[PATCH] spec: Fix attributes for ghosts directories in %{_rundir}
by Jiri Denemark
Directories which we dynamically create in %{_rundir} with non-default
attributes (i.e., the owner differs from root:root and/or mode is not
755) fail RPM verification. We should properly declare the expected
ownership and mode in the specfile.
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
libvirt.spec.in | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/libvirt.spec.in b/libvirt.spec.in
index d54d2a1e3e..69693f4851 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -2038,7 +2038,7 @@ exit 0
%config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
%dir %{_datadir}/libvirt/
%ghost %dir %{_rundir}/libvirt/
-%ghost %dir %{_rundir}/libvirt/common/
+%ghost %dir %attr(0700, root, root) %{_rundir}/libvirt/common/
%dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt/
%dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/images/
%dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/filesystems/
@@ -2124,7 +2124,7 @@ exit 0
%{_unitdir}/virtinterfaced-ro.socket
%{_unitdir}/virtinterfaced-admin.socket
%attr(0755, root, root) %{_sbindir}/virtinterfaced
-%ghost %dir %{_rundir}/libvirt/interface/
+%ghost %dir %attr(0700, root, root) %{_rundir}/libvirt/interface/
%{_libdir}/libvirt/connection-driver/libvirt_driver_interface.so
%{_mandir}/man8/virtinterfaced.8*
@@ -2166,7 +2166,7 @@ exit 0
%{_unitdir}/virtnodedevd-ro.socket
%{_unitdir}/virtnodedevd-admin.socket
%attr(0755, root, root) %{_sbindir}/virtnodedevd
-%ghost %dir %{_rundir}/libvirt/nodedev/
+%ghost %dir %attr(0700, root, root) %{_rundir}/libvirt/nodedev/
%{_libdir}/libvirt/connection-driver/libvirt_driver_nodedev.so
%{_mandir}/man8/virtnodedevd.8*
@@ -2181,8 +2181,8 @@ exit 0
%attr(0755, root, root) %{_sbindir}/virtnwfilterd
%dir %attr(0700, root, root) %{_sysconfdir}/libvirt/nwfilter/
%ghost %dir %{_rundir}/libvirt/network/
-%ghost %dir %{_rundir}/libvirt/nwfilter-binding/
-%ghost %dir %{_rundir}/libvirt/nwfilter/
+%ghost %dir %attr(0700, root, root) %{_rundir}/libvirt/nwfilter-binding/
+%ghost %dir %attr(0700, root, root) %{_rundir}/libvirt/nwfilter/
%{_libdir}/libvirt/connection-driver/libvirt_driver_nwfilter.so
%{_mandir}/man8/virtnwfilterd.8*
@@ -2196,7 +2196,7 @@ exit 0
%{_unitdir}/virtsecretd-admin.socket
%attr(0755, root, root) %{_sbindir}/virtsecretd
%dir %attr(0700, root, root) %{_sysconfdir}/libvirt/secrets/
-%ghost %dir %{_rundir}/libvirt/secrets/
+%ghost %dir %attr(0700, root, root) %{_rundir}/libvirt/secrets/
%{_libdir}/libvirt/connection-driver/libvirt_driver_secret.so
%{_mandir}/man8/virtsecretd.8*
@@ -2275,11 +2275,11 @@ exit 0
%config(noreplace) %{_sysconfdir}/libvirt/qemu.conf
%config(noreplace) %{_sysconfdir}/libvirt/qemu-lockd.conf
%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.qemu
-%ghost %dir %{_rundir}/libvirt/qemu/
-%ghost %dir %{_rundir}/libvirt/qemu/dbus/
-%ghost %dir %{_rundir}/libvirt/qemu/passt/
-%ghost %dir %{_rundir}/libvirt/qemu/slirp/
-%ghost %dir %{_rundir}/libvirt/qemu/swtpm/
+%ghost %dir %attr(0770, %{qemu_user}, %{qemu_group}) %{_rundir}/libvirt/qemu/
+%ghost %dir %attr(0770, %{qemu_user}, %{qemu_group}) %{_rundir}/libvirt/qemu/dbus/
+%ghost %dir %attr(0770, %{qemu_user}, %{qemu_group}) %{_rundir}/libvirt/qemu/passt/
+%ghost %dir %attr(0770, %{qemu_user}, %{qemu_group}) %{_rundir}/libvirt/qemu/slirp/
+%ghost %dir %attr(0770, %{qemu_user}, %{qemu_group}) %{_rundir}/libvirt/qemu/swtpm/
%dir %attr(0751, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/
%dir %attr(0751, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/checkpoint/
%dir %attr(0751, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/dump/
--
2.47.0
5 months
- 2
- 1
Entering freeze for libvirt-10.9.0
by Jiri Denemark
I have just tagged v10.9.0-rc1 in the repository and pushed signed
tarballs to https://download.libvirt.org/
Please give the release candidate some testing and in case you find a
serious issue which should have a fix in the upcoming release, feel
free to reply to this thread to make sure the issue is more visible.
If you have not done so yet, please update NEWS.rst to document any
significant change you made since the last release.
Thanks,
Jirka
5 months
- 1
- 1
[PATCH] docs: domain: Be more upfront about 'sgio' not being actually supported
by Peter Krempa
The support for the 'sgio' attribute for SCSI-backed devices was dropped
as there wasn't really ever any upstream support for it.
The docs do state that support for this depends on the hypervisor
itself, but we can be more clear that there is no hypervisor which does
support it.
There is also a suggestion to use 'sgio' instead of 'rawio' as being
more "secure" but since it no longer works drop this suggestion.
Resolves: https://issues.redhat.com/browse/RHEL-65268
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
docs/formatdomain.rst | 30 +++++++++++++++++-------------
1 file changed, 17 insertions(+), 13 deletions(-)
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 3253a28e5a..d16e00661a 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -2767,14 +2767,13 @@ paravirtualized driver is specified via the ``disk`` element.
per-process basis). This attribute is only valid when device is "lun". NB,
``rawio`` intends to confine the capability per-device, however, current
QEMU implementation gives the domain process broader capability than that
- (per-process basis, affects all the domain disks). To confine the
- capability as much as possible for QEMU driver as this stage, ``sgio`` is
- recommended, it's more secure than ``rawio``. :since:`Since 0.9.10`
+ (per-process basis, affects all the domain disks). :since:`Since 0.9.10`
``sgio``
If supported by the hypervisor and OS, indicates whether unprivileged
SG_IO commands are filtered for the disk. Valid settings are "filtered" or
"unfiltered" where the default is "filtered". Only available when the
- ``device`` is 'lun'. :since:`Since 1.0.2`
+ ``device`` is 'lun'. The attribute exists :since:`Since 1.0.2`, although
+ currently it's no longer supported by any hypervisor.
``snapshot``
Indicates the default behavior of the disk during disk snapshots:
``internal`` requires a file format such as qcow2 that can store both
@@ -4346,7 +4345,7 @@ or:
...
<devices>
- <hostdev mode='subsystem' type='scsi' sgio='filtered' rawio='yes'>
+ <hostdev mode='subsystem' type='scsi' rawio='yes'>
<source>
<adapter name='scsi_host0'/>
<address bus='0' target='0' unit='0'/>
@@ -4436,14 +4435,19 @@ or:
``display`` attribute to be set to ``on``.
``scsi``
For SCSI devices, user is responsible to make sure the device is not used
- by host. If supported by the hypervisor and OS, the optional ``sgio`` (
- :since:`since 1.0.6` ) attribute indicates whether unprivileged SG_IO
- commands are filtered for the disk. Valid settings are "filtered" or
- "unfiltered", where the default is "filtered". The optional ``rawio`` (
- :since:`since 1.2.9` ) attribute indicates whether the lun needs the rawio
- capability. Valid settings are "yes" or "no". See the rawio description
- within the `Hard drives, floppy disks, CDROMs`_ section. If a disk lun in the domain
- already has the rawio capability, then this setting not required.
+ by host.
+
+ If supported by the hypervisor and OS, the optional ``sgio`` (
+ :since:`since 1.0.6`, but currently no longer supported by any hypervisor
+ driver ) attribute indicates whether unprivileged SG_IO commands are
+ filtered for the disk. Valid settings are "filtered" or
+ "unfiltered", where the default is "filtered".
+
+ The optional ``rawio`` (:since:`since 1.2.9` ) attribute indicates whether
+ the lun needs the rawio capability. Valid settings are "yes" or "no".
+ See the rawio description within the `Hard drives, floppy disks, CDROMs`_
+ section. If a disk lun in the domain already has the rawio capability,
+ then this setting not required.
``scsi_host``
:since:`since 2.5.0` For SCSI devices, user is responsible to make sure
the device is not used by host. This ``type`` passes all LUNs presented by
--
2.47.0
5 months
- 2
- 1
[PATCH] Revert "network: add rule to nftables backend that zeroes checksum of DHCP responses"
by Laine Stump
This reverts commit 42ab0148dd11727f7e3fd31dce4485469af290d5.
This patch was supposed to fix the checksum of dhcp response packets
by setting it to 0 (because having a non-0 but incorrect checksum was
causing the packets to be droppe on FreeBSD guests).
Early testing was positive, but after the patch was pushed upstream
and more people could test it, it turned out that while it fixed the
dhcp checksum problem for virtio-net interfaces on FreeBSD and
OpenBSD, it also *broke* dhcp checksums for the e1000 emulated NIC on
*all* guests (but not e1000e).
So we're reverting this fix and looking for something more universal
to be included in the next release.
Signed-off-by: Laine Stump <laine(a)redhat.com>
---
src/network/network_nftables.c | 69 -------------------
tests/networkxml2firewalldata/base.nftables | 14 ----
.../forward-dev-linux.nftables | 16 -----
.../isolated-linux.nftables | 16 -----
.../nat-default-linux.nftables | 16 -----
.../nat-ipv6-linux.nftables | 16 -----
.../nat-ipv6-masquerade-linux.nftables | 16 -----
.../nat-many-ips-linux.nftables | 16 -----
.../nat-port-range-ipv6-linux.nftables | 16 -----
.../nat-port-range-linux.nftables | 16 -----
.../nat-tftp-linux.nftables | 16 -----
.../route-default-linux.nftables | 16 -----
12 files changed, 243 deletions(-)
diff --git a/src/network/network_nftables.c b/src/network/network_nftables.c
index 5523207269..f8b5ab665d 100644
--- a/src/network/network_nftables.c
+++ b/src/network/network_nftables.c
@@ -51,7 +51,6 @@ VIR_LOG_INIT("network.nftables");
#define VIR_NFTABLES_FWD_OUT_CHAIN "guest_output"
#define VIR_NFTABLES_FWD_X_CHAIN "guest_cross"
#define VIR_NFTABLES_NAT_POSTROUTE_CHAIN "guest_nat"
-#define VIR_NFTABLES_MANGLE_POSTROUTE_CHAIN "postroute_mangle"
/* we must avoid using the standard "filter" table as used by
* iptables, as any subsequent attempts to use iptables commands will
@@ -107,10 +106,6 @@ nftablesGlobalChain nftablesChains[] = {
/* chains for NAT rules */
{NULL, VIR_NFTABLES_NAT_POSTROUTE_CHAIN, "{ type nat hook postrouting priority 100; policy accept; }"},
-
- /* chain for "mangle" rules that modify packets (e.g. 0 out UDP checksums) */
- {NULL, VIR_NFTABLES_MANGLE_POSTROUTE_CHAIN, "{ type filter hook postrouting priority 0; policy accept; }"},
-
};
@@ -649,44 +644,6 @@ nftablesAddDontMasquerade(virFirewall *fw,
}
-/**
- * nftablesAddOutputFixUdpChecksum:
- *
- * Add a rule to @fw that will 0 out the checksum of udp packets
- * output from @iface with destination port @port.
-
- * Zeroing the checksum of a UDP packet tells the receiving end "you
- * don't need to validate the checksum", which is useful in cases
- * where the host (sender) thinks that packet checksums will be
- * computed elsewhere (and so leaves a partially computed checksum in
- * the packet header) while the guest (receiver) thinks that the
- * checksum has already been fully computed; in the meantime none of
- * the code in between has actually finished computing the
- * checksum.
- *
- * An example of this is DHCP response packets from host to
- * guest. If the checksum of each of these packets isn't zeroed, then
- * many guests (e.g. FreeBSD) will drop them with reason BAD CHECKSUM;
- * if the packets arrive at those guests with a checksum of 0, they
- * will happily accept the packet.
- */
-static void
-nftablesAddOutputFixUdpChecksum(virFirewall *fw,
- const char *iface,
- int port)
-{
- g_autofree char *portstr = g_strdup_printf("%d", port);
-
- virFirewallAddCmd(fw, VIR_FIREWALL_LAYER_IPV4,
- "insert", "rule", "ip",
- VIR_NFTABLES_PRIVATE_TABLE,
- VIR_NFTABLES_MANGLE_POSTROUTE_CHAIN,
- "oif", iface, "udp", "dport", portstr,
- "counter", "udp", "checksum", "set", "0",
- NULL);
-}
-
-
static const char networkLocalMulticastIPv4[] = "224.0.0.0/24";
static const char networkLocalMulticastIPv6[] = "ff02::/16";
static const char networkLocalBroadcast[] = "255.255.255.255/32";
@@ -944,30 +901,6 @@ nftablesAddGeneralFirewallRules(virFirewall *fw,
}
-static void
-nftablesAddChecksumFirewallRules(virFirewall *fw,
- virNetworkDef *def)
-{
- size_t i;
- virNetworkIPDef *ipv4def;
-
- /* Look for the first IPv4 address that has dhcp or tftpboot
- * defined. We support dhcp config on 1 IPv4 interface only.
- */
- for (i = 0; (ipv4def = virNetworkDefGetIPByIndex(def, AF_INET, i)); i++) {
- if (ipv4def->nranges || ipv4def->nhosts)
- break;
- }
-
- /* If we are doing local DHCP service on this network, add a rule
- * that will fixup the checksum of DHCP response packets back to
- * the guests.
- */
- if (ipv4def)
- nftablesAddOutputFixUdpChecksum(fw, def->bridge, 68);
-}
-
-
static int
nftablesAddIPSpecificFirewallRules(virFirewall *fw,
virNetworkDef *def,
@@ -1019,8 +952,6 @@ nftablesAddFirewallRules(virNetworkDef *def, virFirewall **fwRemoval)
return -1;
}
- nftablesAddChecksumFirewallRules(fw, def);
-
if (virFirewallApply(fw) < 0)
return -1;
diff --git a/tests/networkxml2firewalldata/base.nftables b/tests/networkxml2firewalldata/base.nftables
index 6371fc12dd..a064318739 100644
--- a/tests/networkxml2firewalldata/base.nftables
+++ b/tests/networkxml2firewalldata/base.nftables
@@ -68,13 +68,6 @@ libvirt_network \
guest_nat \
'{ type nat hook postrouting priority 100; policy accept; }'
nft \
-add \
-chain \
-ip \
-libvirt_network \
-postroute_mangle \
-'{ type filter hook postrouting priority 0; policy accept; }'
-nft \
list \
table \
ip6 \
@@ -143,10 +136,3 @@ ip6 \
libvirt_network \
guest_nat \
'{ type nat hook postrouting priority 100; policy accept; }'
-nft \
-add \
-chain \
-ip6 \
-libvirt_network \
-postroute_mangle \
-'{ type filter hook postrouting priority 0; policy accept; }'
diff --git a/tests/networkxml2firewalldata/forward-dev-linux.nftables b/tests/networkxml2firewalldata/forward-dev-linux.nftables
index 9dea1a88a4..8badb74beb 100644
--- a/tests/networkxml2firewalldata/forward-dev-linux.nftables
+++ b/tests/networkxml2firewalldata/forward-dev-linux.nftables
@@ -156,19 +156,3 @@ daddr \
224.0.0.0/24 \
counter \
return
-nft \
--ae insert \
-rule \
-ip \
-libvirt_network \
-postroute_mangle \
-oif \
-virbr0 \
-udp \
-dport \
-68 \
-counter \
-udp \
-checksum \
-set \
-0
diff --git a/tests/networkxml2firewalldata/isolated-linux.nftables b/tests/networkxml2firewalldata/isolated-linux.nftables
index 67ee0a2bf5..d1b4dac178 100644
--- a/tests/networkxml2firewalldata/isolated-linux.nftables
+++ b/tests/networkxml2firewalldata/isolated-linux.nftables
@@ -62,19 +62,3 @@ oif \
virbr0 \
counter \
accept
-nft \
--ae insert \
-rule \
-ip \
-libvirt_network \
-postroute_mangle \
-oif \
-virbr0 \
-udp \
-dport \
-68 \
-counter \
-udp \
-checksum \
-set \
-0
diff --git a/tests/networkxml2firewalldata/nat-default-linux.nftables b/tests/networkxml2firewalldata/nat-default-linux.nftables
index 951a5a6d60..28508292f9 100644
--- a/tests/networkxml2firewalldata/nat-default-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-default-linux.nftables
@@ -142,19 +142,3 @@ daddr \
224.0.0.0/24 \
counter \
return
-nft \
--ae insert \
-rule \
-ip \
-libvirt_network \
-postroute_mangle \
-oif \
-virbr0 \
-udp \
-dport \
-68 \
-counter \
-udp \
-checksum \
-set \
-0
diff --git a/tests/networkxml2firewalldata/nat-ipv6-linux.nftables b/tests/networkxml2firewalldata/nat-ipv6-linux.nftables
index 617ed8b753..d8a9ba706d 100644
--- a/tests/networkxml2firewalldata/nat-ipv6-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-ipv6-linux.nftables
@@ -200,19 +200,3 @@ oif \
virbr0 \
counter \
accept
-nft \
--ae insert \
-rule \
-ip \
-libvirt_network \
-postroute_mangle \
-oif \
-virbr0 \
-udp \
-dport \
-68 \
-counter \
-udp \
-checksum \
-set \
-0
diff --git a/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables b/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables
index a710d0e296..a7f09cda59 100644
--- a/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables
@@ -272,19 +272,3 @@ daddr \
ff02::/16 \
counter \
return
-nft \
--ae insert \
-rule \
-ip \
-libvirt_network \
-postroute_mangle \
-oif \
-virbr0 \
-udp \
-dport \
-68 \
-counter \
-udp \
-checksum \
-set \
-0
diff --git a/tests/networkxml2firewalldata/nat-many-ips-linux.nftables b/tests/networkxml2firewalldata/nat-many-ips-linux.nftables
index 0be5fb7e65..b826fe6134 100644
--- a/tests/networkxml2firewalldata/nat-many-ips-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-many-ips-linux.nftables
@@ -366,19 +366,3 @@ daddr \
224.0.0.0/24 \
counter \
return
-nft \
--ae insert \
-rule \
-ip \
-libvirt_network \
-postroute_mangle \
-oif \
-virbr0 \
-udp \
-dport \
-68 \
-counter \
-udp \
-checksum \
-set \
-0
diff --git a/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.nftables b/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.nftables
index 7574356855..ceaed6fa40 100644
--- a/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.nftables
@@ -384,19 +384,3 @@ daddr \
ff02::/16 \
counter \
return
-nft \
--ae insert \
-rule \
-ip \
-libvirt_network \
-postroute_mangle \
-oif \
-virbr0 \
-udp \
-dport \
-68 \
-counter \
-udp \
-checksum \
-set \
-0
diff --git a/tests/networkxml2firewalldata/nat-port-range-linux.nftables b/tests/networkxml2firewalldata/nat-port-range-linux.nftables
index 127536e4db..1dc37a26ec 100644
--- a/tests/networkxml2firewalldata/nat-port-range-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-port-range-linux.nftables
@@ -312,19 +312,3 @@ oif \
virbr0 \
counter \
accept
-nft \
--ae insert \
-rule \
-ip \
-libvirt_network \
-postroute_mangle \
-oif \
-virbr0 \
-udp \
-dport \
-68 \
-counter \
-udp \
-checksum \
-set \
-0
diff --git a/tests/networkxml2firewalldata/nat-tftp-linux.nftables b/tests/networkxml2firewalldata/nat-tftp-linux.nftables
index 951a5a6d60..28508292f9 100644
--- a/tests/networkxml2firewalldata/nat-tftp-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-tftp-linux.nftables
@@ -142,19 +142,3 @@ daddr \
224.0.0.0/24 \
counter \
return
-nft \
--ae insert \
-rule \
-ip \
-libvirt_network \
-postroute_mangle \
-oif \
-virbr0 \
-udp \
-dport \
-68 \
-counter \
-udp \
-checksum \
-set \
-0
diff --git a/tests/networkxml2firewalldata/route-default-linux.nftables b/tests/networkxml2firewalldata/route-default-linux.nftables
index be9c4f5439..282c9542a5 100644
--- a/tests/networkxml2firewalldata/route-default-linux.nftables
+++ b/tests/networkxml2firewalldata/route-default-linux.nftables
@@ -56,19 +56,3 @@ oif \
virbr0 \
counter \
accept
-nft \
--ae insert \
-rule \
-ip \
-libvirt_network \
-postroute_mangle \
-oif \
-virbr0 \
-udp \
-dport \
-68 \
-counter \
-udp \
-checksum \
-set \
-0
--
2.47.0
5 months
- 2
- 1
[PATCH 0/2] Cleanups of improper use of memory allocation APIs
by Peter Krempa
Peter Krempa (2):
Replace improper use of g_malloc(0) with g_new0
virstring: Use 'g_new0' instead of improper use of 'g_malloc0_n'
build-aux/syntax-check.mk | 4 ++--
src/util/virpcivpd.c | 6 +++---
src/util/virstring.c | 4 +---
tools/wireshark/src/packet-libvirt.c | 2 +-
4 files changed, 7 insertions(+), 9 deletions(-)
--
2.47.0
5 months
- 2
- 3
[PATCH] virJSONValueFromString: Prefix error message from 'json-c'
by Peter Krempa
The error message from 'json-c' was passed along without any libvirt
string which makes it hard to find in the source and isn't exactly clear
when present in logs:
libvirtd[843]: internal error : invalid utf-8 string
Prefix the message with 'failed to parse JSON'.
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
src/util/virjson.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/util/virjson.c b/src/util/virjson.c
index 42018a98b4..4a95e84f5b 100644
--- a/src/util/virjson.c
+++ b/src/util/virjson.c
@@ -1467,7 +1467,8 @@ virJSONValueFromString(const char *jsonstring)
jerr = json_tokener_get_error(tok);
if (jerr != json_tokener_success) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- "%s", json_tokener_error_desc(jerr));
+ _("failed to parse JSON: %1$s"),
+ json_tokener_error_desc(jerr));
goto cleanup;
}
ret = virJSONValueFromJsonC(jobj);
--
2.47.0
5 months, 1 week
- 2
- 1
[PATCH 0/2] finalize 'reconnect' deprecation
by Daniil Tatianin
We've deprecated the 'reconnect' property in c8e2b6b4d7e, but all the
tests, as well as the stream netdev were still left using it. This
series finalizes the deprecation and replaces all local usage and docs
metions of 'reconnect' with 'reconnect-ms'.
Daniil Tatianin (2):
net/stream: deprecate 'reconnect' in favor of 'reconnect-ms'
chardev: finalize 'reconnect' deprecation
docs/COLO-FT.txt | 4 +--
docs/about/deprecated.rst | 10 ++++++++
docs/system/ppc/powernv.rst | 2 +-
net/stream.c | 34 +++++++++++++++++---------
qapi/net.json | 13 +++++++++-
qemu-options.hx | 46 +++++++++++++++++------------------
tests/qtest/ipmi-bt-test.c | 2 +-
tests/qtest/netdev-socket.c | 2 +-
tests/qtest/vhost-user-test.c | 2 +-
tests/unit/test-char.c | 8 +++---
10 files changed, 77 insertions(+), 46 deletions(-)
--
2.34.1
5 months, 1 week
- 2
- 3
[PATCH v1] tests: add capabilities for QEMU 9.1.0 on s390x
by Shalini Chellathurai Saroja
Let us introduce the xml and reply files for QEMU 9.1.0 on s390x.
Signed-off-by: Shalini Chellathurai Saroja <shalini(a)linux.ibm.com>
Reviewed-by:Boris Fiuczynski <fiuczy(a)linux.ibm.com>
The replies and xml files are removed from this patch and is available in
https://gitlab.com/shalinichellathurai/libvirt/-/commit/9352fc34fcdb9921e...
---
tests/domaincapsdata/qemu_9.1.0.s390x.xml | 306 +
.../caps_9.1.0_s390x.replies | 36291 ++++++++++++++++
.../qemucapabilitiesdata/caps_9.1.0_s390x.xml | 3748 ++
tests/qemuhotplugtest.c | 8 -
.../console-sclp.s390x-latest.args | 5 +-
.../console-virtio-ccw.s390x-latest.args | 5 +-
...default-video-type-s390x.s390x-latest.args | 2 +-
.../disk-virtio-ccw-many.s390x-latest.args | 20 +-
.../disk-virtio-ccw.s390x-latest.args | 10 +-
.../disk-virtio-s390-zpci.s390x-latest.args | 5 +-
.../fs9p-ccw.s390x-latest.args | 5 +-
...tdev-scsi-vhost-scsi-ccw.s390x-latest.args | 5 +-
...vfio-zpci-ccw-memballoon.s390x-latest.args | 2 +-
.../input-virtio-ccw.s390x-latest.args | 5 +-
...othreads-virtio-scsi-ccw.s390x-latest.args | 10 +-
.../launch-security-s390-pv.s390x-latest.args | 7 +-
...chine-aeskeywrap-off-cap.s390x-latest.args | 5 +-
...hine-aeskeywrap-off-caps.s390x-latest.args | 5 +-
...achine-aeskeywrap-on-cap.s390x-latest.args | 5 +-
...chine-aeskeywrap-on-caps.s390x-latest.args | 5 +-
...chine-deakeywrap-off-cap.s390x-latest.args | 5 +-
...hine-deakeywrap-off-caps.s390x-latest.args | 5 +-
...achine-deakeywrap-on-cap.s390x-latest.args | 5 +-
...chine-deakeywrap-on-caps.s390x-latest.args | 5 +-
...achine-keywrap-none-caps.s390x-latest.args | 5 +-
.../machine-keywrap-none.s390x-latest.args | 5 +-
...multiple-disks-nets-s390.s390x-latest.args | 10 +-
.../machine-loadparm-s390.s390x-latest.args | 5 +-
...t-cpu-kvm-ccw-virtio-4.2.s390x-latest.args | 2 +-
.../s390-defaultconsole.s390x-latest.args | 2 +-
.../s390-panic.s390x-latest.args | 2 +-
.../vhost-user-fs-ccw.s390x-latest.args | 5 +-
.../vhost-vsock-ccw-auto.s390x-latest.args | 5 +-
.../vhost-vsock-ccw-iommu.s390x-latest.args | 5 +-
.../vhost-vsock-ccw.s390x-latest.args | 5 +-
...ideo-virtio-gpu-ccw-auto.s390x-latest.args | 5 +-
.../video-virtio-gpu-ccw.s390x-latest.args | 5 +-
.../virtio-rng-ccw.s390x-latest.args | 5 +-
.../watchdog-diag288.s390x-latest.args | 5 +-
39 files changed, 40423 insertions(+), 122 deletions(-)
create mode 100644 tests/domaincapsdata/qemu_9.1.0.s390x.xml
create mode 100644 tests/qemucapabilitiesdata/caps_9.1.0_s390x.replies
create mode 100644 tests/qemucapabilitiesdata/caps_9.1.0_s390x.xml
diff --git a/tests/domaincapsdata/qemu_9.1.0.s390x.xml b/tests/domaincapsdata/qemu_9.1.0.s390x.xml
new file mode 100644
index 0000000000..cd896ceffd
--- /dev/null
+++ b/tests/domaincapsdata/qemu_9.1.0.s390x.xml
@@ -0,0 +1,306 @@
+<domainCapabilities>
+ <path>/usr/bin/qemu-system-s390x</path>
+ <domain>kvm</domain>
+ <machine>s390-ccw-virtio-9.1</machine>
+ <arch>s390x</arch>
+ <vcpu max='248'/>
+ <iothreads supported='yes'/>
+ <os supported='yes'>
+ <enum name='firmware'/>
+ <loader supported='yes'>
+ <value>/obviously/fake/firmware1.fd</value>
+ <value>/obviously/fake/firmware2.fd</value>
+ <enum name='type'>
+ <value>rom</value>
+ <value>pflash</value>
+ </enum>
+ <enum name='readonly'>
+ <value>yes</value>
+ <value>no</value>
+ </enum>
+ <enum name='secure'>
+ <value>no</value>
+ </enum>
+ </loader>
+ </os>
+ <cpu>
+ <mode name='host-passthrough' supported='yes'>
+ <enum name='hostPassthroughMigratable'>
+ <value>off</value>
+ </enum>
+ </mode>
+ <mode name='maximum' supported='yes'>
+ <enum name='maximumMigratable'>
+ <value>on</value>
+ <value>off</value>
+ </enum>
+ </mode>
+ <mode name='host-model' supported='yes'>
+ <model fallback='forbid'>gen16a-base</model>
+ <feature policy='require' name='nnpa'/>
+ <feature policy='require' name='aen'/>
+ <feature policy='require' name='cmmnt'/>
+ <feature policy='require' name='vxpdeh'/>
+ <feature policy='require' name='aefsi'/>
+ <feature policy='require' name='diag318'/>
+ <feature policy='require' name='csske'/>
+ <feature policy='require' name='mepoch'/>
+ <feature policy='require' name='msa9'/>
+ <feature policy='require' name='msa8'/>
+ <feature policy='require' name='msa7'/>
+ <feature policy='require' name='msa6'/>
+ <feature policy='require' name='msa5'/>
+ <feature policy='require' name='msa4'/>
+ <feature policy='require' name='msa3'/>
+ <feature policy='require' name='msa2'/>
+ <feature policy='require' name='msa1'/>
+ <feature policy='require' name='sthyi'/>
+ <feature policy='require' name='edat'/>
+ <feature policy='require' name='ri'/>
+ <feature policy='require' name='deflate'/>
+ <feature policy='require' name='edat2'/>
+ <feature policy='require' name='etoken'/>
+ <feature policy='require' name='vx'/>
+ <feature policy='require' name='ipter'/>
+ <feature policy='require' name='pai'/>
+ <feature policy='require' name='paie'/>
+ <feature policy='require' name='mepochptff'/>
+ <feature policy='require' name='ap'/>
+ <feature policy='require' name='vxeh'/>
+ <feature policy='require' name='vxpd'/>
+ <feature policy='require' name='esop'/>
+ <feature policy='require' name='msa9_pckmo'/>
+ <feature policy='require' name='vxeh2'/>
+ <feature policy='require' name='esort'/>
+ <feature policy='require' name='appv'/>
+ <feature policy='require' name='apqi'/>
+ <feature policy='require' name='apft'/>
+ <feature policy='require' name='els'/>
+ <feature policy='require' name='iep'/>
+ <feature policy='require' name='appvi'/>
+ <feature policy='require' name='apqci'/>
+ <feature policy='require' name='cte'/>
+ <feature policy='require' name='ais'/>
+ <feature policy='require' name='bpb'/>
+ <feature policy='require' name='ctop'/>
+ <feature policy='require' name='gs'/>
+ <feature policy='require' name='ppa15'/>
+ <feature policy='require' name='zpci'/>
+ <feature policy='require' name='rdp'/>
+ <feature policy='require' name='sea_esop2'/>
+ <feature policy='require' name='beareh'/>
+ <feature policy='require' name='te'/>
+ <feature policy='require' name='cmm'/>
+ <feature policy='require' name='vxpdeh2'/>
+ </mode>
+ <mode name='custom' supported='yes'>
+ <model usable='yes' vendor='IBM'>z13</model>
+ <model usable='yes' vendor='IBM'>z990.3</model>
+ <model usable='yes' vendor='IBM'>z13-base</model>
+ <model usable='yes' vendor='IBM'>z990.2</model>
+ <model usable='yes' vendor='IBM'>z196.2-base</model>
+ <model usable='yes' vendor='IBM'>z14</model>
+ <model usable='yes' vendor='IBM'>z14.2-base</model>
+ <model usable='yes' vendor='IBM'>z990.4</model>
+ <model usable='yes' vendor='IBM'>z196</model>
+ <model usable='yes' vendor='IBM'>z10BC.2-base</model>
+ <model usable='yes' vendor='IBM'>z114-base</model>
+ <model usable='yes' vendor='IBM'>gen16b</model>
+ <model usable='yes' vendor='IBM'>z890.3-base</model>
+ <model usable='yes' vendor='IBM'>gen16a</model>
+ <model usable='yes' vendor='IBM'>z990.5</model>
+ <model usable='yes' vendor='IBM'>z196.2</model>
+ <model usable='yes' vendor='IBM'>zEC12</model>
+ <model usable='yes' vendor='IBM'>zEC12.2</model>
+ <model usable='yes' vendor='IBM'>z9EC.2</model>
+ <model usable='yes' vendor='IBM'>z9BC</model>
+ <model usable='yes' vendor='IBM'>z9EC.3-base</model>
+ <model usable='yes' vendor='IBM'>z800-base</model>
+ <model usable='yes' vendor='IBM'>z14ZR1-base</model>
+ <model usable='yes' vendor='IBM'>z890</model>
+ <model usable='yes' vendor='IBM'>z990.4-base</model>
+ <model usable='yes' vendor='IBM'>z9EC.3</model>
+ <model usable='yes' vendor='IBM'>z13.2</model>
+ <model usable='yes' vendor='IBM'>z10BC.2</model>
+ <model usable='yes' vendor='IBM'>gen15a-base</model>
+ <model usable='yes' vendor='IBM'>z14.2</model>
+ <model usable='yes' vendor='IBM'>zBC12-base</model>
+ <model usable='yes' vendor='IBM'>gen16a-base</model>
+ <model usable='yes' vendor='IBM'>z900.3</model>
+ <model usable='yes' vendor='IBM'>z196-base</model>
+ <model usable='yes' vendor='IBM'>z990</model>
+ <model usable='yes' vendor='IBM'>z14-base</model>
+ <model usable='yes' vendor='IBM'>z900.2</model>
+ <model usable='yes' vendor='IBM'>z800</model>
+ <model usable='yes' vendor='IBM'>z10EC</model>
+ <model usable='yes' vendor='IBM'>z10EC.2</model>
+ <model usable='yes' vendor='IBM'>z14ZR1</model>
+ <model usable='yes' vendor='IBM'>z900</model>
+ <model usable='yes' vendor='IBM'>z10EC.2-base</model>
+ <model usable='yes' vendor='IBM'>z900.2-base</model>
+ <model usable='yes' vendor='IBM'>z900-base</model>
+ <model usable='yes' vendor='IBM'>z10EC.3</model>
+ <model usable='yes' vendor='IBM'>z990.5-base</model>
+ <model usable='yes' vendor='unknown'>max</model>
+ <model usable='yes' vendor='IBM'>gen15b</model>
+ <model usable='yes' vendor='IBM'>z9BC.2-base</model>
+ <model usable='yes' vendor='IBM'>gen15a</model>
+ <model usable='yes' vendor='IBM'>z990.2-base</model>
+ <model usable='yes' vendor='IBM'>z10EC-base</model>
+ <model usable='yes' vendor='IBM'>gen16b-base</model>
+ <model usable='yes' vendor='IBM'>z114</model>
+ <model usable='yes' vendor='IBM'>z9EC-base</model>
+ <model usable='yes' vendor='IBM'>z13s</model>
+ <model usable='yes' vendor='unknown'>qemu</model>
+ <model usable='yes' vendor='IBM'>gen15b-base</model>
+ <model usable='yes' vendor='IBM'>zEC12-base</model>
+ <model usable='yes' vendor='IBM'>z890.3</model>
+ <model usable='yes' vendor='IBM'>z10EC.3-base</model>
+ <model usable='yes' vendor='IBM'>z890.2-base</model>
+ <model usable='yes' vendor='IBM'>z890.2</model>
+ <model usable='yes' vendor='IBM'>z10BC-base</model>
+ <model usable='yes' vendor='IBM'>zEC12.2-base</model>
+ <model usable='yes' vendor='IBM'>z890-base</model>
+ <model usable='yes' vendor='IBM'>z9BC-base</model>
+ <model usable='yes' vendor='IBM'>z10BC</model>
+ <model usable='yes' vendor='IBM'>z9EC</model>
+ <model usable='yes' vendor='IBM'>z9EC.2-base</model>
+ <model usable='yes' vendor='IBM'>z900.3-base</model>
+ <model usable='yes' vendor='IBM'>z13.2-base</model>
+ <model usable='yes' vendor='IBM'>z990.3-base</model>
+ <model usable='yes' vendor='IBM'>z13s-base</model>
+ <model usable='yes' vendor='IBM'>zBC12</model>
+ <model usable='yes' vendor='IBM'>z990-base</model>
+ <model usable='yes' vendor='IBM'>z9BC.2</model>
+ </mode>
+ </cpu>
+ <memoryBacking supported='yes'>
+ <enum name='sourceType'>
+ <value>file</value>
+ <value>anonymous</value>
+ <value>memfd</value>
+ </enum>
+ </memoryBacking>
+ <devices>
+ <disk supported='yes'>
+ <enum name='diskDevice'>
+ <value>disk</value>
+ <value>cdrom</value>
+ <value>floppy</value>
+ <value>lun</value>
+ </enum>
+ <enum name='bus'>
+ <value>fdc</value>
+ <value>scsi</value>
+ <value>virtio</value>
+ <value>usb</value>
+ </enum>
+ <enum name='model'>
+ <value>virtio</value>
+ <value>virtio-transitional</value>
+ <value>virtio-non-transitional</value>
+ </enum>
+ </disk>
+ <graphics supported='yes'>
+ <enum name='type'>
+ <value>sdl</value>
+ <value>vnc</value>
+ <value>egl-headless</value>
+ <value>dbus</value>
+ </enum>
+ </graphics>
+ <video supported='yes'>
+ <enum name='modelType'>
+ <value>virtio</value>
+ <value>none</value>
+ </enum>
+ </video>
+ <hostdev supported='yes'>
+ <enum name='mode'>
+ <value>subsystem</value>
+ </enum>
+ <enum name='startupPolicy'>
+ <value>default</value>
+ <value>mandatory</value>
+ <value>requisite</value>
+ <value>optional</value>
+ </enum>
+ <enum name='subsysType'>
+ <value>usb</value>
+ <value>pci</value>
+ <value>scsi</value>
+ </enum>
+ <enum name='capsType'/>
+ <enum name='pciBackend'>
+ <value>default</value>
+ <value>vfio</value>
+ </enum>
+ </hostdev>
+ <rng supported='yes'>
+ <enum name='model'>
+ <value>virtio</value>
+ <value>virtio-transitional</value>
+ <value>virtio-non-transitional</value>
+ </enum>
+ <enum name='backendModel'>
+ <value>random</value>
+ <value>egd</value>
+ <value>builtin</value>
+ </enum>
+ </rng>
+ <filesystem supported='yes'>
+ <enum name='driverType'>
+ <value>path</value>
+ <value>handle</value>
+ <value>virtiofs</value>
+ </enum>
+ </filesystem>
+ <tpm supported='no'/>
+ <redirdev supported='yes'>
+ <enum name='bus'>
+ <value>usb</value>
+ </enum>
+ </redirdev>
+ <channel supported='yes'>
+ <enum name='type'>
+ <value>pty</value>
+ <value>unix</value>
+ </enum>
+ </channel>
+ <crypto supported='yes'>
+ <enum name='model'>
+ <value>virtio</value>
+ </enum>
+ <enum name='type'>
+ <value>qemu</value>
+ </enum>
+ <enum name='backendModel'>
+ <value>builtin</value>
+ <value>lkcf</value>
+ </enum>
+ </crypto>
+ <interface supported='yes'>
+ <enum name='backendType'>
+ <value>default</value>
+ <value>passt</value>
+ </enum>
+ </interface>
+ </devices>
+ <features>
+ <gic supported='no'/>
+ <vmcoreinfo supported='no'/>
+ <genid supported='no'/>
+ <backingStoreInput supported='yes'/>
+ <backup supported='yes'/>
+ <async-teardown supported='yes'/>
+ <s390-pv supported='yes'/>
+ <ps2 supported='no'/>
+ <sev supported='no'/>
+ <sgx supported='no'/>
+ <launchSecurity supported='yes'>
+ <enum name='sectype'>
+ <value>s390-pv</value>
+ </enum>
+ </launchSecurity>
+ </features>
+</domainCapabilities>
diff --git a/tests/qemucapabilitiesdata/caps_9.1.0_s390x.replies b/tests/qemucapabilitiesdata/caps_9.1.0_s390x.replies
new file mode 100644
index 0000000000..4e54acb5b1
--- /dev/null
+++ b/tests/qemucapabilitiesdata/caps_9.1.0_s390x.replies
@@ -0,0 +1,36291 @@
[...]
diff --git a/tests/qemucapabilitiesdata/caps_9.1.0_s390x.xml b/tests/qemucapabilitiesdata/caps_9.1.0_s390x.xml
new file mode 100644
index 0000000000..50e9a60a1f
--- /dev/null
+++ b/tests/qemucapabilitiesdata/caps_9.1.0_s390x.xml
@@ -0,0 +1,3748 @@
[...]
diff --git a/tests/qemuhotplugtest.c b/tests/qemuhotplugtest.c
index f707121c47..d2a1f5acf1 100644
--- a/tests/qemuhotplugtest.c
+++ b/tests/qemuhotplugtest.c
@@ -643,40 +643,33 @@ mymain(void)
"chardev-remove", QMP_OK, "query-fdsets", "{\"return\": []}");
DO_TEST_ATTACH("s390x", "base-ccw-live", "ccw-virtio", false, true,
- "blockdev-add", QMP_OK,
"blockdev-add", QMP_OK,
"device_add", QMP_OK,
"query-block", QMP_EMPTY_ARRAY);
DO_TEST_DETACH("s390x", "base-ccw-live", "ccw-virtio", false, false,
"device_del", QMP_DEVICE_DELETED("virtio-disk4") QMP_OK,
- "blockdev-del", QMP_OK,
"blockdev-del", QMP_OK);
DO_TEST_ATTACH("s390x", "base-ccw-live-with-ccw-virtio", "ccw-virtio-2", false, true,
- "blockdev-add", QMP_OK,
"blockdev-add", QMP_OK,
"device_add", QMP_OK,
"query-block", QMP_EMPTY_ARRAY);
DO_TEST_DETACH("s390x", "base-ccw-live-with-ccw-virtio", "ccw-virtio-2", false, false,
"device_del", QMP_DEVICE_DELETED("virtio-disk0") QMP_OK,
- "blockdev-del", QMP_OK,
"blockdev-del", QMP_OK);
DO_TEST_ATTACH("s390x", "base-ccw-live-with-ccw-virtio", "ccw-virtio-2-explicit", false, true,
- "blockdev-add", QMP_OK,
"blockdev-add", QMP_OK,
"device_add", QMP_OK,
"query-block", QMP_EMPTY_ARRAY);
DO_TEST_DETACH("s390x", "base-ccw-live-with-ccw-virtio", "ccw-virtio-2-explicit", false, false,
"device_del", QMP_DEVICE_DELETED("virtio-disk0") QMP_OK,
- "blockdev-del", QMP_OK,
"blockdev-del", QMP_OK);
/* Attach a second device, then detach the first one. Then attach the first one again. */
DO_TEST_ATTACH("s390x", "base-ccw-live-with-ccw-virtio", "ccw-virtio-2-explicit", false, true,
- "blockdev-add", QMP_OK,
"blockdev-add", QMP_OK,
"device_add", QMP_OK,
"query-block", QMP_EMPTY_ARRAY);
@@ -685,7 +678,6 @@ mymain(void)
"device_del", QMP_DEVICE_DELETED("virtio-disk4") QMP_OK);
DO_TEST_ATTACH("s390x", "base-ccw-live-with-2-ccw-virtio", "ccw-virtio-1-reverse", false, false,
- "blockdev-add", QMP_OK,
"blockdev-add", QMP_OK,
"device_add", QMP_OK,
"query-block", QMP_EMPTY_ARRAY);
diff --git a/tests/qemuxmlconfdata/console-sclp.s390x-latest.args b/tests/qemuxmlconfdata/console-sclp.s390x-latest.args
index 3e0456b4a2..09c0df6954 100644
--- a/tests/qemuxmlconfdata/console-sclp.s390x-latest.args
+++ b/tests/qemuxmlconfdata/console-sclp.s390x-latest.args
@@ -26,9 +26,8 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-rtc base=utc \
-no-shutdown \
-boot strict=on \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
--device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-storage","id":"virtio-disk0","bootindex":1}' \
-chardev pty,id=charconsole0 \
-device '{"driver":"sclpconsole","chardev":"charconsole0","id":"console0"}' \
-audiodev '{"id":"audio1","driver":"none"}' \
diff --git a/tests/qemuxmlconfdata/console-virtio-ccw.s390x-latest.args b/tests/qemuxmlconfdata/console-virtio-ccw.s390x-latest.args
index 7077028dbd..547243529a 100644
--- a/tests/qemuxmlconfdata/console-virtio-ccw.s390x-latest.args
+++ b/tests/qemuxmlconfdata/console-virtio-ccw.s390x-latest.args
@@ -27,9 +27,8 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-no-shutdown \
-boot strict=on \
-device '{"driver":"virtio-serial-ccw","id":"virtio-serial0","devno":"fe.0.0001"}' \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
--device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-storage","id":"virtio-disk0","bootindex":1}' \
-chardev pty,id=charconsole0 \
-device '{"driver":"virtconsole","chardev":"charconsole0","id":"console0"}' \
-audiodev '{"id":"audio1","driver":"none"}' \
diff --git a/tests/qemuxmlconfdata/default-video-type-s390x.s390x-latest.args b/tests/qemuxmlconfdata/default-video-type-s390x.s390x-latest.args
index b3f55e8a21..1c1a1066e4 100644
--- a/tests/qemuxmlconfdata/default-video-type-s390x.s390x-latest.args
+++ b/tests/qemuxmlconfdata/default-video-type-s390x.s390x-latest.args
@@ -12,7 +12,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-default-video-type-s/.config \
-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-default-video-type-s/master-key.aes"}' \
-machine s390-ccw-virtio,usb=off,dump-guest-core=off,memory-backend=s390.ram \
-accel kvm \
--cpu gen15a-base,aen=on,vxpdeh=on,aefsi=on,diag318=on,csske=on,msa9=on,msa8=on,msa7=on,msa6=on,msa5=on,msa4=on,msa3=on,msa2=on,msa1=on,sthyi=on,edat=on,deflate=on,etoken=on,vx=on,ap=on,vxeh=on,vxpd=on,esop=on,msa9_pckmo=on,vxeh2=on,esort=on,apft=on,els=on,iep=on,apqci=on,cte=on,ais=on,bpb=on,gs=on,ppa15=on,zpci=on,sea_esop2=on,te=on \
+-cpu gen16a-base,nnpa=on,aen=on,cmmnt=on,vxpdeh=on,aefsi=on,diag318=on,csske=on,mepoch=on,msa9=on,msa8=on,msa7=on,msa6=on,msa5=on,msa4=on,msa3=on,msa2=on,msa1=on,sthyi=on,edat=on,ri=on,deflate=on,edat2=on,etoken=on,vx=on,ipter=on,pai=on,paie=on,mepochptff=on,ap=on,vxeh=on,vxpd=on,esop=on,msa9_pckmo=on,vxeh2=on,esort=on,appv=on,apqi=on,apft=on,els=on,iep=on,appvi=on,apqci=on,cte=on,ais=on,bpb=on,ctop=on,gs=on,ppa15=on,zpci=on,rdp=on,sea_esop2=on,beareh=on,te=on,cmm=on,vxpdeh2=on \
-m size=1048576k \
-object '{"qom-type":"memory-backend-ram","id":"s390.ram","size":1073741824}' \
-overcommit mem-lock=off \
diff --git a/tests/qemuxmlconfdata/disk-virtio-ccw-many.s390x-latest.args b/tests/qemuxmlconfdata/disk-virtio-ccw-many.s390x-latest.args
index 47f485bab0..6c32bd7af6 100644
--- a/tests/qemuxmlconfdata/disk-virtio-ccw-many.s390x-latest.args
+++ b/tests/qemuxmlconfdata/disk-virtio-ccw-many.s390x-latest.args
@@ -26,18 +26,14 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-rtc base=utc \
-no-shutdown \
-boot strict=on \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-4-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-4-format","read-only":false,"driver":"raw","file":"libvirt-4-storage"}' \
--device '{"driver":"virtio-blk-ccw","devno":"0.0.0007","drive":"libvirt-4-format","id":"virtio-disk0","bootindex":1}' \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest4","node-name":"libvirt-3-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-3-format","read-only":false,"driver":"raw","file":"libvirt-3-storage"}' \
--device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-3-format","id":"virtio-disk1"}' \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest2","node-name":"libvirt-2-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-2-format","read-only":false,"driver":"raw","file":"libvirt-2-storage"}' \
--device '{"driver":"virtio-blk-ccw","devno":"fe.0.0001","drive":"libvirt-2-format","id":"virtio-disk2"}' \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest3","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
--device '{"driver":"virtio-blk-ccw","devno":"fe.2.f00f","drive":"libvirt-1-format","id":"virtio-disk3"}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-4-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"0.0.0007","drive":"libvirt-4-storage","id":"virtio-disk0","bootindex":1}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest4","node-name":"libvirt-3-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-3-storage","id":"virtio-disk1"}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest2","node-name":"libvirt-2-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"fe.0.0001","drive":"libvirt-2-storage","id":"virtio-disk2"}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest3","node-name":"libvirt-1-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"fe.2.f00f","drive":"libvirt-1-storage","id":"virtio-disk3"}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-device '{"driver":"virtio-balloon-ccw","id":"balloon0","devno":"fe.0.000a"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
diff --git a/tests/qemuxmlconfdata/disk-virtio-ccw.s390x-latest.args b/tests/qemuxmlconfdata/disk-virtio-ccw.s390x-latest.args
index 5456a25c8f..546637a943 100644
--- a/tests/qemuxmlconfdata/disk-virtio-ccw.s390x-latest.args
+++ b/tests/qemuxmlconfdata/disk-virtio-ccw.s390x-latest.args
@@ -26,12 +26,10 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-rtc base=utc \
-no-shutdown \
-boot strict=on \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-2-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-2-format","read-only":false,"driver":"raw","file":"libvirt-2-storage"}' \
--device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-2-format","id":"virtio-disk0","bootindex":1}' \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest2","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
--device '{"driver":"virtio-blk-ccw","devno":"0.0.0007","drive":"libvirt-1-format","id":"virtio-disk1"}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-2-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-2-storage","id":"virtio-disk0","bootindex":1}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest2","node-name":"libvirt-1-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"0.0.0007","drive":"libvirt-1-storage","id":"virtio-disk1"}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-device '{"driver":"virtio-balloon-ccw","id":"balloon0","devno":"fe.0.000a"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
diff --git a/tests/qemuxmlconfdata/disk-virtio-s390-zpci.s390x-latest.args b/tests/qemuxmlconfdata/disk-virtio-s390-zpci.s390x-latest.args
index 3a8bf53390..ee4f86ce61 100644
--- a/tests/qemuxmlconfdata/disk-virtio-s390-zpci.s390x-latest.args
+++ b/tests/qemuxmlconfdata/disk-virtio-s390-zpci.s390x-latest.args
@@ -26,10 +26,9 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-rtc base=utc \
-no-shutdown \
-boot strict=on \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \
-device '{"driver":"zpci","uid":25,"fid":31,"target":"virtio-disk0","id":"zpci25"}' \
--device '{"driver":"virtio-blk-pci","bus":"pci.0","addr":"0x8","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
+-device '{"driver":"virtio-blk-pci","bus":"pci.0","addr":"0x8","drive":"libvirt-1-storage","id":"virtio-disk0","bootindex":1}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-device '{"driver":"virtio-balloon-ccw","id":"balloon0","devno":"fe.0.0000"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
diff --git a/tests/qemuxmlconfdata/fs9p-ccw.s390x-latest.args b/tests/qemuxmlconfdata/fs9p-ccw.s390x-latest.args
index 2fb3203b9c..c7353dd8e4 100644
--- a/tests/qemuxmlconfdata/fs9p-ccw.s390x-latest.args
+++ b/tests/qemuxmlconfdata/fs9p-ccw.s390x-latest.args
@@ -26,9 +26,8 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-rtc base=utc \
-no-shutdown \
-boot strict=on \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
--device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-storage","id":"virtio-disk0","bootindex":1}' \
-fsdev local,security_model=passthrough,id=fsdev-fs0,path=/export/to/guest \
-device '{"driver":"virtio-9p-ccw","id":"fs0","fsdev":"fsdev-fs0","mount_tag":"/import/from/host","devno":"fe.0.0001"}' \
-fsdev local,security_model=mapped,writeout=immediate,id=fsdev-fs1,path=/export/to/guest2 \
diff --git a/tests/qemuxmlconfdata/hostdev-scsi-vhost-scsi-ccw.s390x-latest.args b/tests/qemuxmlconfdata/hostdev-scsi-vhost-scsi-ccw.s390x-latest.args
index 1668c6634d..bce866221a 100644
--- a/tests/qemuxmlconfdata/hostdev-scsi-vhost-scsi-ccw.s390x-latest.args
+++ b/tests/qemuxmlconfdata/hostdev-scsi-vhost-scsi-ccw.s390x-latest.args
@@ -27,9 +27,8 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest2/.config \
-no-shutdown \
-boot strict=on \
-device '{"driver":"virtio-scsi-ccw","id":"scsi0","devno":"fe.0.0001"}' \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest2","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
--device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest2","node-name":"libvirt-1-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-storage","id":"virtio-disk0","bootindex":1}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-device '{"driver":"vhost-scsi-ccw","wwpn":"naa.5123456789abcde0","vhostfd":"3","id":"hostdev0","devno":"fe.0.0002"}' \
-device '{"driver":"virtio-balloon-ccw","id":"balloon0","devno":"fe.0.0003"}' \
diff --git a/tests/qemuxmlconfdata/hostdev-vfio-zpci-ccw-memballoon.s390x-latest.args b/tests/qemuxmlconfdata/hostdev-vfio-zpci-ccw-memballoon.s390x-latest.args
index 69f2679f6f..d69ebfc8fd 100644
--- a/tests/qemuxmlconfdata/hostdev-vfio-zpci-ccw-memballoon.s390x-latest.args
+++ b/tests/qemuxmlconfdata/hostdev-vfio-zpci-ccw-memballoon.s390x-latest.args
@@ -12,7 +12,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-KVMGuest1/.config \
-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-KVMGuest1/master-key.aes"}' \
-machine s390-ccw-virtio,usb=off,dump-guest-core=off,memory-backend=s390.ram \
-accel kvm \
--cpu gen15a-base,aen=on,vxpdeh=on,aefsi=on,diag318=on,csske=on,msa9=on,msa8=on,msa7=on,msa6=on,msa5=on,msa4=on,msa3=on,msa2=on,msa1=on,sthyi=on,edat=on,deflate=on,etoken=on,vx=on,ap=on,vxeh=on,vxpd=on,esop=on,msa9_pckmo=on,vxeh2=on,esort=on,apft=on,els=on,iep=on,apqci=on,cte=on,ais=on,bpb=on,gs=on,ppa15=on,zpci=on,sea_esop2=on,te=on \
+-cpu gen16a-base,nnpa=on,aen=on,cmmnt=on,vxpdeh=on,aefsi=on,diag318=on,csske=on,mepoch=on,msa9=on,msa8=on,msa7=on,msa6=on,msa5=on,msa4=on,msa3=on,msa2=on,msa1=on,sthyi=on,edat=on,ri=on,deflate=on,edat2=on,etoken=on,vx=on,ipter=on,pai=on,paie=on,mepochptff=on,ap=on,vxeh=on,vxpd=on,esop=on,msa9_pckmo=on,vxeh2=on,esort=on,appv=on,apqi=on,apft=on,els=on,iep=on,appvi=on,apqci=on,cte=on,ais=on,bpb=on,ctop=on,gs=on,ppa15=on,zpci=on,rdp=on,sea_esop2=on,beareh=on,te=on,cmm=on,vxpdeh2=on \
-m size=219136k \
-object '{"qom-type":"memory-backend-ram","id":"s390.ram","size":224395264}' \
-overcommit mem-lock=off \
diff --git a/tests/qemuxmlconfdata/input-virtio-ccw.s390x-latest.args b/tests/qemuxmlconfdata/input-virtio-ccw.s390x-latest.args
index 7cf73299f6..fc32804695 100644
--- a/tests/qemuxmlconfdata/input-virtio-ccw.s390x-latest.args
+++ b/tests/qemuxmlconfdata/input-virtio-ccw.s390x-latest.args
@@ -26,9 +26,8 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-rtc base=utc \
-no-shutdown \
-boot strict=on \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
--device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-storage","id":"virtio-disk0","bootindex":1}' \
-device '{"driver":"virtio-keyboard-ccw","id":"input0","devno":"fe.0.0002"}' \
-device '{"driver":"virtio-mouse-ccw","id":"input1","devno":"fe.0.0003"}' \
-device '{"driver":"virtio-tablet-ccw","id":"input2","devno":"fe.0.0004"}' \
diff --git a/tests/qemuxmlconfdata/iothreads-virtio-scsi-ccw.s390x-latest.args b/tests/qemuxmlconfdata/iothreads-virtio-scsi-ccw.s390x-latest.args
index ed7971d632..953edb5445 100644
--- a/tests/qemuxmlconfdata/iothreads-virtio-scsi-ccw.s390x-latest.args
+++ b/tests/qemuxmlconfdata/iothreads-virtio-scsi-ccw.s390x-latest.args
@@ -29,12 +29,10 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-no-shutdown \
-boot strict=on \
-device '{"driver":"virtio-scsi-ccw","iothread":"iothread2","id":"scsi0","devno":"fe.0.0001"}' \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-2-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-2-format","read-only":false,"driver":"raw","file":"libvirt-2-storage"}' \
--device '{"driver":"virtio-blk-ccw","iothread":"iothread1","devno":"fe.0.0000","drive":"libvirt-2-format","id":"virtio-disk0","bootindex":1}' \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest2","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
--device '{"driver":"scsi-hd","bus":"scsi0.0","channel":0,"scsi-id":2,"lun":0,"device_id":"drive-scsi0-0-2-0","drive":"libvirt-1-format","id":"scsi0-0-2-0"}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-2-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","iothread":"iothread1","devno":"fe.0.0000","drive":"libvirt-2-storage","id":"virtio-disk0","bootindex":1}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest2","node-name":"libvirt-1-storage","read-only":false}' \
+-device '{"driver":"scsi-hd","bus":"scsi0.0","channel":0,"scsi-id":2,"lun":0,"device_id":"drive-scsi0-0-2-0","drive":"libvirt-1-storage","id":"scsi0-0-2-0"}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-device '{"driver":"virtio-balloon-ccw","id":"balloon0","devno":"fe.0.000a"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
diff --git a/tests/qemuxmlconfdata/launch-security-s390-pv.s390x-latest.args b/tests/qemuxmlconfdata/launch-security-s390-pv.s390x-latest.args
index 5c042913a1..4f052238e9 100644
--- a/tests/qemuxmlconfdata/launch-security-s390-pv.s390x-latest.args
+++ b/tests/qemuxmlconfdata/launch-security-s390-pv.s390x-latest.args
@@ -12,7 +12,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-QEMUGuest1/master-key.aes"}' \
-machine s390-ccw-virtio,usb=off,dump-guest-core=off,memory-backend=s390.ram,confidential-guest-support=lsec0 \
-accel kvm \
--cpu gen15a-base,aen=on,vxpdeh=on,aefsi=on,diag318=on,csske=on,msa9=on,msa8=on,msa7=on,msa6=on,msa5=on,msa4=on,msa3=on,msa2=on,msa1=on,sthyi=on,edat=on,deflate=on,etoken=on,vx=on,ap=on,vxeh=on,vxpd=on,esop=on,msa9_pckmo=on,vxeh2=on,esort=on,apft=on,els=on,iep=on,apqci=on,cte=on,ais=on,bpb=on,gs=on,ppa15=on,zpci=on,sea_esop2=on,te=on \
+-cpu gen16a-base,nnpa=on,aen=on,cmmnt=on,vxpdeh=on,aefsi=on,diag318=on,csske=on,mepoch=on,msa9=on,msa8=on,msa7=on,msa6=on,msa5=on,msa4=on,msa3=on,msa2=on,msa1=on,sthyi=on,edat=on,ri=on,deflate=on,edat2=on,etoken=on,vx=on,ipter=on,pai=on,paie=on,mepochptff=on,ap=on,vxeh=on,vxpd=on,esop=on,msa9_pckmo=on,vxeh2=on,esort=on,appv=on,apqi=on,apft=on,els=on,iep=on,appvi=on,apqci=on,cte=on,ais=on,bpb=on,ctop=on,gs=on,ppa15=on,zpci=on,rdp=on,sea_esop2=on,beareh=on,te=on,cmm=on,vxpdeh2=on \
-m size=219136k \
-object '{"qom-type":"memory-backend-ram","id":"s390.ram","size":224395264}' \
-overcommit mem-lock=off \
@@ -26,9 +26,8 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-rtc base=utc \
-no-shutdown \
-boot strict=on \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
--device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-storage","id":"virtio-disk0","bootindex":1}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-device '{"driver":"virtio-balloon-ccw","id":"balloon0","devno":"fe.0.0001"}' \
-object '{"qom-type":"s390-pv-guest","id":"lsec0"}' \
diff --git a/tests/qemuxmlconfdata/machine-aeskeywrap-off-cap.s390x-latest.args b/tests/qemuxmlconfdata/machine-aeskeywrap-off-cap.s390x-latest.args
index de274c6336..3c17b8cb3b 100644
--- a/tests/qemuxmlconfdata/machine-aeskeywrap-off-cap.s390x-latest.args
+++ b/tests/qemuxmlconfdata/machine-aeskeywrap-off-cap.s390x-latest.args
@@ -26,9 +26,8 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-rtc base=utc \
-no-shutdown \
-boot strict=on \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
--device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-storage","id":"virtio-disk0","bootindex":1}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
diff --git a/tests/qemuxmlconfdata/machine-aeskeywrap-off-caps.s390x-latest.args b/tests/qemuxmlconfdata/machine-aeskeywrap-off-caps.s390x-latest.args
index de274c6336..3c17b8cb3b 100644
--- a/tests/qemuxmlconfdata/machine-aeskeywrap-off-caps.s390x-latest.args
+++ b/tests/qemuxmlconfdata/machine-aeskeywrap-off-caps.s390x-latest.args
@@ -26,9 +26,8 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-rtc base=utc \
-no-shutdown \
-boot strict=on \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
--device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-storage","id":"virtio-disk0","bootindex":1}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
diff --git a/tests/qemuxmlconfdata/machine-aeskeywrap-on-cap.s390x-latest.args b/tests/qemuxmlconfdata/machine-aeskeywrap-on-cap.s390x-latest.args
index fb9b8fdc7a..583885e470 100644
--- a/tests/qemuxmlconfdata/machine-aeskeywrap-on-cap.s390x-latest.args
+++ b/tests/qemuxmlconfdata/machine-aeskeywrap-on-cap.s390x-latest.args
@@ -26,9 +26,8 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-rtc base=utc \
-no-shutdown \
-boot strict=on \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
--device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-storage","id":"virtio-disk0","bootindex":1}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
diff --git a/tests/qemuxmlconfdata/machine-aeskeywrap-on-caps.s390x-latest.args b/tests/qemuxmlconfdata/machine-aeskeywrap-on-caps.s390x-latest.args
index fb9b8fdc7a..583885e470 100644
--- a/tests/qemuxmlconfdata/machine-aeskeywrap-on-caps.s390x-latest.args
+++ b/tests/qemuxmlconfdata/machine-aeskeywrap-on-caps.s390x-latest.args
@@ -26,9 +26,8 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-rtc base=utc \
-no-shutdown \
-boot strict=on \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
--device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-storage","id":"virtio-disk0","bootindex":1}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
diff --git a/tests/qemuxmlconfdata/machine-deakeywrap-off-cap.s390x-latest.args b/tests/qemuxmlconfdata/machine-deakeywrap-off-cap.s390x-latest.args
index 4ffb2f3609..6270b7e43a 100644
--- a/tests/qemuxmlconfdata/machine-deakeywrap-off-cap.s390x-latest.args
+++ b/tests/qemuxmlconfdata/machine-deakeywrap-off-cap.s390x-latest.args
@@ -26,9 +26,8 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-rtc base=utc \
-no-shutdown \
-boot strict=on \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
--device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-storage","id":"virtio-disk0","bootindex":1}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
diff --git a/tests/qemuxmlconfdata/machine-deakeywrap-off-caps.s390x-latest.args b/tests/qemuxmlconfdata/machine-deakeywrap-off-caps.s390x-latest.args
index 4ffb2f3609..6270b7e43a 100644
--- a/tests/qemuxmlconfdata/machine-deakeywrap-off-caps.s390x-latest.args
+++ b/tests/qemuxmlconfdata/machine-deakeywrap-off-caps.s390x-latest.args
@@ -26,9 +26,8 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-rtc base=utc \
-no-shutdown \
-boot strict=on \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
--device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-storage","id":"virtio-disk0","bootindex":1}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
diff --git a/tests/qemuxmlconfdata/machine-deakeywrap-on-cap.s390x-latest.args b/tests/qemuxmlconfdata/machine-deakeywrap-on-cap.s390x-latest.args
index bb79e9e886..c0104970b5 100644
--- a/tests/qemuxmlconfdata/machine-deakeywrap-on-cap.s390x-latest.args
+++ b/tests/qemuxmlconfdata/machine-deakeywrap-on-cap.s390x-latest.args
@@ -26,9 +26,8 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-rtc base=utc \
-no-shutdown \
-boot strict=on \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
--device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-storage","id":"virtio-disk0","bootindex":1}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
diff --git a/tests/qemuxmlconfdata/machine-deakeywrap-on-caps.s390x-latest.args b/tests/qemuxmlconfdata/machine-deakeywrap-on-caps.s390x-latest.args
index bb79e9e886..c0104970b5 100644
--- a/tests/qemuxmlconfdata/machine-deakeywrap-on-caps.s390x-latest.args
+++ b/tests/qemuxmlconfdata/machine-deakeywrap-on-caps.s390x-latest.args
@@ -26,9 +26,8 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-rtc base=utc \
-no-shutdown \
-boot strict=on \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
--device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-storage","id":"virtio-disk0","bootindex":1}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
diff --git a/tests/qemuxmlconfdata/machine-keywrap-none-caps.s390x-latest.args b/tests/qemuxmlconfdata/machine-keywrap-none-caps.s390x-latest.args
index 516768833a..10594504bc 100644
--- a/tests/qemuxmlconfdata/machine-keywrap-none-caps.s390x-latest.args
+++ b/tests/qemuxmlconfdata/machine-keywrap-none-caps.s390x-latest.args
@@ -26,9 +26,8 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-rtc base=utc \
-no-shutdown \
-boot strict=on \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
--device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-storage","id":"virtio-disk0","bootindex":1}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
diff --git a/tests/qemuxmlconfdata/machine-keywrap-none.s390x-latest.args b/tests/qemuxmlconfdata/machine-keywrap-none.s390x-latest.args
index 516768833a..10594504bc 100644
--- a/tests/qemuxmlconfdata/machine-keywrap-none.s390x-latest.args
+++ b/tests/qemuxmlconfdata/machine-keywrap-none.s390x-latest.args
@@ -26,9 +26,8 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-rtc base=utc \
-no-shutdown \
-boot strict=on \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
--device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-storage","id":"virtio-disk0","bootindex":1}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
diff --git a/tests/qemuxmlconfdata/machine-loadparm-multiple-disks-nets-s390.s390x-latest.args b/tests/qemuxmlconfdata/machine-loadparm-multiple-disks-nets-s390.s390x-latest.args
index 1e651e7870..411b62f3ee 100644
--- a/tests/qemuxmlconfdata/machine-loadparm-multiple-disks-nets-s390.s390x-latest.args
+++ b/tests/qemuxmlconfdata/machine-loadparm-multiple-disks-nets-s390.s390x-latest.args
@@ -26,12 +26,10 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-rtc base=utc \
-no-shutdown \
-boot strict=on \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-2-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-2-format","read-only":false,"driver":"raw","file":"libvirt-2-storage"}' \
--device '{"driver":"virtio-blk-ccw","devno":"fe.0.0002","drive":"libvirt-2-format","id":"virtio-disk0","bootindex":1}' \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest2","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
--device '{"driver":"virtio-blk-ccw","devno":"fe.0.0003","drive":"libvirt-1-format","id":"virtio-disk1","bootindex":3}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-2-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"fe.0.0002","drive":"libvirt-2-storage","id":"virtio-disk0","bootindex":1}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest2","node-name":"libvirt-1-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"fe.0.0003","drive":"libvirt-1-storage","id":"virtio-disk1","bootindex":3}' \
-netdev '{"type":"user","id":"hostnet0"}' \
-device '{"driver":"virtio-net-ccw","netdev":"hostnet0","id":"net0","mac":"00:11:22:33:44:54","bootindex":2,"devno":"fe.0.0000"}' \
-netdev '{"type":"user","id":"hostnet1"}' \
diff --git a/tests/qemuxmlconfdata/machine-loadparm-s390.s390x-latest.args b/tests/qemuxmlconfdata/machine-loadparm-s390.s390x-latest.args
index b11d958117..896fc1e578 100644
--- a/tests/qemuxmlconfdata/machine-loadparm-s390.s390x-latest.args
+++ b/tests/qemuxmlconfdata/machine-loadparm-s390.s390x-latest.args
@@ -26,9 +26,8 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-rtc base=utc \
-no-shutdown \
-boot strict=on \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
--device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-storage","id":"virtio-disk0","bootindex":1}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-device '{"driver":"virtio-balloon-ccw","id":"balloon0","devno":"fe.0.0001"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
diff --git a/tests/qemuxmlconfdata/s390-default-cpu-kvm-ccw-virtio-4.2.s390x-latest.args b/tests/qemuxmlconfdata/s390-default-cpu-kvm-ccw-virtio-4.2.s390x-latest.args
index 14954d02a2..a6d8ba5952 100644
--- a/tests/qemuxmlconfdata/s390-default-cpu-kvm-ccw-virtio-4.2.s390x-latest.args
+++ b/tests/qemuxmlconfdata/s390-default-cpu-kvm-ccw-virtio-4.2.s390x-latest.args
@@ -12,7 +12,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-test/.config \
-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-test/master-key.aes"}' \
-machine s390-ccw-virtio-4.2,usb=off,dump-guest-core=off,memory-backend=s390.ram \
-accel kvm \
--cpu gen15a-base,aen=on,vxpdeh=on,aefsi=on,diag318=on,csske=on,msa9=on,msa8=on,msa7=on,msa6=on,msa5=on,msa4=on,msa3=on,msa2=on,msa1=on,sthyi=on,edat=on,deflate=on,etoken=on,vx=on,ap=on,vxeh=on,vxpd=on,esop=on,msa9_pckmo=on,vxeh2=on,esort=on,apft=on,els=on,iep=on,apqci=on,cte=on,ais=on,bpb=on,gs=on,ppa15=on,zpci=on,sea_esop2=on,te=on \
+-cpu gen16a-base,nnpa=on,aen=on,cmmnt=on,vxpdeh=on,aefsi=on,diag318=on,csske=on,mepoch=on,msa9=on,msa8=on,msa7=on,msa6=on,msa5=on,msa4=on,msa3=on,msa2=on,msa1=on,sthyi=on,edat=on,ri=on,deflate=on,edat2=on,etoken=on,vx=on,ipter=on,pai=on,paie=on,mepochptff=on,ap=on,vxeh=on,vxpd=on,esop=on,msa9_pckmo=on,vxeh2=on,esort=on,appv=on,apqi=on,apft=on,els=on,iep=on,appvi=on,apqci=on,cte=on,ais=on,bpb=on,ctop=on,gs=on,ppa15=on,zpci=on,rdp=on,sea_esop2=on,beareh=on,te=on,cmm=on,vxpdeh2=on \
-m size=262144k \
-object '{"qom-type":"memory-backend-ram","id":"s390.ram","size":268435456}' \
-overcommit mem-lock=off \
diff --git a/tests/qemuxmlconfdata/s390-defaultconsole.s390x-latest.args b/tests/qemuxmlconfdata/s390-defaultconsole.s390x-latest.args
index 09eff14e46..e56d48ac36 100644
--- a/tests/qemuxmlconfdata/s390-defaultconsole.s390x-latest.args
+++ b/tests/qemuxmlconfdata/s390-defaultconsole.s390x-latest.args
@@ -12,7 +12,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-test/.config \
-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-test/master-key.aes"}' \
-machine s390-ccw-virtio,usb=off,dump-guest-core=off,memory-backend=s390.ram \
-accel kvm \
--cpu gen15a-base,aen=on,vxpdeh=on,aefsi=on,diag318=on,csske=on,msa9=on,msa8=on,msa7=on,msa6=on,msa5=on,msa4=on,msa3=on,msa2=on,msa1=on,sthyi=on,edat=on,deflate=on,etoken=on,vx=on,ap=on,vxeh=on,vxpd=on,esop=on,msa9_pckmo=on,vxeh2=on,esort=on,apft=on,els=on,iep=on,apqci=on,cte=on,ais=on,bpb=on,gs=on,ppa15=on,zpci=on,sea_esop2=on,te=on \
+-cpu gen16a-base,nnpa=on,aen=on,cmmnt=on,vxpdeh=on,aefsi=on,diag318=on,csske=on,mepoch=on,msa9=on,msa8=on,msa7=on,msa6=on,msa5=on,msa4=on,msa3=on,msa2=on,msa1=on,sthyi=on,edat=on,ri=on,deflate=on,edat2=on,etoken=on,vx=on,ipter=on,pai=on,paie=on,mepochptff=on,ap=on,vxeh=on,vxpd=on,esop=on,msa9_pckmo=on,vxeh2=on,esort=on,appv=on,apqi=on,apft=on,els=on,iep=on,appvi=on,apqci=on,cte=on,ais=on,bpb=on,ctop=on,gs=on,ppa15=on,zpci=on,rdp=on,sea_esop2=on,beareh=on,te=on,cmm=on,vxpdeh2=on \
-m size=262144k \
-object '{"qom-type":"memory-backend-ram","id":"s390.ram","size":268435456}' \
-overcommit mem-lock=off \
diff --git a/tests/qemuxmlconfdata/s390-panic.s390x-latest.args b/tests/qemuxmlconfdata/s390-panic.s390x-latest.args
index e020a9f467..c5e4c9245e 100644
--- a/tests/qemuxmlconfdata/s390-panic.s390x-latest.args
+++ b/tests/qemuxmlconfdata/s390-panic.s390x-latest.args
@@ -12,7 +12,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-test/.config \
-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-test/master-key.aes"}' \
-machine s390-ccw-virtio,usb=off,dump-guest-core=off,memory-backend=s390.ram \
-accel kvm \
--cpu gen15a-base,aen=on,vxpdeh=on,aefsi=on,diag318=on,csske=on,msa9=on,msa8=on,msa7=on,msa6=on,msa5=on,msa4=on,msa3=on,msa2=on,msa1=on,sthyi=on,edat=on,deflate=on,etoken=on,vx=on,ap=on,vxeh=on,vxpd=on,esop=on,msa9_pckmo=on,vxeh2=on,esort=on,apft=on,els=on,iep=on,apqci=on,cte=on,ais=on,bpb=on,gs=on,ppa15=on,zpci=on,sea_esop2=on,te=on \
+-cpu gen16a-base,nnpa=on,aen=on,cmmnt=on,vxpdeh=on,aefsi=on,diag318=on,csske=on,mepoch=on,msa9=on,msa8=on,msa7=on,msa6=on,msa5=on,msa4=on,msa3=on,msa2=on,msa1=on,sthyi=on,edat=on,ri=on,deflate=on,edat2=on,etoken=on,vx=on,ipter=on,pai=on,paie=on,mepochptff=on,ap=on,vxeh=on,vxpd=on,esop=on,msa9_pckmo=on,vxeh2=on,esort=on,appv=on,apqi=on,apft=on,els=on,iep=on,appvi=on,apqci=on,cte=on,ais=on,bpb=on,ctop=on,gs=on,ppa15=on,zpci=on,rdp=on,sea_esop2=on,beareh=on,te=on,cmm=on,vxpdeh2=on \
-m size=262144k \
-object '{"qom-type":"memory-backend-ram","id":"s390.ram","size":268435456}' \
-overcommit mem-lock=off \
diff --git a/tests/qemuxmlconfdata/vhost-user-fs-ccw.s390x-latest.args b/tests/qemuxmlconfdata/vhost-user-fs-ccw.s390x-latest.args
index f7bc39111f..72ca38c305 100644
--- a/tests/qemuxmlconfdata/vhost-user-fs-ccw.s390x-latest.args
+++ b/tests/qemuxmlconfdata/vhost-user-fs-ccw.s390x-latest.args
@@ -26,9 +26,8 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-rtc base=utc \
-no-shutdown \
-boot strict=on \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
--device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-storage","id":"virtio-disk0","bootindex":1}' \
-chardev socket,id=chr-vu-fs0,path=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/fs0-fs.sock \
-device '{"driver":"vhost-user-fs-ccw","id":"fs0","chardev":"chr-vu-fs0","tag":"mount_tag","devno":"fe.0.0001"}' \
-audiodev '{"id":"audio1","driver":"none"}' \
diff --git a/tests/qemuxmlconfdata/vhost-vsock-ccw-auto.s390x-latest.args b/tests/qemuxmlconfdata/vhost-vsock-ccw-auto.s390x-latest.args
index 928686ebac..ed9714cec7 100644
--- a/tests/qemuxmlconfdata/vhost-vsock-ccw-auto.s390x-latest.args
+++ b/tests/qemuxmlconfdata/vhost-vsock-ccw-auto.s390x-latest.args
@@ -26,9 +26,8 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-rtc base=utc \
-no-shutdown \
-boot strict=on \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
--device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-storage","id":"virtio-disk0","bootindex":1}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-device '{"driver":"virtio-balloon-ccw","id":"balloon0","devno":"fe.0.0001"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
diff --git a/tests/qemuxmlconfdata/vhost-vsock-ccw-iommu.s390x-latest.args b/tests/qemuxmlconfdata/vhost-vsock-ccw-iommu.s390x-latest.args
index 4fec97f50e..f7c7371648 100644
--- a/tests/qemuxmlconfdata/vhost-vsock-ccw-iommu.s390x-latest.args
+++ b/tests/qemuxmlconfdata/vhost-vsock-ccw-iommu.s390x-latest.args
@@ -26,9 +26,8 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-rtc base=utc \
-no-shutdown \
-boot strict=on \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
--device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-storage","id":"virtio-disk0","bootindex":1}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-device '{"driver":"virtio-balloon-ccw","id":"balloon0","devno":"fe.0.0001"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
diff --git a/tests/qemuxmlconfdata/vhost-vsock-ccw.s390x-latest.args b/tests/qemuxmlconfdata/vhost-vsock-ccw.s390x-latest.args
index 9d2cd4e125..f56ba3b919 100644
--- a/tests/qemuxmlconfdata/vhost-vsock-ccw.s390x-latest.args
+++ b/tests/qemuxmlconfdata/vhost-vsock-ccw.s390x-latest.args
@@ -26,9 +26,8 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-rtc base=utc \
-no-shutdown \
-boot strict=on \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
--device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-storage","id":"virtio-disk0","bootindex":1}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-device '{"driver":"virtio-balloon-ccw","id":"balloon0","devno":"fe.0.0001"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
diff --git a/tests/qemuxmlconfdata/video-virtio-gpu-ccw-auto.s390x-latest.args b/tests/qemuxmlconfdata/video-virtio-gpu-ccw-auto.s390x-latest.args
index fbb07325b1..935aa07144 100644
--- a/tests/qemuxmlconfdata/video-virtio-gpu-ccw-auto.s390x-latest.args
+++ b/tests/qemuxmlconfdata/video-virtio-gpu-ccw-auto.s390x-latest.args
@@ -25,9 +25,8 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-rtc base=utc \
-no-shutdown \
-boot strict=on \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
--device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-storage","id":"virtio-disk0","bootindex":1}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-vnc 127.0.0.1:0,audiodev=audio1 \
-device '{"driver":"virtio-gpu-ccw","id":"video0","max_outputs":1,"devno":"fe.0.0001"}' \
diff --git a/tests/qemuxmlconfdata/video-virtio-gpu-ccw.s390x-latest.args b/tests/qemuxmlconfdata/video-virtio-gpu-ccw.s390x-latest.args
index 4e186b3452..1da8f0ab68 100644
--- a/tests/qemuxmlconfdata/video-virtio-gpu-ccw.s390x-latest.args
+++ b/tests/qemuxmlconfdata/video-virtio-gpu-ccw.s390x-latest.args
@@ -25,9 +25,8 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-rtc base=utc \
-no-shutdown \
-boot strict=on \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
--device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-storage","id":"virtio-disk0","bootindex":1}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-vnc 127.0.0.1:0,audiodev=audio1 \
-device '{"driver":"virtio-gpu-ccw","id":"video0","max_outputs":1,"devno":"fe.0.0002"}' \
diff --git a/tests/qemuxmlconfdata/virtio-rng-ccw.s390x-latest.args b/tests/qemuxmlconfdata/virtio-rng-ccw.s390x-latest.args
index 69bdfc8ac3..fe120c9b9c 100644
--- a/tests/qemuxmlconfdata/virtio-rng-ccw.s390x-latest.args
+++ b/tests/qemuxmlconfdata/virtio-rng-ccw.s390x-latest.args
@@ -27,9 +27,8 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-no-shutdown \
-boot strict=on \
-device '{"driver":"virtio-serial-ccw","id":"virtio-serial0","devno":"fe.0.0001"}' \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
--device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-storage","id":"virtio-disk0","bootindex":1}' \
-chardev pty,id=charconsole0 \
-device '{"driver":"virtconsole","chardev":"charconsole0","id":"console0"}' \
-audiodev '{"id":"audio1","driver":"none"}' \
diff --git a/tests/qemuxmlconfdata/watchdog-diag288.s390x-latest.args b/tests/qemuxmlconfdata/watchdog-diag288.s390x-latest.args
index bc848b8e82..f4f9ec15fb 100644
--- a/tests/qemuxmlconfdata/watchdog-diag288.s390x-latest.args
+++ b/tests/qemuxmlconfdata/watchdog-diag288.s390x-latest.args
@@ -26,9 +26,8 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-rtc base=utc \
-no-shutdown \
-boot strict=on \
--blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
--device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-storage","id":"virtio-disk0","bootindex":1}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-device '{"driver":"diag288","id":"watchdog0"}' \
-watchdog-action inject-nmi \
--
2.44.0
5 months, 1 week
- 3
- 3
SEV start VM help
by 435285706@qq.com
Hi, I'm new to libvirt. I recently tried to start a sev vm with secret injection, and the documentation on this is very good, could you provide me with the steps to start a VM with libvirt's SEV, or documentation on this, thank you very much!
5 months, 1 week
- 1
- 0
[PATCH (RFC and a half?)] network: add rule to nftables backend that zeroes checksum of DHCP responses
by Laine Stump
Many long years ago (April 2010), soon after "vhost" in-kernel packet
processing was added to the virtio-net driver, people running RHEL5
virtual machines with a virtio-net interface connected via a libvirt
virtual network noticed that when vhost packet processing was enabled,
their VMs could no longer get an IP address via DHCP - the guest was
ignoring the DHCP response packets sent by the host.
The (as danpb calls them) "gory details" of this are chronicled here:
https://lists.isc.org/pipermail/dhcp-hackers/2010-April/001835.html
but basically it was because the checksum of packets wasn't being
fully computed on the host side (because the host had checksum
offloading enabled and thought that it would be taken care of later,
e.g. with NIC hardware), while these packets going from a tap device
to a virtio-net NIC in a guest wouldn't get that service, and the
packets would arrive with a "bad checksum".
The "fix" for this ended up being that iptables added a new
"--checksum-fill" action, and libvirt added an iptables rule for each
virtual network to match DHCP response packets and perform
--checksum-fill.
In the meantime, the ISC DHCP package (which contains the dhclient
program that had been rejecting the bad checksum packets) made a
separate fix to their dhclient which caused it to accept packets
anyway even if they didn't have a proper checksum (NB: that's not a
full explanation, and possibly not accurate). The word at the time
from those "in the know" was that the bad checksum problem was really
specific to ISC's dhclient, and so once their fix was in use
everywhere dhclient was used, the problem would be a thing of the past
and the checksum fixup iptables rules would no longer be needed (but
would otherwise be harmless if it was still there).
Based on this information (and also due to the opinion that fixing the
problem by having iptables modify the packet checksum was the wrong
way to fix things), the nftables developers made the decision to not
implement an equivalent to --checksum-fill in nftables. As a result,
when I wrote the nftables firewall backend for libvirt virtual
networks, it didn't add in any rule to "fix" broken UDP checksums
(after all, that was fixed somewhere else 14 years ago, right???)
Cut to last week, when Rich Jones was doing routine testing using
Fedora 40 (the first Fedora release to use the nftables backend of
libvirt's network driver by default) and a FreeBSD guest - for "some
strange reason", the FreeBSD guest was unable to get an IP address
from DHCP!!
https://www.spinics.net/linux/fedora/libvirt-users/msg14356.html
A few quick tests proved that it was the same old "bad checksum"
problem from 2010 come back to haunt us.
After some discussion with Phil Sutter and Eric Garver (nftables
people), they suggested that, while nftables doesn't have an action
that will *compute* the checksum of a packet, it *does* have an action
that will set the checksum to 0, and that maybe we should try
that. Then Phil tried it himself by manually adding such a rule to a
running system, and verified that it did fix the issue at least for
FreeBSD guests.
So over the weekend I came up with a patch to add a checksum 0 rule to
the rules setup for each virtual network. This is that patch.
I have so far verified that this patch enables FreeBSD to receive the
DHCP response and get an IP address, and that it hasn't *broken* this
functionality for a random old Fedora image I had (Fedora 27!?!?! I
really need to update my test images!!). Before pushing it I would
like to verify that zeroing the checksum of DHCP response packets
doesn't break any other guest, so I would appreciate the help of
anyone who could build and install libvirt with this patch and let me
know of both successes and failures of any guest to acquire an IP
address with DHCP. Once I've received enough positive reports (and 0
negative reports!) then we can think about pushing this patch (and
also backporting it downstream to Fedora 40)
Signed-off-by: Laine Stump <laine(a)redhat.com>
---
src/network/network_nftables.c | 69 +++++++++++++++++++
.../forward-dev-linux.nftables | 16 +++++
.../isolated-linux.nftables | 16 +++++
.../nat-default-linux.nftables | 16 +++++
.../nat-ipv6-linux.nftables | 16 +++++
.../nat-ipv6-masquerade-linux.nftables | 16 +++++
.../nat-many-ips-linux.nftables | 16 +++++
.../nat-port-range-ipv6-linux.nftables | 16 +++++
.../nat-port-range-linux.nftables | 16 +++++
.../nat-tftp-linux.nftables | 16 +++++
.../route-default-linux.nftables | 16 +++++
11 files changed, 229 insertions(+)
diff --git a/src/network/network_nftables.c b/src/network/network_nftables.c
index f8b5ab665d..5523207269 100644
--- a/src/network/network_nftables.c
+++ b/src/network/network_nftables.c
@@ -51,6 +51,7 @@ VIR_LOG_INIT("network.nftables");
#define VIR_NFTABLES_FWD_OUT_CHAIN "guest_output"
#define VIR_NFTABLES_FWD_X_CHAIN "guest_cross"
#define VIR_NFTABLES_NAT_POSTROUTE_CHAIN "guest_nat"
+#define VIR_NFTABLES_MANGLE_POSTROUTE_CHAIN "postroute_mangle"
/* we must avoid using the standard "filter" table as used by
* iptables, as any subsequent attempts to use iptables commands will
@@ -106,6 +107,10 @@ nftablesGlobalChain nftablesChains[] = {
/* chains for NAT rules */
{NULL, VIR_NFTABLES_NAT_POSTROUTE_CHAIN, "{ type nat hook postrouting priority 100; policy accept; }"},
+
+ /* chain for "mangle" rules that modify packets (e.g. 0 out UDP checksums) */
+ {NULL, VIR_NFTABLES_MANGLE_POSTROUTE_CHAIN, "{ type filter hook postrouting priority 0; policy accept; }"},
+
};
@@ -644,6 +649,44 @@ nftablesAddDontMasquerade(virFirewall *fw,
}
+/**
+ * nftablesAddOutputFixUdpChecksum:
+ *
+ * Add a rule to @fw that will 0 out the checksum of udp packets
+ * output from @iface with destination port @port.
+
+ * Zeroing the checksum of a UDP packet tells the receiving end "you
+ * don't need to validate the checksum", which is useful in cases
+ * where the host (sender) thinks that packet checksums will be
+ * computed elsewhere (and so leaves a partially computed checksum in
+ * the packet header) while the guest (receiver) thinks that the
+ * checksum has already been fully computed; in the meantime none of
+ * the code in between has actually finished computing the
+ * checksum.
+ *
+ * An example of this is DHCP response packets from host to
+ * guest. If the checksum of each of these packets isn't zeroed, then
+ * many guests (e.g. FreeBSD) will drop them with reason BAD CHECKSUM;
+ * if the packets arrive at those guests with a checksum of 0, they
+ * will happily accept the packet.
+ */
+static void
+nftablesAddOutputFixUdpChecksum(virFirewall *fw,
+ const char *iface,
+ int port)
+{
+ g_autofree char *portstr = g_strdup_printf("%d", port);
+
+ virFirewallAddCmd(fw, VIR_FIREWALL_LAYER_IPV4,
+ "insert", "rule", "ip",
+ VIR_NFTABLES_PRIVATE_TABLE,
+ VIR_NFTABLES_MANGLE_POSTROUTE_CHAIN,
+ "oif", iface, "udp", "dport", portstr,
+ "counter", "udp", "checksum", "set", "0",
+ NULL);
+}
+
+
static const char networkLocalMulticastIPv4[] = "224.0.0.0/24";
static const char networkLocalMulticastIPv6[] = "ff02::/16";
static const char networkLocalBroadcast[] = "255.255.255.255/32";
@@ -901,6 +944,30 @@ nftablesAddGeneralFirewallRules(virFirewall *fw,
}
+static void
+nftablesAddChecksumFirewallRules(virFirewall *fw,
+ virNetworkDef *def)
+{
+ size_t i;
+ virNetworkIPDef *ipv4def;
+
+ /* Look for the first IPv4 address that has dhcp or tftpboot
+ * defined. We support dhcp config on 1 IPv4 interface only.
+ */
+ for (i = 0; (ipv4def = virNetworkDefGetIPByIndex(def, AF_INET, i)); i++) {
+ if (ipv4def->nranges || ipv4def->nhosts)
+ break;
+ }
+
+ /* If we are doing local DHCP service on this network, add a rule
+ * that will fixup the checksum of DHCP response packets back to
+ * the guests.
+ */
+ if (ipv4def)
+ nftablesAddOutputFixUdpChecksum(fw, def->bridge, 68);
+}
+
+
static int
nftablesAddIPSpecificFirewallRules(virFirewall *fw,
virNetworkDef *def,
@@ -952,6 +1019,8 @@ nftablesAddFirewallRules(virNetworkDef *def, virFirewall **fwRemoval)
return -1;
}
+ nftablesAddChecksumFirewallRules(fw, def);
+
if (virFirewallApply(fw) < 0)
return -1;
diff --git a/tests/networkxml2firewalldata/forward-dev-linux.nftables b/tests/networkxml2firewalldata/forward-dev-linux.nftables
index 8badb74beb..9dea1a88a4 100644
--- a/tests/networkxml2firewalldata/forward-dev-linux.nftables
+++ b/tests/networkxml2firewalldata/forward-dev-linux.nftables
@@ -156,3 +156,19 @@ daddr \
224.0.0.0/24 \
counter \
return
+nft \
+-ae insert \
+rule \
+ip \
+libvirt_network \
+postroute_mangle \
+oif \
+virbr0 \
+udp \
+dport \
+68 \
+counter \
+udp \
+checksum \
+set \
+0
diff --git a/tests/networkxml2firewalldata/isolated-linux.nftables b/tests/networkxml2firewalldata/isolated-linux.nftables
index d1b4dac178..67ee0a2bf5 100644
--- a/tests/networkxml2firewalldata/isolated-linux.nftables
+++ b/tests/networkxml2firewalldata/isolated-linux.nftables
@@ -62,3 +62,19 @@ oif \
virbr0 \
counter \
accept
+nft \
+-ae insert \
+rule \
+ip \
+libvirt_network \
+postroute_mangle \
+oif \
+virbr0 \
+udp \
+dport \
+68 \
+counter \
+udp \
+checksum \
+set \
+0
diff --git a/tests/networkxml2firewalldata/nat-default-linux.nftables b/tests/networkxml2firewalldata/nat-default-linux.nftables
index 28508292f9..951a5a6d60 100644
--- a/tests/networkxml2firewalldata/nat-default-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-default-linux.nftables
@@ -142,3 +142,19 @@ daddr \
224.0.0.0/24 \
counter \
return
+nft \
+-ae insert \
+rule \
+ip \
+libvirt_network \
+postroute_mangle \
+oif \
+virbr0 \
+udp \
+dport \
+68 \
+counter \
+udp \
+checksum \
+set \
+0
diff --git a/tests/networkxml2firewalldata/nat-ipv6-linux.nftables b/tests/networkxml2firewalldata/nat-ipv6-linux.nftables
index d8a9ba706d..617ed8b753 100644
--- a/tests/networkxml2firewalldata/nat-ipv6-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-ipv6-linux.nftables
@@ -200,3 +200,19 @@ oif \
virbr0 \
counter \
accept
+nft \
+-ae insert \
+rule \
+ip \
+libvirt_network \
+postroute_mangle \
+oif \
+virbr0 \
+udp \
+dport \
+68 \
+counter \
+udp \
+checksum \
+set \
+0
diff --git a/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables b/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables
index a7f09cda59..a710d0e296 100644
--- a/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables
@@ -272,3 +272,19 @@ daddr \
ff02::/16 \
counter \
return
+nft \
+-ae insert \
+rule \
+ip \
+libvirt_network \
+postroute_mangle \
+oif \
+virbr0 \
+udp \
+dport \
+68 \
+counter \
+udp \
+checksum \
+set \
+0
diff --git a/tests/networkxml2firewalldata/nat-many-ips-linux.nftables b/tests/networkxml2firewalldata/nat-many-ips-linux.nftables
index b826fe6134..0be5fb7e65 100644
--- a/tests/networkxml2firewalldata/nat-many-ips-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-many-ips-linux.nftables
@@ -366,3 +366,19 @@ daddr \
224.0.0.0/24 \
counter \
return
+nft \
+-ae insert \
+rule \
+ip \
+libvirt_network \
+postroute_mangle \
+oif \
+virbr0 \
+udp \
+dport \
+68 \
+counter \
+udp \
+checksum \
+set \
+0
diff --git a/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.nftables b/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.nftables
index ceaed6fa40..7574356855 100644
--- a/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.nftables
@@ -384,3 +384,19 @@ daddr \
ff02::/16 \
counter \
return
+nft \
+-ae insert \
+rule \
+ip \
+libvirt_network \
+postroute_mangle \
+oif \
+virbr0 \
+udp \
+dport \
+68 \
+counter \
+udp \
+checksum \
+set \
+0
diff --git a/tests/networkxml2firewalldata/nat-port-range-linux.nftables b/tests/networkxml2firewalldata/nat-port-range-linux.nftables
index 1dc37a26ec..127536e4db 100644
--- a/tests/networkxml2firewalldata/nat-port-range-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-port-range-linux.nftables
@@ -312,3 +312,19 @@ oif \
virbr0 \
counter \
accept
+nft \
+-ae insert \
+rule \
+ip \
+libvirt_network \
+postroute_mangle \
+oif \
+virbr0 \
+udp \
+dport \
+68 \
+counter \
+udp \
+checksum \
+set \
+0
diff --git a/tests/networkxml2firewalldata/nat-tftp-linux.nftables b/tests/networkxml2firewalldata/nat-tftp-linux.nftables
index 28508292f9..951a5a6d60 100644
--- a/tests/networkxml2firewalldata/nat-tftp-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-tftp-linux.nftables
@@ -142,3 +142,19 @@ daddr \
224.0.0.0/24 \
counter \
return
+nft \
+-ae insert \
+rule \
+ip \
+libvirt_network \
+postroute_mangle \
+oif \
+virbr0 \
+udp \
+dport \
+68 \
+counter \
+udp \
+checksum \
+set \
+0
diff --git a/tests/networkxml2firewalldata/route-default-linux.nftables b/tests/networkxml2firewalldata/route-default-linux.nftables
index 282c9542a5..be9c4f5439 100644
--- a/tests/networkxml2firewalldata/route-default-linux.nftables
+++ b/tests/networkxml2firewalldata/route-default-linux.nftables
@@ -56,3 +56,19 @@ oif \
virbr0 \
counter \
accept
+nft \
+-ae insert \
+rule \
+ip \
+libvirt_network \
+postroute_mangle \
+oif \
+virbr0 \
+udp \
+dport \
+68 \
+counter \
+udp \
+checksum \
+set \
+0
--
2.47.0
5 months, 1 week
- 3
- 7