rpms/libvirt
6
0
Fork 1
Code Issues Pull Requests Releases Activity

Enable building for ppc64le

Browse Source
This commit is contained in:
Eduard Abdullin 2025-11-27 13:01:50 +00:00 committed by root
commit 8c1523a5c9
94 changed files with 107181 additions and 251 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
SOURCES/libvirt-Add-load-average-information-type-into-virDomainGetGuestInfo.patch
View File

@ -1,5 +1,5 @@
From 514588d016d1e105f987d821331a578a34ccdf49 Mon Sep 17 00:00:00 2001
Message-ID: <514588d016d1e105f987d821331a578a34ccdf49.1745925135.git.jdenemar@redhat.com>
From 9874072fc9396d609f1a0213bb06fa7e9a2fa019 Mon Sep 17 00:00:00 2001
Message-ID: <9874072fc9396d609f1a0213bb06fa7e9a2fa019.1747908717.git.jdenemar@redhat.com>
From: Martin Kletzander <mkletzan@redhat.com>
Date: Tue, 25 Feb 2025 15:36:03 +0100
Subject: [PATCH] Add load average information type into virDomainGetGuestInfo
@ -10,7 +10,7 @@ Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
(cherry picked from commit c52c449fd40c7263896d5f17129207b815c3a09c)
https://issues.redhat.com/browse/RHEL-88449
https://issues.redhat.com/browse/RHEL-88447
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
---

141
SOURCES/libvirt-conf-Add-Intel-TDX-Quote-Generation-Service-QGS-support.patch Normal file
View File

@ -0,0 +1,141 @@
From e3233ee7847c0b51267b511038724a0ab8a54484 Mon Sep 17 00:00:00 2001
Message-ID: <e3233ee7847c0b51267b511038724a0ab8a54484.1759835600.git.jdenemar@redhat.com>
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date: Thu, 10 Jul 2025 03:21:16 -0400
Subject: [PATCH] conf: Add Intel TDX Quote Generation Service(QGS) support
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Add element "quoteGenerationService" to tdx launch security type.
It contains only an optional unix socket address attribute,
when omitted, libvirt will use default QGS server address
"/var/run/tdx-qgs/qgs.socket".
UNIX sockets offer the required functionality with greater
security than vsock, so libvirt only provides support for unix
socket.
XML example:
<launchSecurity type='tdx'>
<policy>0x10000001</policy>
<mrConfigId>xxx</mrConfigId>
<mrOwner>xxx</mrOwner>
<mrOwnerConfig>xxx</mrOwnerConfig>
<quoteGenerationService path='/var/run/tdx-qgs/qgs.socket'/>
</launchSecurity>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
(cherry picked from commit 8214980432191138f052c2e32d12ae284597c8b8)
Resolves: https://issues.redhat.com/browse/RHEL-111840
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
src/conf/domain_conf.c | 35 ++++++++++++++++++++++++++++++-
src/conf/domain_conf.h | 2 ++
src/conf/schemas/domaincommon.rng | 9 ++++++++
3 files changed, 45 insertions(+), 1 deletion(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 92185080a9..38179a7e59 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -3895,6 +3895,7 @@ virDomainSecDefFree(virDomainSecDef *def)
g_free(def->data.tdx.mrconfigid);
g_free(def->data.tdx.mrowner);
g_free(def->data.tdx.mrownerconfig);
+ g_free(def->data.tdx.qgs_unix_path);
break;
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
@@ -13911,6 +13912,33 @@ virDomainSEVSNPDefParseXML(virDomainSEVSNPDef *def,
}
+static int
+virDomainTDXQGSDefParseXML(virDomainTDXDef *def, xmlXPathContextPtr ctxt)
+{
+ g_autofree xmlNodePtr *nodes = NULL;
+ xmlNodePtr node;
+ int n;
+
+ if ((n = virXPathNodeSet("./quoteGenerationService", ctxt, &nodes)) < 0)
+ return -1;
+
+ if (!n)
+ return 0;
+
+ if (n > 1) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("only a single QGS element is supported"));
+ return -1;
+ }
+ node = nodes[0];
+
+ def->haveQGS = true;
+ def->qgs_unix_path = virXMLPropString(node, "path");
+
+ return 0;
+}
+
+
static int
virDomainTDXDefParseXML(virDomainTDXDef *def,
xmlXPathContextPtr ctxt)
@@ -13930,7 +13958,7 @@ virDomainTDXDefParseXML(virDomainTDXDef *def,
def->mrowner = virXPathString("string(./mrOwner)", ctxt);
def->mrownerconfig = virXPathString("string(./mrOwnerConfig)", ctxt);
- return 0;
+ return virDomainTDXQGSDefParseXML(def, ctxt);
}
@@ -27261,6 +27289,11 @@ virDomainTDXDefFormat(virBuffer *childBuf, virDomainTDXDef *def)
virBufferEscapeString(childBuf, "<mrConfigId>%s</mrConfigId>\n", def->mrconfigid);
virBufferEscapeString(childBuf, "<mrOwner>%s</mrOwner>\n", def->mrowner);
virBufferEscapeString(childBuf, "<mrOwnerConfig>%s</mrOwnerConfig>\n", def->mrownerconfig);
+ if (def->haveQGS) {
+ virBufferAddLit(childBuf, "<quoteGenerationService");
+ virBufferEscapeString(childBuf, " path='%s'", def->qgs_unix_path);
+ virBufferAddLit(childBuf, "/>\n");
+ }
}
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 0ea88e013b..85ef6fbf2c 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2965,6 +2965,8 @@ struct _virDomainTDXDef {
char *mrconfigid;
char *mrowner;
char *mrownerconfig;
+ bool haveQGS;
+ char *qgs_unix_path;
};
diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng
index 552b2f4ced..93bc128dec 100644
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@@ -652,6 +652,15 @@
<data type="string"/>
</element>
</optional>
+ <optional>
+ <element name="quoteGenerationService">
+ <optional>
+ <attribute name="path">
+ <ref name="absFilePath"/>
+ </attribute>
+ </optional>
+ </element>
+ </optional>
</interleave>
</define>
--
2.51.0

379
SOURCES/libvirt-conf-Add-tdx-as-launch-security-type.patch Normal file
View File

@ -0,0 +1,379 @@
From 3f4f38e2f1f05b0484035f96e61ee0de130d3050 Mon Sep 17 00:00:00 2001
Message-ID: <3f4f38e2f1f05b0484035f96e61ee0de130d3050.1759835600.git.jdenemar@redhat.com>
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date: Thu, 10 Jul 2025 03:21:09 -0400
Subject: [PATCH] conf: Add tdx as launch security type
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When 'tdx' is used, the VM will be launched with Intel TDX feature enabled.
TDX feature supports running encrypted VM (Trust Domain, TD) under the
control of KVM. A TD runs in a CPU model which protects the confidentiality
of its memory and its CPU state from other software.
There are four optional child elements. Element policy is 64bit hex, bit 0
is set to enable TDX debug, bit 28 is set to enable sept-ve-disable, other
bits are reserved currently. When policy isn't specified, QEMU will use its
own default value 0x10000000. mrConfigId, mrOwner and mrOwnerConfig are
base64 encoded SHA384 digest string.
For example:
<launchSecurity type='tdx'>
<policy>0x10000001</policy>
<mrConfigId>xxx</mrConfigId>
<mrOwner>xxx</mrOwner>
<mrOwnerConfig>xxx</mrOwnerConfig>
</launchSecurity>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit e919a4dd374535511d962bee2cd64f22f1ac3fa1)
Resolves: https://issues.redhat.com/browse/RHEL-111840
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
RHEL: context
---
src/conf/domain_conf.c | 49 +++++++++++++++++++++++++++++++
src/conf/domain_conf.h | 11 +++++++
src/conf/domain_validate.c | 1 +
src/conf/schemas/domaincommon.rng | 32 ++++++++++++++++++++
src/conf/virconftypes.h | 2 ++
src/qemu/qemu_cgroup.c | 1 +
src/qemu/qemu_command.c | 3 ++
src/qemu/qemu_driver.c | 1 +
src/qemu/qemu_firmware.c | 1 +
src/qemu/qemu_namespace.c | 1 +
src/qemu/qemu_process.c | 2 ++
src/qemu/qemu_validate.c | 1 +
src/security/security_dac.c | 2 ++
13 files changed, 107 insertions(+)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 286e59a4c7..92185080a9 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -1538,6 +1538,7 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity,
"sev",
"sev-snp",
"s390-pv",
+ "tdx",
);
VIR_ENUM_IMPL(virDomainPstoreBackend,
@@ -3890,6 +3891,11 @@ virDomainSecDefFree(virDomainSecDef *def)
g_free(def->data.sev_snp.id_auth);
g_free(def->data.sev_snp.host_data);
break;
+ case VIR_DOMAIN_LAUNCH_SECURITY_TDX:
+ g_free(def->data.tdx.mrconfigid);
+ g_free(def->data.tdx.mrowner);
+ g_free(def->data.tdx.mrownerconfig);
+ break;
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
@@ -13905,6 +13911,29 @@ virDomainSEVSNPDefParseXML(virDomainSEVSNPDef *def,
}
+static int
+virDomainTDXDefParseXML(virDomainTDXDef *def,
+ xmlXPathContextPtr ctxt)
+{
+ int rc;
+
+ rc = virXPathULongLongBase("string(./policy)", ctxt, 16, &def->policy);
+ if (rc == 0) {
+ def->havePolicy = true;
+ } else if (rc == -2) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("failed to get launch security policy for launch security type TDX"));
+ return -1;
+ }
+
+ def->mrconfigid = virXPathString("string(./mrConfigId)", ctxt);
+ def->mrowner = virXPathString("string(./mrOwner)", ctxt);
+ def->mrownerconfig = virXPathString("string(./mrOwnerConfig)", ctxt);
+
+ return 0;
+}
+
+
static virDomainSecDef *
virDomainSecDefParseXML(xmlNodePtr lsecNode,
xmlXPathContextPtr ctxt)
@@ -13928,6 +13957,10 @@ virDomainSecDefParseXML(xmlNodePtr lsecNode,
if (virDomainSEVSNPDefParseXML(&sec->data.sev_snp, ctxt) < 0)
return NULL;
break;
+ case VIR_DOMAIN_LAUNCH_SECURITY_TDX:
+ if (virDomainTDXDefParseXML(&sec->data.tdx, ctxt) < 0)
+ return NULL;
+ break;
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
break;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
@@ -27219,6 +27252,18 @@ virDomainSEVSNPDefFormat(virBuffer *attrBuf,
}
+static void
+virDomainTDXDefFormat(virBuffer *childBuf, virDomainTDXDef *def)
+{
+ if (def->havePolicy)
+ virBufferAsprintf(childBuf, "<policy>0x%llx</policy>\n", def->policy);
+
+ virBufferEscapeString(childBuf, "<mrConfigId>%s</mrConfigId>\n", def->mrconfigid);
+ virBufferEscapeString(childBuf, "<mrOwner>%s</mrOwner>\n", def->mrowner);
+ virBufferEscapeString(childBuf, "<mrOwnerConfig>%s</mrOwnerConfig>\n", def->mrownerconfig);
+}
+
+
static void
virDomainSecDefFormat(virBuffer *buf, virDomainSecDef *sec)
{
@@ -27240,6 +27285,10 @@ virDomainSecDefFormat(virBuffer *buf, virDomainSecDef *sec)
virDomainSEVSNPDefFormat(&attrBuf, &childBuf, &sec->data.sev_snp);
break;
+ case VIR_DOMAIN_LAUNCH_SECURITY_TDX:
+ virDomainTDXDefFormat(&childBuf, &sec->data.tdx);
+ break;
+
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
break;
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index e59d2e6c5f..1238f2001f 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2924,6 +2924,7 @@ typedef enum {
VIR_DOMAIN_LAUNCH_SECURITY_SEV,
VIR_DOMAIN_LAUNCH_SECURITY_SEV_SNP,
VIR_DOMAIN_LAUNCH_SECURITY_PV,
+ VIR_DOMAIN_LAUNCH_SECURITY_TDX,
VIR_DOMAIN_LAUNCH_SECURITY_LAST,
} virDomainLaunchSecurity;
@@ -2958,11 +2959,21 @@ struct _virDomainSEVSNPDef {
};
+struct _virDomainTDXDef {
+ bool havePolicy;
+ unsigned long long policy;
+ char *mrconfigid;
+ char *mrowner;
+ char *mrownerconfig;
+};
+
+
struct _virDomainSecDef {
virDomainLaunchSecurity sectype;
union {
virDomainSEVDef sev;
virDomainSEVSNPDef sev_snp;
+ virDomainTDXDef tdx;
} data;
};
diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index 522fd0174f..2d4b79032b 100644
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -1860,6 +1860,7 @@ virDomainDefLaunchSecurityValidate(const virDomainDef *def)
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+ case VIR_DOMAIN_LAUNCH_SECURITY_TDX:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
break;
}
diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng
index 1b153acc48..552b2f4ced 100644
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@@ -528,6 +528,9 @@
<value>s390-pv</value>
</attribute>
</group>
+ <group>
+ <ref name="launchSecurityTDX"/>
+ </group>
</choice>
</element>
</define>
@@ -623,6 +626,35 @@
</optional>
</interleave>
</define>
+
+ <define name="launchSecurityTDX">
+ <attribute name="type">
+ <value>tdx</value>
+ </attribute>
+ <interleave>
+ <optional>
+ <element name="policy">
+ <ref name="hexuint"/>
+ </element>
+ </optional>
+ <optional>
+ <element name="mrConfigId">
+ <data type="string"/>
+ </element>
+ </optional>
+ <optional>
+ <element name="mrOwner">
+ <data type="string"/>
+ </element>
+ </optional>
+ <optional>
+ <element name="mrOwnerConfig">
+ <data type="string"/>
+ </element>
+ </optional>
+ </interleave>
+ </define>
+
<!--
Enable or disable perf events for the domain. For each
of the events the following rules apply:
diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h
index 59be61cea4..d46da4bdda 100644
--- a/src/conf/virconftypes.h
+++ b/src/conf/virconftypes.h
@@ -216,6 +216,8 @@ typedef struct _virDomainSEVDef virDomainSEVDef;
typedef struct _virDomainSEVSNPDef virDomainSEVSNPDef;
+typedef struct _virDomainTDXDef virDomainTDXDef;
+
typedef struct _virDomainSecDef virDomainSecDef;
typedef struct _virDomainShmemDef virDomainShmemDef;
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index f3c85d65e8..03c1c76ec4 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -865,6 +865,7 @@ qemuSetupDevicesCgroup(virDomainObj *vm)
return -1;
break;
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+ case VIR_DOMAIN_LAUNCH_SECURITY_TDX:
break;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 243729800b..6c5e1926a5 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -6990,6 +6990,7 @@ qemuBuildMachineCommandLine(virCommand *cmd,
}
break;
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+ case VIR_DOMAIN_LAUNCH_SECURITY_TDX:
virBufferAddLit(&buf, ",confidential-guest-support=lsec0");
break;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
@@ -9766,6 +9767,8 @@ qemuBuildSecCommandLine(virDomainObj *vm, virCommand *cmd,
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
return qemuBuildPVCommandLine(vm, cmd);
break;
+
+ case VIR_DOMAIN_LAUNCH_SECURITY_TDX:
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
virReportEnumRangeError(virDomainLaunchSecurity, sec->sectype);
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 13e2838f19..7d0c39c89f 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -19174,6 +19174,7 @@ qemuDomainGetLaunchSecurityInfo(virDomainPtr domain,
goto cleanup;
break;
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+ case VIR_DOMAIN_LAUNCH_SECURITY_TDX:
break;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
index 2d0ec0b4fa..6c65a2751b 100644
--- a/src/qemu/qemu_firmware.c
+++ b/src/qemu/qemu_firmware.c
@@ -1371,6 +1371,7 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
}
break;
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+ case VIR_DOMAIN_LAUNCH_SECURITY_TDX:
break;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
index 59421ec9d1..f72da83929 100644
--- a/src/qemu/qemu_namespace.c
+++ b/src/qemu/qemu_namespace.c
@@ -665,6 +665,7 @@ qemuDomainSetupLaunchSecurity(virDomainObj *vm,
VIR_DEBUG("Set up launch security for SEV");
break;
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+ case VIR_DOMAIN_LAUNCH_SECURITY_TDX:
break;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index a78aa8569d..7586248329 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -6856,6 +6856,7 @@ qemuProcessPrepareDomain(virQEMUDriver *driver,
return -1;
break;
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+ case VIR_DOMAIN_LAUNCH_SECURITY_TDX:
break;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
@@ -6928,6 +6929,7 @@ qemuProcessPrepareLaunchSecurityGuestInput(virDomainObj *vm)
case VIR_DOMAIN_LAUNCH_SECURITY_SEV_SNP:
break;
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+ case VIR_DOMAIN_LAUNCH_SECURITY_TDX:
return 0;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index ddfb14399a..34bb7e45c7 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -1391,6 +1391,7 @@ qemuValidateDomainDef(const virDomainDef *def,
return -1;
}
break;
+ case VIR_DOMAIN_LAUNCH_SECURITY_TDX:
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
virReportEnumRangeError(virDomainLaunchSecurity, def->sec->sectype);
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index b4d61bc576..bf849090a7 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -2017,6 +2017,7 @@ virSecurityDACRestoreAllLabel(virSecurityManager *mgr,
rc = -1;
break;
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+ case VIR_DOMAIN_LAUNCH_SECURITY_TDX:
break;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
@@ -2259,6 +2260,7 @@ virSecurityDACSetAllLabel(virSecurityManager *mgr,
return -1;
break;
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+ case VIR_DOMAIN_LAUNCH_SECURITY_TDX:
break;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
--
2.51.0

164
SOURCES/libvirt-conf-Expose-TDX-feature-in-domain-capabilities.patch Normal file
View File

@ -0,0 +1,164 @@
From dec132c0a7598d1d5dfd50e380cf988ac4e0b321 Mon Sep 17 00:00:00 2001
Message-ID: <dec132c0a7598d1d5dfd50e380cf988ac4e0b321.1759835599.git.jdenemar@redhat.com>
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date: Thu, 10 Jul 2025 03:21:08 -0400
Subject: [PATCH] conf: Expose TDX feature in domain capabilities
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Extend qemu TDX capability to domain capabilities.
Signed-off-by: Chenyi Qiang <chenyi.qiang@intel.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit f87397488337ed596b0961855ccdea81de0e161c)
Resolves: https://issues.redhat.com/browse/RHEL-111840
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
RHEL: missing 10.1 data files
---
docs/formatdomaincaps.rst | 1 +
src/conf/domain_capabilities.c | 1 +
src/conf/domain_capabilities.h | 1 +
src/conf/schemas/domaincaps.rng | 9 +++++++++
src/qemu/qemu_capabilities.c | 13 +++++++++++++
.../qemu_10.1.0-q35.x86_64+inteltdx.xml | 1 +
.../domaincapsdata/qemu_10.1.0.x86_64+inteltdx.xml | 1 +
tests/domaincapsmock.c | 3 ++-
8 files changed, 29 insertions(+), 1 deletion(-)
diff --git a/docs/formatdomaincaps.rst b/docs/formatdomaincaps.rst
index ed95af4fee..664194b16d 100644
--- a/docs/formatdomaincaps.rst
+++ b/docs/formatdomaincaps.rst
@@ -720,6 +720,7 @@ capabilities. All features occur as children of the main ``features`` element.
<backingStoreInput supported='yes'/>
<backup supported='yes'/>
<async-teardown supported='yes'/>
+ <tdx supported='yes'/>
<sev>
<cbitpos>47</cbitpos>
<reduced-phys-bits>1</reduced-phys-bits>
diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c
index ab715b19d8..b8f17e6d2f 100644
--- a/src/conf/domain_capabilities.c
+++ b/src/conf/domain_capabilities.c
@@ -44,6 +44,7 @@ VIR_ENUM_IMPL(virDomainCapsFeature,
"async-teardown",
"s390-pv",
"ps2",
+ "tdx",
);
static virClass *virDomainCapsClass;
diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h
index 69dd1a15c1..eacbd6b6b3 100644
--- a/src/conf/domain_capabilities.h
+++ b/src/conf/domain_capabilities.h
@@ -274,6 +274,7 @@ typedef enum {
VIR_DOMAIN_CAPS_FEATURE_ASYNC_TEARDOWN,
VIR_DOMAIN_CAPS_FEATURE_S390_PV,
VIR_DOMAIN_CAPS_FEATURE_PS2,
+ VIR_DOMAIN_CAPS_FEATURE_TDX,
VIR_DOMAIN_CAPS_FEATURE_LAST
} virDomainCapsFeature;
diff --git a/src/conf/schemas/domaincaps.rng b/src/conf/schemas/domaincaps.rng
index 3559d2ae05..850e7d63a0 100644
--- a/src/conf/schemas/domaincaps.rng
+++ b/src/conf/schemas/domaincaps.rng
@@ -357,6 +357,9 @@
<optional>
<ref name="ps2"/>
</optional>
+ <optional>
+ <ref name="tdx"/>
+ </optional>
<optional>
<ref name="sev"/>
</optional>
@@ -421,6 +424,12 @@
</element>
</define>
+ <define name="tdx">
+ <element name="tdx">
+ <ref name="supported"/>
+ </element>
+ </define>
+
<define name="sev">
<element name="sev">
<ref name="supported"/>
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index f912b4cf9d..dbec00c99d 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -6968,6 +6968,18 @@ virQEMUCapsFillDomainFeatureHypervCaps(virQEMUCaps *qemuCaps,
}
+static void
+virQEMUCapsFillDomainFeatureTDXCaps(virQEMUCaps *qemuCaps,
+ virDomainCaps *domCaps)
+{
+ if (domCaps->arch == VIR_ARCH_X86_64 &&
+ domCaps->virttype == VIR_DOMAIN_VIRT_KVM &&
+ virQEMUCapsGet(qemuCaps, QEMU_CAPS_TDX_GUEST) &&
+ virQEMUCapsGetKVMSupportsSecureGuest(qemuCaps))
+ domCaps->features[VIR_DOMAIN_CAPS_FEATURE_TDX] = VIR_TRISTATE_BOOL_YES;
+}
+
+
int
virQEMUCapsFillDomainCaps(virQEMUCaps *qemuCaps,
virArch hostarch,
@@ -7030,6 +7042,7 @@ virQEMUCapsFillDomainCaps(virQEMUCaps *qemuCaps,
virQEMUCapsFillDomainFeaturePS2Caps(qemuCaps, domCaps);
virQEMUCapsFillDomainFeatureSGXCaps(qemuCaps, domCaps);
virQEMUCapsFillDomainFeatureHypervCaps(qemuCaps, domCaps);
+ virQEMUCapsFillDomainFeatureTDXCaps(qemuCaps, domCaps);
virQEMUCapsFillDomainDeviceCryptoCaps(qemuCaps, crypto);
virQEMUCapsFillDomainLaunchSecurity(qemuCaps, launchSecurity);
virQEMUCapsFillDomainDeviceNetCaps(qemuCaps, net);
diff --git a/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml b/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml
index 385a828d43..1d0f9f1362 100644
--- a/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml
+++ b/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml
@@ -722,6 +722,7 @@
<backup supported='yes'/>
<async-teardown supported='yes'/>
<ps2 supported='yes'/>
+ <tdx supported='yes'/>
<sev supported='no'/>
<sgx supported='yes'>
<flc>yes</flc>
diff --git a/tests/domaincapsdata/qemu_10.1.0.x86_64+inteltdx.xml b/tests/domaincapsdata/qemu_10.1.0.x86_64+inteltdx.xml
index f689021a96..a5c781c67c 100644
--- a/tests/domaincapsdata/qemu_10.1.0.x86_64+inteltdx.xml
+++ b/tests/domaincapsdata/qemu_10.1.0.x86_64+inteltdx.xml
@@ -722,6 +722,7 @@
<backup supported='yes'/>
<async-teardown supported='yes'/>
<ps2 supported='yes'/>
+ <tdx supported='yes'/>
<sev supported='no'/>
<sgx supported='yes'>
<flc>yes</flc>
diff --git a/tests/domaincapsmock.c b/tests/domaincapsmock.c
index 6ae0c4ad45..cb6e98dbb8 100644
--- a/tests/domaincapsmock.c
+++ b/tests/domaincapsmock.c
@@ -54,7 +54,8 @@ bool
virQEMUCapsGetKVMSupportsSecureGuest(virQEMUCaps *qemuCaps)
{
if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_MACHINE_CONFIDENTAL_GUEST_SUPPORT) &&
- virQEMUCapsGet(qemuCaps, QEMU_CAPS_S390_PV_GUEST))
+ (virQEMUCapsGet(qemuCaps, QEMU_CAPS_S390_PV_GUEST) ||
+ virQEMUCapsGet(qemuCaps, QEMU_CAPS_TDX_GUEST)))
return true;
if (!real_virQEMUCapsGetKVMSupportsSecureGuest)
--
2.51.0

90
SOURCES/libvirt-conf-Expose-TDX-type-in-domain-launch-security-capability.patch Normal file
View File

@ -0,0 +1,90 @@
From 2e0bf808c6d2543b2279a365f3175d1a9c384617 Mon Sep 17 00:00:00 2001
Message-ID: <2e0bf808c6d2543b2279a365f3175d1a9c384617.1759835600.git.jdenemar@redhat.com>
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date: Thu, 10 Jul 2025 03:21:12 -0400
Subject: [PATCH] conf: Expose TDX type in domain launch security capability
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
As the tdx launch security type support is added, expose it in domain
capabilities so that domain definition validation check can take
effect.
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 0a825f910bb863ddc46c23e8a98834d1903dc526)
Resolves: https://issues.redhat.com/browse/RHEL-111840
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
RHEL: missing 10.1 data files
---
src/qemu/qemu_capabilities.c | 2 ++
tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml | 6 +++++-
tests/domaincapsdata/qemu_10.1.0-tcg.x86_64+inteltdx.xml | 6 +++++-
tests/domaincapsdata/qemu_10.1.0.x86_64+inteltdx.xml | 6 +++++-
4 files changed, 17 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index dbec00c99d..4f239ae77b 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -6762,6 +6762,8 @@ virQEMUCapsFillDomainLaunchSecurity(virQEMUCaps *qemuCaps,
if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_S390_PV_GUEST) &&
virQEMUCapsGet(qemuCaps, QEMU_CAPS_MACHINE_CONFIDENTAL_GUEST_SUPPORT))
VIR_DOMAIN_CAPS_ENUM_SET(launchSecurity->sectype, VIR_DOMAIN_LAUNCH_SECURITY_PV);
+ if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_TDX_GUEST))
+ VIR_DOMAIN_CAPS_ENUM_SET(launchSecurity->sectype, VIR_DOMAIN_LAUNCH_SECURITY_TDX);
if (launchSecurity->sectype.values == 0) {
launchSecurity->supported = VIR_TRISTATE_BOOL_NO;
diff --git a/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml b/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml
index 1d0f9f1362..fedf50a52a 100644
--- a/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml
+++ b/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml
@@ -757,6 +757,10 @@
<value>xmm_input</value>
</enum>
</hyperv>
- <launchSecurity supported='no'/>
+ <launchSecurity supported='yes'>
+ <enum name='sectype'>
+ <value>tdx</value>
+ </enum>
+ </launchSecurity>
</features>
</domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_10.1.0-tcg.x86_64+inteltdx.xml b/tests/domaincapsdata/qemu_10.1.0-tcg.x86_64+inteltdx.xml
index ea79280179..c9913316b8 100644
--- a/tests/domaincapsdata/qemu_10.1.0-tcg.x86_64+inteltdx.xml
+++ b/tests/domaincapsdata/qemu_10.1.0-tcg.x86_64+inteltdx.xml
@@ -1804,6 +1804,10 @@
<value>xmm_input</value>
</enum>
</hyperv>
- <launchSecurity supported='no'/>
+ <launchSecurity supported='yes'>
+ <enum name='sectype'>
+ <value>tdx</value>
+ </enum>
+ </launchSecurity>
</features>
</domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_10.1.0.x86_64+inteltdx.xml b/tests/domaincapsdata/qemu_10.1.0.x86_64+inteltdx.xml
index a5c781c67c..c1aebf16b2 100644
--- a/tests/domaincapsdata/qemu_10.1.0.x86_64+inteltdx.xml
+++ b/tests/domaincapsdata/qemu_10.1.0.x86_64+inteltdx.xml
@@ -757,6 +757,10 @@
<value>xmm_input</value>
</enum>
</hyperv>
- <launchSecurity supported='no'/>
+ <launchSecurity supported='yes'>
+ <enum name='sectype'>
+ <value>tdx</value>
+ </enum>
+ </launchSecurity>
</features>
</domainCapabilities>
--
2.51.0

63
SOURCES/libvirt-conf-Validate-TDX-launchSecurity-element-mrConfigId-mrOwner-mrOwnerConfig.patch Normal file
View File

@ -0,0 +1,63 @@
From 889ea0ba62e2c51b8dc7d75c0f59ba757d57bdce Mon Sep 17 00:00:00 2001
Message-ID: <889ea0ba62e2c51b8dc7d75c0f59ba757d57bdce.1759835600.git.jdenemar@redhat.com>
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date: Thu, 10 Jul 2025 03:21:10 -0400
Subject: [PATCH] conf: Validate TDX launchSecurity element
mrConfigId/mrOwner/mrOwnerConfig
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
mrConfigId/mrOwner/mrOwnerConfig are base64 encoded SHA384 digest,
can be provided for TDX attestation.
Check their decoded lengths to ensure they are 48 bytes.
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit ea625cb60b6c829d96c67a4ac99f6ccb96a15257)
Resolves: https://issues.redhat.com/browse/RHEL-111840
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
src/conf/domain_validate.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index 2d4b79032b..2878b210c7 100644
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -1839,10 +1839,13 @@ virDomainDefValidateIOThreads(const virDomainDef *def)
} \
}
+#define SHA384_DIGEST_SIZE 48
+
static int
virDomainDefLaunchSecurityValidate(const virDomainDef *def)
{
virDomainSEVSNPDef *sev_snp;
+ virDomainTDXDef *tdx;
if (!def->sec)
return 0;
@@ -1857,10 +1860,17 @@ virDomainDefLaunchSecurityValidate(const virDomainDef *def)
CHECK_BASE64_LEN(sev_snp->host_data, "hostData", 32);
break;
+ case VIR_DOMAIN_LAUNCH_SECURITY_TDX:
+ tdx = &def->sec->data.tdx;
+
+ CHECK_BASE64_LEN(tdx->mrconfigid, "mrConfigId", SHA384_DIGEST_SIZE);
+ CHECK_BASE64_LEN(tdx->mrowner, "mrOwner", SHA384_DIGEST_SIZE);
+ CHECK_BASE64_LEN(tdx->mrownerconfig, "mrOwnerConfig", SHA384_DIGEST_SIZE);
+ break;
+
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
- case VIR_DOMAIN_LAUNCH_SECURITY_TDX:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
break;
}
--
2.51.0

12
SOURCES/libvirt-conf-add-deprecated_features-attribute.patch
View File

@ -1,5 +1,5 @@
From 1f2939355139bb56af0db6b4d575bc3aa9831394 Mon Sep 17 00:00:00 2001
Message-ID: <1f2939355139bb56af0db6b4d575bc3aa9831394.1749027246.git.jdenemar@redhat.com>
From 4c66a653f02c8259fdcf72fdcd801b594f73183e Mon Sep 17 00:00:00 2001
Message-ID: <4c66a653f02c8259fdcf72fdcd801b594f73183e.1749039441.git.jdenemar@redhat.com>
From: Collin Walling <walling@linux.ibm.com>
Date: Mon, 16 Dec 2024 18:03:58 -0500
Subject: [PATCH] conf: add deprecated_features attribute
@ -28,7 +28,7 @@ features in the future.
Signed-off-by: Collin Walling <walling@linux.ibm.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit 62658bbf060784c757f96c9de3935f27885834aa)
JIRA: https://issues.redhat.com/browse/RHEL-89977
JIRA: https://issues.redhat.com/browse/RHEL-89415
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
src/conf/cpu_conf.c | 11 +++++++
@ -113,10 +113,10 @@ index 3a8910e09f..8edf1d14e3 100644
<attribute name="migratable">
<ref name="virOnOff"/>
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index c80d7bb6dc..16b8991c3c 100644
index c1ae324ad4..64683ecfe0 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -6483,6 +6483,17 @@ qemuProcessUpdateGuestCPU(virDomainDef *def,
@@ -6429,6 +6429,17 @@ qemuProcessUpdateGuestCPU(virDomainDef *def,
&def->os.arch) < 0)
return -1;
@ -263,7 +263,7 @@ index 0000000000..67950715ec
+ </devices>
+</domain>
diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
index 3947f508a2..049ca630a8 100644
index e88aa6da92..bed562286d 100644
--- a/tests/qemuxmlconftest.c
+++ b/tests/qemuxmlconftest.c
@@ -2300,6 +2300,9 @@ mymain(void)

198
SOURCES/libvirt-conf-add-passthrough-and-xtsup-attributes-for-IOMMU.patch Normal file
View File

@ -0,0 +1,198 @@
From 2cd8164cffc5be97e2836862a4fc44578dae2b47 Mon Sep 17 00:00:00 2001
Message-ID: <2cd8164cffc5be97e2836862a4fc44578dae2b47.1752749355.git.jdenemar@redhat.com>
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
Date: Fri, 14 Mar 2025 17:13:31 +0100
Subject: [PATCH] conf: add passthrough and xtsup attributes for IOMMU
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
For the newly supported AMD device.
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
(cherry picked from commit 856f667c8a3b44417f3b5bb42db5e8bf971bacd4)
https://issues.redhat.com/browse/RHEL-50560
Signed-off-by: Ján Tomko <jtomko@redhat.com>
---
docs/formatdomain.rst | 8 +++++
src/conf/domain_conf.c | 30 +++++++++++++++++++
src/conf/domain_conf.h | 2 ++
src/conf/domain_validate.c | 9 ++++++
src/conf/schemas/domaincommon.rng | 10 +++++++
src/qemu/qemu_command.c | 2 ++
.../amd-iommu.x86_64-latest.args | 2 +-
tests/qemuxmlconfdata/amd-iommu.xml | 2 +-
8 files changed, 63 insertions(+), 2 deletions(-)
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index ec7bdb07d0..847c9ebc6e 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -8885,6 +8885,14 @@ Example:
example to efficiently enable more than 255 vCPUs.
:since:`Since 10.7.0` (QEMU/KVM and ``intel`` model only)
+ ``passthrough``
+ Enable passthrough. In this mode, DMA read/writes are not translated.
+ :since:`Since 11.5.0` (QEMU/KVM and ``amd`` model only)
+
+ ``xtsup``
+ Enable x2APIC mode. Useful for higher number of guest CPUs.
+ :since:`Since 11.5.0` (QEMU/KVM and ``amd`` model only)
+
The ``virtio`` IOMMU devices can further have ``address`` element as described
in `Device addresses`_ (address has to by type of ``pci``).
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 7c8591e509..286e59a4c7 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -14063,6 +14063,14 @@ virDomainIOMMUDefParseXML(virDomainXMLOption *xmlopt,
if (virXMLPropTristateSwitch(driver, "dma_translation", VIR_XML_PROP_NONE,
&iommu->dma_translation) < 0)
return NULL;
+
+ if (virXMLPropTristateSwitch(driver, "xtsup", VIR_XML_PROP_NONE,
+ &iommu->xtsup) < 0)
+ return NULL;
+
+ if (virXMLPropTristateSwitch(driver, "passthrough", VIR_XML_PROP_NONE,
+ &iommu->pt) < 0)
+ return NULL;
}
if (virDomainDeviceInfoParseXML(xmlopt, node, ctxt,
@@ -21682,6 +21690,20 @@ virDomainIOMMUDefCheckABIStability(virDomainIOMMUDef *src,
virTristateSwitchTypeToString(src->dma_translation));
return false;
}
+ if (src->pt != dst->pt) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("Target domain IOMMU device dma translation '%1$s' does not match source '%2$s'"),
+ virTristateSwitchTypeToString(dst->pt),
+ virTristateSwitchTypeToString(src->pt));
+ return false;
+ }
+ if (src->xtsup != dst->xtsup) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("Target domain IOMMU device dma translation '%1$s' does not match source '%2$s'"),
+ virTristateSwitchTypeToString(dst->xtsup),
+ virTristateSwitchTypeToString(src->xtsup));
+ return false;
+ }
return virDomainDeviceInfoCheckABIStability(&src->info, &dst->info);
}
@@ -27735,6 +27757,14 @@ virDomainIOMMUDefFormat(virBuffer *buf,
virBufferAsprintf(&driverAttrBuf, " dma_translation='%s'",
virTristateSwitchTypeToString(iommu->dma_translation));
}
+ if (iommu->pt != VIR_TRISTATE_SWITCH_ABSENT) {
+ virBufferAsprintf(&driverAttrBuf, " passthrough='%s'",
+ virTristateSwitchTypeToString(iommu->pt));
+ }
+ if (iommu->xtsup != VIR_TRISTATE_SWITCH_ABSENT) {
+ virBufferAsprintf(&driverAttrBuf, " xtsup='%s'",
+ virTristateSwitchTypeToString(iommu->xtsup));
+ }
virXMLFormatElement(&childBuf, "driver", &driverAttrBuf, NULL);
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 343bb9bae0..e59d2e6c5f 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2987,6 +2987,8 @@ struct _virDomainIOMMUDef {
unsigned int aw_bits;
virDomainDeviceInfo info;
virTristateSwitch dma_translation;
+ virTristateSwitch xtsup;
+ virTristateSwitch pt;
};
typedef enum {
diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index 483cfbbe08..522fd0174f 100644
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -2999,6 +2999,15 @@ virDomainIOMMUDefValidate(const virDomainIOMMUDef *iommu)
break;
case VIR_DOMAIN_IOMMU_MODEL_INTEL:
+ if (iommu->pt != VIR_TRISTATE_SWITCH_ABSENT ||
+ iommu->xtsup != VIR_TRISTATE_SWITCH_ABSENT) {
+ virReportError(VIR_ERR_XML_ERROR,
+ _("iommu model '%1$s' doesn't support some additional attributes"),
+ virDomainIOMMUModelTypeToString(iommu->model));
+ return -1;
+ }
+ break;
+
case VIR_DOMAIN_IOMMU_MODEL_LAST:
break;
}
diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng
index 38a0586f40..1b153acc48 100644
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@@ -6210,6 +6210,16 @@
<ref name="virOnOff"/>
</attribute>
</optional>
+ <optional>
+ <attribute name="xtsup">
+ <ref name="virOnOff"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="passthrough">
+ <ref name="virOnOff"/>
+ </attribute>
+ </optional>
</element>
</optional>
<optional>
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index de535029a8..fffc8be08a 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -6113,6 +6113,8 @@ qemuBuildIOMMUCommandLine(virCommand *cmd,
"s:driver", "amd-iommu",
"s:pci-id", iommu->info.alias,
"S:intremap", qemuOnOffAuto(iommu->intremap),
+ "T:pt", iommu->pt,
+ "T:xtsup", iommu->xtsup,
"T:device-iotlb", iommu->iotlb,
NULL) < 0)
return -1;
diff --git a/tests/qemuxmlconfdata/amd-iommu.x86_64-latest.args b/tests/qemuxmlconfdata/amd-iommu.x86_64-latest.args
index 36244edb3a..20d7e379e6 100644
--- a/tests/qemuxmlconfdata/amd-iommu.x86_64-latest.args
+++ b/tests/qemuxmlconfdata/amd-iommu.x86_64-latest.args
@@ -27,7 +27,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-no-shutdown \
-boot strict=on \
-device '{"driver":"AMDVI-PCI","id":"iommu0","bus":"pcie.0","addr":"0x1"}' \
--device '{"driver":"amd-iommu","pci-id":"iommu0","intremap":"on","device-iotlb":true}' \
+-device '{"driver":"amd-iommu","pci-id":"iommu0","intremap":"on","pt":true,"xtsup":true,"device-iotlb":true}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-global ICH9-LPC.noreboot=off \
-watchdog-action reset \
diff --git a/tests/qemuxmlconfdata/amd-iommu.xml b/tests/qemuxmlconfdata/amd-iommu.xml
index 0668ed4237..4ad79ce4ae 100644
--- a/tests/qemuxmlconfdata/amd-iommu.xml
+++ b/tests/qemuxmlconfdata/amd-iommu.xml
@@ -32,7 +32,7 @@
<watchdog model='itco' action='reset'/>
<memballoon model='none'/>
<iommu model='amd'>
- <driver intremap='on' iotlb='on'/>
+ <driver intremap='on' iotlb='on' passthrough='on' xtsup='on'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
</iommu>
</devices>
--
2.50.1

422
SOURCES/libvirt-conf-introduce-support-for-multiple-ACPI-tables.patch Normal file
View File

@ -0,0 +1,422 @@
From f4dffda866c49db8cd905d7fb4d35a70c996fa89 Mon Sep 17 00:00:00 2001
Message-ID: <f4dffda866c49db8cd905d7fb4d35a70c996fa89.1742990721.git.jdenemar@redhat.com>
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Mon, 17 Feb 2025 16:30:07 +0000
Subject: [PATCH] conf: introduce support for multiple ACPI tables
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Currently we parse
<os>
<acpi>
<table type="slic">...path...</table>
</acpi>
</os>
into a flat 'char *slic_table' field which is rather an anti-pattern
as it has special cased a single attribute type.
This rewrites the internal design to permit multiple table types to
be parsed, should we add more in future. Each type is currently
permitted to only appear once.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 55f48d38522a4657815668dae9ed9184c8870766)
Resolves: https://issues.redhat.com/browse/RHEL-81041
---
src/conf/domain_conf.c | 92 +++++++++++++++++++++++----------
src/conf/domain_conf.h | 21 +++++++-
src/libvirt_private.syms | 2 +
src/libxl/libxl_conf.c | 5 +-
src/libxl/xen_xl.c | 15 ++++--
src/qemu/qemu_command.c | 13 +++--
src/security/security_dac.c | 18 ++++---
src/security/security_selinux.c | 16 +++---
src/security/virt-aa-helper.c | 5 +-
9 files changed, 134 insertions(+), 53 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 095b9bbaa2..b0628da279 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -1456,6 +1456,11 @@ VIR_ENUM_IMPL(virDomainOsDefFirmwareFeature,
"secure-boot",
);
+VIR_ENUM_IMPL(virDomainOsACPITable,
+ VIR_DOMAIN_OS_ACPI_TABLE_TYPE_LAST,
+ "slic",
+);
+
VIR_ENUM_IMPL(virDomainCFPC,
VIR_DOMAIN_CFPC_LAST,
"none",
@@ -3890,6 +3895,15 @@ virDomainSecDefFree(virDomainSecDef *def)
g_free(def);
}
+void virDomainOSACPITableDefFree(virDomainOSACPITableDef *def)
+{
+ if (!def)
+ return;
+ g_free(def->path);
+ g_free(def);
+}
+
+
static void
virDomainOSDefClear(virDomainOSDef *os)
{
@@ -3915,7 +3929,9 @@ virDomainOSDefClear(virDomainOSDef *os)
g_free(os->cmdline);
g_free(os->dtb);
g_free(os->root);
- g_free(os->slic_table);
+ for (i = 0; i < os->nacpiTables; i++)
+ virDomainOSACPITableDefFree(os->acpiTables[i]);
+ g_free(os->acpiTables);
virDomainLoaderDefFree(os->loader);
g_free(os->bootloader);
g_free(os->bootloaderArgs);
@@ -17849,40 +17865,57 @@ virDomainDefParseBootAcpiOptions(virDomainDef *def,
int n;
g_autofree xmlNodePtr *nodes = NULL;
g_autofree char *tmp = NULL;
+ size_t ntables = 0;
+ virDomainOSACPITableDef **tables = NULL;
+ size_t i;
if ((n = virXPathNodeSet("./os/acpi/table", ctxt, &nodes)) < 0)
return -1;
- if (n > 1) {
- virReportError(VIR_ERR_XML_ERROR, "%s",
- _("Only one acpi table is supported"));
- return -1;
- }
+ if (n == 0)
+ return 0;
- if (n == 1) {
- tmp = virXMLPropString(nodes[0], "type");
+ tables = g_new0(virDomainOSACPITableDef *, n);
+ for (i = 0; i < n; i++) {
+ g_autofree char *path = virXMLNodeContentString(nodes[i]);
+ virDomainOsACPITable type;
+ size_t j;
- if (!tmp) {
- virReportError(VIR_ERR_XML_ERROR, "%s",
- _("Missing acpi table type"));
- return -1;
+ if (!path)
+ goto error;
+
+ if (virXMLPropEnum(nodes[i], "type",
+ virDomainOsACPITableTypeFromString,
+ VIR_XML_PROP_REQUIRED,
+ &type) < 0)
+ goto error;
+
+ for (j = 0; j < i; j++) {
+ if (tables[j]->type == type) {
+ virReportError(VIR_ERR_XML_ERROR,
+ _("ACPI table type '%1$s' may only appear once"),
+ virDomainOsACPITableTypeToString(type));
+ goto error;
+ }
}
- if (STREQ_NULLABLE(tmp, "slic")) {
- VIR_FREE(tmp);
- if (!(tmp = virXMLNodeContentString(nodes[0])))
- return -1;
-
- def->os.slic_table = virFileSanitizePath(tmp);
- } else {
- virReportError(VIR_ERR_XML_ERROR,
- _("Unknown acpi table type: %1$s"),
- tmp);
- return -1;
- }
+ tables[ntables] = g_new0(virDomainOSACPITableDef, 1);
+ tables[ntables]->type = type;
+ tables[ntables]->path = virFileSanitizePath(path);
+ ntables++;
}
+ def->os.nacpiTables = ntables;
+ def->os.acpiTables = tables;
+
return 0;
+
+ error:
+ for (i = 0; i < ntables; i++) {
+ virDomainOSACPITableDefFree(tables[i]);
+ }
+ g_free(tables);
+ return -1;
}
@@ -28447,11 +28480,16 @@ virDomainDefFormatInternalSetRootName(virDomainDef *def,
def->os.dtb);
virBufferEscapeString(buf, "<root>%s</root>\n",
def->os.root);
- if (def->os.slic_table) {
+
+ if (def->os.nacpiTables) {
virBufferAddLit(buf, "<acpi>\n");
virBufferAdjustIndent(buf, 2);
- virBufferEscapeString(buf, "<table type='slic'>%s</table>\n",
- def->os.slic_table);
+ for (i = 0; i < def->os.nacpiTables; i++) {
+ virBufferAsprintf(buf, "<table type='%s'>",
+ virDomainOsACPITableTypeToString(def->os.acpiTables[i]->type));
+ virBufferEscapeString(buf, "%s</table>\n",
+ def->os.acpiTables[i]->path);
+ }
virBufferAdjustIndent(buf, -2);
virBufferAddLit(buf, "</acpi>\n");
}
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 2d38e8fa51..f52b80caec 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2462,6 +2462,24 @@ typedef enum {
VIR_ENUM_DECL(virDomainOsDefFirmwareFeature);
+typedef enum {
+ VIR_DOMAIN_OS_ACPI_TABLE_TYPE_SLIC,
+
+ VIR_DOMAIN_OS_ACPI_TABLE_TYPE_LAST
+} virDomainOsACPITable;
+
+VIR_ENUM_DECL(virDomainOsACPITable);
+
+struct _virDomainOSACPITableDef {
+ virDomainOsACPITable type;
+ char *path;
+};
+
+typedef struct _virDomainOSACPITableDef virDomainOSACPITableDef;
+void virDomainOSACPITableDefFree(virDomainOSACPITableDef *def);
+G_DEFINE_AUTOPTR_CLEANUP_FUNC(virDomainOSACPITableDef, virDomainOSACPITableDefFree);
+
+
struct _virDomainOSDef {
int type;
virDomainOsDefFirmware firmware;
@@ -2484,7 +2502,8 @@ struct _virDomainOSDef {
char *cmdline;
char *dtb;
char *root;
- char *slic_table;
+ size_t nacpiTables;
+ virDomainOSACPITableDef **acpiTables;
virDomainLoaderDef *loader;
char *bootloader;
char *bootloaderArgs;
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 727ab52cfe..be313ad67b 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -609,6 +609,8 @@ virDomainObjTaint;
virDomainObjUpdateModificationImpact;
virDomainObjWait;
virDomainObjWaitUntil;
+virDomainOsACPITableTypeFromString;
+virDomainOsACPITableTypeToString;
virDomainOsDefFirmwareTypeFromString;
virDomainOsDefFirmwareTypeToString;
virDomainOSTypeFromString;
diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c
index c404226e43..7d845b97ec 100644
--- a/src/libxl/libxl_conf.c
+++ b/src/libxl/libxl_conf.c
@@ -582,8 +582,9 @@ libxlMakeDomBuildInfo(virDomainDef *def,
VIR_TRISTATE_SWITCH_ON);
#endif
- /* copy SLIC table path to acpi_firmware */
- b_info->u.hvm.acpi_firmware = g_strdup(def->os.slic_table);
+ /* copy the table path to acpi_firmware */
+ if (def->os.nacpiTables)
+ b_info->u.hvm.acpi_firmware = g_strdup(def->os.acpiTables[0]->path);
if (def->nsounds > 0) {
/*
diff --git a/src/libxl/xen_xl.c b/src/libxl/xen_xl.c
index 53f6871efc..062b753cea 100644
--- a/src/libxl/xen_xl.c
+++ b/src/libxl/xen_xl.c
@@ -106,6 +106,7 @@ xenParseXLOS(virConf *conf, virDomainDef *def, virCaps *caps)
g_autofree char *bios = NULL;
g_autofree char *bios_path = NULL;
g_autofree char *boot = NULL;
+ g_autofree char *slic = NULL;
int val = 0;
if (xenConfigGetString(conf, "bios", &bios, NULL) < 0)
@@ -133,8 +134,15 @@ xenParseXLOS(virConf *conf, virDomainDef *def, virCaps *caps)
}
}
- if (xenConfigCopyStringOpt(conf, "acpi_firmware", &def->os.slic_table) < 0)
+ if (xenConfigCopyStringOpt(conf, "acpi_firmware", &slic) < 0)
return -1;
+ if (slic != NULL) {
+ def->os.nacpiTables = 1;
+ def->os.acpiTables = g_new0(virDomainOSACPITableDef *, 1);
+ def->os.acpiTables[0] = g_new0(virDomainOSACPITableDef, 1);
+ def->os.acpiTables[0]->type = VIR_DOMAIN_OS_ACPI_TABLE_TYPE_SLIC;
+ def->os.acpiTables[0]->path = g_steal_pointer(&slic);
+ }
if (xenConfigCopyStringOpt(conf, "kernel", &def->os.kernel) < 0)
return -1;
@@ -1134,8 +1142,9 @@ xenFormatXLOS(virConf *conf, virDomainDef *def)
return -1;
}
- if (def->os.slic_table &&
- xenConfigSetString(conf, "acpi_firmware", def->os.slic_table) < 0)
+ if (def->os.nacpiTables &&
+ xenConfigSetString(conf, "acpi_firmware",
+ def->os.acpiTables[0]->path) < 0)
return -1;
if (def->os.kernel &&
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 24dac0ce0f..756dd2168b 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -127,6 +127,11 @@ VIR_ENUM_IMPL(qemuNumaPolicy,
"restrictive",
);
+VIR_ENUM_DECL(qemuACPITableSIG);
+VIR_ENUM_IMPL(qemuACPITableSIG,
+ VIR_DOMAIN_OS_ACPI_TABLE_TYPE_LAST,
+ "SLIC");
+
const char *
qemuAudioDriverTypeToString(virDomainAudioType type)
@@ -5968,6 +5973,7 @@ qemuBuildBootCommandLine(virCommand *cmd,
{
g_auto(virBuffer) boot_buf = VIR_BUFFER_INITIALIZER;
g_autofree char *boot_opts_str = NULL;
+ size_t i;
if (def->os.bootmenu) {
if (def->os.bootmenu == VIR_TRISTATE_BOOL_YES)
@@ -6001,11 +6007,12 @@ qemuBuildBootCommandLine(virCommand *cmd,
virCommandAddArgList(cmd, "-append", def->os.cmdline, NULL);
if (def->os.dtb)
virCommandAddArgList(cmd, "-dtb", def->os.dtb, NULL);
- if (def->os.slic_table) {
+ for (i = 0; i < def->os.nacpiTables; i++) {
g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
virCommandAddArg(cmd, "-acpitable");
- virBufferAddLit(&buf, "sig=SLIC,file=");
- virQEMUBuildBufferEscapeComma(&buf, def->os.slic_table);
+ virBufferAsprintf(&buf, "sig=%s,file=",
+ qemuACPITableSIGTypeToString(def->os.acpiTables[i]->type));
+ virQEMUBuildBufferEscapeComma(&buf, def->os.acpiTables[i]->path);
virCommandAddArgBuffer(cmd, &buf);
}
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 0505f4e4a3..b4d61bc576 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -2050,9 +2050,10 @@ virSecurityDACRestoreAllLabel(virSecurityManager *mgr,
virSecurityDACRestoreFileLabel(mgr, def->os.dtb) < 0)
rc = -1;
- if (def->os.slic_table &&
- virSecurityDACRestoreFileLabel(mgr, def->os.slic_table) < 0)
- rc = -1;
+ for (i = 0; i < def->os.nacpiTables; i++) {
+ if (virSecurityDACRestoreFileLabel(mgr, def->os.acpiTables[i]->path) < 0)
+ rc = -1;
+ }
if (def->pstore &&
virSecurityDACRestoreFileLabel(mgr, def->pstore->path) < 0)
@@ -2300,11 +2301,12 @@ virSecurityDACSetAllLabel(virSecurityManager *mgr,
user, group, true) < 0)
return -1;
- if (def->os.slic_table &&
- virSecurityDACSetOwnership(mgr, NULL,
- def->os.slic_table,
- user, group, true) < 0)
- return -1;
+ for (i = 0; i < def->os.nacpiTables; i++) {
+ if (virSecurityDACSetOwnership(mgr, NULL,
+ def->os.acpiTables[i]->path,
+ user, group, true) < 0)
+ return -1;
+ }
if (def->pstore &&
virSecurityDACSetOwnership(mgr, NULL,
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index cdc32d9b34..b8659e33d6 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -3013,9 +3013,10 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManager *mgr,
virSecuritySELinuxRestoreFileLabel(mgr, def->os.dtb, true) < 0)
rc = -1;
- if (def->os.slic_table &&
- virSecuritySELinuxRestoreFileLabel(mgr, def->os.slic_table, true) < 0)
- rc = -1;
+ for (i = 0; i < def->os.nacpiTables; i++) {
+ if (virSecuritySELinuxRestoreFileLabel(mgr, def->os.acpiTables[i]->path, true) < 0)
+ rc = -1;
+ }
if (def->pstore &&
virSecuritySELinuxRestoreFileLabel(mgr, def->pstore->path, true) < 0)
@@ -3443,10 +3444,11 @@ virSecuritySELinuxSetAllLabel(virSecurityManager *mgr,
data->content_context, true) < 0)
return -1;
- if (def->os.slic_table &&
- virSecuritySELinuxSetFilecon(mgr, def->os.slic_table,
- data->content_context, true) < 0)
- return -1;
+ for (i = 0; i < def->os.nacpiTables; i++) {
+ if (virSecuritySELinuxSetFilecon(mgr, def->os.acpiTables[i]->path,
+ data->content_context, true) < 0)
+ return -1;
+ }
if (def->pstore &&
virSecuritySELinuxSetFilecon(mgr, def->pstore->path,
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index e82b5de2b4..e68e908994 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -1002,9 +1002,10 @@ get_files(vahControl * ctl)
if (vah_add_file(&buf, ctl->def->os.dtb, "r") != 0)
goto cleanup;
- if (ctl->def->os.slic_table)
- if (vah_add_file(&buf, ctl->def->os.slic_table, "r") != 0)
+ for (i = 0; i < ctl->def->os.nacpiTables; i++) {
+ if (vah_add_file(&buf, ctl->def->os.acpiTables[i]->path, "r") != 0)
goto cleanup;
+ }
if (ctl->def->pstore)
if (vah_add_file(&buf, ctl->def->pstore->path, "rw") != 0)
--
2.49.0

13
SOURCES/libvirt-conf-parse-interface-source-dev-for-all-interface-types-with-backend-type-passt.patch
View File

@ -1,5 +1,5 @@
From a52da24e19808954454be38945953a2a81c078e9 Mon Sep 17 00:00:00 2001
Message-ID: <a52da24e19808954454be38945953a2a81c078e9.1744361503.git.jdenemar@redhat.com>
From 29ea0453595ee14cdd64b2e9c07343aa870426d0 Mon Sep 17 00:00:00 2001
Message-ID: <29ea0453595ee14cdd64b2e9c07343aa870426d0.1744876587.git.jdenemar@redhat.com>
From: Laine Stump <laine@redhat.com>
Date: Thu, 6 Mar 2025 19:19:12 -0500
Subject: [PATCH] conf: parse interface/source/@dev for all interface types
@ -22,9 +22,6 @@ Resolves: https://issues.redhat.com/browse/RHEL-82539
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
(cherry picked from commit 4c979edaa545c8425f7a856c06ebc0de939d4b9f)
https://issues.redhat.com/browse/RHEL-84689
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/conf/domain_conf.c | 8 +++++---
@ -33,10 +30,10 @@ Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
3 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 095b9bbaa2..94e26bf82a 100644
index f6d3d849eb..726c3095ed 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -9900,9 +9900,6 @@ virDomainNetDefParseXML(virDomainXMLOption *xmlopt,
@@ -9919,9 +9919,6 @@ virDomainNetDefParseXML(virDomainXMLOption *xmlopt,
break;
case VIR_DOMAIN_NET_TYPE_USER:
@ -46,7 +43,7 @@ index 095b9bbaa2..94e26bf82a 100644
case VIR_DOMAIN_NET_TYPE_NULL:
case VIR_DOMAIN_NET_TYPE_LAST:
break;
@@ -10017,6 +10014,11 @@ virDomainNetDefParseXML(virDomainXMLOption *xmlopt,
@@ -10036,6 +10033,11 @@ virDomainNetDefParseXML(virDomainXMLOption *xmlopt,
return NULL;
}

119
SOURCES/libvirt-conf-support-MSDM-ACPI-table-type.patch Normal file
View File

@ -0,0 +1,119 @@
From bfde8a471a604ddc3bfe7ee5baddbedc379ddf34 Mon Sep 17 00:00:00 2001
Message-ID: <bfde8a471a604ddc3bfe7ee5baddbedc379ddf34.1742990721.git.jdenemar@redhat.com>
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Mon, 17 Feb 2025 16:58:27 +0000
Subject: [PATCH] conf: support MSDM ACPI table type
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The MSDM ACPI table is an alternative for the SLIC table type,
sometimes used by Microsoft for Windows Licensing checks:
https://learn.microsoft.com/en-us/previous-versions/windows/hardware/design/dn653305(v=vs.85)
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 32765cd14e99411dfd14a230be86f2aecf7e9a7a)
Resolves: https://issues.redhat.com/browse/RHEL-81041
---
docs/formatdomain.rst | 4 ++++
src/conf/domain_conf.c | 1 +
src/conf/domain_conf.h | 1 +
src/conf/schemas/domaincommon.rng | 1 +
src/libxl/libxl_domain.c | 1 +
src/qemu/qemu_command.c | 3 ++-
src/qemu/qemu_validate.c | 1 +
7 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index b03b5317aa..c144851b62 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -497,6 +497,10 @@ These options apply to any form of booting of the guest OS.
software licensing information. The ACPI table signature in the
header will be forced to ``SLIC`` (:since:`Since 1.3.5 (QEMU)`,
mis-interpreted as ``rawset`` :since:`Since 5.9.0 (Xen)`).
+ * ``msdm``: a single ACPI table with header and data, providing
+ Microsoft Data Management information. The ACPI table signature
+ in the header will be forced to ``MSDM``
+ (:since:`Since 11.2.0`).
Each type may be used only once, except for ``raw`` which can
appear multiple times.
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 2ee0403c86..f6d3d849eb 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -1461,6 +1461,7 @@ VIR_ENUM_IMPL(virDomainOsACPITable,
"raw",
"rawset",
"slic",
+ "msdm",
);
VIR_ENUM_IMPL(virDomainCFPC,
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index bc3f42888e..961b7b056c 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2466,6 +2466,7 @@ typedef enum {
VIR_DOMAIN_OS_ACPI_TABLE_TYPE_RAW,
VIR_DOMAIN_OS_ACPI_TABLE_TYPE_RAWSET,
VIR_DOMAIN_OS_ACPI_TABLE_TYPE_SLIC,
+ VIR_DOMAIN_OS_ACPI_TABLE_TYPE_MSDM,
VIR_DOMAIN_OS_ACPI_TABLE_TYPE_LAST
} virDomainOsACPITable;
diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng
index 99bcc90d4f..d46eb44588 100644
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@@ -7192,6 +7192,7 @@
<value>raw</value>
<value>rawset</value>
<value>slic</value>
+ <value>msdm</value>
</choice>
</attribute>
<ref name="absFilePath"/>
diff --git a/src/libxl/libxl_domain.c b/src/libxl/libxl_domain.c
index e31d92d903..c5a556ec78 100644
--- a/src/libxl/libxl_domain.c
+++ b/src/libxl/libxl_domain.c
@@ -339,6 +339,7 @@ libxlDomainDefValidate(const virDomainDef *def,
break;
case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_RAW:
+ case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_MSDM:
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("ACPI table type '%1$s' is not supported"),
virDomainOsACPITableTypeToString(def->os.acpiTables[i]->type));
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index adf7b21b14..9fe191d3b9 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -132,7 +132,8 @@ VIR_ENUM_IMPL(qemuACPITableSIG,
VIR_DOMAIN_OS_ACPI_TABLE_TYPE_LAST,
"", /* raw */
"", /* rawset */
- "SLIC");
+ "SLIC",
+ "");
const char *
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index b088e54dd0..378f502ea7 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -734,6 +734,7 @@ qemuValidateDomainDefBoot(const virDomainDef *def,
break;
case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_RAWSET:
+ case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_MSDM:
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("ACPI table type '%1$s' is not supported"),
virDomainOsACPITableTypeToString(def->os.acpiTables[i]->type));
--
2.49.0

669
SOURCES/libvirt-cpu_map-Add-GraniteRapids-v2-CPU-model.patch Normal file
View File

@ -0,0 +1,669 @@
From 7a9d85a3159fdc0ecec40338f7f28df91ba08a0c Mon Sep 17 00:00:00 2001
Message-ID: <7a9d85a3159fdc0ecec40338f7f28df91ba08a0c.1747908717.git.jdenemar@redhat.com>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Wed, 18 Dec 2024 13:46:25 +0100
Subject: [PATCH] cpu_map: Add GraniteRapids-v2 CPU model
Introduced by QEMU 9.2.0
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 41a6de76bc6e31a206d9d82c84c5d485b710fe01)
https://issues.redhat.com/browse/RHEL-71897
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit 4dbeaa7e1ce9fffb3e2a2b19ba10cc3d2c19091d)
Conflicts:
- tests/domaincapsdata/qemu_10.0.0* were updated by a later
upstream commit (712c39f987e1fb75a9fe3168dfb2501b719b5070)
which was already backported to RHEL-9 as commit
d056b57fff98c30ef64a695dec44a2ddfcc1c55b with the hunks
related to GraniteRapids-v2 removed, thus this backport has to
incorporate those hunks
https://issues.redhat.com/browse/RHEL-87796
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
=> 4c2001ea03d9466db571ddf07248c20d652ac775
---
src/cpu_map/index.xml | 1 +
src/cpu_map/meson.build | 1 +
src/cpu_map/x86_GraniteRapids-v2.xml | 206 ++++++++++++++++++
.../domaincapsdata/qemu_10.0.0-q35.x86_64.xml | 57 +++++
.../domaincapsdata/qemu_10.0.0-tcg.x86_64.xml | 47 ++++
tests/domaincapsdata/qemu_10.0.0.x86_64.xml | 57 +++++
.../domaincapsdata/qemu_9.2.0-q35.x86_64.xml | 57 +++++
.../domaincapsdata/qemu_9.2.0-tcg.x86_64.xml | 47 ++++
tests/domaincapsdata/qemu_9.2.0.x86_64.xml | 57 +++++
9 files changed, 530 insertions(+)
create mode 100644 src/cpu_map/x86_GraniteRapids-v2.xml
diff --git a/src/cpu_map/index.xml b/src/cpu_map/index.xml
index 8e74195312..dba2f21811 100644
--- a/src/cpu_map/index.xml
+++ b/src/cpu_map/index.xml
@@ -121,6 +121,7 @@
<include filename='x86_SapphireRapids-v3.xml'/>
<include filename='x86_GraniteRapids.xml'/>
<include filename='x86_GraniteRapids-v1.xml'/>
+ <include filename='x86_GraniteRapids-v2.xml'/>
<include filename='x86_SierraForest.xml'/>
<include filename='x86_SierraForest-v1.xml'/>
<include filename='x86_Denverton.xml'/>
diff --git a/src/cpu_map/meson.build b/src/cpu_map/meson.build
index fa7faa4016..9a1c048620 100644
--- a/src/cpu_map/meson.build
+++ b/src/cpu_map/meson.build
@@ -77,6 +77,7 @@ cpumap_data = [
'x86_EPYC.xml',
'x86_features.xml',
'x86_GraniteRapids-v1.xml',
+ 'x86_GraniteRapids-v2.xml',
'x86_GraniteRapids.xml',
'x86_Haswell-IBRS.xml',
'x86_Haswell-noTSX-IBRS.xml',
diff --git a/src/cpu_map/x86_GraniteRapids-v2.xml b/src/cpu_map/x86_GraniteRapids-v2.xml
new file mode 100644
index 0000000000..855a43d4ad
--- /dev/null
+++ b/src/cpu_map/x86_GraniteRapids-v2.xml
@@ -0,0 +1,206 @@
+<cpus>
+ <model name='GraniteRapids-v2'>
+ <decode host='on' guest='off'/>
+ <signature family='6' model='173'/>
+ <vendor name='Intel'/>
+ <feature name='3dnowprefetch'/>
+ <feature name='abm'/>
+ <feature name='adx'/>
+ <feature name='aes'/>
+ <feature name='amx-bf16'/>
+ <feature name='amx-fp16'/>
+ <feature name='amx-int8'/>
+ <feature name='amx-tile'/>
+ <feature name='apic'/>
+ <feature name='arat'/>
+ <feature name='arch-capabilities'/>
+ <feature name='avx'/>
+ <feature name='avx-vnni'/>
+ <feature name='avx10'/>
+ <feature name='avx10-128'/>
+ <feature name='avx10-256'/>
+ <feature name='avx10-512'/>
+ <feature name='avx2'/>
+ <feature name='avx512-bf16'/>
+ <feature name='avx512-fp16'/>
+ <feature name='avx512-vpopcntdq'/>
+ <feature name='avx512bitalg'/>
+ <feature name='avx512bw'/>
+ <feature name='avx512cd'/>
+ <feature name='avx512dq'/>
+ <feature name='avx512f'/>
+ <feature name='avx512ifma'/>
+ <feature name='avx512vbmi'/>
+ <feature name='avx512vbmi2'/>
+ <feature name='avx512vl'/>
+ <feature name='avx512vnni'/>
+ <feature name='bmi1'/>
+ <feature name='bmi2'/>
+ <feature name='bus-lock-detect'/>
+ <feature name='cldemote'/>
+ <feature name='clflush'/>
+ <feature name='clflushopt'/>
+ <feature name='clwb'/>
+ <feature name='cmov'/>
+ <feature name='cx16'/>
+ <feature name='cx8'/>
+ <feature name='de'/>
+ <feature name='erms'/>
+ <feature name='f16c'/>
+ <feature name='fbsdp-no'/>
+ <feature name='fma'/>
+ <feature name='fpu'/>
+ <feature name='fsgsbase'/>
+ <feature name='fsrc'/>
+ <feature name='fsrm'/>
+ <feature name='fsrs'/>
+ <feature name='fxsr'/>
+ <feature name='fzrm'/>
+ <feature name='gfni'/>
+ <feature name='hle'/>
+ <feature name='ibrs-all'/>
+ <feature name='invpcid'/>
+ <feature name='la57'/>
+ <feature name='lahf_lm'/>
+ <feature name='lm'/>
+ <feature name='mca'/>
+ <feature name='mcdt-no'/>
+ <feature name='mce'/>
+ <feature name='mds-no'/>
+ <feature name='mmx'/>
+ <feature name='movbe'/>
+ <feature name='movdir64b'/>
+ <feature name='movdiri'/>
+ <feature name='msr'/>
+ <feature name='mtrr'/>
+ <feature name='nx'/>
+ <feature name='pae'/>
+ <feature name='pat'/>
+ <feature name='pbrsb-no'/>
+ <feature name='pcid'/>
+ <feature name='pclmuldq'/>
+ <feature name='pdpe1gb'/>
+ <feature name='pge'/>
+ <feature name='pku'/>
+ <feature name='pni'/>
+ <feature name='popcnt'/>
+ <feature name='prefetchiti'/>
+ <feature name='pschange-mc-no'/>
+ <feature name='psdp-no'/>
+ <feature name='pse'/>
+ <feature name='pse36'/>
+ <feature name='rdctl-no'/>
+ <feature name='rdpid'/>
+ <feature name='rdrand'/>
+ <feature name='rdseed'/>
+ <feature name='rdtscp'/>
+ <feature name='rtm'/>
+ <feature name='sbdr-ssdp-no'/>
+ <feature name='sep'/>
+ <feature name='serialize'/>
+ <feature name='sha-ni'/>
+ <feature name='skip-l1dfl-vmentry'/>
+ <feature name='smap'/>
+ <feature name='smep'/>
+ <feature name='spec-ctrl'/>
+ <feature name='ss'/>
+ <feature name='ssbd'/>
+ <feature name='sse'/>
+ <feature name='sse2'/>
+ <feature name='sse4.1'/>
+ <feature name='sse4.2'/>
+ <feature name='ssse3'/>
+ <feature name='syscall'/>
+ <feature name='taa-no'/>
+ <feature name='tsc'/>
+ <feature name='tsc-deadline'/>
+ <feature name='tsc_adjust'/>
+ <feature name='tsx-ldtrk'/>
+ <feature name='umip'/>
+ <feature name='vaes'/>
+ <feature name='vme'/>
+ <feature name='vmx-activity-hlt'/>
+ <feature name='vmx-apicv-register'/>
+ <feature name='vmx-apicv-vid'/>
+ <feature name='vmx-apicv-x2apic'/>
+ <feature name='vmx-apicv-xapic'/>
+ <feature name='vmx-cr3-load-noexit'/>
+ <feature name='vmx-cr3-store-noexit'/>
+ <feature name='vmx-cr8-load-exit'/>
+ <feature name='vmx-cr8-store-exit'/>
+ <feature name='vmx-desc-exit'/>
+ <feature name='vmx-entry-ia32e-mode'/>
+ <feature name='vmx-entry-load-efer'/>
+ <feature name='vmx-entry-load-pat'/>
+ <feature name='vmx-entry-load-perf-global-ctrl'/>
+ <feature name='vmx-entry-noload-debugctl'/>
+ <feature name='vmx-ept'/>
+ <feature name='vmx-ept-1gb'/>
+ <feature name='vmx-ept-2mb'/>
+ <feature name='vmx-ept-execonly'/>
+ <feature name='vmx-eptad'/>
+ <feature name='vmx-eptp-switching'/>
+ <feature name='vmx-exit-ack-intr'/>
+ <feature name='vmx-exit-load-efer'/>
+ <feature name='vmx-exit-load-pat'/>
+ <feature name='vmx-exit-load-perf-global-ctrl'/>
+ <feature name='vmx-exit-nosave-debugctl'/>
+ <feature name='vmx-exit-save-efer'/>
+ <feature name='vmx-exit-save-pat'/>
+ <feature name='vmx-exit-save-preemption-timer'/>
+ <feature name='vmx-flexpriority'/>
+ <feature name='vmx-hlt-exit'/>
+ <feature name='vmx-ins-outs'/>
+ <feature name='vmx-intr-exit'/>
+ <feature name='vmx-invept'/>
+ <feature name='vmx-invept-all-context'/>
+ <feature name='vmx-invept-single-context'/>
+ <feature name='vmx-invlpg-exit'/>
+ <feature name='vmx-invpcid-exit'/>
+ <feature name='vmx-invvpid-all-context'/>
+ <feature name='vmx-invvpid-single-addr'/>
+ <feature name='vmx-invvpid-single-context-noglobals'/>
+ <feature name='vmx-io-bitmap'/>
+ <feature name='vmx-io-exit'/>
+ <feature name='vmx-monitor-exit'/>
+ <feature name='vmx-movdr-exit'/>
+ <feature name='vmx-msr-bitmap'/>
+ <feature name='vmx-mtf'/>
+ <feature name='vmx-mwait-exit'/>
+ <feature name='vmx-nmi-exit'/>
+ <feature name='vmx-page-walk-4'/>
+ <feature name='vmx-page-walk-5'/>
+ <feature name='vmx-pause-exit'/>
+ <feature name='vmx-pml'/>
+ <feature name='vmx-posted-intr'/>
+ <feature name='vmx-preemption-timer'/>
+ <feature name='vmx-rdpmc-exit'/>
+ <feature name='vmx-rdrand-exit'/>
+ <feature name='vmx-rdseed-exit'/>
+ <feature name='vmx-rdtsc-exit'/>
+ <feature name='vmx-rdtscp-exit'/>
+ <feature name='vmx-secondary-ctls'/>
+ <feature name='vmx-shadow-vmcs'/>
+ <feature name='vmx-store-lma'/>
+ <feature name='vmx-true-ctls'/>
+ <feature name='vmx-tsc-offset'/>
+ <feature name='vmx-unrestricted-guest'/>
+ <feature name='vmx-vintr-pending'/>
+ <feature name='vmx-vmfunc'/>
+ <feature name='vmx-vmwrite-vmexit-fields'/>
+ <feature name='vmx-vnmi'/>
+ <feature name='vmx-vnmi-pending'/>
+ <feature name='vmx-vpid'/>
+ <feature name='vmx-wbinvd-exit'/>
+ <feature name='vmx-xsaves'/>
+ <feature name='vpclmulqdq'/>
+ <feature name='wbnoinvd'/>
+ <feature name='x2apic'/>
+ <feature name='xfd'/>
+ <feature name='xgetbv1'/>
+ <feature name='xsave'/>
+ <feature name='xsavec'/>
+ <feature name='xsaveopt'/>
+ <feature name='xsaves'/>
+ </model>
+</cpus>
diff --git a/tests/domaincapsdata/qemu_10.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_10.0.0-q35.x86_64.xml
index e4d8862569..f1a7963d34 100644
--- a/tests/domaincapsdata/qemu_10.0.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_10.0.0-q35.x86_64.xml
@@ -565,6 +565,63 @@
<feature name='xfd'/>
<feature name='xsaves'/>
</blockers>
+ <model usable='no' vendor='Intel'>GraniteRapids-v2</model>
+ <blockers model='GraniteRapids-v2'>
+ <feature name='amx-bf16'/>
+ <feature name='amx-fp16'/>
+ <feature name='amx-int8'/>
+ <feature name='amx-tile'/>
+ <feature name='avx-vnni'/>
+ <feature name='avx10'/>
+ <feature name='avx10-128'/>
+ <feature name='avx10-256'/>
+ <feature name='avx10-512'/>
+ <feature name='avx512-bf16'/>
+ <feature name='avx512-fp16'/>
+ <feature name='avx512-vpopcntdq'/>
+ <feature name='avx512bitalg'/>
+ <feature name='avx512bw'/>
+ <feature name='avx512cd'/>
+ <feature name='avx512dq'/>
+ <feature name='avx512f'/>
+ <feature name='avx512ifma'/>
+ <feature name='avx512vbmi'/>
+ <feature name='avx512vbmi2'/>
+ <feature name='avx512vl'/>
+ <feature name='avx512vnni'/>
+ <feature name='bus-lock-detect'/>
+ <feature name='cldemote'/>
+ <feature name='erms'/>
+ <feature name='fbsdp-no'/>
+ <feature name='fsrc'/>
+ <feature name='fsrm'/>
+ <feature name='fsrs'/>
+ <feature name='fzrm'/>
+ <feature name='gfni'/>
+ <feature name='hle'/>
+ <feature name='ibrs-all'/>
+ <feature name='invpcid'/>
+ <feature name='la57'/>
+ <feature name='mcdt-no'/>
+ <feature name='movdir64b'/>
+ <feature name='movdiri'/>
+ <feature name='pbrsb-no'/>
+ <feature name='pcid'/>
+ <feature name='pku'/>
+ <feature name='prefetchiti'/>
+ <feature name='psdp-no'/>
+ <feature name='rtm'/>
+ <feature name='sbdr-ssdp-no'/>
+ <feature name='serialize'/>
+ <feature name='spec-ctrl'/>
+ <feature name='ss'/>
+ <feature name='taa-no'/>
+ <feature name='tsx-ldtrk'/>
+ <feature name='vaes'/>
+ <feature name='vpclmulqdq'/>
+ <feature name='xfd'/>
+ <feature name='xsaves'/>
+ </blockers>
<model usable='no' vendor='Intel' canonical='Haswell-v1'>Haswell</model>
<blockers model='Haswell'>
<feature name='erms'/>
diff --git a/tests/domaincapsdata/qemu_10.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_10.0.0-tcg.x86_64.xml
index a21ed4997e..9a7d39c1f8 100644
--- a/tests/domaincapsdata/qemu_10.0.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_10.0.0-tcg.x86_64.xml
@@ -733,6 +733,53 @@
<feature name='xsavec'/>
<feature name='xsaves'/>
</blockers>
+ <model usable='no' vendor='Intel'>GraniteRapids-v2</model>
+ <blockers model='GraniteRapids-v2'>
+ <feature name='amx-bf16'/>
+ <feature name='amx-fp16'/>
+ <feature name='amx-int8'/>
+ <feature name='amx-tile'/>
+ <feature name='arch-capabilities'/>
+ <feature name='avx-vnni'/>
+ <feature name='avx10'/>
+ <feature name='avx10-128'/>
+ <feature name='avx10-256'/>
+ <feature name='avx10-512'/>
+ <feature name='avx512-bf16'/>
+ <feature name='avx512-fp16'/>
+ <feature name='avx512-vpopcntdq'/>
+ <feature name='avx512bitalg'/>
+ <feature name='avx512bw'/>
+ <feature name='avx512cd'/>
+ <feature name='avx512dq'/>
+ <feature name='avx512f'/>
+ <feature name='avx512ifma'/>
+ <feature name='avx512vbmi'/>
+ <feature name='avx512vbmi2'/>
+ <feature name='avx512vl'/>
+ <feature name='avx512vnni'/>
+ <feature name='bus-lock-detect'/>
+ <feature name='cldemote'/>
+ <feature name='gfni'/>
+ <feature name='hle'/>
+ <feature name='invpcid'/>
+ <feature name='mcdt-no'/>
+ <feature name='movdir64b'/>
+ <feature name='movdiri'/>
+ <feature name='pcid'/>
+ <feature name='prefetchiti'/>
+ <feature name='rtm'/>
+ <feature name='serialize'/>
+ <feature name='spec-ctrl'/>
+ <feature name='ssbd'/>
+ <feature name='tsc-deadline'/>
+ <feature name='tsc_adjust'/>
+ <feature name='tsx-ldtrk'/>
+ <feature name='vpclmulqdq'/>
+ <feature name='xfd'/>
+ <feature name='xsavec'/>
+ <feature name='xsaves'/>
+ </blockers>
<model usable='no' vendor='Intel' canonical='Haswell-v1'>Haswell</model>
<blockers model='Haswell'>
<feature name='hle'/>
diff --git a/tests/domaincapsdata/qemu_10.0.0.x86_64.xml b/tests/domaincapsdata/qemu_10.0.0.x86_64.xml
index f4989749ce..64dc451eda 100644
--- a/tests/domaincapsdata/qemu_10.0.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_10.0.0.x86_64.xml
@@ -564,6 +564,63 @@
<feature name='xfd'/>
<feature name='xsaves'/>
</blockers>
+ <model usable='no' vendor='Intel'>GraniteRapids-v2</model>
+ <blockers model='GraniteRapids-v2'>
+ <feature name='amx-bf16'/>
+ <feature name='amx-fp16'/>
+ <feature name='amx-int8'/>
+ <feature name='amx-tile'/>
+ <feature name='avx-vnni'/>
+ <feature name='avx10'/>
+ <feature name='avx10-128'/>
+ <feature name='avx10-256'/>
+ <feature name='avx10-512'/>
+ <feature name='avx512-bf16'/>
+ <feature name='avx512-fp16'/>
+ <feature name='avx512-vpopcntdq'/>
+ <feature name='avx512bitalg'/>
+ <feature name='avx512bw'/>
+ <feature name='avx512cd'/>
+ <feature name='avx512dq'/>
+ <feature name='avx512f'/>
+ <feature name='avx512ifma'/>
+ <feature name='avx512vbmi'/>
+ <feature name='avx512vbmi2'/>
+ <feature name='avx512vl'/>
+ <feature name='avx512vnni'/>
+ <feature name='bus-lock-detect'/>
+ <feature name='cldemote'/>
+ <feature name='erms'/>
+ <feature name='fbsdp-no'/>
+ <feature name='fsrc'/>
+ <feature name='fsrm'/>
+ <feature name='fsrs'/>
+ <feature name='fzrm'/>
+ <feature name='gfni'/>
+ <feature name='hle'/>
+ <feature name='ibrs-all'/>
+ <feature name='invpcid'/>
+ <feature name='la57'/>
+ <feature name='mcdt-no'/>
+ <feature name='movdir64b'/>
+ <feature name='movdiri'/>
+ <feature name='pbrsb-no'/>
+ <feature name='pcid'/>
+ <feature name='pku'/>
+ <feature name='prefetchiti'/>
+ <feature name='psdp-no'/>
+ <feature name='rtm'/>
+ <feature name='sbdr-ssdp-no'/>
+ <feature name='serialize'/>
+ <feature name='spec-ctrl'/>
+ <feature name='ss'/>
+ <feature name='taa-no'/>
+ <feature name='tsx-ldtrk'/>
+ <feature name='vaes'/>
+ <feature name='vpclmulqdq'/>
+ <feature name='xfd'/>
+ <feature name='xsaves'/>
+ </blockers>
<model usable='no' vendor='Intel' canonical='Haswell-v1'>Haswell</model>
<blockers model='Haswell'>
<feature name='erms'/>
diff --git a/tests/domaincapsdata/qemu_9.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_9.2.0-q35.x86_64.xml
index 99445e5f44..d5db9af49e 100644
--- a/tests/domaincapsdata/qemu_9.2.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_9.2.0-q35.x86_64.xml
@@ -565,6 +565,63 @@
<feature name='xfd'/>
<feature name='xsaves'/>
</blockers>
+ <model usable='no' vendor='Intel'>GraniteRapids-v2</model>
+ <blockers model='GraniteRapids-v2'>
+ <feature name='amx-bf16'/>
+ <feature name='amx-fp16'/>
+ <feature name='amx-int8'/>
+ <feature name='amx-tile'/>
+ <feature name='avx-vnni'/>
+ <feature name='avx10'/>
+ <feature name='avx10-128'/>
+ <feature name='avx10-256'/>
+ <feature name='avx10-512'/>
+ <feature name='avx512-bf16'/>
+ <feature name='avx512-fp16'/>
+ <feature name='avx512-vpopcntdq'/>
+ <feature name='avx512bitalg'/>
+ <feature name='avx512bw'/>
+ <feature name='avx512cd'/>
+ <feature name='avx512dq'/>
+ <feature name='avx512f'/>
+ <feature name='avx512ifma'/>
+ <feature name='avx512vbmi'/>
+ <feature name='avx512vbmi2'/>
+ <feature name='avx512vl'/>
+ <feature name='avx512vnni'/>
+ <feature name='bus-lock-detect'/>
+ <feature name='cldemote'/>
+ <feature name='erms'/>
+ <feature name='fbsdp-no'/>
+ <feature name='fsrc'/>
+ <feature name='fsrm'/>
+ <feature name='fsrs'/>
+ <feature name='fzrm'/>
+ <feature name='gfni'/>
+ <feature name='hle'/>
+ <feature name='ibrs-all'/>
+ <feature name='invpcid'/>
+ <feature name='la57'/>
+ <feature name='mcdt-no'/>
+ <feature name='movdir64b'/>
+ <feature name='movdiri'/>
+ <feature name='pbrsb-no'/>
+ <feature name='pcid'/>
+ <feature name='pku'/>
+ <feature name='prefetchiti'/>
+ <feature name='psdp-no'/>
+ <feature name='rtm'/>
+ <feature name='sbdr-ssdp-no'/>
+ <feature name='serialize'/>
+ <feature name='spec-ctrl'/>
+ <feature name='ss'/>
+ <feature name='taa-no'/>
+ <feature name='tsx-ldtrk'/>
+ <feature name='vaes'/>
+ <feature name='vpclmulqdq'/>
+ <feature name='xfd'/>
+ <feature name='xsaves'/>
+ </blockers>
<model usable='no' vendor='Intel' canonical='Haswell-v1'>Haswell</model>
<blockers model='Haswell'>
<feature name='erms'/>
diff --git a/tests/domaincapsdata/qemu_9.2.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_9.2.0-tcg.x86_64.xml
index 8bf967c99f..7ccdc11412 100644
--- a/tests/domaincapsdata/qemu_9.2.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_9.2.0-tcg.x86_64.xml
@@ -733,6 +733,53 @@
<feature name='xsavec'/>
<feature name='xsaves'/>
</blockers>
+ <model usable='no' vendor='Intel'>GraniteRapids-v2</model>
+ <blockers model='GraniteRapids-v2'>
+ <feature name='amx-bf16'/>
+ <feature name='amx-fp16'/>
+ <feature name='amx-int8'/>
+ <feature name='amx-tile'/>
+ <feature name='arch-capabilities'/>
+ <feature name='avx-vnni'/>
+ <feature name='avx10'/>
+ <feature name='avx10-128'/>
+ <feature name='avx10-256'/>
+ <feature name='avx10-512'/>
+ <feature name='avx512-bf16'/>
+ <feature name='avx512-fp16'/>
+ <feature name='avx512-vpopcntdq'/>
+ <feature name='avx512bitalg'/>
+ <feature name='avx512bw'/>
+ <feature name='avx512cd'/>
+ <feature name='avx512dq'/>
+ <feature name='avx512f'/>
+ <feature name='avx512ifma'/>
+ <feature name='avx512vbmi'/>
+ <feature name='avx512vbmi2'/>
+ <feature name='avx512vl'/>
+ <feature name='avx512vnni'/>
+ <feature name='bus-lock-detect'/>
+ <feature name='cldemote'/>
+ <feature name='gfni'/>
+ <feature name='hle'/>
+ <feature name='invpcid'/>
+ <feature name='mcdt-no'/>
+ <feature name='movdir64b'/>
+ <feature name='movdiri'/>
+ <feature name='pcid'/>
+ <feature name='prefetchiti'/>
+ <feature name='rtm'/>
+ <feature name='serialize'/>
+ <feature name='spec-ctrl'/>
+ <feature name='ssbd'/>
+ <feature name='tsc-deadline'/>
+ <feature name='tsc_adjust'/>
+ <feature name='tsx-ldtrk'/>
+ <feature name='vpclmulqdq'/>
+ <feature name='xfd'/>
+ <feature name='xsavec'/>
+ <feature name='xsaves'/>
+ </blockers>
<model usable='no' vendor='Intel' canonical='Haswell-v1'>Haswell</model>
<blockers model='Haswell'>
<feature name='hle'/>
diff --git a/tests/domaincapsdata/qemu_9.2.0.x86_64.xml b/tests/domaincapsdata/qemu_9.2.0.x86_64.xml
index 40aa971144..05a5ce4bee 100644
--- a/tests/domaincapsdata/qemu_9.2.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_9.2.0.x86_64.xml
@@ -564,6 +564,63 @@
<feature name='xfd'/>
<feature name='xsaves'/>
</blockers>
+ <model usable='no' vendor='Intel'>GraniteRapids-v2</model>
+ <blockers model='GraniteRapids-v2'>
+ <feature name='amx-bf16'/>
+ <feature name='amx-fp16'/>
+ <feature name='amx-int8'/>
+ <feature name='amx-tile'/>
+ <feature name='avx-vnni'/>
+ <feature name='avx10'/>
+ <feature name='avx10-128'/>
+ <feature name='avx10-256'/>
+ <feature name='avx10-512'/>
+ <feature name='avx512-bf16'/>
+ <feature name='avx512-fp16'/>
+ <feature name='avx512-vpopcntdq'/>
+ <feature name='avx512bitalg'/>
+ <feature name='avx512bw'/>
+ <feature name='avx512cd'/>
+ <feature name='avx512dq'/>
+ <feature name='avx512f'/>
+ <feature name='avx512ifma'/>
+ <feature name='avx512vbmi'/>
+ <feature name='avx512vbmi2'/>
+ <feature name='avx512vl'/>
+ <feature name='avx512vnni'/>
+ <feature name='bus-lock-detect'/>
+ <feature name='cldemote'/>
+ <feature name='erms'/>
+ <feature name='fbsdp-no'/>
+ <feature name='fsrc'/>
+ <feature name='fsrm'/>
+ <feature name='fsrs'/>
+ <feature name='fzrm'/>
+ <feature name='gfni'/>
+ <feature name='hle'/>
+ <feature name='ibrs-all'/>
+ <feature name='invpcid'/>
+ <feature name='la57'/>
+ <feature name='mcdt-no'/>
+ <feature name='movdir64b'/>
+ <feature name='movdiri'/>
+ <feature name='pbrsb-no'/>
+ <feature name='pcid'/>
+ <feature name='pku'/>
+ <feature name='prefetchiti'/>
+ <feature name='psdp-no'/>
+ <feature name='rtm'/>
+ <feature name='sbdr-ssdp-no'/>
+ <feature name='serialize'/>
+ <feature name='spec-ctrl'/>
+ <feature name='ss'/>
+ <feature name='taa-no'/>
+ <feature name='tsx-ldtrk'/>
+ <feature name='vaes'/>
+ <feature name='vpclmulqdq'/>
+ <feature name='xfd'/>
+ <feature name='xsaves'/>
+ </blockers>
<model usable='no' vendor='Intel' canonical='Haswell-v1'>Haswell</model>
<blockers model='Haswell'>
<feature name='erms'/>
--
2.49.0

51
SOURCES/libvirt-cpu_map-Add-avx10-CPU-features.patch Normal file
View File

@ -0,0 +1,51 @@
From 9a44ff8f39bc9873ea9efa42d5705dab5f43be2a Mon Sep 17 00:00:00 2001
Message-ID: <9a44ff8f39bc9873ea9efa42d5705dab5f43be2a.1747908717.git.jdenemar@redhat.com>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Wed, 18 Dec 2024 13:30:16 +0100
Subject: [PATCH] cpu_map: Add avx10* CPU features
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 30f05acf354437a776b528487bb70ddccf324cd2)
https://issues.redhat.com/browse/RHEL-87796
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/cpu_map/x86_features.xml | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml
index 08bf014604..8be8fab42e 100644
--- a/src/cpu_map/x86_features.xml
+++ b/src/cpu_map/x86_features.xml
@@ -469,6 +469,9 @@
<feature name='prefetchiti'>
<cpuid eax_in='0x00000007' ecx_in='0x00000001' edx='0x00004000'/>
</feature>
+ <feature name='avx10'>
+ <cpuid eax_in='0x00000007' ecx_in='0x00000001' edx='0x00080000'/>
+ </feature>
<!-- cpuid level 0x00000007, 0x0002 (edx) -->
<feature name='mcdt-no'>
@@ -541,6 +544,17 @@
<cpuid eax_in='0x00000014' ecx_in='0x00000000' ecx='0x80000000'/>
</feature>
+ <!-- cpuid level 0x00000024, 0x0000 (ebx) -->
+ <feature name='avx10-128'>
+ <cpuid eax_in='0x00000024' ecx_in='0x00000000' ebx='0x00010000'/>
+ </feature>
+ <feature name='avx10-256'>
+ <cpuid eax_in='0x00000024' ecx_in='0x00000000' ebx='0x00020000'/>
+ </feature>
+ <feature name='avx10-512'>
+ <cpuid eax_in='0x00000024' ecx_in='0x00000000' ebx='0x00040000'/>
+ </feature>
+
<!-- cpuid level 0x80000001 (ecx) -->
<feature name='lahf_lm'>
<alias name='lahf-lm' source='qemu'/>
--
2.49.0

46
SOURCES/libvirt-cpu_map-Add-sha512-sm3-and-sm4-CPU-features.patch Normal file
View File

@ -0,0 +1,46 @@
From a28c3abf6f5c7c1d8d45b3fc681f6768e2a3d7a9 Mon Sep 17 00:00:00 2001
Message-ID: <a28c3abf6f5c7c1d8d45b3fc681f6768e2a3d7a9.1747908718.git.jdenemar@redhat.com>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Wed, 18 Dec 2024 13:27:40 +0100
Subject: [PATCH] cpu_map: Add sha512, sm3, and sm4 CPU features
Introduced by Clearwater Forest platform.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 212b7d8e280cabddef1f0996bd9553c6a55babd8)
https://issues.redhat.com/browse/RHEL-71898
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit 153ee694e806ebf1ba684c1b7ddfa7a90c9d3adf)
https://issues.redhat.com/browse/RHEL-87796
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/cpu_map/x86_features.xml | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml
index 8be8fab42e..0e1fee6e98 100644
--- a/src/cpu_map/x86_features.xml
+++ b/src/cpu_map/x86_features.xml
@@ -416,6 +416,15 @@
</feature>
<!-- cpuid level 0x00000007, 0x0001 (eax) -->
+ <feature name='sha512'>
+ <cpuid eax_in='0x00000007' ecx_in='0x00000001' eax='0x00000001'/>
+ </feature>
+ <feature name='sm3'>
+ <cpuid eax_in='0x00000007' ecx_in='0x00000001' eax='0x00000002'/>
+ </feature>
+ <feature name='sm4'>
+ <cpuid eax_in='0x00000007' ecx_in='0x00000001' eax='0x00000004'/>
+ </feature>
<feature name='avx-vnni'>
<cpuid eax_in='0x00000007' ecx_in='0x00000001' eax='0x00000010'/>
</feature>
--
2.49.0

94
SOURCES/libvirt-docs-domain-Add-documentation-for-Intel-TDX-guest.patch Normal file
View File

@ -0,0 +1,94 @@
From 81832cba9c026511ccf3fecbff894f9db48fbd33 Mon Sep 17 00:00:00 2001
Message-ID: <81832cba9c026511ccf3fecbff894f9db48fbd33.1759835600.git.jdenemar@redhat.com>
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date: Thu, 10 Jul 2025 03:21:25 -0400
Subject: [PATCH] docs: domain: Add documentation for Intel TDX guest
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
(cherry picked from commit 5e5528ef14b600a43070c7efc3877e3840725dec)
Resolves: https://issues.redhat.com/browse/RHEL-111840
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
docs/formatdomain.rst | 63 +++++++++++++++++++++++++++++++++++++++++++
1 file changed, 63 insertions(+)
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 847c9ebc6e..bfe28759e7 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -9294,6 +9294,69 @@ The ``<launchSecurity/>`` element then accepts the following child elements:
the SNP_LAUNCH_FINISH command in the SEV-SNP firmware ABI.
+The contents of the ``<launchSecurity type='tdx'>`` element is used to provide
+the guest owners input used for creating an encrypted VM using the Intel TDX
+(Trusted Domain eXtensions). Intel TDX refers to an Intel technology that
+extends Virtual Machine Extensions (VMX) and Multi-Key Total Memory Encryption
+(MKTME) with a new kind of virtual machine guest called a Trust Domain (TD).
+A TD runs in a CPU mode that is designed to protect the confidentiality of its
+memory contents and its CPU state from any other software, including the hosting
+Virtual Machine Monitor (VMM), unless explicitly shared by the TD itself.
+Example configuration:
+
+::
+
+ <domain>
+ ...
+ <launchSecurity type='tdx'>
+ <policy>0x10000001</policy>
+ <mrConfigId>xxx</mrConfigId>
+ <mrOwner>xxx</mrOwner>
+ <mrOwnerConfig>xxx</mrOwnerConfig>
+ <quoteGenerationService path="/var/run/tdx-qgs/qgs.socket"/>
+ </launchSecurity>
+ ...
+ </domain>
+
+``policy``
+ The optional ``policy`` element provides the guest TD attributes which is
+ passed by the host VMM as a guest TD initialization parameter as part of
+ TD_PARAMS, it exactly matches the definition of TD_PARAMS.ATTRIBUTES in
+ (Intel TDX Module Spec Table 22.2: ATTRIBUTES Definition). It is reported
+ to the guest TD by TDG.VP.INFO and as part of TDREPORT_STRUCT returned by
+ TDG.MR.REPORT. The guest policy is 64bit unsigned with the fields shown
+ in Table:
+
+ ====== ====================================================================================
+ Bit(s) Description
+ ====== ====================================================================================
+ 0 Guest TD runs in off-TD debug mode when set
+ 1:27 reserved
+ 28 Disable EPT violation conversion to #VE on guest TD access of PENDING pages when set
+ 29:63 reserved
+ ====== ====================================================================================
+
+``mrConfigId``
+ The optional ``mrConfigId`` element provides ID for non-owner-defined
+ configuration of the guest TD, e.g., run-time or OS configuration
+ (base64 encoded SHA384 digest).
+
+``@mrOwner``
+ The optional ``@mrOwner`` element provides ID for the guest TDs owner
+ (base64 encoded SHA384 digest).
+
+``mrOwnerConfig``
+ The optional ``mrOwnerConfig`` element provides ID for owner-defined
+ configuration of the guest TD, e.g., specific to the workload rather than
+ the run-time or OS (base64 encoded SHA384 digest).
+
+``quoteGenerationService``
+ The optional ``quoteGenerationService`` subelement provides Quote Generation
+ Service(QGS) daemon socket address configuration. It includes an optional
+ ``path`` attribute to determine the UNIX socket address, when omitted,
+ ``/var/run/tdx-qgs/qgs.socket`` is used as default. User in TD guest cannot
+ get TD quoting for attestation if this subelement is not provided.
+
Example configs
===============
--
2.51.0

61
SOURCES/libvirt-docs-formatdomain-document-intel-only-IOMMU-attributes.patch Normal file
View File

@ -0,0 +1,61 @@
From 229d362a429fdcf64f91cf2422ab6a402d0af3fa Mon Sep 17 00:00:00 2001
Message-ID: <229d362a429fdcf64f91cf2422ab6a402d0af3fa.1752749355.git.jdenemar@redhat.com>
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
Date: Wed, 19 Mar 2025 01:55:02 +0100
Subject: [PATCH] docs: formatdomain: document intel-only IOMMU attributes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
(cherry picked from commit 6291b0af3dd6a34b5a0f5f56dafa881d9c262f57)
https://issues.redhat.com/browse/RHEL-50560
Signed-off-by: Ján Tomko <jtomko@redhat.com>
---
docs/formatdomain.rst | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 961d20a41d..a950ee1cb4 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -8857,14 +8857,15 @@ Example:
``caching_mode``
The ``caching_mode`` attribute with possible values ``on`` and ``off`` can
be used to turn on the VT-d caching mode (useful for assigned devices).
- :since:`Since 3.4.0` (QEMU/KVM only)
+ :since:`Since 3.4.0` (QEMU/KVM and ``intel`` model only)
``eim``
The ``eim`` attribute (with possible values ``on`` and ``off``) can be
used to configure Extended Interrupt Mode. A q35 domain with split I/O
APIC (as described in `Hypervisor features`_), and
both interrupt remapping and EIM turned on for the IOMMU, will be able to
- use more than 255 vCPUs. :since:`Since 3.4.0` (QEMU/KVM only)
+ use more than 255 vCPUs. :since:`Since 3.4.0` (QEMU/KVM and ``intel`` model
+ only)
``iotlb``
The ``iotlb`` attribute with possible values ``on`` and ``off`` can be
@@ -8874,14 +8875,14 @@ Example:
``aw_bits``
The ``aw_bits`` attribute can be used to set the address width to allow
mapping larger iova addresses in the guest. :since:`Since 6.5.0` (QEMU/KVM
- only)
+ and ``intel`` model only)
``dma_translation``
The ``dma_translation`` attribute with possible values ``on`` and ``off`` can
be used to turn off the dma translation for IOMMU. It is useful when only
interrupt remapping is required but dma translation overhead is unwanted, for
example to efficiently enable more than 255 vCPUs.
- :since:`Since 10.7.0` (QEMU/KVM only)
+ :since:`Since 10.7.0` (QEMU/KVM and ``intel`` model only)
The ``virtio`` IOMMU devices can further have ``address`` element as described
in `Device addresses`_ (address has to by type of ``pci``).
--
2.50.1

49
SOURCES/libvirt-esx-Accept-empty-path-URI-component-same-way-as.patch Normal file
View File

@ -0,0 +1,49 @@
From e9899b64816f8086038098b44690df076d93d8d8 Mon Sep 17 00:00:00 2001
Message-ID: <e9899b64816f8086038098b44690df076d93d8d8.1744876588.git.jdenemar@redhat.com>
From: Peter Krempa <pkrempa@redhat.com>
Date: Tue, 8 Apr 2025 16:25:37 +0200
Subject: [PATCH] esx: Accept empty "path" URI component same way as "/"
When connecting to "esx://" URI there's code which prints a warning that
the path is not "empty". The check validates that "uri->path" is "/".
In case when the user uses URI such as:
esx://hostname
the warning is printed as well. Since there is no effective difference
betweeen the two allow empty strings as well.
Resolves: https://issues.redhat.com/browse/RHEL-86459
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 59f40ba67cc7d0a3f8eeb601c2f3c84def24a361)
---
src/esx/esx_driver.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/esx/esx_driver.c b/src/esx/esx_driver.c
index 6ae4ef9658..512ca6c028 100644
--- a/src/esx/esx_driver.c
+++ b/src/esx/esx_driver.c
@@ -687,7 +687,9 @@ esxConnectToVCenter(esxPrivate *priv,
g_autofree char *url = NULL;
if (!hostSystemIPAddress &&
- (!priv->parsedUri->path || STREQ(priv->parsedUri->path, "/"))) {
+ (!priv->parsedUri->path ||
+ STREQ(priv->parsedUri->path, "") ||
+ STREQ(priv->parsedUri->path, "/"))) {
virReportError(VIR_ERR_INVALID_ARG, "%s",
_("Path has to specify the datacenter and compute resource"));
return -1;
@@ -799,6 +801,7 @@ esxConnectOpen(virConnectPtr conn, virConnectAuthPtr auth,
virCheckFlags(VIR_CONNECT_RO, VIR_DRV_OPEN_ERROR);
if (STRCASENEQ(conn->uri->scheme, "vpx") &&
+ STRNEQ(conn->uri->path, "") &&
STRNEQ(conn->uri->path, "/")) {
VIR_WARN("Ignoring unexpected path '%s' for non-vpx scheme '%s'",
conn->uri->path, conn->uri->scheme);
--
2.49.0

6
SOURCES/libvirt-esx-Allow-specifying-different-CA-bundle-for-remote-connections.patch
View File

@ -1,5 +1,5 @@
From 018bb4a28e986278bb9a6e8d9bec93cb8047b7ce Mon Sep 17 00:00:00 2001
Message-ID: <018bb4a28e986278bb9a6e8d9bec93cb8047b7ce.1752834529.git.jdenemar@redhat.com>
From b554cae09e7870484240b023865bd13fe56878d1 Mon Sep 17 00:00:00 2001
Message-ID: <b554cae09e7870484240b023865bd13fe56878d1.1752749355.git.jdenemar@redhat.com>
From: Martin Kletzander <mkletzan@redhat.com>
Date: Mon, 9 Jun 2025 15:40:12 +0200
Subject: [PATCH] esx: Allow specifying different CA bundle for remote
@ -15,7 +15,7 @@ Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 6c9a0beeca1c6a54eda5d15ba27925c734d51279)
Resolves: https://issues.redhat.com/browse/RHEL-98292
Resolves: https://issues.redhat.com/browse/RHEL-97440
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
---

63
SOURCES/libvirt-esxConnectListAllDomains-Don-t-propagate-failure-to-lookup-a-single-domain.patch Normal file
View File

@ -0,0 +1,63 @@
From 7caecd5f75f22d6bab74efcb3bc151f8bf441ec9 Mon Sep 17 00:00:00 2001
Message-ID: <7caecd5f75f22d6bab74efcb3bc151f8bf441ec9.1744876587.git.jdenemar@redhat.com>
From: Peter Krempa <pkrempa@redhat.com>
Date: Tue, 25 Mar 2025 07:23:01 +0100
Subject: [PATCH] esxConnectListAllDomains: Don't propagate failure to lookup a
single domain
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In esxConnectListAllDomains if the lookup of the VM name and UUID fails
for a single VM (possible e.g. with broken storage) the whole API would
return failure even when there are working VMs.
Rework the lookup so that if a subset fails we ignore the failure on
those. We report an error only if lookup of all of the objects failed.
Failure is reported from the last one.
Resolves: https://issues.redhat.com/browse/RHEL-80606
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 7d4de62cfa8c684b2d63a48c71f0ae009acddf62)
---
src/esx/esx_driver.c | 22 ++++++++++++----------
1 file changed, 12 insertions(+), 10 deletions(-)
diff --git a/src/esx/esx_driver.c b/src/esx/esx_driver.c
index 554fb3e18f..6ae4ef9658 100644
--- a/src/esx/esx_driver.c
+++ b/src/esx/esx_driver.c
@@ -4792,18 +4792,20 @@ esxConnectListAllDomains(virConnectPtr conn,
virtualMachine = virtualMachine->_next) {
g_autofree char *name = NULL;
- if (needIdentity) {
- if (esxVI_GetVirtualMachineIdentity(virtualMachine, &id,
- &name, uuid) < 0) {
- goto cleanup;
- }
- }
+ /* If the lookup of the required properties fails for some of the machines
+ * in the list it's preferrable to return the valid objects instead of
+ * failing outright */
+ if ((needIdentity && esxVI_GetVirtualMachineIdentity(virtualMachine, &id, &name, uuid) < 0) ||
+ (needPowerState && esxVI_GetVirtualMachinePowerState(virtualMachine, &powerState) < 0)) {
- if (needPowerState) {
- if (esxVI_GetVirtualMachinePowerState(virtualMachine,
- &powerState) < 0) {
+ /* Raise error only if we didn't successfuly fill any domain */
+ if (count == 0 && !virtualMachine->_next)
goto cleanup;
- }
+
+ /* failure to fetch information of a single VM must not interrupt
+ * the lookup of the rest */
+ virResetLastError();
+ continue;
}
/* filter by active state */
--
2.49.0

6
SOURCES/libvirt-libvirt-domain-introduce-VIR_CONNECT_GET_DOMAIN_CAPABILITIES_DISABLE_DEPRECATED_FEATURES.patch
View File

@ -1,5 +1,5 @@
From ac453665a65559a7fb8b88d3f96cc275606ab51f Mon Sep 17 00:00:00 2001
Message-ID: <ac453665a65559a7fb8b88d3f96cc275606ab51f.1749027246.git.jdenemar@redhat.com>
From 0b2b30820c623e11aced21adb1692ed23430c064 Mon Sep 17 00:00:00 2001
Message-ID: <0b2b30820c623e11aced21adb1692ed23430c064.1749039441.git.jdenemar@redhat.com>
From: Collin Walling <walling@linux.ibm.com>
Date: Mon, 16 Dec 2024 18:03:55 -0500
Subject: [PATCH] libvirt-domain: introduce
@ -11,7 +11,7 @@ domain's CPU model.
Signed-off-by: Collin Walling <walling@linux.ibm.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit 4e2c8de2047e21d98443944a2bfe94529b269efa)
JIRA: https://issues.redhat.com/browse/RHEL-89977
JIRA: https://issues.redhat.com/browse/RHEL-89415
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
include/libvirt/libvirt-domain.h | 12 ++++++++++++

51
SOURCES/libvirt-libvirt-host-Clarify-fix-description-of-the-CPU-frequency-field.patch Normal file
View File

@ -0,0 +1,51 @@
From a96d1c90832b639c81f6cd893a79610d4379594d Mon Sep 17 00:00:00 2001
Message-ID: <a96d1c90832b639c81f6cd893a79610d4379594d.1744876587.git.jdenemar@redhat.com>
From: Peter Krempa <pkrempa@redhat.com>
Date: Mon, 7 Apr 2025 13:35:37 +0200
Subject: [PATCH] libvirt-host: Clarify/fix description of the CPU frequency
field
The 'virNodeInfo' field for CPU frequency is named 'mhz'. The docs were
mentioning 'mHZ', which is neither the field name nor proper spelling of
the unit.
Reword the paragraph to mention "CPU frequency" instead and explicitly
name the field in virNodeInfo struct.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit e54cc1500ccfb36cd5b67eb4d886c491fdda5b2b)
https://issues.redhat.com/browse/RHEL-86197
---
src/libvirt-host.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/libvirt-host.c b/src/libvirt-host.c
index b3a6421a7f..318a664d24 100644
--- a/src/libvirt-host.c
+++ b/src/libvirt-host.c
@@ -410,9 +410,9 @@ virConnectGetMaxVcpus(virConnectPtr conn,
* Use of this API is strongly discouraged as the information provided
* is not guaranteed to be accurate on all hardware platforms.
*
- * The mHZ value merely reflects the speed that the first CPU in the
- * machine is currently running at. This speed may vary across CPUs
- * and changes continually as the host OS throttles.
+ * The CPU frequency value (field 'mhz' in virNodeInfo) merely reflects the
+ * speed that the first CPU in the machine is currently running at. This speed
+ * may vary across CPUs and changes continually as the host OS throttles.
*
* The nodes/sockets/cores/threads data is potentially inaccurate as
* it assumes a symmetric installation. If one NUMA node has more
@@ -420,7 +420,7 @@ virConnectGetMaxVcpus(virConnectPtr conn,
* wrong. It is also not able to report about CPU dies.
*
* Applications are recommended to use the virConnectGetCapabilities()
- * call instead, which provides all the information except CPU mHZ,
+ * call instead, which provides all the information except CPU frequency,
* in a more accurate representation.
*
* Returns 0 in case of success and -1 in case of failure.
--
2.49.0

85
SOURCES/libvirt-libxl-support-rawset-ACPI-table-type.patch Normal file
View File

@ -0,0 +1,85 @@
From fb8c22b5606b2c3d0881df8df05ad1c909b247b2 Mon Sep 17 00:00:00 2001
Message-ID: <fb8c22b5606b2c3d0881df8df05ad1c909b247b2.1742990721.git.jdenemar@redhat.com>
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Wed, 26 Feb 2025 19:10:42 +0000
Subject: [PATCH] libxl: support 'rawset' ACPI table type
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This fixes representation of the 'acpi_firmware' config in the Xen
driver, which repesents a concatenation of tables of any type.
Use of 'type=slic' is accepted on input for backwards compatibility.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit dac6ecba6f75bff11fbddb2bce8ca9b576ea6a74)
Resolves: https://issues.redhat.com/browse/RHEL-81041
---
docs/formatdomain.rst | 2 +-
src/libxl/libxl_domain.c | 5 +++--
src/libxl/xen_xl.c | 2 +-
tests/xlconfigdata/test-fullvirt-acpi-slic.xml | 2 +-
4 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index ff06efb69f..b03b5317aa 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -492,7 +492,7 @@ These options apply to any form of booting of the guest OS.
signature auto-detected from header (:since:`Since 11.2.0 (QEMU)`).
* ``rawset``: concatenation of multiple ACPI tables with header
and data, each with any ACPI signature, auto-detected from header
- (:since:`Since 11.2.0`).
+ (:since:`Since 11.2.0 (Xen)`).
* ``slic``: a single ACPI table with header and data, providing
software licensing information. The ACPI table signature in the
header will be forced to ``SLIC`` (:since:`Since 1.3.5 (QEMU)`,
diff --git a/src/libxl/libxl_domain.c b/src/libxl/libxl_domain.c
index e564d9e5fe..e31d92d903 100644
--- a/src/libxl/libxl_domain.c
+++ b/src/libxl/libxl_domain.c
@@ -333,11 +333,12 @@ libxlDomainDefValidate(const virDomainDef *def,
for (i = 0; i < def->os.nacpiTables; i++) {
switch (def->os.acpiTables[i]->type) {
- case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_SLIC:
+ case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_SLIC: /* Back compat for historical mistake,
+ * functionally the same as 'rawset' */
+ case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_RAWSET:
break;
case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_RAW:
- case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_RAWSET:
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("ACPI table type '%1$s' is not supported"),
virDomainOsACPITableTypeToString(def->os.acpiTables[i]->type));
diff --git a/src/libxl/xen_xl.c b/src/libxl/xen_xl.c
index 062b753cea..9d06315661 100644
--- a/src/libxl/xen_xl.c
+++ b/src/libxl/xen_xl.c
@@ -140,7 +140,7 @@ xenParseXLOS(virConf *conf, virDomainDef *def, virCaps *caps)
def->os.nacpiTables = 1;
def->os.acpiTables = g_new0(virDomainOSACPITableDef *, 1);
def->os.acpiTables[0] = g_new0(virDomainOSACPITableDef, 1);
- def->os.acpiTables[0]->type = VIR_DOMAIN_OS_ACPI_TABLE_TYPE_SLIC;
+ def->os.acpiTables[0]->type = VIR_DOMAIN_OS_ACPI_TABLE_TYPE_RAWSET;
def->os.acpiTables[0]->path = g_steal_pointer(&slic);
}
diff --git a/tests/xlconfigdata/test-fullvirt-acpi-slic.xml b/tests/xlconfigdata/test-fullvirt-acpi-slic.xml
index 366d877624..bf617e5e05 100644
--- a/tests/xlconfigdata/test-fullvirt-acpi-slic.xml
+++ b/tests/xlconfigdata/test-fullvirt-acpi-slic.xml
@@ -8,7 +8,7 @@
<type arch='x86_64' machine='xenfv'>hvm</type>
<loader type='rom' format='raw'>/usr/lib/xen/boot/hvmloader</loader>
<acpi>
- <table type='slic'>/sys/firmware/acpi/tables/SLIC</table>
+ <table type='rawset'>/sys/firmware/acpi/tables/SLIC</table>
</acpi>
<boot dev='cdrom'/>
</os>
--
2.49.0

55
SOURCES/libvirt-manpages-virsh-Use-disclaimer-from-virNodeGetInfo-for-virsh-nodeinfo.patch Normal file
View File

@ -0,0 +1,55 @@
From 90859b9c9cda1ab3daa34847ac4608cf451102ce Mon Sep 17 00:00:00 2001
Message-ID: <90859b9c9cda1ab3daa34847ac4608cf451102ce.1744876588.git.jdenemar@redhat.com>
From: Peter Krempa <pkrempa@redhat.com>
Date: Mon, 7 Apr 2025 14:58:41 +0200
Subject: [PATCH] manpages: virsh: Use disclaimer from 'virNodeGetInfo()' for
'virsh nodeinfo'
Adapt the disclarimer about the data not being accurate in many cases
from the API docs to the virsh command using the aforementioned API.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 617e2dc3194204a88309e3da55bec8743a5df2ea)
https://issues.redhat.com/browse/RHEL-86197
---
docs/manpages/virsh.rst | 23 +++++++++++++++++++----
1 file changed, 19 insertions(+), 4 deletions(-)
diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
index 2e525d3fac..aea920b7a7 100644
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
@@ -427,10 +427,25 @@ nodeinfo
nodeinfo
Returns basic information about the node, like number and type of CPU,
-and size of the physical memory. The output corresponds to virNodeInfo
-structure. Specifically, the "CPU socket(s)" field means number of CPU
-sockets per NUMA cell. The information libvirt displays is dependent
-upon what each architecture may provide.
+and size of the physical memory.
+
+Use of this command is strongly discouraged as the information provided
+is not guaranteed to be accurate on all hardware platforms.
+
+The *CPU frequency* value merely reflects the speed that the first CPU in the
+machine is currently running at. This speed may vary across CPUs and changes
+continually as the host OS throttles.
+
+The data structure used to fetch the data is not extensible thus only supports
+global nodes/sockets/cores/threads (sockets/cores/threads is per NUMA node)
+topology information. If the host CPU has any further groupings (e.g.
+dies, clusters, etc) or the NUMA topology is non-symmetrical the data structure
+can't faithfully represent the system. In such cases a fake topology
+(nodes = 1, sockets = 1, cores = number of host cpus, threads = 1) which
+only correctly represents the total host CPU count is reported.
+
+Recommended replacement is to use the *capabilities* command which reports
+the data (except frequency) under ``/capabilities/host/topology`` XPath.
nodecpumap
--
2.49.0

6
SOURCES/libvirt-network-Free-inhibitor-in-networkStateCleanup.patch
View File

@ -1,5 +1,5 @@
From 8e64dac6129cacd8f53813cbc7580209e96e7dc3 Mon Sep 17 00:00:00 2001
Message-ID: <8e64dac6129cacd8f53813cbc7580209e96e7dc3.1744361503.git.jdenemar@redhat.com>
From 2ea12b6f6eed044dd7100ed19565319227f7384f Mon Sep 17 00:00:00 2001
Message-ID: <2ea12b6f6eed044dd7100ed19565319227f7384f.1742990721.git.jdenemar@redhat.com>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Thu, 13 Mar 2025 13:01:19 +0100
Subject: [PATCH] network: Free inhibitor in networkStateCleanup()
@ -22,7 +22,7 @@ networkStateCleanup() leading to a memleak:
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
(cherry picked from commit 8701ba4feb528109da8b72fa48a8ada50a235807)
Resolves: https://issues.redhat.com/browse/RHEL-83076
Resolves: https://issues.redhat.com/browse/RHEL-83064
---
src/network/bridge_driver.c | 2 ++
1 file changed, 2 insertions(+)

139
SOURCES/libvirt-qemu-Add-FakeReboot-support-for-TDX-guest.patch Normal file
View File

@ -0,0 +1,139 @@
From 30e83bf71626ce8a180982feb974ac4592b0303c Mon Sep 17 00:00:00 2001
Message-ID: <30e83bf71626ce8a180982feb974ac4592b0303c.1759835600.git.jdenemar@redhat.com>
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date: Thu, 10 Jul 2025 03:21:18 -0400
Subject: [PATCH] qemu: Add FakeReboot support for TDX guest
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Utilize the existing fake reboot mechanism to do reboot for TDX guest.
Different from normal guest, TDX guest doesn't support system_reset,
so have to kill the old guest and start a new one to simulate the reboot.
Co-developed-by: Chenyi Qiang <chenyi.qiang@intel.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 4f733348212b3bb4de491aeaab4ac32f0335673d)
Resolves: https://issues.redhat.com/browse/RHEL-111840
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
RHEL: fix arguments to qemuProcessStart, qemuProcessStop, qemuDomainRemoveInactive
---
src/qemu/qemu_process.c | 80 +++++++++++++++++++++++++++++++++++++++--
1 file changed, 77 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 7586248329..caf63b0ae3 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -446,6 +446,67 @@ qemuProcessHandleReset(qemuMonitor *mon G_GNUC_UNUSED,
}
+/*
+ * Secure guest doesn't support fake reboot via machine CPU reset.
+ * We thus fake reboot via QEMU re-creation.
+ */
+static void
+qemuProcessFakeRebootViaRecreate(virDomainObj *vm)
+{
+ qemuDomainObjPrivate *priv = vm->privateData;
+ virQEMUDriver *driver = priv->driver;
+ int ret = -1;
+
+ VIR_DEBUG("Handle secure guest reboot: destroy phase");
+
+ virObjectLock(vm);
+ if (qemuProcessBeginStopJob(vm, VIR_JOB_DESTROY, 0) < 0)
+ goto cleanup;
+
+ if (virDomainObjCheckActive(vm) < 0) {
+ qemuProcessEndStopJob(vm);
+ goto cleanup;
+ }
+
+ qemuProcessStop(driver, vm, VIR_DOMAIN_SHUTOFF_DESTROYED, VIR_ASYNC_JOB_NONE, 0);
+ virDomainAuditStop(vm, "destroyed");
+
+ /* skip remove inactive domain from active list */
+ qemuProcessEndStopJob(vm);
+
+ VIR_DEBUG("Handle secure guest reboot: boot phase");
+
+ if (qemuProcessBeginJob(vm, VIR_DOMAIN_JOB_OPERATION_START, 0) < 0) {
+ qemuDomainRemoveInactive(driver, vm, 0, false);
+ goto cleanup;
+ }
+
+ if (qemuProcessStart(NULL, driver, vm, NULL, VIR_ASYNC_JOB_START,
+ NULL, -1, NULL, NULL,
+ VIR_NETDEV_VPORT_PROFILE_OP_CREATE,
+ 0) < 0) {
+ virDomainAuditStart(vm, "booted", false);
+ qemuDomainRemoveInactive(driver, vm, 0, false);
+ goto endjob;
+ }
+
+ virDomainAuditStart(vm, "booted", true);
+
+ qemuDomainSaveStatus(vm);
+ ret = 0;
+
+ endjob:
+ qemuProcessEndJob(vm);
+
+ cleanup:
+ priv->pausedShutdown = false;
+ qemuDomainSetFakeReboot(vm, false);
+ if (ret == -1)
+ ignore_value(qemuProcessKill(vm, VIR_QEMU_PROCESS_KILL_FORCE));
+ virDomainObjEndAPI(&vm);
+}
+
+
/*
* Since we have the '-no-shutdown' flag set, the
* QEMU process will currently have guest OS shutdown
@@ -455,15 +516,13 @@ qemuProcessHandleReset(qemuMonitor *mon G_GNUC_UNUSED,
* guest OS booting up again
*/
static void
-qemuProcessFakeReboot(void *opaque)
+qemuProcessFakeRebootViaReset(virDomainObj *vm)
{
- virDomainObj *vm = opaque;
qemuDomainObjPrivate *priv = vm->privateData;
virQEMUDriver *driver = priv->driver;
virDomainRunningReason reason = VIR_DOMAIN_RUNNING_BOOTED;
int ret = -1, rc;
- VIR_DEBUG("vm=%p", vm);
virObjectLock(vm);
if (virDomainObjBeginJob(vm, VIR_JOB_MODIFY) < 0)
goto cleanup;
@@ -509,6 +568,21 @@ qemuProcessFakeReboot(void *opaque)
}
+static void
+qemuProcessFakeReboot(void *opaque)
+{
+ virDomainObj *vm = opaque;
+
+ VIR_DEBUG("vm=%p", vm);
+
+ if (vm->def->sec &&
+ vm->def->sec->sectype == VIR_DOMAIN_LAUNCH_SECURITY_TDX)
+ qemuProcessFakeRebootViaRecreate(vm);
+ else
+ qemuProcessFakeRebootViaReset(vm);
+}
+
+
void
qemuProcessShutdownOrReboot(virDomainObj *vm)
{
--
2.51.0

72
SOURCES/libvirt-qemu-Add-QEMU_CAPS_TDX_GUEST-capability.patch Normal file
View File

@ -0,0 +1,72 @@
From b4b30bd7eebc51bbc4b3de23db6cf3b494a8f60f Mon Sep 17 00:00:00 2001
Message-ID: <b4b30bd7eebc51bbc4b3de23db6cf3b494a8f60f.1759835599.git.jdenemar@redhat.com>
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Wed, 24 Sep 2025 13:11:50 +0200
Subject: [PATCH] qemu: Add QEMU_CAPS_TDX_GUEST capability
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
QEMU_CAPS_TDX_GUEST set means TDX supported with this QEMU.
Signed-off-by: Chenyi Qiang <chenyi.qiang@intel.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
(cherry picked from commit 121fd199420e0f3f645177de78e285dfa3502935)
Resolves: https://issues.redhat.com/browse/RHEL-111840
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
RHEL: context
---
src/qemu/qemu_capabilities.c | 2 ++
src/qemu/qemu_capabilities.h | 1 +
tests/qemucapabilitiesdata/caps_10.1.0_x86_64+inteltdx.xml | 1 +
3 files changed, 4 insertions(+)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index ea0c42d624..f912b4cf9d 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -728,6 +728,7 @@ VIR_ENUM_IMPL(virQEMUCaps,
"blockdev-set-active", /* QEMU_CAPS_BLOCKDEV_SET_ACTIVE */
"amd-iommu", /* QEMU_CAPS_AMD_IOMMU */
"amd-iommu.pci-id", /* QEMU_CAPS_AMD_IOMMU_PCI_ID */
+ "tdx-guest", /* QEMU_CAPS_TDX_GUEST */
);
@@ -1419,6 +1420,7 @@ struct virQEMUCapsStringFlags virQEMUCapsObjectTypes[] = {
{ "acpi-erst", QEMU_CAPS_DEVICE_ACPI_ERST },
{ "virtio-mem-ccw", QEMU_CAPS_DEVICE_VIRTIO_MEM_CCW },
{ "amd-iommu", QEMU_CAPS_AMD_IOMMU },
+ { "tdx-guest", QEMU_CAPS_TDX_GUEST},
};
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 8918e8dfc4..1334a668f0 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -707,6 +707,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */
QEMU_CAPS_BLOCKDEV_SET_ACTIVE, /* blockdev-set-active QMP command supported */
QEMU_CAPS_AMD_IOMMU, /* -device amd-iommu */
QEMU_CAPS_AMD_IOMMU_PCI_ID, /* amd-iommu.pci-id */
+ QEMU_CAPS_TDX_GUEST, /* -object tdx-guest,... */
QEMU_CAPS_LAST /* this must always be the last item */
} virQEMUCapsFlags;
diff --git a/tests/qemucapabilitiesdata/caps_10.1.0_x86_64+inteltdx.xml b/tests/qemucapabilitiesdata/caps_10.1.0_x86_64+inteltdx.xml
index 584d515d8c..54b09813a8 100644
--- a/tests/qemucapabilitiesdata/caps_10.1.0_x86_64+inteltdx.xml
+++ b/tests/qemucapabilitiesdata/caps_10.1.0_x86_64+inteltdx.xml
@@ -194,6 +194,7 @@
<flag name='blockdev-set-active'/>
<flag name='amd-iommu'/>
<flag name='amd-iommu.pci-id'/>
+ <flag name='tdx-guest'/>
<version>10000050</version>
<microcodeVersion>43100286</microcodeVersion>
<package>v10.0.0-1724-gf9a3def17b</package>
--
2.51.0

118
SOURCES/libvirt-qemu-Add-command-line-and-validation-for-TDX-type.patch Normal file
View File

@ -0,0 +1,118 @@
From 2fa4ab6a8a776f41e64bcd7a3f1bf0f76e54f8db Mon Sep 17 00:00:00 2001
Message-ID: <2fa4ab6a8a776f41e64bcd7a3f1bf0f76e54f8db.1759835600.git.jdenemar@redhat.com>
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date: Thu, 10 Jul 2025 03:21:11 -0400
Subject: [PATCH] qemu: Add command line and validation for TDX type
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
QEMU will provides 'tdx-guest' object which is used to launch encrypted
VMs on Intel platform using TDX feature.
Command line looks like:
$QEMU ... \
-object '{"qom-type":"tdx-guest","id":"lsec0","mrconfigid":"xxx","mrowner":"xxx","mrownerconfig":"xxx","attributes":268435457}' \
-machine pc-q35-6.0,confidential-guest-support=lsec0
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 67b0720d2f2a16ab59a11aa8ecccfe11c73d8727)
Resolves: https://issues.redhat.com/browse/RHEL-111840
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
RHEL: pass priv->qemuCaps to qemuBuildObjectCommandlineFromJSON
---
src/conf/domain_conf.h | 5 +++++
src/qemu/qemu_command.c | 29 +++++++++++++++++++++++++++++
src/qemu/qemu_validate.c | 12 ++++++++++++
3 files changed, 46 insertions(+)
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 1238f2001f..0ea88e013b 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2968,6 +2968,11 @@ struct _virDomainTDXDef {
};
+#define VIR_DOMAIN_TDX_POLICY_DEBUG 0x1
+#define VIR_DOMAIN_TDX_POLICY_SEPT_VE_DISABLE 0x10000000
+#define VIR_DOMAIN_TDX_POLICY_ALLOWED_MASK (VIR_DOMAIN_TDX_POLICY_DEBUG | \
+ VIR_DOMAIN_TDX_POLICY_SEPT_VE_DISABLE)
+
struct _virDomainSecDef {
virDomainLaunchSecurity sectype;
union {
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 6c5e1926a5..c2183d332e 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -9750,6 +9750,34 @@ qemuBuildPVCommandLine(virDomainObj *vm, virCommand *cmd)
}
+static int
+qemuBuildTDXCommandLine(virDomainObj *vm, virCommand *cmd,
+ virDomainTDXDef *tdx)
+{
+ g_autoptr(virJSONValue) props = NULL;
+ qemuDomainObjPrivate *priv = vm->privateData;
+
+ if (tdx->havePolicy)
+ VIR_DEBUG("policy=0x%llx", tdx->policy);
+
+ if (qemuMonitorCreateObjectProps(&props, "tdx-guest", "lsec0",
+ "S:mrconfigid", tdx->mrconfigid,
+ "S:mrowner", tdx->mrowner,
+ "S:mrownerconfig", tdx->mrownerconfig,
+ NULL) < 0)
+ return -1;
+
+ if (tdx->havePolicy &&
+ virJSONValueObjectAdd(&props, "U:attributes", tdx->policy, NULL) < 0)
+ return -1;
+
+ if (qemuBuildObjectCommandlineFromJSON(cmd, props, priv->qemuCaps) < 0)
+ return -1;
+
+ return 0;
+}
+
+
static int
qemuBuildSecCommandLine(virDomainObj *vm, virCommand *cmd,
virDomainSecDef *sec)
@@ -9769,6 +9797,7 @@ qemuBuildSecCommandLine(virDomainObj *vm, virCommand *cmd,
break;
case VIR_DOMAIN_LAUNCH_SECURITY_TDX:
+ return qemuBuildTDXCommandLine(vm, cmd, &sec->data.tdx);
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
virReportEnumRangeError(virDomainLaunchSecurity, sec->sectype);
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index 34bb7e45c7..80aa2529f2 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -1392,6 +1392,18 @@ qemuValidateDomainDef(const virDomainDef *def,
}
break;
case VIR_DOMAIN_LAUNCH_SECURITY_TDX:
+ if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_TDX_GUEST)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Intel TDX launch security is not supported with this QEMU binary"));
+ return -1;
+ }
+ if (def->sec->data.tdx.havePolicy &&
+ def->sec->data.tdx.policy & ~VIR_DOMAIN_TDX_POLICY_ALLOWED_MASK) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Only bit0(debug) and bit28(sept-ve-disable) are supported intel TDX launch security policy"));
+ return -1;
+ }
+ break;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
virReportEnumRangeError(virDomainLaunchSecurity, def->sec->sectype);
--
2.51.0

84
SOURCES/libvirt-qemu-Add-command-line-for-TDX-Quote-Generation-Service-QGS.patch Normal file
View File

@ -0,0 +1,84 @@
From ed45ed36365fd14833c74d6143678afdf8448dc7 Mon Sep 17 00:00:00 2001
Message-ID: <ed45ed36365fd14833c74d6143678afdf8448dc7.1759835600.git.jdenemar@redhat.com>
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Wed, 24 Sep 2025 12:41:09 +0200
Subject: [PATCH] qemu: Add command line for TDX Quote Generation Service(QGS)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
'tdx-guest' object supports a "quote-generation-socket" property for
attestation purpose. When "quote-generation-socket" is configured in
guest xml, libvirt generates unix socket format cmdline for QEMU.
'Path' element can be omitted, default path "/var/run/tdx-qgs/qgs.socket"
is used in this case.
QEMU command line example:
qemu-system-x86_64 \
-object '{"qom-type":"tdx-guest","id":"lsec0","mrconfigid":"xxx","mrowner":"xxx","mrownerconfig":"xxx","quote-generation-socket":{"type":"unix","path":"/var/run/tdx-qgs/qgs.socket"},"attributes":268435457}' \
-machine pc-q35-6.0,confidential-guest-support=lsec0
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 61c4c1b538eed608315c21126b4bd1d26f972512)
Resolves: https://issues.redhat.com/browse/RHEL-111840
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
RHEL: context
---
src/conf/domain_conf.h | 3 +++
src/qemu/qemu_command.c | 14 ++++++++++++++
2 files changed, 17 insertions(+)
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 85ef6fbf2c..15aacc71c1 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2959,6 +2959,9 @@ struct _virDomainSEVSNPDef {
};
+/* Copied from QGS source code */
+#define QGS_UNIX_SOCKET_FILE "/var/run/tdx-qgs/qgs.socket"
+
struct _virDomainTDXDef {
bool havePolicy;
unsigned long long policy;
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index c2183d332e..c6b826a007 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -9754,16 +9754,30 @@ static int
qemuBuildTDXCommandLine(virDomainObj *vm, virCommand *cmd,
virDomainTDXDef *tdx)
{
+ g_autoptr(virJSONValue) addr = NULL;
g_autoptr(virJSONValue) props = NULL;
qemuDomainObjPrivate *priv = vm->privateData;
+ const char *path = QGS_UNIX_SOCKET_FILE;
if (tdx->havePolicy)
VIR_DEBUG("policy=0x%llx", tdx->policy);
+ if (tdx->haveQGS) {
+ if (tdx->qgs_unix_path)
+ path = tdx->qgs_unix_path;
+
+ if (virJSONValueObjectAdd(&addr,
+ "s:type", "unix",
+ "s:path", path,
+ NULL) < 0)
+ return -1;
+ }
+
if (qemuMonitorCreateObjectProps(&props, "tdx-guest", "lsec0",
"S:mrconfigid", tdx->mrconfigid,
"S:mrowner", tdx->mrowner,
"S:mrownerconfig", tdx->mrownerconfig,
+ "A:quote-generation-socket", &addr,
NULL) < 0)
return -1;
--
2.51.0

16
SOURCES/libvirt-qemu-Add-support-for-VIR_DOMAIN_GUEST_INFO_LOAD.patch
View File

@ -1,5 +1,5 @@
From 816ce9100cbc410706fde26763158640f6d06f44 Mon Sep 17 00:00:00 2001
Message-ID: <816ce9100cbc410706fde26763158640f6d06f44.1745925135.git.jdenemar@redhat.com>
From aeff1ebf96b595337f14ef6d1412d6c407bdc085 Mon Sep 17 00:00:00 2001
Message-ID: <aeff1ebf96b595337f14ef6d1412d6c407bdc085.1747908717.git.jdenemar@redhat.com>
From: Martin Kletzander <mkletzan@redhat.com>
Date: Tue, 25 Feb 2025 15:36:32 +0100
Subject: [PATCH] qemu: Add support for VIR_DOMAIN_GUEST_INFO_LOAD
@ -8,7 +8,7 @@ Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
(cherry picked from commit b4cf9c8cba45e65551aa9440dea2c3757a96aa0c)
https://issues.redhat.com/browse/RHEL-88449
https://issues.redhat.com/browse/RHEL-88447
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
---
@ -16,10 +16,10 @@ Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index d65fc542d1..3e194999fe 100644
index 8a354a606a..11dbbc1aab 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -19288,7 +19288,8 @@ static const unsigned int qemuDomainGetGuestInfoSupportedTypes =
@@ -19276,7 +19276,8 @@ static const unsigned int qemuDomainGetGuestInfoSupportedTypes =
VIR_DOMAIN_GUEST_INFO_HOSTNAME |
VIR_DOMAIN_GUEST_INFO_FILESYSTEM |
VIR_DOMAIN_GUEST_INFO_DISKS |
@ -29,7 +29,7 @@ index d65fc542d1..3e194999fe 100644
static int
qemuDomainGetGuestInfoCheckSupport(unsigned int types,
@@ -19575,6 +19576,10 @@ qemuDomainGetGuestInfo(virDomainPtr dom,
@@ -19563,6 +19564,10 @@ qemuDomainGetGuestInfo(virDomainPtr dom,
qemuAgentDiskInfo **agentdiskinfo = NULL;
virDomainInterfacePtr *ifaces = NULL;
size_t nifaces = 0;
@ -40,7 +40,7 @@ index d65fc542d1..3e194999fe 100644
size_t i;
virCheckFlags(0, -1);
@@ -19645,6 +19650,14 @@ qemuDomainGetGuestInfo(virDomainPtr dom,
@@ -19633,6 +19638,14 @@ qemuDomainGetGuestInfo(virDomainPtr dom,
nifaces = rc;
}
@ -55,7 +55,7 @@ index d65fc542d1..3e194999fe 100644
qemuDomainObjExitAgent(vm, agent);
virDomainObjEndAgentJob(vm);
@@ -19671,6 +19684,12 @@ qemuDomainGetGuestInfo(virDomainPtr dom,
@@ -19659,6 +19672,12 @@ qemuDomainGetGuestInfo(virDomainPtr dom,
virDomainInterfaceFormatParams(ifaces, nifaces, params, nparams, &maxparams);
}

36
SOURCES/libvirt-qemu-Allow-virtio-mem-on-CCW.patch Normal file
View File

@ -0,0 +1,36 @@
From 5c4270439f99bd52f91613a6ee833aa4bcb131c4 Mon Sep 17 00:00:00 2001
Message-ID: <5c4270439f99bd52f91613a6ee833aa4bcb131c4.1744876588.git.jdenemar@redhat.com>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Wed, 15 Jan 2025 13:00:36 +0100
Subject: [PATCH] qemu: Allow virtio-mem on CCW
After previous commits, we can allow virtio-mem to live on CCW
channel.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
(cherry picked from commit ee0320a7fccc8088bc2830fe949ae2339db208cb)
Resolves: https://issues.redhat.com/browse/RHEL-72976
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_domain.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index b6c36d85d7..4234e4605b 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -7673,9 +7673,10 @@ qemuDomainDefValidateMemoryHotplugDevice(const virDomainMemoryDef *mem,
case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM:
if (mem->info.type != VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI &&
+ mem->info.type != VIR_DOMAIN_DEVICE_ADDRESS_TYPE_CCW &&
mem->info.type != VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
- _("only 'pci' addresses are supported for the %1$s device"),
+ _("only 'pci' and 'ccw' addresses are supported for the %1$s device"),
virDomainMemoryModelTypeToString(mem->model));
return -1;
}
--
2.49.0

38
SOURCES/libvirt-qemu-Avoid-crash-in-qemuDomainCheckCPU-with-unknown-host-CPU.patch Normal file
View File

@ -0,0 +1,38 @@
From d874530eaded03d0b90139c9bbd80902b9464e87 Mon Sep 17 00:00:00 2001
Message-ID: <d874530eaded03d0b90139c9bbd80902b9464e87.1741876175.git.jdenemar@redhat.com>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Tue, 18 Feb 2025 11:24:32 +0100
Subject: [PATCH] qemu: Avoid crash in qemuDomainCheckCPU with unknown host CPU
When we don't have any information about host CPU (for example when
running on an aarch64 host), the virQEMUCapsGetHostModel would return
NULL.
Fixes: f928eb5fc80ca0ed7277f2513b63aed36c09d275
Fixes: https://gitlab.com/libvirt/libvirt/-/issues/747
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Tested-by: Jaroslav Suchanek <jsuchane@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 43eae1b7077104d4e2ed52447407a335c2d093e3)
https://issues.redhat.com/browse/RHEL-81747
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_domain.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 92035dd281..1ccaff90d9 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -11446,6 +11446,7 @@ qemuDomainCheckCPU(virArch arch,
/* Force compat check if the CPU model is not found in qemuCaps or
* we don't have host CPU data from QEMU */
if (!cpu->model ||
+ !hypervisorCPU ||
hypervisorCPU->fallback != VIR_CPU_FALLBACK_FORBID ||
virQEMUCapsGetCPUBlockers(qemuCaps, virtType,
cpu->model, &blockers) < 0)
--
2.48.1

48
SOURCES/libvirt-qemu-Avoid-duplicate-FakeReboot-for-secure-guest.patch Normal file
View File

@ -0,0 +1,48 @@
From 80e6f292a501cc9bc8b2d5197c339326ecff0323 Mon Sep 17 00:00:00 2001
Message-ID: <80e6f292a501cc9bc8b2d5197c339326ecff0323.1759835600.git.jdenemar@redhat.com>
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date: Thu, 10 Jul 2025 03:21:20 -0400
Subject: [PATCH] qemu: Avoid duplicate FakeReboot for secure guest
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
For secure guest, FakeReboot kills original QEMU instance and
create new one. During this process, QEMU send SHUTDOWN event
with "host-signal" reason which can trigger another FakeReboot.
Check if a FakeReboot is ongoing and bypass "host-signal"
processing which originally comes from FakeReboot.
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 194a36f4fe14b489b4697396d908c2a2c578ca5c)
Resolves: https://issues.redhat.com/browse/RHEL-111840
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
src/qemu/qemu_monitor.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index 40f15c88a8..6d19b675d5 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -1076,6 +1076,16 @@ qemuMonitorEmitShutdown(qemuMonitor *mon, virTristateBool guest,
* with it here. */
if (vm->def->sec &&
vm->def->sec->sectype == VIR_DOMAIN_LAUNCH_SECURITY_TDX) {
+ qemuDomainObjPrivate *priv = vm->privateData;
+
+ /* For secure guest, FakeReboot kills original QEMU instance and
+ * create new one. During this process, QEMU send SHUTDOWN event
+ * with "host-signal" reason which can trigger another FakeReboot.
+ * Check if a FakeReboot is ongoing and bypass "host-signal"
+ * processing which is originally come from FakeReboot. */
+ if (priv->fakeReboot && STREQ_NULLABLE(reason, "host-signal"))
+ return;
+
if ((STREQ_NULLABLE(reason, "guest-shutdown") &&
vm->def->onPoweroff == VIR_DOMAIN_LIFECYCLE_ACTION_RESTART) ||
(STREQ_NULLABLE(reason, "guest-reset") &&
--
2.51.0

68
SOURCES/libvirt-qemu-Check-if-INTEL-Trust-Domain-Extention-support-is-enabled.patch Normal file
View File

@ -0,0 +1,68 @@
From 7eff4d32f92fa15ffa3705b977cf8e29d41f6d26 Mon Sep 17 00:00:00 2001
Message-ID: <7eff4d32f92fa15ffa3705b977cf8e29d41f6d26.1759835599.git.jdenemar@redhat.com>
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date: Thu, 10 Jul 2025 03:21:04 -0400
Subject: [PATCH] qemu: Check if INTEL Trust Domain Extention support is
enabled
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Implement TDX check in order to generate domain feature capability
correctly in case the availability of the feature changed.
For INTEL TDX the verification is:
- checking if "/sys/module/kvm_intel/parameters/tdx" contains the
value 'Y': meaning TDX is enabled in the host kernel.
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
(cherry picked from commit d7c96e809d2c446830930790db5206168aedef81)
Resolves: https://issues.redhat.com/browse/RHEL-111840
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
src/qemu/qemu_capabilities.c | 21 ++++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index d60d2d95cc..ea0c42d624 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -5308,6 +5308,24 @@ virQEMUCapsKVMSupportsSecureGuestAMD(void)
}
+/*
+ * Check whether INTEL Trust Domain Extention (x86) is enabled
+ */
+static bool
+virQEMUCapsKVMSupportsSecureGuestTDX(void)
+{
+ g_autofree char *modValue = NULL;
+
+ if (virFileReadValueString(&modValue, "/sys/module/kvm_intel/parameters/tdx") < 0)
+ return false;
+
+ if (modValue[0] != 'Y')
+ return false;
+
+ return true;
+}
+
+
/*
* Check whether the secure guest functionality is enabled.
* See the specific architecture function for details on the verifications made.
@@ -5321,7 +5339,8 @@ virQEMUCapsKVMSupportsSecureGuest(void)
return virQEMUCapsKVMSupportsSecureGuestS390();
if (ARCH_IS_X86(arch))
- return virQEMUCapsKVMSupportsSecureGuestAMD();
+ return virQEMUCapsKVMSupportsSecureGuestAMD() ||
+ virQEMUCapsKVMSupportsSecureGuestTDX();
return false;
}
--
2.51.0

50
SOURCES/libvirt-qemu-Do-NOT-autoadd-NUMA-node-for-s390.patch Normal file
View File

@ -0,0 +1,50 @@
From b2e5469f35657b7d46842b39be04ecc34e5ff659 Mon Sep 17 00:00:00 2001
Message-ID: <b2e5469f35657b7d46842b39be04ecc34e5ff659.1744876588.git.jdenemar@redhat.com>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Mon, 20 Jan 2025 17:10:24 +0100
Subject: [PATCH] qemu: Do NOT autoadd NUMA node for s390
In some cases, we might automatically add a NUMA node. But this
doesn't work for s390 really, because in its commit
v2.12.0-rc0~41^2~6 QEMU forbade specifying NUMA nodes for s390.
Suppress automatic adding of NUMA node on our side.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
(cherry picked from commit a8ed747b9a8c5cbd07557edc66962bc26205d7fb)
Resolves: https://issues.redhat.com/browse/RHEL-72976
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_domain.c | 3 ++-
src/qemu/qemu_postparse.c | 1 +
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 89e1b50366..b6c36d85d7 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -7761,7 +7761,8 @@ qemuDomainDefValidateMemoryHotplug(const virDomainDef *def,
return 0;
}
- if (!ARCH_IS_PPC64(def->os.arch)) {
+ if (!ARCH_IS_PPC64(def->os.arch) &&
+ !ARCH_IS_S390(def->os.arch)) {
/* due to guest support, qemu would silently enable NUMA with one node
* once the memory hotplug backend is enabled. To avoid possible
* confusion we will enforce user originated numa configuration along
diff --git a/src/qemu/qemu_postparse.c b/src/qemu/qemu_postparse.c
index 892330646a..141847b0ef 100644
--- a/src/qemu/qemu_postparse.c
+++ b/src/qemu/qemu_postparse.c
@@ -1806,6 +1806,7 @@ qemuDomainDefNumaAutoAdd(virDomainDef *def,
if (!abiUpdate ||
!virDomainDefHasMemoryHotplug(def) ||
+ qemuDomainIsS390CCW(def) ||
virDomainNumaGetNodeCount(def->numa) > 0) {
return 0;
}
--
2.49.0

73
SOURCES/libvirt-qemu-Force-special-parameters-enabled-for-TDX-guest.patch Normal file
View File

@ -0,0 +1,73 @@
From 809c8b4ebb569d283e02b869580914a6c7d9edd5 Mon Sep 17 00:00:00 2001
Message-ID: <809c8b4ebb569d283e02b869580914a6c7d9edd5.1759835600.git.jdenemar@redhat.com>
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date: Thu, 10 Jul 2025 03:21:13 -0400
Subject: [PATCH] qemu: Force special parameters enabled for TDX guest
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
TDX guest requires some special parameters to boot, currently:
"kernel_irqchip=split"
"pmu!=on"
"smm!=on"
"-bios"
If not specified explicitly, QEMU should configure this option implicitly
when start a TDX guest.
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 626b9ca84650966de266ff41e9df59aba948f65e)
Resolves: https://issues.redhat.com/browse/RHEL-111840
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
src/qemu/qemu_validate.c | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index 80aa2529f2..bbd838c7f0 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -1403,6 +1403,38 @@ qemuValidateDomainDef(const virDomainDef *def,
_("Only bit0(debug) and bit28(sept-ve-disable) are supported intel TDX launch security policy"));
return -1;
}
+ if (def->features[VIR_DOMAIN_FEATURE_IOAPIC] == VIR_DOMAIN_IOAPIC_KVM) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Intel TDX launch security needs split kernel irqchip"));
+ return -1;
+ }
+ /* Current KVM doesn't support PMU for TD guest. It returns
+ * error if TD is created with PMU bit being set in attributes.
+ * By default, QEMU disable PMU for TD guest.
+ */
+ if (def->features[VIR_DOMAIN_FEATURE_PMU] == VIR_TRISTATE_SWITCH_ON) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Intel TDX launch security is not supported with PMU enabled"));
+ return -1;
+ }
+ /* TDX doesn't support SMM and VMM cannot emulate SMM for TDX VMs
+ * because VMM cannot manipulate TDX VM's memory.
+ * By default, QEMU disable SMM for TD guest.
+ */
+ if (def->features[VIR_DOMAIN_FEATURE_SMM] == VIR_TRISTATE_SWITCH_ON) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Intel TDX launch security is not supported with SMM enabled"));
+ return -1;
+ }
+ /* TDVF(OVMF) needs to run at private memory for TD guest. TDX cannot
+ * support pflash device since it doesn't support read-only private memory.
+ * Thus load TDVF(OVMF) with -bios option for TDs.
+ */
+ if (def->os.loader && def->os.loader->type == VIR_DOMAIN_LOADER_TYPE_PFLASH) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Intel TDX launch security is not supported with pflash loader"));
+ return -1;
+ }
break;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
--
2.51.0

135
SOURCES/libvirt-qemu-Properly-propagate-migration-state-to-TPM-cleanup-code.patch Normal file
View File

@ -0,0 +1,135 @@
From b6e803fc90bb9d49345adca4f38856ce97fde9f8 Mon Sep 17 00:00:00 2001
Message-ID: <b6e803fc90bb9d49345adca4f38856ce97fde9f8.1744876588.git.jdenemar@redhat.com>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Wed, 9 Apr 2025 15:35:20 +0200
Subject: [PATCH] qemu: Properly propagate migration state to TPM cleanup code
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When migrating a domain with TPM state on a shared disk, we need to skip
TPM cleanup on both ends. So far the code only handled successful
migration and skipped the cleanup on the source host. But if the
migration failed for some reason, the cleanup would be incorrectly
called on the destination host removing the TPM files even though the
domain was still running on the source host.
https://issues.redhat.com/browse/RHEL-82411
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 97ed7f22b089c5fdd9ee02cffc6854f6e021ab2b)
https://issues.redhat.com/browse/RHEL-86800
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_driver.c | 7 +++++--
src/qemu/qemu_migration.c | 6 +++---
src/qemu/qemu_process.c | 8 ++------
3 files changed, 10 insertions(+), 11 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index f8f3d2c725..4c6eff9286 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -3853,6 +3853,7 @@ processMonitorEOFEvent(virQEMUDriver *driver,
const char *auditReason = "shutdown";
unsigned int stopFlags = 0;
virObjectEvent *event = NULL;
+ bool migration;
if (vm->def->id != domid) {
VIR_DEBUG("Domain %s was restarted, ignoring EOF",
@@ -3863,6 +3864,8 @@ processMonitorEOFEvent(virQEMUDriver *driver,
if (qemuProcessBeginStopJob(vm, VIR_JOB_DESTROY, true) < 0)
return;
+ migration = vm->job->asyncJob == VIR_ASYNC_JOB_MIGRATION_IN;
+
if (!virDomainObjIsActive(vm)) {
VIR_DEBUG("Domain %p '%s' is not active, ignoring EOF",
vm, vm->def->name);
@@ -3877,7 +3880,7 @@ processMonitorEOFEvent(virQEMUDriver *driver,
auditReason = "failed";
}
- if (vm->job->asyncJob == VIR_ASYNC_JOB_MIGRATION_IN) {
+ if (migration) {
stopFlags |= VIR_QEMU_PROCESS_STOP_MIGRATED;
qemuMigrationDstErrorSave(driver, vm->def->name,
qemuMonitorLastError(priv->mon));
@@ -3890,7 +3893,7 @@ processMonitorEOFEvent(virQEMUDriver *driver,
virObjectEventStateQueue(driver->domainEventState, event);
endjob:
- qemuDomainRemoveInactive(driver, vm, 0, false);
+ qemuDomainRemoveInactive(driver, vm, 0, migration);
qemuProcessEndStopJob(vm);
}
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 62da892254..5cb7642315 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -3592,7 +3592,7 @@ qemuMigrationDstPrepareFresh(virQEMUDriver *driver,
* and there is no 'goto cleanup;' in the middle of those */
VIR_FREE(priv->origname);
virDomainObjRemoveTransientDef(vm);
- qemuDomainRemoveInactive(driver, vm, 0, false);
+ qemuDomainRemoveInactive(driver, vm, 0, true);
}
virDomainObjEndAPI(&vm);
virErrorRestore(&origErr);
@@ -6963,7 +6963,7 @@ qemuMigrationDstFinishActive(virQEMUDriver *driver,
}
if (!qemuDomainObjIsActive(vm))
- qemuDomainRemoveInactive(driver, vm, VIR_DOMAIN_UNDEFINE_TPM, false);
+ qemuDomainRemoveInactive(driver, vm, VIR_DOMAIN_UNDEFINE_TPM, true);
virErrorRestore(&orig_err);
return NULL;
@@ -7099,7 +7099,7 @@ qemuMigrationProcessUnattended(virQEMUDriver *driver,
qemuMigrationJobFinish(vm);
if (!virDomainObjIsActive(vm))
- qemuDomainRemoveInactive(driver, vm, 0, false);
+ qemuDomainRemoveInactive(driver, vm, 0, true);
}
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index fac5678439..ad7e99750f 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -8731,7 +8731,6 @@ void qemuProcessStop(virQEMUDriver *driver,
size_t i;
g_autofree char *timestamp = NULL;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
- bool outgoingMigration;
VIR_DEBUG("Shutting down vm=%p name=%s id=%d pid=%lld, "
"reason=%s, asyncJob=%s, flags=0x%x",
@@ -8807,10 +8806,7 @@ void qemuProcessStop(virQEMUDriver *driver,
qemuDomainCleanupRun(driver, vm);
- outgoingMigration = (flags & VIR_QEMU_PROCESS_STOP_MIGRATED) &&
- (asyncJob == VIR_ASYNC_JOB_MIGRATION_OUT);
-
- qemuExtDevicesStop(driver, vm, outgoingMigration);
+ qemuExtDevicesStop(driver, vm, !!(flags & VIR_QEMU_PROCESS_STOP_MIGRATED));
qemuDBusStop(driver, vm);
@@ -9070,7 +9066,7 @@ qemuProcessAutoDestroy(virDomainObj *dom,
VIR_DOMAIN_EVENT_STOPPED,
VIR_DOMAIN_EVENT_STOPPED_DESTROYED);
- qemuDomainRemoveInactive(driver, dom, 0, false);
+ qemuDomainRemoveInactive(driver, dom, 0, !!(stopFlags & VIR_QEMU_PROCESS_STOP_MIGRATED));
qemuProcessEndStopJob(dom);
--
2.49.0

230
SOURCES/libvirt-qemu-Rename-outgoingMigration-parameter-in-various-TPM-functions.patch Normal file
View File

@ -0,0 +1,230 @@
From c28859cbaeac298adbe957956cf8442c9a6b7264 Mon Sep 17 00:00:00 2001
Message-ID: <c28859cbaeac298adbe957956cf8442c9a6b7264.1744876588.git.jdenemar@redhat.com>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Tue, 11 Mar 2025 10:05:28 +0100
Subject: [PATCH] qemu: Rename outgoingMigration parameter in various TPM
functions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The parameter is used to skip TPM state cleanup on outgoing migration
with shared storage. But we also need to skip the cleanup after a failed
incoming migration. Let's call the parameter "migration" to reflect its
usage on both sides of migration.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit a5e4ca6f02dc8250f84163a0d19b69300affde43)
https://issues.redhat.com/browse/RHEL-86800
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_domain.c | 8 ++++----
src/qemu/qemu_domain.h | 2 +-
src/qemu/qemu_extdevice.c | 8 ++++----
src/qemu/qemu_extdevice.h | 4 ++--
src/qemu/qemu_tpm.c | 19 +++++++++----------
src/qemu/qemu_tpm.h | 4 ++--
6 files changed, 22 insertions(+), 23 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 1ccaff90d9..89e1b50366 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -5749,7 +5749,7 @@ static void
qemuDomainRemoveInactiveCommon(virQEMUDriver *driver,
virDomainObj *vm,
virDomainUndefineFlagsValues flags,
- bool outgoingMigration)
+ bool migration)
{
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
g_autofree char *snapDir = NULL;
@@ -5775,7 +5775,7 @@ qemuDomainRemoveInactiveCommon(virQEMUDriver *driver,
if (rmdir(chkDir) < 0 && errno != ENOENT)
VIR_WARN("unable to remove checkpoint directory %s", chkDir);
}
- qemuExtDevicesCleanupHost(driver, vm->def, flags, outgoingMigration);
+ qemuExtDevicesCleanupHost(driver, vm->def, flags, migration);
}
@@ -5788,14 +5788,14 @@ void
qemuDomainRemoveInactive(virQEMUDriver *driver,
virDomainObj *vm,
virDomainUndefineFlagsValues flags,
- bool outgoingMigration)
+ bool migration)
{
if (vm->persistent) {
/* Short-circuit, we don't want to remove a persistent domain */
return;
}
- qemuDomainRemoveInactiveCommon(driver, vm, flags, outgoingMigration);
+ qemuDomainRemoveInactiveCommon(driver, vm, flags, migration);
virDomainObjListRemove(driver->domains, vm);
}
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index e810f79599..6246988491 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -689,7 +689,7 @@ int qemuDomainMomentDiscardAll(void *payload,
void qemuDomainRemoveInactive(virQEMUDriver *driver,
virDomainObj *vm,
virDomainUndefineFlagsValues flags,
- bool outgoingMigration);
+ bool migration);
void
qemuDomainRemoveInactiveLocked(virQEMUDriver *driver,
diff --git a/src/qemu/qemu_extdevice.c b/src/qemu/qemu_extdevice.c
index 2384bab7a6..7451e0fa03 100644
--- a/src/qemu/qemu_extdevice.c
+++ b/src/qemu/qemu_extdevice.c
@@ -154,7 +154,7 @@ void
qemuExtDevicesCleanupHost(virQEMUDriver *driver,
virDomainDef *def,
virDomainUndefineFlagsValues flags,
- bool outgoingMigration)
+ bool migration)
{
size_t i;
@@ -165,7 +165,7 @@ qemuExtDevicesCleanupHost(virQEMUDriver *driver,
virDomainTPMDef *tpm = def->tpms[i];
if (tpm->type == VIR_DOMAIN_TPM_TYPE_EMULATOR)
- qemuExtTPMCleanupHost(driver, tpm, flags, outgoingMigration);
+ qemuExtTPMCleanupHost(driver, tpm, flags, migration);
}
}
@@ -266,7 +266,7 @@ qemuExtDevicesStart(virQEMUDriver *driver,
void
qemuExtDevicesStop(virQEMUDriver *driver,
virDomainObj *vm,
- bool outgoingMigration)
+ bool migration)
{
virDomainDef *def = vm->def;
size_t i;
@@ -283,7 +283,7 @@ qemuExtDevicesStop(virQEMUDriver *driver,
for (i = 0; i < def->ntpms; i++) {
if (def->tpms[i]->type == VIR_DOMAIN_TPM_TYPE_EMULATOR)
- qemuExtTPMStop(driver, vm, outgoingMigration);
+ qemuExtTPMStop(driver, vm, migration);
}
for (i = 0; i < def->nnets; i++) {
diff --git a/src/qemu/qemu_extdevice.h b/src/qemu/qemu_extdevice.h
index d4ac9f395c..36f7fb77a8 100644
--- a/src/qemu/qemu_extdevice.h
+++ b/src/qemu/qemu_extdevice.h
@@ -48,7 +48,7 @@ int qemuExtDevicesPrepareHost(virQEMUDriver *driver,
void qemuExtDevicesCleanupHost(virQEMUDriver *driver,
virDomainDef *def,
virDomainUndefineFlagsValues flags,
- bool outgoingMigration)
+ bool migration)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
int qemuExtDevicesStart(virQEMUDriver *driver,
@@ -59,7 +59,7 @@ int qemuExtDevicesStart(virQEMUDriver *driver,
void qemuExtDevicesStop(virQEMUDriver *driver,
virDomainObj *vm,
- bool outgoingMigration)
+ bool migration)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
bool qemuExtDevicesHasDevice(virDomainDef *def);
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index f5e0184e54..f910a26286 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -907,7 +907,8 @@ qemuTPMEmulatorInitPaths(virDomainTPMDef *tpm,
* @driver: QEMU driver
* @tpm: TPM definition
* @flags: flags indicating whether to keep or remove TPM persistent state
- * @outgoingMigration: whether cleanup is due to an outgoing migration
+ * @migration: whether cleanup is due to a successful outgoing or failed
+ * incoming migration
*
* Clean up persistent storage for the swtpm.
*/
@@ -915,14 +916,12 @@ static void
qemuTPMEmulatorCleanupHost(virQEMUDriver *driver,
virDomainTPMDef *tpm,
virDomainUndefineFlagsValues flags,
- bool outgoingMigration)
+ bool migration)
{
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
- /* Never remove the state in case of outgoing migration with shared
- * storage.
- */
- if (outgoingMigration &&
+ /* Never remove the state in case of migration with shared storage. */
+ if (migration &&
virFileIsSharedFS(tpm->data.emulator.source_path, cfg->sharedFilesystems) == 1)
return;
@@ -1293,9 +1292,9 @@ void
qemuExtTPMCleanupHost(virQEMUDriver *driver,
virDomainTPMDef *tpm,
virDomainUndefineFlagsValues flags,
- bool outgoingMigration)
+ bool migration)
{
- qemuTPMEmulatorCleanupHost(driver, tpm, flags, outgoingMigration);
+ qemuTPMEmulatorCleanupHost(driver, tpm, flags, migration);
}
@@ -1319,7 +1318,7 @@ qemuExtTPMStart(virQEMUDriver *driver,
void
qemuExtTPMStop(virQEMUDriver *driver,
virDomainObj *vm,
- bool outgoingMigration)
+ bool migration)
{
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
g_autofree char *shortName = virDomainDefGetShortName(vm->def);
@@ -1329,7 +1328,7 @@ qemuExtTPMStop(virQEMUDriver *driver,
return;
qemuTPMEmulatorStop(cfg->swtpmStateDir, shortName);
- if (outgoingMigration && qemuTPMHasSharedStorage(driver, vm->def))
+ if (migration && qemuTPMHasSharedStorage(driver, vm->def))
restoreTPMStateLabel = false;
if (qemuSecurityRestoreTPMLabels(driver, vm, restoreTPMStateLabel, false) < 0)
diff --git a/src/qemu/qemu_tpm.h b/src/qemu/qemu_tpm.h
index 7096060a2a..37813087cf 100644
--- a/src/qemu/qemu_tpm.h
+++ b/src/qemu/qemu_tpm.h
@@ -38,7 +38,7 @@ int qemuExtTPMPrepareHost(virQEMUDriver *driver,
void qemuExtTPMCleanupHost(virQEMUDriver *driver,
virDomainTPMDef *tpm,
virDomainUndefineFlagsValues flags,
- bool outgoingMigration)
+ bool migration)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
int qemuExtTPMStart(virQEMUDriver *driver,
@@ -52,7 +52,7 @@ int qemuExtTPMStart(virQEMUDriver *driver,
void qemuExtTPMStop(virQEMUDriver *driver,
virDomainObj *vm,
- bool outgoingMigration)
+ bool migration)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
int qemuExtTPMSetupCgroup(virQEMUDriver *driver,
--
2.49.0

138
SOURCES/libvirt-qemu-Send-event-VIR_DOMAIN_EVENT_-STOPPED-STARTED-during-recreation.patch Normal file
View File

@ -0,0 +1,138 @@
From dbeae7c9d470143a0c23195d1880ad302bce78ab Mon Sep 17 00:00:00 2001
Message-ID: <dbeae7c9d470143a0c23195d1880ad302bce78ab.1759835600.git.jdenemar@redhat.com>
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date: Thu, 10 Jul 2025 03:21:21 -0400
Subject: [PATCH] qemu: Send event VIR_DOMAIN_EVENT_[STOPPED|STARTED] during
recreation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
For secure guest, FakeReboot kills original QEMU instance and
create new one which is quite different from normal guest.
To reflect this fact, VIR_DOMAIN_EVENT_[STOPPED|STARTED]
are sent to control plane with new introduced reasons
VIR_DOMAIN_EVENT_[STOPPED|STARTED]_RECREATION.
That would let control plane software understand that these
events are from a fake reboot.
Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
(cherry picked from commit 1af740c5012bb45dfe96c77bcd6b20c28b6bb45d)
Resolves: https://issues.redhat.com/browse/RHEL-111840
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
examples/c/misc/event-test.c | 6 ++++++
include/libvirt/libvirt-domain.h | 2 ++
src/qemu/qemu_process.c | 10 ++++++++++
tools/virsh-domain-event.c | 6 ++++--
4 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/examples/c/misc/event-test.c b/examples/c/misc/event-test.c
index 88d99dff56..04d74670e7 100644
--- a/examples/c/misc/event-test.c
+++ b/examples/c/misc/event-test.c
@@ -143,6 +143,9 @@ eventDetailToString(int event,
case VIR_DOMAIN_EVENT_STARTED_WAKEUP:
return "Event wakeup";
+ case VIR_DOMAIN_EVENT_STARTED_RECREATION:
+ return "Recreation";
+
case VIR_DOMAIN_EVENT_STARTED_LAST:
break;
}
@@ -227,6 +230,9 @@ eventDetailToString(int event,
case VIR_DOMAIN_EVENT_STOPPED_FROM_SNAPSHOT:
return "Snapshot";
+ case VIR_DOMAIN_EVENT_STOPPED_RECREATION:
+ return "Recreation";
+
case VIR_DOMAIN_EVENT_STOPPED_LAST:
break;
}
diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-domain.h
index df13b72f7b..7759ddeaad 100644
--- a/include/libvirt/libvirt-domain.h
+++ b/include/libvirt/libvirt-domain.h
@@ -3873,6 +3873,7 @@ typedef enum {
VIR_DOMAIN_EVENT_STARTED_RESTORED = 2, /* Restored from a state file (Since: 0.5.0) */
VIR_DOMAIN_EVENT_STARTED_FROM_SNAPSHOT = 3, /* Restored from snapshot (Since: 0.8.0) */
VIR_DOMAIN_EVENT_STARTED_WAKEUP = 4, /* Started due to wakeup event (Since: 0.9.11) */
+ VIR_DOMAIN_EVENT_STARTED_RECREATION = 5, /* Secure guest recreation (Since: 10.1.0) */
# ifdef VIR_ENUM_SENTINELS
VIR_DOMAIN_EVENT_STARTED_LAST /* (Since: 0.9.10) */
@@ -3937,6 +3938,7 @@ typedef enum {
VIR_DOMAIN_EVENT_STOPPED_SAVED = 4, /* Saved to a state file (Since: 0.5.0) */
VIR_DOMAIN_EVENT_STOPPED_FAILED = 5, /* Host emulator/mgmt failed (Since: 0.5.0) */
VIR_DOMAIN_EVENT_STOPPED_FROM_SNAPSHOT = 6, /* offline snapshot loaded (Since: 0.8.0) */
+ VIR_DOMAIN_EVENT_STOPPED_RECREATION = 7, /* Secure guest recreation (Since: 10.1.0) */
# ifdef VIR_ENUM_SENTINELS
VIR_DOMAIN_EVENT_STOPPED_LAST /* (Since: 0.9.10) */
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index caf63b0ae3..0d4fdf6960 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -455,6 +455,7 @@ qemuProcessFakeRebootViaRecreate(virDomainObj *vm)
{
qemuDomainObjPrivate *priv = vm->privateData;
virQEMUDriver *driver = priv->driver;
+ virObjectEvent *event = NULL;
int ret = -1;
VIR_DEBUG("Handle secure guest reboot: destroy phase");
@@ -471,6 +472,11 @@ qemuProcessFakeRebootViaRecreate(virDomainObj *vm)
qemuProcessStop(driver, vm, VIR_DOMAIN_SHUTOFF_DESTROYED, VIR_ASYNC_JOB_NONE, 0);
virDomainAuditStop(vm, "destroyed");
+ event = virDomainEventLifecycleNewFromObj(vm,
+ VIR_DOMAIN_EVENT_STOPPED,
+ VIR_DOMAIN_EVENT_STOPPED_RECREATION);
+ virObjectEventStateQueue(driver->domainEventState, event);
+
/* skip remove inactive domain from active list */
qemuProcessEndStopJob(vm);
@@ -491,6 +497,10 @@ qemuProcessFakeRebootViaRecreate(virDomainObj *vm)
}
virDomainAuditStart(vm, "booted", true);
+ event = virDomainEventLifecycleNewFromObj(vm,
+ VIR_DOMAIN_EVENT_STARTED,
+ VIR_DOMAIN_EVENT_STARTED_RECREATION);
+ virObjectEventStateQueue(driver->domainEventState, event);
qemuDomainSaveStatus(vm);
ret = 0;
diff --git a/tools/virsh-domain-event.c b/tools/virsh-domain-event.c
index cd33d4d938..1b42ed706d 100644
--- a/tools/virsh-domain-event.c
+++ b/tools/virsh-domain-event.c
@@ -70,7 +70,8 @@ VIR_ENUM_IMPL(virshDomainEventStarted,
N_("Migrated"),
N_("Restored"),
N_("Snapshot"),
- N_("Event wakeup"));
+ N_("Event wakeup"),
+ N_("Recreation"));
VIR_ENUM_DECL(virshDomainEventSuspended);
VIR_ENUM_IMPL(virshDomainEventSuspended,
@@ -103,7 +104,8 @@ VIR_ENUM_IMPL(virshDomainEventStopped,
N_("Migrated"),
N_("Saved"),
N_("Failed"),
- N_("Snapshot"));
+ N_("Snapshot"),
+ N_("Recreation"));
VIR_ENUM_DECL(virshDomainEventShutdown);
VIR_ENUM_IMPL(virshDomainEventShutdown,
--
2.51.0

150
SOURCES/libvirt-qemu-Support-domain-reset-command-for-TDX-guest.patch Normal file
View File

@ -0,0 +1,150 @@
From 9a47f88f06ca6c1274c2bb5ca723057faf33e86e Mon Sep 17 00:00:00 2001
Message-ID: <9a47f88f06ca6c1274c2bb5ca723057faf33e86e.1759835600.git.jdenemar@redhat.com>
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date: Thu, 10 Jul 2025 03:21:23 -0400
Subject: [PATCH] qemu: Support domain reset command for TDX guest
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
TDX guest doesn't support system_reset, so have to kill the old QEMU and
start a new one to simulate the reset. This can be achieved by calling
qemuProcessFakeRebootViaRecreate().
Simiar as FakeReboot, QEMU sends SHUTDOWN event with "host-signal" reason
which can trigger another FakeReset. Check if a FakeReset is ongoing and
bypass "host-signal" processing which originally comes from FakeReset.
Domain lock is already hold in qemuDomainReset() before calling
qemuProcessFakeRebootViaRecreate(), so bypass locking in it.
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit fcc12f217e7a45ec6049642c2707917bb290d58c)
Resolves: https://issues.redhat.com/browse/RHEL-111840
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
src/qemu/qemu_domain.h | 1 +
src/qemu/qemu_driver.c | 10 +++++++++-
src/qemu/qemu_monitor.c | 6 ++++++
src/qemu/qemu_process.c | 14 +++++++++-----
src/qemu/qemu_process.h | 2 ++
5 files changed, 27 insertions(+), 6 deletions(-)
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index 3f16f86da8..d787d2a065 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -128,6 +128,7 @@ struct _qemuDomainObjPrivate {
char *lockState;
bool fakeReboot;
+ bool fakeReset;
bool pausedShutdown;
/* allowReboot:
*
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 7d0c39c89f..98bfe8124d 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -2008,13 +2008,21 @@ qemuDomainReset(virDomainPtr dom, unsigned int flags)
if (virDomainResetEnsureACL(dom->conn, vm->def) < 0)
goto cleanup;
+ priv = vm->privateData;
+
+ if (vm->def->sec &&
+ vm->def->sec->sectype == VIR_DOMAIN_LAUNCH_SECURITY_TDX) {
+ priv->fakeReset = true;
+ ret = qemuProcessFakeRebootViaRecreate(vm, true);
+ goto cleanup;
+ }
+
if (virDomainObjBeginJob(vm, VIR_JOB_MODIFY) < 0)
goto cleanup;
if (virDomainObjCheckActive(vm) < 0)
goto endjob;
- priv = vm->privateData;
qemuDomainObjEnterMonitor(vm);
ret = qemuMonitorSystemReset(priv->mon);
qemuDomainObjExitMonitor(vm);
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index 6d19b675d5..a9fe4f2f6b 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -1086,6 +1086,12 @@ qemuMonitorEmitShutdown(qemuMonitor *mon, virTristateBool guest,
if (priv->fakeReboot && STREQ_NULLABLE(reason, "host-signal"))
return;
+ /* Similar as FakeReboot for FakeReset. */
+ if (priv->fakeReset && STREQ_NULLABLE(reason, "host-signal")) {
+ priv->fakeReset = false;
+ return;
+ }
+
if ((STREQ_NULLABLE(reason, "guest-shutdown") &&
vm->def->onPoweroff == VIR_DOMAIN_LIFECYCLE_ACTION_RESTART) ||
(STREQ_NULLABLE(reason, "guest-reset") &&
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 0d4fdf6960..7b6c02bc27 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -450,8 +450,8 @@ qemuProcessHandleReset(qemuMonitor *mon G_GNUC_UNUSED,
* Secure guest doesn't support fake reboot via machine CPU reset.
* We thus fake reboot via QEMU re-creation.
*/
-static void
-qemuProcessFakeRebootViaRecreate(virDomainObj *vm)
+int
+qemuProcessFakeRebootViaRecreate(virDomainObj *vm, bool locked)
{
qemuDomainObjPrivate *priv = vm->privateData;
virQEMUDriver *driver = priv->driver;
@@ -460,7 +460,9 @@ qemuProcessFakeRebootViaRecreate(virDomainObj *vm)
VIR_DEBUG("Handle secure guest reboot: destroy phase");
- virObjectLock(vm);
+ if (!locked)
+ virObjectLock(vm);
+
if (qemuProcessBeginStopJob(vm, VIR_JOB_DESTROY, 0) < 0)
goto cleanup;
@@ -513,7 +515,9 @@ qemuProcessFakeRebootViaRecreate(virDomainObj *vm)
qemuDomainSetFakeReboot(vm, false);
if (ret == -1)
ignore_value(qemuProcessKill(vm, VIR_QEMU_PROCESS_KILL_FORCE));
- virDomainObjEndAPI(&vm);
+ if (!locked)
+ virDomainObjEndAPI(&vm);
+ return ret;
}
@@ -587,7 +591,7 @@ qemuProcessFakeReboot(void *opaque)
if (vm->def->sec &&
vm->def->sec->sectype == VIR_DOMAIN_LAUNCH_SECURITY_TDX)
- qemuProcessFakeRebootViaRecreate(vm);
+ ignore_value(qemuProcessFakeRebootViaRecreate(vm, false));
else
qemuProcessFakeRebootViaReset(vm);
}
diff --git a/src/qemu/qemu_process.h b/src/qemu/qemu_process.h
index fee00ce53b..3074f27b64 100644
--- a/src/qemu/qemu_process.h
+++ b/src/qemu/qemu_process.h
@@ -184,6 +184,8 @@ typedef enum {
int qemuProcessKill(virDomainObj *vm, unsigned int flags);
+int qemuProcessFakeRebootViaRecreate(virDomainObj *vm, bool locked);
+
void qemuProcessShutdownOrReboot(virDomainObj *vm);
void qemuProcessAutoDestroy(virDomainObj *dom,
--
2.51.0

96
SOURCES/libvirt-qemu-Support-reboot-command-in-guest.patch Normal file
View File

@ -0,0 +1,96 @@
From ae1ff9ae8b699e4be8b482d7dee32b3fe27767c7 Mon Sep 17 00:00:00 2001
Message-ID: <ae1ff9ae8b699e4be8b482d7dee32b3fe27767c7.1759835600.git.jdenemar@redhat.com>
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date: Thu, 10 Jul 2025 03:21:19 -0400
Subject: [PATCH] qemu: Support reboot command in guest
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
We can reboot a TDX guest with 'virsh reboot' or 'virsh shutdown' if action
for onPoweroff is 'restart'. But running reboot command in guest shell will
always lead to shutdown.
This behavior is not consistent with normal guest, fix it by checking
shutdown reason and action configuration to trigger FakeReboot.
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 312c3afa48936c7a9676408abdd5a44cb9ad2baa)
Resolves: https://issues.redhat.com/browse/RHEL-111840
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
src/qemu/qemu_monitor.c | 18 +++++++++++++++++-
src/qemu/qemu_monitor.h | 2 +-
src/qemu/qemu_monitor_json.c | 6 +++++-
3 files changed, 23 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index 18b877ce29..40f15c88a8 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -1063,10 +1063,26 @@ qemuMonitorEmitEvent(qemuMonitor *mon, const char *event,
void
-qemuMonitorEmitShutdown(qemuMonitor *mon, virTristateBool guest)
+qemuMonitorEmitShutdown(qemuMonitor *mon, virTristateBool guest,
+ const char *reason)
{
+ virDomainObj *vm = mon->vm;
+
VIR_DEBUG("mon=%p guest=%u", mon, guest);
+ /* This isn't best place to set FakeReboot but we need to access
+ * mon->vm which is defined in this file. Reboot command in guest
+ * will trigger SHUTDOWN event for TDX guest, so we has to deal
+ * with it here. */
+ if (vm->def->sec &&
+ vm->def->sec->sectype == VIR_DOMAIN_LAUNCH_SECURITY_TDX) {
+ if ((STREQ_NULLABLE(reason, "guest-shutdown") &&
+ vm->def->onPoweroff == VIR_DOMAIN_LIFECYCLE_ACTION_RESTART) ||
+ (STREQ_NULLABLE(reason, "guest-reset") &&
+ vm->def->onReboot == VIR_DOMAIN_LIFECYCLE_ACTION_RESTART))
+ qemuDomainSetFakeReboot(vm, true);
+ }
+
QEMU_MONITOR_CALLBACK(mon, domainShutdown, mon->vm, guest);
}
diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
index bf44c96057..d4730162ca 100644
--- a/src/qemu/qemu_monitor.h
+++ b/src/qemu/qemu_monitor.h
@@ -460,7 +460,7 @@ int qemuMonitorUpdateVideoVram64Size(qemuMonitor *mon,
void qemuMonitorEmitEvent(qemuMonitor *mon, const char *event,
long long seconds, unsigned int micros,
const char *details);
-void qemuMonitorEmitShutdown(qemuMonitor *mon, virTristateBool guest);
+void qemuMonitorEmitShutdown(qemuMonitor *mon, virTristateBool guest, const char *reason);
void qemuMonitorEmitReset(qemuMonitor *mon);
void qemuMonitorEmitStop(qemuMonitor *mon);
void qemuMonitorEmitResume(qemuMonitor *mon);
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index db46bcc741..cbe10ad907 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -548,12 +548,16 @@ qemuMonitorJSONMakeCommand(const char *cmdname,
static void qemuMonitorJSONHandleShutdown(qemuMonitor *mon, virJSONValue *data)
{
bool guest = false;
+ const char *reason = NULL;
virTristateBool guest_initiated = VIR_TRISTATE_BOOL_ABSENT;
if (data && virJSONValueObjectGetBoolean(data, "guest", &guest) == 0)
guest_initiated = virTristateBoolFromBool(guest);
- qemuMonitorEmitShutdown(mon, guest_initiated);
+ if (data)
+ reason = virJSONValueObjectGetString(data, "reason");
+
+ qemuMonitorEmitShutdown(mon, guest_initiated, reason);
}
static void qemuMonitorJSONHandleReset(qemuMonitor *mon, virJSONValue *data G_GNUC_UNUSED)
--
2.51.0

86
SOURCES/libvirt-qemu-Validate-virtio-mem-ccw.patch Normal file
View File

@ -0,0 +1,86 @@
From 6fa979b9735e988971203bca10903ba587a27f79 Mon Sep 17 00:00:00 2001
Message-ID: <6fa979b9735e988971203bca10903ba587a27f79.1744876588.git.jdenemar@redhat.com>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Wed, 15 Jan 2025 15:48:41 +0100
Subject: [PATCH] qemu: Validate virtio-mem-ccw
There are basically two differences between virtio-mem-ccw and
virtio-mem-pci. s390 doesn't allow mixing different page sizes
and there's no NUMA support in QEMU.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
(cherry picked from commit 541dfe40bc9b3fe90d488ab85df8ea3ea31b8249)
Resolves: https://issues.redhat.com/browse/RHEL-72976
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_validate.c | 35 ++++++++++++++++++++++++++++++++---
1 file changed, 32 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index 1c61038f93..97f8f58ffd 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -5259,7 +5259,8 @@ qemuValidateDomainDeviceDefHub(virDomainHubDef *hub,
static int
-qemuValidateDomainDeviceDefMemory(virDomainMemoryDef *mem,
+qemuValidateDomainDeviceDefMemory(const virDomainMemoryDef *mem,
+ const virDomainDef *def,
virQEMUCaps *qemuCaps)
{
virSGXCapability *sgxCaps;
@@ -5298,12 +5299,40 @@ qemuValidateDomainDeviceDefMemory(virDomainMemoryDef *mem,
break;
case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM:
- if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_VIRTIO_MEM_PCI)) {
+ if ((mem->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI &&
+ !virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_VIRTIO_MEM_PCI)) ||
+ (mem->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_CCW &&
+ !virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_VIRTIO_MEM_CCW))) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("virtio-mem isn't supported by this QEMU binary"));
return -1;
}
+ if (mem->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_CCW) {
+ /* virtio-mem-ccw has a few differences compared to virtio-mem-pci:
+ *
+ * 1) corresponding memory-backing-* object can't have a different
+ * page size than the boot memory (see s390_machine_device_plug()
+ * in qemu sources).
+ * 2) Since its commit v2.12.0-rc0~41^2~6 QEMU doesn't allow NUMA
+ * for s390.
+ */
+
+ if (mem->source.virtio_mem.pagesize != 0 &&
+ def->mem.nhugepages &&
+ mem->source.virtio_mem.pagesize != def->mem.hugepages[0].size) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("virtio-mem-ccw can't use different page size than the boot memory"));
+ return -1;
+ }
+
+ if (mem->targetNode != 0 && mem->targetNode != -1) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("NUMA nodes are not supported for virtio-mem-ccw"));
+ return -1;
+ }
+ }
+
if (mem->target.virtio_mem.dynamicMemslots == VIR_TRISTATE_BOOL_YES &&
!virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_VIRTIO_MEM_PCI_DYNAMIC_MEMSLOTS)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
@@ -5490,7 +5519,7 @@ qemuValidateDomainDeviceDef(const virDomainDeviceDef *dev,
return qemuValidateDomainDeviceDefSound(dev->data.sound, qemuCaps);
case VIR_DOMAIN_DEVICE_MEMORY:
- return qemuValidateDomainDeviceDefMemory(dev->data.memory, qemuCaps);
+ return qemuValidateDomainDeviceDefMemory(dev->data.memory, def, qemuCaps);
case VIR_DOMAIN_DEVICE_SHMEM:
return qemuValidateDomainDeviceDefShmem(dev->data.shmem, qemuCaps);
--
2.49.0

337
SOURCES/libvirt-qemu-add-IOMMU-model-amd.patch Normal file
View File

@ -0,0 +1,337 @@
From 62862c4c7302758d304dd876f26712a75df26e08 Mon Sep 17 00:00:00 2001
Message-ID: <62862c4c7302758d304dd876f26712a75df26e08.1752749355.git.jdenemar@redhat.com>
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
Date: Fri, 14 Mar 2025 17:13:09 +0100
Subject: [PATCH] qemu: add IOMMU model amd
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Introduce a new IOMMU device model 'amd', both the parser
and the formatter for QEMU because of our enum warnings.
https://issues.redhat.com/browse/RHEL-50560
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
(cherry picked from commit 14760600914ea6b5da778dd470823e734becf630)
Signed-off-by: Ján Tomko <jtomko@redhat.com>
---
docs/formatdomain.rst | 5 ++-
src/conf/domain_conf.c | 1 +
src/conf/domain_conf.h | 1 +
src/conf/domain_validate.c | 13 +++++++
src/conf/schemas/domaincommon.rng | 1 +
src/qemu/qemu_command.c | 28 +++++++++++++
src/qemu/qemu_domain_address.c | 4 ++
src/qemu/qemu_validate.c | 22 +++++++++++
.../amd-iommu.x86_64-latest.args | 35 +++++++++++++++++
.../amd-iommu.x86_64-latest.xml | 1 +
tests/qemuxmlconfdata/amd-iommu.xml | 39 +++++++++++++++++++
tests/qemuxmlconftest.c | 2 +
12 files changed, 150 insertions(+), 2 deletions(-)
create mode 100644 tests/qemuxmlconfdata/amd-iommu.x86_64-latest.args
create mode 120000 tests/qemuxmlconfdata/amd-iommu.x86_64-latest.xml
create mode 100644 tests/qemuxmlconfdata/amd-iommu.xml
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index a950ee1cb4..ec7bdb07d0 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -8841,8 +8841,9 @@ Example:
``model``
Supported values are ``intel`` (for Q35 guests) ``smmuv3``
- (:since:`since 5.5.0`, for ARM virt guests), and ``virtio``
- (:since:`since 8.3.0`, for Q35 and ARM virt guests).
+ (:since:`since 5.5.0`, for ARM virt guests), ``virtio``
+ (:since:`since 8.3.0`, for Q35 and ARM virt guests) and
+ ``amd`` (:since:`since 11.5.0`).
``driver``
The ``driver`` subelement can be used to configure additional options, some
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 726c3095ed..7c8591e509 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -1349,6 +1349,7 @@ VIR_ENUM_IMPL(virDomainIOMMUModel,
"intel",
"smmuv3",
"virtio",
+ "amd",
);
VIR_ENUM_IMPL(virDomainVsockModel,
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 20be6f7c05..343bb9bae0 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2973,6 +2973,7 @@ typedef enum {
VIR_DOMAIN_IOMMU_MODEL_INTEL,
VIR_DOMAIN_IOMMU_MODEL_SMMUV3,
VIR_DOMAIN_IOMMU_MODEL_VIRTIO,
+ VIR_DOMAIN_IOMMU_MODEL_AMD,
VIR_DOMAIN_IOMMU_MODEL_LAST
} virDomainIOMMUModel;
diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index 9cedc8d6d2..483cfbbe08 100644
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -2986,6 +2986,18 @@ virDomainIOMMUDefValidate(const virDomainIOMMUDef *iommu)
}
break;
+ case VIR_DOMAIN_IOMMU_MODEL_AMD:
+ if (iommu->caching_mode != VIR_TRISTATE_SWITCH_ABSENT ||
+ iommu->eim != VIR_TRISTATE_SWITCH_ABSENT ||
+ iommu->aw_bits != 0 ||
+ iommu->dma_translation != VIR_TRISTATE_SWITCH_ABSENT) {
+ virReportError(VIR_ERR_XML_ERROR,
+ _("iommu model '%1$s' doesn't support some additional attributes"),
+ virDomainIOMMUModelTypeToString(iommu->model));
+ return -1;
+ }
+ break;
+
case VIR_DOMAIN_IOMMU_MODEL_INTEL:
case VIR_DOMAIN_IOMMU_MODEL_LAST:
break;
@@ -3003,6 +3015,7 @@ virDomainIOMMUDefValidate(const virDomainIOMMUDef *iommu)
break;
case VIR_DOMAIN_IOMMU_MODEL_VIRTIO:
+ case VIR_DOMAIN_IOMMU_MODEL_AMD:
case VIR_DOMAIN_IOMMU_MODEL_LAST:
break;
}
diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng
index d46eb44588..38a0586f40 100644
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@@ -6174,6 +6174,7 @@
<value>intel</value>
<value>smmuv3</value>
<value>virtio</value>
+ <value>amd</value>
</choice>
</attribute>
<interleave>
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index fb70c79a94..de535029a8 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -6051,6 +6051,7 @@ qemuBuildIOMMUCommandLine(virCommand *cmd,
virQEMUCaps *qemuCaps)
{
g_autoptr(virJSONValue) props = NULL;
+ g_autoptr(virJSONValue) wrapperProps = NULL;
const virDomainIOMMUDef *iommu = def->iommu;
if (!iommu)
@@ -6095,6 +6096,32 @@ qemuBuildIOMMUCommandLine(virCommand *cmd,
/* There is no -device for SMMUv3, so nothing to be done here */
return 0;
+ case VIR_DOMAIN_IOMMU_MODEL_AMD:
+ if (virJSONValueObjectAdd(&wrapperProps,
+ "s:driver", "AMDVI-PCI",
+ "s:id", iommu->info.alias,
+ NULL) < 0)
+ return -1;
+
+ if (qemuBuildDeviceAddressProps(wrapperProps, def, &iommu->info) < 0)
+ return -1;
+
+ if (qemuBuildDeviceCommandlineFromJSON(cmd, wrapperProps, def, qemuCaps) < 0)
+ return -1;
+
+ if (virJSONValueObjectAdd(&props,
+ "s:driver", "amd-iommu",
+ "s:pci-id", iommu->info.alias,
+ "S:intremap", qemuOnOffAuto(iommu->intremap),
+ "T:device-iotlb", iommu->iotlb,
+ NULL) < 0)
+ return -1;
+
+ if (qemuBuildDeviceCommandlineFromJSON(cmd, props, def, qemuCaps) < 0)
+ return -1;
+
+ return 0;
+
case VIR_DOMAIN_IOMMU_MODEL_LAST:
default:
virReportEnumRangeError(virDomainIOMMUModel, iommu->model);
@@ -6921,6 +6948,7 @@ qemuBuildMachineCommandLine(virCommand *cmd,
case VIR_DOMAIN_IOMMU_MODEL_INTEL:
case VIR_DOMAIN_IOMMU_MODEL_VIRTIO:
+ case VIR_DOMAIN_IOMMU_MODEL_AMD:
/* These IOMMUs are formatted in qemuBuildIOMMUCommandLine */
break;
diff --git a/src/qemu/qemu_domain_address.c b/src/qemu/qemu_domain_address.c
index b73ac9ebf1..d8ab5a03f7 100644
--- a/src/qemu/qemu_domain_address.c
+++ b/src/qemu/qemu_domain_address.c
@@ -941,6 +941,9 @@ qemuDomainDeviceCalculatePCIConnectFlags(virDomainDeviceDef *dev,
case VIR_DOMAIN_IOMMU_MODEL_VIRTIO:
return virtioFlags | VIR_PCI_CONNECT_INTEGRATED;
+ case VIR_DOMAIN_IOMMU_MODEL_AMD:
+ return pciFlags | VIR_PCI_CONNECT_INTEGRATED;
+
case VIR_DOMAIN_IOMMU_MODEL_INTEL:
case VIR_DOMAIN_IOMMU_MODEL_SMMUV3:
case VIR_DOMAIN_IOMMU_MODEL_LAST:
@@ -2359,6 +2362,7 @@ qemuDomainAssignDevicePCISlots(virDomainDef *def,
switch (iommu->model) {
case VIR_DOMAIN_IOMMU_MODEL_VIRTIO:
+ case VIR_DOMAIN_IOMMU_MODEL_AMD:
if (virDeviceInfoPCIAddressIsWanted(&iommu->info) &&
qemuDomainPCIAddressReserveNextAddr(addrs, &iommu->info) < 0) {
return -1;
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index 97f8f58ffd..ddfb14399a 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -5153,6 +5153,28 @@ qemuValidateDomainDeviceDefIOMMU(const virDomainIOMMUDef *iommu,
}
break;
+ case VIR_DOMAIN_IOMMU_MODEL_AMD:
+ if (!qemuDomainIsQ35(def)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("IOMMU device: '%1$s' is only supported with Q35 machines"),
+ virDomainIOMMUModelTypeToString(iommu->model));
+ return -1;
+ }
+ if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_AMD_IOMMU_PCI_ID)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("IOMMU device: '%1$s' is not supported with this QEMU binary"),
+ virDomainIOMMUModelTypeToString(iommu->model));
+ return -1;
+ }
+ if (iommu->info.type != VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE &&
+ iommu->info.type != VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("IOMMU device: '%1$s' needs a PCI address"),
+ virDomainIOMMUModelTypeToString(iommu->model));
+ return -1;
+ }
+ break;
+
case VIR_DOMAIN_IOMMU_MODEL_LAST:
default:
virReportEnumRangeError(virDomainIOMMUModel, iommu->model);
diff --git a/tests/qemuxmlconfdata/amd-iommu.x86_64-latest.args b/tests/qemuxmlconfdata/amd-iommu.x86_64-latest.args
new file mode 100644
index 0000000000..36244edb3a
--- /dev/null
+++ b/tests/qemuxmlconfdata/amd-iommu.x86_64-latest.args
@@ -0,0 +1,35 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1 \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.local/share \
+XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.cache \
+XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=QEMUGuest1,debug-threads=on \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-QEMUGuest1/master-key.aes"}' \
+-machine q35,usb=off,kernel_irqchip=split,dump-guest-core=off,memory-backend=pc.ram,acpi=on \
+-accel kvm \
+-cpu qemu64 \
+-m size=219136k \
+-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":224395264}' \
+-overcommit mem-lock=off \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-boot strict=on \
+-device '{"driver":"AMDVI-PCI","id":"iommu0","bus":"pcie.0","addr":"0x1"}' \
+-device '{"driver":"amd-iommu","pci-id":"iommu0","intremap":"on","device-iotlb":true}' \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-global ICH9-LPC.noreboot=off \
+-watchdog-action reset \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+-msg timestamp=on
diff --git a/tests/qemuxmlconfdata/amd-iommu.x86_64-latest.xml b/tests/qemuxmlconfdata/amd-iommu.x86_64-latest.xml
new file mode 120000
index 0000000000..5ba3d4b91b
--- /dev/null
+++ b/tests/qemuxmlconfdata/amd-iommu.x86_64-latest.xml
@@ -0,0 +1 @@
+amd-iommu.xml
\ No newline at end of file
diff --git a/tests/qemuxmlconfdata/amd-iommu.xml b/tests/qemuxmlconfdata/amd-iommu.xml
new file mode 100644
index 0000000000..0668ed4237
--- /dev/null
+++ b/tests/qemuxmlconfdata/amd-iommu.xml
@@ -0,0 +1,39 @@
+<domain type='kvm'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219100</memory>
+ <currentMemory unit='KiB'>219100</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='x86_64' machine='q35'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <features>
+ <acpi/>
+ <ioapic driver='qemu'/>
+ </features>
+ <cpu mode='custom' match='exact' check='none'>
+ <model fallback='forbid'>qemu64</model>
+ </cpu>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='pci' index='0' model='pcie-root'/>
+ <controller type='usb' index='0' model='none'/>
+ <controller type='sata' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
+ </controller>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <audio id='1' type='none'/>
+ <watchdog model='itco' action='reset'/>
+ <memballoon model='none'/>
+ <iommu model='amd'>
+ <driver intremap='on' iotlb='on'/>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
+ </iommu>
+ </devices>
+</domain>
diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
index bed562286d..e59ed73088 100644
--- a/tests/qemuxmlconftest.c
+++ b/tests/qemuxmlconftest.c
@@ -2774,6 +2774,8 @@ mymain(void)
DO_TEST_CAPS_LATEST("acpi-table");
DO_TEST_CAPS_LATEST("acpi-table-many");
+ DO_TEST_CAPS_LATEST("amd-iommu");
+
DO_TEST_CAPS_LATEST("intel-iommu");
DO_TEST_CAPS_LATEST("intel-iommu-caching-mode");
DO_TEST_CAPS_LATEST("intel-iommu-eim");
--
2.50.1

34
SOURCES/libvirt-qemu-add-ability-to-set-TLS-priority-string-with-QEMU.patch
View File

@ -1,5 +1,5 @@
From d9935026fcc24f52bf9672962c331b91c002e38a Mon Sep 17 00:00:00 2001
Message-ID: <d9935026fcc24f52bf9672962c331b91c002e38a.1754419285.git.jdenemar@redhat.com>
From 40243a6838c8f22c2be519ff8347c03c730caf45 Mon Sep 17 00:00:00 2001
Message-ID: <40243a6838c8f22c2be519ff8347c03c730caf45.1755522824.git.jdenemar@redhat.com>
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Wed, 16 Jul 2025 16:40:01 +0100
Subject: [PATCH] qemu: add ability to set TLS priority string with QEMU
@ -54,7 +54,7 @@ Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 14e41ac9f365b148e69088c5ffeb565a0f9ba326)
- Added dummy vxhsTLSpriority field and adapted old test data files
Resolves: https://issues.redhat.com/browse/RHEL-106277
Resolves: https://issues.redhat.com/browse/RHEL-106276
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
src/conf/storage_source_conf.c | 2 +
@ -271,10 +271,10 @@ index 4e77543fa8..4d94703807 100644
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 24dac0ce0f..a2cf974e75 100644
index fffc8be08a..243729800b 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -1229,6 +1229,7 @@ qemuBuildObjectSecretCommandLine(virCommand *cmd,
@@ -1253,6 +1253,7 @@ qemuBuildObjectSecretCommandLine(virCommand *cmd,
* @tlspath: path to the TLS credentials
* @listen: boolean listen for client or server setting
* @verifypeer: boolean to enable peer verification (form of authorization)
@ -282,7 +282,7 @@ index 24dac0ce0f..a2cf974e75 100644
* @alias: alias for the TLS credentials object
* @secalias: if one exists, the alias of the security object for passwordid
* @propsret: json properties to return
@@ -1241,6 +1242,7 @@ int
@@ -1265,6 +1266,7 @@ int
qemuBuildTLSx509BackendProps(const char *tlspath,
bool isListen,
bool verifypeer,
@ -290,7 +290,7 @@ index 24dac0ce0f..a2cf974e75 100644
const char *alias,
const char *secalias,
virJSONValue **propsret)
@@ -1249,6 +1251,7 @@ qemuBuildTLSx509BackendProps(const char *tlspath,
@@ -1273,6 +1275,7 @@ qemuBuildTLSx509BackendProps(const char *tlspath,
"s:dir", tlspath,
"s:endpoint", (isListen ? "server": "client"),
"b:verify-peer", (isListen ? verifypeer : true),
@ -298,7 +298,7 @@ index 24dac0ce0f..a2cf974e75 100644
"S:passwordid", secalias,
NULL) < 0)
return -1;
@@ -1262,6 +1265,7 @@ qemuBuildTLSx509BackendProps(const char *tlspath,
@@ -1286,6 +1289,7 @@ qemuBuildTLSx509BackendProps(const char *tlspath,
* @tlspath: path to the TLS credentials
* @listen: boolean listen for client or server setting
* @verifypeer: boolean to enable peer verification (form of authorization)
@ -306,7 +306,7 @@ index 24dac0ce0f..a2cf974e75 100644
* @certEncSecretAlias: alias of a 'secret' object for decrypting TLS private key
* (optional)
* @alias: TLS object alias
@@ -1276,14 +1280,15 @@ qemuBuildTLSx509CommandLine(virCommand *cmd,
@@ -1300,14 +1304,15 @@ qemuBuildTLSx509CommandLine(virCommand *cmd,
const char *tlspath,
bool isListen,
bool verifypeer,
@ -324,7 +324,7 @@ index 24dac0ce0f..a2cf974e75 100644
return -1;
if (qemuBuildObjectCommandlineFromJSON(cmd, props, qemuCaps) < 0)
@@ -1326,6 +1331,7 @@ qemuBuildChardevCommand(virCommand *cmd,
@@ -1350,6 +1355,7 @@ qemuBuildChardevCommand(virCommand *cmd,
if (qemuBuildTLSx509CommandLine(cmd, chrSourcePriv->tlsCertPath,
dev->data.tcp.listen,
chrSourcePriv->tlsVerify,
@ -332,7 +332,7 @@ index 24dac0ce0f..a2cf974e75 100644
tlsCertEncSecAlias,
objalias, qemuCaps) < 0) {
return -1;
@@ -8082,6 +8088,7 @@ qemuBuildGraphicsVNCCommandLine(virQEMUDriverConfig *cfg,
@@ -8144,6 +8150,7 @@ qemuBuildGraphicsVNCCommandLine(virQEMUDriverConfig *cfg,
cfg->vncTLSx509certdir,
true,
cfg->vncTLSx509verify,
@ -340,7 +340,7 @@ index 24dac0ce0f..a2cf974e75 100644
secretAlias,
gfxPriv->tlsAlias,
qemuCaps) < 0)
@@ -10933,8 +10940,8 @@ qemuBuildStorageSourceAttachPrepareCommon(virStorageSource *src,
@@ -10995,8 +11002,8 @@ qemuBuildStorageSourceAttachPrepareCommon(virStorageSource *src,
}
if (src->haveTLS == VIR_TRISTATE_BOOL_YES &&
@ -463,7 +463,7 @@ index 42cdb6f883..b650f52262 100644
unsigned int remotePortMin;
unsigned int remotePortMax;
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 95cca36fe1..de13d45066 100644
index cc47adb724..8879a45ffb 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -955,6 +955,7 @@ qemuDomainChrSourcePrivateDispose(void *obj)
@ -474,7 +474,7 @@ index 95cca36fe1..de13d45066 100644
g_free(priv->tlsCredsAlias);
@@ -8684,6 +8685,7 @@ qemuDomainPrepareChardevSourceOne(virDomainDeviceDef *dev,
@@ -8686,6 +8687,7 @@ qemuDomainPrepareChardevSourceOne(virDomainDeviceDef *dev,
if (charsrc->data.tcp.haveTLS == VIR_TRISTATE_BOOL_YES) {
charpriv->tlsCertPath = g_strdup(data->cfg->chardevTLSx509certdir);
@ -482,7 +482,7 @@ index 95cca36fe1..de13d45066 100644
charpriv->tlsVerify = data->cfg->chardevTLSx509verify;
}
}
@@ -8783,6 +8785,7 @@ qemuProcessPrepareStorageSourceTLSNBD(virStorageSource *src,
@@ -8785,6 +8787,7 @@ qemuProcessPrepareStorageSourceTLSNBD(virStorageSource *src,
src->tlsAlias = qemuAliasTLSObjFromSrcAlias(parentAlias);
src->tlsCertdir = g_strdup(cfg->nbdTLSx509certdir);
@ -491,7 +491,7 @@ index 95cca36fe1..de13d45066 100644
if (cfg->nbdTLSx509secretUUID) {
qemuDomainStorageSourcePrivate *srcpriv = qemuDomainStorageSourcePrivateFetch(src);
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index 79bdc4e8fe..ac08babb92 100644
index 63f422bbcb..3f16f86da8 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -381,6 +381,7 @@ struct _qemuDomainChrSourcePrivate {
@ -651,7 +651,7 @@ index c227a04112..492d1be626 100644
-device '{"driver":"isa-serial","chardev":"charserial1","id":"serial1","index":1}' \
-audiodev '{"id":"audio1","driver":"none"}' \
diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
index 049ca630a8..ba19029d95 100644
index e59ed73088..a0af6429d1 100644
--- a/tests/qemuxmlconftest.c
+++ b/tests/qemuxmlconftest.c
@@ -1598,7 +1598,9 @@ mymain(void)

6
SOURCES/libvirt-qemu-fix-order-of-VNC-TLS-config-entries.patch
View File

@ -1,5 +1,5 @@
From aab5d03bf61c67445ff9294dc872fe5c737c3c92 Mon Sep 17 00:00:00 2001
Message-ID: <aab5d03bf61c67445ff9294dc872fe5c737c3c92.1754419285.git.jdenemar@redhat.com>
From 5df4d5dc38491553e3d1e454f1cd233bda0b990a Mon Sep 17 00:00:00 2001
Message-ID: <5df4d5dc38491553e3d1e454f1cd233bda0b990a.1755522824.git.jdenemar@redhat.com>
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Wed, 16 Jul 2025 16:32:05 +0100
Subject: [PATCH] qemu: fix order of VNC TLS config entries
@ -14,7 +14,7 @@ Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 845e1b5138f37dbf91e5b08b7d54d963a6ec0452)
Resolves: https://issues.redhat.com/browse/RHEL-106277
Resolves: https://issues.redhat.com/browse/RHEL-106276
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
src/qemu/libvirtd_qemu.aug | 2 +-

253
SOURCES/libvirt-qemu-introduce-QEMU_CAPS_AMD_IOMMU.patch Normal file
View File

@ -0,0 +1,253 @@
From 1910eee655456fff9f60e1a8d27e6b608a390953 Mon Sep 17 00:00:00 2001
Message-ID: <1910eee655456fff9f60e1a8d27e6b608a390953.1752749355.git.jdenemar@redhat.com>
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
Date: Wed, 12 Mar 2025 16:10:31 +0100
Subject: [PATCH] qemu: introduce QEMU_CAPS_AMD_IOMMU
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Check for the presence of the amd-iommu device, so we can conditionalize
probing for its properties.
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
(cherry picked from commit 14192af47ab8eda8bb9b9eee14fd1090addbb731)
https://issues.redhat.com/browse/RHEL-50560
Signed-off-by: Ján Tomko <jtomko@redhat.com>
---
src/qemu/qemu_capabilities.c | 2 ++
src/qemu/qemu_capabilities.h | 1 +
tests/qemucapabilitiesdata/caps_10.0.0_x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_5.2.0_x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_6.0.0_x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_6.1.0_x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_6.2.0_x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_7.0.0_x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_7.1.0_x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_7.2.0_x86_64+hvf.xml | 1 +
tests/qemucapabilitiesdata/caps_7.2.0_x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_8.0.0_x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_8.1.0_x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_8.2.0_x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_9.0.0_x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_9.1.0_x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_9.2.0_x86_64.xml | 1 +
17 files changed, 18 insertions(+)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 6bff55f58e..8db6d19fda 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -726,6 +726,7 @@ VIR_ENUM_IMPL(virQEMUCaps,
/* 470 */
"virtio-mem-ccw", /* QEMU_CAPS_DEVICE_VIRTIO_MEM_CCW */
"blockdev-set-active", /* QEMU_CAPS_BLOCKDEV_SET_ACTIVE */
+ "amd-iommu", /* QEMU_CAPS_AMD_IOMMU */
);
@@ -1416,6 +1417,7 @@ struct virQEMUCapsStringFlags virQEMUCapsObjectTypes[] = {
{ "sev-snp-guest", QEMU_CAPS_SEV_SNP_GUEST },
{ "acpi-erst", QEMU_CAPS_DEVICE_ACPI_ERST },
{ "virtio-mem-ccw", QEMU_CAPS_DEVICE_VIRTIO_MEM_CCW },
+ { "amd-iommu", QEMU_CAPS_AMD_IOMMU },
};
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 8de392bf0f..484d1b5f1d 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -705,6 +705,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */
/* 470 */
QEMU_CAPS_DEVICE_VIRTIO_MEM_CCW, /* -device virtio-mem-ccw */
QEMU_CAPS_BLOCKDEV_SET_ACTIVE, /* blockdev-set-active QMP command supported */
+ QEMU_CAPS_AMD_IOMMU, /* -device amd-iommu */
QEMU_CAPS_LAST /* this must always be the last item */
} virQEMUCapsFlags;
diff --git a/tests/qemucapabilitiesdata/caps_10.0.0_x86_64.xml b/tests/qemucapabilitiesdata/caps_10.0.0_x86_64.xml
index e09b6e6e1a..8854b48a56 100644
--- a/tests/qemucapabilitiesdata/caps_10.0.0_x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_10.0.0_x86_64.xml
@@ -211,6 +211,7 @@
<flag name='chardev-reconnect-miliseconds'/>
<flag name='netdev-stream-reconnect-miliseconds'/>
<flag name='blockdev-set-active'/>
+ <flag name='amd-iommu'/>
<version>9002050</version>
<microcodeVersion>43100285</microcodeVersion>
<package>v9.2.0-1636-gffaf7f0376</package>
diff --git a/tests/qemucapabilitiesdata/caps_5.2.0_x86_64.xml b/tests/qemucapabilitiesdata/caps_5.2.0_x86_64.xml
index 4cd05fa7ec..c46b023c78 100644
--- a/tests/qemucapabilitiesdata/caps_5.2.0_x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_5.2.0_x86_64.xml
@@ -161,6 +161,7 @@
<flag name='virtio-crypto'/>
<flag name='usb-mtp'/>
<flag name='netdev.user'/>
+ <flag name='amd-iommu'/>
<version>5002000</version>
<microcodeVersion>43100243</microcodeVersion>
<package>v5.2.0</package>
diff --git a/tests/qemucapabilitiesdata/caps_6.0.0_x86_64.xml b/tests/qemucapabilitiesdata/caps_6.0.0_x86_64.xml
index a8897fb80b..c7f2da0de6 100644
--- a/tests/qemucapabilitiesdata/caps_6.0.0_x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_6.0.0_x86_64.xml
@@ -174,6 +174,7 @@
<flag name='usb-mtp'/>
<flag name='netdev.user'/>
<flag name='snapshot-internal-qmp'/>
+ <flag name='amd-iommu'/>
<version>6000000</version>
<microcodeVersion>43100242</microcodeVersion>
<package>v6.0.0</package>
diff --git a/tests/qemucapabilitiesdata/caps_6.1.0_x86_64.xml b/tests/qemucapabilitiesdata/caps_6.1.0_x86_64.xml
index 0f2995a2d3..c3792a2ba8 100644
--- a/tests/qemucapabilitiesdata/caps_6.1.0_x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_6.1.0_x86_64.xml
@@ -180,6 +180,7 @@
<flag name='usb-mtp'/>
<flag name='netdev.user'/>
<flag name='snapshot-internal-qmp'/>
+ <flag name='amd-iommu'/>
<version>6001000</version>
<microcodeVersion>43100243</microcodeVersion>
<package>v6.1.0</package>
diff --git a/tests/qemucapabilitiesdata/caps_6.2.0_x86_64.xml b/tests/qemucapabilitiesdata/caps_6.2.0_x86_64.xml
index 582b0e9b52..8c904abf1f 100644
--- a/tests/qemucapabilitiesdata/caps_6.2.0_x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_6.2.0_x86_64.xml
@@ -182,6 +182,7 @@
<flag name='usb-mtp'/>
<flag name='netdev.user'/>
<flag name='snapshot-internal-qmp'/>
+ <flag name='amd-iommu'/>
<version>6002000</version>
<microcodeVersion>43100244</microcodeVersion>
<package>v6.2.0</package>
diff --git a/tests/qemucapabilitiesdata/caps_7.0.0_x86_64.xml b/tests/qemucapabilitiesdata/caps_7.0.0_x86_64.xml
index fd317a9afa..0268960643 100644
--- a/tests/qemucapabilitiesdata/caps_7.0.0_x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_7.0.0_x86_64.xml
@@ -190,6 +190,7 @@
<flag name='acpi-erst'/>
<flag name='machine-i8042-opt'/>
<flag name='snapshot-internal-qmp'/>
+ <flag name='amd-iommu'/>
<version>7000000</version>
<microcodeVersion>43100243</microcodeVersion>
<package>v7.0.0</package>
diff --git a/tests/qemucapabilitiesdata/caps_7.1.0_x86_64.xml b/tests/qemucapabilitiesdata/caps_7.1.0_x86_64.xml
index 32e4e8e1bb..8c0534264c 100644
--- a/tests/qemucapabilitiesdata/caps_7.1.0_x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_7.1.0_x86_64.xml
@@ -195,6 +195,7 @@
<flag name='intel-iommu.dma-translation'/>
<flag name='machine-i8042-opt'/>
<flag name='snapshot-internal-qmp'/>
+ <flag name='amd-iommu'/>
<version>7001000</version>
<microcodeVersion>43100244</microcodeVersion>
<package>v7.1.0</package>
diff --git a/tests/qemucapabilitiesdata/caps_7.2.0_x86_64+hvf.xml b/tests/qemucapabilitiesdata/caps_7.2.0_x86_64+hvf.xml
index 0ebcb94a31..6e2204602b 100644
--- a/tests/qemucapabilitiesdata/caps_7.2.0_x86_64+hvf.xml
+++ b/tests/qemucapabilitiesdata/caps_7.2.0_x86_64+hvf.xml
@@ -199,6 +199,7 @@
<flag name='intel-iommu.dma-translation'/>
<flag name='machine-i8042-opt'/>
<flag name='snapshot-internal-qmp'/>
+ <flag name='amd-iommu'/>
<version>7002000</version>
<microcodeVersion>43100245</microcodeVersion>
<package>v7.2.0</package>
diff --git a/tests/qemucapabilitiesdata/caps_7.2.0_x86_64.xml b/tests/qemucapabilitiesdata/caps_7.2.0_x86_64.xml
index 025ced01d9..6daef743bf 100644
--- a/tests/qemucapabilitiesdata/caps_7.2.0_x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_7.2.0_x86_64.xml
@@ -199,6 +199,7 @@
<flag name='intel-iommu.dma-translation'/>
<flag name='machine-i8042-opt'/>
<flag name='snapshot-internal-qmp'/>
+ <flag name='amd-iommu'/>
<version>7002000</version>
<microcodeVersion>43100245</microcodeVersion>
<package>v7.2.0</package>
diff --git a/tests/qemucapabilitiesdata/caps_8.0.0_x86_64.xml b/tests/qemucapabilitiesdata/caps_8.0.0_x86_64.xml
index 5f45788b77..f28b8df68e 100644
--- a/tests/qemucapabilitiesdata/caps_8.0.0_x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_8.0.0_x86_64.xml
@@ -203,6 +203,7 @@
<flag name='intel-iommu.dma-translation'/>
<flag name='machine-i8042-opt'/>
<flag name='snapshot-internal-qmp'/>
+ <flag name='amd-iommu'/>
<version>8000000</version>
<microcodeVersion>43100244</microcodeVersion>
<package>v8.0.0</package>
diff --git a/tests/qemucapabilitiesdata/caps_8.1.0_x86_64.xml b/tests/qemucapabilitiesdata/caps_8.1.0_x86_64.xml
index 7dee7f94c2..d6fbb11064 100644
--- a/tests/qemucapabilitiesdata/caps_8.1.0_x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_8.1.0_x86_64.xml
@@ -205,6 +205,7 @@
<flag name='intel-iommu.dma-translation'/>
<flag name='machine-i8042-opt'/>
<flag name='snapshot-internal-qmp'/>
+ <flag name='amd-iommu'/>
<version>8001000</version>
<microcodeVersion>43100245</microcodeVersion>
<package>v8.1.0</package>
diff --git a/tests/qemucapabilitiesdata/caps_8.2.0_x86_64.xml b/tests/qemucapabilitiesdata/caps_8.2.0_x86_64.xml
index 51e14736cd..27ecaee290 100644
--- a/tests/qemucapabilitiesdata/caps_8.2.0_x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_8.2.0_x86_64.xml
@@ -208,6 +208,7 @@
<flag name='intel-iommu.dma-translation'/>
<flag name='machine-i8042-opt'/>
<flag name='snapshot-internal-qmp'/>
+ <flag name='amd-iommu'/>
<version>8002000</version>
<microcodeVersion>43100246</microcodeVersion>
<package>v8.2.0</package>
diff --git a/tests/qemucapabilitiesdata/caps_9.0.0_x86_64.xml b/tests/qemucapabilitiesdata/caps_9.0.0_x86_64.xml
index 4b64547b11..452e7384c0 100644
--- a/tests/qemucapabilitiesdata/caps_9.0.0_x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_9.0.0_x86_64.xml
@@ -210,6 +210,7 @@
<flag name='intel-iommu.dma-translation'/>
<flag name='machine-i8042-opt'/>
<flag name='snapshot-internal-qmp'/>
+ <flag name='amd-iommu'/>
<version>9000000</version>
<microcodeVersion>43100245</microcodeVersion>
<package>v9.0.0</package>
diff --git a/tests/qemucapabilitiesdata/caps_9.1.0_x86_64.xml b/tests/qemucapabilitiesdata/caps_9.1.0_x86_64.xml
index 06600f48fb..26883bd672 100644
--- a/tests/qemucapabilitiesdata/caps_9.1.0_x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_9.1.0_x86_64.xml
@@ -208,6 +208,7 @@
<flag name='intel-iommu.dma-translation'/>
<flag name='machine-i8042-opt'/>
<flag name='snapshot-internal-qmp'/>
+ <flag name='amd-iommu'/>
<version>9001000</version>
<microcodeVersion>43100246</microcodeVersion>
<package>v9.1.0</package>
diff --git a/tests/qemucapabilitiesdata/caps_9.2.0_x86_64.xml b/tests/qemucapabilitiesdata/caps_9.2.0_x86_64.xml
index 982b7ad436..1353761fab 100644
--- a/tests/qemucapabilitiesdata/caps_9.2.0_x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_9.2.0_x86_64.xml
@@ -210,6 +210,7 @@
<flag name='snapshot-internal-qmp'/>
<flag name='chardev-reconnect-miliseconds'/>
<flag name='netdev-stream-reconnect-miliseconds'/>
+ <flag name='amd-iommu'/>
<version>9001090</version>
<microcodeVersion>43100247</microcodeVersion>
<package>v9.2.0-rc0-42-g3428a3894c</package>
--
2.50.1

4646
SOURCES/libvirt-qemu-introduce-QEMU_CAPS_PCI_ID.patch Normal file
View File

File diff suppressed because it is too large Load Diff

165
SOURCES/libvirt-qemu-log-the-crash-information-for-TDX.patch Normal file
View File

@ -0,0 +1,165 @@
From 052fb2f399b0fd750421ae0451f9bc17d5660147 Mon Sep 17 00:00:00 2001
Message-ID: <052fb2f399b0fd750421ae0451f9bc17d5660147.1759835600.git.jdenemar@redhat.com>
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date: Thu, 10 Jul 2025 03:21:14 -0400
Subject: [PATCH] qemu: log the crash information for TDX
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Since QEMU 10.1.0 commit id '6e250463b08b' guest crash information for
TDX is available in the QEMU monitor, e.g.:
{
"timestamp": {
"seconds": 1752118704,
"microseconds": 27480
},
"event": "GUEST_PANICKED",
"data": {
"action": "pause",
"info": {
"error-code": 0,
"message": "TD misconfiguration: SEPT #VE has to be disabled",
"type": "tdx"
}
}
}
Let's log this information into the domain log file, e.g.:
2025-07-10 03:39:18.243+0000: panic tdx: error_code='0x0' message='TD misconfiguration: SEPT #VE has to be disabled'
Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
(cherry picked from commit 9df19f60f64f77f51b1bc1a632dfb0d30334b2dd)
Resolves: https://issues.redhat.com/browse/RHEL-111840
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
src/qemu/qemu_monitor.c | 16 ++++++++++++++++
src/qemu/qemu_monitor.h | 11 +++++++++++
src/qemu/qemu_monitor_json.c | 32 ++++++++++++++++++++++++++++++++
3 files changed, 59 insertions(+)
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index 3945aa92e5..18b877ce29 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -3916,6 +3916,19 @@ qemuMonitorGuestPanicEventInfoFormatMsg(qemuMonitorEventPanicInfo *info)
info->data.s390.psw_addr,
info->data.s390.reason);
break;
+ case QEMU_MONITOR_EVENT_PANIC_INFO_TYPE_TDX:
+ if (info->data.tdx.has_gpa)
+ ret = g_strdup_printf("tdx: error_code='0x%x' message='%s' "
+ "additional error information can be found "
+ "at gpa page: '0x%016llx'",
+ info->data.tdx.error_code,
+ info->data.tdx.message,
+ info->data.tdx.gpa);
+ else
+ ret = g_strdup_printf("tdx: error_code='0x%x' message='%s'",
+ info->data.tdx.error_code,
+ info->data.tdx.message);
+ break;
case QEMU_MONITOR_EVENT_PANIC_INFO_TYPE_NONE:
case QEMU_MONITOR_EVENT_PANIC_INFO_TYPE_LAST:
break;
@@ -3935,6 +3948,9 @@ qemuMonitorEventPanicInfoFree(qemuMonitorEventPanicInfo *info)
case QEMU_MONITOR_EVENT_PANIC_INFO_TYPE_S390:
g_free(info->data.s390.reason);
break;
+ case QEMU_MONITOR_EVENT_PANIC_INFO_TYPE_TDX:
+ g_free(info->data.tdx.message);
+ break;
case QEMU_MONITOR_EVENT_PANIC_INFO_TYPE_NONE:
case QEMU_MONITOR_EVENT_PANIC_INFO_TYPE_HYPERV:
case QEMU_MONITOR_EVENT_PANIC_INFO_TYPE_LAST:
diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
index acb3279e45..bf44c96057 100644
--- a/src/qemu/qemu_monitor.h
+++ b/src/qemu/qemu_monitor.h
@@ -38,6 +38,7 @@ typedef enum {
QEMU_MONITOR_EVENT_PANIC_INFO_TYPE_NONE = 0,
QEMU_MONITOR_EVENT_PANIC_INFO_TYPE_HYPERV,
QEMU_MONITOR_EVENT_PANIC_INFO_TYPE_S390,
+ QEMU_MONITOR_EVENT_PANIC_INFO_TYPE_TDX,
QEMU_MONITOR_EVENT_PANIC_INFO_TYPE_LAST
} qemuMonitorEventPanicInfoType;
@@ -61,12 +62,22 @@ struct _qemuMonitorEventPanicInfoS390 {
char *reason;
};
+typedef struct _qemuMonitorEventPanicInfoTDX qemuMonitorEventPanicInfoTDX;
+struct _qemuMonitorEventPanicInfoTDX {
+ /* TDX specific guest panic information */
+ int error_code;
+ char *message;
+ bool has_gpa;
+ unsigned long long gpa;
+};
+
typedef struct _qemuMonitorEventPanicInfo qemuMonitorEventPanicInfo;
struct _qemuMonitorEventPanicInfo {
qemuMonitorEventPanicInfoType type;
union {
qemuMonitorEventPanicInfoHyperv hyperv;
qemuMonitorEventPanicInfoS390 s390;
+ qemuMonitorEventPanicInfoTDX tdx;
} data;
};
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index edf6fac76e..db46bcc741 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -621,6 +621,36 @@ qemuMonitorJSONGuestPanicExtractInfoS390(virJSONValue *data)
return g_steal_pointer(&ret);
}
+static qemuMonitorEventPanicInfo *
+qemuMonitorJSONGuestPanicExtractInfoTDX(virJSONValue *data)
+{
+ g_autoptr(qemuMonitorEventPanicInfo) ret = NULL;
+ int error_code;
+ unsigned long long gpa = 0;
+ const char *message = NULL;
+ bool has_gpa;
+
+ ret = g_new0(qemuMonitorEventPanicInfo, 1);
+
+ ret->type = QEMU_MONITOR_EVENT_PANIC_INFO_TYPE_TDX;
+ has_gpa = virJSONValueObjectHasKey(data, "gpa");
+
+ if (virJSONValueObjectGetNumberInt(data, "error-code", &error_code) < 0 ||
+ !(message = virJSONValueObjectGetString(data, "message")) ||
+ (has_gpa && virJSONValueObjectGetNumberUlong(data, "gpa", &gpa) < 0)) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("malformed TDX panic data"));
+ return NULL;
+ }
+
+ ret->data.tdx.error_code = error_code;
+ ret->data.tdx.gpa = gpa;
+ ret->data.tdx.has_gpa = has_gpa;
+
+ ret->data.tdx.message = g_strdup(message);
+
+ return g_steal_pointer(&ret);
+}
+
static qemuMonitorEventPanicInfo *
qemuMonitorJSONGuestPanicExtractInfo(virJSONValue *data)
{
@@ -630,6 +660,8 @@ qemuMonitorJSONGuestPanicExtractInfo(virJSONValue *data)
return qemuMonitorJSONGuestPanicExtractInfoHyperv(data);
else if (STREQ_NULLABLE(type, "s390"))
return qemuMonitorJSONGuestPanicExtractInfoS390(data);
+ else if (STREQ_NULLABLE(type, "tdx"))
+ return qemuMonitorJSONGuestPanicExtractInfoTDX(data);
virReportError(VIR_ERR_INTERNAL_ERROR,
_("unknown panic info type '%1$s'"), NULLSTR(type));
--
2.51.0

6
SOURCES/libvirt-qemu-make-passt-vhostuser-reconnect-behave-identically-to-passt-user.patch
View File

@ -1,5 +1,5 @@
From bc0074073da43052e4a786eca70dd5fbbf023903 Mon Sep 17 00:00:00 2001
Message-ID: <bc0074073da43052e4a786eca70dd5fbbf023903.1744361503.git.jdenemar@redhat.com>
From 74aeb210bdbeba3389eff4f07860217dd8bb068e Mon Sep 17 00:00:00 2001
Message-ID: <74aeb210bdbeba3389eff4f07860217dd8bb068e.1747908718.git.jdenemar@redhat.com>
From: Laine Stump <laine@redhat.com>
Date: Fri, 4 Apr 2025 19:44:52 -0400
Subject: [PATCH] qemu: make passt+vhostuser reconnect behave identically to
@ -35,7 +35,7 @@ tests/qemuxmlconfdata/schema-reorder-domain-subelements.x86_64-latest.args:
This file (created by upstream commit be5332c81d28) was modified
upstream but doesin't exist downstream
https://issues.redhat.com/browse/RHEL-84782
https://issues.redhat.com/browse/RHEL-80169
Signed-off-by: Laine Stump <laine@redhat.com>
---
src/qemu/qemu_passt.c | 16 +++++++++++++---

8
SOURCES/libvirt-qemu-make-processNetDevStreamDisconnectedEvent-reusable.patch
View File

@ -1,5 +1,5 @@
From 718c4bc80d3af4570d75b590625bd5249aa50a8d Mon Sep 17 00:00:00 2001
Message-ID: <718c4bc80d3af4570d75b590625bd5249aa50a8d.1744361503.git.jdenemar@redhat.com>
From a34cd486d22bf36ea64a6dd14541138fcca31b37 Mon Sep 17 00:00:00 2001
Message-ID: <a34cd486d22bf36ea64a6dd14541138fcca31b37.1747908718.git.jdenemar@redhat.com>
From: Laine Stump <laine@redhat.com>
Date: Fri, 4 Apr 2025 16:57:21 -0400
Subject: [PATCH] qemu: make processNetDevStreamDisconnectedEvent() reusable
@ -23,14 +23,14 @@ src/qemu/qemu_driver.c:
processNicRxFilterChangedEvent() changed upstream (due to upstream
commit 50981052a5f)
https://issues.redhat.com/browse/RHEL-84782
https://issues.redhat.com/browse/RHEL-80169
Signed-off-by: Laine Stump <laine@redhat.com>
---
src/qemu/qemu_driver.c | 37 +++++++++++++++++++++++--------------
1 file changed, 23 insertions(+), 14 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 53dcd690f0..65e17a870d 100644
index 89bb10756e..3373dfb845 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -3618,8 +3618,9 @@ processDeviceDeletedEvent(virQEMUDriver *driver,

14
SOURCES/libvirt-qemu-parse-deprecated-props-from-query-cpu-model-expansion-response.patch
View File

@ -1,5 +1,5 @@
From 0c3803a034e519ee83837a0b24e475fbb2e2bd38 Mon Sep 17 00:00:00 2001
Message-ID: <0c3803a034e519ee83837a0b24e475fbb2e2bd38.1749027246.git.jdenemar@redhat.com>
From db00ca8dbb2feacf9307ce6e07058ff39ca7e3d6 Mon Sep 17 00:00:00 2001
Message-ID: <db00ca8dbb2feacf9307ce6e07058ff39ca7e3d6.1749039441.git.jdenemar@redhat.com>
From: Collin Walling <walling@linux.ibm.com>
Date: Mon, 16 Dec 2024 18:03:53 -0500
Subject: [PATCH] qemu: parse deprecated-props from query-cpu-model-expansion
@ -29,7 +29,7 @@ Signed-off-by: Collin Walling <walling@linux.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit 45140d293007c1b29f7563bf6ee9640e27769b96)
JIRA: https://issues.redhat.com/browse/RHEL-89977
JIRA: https://issues.redhat.com/browse/RHEL-89415
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
src/qemu/qemu_capabilities.c | 31 +++++++++++++++++++
@ -41,10 +41,10 @@ Signed-off-by: Thomas Huth <thuth@redhat.com>
6 files changed, 65 insertions(+)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 65e19965dd..50df7aeaf7 100644
index b507027667..b1faea3ac7 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -4021,6 +4021,7 @@ virQEMUCapsLoadHostCPUModelInfo(virQEMUCapsAccel *caps,
@@ -4029,6 +4029,7 @@ virQEMUCapsLoadHostCPUModelInfo(virQEMUCapsAccel *caps,
const char *typeStr)
{
xmlNodePtr hostCPUNode;
@ -52,7 +52,7 @@ index 65e19965dd..50df7aeaf7 100644
g_autofree xmlNodePtr *nodes = NULL;
VIR_XPATH_NODE_AUTORESTORE(ctxt)
g_autoptr(qemuMonitorCPUModelInfo) hostCPU = NULL;
@@ -4113,6 +4114,24 @@ virQEMUCapsLoadHostCPUModelInfo(virQEMUCapsAccel *caps,
@@ -4121,6 +4122,24 @@ virQEMUCapsLoadHostCPUModelInfo(virQEMUCapsAccel *caps,
}
}
@ -77,7 +77,7 @@ index 65e19965dd..50df7aeaf7 100644
caps->hostCPU.info = g_steal_pointer(&hostCPU);
return 0;
}
@@ -4845,6 +4864,18 @@ virQEMUCapsFormatHostCPUModelInfo(virQEMUCapsAccel *caps,
@@ -4853,6 +4872,18 @@ virQEMUCapsFormatHostCPUModelInfo(virQEMUCapsAccel *caps,
virBufferAddLit(buf, "/>\n");
}

14
SOURCES/libvirt-qemu-process-Remove-un-updated-qemuProcessStartWarnShmem.patch
View File

@ -1,5 +1,5 @@
From bc9aaea59652adb0156b68e8cd198759c9eae5b3 Mon Sep 17 00:00:00 2001
Message-ID: <bc9aaea59652adb0156b68e8cd198759c9eae5b3.1754419286.git.jdenemar@redhat.com>
From f61b747b0420d71efe33f836a1117d4741ecd716 Mon Sep 17 00:00:00 2001
Message-ID: <f61b747b0420d71efe33f836a1117d4741ecd716.1742990721.git.jdenemar@redhat.com>
From: Peter Krempa <pkrempa@redhat.com>
Date: Tue, 11 Mar 2025 09:04:18 +0100
Subject: [PATCH] qemu: process: Remove un-updated 'qemuProcessStartWarnShmem'
@ -13,16 +13,16 @@ Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 080c7fd341619a3d1986a00265addaf45b63aacf)
https://issues.redhat.com/browse/RHEL-106504
https://issues.redhat.com/browse/RHEL-84133
---
src/qemu/qemu_process.c | 54 -----------------------------------------
1 file changed, 54 deletions(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 8bddb415ac..24d0049c43 100644
index 722e982b9e..fac5678439 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -5427,56 +5427,6 @@ qemuProcessMakeDir(virQEMUDriver *driver,
@@ -5406,56 +5406,6 @@ qemuProcessMakeDir(virQEMUDriver *driver,
}
@ -79,7 +79,7 @@ index 8bddb415ac..24d0049c43 100644
static int
qemuProcessStartValidateGraphics(virDomainObj *vm)
{
@@ -5711,10 +5661,6 @@ qemuProcessStartValidate(virQEMUDriver *driver,
@@ -5690,10 +5640,6 @@ qemuProcessStartValidate(virQEMUDriver *driver,
if (qemuProcessStartValidateTSC(driver, vm) < 0)
return -1;
@ -91,4 +91,4 @@ index 8bddb415ac..24d0049c43 100644
}
--
2.50.1
2.49.0

10
SOURCES/libvirt-qemu-put-vhost-user-code-that-s-special-for-passt-in-a-helper-function.patch
View File

@ -1,5 +1,5 @@
From c6e5688293b765885e8b76c35ad47bc316de81aa Mon Sep 17 00:00:00 2001
Message-ID: <c6e5688293b765885e8b76c35ad47bc316de81aa.1744361503.git.jdenemar@redhat.com>
From 0cc716142961427bd257a528ef54b87b3a053ade Mon Sep 17 00:00:00 2001
Message-ID: <0cc716142961427bd257a528ef54b87b3a053ade.1747908718.git.jdenemar@redhat.com>
From: Laine Stump <laine@redhat.com>
Date: Fri, 4 Apr 2025 19:38:28 -0400
Subject: [PATCH] qemu: put vhost-user code that's special for passt in a
@ -16,7 +16,7 @@ Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 95ff77f2896478e039673bb552affec2c5a5e822)
https://issues.redhat.com/browse/RHEL-84782
https://issues.redhat.com/browse/RHEL-80169
Signed-off-by: Laine Stump <laine@redhat.com>
---
src/qemu/qemu_hotplug.c | 7 +------
@ -87,10 +87,10 @@ index e0b9aaac8d..ea545ccf38 100644
char *qemuPasstCreateSocketPath(virDomainObj *vm,
virDomainNetDef *net);
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index f5c277203f..c80d7bb6dc 100644
index 2076ad8208..c1ae324ad4 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -5952,13 +5952,8 @@ qemuProcessPrepareDomainNetwork(virDomainObj *vm)
@@ -5898,13 +5898,8 @@ qemuProcessPrepareDomainNetwork(virDomainObj *vm)
case VIR_DOMAIN_NET_TYPE_VHOSTUSER:
if (net->backend.type == VIR_DOMAIN_NET_BACKEND_PASST) {

8
SOURCES/libvirt-qemu-remove-nonsensical-sanity-check-in-processNetdevStreamDisconnectedEvent.patch
View File

@ -1,5 +1,5 @@
From f6d606779aaedc8a6d958a2e97b462df390cb0a5 Mon Sep 17 00:00:00 2001
Message-ID: <f6d606779aaedc8a6d958a2e97b462df390cb0a5.1744361503.git.jdenemar@redhat.com>
From 13ff514007822c650ad0f3006882e2f85aab9b48 Mon Sep 17 00:00:00 2001
Message-ID: <13ff514007822c650ad0f3006882e2f85aab9b48.1747908718.git.jdenemar@redhat.com>
From: Laine Stump <laine@redhat.com>
Date: Fri, 4 Apr 2025 16:48:23 -0400
Subject: [PATCH] qemu: remove nonsensical sanity check in
@ -21,14 +21,14 @@ Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 51a54dc1c4ecf37d60acee1cb94252e51c5ef627)
https://issues.redhat.com/browse/RHEL-84782
https://issues.redhat.com/browse/RHEL-80169
Signed-off-by: Laine Stump <laine@redhat.com>
---
src/qemu/qemu_driver.c | 7 -------
1 file changed, 7 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index f8f3d2c725..53dcd690f0 100644
index 11dbbc1aab..89bb10756e 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -3623,7 +3623,6 @@ processNetdevStreamDisconnectedEvent(virDomainObj *vm,

18
SOURCES/libvirt-qemu-respond-to-NETDEV_VHOST_USER_DISCONNECTED-event.patch
View File

@ -1,5 +1,5 @@
From 874251dd0b6fdbf3a0be8e494f83001e5f028868 Mon Sep 17 00:00:00 2001
Message-ID: <874251dd0b6fdbf3a0be8e494f83001e5f028868.1744361503.git.jdenemar@redhat.com>
From 1be043d47792afe408bef01a5c169dcd4e98e782 Mon Sep 17 00:00:00 2001
Message-ID: <1be043d47792afe408bef01a5c169dcd4e98e782.1747908718.git.jdenemar@redhat.com>
From: Laine Stump <laine@redhat.com>
Date: Fri, 4 Apr 2025 17:16:43 -0400
Subject: [PATCH] qemu: respond to NETDEV_VHOST_USER_DISCONNECTED event
@ -25,7 +25,7 @@ src/qemu/qemu_driver.c:
processNicRxFilterChangedEvent() changed upstream (due to upstream
commit 50981052a5f)
https://issues.redhat.com/browse/RHEL-84782
https://issues.redhat.com/browse/RHEL-80169
Signed-off-by: Laine Stump <laine@redhat.com>
---
src/qemu/qemu_domain.c | 1 +
@ -38,10 +38,10 @@ Signed-off-by: Laine Stump <laine@redhat.com>
7 files changed, 64 insertions(+)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 92035dd281..95cca36fe1 100644
index 4234e4605b..cc47adb724 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -10036,6 +10036,7 @@ qemuProcessEventFree(struct qemuProcessEvent *event)
@@ -10038,6 +10038,7 @@ qemuProcessEventFree(struct qemuProcessEvent *event)
case QEMU_PROCESS_EVENT_WATCHDOG:
case QEMU_PROCESS_EVENT_DEVICE_DELETED:
case QEMU_PROCESS_EVENT_NETDEV_STREAM_DISCONNECTED:
@ -50,7 +50,7 @@ index 92035dd281..95cca36fe1 100644
case QEMU_PROCESS_EVENT_SERIAL_CHANGED:
case QEMU_PROCESS_EVENT_GUEST_CRASHLOADED:
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index e810f79599..79bdc4e8fe 100644
index 6246988491..63f422bbcb 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -465,6 +465,7 @@ typedef enum {
@ -62,7 +62,7 @@ index e810f79599..79bdc4e8fe 100644
QEMU_PROCESS_EVENT_SERIAL_CHANGED,
QEMU_PROCESS_EVENT_JOB_STATUS_CHANGE,
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 65e17a870d..d65fc542d1 100644
index 3373dfb845..b374b1978c 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -3691,6 +3691,14 @@ processNetdevStreamDisconnectedEvent(virDomainObj *vm,
@ -80,7 +80,7 @@ index 65e17a870d..d65fc542d1 100644
static void
processNicRxFilterChangedEvent(virDomainObj *vm,
const char *devAlias)
@@ -4086,6 +4094,9 @@ static void qemuProcessEventHandler(void *data, void *opaque)
@@ -4089,6 +4097,9 @@ static void qemuProcessEventHandler(void *data, void *opaque)
case QEMU_PROCESS_EVENT_NETDEV_STREAM_DISCONNECTED:
processNetdevStreamDisconnectedEvent(vm, processEvent->data);
break;
@ -185,7 +185,7 @@ index 6f9f495888..be5d3be7e6 100644
qemuMonitorJSONHandleNicRxFilterChanged(qemuMonitor *mon, virJSONValue *data)
{
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 722e982b9e..f5c277203f 100644
index ad7e99750f..2076ad8208 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -1402,6 +1402,23 @@ qemuProcessHandleNetdevStreamDisconnected(qemuMonitor *mon G_GNUC_UNUSED,

6
SOURCES/libvirt-qemu-sanitize-blank-lines-in-config-file.patch
View File

@ -1,5 +1,5 @@
From 45c1847b67d0d2996a67e65a017e1ce51b682ecc Mon Sep 17 00:00:00 2001
Message-ID: <45c1847b67d0d2996a67e65a017e1ce51b682ecc.1754419285.git.jdenemar@redhat.com>
From 6921381e6831f942029b922e6f0ef6b7ca0c6c58 Mon Sep 17 00:00:00 2001
Message-ID: <6921381e6831f942029b922e6f0ef6b7ca0c6c58.1755522824.git.jdenemar@redhat.com>
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Wed, 16 Jul 2025 16:30:52 +0100
Subject: [PATCH] qemu: sanitize blank lines in config file
@ -14,7 +14,7 @@ Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 0b9cfa791f2bd135ea36fe03fd1a8d6c8bf5e3d6)
Resolves: https://issues.redhat.com/browse/RHEL-106277
Resolves: https://issues.redhat.com/browse/RHEL-106276
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
src/qemu/qemu.conf.in | 41 ++++++++++++++++++++++++++++++++++++++---

75
SOURCES/libvirt-qemu-snapshot-error-out-early-when-reverting-snapshot-for-VM-with-non-file-disk.patch Normal file
View File

@ -0,0 +1,75 @@
From c9c9405687b78713b913c09113697fcadec1cdba Mon Sep 17 00:00:00 2001
Message-ID: <c9c9405687b78713b913c09113697fcadec1cdba.1741876175.git.jdenemar@redhat.com>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 26 Feb 2025 11:04:52 +0100
Subject: [PATCH] qemu: snapshot: error out early when reverting snapshot for
VM with non-file disk
Before this patch the code would start the revert process by destroying
the VM and preparing to revert where it would fail with following error:
error: unsupported configuration: source for disk 'sdb' is not a regular file; refusing to generate external snapshot name
and leaving user with offline VM even if it was running.
Make the check before we start the revert process to not destroy VMs.
Resolves: https://issues.redhat.com/browse/RHEL-30971
Resolves: https://issues.redhat.com/browse/RHEL-79928
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
(cherry picked from commit 278b8334eb26aa9495f6d37e4f72471cbc8739a6)
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
src/qemu/qemu_snapshot.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/src/qemu/qemu_snapshot.c b/src/qemu/qemu_snapshot.c
index 3a8510c69e..16d3aaf6e7 100644
--- a/src/qemu/qemu_snapshot.c
+++ b/src/qemu/qemu_snapshot.c
@@ -2190,6 +2190,8 @@ qemuSnapshotRevertValidate(virDomainObj *vm,
virDomainSnapshotDef *snapdef,
unsigned int flags)
{
+ size_t i;
+
if (!vm->persistent &&
snapdef->state != VIR_DOMAIN_SNAPSHOT_RUNNING &&
snapdef->state != VIR_DOMAIN_SNAPSHOT_PAUSED &&
@@ -2217,6 +2219,22 @@ qemuSnapshotRevertValidate(virDomainObj *vm,
}
}
+ /* Reverting to external snapshot creates overlay files for every disk and
+ * it would fail for non-file based disks.
+ * See qemuSnapshotRevertExternalPrepare for more details. */
+ if (virDomainSnapshotIsExternal(snap)) {
+ for (i = 0; i < snap->def->dom->ndisks; i++) {
+ virDomainDiskDef *disk = snap->def->dom->disks[i];
+
+ if (disk->src->type != VIR_STORAGE_TYPE_FILE) {
+ virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
+ _("source disk for '%1$s' is not a regular file, reverting to snapshot is not supported"),
+ disk->dst);
+ return -1;
+ }
+ }
+ }
+
return 0;
}
@@ -2368,6 +2386,9 @@ qemuSnapshotRevertExternalPrepare(virDomainObj *vm,
if (virDomainMomentDefPostParse(&tmpsnapdef->parent) < 0)
return -1;
+ /* Force default location to be external in order to create overlay files
+ * for every disk. In qemuSnapshotRevertValidate we make sure that each
+ * disk is regular file otherwise this would fail. */
if (virDomainSnapshotAlignDisks(tmpsnapdef, domdef,
VIR_DOMAIN_SNAPSHOT_LOCATION_EXTERNAL,
false, true) < 0) {
--
2.48.1

108
SOURCES/libvirt-qemu-support-MSDM-ACPI-table-type.patch Normal file
View File

@ -0,0 +1,108 @@
From d50549c9b0e601bc3a6ae5ee97d1ff2f75645f57 Mon Sep 17 00:00:00 2001
Message-ID: <d50549c9b0e601bc3a6ae5ee97d1ff2f75645f57.1742990721.git.jdenemar@redhat.com>
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Mon, 17 Feb 2025 16:58:27 +0000
Subject: [PATCH] qemu: support MSDM ACPI table type
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The MSDM ACPI table is a replacement for the SLIC table type, now
sometimes used by Microsoft for Windows Licensing checks:
https://learn.microsoft.com/en-us/previous-versions/windows/hardware/design/dn653305(v=vs.85)
Resolves: https://gitlab.com/libvirt/libvirt/-/issues/748
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 288f90feb32e38dfd246cbfb68f38caca43cef70)
Resolves: https://issues.redhat.com/browse/RHEL-81041
---
docs/formatdomain.rst | 2 +-
src/qemu/qemu_command.c | 2 +-
src/qemu/qemu_validate.c | 2 +-
tests/qemuxmlconfdata/acpi-table-many.x86_64-latest.args | 1 +
tests/qemuxmlconfdata/acpi-table-many.x86_64-latest.xml | 1 +
tests/qemuxmlconfdata/acpi-table-many.xml | 1 +
6 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index c144851b62..961d20a41d 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -500,7 +500,7 @@ These options apply to any form of booting of the guest OS.
* ``msdm``: a single ACPI table with header and data, providing
Microsoft Data Management information. The ACPI table signature
in the header will be forced to ``MSDM``
- (:since:`Since 11.2.0`).
+ (:since:`Since 11.2.0 (QEMU)`).
Each type may be used only once, except for ``raw`` which can
appear multiple times.
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 9fe191d3b9..b7d61edd19 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -133,7 +133,7 @@ VIR_ENUM_IMPL(qemuACPITableSIG,
"", /* raw */
"", /* rawset */
"SLIC",
- "");
+ "MSDM");
const char *
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index 378f502ea7..f814ee8c0d 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -731,10 +731,10 @@ qemuValidateDomainDefBoot(const virDomainDef *def,
switch (def->os.acpiTables[i]->type) {
case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_RAW:
case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_SLIC:
+ case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_MSDM:
break;
case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_RAWSET:
- case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_MSDM:
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("ACPI table type '%1$s' is not supported"),
virDomainOsACPITableTypeToString(def->os.acpiTables[i]->type));
diff --git a/tests/qemuxmlconfdata/acpi-table-many.x86_64-latest.args b/tests/qemuxmlconfdata/acpi-table-many.x86_64-latest.args
index 4d5d02cb3c..2b0b433258 100644
--- a/tests/qemuxmlconfdata/acpi-table-many.x86_64-latest.args
+++ b/tests/qemuxmlconfdata/acpi-table-many.x86_64-latest.args
@@ -30,6 +30,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-acpitable file=/var/lib/libvirt/acpi/exm2.dat \
-acpitable file=/var/lib/libvirt/acpi/exm3.dat \
-acpitable sig=SLIC,file=/var/lib/libvirt/acpi/slic.dat \
+-acpitable sig=MSDM,file=/var/lib/libvirt/acpi/msdm.dat \
-device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
diff --git a/tests/qemuxmlconfdata/acpi-table-many.x86_64-latest.xml b/tests/qemuxmlconfdata/acpi-table-many.x86_64-latest.xml
index b7f7e18d28..084bb4cda3 100644
--- a/tests/qemuxmlconfdata/acpi-table-many.x86_64-latest.xml
+++ b/tests/qemuxmlconfdata/acpi-table-many.x86_64-latest.xml
@@ -11,6 +11,7 @@
<table type='raw'>/var/lib/libvirt/acpi/exm2.dat</table>
<table type='raw'>/var/lib/libvirt/acpi/exm3.dat</table>
<table type='slic'>/var/lib/libvirt/acpi/slic.dat</table>
+ <table type='msdm'>/var/lib/libvirt/acpi/msdm.dat</table>
</acpi>
<boot dev='hd'/>
</os>
diff --git a/tests/qemuxmlconfdata/acpi-table-many.xml b/tests/qemuxmlconfdata/acpi-table-many.xml
index cc75011990..890078d4c3 100644
--- a/tests/qemuxmlconfdata/acpi-table-many.xml
+++ b/tests/qemuxmlconfdata/acpi-table-many.xml
@@ -12,6 +12,7 @@
<table type='raw'>/var/lib/libvirt/acpi/exm2.dat</table>
<table type='raw'>/var/lib/libvirt/acpi/exm3.dat</table>
<table type='slic'>/var/lib/libvirt/acpi/slic.dat</table>
+ <table type='msdm'>/var/lib/libvirt/acpi/msdm.dat</table>
</acpi>
</os>
<features>
--
2.49.0

218
SOURCES/libvirt-qemu-support-raw-ACPI-table-type.patch Normal file
View File

@ -0,0 +1,218 @@
From b83e3e1644dc33a41fa4ccd62407aeca218bbd4c Mon Sep 17 00:00:00 2001
Message-ID: <b83e3e1644dc33a41fa4ccd62407aeca218bbd4c.1742990721.git.jdenemar@redhat.com>
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Wed, 26 Feb 2025 19:10:42 +0000
Subject: [PATCH] qemu: support 'raw' ACPI table type
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This allows passing a single ACPI table of any type through to QEMU with
the signture autodetected from the header.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit fe0cf62e0f8a6c4bbc2f297f46761f41691e3193)
Resolves: https://issues.redhat.com/browse/RHEL-81041
---
docs/formatdomain.rst | 2 +-
src/qemu/qemu_command.c | 6 ++-
src/qemu/qemu_validate.c | 2 +-
.../acpi-table-many.x86_64-latest.args | 36 ++++++++++++++++
.../acpi-table-many.x86_64-latest.xml | 41 +++++++++++++++++++
tests/qemuxmlconfdata/acpi-table-many.xml | 33 +++++++++++++++
tests/qemuxmlconftest.c | 1 +
7 files changed, 117 insertions(+), 4 deletions(-)
create mode 100644 tests/qemuxmlconfdata/acpi-table-many.x86_64-latest.args
create mode 100644 tests/qemuxmlconfdata/acpi-table-many.x86_64-latest.xml
create mode 100644 tests/qemuxmlconfdata/acpi-table-many.xml
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index b6e162235c..ff06efb69f 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -489,7 +489,7 @@ These options apply to any form of booting of the guest OS.
file:
* ``raw``: a single ACPI table with header and data, with ACPI
- signature auto-detected from header (:since:`Since 11.2.0`).
+ signature auto-detected from header (:since:`Since 11.2.0 (QEMU)`).
* ``rawset``: concatenation of multiple ACPI tables with header
and data, each with any ACPI signature, auto-detected from header
(:since:`Since 11.2.0`).
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 94fb7fc4c2..adf7b21b14 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -6011,9 +6011,11 @@ qemuBuildBootCommandLine(virCommand *cmd,
virCommandAddArgList(cmd, "-dtb", def->os.dtb, NULL);
for (i = 0; i < def->os.nacpiTables; i++) {
g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
+ const char *sig = qemuACPITableSIGTypeToString(def->os.acpiTables[i]->type);
virCommandAddArg(cmd, "-acpitable");
- virBufferAsprintf(&buf, "sig=%s,file=",
- qemuACPITableSIGTypeToString(def->os.acpiTables[i]->type));
+ if (*sig != '\0')
+ virBufferAsprintf(&buf, "sig=%s,", sig);
+ virBufferAddLit(&buf, "file=");
virQEMUBuildBufferEscapeComma(&buf, def->os.acpiTables[i]->path);
virCommandAddArgBuffer(cmd, &buf);
}
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index 8ef0257d73..b088e54dd0 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -729,10 +729,10 @@ qemuValidateDomainDefBoot(const virDomainDef *def,
for (i = 0; i < def->os.nacpiTables; i++) {
switch (def->os.acpiTables[i]->type) {
+ case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_RAW:
case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_SLIC:
break;
- case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_RAW:
case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_RAWSET:
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("ACPI table type '%1$s' is not supported"),
diff --git a/tests/qemuxmlconfdata/acpi-table-many.x86_64-latest.args b/tests/qemuxmlconfdata/acpi-table-many.x86_64-latest.args
new file mode 100644
index 0000000000..4d5d02cb3c
--- /dev/null
+++ b/tests/qemuxmlconfdata/acpi-table-many.x86_64-latest.args
@@ -0,0 +1,36 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1 \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.local/share \
+XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.cache \
+XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=QEMUGuest1,debug-threads=on \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-QEMUGuest1/master-key.aes"}' \
+-machine pc,usb=off,dump-guest-core=off,memory-backend=pc.ram,acpi=on \
+-accel tcg \
+-cpu qemu64 \
+-m size=219136k \
+-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":224395264}' \
+-overcommit mem-lock=off \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-boot strict=on \
+-acpitable file=/var/lib/libvirt/acpi/exm1.dat \
+-acpitable file=/var/lib/libvirt/acpi/exm2.dat \
+-acpitable file=/var/lib/libvirt/acpi/exm3.dat \
+-acpitable sig=SLIC,file=/var/lib/libvirt/acpi/slic.dat \
+-device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}' \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+-msg timestamp=on
diff --git a/tests/qemuxmlconfdata/acpi-table-many.x86_64-latest.xml b/tests/qemuxmlconfdata/acpi-table-many.x86_64-latest.xml
new file mode 100644
index 0000000000..b7f7e18d28
--- /dev/null
+++ b/tests/qemuxmlconfdata/acpi-table-many.x86_64-latest.xml
@@ -0,0 +1,41 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='x86_64' machine='pc'>hvm</type>
+ <acpi>
+ <table type='raw'>/var/lib/libvirt/acpi/exm1.dat</table>
+ <table type='raw'>/var/lib/libvirt/acpi/exm2.dat</table>
+ <table type='raw'>/var/lib/libvirt/acpi/exm3.dat</table>
+ <table type='slic'>/var/lib/libvirt/acpi/slic.dat</table>
+ </acpi>
+ <boot dev='hd'/>
+ </os>
+ <features>
+ <acpi/>
+ </features>
+ <cpu mode='custom' match='exact' check='none'>
+ <model fallback='forbid'>qemu64</model>
+ </cpu>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' index='0' model='piix3-uhci'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
+ </controller>
+ <controller type='ide' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
+ </controller>
+ <controller type='pci' index='0' model='pci-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <audio id='1' type='none'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxmlconfdata/acpi-table-many.xml b/tests/qemuxmlconfdata/acpi-table-many.xml
new file mode 100644
index 0000000000..cc75011990
--- /dev/null
+++ b/tests/qemuxmlconfdata/acpi-table-many.xml
@@ -0,0 +1,33 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='x86_64' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ <acpi>
+ <table type='raw'>/var/lib/libvirt/acpi/exm1.dat</table>
+ <table type='raw'>/var/lib/libvirt/acpi/exm2.dat</table>
+ <table type='raw'>/var/lib/libvirt/acpi/exm3.dat</table>
+ <table type='slic'>/var/lib/libvirt/acpi/slic.dat</table>
+ </acpi>
+ </os>
+ <features>
+ <acpi/>
+ </features>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' index='0'/>
+ <controller type='ide' index='0'/>
+ <controller type='pci' index='0' model='pci-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
index 3947f508a2..2007944c29 100644
--- a/tests/qemuxmlconftest.c
+++ b/tests/qemuxmlconftest.c
@@ -2767,6 +2767,7 @@ mymain(void)
DO_TEST_CAPS_LATEST_PARSE_ERROR("usb-too-long-port-path-invalid");
DO_TEST_CAPS_LATEST("acpi-table");
+ DO_TEST_CAPS_LATEST("acpi-table-many");
DO_TEST_CAPS_LATEST("intel-iommu");
DO_TEST_CAPS_LATEST("intel-iommu-caching-mode");
--
2.49.0

44
SOURCES/libvirt-qemuDomainBlockCopyCommon-Don-t-revoke-access-to-file-twice-on-failure.patch Normal file
View File

@ -0,0 +1,44 @@
From bedbe8dd400e242ad346910bc2bdbfb1e6969fdf Mon Sep 17 00:00:00 2001
Message-ID: <bedbe8dd400e242ad346910bc2bdbfb1e6969fdf.1744876588.git.jdenemar@redhat.com>
From: Peter Krempa <pkrempa@redhat.com>
Date: Thu, 10 Apr 2025 16:18:29 +0200
Subject: [PATCH] qemuDomainBlockCopyCommon: Don't revoke access to file twice
on failure
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
If the copy job fails to start up when calling the 'blockdev-mirror'
command the code would call qemuDomainStorageSourceChainAccessRevoke()
twice; once right after the monitor call and the second time in the
'endjob' section.
Remove the one directly after the monitor call and let the common
cleanup handle it.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 68a83cac64b90b7069e6213d70a2faadb552cb80)
https://issues.redhat.com/browse/RHEL-7357
---
src/qemu/qemu_driver.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 4c6eff9286..8a354a606a 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -14413,10 +14413,8 @@ qemuDomainBlockCopyCommon(virDomainObj *vm,
virDomainAuditDisk(vm, NULL, mirror, "mirror", ret >= 0);
qemuDomainObjExitMonitor(vm);
- if (ret < 0) {
- qemuDomainStorageSourceChainAccessRevoke(driver, vm, mirror);
+ if (ret < 0)
goto endjob;
- }
/* Update vm in place to match changes. */
need_unlink = false;
--
2.49.0

6
SOURCES/libvirt-qemuMonitorJSONGetCPUModelExpansion-refactor-parsing-functions.patch
View File

@ -1,5 +1,5 @@
From f8d0bc9f59fbf4f7968e65bbbc7094699a495f84 Mon Sep 17 00:00:00 2001
Message-ID: <f8d0bc9f59fbf4f7968e65bbbc7094699a495f84.1749027246.git.jdenemar@redhat.com>
From 19e552685d72cf3c8064c56ee9bce5859303da25 Mon Sep 17 00:00:00 2001
Message-ID: <19e552685d72cf3c8064c56ee9bce5859303da25.1749039441.git.jdenemar@redhat.com>
From: Collin Walling <walling@linux.ibm.com>
Date: Mon, 16 Dec 2024 18:03:52 -0500
Subject: [PATCH] qemuMonitorJSONGetCPUModelExpansion: refactor parsing
@ -16,7 +16,7 @@ Signed-off-by: Collin Walling <walling@linux.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit 60e407deb5cd88e5f1564d1c9145e374001cf34f)
JIRA: https://issues.redhat.com/browse/RHEL-89977
JIRA: https://issues.redhat.com/browse/RHEL-89415
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
src/qemu/qemu_monitor_json.c | 46 ++++++++++++++++++++++++++++++------

10
SOURCES/libvirt-qemuPrepareNVRAMFile-Fix-NVRAM-image-conversion-check.patch
View File

@ -1,5 +1,5 @@
From 164d32e435c715b71b0d604d3f4e2d09ceb52bac Mon Sep 17 00:00:00 2001
Message-ID: <164d32e435c715b71b0d604d3f4e2d09ceb52bac.1750849847.git.jdenemar@redhat.com>
From 6e265f4f5faa468497e9bbdd86701d17480fcd38 Mon Sep 17 00:00:00 2001
Message-ID: <6e265f4f5faa468497e9bbdd86701d17480fcd38.1750259242.git.jdenemar@redhat.com>
From: Peter Krempa <pkrempa@redhat.com>
Date: Fri, 28 Feb 2025 14:00:23 +0100
Subject: [PATCH] qemuPrepareNVRAMFile: Fix NVRAM image conversion check
@ -23,14 +23,14 @@ Fixes: 2aa644a2fc8
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit e088895a6246ac3b7f160e1895f2940c4b13b0cc)
https://issues.redhat.com/browse/RHEL-97757
https://issues.redhat.com/browse/RHEL-97758
---
src/conf/domain_conf.h | 7 +++++++
src/qemu/qemu_process.c | 5 ++++-
2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 2d38e8fa51..10b00e2403 100644
index 961b7b056c..20be6f7c05 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2361,6 +2361,13 @@ struct _virDomainLoaderDef {
@ -48,7 +48,7 @@ index 2d38e8fa51..10b00e2403 100644
};
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 16b8991c3c..8bddb415ac 100644
index 64683ecfe0..a78aa8569d 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -4727,7 +4727,10 @@ qemuPrepareNVRAMFile(virQEMUDriver *driver,

14
SOURCES/libvirt-qemuValidateDomainDeviceDefNetwork-Require-shared-memory-for-all-vhost-user-interfaces.patch
View File

@ -1,5 +1,5 @@
From 3c84583ea0d1d1d4e1ca7c0dd228c60538b8270a Mon Sep 17 00:00:00 2001
Message-ID: <3c84583ea0d1d1d4e1ca7c0dd228c60538b8270a.1754419286.git.jdenemar@redhat.com>
From 5337b43f308c025977311d700b2bd89dfc848b0c Mon Sep 17 00:00:00 2001
Message-ID: <5337b43f308c025977311d700b2bd89dfc848b0c.1742990721.git.jdenemar@redhat.com>
From: Peter Krempa <pkrempa@redhat.com>
Date: Tue, 11 Mar 2025 09:01:12 +0100
Subject: [PATCH] qemuValidateDomainDeviceDefNetwork: Require shared memory for
@ -18,17 +18,17 @@ Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 0d20632179e1a61903f30986215bef53b0f912f6)
https://issues.redhat.com/browse/RHEL-106504
https://issues.redhat.com/browse/RHEL-84133
---
src/qemu/qemu_validate.c | 9 +++------
.../net-vhostuser-passt-no-shmem.x86_64-latest.err | 2 +-
2 files changed, 4 insertions(+), 7 deletions(-)
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index 289a3f94cc..3572dd70cb 100644
index f814ee8c0d..1c61038f93 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -1805,12 +1805,6 @@ qemuValidateDomainDeviceDefNetwork(const virDomainNetDef *net,
@@ -1828,12 +1828,6 @@ qemuValidateDomainDeviceDefNetwork(const virDomainNetDef *net,
return -1;
}
@ -41,7 +41,7 @@ index 289a3f94cc..3572dd70cb 100644
if (net->type == VIR_DOMAIN_NET_TYPE_VDPA) {
if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_NETDEV_VHOST_VDPA)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
@@ -1834,6 +1828,9 @@ qemuValidateDomainDeviceDefNetwork(const virDomainNetDef *net,
@@ -1857,6 +1851,9 @@ qemuValidateDomainDeviceDefNetwork(const virDomainNetDef *net,
_("'reconnect' attribute is not supported when source mode='server' for <interface type='vhostuser'>"));
return -1;
}
@ -59,4 +59,4 @@ index 274af5c722..babde17518 100644
-unsupported configuration: 'interface type="vhostuser" backend type="passt"' requires shared memory
+unsupported configuration: 'interface' requires shared memory
--
2.50.1
2.49.0

6
SOURCES/libvirt-qemu_agent-Add-qemuAgentGetLoadAvg.patch
View File

@ -1,5 +1,5 @@
From 4e04c0a27ced260053815b2348474ef7226aabb7 Mon Sep 17 00:00:00 2001
Message-ID: <4e04c0a27ced260053815b2348474ef7226aabb7.1745925135.git.jdenemar@redhat.com>
From 8c10ceadcb2c32217b90277ee73f1eb990c67cbc Mon Sep 17 00:00:00 2001
Message-ID: <8c10ceadcb2c32217b90277ee73f1eb990c67cbc.1747908717.git.jdenemar@redhat.com>
From: Martin Kletzander <mkletzan@redhat.com>
Date: Tue, 25 Feb 2025 15:23:07 +0100
Subject: [PATCH] qemu_agent: Add qemuAgentGetLoadAvg()
@ -11,7 +11,7 @@ Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
(cherry picked from commit 1669d91eade46b930ebb44e4b9d398ea8c2064e7)
https://issues.redhat.com/browse/RHEL-88449
https://issues.redhat.com/browse/RHEL-88447
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
---

409
SOURCES/libvirt-qemu_capabilities-Fetch-caps-for-virtio-mem-ccw-too.patch Normal file
View File

@ -0,0 +1,409 @@
From 6d104057ac63fed07c493e2a73694503ac0ef0f1 Mon Sep 17 00:00:00 2001
Message-ID: <6d104057ac63fed07c493e2a73694503ac0ef0f1.1747908717.git.jdenemar@redhat.com>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Wed, 7 May 2025 14:32:52 +0200
Subject: [PATCH] qemu_capabilities: Fetch caps for virtio-mem-ccw too
While with upstream QEMU it's impossible to have virtio-mem-ccw and not
have virtio-mem-pci, in RHEL the QEMU's build system is patched to make
that possible. But this breaks our assumption when fetching
capabilities.
Well, just do what we are already doing in this situation (e.g.
"virtio-blk-pci"/"virtio-blk-ccw" & virQEMUCapsDevicePropsVirtioBlk, or
"virtio-scsi-pci"/"virtio-net-ccw" & virQEMUCapsDevicePropsVirtioSCSI):
fetch the same set of props for both devices.
Resolves: https://issues.redhat.com/browse/RHEL-87532
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
(cherry picked from commit 6ff8d08777ebbcb9a1e11534c3a3341fbf0343e8)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Conflicts:
tests/qemucapabilitiesdata/caps_10.0.0_s390x.replies: Context,
becuase v11.3.0-28-g670aae6cda is not backported.
---
src/qemu/qemu_capabilities.c | 4 +
.../caps_10.0.0_s390x.replies | 202 +++++++++++++++---
2 files changed, 182 insertions(+), 24 deletions(-)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 1a9cf72482..b507027667 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -1546,6 +1546,7 @@ static struct virQEMUCapsDevicePropsFlags virQEMUCapsDevicePropsVhostUserFS[] =
{ "bootindex", QEMU_CAPS_VHOST_USER_FS_BOOTINDEX, NULL },
};
+/* This is used also for QEMU_CAPS_DEVICE_VIRTIO_MEM_CCW */
static struct virQEMUCapsDevicePropsFlags virQEMUCapsDevicePropsVirtioMemPCI[] = {
{ "prealloc", QEMU_CAPS_DEVICE_VIRTIO_MEM_PCI_PREALLOC, NULL },
{ "dynamic-memslots", QEMU_CAPS_DEVICE_VIRTIO_MEM_PCI_DYNAMIC_MEMSLOTS, NULL },
@@ -1714,6 +1715,9 @@ static virQEMUCapsDeviceTypeProps virQEMUCapsDeviceProps[] = {
{ "virtio-mem-pci", virQEMUCapsDevicePropsVirtioMemPCI,
G_N_ELEMENTS(virQEMUCapsDevicePropsVirtioMemPCI),
QEMU_CAPS_DEVICE_VIRTIO_MEM_PCI },
+ { "virtio-mem-ccw", virQEMUCapsDevicePropsVirtioMemPCI,
+ G_N_ELEMENTS(virQEMUCapsDevicePropsVirtioMemPCI),
+ QEMU_CAPS_DEVICE_VIRTIO_MEM_CCW },
{ "virtio-iommu-pci", virQEMUCapsDevicePropsVirtioIOMMU,
G_N_ELEMENTS(virQEMUCapsDevicePropsVirtioIOMMU),
QEMU_CAPS_DEVICE_VIRTIO_IOMMU_PCI },
diff --git a/tests/qemucapabilitiesdata/caps_10.0.0_s390x.replies b/tests/qemucapabilitiesdata/caps_10.0.0_s390x.replies
index 05b13b2d2b..18f098153d 100644
--- a/tests/qemucapabilitiesdata/caps_10.0.0_s390x.replies
+++ b/tests/qemucapabilitiesdata/caps_10.0.0_s390x.replies
@@ -29500,11 +29500,165 @@
{
"execute": "device-list-properties",
"arguments": {
- "typename": "virtio-iommu-pci"
+ "typename": "virtio-mem-ccw"
},
"id": "libvirt-30"
}
+{
+ "return": [
+ {
+ "name": "dev_id",
+ "description": "Read-only identifier of an I/O device in the channel subsystem, example: fe.1.23ab",
+ "type": "str"
+ },
+ {
+ "name": "devno",
+ "description": "Identifier of an I/O device in the channel subsystem, example: fe.1.23ab",
+ "type": "str"
+ },
+ {
+ "name": "subch_id",
+ "description": "Read-only identifier of an I/O device in the channel subsystem, example: fe.1.23ab",
+ "type": "str"
+ },
+ {
+ "default-value": 2,
+ "name": "max_revision",
+ "type": "uint32"
+ },
+ {
+ "default-value": true,
+ "name": "ioeventfd",
+ "description": "on/off",
+ "type": "bool"
+ },
+ {
+ "default-value": 0,
+ "name": "memaddr",
+ "type": "uint64"
+ },
+ {
+ "default-value": true,
+ "name": "indirect_desc",
+ "description": "on/off",
+ "type": "bool"
+ },
+ {
+ "default-value": false,
+ "name": "iommu_platform",
+ "description": "on/off",
+ "type": "bool"
+ },
+ {
+ "name": "memdev",
+ "type": "link<memory-backend>"
+ },
+ {
+ "default-value": true,
+ "name": "event_idx",
+ "description": "on/off",
+ "type": "bool"
+ },
+ {
+ "default-value": true,
+ "name": "x-early-migration",
+ "description": "on/off",
+ "type": "bool"
+ },
+ {
+ "default-value": 0,
+ "name": "node",
+ "type": "uint32"
+ },
+ {
+ "name": "requested-size",
+ "type": "size"
+ },
+ {
+ "default-value": true,
+ "name": "any_layout",
+ "description": "on/off",
+ "type": "bool"
+ },
+ {
+ "default-value": false,
+ "name": "x-disable-legacy-check",
+ "description": "on/off",
+ "type": "bool"
+ },
+ {
+ "default-value": true,
+ "name": "queue_reset",
+ "description": "on/off",
+ "type": "bool"
+ },
+ {
+ "default-value": true,
+ "name": "notify_on_empty",
+ "description": "on/off",
+ "type": "bool"
+ },
+ {
+ "default-value": false,
+ "name": "packed",
+ "description": "on/off",
+ "type": "bool"
+ },
+ {
+ "name": "block-size",
+ "type": "size"
+ },
+ {
+ "default-value": false,
+ "name": "prealloc",
+ "description": "on/off",
+ "type": "bool"
+ },
+ {
+ "default-value": true,
+ "name": "use-started",
+ "description": "on/off",
+ "type": "bool"
+ },
+ {
+ "default-value": false,
+ "name": "in_order",
+ "description": "on/off",
+ "type": "bool"
+ },
+ {
+ "name": "size",
+ "type": "size"
+ },
+ {
+ "default-value": true,
+ "name": "use-disabled-flag",
+ "description": "on/off",
+ "type": "bool"
+ },
+ {
+ "default-value": true,
+ "name": "dynamic-memslots",
+ "description": "on/off",
+ "type": "bool"
+ },
+ {
+ "name": "virtio-backend",
+ "type": "child<virtio-mem>"
+ }
+ ],
+ "id": "libvirt-30"
+}
+
+{
+ "execute": "device-list-properties",
+ "arguments": {
+ "typename": "virtio-iommu-pci"
+ },
+ "id": "libvirt-31"
+}
+
{
"return": [
{
@@ -29774,7 +29928,7 @@
"type": "child<virtio-iommu-device>"
}
],
- "id": "libvirt-30"
+ "id": "libvirt-31"
}
{
@@ -29782,7 +29936,7 @@
"arguments": {
"typename": "virtio-blk-ccw"
},
- "id": "libvirt-31"
+ "id": "libvirt-32"
}
{
@@ -30065,7 +30219,7 @@
"type": "bool"
}
],
- "id": "libvirt-31"
+ "id": "libvirt-32"
}
{
@@ -30073,7 +30227,7 @@
"arguments": {
"typename": "memory-backend-file"
},
- "id": "libvirt-32"
+ "id": "libvirt-33"
}
{
@@ -30163,7 +30317,7 @@
"type": "bool"
}
],
- "id": "libvirt-32"
+ "id": "libvirt-33"
}
{
@@ -30171,7 +30325,7 @@
"arguments": {
"typename": "memory-backend-memfd"
},
- "id": "libvirt-33"
+ "id": "libvirt-34"
}
{
@@ -30250,12 +30404,12 @@
"type": "int"
}
],
- "id": "libvirt-33"
+ "id": "libvirt-34"
}
{
"execute": "query-machines",
- "id": "libvirt-34"
+ "id": "libvirt-35"
}
{
@@ -30530,7 +30684,7 @@
"default-ram-id": "s390.ram"
}
],
- "id": "libvirt-34"
+ "id": "libvirt-35"
}
{
@@ -30538,7 +30692,7 @@
"arguments": {
"typename": "none-machine"
},
- "id": "libvirt-35"
+ "id": "libvirt-36"
}
{
@@ -30653,12 +30807,12 @@
"type": "bool"
}
],
- "id": "libvirt-35"
+ "id": "libvirt-36"
}
{
"execute": "query-cpu-definitions",
- "id": "libvirt-36"
+ "id": "libvirt-37"
}
{
@@ -31368,32 +31522,32 @@
"deprecated": false
}
],
- "id": "libvirt-36"
+ "id": "libvirt-37"
}
{
"execute": "query-tpm-models",
- "id": "libvirt-37"
+ "id": "libvirt-38"
}
{
"return": [],
- "id": "libvirt-37"
+ "id": "libvirt-38"
}
{
"execute": "query-tpm-types",
- "id": "libvirt-38"
+ "id": "libvirt-39"
}
{
"return": [],
- "id": "libvirt-38"
+ "id": "libvirt-39"
}
{
"execute": "query-command-line-options",
- "id": "libvirt-39"
+ "id": "libvirt-40"
}
{
@@ -32646,12 +32800,12 @@
"option": "drive"
}
],
- "id": "libvirt-39"
+ "id": "libvirt-40"
}
{
"execute": "query-migrate-capabilities",
- "id": "libvirt-40"
+ "id": "libvirt-41"
}
{
@@ -32745,7 +32899,7 @@
"capability": "mapped-ram"
}
],
- "id": "libvirt-40"
+ "id": "libvirt-41"
}
{
@@ -32756,7 +32910,7 @@
"name": "host"
}
},
- "id": "libvirt-41"
+ "id": "libvirt-42"
}
{
@@ -32828,7 +32982,7 @@
}
}
},
- "id": "libvirt-41"
+ "id": "libvirt-42"
}
{
--
2.49.0

20
SOURCES/libvirt-qemu_capabilities-filter-deprecated-features-if-requested.patch
View File

@ -1,5 +1,5 @@
From 100a38a10efa35bc78ae4874f10bca79616fac18 Mon Sep 17 00:00:00 2001
Message-ID: <100a38a10efa35bc78ae4874f10bca79616fac18.1749027246.git.jdenemar@redhat.com>
From 637590711a1e9aaf304e8a6c8ec57adcb0272cca Mon Sep 17 00:00:00 2001
Message-ID: <637590711a1e9aaf304e8a6c8ec57adcb0272cca.1749039441.git.jdenemar@redhat.com>
From: Collin Walling <walling@linux.ibm.com>
Date: Mon, 16 Dec 2024 18:03:56 -0500
Subject: [PATCH] qemu_capabilities: filter deprecated features if requested
@ -12,7 +12,7 @@ model features will be updated to set any deprecated features to the
Signed-off-by: Collin Walling <walling@linux.ibm.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit cd1e837c22182dcadfe17b469c931f9fc9745a46)
JIRA: https://issues.redhat.com/browse/RHEL-89977
JIRA: https://issues.redhat.com/browse/RHEL-89415
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
src/qemu/qemu_capabilities.c | 20 ++++++++++++++++++++
@ -21,10 +21,10 @@ Signed-off-by: Thomas Huth <thuth@redhat.com>
3 files changed, 30 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 30af8721ee..651a4e7e54 100644
index b17c582b5e..6bff55f58e 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -3334,6 +3334,26 @@ virQEMUCapsGetCPUFeatures(virQEMUCaps *qemuCaps,
@@ -3340,6 +3340,26 @@ virQEMUCapsGetCPUFeatures(virQEMUCaps *qemuCaps,
}
@ -52,10 +52,10 @@ index 30af8721ee..651a4e7e54 100644
int type;
virQEMUCapsFlags caps;
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index b37f1f0b14..c4b0229f0b 100644
index d2bccc0e2a..8de392bf0f 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -767,6 +767,9 @@ int virQEMUCapsGetCPUFeatures(virQEMUCaps *qemuCaps,
@@ -768,6 +768,9 @@ int virQEMUCapsGetCPUFeatures(virQEMUCaps *qemuCaps,
virDomainVirtType virtType,
bool migratable,
char ***features);
@ -66,10 +66,10 @@ index b37f1f0b14..c4b0229f0b 100644
virDomainVirtType virQEMUCapsGetVirtType(virQEMUCaps *qemuCaps);
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 3e194999fe..e31c4e613c 100644
index b374b1978c..13e2838f19 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -16543,7 +16543,8 @@ qemuConnectGetDomainCapabilities(virConnectPtr conn,
@@ -16544,7 +16544,8 @@ qemuConnectGetDomainCapabilities(virConnectPtr conn,
virDomainVirtType virttype;
g_autoptr(virDomainCaps) domCaps = NULL;
@ -79,7 +79,7 @@ index 3e194999fe..e31c4e613c 100644
if (virConnectGetDomainCapabilitiesEnsureACL(conn) < 0)
return NULL;
@@ -16562,6 +16563,11 @@ qemuConnectGetDomainCapabilities(virConnectPtr conn,
@@ -16563,6 +16564,11 @@ qemuConnectGetDomainCapabilities(virConnectPtr conn,
arch, virttype)))
return NULL;

46
SOURCES/libvirt-qemu_capabilities-query-deprecated-features-for-host-model.patch
View File

@ -1,5 +1,5 @@
From 9da8c1095b227097dc71f48da3caa7e172597c36 Mon Sep 17 00:00:00 2001
Message-ID: <9da8c1095b227097dc71f48da3caa7e172597c36.1749027246.git.jdenemar@redhat.com>
From 3620d993bb09b10d6e6e9e44a4a5fdf13a6d3da5 Mon Sep 17 00:00:00 2001
Message-ID: <3620d993bb09b10d6e6e9e44a4a5fdf13a6d3da5.1749039441.git.jdenemar@redhat.com>
From: Collin Walling <walling@linux.ibm.com>
Date: Mon, 16 Dec 2024 18:03:54 -0500
Subject: [PATCH] qemu_capabilities: query deprecated features for host-model
@ -25,35 +25,38 @@ Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit 51c098347d7f2af9b4386ac0adc4431997d06f3d)
JIRA: https://issues.redhat.com/browse/RHEL-89977
JIRA: https://issues.redhat.com/browse/RHEL-89415
Conflicts:
src/qemu/qemu_capabilities.*
(contextual conflict due to earlier out-of-order backport)
(contextual conflict due to different amount of caps in downstream)
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
src/qemu/qemu_capabilities.c | 40 ++
src/qemu/qemu_capabilities.h | 3 +
src/qemu/qemu_capabilities.c | 40 +-
src/qemu/qemu_capabilities.h | 3 +-
.../caps_9.1.0_s390x.replies | 348 +++++++++++++++++-
.../qemucapabilitiesdata/caps_9.1.0_s390x.xml | 7 +
.../caps_9.2.0_s390x.replies | 348 +++++++++++++++++-
.../qemucapabilitiesdata/caps_9.2.0_s390x.xml | 7 +
6 files changed, 749 insertions(+), 4 deletions(-)
6 files changed, 747 insertions(+), 6 deletions(-)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 50df7aeaf7..30af8721ee 100644
index b1faea3ac7..b17c582b5e 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -721,6 +721,9 @@ VIR_ENUM_IMPL(virQEMUCaps,
@@ -721,10 +721,11 @@ VIR_ENUM_IMPL(virQEMUCaps,
"chardev-reconnect-miliseconds", /* QEMU_CAPS_CHARDEV_RECONNECT_MILISECONDS */
"virtio-ccw.loadparm", /* QEMU_CAPS_VIRTIO_CCW_DEVICE_LOADPARM */
"netdev-stream-reconnect-miliseconds", /* QEMU_CAPS_NETDEV_STREAM_RECONNECT_MILISECONDS */
- "blockdev-set-active", /* QEMU_CAPS_BLOCKDEV_SET_ACTIVE */
+ "query-cpu-model-expansion.deprecated-props", /* QEMU_CAPS_QUERY_CPU_MODEL_EXPANSION_DEPRECATED_PROPS */
+
+ /* 470 */
"blockdev-set-active", /* QEMU_CAPS_BLOCKDEV_SET_ACTIVE */
/* 470 */
"virtio-mem-ccw", /* QEMU_CAPS_DEVICE_VIRTIO_MEM_CCW */
+ "blockdev-set-active", /* QEMU_CAPS_BLOCKDEV_SET_ACTIVE */
);
@@ -1596,6 +1599,7 @@ static struct virQEMUCapsStringFlags virQEMUCapsQMPSchemaQueries[] = {
@@ -1601,6 +1602,7 @@ static struct virQEMUCapsStringFlags virQEMUCapsQMPSchemaQueries[] = {
{ "screendump/arg-type/device", QEMU_CAPS_SCREENDUMP_DEVICE },
{ "screendump/arg-type/format/^png", QEMU_CAPS_SCREENSHOT_FORMAT_PNG },
{ "set-numa-node/arg-type/+hmat-lb", QEMU_CAPS_NUMA_HMAT },
@ -61,7 +64,7 @@ index 50df7aeaf7..30af8721ee 100644
};
typedef struct _virQEMUCapsObjectTypeProps virQEMUCapsObjectTypeProps;
@@ -3152,6 +3156,38 @@ virQEMUCapsProbeHypervCapabilities(virQEMUCaps *qemuCaps,
@@ -3160,6 +3162,38 @@ virQEMUCapsProbeHypervCapabilities(virQEMUCaps *qemuCaps,
}
@ -100,7 +103,7 @@ index 50df7aeaf7..30af8721ee 100644
static int
virQEMUCapsProbeQMPHostCPU(virQEMUCaps *qemuCaps,
virQEMUCapsAccel *accel,
@@ -3233,6 +3269,10 @@ virQEMUCapsProbeQMPHostCPU(virQEMUCaps *qemuCaps,
@@ -3241,6 +3275,10 @@ virQEMUCapsProbeQMPHostCPU(virQEMUCaps *qemuCaps,
modelInfo->migratability = true;
}
@ -112,19 +115,22 @@ index 50df7aeaf7..30af8721ee 100644
(ARCH_IS_X86(qemuCaps->arch) || ARCH_IS_ARM(qemuCaps->arch))) {
g_autoptr(qemuMonitorCPUModelInfo) fullQEMU = NULL;
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index e93e6a01cc..b37f1f0b14 100644
index 6467a09796..d2bccc0e2a 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -700,6 +700,9 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */
@@ -700,10 +700,11 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */
QEMU_CAPS_CHARDEV_RECONNECT_MILISECONDS, /* 'reconnect-ms' option for chardevs supported */
QEMU_CAPS_VIRTIO_CCW_DEVICE_LOADPARM, /* loadparm available on CCW device for multi device boot */
QEMU_CAPS_NETDEV_STREAM_RECONNECT_MILISECONDS, /* 'reconnect-ms' option for netdev stream supported */
- QEMU_CAPS_BLOCKDEV_SET_ACTIVE, /* blockdev-set-active QMP command supported */
+ QEMU_CAPS_QUERY_CPU_MODEL_EXPANSION_DEPRECATED_PROPS, /* query-cpu-model-expansion may report deprecated CPU properties */
+
+ /* 470 */
QEMU_CAPS_BLOCKDEV_SET_ACTIVE, /* blockdev-set-active QMP command supported */
/* 470 */
QEMU_CAPS_DEVICE_VIRTIO_MEM_CCW, /* -device virtio-mem-ccw */
+ QEMU_CAPS_BLOCKDEV_SET_ACTIVE, /* blockdev-set-active QMP command supported */
QEMU_CAPS_LAST /* this must always be the last item */
} virQEMUCapsFlags;
diff --git a/tests/qemucapabilitiesdata/caps_9.1.0_s390x.replies b/tests/qemucapabilitiesdata/caps_9.1.0_s390x.replies
index 2d4ab8ed75..0a523ba47e 100644
--- a/tests/qemucapabilitiesdata/caps_9.1.0_s390x.replies

76
SOURCES/libvirt-qemu_caps-Introduce-QEMU_CAPS_DEVICE_VIRTIO_MEM_CCW.patch Normal file
View File

@ -0,0 +1,76 @@
From 4cf058f2a32fac160803b45c818d798ff268b172 Mon Sep 17 00:00:00 2001
Message-ID: <4cf058f2a32fac160803b45c818d798ff268b172.1744876588.git.jdenemar@redhat.com>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Wed, 15 Jan 2025 10:46:16 +0100
Subject: [PATCH] qemu_caps: Introduce QEMU_CAPS_DEVICE_VIRTIO_MEM_CCW
This capability tracks whether QEMU supports virtio-mem-ccw
device. Introduced in QEMU commit v9.2.0-492-gaa910c20ec only
upcoming release of QEMU supports the device.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
(cherry picked from commit a46e33a92597ed03147e7f6a0c674cda55a0ec52)
Conflicts:
src/qemu/qemu_capabilities.c: Upstream has more caps added meanwhile.
src/qemu/qemu_capabilities.h: Ditto.
Resolves: https://issues.redhat.com/browse/RHEL-72976
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_capabilities.c | 4 ++++
src/qemu/qemu_capabilities.h | 3 +++
tests/qemucapabilitiesdata/caps_10.0.0_s390x.xml | 1 +
3 files changed, 8 insertions(+)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 65e19965dd..1a9cf72482 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -722,6 +722,9 @@ VIR_ENUM_IMPL(virQEMUCaps,
"virtio-ccw.loadparm", /* QEMU_CAPS_VIRTIO_CCW_DEVICE_LOADPARM */
"netdev-stream-reconnect-miliseconds", /* QEMU_CAPS_NETDEV_STREAM_RECONNECT_MILISECONDS */
"blockdev-set-active", /* QEMU_CAPS_BLOCKDEV_SET_ACTIVE */
+
+ /* 470 */
+ "virtio-mem-ccw", /* QEMU_CAPS_DEVICE_VIRTIO_MEM_CCW */
);
@@ -1411,6 +1414,7 @@ struct virQEMUCapsStringFlags virQEMUCapsObjectTypes[] = {
{ "virtio-sound-device", QEMU_CAPS_DEVICE_VIRTIO_SOUND },
{ "sev-snp-guest", QEMU_CAPS_SEV_SNP_GUEST },
{ "acpi-erst", QEMU_CAPS_DEVICE_ACPI_ERST },
+ { "virtio-mem-ccw", QEMU_CAPS_DEVICE_VIRTIO_MEM_CCW },
};
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index e93e6a01cc..6467a09796 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -702,6 +702,9 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */
QEMU_CAPS_NETDEV_STREAM_RECONNECT_MILISECONDS, /* 'reconnect-ms' option for netdev stream supported */
QEMU_CAPS_BLOCKDEV_SET_ACTIVE, /* blockdev-set-active QMP command supported */
+ /* 470 */
+ QEMU_CAPS_DEVICE_VIRTIO_MEM_CCW, /* -device virtio-mem-ccw */
+
QEMU_CAPS_LAST /* this must always be the last item */
} virQEMUCapsFlags;
diff --git a/tests/qemucapabilitiesdata/caps_10.0.0_s390x.xml b/tests/qemucapabilitiesdata/caps_10.0.0_s390x.xml
index 5c5ab096d1..82cabd13b2 100644
--- a/tests/qemucapabilitiesdata/caps_10.0.0_s390x.xml
+++ b/tests/qemucapabilitiesdata/caps_10.0.0_s390x.xml
@@ -139,6 +139,7 @@
<flag name='chardev-reconnect-miliseconds'/>
<flag name='virtio-ccw.loadparm'/>
<flag name='netdev-stream-reconnect-miliseconds'/>
+ <flag name='virtio-mem-ccw'/>
<version>9002050</version>
<microcodeVersion>39100285</microcodeVersion>
<package>v9.2.0-1203-gd6430c17d7</package>
--
2.49.0

95
SOURCES/libvirt-qemu_command-Use-qemuBuildVirtioDevProps-to-build-cmd-line-for-virtio-mem-and-virtio-pmem.patch Normal file
View File

@ -0,0 +1,95 @@
From 782c337fb48b56a50ed85cbfe1dc3a8a1342ac08 Mon Sep 17 00:00:00 2001
Message-ID: <782c337fb48b56a50ed85cbfe1dc3a8a1342ac08.1744876588.git.jdenemar@redhat.com>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Mon, 13 Jan 2025 15:48:03 +0100
Subject: [PATCH] qemu_command: Use qemuBuildVirtioDevProps() to build cmd line
for virtio-mem and virtio-pmem
Both, virtio-mem and virtio-pmem devices follow traditional QEMU
naming convention: their suffix determines what bus they live on.
For instance, virtio-mem-pci, virtio-mem-ccw, virtio-pmem-pci.
We already have a function that constructs device name following
this convention: qemuBuildVirtioDevGetConfigDev().
While there's no virtio-pmem-ccw device yet, the function can
still be used.
Another advantage of using the function is - it'll be easier in
future when we want to configure various virtio aspects of memory
devices (like ats, iommu_platform, etc.).
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
(cherry picked from commit 89d56c41ac16452eb5f6f27eb87658277b270f83)
Resolves: https://issues.redhat.com/browse/RHEL-72976
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_command.c | 28 ++++++++++++++++++++++++----
1 file changed, 24 insertions(+), 4 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index b7d61edd19..fb70c79a94 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -967,6 +967,23 @@ qemuBuildVirtioDevGetConfigDev(const virDomainDeviceDef *device,
break;
}
+ case VIR_DOMAIN_DEVICE_MEMORY:
+ switch (device->data.memory->model) {
+ case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
+ *baseName = "virtio-pmem";
+ break;
+ case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM:
+ *baseName = "virtio-mem";
+ break;
+ case VIR_DOMAIN_MEMORY_MODEL_DIMM:
+ case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
+ case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
+ case VIR_DOMAIN_MEMORY_MODEL_NONE:
+ case VIR_DOMAIN_MEMORY_MODEL_LAST:
+ break;
+ }
+ break;
+
case VIR_DOMAIN_DEVICE_LEASE:
case VIR_DOMAIN_DEVICE_WATCHDOG:
case VIR_DOMAIN_DEVICE_GRAPHICS:
@@ -979,7 +996,6 @@ qemuBuildVirtioDevGetConfigDev(const virDomainDeviceDef *device,
case VIR_DOMAIN_DEVICE_SHMEM:
case VIR_DOMAIN_DEVICE_TPM:
case VIR_DOMAIN_DEVICE_PANIC:
- case VIR_DOMAIN_DEVICE_MEMORY:
case VIR_DOMAIN_DEVICE_IOMMU:
case VIR_DOMAIN_DEVICE_AUDIO:
case VIR_DOMAIN_DEVICE_PSTORE:
@@ -3487,12 +3503,16 @@ qemuBuildMemoryDeviceProps(virQEMUDriverConfig *cfg,
break;
case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
- device = "virtio-pmem-pci";
+ /* Deliberately not setting @device. */
+ if (!(props = qemuBuildVirtioDevProps(VIR_DOMAIN_DEVICE_MEMORY, mem, priv->qemuCaps)))
+ return NULL;
address = mem->target.virtio_pmem.address;
break;
case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM:
- device = "virtio-mem-pci";
+ /* Deliberately not setting @device. */
+ if (!(props = qemuBuildVirtioDevProps(VIR_DOMAIN_DEVICE_MEMORY, mem, priv->qemuCaps)))
+ return NULL;
if (virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_DEVICE_VIRTIO_MEM_PCI_PREALLOC) &&
qemuBuildMemoryGetPagesize(cfg, def, mem, NULL, NULL, NULL, &prealloc) < 0)
@@ -3514,7 +3534,7 @@ qemuBuildMemoryDeviceProps(virQEMUDriverConfig *cfg,
}
if (virJSONValueObjectAdd(&props,
- "s:driver", device,
+ "S:driver", device,
"k:node", mem->targetNode,
"P:label-size", labelsize * 1024,
"P:block-size", blocksize * 1024,
--
2.49.0

48
SOURCES/libvirt-qemu_domain_address-fix-CCW-virtio-mem-hotplug.patch Normal file
View File

@ -0,0 +1,48 @@
From 82f30944276f1cbb997ee42bad66c37cc059067e Mon Sep 17 00:00:00 2001
Message-ID: <82f30944276f1cbb997ee42bad66c37cc059067e.1744876588.git.jdenemar@redhat.com>
From: Boris Fiuczynski <fiuczy@linux.ibm.com>
Date: Tue, 18 Mar 2025 14:48:50 +0100
Subject: [PATCH] qemu_domain_address: fix CCW virtio-mem hotplug
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Since commit f23f8ff91a virtio-mem supports also CCW. When hotplugging a
virtio-mem device with a CCW address results in a PCI device getting
attached. The method qemuDomainAssignMemoryDeviceSlot is only
considering PCI as address type and overwriting the CCW address. Adding
support for address type CCW.
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 9ef080d6d94643fffc413127bff2b2b008a11b27)
Resolves: https://issues.redhat.com/browse/RHEL-72976
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_domain_address.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_domain_address.c b/src/qemu/qemu_domain_address.c
index 970ae3949d..b73ac9ebf1 100644
--- a/src/qemu/qemu_domain_address.c
+++ b/src/qemu/qemu_domain_address.c
@@ -3073,6 +3073,7 @@ qemuDomainAssignMemoryDeviceSlot(virDomainObj *vm,
virDomainMemoryDef *mem)
{
g_autoptr(virBitmap) slotmap = NULL;
+ bool releaseaddr = false;
virDomainDeviceDef dev = {.type = VIR_DOMAIN_DEVICE_MEMORY, .data.memory = mem};
switch (mem->model) {
@@ -3086,7 +3087,7 @@ qemuDomainAssignMemoryDeviceSlot(virDomainObj *vm,
case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM:
- return qemuDomainEnsurePCIAddress(vm, &dev);
+ return qemuDomainEnsureVirtioAddress(&releaseaddr, vm, &dev);
break;
case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
--
2.49.0

122
SOURCES/libvirt-qemu_firmware-Pick-the-right-firmware-for-TDX-guests.patch Normal file
View File

@ -0,0 +1,122 @@
From 53970ee6e429594f696f6e8056a7f5240c825974 Mon Sep 17 00:00:00 2001
Message-ID: <53970ee6e429594f696f6e8056a7f5240c825974.1759835600.git.jdenemar@redhat.com>
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date: Thu, 10 Jul 2025 03:21:15 -0400
Subject: [PATCH] qemu_firmware: Pick the right firmware for TDX guests
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The firmware descriptors have 'intel-tdx' feature which
describes whether firmware is suitable for TDX guests.
Provide necessary implementation to detect the feature and pick
the right firmware if guest is TDX enabled.
Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
(cherry picked from commit 2dec0d9ede0546f5db9d36c2baddb9d94c83a435)
Resolves: https://issues.redhat.com/browse/RHEL-111840
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
src/qemu/qemu_firmware.c | 21 ++++++++++++++++++-
.../firmware/60-edk2-ovmf-x64-inteltdx.json | 1 +
2 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
index 6c65a2751b..f10137144e 100644
--- a/src/qemu/qemu_firmware.c
+++ b/src/qemu/qemu_firmware.c
@@ -149,6 +149,7 @@ typedef enum {
QEMU_FIRMWARE_FEATURE_AMD_SEV,
QEMU_FIRMWARE_FEATURE_AMD_SEV_ES,
QEMU_FIRMWARE_FEATURE_AMD_SEV_SNP,
+ QEMU_FIRMWARE_FEATURE_INTEL_TDX,
QEMU_FIRMWARE_FEATURE_ENROLLED_KEYS,
QEMU_FIRMWARE_FEATURE_REQUIRES_SMM,
QEMU_FIRMWARE_FEATURE_SECURE_BOOT,
@@ -167,6 +168,7 @@ VIR_ENUM_IMPL(qemuFirmwareFeature,
"amd-sev",
"amd-sev-es",
"amd-sev-snp",
+ "intel-tdx",
"enrolled-keys",
"requires-smm",
"secure-boot",
@@ -1158,6 +1160,7 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
bool supportsSEV = false;
bool supportsSEVES = false;
bool supportsSEVSNP = false;
+ bool supportsTDX = false;
bool supportsSecureBoot = false;
bool hasEnrolledKeys = false;
int reqSecureBoot;
@@ -1209,6 +1212,10 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
supportsSEVSNP = true;
break;
+ case QEMU_FIRMWARE_FEATURE_INTEL_TDX:
+ supportsTDX = true;
+ break;
+
case QEMU_FIRMWARE_FEATURE_REQUIRES_SMM:
requiresSMM = true;
break;
@@ -1370,9 +1377,18 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
return false;
}
break;
- case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+
case VIR_DOMAIN_LAUNCH_SECURITY_TDX:
+ if (!supportsTDX) {
+ VIR_DEBUG("Domain requires TDX, firmware '%s' doesn't support it",
+ path);
+ return false;
+ }
break;
+
+ case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+ break;
+
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
virReportEnumRangeError(virDomainLaunchSecurity, def->sec->sectype);
@@ -1490,6 +1506,7 @@ qemuFirmwareEnableFeaturesModern(virDomainDef *def,
case QEMU_FIRMWARE_FEATURE_AMD_SEV:
case QEMU_FIRMWARE_FEATURE_AMD_SEV_ES:
case QEMU_FIRMWARE_FEATURE_AMD_SEV_SNP:
+ case QEMU_FIRMWARE_FEATURE_INTEL_TDX:
case QEMU_FIRMWARE_FEATURE_VERBOSE_DYNAMIC:
case QEMU_FIRMWARE_FEATURE_VERBOSE_STATIC:
case QEMU_FIRMWARE_FEATURE_NONE:
@@ -1541,6 +1558,7 @@ qemuFirmwareSanityCheck(const qemuFirmware *fw,
case QEMU_FIRMWARE_FEATURE_AMD_SEV:
case QEMU_FIRMWARE_FEATURE_AMD_SEV_ES:
case QEMU_FIRMWARE_FEATURE_AMD_SEV_SNP:
+ case QEMU_FIRMWARE_FEATURE_INTEL_TDX:
case QEMU_FIRMWARE_FEATURE_VERBOSE_DYNAMIC:
case QEMU_FIRMWARE_FEATURE_VERBOSE_STATIC:
case QEMU_FIRMWARE_FEATURE_LAST:
@@ -1981,6 +1999,7 @@ qemuFirmwareGetSupported(const char *machine,
case QEMU_FIRMWARE_FEATURE_AMD_SEV:
case QEMU_FIRMWARE_FEATURE_AMD_SEV_ES:
case QEMU_FIRMWARE_FEATURE_AMD_SEV_SNP:
+ case QEMU_FIRMWARE_FEATURE_INTEL_TDX:
case QEMU_FIRMWARE_FEATURE_ENROLLED_KEYS:
case QEMU_FIRMWARE_FEATURE_SECURE_BOOT:
case QEMU_FIRMWARE_FEATURE_VERBOSE_DYNAMIC:
diff --git a/tests/qemufirmwaredata/out/usr/share/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json b/tests/qemufirmwaredata/out/usr/share/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json
index d002ec7386..2630b57b05 100644
--- a/tests/qemufirmwaredata/out/usr/share/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json
+++ b/tests/qemufirmwaredata/out/usr/share/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json
@@ -16,6 +16,7 @@
],
"features": [
"enrolled-keys",
+ "intel-tdx",
"secure-boot",
"verbose-dynamic"
]
--
2.51.0

50
SOURCES/libvirt-qemu_snapshot-allow-reverting-to-external-disk-only-snapshot.patch Normal file
View File

@ -0,0 +1,50 @@
From b0282d5149f90b155a38881f92e3263bd23d9878 Mon Sep 17 00:00:00 2001
Message-ID: <b0282d5149f90b155a38881f92e3263bd23d9878.1741876175.git.jdenemar@redhat.com>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 31 Jan 2024 17:14:28 +0100
Subject: [PATCH] qemu_snapshot: allow reverting to external disk only snapshot
When snapshot is created with disk-only flag it is always external
snapshot without memory state. Historically when there was not support
to revert external snapshots this produced error message.
error: Failed to revert snapshot s1
error: internal error: Invalid target domain state 'disk-snapshot'. Refusing snapshot reversion
Now we can simply consider this as reverting to offline snapshot as the
possible damage to file system is already done at the point of snapshot
creation.
Resolves: https://issues.redhat.com/browse/RHEL-21549
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
(cherry picked from commit 443ae4adec3a94a575ea2acaa112188e721c7dfe)
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
src/qemu/qemu_snapshot.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/qemu/qemu_snapshot.c b/src/qemu/qemu_snapshot.c
index b1f4ebb995..3a8510c69e 100644
--- a/src/qemu/qemu_snapshot.c
+++ b/src/qemu/qemu_snapshot.c
@@ -2884,6 +2884,7 @@ qemuSnapshotRevert(virDomainObj *vm,
case VIR_DOMAIN_SNAPSHOT_SHUTDOWN:
case VIR_DOMAIN_SNAPSHOT_SHUTOFF:
case VIR_DOMAIN_SNAPSHOT_CRASHED:
+ case VIR_DOMAIN_SNAPSHOT_DISK_SNAPSHOT:
ret = qemuSnapshotRevertInactive(vm, snapshot, snap,
driver, cfg,
&inactiveConfig,
@@ -2895,8 +2896,6 @@ qemuSnapshotRevert(virDomainObj *vm,
_("qemu doesn't support reversion of snapshot taken in PMSUSPENDED state"));
goto endjob;
- case VIR_DOMAIN_SNAPSHOT_DISK_SNAPSHOT:
- /* Rejected earlier as an external snapshot */
case VIR_DOMAIN_SNAPSHOT_NOSTATE:
case VIR_DOMAIN_SNAPSHOT_BLOCKED:
case VIR_DOMAIN_SNAPSHOT_LAST:
--
2.48.1

36
SOURCES/libvirt-qemucapabilitiesdata-Document-inteltdx-variant.patch Normal file
View File

@ -0,0 +1,36 @@
From 14406d5398bab0cde8e340964e13f992a179d4ac Mon Sep 17 00:00:00 2001
Message-ID: <14406d5398bab0cde8e340964e13f992a179d4ac.1759835599.git.jdenemar@redhat.com>
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date: Thu, 10 Jul 2025 03:21:05 -0400
Subject: [PATCH] qemucapabilitiesdata: Document '+inteltdx' variant
Upcoming patch will introduce test data from an TDX-enabled host.
Document the new variant.
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
(cherry picked from commit 4c59ff7783d1672b872cc4190df3e89ae8d4130a)
Resolves: https://issues.redhat.com/browse/RHEL-111840
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
tests/qemucapabilitiesdata/README.rst | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/tests/qemucapabilitiesdata/README.rst b/tests/qemucapabilitiesdata/README.rst
index f65f07cfca..f87bbda52b 100644
--- a/tests/qemucapabilitiesdata/README.rst
+++ b/tests/qemucapabilitiesdata/README.rst
@@ -58,6 +58,11 @@ Known test variants
for qemu.
+``+inteltdx``
+
+ Variant of the test data captured on hosts supporting INTEL TDX security
+ framework.
+
Usage in tests
==============
--
2.51.0

51568
SOURCES/libvirt-qemucapabilitiestest-Add-data-for-the-qemu-10.1.0-dev-cycle-on-x86_64-for-the-inteltdx-variant.patch Normal file
View File

File diff suppressed because it is too large Load Diff

211
SOURCES/libvirt-qemuxmlconftest-Add-latest-version-of-launch-security-tdx-test-data.patch Normal file
View File

@ -0,0 +1,211 @@
From c8561a94d58c4b90ab67f49cc963e6b431972aee Mon Sep 17 00:00:00 2001
Message-ID: <c8561a94d58c4b90ab67f49cc963e6b431972aee.1759835600.git.jdenemar@redhat.com>
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date: Thu, 10 Jul 2025 03:21:24 -0400
Subject: [PATCH] qemuxmlconftest: Add latest version of 'launch-security-tdx*'
test data
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
We now have the '+inteltdx' variant dumped from a modern qemu with tdx support,
add qemuxmlconftest data for that variant.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
(cherry picked from commit 798f748210ff7a43702adadd6037220b713d998e)
Resolves: https://issues.redhat.com/browse/RHEL-111840
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
RHEL: rename the files to not include +inteltdx
---
.../launch-security-tdx.x86_64-latest.args | 44 +++++++++++
.../launch-security-tdx.x86_64-latest.xml | 75 +++++++++++++++++++
tests/qemuxmlconfdata/launch-security-tdx.xml | 28 +++++++
tests/qemuxmlconftest.c | 3 +
4 files changed, 150 insertions(+)
create mode 100644 tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest.args
create mode 100644 tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest.xml
create mode 100644 tests/qemuxmlconfdata/launch-security-tdx.xml
diff --git a/tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest.args b/tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest.args
new file mode 100644
index 0000000000..366d553c93
--- /dev/null
+++ b/tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest.args
@@ -0,0 +1,44 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/var/lib/libvirt/qemu/domain--1-guest \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
+XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
+XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=guest,debug-threads=on \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
+-machine q35,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,acpi=off \
+-accel tcg \
+-cpu qemu64 \
+-m size=4194304k \
+-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":4294967296}' \
+-overcommit mem-lock=off \
+-smp 4,sockets=4,cores=1,threads=1 \
+-uuid 1ccfd97d-5eb4-478a-bbe6-88d254c16db7 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-boot strict=on \
+-device '{"driver":"pcie-root-port","port":16,"chassis":1,"id":"pci.1","bus":"pcie.0","multifunction":true,"addr":"0x2"}' \
+-device '{"driver":"pcie-pci-bridge","id":"pci.2","bus":"pci.1","addr":"0x0"}' \
+-device '{"driver":"pcie-root-port","port":17,"chassis":3,"id":"pci.3","bus":"pcie.0","addr":"0x2.0x1"}' \
+-device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.2","addr":"0x2"}' \
+-device '{"driver":"lsi","id":"scsi0","bus":"pci.2","addr":"0x3"}' \
+-netdev '{"type":"user","id":"hostnet0"}' \
+-device '{"driver":"rtl8139","netdev":"hostnet0","id":"net0","mac":"52:54:00:09:a4:37","bus":"pci.2","addr":"0x1"}' \
+-chardev pty,id=charserial0 \
+-device '{"driver":"isa-serial","chardev":"charserial0","id":"serial0","index":0}' \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-device '{"driver":"cirrus-vga","id":"video0","bus":"pcie.0","addr":"0x1"}' \
+-global ICH9-LPC.noreboot=off \
+-watchdog-action reset \
+-object '{"qom-type":"tdx-guest","id":"lsec0","mrconfigid":"ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWeJq83v","mrowner":"ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWeJq83v","mrownerconfig":"ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWeJq83v","quote-generation-socket":{"type":"unix","path":"/var/run/tdx-qgs/qgs.socket"},"attributes":268435456}' \
+-device '{"driver":"pvpanic"}' \
+-msg timestamp=on
diff --git a/tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest.xml b/tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest.xml
new file mode 100644
index 0000000000..757fbdabbb
--- /dev/null
+++ b/tests/qemuxmlconfdata/launch-security-tdx.x86_64-latest.xml
@@ -0,0 +1,75 @@
+<domain type='qemu'>
+ <name>guest</name>
+ <uuid>1ccfd97d-5eb4-478a-bbe6-88d254c16db7</uuid>
+ <memory unit='KiB'>4194304</memory>
+ <currentMemory unit='KiB'>4194304</currentMemory>
+ <vcpu placement='static'>4</vcpu>
+ <os>
+ <type arch='x86_64' machine='q35'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <cpu mode='custom' match='exact' check='none'>
+ <model fallback='forbid'>qemu64</model>
+ </cpu>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' index='0' model='piix3-uhci'>
+ <address type='pci' domain='0x0000' bus='0x02' slot='0x02' function='0x0'/>
+ </controller>
+ <controller type='scsi' index='0' model='lsilogic'>
+ <address type='pci' domain='0x0000' bus='0x02' slot='0x03' function='0x0'/>
+ </controller>
+ <controller type='sata' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
+ </controller>
+ <controller type='pci' index='0' model='pcie-root'/>
+ <controller type='pci' index='1' model='pcie-root-port'>
+ <model name='pcie-root-port'/>
+ <target chassis='1' port='0x10'/>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/>
+ </controller>
+ <controller type='pci' index='2' model='pcie-to-pci-bridge'>
+ <model name='pcie-pci-bridge'/>
+ <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
+ </controller>
+ <controller type='pci' index='3' model='pcie-root-port'>
+ <model name='pcie-root-port'/>
+ <target chassis='3' port='0x11'/>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
+ </controller>
+ <interface type='user'>
+ <mac address='52:54:00:09:a4:37'/>
+ <model type='rtl8139'/>
+ <address type='pci' domain='0x0000' bus='0x02' slot='0x01' function='0x0'/>
+ </interface>
+ <serial type='pty'>
+ <target type='isa-serial' port='0'>
+ <model name='isa-serial'/>
+ </target>
+ </serial>
+ <console type='pty'>
+ <target type='serial' port='0'/>
+ </console>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <audio id='1' type='none'/>
+ <video>
+ <model type='cirrus' vram='16384' heads='1' primary='yes'/>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
+ </video>
+ <watchdog model='itco' action='reset'/>
+ <memballoon model='none'/>
+ <panic model='isa'/>
+ </devices>
+ <launchSecurity type='tdx'>
+ <policy>0x10000000</policy>
+ <mrConfigId>ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWeJq83v</mrConfigId>
+ <mrOwner>ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWeJq83v</mrOwner>
+ <mrOwnerConfig>ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWeJq83v</mrOwnerConfig>
+ <quoteGenerationService path='/var/run/tdx-qgs/qgs.socket'/>
+ </launchSecurity>
+</domain>
diff --git a/tests/qemuxmlconfdata/launch-security-tdx.xml b/tests/qemuxmlconfdata/launch-security-tdx.xml
new file mode 100644
index 0000000000..07e3ae6db8
--- /dev/null
+++ b/tests/qemuxmlconfdata/launch-security-tdx.xml
@@ -0,0 +1,28 @@
+<domain type='qemu'>
+ <name>guest</name>
+ <uuid>1ccfd97d-5eb4-478a-bbe6-88d254c16db7</uuid>
+ <memory>4194304</memory>
+ <vcpu>4</vcpu>
+ <os>
+ <type arch='x86_64' machine='q35'>hvm</type>
+ </os>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb'/>
+ <controller type='scsi'/>
+ <interface type='user'>
+ <mac address='52:54:00:09:a4:37'/>
+ </interface>
+ <serial type='pty'/>
+ <video/>
+ <memballoon model='none'/>
+ <panic/>
+ </devices>
+ <launchSecurity type='tdx'>
+ <policy>0x10000000</policy>
+ <mrConfigId>ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWeJq83v</mrConfigId>
+ <mrOwner>ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWeJq83v</mrOwner>
+ <mrOwnerConfig>ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWeJq83v</mrOwnerConfig>
+ <quoteGenerationService path='/var/run/tdx-qgs/qgs.socket'/>
+ </launchSecurity>
+</domain>
diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
index a0af6429d1..5683e76599 100644
--- a/tests/qemuxmlconftest.c
+++ b/tests/qemuxmlconftest.c
@@ -2893,6 +2893,9 @@ mymain(void)
DO_TEST_CAPS_ARCH_LATEST("launch-security-s390-pv", "s390x");
+ DO_TEST_CAPS_ARCH_LATEST_FULL("launch-security-tdx", "x86_64",
+ ARG_CAPS_VARIANT, "+inteltdx", ARG_END);
+
DO_TEST_CAPS_LATEST("vhost-user-fs-fd-memory");
DO_TEST_CAPS_LATEST("vhost-user-fs-fd-openfiles");
DO_TEST_CAPS_LATEST("vhost-user-fs-hugepages");
--
2.51.0

242
SOURCES/libvirt-qemuxmlconftest-Drop-s390-default-cpu-.ccw-virtio-2.7-test-cases.patch Normal file
View File

@ -0,0 +1,242 @@
From 09dc3f583b342ef35b1ead29ff5d09d76140590c Mon Sep 17 00:00:00 2001
Message-ID: <09dc3f583b342ef35b1ead29ff5d09d76140590c.1744876588.git.jdenemar@redhat.com>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 14 Jan 2025 12:16:06 +0100
Subject: [PATCH] qemuxmlconftest: Drop s390-default-cpu-...ccw-virtio-2.7 test
cases
In its upstream commit [1], qemu dropped s390-2.7 machine type,
then in commit [2] the s390-2.8 machine type was dropped. But as
Thomas Huth pointed out, any machine type that's older than 6
years is subject to removal [3]. This means, any machine type
older than 4.1 is going to be removed eventually.
We have two test cases that assumes existence of 2.7 machine type.
While they could be switched to 4.1 machine type, we also have
another test case that already check 4.2 machine type.
Therefore, just drop the 2.7 ones.
1: https://gitlab.com/qemu-project/qemu/-/commit/3199c7ee76089fb6844f6b2bed1f5d3d99a7527c
2: https://gitlab.com/qemu-project/qemu/-/commit/66924fe36977d9d9e45ba3e0b6e851ee170507f6
3: https://gitlab.com/qemu-project/qemu/-/commit/ce80c4fa6ff0f5c379bba7db74d04593e9fb12f2
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
(cherry picked from commit 4933dfcce02baa941da6dd9e5b111d36d63ef900)
Resolves: https://issues.redhat.com/browse/RHEL-72976
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
...t-cpu-kvm-ccw-virtio-2.7.s390x-latest.args | 32 -------------------
...lt-cpu-kvm-ccw-virtio-2.7.s390x-latest.xml | 25 ---------------
.../s390-default-cpu-kvm-ccw-virtio-2.7.xml | 16 ----------
...t-cpu-tcg-ccw-virtio-2.7.s390x-latest.args | 32 -------------------
...lt-cpu-tcg-ccw-virtio-2.7.s390x-latest.xml | 27 ----------------
.../s390-default-cpu-tcg-ccw-virtio-2.7.xml | 16 ----------
tests/qemuxmlconftest.c | 2 --
7 files changed, 150 deletions(-)
delete mode 100644 tests/qemuxmlconfdata/s390-default-cpu-kvm-ccw-virtio-2.7.s390x-latest.args
delete mode 100644 tests/qemuxmlconfdata/s390-default-cpu-kvm-ccw-virtio-2.7.s390x-latest.xml
delete mode 100644 tests/qemuxmlconfdata/s390-default-cpu-kvm-ccw-virtio-2.7.xml
delete mode 100644 tests/qemuxmlconfdata/s390-default-cpu-tcg-ccw-virtio-2.7.s390x-latest.args
delete mode 100644 tests/qemuxmlconfdata/s390-default-cpu-tcg-ccw-virtio-2.7.s390x-latest.xml
delete mode 100644 tests/qemuxmlconfdata/s390-default-cpu-tcg-ccw-virtio-2.7.xml
diff --git a/tests/qemuxmlconfdata/s390-default-cpu-kvm-ccw-virtio-2.7.s390x-latest.args b/tests/qemuxmlconfdata/s390-default-cpu-kvm-ccw-virtio-2.7.s390x-latest.args
deleted file mode 100644
index 0d44697425..0000000000
--- a/tests/qemuxmlconfdata/s390-default-cpu-kvm-ccw-virtio-2.7.s390x-latest.args
+++ /dev/null
@@ -1,32 +0,0 @@
-LC_ALL=C \
-PATH=/bin \
-HOME=/var/lib/libvirt/qemu/domain--1-test \
-USER=test \
-LOGNAME=test \
-XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-test/.local/share \
-XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-test/.cache \
-XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-test/.config \
-/usr/bin/qemu-system-s390x \
--name guest=test,debug-threads=on \
--S \
--object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-test/master-key.aes"}' \
--machine s390-ccw-virtio-2.7,usb=off,dump-guest-core=off,memory-backend=s390.ram \
--accel kvm \
--cpu host \
--m size=262144k \
--object '{"qom-type":"memory-backend-ram","id":"s390.ram","size":268435456}' \
--overcommit mem-lock=off \
--smp 1,sockets=1,cores=1,threads=1 \
--uuid 9aa4b45c-b9dd-45ef-91fe-862b27b4231f \
--display none \
--no-user-config \
--nodefaults \
--chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
--mon chardev=charmonitor,id=monitor,mode=control \
--rtc base=utc \
--no-shutdown \
--boot strict=on \
--audiodev '{"id":"audio1","driver":"none"}' \
--device '{"driver":"virtio-balloon-ccw","id":"balloon0","devno":"fe.0.0000"}' \
--sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
--msg timestamp=on
diff --git a/tests/qemuxmlconfdata/s390-default-cpu-kvm-ccw-virtio-2.7.s390x-latest.xml b/tests/qemuxmlconfdata/s390-default-cpu-kvm-ccw-virtio-2.7.s390x-latest.xml
deleted file mode 100644
index ae39e6277d..0000000000
--- a/tests/qemuxmlconfdata/s390-default-cpu-kvm-ccw-virtio-2.7.s390x-latest.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<domain type='kvm'>
- <name>test</name>
- <uuid>9aa4b45c-b9dd-45ef-91fe-862b27b4231f</uuid>
- <memory unit='KiB'>262144</memory>
- <currentMemory unit='KiB'>262144</currentMemory>
- <vcpu placement='static'>1</vcpu>
- <os>
- <type arch='s390x' machine='s390-ccw-virtio-2.7'>hvm</type>
- <boot dev='hd'/>
- </os>
- <cpu mode='host-passthrough' check='none'/>
- <clock offset='utc'/>
- <on_poweroff>destroy</on_poweroff>
- <on_reboot>restart</on_reboot>
- <on_crash>destroy</on_crash>
- <devices>
- <emulator>/usr/bin/qemu-system-s390x</emulator>
- <controller type='pci' index='0' model='pci-root'/>
- <audio id='1' type='none'/>
- <memballoon model='virtio'>
- <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0000'/>
- </memballoon>
- <panic model='s390'/>
- </devices>
-</domain>
diff --git a/tests/qemuxmlconfdata/s390-default-cpu-kvm-ccw-virtio-2.7.xml b/tests/qemuxmlconfdata/s390-default-cpu-kvm-ccw-virtio-2.7.xml
deleted file mode 100644
index a3c1804f57..0000000000
--- a/tests/qemuxmlconfdata/s390-default-cpu-kvm-ccw-virtio-2.7.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<domain type='kvm'>
- <name>test</name>
- <uuid>9aa4b45c-b9dd-45ef-91fe-862b27b4231f</uuid>
- <memory>262144</memory>
- <currentMemory>262144</currentMemory>
- <os>
- <type arch='s390x' machine='s390-ccw-virtio-2.7'>hvm</type>
- </os>
- <clock offset='utc'/>
- <on_poweroff>destroy</on_poweroff>
- <on_reboot>restart</on_reboot>
- <on_crash>destroy</on_crash>
- <devices>
- <emulator>/usr/bin/qemu-system-s390x</emulator>
- </devices>
-</domain>
diff --git a/tests/qemuxmlconfdata/s390-default-cpu-tcg-ccw-virtio-2.7.s390x-latest.args b/tests/qemuxmlconfdata/s390-default-cpu-tcg-ccw-virtio-2.7.s390x-latest.args
deleted file mode 100644
index 06b3f5733e..0000000000
--- a/tests/qemuxmlconfdata/s390-default-cpu-tcg-ccw-virtio-2.7.s390x-latest.args
+++ /dev/null
@@ -1,32 +0,0 @@
-LC_ALL=C \
-PATH=/bin \
-HOME=/var/lib/libvirt/qemu/domain--1-test \
-USER=test \
-LOGNAME=test \
-XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-test/.local/share \
-XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-test/.cache \
-XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-test/.config \
-/usr/bin/qemu-system-s390x \
--name guest=test,debug-threads=on \
--S \
--object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-test/master-key.aes"}' \
--machine s390-ccw-virtio-2.7,usb=off,dump-guest-core=off,memory-backend=s390.ram \
--accel tcg \
--cpu qemu \
--m size=262144k \
--object '{"qom-type":"memory-backend-ram","id":"s390.ram","size":268435456}' \
--overcommit mem-lock=off \
--smp 1,sockets=1,cores=1,threads=1 \
--uuid 9aa4b45c-b9dd-45ef-91fe-862b27b4231f \
--display none \
--no-user-config \
--nodefaults \
--chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
--mon chardev=charmonitor,id=monitor,mode=control \
--rtc base=utc \
--no-shutdown \
--boot strict=on \
--audiodev '{"id":"audio1","driver":"none"}' \
--device '{"driver":"virtio-balloon-ccw","id":"balloon0","devno":"fe.0.0000"}' \
--sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
--msg timestamp=on
diff --git a/tests/qemuxmlconfdata/s390-default-cpu-tcg-ccw-virtio-2.7.s390x-latest.xml b/tests/qemuxmlconfdata/s390-default-cpu-tcg-ccw-virtio-2.7.s390x-latest.xml
deleted file mode 100644
index f4f9e724a9..0000000000
--- a/tests/qemuxmlconfdata/s390-default-cpu-tcg-ccw-virtio-2.7.s390x-latest.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<domain type='qemu'>
- <name>test</name>
- <uuid>9aa4b45c-b9dd-45ef-91fe-862b27b4231f</uuid>
- <memory unit='KiB'>262144</memory>
- <currentMemory unit='KiB'>262144</currentMemory>
- <vcpu placement='static'>1</vcpu>
- <os>
- <type arch='s390x' machine='s390-ccw-virtio-2.7'>hvm</type>
- <boot dev='hd'/>
- </os>
- <cpu mode='custom' match='exact' check='none'>
- <model fallback='forbid'>qemu</model>
- </cpu>
- <clock offset='utc'/>
- <on_poweroff>destroy</on_poweroff>
- <on_reboot>restart</on_reboot>
- <on_crash>destroy</on_crash>
- <devices>
- <emulator>/usr/bin/qemu-system-s390x</emulator>
- <controller type='pci' index='0' model='pci-root'/>
- <audio id='1' type='none'/>
- <memballoon model='virtio'>
- <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0000'/>
- </memballoon>
- <panic model='s390'/>
- </devices>
-</domain>
diff --git a/tests/qemuxmlconfdata/s390-default-cpu-tcg-ccw-virtio-2.7.xml b/tests/qemuxmlconfdata/s390-default-cpu-tcg-ccw-virtio-2.7.xml
deleted file mode 100644
index 3451e9d81f..0000000000
--- a/tests/qemuxmlconfdata/s390-default-cpu-tcg-ccw-virtio-2.7.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<domain type='qemu'>
- <name>test</name>
- <uuid>9aa4b45c-b9dd-45ef-91fe-862b27b4231f</uuid>
- <memory>262144</memory>
- <currentMemory>262144</currentMemory>
- <os>
- <type arch='s390x' machine='s390-ccw-virtio-2.7'>hvm</type>
- </os>
- <clock offset='utc'/>
- <on_poweroff>destroy</on_poweroff>
- <on_reboot>restart</on_reboot>
- <on_crash>destroy</on_crash>
- <devices>
- <emulator>/usr/bin/qemu-system-s390x</emulator>
- </devices>
-</domain>
diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
index 2007944c29..00a7677ea7 100644
--- a/tests/qemuxmlconftest.c
+++ b/tests/qemuxmlconftest.c
@@ -2925,8 +2925,6 @@ mymain(void)
DO_TEST_CAPS_ARCH_LATEST("ppc64-default-cpu-tcg-pseries-3.1", "ppc64");
DO_TEST_CAPS_ARCH_LATEST("ppc64-default-cpu-kvm-pseries-4.2", "ppc64");
DO_TEST_CAPS_ARCH_LATEST("ppc64-default-cpu-tcg-pseries-4.2", "ppc64");
- DO_TEST_CAPS_ARCH_LATEST("s390-default-cpu-kvm-ccw-virtio-2.7", "s390x");
- DO_TEST_CAPS_ARCH_LATEST("s390-default-cpu-tcg-ccw-virtio-2.7", "s390x");
DO_TEST_CAPS_ARCH_LATEST("s390-default-cpu-kvm-ccw-virtio-4.2", "s390x");
DO_TEST_CAPS_ARCH_LATEST("s390-default-cpu-tcg-ccw-virtio-4.2", "s390x");
DO_TEST_CAPS_ARCH_LATEST("x86_64-default-cpu-kvm-pc-4.2", "x86_64");
--
2.49.0

8
SOURCES/libvirt-qemuxmlconftest-Include-shared-memory-net-vhostuser-test-cases.patch
View File

@ -1,5 +1,5 @@
From 4b43cc2ee96aefe625ca2f377cab56132b15b84f Mon Sep 17 00:00:00 2001
Message-ID: <4b43cc2ee96aefe625ca2f377cab56132b15b84f.1754419286.git.jdenemar@redhat.com>
From c8df999c2129645b26c043a81b051b330c05ba46 Mon Sep 17 00:00:00 2001
Message-ID: <c8df999c2129645b26c043a81b051b330c05ba46.1742990721.git.jdenemar@redhat.com>
From: Peter Krempa <pkrempa@redhat.com>
Date: Tue, 11 Mar 2025 09:01:03 +0100
Subject: [PATCH] qemuxmlconftest: Include shared memory 'net-vhostuser' test
@ -18,7 +18,7 @@ Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 779a975355dcb34898abaefdf8968c214a66ebf1)
https://issues.redhat.com/browse/RHEL-106504
https://issues.redhat.com/browse/RHEL-84133
---
tests/qemuxmlconfdata/net-vhostuser-fail.x86_64-latest.xml | 3 +++
tests/qemuxmlconfdata/net-vhostuser-fail.xml | 3 +++
@ -141,4 +141,4 @@ index e55a30a54f..91d1abc027 100644
<os>
<type arch='x86_64' machine='pc'>hvm</type>
--
2.50.1
2.49.0

215
SOURCES/libvirt-qemuxmlconftest-Introduce-memory-hotplug-virtio-mem-ccw-s390x.xml.patch Normal file
View File

@ -0,0 +1,215 @@
From e0b10b2446247933187b1ecb718e6405e08c7e57 Mon Sep 17 00:00:00 2001
Message-ID: <e0b10b2446247933187b1ecb718e6405e08c7e57.1744876588.git.jdenemar@redhat.com>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 28 Jan 2025 08:54:36 +0100
Subject: [PATCH] qemuxmlconftest: Introduce
memory-hotplug-virtio-mem-ccw-s390x.xml
This is similar to emuxmlconfdata/memory-hotplug-virtio-mem-pci-s390x.xml
except the explicit placement of virtio-mem onto a PCI bus is removed.
This results in virtio-mem being placed onto CCW "bus" this demonstrating
previous commits working as expected.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
(cherry picked from commit f23f8ff91a35ac6939f75f1cae1c5ced9ba4a02c)
Resolves: https://issues.redhat.com/browse/RHEL-72976
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
...lug-virtio-mem-ccw-s390x.s390x-latest.args | 39 ++++++++++++
...plug-virtio-mem-ccw-s390x.s390x-latest.xml | 60 +++++++++++++++++++
.../memory-hotplug-virtio-mem-ccw-s390x.xml | 57 ++++++++++++++++++
tests/qemuxmlconftest.c | 1 +
4 files changed, 157 insertions(+)
create mode 100644 tests/qemuxmlconfdata/memory-hotplug-virtio-mem-ccw-s390x.s390x-latest.args
create mode 100644 tests/qemuxmlconfdata/memory-hotplug-virtio-mem-ccw-s390x.s390x-latest.xml
create mode 100644 tests/qemuxmlconfdata/memory-hotplug-virtio-mem-ccw-s390x.xml
diff --git a/tests/qemuxmlconfdata/memory-hotplug-virtio-mem-ccw-s390x.s390x-latest.args b/tests/qemuxmlconfdata/memory-hotplug-virtio-mem-ccw-s390x.s390x-latest.args
new file mode 100644
index 0000000000..a6bbef5ce7
--- /dev/null
+++ b/tests/qemuxmlconfdata/memory-hotplug-virtio-mem-ccw-s390x.s390x-latest.args
@@ -0,0 +1,39 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1 \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.local/share \
+XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.cache \
+XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
+/usr/bin/qemu-system-s390x \
+-name guest=QEMUGuest1,debug-threads=on \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-QEMUGuest1/master-key.aes"}' \
+-machine s390-ccw-virtio,usb=off,dump-guest-core=off \
+-accel kvm \
+-cpu gen16a-base \
+-m size=2095104k,maxmem=1099511627776k \
+-overcommit mem-lock=off \
+-smp 2,sockets=2,cores=1,threads=1 \
+-object '{"qom-type":"memory-backend-ram","id":"ram-node0","size":2145386496}' \
+-numa node,nodeid=0,cpus=0-1,memdev=ram-node0 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-boot strict=on \
+-object '{"qom-type":"memory-backend-ram","id":"memvirtiomem0","reserve":false,"size":1073741824}' \
+-device '{"driver":"virtio-mem-ccw","node":0,"block-size":2097152,"requested-size":536870912,"memdev":"memvirtiomem0","id":"virtiomem0","devno":"fe.0.0002"}' \
+-object '{"qom-type":"memory-backend-file","id":"memvirtiomem1","mem-path":"/dev/hugepages2M/libvirt/qemu/-1-QEMUGuest1","reserve":false,"size":2147483648,"host-nodes":[1,2,3],"policy":"bind"}' \
+-device '{"driver":"virtio-mem-ccw","node":0,"block-size":2097152,"requested-size":1073741824,"memdev":"memvirtiomem1","prealloc":true,"memaddr":5637144576,"dynamic-memslots":true,"id":"virtiomem1","devno":"fe.0.0003"}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-storage","id":"virtio-disk0","bootindex":1}' \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-device '{"driver":"virtio-balloon-ccw","id":"balloon0","devno":"fe.0.0001"}' \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+-msg timestamp=on
diff --git a/tests/qemuxmlconfdata/memory-hotplug-virtio-mem-ccw-s390x.s390x-latest.xml b/tests/qemuxmlconfdata/memory-hotplug-virtio-mem-ccw-s390x.s390x-latest.xml
new file mode 100644
index 0000000000..fe18b1ec7b
--- /dev/null
+++ b/tests/qemuxmlconfdata/memory-hotplug-virtio-mem-ccw-s390x.s390x-latest.xml
@@ -0,0 +1,60 @@
+<domain type='kvm'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <maxMemory unit='KiB'>1099511627776</maxMemory>
+ <memory unit='KiB'>8388608</memory>
+ <currentMemory unit='KiB'>8388608</currentMemory>
+ <vcpu placement='static' cpuset='0-1'>2</vcpu>
+ <os>
+ <type arch='s390x' machine='s390-ccw-virtio'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <cpu mode='custom' match='exact' check='none'>
+ <model fallback='forbid'>gen16a-base</model>
+ <numa>
+ <cell id='0' cpus='0-1' memory='2095104' unit='KiB'/>
+ </numa>
+ </cpu>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-s390x</emulator>
+ <disk type='block' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source dev='/dev/HostVG/QEMUGuest1'/>
+ <target dev='hda' bus='virtio'/>
+ <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0000'/>
+ </disk>
+ <controller type='pci' index='0' model='pci-root'/>
+ <audio id='1' type='none'/>
+ <memballoon model='virtio'>
+ <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0001'/>
+ </memballoon>
+ <panic model='s390'/>
+ <memory model='virtio-mem'>
+ <target>
+ <size unit='KiB'>1048576</size>
+ <node>0</node>
+ <block unit='KiB'>2048</block>
+ <requested unit='KiB'>524288</requested>
+ </target>
+ <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0002'/>
+ </memory>
+ <memory model='virtio-mem'>
+ <source>
+ <nodemask>1-3</nodemask>
+ <pagesize unit='KiB'>2048</pagesize>
+ </source>
+ <target dynamicMemslots='yes'>
+ <size unit='KiB'>2097152</size>
+ <node>0</node>
+ <block unit='KiB'>2048</block>
+ <requested unit='KiB'>1048576</requested>
+ <address base='0x150000000'/>
+ </target>
+ <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0003'/>
+ </memory>
+ </devices>
+</domain>
diff --git a/tests/qemuxmlconfdata/memory-hotplug-virtio-mem-ccw-s390x.xml b/tests/qemuxmlconfdata/memory-hotplug-virtio-mem-ccw-s390x.xml
new file mode 100644
index 0000000000..4f9f90d1e2
--- /dev/null
+++ b/tests/qemuxmlconfdata/memory-hotplug-virtio-mem-ccw-s390x.xml
@@ -0,0 +1,57 @@
+<domain type='kvm'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <maxMemory unit='KiB'>1099511627776</maxMemory>
+ <memory unit='KiB'>8388608</memory>
+ <currentMemory unit='KiB'>8388608</currentMemory>
+ <vcpu placement='static' cpuset='0-1'>2</vcpu>
+ <os>
+ <type arch='s390x' machine='s390-ccw-virtio'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <cpu mode='custom' match='exact' check='none'>
+ <model fallback='forbid'>gen16a-base</model>
+ <numa>
+ <cell id='0' cpus='0-1' memory='2095104' unit='KiB'/>
+ </numa>
+ </cpu>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-s390x</emulator>
+ <disk type='block' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source dev='/dev/HostVG/QEMUGuest1'/>
+ <target dev='hda' bus='virtio'/>
+ <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0000'/>
+ </disk>
+ <controller type='pci' index='0' model='pci-root'/>
+ <audio id='1' type='none'/>
+ <memballoon model='virtio'>
+ <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0001'/>
+ </memballoon>
+ <memory model='virtio-mem'>
+ <target>
+ <size unit='KiB'>1048576</size>
+ <node>0</node>
+ <block unit='KiB'>2048</block>
+ <requested unit='KiB'>524288</requested>
+ </target>
+ </memory>
+ <memory model='virtio-mem'>
+ <source>
+ <nodemask>1-3</nodemask>
+ <pagesize unit='KiB'>2048</pagesize>
+ </source>
+ <target dynamicMemslots='yes'>
+ <size unit='KiB'>2097152</size>
+ <node>0</node>
+ <block unit='KiB'>2048</block>
+ <requested unit='KiB'>1048576</requested>
+ <address base='0x150000000'/>
+ </target>
+ </memory>
+ </devices>
+</domain>
diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
index 14f159b833..e88aa6da92 100644
--- a/tests/qemuxmlconftest.c
+++ b/tests/qemuxmlconftest.c
@@ -2716,6 +2716,7 @@ mymain(void)
* than other memory devices because of how they handle <labelsize/> */
DO_TEST_CAPS_LATEST("memory-hotplug-nvdimm-overlap");
DO_TEST_CAPS_ARCH_LATEST("memory-hotplug-virtio-mem-pci-s390x", "s390x");
+ DO_TEST_CAPS_ARCH_LATEST("memory-hotplug-virtio-mem-ccw-s390x", "s390x");
DO_TEST_CAPS_ARCH_LATEST("machine-aeskeywrap-on-caps", "s390x");
DO_TEST_CAPS_ARCH_LATEST("machine-aeskeywrap-on-cap", "s390x");
--
2.49.0

228
SOURCES/libvirt-qemuxmlconftest-Introduce-memory-hotplug-virtio-mem-pci-s390x.xml.patch Normal file
View File

@ -0,0 +1,228 @@
From 800b0cb9c899ff14ddfb1b8528048a780a4a5949 Mon Sep 17 00:00:00 2001
Message-ID: <800b0cb9c899ff14ddfb1b8528048a780a4a5949.1744876588.git.jdenemar@redhat.com>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Wed, 15 Jan 2025 10:45:31 +0100
Subject: [PATCH] qemuxmlconftest: Introduce
memory-hotplug-virtio-mem-pci-s390x.xml
As of v9.2.0-1413-gd77ae821e8 QEMU supports virtio-mem-pci on
s390 too. Let's add a test case for that.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
(cherry picked from commit 621373d8a850c3882f6b62777f549285a5c0ab97)
Resolves: https://issues.redhat.com/browse/RHEL-72976
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
...lug-virtio-mem-pci-s390x.s390x-latest.args | 41 +++++++++++
...plug-virtio-mem-pci-s390x.s390x-latest.xml | 71 +++++++++++++++++++
.../memory-hotplug-virtio-mem-pci-s390x.xml | 59 +++++++++++++++
tests/qemuxmlconftest.c | 1 +
4 files changed, 172 insertions(+)
create mode 100644 tests/qemuxmlconfdata/memory-hotplug-virtio-mem-pci-s390x.s390x-latest.args
create mode 100644 tests/qemuxmlconfdata/memory-hotplug-virtio-mem-pci-s390x.s390x-latest.xml
create mode 100644 tests/qemuxmlconfdata/memory-hotplug-virtio-mem-pci-s390x.xml
diff --git a/tests/qemuxmlconfdata/memory-hotplug-virtio-mem-pci-s390x.s390x-latest.args b/tests/qemuxmlconfdata/memory-hotplug-virtio-mem-pci-s390x.s390x-latest.args
new file mode 100644
index 0000000000..9704d7d5e9
--- /dev/null
+++ b/tests/qemuxmlconfdata/memory-hotplug-virtio-mem-pci-s390x.s390x-latest.args
@@ -0,0 +1,41 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1 \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.local/share \
+XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.cache \
+XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
+/usr/bin/qemu-system-s390x \
+-name guest=QEMUGuest1,debug-threads=on \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-QEMUGuest1/master-key.aes"}' \
+-machine s390-ccw-virtio,usb=off,dump-guest-core=off \
+-accel kvm \
+-cpu gen16a-base \
+-m size=2095104k,maxmem=1099511627776k \
+-overcommit mem-lock=off \
+-smp 2,sockets=2,cores=1,threads=1 \
+-object '{"qom-type":"memory-backend-ram","id":"ram-node0","size":2145386496}' \
+-numa node,nodeid=0,cpus=0-1,memdev=ram-node0 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-boot strict=on \
+-device '{"driver":"zpci","uid":1,"fid":0,"target":"pci.1","id":"zpci1"}' \
+-device '{"driver":"pci-bridge","chassis_nr":1,"id":"pci.1","bus":"pci.0","addr":"0x1"}' \
+-object '{"qom-type":"memory-backend-ram","id":"memvirtiomem0","reserve":false,"size":1073741824}' \
+-device '{"driver":"virtio-mem-pci","node":0,"block-size":2097152,"requested-size":536870912,"memdev":"memvirtiomem0","id":"virtiomem0","bus":"pci.0","addr":"0x2"}' \
+-object '{"qom-type":"memory-backend-file","id":"memvirtiomem1","mem-path":"/dev/hugepages2M/libvirt/qemu/-1-QEMUGuest1","reserve":false,"size":2147483648,"host-nodes":[1,2,3],"policy":"bind"}' \
+-device '{"driver":"virtio-mem-pci","node":0,"block-size":2097152,"requested-size":1073741824,"memdev":"memvirtiomem1","prealloc":true,"memaddr":5637144576,"dynamic-memslots":true,"id":"virtiomem1","bus":"pci.1","addr":"0x1"}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \
+-device '{"driver":"virtio-blk-ccw","devno":"fe.0.0000","drive":"libvirt-1-storage","id":"virtio-disk0","bootindex":1}' \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-device '{"driver":"virtio-balloon-ccw","id":"balloon0","devno":"fe.0.0001"}' \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+-msg timestamp=on
diff --git a/tests/qemuxmlconfdata/memory-hotplug-virtio-mem-pci-s390x.s390x-latest.xml b/tests/qemuxmlconfdata/memory-hotplug-virtio-mem-pci-s390x.s390x-latest.xml
new file mode 100644
index 0000000000..336c6e5aac
--- /dev/null
+++ b/tests/qemuxmlconfdata/memory-hotplug-virtio-mem-pci-s390x.s390x-latest.xml
@@ -0,0 +1,71 @@
+<domain type='kvm'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <maxMemory unit='KiB'>1099511627776</maxMemory>
+ <memory unit='KiB'>8388608</memory>
+ <currentMemory unit='KiB'>8388608</currentMemory>
+ <vcpu placement='static' cpuset='0-1'>2</vcpu>
+ <os>
+ <type arch='s390x' machine='s390-ccw-virtio'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <cpu mode='custom' match='exact' check='none'>
+ <model fallback='forbid'>gen16a-base</model>
+ <numa>
+ <cell id='0' cpus='0-1' memory='2095104' unit='KiB'/>
+ </numa>
+ </cpu>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-s390x</emulator>
+ <disk type='block' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source dev='/dev/HostVG/QEMUGuest1'/>
+ <target dev='hda' bus='virtio'/>
+ <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0000'/>
+ </disk>
+ <controller type='pci' index='0' model='pci-root'/>
+ <controller type='pci' index='1' model='pci-bridge'>
+ <model name='pci-bridge'/>
+ <target chassisNr='1'/>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'>
+ <zpci uid='0x0001' fid='0x00000000'/>
+ </address>
+ </controller>
+ <audio id='1' type='none'/>
+ <memballoon model='virtio'>
+ <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0001'/>
+ </memballoon>
+ <panic model='s390'/>
+ <memory model='virtio-mem'>
+ <target>
+ <size unit='KiB'>1048576</size>
+ <node>0</node>
+ <block unit='KiB'>2048</block>
+ <requested unit='KiB'>524288</requested>
+ </target>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'>
+ <zpci uid='0x0002' fid='0x00000001'/>
+ </address>
+ </memory>
+ <memory model='virtio-mem'>
+ <source>
+ <nodemask>1-3</nodemask>
+ <pagesize unit='KiB'>2048</pagesize>
+ </source>
+ <target dynamicMemslots='yes'>
+ <size unit='KiB'>2097152</size>
+ <node>0</node>
+ <block unit='KiB'>2048</block>
+ <requested unit='KiB'>1048576</requested>
+ <address base='0x150000000'/>
+ </target>
+ <address type='pci' domain='0x0000' bus='0x01' slot='0x01' function='0x0'>
+ <zpci uid='0x0003' fid='0x00000002'/>
+ </address>
+ </memory>
+ </devices>
+</domain>
diff --git a/tests/qemuxmlconfdata/memory-hotplug-virtio-mem-pci-s390x.xml b/tests/qemuxmlconfdata/memory-hotplug-virtio-mem-pci-s390x.xml
new file mode 100644
index 0000000000..747877042a
--- /dev/null
+++ b/tests/qemuxmlconfdata/memory-hotplug-virtio-mem-pci-s390x.xml
@@ -0,0 +1,59 @@
+<domain type='kvm'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <maxMemory unit='KiB'>1099511627776</maxMemory>
+ <memory unit='KiB'>8388608</memory>
+ <currentMemory unit='KiB'>8388608</currentMemory>
+ <vcpu placement='static' cpuset='0-1'>2</vcpu>
+ <os>
+ <type arch='s390x' machine='s390-ccw-virtio'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <cpu mode='custom' match='exact' check='none'>
+ <model fallback='forbid'>gen16a-base</model>
+ <numa>
+ <cell id='0' cpus='0-1' memory='2095104' unit='KiB'/>
+ </numa>
+ </cpu>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-s390x</emulator>
+ <disk type='block' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source dev='/dev/HostVG/QEMUGuest1'/>
+ <target dev='hda' bus='virtio'/>
+ <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0000'/>
+ </disk>
+ <controller type='pci' index='0' model='pci-root'/>
+ <audio id='1' type='none'/>
+ <memballoon model='virtio'>
+ <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0001'/>
+ </memballoon>
+ <memory model='virtio-mem'>
+ <target>
+ <size unit='KiB'>1048576</size>
+ <node>0</node>
+ <block unit='KiB'>2048</block>
+ <requested unit='KiB'>524288</requested>
+ </target>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
+ </memory>
+ <memory model='virtio-mem'>
+ <source>
+ <nodemask>1-3</nodemask>
+ <pagesize unit='KiB'>2048</pagesize>
+ </source>
+ <target dynamicMemslots='yes'>
+ <size unit='KiB'>2097152</size>
+ <node>0</node>
+ <block unit='KiB'>2048</block>
+ <requested unit='KiB'>1048576</requested>
+ <address base='0x150000000'/>
+ </target>
+ <address type='pci' domain='0x0000' bus='0x01' slot='0x01' function='0x0'/>
+ </memory>
+ </devices>
+</domain>
diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
index 00a7677ea7..14f159b833 100644
--- a/tests/qemuxmlconftest.c
+++ b/tests/qemuxmlconftest.c
@@ -2715,6 +2715,7 @@ mymain(void)
* virDomainMemoryDefCheckConflict() works for NVDIMMs which are special
* than other memory devices because of how they handle <labelsize/> */
DO_TEST_CAPS_LATEST("memory-hotplug-nvdimm-overlap");
+ DO_TEST_CAPS_ARCH_LATEST("memory-hotplug-virtio-mem-pci-s390x", "s390x");
DO_TEST_CAPS_ARCH_LATEST("machine-aeskeywrap-on-caps", "s390x");
DO_TEST_CAPS_ARCH_LATEST("machine-aeskeywrap-on-cap", "s390x");
--
2.49.0

534
SOURCES/libvirt-redhat-Restore-hunks-in-tests-qemucapabilitiesdata-caps_10.0.0_s390x.patch Normal file
View File

@ -0,0 +1,534 @@
From 0261587fd9afe1c83d7d2e2d0666c1613aece94e Mon Sep 17 00:00:00 2001
Message-ID: <0261587fd9afe1c83d7d2e2d0666c1613aece94e.1749039441.git.jdenemar@redhat.com>
From: Thomas Huth <thuth@redhat.com>
Date: Mon, 12 May 2025 14:48:12 +0200
Subject: [PATCH] redhat: Restore hunks in
tests/qemucapabilitiesdata/caps_10.0.0_s390x.*
These hunks were ommitted from the backport in commit dd7b0824364c
("tests: add capabilities for QEMU 10.0.0 on s390x"). Now that we've
backported the corresponding feature to RHEL 9, we have to restore the
hunks to make the tests working again.
JIRA: https://issues.redhat.com/browse/RHEL-89415
Upstream Status: RHEL-only
(Hunks taken from commit 652b2eeaa91ebde76b951593e4f77ec3)
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
.../caps_10.0.0_s390x.replies | 447 +++++++++++++++++-
.../caps_10.0.0_s390x.xml | 13 +
2 files changed, 458 insertions(+), 2 deletions(-)
diff --git a/tests/qemucapabilitiesdata/caps_10.0.0_s390x.replies b/tests/qemucapabilitiesdata/caps_10.0.0_s390x.replies
index 18f098153d..385c163441 100644
--- a/tests/qemucapabilitiesdata/caps_10.0.0_s390x.replies
+++ b/tests/qemucapabilitiesdata/caps_10.0.0_s390x.replies
@@ -32985,6 +32985,173 @@
"id": "libvirt-42"
}
+{
+ "execute": "query-cpu-model-expansion",
+ "arguments": {
+ "type": "full",
+ "model": {
+ "name": "host"
+ }
+ },
+ "id": "libvirt-43"
+}
+
+{
+ "return": {
+ "deprecated-props": [
+ "bpb",
+ "te",
+ "cte",
+ "csske"
+ ],
+ "model": {
+ "name": "gen16a-base",
+ "props": {
+ "pfmfi": false,
+ "exrl": true,
+ "stfle45": true,
+ "nnpa": true,
+ "cmma": false,
+ "dateh2": true,
+ "gen17ptff": false,
+ "aen": true,
+ "gen13ptff": true,
+ "dateh": true,
+ "ccf": false,
+ "cmmnt": true,
+ "iacc2": true,
+ "parseh": true,
+ "csst": true,
+ "idter": false,
+ "idtes": true,
+ "msa": true,
+ "vxpdeh": true,
+ "aefsi": true,
+ "diag318": true,
+ "hpma2": false,
+ "csst2": true,
+ "csske": true,
+ "mepoch": true,
+ "msa9": true,
+ "msa8": true,
+ "msa7": true,
+ "msa6": true,
+ "msa5": true,
+ "msa4": true,
+ "msa3": true,
+ "msa2": true,
+ "msa1": true,
+ "msa13_pckmo": false,
+ "msa11_pckmo": false,
+ "msa10_pckmo": false,
+ "sthyi": true,
+ "stckf": true,
+ "stfle": true,
+ "etf3": true,
+ "etf2": true,
+ "edat": true,
+ "hfpm": true,
+ "ri": true,
+ "minste4": false,
+ "deflate": true,
+ "msa13": false,
+ "msa12": false,
+ "msa11": false,
+ "msa10": false,
+ "edat2": true,
+ "hfpue": true,
+ "unpack": false,
+ "dfp": true,
+ "vxpdeh3": false,
+ "mvcos": true,
+ "etoken": true,
+ "sprogp": true,
+ "sigpif": false,
+ "ldisphp": true,
+ "vx": true,
+ "ipter": true,
+ "pai": true,
+ "emon": true,
+ "cei": false,
+ "cmpsceh": true,
+ "ginste": true,
+ "paie": true,
+ "dfppc": true,
+ "dfpzc": true,
+ "dfphp": true,
+ "stfle49": true,
+ "mepochptff": true,
+ "opc": true,
+ "ap": true,
+ "asnlxr": true,
+ "gpereh": false,
+ "sif": false,
+ "minste2": true,
+ "vxeh": true,
+ "vxpd": true,
+ "esop": true,
+ "ectg": true,
+ "ib": false,
+ "msa9_pckmo": true,
+ "siif": false,
+ "vxeh3": false,
+ "vxeh2": true,
+ "tsi": true,
+ "tpei": false,
+ "esan3": true,
+ "esort": true,
+ "fpe": true,
+ "ibs": false,
+ "zarch": true,
+ "appv": true,
+ "apqi": true,
+ "apft": true,
+ "stfle53": true,
+ "els": true,
+ "sief2": false,
+ "eimm": true,
+ "iep": true,
+ "irbm": false,
+ "srs": true,
+ "ineff_nc_tx": false,
+ "appvi": true,
+ "apqci": true,
+ "kss": false,
+ "cte": true,
+ "ais": true,
+ "fpseh": true,
+ "ltlbc": true,
+ "ldisp": true,
+ "bpb": true,
+ "64bscao": false,
+ "ctop": true,
+ "gs": true,
+ "sema": true,
+ "etf3eh": true,
+ "etf2eh": true,
+ "eec": true,
+ "ppa15": true,
+ "zpci": true,
+ "rdp": true,
+ "nonqks": true,
+ "sea_esop2": true,
+ "minste3": true,
+ "plo_ext": false,
+ "beareh": true,
+ "pfpo": true,
+ "te": true,
+ "cmm": true,
+ "tods": true,
+ "plo": true,
+ "gsls": false,
+ "skey": false,
+ "vxpdeh2": true
+ }
+ }
+ },
+ "id": "libvirt-43"
+}
+
{
"execute": "qmp_capabilities",
"id": "libvirt-1"
@@ -37433,10 +37600,286 @@
}
{
- "execute": "query-machines",
+ "execute": "query-cpu-model-expansion",
+ "arguments": {
+ "type": "full",
+ "model": {
+ "name": "max"
+ }
+ },
"id": "libvirt-4"
}
+{
+ "return": {
+ "deprecated-props": [
+ "bpb",
+ "te",
+ "cte",
+ "csske"
+ ],
+ "model": {
+ "name": "gen15a-base",
+ "props": {
+ "pfmfi": false,
+ "exrl": true,
+ "stfle45": true,
+ "kmctr-etdea-192": false,
+ "kmctr-etdea-128": false,
+ "nnpa": false,
+ "cmma": false,
+ "dateh2": false,
+ "gen17ptff": false,
+ "gen13ptff": false,
+ "aen": true,
+ "kmo-etdea-192": false,
+ "kmf-etdea-192": false,
+ "kmc-etdea-192": false,
+ "kmac-tdea-192": false,
+ "kimd-sha-512": true,
+ "dateh": true,
+ "km-aes-256": false,
+ "km-aes-192": false,
+ "kmctr-aes-256": false,
+ "ccf": false,
+ "kma-gcm-eaes-192": false,
+ "kmo-tdea-192": false,
+ "kmf-tdea-192": false,
+ "kmctr-tdea-192": false,
+ "kmctr-tdea-128": false,
+ "km-etdea-192": false,
+ "kmc-tdea-192": false,
+ "cmmnt": false,
+ "iacc2": true,
+ "parseh": false,
+ "klmd-sha-512": true,
+ "kma-gcm-eaes-128": false,
+ "csst": true,
+ "pcc-xts-aes-256": false,
+ "pcc-xts-aes-128": false,
+ "pckmo-aes-128": false,
+ "idter": false,
+ "idtes": true,
+ "prno-trng-qrtcr": false,
+ "pcc-cmac-eaes-128": false,
+ "vxpdeh": false,
+ "aefsi": true,
+ "pckmo-etdea-192": false,
+ "pckmo-etdea-128": false,
+ "diag318": false,
+ "pcc-cmac-eaes-256": false,
+ "msa-base": true,
+ "pcc-cmac-etdea-192": false,
+ "hpma2": false,
+ "kmctr-eaes-256": false,
+ "csske": false,
+ "csst2": true,
+ "mepoch": false,
+ "msa9": false,
+ "msa6": false,
+ "msa1": false,
+ "kmctr-aes-192": false,
+ "msa13_pckmo": false,
+ "msa11_pckmo": false,
+ "msa10_pckmo": false,
+ "pckmo-aes-256": false,
+ "sthyi": false,
+ "stckf": true,
+ "stfle": true,
+ "edat": false,
+ "etf3": true,
+ "etf2": true,
+ "hfpm": false,
+ "ri": false,
+ "minste4": false,
+ "pcc-xts-eaes-256": false,
+ "deflate": false,
+ "msa13": false,
+ "msa12": false,
+ "msa11": false,
+ "msa10": false,
+ "km-xts-eaes-256": false,
+ "km-xts-eaes-128": false,
+ "edat2": false,
+ "hfpue": false,
+ "kmo-aes-192": false,
+ "kmf-aes-192": false,
+ "km-eaes-192": false,
+ "kmc-aes-192": false,
+ "unpack": false,
+ "dfp": false,
+ "kmo-aes-128": false,
+ "kmf-aes-128": false,
+ "km-eaes-128": false,
+ "kmctr-dea": false,
+ "vxpdeh3": false,
+ "mvcos": true,
+ "etoken": false,
+ "pcc-cmac-tdea-192": false,
+ "km-dea": false,
+ "sprogp": true,
+ "sigpif": false,
+ "kmac-eaes-128": false,
+ "ldisphp": true,
+ "pckmo-aes-192": false,
+ "ipter": false,
+ "vx": true,
+ "pai": false,
+ "kimd-ghash": false,
+ "emon": false,
+ "kimd-sha-1": false,
+ "cei": false,
+ "cmpsceh": false,
+ "kmctr-eaes-192": false,
+ "kmctr-eaes-128": false,
+ "ginste": true,
+ "km-xts-aes-256": false,
+ "kmac-eaes-256": false,
+ "kmo-eaes-128": false,
+ "kmf-eaes-128": false,
+ "kmc-eaes-128": false,
+ "kmac-aes-128": false,
+ "paie": false,
+ "dfppc": false,
+ "dfpzc": false,
+ "dfphp": false,
+ "kmo-eaes-256": false,
+ "kmf-eaes-256": false,
+ "kmc-eaes-256": false,
+ "kmac-aes-256": false,
+ "kmac-etdea-192": false,
+ "kmac-etdea-128": false,
+ "kmo-dea": false,
+ "kmf-dea": false,
+ "km-edea": false,
+ "kmc-dea": false,
+ "stfle49": true,
+ "klmd-sha-1": false,
+ "mepochptff": false,
+ "opc": false,
+ "ap": false,
+ "asnlxr": false,
+ "gpereh": false,
+ "sif": false,
+ "minste2": true,
+ "pcc-cmac-dea": false,
+ "vxpd": false,
+ "vxeh": true,
+ "esop": true,
+ "ectg": true,
+ "ib": false,
+ "km-tdea-192": false,
+ "km-tdea-128": false,
+ "msa9_pckmo": false,
+ "siif": false,
+ "kma-gcm-aes-256": false,
+ "kma-gcm-aes-192": false,
+ "kma-gcm-aes-128": false,
+ "pcc-cmac-aes-256": false,
+ "vxeh3": false,
+ "tsi": false,
+ "vxeh2": true,
+ "tpei": false,
+ "esort": false,
+ "esan3": true,
+ "fpe": true,
+ "ibs": false,
+ "pcc-xts-eaes-128": false,
+ "kmac-eaes-192": false,
+ "zarch": true,
+ "kmo-edea": false,
+ "kmf-edea": false,
+ "kmc-edea": false,
+ "kmac-dea": false,
+ "appv": false,
+ "apqi": false,
+ "apft": false,
+ "stfle53": true,
+ "ppno-sha-512-drng": false,
+ "pcc-cmac-tdea-128": false,
+ "kmo-aes-256": false,
+ "kmf-aes-256": false,
+ "km-eaes-256": false,
+ "kmc-aes-256": false,
+ "els": false,
+ "sief2": false,
+ "eimm": true,
+ "pcc-cmac-etdea-128": false,
+ "iep": true,
+ "irbm": false,
+ "km-xts-aes-128": false,
+ "srs": true,
+ "appvi": false,
+ "ineff_nc_tx": false,
+ "apqci": false,
+ "kmo-tdea-128": false,
+ "kmf-tdea-128": false,
+ "km-etdea-128": false,
+ "kmc-tdea-128": false,
+ "kss": false,
+ "cte": false,
+ "kmac-edea": false,
+ "prno-trng": true,
+ "kma-gcm-eaes-256": false,
+ "ais": true,
+ "fpseh": true,
+ "ltlbc": true,
+ "ldisp": true,
+ "kmo-etdea-128": false,
+ "kmf-etdea-128": false,
+ "kmc-etdea-128": false,
+ "kmac-tdea-128": false,
+ "pcc-cmac-edea": false,
+ "bpb": false,
+ "kmctr-edea": false,
+ "64bscao": false,
+ "ctop": false,
+ "kmo-eaes-192": false,
+ "kmf-eaes-192": false,
+ "kmc-eaes-192": false,
+ "kmac-aes-192": false,
+ "gs": false,
+ "sema": false,
+ "etf3eh": true,
+ "etf2eh": true,
+ "eec": false,
+ "pcc-cmac-eaes-192": false,
+ "ppa15": false,
+ "kmc-prng": false,
+ "zpci": true,
+ "rdp": false,
+ "nonqks": false,
+ "sea_esop2": true,
+ "minste3": true,
+ "plo_ext": false,
+ "beareh": false,
+ "pfpo": false,
+ "te": false,
+ "msa8-base": true,
+ "msa4-base": true,
+ "msa3-base": true,
+ "msa5-base": true,
+ "pcc-cmac-aes-192": false,
+ "cmm": false,
+ "tods": false,
+ "pcc-cmac-aes-128": false,
+ "plo": true,
+ "pckmo-edea": false,
+ "gsls": false,
+ "kmctr-aes-128": false,
+ "skey": false,
+ "vxpdeh2": false
+ }
+ }
+ },
+ "id": "libvirt-4"
+}
+
+{
+ "execute": "query-machines",
+ "id": "libvirt-5"
+}
+
{
"return": [
{
@@ -37709,5 +38152,5 @@
"default-ram-id": "s390.ram"
}
],
- "id": "libvirt-4"
+ "id": "libvirt-5"
}
diff --git a/tests/qemucapabilitiesdata/caps_10.0.0_s390x.xml b/tests/qemucapabilitiesdata/caps_10.0.0_s390x.xml
index 82cabd13b2..1d7d415e5b 100644
--- a/tests/qemucapabilitiesdata/caps_10.0.0_s390x.xml
+++ b/tests/qemucapabilitiesdata/caps_10.0.0_s390x.xml
@@ -139,6 +139,7 @@
<flag name='chardev-reconnect-miliseconds'/>
<flag name='virtio-ccw.loadparm'/>
<flag name='netdev-stream-reconnect-miliseconds'/>
+ <flag name='query-cpu-model-expansion.deprecated-props'/>
<flag name='virtio-mem-ccw'/>
<version>9002050</version>
<microcodeVersion>39100285</microcodeVersion>
@@ -200,6 +201,12 @@
<property name='te' type='boolean' value='true'/>
<property name='cmm' type='boolean' value='true'/>
<property name='vxpdeh2' type='boolean' value='true'/>
+ <deprecatedFeatures>
+ <property name='bpb'/>
+ <property name='te'/>
+ <property name='cte'/>
+ <property name='csske'/>
+ </deprecatedFeatures>
</hostCPU>
<cpu type='kvm' name='z13' typename='z13-s390x-cpu' usable='yes'/>
<cpu type='kvm' name='z990.3' typename='z990.3-s390x-cpu' usable='yes'/>
@@ -398,6 +405,12 @@
<property name='msa3-base' type='boolean' value='true'/>
<property name='msa5-base' type='boolean' value='true'/>
<property name='tods' type='boolean' value='false'/>
+ <deprecatedFeatures>
+ <property name='bpb'/>
+ <property name='te'/>
+ <property name='cte'/>
+ <property name='csske'/>
+ </deprecatedFeatures>
</hostCPU>
<cpu type='tcg' name='z13' typename='z13-s390x-cpu' usable='no'>
<blocker name='ppno-sha-512-drng'/>
--
2.49.0

6
SOURCES/libvirt-remote-add-sysusers-file-to-create-libvirt-group.patch
View File

@ -1,5 +1,5 @@
From 4aa0ea0a693e06110333a8f851525d0e5a8fcfed Mon Sep 17 00:00:00 2001
Message-ID: <4aa0ea0a693e06110333a8f851525d0e5a8fcfed.1741351378.git.jdenemar@redhat.com>
From 44fc545f45e2e0077fbdc9d45bf8743d115fca35 Mon Sep 17 00:00:00 2001
Message-ID: <44fc545f45e2e0077fbdc9d45bf8743d115fca35.1741876175.git.jdenemar@redhat.com>
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Wed, 29 Jan 2025 15:37:46 +0000
Subject: [PATCH] remote: add sysusers file to create 'libvirt' group
@ -17,7 +17,7 @@ Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 18f0160994af80dfac2dcaf46097922e443b283b)
https://issues.redhat.com/browse/RHEL-81740
https://issues.redhat.com/browse/RHEL-81749
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
---

6
SOURCES/libvirt-rpc-remove-logind-support-for-virNetDaemon.patch
View File

@ -1,5 +1,5 @@
From 4c6d50cb9675f59c8ba2e5bc4fc424cb3b8f5527 Mon Sep 17 00:00:00 2001
Message-ID: <4c6d50cb9675f59c8ba2e5bc4fc424cb3b8f5527.1744361503.git.jdenemar@redhat.com>
From 3c4c4271c77ffe624cae83f3cfec15bf0196b774 Mon Sep 17 00:00:00 2001
Message-ID: <3c4c4271c77ffe624cae83f3cfec15bf0196b774.1742990721.git.jdenemar@redhat.com>
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Mon, 16 Dec 2024 16:37:52 +0000
Subject: [PATCH] rpc: remove logind support for virNetDaemon
@ -20,7 +20,7 @@ Fixes 37800af9a400385801da6d73654249fdb51a93d8
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 8575724aef4f48f3d66cb7beb4c61014992e31eb)
Resolves: https://issues.redhat.com/browse/RHEL-83076
Resolves: https://issues.redhat.com/browse/RHEL-83064
---
src/libxl/libxl_driver.c | 2 +-
src/lxc/lxc_driver.c | 2 +-

6
SOURCES/libvirt-src-convert-drivers-over-to-new-virInhibitor-APIs.patch
View File

@ -1,5 +1,5 @@
From fd7a63d7b6be85cb60b7157de52d28f5c76bdf42 Mon Sep 17 00:00:00 2001
Message-ID: <fd7a63d7b6be85cb60b7157de52d28f5c76bdf42.1744361503.git.jdenemar@redhat.com>
From 079d7a5d0a1dd198f96749d415295d8340476902 Mon Sep 17 00:00:00 2001
Message-ID: <079d7a5d0a1dd198f96749d415295d8340476902.1742990721.git.jdenemar@redhat.com>
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Mon, 16 Dec 2024 16:28:48 +0000
Subject: [PATCH] src: convert drivers over to new virInhibitor APIs
@ -24,7 +24,7 @@ state struct.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 48f0b6dfa12563f0006d2de4b0f85599e20f9449)
Resolves: https://issues.redhat.com/browse/RHEL-83076
Resolves: https://issues.redhat.com/browse/RHEL-83064
---
src/libxl/libxl_conf.h | 9 +++----
src/libxl/libxl_domain.c | 6 ++---

167
SOURCES/libvirt-src-introduce-raw-and-rawset-ACPI-table-types.patch Normal file
View File

@ -0,0 +1,167 @@
From 27c5b0f2d04b700ef763ae1299143bca638c6d91 Mon Sep 17 00:00:00 2001
Message-ID: <27c5b0f2d04b700ef763ae1299143bca638c6d91.1742990721.git.jdenemar@redhat.com>
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Wed, 26 Feb 2025 18:39:18 +0000
Subject: [PATCH] src: introduce 'raw' and 'rawset' ACPI table types
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The QEMU driver has only accepted type=slic even though QEMU is able to
accept individual tables of any type, without needing to specify a
signature. Introduce type=raw to address this usage scenario. Contrary
to other types, this one may appear multiple times.
The Xen driver has mistakenly accepted type=slic and use it to set the
Xen acpi_firmware setting, which performs a simple passthrough of
multiple concatenated data table. Introduce type=rawset to address
this usage scenario.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 513ef8f028e8b0acbad2c38b8db6507bd96484cc)
Resolves: https://issues.redhat.com/browse/RHEL-81041
---
docs/formatdomain.rst | 19 ++++++++++++++++---
src/conf/domain_conf.c | 5 ++++-
src/conf/domain_conf.h | 2 ++
src/conf/schemas/domaincommon.rng | 6 +++++-
src/libxl/libxl_domain.c | 7 +++++++
src/qemu/qemu_command.c | 2 ++
src/qemu/qemu_validate.c | 7 +++++++
7 files changed, 43 insertions(+), 5 deletions(-)
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index c077c09a39..b6e162235c 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -484,9 +484,22 @@ These options apply to any form of booting of the guest OS.
...
``acpi``
- The ``table`` element contains a fully-qualified path to the ACPI table. The
- ``type`` attribute contains the ACPI table type (currently only ``slic`` is
- supported) :since:`Since 1.3.5 (QEMU)` :since:`Since 5.9.0 (Xen)`
+ The ``table`` element contains a fully-qualified path to the ACPI table,
+ with the ``type`` attribute dictating what data must be present in the
+ file:
+
+ * ``raw``: a single ACPI table with header and data, with ACPI
+ signature auto-detected from header (:since:`Since 11.2.0`).
+ * ``rawset``: concatenation of multiple ACPI tables with header
+ and data, each with any ACPI signature, auto-detected from header
+ (:since:`Since 11.2.0`).
+ * ``slic``: a single ACPI table with header and data, providing
+ software licensing information. The ACPI table signature in the
+ header will be forced to ``SLIC`` (:since:`Since 1.3.5 (QEMU)`,
+ mis-interpreted as ``rawset`` :since:`Since 5.9.0 (Xen)`).
+
+ Each type may be used only once, except for ``raw`` which can
+ appear multiple times.
SMBIOS System Information
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index b0628da279..2ee0403c86 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -1458,6 +1458,8 @@ VIR_ENUM_IMPL(virDomainOsDefFirmwareFeature,
VIR_ENUM_IMPL(virDomainOsACPITable,
VIR_DOMAIN_OS_ACPI_TABLE_TYPE_LAST,
+ "raw",
+ "rawset",
"slic",
);
@@ -17891,7 +17893,8 @@ virDomainDefParseBootAcpiOptions(virDomainDef *def,
goto error;
for (j = 0; j < i; j++) {
- if (tables[j]->type == type) {
+ if (tables[j]->type == type &&
+ type != VIR_DOMAIN_OS_ACPI_TABLE_TYPE_RAW) {
virReportError(VIR_ERR_XML_ERROR,
_("ACPI table type '%1$s' may only appear once"),
virDomainOsACPITableTypeToString(type));
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index f52b80caec..bc3f42888e 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2463,6 +2463,8 @@ typedef enum {
VIR_ENUM_DECL(virDomainOsDefFirmwareFeature);
typedef enum {
+ VIR_DOMAIN_OS_ACPI_TABLE_TYPE_RAW,
+ VIR_DOMAIN_OS_ACPI_TABLE_TYPE_RAWSET,
VIR_DOMAIN_OS_ACPI_TABLE_TYPE_SLIC,
VIR_DOMAIN_OS_ACPI_TABLE_TYPE_LAST
diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng
index d433e95d8b..99bcc90d4f 100644
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@@ -7188,7 +7188,11 @@
<zeroOrMore>
<element name="table">
<attribute name="type">
- <value>slic</value>
+ <choice>
+ <value>raw</value>
+ <value>rawset</value>
+ <value>slic</value>
+ </choice>
</attribute>
<ref name="absFilePath"/>
</element>
diff --git a/src/libxl/libxl_domain.c b/src/libxl/libxl_domain.c
index efd01840de..e564d9e5fe 100644
--- a/src/libxl/libxl_domain.c
+++ b/src/libxl/libxl_domain.c
@@ -336,6 +336,13 @@ libxlDomainDefValidate(const virDomainDef *def,
case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_SLIC:
break;
+ case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_RAW:
+ case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_RAWSET:
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("ACPI table type '%1$s' is not supported"),
+ virDomainOsACPITableTypeToString(def->os.acpiTables[i]->type));
+ return -1;
+
default:
case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_LAST:
virReportEnumRangeError(virDomainOsACPITable,
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 756dd2168b..94fb7fc4c2 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -130,6 +130,8 @@ VIR_ENUM_IMPL(qemuNumaPolicy,
VIR_ENUM_DECL(qemuACPITableSIG);
VIR_ENUM_IMPL(qemuACPITableSIG,
VIR_DOMAIN_OS_ACPI_TABLE_TYPE_LAST,
+ "", /* raw */
+ "", /* rawset */
"SLIC");
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index e500a5d314..8ef0257d73 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -732,6 +732,13 @@ qemuValidateDomainDefBoot(const virDomainDef *def,
case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_SLIC:
break;
+ case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_RAW:
+ case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_RAWSET:
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("ACPI table type '%1$s' is not supported"),
+ virDomainOsACPITableTypeToString(def->os.acpiTables[i]->type));
+ return -1;
+
default:
case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_LAST:
virReportEnumRangeError(virDomainOsACPITable,
--
2.49.0

94
SOURCES/libvirt-src-validate-permitted-ACPI-table-types-in-libxl-qemu-drivers.patch Normal file
View File

@ -0,0 +1,94 @@
From 39e946bdfdd15667379debea04d91fac43bde541 Mon Sep 17 00:00:00 2001
Message-ID: <39e946bdfdd15667379debea04d91fac43bde541.1742990721.git.jdenemar@redhat.com>
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Mon, 17 Feb 2025 16:39:29 +0000
Subject: [PATCH] src: validate permitted ACPI table types in libxl/qemu
drivers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This forces us to update the drivers when defining new table types
to avoid incorrectly accepting them by default.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 3d94587655696509f34492f75c2a31a7a93eb2f9)
Resolves: https://issues.redhat.com/browse/RHEL-81041
---
src/libxl/libxl_domain.c | 19 +++++++++++++++++++
src/qemu/qemu_validate.c | 15 +++++++++++++++
2 files changed, 34 insertions(+)
diff --git a/src/libxl/libxl_domain.c b/src/libxl/libxl_domain.c
index 6805160923..efd01840de 100644
--- a/src/libxl/libxl_domain.c
+++ b/src/libxl/libxl_domain.c
@@ -306,6 +306,7 @@ libxlDomainDefValidate(const virDomainDef *def,
libxlDriverPrivate *driver = opaque;
g_autoptr(libxlDriverConfig) cfg = libxlDriverConfigGet(driver);
bool reqSecureBoot = false;
+ size_t i;
if (!virCapabilitiesDomainSupported(cfg->caps, def->os.type,
def->os.arch,
@@ -330,6 +331,24 @@ libxlDomainDefValidate(const virDomainDef *def,
return -1;
}
+ for (i = 0; i < def->os.nacpiTables; i++) {
+ switch (def->os.acpiTables[i]->type) {
+ case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_SLIC:
+ break;
+
+ default:
+ case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_LAST:
+ virReportEnumRangeError(virDomainOsACPITable,
+ def->os.acpiTables[i]->type);
+ return -1;
+ }
+ }
+ if (def->os.nacpiTables > 1) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Only a single ACPI table is supported"));
+ return -1;
+ }
+
if (def->nsounds > 0) {
virDomainSoundDef *snd = def->sounds[0];
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index 289a3f94cc..e500a5d314 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -686,6 +686,8 @@ static int
qemuValidateDomainDefBoot(const virDomainDef *def,
virQEMUCaps *qemuCaps)
{
+ size_t i;
+
if (def->os.bootloader || def->os.bootloaderArgs) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("bootloader is not supported by QEMU"));
@@ -725,6 +727,19 @@ qemuValidateDomainDefBoot(const virDomainDef *def,
return -1;
}
+ for (i = 0; i < def->os.nacpiTables; i++) {
+ switch (def->os.acpiTables[i]->type) {
+ case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_SLIC:
+ break;
+
+ default:
+ case VIR_DOMAIN_OS_ACPI_TABLE_TYPE_LAST:
+ virReportEnumRangeError(virDomainOsACPITable,
+ def->os.acpiTables[i]->type);
+ return -1;
+ }
+ }
+
return 0;
}
--
2.49.0

42185
SOURCES/libvirt-tests-add-capabilities-for-QEMU-10.0.0-on-s390x.patch Normal file
View File

File diff suppressed because it is too large Load Diff

107
SOURCES/libvirt-tools-Secure-guest-check-for-Intel-in-virt-host-validate.patch Normal file
View File

@ -0,0 +1,107 @@
From c0c1b6b0c424c5c9e030e688d8c9dc20e9aa0ea4 Mon Sep 17 00:00:00 2001
Message-ID: <c0c1b6b0c424c5c9e030e688d8c9dc20e9aa0ea4.1759835599.git.jdenemar@redhat.com>
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date: Thu, 10 Jul 2025 03:21:03 -0400
Subject: [PATCH] tools: Secure guest check for Intel in virt-host-validate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Add check in virt-host-validate for secure guest support
on x86 for Intel Trust Domain Extentions.
Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
(cherry picked from commit 908bb55724837e66778e6a2c264c9e92b51d7eb6)
Resolves: https://issues.redhat.com/browse/RHEL-111840
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
tools/virt-host-validate-common.c | 31 ++++++++++++++++++++++++++++++-
tools/virt-host-validate-common.h | 1 +
2 files changed, 31 insertions(+), 1 deletion(-)
diff --git a/tools/virt-host-validate-common.c b/tools/virt-host-validate-common.c
index 63cc3dbe7b..59f6ac3319 100644
--- a/tools/virt-host-validate-common.c
+++ b/tools/virt-host-validate-common.c
@@ -44,7 +44,8 @@ VIR_ENUM_IMPL(virHostValidateCPUFlag,
"svm",
"sie",
"158",
- "sev");
+ "sev",
+ "tdx_host_platform");
int virHostValidateDeviceExists(const char *hvname,
@@ -434,12 +435,36 @@ virHostValidateAMDSev(const char *hvname,
}
+static int virHostValidateIntelTDX(virValidateLevel level)
+{
+ g_autofree char *mod_value = NULL;
+
+ if (virFileReadValueString(&mod_value, "/sys/module/kvm_intel/parameters/tdx") < 0) {
+ virValidateFail(level, "Intel Trust Domain Extentions not "
+ "supported by the currently used kernel");
+ return VIR_VALIDATE_FAILURE(level);
+ }
+
+ if (mod_value[0] != 'Y') {
+ virValidateFail(level,
+ "Intel Trust Domain Extentions appears to be "
+ "disabled in kernel. Add kvm_intel.tdx=Y "
+ "to the kernel cmdline arguments");
+ return VIR_VALIDATE_FAILURE(level);
+ }
+
+ virValidatePass();
+ return 1;
+}
+
+
int virHostValidateSecureGuests(const char *hvname,
virValidateLevel level)
{
g_autoptr(virBitmap) flags = NULL;
bool hasFac158 = false;
bool hasAMDSev = false;
+ bool hasIntelTDX = false;
virArch arch = virArchFromHost();
g_autofree char *cmdline = NULL;
static const char *kIBMValues[] = {"y", "Y", "on", "ON", "oN", "On", "1"};
@@ -450,6 +475,8 @@ int virHostValidateSecureGuests(const char *hvname,
hasFac158 = true;
else if (flags && virBitmapIsBitSet(flags, VIR_HOST_VALIDATE_CPU_FLAG_SEV))
hasAMDSev = true;
+ else if (flags && virBitmapIsBitSet(flags, VIR_HOST_VALIDATE_CPU_FLAG_TDX))
+ hasIntelTDX = true;
virValidateCheck(hvname, "%s", _("Checking for secure guest support"));
if (ARCH_IS_S390(arch)) {
@@ -485,6 +512,8 @@ int virHostValidateSecureGuests(const char *hvname,
}
} else if (hasAMDSev) {
return virHostValidateAMDSev(hvname, level);
+ } else if (hasIntelTDX) {
+ return virHostValidateIntelTDX(level);
}
virValidateFail(level,
diff --git a/tools/virt-host-validate-common.h b/tools/virt-host-validate-common.h
index 7fb3545fe3..c81d203933 100644
--- a/tools/virt-host-validate-common.h
+++ b/tools/virt-host-validate-common.h
@@ -32,6 +32,7 @@ typedef enum {
VIR_HOST_VALIDATE_CPU_FLAG_SIE,
VIR_HOST_VALIDATE_CPU_FLAG_FACILITY_158,
VIR_HOST_VALIDATE_CPU_FLAG_SEV,
+ VIR_HOST_VALIDATE_CPU_FLAG_TDX,
VIR_HOST_VALIDATE_CPU_FLAG_LAST,
} virHostValidateCPUFlag;
--
2.51.0

6
SOURCES/libvirt-util-don-t-attempt-to-acquire-logind-inhibitor-if-not-requested.patch
View File

@ -1,5 +1,5 @@
From 05aa05e3b17000b2a886dddb2abdb183bd6d4295 Mon Sep 17 00:00:00 2001
Message-ID: <05aa05e3b17000b2a886dddb2abdb183bd6d4295.1744361503.git.jdenemar@redhat.com>
From ceeaa000473ddb72db453f7e38943b961ca16c22 Mon Sep 17 00:00:00 2001
Message-ID: <ceeaa000473ddb72db453f7e38943b961ca16c22.1742990721.git.jdenemar@redhat.com>
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Wed, 8 Jan 2025 17:37:03 +0000
Subject: [PATCH] util: don't attempt to acquire logind inhibitor if not
@ -20,7 +20,7 @@ resulting in errors being logged.
Reviewed-by: Laine Stump <laine@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit caa10431cdd1aa476637ff721f1947c4e0b53da1)
Resolves: https://issues.redhat.com/browse/RHEL-83076
Resolves: https://issues.redhat.com/browse/RHEL-83064
---
src/util/virinhibitor.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)

6
SOURCES/libvirt-util-fix-off-by-1-in-inhibitor-constants.patch
View File

@ -1,5 +1,5 @@
From 10b60d5a7910c243249e296306c7dc9e87e79f71 Mon Sep 17 00:00:00 2001
Message-ID: <10b60d5a7910c243249e296306c7dc9e87e79f71.1744361503.git.jdenemar@redhat.com>
From 593bba2d87b7e2bcfedd544d7d48eba936b7a212 Mon Sep 17 00:00:00 2001
Message-ID: <593bba2d87b7e2bcfedd544d7d48eba936b7a212.1742990721.git.jdenemar@redhat.com>
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Tue, 7 Jan 2025 15:21:18 +0000
Subject: [PATCH] util: fix off-by-1 in inhibitor constants
@ -12,7 +12,7 @@ string format, we picked the wrong names
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit fc3a60d9d7b29283a0b2d57bb06d15fb597a5003)
Resolves: https://issues.redhat.com/browse/RHEL-83076
Resolves: https://issues.redhat.com/browse/RHEL-83064
---
src/util/virinhibitor.h | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)

6
SOURCES/libvirt-util-introduce-object-for-holding-a-system-inhibitor-lock.patch
View File

@ -1,5 +1,5 @@
From 9f2c4a2117eec85d5146e7dedd628585bb55df01 Mon Sep 17 00:00:00 2001
Message-ID: <9f2c4a2117eec85d5146e7dedd628585bb55df01.1744361502.git.jdenemar@redhat.com>
From 4c1429d270836f0e6ab04b052f1184d72d21193c Mon Sep 17 00:00:00 2001
Message-ID: <4c1429d270836f0e6ab04b052f1184d72d21193c.1742990721.git.jdenemar@redhat.com>
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Mon, 16 Dec 2024 15:19:34 +0000
Subject: [PATCH] util: introduce object for holding a system inhibitor lock
@ -34,7 +34,7 @@ The new virInhibitor object addresses these:
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit d2e5aa4f4e1501149c9e3095d38ebc04c9a4ba31)
Resolves: https://issues.redhat.com/browse/RHEL-83076
Resolves: https://issues.redhat.com/browse/RHEL-83064
---
po/POTFILES | 1 +
src/libvirt_private.syms | 7 ++

47
SOURCES/libvirt-virNodeGetInfo-Improve-description-of-the-case-when-fake-data-is-reported.patch Normal file
View File

@ -0,0 +1,47 @@
From 26445297c5b24bd539ec52525b748f86e82dcc52 Mon Sep 17 00:00:00 2001
Message-ID: <26445297c5b24bd539ec52525b748f86e82dcc52.1744876587.git.jdenemar@redhat.com>
From: Peter Krempa <pkrempa@redhat.com>
Date: Mon, 7 Apr 2025 14:33:01 +0200
Subject: [PATCH] virNodeGetInfo: Improve description of the case when fake
data is reported
virNodeGetInfo due to the rigid desing of the filled struct can't
faithfully represent all topologies. Improve the description when that
happens and outline the fallback topology.
The function docs already state that users ought to use
virConnectGetCapabilities() instead.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 6654cf472c7a8c3e0294012b7c249fc427207759)
https://issues.redhat.com/browse/RHEL-86197
---
src/libvirt-host.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/src/libvirt-host.c b/src/libvirt-host.c
index 318a664d24..b9c717be11 100644
--- a/src/libvirt-host.c
+++ b/src/libvirt-host.c
@@ -414,10 +414,13 @@ virConnectGetMaxVcpus(virConnectPtr conn,
* speed that the first CPU in the machine is currently running at. This speed
* may vary across CPUs and changes continually as the host OS throttles.
*
- * The nodes/sockets/cores/threads data is potentially inaccurate as
- * it assumes a symmetric installation. If one NUMA node has more
- * sockets populated that another NUMA node this information will be
- * wrong. It is also not able to report about CPU dies.
+ * The virNodeInfo structure is not extensible thus only supports global
+ * nodes/sockets/cores/threads (sockets/cores/threads is per NUMA node)
+ * topology information. If the host CPU has any further groupings (e.g.
+ * dies, clusters, etc) or the NUMA topology is non-symmetrical the structure
+ * can't faithfully represent the system. In such cases a fake topology
+ * (nodes = 1, sockets = 1, cores = number of host cpus, threads = 1) which
+ * only correctly represents the total host CPU count is reported.
*
* Applications are recommended to use the virConnectGetCapabilities()
* call instead, which provides all the information except CPU frequency,
--
2.49.0

12
SOURCES/libvirt-virsh-Add-support-for-VIR_DOMAIN_GUEST_INFO_LOAD.patch
View File

@ -1,5 +1,5 @@
From f2b3e5bf2ae55e028125e545a1fe9565e2bc86f9 Mon Sep 17 00:00:00 2001
Message-ID: <f2b3e5bf2ae55e028125e545a1fe9565e2bc86f9.1745925135.git.jdenemar@redhat.com>
From 4452c8f1b0a9e953615d15d02ada49c1834c72d5 Mon Sep 17 00:00:00 2001
Message-ID: <4452c8f1b0a9e953615d15d02ada49c1834c72d5.1747908717.git.jdenemar@redhat.com>
From: Martin Kletzander <mkletzan@redhat.com>
Date: Tue, 25 Feb 2025 15:22:35 +0100
Subject: [PATCH] virsh: Add support for VIR_DOMAIN_GUEST_INFO_LOAD
@ -9,7 +9,7 @@ Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
(cherry picked from commit 71e75ce09203aa2489803426ae368d1693ee925b)
https://issues.redhat.com/browse/RHEL-88449
https://issues.redhat.com/browse/RHEL-88447
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
---
@ -18,10 +18,10 @@ Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
index 2e525d3fac..77798af7d3 100644
index aea920b7a7..2bb1313a48 100644
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
@@ -2912,7 +2912,7 @@ Success is always reported in this case.
@@ -2927,7 +2927,7 @@ Success is always reported in this case.
You can limit the types of information that are returned by specifying one or
more flags. Available information types flags are *--user*, *--os*,
@ -30,7 +30,7 @@ index 2e525d3fac..77798af7d3 100644
If an explicitly requested information type is not supported by the guest agent
at that point, the processes will provide an exit code of 1.
@@ -2991,6 +2991,12 @@ returned:
@@ -3006,6 +3006,12 @@ returned:
* ``if.<num>.addr.<num1>.addr`` - the IP address of addr <num1>
* ``if.<num>.addr.<num1>.prefix`` - the prefix of IP address of addr <num1>

160
SOURCES/libvirt-virsh-Introduce-new-hypervisor-cpu-models-command.patch Normal file
View File

@ -0,0 +1,160 @@
From 1d5f1c125cbe567b5586ff661e6b030f7f7f4151 Mon Sep 17 00:00:00 2001
Message-ID: <1d5f1c125cbe567b5586ff661e6b030f7f7f4151.1747908718.git.jdenemar@redhat.com>
From: David Judkovics <djudkovi(a)linux.ibm.com>
Date: Thu, 20 Mar 2025 01:28:24 -0400
Subject: [PATCH] virsh: Introduce new hypervisor-cpu-models command
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Add new virsh command 'hypervisor-cpu-models'. Command pulls from the
existing domcapabilities XML and uses xpath to parse CPU model strings.
By default, only models reported as usable by the hypervisor on the
host system are printed. User may specify "--all" to also print
models which are not supported on the host.
Signed-off-by: David Judkovics <djudkovi@linux.ibm.com>
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Signed-off-by: Collin Walling <walling@linux.ibm.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 65eeaf12d0780d20fcd7b76479d892c50f56a78c)
https://issues.redhat.com/browse/RHEL-11435
Signed-off-by: Boris Fiuczynski <bfiuczyn@redhat.com>
---
docs/manpages/virsh.rst | 25 ++++++++++++++
tools/virsh-host.c | 75 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 100 insertions(+)
diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
index 2bb1313a48..4d86caecd6 100644
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
@@ -1032,6 +1032,31 @@ listed in the XML description. If *--migratable* is specified, features that
block migration will not be included in the resulting CPU.
+hypervisor-cpu-models
+---------------------
+
+**Syntax:**
+
+::
+
+ hypervisor-cpu-models [--virttype virttype] [--emulator emulator]
+ [--arch arch] [--machine machine] [--all]
+
+Print the list of CPU models known by the hypervisor for the specified architecture.
+It is not guaranteed that a listed CPU will run on the host. To determine CPU
+model compatibility with the host, see ``virsh hypervisor-cpu-baseline`` and
+``virsh hypervisor-cpu-compare``.
+
+The *virttype* option specifies the virtualization type (usable in the 'type'
+attribute of the <domain> top level element from the domain XML). *emulator*
+specifies the path to the emulator, *arch* specifies the CPU architecture, and
+*machine* specifies the machine type.
+
+By default, only the models that are claimed to be "usable" by the hypervisor
+on the host are reported. The option *--all* will report every CPU model known
+to the hypervisor, including ones that are not supported on the hypervisor (e.g.
+newer generation models).
+
DOMAIN COMMANDS
===============
diff --git a/tools/virsh-host.c b/tools/virsh-host.c
index 2fe64e415f..eac782f2d4 100644
--- a/tools/virsh-host.c
+++ b/tools/virsh-host.c
@@ -1751,6 +1751,75 @@ cmdHypervisorCPUBaseline(vshControl *ctl,
}
+/*
+ * "hypervisor-cpu-models" command
+ */
+static const vshCmdInfo info_hypervisor_cpu_models = {
+ .help = N_("Hypervisor reported CPU models"),
+ .desc = N_("Get the CPU models reported by the hypervisor."),
+};
+
+static const vshCmdOptDef opts_hypervisor_cpu_models[] = {
+ {.name = "virttype",
+ .type = VSH_OT_STRING,
+ .completer = virshDomainVirtTypeCompleter,
+ .help = N_("virtualization type (/domain/@type)"),
+ },
+ {.name = "emulator",
+ .type = VSH_OT_STRING,
+ .help = N_("path to emulator binary (/domain/devices/emulator)"),
+ },
+ {.name = "arch",
+ .type = VSH_OT_STRING,
+ .completer = virshArchCompleter,
+ .help = N_("CPU architecture (/domain/os/type/@arch)"),
+ },
+ {.name = "machine",
+ .type = VSH_OT_STRING,
+ .help = N_("machine type (/domain/os/type/@machine)"),
+ },
+ {.name = "all",
+ .type = VSH_OT_BOOL,
+ .help = N_("include all CPU models known to the hypervisor for the architecture")
+ },
+ {.name = NULL}
+};
+
+static bool
+cmdHypervisorCPUModelNames(vshControl *ctl,
+ const vshCmd *cmd)
+{
+ g_autofree char *caps_xml = NULL;
+ const char *virttype = NULL;
+ const char *emulator = NULL;
+ const char *arch = NULL;
+ const char *machine = NULL;
+ const char *xpath = NULL;
+ virshControl *priv = ctl->privData;
+
+ if (vshCommandOptString(ctl, cmd, "virttype", &virttype) < 0 ||
+ vshCommandOptString(ctl, cmd, "emulator", &emulator) < 0 ||
+ vshCommandOptString(ctl, cmd, "arch", &arch) < 0 ||
+ vshCommandOptString(ctl, cmd, "machine", &machine) < 0)
+ return false;
+
+ if (vshCommandOptBool(cmd, "all"))
+ xpath = "//cpu//model[@usable]/text()";
+ else
+ xpath = "//cpu//model[@usable='yes']/text()";
+
+ caps_xml = virConnectGetDomainCapabilities(priv->conn, emulator, arch,
+ machine, virttype, 0);
+
+ if (!caps_xml) {
+ vshError(ctl, "%s", _("failed to get hypervisor CPU model names"));
+ return false;
+ }
+
+ return virshDumpXML(ctl, caps_xml, "domcapabilities", xpath, false);
+}
+
+
const vshCmdDef hostAndHypervisorCmds[] = {
{.name = "allocpages",
.handler = cmdAllocpages,
@@ -1818,6 +1887,12 @@ const vshCmdDef hostAndHypervisorCmds[] = {
.info = &info_hypervisor_cpu_compare,
.flags = 0
},
+ {.name = "hypervisor-cpu-models",
+ .handler = cmdHypervisorCPUModelNames,
+ .opts = opts_hypervisor_cpu_models,
+ .info = &info_hypervisor_cpu_models,
+ .flags = 0
+ },
{.name = "maxvcpus",
.handler = cmdMaxvcpus,
.opts = opts_maxvcpus,
--
2.49.0

14
SOURCES/libvirt-virsh-add-disable-deprecated-features-flag-to-domcapabilities.patch
View File

@ -1,5 +1,5 @@
From 4294a300d6284c0678b165596bee433eac1a4da1 Mon Sep 17 00:00:00 2001
Message-ID: <4294a300d6284c0678b165596bee433eac1a4da1.1749027246.git.jdenemar@redhat.com>
From 4983d6caf2064c48003a5d092c2d30a1132080ac Mon Sep 17 00:00:00 2001
Message-ID: <4983d6caf2064c48003a5d092c2d30a1132080ac.1749039441.git.jdenemar@redhat.com>
From: Collin Walling <walling@linux.ibm.com>
Date: Mon, 16 Dec 2024 18:03:57 -0500
Subject: [PATCH] virsh: add --disable-deprecated-features flag to
@ -14,7 +14,7 @@ virsh domcapabilities --disable-deprecated-features
Signed-off-by: Collin Walling <walling@linux.ibm.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit 15d45964e453e04f1761e527266af45554f58fcc)
JIRA: https://issues.redhat.com/browse/RHEL-89977
JIRA: https://issues.redhat.com/browse/RHEL-89415
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
docs/manpages/virsh.rst | 6 ++++++
@ -22,10 +22,10 @@ Signed-off-by: Thomas Huth <thuth@redhat.com>
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
index 77798af7d3..d3acec7f01 100644
index 4d86caecd6..b75e00beb6 100644
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
@@ -568,6 +568,7 @@ domcapabilities
@@ -583,6 +583,7 @@ domcapabilities
domcapabilities [virttype] [emulatorbin] [arch] [machine]
[--xpath EXPRESSION] [--wrap]
@ -33,7 +33,7 @@ index 77798af7d3..d3acec7f01 100644
Print an XML document describing the domain capabilities for the
@@ -609,6 +610,11 @@ a standalone document, however, for ease of additional processing,
@@ -624,6 +625,11 @@ a standalone document, however, for ease of additional processing,
the **--wrap** argument will cause the matching node to be wrapped
in a common root node.
@ -46,7 +46,7 @@ index 77798af7d3..d3acec7f01 100644
pool-capabilities
-----------------
diff --git a/tools/virsh-host.c b/tools/virsh-host.c
index 2fe64e415f..f4e7324f42 100644
index eac782f2d4..9a2b689620 100644
--- a/tools/virsh-host.c
+++ b/tools/virsh-host.c
@@ -114,6 +114,10 @@ static const vshCmdOptDef opts_domcapabilities[] = {

270
SPECS/libvirt.spec
View File

@ -293,7 +293,7 @@
Summary: Library providing a simple virtualization API
Name: libvirt
Version: 10.10.0
Release: 7.7%{?dist}%{?extra_release}.alma.1
Release: 15.1%{?dist}%{?extra_release}.alma.1
License: GPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND OFL-1.1
URL: https://libvirt.org/
@ -385,37 +385,98 @@ Patch81: libvirt-docs-improve-type-user-docs-to-higlight-differences-between-SLI
Patch82: libvirt-docs-document-using-passt-backend-with-interface-type-vhostuser.patch
Patch83: libvirt-utils-Canonicalize-paths-before-comparing-them.patch
Patch84: libvirt-remote-add-sysusers-file-to-create-libvirt-group.patch
Patch85: libvirt-util-introduce-object-for-holding-a-system-inhibitor-lock.patch
Patch86: libvirt-src-convert-drivers-over-to-new-virInhibitor-APIs.patch
Patch87: libvirt-rpc-remove-logind-support-for-virNetDaemon.patch
Patch88: libvirt-util-fix-off-by-1-in-inhibitor-constants.patch
Patch89: libvirt-util-don-t-attempt-to-acquire-logind-inhibitor-if-not-requested.patch
Patch90: libvirt-network-Free-inhibitor-in-networkStateCleanup.patch
Patch91: libvirt-conf-parse-interface-source-dev-for-all-interface-types-with-backend-type-passt.patch
Patch92: libvirt-qemu-remove-nonsensical-sanity-check-in-processNetdevStreamDisconnectedEvent.patch
Patch93: libvirt-qemu-make-processNetDevStreamDisconnectedEvent-reusable.patch
Patch94: libvirt-qemu-respond-to-NETDEV_VHOST_USER_DISCONNECTED-event.patch
Patch95: libvirt-qemu-put-vhost-user-code-that-s-special-for-passt-in-a-helper-function.patch
Patch96: libvirt-qemu-make-passt-vhostuser-reconnect-behave-identically-to-passt-user.patch
Patch97: libvirt-Add-load-average-information-type-into-virDomainGetGuestInfo.patch
Patch98: libvirt-qemu_agent-Add-qemuAgentGetLoadAvg.patch
Patch99: libvirt-qemu-Add-support-for-VIR_DOMAIN_GUEST_INFO_LOAD.patch
Patch100: libvirt-virsh-Add-support-for-VIR_DOMAIN_GUEST_INFO_LOAD.patch
Patch101: libvirt-qemuMonitorJSONGetCPUModelExpansion-refactor-parsing-functions.patch
Patch102: libvirt-qemu-parse-deprecated-props-from-query-cpu-model-expansion-response.patch
Patch103: libvirt-qemu_capabilities-query-deprecated-features-for-host-model.patch
Patch104: libvirt-libvirt-domain-introduce-VIR_CONNECT_GET_DOMAIN_CAPABILITIES_DISABLE_DEPRECATED_FEATURES.patch
Patch105: libvirt-qemu_capabilities-filter-deprecated-features-if-requested.patch
Patch106: libvirt-virsh-add-disable-deprecated-features-flag-to-domcapabilities.patch
Patch107: libvirt-conf-add-deprecated_features-attribute.patch
Patch108: libvirt-qemuPrepareNVRAMFile-Fix-NVRAM-image-conversion-check.patch
Patch109: libvirt-esx-Allow-specifying-different-CA-bundle-for-remote-connections.patch
Patch110: libvirt-qemu-fix-order-of-VNC-TLS-config-entries.patch
Patch111: libvirt-qemu-sanitize-blank-lines-in-config-file.patch
Patch112: libvirt-qemu-add-ability-to-set-TLS-priority-string-with-QEMU.patch
Patch113: libvirt-qemuxmlconftest-Include-shared-memory-net-vhostuser-test-cases.patch
Patch114: libvirt-qemuValidateDomainDeviceDefNetwork-Require-shared-memory-for-all-vhost-user-interfaces.patch
Patch115: libvirt-qemu-process-Remove-un-updated-qemuProcessStartWarnShmem.patch
Patch85: libvirt-qemu-Avoid-crash-in-qemuDomainCheckCPU-with-unknown-host-CPU.patch
Patch86: libvirt-qemu_snapshot-allow-reverting-to-external-disk-only-snapshot.patch
Patch87: libvirt-qemu-snapshot-error-out-early-when-reverting-snapshot-for-VM-with-non-file-disk.patch
Patch88: libvirt-util-introduce-object-for-holding-a-system-inhibitor-lock.patch
Patch89: libvirt-src-convert-drivers-over-to-new-virInhibitor-APIs.patch
Patch90: libvirt-rpc-remove-logind-support-for-virNetDaemon.patch
Patch91: libvirt-util-fix-off-by-1-in-inhibitor-constants.patch
Patch92: libvirt-util-don-t-attempt-to-acquire-logind-inhibitor-if-not-requested.patch
Patch93: libvirt-network-Free-inhibitor-in-networkStateCleanup.patch
Patch94: libvirt-conf-introduce-support-for-multiple-ACPI-tables.patch
Patch95: libvirt-src-validate-permitted-ACPI-table-types-in-libxl-qemu-drivers.patch
Patch96: libvirt-src-introduce-raw-and-rawset-ACPI-table-types.patch
Patch97: libvirt-qemu-support-raw-ACPI-table-type.patch
Patch98: libvirt-libxl-support-rawset-ACPI-table-type.patch
Patch99: libvirt-conf-support-MSDM-ACPI-table-type.patch
Patch100: libvirt-qemu-support-MSDM-ACPI-table-type.patch
Patch101: libvirt-qemuxmlconftest-Include-shared-memory-net-vhostuser-test-cases.patch
Patch102: libvirt-qemuValidateDomainDeviceDefNetwork-Require-shared-memory-for-all-vhost-user-interfaces.patch
Patch103: libvirt-qemu-process-Remove-un-updated-qemuProcessStartWarnShmem.patch
Patch104: libvirt-esxConnectListAllDomains-Don-t-propagate-failure-to-lookup-a-single-domain.patch
Patch105: libvirt-conf-parse-interface-source-dev-for-all-interface-types-with-backend-type-passt.patch
Patch106: libvirt-libvirt-host-Clarify-fix-description-of-the-CPU-frequency-field.patch
Patch107: libvirt-virNodeGetInfo-Improve-description-of-the-case-when-fake-data-is-reported.patch
Patch108: libvirt-manpages-virsh-Use-disclaimer-from-virNodeGetInfo-for-virsh-nodeinfo.patch
Patch109: libvirt-esx-Accept-empty-path-URI-component-same-way-as.patch
Patch110: libvirt-qemu-Rename-outgoingMigration-parameter-in-various-TPM-functions.patch
Patch111: libvirt-qemu-Properly-propagate-migration-state-to-TPM-cleanup-code.patch
Patch112: libvirt-qemuDomainBlockCopyCommon-Don-t-revoke-access-to-file-twice-on-failure.patch
Patch113: libvirt-qemuxmlconftest-Drop-s390-default-cpu-.ccw-virtio-2.7-test-cases.patch
Patch114: libvirt-tests-add-capabilities-for-QEMU-10.0.0-on-s390x.patch
Patch115: libvirt-qemu-Do-NOT-autoadd-NUMA-node-for-s390.patch
Patch116: libvirt-qemu_command-Use-qemuBuildVirtioDevProps-to-build-cmd-line-for-virtio-mem-and-virtio-pmem.patch
Patch117: libvirt-qemuxmlconftest-Introduce-memory-hotplug-virtio-mem-pci-s390x.xml.patch
Patch118: libvirt-qemu_caps-Introduce-QEMU_CAPS_DEVICE_VIRTIO_MEM_CCW.patch
Patch119: libvirt-qemu-Validate-virtio-mem-ccw.patch
Patch120: libvirt-qemu-Allow-virtio-mem-on-CCW.patch
Patch121: libvirt-qemuxmlconftest-Introduce-memory-hotplug-virtio-mem-ccw-s390x.xml.patch
Patch122: libvirt-qemu_domain_address-fix-CCW-virtio-mem-hotplug.patch
Patch123: libvirt-Add-load-average-information-type-into-virDomainGetGuestInfo.patch
Patch124: libvirt-qemu_agent-Add-qemuAgentGetLoadAvg.patch
Patch125: libvirt-qemu-Add-support-for-VIR_DOMAIN_GUEST_INFO_LOAD.patch
Patch126: libvirt-virsh-Add-support-for-VIR_DOMAIN_GUEST_INFO_LOAD.patch
Patch127: libvirt-qemu_capabilities-Fetch-caps-for-virtio-mem-ccw-too.patch
Patch128: libvirt-cpu_map-Add-avx10-CPU-features.patch
Patch129: libvirt-cpu_map-Add-GraniteRapids-v2-CPU-model.patch
Patch130: libvirt-cpu_map-Add-sha512-sm3-and-sm4-CPU-features.patch
Patch131: libvirt-virsh-Introduce-new-hypervisor-cpu-models-command.patch
Patch132: libvirt-qemu-remove-nonsensical-sanity-check-in-processNetdevStreamDisconnectedEvent.patch
Patch133: libvirt-qemu-make-processNetDevStreamDisconnectedEvent-reusable.patch
Patch134: libvirt-qemu-respond-to-NETDEV_VHOST_USER_DISCONNECTED-event.patch
Patch135: libvirt-qemu-put-vhost-user-code-that-s-special-for-passt-in-a-helper-function.patch
Patch136: libvirt-qemu-make-passt-vhostuser-reconnect-behave-identically-to-passt-user.patch
Patch137: libvirt-qemuMonitorJSONGetCPUModelExpansion-refactor-parsing-functions.patch
Patch138: libvirt-qemu-parse-deprecated-props-from-query-cpu-model-expansion-response.patch
Patch139: libvirt-qemu_capabilities-query-deprecated-features-for-host-model.patch
Patch140: libvirt-libvirt-domain-introduce-VIR_CONNECT_GET_DOMAIN_CAPABILITIES_DISABLE_DEPRECATED_FEATURES.patch
Patch141: libvirt-qemu_capabilities-filter-deprecated-features-if-requested.patch
Patch142: libvirt-virsh-add-disable-deprecated-features-flag-to-domcapabilities.patch
Patch143: libvirt-conf-add-deprecated_features-attribute.patch
Patch144: libvirt-redhat-Restore-hunks-in-tests-qemucapabilitiesdata-caps_10.0.0_s390x.patch
Patch145: libvirt-qemuPrepareNVRAMFile-Fix-NVRAM-image-conversion-check.patch
Patch146: libvirt-qemu-introduce-QEMU_CAPS_AMD_IOMMU.patch
Patch147: libvirt-qemu-introduce-QEMU_CAPS_PCI_ID.patch
Patch148: libvirt-docs-formatdomain-document-intel-only-IOMMU-attributes.patch
Patch149: libvirt-qemu-add-IOMMU-model-amd.patch
Patch150: libvirt-conf-add-passthrough-and-xtsup-attributes-for-IOMMU.patch
Patch151: libvirt-esx-Allow-specifying-different-CA-bundle-for-remote-connections.patch
Patch152: libvirt-qemu-fix-order-of-VNC-TLS-config-entries.patch
Patch153: libvirt-qemu-sanitize-blank-lines-in-config-file.patch
Patch154: libvirt-qemu-add-ability-to-set-TLS-priority-string-with-QEMU.patch
Patch155: libvirt-tools-Secure-guest-check-for-Intel-in-virt-host-validate.patch
Patch156: libvirt-qemu-Check-if-INTEL-Trust-Domain-Extention-support-is-enabled.patch
Patch157: libvirt-qemucapabilitiesdata-Document-inteltdx-variant.patch
Patch158: libvirt-qemucapabilitiestest-Add-data-for-the-qemu-10.1.0-dev-cycle-on-x86_64-for-the-inteltdx-variant.patch
Patch159: libvirt-qemu-Add-QEMU_CAPS_TDX_GUEST-capability.patch
Patch160: libvirt-conf-Expose-TDX-feature-in-domain-capabilities.patch
Patch161: libvirt-conf-Add-tdx-as-launch-security-type.patch
Patch162: libvirt-conf-Validate-TDX-launchSecurity-element-mrConfigId-mrOwner-mrOwnerConfig.patch
Patch163: libvirt-qemu-Add-command-line-and-validation-for-TDX-type.patch
Patch164: libvirt-conf-Expose-TDX-type-in-domain-launch-security-capability.patch
Patch165: libvirt-qemu-Force-special-parameters-enabled-for-TDX-guest.patch
Patch166: libvirt-qemu-log-the-crash-information-for-TDX.patch
Patch167: libvirt-qemu_firmware-Pick-the-right-firmware-for-TDX-guests.patch
Patch168: libvirt-conf-Add-Intel-TDX-Quote-Generation-Service-QGS-support.patch
Patch169: libvirt-qemu-Add-command-line-for-TDX-Quote-Generation-Service-QGS.patch
Patch170: libvirt-qemu-Add-FakeReboot-support-for-TDX-guest.patch
Patch171: libvirt-qemu-Support-reboot-command-in-guest.patch
Patch172: libvirt-qemu-Avoid-duplicate-FakeReboot-for-secure-guest.patch
Patch173: libvirt-qemu-Send-event-VIR_DOMAIN_EVENT_-STOPPED-STARTED-during-recreation.patch
Patch174: libvirt-qemu-Support-domain-reset-command-for-TDX-guest.patch
Patch175: libvirt-qemuxmlconftest-Add-latest-version-of-launch-security-tdx-test-data.patch
Patch176: libvirt-docs-domain-Add-documentation-for-Intel-TDX-guest.patch
Requires: libvirt-daemon = %{version}-%{release}
@ -2741,54 +2802,119 @@ exit 0
%endif
%changelog
* Wed Sep 17 2025 Eduard Abdullin <eabdullin@almalinux.org> - 10.10.0-7.7.alma.1
* Thu Nov 27 2025 Eduard Abdullin <eabdullin@almalinux.org> - 10.10.0-15.1.alma.1
- Enable building for ppc64le
* Tue Aug 5 2025 Jiri Denemark <jdenemar@redhat.com> - 10.10.0-7.7.el9_6
- qemu: fix order of VNC TLS config entries (RHEL-106277)
- qemu: sanitize blank lines in config file (RHEL-106277)
- qemu: add ability to set TLS priority string with QEMU (RHEL-106277)
- qemuxmlconftest: Include shared memory 'net-vhostuser' test cases (RHEL-106504)
- qemuValidateDomainDeviceDefNetwork: Require shared memory for all vhost-user interfaces (RHEL-106504)
- qemu: process: Remove un-updated 'qemuProcessStartWarnShmem' (RHEL-106504)
* Tue Oct 7 2025 Jiri Denemark <jdenemar@redhat.com> - 10.10.0-15.1.el9_7
- tools: Secure guest check for Intel in virt-host-validate (RHEL-111840)
- qemu: Check if INTEL Trust Domain Extention support is enabled (RHEL-111840)
- qemucapabilitiesdata: Document '+inteltdx' variant (RHEL-111840)
- qemucapabilitiestest: Add data for the qemu-10.1.0 dev cycle on x86_64 for the '+inteltdx' variant (RHEL-111840)
- qemu: Add QEMU_CAPS_TDX_GUEST capability (RHEL-111840)
- conf: Expose TDX feature in domain capabilities (RHEL-111840)
- conf: Add tdx as launch security type (RHEL-111840)
- conf: Validate TDX launchSecurity element mrConfigId/mrOwner/mrOwnerConfig (RHEL-111840)
- qemu: Add command line and validation for TDX type (RHEL-111840)
- conf: Expose TDX type in domain launch security capability (RHEL-111840)
- qemu: Force special parameters enabled for TDX guest (RHEL-111840)
- qemu: log the crash information for TDX (RHEL-111840)
- qemu_firmware: Pick the right firmware for TDX guests (RHEL-111840)
- conf: Add Intel TDX Quote Generation Service(QGS) support (RHEL-111840)
- qemu: Add command line for TDX Quote Generation Service(QGS) (RHEL-111840)
- qemu: Add FakeReboot support for TDX guest (RHEL-111840)
- qemu: Support reboot command in guest (RHEL-111840)
- qemu: Avoid duplicate FakeReboot for secure guest (RHEL-111840)
- qemu: Send event VIR_DOMAIN_EVENT_[STOPPED|STARTED] during recreation (RHEL-111840)
- qemu: Support domain reset command for TDX guest (RHEL-111840)
- qemuxmlconftest: Add latest version of 'launch-security-tdx*' test data (RHEL-111840)
- docs: domain: Add documentation for Intel TDX guest (RHEL-111840)
* Fri Jul 18 2025 Jiri Denemark <jdenemar@redhat.com> - 10.10.0-7.6.el9_6
- esx: Allow specifying different CA bundle for remote connections (RHEL-98292)
* Mon Aug 18 2025 Jiri Denemark <jdenemar@redhat.com> - 10.10.0-15
- qemu: fix order of VNC TLS config entries (RHEL-106276)
- qemu: sanitize blank lines in config file (RHEL-106276)
- qemu: add ability to set TLS priority string with QEMU (RHEL-106276)
* Wed Jun 25 2025 Jiri Denemark <jdenemar@redhat.com> - 10.10.0-7.5.el9_6
- qemuPrepareNVRAMFile: Fix NVRAM image conversion check (RHEL-97757)
* Thu Jul 17 2025 Jiri Denemark <jdenemar@redhat.com> - 10.10.0-14
- qemu: introduce QEMU_CAPS_AMD_IOMMU (RHEL-50560)
- qemu: introduce QEMU_CAPS_PCI_ID (RHEL-50560)
- docs: formatdomain: document intel-only IOMMU attributes (RHEL-50560)
- qemu: add IOMMU model amd (RHEL-50560)
- conf: add passthrough and xtsup attributes for IOMMU (RHEL-50560)
- esx: Allow specifying different CA bundle for remote connections (RHEL-97440)
* Wed Jun 4 2025 Jiri Denemark <jdenemar@redhat.com> - 10.10.0-7.4.el9_6
- qemuMonitorJSONGetCPUModelExpansion: refactor parsing functions (RHEL-89977)
- qemu: parse deprecated-props from query-cpu-model-expansion response (RHEL-89977)
- qemu_capabilities: query deprecated features for host-model (RHEL-89977)
- libvirt-domain: introduce VIR_CONNECT_GET_DOMAIN_CAPABILITIES_DISABLE_DEPRECATED_FEATURES (RHEL-89977)
- qemu_capabilities: filter deprecated features if requested (RHEL-89977)
- virsh: add --disable-deprecated-features flag to domcapabilities (RHEL-89977)
- conf: add deprecated_features attribute (RHEL-89977)
* Wed Jun 18 2025 Jiri Denemark <jdenemar@redhat.com> - 10.10.0-13
- qemuPrepareNVRAMFile: Fix NVRAM image conversion check (RHEL-97758)
* Tue Apr 29 2025 Jiri Denemark <jdenemar@redhat.com> - 10.10.0-7.3.el9_6
- Add load average information type into virDomainGetGuestInfo (RHEL-88449)
- qemu_agent: Add qemuAgentGetLoadAvg() (RHEL-88449)
- qemu: Add support for VIR_DOMAIN_GUEST_INFO_LOAD (RHEL-88449)
- virsh: Add support for VIR_DOMAIN_GUEST_INFO_LOAD (RHEL-88449)
* Wed Jun 4 2025 Jiri Denemark <jdenemar@redhat.com> - 10.10.0-12
- qemuMonitorJSONGetCPUModelExpansion: refactor parsing functions (RHEL-89415)
- qemu: parse deprecated-props from query-cpu-model-expansion response (RHEL-89415)
- qemu_capabilities: query deprecated features for host-model (RHEL-89415)
- libvirt-domain: introduce VIR_CONNECT_GET_DOMAIN_CAPABILITIES_DISABLE_DEPRECATED_FEATURES (RHEL-89415)
- qemu_capabilities: filter deprecated features if requested (RHEL-89415)
- virsh: add --disable-deprecated-features flag to domcapabilities (RHEL-89415)
- conf: add deprecated_features attribute (RHEL-89415)
- redhat: Restore hunks in tests/qemucapabilitiesdata/caps_10.0.0_s390x.* (RHEL-89415)
* Fri Apr 11 2025 Jiri Denemark <jdenemar@redhat.com> - 10.10.0-7.2.el9_6
- util: introduce object for holding a system inhibitor lock (RHEL-83076)
- src: convert drivers over to new virInhibitor APIs (RHEL-83076)
- rpc: remove logind support for virNetDaemon (RHEL-83076)
- util: fix off-by-1 in inhibitor constants (RHEL-83076)
- util: don't attempt to acquire logind inhibitor if not requested (RHEL-83076)
- network: Free inhibitor in networkStateCleanup() (RHEL-83076)
- conf: parse interface/source/@dev for all interface types (with backend type='passt') (RHEL-84689)
- qemu: remove nonsensical sanity check in processNetdevStreamDisconnectedEvent() (RHEL-84782)
- qemu: make processNetDevStreamDisconnectedEvent() reusable (RHEL-84782)
- qemu: respond to NETDEV_VHOST_USER_DISCONNECTED event (RHEL-84782)
- qemu: put vhost-user code that's special for passt in a helper function (RHEL-84782)
- qemu: make passt+vhostuser reconnect behave identically to passt+user (RHEL-84782)
* Thu May 22 2025 Jiri Denemark <jdenemar@redhat.com> - 10.10.0-11
- Add load average information type into virDomainGetGuestInfo (RHEL-88447)
- qemu_agent: Add qemuAgentGetLoadAvg() (RHEL-88447)
- qemu: Add support for VIR_DOMAIN_GUEST_INFO_LOAD (RHEL-88447)
- virsh: Add support for VIR_DOMAIN_GUEST_INFO_LOAD (RHEL-88447)
- qemu_capabilities: Fetch caps for virtio-mem-ccw too (RHEL-87532)
- cpu_map: Add avx10* CPU features (RHEL-87796)
- cpu_map: Add GraniteRapids-v2 CPU model (RHEL-87796)
- cpu_map: Add sha512, sm3, and sm4 CPU features (RHEL-87796)
- virsh: Introduce new hypervisor-cpu-models command (RHEL-11435)
- qemu: remove nonsensical sanity check in processNetdevStreamDisconnectedEvent() (RHEL-80169)
- qemu: make processNetDevStreamDisconnectedEvent() reusable (RHEL-80169)
- qemu: respond to NETDEV_VHOST_USER_DISCONNECTED event (RHEL-80169)
- qemu: put vhost-user code that's special for passt in a helper function (RHEL-80169)
- qemu: make passt+vhostuser reconnect behave identically to passt+user (RHEL-80169)
* Fri Mar 7 2025 Jiri Denemark <jdenemar@redhat.com> - 10.10.0-7.1.el9_6
- remote: add sysusers file to create 'libvirt' group (RHEL-81740)
* Thu Apr 17 2025 Jiri Denemark <jdenemar@redhat.com> - 10.10.0-10
- esxConnectListAllDomains: Don't propagate failure to lookup a single domain (RHEL-80606)
- conf: parse interface/source/@dev for all interface types (with backend type='passt') (RHEL-82539)
- libvirt-host: Clarify/fix description of the CPU frequency field (RHEL-86197)
- virNodeGetInfo: Improve description of the case when fake data is reported (RHEL-86197)
- manpages: virsh: Use disclaimer from 'virNodeGetInfo()' for 'virsh nodeinfo' (RHEL-86197)
- esx: Accept empty "path" URI component same way as "/" (RHEL-86459)
- qemu: Rename outgoingMigration parameter in various TPM functions (RHEL-86800)
- qemu: Properly propagate migration state to TPM cleanup code (RHEL-86800)
- qemuDomainBlockCopyCommon: Don't revoke access to file twice on failure (RHEL-7357)
- qemuxmlconftest: Drop s390-default-cpu-...ccw-virtio-2.7 test cases (RHEL-72976)
- tests: add capabilities for QEMU 10.0.0 on s390x (RHEL-72976)
- qemu: Do NOT autoadd NUMA node for s390 (RHEL-72976)
- qemu_command: Use qemuBuildVirtioDevProps() to build cmd line for virtio-mem and virtio-pmem (RHEL-72976)
- qemuxmlconftest: Introduce memory-hotplug-virtio-mem-pci-s390x.xml (RHEL-72976)
- qemu_caps: Introduce QEMU_CAPS_DEVICE_VIRTIO_MEM_CCW (RHEL-72976)
- qemu: Validate virtio-mem-ccw (RHEL-72976)
- qemu: Allow virtio-mem on CCW (RHEL-72976)
- qemuxmlconftest: Introduce memory-hotplug-virtio-mem-ccw-s390x.xml (RHEL-72976)
- qemu_domain_address: fix CCW virtio-mem hotplug (RHEL-72976)
* Wed Mar 26 2025 Jiri Denemark <jdenemar@redhat.com> - 10.10.0-9
- util: introduce object for holding a system inhibitor lock (RHEL-83064)
- src: convert drivers over to new virInhibitor APIs (RHEL-83064)
- rpc: remove logind support for virNetDaemon (RHEL-83064)
- util: fix off-by-1 in inhibitor constants (RHEL-83064)
- util: don't attempt to acquire logind inhibitor if not requested (RHEL-83064)
- network: Free inhibitor in networkStateCleanup() (RHEL-83064)
- conf: introduce support for multiple ACPI tables (RHEL-81041)
- src: validate permitted ACPI table types in libxl/qemu drivers (RHEL-81041)
- src: introduce 'raw' and 'rawset' ACPI table types (RHEL-81041)
- qemu: support 'raw' ACPI table type (RHEL-81041)
- libxl: support 'rawset' ACPI table type (RHEL-81041)
- conf: support MSDM ACPI table type (RHEL-81041)
- qemu: support MSDM ACPI table type (RHEL-81041)
- qemuxmlconftest: Include shared memory 'net-vhostuser' test cases (RHEL-84133)
- qemuValidateDomainDeviceDefNetwork: Require shared memory for all vhost-user interfaces (RHEL-84133)
- qemu: process: Remove un-updated 'qemuProcessStartWarnShmem' (RHEL-84133)
* Thu Mar 13 2025 Jiri Denemark <jdenemar@redhat.com> - 10.10.0-8
- remote: add sysusers file to create 'libvirt' group (RHEL-81749)
- qemu: Avoid crash in qemuDomainCheckCPU with unknown host CPU (RHEL-81747)
- qemu_snapshot: allow reverting to external disk only snapshot (RHEL-21549)
- qemu: snapshot: error out early when reverting snapshot for VM with non-file disk (RHEL-30971)
* Mon Feb 17 2025 Jiri Denemark <jdenemar@redhat.com> - 10.10.0-7
- qemu_migration: Refactor qemuMigrationSrcRestoreDomainState (RHEL-79168)