On 2017年03月27日 15:42, yonglihe wrote:
Verify Summary:
* the none rooted mode starting a high-privileges VM actually.
The configurations is source generated default value except tls
disabled.
1. rooted
virsh define ./libvirt/vgpu-win10.xml
Domain vgpu-win10 defined from ./libvirt/vgpu-win10.xml
ubuntu@z-nuc-11:~/vgpu-meta/libvirt-stage$ virsh start vgpu-win10
2017-03-26 23:28:57.385+0000: 2886: info : libvirt version: 3.2.0
2017-03-26 23:28:57.385+0000: 2886: info : hostname: z-nuc-11.maas
2017-03-26 23:28:57.385+0000: 2886: warning :
qemuDomainObjTaint:4155 : Domain id=1 name='vgpu-win10'
uuid=916c5c36-0437-11e7-a23d-830ed1295d00 is tainted:
high-privileges
2017-03-26 23:28:58.010+0000: 2886: warning :
virDomainAuditHostdev:456 : Unexpected hostdev type while encoding
audit message: 4
Domain vgpu-win10 started
2. None rooted
virsh -c qemu:///session
Welcome to lt-virsh, the virtualization interactive terminal.
virsh # define ./libvirt/vgpu-win10.xml
Domain vgpu-win10 defined from ./libvirt/vgpu-win10.xml
virsh # start vgpu-win10
2017-03-26 23:38:11.220+0000: 2882: warning :
qemuDomainObjTaint:4155 : Domain id=4 name='vgpu-win10'
uuid=916c5c36-0437-11e7-a23d-830ed1295d00 is tainted:
high-privileges
2017-03-26 23:38:12.356+0000: 2882: warning :
virDomainAuditHostdev:456 : Unexpected hostdev type while encoding
audit message: 4
Domain vgpu-win10 started
Please ignore above none rooted testing result, my fault. the proper
test given following result:
to successfully starting a non rooted vm, the following operation
needed:
1.change the ownership/access right of the mdev corresponding vfio
sudo chown ubuntu:ubuntu /dev/vfio/0
2. set a correct ulimit -l for the vm
sudo sh -c "ulimit -l 3074424832 && exec su $LOGNAME"
otherwise, it running into the following error:
virsh # start vgpu-win10
internal error: Process exited prior to exec: libvirt: error :
cannot limit locked memory to 3074424832: Operation not permitted
my testing bed is Ubuntu 14.04, there is a similar bug ever
reported:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1276719
I could not make sure if there is special requirements
run virsh directly from
the source tree using the ./run scripts. fix me.
Yongli He
Regards
Yongli He
since v1:
- new <hostdev> attribute model introduced which tells
libvirt which device API
should be considered when auto-assigning guest address
- device_api is properly checked, thus taking the 'model'
attribute only as a
hint to assign "some" address
- new address type 'mdev' is introduced rather than using plain
<uuid> element,
since the address element is more conveniently extendable.
- the emulated mtty driver now works as well out of the box, so
no HW needed to
review this series --> let's try it :)
- fixed all the nits from v1
since v2:
- dropped the patch introducing new address type 'mdev' since I
added by
mistake and only after that realized that the device address
type enum is used
for guest addresses only
--> the mdevs are still identified by address element
containing an 'uuid'
attribute, I just dropped the enum
- resolved the driver hostdev list race condition raised by
Pavel in his review
--> the device API is now checked every time our internal
mdev object is
created as opposed to the previous version where because of
the model being
checked separately, the locking issues arose.
- rewrote the docs, reflecting the mdev address type drop change
- squashed all security related stuff into 1 patch, also added
app-armor bits
- as Pavel suggested, moved most of the mdev-related functions
out of
virhostdev.c to virmdev.c
- added a few more test cases
- created a new branch 'mdev-next' on my github (more suitable
name than a
strict version number) on
https://github.com/eskultety/libvirt/commits/mdev-next
since v3:
- 'undo' an accidental squash of virmdev.{c,h} module
introduction into patch
4/15 and made it a separate patch again
- squash 5/15 into 4/15 as Pavel suggested
- dropped the NEWS patch, as I've so far got at least 4 merge
conflicts because
of it when rebasing...I'll add it before the series is ready to
be
merged...or I'll forget about it like I usually do and add it
later :/
Erik
Erik Skultety (14):
conf: hostdev: Enforce enum-in-switch compile-time checks
conf: hostdev: Introduce virDomainHostdevSubsysSCSIClear
conf: Introduce virDomainHostdevDefPostParse
util: Introduce new module virmdev
conf: Introduce new hostdev device type mdev
security: Enable labeling of vfio mediated devices
conf: Enable cold-plug of a mediated device
qemu: Assign PCI addresses for mediated devices as well
hostdev: Maintain a driver list of active mediated devices
qemu: cgroup: Adjust cgroups' logic to allow mediated devices
qemu: Bump the memory locking limit for mdevs as well
qemu: Format mdevs on qemu command line
test: Add some test cases for our test suite regarding the
mdevs
docs: Document the new hostdev and address type 'mdev'
docs/formatdomain.html.in | 46 +-
docs/schemas/domaincommon.rng | 22 +
po/POTFILES.in | 1 +
src/Makefile.am | 1 +
src/conf/domain_conf.c | 225
++++++++--
src/conf/domain_conf.h | 9 +
src/libvirt_private.syms | 25 ++
src/qemu/qemu_command.c | 45 ++
src/qemu/qemu_command.h | 5 +
src/qemu/qemu_domain.c | 24 +-
src/qemu/qemu_domain.h | 1 +
src/qemu/qemu_domain_address.c | 14 +-
src/qemu/qemu_hostdev.c | 56 +++
src/qemu/qemu_hostdev.h | 10 +
src/qemu/qemu_hotplug.c | 2 +
src/security/security_apparmor.c | 22 +
src/security/security_dac.c | 43 ++
src/security/security_selinux.c | 45 ++
src/util/virhostdev.c | 165
++++++-
src/util/virhostdev.h | 23 +
src/util/virmdev.c | 487
+++++++++++++++++++++
src/util/virmdev.h | 123
++++++
tests/domaincapsschemadata/full.xml | 1 +
...ml2argv-hostdev-mdev-invalid-target-address.xml | 33 ++
...muxml2argv-hostdev-mdev-src-address-invalid.xml | 35 ++
.../qemuxml2argv-hostdev-mdev-unmanaged.args | 25 ++
.../qemuxml2argv-hostdev-mdev-unmanaged.xml | 35 ++
tests/qemuxml2argvtest.c | 9 +
.../qemuxml2xmlout-hostdev-mdev-unmanaged.xml | 40 ++
tests/qemuxml2xmltest.c | 1 +
30 files changed, 1518 insertions(+), 55 deletions(-)
create mode 100644 src/util/virmdev.c
create mode 100644 src/util/virmdev.h
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-hostdev-mdev-invalid-target-address.xml
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-hostdev-mdev-src-address-invalid.xml
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-hostdev-mdev-unmanaged.args
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-hostdev-mdev-unmanaged.xml
create mode 100644
tests/qemuxml2xmloutdata/qemuxml2xmlout-hostdev-mdev-unmanaged.xml
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
|
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list