Peter Krempa [Wed, 20 Jul 2022 18:08:37 +0000 (20:08 +0200)]
qemu: Refactor access to 'qomName' field of the qemu disk private data
The code which fills 'qomName' does so only when the blockdev capability
is enabled so we don't have to check it separately as it can be only
non-NULL when blockdev is used.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Fri, 15 Jul 2022 14:58:34 +0000 (16:58 +0200)]
qemu: capabilities: Unconditionally set QEMU_CAPS_BLOCKDEV/QEMU_CAPS_BLOCKDEV_HOSTDEV_SCSI
The cleanup of the code to always assume support for QEMU_CAPS_BLOCKDEV
will not be simple, so for now we hardcode the support and the code will
be cleaned up gradually.
We also disallow users to clear the flags via the namespace property or
qemu.conf configuration.
The change to the PPC64 test data originates from the fact that the
capability dump is not from the release version but is lacking one of
the necessary flags to enable -blockdev.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
The 'change-backing-file' command was added in qemu-2.1 and doesn't have
any dependencies. We use it as witness for using blockjobs with relative
backing paths. Always assume it's supported.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 22 Jun 2022 13:23:36 +0000 (15:23 +0200)]
qemu: Formally deprecate support for qemu < 4.2
Per [1] the Debian 10 reaches EOL in August of 2022. This allows us to
bump the minimum supported qemu version to qemu-4.2 which will also
allow us to do significant cleanups.
This commit bumps the minimum qemu verison and updates the corresponding
docs.
[1]: https://wiki.debian.org/DebianReleases
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 22 Jun 2022 12:23:57 +0000 (14:23 +0200)]
qemuxml2argvtest: Remove 'qemu-4.0' versions of 'cpu-host-model-cmt' and 'cpu-tsc-frequency'
Minimum qemu version is going to be bumped to qemu-4.2. Upgrading the
version of these tests doesn't make sense as the host cpu in the real
capabilities doesn't support the features the tests are attempting to
test.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 21 Jun 2022 14:31:30 +0000 (16:31 +0200)]
qemuxml2argvtest: Remove 'qemu-3.1' versions of virtio-(non-)transitional tests
Starting from qemu-4.0 a new device model name is used instead of the
'disable_*' props. Since we are going to bump to qemu-4.2 as minimum
this test can be removed.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 21 Jun 2022 13:53:01 +0000 (15:53 +0200)]
tests: qemuxml2argv: Remove pre-blockdev versions of disk-related tests
Upcoming patches will bump minimum supported qemu version to 4.2 which
will use '-blockdev' with qemu so we can drop all the old test cases for
pre-blockdev configs.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 21 Jun 2022 13:45:11 +0000 (15:45 +0200)]
qemuxml2(argv|xml)test: Remove 'qemu-4.1' variant of 'x86-kvm-32-on-64'
Upcoming patches will bump minimum qemu version to 4.2. In this case we
the 'latest' case is sufficient as with qemu-4.2 we already behave as
upstream ('qemu64' cpu is used instead of 'qemu32').
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Fri, 22 Jul 2022 10:26:51 +0000 (12:26 +0200)]
ci: Drop Debian 10
Debian 10 reaches EOL in August of 2022.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Fri, 22 Jul 2022 10:24:32 +0000 (12:24 +0200)]
ci: Move active Debian-10 jobs to Debian-11
Debian 10 will reach EOL in august of 2022 and thus libvirt will no
longer target it. Move CI jobs over to Debian-11.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 10 Aug 2022 13:39:57 +0000 (15:39 +0200)]
qemuDomainObjWait: Report error when VM is being destroyed
Since we started handling the monitor EOF event inside a job any code
which uses virDomainObjWait would no longer properly abort in case when
the VM crashed during the wait.
This is because virDomainObjWait uses virDomainObjIsActive which checks
'vm->def->id' to see if the VM is still active. Unfortunately the domain
id is cleared in qemuProcessStop which is run only inside the job.
To fix this we can use the 'beingDestroyed' flag stored in the VM
private data which is set to true around the time when the condition is
signalled.
Reported-by: Pavel Hrdina <phrdina@redhat.com> Fixes: 8c9ff9960b29d4703a99efdd1cadcf6f48799cc0 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
ending up in the generated HTML. In order to avoid that,
set the prefix and other installation paths to reasonable
default values by passing
-Dsystem=true
and then take advantage of $DESTDIR support to still be able
to write the HTML files without requiring root privileges.
Reported-by: Martin Kletzander <mkletzan@redhat.com> Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Peter Krempa [Wed, 10 Aug 2022 13:35:54 +0000 (15:35 +0200)]
qemu: Replace virDomainObjWait with qemuDomainObjWait
The qemu code will need to check other qemu-private conditions when
reporting success for waiting. Thus we must replace all use of it with a
qemu-specific helper. For now the helper forwards directly to
virDomainObjWait.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
It would be nice to be able to test the mediated device capabilities
without having physical hardware which supports it. The 'mtty' kernel
module presents a virtual parent device which is capable of creating
'fake' mediated devices, and as such it would be useful for testing.
However, the 'mtty' device is not part of an existing device subsystem
(e.g. PCI, etc), so libvirt ignores it and it does not get added to the
node device list. And because it does not get added to the node device
list, it cannot be used to create child mdevs using `virsh
nodedev-create`.
There is already a node device type capability
VIR_NODE_DEV_CAP_MDEV_TYPES that indicates whether a device supports
creating child mediated devices, but libvirt assumes that this is a
nested capability (in other words, it assumes that the primary
capability of a device is something like PCI). If we allow this
MDEV_TYPES capability to be a primary device capability, then we can
support virtual devices like 'mtty' as a parent for mediated devices.
See https://bugzilla.redhat.com/show_bug.cgi?id=2107031
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Wed, 10 Aug 2022 09:42:37 +0000 (11:42 +0200)]
tests: Mock virQEMUCapsProbeHVF()
Successfully returning without doing anything is what the
function already does on non-Apple platforms.
When building on macOS, however, the check for HVF availability
will be performed. When running on bare metal, that will result
in the QEMU_CAPS_HVF flag being added to the virQEMUCaps
instance, and a bunch of error messages along the lines of
In 'tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml':
Offset 7557
Expect [c]
Actual [hvf'/>
<flag name=‘c]
showing up.
Up until now we hadn't noticed because our CI jobs run in VMs,
where HVF support is not available.
Reported-by: Christophe de Dinechin <dinechin@redhat.com> Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Christophe de Dinechin <dinechin@redhat.com> Tested-by: Christophe de Dinechin <dinechin@redhat.com>
Andrea Bolognani [Wed, 10 Aug 2022 09:38:31 +0000 (11:38 +0200)]
qemu: Make virQEMUCapsProbeHVF() non-static
We need to do this so that we can mock it in the test suite.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Christophe de Dinechin <dinechin@redhat.com> Tested-by: Christophe de Dinechin <dinechin@redhat.com>
This doesn't change anything at the moment, but is necessary
for the upcoming fix.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Christophe de Dinechin <dinechin@redhat.com> Tested-by: Christophe de Dinechin <dinechin@redhat.com>
hypervisor: domain_job: add JobData private callbacks into virDomainJobObj
We need this callback structure for qemu driver only, but it
makes more sense to include it in the virDomainJobObj in case of
other future additions than as a parameter of a beginJob
functions.
Signed-off-by: Kristina Hanicova <khanicov@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com> Signed-off-by: Ján Tomko <jtomko@redhat.com>
This patch adds a new variable maxQueuedJobs into the job object
as it is the last hypervisor-based part of the begin job. Since
this patch, it will not be necessary to propagate driver
structure into the job functions.
Signed-off-by: Kristina Hanicova <khanicov@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com> Signed-off-by: Ján Tomko <jtomko@redhat.com>
bridge_driver: Enable virMacMap iff dnsmasq is started
The virMacMap module is used only for libvirt_guests NSS module
as it records list of MAC addresses used by certain guest. But
the module itself is usable if and only if the network assigns IP
addresses (i.e. has dnsmasq running). If it's some other
authority that assigns IP addresses then we do not need the
virMacMap module at all.
For instance, a network with no <forward/> type and no DHCP set
won't create /var/lib/libvirt/dnsmasq/ dir which is what the
module expects to exist. But there's no need for the module to
even care about such network.
Resolves: https://gitlab.com/libvirt/libvirt/-/issues/348 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
bridge_driver: Introduce a helper for virNetworkObjSetMacMap()
Currently, whenever virNetworkObjSetMacMap() is called the same
pattern is used:
1) call virMacMapFileName() to generate a filename,
2) pass this filename to virMacMapNew(), and finally
3) pass retval from previous step to virNetworkObjSetMacMap().
Move this code into a helper (networkSetMacMap()) and replace
both pattern occurrences with its call.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
virNetworkObjSetMacMap: take double pointer of @macmap
The virNetworkObjSetMacMap() API effectively steals passed
@macmap argument. However, the argument is a plain, first order
pointer. This requires every caller to set the argument to NULL
after the function was called. Let's make the function take
double pointer instead to make it obvious that the argument is
consumed.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Let's annotate virMacMap variables in bridge_driver.c with
g_autoptr() so that they are automatically freed upon error. This
may look like a needless commit, since there's no memory leak
currently, but it simplifies the next commit.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
bridge_driver: Set @dnsmasqStarted only after successful dnsmasq spawn
The networkStartNetworkVirtual() function handles starting of
networks of different forward types (none, nat, route, open).
And as a part of startup process dnsmasq might be spawned but
doesn't have to be (depending on the network configuration). The
@dnsmasqStarted variable is supposed to track whether dnsmasq was
started or not (so that it can be killed when starting network
fails after it was started). But the variable is set even when
the code decided not to start it.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
One specfile containing both native and mingw builds is the
new best practice for Fedora. This reduces the maint burden
and ensures the mingw packages don't fall behind.
Note this adds many more BuildRequires for anyone building
on Fedora, which will now need installing.
Reviewed-by: Pavel Hrdina <phrdina@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
tests: Pass the flat_namespace option to the linker
This fixes vircryptotest on macOS 12 (Monterey).
The test relies on library injection (using DYLD_INSERT_LIBRARIES)
to replace the normal random functions with functions giving predictable
results, defined in virrandommock.c. However, using DYLD_INSERT_LIBRARIES
only works when building with flat namespaces.
Adding the -Wl,-flat_namespace option to the linker fixes the problem.
The option was already defined in the top-level meson.build, but had been
forgotten in the test linker arguments.
Signed-off-by: Christophe de Dinechin <dinechin@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Instead of duplicating the list of attributes that are not
allowed for some of the IOMMU models, use two separate switch
statements: one for the attributes and one for the address.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Paolo Bonzini [Mon, 8 Aug 2022 15:15:07 +0000 (17:15 +0200)]
qemu: remove support for query-cpus
The query-cpus-fast command was introduced in 2.12, therefore
query-cpus is never used on supported versions of QEMU. Remove
the logic to parse its output, as well as the parameters to
choose between the two commands.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Paolo Bonzini [Mon, 8 Aug 2022 15:15:05 +0000 (17:15 +0200)]
tests: convert x86_64 tests to query-cpus-fast
All supported versions of QEMU include the query-cpus-fast QMP command.
In preparation for dropping support for the old "query-cpus" commands,
convert the JSON output for x86 tests to the new format, and drop the
"halted" field from the expected output as it is not available anymore.
The CPU properties were obtained from the query-hotpluggable-cpus output
in tests/qemumonitorjsondata. CPU, thread_id, and qom_path are renamed
respectively to cpu-index, qom-path and thread-id, while nip and halted
are removed.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Paolo Bonzini [Mon, 8 Aug 2022 15:15:04 +0000 (17:15 +0200)]
tests: convert ppc64 tests to query-cpus-fast
All supported versions of QEMU include the query-cpus-fast QMP command.
In preparation for dropping support for the old "query-cpus" commands,
convert the JSON output for PPC tests to the new format, and drop the
"halted" field from the expected output as it is not available anymore.
The CPU properties were obtained from the query-hotpluggable-cpus output
in tests/qemumonitorjsondata. CPU, thread_id, and qom_path are renamed
respectively to cpu-index, qom-path and thread-id, while nip and halted
are removed.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Paolo Bonzini [Mon, 8 Aug 2022 15:15:03 +0000 (17:15 +0200)]
tests: drop "-fast" from query-cpus-fast tests
All supported versions of QEMU include the query-cpus-fast QMP command.
In preparation for dropping support for the old "query-cpus" commands,
remove the "-fast" suffix from both x86-full-fast and s390-fast.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Paolo Bonzini [Mon, 8 Aug 2022 15:15:02 +0000 (17:15 +0200)]
tests: remove duplicate cpuinfo test
All supported versions of QEMU include the query-cpus-fast QMP command.
In preparation for dropping support for the old "query-cpus" commands,
remove the query-cpus version of the x86-full test.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Currently, it's possible to pass various attributes to an IOMMU's
<driver/> element hoping that we enable them in underlying
hypervisor. However, depending on the IOMMU model, some of these
attributes can't be enabled and are simply ignored. This is
suboptimal and we should reject such configuration in the
validate phase.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2101633 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
qemu & hypervisor: move qemuDomainTrackJob() into hypervisor
This patch moves qemuDomainTrackJob() as virDomainTrackJob() into
hypervisor because it is called in begin job and end job
functions that will be generalized in the following series.
Signed-off-by: Kristina Hanicova <khanicov@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
qemu: propagate virDomainJobObj into qemuDomainObjPreserveJob()
It does not make sense to propagate virDomainObj and get
qemuDomainObjPrivate from it, when it is already accessible in
the only function qemuDomainObjPreserveJob() is called from. That
being said, we can also propagate virDomainJobObj directly and
avoid using qemu private structure.
Signed-off-by: Kristina Hanicova <khanicov@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
qemu_process: Destroy domain's namespace after killing QEMU
After QEMU is killed in qemuProcessStop() its mount namespace
doesn't exist anymore, because it was the only process running
there. Thus we should clear our internal flag that the domain has
namespace enabled so that seclabel restore code does not try to
enter it. We do the same in qemuProcessHandleMonitorEOF() but
when it is us, who decides to kill QEMU rather than QEMU quitting
we haven't seen EOF by the time qemuProcessStop() is called.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
kbase: Document how to disable Secure Boot entirely
In most cases, disabling the secure-boot or the enrolled-keys
firmware feature will achieve the same result: allowing an
unsigned operating system to run.
Right now we're only documenting the latter configuration. Add
the former as well, and explain the difference between the two.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
It should be enough to enable or disable the enrolled-keys feature
to control whether Secure Boot is enforced, but there's a slight
complication: many distro packages for edk2 include, in addition
to general purpose firmware images, builds that are targeting the
Confidential Computing use case.
For those, the firmware descriptor will not advertise the
enrolled-keys feature, which will technically make them suitable
for satisfying a configuration such as
In practice, users will expect the general purpose build to be
used in this case. Explicitly asking for the secure-boot feature
to be enabled achieves that result at the cost of some slight
additional verbosity.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
The non-Linux version of virHostCPUGetPhysAddrSize() is lacking
G_GNUC_UNUSED attribute to its @size argument which triggers an
error on all non-Linux builds. And while at it, make the function
actually signal error (ENOSYS) since it does not set the
argument.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Passthrough mode can only be used if the chosen CPU model is
'host-passthrough'. Also validate that an explicitly specified
bits value does not exceed the physical address bits on the host.
The feature is available since QEMU 2.7.0.
Signed-off-by: Dario Faggioli <dfaggioli@suse.com> Signed-off-by: Jim Fehlig <jfehlig@suse.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
sub element of /domain/cpu, which allows specifying the guest virtual CPU
address size. This can be useful if the guest needs to have a large amount
of memory.
If mode='passthrough', the virtual CPU will have the same number of address
bits as the host. If mode='emulate', the mandatory bits attribute specifies
the number of address bits.
Signed-off-by: Dario Faggioli <dfaggioli@suse.com> Signed-off-by: Jim Fehlig <jfehlig@suse.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Supported TPM versions are reported in domain capabilities. These
are used already to validate TPM type and model, but not TPM
version. This is suboptimal, because otherwise we leave users to
meet the error when starting a guest and libvirt spawns swtpm
binary which in turn reports an error.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Kristina Hanicova <khanicov@redhat.com>
Michal Privoznik [Wed, 20 Jul 2022 07:51:55 +0000 (09:51 +0200)]
testutilsqemu: Fake TPM versions
Because of v8.5.0-rc1~25 we are already faking TPM support for
domaincaps. Might as well fake supported TPM versions.
The swtpm binary supports both TPM versions since its first
release, but pretend it isn't the case. For QEMU-5.2 and older
pretend only TPM-1.2 is available, QEMU-6.* has both TPM-1.2 and
TPM-2.0 and QEMU-7.0 and newer has only TPM-2.0 available.
This way, domaincaps are more dispersed.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Kristina Hanicova <khanicov@redhat.com>
The virDomainTPMVersion enum is declared in domain_conf.h among
with its TypeFromString() and TypeToString() helpers (which are
then implemented in domain_conf.c). However, neither of these
helpers is exposed in libvirt_private.syms which makes it
impossible for other modules to use.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Kristina Hanicova <khanicov@redhat.com>
projects / libvirt.git / log