[libvirt] [PATCH] tests: Move tools under tests/tools/
by Michal Privoznik
There are some scripts/binaries that are not tests themselves but
rather fulfill support purpose. Separate them from the rest of
the tests.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
.gitignore | 2 +-
Makefile.am | 2 +-
cfg.mk | 4 +-
configure.ac | 1 +
tests/Makefile.am | 22 +-----
tests/qemucapabilitiestest.c | 4 +-
tests/testutils.c | 2 +-
tests/{ => tools}/.valgrind.supp | 0
tests/tools/Makefile.am | 85 +++++++++++++++++++++
tests/{ => tools}/check-file-access.pl | 0
tests/{ => tools}/file_access_whitelist.txt | 0
tests/{ => tools}/group-qemu-caps.pl | 0
tests/{ => tools}/oomtrace.pl | 0
tests/{ => tools}/qemucapsprobe.c | 0
tests/{ => tools}/qemucapsprobemock.c | 0
tests/{ => tools}/test-wrap-argv.pl | 2 +-
16 files changed, 98 insertions(+), 26 deletions(-)
rename tests/{ => tools}/.valgrind.supp (100%)
create mode 100644 tests/tools/Makefile.am
rename tests/{ => tools}/check-file-access.pl (100%)
rename tests/{ => tools}/file_access_whitelist.txt (100%)
rename tests/{ => tools}/group-qemu-caps.pl (100%)
rename tests/{ => tools}/oomtrace.pl (100%)
rename tests/{ => tools}/qemucapsprobe.c (100%)
rename tests/{ => tools}/qemucapsprobemock.c (100%)
rename tests/{ => tools}/test-wrap-argv.pl (98%)
diff --git a/.gitignore b/.gitignore
index 16eb4a3e2e..c231d394f3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -170,7 +170,7 @@
/tests/*.trs
/tests/*test
/tests/commandhelper
-/tests/qemucapsprobe
+/tests/tools/qemucapsprobe
!/tests/virsh-self-test
!/tests/virt-aa-helper-test
!/tests/virt-admin-self-test
diff --git a/Makefile.am b/Makefile.am
index eba5916352..875c0fa997 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -17,7 +17,7 @@
## <http://www.gnu.org/licenses/>.
SUBDIRS = . gnulib/lib include/libvirt src tools docs gnulib/tests \
- tests po examples
+ tests tests/tools po examples
XZ_OPT ?= -v -T0
export XZ_OPT
diff --git a/cfg.mk b/cfg.mk
index b785089910..5e055023ee 100644
--- a/cfg.mk
+++ b/cfg.mk
@@ -1169,10 +1169,10 @@ header-ifdef:
test-wrap-argv:
$(AM_V_GEN)$(VC_LIST) | $(GREP) -E '\.(ldargs|args)' | xargs \
- $(PERL) $(top_srcdir)/tests/test-wrap-argv.pl --check
+ $(PERL) $(top_srcdir)/tests/tools/test-wrap-argv.pl --check
group-qemu-caps:
- $(AM_V_GEN)$(PERL) $(top_srcdir)/tests/group-qemu-caps.pl --check $(top_srcdir)/
+ $(AM_V_GEN)$(PERL) $(top_srcdir)/tests/tools/group-qemu-caps.pl --check $(top_srcdir)/
# sc_po_check can fail if generated files are not built first
sc_po_check: \
diff --git a/configure.ac b/configure.ac
index fabec815db..893d0db17a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -925,6 +925,7 @@ AC_CONFIG_FILES([\
include/libvirt/libvirt-common.h \
examples/Makefile \
tests/Makefile \
+ tests/tools/Makefile \
tools/Makefile])
AC_OUTPUT
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 46d94d2236..0f5a5c231e 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -75,7 +75,6 @@ MOCKLIBS_LIBS = \
../src/libvirt.la
EXTRA_DIST = \
- .valgrind.supp \
bhyvexml2argvdata \
bhyveargv2xmldata \
bhyvexml2xmloutdata \
@@ -107,7 +106,6 @@ EXTRA_DIST = \
nwfilterxml2firewalldata \
nwfilterxml2xmlin \
nwfilterxml2xmlout \
- oomtrace.pl \
qemuagentdata \
qemuargv2xmldata \
qemublocktestdata \
@@ -285,12 +283,10 @@ test_programs += qemuxml2argvtest qemuxml2xmltest \
qemusecuritytest \
qemufirmwaretest \
$(NULL)
-test_helpers += qemucapsprobe
test_libraries += libqemumonitortestutils.la \
libqemutestdriver.la \
qemuxml2argvmock.la \
qemucaps2xmlmock.la \
- qemucapsprobemock.la \
qemucpumock.la \
$(NULL)
endif WITH_QEMU
@@ -442,15 +438,15 @@ EXTRA_DIST += $(test_scripts)
if WITH_LINUX
check-access: file-access-clean
VIR_TEST_FILE_ACCESS=1 $(MAKE) $(AM_MAKEFLAGS) check
- $(PERL) check-file-access.pl | sort -u
+ $(PERL) tools/check-file-access.pl | sort -u
file-access-clean:
> test_file_access.txt
endif WITH_LINUX
EXTRA_DIST += \
- check-file-access.pl \
- file_access_whitelist.txt
+ tools/check-file-access.pl \
+ tools/file_access_whitelist.txt
if WITH_TESTS
noinst_PROGRAMS = $(test_programs) $(test_helpers)
@@ -478,7 +474,7 @@ TESTS_ENVIRONMENT = \
VALGRIND = valgrind --quiet --leak-check=full --trace-children=yes \
--trace-children-skip="*/tools/virsh","*/tests/commandhelper" \
- --suppressions=$(abs_srcdir)/.valgrind.supp
+ --suppressions=$(abs_srcdir)/tools/.valgrind.supp
valgrind:
$(MAKE) check VG="$(LIBTOOL) --mode=execute $(VALGRIND)"
@@ -603,16 +599,6 @@ qemucapabilitiestest_SOURCES = \
qemucapabilitiestest_LDADD = libqemumonitortestutils.la \
$(qemu_LDADDS) $(LDADDS)
-qemucapsprobe_SOURCES = \
- qemucapsprobe.c
-qemucapsprobe_LDADD = \
- libqemutestdriver.la $(LDADDS)
-
-qemucapsprobemock_la_SOURCES = \
- qemucapsprobemock.c
-qemucapsprobemock_la_LDFLAGS = $(MOCKLIBS_LDFLAGS)
-qemucapsprobemock_la_LIBADD = $(MOCKLIBS_LIBS)
-
qemucommandutiltest_SOURCES = \
qemucommandutiltest.c \
testutils.c testutils.h \
diff --git a/tests/qemucapabilitiestest.c b/tests/qemucapabilitiestest.c
index ac9ab6bfce..48363326f4 100644
--- a/tests/qemucapabilitiestest.c
+++ b/tests/qemucapabilitiestest.c
@@ -225,11 +225,11 @@ mymain(void)
return EXIT_FAILURE;
/*
- * Run "tests/qemucapsprobe /path/to/qemu/binary >foo.replies"
+ * Run "tests/tools/qemucapsprobe /path/to/qemu/binary >foo.replies"
* to generate updated or new *.replies data files.
*
* If you manually edit replies files you can run
- * "tests/qemucapsfixreplies foo.replies" to fix the replies ids.
+ * "tests/tools/qemucapsfixreplies foo.replies" to fix the replies ids.
*
* Once a replies file has been generated and tweaked if necessary,
* you can drop it into tests/qemucapabilitiesdata/ (with a sensible
diff --git a/tests/testutils.c b/tests/testutils.c
index 245b1832f6..080a1ccda2 100644
--- a/tests/testutils.c
+++ b/tests/testutils.c
@@ -533,7 +533,7 @@ virTestRewrapFile(const char *filename)
return -1;
}
- if (virAsprintf(&script, "%s/test-wrap-argv.pl", abs_srcdir) < 0)
+ if (virAsprintf(&script, "%s/tools/test-wrap-argv.pl", abs_srcdir) < 0)
goto cleanup;
cmd = virCommandNewArgList(perl, script, "--in-place", filename, NULL);
diff --git a/tests/.valgrind.supp b/tests/tools/.valgrind.supp
similarity index 100%
rename from tests/.valgrind.supp
rename to tests/tools/.valgrind.supp
diff --git a/tests/tools/Makefile.am b/tests/tools/Makefile.am
new file mode 100644
index 0000000000..8a34b4a84f
--- /dev/null
+++ b/tests/tools/Makefile.am
@@ -0,0 +1,85 @@
+# vim: filetype=automake
+
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/tests/ \
+ -I$(top_builddir) -I$(top_srcdir) \
+ -I$(top_builddir)/gnulib/lib -I$(top_srcdir)/gnulib/lib \
+ -I$(top_builddir)/include -I$(top_srcdir)/include \
+ -I$(top_builddir)/src -I$(top_srcdir)/src \
+ -I$(top_srcdir)/src/util \
+ -I$(top_srcdir)/src/conf \
+ $(NULL)
+
+WARN_CFLAGS += $(RELAXED_FRAME_LIMIT_CFLAGS)
+
+AM_CFLAGS = \
+ -Dabs_builddir="\"$(abs_builddir)\"" \
+ -Dabs_top_builddir="\"$(abs_top_builddir)\"" \
+ -Dabs_srcdir="\"$(abs_srcdir)\"" \
+ -Dabs_top_srcdir="\"$(abs_top_srcdir)\"" \
+ $(LIBXML_CFLAGS) \
+ $(LIBNL_CFLAGS) \
+ $(GNUTLS_CFLAGS) \
+ $(SASL_CFLAGS) \
+ $(SELINUX_CFLAGS) \
+ $(APPARMOR_CFLAGS) \
+ $(YAJL_CFLAGS) \
+ $(XDR_CFLAGS) \
+ $(WARN_CFLAGS)
+
+AM_LDFLAGS = \
+ -export-dynamic
+
+MOCKLIBS_LDFLAGS = -module -avoid-version \
+ -rpath /evil/libtool/hack/to/force/shared/lib/creation \
+ $(MINGW_EXTRA_LDFLAGS)
+
+GNULIB_LIBS = \
+ ../../gnulib/lib/libgnu.la
+
+MOCKLIBS_LIBS = \
+ $(GNULIB_LIBS) \
+ ../../src/libvirt.la
+
+PROBES_O =
+if WITH_DTRACE_PROBES
+PROBES_O += ../../src/libvirt_probes.lo
+endif WITH_DTRACE_PROBES
+
+LDADDS = \
+ $(NO_INDIRECT_LDFLAGS) \
+ $(PROBES_O) \
+ $(GNULIB_LIBS) \
+ ../../src/libvirt.la
+
+test_helpers =
+test_libraries =
+
+if WITH_QEMU
+test_helpers += qemucapsprobe
+test_libraries += qemucapsprobemock.la
+
+qemucapsprobe_SOURCES = \
+ qemucapsprobe.c \
+ ../testutils.h
+qemucapsprobe_LDADD = \
+ ../libqemutestdriver.la $(LDADDS)
+
+qemucapsprobemock_la_SOURCES = \
+ qemucapsprobemock.c
+qemucapsprobemock_la_LDFLAGS = $(MOCKLIBS_LDFLAGS)
+qemucapsprobemock_la_LIBADD = $(MOCKLIBS_LIBS)
+endif WITH_QEMU
+
+
+if WITH_TESTS
+noinst_PROGRAMS = $(test_helpers)
+noinst_LTLIBRARIES = $(test_libraries)
+else ! WITH_TESTS
+check_PROGRAMS = $(test_helpers)
+check_LTLIBRARIES = $(test_libraries)
+endif ! WITH_TESTS
+
+EXTRA_DIST = \
+ .valgrind.supp \
+ oomtrace.pl
diff --git a/tests/check-file-access.pl b/tests/tools/check-file-access.pl
similarity index 100%
rename from tests/check-file-access.pl
rename to tests/tools/check-file-access.pl
diff --git a/tests/file_access_whitelist.txt b/tests/tools/file_access_whitelist.txt
similarity index 100%
rename from tests/file_access_whitelist.txt
rename to tests/tools/file_access_whitelist.txt
diff --git a/tests/group-qemu-caps.pl b/tests/tools/group-qemu-caps.pl
similarity index 100%
rename from tests/group-qemu-caps.pl
rename to tests/tools/group-qemu-caps.pl
diff --git a/tests/oomtrace.pl b/tests/tools/oomtrace.pl
similarity index 100%
rename from tests/oomtrace.pl
rename to tests/tools/oomtrace.pl
diff --git a/tests/qemucapsprobe.c b/tests/tools/qemucapsprobe.c
similarity index 100%
rename from tests/qemucapsprobe.c
rename to tests/tools/qemucapsprobe.c
diff --git a/tests/qemucapsprobemock.c b/tests/tools/qemucapsprobemock.c
similarity index 100%
rename from tests/qemucapsprobemock.c
rename to tests/tools/qemucapsprobemock.c
diff --git a/tests/test-wrap-argv.pl b/tests/tools/test-wrap-argv.pl
similarity index 98%
rename from tests/test-wrap-argv.pl
rename to tests/tools/test-wrap-argv.pl
index 7867e9d719..4a28ee9d46 100755
--- a/tests/test-wrap-argv.pl
+++ b/tests/tools/test-wrap-argv.pl
@@ -94,7 +94,7 @@ sub rewrap {
close DIFF;
print STDERR "Incorrect line wrapping in $file\n";
- print STDERR "Use test-wrap-argv.pl to wrap test data files\n";
+ print STDERR "Use tests/tools/test-wrap-argv.pl to wrap test data files\n";
return -1;
}
} else {
--
2.21.0
5 years, 5 months
[libvirt] [PATCH v2] tests: Move tools under tests/tools/
by Michal Privoznik
There are some scripts/binaries that are not tests themselves but
rather fulfill support purpose. Separate them from the rest of
the tests.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
diff to v1:
- Found a way to generate a binary into a subdir. So no new Makefile.am
is introduced
.gitignore | 2 +-
cfg.mk | 4 ++--
tests/Makefile.am | 22 +++-----------------
tests/qemucapabilitiestest.c | 4 ++--
tests/testutils.c | 2 +-
tests/{ => tools}/.valgrind.supp | 0
tests/tools/Makefile.inc.am | 23 +++++++++++++++++++++
tests/{ => tools}/check-file-access.pl | 2 +-
tests/{ => tools}/file_access_whitelist.txt | 0
tests/{ => tools}/group-qemu-caps.pl | 0
tests/{ => tools}/oomtrace.pl | 0
tests/{ => tools}/qemucapsprobe.c | 2 +-
tests/{ => tools}/qemucapsprobemock.c | 0
tests/{ => tools}/test-wrap-argv.pl | 2 +-
14 files changed, 35 insertions(+), 28 deletions(-)
rename tests/{ => tools}/.valgrind.supp (100%)
create mode 100644 tests/tools/Makefile.inc.am
rename tests/{ => tools}/check-file-access.pl (98%)
rename tests/{ => tools}/file_access_whitelist.txt (100%)
rename tests/{ => tools}/group-qemu-caps.pl (100%)
rename tests/{ => tools}/oomtrace.pl (100%)
rename tests/{ => tools}/qemucapsprobe.c (96%)
rename tests/{ => tools}/qemucapsprobemock.c (100%)
rename tests/{ => tools}/test-wrap-argv.pl (98%)
diff --git a/.gitignore b/.gitignore
index 16eb4a3e2e..c231d394f3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -170,7 +170,7 @@
/tests/*.trs
/tests/*test
/tests/commandhelper
-/tests/qemucapsprobe
+/tests/tools/qemucapsprobe
!/tests/virsh-self-test
!/tests/virt-aa-helper-test
!/tests/virt-admin-self-test
diff --git a/cfg.mk b/cfg.mk
index b785089910..5e055023ee 100644
--- a/cfg.mk
+++ b/cfg.mk
@@ -1169,10 +1169,10 @@ header-ifdef:
test-wrap-argv:
$(AM_V_GEN)$(VC_LIST) | $(GREP) -E '\.(ldargs|args)' | xargs \
- $(PERL) $(top_srcdir)/tests/test-wrap-argv.pl --check
+ $(PERL) $(top_srcdir)/tests/tools/test-wrap-argv.pl --check
group-qemu-caps:
- $(AM_V_GEN)$(PERL) $(top_srcdir)/tests/group-qemu-caps.pl --check $(top_srcdir)/
+ $(AM_V_GEN)$(PERL) $(top_srcdir)/tests/tools/group-qemu-caps.pl --check $(top_srcdir)/
# sc_po_check can fail if generated files are not built first
sc_po_check: \
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 46d94d2236..c63e8a6e70 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -75,7 +75,6 @@ MOCKLIBS_LIBS = \
../src/libvirt.la
EXTRA_DIST = \
- .valgrind.supp \
bhyvexml2argvdata \
bhyveargv2xmldata \
bhyvexml2xmloutdata \
@@ -107,7 +106,6 @@ EXTRA_DIST = \
nwfilterxml2firewalldata \
nwfilterxml2xmlin \
nwfilterxml2xmlout \
- oomtrace.pl \
qemuagentdata \
qemuargv2xmldata \
qemublocktestdata \
@@ -285,12 +283,10 @@ test_programs += qemuxml2argvtest qemuxml2xmltest \
qemusecuritytest \
qemufirmwaretest \
$(NULL)
-test_helpers += qemucapsprobe
test_libraries += libqemumonitortestutils.la \
libqemutestdriver.la \
qemuxml2argvmock.la \
qemucaps2xmlmock.la \
- qemucapsprobemock.la \
qemucpumock.la \
$(NULL)
endif WITH_QEMU
@@ -442,15 +438,13 @@ EXTRA_DIST += $(test_scripts)
if WITH_LINUX
check-access: file-access-clean
VIR_TEST_FILE_ACCESS=1 $(MAKE) $(AM_MAKEFLAGS) check
- $(PERL) check-file-access.pl | sort -u
+ $(PERL) tools/check-file-access.pl | sort -u
file-access-clean:
> test_file_access.txt
endif WITH_LINUX
-EXTRA_DIST += \
- check-file-access.pl \
- file_access_whitelist.txt
+include tools/Makefile.inc.am
if WITH_TESTS
noinst_PROGRAMS = $(test_programs) $(test_helpers)
@@ -478,7 +472,7 @@ TESTS_ENVIRONMENT = \
VALGRIND = valgrind --quiet --leak-check=full --trace-children=yes \
--trace-children-skip="*/tools/virsh","*/tests/commandhelper" \
- --suppressions=$(abs_srcdir)/.valgrind.supp
+ --suppressions=$(abs_srcdir)/tools/.valgrind.supp
valgrind:
$(MAKE) check VG="$(LIBTOOL) --mode=execute $(VALGRIND)"
@@ -603,16 +597,6 @@ qemucapabilitiestest_SOURCES = \
qemucapabilitiestest_LDADD = libqemumonitortestutils.la \
$(qemu_LDADDS) $(LDADDS)
-qemucapsprobe_SOURCES = \
- qemucapsprobe.c
-qemucapsprobe_LDADD = \
- libqemutestdriver.la $(LDADDS)
-
-qemucapsprobemock_la_SOURCES = \
- qemucapsprobemock.c
-qemucapsprobemock_la_LDFLAGS = $(MOCKLIBS_LDFLAGS)
-qemucapsprobemock_la_LIBADD = $(MOCKLIBS_LIBS)
-
qemucommandutiltest_SOURCES = \
qemucommandutiltest.c \
testutils.c testutils.h \
diff --git a/tests/qemucapabilitiestest.c b/tests/qemucapabilitiestest.c
index ac9ab6bfce..48363326f4 100644
--- a/tests/qemucapabilitiestest.c
+++ b/tests/qemucapabilitiestest.c
@@ -225,11 +225,11 @@ mymain(void)
return EXIT_FAILURE;
/*
- * Run "tests/qemucapsprobe /path/to/qemu/binary >foo.replies"
+ * Run "tests/tools/qemucapsprobe /path/to/qemu/binary >foo.replies"
* to generate updated or new *.replies data files.
*
* If you manually edit replies files you can run
- * "tests/qemucapsfixreplies foo.replies" to fix the replies ids.
+ * "tests/tools/qemucapsfixreplies foo.replies" to fix the replies ids.
*
* Once a replies file has been generated and tweaked if necessary,
* you can drop it into tests/qemucapabilitiesdata/ (with a sensible
diff --git a/tests/testutils.c b/tests/testutils.c
index 245b1832f6..080a1ccda2 100644
--- a/tests/testutils.c
+++ b/tests/testutils.c
@@ -533,7 +533,7 @@ virTestRewrapFile(const char *filename)
return -1;
}
- if (virAsprintf(&script, "%s/test-wrap-argv.pl", abs_srcdir) < 0)
+ if (virAsprintf(&script, "%s/tools/test-wrap-argv.pl", abs_srcdir) < 0)
goto cleanup;
cmd = virCommandNewArgList(perl, script, "--in-place", filename, NULL);
diff --git a/tests/.valgrind.supp b/tests/tools/.valgrind.supp
similarity index 100%
rename from tests/.valgrind.supp
rename to tests/tools/.valgrind.supp
diff --git a/tests/tools/Makefile.inc.am b/tests/tools/Makefile.inc.am
new file mode 100644
index 0000000000..ffc38a93f7
--- /dev/null
+++ b/tests/tools/Makefile.inc.am
@@ -0,0 +1,23 @@
+# vim: filetype=automake
+
+if WITH_QEMU
+test_helpers += tools/qemucapsprobe
+test_libraries += tools/qemucapsprobemock.la
+
+tools_qemucapsprobe_SOURCES = \
+ tools/qemucapsprobe.c \
+ testutils.h
+tools_qemucapsprobe_LDADD = \
+ libqemutestdriver.la $(LDADDS)
+
+tools_qemucapsprobemock_la_SOURCES = \
+ tools/qemucapsprobemock.c
+tools_qemucapsprobemock_la_LDFLAGS = $(MOCKLIBS_LDFLAGS)
+tools_qemucapsprobemock_la_LIBADD = $(MOCKLIBS_LIBS)
+endif WITH_QEMU
+
+EXTRA_DIST += \
+ tools/.valgrind.supp \
+ tools/check-file-access.pl \
+ tools/file_access_whitelist.txt \
+ tools/oomtrace.pl
diff --git a/tests/check-file-access.pl b/tests/tools/check-file-access.pl
similarity index 98%
rename from tests/check-file-access.pl
rename to tests/tools/check-file-access.pl
index ea0b7a18a2..2f1796b0f3 100755
--- a/tests/check-file-access.pl
+++ b/tests/tools/check-file-access.pl
@@ -25,7 +25,7 @@ use strict;
use warnings;
my $access_file = "test_file_access.txt";
-my $whitelist_file = "file_access_whitelist.txt";
+my $whitelist_file = "tools/file_access_whitelist.txt";
my @known_actions = ("open", "fopen", "access", "stat", "lstat", "connect");
diff --git a/tests/file_access_whitelist.txt b/tests/tools/file_access_whitelist.txt
similarity index 100%
rename from tests/file_access_whitelist.txt
rename to tests/tools/file_access_whitelist.txt
diff --git a/tests/group-qemu-caps.pl b/tests/tools/group-qemu-caps.pl
similarity index 100%
rename from tests/group-qemu-caps.pl
rename to tests/tools/group-qemu-caps.pl
diff --git a/tests/oomtrace.pl b/tests/tools/oomtrace.pl
similarity index 100%
rename from tests/oomtrace.pl
rename to tests/tools/oomtrace.pl
diff --git a/tests/qemucapsprobe.c b/tests/tools/qemucapsprobe.c
similarity index 96%
rename from tests/qemucapsprobe.c
rename to tests/tools/qemucapsprobe.c
index 14c0ecad97..7a5018676c 100644
--- a/tests/qemucapsprobe.c
+++ b/tests/tools/qemucapsprobe.c
@@ -47,7 +47,7 @@ main(int argc, char **argv)
virThread thread;
virQEMUCapsPtr caps;
- VIR_TEST_PRELOAD(abs_builddir "/.libs/qemucapsprobemock.so");
+ VIR_TEST_PRELOAD(abs_builddir "/tools/.libs/qemucapsprobemock.so");
if (argc != 2) {
fprintf(stderr, "%s QEMU_binary\n", argv[0]);
diff --git a/tests/qemucapsprobemock.c b/tests/tools/qemucapsprobemock.c
similarity index 100%
rename from tests/qemucapsprobemock.c
rename to tests/tools/qemucapsprobemock.c
diff --git a/tests/test-wrap-argv.pl b/tests/tools/test-wrap-argv.pl
similarity index 98%
rename from tests/test-wrap-argv.pl
rename to tests/tools/test-wrap-argv.pl
index 7867e9d719..4a28ee9d46 100755
--- a/tests/test-wrap-argv.pl
+++ b/tests/tools/test-wrap-argv.pl
@@ -94,7 +94,7 @@ sub rewrap {
close DIFF;
print STDERR "Incorrect line wrapping in $file\n";
- print STDERR "Use test-wrap-argv.pl to wrap test data files\n";
+ print STDERR "Use tests/tools/test-wrap-argv.pl to wrap test data files\n";
return -1;
}
} else {
--
2.21.0
5 years, 5 months
[libvirt] [PATCH] x86: Multi-key Total Memory Encryption (Intel)
by Larkins Carvalho
From: llcarval <larkins.l.carvalho(a)intel.com>
Total Memory Encryption (TME) – provides the capability to encrypt the
entirety of the physical memory of a system. MKTME builds on TME and
adds support for multiple encryption keys.
High Level flow:
1. Management tool calls virNodeGetMKTMEInfo. This returns an XML document
that includes the following
<feature>
...
<mktme supported='yes'>
<keys_supported> </keys_supported>
</mktme>
</feature>
2. Management tool requests to start a guest calling virCreateXML(). The xml would include
<launchsecurity type='mktme'>
<id>m0</id>
<key_type>user</key_type>
<key>samplekey</key>
<encryption_algorithm>aes-xts-128</encryption_algorithm>
</launchSecurity>
3. Libvirt makes system call with the provided information to generate a key handle using linux keyring services.
Qemu uses the key handle to launch the workload.
4. Libvirt generate the QEMU cli arg to enable the MKTME feature, a typical
args looks like this:
-machine memory-encryption=m0 \
-object mktme-guest,id=m0,handle=${serial}
Intel MKTME spec: https://software.intel.com/sites/default/files/managed/a5/16/Multi-Key-To...
WIP: Qemu and KVM patch to support Intel MKTME are in the process of development and community approval.
The purpose of this initial review is to get on par with libvirt development and the proposed Intel MKTME feature in libvirt.
Considering we have not added tests, this is a preliminary patch and based on the community feedback, we expect more updates to follow.
TODO:
Add tests for launch security of type mktme.
Update domaincommon.rng to add attribute of type mktme.
---
docs/formatdomain.html.in | 62 +-
docs/formatdomaincaps.html.in | 18 +
docs/schemas/domaincaps.rng | 14 +
include/libvirt/libvirt-host.h | 18 +
src/conf/domain_capabilities.c | 29 +
src/conf/domain_capabilities.h | 12 +
src/conf/domain_conf.c | 114 +-
src/conf/domain_conf.h | 13 +
src/conf/virconftypes.h | 3 +
src/driver-hypervisor.h | 7 +
src/libvirt-host.c | 48 +
src/libvirt_private.syms | 5 +
src/libvirt_public.syms | 5 +
src/qemu/qemu_capabilities.c | 130 +-
src/qemu/qemu_capabilities.h | 4 +
src/qemu/qemu_capspriv.h | 4 +
src/qemu/qemu_command.c | 40 +
src/qemu/qemu_driver.c | 63 +
src/qemu/qemu_monitor.c | 9 +
src/qemu/qemu_monitor.h | 5 +
src/qemu/qemu_monitor_json.c | 52 +
src/qemu/qemu_monitor_json.h | 3 +
src/remote/remote_daemon_dispatch.c | 43 +
src/remote/remote_driver.c | 40 +-
src/remote/remote_protocol.x | 21 +-
src/remote_protocol-structs | 12 +
src/util/Makefile.inc.am | 2 +
src/util/virmktme.c | 112 ++
src/util/virmktme.h | 33 +
.../bhyve_basic.x86_64.xml | 1 +
.../bhyve_fbuf.x86_64.xml | 1 +
.../bhyve_uefi.x86_64.xml | 1 +
tests/domaincapsschemadata/empty.xml | 1 +
tests/domaincapsschemadata/libxl-xenfv.xml | 1 +
tests/domaincapsschemadata/libxl-xenpv.xml | 1 +
.../qemu_1.7.0.x86_64.xml | 1 +
.../qemu_2.12.0-virt.aarch64.xml | 1 +
.../qemu_2.12.0.ppc64.xml | 1 +
.../qemu_2.12.0.s390x.xml | 1 +
.../qemu_2.12.0.x86_64.xml | 1 +
.../qemu_2.6.0-virt.aarch64.xml | 1 +
.../qemu_2.6.0.aarch64.xml | 1 +
.../domaincapsschemadata/qemu_2.6.0.ppc64.xml | 1 +
.../qemu_2.6.0.x86_64.xml | 1 +
.../domaincapsschemadata/qemu_2.7.0.s390x.xml | 1 +
.../qemu_2.8.0-tcg.x86_64.xml | 1 +
.../domaincapsschemadata/qemu_2.8.0.s390x.xml | 1 +
.../qemu_2.8.0.x86_64.xml | 1 +
.../qemu_2.9.0-q35.x86_64.xml | 1 +
.../qemu_2.9.0-tcg.x86_64.xml | 1 +
.../qemu_2.9.0.x86_64.xml | 1 +
.../domaincapsschemadata/qemu_3.0.0.s390x.xml | 1 +
.../qemu_3.1.0.x86_64.xml | 1 +
.../qemu_4.0.0.x86_64.xml | 1 +
.../qemu_5.0.0.x86_64.xml | 164 ++
tests/domaincapstest.c | 4 +
.../caps_5.0.0.x86_64.xml | 1389 +++++++++++++++++
57 files changed, 2490 insertions(+), 13 deletions(-)
create mode 100644 src/util/virmktme.c
create mode 100644 src/util/virmktme.h
create mode 100644 tests/domaincapsschemadata/qemu_5.0.0.x86_64.xml
create mode 100644 tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index e1da878fcc..e96186aba9 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -8924,13 +8924,16 @@ qemu-kvm -net nic,model=? /dev/null
<p>Note: DEA/TDEA is synonymous with DES/TDES.</p>
- <h3><a id="sev">Launch Security</a></h3>
+ <h3><a id="launchsecurity">Launch Security</a></h3>
<p>
- The contents of the <code><launchSecurity type='sev'></code> element
+ The contents of the <code>launchSecurity</code> element
is used to provide the guest owners input used for creating an encrypted
- VM using the AMD SEV feature (Secure Encrypted Virtualization).
-
+ VM using the AMD SEV feature (Secure Encrypted Virtualization)
+ and Intel MKTME (Multi-Key Total Memory Encryption).
+ </p>
+ <h4><a id="sev">SEV</a></h4>
+ <p>
SEV is an extension to the AMD-V architecture which supports running
encrypted virtual machine (VMs) under the control of KVM. Encrypted
VMs have their pages (code and data) secured such that only the guest
@@ -8942,7 +8945,7 @@ qemu-kvm -net nic,model=? /dev/null
For more information see various input parameters and its format see the
<a href="https://support.amd.com/TechDocs/55766_SEV-KM_API_Specification.pdf">SEV API spec</a>
<span class="since">Since 4.4.0</span>
- </p>
+ </p>
<pre>
<domain>
...
@@ -9039,6 +9042,55 @@ qemu-kvm -net nic,model=? /dev/null
</dd>
</dl>
+ <h4><a id="mktme">MKTME</a></h4>
+ <p>
+ Total Memory Encryption (TME) – provides the capability to encrypt the
+ entirety of the physical memory of a system. MKTME builds on TME and
+ adds support for multiple encryption keys.
+
+ By default MKTME uses the TME encryption key unless explicitly specified
+ by software. In addition to supporting a CPU generated ephemeral
+ key (not accessible by software or by using external interfaces to an SOC),
+ MKTME also supports software provided keys. Software provided keys are
+ particularly useful when used with nonvolatile memory or when combined
+ with attestation mechanisms and/or used with key provisioning services.
+
+ For more information see
+ <a href="https://support.amd.com/TechDocs/55766_SEV-KM_API_Specification.pdf">MKTME spec</a>
+ <span class="since">Since 5.3.0</span>
+ </p>
+ <pre>
+<domain>
+ ...
+ <launchSecurity type='mktme'>
+ <id>mktme-0</id>
+ <key_type>samplekey</key_type>
+ <type>user</type>
+ <encryption_algorithm>aes-xts-128</encryption_algorithm>
+ </launchSecurity>
+ ...
+</domain>
+</pre>
+ <dl>
+ <dt><code>id</code></dt>
+ <dd>The required <code>id</code> element provides ability to map the key handle.
+ If the id exists system returns the same mapped key handle which can be used to
+ encrpyt a different guest.
+ </dd>
+ <dt><code>key_type</code></dt>
+ <dd>MKTME supports user and cpu generated keys. The required <code>key_type</code>
+ element provides the type of key used for the encryption.
+ </dd>
+ <dt><code>key</code></dt>
+ <dd>The optional <code>key</code> element provides the key used for the encryption.
+ Required only when the key type is of user.
+ </dd>
+ <dt><code>encryption_algorithm</code></dt>
+ <dd>The required <code>encyption_algorithm</code> element provides the type of
+ encryption algorithm. Currently, MKTME supports aes-xts-128 only.
+ </dd>
+ </dl>
+
<h2><a id="examples">Example configs</a></h2>
<p>
diff --git a/docs/formatdomaincaps.html.in b/docs/formatdomaincaps.html.in
index b31b1729f4..ece891fa67 100644
--- a/docs/formatdomaincaps.html.in
+++ b/docs/formatdomaincaps.html.in
@@ -530,5 +530,23 @@
address space. The number of bits we lose is hypervisor dependent.</dd>
</dl>
+ <h4><a id="elementsMKTME">MKTME capabilities</a></h4>
+
+ <p>Intel Multi-Key Total Memory Encryption (MKTME) capabilities are exposed under
+ the <code>mktme</code> element.
+ Total Memory Encryption (TME) – provides the capability to encrypt the
+ entirety of the physical memory of a system. MKTME builds on TME and
+ adds support for multiple encryption keys.</p>
+
+ <p>
+ For more details on MKTME feature see:
+ <a href="https://software.intel.com/sites/default/files/managed/a5/16/Multi-Key-To...">MKTME spec</a>
+ </p>
+
+ <dl>
+ <dt><code>keys_supported</code></dt>
+ <dd>When mktme is enabled, keys_supported information is avaiable</dd>
+ </dl>
+
</body>
</html>
diff --git a/docs/schemas/domaincaps.rng b/docs/schemas/domaincaps.rng
index e629d6431f..a399e4348f 100644
--- a/docs/schemas/domaincaps.rng
+++ b/docs/schemas/domaincaps.rng
@@ -200,6 +200,9 @@
<optional>
<ref name='sev'/>
</optional>
+ <optional>
+ <ref name='mktme'/>
+ </optional>
</element>
</define>
@@ -236,6 +239,17 @@
</element>
</define>
+ <define name='mktme'>
+ <element name='mktme'>
+ <ref name='supported'/>
+ <optional>
+ <element name='keys_supported'>
+ <data type='unsignedInt'/>
+ </element>
+ </optional>
+ </element>
+ </define>
+
<define name='value'>
<zeroOrMore>
<element name='value'>
diff --git a/include/libvirt/libvirt-host.h b/include/libvirt/libvirt-host.h
index 7debb5f829..10d2e4d2f3 100644
--- a/include/libvirt/libvirt-host.h
+++ b/include/libvirt/libvirt-host.h
@@ -473,6 +473,24 @@ int virNodeGetSEVInfo (virConnectPtr conn,
int *nparams,
unsigned int flags);
+/**
+*
+* MKTME Parameters
+*/
+
+/**
+* VIR_NODE_MKTME_KEYS_SUPPORTED:
+*
+* Macro represents the number of keys supported, when MKTME is enabled in the guest.
+*/
+# define VIR_NODE_MKTME_KEYS_SUPPORTED "keys_supported"
+
+int virNodeGetMKTMEInfo(virConnectPtr conn,
+ virTypedParameterPtr *params,
+ int *nparams,
+ unsigned int flags);
+
+
/**
* virConnectFlags
*
diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c
index 2e7e1c206b..1115fc26fc 100644
--- a/src/conf/domain_capabilities.c
+++ b/src/conf/domain_capabilities.c
@@ -78,6 +78,15 @@ virSEVCapabilitiesFree(virSEVCapability *cap)
VIR_FREE(cap);
}
+void
+virMKTMECapabilitiesFree(virMKTMECapability *cap)
+{
+ if (!cap)
+ return;
+
+ VIR_FREE(cap);
+}
+
static void
virDomainCapsDispose(void *obj)
@@ -89,6 +98,7 @@ virDomainCapsDispose(void *obj)
virObjectUnref(caps->cpu.custom);
virCPUDefFree(caps->cpu.hostModel);
virSEVCapabilitiesFree(caps->sev);
+ virMKTMECapabilitiesFree(caps->mktme);
virDomainCapsStringValuesFree(&caps->os.loader.values);
}
@@ -593,6 +603,24 @@ virDomainCapsFeatureSEVFormat(virBufferPtr buf,
return;
}
+static void
+virDomainCapsFeatureMKTMEFormat(virBufferPtr buf,
+ virMKTMECapabilityPtr const mktme)
+{
+ if (!mktme) {
+ virBufferAddLit(buf, "<mktme supported='no'/>\n");
+ }
+ else {
+ virBufferAddLit(buf, "<mktme supported='yes'>\n");
+ virBufferAdjustIndent(buf, 2);
+ virBufferAsprintf(buf, "<keys_supported>%d</keys_supported>\n", mktme->keys_supported);
+ virBufferAdjustIndent(buf, -2);
+ virBufferAddLit(buf, "</mktme>\n");
+ }
+
+ return;
+}
+
char *
virDomainCapsFormat(virDomainCapsPtr const caps)
@@ -636,6 +664,7 @@ virDomainCapsFormat(virDomainCapsPtr const caps)
FORMAT_SINGLE("vmcoreinfo", caps->vmcoreinfo);
FORMAT_SINGLE("genid", caps->genid);
virDomainCapsFeatureSEVFormat(&buf, caps->sev);
+ virDomainCapsFeatureMKTMEFormat(&buf, caps->mktme);
virBufferAdjustIndent(&buf, -2);
virBufferAddLit(&buf, "</features>\n");
diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h
index cd09d50cee..56a73546c0 100644
--- a/src/conf/domain_capabilities.h
+++ b/src/conf/domain_capabilities.h
@@ -150,6 +150,12 @@ struct _virSEVCapability {
unsigned int reduced_phys_bits;
};
+typedef struct _virMKTMECapability virMKTMECapability;
+typedef virMKTMECapability *virMKTMECapabilityPtr;
+struct _virMKTMECapability {
+ unsigned int keys_supported;
+};
+
struct _virDomainCaps {
virObjectLockable parent;
@@ -174,6 +180,7 @@ struct _virDomainCaps {
virTristateBool vmcoreinfo;
virTristateBool genid;
virSEVCapabilityPtr sev;
+ virMKTMECapabilityPtr mktme;
/* add new domain features here */
};
@@ -222,4 +229,9 @@ virSEVCapabilitiesFree(virSEVCapability *capabilities);
VIR_DEFINE_AUTOPTR_FUNC(virSEVCapability, virSEVCapabilitiesFree);
+void
+virMKTMECapabilitiesFree(virMKTMECapability *capabilities);
+
+VIR_DEFINE_AUTOPTR_FUNC(virMKTMECapability, virMKTMECapabilitiesFree);
+
#endif /* LIBVIRT_DOMAIN_CAPABILITIES_H */
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index b4fb6cf981..e563840479 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -1233,6 +1233,7 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity,
VIR_DOMAIN_LAUNCH_SECURITY_LAST,
"",
"sev",
+ "mktme",
);
static virClassPtr virDomainObjClass;
@@ -3281,6 +3282,22 @@ virDomainSEVDefFree(virDomainSEVDefPtr def)
VIR_FREE(def);
}
+static void
+virDomainMKTMEDefFree(virDomainMKTMEDefPtr def)
+{
+ if (!def)
+ return;
+
+ VIR_FREE(def->id);
+ VIR_FREE(def->key_type);
+ VIR_FREE(def->key);
+ VIR_FREE(def->encryption_algorithm);
+
+
+ VIR_FREE(def);
+}
+
+
void virDomainDefFree(virDomainDefPtr def)
{
@@ -3466,6 +3483,7 @@ void virDomainDefFree(virDomainDefPtr def)
(def->ns.free)(def->namespaceData);
virDomainSEVDefFree(def->sev);
+ virDomainMKTMEDefFree(def->mktme);
xmlFreeNode(def->metadata);
@@ -15939,6 +15957,21 @@ virDomainMemoryTargetDefParseXML(xmlNodePtr node,
return ret;
}
+static int
+virDomainGetLaunchSecurityType(xmlNodePtr node)
+{
+ VIR_AUTOFREE(char *) type = NULL;
+
+ if (!(type = virXMLPropString(node, "type"))) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("missing launch security type"));
+ return -1;
+ }
+
+ return virDomainLaunchSecurityTypeFromString(type);
+
+}
+
static virDomainSEVDefPtr
virDomainSEVDefParseXML(xmlNodePtr sevNode,
@@ -15965,6 +15998,7 @@ virDomainSEVDefParseXML(xmlNodePtr sevNode,
case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
break;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
+ case VIR_DOMAIN_LAUNCH_SECURITY_MKTME:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
default:
virReportError(VIR_ERR_XML_ERROR,
@@ -16005,6 +16039,28 @@ virDomainSEVDefParseXML(xmlNodePtr sevNode,
goto cleanup;
}
+static virDomainMKTMEDefPtr
+virDomainMKTMEDefParseXML(xmlNodePtr mktmeNode,
+ xmlXPathContextPtr ctxt)
+{
+ VIR_XPATH_NODE_AUTORESTORE(ctxt);
+ virDomainMKTMEDefPtr def;
+
+ if (VIR_ALLOC(def) < 0)
+ return NULL;
+
+ ctxt->node = mktmeNode;
+
+ def->sectype = VIR_DOMAIN_LAUNCH_SECURITY_MKTME;
+
+ def->id = virXPathString("string(./id)", ctxt);
+ def->key_type = virXPathString("string(./key_type)", ctxt);
+ def->key = virXPathString("string(./key)", ctxt);
+ def->encryption_algorithm = virXPathString("string(./encryption_algorithm)", ctxt);
+
+ return def;
+}
+
static virDomainMemoryDefPtr
virDomainMemoryDefParseXML(virDomainXMLOptionPtr xmlopt,
xmlNodePtr memdevNode,
@@ -21127,11 +21183,33 @@ virDomainDefParseXML(xmlDocPtr xml,
ctxt->node = node;
VIR_FREE(nodes);
- /* Check for SEV feature */
+ /* Check for launch security (MKTME/SEV) feature */
if ((node = virXPathNode("./launchSecurity", ctxt)) != NULL) {
- def->sev = virDomainSEVDefParseXML(node, ctxt);
- if (!def->sev)
- goto error;
+ int sectype = virDomainGetLaunchSecurityType(node);
+
+ if (sectype < 0)
+ goto error;
+
+ switch ((virDomainLaunchSecurity) sectype) {
+ case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
+ def->sev = virDomainSEVDefParseXML(node, ctxt);
+ if (!def->sev)
+ goto error;
+ break;
+ case VIR_DOMAIN_LAUNCH_SECURITY_MKTME:
+ def->mktme = virDomainMKTMEDefParseXML(node, ctxt);
+ if (!def->mktme)
+ goto error;
+ break;
+ case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
+ case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
+ default:
+ virReportError(VIR_ERR_XML_ERROR,
+ _("unsupported launch security type '%s'"),
+ virXMLPropString(node, "type"));
+ goto error;
+ }
+
}
/* analysis of memory devices */
@@ -27263,6 +27341,33 @@ virDomainSEVDefFormat(virBufferPtr buf, virDomainSEVDefPtr sev)
virBufferAddLit(buf, "</launchSecurity>\n");
}
+static void
+virDomainMKTMEDefFormat(virBufferPtr buf, virDomainMKTMEDefPtr mktme)
+{
+ if (!mktme)
+ return;
+
+ virBufferAsprintf(buf, "<launchSecurity type='%s'>\n",
+ virDomainLaunchSecurityTypeToString(mktme->sectype));
+ virBufferAdjustIndent(buf, 2);
+
+ if (mktme->id)
+ virBufferEscapeString(buf, "<id>%s</id>\n", mktme->id);
+
+ if (mktme->key_type)
+ virBufferEscapeString(buf, "<key_type>%s</key_type>\n", mktme->key_type);
+
+ if (mktme->key)
+ virBufferEscapeString(buf, "<key>%s</key>\n", mktme->key);
+
+ if (mktme->encryption_algorithm)
+ virBufferEscapeString(buf, "<encryption_algorithm>%s</encryption_algorithm>\n", mktme->encryption_algorithm);
+
+
+ virBufferAdjustIndent(buf, -2);
+ virBufferAddLit(buf, "</launchSecurity>\n");
+}
+
static void
virDomainPerfDefFormat(virBufferPtr buf, virDomainPerfDefPtr perf)
@@ -28636,6 +28741,7 @@ virDomainDefFormatInternal(virDomainDefPtr def,
virDomainKeyWrapDefFormat(buf, def->keywrap);
virDomainSEVDefFormat(buf, def->sev);
+ virDomainMKTMEDefFormat(buf, def->mktme);
virBufferAdjustIndent(buf, -2);
virBufferAddLit(buf, "</domain>\n");
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 01c22d8cc3..5d08759de9 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2279,6 +2279,7 @@ struct _virDomainKeyWrapDef {
typedef enum {
VIR_DOMAIN_LAUNCH_SECURITY_NONE,
VIR_DOMAIN_LAUNCH_SECURITY_SEV,
+ VIR_DOMAIN_LAUNCH_SECURITY_MKTME,
VIR_DOMAIN_LAUNCH_SECURITY_LAST,
} virDomainLaunchSecurity;
@@ -2332,6 +2333,15 @@ struct _virDomainVirtioOptions {
virTristateSwitch ats;
};
+struct _virDomainMKTMEDef {
+ int sectype; /* enum virDomainLaunchSecurity */
+ char *id;
+ char *key_type;
+ char *key;
+ char *encryption_algorithm;
+ int key_handle;
+};
+
/*
* Guest VM main configuration
*
@@ -2491,6 +2501,9 @@ struct _virDomainDef {
/* SEV-specific domain */
virDomainSEVDefPtr sev;
+ /* MKTME- domain info*/
+ virDomainMKTMEDefPtr mktme;
+
/* Application-specific custom metadata */
xmlNodePtr metadata;
diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h
index 6a8267c422..a71ee462a0 100644
--- a/src/conf/virconftypes.h
+++ b/src/conf/virconftypes.h
@@ -346,4 +346,7 @@ typedef virDomainXMLPrivateDataCallbacks *virDomainXMLPrivateDataCallbacksPtr;
typedef struct _virDomainXenbusControllerOpts virDomainXenbusControllerOpts;
typedef virDomainXenbusControllerOpts *virDomainXenbusControllerOptsPtr;
+typedef struct _virDomainMKTMEDef virDomainMKTMEDef;
+typedef virDomainMKTMEDef *virDomainMKTMEDefPtr;
+
#endif /* LIBVIRT_VIRCONFTYPES_H */
diff --git a/src/driver-hypervisor.h b/src/driver-hypervisor.h
index 5315e33dde..1d26381cb4 100644
--- a/src/driver-hypervisor.h
+++ b/src/driver-hypervisor.h
@@ -1322,6 +1322,12 @@ typedef int
int *nparams,
unsigned int flags);
+typedef int
+(*virDrvNodeGetMKTMEInfo)(virConnectPtr conn,
+ virTypedParameterPtr *params,
+ int *nparams,
+ unsigned int flags);
+
typedef int
(*virDrvDomainGetLaunchSecurityInfo)(virDomainPtr domain,
virTypedParameterPtr *params,
@@ -1579,6 +1585,7 @@ struct _virHypervisorDriver {
virDrvConnectCompareHypervisorCPU connectCompareHypervisorCPU;
virDrvConnectBaselineHypervisorCPU connectBaselineHypervisorCPU;
virDrvNodeGetSEVInfo nodeGetSEVInfo;
+ virDrvNodeGetMKTMEInfo nodeGetMKTMEInfo;
virDrvDomainGetLaunchSecurityInfo domainGetLaunchSecurityInfo;
};
diff --git a/src/libvirt-host.c b/src/libvirt-host.c
index e20d6ee250..6696fb9998 100644
--- a/src/libvirt-host.c
+++ b/src/libvirt-host.c
@@ -1688,3 +1688,51 @@ virNodeGetSEVInfo(virConnectPtr conn,
virDispatchError(conn);
return -1;
}
+
+/*
+ * virNodeGetMKTMEInfo:
+ * @conn: pointer to the hypervisor connection
+ * @params: where to store mktme information
+ * @nparams: pointer to number of MKTME parameters returned in @params
+ * @flags: extra flags; not used yet, so callers should always pass 0
+ *
+ * If hypervisor supports Intel's MKTME feature, then @params will contain various
+ * platform specific information like number of keys supported. Caller is
+ * responsible for freeing @params.
+ *
+ * Returns 0 in case of success, and -1 in case of failure.
+ */
+int
+virNodeGetMKTMEInfo(virConnectPtr conn,
+ virTypedParameterPtr *params,
+ int *nparams,
+ unsigned int flags)
+{
+ VIR_DEBUG("conn=%p, params=%p, nparams=%p, flags=0x%x",
+ conn, params, nparams, flags);
+
+ virResetLastError();
+
+ virCheckConnectReturn(conn, -1);
+ virCheckNonNullArgGoto(nparams, error);
+ virCheckNonNegativeArgGoto(*nparams, error);
+ virCheckReadOnlyGoto(conn->flags, error);
+
+ if (VIR_DRV_SUPPORTS_FEATURE(conn->driver, conn,
+ VIR_DRV_FEATURE_TYPED_PARAM_STRING))
+ flags |= VIR_TYPED_PARAM_STRING_OKAY;
+
+ if (conn->driver->nodeGetMKTMEInfo) {
+ int ret;
+ ret = conn->driver->nodeGetMKTMEInfo(conn, params, nparams, flags);
+ if (ret < 0)
+ goto error;
+ return ret;
+ }
+
+ virReportUnsupportedError();
+
+error:
+ virDispatchError(conn);
+ return -1;
+}
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index a03cf0b645..afa6925715 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -189,6 +189,7 @@ virDomainCapsEnumClear;
virDomainCapsEnumSet;
virDomainCapsFormat;
virDomainCapsNew;
+virMKTMECapabilitiesFree;
virSEVCapabilitiesFree;
@@ -2352,6 +2353,9 @@ virMediatedDeviceSetUsedBy;
virMediatedDeviceTypeFree;
virMediatedDeviceTypeReadAttrs;
+# util/virmktme.h
+virGetMktmeKeyHandle;
+virMktmeIsEnabled;
# util/virmodule.h
virModuleLoad;
@@ -3315,6 +3319,7 @@ virXPathULongHex;
virXPathULongLong;
+
# Let emacs know we want case-insensitive sorting
# Local Variables:
# sort-fold-case: t
diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms
index dbce3336d5..d106f36db2 100644
--- a/src/libvirt_public.syms
+++ b/src/libvirt_public.syms
@@ -819,4 +819,9 @@ LIBVIRT_5.2.0 {
virConnectGetStoragePoolCapabilities;
} LIBVIRT_4.10.0;
+LIBVIRT_5.3.0 {
+ global:
+ virNodeGetMKTMEInfo;
+} LIBVIRT_5.2.0;
+
# .... define new API here using predicted next version number ....
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index a0b2ca73fb..c127d61a1d 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -525,6 +525,7 @@ VIR_ENUM_IMPL(virQEMUCaps,
"virtio-pci-non-transitional",
"overcommit",
"query-current-machine",
+ "mktme-guest"
);
@@ -595,6 +596,8 @@ struct _virQEMUCaps {
virSEVCapability *sevCapabilities;
+ virMKTMECapability *mktmeCapabilities;
+
virQEMUCapsHostCPUData kvmCPU;
virQEMUCapsHostCPUData tcgCPU;
};
@@ -1090,6 +1093,7 @@ struct virQEMUCapsStringFlags virQEMUCapsObjectTypes[] = {
{ "vhost-vsock-device", QEMU_CAPS_DEVICE_VHOST_VSOCK },
{ "mch", QEMU_CAPS_DEVICE_MCH },
{ "sev-guest", QEMU_CAPS_SEV_GUEST },
+ { "mktme-guest", QEMU_CAPS_MKTME_GUEST },
{ "vfio-ap", QEMU_CAPS_DEVICE_VFIO_AP },
{ "zpci", QEMU_CAPS_DEVICE_ZPCI },
{ "memory-backend-memfd", QEMU_CAPS_OBJECT_MEMORY_MEMFD },
@@ -1541,6 +1545,22 @@ virQEMUCapsSEVInfoCopy(virSEVCapabilityPtr *dst,
return 0;
}
+static int
+virQEMUCapsMKTMEInfoCopy(virMKTMECapabilityPtr *dst,
+ virMKTMECapabilityPtr src)
+{
+ VIR_AUTOPTR(virMKTMECapability) tmp = NULL;
+
+ if (VIR_ALLOC(tmp) < 0 )
+ return -1;
+
+ tmp->keys_supported = src->keys_supported;
+
+ VIR_STEAL_PTR(*dst, tmp);
+ return 0;
+}
+
+
virQEMUCapsPtr virQEMUCapsNewCopy(virQEMUCapsPtr qemuCaps)
{
@@ -1612,6 +1632,12 @@ virQEMUCapsPtr virQEMUCapsNewCopy(virQEMUCapsPtr qemuCaps)
qemuCaps->sevCapabilities) < 0)
goto error;
+ if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_MKTME_GUEST) &&
+ virQEMUCapsMKTMEInfoCopy(&ret->mktmeCapabilities,
+ qemuCaps->mktmeCapabilities) < 0)
+ goto error;
+
+
return ret;
error:
@@ -1643,6 +1669,7 @@ void virQEMUCapsDispose(void *obj)
VIR_FREE(qemuCaps->gicCapabilities);
virSEVCapabilitiesFree(qemuCaps->sevCapabilities);
+ virMKTMECapabilitiesFree(qemuCaps->mktmeCapabilities);
virQEMUCapsHostCPUDataClear(&qemuCaps->kvmCPU);
virQEMUCapsHostCPUDataClear(&qemuCaps->tcgCPU);
@@ -2099,6 +2126,12 @@ virQEMUCapsGetSEVCapabilities(virQEMUCapsPtr qemuCaps)
return qemuCaps->sevCapabilities;
}
+virMKTMECapabilityPtr
+virQEMUCapsGetMKTMECapabilities(virQEMUCapsPtr qemuCaps)
+{
+ return qemuCaps->mktmeCapabilities;
+}
+
static int
virQEMUCapsProbeQMPCommands(virQEMUCapsPtr qemuCaps,
@@ -2768,6 +2801,30 @@ virQEMUCapsProbeQMPSEVCapabilities(virQEMUCapsPtr qemuCaps,
return 0;
}
+/* Returns -1 on error, 0 if MKTME is not supported, 1 if MKTME is supported */
+static int
+virQEMUCapsProbeQMPMKTMECapabilities(virQEMUCapsPtr qemuCaps,
+ qemuMonitorPtr mon)
+{
+ int rc = -1;
+ virMKTMECapability *caps = NULL;
+
+ if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_MKTME_GUEST))
+ return 0;
+ if ((rc = qemuMonitorGetMKTMECapabilities(mon, &caps)) < 0)
+ return -1;
+
+ /* MKTME isn't actually supported */
+ if (rc == 0) {
+ virQEMUCapsClear(qemuCaps, QEMU_CAPS_MKTME_GUEST);
+ return 0;
+ }
+
+ virMKTMECapabilitiesFree(qemuCaps->mktmeCapabilities);
+ qemuCaps->mktmeCapabilities = caps;
+ return 0;
+}
+
bool
virQEMUCapsCPUFilterFeatures(const char *name,
@@ -3397,6 +3454,35 @@ virQEMUCapsParseSEVInfo(virQEMUCapsPtr qemuCaps, xmlXPathContextPtr ctxt)
return 0;
}
+static int
+virQEMUCapsParseMKTMEInfo(virQEMUCapsPtr qemuCaps, xmlXPathContextPtr ctxt)
+{
+ VIR_AUTOPTR(virMKTMECapability) mktme = NULL;
+
+ if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_MKTME_GUEST))
+ return 0;
+
+ if (virXPathBoolean("boolean(./mktme)", ctxt) == 0) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("missing MKTME platform data in QEMU "
+ "capabilities cache"));
+ return -1;
+ }
+
+ if (VIR_ALLOC(mktme) < 0)
+ return -1;
+
+ if (virXPathUInt("string(./mktme/keys_supported)", ctxt, &mktme->keys_supported) < 0) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("missing or malformed MKTME keys_supported information "
+ "in QEMU capabilities cache"));
+ return -1;
+ }
+
+ VIR_STEAL_PTR(qemuCaps->mktmeCapabilities, mktme);
+ return 0;
+}
+
/*
* Parsing a doc that looks like
@@ -3650,6 +3736,10 @@ virQEMUCapsLoadCache(virArch hostArch,
if (virQEMUCapsParseSEVInfo(qemuCaps, ctxt) < 0)
goto cleanup;
+ if (virQEMUCapsParseMKTMEInfo(qemuCaps, ctxt) < 0)
+ goto cleanup;
+
+
virQEMUCapsInitHostCPUModel(qemuCaps, hostArch, VIR_DOMAIN_VIRT_KVM);
virQEMUCapsInitHostCPUModel(qemuCaps, hostArch, VIR_DOMAIN_VIRT_QEMU);
@@ -3786,6 +3876,17 @@ virQEMUCapsFormatSEVInfo(virQEMUCapsPtr qemuCaps, virBufferPtr buf)
virBufferAddLit(buf, "</sev>\n");
}
+static void
+virQEMUCapsFormatMKTMEInfo(virQEMUCapsPtr qemuCaps, virBufferPtr buf)
+{
+ virMKTMECapabilityPtr mktme = virQEMUCapsGetMKTMECapabilities(qemuCaps);
+
+ virBufferAddLit(buf, "<mktme>\n");
+ virBufferAdjustIndent(buf, 2);
+ virBufferAsprintf(buf, "<keys_supported>%u</keys_supported>\n", mktme->keys_supported);
+ virBufferAdjustIndent(buf, -2);
+ virBufferAddLit(buf, "</mktme>\n");
+}
char *
virQEMUCapsFormatCache(virQEMUCapsPtr qemuCaps)
@@ -3806,7 +3907,7 @@ virQEMUCapsFormatCache(virQEMUCapsPtr qemuCaps)
for (i = 0; i < QEMU_CAPS_LAST; i++) {
if (virQEMUCapsGet(qemuCaps, i)) {
- virBufferAsprintf(&buf, "<flag name='%s'/>\n",
+ virBufferAsprintf(&buf, "<flag name='%s'/>\n",
virQEMUCapsTypeToString(i));
}
}
@@ -3871,6 +3972,9 @@ virQEMUCapsFormatCache(virQEMUCapsPtr qemuCaps)
if (qemuCaps->sevCapabilities)
virQEMUCapsFormatSEVInfo(qemuCaps, &buf);
+ if (qemuCaps->mktmeCapabilities)
+ virQEMUCapsFormatMKTMEInfo(qemuCaps, &buf);
+
if (qemuCaps->kvmSupportsNesting)
virBufferAddLit(&buf, "<kvmSupportsNesting/>\n");
@@ -4373,6 +4477,8 @@ virQEMUCapsInitQMPMonitor(virQEMUCapsPtr qemuCaps,
return -1;
if (virQEMUCapsProbeQMPSEVCapabilities(qemuCaps, mon) < 0)
return -1;
+ if (virQEMUCapsProbeQMPMKTMECapabilities(qemuCaps, mon) < 0)
+ return -1;
virQEMUCapsInitProcessCaps(qemuCaps);
@@ -5325,6 +5431,25 @@ virQEMUCapsFillDomainFeatureSEVCaps(virQEMUCapsPtr qemuCaps,
return 0;
}
+static int
+virQEMUCapsFillDomainFeatureMKTMECaps(virQEMUCapsPtr qemuCaps,
+ virDomainCapsPtr domCaps)
+{
+ virMKTMECapability *cap = qemuCaps->mktmeCapabilities;
+ VIR_AUTOPTR(virMKTMECapability) mktme = NULL;
+
+ if (!cap)
+ return 0;
+
+ if (VIR_ALLOC(mktme) < 0)
+ return -1;
+
+ mktme->keys_supported = cap->keys_supported;
+ VIR_STEAL_PTR(domCaps->mktme, mktme);
+
+ return 0;
+}
+
int
virQEMUCapsFillDomainCaps(virCapsPtr caps,
@@ -5370,7 +5495,8 @@ virQEMUCapsFillDomainCaps(virCapsPtr caps,
virQEMUCapsFillDomainDeviceVideoCaps(qemuCaps, video) < 0 ||
virQEMUCapsFillDomainDeviceHostdevCaps(qemuCaps, hostdev) < 0 ||
virQEMUCapsFillDomainFeatureGICCaps(qemuCaps, domCaps) < 0 ||
- virQEMUCapsFillDomainFeatureSEVCaps(qemuCaps, domCaps) < 0)
+ virQEMUCapsFillDomainFeatureSEVCaps(qemuCaps, domCaps) < 0 ||
+ virQEMUCapsFillDomainFeatureMKTMECaps(qemuCaps, domCaps) < 0)
return -1;
return 0;
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 67c8e80462..5614479617 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -507,6 +507,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */
QEMU_CAPS_VIRTIO_PCI_TRANSITIONAL, /* virtio *-pci-{non-}transitional devices */
QEMU_CAPS_OVERCOMMIT, /* -overcommit */
QEMU_CAPS_QUERY_CURRENT_MACHINE, /* query-current-machine command */
+ QEMU_CAPS_MKTME_GUEST, /* -object mktme-guest,... */
QEMU_CAPS_LAST /* this must always be the last item */
} virQEMUCapsFlags;
@@ -644,6 +645,9 @@ bool virQEMUCapsCPUFilterFeatures(const char *name,
virSEVCapabilityPtr
virQEMUCapsGetSEVCapabilities(virQEMUCapsPtr qemuCaps);
+virMKTMECapabilityPtr
+virQEMUCapsGetMKTMECapabilities(virQEMUCapsPtr qemuCaps);
+
virArch virQEMUCapsArchFromString(const char *arch);
const char *virQEMUCapsArchToString(virArch arch);
diff --git a/src/qemu/qemu_capspriv.h b/src/qemu/qemu_capspriv.h
index 2d059bee8c..2c44c7a38c 100644
--- a/src/qemu/qemu_capspriv.h
+++ b/src/qemu/qemu_capspriv.h
@@ -95,6 +95,10 @@ void
virQEMUCapsSetSEVCapabilities(virQEMUCapsPtr qemuCaps,
virSEVCapability *capabilities);
+void
+virQEMUCapsSetMKTMECapabilities(virQEMUCapsPtr qemuCaps,
+ virMKTMECapability *capabilities);
+
int
virQEMUCapsProbeQMPCPUDefinitions(virQEMUCapsPtr qemuCaps,
qemuMonitorPtr mon,
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 50b4205267..ad193a5b4c 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -59,6 +59,7 @@
#include "virgic.h"
#include "virmdev.h"
#include "virdomainsnapshotobjlist.h"
+#include "virmktme.h"
#if defined(__linux__)
# include <linux/capability.h>
#endif
@@ -7765,6 +7766,10 @@ qemuBuildMachineCommandLine(virCommandPtr cmd,
if (def->sev)
virBufferAddLit(&buf, ",memory-encryption=sev0");
+ if (def->mktme)
+ virBufferAddLit(&buf, ",memory-encryption=m0");
+
+
virCommandAddArgBuffer(cmd, &buf);
ret = 0;
@@ -10266,6 +10271,37 @@ qemuBuildSEVCommandLine(virDomainObjPtr vm, virCommandPtr cmd,
return ret;
}
+static int
+qemuBuildMKTMECommandLine(virCommandPtr cmd,
+ virDomainMKTMEDefPtr mktme)
+{
+ virBuffer buf = VIR_BUFFER_INITIALIZER;
+ int ret = -1;
+
+ if (!mktme)
+ return 0;
+
+ if ((mktme->key_handle = virGetMktmeKeyHandle(mktme->id, mktme->key_type,
+ mktme->key, mktme->encryption_algorithm)) < 0)
+ {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Failed to get MKTME key handle id %s"), mktme->id);
+ return -1;
+
+ }
+ VIR_DEBUG("id=%s key_type=%s key_handle=0x%x",
+ mktme->id, mktme->key_type, mktme->key_handle);
+
+ virBufferAsprintf(&buf, "mktme-guest,id=m0,handle=%d", mktme->key_handle);
+
+ virCommandAddArg(cmd, "-object");
+ virCommandAddArgBuffer(cmd, &buf);
+ ret = 0;
+ virBufferFreeAndReset(&buf);
+ return ret;
+}
+
+
static int
qemuBuildVMCoreInfoCommandLine(virCommandPtr cmd,
const virDomainDef *def,
@@ -10886,6 +10922,10 @@ qemuBuildCommandLine(virQEMUDriverPtr driver,
if (qemuBuildSEVCommandLine(vm, cmd, def->sev) < 0)
goto error;
+ if (qemuBuildMKTMECommandLine(cmd, def->mktme) < 0)
+ goto error;
+
+
if (snapshot)
virCommandAddArgList(cmd, "-loadvm", snapshot->def->name, NULL);
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index b2ac737d1f..ef62c15a26 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -22266,6 +22266,68 @@ qemuNodeGetSEVInfo(virConnectPtr conn,
}
+static int
+qemuGetMKTMEInfoToParams(virQEMUCapsPtr qemuCaps,
+ virTypedParameterPtr *params,
+ int *nparams,
+ unsigned int flags)
+{
+ int maxpar = 0;
+ int n = 0;
+ virMKTMECapabilityPtr mktme = virQEMUCapsGetMKTMECapabilities(qemuCaps);
+ virTypedParameterPtr mktmeParams = NULL;
+
+ virCheckFlags(VIR_TYPED_PARAM_STRING_OKAY, -1);
+
+ if (virTypedParamsAddUInt(&mktmeParams, &n, &maxpar,
+ VIR_NODE_MKTME_KEYS_SUPPORTED, mktme->keys_supported) < 0)
+ goto cleanup;
+
+ VIR_STEAL_PTR(*params, mktmeParams);
+ *nparams = n;
+ return 0;
+
+cleanup:
+ virTypedParamsFree(mktmeParams, n);
+ return -1;
+}
+
+
+static int
+qemuNodeGetMKTMEInfo(virConnectPtr conn,
+ virTypedParameterPtr *params,
+ int *nparams,
+ unsigned int flags)
+{
+ virQEMUDriverPtr driver = conn->privateData;
+ virQEMUCapsPtr qemucaps = NULL;
+ int ret = -1;
+
+ if (virNodeGetMktmeInfoEnsureACL(conn) < 0)
+ return ret;
+
+ qemucaps = virQEMUCapsCacheLookupByArch(driver->qemuCapsCache,
+ virArchFromHost());
+ if (!qemucaps)
+ goto cleanup;
+
+ if (!virQEMUCapsGet(qemucaps, QEMU_CAPS_MKTME_GUEST)) {
+ virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
+ _("QEMU does not support MKTME guest"));
+ goto cleanup;
+ }
+
+ if (qemuGetMKTMEInfoToParams(qemucaps, params, nparams, flags) < 0)
+ goto cleanup;
+
+ ret = 0;
+
+cleanup:
+ virObjectUnref(qemucaps);
+ return ret;
+}
+
+
static int
qemuDomainGetSEVMeasurement(virQEMUDriverPtr driver,
virDomainObjPtr vm,
@@ -22560,6 +22622,7 @@ static virHypervisorDriver qemuHypervisorDriver = {
.connectBaselineHypervisorCPU = qemuConnectBaselineHypervisorCPU, /* 4.4.0 */
.nodeGetSEVInfo = qemuNodeGetSEVInfo, /* 4.5.0 */
.domainGetLaunchSecurityInfo = qemuDomainGetLaunchSecurityInfo, /* 4.5.0 */
+ .nodeGetMKTMEInfo = qemuNodeGetMKTMEInfo /* 5.3.0 */
};
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index e1fcbac13f..ea06e09f95 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -3921,6 +3921,15 @@ qemuMonitorGetSEVCapabilities(qemuMonitorPtr mon,
return qemuMonitorJSONGetSEVCapabilities(mon, capabilities);
}
+int
+qemuMonitorGetMKTMECapabilities(qemuMonitorPtr mon,
+ virMKTMECapability **capabilities)
+{
+ QEMU_CHECK_MONITOR(mon);
+
+ return qemuMonitorJSONGetMKTMECapabilities(mon, capabilities);
+}
+
int
qemuMonitorNBDServerStart(qemuMonitorPtr mon,
diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
index 9242d37407..2b39e54625 100644
--- a/src/qemu/qemu_monitor.h
+++ b/src/qemu/qemu_monitor.h
@@ -761,6 +761,11 @@ int qemuMonitorGetGICCapabilities(qemuMonitorPtr mon,
int qemuMonitorGetSEVCapabilities(qemuMonitorPtr mon,
virSEVCapability **capabilities);
+
+int qemuMonitorGetMKTMECapabilities(qemuMonitorPtr mon,
+ virMKTMECapability **capabilities);
+
+
typedef enum {
QEMU_MONITOR_MIGRATE_BACKGROUND = 1 << 0,
QEMU_MONITOR_MIGRATE_NON_SHARED_DISK = 1 << 1, /* migration with non-shared storage with full disk copy */
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index 908967f46c..708d483942 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -6654,6 +6654,58 @@ qemuMonitorJSONGetSEVCapabilities(qemuMonitorPtr mon,
return ret;
}
+int
+qemuMonitorJSONGetMKTMECapabilities(qemuMonitorPtr mon,
+ virMKTMECapability **capabilities)
+{
+ int ret = -1;
+ virJSONValuePtr cmd;
+ virJSONValuePtr reply = NULL;
+ virJSONValuePtr caps;
+ unsigned int keys_supported;
+ VIR_AUTOPTR(virMKTMECapability) capability = NULL;
+
+ *capabilities = NULL;
+
+ /* Query may change*/
+ if (!(cmd = qemuMonitorJSONMakeCommand("query-mktme-capabilities",
+ NULL)))
+ return -1;
+
+ if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0)
+ goto cleanup;
+
+ if (qemuMonitorJSONHasError(reply, "GenericError")) {
+ ret = 0;
+ goto cleanup;
+ }
+
+ if (qemuMonitorJSONCheckError(cmd, reply) < 0)
+ goto cleanup;
+
+ caps = virJSONValueObjectGetObject(reply, "return");
+
+ if (virJSONValueObjectGetNumberUint(caps, "keys_supported", &keys_supported) < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("query-mktme-capabilities reply was missing"
+ " 'keys_supported' field"));
+ goto cleanup;
+ }
+
+ if (VIR_ALLOC(capability) < 0)
+ goto cleanup;
+
+ capability->keys_supported = keys_supported;
+ VIR_STEAL_PTR(*capabilities, capability);
+ ret = 1;
+cleanup:
+ virJSONValueFree(cmd);
+ virJSONValueFree(reply);
+
+ return ret;
+}
+
+
static virJSONValuePtr
qemuMonitorJSONBuildInetSocketAddress(const char *host,
const char *port)
diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h
index 746b7072ca..e9316564ba 100644
--- a/src/qemu/qemu_monitor_json.h
+++ b/src/qemu/qemu_monitor_json.h
@@ -158,6 +158,9 @@ int qemuMonitorJSONGetGICCapabilities(qemuMonitorPtr mon,
int qemuMonitorJSONGetSEVCapabilities(qemuMonitorPtr mon,
virSEVCapability **capabilities);
+int qemuMonitorJSONGetMKTMECapabilities(qemuMonitorPtr mon,
+ virMKTMECapability **capabilities);
+
int qemuMonitorJSONMigrate(qemuMonitorPtr mon,
unsigned int flags,
const char *uri);
diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon_dispatch.c
index df28259042..f42686bfa9 100644
--- a/src/remote/remote_daemon_dispatch.c
+++ b/src/remote/remote_daemon_dispatch.c
@@ -5229,6 +5229,49 @@ remoteDispatchNodeGetSevInfo(virNetServerPtr server ATTRIBUTE_UNUSED,
return rv;
}
+static int
+remoteDispatchNodeGetMktmeInfo(virNetServerPtr server ATTRIBUTE_UNUSED,
+ virNetServerClientPtr client ATTRIBUTE_UNUSED,
+ virNetMessagePtr msg ATTRIBUTE_UNUSED,
+ virNetMessageErrorPtr rerr,
+ remote_node_get_mktme_info_args *args,
+ remote_node_get_mktme_info_ret *ret)
+{
+ virTypedParameterPtr params = NULL;
+ int nparams = 0;
+ int rv = -1;
+ struct daemonClientPrivate *priv =
+ virNetServerClientGetPrivateData(client);
+
+ if (!priv->conn) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open"));
+ goto cleanup;
+ }
+
+ if (virNodeGetMKTMEInfo(priv->conn, ¶ms, &nparams, args->flags) < 0)
+ goto cleanup;
+
+ if (nparams > REMOTE_NODE_MKTME_INFO_MAX) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
+ goto cleanup;
+ }
+
+
+ if (virTypedParamsSerialize(params, nparams,
+ (virTypedParameterRemotePtr *)&ret->params.params_val,
+ &ret->params.params_len,
+ args->flags) < 0)
+ goto cleanup;
+
+ rv = 0;
+
+cleanup:
+ if (rv < 0)
+ virNetMessageSaveError(rerr);
+ virTypedParamsFree(params, nparams);
+ return rv;
+}
+
static int
remoteDispatchNodeGetMemoryParameters(virNetServerPtr server ATTRIBUTE_UNUSED,
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 5c4dd41227..507ce0f917 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -6824,6 +6824,43 @@ remoteNodeGetSEVInfo(virConnectPtr conn,
return rv;
}
+static int
+remoteNodeGetMKTMEInfo(virConnectPtr conn,
+ virTypedParameterPtr *params,
+ int *nparams,
+ unsigned int flags)
+{
+ int rv = -1;
+ remote_node_get_mktme_info_args args;
+ remote_node_get_mktme_info_ret ret;
+ struct private_data *priv = conn->privateData;
+
+ remoteDriverLock(priv);
+
+ args.flags = flags;
+
+ memset(&ret, 0, sizeof(ret));
+ if (call(conn, priv, 0, REMOTE_PROC_NODE_GET_MKTME_INFO,
+ (xdrproc_t)xdr_remote_node_get_mktme_info_args, (char *)&args,
+ (xdrproc_t)xdr_remote_node_get_mktme_info_ret, (char *)&ret) == -1)
+ goto done;
+
+ if (virTypedParamsDeserialize((virTypedParameterRemotePtr)ret.params.params_val,
+ ret.params.params_len,
+ REMOTE_NODE_MKTME_INFO_MAX,
+ params,
+ nparams) < 0)
+ goto cleanup;
+
+ rv = 0;
+
+cleanup:
+ xdr_free((xdrproc_t)xdr_remote_node_get_mktme_info_ret, (char *)&ret);
+done:
+ remoteDriverUnlock(priv);
+ return rv;
+}
+
static int
remoteNodeGetCPUMap(virConnectPtr conn,
@@ -8516,7 +8553,8 @@ static virHypervisorDriver hypervisor_driver = {
.connectCompareHypervisorCPU = remoteConnectCompareHypervisorCPU, /* 4.4.0 */
.connectBaselineHypervisorCPU = remoteConnectBaselineHypervisorCPU, /* 4.4.0 */
.nodeGetSEVInfo = remoteNodeGetSEVInfo, /* 4.5.0 */
- .domainGetLaunchSecurityInfo = remoteDomainGetLaunchSecurityInfo /* 4.5.0 */
+ .domainGetLaunchSecurityInfo = remoteDomainGetLaunchSecurityInfo, /* 4.5.0 */
+ .nodeGetMKTMEInfo = remoteNodeGetMKTMEInfo /* 5.3.0 */
};
static virNetworkDriver network_driver = {
diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
index 11f44ee267..b7806f42fa 100644
--- a/src/remote/remote_protocol.x
+++ b/src/remote/remote_protocol.x
@@ -260,6 +260,9 @@ const REMOTE_DOMAIN_IOTHREAD_PARAMS_MAX = 64;
/* Upper limit on number of SEV parameters */
const REMOTE_NODE_SEV_INFO_MAX = 64;
+/* Upper limit on number of MKTME parameters */
+const REMOTE_NODE_MKTME_INFO_MAX = 64;
+
/* Upper limit on number of launch security information entries */
const REMOTE_DOMAIN_LAUNCH_SECURITY_INFO_PARAMS_MAX = 64;
@@ -3573,6 +3576,16 @@ struct remote_connect_get_storage_pool_capabilities_ret {
remote_nonnull_string capabilities;
};
+struct remote_node_get_mktme_info_args {
+ int nparams;
+ unsigned int flags;
+};
+
+struct remote_node_get_mktme_info_ret {
+ remote_typed_param params<REMOTE_NODE_MKTME_INFO_MAX>;
+ int nparams;
+};
+
/*----- Protocol. -----*/
/* Define the program number, protocol version and procedure numbers here. */
@@ -6342,5 +6355,11 @@ enum remote_procedure {
* @generate: both
* @acl: connect:read
*/
- REMOTE_PROC_CONNECT_GET_STORAGE_POOL_CAPABILITIES = 403
+ REMOTE_PROC_CONNECT_GET_STORAGE_POOL_CAPABILITIES = 403,
+
+ /**
+ * @generate: none
+ * @acl: connect:read
+ */
+ REMOTE_PROC_NODE_GET_MKTME_INFO = 404
};
diff --git a/src/remote_protocol-structs b/src/remote_protocol-structs
index 768189c573..0f469d68a1 100644
--- a/src/remote_protocol-structs
+++ b/src/remote_protocol-structs
@@ -2981,6 +2981,17 @@ struct remote_connect_get_storage_pool_capabilities_args {
struct remote_connect_get_storage_pool_capabilities_ret {
remote_nonnull_string capabilities;
};
+struct remote_node_get_mktme_info_args {
+ int nparams;
+ u_int flags;
+};
+struct remote_node_get_mktme_info_ret {
+ struct {
+ u_int params_len;
+ remote_typed_param * params_val;
+ } params;
+ int nparams;
+};
enum remote_procedure {
REMOTE_PROC_CONNECT_OPEN = 1,
REMOTE_PROC_CONNECT_CLOSE = 2,
@@ -3385,4 +3396,5 @@ enum remote_procedure {
REMOTE_PROC_CONNECT_LIST_ALL_NWFILTER_BINDINGS = 401,
REMOTE_PROC_DOMAIN_SET_IOTHREAD_PARAMS = 402,
REMOTE_PROC_CONNECT_GET_STORAGE_POOL_CAPABILITIES = 403,
+ REMOTE_PROC_NODE_GET_MKTME_INFO = 404,
};
diff --git a/src/util/Makefile.inc.am b/src/util/Makefile.inc.am
index c757f5a6ae..ad4aa89873 100644
--- a/src/util/Makefile.inc.am
+++ b/src/util/Makefile.inc.am
@@ -228,6 +228,8 @@ UTIL_SOURCES = \
util/virmdev.h \
util/virfilecache.c \
util/virfilecache.h \
+ util/virmktme.c \
+ util/virmktme.h \
$(NULL)
diff --git a/src/util/virmktme.c b/src/util/virmktme.c
new file mode 100644
index 0000000000..714f4e8a2e
--- /dev/null
+++ b/src/util/virmktme.c
@@ -0,0 +1,112 @@
+/*
+* virmktme.c: interaction with processes
+*
+* Copyright (C) 2010-2015 Red Hat, Inc.
+*
+* This library is free software; you can redistribute it and/or
+* modify it under the terms of the GNU Lesser General Public
+* License as published by the Free Software Foundation; either
+* version 2.1 of the License, or (at your option) any later version.
+*
+* This library is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this library. If not, see
+* <http://www.gnu.org/licenses/>.
+*
+*/
+#ifdef __linux__
+#include <config.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include <asm/unistd.h>
+#include <linux/keyctl.h>
+#endif
+#include "virerror.h"
+#include "virlog.h"
+#include "viraudit.h"
+#include "virfile.h"
+#include "viralloc.h"
+#include "virutil.h"
+#include "virstring.h"
+#include "virmktme.h"
+
+VIR_LOG_INIT("util.mktme");
+// Libvirt thread specific dest keyring
+#define VIR_FROM_THIS VIR_FROM_NONE
+
+/**
+* virGetMktmeKey:
+* @id: mktme id-string
+* @type : mktme key type
+* @key : user key value
+* @encyption_algorithm : encryption algorithm
+*
+* returns mktme key-handle , this handle is used to encrypt the memory
+* return -1 in case of failue
+*/
+
+#ifdef __linux__
+#define GET_MKTME_DEST_RING() \
+{ \
+ destringid = syscall(__NR_request_key,"keyring", \
+ LIBVIRT_MKTME_KEY_RING_NAME, KEY_SPEC_PROCESS_KEYRING); \
+}
+#else
+#define GET_MKTME_DEST_RING()
+#endif
+
+int
+virGetMktmeKeyHandle(const char* id,
+ const char* type,
+ const char* key,
+ const char *algorithm)
+{
+ char *callout = NULL;
+ int destringid = -1;
+
+ int ret = -1;
+
+ if (!id || !type || !algorithm )
+ return -1;
+
+ GET_MKTME_DEST_RING();
+ if(destringid < 0)
+ return -1;
+
+ if (key) {
+ if (virAsprintf(&callout, "type=%s algorithm=%s key=%s",
+ type, algorithm, key) < 0)
+ return -1;
+ }
+ else {
+ if (virAsprintf(&callout, "type=%s algorithm=%s", type, algorithm) < 0)
+ return -1;
+ }
+
+#ifdef __linux__
+ ret = syscall(__NR_request_key,"mktme", id, callout, destringid);
+ VIR_FREE(callout);
+#endif
+ return ret;
+}
+
+/**
+* virMktmeIsEnabled:
+*
+* Returns MKTME initialization status
+*/
+int
+virMktmeIsEnabled(void)
+{
+ int destringid = -1;
+ GET_MKTME_DEST_RING();
+ if(destringid < 0)
+ return 0;
+
+ return 1;
+}
diff --git a/src/util/virmktme.h b/src/util/virmktme.h
new file mode 100644
index 0000000000..d698f6bfe4
--- /dev/null
+++ b/src/util/virmktme.h
@@ -0,0 +1,33 @@
+/*
+* virmktme.h: MKTME kernel calls
+*
+* Copyright (C) 2016 Red Hat, Inc.
+*
+* This library is free software; you can redistribute it and/or
+* modify it under the terms of the GNU Lesser General Public
+* License as published by the Free Software Foundation; either
+* version 2.1 of the License, or (at your option) any later version.
+*
+* This library is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this library. If not, see
+* <http://www.gnu.org/licenses/>.
+*/
+
+
+#ifndef LIBVIRT_VIRMKTME_H
+#define LIBVIRT_VIRMKTME_H
+
+int
+virGetMktmeKeyHandle(const char* id, const char* type,
+ const char* key, const char *algorithm);
+
+int
+virMktmeIsEnabled(void);
+
+#define LIBVIRT_MKTME_KEY_RING_NAME "mktme_key_ring_service"
+#endif
diff --git a/tests/domaincapsschemadata/bhyve_basic.x86_64.xml b/tests/domaincapsschemadata/bhyve_basic.x86_64.xml
index bdf2c4eee8..8db3340b38 100644
--- a/tests/domaincapsschemadata/bhyve_basic.x86_64.xml
+++ b/tests/domaincapsschemadata/bhyve_basic.x86_64.xml
@@ -32,5 +32,6 @@
<vmcoreinfo supported='no'/>
<genid supported='no'/>
<sev supported='no'/>
+ <mktme supported='no'/>
</features>
</domainCapabilities>
diff --git a/tests/domaincapsschemadata/bhyve_fbuf.x86_64.xml b/tests/domaincapsschemadata/bhyve_fbuf.x86_64.xml
index f998c457c1..397c7c7ae2 100644
--- a/tests/domaincapsschemadata/bhyve_fbuf.x86_64.xml
+++ b/tests/domaincapsschemadata/bhyve_fbuf.x86_64.xml
@@ -49,5 +49,6 @@
<vmcoreinfo supported='no'/>
<genid supported='no'/>
<sev supported='no'/>
+ <mktme supported='no'/>
</features>
</domainCapabilities>
diff --git a/tests/domaincapsschemadata/bhyve_uefi.x86_64.xml b/tests/domaincapsschemadata/bhyve_uefi.x86_64.xml
index 18f90023d5..f5c2c67fd8 100644
--- a/tests/domaincapsschemadata/bhyve_uefi.x86_64.xml
+++ b/tests/domaincapsschemadata/bhyve_uefi.x86_64.xml
@@ -41,5 +41,6 @@
<vmcoreinfo supported='no'/>
<genid supported='no'/>
<sev supported='no'/>
+ <mktme supported='no'/>
</features>
</domainCapabilities>
diff --git a/tests/domaincapsschemadata/empty.xml b/tests/domaincapsschemadata/empty.xml
index 6c3f5f54fd..2ebefe8a05 100644
--- a/tests/domaincapsschemadata/empty.xml
+++ b/tests/domaincapsschemadata/empty.xml
@@ -12,5 +12,6 @@
</devices>
<features>
<sev supported='no'/>
+ <mktme supported='no'/>
</features>
</domainCapabilities>
diff --git a/tests/domaincapsschemadata/libxl-xenfv.xml b/tests/domaincapsschemadata/libxl-xenfv.xml
index 4efc137c97..09c04374b9 100644
--- a/tests/domaincapsschemadata/libxl-xenfv.xml
+++ b/tests/domaincapsschemadata/libxl-xenfv.xml
@@ -75,5 +75,6 @@
<vmcoreinfo supported='no'/>
<genid supported='no'/>
<sev supported='no'/>
+ <mktme supported='no'/>
</features>
</domainCapabilities>
diff --git a/tests/domaincapsschemadata/libxl-xenpv.xml b/tests/domaincapsschemadata/libxl-xenpv.xml
index 70e598fe9e..aac2a2cba6 100644
--- a/tests/domaincapsschemadata/libxl-xenpv.xml
+++ b/tests/domaincapsschemadata/libxl-xenpv.xml
@@ -65,5 +65,6 @@
<vmcoreinfo supported='no'/>
<genid supported='no'/>
<sev supported='no'/>
+ <mktme supported='no'/>
</features>
</domainCapabilities>
diff --git a/tests/domaincapsschemadata/qemu_1.7.0.x86_64.xml b/tests/domaincapsschemadata/qemu_1.7.0.x86_64.xml
index 06908cc61e..8e55093e39 100644
--- a/tests/domaincapsschemadata/qemu_1.7.0.x86_64.xml
+++ b/tests/domaincapsschemadata/qemu_1.7.0.x86_64.xml
@@ -122,5 +122,6 @@
<vmcoreinfo supported='no'/>
<genid supported='no'/>
<sev supported='no'/>
+ <mktme supported='no'/>
</features>
</domainCapabilities>
diff --git a/tests/domaincapsschemadata/qemu_2.12.0-virt.aarch64.xml b/tests/domaincapsschemadata/qemu_2.12.0-virt.aarch64.xml
index 5983a60887..ff0d410846 100644
--- a/tests/domaincapsschemadata/qemu_2.12.0-virt.aarch64.xml
+++ b/tests/domaincapsschemadata/qemu_2.12.0-virt.aarch64.xml
@@ -130,5 +130,6 @@
<vmcoreinfo supported='yes'/>
<genid supported='no'/>
<sev supported='no'/>
+ <mktme supported='no'/>
</features>
</domainCapabilities>
diff --git a/tests/domaincapsschemadata/qemu_2.12.0.ppc64.xml b/tests/domaincapsschemadata/qemu_2.12.0.ppc64.xml
index 42c67623f4..158827f607 100644
--- a/tests/domaincapsschemadata/qemu_2.12.0.ppc64.xml
+++ b/tests/domaincapsschemadata/qemu_2.12.0.ppc64.xml
@@ -90,5 +90,6 @@
<vmcoreinfo supported='no'/>
<genid supported='no'/>
<sev supported='no'/>
+ <mktme supported='no'/>
</features>
</domainCapabilities>
diff --git a/tests/domaincapsschemadata/qemu_2.12.0.s390x.xml b/tests/domaincapsschemadata/qemu_2.12.0.s390x.xml
index 4804c13329..71beea4258 100644
--- a/tests/domaincapsschemadata/qemu_2.12.0.s390x.xml
+++ b/tests/domaincapsschemadata/qemu_2.12.0.s390x.xml
@@ -182,5 +182,6 @@
<vmcoreinfo supported='no'/>
<genid supported='no'/>
<sev supported='no'/>
+ <mktme supported='no'/>
</features>
</domainCapabilities>
diff --git a/tests/domaincapsschemadata/qemu_2.12.0.x86_64.xml b/tests/domaincapsschemadata/qemu_2.12.0.x86_64.xml
index f5f54cb484..559bbdda0b 100644
--- a/tests/domaincapsschemadata/qemu_2.12.0.x86_64.xml
+++ b/tests/domaincapsschemadata/qemu_2.12.0.x86_64.xml
@@ -158,5 +158,6 @@
<cbitpos>47</cbitpos>
<reducedPhysBits>1</reducedPhysBits>
</sev>
+ <mktme supported='no'/>
</features>
</domainCapabilities>
diff --git a/tests/domaincapsschemadata/qemu_2.6.0-virt.aarch64.xml b/tests/domaincapsschemadata/qemu_2.6.0-virt.aarch64.xml
index 99ee16e4bb..30f70cd80d 100644
--- a/tests/domaincapsschemadata/qemu_2.6.0-virt.aarch64.xml
+++ b/tests/domaincapsschemadata/qemu_2.6.0-virt.aarch64.xml
@@ -127,5 +127,6 @@
<vmcoreinfo supported='no'/>
<genid supported='no'/>
<sev supported='no'/>
+ <mktme supported='no'/>
</features>
</domainCapabilities>
diff --git a/tests/domaincapsschemadata/qemu_2.6.0.aarch64.xml b/tests/domaincapsschemadata/qemu_2.6.0.aarch64.xml
index 61fdae009a..293dd3d4f5 100644
--- a/tests/domaincapsschemadata/qemu_2.6.0.aarch64.xml
+++ b/tests/domaincapsschemadata/qemu_2.6.0.aarch64.xml
@@ -121,5 +121,6 @@
<vmcoreinfo supported='no'/>
<genid supported='no'/>
<sev supported='no'/>
+ <mktme supported='no'/>
</features>
</domainCapabilities>
diff --git a/tests/domaincapsschemadata/qemu_2.6.0.ppc64.xml b/tests/domaincapsschemadata/qemu_2.6.0.ppc64.xml
index a33960a2af..dedd4ed799 100644
--- a/tests/domaincapsschemadata/qemu_2.6.0.ppc64.xml
+++ b/tests/domaincapsschemadata/qemu_2.6.0.ppc64.xml
@@ -94,5 +94,6 @@
<vmcoreinfo supported='no'/>
<genid supported='no'/>
<sev supported='no'/>
+ <mktme supported='no'/>
</features>
</domainCapabilities>
diff --git a/tests/domaincapsschemadata/qemu_2.6.0.x86_64.xml b/tests/domaincapsschemadata/qemu_2.6.0.x86_64.xml
index 94fe08bc92..a5fc6d46ee 100644
--- a/tests/domaincapsschemadata/qemu_2.6.0.x86_64.xml
+++ b/tests/domaincapsschemadata/qemu_2.6.0.x86_64.xml
@@ -129,5 +129,6 @@
<vmcoreinfo supported='no'/>
<genid supported='no'/>
<sev supported='no'/>
+ <mktme supported='no'/>
</features>
</domainCapabilities>
diff --git a/tests/domaincapsschemadata/qemu_2.7.0.s390x.xml b/tests/domaincapsschemadata/qemu_2.7.0.s390x.xml
index 1057573681..ea51c0aee9 100644
--- a/tests/domaincapsschemadata/qemu_2.7.0.s390x.xml
+++ b/tests/domaincapsschemadata/qemu_2.7.0.s390x.xml
@@ -87,5 +87,6 @@
<vmcoreinfo supported='no'/>
<genid supported='no'/>
<sev supported='no'/>
+ <mktme supported='no'/>
</features>
</domainCapabilities>
diff --git a/tests/domaincapsschemadata/qemu_2.8.0-tcg.x86_64.xml b/tests/domaincapsschemadata/qemu_2.8.0-tcg.x86_64.xml
index 39f3bd6d9f..2505bfe316 100644
--- a/tests/domaincapsschemadata/qemu_2.8.0-tcg.x86_64.xml
+++ b/tests/domaincapsschemadata/qemu_2.8.0-tcg.x86_64.xml
@@ -130,5 +130,6 @@
<vmcoreinfo supported='no'/>
<genid supported='no'/>
<sev supported='no'/>
+ <mktme supported='no'/>
</features>
</domainCapabilities>
diff --git a/tests/domaincapsschemadata/qemu_2.8.0.s390x.xml b/tests/domaincapsschemadata/qemu_2.8.0.s390x.xml
index 9ae9a1a8bc..fa7e0d2fb5 100644
--- a/tests/domaincapsschemadata/qemu_2.8.0.s390x.xml
+++ b/tests/domaincapsschemadata/qemu_2.8.0.s390x.xml
@@ -168,5 +168,6 @@
<vmcoreinfo supported='no'/>
<genid supported='no'/>
<sev supported='no'/>
+ <mktme supported='no'/>
</features>
</domainCapabilities>
diff --git a/tests/domaincapsschemadata/qemu_2.8.0.x86_64.xml b/tests/domaincapsschemadata/qemu_2.8.0.x86_64.xml
index 1770c81fdb..deb8210590 100644
--- a/tests/domaincapsschemadata/qemu_2.8.0.x86_64.xml
+++ b/tests/domaincapsschemadata/qemu_2.8.0.x86_64.xml
@@ -130,5 +130,6 @@
<vmcoreinfo supported='no'/>
<genid supported='no'/>
<sev supported='no'/>
+ <mktme supported='no'/>
</features>
</domainCapabilities>
diff --git a/tests/domaincapsschemadata/qemu_2.9.0-q35.x86_64.xml b/tests/domaincapsschemadata/qemu_2.9.0-q35.x86_64.xml
index e2ec30fda7..89d3038557 100644
--- a/tests/domaincapsschemadata/qemu_2.9.0-q35.x86_64.xml
+++ b/tests/domaincapsschemadata/qemu_2.9.0-q35.x86_64.xml
@@ -139,5 +139,6 @@
<vmcoreinfo supported='no'/>
<genid supported='yes'/>
<sev supported='no'/>
+ <mktme supported='no'/>
</features>
</domainCapabilities>
diff --git a/tests/domaincapsschemadata/qemu_2.9.0-tcg.x86_64.xml b/tests/domaincapsschemadata/qemu_2.9.0-tcg.x86_64.xml
index 65226ee284..9aaa3e41c8 100644
--- a/tests/domaincapsschemadata/qemu_2.9.0-tcg.x86_64.xml
+++ b/tests/domaincapsschemadata/qemu_2.9.0-tcg.x86_64.xml
@@ -162,5 +162,6 @@
<vmcoreinfo supported='no'/>
<genid supported='yes'/>
<sev supported='no'/>
+ <mktme supported='no'/>
</features>
</domainCapabilities>
diff --git a/tests/domaincapsschemadata/qemu_2.9.0.x86_64.xml b/tests/domaincapsschemadata/qemu_2.9.0.x86_64.xml
index 0093877a0b..0f9d1400a1 100644
--- a/tests/domaincapsschemadata/qemu_2.9.0.x86_64.xml
+++ b/tests/domaincapsschemadata/qemu_2.9.0.x86_64.xml
@@ -139,5 +139,6 @@
<vmcoreinfo supported='no'/>
<genid supported='yes'/>
<sev supported='no'/>
+ <mktme supported='no'/>
</features>
</domainCapabilities>
diff --git a/tests/domaincapsschemadata/qemu_3.0.0.s390x.xml b/tests/domaincapsschemadata/qemu_3.0.0.s390x.xml
index c8efefc5ba..af2217f05b 100644
--- a/tests/domaincapsschemadata/qemu_3.0.0.s390x.xml
+++ b/tests/domaincapsschemadata/qemu_3.0.0.s390x.xml
@@ -188,5 +188,6 @@
<vmcoreinfo supported='no'/>
<genid supported='no'/>
<sev supported='no'/>
+ <mktme supported='no'/>
</features>
</domainCapabilities>
diff --git a/tests/domaincapsschemadata/qemu_3.1.0.x86_64.xml b/tests/domaincapsschemadata/qemu_3.1.0.x86_64.xml
index ca3baab88c..e00c816980 100644
--- a/tests/domaincapsschemadata/qemu_3.1.0.x86_64.xml
+++ b/tests/domaincapsschemadata/qemu_3.1.0.x86_64.xml
@@ -157,5 +157,6 @@
<vmcoreinfo supported='yes'/>
<genid supported='yes'/>
<sev supported='no'/>
+ <mktme supported='no'/>
</features>
</domainCapabilities>
diff --git a/tests/domaincapsschemadata/qemu_4.0.0.x86_64.xml b/tests/domaincapsschemadata/qemu_4.0.0.x86_64.xml
index 42d8949e61..53d1663368 100644
--- a/tests/domaincapsschemadata/qemu_4.0.0.x86_64.xml
+++ b/tests/domaincapsschemadata/qemu_4.0.0.x86_64.xml
@@ -157,5 +157,6 @@
<vmcoreinfo supported='yes'/>
<genid supported='yes'/>
<sev supported='no'/>
+ <mktme supported='no'/>
</features>
</domainCapabilities>
diff --git a/tests/domaincapsschemadata/qemu_5.0.0.x86_64.xml b/tests/domaincapsschemadata/qemu_5.0.0.x86_64.xml
new file mode 100644
index 0000000000..3d0c70faab
--- /dev/null
+++ b/tests/domaincapsschemadata/qemu_5.0.0.x86_64.xml
@@ -0,0 +1,164 @@
+<domainCapabilities>
+ <path>/usr/bin/qemu-system-x86_64</path>
+ <domain>kvm</domain>
+ <machine>pc-i440fx-4.0</machine>
+ <arch>x86_64</arch>
+ <vcpu max='255'/>
+ <iothreads supported='yes'/>
+ <os supported='yes'>
+ <enum name='firmware'>
+ <value>bios</value>
+ <value>efi</value>
+ </enum>
+ <loader supported='yes'>
+ <value>/usr/share/AAVMF/AAVMF_CODE.fd</value>
+ <value>/usr/share/AAVMF/AAVMF32_CODE.fd</value>
+ <value>/usr/share/OVMF/OVMF_CODE.fd</value>
+ <enum name='type'>
+ <value>rom</value>
+ <value>pflash</value>
+ </enum>
+ <enum name='readonly'>
+ <value>yes</value>
+ <value>no</value>
+ </enum>
+ <enum name='secure'>
+ <value>no</value>
+ </enum>
+ </loader>
+ </os>
+ <cpu>
+ <mode name='host-passthrough' supported='yes'/>
+ <mode name='host-model' supported='yes'>
+ <model fallback='forbid'>Skylake-Client-IBRS</model>
+ <vendor>Intel</vendor>
+ <feature policy='require' name='ss'/>
+ <feature policy='require' name='hypervisor'/>
+ <feature policy='require' name='tsc_adjust'/>
+ <feature policy='require' name='clflushopt'/>
+ <feature policy='require' name='umip'/>
+ <feature policy='require' name='arch-capabilities'/>
+ <feature policy='require' name='ssbd'/>
+ <feature policy='require' name='xsaves'/>
+ <feature policy='require' name='pdpe1gb'/>
+ <feature policy='require' name='invtsc'/>
+ </mode>
+ <mode name='custom' supported='yes'>
+ <model usable='yes'>qemu64</model>
+ <model usable='yes'>qemu32</model>
+ <model usable='no'>phenom</model>
+ <model usable='yes'>pentium3</model>
+ <model usable='yes'>pentium2</model>
+ <model usable='yes'>pentium</model>
+ <model usable='yes'>n270</model>
+ <model usable='yes'>kvm64</model>
+ <model usable='yes'>kvm32</model>
+ <model usable='yes'>coreduo</model>
+ <model usable='yes'>core2duo</model>
+ <model usable='no'>athlon</model>
+ <model usable='yes'>Westmere-IBRS</model>
+ <model usable='yes'>Westmere</model>
+ <model usable='no'>Skylake-Server-IBRS</model>
+ <model usable='no'>Skylake-Server</model>
+ <model usable='yes'>Skylake-Client-IBRS</model>
+ <model usable='yes'>Skylake-Client</model>
+ <model usable='yes'>SandyBridge-IBRS</model>
+ <model usable='yes'>SandyBridge</model>
+ <model usable='yes'>Penryn</model>
+ <model usable='no'>Opteron_G5</model>
+ <model usable='no'>Opteron_G4</model>
+ <model usable='no'>Opteron_G3</model>
+ <model usable='yes'>Opteron_G2</model>
+ <model usable='yes'>Opteron_G1</model>
+ <model usable='yes'>Nehalem-IBRS</model>
+ <model usable='yes'>Nehalem</model>
+ <model usable='yes'>IvyBridge-IBRS</model>
+ <model usable='yes'>IvyBridge</model>
+ <model usable='no'>Icelake-Server</model>
+ <model usable='no'>Icelake-Client</model>
+ <model usable='yes'>Haswell-noTSX-IBRS</model>
+ <model usable='yes'>Haswell-noTSX</model>
+ <model usable='yes'>Haswell-IBRS</model>
+ <model usable='yes'>Haswell</model>
+ <model usable='no'>EPYC-IBPB</model>
+ <model usable='no'>EPYC</model>
+ <model usable='yes'>Conroe</model>
+ <model usable='no'>Cascadelake-Server</model>
+ <model usable='yes'>Broadwell-noTSX-IBRS</model>
+ <model usable='yes'>Broadwell-noTSX</model>
+ <model usable='yes'>Broadwell-IBRS</model>
+ <model usable='yes'>Broadwell</model>
+ <model usable='yes'>486</model>
+ </mode>
+ </cpu>
+ <devices>
+ <disk supported='yes'>
+ <enum name='diskDevice'>
+ <value>disk</value>
+ <value>cdrom</value>
+ <value>floppy</value>
+ <value>lun</value>
+ </enum>
+ <enum name='bus'>
+ <value>ide</value>
+ <value>fdc</value>
+ <value>scsi</value>
+ <value>virtio</value>
+ <value>usb</value>
+ <value>sata</value>
+ </enum>
+ <enum name='model'>
+ <value>virtio</value>
+ <value>virtio-transitional</value>
+ <value>virtio-non-transitional</value>
+ </enum>
+ </disk>
+ <graphics supported='yes'>
+ <enum name='type'>
+ <value>sdl</value>
+ <value>vnc</value>
+ <value>spice</value>
+ </enum>
+ </graphics>
+ <video supported='yes'>
+ <enum name='modelType'>
+ <value>vga</value>
+ <value>cirrus</value>
+ <value>vmvga</value>
+ <value>qxl</value>
+ <value>virtio</value>
+ </enum>
+ </video>
+ <hostdev supported='yes'>
+ <enum name='mode'>
+ <value>subsystem</value>
+ </enum>
+ <enum name='startupPolicy'>
+ <value>default</value>
+ <value>mandatory</value>
+ <value>requisite</value>
+ <value>optional</value>
+ </enum>
+ <enum name='subsysType'>
+ <value>usb</value>
+ <value>pci</value>
+ <value>scsi</value>
+ </enum>
+ <enum name='capsType'/>
+ <enum name='pciBackend'>
+ <value>default</value>
+ <value>kvm</value>
+ <value>vfio</value>
+ </enum>
+ </hostdev>
+ </devices>
+ <features>
+ <gic supported='no'/>
+ <vmcoreinfo supported='yes'/>
+ <genid supported='yes'/>
+ <sev supported='no'/>
+ <mktme supported='yes'>
+ <keys_supported>15</keys_supported>
+ </mktme>
+ </features>
+</domainCapabilities>
diff --git a/tests/domaincapstest.c b/tests/domaincapstest.c
index f87a1d63fb..dc6eb9ba07 100644
--- a/tests/domaincapstest.c
+++ b/tests/domaincapstest.c
@@ -449,6 +449,10 @@ mymain(void)
DO_TEST_QEMU("4.0.0", "caps_4.0.0",
"/usr/bin/qemu-system-x86_64", NULL,
"x86_64", VIR_DOMAIN_VIRT_KVM);
+
+ DO_TEST_QEMU("5.0.0", "caps_5.0.0",
+ "/usr/bin/qemu-system-x86_64", NULL,
+ "x86_64", VIR_DOMAIN_VIRT_KVM);
virObjectUnref(cfg);
virFileWrapperClearPrefixes();
diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml
new file mode 100644
index 0000000000..4bd9209147
--- /dev/null
+++ b/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml
@@ -0,0 +1,1389 @@
+<qemuCaps>
+ <qemuctime>0</qemuctime>
+ <selfctime>0</selfctime>
+ <selfvers>0</selfvers>
+ <flag name='kvm'/>
+ <flag name='no-hpet'/>
+ <flag name='spice'/>
+ <flag name='hda-duplex'/>
+ <flag name='ccid-emulated'/>
+ <flag name='ccid-passthru'/>
+ <flag name='virtio-tx-alg'/>
+ <flag name='virtio-blk-pci.ioeventfd'/>
+ <flag name='sga'/>
+ <flag name='virtio-blk-pci.event_idx'/>
+ <flag name='virtio-net-pci.event_idx'/>
+ <flag name='piix3-usb-uhci'/>
+ <flag name='piix4-usb-uhci'/>
+ <flag name='usb-ehci'/>
+ <flag name='ich9-usb-ehci1'/>
+ <flag name='vt82c686b-usb-uhci'/>
+ <flag name='pci-ohci'/>
+ <flag name='usb-redir'/>
+ <flag name='usb-hub'/>
+ <flag name='ich9-ahci'/>
+ <flag name='no-acpi'/>
+ <flag name='virtio-blk-pci.scsi'/>
+ <flag name='scsi-disk.channel'/>
+ <flag name='scsi-block'/>
+ <flag name='hda-micro'/>
+ <flag name='dump-guest-memory'/>
+ <flag name='nec-usb-xhci'/>
+ <flag name='lsi'/>
+ <flag name='virtio-scsi-pci'/>
+ <flag name='blockio'/>
+ <flag name='disable-s3'/>
+ <flag name='disable-s4'/>
+ <flag name='usb-redir.filter'/>
+ <flag name='ide-drive.wwn'/>
+ <flag name='scsi-disk.wwn'/>
+ <flag name='seccomp-sandbox'/>
+ <flag name='reboot-timeout'/>
+ <flag name='vnc'/>
+ <flag name='qxl'/>
+ <flag name='VGA'/>
+ <flag name='cirrus-vga'/>
+ <flag name='vmware-svga'/>
+ <flag name='device-video-primary'/>
+ <flag name='usb-serial'/>
+ <flag name='nbd-server'/>
+ <flag name='virtio-rng'/>
+ <flag name='rng-random'/>
+ <flag name='rng-egd'/>
+ <flag name='megasas'/>
+ <flag name='tpm-passthrough'/>
+ <flag name='tpm-tis'/>
+ <flag name='pci-bridge'/>
+ <flag name='vfio-pci'/>
+ <flag name='mem-merge'/>
+ <flag name='drive-discard'/>
+ <flag name='dmi-to-pci-bridge'/>
+ <flag name='i440fx-pci-hole64-size'/>
+ <flag name='q35-pci-hole64-size'/>
+ <flag name='usb-storage'/>
+ <flag name='usb-storage.removable'/>
+ <flag name='ich9-intel-hda'/>
+ <flag name='kvm-pit-lost-tick-policy'/>
+ <flag name='boot-strict'/>
+ <flag name='pvpanic'/>
+ <flag name='spice-file-xfer-disable'/>
+ <flag name='usb-kbd'/>
+ <flag name='msg-timestamp'/>
+ <flag name='active-commit'/>
+ <flag name='change-backing-file'/>
+ <flag name='memory-backend-ram'/>
+ <flag name='numa'/>
+ <flag name='memory-backend-file'/>
+ <flag name='usb-audio'/>
+ <flag name='rtc-reset-reinjection'/>
+ <flag name='splash-timeout'/>
+ <flag name='iothread'/>
+ <flag name='migrate-rdma'/>
+ <flag name='drive-iotune-max'/>
+ <flag name='VGA.vgamem_mb'/>
+ <flag name='vmware-svga.vgamem_mb'/>
+ <flag name='qxl.vgamem_mb'/>
+ <flag name='pc-dimm'/>
+ <flag name='machine-vmport-opt'/>
+ <flag name='aes-key-wrap'/>
+ <flag name='dea-key-wrap'/>
+ <flag name='pci-serial'/>
+ <flag name='vhost-user-multiqueue'/>
+ <flag name='migration-event'/>
+ <flag name='ioh3420'/>
+ <flag name='x3130-upstream'/>
+ <flag name='xio3130-downstream'/>
+ <flag name='rtl8139'/>
+ <flag name='e1000'/>
+ <flag name='virtio-net'/>
+ <flag name='gic-version'/>
+ <flag name='incoming-defer'/>
+ <flag name='virtio-gpu'/>
+ <flag name='virtio-gpu.virgl'/>
+ <flag name='virtio-keyboard'/>
+ <flag name='virtio-mouse'/>
+ <flag name='virtio-tablet'/>
+ <flag name='virtio-input-host'/>
+ <flag name='chardev-file-append'/>
+ <flag name='ich9-disable-s3'/>
+ <flag name='ich9-disable-s4'/>
+ <flag name='vserport-change-event'/>
+ <flag name='virtio-balloon-pci.deflate-on-oom'/>
+ <flag name='mptsas1068'/>
+ <flag name='spice-gl'/>
+ <flag name='qxl.vram64_size_mb'/>
+ <flag name='chardev-logfile'/>
+ <flag name='debug-threads'/>
+ <flag name='secret'/>
+ <flag name='pxb'/>
+ <flag name='pxb-pcie'/>
+ <flag name='nec-usb-xhci-ports'/>
+ <flag name='virtio-scsi-pci.iothread'/>
+ <flag name='name-guest'/>
+ <flag name='qxl.max_outputs'/>
+ <flag name='spice-unix'/>
+ <flag name='drive-detect-zeroes'/>
+ <flag name='tls-creds-x509'/>
+ <flag name='intel-iommu'/>
+ <flag name='smm'/>
+ <flag name='virtio-pci-disable-legacy'/>
+ <flag name='query-hotpluggable-cpus'/>
+ <flag name='virtio-net.rx_queue_size'/>
+ <flag name='virtio-vga'/>
+ <flag name='drive-iotune-max-length'/>
+ <flag name='ivshmem-plain'/>
+ <flag name='ivshmem-doorbell'/>
+ <flag name='query-qmp-schema'/>
+ <flag name='gluster.debug_level'/>
+ <flag name='vhost-scsi'/>
+ <flag name='drive-iotune-group'/>
+ <flag name='query-cpu-model-expansion'/>
+ <flag name='virtio-net.host_mtu'/>
+ <flag name='spice-rendernode'/>
+ <flag name='nvdimm'/>
+ <flag name='pcie-root-port'/>
+ <flag name='query-cpu-definitions'/>
+ <flag name='block-write-threshold'/>
+ <flag name='query-named-block-nodes'/>
+ <flag name='cpu-cache'/>
+ <flag name='qemu-xhci'/>
+ <flag name='kernel-irqchip'/>
+ <flag name='kernel-irqchip.split'/>
+ <flag name='intel-iommu.intremap'/>
+ <flag name='intel-iommu.caching-mode'/>
+ <flag name='intel-iommu.eim'/>
+ <flag name='intel-iommu.device-iotlb'/>
+ <flag name='virtio.iommu_platform'/>
+ <flag name='virtio.ats'/>
+ <flag name='loadparm'/>
+ <flag name='vnc-multi-servers'/>
+ <flag name='virtio-net.tx_queue_size'/>
+ <flag name='chardev-reconnect'/>
+ <flag name='virtio-gpu.max_outputs'/>
+ <flag name='vxhs'/>
+ <flag name='virtio-blk.num-queues'/>
+ <flag name='vmcoreinfo'/>
+ <flag name='numa.dist'/>
+ <flag name='disk-share-rw'/>
+ <flag name='iscsi.password-secret'/>
+ <flag name='isa-serial'/>
+ <flag name='dump-completed'/>
+ <flag name='qcow2-luks'/>
+ <flag name='pcie-pci-bridge'/>
+ <flag name='seccomp-blacklist'/>
+ <flag name='query-cpus-fast'/>
+ <flag name='disk-write-cache'/>
+ <flag name='nbd-tls'/>
+ <flag name='tpm-crb'/>
+ <flag name='pr-manager-helper'/>
+ <flag name='qom-list-properties'/>
+ <flag name='memory-backend-file.discard-data'/>
+ <flag name='sdl-gl'/>
+ <flag name='screendump_device'/>
+ <flag name='hda-output'/>
+ <flag name='blockdev-del'/>
+ <flag name='vmgenid'/>
+ <flag name='vhost-vsock'/>
+ <flag name='chardev-fd-pass'/>
+ <flag name='tpm-emulator'/>
+ <flag name='mch'/>
+ <flag name='mch.extended-tseg-mbytes'/>
+ <flag name='usb-storage.werror'/>
+ <flag name='egl-headless'/>
+ <flag name='vfio-pci.display'/>
+ <flag name='memory-backend-memfd'/>
+ <flag name='memory-backend-memfd.hugetlb'/>
+ <flag name='iothread.poll-max-ns'/>
+ <flag name='egl-headless.rendernode'/>
+ <flag name='memory-backend-file.align'/>
+ <flag name='memory-backend-file.pmem'/>
+ <flag name='nvdimm.unarmed'/>
+ <flag name='scsi-disk.device_id'/>
+ <flag name='virtio-pci-non-transitional'/>
+ <flag name='overcommit'/>
+ <flag name='mktme-guest'/>
+ <version>3001050</version>
+ <kvmVersion>0</kvmVersion>
+ <microcodeVersion>43100758</microcodeVersion>
+ <package>v3.1.0-1445-ga61faa3d02</package>
+ <arch>x86_64</arch>
+ <hostCPU type='kvm' model='base' migratability='yes'>
+ <property name='phys-bits' type='number' value='0'/>
+ <property name='core-id' type='number' value='-1'/>
+ <property name='xlevel' type='number' value='2147483656'/>
+ <property name='cmov' type='boolean' value='true' migratable='yes'/>
+ <property name='ia64' type='boolean' value='false'/>
+ <property name='ssb-no' type='boolean' value='false'/>
+ <property name='aes' type='boolean' value='true' migratable='yes'/>
+ <property name='mmx' type='boolean' value='true' migratable='yes'/>
+ <property name='rdpid' type='boolean' value='false'/>
+ <property name='arat' type='boolean' value='true' migratable='yes'/>
+ <property name='gfni' type='boolean' value='false'/>
+ <property name='ibrs-all' type='boolean' value='false'/>
+ <property name='pause-filter' type='boolean' value='false'/>
+ <property name='xsavec' type='boolean' value='true' migratable='yes'/>
+ <property name='intel-pt' type='boolean' value='false'/>
+ <property name='hv-frequencies' type='boolean' value='false'/>
+ <property name='tsc-frequency' type='number' value='0'/>
+ <property name='xd' type='boolean' value='true' migratable='yes'/>
+ <property name='hv-vendor-id' type='string' value=''/>
+ <property name='kvm-asyncpf' type='boolean' value='true' migratable='yes'/>
+ <property name='kvm_asyncpf' type='boolean' value='true' migratable='yes'/>
+ <property name='perfctr_core' type='boolean' value='false'/>
+ <property name='perfctr-core' type='boolean' value='false'/>
+ <property name='mpx' type='boolean' value='true' migratable='yes'/>
+ <property name='pbe' type='boolean' value='false'/>
+ <property name='decodeassists' type='boolean' value='false'/>
+ <property name='avx512cd' type='boolean' value='false'/>
+ <property name='sse4_1' type='boolean' value='true' migratable='yes'/>
+ <property name='sse4.1' type='boolean' value='true' migratable='yes'/>
+ <property name='sse4-1' type='boolean' value='true' migratable='yes'/>
+ <property name='family' type='number' value='6'/>
+ <property name='legacy-cache' type='boolean' value='true' migratable='yes'/>
+ <property name='host-phys-bits-limit' type='number' value='0'/>
+ <property name='vmware-cpuid-freq' type='boolean' value='true' migratable='yes'/>
+ <property name='wbnoinvd' type='boolean' value='false'/>
+ <property name='avx512f' type='boolean' value='false'/>
+ <property name='msr' type='boolean' value='true' migratable='yes'/>
+ <property name='mce' type='boolean' value='true' migratable='yes'/>
+ <property name='mca' type='boolean' value='true' migratable='yes'/>
+ <property name='hv-runtime' type='boolean' value='false'/>
+ <property name='xcrypt' type='boolean' value='false'/>
+ <property name='thread-id' type='number' value='-1'/>
+ <property name='min-level' type='number' value='13'/>
+ <property name='xgetbv1' type='boolean' value='true' migratable='yes'/>
+ <property name='cid' type='boolean' value='false'/>
+ <property name='hv-relaxed' type='boolean' value='false'/>
+ <property name='hv-crash' type='boolean' value='false'/>
+ <property name='ds' type='boolean' value='false'/>
+ <property name='fxsr' type='boolean' value='true' migratable='yes'/>
+ <property name='xsaveopt' type='boolean' value='true' migratable='yes'/>
+ <property name='xtpr' type='boolean' value='false'/>
+ <property name='hv-evmcs' type='boolean' value='false'/>
+ <property name='avx512vl' type='boolean' value='false'/>
+ <property name='avx512-vpopcntdq' type='boolean' value='false'/>
+ <property name='phe' type='boolean' value='false'/>
+ <property name='extapic' type='boolean' value='false'/>
+ <property name='3dnowprefetch' type='boolean' value='true' migratable='yes'/>
+ <property name='avx512vbmi2' type='boolean' value='false'/>
+ <property name='cr8legacy' type='boolean' value='false'/>
+ <property name='stibp' type='boolean' value='false'/>
+ <property name='cpuid-0xb' type='boolean' value='true' migratable='yes'/>
+ <property name='xcrypt-en' type='boolean' value='false'/>
+ <property name='kvm_pv_eoi' type='boolean' value='true' migratable='yes'/>
+ <property name='apic-id' type='number' value='4294967295'/>
+ <property name='rsba' type='boolean' value='false'/>
+ <property name='pn' type='boolean' value='false'/>
+ <property name='dca' type='boolean' value='false'/>
+ <property name='vendor' type='string' value='GenuineIntel'/>
+ <property name='hv-ipi' type='boolean' value='false'/>
+ <property name='pku' type='boolean' value='false'/>
+ <property name='smx' type='boolean' value='false'/>
+ <property name='cmp_legacy' type='boolean' value='false'/>
+ <property name='cmp-legacy' type='boolean' value='false'/>
+ <property name='node-id' type='number' value='-1'/>
+ <property name='avx512-4fmaps' type='boolean' value='false'/>
+ <property name='vmcb_clean' type='boolean' value='false'/>
+ <property name='vmcb-clean' type='boolean' value='false'/>
+ <property name='3dnowext' type='boolean' value='false'/>
+ <property name='amd-no-ssb' type='boolean' value='false'/>
+ <property name='hle' type='boolean' value='true' migratable='yes'/>
+ <property name='npt' type='boolean' value='false'/>
+ <property name='rdctl-no' type='boolean' value='false'/>
+ <property name='memory' type='string' value='/machine/unattached/system[0]'/>
+ <property name='clwb' type='boolean' value='false'/>
+ <property name='lbrv' type='boolean' value='false'/>
+ <property name='adx' type='boolean' value='true' migratable='yes'/>
+ <property name='ss' type='boolean' value='true' migratable='yes'/>
+ <property name='pni' type='boolean' value='true' migratable='yes'/>
+ <property name='svm_lock' type='boolean' value='false'/>
+ <property name='svm-lock' type='boolean' value='false'/>
+ <property name='pfthreshold' type='boolean' value='false'/>
+ <property name='smep' type='boolean' value='true' migratable='yes'/>
+ <property name='smap' type='boolean' value='true' migratable='yes'/>
+ <property name='x2apic' type='boolean' value='true' migratable='yes'/>
+ <property name='avx512vbmi' type='boolean' value='false'/>
+ <property name='avx512vnni' type='boolean' value='false'/>
+ <property name='hv-stimer' type='boolean' value='false'/>
+ <property name='x-hv-synic-kvm-only' type='boolean' value='false'/>
+ <property name='i64' type='boolean' value='true' migratable='yes'/>
+ <property name='flushbyasid' type='boolean' value='false'/>
+ <property name='f16c' type='boolean' value='true' migratable='yes'/>
+ <property name='ace2-en' type='boolean' value='false'/>
+ <property name='pat' type='boolean' value='true' migratable='yes'/>
+ <property name='pae' type='boolean' value='true' migratable='yes'/>
+ <property name='sse' type='boolean' value='true' migratable='yes'/>
+ <property name='phe-en' type='boolean' value='false'/>
+ <property name='kvm_nopiodelay' type='boolean' value='true' migratable='yes'/>
+ <property name='kvm-nopiodelay' type='boolean' value='true' migratable='yes'/>
+ <property name='tm' type='boolean' value='false'/>
+ <property name='kvmclock-stable-bit' type='boolean' value='true' migratable='yes'/>
+ <property name='hypervisor' type='boolean' value='true' migratable='yes'/>
+ <property name='socket-id' type='number' value='-1'/>
+ <property name='pcommit' type='boolean' value='false'/>
+ <property name='syscall' type='boolean' value='true' migratable='yes'/>
+ <property name='level' type='number' value='13'/>
+ <property name='avx512dq' type='boolean' value='false'/>
+ <property name='x-migrate-smi-count' type='boolean' value='true' migratable='yes'/>
+ <property name='svm' type='boolean' value='false'/>
+ <property name='full-cpuid-auto-level' type='boolean' value='true' migratable='yes'/>
+ <property name='hv-reset' type='boolean' value='false'/>
+ <property name='invtsc' type='boolean' value='true' migratable='no'/>
+ <property name='sse3' type='boolean' value='true' migratable='yes'/>
+ <property name='sse2' type='boolean' value='true' migratable='yes'/>
+ <property name='ssbd' type='boolean' value='true' migratable='yes'/>
+ <property name='est' type='boolean' value='false'/>
+ <property name='avx512ifma' type='boolean' value='false'/>
+ <property name='tm2' type='boolean' value='false'/>
+ <property name='kvm-pv-ipi' type='boolean' value='true' migratable='yes'/>
+ <property name='kvm-pv-eoi' type='boolean' value='true' migratable='yes'/>
+ <property name='cx8' type='boolean' value='true' migratable='yes'/>
+ <property name='cldemote' type='boolean' value='false'/>
+ <property name='hv-reenlightenment' type='boolean' value='false'/>
+ <property name='kvm_mmu' type='boolean' value='false'/>
+ <property name='kvm-mmu' type='boolean' value='false'/>
+ <property name='sse4_2' type='boolean' value='true' migratable='yes'/>
+ <property name='sse4.2' type='boolean' value='true' migratable='yes'/>
+ <property name='sse4-2' type='boolean' value='true' migratable='yes'/>
+ <property name='pge' type='boolean' value='true' migratable='yes'/>
+ <property name='fill-mtrr-mask' type='boolean' value='true' migratable='yes'/>
+ <property name='avx512bitalg' type='boolean' value='false'/>
+ <property name='nodeid_msr' type='boolean' value='false'/>
+ <property name='pdcm' type='boolean' value='false'/>
+ <property name='movbe' type='boolean' value='true' migratable='yes'/>
+ <property name='model' type='number' value='94'/>
+ <property name='nrip_save' type='boolean' value='false'/>
+ <property name='nrip-save' type='boolean' value='false'/>
+ <property name='kvm_pv_unhalt' type='boolean' value='true' migratable='yes'/>
+ <property name='ssse3' type='boolean' value='true' migratable='yes'/>
+ <property name='sse4a' type='boolean' value='false'/>
+ <property name='invpcid' type='boolean' value='true' migratable='yes'/>
+ <property name='pdpe1gb' type='boolean' value='true' migratable='yes'/>
+ <property name='tsc-deadline' type='boolean' value='true' migratable='yes'/>
+ <property name='skip-l1dfl-vmentry' type='boolean' value='true' migratable='yes'/>
+ <property name='fma' type='boolean' value='true' migratable='yes'/>
+ <property name='cx16' type='boolean' value='true' migratable='yes'/>
+ <property name='de' type='boolean' value='true' migratable='yes'/>
+ <property name='pconfig' type='boolean' value='false'/>
+ <property name='enforce' type='boolean' value='false'/>
+ <property name='stepping' type='number' value='3'/>
+ <property name='xsave' type='boolean' value='true' migratable='yes'/>
+ <property name='clflush' type='boolean' value='true' migratable='yes'/>
+ <property name='skinit' type='boolean' value='false'/>
+ <property name='tsc' type='boolean' value='true' migratable='yes'/>
+ <property name='tce' type='boolean' value='false'/>
+ <property name='fpu' type='boolean' value='true' migratable='yes'/>
+ <property name='ibs' type='boolean' value='false'/>
+ <property name='ds_cpl' type='boolean' value='false'/>
+ <property name='ds-cpl' type='boolean' value='false'/>
+ <property name='host-phys-bits' type='boolean' value='false'/>
+ <property name='fma4' type='boolean' value='false'/>
+ <property name='la57' type='boolean' value='false'/>
+ <property name='osvw' type='boolean' value='false'/>
+ <property name='check' type='boolean' value='true' migratable='yes'/>
+ <property name='hv-spinlocks' type='number' value='-1'/>
+ <property name='pmu' type='boolean' value='false'/>
+ <property name='pmm' type='boolean' value='false'/>
+ <property name='apic' type='boolean' value='true' migratable='yes'/>
+ <property name='spec-ctrl' type='boolean' value='true' migratable='yes'/>
+ <property name='min-xlevel2' type='number' value='0'/>
+ <property name='tsc-adjust' type='boolean' value='true' migratable='yes'/>
+ <property name='tsc_adjust' type='boolean' value='true' migratable='yes'/>
+ <property name='kvm-steal-time' type='boolean' value='true' migratable='yes'/>
+ <property name='kvm_steal_time' type='boolean' value='true' migratable='yes'/>
+ <property name='kvmclock' type='boolean' value='true' migratable='yes'/>
+ <property name='l3-cache' type='boolean' value='true' migratable='yes'/>
+ <property name='lwp' type='boolean' value='false'/>
+ <property name='amd-ssbd' type='boolean' value='false'/>
+ <property name='ibpb' type='boolean' value='false'/>
+ <property name='xop' type='boolean' value='false'/>
+ <property name='avx' type='boolean' value='true' migratable='yes'/>
+ <property name='movdiri' type='boolean' value='false'/>
+ <property name='ace2' type='boolean' value='false'/>
+ <property name='avx512bw' type='boolean' value='false'/>
+ <property name='acpi' type='boolean' value='false'/>
+ <property name='hv-vapic' type='boolean' value='false'/>
+ <property name='fsgsbase' type='boolean' value='true' migratable='yes'/>
+ <property name='ht' type='boolean' value='false'/>
+ <property name='nx' type='boolean' value='true' migratable='yes'/>
+ <property name='pclmulqdq' type='boolean' value='true' migratable='yes'/>
+ <property name='mmxext' type='boolean' value='false'/>
+ <property name='vaes' type='boolean' value='false'/>
+ <property name='popcnt' type='boolean' value='true' migratable='yes'/>
+ <property name='xsaves' type='boolean' value='true' migratable='yes'/>
+ <property name='movdir64b' type='boolean' value='false'/>
+ <property name='tcg-cpuid' type='boolean' value='true' migratable='yes'/>
+ <property name='lm' type='boolean' value='true' migratable='yes'/>
+ <property name='umip' type='boolean' value='true' migratable='yes'/>
+ <property name='pse' type='boolean' value='true' migratable='yes'/>
+ <property name='avx2' type='boolean' value='true' migratable='yes'/>
+ <property name='sep' type='boolean' value='true' migratable='yes'/>
+ <property name='pclmuldq' type='boolean' value='true' migratable='yes'/>
+ <property name='virt-ssbd' type='boolean' value='false'/>
+ <property name='x-hv-max-vps' type='number' value='-1'/>
+ <property name='nodeid-msr' type='boolean' value='false'/>
+ <property name='kvm' type='boolean' value='true' migratable='yes'/>
+ <property name='misalignsse' type='boolean' value='false'/>
+ <property name='min-xlevel' type='number' value='2147483656'/>
+ <property name='kvm-pv-unhalt' type='boolean' value='true' migratable='yes'/>
+ <property name='bmi2' type='boolean' value='true' migratable='yes'/>
+ <property name='bmi1' type='boolean' value='true' migratable='yes'/>
+ <property name='realized' type='boolean' value='false'/>
+ <property name='tsc_scale' type='boolean' value='false'/>
+ <property name='tsc-scale' type='boolean' value='false'/>
+ <property name='topoext' type='boolean' value='false'/>
+ <property name='hv-vpindex' type='boolean' value='false'/>
+ <property name='xlevel2' type='number' value='0'/>
+ <property name='clflushopt' type='boolean' value='true' migratable='yes'/>
+ <property name='kvm-no-smi-migration' type='boolean' value='false'/>
+ <property name='monitor' type='boolean' value='false'/>
+ <property name='avx512er' type='boolean' value='false'/>
+ <property name='pmm-en' type='boolean' value='false'/>
+ <property name='pcid' type='boolean' value='true' migratable='yes'/>
+ <property name='arch-capabilities' type='boolean' value='true' migratable='no'/>
+ <property name='3dnow' type='boolean' value='false'/>
+ <property name='erms' type='boolean' value='true' migratable='yes'/>
+ <property name='lahf-lm' type='boolean' value='true' migratable='yes'/>
+ <property name='lahf_lm' type='boolean' value='true' migratable='yes'/>
+ <property name='vpclmulqdq' type='boolean' value='false'/>
+ <property name='fxsr-opt' type='boolean' value='false'/>
+ <property name='hv-synic' type='boolean' value='false'/>
+ <property name='xstore' type='boolean' value='false'/>
+ <property name='fxsr_opt' type='boolean' value='false'/>
+ <property name='kvm-hint-dedicated' type='boolean' value='false'/>
+ <property name='rtm' type='boolean' value='true' migratable='yes'/>
+ <property name='lmce' type='boolean' value='true' migratable='yes'/>
+ <property name='hv-time' type='boolean' value='false'/>
+ <property name='perfctr-nb' type='boolean' value='false'/>
+ <property name='perfctr_nb' type='boolean' value='false'/>
+ <property name='ffxsr' type='boolean' value='false'/>
+ <property name='hv-tlbflush' type='boolean' value='false'/>
+ <property name='rdrand' type='boolean' value='true' migratable='yes'/>
+ <property name='rdseed' type='boolean' value='true' migratable='yes'/>
+ <property name='avx512-4vnniw' type='boolean' value='false'/>
+ <property name='vmx' type='boolean' value='false'/>
+ <property name='vme' type='boolean' value='true' migratable='yes'/>
+ <property name='dtes64' type='boolean' value='false'/>
+ <property name='mtrr' type='boolean' value='true' migratable='yes'/>
+ <property name='rdtscp' type='boolean' value='true' migratable='yes'/>
+ <property name='pse36' type='boolean' value='true' migratable='yes'/>
+ <property name='kvm-pv-tlb-flush' type='boolean' value='true' migratable='yes'/>
+ <property name='tbm' type='boolean' value='false'/>
+ <property name='wdt' type='boolean' value='false'/>
+ <property name='pause_filter' type='boolean' value='false'/>
+ <property name='sha-ni' type='boolean' value='false'/>
+ <property name='model-id' type='string' value='Intel(R) Xeon(R) CPU E3-1245 v5 @ 3.50GHz'/>
+ <property name='abm' type='boolean' value='true' migratable='yes'/>
+ <property name='avx512pf' type='boolean' value='false'/>
+ <property name='xstore-en' type='boolean' value='false'/>
+ </hostCPU>
+ <hostCPU type='tcg' model='base' migratability='yes'>
+ <property name='phys-bits' type='number' value='0'/>
+ <property name='core-id' type='number' value='-1'/>
+ <property name='xlevel' type='number' value='2147483658'/>
+ <property name='cmov' type='boolean' value='true' migratable='yes'/>
+ <property name='ia64' type='boolean' value='false'/>
+ <property name='ssb-no' type='boolean' value='false'/>
+ <property name='aes' type='boolean' value='true' migratable='yes'/>
+ <property name='mmx' type='boolean' value='true' migratable='yes'/>
+ <property name='rdpid' type='boolean' value='false'/>
+ <property name='arat' type='boolean' value='true' migratable='yes'/>
+ <property name='gfni' type='boolean' value='false'/>
+ <property name='ibrs-all' type='boolean' value='false'/>
+ <property name='pause-filter' type='boolean' value='false'/>
+ <property name='xsavec' type='boolean' value='false'/>
+ <property name='intel-pt' type='boolean' value='false'/>
+ <property name='hv-frequencies' type='boolean' value='false'/>
+ <property name='tsc-frequency' type='number' value='0'/>
+ <property name='xd' type='boolean' value='true' migratable='yes'/>
+ <property name='hv-vendor-id' type='string' value=''/>
+ <property name='kvm-asyncpf' type='boolean' value='false'/>
+ <property name='kvm_asyncpf' type='boolean' value='false'/>
+ <property name='perfctr_core' type='boolean' value='false'/>
+ <property name='perfctr-core' type='boolean' value='false'/>
+ <property name='mpx' type='boolean' value='true' migratable='yes'/>
+ <property name='pbe' type='boolean' value='false'/>
+ <property name='decodeassists' type='boolean' value='false'/>
+ <property name='avx512cd' type='boolean' value='false'/>
+ <property name='sse4_1' type='boolean' value='true' migratable='yes'/>
+ <property name='sse4.1' type='boolean' value='true' migratable='yes'/>
+ <property name='sse4-1' type='boolean' value='true' migratable='yes'/>
+ <property name='family' type='number' value='6'/>
+ <property name='legacy-cache' type='boolean' value='true' migratable='yes'/>
+ <property name='host-phys-bits-limit' type='number' value='0'/>
+ <property name='vmware-cpuid-freq' type='boolean' value='true' migratable='yes'/>
+ <property name='wbnoinvd' type='boolean' value='false'/>
+ <property name='avx512f' type='boolean' value='false'/>
+ <property name='msr' type='boolean' value='true' migratable='yes'/>
+ <property name='mce' type='boolean' value='true' migratable='yes'/>
+ <property name='mca' type='boolean' value='true' migratable='yes'/>
+ <property name='hv-runtime' type='boolean' value='false'/>
+ <property name='xcrypt' type='boolean' value='false'/>
+ <property name='thread-id' type='number' value='-1'/>
+ <property name='min-level' type='number' value='13'/>
+ <property name='xgetbv1' type='boolean' value='true' migratable='yes'/>
+ <property name='cid' type='boolean' value='false'/>
+ <property name='hv-relaxed' type='boolean' value='false'/>
+ <property name='hv-crash' type='boolean' value='false'/>
+ <property name='ds' type='boolean' value='false'/>
+ <property name='fxsr' type='boolean' value='true' migratable='yes'/>
+ <property name='xsaveopt' type='boolean' value='true' migratable='yes'/>
+ <property name='xtpr' type='boolean' value='false'/>
+ <property name='hv-evmcs' type='boolean' value='false'/>
+ <property name='avx512vl' type='boolean' value='false'/>
+ <property name='avx512-vpopcntdq' type='boolean' value='false'/>
+ <property name='phe' type='boolean' value='false'/>
+ <property name='extapic' type='boolean' value='false'/>
+ <property name='3dnowprefetch' type='boolean' value='false'/>
+ <property name='avx512vbmi2' type='boolean' value='false'/>
+ <property name='cr8legacy' type='boolean' value='true' migratable='yes'/>
+ <property name='stibp' type='boolean' value='false'/>
+ <property name='cpuid-0xb' type='boolean' value='true' migratable='yes'/>
+ <property name='xcrypt-en' type='boolean' value='false'/>
+ <property name='kvm_pv_eoi' type='boolean' value='false'/>
+ <property name='apic-id' type='number' value='4294967295'/>
+ <property name='rsba' type='boolean' value='false'/>
+ <property name='pn' type='boolean' value='false'/>
+ <property name='dca' type='boolean' value='false'/>
+ <property name='vendor' type='string' value='AuthenticAMD'/>
+ <property name='hv-ipi' type='boolean' value='false'/>
+ <property name='pku' type='boolean' value='true' migratable='yes'/>
+ <property name='smx' type='boolean' value='false'/>
+ <property name='cmp_legacy' type='boolean' value='false'/>
+ <property name='cmp-legacy' type='boolean' value='false'/>
+ <property name='node-id' type='number' value='-1'/>
+ <property name='avx512-4fmaps' type='boolean' value='false'/>
+ <property name='vmcb_clean' type='boolean' value='false'/>
+ <property name='vmcb-clean' type='boolean' value='false'/>
+ <property name='3dnowext' type='boolean' value='true' migratable='yes'/>
+ <property name='amd-no-ssb' type='boolean' value='false'/>
+ <property name='hle' type='boolean' value='false'/>
+ <property name='npt' type='boolean' value='true' migratable='yes'/>
+ <property name='rdctl-no' type='boolean' value='false'/>
+ <property name='memory' type='string' value='/machine/unattached/system[0]'/>
+ <property name='clwb' type='boolean' value='true' migratable='yes'/>
+ <property name='lbrv' type='boolean' value='false'/>
+ <property name='adx' type='boolean' value='true' migratable='yes'/>
+ <property name='ss' type='boolean' value='true' migratable='yes'/>
+ <property name='pni' type='boolean' value='true' migratable='yes'/>
+ <property name='svm_lock' type='boolean' value='false'/>
+ <property name='svm-lock' type='boolean' value='false'/>
+ <property name='pfthreshold' type='boolean' value='false'/>
+ <property name='smep' type='boolean' value='true' migratable='yes'/>
+ <property name='smap' type='boolean' value='true' migratable='yes'/>
+ <property name='x2apic' type='boolean' value='false'/>
+ <property name='avx512vbmi' type='boolean' value='false'/>
+ <property name='avx512vnni' type='boolean' value='false'/>
+ <property name='hv-stimer' type='boolean' value='false'/>
+ <property name='x-hv-synic-kvm-only' type='boolean' value='false'/>
+ <property name='i64' type='boolean' value='true' migratable='yes'/>
+ <property name='flushbyasid' type='boolean' value='false'/>
+ <property name='f16c' type='boolean' value='false'/>
+ <property name='ace2-en' type='boolean' value='false'/>
+ <property name='pat' type='boolean' value='true' migratable='yes'/>
+ <property name='pae' type='boolean' value='true' migratable='yes'/>
+ <property name='sse' type='boolean' value='true' migratable='yes'/>
+ <property name='phe-en' type='boolean' value='false'/>
+ <property name='kvm_nopiodelay' type='boolean' value='false'/>
+ <property name='kvm-nopiodelay' type='boolean' value='false'/>
+ <property name='tm' type='boolean' value='false'/>
+ <property name='kvmclock-stable-bit' type='boolean' value='false'/>
+ <property name='hypervisor' type='boolean' value='true' migratable='yes'/>
+ <property name='socket-id' type='number' value='-1'/>
+ <property name='pcommit' type='boolean' value='true' migratable='yes'/>
+ <property name='syscall' type='boolean' value='true' migratable='yes'/>
+ <property name='level' type='number' value='13'/>
+ <property name='avx512dq' type='boolean' value='false'/>
+ <property name='x-migrate-smi-count' type='boolean' value='true' migratable='yes'/>
+ <property name='svm' type='boolean' value='true' migratable='yes'/>
+ <property name='full-cpuid-auto-level' type='boolean' value='true' migratable='yes'/>
+ <property name='hv-reset' type='boolean' value='false'/>
+ <property name='invtsc' type='boolean' value='false'/>
+ <property name='sse3' type='boolean' value='true' migratable='yes'/>
+ <property name='sse2' type='boolean' value='true' migratable='yes'/>
+ <property name='ssbd' type='boolean' value='false'/>
+ <property name='est' type='boolean' value='false'/>
+ <property name='avx512ifma' type='boolean' value='false'/>
+ <property name='tm2' type='boolean' value='false'/>
+ <property name='kvm-pv-ipi' type='boolean' value='false'/>
+ <property name='kvm-pv-eoi' type='boolean' value='false'/>
+ <property name='cx8' type='boolean' value='true' migratable='yes'/>
+ <property name='cldemote' type='boolean' value='false'/>
+ <property name='hv-reenlightenment' type='boolean' value='false'/>
+ <property name='kvm_mmu' type='boolean' value='false'/>
+ <property name='kvm-mmu' type='boolean' value='false'/>
+ <property name='sse4_2' type='boolean' value='true' migratable='yes'/>
+ <property name='sse4.2' type='boolean' value='true' migratable='yes'/>
+ <property name='sse4-2' type='boolean' value='true' migratable='yes'/>
+ <property name='pge' type='boolean' value='true' migratable='yes'/>
+ <property name='fill-mtrr-mask' type='boolean' value='true' migratable='yes'/>
+ <property name='avx512bitalg' type='boolean' value='false'/>
+ <property name='nodeid_msr' type='boolean' value='false'/>
+ <property name='pdcm' type='boolean' value='false'/>
+ <property name='movbe' type='boolean' value='true' migratable='yes'/>
+ <property name='model' type='number' value='6'/>
+ <property name='nrip_save' type='boolean' value='false'/>
+ <property name='nrip-save' type='boolean' value='false'/>
+ <property name='kvm_pv_unhalt' type='boolean' value='false'/>
+ <property name='ssse3' type='boolean' value='true' migratable='yes'/>
+ <property name='sse4a' type='boolean' value='true' migratable='yes'/>
+ <property name='invpcid' type='boolean' value='false'/>
+ <property name='pdpe1gb' type='boolean' value='true' migratable='yes'/>
+ <property name='tsc-deadline' type='boolean' value='false'/>
+ <property name='skip-l1dfl-vmentry' type='boolean' value='false'/>
+ <property name='fma' type='boolean' value='false'/>
+ <property name='cx16' type='boolean' value='true' migratable='yes'/>
+ <property name='de' type='boolean' value='true' migratable='yes'/>
+ <property name='pconfig' type='boolean' value='false'/>
+ <property name='enforce' type='boolean' value='false'/>
+ <property name='stepping' type='number' value='3'/>
+ <property name='xsave' type='boolean' value='true' migratable='yes'/>
+ <property name='clflush' type='boolean' value='true' migratable='yes'/>
+ <property name='skinit' type='boolean' value='false'/>
+ <property name='tsc' type='boolean' value='true' migratable='yes'/>
+ <property name='tce' type='boolean' value='false'/>
+ <property name='fpu' type='boolean' value='true' migratable='yes'/>
+ <property name='ibs' type='boolean' value='false'/>
+ <property name='ds_cpl' type='boolean' value='false'/>
+ <property name='ds-cpl' type='boolean' value='false'/>
+ <property name='host-phys-bits' type='boolean' value='false'/>
+ <property name='fma4' type='boolean' value='false'/>
+ <property name='la57' type='boolean' value='true' migratable='yes'/>
+ <property name='osvw' type='boolean' value='false'/>
+ <property name='check' type='boolean' value='true' migratable='yes'/>
+ <property name='hv-spinlocks' type='number' value='-1'/>
+ <property name='pmu' type='boolean' value='false'/>
+ <property name='pmm' type='boolean' value='false'/>
+ <property name='apic' type='boolean' value='true' migratable='yes'/>
+ <property name='spec-ctrl' type='boolean' value='false'/>
+ <property name='min-xlevel2' type='number' value='0'/>
+ <property name='tsc-adjust' type='boolean' value='false'/>
+ <property name='tsc_adjust' type='boolean' value='false'/>
+ <property name='kvm-steal-time' type='boolean' value='false'/>
+ <property name='kvm_steal_time' type='boolean' value='false'/>
+ <property name='kvmclock' type='boolean' value='false'/>
+ <property name='l3-cache' type='boolean' value='true' migratable='yes'/>
+ <property name='lwp' type='boolean' value='false'/>
+ <property name='amd-ssbd' type='boolean' value='false'/>
+ <property name='ibpb' type='boolean' value='false'/>
+ <property name='xop' type='boolean' value='false'/>
+ <property name='avx' type='boolean' value='false'/>
+ <property name='movdiri' type='boolean' value='false'/>
+ <property name='ace2' type='boolean' value='false'/>
+ <property name='avx512bw' type='boolean' value='false'/>
+ <property name='acpi' type='boolean' value='true' migratable='yes'/>
+ <property name='hv-vapic' type='boolean' value='false'/>
+ <property name='fsgsbase' type='boolean' value='true' migratable='yes'/>
+ <property name='ht' type='boolean' value='false'/>
+ <property name='nx' type='boolean' value='true' migratable='yes'/>
+ <property name='pclmulqdq' type='boolean' value='true' migratable='yes'/>
+ <property name='mmxext' type='boolean' value='true' migratable='yes'/>
+ <property name='vaes' type='boolean' value='false'/>
+ <property name='popcnt' type='boolean' value='true' migratable='yes'/>
+ <property name='xsaves' type='boolean' value='false'/>
+ <property name='movdir64b' type='boolean' value='false'/>
+ <property name='tcg-cpuid' type='boolean' value='true' migratable='yes'/>
+ <property name='lm' type='boolean' value='true' migratable='yes'/>
+ <property name='umip' type='boolean' value='false'/>
+ <property name='pse' type='boolean' value='true' migratable='yes'/>
+ <property name='avx2' type='boolean' value='false'/>
+ <property name='sep' type='boolean' value='true' migratable='yes'/>
+ <property name='pclmuldq' type='boolean' value='true' migratable='yes'/>
+ <property name='virt-ssbd' type='boolean' value='false'/>
+ <property name='x-hv-max-vps' type='number' value='-1'/>
+ <property name='nodeid-msr' type='boolean' value='false'/>
+ <property name='kvm' type='boolean' value='true' migratable='yes'/>
+ <property name='misalignsse' type='boolean' value='false'/>
+ <property name='min-xlevel' type='number' value='2147483658'/>
+ <property name='kvm-pv-unhalt' type='boolean' value='false'/>
+ <property name='bmi2' type='boolean' value='true' migratable='yes'/>
+ <property name='bmi1' type='boolean' value='true' migratable='yes'/>
+ <property name='realized' type='boolean' value='false'/>
+ <property name='tsc_scale' type='boolean' value='false'/>
+ <property name='tsc-scale' type='boolean' value='false'/>
+ <property name='topoext' type='boolean' value='false'/>
+ <property name='hv-vpindex' type='boolean' value='false'/>
+ <property name='xlevel2' type='number' value='0'/>
+ <property name='clflushopt' type='boolean' value='true' migratable='yes'/>
+ <property name='kvm-no-smi-migration' type='boolean' value='false'/>
+ <property name='monitor' type='boolean' value='true' migratable='yes'/>
+ <property name='avx512er' type='boolean' value='false'/>
+ <property name='pmm-en' type='boolean' value='false'/>
+ <property name='pcid' type='boolean' value='false'/>
+ <property name='arch-capabilities' type='boolean' value='false'/>
+ <property name='3dnow' type='boolean' value='true' migratable='yes'/>
+ <property name='erms' type='boolean' value='true' migratable='yes'/>
+ <property name='lahf-lm' type='boolean' value='true' migratable='yes'/>
+ <property name='lahf_lm' type='boolean' value='true' migratable='yes'/>
+ <property name='vpclmulqdq' type='boolean' value='false'/>
+ <property name='fxsr-opt' type='boolean' value='false'/>
+ <property name='hv-synic' type='boolean' value='false'/>
+ <property name='xstore' type='boolean' value='false'/>
+ <property name='fxsr_opt' type='boolean' value='false'/>
+ <property name='kvm-hint-dedicated' type='boolean' value='false'/>
+ <property name='rtm' type='boolean' value='false'/>
+ <property name='lmce' type='boolean' value='false'/>
+ <property name='hv-time' type='boolean' value='false'/>
+ <property name='perfctr-nb' type='boolean' value='false'/>
+ <property name='perfctr_nb' type='boolean' value='false'/>
+ <property name='ffxsr' type='boolean' value='false'/>
+ <property name='hv-tlbflush' type='boolean' value='false'/>
+ <property name='rdrand' type='boolean' value='false'/>
+ <property name='rdseed' type='boolean' value='false'/>
+ <property name='avx512-4vnniw' type='boolean' value='false'/>
+ <property name='vmx' type='boolean' value='false'/>
+ <property name='vme' type='boolean' value='false'/>
+ <property name='dtes64' type='boolean' value='false'/>
+ <property name='mtrr' type='boolean' value='true' migratable='yes'/>
+ <property name='rdtscp' type='boolean' value='true' migratable='yes'/>
+ <property name='pse36' type='boolean' value='true' migratable='yes'/>
+ <property name='kvm-pv-tlb-flush' type='boolean' value='false'/>
+ <property name='tbm' type='boolean' value='false'/>
+ <property name='wdt' type='boolean' value='false'/>
+ <property name='pause_filter' type='boolean' value='false'/>
+ <property name='sha-ni' type='boolean' value='false'/>
+ <property name='model-id' type='string' value='QEMU TCG CPU version 2.5+'/>
+ <property name='abm' type='boolean' value='true' migratable='yes'/>
+ <property name='avx512pf' type='boolean' value='false'/>
+ <property name='xstore-en' type='boolean' value='false'/>
+ </hostCPU>
+ <cpu type='kvm' name='max' usable='yes'/>
+ <cpu type='kvm' name='host' usable='yes'/>
+ <cpu type='kvm' name='base' usable='yes'/>
+ <cpu type='kvm' name='qemu64' usable='yes'/>
+ <cpu type='kvm' name='qemu32' usable='yes'/>
+ <cpu type='kvm' name='phenom' usable='no'>
+ <blocker name='mmxext'/>
+ <blocker name='fxsr-opt'/>
+ <blocker name='3dnowext'/>
+ <blocker name='3dnow'/>
+ <blocker name='sse4a'/>
+ <blocker name='npt'/>
+ </cpu>
+ <cpu type='kvm' name='pentium3' usable='yes'/>
+ <cpu type='kvm' name='pentium2' usable='yes'/>
+ <cpu type='kvm' name='pentium' usable='yes'/>
+ <cpu type='kvm' name='n270' usable='yes'/>
+ <cpu type='kvm' name='kvm64' usable='yes'/>
+ <cpu type='kvm' name='kvm32' usable='yes'/>
+ <cpu type='kvm' name='coreduo' usable='yes'/>
+ <cpu type='kvm' name='core2duo' usable='yes'/>
+ <cpu type='kvm' name='athlon' usable='no'>
+ <blocker name='mmxext'/>
+ <blocker name='3dnowext'/>
+ <blocker name='3dnow'/>
+ </cpu>
+ <cpu type='kvm' name='Westmere-IBRS' usable='yes'/>
+ <cpu type='kvm' name='Westmere' usable='yes'/>
+ <cpu type='kvm' name='Skylake-Server-IBRS' usable='no'>
+ <blocker name='avx512f'/>
+ <blocker name='avx512dq'/>
+ <blocker name='clwb'/>
+ <blocker name='avx512cd'/>
+ <blocker name='avx512bw'/>
+ <blocker name='avx512vl'/>
+ <blocker name='pku'/>
+ <blocker name='avx512f'/>
+ <blocker name='avx512f'/>
+ <blocker name='avx512f'/>
+ <blocker name='pku'/>
+ </cpu>
+ <cpu type='kvm' name='Skylake-Server' usable='no'>
+ <blocker name='avx512f'/>
+ <blocker name='avx512dq'/>
+ <blocker name='clwb'/>
+ <blocker name='avx512cd'/>
+ <blocker name='avx512bw'/>
+ <blocker name='avx512vl'/>
+ <blocker name='pku'/>
+ <blocker name='avx512f'/>
+ <blocker name='avx512f'/>
+ <blocker name='avx512f'/>
+ <blocker name='pku'/>
+ </cpu>
+ <cpu type='kvm' name='Skylake-Client-IBRS' usable='yes'/>
+ <cpu type='kvm' name='Skylake-Client' usable='yes'/>
+ <cpu type='kvm' name='SandyBridge-IBRS' usable='yes'/>
+ <cpu type='kvm' name='SandyBridge' usable='yes'/>
+ <cpu type='kvm' name='Penryn' usable='yes'/>
+ <cpu type='kvm' name='Opteron_G5' usable='no'>
+ <blocker name='sse4a'/>
+ <blocker name='misalignsse'/>
+ <blocker name='xop'/>
+ <blocker name='fma4'/>
+ <blocker name='tbm'/>
+ <blocker name='npt'/>
+ <blocker name='nrip-save'/>
+ </cpu>
+ <cpu type='kvm' name='Opteron_G4' usable='no'>
+ <blocker name='sse4a'/>
+ <blocker name='misalignsse'/>
+ <blocker name='xop'/>
+ <blocker name='fma4'/>
+ <blocker name='npt'/>
+ <blocker name='nrip-save'/>
+ </cpu>
+ <cpu type='kvm' name='Opteron_G3' usable='no'>
+ <blocker name='sse4a'/>
+ <blocker name='misalignsse'/>
+ </cpu>
+ <cpu type='kvm' name='Opteron_G2' usable='yes'/>
+ <cpu type='kvm' name='Opteron_G1' usable='yes'/>
+ <cpu type='kvm' name='Nehalem-IBRS' usable='yes'/>
+ <cpu type='kvm' name='Nehalem' usable='yes'/>
+ <cpu type='kvm' name='KnightsMill' usable='no'>
+ <blocker name='avx512f'/>
+ <blocker name='avx512pf'/>
+ <blocker name='avx512er'/>
+ <blocker name='avx512cd'/>
+ <blocker name='avx512-vpopcntdq'/>
+ <blocker name='avx512-4vnniw'/>
+ <blocker name='avx512-4fmaps'/>
+ <blocker name='avx512f'/>
+ <blocker name='avx512f'/>
+ <blocker name='avx512f'/>
+ </cpu>
+ <cpu type='kvm' name='IvyBridge-IBRS' usable='yes'/>
+ <cpu type='kvm' name='IvyBridge' usable='yes'/>
+ <cpu type='kvm' name='Icelake-Server' usable='no'>
+ <blocker name='avx512f'/>
+ <blocker name='avx512dq'/>
+ <blocker name='clwb'/>
+ <blocker name='intel-pt'/>
+ <blocker name='avx512cd'/>
+ <blocker name='avx512bw'/>
+ <blocker name='avx512vl'/>
+ <blocker name='avx512vbmi'/>
+ <blocker name='pku'/>
+ <blocker name=''/>
+ <blocker name='avx512vbmi2'/>
+ <blocker name='gfni'/>
+ <blocker name='vaes'/>
+ <blocker name='vpclmulqdq'/>
+ <blocker name='avx512vnni'/>
+ <blocker name='avx512bitalg'/>
+ <blocker name='avx512-vpopcntdq'/>
+ <blocker name='la57'/>
+ <blocker name='pconfig'/>
+ <blocker name='wbnoinvd'/>
+ <blocker name='avx512f'/>
+ <blocker name='avx512f'/>
+ <blocker name='avx512f'/>
+ <blocker name='pku'/>
+ </cpu>
+ <cpu type='kvm' name='Icelake-Client' usable='no'>
+ <blocker name='intel-pt'/>
+ <blocker name='avx512vbmi'/>
+ <blocker name='pku'/>
+ <blocker name=''/>
+ <blocker name='avx512vbmi2'/>
+ <blocker name='gfni'/>
+ <blocker name='vaes'/>
+ <blocker name='vpclmulqdq'/>
+ <blocker name='avx512vnni'/>
+ <blocker name='avx512bitalg'/>
+ <blocker name='avx512-vpopcntdq'/>
+ <blocker name='wbnoinvd'/>
+ <blocker name='pku'/>
+ </cpu>
+ <cpu type='kvm' name='Haswell-noTSX-IBRS' usable='yes'/>
+ <cpu type='kvm' name='Haswell-noTSX' usable='yes'/>
+ <cpu type='kvm' name='Haswell-IBRS' usable='yes'/>
+ <cpu type='kvm' name='Haswell' usable='yes'/>
+ <cpu type='kvm' name='EPYC-IBPB' usable='no'>
+ <blocker name='sha-ni'/>
+ <blocker name='mmxext'/>
+ <blocker name='fxsr-opt'/>
+ <blocker name='cr8legacy'/>
+ <blocker name='sse4a'/>
+ <blocker name='misalignsse'/>
+ <blocker name='osvw'/>
+ <blocker name='ibpb'/>
+ <blocker name='npt'/>
+ <blocker name='nrip-save'/>
+ </cpu>
+ <cpu type='kvm' name='EPYC' usable='no'>
+ <blocker name='sha-ni'/>
+ <blocker name='mmxext'/>
+ <blocker name='fxsr-opt'/>
+ <blocker name='cr8legacy'/>
+ <blocker name='sse4a'/>
+ <blocker name='misalignsse'/>
+ <blocker name='osvw'/>
+ <blocker name='npt'/>
+ <blocker name='nrip-save'/>
+ </cpu>
+ <cpu type='kvm' name='Conroe' usable='yes'/>
+ <cpu type='kvm' name='Cascadelake-Server' usable='no'>
+ <blocker name='avx512f'/>
+ <blocker name='avx512dq'/>
+ <blocker name='clwb'/>
+ <blocker name='intel-pt'/>
+ <blocker name='avx512cd'/>
+ <blocker name='avx512bw'/>
+ <blocker name='avx512vl'/>
+ <blocker name='pku'/>
+ <blocker name=''/>
+ <blocker name='avx512vnni'/>
+ <blocker name='avx512f'/>
+ <blocker name='avx512f'/>
+ <blocker name='avx512f'/>
+ <blocker name='pku'/>
+ </cpu>
+ <cpu type='kvm' name='Broadwell-noTSX-IBRS' usable='yes'/>
+ <cpu type='kvm' name='Broadwell-noTSX' usable='yes'/>
+ <cpu type='kvm' name='Broadwell-IBRS' usable='yes'/>
+ <cpu type='kvm' name='Broadwell' usable='yes'/>
+ <cpu type='kvm' name='486' usable='yes'/>
+ <cpu type='tcg' name='max' usable='yes'/>
+ <cpu type='tcg' name='host' usable='no'>
+ <blocker name='kvm'/>
+ </cpu>
+ <cpu type='tcg' name='base' usable='yes'/>
+ <cpu type='tcg' name='qemu64' usable='yes'/>
+ <cpu type='tcg' name='qemu32' usable='yes'/>
+ <cpu type='tcg' name='phenom' usable='no'>
+ <blocker name='fxsr-opt'/>
+ </cpu>
+ <cpu type='tcg' name='pentium3' usable='yes'/>
+ <cpu type='tcg' name='pentium2' usable='yes'/>
+ <cpu type='tcg' name='pentium' usable='yes'/>
+ <cpu type='tcg' name='n270' usable='yes'/>
+ <cpu type='tcg' name='kvm64' usable='yes'/>
+ <cpu type='tcg' name='kvm32' usable='yes'/>
+ <cpu type='tcg' name='coreduo' usable='yes'/>
+ <cpu type='tcg' name='core2duo' usable='yes'/>
+ <cpu type='tcg' name='athlon' usable='yes'/>
+ <cpu type='tcg' name='Westmere-IBRS' usable='no'>
+ <blocker name='spec-ctrl'/>
+ </cpu>
+ <cpu type='tcg' name='Westmere' usable='yes'/>
+ <cpu type='tcg' name='Skylake-Server-IBRS' usable='no'>
+ <blocker name='fma'/>
+ <blocker name='pcid'/>
+ <blocker name='x2apic'/>
+ <blocker name='tsc-deadline'/>
+ <blocker name='avx'/>
+ <blocker name='f16c'/>
+ <blocker name='rdrand'/>
+ <blocker name='hle'/>
+ <blocker name='avx2'/>
+ <blocker name='invpcid'/>
+ <blocker name='rtm'/>
+ <blocker name='avx512f'/>
+ <blocker name='avx512dq'/>
+ <blocker name='rdseed'/>
+ <blocker name='avx512cd'/>
+ <blocker name='avx512bw'/>
+ <blocker name='avx512vl'/>
+ <blocker name='spec-ctrl'/>
+ <blocker name='3dnowprefetch'/>
+ <blocker name='xsavec'/>
+ </cpu>
+ <cpu type='tcg' name='Skylake-Server' usable='no'>
+ <blocker name='fma'/>
+ <blocker name='pcid'/>
+ <blocker name='x2apic'/>
+ <blocker name='tsc-deadline'/>
+ <blocker name='avx'/>
+ <blocker name='f16c'/>
+ <blocker name='rdrand'/>
+ <blocker name='hle'/>
+ <blocker name='avx2'/>
+ <blocker name='invpcid'/>
+ <blocker name='rtm'/>
+ <blocker name='avx512f'/>
+ <blocker name='avx512dq'/>
+ <blocker name='rdseed'/>
+ <blocker name='avx512cd'/>
+ <blocker name='avx512bw'/>
+ <blocker name='avx512vl'/>
+ <blocker name='3dnowprefetch'/>
+ <blocker name='xsavec'/>
+ </cpu>
+ <cpu type='tcg' name='Skylake-Client-IBRS' usable='no'>
+ <blocker name='fma'/>
+ <blocker name='pcid'/>
+ <blocker name='x2apic'/>
+ <blocker name='tsc-deadline'/>
+ <blocker name='avx'/>
+ <blocker name='f16c'/>
+ <blocker name='rdrand'/>
+ <blocker name='hle'/>
+ <blocker name='avx2'/>
+ <blocker name='invpcid'/>
+ <blocker name='rtm'/>
+ <blocker name='rdseed'/>
+ <blocker name='spec-ctrl'/>
+ <blocker name='3dnowprefetch'/>
+ <blocker name='xsavec'/>
+ </cpu>
+ <cpu type='tcg' name='Skylake-Client' usable='no'>
+ <blocker name='fma'/>
+ <blocker name='pcid'/>
+ <blocker name='x2apic'/>
+ <blocker name='tsc-deadline'/>
+ <blocker name='avx'/>
+ <blocker name='f16c'/>
+ <blocker name='rdrand'/>
+ <blocker name='hle'/>
+ <blocker name='avx2'/>
+ <blocker name='invpcid'/>
+ <blocker name='rtm'/>
+ <blocker name='rdseed'/>
+ <blocker name='3dnowprefetch'/>
+ <blocker name='xsavec'/>
+ </cpu>
+ <cpu type='tcg' name='SandyBridge-IBRS' usable='no'>
+ <blocker name='x2apic'/>
+ <blocker name='tsc-deadline'/>
+ <blocker name='avx'/>
+ <blocker name='spec-ctrl'/>
+ </cpu>
+ <cpu type='tcg' name='SandyBridge' usable='no'>
+ <blocker name='x2apic'/>
+ <blocker name='tsc-deadline'/>
+ <blocker name='avx'/>
+ </cpu>
+ <cpu type='tcg' name='Penryn' usable='yes'/>
+ <cpu type='tcg' name='Opteron_G5' usable='no'>
+ <blocker name='fma'/>
+ <blocker name='avx'/>
+ <blocker name='f16c'/>
+ <blocker name='misalignsse'/>
+ <blocker name='3dnowprefetch'/>
+ <blocker name='xop'/>
+ <blocker name='fma4'/>
+ <blocker name='tbm'/>
+ <blocker name='nrip-save'/>
+ </cpu>
+ <cpu type='tcg' name='Opteron_G4' usable='no'>
+ <blocker name='avx'/>
+ <blocker name='misalignsse'/>
+ <blocker name='3dnowprefetch'/>
+ <blocker name='xop'/>
+ <blocker name='fma4'/>
+ <blocker name='nrip-save'/>
+ </cpu>
+ <cpu type='tcg' name='Opteron_G3' usable='no'>
+ <blocker name='misalignsse'/>
+ </cpu>
+ <cpu type='tcg' name='Opteron_G2' usable='yes'/>
+ <cpu type='tcg' name='Opteron_G1' usable='yes'/>
+ <cpu type='tcg' name='Nehalem-IBRS' usable='no'>
+ <blocker name='spec-ctrl'/>
+ </cpu>
+ <cpu type='tcg' name='Nehalem' usable='yes'/>
+ <cpu type='tcg' name='KnightsMill' usable='no'>
+ <blocker name='fma'/>
+ <blocker name='x2apic'/>
+ <blocker name='tsc-deadline'/>
+ <blocker name='avx'/>
+ <blocker name='f16c'/>
+ <blocker name='rdrand'/>
+ <blocker name='avx2'/>
+ <blocker name='avx512f'/>
+ <blocker name='rdseed'/>
+ <blocker name='avx512pf'/>
+ <blocker name='avx512er'/>
+ <blocker name='avx512cd'/>
+ <blocker name='avx512-vpopcntdq'/>
+ <blocker name='avx512-4vnniw'/>
+ <blocker name='avx512-4fmaps'/>
+ <blocker name='3dnowprefetch'/>
+ </cpu>
+ <cpu type='tcg' name='IvyBridge-IBRS' usable='no'>
+ <blocker name='x2apic'/>
+ <blocker name='tsc-deadline'/>
+ <blocker name='avx'/>
+ <blocker name='f16c'/>
+ <blocker name='rdrand'/>
+ <blocker name='spec-ctrl'/>
+ </cpu>
+ <cpu type='tcg' name='IvyBridge' usable='no'>
+ <blocker name='x2apic'/>
+ <blocker name='tsc-deadline'/>
+ <blocker name='avx'/>
+ <blocker name='f16c'/>
+ <blocker name='rdrand'/>
+ </cpu>
+ <cpu type='tcg' name='Icelake-Server' usable='no'>
+ <blocker name='fma'/>
+ <blocker name='pcid'/>
+ <blocker name='x2apic'/>
+ <blocker name='tsc-deadline'/>
+ <blocker name='avx'/>
+ <blocker name='f16c'/>
+ <blocker name='rdrand'/>
+ <blocker name='hle'/>
+ <blocker name='avx2'/>
+ <blocker name='invpcid'/>
+ <blocker name='rtm'/>
+ <blocker name='avx512f'/>
+ <blocker name='avx512dq'/>
+ <blocker name='rdseed'/>
+ <blocker name='intel-pt'/>
+ <blocker name='avx512cd'/>
+ <blocker name='avx512bw'/>
+ <blocker name='avx512vl'/>
+ <blocker name='avx512vbmi'/>
+ <blocker name='umip'/>
+ <blocker name=''/>
+ <blocker name='avx512vbmi2'/>
+ <blocker name='gfni'/>
+ <blocker name='vaes'/>
+ <blocker name='vpclmulqdq'/>
+ <blocker name='avx512vnni'/>
+ <blocker name='avx512bitalg'/>
+ <blocker name='avx512-vpopcntdq'/>
+ <blocker name='pconfig'/>
+ <blocker name='spec-ctrl'/>
+ <blocker name='ssbd'/>
+ <blocker name='3dnowprefetch'/>
+ <blocker name='wbnoinvd'/>
+ <blocker name='xsavec'/>
+ </cpu>
+ <cpu type='tcg' name='Icelake-Client' usable='no'>
+ <blocker name='fma'/>
+ <blocker name='pcid'/>
+ <blocker name='x2apic'/>
+ <blocker name='tsc-deadline'/>
+ <blocker name='avx'/>
+ <blocker name='f16c'/>
+ <blocker name='rdrand'/>
+ <blocker name='hle'/>
+ <blocker name='avx2'/>
+ <blocker name='invpcid'/>
+ <blocker name='rtm'/>
+ <blocker name='rdseed'/>
+ <blocker name='intel-pt'/>
+ <blocker name='avx512vbmi'/>
+ <blocker name='umip'/>
+ <blocker name=''/>
+ <blocker name='avx512vbmi2'/>
+ <blocker name='gfni'/>
+ <blocker name='vaes'/>
+ <blocker name='vpclmulqdq'/>
+ <blocker name='avx512vnni'/>
+ <blocker name='avx512bitalg'/>
+ <blocker name='avx512-vpopcntdq'/>
+ <blocker name='spec-ctrl'/>
+ <blocker name='ssbd'/>
+ <blocker name='3dnowprefetch'/>
+ <blocker name='wbnoinvd'/>
+ <blocker name='xsavec'/>
+ </cpu>
+ <cpu type='tcg' name='Haswell-noTSX-IBRS' usable='no'>
+ <blocker name='fma'/>
+ <blocker name='pcid'/>
+ <blocker name='x2apic'/>
+ <blocker name='tsc-deadline'/>
+ <blocker name='avx'/>
+ <blocker name='f16c'/>
+ <blocker name='rdrand'/>
+ <blocker name='avx2'/>
+ <blocker name='invpcid'/>
+ <blocker name='spec-ctrl'/>
+ </cpu>
+ <cpu type='tcg' name='Haswell-noTSX' usable='no'>
+ <blocker name='fma'/>
+ <blocker name='pcid'/>
+ <blocker name='x2apic'/>
+ <blocker name='tsc-deadline'/>
+ <blocker name='avx'/>
+ <blocker name='f16c'/>
+ <blocker name='rdrand'/>
+ <blocker name='avx2'/>
+ <blocker name='invpcid'/>
+ </cpu>
+ <cpu type='tcg' name='Haswell-IBRS' usable='no'>
+ <blocker name='fma'/>
+ <blocker name='pcid'/>
+ <blocker name='x2apic'/>
+ <blocker name='tsc-deadline'/>
+ <blocker name='avx'/>
+ <blocker name='f16c'/>
+ <blocker name='rdrand'/>
+ <blocker name='hle'/>
+ <blocker name='avx2'/>
+ <blocker name='invpcid'/>
+ <blocker name='rtm'/>
+ <blocker name='spec-ctrl'/>
+ </cpu>
+ <cpu type='tcg' name='Haswell' usable='no'>
+ <blocker name='fma'/>
+ <blocker name='pcid'/>
+ <blocker name='x2apic'/>
+ <blocker name='tsc-deadline'/>
+ <blocker name='avx'/>
+ <blocker name='f16c'/>
+ <blocker name='rdrand'/>
+ <blocker name='hle'/>
+ <blocker name='avx2'/>
+ <blocker name='invpcid'/>
+ <blocker name='rtm'/>
+ </cpu>
+ <cpu type='tcg' name='EPYC-IBPB' usable='no'>
+ <blocker name='fma'/>
+ <blocker name='avx'/>
+ <blocker name='f16c'/>
+ <blocker name='rdrand'/>
+ <blocker name='avx2'/>
+ <blocker name='rdseed'/>
+ <blocker name='sha-ni'/>
+ <blocker name='fxsr-opt'/>
+ <blocker name='misalignsse'/>
+ <blocker name='3dnowprefetch'/>
+ <blocker name='osvw'/>
+ <blocker name='topoext'/>
+ <blocker name='ibpb'/>
+ <blocker name='nrip-save'/>
+ <blocker name='xsavec'/>
+ </cpu>
+ <cpu type='tcg' name='EPYC' usable='no'>
+ <blocker name='fma'/>
+ <blocker name='avx'/>
+ <blocker name='f16c'/>
+ <blocker name='rdrand'/>
+ <blocker name='avx2'/>
+ <blocker name='rdseed'/>
+ <blocker name='sha-ni'/>
+ <blocker name='fxsr-opt'/>
+ <blocker name='misalignsse'/>
+ <blocker name='3dnowprefetch'/>
+ <blocker name='osvw'/>
+ <blocker name='topoext'/>
+ <blocker name='nrip-save'/>
+ <blocker name='xsavec'/>
+ </cpu>
+ <cpu type='tcg' name='Conroe' usable='yes'/>
+ <cpu type='tcg' name='Cascadelake-Server' usable='no'>
+ <blocker name='fma'/>
+ <blocker name='pcid'/>
+ <blocker name='x2apic'/>
+ <blocker name='tsc-deadline'/>
+ <blocker name='avx'/>
+ <blocker name='f16c'/>
+ <blocker name='rdrand'/>
+ <blocker name='hle'/>
+ <blocker name='avx2'/>
+ <blocker name='invpcid'/>
+ <blocker name='rtm'/>
+ <blocker name='avx512f'/>
+ <blocker name='avx512dq'/>
+ <blocker name='rdseed'/>
+ <blocker name='intel-pt'/>
+ <blocker name='avx512cd'/>
+ <blocker name='avx512bw'/>
+ <blocker name='avx512vl'/>
+ <blocker name=''/>
+ <blocker name='avx512vnni'/>
+ <blocker name='spec-ctrl'/>
+ <blocker name='ssbd'/>
+ <blocker name='3dnowprefetch'/>
+ <blocker name='xsavec'/>
+ </cpu>
+ <cpu type='tcg' name='Broadwell-noTSX-IBRS' usable='no'>
+ <blocker name='fma'/>
+ <blocker name='pcid'/>
+ <blocker name='x2apic'/>
+ <blocker name='tsc-deadline'/>
+ <blocker name='avx'/>
+ <blocker name='f16c'/>
+ <blocker name='rdrand'/>
+ <blocker name='avx2'/>
+ <blocker name='invpcid'/>
+ <blocker name='rdseed'/>
+ <blocker name='spec-ctrl'/>
+ <blocker name='3dnowprefetch'/>
+ </cpu>
+ <cpu type='tcg' name='Broadwell-noTSX' usable='no'>
+ <blocker name='fma'/>
+ <blocker name='pcid'/>
+ <blocker name='x2apic'/>
+ <blocker name='tsc-deadline'/>
+ <blocker name='avx'/>
+ <blocker name='f16c'/>
+ <blocker name='rdrand'/>
+ <blocker name='avx2'/>
+ <blocker name='invpcid'/>
+ <blocker name='rdseed'/>
+ <blocker name='3dnowprefetch'/>
+ </cpu>
+ <cpu type='tcg' name='Broadwell-IBRS' usable='no'>
+ <blocker name='fma'/>
+ <blocker name='pcid'/>
+ <blocker name='x2apic'/>
+ <blocker name='tsc-deadline'/>
+ <blocker name='avx'/>
+ <blocker name='f16c'/>
+ <blocker name='rdrand'/>
+ <blocker name='hle'/>
+ <blocker name='avx2'/>
+ <blocker name='invpcid'/>
+ <blocker name='rtm'/>
+ <blocker name='rdseed'/>
+ <blocker name='spec-ctrl'/>
+ <blocker name='3dnowprefetch'/>
+ </cpu>
+ <cpu type='tcg' name='Broadwell' usable='no'>
+ <blocker name='fma'/>
+ <blocker name='pcid'/>
+ <blocker name='x2apic'/>
+ <blocker name='tsc-deadline'/>
+ <blocker name='avx'/>
+ <blocker name='f16c'/>
+ <blocker name='rdrand'/>
+ <blocker name='hle'/>
+ <blocker name='avx2'/>
+ <blocker name='invpcid'/>
+ <blocker name='rtm'/>
+ <blocker name='rdseed'/>
+ <blocker name='3dnowprefetch'/>
+ </cpu>
+ <cpu type='tcg' name='486' usable='yes'/>
+ <machine name='pc-i440fx-4.0' alias='pc' hotplugCpus='yes' maxCpus='255' default='yes'/>
+ <machine name='isapc' hotplugCpus='yes' maxCpus='1'/>
+ <machine name='pc-1.1' hotplugCpus='yes' maxCpus='255'/>
+ <machine name='pc-1.2' hotplugCpus='yes' maxCpus='255'/>
+ <machine name='pc-1.3' hotplugCpus='yes' maxCpus='255'/>
+ <machine name='pc-i440fx-2.8' hotplugCpus='yes' maxCpus='255'/>
+ <machine name='pc-1.0' hotplugCpus='yes' maxCpus='255'/>
+ <machine name='pc-i440fx-2.9' hotplugCpus='yes' maxCpus='255'/>
+ <machine name='pc-i440fx-2.6' hotplugCpus='yes' maxCpus='255'/>
+ <machine name='pc-i440fx-2.7' hotplugCpus='yes' maxCpus='255'/>
+ <machine name='pc-i440fx-2.3' hotplugCpus='yes' maxCpus='255'/>
+ <machine name='pc-i440fx-2.4' hotplugCpus='yes' maxCpus='255'/>
+ <machine name='pc-i440fx-2.5' hotplugCpus='yes' maxCpus='255'/>
+ <machine name='pc-i440fx-2.1' hotplugCpus='yes' maxCpus='255'/>
+ <machine name='pc-i440fx-2.2' hotplugCpus='yes' maxCpus='255'/>
+ <machine name='pc-q35-3.1' hotplugCpus='yes' maxCpus='288'/>
+ <machine name='pc-i440fx-2.0' hotplugCpus='yes' maxCpus='255'/>
+ <machine name='pc-q35-2.11' hotplugCpus='yes' maxCpus='288'/>
+ <machine name='pc-q35-2.12' hotplugCpus='yes' maxCpus='288'/>
+ <machine name='pc-q35-3.0' hotplugCpus='yes' maxCpus='288'/>
+ <machine name='pc-q35-2.10' hotplugCpus='yes' maxCpus='288'/>
+ <machine name='pc-i440fx-1.7' hotplugCpus='yes' maxCpus='255'/>
+ <machine name='pc-q35-2.9' hotplugCpus='yes' maxCpus='288'/>
+ <machine name='pc-0.15' hotplugCpus='yes' maxCpus='255'/>
+ <machine name='pc-i440fx-1.5' hotplugCpus='yes' maxCpus='255'/>
+ <machine name='pc-q35-2.7' hotplugCpus='yes' maxCpus='255'/>
+ <machine name='pc-i440fx-1.6' hotplugCpus='yes' maxCpus='255'/>
+ <machine name='pc-i440fx-2.11' hotplugCpus='yes' maxCpus='255'/>
+ <machine name='pc-q35-2.8' hotplugCpus='yes' maxCpus='288'/>
+ <machine name='pc-0.13' hotplugCpus='yes' maxCpus='255'/>
+ <machine name='pc-i440fx-2.12' hotplugCpus='yes' maxCpus='255'/>
+ <machine name='pc-0.14' hotplugCpus='yes' maxCpus='255'/>
+ <machine name='pc-i440fx-3.0' hotplugCpus='yes' maxCpus='255'/>
+ <machine name='pc-i440fx-3.1' hotplugCpus='yes' maxCpus='255'/>
+ <machine name='pc-q35-2.4' hotplugCpus='yes' maxCpus='255'/>
+ <machine name='pc-q35-2.5' hotplugCpus='yes' maxCpus='255'/>
+ <machine name='pc-q35-2.6' hotplugCpus='yes' maxCpus='255'/>
+ <machine name='pc-i440fx-2.10' hotplugCpus='yes' maxCpus='255'/>
+ <machine name='pc-i440fx-1.4' hotplugCpus='yes' maxCpus='255'/>
+ <machine name='pc-0.12' hotplugCpus='yes' maxCpus='255'/>
+ <machine name='pc-q35-4.0' alias='q35' hotplugCpus='yes' maxCpus='288'/>
+ <mktme>
+ <keys_supported>15</keys_supported>
+ </mktme>
+</qemuCaps>
--
2.21.0.windows.1
5 years, 5 months
[libvirt] [PATCH 0/3] Trivial fixes mocking fixes
by Michal Privoznik
I'm not pushing these just yet. I'm leaving some time for our grammar
enthusiasts to fix my grammar.
Michal Prívozník (3):
virfilemock: Init symbols in canonicalize_file_name()
virtestmock: Initialize symbols from stat() and its friends
lib: Build sources before running 'check-access'
Makefile.am | 2 +-
tests/virfilemock.c | 3 +++
tests/virtestmock.c | 4 +++-
3 files changed, 7 insertions(+), 2 deletions(-)
--
2.21.0
5 years, 5 months
[libvirt] [PATCH 0/4] tests: Add capabilities for s390x
by Boris Fiuczynski
This series adds the capabilities of QEMU 3.1.0 and 4.0.0 on s390x.
Boris Fiuczynski (4):
tests: Add capabilities for QEMU 3.1.0 on s390x
tests: domaincaps: Add QEMU 3.1.0 for s390x
tests: Add capabilities for QEMU 4.0.0 on s390x
tests: domaincaps: Add QEMU 4.0.0 for s390x
.../domaincapsschemadata/qemu_3.1.0.s390x.xml | 196 +
.../domaincapsschemadata/qemu_4.0.0.s390x.xml | 198 +
tests/domaincapstest.c | 8 +
.../caps_3.1.0.s390x.replies | 20893 +++++++++++++++
.../qemucapabilitiesdata/caps_3.1.0.s390x.xml | 2728 ++
.../caps_4.0.0.s390x.replies | 21514 ++++++++++++++++
.../qemucapabilitiesdata/caps_4.0.0.s390x.xml | 2894 +++
...othreads-virtio-scsi-ccw.s390x-latest.args | 6 +-
.../s390x-ccw-graphics.s390x-latest.args | 2 +-
.../s390x-ccw-headless.s390x-latest.args | 2 +-
.../vhost-vsock-ccw-auto.s390x-latest.args | 2 +-
.../vhost-vsock-ccw.s390x-latest.args | 2 +-
12 files changed, 48438 insertions(+), 7 deletions(-)
create mode 100644 tests/domaincapsschemadata/qemu_3.1.0.s390x.xml
create mode 100644 tests/domaincapsschemadata/qemu_4.0.0.s390x.xml
create mode 100644 tests/qemucapabilitiesdata/caps_3.1.0.s390x.replies
create mode 100644 tests/qemucapabilitiesdata/caps_3.1.0.s390x.xml
create mode 100644 tests/qemucapabilitiesdata/caps_4.0.0.s390x.replies
create mode 100644 tests/qemucapabilitiesdata/caps_4.0.0.s390x.xml
--
2.17.0
5 years, 5 months
[libvirt] [PATCH 0/5] tests: Refresh/add capabilities for QEMU 4.0.0
by Andrea Bolognani
Now that it's officially out, we can refresh existing capabilities
created from git snapshots and introduce them for the architectures
where they were missing altogether.
This series covers all architectures except for s390x, to which I
don't have convenient access: Pino promised me he'd take care of that
one in a few days.
As usual for this kind of series, most patches have been snipped with
extreme prejudice in order to make them small enough that they
wouldn't end up in the moderation queue: the unabridged version can
be found at
https://github.com/andreabolognani/libvirt
in the 'qemucaps-4.0.0' branch.
It'd be great if we could sneak these in during the freeze so that I
won't have to possibly regenerate them again after the post-release
merge flood ;)
Andrea Bolognani (5):
tests: Refresh capabilities for QEMU 4.0.0 on x86_64
tests: Refresh capabilities for QEMU 4.0.0 on riscv32
tests: Refresh capabilities for QEMU 4.0.0 on riscv64
tests: Add capabilities for QEMU 4.0.0 on aarch64
tests: Add capabilities for QEMU 4.0.0 on ppc64
.../qemu_4.0.0.x86_64.xml | 3 +-
...v32.replies => caps_4.0.0.aarch64.replies} | 6997 ++--
.../caps_4.0.0.aarch64.xml | 310 +
...scv32.replies => caps_4.0.0.ppc64.replies} | 29886 ++++++++++------
.../qemucapabilitiesdata/caps_4.0.0.ppc64.xml | 1077 +
.../caps_4.0.0.riscv32.replies | 10 +-
.../caps_4.0.0.riscv32.xml | 4 +-
.../caps_4.0.0.riscv64.replies | 10 +-
.../caps_4.0.0.riscv64.xml | 4 +-
.../caps_4.0.0.x86_64.replies | 3331 +-
.../caps_4.0.0.x86_64.xml | 38 +-
...arch64-os-firmware-efi.aarch64-latest.args | 2 +-
.../aarch64-virt-graphics.aarch64-latest.args | 2 +-
.../aarch64-virt-headless.aarch64-latest.args | 2 +-
14 files changed, 25862 insertions(+), 15814 deletions(-)
copy tests/qemucapabilitiesdata/{caps_4.0.0.riscv32.replies => caps_4.0.0.aarch64.replies} (86%)
create mode 100644 tests/qemucapabilitiesdata/caps_4.0.0.aarch64.xml
copy tests/qemucapabilitiesdata/{caps_4.0.0.riscv32.replies => caps_4.0.0.ppc64.replies} (71%)
create mode 100644 tests/qemucapabilitiesdata/caps_4.0.0.ppc64.xml
--
2.20.1
5 years, 5 months
[libvirt] [PATCH 0/3] Couple of virBuffer fixes
by Michal Privoznik
Almost trivial.
Michal Prívozník (3):
virbuffer: Don't leak memory in virBufferAddBuffer
virbuffer: Use signed integer for storing error
virBuffer: Try harder to free buffer
src/util/virbuffer.c | 7 +++----
src/util/virbuffer.h | 2 +-
tests/virbuftest.c | 32 ++++++++++++++++++++++++++++++++
3 files changed, 36 insertions(+), 5 deletions(-)
--
2.21.0
5 years, 6 months
[libvirt] RElease of libvirt-5.3.0
by Daniel Veillard
A bit late, sorry I was in vacations, but the release is now tagged in git
and I pushed the signed tarball and rpms to the normal place:
https://libvirt.org/sources/
Please note that following discussion on last release the FTP server will
soon be shutdown.
I also pushed the related libvirt-python release that you can find in git
and at
https://libvirt.org/sources/python/
This is a balanced release, one thing to note is the removal of the support
for the old 4.x VirtualBox releases
New feature:
- qemu: Add support for setting the emulator scheduler parameters
I/O threads and vCPU threads already support setting schedulers, but
until now it was impossible to do so for the main QEMU thread (emulator
thread in the libvirt naming). This is, however, requested for some
very specific scenarios, for example when vCPU threads are running at
such priority that could starve the main thread.
Removed feature:
- vbox: Drop support for VirtualBox 4.x releases
Support for all the 4.x releases was ended by VirtualBox maintainers in
December 2015. Therefore, libvirt support for these releases is
dropped.
Improvements:
- qemu: Use PCI by default for RISC-V guests
PCI support for RISC-V guests was already available in libvirt 5.1.0,
but it required the user to opt-in by manually assigning PCI addresses:
with this release, RISC-V guests will use PCI automatically when
running against a recent enough (4.0.0+) QEMU release.
- qemu: Advertise firmware autoselection in domain capabilities
The firmware autoselection feature is now exposed in domain
capabilities and management applications can query for accepted values,
i.e. values that are accepted and for which libvirt found firmware
descriptor files. Firmware Secure Boot support is also advertised.
- Drop YAJL 1 support
YAJL 2 is widely adopted and maintaining side by side support for two
versions is unnecessary.
Bug fixes:
- rpc: cleanup in virNetTLSContextNew
Failed new gnutls context allocations in virNetTLSContextNew function
results in double free and segfault. Occasional memory leaks may also
occur.
- virsh: various completers fixes
There were some possible crashers, memory leaks, etc. which are now
fixed.
- qemu: Make hugepages work with memfd backend
Due to a bug in command line generation libvirt did not honor hugepages
setting with memfd backend.
- Enforce ACL write permission for getting guest time & hostname
Getting the guest time and hostname both require use of guest agent
commands. These must not be allowed for read-only users, so the
permissions check must validate "write" permission not "read".
Thanks everybody for your help bringing this release up,
Daniel
--
Daniel Veillard | Red Hat Developers Tools http://developer.redhat.com/
veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | virtualization library http://libvirt.org/
5 years, 6 months
[libvirt] [jenkins-ci PATCH v2] lcitool: check for virt-install / ansible-playbook in $PATH
by Daniel P. Berrangé
This improves error reporting:
$ ./lcitool install libvirt-fedora-29
./lcitool: Failed to install 'libvirt-fedora-29': [Errno 2] No such file or directory
To
$ ./lcitool install libvirt-fedora-29
./lcitool: Cannot find virt-install in $PATH
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
guests/lcitool | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/guests/lcitool b/guests/lcitool
index 0f60704..d3937be 100755
--- a/guests/lcitool
+++ b/guests/lcitool
@@ -17,6 +17,7 @@
# with this program. If not, see <https://www.gnu.org/licenses/>.
import argparse
+import distutils.spawn
import fnmatch
import json
import os
@@ -461,8 +462,12 @@ class Application:
"git_branch": git_branch,
})
+ ap_path = distutils.spawn.find_executable("ansible-playbook")
+ if ap_path is None:
+ raise Exception("Cannot find ansible-playbook in $PATH")
+
cmd = [
- "ansible-playbook",
+ ap_path,
"--limit", ansible_hosts,
"--extra-vars", extra_vars,
]
@@ -534,8 +539,12 @@ class Application:
# a kernel argument
extra_arg = "console=ttyS0 ks=file:/{}".format(install_config)
+ vi_path = distutils.spawn.find_executable("virt-install")
+ if vi_path is None:
+ raise Exception("Cannot find virt-install in $PATH")
+
cmd = [
- "virt-install",
+ vi_path,
"--name", host,
"--location", facts["install_url"],
"--virt-type", facts["install_virt_type"],
--
2.21.0
5 years, 6 months
[libvirt] [jenkins-ci PATCH] lcitool: use yaml.safe_load instead of load
by Daniel P. Berrangé
The yaml.load() method is historically unsafe as it allowed for
arbitrary code execution:
./lcitool:323: YAMLLoadWarning: calling yaml.load() without
Loader=... is deprecated, as the default Loader is unsafe.
Please read https://msg.pyyaml.org/load for full details.
The PyYAML >= 5.1 is now safe by default, but has none the less
deprecated the plain load() method to avoid risk for people
running their app on older versions. For our needs safe_load()
suffices and is compatible with RHEL-7
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
guests/lcitool | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/guests/lcitool b/guests/lcitool
index 1c18b5a..30b6430 100755
--- a/guests/lcitool
+++ b/guests/lcitool
@@ -257,7 +257,7 @@ class Inventory:
@staticmethod
def _add_facts_from_file(facts, yaml_path):
with open(yaml_path, "r") as infile:
- some_facts = yaml.load(infile)
+ some_facts = yaml.safe_load(infile)
for fact in some_facts:
facts[fact] = some_facts[fact]
@@ -301,7 +301,7 @@ class Projects:
try:
with open(mappings_path, "r") as infile:
- mappings = yaml.load(infile)
+ mappings = yaml.safe_load(infile)
self._mappings = mappings["mappings"]
except Exception as ex:
raise Exception("Can't load mappings: {}".format(ex))
@@ -320,7 +320,7 @@ class Projects:
try:
with open(yaml_path, "r") as infile:
- packages = yaml.load(infile)
+ packages = yaml.safe_load(infile)
self._packages[project] = packages["packages"]
except Exception as ex:
raise Exception(
--
2.21.0
5 years, 6 months