[PATCH 0/2] qemu: prefer GICv3 on TCG ARM VMs
by Heinrich Schuchardt
Emulating ARM machines with more than 8 CPUs requires GICv3.
Currently libvirt defaults to GICv2 on TCG emulated VMs.
This due to a deficiency existing in QEMU in 2017.
There are no issues running virtual machine with
<features>
<gic version='3'/>
</features>
using current QEMU.
Heinrich Schuchardt (2):
tests: use virt-6.2 for aarch64 TCG
qemu: prefer GICv3 on TCG ARM VMs
src/qemu/qemu_postparse.c | 14 -------
...fault-cpu-tcg-virt-4.2.aarch64-latest.args | 36 ----------------
...efault-cpu-tcg-virt-4.2.aarch64-latest.xml | 42 -------------------
.../aarch64-default-cpu-tcg-virt-4.2.xml | 20 ---------
...fault-cpu-tcg-virt-6.2.aarch64-latest.args | 36 ++++++++++++++++
...efault-cpu-tcg-virt-6.2.aarch64-latest.xml | 42 +++++++++++++++++++
.../aarch64-default-cpu-tcg-virt-6.2.xml | 20 +++++++++
.../aarch64-gic-none-tcg.aarch64-latest.args | 2 +-
.../aarch64-gic-none-tcg.aarch64-latest.xml | 2 +-
.../aarch64-pci-serial.aarch64-latest.args | 2 +-
.../aarch64-pci-serial.aarch64-latest.xml | 2 +-
...arch64-traditional-pci.aarch64-latest.args | 2 +-
...aarch64-traditional-pci.aarch64-latest.xml | 2 +-
...aarch64-usb-controller.aarch64-latest.args | 2 +-
.../aarch64-usb-controller.aarch64-latest.xml | 2 +-
.../aarch64-video-default.aarch64-latest.args | 2 +-
.../aarch64-video-default.aarch64-latest.xml | 2 +-
...4-video-virtio-gpu-pci.aarch64-latest.args | 2 +-
...64-video-virtio-gpu-pci.aarch64-latest.xml | 2 +-
...ault-models.aarch64-latest.abi-update.args | 2 +-
...fault-models.aarch64-latest.abi-update.xml | 2 +-
...64-virt-default-models.aarch64-latest.args | 2 +-
...h64-virt-default-models.aarch64-latest.xml | 2 +-
...rch64-virt-default-nic.aarch64-latest.args | 2 +-
...arch64-virt-default-nic.aarch64-latest.xml | 2 +-
.../aarch64-virt-graphics.aarch64-latest.args | 2 +-
.../aarch64-virt-graphics.aarch64-latest.xml | 2 +-
...h64-virt-headless-mmio.aarch64-latest.args | 2 +-
...ch64-virt-headless-mmio.aarch64-latest.xml | 2 +-
.../aarch64-virt-headless.aarch64-latest.args | 2 +-
.../aarch64-virt-headless.aarch64-latest.xml | 2 +-
...irt-minimal.aarch64-latest.abi-update.args | 2 +-
...virt-minimal.aarch64-latest.abi-update.xml | 2 +-
.../aarch64-virt-minimal.aarch64-latest.args | 2 +-
.../aarch64-virt-minimal.aarch64-latest.xml | 2 +-
.../aarch64-virt-virtio.aarch64-latest.args | 2 +-
.../aarch64-virt-virtio.aarch64-latest.xml | 2 +-
...o-pci-manual-addresses.aarch64-latest.args | 2 +-
...io-pci-manual-addresses.aarch64-latest.xml | 2 +-
.../balloon-mmio-deflate.aarch64-latest.args | 2 +-
.../balloon-mmio-deflate.aarch64-latest.xml | 2 +-
.../cpu-topology5.aarch64-latest.args | 2 +-
.../cpu-topology5.aarch64-latest.xml | 2 +-
...efi-aarch64.aarch64-latest.abi-update.args | 2 +-
...-efi-aarch64.aarch64-latest.abi-update.xml | 2 +-
...mware-auto-efi-aarch64.aarch64-latest.args | 2 +-
...rmware-auto-efi-aarch64.aarch64-latest.xml | 2 +-
...-loader-raw.aarch64-latest.abi-update.args | 2 +-
...t-loader-raw.aarch64-latest.abi-update.xml | 2 +-
...-efi-format-loader-raw.aarch64-latest.args | 2 +-
...o-efi-format-loader-raw.aarch64-latest.xml | 2 +-
...i-aarch64-legacy-paths.aarch64-latest.args | 2 +-
...fi-aarch64-legacy-paths.aarch64-latest.xml | 2 +-
...anual-efi-acpi-aarch64.aarch64-latest.args | 2 +-
...manual-efi-acpi-aarch64.aarch64-latest.xml | 2 +-
...ual-efi-noacpi-aarch64.aarch64-latest.args | 2 +-
...nual-efi-noacpi-aarch64.aarch64-latest.xml | 2 +-
...l-noefi-noacpi-aarch64.aarch64-latest.args | 2 +-
...al-noefi-noacpi-aarch64.aarch64-latest.xml | 2 +-
.../iommu-smmuv3.aarch64-latest.args | 2 +-
.../iommu-smmuv3.aarch64-latest.xml | 2 +-
...ch-virt-console-native.aarch64-latest.args | 2 +-
...ach-virt-console-native.aarch64-latest.xml | 2 +-
...ch-virt-console-virtio.aarch64-latest.args | 2 +-
...ach-virt-console-virtio.aarch64-latest.xml | 2 +-
...-serial+console-native.aarch64-latest.args | 2 +-
...t-serial+console-native.aarch64-latest.xml | 2 +-
...ach-virt-serial-compat.aarch64-latest.args | 2 +-
...mach-virt-serial-compat.aarch64-latest.xml | 2 +-
...ach-virt-serial-native.aarch64-latest.args | 2 +-
...mach-virt-serial-native.aarch64-latest.xml | 2 +-
.../mach-virt-serial-pci.aarch64-latest.args | 2 +-
.../mach-virt-serial-pci.aarch64-latest.xml | 2 +-
.../mach-virt-serial-usb.aarch64-latest.args | 2 +-
.../mach-virt-serial-usb.aarch64-latest.xml | 2 +-
...e-expander-bus-aarch64.aarch64-latest.args | 2 +-
...ie-expander-bus-aarch64.aarch64-latest.xml | 2 +-
.../pcihole64-virt.aarch64-latest.args | 2 +-
.../pcihole64-virt.aarch64-latest.xml | 2 +-
.../pvpanic-pci-aarch64.aarch64-latest.args | 2 +-
.../pvpanic-pci-aarch64.aarch64-latest.xml | 2 +-
...pci-no-address-aarch64.aarch64-latest.args | 2 +-
...-pci-no-address-aarch64.aarch64-latest.xml | 2 +-
.../virtio-iommu-aarch64.aarch64-latest.args | 2 +-
.../virtio-iommu-aarch64.aarch64-latest.xml | 2 +-
tests/qemuxmlconftest.c | 2 +-
86 files changed, 177 insertions(+), 191 deletions(-)
delete mode 100644 tests/qemuxmlconfdata/aarch64-default-cpu-tcg-virt-4.2.aarch64-latest.args
delete mode 100644 tests/qemuxmlconfdata/aarch64-default-cpu-tcg-virt-4.2.aarch64-latest.xml
delete mode 100644 tests/qemuxmlconfdata/aarch64-default-cpu-tcg-virt-4.2.xml
create mode 100644 tests/qemuxmlconfdata/aarch64-default-cpu-tcg-virt-6.2.aarch64-latest.args
create mode 100644 tests/qemuxmlconfdata/aarch64-default-cpu-tcg-virt-6.2.aarch64-latest.xml
create mode 100644 tests/qemuxmlconfdata/aarch64-default-cpu-tcg-virt-6.2.xml
--
2.48.1
1 month, 1 week
[PATCH 0/1] cpu_map: fix vmx-* features wrong bitmaps
by Hector Cao
Hello,
I'm unable to make virsh capabilities to detect the right CPU model
on an Intel Granite Rapids platform. I would expect the get the
CPU model defined in one of the src/cpu_map/x86_GraniteRapids*.xml
files.
The cause of the wrong detection is the fact that some vmx-* are
not correctly detected and considered missing on this platform.
When I take a look at the src/cpu_map/x86_features.xml file, I
think that some of the vmx-* are wrongly defined.
Taking as an example the vmx-apicv-xapic feature, it is defined as
the first bit in the EAX register when we read the MSR 0x0000048b .
But in Intel specification, this feature is represented as the first
bit in the EDX register (32 higher bits).
You can find in this submission the patch that fixes this issue,
and this for all the affected MSRs.
I tested this fix on my Granite Rapids platform and the CPU model
is now correctly detected.
Hector Cao (1):
cpu_map: fix vmx-* features wrong bitmaps
src/cpu_map/x86_features.xml | 136 +++++++++++++++++------------------
1 file changed, 68 insertions(+), 68 deletions(-)
--
2.45.2
1 month, 1 week
[PATCH] cpu_map: Add more -noTSX x86 CPU models (Sapphire and Granite rapids)
by Hector Cao
Several Intel CPU models with TSX technology (HLE & RTM features) are
affected by the vulnerability TAA[1]. One of the mitigation methods
for TAA is to disable TSX support on the host system. For that purpose,
in 2021, Intel published a microcode update to disable TSX. Linux kernel
also disables TSX globally by default. Even though TSX can be activated via
the kernel command line (tsx=on), many Linux distributions stick with
this default behavior and have TSX disabled. This makes existing CPU
models that have HLE and RTM enabled not correctly detected by
libvirt.
This commit adds 2 remaining -noTSX models:
- SapphireRapids-noTSX
- GraniteRapids-noTSX
Hopefully, this is the last effort on adding noTSX variants since
Granite Rapids should be the last CPU model to have the TSX feature
and is consequently affected by TAA. Indeed, SierraForest does not
have RTM and HLE enabled.
References:
[1] TAA, TSX asynchronous Abort:
https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/tsx_async_abor...
---
src/cpu_map/index.xml | 2 +
src/cpu_map/meson.build | 2 +
src/cpu_map/x86_GraniteRapids-noTSX.xml | 197 +++++++++++++++++++++++
src/cpu_map/x86_SapphireRapids-noTSX.xml | 190 ++++++++++++++++++++++
4 files changed, 391 insertions(+)
create mode 100644 src/cpu_map/x86_GraniteRapids-noTSX.xml
create mode 100644 src/cpu_map/x86_SapphireRapids-noTSX.xml
diff --git a/src/cpu_map/index.xml b/src/cpu_map/index.xml
index 87db338cee..03a2c73ba5 100644
--- a/src/cpu_map/index.xml
+++ b/src/cpu_map/index.xml
@@ -116,10 +116,12 @@
<include filename='x86_Snowridge-v3.xml'/>
<include filename='x86_Snowridge-v4.xml'/>
<include filename='x86_SapphireRapids.xml'/>
+ <include filename='x86_SapphireRapids-noTSX.xml'/>
<include filename='x86_SapphireRapids-v1.xml'/>
<include filename='x86_SapphireRapids-v2.xml'/>
<include filename='x86_SapphireRapids-v3.xml'/>
<include filename='x86_GraniteRapids.xml'/>
+ <include filename='x86_GraniteRapids-noTSX.xml'/>
<include filename='x86_GraniteRapids-v1.xml'/>
<include filename='x86_GraniteRapids-v2.xml'/>
<include filename='x86_SierraForest.xml'/>
diff --git a/src/cpu_map/meson.build b/src/cpu_map/meson.build
index dee8441a13..414cad7352 100644
--- a/src/cpu_map/meson.build
+++ b/src/cpu_map/meson.build
@@ -80,6 +80,7 @@ cpumap_data = [
'x86_features.xml',
'x86_GraniteRapids-v1.xml',
'x86_GraniteRapids-v2.xml',
+ 'x86_GraniteRapids-noTSX.xml',
'x86_GraniteRapids.xml',
'x86_Haswell-IBRS.xml',
'x86_Haswell-noTSX-IBRS.xml',
@@ -148,6 +149,7 @@ cpumap_data = [
'x86_SapphireRapids-v1.xml',
'x86_SapphireRapids-v2.xml',
'x86_SapphireRapids-v3.xml',
+ 'x86_SapphireRapids-noTSX.xml',
'x86_SapphireRapids.xml',
'x86_SierraForest-v1.xml',
'x86_SierraForest.xml',
diff --git a/src/cpu_map/x86_GraniteRapids-noTSX.xml b/src/cpu_map/x86_GraniteRapids-noTSX.xml
new file mode 100644
index 0000000000..085b012f83
--- /dev/null
+++ b/src/cpu_map/x86_GraniteRapids-noTSX.xml
@@ -0,0 +1,197 @@
+<cpus>
+ <model name='GraniteRapids-noTSX'>
+ <check partial='compat'/>
+ <decode host='on' guest='off'/>
+ <signature family='6' model='173'/>
+ <vendor name='Intel'/>
+ <feature name='3dnowprefetch'/>
+ <feature name='abm'/>
+ <feature name='adx'/>
+ <feature name='aes'/>
+ <feature name='amx-bf16'/>
+ <feature name='amx-fp16'/>
+ <feature name='amx-int8'/>
+ <feature name='amx-tile'/>
+ <feature name='apic'/>
+ <feature name='arat'/>
+ <feature name='arch-capabilities'/>
+ <feature name='avx'/>
+ <feature name='avx-vnni'/>
+ <feature name='avx2'/>
+ <feature name='avx512-bf16'/>
+ <feature name='avx512-fp16'/>
+ <feature name='avx512-vpopcntdq'/>
+ <feature name='avx512bitalg'/>
+ <feature name='avx512bw'/>
+ <feature name='avx512cd'/>
+ <feature name='avx512dq'/>
+ <feature name='avx512f'/>
+ <feature name='avx512ifma'/>
+ <feature name='avx512vbmi'/>
+ <feature name='avx512vbmi2'/>
+ <feature name='avx512vl'/>
+ <feature name='avx512vnni'/>
+ <feature name='bmi1'/>
+ <feature name='bmi2'/>
+ <feature name='bus-lock-detect'/>
+ <feature name='clflush'/>
+ <feature name='clflushopt'/>
+ <feature name='clwb'/>
+ <feature name='cmov'/>
+ <feature name='cx16'/>
+ <feature name='cx8'/>
+ <feature name='de'/>
+ <feature name='erms'/>
+ <feature name='f16c'/>
+ <feature name='fbsdp-no'/>
+ <feature name='fma'/>
+ <feature name='fpu'/>
+ <feature name='fsgsbase'/>
+ <feature name='fsrc'/>
+ <feature name='fsrm'/>
+ <feature name='fsrs'/>
+ <feature name='fxsr'/>
+ <feature name='fzrm'/>
+ <feature name='gfni'/>
+ <feature name='ibrs-all'/>
+ <feature name='invpcid'/>
+ <feature name='la57'/>
+ <feature name='lahf_lm'/>
+ <feature name='lm'/>
+ <feature name='mca'/>
+ <feature name='mcdt-no'/>
+ <feature name='mce'/>
+ <feature name='mds-no'/>
+ <feature name='mmx'/>
+ <feature name='movbe'/>
+ <feature name='msr'/>
+ <feature name='mtrr'/>
+ <feature name='nx'/>
+ <feature name='pae'/>
+ <feature name='pat'/>
+ <feature name='pbrsb-no'/>
+ <feature name='pcid'/>
+ <feature name='pclmuldq'/>
+ <feature name='pdpe1gb'/>
+ <feature name='pge'/>
+ <feature name='pku'/>
+ <feature name='pni'/>
+ <feature name='popcnt'/>
+ <feature name='prefetchiti'/>
+ <feature name='pschange-mc-no'/>
+ <feature name='psdp-no'/>
+ <feature name='pse'/>
+ <feature name='pse36'/>
+ <feature name='rdctl-no'/>
+ <feature name='rdpid'/>
+ <feature name='rdrand'/>
+ <feature name='rdseed'/>
+ <feature name='rdtscp'/>
+ <feature name='sbdr-ssdp-no'/>
+ <feature name='sep'/>
+ <feature name='serialize'/>
+ <feature name='sha-ni'/>
+ <feature name='skip-l1dfl-vmentry'/>
+ <feature name='smap'/>
+ <feature name='smep'/>
+ <feature name='spec-ctrl'/>
+ <feature name='ssbd'/>
+ <feature name='sse'/>
+ <feature name='sse2'/>
+ <feature name='sse4.1'/>
+ <feature name='sse4.2'/>
+ <feature name='ssse3'/>
+ <feature name='syscall'/>
+ <feature name='taa-no'/>
+ <feature name='tsc'/>
+ <feature name='tsc-deadline'/>
+ <feature name='tsx-ldtrk'/>
+ <feature name='umip'/>
+ <feature name='vaes'/>
+ <feature name='vme'/>
+ <feature name='vmx-activity-hlt'/>
+ <feature name='vmx-apicv-register'/>
+ <feature name='vmx-apicv-vid'/>
+ <feature name='vmx-apicv-x2apic'/>
+ <feature name='vmx-apicv-xapic'/>
+ <feature name='vmx-cr3-load-noexit'/>
+ <feature name='vmx-cr3-store-noexit'/>
+ <feature name='vmx-cr8-load-exit'/>
+ <feature name='vmx-cr8-store-exit'/>
+ <feature name='vmx-desc-exit'/>
+ <feature name='vmx-entry-ia32e-mode'/>
+ <feature name='vmx-entry-load-efer'/>
+ <feature name='vmx-entry-load-pat'/>
+ <feature name='vmx-entry-load-perf-global-ctrl'/>
+ <feature name='vmx-entry-noload-debugctl'/>
+ <feature name='vmx-ept'/>
+ <feature name='vmx-ept-1gb'/>
+ <feature name='vmx-ept-2mb'/>
+ <feature name='vmx-ept-execonly'/>
+ <feature name='vmx-eptad'/>
+ <feature name='vmx-eptp-switching'/>
+ <feature name='vmx-exit-ack-intr'/>
+ <feature name='vmx-exit-load-efer'/>
+ <feature name='vmx-exit-load-pat'/>
+ <feature name='vmx-exit-load-perf-global-ctrl'/>
+ <feature name='vmx-exit-nosave-debugctl'/>
+ <feature name='vmx-exit-save-efer'/>
+ <feature name='vmx-exit-save-pat'/>
+ <feature name='vmx-exit-save-preemption-timer'/>
+ <feature name='vmx-flexpriority'/>
+ <feature name='vmx-hlt-exit'/>
+ <feature name='vmx-ins-outs'/>
+ <feature name='vmx-intr-exit'/>
+ <feature name='vmx-invept'/>
+ <feature name='vmx-invept-all-context'/>
+ <feature name='vmx-invept-single-context'/>
+ <feature name='vmx-invlpg-exit'/>
+ <feature name='vmx-invpcid-exit'/>
+ <feature name='vmx-invvpid'/>
+ <feature name='vmx-invvpid-all-context'/>
+ <feature name='vmx-invvpid-single-addr'/>
+ <feature name='vmx-invvpid-single-context-noglobals'/>
+ <feature name='vmx-io-bitmap'/>
+ <feature name='vmx-io-exit'/>
+ <feature name='vmx-monitor-exit'/>
+ <feature name='vmx-movdr-exit'/>
+ <feature name='vmx-msr-bitmap'/>
+ <feature name='vmx-mtf'/>
+ <feature name='vmx-mwait-exit'/>
+ <feature name='vmx-nmi-exit'/>
+ <feature name='vmx-page-walk-4'/>
+ <feature name='vmx-page-walk-5'/>
+ <feature name='vmx-pause-exit'/>
+ <feature name='vmx-pml'/>
+ <feature name='vmx-posted-intr'/>
+ <feature name='vmx-preemption-timer'/>
+ <feature name='vmx-rdpmc-exit'/>
+ <feature name='vmx-rdrand-exit'/>
+ <feature name='vmx-rdseed-exit'/>
+ <feature name='vmx-rdtsc-exit'/>
+ <feature name='vmx-rdtscp-exit'/>
+ <feature name='vmx-secondary-ctls'/>
+ <feature name='vmx-shadow-vmcs'/>
+ <feature name='vmx-store-lma'/>
+ <feature name='vmx-true-ctls'/>
+ <feature name='vmx-tsc-offset'/>
+ <feature name='vmx-unrestricted-guest'/>
+ <feature name='vmx-vintr-pending'/>
+ <feature name='vmx-vmfunc'/>
+ <feature name='vmx-vmwrite-vmexit-fields'/>
+ <feature name='vmx-vnmi'/>
+ <feature name='vmx-vnmi-pending'/>
+ <feature name='vmx-vpid'/>
+ <feature name='vmx-wbinvd-exit'/>
+ <feature name='vmx-xsaves'/>
+ <feature name='vpclmulqdq'/>
+ <feature name='wbnoinvd'/>
+ <feature name='x2apic'/>
+ <feature name='xfd'/>
+ <feature name='xgetbv1'/>
+ <feature name='xsave'/>
+ <feature name='xsavec'/>
+ <feature name='xsaveopt'/>
+ <feature name='xsaves'/>
+ </model>
+</cpus>
diff --git a/src/cpu_map/x86_SapphireRapids-noTSX.xml b/src/cpu_map/x86_SapphireRapids-noTSX.xml
new file mode 100644
index 0000000000..de56826741
--- /dev/null
+++ b/src/cpu_map/x86_SapphireRapids-noTSX.xml
@@ -0,0 +1,190 @@
+<cpus>
+ <model name='SapphireRapids-noTSX'>
+ <check partial='compat'/>
+ <decode host='on' guest='off'/>
+ <signature family='6' model='143'/>
+ <vendor name='Intel'/>
+ <feature name='3dnowprefetch'/>
+ <feature name='abm'/>
+ <feature name='adx'/>
+ <feature name='aes'/>
+ <feature name='amx-bf16'/>
+ <feature name='amx-int8'/>
+ <feature name='amx-tile'/>
+ <feature name='apic'/>
+ <feature name='arat'/>
+ <feature name='arch-capabilities'/>
+ <feature name='avx'/>
+ <feature name='avx-vnni'/>
+ <feature name='avx2'/>
+ <feature name='avx512-bf16'/>
+ <feature name='avx512-fp16'/>
+ <feature name='avx512-vpopcntdq'/>
+ <feature name='avx512bitalg'/>
+ <feature name='avx512bw'/>
+ <feature name='avx512cd'/>
+ <feature name='avx512dq'/>
+ <feature name='avx512f'/>
+ <feature name='avx512ifma'/>
+ <feature name='avx512vbmi'/>
+ <feature name='avx512vbmi2'/>
+ <feature name='avx512vl'/>
+ <feature name='avx512vnni'/>
+ <feature name='bmi1'/>
+ <feature name='bmi2'/>
+ <feature name='bus-lock-detect'/>
+ <feature name='clflush'/>
+ <feature name='clflushopt'/>
+ <feature name='clwb'/>
+ <feature name='cmov'/>
+ <feature name='cx16'/>
+ <feature name='cx8'/>
+ <feature name='de'/>
+ <feature name='erms'/>
+ <feature name='f16c'/>
+ <feature name='fma'/>
+ <feature name='fpu'/>
+ <feature name='fsgsbase'/>
+ <feature name='fsrc'/>
+ <feature name='fsrm'/>
+ <feature name='fsrs'/>
+ <feature name='fxsr'/>
+ <feature name='fzrm'/>
+ <feature name='gfni'/>
+ <feature name='ibrs-all'/>
+ <feature name='invpcid'/>
+ <feature name='la57'/>
+ <feature name='lahf_lm'/>
+ <feature name='lm'/>
+ <feature name='mca'/>
+ <feature name='mce'/>
+ <feature name='mds-no'/>
+ <feature name='mmx'/>
+ <feature name='movbe'/>
+ <feature name='msr'/>
+ <feature name='mtrr'/>
+ <feature name='nx'/>
+ <feature name='pae'/>
+ <feature name='pat'/>
+ <feature name='pcid'/>
+ <feature name='pclmuldq'/>
+ <feature name='pdpe1gb'/>
+ <feature name='pge'/>
+ <feature name='pku'/>
+ <feature name='pni'/>
+ <feature name='popcnt'/>
+ <feature name='pschange-mc-no'/>
+ <feature name='pse'/>
+ <feature name='pse36'/>
+ <feature name='rdctl-no'/>
+ <feature name='rdpid'/>
+ <feature name='rdrand'/>
+ <feature name='rdseed'/>
+ <feature name='rdtscp'/>
+ <feature name='sep'/>
+ <feature name='serialize'/>
+ <feature name='sha-ni'/>
+ <feature name='skip-l1dfl-vmentry'/>
+ <feature name='smap'/>
+ <feature name='smep'/>
+ <feature name='spec-ctrl'/>
+ <feature name='ssbd'/>
+ <feature name='sse'/>
+ <feature name='sse2'/>
+ <feature name='sse4.1'/>
+ <feature name='sse4.2'/>
+ <feature name='ssse3'/>
+ <feature name='syscall'/>
+ <feature name='taa-no'/>
+ <feature name='tsc'/>
+ <feature name='tsc-deadline'/>
+ <feature name='tsx-ldtrk'/>
+ <feature name='umip'/>
+ <feature name='vaes'/>
+ <feature name='vme'/>
+ <feature name='vmx-activity-hlt' added='yes'/>
+ <feature name='vmx-apicv-register' added='yes'/>
+ <feature name='vmx-apicv-vid' added='yes'/>
+ <feature name='vmx-apicv-x2apic' added='yes'/>
+ <feature name='vmx-apicv-xapic' added='yes'/>
+ <feature name='vmx-cr3-load-noexit' added='yes'/>
+ <feature name='vmx-cr3-store-noexit' added='yes'/>
+ <feature name='vmx-cr8-load-exit' added='yes'/>
+ <feature name='vmx-cr8-store-exit' added='yes'/>
+ <feature name='vmx-desc-exit' added='yes'/>
+ <feature name='vmx-entry-ia32e-mode' added='yes'/>
+ <feature name='vmx-entry-load-efer' added='yes'/>
+ <feature name='vmx-entry-load-pat' added='yes'/>
+ <feature name='vmx-entry-load-perf-global-ctrl' added='yes'/>
+ <feature name='vmx-entry-noload-debugctl' added='yes'/>
+ <feature name='vmx-ept' added='yes'/>
+ <feature name='vmx-ept-1gb' added='yes'/>
+ <feature name='vmx-ept-2mb' added='yes'/>
+ <feature name='vmx-ept-execonly' added='yes'/>
+ <feature name='vmx-eptad' added='yes'/>
+ <feature name='vmx-eptp-switching' added='yes'/>
+ <feature name='vmx-exit-ack-intr' added='yes'/>
+ <feature name='vmx-exit-load-efer' added='yes'/>
+ <feature name='vmx-exit-load-pat' added='yes'/>
+ <feature name='vmx-exit-load-perf-global-ctrl' added='yes'/>
+ <feature name='vmx-exit-nosave-debugctl' added='yes'/>
+ <feature name='vmx-exit-save-efer' added='yes'/>
+ <feature name='vmx-exit-save-pat' added='yes'/>
+ <feature name='vmx-exit-save-preemption-timer' added='yes'/>
+ <feature name='vmx-flexpriority' added='yes'/>
+ <feature name='vmx-hlt-exit' added='yes'/>
+ <feature name='vmx-ins-outs' added='yes'/>
+ <feature name='vmx-intr-exit' added='yes'/>
+ <feature name='vmx-invept' added='yes'/>
+ <feature name='vmx-invept-all-context' added='yes'/>
+ <feature name='vmx-invept-single-context' added='yes'/>
+ <feature name='vmx-invlpg-exit' added='yes'/>
+ <feature name='vmx-invpcid-exit' added='yes'/>
+ <feature name='vmx-invvpid' added='yes'/>
+ <feature name='vmx-invvpid-all-context' added='yes'/>
+ <feature name='vmx-invvpid-single-addr' added='yes'/>
+ <feature name='vmx-invvpid-single-context-noglobals' added='yes'/>
+ <feature name='vmx-io-bitmap' added='yes'/>
+ <feature name='vmx-io-exit' added='yes'/>
+ <feature name='vmx-monitor-exit' added='yes'/>
+ <feature name='vmx-movdr-exit' added='yes'/>
+ <feature name='vmx-msr-bitmap' added='yes'/>
+ <feature name='vmx-mtf' added='yes'/>
+ <feature name='vmx-mwait-exit' added='yes'/>
+ <feature name='vmx-nmi-exit' added='yes'/>
+ <feature name='vmx-page-walk-4' added='yes'/>
+ <feature name='vmx-page-walk-5' added='yes'/>
+ <feature name='vmx-pause-exit' added='yes'/>
+ <feature name='vmx-pml' added='yes'/>
+ <feature name='vmx-posted-intr' added='yes'/>
+ <feature name='vmx-preemption-timer' added='yes'/>
+ <feature name='vmx-rdpmc-exit' added='yes'/>
+ <feature name='vmx-rdrand-exit' added='yes'/>
+ <feature name='vmx-rdseed-exit' added='yes'/>
+ <feature name='vmx-rdtsc-exit' added='yes'/>
+ <feature name='vmx-rdtscp-exit' added='yes'/>
+ <feature name='vmx-secondary-ctls' added='yes'/>
+ <feature name='vmx-shadow-vmcs' added='yes'/>
+ <feature name='vmx-store-lma' added='yes'/>
+ <feature name='vmx-true-ctls' added='yes'/>
+ <feature name='vmx-tsc-offset' added='yes'/>
+ <feature name='vmx-unrestricted-guest' added='yes'/>
+ <feature name='vmx-vintr-pending' added='yes'/>
+ <feature name='vmx-vmfunc' added='yes'/>
+ <feature name='vmx-vmwrite-vmexit-fields' added='yes'/>
+ <feature name='vmx-vnmi' added='yes'/>
+ <feature name='vmx-vnmi-pending' added='yes'/>
+ <feature name='vmx-vpid' added='yes'/>
+ <feature name='vmx-wbinvd-exit' added='yes'/>
+ <feature name='vmx-xsaves' added='yes'/>
+ <feature name='vpclmulqdq'/>
+ <feature name='wbnoinvd'/>
+ <feature name='x2apic'/>
+ <feature name='xfd'/>
+ <feature name='xgetbv1'/>
+ <feature name='xsave'/>
+ <feature name='xsavec'/>
+ <feature name='xsaveopt'/>
+ <feature name='xsaves'/>
+ </model>
+</cpus>
--
2.45.2
1 month, 1 week
[PATCH] security_manager: Don't leak seclabel in virSecurityManagerGenLabel()
by Michal Privoznik
From: Michal Privoznik <mprivozn(a)redhat.com>
When a domain is being started, seclabels are generated for it.
This is handled in virSecurityManagerGenLabel() which can either
find pre-existing seclabel in domain def or generate a new one.
At any rate, domainGenSecurityLabel() callback is called and if
it fails then the seclabel is removed from domain definition
using VIR_DELETE_ELEMENT(). While this shrinks down the seclabels
array, it does not free individual item. It has to be freed
manually.
80 bytes in 2 blocks are definitely lost in loss record 1,359 of 1,876
at 0x484CEF3: calloc (vg_replace_malloc.c:1675)
by 0x4F19B29: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.8200.5)
by 0x49E4953: virSecurityLabelDefNew (virseclabel.c:59)
by 0x4BDE0A4: virSecurityManagerGenLabel (security_manager.c:638)
by 0xBA029B7: qemuProcessPrepareDomain (qemu_process.c:6760)
by 0xBA07DF2: qemuProcessStart (qemu_process.c:8369)
by 0xB93DAC0: qemuDomainObjStart (qemu_driver.c:6371)
by 0xB93DE08: qemuDomainCreateWithFlags (qemu_driver.c:6420)
by 0xB93DE86: qemuDomainCreate (qemu_driver.c:6438)
by 0x4CECEA8: virDomainCreate (libvirt-domain.c:7142)
Now, you might think this may lead to a double free, because
@seclabel is freed under the 'cleanup' label (if @generated is
true). But if @generated is true, then just before calling the
callback there's VIR_APPEND_ELEMENT() which clears @seclabel out
turning the free under 'cleanup' label into a NOP.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/security/security_manager.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index c2460eae37..5fc4eb4872 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -669,9 +669,14 @@ virSecurityManagerGenLabel(virSecurityManager *mgr,
VIR_APPEND_ELEMENT(vm->seclabels, vm->nseclabels, seclabel);
if (sec_managers[i]->drv->domainGenSecurityLabel(sec_managers[i], vm) < 0) {
+ virSecurityLabelDef *tmp = vm->seclabels[vm->nseclabels - 1];
+
if (VIR_DELETE_ELEMENT(vm->seclabels,
- vm->nseclabels -1, vm->nseclabels) < 0)
+ vm->nseclabels - 1, vm->nseclabels) < 0) {
vm->nseclabels--;
+ }
+
+ virSecurityLabelDefFree(tmp);
goto cleanup;
}
--
2.49.0
1 month, 1 week
Plans for 11.5.0 release (freeze on 2025-06-24)
by Jiri Denemark
We are getting close to 11.5.0 release of libvirt. To aim for the
release on Tuesday 01 Jul I suggest entering the freeze on Tuesday 24
Jun and tagging RC2 on Friday 27 Jun.
I hope this works for everyone.
Jirka
1 month, 1 week
[PATCH] virSocketAddrPrefixToNetmask: Prevent undefined behaviour on bitshifts on signed integer
by Peter Krempa
From: Peter Krempa <pkrempa(a)redhat.com>
Shifting bits into the sign bit is undefined behaviour in C although
both gcc and clang handle it as expected.
Since the value is used as unsigned convert it to unsigned int. For code
readability use 'if' statement instead of a ternary.
Closes: https://gitlab.com/libvirt/libvirt/-/issues/785
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
src/util/virsocketaddr.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/util/virsocketaddr.c b/src/util/virsocketaddr.c
index a2e6701670..f53768878e 100644
--- a/src/util/virsocketaddr.c
+++ b/src/util/virsocketaddr.c
@@ -1144,12 +1144,14 @@ virSocketAddrPrefixToNetmask(unsigned int prefix,
netmask->data.stor.ss_family = AF_UNSPEC; /* assume failure */
if (family == AF_INET) {
- int ip;
+ unsigned int ip = 0;
if (prefix > 32)
return -1;
- ip = prefix ? ~((1 << (32 - prefix)) - 1) : 0;
+ if (prefix > 0)
+ ip = ~((1U << (32 - prefix)) - 1);
+
netmask->data.inet4.sin_addr.s_addr = htonl(ip);
netmask->data.stor.ss_family = AF_INET;
netmask->len = sizeof(struct sockaddr_in);
--
2.49.0
1 month, 1 week
[PATCH] qemu: Be more forgiving when acquiring QUERY job when formatting domain XML
by Michal Privoznik
From: Michal Privoznik <mprivozn(a)redhat.com>
In my previous commit of v11.0.0-rc1~115 I've made QEMU driver
implementation for virDomainGetXMLDesc() (qemuDomainGetXMLDesc())
acquire QERY job. See its commit message for more info. But this
unfortunately broke apps witch fetch domain XML for incoming
migration (like virt-manager). The reason is that for incoming
migration the VIR_ASYNC_JOB_MIGRATION_IN async job is set, but
the mask of allowed synchronous jobs is empty (because QEMU can't
talk on monitor really). This makes virDomainObjBeginJob() fail
which in turn makes qemuDomainGetXMLDesc() fail too.
It makes sense for qemuDomainGetXMLDesc() to acquire the job
(e.g. so that it's coherent with another thread that might be in
the middle of a MODIFY job). But failure to dump XML may be
treated as broken daemon (e.g. virt-manager does so).
Therefore, still try to acquire the QUERY job (if job mask
permits it) but, do not treat failure as an error.
Fixes: 6cc93bf28842526be2fd596a607ebca796b7fb2e
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2369243
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/qemu_driver.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index b3b0ee66f8..9b583ad7aa 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -6182,6 +6182,7 @@ static char
{
virQEMUDriver *driver = dom->conn->privateData;
virDomainObj *vm;
+ bool hasJob = false;
char *ret = NULL;
virCheckFlags(VIR_DOMAIN_XML_COMMON_FLAGS | VIR_DOMAIN_XML_UPDATE_CPU,
@@ -6193,8 +6194,10 @@ static char
if (virDomainGetXMLDescEnsureACL(dom->conn, vm->def, flags) < 0)
goto cleanup;
- if (virDomainObjBeginJob(vm, VIR_JOB_QUERY) < 0)
- goto cleanup;
+ if (virDomainNestedJobAllowed(vm->job, VIR_JOB_QUERY) &&
+ virDomainObjBeginJob(vm, VIR_JOB_QUERY) >= 0) {
+ hasJob = true;
+ }
qemuDomainUpdateCurrentMemorySize(vm);
@@ -6210,7 +6213,8 @@ static char
ret = qemuDomainFormatXML(driver, vm, flags);
- virDomainObjEndJob(vm);
+ if (hasJob)
+ virDomainObjEndJob(vm);
cleanup:
virDomainObjEndAPI(&vm);
--
2.49.0
1 month, 1 week
[PATCH 0/6] Various fixes and cleanups
by Peter Krempa
A collection of random one-off fixes for issues where the root cause was
analyzed by the reporter and cleanups that I've recently accumulated.
Peter Krempa (6):
storage_file_probe: Use named initializer for 'struct FileTypeInfo'
virQEMUCapsFindBinary: Refactor local variables
virshPrintJobProgress: Don't rewrite migration status line on
non-terminals
storage: parthelper: Use if/else instead of ternary operator
storage: disk: Properly handle partition numbers separated by 'p'
tlscert: Don't force 'keyEncipherment' for ECDSA and ECDH
src/qemu/qemu_capabilities.c | 9 +-
src/rpc/virnettlscert.c | 33 +++--
src/storage/parthelper.c | 7 +-
src/storage/storage_backend_disk.c | 9 +-
src/storage_file/storage_file_probe.c | 174 ++++++++++++++++++--------
tools/virsh-domain.c | 13 +-
6 files changed, 165 insertions(+), 80 deletions(-)
--
2.49.0
1 month, 1 week
Re: [PATCH v4 00/27] hw/i386/pc: Remove deprecated 2.6 and 2.7 PC
machines
by Igor Mammedov
On Thu, 8 May 2025 15:35:23 +0200
Philippe Mathieu-Daudé <philmd(a)linaro.org> wrote:
> Since v3:
> - Addressed Thomas and Zhao review comments
> - Rename fw_cfg_init_mem_[no]dma() helpers
> - Remove unused CPU properties
> - Remove {multi,linux}boot.bin
> - Added R-b tags
>
> Since v2:
> - Addressed Mark review comments and added his R-b tags
>
> The versioned 'pc' and 'q35' machines up to 2.12 been marked
> as deprecated two releases ago, and are older than 6 years,
> so according to our support policy we can remove them.
>
> This series only includes the 2.6 and 2.7 machines removal,
> as it is a big enough number of LoC removed. Rest will
> follow.
CCing libvirt folks
series removes some properties that has been used as compat
knobs with 2.6/2.7 machine types that are being removed.
However libvirt might still use them,
please check if being removed properties are safe to remove
as is | should be deprecated 1st | should be left alone
from an immediate user perspective.
>
> Based-on: <20250506143905.4961-1-philmd(a)linaro.org>
>
[...]
1 month, 1 week
SEO website
by nokores231@finfave.com
SEO website brings you the best free porn in incredible quality and variety for your satisfaction. The web is very useful if you are looking for lesbian porn, Asian porn, or beautiful Indian girls. It is a website that has a lot of potentials and that you should visit to enjoy the best porn online.
https://www.freebestpost.com/escorts/assortlist-com~2022_02~15
1 month, 2 weeks
