[PATCH] network: allow "modify" option for DNS-Txt records
by Adam Julis
The "modify" command allows to replace an existing record (its
text value). The primary key is the name of the record. If
duplicity or missing record detected, throw error.
Tests in networkxml2xmlupdatetest.c contain replacements of an
existing DNS-text record and failure due to non-existing record.
Resolves: https://gitlab.com/libvirt/libvirt/-/issues/639
Signed-off-by: Adam Julis <ajulis(a)redhat.com>
---
src/conf/network_conf.c | 18 ++++++++-----
.../dns-txt-record-modify-fail.xml | 1 +
.../dns-txt-record-modify-success.xml | 1 +
.../nat-network-dns-txt-modify-ok.xml | 26 +++++++++++++++++++
tests/networkxml2xmlupdatetest.c | 9 +++++++
5 files changed, 49 insertions(+), 6 deletions(-)
create mode 100644 tests/networkxml2xmlupdatein/dns-txt-record-modify-fail.xml
create mode 100644 tests/networkxml2xmlupdatein/dns-txt-record-modify-success.xml
create mode 100644 tests/networkxml2xmlupdateout/nat-network-dns-txt-modify-ok.xml
diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c
index fc387f9566..dd362b6ab2 100644
--- a/src/conf/network_conf.c
+++ b/src/conf/network_conf.c
@@ -3351,12 +3351,6 @@ virNetworkDefUpdateDNSTxt(virNetworkDef *def,
bool isAdd = (command == VIR_NETWORK_UPDATE_COMMAND_ADD_FIRST ||
command == VIR_NETWORK_UPDATE_COMMAND_ADD_LAST);
- if (command == VIR_NETWORK_UPDATE_COMMAND_MODIFY) {
- virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
- _("DNS TXT records cannot be modified, only added or deleted"));
- goto cleanup;
- }
-
if (virNetworkDefUpdateCheckElementName(def, ctxt->node, "txt") < 0)
goto cleanup;
@@ -3395,6 +3389,18 @@ virNetworkDefUpdateDNSTxt(virNetworkDef *def,
virNetworkDNSTxtDefClear(&dns->txts[foundIdx]);
VIR_DELETE_ELEMENT(dns->txts, foundIdx, dns->ntxts);
+ } else if (command == VIR_NETWORK_UPDATE_COMMAND_MODIFY) {
+
+ if (foundIdx == dns->ntxts) {
+ virReportError(VIR_ERR_OPERATION_INVALID,
+ _("couldn't locate a matching DNS TXT record in network %1$s"),
+ def->name);
+ goto cleanup;
+ }
+
+ VIR_FREE(dns->txts[foundIdx].value);
+ dns->txts[foundIdx].value = g_strdup(txt.value);
+
} else {
virNetworkDefUpdateUnknownCommand(command);
goto cleanup;
diff --git a/tests/networkxml2xmlupdatein/dns-txt-record-modify-fail.xml b/tests/networkxml2xmlupdatein/dns-txt-record-modify-fail.xml
new file mode 100644
index 0000000000..75ed475fe1
--- /dev/null
+++ b/tests/networkxml2xmlupdatein/dns-txt-record-modify-fail.xml
@@ -0,0 +1 @@
+<txt name='notexisted' value='modified example'/>
diff --git a/tests/networkxml2xmlupdatein/dns-txt-record-modify-success.xml b/tests/networkxml2xmlupdatein/dns-txt-record-modify-success.xml
new file mode 100644
index 0000000000..e16c352253
--- /dev/null
+++ b/tests/networkxml2xmlupdatein/dns-txt-record-modify-success.xml
@@ -0,0 +1 @@
+<txt name='example' value='modified example'/>
diff --git a/tests/networkxml2xmlupdateout/nat-network-dns-txt-modify-ok.xml b/tests/networkxml2xmlupdateout/nat-network-dns-txt-modify-ok.xml
new file mode 100644
index 0000000000..4b4dda094a
--- /dev/null
+++ b/tests/networkxml2xmlupdateout/nat-network-dns-txt-modify-ok.xml
@@ -0,0 +1,26 @@
+<network>
+ <name>default</name>
+ <uuid>81ff0d90-c91e-6742-64da-4a736edb9a9b</uuid>
+ <forward dev='eth1' mode='nat'>
+ <interface dev='eth1'/>
+ </forward>
+ <bridge name='virbr0' stp='on' delay='0'/>
+ <dns>
+ <txt name='example' value='modified example'/>
+ </dns>
+ <ip address='192.168.122.1' netmask='255.255.255.0'>
+ <dhcp>
+ <range start='192.168.122.2' end='192.168.122.254'/>
+ <host mac='00:16:3e:77:e2:ed' name='a.example.com' ip='192.168.122.10'/>
+ <host mac='00:16:3e:3e:a9:1a' name='b.example.com' ip='192.168.122.11'/>
+ </dhcp>
+ </ip>
+ <ip family='ipv4' address='192.168.123.1' netmask='255.255.255.0'>
+ </ip>
+ <ip family='ipv6' address='2001:db8:ac10:fe01::1' prefix='64'>
+ </ip>
+ <ip family='ipv6' address='2001:db8:ac10:fd01::1' prefix='64'>
+ </ip>
+ <ip family='ipv4' address='10.24.10.1'>
+ </ip>
+</network>
diff --git a/tests/networkxml2xmlupdatetest.c b/tests/networkxml2xmlupdatetest.c
index 59e6ce98e5..875cede035 100644
--- a/tests/networkxml2xmlupdatetest.c
+++ b/tests/networkxml2xmlupdatetest.c
@@ -306,6 +306,15 @@ mymain(void)
"dns-txt-record-snowman",
"nat-network-dns-txt-record",
VIR_NETWORK_UPDATE_COMMAND_DELETE);
+ DO_TEST("modify-dns-txt-record",
+ "dns-txt-record-modify-success",
+ "nat-network-dns-txt-record",
+ "nat-network-dns-txt-modify-ok",
+ VIR_NETWORK_UPDATE_COMMAND_MODIFY);
+ DO_TEST_FAIL("modify-missing-dns-txt-record",
+ "dns-txt-record-modify-fail",
+ "nat-network-dns-txt-record",
+ VIR_NETWORK_UPDATE_COMMAND_MODIFY);
section = VIR_NETWORK_SECTION_DNS_SRV;
--
2.45.2
9 months, 1 week
[PATCH] network: allow "modify" option for DNS hostname
by Adam Julis
The "modify" command allows you to replace an existing record
(its hostname, sub-elements). IP address acts as the primary key.
If it is not found, the attempt ends with an error message. If
the XML contains a duplicate address, it will select the last
one.
Tests in networkxml2xmlupdatetest.c contain replacements of an
existing DNS-Host record and failure due to non-existing record.
Resolves: https://gitlab.com/libvirt/libvirt/-/issues/639
Signed-off-by: Adam Julis <ajulis(a)redhat.com>
---
src/conf/network_conf.c | 28 ++++++++++++++-----
.../dns-host-modify-not-existing.xml | 4 +++
.../dns-host-modify.xml | 5 ++++
.../nat-network-dns-hosts-modified.xml | 28 +++++++++++++++++++
tests/networkxml2xmlupdatetest.c | 9 ++++++
5 files changed, 67 insertions(+), 7 deletions(-)
create mode 100644 tests/networkxml2xmlupdatein/dns-host-modify-not-existing.xml
create mode 100644 tests/networkxml2xmlupdatein/dns-host-modify.xml
create mode 100644 tests/networkxml2xmlupdateout/nat-network-dns-hosts-modified.xml
diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c
index f5ccf4bd12..2a541cd5b0 100644
--- a/src/conf/network_conf.c
+++ b/src/conf/network_conf.c
@@ -3138,19 +3138,13 @@ virNetworkDefUpdateDNSHost(virNetworkDef *def,
unsigned int fflags G_GNUC_UNUSED)
{
size_t i, j, k;
- int foundIdx = -1, ret = -1;
+ int foundIdx = -1, ret = -1, foundIdxModify = -1;
virNetworkDNSDef *dns = &def->dns;
virNetworkDNSHostDef host = { 0 };
bool isAdd = (command == VIR_NETWORK_UPDATE_COMMAND_ADD_FIRST ||
command == VIR_NETWORK_UPDATE_COMMAND_ADD_LAST);
int foundCt = 0;
- if (command == VIR_NETWORK_UPDATE_COMMAND_MODIFY) {
- virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
- _("DNS HOST records cannot be modified, only added or deleted"));
- goto cleanup;
- }
-
if (virNetworkDefUpdateCheckElementName(def, ctxt->node, "host") < 0)
goto cleanup;
@@ -3163,6 +3157,12 @@ virNetworkDefUpdateDNSHost(virNetworkDef *def,
if (virSocketAddrEqual(&host.ip, &dns->hosts[i].ip))
foundThisTime = true;
+ /* modify option required index of matching ip-address, the loop under
+ * this comment could affect results of found index foundThisTime,
+ * so the foundIdxModify is there used instead */
+ if (foundThisTime)
+ foundIdxModify = i;
+
/* when adding we want to only check duplicates of address since having
* multiple addresses with the same hostname is a legitimate configuration */
if (!isAdd) {
@@ -3213,6 +3213,20 @@ virNetworkDefUpdateDNSHost(virNetworkDef *def,
virNetworkDNSHostDefClear(&dns->hosts[foundIdx]);
VIR_DELETE_ELEMENT(dns->hosts, foundIdx, dns->nhosts);
+ } else if (command == VIR_NETWORK_UPDATE_COMMAND_MODIFY) {
+
+ if (foundCt == 0) {
+ virReportError(VIR_ERR_OPERATION_INVALID,
+ _("couldn't locate a matching DNS HOST record in network %1$s"),
+ def->name);
+ goto cleanup;
+ }
+
+ virNetworkDNSHostDefClear(&dns->hosts[foundIdxModify]);
+
+ memcpy(&dns->hosts[foundIdxModify], &host, sizeof(virNetworkDNSHostDef));
+ memset(&host, 0, sizeof(virNetworkDNSHostDef));
+
} else {
virNetworkDefUpdateUnknownCommand(command);
goto cleanup;
diff --git a/tests/networkxml2xmlupdatein/dns-host-modify-not-existing.xml b/tests/networkxml2xmlupdatein/dns-host-modify-not-existing.xml
new file mode 100644
index 0000000000..357fccd110
--- /dev/null
+++ b/tests/networkxml2xmlupdatein/dns-host-modify-not-existing.xml
@@ -0,0 +1,4 @@
+<host ip='192.168.122.333'>
+ <hostname>shared</hostname>
+ <hostname>names</hostname>
+</host>
diff --git a/tests/networkxml2xmlupdatein/dns-host-modify.xml b/tests/networkxml2xmlupdatein/dns-host-modify.xml
new file mode 100644
index 0000000000..78b9fd88a6
--- /dev/null
+++ b/tests/networkxml2xmlupdatein/dns-host-modify.xml
@@ -0,0 +1,5 @@
+<host ip='192.168.122.2'>
+ <hostname>Another</hostname>
+ <hostname>decent</hostname>
+ <hostname>names</hostname>
+</host>
diff --git a/tests/networkxml2xmlupdateout/nat-network-dns-hosts-modified.xml b/tests/networkxml2xmlupdateout/nat-network-dns-hosts-modified.xml
new file mode 100644
index 0000000000..8fcaad15d1
--- /dev/null
+++ b/tests/networkxml2xmlupdateout/nat-network-dns-hosts-modified.xml
@@ -0,0 +1,28 @@
+<network>
+ <name>default</name>
+ <uuid>81ff0d90-c91e-6742-64da-4a736edb9a9c</uuid>
+ <forward dev='eth0' mode='nat'>
+ <interface dev='eth0'/>
+ </forward>
+ <bridge name='virbr0' stp='on' delay='0'/>
+ <dns forwardPlainNames='no'>
+ <host ip='192.168.122.122'>
+ <hostname>pudding</hostname>
+ </host>
+ <host ip='192.168.122.1'>
+ <hostname>host</hostname>
+ <hostname>gateway</hostname>
+ </host>
+ <host ip='192.168.122.2'>
+ <hostname>Another</hostname>
+ <hostname>decent</hostname>
+ <hostname>names</hostname>
+ </host>
+ <host ip='fd8f:1391:3a82:150::c0a8:9603'>
+ <hostname>shared</hostname>
+ <hostname>names</hostname>
+ </host>
+ </dns>
+ <ip address='192.168.122.1' netmask='255.255.255.0'>
+ </ip>
+</network>
diff --git a/tests/networkxml2xmlupdatetest.c b/tests/networkxml2xmlupdatetest.c
index afe2b1f574..383cbf85ce 100644
--- a/tests/networkxml2xmlupdatetest.c
+++ b/tests/networkxml2xmlupdatetest.c
@@ -276,6 +276,15 @@ mymain(void)
"nat-network-dns-hosts",
"nat-network-no-hosts",
VIR_NETWORK_UPDATE_COMMAND_DELETE);
+ DO_TEST("modify-dns-host",
+ "dns-host-modify",
+ "nat-network-dns-hosts",
+ "nat-network-dns-hosts-modified",
+ VIR_NETWORK_UPDATE_COMMAND_MODIFY);
+ DO_TEST_FAIL("modify-dns-host-not-existing",
+ "dns-host-modify-not-existing",
+ "nat-network-dns-hosts",
+ VIR_NETWORK_UPDATE_COMMAND_MODIFY);
section = VIR_NETWORK_SECTION_DNS_TXT;
--
2.45.2
9 months, 1 week
[PATCH] domain_conf: comment not match the code below
by Adam Julis
The outdated comment refers to a non-existent member in the
virDomainObj structure.
Signed-off-by: Adam Julis <ajulis(a)redhat.com>
---
src/conf/domain_conf.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 7033b4e9fe..115862bbde 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -4449,7 +4449,7 @@ virDomainObjGetDefs(virDomainObj *vm,
* @live: set to true if live config was returned (may be omitted)
*
* Helper function to resolve @flags and return the correct domain pointer
- * object. This function returns one of @vm->def or @vm->persistentDef
+ * object. This function returns one of @vm->def or @vm->newDef
* according to @flags. @live is set to true if the live vm config will be
* returned. This helper should be used only in APIs that guarantee
* that @flags contains exactly one of VIR_DOMAIN_AFFECT_LIVE or
@@ -4489,7 +4489,7 @@ virDomainObjGetOneDefState(virDomainObj *vm,
* @flags: for virDomainModificationImpact
*
* Helper function to resolve @flags and return the correct domain pointer
- * object. This function returns one of @vm->def or @vm->persistentDef
+ * object. This function returns one of @vm->def or @vm->newDef
* according to @flags. This helper should be used only in APIs that guarantee
* that @flags contains exactly one of VIR_DOMAIN_AFFECT_LIVE or
* VIR_DOMAIN_AFFECT_CONFIG and not both.
--
2.45.2
9 months, 1 week
[PATCH] virt-aa-helper: Drop needless comments
by Michal Privoznik
When generating paths for a domain specific AppArmor profile each
path undergoes a validation where it's matched against an array
of well known prefixes (among other things). Now, for
OVMF/AAVMF/... images we have a list and some entries have
comments to which type of image the entry belongs to. For
instance:
"/usr/share/OVMF/", /* for OVMF images */
"/usr/share/AAVMF/", /* for AAVMF images */
But these comments are pretty useless. The path itself already
gives away the image type. Drop them.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/security/virt-aa-helper.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index a3f85d26b0..c1e89dc6cf 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -475,15 +475,15 @@ valid_path(const char *path, const bool readonly)
"/initrd",
"/initrd.img",
"/usr/share/edk2/",
- "/usr/share/edk2-ovmf/", /* for OVMF images */
- "/usr/share/OVMF/", /* for OVMF images */
- "/usr/share/ovmf/", /* for OVMF images */
- "/usr/share/AAVMF/", /* for AAVMF images */
+ "/usr/share/edk2-ovmf/",
+ "/usr/share/OVMF/",
+ "/usr/share/ovmf/",
+ "/usr/share/AAVMF/",
"/usr/share/qemu-efi/", /* for AAVMF images */
- "/usr/share/qemu-efi-aarch64/", /* for AAVMF images */
+ "/usr/share/qemu-efi-aarch64/",
"/usr/share/qemu/", /* SUSE path for OVMF and AAVMF images */
- "/usr/lib/u-boot/", /* u-boot loaders for qemu */
- "/usr/lib/riscv64-linux-gnu/opensbi" /* RISC-V SBI implementation */
+ "/usr/lib/u-boot/",
+ "/usr/lib/riscv64-linux-gnu/opensbi",
};
/* override the above with these */
const char * const override[] = {
--
2.44.2
9 months, 1 week
[libvirt PATCHv2 0/5] qemu: do not use deprecated options for new virtiofsd (virtiofs epopee)
by Ján Tomko
Also, allow migration if we think we can.
Ján Tomko (5):
tests: vhostuser: add virtiofsd json descriptor
tests: qemuxmlconf: adjust test case to new virtiofsd
qemu: fill capabilities for virtiofsd
qemu: do not use deprecated options for new virtiofsd
qemu: migration: allow migration for virtiofs
src/conf/domain_conf.h | 1 +
src/qemu/qemu_migration.c | 9 +-
src/qemu/qemu_vhost_user.c | 60 ++++++++++++
src/qemu/qemu_vhost_user.h | 12 +++
src/qemu/qemu_virtiofs.c | 92 +++++++++++++------
.../libexec/qemu/vhost-user/test-virtiofsd | 10 ++
.../qemu/vhost-user/50-qemu-virtiofsd.json | 5 +
tests/qemuvhostusertest.c | 1 +
.../vhost-user-fs-fd-memory.xml | 3 +-
9 files changed, 161 insertions(+), 32 deletions(-)
create mode 100755 tests/qemuvhostuserdata/usr/libexec/qemu/vhost-user/test-virtiofsd
create mode 100644 tests/qemuvhostuserdata/usr/share/qemu/vhost-user/50-qemu-virtiofsd.json
--
2.45.2
9 months, 1 week
[PATCH v3 0/2] security_manager: Fix security manager deadlock after libvirtd fork()
by hongmianquan
We have the stack security driver, which internally manages other security drivers,
just call them "top" and "nested".
We call virSecurityStackPreFork() to lock the top one, and it also locks
and then unlocks the nested drivers prior to fork. Then in qemuSecurityPostFork(),
it unlocks the top one, but not the nested ones. Thus, if one of the nested
drivers ("dac" or "selinux") is still locked, it will cause a deadlock. If we always
surround nested locks with top lock, it is always secure. Because we have got top lock
before fork child libvirtd.
However, it is not always the case in the current code, We discovered this case:
the nested list obtained through the qemuSecurityGetNested() will be locked directly
for subsequent use, such as in virQEMUDriverCreateCapabilities(), where the nested list
is locked using qemuSecurityGetDOI, but the top one is not locked beforehand.
The problem stack is as follows:
libvirtd thread1 libvirtd thread2 child libvirtd
| | |
| | |
virsh capabilities qemuProcessLanuch |
| | |
| lock top |
| | |
lock nested | |
| | |
| fork------------------->|(nested lock held by thread1)
| | |
| | |
unlock nested unlock top unlock top
|
|
qemuSecuritySetSocketLabel
|
|
lock nested (deadlock)
v3 changes:
Made modifications based on Michal's comments
- ensured matching qemuSecurityStackLock() and qemuSecurityStackUnlock()
- modify the correct order in libvirt_private.syms
- split the code streamlining part into a separate patch
hongmianquan (2):
security_manager: Ensure top lock is acquired before nested locks
security_manager: Remove redundant qemuSecurityGetNested() call
src/libvirt_private.syms | 2 ++
src/qemu/qemu_conf.c | 13 +++++++++++--
src/qemu/qemu_driver.c | 21 +++++++++++++--------
src/qemu/qemu_security.h | 2 ++
src/security/security_manager.c | 22 ++++++++++++++++++++++
src/security/security_manager.h | 2 ++
6 files changed, 52 insertions(+), 10 deletions(-)
--
2.20.1
9 months, 1 week
[PATCH 0/1] qemuDomainChangeNet: check virtio options for non-virtio models
by Miroslav Los
Hi,
in our project, we create all of our domain interfaces regardless of model
with a <driver><host csum='off'/></driver>. The documentation is not clear
as to which models support offloading or not, and the domain validates.
In libvirtd, since <driver> is present, this causes each network device
to have its virDomainVirtioOptions *virtio to be non-NULL, with all members
ABSENT, which is also deemed valid.
However, clients receive the interface elements without the driver. When
the modified value is sent back via updateDeviceFlags, the candidate's
virtio attribute is thus NULL.
The validation in qemuDomainChangeNet requires both structs to be equal
or both NULL, which is violated by such a request. This can be seen also
with how virsh domif-setlink operates:
virsh # domiflist 5
Interface Type Source Model MAC
--------------------------------------------------------
- udp - e1000 52:54:00:1c:10:42
- udp - e1000 52:54:00:09:29:9c
- udp - e1000 52:54:00:1d:a6:8d
- udp - e1000 52:54:00:07:4a:83
52:54:00:1c:10:42 up
virsh # domif-setlink 5 52:54:00:1c:10:42 down
error: Failed to update interface link state
error: Operation not supported: cannot modify virtio network device driver options
A workaround is to add an empty <driver> in the update request, which works
until libvirt is restarted. The driver element on a non-virtio interface is not
present when the domain is reloaded, thus the pointer is NULL in olddev, causing
the inverse issue and same error.
Our current workaround is to retry with the empty driver element only if the first
call fails, but we think libvirt should handle this struct more consistently.
This patch expands the check to the non-virtio case, where the olddev is assumed
to be valid, and newdev's virtio options are validated to be NULL or all-ABSENT.
Since the driver element is normally preserved for virtio models, the stricter
equality condition is left unchanged in that case.
I did not investigate further if the discrepancy between NULL and all-ABSENT values
for virDomainVirtioOptions can cause a problem elsewhere, or in other device kinds.
Though I do wonder if the options handling should be improved.
One possibility is that non-virtio devices keep the value NULL, e.g. after
validating that the driver element does not contain any of the options, whereas
virtio devices always create the struct even with no driver element present on input.
Another option is that NULL pointer is treated the same as all-ABSENT struct, e.g.
in virDomainCheckVirtioOptionsAreAbsent and virDomainVirtioOptionsCheckABIStability;
the former does that while the latter does not. These functions would also need
to become callable from the qemu driver.
Miroslav Los (1):
qemuDomainChangeNet: check virtio options for non-virtio models
src/qemu/qemu_hotplug.c | 23 ++++++++++++++++-------
1 file changed, 16 insertions(+), 7 deletions(-)
--
2.25.1
9 months, 1 week
[PATCH] virt-aa-helper: Allow RO access to /usr/share/edk2-ovmf
by Michal Privoznik
When binary version of edk2 is distributed, the files reside
under /usr/share/edk2-ovmf as can be seen from Gentoo's ebuild
[1]. Allow virt-aa-helper to generate paths under that dir.
1: https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-firmware/edk2-ovmf-bin...
Resolves: https://bugs.gentoo.org/911786
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/security/virt-aa-helper.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 402cbd9602..076b98a1d7 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -475,6 +475,7 @@ valid_path(const char *path, const bool readonly)
"/initrd",
"/initrd.img",
"/usr/share/edk2/",
+ "/usr/share/edk2-ovmf/",
"/usr/share/OVMF/", /* for OVMF images */
"/usr/share/ovmf/", /* for OVMF images */
"/usr/share/AAVMF/", /* for AAVMF images */
--
2.44.2
9 months, 1 week
[PATCH 0/6] qemu: Fixes to firmware selection
by Andrea Bolognani
Andrea Bolognani (6):
tests: Update firmware descriptors
tests: Add more firmware selection coverage
qemu: Filter firmware images by type
qemu: ROM firmware images are always readonly
tests: Add firmware descriptor for edk2 on riscv64
tests: Add test for UEFI autoselection on riscv64
src/qemu/qemu_firmware.c | 17 +++++++++
.../qemu_5.2.0-tcg-virt.riscv64.xml | 4 ++-
.../qemu_5.2.0-virt.riscv64.xml | 4 ++-
.../qemu_8.0.0-tcg-virt.riscv64.xml | 4 ++-
.../qemu_8.0.0-virt.riscv64.xml | 4 ++-
.../firmware/60-edk2-ovmf-x64-inteltdx.json | 10 +++---
.../qemu/firmware/50-edk2-riscv-qcow2.json | 33 +++++++++++++++++
.../firmware/60-edk2-ovmf-x64-inteltdx.json | 10 +++---
tests/qemufirmwaretest.c | 7 +++-
...efi-riscv64.riscv64-latest.abi-update.args | 34 ++++++++++++++++++
...-efi-riscv64.riscv64-latest.abi-update.xml | 28 +++++++++++++++
.../firmware-auto-efi-riscv64.xml | 14 ++++++++
...ware-auto-efi-rw-pflash.x86_64-latest.err} | 0
...mware-auto-efi-rw-pflash.x86_64-latest.xml | 35 +++++++++++++++++++
.../firmware-auto-efi-rw-pflash.xml | 18 ++++++++++
tests/qemuxmlconftest.c | 3 +-
16 files changed, 207 insertions(+), 18 deletions(-)
create mode 100644 tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-riscv-qcow2.json
create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-riscv64.riscv64-latest.abi-update.args
create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-riscv64.riscv64-latest.abi-update.xml
create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-riscv64.xml
rename tests/qemuxmlconfdata/{firmware-auto-efi-rw.x86_64-latest.abi-update.err => firmware-auto-efi-rw-pflash.x86_64-latest.err} (100%)
create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-rw-pflash.x86_64-latest.xml
create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-rw-pflash.xml
--
2.45.2
9 months, 1 week
[PATCH] vmx: Do not require all ID data for VMWare Distributed Switch
by Martin Kletzander
Similarly to commit 2482801608b8 we can safely ignore connectionId,
portId and portgroupId in both XML and VMX as they are only a blind
pass-through between XML and VMX and an ethernet without such parameters
was spotted in the wild. On top of that even our documentation says the
whole VMWare Distrubuted Switch configuration is a best-effort.
Resolves: https://issues.redhat.com/browse/RHEL-46099
Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
---
src/conf/domain_conf.c | 11 ++++-----
src/conf/schemas/domaincommon.rng | 24 ++++++++++++-------
src/vmx/vmx.c | 24 ++++++++++++-------
...-portid.vmx => ethernet-vds-no-params.vmx} | 2 --
...-portid.xml => ethernet-vds-no-params.xml} | 2 +-
5 files changed, 37 insertions(+), 26 deletions(-)
rename tests/vmx2xmldata/{ethernet-vds-no-portid.vmx => ethernet-vds-no-params.vmx} (76%)
rename tests/vmx2xmldata/{ethernet-vds-no-portid.xml => ethernet-vds-no-params.xml} (82%)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 6080f4f90a54..bfef89e1beae 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -9593,15 +9593,14 @@ virDomainNetDefParseXML(virDomainXMLOption *xmlopt,
def->data.vds.switch_id) < 0)
return NULL;
- if (virXMLPropLongLong(source_node, "portid", 0, VIR_XML_PROP_REQUIRED,
- &def->data.vds.port_id, def->data.vds.port_id) < 0)
+ if (virXMLPropLongLong(source_node, "portid", 0, VIR_XML_PROP_NONE,
+ &def->data.vds.port_id, 0) < 0)
return NULL;
- if (!(def->data.vds.portgroup_id = virXMLPropStringRequired(source_node, "portgroupid")))
- return NULL;
+ def->data.vds.portgroup_id = virXMLPropString(source_node, "portgroupid");
- if (virXMLPropLongLong(source_node, "connectionid", 0, VIR_XML_PROP_REQUIRED,
- &def->data.vds.connection_id, def->data.vds.connection_id) < 0)
+ if (virXMLPropLongLong(source_node, "connectionid", 0, VIR_XML_PROP_NONE,
+ &def->data.vds.connection_id, 0) < 0)
return NULL;
break;
diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng
index b163e4eece09..2d23fcf12375 100644
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@@ -3684,15 +3684,21 @@
<attribute name="switchid">
<ref name="UUID"/>
</attribute>
- <attribute name="portid">
- <data type="long"/>
- </attribute>
- <attribute name="portgroupid">
- <data type="string"/>
- </attribute>
- <attribute name="connectionid">
- <data type="long"/>
- </attribute>
+ <optional>
+ <attribute name="portid">
+ <data type="long"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="portgroupid">
+ <data type="string"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="connectionid">
+ <data type="long"/>
+ </attribute>
+ </optional>
</element>
<ref name="interface-options"/>
</interleave>
diff --git a/src/vmx/vmx.c b/src/vmx/vmx.c
index d082a0766010..e5bc2d793c66 100644
--- a/src/vmx/vmx.c
+++ b/src/vmx/vmx.c
@@ -2896,7 +2896,7 @@ virVMXParseEthernet(virConf *conf, int controller, virDomainNetDef **def)
if (virVMXGetConfigString(conf,
portgroupId_name,
&(*def)->data.vds.portgroup_id,
- false) < 0 ||
+ true) < 0 ||
virVMXGetConfigLong(conf,
portId_name,
&(*def)->data.vds.port_id,
@@ -2906,7 +2906,7 @@ virVMXParseEthernet(virConf *conf, int controller, virDomainNetDef **def)
connectionId_name,
&(*def)->data.vds.connection_id,
0,
- false) < 0)
+ true) < 0)
goto cleanup;
} else if (connectionType == NULL && networkName == NULL) {
(*def)->type = VIR_DOMAIN_NET_TYPE_NULL;
@@ -4038,14 +4038,22 @@ virVMXFormatEthernet(virDomainNetDef *def, int controller,
uuid[5], uuid[6], uuid[7], uuid[8], uuid[9], uuid[10],
uuid[11], uuid[12], uuid[13], uuid[14], uuid[15]);
- virBufferAsprintf(buffer, "ethernet%d.dvs.portId = \"%lld\"\n",
- controller, def->data.vds.port_id);
+ if (def->data.vds.port_id) {
+ virBufferAsprintf(buffer, "ethernet%d.dvs.portId = \"%lld\"\n",
+ controller, def->data.vds.port_id);
+ }
+
+ if (def->data.vds.portgroup_id) {
+ virBufferAsprintf(buffer, "ethernet%d.dvs.", controller);
+ virBufferEscapeString(buffer, "portgroupId = \"%s\"\n",
+ def->data.vds.portgroup_id);
+ }
- virBufferAsprintf(buffer, "ethernet%d.dvs.", controller);
- virBufferEscapeString(buffer, "portgroupId = \"%s\"\n", def->data.vds.portgroup_id);
+ if (def->data.vds.connection_id) {
+ virBufferAsprintf(buffer, "ethernet%d.dvs.connectionId = \"%lld\"\n",
+ controller, def->data.vds.connection_id);
+ }
- virBufferAsprintf(buffer, "ethernet%d.dvs.connectionId = \"%lld\"\n",
- controller, def->data.vds.connection_id);
break;
}
diff --git a/tests/vmx2xmldata/ethernet-vds-no-portid.vmx b/tests/vmx2xmldata/ethernet-vds-no-params.vmx
similarity index 76%
rename from tests/vmx2xmldata/ethernet-vds-no-portid.vmx
rename to tests/vmx2xmldata/ethernet-vds-no-params.vmx
index 7761accb3abc..90afbdac30cd 100644
--- a/tests/vmx2xmldata/ethernet-vds-no-portid.vmx
+++ b/tests/vmx2xmldata/ethernet-vds-no-params.vmx
@@ -5,6 +5,4 @@ ethernet0.virtualDev = "e1000e"
ethernet0.addressType = "vpx"
ethernet0.generatedAddress = "00:50:56:87:65:43"
ethernet0.dvs.switchId = "50 34 26 b2 94 e9 3b 16-1d 68 87 bf ff 4a 54 40"
-ethernet0.dvs.portgroupId = "dvportgroup-1285"
-ethernet0.dvs.connectionId = "408217997"
displayName = "test"
diff --git a/tests/vmx2xmldata/ethernet-vds-no-portid.xml b/tests/vmx2xmldata/ethernet-vds-no-params.xml
similarity index 82%
rename from tests/vmx2xmldata/ethernet-vds-no-portid.xml
rename to tests/vmx2xmldata/ethernet-vds-no-params.xml
index 60fd9c99feb9..0011ba471a50 100644
--- a/tests/vmx2xmldata/ethernet-vds-no-portid.xml
+++ b/tests/vmx2xmldata/ethernet-vds-no-params.xml
@@ -14,7 +14,7 @@
<devices>
<interface type='vds'>
<mac address='00:50:56:87:65:43' type='generated'/>
- <source switchid='503426b2-94e9-3b16-1d68-87bfff4a5440' portid='0' portgroupid='dvportgroup-1285' connectionid='408217997'/>
+ <source switchid='503426b2-94e9-3b16-1d68-87bfff4a5440'/>
<model type='e1000e'/>
</interface>
<video>
--
2.45.1
9 months, 1 week