Re: [PATCH v4 00/14] Introduce vGPU mdev framework to libvirt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Verify Summary:
* the none rooted mode starting a high-privileges VM actually.

The configurations is source generated default value except tls disabled.


1. rooted

virsh define ./libvirt/vgpu-win10.xml
Domain vgpu-win10 defined from ./libvirt/vgpu-win10.xml

ubuntu@z-nuc-11:~/vgpu-meta/libvirt-stage$ virsh start vgpu-win10
2017-03-26 23:28:57.385+0000: 2886: info : libvirt version: 3.2.0
2017-03-26 23:28:57.385+0000: 2886: info : hostname: z-nuc-11.maas
2017-03-26 23:28:57.385+0000: 2886: warning : qemuDomainObjTaint:4155 : Domain id=1 name='vgpu-win10' uuid=916c5c36-0437-11e7-a23d-830ed1295d00 is tainted: high-privileges 2017-03-26 23:28:58.010+0000: 2886: warning : virDomainAuditHostdev:456 : Unexpected hostdev type while encoding audit message: 4
Domain vgpu-win10 started


2. None rooted
virsh -c qemu:///session
Welcome to lt-virsh, the virtualization interactive terminal.

virsh # define ./libvirt/vgpu-win10.xml
Domain vgpu-win10 defined from ./libvirt/vgpu-win10.xml

virsh # start vgpu-win10
2017-03-26 23:38:11.220+0000: 2882: warning : qemuDomainObjTaint:4155 : Domain id=4 name='vgpu-win10' uuid=916c5c36-0437-11e7-a23d-830ed1295d00 is tainted: high-privileges 2017-03-26 23:38:12.356+0000: 2882: warning : virDomainAuditHostdev:456 : Unexpected hostdev type while encoding audit message: 4
Domain vgpu-win10 started



Regards
Yongli He

since v1:
- new <hostdev> attribute model introduced which tells libvirt which device API
should be considered when auto-assigning guest address
- device_api is properly checked, thus taking the 'model' attribute only as a
hint to assign "some" address
- new address type 'mdev' is introduced rather than using plain <uuid> element,
since the address element is more conveniently extendable.
- the emulated mtty driver now works as well out of the box, so no HW needed to
review this series --> let's try it :)
- fixed all the nits from v1

since v2:
- dropped the patch introducing new address type 'mdev' since I added by
mistake and only after that realized that the device address type enum is used
for guest addresses only
   --> the mdevs are still identified by address element containing an 'uuid'
       attribute, I just dropped the enum
- resolved the driver hostdev list race condition raised by Pavel in his review
   --> the device API is now checked every time our internal mdev object is
   created as opposed to the previous version where because of the model being
   checked separately, the locking issues arose.
- rewrote the docs, reflecting the mdev address type drop change
- squashed all security related stuff into 1 patch, also added app-armor bits
- as Pavel suggested, moved most of the mdev-related functions out of
virhostdev.c to virmdev.c
- added a few more test cases
- created a new branch 'mdev-next' on my github (more suitable name than a
   strict version number) on https://github.com/eskultety/libvirt/commits/mdev-next

since v3:
- 'undo' an accidental squash of virmdev.{c,h} module introduction into patch
   4/15 and made it a separate patch again
- squash 5/15 into 4/15 as Pavel suggested
- dropped the NEWS patch, as I've so far got at least 4 merge conflicts because
of it when rebasing...I'll add it before the series is ready to be
merged...or I'll forget about it like I usually do and add it later :/

Erik

Erik Skultety (14):
   conf: hostdev: Enforce enum-in-switch compile-time checks
   conf: hostdev: Introduce virDomainHostdevSubsysSCSIClear
   conf: Introduce virDomainHostdevDefPostParse
   util: Introduce new module virmdev
   conf: Introduce new hostdev device type mdev
   security: Enable labeling of vfio mediated devices
   conf: Enable cold-plug of a mediated device
   qemu: Assign PCI addresses for mediated devices as well
   hostdev: Maintain a driver list of active mediated devices
   qemu: cgroup: Adjust cgroups' logic to allow mediated devices
   qemu: Bump the memory locking limit for mdevs as well
   qemu: Format mdevs on qemu command line
   test: Add some test cases for our test suite regarding the mdevs
   docs: Document the new hostdev and address type 'mdev'

  docs/formatdomain.html.in                          |  46 +-
  docs/schemas/domaincommon.rng                      |  22 +
  po/POTFILES.in                                     |   1 +
  src/Makefile.am                                    |   1 +
  src/conf/domain_conf.c                             | 225 ++++++++--
  src/conf/domain_conf.h                             |   9 +
  src/libvirt_private.syms                           |  25 ++
  src/qemu/qemu_command.c                            |  45 ++
  src/qemu/qemu_command.h                            |   5 +
  src/qemu/qemu_domain.c                             |  24 +-
  src/qemu/qemu_domain.h                             |   1 +
  src/qemu/qemu_domain_address.c                     |  14 +-
  src/qemu/qemu_hostdev.c                            |  56 +++
  src/qemu/qemu_hostdev.h                            |  10 +
  src/qemu/qemu_hotplug.c                            |   2 +
  src/security/security_apparmor.c                   |  22 +
  src/security/security_dac.c                        |  43 ++
  src/security/security_selinux.c                    |  45 ++
  src/util/virhostdev.c                              | 165 ++++++-
  src/util/virhostdev.h                              |  23 +
  src/util/virmdev.c                                 | 487 +++++++++++++++++++++
  src/util/virmdev.h                                 | 123 ++++++
  tests/domaincapsschemadata/full.xml                |   1 +
  ...ml2argv-hostdev-mdev-invalid-target-address.xml |  33 ++
  ...muxml2argv-hostdev-mdev-src-address-invalid.xml |  35 ++
  .../qemuxml2argv-hostdev-mdev-unmanaged.args       |  25 ++
  .../qemuxml2argv-hostdev-mdev-unmanaged.xml        |  35 ++
  tests/qemuxml2argvtest.c                           |   9 +
  .../qemuxml2xmlout-hostdev-mdev-unmanaged.xml      |  40 ++
  tests/qemuxml2xmltest.c                            |   1 +
  30 files changed, 1518 insertions(+), 55 deletions(-)
  create mode 100644 src/util/virmdev.c
  create mode 100644 src/util/virmdev.h
  create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-hostdev-mdev-invalid-target-address.xml
  create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-hostdev-mdev-src-address-invalid.xml
  create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-hostdev-mdev-unmanaged.args
  create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-hostdev-mdev-unmanaged.xml
  create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-hostdev-mdev-unmanaged.xml


<domain type='kvm'>
  <name>vgpu-win10</name>
  <uuid>916c5c36-0437-11e7-a23d-830ed1295d00</uuid>
  <memory unit='KiB'>1953125</memory>
  <currentMemory unit='KiB'>1953125</currentMemory>
  <vcpu placement='static'>2</vcpu>
  <os>
    <type arch='x86_64' machine='pc-i440fx-2.3'>hvm</type>
    <!-- <loader type='rom'>$STAGE_DIR/../packages/seabios/bios.bin</loader> /-->
    <boot dev='hd'/>
  </os>
  <features>
    <acpi/>
  </features>
  <clock offset='utc'/>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>destroy</on_crash>


  <devices>
    <emulator>/usr/bin/qemu-system-x86_64</emulator>

    <disk type='file' device='disk'>
      <driver name='qemu' type='qcow2'  cache='none' io='native'/>
      <source file='$STAGE_DIR/win10-64.qcow2'/>
      <target dev='sda' bus='ide'/>
    </disk>

    <controller type='pci' index='0' model='pci-root'/>
    <controller type='usb' index='0' model='piix3-uhci'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
    </controller>
    <interface type='bridge'>
      <mac address='52:54:00:1b:8a:02'/>
      <source bridge='virbr0'/>
      <model type='e1000'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
    </interface>
    <serial type='pty'>
      <target port='0'/>
    </serial>
    <console type='pty'>
      <target type='serial' port='0'/>
    </console>
    <input type='mouse' bus='ps2'/>
    <input type='keyboard' bus='ps2'/>
    <video>
      <model type='cirrus' vram='67108864' heads='1' primary='yes'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
    </video>
   
     <graphics type='vnc' port='5900' autoport='yes'/>

    <hostdev mode='subsystem' type='mdev' managed='no' model='vfio-pci'>
      <source>
        <address type='mdev' uuid='894f3983-1a36-42b3-b52c-1024aca216be'/>
      </source>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
    </hostdev>

    <memballoon model='virtio'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </memballoon>


  </devices>

    <qemu:commandline>
        <qemu:arg value="-global"/>
        <qemu:arg value="PIIX4_PM.disable_s3=1"/>
        <qemu:arg value="-global"/>
        <qemu:arg value="PIIX4_PM.disable_s3=4=1"/>
    </qemu:commandline>


</domain>
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]
  Powered by Linux