[libvirt] [PATCH v4 00/14] Introduce vGPU mdev framework to libvirt

yonglihe yongli.he at intel.com
Mon Mar 27 07:42:44 UTC 2017 

Verify Summary:
* the none rooted mode starting a high-privileges VM actually.

The configurations is source generated default value except tls disabled.


1. rooted

virsh define ./libvirt/vgpu-win10.xml
Domain vgpu-win10 defined from ./libvirt/vgpu-win10.xml

ubuntu at z-nuc-11:~/vgpu-meta/libvirt-stage$ virsh start vgpu-win10
2017-03-26 23:28:57.385+0000: 2886: info : libvirt version: 3.2.0
2017-03-26 23:28:57.385+0000: 2886: info : hostname: z-nuc-11.maas
2017-03-26 23:28:57.385+0000: 2886: warning : qemuDomainObjTaint:4155 : 
Domain id=1 name='vgpu-win10' uuid=916c5c36-0437-11e7-a23d-830ed1295d00 
is tainted: high-privileges
2017-03-26 23:28:58.010+0000: 2886: warning : virDomainAuditHostdev:456 
: Unexpected hostdev type while encoding audit message: 4
Domain vgpu-win10 started


2. None rooted
virsh -c qemu:///session
Welcome to lt-virsh, the virtualization interactive terminal.

virsh # define ./libvirt/vgpu-win10.xml
Domain vgpu-win10 defined from ./libvirt/vgpu-win10.xml

virsh # start vgpu-win10
2017-03-26 23:38:11.220+0000: 2882: warning : qemuDomainObjTaint:4155 : 
Domain id=4 name='vgpu-win10' uuid=916c5c36-0437-11e7-a23d-830ed1295d00 
is tainted: high-privileges
2017-03-26 23:38:12.356+0000: 2882: warning : virDomainAuditHostdev:456 
: Unexpected hostdev type while encoding audit message: 4
Domain vgpu-win10 started



Regards
Yongli He

> since v1:
> - new <hostdev> attribute model introduced which tells libvirt which device API
> should be considered when auto-assigning guest address
> - device_api is properly checked, thus taking the 'model' attribute only as a
> hint to assign "some" address
> - new address type 'mdev' is introduced rather than using plain <uuid> element,
> since the address element is more conveniently extendable.
> - the emulated mtty driver now works as well out of the box, so no HW needed to
> review this series --> let's try it :)
> - fixed all the nits from v1
>
> since v2:
> - dropped the patch introducing new address type 'mdev' since I added by
> mistake and only after that realized that the device address type enum is used
> for guest addresses only
>    --> the mdevs are still identified by address element containing an 'uuid'
>        attribute, I just dropped the enum
> - resolved the driver hostdev list race condition raised by Pavel in his review
>    --> the device API is now checked every time our internal mdev object is
>    created as opposed to the previous version where because of the model being
>    checked separately, the locking issues arose.
> - rewrote the docs, reflecting the mdev address type drop change
> - squashed all security related stuff into 1 patch, also added app-armor bits
> - as Pavel suggested, moved most of the mdev-related functions out of
> virhostdev.c to virmdev.c
> - added a few more test cases
> - created a new branch 'mdev-next' on my github (more suitable name than a
>    strict version number) on https://github.com/eskultety/libvirt/commits/mdev-next
>
> since v3:
> - 'undo' an accidental squash of virmdev.{c,h} module introduction into patch
>    4/15 and made it a separate patch again
> - squash 5/15 into 4/15 as Pavel suggested
> - dropped the NEWS patch, as I've so far got at least 4 merge conflicts because
> of it when rebasing...I'll add it before the series is ready to be
> merged...or I'll forget about it like I usually do and add it later :/
>
> Erik
>
> Erik Skultety (14):
>    conf: hostdev: Enforce enum-in-switch compile-time checks
>    conf: hostdev: Introduce virDomainHostdevSubsysSCSIClear
>    conf: Introduce virDomainHostdevDefPostParse
>    util: Introduce new module virmdev
>    conf: Introduce new hostdev device type mdev
>    security: Enable labeling of vfio mediated devices
>    conf: Enable cold-plug of a mediated device
>    qemu: Assign PCI addresses for mediated devices as well
>    hostdev: Maintain a driver list of active mediated devices
>    qemu: cgroup: Adjust cgroups' logic to allow mediated devices
>    qemu: Bump the memory locking limit for mdevs as well
>    qemu: Format mdevs on qemu command line
>    test: Add some test cases for our test suite regarding the mdevs
>    docs: Document the new hostdev and address type 'mdev'
>
>   docs/formatdomain.html.in                          |  46 +-
>   docs/schemas/domaincommon.rng                      |  22 +
>   po/POTFILES.in                                     |   1 +
>   src/Makefile.am                                    |   1 +
>   src/conf/domain_conf.c                             | 225 ++++++++--
>   src/conf/domain_conf.h                             |   9 +
>   src/libvirt_private.syms                           |  25 ++
>   src/qemu/qemu_command.c                            |  45 ++
>   src/qemu/qemu_command.h                            |   5 +
>   src/qemu/qemu_domain.c                             |  24 +-
>   src/qemu/qemu_domain.h                             |   1 +
>   src/qemu/qemu_domain_address.c                     |  14 +-
>   src/qemu/qemu_hostdev.c                            |  56 +++
>   src/qemu/qemu_hostdev.h                            |  10 +
>   src/qemu/qemu_hotplug.c                            |   2 +
>   src/security/security_apparmor.c                   |  22 +
>   src/security/security_dac.c                        |  43 ++
>   src/security/security_selinux.c                    |  45 ++
>   src/util/virhostdev.c                              | 165 ++++++-
>   src/util/virhostdev.h                              |  23 +
>   src/util/virmdev.c                                 | 487 +++++++++++++++++++++
>   src/util/virmdev.h                                 | 123 ++++++
>   tests/domaincapsschemadata/full.xml                |   1 +
>   ...ml2argv-hostdev-mdev-invalid-target-address.xml |  33 ++
>   ...muxml2argv-hostdev-mdev-src-address-invalid.xml |  35 ++
>   .../qemuxml2argv-hostdev-mdev-unmanaged.args       |  25 ++
>   .../qemuxml2argv-hostdev-mdev-unmanaged.xml        |  35 ++
>   tests/qemuxml2argvtest.c                           |   9 +
>   .../qemuxml2xmlout-hostdev-mdev-unmanaged.xml      |  40 ++
>   tests/qemuxml2xmltest.c                            |   1 +
>   30 files changed, 1518 insertions(+), 55 deletions(-)
>   create mode 100644 src/util/virmdev.c
>   create mode 100644 src/util/virmdev.h
>   create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-hostdev-mdev-invalid-target-address.xml
>   create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-hostdev-mdev-src-address-invalid.xml
>   create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-hostdev-mdev-unmanaged.args
>   create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-hostdev-mdev-unmanaged.xml
>   create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-hostdev-mdev-unmanaged.xml
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: vgpu-win10.xml
Type: text/xml
Size: 2390 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20170327/be8688a9/attachment-0001.xml>

More information about the libvir-list mailing list