Don't check os type / virt type / arch in the post-parse callback because we can't assume qemuCaps is non-NULL at this point. It also conceptually belongs to the validation callback. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com&gt; --- src/qemu/qemu_domain.c | 42 ++++++++++++++++++++-------------------- tests/qemuxml2argvtest.c | 9 ++++++--- 2 files changed, 27 insertions(+), 24 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 27926c7670..3e1bd52d9f 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -4865,27 +4865,6 @@ qemuDomainDefPostParse(virDomainDefPtr def, return 1; } - if (def->os.type != VIR_DOMAIN_OSTYPE_HVM) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, - _("Emulator '%s' does not support os type '%s'"), - def->emulator, virDomainOSTypeToString(def->os.type)); - return -1; - } - - if (!virQEMUCapsIsArchSupported(qemuCaps, def->os.arch)) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, - _("Emulator '%s' does not support arch '%s'"), - def->emulator, virArchToString(def->os.arch)); - return -1; - } - - if (!virQEMUCapsIsVirtTypeSupported(qemuCaps, def->virtType)) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, - _("Emulator '%s' does not support virt type '%s'"), - def->emulator, virDomainVirtTypeToString(def->virtType)); - return -1; - } - if (def->os.bootloader || def->os.bootloaderArgs) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("bootloader is not supported by QEMU")); @@ -5142,6 +5121,27 @@ qemuDomainDefValidate(const virDomainDef *def, def->emulator))) goto cleanup; + if (def->os.type != VIR_DOMAIN_OSTYPE_HVM) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("Emulator '%s' does not support os type '%s'"), + def->emulator, virDomainOSTypeToString(def->os.type)); + goto cleanup; + } + + if (!virQEMUCapsIsArchSupported(qemuCaps, def->os.arch)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("Emulator '%s' does not support arch '%s'"), + def->emulator, virArchToString(def->os.arch)); + goto cleanup; + } + + if (!virQEMUCapsIsVirtTypeSupported(qemuCaps, def->virtType)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("Emulator '%s' does not support virt type '%s'"), + def->emulator, virDomainVirtTypeToString(def->virtType)); + goto cleanup; + } + if (def->mem.min_guarantee) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("Parameter 'min_guarantee' not supported by QEMU.")); diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index ba4a92ec0a..8655db609e 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -2852,10 +2852,13 @@ mymain(void) QEMU_CAPS_NEC_USB_XHCI); /* VM XML has invalid arch/ostype/virttype combo, but the SKIP flag - * will avoid the error. Still, we expect qemu driver to complain about - * missing machine error, and not crash */ + * will avoid the error during parse. This will cause us to fill in + * the missing machine type using the i386 binary, despite it being + * the wrong binary for the arch. We expect to get a failure about + * bad arch later when creating the pretend command. + */ DO_TEST_FULL("missing-machine", - ARG_FLAGS, FLAG_EXPECT_PARSE_ERROR | FLAG_EXPECT_FAILURE, + ARG_FLAGS, FLAG_EXPECT_FAILURE, ARG_PARSEFLAGS, VIR_DOMAIN_DEF_PARSE_SKIP_VALIDATE, ARG_QEMU_CAPS, NONE); -- 2.23.0

The use of the parseOpaque parameter was mistakenly removed in commit 4a4132b4625778cf80acb9c92d06351b44468ac3 Author: Daniel P. Berrangé <berrange(a)redhat.com&gt; Date: Tue Dec 3 10:49:49 2019 +0000 conf: don't use passed in caps in post parse method causing the method to re-fetch qemuCaps that were already just fetched and put into parseOpaque. This is inefficient when parsing incoming XML, but for live XML this is more serious as it means we use the capabilities for the current QEMU binary on disk, rather than the running QEMU. That commit, however, did have a useful side effect of fixing a crasher bug in the qemu post parse callback introduced by commit 5e939cea896fb3373a6f68f86e325c657429ed3d Author: Jiri Denemark <jdenemar(a)redhat.com&gt; Date: Thu Sep 26 18:42:02 2019 +0200 qemu: Store default CPU in domain XML The qemuDomainDefSetDefaultCPU() method in that patch did not allow for the possibility that qemuCaps would be NULL and thus resulted in a SEGV. This shows a risk in letting each check in the post parse callback look for qemuCaps == NULL. The safer option is to check once upfront and immediately stop (postpone) further validation. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com&gt; --- src/qemu/qemu_domain.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 3e1bd52d9f..cf2e9aebd2 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -4854,16 +4854,18 @@ static int qemuDomainDefPostParse(virDomainDefPtr def, unsigned int parseFlags, void *opaque, - void *parseOpaque G_GNUC_UNUSED) + void *parseOpaque) { virQEMUDriverPtr driver = opaque; g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver); - g_autoptr(virQEMUCaps) qemuCaps = NULL; + virQEMUCapsPtr qemuCaps = parseOpaque; - if (!(qemuCaps = virQEMUCapsCacheLookup(driver->qemuCapsCache, - def->emulator))) { + /* Note that qemuCaps may be NULL when this function is called. This + * function shall not fail in that case. It will be re-run on VM startup + * with the capabilities populated. + */ + if (!qemuCaps) return 1; - } if (def->os.bootloader || def->os.bootloaderArgs) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", -- 2.23.0