[RFC PATCH v2 0/8] LIBVIRT: X86: TDX support
by Zhenzhong Duan
Thanks Peter, Pavel and Daniel's comments on v1 version, now the v2 comes.
* What's TDX?
TDX stands for Trust Domain Extensions which isolates VMs from
the virtual-machine manager (VMM)/hypervisor and any other software on
the platform.
To support TDX, multiple software components, not only KVM but also QEMU,
guest Linux and virtual bios, need to be updated. For more details, please
check link[1], there are TDX spec links and public repository link at github
for each software component.
This patchset is another software component to extend libvirt to support TDX,
with which one can start a VM from high level rather than running qemu directly.
* The goal of this RFC patch
The purpose of this post is to get feedback early on high level design issue of
libvirt enhancement for TDX. Referenced much on AMD SEV and S390 PV implemention
at link[2][3]. This 2nd version is rebased on upstream + s390 v4 version as
shown in [3] to utilize the common launchsecurity framework code.
* Patch organization
- patch 1-3: Support query of TDX capabilities.
- patch 4-6: Add TDX type to launchsecurity framework.
- patch 7: Add general loader support for TDX.
- patch 8: Add firmware descriptor support for TDX.
* Misc
Just let you know we have released v2 version of TDX qemu in [1], and the API
for libvirt is keeping stable. Using these patches we have succesfully booted
and tested a guest both with and without TDX enabled.
* Diff to v1:
- give up using qmp cmd and check TDX directly on host for TDX capabilities.
- use launchsecurity framework to support TDX
- use <os>.<loader> for general loader
- add auto firmware match feature for TDX
A example TDVF fimware description file 70-edk2-x86_64-tdx.json:
{
"description": "UEFI firmware for x86_64, supporting Intel TDX",
"interface-types": [
"uefi"
],
"mapping": {
"device": "generic",
"filename": "/usr/share/OVMF/OVMF_CODE-tdx.fd"
},
"targets": [
{
"architecture": "x86_64",
"machines": [
"pc-q35-*"
]
}
],
"features": [
"intel-tdx",
"verbose-dynamic"
],
"tags": [
]
}
Links:
[1] https://lists.nongnu.org/archive/html/qemu-devel/2021-07/msg01682.html
[2] https://github.com/codomania/libvirt/commits/v9
[3] https://www.mail-archive.com/libvir-list@redhat.com/msg219144.html
Zhenzhong Duan (8):
qemu: Check if INTEL Trust Domain Extention support is enabled
qemu: Add TDX capability
conf: expose TDX feature in domain capabilities
conf: add tdx as launch security type
qemu: Add command line and validation for TDX type
qemu: force special parameters enabled for TDX guest
qemu: Add general loader support
qemu: Add firmware descriptor support for TDX
docs/formatdomaincaps.html.in | 17 ++++++
docs/schemas/domaincaps.rng | 9 +++
docs/schemas/domaincommon.rng | 18 ++++++
src/conf/domain_capabilities.c | 1 +
src/conf/domain_capabilities.h | 1 +
src/conf/domain_conf.c | 49 ++++++++++++++++
src/conf/domain_conf.h | 11 ++++
src/conf/virconftypes.h | 2 +
src/qemu/qemu_capabilities.c | 44 ++++++++++++++-
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_command.c | 38 +++++++++++++
src/qemu/qemu_firmware.c | 100 ++++++++++++++++++++++++++++++++-
src/qemu/qemu_namespace.c | 2 +
src/qemu/qemu_process.c | 1 +
src/qemu/qemu_validate.c | 28 +++++++++
15 files changed, 319 insertions(+), 3 deletions(-)
--
2.25.1
3 years, 5 months
[PATCH v4 0/3] domstats:add haltpolling time statistic interface
by Yang Fei
This series add the ability to statistic the halt polling time when
VM execute HLT(arm is WFI).
v1:
https://listman.redhat.com/archives/libvir-list/2021-July/msg00029.html
v2:
https://listman.redhat.com/archives/libvir-list/2021-July/msg00339.html
v3:
https://listman.redhat.com/archives/libvir-list/2021-July/msg00445.html
changes from v1:
- Move virGetCgroupValueRaw to utils.c and rename it virGetValueRaw. So
that we can call it to obtain halt polling time.
- Helper function virGetCpuHaltPollTime and virGetDebugFsKvmValue are
added in a separate patch
- Use STRPREFIX to match the path prefix.
- Fix the logic that domstats will break when platform is non-linux,
debugfs isn't mounted and so on.
change from v2:
- Drop patch 1, use virFileReadValueUllong() to get halt polling data.
- Delete unnecessary error report in logs.
- Remove the qemuDomainGetStatsCpuHaltPollTime function conditionally
compiled on linux.
- Document the new parameters in src/libvirt-domain.c.
change from v3:
- Add function virFileReadValueUllongQuiet without error report.
- Move virGetCpuHaltPollTime to src/util/virhostcpu.c and change the
name to virHostCPUGetHaltPollTime.
- Replace the function which will report errors:
virDirOpenIfExists -> virDirOpenQuiet
virFileReadValueUllong -> virFileReadValueUllongQuiet
Yang Fei (3):
util: Add virFileReadValueUllongQuiet
util: Add virHostCPUGetHaltPollTime
qemu: Introduce qemuDomainGetStatsCpuHaltPollTime
docs/manpages/virsh.rst | 4 ++++
src/libvirt-domain.c | 7 +++++++
src/libvirt_private.syms | 2 ++
src/qemu/qemu_driver.c | 20 ++++++++++++++++++++
src/util/virfile.c | 24 ++++++++++++++++++++++++
src/util/virfile.h | 2 ++
src/util/virhostcpu.c | 39 +++++++++++++++++++++++++++++++++++++++
src/util/virhostcpu.h | 4 ++++
8 files changed, 102 insertions(+)
--
2.23.0
3 years, 5 months
[PATCH 0/3] NEWS updates for 7.6
by Peter Krempa
Peter Krempa (3):
NEWS: Use 'code' style for constant names in entry for recent
migration fix
NEWS: Mention security bug in storage pool object lookup
(CVE-2021-3667)
NEWS: Mention change to VIR_DOMAIN_EVENT_ID_BLOCK_THRESHOLD
NEWS.rst | 26 +++++++++++++++++++++-----
1 file changed, 21 insertions(+), 5 deletions(-)
--
2.31.1
3 years, 5 months
[PATCH] storage_driver: Unlock object on ACL fail in storagePoolLookupByTargetPath
by Peter Krempa
'virStoragePoolObjListSearch' returns a locked and refed object, thus we
must release it on ACL permission failure.
Fixes: 7aa0e8c0cb8
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1984318
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
Technically a security issue since it DoS-es the objects a user doesn't
have access to for users which do have access.
Posting to standard devel list since the bugzilla above is public.
src/storage/storage_driver.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c
index c2ff4b8d06..6aa10d89f6 100644
--- a/src/storage/storage_driver.c
+++ b/src/storage/storage_driver.c
@@ -1738,8 +1738,10 @@ storagePoolLookupByTargetPath(virConnectPtr conn,
storagePoolLookupByTargetPathCallback,
cleanpath))) {
def = virStoragePoolObjGetDef(obj);
- if (virStoragePoolLookupByTargetPathEnsureACL(conn, def) < 0)
+ if (virStoragePoolLookupByTargetPathEnsureACL(conn, def) < 0) {
+ virStoragePoolObjEndAPI(&obj);
return NULL;
+ }
pool = virGetStoragePool(conn, def->name, def->uuid, NULL, NULL);
virStoragePoolObjEndAPI(&obj);
--
2.31.1
3 years, 5 months
[libvirt PATCH] schema: make target mandatory for filesystems
by Ján Tomko
Commit 12967c3e13 incorrectly made the target optional.
The validation was re-introduced by commit e8863b91f (which
put it into FSDefValidate instead of the parser), but
it did not amend the schema to make it mandatory again.
https://bugzilla.redhat.com/show_bug.cgi?id=1969232
Fixes: e8863b91fb98f077d4c44a11bd7ea84c5e6b29ef
Signed-off-by: Ján Tomko <jtomko(a)redhat.com>
---
docs/schemas/domaincommon.rng | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 14c5d4ee68..2442078969 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -2859,12 +2859,10 @@
</group>
</choice>
<interleave>
- <optional>
- <element name="target">
- <attribute name="dir"/>
- <empty/>
- </element>
- </optional>
+ <element name="target">
+ <attribute name="dir"/>
+ <empty/>
+ </element>
<optional>
<attribute name="accessmode">
<choice>
--
2.31.1
3 years, 5 months
[libvirt RFC PATCH 0/2] domxml-to-native: lower users' expectations
by Ján Tomko
We do not support some configs that assume fd passing.
Add a disclaimer to the API and the virsh command, and a bit frendlier
error message to the vsock command line generator.
(Alternatively, we could fill in some random values for the file
descriptor numbers, just to give the user an idea what the command line
would look like. But this still won't give them a functional equivalent
of the command line. Which is not possible in all cases anyway)
Ján Tomko (2):
domxml-to-native: add disclaimer about fd passing
qemu: error out if vsock does not have a pre-opened file descriptor
docs/manpages/virsh.rst | 2 ++
src/libvirt-domain.c | 3 +++
src/qemu/qemu_command.c | 6 ++++++
3 files changed, 11 insertions(+)
--
2.31.1
3 years, 5 months
[libvirt PATCH 0/4] RFC: tests: introduce lavocado
by Beraldo Leal
lavocado aims to be an alternative test framework for the libvirt
project using Python, python-libvirt and Avocado. This can be used to
write unit, functional and integration tests and it is inspired by the
libvirt-tck framework.
This series introduces the basic framework along with some basic test
examples that I got from libvirt-tck. I would appreciate your comments
on this RFC, to see if this fits this project's needs. Also, names and
locations are just a proposal and can be changed.
For now, this framework assumes that you are going to run the tests in a
fresh clean environment, i.e. a VM. If you decide to use your local
system, beware that execution of the tests may affect your system.
One of the future goals of this framework is to utilize nested
virtualization technologies and hence make sure an L1 guest is
provisioned automatically for the tests to be executed in this
environment and not tamper with your main system.
I'm adding more information with some details inside the README file.
Beraldo Leal (4):
tests: introduce lavocado: initial code structure
tests.lavocado: adding basic transient domain tests
tests.lavocado: adding a .gitignore
tests.lavocado: adding a README and Makefile for convenience
tests/lavocado/.gitignore | 3 +
tests/lavocado/Makefile | 2 +
tests/lavocado/README.md | 124 +++++++++++++++++
tests/lavocado/lavocado/__init__.py | 0
tests/lavocado/lavocado/defaults.py | 11 ++
tests/lavocado/lavocado/exceptions.py | 20 +++
tests/lavocado/lavocado/helpers/__init__.py | 0
tests/lavocado/lavocado/helpers/domains.py | 75 ++++++++++
tests/lavocado/lavocado/test.py | 144 ++++++++++++++++++++
tests/lavocado/requirements.txt | 3 +
tests/lavocado/templates/domain.xml.jinja | 20 +++
tests/lavocado/tests/domain/transient.py | 102 ++++++++++++++
12 files changed, 504 insertions(+)
create mode 100644 tests/lavocado/.gitignore
create mode 100644 tests/lavocado/Makefile
create mode 100644 tests/lavocado/README.md
create mode 100644 tests/lavocado/lavocado/__init__.py
create mode 100644 tests/lavocado/lavocado/defaults.py
create mode 100644 tests/lavocado/lavocado/exceptions.py
create mode 100644 tests/lavocado/lavocado/helpers/__init__.py
create mode 100644 tests/lavocado/lavocado/helpers/domains.py
create mode 100644 tests/lavocado/lavocado/test.py
create mode 100644 tests/lavocado/requirements.txt
create mode 100644 tests/lavocado/templates/domain.xml.jinja
create mode 100644 tests/lavocado/tests/domain/transient.py
--
2.26.3
3 years, 5 months
[libvirt PATCH 0/3] qemu: Allow pcie-expander-bus for aarch64/virt guests
by Andrea Bolognani
Andrea Bolognani (3):
tests: Add capabilities for QEMU 6.0 on aarch64
qemu: Allow pcie-expander-bus for aarch64/virt guests
tests: Test pcie-expander-bus for aarch64/virt guests
src/qemu/qemu_domain.c | 6 +-
.../qemu_6.0.0-virt.aarch64.xml | 182 +
tests/domaincapsdata/qemu_6.0.0.aarch64.xml | 176 +
.../caps_6.0.0.aarch64.replies | 27539 ++++++++++++++++
.../caps_6.0.0.aarch64.xml | 532 +
...fault-cpu-kvm-virt-4.2.aarch64-latest.args | 4 +-
...fault-cpu-tcg-virt-4.2.aarch64-latest.args | 4 +-
.../aarch64-features-sve.aarch64-latest.args | 4 +-
...arch64-os-firmware-efi.aarch64-latest.args | 4 +-
.../aarch64-tpm.aarch64-latest.args | 4 +-
.../aarch64-virt-graphics.aarch64-latest.args | 6 +-
.../aarch64-virt-headless.aarch64-latest.args | 6 +-
.../clock-timer-armvtimer.aarch64-latest.args | 4 +-
...ult-video-type-aarch64.aarch64-latest.args | 4 +-
.../disk-arm-virtio-sd.aarch64-latest.args | 4 +-
.../iommu-smmuv3.aarch64-latest.args | 4 +-
...e-expander-bus-aarch64.aarch64-latest.args | 32 +
.../pcie-expander-bus-aarch64.xml | 15 +
.../pcie-expander-bus-bad-machine.err | 2 +-
tests/qemuxml2argvtest.c | 1 +
...ie-expander-bus-aarch64.aarch64-latest.xml | 32 +
tests/qemuxml2xmltest.c | 1 +
22 files changed, 28538 insertions(+), 28 deletions(-)
create mode 100644 tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml
create mode 100644 tests/domaincapsdata/qemu_6.0.0.aarch64.xml
create mode 100644 tests/qemucapabilitiesdata/caps_6.0.0.aarch64.replies
create mode 100644 tests/qemucapabilitiesdata/caps_6.0.0.aarch64.xml
create mode 100644 tests/qemuxml2argvdata/pcie-expander-bus-aarch64.aarch64-latest.args
create mode 100644 tests/qemuxml2argvdata/pcie-expander-bus-aarch64.xml
create mode 100644 tests/qemuxml2xmloutdata/pcie-expander-bus-aarch64.aarch64-latest.xml
--
2.31.1
3 years, 5 months
[libvirt PATCH] qemu: monitor: remove destroy callback
by Ján Tomko
It was added by commit c2121602 and later removed by 5a4c2374a
Signed-off-by: Ján Tomko <jtomko(a)redhat.com>
---
src/qemu/qemu_monitor.c | 2 --
src/qemu/qemu_monitor.h | 1 -
2 files changed, 3 deletions(-)
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index 6e2d8010c5..5d7b686136 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -233,8 +233,6 @@ qemuMonitorDispose(void *obj)
VIR_DEBUG("mon=%p", mon);
qemuMonitorDisposed = true;
- if (mon->cb && mon->cb->destroy)
- (mon->cb->destroy)(mon, mon->vm, mon->callbackOpaque);
virObjectUnref(mon->vm);
g_main_context_unref(mon->context);
diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
index 1491c1297c..05ec228800 100644
--- a/src/qemu/qemu_monitor.h
+++ b/src/qemu/qemu_monitor.h
@@ -363,7 +363,6 @@ typedef void (*qemuMonitorDomainMemoryFailureCallback)(qemuMonitor *mon,
typedef struct _qemuMonitorCallbacks qemuMonitorCallbacks;
struct _qemuMonitorCallbacks {
- qemuMonitorDestroyCallback destroy;
qemuMonitorEofNotifyCallback eofNotify;
qemuMonitorErrorNotifyCallback errorNotify;
qemuMonitorDomainEventCallback domainEvent;
--
2.31.1
3 years, 5 months
[PATCH 0/6] qemu: Add detection of 'blockdev-reopen'
by Peter Krempa
Note that the capability update patch is waiting for a series of fixes
as current qemu master breaks with libvirt.
Full version can be fetched from:
git fetch https://gitlab.com/pipo.sk/libvirt.git blockdev-reopen
Peter Krempa (6):
tests: qemucapabilities: Update capabilities for qemu-6.1.0-rc0 on
x86_64
qemuBlockReopenFormat: Extract @src handling and monitor invocation
qemuBlockReopenFormatMon: Adapt to new argument format of
'blockdev-reopen'
qemumonitorjsontest: Add test case for 'blockdev-reopen'
qemu: capabilities: Enable detection of QEMU_CAPS_BLOCKDEV_REOPEN
NEWS: Mention enablement of incremental backups
NEWS.rst | 6 +
src/qemu/qemu_block.c | 32 +-
src/qemu/qemu_block.h | 5 +
src/qemu/qemu_capabilities.c | 1 +
.../domaincapsdata/qemu_6.1.0-q35.x86_64.xml | 2 +-
.../domaincapsdata/qemu_6.1.0-tcg.x86_64.xml | 2 +-
tests/domaincapsdata/qemu_6.1.0.x86_64.xml | 2 +-
.../caps_6.1.0.x86_64.replies | 4245 +++++++++--------
.../caps_6.1.0.x86_64.xml | 8 +-
tests/qemumonitorjsontest.c | 28 +
10 files changed, 2312 insertions(+), 2019 deletions(-)
--
2.31.1
3 years, 5 months