On Mon, Jan 12, 2026 at 8:06 PM Daniel P. Berrangé <[email protected]> wrote: > > On Mon, Jan 12, 2026 at 06:52:45PM +0530, Ani Sinha wrote: > > A new functional test is added that exercises the code changes related to > > closing of the old KVM VM file descriptor and opening a new one upon VM > > reset. > > This normally happens when confidential guests are resetted but for > > non-confidential guests, we use a special machine specific debug/test > > parameter > > 'x-change-vmfd-on-reset' to enable this behavior. > > Only specific code changes related to re-initialization of SEV-ES, SEV-SNP > > and > > TDX platforms are not exercized in this test as they require hardware that > > supports running confidential guests. > > > > Signed-off-by: Ani Sinha <[email protected]> > > --- > > MAINTAINERS | 6 ++ > > tests/functional/x86_64/meson.build | 1 + > > .../x86_64/test_vmfd_change_reboot.py | 75 +++++++++++++++++++ > > 3 files changed, 82 insertions(+) > > create mode 100755 tests/functional/x86_64/test_vmfd_change_reboot.py > > > > diff --git a/tests/functional/x86_64/test_vmfd_change_reboot.py > > b/tests/functional/x86_64/test_vmfd_change_reboot.py > > new file mode 100755 > > index 0000000000..3b33322880 > > --- /dev/null > > +++ b/tests/functional/x86_64/test_vmfd_change_reboot.py > > @@ -0,0 +1,75 @@ > > +#!/usr/bin/env python3 > > +# > > +# KVM VM file descriptor change on reset test > > +# > > +# Copyright © 2026 Red Hat, Inc. > > +# > > +# Author: > > +# Ani Sinha <[email protected]> > > +# > > +# SPDX-License-Identifier: GPL-2.0-or-later > > + > > +import os > > +from qemu.machine import machine > > + > > +from qemu_test import QemuSystemTest, Asset, > > exec_command_and_wait_for_pattern > > +from qemu_test import wait_for_console_pattern > > + > > +class KVMGuest(QemuSystemTest): > > + > > + ASSET_UKI = Asset('https://gitlab.com/anisinha/misc-artifacts/' > > + '-/raw/main/uki.x86-64.efi?ref_type=heads', > > + 'e0f806bd1fa24111312e1fe849d2ee69808d4343930a5' > > + 'dc8c1688da17c65f576') > > + ASSET_OVMF = Asset('https://gitlab.com/anisinha/misc-artifacts/' > > + '-/raw/main/OVMF.stateless.fd?ref_type=heads', > > + '58a4275aafa8774bd6b1540adceae4ea434b8db75b476' > > + '11839ff47be88cfcf22') > > What is the source of these two binaries - the repo doesn't show any > source code or references ?
For ASSET_UKI, it was built using https://gitlab.com/kraxel/edk2-tests/-/blob/unittest/tools/make-supermin.sh Maybe I can add a comment in the test as such. ASSET_OVMF is a little more complicated ... > Is there no way we can use standard distro > images for this test ? ASSET_OVMF comes from /usr/share/edk2/ovmf/OVMF.stateless.fd of a fc43 VM. It comes from edk2-ovmf-20251119-3.fc43.noarch rpm. This rpm must be installed in the container where the test is run. I checked that CI images we use do not have this rpm or the edk2 binary. In fact, we do not have OVMF.amdsev.fd or its TDX variant or any of OVMF_CODE.secboot.fd etc either. OVMF packages are simply not in the container images generated. There are two reasons why I did it this way - a) I know the long path to adding a package into all CI container images and I wanted to avoid doing that just as yet since ... b) as we spoke offline, even if we did add the package, since /dev/kvm is not available, this test will be skipped and not run in CI. So for this test to run successfully, we must enable kvm tests in CI (have /dev/kvm available). Then we can add the above package and remove this. Also skip the test where OVMF.stateless.fd is not available. For now, I wanted to make sure at least everyone can run this test manually where kvm is available even if they do not have the package installed or if the package is not available for their host OS (for example RHEL-9.6 does not have the stateless variant). > > > + > > + def common_vm_setup(self): > > + self.require_accelerator("kvm") > > + > > + self.vm.set_console() > > + > > + self.vm.add_args("-accel", "kvm") > > + self.vm.add_args("-smp", "2") > > + self.vm.add_args("-cpu", "host") > > + self.vm.add_args("-m", "2G") > > + self.vm.add_args("-nographic", "-nodefaults") > > + > > + self.uki_path = self.ASSET_UKI.fetch() > > + self.ovmf_path = self.ASSET_OVMF.fetch() > > + > > + def run_and_check(self): > > + self.vm.add_args('-kernel', self.uki_path) > > + self.vm.add_args("-bios", self.ovmf_path) > > + # enable KVM VMFD change on reset for a non-coco VM > > + self.vm.add_args("-machine", "q35,x-change-vmfd-on-reset=on") > > + # enable tracing > > + self.vm.add_args("-d", "trace:kvm_reset_vmfd") > > + > > + try: > > + self.vm.launch() > > + except machine.VMLaunchFailure as e: > > + raise e > > + > > + self.log.info('VM launched') > > + console_pattern = 'bash-5.1#' > > + wait_for_console_pattern(self, console_pattern) > > + self.log.info('VM ready with a bash prompt') > > + > > + exec_command_and_wait_for_pattern(self, '/usr/sbin/reboot -f', > > + 'reboot: machine restart') > > + console_pattern = '# --- Hello world ---' > > + wait_for_console_pattern(self, console_pattern) > > + self.vm.shutdown() > > + self.assertRegex(self.vm.get_log(), > > + r'kvm_reset_vmfd \nINFO: virtual machine accel > > file ' > > + 'descriptor has changed') > > + > > + def test_vmfd_change_on_reset(self): > > + self.common_vm_setup() > > + self.run_and_check() > > + > > +if __name__ == '__main__': > > + QemuSystemTest.main() > > -- > > 2.42.0 > > > > > > With regards, > Daniel > -- > |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| > |: https://libvirt.org -o- https://fstop138.berrange.com :| > |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| >
