Commit Graph

23846 Commits

Author SHA1 Message Date
Roman Bogorodskiy
caaa1bd357 libxl: fix unused functions
Commit eee7bd4e introduced two functions: libxlDiskPathToID and
libxlDiskSectorSize.

However, as they're used only by code under #ifdef __linux__,
on non-Linux platforms it results in errors similar to this:

 CC       libxl/libvirt_driver_libxl_impl_la-libxl_driver.lo
libxl/libxl_driver.c:5263:1: error: unused function 'libxlDiskPathToID' [-Werror,-Wunused-function]
libxlDiskPathToID(const char *virtpath)
^
libxl/libxl_driver.c:5312:1: error: unused function 'libxlDiskSectorSize' [-Werror,-Wunused-function]
libxlDiskSectorSize(int domid, int devno)
^
2 errors generated.

Fix that by moving these functions under the #ifdef __linux__ block.
2016-08-16 03:12:05 +03:00
Jovanka Gulicoska
43a6b37b24 Introduce node device update event as top level event
This event is emitted when a nodedev XML definition is updated,
like when cdrom media is changed in a cdrom block device.

Also includes node device update event implementation for udev
backend, virsh nodedev-event support, and event-test support
2016-08-15 08:30:56 -04:00
John Ferlan
18701e9d62 virsh: Fix core for cmdSecretGetValue
https://bugzilla.redhat.com/show_bug.cgi?id=1366611

When commit id 'cb2e3e50' reworked the cmdSecretGetValue call to use
VIR_DISPOSE_STRING for base64, it neglected to initialize the base64
value to NULL since the cleanup: label could be reached prior to the
base64 value being set or not.  This resulted in a core dump, adding
the initialization will avoid the issue.
2016-08-15 07:53:45 -04:00
Pavel Hrdina
ef11e770da qemu_command: don't modify heads for graphics device
Setting heads to 0 in case that *max_outputs* is not supported while building
command line doesn't have any real effect.  It only removes *heads* attribute
from live XML, but after restarting libvirt the default value is restored.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-08-15 12:47:37 +02:00
Michal Privoznik
cba18f8ac2 virschematest: Make sure that validator is initialized
It may happen that a developer wants to run just a specific
subset of tests:

tests $ VIR_TEST_RANGE=22 ../run ./virschematest

This now fails miserably:

    ==6840== Invalid read of size 8
    ==6840==    at 0x4F397C0: virXMLValidatorValidate (virxml.c:1216)
    ==6840==    by 0x402B72: testSchemaFile (virschematest.c:53)
    ==6840==    by 0x403737: virTestRun (testutils.c:180)
    ==6840==    by 0x402CF5: testSchemaDir (virschematest.c:98)
    ==6840==    by 0x402EB1: testSchemaDirs (virschematest.c:131)
    ==6840==    by 0x40314D: mymain (virschematest.c:194)
    ==6840==    by 0x4051AF: virTestMain (testutils.c:982)
    ==6840==    by 0x4035A9: main (virschematest.c:217)
    ==6840==  Address 0x10 is not stack'd, malloc'd or (recently) free'd

Problem is, we are trying to do two types of tests here: validate
RNG schema itself, and validate XML files against RNG schemas.
And the latter tries to re-use a resource allocated in the
former. Therefore if the former is skipped (due to
VIR_TEST_RANGE) we have to allocate the resource manually.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-08-15 09:51:10 +02:00
Jim Fehlig
541e9ae6d4 cpu_x86: fix libvirtd crash when host cpu vendor is not available
When starting a guest and copying host vendor cpuid to the guest
cpu, libvirtd would crash if the host cpu contained a NULL vendor
field. Avoid the crash by checking for a valid vendor in the host
cpu before copying the cpuid to the guest cpu.

For completeness, here is a backtrace from the crash

(gdb) bt
f0  0x00007ffff739bf33 in x86DataCpuid (cpuid=0x8, cpuid=0x8,
    data=data@entry=0x7fffb800ee78) at cpu/cpu_x86.c:287
f1  virCPUx86DataAddCPUID (data=data@entry=0x7fffb800ee78, cpuid=0x8)
    at cpu/cpu_x86.c:355
f2  0x00007ffff739ef47 in x86Compute (host=<optimized out>, cpu=0x7fffb8000cc0,
    guest=0x7fffecca7348, message=<optimized out>) at cpu/cpu_x86.c:1580
f3  0x00007fffd2b38e53 in qemuBuildCpuModelArgStr (migrating=false,
    hasHwVirt=<synthetic pointer>, qemuCaps=0x7fffb8001040, buf=0x7fffecca7360,
    def=0x7fffc400ce20, driver=0x1c) at qemu/qemu_command.c:6283
f4  qemuBuildCpuCommandLine (cmd=cmd@entry=0x7fffb8002f60,
    driver=driver@entry=0x7fffc80882c0, def=def@entry=0x7fffc400ce20,
    qemuCaps=qemuCaps@entry=0x7fffb8001040, migrating=<optimized out>)
    at qemu/qemu_command.c:6445
(gdb) f2
(gdb) p *host_model
$23 = {name = 0x7fffb800ec50 "qemu64", vendor = 0x0, signature = 0, data = {
    len = 2, data = 0x7fffb800e720}}
2016-08-12 18:47:53 -06:00
Andrea Bolognani
f257a4adf1 qemu: command: Simplify USB controller model selection
Since we now pick the default USB controller model when parsing
the guest XML, we can get rid of some duplicated code so that
the default model selection happens in one place only.

Add some comments as well.
2016-08-12 17:38:02 +02:00
Andrea Bolognani
31de0fab93 qemu: domain: Drop piix3-ohci controller for migration
Now that the default USB controller model is explicit rather
than implicit for i440fx machines, we have to tweak the
conditions for dropping it in order to keep migration towards
libvirt <= 0.9.4 working.
2016-08-12 17:38:02 +02:00
Andrea Bolognani
f55eaccb0c qemu: domain: Reflect USB controller model in guest XML
When the user doesn't specify any model for a USB controller,
we use an architecture-dependent default, but we don't reflect
it in the guest XML.

Pick the default USB controller model when parsing the guest
XML instead of when creating the QEMU command line, so that
our choice is saved back to disk.
2016-08-12 17:38:02 +02:00
Michal Privoznik
f87cc927f7 virschematest: Initialize @data
==8630== Invalid read of size 8
==8630==    at 0x4EA4F0F: virFree (viralloc.c:582)
==8630==    by 0x4F398F0: virXMLValidatorFree (virxml.c:1257)
==8630==    by 0x40305C: mymain (virschematest.c:191)
==8630==    by 0x405159: virTestMain (testutils.c:982)
==8630==    by 0x403553: main (virschematest.c:215)
==8630==  Address 0xcd72243 is 131 bytes inside a block of size 177 free'd
==8630==    at 0x4C2B1F0: free (vg_replace_malloc.c:473)
==8630==    by 0x4EA4F19: virFree (viralloc.c:582)
==8630==    by 0x4ED0973: virFindFileInPath (virfile.c:1646)
==8630==    by 0x405149: virTestMain (testutils.c:980)
==8630==    by 0x403553: main (virschematest.c:215)

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-08-12 17:13:35 +02:00
Michal Privoznik
c4b92f1a8a schema: Don't validate paths
https://bugzilla.redhat.com/show_bug.cgi?id=1353296

On UNIX like systems there are no constraints on what characters
can be in file/dir names (except for NULL, obviously). Moreover,
some values that we think of as paths (e.g. disk source) are not
necessarily paths at all. For instance, some hypervisors take
that as an arbitrary identifier and corresponding file is then
looked up by hypervisor in its table. Instead of trying to fix
our regular expressions (and forgetting to include yet another
character there), lets drop the validation completely.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-08-12 10:59:21 +02:00
Michal Privoznik
9aea8cd4ae virNetDevMacVLanCreateWithVPortProfile: Drop @ret
Usually, this variable is used to hold the return value for a
function of ours. Well, this is not the case. Its use does not
match our pattern and therefore it is very misleading. Drop it
and define an alternative @rc variable, but only in that single
block where it is needed.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-08-10 16:56:45 +02:00
Michal Privoznik
42712002fd virNetDevMacVLanCreateWithVPortProfile: Drop @rc
This variable is very misleading. We use VIR_FORCE_CLOSE to set
it to -1 and returning it even though it does not refer to a FD
at all. It merely holds 0 or -1. Drop it completely. Also, at the
same time some corner cases are fixed too.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-08-10 16:56:22 +02:00
Michal Privoznik
96e2486156 virNetDevMacVLanCreateWithVPortProfile: Don't mask virNetDevMacVLanTapOpen error
https://bugzilla.redhat.com/show_bug.cgi?id=1240439

In this function we create a macvtap device and open its tap
device. Possibly multiple times. Now the thing is, if opening the
tap device fails, that is virNetDevMacVLanTapOpen() returns a
negative value, we unroll all the changes BUT return 0 fooling
caller into thinking everything went okay.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-08-10 16:54:41 +02:00
Cole Robinson
856965b362 qemu: fix qemu.conf security_driver
Since a9331394 (first release v2.1.0), specifying a manual
security_driver setting in qemu.conf causes the daemon to fail to
start, erroring with 'Duplicate security driver X'.

The duplicate checking was incorrectly comparing every entry
against itself, guaranteeing a false positive.

https://bugzilla.redhat.com/show_bug.cgi?id=1365607
2016-08-10 10:41:07 -04:00
Laine Stump
a220f43a65 conf: restrict expander buses to connect only to a root bus
More misunderstanding/mistaken assumptions on my part - I had thought
that a pci-expander-bus could be plugged into any legacy PCI slot, and
that pcie-expander-bus could be plugged into any PCIe slot. This isn't
correct - they can both be plugged ontly into their respective root
buses. This patch adds that restriction.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1358712
2016-08-10 10:29:34 -04:00
Laine Stump
b70e3d0123 conf: restrict where dmi-to-pci-bridge can be connected
libvirt had allowed a dmi-to-pci-bridge to be plugged in anywhere a
normal PCIe endpoint can be connected, but this is wrong - it will
only work if it's plugged into pcie-root (the PCIe root complex) or a
pcie-expander-bus (the qemu device pxb-pcie). This patch adjusts the
connection flags accordingly.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1363648
2016-08-10 10:27:37 -04:00
Laine Stump
b70e54342b conf: don't allow connecting upstream-port directly to pce-expander-bus
I apparently misunderstood Marcel's description of what could and
couldn't be plugged into qemu's pxb-pcie controller (known as
pcie-expander-bus in libvirt) - I specifically allowed directly
connecting a pcie-switch-upstream-port, and it turns out that causes
the guest kernel to crash.

This patch forbids such a connection, and updates the xml docs
appropriately.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1361172
2016-08-10 10:26:21 -04:00
Laine Stump
10031fe5f2 conf: improve error log when PCI devices don't match requested controller
The virDomainPCIAddressFlagsCompatible() error logs report that a
device required a controller that accepted standard PCI endpoint
devices, or PCI Express endpoint devices, and if hotplug was required
by the configuration but not provided by the selected controller. But
the wording of the error messages was apparently confusing (according
to the bugzilla report referenced below). On top of that, if the
device was something other than an endpoint device (e.g. a
pcie-switch-downstream-port) the error message was a complete punt -
it would just say that the flags were incorrect.

This patch makes the messages for PCI/PCIe endpoint and hotplug
requirements more clear, and also specifically indicates what was the
device type when it is other than an endpoint device.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1363627
2016-08-10 10:23:18 -04:00
Erik Skultety
4914494eb8 virt-admin: Fix the error when an invalid URI has been provided
After commit 9d479dd1 fiddled with the cmdConnect's output which used to be a
bit more verbose prior to the mentioned commit, the program flow would result
in a quite confusing error if an invalid URI has been provided:

    error: Failed to connect to the admin server
    Connected to the admin server
    error: <some error>

The problem is that the commit mentioned above relied on the fact that
connect routine always succeeds which is not true.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-08-10 15:24:07 +02:00
Jiri Denemark
300f668c66 cpu_x86: Fix host-model CPUs on hosts with CMT
Since the introduction of CMT features (commit v1.3.5-461-gf294b83)
starting a domain with host-model CPU on a host which supports CMT fails
because QEMU complains about unknown 'cmt' feature:

    qemu-system-x86_64: CPU feature cmt not found

https://bugzilla.redhat.com/show_bug.cgi?id=1355857

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-08-10 14:25:24 +02:00
Jiri Denemark
58ba240df8 tests: Add a test for host-model CPU with CMT feature
The generated command line wouldn't work since QEMU doesn't know what
'cmt' is. The following patch will fix this issue.

https://bugzilla.redhat.com/show_bug.cgi?id=1355857

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-08-10 14:25:24 +02:00
Jiri Denemark
1ac897a15d cpu_x86: Properly drop non-migratable features
By removing a non-migratable feature in a for loop we would fail to drop
every second non-migratable feature if the features array contained
several of them in a row.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-08-10 14:25:24 +02:00
Jiri Denemark
dbb14bb0f1 cpu_x86: Introduce x86FeatureIsMigratable
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-08-10 14:25:24 +02:00
Chen Hanxiao
73b647d418 virsh: clarify snapshot --live
In libvirt, snapshot means disk snapshot.
snapshot --live is more like VM checkpoint.
Make it clear in virsh.pod.

Signed-off-by: Chen Hanxiao <chenhanxiao@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-08-10 13:29:54 +02:00
Jovanka Gulicoska
5b8643099a virsh: Introduce nodedev-event command
Add nodedev-event support for node device lifecycle events
2016-08-09 11:05:32 -04:00
Erik Skultety
9e5e7f3a5b virt-admin: Properly fix the default session daemon URI to admin server
Commit 30ce2f0e tried to fix the issue with an incorrect session URI to admin
server but it messed up the checks:

    if (geteuid == 0 && VIR_STRDUP(*uristr, "libvirtd:///system") < 0)
        return -1;
    else if (VIR_STRDUP(*uristr, "libvirtd:///session") < 0)
        return -1;

So if a client executed with root privileges tries to connect, its euid is
checked (true) and the correct URI is successfully copied to @uristr (false),
therefore the 'else' branch is taken and @uristr is replaced by the session URI
which for root results in:
    Failed to connect socket to '/root/.cache/libvirt/libvirt-admin-sock':
    No such file or directory

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-08-09 15:24:19 +02:00
Erik Skultety
30ce2f0e2a admin: Fix the default uri for session daemon to libvirtd:///session
Just like we decide on which URI we go with based on EUID for qemu in remote
driver, do a similar thing for admin except we do not spawn a daemon in this
case.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1356858

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-08-09 13:25:22 +02:00
Michal Privoznik
e396de03f3 docs: Distribute subsite.xsl
So, I've ran into very interesting problem lately. When doing the
following, I've encountered an error:

  libvirt.git $ make dist && tar -xJf libvirt-2.2.0.tar.xz && \
                cd libvirt-2.2.0 && ./configure && \
                rm docs/formatdomain.html && make -C docs

  make: Entering directory 'docs'
  make: *** No rule to make target 'formatdomain.html', needed by 'web'.  Stop.
  make: Leaving directory 'docs'

I had no idea what was going on, so I've nailed down the commit
that "broke it" via running git-bisect. It was this one:
7659bd9221. But that shed no more light until I realized
that the commit might actually just exposed a problem we had. And
guess what - I've nailed it down. Of course we are not
distributing subsite.xsl that's why make prints error message.
Very misleading one I must say.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-08-08 11:49:35 +02:00
Marc Hartmayer
cdf065537f virsystemd: Fix error check
Commit b3e4401dc6 introduced a check to ignore an error if the guest
is already terminated. However the check accidentally compared
error.code with VIR_ERR_ERROR, which is an error level, not an error
code. Because of this, almost every error got silently ignored.

Fixes: b3e4401dc6 ("systemd: don't report an error if the guest is
already terminated")

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
2016-08-08 08:15:59 +02:00
Kai Kang
7e1ca80d87 nsslinktest: also build virAtomic.h
When build for architecture that don't use gcc atomic ops but pthread,
it fails to build for armel:

| ../tools/nss/.libs/libnss_libvirt_impl.a(libvirt_nss_la-virobject.o): In function `virClassNew':
| /buildarea2/kkang/builds/qemuarm-Aug03/bitbake_build/tmp/work/armv5e-wrs-linux-gnueabi/libvirt/1.3.5-r0/build/src/../../libvirt-1.3.5/src/util/virobject.c:153: undefined reference to `virAtomicLock'
| ../tools/nss/.libs/libnss_libvirt_impl.a(libvirt_nss_la-virobject.o): In function `virObjectNew':
| /buildarea2/kkang/builds/qemuarm-Aug03/bitbake_build/tmp/work/armv5e-wrs-linux-gnueabi/libvirt/1.3.5-r0/build/src/../../libvirt-1.3.5/src/util/virobject.c:205: undefined reference to `virAtomicLock'
| ../tools/nss/.libs/libnss_libvirt_impl.a(libvirt_nss_la-virobject.o): In function `virObjectUnref':
| /buildarea2/kkang/builds/qemuarm-Aug03/bitbake_build/tmp/work/armv5e-wrs-linux-gnueabi/libvirt/1.3.5-r0/build/src/../../libvirt-1.3.5/src/util/virobject.c:277: undefined reference to `virAtomicLock'
| ../tools/nss/.libs/libnss_libvirt_impl.a(libvirt_nss_la-virobject.o): In function `virObjectRef':
| /buildarea2/kkang/builds/qemuarm-Aug03/bitbake_build/tmp/work/armv5e-wrs-linux-gnueabi/libvirt/1.3.5-r0/build/src/../../libvirt-1.3.5/src/util/virobject.c:298: undefined reference to `virAtomicLock'
| collect2: error: ld returned 1 exit status

It is similar with:

http://libvirt.org/git/?p=libvirt.git;a=commit;h=12dc729

Signed-off-by: Kai Kang <kai.kang@windriver.com>
2016-08-08 08:06:56 +02:00
Nikolay Shirokovskiy
492a383e58 vz: add vzDomainGetJobStats
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2016-08-06 22:01:29 +03:00
Nikolay Shirokovskiy
dd7b0a388f vz: add getting job info for migration
Unfortunately vz sdk do not provide detail information on migration
progress, only progress percentage. Thus vz driver provides percents
instead of bytes in data fields of virDomainJobInfoPtr.

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2016-08-06 22:01:02 +03:00
Eric Blake
f33f03d015 build: centralize use of extra Cygwin LDFLAGS
The build was failing with:

  CCLD     lockd.la
libtool:   error: can't build i686-pc-cygwin shared library unless -no-undefined is specified

Rather than add yet another $(CYGWIN_EXTRA_LDFLAGS) to all the
impacted *_la_LDFLAGS, it was easier to just pull the extra
flags into ALL libraries via AM_LDFLAGS.

Then, fix lockd_la_LDFLAGS to include AM_LDFLAGS, like all other
libraries.

Signed-off-by: Eric Blake <eblake@redhat.com>
2016-08-06 07:50:19 -06:00
Eric Blake
aa760cd522 build: use XDR_CFLAGS for Cygwin build
Without XDR_CFLAGS, compilation on Cygwin fails with:

  CC       libvirt_driver_la-libvirt-stream.lo
In file included from libvirt-stream.c:26:0:
rpc/virnetprotocol.h:9:21: fatal error: rpc/rpc.h: No such file or directory

Signed-off-by: Eric Blake <eblake@redhat.com>
2016-08-06 07:27:03 -06:00
Michal Privoznik
5f5a5a42e5 lxcDomainCreateXMLWithFiles: Avoid crash
https://bugzilla.redhat.com/show_bug.cgi?id=1363773

Imagine that you're creating a transient domain, but for some reason,
starting it fails. That is virLXCProcessStart() returns an error. With
current code, in the error handling code the domain object is removed
from the domain object list, @vm is set to NULL and controls jump to
enjob label where virLXCDomainObjEndJob() is called which dereference vm
leading to instant crash.

The fix is to end the job in the error handling code and only after that
remove the domain from the list and jump onto cleanup label instead of
endjob.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-08-05 15:50:19 +02:00
John Ferlan
fbfd6f2103 storage: Don't remove the pool for buildPool failure in storagePoolCreate
https://bugzilla.redhat.com/show_bug.cgi?id=1362349

When adding the ability to build the pool during the start pool processing
using the similar flags as buildPool processing would use, the code was
essentially cut-n-pasted from storagePoolCreateXML.  However, that included
a call to virStoragePoolObjRemove which shouldn't happen within the
storagePoolCreate path since that'll remove the pool from the list of
pools only to be rediscovered if libvirtd restarts.

So on failure, just fail and return as we should expect
2016-08-05 09:30:54 -04:00
Ján Tomko
3f19ac3486 Fix indentation 2016-08-05 10:25:10 +02:00
Jiri Denemark
a80827a7f9 qemu: Add tests for virQEMUCapsNewCopy
Doing a load, copy, format cycle on all QEMU capabilities XML files
should make sure we don't forget to update virQEMUCapsNewCopy when
adding new elements to QEMU capabilities.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-08-05 10:06:01 +02:00
Jiri Denemark
c611c886f5 qemu: Copy missing QEMU caps elements
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-08-05 10:06:01 +02:00
Jiri Denemark
79057b8b3b qemu: Copy QEMU caps elements in order of definition
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-08-05 10:06:01 +02:00
Peter Krempa
2cda2628db tests: qemucapabilities: Add data for qemu 2.7.0
As of (v2.7.0-rc1-52-g42e0d60)
2016-08-05 09:47:08 +02:00
Erik Skultety
5a3558c620 storage: Fix a NULL ptr dereference in virStorageBackendCreateQemuImg
There was a missing check for vol->target.encryption being NULL
at one particular place (modified by commit a48c71411) which caused a crash
when user attempted to create a raw volume using a non-raw file volume as
source.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1363636

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-08-05 09:07:00 +02:00
Peter Krempa
5b7dedc995 internal: Introduce macro for stealing pointers
VIR_STEAL_PTR copies the pointer from the second argument into the
first argument and then sets the second to NULL.
2016-08-05 08:38:20 +02:00
John Ferlan
d5813d72ad tests: Fix broken build
Commit id 'f522b7d2' caused a build failure :

GEN      check-augeas-virtlogd
Test failure:test_libvirtd_qemu.aug:69.3-147.28:
 Expected:
{
...
  { "nvram"
    { "1" = "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd" }
    { "2" = "/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd" }
  }
...
 Actual:
...
{
  { "nvram"
    { "1" = "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd" }
    { "2" = "/usr/share/OVMF/OVMF_CODE.secboot.fd:/usr/share/OVMF/OVMF_VARS.fd" }
    { "3" = "/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd" }
  }
...

This patch adds the OVMF_CODE.secboot.fd to the aug.in file

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-08-04 15:25:23 -04:00
Boris Fiuczynski
202846f8c3 qemu: fix capability counting
Signed-off-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
2016-08-04 17:48:19 +02:00
Michal Privoznik
f522b7d269 qemu: Advertise OVMF_CODE.secboot.fd
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-08-04 17:22:48 +02:00
Michal Privoznik
9c1524a01c qemu: Enable secure boot
In qemu, enabling this feature boils down to adding the following
onto the command line:

  -global driver=cfi.pflash01,property=secure,value=on

However, there are some constraints resulting from the
implementation. For instance, System Management Mode (SMM) is
required to be enabled, the machine type must be q35-2.4 or
later, and the guest should be x86_64. While technically it is
possible to have 32 bit guests with secure boot, some non-trivial
CPU flags tuning is required (for instance lm and nx flags must
be prohibited). Given complexity of our CPU driver, this is not
trivial. Therefore I've chosen to forbid 32 bit guests for now.
If there's ever need, we can refine the check later.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-08-04 17:22:20 +02:00
Michal Privoznik
64c2480043 Introduce @secure attribute to os loader element
This element will control secure boot implemented by some
firmwares. If the firmware used in <loader/> does support the
feature we must tell it to the underlying hypervisor. However, we
can't know whether loader does support it or not just by looking
at the file. Therefore we have to have an attribute to the
element where users can tell us whether the firmware is secure
boot enabled or not.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-08-04 17:14:20 +02:00
Michal Privoznik
d0e4be9d02 Introduce SMM feature
Since its release of 2.4.0 qemu is able to enable System
Management Module in the firmware, or disable it. We should
expose this capability in the XML. Unfortunately, there's no good
way to determine whether the binary we are talking to supports
it. I mean, if qemu's run with real machine type, the smm
attribute can be seen in 'qom-list /machine' output. But it's not
there when qemu's run with -M none. Therefore we're stuck with
version based check.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-08-04 17:14:20 +02:00