[libvirt PATCH v3] qemu: tpm: do not update profile name for transient domains
by Ján Tomko
If we do not have a persistent definition, there's no point in
looking for it since we cannot store it.
Also skip the update if the tpm device(s) in the persistent
definition are different.
This fixes the crash when starting a transient domain.
https://issues.redhat.com/browse/RHEL-69774
Fixes: d79542eec669eb9c449bb8228179e7a87e768017
Signed-off-by: Ján Tomko <jtomko(a)redhat.com>
---
src/qemu/qemu_extdevice.c | 13 ++++++++++++-
src/qemu/qemu_tpm.c | 2 +-
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_extdevice.c b/src/qemu/qemu_extdevice.c
index a6f31f9773..954cb323a4 100644
--- a/src/qemu/qemu_extdevice.c
+++ b/src/qemu/qemu_extdevice.c
@@ -190,7 +190,18 @@ qemuExtDevicesStart(virQEMUDriver *driver,
for (i = 0; i < def->ntpms; i++) {
virDomainTPMDef *tpm = def->tpms[i];
- virDomainTPMDef *persistentTPMDef = persistentDef->tpms[i];
+ virDomainTPMDef *persistentTPMDef = NULL;
+
+ if (persistentDef) {
+ /* do not try to update the profile in the persistent definition
+ * if the device does not match */
+ if (persistentDef->ntpms == def->ntpms)
+ persistentTPMDef = persistentDef->tpms[i];
+ if (persistentTPMDef &&
+ (persistentTPMDef->type != tpm->type ||
+ persistentTPMDef->model != tpm->model))
+ persistentTPMDef = NULL;
+ }
if (tpm->type == VIR_DOMAIN_TPM_TYPE_EMULATOR &&
qemuExtTPMStart(driver, vm, tpm, persistentTPMDef,
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index f223dcb9ae..f5e0184e54 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -773,7 +773,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
incomingMigration) < 0)
goto error;
- if (run_setup && !incomingMigration &&
+ if (run_setup && !incomingMigration && persistentTPMDef &&
qemuTPMEmulatorUpdateProfileName(&tpm->data.emulator, persistentTPMDef,
cfg, saveDef) < 0)
goto error;
--
2.47.0
4 months, 2 weeks
[libvirt PATCH v2] qemu: tpm: do not update profile name for transient domains
by Ján Tomko
If we do not have a persistent definition, there's no point in
looking for it since we cannot store it.
Also skip the update if the tpm device(s) in the persistent
definition are different.
This fixes the crash when starting a transient domain.
https://issues.redhat.com/browse/RHEL-69774
Fixes: d79542eec669eb9c449bb8228179e7a87e768017
Signed-off-by: Ján Tomko <jtomko(a)redhat.com>
---
src/qemu/qemu_extdevice.c | 12 +++++++++++-
src/qemu/qemu_tpm.c | 2 +-
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_extdevice.c b/src/qemu/qemu_extdevice.c
index a6f31f9773..21db01a361 100644
--- a/src/qemu/qemu_extdevice.c
+++ b/src/qemu/qemu_extdevice.c
@@ -190,7 +190,17 @@ qemuExtDevicesStart(virQEMUDriver *driver,
for (i = 0; i < def->ntpms; i++) {
virDomainTPMDef *tpm = def->tpms[i];
- virDomainTPMDef *persistentTPMDef = persistentDef->tpms[i];
+ virDomainTPMDef *persistentTPMDef = NULL;
+
+ if (persistentDef) {
+ /* do not try to update the profile in the persistent definition
+ * if the device does not match */
+ if (persistentDef->ntpms == def->ntpms)
+ persistentTPMDef = persistentDef->tpms[i];
+ if (persistentTPMDef->type != tpm->type ||
+ persistentTPMDef->model != tpm->model)
+ persistentTPMDef = NULL;
+ }
if (tpm->type == VIR_DOMAIN_TPM_TYPE_EMULATOR &&
qemuExtTPMStart(driver, vm, tpm, persistentTPMDef,
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index f223dcb9ae..f5e0184e54 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -773,7 +773,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
incomingMigration) < 0)
goto error;
- if (run_setup && !incomingMigration &&
+ if (run_setup && !incomingMigration && persistentTPMDef &&
qemuTPMEmulatorUpdateProfileName(&tpm->data.emulator, persistentTPMDef,
cfg, saveDef) < 0)
goto error;
--
2.47.0
4 months, 2 weeks
libvirt-gusts blocking boots sequence and usb recovery and others
by "Justin Lanouette (“Anarchsun”)"
im stuck in a loop because libvirt-service is configured not to start any guests on boot but i need boot options to access grub boot menu or usb boot refi nothing loads not grub nor do r boot option or alt boot nothing works not boot or shift boot noting except target disk mode… its a 2009 iMac on Ubuntu but i must of played with root access or something but i never configured libvirt to block everything and local defi boot gets stuck in a loop because of missing guests i guess...
4 months, 2 weeks
[PATCH 1/1] virt-aa-helper: allow riscv64 EDK II
by Heinrich Schuchardt
Debian has packaged EDK II for 64-bit RISC-V in directory
/usr/share/qemu-efi-riscv64/.
For usage with libvirt update the AppArmor helper.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt(a)canonical.com>
---
src/security/virt-aa-helper.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index e82b5de2b4..1cf9d7ad3d 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -481,6 +481,7 @@ valid_path(const char *path, const bool readonly)
"/usr/share/AAVMF/",
"/usr/share/qemu-efi/", /* for AAVMF images */
"/usr/share/qemu-efi-aarch64/",
+ "/usr/share/qemu-efi-riscv64/",
"/usr/share/qemu/", /* SUSE path for OVMF and AAVMF images */
"/usr/lib/u-boot/",
"/usr/lib/riscv64-linux-gnu/opensbi",
--
2.45.2
4 months, 2 weeks
[PATCH pushed] qemuDomainDiskChangeSupportedIothreads: Change error wording to fix grammar
by Peter Krempa
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
src/qemu/qemu_domain.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 1fc4e2f33f..3366346624 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -6676,7 +6676,7 @@ qemuDomainDiskChangeSupportedIothreads(virDomainDiskDef *disk,
fail:
virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
- _("cannot modify field '<iothreads>' (or it's parts) of the disk"));
+ _("cannot modify '<iothreads>' configuration of the disk"));
return false;
}
--
2.47.0
4 months, 2 weeks
[PATCH v2 0/5] Allow Guest CPU Model with Deprecated Features Disabled
by Collin Walling
# Changelog
v2
- rebased on latest master changes
# Description
Add support for libvirt to query and cache an array of deprecated CPU features
(aka CPU properties) for the host-model. This data is queried via a full
query-cpu-model-expansion and cached in the QEMU capabilities file. This
model expansion will depend on the availability of the "deprecated-props" field
resulting from a query-cpu-model-expansion command. Currently, only s390x
supports this field.
The purpose of these patches is to make it easy for users to create guests with
a CPU model that will be compatible & migratable with future hardware.
An updated host CPU model with deprecated features paired with the policy "disable"
may be visable via an update to the virsh domcapabilities command with the
--disable-deprecated-features flag. An example is shown below.
Note: other CPU model queries (e.g. baseline and comparison) currently do not
consider deprecated features, as their outputs do not consider feature policy.
If implementation is desired, it will require a discussion on how these
commands should report policies.
Examples:
virsh domcapabilities --disable-deprecated-features
e.g. output (trimmed):
<mode name='host-model' supported='yes'>
<model fallback='forbid'>z14.2-base</model>
<feature policy='require' name='aen'/>
<feature policy='require' name='cmmnt'/>
<feature policy='require' name='aefsi'/>
<feature policy='require' name='diag318'/>
<feature policy='require' name='mepoch'/>
<feature policy='require' name='msa8'/>
<feature policy='require' name='msa7'/>
<feature policy='require' name='msa6'/>
<feature policy='require' name='msa5'/>
<feature policy='require' name='msa4'/>
<feature policy='require' name='msa3'/>
<feature policy='require' name='msa2'/>
<feature policy='require' name='msa1'/>
<feature policy='require' name='sthyi'/>
<feature policy='require' name='edat'/>
<feature policy='require' name='ri'/>
<feature policy='require' name='edat2'/>
<feature policy='require' name='etoken'/>
<feature policy='require' name='vx'/>
<feature policy='require' name='ipter'/>
<feature policy='require' name='mepochptff'/>
<feature policy='require' name='ap'/>
<feature policy='require' name='vxeh'/>
<feature policy='require' name='vxpd'/>
<feature policy='require' name='esop'/>
<feature policy='require' name='apqi'/>
<feature policy='require' name='apft'/>
<feature policy='require' name='els'/>
<feature policy='require' name='iep'/>
<feature policy='require' name='apqci'/>
<feature policy='disable' name='cte'/>
<feature policy='require' name='ais'/>
<feature policy='disable' name='bpb'/>
<feature policy='require' name='ctop'/>
<feature policy='require' name='gs'/>
<feature policy='require' name='ppa15'/>
<feature policy='require' name='zpci'/>
<feature policy='require' name='sea_esop2'/>
<feature policy='disable' name='te'/>
<feature policy='require' name='cmm'/>
<feature policy='disable' name='csske'/>
</mode>
A domain may be defined with a new <cpu> XML attribute, deprecated_features='on|off':
<cpu mode='host-model' check='partial' deprecated_features='off'/>
e.g. after guest has started (trimmed):
<cpu mode='custom' match='exact' check='partial' deprecated_features='off'>
<model fallback='forbid'>z14.2-base</model>
<feature policy='require' name='aen'/>
<feature policy='require' name='cmmnt'/>
<feature policy='require' name='aefsi'/>
<feature policy='require' name='diag318'/>
<feature policy='require' name='mepoch'/>
<feature policy='require' name='msa8'/>
<feature policy='require' name='msa7'/>
<feature policy='require' name='msa6'/>
<feature policy='require' name='msa5'/>
<feature policy='require' name='msa4'/>
<feature policy='require' name='msa3'/>
<feature policy='require' name='msa2'/>
<feature policy='require' name='msa1'/>
<feature policy='require' name='sthyi'/>
<feature policy='require' name='edat'/>
<feature policy='require' name='ri'/>
<feature policy='require' name='edat2'/>
<feature policy='require' name='etoken'/>
<feature policy='require' name='vx'/>
<feature policy='require' name='ipter'/>
<feature policy='require' name='mepochptff'/>
<feature policy='require' name='ap'/>
<feature policy='require' name='vxeh'/>
<feature policy='require' name='vxpd'/>
<feature policy='require' name='esop'/>
<feature policy='require' name='apqi'/>
<feature policy='require' name='apft'/>
<feature policy='require' name='els'/>
<feature policy='require' name='iep'/>
<feature policy='require' name='apqci'/>
<feature policy='disable' name='cte'/>
<feature policy='require' name='ais'/>
<feature policy='disable' name='bpb'/>
<feature policy='require' name='ctop'/>
<feature policy='require' name='gs'/>
<feature policy='require' name='ppa15'/>
<feature policy='require' name='zpci'/>
<feature policy='require' name='sea_esop2'/>
<feature policy='disable' name='te'/>
<feature policy='require' name='cmm'/>
<feature policy='disable' name='csske'/>
</cpu>
Collin Walling (5):
qemuMonitorJSONGetCPUModelExpansion: refactor parsing functions
qemu: parse deprecated-props from query-cpu-model-expansion response
qemu_capabilities: query deprecated features for host-model
virsh: add --disable-deprecated-features flag to domcapabilities
conf: add deprecated_features attribute
docs/manpages/virsh.rst | 6 +
include/libvirt/libvirt-domain.h | 12 +
src/conf/cpu_conf.c | 10 +
src/conf/cpu_conf.h | 1 +
src/conf/schemas/cputypes.rng | 12 +
src/libvirt-domain.c | 2 +-
src/qemu/qemu_capabilities.c | 89 +++++
src/qemu/qemu_capabilities.h | 4 +
src/qemu/qemu_driver.c | 8 +-
src/qemu/qemu_monitor.c | 10 +
src/qemu/qemu_monitor.h | 1 +
src/qemu/qemu_monitor_json.c | 64 +++-
src/qemu/qemu_process.c | 4 +
.../caps_9.1.0_s390x.replies | 348 +++++++++++++++++-
.../qemucapabilitiesdata/caps_9.1.0_s390x.xml | 13 +
.../caps_9.2.0_s390x.replies | 348 +++++++++++++++++-
.../qemucapabilitiesdata/caps_9.2.0_s390x.xml | 13 +
tools/virsh-host.c | 9 +-
18 files changed, 940 insertions(+), 14 deletions(-)
--
2.45.1
4 months, 2 weeks
[PATCH v6 00/18] *** qemu: block: Support block disk along with throttle filters ***
by Harikumar R
*** Support block disk along with throttle filters ***
Chun Feng Wu (17):
schema: Add new domain elements to support multiple throttle groups
schema: Add new domain elements to support multiple throttle filters
config: Introduce ThrottleGroup and corresponding XML parsing
config: Introduce ThrottleFilter and corresponding XML parsing
qemu: monitor: Add support for ThrottleGroup operations
tests: Test qemuMonitorJSONGetThrottleGroup and
qemuMonitorJSONUpdateThrottleGroup
remote: New APIs for ThrottleGroup lifecycle management
qemu: Refactor qemuDomainSetBlockIoTune to extract common methods
qemu: Implement qemu driver for throttle API
qemu: helper: throttle filter nodename and preparation processing
qemu: block: Support block disk along with throttle filters
config: validate: Verify iotune, throttle group and filter
qemuxmlconftest: Add 'throttlefilter' tests
test_driver: Test throttle group lifecycle APIs
virsh: Refactor iotune options for re-use
virsh: Add support for throttle group operations
virsh: Add option "throttle-groups" to "attach_disk"
Harikumar R (1):
tests: Test qemuxmlactivetestThrottleGroup
docs/formatdomain.rst | 47 ++
docs/manpages/virsh.rst | 135 +++-
include/libvirt/libvirt-domain.h | 21 +
src/conf/domain_conf.c | 405 +++++++++++
src/conf/domain_conf.h | 45 ++
src/conf/domain_validate.c | 119 ++-
src/conf/schemas/domaincommon.rng | 293 ++++----
src/conf/virconftypes.h | 4 +
src/driver-hypervisor.h | 22 +
src/libvirt-domain.c | 174 +++++
src/libvirt_private.syms | 8 +
src/libvirt_public.syms | 7 +
src/qemu/qemu_block.c | 136 ++++
src/qemu/qemu_block.h | 49 ++
src/qemu/qemu_command.c | 180 +++++
src/qemu/qemu_command.h | 6 +
src/qemu/qemu_domain.c | 73 +-
src/qemu/qemu_driver.c | 619 +++++++++++++---
src/qemu/qemu_hotplug.c | 33 +
src/qemu/qemu_monitor.c | 34 +
src/qemu/qemu_monitor.h | 14 +
src/qemu/qemu_monitor_json.c | 134 ++++
src/qemu/qemu_monitor_json.h | 14 +
src/remote/remote_daemon_dispatch.c | 44 ++
src/remote/remote_driver.c | 40 ++
src/remote/remote_protocol.x | 48 +-
src/remote_protocol-structs | 28 +
src/test/test_driver.c | 452 ++++++++----
tests/qemumonitorjsontest.c | 86 +++
.../throttlefilter-in.xml | 392 ++++++++++
.../throttlefilter-out.xml | 393 ++++++++++
tests/qemuxmlactivetest.c | 1 +
.../throttlefilter-invalid.x86_64-latest.err | 1 +
.../throttlefilter-invalid.xml | 89 +++
.../throttlefilter.x86_64-latest.args | 55 ++
.../throttlefilter.x86_64-latest.xml | 105 +++
tests/qemuxmlconfdata/throttlefilter.xml | 95 +++
tests/qemuxmlconftest.c | 2 +
tools/virsh-completer-domain.c | 82 +++
tools/virsh-completer-domain.h | 16 +
tools/virsh-domain.c | 680 ++++++++++++++----
41 files changed, 4656 insertions(+), 525 deletions(-)
create mode 100644 tests/qemustatusxml2xmldata/throttlefilter-in.xml
create mode 100644 tests/qemustatusxml2xmldata/throttlefilter-out.xml
create mode 100644 tests/qemuxmlconfdata/throttlefilter-invalid.x86_64-latest.err
create mode 100644 tests/qemuxmlconfdata/throttlefilter-invalid.xml
create mode 100644 tests/qemuxmlconfdata/throttlefilter.x86_64-latest.args
create mode 100644 tests/qemuxmlconfdata/throttlefilter.x86_64-latest.xml
create mode 100644 tests/qemuxmlconfdata/throttlefilter.xml
--
2.39.5 (Apple Git-154)
4 months, 2 weeks
[PATCH 1/1] virt-aa-helper: allow riscv64 EDK II
by Heinrich Schuchardt
Debian has packaged EDK II for 64-bit RISC-V in directory
/usr/share/qemu-efi-riscv64/.
For usage with libvirt update the AppArmor helper.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt(a)canonical.com>
---
src/security/virt-aa-helper.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index e82b5de2b4..1cf9d7ad3d 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -481,6 +481,7 @@ valid_path(const char *path, const bool readonly)
"/usr/share/AAVMF/",
"/usr/share/qemu-efi/", /* for AAVMF images */
"/usr/share/qemu-efi-aarch64/",
+ "/usr/share/qemu-efi-riscv64/",
"/usr/share/qemu/", /* SUSE path for OVMF and AAVMF images */
"/usr/lib/u-boot/",
"/usr/lib/riscv64-linux-gnu/opensbi",
--
2.45.2
4 months, 2 weeks
[PATCH 0/5] cpu_map: Add missing -v1 models
by Jiri Denemark
CPU models that do not have a list of versions attached are still
advertised as aliases to corresponding -v1 variants. We should add the
missing variants to the CPU map.
Available on gitlab:
git fetch https://gitlab.com/jirkade/libvirt.git cpu-versions
Pipeline: https://gitlab.com/jirkade/libvirt/-/pipelines/1564399375
Jiri Denemark (5):
cpu_map: Sort data files in meson.build
sync_qemu_models_i386: Update meson.build
sync_qemu_models_i386: Ignore old models
sync_qemu_models_i386: Generate missing -v1 variants
cpu_map: Add missing -v1 models
src/cpu_map/index.xml | 2 +
src/cpu_map/meson.build | 18 +++---
src/cpu_map/sync_qemu_models_i386.py | 58 +++++++++++++++++++
src/cpu_map/x86_EPYC-Genoa-v1.xml | 6 ++
src/cpu_map/x86_KnightsMill-v1.xml | 6 ++
.../domaincapsdata/qemu_5.2.0-q35.x86_64.xml | 14 ++++-
.../domaincapsdata/qemu_5.2.0-tcg.x86_64.xml | 20 ++++++-
tests/domaincapsdata/qemu_5.2.0.x86_64.xml | 14 ++++-
.../domaincapsdata/qemu_6.0.0-q35.x86_64.xml | 14 ++++-
.../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml | 20 ++++++-
tests/domaincapsdata/qemu_6.0.0.x86_64.xml | 14 ++++-
.../domaincapsdata/qemu_6.1.0-q35.x86_64.xml | 14 ++++-
.../domaincapsdata/qemu_6.1.0-tcg.x86_64.xml | 20 ++++++-
tests/domaincapsdata/qemu_6.1.0.x86_64.xml | 14 ++++-
.../domaincapsdata/qemu_6.2.0-q35.x86_64.xml | 14 ++++-
.../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml | 20 ++++++-
tests/domaincapsdata/qemu_6.2.0.x86_64.xml | 14 ++++-
.../domaincapsdata/qemu_7.0.0-q35.x86_64.xml | 14 ++++-
.../domaincapsdata/qemu_7.0.0-tcg.x86_64.xml | 20 ++++++-
tests/domaincapsdata/qemu_7.0.0.x86_64.xml | 14 ++++-
.../domaincapsdata/qemu_7.1.0-q35.x86_64.xml | 14 ++++-
.../domaincapsdata/qemu_7.1.0-tcg.x86_64.xml | 20 ++++++-
tests/domaincapsdata/qemu_7.1.0.x86_64.xml | 14 ++++-
.../domaincapsdata/qemu_7.2.0-q35.x86_64.xml | 14 ++++-
.../qemu_7.2.0-tcg.x86_64+hvf.xml | 16 ++++-
.../domaincapsdata/qemu_7.2.0-tcg.x86_64.xml | 16 ++++-
tests/domaincapsdata/qemu_7.2.0.x86_64.xml | 14 ++++-
.../domaincapsdata/qemu_8.0.0-q35.x86_64.xml | 14 ++++-
.../domaincapsdata/qemu_8.0.0-tcg.x86_64.xml | 16 ++++-
tests/domaincapsdata/qemu_8.0.0.x86_64.xml | 14 ++++-
.../domaincapsdata/qemu_8.1.0-q35.x86_64.xml | 46 ++++++++++++++-
.../domaincapsdata/qemu_8.1.0-tcg.x86_64.xml | 56 +++++++++++++++++-
tests/domaincapsdata/qemu_8.1.0.x86_64.xml | 46 ++++++++++++++-
.../domaincapsdata/qemu_8.2.0-q35.x86_64.xml | 46 ++++++++++++++-
.../domaincapsdata/qemu_8.2.0-tcg.x86_64.xml | 55 +++++++++++++++++-
tests/domaincapsdata/qemu_8.2.0.x86_64.xml | 46 ++++++++++++++-
.../domaincapsdata/qemu_9.0.0-q35.x86_64.xml | 46 ++++++++++++++-
.../domaincapsdata/qemu_9.0.0-tcg.x86_64.xml | 54 ++++++++++++++++-
tests/domaincapsdata/qemu_9.0.0.x86_64.xml | 46 ++++++++++++++-
.../domaincapsdata/qemu_9.1.0-q35.x86_64.xml | 46 ++++++++++++++-
.../domaincapsdata/qemu_9.1.0-tcg.x86_64.xml | 54 ++++++++++++++++-
tests/domaincapsdata/qemu_9.1.0.x86_64.xml | 46 ++++++++++++++-
.../domaincapsdata/qemu_9.2.0-q35.x86_64.xml | 46 ++++++++++++++-
.../domaincapsdata/qemu_9.2.0-tcg.x86_64.xml | 54 ++++++++++++++++-
tests/domaincapsdata/qemu_9.2.0.x86_64.xml | 46 ++++++++++++++-
45 files changed, 1152 insertions(+), 63 deletions(-)
create mode 100644 src/cpu_map/x86_EPYC-Genoa-v1.xml
create mode 100644 src/cpu_map/x86_KnightsMill-v1.xml
--
2.47.0
4 months, 3 weeks
