[libvirt PATCH][pushed] Fix spelling
by Tim Wiederhake
Signed-off-by: Tim Wiederhake <twiederh(a)redhat.com>
---
NEWS.rst | 2 +-
src/qemu/qemu.conf.in | 2 +-
src/qemu/qemu_monitor.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/NEWS.rst b/NEWS.rst
index e584bc1fed..2ce8ef4b6a 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -218,7 +218,7 @@ v8.5.0 (2022-07-01)
* qemu: Add support for zero-copy migration
With QEMU 7.1.0, libvirt can enable zerocopy for parallel migration. This
- is implmented by adding a new ``VIR_MIGRATE_ZEROCOPY`` flag(``virsh migrate
+ is implemented by adding a new ``VIR_MIGRATE_ZEROCOPY`` flag(``virsh migrate
--zerocopy``).
* Introduce thread_pool_min and thread_pool_max attributes to IOThread
diff --git a/src/qemu/qemu.conf.in b/src/qemu/qemu.conf.in
index 623da72d60..3895d42514 100644
--- a/src/qemu/qemu.conf.in
+++ b/src/qemu/qemu.conf.in
@@ -963,7 +963,7 @@
# "vcpus" - only QEMU vCPU threads are placed into a separate scheduling group,
# emulator threads and helper processes remain outside of the group
# "emulator" - only QEMU and its threads (emulator + vCPUs) are placed into
-# separate scheduling group, helper proccesses remain outside of
+# separate scheduling group, helper processes remain outside of
# the group
# "full" - both QEMU and its helper processes are placed into separate
# scheduling group
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index 8ada16154c..80f262cec7 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -4346,7 +4346,7 @@ qemuMonitorQueryStatsProviderNew(qemuMonitorQueryStatsProviderType provider_type
/*
* This can be lowered later in case of the enum getting quite large, hence
- * the virBitmapSetExpand below which also incidently makes this function
+ * the virBitmapSetExpand below which also incidentally makes this function
* non-fallible.
*/
provider->names = virBitmapNew(QEMU_MONITOR_QUERY_STATS_NAME_LAST);
--
2.36.1
2 years
[PATCH] tests: Fix libxlxml2domconfigtest
by Jim Fehlig
Downstream CI recently encountered failures of libxlxml2domconfigtest when
building libvirt packages against Xen 4.17 rc3 packages. The test fails on
vnuma_hvm config, where suddently the actual json produced by
libxl_domain_config_to_json() contains a 'pnode' entry in the 'vnuma_nodes'
list, which is absent in the expected json. It appears the test has thus far
passed by luck. E.g. I was able to make the test pass in the failing
environment by changing the meson buildtype from debugoptimized to debug.
When a VM config contains vnuma settings, libxlMakeVnumaList() checks if the
number of requested vnuma nodes exceeds the number of physical nodes. The
number of physical nodes is retrieved with libxl_get_physinfo(), which can
return wildly different results in the context of unit tests. This change
mocks libxl_get_physinfo() to return consistent results. All fields of the
libxl_physinfo struct are set to 0 except nr_nodes, which is set to 6 to
ensure the vnuma_hvm configuration is properly tested.
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
---
tests/libxlmock.c | 15 +++++++++++++++
tests/libxlxml2domconfigdata/vnuma-hvm.json | 5 +++++
2 files changed, 20 insertions(+)
diff --git a/tests/libxlmock.c b/tests/libxlmock.c
index 4754597e5b..205d34df19 100644
--- a/tests/libxlmock.c
+++ b/tests/libxlmock.c
@@ -70,6 +70,21 @@ VIR_MOCK_IMPL_RET_ARGS(libxl_get_version_info,
return &info;
}
+VIR_MOCK_IMPL_RET_ARGS(libxl_get_physinfo,
+ int,
+ libxl_ctx *, ctx,
+ libxl_physinfo *, physinfo)
+{
+ memset(physinfo, 0, sizeof(*physinfo));
+ physinfo->nr_nodes = 6;
+
+ /* silence gcc warning about unused function */
+ if (0)
+ real_libxl_get_physinfo(ctx, physinfo);
+
+ return 0;
+}
+
VIR_MOCK_STUB_RET_ARGS(libxl_get_free_memory,
int, 0,
libxl_ctx *, ctx,
diff --git a/tests/libxlxml2domconfigdata/vnuma-hvm.json b/tests/libxlxml2domconfigdata/vnuma-hvm.json
index 2556c82d5f..c90ee823a4 100644
--- a/tests/libxlxml2domconfigdata/vnuma-hvm.json
+++ b/tests/libxlxml2domconfigdata/vnuma-hvm.json
@@ -39,6 +39,7 @@
41,
51
],
+ "pnode": 1,
"vcpus": [
1
]
@@ -53,6 +54,7 @@
31,
41
],
+ "pnode": 2,
"vcpus": [
2
]
@@ -67,6 +69,7 @@
21,
31
],
+ "pnode": 3,
"vcpus": [
3
]
@@ -81,6 +84,7 @@
10,
21
],
+ "pnode": 4,
"vcpus": [
4
]
@@ -95,6 +99,7 @@
21,
10
],
+ "pnode": 5,
"vcpus": [
5
]
--
2.37.3
2 years
[PATCH] qemu_validate: Use proper printf directive for ssize_t
by Michal Privoznik
In one of recent commits an error message was introduced. In this
message a variable of type ssize_t is being printed out, but the
corresponding format directive is %ld instead of %zd which breaks
on 32bits systems. Switch to proper format.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
Pushed under trivial rule.
src/qemu/qemu_validate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index bd040c7ff8..c687df0bfc 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -5047,7 +5047,7 @@ qemuValidateDomainDeviceDefMemory(virDomainMemoryDef *mem,
while ((node = virBitmapNextSetBit(mem->sourceNodes, node)) >= 0) {
if (mem->size > sgxCaps->sgxSections[node].size) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
- _("sgx epc size %lld on host node %ld is less than requested size %lld"),
+ _("sgx epc size %lld on host node %zd is less than requested size %lld"),
sgxCaps->sgxSections[node].size, node, mem->size);
return -1;
}
--
2.37.4
2 years
[libvirt][PATCH v17 0/9] Support query and use SGX
by Lin Yang
Diff to v16:
* Included SGX EPC in the calculation and validation of maximum
memory space in qemuDomainDefValidateMemoryHotplug. Removed
all hacking in this function, but only skip
qemuDomainDefValidateMemoryHotplugDevice validation for SGX EPC,
since it is not hotpluggable.
* Added SGX fields in new QEMU 7.2 domaincaps xml.
Haibin Huang (4):
domain_capabilities: Define SGX capabilities structs
qemu: Get SGX capabilities form QMP
Convert QMP capabilities to domain capabilities
conf: expose SGX feature in domain capabilities
Lin Yang (2):
conf: Introduce SGX EPC element into device memory xml
qemu: Add command-line to generate SGX EPC memory backend
Michal Prívozník (3):
qemu_cgroup: Allow SGX in devices controller
qemu_namespace: Create SGX related nodes in domain's namespace
security_dac: Set DAC label on SGX /dev nodes
docs/formatdomain.rst | 25 +-
docs/formatdomaincaps.rst | 40 ++++
src/conf/domain_capabilities.c | 47 ++++
src/conf/domain_capabilities.h | 22 ++
src/conf/domain_conf.c | 30 +++
src/conf/domain_conf.h | 1 +
src/conf/domain_postparse.c | 1 +
src/conf/domain_validate.c | 9 +
src/conf/schemas/domaincaps.rng | 43 ++++
src/conf/schemas/domaincommon.rng | 1 +
src/libvirt_private.syms | 1 +
src/qemu/qemu_alias.c | 6 +-
src/qemu/qemu_capabilities.c | 220 ++++++++++++++++++
src/qemu/qemu_capabilities.h | 4 +
src/qemu/qemu_cgroup.c | 78 ++++++-
src/qemu/qemu_command.c | 66 +++++-
src/qemu/qemu_domain.c | 28 ++-
src/qemu/qemu_domain.h | 2 +
src/qemu/qemu_domain_address.c | 6 +
src/qemu/qemu_driver.c | 1 +
src/qemu/qemu_monitor.c | 10 +
src/qemu/qemu_monitor.h | 3 +
src/qemu/qemu_monitor_json.c | 154 +++++++++++-
src/qemu/qemu_monitor_json.h | 4 +
src/qemu/qemu_namespace.c | 20 +-
src/qemu/qemu_process.c | 2 +
src/qemu/qemu_validate.c | 40 ++++
src/security/security_apparmor.c | 1 +
src/security/security_dac.c | 46 ++--
src/security/security_selinux.c | 2 +
tests/domaincapsdata/bhyve_basic.x86_64.xml | 1 +
tests/domaincapsdata/bhyve_fbuf.x86_64.xml | 1 +
tests/domaincapsdata/bhyve_uefi.x86_64.xml | 1 +
tests/domaincapsdata/empty.xml | 1 +
tests/domaincapsdata/libxl-xenfv.xml | 1 +
tests/domaincapsdata/libxl-xenpv.xml | 1 +
.../domaincapsdata/qemu_4.2.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml | 1 +
.../qemu_4.2.0-virt.aarch64.xml | 1 +
tests/domaincapsdata/qemu_4.2.0.aarch64.xml | 1 +
tests/domaincapsdata/qemu_4.2.0.ppc64.xml | 1 +
tests/domaincapsdata/qemu_4.2.0.s390x.xml | 1 +
tests/domaincapsdata/qemu_4.2.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_5.0.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml | 1 +
.../qemu_5.0.0-virt.aarch64.xml | 1 +
tests/domaincapsdata/qemu_5.0.0.aarch64.xml | 1 +
tests/domaincapsdata/qemu_5.0.0.ppc64.xml | 1 +
tests/domaincapsdata/qemu_5.0.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_5.1.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml | 1 +
tests/domaincapsdata/qemu_5.1.0.sparc.xml | 1 +
tests/domaincapsdata/qemu_5.1.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_5.2.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_5.2.0-tcg.x86_64.xml | 1 +
.../qemu_5.2.0-virt.aarch64.xml | 1 +
tests/domaincapsdata/qemu_5.2.0.aarch64.xml | 1 +
tests/domaincapsdata/qemu_5.2.0.ppc64.xml | 1 +
tests/domaincapsdata/qemu_5.2.0.s390x.xml | 1 +
tests/domaincapsdata/qemu_5.2.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_6.0.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml | 1 +
.../qemu_6.0.0-virt.aarch64.xml | 1 +
tests/domaincapsdata/qemu_6.0.0.aarch64.xml | 1 +
tests/domaincapsdata/qemu_6.0.0.s390x.xml | 1 +
tests/domaincapsdata/qemu_6.0.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_6.1.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_6.1.0-tcg.x86_64.xml | 1 +
tests/domaincapsdata/qemu_6.1.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_6.2.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml | 1 +
.../qemu_6.2.0-virt.aarch64.xml | 1 +
tests/domaincapsdata/qemu_6.2.0.aarch64.xml | 1 +
tests/domaincapsdata/qemu_6.2.0.ppc64.xml | 1 +
tests/domaincapsdata/qemu_6.2.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_7.0.0-q35.x86_64.xml | 10 +
.../domaincapsdata/qemu_7.0.0-tcg.x86_64.xml | 10 +
.../qemu_7.0.0-virt.aarch64.xml | 1 +
tests/domaincapsdata/qemu_7.0.0.aarch64.xml | 1 +
tests/domaincapsdata/qemu_7.0.0.ppc64.xml | 1 +
tests/domaincapsdata/qemu_7.0.0.x86_64.xml | 10 +
.../domaincapsdata/qemu_7.1.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_7.1.0-tcg.x86_64.xml | 1 +
tests/domaincapsdata/qemu_7.1.0.ppc64.xml | 1 +
tests/domaincapsdata/qemu_7.1.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_7.2.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_7.2.0-tcg.x86_64.xml | 1 +
tests/domaincapsdata/qemu_7.2.0.x86_64.xml | 1 +
.../caps_6.2.0.x86_64.replies | 21 +-
.../caps_7.0.0.x86_64.replies | 34 ++-
.../caps_7.0.0.x86_64.xml | 11 +
.../caps_7.1.0.x86_64.replies | 21 +-
.../caps_7.2.0.x86_64.replies | 21 +-
.../sgx-epc.x86_64-7.0.0.args | 40 ++++
tests/qemuxml2argvdata/sgx-epc.xml | 65 ++++++
tests/qemuxml2argvtest.c | 2 +
.../sgx-epc.x86_64-7.0.0.xml | 65 ++++++
tests/qemuxml2xmltest.c | 2 +
98 files changed, 1210 insertions(+), 70 deletions(-)
create mode 100644 tests/qemuxml2argvdata/sgx-epc.x86_64-7.0.0.args
create mode 100644 tests/qemuxml2argvdata/sgx-epc.xml
create mode 100644 tests/qemuxml2xmloutdata/sgx-epc.x86_64-7.0.0.xml
--
2.25.1
2 years
[libvirt][PATCH v17 1/9] domain_capabilities: Define SGX capabilities structs
by Lin Yang
From: Haibin Huang <haibin.huang(a)intel.com>
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
Reviewed-by: Peter Krempa <pkrempa(a)redhat.com>
Signed-off-by: Haibin Huang <haibin.huang(a)intel.com>
---
src/conf/domain_capabilities.c | 11 +++++++++++
src/conf/domain_capabilities.h | 22 ++++++++++++++++++++++
src/libvirt_private.syms | 1 +
3 files changed, 34 insertions(+)
diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c
index a7f256e4ec..daeaee3c5c 100644
--- a/src/conf/domain_capabilities.c
+++ b/src/conf/domain_capabilities.c
@@ -76,6 +76,17 @@ virSEVCapabilitiesFree(virSEVCapability *cap)
}
+void
+virSGXCapabilitiesFree(virSGXCapability *cap)
+{
+ if (!cap)
+ return;
+
+ g_free(cap->sgxSections);
+ g_free(cap);
+}
+
+
static void
virDomainCapsDispose(void *obj)
{
diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h
index e0cfa75531..1d504a3506 100644
--- a/src/conf/domain_capabilities.h
+++ b/src/conf/domain_capabilities.h
@@ -208,6 +208,22 @@ struct _virSEVCapability {
unsigned int max_es_guests;
};
+typedef struct _virSGXSection virSGXSection;
+struct _virSGXSection {
+ unsigned long long size;
+ unsigned int node;
+};
+
+typedef struct _virSGXCapability virSGXCapability;
+struct _virSGXCapability {
+ bool flc;
+ bool sgx1;
+ bool sgx2;
+ unsigned long long section_size;
+ size_t nSgxSections;
+ virSGXSection *sgxSections;
+};
+
typedef enum {
VIR_DOMAIN_CAPS_FEATURE_IOTHREADS = 0,
VIR_DOMAIN_CAPS_FEATURE_VMCOREINFO,
@@ -246,6 +262,7 @@ struct _virDomainCaps {
virDomainCapsFeatureGIC gic;
virSEVCapability *sev;
+ virSGXCapability *sgx;
/* add new domain features here */
virTristateBool features[VIR_DOMAIN_CAPS_FEATURE_LAST];
@@ -296,3 +313,8 @@ void
virSEVCapabilitiesFree(virSEVCapability *capabilities);
G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSEVCapability, virSEVCapabilitiesFree);
+
+void
+virSGXCapabilitiesFree(virSGXCapability *capabilities);
+
+G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSGXCapability, virSGXCapabilitiesFree);
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 97ff2a43e4..ebd7bc61a8 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -218,6 +218,7 @@ virDomainCapsEnumSet;
virDomainCapsFormat;
virDomainCapsNew;
virSEVCapabilitiesFree;
+virSGXCapabilitiesFree;
# conf/domain_conf.h
--
2.25.1
2 years
[libvirt][PATCH v16 1/9] domain_capabilities: Define SGX capabilities structs
by Lin Yang
From: Haibin Huang <haibin.huang(a)intel.com>
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
Signed-off-by: Haibin Huang <haibin.huang(a)intel.com>
---
src/conf/domain_capabilities.c | 11 +++++++++++
src/conf/domain_capabilities.h | 22 ++++++++++++++++++++++
src/libvirt_private.syms | 1 +
3 files changed, 34 insertions(+)
diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c
index 653123f293..869b5d68e6 100644
--- a/src/conf/domain_capabilities.c
+++ b/src/conf/domain_capabilities.c
@@ -76,6 +76,17 @@ virSEVCapabilitiesFree(virSEVCapability *cap)
}
+void
+virSGXCapabilitiesFree(virSGXCapability *cap)
+{
+ if (!cap)
+ return;
+
+ g_free(cap->sgxSections);
+ g_free(cap);
+}
+
+
static void
virDomainCapsDispose(void *obj)
{
diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h
index a526969cda..3c9fd7f7de 100644
--- a/src/conf/domain_capabilities.h
+++ b/src/conf/domain_capabilities.h
@@ -193,6 +193,22 @@ struct _virSEVCapability {
unsigned int max_es_guests;
};
+typedef struct _virSGXSection virSGXSection;
+struct _virSGXSection {
+ unsigned long long size;
+ unsigned int node;
+};
+
+typedef struct _virSGXCapability virSGXCapability;
+struct _virSGXCapability {
+ bool flc;
+ bool sgx1;
+ bool sgx2;
+ unsigned long long section_size;
+ size_t nSgxSections;
+ virSGXSection *sgxSections;
+};
+
typedef enum {
VIR_DOMAIN_CAPS_FEATURE_IOTHREADS = 0,
VIR_DOMAIN_CAPS_FEATURE_VMCOREINFO,
@@ -229,6 +245,7 @@ struct _virDomainCaps {
virDomainCapsFeatureGIC gic;
virSEVCapability *sev;
+ virSGXCapability *sgx;
/* add new domain features here */
virTristateBool features[VIR_DOMAIN_CAPS_FEATURE_LAST];
@@ -277,3 +294,8 @@ void
virSEVCapabilitiesFree(virSEVCapability *capabilities);
G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSEVCapability, virSEVCapabilitiesFree);
+
+void
+virSGXCapabilitiesFree(virSGXCapability *capabilities);
+
+G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSGXCapability, virSGXCapabilitiesFree);
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 00cb07709d..97b019d00a 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -218,6 +218,7 @@ virDomainCapsEnumSet;
virDomainCapsFormat;
virDomainCapsNew;
virSEVCapabilitiesFree;
+virSGXCapabilitiesFree;
# conf/domain_conf.h
--
2.25.1
2 years
libvirt-guests configurability regression
by Laszlo Ersek
Hi,
I'm really unhappy about commit 8eb4461645c5 ("remove sysconfig files",
2022-01-17), first included in release v8.1.0.
The (a) well-documented and (b) easily editable config file
"/etc/sysconfig/libvirt-guests" is now gone. So if I want to do now on
Fedora 36 the same thing that I used to do on up to and including Fedora
35, I now need to consult a new manual page (from grandparent commit
161727417a91, "docs: Add man page for libvirt-guests", 2022-01-17), and
collect a bunch of options manually.
The message on commit 8eb4461645c5 says,
Remove the sysconfig file and place the current desired default into
the service file.
which I briefly considered a consolation, figuring I'd just copy the
collected bunch of options (and hopefully their comments!) to the same
place as before, from the "service file" -- "libvirt-guests.service".
However, the actual commit does not live up to its promise; for example,
the important ON_SHUTDOWN knob is only *removed* from the codebase by
the commit; it is not reintroduced anywhere (certainly not in
"libvirt-guests.service"). Well, the manual page, two commits up the
branch, documents it, but that's totally no viable replacement.
As of f8ebb5816350:
> $ git grep -w ON_SHUTDOWN
>
> docs/manpages/libvirt-guests.rst:- ON_SHUTDOWN=suspend
> docs/manpages/libvirt-guests.rst: time to shutdown. When setting ON_SHUTDOWN=shutdown, you must also set
> docs/manpages/libvirt-guests.rst: "ON_SHUTDOWN" is set to "shutdown". If Set to 0, guests will be shutdown one
> tools/libvirt-guests.sh.in:ON_SHUTDOWN="suspend"
> tools/libvirt-guests.sh.in: if [ "x$ON_SHUTDOWN" = xshutdown ]; then
> tools/libvirt-guests.sh.in: ON_SHUTDOWN="shutdown"
... It seems that "tools/libvirt-guests.sh.in" does have some built-in
defaults (going back as far as to 66823690e469, "Init script for
handling guests on shutdown/boot", 2010-05-21), which I could copy and
modify presumably; however, those defaults still lack the previously
directly adjacent documentation.
Please consider remedying this. Readily editable config files with
documentation and defaults included are very powerful. They are not
suitable for all config formats of course (especially hierarchical ones:
consider the domain XML for example), but for flat or otherwise simply
structured config files, offering that productivity boost to end-users
is a no-brainer, IMO. Please restore it if you can.
Thanks
Laszlo
2 years
[PATCH v3] nodedev: ignore EINVAL from libudev in udevEventHandleThread
by christian.ehrhardt@canonical.com
From: Christian Ehrhardt <christian.ehrhardt(a)canonical.com>
Certain udev entries might be of a size that makes libudev emit EINVAL
which right now leads to udevEventHandleThread exiting. Due to no more
handling events other elements of libvirt will start pushing for events
to be consumed which never happens causing a busy loop burning a cpu
without any gain.
After evaluation of the example case discussed in in #245 and a test
run ignoring EINVAL it was considered safe to add EINVAL to the ignored
errnos to not exit udevEventHandleThread giving it more resilience.
The root cause is in systemd and by now was discussed and fixed via
https://github.com/systemd/systemd/issues/24987, but hardening libvirt
to be able to better deal with EINVAL returned still is the right thing
to avoid the reported busy loops on systemd with older systemd versions.
Fixes: https://gitlab.com/libvirt/libvirt/-/issues/245
Signed-off-by: Christian Ehrhardt <christian.ehrhardt(a)canonical.com>
Reviewed-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/node_device/node_device_udev.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/node_device/node_device_udev.c b/src/node_device/node_device_udev.c
index 24ef1c25a9..2454cab8f8 100644
--- a/src/node_device/node_device_udev.c
+++ b/src/node_device/node_device_udev.c
@@ -1865,10 +1865,12 @@ udevEventHandleThread(void *opaque G_GNUC_UNUSED)
}
/* POSIX allows both EAGAIN and EWOULDBLOCK to be used
- * interchangeably when the read would block or timeout was fired
+ * interchangeably when the read would block or timeout was fired.
+ * EINVAL might happen on too large udev entries, ignore those for
+ * the robustness of udevEventHandleThread.
*/
VIR_WARNINGS_NO_WLOGICALOP_EQUAL_EXPR
- if (errno != EAGAIN && errno != EWOULDBLOCK) {
+ if (errno != EAGAIN && errno != EWOULDBLOCK && errno != EINVAL) {
VIR_WARNINGS_RESET
virReportSystemError(errno, "%s",
_("failed to receive device from udev "
--
2.38.1
2 years
[PATCH] qemu: capabilities: Detect support for JSON args for -netdev
by Peter Krempa
JSON args for -netdev were added as precursor for adding the 'dgram'
network backend type. Enable the detection and update test cases using
DO_TEST_CAPS_LATEST.
Enabling the capability also ensures that the -netdev argument is
validated against the QAPI schema of 'netdev_add' which was already
implemented but not enabled.
The parser supporting JSON was added by qemu commit f3eedcddba3 and
enabled when adding stream/dgram netdevs in commit 5166fe0ae46.
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
src/qemu/qemu_capabilities.c | 2 ++
tests/qemucapabilitiesdata/caps_7.2.0.x86_64.xml | 1 +
tests/qemuxml2argvdata/boot-complex.x86_64-latest.args | 4 ++--
tests/qemuxml2argvdata/boot-order.x86_64-latest.args | 2 +-
.../channel-unix-guestfwd.x86_64-latest.args | 4 ++--
.../qemuxml2argvdata/devices-acpi-index.x86_64-latest.args | 6 +++---
tests/qemuxml2argvdata/disk-ioeventfd.x86_64-latest.args | 2 +-
tests/qemuxml2argvdata/event_idx.x86_64-latest.args | 2 +-
.../graphics-spice-timeout.x86_64-latest.args | 2 +-
tests/qemuxml2argvdata/name-escape.x86_64-latest.args | 2 +-
tests/qemuxml2argvdata/net-user.x86_64-latest.args | 2 +-
.../qemuxml2argvdata/net-vdpa-multiqueue.x86_64-latest.args | 2 +-
tests/qemuxml2argvdata/net-vdpa.x86_64-latest.args | 2 +-
tests/qemuxml2argvdata/net-vhostuser.x86_64-latest.args | 6 +++---
tests/qemuxml2argvdata/net-virtio-rss.x86_64-latest.args | 6 +++---
tests/qemuxml2argvdata/q35-pcie-autoadd.x86_64-latest.args | 4 ++--
tests/qemuxml2argvdata/q35-pcie.x86_64-latest.args | 4 ++--
.../q35-virt-manager-basic.x86_64-latest.args | 2 +-
tests/qemuxml2argvdata/user-aliases.x86_64-latest.args | 6 +++---
tests/qemuxml2argvdata/virtio-lun.x86_64-latest.args | 2 +-
.../virtio-non-transitional.x86_64-latest.args | 2 +-
.../virtio-options-net-ats.x86_64-latest.args | 4 ++--
.../virtio-options-net-iommu.x86_64-latest.args | 4 ++--
.../virtio-options-net-packed.x86_64-latest.args | 4 ++--
tests/qemuxml2argvdata/virtio-options.x86_64-latest.args | 2 +-
.../qemuxml2argvdata/virtio-transitional.x86_64-latest.args | 2 +-
.../qemuxml2argvdata/x86_64-pc-graphics.x86_64-latest.args | 2 +-
.../qemuxml2argvdata/x86_64-pc-headless.x86_64-latest.args | 2 +-
.../qemuxml2argvdata/x86_64-q35-graphics.x86_64-latest.args | 2 +-
.../qemuxml2argvdata/x86_64-q35-headless.x86_64-latest.args | 2 +-
30 files changed, 46 insertions(+), 43 deletions(-)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 4c301c3638..a2031e9aaa 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -1539,6 +1539,8 @@ static struct virQEMUCapsStringFlags virQEMUCapsQMPSchemaQueries[] = {
{ "nbd-server-start/arg-type/tls-creds", QEMU_CAPS_NBD_TLS },
{ "nbd-server-add/arg-type/bitmap", QEMU_CAPS_NBD_BITMAP },
{ "netdev_add/arg-type/+vhost-vdpa", QEMU_CAPS_NETDEV_VHOST_VDPA },
+ /* JSON support for -netdev was introduced for the 'dgram' netdev type */
+ { "netdev_add/arg-type/type/^dgram", QEMU_CAPS_NETDEV_JSON },
{ "object-add/arg-type/qom-type/^secret", QEMU_CAPS_OBJECT_JSON },
{ "query-display-options/ret-type/+egl-headless/rendernode", QEMU_CAPS_EGL_HEADLESS_RENDERNODE },
{ "query-display-options/ret-type/+sdl", QEMU_CAPS_SDL },
diff --git a/tests/qemucapabilitiesdata/caps_7.2.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_7.2.0.x86_64.xml
index 56d1ff5fa9..6a861eea24 100644
--- a/tests/qemucapabilitiesdata/caps_7.2.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_7.2.0.x86_64.xml
@@ -178,6 +178,7 @@
<flag name='virtio-mem-pci'/>
<flag name='memory-backend-file.reserve'/>
<flag name='piix4.acpi-root-pci-hotplug'/>
+ <flag name='netdev.json'/>
<flag name='query-dirty-rate'/>
<flag name='rbd-encryption'/>
<flag name='sev-guest-kernel-hashes'/>
diff --git a/tests/qemuxml2argvdata/boot-complex.x86_64-latest.args b/tests/qemuxml2argvdata/boot-complex.x86_64-latest.args
index b3b301b602..f7c0c2420b 100644
--- a/tests/qemuxml2argvdata/boot-complex.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/boot-complex.x86_64-latest.args
@@ -50,9 +50,9 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
-blockdev '{"driver":"host_device","filename":"/dev/fd1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
-device '{"driver":"floppy","unit":1,"drive":"libvirt-1-format","id":"fdc0-0-1"}' \
--netdev user,id=hostnet0 \
+-netdev '{"type":"user","id":"hostnet0"}' \
-device '{"driver":"virtio-net-pci","netdev":"hostnet0","id":"net0","mac":"00:11:22:33:44:11","bootindex":2,"bus":"pci.0","addr":"0x2"}' \
--netdev user,id=hostnet1 \
+-netdev '{"type":"user","id":"hostnet1"}' \
-device '{"driver":"virtio-net-pci","netdev":"hostnet1","id":"net1","mac":"00:11:22:33:44:22","bus":"pci.0","addr":"0x3"}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
diff --git a/tests/qemuxml2argvdata/boot-order.x86_64-latest.args b/tests/qemuxml2argvdata/boot-order.x86_64-latest.args
index bbb27d6831..e3ff8da1af 100644
--- a/tests/qemuxml2argvdata/boot-order.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/boot-order.x86_64-latest.args
@@ -41,7 +41,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
-blockdev '{"driver":"file","filename":"/dev/null","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
-device '{"driver":"floppy","unit":1,"drive":"libvirt-1-format","id":"fdc0-0-1"}' \
--netdev user,id=hostnet0 \
+-netdev '{"type":"user","id":"hostnet0"}' \
-device '{"driver":"virtio-net-pci","netdev":"hostnet0","id":"net0","mac":"00:11:22:33:44:55","bootindex":2,"bus":"pci.0","addr":"0x2"}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-device '{"driver":"virtio-balloon-pci","id":"balloon0","bus":"pci.0","addr":"0x4"}' \
diff --git a/tests/qemuxml2argvdata/channel-unix-guestfwd.x86_64-latest.args b/tests/qemuxml2argvdata/channel-unix-guestfwd.x86_64-latest.args
index 6d34fa71bf..bac33b80ed 100644
--- a/tests/qemuxml2argvdata/channel-unix-guestfwd.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/channel-unix-guestfwd.x86_64-latest.args
@@ -29,9 +29,9 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
-boot strict=on \
-device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}' \
-chardev socket,id=charchannel0,fd=1729,server=on,wait=off \
--netdev user,guestfwd=tcp:10.0.2.1:4600-chardev:charchannel0,id=channel0 \
+-netdev '{"type":"user","guestfwd":[{"str":"tcp:10.0.2.1:4600-chardev:charchannel0"}],"id":"channel0"}' \
-chardev socket,id=charchannel1,path=/tmp/guestfwd-connect.socket \
--netdev user,guestfwd=tcp:10.0.2.1:4601-chardev:charchannel1,id=channel1 \
+-netdev '{"type":"user","guestfwd":[{"str":"tcp:10.0.2.1:4601-chardev:charchannel1"}],"id":"channel1"}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-device '{"driver":"virtio-balloon-pci","id":"balloon0","bus":"pci.0","addr":"0x2"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
diff --git a/tests/qemuxml2argvdata/devices-acpi-index.x86_64-latest.args b/tests/qemuxml2argvdata/devices-acpi-index.x86_64-latest.args
index 41136d7d49..f2c3294f9c 100644
--- a/tests/qemuxml2argvdata/devices-acpi-index.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/devices-acpi-index.x86_64-latest.args
@@ -33,11 +33,11 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-fdr-br/.config \
-blockdev '{"driver":"file","filename":"/var/lib/libvirt/images/test1.img","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
-device '{"driver":"virtio-blk-pci","bus":"pci.0","addr":"0x4","acpi-index":42,"drive":"libvirt-1-format","id":"virtio-disk1"}' \
--netdev user,id=hostnet0 \
+-netdev '{"type":"user","id":"hostnet0"}' \
-device '{"driver":"virtio-net-pci","netdev":"hostnet0","id":"net0","mac":"00:11:22:33:44:55","bus":"pci.0","addr":"0x5","acpi-index":100}' \
--netdev user,id=hostnet1 \
+-netdev '{"type":"user","id":"hostnet1"}' \
-device '{"driver":"virtio-net-pci","netdev":"hostnet1","id":"net1","mac":"00:11:22:33:44:55","bus":"pci.0","addr":"0x7","acpi-index":200}' \
--netdev user,id=hostnet2 \
+-netdev '{"type":"user","id":"hostnet2"}' \
-device '{"driver":"virtio-net-pci","netdev":"hostnet2","id":"net2","mac":"00:11:22:33:44:55","bus":"pci.0","addr":"0x8","acpi-index":300}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-device '{"driver":"cirrus-vga","id":"video0","bus":"pci.0","addr":"0x2","acpi-index":1729}' \
diff --git a/tests/qemuxml2argvdata/disk-ioeventfd.x86_64-latest.args b/tests/qemuxml2argvdata/disk-ioeventfd.x86_64-latest.args
index 0715c1fb43..ba7f58a9a3 100644
--- a/tests/qemuxml2argvdata/disk-ioeventfd.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/disk-ioeventfd.x86_64-latest.args
@@ -35,7 +35,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-test/.config \
-blockdev '{"driver":"file","filename":"/var/lib/libvirt/Fedora-14-x86_64-Live-KDE.iso","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-1-format","read-only":true,"driver":"raw","file":"libvirt-1-storage"}' \
-device '{"driver":"ide-cd","bus":"ide.1","unit":0,"drive":"libvirt-1-format","id":"ide0-1-0","bootindex":1}' \
--netdev user,id=hostnet0 \
+-netdev '{"type":"user","id":"hostnet0"}' \
-device '{"driver":"virtio-net-pci","tx":"bh","ioeventfd":false,"netdev":"hostnet0","id":"net0","mac":"52:54:00:e5:48:58","bus":"pci.0","addr":"0x2"}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-device '{"driver":"virtio-balloon-pci","id":"balloon0","bus":"pci.0","addr":"0x3"}' \
diff --git a/tests/qemuxml2argvdata/event_idx.x86_64-latest.args b/tests/qemuxml2argvdata/event_idx.x86_64-latest.args
index afdde09e8a..eb3ee51140 100644
--- a/tests/qemuxml2argvdata/event_idx.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/event_idx.x86_64-latest.args
@@ -35,7 +35,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-test/.config \
-blockdev '{"driver":"file","filename":"/var/lib/libvirt/Fedora-14-x86_64-Live-KDE.iso","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-1-format","read-only":true,"driver":"raw","file":"libvirt-1-storage"}' \
-device '{"driver":"ide-cd","bus":"ide.1","unit":0,"drive":"libvirt-1-format","id":"ide0-1-0","bootindex":1}' \
--netdev user,id=hostnet0 \
+-netdev '{"type":"user","id":"hostnet0"}' \
-device '{"driver":"virtio-net-pci","event_idx":false,"netdev":"hostnet0","id":"net0","mac":"52:54:00:e5:48:58","bus":"pci.0","addr":"0x2"}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-device '{"driver":"virtio-balloon-pci","id":"balloon0","bus":"pci.0","addr":"0x3"}' \
diff --git a/tests/qemuxml2argvdata/graphics-spice-timeout.x86_64-latest.args b/tests/qemuxml2argvdata/graphics-spice-timeout.x86_64-latest.args
index 13c4c08e6f..4df15cd124 100644
--- a/tests/qemuxml2argvdata/graphics-spice-timeout.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/graphics-spice-timeout.x86_64-latest.args
@@ -27,7 +27,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-f14/.config \
-boot menu=on,strict=on \
-device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}' \
-device '{"driver":"virtio-serial-pci","id":"virtio-serial0","bus":"pci.0","addr":"0x6"}' \
--netdev tap,fd=3,id=hostnet0 \
+-netdev '{"type":"tap","fd":"3","id":"hostnet0"}' \
-device '{"driver":"rtl8139","netdev":"hostnet0","id":"net0","mac":"52:54:00:71:70:89","bus":"pci.0","addr":"0x7"}' \
-device '{"driver":"usb-tablet","id":"input0","bus":"usb.0","port":"1"}' \
-audiodev '{"id":"audio1","driver":"spice"}' \
diff --git a/tests/qemuxml2argvdata/name-escape.x86_64-latest.args b/tests/qemuxml2argvdata/name-escape.x86_64-latest.args
index 42b0ad3230..b09083eadb 100644
--- a/tests/qemuxml2argvdata/name-escape.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/name-escape.x86_64-latest.args
@@ -39,7 +39,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-foo=1,bar=2/.config \
-chardev file,id=charserial1,path=/dev/fdset/0,append=on \
-device '{"driver":"isa-serial","chardev":"charserial1","id":"serial1","index":0}' \
-chardev pipe,id=charchannel0,path=/tmp/guestfwd,,foo \
--netdev user,guestfwd=tcp:10.0.2.1:4600-chardev:charchannel0,id=channel0 \
+-netdev '{"type":"user","guestfwd":[{"str":"tcp:10.0.2.1:4600-chardev:charchannel0"}],"id":"channel0"}' \
-audiodev '{"id":"audio1","driver":"spice"}' \
-vnc vnc=unix:/tmp/lib/domain--1-foo=1,,bar=2/vnc.sock,audiodev=audio1 \
-spice unix,addr=/tmp/lib/domain--1-foo=1,,bar=2/spice.sock,gl=on,rendernode=/dev/dri/foo,,bar,seamless-migration=on \
diff --git a/tests/qemuxml2argvdata/net-user.x86_64-latest.args b/tests/qemuxml2argvdata/net-user.x86_64-latest.args
index 87423d4cad..d8cf677423 100644
--- a/tests/qemuxml2argvdata/net-user.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/net-user.x86_64-latest.args
@@ -31,7 +31,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
-device '{"driver":"ide-hd","bus":"ide.0","unit":0,"drive":"libvirt-1-format","id":"ide0-0-0","bootindex":1}' \
--netdev user,id=hostnet0 \
+-netdev '{"type":"user","id":"hostnet0"}' \
-device '{"driver":"rtl8139","netdev":"hostnet0","id":"net0","mac":"00:11:22:33:44:55","bus":"pci.0","addr":"0x2"}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
diff --git a/tests/qemuxml2argvdata/net-vdpa-multiqueue.x86_64-latest.args b/tests/qemuxml2argvdata/net-vdpa-multiqueue.x86_64-latest.args
index 4cb805451a..347573041b 100644
--- a/tests/qemuxml2argvdata/net-vdpa-multiqueue.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/net-vdpa-multiqueue.x86_64-latest.args
@@ -29,7 +29,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
-boot strict=on \
-device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}' \
-add-fd set=0,fd=1732,opaque=net0-vdpa \
--netdev vhost-vdpa,vhostdev=/dev/fdset/0,queues=2,id=hostnet0 \
+-netdev '{"type":"vhost-vdpa","vhostdev":"/dev/fdset/0","queues":2,"id":"hostnet0"}' \
-device '{"driver":"virtio-net-pci","mq":true,"vectors":6,"netdev":"hostnet0","id":"net0","mac":"52:54:00:95:db:c0","bus":"pci.0","addr":"0x2"}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
diff --git a/tests/qemuxml2argvdata/net-vdpa.x86_64-latest.args b/tests/qemuxml2argvdata/net-vdpa.x86_64-latest.args
index 93fe8fb444..be4f7c4ae2 100644
--- a/tests/qemuxml2argvdata/net-vdpa.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/net-vdpa.x86_64-latest.args
@@ -29,7 +29,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
-boot strict=on \
-device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}' \
-add-fd set=0,fd=1732,opaque=net0-vdpa \
--netdev vhost-vdpa,vhostdev=/dev/fdset/0,id=hostnet0 \
+-netdev '{"type":"vhost-vdpa","vhostdev":"/dev/fdset/0","id":"hostnet0"}' \
-device '{"driver":"virtio-net-pci","netdev":"hostnet0","id":"net0","mac":"52:54:00:95:db:c0","bus":"pci.0","addr":"0x2"}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
diff --git a/tests/qemuxml2argvdata/net-vhostuser.x86_64-latest.args b/tests/qemuxml2argvdata/net-vhostuser.x86_64-latest.args
index 1309c28c95..17d9715814 100644
--- a/tests/qemuxml2argvdata/net-vhostuser.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/net-vhostuser.x86_64-latest.args
@@ -29,12 +29,12 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
-boot strict=on \
-device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}' \
-chardev socket,id=charnet0,path=/tmp/vhost0.sock,server=on \
--netdev vhost-user,chardev=charnet0,id=hostnet0 \
+-netdev '{"type":"vhost-user","chardev":"charnet0","id":"hostnet0"}' \
-device '{"driver":"virtio-net-pci","netdev":"hostnet0","id":"net0","mac":"52:54:00:ee:96:6b","bus":"pci.0","addr":"0x2"}' \
-chardev socket,id=charnet1,path=/tmp/vhost1.sock \
--netdev vhost-user,chardev=charnet1,id=hostnet1 \
+-netdev '{"type":"vhost-user","chardev":"charnet1","id":"hostnet1"}' \
-device '{"driver":"virtio-net-pci","netdev":"hostnet1","id":"net1","mac":"52:54:00:ee:96:6c","bus":"pci.0","addr":"0x3"}' \
--netdev socket,listen=:2015,id=hostnet2 \
+-netdev '{"type":"socket","listen":":2015","id":"hostnet2"}' \
-device '{"driver":"rtl8139","netdev":"hostnet2","id":"net2","mac":"52:54:00:95:db:c0","bus":"pci.0","addr":"0x4"}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
diff --git a/tests/qemuxml2argvdata/net-virtio-rss.x86_64-latest.args b/tests/qemuxml2argvdata/net-virtio-rss.x86_64-latest.args
index cabea93ba9..2d3f15ecd4 100644
--- a/tests/qemuxml2argvdata/net-virtio-rss.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/net-virtio-rss.x86_64-latest.args
@@ -31,11 +31,11 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
-device '{"driver":"ide-hd","bus":"ide.0","unit":0,"drive":"libvirt-1-format","id":"ide0-0-0","bootindex":1}' \
--netdev user,id=hostnet0 \
+-netdev '{"type":"user","id":"hostnet0"}' \
-device '{"driver":"virtio-net-pci","rss":true,"netdev":"hostnet0","id":"net0","mac":"00:11:22:33:44:55","bus":"pci.0","addr":"0x2"}' \
--netdev user,id=hostnet1 \
+-netdev '{"type":"user","id":"hostnet1"}' \
-device '{"driver":"virtio-net-pci","hash":true,"netdev":"hostnet1","id":"net1","mac":"00:11:22:33:44:66","bus":"pci.0","addr":"0x3"}' \
--netdev user,id=hostnet2 \
+-netdev '{"type":"user","id":"hostnet2"}' \
-device '{"driver":"virtio-net-pci","rss":false,"hash":true,"netdev":"hostnet2","id":"net2","mac":"00:11:22:33:44:77","bus":"pci.0","addr":"0x4"}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-device '{"driver":"virtio-balloon-pci","id":"balloon0","bus":"pci.0","addr":"0x5"}' \
diff --git a/tests/qemuxml2argvdata/q35-pcie-autoadd.x86_64-latest.args b/tests/qemuxml2argvdata/q35-pcie-autoadd.x86_64-latest.args
index 7992c33ace..fcb9e9e43f 100644
--- a/tests/qemuxml2argvdata/q35-pcie-autoadd.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/q35-pcie-autoadd.x86_64-latest.args
@@ -49,9 +49,9 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-q35-test/.config \
-device '{"driver":"virtio-blk-pci","bus":"pci.7","addr":"0x0","drive":"libvirt-1-format","id":"virtio-disk1","bootindex":1}' \
-fsdev local,security_model=passthrough,id=fsdev-fs0,path=/export/to/guest \
-device '{"driver":"virtio-9p-pci","id":"fs0","fsdev":"fsdev-fs0","mount_tag":"/import/from/host","bus":"pci.1","addr":"0x0"}' \
--netdev user,id=hostnet0 \
+-netdev '{"type":"user","id":"hostnet0"}' \
-device '{"driver":"virtio-net-pci","netdev":"hostnet0","id":"net0","mac":"00:11:22:33:44:55","bus":"pci.2","addr":"0x0"}' \
--netdev user,id=hostnet1 \
+-netdev '{"type":"user","id":"hostnet1"}' \
-device '{"driver":"e1000e","netdev":"hostnet1","id":"net1","mac":"00:11:22:33:44:66","bus":"pci.3","addr":"0x0"}' \
-device '{"driver":"virtio-input-host-pci","id":"input0","evdev":"/dev/input/event1234","bus":"pci.10","addr":"0x0"}' \
-device '{"driver":"virtio-mouse-pci","id":"input1","bus":"pci.11","addr":"0x0"}' \
diff --git a/tests/qemuxml2argvdata/q35-pcie.x86_64-latest.args b/tests/qemuxml2argvdata/q35-pcie.x86_64-latest.args
index 4a84c2e621..08afee14a4 100644
--- a/tests/qemuxml2argvdata/q35-pcie.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/q35-pcie.x86_64-latest.args
@@ -50,9 +50,9 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-q35-test/.config \
-device '{"driver":"virtio-blk-pci","bus":"pci.9","addr":"0x0","drive":"libvirt-1-format","id":"virtio-disk1","bootindex":1}' \
-fsdev local,security_model=passthrough,id=fsdev-fs0,path=/export/to/guest \
-device '{"driver":"virtio-9p-pci","id":"fs0","fsdev":"fsdev-fs0","mount_tag":"/import/from/host","bus":"pci.3","addr":"0x0"}' \
--netdev user,id=hostnet0 \
+-netdev '{"type":"user","id":"hostnet0"}' \
-device '{"driver":"virtio-net-pci","netdev":"hostnet0","id":"net0","mac":"00:11:22:33:44:55","bus":"pci.4","addr":"0x0"}' \
--netdev user,id=hostnet1 \
+-netdev '{"type":"user","id":"hostnet1"}' \
-device '{"driver":"e1000e","netdev":"hostnet1","id":"net1","mac":"00:11:22:33:44:66","bus":"pci.5","addr":"0x0"}' \
-device '{"driver":"virtio-input-host-pci","id":"input0","evdev":"/dev/input/event1234","bus":"pci.12","addr":"0x0"}' \
-device '{"driver":"virtio-mouse-pci","id":"input1","bus":"pci.13","addr":"0x0"}' \
diff --git a/tests/qemuxml2argvdata/q35-virt-manager-basic.x86_64-latest.args b/tests/qemuxml2argvdata/q35-virt-manager-basic.x86_64-latest.args
index 77a7cf5e4f..2f75d79739 100644
--- a/tests/qemuxml2argvdata/q35-virt-manager-basic.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/q35-virt-manager-basic.x86_64-latest.args
@@ -40,7 +40,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-virt-manager-basic/.config \
-blockdev '{"driver":"file","filename":"/var/lib/libvirt/images/basic.qcow2","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"qcow2","file":"libvirt-1-storage"}' \
-device '{"driver":"virtio-blk-pci","bus":"pci.4","addr":"0x0","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
--netdev user,id=hostnet0 \
+-netdev '{"type":"user","id":"hostnet0"}' \
-device '{"driver":"virtio-net-pci","netdev":"hostnet0","id":"net0","mac":"52:54:00:9a:e6:c6","bus":"pci.1","addr":"0x0"}' \
-chardev pty,id=charserial0 \
-device '{"driver":"isa-serial","chardev":"charserial0","id":"serial0","index":0}' \
diff --git a/tests/qemuxml2argvdata/user-aliases.x86_64-latest.args b/tests/qemuxml2argvdata/user-aliases.x86_64-latest.args
index d1a3f4af07..1a21437f06 100644
--- a/tests/qemuxml2argvdata/user-aliases.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/user-aliases.x86_64-latest.args
@@ -51,11 +51,11 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-gentoo/.config \
-blockdev '{"driver":"file","filename":"/home/zippy/tmp/install-amd64-minimal-20140619.iso","node-name":"libvirt-1-storage","cache":{"direct":true,"no-flush":false},"auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-1-format","read-only":true,"cache":{"direct":true,"no-flush":false},"driver":"raw","file":"libvirt-1-storage"}' \
-device '{"driver":"ide-cd","bus":"ide.1","unit":0,"share-rw":true,"drive":"libvirt-1-format","id":"ua-WhatAnAwesomeCDROM","bootindex":2,"write-cache":"on"}' \
--netdev tap,fd=3,vhost=on,vhostfd=44,id=hostua-CheckoutThisNIC \
+-netdev '{"type":"tap","fd":"3","vhost":true,"vhostfd":"44","id":"hostua-CheckoutThisNIC"}' \
-device '{"driver":"virtio-net-pci","netdev":"hostua-CheckoutThisNIC","id":"ua-CheckoutThisNIC","mac":"52:54:00:d6:c0:0b","bus":"pci.0","addr":"0x3"}' \
--netdev socket,listen=127.0.0.1:1234,id=hostua-WeCanAlsoDoServerMode \
+-netdev '{"type":"socket","listen":"127.0.0.1:1234","id":"hostua-WeCanAlsoDoServerMode"}' \
-device '{"driver":"rtl8139","netdev":"hostua-WeCanAlsoDoServerMode","id":"ua-WeCanAlsoDoServerMode","mac":"52:54:00:22:c9:42","bus":"pci.0","addr":"0x9"}' \
--netdev socket,connect=127.0.0.1:1234,id=hostua-AndAlsoClientMode \
+-netdev '{"type":"socket","connect":"127.0.0.1:1234","id":"hostua-AndAlsoClientMode"}' \
-device '{"driver":"rtl8139","netdev":"hostua-AndAlsoClientMode","id":"ua-AndAlsoClientMode","mac":"52:54:00:8c:b1:f8","bus":"pci.0","addr":"0xa"}' \
-device '{"driver":"ccid-card-emulated","backend":"nss-emulated","id":"smartcard0","bus":"ua-myCCID.0"}' \
-chardev pty,id=charserial0 \
diff --git a/tests/qemuxml2argvdata/virtio-lun.x86_64-latest.args b/tests/qemuxml2argvdata/virtio-lun.x86_64-latest.args
index c6c9a98ffe..85193a4fe1 100644
--- a/tests/qemuxml2argvdata/virtio-lun.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/virtio-lun.x86_64-latest.args
@@ -35,7 +35,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-test/.config \
-blockdev '{"driver":"host_device","filename":"/dev/sdfake2","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
-device '{"driver":"virtio-blk-pci","scsi":true,"bus":"pci.0","addr":"0x5","drive":"libvirt-1-format","id":"virtio-disk1"}' \
--netdev user,id=hostnet0 \
+-netdev '{"type":"user","id":"hostnet0"}' \
-device '{"driver":"virtio-net-pci","event_idx":false,"netdev":"hostnet0","id":"net0","mac":"52:54:00:e5:48:58","bus":"pci.0","addr":"0x2"}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-device '{"driver":"virtio-balloon-pci","id":"balloon0","bus":"pci.0","addr":"0x3"}' \
diff --git a/tests/qemuxml2argvdata/virtio-non-transitional.x86_64-latest.args b/tests/qemuxml2argvdata/virtio-non-transitional.x86_64-latest.args
index 541c074871..2eafeca9f3 100644
--- a/tests/qemuxml2argvdata/virtio-non-transitional.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/virtio-non-transitional.x86_64-latest.args
@@ -44,7 +44,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
-device '{"driver":"virtio-blk-pci-non-transitional","bus":"pci.5","addr":"0x0","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
-fsdev local,security_model=passthrough,id=fsdev-fs0,path=/export/fs1 \
-device '{"driver":"virtio-9p-pci-non-transitional","id":"fs0","fsdev":"fsdev-fs0","mount_tag":"fs1","bus":"pci.1","addr":"0x0"}' \
--netdev user,id=hostnet0 \
+-netdev '{"type":"user","id":"hostnet0"}' \
-device '{"driver":"virtio-net-pci-non-transitional","netdev":"hostnet0","id":"net0","mac":"00:11:22:33:44:55","bus":"pci.2","addr":"0x0"}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-device '{"driver":"vhost-scsi-pci-non-transitional","wwpn":"naa.5123456789abcde0","vhostfd":"3","id":"hostdev0","bus":"pci.6","addr":"0x0"}' \
diff --git a/tests/qemuxml2argvdata/virtio-options-net-ats.x86_64-latest.args b/tests/qemuxml2argvdata/virtio-options-net-ats.x86_64-latest.args
index c35e26b21f..bb0c1991b0 100644
--- a/tests/qemuxml2argvdata/virtio-options-net-ats.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/virtio-options-net-ats.x86_64-latest.args
@@ -28,9 +28,9 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
-no-acpi \
-boot strict=on \
-device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}' \
--netdev user,id=hostnet0 \
+-netdev '{"type":"user","id":"hostnet0"}' \
-device '{"driver":"virtio-net-pci","ats":true,"netdev":"hostnet0","id":"net0","mac":"52:54:56:58:5a:5c","bus":"pci.0","addr":"0x2"}' \
--netdev user,id=hostnet1 \
+-netdev '{"type":"user","id":"hostnet1"}' \
-device '{"driver":"virtio-net-pci","ats":false,"netdev":"hostnet1","id":"net1","mac":"62:64:66:68:6a:6c","bus":"pci.0","addr":"0x3"}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-device '{"driver":"virtio-balloon-pci","id":"balloon0","bus":"pci.0","addr":"0x4"}' \
diff --git a/tests/qemuxml2argvdata/virtio-options-net-iommu.x86_64-latest.args b/tests/qemuxml2argvdata/virtio-options-net-iommu.x86_64-latest.args
index ec0247f42e..a2645f9d4f 100644
--- a/tests/qemuxml2argvdata/virtio-options-net-iommu.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/virtio-options-net-iommu.x86_64-latest.args
@@ -28,9 +28,9 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
-no-acpi \
-boot strict=on \
-device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}' \
--netdev user,id=hostnet0 \
+-netdev '{"type":"user","id":"hostnet0"}' \
-device '{"driver":"virtio-net-pci","iommu_platform":true,"netdev":"hostnet0","id":"net0","mac":"52:54:56:58:5a:5c","bus":"pci.0","addr":"0x2"}' \
--netdev user,id=hostnet1 \
+-netdev '{"type":"user","id":"hostnet1"}' \
-device '{"driver":"virtio-net-pci","iommu_platform":false,"netdev":"hostnet1","id":"net1","mac":"62:64:66:68:6a:6c","bus":"pci.0","addr":"0x3"}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-device '{"driver":"virtio-balloon-pci","id":"balloon0","bus":"pci.0","addr":"0x4"}' \
diff --git a/tests/qemuxml2argvdata/virtio-options-net-packed.x86_64-latest.args b/tests/qemuxml2argvdata/virtio-options-net-packed.x86_64-latest.args
index 7aad3173f9..3e06320eee 100644
--- a/tests/qemuxml2argvdata/virtio-options-net-packed.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/virtio-options-net-packed.x86_64-latest.args
@@ -28,9 +28,9 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
-no-acpi \
-boot strict=on \
-device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}' \
--netdev user,id=hostnet0 \
+-netdev '{"type":"user","id":"hostnet0"}' \
-device '{"driver":"virtio-net-pci","packed":true,"netdev":"hostnet0","id":"net0","mac":"52:54:56:58:5a:5c","bus":"pci.0","addr":"0x2"}' \
--netdev user,id=hostnet1 \
+-netdev '{"type":"user","id":"hostnet1"}' \
-device '{"driver":"virtio-net-pci","packed":false,"netdev":"hostnet1","id":"net1","mac":"62:64:66:68:6a:6c","bus":"pci.0","addr":"0x3"}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-device '{"driver":"virtio-balloon-pci","id":"balloon0","bus":"pci.0","addr":"0x4"}' \
diff --git a/tests/qemuxml2argvdata/virtio-options.x86_64-latest.args b/tests/qemuxml2argvdata/virtio-options.x86_64-latest.args
index ff21b4bf4a..3ff0a53fbf 100644
--- a/tests/qemuxml2argvdata/virtio-options.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/virtio-options.x86_64-latest.args
@@ -37,7 +37,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
-device '{"driver":"virtio-9p-pci","iommu_platform":true,"ats":true,"packed":true,"page-per-vq":true,"id":"fs0","fsdev":"fsdev-fs0","mount_tag":"fs1","bus":"pci.0","addr":"0x3"}' \
-fsdev local,security_model=mapped,writeout=immediate,id=fsdev-fs1,path=/export/fs2 \
-device '{"driver":"virtio-9p-pci","iommu_platform":true,"ats":true,"packed":true,"page-per-vq":true,"id":"fs1","fsdev":"fsdev-fs1","mount_tag":"fs2","bus":"pci.0","addr":"0x4"}' \
--netdev user,id=hostnet0 \
+-netdev '{"type":"user","id":"hostnet0"}' \
-device '{"driver":"virtio-net-pci","iommu_platform":true,"ats":true,"packed":true,"page-per-vq":true,"rss":true,"hash":true,"netdev":"hostnet0","id":"net0","mac":"52:54:56:58:5a:5c","bus":"pci.0","addr":"0x6"}' \
-device '{"driver":"virtio-mouse-pci","iommu_platform":true,"ats":true,"packed":true,"page-per-vq":true,"id":"input0","bus":"pci.0","addr":"0xe"}' \
-device '{"driver":"virtio-keyboard-pci","iommu_platform":true,"ats":true,"packed":true,"page-per-vq":true,"id":"input1","bus":"pci.0","addr":"0x10"}' \
diff --git a/tests/qemuxml2argvdata/virtio-transitional.x86_64-latest.args b/tests/qemuxml2argvdata/virtio-transitional.x86_64-latest.args
index 6d18698ec7..3cf3959528 100644
--- a/tests/qemuxml2argvdata/virtio-transitional.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/virtio-transitional.x86_64-latest.args
@@ -37,7 +37,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
-device '{"driver":"virtio-blk-pci-transitional","bus":"pci.2","addr":"0x5","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
-fsdev local,security_model=passthrough,id=fsdev-fs0,path=/export/fs1 \
-device '{"driver":"virtio-9p-pci-transitional","id":"fs0","fsdev":"fsdev-fs0","mount_tag":"fs1","bus":"pci.2","addr":"0x1"}' \
--netdev user,id=hostnet0 \
+-netdev '{"type":"user","id":"hostnet0"}' \
-device '{"driver":"virtio-net-pci-transitional","netdev":"hostnet0","id":"net0","mac":"00:11:22:33:44:55","bus":"pci.2","addr":"0x2"}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-device '{"driver":"vhost-scsi-pci-transitional","wwpn":"naa.5123456789abcde0","vhostfd":"3","id":"hostdev0","bus":"pci.2","addr":"0x6"}' \
diff --git a/tests/qemuxml2argvdata/x86_64-pc-graphics.x86_64-latest.args b/tests/qemuxml2argvdata/x86_64-pc-graphics.x86_64-latest.args
index 56226138bf..ef0b9c620c 100644
--- a/tests/qemuxml2argvdata/x86_64-pc-graphics.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/x86_64-pc-graphics.x86_64-latest.args
@@ -34,7 +34,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-guest/.config \
-blockdev '{"driver":"file","filename":"/var/lib/libvirt/images/guest.qcow2","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"qcow2","file":"libvirt-1-storage"}' \
-device '{"driver":"virtio-blk-pci","bus":"pci.0","addr":"0x6","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
--netdev user,id=hostnet0 \
+-netdev '{"type":"user","id":"hostnet0"}' \
-device '{"driver":"virtio-net-pci","netdev":"hostnet0","id":"net0","mac":"52:54:00:4c:e3:86","bus":"pci.0","addr":"0x3"}' \
-chardev pty,id=charserial0 \
-device '{"driver":"isa-serial","chardev":"charserial0","id":"serial0","index":0}' \
diff --git a/tests/qemuxml2argvdata/x86_64-pc-headless.x86_64-latest.args b/tests/qemuxml2argvdata/x86_64-pc-headless.x86_64-latest.args
index 3c4688a89e..aee3161a75 100644
--- a/tests/qemuxml2argvdata/x86_64-pc-headless.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/x86_64-pc-headless.x86_64-latest.args
@@ -35,7 +35,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-guest/.config \
-blockdev '{"driver":"file","filename":"/var/lib/libvirt/images/guest.qcow2","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"qcow2","file":"libvirt-1-storage"}' \
-device '{"driver":"virtio-blk-pci","bus":"pci.0","addr":"0x5","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
--netdev user,id=hostnet0 \
+-netdev '{"type":"user","id":"hostnet0"}' \
-device '{"driver":"virtio-net-pci","netdev":"hostnet0","id":"net0","mac":"52:54:00:09:a4:37","bus":"pci.0","addr":"0x2"}' \
-chardev pty,id=charserial0 \
-device '{"driver":"isa-serial","chardev":"charserial0","id":"serial0","index":0}' \
diff --git a/tests/qemuxml2argvdata/x86_64-q35-graphics.x86_64-latest.args b/tests/qemuxml2argvdata/x86_64-q35-graphics.x86_64-latest.args
index 37a1afb897..337103d722 100644
--- a/tests/qemuxml2argvdata/x86_64-q35-graphics.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/x86_64-q35-graphics.x86_64-latest.args
@@ -41,7 +41,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-guest/.config \
-blockdev '{"driver":"file","filename":"/var/lib/libvirt/images/guest.qcow2","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"qcow2","file":"libvirt-1-storage"}' \
-device '{"driver":"virtio-blk-pci","bus":"pci.4","addr":"0x0","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
--netdev user,id=hostnet0 \
+-netdev '{"type":"user","id":"hostnet0"}' \
-device '{"driver":"virtio-net-pci","netdev":"hostnet0","id":"net0","mac":"52:54:00:d2:70:0b","bus":"pci.1","addr":"0x0"}' \
-chardev pty,id=charserial0 \
-device '{"driver":"isa-serial","chardev":"charserial0","id":"serial0","index":0}' \
diff --git a/tests/qemuxml2argvdata/x86_64-q35-headless.x86_64-latest.args b/tests/qemuxml2argvdata/x86_64-q35-headless.x86_64-latest.args
index b4d90dff5e..bf8a2f3af9 100644
--- a/tests/qemuxml2argvdata/x86_64-q35-headless.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/x86_64-q35-headless.x86_64-latest.args
@@ -42,7 +42,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-guest/.config \
-blockdev '{"driver":"file","filename":"/var/lib/libvirt/images/guest.qcow2","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"qcow2","file":"libvirt-1-storage"}' \
-device '{"driver":"virtio-blk-pci","bus":"pci.4","addr":"0x0","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
--netdev user,id=hostnet0 \
+-netdev '{"type":"user","id":"hostnet0"}' \
-device '{"driver":"virtio-net-pci","netdev":"hostnet0","id":"net0","mac":"52:54:00:09:a4:37","bus":"pci.1","addr":"0x0"}' \
-chardev pty,id=charserial0 \
-device '{"driver":"isa-serial","chardev":"charserial0","id":"serial0","index":0}' \
--
2.37.3
2 years
[libvirt PATCH v4 00/12] tools: provide virt-qemu-sev-validate for SEV(-ES) launch attestation
by Daniel P. Berrangé
The libvirt QEMU driver provides all the functionality required for
launching a guest on AMD SEV(-ES) platforms, with a configuration
that enables attestation of the launch measurement. The documentation
for how to actually perform an attestation is severely lacking and
not suitable for mere mortals to understand. IOW, someone trying to
implement attestation is in for a world of pain and suffering.
This series doesn't fix the documentation problem, but it does
provide a reference implementation of a tool for performing
attestation of SEV(-ES) guests in the context of libvirt / KVM.
There will be other tools and libraries that implement attestation
logic too, but this tool is likely somewhat unique in its usage of
libvirt. Now for a attestation to be trustworthy you don't want to
perform it on the hypervisor host, since the goal is to prove that
the hypervisor has not acted maliciously. None the less it is still
beneficial to have libvirt integration to some extent.
When running this tool on a remote (trusted) host, it can connect
to the libvirt hypervisor and fetch the data provided by the
virDomainLaunchSecurityInfo API, which is safe to trust as the
key pieces are cryptographically measured.
Attestation is a complex problem though and it is very easy to
screw up and feed the wrong information and then waste hours trying
to figure out what piece was wrong, to cause the hash digest to
change. For debugging such problems, you can thus tell the tool
to operate insecurely, by querying libvirt for almost all of the
configuration information required to determine the expected
measurement. By comparing these results,to the results obtained
in offline mode it helps narrow down where the mistake lies.
So I view this tool as being useful in a number of ways:
* Quality assurance engineers needing to test libvirt/QEMU/KVM
get a simple and reliable tool for automating tests with.
* Users running simple libvirt deployments without any large
management stack, get a standalone tool for attestation
they can rely on.
* Developers writing/integrating attestation support into
management stacks above libvirt, get a reference against
which they can debug their own tools.
* Users wanting to demonstrate the core SEV/SEV-ES functionality
get a simple and reliable tool to illustrate the core concepts
involved.
Since I didn't fancy writing such complex logic in C, this tool is
a python3 program. As such, we don't want to include it in the
main libvirt-client RPM, nor any other existing RPM. THus, this
series puts it in a new libvirt-client-qemu RPM which, through no
co-inicidence at all, is the same RPM I invented a few days ago to
hold the virt-qemu-qmp-proxy command.
Note, people will have already seen an earlier version of this
tool I hacked up some months ago. This code is very significantly
changed since that earlier version, to make it more maintainable,
and simpler to use (especially for SEV-ES) but the general theme
is still the same.
Changed in v4:
- Fixed loading of initrd/cmdline from XML
- s/loader/firmware/ in some error messages
Changed in v3:
- Remove LUKS specific --disk-password and have generic
--inject-secret
- Fix handling of optional initrd/cmdline
- Require --kernel if --initrd or --cmdline are present
- Ensure VM is in paused state
Changed in v2:
- All the suggestions from Cole and Kashyap
Daniel P. Berrangé (12):
build-aux: only forbid gethostname in C files
tools: support validating SEV firmware boot measurements
tools: load guest config from libvirt
tools: support validating SEV direct kernel boot measurements
tools: load direct kernel config from libvirt
tools: support validating SEV-ES initial vCPU state measurements
tools: support automatically constructing SEV-ES vCPU state
tools: load CPU count and CPU SKU from libvirt
tools: support generating SEV secret injection tables
docs/kbase: describe attestation for SEV guests
scripts: add systemtap script for capturing SEV-ES VMSA
docs/manpages: add checklist of problems for SEV attestation
build-aux/syntax-check.mk | 1 +
docs/kbase/launch_security_sev.rst | 105 ++
docs/manpages/meson.build | 1 +
docs/manpages/virt-qemu-sev-validate.rst | 666 +++++++++++
examples/systemtap/amd-sev-es-vmsa.stp | 48 +
libvirt.spec.in | 2 +
tools/meson.build | 5 +
tools/virt-qemu-sev-validate | 1335 ++++++++++++++++++++++
8 files changed, 2163 insertions(+)
create mode 100644 docs/manpages/virt-qemu-sev-validate.rst
create mode 100644 examples/systemtap/amd-sev-es-vmsa.stp
create mode 100755 tools/virt-qemu-sev-validate
--
2.37.3
2 years