[libvirt PATCH v4 00/12] tools: provide virt-qemu-sev-validate for SEV(-ES) launch attestation
by Daniel P. Berrangé
The libvirt QEMU driver provides all the functionality required for
launching a guest on AMD SEV(-ES) platforms, with a configuration
that enables attestation of the launch measurement. The documentation
for how to actually perform an attestation is severely lacking and
not suitable for mere mortals to understand. IOW, someone trying to
implement attestation is in for a world of pain and suffering.
This series doesn't fix the documentation problem, but it does
provide a reference implementation of a tool for performing
attestation of SEV(-ES) guests in the context of libvirt / KVM.
There will be other tools and libraries that implement attestation
logic too, but this tool is likely somewhat unique in its usage of
libvirt. Now for a attestation to be trustworthy you don't want to
perform it on the hypervisor host, since the goal is to prove that
the hypervisor has not acted maliciously. None the less it is still
beneficial to have libvirt integration to some extent.
When running this tool on a remote (trusted) host, it can connect
to the libvirt hypervisor and fetch the data provided by the
virDomainLaunchSecurityInfo API, which is safe to trust as the
key pieces are cryptographically measured.
Attestation is a complex problem though and it is very easy to
screw up and feed the wrong information and then waste hours trying
to figure out what piece was wrong, to cause the hash digest to
change. For debugging such problems, you can thus tell the tool
to operate insecurely, by querying libvirt for almost all of the
configuration information required to determine the expected
measurement. By comparing these results,to the results obtained
in offline mode it helps narrow down where the mistake lies.
So I view this tool as being useful in a number of ways:
* Quality assurance engineers needing to test libvirt/QEMU/KVM
get a simple and reliable tool for automating tests with.
* Users running simple libvirt deployments without any large
management stack, get a standalone tool for attestation
they can rely on.
* Developers writing/integrating attestation support into
management stacks above libvirt, get a reference against
which they can debug their own tools.
* Users wanting to demonstrate the core SEV/SEV-ES functionality
get a simple and reliable tool to illustrate the core concepts
involved.
Since I didn't fancy writing such complex logic in C, this tool is
a python3 program. As such, we don't want to include it in the
main libvirt-client RPM, nor any other existing RPM. THus, this
series puts it in a new libvirt-client-qemu RPM which, through no
co-inicidence at all, is the same RPM I invented a few days ago to
hold the virt-qemu-qmp-proxy command.
Note, people will have already seen an earlier version of this
tool I hacked up some months ago. This code is very significantly
changed since that earlier version, to make it more maintainable,
and simpler to use (especially for SEV-ES) but the general theme
is still the same.
Changed in v4:
- Fixed loading of initrd/cmdline from XML
- s/loader/firmware/ in some error messages
Changed in v3:
- Remove LUKS specific --disk-password and have generic
--inject-secret
- Fix handling of optional initrd/cmdline
- Require --kernel if --initrd or --cmdline are present
- Ensure VM is in paused state
Changed in v2:
- All the suggestions from Cole and Kashyap
Daniel P. Berrangé (12):
build-aux: only forbid gethostname in C files
tools: support validating SEV firmware boot measurements
tools: load guest config from libvirt
tools: support validating SEV direct kernel boot measurements
tools: load direct kernel config from libvirt
tools: support validating SEV-ES initial vCPU state measurements
tools: support automatically constructing SEV-ES vCPU state
tools: load CPU count and CPU SKU from libvirt
tools: support generating SEV secret injection tables
docs/kbase: describe attestation for SEV guests
scripts: add systemtap script for capturing SEV-ES VMSA
docs/manpages: add checklist of problems for SEV attestation
build-aux/syntax-check.mk | 1 +
docs/kbase/launch_security_sev.rst | 105 ++
docs/manpages/meson.build | 1 +
docs/manpages/virt-qemu-sev-validate.rst | 666 +++++++++++
examples/systemtap/amd-sev-es-vmsa.stp | 48 +
libvirt.spec.in | 2 +
tools/meson.build | 5 +
tools/virt-qemu-sev-validate | 1335 ++++++++++++++++++++++
8 files changed, 2163 insertions(+)
create mode 100644 docs/manpages/virt-qemu-sev-validate.rst
create mode 100644 examples/systemtap/amd-sev-es-vmsa.stp
create mode 100755 tools/virt-qemu-sev-validate
--
2.37.3
2 years, 4 months
[PATCH] qemu: Add missing 'break' statement in couple of switch()-es
by Michal Privoznik
In recent commits migration of TPM on shared storage was
introduced. However, I've only complied it with gcc and thus did
not notice that clang build fails due to missing break; at the
end of some (empty) cases in switch() statements.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
Pushed under trivial and build breaker rules.
src/qemu/qemu_domain.c | 1 +
src/qemu/qemu_tpm.c | 2 ++
2 files changed, 3 insertions(+)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 41e616ca48..3435da5bdc 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1202,6 +1202,7 @@ qemuDomainTPMPrivateFormat(const virDomainTPMDef *tpm,
case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
case VIR_DOMAIN_TPM_TYPE_LAST:
+ break;
}
return 0;
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index dc15514ca6..15ee7db757 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -1019,6 +1019,7 @@ qemuTPMHasSharedStorage(virDomainDef *def)
return virFileIsSharedFS(tpm->data.emulator.storagepath) == 1;
case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
case VIR_DOMAIN_TPM_TYPE_LAST:
+ break;
}
}
@@ -1038,6 +1039,7 @@ qemuTPMCanMigrateSharedStorage(virDomainDef *def)
return QEMU_DOMAIN_TPM_PRIVATE(tpm)->swtpm.can_migrate_shared_storage;
case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
case VIR_DOMAIN_TPM_TYPE_LAST:
+ break;
}
}
return true;
--
2.37.4
2 years, 4 months
[PATCH 0/4] qemu: Use 'flat' mode for 'query-named-block-nodes' when possible
by Peter Krempa
Peter Krempa (4):
qemu: qemuBlockGetNamedNodeData: Remove pointless error path
qemu: monitor: Store whether 'query-named-block-nodes' supports 'flat'
parameter
qemuMonitorJSONBlockStatsUpdateCapacityBlockdev: Use 'flat' mode of
query-named-block-nodes
qemuMonitorJSONQueryNamedBlockNodes: Drop 'flat' argument
src/qemu/qemu_block.c | 11 +++--------
src/qemu/qemu_monitor.c | 11 +++++------
src/qemu/qemu_monitor.h | 3 +--
src/qemu/qemu_monitor_json.c | 12 +++++-------
src/qemu/qemu_monitor_json.h | 3 +--
src/qemu/qemu_monitor_priv.h | 2 ++
6 files changed, 17 insertions(+), 25 deletions(-)
--
2.37.3
2 years, 4 months
[PATCH] maint: fix "mixing declarations and code" errors
by Roman Bogorodskiy
clang 14.0.5 complains:
../src/bhyve/bhyve_device.c:42:29: error: mixing declarations and code
is incompatible with standards before C99
[-Werror,-Wdeclaration-after-statement]
virDomainPCIAddressSet *addrs = opaque;
^
1 error generated.
And a few similar errors in some other places, mainly bhyve related.
Apply a trivial fix to resolve that.
Signed-off-by: Roman Bogorodskiy <bogorodskiy(a)gmail.com>
---
src/bhyve/bhyve_device.c | 6 ++++--
tests/bhyvexml2argvmock.c | 4 ++--
tests/domaincapstest.c | 3 ++-
tests/networkxml2conftest.c | 16 +++++++++-------
4 files changed, 17 insertions(+), 12 deletions(-)
diff --git a/src/bhyve/bhyve_device.c b/src/bhyve/bhyve_device.c
index 5654028ca5..e4d14c4102 100644
--- a/src/bhyve/bhyve_device.c
+++ b/src/bhyve/bhyve_device.c
@@ -36,11 +36,13 @@ bhyveCollectPCIAddress(virDomainDef *def G_GNUC_UNUSED,
virDomainDeviceInfo *info,
void *opaque)
{
+ virDomainPCIAddressSet *addrs = NULL;
+ virPCIDeviceAddress *addr = NULL;
if (info->type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_DRIVE)
return 0;
- virDomainPCIAddressSet *addrs = opaque;
- virPCIDeviceAddress *addr = &info->addr.pci;
+ addrs = opaque;
+ addr = &info->addr.pci;
if (addr->domain == 0 && addr->bus == 0 && addr->slot == 0) {
return 0;
diff --git a/tests/bhyvexml2argvmock.c b/tests/bhyvexml2argvmock.c
index 9b77f97e5f..fe76564d51 100644
--- a/tests/bhyvexml2argvmock.c
+++ b/tests/bhyvexml2argvmock.c
@@ -25,10 +25,10 @@ init_syms(void)
DIR *
opendir(const char *path)
{
- init_syms();
-
g_autofree char *path_override = NULL;
+ init_syms();
+
if (STREQ(path, "fakefirmwaredir")) {
path_override = g_strdup(FAKEFIRMWAREDIR);
} else if (STREQ(path, "fakefirmwareemptydir")) {
diff --git a/tests/domaincapstest.c b/tests/domaincapstest.c
index b4cb1894c2..b3cf4426f3 100644
--- a/tests/domaincapstest.c
+++ b/tests/domaincapstest.c
@@ -397,8 +397,9 @@ mymain(void)
#define DO_TEST_BHYVE(Name, Emulator, BhyveCaps, Type) \
do { \
g_autofree char *name = NULL; \
+ struct testData data; \
name = g_strdup_printf("bhyve_%s.x86_64", Name); \
- struct testData data = { \
+ data = (struct testData) { \
.name = name, \
.emulator = Emulator, \
.arch = "x86_64", \
diff --git a/tests/networkxml2conftest.c b/tests/networkxml2conftest.c
index 726f073ddc..d18985e060 100644
--- a/tests/networkxml2conftest.c
+++ b/tests/networkxml2conftest.c
@@ -50,14 +50,16 @@ testCompareXMLToConfFiles(const char *inxml, const char *outconf,
/* Any changes to this function ^^ should be reflected here too. */
#ifndef __linux__
- char * tmp;
+ {
+ char * tmp;
- if (!(tmp = virStringReplace(confactual,
- "except-interface=lo0\n",
- "except-interface=lo\n")))
- goto fail;
- VIR_FREE(confactual);
- confactual = g_steal_pointer(&tmp);
+ if (!(tmp = virStringReplace(confactual,
+ "except-interface=lo0\n",
+ "except-interface=lo\n")))
+ goto fail;
+ VIR_FREE(confactual);
+ confactual = g_steal_pointer(&tmp);
+ }
#endif
if (virTestCompareToFile(confactual, outconf) < 0)
--
2.38.0
2 years, 4 months
[libvirt PATCH v5 0/6] Add support for 'blob' to virtio video device
by Jonathon Jongsma
Add support to libvirt for the 'blob' option for virtio video devices in qemu.
Also do a little preparatory refactoring of the video device xml parsing code.
I sent this series out a couple times but didn't get much review. Trying again
after rebasing.
changes in v5:
- rebased to latest master
changes in v4:
- rebased to latest master
- updated tests
changes in v3:
- rebased to latest master
Changes in v2:
- Added some basic documentation
- add a qemu capability
- Make sure that the /dev/udmabuf device is accessible to qemu (cgroups, etc)
Jonathon Jongsma (6):
conf: Refactor video model parsing
conf: switch to virXMLProp* functions for parsing video
conf: use enum variable for video type
conf: add support for 'blob' in virtio video device
qemu: Add capability for virtio-gpu.blob
qemu: Implement 'blob' support for virtio gpu
docs/formatdomain.rst | 7 +
src/conf/domain_conf.c | 133 +++++++++---------
src/conf/domain_conf.h | 3 +-
src/conf/domain_validate.c | 13 +-
src/conf/schemas/domaincommon.rng | 5 +
src/libxl/libxl_conf.c | 10 ++
src/libxl/libxl_domain.c | 11 ++
src/qemu/qemu_capabilities.c | 2 +
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_cgroup.c | 22 ++-
src/qemu/qemu_command.c | 3 +
src/qemu/qemu_domain.h | 1 +
src/qemu/qemu_monitor_json.c | 16 ++-
src/qemu/qemu_namespace.c | 22 +++
src/qemu/qemu_process.c | 7 +
src/qemu/qemu_validate.c | 9 ++
.../caps_6.1.0.x86_64.xml | 1 +
.../caps_6.2.0.aarch64.xml | 1 +
.../qemucapabilitiesdata/caps_6.2.0.ppc64.xml | 1 +
.../caps_6.2.0.x86_64.xml | 1 +
.../caps_7.0.0.aarch64.xml | 1 +
.../qemucapabilitiesdata/caps_7.0.0.ppc64.xml | 1 +
.../caps_7.0.0.x86_64.xml | 1 +
.../qemucapabilitiesdata/caps_7.1.0.ppc64.xml | 1 +
.../caps_7.1.0.x86_64.xml | 1 +
.../caps_7.2.0.x86_64.xml | 1 +
...ideo-virtio-blob-absent.x86_64-latest.args | 39 +++++
.../video-virtio-blob-absent.xml | 36 +++++
.../video-virtio-blob-off.x86_64-latest.args | 39 +++++
.../video-virtio-blob-off.xml | 36 +++++
.../video-virtio-blob-on.x86_64-latest.args | 39 +++++
.../qemuxml2argvdata/video-virtio-blob-on.xml | 36 +++++
tests/qemuxml2argvtest.c | 3 +
...video-virtio-blob-absent.x86_64-latest.xml | 48 +++++++
.../video-virtio-blob-off.x86_64-latest.xml | 48 +++++++
.../video-virtio-blob-on.x86_64-latest.xml | 48 +++++++
tests/qemuxml2xmltest.c | 3 +
37 files changed, 569 insertions(+), 81 deletions(-)
create mode 100644 tests/qemuxml2argvdata/video-virtio-blob-absent.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/video-virtio-blob-absent.xml
create mode 100644 tests/qemuxml2argvdata/video-virtio-blob-off.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/video-virtio-blob-off.xml
create mode 100644 tests/qemuxml2argvdata/video-virtio-blob-on.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/video-virtio-blob-on.xml
create mode 100644 tests/qemuxml2xmloutdata/video-virtio-blob-absent.x86_64-latest.xml
create mode 100644 tests/qemuxml2xmloutdata/video-virtio-blob-off.x86_64-latest.xml
create mode 100644 tests/qemuxml2xmloutdata/video-virtio-blob-on.x86_64-latest.xml
--
2.38.1
2 years, 4 months
[PATCH 0/4] Add support for 'hv-avic' hyperv enlightenment
by Peter Krempa
Peter Krempa (4):
conf: virDomainDefFormatFeatures: Realign line
cpu: x86: Group and order hyperv enlightenment features by leaf and
register
cpu: x86: Introduce the 'hv-avic' feature
conf: Introduce support for 'hv-avic' Hyper-V enlightenment
docs/formatdomain.rst | 1 +
src/conf/domain_conf.c | 7 +++++--
src/conf/domain_conf.h | 1 +
src/conf/schemas/domaincommon.rng | 5 +++++
src/cpu/cpu_x86.c | 9 +++++++--
src/cpu/cpu_x86_data.h | 1 +
src/qemu/qemu_command.c | 1 +
src/qemu/qemu_process.c | 1 +
tests/qemuxml2argvdata/hyperv.x86_64-latest.args | 2 +-
tests/qemuxml2argvdata/hyperv.xml | 1 +
tests/qemuxml2xmloutdata/hyperv.xml | 1 +
11 files changed, 25 insertions(+), 5 deletions(-)
--
2.37.3
2 years, 4 months
[libvirt PATCH v3 00/24] Synchronize x86 cpu features from qemu
by Tim Wiederhake
V1: https://listman.redhat.com/archives/libvir-list/2022-October/235007.html
V2: https://listman.redhat.com/archives/libvir-list/2022-October/235247.html
Changes since V2:
* Added explanation where the currently ignored "alias" names will be used
in the future to the commit message (patch 1).
* Added "source" attribute to "alias" tags (patch 2).
Patches not reviewed yet:
* #4: Add script to sync from QEMU i386 cpu features
* #10: Add missing x86 feature "sgx1"
* #11: Add missing x86 feature "sgx2"
Tim Wiederhake (24):
cpu-data.py: Allow for more than child in feature nodes
cpu_x86: Ignore alias names
cpu: make x86 feature alias names machine readable
cpu_map: Add script to sync from QEMU i386 cpu features
cpu_map: Rename sync_qemu_i386.py
cpu_map: Add missing x86 feature alias names
cpu_map: Add missing x86 feature "sgx"
cpu_map: Add missing x86 feature "sgxlc"
cpu_map: Add missing x86 feature "sgx-exinfo"
cpu_map: Add missing x86 feature "sgx1"
cpu_map: Add missing x86 feature "sgx2"
cpu_map: Add missing x86 features "sgx-..."
cpu_map: Add missing x86 feature "bus-lock-detect"
cpu_map: Add missing x86 feature "pks"
cpu_map: Add missing x86 feature "avx512-vp2intersect"
cpu_map: Add missing x86 feature "avx512-fp16"
cpu_map: Add missing x86 feature "serialize"
cpu_map: Add missing x86 feature "tsx-ldtrk"
cpu_map: Add missing x86 feature "arch-lbr"
cpu_map: Add missing x86 feature "xfd"
cpu_map: Add missing x86 feature "intel-pt-lip"
cpu_map: Add missing x86 feature "avic"
cpu_map: Add missing x86 feature "v-vmsave-vmload"
cpu_map: Add missing x86 feature "vgif"
src/cpu/cpu_x86.c | 10 +-
src/cpu_map/sync_qemu_features_i386.py | 278 ++++++++++++++++++
..._qemu_i386.py => sync_qemu_models_i386.py} | 0
src/cpu_map/x86_features.xml | 133 +++++++--
tests/cputestdata/cpu-data.py | 11 +-
.../x86_64-cpuid-Atom-P5362-disabled.xml | 1 +
.../x86_64-cpuid-Atom-P5362-guest.xml | 1 +
.../x86_64-cpuid-Atom-P5362-host.xml | 1 +
.../x86_64-cpuid-Core-i7-7600U-disabled.xml | 2 +-
.../x86_64-cpuid-Core-i7-7600U-guest.xml | 1 +
.../x86_64-cpuid-Core-i7-7600U-host.xml | 1 +
.../x86_64-cpuid-Core-i7-7700-disabled.xml | 2 +-
.../x86_64-cpuid-Core-i7-7700-guest.xml | 1 +
.../x86_64-cpuid-Core-i7-7700-host.xml | 1 +
.../x86_64-cpuid-Core-i7-8550U-disabled.xml | 2 +-
.../x86_64-cpuid-Core-i7-8550U-guest.xml | 1 +
.../x86_64-cpuid-Core-i7-8550U-host.xml | 1 +
.../x86_64-cpuid-Core-i7-8700-disabled.xml | 2 +-
.../x86_64-cpuid-Core-i7-8700-guest.xml | 2 +
.../x86_64-cpuid-Core-i7-8700-host.xml | 2 +
...86_64-cpuid-EPYC-7502-32-Core-disabled.xml | 2 +-
.../x86_64-cpuid-EPYC-7502-32-Core-guest.xml | 3 +
.../x86_64-cpuid-EPYC-7502-32-Core-host.xml | 3 +
...86_64-cpuid-EPYC-7601-32-Core-disabled.xml | 2 +-
.../x86_64-cpuid-EPYC-7601-32-Core-guest.xml | 3 +
.../x86_64-cpuid-EPYC-7601-32-Core-host.xml | 3 +
...-cpuid-EPYC-7601-32-Core-ibpb-disabled.xml | 2 +-
..._64-cpuid-EPYC-7601-32-Core-ibpb-guest.xml | 3 +
...6_64-cpuid-EPYC-7601-32-Core-ibpb-host.xml | 3 +
...-cpuid-Hygon-C86-7185-32-core-disabled.xml | 2 +-
..._64-cpuid-Hygon-C86-7185-32-core-guest.xml | 3 +
...6_64-cpuid-Hygon-C86-7185-32-core-host.xml | 3 +
.../x86_64-cpuid-Ice-Lake-Server-disabled.xml | 2 +-
.../x86_64-cpuid-Ice-Lake-Server-guest.xml | 2 +
.../x86_64-cpuid-Ice-Lake-Server-host.xml | 2 +
...puid-Ryzen-7-1800X-Eight-Core-disabled.xml | 2 +-
...4-cpuid-Ryzen-7-1800X-Eight-Core-guest.xml | 3 +
...64-cpuid-Ryzen-7-1800X-Eight-Core-host.xml | 3 +
...4-cpuid-Ryzen-9-3900X-12-Core-disabled.xml | 2 +-
...6_64-cpuid-Ryzen-9-3900X-12-Core-guest.xml | 3 +
...86_64-cpuid-Ryzen-9-3900X-12-Core-host.xml | 3 +
.../x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml | 2 +-
.../x86_64-cpuid-Xeon-E3-1225-v5-guest.xml | 1 +
.../x86_64-cpuid-Xeon-E3-1225-v5-host.xml | 1 +
.../x86_64-cpuid-Xeon-E3-1245-v5-disabled.xml | 2 +-
.../x86_64-cpuid-Xeon-E3-1245-v5-guest.xml | 1 +
.../x86_64-cpuid-Xeon-E3-1245-v5-host.xml | 1 +
.../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml | 1 +
.../domaincapsdata/qemu_6.1.0-tcg.x86_64.xml | 1 +
.../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml | 2 +
.../domaincapsdata/qemu_7.0.0-tcg.x86_64.xml | 2 +
.../domaincapsdata/qemu_7.1.0-tcg.x86_64.xml | 2 +
.../domaincapsdata/qemu_7.2.0-q35.x86_64.xml | 2 +
.../domaincapsdata/qemu_7.2.0-tcg.x86_64.xml | 2 +
tests/domaincapsdata/qemu_7.2.0.x86_64.xml | 2 +
.../cpu-host-model.x86_64-latest.args | 2 +-
56 files changed, 494 insertions(+), 37 deletions(-)
create mode 100755 src/cpu_map/sync_qemu_features_i386.py
rename src/cpu_map/{sync_qemu_i386.py => sync_qemu_models_i386.py} (100%)
--
2.36.1
2 years, 4 months
[PATCH 00/48] Retire more capabilities
by Michal Privoznik
Chop chop. More capabilities can be retired.
https://gitlab.com/MichalPrivoznik/libvirt/-/pipelines/688345136
Michal Prívozník (48):
qemu: Drop misleading comment for
qemuDomainQueryWakeupSuspendSupport()
qemu: Acquire QUERY job in qemuDomainQueryWakeupSuspendSupport()
tests: Make qemuAgent single sync
qemu: Assume QEMU_CAPS_NUMA
qemu_capabilities: Stop detecting QEMU_CAPS_NUMA
qemu: Retire QEMU_CAPS_NUMA
qemu: Assume QEMU_CAPS_VSERPORT_CHANGE
qemu_agent: Drop @singleSync from _qemuAgent
qemu_capabilities: Stop detecting QEMU_CAPS_VSERPORT_CHANGE
qemu: Retire QEMU_CAPS_VSERPORT_CHANGE
qemu: Assume QEMU_CAPS_DUMP_COMPLETED
qemu_capabilities: Stop detecting QEMU_CAPS_DUMP_COMPLETED
qemu: Retire QEMU_CAPS_DUMP_COMPLETED
qemu: Assume QEMU_CAPS_QOM_LIST_PROPERTIES
qemu_capabilities: Stop detecting QEMU_CAPS_QOM_LIST_PROPERTIES
qemu: Retire QEMU_CAPS_QOM_LIST_PROPERTIES
qemu: Assume QEMU_CAPS_QUERY_CURRENT_MACHINE
qemu_capabilities: Stop detecting QEMU_CAPS_QUERY_CURRENT_MACHINE
qemu: Retire QEMU_CAPS_QUERY_CURRENT_MACHINE
qemu_capabilities: Stop detecting QEMU_CAPS_BITMAP_MERGE
qemu: Retire QEMU_CAPS_BITMAP_MERGE
qemu: Assume QEMU_CAPS_QUERY_DISPLAY_OPTIONS
qemu_capabilities: Stop detecting QEMU_CAPS_QUERY_DISPLAY_OPTIONS
qemu: Retire QEMU_CAPS_QUERY_DISPLAY_OPTIONS
qemu: Assume QEMU_CAPS_VIRTIO_NET_RX_QUEUE_SIZE
qemu_capabilities: Stop detecting QEMU_CAPS_VIRTIO_NET_RX_QUEUE_SIZE
qemu: Retire QEMU_CAPS_VIRTIO_NET_RX_QUEUE_SIZE
qemu: Assume QEMU_CAPS_VIRTIO_NET_TX_QUEUE_SIZE
qemu_capabilities: Stop detecting QEMU_CAPS_VIRTIO_NET_TX_QUEUE_SIZE
qemu: Retire QEMU_CAPS_VIRTIO_NET_TX_QUEUE_SIZE
qemu: Assume QEMU_CAPS_VIRTIO_NET_HOST_MTU
qemu_capabilities: Stop detecting QEMU_CAPS_VIRTIO_NET_HOST_MTU
qemu: Retire QEMU_CAPS_VIRTIO_NET_HOST_MTU
qemu: Assume QEMU_CAPS_VIRTIO_NET_FAILOVER
qemu_capabilities: Stop detecting QEMU_CAPS_VIRTIO_NET_FAILOVER
qemu: Retire QEMU_CAPS_VIRTIO_NET_FAILOVER
qemu: Assume QEMU_CAPS_BLOCKIO
qemu_capabilities: Stop detecting QEMU_CAPS_BLOCKIO
qemu: Retire QEMU_CAPS_BLOCKIO
qemu: Assume QEMU_CAPS_VIRTIO_BLK_NUM_QUEUES
qemu_capabilities: Stop detecting QEMU_CAPS_VIRTIO_BLK_QUEUE_SIZE
qemu: Retire QEMU_CAPS_VIRTIO_BLK_NUM_QUEUES
qemu: Assume QEMU_CAPS_DISK_SHARE_RW
qemu_capabilities: Stop detecting QEMU_CAPS_DISK_SHARE_RW
qemu: Retire QEMU_CAPS_DISK_SHARE_RW
qemu: Assume QEMU_CAPS_DISK_WRITE_CACHE
qemu_capabilities: Stop detecting QEMU_CAPS_DISK_WRITE_CACHE
qemu: Retire QEMU_CAPS_DISK_WRITE_CACHE
src/qemu/qemu_agent.c | 7 +-
src/qemu/qemu_agent.h | 3 +-
src/qemu/qemu_capabilities.c | 76 ++++---------------
src/qemu/qemu_capabilities.h | 30 ++++----
src/qemu/qemu_command.c | 15 +---
src/qemu/qemu_domain.c | 10 +--
src/qemu/qemu_driver.c | 40 +++-------
src/qemu/qemu_process.c | 6 +-
src/qemu/qemu_validate.c | 54 -------------
tests/qemuagenttest.c | 50 +-----------
.../caps_4.2.0.aarch64.xml | 15 ----
.../qemucapabilitiesdata/caps_4.2.0.ppc64.xml | 14 ----
.../qemucapabilitiesdata/caps_4.2.0.s390x.xml | 15 ----
.../caps_4.2.0.x86_64.xml | 15 ----
.../caps_5.0.0.aarch64.xml | 15 ----
.../qemucapabilitiesdata/caps_5.0.0.ppc64.xml | 15 ----
.../caps_5.0.0.riscv64.xml | 15 ----
.../caps_5.0.0.x86_64.xml | 15 ----
.../qemucapabilitiesdata/caps_5.1.0.sparc.xml | 9 ---
.../caps_5.1.0.x86_64.xml | 15 ----
.../caps_5.2.0.aarch64.xml | 15 ----
.../qemucapabilitiesdata/caps_5.2.0.ppc64.xml | 15 ----
.../caps_5.2.0.riscv64.xml | 15 ----
.../qemucapabilitiesdata/caps_5.2.0.s390x.xml | 15 ----
.../caps_5.2.0.x86_64.xml | 15 ----
.../caps_6.0.0.aarch64.xml | 15 ----
.../qemucapabilitiesdata/caps_6.0.0.s390x.xml | 15 ----
.../caps_6.0.0.x86_64.xml | 15 ----
.../caps_6.1.0.x86_64.xml | 15 ----
.../caps_6.2.0.aarch64.xml | 15 ----
.../qemucapabilitiesdata/caps_6.2.0.ppc64.xml | 15 ----
.../caps_6.2.0.x86_64.xml | 15 ----
.../caps_7.0.0.aarch64.xml | 15 ----
.../qemucapabilitiesdata/caps_7.0.0.ppc64.xml | 15 ----
.../caps_7.0.0.x86_64.xml | 15 ----
.../qemucapabilitiesdata/caps_7.1.0.ppc64.xml | 15 ----
.../caps_7.1.0.x86_64.xml | 15 ----
.../caps_7.2.0.x86_64.xml | 15 ----
tests/qemumonitortestutils.c | 3 +-
tests/qemuxml2argvdata/controller-order.args | 2 +-
tests/qemuxml2argvdata/cpu-numa-disjoint.err | 1 -
.../fd-memory-numa-topology2.args | 2 +-
.../fd-memory-numa-topology2.xml | 2 +-
.../fd-memory-numa-topology3.args | 2 +-
.../fd-memory-numa-topology3.xml | 2 +-
tests/qemuxml2argvdata/net-virtio-teaming.err | 1 -
tests/qemuxml2argvdata/numatune-memnode.err | 1 -
.../video-device-pciaddr-default.args | 2 +-
.../video-qxl-device-vgamem.args | 2 +-
tests/qemuxml2argvdata/video-qxl-device.args | 2 +-
.../video-qxl-sec-device-vgamem.args | 2 +-
.../video-qxl-sec-device.args | 2 +-
.../video-vga-device-vgamem.args | 2 +-
tests/qemuxml2argvdata/video-vga-device.args | 2 +-
.../video-virtio-gpu-device.args | 2 +-
.../video-virtio-gpu-sdl-gl.args | 2 +-
.../video-virtio-gpu-spice-gl.args | 2 +-
.../video-virtio-gpu-virgl.args | 2 +-
tests/qemuxml2argvdata/video-virtio-vga.args | 2 +-
tests/qemuxml2argvtest.c | 31 +++-----
tests/qemuxml2xmltest.c | 21 ++---
61 files changed, 90 insertions(+), 706 deletions(-)
delete mode 100644 tests/qemuxml2argvdata/cpu-numa-disjoint.err
delete mode 100644 tests/qemuxml2argvdata/net-virtio-teaming.err
delete mode 100644 tests/qemuxml2argvdata/numatune-memnode.err
--
2.37.4
2 years, 4 months
[libvirt] conf: Allow > UINT_MAX of cache for NUMA nodes
by Lin Yang
The high-bandwidth memory (HBM) in cache mode might be greater than
UINT_MAX of cache per NUMA node, so change to unsigned long long.
Signed-off-by: Lin Yang <lin.a.yang(a)intel.com>
---
src/conf/capabilities.c | 70 +++++++++++++++++++++++++++--------------
src/conf/numa_conf.c | 2 +-
src/conf/numa_conf.h | 2 +-
3 files changed, 48 insertions(+), 26 deletions(-)
diff --git a/src/conf/capabilities.c b/src/conf/capabilities.c
index e498c77efc..85c06f0d2b 100644
--- a/src/conf/capabilities.c
+++ b/src/conf/capabilities.c
@@ -1549,10 +1549,10 @@ virCapabilitiesGetNUMAPagesInfo(int node,
static int
-virCapabilitiesGetNodeCacheReadFile(const char *prefix,
- const char *dir,
- const char *file,
- unsigned int *value)
+virCapabilitiesGetNodeCacheReadFileUint(const char *prefix,
+ const char *dir,
+ const char *file,
+ unsigned int *value)
{
g_autofree char *path = g_build_filename(prefix, dir, file, NULL);
int rv = virFileReadValueUint(value, "%s", path);
@@ -1570,6 +1570,28 @@ virCapabilitiesGetNodeCacheReadFile(const char *prefix,
}
+static int
+virCapabilitiesGetNodeCacheReadFileUllong(const char *prefix,
+ const char *dir,
+ const char *file,
+ unsigned long long *value)
+{
+ g_autofree char *path = g_build_filename(prefix, dir, file, NULL);
+ int rv = virFileReadValueUllong(value, "%s", path);
+
+ if (rv < 0) {
+ if (rv == -2) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("File '%s' does not exist"),
+ path);
+ }
+ return -1;
+ }
+
+ return 0;
+}
+
+
static int
virCapsHostNUMACellCacheComparator(const void *a,
const void *b)
@@ -1612,18 +1634,18 @@ virCapabilitiesGetNodeCache(int node,
return -1;
}
- if (virCapabilitiesGetNodeCacheReadFile(path, entry->d_name,
- "size", &cache.size) < 0)
+ if (virCapabilitiesGetNodeCacheReadFileUllong(path, entry->d_name,
+ "size", &cache.size) < 0)
return -1;
cache.size >>= 10; /* read in bytes but stored in kibibytes */
- if (virCapabilitiesGetNodeCacheReadFile(path, entry->d_name,
- "line_size", &cache.line) < 0)
+ if (virCapabilitiesGetNodeCacheReadFileUint(path, entry->d_name,
+ "line_size", &cache.line) < 0)
return -1;
- if (virCapabilitiesGetNodeCacheReadFile(path, entry->d_name,
- "indexing", &indexing) < 0)
+ if (virCapabilitiesGetNodeCacheReadFileUint(path, entry->d_name,
+ "indexing", &indexing) < 0)
return -1;
/* see enum cache_indexing in kernel */
@@ -1638,8 +1660,8 @@ virCapabilitiesGetNodeCache(int node,
return -1;
}
- if (virCapabilitiesGetNodeCacheReadFile(path, entry->d_name,
- "write_policy", &write_policy) < 0)
+ if (virCapabilitiesGetNodeCacheReadFileUint(path, entry->d_name,
+ "write_policy", &write_policy) < 0)
return -1;
/* see enum cache_write_policy in kernel */
@@ -1793,26 +1815,26 @@ virCapabilitiesHostNUMAInitInterconnectsNode(GArray *interconnects,
if (!virFileExists(path))
return 0;
- if (virCapabilitiesGetNodeCacheReadFile(path, "initiators",
- "read_bandwidth",
- &read_bandwidth) < 0)
+ if (virCapabilitiesGetNodeCacheReadFileUint(path, "initiators",
+ "read_bandwidth",
+ &read_bandwidth) < 0)
return -1;
- if (virCapabilitiesGetNodeCacheReadFile(path, "initiators",
- "write_bandwidth",
- &write_bandwidth) < 0)
+ if (virCapabilitiesGetNodeCacheReadFileUint(path, "initiators",
+ "write_bandwidth",
+ &write_bandwidth) < 0)
return -1;
/* Bandwidths are read in MiB but stored in KiB */
read_bandwidth <<= 10;
write_bandwidth <<= 10;
- if (virCapabilitiesGetNodeCacheReadFile(path, "initiators",
- "read_latency",
- &read_latency) < 0)
+ if (virCapabilitiesGetNodeCacheReadFileUint(path, "initiators",
+ "read_latency",
+ &read_latency) < 0)
return -1;
- if (virCapabilitiesGetNodeCacheReadFile(path, "initiators",
- "write_latency",
- &write_latency) < 0)
+ if (virCapabilitiesGetNodeCacheReadFileUint(path, "initiators",
+ "write_latency",
+ &write_latency) < 0)
return -1;
initPath = g_strdup_printf("%s/initiators", path);
diff --git a/src/conf/numa_conf.c b/src/conf/numa_conf.c
index 688aa7b409..b55bb3ffcb 100644
--- a/src/conf/numa_conf.c
+++ b/src/conf/numa_conf.c
@@ -1765,7 +1765,7 @@ virNumaCacheFormat(virBuffer *buf,
}
virBufferAsprintf(&childBuf,
- "<size value='%u' unit='KiB'/>\n",
+ "<size value='%llu' unit='KiB'/>\n",
cache->size);
if (cache->line) {
diff --git a/src/conf/numa_conf.h b/src/conf/numa_conf.h
index 1d1e816870..bbb928abb2 100644
--- a/src/conf/numa_conf.h
+++ b/src/conf/numa_conf.h
@@ -263,7 +263,7 @@ void virNumaDistanceFormat(virBuffer *buf,
typedef struct _virNumaCache virNumaCache;
struct _virNumaCache {
unsigned int level; /* cache level */
- unsigned int size; /* cache size */
+ unsigned long long size; /* cache size */
unsigned int line; /* line size, !!! in bytes !!! */
virNumaCacheAssociativity associativity; /* cache associativity */
virNumaCachePolicy policy; /* cache policy */
--
2.25.1
2 years, 4 months
[PATCH] qemu_agent: Bring back single sync
by Michal Privoznik
Historically, we had no idea whether the qemu-ga running inside
the guest was running or not. Or whether it crashed in the middle
of reading of a command. That's why we issued guest-sync prior
any intended command, to make the agent flush any partially read
JSON and reset its state machine.
But with VSERPORT_CHANGE event we know when the guest agent
(dis-)connects and thus can issue the sync command just once for
each 'connection'. Whether the agent is synced is tracked in
agent->inSync member, which used to be set to true upon
successful sync. But after rework in v8.0.0-rc1~361 that line is
gone, leaving us with using the historic approach basically.
Fixes: cad84fd51eaac5e3bfdf441f9986e1f2639a0828
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/qemu_agent.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c
index 0d77a2f90d..94782f2bc9 100644
--- a/src/qemu/qemu_agent.c
+++ b/src/qemu/qemu_agent.c
@@ -869,16 +869,20 @@ qemuAgentGuestSync(qemuAgent *agent)
return -1;
/* successfully sync'd */
- if (rc == 1)
+ if (rc == 1) {
+ agent->inSync = true;
return 0;
+ }
/* send another sync */
if ((rc = qemuAgentGuestSyncSend(agent, timeout, false)) < 0)
return -1;
/* successfully sync'd */
- if (rc == 1)
+ if (rc == 1) {
+ agent->inSync = true;
return 0;
+ }
if (agent->running)
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
--
2.37.4
2 years, 4 months
