Peter Krempa [Thu, 2 Mar 2023 16:32:28 +0000 (17:32 +0100)]
util: virfilecache: Introduce virFileCacheClear for usage in tests
In tests we need to be able to populate the cache with a deterministic
set of entries. This means we need to drop the contents of the cache
between runs to prevent spillage between test cases.
virFileCacheClear drops all entries from the hash table used for the
cache.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Turns out that those overrides I recently removed where actually
there for a reason, and there was a motivation behind creating
the driver config as unprivileged too O:-)
Until a solution that can both ensure predictable output and
avoid code duplication is developed, go back to the previous
approach.
Fixes: 2f56f69f7f7e ("tests: Create privileged config for QEMU driver") Fixes: 0f49b6cc6b81 ("tests: Drop no longer necessary overrides") Fixes: 0b464cd84ff3 ("tests: Drop more QEMU driver config overrides") Signed-off-by: Andrea Bolognani <abologna@redhat.com>
These are allegedly necessary to keep the output consistent,
but now that we're using a privileged config for the driver we
get the desired behavior out of the box, and as a bonus the
paths match what you would actually see on a regular host.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
For almost all directories, the value we set matches the one
a standard deployment would use, but in a couple of cases they
deviate from that. Keep things consistent.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
tests: Move more QEMU driver settings to common code
None of these settings is specific to the xml2argv test. Moving
them to the common code ensures the behavior of the QEMU driver
is consistent across all QEMU tests.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Our QEMU test suite effectively covers the qemu:///system
scenario, and we have to partially replace the unprivileged
config with its privileged equivalent after the fact to keep up
the illusion.
Instead of jumping through these extra hoops, we can simply
start with a privileged configuration matching the privileged
driver we're creating for test programs.
This change highlights that we were missing a couple of
overrides, specifically in the tests for passt and dbus. Now
that we're creating a privileged config, this kind of issue
shouldn't be able to slip into the test suite.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
These are intended to be used for just a few specific tests,
but since we don't always free them up afterwards they could
end up accidentally affecting subsequent tests as well.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Follow the example of other similar settings and only enable it
for the few test cases that are actually about the specific
functionality, disabling it immediately afterwards.
A few test cases that were completely unrelated to SPICE TLS no
longer see the effects of having the feature enabled.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Peter Krempa [Mon, 6 Mar 2023 08:18:51 +0000 (09:18 +0100)]
qemuBuildHostNetProps: Report proper errors for unhandled interface types
VIR_DOMAIN_NET_TYPE_NULL and VIR_DOMAIN_NET_TYPE_VDS are not implemented
for the qemu driver but the formatter code in 'qemuBuildHostNetProps'
didn't report an error for them and didn't even return from the function
when they were encountered.
This caused a crash in 'virJSONValueObjectAppendStringPrintf' which
does not tolerate NULL JSON object to append to when the unsupported
devices were used.
Properly report error when unhandled devices are encountered. This also
includes the case for VIR_DOMAIN_NET_TYPE_HOSTDEV, but that code path
should never be reached.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2175582 Fixes: bac6b266fb6a / 6457619d186 Fixes: 0225483adce Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Mon, 6 Mar 2023 10:16:32 +0000 (11:16 +0100)]
examples: systemtap: Warn users to properly update 'amd-sev-es-vmsa.stp'
The script references a very specific line in the kernel source code and
a very specific struct. Further changes to the kernel are likely going
to break it. Set the expectations by adding a warning to the reader.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Peter Krempa [Mon, 27 Feb 2023 11:46:13 +0000 (12:46 +0100)]
qemu: Use '-machine acpi=on/off' instead of deprecated '-no-acpi'
QEMU deprecated the '-no-acpi' option, thus we should switch to the
modern way to use '-machine'.
Certain ARM machine types don't support ACPI. Given our historically
broken design of using '<acpi/>' without attribute to enable ACPI and
qemu's default of enabling it without '-no-acpi' such configurations
would not work.
Now when qemu reports whether given machine type supports ACPI we can do
a better decision and un-break those configs. Unfortunately not
retroactively.
Resolves: https://gitlab.com/libvirt/libvirt/-/issues/297 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Mon, 27 Feb 2023 13:45:47 +0000 (14:45 +0100)]
qemu: capabilities: Extract whether machine type supports ACPI
The return data from 'query-machines' now contains an 'acpi' field. If
the field is present we can use it to decide how to handle user's
setting of '<acpi/>' domain feature.
Add logic to extract the 'acpi' field and store it in machine type list
along with other properties.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
- 'acpi' field in 'query-machines' added
- 'SapphireRapids(-v1)' cpu model added
- 'fsrs', 'fsrc', 'fzrm' cpu features added and available via TCG
- 'fsrm' feature can be now emulated by qemu
- 'smm-enabled' property added to 'ICH9-LPC' device
- 'luks-any' encryption type for RBD blockdev backend and way to
specify encryption options for parent image via 'parent'
- 'xen-event-inject', 'xen-event-list' commands added
- 'xen-xenstore', 'xen-gnttab', 'xen-evtchn', 'xen-overlay',
'xen-platform'
- 'i2c-echo' device added
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Thu, 23 Feb 2023 08:07:50 +0000 (09:07 +0100)]
qemuxml2(argv|xmltest): Simplify testing of scheduler settings
Remove the cputune-iothreads, cputune-iothreadsched-zeropriority,
cputune-iothreadsched test files by moving the relevant elements into
the cputune case as we can setup scheduler settings for multiple objects
and thus test everything in one go.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 22 Feb 2023 14:57:47 +0000 (15:57 +0100)]
qemuxml2(argv|xml)test: Modernize 'cputune' test cases
Use DO_TEST_CAPS_LATEST for cputune-numatune, cputune-zero-shares,
cputune, and vcpu-placement-static cases. Do the necessary tweaks to
work with actual data.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 22 Feb 2023 14:10:07 +0000 (15:10 +0100)]
qemuxml2argvtest: Remove 'iothreads-nocap'
All supported QEMU versions now support iothreads thus upcoming patches
will be removing the capability checks. Remove the 'iothreads-nocap'
case which will become invalid.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 21 Feb 2023 13:20:09 +0000 (14:20 +0100)]
scripts/apibuild: Extract and format API ACLs
As an additional step before processing the API parse the protocol file
and extract all ACL definitions. This way we can distribute them for any
user of the libvirt API XML files. We will be also able to avoid another
call to gendispatch, which generates all this data into a standalone
XML.
The remote procedure to API name is inspired by what rpcgen does.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 21 Feb 2023 13:06:02 +0000 (14:06 +0100)]
apibuild: Add infrastructure for generating ACL flag info into function docs
If the user of the 'docBuilder' class provides a dict (key is API name,
value is a tuple of arrays (acls, aclfilters), use the dict to generate
ACL definitions into the function definition.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
For unmanaged ethernet <interface/>, it is user's responsibility
to set up the interface. And as such it can be just anything.
Therefore, it's (almost) impossible for the
virDomainInterfaceStats() API to tell whether RX/TX values need
to be swapped or copied verbatim into the return structure.
Document this limitation.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
When fetching stats for a domain's <interface/>, or when setting
up its QoS, we can face two situations:
1) the device "shares" the host view, meaning each packet
sent/received on the interface by a domain is accounted for in
the same category on the host, or
2) the device is at the other side, and a packet send by a
domain, is in fact packet received on the host.
This fact affects whether we need to swap RX/TX values when
fetching stats, or setting up QoS. We have this convenient helper
function (virDomainNetTypeSharesHostView()), which returns to
which category given interface type falls into.
Now, for unmanaged type='ethernet' our options are quite limited,
because it's user's responsibility to set up the host side of the
interface. And it can be just anything. Fortunately, we have
another convenience function (virNetDevMacVLanIsMacvtap()), which
determines whether given interface is a macvtap (which is
notoriously known for falling into the first category).
Let's use it to help virDomainNetTypeSharesHostView() determine
the view more accurately.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2175449 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Setting the LIBVIRT_SKIP_CLEANUP environment variable results
in the contents of fakerootdir being preserved for inspection.
Be more helpful towards the developer and print out the path
in this case.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
Instead of having each test manually initialize and cleanup
its own fakerootdir, do that as part of the common test
initialization logic in virTestMain().
In most cases we can simply drop the relevant code from the
test program, but scsihosttest uses the value of fakerootdir
as a starting point to build another path, so we need to do
things slightly differently. In order to keep things working,
we retrieve the value from the LIBVIRT_FAKE_ROOT_DIR
environment variable, same as all the mock libraries are
already doing.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
Most replacements are completely straightforward but
vircgrouptest requires slightly different handling because,
instead of initializing a single fakerootdir at the start of
the test program and cleaning it up at the end, it creates
multiple different ones one after the other.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
These cover various scenarios related to firmware formats,
specifically ensuring that all the ways in which the user can
ask for a non-default format to be used work correctly.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Tue, 31 Jan 2023 18:16:18 +0000 (19:16 +0100)]
qemu: Propagate firmware format
Take the information from the descriptor and store it in the
domain definition. Various things, such as the arguments passed
to -blockdev and the path generated for the NVRAM file, will
then be based on it.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Tue, 31 Jan 2023 16:46:58 +0000 (17:46 +0100)]
qemu: Filter firmwares based on format
If the user has requested a specific firmware format, then
all firmware builds that are not in that format should be
ignored while looking for matches.
The legacy hardcoded firmware list predates firmware
descriptors and their "format" field, so we can safely
assume that all builds listed in there are in raw format.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
This ensures that, as we add support for more formats at the
domain XML level, we don't accidentally cause drivers to
misbehave or users to get confused.
All existing drivers support the raw format, and supporting
additional formats will require explicit opt-in on the
driver's part.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Tue, 31 Jan 2023 13:35:28 +0000 (14:35 +0100)]
conf: Change handling for empty NVRAM path
Right now, this results in loader->nvram being NULL, which is
reasonable: loader->nvramTemplate is stored separately, so if
the <nvram> element doesn't contain a path there is really no
useful information inside it.
However, this is about to change, so we will find ourselves
needing to hold on to loader->nvram even when no path is
present. Change the firmware handling code so that such a
scenario is dealt with appropriately.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Tue, 24 Jan 2023 16:01:48 +0000 (17:01 +0100)]
qemu: Move firmware selection from startup to postparse
Currently, firmware selection is performed as part of the
domain startup process. This mostly works fine, but there's a
significant downside to this approach: since the process is
affected by factors outside of libvirt's control, specifically
the contents of the various JSON firmware descriptors and
their names, it's pretty much impossible to guarantee that the
outcome is always going to be the same. It would only take an
edk2 update, or a change made by the local admin, to render a
domain unbootable or downgrade its boot security.
To avoid this, move firmware selection to the postparse phase.
This way it will only be performed once, when the domain is
first defined; subsequent boots will not need to go through
the process again, as all the paths that were picked during
firmware selection are recorded in the domain XML.
Care is taken to ensure that existing domains are handled
correctly, even if their firmware configuration can't be
successfully resolved. Failure to complete the firmware
selection process is only considered fatal when defining a
new domain; in all other cases the error will be reported
during startup, as is already the case today.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Fri, 27 Jan 2023 16:48:43 +0000 (17:48 +0100)]
tests: Add descriptors for QCOW2 format firmware builds
Now that we ignore all firmwares that are not in raw format
while performing autoselection, we can have descriptors for
firmware builds in QCOW2 format without breaking anything.
Note that the descriptors are arranged so that they have the
highest priority on aarch64, but the lowest one on x86_64.
This matches the expectation that QCOW2 will quickly be
adopted as the default on aarch64, where its use produces
significant benefits in terms of memory usage, while x86_64
will likely stick with raw for the foreseeable future.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Fri, 27 Jan 2023 16:39:25 +0000 (17:39 +0100)]
qemu: Don't pick firmware with unsupported format
Right now, if the descriptor with the highest priority happens
to describe a firmware in a format other than raw, no domain
that uses autoselection will be able to start.
A better approach is to filter out descriptors that advertise
unsupported formats during autoselection.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Fri, 27 Jan 2023 16:22:24 +0000 (17:22 +0100)]
qemu: Don't pick firmware that requires SMM when smm=off
At the moment, if SMM is explicitly disabled in the domain XML
but a firmware descriptor that requires SMM to be enabled has
the highest priority and otherwise matches the requirements,
we pick that firmware only to error out later, when the domain
is started.
A better approach is to take into account the fact that SMM is
disabled while performing autoselection, and ignore all
descriptors that advertise the requires-smm feature.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Tue, 24 Jan 2023 18:38:37 +0000 (19:38 +0100)]
qemu: Clear os.firmwareFeatures after autoselection
We already clear os.firmware, so it doesn't make sense to keep
the list of features around.
Moreover, our validation routines will reject an XML that
contains a list of firmware features but disables firmware
autoselection, so not clearing these means that the live XML
for a domain that uses feature-based autoselection can't be
fed back into libvirt.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
We already handle the <nvram> element in a separate helper,
which is cleaner than having all the logic in the top-level
virDomainLoaderDefParseXML() function.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Fri, 10 Feb 2023 16:40:29 +0000 (17:40 +0100)]
tests: Add more firmware tests
These cover scenarios such as using the new, more verbose
format of the <nvram> element to point to a local path, mixing
firmware autoselection with non-local NVRAM files, and
explicitly disabling SMM when using firmware autoselection.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Most of the differences, such as those in the domain name or
amount of memory, are fairly harmless, but they still make it
more cumbersome than necessary to directly compare different
input (and output) files.
More importantly, the use of unversioned machine types in some
of the test cases results in the descriptor-based autoselection
logic being effectively skipped, because the compatible machine
types as listed in them are only the versioned variants.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Michal Privoznik [Mon, 13 Feb 2023 11:35:28 +0000 (12:35 +0100)]
qemu: Let virCommand module translate exitstatus
When starting (some) external helpers, callers of
qemuSecurityCommandRun() pass &exitstatus variable, to learn the
exit code of helper process (with qemuTPMEmulatorStart() being
the only exception). Then, if the status wasn't zero they produce
a generic error message, like:
"Starting of helper process failed. exitstatus=%d"
or, in case of qemuPasstStart():
"Could not start 'passt': %s"
This is needless as virCommandRun() (that's called under the
hood), can do both for us, if NULL was passed instead of
@exitstatus. Not only it appends exit status, it also reads
stderr of failed command producing comprehensive error message:
Child process (${args}) unexpected exit status ${exitstatus}: ${stderr}
Therefore, pass NULL everywhere. But in contrast with one of
previous commits which removed @cmdret argument, there could be a
sensible caller which might want to process exit code. So keep
the argument for now and just pass NULL.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Mon, 13 Feb 2023 11:27:49 +0000 (12:27 +0100)]
qemu: Drop @cmdret argument from qemuSecurityCommandRun()
Every single caller of qemuSecurityCommandRun() calls the
function as:
if (qemuSecurityCommandRun(..., &cmdret) < 0)
goto cleanup;
if (cmdret < 0)
goto cleanup;
(modulo @exitstatus shenanigans)
Well, there's no need for such complication. There isn't a single
caller (and probably will never be (TM)), that would need to
distinguish the reason for the failure. Therefore,
qemuSecurityCommandRun() can be made to pass the retval of
virCommandRun() called under the hood.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
The only problem with this pattern is that if virCommandRun()
fails (i.e. cmdret < 0), then proper error was already reported.
But in this pattern we overwrite it (usually with less specific)
error.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Mon, 20 Feb 2023 09:49:34 +0000 (10:49 +0100)]
qemu_slirp: Don't set errfd when starting slirp helper
Way back, in v6.2.0-rc1~67 we removed the code that reads slirp's
stderr on failed startup. However, we forgot to remove
corresponding virCommandSetErrorFD() call and variable
declaration. Do that now.
While this may seem like a step in wrong direction (we should be
reading stderr as it may contain reason for failed start), this
is going to be handled in more general way in next commits.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Jim Fehlig [Thu, 23 Feb 2023 18:02:46 +0000 (11:02 -0700)]
security: Add support for SUSE edk2 firmware paths
SUSE installs edk2 firmwares for both x86_64 and aarch64 in /usr/share/qemu.
Add support for this path in virt-aa-helper and allow locking files within
the path in the libvirt qemu abstraction.
Signed-off-by: Jim Fehlig <jfehlig@suse.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
projects / thirdparty / libvirt.git / log
