Peter Krempa [Mon, 27 Feb 2023 13:45:47 +0000 (14:45 +0100)]
qemu: capabilities: Extract whether machine type supports ACPI
The return data from 'query-machines' now contains an 'acpi' field. If
the field is present we can use it to decide how to handle user's
setting of '<acpi/>' domain feature.
Add logic to extract the 'acpi' field and store it in machine type list
along with other properties.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
- 'acpi' field in 'query-machines' added
- 'SapphireRapids(-v1)' cpu model added
- 'fsrs', 'fsrc', 'fzrm' cpu features added and available via TCG
- 'fsrm' feature can be now emulated by qemu
- 'smm-enabled' property added to 'ICH9-LPC' device
- 'luks-any' encryption type for RBD blockdev backend and way to
specify encryption options for parent image via 'parent'
- 'xen-event-inject', 'xen-event-list' commands added
- 'xen-xenstore', 'xen-gnttab', 'xen-evtchn', 'xen-overlay',
'xen-platform'
- 'i2c-echo' device added
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Thu, 23 Feb 2023 08:07:50 +0000 (09:07 +0100)]
qemuxml2(argv|xmltest): Simplify testing of scheduler settings
Remove the cputune-iothreads, cputune-iothreadsched-zeropriority,
cputune-iothreadsched test files by moving the relevant elements into
the cputune case as we can setup scheduler settings for multiple objects
and thus test everything in one go.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 22 Feb 2023 14:57:47 +0000 (15:57 +0100)]
qemuxml2(argv|xml)test: Modernize 'cputune' test cases
Use DO_TEST_CAPS_LATEST for cputune-numatune, cputune-zero-shares,
cputune, and vcpu-placement-static cases. Do the necessary tweaks to
work with actual data.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 22 Feb 2023 14:10:07 +0000 (15:10 +0100)]
qemuxml2argvtest: Remove 'iothreads-nocap'
All supported QEMU versions now support iothreads thus upcoming patches
will be removing the capability checks. Remove the 'iothreads-nocap'
case which will become invalid.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 21 Feb 2023 13:20:09 +0000 (14:20 +0100)]
scripts/apibuild: Extract and format API ACLs
As an additional step before processing the API parse the protocol file
and extract all ACL definitions. This way we can distribute them for any
user of the libvirt API XML files. We will be also able to avoid another
call to gendispatch, which generates all this data into a standalone
XML.
The remote procedure to API name is inspired by what rpcgen does.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 21 Feb 2023 13:06:02 +0000 (14:06 +0100)]
apibuild: Add infrastructure for generating ACL flag info into function docs
If the user of the 'docBuilder' class provides a dict (key is API name,
value is a tuple of arrays (acls, aclfilters), use the dict to generate
ACL definitions into the function definition.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
For unmanaged ethernet <interface/>, it is user's responsibility
to set up the interface. And as such it can be just anything.
Therefore, it's (almost) impossible for the
virDomainInterfaceStats() API to tell whether RX/TX values need
to be swapped or copied verbatim into the return structure.
Document this limitation.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
When fetching stats for a domain's <interface/>, or when setting
up its QoS, we can face two situations:
1) the device "shares" the host view, meaning each packet
sent/received on the interface by a domain is accounted for in
the same category on the host, or
2) the device is at the other side, and a packet send by a
domain, is in fact packet received on the host.
This fact affects whether we need to swap RX/TX values when
fetching stats, or setting up QoS. We have this convenient helper
function (virDomainNetTypeSharesHostView()), which returns to
which category given interface type falls into.
Now, for unmanaged type='ethernet' our options are quite limited,
because it's user's responsibility to set up the host side of the
interface. And it can be just anything. Fortunately, we have
another convenience function (virNetDevMacVLanIsMacvtap()), which
determines whether given interface is a macvtap (which is
notoriously known for falling into the first category).
Let's use it to help virDomainNetTypeSharesHostView() determine
the view more accurately.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2175449 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Setting the LIBVIRT_SKIP_CLEANUP environment variable results
in the contents of fakerootdir being preserved for inspection.
Be more helpful towards the developer and print out the path
in this case.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
Instead of having each test manually initialize and cleanup
its own fakerootdir, do that as part of the common test
initialization logic in virTestMain().
In most cases we can simply drop the relevant code from the
test program, but scsihosttest uses the value of fakerootdir
as a starting point to build another path, so we need to do
things slightly differently. In order to keep things working,
we retrieve the value from the LIBVIRT_FAKE_ROOT_DIR
environment variable, same as all the mock libraries are
already doing.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
Most replacements are completely straightforward but
vircgrouptest requires slightly different handling because,
instead of initializing a single fakerootdir at the start of
the test program and cleaning it up at the end, it creates
multiple different ones one after the other.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
These cover various scenarios related to firmware formats,
specifically ensuring that all the ways in which the user can
ask for a non-default format to be used work correctly.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Tue, 31 Jan 2023 18:16:18 +0000 (19:16 +0100)]
qemu: Propagate firmware format
Take the information from the descriptor and store it in the
domain definition. Various things, such as the arguments passed
to -blockdev and the path generated for the NVRAM file, will
then be based on it.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Tue, 31 Jan 2023 16:46:58 +0000 (17:46 +0100)]
qemu: Filter firmwares based on format
If the user has requested a specific firmware format, then
all firmware builds that are not in that format should be
ignored while looking for matches.
The legacy hardcoded firmware list predates firmware
descriptors and their "format" field, so we can safely
assume that all builds listed in there are in raw format.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
This ensures that, as we add support for more formats at the
domain XML level, we don't accidentally cause drivers to
misbehave or users to get confused.
All existing drivers support the raw format, and supporting
additional formats will require explicit opt-in on the
driver's part.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Tue, 31 Jan 2023 13:35:28 +0000 (14:35 +0100)]
conf: Change handling for empty NVRAM path
Right now, this results in loader->nvram being NULL, which is
reasonable: loader->nvramTemplate is stored separately, so if
the <nvram> element doesn't contain a path there is really no
useful information inside it.
However, this is about to change, so we will find ourselves
needing to hold on to loader->nvram even when no path is
present. Change the firmware handling code so that such a
scenario is dealt with appropriately.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Tue, 24 Jan 2023 16:01:48 +0000 (17:01 +0100)]
qemu: Move firmware selection from startup to postparse
Currently, firmware selection is performed as part of the
domain startup process. This mostly works fine, but there's a
significant downside to this approach: since the process is
affected by factors outside of libvirt's control, specifically
the contents of the various JSON firmware descriptors and
their names, it's pretty much impossible to guarantee that the
outcome is always going to be the same. It would only take an
edk2 update, or a change made by the local admin, to render a
domain unbootable or downgrade its boot security.
To avoid this, move firmware selection to the postparse phase.
This way it will only be performed once, when the domain is
first defined; subsequent boots will not need to go through
the process again, as all the paths that were picked during
firmware selection are recorded in the domain XML.
Care is taken to ensure that existing domains are handled
correctly, even if their firmware configuration can't be
successfully resolved. Failure to complete the firmware
selection process is only considered fatal when defining a
new domain; in all other cases the error will be reported
during startup, as is already the case today.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Fri, 27 Jan 2023 16:48:43 +0000 (17:48 +0100)]
tests: Add descriptors for QCOW2 format firmware builds
Now that we ignore all firmwares that are not in raw format
while performing autoselection, we can have descriptors for
firmware builds in QCOW2 format without breaking anything.
Note that the descriptors are arranged so that they have the
highest priority on aarch64, but the lowest one on x86_64.
This matches the expectation that QCOW2 will quickly be
adopted as the default on aarch64, where its use produces
significant benefits in terms of memory usage, while x86_64
will likely stick with raw for the foreseeable future.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Fri, 27 Jan 2023 16:39:25 +0000 (17:39 +0100)]
qemu: Don't pick firmware with unsupported format
Right now, if the descriptor with the highest priority happens
to describe a firmware in a format other than raw, no domain
that uses autoselection will be able to start.
A better approach is to filter out descriptors that advertise
unsupported formats during autoselection.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Fri, 27 Jan 2023 16:22:24 +0000 (17:22 +0100)]
qemu: Don't pick firmware that requires SMM when smm=off
At the moment, if SMM is explicitly disabled in the domain XML
but a firmware descriptor that requires SMM to be enabled has
the highest priority and otherwise matches the requirements,
we pick that firmware only to error out later, when the domain
is started.
A better approach is to take into account the fact that SMM is
disabled while performing autoselection, and ignore all
descriptors that advertise the requires-smm feature.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Tue, 24 Jan 2023 18:38:37 +0000 (19:38 +0100)]
qemu: Clear os.firmwareFeatures after autoselection
We already clear os.firmware, so it doesn't make sense to keep
the list of features around.
Moreover, our validation routines will reject an XML that
contains a list of firmware features but disables firmware
autoselection, so not clearing these means that the live XML
for a domain that uses feature-based autoselection can't be
fed back into libvirt.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
We already handle the <nvram> element in a separate helper,
which is cleaner than having all the logic in the top-level
virDomainLoaderDefParseXML() function.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Fri, 10 Feb 2023 16:40:29 +0000 (17:40 +0100)]
tests: Add more firmware tests
These cover scenarios such as using the new, more verbose
format of the <nvram> element to point to a local path, mixing
firmware autoselection with non-local NVRAM files, and
explicitly disabling SMM when using firmware autoselection.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Most of the differences, such as those in the domain name or
amount of memory, are fairly harmless, but they still make it
more cumbersome than necessary to directly compare different
input (and output) files.
More importantly, the use of unversioned machine types in some
of the test cases results in the descriptor-based autoselection
logic being effectively skipped, because the compatible machine
types as listed in them are only the versioned variants.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Michal Privoznik [Mon, 13 Feb 2023 11:35:28 +0000 (12:35 +0100)]
qemu: Let virCommand module translate exitstatus
When starting (some) external helpers, callers of
qemuSecurityCommandRun() pass &exitstatus variable, to learn the
exit code of helper process (with qemuTPMEmulatorStart() being
the only exception). Then, if the status wasn't zero they produce
a generic error message, like:
"Starting of helper process failed. exitstatus=%d"
or, in case of qemuPasstStart():
"Could not start 'passt': %s"
This is needless as virCommandRun() (that's called under the
hood), can do both for us, if NULL was passed instead of
@exitstatus. Not only it appends exit status, it also reads
stderr of failed command producing comprehensive error message:
Child process (${args}) unexpected exit status ${exitstatus}: ${stderr}
Therefore, pass NULL everywhere. But in contrast with one of
previous commits which removed @cmdret argument, there could be a
sensible caller which might want to process exit code. So keep
the argument for now and just pass NULL.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Mon, 13 Feb 2023 11:27:49 +0000 (12:27 +0100)]
qemu: Drop @cmdret argument from qemuSecurityCommandRun()
Every single caller of qemuSecurityCommandRun() calls the
function as:
if (qemuSecurityCommandRun(..., &cmdret) < 0)
goto cleanup;
if (cmdret < 0)
goto cleanup;
(modulo @exitstatus shenanigans)
Well, there's no need for such complication. There isn't a single
caller (and probably will never be (TM)), that would need to
distinguish the reason for the failure. Therefore,
qemuSecurityCommandRun() can be made to pass the retval of
virCommandRun() called under the hood.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
The only problem with this pattern is that if virCommandRun()
fails (i.e. cmdret < 0), then proper error was already reported.
But in this pattern we overwrite it (usually with less specific)
error.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Mon, 20 Feb 2023 09:49:34 +0000 (10:49 +0100)]
qemu_slirp: Don't set errfd when starting slirp helper
Way back, in v6.2.0-rc1~67 we removed the code that reads slirp's
stderr on failed startup. However, we forgot to remove
corresponding virCommandSetErrorFD() call and variable
declaration. Do that now.
While this may seem like a step in wrong direction (we should be
reading stderr as it may contain reason for failed start), this
is going to be handled in more general way in next commits.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Jim Fehlig [Thu, 23 Feb 2023 18:02:46 +0000 (11:02 -0700)]
security: Add support for SUSE edk2 firmware paths
SUSE installs edk2 firmwares for both x86_64 and aarch64 in /usr/share/qemu.
Add support for this path in virt-aa-helper and allow locking files within
the path in the libvirt qemu abstraction.
Signed-off-by: Jim Fehlig <jfehlig@suse.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Peter Krempa [Wed, 1 Mar 2023 16:09:42 +0000 (17:09 +0100)]
qemu: domain: Fix logic when tainting domain
Originally the code was skipping all repeated taints with the same taint
flag but a logic bug introduced in commit 30626ed15b239c424ae inverted
the condition. This caused that actually the first occurence was NOT
logged but any subsequent was.
This was noticed when going through oVirt logs as they use custom guest
agent commands and the logs are totally spammed with this message.
Fixes: 30626ed15b239c424ae891f096057a696eadd715 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
Peter Krempa [Wed, 1 Mar 2023 15:51:42 +0000 (16:51 +0100)]
qemu: agent: Make fetching of 'can-offline' member from 'guest-query-vcpus' optional
The 'can-offline' member is optional according to agent's schema and in
fact in certain cases it's not returned. Libvirt then spams the logs
if something is polling the bulk guest stats API.
Noticed when going through oVirt logs which appears to call the bulk
stats API repeatedly.
Instead of requiring it we simply reply that the vCPU can't be offlined.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
Peter Krempa [Mon, 27 Feb 2023 11:34:47 +0000 (12:34 +0100)]
ci: Regenerate gitlab CI config with latest lcitool
The latest 'lcitool' now generates the CI config in a way which
allows users to kick off pipelines with the upstream projects container
environment rather than building a throwaway updated environment each
time and enables a gitlab feature to time individual script lines.
Pull it into libvirt.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Michal Privoznik [Mon, 27 Feb 2023 09:58:27 +0000 (10:58 +0100)]
qemu_monitor: Switch to virDomainMemoryModel enum in qemuMonitorJSONGetMemoryDeviceInfo()
When processing memory devices (as a reply from QEMU), a bunch of
STREQ()-s is used. Fortunately, the set of strings we process is
the same as virDomainMemoryModel enum. Therefore, we can use
virDomainMemoryModelTypeFromString() and then use integer
comparison (well, switch()). This has an upside: introducing a
new memory model lets us see what places need adjusting
immediately at compile time.
NB, this is in contrast with cmd line generator
(qemuBuildMemoryDeviceProps()), where more specific models are
generated (e.g. "pc-dimm", "virtio-mem-pci", etc.). But QEMU
reports back the parent model, instead of specific child
instance.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Kristina Hanicova <khanicov@redhat.com>
Peter Krempa [Mon, 27 Feb 2023 08:10:08 +0000 (09:10 +0100)]
kbase: virtiofs: Add a note that virtiofs is not migratable
Note that certain operations will not work.
Resolves: https://gitlab.com/libvirt/libvirt/-/issues/452 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Laine Stump [Mon, 27 Feb 2023 18:01:57 +0000 (13:01 -0500)]
NEWS: note new passt feature & bugfix for 9.1.0 release
This also adds a sentence pointing out that SELinux must be disabled
in order for passt support to work. I didn't think to put that info in
the NEWS file last month when reporting the addition of passt support.
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Michal Privoznik [Mon, 27 Feb 2023 09:23:12 +0000 (10:23 +0100)]
qemu: Don't error out on 'unknown' memory model in qemuMonitorJSONGetMemoryDeviceInfo()
When starting QEMU (or when reconnecting to a running one),
qemuMonitorJSONGetMemoryDeviceInfo() is called to refresh info on
memory devices. In here, query-memory-devices is called which
returns info on all memory devices. The result is then iterated
over and for some memory models runtime information is updated.
The rest is to be ignored. Except, when introducing SGX support,
this was turned into an error leaving us unable to start any
domain with virtio-pmem memory device (as virtio-pmem is to be
ignored).
Fixes: ddb1bc051959eef4ad7ed6ac47b57056632bdb5e Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Kristina Hanicova <khanicov@redhat.com>
Laine Stump [Tue, 21 Feb 2023 06:16:04 +0000 (01:16 -0500)]
qemu: respond to NETDEV_STREAM_DISCONNECTED event
When a QEMU netdev is of type "stream", if the socket it uses for
connectivity to the host network gets closed, then QEMU will send a
NETDEV_STREAM_DISCONNECTED event. We know that any stream netdev we've
created is backed by a passt process, and if the socket was closed,
that means the passt process has disappeared.
When we receive this event, we can respond by starting a new passt
process with the same options (including socket path) we originally
used. If we have previously created the stream netdev device with a
"reconnect" option, then QEMU will automatically reconnect to this new
passt process. (If we hadn't used "reconnect", then QEMU will never
try to reconnect to the new passt process, so there's no point in
starting it.)
Note that NETDEV_STREAM_DISCONNECTED is an event sent for the netdev
(ie "host side") of the network device, and so it sends the
"netdev-id" to specify which device was disconnected. But libvirt's
virDomainNetDef (the object used to keep track of network devices) is
the internal representation of both the host-side "netdev", and the
guest side device, and virDomainNetDef doesn't directly keep track of
the netdev-id, only of the device's "alias" (which is the "id"
parameter of the *guest* side of the device). Fortunately, by convention
libvirt always names the host-side of devices as "host" + alias, so in
order to search for the affected NetDef, all we need to do is trim the
1st 4 characters from the netdev-id and look for the NetDef having
that resulting trimmed string as its alias. (Contrast this to
NIC_RX_FILTER_CHANGED, which is an event received for the guest side
of the device, and so directly contains the device alias.)
Resolves: https://bugzilla.redhat.com/2172098 Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Laine Stump [Mon, 20 Feb 2023 23:26:51 +0000 (18:26 -0500)]
qemu: add reconnect=5 to passt qemu commandline options when available
QEMU's "reconnect" option of "-netdev stream" tells QEMU to
periodically (period is given in seconds as an argument to the option)
attempt to reconnect to the same passt socket to which it had
originally connected to. This is useful in cases where the passt
process terminates, and libvirtd starts a new passt process in its
place (which doesn't happen yet, but will happen automatically after
an upcoming patch in this series).
Since there is no real hueristic for determining the "best" value of
the reconnect interval, rather than clutter up config with a knob that
nobody knows how to properly twiddle, we just set the reconnect timer
to 5 seconds.
"-netdev stream" first appeared in QEMU 7.2.0, but the reconnect
option won't be available until QEMU 8.0.0, so we need to check QEMU
capabilities just in case someone is using QEMU 7.2.0 (and thus can
support passt backend, but not reconnect)
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Laine Stump [Mon, 20 Feb 2023 20:14:23 +0000 (15:14 -0500)]
qemu: add check for QEMU_CAPS_NETDEV_STREAM during validation
In commit 5af6134e I had added a new capability that is true if QEMU
allows "-netdev stream", but somehow neglected to actually check it in
commit a56f0168d when hooking up passt support to qemu. This isn't
catastrophic, since QEMU itself will still report an error, but that
error isn't as easy to understand as a libvirt-generated error.
Fixes: a56f0168d576fa01cec204dc3c67d4d63ab8487f Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
projects / thirdparty / libvirt.git / log
