On 1/23/19 6:42 AM, Pavel Hrdina wrote:
On Wed, Jan 23, 2019 at 10:08:31AM +0100, Andrea Bolognani wrote:
> On Tue, 2019-01-22 at 12:46 -0500, John Ferlan wrote:
>> Regenerate the output from the QEMU v3.0.0 tag using
>>
>> ./configure --target-list=x86_64-softmmu \
>> --disable-strip \
>> --disable-fdt \
>> --disable-xen \
>> --disable-werror \
>> --enable-debug \
>> --enable-system \
>> --enable-user \
>> --enable-linux-user \
>> --with-pkgversion=v3.0.0
>>
>> NB: I had to fudge in the qemu-sev-capabilities output from
>> commit d4005609f3 (not sure if there's a specific package
>> to allow it just from build).
>
> While I very much appreciate the effort and agree it's something
> that we should do, you can't just mix and match replies like that,
> otherwise you'll end up with nonsensical results such as...
In addition do we really need to change the CPU part of replies every
time someone wants to update capabilities? It creates unnecessary
noise and in some cases it might remove some advanced features because
the capabilities were generated on Server CPU.
True. Of course results are dependent upon who runs them and on what
hardware they run them on and of course how the target QEMU was built.
There's nothing documented in qemucapabilitiestest.c that says, "build
qemu using" - just how to create the replies file using a built qemu. As
I found, before running ./configure a "yum builddep qemu" should also be
run to ensure whatever the checked out tag needs is installed.
So are the results a fault of a bad process or a bad test? Or just
something we have to accept that in order to have "recent results"? Are
there qemuxml2argvtest's that care about the CPU model? Obviously not -
it's just a string. What does care about the model is the SEV output.
Are there rules to what is found acceptable? Seems we've accepted odd
results in the past. Two examples, commit d4005609f3 which hand edited
in the SEV output and commit 6c50cef8 which tied the testing of
"launch-security-sev" to the "hand edited" caps for
"2.12.0".
It seems that test is the only one where we've allowed a
DO_TEST_CAPS_VER without also a DO_TEST_CAPS_LATEST for a test. In
thinking about that now, it may be a wrong decision. IIRC the _VER test
was meant for when there were differences in output between QEMU caps
versions, but that the _LATEST should be provided for completeness.
Maybe the solution should be that qemucapsprobe lies and fills in the
query-sev-capabilities results via some voodoo and black magic. That
depends on whether we truly care about what qemuxml2argvtest is testing.
Considering that commit d4005609f3 was allowed to proceed even though:
"model-id": "Intel(R) Xeon(R) CPU E5-2630 v3 @ 2.40GHz",
was true, then what difference does it make if this series also hand
edits things? It was only after posting did I realize the extent of the
SEV testing alterations. So we only test that we create a proper sev
command line for qemu 2.12 capabilities. If something ever changed in
the short term future which necessitated more/different options, then
we'd be in the same situation.
That's the case of the first patch in this series, you basically
downgrade the CPU used to generate replies. I know, it requires more
effort when preparing patches.
Pavel
As noted above - it has nothing to do with downgrading a CPU - it has
everything to do with where one runs tests/qemucapsprobe. Generating the
patches shouldn't be that much effort, but the methodology used to
generate the *.replies files should be consistent and documented.
We may have to just accept there will be some output differences. As
long as those differences don't require alterations to some existing
qemuxml2argvtest output, then does it really matter? I'm more than
happy to let someone else generate the "more recent" .replies files. I
think it's something we should do each time QEMU reaches it's final
version build. As the 2.12 results show the difference between -rc0 and
the final tag were perhaps more extensive. At least nothing required
qemuxml2argvtest .args output changes.
FWIW: The 4.0 caps just pushed used the same model-id that I have:
"model-id": "Intel(R) Core(TM) i7-8650U CPU @ 1.90GHz",
However, they were built w/o the "--disable-xen" which seems to be how
other caps files were built (based on the results I got). If I remove
the --disable-xen from my ./configure command above and regenerate
results based on the commit id Cole noted for 4.0, then I got very
similar, but not exactly similar results. The difference happened to be
that "vmx" was false for me, which reminded me I needed to enable nested
virt for my new laptop... With that adjustment, I got the same results.
Of course that also changes the results for what I've posted... But it
also shows perhaps another "difference" that can occur although we don't
care about that difference in our tests. Still, should that be mocked to
always return true? (probably not, unless we care that much about
masking certain differences). Should we mock the 'model-id' output to
be something else too?
>
> [...]
>> @@ -19181,7 +19180,7 @@
>> "kvm-pv-tlb-flush": true,
>> "tbm": false,
>> "wdt": false,
>> - "model-id": "Intel(R) Xeon(R) CPU E3-1245 v5 @
3.50GHz",
>> + "model-id": "Intel(R) Core(TM) i7-8650U CPU @
1.90GHz",
>
> ... an Intel CPU...
>
> [...]
>> @@ -20321,11 +20320,13 @@
>> }
>>
>> {
>> - "id": "libvirt-50",
>> - "error": {
>> - "class": "GenericError",
>> - "desc": "SEV feature is not available"
>> - }
>> + "return": {
>> + "reduced-phys-bits": 1,
>> + "cbitpos": 47,
>> + "cert-chain":
"AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA",
>> + "pdh":
"AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA"
>> + },
>> + "id": "libvirt-50"
>> }
>
> ... suddenly supporting SEV, which is an AMD-specific feature.
>
> The only sane way to deal with the situation is picking a few
> QEMU versions and generate the corresponding capabilities on an
> SEV-capable AMD host; then it's only a matter of making sure SEV
> testing is performed against those specific QEMU versions rather
> than random ones.
>
Well, we could also go with the voodoo or black magic logic and mock the
results. Of course what we do depends more on what we care more about?
Absolutely valid results based on the CPU used to run qemucapsprobe or
generating a caps_VER.ARCH.replies file that allows us to test without
needing to have "x86_64.intel.replies" and "x86_64.amd.replies"
files.
Since using DO_TEST*_LATEST has been the most recent push/request when
altering qemuxml2argvtest, then I think it seems we care more that the
replies files will have results that return valid data for everything
and not :
"error": {
"class": "GenericError",
"desc": "SEV feature is not available"
}
John
> --
> Andrea Bolognani / Red Hat / Virtualization
>
> --
> libvir-list mailing list
> libvir-list(a)redhat.com
>
https://www.redhat.com/mailman/listinfo/libvir-list