[v1] Misc next patches

[PULL 00/10] Misc next patches

Posted by Daniel P. Berrangé 2 years, 2 months ago

The following changes since commit ad38520bdeb2b1e0b487db317f29119e94c1c88d:

  Merge remote-tracking branch 'remotes/stefanha-gitlab/tags/block-pull-request' into staging (2022-02-15 19:30:33 +0000)

are available in the Git repository at:

  https://gitlab.com/berrange/qemu tags/misc-next-pull-request

for you to fetch changes up to 2720ceda0521bc43139cfdf45e3e470559e11ce3:

  docs: expand firmware descriptor to allow flash without NVRAM (2022-02-16 18:53:26 +0000)

----------------------------------------------------------------
This misc series of changes:

 - Improves documentation of SSH fingerprint checking
 - Fixes SHA256 fingerprints with non-blockdev usage
 - Blocks the clone3, setns, unshare & execveat syscalls
   with seccomp
 - Blocks process spawning via clone syscall, but allows
   threads, with seccomp
 - Takes over seccomp maintainer role
 - Expands firmware descriptor spec to allow flash
   without NVRAM

----------------------------------------------------------------

Daniel P. Berrangé (10):
  block: better document SSH host key fingerprint checking
  block: support sha256 fingerprint with pre-blockdev options
  block: print the server key type and fingerprint on failure
  seccomp: allow action to be customized per syscall
  seccomp: add unit test for seccomp filtering
  seccomp: fix blocking of process spawning
  seccomp: block use of clone3 syscall
  seccomp: block setns, unshare and execveat syscalls
  MAINTAINERS: take over seccomp from Eduardo Otubo
  docs: expand firmware descriptor to allow flash without NVRAM

 MAINTAINERS                            |   5 +-
 block/ssh.c                            |  42 +++-
 docs/interop/firmware.json             |  54 ++++-
 docs/system/qemu-block-drivers.rst.inc |  30 ++-
 softmmu/qemu-seccomp.c                 | 282 +++++++++++++++++++------
 tests/unit/meson.build                 |   4 +
 tests/unit/test-seccomp.c              | 269 +++++++++++++++++++++++
 7 files changed, 599 insertions(+), 87 deletions(-)
 create mode 100644 tests/unit/test-seccomp.c

-- 
2.34.1

Re: [PULL 00/10] Misc next patches

Posted by Peter Maydell 2 years, 2 months ago

On Thu, 17 Feb 2022 at 12:01, Daniel P. Berrangé <berrange@redhat.com> wrote:
>
> The following changes since commit ad38520bdeb2b1e0b487db317f29119e94c1c88d:
>
>   Merge remote-tracking branch 'remotes/stefanha-gitlab/tags/block-pull-request' into staging (2022-02-15 19:30:33 +0000)
>
> are available in the Git repository at:
>
>   https://gitlab.com/berrange/qemu tags/misc-next-pull-request
>
> for you to fetch changes up to 2720ceda0521bc43139cfdf45e3e470559e11ce3:
>
>   docs: expand firmware descriptor to allow flash without NVRAM (2022-02-16 18:53:26 +0000)
>
> ----------------------------------------------------------------
> This misc series of changes:
>
>  - Improves documentation of SSH fingerprint checking
>  - Fixes SHA256 fingerprints with non-blockdev usage
>  - Blocks the clone3, setns, unshare & execveat syscalls
>    with seccomp
>  - Blocks process spawning via clone syscall, but allows
>    threads, with seccomp
>  - Takes over seccomp maintainer role
>  - Expands firmware descriptor spec to allow flash
>    without NVRAM

Hi; this series seems to cause the x64-freebsd-13-build to fail:
https://gitlab.com/qemu-project/qemu/-/jobs/2112237501

1/1 qemu:block / qemu-iotests qcow2 ERROR 155.99s exit status 1
▶ 469/707 /or1k/qmp/x-query-opcount OK
▶ 493/707 /ppc64/pnv-xscom/cfam_id/POWER8NVL OK
Summary of Failures:
1/1 qemu:block / qemu-iotests qcow2 ERROR 155.99s exit status 1
Ok: 0
Expected Fail: 0
Fail: 1
Unexpected Pass: 0
Skipped: 0
Timeout: 0
Full log written to /tmp/cirrus-ci-build/build/meson-logs/iotestslog.txt

This is an allowed-to-fail job, so I could in theory allow the
merge, but OTOH the job was passing previously and the failure
is block-related and this is a block-related pullreq...

thanks
-- PMM

Re: [PULL 00/10] Misc next patches

Posted by Daniel P. Berrangé 2 years, 2 months ago

On Fri, Feb 18, 2022 at 08:05:12PM +0000, Peter Maydell wrote:
> On Thu, 17 Feb 2022 at 12:01, Daniel P. Berrangé <berrange@redhat.com> wrote:
> >
> > The following changes since commit ad38520bdeb2b1e0b487db317f29119e94c1c88d:
> >
> >   Merge remote-tracking branch 'remotes/stefanha-gitlab/tags/block-pull-request' into staging (2022-02-15 19:30:33 +0000)
> >
> > are available in the Git repository at:
> >
> >   https://gitlab.com/berrange/qemu tags/misc-next-pull-request
> >
> > for you to fetch changes up to 2720ceda0521bc43139cfdf45e3e470559e11ce3:
> >
> >   docs: expand firmware descriptor to allow flash without NVRAM (2022-02-16 18:53:26 +0000)
> >
> > ----------------------------------------------------------------
> > This misc series of changes:
> >
> >  - Improves documentation of SSH fingerprint checking
> >  - Fixes SHA256 fingerprints with non-blockdev usage
> >  - Blocks the clone3, setns, unshare & execveat syscalls
> >    with seccomp
> >  - Blocks process spawning via clone syscall, but allows
> >    threads, with seccomp
> >  - Takes over seccomp maintainer role
> >  - Expands firmware descriptor spec to allow flash
> >    without NVRAM
> 
> Hi; this series seems to cause the x64-freebsd-13-build to fail:
> https://gitlab.com/qemu-project/qemu/-/jobs/2112237501
> 
> 1/1 qemu:block / qemu-iotests qcow2 ERROR 155.99s exit status 1
> ▶ 469/707 /or1k/qmp/x-query-opcount OK
> ▶ 493/707 /ppc64/pnv-xscom/cfam_id/POWER8NVL OK
> Summary of Failures:
> 1/1 qemu:block / qemu-iotests qcow2 ERROR 155.99s exit status 1
> Ok: 0
> Expected Fail: 0
> Fail: 1
> Unexpected Pass: 0
> Skipped: 0
> Timeout: 0
> Full log written to /tmp/cirrus-ci-build/build/meson-logs/iotestslog.txt
> 
> This is an allowed-to-fail job, so I could in theory allow the
> merge, but OTOH the job was passing previously and the failure
> is block-related and this is a block-related pullreq...

AFAIK, the block jobs run in CI don't cover the SSH driver at all.

I had a CI pipeline before submitting, which covered Free BSD 13
which passed. To be sure I just rebased to git master and tried
another pipeline which passed too:

  https://gitlab.com/berrange/qemu/-/jobs/2119118096

so I'm thinking the failure you got is a transient. Could you retry
this PULL

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Re: [PULL 00/10] Misc next patches

Posted by Peter Maydell 2 years, 2 months ago

On Mon, 21 Feb 2022 at 19:18, Daniel P. Berrangé <berrange@redhat.com> wrote:
> AFAIK, the block jobs run in CI don't cover the SSH driver at all.
>
> I had a CI pipeline before submitting, which covered Free BSD 13
> which passed. To be sure I just rebased to git master and tried
> another pipeline which passed too:
>
>   https://gitlab.com/berrange/qemu/-/jobs/2119118096
>
> so I'm thinking the failure you got is a transient. Could you retry
> this PULL

Does seem to have been a transient. (We have way too many of those
at the moment for a variety of reasons.)

Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/7.0
for any user-visible changes.

-- PMM