[PATCH 0/6] Expose QEMU's -fw_cfg
There was a discussion whether to do this or not: https://www.redhat.com/archives/libvir-list/2020-May/msg00954.html Before you start reviewing, naming is hard and I was unable to come up with a good element names and place, so suggestions are more than welcome! Michal Prívozník (6): domain_conf: Format NS always last conf: Add firmware blob configuration qemu: Validate firmware blob configuration qemu: Introduce fw_cfg capability secdrivers: Relabel firmware config files qemu: Generate command line for -fw_cfg docs/formatdomain.html.in | 30 +++++ docs/schemas/domaincommon.rng | 24 ++++ src/conf/domain_conf.c | 114 +++++++++++++++++- src/conf/domain_conf.h | 11 ++ src/conf/virconftypes.h | 3 + src/qemu/qemu_capabilities.c | 4 + src/qemu/qemu_capabilities.h | 3 + src/qemu/qemu_command.c | 38 ++++++ src/qemu/qemu_validate.c | 38 ++++++ src/security/security_dac.c | 14 +++ src/security/security_selinux.c | 13 ++ src/security/virt-aa-helper.c | 6 + .../caps_2.10.0.aarch64.xml | 1 + .../caps_2.10.0.ppc64.xml | 1 + .../caps_2.10.0.s390x.xml | 1 + .../caps_2.10.0.x86_64.xml | 1 + .../caps_2.11.0.s390x.xml | 1 + .../caps_2.11.0.x86_64.xml | 1 + .../caps_2.12.0.aarch64.xml | 1 + .../caps_2.12.0.ppc64.xml | 1 + .../caps_2.12.0.s390x.xml | 1 + .../caps_2.12.0.x86_64.xml | 1 + .../caps_2.4.0.x86_64.xml | 1 + .../caps_2.5.0.x86_64.xml | 1 + .../caps_2.6.0.aarch64.xml | 1 + .../qemucapabilitiesdata/caps_2.6.0.ppc64.xml | 1 + .../caps_2.6.0.x86_64.xml | 1 + .../qemucapabilitiesdata/caps_2.7.0.s390x.xml | 1 + .../caps_2.7.0.x86_64.xml | 1 + .../qemucapabilitiesdata/caps_2.8.0.s390x.xml | 1 + .../caps_2.8.0.x86_64.xml | 1 + .../qemucapabilitiesdata/caps_2.9.0.ppc64.xml | 1 + .../qemucapabilitiesdata/caps_2.9.0.s390x.xml | 1 + .../caps_2.9.0.x86_64.xml | 1 + .../qemucapabilitiesdata/caps_3.0.0.ppc64.xml | 1 + .../caps_3.0.0.riscv32.xml | 1 + .../caps_3.0.0.riscv64.xml | 1 + .../qemucapabilitiesdata/caps_3.0.0.s390x.xml | 1 + .../caps_3.0.0.x86_64.xml | 1 + .../qemucapabilitiesdata/caps_3.1.0.ppc64.xml | 1 + .../caps_3.1.0.x86_64.xml | 1 + .../caps_4.0.0.aarch64.xml | 1 + .../qemucapabilitiesdata/caps_4.0.0.ppc64.xml | 1 + .../caps_4.0.0.riscv32.xml | 1 + .../caps_4.0.0.riscv64.xml | 1 + .../qemucapabilitiesdata/caps_4.0.0.s390x.xml | 1 + .../caps_4.0.0.x86_64.xml | 1 + .../caps_4.1.0.x86_64.xml | 1 + .../caps_4.2.0.aarch64.xml | 1 + .../qemucapabilitiesdata/caps_4.2.0.ppc64.xml | 1 + .../qemucapabilitiesdata/caps_4.2.0.s390x.xml | 1 + .../caps_4.2.0.x86_64.xml | 1 + .../caps_5.0.0.aarch64.xml | 1 + .../qemucapabilitiesdata/caps_5.0.0.ppc64.xml | 1 + .../caps_5.0.0.riscv64.xml | 1 + .../caps_5.0.0.x86_64.xml | 1 + .../caps_5.1.0.x86_64.xml | 1 + tests/qemuxml2argvdata/fw_cfg.args | 32 +++++ tests/qemuxml2argvdata/fw_cfg.xml | 40 ++++++ tests/qemuxml2argvtest.c | 1 + tests/qemuxml2xmloutdata/fw_cfg.xml | 1 + tests/qemuxml2xmltest.c | 1 + 62 files changed, 413 insertions(+), 5 deletions(-) create mode 100644 tests/qemuxml2argvdata/fw_cfg.args create mode 100644 tests/qemuxml2argvdata/fw_cfg.xml create mode 120000 tests/qemuxml2xmloutdata/fw_cfg.xml -- 2.26.2
I think that since <qemu:commandline/> is kind of a hack, it doesn't deserve place in the front row. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/conf/domain_conf.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 1406cf079e..ff0e7e9539 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -29880,16 +29880,16 @@ virDomainDefFormatInternalSetRootName(virDomainDefPtr def, for (n = 0; n < def->nseclabels; n++) virSecurityLabelDefFormat(buf, def->seclabels[n], flags); - if (def->namespaceData && def->ns.format) { - if ((def->ns.format)(buf, def->namespaceData) < 0) - goto error; - } - if (def->keywrap) virDomainKeyWrapDefFormat(buf, def->keywrap); virDomainSEVDefFormat(buf, def->sev); + if (def->namespaceData && def->ns.format) { + if ((def->ns.format)(buf, def->namespaceData) < 0) + goto error; + } + virBufferAdjustIndent(buf, -2); virBufferAsprintf(buf, "</%s>\n", rootname); -- 2.26.2
QEMU has -fw_cfg which allows users to tweak how firmware configures itself and/or provide new configuration blobs. Introduce new <firmware/> element as a direct child of <domain/> that will hold these new blobs. It's possible to either specify new value as a string or provide a filename which contents then serve as the value. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- docs/formatdomain.html.in | 30 ++++++++ docs/schemas/domaincommon.rng | 24 +++++++ src/conf/domain_conf.c | 104 ++++++++++++++++++++++++++++ src/conf/domain_conf.h | 11 +++ src/conf/virconftypes.h | 3 + tests/qemuxml2argvdata/fw_cfg.xml | 40 +++++++++++ tests/qemuxml2xmloutdata/fw_cfg.xml | 1 + tests/qemuxml2xmltest.c | 1 + 8 files changed, 214 insertions(+) create mode 100644 tests/qemuxml2argvdata/fw_cfg.xml create mode 120000 tests/qemuxml2xmloutdata/fw_cfg.xml diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 33cec1e6dd..bd67b44af8 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -595,6 +595,36 @@ </dd> </dl> + <h3><a id="elementsFirmware">Firmware configuration</a></h3> + + <p> + Some hypervisors provide unified way to tweak how firmware configures + itself, or may contain tables to be installed for the guest OS, for + instance boot order, ACPI, SMBIOS, etc. It even allows users to define + their own config blobs. In case of QEMU, these then appear under domain's + sysfs, under <code>/sys/firmware/qemu_fw_cfg</code>. + <span class="since">Since 6.5.0</span> + </p> + +<pre> + <firmware> + <entry name="opt/com.example/name" value="example value"/> + <entry name="opt/com.coreos/config" file="/tmp/provision.ign"/> + </firmware> +</pre> + + <p> + The <code>firmware</code> element can have multiple <code>entry</code> + child element. Each element then has mandatory <code>name</code> + attribute, which defines the name of the blob and must begin with + <code>"opt/"</code> and to avoid clashing with other names is advised to + be in form <code>"opt/$RFQDN/$name"</code> where <code>$RFQDN</code> is a + reverse fully qualified domain name you control. + Then, the element can have either <code>value</code> attribute (to set + the blob value directly), or <code>file</code> attribute (to set the blob + value from the file). + </p> + <h3><a id="elementsCPUAllocation">CPU Allocation</a></h3> <pre> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 6727cd743b..84c455d378 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -49,6 +49,9 @@ <optional> <ref name="sysinfo"/> </optional> + <optional> + <ref name='firmware'/> + </optional> <ref name="os"/> <ref name="clock"/> <ref name="resources"/> @@ -5617,6 +5620,27 @@ <data type="string"/> </define> + <define name="firmware"> + <element name="firmware"> + <zeroOrMore> + <element name="entry"> + <attribute name="name"> + <data type="string"/> + </attribute> + <choice> + <attribute name="value"> + <data type="string"/> + </attribute> + <attribute name="file"> + <data type="string"/> + </attribute> + </choice> + <empty/> + </element> + </zeroOrMore> + </element> + </define> + <define name="acpiTable"> <element name="acpi"> <zeroOrMore> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index ff0e7e9539..edbd00801a 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -3385,6 +3385,18 @@ virDomainSEVDefFree(virDomainSEVDefPtr def) } +static void +virDomainFWCfgDefFree(virDomainFWCfgDefPtr def) +{ + if (!def) + return; + + VIR_FREE(def->name); + VIR_FREE(def->value); + VIR_FREE(def->file); +} + + void virDomainDefFree(virDomainDefPtr def) { size_t i; @@ -3553,6 +3565,10 @@ void virDomainDefFree(virDomainDefPtr def) virSysinfoDefFree(def->sysinfo); + for (i = 0; i < def->nfw_cfgs; i++) + virDomainFWCfgDefFree(&def->fw_cfgs[i]); + VIR_FREE(def->fw_cfgs); + virDomainRedirFilterDefFree(def->redirfilter); for (i = 0; i < def->nshmems; i++) @@ -20921,6 +20937,89 @@ virDomainMemorytuneDefParse(virDomainDefPtr def, } +static int +virDomainFWCfgDefParse(virDomainDefPtr def, + xmlXPathContextPtr ctxt) +{ + g_autofree xmlNodePtr *nodes = NULL; + int n; + size_t i; + + if ((n = virXPathNodeSet("./firmware/entry", ctxt, &nodes)) < 0) + return -1; + + if (n == 0) + return 0; + + def->fw_cfgs = g_new0(virDomainFWCfgDef, n); + + for (i = 0; i < n; i++) { + g_autofree char *name = NULL; + g_autofree char *value = NULL; + g_autofree char *file = NULL; + + if (!(name = virXMLPropString(nodes[i], "name"))) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("Firmware entry is missing 'name' attribute")); + goto error; + } + + value = virXMLPropString(nodes[i], "value"); + file = virXMLPropString(nodes[i], "file"); + + if (!value && !file) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("Firmware entry must have either 'value' or " + "'file' attribute")); + goto error; + } + + def->fw_cfgs[i].name = g_steal_pointer(&name); + def->fw_cfgs[i].value = g_steal_pointer(&value); + def->fw_cfgs[i].file = g_steal_pointer(&file); + def->nfw_cfgs++; + } + + return 0; + + error: + while (def->nfw_cfgs) + virDomainFWCfgDefFree(&def->fw_cfgs[--def->nfw_cfgs]); + VIR_FREE(def->fw_cfgs); + return -1; +} + + +static void +virDomainFWCfgDefFormat(virBufferPtr buf, + const virDomainDef *def) +{ + size_t i; + + if (def->nfw_cfgs == 0) + return; + + virBufferAddLit(buf, "<firmware>\n"); + virBufferAdjustIndent(buf, 2); + + for (i = 0; i < def->nfw_cfgs; i++) { + const virDomainFWCfgDef *f = &def->fw_cfgs[i]; + + virBufferAsprintf(buf, "<entry name='%s' ", f->name); + + if (f->value) + virBufferEscapeString(buf, "value='%s'", f->value); + else + virBufferEscapeString(buf, "file='%s'", f->file); + + virBufferAddLit(buf, "/>\n"); + } + + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "</firmware>\n"); +} + + static virDomainDefPtr virDomainDefParseXML(xmlDocPtr xml, xmlXPathContextPtr ctxt, @@ -22202,6 +22301,9 @@ virDomainDefParseXML(xmlDocPtr xml, def->os.smbios_mode = mode; } + if (virDomainFWCfgDefParse(def, ctxt) < 0) + goto error; + if (virDomainKeyWrapDefParseXML(def, ctxt) < 0) goto error; @@ -29512,6 +29614,8 @@ virDomainDefFormatInternalSetRootName(virDomainDefPtr def, if (def->sysinfo) ignore_value(virSysinfoFormat(buf, def->sysinfo)); + virDomainFWCfgDefFormat(buf, def); + if (def->os.bootloader) { virBufferEscapeString(buf, "<bootloader>%s</bootloader>\n", def->os.bootloader); diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index e152c599ca..2dad4dc08a 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -2481,6 +2481,14 @@ struct _virDomainVirtioOptions { virTristateSwitch packed; }; + +struct _virDomainFWCfgDef { + char *name; + char *value; + char *file; +}; + + /* * Guest VM main configuration * @@ -2624,6 +2632,9 @@ struct _virDomainDef { size_t npanics; virDomainPanicDefPtr *panics; + size_t nfw_cfgs; + virDomainFWCfgDefPtr fw_cfgs; + /* Only 1 */ virDomainWatchdogDefPtr watchdog; virDomainMemballoonDefPtr memballoon; diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h index 1c62cde251..89440e1ac8 100644 --- a/src/conf/virconftypes.h +++ b/src/conf/virconftypes.h @@ -359,3 +359,6 @@ typedef virDomainXMLPrivateDataCallbacks *virDomainXMLPrivateDataCallbacksPtr; typedef struct _virDomainXenbusControllerOpts virDomainXenbusControllerOpts; typedef virDomainXenbusControllerOpts *virDomainXenbusControllerOptsPtr; + +typedef struct _virDomainFWCfgDef virDomainFWCfgDef; +typedef virDomainFWCfgDef *virDomainFWCfgDefPtr; diff --git a/tests/qemuxml2argvdata/fw_cfg.xml b/tests/qemuxml2argvdata/fw_cfg.xml new file mode 100644 index 0000000000..ff3d5b9693 --- /dev/null +++ b/tests/qemuxml2argvdata/fw_cfg.xml @@ -0,0 +1,40 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219100</memory> + <currentMemory unit='KiB'>219100</currentMemory> + <vcpu placement='static'>1</vcpu> + <firmware> + <entry name='opt/com.example/name' value='example value'/> + <entry name='opt/com.coreos/config' file='/tmp/provision.ign'/> + </firmware> + <os> + <type arch='i686' machine='pc'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu-system-i386</emulator> + <disk type='block' device='disk'> + <driver name='qemu' type='raw'/> + <source dev='/dev/HostVG/QEMUGuest1'/> + <target dev='hda' bus='ide'/> + <address type='drive' controller='0' bus='0' target='0' unit='0'/> + </disk> + <controller type='ide' index='0'> + <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/> + </controller> + <controller type='usb' index='0'> + <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/> + </controller> + <controller type='pci' index='0' model='pci-root'/> + <input type='mouse' bus='ps2'/> + <input type='keyboard' bus='ps2'/> + <memballoon model='virtio'> + <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> + </memballoon> + </devices> +</domain> diff --git a/tests/qemuxml2xmloutdata/fw_cfg.xml b/tests/qemuxml2xmloutdata/fw_cfg.xml new file mode 120000 index 0000000000..d6921a9c64 --- /dev/null +++ b/tests/qemuxml2xmloutdata/fw_cfg.xml @@ -0,0 +1 @@ +../qemuxml2argvdata/fw_cfg.xml \ No newline at end of file diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c index dcc7b29ded..3d3b65534b 100644 --- a/tests/qemuxml2xmltest.c +++ b/tests/qemuxml2xmltest.c @@ -1125,6 +1125,7 @@ mymain(void) DO_TEST("shmem-plain-doorbell", NONE); DO_TEST("smbios", NONE); DO_TEST("smbios-multiple-type2", NONE); + DO_TEST("fw_cfg", NONE); DO_TEST_CAPS_LATEST("os-firmware-bios"); DO_TEST_CAPS_LATEST("os-firmware-efi"); -- 2.26.2
There are recommendations and limitations to the name of the config blobs we need to follow [1]. Firstly, we don't want users to change any value only add new blobs. This means, that the name must have "opt/" prefix and at the same time must not begin with "opt/ovmf" nor "opt/org.qemu" as these are reserved for OVMF or QEMU respectively. Secondly, there is a limit (FW_CFG_MAX_FILE_PATH in qemu.git) of 56 characters for filename. 1: docs/specs/fw_cfg.txt from qemu.git Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_validate.c | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c index 584d1375b8..1274159b39 100644 --- a/src/qemu/qemu_validate.c +++ b/src/qemu/qemu_validate.c @@ -762,6 +762,41 @@ qemuValidateDefGetVcpuHotplugGranularity(const virDomainDef *def) } +#define QEMU_FW_CFG_MAX_FILE_PATH 55 +static int +qemuValidateDomainDefFWCfg(const virDomainDef *def, + virQEMUCapsPtr qemuCaps G_GNUC_UNUSED) +{ + size_t i; + + for (i = 0; i < def->nfw_cfgs; i++) { + const virDomainFWCfgDef *f = &def->fw_cfgs[i]; + + if (!STRPREFIX(f->name, "opt/")) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("Invalid firmware name")); + return -1; + } + + if (STRPREFIX(f->name, "opt/ovmf/") || + STRPREFIX(f->name, "opt/org.qemu/")) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("That firmware name is reserved")); + return -1; + } + + if (f->file && + strlen(f->file) > QEMU_FW_CFG_MAX_FILE_PATH) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("firmware file too long")); + return -1; + } + } + + return 0; +} + + int qemuValidateDomainDef(const virDomainDef *def, void *opaque) @@ -978,6 +1013,9 @@ qemuValidateDomainDef(const virDomainDef *def, } } + if (qemuValidateDomainDefFWCfg(def, qemuCaps) < 0) + return -1; + return 0; } -- 2.26.2
This capability tracks whether QEMU supports -fw_cfg command line option, more specifically whether it allows specifying filename. There are some releases of QEMU which support -fw_cfg but not filename. If this is ever a problem we can refine the capability later on. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_capabilities.c | 4 ++++ src/qemu/qemu_capabilities.h | 3 +++ tests/qemucapabilitiesdata/caps_2.10.0.aarch64.xml | 1 + tests/qemucapabilitiesdata/caps_2.10.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_2.10.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_2.10.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml | 1 + tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_2.4.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_2.5.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_2.6.0.aarch64.xml | 1 + tests/qemucapabilitiesdata/caps_2.6.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_2.6.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_2.7.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_2.7.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_2.9.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_2.9.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_3.0.0.riscv32.xml | 1 + tests/qemucapabilitiesdata/caps_3.0.0.riscv64.xml | 1 + tests/qemucapabilitiesdata/caps_3.0.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_3.1.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_4.0.0.aarch64.xml | 1 + tests/qemucapabilitiesdata/caps_4.0.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_4.0.0.riscv32.xml | 1 + tests/qemucapabilitiesdata/caps_4.0.0.riscv64.xml | 1 + tests/qemucapabilitiesdata/caps_4.0.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_4.0.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_4.1.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml | 1 + tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml | 1 + tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml | 1 + tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml | 1 + 47 files changed, 52 insertions(+) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index f12769635a..dbf8d6d45c 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -582,6 +582,9 @@ VIR_ENUM_IMPL(virQEMUCaps, "tcg", "virtio-blk-pci.scsi.default.disabled", "pvscsi", + + /* 370 */ + "fw_cfg", ); @@ -3279,6 +3282,7 @@ static struct virQEMUCapsCommandLineProps virQEMUCapsCommandLine[] = { { "overcommit", NULL, QEMU_CAPS_OVERCOMMIT }, { "smp-opts", "dies", QEMU_CAPS_SMP_DIES }, { "fsdev", "multidevs", QEMU_CAPS_FSDEV_MULTIDEVS }, + { "fw_cfg", "file", QEMU_CAPS_FW_CFG }, }; static int diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h index 076ecad0f7..7e5f007771 100644 --- a/src/qemu/qemu_capabilities.h +++ b/src/qemu/qemu_capabilities.h @@ -564,6 +564,9 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */ QEMU_CAPS_VIRTIO_BLK_SCSI_DEFAULT_DISABLED, /* virtio-blk-pci.scsi disabled by default */ QEMU_CAPS_SCSI_PVSCSI, /* -device pvscsi */ + /* 370 */ + QEMU_CAPS_FW_CFG, /* -fw_cfg command line option */ + QEMU_CAPS_LAST /* this must always be the last item */ } virQEMUCapsFlags; diff --git a/tests/qemucapabilitiesdata/caps_2.10.0.aarch64.xml b/tests/qemucapabilitiesdata/caps_2.10.0.aarch64.xml index db8a298873..0848b1e18b 100644 --- a/tests/qemucapabilitiesdata/caps_2.10.0.aarch64.xml +++ b/tests/qemucapabilitiesdata/caps_2.10.0.aarch64.xml @@ -142,6 +142,7 @@ <flag name='iothread.poll-max-ns'/> <flag name='tcg'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>2010000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>61700287</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_2.10.0.ppc64.xml b/tests/qemucapabilitiesdata/caps_2.10.0.ppc64.xml index 15e8933300..82a37edd9c 100644 --- a/tests/qemucapabilitiesdata/caps_2.10.0.ppc64.xml +++ b/tests/qemucapabilitiesdata/caps_2.10.0.ppc64.xml @@ -142,6 +142,7 @@ <flag name='i8042'/> <flag name='tcg'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>2010000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>42900287</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_2.10.0.s390x.xml b/tests/qemucapabilitiesdata/caps_2.10.0.s390x.xml index 90c42cdf4f..7a1ad3d173 100644 --- a/tests/qemucapabilitiesdata/caps_2.10.0.s390x.xml +++ b/tests/qemucapabilitiesdata/caps_2.10.0.s390x.xml @@ -108,6 +108,7 @@ <flag name='query-cpu-model-comparison'/> <flag name='storage.werror'/> <flag name='tcg'/> + <flag name='fw_cfg'/> <version>2010000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>39100287</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_2.10.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_2.10.0.x86_64.xml index cb02723ada..f82ea38a26 100644 --- a/tests/qemucapabilitiesdata/caps_2.10.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_2.10.0.x86_64.xml @@ -185,6 +185,7 @@ <flag name='i8042'/> <flag name='tcg'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>2010000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>43100287</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml b/tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml index d27f656ae0..1108aa46d0 100644 --- a/tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml +++ b/tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml @@ -115,6 +115,7 @@ <flag name='query-cpu-model-comparison'/> <flag name='storage.werror'/> <flag name='tcg'/> + <flag name='fw_cfg'/> <version>2011000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>39100288</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml index 5245fc77dc..91cb5f80a6 100644 --- a/tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml @@ -191,6 +191,7 @@ <flag name='i8042'/> <flag name='tcg'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>2011000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>43100288</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml b/tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml index 38d36400e4..78070c0401 100644 --- a/tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml +++ b/tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml @@ -158,6 +158,7 @@ <flag name='drive-nvme'/> <flag name='tcg'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>2012000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>61700289</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml b/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml index 53abf2debb..45d3baf080 100644 --- a/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml +++ b/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml @@ -159,6 +159,7 @@ <flag name='machine.pseries.cap-ibs'/> <flag name='tcg'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>2011090</version> <kvmVersion>0</kvmVersion> <microcodeVersion>42900289</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml b/tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml index 880e5f137a..f9b92d11f2 100644 --- a/tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml +++ b/tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml @@ -127,6 +127,7 @@ <flag name='drive-nvme'/> <flag name='storage.werror'/> <flag name='tcg'/> + <flag name='fw_cfg'/> <version>2012000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>39100289</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml index 319dd6f2c3..8688dc32d5 100644 --- a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml @@ -200,6 +200,7 @@ <flag name='i8042'/> <flag name='tcg'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>2011090</version> <kvmVersion>0</kvmVersion> <microcodeVersion>43100289</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_2.4.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_2.4.0.x86_64.xml index 7f0fe3b9aa..310f69499f 100644 --- a/tests/qemucapabilitiesdata/caps_2.4.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_2.4.0.x86_64.xml @@ -136,6 +136,7 @@ <flag name='i8042'/> <flag name='tcg'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>2004000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>43100242</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_2.5.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_2.5.0.x86_64.xml index efb4ffa019..af9b9e96fd 100644 --- a/tests/qemucapabilitiesdata/caps_2.5.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_2.5.0.x86_64.xml @@ -142,6 +142,7 @@ <flag name='i8042'/> <flag name='tcg'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>2005000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>43100243</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_2.6.0.aarch64.xml b/tests/qemucapabilitiesdata/caps_2.6.0.aarch64.xml index 0ce5deb6e9..ec17ca5c27 100644 --- a/tests/qemucapabilitiesdata/caps_2.6.0.aarch64.xml +++ b/tests/qemucapabilitiesdata/caps_2.6.0.aarch64.xml @@ -125,6 +125,7 @@ <flag name='hda-output'/> <flag name='tcg'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>2006000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>61700244</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_2.6.0.ppc64.xml b/tests/qemucapabilitiesdata/caps_2.6.0.ppc64.xml index 13573cfd03..13e6df006e 100644 --- a/tests/qemucapabilitiesdata/caps_2.6.0.ppc64.xml +++ b/tests/qemucapabilitiesdata/caps_2.6.0.ppc64.xml @@ -121,6 +121,7 @@ <flag name='i8042'/> <flag name='tcg'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>2006000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>42900244</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_2.6.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_2.6.0.x86_64.xml index 0c9f594a65..c25731997e 100644 --- a/tests/qemucapabilitiesdata/caps_2.6.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_2.6.0.x86_64.xml @@ -154,6 +154,7 @@ <flag name='i8042'/> <flag name='tcg'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>2006000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>43100244</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_2.7.0.s390x.xml b/tests/qemucapabilitiesdata/caps_2.7.0.s390x.xml index 571d748f6c..2421b46f35 100644 --- a/tests/qemucapabilitiesdata/caps_2.7.0.s390x.xml +++ b/tests/qemucapabilitiesdata/caps_2.7.0.s390x.xml @@ -92,6 +92,7 @@ <flag name='zpci'/> <flag name='storage.werror'/> <flag name='tcg'/> + <flag name='fw_cfg'/> <version>2007000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>39100245</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_2.7.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_2.7.0.x86_64.xml index c97fa18a1f..9f25bd17ec 100644 --- a/tests/qemucapabilitiesdata/caps_2.7.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_2.7.0.x86_64.xml @@ -159,6 +159,7 @@ <flag name='i8042'/> <flag name='tcg'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>2007000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>43100245</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml b/tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml index be5cf4977b..083562f641 100644 --- a/tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml +++ b/tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml @@ -97,6 +97,7 @@ <flag name='query-cpu-model-comparison'/> <flag name='storage.werror'/> <flag name='tcg'/> + <flag name='fw_cfg'/> <version>2007093</version> <kvmVersion>0</kvmVersion> <microcodeVersion>39100246</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml index 9a2b1f83ac..5426e8a54b 100644 --- a/tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml @@ -162,6 +162,7 @@ <flag name='i8042'/> <flag name='tcg'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>2008000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>43100246</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_2.9.0.ppc64.xml b/tests/qemucapabilitiesdata/caps_2.9.0.ppc64.xml index 0c32a1c305..fe49896e72 100644 --- a/tests/qemucapabilitiesdata/caps_2.9.0.ppc64.xml +++ b/tests/qemucapabilitiesdata/caps_2.9.0.ppc64.xml @@ -134,6 +134,7 @@ <flag name='i8042'/> <flag name='tcg'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>2009000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>42900247</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_2.9.0.s390x.xml b/tests/qemucapabilitiesdata/caps_2.9.0.s390x.xml index c93cd4211f..32861f67ba 100644 --- a/tests/qemucapabilitiesdata/caps_2.9.0.s390x.xml +++ b/tests/qemucapabilitiesdata/caps_2.9.0.s390x.xml @@ -102,6 +102,7 @@ <flag name='query-cpu-model-comparison'/> <flag name='storage.werror'/> <flag name='tcg'/> + <flag name='fw_cfg'/> <version>2009000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>39100247</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml index 122d9509f1..f241cc7a59 100644 --- a/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml @@ -179,6 +179,7 @@ <flag name='i8042'/> <flag name='tcg'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>2009000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>43100247</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml b/tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml index b81ed605d3..95f982eadf 100644 --- a/tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml +++ b/tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml @@ -161,6 +161,7 @@ <flag name='machine.pseries.cap-ibs'/> <flag name='tcg'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>2012050</version> <kvmVersion>0</kvmVersion> <microcodeVersion>42900239</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.riscv32.xml b/tests/qemucapabilitiesdata/caps_3.0.0.riscv32.xml index e2c87dafe3..35d08c67ec 100644 --- a/tests/qemucapabilitiesdata/caps_3.0.0.riscv32.xml +++ b/tests/qemucapabilitiesdata/caps_3.0.0.riscv32.xml @@ -97,6 +97,7 @@ <flag name='drive-nvme'/> <flag name='storage.werror'/> <flag name='tcg'/> + <flag name='fw_cfg'/> <version>3000000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>0</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.riscv64.xml b/tests/qemucapabilitiesdata/caps_3.0.0.riscv64.xml index 0b8e5589db..42635c2e6d 100644 --- a/tests/qemucapabilitiesdata/caps_3.0.0.riscv64.xml +++ b/tests/qemucapabilitiesdata/caps_3.0.0.riscv64.xml @@ -97,6 +97,7 @@ <flag name='drive-nvme'/> <flag name='storage.werror'/> <flag name='tcg'/> + <flag name='fw_cfg'/> <version>3000000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>0</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.s390x.xml b/tests/qemucapabilitiesdata/caps_3.0.0.s390x.xml index 189bc09288..96d8953496 100644 --- a/tests/qemucapabilitiesdata/caps_3.0.0.s390x.xml +++ b/tests/qemucapabilitiesdata/caps_3.0.0.s390x.xml @@ -130,6 +130,7 @@ <flag name='drive-nvme'/> <flag name='storage.werror'/> <flag name='tcg'/> + <flag name='fw_cfg'/> <version>3000000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>39100239</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml index 40cff641a8..80ab4914c6 100644 --- a/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml @@ -206,6 +206,7 @@ <flag name='storage.werror'/> <flag name='tcg'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>3000000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>43100239</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml b/tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml index 4e47e0a581..3a21eb3aab 100644 --- a/tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml +++ b/tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml @@ -166,6 +166,7 @@ <flag name='machine.pseries.cap-ibs'/> <flag name='tcg'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>3000091</version> <kvmVersion>0</kvmVersion> <microcodeVersion>42900240</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_3.1.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_3.1.0.x86_64.xml index 3dbda4b3f3..b1f4794559 100644 --- a/tests/qemucapabilitiesdata/caps_3.1.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_3.1.0.x86_64.xml @@ -209,6 +209,7 @@ <flag name='storage.werror'/> <flag name='tcg'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>3000092</version> <kvmVersion>0</kvmVersion> <microcodeVersion>43100240</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_4.0.0.aarch64.xml b/tests/qemucapabilitiesdata/caps_4.0.0.aarch64.xml index 2b5210338f..b1047ca044 100644 --- a/tests/qemucapabilitiesdata/caps_4.0.0.aarch64.xml +++ b/tests/qemucapabilitiesdata/caps_4.0.0.aarch64.xml @@ -172,6 +172,7 @@ <flag name='storage.werror'/> <flag name='tcg'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>4000000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>61700240</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_4.0.0.ppc64.xml b/tests/qemucapabilitiesdata/caps_4.0.0.ppc64.xml index 582cbdc8c2..a4916c2279 100644 --- a/tests/qemucapabilitiesdata/caps_4.0.0.ppc64.xml +++ b/tests/qemucapabilitiesdata/caps_4.0.0.ppc64.xml @@ -180,6 +180,7 @@ <flag name='machine.pseries.cap-ibs'/> <flag name='tcg'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>4000000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>42900240</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_4.0.0.riscv32.xml b/tests/qemucapabilitiesdata/caps_4.0.0.riscv32.xml index 199911d254..ec7c6b05e1 100644 --- a/tests/qemucapabilitiesdata/caps_4.0.0.riscv32.xml +++ b/tests/qemucapabilitiesdata/caps_4.0.0.riscv32.xml @@ -173,6 +173,7 @@ <flag name='storage.werror'/> <flag name='tcg'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>4000000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>0</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_4.0.0.riscv64.xml b/tests/qemucapabilitiesdata/caps_4.0.0.riscv64.xml index 4ddb79d2f8..d8924a10e8 100644 --- a/tests/qemucapabilitiesdata/caps_4.0.0.riscv64.xml +++ b/tests/qemucapabilitiesdata/caps_4.0.0.riscv64.xml @@ -173,6 +173,7 @@ <flag name='storage.werror'/> <flag name='tcg'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>4000000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>0</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_4.0.0.s390x.xml b/tests/qemucapabilitiesdata/caps_4.0.0.s390x.xml index d04129c327..671c28cb82 100644 --- a/tests/qemucapabilitiesdata/caps_4.0.0.s390x.xml +++ b/tests/qemucapabilitiesdata/caps_4.0.0.s390x.xml @@ -138,6 +138,7 @@ <flag name='drive-nvme'/> <flag name='storage.werror'/> <flag name='tcg'/> + <flag name='fw_cfg'/> <version>4000000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>39100240</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_4.0.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_4.0.0.x86_64.xml index bf7735caf3..a08a1655d4 100644 --- a/tests/qemucapabilitiesdata/caps_4.0.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_4.0.0.x86_64.xml @@ -214,6 +214,7 @@ <flag name='storage.werror'/> <flag name='tcg'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>4000000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>43100240</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_4.1.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_4.1.0.x86_64.xml index 8ce0f80e8a..cde7b85428 100644 --- a/tests/qemucapabilitiesdata/caps_4.1.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_4.1.0.x86_64.xml @@ -220,6 +220,7 @@ <flag name='storage.werror'/> <flag name='tcg'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>4001000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>43100241</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml b/tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml index 154f70443e..11d487eefe 100644 --- a/tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml +++ b/tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml @@ -184,6 +184,7 @@ <flag name='virtio.packed'/> <flag name='tcg'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>4001050</version> <kvmVersion>0</kvmVersion> <microcodeVersion>61700242</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml b/tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml index eeec181f62..4d44cd4ac6 100644 --- a/tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml +++ b/tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml @@ -185,6 +185,7 @@ <flag name='machine.pseries.cap-ibs'/> <flag name='tcg'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>4001050</version> <kvmVersion>0</kvmVersion> <microcodeVersion>42900242</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml b/tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml index 4c0908294a..6db5926aaa 100644 --- a/tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml +++ b/tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml @@ -148,6 +148,7 @@ <flag name='fsdev.multidevs'/> <flag name='virtio.packed'/> <flag name='tcg'/> + <flag name='fw_cfg'/> <version>4002000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>39100242</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml index 50ed35f092..fedd1ea13b 100644 --- a/tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml @@ -228,6 +228,7 @@ <flag name='virtio.packed'/> <flag name='tcg'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>4002000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>43100242</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml b/tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml index 9b24490137..7f993b38e1 100644 --- a/tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml +++ b/tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml @@ -193,6 +193,7 @@ <flag name='tcg'/> <flag name='virtio-blk-pci.scsi.default.disabled'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>5000000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>61700241</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml b/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml index 69e5b4c8fa..409120262e 100644 --- a/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml +++ b/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml @@ -201,6 +201,7 @@ <flag name='tcg'/> <flag name='virtio-blk-pci.scsi.default.disabled'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>5000000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>42900241</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml b/tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml index 7a091d27db..fb4956f144 100644 --- a/tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml +++ b/tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml @@ -189,6 +189,7 @@ <flag name='tcg'/> <flag name='virtio-blk-pci.scsi.default.disabled'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>5000000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>0</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml index ba39fef713..d2c03444d5 100644 --- a/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml @@ -234,6 +234,7 @@ <flag name='tcg'/> <flag name='virtio-blk-pci.scsi.default.disabled'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>5000000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>43100241</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml index c2bc121f73..aa11246b80 100644 --- a/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml @@ -234,6 +234,7 @@ <flag name='tcg'/> <flag name='virtio-blk-pci.scsi.default.disabled'/> <flag name='pvscsi'/> + <flag name='fw_cfg'/> <version>5000050</version> <kvmVersion>0</kvmVersion> <microcodeVersion>43100242</microcodeVersion> -- 2.26.2
For the case where -fw_cfg uses a file, we need to set the seclabels on it to allow QEMU the access. While QEMU allows writing into the file (if specified on the command line), so far we are enabling reading only and thus we can use read only label (in case of SELinux). Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/security/security_dac.c | 14 ++++++++++++++ src/security/security_selinux.c | 13 +++++++++++++ src/security/virt-aa-helper.c | 6 ++++++ 3 files changed, 33 insertions(+) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 7b95a6f86d..a1340c242c 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -1991,6 +1991,12 @@ virSecurityDACRestoreAllLabel(virSecurityManagerPtr mgr, rc = -1; } + for (i = 0; i < def->nfw_cfgs; i++) { + if (def->fw_cfgs[i].file && + virSecurityDACRestoreFileLabel(mgr, def->fw_cfgs[i].file) < 0) + rc = -1; + } + if (def->os.loader && def->os.loader->nvram && virSecurityDACRestoreFileLabel(mgr, def->os.loader->nvram) < 0) rc = -1; @@ -2173,6 +2179,14 @@ virSecurityDACSetAllLabel(virSecurityManagerPtr mgr, if (virSecurityDACGetImageIds(secdef, priv, &user, &group)) return -1; + for (i = 0; i < def->nfw_cfgs; i++) { + if (def->fw_cfgs[i].file && + virSecurityDACSetOwnership(mgr, NULL, + def->fw_cfgs[i].file, + user, group, true) < 0) + return -1; + } + if (def->os.loader && def->os.loader->nvram && virSecurityDACSetOwnership(mgr, NULL, def->os.loader->nvram, diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index 7bb7c2b7b1..c5a8e33bd7 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -2786,6 +2786,12 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManagerPtr mgr, mgr) < 0) rc = -1; + for (i = 0; i < def->nfw_cfgs; i++) { + if (def->fw_cfgs[i].file && + virSecuritySELinuxRestoreFileLabel(mgr, def->fw_cfgs[i].file, true) < 0) + rc = -1; + } + if (def->os.loader && def->os.loader->nvram && virSecuritySELinuxRestoreFileLabel(mgr, def->os.loader->nvram, true) < 0) rc = -1; @@ -3194,6 +3200,13 @@ virSecuritySELinuxSetAllLabel(virSecurityManagerPtr mgr, mgr) < 0) return -1; + for (i = 0; i < def->nfw_cfgs; i++) { + if (def->fw_cfgs[i].file && + virSecuritySELinuxSetFilecon(mgr, def->fw_cfgs[i].file, + data->content_context, true) < 0) + return -1; + } + /* This is different than kernel or initrd. The nvram store * is really a disk, qemu can read and write to it. */ if (def->os.loader && def->os.loader->nvram && diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 6e6dd1b1db..12beef6442 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -1175,6 +1175,12 @@ get_files(vahControl * ctl) } } + for (i = 0; i < ctl->def->nfw_cfgs; i++) { + if (ctl->def->fw_cfgs[i].file && + vah_add_file(&buf, ctl->def->fw_cfgs[i].file, "r") != 0) + goto cleanup; + } + for (i = 0; i < ctl->def->nshmems; i++) { virDomainShmemDef *shmem = ctl->def->shmems[i]; /* explicit server paths can be on any model to overwrites defaults. -- 2.26.2
This is pretty straightforward and self explanatory. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1837990 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_command.c | 38 ++++++++++++++++++++++++++++++ tests/qemuxml2argvdata/fw_cfg.args | 32 +++++++++++++++++++++++++ tests/qemuxml2argvtest.c | 1 + 3 files changed, 71 insertions(+) create mode 100644 tests/qemuxml2argvdata/fw_cfg.args diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 419eca5675..b1e047690b 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -5794,6 +5794,41 @@ qemuBuildSmbiosCommandLine(virCommandPtr cmd, } +static int +qemuBuildFWCfgCommandLine(virCommandPtr cmd, + virQEMUCapsPtr qemuCaps, + const virDomainDef *def) +{ + size_t i; + + if (def->nfw_cfgs == 0) + return 0; + + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_FW_CFG)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("fw_cfg is not supported with this QEMU")); + return -1; + } + + for (i = 0; i < def->nfw_cfgs; i++) { + const virDomainFWCfgDef *f = &def->fw_cfgs[i]; + g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER; + + virBufferAsprintf(&buf, "name=%s", f->name); + + if (f->value) + virBufferEscapeString(&buf, ",string=%s", f->value); + else + virBufferEscapeString(&buf, ",file=%s", f->file); + + virCommandAddArg(cmd, "-fw_cfg"); + virCommandAddArgBuffer(cmd, &buf); + } + + return 0; +} + + static int qemuBuildVMGenIDCommandLine(virCommandPtr cmd, const virDomainDef *def) @@ -9634,6 +9669,9 @@ qemuBuildCommandLine(virQEMUDriverPtr driver, if (qemuBuildSmbiosCommandLine(cmd, driver, def) < 0) return NULL; + if (qemuBuildFWCfgCommandLine(cmd, qemuCaps, def) < 0) + return NULL; + if (qemuBuildVMGenIDCommandLine(cmd, def) < 0) return NULL; diff --git a/tests/qemuxml2argvdata/fw_cfg.args b/tests/qemuxml2argvdata/fw_cfg.args new file mode 100644 index 0000000000..95cbe55435 --- /dev/null +++ b/tests/qemuxml2argvdata/fw_cfg.args @@ -0,0 +1,32 @@ +LC_ALL=C \ +PATH=/bin \ +HOME=/tmp/lib/domain--1-QEMUGuest1 \ +USER=test \ +LOGNAME=test \ +XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \ +XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \ +XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \ +QEMU_AUDIO_DRV=none \ +/usr/bin/qemu-system-i386 \ +-name QEMUGuest1 \ +-S \ +-machine pc,accel=tcg,usb=off,dump-guest-core=off \ +-m 214 \ +-realtime mlock=off \ +-smp 1,sockets=1,cores=1,threads=1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-fw_cfg 'name=opt/com.example/name,string=example value' \ +-fw_cfg name=opt/com.coreos/config,file=/tmp/provision.ign \ +-display none \ +-no-user-config \ +-nodefaults \ +-chardev socket,id=charmonitor,path=/tmp/lib/domain--1-QEMUGuest1/monitor.sock,\ +server,nowait \ +-mon chardev=charmonitor,id=monitor,mode=control \ +-rtc base=utc \ +-no-shutdown \ +-no-acpi \ +-usb \ +-drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-ide0-0-0 \ +-device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 \ +-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3 diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 3103cac884..dc10b30fe5 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -1684,6 +1684,7 @@ mymain(void) DO_TEST("smbios", NONE); DO_TEST_PARSE_ERROR("smbios-date", NONE); DO_TEST_PARSE_ERROR("smbios-uuid-match", NONE); + DO_TEST("fw_cfg", QEMU_CAPS_FW_CFG); DO_TEST("watchdog", NONE); DO_TEST("watchdog-device", NONE); -- 2.26.2
On Wed, Jun 03, 2020 at 07:01:32PM +0200, Michal Privoznik wrote:
There was a discussion whether to do this or not:
https://www.redhat.com/archives/libvir-list/2020-May/msg00954.html
Before you start reviewing, naming is hard and I was unable to come up with a good element names and place, so suggestions are more than welcome!
Conceptually there's big overlap between SMBIOS and fwcfg, as they are both data tables exposed by firmware at well defined location/format. Currently we have use SMBIOS via <sysinfo type='smbios'> ...SMBIOS info... </sysinfo> It feels sensible to use that "type" attribute <sysinfo type='fwcfg'> ...fwcfg info... </sysinfo> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
participants (2)
-
Daniel P. Berrangé -
Michal Privoznik