forked from rpms/libvirt
import libvirt-6.0.0-37.module+el8.5.0+12162+40884dd2
This commit is contained in:
parent
465fa4c5ff
commit
6fb1a96509
@ -0,0 +1,415 @@
|
|||||||
|
From 6f02748897062d40b411177ef752644505189a72 Mon Sep 17 00:00:00 2001
|
||||||
|
Message-Id: <6f02748897062d40b411177ef752644505189a72@dist-git>
|
||||||
|
From: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Date: Fri, 21 May 2021 14:16:11 +0200
|
||||||
|
Subject: [PATCH] conf: introduce support for firmware auto-selection feature
|
||||||
|
filtering
|
||||||
|
|
||||||
|
When the firmware auto-selection was introduced it always picked first
|
||||||
|
usable firmware based on the JSON descriptions on the host. It is
|
||||||
|
possible to add/remove/change the JSON files but it will always be for
|
||||||
|
the whole host.
|
||||||
|
|
||||||
|
This patch introduces support for configuring the auto-selection per VM
|
||||||
|
by adding users an option to limit what features they would like to have
|
||||||
|
available in the firmware.
|
||||||
|
|
||||||
|
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
|
||||||
|
(cherry picked from commit cff524af6c5e1ddc11149394ed7f985242ebea0f)
|
||||||
|
|
||||||
|
Conflicts:
|
||||||
|
docs/formatdomain.rst
|
||||||
|
- we still have formatdomain.html.in in downstream
|
||||||
|
src/conf/domain_conf.c
|
||||||
|
- missing following upstream commits:
|
||||||
|
0280fc72708b9d0f162a808bcc8d78137a68d58d
|
||||||
|
104dadcff6023da676df3905d1ed8688aea15e86
|
||||||
|
2d5f7a49ae0780143566932ab38215433982c89f
|
||||||
|
|
||||||
|
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1929357
|
||||||
|
|
||||||
|
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Message-Id: <631e05bc5363abb3e48d8b652a806324801cce16.1621599207.git.phrdina@redhat.com>
|
||||||
|
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
|
||||||
|
---
|
||||||
|
docs/formatdomain.html.in | 58 +++++++++++++
|
||||||
|
docs/schemas/domaincommon.rng | 23 +++++
|
||||||
|
src/conf/domain_conf.c | 83 ++++++++++++++++++-
|
||||||
|
src/conf/domain_conf.h | 10 +++
|
||||||
|
...os-firmware-invalid-type.x86_64-latest.err | 1 +
|
||||||
|
.../os-firmware-invalid-type.xml | 28 +++++++
|
||||||
|
tests/qemuxml2argvtest.c | 1 +
|
||||||
|
...aarch64-os-firmware-efi.aarch64-latest.xml | 1 +
|
||||||
|
.../os-firmware-bios.x86_64-latest.xml | 1 +
|
||||||
|
.../os-firmware-efi-secboot.x86_64-latest.xml | 1 +
|
||||||
|
.../os-firmware-efi.x86_64-latest.xml | 1 +
|
||||||
|
tests/vmx2xmldata/vmx2xml-firmware-efi.xml | 1 +
|
||||||
|
12 files changed, 206 insertions(+), 3 deletions(-)
|
||||||
|
create mode 100644 tests/qemuxml2argvdata/os-firmware-invalid-type.x86_64-latest.err
|
||||||
|
create mode 100644 tests/qemuxml2argvdata/os-firmware-invalid-type.xml
|
||||||
|
|
||||||
|
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
|
||||||
|
index a40bed347b..11f31618af 100644
|
||||||
|
--- a/docs/formatdomain.html.in
|
||||||
|
+++ b/docs/formatdomain.html.in
|
||||||
|
@@ -180,6 +180,64 @@
|
||||||
|
<code>ESX</code> and <code>VMWare</code> hypervisor drivers, however,
|
||||||
|
the <code>i686</code> arch will always be chosen even on an
|
||||||
|
<code>x86_64</code> host. <span class="since">Since 0.0.1</span></dd>
|
||||||
|
+ <dt><a id="elementFirmware"><code>firmware</code></a></dt>
|
||||||
|
+ <dd>
|
||||||
|
+ <p><span class="since">Since 7.2.0 QEMU/KVM only</span></p>
|
||||||
|
+ <p>
|
||||||
|
+ When used together with <code>firmware</code> attribute of
|
||||||
|
+ <code>os</code> element the <code>type</code> attribute must
|
||||||
|
+ have the same value.
|
||||||
|
+ </p>
|
||||||
|
+ <p>
|
||||||
|
+ List of mandatory attributes:
|
||||||
|
+ <ul>
|
||||||
|
+ <li>
|
||||||
|
+ <code>type</code> (accepted values are <code>bios</code>
|
||||||
|
+ and <code>efi</code>) same as the <code>firmware</code>
|
||||||
|
+ attribute of <code>os</code> element.
|
||||||
|
+ </li>
|
||||||
|
+ </ul>
|
||||||
|
+ </p>
|
||||||
|
+ <p>
|
||||||
|
+ When using firmware auto-selection there are different features
|
||||||
|
+ enabled in the firmwares. The list of features can be used to
|
||||||
|
+ limit what firmware should be automatically selected for the VM.
|
||||||
|
+ The list of features can be specified using zero or more
|
||||||
|
+ <code>feature</code> elements. Libvirt will take into consideration
|
||||||
|
+ only the listed features and ignore the rest when selecting the firmware.
|
||||||
|
+
|
||||||
|
+ <dl>
|
||||||
|
+ <dt><code>feature</code></dt>
|
||||||
|
+ <dd>
|
||||||
|
+ The list of mandatory attributes:
|
||||||
|
+
|
||||||
|
+ <ul>
|
||||||
|
+ <li>
|
||||||
|
+ <code>enabled</code> (accepted values are <code>yes</code>
|
||||||
|
+ and <code>no</code>) is used to tell libvirt if the feature
|
||||||
|
+ must be enabled or not in the automatically selected firmware
|
||||||
|
+ </li>
|
||||||
|
+ <li>
|
||||||
|
+ <code>name</code> the name of the feature, the list of the features:
|
||||||
|
+ <ul>
|
||||||
|
+ <li>
|
||||||
|
+ <code>enrolled-keys</code> whether the selected nvram template
|
||||||
|
+ has default certificate enrolled. Firmware with Secure Boot
|
||||||
|
+ feature but without enrolled keys will successfully boot
|
||||||
|
+ non-signed binaries as well. Valid only for firmwares with
|
||||||
|
+ Secure Boot feature.
|
||||||
|
+ </li>
|
||||||
|
+ <li>
|
||||||
|
+ <code>secure-boot</code> whether the firmware implements
|
||||||
|
+ UEFI Secure boot feature.
|
||||||
|
+ </li>
|
||||||
|
+ </ul>
|
||||||
|
+ </li>
|
||||||
|
+ </ul>
|
||||||
|
+ </dd>
|
||||||
|
+ </dl>
|
||||||
|
+ </p>
|
||||||
|
+ </dd>
|
||||||
|
<dt><a id="elementLoader"><code>loader</code></a></dt>
|
||||||
|
<dd>The optional <code>loader</code> tag refers to a firmware blob,
|
||||||
|
which is specified by absolute path,
|
||||||
|
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
|
||||||
|
index 6671ef3dfa..b7f6a6b494 100644
|
||||||
|
--- a/docs/schemas/domaincommon.rng
|
||||||
|
+++ b/docs/schemas/domaincommon.rng
|
||||||
|
@@ -268,6 +268,29 @@
|
||||||
|
</attribute>
|
||||||
|
</optional>
|
||||||
|
<ref name="ostypehvm"/>
|
||||||
|
+ <optional>
|
||||||
|
+ <element name="firmware">
|
||||||
|
+ <attribute name="type">
|
||||||
|
+ <choice>
|
||||||
|
+ <value>bios</value>
|
||||||
|
+ <value>efi</value>
|
||||||
|
+ </choice>
|
||||||
|
+ </attribute>
|
||||||
|
+ <zeroOrMore>
|
||||||
|
+ <element name="feature">
|
||||||
|
+ <attribute name="enabled">
|
||||||
|
+ <ref name="virYesNo"/>
|
||||||
|
+ </attribute>
|
||||||
|
+ <attribute name="name">
|
||||||
|
+ <choice>
|
||||||
|
+ <value>enrolled-keys</value>
|
||||||
|
+ <value>secure-boot</value>
|
||||||
|
+ </choice>
|
||||||
|
+ </attribute>
|
||||||
|
+ </element>
|
||||||
|
+ </zeroOrMore>
|
||||||
|
+ </element>
|
||||||
|
+ </optional>
|
||||||
|
<optional>
|
||||||
|
<element name="loader">
|
||||||
|
<optional>
|
||||||
|
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
|
||||||
|
index 93a78f8277..28c8d0ecbd 100644
|
||||||
|
--- a/src/conf/domain_conf.c
|
||||||
|
+++ b/src/conf/domain_conf.c
|
||||||
|
@@ -1240,6 +1240,12 @@ VIR_ENUM_IMPL(virDomainOsDefFirmware,
|
||||||
|
"efi",
|
||||||
|
);
|
||||||
|
|
||||||
|
+VIR_ENUM_IMPL(virDomainOsDefFirmwareFeature,
|
||||||
|
+ VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_LAST,
|
||||||
|
+ "enrolled-keys",
|
||||||
|
+ "secure-boot",
|
||||||
|
+);
|
||||||
|
+
|
||||||
|
/* Internal mapping: subset of block job types that can be present in
|
||||||
|
* <mirror> XML (remaining types are not two-phase). */
|
||||||
|
VIR_ENUM_DECL(virDomainBlockJob);
|
||||||
|
@@ -19382,22 +19388,67 @@ virDomainDefParseBootFirmwareOptions(virDomainDefPtr def,
|
||||||
|
xmlXPathContextPtr ctxt)
|
||||||
|
{
|
||||||
|
g_autofree char *firmware = virXPathString("string(./os/@firmware)", ctxt);
|
||||||
|
+ g_autofree char *type = virXPathString("string(./os/firmware/@type)", ctxt);
|
||||||
|
+ g_autofree xmlNodePtr *nodes = NULL;
|
||||||
|
+ g_autofree int *features = NULL;
|
||||||
|
int fw = 0;
|
||||||
|
+ int n = 0;
|
||||||
|
+ size_t i;
|
||||||
|
|
||||||
|
- if (!firmware)
|
||||||
|
+ if (!firmware && !type)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
- fw = virDomainOsDefFirmwareTypeFromString(firmware);
|
||||||
|
+ if (firmware && type && STRNEQ(firmware, type)) {
|
||||||
|
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
||||||
|
+ _("firmware attribute and firmware type has to be the same"));
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (!type)
|
||||||
|
+ type = g_steal_pointer(&firmware);
|
||||||
|
+
|
||||||
|
+ fw = virDomainOsDefFirmwareTypeFromString(type);
|
||||||
|
|
||||||
|
if (fw <= 0) {
|
||||||
|
virReportError(VIR_ERR_XML_ERROR,
|
||||||
|
_("unknown firmware value %s"),
|
||||||
|
- firmware);
|
||||||
|
+ type);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
def->os.firmware = fw;
|
||||||
|
|
||||||
|
+ if ((n = virXPathNodeSet("./os/firmware/feature", ctxt, &nodes)) < 0)
|
||||||
|
+ return -1;
|
||||||
|
+
|
||||||
|
+ if (n > 0)
|
||||||
|
+ features = g_new0(int, VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_LAST);
|
||||||
|
+
|
||||||
|
+ for (i = 0; i < n; i++) {
|
||||||
|
+ g_autofree char *name = virXMLPropString(nodes[i], "name");
|
||||||
|
+ g_autofree char *enabled = virXMLPropString(nodes[i], "enabled");
|
||||||
|
+ int feature = virDomainOsDefFirmwareFeatureTypeFromString(name);
|
||||||
|
+ int val = virTristateBoolTypeFromString(enabled);
|
||||||
|
+
|
||||||
|
+ if (feature < 0) {
|
||||||
|
+ virReportError(VIR_ERR_XML_ERROR,
|
||||||
|
+ _("invalid firmware feature name '%s'"),
|
||||||
|
+ name);
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (val < 0) {
|
||||||
|
+ virReportError(VIR_ERR_XML_ERROR,
|
||||||
|
+ _("invalid firmware feature enabled value '%s'"),
|
||||||
|
+ enabled);
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ features[feature] = val;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ def->os.firmwareFeatures = g_steal_pointer(&features);
|
||||||
|
+
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -28987,6 +29038,32 @@ virDomainDefFormatInternalSetRootName(virDomainDefPtr def,
|
||||||
|
virBufferAsprintf(buf, ">%s</type>\n",
|
||||||
|
virDomainOSTypeToString(def->os.type));
|
||||||
|
|
||||||
|
+ if (def->os.firmware) {
|
||||||
|
+ virBufferAsprintf(buf, "<firmware type='%s'",
|
||||||
|
+ virDomainOsDefFirmwareTypeToString(def->os.firmware));
|
||||||
|
+
|
||||||
|
+ if (def->os.firmwareFeatures) {
|
||||||
|
+ virBufferAddLit(buf, ">\n");
|
||||||
|
+
|
||||||
|
+ virBufferAdjustIndent(buf, 2);
|
||||||
|
+
|
||||||
|
+ for (i = 0; i < VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_LAST; i++) {
|
||||||
|
+ if (def->os.firmwareFeatures[i] == VIR_TRISTATE_BOOL_ABSENT)
|
||||||
|
+ continue;
|
||||||
|
+
|
||||||
|
+ virBufferAsprintf(buf, "<feature enabled='%s' name='%s'/>\n",
|
||||||
|
+ virTristateBoolTypeToString(def->os.firmwareFeatures[i]),
|
||||||
|
+ virDomainOsDefFirmwareFeatureTypeToString(i));
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ virBufferAdjustIndent(buf, -2);
|
||||||
|
+
|
||||||
|
+ virBufferAddLit(buf, "</firmware>\n");
|
||||||
|
+ } else {
|
||||||
|
+ virBufferAddLit(buf, "/>\n");
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
virBufferEscapeString(buf, "<init>%s</init>\n",
|
||||||
|
def->os.init);
|
||||||
|
for (i = 0; def->os.initargv && def->os.initargv[i]; i++)
|
||||||
|
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
|
||||||
|
index 3aed1fb22a..1ad77ecac6 100644
|
||||||
|
--- a/src/conf/domain_conf.h
|
||||||
|
+++ b/src/conf/domain_conf.h
|
||||||
|
@@ -1967,9 +1967,19 @@ G_STATIC_ASSERT((int)VIR_DOMAIN_OS_DEF_FIRMWARE_LAST == (int)VIR_DOMAIN_LOADER_T
|
||||||
|
|
||||||
|
VIR_ENUM_DECL(virDomainOsDefFirmware);
|
||||||
|
|
||||||
|
+typedef enum {
|
||||||
|
+ VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_ENROLLED_KEYS,
|
||||||
|
+ VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_SECURE_BOOT,
|
||||||
|
+
|
||||||
|
+ VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_LAST
|
||||||
|
+} virDomainOsDefFirmwareFeature;
|
||||||
|
+
|
||||||
|
+VIR_ENUM_DECL(virDomainOsDefFirmwareFeature);
|
||||||
|
+
|
||||||
|
struct _virDomainOSDef {
|
||||||
|
int type;
|
||||||
|
virDomainOsDefFirmware firmware;
|
||||||
|
+ int *firmwareFeatures;
|
||||||
|
virArch arch;
|
||||||
|
char *machine;
|
||||||
|
size_t nBootDevs;
|
||||||
|
diff --git a/tests/qemuxml2argvdata/os-firmware-invalid-type.x86_64-latest.err b/tests/qemuxml2argvdata/os-firmware-invalid-type.x86_64-latest.err
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..c8174b1c8b
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/qemuxml2argvdata/os-firmware-invalid-type.x86_64-latest.err
|
||||||
|
@@ -0,0 +1 @@
|
||||||
|
+unsupported configuration: firmware attribute and firmware type has to be the same
|
||||||
|
diff --git a/tests/qemuxml2argvdata/os-firmware-invalid-type.xml b/tests/qemuxml2argvdata/os-firmware-invalid-type.xml
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..41360df0f7
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/qemuxml2argvdata/os-firmware-invalid-type.xml
|
||||||
|
@@ -0,0 +1,28 @@
|
||||||
|
+<domain type='kvm'>
|
||||||
|
+ <name>fedora</name>
|
||||||
|
+ <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
|
||||||
|
+ <memory unit='KiB'>8192</memory>
|
||||||
|
+ <currentMemory unit='KiB'>8192</currentMemory>
|
||||||
|
+ <vcpu placement='static'>1</vcpu>
|
||||||
|
+ <os firmware='efi'>
|
||||||
|
+ <type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
|
||||||
|
+ <firmware type='bios'/>
|
||||||
|
+ <loader secure='no'/>
|
||||||
|
+ <nvram>/var/lib/libvirt/qemu/nvram/fedora_VARS.fd</nvram>
|
||||||
|
+ <boot dev='hd'/>
|
||||||
|
+ <bootmenu enable='yes'/>
|
||||||
|
+ </os>
|
||||||
|
+ <features>
|
||||||
|
+ <acpi/>
|
||||||
|
+ <apic/>
|
||||||
|
+ <pae/>
|
||||||
|
+ </features>
|
||||||
|
+ <clock offset='utc'/>
|
||||||
|
+ <on_poweroff>destroy</on_poweroff>
|
||||||
|
+ <on_reboot>restart</on_reboot>
|
||||||
|
+ <on_crash>restart</on_crash>
|
||||||
|
+ <devices>
|
||||||
|
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
|
||||||
|
+ <memballoon model='none'/>
|
||||||
|
+ </devices>
|
||||||
|
+</domain>
|
||||||
|
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
|
||||||
|
index a22e3ba157..bc04bea692 100644
|
||||||
|
--- a/tests/qemuxml2argvtest.c
|
||||||
|
+++ b/tests/qemuxml2argvtest.c
|
||||||
|
@@ -3094,6 +3094,7 @@ mymain(void)
|
||||||
|
DO_TEST_CAPS_LATEST("os-firmware-bios");
|
||||||
|
DO_TEST_CAPS_LATEST("os-firmware-efi");
|
||||||
|
DO_TEST_CAPS_LATEST("os-firmware-efi-secboot");
|
||||||
|
+ DO_TEST_CAPS_LATEST_PARSE_ERROR("os-firmware-invalid-type");
|
||||||
|
DO_TEST_CAPS_ARCH_LATEST("aarch64-os-firmware-efi", "aarch64");
|
||||||
|
|
||||||
|
DO_TEST_CAPS_LATEST("vhost-user-vga");
|
||||||
|
diff --git a/tests/qemuxml2xmloutdata/aarch64-os-firmware-efi.aarch64-latest.xml b/tests/qemuxml2xmloutdata/aarch64-os-firmware-efi.aarch64-latest.xml
|
||||||
|
index 1e51d55305..3cac8fc5c6 100644
|
||||||
|
--- a/tests/qemuxml2xmloutdata/aarch64-os-firmware-efi.aarch64-latest.xml
|
||||||
|
+++ b/tests/qemuxml2xmloutdata/aarch64-os-firmware-efi.aarch64-latest.xml
|
||||||
|
@@ -6,6 +6,7 @@
|
||||||
|
<vcpu placement='static'>1</vcpu>
|
||||||
|
<os firmware='efi'>
|
||||||
|
<type arch='aarch64' machine='virt-4.0'>hvm</type>
|
||||||
|
+ <firmware type='efi'/>
|
||||||
|
<kernel>/aarch64.kernel</kernel>
|
||||||
|
<initrd>/aarch64.initrd</initrd>
|
||||||
|
<cmdline>earlyprintk console=ttyAMA0,115200n8 rw root=/dev/vda rootwait</cmdline>
|
||||||
|
diff --git a/tests/qemuxml2xmloutdata/os-firmware-bios.x86_64-latest.xml b/tests/qemuxml2xmloutdata/os-firmware-bios.x86_64-latest.xml
|
||||||
|
index 60d3498765..ef24f2fece 100644
|
||||||
|
--- a/tests/qemuxml2xmloutdata/os-firmware-bios.x86_64-latest.xml
|
||||||
|
+++ b/tests/qemuxml2xmloutdata/os-firmware-bios.x86_64-latest.xml
|
||||||
|
@@ -6,6 +6,7 @@
|
||||||
|
<vcpu placement='static'>1</vcpu>
|
||||||
|
<os firmware='bios'>
|
||||||
|
<type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
|
||||||
|
+ <firmware type='bios'/>
|
||||||
|
<loader secure='no'/>
|
||||||
|
<nvram>/var/lib/libvirt/qemu/nvram/fedora_VARS.fd</nvram>
|
||||||
|
<boot dev='hd'/>
|
||||||
|
diff --git a/tests/qemuxml2xmloutdata/os-firmware-efi-secboot.x86_64-latest.xml b/tests/qemuxml2xmloutdata/os-firmware-efi-secboot.x86_64-latest.xml
|
||||||
|
index 938da73711..3757191e8e 100644
|
||||||
|
--- a/tests/qemuxml2xmloutdata/os-firmware-efi-secboot.x86_64-latest.xml
|
||||||
|
+++ b/tests/qemuxml2xmloutdata/os-firmware-efi-secboot.x86_64-latest.xml
|
||||||
|
@@ -6,6 +6,7 @@
|
||||||
|
<vcpu placement='static'>1</vcpu>
|
||||||
|
<os firmware='efi'>
|
||||||
|
<type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
|
||||||
|
+ <firmware type='efi'/>
|
||||||
|
<loader secure='yes'/>
|
||||||
|
<nvram>/var/lib/libvirt/qemu/nvram/fedora_VARS.fd</nvram>
|
||||||
|
<boot dev='hd'/>
|
||||||
|
diff --git a/tests/qemuxml2xmloutdata/os-firmware-efi.x86_64-latest.xml b/tests/qemuxml2xmloutdata/os-firmware-efi.x86_64-latest.xml
|
||||||
|
index 97ce8a75c7..f2e6b7f36d 100644
|
||||||
|
--- a/tests/qemuxml2xmloutdata/os-firmware-efi.x86_64-latest.xml
|
||||||
|
+++ b/tests/qemuxml2xmloutdata/os-firmware-efi.x86_64-latest.xml
|
||||||
|
@@ -6,6 +6,7 @@
|
||||||
|
<vcpu placement='static'>1</vcpu>
|
||||||
|
<os firmware='efi'>
|
||||||
|
<type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
|
||||||
|
+ <firmware type='efi'/>
|
||||||
|
<loader secure='no'/>
|
||||||
|
<nvram>/var/lib/libvirt/qemu/nvram/fedora_VARS.fd</nvram>
|
||||||
|
<boot dev='hd'/>
|
||||||
|
diff --git a/tests/vmx2xmldata/vmx2xml-firmware-efi.xml b/tests/vmx2xmldata/vmx2xml-firmware-efi.xml
|
||||||
|
index e21158cebf..375c47d281 100644
|
||||||
|
--- a/tests/vmx2xmldata/vmx2xml-firmware-efi.xml
|
||||||
|
+++ b/tests/vmx2xmldata/vmx2xml-firmware-efi.xml
|
||||||
|
@@ -5,6 +5,7 @@
|
||||||
|
<vcpu placement='static'>1</vcpu>
|
||||||
|
<os firmware='efi'>
|
||||||
|
<type arch='i686'>hvm</type>
|
||||||
|
+ <firmware type='efi'/>
|
||||||
|
</os>
|
||||||
|
<clock offset='utc'/>
|
||||||
|
<on_poweroff>destroy</on_poweroff>
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -0,0 +1,124 @@
|
|||||||
|
From 7ba2905bfcab4dbe4a491ee8587dd4c9ef457c0b Mon Sep 17 00:00:00 2001
|
||||||
|
Message-Id: <7ba2905bfcab4dbe4a491ee8587dd4c9ef457c0b@dist-git>
|
||||||
|
From: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Date: Fri, 21 May 2021 14:16:09 +0200
|
||||||
|
Subject: [PATCH] conf: introduce virDomainDefParseBootAcpiOptions
|
||||||
|
|
||||||
|
Extract the code to it's own function.
|
||||||
|
|
||||||
|
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
|
||||||
|
(cherry picked from commit 108cb29c1c7eec7b9089dd431e0bdcd82a0b07f1)
|
||||||
|
|
||||||
|
Conflicts:
|
||||||
|
src/conf/domain_conf.c
|
||||||
|
- missing upstream commit d293a556d710754d8aa8d5caac0bb01a365fcbd8
|
||||||
|
|
||||||
|
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1929357
|
||||||
|
|
||||||
|
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Message-Id: <5fb7ee0165340ff517b3f7f16ddc542813ac385d.1621599207.git.phrdina@redhat.com>
|
||||||
|
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
|
||||||
|
---
|
||||||
|
src/conf/domain_conf.c | 71 ++++++++++++++++++++++++------------------
|
||||||
|
1 file changed, 41 insertions(+), 30 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
|
||||||
|
index 493700ed6b..f8d8d33245 100644
|
||||||
|
--- a/src/conf/domain_conf.c
|
||||||
|
+++ b/src/conf/domain_conf.c
|
||||||
|
@@ -19429,13 +19429,51 @@ virDomainDefParseBootLoaderOptions(virDomainDefPtr def,
|
||||||
|
|
||||||
|
|
||||||
|
static int
|
||||||
|
-virDomainDefParseBootOptions(virDomainDefPtr def,
|
||||||
|
- xmlXPathContextPtr ctxt)
|
||||||
|
+virDomainDefParseBootAcpiOptions(virDomainDefPtr def,
|
||||||
|
+ xmlXPathContextPtr ctxt)
|
||||||
|
{
|
||||||
|
int n;
|
||||||
|
g_autofree xmlNodePtr *nodes = NULL;
|
||||||
|
g_autofree char *tmp = NULL;
|
||||||
|
|
||||||
|
+ if ((n = virXPathNodeSet("./os/acpi/table", ctxt, &nodes)) < 0)
|
||||||
|
+ return -1;
|
||||||
|
+
|
||||||
|
+ if (n > 1) {
|
||||||
|
+ virReportError(VIR_ERR_XML_ERROR, "%s",
|
||||||
|
+ _("Only one acpi table is supported"));
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (n == 1) {
|
||||||
|
+ tmp = virXMLPropString(nodes[0], "type");
|
||||||
|
+
|
||||||
|
+ if (!tmp) {
|
||||||
|
+ virReportError(VIR_ERR_XML_ERROR, "%s",
|
||||||
|
+ _("Missing acpi table type"));
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (STREQ_NULLABLE(tmp, "slic")) {
|
||||||
|
+ VIR_FREE(tmp);
|
||||||
|
+ tmp = virXMLNodeContentString(nodes[0]);
|
||||||
|
+ def->os.slic_table = virFileSanitizePath(tmp);
|
||||||
|
+ } else {
|
||||||
|
+ virReportError(VIR_ERR_XML_ERROR,
|
||||||
|
+ _("Unknown acpi table type: %s"),
|
||||||
|
+ tmp);
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+static int
|
||||||
|
+virDomainDefParseBootOptions(virDomainDefPtr def,
|
||||||
|
+ xmlXPathContextPtr ctxt)
|
||||||
|
+{
|
||||||
|
/*
|
||||||
|
* Booting options for different OS types....
|
||||||
|
*
|
||||||
|
@@ -19467,36 +19505,9 @@ virDomainDefParseBootOptions(virDomainDefPtr def,
|
||||||
|
}
|
||||||
|
|
||||||
|
if (def->os.type == VIR_DOMAIN_OSTYPE_HVM) {
|
||||||
|
- if ((n = virXPathNodeSet("./os/acpi/table", ctxt, &nodes)) < 0)
|
||||||
|
+ if (virDomainDefParseBootAcpiOptions(def, ctxt) < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
- if (n > 1) {
|
||||||
|
- virReportError(VIR_ERR_XML_ERROR, "%s",
|
||||||
|
- _("Only one acpi table is supported"));
|
||||||
|
- return -1;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- if (n == 1) {
|
||||||
|
- tmp = virXMLPropString(nodes[0], "type");
|
||||||
|
-
|
||||||
|
- if (!tmp) {
|
||||||
|
- virReportError(VIR_ERR_XML_ERROR, "%s",
|
||||||
|
- _("Missing acpi table type"));
|
||||||
|
- return -1;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- if (STREQ_NULLABLE(tmp, "slic")) {
|
||||||
|
- VIR_FREE(tmp);
|
||||||
|
- tmp = virXMLNodeContentString(nodes[0]);
|
||||||
|
- def->os.slic_table = virFileSanitizePath(tmp);
|
||||||
|
- } else {
|
||||||
|
- virReportError(VIR_ERR_XML_ERROR,
|
||||||
|
- _("Unknown acpi table type: %s"),
|
||||||
|
- tmp);
|
||||||
|
- return -1;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
if (virDomainDefParseBootXML(ctxt, def) < 0)
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -0,0 +1,86 @@
|
|||||||
|
From 2a019bfa26e697c60893afd09fcc2f0c3218691b Mon Sep 17 00:00:00 2001
|
||||||
|
Message-Id: <2a019bfa26e697c60893afd09fcc2f0c3218691b@dist-git>
|
||||||
|
From: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Date: Fri, 21 May 2021 14:16:07 +0200
|
||||||
|
Subject: [PATCH] conf: introduce virDomainDefParseBootFirmwareOptions
|
||||||
|
|
||||||
|
Extract the code to it's own function.
|
||||||
|
|
||||||
|
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
|
||||||
|
(cherry picked from commit bcf97abfc6b45694f0d789ae2bdf87c8d082fddf)
|
||||||
|
|
||||||
|
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1929357
|
||||||
|
|
||||||
|
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Message-Id: <9a090d9f2a43b261ed1b6db608779a01a7594f4a.1621599207.git.phrdina@redhat.com>
|
||||||
|
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
|
||||||
|
---
|
||||||
|
src/conf/domain_conf.c | 39 +++++++++++++++++++++++++++------------
|
||||||
|
1 file changed, 27 insertions(+), 12 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
|
||||||
|
index 432ad938f9..bb484a57c6 100644
|
||||||
|
--- a/src/conf/domain_conf.c
|
||||||
|
+++ b/src/conf/domain_conf.c
|
||||||
|
@@ -19377,6 +19377,31 @@ virDomainDefParseBootKernelOptions(virDomainDefPtr def,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
+static int
|
||||||
|
+virDomainDefParseBootFirmwareOptions(virDomainDefPtr def,
|
||||||
|
+ xmlXPathContextPtr ctxt)
|
||||||
|
+{
|
||||||
|
+ g_autofree char *firmware = virXPathString("string(./os/@firmware)", ctxt);
|
||||||
|
+ int fw = 0;
|
||||||
|
+
|
||||||
|
+ if (!firmware)
|
||||||
|
+ return 0;
|
||||||
|
+
|
||||||
|
+ fw = virDomainOsDefFirmwareTypeFromString(firmware);
|
||||||
|
+
|
||||||
|
+ if (fw <= 0) {
|
||||||
|
+ virReportError(VIR_ERR_XML_ERROR,
|
||||||
|
+ _("unknown firmware value %s"),
|
||||||
|
+ firmware);
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ def->os.firmware = fw;
|
||||||
|
+
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
static int
|
||||||
|
virDomainDefParseBootOptions(virDomainDefPtr def,
|
||||||
|
xmlXPathContextPtr ctxt)
|
||||||
|
@@ -19403,23 +19428,13 @@ virDomainDefParseBootOptions(virDomainDefPtr def,
|
||||||
|
def->os.type == VIR_DOMAIN_OSTYPE_XENPVH ||
|
||||||
|
def->os.type == VIR_DOMAIN_OSTYPE_HVM ||
|
||||||
|
def->os.type == VIR_DOMAIN_OSTYPE_UML) {
|
||||||
|
- g_autofree char *firmware = NULL;
|
||||||
|
xmlNodePtr loader_node;
|
||||||
|
|
||||||
|
virDomainDefParseBootKernelOptions(def, ctxt);
|
||||||
|
|
||||||
|
- if (def->os.type == VIR_DOMAIN_OSTYPE_HVM &&
|
||||||
|
- (firmware = virXPathString("string(./os/@firmware)", ctxt))) {
|
||||||
|
- int fw = virDomainOsDefFirmwareTypeFromString(firmware);
|
||||||
|
-
|
||||||
|
- if (fw <= 0) {
|
||||||
|
- virReportError(VIR_ERR_XML_ERROR,
|
||||||
|
- _("unknown firmware value %s"),
|
||||||
|
- firmware);
|
||||||
|
+ if (def->os.type == VIR_DOMAIN_OSTYPE_HVM) {
|
||||||
|
+ if (virDomainDefParseBootFirmwareOptions(def, ctxt) < 0)
|
||||||
|
return -1;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- def->os.firmware = fw;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ((loader_node = virXPathNode("./os/loader[1]", ctxt))) {
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -0,0 +1,173 @@
|
|||||||
|
From adafaa880b67f1025c64515352e5e851daa62ae9 Mon Sep 17 00:00:00 2001
|
||||||
|
Message-Id: <adafaa880b67f1025c64515352e5e851daa62ae9@dist-git>
|
||||||
|
From: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Date: Fri, 21 May 2021 14:16:05 +0200
|
||||||
|
Subject: [PATCH] conf: introduce virDomainDefParseBootInitOptions
|
||||||
|
|
||||||
|
Extract the code to it's own function.
|
||||||
|
|
||||||
|
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
|
||||||
|
(cherry picked from commit b07116438c96fddfa00bdb57878a707240574b42)
|
||||||
|
|
||||||
|
Conflicts:
|
||||||
|
src/conf/domain_conf.c
|
||||||
|
- using VIR_ALLOC in downstream instead of g_new0
|
||||||
|
|
||||||
|
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1929357
|
||||||
|
|
||||||
|
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Message-Id: <cb7f11437bdbc14b0791645c39c963118d0f9806.1621599207.git.phrdina@redhat.com>
|
||||||
|
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
|
||||||
|
---
|
||||||
|
src/conf/domain_conf.c | 115 +++++++++++++++++++++++------------------
|
||||||
|
1 file changed, 64 insertions(+), 51 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
|
||||||
|
index 444657c9a1..9eb418c7c0 100644
|
||||||
|
--- a/src/conf/domain_conf.c
|
||||||
|
+++ b/src/conf/domain_conf.c
|
||||||
|
@@ -19302,76 +19302,89 @@ virDomainVcpuParse(virDomainDefPtr def,
|
||||||
|
|
||||||
|
|
||||||
|
static int
|
||||||
|
-virDomainDefParseBootOptions(virDomainDefPtr def,
|
||||||
|
- xmlXPathContextPtr ctxt)
|
||||||
|
+virDomainDefParseBootInitOptions(virDomainDefPtr def,
|
||||||
|
+ xmlXPathContextPtr ctxt)
|
||||||
|
{
|
||||||
|
char *name = NULL;
|
||||||
|
size_t i;
|
||||||
|
int n;
|
||||||
|
g_autofree xmlNodePtr *nodes = NULL;
|
||||||
|
- g_autofree char *tmp = NULL;
|
||||||
|
|
||||||
|
- /*
|
||||||
|
- * Booting options for different OS types....
|
||||||
|
- *
|
||||||
|
- * - A bootloader (and optional kernel+initrd) (xen)
|
||||||
|
- * - A kernel + initrd (xen)
|
||||||
|
- * - A boot device (and optional kernel+initrd) (hvm)
|
||||||
|
- * - An init script (exe)
|
||||||
|
- */
|
||||||
|
+ def->os.init = virXPathString("string(./os/init[1])", ctxt);
|
||||||
|
+ def->os.cmdline = virXPathString("string(./os/cmdline[1])", ctxt);
|
||||||
|
+ def->os.initdir = virXPathString("string(./os/initdir[1])", ctxt);
|
||||||
|
+ def->os.inituser = virXPathString("string(./os/inituser[1])", ctxt);
|
||||||
|
+ def->os.initgroup = virXPathString("string(./os/initgroup[1])", ctxt);
|
||||||
|
|
||||||
|
- if (def->os.type == VIR_DOMAIN_OSTYPE_EXE) {
|
||||||
|
- def->os.init = virXPathString("string(./os/init[1])", ctxt);
|
||||||
|
- def->os.cmdline = virXPathString("string(./os/cmdline[1])", ctxt);
|
||||||
|
- def->os.initdir = virXPathString("string(./os/initdir[1])", ctxt);
|
||||||
|
- def->os.inituser = virXPathString("string(./os/inituser[1])", ctxt);
|
||||||
|
- def->os.initgroup = virXPathString("string(./os/initgroup[1])", ctxt);
|
||||||
|
+ if ((n = virXPathNodeSet("./os/initarg", ctxt, &nodes)) < 0)
|
||||||
|
+ return -1;
|
||||||
|
|
||||||
|
- if ((n = virXPathNodeSet("./os/initarg", ctxt, &nodes)) < 0)
|
||||||
|
+ if (VIR_ALLOC_N(def->os.initargv, n+1) < 0)
|
||||||
|
+ return -1;
|
||||||
|
+ for (i = 0; i < n; i++) {
|
||||||
|
+ if (!nodes[i]->children ||
|
||||||
|
+ !nodes[i]->children->content) {
|
||||||
|
+ virReportError(VIR_ERR_XML_ERROR, "%s",
|
||||||
|
+ _("No data supplied for <initarg> element"));
|
||||||
|
return -1;
|
||||||
|
+ }
|
||||||
|
+ def->os.initargv[i] = g_strdup((const char *)nodes[i]->children->content);
|
||||||
|
+ }
|
||||||
|
+ def->os.initargv[n] = NULL;
|
||||||
|
+ VIR_FREE(nodes);
|
||||||
|
|
||||||
|
- if (VIR_ALLOC_N(def->os.initargv, n+1) < 0)
|
||||||
|
+ if ((n = virXPathNodeSet("./os/initenv", ctxt, &nodes)) < 0)
|
||||||
|
+ return -1;
|
||||||
|
+
|
||||||
|
+ if (VIR_ALLOC_N(def->os.initenv, n+1) < 0)
|
||||||
|
+ return -1;
|
||||||
|
+ for (i = 0; i < n; i++) {
|
||||||
|
+ if (!(name = virXMLPropString(nodes[i], "name"))) {
|
||||||
|
+ virReportError(VIR_ERR_XML_ERROR, "%s",
|
||||||
|
+ _("No name supplied for <initenv> element"));
|
||||||
|
return -1;
|
||||||
|
- for (i = 0; i < n; i++) {
|
||||||
|
- if (!nodes[i]->children ||
|
||||||
|
- !nodes[i]->children->content) {
|
||||||
|
- virReportError(VIR_ERR_XML_ERROR, "%s",
|
||||||
|
- _("No data supplied for <initarg> element"));
|
||||||
|
- return -1;
|
||||||
|
- }
|
||||||
|
- def->os.initargv[i] = g_strdup((const char *)nodes[i]->children->content);
|
||||||
|
}
|
||||||
|
- def->os.initargv[n] = NULL;
|
||||||
|
- VIR_FREE(nodes);
|
||||||
|
|
||||||
|
- if ((n = virXPathNodeSet("./os/initenv", ctxt, &nodes)) < 0)
|
||||||
|
+ if (!nodes[i]->children ||
|
||||||
|
+ !nodes[i]->children->content) {
|
||||||
|
+ virReportError(VIR_ERR_XML_ERROR,
|
||||||
|
+ _("No value supplied for <initenv name='%s'> element"),
|
||||||
|
+ name);
|
||||||
|
return -1;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- if (VIR_ALLOC_N(def->os.initenv, n+1) < 0)
|
||||||
|
+ if (VIR_ALLOC(def->os.initenv[i]) < 0)
|
||||||
|
return -1;
|
||||||
|
- for (i = 0; i < n; i++) {
|
||||||
|
- if (!(name = virXMLPropString(nodes[i], "name"))) {
|
||||||
|
- virReportError(VIR_ERR_XML_ERROR, "%s",
|
||||||
|
- _("No name supplied for <initenv> element"));
|
||||||
|
- return -1;
|
||||||
|
- }
|
||||||
|
|
||||||
|
- if (!nodes[i]->children ||
|
||||||
|
- !nodes[i]->children->content) {
|
||||||
|
- virReportError(VIR_ERR_XML_ERROR,
|
||||||
|
- _("No value supplied for <initenv name='%s'> element"),
|
||||||
|
- name);
|
||||||
|
- return -1;
|
||||||
|
- }
|
||||||
|
+ def->os.initenv[i]->name = name;
|
||||||
|
+ def->os.initenv[i]->value = g_strdup((const char *)nodes[i]->children->content);
|
||||||
|
+ }
|
||||||
|
+ def->os.initenv[n] = NULL;
|
||||||
|
|
||||||
|
- if (VIR_ALLOC(def->os.initenv[i]) < 0)
|
||||||
|
- return -1;
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
|
||||||
|
- def->os.initenv[i]->name = name;
|
||||||
|
- def->os.initenv[i]->value = g_strdup((const char *)nodes[i]->children->content);
|
||||||
|
- }
|
||||||
|
- def->os.initenv[n] = NULL;
|
||||||
|
- VIR_FREE(nodes);
|
||||||
|
+
|
||||||
|
+static int
|
||||||
|
+virDomainDefParseBootOptions(virDomainDefPtr def,
|
||||||
|
+ xmlXPathContextPtr ctxt)
|
||||||
|
+{
|
||||||
|
+ int n;
|
||||||
|
+ g_autofree xmlNodePtr *nodes = NULL;
|
||||||
|
+ g_autofree char *tmp = NULL;
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Booting options for different OS types....
|
||||||
|
+ *
|
||||||
|
+ * - A bootloader (and optional kernel+initrd) (xen)
|
||||||
|
+ * - A kernel + initrd (xen)
|
||||||
|
+ * - A boot device (and optional kernel+initrd) (hvm)
|
||||||
|
+ * - An init script (exe)
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+ if (def->os.type == VIR_DOMAIN_OSTYPE_EXE) {
|
||||||
|
+ if (virDomainDefParseBootInitOptions(def, ctxt) < 0)
|
||||||
|
+ return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (def->os.type == VIR_DOMAIN_OSTYPE_XEN ||
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -0,0 +1,60 @@
|
|||||||
|
From a62075772680bd30ced25d7177048ab26db8ea09 Mon Sep 17 00:00:00 2001
|
||||||
|
Message-Id: <a62075772680bd30ced25d7177048ab26db8ea09@dist-git>
|
||||||
|
From: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Date: Fri, 21 May 2021 14:16:06 +0200
|
||||||
|
Subject: [PATCH] conf: introduce virDomainDefParseBootKernelOptions
|
||||||
|
|
||||||
|
Extract the code to it's own function.
|
||||||
|
|
||||||
|
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
|
||||||
|
(cherry picked from commit bf9b3f8e573092cc98ea647f25cf116e22bbfe3c)
|
||||||
|
|
||||||
|
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1929357
|
||||||
|
|
||||||
|
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Message-Id: <936428a5fa6d4104361ac8080639a55111c14965.1621599207.git.phrdina@redhat.com>
|
||||||
|
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
|
||||||
|
---
|
||||||
|
src/conf/domain_conf.c | 18 +++++++++++++-----
|
||||||
|
1 file changed, 13 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
|
||||||
|
index 9eb418c7c0..432ad938f9 100644
|
||||||
|
--- a/src/conf/domain_conf.c
|
||||||
|
+++ b/src/conf/domain_conf.c
|
||||||
|
@@ -19365,6 +19365,18 @@ virDomainDefParseBootInitOptions(virDomainDefPtr def,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
+static void
|
||||||
|
+virDomainDefParseBootKernelOptions(virDomainDefPtr def,
|
||||||
|
+ xmlXPathContextPtr ctxt)
|
||||||
|
+{
|
||||||
|
+ def->os.kernel = virXPathString("string(./os/kernel[1])", ctxt);
|
||||||
|
+ def->os.initrd = virXPathString("string(./os/initrd[1])", ctxt);
|
||||||
|
+ def->os.cmdline = virXPathString("string(./os/cmdline[1])", ctxt);
|
||||||
|
+ def->os.dtb = virXPathString("string(./os/dtb[1])", ctxt);
|
||||||
|
+ def->os.root = virXPathString("string(./os/root[1])", ctxt);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
static int
|
||||||
|
virDomainDefParseBootOptions(virDomainDefPtr def,
|
||||||
|
xmlXPathContextPtr ctxt)
|
||||||
|
@@ -19394,11 +19406,7 @@ virDomainDefParseBootOptions(virDomainDefPtr def,
|
||||||
|
g_autofree char *firmware = NULL;
|
||||||
|
xmlNodePtr loader_node;
|
||||||
|
|
||||||
|
- def->os.kernel = virXPathString("string(./os/kernel[1])", ctxt);
|
||||||
|
- def->os.initrd = virXPathString("string(./os/initrd[1])", ctxt);
|
||||||
|
- def->os.cmdline = virXPathString("string(./os/cmdline[1])", ctxt);
|
||||||
|
- def->os.dtb = virXPathString("string(./os/dtb[1])", ctxt);
|
||||||
|
- def->os.root = virXPathString("string(./os/root[1])", ctxt);
|
||||||
|
+ virDomainDefParseBootKernelOptions(def, ctxt);
|
||||||
|
|
||||||
|
if (def->os.type == VIR_DOMAIN_OSTYPE_HVM &&
|
||||||
|
(firmware = virXPathString("string(./os/@firmware)", ctxt))) {
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -0,0 +1,97 @@
|
|||||||
|
From 6891ef941e693d86ebbab9e529e908dacf4a7dc6 Mon Sep 17 00:00:00 2001
|
||||||
|
Message-Id: <6891ef941e693d86ebbab9e529e908dacf4a7dc6@dist-git>
|
||||||
|
From: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Date: Fri, 21 May 2021 14:16:08 +0200
|
||||||
|
Subject: [PATCH] conf: introduce virDomainDefParseBootLoaderOptions
|
||||||
|
|
||||||
|
Extract the code to it's own function.
|
||||||
|
|
||||||
|
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
|
||||||
|
(cherry picked from commit b8dd70db4ee2f3a5edcbbeb8515830db9652cb59)
|
||||||
|
|
||||||
|
Conflicts:
|
||||||
|
src/conf/domain_conf.c
|
||||||
|
- using VIR_ALLOC in downstream instead of g_new0
|
||||||
|
|
||||||
|
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1929357
|
||||||
|
|
||||||
|
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Message-Id: <e9d0f563b055b415deb7718d33f7661a797a48f1.1621599207.git.phrdina@redhat.com>
|
||||||
|
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
|
||||||
|
---
|
||||||
|
src/conf/domain_conf.c | 44 +++++++++++++++++++++++++++---------------
|
||||||
|
1 file changed, 28 insertions(+), 16 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
|
||||||
|
index bb484a57c6..493700ed6b 100644
|
||||||
|
--- a/src/conf/domain_conf.c
|
||||||
|
+++ b/src/conf/domain_conf.c
|
||||||
|
@@ -19402,6 +19402,32 @@ virDomainDefParseBootFirmwareOptions(virDomainDefPtr def,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
+static int
|
||||||
|
+virDomainDefParseBootLoaderOptions(virDomainDefPtr def,
|
||||||
|
+ xmlXPathContextPtr ctxt)
|
||||||
|
+{
|
||||||
|
+ xmlNodePtr loader_node = virXPathNode("./os/loader[1]", ctxt);
|
||||||
|
+ const bool fwAutoSelect = def->os.firmware != VIR_DOMAIN_OS_DEF_FIRMWARE_NONE;
|
||||||
|
+
|
||||||
|
+ if (!loader_node)
|
||||||
|
+ return 0;
|
||||||
|
+
|
||||||
|
+ if (VIR_ALLOC(def->os.loader) < 0)
|
||||||
|
+ return -1;
|
||||||
|
+
|
||||||
|
+ if (virDomainLoaderDefParseXML(loader_node,
|
||||||
|
+ def->os.loader,
|
||||||
|
+ fwAutoSelect) < 0)
|
||||||
|
+ return -1;
|
||||||
|
+
|
||||||
|
+ def->os.loader->nvram = virXPathString("string(./os/nvram[1])", ctxt);
|
||||||
|
+ if (!fwAutoSelect)
|
||||||
|
+ def->os.loader->templt = virXPathString("string(./os/nvram[1]/@template)", ctxt);
|
||||||
|
+
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
static int
|
||||||
|
virDomainDefParseBootOptions(virDomainDefPtr def,
|
||||||
|
xmlXPathContextPtr ctxt)
|
||||||
|
@@ -19428,7 +19454,6 @@ virDomainDefParseBootOptions(virDomainDefPtr def,
|
||||||
|
def->os.type == VIR_DOMAIN_OSTYPE_XENPVH ||
|
||||||
|
def->os.type == VIR_DOMAIN_OSTYPE_HVM ||
|
||||||
|
def->os.type == VIR_DOMAIN_OSTYPE_UML) {
|
||||||
|
- xmlNodePtr loader_node;
|
||||||
|
|
||||||
|
virDomainDefParseBootKernelOptions(def, ctxt);
|
||||||
|
|
||||||
|
@@ -19437,21 +19462,8 @@ virDomainDefParseBootOptions(virDomainDefPtr def,
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if ((loader_node = virXPathNode("./os/loader[1]", ctxt))) {
|
||||||
|
- const bool fwAutoSelect = def->os.firmware != VIR_DOMAIN_OS_DEF_FIRMWARE_NONE;
|
||||||
|
-
|
||||||
|
- if (VIR_ALLOC(def->os.loader) < 0)
|
||||||
|
- return -1;
|
||||||
|
-
|
||||||
|
- if (virDomainLoaderDefParseXML(loader_node,
|
||||||
|
- def->os.loader,
|
||||||
|
- fwAutoSelect) < 0)
|
||||||
|
- return -1;
|
||||||
|
-
|
||||||
|
- def->os.loader->nvram = virXPathString("string(./os/nvram[1])", ctxt);
|
||||||
|
- if (!fwAutoSelect)
|
||||||
|
- def->os.loader->templt = virXPathString("string(./os/nvram[1]/@template)", ctxt);
|
||||||
|
- }
|
||||||
|
+ if (virDomainDefParseBootLoaderOptions(def, ctxt) < 0)
|
||||||
|
+ return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (def->os.type == VIR_DOMAIN_OSTYPE_HVM) {
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -0,0 +1,317 @@
|
|||||||
|
From 4ca3f2f590fb860b01f1eb5fec8929ceba702dc6 Mon Sep 17 00:00:00 2001
|
||||||
|
Message-Id: <4ca3f2f590fb860b01f1eb5fec8929ceba702dc6@dist-git>
|
||||||
|
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
|
||||||
|
Date: Fri, 21 May 2021 14:16:14 +0200
|
||||||
|
Subject: [PATCH] conf: remove duplicated firmware type attribute
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
The
|
||||||
|
|
||||||
|
<os firmware='efi'>
|
||||||
|
<firmware type='efi'>
|
||||||
|
<feature enabled='no' name='enrolled-keys'/>
|
||||||
|
</firmware>
|
||||||
|
</os>
|
||||||
|
|
||||||
|
repeats the firmware attribute twice. This has no functional benefit, as
|
||||||
|
evidenced by fact that we use a single struct field to store both
|
||||||
|
attributes, while needlessly introducing an error scenario. The XML can
|
||||||
|
just be simplified to:
|
||||||
|
|
||||||
|
<os firmware='efi'>
|
||||||
|
<firmware>
|
||||||
|
<feature enabled='no' name='enrolled-keys'/>
|
||||||
|
</firmware>
|
||||||
|
</os>
|
||||||
|
|
||||||
|
which also means that we don't need to emit the empty element
|
||||||
|
<firmware type='efi'/> for all existing configs too.
|
||||||
|
|
||||||
|
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||||
|
(cherry picked from commit a9b1375d7d2f7d240dce09c5f8b62e568e386051)
|
||||||
|
|
||||||
|
Conflicts:
|
||||||
|
docs/formatdomain.rst
|
||||||
|
- we still have formatdomain.html.in in downstream
|
||||||
|
|
||||||
|
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1929357
|
||||||
|
|
||||||
|
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Message-Id: <299fd16fc3ce632bf25ca55cc4bb65a225437d61.1621599207.git.phrdina@redhat.com>
|
||||||
|
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
|
||||||
|
---
|
||||||
|
docs/formatdomain.html.in | 15 ------
|
||||||
|
docs/schemas/domaincommon.rng | 10 +---
|
||||||
|
src/conf/domain_conf.c | 48 ++++++-------------
|
||||||
|
.../os-firmware-efi-no-enrolled-keys.xml | 2 +-
|
||||||
|
.../os-firmware-invalid-type.xml | 28 -----------
|
||||||
|
tests/qemuxml2argvtest.c | 1 -
|
||||||
|
...aarch64-os-firmware-efi.aarch64-latest.xml | 1 -
|
||||||
|
.../os-firmware-bios.x86_64-latest.xml | 1 -
|
||||||
|
.../os-firmware-efi-secboot.x86_64-latest.xml | 1 -
|
||||||
|
.../os-firmware-efi.x86_64-latest.xml | 1 -
|
||||||
|
tests/vmx2xmldata/vmx2xml-firmware-efi.xml | 1 -
|
||||||
|
11 files changed, 18 insertions(+), 91 deletions(-)
|
||||||
|
delete mode 100644 tests/qemuxml2argvdata/os-firmware-invalid-type.xml
|
||||||
|
|
||||||
|
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
|
||||||
|
index 11f31618af..79e2e51c54 100644
|
||||||
|
--- a/docs/formatdomain.html.in
|
||||||
|
+++ b/docs/formatdomain.html.in
|
||||||
|
@@ -183,21 +183,6 @@
|
||||||
|
<dt><a id="elementFirmware"><code>firmware</code></a></dt>
|
||||||
|
<dd>
|
||||||
|
<p><span class="since">Since 7.2.0 QEMU/KVM only</span></p>
|
||||||
|
- <p>
|
||||||
|
- When used together with <code>firmware</code> attribute of
|
||||||
|
- <code>os</code> element the <code>type</code> attribute must
|
||||||
|
- have the same value.
|
||||||
|
- </p>
|
||||||
|
- <p>
|
||||||
|
- List of mandatory attributes:
|
||||||
|
- <ul>
|
||||||
|
- <li>
|
||||||
|
- <code>type</code> (accepted values are <code>bios</code>
|
||||||
|
- and <code>efi</code>) same as the <code>firmware</code>
|
||||||
|
- attribute of <code>os</code> element.
|
||||||
|
- </li>
|
||||||
|
- </ul>
|
||||||
|
- </p>
|
||||||
|
<p>
|
||||||
|
When using firmware auto-selection there are different features
|
||||||
|
enabled in the firmwares. The list of features can be used to
|
||||||
|
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
|
||||||
|
index b7f6a6b494..ec8167e588 100644
|
||||||
|
--- a/docs/schemas/domaincommon.rng
|
||||||
|
+++ b/docs/schemas/domaincommon.rng
|
||||||
|
@@ -270,13 +270,7 @@
|
||||||
|
<ref name="ostypehvm"/>
|
||||||
|
<optional>
|
||||||
|
<element name="firmware">
|
||||||
|
- <attribute name="type">
|
||||||
|
- <choice>
|
||||||
|
- <value>bios</value>
|
||||||
|
- <value>efi</value>
|
||||||
|
- </choice>
|
||||||
|
- </attribute>
|
||||||
|
- <zeroOrMore>
|
||||||
|
+ <oneOrMore>
|
||||||
|
<element name="feature">
|
||||||
|
<attribute name="enabled">
|
||||||
|
<ref name="virYesNo"/>
|
||||||
|
@@ -288,7 +282,7 @@
|
||||||
|
</choice>
|
||||||
|
</attribute>
|
||||||
|
</element>
|
||||||
|
- </zeroOrMore>
|
||||||
|
+ </oneOrMore>
|
||||||
|
</element>
|
||||||
|
</optional>
|
||||||
|
<optional>
|
||||||
|
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
|
||||||
|
index 2ffa9c8a2a..6806064016 100644
|
||||||
|
--- a/src/conf/domain_conf.c
|
||||||
|
+++ b/src/conf/domain_conf.c
|
||||||
|
@@ -19389,31 +19389,21 @@ virDomainDefParseBootFirmwareOptions(virDomainDefPtr def,
|
||||||
|
xmlXPathContextPtr ctxt)
|
||||||
|
{
|
||||||
|
g_autofree char *firmware = virXPathString("string(./os/@firmware)", ctxt);
|
||||||
|
- g_autofree char *type = virXPathString("string(./os/firmware/@type)", ctxt);
|
||||||
|
g_autofree xmlNodePtr *nodes = NULL;
|
||||||
|
g_autofree int *features = NULL;
|
||||||
|
int fw = 0;
|
||||||
|
int n = 0;
|
||||||
|
size_t i;
|
||||||
|
|
||||||
|
- if (!firmware && !type)
|
||||||
|
+ if (!firmware)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
- if (firmware && type && STRNEQ(firmware, type)) {
|
||||||
|
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
||||||
|
- _("firmware attribute and firmware type has to be the same"));
|
||||||
|
- return -1;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- if (!type)
|
||||||
|
- type = g_steal_pointer(&firmware);
|
||||||
|
-
|
||||||
|
- fw = virDomainOsDefFirmwareTypeFromString(type);
|
||||||
|
+ fw = virDomainOsDefFirmwareTypeFromString(firmware);
|
||||||
|
|
||||||
|
if (fw <= 0) {
|
||||||
|
virReportError(VIR_ERR_XML_ERROR,
|
||||||
|
_("unknown firmware value %s"),
|
||||||
|
- type);
|
||||||
|
+ firmware);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -29039,30 +29029,22 @@ virDomainDefFormatInternalSetRootName(virDomainDefPtr def,
|
||||||
|
virBufferAsprintf(buf, ">%s</type>\n",
|
||||||
|
virDomainOSTypeToString(def->os.type));
|
||||||
|
|
||||||
|
- if (def->os.firmware) {
|
||||||
|
- virBufferAsprintf(buf, "<firmware type='%s'",
|
||||||
|
- virDomainOsDefFirmwareTypeToString(def->os.firmware));
|
||||||
|
-
|
||||||
|
- if (def->os.firmwareFeatures) {
|
||||||
|
- virBufferAddLit(buf, ">\n");
|
||||||
|
-
|
||||||
|
- virBufferAdjustIndent(buf, 2);
|
||||||
|
+ if (def->os.firmwareFeatures) {
|
||||||
|
+ virBufferAddLit(buf, "<firmware>\n");
|
||||||
|
+ virBufferAdjustIndent(buf, 2);
|
||||||
|
|
||||||
|
- for (i = 0; i < VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_LAST; i++) {
|
||||||
|
- if (def->os.firmwareFeatures[i] == VIR_TRISTATE_BOOL_ABSENT)
|
||||||
|
- continue;
|
||||||
|
+ for (i = 0; i < VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_LAST; i++) {
|
||||||
|
+ if (def->os.firmwareFeatures[i] == VIR_TRISTATE_BOOL_ABSENT)
|
||||||
|
+ continue;
|
||||||
|
|
||||||
|
- virBufferAsprintf(buf, "<feature enabled='%s' name='%s'/>\n",
|
||||||
|
- virTristateBoolTypeToString(def->os.firmwareFeatures[i]),
|
||||||
|
- virDomainOsDefFirmwareFeatureTypeToString(i));
|
||||||
|
- }
|
||||||
|
+ virBufferAsprintf(buf, "<feature enabled='%s' name='%s'/>\n",
|
||||||
|
+ virTristateBoolTypeToString(def->os.firmwareFeatures[i]),
|
||||||
|
+ virDomainOsDefFirmwareFeatureTypeToString(i));
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- virBufferAdjustIndent(buf, -2);
|
||||||
|
+ virBufferAdjustIndent(buf, -2);
|
||||||
|
|
||||||
|
- virBufferAddLit(buf, "</firmware>\n");
|
||||||
|
- } else {
|
||||||
|
- virBufferAddLit(buf, "/>\n");
|
||||||
|
- }
|
||||||
|
+ virBufferAddLit(buf, "</firmware>\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
virBufferEscapeString(buf, "<init>%s</init>\n",
|
||||||
|
diff --git a/tests/qemuxml2argvdata/os-firmware-efi-no-enrolled-keys.xml b/tests/qemuxml2argvdata/os-firmware-efi-no-enrolled-keys.xml
|
||||||
|
index 7f8f57a859..4999c4f125 100644
|
||||||
|
--- a/tests/qemuxml2argvdata/os-firmware-efi-no-enrolled-keys.xml
|
||||||
|
+++ b/tests/qemuxml2argvdata/os-firmware-efi-no-enrolled-keys.xml
|
||||||
|
@@ -6,7 +6,7 @@
|
||||||
|
<vcpu placement='static'>1</vcpu>
|
||||||
|
<os firmware='efi'>
|
||||||
|
<type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
|
||||||
|
- <firmware type='efi'>
|
||||||
|
+ <firmware>
|
||||||
|
<feature enabled='no' name='enrolled-keys'/>
|
||||||
|
</firmware>
|
||||||
|
<boot dev='hd'/>
|
||||||
|
diff --git a/tests/qemuxml2argvdata/os-firmware-invalid-type.xml b/tests/qemuxml2argvdata/os-firmware-invalid-type.xml
|
||||||
|
deleted file mode 100644
|
||||||
|
index 41360df0f7..0000000000
|
||||||
|
--- a/tests/qemuxml2argvdata/os-firmware-invalid-type.xml
|
||||||
|
+++ /dev/null
|
||||||
|
@@ -1,28 +0,0 @@
|
||||||
|
-<domain type='kvm'>
|
||||||
|
- <name>fedora</name>
|
||||||
|
- <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
|
||||||
|
- <memory unit='KiB'>8192</memory>
|
||||||
|
- <currentMemory unit='KiB'>8192</currentMemory>
|
||||||
|
- <vcpu placement='static'>1</vcpu>
|
||||||
|
- <os firmware='efi'>
|
||||||
|
- <type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
|
||||||
|
- <firmware type='bios'/>
|
||||||
|
- <loader secure='no'/>
|
||||||
|
- <nvram>/var/lib/libvirt/qemu/nvram/fedora_VARS.fd</nvram>
|
||||||
|
- <boot dev='hd'/>
|
||||||
|
- <bootmenu enable='yes'/>
|
||||||
|
- </os>
|
||||||
|
- <features>
|
||||||
|
- <acpi/>
|
||||||
|
- <apic/>
|
||||||
|
- <pae/>
|
||||||
|
- </features>
|
||||||
|
- <clock offset='utc'/>
|
||||||
|
- <on_poweroff>destroy</on_poweroff>
|
||||||
|
- <on_reboot>restart</on_reboot>
|
||||||
|
- <on_crash>restart</on_crash>
|
||||||
|
- <devices>
|
||||||
|
- <emulator>/usr/bin/qemu-system-x86_64</emulator>
|
||||||
|
- <memballoon model='none'/>
|
||||||
|
- </devices>
|
||||||
|
-</domain>
|
||||||
|
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
|
||||||
|
index 5e16d7fd31..be8054fa6a 100644
|
||||||
|
--- a/tests/qemuxml2argvtest.c
|
||||||
|
+++ b/tests/qemuxml2argvtest.c
|
||||||
|
@@ -3095,7 +3095,6 @@ mymain(void)
|
||||||
|
DO_TEST_CAPS_LATEST("os-firmware-efi");
|
||||||
|
DO_TEST_CAPS_LATEST("os-firmware-efi-secboot");
|
||||||
|
DO_TEST_CAPS_LATEST("os-firmware-efi-no-enrolled-keys");
|
||||||
|
- DO_TEST_CAPS_LATEST_PARSE_ERROR("os-firmware-invalid-type");
|
||||||
|
DO_TEST_CAPS_ARCH_LATEST("aarch64-os-firmware-efi", "aarch64");
|
||||||
|
|
||||||
|
DO_TEST_CAPS_LATEST("vhost-user-vga");
|
||||||
|
diff --git a/tests/qemuxml2xmloutdata/aarch64-os-firmware-efi.aarch64-latest.xml b/tests/qemuxml2xmloutdata/aarch64-os-firmware-efi.aarch64-latest.xml
|
||||||
|
index 3cac8fc5c6..1e51d55305 100644
|
||||||
|
--- a/tests/qemuxml2xmloutdata/aarch64-os-firmware-efi.aarch64-latest.xml
|
||||||
|
+++ b/tests/qemuxml2xmloutdata/aarch64-os-firmware-efi.aarch64-latest.xml
|
||||||
|
@@ -6,7 +6,6 @@
|
||||||
|
<vcpu placement='static'>1</vcpu>
|
||||||
|
<os firmware='efi'>
|
||||||
|
<type arch='aarch64' machine='virt-4.0'>hvm</type>
|
||||||
|
- <firmware type='efi'/>
|
||||||
|
<kernel>/aarch64.kernel</kernel>
|
||||||
|
<initrd>/aarch64.initrd</initrd>
|
||||||
|
<cmdline>earlyprintk console=ttyAMA0,115200n8 rw root=/dev/vda rootwait</cmdline>
|
||||||
|
diff --git a/tests/qemuxml2xmloutdata/os-firmware-bios.x86_64-latest.xml b/tests/qemuxml2xmloutdata/os-firmware-bios.x86_64-latest.xml
|
||||||
|
index ef24f2fece..60d3498765 100644
|
||||||
|
--- a/tests/qemuxml2xmloutdata/os-firmware-bios.x86_64-latest.xml
|
||||||
|
+++ b/tests/qemuxml2xmloutdata/os-firmware-bios.x86_64-latest.xml
|
||||||
|
@@ -6,7 +6,6 @@
|
||||||
|
<vcpu placement='static'>1</vcpu>
|
||||||
|
<os firmware='bios'>
|
||||||
|
<type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
|
||||||
|
- <firmware type='bios'/>
|
||||||
|
<loader secure='no'/>
|
||||||
|
<nvram>/var/lib/libvirt/qemu/nvram/fedora_VARS.fd</nvram>
|
||||||
|
<boot dev='hd'/>
|
||||||
|
diff --git a/tests/qemuxml2xmloutdata/os-firmware-efi-secboot.x86_64-latest.xml b/tests/qemuxml2xmloutdata/os-firmware-efi-secboot.x86_64-latest.xml
|
||||||
|
index 3757191e8e..938da73711 100644
|
||||||
|
--- a/tests/qemuxml2xmloutdata/os-firmware-efi-secboot.x86_64-latest.xml
|
||||||
|
+++ b/tests/qemuxml2xmloutdata/os-firmware-efi-secboot.x86_64-latest.xml
|
||||||
|
@@ -6,7 +6,6 @@
|
||||||
|
<vcpu placement='static'>1</vcpu>
|
||||||
|
<os firmware='efi'>
|
||||||
|
<type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
|
||||||
|
- <firmware type='efi'/>
|
||||||
|
<loader secure='yes'/>
|
||||||
|
<nvram>/var/lib/libvirt/qemu/nvram/fedora_VARS.fd</nvram>
|
||||||
|
<boot dev='hd'/>
|
||||||
|
diff --git a/tests/qemuxml2xmloutdata/os-firmware-efi.x86_64-latest.xml b/tests/qemuxml2xmloutdata/os-firmware-efi.x86_64-latest.xml
|
||||||
|
index f2e6b7f36d..97ce8a75c7 100644
|
||||||
|
--- a/tests/qemuxml2xmloutdata/os-firmware-efi.x86_64-latest.xml
|
||||||
|
+++ b/tests/qemuxml2xmloutdata/os-firmware-efi.x86_64-latest.xml
|
||||||
|
@@ -6,7 +6,6 @@
|
||||||
|
<vcpu placement='static'>1</vcpu>
|
||||||
|
<os firmware='efi'>
|
||||||
|
<type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
|
||||||
|
- <firmware type='efi'/>
|
||||||
|
<loader secure='no'/>
|
||||||
|
<nvram>/var/lib/libvirt/qemu/nvram/fedora_VARS.fd</nvram>
|
||||||
|
<boot dev='hd'/>
|
||||||
|
diff --git a/tests/vmx2xmldata/vmx2xml-firmware-efi.xml b/tests/vmx2xmldata/vmx2xml-firmware-efi.xml
|
||||||
|
index 375c47d281..e21158cebf 100644
|
||||||
|
--- a/tests/vmx2xmldata/vmx2xml-firmware-efi.xml
|
||||||
|
+++ b/tests/vmx2xmldata/vmx2xml-firmware-efi.xml
|
||||||
|
@@ -5,7 +5,6 @@
|
||||||
|
<vcpu placement='static'>1</vcpu>
|
||||||
|
<os firmware='efi'>
|
||||||
|
<type arch='i686'>hvm</type>
|
||||||
|
- <firmware type='efi'/>
|
||||||
|
</os>
|
||||||
|
<clock offset='utc'/>
|
||||||
|
<on_poweroff>destroy</on_poweroff>
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -0,0 +1,89 @@
|
|||||||
|
From 75470b7c297be9bdd712282b89c48465dbe8d400 Mon Sep 17 00:00:00 2001
|
||||||
|
Message-Id: <75470b7c297be9bdd712282b89c48465dbe8d400@dist-git>
|
||||||
|
From: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Date: Fri, 21 May 2021 14:16:10 +0200
|
||||||
|
Subject: [PATCH] conf: use switch in virDomainDefParseBootOptions
|
||||||
|
|
||||||
|
The original code used a lot of conditions and was not that obvious
|
||||||
|
when each XML bits are parsed.
|
||||||
|
|
||||||
|
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
|
||||||
|
(cherry picked from commit 6330be1ba3af5c4d2150fe2b831f7bc5d87c6d2a)
|
||||||
|
|
||||||
|
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1929357
|
||||||
|
|
||||||
|
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Message-Id: <900c870b1720688123ed7b69850548ae308ea9a8.1621599207.git.phrdina@redhat.com>
|
||||||
|
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
|
||||||
|
---
|
||||||
|
src/conf/domain_conf.c | 42 ++++++++++++++++++++++++++----------------
|
||||||
|
1 file changed, 26 insertions(+), 16 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
|
||||||
|
index f8d8d33245..93a78f8277 100644
|
||||||
|
--- a/src/conf/domain_conf.c
|
||||||
|
+++ b/src/conf/domain_conf.c
|
||||||
|
@@ -19483,33 +19483,43 @@ virDomainDefParseBootOptions(virDomainDefPtr def,
|
||||||
|
* - An init script (exe)
|
||||||
|
*/
|
||||||
|
|
||||||
|
- if (def->os.type == VIR_DOMAIN_OSTYPE_EXE) {
|
||||||
|
- if (virDomainDefParseBootInitOptions(def, ctxt) < 0)
|
||||||
|
- return -1;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- if (def->os.type == VIR_DOMAIN_OSTYPE_XEN ||
|
||||||
|
- def->os.type == VIR_DOMAIN_OSTYPE_XENPVH ||
|
||||||
|
- def->os.type == VIR_DOMAIN_OSTYPE_HVM ||
|
||||||
|
- def->os.type == VIR_DOMAIN_OSTYPE_UML) {
|
||||||
|
-
|
||||||
|
+ switch ((virDomainOSType) def->os.type) {
|
||||||
|
+ case VIR_DOMAIN_OSTYPE_HVM:
|
||||||
|
virDomainDefParseBootKernelOptions(def, ctxt);
|
||||||
|
|
||||||
|
- if (def->os.type == VIR_DOMAIN_OSTYPE_HVM) {
|
||||||
|
- if (virDomainDefParseBootFirmwareOptions(def, ctxt) < 0)
|
||||||
|
- return -1;
|
||||||
|
- }
|
||||||
|
+ if (virDomainDefParseBootFirmwareOptions(def, ctxt) < 0)
|
||||||
|
+ return -1;
|
||||||
|
|
||||||
|
if (virDomainDefParseBootLoaderOptions(def, ctxt) < 0)
|
||||||
|
return -1;
|
||||||
|
- }
|
||||||
|
|
||||||
|
- if (def->os.type == VIR_DOMAIN_OSTYPE_HVM) {
|
||||||
|
if (virDomainDefParseBootAcpiOptions(def, ctxt) < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
if (virDomainDefParseBootXML(ctxt, def) < 0)
|
||||||
|
return -1;
|
||||||
|
+
|
||||||
|
+ break;
|
||||||
|
+
|
||||||
|
+ case VIR_DOMAIN_OSTYPE_XEN:
|
||||||
|
+ case VIR_DOMAIN_OSTYPE_XENPVH:
|
||||||
|
+ case VIR_DOMAIN_OSTYPE_UML:
|
||||||
|
+ virDomainDefParseBootKernelOptions(def, ctxt);
|
||||||
|
+
|
||||||
|
+ if (virDomainDefParseBootLoaderOptions(def, ctxt) < 0)
|
||||||
|
+ return -1;
|
||||||
|
+
|
||||||
|
+ break;
|
||||||
|
+
|
||||||
|
+ case VIR_DOMAIN_OSTYPE_EXE:
|
||||||
|
+ if (virDomainDefParseBootInitOptions(def, ctxt) < 0)
|
||||||
|
+ return -1;
|
||||||
|
+
|
||||||
|
+ break;
|
||||||
|
+
|
||||||
|
+ case VIR_DOMAIN_OSTYPE_LINUX:
|
||||||
|
+ case VIR_DOMAIN_OSTYPE_LAST:
|
||||||
|
+ break;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -0,0 +1,47 @@
|
|||||||
|
From 3398815aa337278fe4085f06f3586b2a1a98ab3d Mon Sep 17 00:00:00 2001
|
||||||
|
Message-Id: <3398815aa337278fe4085f06f3586b2a1a98ab3d@dist-git>
|
||||||
|
From: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Date: Fri, 21 May 2021 14:16:04 +0200
|
||||||
|
Subject: [PATCH] docs: improve description of secure attribute for loader
|
||||||
|
element
|
||||||
|
|
||||||
|
The original text was not explaining what this attribute actually
|
||||||
|
controls and could have been interpreted as a control switch for the
|
||||||
|
Secure boot feature in firmwares.
|
||||||
|
|
||||||
|
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Reviewed-by: Kashyap Chamarthy <kchamart@redhat.com>
|
||||||
|
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
|
||||||
|
(cherry picked from commit f47d06260b9698f705ab2c079c573f89f832e376)
|
||||||
|
|
||||||
|
Conflicts:
|
||||||
|
docs/formatdomain.rst
|
||||||
|
- we still have formatdomain.html.in in downstream
|
||||||
|
|
||||||
|
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1929357
|
||||||
|
|
||||||
|
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Message-Id: <e2c4f2faa7f2a525b4d3ea5608a1b305cf18712b.1621599207.git.phrdina@redhat.com>
|
||||||
|
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
|
||||||
|
---
|
||||||
|
docs/formatdomain.html.in | 4 +++-
|
||||||
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
|
||||||
|
index 7ac9523684..a40bed347b 100644
|
||||||
|
--- a/docs/formatdomain.html.in
|
||||||
|
+++ b/docs/formatdomain.html.in
|
||||||
|
@@ -197,7 +197,9 @@
|
||||||
|
path points to an UEFI image, <code>type</code> should be
|
||||||
|
<code>pflash</code>. Moreover, some firmwares may
|
||||||
|
implement the Secure boot feature. Attribute
|
||||||
|
- <code>secure</code> can be used then to control it.
|
||||||
|
+ <code>secure</code> can be used to tell the hypervisor that the
|
||||||
|
+ firmware is capable of Secure Boot feature. It cannot be used to
|
||||||
|
+ enable or disable the feature itself in the firmware.
|
||||||
|
<span class="since">Since 2.1.0</span></dd>
|
||||||
|
<dt><code>nvram</code></dt>
|
||||||
|
<dd>Some UEFI firmwares may want to use a non-volatile memory to store
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -0,0 +1,43 @@
|
|||||||
|
From 8ad6e3bc6d3e9e55093b546ee886a2a2d9e875f5 Mon Sep 17 00:00:00 2001
|
||||||
|
Message-Id: <8ad6e3bc6d3e9e55093b546ee886a2a2d9e875f5@dist-git>
|
||||||
|
From: Michal Privoznik <mprivozn@redhat.com>
|
||||||
|
Date: Fri, 21 May 2021 14:16:13 +0200
|
||||||
|
Subject: [PATCH] domain_conf: Don't leak def->os.firmwareFeatures
|
||||||
|
|
||||||
|
The firmwareFeatures member of virDomainOSDef struct is allocated
|
||||||
|
in virDomainDefParseBootFirmwareOptions() but never freed.
|
||||||
|
|
||||||
|
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
|
||||||
|
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
(cherry picked from commit c116b9481426f86188c71f340d5e3db103120bf8)
|
||||||
|
|
||||||
|
Conflicts:
|
||||||
|
src/conf/domain_conf.c
|
||||||
|
- missing upstream commits:
|
||||||
|
77f8e48fc35eaf867eae4f623e381f87f6e29930
|
||||||
|
f9f81f1c8f855b8c21aeae4441abfc877ff2bfc3
|
||||||
|
|
||||||
|
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1929357
|
||||||
|
|
||||||
|
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Message-Id: <82f4beea71e682c43ec10370d5a43a608d1cb411.1621599207.git.phrdina@redhat.com>
|
||||||
|
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
|
||||||
|
---
|
||||||
|
src/conf/domain_conf.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
|
||||||
|
index 28c8d0ecbd..2ffa9c8a2a 100644
|
||||||
|
--- a/src/conf/domain_conf.c
|
||||||
|
+++ b/src/conf/domain_conf.c
|
||||||
|
@@ -3431,6 +3431,7 @@ void virDomainDefFree(virDomainDefPtr def)
|
||||||
|
VIR_FREE(def->idmap.uidmap);
|
||||||
|
VIR_FREE(def->idmap.gidmap);
|
||||||
|
|
||||||
|
+ VIR_FREE(def->os.firmwareFeatures);
|
||||||
|
VIR_FREE(def->os.machine);
|
||||||
|
VIR_FREE(def->os.init);
|
||||||
|
for (i = 0; def->os.initargv && def->os.initargv[i]; i++)
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -0,0 +1,50 @@
|
|||||||
|
From bad40f7148a5849e84e9cdc341ff1fa03dc94fc6 Mon Sep 17 00:00:00 2001
|
||||||
|
Message-Id: <bad40f7148a5849e84e9cdc341ff1fa03dc94fc6@dist-git>
|
||||||
|
From: Thomas Huth <thuth@redhat.com>
|
||||||
|
Date: Tue, 11 May 2021 14:10:27 +0200
|
||||||
|
Subject: [PATCH] hostdev: Update mdev pointer reference after checking device
|
||||||
|
type
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
We set the pointer to some garbage packed structure data without
|
||||||
|
knowing whether we were actually handling the type of device we
|
||||||
|
expected to be handling. On its own, this was harmless, because we'd
|
||||||
|
never use the pointer as we'd skip the device if it were not the
|
||||||
|
expected type. However, it's better to make the logic even more
|
||||||
|
explicit - we first check the device and only when we're sure we have
|
||||||
|
the expected type we then update the pointer shortcut.
|
||||||
|
|
||||||
|
Signed-off-by: Erik Skultety <eskultet@redhat.com>
|
||||||
|
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
||||||
|
(cherry picked from commit 964738cff3d949d90fc5c3317a2618fcd8d217b4)
|
||||||
|
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1940449
|
||||||
|
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||||
|
Message-Id: <20210511121028.304070-2-thuth@redhat.com>
|
||||||
|
Reviewed-by: Erik Skultety <eskultet@redhat.com>
|
||||||
|
---
|
||||||
|
src/util/virhostdev.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/util/virhostdev.c b/src/util/virhostdev.c
|
||||||
|
index 9596482146..b7050e99e4 100644
|
||||||
|
--- a/src/util/virhostdev.c
|
||||||
|
+++ b/src/util/virhostdev.c
|
||||||
|
@@ -2030,11 +2030,11 @@ virHostdevReAttachMediatedDevices(virHostdevManagerPtr mgr,
|
||||||
|
virDomainHostdevSubsysMediatedDevPtr mdevsrc;
|
||||||
|
virDomainHostdevDefPtr hostdev = hostdevs[i];
|
||||||
|
|
||||||
|
- mdevsrc = &hostdev->source.subsys.u.mdev;
|
||||||
|
-
|
||||||
|
if (!virHostdevIsMdevDevice(hostdev))
|
||||||
|
continue;
|
||||||
|
|
||||||
|
+ mdevsrc = &hostdev->source.subsys.u.mdev;
|
||||||
|
+
|
||||||
|
if (!(mdev = virMediatedDeviceNew(mdevsrc->uuidstr,
|
||||||
|
mdevsrc->model)))
|
||||||
|
continue;
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -0,0 +1,166 @@
|
|||||||
|
From 9e97e35031572e0f6ace32e2fb094f0f358f0391 Mon Sep 17 00:00:00 2001
|
||||||
|
Message-Id: <9e97e35031572e0f6ace32e2fb094f0f358f0391@dist-git>
|
||||||
|
From: Thomas Huth <thuth@redhat.com>
|
||||||
|
Date: Tue, 11 May 2021 14:10:28 +0200
|
||||||
|
Subject: [PATCH] hostdev: mdev: Lookup mdevs by sysfs path rather than mdev
|
||||||
|
struct
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
The lookup didn't do anything apart from comparing the sysfs paths
|
||||||
|
anyway since that's what makes each mdev unique.
|
||||||
|
The most ridiculous usage of the old logic was in
|
||||||
|
virHostdevReAttachMediatedDevices where in order to drop an mdev
|
||||||
|
hostdev from the list of active devices we first had to create a new
|
||||||
|
mdev and use it in the lookup call. Why couldn't we have used the
|
||||||
|
hostdev directly? Because the hostdev and mdev structures are
|
||||||
|
incompatible.
|
||||||
|
|
||||||
|
The way mdevs are currently removed is via a write to a specific sysfs
|
||||||
|
attribute. If you do it while the machine which has the mdev assigned
|
||||||
|
is running, the write call may block (with a new enough kernel, with
|
||||||
|
older kernels it would return a write error!) until the device
|
||||||
|
is no longer in use which is when the QEMU process exits.
|
||||||
|
|
||||||
|
The interesting part here comes afterwards when we're cleaning up and
|
||||||
|
call virHostdevReAttachMediatedDevices. The domain doesn't exist
|
||||||
|
anymore, so the list of active hostdevs needs to be updated and the
|
||||||
|
respective hostdevs removed from the list, but remember we had to
|
||||||
|
create an mdev object in the memory in order to find it in the list
|
||||||
|
first which will fail because the write to sysfs had already removed
|
||||||
|
the mdev instance from the host system.
|
||||||
|
And so the next time you try to start the same domain you'll get:
|
||||||
|
|
||||||
|
"Requested operation is not valid: mediated device <path> is in use by
|
||||||
|
driver QEMU, domain <name>"
|
||||||
|
|
||||||
|
Fixes: https://gitlab.com/libvirt/libvirt/-/issues/119
|
||||||
|
|
||||||
|
Signed-off-by: Erik Skultety <eskultet@redhat.com>
|
||||||
|
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
||||||
|
(cherry picked from commit 49cb59778a4e6c2d04bb9383a9d97fbbc83f9fce)
|
||||||
|
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1940449
|
||||||
|
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||||
|
Message-Id: <20210511121028.304070-3-thuth@redhat.com>
|
||||||
|
Reviewed-by: Erik Skultety <eskultet@redhat.com>
|
||||||
|
---
|
||||||
|
src/util/virhostdev.c | 10 ++++------
|
||||||
|
src/util/virmdev.c | 16 ++++++++--------
|
||||||
|
src/util/virmdev.h | 4 ++--
|
||||||
|
3 files changed, 14 insertions(+), 16 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/util/virhostdev.c b/src/util/virhostdev.c
|
||||||
|
index b7050e99e4..392e94307c 100644
|
||||||
|
--- a/src/util/virhostdev.c
|
||||||
|
+++ b/src/util/virhostdev.c
|
||||||
|
@@ -2025,7 +2025,7 @@ virHostdevReAttachMediatedDevices(virHostdevManagerPtr mgr,
|
||||||
|
|
||||||
|
virObjectLock(mgr->activeMediatedHostdevs);
|
||||||
|
for (i = 0; i < nhostdevs; i++) {
|
||||||
|
- g_autoptr(virMediatedDevice) mdev = NULL;
|
||||||
|
+ g_autofree char *sysfspath = NULL;
|
||||||
|
virMediatedDevicePtr tmp;
|
||||||
|
virDomainHostdevSubsysMediatedDevPtr mdevsrc;
|
||||||
|
virDomainHostdevDefPtr hostdev = hostdevs[i];
|
||||||
|
@@ -2034,14 +2034,12 @@ virHostdevReAttachMediatedDevices(virHostdevManagerPtr mgr,
|
||||||
|
continue;
|
||||||
|
|
||||||
|
mdevsrc = &hostdev->source.subsys.u.mdev;
|
||||||
|
-
|
||||||
|
- if (!(mdev = virMediatedDeviceNew(mdevsrc->uuidstr,
|
||||||
|
- mdevsrc->model)))
|
||||||
|
- continue;
|
||||||
|
+ sysfspath = virMediatedDeviceGetSysfsPath(mdevsrc->uuidstr);
|
||||||
|
|
||||||
|
/* Remove from the list only mdevs assigned to @drv_name/@dom_name */
|
||||||
|
|
||||||
|
- tmp = virMediatedDeviceListFind(mgr->activeMediatedHostdevs, mdev);
|
||||||
|
+ tmp = virMediatedDeviceListFind(mgr->activeMediatedHostdevs,
|
||||||
|
+ sysfspath);
|
||||||
|
|
||||||
|
/* skip inactive devices */
|
||||||
|
if (!tmp)
|
||||||
|
diff --git a/src/util/virmdev.c b/src/util/virmdev.c
|
||||||
|
index c2499c0a20..bae4a7d2c1 100644
|
||||||
|
--- a/src/util/virmdev.c
|
||||||
|
+++ b/src/util/virmdev.c
|
||||||
|
@@ -312,7 +312,7 @@ int
|
||||||
|
virMediatedDeviceListAdd(virMediatedDeviceListPtr list,
|
||||||
|
virMediatedDevicePtr *dev)
|
||||||
|
{
|
||||||
|
- if (virMediatedDeviceListFind(list, *dev)) {
|
||||||
|
+ if (virMediatedDeviceListFind(list, (*dev)->path)) {
|
||||||
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
||||||
|
_("device %s is already in use"), (*dev)->path);
|
||||||
|
return -1;
|
||||||
|
@@ -358,7 +358,7 @@ virMediatedDevicePtr
|
||||||
|
virMediatedDeviceListSteal(virMediatedDeviceListPtr list,
|
||||||
|
virMediatedDevicePtr dev)
|
||||||
|
{
|
||||||
|
- int idx = virMediatedDeviceListFindIndex(list, dev);
|
||||||
|
+ int idx = virMediatedDeviceListFindIndex(list, dev->path);
|
||||||
|
|
||||||
|
return virMediatedDeviceListStealIndex(list, idx);
|
||||||
|
}
|
||||||
|
@@ -374,13 +374,13 @@ virMediatedDeviceListDel(virMediatedDeviceListPtr list,
|
||||||
|
|
||||||
|
int
|
||||||
|
virMediatedDeviceListFindIndex(virMediatedDeviceListPtr list,
|
||||||
|
- virMediatedDevicePtr dev)
|
||||||
|
+ const char *sysfspath)
|
||||||
|
{
|
||||||
|
size_t i;
|
||||||
|
|
||||||
|
for (i = 0; i < list->count; i++) {
|
||||||
|
- virMediatedDevicePtr other = list->devs[i];
|
||||||
|
- if (STREQ(other->path, dev->path))
|
||||||
|
+ virMediatedDevicePtr dev = list->devs[i];
|
||||||
|
+ if (STREQ(sysfspath, dev->path))
|
||||||
|
return i;
|
||||||
|
}
|
||||||
|
return -1;
|
||||||
|
@@ -389,11 +389,11 @@ virMediatedDeviceListFindIndex(virMediatedDeviceListPtr list,
|
||||||
|
|
||||||
|
virMediatedDevicePtr
|
||||||
|
virMediatedDeviceListFind(virMediatedDeviceListPtr list,
|
||||||
|
- virMediatedDevicePtr dev)
|
||||||
|
+ const char *sysfspath)
|
||||||
|
{
|
||||||
|
int idx;
|
||||||
|
|
||||||
|
- if ((idx = virMediatedDeviceListFindIndex(list, dev)) >= 0)
|
||||||
|
+ if ((idx = virMediatedDeviceListFindIndex(list, sysfspath)) >= 0)
|
||||||
|
return list->devs[idx];
|
||||||
|
else
|
||||||
|
return NULL;
|
||||||
|
@@ -407,7 +407,7 @@ virMediatedDeviceIsUsed(virMediatedDevicePtr dev,
|
||||||
|
const char *drvname, *domname;
|
||||||
|
virMediatedDevicePtr tmp = NULL;
|
||||||
|
|
||||||
|
- if ((tmp = virMediatedDeviceListFind(list, dev))) {
|
||||||
|
+ if ((tmp = virMediatedDeviceListFind(list, dev->path))) {
|
||||||
|
virMediatedDeviceGetUsedBy(tmp, &drvname, &domname);
|
||||||
|
virReportError(VIR_ERR_OPERATION_INVALID,
|
||||||
|
_("mediated device %s is in use by "
|
||||||
|
diff --git a/src/util/virmdev.h b/src/util/virmdev.h
|
||||||
|
index e0905a3f6e..3022ab9948 100644
|
||||||
|
--- a/src/util/virmdev.h
|
||||||
|
+++ b/src/util/virmdev.h
|
||||||
|
@@ -120,11 +120,11 @@ virMediatedDeviceListDel(virMediatedDeviceListPtr list,
|
||||||
|
|
||||||
|
virMediatedDevicePtr
|
||||||
|
virMediatedDeviceListFind(virMediatedDeviceListPtr list,
|
||||||
|
- virMediatedDevicePtr dev);
|
||||||
|
+ const char *sysfspath);
|
||||||
|
|
||||||
|
int
|
||||||
|
virMediatedDeviceListFindIndex(virMediatedDeviceListPtr list,
|
||||||
|
- virMediatedDevicePtr dev);
|
||||||
|
+ const char *sysfspath);
|
||||||
|
|
||||||
|
int
|
||||||
|
virMediatedDeviceListMarkDevices(virMediatedDeviceListPtr dst,
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -1,7 +1,7 @@
|
|||||||
From 39a3e7f108cfb5c534bbbc6bc06e416bb93d33fb Mon Sep 17 00:00:00 2001
|
From 021167719bebe7fb7a0e366c371b6c7057ebed7e Mon Sep 17 00:00:00 2001
|
||||||
Message-Id: <39a3e7f108cfb5c534bbbc6bc06e416bb93d33fb@dist-git>
|
Message-Id: <021167719bebe7fb7a0e366c371b6c7057ebed7e@dist-git>
|
||||||
From: Laine Stump <laine@redhat.com>
|
From: Laine Stump <laine@redhat.com>
|
||||||
Date: Tue, 11 May 2021 15:48:05 -0400
|
Date: Wed, 14 Apr 2021 23:25:34 -0400
|
||||||
Subject: [PATCH] network: force re-creation of iptables private chains on
|
Subject: [PATCH] network: force re-creation of iptables private chains on
|
||||||
firewalld restart
|
firewalld restart
|
||||||
MIME-Version: 1.0
|
MIME-Version: 1.0
|
||||||
@ -63,6 +63,9 @@ Signed-off-by: Laine Stump <laine@redhat.com>
|
|||||||
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||||
(cherry picked from commit f5418b427e7d2f26803880309478de9103680826)
|
(cherry picked from commit f5418b427e7d2f26803880309478de9103680826)
|
||||||
|
|
||||||
|
https://bugzilla.redhat.com/1942805
|
||||||
|
(cloned from the RHEL-AV version: https://bugzilla.redhat.com/1813830 )
|
||||||
|
|
||||||
Conflicts:
|
Conflicts:
|
||||||
src/network/bridge_driver.c:
|
src/network/bridge_driver.c:
|
||||||
In one place a later commit was backported prior to this commit,
|
In one place a later commit was backported prior to this commit,
|
||||||
@ -70,10 +73,9 @@ Conflicts:
|
|||||||
c102bbd3efc35, which was backported for
|
c102bbd3efc35, which was backported for
|
||||||
https://bugzilla.redhat.com/1607929
|
https://bugzilla.redhat.com/1607929
|
||||||
|
|
||||||
https://bugzilla.redhat.com/1958301
|
|
||||||
Signed-off-by: Laine Stump <laine@redhat.com>
|
Signed-off-by: Laine Stump <laine@redhat.com>
|
||||||
Message-Id: <20210511194805.365503-3-laine@redhat.com>
|
Message-Id: <20210415032534.723202-3-laine@redhat.com>
|
||||||
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
|
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
|
||||||
---
|
---
|
||||||
src/network/bridge_driver.c | 16 ++++---
|
src/network/bridge_driver.c | 16 ++++---
|
||||||
src/network/bridge_driver_linux.c | 69 ++++++++++++++++++----------
|
src/network/bridge_driver_linux.c | 69 ++++++++++++++++++----------
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
From c0b8523ca6cb824f184117f05717a6af6b9b3783 Mon Sep 17 00:00:00 2001
|
From 4792bd80c542f7af373bc939492017bd420a3f3b Mon Sep 17 00:00:00 2001
|
||||||
Message-Id: <c0b8523ca6cb824f184117f05717a6af6b9b3783@dist-git>
|
Message-Id: <4792bd80c542f7af373bc939492017bd420a3f3b@dist-git>
|
||||||
From: Laine Stump <laine@redhat.com>
|
From: Laine Stump <laine@redhat.com>
|
||||||
Date: Tue, 11 May 2021 15:48:04 -0400
|
Date: Wed, 14 Apr 2021 23:25:33 -0400
|
||||||
Subject: [PATCH] network: make it safe to call networkSetupPrivateChains()
|
Subject: [PATCH] network: make it safe to call networkSetupPrivateChains()
|
||||||
multiple times
|
multiple times
|
||||||
MIME-Version: 1.0
|
MIME-Version: 1.0
|
||||||
@ -19,10 +19,10 @@ Signed-off-by: Laine Stump <laine@redhat.com>
|
|||||||
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||||
(cherry picked from commit de110f110fb917a31b9f33ad8e4b3c1d3284766a)
|
(cherry picked from commit de110f110fb917a31b9f33ad8e4b3c1d3284766a)
|
||||||
|
|
||||||
https://bugzilla.redhat.com/1958301
|
https://bugzilla.redhat.com/1942805
|
||||||
Signed-off-by: Laine Stump <laine@redhat.com>
|
|
||||||
Message-Id: <20210511194805.365503-2-laine@redhat.com>
|
Message-Id: <20210415032534.723202-2-laine@redhat.com>
|
||||||
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
|
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
|
||||||
---
|
---
|
||||||
src/network/bridge_driver_linux.c | 8 ++++----
|
src/network/bridge_driver_linux.c | 8 ++++----
|
||||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||||
|
@ -0,0 +1,248 @@
|
|||||||
|
From d1c5d166a891a2abf408a5879b95bded23b45825 Mon Sep 17 00:00:00 2001
|
||||||
|
Message-Id: <d1c5d166a891a2abf408a5879b95bded23b45825@dist-git>
|
||||||
|
From: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Date: Fri, 21 May 2021 14:16:12 +0200
|
||||||
|
Subject: [PATCH] qemu: implement support for firmware auto-selection feature
|
||||||
|
filtering
|
||||||
|
|
||||||
|
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
|
||||||
|
(cherry picked from commit c91fa273062ec388385bf8cc081117c78c2f7af5)
|
||||||
|
|
||||||
|
Conflicts:
|
||||||
|
tests/qemuxml2argvdata/os-firmware-efi-no-enrolled-keys.x86_64-latest.args
|
||||||
|
- missing upstream commits:
|
||||||
|
d96fb5cb31b870e1539bd8ee95fb27dbe461a357
|
||||||
|
43c9c0859f2d53321ccc646ab905beec0740490b
|
||||||
|
88957116c9d3cb4705380c3702c9d4315fb500bb
|
||||||
|
|
||||||
|
tests/qemuxml2argvdata/os-firmware-efi-no-enrolled-keys.xml
|
||||||
|
- missing upstream commits:
|
||||||
|
e88367095f3cad2cf80a687fd599dfaeb3073841
|
||||||
|
|
||||||
|
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1929357
|
||||||
|
|
||||||
|
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Message-Id: <de1971688ed4bf1556d669973e60de6e3c76b4c1.1621599207.git.phrdina@redhat.com>
|
||||||
|
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
|
||||||
|
---
|
||||||
|
src/qemu/qemu_firmware.c | 40 +++++++++++++++
|
||||||
|
...re-efi-no-enrolled-keys.x86_64-latest.args | 47 ++++++++++++++++++
|
||||||
|
.../os-firmware-efi-no-enrolled-keys.xml | 49 +++++++++++++++++++
|
||||||
|
tests/qemuxml2argvtest.c | 1 +
|
||||||
|
...are-efi-no-enrolled-keys.x86_64-latest.xml | 1 +
|
||||||
|
tests/qemuxml2xmltest.c | 1 +
|
||||||
|
6 files changed, 139 insertions(+)
|
||||||
|
create mode 100644 tests/qemuxml2argvdata/os-firmware-efi-no-enrolled-keys.x86_64-latest.args
|
||||||
|
create mode 100644 tests/qemuxml2argvdata/os-firmware-efi-no-enrolled-keys.xml
|
||||||
|
create mode 120000 tests/qemuxml2xmloutdata/os-firmware-efi-no-enrolled-keys.x86_64-latest.xml
|
||||||
|
|
||||||
|
diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
|
||||||
|
index 8ef515ca57..e875e355c7 100644
|
||||||
|
--- a/src/qemu/qemu_firmware.c
|
||||||
|
+++ b/src/qemu/qemu_firmware.c
|
||||||
|
@@ -952,6 +952,10 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
|
||||||
|
bool supportsS4 = false;
|
||||||
|
bool requiresSMM = false;
|
||||||
|
bool supportsSEV = false;
|
||||||
|
+ bool supportsSecureBoot = false;
|
||||||
|
+ bool hasEnrolledKeys = false;
|
||||||
|
+ int reqSecureBoot;
|
||||||
|
+ int reqEnrolledKeys;
|
||||||
|
|
||||||
|
want = qemuFirmwareOSInterfaceTypeFromOsDefFirmware(def->os.firmware);
|
||||||
|
|
||||||
|
@@ -1001,7 +1005,13 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
|
||||||
|
break;
|
||||||
|
|
||||||
|
case QEMU_FIRMWARE_FEATURE_SECURE_BOOT:
|
||||||
|
+ supportsSecureBoot = true;
|
||||||
|
+ break;
|
||||||
|
+
|
||||||
|
case QEMU_FIRMWARE_FEATURE_ENROLLED_KEYS:
|
||||||
|
+ hasEnrolledKeys = true;
|
||||||
|
+ break;
|
||||||
|
+
|
||||||
|
case QEMU_FIRMWARE_FEATURE_VERBOSE_DYNAMIC:
|
||||||
|
case QEMU_FIRMWARE_FEATURE_VERBOSE_STATIC:
|
||||||
|
case QEMU_FIRMWARE_FEATURE_NONE:
|
||||||
|
@@ -1022,6 +1032,36 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (def->os.firmwareFeatures) {
|
||||||
|
+ reqSecureBoot = def->os.firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_SECURE_BOOT];
|
||||||
|
+ if (reqSecureBoot != VIR_TRISTATE_BOOL_ABSENT) {
|
||||||
|
+ if (reqSecureBoot == VIR_TRISTATE_BOOL_YES && !supportsSecureBoot) {
|
||||||
|
+ VIR_DEBUG("User requested Secure Boot, firmware '%s' doesn't support it",
|
||||||
|
+ path);
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (reqSecureBoot == VIR_TRISTATE_BOOL_NO && supportsSecureBoot) {
|
||||||
|
+ VIR_DEBUG("User refused Secure Boot, firmware '%s' supports it", path);
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ reqEnrolledKeys = def->os.firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_ENROLLED_KEYS];
|
||||||
|
+ if (reqEnrolledKeys != VIR_TRISTATE_BOOL_ABSENT) {
|
||||||
|
+ if (reqEnrolledKeys == VIR_TRISTATE_BOOL_YES && !hasEnrolledKeys) {
|
||||||
|
+ VIR_DEBUG("User requested Enrolled keys, firmware '%s' doesn't have them",
|
||||||
|
+ path);
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (reqEnrolledKeys == VIR_TRISTATE_BOOL_NO && hasEnrolledKeys) {
|
||||||
|
+ VIR_DEBUG("User refused Enrolled keys, firmware '%s' has them", path);
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (def->os.loader &&
|
||||||
|
def->os.loader->secure == VIR_TRISTATE_BOOL_YES &&
|
||||||
|
!requiresSMM) {
|
||||||
|
diff --git a/tests/qemuxml2argvdata/os-firmware-efi-no-enrolled-keys.x86_64-latest.args b/tests/qemuxml2argvdata/os-firmware-efi-no-enrolled-keys.x86_64-latest.args
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..c3c838fb1a
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/qemuxml2argvdata/os-firmware-efi-no-enrolled-keys.x86_64-latest.args
|
||||||
|
@@ -0,0 +1,47 @@
|
||||||
|
+LC_ALL=C \
|
||||||
|
+PATH=/bin \
|
||||||
|
+HOME=/tmp/lib/domain--1-fedora \
|
||||||
|
+USER=test \
|
||||||
|
+LOGNAME=test \
|
||||||
|
+XDG_DATA_HOME=/tmp/lib/domain--1-fedora/.local/share \
|
||||||
|
+XDG_CACHE_HOME=/tmp/lib/domain--1-fedora/.cache \
|
||||||
|
+XDG_CONFIG_HOME=/tmp/lib/domain--1-fedora/.config \
|
||||||
|
+QEMU_AUDIO_DRV=none \
|
||||||
|
+/usr/bin/qemu-system-x86_64 \
|
||||||
|
+-name guest=fedora,debug-threads=on \
|
||||||
|
+-S \
|
||||||
|
+-object secret,id=masterKey0,format=raw,\
|
||||||
|
+file=/tmp/lib/domain--1-fedora/master-key.aes \
|
||||||
|
+-blockdev '{"driver":"file","filename":"/usr/share/OVMF/OVMF_CODE.fd",\
|
||||||
|
+"node-name":"libvirt-pflash0-storage","auto-read-only":true,\
|
||||||
|
+"discard":"unmap"}' \
|
||||||
|
+-blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,\
|
||||||
|
+"driver":"raw","file":"libvirt-pflash0-storage"}' \
|
||||||
|
+-blockdev '{"driver":"file",\
|
||||||
|
+"filename":"/var/lib/libvirt/qemu/nvram/fedora_VARS.fd",\
|
||||||
|
+"node-name":"libvirt-pflash1-storage","auto-read-only":true,\
|
||||||
|
+"discard":"unmap"}' \
|
||||||
|
+-blockdev '{"node-name":"libvirt-pflash1-format","read-only":false,\
|
||||||
|
+"driver":"raw","file":"libvirt-pflash1-storage"}' \
|
||||||
|
+-machine pc-q35-4.0,accel=kvm,usb=off,dump-guest-core=off,\
|
||||||
|
+pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format \
|
||||||
|
+-cpu qemu64 \
|
||||||
|
+-m 8 \
|
||||||
|
+-overcommit mem-lock=off \
|
||||||
|
+-smp 1,sockets=1,cores=1,threads=1 \
|
||||||
|
+-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
|
||||||
|
+-display none \
|
||||||
|
+-no-user-config \
|
||||||
|
+-nodefaults \
|
||||||
|
+-chardev socket,id=charmonitor,fd=1729,server,nowait \
|
||||||
|
+-mon chardev=charmonitor,id=monitor,mode=control \
|
||||||
|
+-rtc base=utc \
|
||||||
|
+-no-shutdown \
|
||||||
|
+-boot strict=on \
|
||||||
|
+-device pcie-root-port,port=0x8,chassis=1,id=pci.1,bus=pcie.0,multifunction=on,\
|
||||||
|
+addr=0x1 \
|
||||||
|
+-device pcie-root-port,port=0x9,chassis=2,id=pci.2,bus=pcie.0,addr=0x1.0x1 \
|
||||||
|
+-device qemu-xhci,id=usb,bus=pci.1,addr=0x0 \
|
||||||
|
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,\
|
||||||
|
+resourcecontrol=deny \
|
||||||
|
+-msg timestamp=on
|
||||||
|
diff --git a/tests/qemuxml2argvdata/os-firmware-efi-no-enrolled-keys.xml b/tests/qemuxml2argvdata/os-firmware-efi-no-enrolled-keys.xml
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..7f8f57a859
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/qemuxml2argvdata/os-firmware-efi-no-enrolled-keys.xml
|
||||||
|
@@ -0,0 +1,49 @@
|
||||||
|
+<domain type='kvm'>
|
||||||
|
+ <name>fedora</name>
|
||||||
|
+ <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
|
||||||
|
+ <memory unit='KiB'>8192</memory>
|
||||||
|
+ <currentMemory unit='KiB'>8192</currentMemory>
|
||||||
|
+ <vcpu placement='static'>1</vcpu>
|
||||||
|
+ <os firmware='efi'>
|
||||||
|
+ <type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
|
||||||
|
+ <firmware type='efi'>
|
||||||
|
+ <feature enabled='no' name='enrolled-keys'/>
|
||||||
|
+ </firmware>
|
||||||
|
+ <boot dev='hd'/>
|
||||||
|
+ </os>
|
||||||
|
+ <features>
|
||||||
|
+ <acpi/>
|
||||||
|
+ <apic/>
|
||||||
|
+ <pae/>
|
||||||
|
+ </features>
|
||||||
|
+ <cpu mode='custom' match='exact' check='none'>
|
||||||
|
+ <model fallback='forbid'>qemu64</model>
|
||||||
|
+ </cpu>
|
||||||
|
+ <clock offset='utc'/>
|
||||||
|
+ <on_poweroff>destroy</on_poweroff>
|
||||||
|
+ <on_reboot>restart</on_reboot>
|
||||||
|
+ <on_crash>destroy</on_crash>
|
||||||
|
+ <devices>
|
||||||
|
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
|
||||||
|
+ <controller type='pci' index='0' model='pcie-root'/>
|
||||||
|
+ <controller type='pci' index='1' model='pcie-root-port'>
|
||||||
|
+ <model name='pcie-root-port'/>
|
||||||
|
+ <target chassis='1' port='0x8'/>
|
||||||
|
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0' multifunction='on'/>
|
||||||
|
+ </controller>
|
||||||
|
+ <controller type='pci' index='2' model='pcie-root-port'>
|
||||||
|
+ <model name='pcie-root-port'/>
|
||||||
|
+ <target chassis='2' port='0x9'/>
|
||||||
|
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
|
||||||
|
+ </controller>
|
||||||
|
+ <controller type='usb' index='0' model='qemu-xhci'>
|
||||||
|
+ <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
|
||||||
|
+ </controller>
|
||||||
|
+ <controller type='sata' index='0'>
|
||||||
|
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
|
||||||
|
+ </controller>
|
||||||
|
+ <input type='mouse' bus='ps2'/>
|
||||||
|
+ <input type='keyboard' bus='ps2'/>
|
||||||
|
+ <memballoon model='none'/>
|
||||||
|
+ </devices>
|
||||||
|
+</domain>
|
||||||
|
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
|
||||||
|
index bc04bea692..5e16d7fd31 100644
|
||||||
|
--- a/tests/qemuxml2argvtest.c
|
||||||
|
+++ b/tests/qemuxml2argvtest.c
|
||||||
|
@@ -3094,6 +3094,7 @@ mymain(void)
|
||||||
|
DO_TEST_CAPS_LATEST("os-firmware-bios");
|
||||||
|
DO_TEST_CAPS_LATEST("os-firmware-efi");
|
||||||
|
DO_TEST_CAPS_LATEST("os-firmware-efi-secboot");
|
||||||
|
+ DO_TEST_CAPS_LATEST("os-firmware-efi-no-enrolled-keys");
|
||||||
|
DO_TEST_CAPS_LATEST_PARSE_ERROR("os-firmware-invalid-type");
|
||||||
|
DO_TEST_CAPS_ARCH_LATEST("aarch64-os-firmware-efi", "aarch64");
|
||||||
|
|
||||||
|
diff --git a/tests/qemuxml2xmloutdata/os-firmware-efi-no-enrolled-keys.x86_64-latest.xml b/tests/qemuxml2xmloutdata/os-firmware-efi-no-enrolled-keys.x86_64-latest.xml
|
||||||
|
new file mode 120000
|
||||||
|
index 0000000000..902ccb783b
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/qemuxml2xmloutdata/os-firmware-efi-no-enrolled-keys.x86_64-latest.xml
|
||||||
|
@@ -0,0 +1 @@
|
||||||
|
+../qemuxml2argvdata/os-firmware-efi-no-enrolled-keys.xml
|
||||||
|
\ No newline at end of file
|
||||||
|
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
|
||||||
|
index 461b5bc68f..9e5747290a 100644
|
||||||
|
--- a/tests/qemuxml2xmltest.c
|
||||||
|
+++ b/tests/qemuxml2xmltest.c
|
||||||
|
@@ -1122,6 +1122,7 @@ mymain(void)
|
||||||
|
DO_TEST_CAPS_LATEST("os-firmware-bios");
|
||||||
|
DO_TEST_CAPS_LATEST("os-firmware-efi");
|
||||||
|
DO_TEST_CAPS_LATEST("os-firmware-efi-secboot");
|
||||||
|
+ DO_TEST_CAPS_LATEST("os-firmware-efi-no-enrolled-keys");
|
||||||
|
|
||||||
|
DO_TEST("aarch64-aavmf-virtio-mmio",
|
||||||
|
QEMU_CAPS_DEVICE_VIRTIO_MMIO,
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -0,0 +1,68 @@
|
|||||||
|
From c8ede44db2e94444e5a8ee38e21eda2b42717879 Mon Sep 17 00:00:00 2001
|
||||||
|
Message-Id: <c8ede44db2e94444e5a8ee38e21eda2b42717879@dist-git>
|
||||||
|
From: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Date: Tue, 18 May 2021 15:03:02 +0200
|
||||||
|
Subject: [PATCH] qemu_firmware: don't error out for unknown firmware features
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
When QEMU introduces new firmware features libvirt will fail until we
|
||||||
|
list that feature in our code as well which doesn't sound right.
|
||||||
|
|
||||||
|
We should simply ignore the new feature until we add a proper support
|
||||||
|
for it.
|
||||||
|
|
||||||
|
Reported-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
|
||||||
|
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||||
|
(cherry picked from commit 61d95a1073833ec4323c1ef28e71e913c55aa7b9)
|
||||||
|
|
||||||
|
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1961562
|
||||||
|
|
||||||
|
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Message-Id: <8989d70d49d8a720532a8c25e3e73d9b3bf2a495.1621342722.git.phrdina@redhat.com>
|
||||||
|
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
|
||||||
|
---
|
||||||
|
src/qemu/qemu_firmware.c | 12 ++++++------
|
||||||
|
1 file changed, 6 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
|
||||||
|
index c84d03f0a8..8ef515ca57 100644
|
||||||
|
--- a/src/qemu/qemu_firmware.c
|
||||||
|
+++ b/src/qemu/qemu_firmware.c
|
||||||
|
@@ -570,6 +570,7 @@ qemuFirmwareFeatureParse(const char *path,
|
||||||
|
virJSONValuePtr featuresJSON;
|
||||||
|
g_autoptr(qemuFirmwareFeature) features = NULL;
|
||||||
|
size_t nfeatures;
|
||||||
|
+ size_t nparsed = 0;
|
||||||
|
size_t i;
|
||||||
|
|
||||||
|
if (!(featuresJSON = virJSONValueObjectGetArray(doc, "features"))) {
|
||||||
|
@@ -590,17 +591,16 @@ qemuFirmwareFeatureParse(const char *path,
|
||||||
|
int tmp;
|
||||||
|
|
||||||
|
if ((tmp = qemuFirmwareFeatureTypeFromString(tmpStr)) <= 0) {
|
||||||
|
- virReportError(VIR_ERR_INTERNAL_ERROR,
|
||||||
|
- _("unknown feature %s"),
|
||||||
|
- tmpStr);
|
||||||
|
- return -1;
|
||||||
|
+ VIR_DEBUG("ignoring unknown QEMU firmware feature '%s'", tmpStr);
|
||||||
|
+ continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
- features[i] = tmp;
|
||||||
|
+ features[nparsed] = tmp;
|
||||||
|
+ nparsed++;
|
||||||
|
}
|
||||||
|
|
||||||
|
fw->features = g_steal_pointer(&features);
|
||||||
|
- fw->nfeatures = nfeatures;
|
||||||
|
+ fw->nfeatures = nparsed;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -0,0 +1,58 @@
|
|||||||
|
From 0f7c8a271f07b3f9aff07dd814d7bec80ddac362 Mon Sep 17 00:00:00 2001
|
||||||
|
Message-Id: <0f7c8a271f07b3f9aff07dd814d7bec80ddac362@dist-git>
|
||||||
|
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
|
||||||
|
Date: Wed, 28 Jul 2021 14:59:00 +0200
|
||||||
|
Subject: [PATCH] security: fix SELinux label generation logic
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
A process can access a file if the set of MCS categories
|
||||||
|
for the file is equal-to *or* a subset-of, the set of
|
||||||
|
MCS categories for the process.
|
||||||
|
|
||||||
|
If there are two VMs:
|
||||||
|
|
||||||
|
a) svirt_t:s0:c117
|
||||||
|
b) svirt_t:s0:c117,c720
|
||||||
|
|
||||||
|
Then VM (b) is able to access files labelled for VM (a).
|
||||||
|
|
||||||
|
IOW, we must discard case where the categories are equal
|
||||||
|
because that is a subset of many other valid category pairs.
|
||||||
|
|
||||||
|
Fixes: https://gitlab.com/libvirt/libvirt/-/issues/153
|
||||||
|
CVE-2021-3631
|
||||||
|
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
|
||||||
|
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||||
|
(cherry picked from commit 15073504dbb624d3f6c911e85557019d3620fdb2)
|
||||||
|
Message-Id: <38c6a7b570b8eb2114d9f1ff0c84a8346e01472f.1627476632.git.pkrempa@redhat.com>
|
||||||
|
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
||||||
|
---
|
||||||
|
src/security/security_selinux.c | 10 +++++++++-
|
||||||
|
1 file changed, 9 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
|
||||||
|
index 985c7eda1a..93fae831ca 100644
|
||||||
|
--- a/src/security/security_selinux.c
|
||||||
|
+++ b/src/security/security_selinux.c
|
||||||
|
@@ -391,7 +391,15 @@ virSecuritySELinuxMCSFind(virSecurityManagerPtr mgr,
|
||||||
|
VIR_DEBUG("Try cat %s:c%d,c%d", sens, c1 + catMin, c2 + catMin);
|
||||||
|
|
||||||
|
if (c1 == c2) {
|
||||||
|
- mcs = g_strdup_printf("%s:c%d", sens, catMin + c1);
|
||||||
|
+ /*
|
||||||
|
+ * A process can access a file if the set of MCS categories
|
||||||
|
+ * for the file is equal-to *or* a subset-of, the set of
|
||||||
|
+ * MCS categories for the process.
|
||||||
|
+ *
|
||||||
|
+ * IOW, we must discard case where the categories are equal
|
||||||
|
+ * because that is a subset of other category pairs.
|
||||||
|
+ */
|
||||||
|
+ continue;
|
||||||
|
} else {
|
||||||
|
if (c1 > c2) {
|
||||||
|
int t = c1;
|
||||||
|
--
|
||||||
|
2.32.0
|
||||||
|
|
@ -0,0 +1,44 @@
|
|||||||
|
From b794a0e4e657defe9a491eb20adf61eafa443ca3 Mon Sep 17 00:00:00 2001
|
||||||
|
Message-Id: <b794a0e4e657defe9a491eb20adf61eafa443ca3@dist-git>
|
||||||
|
From: Peter Krempa <pkrempa@redhat.com>
|
||||||
|
Date: Wed, 28 Jul 2021 14:59:01 +0200
|
||||||
|
Subject: [PATCH] storage_driver: Unlock object on ACL fail in
|
||||||
|
storagePoolLookupByTargetPath
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
'virStoragePoolObjListSearch' returns a locked and refed object, thus we
|
||||||
|
must release it on ACL permission failure.
|
||||||
|
|
||||||
|
Fixes: 7aa0e8c0cb8
|
||||||
|
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1984318
|
||||||
|
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
|
||||||
|
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
|
||||||
|
(cherry picked from commit 447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87)
|
||||||
|
CVE-2021-3667
|
||||||
|
Message-Id: <a398ad51fa2db3697d91711134d28d3e07536bfc.1627476632.git.pkrempa@redhat.com>
|
||||||
|
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
||||||
|
---
|
||||||
|
src/storage/storage_driver.c | 4 +++-
|
||||||
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c
|
||||||
|
index 0bb116cf08..4f0b8c1218 100644
|
||||||
|
--- a/src/storage/storage_driver.c
|
||||||
|
+++ b/src/storage/storage_driver.c
|
||||||
|
@@ -1733,8 +1733,10 @@ storagePoolLookupByTargetPath(virConnectPtr conn,
|
||||||
|
storagePoolLookupByTargetPathCallback,
|
||||||
|
cleanpath))) {
|
||||||
|
def = virStoragePoolObjGetDef(obj);
|
||||||
|
- if (virStoragePoolLookupByTargetPathEnsureACL(conn, def) < 0)
|
||||||
|
+ if (virStoragePoolLookupByTargetPathEnsureACL(conn, def) < 0) {
|
||||||
|
+ virStoragePoolObjEndAPI(&obj);
|
||||||
|
return NULL;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
pool = virGetStoragePool(conn, def->name, def->uuid, NULL, NULL);
|
||||||
|
virStoragePoolObjEndAPI(&obj);
|
||||||
|
--
|
||||||
|
2.32.0
|
||||||
|
|
@ -219,7 +219,7 @@
|
|||||||
Summary: Library providing a simple virtualization API
|
Summary: Library providing a simple virtualization API
|
||||||
Name: libvirt
|
Name: libvirt
|
||||||
Version: 6.0.0
|
Version: 6.0.0
|
||||||
Release: 35.1%{?dist}%{?extra_release}
|
Release: 37%{?dist}%{?extra_release}
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
URL: https://libvirt.org/
|
URL: https://libvirt.org/
|
||||||
|
|
||||||
@ -756,6 +756,22 @@ Patch524: libvirt-cpu_map-Install-x86_EPYC-Milan.xml.patch
|
|||||||
Patch525: libvirt-cpu_map-Fix-spelling-of-svme-addr-chk-feature.patch
|
Patch525: libvirt-cpu_map-Fix-spelling-of-svme-addr-chk-feature.patch
|
||||||
Patch526: libvirt-network-make-it-safe-to-call-networkSetupPrivateChains-multiple-times.patch
|
Patch526: libvirt-network-make-it-safe-to-call-networkSetupPrivateChains-multiple-times.patch
|
||||||
Patch527: libvirt-network-force-re-creation-of-iptables-private-chains-on-firewalld-restart.patch
|
Patch527: libvirt-network-force-re-creation-of-iptables-private-chains-on-firewalld-restart.patch
|
||||||
|
Patch528: libvirt-hostdev-Update-mdev-pointer-reference-after-checking-device-type.patch
|
||||||
|
Patch529: libvirt-hostdev-mdev-Lookup-mdevs-by-sysfs-path-rather-than-mdev-struct.patch
|
||||||
|
Patch530: libvirt-qemu_firmware-don-t-error-out-for-unknown-firmware-features.patch
|
||||||
|
Patch531: libvirt-docs-improve-description-of-secure-attribute-for-loader-element.patch
|
||||||
|
Patch532: libvirt-conf-introduce-virDomainDefParseBootInitOptions.patch
|
||||||
|
Patch533: libvirt-conf-introduce-virDomainDefParseBootKernelOptions.patch
|
||||||
|
Patch534: libvirt-conf-introduce-virDomainDefParseBootFirmwareOptions.patch
|
||||||
|
Patch535: libvirt-conf-introduce-virDomainDefParseBootLoaderOptions.patch
|
||||||
|
Patch536: libvirt-conf-introduce-virDomainDefParseBootAcpiOptions.patch
|
||||||
|
Patch537: libvirt-conf-use-switch-in-virDomainDefParseBootOptions.patch
|
||||||
|
Patch538: libvirt-conf-introduce-support-for-firmware-auto-selection-feature-filtering.patch
|
||||||
|
Patch539: libvirt-qemu-implement-support-for-firmware-auto-selection-feature-filtering.patch
|
||||||
|
Patch540: libvirt-domain_conf-Don-t-leak-def-os.firmwareFeatures.patch
|
||||||
|
Patch541: libvirt-conf-remove-duplicated-firmware-type-attribute.patch
|
||||||
|
Patch542: libvirt-security-fix-SELinux-label-generation-logic.patch
|
||||||
|
Patch543: libvirt-storage_driver-Unlock-object-on-ACL-fail-in-storagePoolLookupByTargetPath.patch
|
||||||
|
|
||||||
Requires: libvirt-daemon = %{version}-%{release}
|
Requires: libvirt-daemon = %{version}-%{release}
|
||||||
Requires: libvirt-daemon-config-network = %{version}-%{release}
|
Requires: libvirt-daemon-config-network = %{version}-%{release}
|
||||||
@ -2532,9 +2548,27 @@ exit 0
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Thu Jun 3 2021 Jiri Denemark <jdenemar@redhat.com> - 6.0.0-35.1.el8
|
* Fri Aug 6 2021 Jiri Denemark <jdenemar@redhat.com> - 6.0.0-37
|
||||||
- network: make it safe to call networkSetupPrivateChains() multiple times (rhbz#1958301)
|
- security: fix SELinux label generation logic (CVE-2021-3631)
|
||||||
- network: force re-creation of iptables private chains on firewalld restart (rhbz#1958301)
|
- storage_driver: Unlock object on ACL fail in storagePoolLookupByTargetPath (CVE-2021-3667)
|
||||||
|
|
||||||
|
* Tue Jun 1 2021 Jiri Denemark <jdenemar@redhat.com> - 6.0.0-36
|
||||||
|
- network: make it safe to call networkSetupPrivateChains() multiple times (rhbz#1942805)
|
||||||
|
- network: force re-creation of iptables private chains on firewalld restart (rhbz#1942805)
|
||||||
|
- hostdev: Update mdev pointer reference after checking device type (rhbz#1940449)
|
||||||
|
- hostdev: mdev: Lookup mdevs by sysfs path rather than mdev struct (rhbz#1940449)
|
||||||
|
- qemu_firmware: don't error out for unknown firmware features (rhbz#1961562)
|
||||||
|
- docs: improve description of secure attribute for loader element (rhbz#1929357)
|
||||||
|
- conf: introduce virDomainDefParseBootInitOptions (rhbz#1929357)
|
||||||
|
- conf: introduce virDomainDefParseBootKernelOptions (rhbz#1929357)
|
||||||
|
- conf: introduce virDomainDefParseBootFirmwareOptions (rhbz#1929357)
|
||||||
|
- conf: introduce virDomainDefParseBootLoaderOptions (rhbz#1929357)
|
||||||
|
- conf: introduce virDomainDefParseBootAcpiOptions (rhbz#1929357)
|
||||||
|
- conf: use switch in virDomainDefParseBootOptions (rhbz#1929357)
|
||||||
|
- conf: introduce support for firmware auto-selection feature filtering (rhbz#1929357)
|
||||||
|
- qemu: implement support for firmware auto-selection feature filtering (rhbz#1929357)
|
||||||
|
- domain_conf: Don't leak def->os.firmwareFeatures (rhbz#1929357)
|
||||||
|
- conf: remove duplicated firmware type attribute (rhbz#1929357)
|
||||||
|
|
||||||
* Thu Mar 4 2021 Jiri Denemark <jdenemar@redhat.com> - 6.0.0-35
|
* Thu Mar 4 2021 Jiri Denemark <jdenemar@redhat.com> - 6.0.0-35
|
||||||
- vircgroupv2: properly detect placement of running VM (rhbz#1798463)
|
- vircgroupv2: properly detect placement of running VM (rhbz#1798463)
|
||||||
|
Loading…
Reference in New Issue
Block a user