[PATCH v2 1/3] Revert "qemu: explicit swtpm state locking"
by marcandre.lureau@redhat.com
From: Marc-André Lureau <marcandre.lureau(a)redhat.com>
This reverts commit bb5e26749fe5b5856a3541be2cbe147701e6e121.
swtpm-setup doesn't have "tpmstate-lock", only swtpm.
Signed-off-by: Marc-André Lureau <marcandre.lureau(a)redhat.com>
---
src/qemu/qemu_tpm.c | 11 ++---------
src/util/virtpm.c | 1 -
src/util/virtpm.h | 1 -
tests/testutilsqemu.c | 1 -
4 files changed, 2 insertions(+), 12 deletions(-)
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index f5e0184e54..476e3dd224 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -344,23 +344,16 @@ static char *
qemuTPMGetSwtpmSetupStateArg(const virDomainTPMSourceType source_type,
const char *source_path)
{
- const char *lock = ",lock";
-
- if (!virTPMSwtpmSetupCapsGet(VIR_TPM_SWTPM_SETUP_FEATURE_TPMSTATE_OPT_LOCK)) {
- VIR_WARN("This swtpm version doesn't support explicit locking");
- lock = "";
- }
-
switch (source_type) {
case VIR_DOMAIN_TPM_SOURCE_TYPE_FILE:
/* the file:// prefix is supported since swtpm_setup 0.7.0 */
/* assume the capability check for swtpm is redundant. */
- return g_strdup_printf("file://%s%s", source_path, lock);
+ return g_strdup_printf("file://%s", source_path);
case VIR_DOMAIN_TPM_SOURCE_TYPE_DIR:
case VIR_DOMAIN_TPM_SOURCE_TYPE_DEFAULT:
case VIR_DOMAIN_TPM_SOURCE_TYPE_LAST:
default:
- return g_strdup_printf("%s%s", source_path, lock);
+ return g_strdup_printf("%s", source_path);
}
}
diff --git a/src/util/virtpm.c b/src/util/virtpm.c
index 4016ad8fc4..f90839debe 100644
--- a/src/util/virtpm.c
+++ b/src/util/virtpm.c
@@ -53,7 +53,6 @@ VIR_ENUM_IMPL(virTPMSwtpmSetupFeature,
"cmdarg-reconfigure-pcr-banks",
"tpm-1.2",
"tpm-2.0",
- "tpmstate-opt-lock",
"cmdarg-profile",
);
diff --git a/src/util/virtpm.h b/src/util/virtpm.h
index 03fb92629a..4119a903e5 100644
--- a/src/util/virtpm.h
+++ b/src/util/virtpm.h
@@ -45,7 +45,6 @@ typedef enum {
VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_RECONFIGURE_PCR_BANKS,
VIR_TPM_SWTPM_SETUP_FEATURE_TPM_1_2,
VIR_TPM_SWTPM_SETUP_FEATURE_TPM_2_0,
- VIR_TPM_SWTPM_SETUP_FEATURE_TPMSTATE_OPT_LOCK,
VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PROFILE,
VIR_TPM_SWTPM_SETUP_FEATURE_LAST
diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c
index 5caccbc6b4..abc425b9b7 100644
--- a/tests/testutilsqemu.c
+++ b/tests/testutilsqemu.c
@@ -71,7 +71,6 @@ virTPMSwtpmSetupCapsGet(virTPMSwtpmSetupFeature cap)
case VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_CREATE_CONFIG_FILES:
case VIR_TPM_SWTPM_SETUP_FEATURE_TPM12_NOT_NEED_ROOT:
case VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_RECONFIGURE_PCR_BANKS:
- case VIR_TPM_SWTPM_SETUP_FEATURE_TPMSTATE_OPT_LOCK:
case VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PROFILE:
case VIR_TPM_SWTPM_SETUP_FEATURE_LAST:
break;
--
2.47.0
4 hours, 37 minutes
[PATCH] apparmor: Allow running loongarch64 VMs on Debian 12
by Xianglai Li
Allows to load firmware in the qemu-efi-loongarch64 directory
Allows the binary qemu-system-loongarch64 to be run
This makes it impossible to run loongarch64 VMs when AppArmor is enabled
Signed-off-by: Xianglai Li <lixianglai(a)loongson.cn>
---
src/security/apparmor/libvirt-qemu.in | 1 +
src/security/virt-aa-helper.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/src/security/apparmor/libvirt-qemu.in b/src/security/apparmor/libvirt-qemu.in
index 694da26dea..c63077574e 100644
--- a/src/security/apparmor/libvirt-qemu.in
+++ b/src/security/apparmor/libvirt-qemu.in
@@ -144,6 +144,7 @@
/usr/bin/qemu-system-hppa rmix,
/usr/bin/qemu-system-i386 rmix,
/usr/bin/qemu-system-lm32 rmix,
+ /usr/bin/qemu-system-loongarch64 rmix,
/usr/bin/qemu-system-m68k rmix,
/usr/bin/qemu-system-microblaze rmix,
/usr/bin/qemu-system-microblazeel rmix,
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 1cf9d7ad3d..94a28bf331 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -481,6 +481,7 @@ valid_path(const char *path, const bool readonly)
"/usr/share/AAVMF/",
"/usr/share/qemu-efi/", /* for AAVMF images */
"/usr/share/qemu-efi-aarch64/",
+ "/usr/share/qemu-efi-loongarch64/",
"/usr/share/qemu-efi-riscv64/",
"/usr/share/qemu/", /* SUSE path for OVMF and AAVMF images */
"/usr/lib/u-boot/",
--
2.39.1
5 hours, 54 minutes
[PATCH] hyperv: Introduce and export 'facility' variable.
by Michal Privoznik
In its upstream commit [1] openwsman dropped 'facility' variable
which is documented as:
* all processes that use the libu must define a "facility" variable somewhere
* to satisfy this external linkage reference.
*
* Such variable will be used as the syslog(3) facility argument.
Well, prior to that commit, openwsman itself declared the
variable (and set it to LOG_DAEMON). Now it's up to us.
Yeah, the variable naming is terrible and also I we are not using
libu directly, but apparently libwsman.so requires it anyway:
$ objdump -T /usr/lib64/libwsman.so | grep facility
0000000000000000 D *UND* 0000000000000000 Base facility
1: https://github.com/Openwsman/openwsman/commit/d72c51f21b9c85a773b7955ac58...
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/hyperv/hyperv_wmi.c | 3 +++
src/libvirt_hyperv.syms | 11 +++++++++++
src/meson.build | 6 ++++++
3 files changed, 20 insertions(+)
create mode 100644 src/libvirt_hyperv.syms
diff --git a/src/hyperv/hyperv_wmi.c b/src/hyperv/hyperv_wmi.c
index 0b82f1f131..040bcfec11 100644
--- a/src/hyperv/hyperv_wmi.c
+++ b/src/hyperv/hyperv_wmi.c
@@ -28,6 +28,7 @@
#include <wsman-soap.h>
#include <wsman-xml.h>
#include <wsman-xml-binding.h>
+#include <u/syslog.h>
#include "internal.h"
#include "virerror.h"
@@ -47,6 +48,8 @@
VIR_LOG_INIT("hyperv.hyperv_wmi");
+int facility = LOG_DAEMON;
+
int
hypervGetWmiClassList(hypervPrivate *priv, hypervWmiClassInfo *wmiInfo,
virBuffer *query, hypervObject **wmiClass)
diff --git a/src/libvirt_hyperv.syms b/src/libvirt_hyperv.syms
new file mode 100644
index 0000000000..60e98db473
--- /dev/null
+++ b/src/libvirt_hyperv.syms
@@ -0,0 +1,11 @@
+#
+# HyperV-specific symbols
+#
+
+# hyperv/hyperv_wmi.c
+facility;
+
+# Let emacs know we want case-insensitive sorting
+# Local Variables:
+# sort-fold-case: t
+# End:
diff --git a/src/meson.build b/src/meson.build
index b53ea2a71f..cce89fac27 100644
--- a/src/meson.build
+++ b/src/meson.build
@@ -125,6 +125,12 @@ else
sym_files += 'libvirt_libssh2.syms'
endif
+if conf.has('WITH_HYPERV')
+ used_sym_files += 'libvirt_hyperv.syms'
+else
+ sym_files += 'libvirt_hyperv.syms'
+endif
+
# variables filled by subdirectories
libvirt_libs = []
--
2.45.2
7 hours, 59 minutes
[PATCH v5 00/18] *** qemu: block: Support block disk along with throttle filters ***
by Harikumar R
*** BLURB HERE ***
Chun Feng Wu (17):
schema: Add new domain elements to support multiple throttle groups
schema: Add new domain elements to support multiple throttle filters
config: Introduce ThrottleGroup and corresponding XML parsing
config: Introduce ThrottleFilter and corresponding XML parsing
qemu: monitor: Add support for ThrottleGroup operations
tests: Test qemuMonitorJSONGetThrottleGroup and
qemuMonitorJSONUpdateThrottleGroup
remote: New APIs for ThrottleGroup lifecycle management
qemu: Refactor qemuDomainSetBlockIoTune to extract common methods
qemu: Implement qemu driver for throttle API
qemu: helper: throttle filter nodename and preparation processing
qemu: block: Support block disk along with throttle filters
config: validate: Verify iotune, throttle group and filter
qemuxmlconftest: Add 'throttlefilter' tests
test_driver: Test throttle group lifecycle APIs
virsh: Refactor iotune options for re-use
virsh: Add support for throttle group operations
virsh: Add option "throttle-groups" to "attach_disk"
Harikumar Rajkumar (1):
tests: Test qemuxmlactivetestThrottleGroup
docs/formatdomain.rst | 47 ++
docs/manpages/virsh.rst | 135 +++-
include/libvirt/libvirt-domain.h | 21 +
src/conf/domain_conf.c | 398 ++++++++++
src/conf/domain_conf.h | 45 ++
src/conf/domain_validate.c | 119 ++-
src/conf/schemas/domaincommon.rng | 293 ++++----
src/conf/virconftypes.h | 4 +
src/driver-hypervisor.h | 22 +
src/libvirt-domain.c | 174 +++++
src/libvirt_private.syms | 8 +
src/libvirt_public.syms | 7 +
src/qemu/qemu_block.c | 136 ++++
src/qemu/qemu_block.h | 49 ++
src/qemu/qemu_command.c | 180 +++++
src/qemu/qemu_command.h | 6 +
src/qemu/qemu_domain.c | 73 +-
src/qemu/qemu_driver.c | 619 +++++++++++++---
src/qemu/qemu_hotplug.c | 33 +
src/qemu/qemu_monitor.c | 34 +
src/qemu/qemu_monitor.h | 14 +
src/qemu/qemu_monitor_json.c | 134 ++++
src/qemu/qemu_monitor_json.h | 14 +
src/remote/remote_daemon_dispatch.c | 44 ++
src/remote/remote_driver.c | 40 ++
src/remote/remote_protocol.x | 48 +-
src/remote_protocol-structs | 28 +
src/test/test_driver.c | 452 ++++++++----
tests/qemumonitorjsontest.c | 86 +++
.../throttlefilter-in.xml | 392 ++++++++++
.../throttlefilter-out.xml | 393 ++++++++++
tests/qemuxmlactivetest.c | 1 +
.../throttlefilter-invalid.x86_64-latest.err | 1 +
.../throttlefilter-invalid.xml | 89 +++
.../throttlefilter.x86_64-latest.args | 55 ++
.../throttlefilter.x86_64-latest.xml | 105 +++
tests/qemuxmlconfdata/throttlefilter.xml | 95 +++
tests/qemuxmlconftest.c | 2 +
tools/virsh-completer-domain.c | 82 +++
tools/virsh-completer-domain.h | 16 +
tools/virsh-domain.c | 680 ++++++++++++++----
41 files changed, 4649 insertions(+), 525 deletions(-)
create mode 100644 tests/qemustatusxml2xmldata/throttlefilter-in.xml
create mode 100644 tests/qemustatusxml2xmldata/throttlefilter-out.xml
create mode 100644 tests/qemuxmlconfdata/throttlefilter-invalid.x86_64-latest.err
create mode 100644 tests/qemuxmlconfdata/throttlefilter-invalid.xml
create mode 100644 tests/qemuxmlconfdata/throttlefilter.x86_64-latest.args
create mode 100644 tests/qemuxmlconfdata/throttlefilter.x86_64-latest.xml
create mode 100644 tests/qemuxmlconfdata/throttlefilter.xml
--
2.39.5 (Apple Git-154)
9 hours, 6 minutes
[PATCH 0/2] po: handle translatin of polkit policy file strings
by Daniel P. Berrangé
There was a proposal
https://gitlab.com/libvirt/libvirt/-/merge_requests/387
to add translations for the polkit files. In reviewing this we came
to the conclusion the approach was undesirable. After getting misled
by a Debian/Ubuntu specific downstream only patch to polkit which
auto-translated polkit files at runtime, this implements the manual
approach of merging translations into the polkit files at build time.
Daniel P. Berrangé (2):
po: add its rules for translating polkit file strings
remote: apply translations to polkit files
meson.build | 5 +++++
po/POTFILES | 2 ++
po/its/polkit.its | 8 ++++++++
po/its/polkit.loc | 6 ++++++
po/meson.build | 3 +--
src/access/meson.build | 18 ++++++++++++++----
.../{libvirtd.policy => libvirtd.policy.in} | 0
src/remote/meson.build | 13 ++++++++-----
8 files changed, 44 insertions(+), 11 deletions(-)
create mode 100644 po/its/polkit.its
create mode 100644 po/its/polkit.loc
rename src/remote/{libvirtd.policy => libvirtd.policy.in} (100%)
--
2.46.0
3 days, 4 hours
[PATCH 00/19] hw/microblaze: Allow running cross-endian vCPUs
by Philippe Mathieu-Daudé
Make machines endianness-agnostic, allowing to run a big-endian vCPU
on the little-endian 'qemu-system-microblazeel' binary, and a little
endian one on the big-endian 'qemu-system-microblaze' binary.
Tests added, following combinations covered:
- little-endian vCPU using little-endian binary (in-tree)
- little-endian vCPU using big-endian binary (new)
- big-endian vCPU using little-endian binary (new)
- big-endian vCPU using big-endian binary (in-tree)
Deprecate untested big-endian machines, likely build on the big
endian binary by mistake:
- petalogix-ml605
- xlnx-zynqmp-pmu
To make a target endian-agnostic we need to remove the MO_TE uses.
In order to do that, we propagate the MemOp from earlier in the
call stack, or we extract it from the vCPU env (on MicroBlaze the
CPU endianness is exposed by the 'ENDI' bit).
Note, since vCPU can run in any endianness, the
MemoryRegionOps::endianness should not be DEVICE_NATIVE_ENDIAN
anymore, because this definition expand to the binary endianness,
swapping data regardless how the vcpu access it.
See adjust_endianness() -> devend_memop(). Something to keep in
mind, possibly requiring further work and optimizations (avoid
double-swap).
Next step: Look at unifying binaries.
Please review,
Phil.
Philippe Mathieu-Daudé (19):
target/microblaze: Rename CPU endianness property as 'little-endian'
hw/microblaze: Deprecate big-endian petalogix-ml605 & xlnx-zynqmp-pmu
hw/microblaze/s3adsp1800: Explicit CPU endianness
hw/microblaze/s3adsp1800: Rename unimplemented MMIO region as xps_gpio
hw/microblaze/s3adsp1800: Declare machine type using DEFINE_TYPES
macro
hw/microblaze: Fix MemoryRegionOps coding style
hw/microblaze: Restrict MemoryRegionOps are implemented as 32-bit
hw/microblaze: Propagate CPU endianness to microblaze_load_kernel()
hw/intc/xilinx_intc: Only expect big-endian accesses
hw/timer/xilinx_timer: Only expect big-endian accesses
hw/timer/xilinx_timer: Allow down to 8-bit memory access
hw/net/xilinx_ethlite: Only expect big-endian accesses
target/microblaze: Explode MO_TExx -> MO_TE | MO_xx
target/microblaze: Set MO_TE once in do_load() / do_store()
target/microblaze: Introduce mo_endian() helper
target/microblaze: Consider endianness while translating code
hw/microblaze: Support various endianness for s3adsp1800 machines
tests/functional: Explicit endianness of microblaze assets
tests/functional: Add microblaze cross-endianness tests
docs/about/deprecated.rst | 6 ++
.../devices/microblaze-softmmu/default.mak | 2 -
.../devices/microblazeel-softmmu/default.mak | 5 +-
hw/microblaze/boot.h | 4 +-
target/microblaze/cpu.h | 7 ++
hw/char/xilinx_uartlite.c | 8 ++-
hw/intc/xilinx_intc.c | 23 +++++--
hw/microblaze/boot.c | 8 +--
hw/microblaze/petalogix_ml605_mmu.c | 11 ++-
hw/microblaze/petalogix_s3adsp1800_mmu.c | 67 +++++++++++++++++--
hw/microblaze/xlnx-zynqmp-pmu.c | 12 ++--
hw/net/xilinx_ethlite.c | 28 ++++++--
hw/timer/xilinx_timer.c | 15 +++--
target/microblaze/cpu.c | 2 +-
target/microblaze/translate.c | 49 ++++++++------
.../functional/test_microblaze_s3adsp1800.py | 27 +++++++-
.../test_microblazeel_s3adsp1800.py | 25 ++++++-
17 files changed, 236 insertions(+), 63 deletions(-)
--
2.45.2
4 days, 7 hours
[PATCH] nodedev: udev: Hook up virFileWaitForExist to address uevent,
race of pci device
by Guoyi Tu
this commit addresses the same issue that as commit 1af45804 does.
the following message is copying from that commit:
If we find ourselves in the situation that the 'add' uevent has been
fired earlier than the sysfs tree for a device was created, we should
use the best-effort approach and give kernel some predetermined amount
of time, thus waiting for the attributes to be ready rather than
discarding the device from our device list forever. If those don't appear
in the given time frame, we need to move on, since libvirt can't wait
indefinitely.
Signed-off-by: Guoyi Tu <tugy(a)chinatelecom.cn>
---
src/node_device/node_device_udev.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/node_device/node_device_udev.c
b/src/node_device/node_device_udev.c
index 1d8486f623..4a1786c21c 100644
--- a/src/node_device/node_device_udev.c
+++ b/src/node_device/node_device_udev.c
@@ -427,10 +427,19 @@ udevProcessPCI(virNodeDeviceDriverState *driver_state,
virPCIEDeviceInfo *pci_express = NULL;
virPCIDevice *pciDev = NULL;
virPCIDeviceAddress devAddr = { 0 };
+ g_autofree char *linkpath = NULL;
int ret = -1;
char *p;
bool privileged = false;
+ linkpath = g_strdup_printf("%s/config",
udev_device_get_syspath(device));
+ if (virFileWaitForExists(linkpath, 10, 100) < 0) {
+ virReportSystemError(errno,
+ _("failed to wait for file '%1$s' to appear"),
+ linkpath);
+ goto cleanup;
+ }
+
VIR_WITH_MUTEX_LOCK_GUARD(&driver_state->lock) {
privileged = driver_state->privileged;
}
--
2.27.0
--
Guoyi
4 days, 13 hours
[PATCH] Support IDE/SATA disk 'product' parameter
by Adam Julis
Since we supported 'product' parameter for SCSI, just expanded existing
solution makes IDE/SATA parameter works too. QEMU requires parameter 'model'
in case of IDE/SATA (instead of 'product'), so the process of making JSON
object is slightly modified for that.
Resolves: https://gitlab.com/libvirt/libvirt/-/issues/697
Signed-off-by: Adam Julis <ajulis(a)redhat.com>
---
docs/formatdomain.rst | 7 ++--
src/qemu/qemu_command.c | 11 +++++-
src/qemu/qemu_validate.c | 14 ++++++--
...disk-product-build-error.x86_64-latest.err | 1 +
.../disk-scsi-disk-product-build-error.xml | 34 +++++++++++++++++++
...-disk-vendor-build-error.x86_64-latest.err | 1 +
... => disk-scsi-disk-vendor-build-error.xml} | 0
...csi-disk-vpd-build-error.x86_64-latest.err | 1 -
.../disk-scsi-disk-vpd.x86_64-latest.args | 4 +--
.../disk-scsi-disk-vpd.x86_64-latest.xml | 7 ++--
tests/qemuxmlconfdata/disk-scsi-disk-vpd.xml | 4 +--
tests/qemuxmlconftest.c | 3 +-
12 files changed, 71 insertions(+), 16 deletions(-)
create mode 100644 tests/qemuxmlconfdata/disk-scsi-disk-product-build-error.x86_64-latest.err
create mode 100644 tests/qemuxmlconfdata/disk-scsi-disk-product-build-error.xml
create mode 100644 tests/qemuxmlconfdata/disk-scsi-disk-vendor-build-error.x86_64-latest.err
rename tests/qemuxmlconfdata/{disk-scsi-disk-vpd-build-error.xml => disk-scsi-disk-vendor-build-error.xml} (100%)
delete mode 100644 tests/qemuxmlconfdata/disk-scsi-disk-vpd-build-error.x86_64-latest.err
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 60bee8bd4f..c93a321401 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -3551,12 +3551,13 @@ paravirtualized driver is specified via the ``disk`` element.
:since:`Since 0.10.1`
``vendor``
If present, this element specifies the vendor of a virtual hard disk or
- CD-ROM device. It must not be longer than 8 printable characters.
- :since:`Since 1.0.1`
+ CD-ROM device. It must not be longer than 8 printable characters. Only for
+ devices using 'scsi' ``bus``. :since:`Since 1.0.1`
``product``
If present, this element specifies the product of a virtual hard disk or
CD-ROM device. It must not be longer than 16 printable characters.
- :since:`Since 1.0.1`
+ Only for devices using 'scsi' (:since:`Since 1.0.1`), 'sata' or 'ide' ``bus``.
+ :since:`Since 11.0.0`
``address``
If present, the ``address`` element ties the disk to a given slot of a
controller (the actual ``<controller>`` device can often be inferred by
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index dcb9c4934e..5c38858f5d 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -1628,6 +1628,11 @@ qemuBuildDiskDeviceProps(const virDomainDef *def,
else
driver = "ide-hd";
+ if (virJSONValueObjectAdd(&props,
+ "S:model", disk->product,
+ NULL) < 0)
+ return NULL;
+
break;
case VIR_DOMAIN_DISK_BUS_SCSI:
@@ -1654,6 +1659,11 @@ qemuBuildDiskDeviceProps(const virDomainDef *def,
}
}
+ if (virJSONValueObjectAdd(&props,
+ "S:product", disk->product,
+ NULL) < 0)
+ return NULL;
+
break;
case VIR_DOMAIN_DISK_BUS_VIRTIO: {
@@ -1803,7 +1813,6 @@ qemuBuildDiskDeviceProps(const virDomainDef *def,
"A:wwn", &wwn,
"p:rotation_rate", disk->rotation_rate,
"S:vendor", disk->vendor,
- "S:product", disk->product,
"T:removable", removable,
"S:write-cache", qemuOnOffAuto(writeCache),
"p:cyls", disk->geometry.cylinders,
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index aaa056379e..f0be236533 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -2947,10 +2947,20 @@ qemuValidateDomainDeviceDefDiskFrontend(const virDomainDiskDef *disk,
}
}
- if (disk->vendor || disk->product) {
+ if (disk->vendor) {
if (disk->bus != VIR_DOMAIN_DISK_BUS_SCSI) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("Only scsi disk supports vendor and product"));
+ _("Only scsi disk supports vendor"));
+ return -1;
+ }
+ }
+
+ if (disk->product) {
+ if ((disk->bus != VIR_DOMAIN_DISK_BUS_IDE) &&
+ (disk->bus != VIR_DOMAIN_DISK_BUS_SATA) &&
+ (disk->bus != VIR_DOMAIN_DISK_BUS_SCSI)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Only ide, sata and scsi disk supports product"));
return -1;
}
}
diff --git a/tests/qemuxmlconfdata/disk-scsi-disk-product-build-error.x86_64-latest.err b/tests/qemuxmlconfdata/disk-scsi-disk-product-build-error.x86_64-latest.err
new file mode 100644
index 0000000000..93dfac0d1e
--- /dev/null
+++ b/tests/qemuxmlconfdata/disk-scsi-disk-product-build-error.x86_64-latest.err
@@ -0,0 +1 @@
+unsupported configuration: Only ide, sata and scsi disk supports product
diff --git a/tests/qemuxmlconfdata/disk-scsi-disk-product-build-error.xml b/tests/qemuxmlconfdata/disk-scsi-disk-product-build-error.xml
new file mode 100644
index 0000000000..da2fc59da3
--- /dev/null
+++ b/tests/qemuxmlconfdata/disk-scsi-disk-product-build-error.xml
@@ -0,0 +1,34 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='x86_64' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <disk type='block' device='disk'>
+ <source dev='/dev/HostVG/QEMUGuest1'/>
+ <target dev='sda' bus='virtio'/>
+ <product>ST3146707LC</product>
+ </disk>
+ <disk type='block' device='disk'>
+ <source dev='/dev/HostVG/QEMUGuest2'/>
+ <target dev='sdb' bus='scsi'/>
+ <vendor>SEAGATE</vendor>
+ <product>ST3567807GD</product>
+ <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+ </disk>
+ <controller type='usb' index='0'/>
+ <controller type='scsi' index='0' model='virtio-scsi'/>
+ <controller type='scsi' index='1' model='lsilogic'/>
+ <memballoon model='virtio'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxmlconfdata/disk-scsi-disk-vendor-build-error.x86_64-latest.err b/tests/qemuxmlconfdata/disk-scsi-disk-vendor-build-error.x86_64-latest.err
new file mode 100644
index 0000000000..88bd9e5468
--- /dev/null
+++ b/tests/qemuxmlconfdata/disk-scsi-disk-vendor-build-error.x86_64-latest.err
@@ -0,0 +1 @@
+unsupported configuration: Only scsi disk supports vendor
diff --git a/tests/qemuxmlconfdata/disk-scsi-disk-vpd-build-error.xml b/tests/qemuxmlconfdata/disk-scsi-disk-vendor-build-error.xml
similarity index 100%
rename from tests/qemuxmlconfdata/disk-scsi-disk-vpd-build-error.xml
rename to tests/qemuxmlconfdata/disk-scsi-disk-vendor-build-error.xml
diff --git a/tests/qemuxmlconfdata/disk-scsi-disk-vpd-build-error.x86_64-latest.err b/tests/qemuxmlconfdata/disk-scsi-disk-vpd-build-error.x86_64-latest.err
deleted file mode 100644
index f70b7a774f..0000000000
--- a/tests/qemuxmlconfdata/disk-scsi-disk-vpd-build-error.x86_64-latest.err
+++ /dev/null
@@ -1 +0,0 @@
-unsupported configuration: Only scsi disk supports vendor and product
diff --git a/tests/qemuxmlconfdata/disk-scsi-disk-vpd.x86_64-latest.args b/tests/qemuxmlconfdata/disk-scsi-disk-vpd.x86_64-latest.args
index 4234a7e677..1d3aaf3819 100644
--- a/tests/qemuxmlconfdata/disk-scsi-disk-vpd.x86_64-latest.args
+++ b/tests/qemuxmlconfdata/disk-scsi-disk-vpd.x86_64-latest.args
@@ -30,9 +30,9 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-device '{"driver":"virtio-scsi-pci","id":"scsi0","bus":"pci.0","addr":"0x2"}' \
-device '{"driver":"lsi","id":"scsi1","bus":"pci.0","addr":"0x3"}' \
-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-2-storage","read-only":true}' \
--device '{"driver":"scsi-cd","bus":"scsi0.0","channel":0,"scsi-id":0,"lun":0,"device_id":"drive-scsi0-0-0-0","drive":"libvirt-2-storage","id":"scsi0-0-0-0","vendor":"SEAGATE","product":"ST3146707LC"}' \
+-device '{"model":"ST3146707LC","driver":"ide-cd","bus":"ide.0","unit":0,"drive":"libvirt-2-storage","id":"ide0-0-0"}' \
-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest2","node-name":"libvirt-1-storage","read-only":true}' \
--device '{"driver":"scsi-hd","bus":"scsi1.0","scsi-id":0,"device_id":"drive-scsi1-0-0","drive":"libvirt-1-storage","id":"scsi1-0-0","bootindex":1,"vendor":"SEA GATE","product":"ST67 807GD"}' \
+-device '{"product":"ST67 807GD","driver":"scsi-hd","bus":"scsi1.0","scsi-id":0,"device_id":"drive-scsi1-0-0","drive":"libvirt-1-storage","id":"scsi1-0-0","bootindex":1}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-device '{"driver":"virtio-balloon-pci","id":"balloon0","bus":"pci.0","addr":"0x4"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
diff --git a/tests/qemuxmlconfdata/disk-scsi-disk-vpd.x86_64-latest.xml b/tests/qemuxmlconfdata/disk-scsi-disk-vpd.x86_64-latest.xml
index 4b23fbfcfe..39148f6ce7 100644
--- a/tests/qemuxmlconfdata/disk-scsi-disk-vpd.x86_64-latest.xml
+++ b/tests/qemuxmlconfdata/disk-scsi-disk-vpd.x86_64-latest.xml
@@ -20,9 +20,8 @@
<disk type='block' device='cdrom'>
<driver name='qemu' type='raw'/>
<source dev='/dev/HostVG/QEMUGuest1'/>
- <target dev='sda' bus='scsi'/>
+ <target dev='sda' bus='ide'/>
<readonly/>
- <vendor>SEAGATE</vendor>
<product>ST3146707LC</product>
<address type='drive' controller='0' bus='0' target='0' unit='0'/>
</disk>
@@ -31,7 +30,6 @@
<source dev='/dev/HostVG/QEMUGuest2'/>
<target dev='sdb' bus='scsi'/>
<readonly/>
- <vendor>SEA GATE</vendor>
<product>ST67 807GD</product>
<address type='drive' controller='1' bus='0' target='0' unit='0'/>
</disk>
@@ -45,6 +43,9 @@
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</controller>
<controller type='pci' index='0' model='pci-root'/>
+ <controller type='ide' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
+ </controller>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<audio id='1' type='none'/>
diff --git a/tests/qemuxmlconfdata/disk-scsi-disk-vpd.xml b/tests/qemuxmlconfdata/disk-scsi-disk-vpd.xml
index 36dd2a89ba..e3665d3afa 100644
--- a/tests/qemuxmlconfdata/disk-scsi-disk-vpd.xml
+++ b/tests/qemuxmlconfdata/disk-scsi-disk-vpd.xml
@@ -16,9 +16,8 @@
<emulator>/usr/bin/qemu-system-x86_64</emulator>
<disk type='block' device='cdrom'>
<source dev='/dev/HostVG/QEMUGuest1'/>
- <target dev='sda' bus='scsi'/>
+ <target dev='sda' bus='ide'/>
<readonly/>
- <vendor>SEAGATE</vendor>
<product>ST3146707LC</product>
<address type='drive' controller='0' bus='0' target='0' unit='0'/>
</disk>
@@ -26,7 +25,6 @@
<source dev='/dev/HostVG/QEMUGuest2'/>
<target dev='sdb' bus='scsi'/>
<readonly/>
- <vendor>SEA GATE</vendor>
<product>ST67 807GD</product>
<address type='drive' controller='1' bus='0' target='0' unit='0'/>
</disk>
diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
index 21b56dc94e..083b0ab7f6 100644
--- a/tests/qemuxmlconftest.c
+++ b/tests/qemuxmlconftest.c
@@ -1620,7 +1620,8 @@ mymain(void)
DO_TEST_CAPS_LATEST("disk-scsi-disk-split");
DO_TEST_CAPS_LATEST("disk-scsi-disk-wwn");
DO_TEST_CAPS_LATEST("disk-scsi-disk-vpd");
- DO_TEST_CAPS_LATEST_PARSE_ERROR("disk-scsi-disk-vpd-build-error");
+ DO_TEST_CAPS_LATEST_PARSE_ERROR("disk-scsi-disk-vendor-build-error");
+ DO_TEST_CAPS_LATEST_PARSE_ERROR("disk-scsi-disk-product-build-error");
DO_TEST_CAPS_LATEST("controller-virtio-scsi");
DO_TEST_CAPS_LATEST("controller-scsi-auto");
DO_TEST_CAPS_LATEST("disk-sata-device");
--
2.47.0
6 days, 23 hours
[PATCH] docs: Clarify what source and name attributes of TPM profile describe
by Stefan Berger
Clarify what source and name attributes of TPM profile describe and
update the version placeholder to the libvirt version when profiles
were first supported, v10.10. Also mention that profiles with prefix
'custom:' in their name can be modified.
Signed-off-by: Stefan Berger <stefanb(a)linux.vnet.ibm.com>
---
docs/formatdomain.rst | 29 +++++++++++++++++------------
1 file changed, 17 insertions(+), 12 deletions(-)
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 60bee8bd4f..0a56a96ea4 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -8303,27 +8303,32 @@ Example: usage of external TPM emulator :since:`Since 9.0.0`
``profile``
The ``profile`` node is used to set a profile for a TPM 2.0 given in the
- source attribute. This profile will be set when the TPM is initially
- created and after that cannot be changed anymore. Once a profile has been
- set the name attribute will be updated with the name of the profile that
- is running. If no profile is provided, then swtpm will use the latest
- built-in 'default' profile or the default profile set in swtpm_setup.conf.
- Otherwise swtpm_setup will search for a profile with the given name with
- appended .json suffix in a configurable local and then in a distro
- directory. If none could be found in either, it will fall back trying to
- use a built-in one.
+ ``source`` attribute. This attribute describes the name of the file under
+ which the profile is stored, e.g. 'local:restricted' describes a locally
+ created profile with name 'restricted.json' that is found in the directory
+ pointed to by swtpm_setup.conf's local_profiles_dir. This profile will be set
+ when the TPM is initially created and after that the profile cannot be
+ changed anymore. Once a profile has been set, the ``name`` attribute will be
+ updated with the profile's name from its JSON description, for example
+ 'custom:restricted'. If no profile is provided, then swtpm will use the
+ latest built-in 'default' profile or the default profile set in
+ swtpm_setup.conf. Otherwise swtpm_setup will search for a profile with the
+ given name with appended .json suffix in a configurable local and then in a
+ distro directory. If none could be found in either, it will fall back trying
+ to use a built-in one.
The built-in 'null' profile provides backwards compatibility with
libtpms v0.9 but also restricts the user to use only TPM features that were
- available at the time of libtpms v0.9. The built-in 'custom' profile is the
- only profile that a user can modify and where the ``removeDisabled``
+ available at the time of libtpms v0.9. The built-in 'custom' profile, or
+ those with the prefix 'custom:' in the name, are the
+ only profiles that a user can modify and where the ``removeDisabled``
attribute has any effect. This attribute is particularly useful when a host
is running in FIPS mode and therefore some crypto algorithms (camellia,
tdes, unpadded RSA encryption, 1024-bit RSA keys, and others) are
disabled. When it is set to ``check`` (recommended) then only those
algorithms that are currently disabled will automatically be removed from
the 'custom' profile, while when it is set to ``fips-host`` then all
- potentially disabled algorithms will be removed. :since:`Since 10.??.0`
+ potentially disabled algorithms will be removed. :since:`Since 10.10.0`
TPM profiles provided by a distro can be referenced with the 'distro:'
prefix. Locally created TPM profiles can be referenced with the
--
2.47.1
1 week
[PATCH 0/1] RFC: Add Arm CCA support for getting capability information and running Realm VM
by Akio Kakuno
Hi, all.
- This patch adds Arm CCA support to qemu driver for aarch64 system.
CCA is an abbreviation for Arm Confidential Compute Architecture feature,
it enhances the virtualization capabilities of the platform by separating
the management of resources from access to those resources.
- We are not yet at the stage where we can merge this patch as host
linux/qemu suppor is no yet merged, but I would like to receive reviews
and comments on the overall direction.
[summary]
- At this stage, all you can do is getting the CCA capability with
the virsh domcapabilities command and start the CCA VM with the virsh
create command.
- capability info uses qemu QMP to query qemu options. The option that
exists now is for selecting a hash algorithm.
[Capability example]
- Execution results of 'virsh domcapability" on qemu
<domaincapabilities>
...
<features>
...
</sgx>
<cca supported='yes'>
<enum name='measurement-algo'>
<value>sha256</value>
<value>sha512</value>
</enum>
</cca>
<hyperv supported='yes'>
...
</features>
</domaincapabilities>
[XML example]
<domain>
...
<launchsecurity type='cca'>
<measurement-algo>sha256</measurement-algo>
</launchsecurity>
...
</domain>
[limitations/tests]
- To obtain capability info, it is necessary to support the qemu QMP
command, which qemu does not yet support. Therefore, I put a hack in
the code at hand and only confirmed the communication. Also, I think we
should check whether CPUFW supports CCA or not in qemu_firmware.c, but it
is not yet implemented.
- Verified that the CCA VM can be started from virsh create command.
[software version]
- I followed the steps in Linaro's blog below.
https://linaro.atlassian.net/wiki/spaces/QEMU/pages/29051027459/Building+...
- The Qemu used was based on Linaro's qemu(9.1.91).
https://git.codelinaro.org/linaro/dcap/qemu/-/tree/cca/v3?ref_type=heads
Signed-off-by: Akio Kakuno <fj3333bs(a)fujitsu.com>
Best Regards.
Akio Kakuno (1):
RFC: Add Arm CCA support for getting capability information and
running Realm VM
docs/formatdomain.rst | 28 ++++++
docs/formatdomaincaps.rst | 26 ++++-
src/conf/domain_capabilities.c | 41 ++++++++
src/conf/domain_capabilities.h | 12 +++
src/conf/domain_conf.c | 13 +++
src/conf/domain_conf.h | 7 ++
src/conf/schemas/domaincaps.rng | 14 +++
src/conf/schemas/domaincommon.rng | 14 +++
src/conf/virconftypes.h | 2 +
src/libvirt_private.syms | 1 +
src/qemu/qemu_capabilities.c | 156 ++++++++++++++++++++++++++++++
src/qemu/qemu_capabilities.h | 4 +
src/qemu/qemu_cgroup.c | 2 +
src/qemu/qemu_command.c | 32 ++++++
src/qemu/qemu_driver.c | 2 +
src/qemu/qemu_monitor.c | 10 ++
src/qemu/qemu_monitor.h | 3 +
src/qemu/qemu_monitor_json.c | 104 ++++++++++++++++++++
src/qemu/qemu_monitor_json.h | 4 +
src/qemu/qemu_namespace.c | 2 +
src/qemu/qemu_process.c | 4 +
src/qemu/qemu_validate.c | 7 ++
22 files changed, 487 insertions(+), 1 deletion(-)
--
I previously posted this on the 25th, but it appears it didn't reach the mailing list. Apologies for any duplication.
2.34.1
1 week, 3 days