart/default.xml -@@ -100,13 +95,10 @@ uninstall-data-network: - rmdir "$(DESTDIR)$(confdir)/qemu/networks" || : - rmdir "$(DESTDIR)$(localstatedir)/lib/libvirt/network" ||: - rmdir "$(DESTDIR)$(localstatedir)/run/libvirt/network" ||: --if HAVE_FIREWALLD -- rm -f $(DESTDIR)$(prefix)/lib/firewalld/zones/libvirt.xml --endif HAVE_FIREWALLD - - endif WITH_NETWORK - --EXTRA_DIST += network/default.xml network/libvirt.zone -+EXTRA_DIST += network/default.xml - - .PHONY: \ - install-data-network \ -diff --git a/src/network/libvirt.zone b/src/network/libvirt.zone -deleted file mode 100644 -index 355a70b4da..0000000000 ---- a/src/network/libvirt.zone -+++ /dev/null -@@ -1,15 +0,0 @@ -- -- -- libvirt -- All network connections are accepted. This also permits packets to/from interfaces in the zone to be forwarded. This zone is intended to be used only by libvirt virtual networks. -- -- -- -- -- -- -- -- -- -- -- --- -2.20.1 - diff --git a/SOURCES/libvirt-Revert-Separate-out-StateAutoStart-from-StateInitialize.patch b/SOURCES/libvirt-Revert-Separate-out-StateAutoStart-from-StateInitialize.patch deleted file mode 100644 index abec5aa..0000000 --- a/SOURCES/libvirt-Revert-Separate-out-StateAutoStart-from-StateInitialize.patch +++ /dev/null @@ -1,93 +0,0 @@ -From 8069bb50b2548acd3f2176499ede205e6099c067 Mon Sep 17 00:00:00 2001 -Message-Id: <8069bb50b2548acd3f2176499ede205e6099c067@dist-git> -From: Michal Privoznik -Date: Thu, 27 Jun 2019 15:18:17 +0200 -Subject: [PATCH] Revert "Separate out StateAutoStart from StateInitialize" -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This reverts commit e4a969092bda5b3b952963fdf6658895165040b7. - -Now that drivers may call virConnectOpen() on secondary drivers, it -doesn't make much sense to have autostart separated from driver -initialization callback. In fact, it creates a problem because one -driver during its initialization might try to fetch an object from -another driver but since the object is yet to be autostarted the fetch -fails. This has been observed in reality: qemu driver performs -qemuProcessReconnect() during qemu's stateInitialize phase which may -call virDomainDiskTranslateSourcePool() which connects to the storage -driver to look up the volume. But the storage driver did not autostart -its pools yet therefore volume lookup fails and the domain is killed. - -Signed-off-by: Michal Privoznik -Reviewed-by: Ján Tomko -(cherry picked from commit 07a9c8bae8b80ef1650e6d05869cbf55c6aea837) - -https://bugzilla.redhat.com/show_bug.cgi?id=1685151 - -Signed-off-by: Michal Privoznik -Message-Id: <4ed5f8f4edd0053cc14f4bb579a945b606b36f5a.1561641375.git.mprivozn@redhat.com> -Reviewed-by: Jiri Denemark ---- - src/driver-state.h | 4 ---- - src/libvirt.c | 14 +------------- - 2 files changed, 1 insertion(+), 17 deletions(-) - -diff --git a/src/driver-state.h b/src/driver-state.h -index 1cb3e4faf3..e1e060bcc5 100644 ---- a/src/driver-state.h -+++ b/src/driver-state.h -@@ -30,9 +30,6 @@ typedef int - virStateInhibitCallback callback, - void *opaque); - --typedef void --(*virDrvStateAutoStart)(void); -- - typedef int - (*virDrvStateCleanup)(void); - -@@ -48,7 +45,6 @@ typedef virStateDriver *virStateDriverPtr; - struct _virStateDriver { - const char *name; - virDrvStateInitialize stateInitialize; -- virDrvStateAutoStart stateAutoStart; - virDrvStateCleanup stateCleanup; - virDrvStateReload stateReload; - virDrvStateStop stateStop; -diff --git a/src/libvirt.c b/src/libvirt.c -index 52f4dd2808..c9e5f47fd4 100644 ---- a/src/libvirt.c -+++ b/src/libvirt.c -@@ -637,11 +637,7 @@ virRegisterStateDriver(virStateDriverPtr driver) - * @callback: callback to invoke to inhibit shutdown of the daemon - * @opaque: data to pass to @callback - * -- * Initialize all virtualization drivers. Accomplished in two phases, -- * the first being state and structure initialization followed by any -- * auto start supported by the driver. This is done to ensure dependencies -- * that some drivers may have on another driver having been initialized -- * will exist, such as the storage driver's need to use the secret driver. -+ * Initialize all virtualization drivers. - * - * Returns 0 if all succeed, -1 upon any failure. - */ -@@ -669,14 +665,6 @@ virStateInitialize(bool privileged, - } - } - } -- -- for (i = 0; i < virStateDriverTabCount; i++) { -- if (virStateDriverTab[i]->stateAutoStart) { -- VIR_DEBUG("Running global auto start for %s state driver", -- virStateDriverTab[i]->name); -- virStateDriverTab[i]->stateAutoStart(); -- } -- } - return 0; - } - --- -2.22.0 - diff --git a/SOURCES/libvirt-Revert-access-Modify-the-VIR_ERR_ACCESS_DENIED-to-include-driverName.patch b/SOURCES/libvirt-Revert-access-Modify-the-VIR_ERR_ACCESS_DENIED-to-include-driverName.patch deleted file mode 100644 index 546facb..0000000 --- a/SOURCES/libvirt-Revert-access-Modify-the-VIR_ERR_ACCESS_DENIED-to-include-driverName.patch +++ /dev/null @@ -1,163 +0,0 @@ -From 6af885a53e425b88c7d9c123f64bbc4f8517b8a8 Mon Sep 17 00:00:00 2001 -Message-Id: <6af885a53e425b88c7d9c123f64bbc4f8517b8a8@dist-git> -From: John Ferlan -Date: Thu, 15 Nov 2018 06:43:58 -0500 -Subject: [PATCH] Revert "access: Modify the VIR_ERR_ACCESS_DENIED to include - driverName" - -https://bugzilla.redhat.com/show_bug.cgi?id=1631608 (RHEL8) -https://bugzilla.redhat.com/show_bug.cgi?id=1631606 (RHEL7) - -This reverts commit ccc72d5cbdd85f66cb737134b3be40aac1df03ef. - -Based on upstream comment to a follow-up patch, this didn't take the -right approach and the right thing to do is revert and rework. - -Signed-off-by: John Ferlan -(cherry picked from commit b08396a5feab02fb3bb595603c888ee733aa178e) -Reviewed-by: Erik Skultety ---- - src/access/viraccessmanager.c | 25 ++++++++++++------------- - src/rpc/gendispatch.pl | 2 +- - src/util/virerror.c | 4 ++-- - 3 files changed, 15 insertions(+), 16 deletions(-) - -diff --git a/src/access/viraccessmanager.c b/src/access/viraccessmanager.c -index 1dfff32b9d..e7b5bf38da 100644 ---- a/src/access/viraccessmanager.c -+++ b/src/access/viraccessmanager.c -@@ -196,12 +196,11 @@ static void virAccessManagerDispose(void *object) - * should the admin need to debug things - */ - static int --virAccessManagerSanitizeError(int ret, -- const char *driverName) -+virAccessManagerSanitizeError(int ret) - { - if (ret < 0) { - virResetLastError(); -- virAccessError(VIR_ERR_ACCESS_DENIED, driverName, NULL); -+ virAccessError(VIR_ERR_ACCESS_DENIED, NULL); - } - - return ret; -@@ -218,7 +217,7 @@ int virAccessManagerCheckConnect(virAccessManagerPtr manager, - if (manager->drv->checkConnect) - ret = manager->drv->checkConnect(manager, driverName, perm); - -- return virAccessManagerSanitizeError(ret, driverName); -+ return virAccessManagerSanitizeError(ret); - } - - -@@ -234,7 +233,7 @@ int virAccessManagerCheckDomain(virAccessManagerPtr manager, - if (manager->drv->checkDomain) - ret = manager->drv->checkDomain(manager, driverName, domain, perm); - -- return virAccessManagerSanitizeError(ret, driverName); -+ return virAccessManagerSanitizeError(ret); - } - - int virAccessManagerCheckInterface(virAccessManagerPtr manager, -@@ -249,7 +248,7 @@ int virAccessManagerCheckInterface(virAccessManagerPtr manager, - if (manager->drv->checkInterface) - ret = manager->drv->checkInterface(manager, driverName, iface, perm); - -- return virAccessManagerSanitizeError(ret, driverName); -+ return virAccessManagerSanitizeError(ret); - } - - int virAccessManagerCheckNetwork(virAccessManagerPtr manager, -@@ -264,7 +263,7 @@ int virAccessManagerCheckNetwork(virAccessManagerPtr manager, - if (manager->drv->checkNetwork) - ret = manager->drv->checkNetwork(manager, driverName, network, perm); - -- return virAccessManagerSanitizeError(ret, driverName); -+ return virAccessManagerSanitizeError(ret); - } - - int virAccessManagerCheckNodeDevice(virAccessManagerPtr manager, -@@ -279,7 +278,7 @@ int virAccessManagerCheckNodeDevice(virAccessManagerPtr manager, - if (manager->drv->checkNodeDevice) - ret = manager->drv->checkNodeDevice(manager, driverName, nodedev, perm); - -- return virAccessManagerSanitizeError(ret, driverName); -+ return virAccessManagerSanitizeError(ret); - } - - int virAccessManagerCheckNWFilter(virAccessManagerPtr manager, -@@ -294,7 +293,7 @@ int virAccessManagerCheckNWFilter(virAccessManagerPtr manager, - if (manager->drv->checkNWFilter) - ret = manager->drv->checkNWFilter(manager, driverName, nwfilter, perm); - -- return virAccessManagerSanitizeError(ret, driverName); -+ return virAccessManagerSanitizeError(ret); - } - - int virAccessManagerCheckNWFilterBinding(virAccessManagerPtr manager, -@@ -309,7 +308,7 @@ int virAccessManagerCheckNWFilterBinding(virAccessManagerPtr manager, - if (manager->drv->checkNWFilterBinding) - ret = manager->drv->checkNWFilterBinding(manager, driverName, binding, perm); - -- return virAccessManagerSanitizeError(ret, driverName); -+ return virAccessManagerSanitizeError(ret); - } - - int virAccessManagerCheckSecret(virAccessManagerPtr manager, -@@ -324,7 +323,7 @@ int virAccessManagerCheckSecret(virAccessManagerPtr manager, - if (manager->drv->checkSecret) - ret = manager->drv->checkSecret(manager, driverName, secret, perm); - -- return virAccessManagerSanitizeError(ret, driverName); -+ return virAccessManagerSanitizeError(ret); - } - - int virAccessManagerCheckStoragePool(virAccessManagerPtr manager, -@@ -339,7 +338,7 @@ int virAccessManagerCheckStoragePool(virAccessManagerPtr manager, - if (manager->drv->checkStoragePool) - ret = manager->drv->checkStoragePool(manager, driverName, pool, perm); - -- return virAccessManagerSanitizeError(ret, driverName); -+ return virAccessManagerSanitizeError(ret); - } - - int virAccessManagerCheckStorageVol(virAccessManagerPtr manager, -@@ -355,5 +354,5 @@ int virAccessManagerCheckStorageVol(virAccessManagerPtr manager, - if (manager->drv->checkStorageVol) - ret = manager->drv->checkStorageVol(manager, driverName, pool, vol, perm); - -- return virAccessManagerSanitizeError(ret, driverName); -+ return virAccessManagerSanitizeError(ret); - } -diff --git a/src/rpc/gendispatch.pl b/src/rpc/gendispatch.pl -index f599002056..0c4648c0fb 100755 ---- a/src/rpc/gendispatch.pl -+++ b/src/rpc/gendispatch.pl -@@ -2199,7 +2199,7 @@ elsif ($mode eq "client") { - print " virObjectUnref(mgr);\n"; - if ($action eq "Ensure") { - print " if (rv == 0)\n"; -- print " virReportError(VIR_ERR_ACCESS_DENIED, conn->driver->name, NULL);\n"; -+ print " virReportError(VIR_ERR_ACCESS_DENIED, NULL);\n"; - print " return $fail;\n"; - } else { - print " virResetLastError();\n"; -diff --git a/src/util/virerror.c b/src/util/virerror.c -index 5f50fa0349..f198f27957 100644 ---- a/src/util/virerror.c -+++ b/src/util/virerror.c -@@ -1439,9 +1439,9 @@ virErrorMsg(virErrorNumber error, const char *info) - break; - case VIR_ERR_ACCESS_DENIED: - if (info == NULL) -- errmsg = _("access denied from '%s'"); -+ errmsg = _("access denied"); - else -- errmsg = _("access denied from '%s': %s"); -+ errmsg = _("access denied: %s"); - break; - case VIR_ERR_DBUS_SERVICE: - if (info == NULL) --- -2.19.2 - diff --git a/SOURCES/libvirt-Revert-util-vircgroup-pass-parent-cgroup-into-virCgroupDetectControllersCB.patch b/SOURCES/libvirt-Revert-util-vircgroup-pass-parent-cgroup-into-virCgroupDetectControllersCB.patch deleted file mode 100644 index 796cc2e..0000000 --- a/SOURCES/libvirt-Revert-util-vircgroup-pass-parent-cgroup-into-virCgroupDetectControllersCB.patch +++ /dev/null @@ -1,108 +0,0 @@ -From 2395bf301cf76ffa863a3c2e125d52345cfbf6b5 Mon Sep 17 00:00:00 2001 -Message-Id: <2395bf301cf76ffa863a3c2e125d52345cfbf6b5@dist-git> -From: Pavel Hrdina -Date: Mon, 1 Jul 2019 17:08:23 +0200 -Subject: [PATCH] Revert "util: vircgroup: pass parent cgroup into - virCgroupDetectControllersCB" -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This reverts commit 7bca1c9bdc85247446129f856e27c80a32819e17. - -As it turns out it's not a good idea on systemd hosts. The root -cgroup can have all controllers enabled but they don't have to be -enabled for sub-cgroups. - -Signed-off-by: Pavel Hrdina -Reviewed-by: Ján Tomko -(cherry picked from commit d117431143d5b6dcfc8fae4a6b3fae23881d0937) - -Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1689297 - -Signed-off-by: Pavel Hrdina -Message-Id: <754b0ac5a0f1bd21e79eaeb71f6d2ab811446168.1561993100.git.phrdina@redhat.com> -Reviewed-by: Ján Tomko ---- - src/util/vircgroup.c | 2 +- - src/util/vircgroupbackend.h | 3 +-- - src/util/vircgroupv1.c | 3 +-- - src/util/vircgroupv2.c | 17 ++++++----------- - 4 files changed, 9 insertions(+), 16 deletions(-) - -diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c -index ff2a0b75b5..a7fb595bce 100644 ---- a/src/util/vircgroup.c -+++ b/src/util/vircgroup.c -@@ -412,7 +412,7 @@ virCgroupDetect(virCgroupPtr group, - - for (i = 0; i < VIR_CGROUP_BACKEND_TYPE_LAST; i++) { - if (group->backends[i]) { -- int rc = group->backends[i]->detectControllers(group, controllers, parent); -+ int rc = group->backends[i]->detectControllers(group, controllers); - if (rc < 0) - return -1; - controllersAvailable |= rc; -diff --git a/src/util/vircgroupbackend.h b/src/util/vircgroupbackend.h -index 05af118ec1..a825dc4be7 100644 ---- a/src/util/vircgroupbackend.h -+++ b/src/util/vircgroupbackend.h -@@ -96,8 +96,7 @@ typedef char * - - typedef int - (*virCgroupDetectControllersCB)(virCgroupPtr group, -- int controllers, -- virCgroupPtr parent); -+ int controllers); - - typedef bool - (*virCgroupHasControllerCB)(virCgroupPtr cgroup, -diff --git a/src/util/vircgroupv1.c b/src/util/vircgroupv1.c -index 5b218c7f78..58bd20d636 100644 ---- a/src/util/vircgroupv1.c -+++ b/src/util/vircgroupv1.c -@@ -419,8 +419,7 @@ virCgroupV1StealPlacement(virCgroupPtr group) - - static int - virCgroupV1DetectControllers(virCgroupPtr group, -- int controllers, -- virCgroupPtr parent ATTRIBUTE_UNUSED) -+ int controllers) - { - size_t i; - size_t j; -diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c -index bdeab397a3..b0ed889cc8 100644 ---- a/src/util/vircgroupv2.c -+++ b/src/util/vircgroupv2.c -@@ -285,21 +285,16 @@ virCgroupV2ParseControllersFile(virCgroupPtr group) - - static int - virCgroupV2DetectControllers(virCgroupPtr group, -- int controllers, -- virCgroupPtr parent) -+ int controllers) - { - size_t i; - -- if (parent) { -- group->unified.controllers = parent->unified.controllers; -- } else { -- if (virCgroupV2ParseControllersFile(group) < 0) -- return -1; -+ if (virCgroupV2ParseControllersFile(group) < 0) -+ return -1; - -- /* In cgroup v2 there is no cpuacct controller, the cpu.stat file always -- * exists with usage stats. */ -- group->unified.controllers |= 1 << VIR_CGROUP_CONTROLLER_CPUACCT; -- } -+ /* In cgroup v2 there is no cpuacct controller, the cpu.stat file always -+ * exists with usage stats. */ -+ group->unified.controllers |= 1 << VIR_CGROUP_CONTROLLER_CPUACCT; - - if (controllers >= 0) - group->unified.controllers &= controllers; --- -2.22.0 - diff --git a/SOURCES/libvirt-Revert-virStateDriver-Separate-AutoStart-from-Initialize.patch b/SOURCES/libvirt-Revert-virStateDriver-Separate-AutoStart-from-Initialize.patch deleted file mode 100644 index 45fdd94..0000000 --- a/SOURCES/libvirt-Revert-virStateDriver-Separate-AutoStart-from-Initialize.patch +++ /dev/null @@ -1,295 +0,0 @@ -From 799c9dd37390878a54be303b3e3e27445049bf2b Mon Sep 17 00:00:00 2001 -Message-Id: <799c9dd37390878a54be303b3e3e27445049bf2b@dist-git> -From: Michal Privoznik -Date: Thu, 27 Jun 2019 15:18:16 +0200 -Subject: [PATCH] Revert "virStateDriver - Separate AutoStart from Initialize" -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This reverts commit cefb97fb815c81fc882da752f45effd23bcb9b4b. - -The stateAutoStart callback will be removed in the next commit. -Therefore move autostarting of domains, networks and storage -pools back into stateInitialize callbacks. - -Signed-off-by: Michal Privoznik -Reviewed-by: Ján Tomko -(cherry picked from commit fc380c2e018ae15347d4c281a7e74896c48cac4a) - -https://bugzilla.redhat.com/show_bug.cgi?id=1685151 - -The difference to the upstream commit is uml driver change. In -upstream, the uml driver was dropped, but it's still kept around -in downstream. - -Signed-off-by: Michal Privoznik -Message-Id: -Reviewed-by: Jiri Denemark ---- - src/libxl/libxl_driver.c | 14 +++----------- - src/lxc/lxc_driver.c | 16 ++-------------- - src/network/bridge_driver.c | 22 ++++------------------ - src/qemu/qemu_driver.c | 17 ++--------------- - src/storage/storage_driver.c | 19 ++----------------- - src/uml/uml_driver.c | 17 ++--------------- - 6 files changed, 15 insertions(+), 90 deletions(-) - -diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c -index 5a5e792957..99bb010af4 100644 ---- a/src/libxl/libxl_driver.c -+++ b/src/libxl/libxl_driver.c -@@ -773,6 +773,9 @@ libxlStateInitialize(bool privileged, - NULL, NULL) < 0) - goto error; - -+ virDomainObjListForEach(libxl_driver->domains, libxlAutostartDomain, -+ libxl_driver); -+ - virDomainObjListForEach(libxl_driver->domains, libxlDomainManagedSaveLoad, - libxl_driver); - -@@ -784,16 +787,6 @@ libxlStateInitialize(bool privileged, - return -1; - } - --static void --libxlStateAutoStart(void) --{ -- if (!libxl_driver) -- return; -- -- virDomainObjListForEach(libxl_driver->domains, libxlAutostartDomain, -- libxl_driver); --} -- - static int - libxlStateReload(void) - { -@@ -6479,7 +6472,6 @@ static virConnectDriver libxlConnectDriver = { - static virStateDriver libxlStateDriver = { - .name = "LIBXL", - .stateInitialize = libxlStateInitialize, -- .stateAutoStart = libxlStateAutoStart, - .stateCleanup = libxlStateCleanup, - .stateReload = libxlStateReload, - }; -diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c -index f9794e0655..527fa72083 100644 ---- a/src/lxc/lxc_driver.c -+++ b/src/lxc/lxc_driver.c -@@ -1646,6 +1646,8 @@ static int lxcStateInitialize(bool privileged, - NULL, NULL) < 0) - goto cleanup; - -+ virLXCProcessAutostartAll(lxc_driver); -+ - virObjectUnref(caps); - return 0; - -@@ -1655,19 +1657,6 @@ static int lxcStateInitialize(bool privileged, - return -1; - } - --/** -- * lxcStateAutoStart: -- * -- * Function to autostart the LXC daemons -- */ --static void lxcStateAutoStart(void) --{ -- if (!lxc_driver) -- return; -- -- virLXCProcessAutostartAll(lxc_driver); --} -- - static void lxcNotifyLoadDomain(virDomainObjPtr vm, int newVM, void *opaque) - { - virLXCDriverPtr driver = opaque; -@@ -5550,7 +5539,6 @@ static virConnectDriver lxcConnectDriver = { - static virStateDriver lxcStateDriver = { - .name = LXC_DRIVER_NAME, - .stateInitialize = lxcStateInitialize, -- .stateAutoStart = lxcStateAutoStart, - .stateCleanup = lxcStateCleanup, - .stateReload = lxcStateReload, - }; -diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c -index d153a8cdb6..a60d7db685 100644 ---- a/src/network/bridge_driver.c -+++ b/src/network/bridge_driver.c -@@ -755,6 +755,10 @@ networkStateInitialize(bool privileged, - networkReloadFirewallRules(network_driver); - networkRefreshDaemons(network_driver); - -+ virNetworkObjListForEach(network_driver->networks, -+ networkAutostartConfig, -+ network_driver); -+ - network_driver->networkEventState = virObjectEventStateNew(); - - #ifdef WITH_FIREWALLD -@@ -794,23 +798,6 @@ networkStateInitialize(bool privileged, - } - - --/** -- * networkStateAutoStart: -- * -- * Function to AutoStart the bridge configs -- */ --static void --networkStateAutoStart(void) --{ -- if (!network_driver) -- return; -- -- virNetworkObjListForEach(network_driver->networks, -- networkAutostartConfig, -- network_driver); --} -- -- - /** - * networkStateReload: - * -@@ -5616,7 +5603,6 @@ static virConnectDriver networkConnectDriver = { - static virStateDriver networkStateDriver = { - .name = "bridge", - .stateInitialize = networkStateInitialize, -- .stateAutoStart = networkStateAutoStart, - .stateCleanup = networkStateCleanup, - .stateReload = networkStateReload, - }; -diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c -index 2da87992fd..056d324a62 100644 ---- a/src/qemu/qemu_driver.c -+++ b/src/qemu/qemu_driver.c -@@ -911,6 +911,8 @@ qemuStateInitialize(bool privileged, - - qemuProcessReconnectAll(qemu_driver); - -+ qemuAutostartDomains(qemu_driver); -+ - return 0; - - error: -@@ -921,20 +923,6 @@ qemuStateInitialize(bool privileged, - return -1; - } - --/** -- * qemuStateAutoStart: -- * -- * Function to auto start the QEMU daemons -- */ --static void --qemuStateAutoStart(void) --{ -- if (!qemu_driver) -- return; -- -- qemuAutostartDomains(qemu_driver); --} -- - static void qemuNotifyLoadDomain(virDomainObjPtr vm, int newVM, void *opaque) - { - virQEMUDriverPtr driver = opaque; -@@ -21846,7 +21834,6 @@ static virConnectDriver qemuConnectDriver = { - static virStateDriver qemuStateDriver = { - .name = QEMU_DRIVER_NAME, - .stateInitialize = qemuStateInitialize, -- .stateAutoStart = qemuStateAutoStart, - .stateCleanup = qemuStateCleanup, - .stateReload = qemuStateReload, - .stateStop = qemuStateStop, -diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c -index 254818e308..f61fb074e6 100644 ---- a/src/storage/storage_driver.c -+++ b/src/storage/storage_driver.c -@@ -291,6 +291,8 @@ storageStateInitialize(bool privileged, - - storagePoolUpdateAllState(); - -+ storageDriverAutostart(); -+ - driver->storageEventState = virObjectEventStateNew(); - - storageDriverUnlock(); -@@ -307,22 +309,6 @@ storageStateInitialize(bool privileged, - goto cleanup; - } - --/** -- * storageStateAutoStart: -- * -- * Function to auto start the storage driver -- */ --static void --storageStateAutoStart(void) --{ -- if (!driver) -- return; -- -- storageDriverLock(); -- storageDriverAutostart(); -- storageDriverUnlock(); --} -- - /** - * storageStateReload: - * -@@ -2843,7 +2829,6 @@ static virConnectDriver storageConnectDriver = { - static virStateDriver stateDriver = { - .name = "storage", - .stateInitialize = storageStateInitialize, -- .stateAutoStart = storageStateAutoStart, - .stateCleanup = storageStateCleanup, - .stateReload = storageStateReload, - }; -diff --git a/src/uml/uml_driver.c b/src/uml/uml_driver.c -index c77988f01e..296adf55d1 100644 ---- a/src/uml/uml_driver.c -+++ b/src/uml/uml_driver.c -@@ -575,6 +575,8 @@ umlStateInitialize(bool privileged, - - umlDriverUnlock(uml_driver); - -+ umlAutostartConfigs(uml_driver); -+ - VIR_FREE(userdir); - - return 0; -@@ -590,20 +592,6 @@ umlStateInitialize(bool privileged, - return -1; - } - --/** -- * umlStateAutoStart: -- * -- * Function to autostart the Uml daemons -- */ --static void --umlStateAutoStart(void) --{ -- if (!uml_driver) -- return; -- -- umlAutostartConfigs(uml_driver); --} -- - static void umlNotifyLoadDomain(virDomainObjPtr vm, int newVM, void *opaque) - { - struct uml_driver *driver = opaque; -@@ -2826,7 +2814,6 @@ static virConnectDriver umlConnectDriver = { - static virStateDriver umlStateDriver = { - .name = "UML", - .stateInitialize = umlStateInitialize, -- .stateAutoStart = umlStateAutoStart, - .stateCleanup = umlStateCleanup, - .stateReload = umlStateReload, - }; --- -2.22.0 - diff --git a/SOURCES/libvirt-Revert-vircgroup-cleanup-controllers-not-managed-by-systemd-on-error.patch b/SOURCES/libvirt-Revert-vircgroup-cleanup-controllers-not-managed-by-systemd-on-error.patch deleted file mode 100644 index 44f72a9..0000000 --- a/SOURCES/libvirt-Revert-vircgroup-cleanup-controllers-not-managed-by-systemd-on-error.patch +++ /dev/null @@ -1,83 +0,0 @@ -From ddea95c1c2e32c6454c89aa83d78b26a83564cd4 Mon Sep 17 00:00:00 2001 -Message-Id: -From: Pavel Hrdina -Date: Mon, 1 Jul 2019 17:07:11 +0200 -Subject: [PATCH] Revert "vircgroup: cleanup controllers not managed by systemd - on error" -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This reverts commit 1602aa28f820ada66f707cef3e536e8572fbda1e. - -There is no need to call virCgroupRemove() nor virCgroupFree() if -virCgroupEnableMissingControllers() fails because it will not modify -'group' at all. - -The cleanup of directories is done in virCgroupMakeGroup(). - -Reviewed-by: John Ferlan -Reviewed-by: Fabiano Fidêncio -Reviewed-by: Marc Hartmayer -Signed-off-by: Pavel Hrdina -(cherry picked from commit 199eee6aae7af3d813fbe98660c7e0fa1a8ae7b7) - -Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1689297 - -Signed-off-by: Pavel Hrdina -Message-Id: <53288dd310e0305ac3179693e64684eb8b3a31ab.1561993100.git.phrdina@redhat.com> -Reviewed-by: Ján Tomko ---- - src/util/vircgroup.c | 25 ++++++++++--------------- - 1 file changed, 10 insertions(+), 15 deletions(-) - -diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c -index a376b9b89a..7ec1399bc6 100644 ---- a/src/util/vircgroup.c -+++ b/src/util/vircgroup.c -@@ -1059,7 +1059,6 @@ virCgroupNewMachineSystemd(const char *name, - int rv; - virCgroupPtr init; - VIR_AUTOFREE(char *) path = NULL; -- virErrorPtr saved = NULL; - - VIR_DEBUG("Trying to setup machine '%s' via systemd", name); - if ((rv = virSystemdCreateMachine(name, -@@ -1092,24 +1091,20 @@ virCgroupNewMachineSystemd(const char *name, - - if (virCgroupEnableMissingControllers(path, pidleader, - controllers, group) < 0) { -- goto error; -+ return -1; - } - -- if (virCgroupAddProcess(*group, pidleader) < 0) -- goto error; -+ if (virCgroupAddProcess(*group, pidleader) < 0) { -+ virErrorPtr saved = virSaveLastError(); -+ virCgroupRemove(*group); -+ virCgroupFree(group); -+ if (saved) { -+ virSetError(saved); -+ virFreeError(saved); -+ } -+ } - - return 0; -- -- error: -- saved = virSaveLastError(); -- virCgroupRemove(*group); -- virCgroupFree(group); -- if (saved) { -- virSetError(saved); -- virFreeError(saved); -- } -- -- return -1; - } - - --- -2.22.0 - diff --git a/SOURCES/libvirt-access-Fix-nwfilter-binding-ACL-access-API-name-generation.patch b/SOURCES/libvirt-access-Fix-nwfilter-binding-ACL-access-API-name-generation.patch deleted file mode 100644 index 4b53a50..0000000 --- a/SOURCES/libvirt-access-Fix-nwfilter-binding-ACL-access-API-name-generation.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 254da75ea1a9c2cade909534153f444bb8981c2a Mon Sep 17 00:00:00 2001 -Message-Id: <254da75ea1a9c2cade909534153f444bb8981c2a@dist-git> -From: John Ferlan -Date: Mon, 27 Aug 2018 08:27:47 -0400 -Subject: [PATCH] access: Fix nwfilter-binding ACL access API name generation -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -https://bugzilla.redhat.com/show_bug.cgi?id=1611320 - -Generation of the ACL API policy is a "automated process" -based on this perl script which "worked" with the changes to -add nwfilter binding API's because they had the "nwfilter" -prefix; however, the generated output name was incorrect -based on the remote protocol algorithm which expected to -generate names such as 'nwfilter-binding.action' instead -of 'nwfilter.binding-action'. - -This effectively changes src/access/org.libvirt.api.policy entries: - - org.libvirt.api.nwfilter.binding-create ==> - org.libvirt.api.nwfilter-binding.create - - org.libvirt.api.nwfilter.binding-delete ==> - org.libvirt.api.nwfilter-binding.delete - - org.libvirt.api.nwfilter.binding-getattr ==> - org.libvirt.api.nwfilter-binding.getattr - - org.libvirt.api.nwfilter.binding-read ==> - org.libvirt.api.nwfilter-binding.read - -Signed-off-by: John Ferlan -Reviewed-by: Daniel P. Berrangé -(cherry picked from commit 6ef65e3c96d5d1f16a16daca83b81b818d461e64) -https: //bugzilla.redhat.com/show_bug.cgi?id=1622540 -Reviewed-by: Erik Skultety ---- - src/access/genpolkit.pl | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/access/genpolkit.pl b/src/access/genpolkit.pl -index 968cb8c55c..e074c90eb6 100755 ---- a/src/access/genpolkit.pl -+++ b/src/access/genpolkit.pl -@@ -22,8 +22,8 @@ use warnings; - - my @objects = ( - "CONNECT", "DOMAIN", "INTERFACE", -- "NETWORK","NODE_DEVICE", "NWFILTER", -- "SECRET", "STORAGE_POOL", "STORAGE_VOL", -+ "NETWORK","NODE_DEVICE", "NWFILTER_BINDING", "NWFILTER", -+ "SECRET", "STORAGE_POOL", "STORAGE_VOL", - ); - - my $objects = join ("|", @objects); --- -2.18.0 - diff --git a/SOURCES/libvirt-access-Modify-the-VIR_ERR_ACCESS_DENIED-to-include-driverName.patch b/SOURCES/libvirt-access-Modify-the-VIR_ERR_ACCESS_DENIED-to-include-driverName.patch deleted file mode 100644 index a47583c..0000000 --- a/SOURCES/libvirt-access-Modify-the-VIR_ERR_ACCESS_DENIED-to-include-driverName.patch +++ /dev/null @@ -1,173 +0,0 @@ -From 85750b0466aa3719d3d2447abaab2e87db92f552 Mon Sep 17 00:00:00 2001 -Message-Id: <85750b0466aa3719d3d2447abaab2e87db92f552@dist-git> -From: John Ferlan -Date: Mon, 5 Nov 2018 07:48:37 -0500 -Subject: [PATCH] access: Modify the VIR_ERR_ACCESS_DENIED to include - driverName - -https://bugzilla.redhat.com/show_bug.cgi?id=1631608 (RHEL 8.0) -https://bugzilla.redhat.com/show_bug.cgi?id=1631606 (RHEL 7.7) - -Changes made to manage and utilize a secondary connection -driver to APIs outside the scope of the primary connection -driver have resulted in some confusion processing polkit rules -since the simple "access denied" error message doesn't provide -enough of a clue when combined with the "authentication failed: -access denied by policy" as to which connection driver refused -or failed the ACL check. - -In order to provide some context, let's modify the existing -"access denied" error returne from the various vir*EnsureACL -API's to provide the connection driver name that is causing -the failure. This should provide the context for writing the -polkit rules that would allow access via the driver. - -Signed-off-by: John Ferlan -ACKed-by: Michal Privoznik -(cherry picked from commit ccc72d5cbdd85f66cb737134b3be40aac1df03ef) -Reviewed-by: Jiri Denemark ---- - src/access/viraccessmanager.c | 25 +++++++++++++------------ - src/rpc/gendispatch.pl | 2 +- - src/util/virerror.c | 4 ++-- - 3 files changed, 16 insertions(+), 15 deletions(-) - -diff --git a/src/access/viraccessmanager.c b/src/access/viraccessmanager.c -index e7b5bf38da..1dfff32b9d 100644 ---- a/src/access/viraccessmanager.c -+++ b/src/access/viraccessmanager.c -@@ -196,11 +196,12 @@ static void virAccessManagerDispose(void *object) - * should the admin need to debug things - */ - static int --virAccessManagerSanitizeError(int ret) -+virAccessManagerSanitizeError(int ret, -+ const char *driverName) - { - if (ret < 0) { - virResetLastError(); -- virAccessError(VIR_ERR_ACCESS_DENIED, NULL); -+ virAccessError(VIR_ERR_ACCESS_DENIED, driverName, NULL); - } - - return ret; -@@ -217,7 +218,7 @@ int virAccessManagerCheckConnect(virAccessManagerPtr manager, - if (manager->drv->checkConnect) - ret = manager->drv->checkConnect(manager, driverName, perm); - -- return virAccessManagerSanitizeError(ret); -+ return virAccessManagerSanitizeError(ret, driverName); - } - - -@@ -233,7 +234,7 @@ int virAccessManagerCheckDomain(virAccessManagerPtr manager, - if (manager->drv->checkDomain) - ret = manager->drv->checkDomain(manager, driverName, domain, perm); - -- return virAccessManagerSanitizeError(ret); -+ return virAccessManagerSanitizeError(ret, driverName); - } - - int virAccessManagerCheckInterface(virAccessManagerPtr manager, -@@ -248,7 +249,7 @@ int virAccessManagerCheckInterface(virAccessManagerPtr manager, - if (manager->drv->checkInterface) - ret = manager->drv->checkInterface(manager, driverName, iface, perm); - -- return virAccessManagerSanitizeError(ret); -+ return virAccessManagerSanitizeError(ret, driverName); - } - - int virAccessManagerCheckNetwork(virAccessManagerPtr manager, -@@ -263,7 +264,7 @@ int virAccessManagerCheckNetwork(virAccessManagerPtr manager, - if (manager->drv->checkNetwork) - ret = manager->drv->checkNetwork(manager, driverName, network, perm); - -- return virAccessManagerSanitizeError(ret); -+ return virAccessManagerSanitizeError(ret, driverName); - } - - int virAccessManagerCheckNodeDevice(virAccessManagerPtr manager, -@@ -278,7 +279,7 @@ int virAccessManagerCheckNodeDevice(virAccessManagerPtr manager, - if (manager->drv->checkNodeDevice) - ret = manager->drv->checkNodeDevice(manager, driverName, nodedev, perm); - -- return virAccessManagerSanitizeError(ret); -+ return virAccessManagerSanitizeError(ret, driverName); - } - - int virAccessManagerCheckNWFilter(virAccessManagerPtr manager, -@@ -293,7 +294,7 @@ int virAccessManagerCheckNWFilter(virAccessManagerPtr manager, - if (manager->drv->checkNWFilter) - ret = manager->drv->checkNWFilter(manager, driverName, nwfilter, perm); - -- return virAccessManagerSanitizeError(ret); -+ return virAccessManagerSanitizeError(ret, driverName); - } - - int virAccessManagerCheckNWFilterBinding(virAccessManagerPtr manager, -@@ -308,7 +309,7 @@ int virAccessManagerCheckNWFilterBinding(virAccessManagerPtr manager, - if (manager->drv->checkNWFilterBinding) - ret = manager->drv->checkNWFilterBinding(manager, driverName, binding, perm); - -- return virAccessManagerSanitizeError(ret); -+ return virAccessManagerSanitizeError(ret, driverName); - } - - int virAccessManagerCheckSecret(virAccessManagerPtr manager, -@@ -323,7 +324,7 @@ int virAccessManagerCheckSecret(virAccessManagerPtr manager, - if (manager->drv->checkSecret) - ret = manager->drv->checkSecret(manager, driverName, secret, perm); - -- return virAccessManagerSanitizeError(ret); -+ return virAccessManagerSanitizeError(ret, driverName); - } - - int virAccessManagerCheckStoragePool(virAccessManagerPtr manager, -@@ -338,7 +339,7 @@ int virAccessManagerCheckStoragePool(virAccessManagerPtr manager, - if (manager->drv->checkStoragePool) - ret = manager->drv->checkStoragePool(manager, driverName, pool, perm); - -- return virAccessManagerSanitizeError(ret); -+ return virAccessManagerSanitizeError(ret, driverName); - } - - int virAccessManagerCheckStorageVol(virAccessManagerPtr manager, -@@ -354,5 +355,5 @@ int virAccessManagerCheckStorageVol(virAccessManagerPtr manager, - if (manager->drv->checkStorageVol) - ret = manager->drv->checkStorageVol(manager, driverName, pool, vol, perm); - -- return virAccessManagerSanitizeError(ret); -+ return virAccessManagerSanitizeError(ret, driverName); - } -diff --git a/src/rpc/gendispatch.pl b/src/rpc/gendispatch.pl -index 0c4648c0fb..f599002056 100755 ---- a/src/rpc/gendispatch.pl -+++ b/src/rpc/gendispatch.pl -@@ -2199,7 +2199,7 @@ elsif ($mode eq "client") { - print " virObjectUnref(mgr);\n"; - if ($action eq "Ensure") { - print " if (rv == 0)\n"; -- print " virReportError(VIR_ERR_ACCESS_DENIED, NULL);\n"; -+ print " virReportError(VIR_ERR_ACCESS_DENIED, conn->driver->name, NULL);\n"; - print " return $fail;\n"; - } else { - print " virResetLastError();\n"; -diff --git a/src/util/virerror.c b/src/util/virerror.c -index f198f27957..5f50fa0349 100644 ---- a/src/util/virerror.c -+++ b/src/util/virerror.c -@@ -1439,9 +1439,9 @@ virErrorMsg(virErrorNumber error, const char *info) - break; - case VIR_ERR_ACCESS_DENIED: - if (info == NULL) -- errmsg = _("access denied"); -+ errmsg = _("access denied from '%s'"); - else -- errmsg = _("access denied: %s"); -+ errmsg = _("access denied from '%s': %s"); - break; - case VIR_ERR_DBUS_SERVICE: - if (info == NULL) --- -2.19.1 - diff --git a/SOURCES/libvirt-access-Modify-the-VIR_ERR_ACCESS_DENIED-to-include-driverName_1.patch b/SOURCES/libvirt-access-Modify-the-VIR_ERR_ACCESS_DENIED-to-include-driverName_1.patch deleted file mode 100644 index dc0cb0a..0000000 --- a/SOURCES/libvirt-access-Modify-the-VIR_ERR_ACCESS_DENIED-to-include-driverName_1.patch +++ /dev/null @@ -1,159 +0,0 @@ -From 541a154e0f98604f63cb22356287dfa3858748c9 Mon Sep 17 00:00:00 2001 -Message-Id: <541a154e0f98604f63cb22356287dfa3858748c9@dist-git> -From: John Ferlan -Date: Thu, 15 Nov 2018 06:43:59 -0500 -Subject: [PATCH] access: Modify the VIR_ERR_ACCESS_DENIED to include - driverName - -https://bugzilla.redhat.com/show_bug.cgi?id=1631608 (RHEL8) -https://bugzilla.redhat.com/show_bug.cgi?id=1631606 (RHEL7) - -Changes made to manage and utilize a secondary connection -driver to APIs outside the scope of the primary connection -driver have resulted in some confusion processing polkit rules -since the simple "access denied" error message doesn't provide -enough of a clue when combined with the "authentication failed: -access denied by policy" as to which connection driver refused -or failed the ACL check. - -In order to provide some context, let's modify the existing -"access denied" error returned from the various vir*EnsureACL -API's to provide the connection driver name that is causing -the failure. This should provide the context for writing the -polkit rules that would allow access via the driver, but yet -still adhere to the virAccessManagerSanitizeError commentary -regarding not telling the user why access was denied. - -Signed-off-by: John Ferlan -(cherry picked from commit 605496be609e153526fcdd3e98df8cf5244bc8fa) -Reviewed-by: Erik Skultety ---- - src/access/viraccessmanager.c | 26 ++++++++++++++------------ - src/rpc/gendispatch.pl | 3 ++- - 2 files changed, 16 insertions(+), 13 deletions(-) - -diff --git a/src/access/viraccessmanager.c b/src/access/viraccessmanager.c -index e7b5bf38da..f5d62604cf 100644 ---- a/src/access/viraccessmanager.c -+++ b/src/access/viraccessmanager.c -@@ -196,11 +196,13 @@ static void virAccessManagerDispose(void *object) - * should the admin need to debug things - */ - static int --virAccessManagerSanitizeError(int ret) -+virAccessManagerSanitizeError(int ret, -+ const char *driverName) - { - if (ret < 0) { - virResetLastError(); -- virAccessError(VIR_ERR_ACCESS_DENIED, NULL); -+ virAccessError(VIR_ERR_ACCESS_DENIED, -+ _("'%s' denied access"), driverName); - } - - return ret; -@@ -217,7 +219,7 @@ int virAccessManagerCheckConnect(virAccessManagerPtr manager, - if (manager->drv->checkConnect) - ret = manager->drv->checkConnect(manager, driverName, perm); - -- return virAccessManagerSanitizeError(ret); -+ return virAccessManagerSanitizeError(ret, driverName); - } - - -@@ -233,7 +235,7 @@ int virAccessManagerCheckDomain(virAccessManagerPtr manager, - if (manager->drv->checkDomain) - ret = manager->drv->checkDomain(manager, driverName, domain, perm); - -- return virAccessManagerSanitizeError(ret); -+ return virAccessManagerSanitizeError(ret, driverName); - } - - int virAccessManagerCheckInterface(virAccessManagerPtr manager, -@@ -248,7 +250,7 @@ int virAccessManagerCheckInterface(virAccessManagerPtr manager, - if (manager->drv->checkInterface) - ret = manager->drv->checkInterface(manager, driverName, iface, perm); - -- return virAccessManagerSanitizeError(ret); -+ return virAccessManagerSanitizeError(ret, driverName); - } - - int virAccessManagerCheckNetwork(virAccessManagerPtr manager, -@@ -263,7 +265,7 @@ int virAccessManagerCheckNetwork(virAccessManagerPtr manager, - if (manager->drv->checkNetwork) - ret = manager->drv->checkNetwork(manager, driverName, network, perm); - -- return virAccessManagerSanitizeError(ret); -+ return virAccessManagerSanitizeError(ret, driverName); - } - - int virAccessManagerCheckNodeDevice(virAccessManagerPtr manager, -@@ -278,7 +280,7 @@ int virAccessManagerCheckNodeDevice(virAccessManagerPtr manager, - if (manager->drv->checkNodeDevice) - ret = manager->drv->checkNodeDevice(manager, driverName, nodedev, perm); - -- return virAccessManagerSanitizeError(ret); -+ return virAccessManagerSanitizeError(ret, driverName); - } - - int virAccessManagerCheckNWFilter(virAccessManagerPtr manager, -@@ -293,7 +295,7 @@ int virAccessManagerCheckNWFilter(virAccessManagerPtr manager, - if (manager->drv->checkNWFilter) - ret = manager->drv->checkNWFilter(manager, driverName, nwfilter, perm); - -- return virAccessManagerSanitizeError(ret); -+ return virAccessManagerSanitizeError(ret, driverName); - } - - int virAccessManagerCheckNWFilterBinding(virAccessManagerPtr manager, -@@ -308,7 +310,7 @@ int virAccessManagerCheckNWFilterBinding(virAccessManagerPtr manager, - if (manager->drv->checkNWFilterBinding) - ret = manager->drv->checkNWFilterBinding(manager, driverName, binding, perm); - -- return virAccessManagerSanitizeError(ret); -+ return virAccessManagerSanitizeError(ret, driverName); - } - - int virAccessManagerCheckSecret(virAccessManagerPtr manager, -@@ -323,7 +325,7 @@ int virAccessManagerCheckSecret(virAccessManagerPtr manager, - if (manager->drv->checkSecret) - ret = manager->drv->checkSecret(manager, driverName, secret, perm); - -- return virAccessManagerSanitizeError(ret); -+ return virAccessManagerSanitizeError(ret, driverName); - } - - int virAccessManagerCheckStoragePool(virAccessManagerPtr manager, -@@ -338,7 +340,7 @@ int virAccessManagerCheckStoragePool(virAccessManagerPtr manager, - if (manager->drv->checkStoragePool) - ret = manager->drv->checkStoragePool(manager, driverName, pool, perm); - -- return virAccessManagerSanitizeError(ret); -+ return virAccessManagerSanitizeError(ret, driverName); - } - - int virAccessManagerCheckStorageVol(virAccessManagerPtr manager, -@@ -354,5 +356,5 @@ int virAccessManagerCheckStorageVol(virAccessManagerPtr manager, - if (manager->drv->checkStorageVol) - ret = manager->drv->checkStorageVol(manager, driverName, pool, vol, perm); - -- return virAccessManagerSanitizeError(ret); -+ return virAccessManagerSanitizeError(ret, driverName); - } -diff --git a/src/rpc/gendispatch.pl b/src/rpc/gendispatch.pl -index 0c4648c0fb..a8b9f5aeca 100755 ---- a/src/rpc/gendispatch.pl -+++ b/src/rpc/gendispatch.pl -@@ -2199,7 +2199,8 @@ elsif ($mode eq "client") { - print " virObjectUnref(mgr);\n"; - if ($action eq "Ensure") { - print " if (rv == 0)\n"; -- print " virReportError(VIR_ERR_ACCESS_DENIED, NULL);\n"; -+ print " virReportError(VIR_ERR_ACCESS_DENIED,\n"; -+ print" _(\"'%s' denied access\"), conn->driver->name);\n"; - print " return $fail;\n"; - } else { - print " virResetLastError();\n"; --- -2.19.2 - diff --git a/SOURCES/libvirt-admin-reject-clients-unless-their-UID-matches-the-current-UID.patch b/SOURCES/libvirt-admin-reject-clients-unless-their-UID-matches-the-current-UID.patch deleted file mode 100644 index a6c1113..0000000 --- a/SOURCES/libvirt-admin-reject-clients-unless-their-UID-matches-the-current-UID.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 3eaa16967f0546c5d1596bb6c36767cbe01040b9 Mon Sep 17 00:00:00 2001 -Message-Id: <3eaa16967f0546c5d1596bb6c36767cbe01040b9@dist-git> -From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= -Date: Wed, 15 May 2019 21:40:56 +0100 -Subject: [PATCH] admin: reject clients unless their UID matches the current - UID -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The admin protocol RPC messages are only intended for use by the user -running the daemon. As such they should not be allowed for any client -UID that does not match the server UID. - -Fixes CVE-2019-10132 - -Reviewed-by: Ján Tomko -Signed-off-by: Daniel P. Berrangé -(cherry picked from commit 96f41cd765c9e525fe28ee5abbfbf4a79b3720c7) -Reviewed-by: Jiri Denemark -Message-Id: <20190515204058.28077-2-berrange@redhat.com> ---- - src/admin/admin_server_dispatch.c | 22 ++++++++++++++++++++++ - 1 file changed, 22 insertions(+) - -diff --git a/src/admin/admin_server_dispatch.c b/src/admin/admin_server_dispatch.c -index b78ff902c0..9f25813ae3 100644 ---- a/src/admin/admin_server_dispatch.c -+++ b/src/admin/admin_server_dispatch.c -@@ -66,6 +66,28 @@ remoteAdmClientNew(virNetServerClientPtr client ATTRIBUTE_UNUSED, - void *opaque) - { - struct daemonAdmClientPrivate *priv; -+ uid_t clientuid; -+ gid_t clientgid; -+ pid_t clientpid; -+ unsigned long long timestamp; -+ -+ if (virNetServerClientGetUNIXIdentity(client, -+ &clientuid, -+ &clientgid, -+ &clientpid, -+ ×tamp) < 0) -+ return NULL; -+ -+ VIR_DEBUG("New client pid %lld uid %lld", -+ (long long)clientpid, -+ (long long)clientuid); -+ -+ if (geteuid() != clientuid) { -+ virReportRestrictedError(_("Disallowing client %lld with uid %lld"), -+ (long long)clientpid, -+ (long long)clientuid); -+ return NULL; -+ } - - if (VIR_ALLOC(priv) < 0) - return NULL; --- -2.22.0 - diff --git a/SOURCES/libvirt-api-disallow-virConnect-HypervisorCPU-on-read-only-connections.patch b/SOURCES/libvirt-api-disallow-virConnect-HypervisorCPU-on-read-only-connections.patch deleted file mode 100644 index 70eecbc..0000000 --- a/SOURCES/libvirt-api-disallow-virConnect-HypervisorCPU-on-read-only-connections.patch +++ /dev/null @@ -1,46 +0,0 @@ -From bab30af2d83e27d9141545cb9dcff51924e52b4d Mon Sep 17 00:00:00 2001 -Message-Id: -From: =?UTF-8?q?J=C3=A1n=20Tomko?= -Date: Tue, 18 Jun 2019 13:30:02 +0200 -Subject: [PATCH] api: disallow virConnect*HypervisorCPU on read-only - connections -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -These APIs can be used to execute arbitrary emulators. -Forbid them on read-only connections. - -Fixes: CVE-2019-10168 -Signed-off-by: Ján Tomko -Reviewed-by: Daniel P. Berrangé -Signed-off-by: Ján Tomko -Message-Id: <470651092e7d6a4ba5875cf8885fd3714d5ea189.1560857354.git.jtomko@redhat.com> -Reviewed-by: Jiri Denemark ---- - src/libvirt-host.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/libvirt-host.c b/src/libvirt-host.c -index e20d6ee250..2978825d22 100644 ---- a/src/libvirt-host.c -+++ b/src/libvirt-host.c -@@ -1041,6 +1041,7 @@ virConnectCompareHypervisorCPU(virConnectPtr conn, - - virCheckConnectReturn(conn, VIR_CPU_COMPARE_ERROR); - virCheckNonNullArgGoto(xmlCPU, error); -+ virCheckReadOnlyGoto(conn->flags, error); - - if (conn->driver->connectCompareHypervisorCPU) { - int ret; -@@ -1234,6 +1235,7 @@ virConnectBaselineHypervisorCPU(virConnectPtr conn, - - virCheckConnectReturn(conn, NULL); - virCheckNonNullArgGoto(xmlCPUs, error); -+ virCheckReadOnlyGoto(conn->flags, error); - - if (conn->driver->connectBaselineHypervisorCPU) { - char *cpu; --- -2.22.0 - diff --git a/SOURCES/libvirt-api-disallow-virConnectGetDomainCapabilities-on-read-only-connections.patch b/SOURCES/libvirt-api-disallow-virConnectGetDomainCapabilities-on-read-only-connections.patch deleted file mode 100644 index 6815a55..0000000 --- a/SOURCES/libvirt-api-disallow-virConnectGetDomainCapabilities-on-read-only-connections.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 2b0e20b240848c84932aa549e8ec2b6e0a5646fa Mon Sep 17 00:00:00 2001 -Message-Id: <2b0e20b240848c84932aa549e8ec2b6e0a5646fa@dist-git> -From: =?UTF-8?q?J=C3=A1n=20Tomko?= -Date: Tue, 18 Jun 2019 13:30:01 +0200 -Subject: [PATCH] api: disallow virConnectGetDomainCapabilities on read-only - connections -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This API can be used to execute arbitrary emulators. -Forbid it on read-only connections. - -Fixes: CVE-2019-10167 -Signed-off-by: Ján Tomko -Reviewed-by: Daniel P. Berrangé -Signed-off-by: Ján Tomko -Message-Id: -Reviewed-by: Jiri Denemark ---- - src/libvirt-domain.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c -index 3855dfe0dd..a1c913bd86 100644 ---- a/src/libvirt-domain.c -+++ b/src/libvirt-domain.c -@@ -11279,6 +11279,7 @@ virConnectGetDomainCapabilities(virConnectPtr conn, - virResetLastError(); - - virCheckConnectReturn(conn, NULL); -+ virCheckReadOnlyGoto(conn->flags, error); - - if (conn->driver->connectGetDomainCapabilities) { - char *ret; --- -2.22.0 - diff --git a/SOURCES/libvirt-api-disallow-virDomainAgentSetResponseTimeout-on-read-only-connections.patch b/SOURCES/libvirt-api-disallow-virDomainAgentSetResponseTimeout-on-read-only-connections.patch new file mode 100644 index 0000000..5d9ae06 --- /dev/null +++ b/SOURCES/libvirt-api-disallow-virDomainAgentSetResponseTimeout-on-read-only-connections.patch @@ -0,0 +1,45 @@ +From 0c1bec6a89f97c77ba9e0ed4146deb8606ea6f16 Mon Sep 17 00:00:00 2001 +Message-Id: <0c1bec6a89f97c77ba9e0ed4146deb8606ea6f16@dist-git> +From: Jonathon Jongsma +Date: Wed, 25 Mar 2020 11:21:19 -0500 +Subject: [PATCH] api: disallow virDomainAgentSetResponseTimeout() on read-only + connections +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This function changes the amount of time that libvirt waits for a +response from the guest agent for all guest agent commands. Since this +is a configuration change, it should not be allowed on read-only +connections. + +Signed-off-by: Jonathon Jongsma +Reviewed-by: Daniel Henrique Barboza +Reviewed-by: Michal Privoznik +(cherry picked from commit 4cc90c2e62df653e909ad31fd810224bf8bcf913) + +https://bugzilla.redhat.com/show_bug.cgi?id=1814508 + +Signed-off-by: Jonathon Jongsma +Message-Id: <20200325162119.9047-2-jjongsma@redhat.com> +Reviewed-by: Ján Tomko +--- + src/libvirt-domain.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c +index eb66999f07..3deee54e48 100644 +--- a/src/libvirt-domain.c ++++ b/src/libvirt-domain.c +@@ -12554,6 +12554,8 @@ virDomainAgentSetResponseTimeout(virDomainPtr domain, + virCheckDomainReturn(domain, -1); + conn = domain->conn; + ++ virCheckReadOnlyGoto(conn->flags, error); ++ + if (conn->driver->domainAgentSetResponseTimeout) { + if (conn->driver->domainAgentSetResponseTimeout(domain, timeout, flags) < 0) + goto error; +-- +2.26.0 + diff --git a/SOURCES/libvirt-api-disallow-virDomainManagedSaveDefineXML-on-read-only-connections.patch b/SOURCES/libvirt-api-disallow-virDomainManagedSaveDefineXML-on-read-only-connections.patch deleted file mode 100644 index c02b5b9..0000000 --- a/SOURCES/libvirt-api-disallow-virDomainManagedSaveDefineXML-on-read-only-connections.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 0673d5b707d68562732b78c89fe339e8558f8496 Mon Sep 17 00:00:00 2001 -Message-Id: <0673d5b707d68562732b78c89fe339e8558f8496@dist-git> -From: =?UTF-8?q?J=C3=A1n=20Tomko?= -Date: Tue, 18 Jun 2019 13:30:00 +0200 -Subject: [PATCH] api: disallow virDomainManagedSaveDefineXML on read-only - connections -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The virDomainManagedSaveDefineXML can be used to alter the domain's -config used for managedsave or even execute arbitrary emulator binaries. -Forbid it on read-only connections. - -Fixes: CVE-2019-10166 -Reported-by: Matthias Gerstner -Signed-off-by: Ján Tomko -Reviewed-by: Daniel P. Berrangé -Signed-off-by: Ján Tomko -Message-Id: <352bf5e963a6482d426f97b0ef36ca019e69280b.1560857354.git.jtomko@redhat.com> -Reviewed-by: Jiri Denemark ---- - src/libvirt-domain.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c -index 0ba85b9360..3855dfe0dd 100644 ---- a/src/libvirt-domain.c -+++ b/src/libvirt-domain.c -@@ -9487,6 +9487,7 @@ virDomainManagedSaveDefineXML(virDomainPtr domain, const char *dxml, - - virCheckDomainReturn(domain, -1); - conn = domain->conn; -+ virCheckReadOnlyGoto(conn->flags, error); - - if (conn->driver->domainManagedSaveDefineXML) { - int ret; --- -2.22.0 - diff --git a/SOURCES/libvirt-api-disallow-virDomainSaveImageGetXMLDesc-on-read-only-connections.patch b/SOURCES/libvirt-api-disallow-virDomainSaveImageGetXMLDesc-on-read-only-connections.patch deleted file mode 100644 index f2ec040..0000000 --- a/SOURCES/libvirt-api-disallow-virDomainSaveImageGetXMLDesc-on-read-only-connections.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 8533d820c378ae31176922703b7368f586a59bc0 Mon Sep 17 00:00:00 2001 -Message-Id: <8533d820c378ae31176922703b7368f586a59bc0@dist-git> -From: =?UTF-8?q?J=C3=A1n=20Tomko?= -Date: Tue, 18 Jun 2019 13:29:59 +0200 -Subject: [PATCH] api: disallow virDomainSaveImageGetXMLDesc on read-only - connections -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The virDomainSaveImageGetXMLDesc API is taking a path parameter, -which can point to any path on the system. This file will then be -read and parsed by libvirtd running with root privileges. - -Forbid it on read-only connections. - -Fixes: CVE-2019-10161 -Reported-by: Matthias Gerstner -Signed-off-by: Ján Tomko -Reviewed-by: Daniel P. Berrangé -Signed-off-by: Ján Tomko - -Conflicts: - src/libvirt-domain.c - src/remote/remote_protocol.x - -Upstream commit 12a51f372 which introduced the VIR_DOMAIN_SAVE_IMAGE_XML_SECURE -alias for VIR_DOMAIN_XML_SECURE is not backported. -Just skip the commit since we now disallow the whole API on read-only -connections, regardless of the flag. -Message-Id: <4c14d609cd7b548459b9ef2f59728fa5c5e38268.1560857354.git.jtomko@redhat.com> - -Reviewed-by: Jiri Denemark ---- - src/libvirt-domain.c | 11 ++--------- - src/qemu/qemu_driver.c | 2 +- - src/remote/remote_protocol.x | 3 +-- - 3 files changed, 4 insertions(+), 12 deletions(-) - -diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c -index ad0ded9ee3..0ba85b9360 100644 ---- a/src/libvirt-domain.c -+++ b/src/libvirt-domain.c -@@ -1073,9 +1073,7 @@ virDomainRestoreFlags(virConnectPtr conn, const char *from, const char *dxml, - * previously by virDomainSave() or virDomainSaveFlags(). - * - * No security-sensitive data will be included unless @flags contains -- * VIR_DOMAIN_XML_SECURE; this flag is rejected on read-only -- * connections. For this API, @flags should not contain either -- * VIR_DOMAIN_XML_INACTIVE or VIR_DOMAIN_XML_UPDATE_CPU. -+ * VIR_DOMAIN_XML_SECURE. - * - * Returns a 0 terminated UTF-8 encoded XML instance, or NULL in case of - * error. The caller must free() the returned value. -@@ -1091,12 +1089,7 @@ virDomainSaveImageGetXMLDesc(virConnectPtr conn, const char *file, - - virCheckConnectReturn(conn, NULL); - virCheckNonNullArgGoto(file, error); -- -- if ((conn->flags & VIR_CONNECT_RO) && (flags & VIR_DOMAIN_XML_SECURE)) { -- virReportError(VIR_ERR_OPERATION_DENIED, "%s", -- _("virDomainSaveImageGetXMLDesc with secure flag")); -- goto error; -- } -+ virCheckReadOnlyGoto(conn->flags, error); - - if (conn->driver->domainSaveImageGetXMLDesc) { - char *ret; -diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c -index 88c08f88ee..2da87992fd 100644 ---- a/src/qemu/qemu_driver.c -+++ b/src/qemu/qemu_driver.c -@@ -6786,7 +6786,7 @@ qemuDomainSaveImageGetXMLDesc(virConnectPtr conn, const char *path, - if (fd < 0) - goto cleanup; - -- if (virDomainSaveImageGetXMLDescEnsureACL(conn, def, flags) < 0) -+ if (virDomainSaveImageGetXMLDescEnsureACL(conn, def) < 0) - goto cleanup; - - ret = qemuDomainDefFormatXML(driver, def, flags); -diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x -index 28c8febabd..52b92334fa 100644 ---- a/src/remote/remote_protocol.x -+++ b/src/remote/remote_protocol.x -@@ -5226,8 +5226,7 @@ enum remote_procedure { - /** - * @generate: both - * @priority: high -- * @acl: domain:read -- * @acl: domain:read_secure:VIR_DOMAIN_XML_SECURE -+ * @acl: domain:write - */ - REMOTE_PROC_DOMAIN_SAVE_IMAGE_GET_XML_DESC = 235, - --- -2.22.0 - diff --git a/SOURCES/libvirt-bhyve-Move-autostarting-of-domains-into-bhyveStateInitialize.patch b/SOURCES/libvirt-bhyve-Move-autostarting-of-domains-into-bhyveStateInitialize.patch deleted file mode 100644 index 2f0f16b..0000000 --- a/SOURCES/libvirt-bhyve-Move-autostarting-of-domains-into-bhyveStateInitialize.patch +++ /dev/null @@ -1,65 +0,0 @@ -From a26ad1b57617abc4de8a0d13716b898d311ee01e Mon Sep 17 00:00:00 2001 -Message-Id: -From: Michal Privoznik -Date: Thu, 27 Jun 2019 15:18:15 +0200 -Subject: [PATCH] bhyve: Move autostarting of domains into bhyveStateInitialize -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The stateAutoStart callback will go away shortly. Therefore, move -the autostart call into state initialize callback. - -Signed-off-by: Michal Privoznik -Reviewed-by: Ján Tomko -(cherry picked from commit 31c3c35c940010a793fea8351751bb04fab1a6d4) - -https://bugzilla.redhat.com/show_bug.cgi?id=1685151 - -Signed-off-by: Michal Privoznik -Message-Id: <1a93e2bef531c11190c652fcfb73b568ee73e487.1561641375.git.mprivozn@redhat.com> -Reviewed-by: Jiri Denemark ---- - src/bhyve/bhyve_driver.c | 12 ++---------- - 1 file changed, 2 insertions(+), 10 deletions(-) - -diff --git a/src/bhyve/bhyve_driver.c b/src/bhyve/bhyve_driver.c -index 9284b51783..ec016ecc0c 100644 ---- a/src/bhyve/bhyve_driver.c -+++ b/src/bhyve/bhyve_driver.c -@@ -1270,6 +1270,8 @@ bhyveStateInitialize(bool privileged, - - virBhyveProcessReconnectAll(bhyve_driver); - -+ bhyveAutostartDomains(bhyve_driver); -+ - return 0; - - cleanup: -@@ -1297,15 +1299,6 @@ bhyveDriverGetGrubCaps(virConnectPtr conn) - return 0; - } - --static void --bhyveStateAutoStart(void) --{ -- if (!bhyve_driver) -- return; -- -- bhyveAutostartDomains(bhyve_driver); --} -- - static int - bhyveConnectGetMaxVcpus(virConnectPtr conn, - const char *type) -@@ -1713,7 +1706,6 @@ static virConnectDriver bhyveConnectDriver = { - static virStateDriver bhyveStateDriver = { - .name = "bhyve", - .stateInitialize = bhyveStateInitialize, -- .stateAutoStart = bhyveStateAutoStart, - .stateCleanup = bhyveStateCleanup, - }; - --- -2.22.0 - diff --git a/SOURCES/libvirt-conf-Add-definitions-for-uid-and-fid-PCI-address-attributes.patch b/SOURCES/libvirt-conf-Add-definitions-for-uid-and-fid-PCI-address-attributes.patch deleted file mode 100644 index 17eb235..0000000 --- a/SOURCES/libvirt-conf-Add-definitions-for-uid-and-fid-PCI-address-attributes.patch +++ /dev/null @@ -1,67 +0,0 @@ -From dd083516c7057ee50e59290643634156daf0773b Mon Sep 17 00:00:00 2001 -Message-Id: -From: Yi Min Zhao -Date: Mon, 8 Apr 2019 10:57:18 +0200 -Subject: [PATCH] conf: Add definitions for 'uid' and 'fid' PCI address - attributes -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Add zPCI definitions in preparation of extending the PCI address -with parameters uid (user-defined identifier) and fid (PCI function -identifier). - -Signed-off-by: Yi Min Zhao -Reviewed-by: Boris Fiuczynski -Reviewed-by: Stefan Zimmermann -Reviewed-by: Bjoern Walk -Reviewed-by: Ján Tomko -Reviewed-by: Andrea Bolognani - -(cherry-picked from commit 30522c78c11d9ff6c6c177dfca4a0da8057095fe) - -https://bugzilla.redhat.com/show_bug.cgi?id=1508149 - -Signed-off-by: Andrea Bolognani -Message-Id: <20190408085732.28684-2-abologna@redhat.com> -Reviewed-by: Laine Stump -Reviewed-by: Ján Tomko ---- - cfg.mk | 1 + - src/util/virpci.h | 7 +++++++ - 2 files changed, 8 insertions(+) - -diff --git a/cfg.mk b/cfg.mk -index e3e94bf6f0..7fd2b1dcb6 100644 ---- a/cfg.mk -+++ b/cfg.mk -@@ -472,6 +472,7 @@ sc_prohibit_canonicalize_file_name: - # Insist on correct types for [pug]id. - sc_correct_id_types: - @prohibit='\<(int|long) *[pug]id\>' \ -+ exclude='exempt from syntax-check' \ - halt='use pid_t for pid, uid_t for uid, gid_t for gid' \ - $(_sc_search_regexp) - -diff --git a/src/util/virpci.h b/src/util/virpci.h -index 794b7e59db..01df652b86 100644 ---- a/src/util/virpci.h -+++ b/src/util/virpci.h -@@ -36,6 +36,13 @@ typedef virPCIDeviceAddress *virPCIDeviceAddressPtr; - typedef struct _virPCIDeviceList virPCIDeviceList; - typedef virPCIDeviceList *virPCIDeviceListPtr; - -+typedef struct _virZPCIDeviceAddress virZPCIDeviceAddress; -+typedef virZPCIDeviceAddress *virZPCIDeviceAddressPtr; -+struct _virZPCIDeviceAddress { -+ unsigned int uid; /* exempt from syntax-check */ -+ unsigned int fid; -+}; -+ - struct _virPCIDeviceAddress { - unsigned int domain; - unsigned int bus; --- -2.22.0 - diff --git a/SOURCES/libvirt-conf-Add-support-for-cookies-for-HTTP-based-disks.patch b/SOURCES/libvirt-conf-Add-support-for-cookies-for-HTTP-based-disks.patch new file mode 100644 index 0000000..ed4e875 --- /dev/null +++ b/SOURCES/libvirt-conf-Add-support-for-cookies-for-HTTP-based-disks.patch @@ -0,0 +1,449 @@ +From 4abdfae3b67295a0143f650768630e009d1b2798 Mon Sep 17 00:00:00 2001 +Message-Id: <4abdfae3b67295a0143f650768630e009d1b2798@dist-git> +From: Peter Krempa +Date: Mon, 16 Mar 2020 22:11:57 +0100 +Subject: [PATCH] conf: Add support for cookies for HTTP based disks +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Add possibility to specify one or more cookies for http based disks. +This patch adds the config parser, storage and validation of the +cookies. + +Signed-off-by: Peter Krempa +Reviewed-by: Ján Tomko +(cherry picked from commit 3b076391befc3fe72deb0c244ac6c2b4c100b410) + +https://bugzilla.redhat.com/show_bug.cgi?id=1804750 +Message-Id: <3135a30f0d0a1a4bb8da02c49f10a1bcf3a394f4.1584391727.git.pkrempa@redhat.com> +Reviewed-by: Ján Tomko +--- + docs/formatdomain.html.in | 10 ++ + docs/schemas/domaincommon.rng | 24 ++++ + src/conf/domain_conf.c | 82 +++++++++++++ + src/libvirt_private.syms | 1 + + src/util/virstoragefile.c | 115 ++++++++++++++++++ + src/util/virstoragefile.h | 15 +++ + .../disk-network-http.xml | 8 ++ + 7 files changed, 255 insertions(+) + +diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in +index 2cce247958..5a10d64e83 100644 +--- a/docs/formatdomain.html.in ++++ b/docs/formatdomain.html.in +@@ -2839,6 +2839,9 @@ + <driver name='qemu' type='raw'/> + <source protocol="http" name="url_path"> + <host name="hostname" port="80"/> ++ <cookies> ++ <cookie name="test">somevalue</cookie> ++ </cookies> + </source> + <target dev='hde' bus='ide' tray='open'/> + <readonly/> +@@ -3382,6 +3385,13 @@ + certificate validation. Supported values are yes and + no. Since 6.2.0 + ++
cookies
++
++ For http and https accessed storage it's ++ possible to pass one or more cookies. The cookie name and value ++ must conform to the HTTP specification. ++ Since 6.2.0 ++
+ + +

+diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng +index 548601b61c..bdf35e64f6 100644 +--- a/docs/schemas/domaincommon.rng ++++ b/docs/schemas/domaincommon.rng +@@ -1817,6 +1817,24 @@ + + + ++ ++ ++ ++ ++ ++ ++ [!#$%&'*+\-.0-9A-Z\^_`a-z|~]+ ++ ++ ++ ++ [!#$%&'()*+\-./0-9:>=<?@A-Z\^_`\[\]a-z|~]+ ++ ++ ++ ++ ++ ++ ++ + + + +@@ -1833,6 +1851,9 @@ + + + ++ ++ ++ + + + +@@ -1849,6 +1870,9 @@ + + + ++ ++ ++ + + + +diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c +index 70bbc35bb3..d066d3aac1 100644 +--- a/src/conf/domain_conf.c ++++ b/src/conf/domain_conf.c +@@ -9249,6 +9249,62 @@ virDomainDiskSourcePoolDefParse(xmlNodePtr node, + } + + ++static virStorageNetCookieDefPtr ++virDomainStorageNetCookieParse(xmlNodePtr node, ++ xmlXPathContextPtr ctxt) ++{ ++ VIR_XPATH_NODE_AUTORESTORE(ctxt); ++ g_autoptr(virStorageNetCookieDef) cookie = NULL; ++ ++ ctxt->node = node; ++ ++ cookie = g_new0(virStorageNetCookieDef, 1); ++ ++ if (!(cookie->name = virXPathString("string(./@name)", ctxt))) { ++ virReportError(VIR_ERR_XML_ERROR, "%s", _("missing cookie name")); ++ return NULL; ++ } ++ ++ if (!(cookie->value = virXPathString("string(.)", ctxt))) { ++ virReportError(VIR_ERR_XML_ERROR, _("missing value for cookie '%s'"), ++ cookie->name); ++ return NULL; ++ } ++ ++ return g_steal_pointer(&cookie); ++} ++ ++ ++static int ++virDomainStorageNetCookiesParse(xmlNodePtr node, ++ xmlXPathContextPtr ctxt, ++ virStorageSourcePtr src) ++{ ++ VIR_XPATH_NODE_AUTORESTORE(ctxt); ++ g_autofree xmlNodePtr *nodes = NULL; ++ ssize_t nnodes; ++ size_t i; ++ ++ ctxt->node = node; ++ ++ if ((nnodes = virXPathNodeSet("./cookie", ctxt, &nodes)) < 0) ++ return -1; ++ ++ src->cookies = g_new0(virStorageNetCookieDefPtr, nnodes); ++ src->ncookies = nnodes; ++ ++ for (i = 0; i < nnodes; i++) { ++ if (!(src->cookies[i] = virDomainStorageNetCookieParse(nodes[i], ctxt))) ++ return -1; ++ } ++ ++ if (virStorageSourceNetCookiesValidate(src) < 0) ++ return -1; ++ ++ return 0; ++} ++ ++ + static int + virDomainDiskSourceNetworkParse(xmlNodePtr node, + xmlXPathContextPtr ctxt, +@@ -9260,6 +9316,7 @@ virDomainDiskSourceNetworkParse(xmlNodePtr node, + g_autofree char *haveTLS = NULL; + g_autofree char *tlsCfg = NULL; + g_autofree char *sslverifystr = NULL; ++ xmlNodePtr tmpnode; + + if (!(protocol = virXMLPropString(node, "protocol"))) { + virReportError(VIR_ERR_XML_ERROR, "%s", +@@ -9345,6 +9402,13 @@ virDomainDiskSourceNetworkParse(xmlNodePtr node, + src->sslverify = verify; + } + ++ if ((src->protocol == VIR_STORAGE_NET_PROTOCOL_HTTP || ++ src->protocol == VIR_STORAGE_NET_PROTOCOL_HTTPS) && ++ (tmpnode = virXPathNode("./cookies", ctxt))) { ++ if (virDomainStorageNetCookiesParse(tmpnode, ctxt, src) < 0) ++ return -1; ++ } ++ + return 0; + } + +@@ -24281,6 +24345,22 @@ virDomainSourceDefFormatSeclabel(virBufferPtr buf, + } + + ++static void ++virDomainDiskSourceFormatNetworkCookies(virBufferPtr buf, ++ virStorageSourcePtr src) ++{ ++ g_auto(virBuffer) childBuf = VIR_BUFFER_INIT_CHILD(buf); ++ size_t i; ++ ++ for (i = 0; i < src->ncookies; i++) { ++ virBufferEscapeString(&childBuf, "", src->cookies[i]->name); ++ virBufferEscapeString(&childBuf, "%s\n", src->cookies[i]->value); ++ } ++ ++ virXMLFormatElement(buf, "cookies", NULL, &childBuf); ++} ++ ++ + static int + virDomainDiskSourceFormatNetwork(virBufferPtr attrBuf, + virBufferPtr childBuf, +@@ -24331,6 +24411,8 @@ virDomainDiskSourceFormatNetwork(virBufferPtr attrBuf, + virTristateBoolTypeToString(src->sslverify)); + } + ++ virDomainDiskSourceFormatNetworkCookies(childBuf, src); ++ + return 0; + } + +diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms +index dbbec0d567..ac5527ef01 100644 +--- a/src/libvirt_private.syms ++++ b/src/libvirt_private.syms +@@ -3123,6 +3123,7 @@ virStorageSourceIsEmpty; + virStorageSourceIsLocalStorage; + virStorageSourceIsRelative; + virStorageSourceIsSameLocation; ++virStorageSourceNetCookiesValidate; + virStorageSourceNetworkAssignDefaultPorts; + virStorageSourceNew; + virStorageSourceNewFromBacking; +diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c +index cfa77fccf8..6350168d73 100644 +--- a/src/util/virstoragefile.c ++++ b/src/util/virstoragefile.c +@@ -2157,6 +2157,118 @@ virStorageSourceSeclabelsCopy(virStorageSourcePtr to, + } + + ++void ++virStorageNetCookieDefFree(virStorageNetCookieDefPtr def) ++{ ++ if (!def) ++ return; ++ ++ g_free(def->name); ++ g_free(def->value); ++ ++ g_free(def); ++} ++ ++ ++static void ++virStorageSourceNetCookiesClear(virStorageSourcePtr src) ++{ ++ size_t i; ++ ++ if (!src || !src->cookies) ++ return; ++ ++ for (i = 0; i < src->ncookies; i++) ++ virStorageNetCookieDefFree(src->cookies[i]); ++ ++ g_clear_pointer(&src->cookies, g_free); ++ src->ncookies = 0; ++} ++ ++ ++static void ++virStorageSourceNetCookiesCopy(virStorageSourcePtr to, ++ const virStorageSource *from) ++{ ++ size_t i; ++ ++ if (from->ncookies == 0) ++ return; ++ ++ to->cookies = g_new0(virStorageNetCookieDefPtr, from->ncookies); ++ to->ncookies = from->ncookies; ++ ++ for (i = 0; i < from->ncookies; i++) { ++ to->cookies[i]->name = g_strdup(from->cookies[i]->name); ++ to->cookies[i]->value = g_strdup(from->cookies[i]->value); ++ } ++} ++ ++ ++/* see https://tools.ietf.org/html/rfc6265#section-4.1.1 */ ++static const char virStorageSourceCookieValueInvalidChars[] = ++ "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F" ++ "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F" ++ " \",;\\"; ++ ++/* in addition cookie name can't contain these */ ++static const char virStorageSourceCookieNameInvalidChars[] = ++ "()<>@:/[]?={}"; ++ ++static int ++virStorageSourceNetCookieValidate(virStorageNetCookieDefPtr def) ++{ ++ /* name must have at least 1 character */ ++ if (*(def->name) == '\0') { ++ virReportError(VIR_ERR_XML_ERROR, "%s", ++ _("cookie name must not be empty")); ++ return -1; ++ } ++ ++ /* check invalid characters in name */ ++ if (virStringHasChars(def->name, virStorageSourceCookieValueInvalidChars) || ++ virStringHasChars(def->name, virStorageSourceCookieNameInvalidChars)) { ++ virReportError(VIR_ERR_XML_ERROR, ++ _("cookie name '%s' contains invalid characters"), ++ def->name); ++ return -1; ++ } ++ ++ /* check invalid characters in value */ ++ if (virStringHasChars(def->value, virStorageSourceCookieValueInvalidChars)) { ++ virReportError(VIR_ERR_XML_ERROR, ++ _("value of cookie '%s' contains invalid characters"), ++ def->name); ++ return -1; ++ } ++ ++ return 0; ++} ++ ++ ++int ++virStorageSourceNetCookiesValidate(virStorageSourcePtr src) ++{ ++ size_t i; ++ size_t j; ++ ++ for (i = 0; i < src->ncookies; i++) { ++ if (virStorageSourceNetCookieValidate(src->cookies[i]) < 0) ++ return -1; ++ ++ for (j = i + 1; j < src->ncookies; j++) { ++ if (STREQ(src->cookies[i]->name, src->cookies[j]->name)) { ++ virReportError(VIR_ERR_XML_ERROR, _("duplicate cookie '%s'"), ++ src->cookies[i]->name); ++ return -1; ++ } ++ } ++ } ++ ++ return 0; ++} ++ ++ + static virStorageTimestampsPtr + virStorageTimestampsCopy(const virStorageTimestamps *src) + { +@@ -2299,6 +2411,8 @@ virStorageSourceCopy(const virStorageSource *src, + def->nhosts = src->nhosts; + } + ++ virStorageSourceNetCookiesCopy(def, src); ++ + if (src->srcpool && + !(def->srcpool = virStorageSourcePoolDefCopy(src->srcpool))) + return NULL; +@@ -2560,6 +2674,7 @@ virStorageSourceClear(virStorageSourcePtr def) + VIR_FREE(def->volume); + VIR_FREE(def->snapshot); + VIR_FREE(def->configFile); ++ virStorageSourceNetCookiesClear(def); + virStorageSourcePoolDefFree(def->srcpool); + virBitmapFree(def->features); + VIR_FREE(def->compat); +diff --git a/src/util/virstoragefile.h b/src/util/virstoragefile.h +index fab4248c3d..1c7c046ad6 100644 +--- a/src/util/virstoragefile.h ++++ b/src/util/virstoragefile.h +@@ -162,6 +162,17 @@ struct _virStorageNetHostDef { + char *socket; /* path to unix socket */ + }; + ++typedef struct _virStorageNetCookieDef virStorageNetCookieDef; ++typedef virStorageNetCookieDef *virStorageNetCookieDefPtr; ++struct _virStorageNetCookieDef { ++ char *name; ++ char *value; ++}; ++ ++void virStorageNetCookieDefFree(virStorageNetCookieDefPtr def); ++ ++G_DEFINE_AUTOPTR_CLEANUP_FUNC(virStorageNetCookieDef, virStorageNetCookieDefFree); ++ + /* Information for a storage volume from a virStoragePool */ + + /* +@@ -276,6 +287,8 @@ struct _virStorageSource { + the source definition */ + size_t nhosts; + virStorageNetHostDefPtr hosts; ++ size_t ncookies; ++ virStorageNetCookieDefPtr *cookies; + virStorageSourcePoolDefPtr srcpool; + virStorageAuthDefPtr auth; + bool authInherited; +@@ -477,6 +490,8 @@ int virStorageSourceUpdateCapacity(virStorageSourcePtr src, + int virStorageSourceNewFromBacking(virStorageSourcePtr parent, + virStorageSourcePtr *backing); + ++int virStorageSourceNetCookiesValidate(virStorageSourcePtr src); ++ + virStorageSourcePtr virStorageSourceCopy(const virStorageSource *src, + bool backingChain) + ATTRIBUTE_NONNULL(1); +diff --git a/tests/genericxml2xmlindata/disk-network-http.xml b/tests/genericxml2xmlindata/disk-network-http.xml +index bdcc1977f2..bafb77c8ec 100644 +--- a/tests/genericxml2xmlindata/disk-network-http.xml ++++ b/tests/genericxml2xmlindata/disk-network-http.xml +@@ -33,6 +33,10 @@ + + + ++ ++ testcookievalue ++ blurb ++ + + + +@@ -41,6 +45,10 @@ + + + ++ ++ testcookievalue ++ blurb ++ + + + +-- +2.25.1 + diff --git a/SOURCES/libvirt-conf-Add-support-for-http-s-query-strings.patch b/SOURCES/libvirt-conf-Add-support-for-http-s-query-strings.patch new file mode 100644 index 0000000..32169e7 --- /dev/null +++ b/SOURCES/libvirt-conf-Add-support-for-http-s-query-strings.patch @@ -0,0 +1,160 @@ +From 45ecbd824c92bd05a46557bfcaff39196f701e6c Mon Sep 17 00:00:00 2001 +Message-Id: <45ecbd824c92bd05a46557bfcaff39196f701e6c@dist-git> +From: Peter Krempa +Date: Mon, 30 Mar 2020 17:21:45 +0200 +Subject: [PATCH] conf: Add support for http(s) query strings +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Add a new attribute for holding the query part for http(s) disks. + +Signed-off-by: Peter Krempa +Reviewed-by: Ján Tomko +(cherry picked from commit 56368124728f0d65dde07244c741b459fcd6b939) +https://bugzilla.redhat.com/show_bug.cgi?id=1804750 +Message-Id: +Reviewed-by: Jiri Denemark +--- + docs/formatdomain.html.in | 7 ++++++- + docs/schemas/domaincommon.rng | 6 ++++++ + src/conf/domain_conf.c | 5 +++++ + src/util/virstoragefile.c | 2 ++ + src/util/virstoragefile.h | 1 + + tests/qemuxml2argvdata/disk-network-http.xml | 2 +- + .../qemuxml2xmloutdata/disk-network-http.x86_64-latest.xml | 2 +- + 7 files changed, 22 insertions(+), 3 deletions(-) + +diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in +index 143db21d4d..9c588185df 100644 +--- a/docs/formatdomain.html.in ++++ b/docs/formatdomain.html.in +@@ -2837,7 +2837,7 @@ + </disk> + <disk type='network' device='cdrom'> + <driver name='qemu' type='raw'/> +- <source protocol="http" name="url_path"> ++ <source protocol="http" name="url_path" query="foo=bar&amp;baz=flurb> + <host name="hostname" port="80"/> + <cookies> + <cookie name="test">somevalue</cookie> +@@ -3103,6 +3103,11 @@ + ('tls' Since 4.5.0) +

+ ++

For protocols http and https an ++ optional attribute query specifies the query string. ++ (Since 6.2.0) ++

++ +

For "iscsi" (since 1.0.4), the + name attribute may include a logical unit number, + separated from the target's name by a slash (e.g., +diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng +index e17f7ff8c0..dd8f27243a 100644 +--- a/docs/schemas/domaincommon.rng ++++ b/docs/schemas/domaincommon.rng +@@ -1869,6 +1869,9 @@ + + + ++ ++ ++ + + + +@@ -1894,6 +1897,9 @@ + + + ++ ++ ++ + + + +diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c +index e3755fa285..28160a2967 100644 +--- a/src/conf/domain_conf.c ++++ b/src/conf/domain_conf.c +@@ -9382,6 +9382,10 @@ virDomainDiskSourceNetworkParse(xmlNodePtr node, + /* config file currently only works with remote disks */ + src->configFile = virXPathString("string(./config/@file)", ctxt); + ++ if (src->protocol == VIR_STORAGE_NET_PROTOCOL_HTTP || ++ src->protocol == VIR_STORAGE_NET_PROTOCOL_HTTPS) ++ src->query = virXMLPropString(node, "query"); ++ + if (virDomainStorageNetworkParseHosts(node, &src->hosts, &src->nhosts) < 0) + return -1; + +@@ -24390,6 +24394,7 @@ virDomainDiskSourceFormatNetwork(virBufferPtr attrBuf, + path = g_strdup_printf("%s/%s", src->volume, src->path); + + virBufferEscapeString(attrBuf, " name='%s'", path ? path : src->path); ++ virBufferEscapeString(attrBuf, " query='%s'", src->query); + + if (src->haveTLS != VIR_TRISTATE_BOOL_ABSENT && + !(flags & VIR_DOMAIN_DEF_FORMAT_MIGRATABLE && +diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c +index f8d741f040..4082e3f5f7 100644 +--- a/src/util/virstoragefile.c ++++ b/src/util/virstoragefile.c +@@ -2418,6 +2418,7 @@ virStorageSourceCopy(const virStorageSource *src, + def->compat = g_strdup(src->compat); + def->tlsAlias = g_strdup(src->tlsAlias); + def->tlsCertdir = g_strdup(src->tlsCertdir); ++ def->query = g_strdup(src->query); + + if (src->sliceStorage) + def->sliceStorage = virStorageSourceSliceCopy(src->sliceStorage); +@@ -2696,6 +2697,7 @@ virStorageSourceClear(virStorageSourcePtr def) + VIR_FREE(def->volume); + VIR_FREE(def->snapshot); + VIR_FREE(def->configFile); ++ VIR_FREE(def->query); + virStorageSourceNetCookiesClear(def); + virStorageSourcePoolDefFree(def->srcpool); + virBitmapFree(def->features); +diff --git a/src/util/virstoragefile.h b/src/util/virstoragefile.h +index 0230f44652..8089d1e07f 100644 +--- a/src/util/virstoragefile.h ++++ b/src/util/virstoragefile.h +@@ -285,6 +285,7 @@ struct _virStorageSource { + char *snapshot; /* for storage systems supporting internal snapshots */ + char *configFile; /* some storage systems use config file as part of + the source definition */ ++ char *query; /* query string for HTTP based protocols */ + size_t nhosts; + virStorageNetHostDefPtr hosts; + size_t ncookies; +diff --git a/tests/qemuxml2argvdata/disk-network-http.xml b/tests/qemuxml2argvdata/disk-network-http.xml +index 93e6617433..3abf499019 100644 +--- a/tests/qemuxml2argvdata/disk-network-http.xml ++++ b/tests/qemuxml2argvdata/disk-network-http.xml +@@ -42,7 +42,7 @@ + + + +- ++ + + + +diff --git a/tests/qemuxml2xmloutdata/disk-network-http.x86_64-latest.xml b/tests/qemuxml2xmloutdata/disk-network-http.x86_64-latest.xml +index 60073c227c..45b01841ec 100644 +--- a/tests/qemuxml2xmloutdata/disk-network-http.x86_64-latest.xml ++++ b/tests/qemuxml2xmloutdata/disk-network-http.x86_64-latest.xml +@@ -46,7 +46,7 @@ + + + +- ++ + + + +-- +2.26.0 + diff --git a/SOURCES/libvirt-conf-Add-support-for-modifying-ssl-validation-for-https-ftps-disks.patch b/SOURCES/libvirt-conf-Add-support-for-modifying-ssl-validation-for-https-ftps-disks.patch new file mode 100644 index 0000000..995852c --- /dev/null +++ b/SOURCES/libvirt-conf-Add-support-for-modifying-ssl-validation-for-https-ftps-disks.patch @@ -0,0 +1,242 @@ +From ffe8028ca07eb049b12d5c152b3d66489378d731 Mon Sep 17 00:00:00 2001 +Message-Id: +From: Peter Krempa +Date: Mon, 16 Mar 2020 22:11:56 +0100 +Subject: [PATCH] conf: Add support for modifying ssl validation for https/ftps + disks +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +To allow turning off verification of SSL cerificates add a new element + to the disk source XML which will allow configuring the validation +process using the 'verify' attribute. + +Signed-off-by: Peter Krempa +Reviewed-by: Ján Tomko +(cherry picked from commit 25481e25b14108373bf2e5e95c04fe30bff96bb4) + +https://bugzilla.redhat.com/show_bug.cgi?id=1804750 +Message-Id: +Reviewed-by: Ján Tomko +--- + docs/formatdomain.html.in | 9 ++++ + docs/schemas/domaincommon.rng | 51 ++++++++++++++++++- + src/conf/domain_conf.c | 19 +++++++ + src/util/virstoragefile.c | 1 + + src/util/virstoragefile.h | 1 + + .../disk-network-http.xml | 9 ++++ + 6 files changed, 88 insertions(+), 2 deletions(-) + +diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in +index e9830ab231..2cce247958 100644 +--- a/docs/formatdomain.html.in ++++ b/docs/formatdomain.html.in +@@ -2847,6 +2847,7 @@ + <driver name='qemu' type='raw'/> + <source protocol="https" name="url_path"> + <host name="hostname" port="443"/> ++ <ssl verify="no"/> + </source> + <target dev='hdf' bus='ide' tray='open'/> + <readonly/> +@@ -3373,6 +3374,14 @@ + The offset and size values are in bytes. + Since 6.1.0 + ++

ssl
++
++ For https and ftps accessed storage it's ++ possible to tweak the SSL transport parameters with this element. ++ The verify attribute allows to turn on or off SSL ++ certificate validation. Supported values are yes and ++ no. Since 6.2.0 ++
+ + +

+diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng +index aa70e340b9..548601b61c 100644 +--- a/docs/schemas/domaincommon.rng ++++ b/docs/schemas/domaincommon.rng +@@ -1808,12 +1808,39 @@ + + + ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ https ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + + + http +- https + + + +@@ -1825,13 +1852,31 @@ + + + ++ ++ ++ ++ ++ ftps ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + + + sheepdog + ftp +- ftps + tftp + + +@@ -1909,6 +1954,8 @@ + + + ++ ++ + + + +diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c +index b3c4084c38..70bbc35bb3 100644 +--- a/src/conf/domain_conf.c ++++ b/src/conf/domain_conf.c +@@ -9259,6 +9259,7 @@ virDomainDiskSourceNetworkParse(xmlNodePtr node, + g_autofree char *protocol = NULL; + g_autofree char *haveTLS = NULL; + g_autofree char *tlsCfg = NULL; ++ g_autofree char *sslverifystr = NULL; + + if (!(protocol = virXMLPropString(node, "protocol"))) { + virReportError(VIR_ERR_XML_ERROR, "%s", +@@ -9331,6 +9332,19 @@ virDomainDiskSourceNetworkParse(xmlNodePtr node, + + virStorageSourceInitiatorParseXML(ctxt, &src->initiator); + ++ if ((src->protocol == VIR_STORAGE_NET_PROTOCOL_HTTPS || ++ src->protocol == VIR_STORAGE_NET_PROTOCOL_FTPS) && ++ (sslverifystr = virXPathString("string(./ssl/@verify)", ctxt))) { ++ int verify; ++ if ((verify = virTristateBoolTypeFromString(sslverifystr)) < 0) { ++ virReportError(VIR_ERR_XML_ERROR, ++ _("invalid ssl verify mode '%s'"), sslverifystr); ++ return -1; ++ } ++ ++ src->sslverify = verify; ++ } ++ + return 0; + } + +@@ -24312,6 +24326,11 @@ virDomainDiskSourceFormatNetwork(virBufferPtr attrBuf, + + virStorageSourceInitiatorFormatXML(&src->initiator, childBuf); + ++ if (src->sslverify != VIR_TRISTATE_BOOL_ABSENT) { ++ virBufferAsprintf(childBuf, "\n", ++ virTristateBoolTypeToString(src->sslverify)); ++ } ++ + return 0; + } + +diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c +index b88763b267..cfa77fccf8 100644 +--- a/src/util/virstoragefile.c ++++ b/src/util/virstoragefile.c +@@ -2270,6 +2270,7 @@ virStorageSourceCopy(const virStorageSource *src, + def->cachemode = src->cachemode; + def->discard = src->discard; + def->detect_zeroes = src->detect_zeroes; ++ def->sslverify = src->sslverify; + + /* storage driver metadata are not copied */ + def->drv = NULL; +diff --git a/src/util/virstoragefile.h b/src/util/virstoragefile.h +index 5b995d54ab..fab4248c3d 100644 +--- a/src/util/virstoragefile.h ++++ b/src/util/virstoragefile.h +@@ -282,6 +282,7 @@ struct _virStorageSource { + virStorageEncryptionPtr encryption; + bool encryptionInherited; + virStoragePRDefPtr pr; ++ virTristateBool sslverify; + + virStorageSourceNVMeDefPtr nvme; /* type == VIR_STORAGE_TYPE_NVME */ + +diff --git a/tests/genericxml2xmlindata/disk-network-http.xml b/tests/genericxml2xmlindata/disk-network-http.xml +index fde1222fd0..bdcc1977f2 100644 +--- a/tests/genericxml2xmlindata/disk-network-http.xml ++++ b/tests/genericxml2xmlindata/disk-network-http.xml +@@ -25,6 +25,7 @@ + + + ++ + + + +@@ -35,6 +36,14 @@ + + + ++ ++ ++ ++ ++ ++ ++ ++ + + + +-- +2.25.1 + diff --git a/SOURCES/libvirt-conf-Add-support-for-setting-timeout-and-readahead-size-for-network-disks.patch b/SOURCES/libvirt-conf-Add-support-for-setting-timeout-and-readahead-size-for-network-disks.patch new file mode 100644 index 0000000..5fe493e --- /dev/null +++ b/SOURCES/libvirt-conf-Add-support-for-setting-timeout-and-readahead-size-for-network-disks.patch @@ -0,0 +1,205 @@ +From 3050ddce41896311b8c3ad06f148bea358e597b8 Mon Sep 17 00:00:00 2001 +Message-Id: <3050ddce41896311b8c3ad06f148bea358e597b8@dist-git> +From: Peter Krempa +Date: Mon, 16 Mar 2020 22:11:58 +0100 +Subject: [PATCH] conf: Add support for setting timeout and readahead size for + network disks +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Some disk backends support configuring the readahead buffer or timeout +for requests. Add the knobs to the XML. + +Signed-off-by: Peter Krempa +Reviewed-by: Ján Tomko +(cherry picked from commit 63fd46177367c6653c4c986558f6d0e4a700cfcc) + +https://bugzilla.redhat.com/show_bug.cgi?id=1804750 +Message-Id: <2694bc6f9a327f89d82da18320e7137152915ad3.1584391727.git.pkrempa@redhat.com> +Reviewed-by: Ján Tomko +--- + docs/formatdomain.html.in | 16 +++++++++++++ + docs/schemas/domaincommon.rng | 23 +++++++++++++++++++ + src/conf/domain_conf.c | 19 +++++++++++++++ + src/util/virstoragefile.c | 2 ++ + src/util/virstoragefile.h | 3 +++ + .../disk-network-http.xml | 2 ++ + 6 files changed, 65 insertions(+) + +diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in +index 5a10d64e83..2b8f9eabc2 100644 +--- a/docs/formatdomain.html.in ++++ b/docs/formatdomain.html.in +@@ -2842,6 +2842,8 @@ + <cookies> + <cookie name="test">somevalue</cookie> + </cookies> ++ <readahead size='65536'/> ++ <timeout seconds='6'/> + </source> + <target dev='hde' bus='ide' tray='open'/> + <readonly/> +@@ -3392,6 +3394,20 @@ + must conform to the HTTP specification. + Since 6.2.0 + ++

readahead
++
++ Specifies the size of the readahead buffer for protocols ++ which support it. (all 'curl' based drivers in qemu). The size ++ is in bytes. Note that '0' is considered as if the value is not ++ provided. ++ Since 6.2.0 ++
++
timeout
++
++ Specifies the connection timeout for protocols which support it. ++ Note that '0' is considered as if the value is not provided. ++ Since 6.2.0 ++
+ + +

+diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng +index bdf35e64f6..3a0edbed97 100644 +--- a/docs/schemas/domaincommon.rng ++++ b/docs/schemas/domaincommon.rng +@@ -1808,6 +1808,25 @@ + + + ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +@@ -1854,6 +1873,7 @@ + + + ++ + + + +@@ -1873,6 +1893,7 @@ + + + ++ + + + +@@ -1892,6 +1913,7 @@ + + + ++ + + + +@@ -1910,6 +1932,7 @@ + + + ++ + + + +diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c +index d066d3aac1..8aec85e83c 100644 +--- a/src/conf/domain_conf.c ++++ b/src/conf/domain_conf.c +@@ -9409,6 +9409,19 @@ virDomainDiskSourceNetworkParse(xmlNodePtr node, + return -1; + } + ++ if (src->protocol == VIR_STORAGE_NET_PROTOCOL_HTTP || ++ src->protocol == VIR_STORAGE_NET_PROTOCOL_HTTPS || ++ src->protocol == VIR_STORAGE_NET_PROTOCOL_FTP || ++ src->protocol == VIR_STORAGE_NET_PROTOCOL_FTPS) { ++ ++ if (virXPathULongLong("string(./readahead/@size)", ctxt, &src->readahead) == -2 || ++ virXPathULongLong("string(./timeout/@seconds)", ctxt, &src->timeout) == -2) { ++ virReportError(VIR_ERR_XML_ERROR, "%s", ++ _("invalid readahead size or timeout")); ++ return -1; ++ } ++ } ++ + return 0; + } + +@@ -24413,6 +24426,12 @@ virDomainDiskSourceFormatNetwork(virBufferPtr attrBuf, + + virDomainDiskSourceFormatNetworkCookies(childBuf, src); + ++ if (src->readahead) ++ virBufferAsprintf(childBuf, "\n", src->readahead); ++ ++ if (src->timeout) ++ virBufferAsprintf(childBuf, "\n", src->timeout); ++ + return 0; + } + +diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c +index 6350168d73..7893e054c3 100644 +--- a/src/util/virstoragefile.c ++++ b/src/util/virstoragefile.c +@@ -2383,6 +2383,8 @@ virStorageSourceCopy(const virStorageSource *src, + def->discard = src->discard; + def->detect_zeroes = src->detect_zeroes; + def->sslverify = src->sslverify; ++ def->readahead = src->readahead; ++ def->timeout = src->timeout; + + /* storage driver metadata are not copied */ + def->drv = NULL; +diff --git a/src/util/virstoragefile.h b/src/util/virstoragefile.h +index 1c7c046ad6..1abdaf89ce 100644 +--- a/src/util/virstoragefile.h ++++ b/src/util/virstoragefile.h +@@ -296,6 +296,9 @@ struct _virStorageSource { + bool encryptionInherited; + virStoragePRDefPtr pr; + virTristateBool sslverify; ++ /* both values below have 0 as default value */ ++ unsigned long long readahead; /* size of the readahead buffer in bytes */ ++ unsigned long long timeout; /* connection timeout in seconds */ + + virStorageSourceNVMeDefPtr nvme; /* type == VIR_STORAGE_TYPE_NVME */ + +diff --git a/tests/genericxml2xmlindata/disk-network-http.xml b/tests/genericxml2xmlindata/disk-network-http.xml +index bafb77c8ec..a8430b8365 100644 +--- a/tests/genericxml2xmlindata/disk-network-http.xml ++++ b/tests/genericxml2xmlindata/disk-network-http.xml +@@ -49,6 +49,8 @@ + testcookievalue + blurb + ++ ++ + + + +-- +2.25.1 + diff --git a/SOURCES/libvirt-conf-Add-validation-of-input-devices.patch b/SOURCES/libvirt-conf-Add-validation-of-input-devices.patch deleted file mode 100644 index 5f9dbbb..0000000 --- a/SOURCES/libvirt-conf-Add-validation-of-input-devices.patch +++ /dev/null @@ -1,76 +0,0 @@ -From c2afbedc310ac1a65a5ee96c8fa4103e926483c4 Mon Sep 17 00:00:00 2001 -Message-Id: -From: Han Han -Date: Tue, 28 Aug 2018 10:30:51 +0200 -Subject: [PATCH] conf: Add validation of input devices -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -https://bugzilla.redhat.com/show_bug.cgi?id=1591151 - -Add function virDomainInputDefValidate to validate input devices. -Make sure evdev attribute of source element is not used by mouse, -keyboard, and tablet input device. - -Signed-off-by: Han Han -Reviewed-by: John Ferlan -(cherry picked from commit deb057fd364cb57614c6dea7b05c247231f9ae4f) -Signed-off-by: Ján Tomko - -https: //bugzilla.redhat.com/show_bug.cgi?id=1591240 -Reviewed-by: Andrea Bolognani ---- - src/conf/domain_conf.c | 27 ++++++++++++++++++++++++++- - 1 file changed, 26 insertions(+), 1 deletion(-) - -diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c -index 51a79ad8b1..16e52d149d 100644 ---- a/src/conf/domain_conf.c -+++ b/src/conf/domain_conf.c -@@ -5760,6 +5760,29 @@ virDomainVsockDefValidate(const virDomainVsockDef *vsock) - return 0; - } - -+static int -+virDomainInputDefValidate(const virDomainInputDef *input) -+{ -+ switch ((virDomainInputType) input->type) { -+ case VIR_DOMAIN_INPUT_TYPE_MOUSE: -+ case VIR_DOMAIN_INPUT_TYPE_TABLET: -+ case VIR_DOMAIN_INPUT_TYPE_KBD: -+ case VIR_DOMAIN_INPUT_TYPE_LAST: -+ if (input->source.evdev) { -+ virReportError(VIR_ERR_XML_ERROR, "%s", -+ _("setting source evdev path only supported for " -+ "passthrough input devices")); -+ return -1; -+ } -+ break; -+ -+ case VIR_DOMAIN_INPUT_TYPE_PASSTHROUGH: -+ break; -+ } -+ -+ return 0; -+} -+ - - static int - virDomainDeviceDefValidateInternal(const virDomainDeviceDef *dev, -@@ -5799,9 +5822,11 @@ virDomainDeviceDefValidateInternal(const virDomainDeviceDef *dev, - case VIR_DOMAIN_DEVICE_VSOCK: - return virDomainVsockDefValidate(dev->data.vsock); - -+ case VIR_DOMAIN_DEVICE_INPUT: -+ return virDomainInputDefValidate(dev->data.input); -+ - case VIR_DOMAIN_DEVICE_LEASE: - case VIR_DOMAIN_DEVICE_FS: -- case VIR_DOMAIN_DEVICE_INPUT: - case VIR_DOMAIN_DEVICE_SOUND: - case VIR_DOMAIN_DEVICE_WATCHDOG: - case VIR_DOMAIN_DEVICE_GRAPHICS: --- -2.18.0 - diff --git a/SOURCES/libvirt-conf-Allocate-release-uid-and-fid-in-PCI-address.patch b/SOURCES/libvirt-conf-Allocate-release-uid-and-fid-in-PCI-address.patch deleted file mode 100644 index d99def9..0000000 --- a/SOURCES/libvirt-conf-Allocate-release-uid-and-fid-in-PCI-address.patch +++ /dev/null @@ -1,527 +0,0 @@ -From 87e3a5f2f797c79516a560ddc224074c834ef528 Mon Sep 17 00:00:00 2001 -Message-Id: <87e3a5f2f797c79516a560ddc224074c834ef528@dist-git> -From: Yi Min Zhao -Date: Mon, 8 Apr 2019 10:57:27 +0200 -Subject: [PATCH] conf: Allocate/release 'uid' and 'fid' in PCI address -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This patch adds new functions for reservation, assignment and release -to handle the uid/fid. If the uid/fid is defined in the domain XML, -they will be reserved directly in the collecting phase. If any of them -is not defined, we will find out an available value for them from the -zPCI address hashtable, and reserve them. For the hotplug case there -might not be a zPCI definition. So allocate and reserve uid/fid the -case. Assign if needed and reserve uid/fid for the defined case. - -Signed-off-by: Yi Min Zhao -Reviewed-by: Bjoern Walk -Reviewed-by: Boris Fiuczynski -Reviewed-by: Andrea Bolognani - -(cherry picked from commit f183b87fc1dbcc6446ac3c1cef9cdd345b9725fb) - -https://bugzilla.redhat.com/show_bug.cgi?id=1508149 - -Conflicts: - - * src/libvirt_private.syms - + several symbols are not present in the list - - missing 9ad119f4db5, ab3f781a10c, edeef779585, b899726faa5 - - * src/qemu/qemu_domain_address.c - + the old name for virDeviceInfoPCIAddressIsPresent() is used - - missing 76151a53a100 - -Signed-off-by: Andrea Bolognani -Message-Id: <20190408085732.28684-11-abologna@redhat.com> -Reviewed-by: Laine Stump -Reviewed-by: Ján Tomko ---- - src/conf/device_conf.c | 16 +++ - src/conf/device_conf.h | 3 + - src/conf/domain_addr.c | 244 +++++++++++++++++++++++++++++++++ - src/conf/domain_addr.h | 12 ++ - src/libvirt_private.syms | 5 + - src/qemu/qemu_domain_address.c | 59 +++++++- - 6 files changed, 338 insertions(+), 1 deletion(-) - -diff --git a/src/conf/device_conf.c b/src/conf/device_conf.c -index cadac32603..76370d30a2 100644 ---- a/src/conf/device_conf.c -+++ b/src/conf/device_conf.c -@@ -28,6 +28,7 @@ - #include "viruuid.h" - #include "virbuffer.h" - #include "device_conf.h" -+#include "domain_addr.h" - #include "virstring.h" - - #define VIR_FROM_THIS VIR_FROM_DEVICE -@@ -230,6 +231,21 @@ int virPCIDeviceAddressIsValid(virPCIDeviceAddressPtr addr, - } - - -+bool -+virDeviceInfoPCIAddressExtensionIsWanted(const virDomainDeviceInfo *info) -+{ -+ return (info->addr.pci.extFlags & VIR_PCI_ADDRESS_EXTENSION_ZPCI) && -+ virZPCIDeviceAddressIsEmpty(&info->addr.pci.zpci); -+} -+ -+bool -+virDeviceInfoPCIAddressExtensionIsPresent(const virDomainDeviceInfo *info) -+{ -+ return (info->addr.pci.extFlags & VIR_PCI_ADDRESS_EXTENSION_ZPCI) && -+ !virZPCIDeviceAddressIsEmpty(&info->addr.pci.zpci); -+} -+ -+ - int - virPCIDeviceAddressParseXML(xmlNodePtr node, - virPCIDeviceAddressPtr addr) -diff --git a/src/conf/device_conf.h b/src/conf/device_conf.h -index c79066ec02..6bef2f093a 100644 ---- a/src/conf/device_conf.h -+++ b/src/conf/device_conf.h -@@ -214,6 +214,9 @@ virDeviceInfoPCIAddressPresent(const virDomainDeviceInfo *info) - !virPCIDeviceAddressIsEmpty(&info->addr.pci); - } - -+bool virDeviceInfoPCIAddressExtensionIsWanted(const virDomainDeviceInfo *info); -+bool virDeviceInfoPCIAddressExtensionIsPresent(const virDomainDeviceInfo *info); -+ - int virPCIDeviceAddressParseXML(xmlNodePtr node, - virPCIDeviceAddressPtr addr); - -diff --git a/src/conf/domain_addr.c b/src/conf/domain_addr.c -index 9e0a0fdf95..a58910c394 100644 ---- a/src/conf/domain_addr.c -+++ b/src/conf/domain_addr.c -@@ -33,6 +33,238 @@ - - VIR_LOG_INIT("conf.domain_addr"); - -+static int -+virDomainZPCIAddressReserveId(virHashTablePtr set, -+ unsigned int id, -+ const char *name) -+{ -+ if (virHashLookup(set, &id)) { -+ virReportError(VIR_ERR_INTERNAL_ERROR, -+ _("zPCI %s %o is already reserved"), -+ name, id); -+ return -1; -+ } -+ -+ if (virHashAddEntry(set, &id, (void*)1) < 0) { -+ virReportError(VIR_ERR_INTERNAL_ERROR, -+ _("Failed to reserve %s %o"), -+ name, id); -+ return -1; -+ } -+ -+ return 0; -+} -+ -+ -+static int -+virDomainZPCIAddressReserveUid(virHashTablePtr set, -+ virZPCIDeviceAddressPtr addr) -+{ -+ return virDomainZPCIAddressReserveId(set, addr->uid, "uid"); -+} -+ -+ -+static int -+virDomainZPCIAddressReserveFid(virHashTablePtr set, -+ virZPCIDeviceAddressPtr addr) -+{ -+ return virDomainZPCIAddressReserveId(set, addr->fid, "fid"); -+} -+ -+ -+static int -+virDomainZPCIAddressAssignId(virHashTablePtr set, -+ unsigned int *id, -+ unsigned int min, -+ unsigned int max, -+ const char *name) -+{ -+ while (virHashLookup(set, &min)) { -+ if (min == max) { -+ virReportError(VIR_ERR_INTERNAL_ERROR, -+ _("There is no more free %s."), -+ name); -+ return -1; -+ } -+ ++min; -+ } -+ *id = min; -+ -+ return 0; -+} -+ -+ -+static int -+virDomainZPCIAddressAssignUid(virHashTablePtr set, -+ virZPCIDeviceAddressPtr addr) -+{ -+ return virDomainZPCIAddressAssignId(set, &addr->uid, 1, -+ VIR_DOMAIN_DEVICE_ZPCI_MAX_UID, "uid"); -+} -+ -+ -+static int -+virDomainZPCIAddressAssignFid(virHashTablePtr set, -+ virZPCIDeviceAddressPtr addr) -+{ -+ return virDomainZPCIAddressAssignId(set, &addr->fid, 0, -+ VIR_DOMAIN_DEVICE_ZPCI_MAX_FID, "fid"); -+} -+ -+ -+static void -+virDomainZPCIAddressReleaseId(virHashTablePtr set, -+ unsigned int *id, -+ const char *name) -+{ -+ if (virHashRemoveEntry(set, id) < 0) { -+ virReportError(VIR_ERR_INTERNAL_ERROR, -+ _("Release %s %o failed"), -+ name, *id); -+ } -+ -+ *id = 0; -+} -+ -+ -+static void -+virDomainZPCIAddressReleaseUid(virHashTablePtr set, -+ virZPCIDeviceAddressPtr addr) -+{ -+ virDomainZPCIAddressReleaseId(set, &addr->uid, "uid"); -+} -+ -+ -+static void -+virDomainZPCIAddressReleaseFid(virHashTablePtr set, -+ virZPCIDeviceAddressPtr addr) -+{ -+ virDomainZPCIAddressReleaseId(set, &addr->fid, "fid"); -+} -+ -+ -+static void -+virDomainZPCIAddressReleaseIds(virDomainZPCIAddressIdsPtr zpciIds, -+ virZPCIDeviceAddressPtr addr) -+{ -+ if (!zpciIds || virZPCIDeviceAddressIsEmpty(addr)) -+ return; -+ -+ virDomainZPCIAddressReleaseUid(zpciIds->uids, addr); -+ -+ virDomainZPCIAddressReleaseFid(zpciIds->fids, addr); -+} -+ -+ -+static int -+virDomainZPCIAddressReserveNextUid(virHashTablePtr uids, -+ virZPCIDeviceAddressPtr zpci) -+{ -+ if (virDomainZPCIAddressAssignUid(uids, zpci) < 0) -+ return -1; -+ -+ if (virDomainZPCIAddressReserveUid(uids, zpci) < 0) -+ return -1; -+ -+ return 0; -+} -+ -+ -+static int -+virDomainZPCIAddressReserveNextFid(virHashTablePtr fids, -+ virZPCIDeviceAddressPtr zpci) -+{ -+ if (virDomainZPCIAddressAssignFid(fids, zpci) < 0) -+ return -1; -+ -+ if (virDomainZPCIAddressReserveFid(fids, zpci) < 0) -+ return -1; -+ -+ return 0; -+} -+ -+ -+static int -+virDomainZPCIAddressReserveAddr(virDomainZPCIAddressIdsPtr zpciIds, -+ virZPCIDeviceAddressPtr addr) -+{ -+ if (virDomainZPCIAddressReserveUid(zpciIds->uids, addr) < 0) -+ return -1; -+ -+ if (virDomainZPCIAddressReserveFid(zpciIds->fids, addr) < 0) { -+ virDomainZPCIAddressReleaseUid(zpciIds->uids, addr); -+ return -1; -+ } -+ -+ return 0; -+} -+ -+ -+static int -+virDomainZPCIAddressReserveNextAddr(virDomainZPCIAddressIdsPtr zpciIds, -+ virZPCIDeviceAddressPtr addr) -+{ -+ if (virDomainZPCIAddressReserveNextUid(zpciIds->uids, addr) < 0) -+ return -1; -+ -+ if (virDomainZPCIAddressReserveNextFid(zpciIds->fids, addr) < 0) { -+ virDomainZPCIAddressReleaseUid(zpciIds->uids, addr); -+ return -1; -+ } -+ -+ return 0; -+} -+ -+ -+int -+virDomainPCIAddressExtensionReserveAddr(virDomainPCIAddressSetPtr addrs, -+ virPCIDeviceAddressPtr addr) -+{ -+ if (addr->extFlags & VIR_PCI_ADDRESS_EXTENSION_ZPCI) { -+ /* Reserve uid/fid to ZPCI device which has defined uid/fid -+ * in the domain. -+ */ -+ return virDomainZPCIAddressReserveAddr(addrs->zpciIds, &addr->zpci); -+ } -+ -+ return 0; -+} -+ -+ -+int -+virDomainPCIAddressExtensionReserveNextAddr(virDomainPCIAddressSetPtr addrs, -+ virPCIDeviceAddressPtr addr) -+{ -+ if (addr->extFlags & VIR_PCI_ADDRESS_EXTENSION_ZPCI) { -+ virZPCIDeviceAddress zpci = { 0 }; -+ -+ if (virDomainZPCIAddressReserveNextAddr(addrs->zpciIds, &zpci) < 0) -+ return -1; -+ -+ if (!addrs->dryRun) -+ addr->zpci = zpci; -+ } -+ -+ return 0; -+} -+ -+static int -+virDomainPCIAddressExtensionEnsureAddr(virDomainPCIAddressSetPtr addrs, -+ virPCIDeviceAddressPtr addr) -+{ -+ if (addr->extFlags & VIR_PCI_ADDRESS_EXTENSION_ZPCI) { -+ virZPCIDeviceAddressPtr zpci = &addr->zpci; -+ -+ if (virZPCIDeviceAddressIsEmpty(zpci)) -+ return virDomainZPCIAddressReserveNextAddr(addrs->zpciIds, zpci); -+ else -+ return virDomainZPCIAddressReserveAddr(addrs->zpciIds, zpci); -+ } -+ -+ return 0; -+} -+ -+ - virDomainPCIConnectFlags - virDomainPCIControllerModelToConnectType(virDomainControllerModelPCI model) - { -@@ -729,12 +961,24 @@ virDomainPCIAddressEnsureAddr(virDomainPCIAddressSetPtr addrs, - ret = virDomainPCIAddressReserveNextAddr(addrs, dev, flags, -1); - } - -+ dev->addr.pci.extFlags = dev->pciAddrExtFlags; -+ ret = virDomainPCIAddressExtensionEnsureAddr(addrs, &dev->addr.pci); -+ - cleanup: - VIR_FREE(addrStr); - return ret; - } - - -+void -+virDomainPCIAddressExtensionReleaseAddr(virDomainPCIAddressSetPtr addrs, -+ virPCIDeviceAddressPtr addr) -+{ -+ if (addr->extFlags & VIR_PCI_ADDRESS_EXTENSION_ZPCI) -+ virDomainZPCIAddressReleaseIds(addrs->zpciIds, &addr->zpci); -+} -+ -+ - void - virDomainPCIAddressReleaseAddr(virDomainPCIAddressSetPtr addrs, - virPCIDeviceAddressPtr addr) -diff --git a/src/conf/domain_addr.h b/src/conf/domain_addr.h -index b01e6b9d20..e5ce4868d5 100644 ---- a/src/conf/domain_addr.h -+++ b/src/conf/domain_addr.h -@@ -166,6 +166,14 @@ bool virDomainPCIAddressSlotInUse(virDomainPCIAddressSetPtr addrs, - virPCIDeviceAddressPtr addr) - ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2); - -+int virDomainPCIAddressExtensionReserveAddr(virDomainPCIAddressSetPtr addrs, -+ virPCIDeviceAddressPtr addr) -+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2); -+ -+int virDomainPCIAddressExtensionReserveNextAddr(virDomainPCIAddressSetPtr addrs, -+ virPCIDeviceAddressPtr addr) -+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2); -+ - int virDomainPCIAddressReserveAddr(virDomainPCIAddressSetPtr addrs, - virPCIDeviceAddressPtr addr, - virDomainPCIConnectFlags flags, -@@ -187,6 +195,10 @@ void virDomainPCIAddressReleaseAddr(virDomainPCIAddressSetPtr addrs, - virPCIDeviceAddressPtr addr) - ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2); - -+void virDomainPCIAddressExtensionReleaseAddr(virDomainPCIAddressSetPtr addrs, -+ virPCIDeviceAddressPtr addr) -+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2); -+ - void virDomainPCIAddressSetAllMulti(virDomainDefPtr def) - ATTRIBUTE_NONNULL(1); - -diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms -index b2a2a1f265..ee7625b0f3 100644 ---- a/src/libvirt_private.syms -+++ b/src/libvirt_private.syms -@@ -93,6 +93,8 @@ virCPUModeTypeToString; - - - # conf/device_conf.h -+virDeviceInfoPCIAddressExtensionIsPresent; -+virDeviceInfoPCIAddressExtensionIsWanted; - virDomainDeviceInfoAddressIsEqual; - virDomainDeviceInfoCopy; - virInterfaceLinkFormat; -@@ -114,6 +116,9 @@ virDomainPCIAddressAsString; - virDomainPCIAddressBusIsFullyReserved; - virDomainPCIAddressBusSetModel; - virDomainPCIAddressEnsureAddr; -+virDomainPCIAddressExtensionReleaseAddr; -+virDomainPCIAddressExtensionReserveAddr; -+virDomainPCIAddressExtensionReserveNextAddr; - virDomainPCIAddressReleaseAddr; - virDomainPCIAddressReserveAddr; - virDomainPCIAddressReserveNextAddr; -diff --git a/src/qemu/qemu_domain_address.c b/src/qemu/qemu_domain_address.c -index ba870d56b1..8338241cba 100644 ---- a/src/qemu/qemu_domain_address.c -+++ b/src/qemu/qemu_domain_address.c -@@ -1405,6 +1405,24 @@ qemuDomainPCIAddressReserveNextAddr(virDomainPCIAddressSetPtr addrs, - } - - -+static int -+qemuDomainAssignPCIAddressExtension(virDomainDefPtr def ATTRIBUTE_UNUSED, -+ virDomainDeviceDefPtr device ATTRIBUTE_UNUSED, -+ virDomainDeviceInfoPtr info, -+ void *opaque) -+{ -+ virDomainPCIAddressSetPtr addrs = opaque; -+ virPCIDeviceAddressPtr addr = &info->addr.pci; -+ -+ if (info->type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI) -+ addr->extFlags = info->pciAddrExtFlags; -+ -+ if (virDeviceInfoPCIAddressExtensionIsWanted(info)) -+ return virDomainPCIAddressExtensionReserveNextAddr(addrs, addr); -+ -+ return 0; -+} -+ - static int - qemuDomainCollectPCIAddress(virDomainDefPtr def ATTRIBUTE_UNUSED, - virDomainDeviceDefPtr device, -@@ -1498,6 +1516,31 @@ qemuDomainCollectPCIAddress(virDomainDefPtr def ATTRIBUTE_UNUSED, - return ret; - } - -+static int -+qemuDomainCollectPCIAddressExtension(virDomainDefPtr def ATTRIBUTE_UNUSED, -+ virDomainDeviceDefPtr device, -+ virDomainDeviceInfoPtr info, -+ void *opaque) -+{ -+ virDomainPCIAddressSetPtr addrs = opaque; -+ virPCIDeviceAddressPtr addr = &info->addr.pci; -+ -+ if (info->type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI) -+ addr->extFlags = info->pciAddrExtFlags; -+ -+ if (!virDeviceInfoPCIAddressExtensionIsPresent(info) || -+ ((device->type == VIR_DOMAIN_DEVICE_HOSTDEV) && -+ (device->data.hostdev->parent.type != VIR_DOMAIN_DEVICE_NONE))) { -+ /* If a hostdev has a parent, its info will be a part of the -+ * parent, and will have its address collected during the scan -+ * of the parent's device type. -+ */ -+ return 0; -+ } -+ -+ return virDomainPCIAddressExtensionReserveAddr(addrs, addr); -+} -+ - static virDomainPCIAddressSetPtr - qemuDomainPCIAddressSetCreate(virDomainDefPtr def, - virQEMUCapsPtr qemuCaps, -@@ -1589,6 +1632,12 @@ qemuDomainPCIAddressSetCreate(virDomainDefPtr def, - if (virDomainDeviceInfoIterate(def, qemuDomainCollectPCIAddress, addrs) < 0) - goto error; - -+ if (virDomainDeviceInfoIterate(def, -+ qemuDomainCollectPCIAddressExtension, -+ addrs) < 0) { -+ goto error; -+ } -+ - return addrs; - - error: -@@ -2590,6 +2639,9 @@ qemuDomainAssignPCIAddresses(virDomainDefPtr def, - if (qemuDomainAssignDevicePCISlots(def, qemuCaps, addrs) < 0) - goto cleanup; - -+ if (virDomainDeviceInfoIterate(def, qemuDomainAssignPCIAddressExtension, addrs) < 0) -+ goto cleanup; -+ - /* Only for *new* domains with pcie-root (and no other - * manually specified PCI controllers in the definition): If, - * after assigning addresses/reserving slots for all devices, -@@ -2684,6 +2736,9 @@ qemuDomainAssignPCIAddresses(virDomainDefPtr def, - if (qemuDomainAssignDevicePCISlots(def, qemuCaps, addrs) < 0) - goto cleanup; - -+ if (virDomainDeviceInfoIterate(def, qemuDomainAssignPCIAddressExtension, addrs) < 0) -+ goto cleanup; -+ - /* set multi attribute for devices at function 0 of - * any slot that has multiple functions in use - */ -@@ -3143,8 +3198,10 @@ qemuDomainReleaseDeviceAddress(virDomainObjPtr vm, - if (!devstr) - devstr = info->alias; - -- if (virDeviceInfoPCIAddressPresent(info)) -+ if (virDeviceInfoPCIAddressPresent(info)) { - virDomainPCIAddressReleaseAddr(priv->pciaddrs, &info->addr.pci); -+ virDomainPCIAddressExtensionReleaseAddr(priv->pciaddrs, &info->addr.pci); -+ } - - if (virDomainUSBAddressRelease(priv->usbaddrs, info) < 0) - VIR_WARN("Unable to release USB address on %s", NULLSTR(devstr)); --- -2.22.0 - diff --git a/SOURCES/libvirt-conf-Don-t-format-http-cookies-unless-VIR_DOMAIN_DEF_FORMAT_SECURE-is-used.patch b/SOURCES/libvirt-conf-Don-t-format-http-cookies-unless-VIR_DOMAIN_DEF_FORMAT_SECURE-is-used.patch new file mode 100644 index 0000000..6c4c17c --- /dev/null +++ b/SOURCES/libvirt-conf-Don-t-format-http-cookies-unless-VIR_DOMAIN_DEF_FORMAT_SECURE-is-used.patch @@ -0,0 +1,58 @@ +From 898e0003ae21e9fbe49995980c8746e9d2ac9b8b Mon Sep 17 00:00:00 2001 +Message-Id: <898e0003ae21e9fbe49995980c8746e9d2ac9b8b@dist-git> +From: Peter Krempa +Date: Tue, 23 Jun 2020 14:23:06 +0200 +Subject: [PATCH] conf: Don't format http cookies unless + VIR_DOMAIN_DEF_FORMAT_SECURE is used + +Starting with 3b076391befc3fe72deb0c244ac6c2b4c100b410 +(v6.1.0-122-g3b076391be) we support http cookies. Since they may contain +somewhat sensitive information we should not format them into the XML +unless VIR_DOMAIN_DEF_FORMAT_SECURE is asserted. + +Reported-by: Han Han +Signed-off-by: Peter Krempa +Reviewed-by: Erik Skultety +(cherry picked from commit a5b064bf4b17a9884d7d361733737fb614ad8979) + +CVE-2020-14301 +Message-Id: <592a0b594666f580e743b6bd2b4ddccbd1e0cc7c.1592914898.git.pkrempa@redhat.com> + +Reviewed-by: Jiri Denemark +--- + src/conf/domain_conf.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c +index ed9ca0e9d8..60962ee7c1 100644 +--- a/src/conf/domain_conf.c ++++ b/src/conf/domain_conf.c +@@ -24377,11 +24377,15 @@ virDomainSourceDefFormatSeclabel(virBufferPtr buf, + + static void + virDomainDiskSourceFormatNetworkCookies(virBufferPtr buf, +- virStorageSourcePtr src) ++ virStorageSourcePtr src, ++ unsigned int flags) + { + g_auto(virBuffer) childBuf = VIR_BUFFER_INIT_CHILD(buf); + size_t i; + ++ if (!(flags & VIR_DOMAIN_DEF_FORMAT_SECURE)) ++ return; ++ + for (i = 0; i < src->ncookies; i++) { + virBufferEscapeString(&childBuf, "", src->cookies[i]->name); + virBufferEscapeString(&childBuf, "%s\n", src->cookies[i]->value); +@@ -24442,7 +24446,7 @@ virDomainDiskSourceFormatNetwork(virBufferPtr attrBuf, + virTristateBoolTypeToString(src->sslverify)); + } + +- virDomainDiskSourceFormatNetworkCookies(childBuf, src); ++ virDomainDiskSourceFormatNetworkCookies(childBuf, src, flags); + + if (src->readahead) + virBufferAsprintf(childBuf, "\n", src->readahead); +-- +2.27.0 + diff --git a/SOURCES/libvirt-conf-Don-t-generate-machine-names-with-a-dot.patch b/SOURCES/libvirt-conf-Don-t-generate-machine-names-with-a-dot.patch new file mode 100644 index 0000000..1a24e0b --- /dev/null +++ b/SOURCES/libvirt-conf-Don-t-generate-machine-names-with-a-dot.patch @@ -0,0 +1,97 @@ +From 3ff27fe469c36e5655231f6759150350b17de298 Mon Sep 17 00:00:00 2001 +Message-Id: <3ff27fe469c36e5655231f6759150350b17de298@dist-git> +From: Michal Privoznik +Date: Fri, 13 Mar 2020 13:08:09 +0100 +Subject: [PATCH] conf: Don't generate machine names with a dot +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +According to the linked BZ, machined expects either valid +hostname or valid FQDN (see systemd commit +v239-3092-gd65652f1f2). While in case of multiple dots, a +trailing one doesn't violate FQDN, it does violate the rule in +case of something simple, like "domain.". But it's safe to remove +it in both cases. + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1808499 +Fixes: 45464db8ba502764cf37ec9335770248bdb3d9a8 + +Signed-off-by: Michal Privoznik +Reviewed-by: Ján Tomko +(cherry picked from commit 2695191a44eb7375225b4ad073825ed3563a172a) +Signed-off-by: Michal Privoznik +Message-Id: <355e05e31ec98522fa0e03a0c2c7af8ca097070d.1584101247.git.mprivozn@redhat.com> +Reviewed-by: Ján Tomko +--- + src/conf/domain_conf.c | 14 +++++++------- + tests/virsystemdtest.c | 5 +++-- + 2 files changed, 10 insertions(+), 9 deletions(-) + +diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c +index 4b297c96bc..b3c4084c38 100644 +--- a/src/conf/domain_conf.c ++++ b/src/conf/domain_conf.c +@@ -30688,20 +30688,20 @@ static void + virDomainMachineNameAppendValid(virBufferPtr buf, + const char *name) + { +- bool skip_dot = false; ++ bool skip = true; + + for (; *name; name++) { + if (strlen(virBufferCurrentContent(buf)) >= 64) + break; + +- if (*name == '.') { +- if (!skip_dot) ++ if (*name == '.' || *name == '-') { ++ if (!skip) + virBufferAddChar(buf, *name); +- skip_dot = true; ++ skip = true; + continue; + } + +- skip_dot = false; ++ skip = false; + + if (!strchr(HOSTNAME_CHARS, *name)) + continue; +@@ -30709,8 +30709,8 @@ virDomainMachineNameAppendValid(virBufferPtr buf, + virBufferAddChar(buf, *name); + } + +- /* trailing dashes are not allowed */ +- virBufferTrimChars(buf, "-"); ++ /* trailing dashes or dots are not allowed */ ++ virBufferTrimChars(buf, "-."); + } + + #undef HOSTNAME_CHARS +diff --git a/tests/virsystemdtest.c b/tests/virsystemdtest.c +index 26876850b8..eb510b40e4 100644 +--- a/tests/virsystemdtest.c ++++ b/tests/virsystemdtest.c +@@ -733,7 +733,7 @@ mymain(void) + TEST_MACHINE("demo", 1, "qemu-1-demo"); + TEST_MACHINE("demo-name", 2, "qemu-2-demo-name"); + TEST_MACHINE("demo!name", 3, "qemu-3-demoname"); +- TEST_MACHINE(".demo", 4, "qemu-4-.demo"); ++ TEST_MACHINE(".demo", 4, "qemu-4-demo"); + TEST_MACHINE("bull\U0001f4a9", 5, "qemu-5-bull"); + TEST_MACHINE("demo..name", 6, "qemu-6-demo.name"); + TEST_MACHINE("12345678901234567890123456789012345678901234567890123456789", 7, +@@ -743,7 +743,8 @@ mymain(void) + TEST_MACHINE("kstest-network-device-default-httpks_(c9eed63e-981e-48ec-acdc-56b3f8c5f678)", 100, + "qemu-100-kstest-network-device-default-httpksc9eed63e-981e-48ec"); + TEST_MACHINE("kstest-network-device-default-httpks_(c9eed63e-981e-48ec--cdc-56b3f8c5f678)", 10, +- "qemu-10-kstest-network-device-default-httpksc9eed63e-981e-48ec"); ++ "qemu-10-kstest-network-device-default-httpksc9eed63e-981e-48ec-c"); ++ TEST_MACHINE("demo.-.test.", 11, "qemu-11-demo.test"); + + # define TESTS_PM_SUPPORT_HELPER(name, function) \ + do { \ +-- +2.25.1 + diff --git a/SOURCES/libvirt-conf-Expose-virDomainSCSIDriveAddressIsUsed.patch b/SOURCES/libvirt-conf-Expose-virDomainSCSIDriveAddressIsUsed.patch deleted file mode 100644 index 9d79b6a..0000000 --- a/SOURCES/libvirt-conf-Expose-virDomainSCSIDriveAddressIsUsed.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 2e3774564235a185a2cc4b7a22c17de17498db68 Mon Sep 17 00:00:00 2001 -Message-Id: <2e3774564235a185a2cc4b7a22c17de17498db68@dist-git> -From: Michal Privoznik -Date: Thu, 18 Apr 2019 19:36:31 +0200 -Subject: [PATCH] conf: Expose virDomainSCSIDriveAddressIsUsed - -RHEl-7.7: https://bugzilla.redhat.com/show_bug.cgi?id=1692296 -RHEL-8.1.0: https://bugzilla.redhat.com/show_bug.cgi?id=1692354 - -This function checks if given drive address is already present in -passed domain definition. Expose the function as it will be used -shortly. - -Signed-off-by: Michal Privoznik -Tested-by: Daniel Henrique Barboza -Reviewed-by: Jim Fehlig -(cherry picked from commit 89237d534f0fe950d06a2081089154160c6c2224) -Signed-off-by: Michal Privoznik -Message-Id: -Reviewed-by: Jiri Denemark ---- - src/conf/domain_conf.c | 2 +- - src/conf/domain_conf.h | 4 ++++ - src/libvirt_private.syms | 1 + - 3 files changed, 6 insertions(+), 1 deletion(-) - -diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c -index d431441f62..e62f78471c 100644 ---- a/src/conf/domain_conf.c -+++ b/src/conf/domain_conf.c -@@ -4404,7 +4404,7 @@ virDomainDriveAddressIsUsedByHostdev(const virDomainDef *def, - * Return true if the SCSI drive address is already in use, false - * otherwise. - */ --static bool -+bool - virDomainSCSIDriveAddressIsUsed(const virDomainDef *def, - const virDomainDeviceDriveAddress *addr) - { -diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h -index f05fca284f..dbccf2cf24 100644 ---- a/src/conf/domain_conf.h -+++ b/src/conf/domain_conf.h -@@ -2789,6 +2789,10 @@ virDomainXMLNamespacePtr - virDomainXMLOptionGetNamespace(virDomainXMLOptionPtr xmlopt) - ATTRIBUTE_NONNULL(1); - -+bool -+virDomainSCSIDriveAddressIsUsed(const virDomainDef *def, -+ const virDomainDeviceDriveAddress *addr); -+ - int virDomainDefPostParse(virDomainDefPtr def, - virCapsPtr caps, - unsigned int parseFlags, -diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms -index 624151056a..df27ac4b3a 100644 ---- a/src/libvirt_private.syms -+++ b/src/libvirt_private.syms -@@ -520,6 +520,7 @@ virDomainRunningReasonTypeToString; - virDomainSaveConfig; - virDomainSaveStatus; - virDomainSaveXML; -+virDomainSCSIDriveAddressIsUsed; - virDomainSeclabelTypeFromString; - virDomainSeclabelTypeToString; - virDomainShmemDefEquals; --- -2.21.0 - diff --git a/SOURCES/libvirt-conf-Fix-a-error-msg-typo-in-virDomainVideoDefValidate.patch b/SOURCES/libvirt-conf-Fix-a-error-msg-typo-in-virDomainVideoDefValidate.patch deleted file mode 100644 index c848359..0000000 --- a/SOURCES/libvirt-conf-Fix-a-error-msg-typo-in-virDomainVideoDefValidate.patch +++ /dev/null @@ -1,35 +0,0 @@ -From b1c91c78451c59b0ebe3aafa17eef764e69be28c Mon Sep 17 00:00:00 2001 -Message-Id: -From: Han Han -Date: Tue, 31 Jul 2018 10:42:27 +0200 -Subject: [PATCH] conf: Fix a error msg typo in virDomainVideoDefValidate - -https://bugzilla.redhat.com/show_bug.cgi?id=1607825 - -Introduced by commit d48813e8. - -Signed-off-by: Han Han -Reviewed-by: Erik Skultety -(cherry picked from commit d1c4480390da7243e37daee37f8a40cb439a6a7c) -Signed-off-by: Erik Skultety -Reviewed-by: Jiri Denemark ---- - src/conf/domain_conf.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c -index 23288aa01b..a05aad056d 100644 ---- a/src/conf/domain_conf.c -+++ b/src/conf/domain_conf.c -@@ -5697,7 +5697,7 @@ virDomainVideoDefValidate(const virDomainVideoDef *video, - if (def->videos[i]->type == VIR_DOMAIN_VIDEO_TYPE_NONE && - def->nvideos > 1) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", -- _("a '%s' video type must be the only video device " -+ _("a 'none' video type must be the only video device " - "defined for the domain")); - return -1; - } --- -2.18.0 - diff --git a/SOURCES/libvirt-conf-Fix-check-for-chardev-source-path.patch b/SOURCES/libvirt-conf-Fix-check-for-chardev-source-path.patch deleted file mode 100644 index 6aa4fef..0000000 --- a/SOURCES/libvirt-conf-Fix-check-for-chardev-source-path.patch +++ /dev/null @@ -1,113 +0,0 @@ -From 27213f01f9320cf0fec49980f78a100e64025ba4 Mon Sep 17 00:00:00 2001 -Message-Id: <27213f01f9320cf0fec49980f78a100e64025ba4@dist-git> -From: Andrea Bolognani -Date: Fri, 7 Sep 2018 17:53:32 +0200 -Subject: [PATCH] conf: Fix check for chardev source path -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Attempting to use a chardev definition like - - - - - -correctly results in an error being reported, since the source -path - a required piece of information - is missing; however, -the very similar - - - - - -was happily accepted by libvirt, only to result in libvirtd -crashing as soon as the guest was started. - -The issue was caused by checking the chardev's targetType -against whitelisted values from virDomainChrChannelTargetType -without first checking the chardev's deviceType to make sure -it is actually a channel, for which the check makes sense, -rather than a different type of chardev. - -The only reason this wasn't spotted earlier is that the -whitelisted values just so happen to correspond to USB and -PCI serial devices and Xen and UML consoles respectively, -all of which are fairly uncommon. - -https://bugzilla.redhat.com/show_bug.cgi?id=1609720 - -Signed-off-by: Andrea Bolognani -Reviewed-by: Ján Tomko -(cherry picked from commit 614193fac67445a7e92bf620ffef726ed1bd6f07) - -https://bugzilla.redhat.com/show_bug.cgi?id=1609723 - -Signed-off-by: Andrea Bolognani -Reviewed-by: Erik Skultety ---- - src/conf/domain_conf.c | 11 +++++++---- - .../serial-unix-missing-source.xml | 15 +++++++++++++++ - tests/qemuxml2argvtest.c | 1 + - 3 files changed, 23 insertions(+), 4 deletions(-) - create mode 100644 tests/qemuxml2argvdata/serial-unix-missing-source.xml - -diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c -index a881b43b51..240b33f28c 100644 ---- a/src/conf/domain_conf.c -+++ b/src/conf/domain_conf.c -@@ -5523,11 +5523,14 @@ virDomainChrSourceDefValidate(const virDomainChrSourceDef *def, - break; - - case VIR_DOMAIN_CHR_TYPE_UNIX: -- /* path can be auto generated */ -+ /* The source path can be auto generated for certain specific -+ * types of channels, but in most cases we should report an -+ * error if the user didn't provide it */ - if (!def->data.nix.path && -- (!chr_def || -- (chr_def->targetType != VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_XEN && -- chr_def->targetType != VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_VIRTIO))) { -+ !(chr_def && -+ chr_def->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CHANNEL && -+ (chr_def->targetType == VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_XEN || -+ chr_def->targetType == VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_VIRTIO))) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Missing source path attribute for char device")); - return -1; -diff --git a/tests/qemuxml2argvdata/serial-unix-missing-source.xml b/tests/qemuxml2argvdata/serial-unix-missing-source.xml -new file mode 100644 -index 0000000000..1e1221f12d ---- /dev/null -+++ b/tests/qemuxml2argvdata/serial-unix-missing-source.xml -@@ -0,0 +1,15 @@ -+ -+ guest -+ c7a5fdbd-edaf-9455-926a-d65c16db1809 -+ 1048576 -+ 1 -+ -+ hvm -+ -+ -+ /usr/bin/qemu-system-aarch64 -+ -+ -+ -+ -+ -diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c -index 608a2b6ce3..ebe9c8a131 100644 ---- a/tests/qemuxml2argvtest.c -+++ b/tests/qemuxml2argvtest.c -@@ -1363,6 +1363,7 @@ mymain(void) - DO_TEST("serial-unix-chardev", - QEMU_CAPS_DEVICE_ISA_SERIAL); - DO_TEST_CAPS_LATEST("serial-unix-chardev"); -+ DO_TEST_PARSE_ERROR("serial-unix-missing-source", NONE); - DO_TEST("serial-tcp-chardev", - QEMU_CAPS_DEVICE_ISA_SERIAL); - DO_TEST("serial-udp-chardev", --- -2.19.1 - diff --git a/SOURCES/libvirt-conf-Implement-support-for-slices-of-disk-source.patch b/SOURCES/libvirt-conf-Implement-support-for-slices-of-disk-source.patch new file mode 100644 index 0000000..3083b2c --- /dev/null +++ b/SOURCES/libvirt-conf-Implement-support-for-slices-of-disk-source.patch @@ -0,0 +1,143 @@ +From 6d5174acd7530d554ac2651f3e6a5da9f69fe6e4 Mon Sep 17 00:00:00 2001 +Message-Id: <6d5174acd7530d554ac2651f3e6a5da9f69fe6e4@dist-git> +From: Peter Krempa +Date: Wed, 19 Feb 2020 15:10:20 +0100 +Subject: [PATCH] conf: Implement support for of disk source +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Implement parsing and formatting of the 'storage' slice. + +Signed-off-by: Peter Krempa +Reviewed-by: Ján Tomko +(cherry picked from commit bbf5d05cfd003e33600009cac7ea98ef1539dd7c) + +https://bugzilla.redhat.com/show_bug.cgi?id=1791788 +Message-Id: +Reviewed-by: Ján Tomko +--- + src/conf/domain_conf.c | 86 ++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 86 insertions(+) + +diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c +index b46b92aecf..5c11f49463 100644 +--- a/src/conf/domain_conf.c ++++ b/src/conf/domain_conf.c +@@ -9441,6 +9441,57 @@ virDomainStorageSourceParseBase(const char *type, + } + + ++static virStorageSourceSlicePtr ++virDomainStorageSourceParseSlice(xmlNodePtr node, ++ xmlXPathContextPtr ctxt) ++{ ++ VIR_XPATH_NODE_AUTORESTORE(ctxt); ++ g_autofree char *offset = NULL; ++ g_autofree char *size = NULL; ++ g_autofree virStorageSourceSlicePtr ret = g_new0(virStorageSourceSlice, 1); ++ ++ ctxt->node = node; ++ ++ if (!(offset = virXPathString("string(./@offset)", ctxt)) || ++ !(size = virXPathString("string(./@size)", ctxt))) { ++ virReportError(VIR_ERR_XML_ERROR, "%s", ++ _("missing offset or size attribute of slice")); ++ return NULL; ++ } ++ ++ if (virStrToLong_ullp(offset, NULL, 10, &ret->offset) < 0) { ++ virReportError(VIR_ERR_XML_ERROR, ++ _("malformed value '%s' of 'offset' attribute of slice"), ++ offset); ++ return NULL; ++ } ++ ++ if (virStrToLong_ullp(size, NULL, 10, &ret->size) < 0) { ++ virReportError(VIR_ERR_XML_ERROR, ++ _("malformed value '%s' of 'size' attribute of slice"), ++ size); ++ return NULL; ++ } ++ ++ return g_steal_pointer(&ret); ++} ++ ++ ++static int ++virDomainStorageSourceParseSlices(virStorageSourcePtr src, ++ xmlXPathContextPtr ctxt) ++{ ++ xmlNodePtr node; ++ ++ if ((node = virXPathNode("./slices/slice[@type='storage']", ctxt))) { ++ if (!(src->sliceStorage = virDomainStorageSourceParseSlice(node, ctxt))) ++ return -1; ++ } ++ ++ return 0; ++} ++ ++ + /** + * virDomainStorageSourceParse: + * @node: XML node pointing to the source element to parse +@@ -9506,6 +9557,9 @@ virDomainStorageSourceParse(xmlNodePtr node, + if (virDomainDiskSourcePRParse(node, ctxt, &src->pr) < 0) + return -1; + ++ if (virDomainStorageSourceParseSlices(src, ctxt) < 0) ++ return -1; ++ + if (virSecurityDeviceLabelDefParseXML(&src->seclabels, &src->nseclabels, + ctxt, flags) < 0) + return -1; +@@ -24226,6 +24280,36 @@ virDomainDiskSourceFormatPrivateData(virBufferPtr buf, + } + + ++static void ++virDomainDiskSourceFormatSlice(virBufferPtr buf, ++ const char *slicetype, ++ virStorageSourceSlicePtr slice) ++{ ++ g_auto(virBuffer) attrBuf = VIR_BUFFER_INITIALIZER; ++ ++ if (!slice) ++ return; ++ ++ virBufferAsprintf(&attrBuf, " type='%s'", slicetype); ++ virBufferAsprintf(&attrBuf, " offset='%llu'", slice->offset); ++ virBufferAsprintf(&attrBuf, " size='%llu'", slice->size); ++ ++ virXMLFormatElement(buf, "slice", &attrBuf, NULL); ++} ++ ++ ++static void ++virDomainDiskSourceFormatSlices(virBufferPtr buf, ++ virStorageSourcePtr src) ++{ ++ g_auto(virBuffer) childBuf = VIR_BUFFER_INIT_CHILD(buf); ++ ++ virDomainDiskSourceFormatSlice(&childBuf, "storage", src->sliceStorage); ++ ++ virXMLFormatElement(buf, "slices", NULL, &childBuf); ++} ++ ++ + /** + * virDomainDiskSourceFormat: + * @buf: output buffer +@@ -24296,6 +24380,8 @@ virDomainDiskSourceFormat(virBufferPtr buf, + return -1; + } + ++ virDomainDiskSourceFormatSlices(&childBuf, src); ++ + if (src->type != VIR_STORAGE_TYPE_NETWORK) + virDomainSourceDefFormatSeclabel(&childBuf, src->nseclabels, + src->seclabels, flags); +-- +2.25.0 + diff --git a/SOURCES/libvirt-conf-Introduce-VIR_DOMAIN_TIMER_NAME_ARMVTIMER.patch b/SOURCES/libvirt-conf-Introduce-VIR_DOMAIN_TIMER_NAME_ARMVTIMER.patch new file mode 100644 index 0000000..ba2679f --- /dev/null +++ b/SOURCES/libvirt-conf-Introduce-VIR_DOMAIN_TIMER_NAME_ARMVTIMER.patch @@ -0,0 +1,129 @@ +From eb6bdf4798eea9bae5ddca1fdd13fb5ef6e99596 Mon Sep 17 00:00:00 2001 +Message-Id: +From: Andrea Bolognani +Date: Fri, 14 Feb 2020 13:12:35 +0100 +Subject: [PATCH] conf: Introduce VIR_DOMAIN_TIMER_NAME_ARMVTIMER +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This new timer model will be used to control the behavior of the +virtual timer for KVM ARM/virt guests. + +Signed-off-by: Andrea Bolognani +Reviewed-by: Masayoshi Mizuma +Reviewed-by: Ján Tomko +(cherry picked from commit 3809e88a87e5898c9cf3a277cb32e20fca8fb2d0) + +https://bugzilla.redhat.com/show_bug.cgi?id=1762634 + +Signed-off-by: Andrea Bolognani +Message-Id: <20200214121237.623948-5-abologna@redhat.com> +Reviewed-by: Ján Tomko +--- + docs/schemas/domaincommon.rng | 1 + + src/conf/domain_conf.c | 1 + + src/conf/domain_conf.h | 1 + + src/libxl/libxl_conf.c | 1 + + src/libxl/xen_common.c | 1 + + src/qemu/qemu_command.c | 2 ++ + src/qemu/qemu_domain.c | 3 +++ + 7 files changed, 10 insertions(+) + +diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng +index 026e753567..19476a2735 100644 +--- a/docs/schemas/domaincommon.rng ++++ b/docs/schemas/domaincommon.rng +@@ -1239,6 +1239,7 @@ + + hpet + pit ++ armvtimer + + + +diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c +index 58f72b3b0f..68d9ce9c4e 100644 +--- a/src/conf/domain_conf.c ++++ b/src/conf/domain_conf.c +@@ -1062,6 +1062,7 @@ VIR_ENUM_IMPL(virDomainTimerName, + "tsc", + "kvmclock", + "hypervclock", ++ "armvtimer", + ); + + VIR_ENUM_IMPL(virDomainTimerTrack, +diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h +index ee8eb3ddc0..ef2c1b80f7 100644 +--- a/src/conf/domain_conf.h ++++ b/src/conf/domain_conf.h +@@ -1989,6 +1989,7 @@ typedef enum { + VIR_DOMAIN_TIMER_NAME_TSC, + VIR_DOMAIN_TIMER_NAME_KVMCLOCK, + VIR_DOMAIN_TIMER_NAME_HYPERVCLOCK, ++ VIR_DOMAIN_TIMER_NAME_ARMVTIMER, + + VIR_DOMAIN_TIMER_NAME_LAST + } virDomainTimerNameType; +diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c +index 2488bb9d32..ffac890262 100644 +--- a/src/libxl/libxl_conf.c ++++ b/src/libxl/libxl_conf.c +@@ -361,6 +361,7 @@ libxlMakeDomBuildInfo(virDomainDefPtr def, + case VIR_DOMAIN_TIMER_NAME_HYPERVCLOCK: + case VIR_DOMAIN_TIMER_NAME_RTC: + case VIR_DOMAIN_TIMER_NAME_PIT: ++ case VIR_DOMAIN_TIMER_NAME_ARMVTIMER: + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("unsupported timer type (name) '%s'"), + virDomainTimerNameTypeToString(clock.timers[i]->name)); +diff --git a/src/libxl/xen_common.c b/src/libxl/xen_common.c +index 415549a42c..9a385eba0d 100644 +--- a/src/libxl/xen_common.c ++++ b/src/libxl/xen_common.c +@@ -2182,6 +2182,7 @@ xenFormatCPUFeatures(virConfPtr conf, virDomainDefPtr def) + case VIR_DOMAIN_TIMER_NAME_HYPERVCLOCK: + case VIR_DOMAIN_TIMER_NAME_RTC: + case VIR_DOMAIN_TIMER_NAME_PIT: ++ case VIR_DOMAIN_TIMER_NAME_ARMVTIMER: + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("unsupported timer type (name) '%s'"), + virDomainTimerNameTypeToString(def->clock.timers[i]->name)); +diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c +index 0ad09baa1d..e1e19e0fcc 100644 +--- a/src/qemu/qemu_command.c ++++ b/src/qemu/qemu_command.c +@@ -6200,6 +6200,7 @@ qemuBuildClockCommandLine(virCommandPtr cmd, + case VIR_DOMAIN_TIMER_NAME_TSC: + case VIR_DOMAIN_TIMER_NAME_KVMCLOCK: + case VIR_DOMAIN_TIMER_NAME_HYPERVCLOCK: ++ case VIR_DOMAIN_TIMER_NAME_ARMVTIMER: + /* Timers above are handled when building -cpu. */ + case VIR_DOMAIN_TIMER_NAME_LAST: + break; +@@ -6631,6 +6632,7 @@ qemuBuildCpuCommandLine(virCommandPtr cmd, + if (timer->frequency > 0) + virBufferAsprintf(&buf, ",tsc-frequency=%lu", timer->frequency); + break; ++ case VIR_DOMAIN_TIMER_NAME_ARMVTIMER: + case VIR_DOMAIN_TIMER_NAME_PLATFORM: + case VIR_DOMAIN_TIMER_NAME_PIT: + case VIR_DOMAIN_TIMER_NAME_RTC: +diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c +index 846d1ecb29..4de4f9da53 100644 +--- a/src/qemu/qemu_domain.c ++++ b/src/qemu/qemu_domain.c +@@ -5504,6 +5504,9 @@ qemuDomainDefValidateClockTimers(const virDomainDef *def, + return -1; + } + break; ++ ++ case VIR_DOMAIN_TIMER_NAME_ARMVTIMER: ++ break; + } + } + +-- +2.25.0 + diff --git a/SOURCES/libvirt-conf-Introduce-address-caching-for-PCI-extensions.patch b/SOURCES/libvirt-conf-Introduce-address-caching-for-PCI-extensions.patch deleted file mode 100644 index a186a21..0000000 --- a/SOURCES/libvirt-conf-Introduce-address-caching-for-PCI-extensions.patch +++ /dev/null @@ -1,241 +0,0 @@ -From 7888472ef1d57d992995a16dc7c9ba0fe18562a8 Mon Sep 17 00:00:00 2001 -Message-Id: <7888472ef1d57d992995a16dc7c9ba0fe18562a8@dist-git> -From: Yi Min Zhao -Date: Mon, 8 Apr 2019 10:57:22 +0200 -Subject: [PATCH] conf: Introduce address caching for PCI extensions -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This patch provides a caching mechanism for the device address -extensions uid and fid on S390. For efficient sparse address allocation, -we introduce two hash tables for uid/fid which hold the address set -information per domain. Also in order to improve performance of -searching available value, we introduce our own callbacks for the two -hashtables. In this way, uid/fid is saved in hash key and hash value -could be any non-NULL pointer due to no operation on hash value. That is -also the reason why we don't introduce hash value free callback. - -Signed-off-by: Yi Min Zhao -Reviewed-by: Boris Fiuczynski -Reviewed-by: Bjoern Walk -Reviewed-by: Ján Tomko -Reviewed-by: Andrea Bolognani - -(cherry picked from commit 28831e1f1ec001882e907f03f7618f7c00ebc98d) - -https://bugzilla.redhat.com/show_bug.cgi?id=1508149 - -Conflicts: - - * src/conf/domain_addr.h - + context - - missing b72183223f3b - -Signed-off-by: Andrea Bolognani -Message-Id: <20190408085732.28684-6-abologna@redhat.com> -Reviewed-by: Laine Stump -Reviewed-by: Ján Tomko ---- - src/bhyve/bhyve_device.c | 3 +- - src/conf/domain_addr.c | 93 +++++++++++++++++++++++++++++++++- - src/conf/domain_addr.h | 10 +++- - src/qemu/qemu_domain_address.c | 6 ++- - 4 files changed, 108 insertions(+), 4 deletions(-) - -diff --git a/src/bhyve/bhyve_device.c b/src/bhyve/bhyve_device.c -index 03aa6c93bd..8f0862b0b6 100644 ---- a/src/bhyve/bhyve_device.c -+++ b/src/bhyve/bhyve_device.c -@@ -71,7 +71,8 @@ bhyveDomainPCIAddressSetCreate(virDomainDefPtr def, unsigned int nbuses) - { - virDomainPCIAddressSetPtr addrs; - -- if ((addrs = virDomainPCIAddressSetAlloc(nbuses)) == NULL) -+ if ((addrs = virDomainPCIAddressSetAlloc(nbuses, -+ VIR_PCI_ADDRESS_EXTENSION_NONE)) == NULL) - return NULL; - - if (virDomainPCIAddressBusSetModel(&addrs->buses[0], -diff --git a/src/conf/domain_addr.c b/src/conf/domain_addr.c -index 39f22b82eb..3e33549c3d 100644 ---- a/src/conf/domain_addr.c -+++ b/src/conf/domain_addr.c -@@ -27,6 +27,7 @@ - #include "virlog.h" - #include "virstring.h" - #include "domain_addr.h" -+#include "virhashcode.h" - - #define VIR_FROM_THIS VIR_FROM_DOMAIN - -@@ -741,8 +742,93 @@ virDomainPCIAddressReleaseAddr(virDomainPCIAddressSetPtr addrs, - addrs->buses[addr->bus].slot[addr->slot].functions &= ~(1 << addr->function); - } - -+ -+static uint32_t -+virZPCIAddrKeyCode(const void *name, -+ uint32_t seed) -+{ -+ unsigned int value = *((unsigned int *)name); -+ return virHashCodeGen(&value, sizeof(value), seed); -+} -+ -+ -+static bool -+virZPCIAddrKeyEqual(const void *namea, -+ const void *nameb) -+{ -+ return *((unsigned int *)namea) == *((unsigned int *)nameb); -+} -+ -+ -+static void * -+virZPCIAddrKeyCopy(const void *name) -+{ -+ unsigned int *copy; -+ -+ if (VIR_ALLOC(copy) < 0) -+ return NULL; -+ -+ *copy = *((unsigned int *)name); -+ return (void *)copy; -+} -+ -+ -+static void -+virZPCIAddrKeyFree(void *name) -+{ -+ VIR_FREE(name); -+} -+ -+ -+static void -+virDomainPCIAddressSetExtensionFree(virDomainPCIAddressSetPtr addrs) -+{ -+ if (!addrs || !addrs->zpciIds) -+ return; -+ -+ virHashFree(addrs->zpciIds->uids); -+ virHashFree(addrs->zpciIds->fids); -+ VIR_FREE(addrs->zpciIds); -+} -+ -+ -+static int -+virDomainPCIAddressSetExtensionAlloc(virDomainPCIAddressSetPtr addrs, -+ virPCIDeviceAddressExtensionFlags extFlags) -+{ -+ if (extFlags & VIR_PCI_ADDRESS_EXTENSION_ZPCI) { -+ if (addrs->zpciIds) -+ return 0; -+ -+ if (VIR_ALLOC(addrs->zpciIds) < 0) -+ return -1; -+ -+ if (!(addrs->zpciIds->uids = virHashCreateFull(10, NULL, -+ virZPCIAddrKeyCode, -+ virZPCIAddrKeyEqual, -+ virZPCIAddrKeyCopy, -+ virZPCIAddrKeyFree))) -+ goto error; -+ -+ if (!(addrs->zpciIds->fids = virHashCreateFull(10, NULL, -+ virZPCIAddrKeyCode, -+ virZPCIAddrKeyEqual, -+ virZPCIAddrKeyCopy, -+ virZPCIAddrKeyFree))) -+ goto error; -+ } -+ -+ return 0; -+ -+ error: -+ virDomainPCIAddressSetExtensionFree(addrs); -+ return -1; -+} -+ -+ - virDomainPCIAddressSetPtr --virDomainPCIAddressSetAlloc(unsigned int nbuses) -+virDomainPCIAddressSetAlloc(unsigned int nbuses, -+ virPCIDeviceAddressExtensionFlags extFlags) - { - virDomainPCIAddressSetPtr addrs; - -@@ -753,6 +839,10 @@ virDomainPCIAddressSetAlloc(unsigned int nbuses) - goto error; - - addrs->nbuses = nbuses; -+ -+ if (virDomainPCIAddressSetExtensionAlloc(addrs, extFlags) < 0) -+ goto error; -+ - return addrs; - - error: -@@ -767,6 +857,7 @@ virDomainPCIAddressSetFree(virDomainPCIAddressSetPtr addrs) - if (!addrs) - return; - -+ virDomainPCIAddressSetExtensionFree(addrs); - VIR_FREE(addrs->buses); - VIR_FREE(addrs); - } -diff --git a/src/conf/domain_addr.h b/src/conf/domain_addr.h -index fd06008e26..b01e6b9d20 100644 ---- a/src/conf/domain_addr.h -+++ b/src/conf/domain_addr.h -@@ -116,6 +116,12 @@ typedef struct { - } virDomainPCIAddressBus; - typedef virDomainPCIAddressBus *virDomainPCIAddressBusPtr; - -+typedef struct { -+ virHashTablePtr uids; -+ virHashTablePtr fids; -+} virDomainZPCIAddressIds; -+typedef virDomainZPCIAddressIds *virDomainZPCIAddressIdsPtr; -+ - struct _virDomainPCIAddressSet { - virDomainPCIAddressBus *buses; - size_t nbuses; -@@ -125,6 +131,7 @@ struct _virDomainPCIAddressSet { - bool areMultipleRootsSupported; - /* If true, the guest can use the pcie-to-pci-bridge controller */ - bool isPCIeToPCIBridgeSupported; -+ virDomainZPCIAddressIdsPtr zpciIds; - }; - typedef struct _virDomainPCIAddressSet virDomainPCIAddressSet; - typedef virDomainPCIAddressSet *virDomainPCIAddressSetPtr; -@@ -132,7 +139,8 @@ typedef virDomainPCIAddressSet *virDomainPCIAddressSetPtr; - char *virDomainPCIAddressAsString(virPCIDeviceAddressPtr addr) - ATTRIBUTE_NONNULL(1); - --virDomainPCIAddressSetPtr virDomainPCIAddressSetAlloc(unsigned int nbuses); -+virDomainPCIAddressSetPtr virDomainPCIAddressSetAlloc(unsigned int nbuses, -+ virPCIDeviceAddressExtensionFlags extFlags); - - void virDomainPCIAddressSetFree(virDomainPCIAddressSetPtr addrs); - -diff --git a/src/qemu/qemu_domain_address.c b/src/qemu/qemu_domain_address.c -index 3d01d14b46..ba870d56b1 100644 ---- a/src/qemu/qemu_domain_address.c -+++ b/src/qemu/qemu_domain_address.c -@@ -1508,8 +1508,12 @@ qemuDomainPCIAddressSetCreate(virDomainDefPtr def, - size_t i; - bool hasPCIeRoot = false; - virDomainControllerModelPCI defaultModel; -+ virPCIDeviceAddressExtensionFlags extFlags = VIR_PCI_ADDRESS_EXTENSION_NONE; - -- if ((addrs = virDomainPCIAddressSetAlloc(nbuses)) == NULL) -+ if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_ZPCI)) -+ extFlags |= VIR_PCI_ADDRESS_EXTENSION_ZPCI; -+ -+ if ((addrs = virDomainPCIAddressSetAlloc(nbuses, extFlags)) == NULL) - return NULL; - - addrs->dryRun = dryRun; --- -2.22.0 - diff --git a/SOURCES/libvirt-conf-Introduce-extension-flag-and-zPCI-member-for-PCI-address.patch b/SOURCES/libvirt-conf-Introduce-extension-flag-and-zPCI-member-for-PCI-address.patch deleted file mode 100644 index 3093f57..0000000 --- a/SOURCES/libvirt-conf-Introduce-extension-flag-and-zPCI-member-for-PCI-address.patch +++ /dev/null @@ -1,283 +0,0 @@ -From 050eb598af9291f385998cb1127d5bdf83305501 Mon Sep 17 00:00:00 2001 -Message-Id: <050eb598af9291f385998cb1127d5bdf83305501@dist-git> -From: Yi Min Zhao -Date: Mon, 8 Apr 2019 10:57:21 +0200 -Subject: [PATCH] conf: Introduce extension flag and zPCI member for PCI - address -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This patch introduces PCI address extension flag for virDomainDeviceInfo -and virPCIDeviceAddress. The extension flag in virDomainDeviceInfo is -used internally during calculating PCI extension flag. The one in -virPCIDeviceAddress is the duplicate to indicate extension address is -being used. Currently only zPCI extension address is introduced to deal -with 'uid' and 'fid' on the S390 platform. - -Signed-off-by: Yi Min Zhao -Reviewed-by: Boris Fiuczynski -Reviewed-by: Ján Tomko -Reviewed-by: Andrea Bolognani - -(cherry picked from commit 478e5f90fd4c0c0a8c1b3a8e19b9cae93ed78a4e) - -https://bugzilla.redhat.com/show_bug.cgi?id=1508149 - -Conflicts: - - * src/qemu/qemu_domain_address.c - + context - - missing db98a426a640 - -Signed-off-by: Andrea Bolognani -Message-Id: <20190408085732.28684-5-abologna@redhat.com> -Reviewed-by: Laine Stump -Reviewed-by: Ján Tomko ---- - src/conf/device_conf.h | 4 + - src/conf/domain_addr.h | 5 ++ - src/qemu/qemu_domain_address.c | 140 ++++++++++++++++++++++++++++++++- - src/util/virpci.h | 2 + - 4 files changed, 149 insertions(+), 2 deletions(-) - -diff --git a/src/conf/device_conf.h b/src/conf/device_conf.h -index a31ce9c376..c79066ec02 100644 ---- a/src/conf/device_conf.h -+++ b/src/conf/device_conf.h -@@ -164,6 +164,10 @@ struct _virDomainDeviceInfo { - * assignment, never saved and never reported. - */ - int pciConnectFlags; /* enum virDomainPCIConnectFlags */ -+ /* pciAddrExtFlags is only used internally to calculate PCI -+ * address extension flags during address assignment. -+ */ -+ int pciAddrExtFlags; /* enum virDomainPCIAddressExtensionFlags */ - char *loadparm; - - /* PCI devices will only be automatically placed on a PCI bus -diff --git a/src/conf/domain_addr.h b/src/conf/domain_addr.h -index 3236b7d6de..fd06008e26 100644 ---- a/src/conf/domain_addr.h -+++ b/src/conf/domain_addr.h -@@ -29,6 +29,11 @@ - # define VIR_PCI_ADDRESS_SLOT_LAST 31 - # define VIR_PCI_ADDRESS_FUNCTION_LAST 7 - -+typedef enum { -+ VIR_PCI_ADDRESS_EXTENSION_NONE = 0, /* no extension */ -+ VIR_PCI_ADDRESS_EXTENSION_ZPCI = 1 << 0, /* zPCI support */ -+} virPCIDeviceAddressExtensionFlags; -+ - typedef enum { - VIR_PCI_CONNECT_HOTPLUGGABLE = 1 << 0, /* is hotplug needed/supported */ - -diff --git a/src/qemu/qemu_domain_address.c b/src/qemu/qemu_domain_address.c -index 79d2b9f9c4..3d01d14b46 100644 ---- a/src/qemu/qemu_domain_address.c -+++ b/src/qemu/qemu_domain_address.c -@@ -511,6 +511,64 @@ qemuDomainAssignARMVirtioMMIOAddresses(virDomainDefPtr def, - } - - -+static bool -+qemuDomainDeviceSupportZPCI(virDomainDeviceDefPtr device) -+{ -+ switch ((virDomainDeviceType)device->type) { -+ case VIR_DOMAIN_DEVICE_CHR: -+ return false; -+ -+ case VIR_DOMAIN_DEVICE_CONTROLLER: -+ case VIR_DOMAIN_DEVICE_DISK: -+ case VIR_DOMAIN_DEVICE_LEASE: -+ case VIR_DOMAIN_DEVICE_FS: -+ case VIR_DOMAIN_DEVICE_NET: -+ case VIR_DOMAIN_DEVICE_INPUT: -+ case VIR_DOMAIN_DEVICE_SOUND: -+ case VIR_DOMAIN_DEVICE_VIDEO: -+ case VIR_DOMAIN_DEVICE_HOSTDEV: -+ case VIR_DOMAIN_DEVICE_WATCHDOG: -+ case VIR_DOMAIN_DEVICE_GRAPHICS: -+ case VIR_DOMAIN_DEVICE_HUB: -+ case VIR_DOMAIN_DEVICE_REDIRDEV: -+ case VIR_DOMAIN_DEVICE_SMARTCARD: -+ case VIR_DOMAIN_DEVICE_MEMBALLOON: -+ case VIR_DOMAIN_DEVICE_NVRAM: -+ case VIR_DOMAIN_DEVICE_RNG: -+ case VIR_DOMAIN_DEVICE_SHMEM: -+ case VIR_DOMAIN_DEVICE_TPM: -+ case VIR_DOMAIN_DEVICE_PANIC: -+ case VIR_DOMAIN_DEVICE_MEMORY: -+ case VIR_DOMAIN_DEVICE_IOMMU: -+ case VIR_DOMAIN_DEVICE_VSOCK: -+ break; -+ -+ case VIR_DOMAIN_DEVICE_NONE: -+ case VIR_DOMAIN_DEVICE_LAST: -+ default: -+ virReportEnumRangeError(virDomainDeviceType, device->type); -+ return false; -+ } -+ -+ return true; -+} -+ -+ -+static virPCIDeviceAddressExtensionFlags -+qemuDomainDeviceCalculatePCIAddressExtensionFlags(virQEMUCapsPtr qemuCaps, -+ virDomainDeviceDefPtr dev) -+{ -+ virPCIDeviceAddressExtensionFlags extFlags = 0; -+ -+ if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_ZPCI) && -+ qemuDomainDeviceSupportZPCI(dev)) { -+ extFlags |= VIR_PCI_ADDRESS_EXTENSION_ZPCI; -+ } -+ -+ return extFlags; -+} -+ -+ - /** - * qemuDomainDeviceCalculatePCIConnectFlags: - * -@@ -993,6 +1051,56 @@ qemuDomainFillAllPCIConnectFlags(virDomainDefPtr def, - } - - -+/** -+ * qemuDomainFillDevicePCIExtensionFlagsIter: -+ * -+ * @def: the entire DomainDef -+ * @dev: The device to be checked -+ * @info: virDomainDeviceInfo within the device -+ * @opaque: qemu capabilities -+ * -+ * Sets the pciAddressExtFlags for a single device's info. Has properly -+ * formatted arguments to be called by virDomainDeviceInfoIterate(). -+ * -+ * Always returns 0 - there is no failure. -+ */ -+static int -+qemuDomainFillDevicePCIExtensionFlagsIter(virDomainDefPtr def ATTRIBUTE_UNUSED, -+ virDomainDeviceDefPtr dev, -+ virDomainDeviceInfoPtr info, -+ void *opaque) -+{ -+ virQEMUCapsPtr qemuCaps = opaque; -+ -+ info->pciAddrExtFlags = -+ qemuDomainDeviceCalculatePCIAddressExtensionFlags(qemuCaps, dev); -+ -+ return 0; -+} -+ -+ -+/** -+ * qemuDomainFillAllPCIExtensionFlags: -+ * -+ * @def: the entire DomainDef -+ * @qemuCaps: as you'd expect -+ * -+ * Set the info->pciAddressExtFlags for all devices in the domain. -+ * -+ * Returns 0 on success or -1 on failure (the only possibility of -+ * failure would be some internal problem with -+ * virDomainDeviceInfoIterate()) -+ */ -+static int -+qemuDomainFillAllPCIExtensionFlags(virDomainDefPtr def, -+ virQEMUCapsPtr qemuCaps) -+{ -+ return virDomainDeviceInfoIterate(def, -+ qemuDomainFillDevicePCIExtensionFlagsIter, -+ qemuCaps); -+} -+ -+ - /** - * qemuDomainFindUnusedIsolationGroupIter: - * @def: domain definition -@@ -1267,6 +1375,27 @@ qemuDomainFillDevicePCIConnectFlags(virDomainDefPtr def, - } - - -+/** -+ * qemuDomainFillDevicePCIExtensionFlags: -+ * -+ * @dev: The device to be checked -+ * @info: virDomainDeviceInfo within the device -+ * @qemuCaps: as you'd expect -+ * -+ * Set the info->pciAddressExtFlags for a single device. -+ * -+ * No return value. -+ */ -+static void -+qemuDomainFillDevicePCIExtensionFlags(virDomainDeviceDefPtr dev, -+ virDomainDeviceInfoPtr info, -+ virQEMUCapsPtr qemuCaps) -+{ -+ info->pciAddrExtFlags = -+ qemuDomainDeviceCalculatePCIAddressExtensionFlags(qemuCaps, dev); -+} -+ -+ - static int - qemuDomainPCIAddressReserveNextAddr(virDomainPCIAddressSetPtr addrs, - virDomainDeviceInfoPtr dev) -@@ -2400,6 +2529,9 @@ qemuDomainAssignPCIAddresses(virDomainDefPtr def, - if (qemuDomainFillAllPCIConnectFlags(def, qemuCaps, driver) < 0) - goto cleanup; - -+ if (qemuDomainFillAllPCIExtensionFlags(def, qemuCaps) < 0) -+ goto cleanup; -+ - if (qemuDomainSetupIsolationGroups(def) < 0) - goto cleanup; - -@@ -2435,7 +2567,8 @@ qemuDomainAssignPCIAddresses(virDomainDefPtr def, - */ - virDomainDeviceInfo info = { - .pciConnectFlags = (VIR_PCI_CONNECT_HOTPLUGGABLE | -- VIR_PCI_CONNECT_TYPE_PCI_DEVICE) -+ VIR_PCI_CONNECT_TYPE_PCI_DEVICE), -+ .pciAddrExtFlags = VIR_PCI_ADDRESS_EXTENSION_NONE - }; - bool buses_reserved = true; - -@@ -2472,7 +2605,8 @@ qemuDomainAssignPCIAddresses(virDomainDefPtr def, - qemuDomainHasPCIeRoot(def)) { - virDomainDeviceInfo info = { - .pciConnectFlags = (VIR_PCI_CONNECT_HOTPLUGGABLE | -- VIR_PCI_CONNECT_TYPE_PCIE_DEVICE) -+ VIR_PCI_CONNECT_TYPE_PCIE_DEVICE), -+ .pciAddrExtFlags = VIR_PCI_ADDRESS_EXTENSION_NONE - }; - - /* if there isn't an empty pcie-root-port, this will -@@ -2989,6 +3123,8 @@ qemuDomainEnsurePCIAddress(virDomainObjPtr obj, - - qemuDomainFillDevicePCIConnectFlags(obj->def, dev, priv->qemuCaps, driver); - -+ qemuDomainFillDevicePCIExtensionFlags(dev, info, priv->qemuCaps); -+ - return virDomainPCIAddressEnsureAddr(priv->pciaddrs, info, - info->pciConnectFlags); - } -diff --git a/src/util/virpci.h b/src/util/virpci.h -index 01df652b86..b366d7d9c3 100644 ---- a/src/util/virpci.h -+++ b/src/util/virpci.h -@@ -49,6 +49,8 @@ struct _virPCIDeviceAddress { - unsigned int slot; - unsigned int function; - int multi; /* virTristateSwitch */ -+ int extFlags; /* enum virPCIDeviceAddressExtensionFlags */ -+ virZPCIDeviceAddress zpci; - }; - - typedef enum { --- -2.22.0 - diff --git a/SOURCES/libvirt-conf-Introduce-new-hostdev-attribute-display.patch b/SOURCES/libvirt-conf-Introduce-new-hostdev-attribute-display.patch deleted file mode 100644 index 2dc0045..0000000 --- a/SOURCES/libvirt-conf-Introduce-new-hostdev-attribute-display.patch +++ /dev/null @@ -1,416 +0,0 @@ -From 5ad0f7cc1b2444ee9355229316fb008919d22c71 Mon Sep 17 00:00:00 2001 -Message-Id: <5ad0f7cc1b2444ee9355229316fb008919d22c71@dist-git> -From: Erik Skultety -Date: Thu, 19 Jul 2018 15:04:02 +0200 -Subject: [PATCH] conf: Introduce new attribute 'display' -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -QEMU 2.12 introduced a new type of display for mediated devices using -vfio-pci backend which allows a mediated device to be used as a VGA -compatible device as an alternative to an emulated video device. QEMU -exposes this feature via a vfio device property 'display' with supported -values 'on/off/auto' (libvirt will default to 'off'). - -This patch adds the necessary bits to domain config handling in order to -expose this feature. Since there's no convenient way for libvirt to come -up with usable defaults for the display setting, simply because libvirt -is not able to figure out which of the display implementations - dma-buf -which requires OpenGL support vs vfio regions which doesn't need OpenGL -(works with OpenGL enabled too) - the underlying mdev uses. - -Reviewed-by: Ján Tomko -Signed-off-by: Erik Skultety -(cherry picked from commit d54e45b6edd7623e488a19e30bc4148a21fa8b03) - -https://bugzilla.redhat.com/show_bug.cgi?id=1475770 -Signed-off-by: Erik Skultety -Reviewed-by: Ján Tomko ---- - docs/formatdomain.html.in | 20 +++- - docs/schemas/domaincommon.rng | 5 + - src/conf/domain_conf.c | 19 +++- - src/conf/domain_conf.h | 1 + - src/qemu/qemu_domain.c | 98 ++++++++++++++++++- - .../qemuxml2argvdata/hostdev-mdev-display.xml | 39 ++++++++ - .../hostdev-mdev-display.xml | 47 +++++++++ - tests/qemuxml2xmltest.c | 1 + - 8 files changed, 222 insertions(+), 8 deletions(-) - create mode 100644 tests/qemuxml2argvdata/hostdev-mdev-display.xml - create mode 100644 tests/qemuxml2xmloutdata/hostdev-mdev-display.xml - -diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in -index 9dd22554ad..3554c3dc30 100644 ---- a/docs/formatdomain.html.in -+++ b/docs/formatdomain.html.in -@@ -4510,9 +4510,23 @@ - guest. Currently, model='vfio-pci' and - model='vfio-ccw' (Since 4.4.0) - is supported. Refer MDEV to create -- a mediated device on the host. There are also some implications on the -- usage of guest's address type depending on the model -- attribute, see the address element below. -+ a mediated device on the host. -+ Since 4.6.0 (QEMU 2.12) an optional -+ display attribute may be used to enable or disable -+ support for an accelerated remote desktop backed by a mediated -+ device (such as NVIDIA vGPU or Intel GVT-g) as an alternative to -+ emulated video devices. This attribute -+ is limited to model='vfio-pci' only. Supported values -+ are either on or off (default is 'off'). -+ It is required to use a -+ graphical framebuffer in order to -+ use this attribute, currently only supported with VNC, Spice and -+ egl-headless graphics devices. -+

-+ Note: There are also some implications on the usage of guest's -+ address type depending on the model attribute, -+ see the address element below. -+

- - -

-diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng -index 157726752c..be8430ab22 100644 ---- a/docs/schemas/domaincommon.rng -+++ b/docs/schemas/domaincommon.rng -@@ -4579,6 +4579,11 @@ - vfio-ccw - - -+ -+ -+ -+ -+ - - - -diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c -index 72086f9e86..830c298158 100644 ---- a/src/conf/domain_conf.c -+++ b/src/conf/domain_conf.c -@@ -7656,6 +7656,7 @@ virDomainHostdevDefParseXMLSubsys(xmlNodePtr node, - char *rawio = NULL; - char *backendStr = NULL; - char *model = NULL; -+ char *display = NULL; - int backend; - int ret = -1; - virDomainHostdevSubsysPCIPtr pcisrc = &def->source.subsys.u.pci; -@@ -7675,6 +7676,7 @@ virDomainHostdevDefParseXMLSubsys(xmlNodePtr node, - sgio = virXMLPropString(node, "sgio"); - rawio = virXMLPropString(node, "rawio"); - model = virXMLPropString(node, "model"); -+ display = virXMLPropString(node, "display"); - - /* @type is passed in from the caller rather than read from the - * xml document, because it is specified in different places for -@@ -7762,6 +7764,15 @@ virDomainHostdevDefParseXMLSubsys(xmlNodePtr node, - model); - goto cleanup; - } -+ -+ if (display && -+ (mdevsrc->display = virTristateSwitchTypeFromString(display)) <= 0) { -+ virReportError(VIR_ERR_XML_ERROR, -+ _("unknown value '%s' for attribute " -+ "'display'"), -+ display); -+ goto cleanup; -+ } - } - - switch (def->source.subsys.type) { -@@ -7815,6 +7826,7 @@ virDomainHostdevDefParseXMLSubsys(xmlNodePtr node, - VIR_FREE(rawio); - VIR_FREE(backendStr); - VIR_FREE(model); -+ VIR_FREE(display); - return ret; - } - -@@ -26568,9 +26580,14 @@ virDomainHostdevDefFormat(virBufferPtr buf, - virTristateBoolTypeToString(scsisrc->rawio)); - } - -- if (def->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV) -+ if (def->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV) { - virBufferAsprintf(buf, " model='%s'", - virMediatedDeviceModelTypeToString(mdevsrc->model)); -+ if (mdevsrc->display != VIR_TRISTATE_SWITCH_ABSENT) -+ virBufferAsprintf(buf, " display='%s'", -+ virTristateSwitchTypeToString(mdevsrc->display)); -+ } -+ - } - virBufferAddLit(buf, ">\n"); - virBufferAdjustIndent(buf, 2); -diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h -index 3deda1d978..8ca9558ceb 100644 ---- a/src/conf/domain_conf.h -+++ b/src/conf/domain_conf.h -@@ -382,6 +382,7 @@ typedef struct _virDomainHostdevSubsysMediatedDev virDomainHostdevSubsysMediated - typedef virDomainHostdevSubsysMediatedDev *virDomainHostdevSubsysMediatedDevPtr; - struct _virDomainHostdevSubsysMediatedDev { - int model; /* enum virMediatedDeviceModelType */ -+ int display; /* virTristateSwitch */ - char uuidstr[VIR_UUID_STRING_BUFLEN]; /* mediated device's uuid string */ - }; - -diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c -index 9498594857..5337f1ce55 100644 ---- a/src/qemu/qemu_domain.c -+++ b/src/qemu/qemu_domain.c -@@ -4451,9 +4451,48 @@ qemuDomainDeviceDefValidateNetwork(const virDomainNetDef *net) - - - static int --qemuDomainDeviceDefValidateHostdev(const virDomainHostdevDef *hostdev, -- const virDomainDef *def) -+qemuDomainMdevDefValidate(const virDomainHostdevSubsysMediatedDev *mdevsrc, -+ const virDomainDef *def, -+ virQEMUCapsPtr qemuCaps) - { -+ if (mdevsrc->display == VIR_TRISTATE_SWITCH_ABSENT) -+ return 0; -+ -+ if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_VFIO_PCI_DISPLAY)) { -+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", -+ _("display property of device vfio-pci is " -+ "not supported by this version of QEMU")); -+ return -1; -+ } -+ -+ if (mdevsrc->model != VIR_MDEV_MODEL_TYPE_VFIO_PCI) { -+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", -+ _(" attribute 'display' is only supported" -+ " with model='vfio-pci'")); -+ -+ return -1; -+ } -+ -+ if (mdevsrc->display == VIR_TRISTATE_SWITCH_ON) { -+ if (def->ngraphics == 0) { -+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", -+ _("graphics device is needed for attribute value " -+ "'display=on' in ")); -+ return -1; -+ } -+ } -+ -+ return 0; -+} -+ -+ -+static int -+qemuDomainDeviceDefValidateHostdev(const virDomainHostdevDef *hostdev, -+ const virDomainDef *def, -+ virQEMUCapsPtr qemuCaps) -+{ -+ const virDomainHostdevSubsysMediatedDev *mdevsrc; -+ - /* forbid capabilities mode hostdev in this kind of hypervisor */ - if (hostdev->mode == VIR_DOMAIN_HOSTDEV_MODE_CAPABILITIES) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, -@@ -4463,6 +4502,24 @@ qemuDomainDeviceDefValidateHostdev(const virDomainHostdevDef *hostdev, - return -1; - } - -+ if (hostdev->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS) { -+ switch ((virDomainHostdevSubsysType) hostdev->source.subsys.type) { -+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: -+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI: -+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI: -+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI_HOST: -+ break; -+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV: -+ mdevsrc = &hostdev->source.subsys.u.mdev; -+ return qemuDomainMdevDefValidate(mdevsrc, def, qemuCaps); -+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST: -+ default: -+ virReportEnumRangeError(virDomainHostdevSubsysType, -+ hostdev->source.subsys.type); -+ return -1; -+ } -+ } -+ - return 0; - } - -@@ -5595,7 +5652,8 @@ qemuDomainDeviceDefValidate(const virDomainDeviceDef *dev, - break; - - case VIR_DOMAIN_DEVICE_HOSTDEV: -- ret = qemuDomainDeviceDefValidateHostdev(dev->data.hostdev, def); -+ ret = qemuDomainDeviceDefValidateHostdev(dev->data.hostdev, def, -+ qemuCaps); - break; - - case VIR_DOMAIN_DEVICE_VIDEO: -@@ -6205,6 +6263,35 @@ qemuDomainVsockDefPostParse(virDomainVsockDefPtr vsock) - } - - -+static int -+qemuDomainHostdevDefMdevPostParse(virDomainHostdevSubsysMediatedDevPtr mdevsrc, -+ virQEMUCapsPtr qemuCaps) -+{ -+ /* QEMU 2.12 added support for vfio-pci display type, we default to -+ * 'display=off' to stay safe from future changes */ -+ if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_VFIO_PCI_DISPLAY) && -+ mdevsrc->display == VIR_TRISTATE_SWITCH_ABSENT) -+ mdevsrc->display = VIR_TRISTATE_SWITCH_OFF; -+ -+ return 0; -+} -+ -+ -+static int -+qemuDomainHostdevDefPostParse(virDomainHostdevDefPtr hostdev, -+ virQEMUCapsPtr qemuCaps) -+{ -+ virDomainHostdevSubsysPtr subsys = &hostdev->source.subsys; -+ -+ if (hostdev->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS && -+ hostdev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV && -+ qemuDomainHostdevDefMdevPostParse(&subsys->u.mdev, qemuCaps) < 0) -+ return -1; -+ -+ return 0; -+} -+ -+ - static int - qemuDomainDeviceDefPostParse(virDomainDeviceDefPtr dev, - const virDomainDef *def, -@@ -6255,11 +6342,14 @@ qemuDomainDeviceDefPostParse(virDomainDeviceDefPtr dev, - ret = qemuDomainVsockDefPostParse(dev->data.vsock); - break; - -+ case VIR_DOMAIN_DEVICE_HOSTDEV: -+ ret = qemuDomainHostdevDefPostParse(dev->data.hostdev, qemuCaps); -+ break; -+ - case VIR_DOMAIN_DEVICE_LEASE: - case VIR_DOMAIN_DEVICE_FS: - case VIR_DOMAIN_DEVICE_INPUT: - case VIR_DOMAIN_DEVICE_SOUND: -- case VIR_DOMAIN_DEVICE_HOSTDEV: - case VIR_DOMAIN_DEVICE_WATCHDOG: - case VIR_DOMAIN_DEVICE_GRAPHICS: - case VIR_DOMAIN_DEVICE_HUB: -diff --git a/tests/qemuxml2argvdata/hostdev-mdev-display.xml b/tests/qemuxml2argvdata/hostdev-mdev-display.xml -new file mode 100644 -index 0000000000..f37e08e1b9 ---- /dev/null -+++ b/tests/qemuxml2argvdata/hostdev-mdev-display.xml -@@ -0,0 +1,39 @@ -+ -+ QEMUGuest2 -+ c7a5fdbd-edaf-9455-926a-d65c16db1809 -+ 219136 -+ 219136 -+ 1 -+ -+ hvm -+ -+ -+ -+ destroy -+ restart -+ destroy -+ -+ /usr/bin/qemu-system-i686 -+ -+ -+ -+ -+

-+ -+ -+ -+ -+ -+ -+ -+ -+ -+
-+ -+ -+ -+ -+ -+ -diff --git a/tests/qemuxml2xmloutdata/hostdev-mdev-display.xml b/tests/qemuxml2xmloutdata/hostdev-mdev-display.xml -new file mode 100644 -index 0000000000..94c11b1199 ---- /dev/null -+++ b/tests/qemuxml2xmloutdata/hostdev-mdev-display.xml -@@ -0,0 +1,47 @@ -+ -+ QEMUGuest2 -+ c7a5fdbd-edaf-9455-926a-d65c16db1809 -+ 219136 -+ 219136 -+ 1 -+ -+ hvm -+ -+ -+ -+ destroy -+ restart -+ destroy -+ -+ /usr/bin/qemu-system-i686 -+ -+ -+ -+ -+
-+ -+ -+
-+ -+ -+ -+
-+ -+ -+ -+ -+ -+ -+