[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] ad459d: tests: migration-test: Still run the
|
From: |
Peter Maydell |
|
Subject: |
[Qemu-commits] [qemu/qemu] ad459d: tests: migration-test: Still run the rest even if ... |
|
Date: |
Sun, 04 Jul 2021 10:29:13 -0700 |
Branch: refs/heads/staging
Home: https://github.com/qemu/qemu
Commit: ad459de9afb784084d6b84923063842cb1942859
https://github.com/qemu/qemu/commit/ad459de9afb784084d6b84923063842cb1942859
Author: Peter Xu <peterx@redhat.com>
Date: 2021-07-01 (Thu, 01 Jul 2021)
Changed paths:
M tests/qtest/migration-test.c
Log Message:
-----------
tests: migration-test: Still run the rest even if uffd missing
Currently we'll skip the whole migration-test if uffd missing.
It's a bit harsh - we can still run the rest besides postcopy! Enable them
when we still can.
It'll happen more frequently now after kernel UFFD_USER_MODE_ONLY introduced in
commit 37cd0575b8510159, as qemu test normally requires kernel faults. One
alternative is we disable kvm and create the uffd with UFFD_USER_MODE_ONLY for
all postcopy tests, however to be simple for now just skip postcopy tests only
by default. If we wanna run them use "sudo" or root, they'll still work. In
all cases, it's still better than running nothing for migration-test.
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Message-Id: <20210615175523.439830-2-peterx@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Commit: d8fcf20a5c555ad6f99778b476d4a59f29a55f8b
https://github.com/qemu/qemu/commit/d8fcf20a5c555ad6f99778b476d4a59f29a55f8b
Author: Peter Xu <peterx@redhat.com>
Date: 2021-07-01 (Thu, 01 Jul 2021)
Changed paths:
M tests/qtest/migration-test.c
Log Message:
-----------
tests: migration-test: Add dirty ring test
Add dirty ring test if kernel supports it. Add the dirty ring parameter on
source should be mostly enough, but let's change the dest too to make them
match always.
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20210615175523.439830-3-peterx@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Commit: bc3798815a1230ba29edc5bdc163a5a8a7e30906
https://github.com/qemu/qemu/commit/bc3798815a1230ba29edc5bdc163a5a8a7e30906
Author: Feng Lin <linfeng23@huawei.com>
Date: 2021-07-01 (Thu, 01 Jul 2021)
Changed paths:
M migration/qemu-file.c
Log Message:
-----------
migration: fix the memory overwriting risk in add_to_iovec
When testing migration, a Segmentation fault qemu core is generated.
0 error_free (err=0x1)
1 0x00007f8b862df647 in qemu_fclose (f=f@entry=0x55e06c247640)
2 0x00007f8b8516d59a in migrate_fd_cleanup (s=s@entry=0x55e06c0e1ef0)
3 0x00007f8b8516d66c in migrate_fd_cleanup_bh (opaque=0x55e06c0e1ef0)
4 0x00007f8b8626a47f in aio_bh_poll (ctx=ctx@entry=0x55e06b5a16d0)
5 0x00007f8b8626e71f in aio_dispatch (ctx=0x55e06b5a16d0)
6 0x00007f8b8626a33d in aio_ctx_dispatch (source=<optimized out>,
callback=<optimized out>, user_data=<optimized out>)
7 0x00007f8b866bdba4 in g_main_context_dispatch ()
8 0x00007f8b8626cde9 in glib_pollfds_poll ()
9 0x00007f8b8626ce62 in os_host_main_loop_wait (timeout=<optimized out>)
10 0x00007f8b8626cffd in main_loop_wait (nonblocking=nonblocking@entry=0)
11 0x00007f8b862ef01f in main_loop ()
Using gdb print the struct QEMUFile f = {
...,
iovcnt = 65, last_error = 21984,
last_error_obj = 0x1, shutdown = true
}
Well iovcnt is overflow, because the max size of MAX_IOV_SIZE is 64.
struct QEMUFile {
...;
struct iovec iov[MAX_IOV_SIZE];
unsigned int iovcnt;
int last_error;
Error *last_error_obj;
bool shutdown;
};
iovcnt and last_error is overwrited by add_to_iovec().
Right now, add_to_iovec() increase iovcnt before check the limit.
And it seems that add_to_iovec() assumes that iovcnt will set to zero
in qemu_fflush(). But qemu_fflush() will directly return when f->shutdown
is true.
The situation may occur when libvirtd restart during migration, after
f->shutdown is set, before calling qemu_file_set_error() in
qemu_file_shutdown().
So the safiest way is checking the iovcnt before increasing it.
Signed-off-by: Feng Lin <linfeng23@huawei.com>
Message-Id: <20210625062138.1899-1-linfeng23@huawei.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Fix typo in 'writeable' which is actually misnamed 'writable'
Commit: 519db663a661361fb746ca71ea6fa442eb80f1ec
https://github.com/qemu/qemu/commit/519db663a661361fb746ca71ea6fa442eb80f1ec
Author: Peter Xu <peterx@redhat.com>
Date: 2021-07-01 (Thu, 01 Jul 2021)
Changed paths:
M migration/migration.c
Log Message:
-----------
migration: Move yank outside qemu_start_incoming_migration()
Starting from commit b5eea99ec2f5c, qmp_migrate_recover() calls unregister
before calling qemu_start_incoming_migration(). I believe it wanted to mitigate
the next call to yank_register_instance(), but I think that's wrong.
Firstly, if during recover, we should keep the yank instance there, not
"quickly removing and adding it back".
Meanwhile, calling qmp_migrate_recover() twice with b5eea99ec2f5c will directly
crash the dest qemu (right now it can't; but it'll start to work right after
the next patch) because the 1st call of qmp_migrate_recover() will unregister
permanently when the channel failed to establish, then the 2nd call of
qmp_migrate_recover() crashes at yank_unregister_instance().
This patch fixes it by moving yank ops out of qemu_start_incoming_migration()
into qmp_migrate_incoming. For qmp_migrate_recover(), drop the unregister of
yank instance too since we keep it there during the recovery phase.
Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20210629181356.217312-2-peterx@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Commit: c12b81a9b66f1d6f09ad16dfd27beb207c29db19
https://github.com/qemu/qemu/commit/c12b81a9b66f1d6f09ad16dfd27beb207c29db19
Author: Peter Xu <peterx@redhat.com>
Date: 2021-07-01 (Thu, 01 Jul 2021)
Changed paths:
M migration/migration.c
Log Message:
-----------
migration: Allow reset of postcopy_recover_triggered when failed
It's possible qemu_start_incoming_migration() failed at any point, when it
happens we should reset postcopy_recover_triggered to false so that the user
can still retry with a saner incoming port.
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20210629181356.217312-3-peterx@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Commit: 5b6639c586cc77480c1f8c4b2ec82c5b4a572674
https://github.com/qemu/qemu/commit/5b6639c586cc77480c1f8c4b2ec82c5b4a572674
Author: Laurent Vivier <lvivier@redhat.com>
Date: 2021-07-01 (Thu, 01 Jul 2021)
Changed paths:
M migration/migration.c
Log Message:
-----------
migration: move wait-unplug loop to its own function
The loop is used in migration_thread() and bg_migration_thread(),
so we can move it to its own function and call it from these both places.
Moreover, in migration_thread() we have a wrong state transition from
SETUP to ACTIVE while state could be WAIT_UNPLUG. This is correctly
managed in bg_migration_thread() so use this code instead.
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Message-Id: <20210629155007.629086-2-lvivier@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Commit: 82d759bfb935b69bb757d6d81ce506399f3f027a
https://github.com/qemu/qemu/commit/82d759bfb935b69bb757d6d81ce506399f3f027a
Author: Laurent Vivier <lvivier@redhat.com>
Date: 2021-07-01 (Thu, 01 Jul 2021)
Changed paths:
M migration/migration.c
Log Message:
-----------
migration: failover: continue to wait card unplug on error
If the user cancels the migration in the unplug-wait state,
QEMU will try to plug back the card and this fails because the card
is partially unplugged.
To avoid the problem, continue to wait the card unplug, but to
allow the migration to be canceled if the card never finishes to unplug
use a timeout.
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1976852
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20210629155007.629086-3-lvivier@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Commit: bbead4b2b7d1b620a4a0194d979fd760a9a4dd76
https://github.com/qemu/qemu/commit/bbead4b2b7d1b620a4a0194d979fd760a9a4dd76
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: 2021-07-01 (Thu, 01 Jul 2021)
Changed paths:
M tools/virtiofsd/passthrough_ll.c
Log Message:
-----------
virtiofsd: use GDateTime for formatting timestamp for debug messages
The GDateTime APIs provided by GLib avoid portability pitfalls, such
as some platforms where 'struct timeval.tv_sec' field is still 'long'
instead of 'time_t'. When combined with automatic cleanup, GDateTime
often results in simpler code too.
Localtime is changed to UTC to avoid the need to grant extra seccomp
permissions for GLib's access of the timezone database.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20210611164319.67762-1-berrange@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Commit: 0def542b040006fb6b54f9a8c425adea694b11a9
https://github.com/qemu/qemu/commit/0def542b040006fb6b54f9a8c425adea694b11a9
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: 2021-07-01 (Thu, 01 Jul 2021)
Changed paths:
M docs/tools/virtiofsd.rst
Log Message:
-----------
docs: describe the security considerations with virtiofsd xattr mapping
Different guest xattr prefixes have distinct access control rules applied
by the guest. When remapping a guest xattr care must be taken that the
remapping does not allow the a guest user to bypass guest kernel access
control rules.
For example if 'trusted.*' which requires CAP_SYS_ADMIN is remapped
to 'user.virtiofs.trusted.*', an unprivileged guest user which can
write to 'user.*' can bypass the CAP_SYS_ADMIN control. Thus the
target of any remapping must be explicitly blocked from read/writes
by the guest, to prevent access control bypass.
The examples shown in the virtiofsd man page already do the right
thing and ensure safety, but the security implications of getting
this wrong were not made explicit. This could lead to host admins
and apps unwittingly creating insecure configurations.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210611120427.49736-1-berrange@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Commit: 4c199fac171d68a7812d359511f2c640c2f5cb08
https://github.com/qemu/qemu/commit/4c199fac171d68a7812d359511f2c640c2f5cb08
Author: Greg Kurz <groug@kaod.org>
Date: 2021-07-01 (Thu, 01 Jul 2021)
Changed paths:
M tools/virtiofsd/fuse_lowlevel.c
Log Message:
-----------
virtiofsd: Don't allow file creation with FUSE_OPEN
A well behaved FUSE client uses FUSE_CREATE to create files. It isn't
supposed to pass O_CREAT along a FUSE_OPEN request, as documented in
the "fuse_lowlevel.h" header :
/**
* Open a file
*
* Open flags are available in fi->flags. The following rules
* apply.
*
* - Creation (O_CREAT, O_EXCL, O_NOCTTY) flags will be
* filtered out / handled by the kernel.
But if the client happens to do it anyway, the server ends up passing
this flag to open() without the mandatory mode_t 4th argument. Since
open() is a variadic function, glibc will happily pass whatever it
finds on the stack to the syscall. If this file is compiled with
-D_FORTIFY_SOURCE=2, glibc will even detect that and abort:
*** invalid openat64 call: O_CREAT or O_TMPFILE without mode ***: terminated
Specifying O_CREAT with FUSE_OPEN is a protocol violation. Check this
in do_open(), print out a message and return an error to the client,
EINVAL like we already do when fuse_mbuf_iter_advance() fails.
The FUSE filesystem doesn't currently support O_TMPFILE, but the very
same would happen if O_TMPFILE was passed in a FUSE_OPEN request. Check
that as well.
Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <20210624101809.48032-1-groug@kaod.org>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Commit: 1e110cbf0222f3b98d404c7d9ca53eb90bf03978
https://github.com/qemu/qemu/commit/1e110cbf0222f3b98d404c7d9ca53eb90bf03978
Author: Vivek Goyal <vgoyal@redhat.com>
Date: 2021-07-01 (Thu, 01 Jul 2021)
Changed paths:
M tools/virtiofsd/fuse_common.h
M tools/virtiofsd/fuse_lowlevel.c
Log Message:
-----------
virtiofsd: Fix fuse setxattr() API change issue
With kernel header updates fuse_setxattr_in struct has grown in size.
But this new struct size only takes affect if user has opted in
for fuse feature FUSE_SETXATTR_EXT otherwise fuse continues to
send "fuse_setxattr_in" of older size. Older size is determined
by FUSE_COMPAT_SETXATTR_IN_SIZE.
Fix this. If we have not opted in for FUSE_SETXATTR_EXT, then
expect that we will get fuse_setxattr_in of size FUSE_COMPAT_SETXATTR_IN_SIZE
and not sizeof(struct fuse_sexattr_in).
Fixes: 278f064e4524 ("Update Linux headers to 5.13-rc4")
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Message-Id: <20210622150852.1507204-2-vgoyal@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Commit: fbaf1fac1b72273522bb0ba8654ec5cab59e47e9
https://github.com/qemu/qemu/commit/fbaf1fac1b72273522bb0ba8654ec5cab59e47e9
Author: Vivek Goyal <vgoyal@redhat.com>
Date: 2021-07-01 (Thu, 01 Jul 2021)
Changed paths:
M tools/virtiofsd/passthrough_ll.c
Log Message:
-----------
virtiofsd: Fix xattr operations overwriting errno
getxattr/setxattr/removexattr/listxattr operations handle regualar
and non-regular files differently. For the case of non-regular files
we do fchdir(/proc/self/fd) and the xattr operation and then revert
back to original working directory. After this we are saving errno
and that's buggy because fchdir() will overwrite the errno.
FCHDIR_NOFAIL(lo->proc_self_fd);
ret = getxattr(procname, name, value, size);
FCHDIR_NOFAIL(lo->root.fd);
if (ret == -1)
saverr = errno
In above example, if getxattr() failed, we will still return 0 to caller
as errno must have been written by FCHDIR_NOFAIL(lo->root.fd) call.
Fix all such instances and capture "errno" early and save in "saverr"
variable.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Message-Id: <20210622150852.1507204-3-vgoyal@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Commit: aae75c045a2101a70f2410e1e9a76e579e8c4466
https://github.com/qemu/qemu/commit/aae75c045a2101a70f2410e1e9a76e579e8c4466
Author: Vivek Goyal <vgoyal@redhat.com>
Date: 2021-07-01 (Thu, 01 Jul 2021)
Changed paths:
M tools/virtiofsd/fuse_lowlevel.c
M tools/virtiofsd/fuse_lowlevel.h
M tools/virtiofsd/passthrough_ll.c
Log Message:
-----------
virtiofsd: Add support for extended setxattr
Add the bits to enable support for setxattr_ext if fuse offers it. Do not
enable it by default yet. Let passthrough_ll opt-in. Enabling it by deafult
kind of automatically means that you are taking responsibility of clearing
SGID if ACL is set.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Message-Id: <20210622150852.1507204-4-vgoyal@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Fixed up double def in fuse_common.h
Commit: 86d6180eeec24d11f039a63163031461bdead030
https://github.com/qemu/qemu/commit/86d6180eeec24d11f039a63163031461bdead030
Author: Vivek Goyal <vgoyal@redhat.com>
Date: 2021-07-01 (Thu, 01 Jul 2021)
Changed paths:
M tools/virtiofsd/passthrough_seccomp.c
Log Message:
-----------
virtiofsd: Add umask to seccom allow list
Patches in this series are going to make use of "umask" syscall.
So allow it.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20210622150852.1507204-5-vgoyal@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Commit: cac20b60d39a5eaa585c8d24c39b0b1348664226
https://github.com/qemu/qemu/commit/cac20b60d39a5eaa585c8d24c39b0b1348664226
Author: Vivek Goyal <vgoyal@redhat.com>
Date: 2021-07-01 (Thu, 01 Jul 2021)
Changed paths:
M tools/virtiofsd/passthrough_ll.c
Log Message:
-----------
virtiofsd: Add capability to change/restore umask
When parent directory has default acl and a file is created in that
directory, then umask is ignored and final file permissions are
determined using default acl instead. (man 2 umask).
Currently, fuse applies the umask and sends modified mode in create
request accordingly. fuse server can set FUSE_DONT_MASK and tell
fuse client to not apply umask and fuse server will take care of
it as needed.
With posix acls enabled, requirement will be that we want umask
to determine final file mode if parent directory does not have
default acl.
So if posix acls are enabled, opt in for FUSE_DONT_MASK. virtiofsd
will set umask of the thread doing file creation. And host kernel
should use that umask if parent directory does not have default
acls, otherwise umask does not take affect.
Miklos mentioned that we already call unshare(CLONE_FS) for
every thread. That means umask has now become property of per
thread and it should be ok to manipulate it in file creation path.
This patch only adds capability to change umask and restore it. It
does not enable it yet. Next few patches will add capability to enable it
based on if user enabled posix_acl or not.
This should fix fstest generic/099.
Reported-by: Luis Henriques <lhenriques@suse.de>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20210622150852.1507204-6-vgoyal@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Commit: 0c278395e0b664590d5e42b44a9f758c0ddc23be
https://github.com/qemu/qemu/commit/0c278395e0b664590d5e42b44a9f758c0ddc23be
Author: Vivek Goyal <vgoyal@redhat.com>
Date: 2021-07-01 (Thu, 01 Jul 2021)
Changed paths:
M tools/virtiofsd/passthrough_ll.c
Log Message:
-----------
virtiofsd: Switch creds, drop FSETID for system.posix_acl_access xattr
When posix access acls are set on a file, it can lead to adjusting file
permissions (mode) as well. If caller does not have CAP_FSETID and it
also does not have membership of owner group, this will lead to clearing
SGID bit in mode.
Current fuse code is written in such a way that it expects file server
to take care of chaning file mode (permission), if there is a need.
Right now, host kernel does not clear SGID bit because virtiofsd is
running as root and has CAP_FSETID. For host kernel to clear SGID,
virtiofsd need to switch to gid of caller in guest and also drop
CAP_FSETID (if caller did not have it to begin with).
If SGID needs to be cleared, client will set the flag
FUSE_SETXATTR_ACL_KILL_SGID in setxattr request. In that case server
should kill sgid.
Currently just switch to uid/gid of the caller and drop CAP_FSETID
and that should do it.
This should fix the xfstest generic/375 test case.
We don't have to switch uid for this to work. That could be one optimization
that pass a parameter to lo_change_cred() to only switch gid and not uid.
Also this will not work whenever (if ever) we support idmapped mounts. In
that case it is possible that uid/gid in request are 0/0 but still we
need to clear SGID. So we will have to pick a non-root sgid and switch
to that instead. That's an TODO item for future when idmapped mount
support is introduced.
This patch only adds the capability to switch creds and drop FSETID
when acl xattr is set. This does not take affect yet. It can take
affect when next patch adds the capability to enable posix_acl.
Reported-by: Luis Henriques <lhenriques@suse.de>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Message-Id: <20210622150852.1507204-7-vgoyal@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Commit: fd4dadaf471a555718413519daf2e734496a9e21
https://github.com/qemu/qemu/commit/fd4dadaf471a555718413519daf2e734496a9e21
Author: Vivek Goyal <vgoyal@redhat.com>
Date: 2021-07-01 (Thu, 01 Jul 2021)
Changed paths:
M docs/tools/virtiofsd.rst
M tools/virtiofsd/helper.c
M tools/virtiofsd/passthrough_ll.c
Log Message:
-----------
virtiofsd: Add an option to enable/disable posix acls
fuse has an option FUSE_POSIX_ACL which needs to be opted in by fuse
server to enable posix acls. As of now we are not opting in for this,
so posix acls are disabled on virtiofs by default.
Add virtiofsd option "-o posix_acl/no_posix_acl" to let users enable/disable
posix acl support. By default it is disabled as of now due to performance
concerns with cache=none.
Currently even if file server has not opted in for FUSE_POSIX_ACL, user can
still query acl and set acl, and system.posix_acl_access and
system.posix_acl_default xattrs show up listxattr response.
Miklos said this is confusing. So he said lets block and filter
system.posix_acl_access and system.posix_acl_default xattrs in
getxattr/setxattr/listxattr if user has explicitly disabled
posix acls using -o no_posix_acl.
As of now continuing to keeping the existing behavior if user did not
specify any option to disable acl support due to concerns about backward
compatibility.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Message-Id: <20210622150852.1507204-8-vgoyal@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Commit: 1da4632ed423f1875efbd4eb75e8aa6dd282fb63
https://github.com/qemu/qemu/commit/1da4632ed423f1875efbd4eb75e8aa6dd282fb63
Author: Hyman Huang(黄勇) <huangy81@chinatelecom.cn>
Date: 2021-07-01 (Thu, 01 Jul 2021)
Changed paths:
M tests/migration/guestperf/engine.py
Log Message:
-----------
tests/migration: parse the thread-id key of CpuInfoFast
thread_id in CpuInfoFast is deprecated, parse thread-id instead
after execute qmp query-cpus-fast. fix this so that test can
go smoothly.
Signed-off-by: Hyman Huang(黄勇) <huangy81@chinatelecom.cn>
Message-Id:
<584578c0a0dd781cee45f72ddf517f6e6a41c504.1622729934.git.huangy81@chinatelecom.cn>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Commit: d065be013be6ea2c8ad4e24d02d419e2aab2b9b9
https://github.com/qemu/qemu/commit/d065be013be6ea2c8ad4e24d02d419e2aab2b9b9
Author: Hyman Huang(黄勇) <huangy81@chinatelecom.cn>
Date: 2021-07-01 (Thu, 01 Jul 2021)
Changed paths:
M tests/migration/guestperf/engine.py
Log Message:
-----------
tests/migration: fix "downtime_limit" type when "migrate-set-parameters"
migrate-set-parameters parse "downtime_limit" as integer type when
execute "migrate-set-parameters" before migration, and, the unit
dowtime_limit is milliseconds, fix this two so that test can go
smoothly.
Signed-off-by: Hyman Huang(黄勇) <huangy81@chinatelecom.cn>
Message-Id:
<31d82df24cc0c468dbe4d2d86730158ebf248071.1622729934.git.huangy81@chinatelecom.cn>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Commit: 9c21e61435e09a7a67f951a096b93183a7a5ad89
https://github.com/qemu/qemu/commit/9c21e61435e09a7a67f951a096b93183a7a5ad89
Author: Li Zhijian <lizhijian@cn.fujitsu.com>
Date: 2021-07-01 (Thu, 01 Jul 2021)
Changed paths:
M migration/rdma.c
Log Message:
-----------
migration/rdma: Use error_report to suppress errno message
Since the prior calls are successful, in this case a errno doesn't
indicate a real error which would just make us confused.
before:
(qemu) migrate -d rdma:192.168.22.23:8888
source_resolve_host RDMA Device opened: kernel name rxe_eth0 uverbs device name
uverbs2, infiniband_verbs class device path
/sys/class/infiniband_verbs/uverbs2, infiniband class device path
/sys/class/infiniband/rxe_eth0, transport: (2) Ethernet
rdma_get_cm_event != EVENT_ESTABLISHED after rdma_connect: No space left on
device
Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Message-Id: <20210628071959.23455-1-lizhijian@cn.fujitsu.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Commit: f722f6cb702de773359114bd29df1624642e66a0
https://github.com/qemu/qemu/commit/f722f6cb702de773359114bd29df1624642e66a0
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2021-07-04 (Sun, 04 Jul 2021)
Changed paths:
M docs/tools/virtiofsd.rst
M migration/migration.c
M migration/qemu-file.c
M migration/rdma.c
M tests/migration/guestperf/engine.py
M tests/qtest/migration-test.c
M tools/virtiofsd/fuse_common.h
M tools/virtiofsd/fuse_lowlevel.c
M tools/virtiofsd/fuse_lowlevel.h
M tools/virtiofsd/helper.c
M tools/virtiofsd/passthrough_ll.c
M tools/virtiofsd/passthrough_seccomp.c
Log Message:
-----------
Merge remote-tracking branch
'remotes/dgilbert-gitlab/tags/pull-migration-20210701a' into staging
Migration and virtiofs pull 2021-07-01
A bunch of small fixes and improvements; two particular to note:
a) Peter's fix to migration-test for uffd, means that a lot of
migration tests will start running in a lot of places again when they'd
previously been skipped.
b) Vivek's 'Fix fuse_setxattr...' fixes our build against an API
breakage in the kernel headers.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
# gpg: Signature made Thu 01 Jul 2021 15:13:47 BST
# gpg: using RSA key 45F5C71B4A0CB7FB977A9FA90516331EBC5BFDE7
# gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>"
[full]
# Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A 9FA9 0516 331E BC5B FDE7
* remotes/dgilbert-gitlab/tags/pull-migration-20210701a:
migration/rdma: Use error_report to suppress errno message
tests/migration: fix "downtime_limit" type when "migrate-set-parameters"
tests/migration: parse the thread-id key of CpuInfoFast
virtiofsd: Add an option to enable/disable posix acls
virtiofsd: Switch creds, drop FSETID for system.posix_acl_access xattr
virtiofsd: Add capability to change/restore umask
virtiofsd: Add umask to seccom allow list
virtiofsd: Add support for extended setxattr
virtiofsd: Fix xattr operations overwriting errno
virtiofsd: Fix fuse setxattr() API change issue
virtiofsd: Don't allow file creation with FUSE_OPEN
docs: describe the security considerations with virtiofsd xattr mapping
virtiofsd: use GDateTime for formatting timestamp for debug messages
migration: failover: continue to wait card unplug on error
migration: move wait-unplug loop to its own function
migration: Allow reset of postcopy_recover_triggered when failed
migration: Move yank outside qemu_start_incoming_migration()
migration: fix the memory overwriting risk in add_to_iovec
tests: migration-test: Add dirty ring test
tests: migration-test: Still run the rest even if uffd missing
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Compare: https://github.com/qemu/qemu/compare/b39b63a3d366...f722f6cb702d