[PATCH] qemu_domain: tolerate ACPI feature on S390
by Boris Fiuczynski
Migrations of S390 domains from hosts with QEMU supporting ACPI and a
libvirt version prior 9.1.0 fail when the destination host runs a QEMU
not supporting ACPI and a libvirt version 9.1.0 or older. Actually S390
never supported ACPI but domains were allowed to have the feature ACPI
enabled and it was silently tolerated. To allow migration from libvirt
versions prior 9.1.0 which allowed the ACPI feature to be used on S390
tolerate ACPI by setting it to absent if specified and QEMU does not
support it.
Resolves: https://issues.redhat.com/browse/RHEL-49516
Signed-off-by: Boris Fiuczynski <fiuczy(a)linux.ibm.com>
---
src/qemu/qemu_domain.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 198ab99aef..fbc336ac66 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -4499,6 +4499,16 @@ qemuDomainDefEnableDefaultFeatures(virDomainDef *def,
* capabilities, we still want to enable this */
def->features[VIR_DOMAIN_FEATURE_GIC] = VIR_TRISTATE_SWITCH_ON;
}
+
+ /* To support migration from libvirt versions prio 9.1.0 which allowed
+ * the ACPI feature to be used on S390 tolerate ACPI by setting it to
+ * absent if specified and QEMU does not support it */
+ if (ARCH_IS_S390(def->os.arch) &&
+ def->features[VIR_DOMAIN_FEATURE_ACPI] != VIR_TRISTATE_SWITCH_ABSENT &&
+ virQEMUCapsMachineSupportsACPI(qemuCaps, def->virtType, def->os.machine) == VIR_TRISTATE_BOOL_NO) {
+ VIR_DEBUG("Tolerate ACPI on S390 by removing the ACPI feature");
+ def->features[VIR_DOMAIN_FEATURE_ACPI] = VIR_TRISTATE_SWITCH_ABSENT;
+ }
}
--
2.45.0
3 months, 3 weeks
[PATCH RESEND] crypto: add support for sm4 without key length suffix and remove the restriction about ciper name in xml
by luzhipeng
qemu add sm4 in release 9, but the name of sm4 doesn't have the key
length suffix, So set size to 0, construct cipher name without
key length as suffix.
In order to support the snapshot of encrypted disks, it remove
the restrictions about cipher names in XML
Signed-off-by: luzhipeng <luzhipeng(a)cestc.cn>
---
docs/formatstorageencryption.rst | 8 +++++---
src/conf/domain_validate.c | 12 ------------
src/qemu/qemu_block.c | 10 +++++++---
3 files changed, 12 insertions(+), 18 deletions(-)
diff --git a/docs/formatstorageencryption.rst b/docs/formatstorageencryption.rst
index 066d285090..6cb8cf024c 100644
--- a/docs/formatstorageencryption.rst
+++ b/docs/formatstorageencryption.rst
@@ -75,11 +75,13 @@ initialization vector generation.
``name``
The name of the cipher algorithm used for data encryption, such as 'aes',
- 'des', 'cast5', 'serpent', 'twofish', etc. Support of the specific
+ 'des', 'cast5', 'serpent', 'twofish', 'sm4', etc. Support of the specific
algorithm is storage driver implementation dependent.
``size``
- The size of the cipher in bits, such as '256', '192', '128', etc. Support
- of the specific size for a specific cipher is hypervisor dependent.
+ The size of the cipher in bits, such as '256', '192', '128', '0', etc.
+ '0' indicates that the encryption algorithm name doesn't have key length
+ suffix. Support of the specific size for a specific cipher is hypervisor
+ dependent.
``mode``
An optional cipher algorithm mode such as 'cbc', 'xts', 'ecb', etc.
Support of the specific cipher mode is hypervisor dependent.
diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index 39b8d67928..b70edcaaa0 100644
B
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -529,18 +529,6 @@ virDomainDiskDefValidateSourceChainOne(const virStorageSource *src)
}
}
- if (src->encryption) {
- virStorageEncryption *encryption = src->encryption;
-
- if (encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS &&
- encryption->encinfo.cipher_name) {
-
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("supplying <cipher> for domain disk definition is unnecessary"));
- return -1;
- }
- }
-
/* internal snapshots and config files are currently supported only with rbd: */
if (virStorageSourceGetActualType(src) != VIR_STORAGE_TYPE_NETWORK &&
src->protocol != VIR_STORAGE_NET_PROTOCOL_RBD) {
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index d6cdf521c4..ac55c077e9 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -2137,9 +2137,13 @@ qemuBlockStorageSourceCreateGetEncryptionLUKS(virStorageSource *src,
if (src->encryption) {
if (src->encryption->encinfo.cipher_name) {
- cipheralg = g_strdup_printf("%s-%u",
- src->encryption->encinfo.cipher_name,
- src->encryption->encinfo.cipher_size);
+ if (src->encryption->encinfo.cipher_size) {
+ cipheralg = g_strdup_printf("%s-%u",
+ src->encryption->encinfo.cipher_name,
+ src->encryption->encinfo.cipher_size);
+ } else {
+ cipheralg = g_strdup_printf("%s", src->encryption->encinfo.cipher_name);
+ }
}
if (virJSONValueObjectAdd(&props,
--
2.34.0.windows.1
3 months, 3 weeks
[PATCH] crypto: add support for sm4 without key length suffix and remove the restriction about ciper name in xml
by luzhipeng
qemu add sm4 in release 9, but the name of sm4 doesn't have the key
length suffix, So set size to 0, construct cipher name without
key length as suffix.
In order to support the snapshot of encrypted disks, it remove
the restrictions about cipher names in XML
Signed-off-by: luzhipeng <luzhipeng(a)cestc.cn>
---
docs/formatstorageencryption.rst | 8 +++++---
src/conf/domain_validate.c | 12 ------------
src/qemu/qemu_block.c | 10 +++++++---
3 files changed, 12 insertions(+), 18 deletions(-)
diff --git a/docs/formatstorageencryption.rst b/docs/formatstorageencryption.rst
index 066d285090..6cb8cf024c 100644
--- a/docs/formatstorageencryption.rst
+++ b/docs/formatstorageencryption.rst
@@ -75,11 +75,13 @@ initialization vector generation.
``name``
The name of the cipher algorithm used for data encryption, such as 'aes',
- 'des', 'cast5', 'serpent', 'twofish', etc. Support of the specific
+ 'des', 'cast5', 'serpent', 'twofish', 'sm4', etc. Support of the specific
algorithm is storage driver implementation dependent.
``size``
- The size of the cipher in bits, such as '256', '192', '128', etc. Support
- of the specific size for a specific cipher is hypervisor dependent.
+ The size of the cipher in bits, such as '256', '192', '128', '0', etc.
+ '0' indicates that the encryption algorithm name doesn't have key length
+ suffix. Support of the specific size for a specific cipher is hypervisor
+ dependent.
``mode``
An optional cipher algorithm mode such as 'cbc', 'xts', 'ecb', etc.
Support of the specific cipher mode is hypervisor dependent.
diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index 39b8d67928..b70edcaaa0 100644
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -529,18 +529,6 @@ virDomainDiskDefValidateSourceChainOne(const virStorageSource *src)
}
}
- if (src->encryption) {
- virStorageEncryption *encryption = src->encryption;
-
- if (encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS &&
- encryption->encinfo.cipher_name) {
-
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("supplying <cipher> for domain disk definition is unnecessary"));
- return -1;
- }
- }
-
/* internal snapshots and config files are currently supported only with rbd: */
if (virStorageSourceGetActualType(src) != VIR_STORAGE_TYPE_NETWORK &&
src->protocol != VIR_STORAGE_NET_PROTOCOL_RBD) {
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index d6cdf521c4..ac55c077e9 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -2137,9 +2137,13 @@ qemuBlockStorageSourceCreateGetEncryptionLUKS(virStorageSource *src,
if (src->encryption) {
if (src->encryption->encinfo.cipher_name) {
- cipheralg = g_strdup_printf("%s-%u",
- src->encryption->encinfo.cipher_name,
- src->encryption->encinfo.cipher_size);
+ if (src->encryption->encinfo.cipher_size) {
+ cipheralg = g_strdup_printf("%s-%u",
+ src->encryption->encinfo.cipher_name,
+ src->encryption->encinfo.cipher_size);
+ } else {
+ cipheralg = g_strdup_printf("%s", src->encryption->encinfo.cipher_name)
+ }
}
if (virJSONValueObjectAdd(&props,
--
2.34.0.windows.1
3 months, 3 weeks
[PATCH for v10.6.0 0/2] qemu: Two pstore improvements
by Michal Privoznik
These address Andrea's suggestion:
https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/E...
I know we've just entered freeze, but pstore is a new feature and it'd
be nice to have these in. The first one is technically a feature, but
the second one can be viewed as a bug fix.
Michal Prívozník (2):
qemu: Autofill pstore path if missing
qemu: Pre-create pstore device file
src/qemu/qemu_domain.c | 27 +++++++++++++++++++++++-
src/qemu/qemu_process.c | 46 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 72 insertions(+), 1 deletion(-)
--
2.44.2
3 months, 3 weeks
[PATCH] NEWS: Document features/improvements/bug fixes I've participated in
by Michal Privoznik
There are some features/improvements/bug fixes I've either
contributed or reviewed/merged. Document them for upcoming
release.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
NEWS.rst | 34 ++++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)
diff --git a/NEWS.rst b/NEWS.rst
index 17335b3f6e..1a320c5442 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -28,8 +28,42 @@ v10.6.0 (unreleased)
* **Improvements**
+ * qemu: Set 'passt' net backend if 'default' is unsupported
+
+ If QEMU is compiled without SLIRP support, and if domain XML allows it,
+ starting from this release libvirt will use passt as the default backend
+ instead. Also, supported backends are now reported in the domain
+ capabilities XML.
+
+ * qemu: Require QEMU-5.2.0 or newer
+
+ The minimal required version of QEMU was bumped to 5.2.0.
+
+ * qemu: add a monitor to /proc/$pid when killing times out
+
+ In cases when a QEMU process takes longer to be killed, libvirt might have
+ skipped cleaning up after it. But now a /proc/$pid watch is installed so
+ this does not happen ever again.
+
* **Bug fixes**
+ * virt-aa-helper: Allow RO access to /usr/share/edk2-ovmf
+
+ When binary version of edk2 is distributed, the files reside under
+ /usr/share/edk2-ovmf. Allow virt-aa-helper to generate paths under that
+ directory.
+
+ * virt-host-validate: Allow longer list of CPU flags
+
+ During its run, virt-host-validate parses /proc/cpuinfo to learn about CPU
+ flags. But due to a bug it parsed only the first 1024 bytes worth of CPU
+ flags leading to unexpected results. The file is now parsed properly.
+
+ * capabilities: Be more forgiving when decoding OEM strings
+
+ On some systems, OEM strings are scattered in multiple sections. This
+ confused libvirt when generating capabilities XML. Not anymore.
+
v10.5.0 (2024-07-01)
====================
--
2.44.2
3 months, 3 weeks
Arm CCA instance creation fails
by Itaru Kitayama
Hi,
With the below virt-install options, I am trying to import a Realm VM:
[…]
export LIBVIRT_QEMU=/home/realm/qemu-system-aarch64
virt-install --machine=virt --arch=aarch64 --name=test8 --disk path=/var/lib/libvirt/images/jammy.qcow2,format=qcow2,device=disk,bus=virtio,cache=none --memory=2048 --vcpu=8 --nographic --check all=off --features acpi=off --import --os-variant=ubuntu22.04 --qemu-commandline="-M virt,confidential-guest-support=rme0,acpi=off,gic-version=3 -cpu host -object rme-guest,id=rme0,measurement-algo=sha512" --boot kernel=Image-cca,initrd=rootfs.cpio
[…]
However, it fails with the messages:
WARNING Disk /var/lib/libvirt/images/jammy.qcow2 is already in use by other guests ['test', 'tmp1', 'jammy'].
Starting install...
ERROR internal error: QEMU unexpectedly closed the monitor (vm='test8'): 2024-07-22T06:40:39.290847Z qemu-system-aarch64: could not load kernel '/home/realm/Image-cca'
Domain installation does not appear to have been successful.
If it was, you can restart your domain by running:
virsh --connect qemu:///system start test8
otherwise, please restart your installation.
The libvirt packages are from Ubuntu 24.04 LTS, but QEMU is the one Linaro folk maintain.
Am I using the opions wrong for kernel direct boot scenario?
Thanks,
Itaru.
3 months, 3 weeks
Entering freeze for libvirt-10.6.0
by Jiri Denemark
I have just tagged v10.6.0-rc1 in the repository and pushed signed
tarballs to https://download.libvirt.org/
Please give the release candidate some testing and in case you find a
serious issue which should have a fix in the upcoming release, feel
free to reply to this thread to make sure the issue is more visible.
If you have not done so yet, please update NEWS.rst to document any
significant change you made since the last release.
Thanks,
Jirka
3 months, 3 weeks
[PATCH RESEND 0/5] Introduce pstore device
by Michal Privoznik
This is a rebased version of:
https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/UA...
which was a rebased version of:
https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/VW...
Let's hope no more resends will be needed.
Michal Prívozník (5):
qemu_capabilities: Introduce QEMU_CAPS_DEVICE_ACPI_ERST
conf: Introduce pstore device
qemu: Build cmd line for pstore device
security: Set seclabels for pstore device
NEWS: Document pstore device addition
NEWS.rst | 7 +
docs/formatdomain.rst | 32 ++++
src/ch/ch_domain.c | 1 +
src/conf/domain_conf.c | 153 ++++++++++++++++++
src/conf/domain_conf.h | 19 +++
src/conf/domain_postparse.c | 1 +
src/conf/domain_validate.c | 30 ++++
src/conf/schemas/domaincommon.rng | 25 +++
src/conf/virconftypes.h | 2 +
src/hyperv/hyperv_driver.c | 1 +
src/libvirt_private.syms | 2 +
src/libxl/libxl_driver.c | 6 +
src/lxc/lxc_driver.c | 6 +
src/qemu/qemu_alias.c | 10 ++
src/qemu/qemu_capabilities.c | 2 +
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_command.c | 52 ++++++
src/qemu/qemu_domain.c | 3 +
src/qemu/qemu_domain_address.c | 11 ++
src/qemu/qemu_driver.c | 3 +
src/qemu/qemu_hotplug.c | 5 +
src/qemu/qemu_validate.c | 26 +++
src/security/security_dac.c | 10 ++
src/security/security_selinux.c | 9 ++
src/security/virt-aa-helper.c | 4 +
src/test/test_driver.c | 1 +
.../caps_7.0.0_aarch64+hvf.xml | 1 +
.../caps_7.0.0_aarch64.xml | 1 +
.../qemucapabilitiesdata/caps_7.0.0_ppc64.xml | 1 +
.../caps_7.0.0_x86_64.xml | 1 +
.../qemucapabilitiesdata/caps_7.1.0_ppc64.xml | 1 +
.../caps_7.1.0_x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_7.2.0_ppc.xml | 1 +
.../caps_7.2.0_x86_64+hvf.xml | 1 +
.../caps_7.2.0_x86_64.xml | 1 +
.../caps_8.0.0_x86_64.xml | 1 +
.../caps_8.1.0_x86_64.xml | 1 +
.../caps_8.2.0_aarch64.xml | 1 +
.../caps_8.2.0_armv7l.xml | 1 +
.../caps_8.2.0_loongarch64.xml | 1 +
.../caps_8.2.0_x86_64.xml | 1 +
.../caps_9.0.0_x86_64.xml | 1 +
.../caps_9.1.0_x86_64.xml | 1 +
.../pstore-acpi-erst.x86_64-latest.args | 38 +++++
.../pstore-acpi-erst.x86_64-latest.xml | 1 +
tests/qemuxmlconfdata/pstore-acpi-erst.xml | 53 ++++++
tests/qemuxmlconftest.c | 1 +
47 files changed, 532 insertions(+)
create mode 100644 tests/qemuxmlconfdata/pstore-acpi-erst.x86_64-latest.args
create mode 120000 tests/qemuxmlconfdata/pstore-acpi-erst.x86_64-latest.xml
create mode 100644 tests/qemuxmlconfdata/pstore-acpi-erst.xml
--
2.44.2
4 months
