[libvirt] [PATCH v4 00/14] Introduce vGPU mdev framework to libvirt
yonglihe
yongli.he at intel.com
Wed Mar 29 02:05:54 UTC 2017
On 2017年03月27日 15:42, yonglihe wrote:
>
> Verify Summary:
> * the none rooted mode starting a high-privileges VM actually.
>
> The configurations is source generated default value except tls disabled.
>
>
> 1. rooted
>
> virsh define ./libvirt/vgpu-win10.xml
> Domain vgpu-win10 defined from ./libvirt/vgpu-win10.xml
>
> ubuntu at z-nuc-11:~/vgpu-meta/libvirt-stage$ virsh start vgpu-win10
> 2017-03-26 23:28:57.385+0000: 2886: info : libvirt version: 3.2.0
> 2017-03-26 23:28:57.385+0000: 2886: info : hostname: z-nuc-11.maas
> 2017-03-26 23:28:57.385+0000: 2886: warning : qemuDomainObjTaint:4155
> : Domain id=1 name='vgpu-win10'
> uuid=916c5c36-0437-11e7-a23d-830ed1295d00 is tainted: high-privileges
> 2017-03-26 23:28:58.010+0000: 2886: warning :
> virDomainAuditHostdev:456 : Unexpected hostdev type while encoding
> audit message: 4
> Domain vgpu-win10 started
>
>
> 2. None rooted
> virsh -c qemu:///session
> Welcome to lt-virsh, the virtualization interactive terminal.
>
> virsh # define ./libvirt/vgpu-win10.xml
> Domain vgpu-win10 defined from ./libvirt/vgpu-win10.xml
>
> virsh # start vgpu-win10
> 2017-03-26 23:38:11.220+0000: 2882: warning : qemuDomainObjTaint:4155
> : Domain id=4 name='vgpu-win10'
> uuid=916c5c36-0437-11e7-a23d-830ed1295d00 is tainted: high-privileges
> 2017-03-26 23:38:12.356+0000: 2882: warning :
> virDomainAuditHostdev:456 : Unexpected hostdev type while encoding
> audit message: 4
> Domain vgpu-win10 started
Please ignore above none rooted testing result, my fault. the proper
test given following result:
to successfully starting a non rooted vm, the following operation needed:
1.change the ownership/access right of the mdev corresponding vfio
sudo chown ubuntu:ubuntu /dev/vfio/0
2. set a correct ulimit -l for the vm
sudo sh -c "ulimit -l 3074424832 && exec su $LOGNAME"
otherwise, it running into the following error:
virsh # start vgpu-win10
internal error: Process exited prior to exec: libvirt: error : cannot
limit locked memory to 3074424832: Operation not permitted
my testing bed is Ubuntu 14.04, there is a similar bug ever reported:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1276719
I could not make sure if there is special requirements run virsh
directly from the source tree using the ./run scripts. fix me.
Yongli He
>
>
>
> Regards
> Yongli He
>
>> since v1:
>> - new <hostdev> attribute model introduced which tells libvirt which
>> device API
>> should be considered when auto-assigning guest address
>> - device_api is properly checked, thus taking the 'model' attribute
>> only as a
>> hint to assign "some" address
>> - new address type 'mdev' is introduced rather than using plain
>> <uuid> element,
>> since the address element is more conveniently extendable.
>> - the emulated mtty driver now works as well out of the box, so no HW
>> needed to
>> review this series --> let's try it :)
>> - fixed all the nits from v1
>>
>> since v2:
>> - dropped the patch introducing new address type 'mdev' since I added by
>> mistake and only after that realized that the device address type
>> enum is used
>> for guest addresses only
>> --> the mdevs are still identified by address element containing
>> an 'uuid'
>> attribute, I just dropped the enum
>> - resolved the driver hostdev list race condition raised by Pavel in
>> his review
>> --> the device API is now checked every time our internal mdev
>> object is
>> created as opposed to the previous version where because of the
>> model being
>> checked separately, the locking issues arose.
>> - rewrote the docs, reflecting the mdev address type drop change
>> - squashed all security related stuff into 1 patch, also added
>> app-armor bits
>> - as Pavel suggested, moved most of the mdev-related functions out of
>> virhostdev.c to virmdev.c
>> - added a few more test cases
>> - created a new branch 'mdev-next' on my github (more suitable name
>> than a
>> strict version number) on
>> https://github.com/eskultety/libvirt/commits/mdev-next
>>
>> since v3:
>> - 'undo' an accidental squash of virmdev.{c,h} module introduction
>> into patch
>> 4/15 and made it a separate patch again
>> - squash 5/15 into 4/15 as Pavel suggested
>> - dropped the NEWS patch, as I've so far got at least 4 merge
>> conflicts because
>> of it when rebasing...I'll add it before the series is ready to be
>> merged...or I'll forget about it like I usually do and add it later :/
>>
>> Erik
>>
>> Erik Skultety (14):
>> conf: hostdev: Enforce enum-in-switch compile-time checks
>> conf: hostdev: Introduce virDomainHostdevSubsysSCSIClear
>> conf: Introduce virDomainHostdevDefPostParse
>> util: Introduce new module virmdev
>> conf: Introduce new hostdev device type mdev
>> security: Enable labeling of vfio mediated devices
>> conf: Enable cold-plug of a mediated device
>> qemu: Assign PCI addresses for mediated devices as well
>> hostdev: Maintain a driver list of active mediated devices
>> qemu: cgroup: Adjust cgroups' logic to allow mediated devices
>> qemu: Bump the memory locking limit for mdevs as well
>> qemu: Format mdevs on qemu command line
>> test: Add some test cases for our test suite regarding the mdevs
>> docs: Document the new hostdev and address type 'mdev'
>>
>> docs/formatdomain.html.in | 46 +-
>> docs/schemas/domaincommon.rng | 22 +
>> po/POTFILES.in | 1 +
>> src/Makefile.am | 1 +
>> src/conf/domain_conf.c | 225 ++++++++--
>> src/conf/domain_conf.h | 9 +
>> src/libvirt_private.syms | 25 ++
>> src/qemu/qemu_command.c | 45 ++
>> src/qemu/qemu_command.h | 5 +
>> src/qemu/qemu_domain.c | 24 +-
>> src/qemu/qemu_domain.h | 1 +
>> src/qemu/qemu_domain_address.c | 14 +-
>> src/qemu/qemu_hostdev.c | 56 +++
>> src/qemu/qemu_hostdev.h | 10 +
>> src/qemu/qemu_hotplug.c | 2 +
>> src/security/security_apparmor.c | 22 +
>> src/security/security_dac.c | 43 ++
>> src/security/security_selinux.c | 45 ++
>> src/util/virhostdev.c | 165 ++++++-
>> src/util/virhostdev.h | 23 +
>> src/util/virmdev.c | 487
>> +++++++++++++++++++++
>> src/util/virmdev.h | 123 ++++++
>> tests/domaincapsschemadata/full.xml | 1 +
>> ...ml2argv-hostdev-mdev-invalid-target-address.xml | 33 ++
>> ...muxml2argv-hostdev-mdev-src-address-invalid.xml | 35 ++
>> .../qemuxml2argv-hostdev-mdev-unmanaged.args | 25 ++
>> .../qemuxml2argv-hostdev-mdev-unmanaged.xml | 35 ++
>> tests/qemuxml2argvtest.c | 9 +
>> .../qemuxml2xmlout-hostdev-mdev-unmanaged.xml | 40 ++
>> tests/qemuxml2xmltest.c | 1 +
>> 30 files changed, 1518 insertions(+), 55 deletions(-)
>> create mode 100644 src/util/virmdev.c
>> create mode 100644 src/util/virmdev.h
>> create mode 100644
>> tests/qemuxml2argvdata/qemuxml2argv-hostdev-mdev-invalid-target-address.xml
>> create mode 100644
>> tests/qemuxml2argvdata/qemuxml2argv-hostdev-mdev-src-address-invalid.xml
>> create mode 100644
>> tests/qemuxml2argvdata/qemuxml2argv-hostdev-mdev-unmanaged.args
>> create mode 100644
>> tests/qemuxml2argvdata/qemuxml2argv-hostdev-mdev-unmanaged.xml
>> create mode 100644
>> tests/qemuxml2xmloutdata/qemuxml2xmlout-hostdev-mdev-unmanaged.xml
>>
>
>
>
> --
> libvir-list mailing list
> libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20170329/f45de478/attachment-0001.htm>
More information about the libvir-list
mailing list