March 2018 - Devel - libvirt List Archives

[libvirt] [PATCH] conf: allow more user friendly names for disk formats
by Daniel P. Berrangé 13 Mar '18

13 Mar '18

Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- src/conf/domain_conf.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 04a6ee77af..007b73a84d 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -9152,6 +9152,12 @@ virDomainDiskDefDriverParseXML(virDomainDiskDefPtr def, if (STREQ(tmp, "aio")) { /* Xen back-compat */ def->src->format = VIR_STORAGE_FILE_RAW; + } else if (STREQ(tmp, "🐄")) { + def->src->format = VIR_STORAGE_FILE_COW; + } else if (STREQ(tmp, "q🐄")) { + def->src->format = VIR_STORAGE_FILE_QCOW; + } else if (STREQ(tmp, "q🐄2")) { + def->src->format = VIR_STORAGE_FILE_QCOW2; } else { if ((def->src->format = virStorageFileFormatTypeFromString(tmp)) <= 0) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, -- 2.14.3

3 2

[libvirt] [PATCH] qemuAssignDeviceInputAlias: Be tolerant to pre-existent alias
by Michal Privoznik 13 Mar '18

13 Mar '18

This is missing in 6bc4a371cf and therefore we are effectively overwriting user provided aliases for <input/> devices. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- src/qemu/qemu_alias.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/qemu/qemu_alias.c b/src/qemu/qemu_alias.c index ae30f7df8..d0ca15bae 100644 --- a/src/qemu/qemu_alias.c +++ b/src/qemu/qemu_alias.c @@ -513,6 +513,9 @@ qemuAssignDeviceInputAlias(virDomainDefPtr def, virDomainInputDefPtr input, int idx) { + if (input->info.alias) + return 0; + if (idx == -1) { int thisidx; size_t i; -- 2.16.1

2 1

[libvirt] [dbus PATCH 00/18] rewrite to use libdbus and some other fixes
by Pavel Hrdina 13 Mar '18

13 Mar '18

The first 15 patches fixes some issues and bugs and cleanups the code. Patch 16 introduces support for libdbus and a lot of helper functions. Patch 17 switches the code to use libdbus instead of sd-bus and drops all sd-bus related code. Patch 18 introduces threading so every message is processed by separate thread. Pavel Hrdina (18): util: rename VIR_ATTR_UNUSED util: there is no need to mark cleanup functions as inline util: introduce VIRT_DBUS_ERROR_INTERFACE connect: introduce VIRT_DBUS_CONNECT_INTERFACE domain: introduce VIRT_DBUS_DOMAIN_INTERFACE events: fix signal message for TrayChange event events: fix function names for TrayChange and DiskChange events main: error out if signal handler is not registered main: fix error message spec: don't use hard-coded system_user maint: fix coding style maint: cleanup includes domain: ensure connection to libvirt connect: parse message arguments as first thing domain: create a helper function to get a domain object introduce support for libdbus library switch from sd-bus to libdbus main: introduce threads to process the dbus messages README | 2 +- configure.ac | 16 +- data/Makefile.am | 7 + data/org.libvirt.Connect.xml | 56 ++ data/org.libvirt.Domain.xml | 51 ++ libvirt-dbus.spec.in | 16 +- src/Makefile.am | 15 +- src/connect.c | 240 ++++----- src/connect.h | 44 +- src/dbus.c | 1226 ++++++++++++++++++++++++++++++++++++++++++ src/dbus.h | 158 ++++++ src/domain.c | 642 ++++++++++------------ src/domain.h | 5 +- src/events.c | 150 +++--- src/events.h | 3 - src/main.c | 208 ++++--- src/util.c | 310 ++++++++--- src/util.h | 82 ++- test/Makefile.am | 3 +- test/travis-run | 2 +- 20 files changed, 2446 insertions(+), 790 deletions(-) create mode 100644 data/org.libvirt.Connect.xml create mode 100644 data/org.libvirt.Domain.xml create mode 100644 src/dbus.c create mode 100644 src/dbus.h -- 2.14.3

2 37

[libvirt] [PATCH v2 00/10] Add proper testing of qemu status XML files
by Peter Krempa 13 Mar '18

13 Mar '18

Changes to v1: - added tests specifically for testing format probing (also formating of argv) - removed format probing from snapshot tests - added a synthetic test for <lockstate> - added <namespaces> to the 'modern' test (note that allowReboot is tested in one of the old tests which were preserved) This version also saves space by using symlinks in place of the output XML files since they are identical to the input ones in all cases added in this tests. Peter Krempa (10): tests: qemuxml2xml: Rename testInfoFree to testInfoClear tests: qemu: Explicitly add tests with format probing allowed tests: qemuxml2xml: Remove testing with allowed format detection tests: domainsnapshotxml2xml: Remove testing with allowed format detection tests: qemuxml2xml: Add proper domain status XML testing tests: qemuxml2xml: Add synthetic test for <lockstate> in status XML tests: qemuxml2xml: Remove fake status XML testing tests: util: Remove callback from testCompareDomXML2XMLFiles tests: qemuxml2xml: Add modern example of status XML to the test tests: qemuxml2xml: Add status XML with outgoing migration with NBD tests/Makefile.am | 1 + .../disk_snapshot_redefine.xml | 6 + .../external_vm_redefine.xml | 1 + tests/domainsnapshotxml2xmlout/full_domain.xml | 1 + tests/domainsnapshotxml2xmlout/metadata.xml | 1 + tests/domainsnapshotxml2xmltest.c | 3 - tests/genericxml2xmltest.c | 2 +- tests/lxcxml2xmltest.c | 2 +- tests/qemustatusxml2xmldata/blockjob-mirror-in.xml | 97 +++++ .../qemustatusxml2xmldata/blockjob-mirror-out.xml | 1 + .../qemustatusxml2xmldata/migration-out-nbd-in.xml | 449 +++++++++++++++++++++ .../migration-out-nbd-out.xml | 1 + tests/qemustatusxml2xmldata/modern-in.xml | 448 ++++++++++++++++++++ tests/qemustatusxml2xmldata/modern-out.xml | 1 + tests/qemustatusxml2xmldata/vcpus-multi-in.xml | 343 ++++++++++++++++ tests/qemustatusxml2xmldata/vcpus-multi-out.xml | 1 + .../qemuxml2argvdata/disk-drive-detect-zeroes.xml | 2 +- .../qemuxml2argvdata/disk-many-format-probing.args | 29 ++ .../qemuxml2argvdata/disk-many-format-probing.xml | 48 +++ tests/qemuxml2argvdata/hugepages-memaccess.xml | 1 + tests/qemuxml2argvdata/hugepages-memaccess2.xml | 1 + tests/qemuxml2argvdata/hugepages-pages4.xml | 1 + tests/qemuxml2argvdata/hugepages-pages5.xml | 1 + tests/qemuxml2argvdata/hugepages-pages6.xml | 1 + .../memory-hotplug-nvdimm-access.xml | 1 + .../memory-hotplug-nvdimm-label.xml | 1 + tests/qemuxml2argvdata/memory-hotplug-nvdimm.xml | 1 + .../serial-tcp-tlsx509-chardev-notls.xml | 1 + tests/qemuxml2argvtest.c | 6 + .../aarch64-aavmf-virtio-mmio.xml | 1 + .../aarch64-virtio-pci-default.xml | 1 + .../aarch64-virtio-pci-manual-addresses.xml | 1 + tests/qemuxml2xmloutdata/autoindex.xml | 1 + tests/qemuxml2xmloutdata/balloon-device-auto.xml | 1 + tests/qemuxml2xmloutdata/balloon-device-period.xml | 1 + .../bios-nvram-os-interleave.xml | 1 + tests/qemuxml2xmloutdata/bios-nvram.xml | 1 + tests/qemuxml2xmloutdata/blkiotune-device.xml | 1 + tests/qemuxml2xmloutdata/blkiotune.xml | 1 + .../boot-menu-disable-with-timeout.xml | 1 + tests/qemuxml2xmloutdata/boot-menu-disable.xml | 1 + .../boot-menu-enable-with-timeout.xml | 1 + tests/qemuxml2xmloutdata/boot-multi.xml | 1 + tests/qemuxml2xmloutdata/boot-order.xml | 2 + tests/qemuxml2xmloutdata/channel-guestfwd.xml | 1 + tests/qemuxml2xmloutdata/channel-virtio-auto.xml | 1 + .../channel-virtio-state-active.xml | 1 + .../channel-virtio-state-inactive.xml | 1 + tests/qemuxml2xmloutdata/channel-virtio.xml | 1 + tests/qemuxml2xmloutdata/clock-catchup.xml | 1 + tests/qemuxml2xmloutdata/console-compat-auto.xml | 1 + tests/qemuxml2xmloutdata/console-virtio-many.xml | 1 + tests/qemuxml2xmloutdata/console-virtio.xml | 1 + .../cpu-host-passthrough-features.xml | 1 + tests/qemuxml2xmloutdata/cputune-iothreads.xml | 1 + .../cputune-iothreadsched-zeropriority.xml | 1 + tests/qemuxml2xmloutdata/cputune-iothreadsched.xml | 1 + tests/qemuxml2xmloutdata/cputune-zero-shares.xml | 1 + tests/qemuxml2xmloutdata/cputune.xml | 1 + .../qemuxml2xmloutdata/disk-drive-copy-on-read.xml | 2 +- tests/qemuxml2xmloutdata/disk-drive-discard.xml | 2 +- .../disk-many-format-probing.xml | 52 +++ tests/qemuxml2xmloutdata/disk-mirror-active.xml | 5 + tests/qemuxml2xmloutdata/disk-mirror-inactive.xml | 4 + .../disk-mirror-old-inactive.xml | 4 + tests/qemuxml2xmloutdata/disk-mirror-old.xml | 7 +- tests/qemuxml2xmloutdata/disk-scsi-device-auto.xml | 2 + tests/qemuxml2xmloutdata/disk-scsi-device.xml | 2 + tests/qemuxml2xmloutdata/disk-scsi-disk-vpd.xml | 2 + .../disk-scsi-lun-passthrough-sgio.xml | 2 + tests/qemuxml2xmloutdata/disk-scsi-megasas.xml | 2 + tests/qemuxml2xmloutdata/disk-scsi-mptsas1068.xml | 2 + tests/qemuxml2xmloutdata/disk-scsi-virtio-scsi.xml | 2 + tests/qemuxml2xmloutdata/disk-scsi-vscsi.xml | 2 + tests/qemuxml2xmloutdata/disk-serial.xml | 3 + tests/qemuxml2xmloutdata/disk-source-pool-mode.xml | 4 + tests/qemuxml2xmloutdata/disk-source-pool.xml | 2 + tests/qemuxml2xmloutdata/disk-usb-device.xml | 2 + .../disk-virtio-scsi-cmd_per_lun.xml | 1 + .../disk-virtio-scsi-ioeventfd.xml | 1 + .../disk-virtio-scsi-max_sectors.xml | 1 + .../disk-virtio-scsi-num_queues.xml | 1 + .../qemuxml2xmloutdata/graphics-listen-network.xml | 1 + .../graphics-listen-network2.xml | 1 + .../graphics-spice-compression.xml | 1 + .../qemuxml2xmloutdata/graphics-spice-qxl-vga.xml | 1 + tests/qemuxml2xmloutdata/graphics-spice.xml | 1 + .../hostdev-scsi-autogen-address.xml | 1 + .../qemuxml2xmloutdata/hostdev-scsi-large-unit.xml | 1 + .../hostdev-scsi-lsi-iscsi-auth.xml | 1 + .../qemuxml2xmloutdata/hostdev-scsi-lsi-iscsi.xml | 1 + tests/qemuxml2xmloutdata/hostdev-scsi-lsi.xml | 1 + tests/qemuxml2xmloutdata/hostdev-scsi-rawio.xml | 1 + tests/qemuxml2xmloutdata/hostdev-scsi-readonly.xml | 1 + tests/qemuxml2xmloutdata/hostdev-scsi-sgio.xml | 1 + .../qemuxml2xmloutdata/hostdev-scsi-shareable.xml | 1 + .../hostdev-scsi-vhost-scsi-ccw.xml | 1 + .../hostdev-scsi-vhost-scsi-pci.xml | 1 + .../hostdev-scsi-virtio-iscsi-auth.xml | 1 + .../hostdev-scsi-virtio-iscsi.xml | 1 + .../hostdev-scsi-virtio-scsi.xml | 1 + tests/qemuxml2xmloutdata/hostdev-vfio.xml | 1 + tests/qemuxml2xmloutdata/hugepages-pages.xml | 1 + tests/qemuxml2xmloutdata/hugepages-pages2.xml | 1 + tests/qemuxml2xmloutdata/hugepages-pages3.xml | 1 + tests/qemuxml2xmloutdata/hugepages-shared.xml | 1 + tests/qemuxml2xmloutdata/hugepages.xml | 1 + tests/qemuxml2xmloutdata/lease.xml | 2 + .../machine-loadparm-multiple-disks-nets-s390.xml | 2 + tests/qemuxml2xmloutdata/memory-hotplug-dimm.xml | 1 + tests/qemuxml2xmloutdata/memory-hotplug.xml | 1 + tests/qemuxml2xmloutdata/memtune-unlimited.xml | 1 + tests/qemuxml2xmloutdata/memtune.xml | 1 + tests/qemuxml2xmloutdata/metadata-duplicate.xml | 1 + tests/qemuxml2xmloutdata/metadata.xml | 1 + tests/qemuxml2xmloutdata/minimal.xml | 1 + tests/qemuxml2xmloutdata/net-hostdev-vfio.xml | 1 + tests/qemuxml2xmloutdata/net-hostdev.xml | 1 + tests/qemuxml2xmloutdata/net-midonet.xml | 1 + tests/qemuxml2xmloutdata/net-openvswitch.xml | 1 + tests/qemuxml2xmloutdata/net-udp.xml | 1 + tests/qemuxml2xmloutdata/net-virtio-device.xml | 1 + .../net-virtio-disable-offloads.xml | 1 + .../net-virtio-network-portgroup.xml | 1 + .../net-virtio-rxtxqueuesize.xml | 1 + .../numad-auto-memory-vcpu-cpuset.xml | 1 + ...ad-auto-memory-vcpu-no-cpuset-and-placement.xml | 1 + .../numad-auto-vcpu-no-numatune.xml | 1 + .../numad-static-vcpu-no-numatune.xml | 1 + tests/qemuxml2xmloutdata/panic-isa.xml | 1 + tests/qemuxml2xmloutdata/panic-no-address.xml | 1 + tests/qemuxml2xmloutdata/panic.xml | 1 + tests/qemuxml2xmloutdata/pci-rom.xml | 1 + .../qemuxml2xmloutdata/pci-serial-dev-chardev.xml | 1 + tests/qemuxml2xmloutdata/pcie-expander-bus.xml | 1 + tests/qemuxml2xmloutdata/pcie-root-port.xml | 1 + .../pcie-switch-downstream-port.xml | 1 + .../pcie-switch-upstream-port.xml | 1 + tests/qemuxml2xmloutdata/pcihole64-q35.xml | 1 + tests/qemuxml2xmloutdata/q35-pcie-autoadd.xml | 1 + tests/qemuxml2xmloutdata/q35-pcie.xml | 1 + tests/qemuxml2xmloutdata/q35-usb2-multi.xml | 1 + tests/qemuxml2xmloutdata/q35-usb2-reorder.xml | 1 + tests/qemuxml2xmloutdata/q35-usb2.xml | 1 + tests/qemuxml2xmloutdata/q35-virtio-pci.xml | 1 + tests/qemuxml2xmloutdata/q35.xml | 1 + tests/qemuxml2xmloutdata/seclabel-dac-none.xml | 1 + .../seclabel-device-multiple.xml | 1 + .../seclabel-dynamic-baselabel.xml | 1 + .../seclabel-dynamic-labelskip.xml | 1 + tests/qemuxml2xmloutdata/seclabel-dynamic-none.xml | 1 + .../seclabel-dynamic-override.xml | 2 + .../seclabel-dynamic-relabel.xml | 1 + tests/qemuxml2xmloutdata/seclabel-none.xml | 1 + .../seclabel-static-labelskip.xml | 1 + tests/qemuxml2xmloutdata/seclabel-static.xml | 1 + .../serial-spiceport-nospice.xml | 1 + tests/qemuxml2xmloutdata/serial-spiceport.xml | 1 + .../qemuxml2xmloutdata/serial-target-port-auto.xml | 1 + .../serial-tcp-tlsx509-chardev.xml | 1 + tests/qemuxml2xmloutdata/smbios-multiple-type2.xml | 1 + tests/qemuxml2xmloutdata/smbios.xml | 1 + tests/qemuxml2xmloutdata/sound-device.xml | 1 + tests/qemuxml2xmloutdata/video-qxl-heads.xml | 1 + tests/qemuxml2xmloutdata/video-qxl-noheads.xml | 1 + tests/qemuxml2xmloutdata/vmcoreinfo.xml | 1 + tests/qemuxml2xmltest.c | 288 ++++--------- tests/testutils.c | 8 +- tests/testutils.h | 5 - 169 files changed, 1754 insertions(+), 224 deletions(-) create mode 100644 tests/qemustatusxml2xmldata/blockjob-mirror-in.xml create mode 120000 tests/qemustatusxml2xmldata/blockjob-mirror-out.xml create mode 100644 tests/qemustatusxml2xmldata/migration-out-nbd-in.xml create mode 120000 tests/qemustatusxml2xmldata/migration-out-nbd-out.xml create mode 100644 tests/qemustatusxml2xmldata/modern-in.xml create mode 120000 tests/qemustatusxml2xmldata/modern-out.xml create mode 100644 tests/qemustatusxml2xmldata/vcpus-multi-in.xml create mode 120000 tests/qemustatusxml2xmldata/vcpus-multi-out.xml create mode 100644 tests/qemuxml2argvdata/disk-many-format-probing.args create mode 100644 tests/qemuxml2argvdata/disk-many-format-probing.xml create mode 100644 tests/qemuxml2xmloutdata/disk-many-format-probing.xml -- 2.16.2

2 20

[libvirt] [PATCH 0/2] [pushed] Trivial followup fixes for a trivial patch
by Ján Tomko 13 Mar '18

13 Mar '18

I managed to push commit 1cdc9ece without incorporating Andrea's review feedback. These are the follow-up fixes I pushed as trivial before the commit police gets me. Ján Tomko (2): Adjust whitespace in virDomainDefHasUSB prototype qemuDomainUSBAddressAddHubs: use numeric comparison src/conf/domain_conf.h | 3 +-- src/qemu/qemu_domain_address.c | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) -- 2.13.6

1 2

[libvirt] Two more libvirt GSOC ideas
by Erik Skultety 12 Mar '18

12 Mar '18

Hi, I'd like to add 2 more GSOC ideas to our wiki page, but I'd like to get some opinions whether you think these might even be appropriate GSOC project candidates. #1 PROJECT: Support wildcard with log filters SUMMARY: Enhance the log filters format to allow specifying a wildcard, i.e. <level>:* DESCRIPTION: Currently, libvirt admin interface allows (among other things) runtime tuning of daemon log settings with the exception of setting the global log priority. The main reason for not having an API to get/set the global log priority is that the same effect that setting global log level would have can be achieved with using log filters only which in terms of logging control provide us with more granularity. However, in order to achieve the same effect using filters only, one would end up with a filter similar to this: 1:access 1:daemon 1:conf 1:cpu 1:libvirt 1:locking 1:logging 1:network 1:nwfilter 1:util Therefore, we should enhance the format of a filter to allow us to simply use the following instead: 1:* other_filters #2 PROJECT: Extend node device driver's API set SUMMARY: Modify the existing set (adjust/add) of APIs for node device driver in order to provide similar functionality (conceptually) to other drivers. DESCRIPTION: The node device driver is responsible for host device management. In most cases, this means that we're simply just report device's capabilities and track its lifetime. This is enough for physical host devices, however, there are a few other virtualization features like NFV, NPIV, and MDEV where libvirt should also be able to create such virtual devices. Currently, libvirt is only able to create transient (temporary config) NPIV/vHBA devices, so besides having support for creating virtual functions and mediated devices on feature-capable physical device we also need to be able to store persistent configuration of such virtual devices. Besides extending the existing set of APIs, this will also require a certain amount of refactor of our current code base. Not all of the changes mentioned above are absolutely necessary to finish the project successfully. Thanks, Erik

2 2

[libvirt] [PATCH] bhyve: fix crash on missing interface model
by Roman Bogorodskiy 12 Mar '18

12 Mar '18

The bhyve driver crashes in bhyveBuildNetArgStr() when network interface model is not defined. As it has to be provided explicitly, add a check to report an error if it's missing. --- src/bhyve/bhyve_command.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/bhyve/bhyve_command.c b/src/bhyve/bhyve_command.c index ec5d24012..9413ae5c1 100644 --- a/src/bhyve/bhyve_command.c +++ b/src/bhyve/bhyve_command.c @@ -56,6 +56,12 @@ bhyveBuildNetArgStr(virConnectPtr conn, int ret = -1; virDomainNetType actualType = virDomainNetGetActualType(net); + if (net->model == NULL) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("NIC model must be specified")); + return -1; + } + if (STREQ(net->model, "virtio")) { if (VIR_STRDUP(nic_model, "virtio-net") < 0) return -1; -- 2.16.2

2 2

[libvirt] [PATCH] Fix build with clang 6.0.0
by Roman Bogorodskiy 12 Mar '18

12 Mar '18

Clang 6.0.0 complains when initializing structure with { NULL }: conf/domain_addr.c:1494:38: error: missing field 'type' initializer [-Werror,-Wmissing-field-initializers] virDomainDeviceInfo nfo = { NULL }; Use { 0 } instead to make it happy. --- src/conf/domain_addr.c | 2 +- tests/sysinfotest.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/conf/domain_addr.c b/src/conf/domain_addr.c index 5e875a3e6..0c914fe25 100644 --- a/src/conf/domain_addr.c +++ b/src/conf/domain_addr.c @@ -1491,7 +1491,7 @@ virDomainVirtioSerialAddrAssign(virDomainDefPtr def, bool portOnly) { int ret = -1; - virDomainDeviceInfo nfo = { NULL }; + virDomainDeviceInfo nfo = { 0 }; virDomainDeviceInfoPtr ptr = allowZero ? &nfo : info; ptr->type = VIR_DOMAIN_DEVICE_ADDRESS_TYPE_VIRTIO_SERIAL; diff --git a/tests/sysinfotest.c b/tests/sysinfotest.c index a61da017c..53d5725fd 100644 --- a/tests/sysinfotest.c +++ b/tests/sysinfotest.c @@ -91,7 +91,7 @@ sysinfotest_run(const char *test, const char *cpuinfo, const char *expected) { - struct testSysinfoData testdata = { NULL }; + struct testSysinfoData testdata = { 0 }; int ret = EXIT_FAILURE; testdata.func = func; -- 2.16.2

2 2

[libvirt] [PATCH v2 0/9] x86: Secure Encrypted Virtualization (AMD)
by Brijesh Singh 12 Mar '18

12 Mar '18

This patch series provides support for launching an encrypted guest using AMD's new Secure Encrypted Virtualization (SEV) feature. SEV is an extension to the AMD-V architecture which supports running multiple VMs under the control of a hypervisor. When enabled, SEV feature allows the memory contents of a virtual machine (VM) to be transparently encrypted with a key unique to the guest VM. In order to launch SEV guest we need QEMU SEV patch [1]. [1] https://marc.info/?l=kvm&m=152051337301616&w=2 The patch series implements some of recommendation from Daniel [2] [2] https://www.redhat.com/archives/libvir-list/2017-September/msg00197.html At very high level the flow looks this: 1. mgmt tool calls virConnectGetDomainCapabilities. This returns an XML document that includes the following <feature> ... <sev supported='yes'> <cbitpos> </cbitpos> <reduced-phys-bits> </reduced-phys-bits> <pdh> </pdh> <cert-chain> </cert-chain> </feature> If <sev> is provided then we indicate that hypervisor is capable of launching SEV guest. 2. (optional) mgmt tool can provide the PDH and Cert-chain to guest owner in case if guest owner wish to establish a secure connection with SEV firmware to negotiate a key used for validating the measurement. 3. mgmt tool requests to start a guest calling virCreateXML(), passing VIR_DOMAIN_START_PAUSED. The xml would include <launch-security type='sev'> <cbitpos> </cbitpos> /* the value is same as what is obtained via virConnectGetDomainCapabilities() <reduced-phys-bits> </reduced-phys-bits> /* the value is same as what is obtained via virConnectGetDomainCapabilities() <dh-cert> .. </dh> /* guest owners diffie-hellman key */ (optional) <session> ..</session> /* guest owners session blob */ (optional) <policy> ..</policy> /* guest policy */ (optional) 4. Libvirt generate the QEMU cli arg to enable the SEV feature, a typical args looks like this: # $QEMU .. -machine memory-encryption=sev0 \ -object sev-guest,id=sev0,dh-cert-file=<file>.... 5. Libvirt generates lifecycle VIR_DOMAIN_EVENT_SUSPENDED_PAUSED event 6. mgmt tool gets the VIR_DOMAIN_EVENT_SUSPENDED_PAUSED and calls virDomainGetLaunchSecretInfo() to retrieve the measurement of encrypted memory. 7. (optional) mgmt tool can provide the measurement value to guest owner, which can validate the measurement and gives GO/NO-GO answer. If mgmt tool gets GO then it resumes the guest otherwise it calls destroy() to kill the guest. 8. mgmt tool resumes the guest TODO: * SEV guest require to use DMA apis for the virtio devices. In order to use the DMA apis the virtio devices must have this tag <driver iommu=on ats=on> It is a bit unclear to me where these changes need to go. Do we need to modify the libvirt to automatically add these when SEV is enabled or we ask mgmt tool to make sure that it creates XML with right tag to enable the DMA APIs for virtio devices. I am looking for some suggestions. Using these patches we have succesfully booted and tested a guest both with and without SEV enabled. SEV Firmware API spec is available at: https://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf Changes since v1: * rename <sev> -> <launch-security> for domain * add more information about policy and other fields in domaincaps.html * split the domain_conf support in two patches * add virDomainGetLaunchInfo() to retrieve the SEV measurement * extend virsh command to show the domain's launch security information * add test cases to validate newly added <launch-security> element * fix issues reported with 'make check' and 'make syntax-check' The complete git tree is available at: https://github.com/codomania/libvirt/tree/v2 Brijesh Singh (8): qemu: provide support to query the SEV capability qemu: introduce SEV feature in hypervisor capabilities conf: introduce launch-security element in domain qemu: add support to launch SEV guest libvirt: add new public API to get launch security info remote: implement the remote protocol for launch security qemu_driver: add support to launch security info virsh: implement new command for launch security Xiaogang Chen (1): tests: extend tests to include sev specific tag parsing docs/formatdomain.html.in | 120 ++++++++++++++++++++++++++++++++++++ docs/formatdomaincaps.html.in | 40 ++++++++++++ docs/schemas/domaincaps.rng | 20 ++++++ docs/schemas/domaincommon.rng | 39 ++++++++++++ include/libvirt/libvirt-domain.h | 17 +++++ src/conf/domain_capabilities.c | 20 ++++++ src/conf/domain_capabilities.h | 14 +++++ src/conf/domain_conf.c | 111 +++++++++++++++++++++++++++++++++ src/conf/domain_conf.h | 27 ++++++++ src/driver-hypervisor.h | 7 +++ src/libvirt-domain.c | 50 +++++++++++++++ src/libvirt_public.syms | 5 ++ src/qemu/qemu_capabilities.c | 45 ++++++++++++++ src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_capspriv.h | 4 ++ src/qemu/qemu_command.c | 33 ++++++++++ src/qemu/qemu_driver.c | 72 ++++++++++++++++++++++ src/qemu/qemu_monitor.c | 17 +++++ src/qemu/qemu_monitor.h | 6 ++ src/qemu/qemu_monitor_json.c | 105 +++++++++++++++++++++++++++++++ src/qemu/qemu_monitor_json.h | 5 ++ src/qemu/qemu_process.c | 91 +++++++++++++++++++++++++++ src/remote/remote_daemon_dispatch.c | 63 +++++++++++++++++++ src/remote/remote_driver.c | 52 +++++++++++++++- src/remote/remote_protocol.x | 22 ++++++- src/remote_protocol-structs | 13 ++++ tests/genericxml2xmlindata/sev.xml | 22 +++++++ tests/genericxml2xmloutdata/sev.xml | 22 +++++++ tests/genericxml2xmltest.c | 2 + tests/qemuxml2argvdata/sev.args | 25 ++++++++ tests/qemuxml2argvdata/sev.xml | 35 +++++++++++ tests/qemuxml2argvtest.c | 2 + tests/qemuxml2xmloutdata/sev.xml | 39 ++++++++++++ tests/qemuxml2xmltest.c | 2 + tools/virsh-domain.c | 93 ++++++++++++++++++++++++++++ 35 files changed, 1239 insertions(+), 2 deletions(-) create mode 100644 tests/genericxml2xmlindata/sev.xml create mode 100644 tests/genericxml2xmloutdata/sev.xml create mode 100644 tests/qemuxml2argvdata/sev.args create mode 100644 tests/qemuxml2argvdata/sev.xml create mode 100644 tests/qemuxml2xmloutdata/sev.xml -- 2.14.3

3 21

[libvirt] [PATCH] keycodemapdb: Update submodule
by Andrea Bolognani 12 Mar '18

12 Mar '18

This time around it's not enough to just pick the latest commit, because with aed87bb2aa6ed83b49574eb982e3bdd4c36acf17 keycodemapdb renamed the 'rfb' keycode to 'qnum' and we need to accept the new name while maintaining backwards compatibility. Signed-off-by: Andrea Bolognani <abologna(a)redhat.com> --- include/libvirt/libvirt-domain.h | 9 ++++++++- src/keycodemapdb | 2 +- src/qemu/qemu_driver.c | 8 ++++---- src/util/Makefile.inc.am | 2 +- src/util/virkeycode.c | 8 ++++---- tests/virkeycodetest.c | 4 ++-- tools/virsh-domain.c | 5 +++++ tools/virsh.pod | 6 +++--- 8 files changed, 28 insertions(+), 16 deletions(-) diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-domain.h index 4048acf38a..4128d55852 100644 --- a/include/libvirt/libvirt-domain.h +++ b/include/libvirt/libvirt-domain.h @@ -2733,7 +2733,7 @@ typedef enum { VIR_KEYCODE_SET_XT_KBD = 6, VIR_KEYCODE_SET_USB = 7, VIR_KEYCODE_SET_WIN32 = 8, - VIR_KEYCODE_SET_RFB = 9, + VIR_KEYCODE_SET_QNUM = 9, # ifdef VIR_ENUM_SENTINELS VIR_KEYCODE_SET_LAST @@ -2745,6 +2745,13 @@ typedef enum { # endif } virKeycodeSet; +/** + * VIR_KEYCODE_SET_RFB: + * + * Compatibility alias for VIR_KEYCODE_SET_QNUM, which replaced it since 4.2.0. + */ +# define VIR_KEYCODE_SET_RFB VIR_KEYCODE_SET_QNUM + /** * VIR_DOMAIN_SEND_KEY_MAX_KEYS: * diff --git a/src/keycodemapdb b/src/keycodemapdb index 267157b96c..16e5b07876 160000 --- a/src/keycodemapdb +++ b/src/keycodemapdb @@ -1 +1 @@ -Subproject commit 267157b96c62b5445de9cddd21de42fcd943ffe6 +Subproject commit 16e5b0787687d8904dad2c026107409eb9bfcb95 diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index e13544f832..8c872c1f08 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -2580,17 +2580,17 @@ static int qemuDomainSendKey(virDomainPtr domain, virCheckFlags(0, -1); - /* translate the keycode to RFB for qemu driver */ - if (codeset != VIR_KEYCODE_SET_RFB) { + /* translate the keycode to QNUM for qemu driver */ + if (codeset != VIR_KEYCODE_SET_QNUM) { size_t i; int keycode; for (i = 0; i < nkeycodes; i++) { - keycode = virKeycodeValueTranslate(codeset, VIR_KEYCODE_SET_RFB, + keycode = virKeycodeValueTranslate(codeset, VIR_KEYCODE_SET_QNUM, keycodes[i]); if (keycode < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("cannot translate keycode %u of %s codeset to rfb keycode"), + _("cannot translate keycode %u of %s codeset to qnum keycode"), keycodes[i], virKeycodeSetTypeToString(codeset)); return -1; diff --git a/src/util/Makefile.inc.am b/src/util/Makefile.inc.am index a91b30dca5..d0e1ec3625 100644 --- a/src/util/Makefile.inc.am +++ b/src/util/Makefile.inc.am @@ -214,7 +214,7 @@ EXTRA_DIST += \ $(NULL) -KEYCODES = linux osx atset1 atset2 atset3 xtkbd usb win32 rfb +KEYCODES = linux osx atset1 atset2 atset3 xtkbd usb win32 qnum KEYNAMES = linux osx win32 KEYTABLES = \ diff --git a/src/util/virkeycode.c b/src/util/virkeycode.c index eda263218c..8976bbf376 100644 --- a/src/util/virkeycode.c +++ b/src/util/virkeycode.c @@ -27,7 +27,7 @@ #include "virkeycodetable_atset3.h" #include "virkeycodetable_linux.h" #include "virkeycodetable_osx.h" -#include "virkeycodetable_rfb.h" +#include "virkeycodetable_qnum.h" #include "virkeycodetable_usb.h" #include "virkeycodetable_win32.h" #include "virkeycodetable_xtkbd.h" @@ -52,7 +52,7 @@ static const unsigned short *virKeymapValues[VIR_KEYCODE_SET_LAST] = { [VIR_KEYCODE_SET_XT_KBD] = virKeyCodeTable_xtkbd, [VIR_KEYCODE_SET_USB] = virKeyCodeTable_usb, [VIR_KEYCODE_SET_WIN32] = virKeyCodeTable_win32, - [VIR_KEYCODE_SET_RFB] = virKeyCodeTable_rfb, + [VIR_KEYCODE_SET_QNUM] = virKeyCodeTable_qnum, }; #define VIR_KEYMAP_ENTRY_MAX ARRAY_CARDINALITY(virKeyCodeTable_linux) @@ -64,7 +64,7 @@ verify(VIR_KEYMAP_ENTRY_MAX == ARRAY_CARDINALITY(virKeyCodeTable_osx)); verify(VIR_KEYMAP_ENTRY_MAX == ARRAY_CARDINALITY(virKeyCodeTable_xtkbd)); verify(VIR_KEYMAP_ENTRY_MAX == ARRAY_CARDINALITY(virKeyCodeTable_usb)); verify(VIR_KEYMAP_ENTRY_MAX == ARRAY_CARDINALITY(virKeyCodeTable_win32)); -verify(VIR_KEYMAP_ENTRY_MAX == ARRAY_CARDINALITY(virKeyCodeTable_rfb)); +verify(VIR_KEYMAP_ENTRY_MAX == ARRAY_CARDINALITY(virKeyCodeTable_qnum)); verify(VIR_KEYMAP_ENTRY_MAX == ARRAY_CARDINALITY(virKeyNameTable_linux)); verify(VIR_KEYMAP_ENTRY_MAX == ARRAY_CARDINALITY(virKeyNameTable_osx)); verify(VIR_KEYMAP_ENTRY_MAX == ARRAY_CARDINALITY(virKeyNameTable_win32)); @@ -79,7 +79,7 @@ VIR_ENUM_IMPL(virKeycodeSet, VIR_KEYCODE_SET_LAST, "xt_kbd", "usb", "win32", - "rfb", + "qnum", ); int virKeycodeValueFromString(virKeycodeSet codeset, diff --git a/tests/virkeycodetest.c b/tests/virkeycodetest.c index 24887a36d4..399a13fcae 100644 --- a/tests/virkeycodetest.c +++ b/tests/virkeycodetest.c @@ -54,8 +54,8 @@ static int testKeycodeMapping(const void *data ATTRIBUTE_UNUSED) TRANSLATE(LINUX, LINUX, 111, 111); TRANSLATE(LINUX, USB, 111, 76); - TRANSLATE(LINUX, RFB, 88, 88); - TRANSLATE(LINUX, RFB, 160, 163); + TRANSLATE(LINUX, QNUM, 88, 88); + TRANSLATE(LINUX, QNUM, 160, 163); TRANSLATE(ATSET2, ATSET3, 131, 55); TRANSLATE(OSX, WIN32, 90, 131); TRANSLATE(OSX, ATSET1, 90, 90); diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c index c78cf7f219..2b775fc4cc 100644 --- a/tools/virsh-domain.c +++ b/tools/virsh-domain.c @@ -8688,6 +8688,11 @@ cmdSendKey(vshControl *ctl, const vshCmd *cmd) if (vshCommandOptUInt(ctl, cmd, "holdtime", &holdtime) < 0) goto cleanup; + /* The qnum codeset was originally called rfb, so we need to keep + * accepting the old name for backwards compatibility reasons */ + if (STREQ(codeset_option, "rfb")) + codeset_option = "qnum"; + codeset = virKeycodeSetTypeFromString(codeset_option); if (codeset < 0) { vshError(ctl, _("unknown codeset: '%s'"), codeset_option); diff --git a/tools/virsh.pod b/tools/virsh.pod index 8f0e8d74b0..378e26a20d 100644 --- a/tools/virsh.pod +++ b/tools/virsh.pod @@ -2249,14 +2249,14 @@ for keyboard input. No symbolic names are provided See L<virkeycode-usb(7)> -=item B<rfb> +=item B<qnum> -The numeric values are those defined by the RFB extension for sending +The numeric values are those defined by the QNUM extension for sending raw keycodes. These are a variant on the XT codeset, but extended keycodes have the low bit of the second byte set, instead of the high bit of the first byte. No symbolic names are provided. -See L<virkeycode-rfb(7)> +See L<virkeycode-qnum(7)> =back -- 2.14.3

2 7