When using <os firmware='...'/> we still parse the <nvram> path,
but completely ignore it, replacing any user provided content with
a custom generated path. This makes sense since when undefining the
guest, the code to cleanup NVRAM also uses the same generated path.
Instead of silently ignoring user config, we should report an
explicit error message. This shows that some of our tests had the
bogus config scenario present.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/conf/domain_validate.c | 8 +++
tests/qemuxml2argvdata/os-firmware-bios.xml | 1 -
...mware-efi-bad-nvram-path.x86_64-latest.err | 1 +
.../os-firmware-efi-bad-nvram-path.xml | 68 +++++++++++++++++++
.../os-firmware-efi-secboot.xml | 1 -
tests/qemuxml2argvdata/os-firmware-efi.xml | 1 -
tests/qemuxml2argvtest.c | 1 +
.../os-firmware-bios.x86_64-latest.xml | 1 -
.../os-firmware-efi-secboot.x86_64-latest.xml | 1 -
.../os-firmware-efi.x86_64-latest.xml | 1 -
10 files changed, 78 insertions(+), 6 deletions(-)
create mode 100644
tests/qemuxml2argvdata/os-firmware-efi-bad-nvram-path.x86_64-latest.err
create mode 100644 tests/qemuxml2argvdata/os-firmware-efi-bad-nvram-path.xml
diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index f0b8aa2655..22bfb3b59d 100644
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -1504,6 +1504,14 @@ virDomainDefOSValidate(const virDomainDef *def,
return -1;
}
+ if (def->os.firmware != VIR_DOMAIN_OS_DEF_FIRMWARE_NONE) {
+ if (def->os.loader->nvram) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("NVRAM path is not permitted with firmware
attribute"));
+ return -1;
+ }
+ }
+
return 0;
}
diff --git a/tests/qemuxml2argvdata/os-firmware-bios.xml
b/tests/qemuxml2argvdata/os-firmware-bios.xml
index 63886666dd..d89fcb6c58 100644
--- a/tests/qemuxml2argvdata/os-firmware-bios.xml
+++ b/tests/qemuxml2argvdata/os-firmware-bios.xml
@@ -7,7 +7,6 @@
<os firmware='bios'>
<type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
<loader secure='no'/>
- <nvram>/var/lib/libvirt/qemu/nvram/fedora_VARS.fd</nvram>
<boot dev='hd'/>
<bootmenu enable='yes'/>
</os>
diff --git a/tests/qemuxml2argvdata/os-firmware-efi-bad-nvram-path.x86_64-latest.err
b/tests/qemuxml2argvdata/os-firmware-efi-bad-nvram-path.x86_64-latest.err
new file mode 100644
index 0000000000..2ba8135ad4
--- /dev/null
+++ b/tests/qemuxml2argvdata/os-firmware-efi-bad-nvram-path.x86_64-latest.err
@@ -0,0 +1 @@
+XML error: NVRAM path is not permitted with firmware attribute
diff --git a/tests/qemuxml2argvdata/os-firmware-efi-bad-nvram-path.xml
b/tests/qemuxml2argvdata/os-firmware-efi-bad-nvram-path.xml
new file mode 100644
index 0000000000..a4afdb6d0b
--- /dev/null
+++ b/tests/qemuxml2argvdata/os-firmware-efi-bad-nvram-path.xml
@@ -0,0 +1,68 @@
+<domain type='kvm'>
+ <name>fedora</name>
+ <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+ <memory unit='KiB'>8192</memory>
+ <currentMemory unit='KiB'>8192</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os firmware='efi'>
+ <type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
+ <loader secure='no'/>
+ <nvram>/some/path</nvram>
+ <boot dev='hd'/>
+ <bootmenu enable='yes'/>
+ </os>
+ <features>
+ <acpi/>
+ <apic/>
+ <pae/>
+ </features>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>restart</on_crash>
+ <pm>
+ <suspend-to-mem enabled='yes'/>
+ <suspend-to-disk enabled='no'/>
+ </pm>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' index='0' model='ich9-ehci1'>
+ <address type='pci' domain='0x0000' bus='0x00'
slot='0x1d' function='0x7'/>
+ </controller>
+ <controller type='usb' index='0' model='ich9-uhci1'>
+ <master startport='0'/>
+ <address type='pci' domain='0x0000' bus='0x00'
slot='0x1d' function='0x0' multifunction='on'/>
+ </controller>
+ <controller type='usb' index='0' model='ich9-uhci2'>
+ <master startport='2'/>
+ <address type='pci' domain='0x0000' bus='0x00'
slot='0x1d' function='0x1'/>
+ </controller>
+ <controller type='usb' index='0' model='ich9-uhci3'>
+ <master startport='4'/>
+ <address type='pci' domain='0x0000' bus='0x00'
slot='0x1d' function='0x2'/>
+ </controller>
+ <controller type='sata' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00'
slot='0x1f' function='0x2'/>
+ </controller>
+ <controller type='pci' index='0' model='pcie-root'/>
+ <controller type='pci' index='1'
model='dmi-to-pci-bridge'>
+ <model name='i82801b11-bridge'/>
+ <address type='pci' domain='0x0000' bus='0x00'
slot='0x1e' function='0x0'/>
+ </controller>
+ <controller type='pci' index='2' model='pci-bridge'>
+ <model name='pci-bridge'/>
+ <target chassisNr='2'/>
+ <address type='pci' domain='0x0000' bus='0x01'
slot='0x00' function='0x0'/>
+ </controller>
+ <controller type='pci' index='3'
model='pcie-root-port'>
+ <model name='ioh3420'/>
+ <target chassis='3' port='0x8'/>
+ <address type='pci' domain='0x0000' bus='0x00'
slot='0x01' function='0x0'/>
+ </controller>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <memballoon model='virtio'>
+ <address type='pci' domain='0x0000' bus='0x02'
slot='0x01' function='0x0'/>
+ </memballoon>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvdata/os-firmware-efi-secboot.xml
b/tests/qemuxml2argvdata/os-firmware-efi-secboot.xml
index a285e06334..51faac54bf 100644
--- a/tests/qemuxml2argvdata/os-firmware-efi-secboot.xml
+++ b/tests/qemuxml2argvdata/os-firmware-efi-secboot.xml
@@ -7,7 +7,6 @@
<os firmware='efi'>
<type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
<loader secure='yes'/>
- <nvram>/var/lib/libvirt/qemu/nvram/fedora_VARS.fd</nvram>
<boot dev='hd'/>
<bootmenu enable='yes'/>
</os>
diff --git a/tests/qemuxml2argvdata/os-firmware-efi.xml
b/tests/qemuxml2argvdata/os-firmware-efi.xml
index 46a7b1b780..cb21437ed8 100644
--- a/tests/qemuxml2argvdata/os-firmware-efi.xml
+++ b/tests/qemuxml2argvdata/os-firmware-efi.xml
@@ -7,7 +7,6 @@
<os firmware='efi'>
<type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
<loader secure='no'/>
- <nvram>/var/lib/libvirt/qemu/nvram/fedora_VARS.fd</nvram>
<boot dev='hd'/>
<bootmenu enable='yes'/>
</os>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index d2a53d35a8..693566f2d4 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -3406,6 +3406,7 @@ mymain(void)
DO_TEST_CAPS_LATEST("os-firmware-bios");
DO_TEST_CAPS_LATEST("os-firmware-efi");
+ DO_TEST_CAPS_LATEST_PARSE_ERROR("os-firmware-efi-bad-nvram-path");
DO_TEST_CAPS_LATEST("os-firmware-efi-secboot");
DO_TEST_CAPS_LATEST("os-firmware-efi-no-enrolled-keys");
DO_TEST_CAPS_ARCH_LATEST("aarch64-os-firmware-efi", "aarch64");
diff --git a/tests/qemuxml2xmloutdata/os-firmware-bios.x86_64-latest.xml
b/tests/qemuxml2xmloutdata/os-firmware-bios.x86_64-latest.xml
index df6f61421a..a278ff059c 100644
--- a/tests/qemuxml2xmloutdata/os-firmware-bios.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/os-firmware-bios.x86_64-latest.xml
@@ -7,7 +7,6 @@
<os firmware='bios'>
<type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
<loader secure='no'/>
- <nvram>/var/lib/libvirt/qemu/nvram/fedora_VARS.fd</nvram>
<boot dev='hd'/>
<bootmenu enable='yes'/>
</os>
diff --git a/tests/qemuxml2xmloutdata/os-firmware-efi-secboot.x86_64-latest.xml
b/tests/qemuxml2xmloutdata/os-firmware-efi-secboot.x86_64-latest.xml
index c383546cc6..e7224896aa 100644
--- a/tests/qemuxml2xmloutdata/os-firmware-efi-secboot.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/os-firmware-efi-secboot.x86_64-latest.xml
@@ -7,7 +7,6 @@
<os firmware='efi'>
<type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
<loader secure='yes'/>
- <nvram>/var/lib/libvirt/qemu/nvram/fedora_VARS.fd</nvram>
<boot dev='hd'/>
<bootmenu enable='yes'/>
</os>
diff --git a/tests/qemuxml2xmloutdata/os-firmware-efi.x86_64-latest.xml
b/tests/qemuxml2xmloutdata/os-firmware-efi.x86_64-latest.xml
index 04d57860e7..73f4b9a033 100644
--- a/tests/qemuxml2xmloutdata/os-firmware-efi.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/os-firmware-efi.x86_64-latest.xml
@@ -7,7 +7,6 @@
<os firmware='efi'>
<type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
<loader secure='no'/>
- <nvram>/var/lib/libvirt/qemu/nvram/fedora_VARS.fd</nvram>
<boot dev='hd'/>
<bootmenu enable='yes'/>
</os>
--
2.34.1