Signed-off-by: Pavel Hrdina
Reviewed-by: Peter Krempa
---
NEWS.rst | 6 ++
1 file changed, 6 insertions(+)
diff --git a/NEWS.rst b/NEWS.rst
index 39f508a6ce..fecca64344 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -17,6 +17,12 @@ v9.0.0 (unreleased)
* **New features**
+ * QEMU: implement e
When deleting snapshot we are starting block-commit job over all disks
that are part of the snapshot.
This operation may fail as it writes data changes to the backing qcow2
image so we need to wait for all the disks to finish the operation and
wait for correct signal from QEMU. If deleting active
This simplifies the code a bit by reusing existing parts that deletes
a single snapshot.
The drawback of this change is that we will now call the re-parent bits
to keep the metadata in sync for every child even though it will get
deleted as well.
Signed-off-by: Pavel Hrdina
Reviewed-by: Peter Kr
Signed-off-by: Pavel Hrdina
Reviewed-by: Peter Krempa
---
src/qemu/qemu_snapshot.c | 42 ++--
1 file changed, 28 insertions(+), 14 deletions(-)
diff --git a/src/qemu/qemu_snapshot.c b/src/qemu/qemu_snapshot.c
index 3051e5c8df..cb4e0dcb78 100644
--- a/src/qemu
Deleting internal snapshot when the currently active disk image is
different than where the internal snapshot was taken doesn't work
correctly.
This applies to a running VM only as we are using QMP command and
talking to the QEMU process that is using different disk.
This works correctly when the
Prepare the validation function for external snapshot delete support.
There is one exception when deleting `children-only` snapshots. If the
snapshot tree is like this example:
snap1 (external)
|
+- snap2 (internal)
|
+- snap3 (internal)
|
Extract the code deleting external snapshot metadata to separate
function.
Signed-off-by: Pavel Hrdina
Reviewed-by: Peter Krempa
---
src/qemu/qemu_snapshot.c | 88 +++-
1 file changed, 50 insertions(+), 38 deletions(-)
diff --git a/src/qemu/qemu_snapshot.c b
Looks up disk storage source within storage source chain using storage
source object instead of path to make it work with all disk types.
Signed-off-by: Pavel Hrdina
---
src/libvirt_private.syms | 1 +
src/storage_file/storage_source.c | 39 +++
src/storage_
Extract code that deletes children of specific snapshot to separate
function.
Signed-off-by: Pavel Hrdina
Reviewed-by: Peter Krempa
---
src/qemu/qemu_snapshot.c | 109 ---
1 file changed, 68 insertions(+), 41 deletions(-)
diff --git a/src/qemu/qemu_snapshot.
Move code around to make it clear what is called when deleting single
snapshot or children snapshots.
Signed-off-by: Pavel Hrdina
Reviewed-by: Peter Krempa
---
src/qemu/qemu_snapshot.c | 37 -
1 file changed, 20 insertions(+), 17 deletions(-)
diff --git a/sr
Extract code that deletes single snapshot to separate function.
Signed-off-by: Pavel Hrdina
Reviewed-by: Peter Krempa
---
src/qemu/qemu_snapshot.c | 47 ++--
1 file changed, 31 insertions(+), 16 deletions(-)
diff --git a/src/qemu/qemu_snapshot.c b/src/qemu/q
Deleting external snapshots will require configuring autofinalize to
synchronize the block jobs for disks withing single snapshot in order to
be able safely abort of one of the jobs fails.
Signed-off-by: Pavel Hrdina
Reviewed-by: Peter Krempa
---
src/qemu/qemu_block.c| 3 ++-
src/qemu/q
External snapshots will use this to synchronize qemu block jobs.
Signed-off-by: Pavel Hrdina
Reviewed-by: Peter Krempa
---
src/qemu/qemu_block.c | 9 -
src/qemu/qemu_block.h | 1 +
src/qemu/qemu_driver.c | 3 ++-
3 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/src/qemu
Signed-off-by: Pavel Hrdina
Reviewed-by: Peter Krempa
---
src/qemu/qemu_domain.c | 95 +--
src/qemu/qemu_domain.h | 9
src/qemu/qemu_driver.c | 2 +-
src/qemu/qemu_snapshot.c | 96 +++-
src/qemu/qemu_snapshot.h
QEMU emits this signal when the job finished its work and is about to be
finalized. If the job is started with autofinalize disabled the job
waits for user input to finalize the job.
This will be used by snapshot delete code.
Signed-off-by: Pavel Hrdina
---
src/qemu/qemu_backup.c | 1 +
src/
This will allow to use it while having async domain job active which we
will use when deleting external snapshots.
Signed-off-by: Pavel Hrdina
Reviewed-by: Peter Krempa
---
src/qemu/qemu_block.c | 4 +++-
src/qemu/qemu_block.h | 1 +
src/qemu/qemu_driver.c | 2 +-
3 files changed, 5 insertion
This will be used by snapshot delete async domain job.
Signed-off-by: Pavel Hrdina
Reviewed-by: Peter Krempa
---
include/libvirt/libvirt-domain.h | 1 +
tools/virsh-domain.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libv
Signed-off-by: Pavel Hrdina
Reviewed-by: Peter Krempa
---
src/qemu/qemu_block.c | 32
src/qemu/qemu_block.h | 5 +
2 files changed, 37 insertions(+)
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index da3a1e8557..70811aa861 100644
--- a/src/qem
This will allow to use it while having async domain job active which we
will use when deleting external snapshots. At the same time we will need
to have the block job started as synchronous.
Signed-off-by: Pavel Hrdina
Reviewed-by: Peter Krempa
---
src/qemu/qemu_block.c | 23 ++
Move the code for finishing a job in the ready state to qemu_block.c.
Signed-off-by: Pavel Hrdina
Reviewed-by: Peter Krempa
---
src/qemu/qemu_block.c | 121
src/qemu/qemu_block.h | 5 ++
src/qemu/qemu_driver.c | 123 +-
Upcoming snapshot deletion code will require that multiple commit jobs
are finished in sync. To allow aborting then if one fails we will need
to use manual finalization of the jobs.
This commit implements the monitor code for `job-finalize`.
Signed-off-by: Pavel Hrdina
Reviewed-by: Peter Krempa
Signed-off-by: Pavel Hrdina
---
src/qemu/qemu_block.c | 177 +
src/qemu/qemu_block.h | 9 +++
src/qemu/qemu_driver.c | 162 +
3 files changed, 187 insertions(+), 161 deletions(-)
diff --git a/src/qemu/qemu_block.c b/
This implements virDomainSnapshotDelete API to support external
snapshots. The support doesn't include flags
VIR_DOMAIN_SNAPSHOT_DELETE_CHILDREN and
VIR_DOMAIN_SNAPSHOT_DELETE_CHILDREN_ONLY as it would add more complexity
and IMHO these flags should not existed at all.
Gitlab repo with the patches
On Thu, Nov 17, 2022 at 21:39:58 +0530, Shaleen Bathla wrote:
> ping
Sorry I was sick so didn't get to this until now.
> On Fri, Nov 11, 2022 at 02:54:38PM +0530, Shaleen Bathla wrote:
> > Problem:
> > libvirt has a 5 second timeout (generally) for hotplug/unplug
> > operations which can time out
ping
On Fri, Nov 11, 2022 at 02:54:38PM +0530, Shaleen Bathla wrote:
> Problem:
> libvirt has a 5 second timeout (generally) for hotplug/unplug
> operations which can time out due to heavy load in guest.
>
> vcpu hotunplug occurs one vcpu at a time.
> But, if we perform hotplug-unplug repeatedly,
Problem:
libvirt has a 5 second timeout (generally) for hotplug/unplug
operations which can time out due to heavy load in guest.
vcpu hotunplug occurs one vcpu at a time.
But, if we perform hotplug-unplug repeatedly,
Case 1: qemu sends multiple timedout vcpu unplug notification before
libvirt proc
On Thu, Nov 03, 2022 at 04:21:34PM +0100, Tim Wiederhake wrote:
> On Mon, 2022-10-31 at 09:38 +, Daniel P. Berrangé wrote:
> > On Fri, Oct 28, 2022 at 05:06:34PM +0200, Tim Wiederhake wrote:
> > > Signed-off-by: Tim Wiederhake
> > > Reviewed-by: Jiri Denemark
> > > ---
> > > src/cpu_map/x86_
On Mon, 2022-10-31 at 09:36 +, Daniel P. Berrangé wrote:
> On Fri, Oct 28, 2022 at 05:06:33PM +0200, Tim Wiederhake wrote:
> > A later patch will add alias names to the feature map. Ignore them
> > for now.
> >
> > Signed-off-by: Tim Wiederhake
> > Reviewed-by: Jiri Denemark
> > ---
> > src
On Mon, 2022-10-31 at 09:38 +, Daniel P. Berrangé wrote:
> On Fri, Oct 28, 2022 at 05:06:34PM +0200, Tim Wiederhake wrote:
> > Signed-off-by: Tim Wiederhake
> > Reviewed-by: Jiri Denemark
> > ---
> > src/cpu_map/x86_features.xml | 55 +---
> >
> > 1 file chan
On Mon, Oct 31, 2022 at 09:38:13 +, Daniel P. Berrangé wrote:
> On Fri, Oct 28, 2022 at 05:06:34PM +0200, Tim Wiederhake wrote:
> > Signed-off-by: Tim Wiederhake
> > Reviewed-by: Jiri Denemark
> > ---
> > src/cpu_map/x86_features.xml | 55 +---
> > 1 file chan
On Fri, Oct 28, 2022 at 05:06:34PM +0200, Tim Wiederhake wrote:
> Signed-off-by: Tim Wiederhake
> Reviewed-by: Jiri Denemark
> ---
> src/cpu_map/x86_features.xml | 55 +---
> 1 file changed, 38 insertions(+), 17 deletions(-)
>
> diff --git a/src/cpu_map/x86_featu
On Fri, Oct 28, 2022 at 05:06:33PM +0200, Tim Wiederhake wrote:
> A later patch will add alias names to the feature map. Ignore them for now.
>
> Signed-off-by: Tim Wiederhake
> Reviewed-by: Jiri Denemark
> ---
> src/cpu/cpu_x86.c | 10 --
> 1 file changed, 8 insertions(+), 2 deletions(
Signed-off-by: Tim Wiederhake
Reviewed-by: Jiri Denemark
---
src/cpu_map/x86_features.xml | 55 +---
1 file changed, 38 insertions(+), 17 deletions(-)
diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml
index 4cf3ff0804..90d0f43fc6 100644
---
Signed-off-by: Tim Wiederhake
Reviewed-by: Jiri Denemark
---
src/cpu_map/x86_features.xml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml
index fd4d34bc78..c00308268e 100644
--- a/src/cpu_map/x86_features.xml
+++ b/src/cpu_map/x8
Signed-off-by: Tim Wiederhake
Reviewed-by: Jiri Denemark
---
src/cpu_map/x86_features.xml | 3 +++
tests/cputestdata/x86_64-cpuid-EPYC-7502-32-Core-disabled.xml | 2 +-
tests/cputestdata/x86_64-cpuid-EPYC-7502-32-Core-guest.xml | 1 +
tests/cputestdata/x86_
Signed-off-by: Tim Wiederhake
Reviewed-by: Jiri Denemark
---
src/cpu_map/x86_features.xml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml
index c00308268e..c017b8ca3d 100644
--- a/src/cpu_map/x86_features.xml
+++ b/src/cpu_map/x8
Signed-off-by: Tim Wiederhake
Reviewed-by: Jiri Denemark
---
src/cpu_map/x86_features.xml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml
index 0db2c6a995..fd4d34bc78 100644
--- a/src/cpu_map/x86_features.xml
+++ b/src/cpu_map/x8
Signed-off-by: Tim Wiederhake
Reviewed-by: Jiri Denemark
---
src/cpu_map/x86_features.xml | 3 +++
tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml | 1 +
tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml | 1 +
tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml | 1 +
tests/domaincapsd
Signed-off-by: Tim Wiederhake
Reviewed-by: Jiri Denemark
---
src/cpu_map/x86_features.xml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml
index c017b8ca3d..4bbd096f71 100644
--- a/src/cpu_map/x86_features.xml
+++ b/src/cpu_map/x8
Signed-off-by: Tim Wiederhake
Reviewed-by: Jiri Denemark
---
src/cpu_map/x86_features.xml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml
index 194a414fdd..0db2c6a995 100644
--- a/src/cpu_map/x86_features.xml
+++ b/src/cpu_map/x8
Signed-off-by: Tim Wiederhake
Reviewed-by: Jiri Denemark
---
src/cpu_map/x86_features.xml | 3 +++
tests/cputestdata/x86_64-cpuid-EPYC-7502-32-Core-disabled.xml | 2 +-
tests/cputestdata/x86_64-cpuid-EPYC-7502-32-Core-guest.xml | 1 +
tests/cputestdata/x86_
Signed-off-by: Tim Wiederhake
Reviewed-by: Jiri Denemark
---
src/cpu_map/x86_features.xml | 5 +
tests/cputestdata/x86_64-cpuid-Atom-P5362-disabled.xml | 1 +
tests/cputestdata/x86_64-cpuid-Atom-P5362-guest.xml| 1 +
tests/cputestdata/x86_64-cpuid-Atom-P5362-hos
Signed-off-by: Tim Wiederhake
Reviewed-by: Jiri Denemark
---
src/cpu_map/x86_features.xml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml
index 7275ceb097..f3c503c42e 100644
--- a/src/cpu_map/x86_features.xml
+++ b/src/cpu_map/x8
Signed-off-by: Tim Wiederhake
Reviewed-by: Jiri Denemark
---
src/cpu_map/x86_features.xml| 3 +++
tests/cputestdata/x86_64-cpuid-Core-i7-7600U-disabled.xml | 2 +-
tests/cputestdata/x86_64-cpuid-Core-i7-7600U-guest.xml | 1 +
tests/cputestdata/x86_64-cpuid-
Signed-off-by: Tim Wiederhake
---
src/cpu_map/x86_features.xml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml
index bdada7757d..273812a5d0 100644
--- a/src/cpu_map/x86_features.xml
+++ b/src/cpu_map/x86_features.xml
@@ -414,6 +41
Signed-off-by: Tim Wiederhake
Reviewed-by: Jiri Denemark
---
src/cpu_map/x86_features.xml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml
index 4d77f4e595..194a414fdd 100644
--- a/src/cpu_map/x86_features.xml
+++ b/src/cpu_map/x8
Signed-off-by: Tim Wiederhake
Reviewed-by: Jiri Denemark
---
src/cpu_map/x86_features.xml| 3 +++
tests/cputestdata/x86_64-cpuid-Core-i7-8700-disabled.xml| 2 +-
tests/cputestdata/x86_64-cpuid-Core-i7-8700-guest.xml | 1 +
tests/cputestdata/x86_64-cpuid-
Signed-off-by: Tim Wiederhake
Reviewed-by: Jiri Denemark
---
src/cpu_map/x86_features.xml | 3 +++
tests/cputestdata/x86_64-cpuid-EPYC-7502-32-Core-disabled.xml | 2 +-
tests/cputestdata/x86_64-cpuid-EPYC-7502-32-Core-guest.xml | 1 +
tests/cputestdata/x86_
Signed-off-by: Tim Wiederhake
Reviewed-by: Jiri Denemark
---
src/cpu_map/x86_features.xml | 5 +
1 file changed, 5 insertions(+)
diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml
index 90d0f43fc6..5f17255a56 100644
--- a/src/cpu_map/x86_features.xml
+++ b/src/cpu_map/
Signed-off-by: Tim Wiederhake
Reviewed-by: Jiri Denemark
---
src/cpu_map/x86_features.xml | 5 +
1 file changed, 5 insertions(+)
diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml
index c89bc2d112..5b9e61a3d0 100644
--- a/src/cpu_map/x86_features.xml
+++ b/src/cpu_map/
A later patch will add alias names to the feature map. Ignore them for now.
Signed-off-by: Tim Wiederhake
Reviewed-by: Jiri Denemark
---
src/cpu/cpu_x86.c | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/cpu/cpu_x86.c b/src/cpu/cpu_x86.c
index 4d2379803c..d2560
Signed-off-by: Tim Wiederhake
Reviewed-by: Jiri Denemark
---
src/cpu_map/x86_features.xml | 17 +
1 file changed, 17 insertions(+)
diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml
index 273812a5d0..7275ceb097 100644
--- a/src/cpu_map/x86_features.xml
+++
Signed-off-by: Tim Wiederhake
---
src/cpu_map/x86_features.xml | 4
1 file changed, 4 insertions(+)
diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml
index 5b9e61a3d0..bdada7757d 100644
--- a/src/cpu_map/x86_features.xml
+++ b/src/cpu_map/x86_features.xml
@@ -411,6 +4
This makes the naming more consistent beween the two scripts
synching the feature list and the model list.
Signed-off-by: Tim Wiederhake
Reviewed-by: Jiri Denemark
---
src/cpu_map/{sync_qemu_i386.py => sync_qemu_models_i386.py} | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename src/cp
V1: https://listman.redhat.com/archives/libvir-list/2022-October/235007.html
Changes since V1:
* Fixed register for features "sgx1" and "sgx2". Double checked all other
features, just to be sure.
* Addes missing help message in sync_qemu_i386_features.py.
* Merged all eax=0x12 ecx=0x01 features
This script is intended to help in synchronizing i386 QEMU cpu
feature definitions with libvirt.
QEMU's attribute list for the "max-x86_64-cpu" contains non-cpu-feature
items and needs to be filtered before being useful.
Signed-off-by: Tim Wiederhake
---
src/cpu_map/sync_qemu_features_i386.py |
cpu-data.py assumes that all "feature" nodes have exactly one child.
This assumption will no longer be true when the cpumap includes alias-
names for features.
Signed-off-by: Tim Wiederhake
Reviewed-by: Jiri Denemark
---
tests/cputestdata/cpu-data.py | 11 +++
1 file changed, 7 insertio
On 26/10/2022 15:51, Daniel P. Berrangé wrote:
> On Wed, Oct 26, 2022 at 03:34:00PM +0300, Dov Murik wrote:
>>
>>
>> On 26/10/2022 12:59, Daniel P. Berrangé wrote:
>>> On Tue, Oct 25, 2022 at 07:38:43PM -0400, Cole Robinson wrote:
On 10/19/22 6:17 AM, Daniel P. Berrangé wrote:
[...]
>>> R
On Wed, Oct 26, 2022 at 03:47:12PM +0300, Dov Murik wrote:
>
>
> On 19/10/2022 13:17, berrange at redhat.com (Daniel P. Berrangé) wrote:
> > It is possible to build OVMF for SEV with an embedded Grub that can
> > fetch LUKS disk secrets. This adds support for injecting secrets in
> > the required
On 19/10/2022 13:17, berrange at redhat.com (Daniel P. Berrangé) wrote:
> It is possible to build OVMF for SEV with an embedded Grub that can
> fetch LUKS disk secrets. This adds support for injecting secrets in
> the required format.
>
> Signed-off-by: Daniel P. Berrang?
> ---
> docs/manpage
On Wed, Oct 26, 2022 at 08:52:24AM -0400, James Bottomley wrote:
> On Wed, 2022-10-26 at 10:59 +0100, Daniel P. Berrangé wrote:
> > On Tue, Oct 25, 2022 at 07:38:43PM -0400, Cole Robinson wrote:
> > >
> > > This bytes([0]) NUL byte ends up in the efi_secret /sys path.
> > > Dropping
> > > it doesn
On Wed, 2022-10-26 at 10:59 +0100, Daniel P. Berrangé wrote:
> On Tue, Oct 25, 2022 at 07:38:43PM -0400, Cole Robinson wrote:
> > On 10/19/22 6:17 AM, Daniel P. Berrangé wrote:
> > > It is possible to build OVMF for SEV with an embedded Grub that
> > > can fetch LUKS disk secrets. This adds support
On Wed, Oct 26, 2022 at 03:34:00PM +0300, Dov Murik wrote:
>
>
> On 26/10/2022 12:59, Daniel P. Berrangé wrote:
> > On Tue, Oct 25, 2022 at 07:38:43PM -0400, Cole Robinson wrote:
> >> On 10/19/22 6:17 AM, Daniel P. Berrangé wrote:
> >>> It is possible to build OVMF for SEV with an embedded Grub t
On 26/10/2022 12:59, Daniel P. Berrangé wrote:
> On Tue, Oct 25, 2022 at 07:38:43PM -0400, Cole Robinson wrote:
>> On 10/19/22 6:17 AM, Daniel P. Berrangé wrote:
>>> It is possible to build OVMF for SEV with an embedded Grub that can
>>> fetch LUKS disk secrets. This adds support for injecting s
On Wed, Oct 26, 2022 at 02:57:33PM +0300, Dov Murik wrote:
> (sorry in advance for missing CCs, I tried to download the mbox from
> https://listman.redhat.com/archives/libvir-list/ but it doesn't include
> the To and Cc lines of the messages.)
>
>
> On 19/10/2022 13:17, berrange at redhat.com (Da
(sorry in advance for missing CCs, I tried to download the mbox from
https://listman.redhat.com/archives/libvir-list/ but it doesn't include
the To and Cc lines of the messages.)
On 19/10/2022 13:17, berrange at redhat.com (Daniel P. Berrangé) wrote:
> When doing direct kernel boot we need to inc
On Tue, Oct 25, 2022 at 07:38:43PM -0400, Cole Robinson wrote:
> On 10/19/22 6:17 AM, Daniel P. Berrangé wrote:
> > It is possible to build OVMF for SEV with an embedded Grub that can
> > fetch LUKS disk secrets. This adds support for injecting secrets in
> > the required format.
> >
> > Signed-of
On 10/19/22 6:17 AM, Daniel P. Berrangé wrote:
> It is possible to build OVMF for SEV with an embedded Grub that can
> fetch LUKS disk secrets. This adds support for injecting secrets in
> the required format.
>
> Signed-off-by: Daniel P. Berrangé
> ---
> diff --git a/tools/virt-qemu-sev-validat
On 10/19/22 6:17 AM, Daniel P. Berrangé wrote:
> The libvirt QEMU driver provides all the functionality required for
> launching a guest on AMD SEV(-ES) platforms, with a configuration
> that enables attestation of the launch measurement. The documentation
> for how to actually perform an attestati
On Tue, Oct 25, 2022 at 02:35:00PM +0200, Pavel Hrdina wrote:
> On Tue, Oct 25, 2022 at 01:13:44PM +0100, Daniel P. Berrangé wrote:
> > On Tue, Oct 25, 2022 at 01:46:22PM +0200, Michal Prívozník wrote:
> > > On 10/25/22 13:43, Pavel Hrdina wrote:
> > > > This reverts commit e49313b54ed2a149c71f9073
On Tue, Oct 25, 2022 at 01:13:44PM +0100, Daniel P. Berrangé wrote:
> On Tue, Oct 25, 2022 at 01:46:22PM +0200, Michal Prívozník wrote:
> > On 10/25/22 13:43, Pavel Hrdina wrote:
> > > This reverts commit e49313b54ed2a149c71f9073659222742ff3ffb0.
> > > This reverts commit a0f37232b9c4296ca16955cc62
On Tue, Oct 25, 2022 at 01:46:22PM +0200, Michal Prívozník wrote:
> On 10/25/22 13:43, Pavel Hrdina wrote:
> > This reverts commit e49313b54ed2a149c71f9073659222742ff3ffb0.
> > This reverts commit a0f37232b9c4296ca16955cc625f75eb848ace39.
> >
> > Revert them together to not break build.
> >
> > T
On 10/25/22 13:43, Pavel Hrdina wrote:
> This reverts commit e49313b54ed2a149c71f9073659222742ff3ffb0.
> This reverts commit a0f37232b9c4296ca16955cc625f75eb848ace39.
>
> Revert them together to not break build.
>
> This fix of the issue is incorrect and breaks usage of other controllers
> in hyb
This reverts commit e49313b54ed2a149c71f9073659222742ff3ffb0.
This reverts commit a0f37232b9c4296ca16955cc625f75eb848ace39.
Revert them together to not break build.
This fix of the issue is incorrect and breaks usage of other controllers
in hybrid mode that systemd creates, specifically usage of
When validating a SEV-ES guest, we need to know the CPU count and VMSA
state. We can get the CPU count directly from libvirt's guest info. The
VMSA state can be constructed automatically if we query the CPU SKU from
host capabilities XML. Neither of these is secure, however, so this
behaviour is re
In general we expect to be able to construct a SEV-ES VMSA
blob from knowledge about the AMD achitectural CPU register
defaults, KVM setup and QEMU setup. If any of this unexpectedly
changes, figuring out what's wrong could be horrible. This
systemtap script demonstrates how to capture the real VMS
Expand the SEV guest kbase guide with information about how to configure
a SEV/SEV-ES guest when attestation is required, and mention the use of
virt-qemu-sev-validate as a way to confirm it.
Signed-off-by: Daniel P. Berrangé
---
docs/kbase/launch_security_sev.rst | 105 +
Accept information about a connection to libvirt and a guest on the
command line. Talk to libvirt to obtain the running guest state and
automatically detect as much configuration as possible.
It will refuse to use a libvirt connection that is thought to be local
to the current machine, as running
Despite efforts to make the virt-qemu-sev-validate tool friendly, it is
a certainty that almost everyone who tries it will hit false negative
results, getting a failure despite the VM being trustworthy.
Diagnosing these problems is no easy matter, especially for those not
familiar with SEV/SEV-ES
It is possible to build OVMF for SEV with an embedded Grub that can
fetch LUKS disk secrets. This adds support for injecting secrets in
the required format.
Signed-off-by: Daniel P. Berrangé
---
docs/manpages/virt-qemu-sev-validate.rst | 66 ++
tools/virt-qemu-sev-validate |
With the SEV-ES policy the VMSA state of each vCPU must be included in
the measured data. The VMSA state can be generated using the 'sevctl'
tool, by telling it a QEMU VMSA is required, and passing the hypevisor's
CPU SKU (family, model, stepping).
Signed-off-by: Daniel P. Berrangé
---
docs/manp
When connected to libvirt we can validate that the guest configuration
has the kernel hashes property enabled, otherwise including the kernel
GUID table in our expected measurements is not likely to match the
actual measurement.
When running locally we can also automatically detect the kernel/init
The VMSA files contain the expected CPU register state for the VM. Their
content varies based on a few pieces of the stack
- AMD CPU architectural initial state
- KVM hypervisor VM CPU initialization
- QEMU userspace VM CPU initialization
- AMD CPU SKU (family/model/stepping)
The first th
The virt-qemu-sev-validate program will compare a reported SEV/SEV-ES
domain launch measurement, to a computed launch measurement. This
determines whether the domain has been tampered with during launch.
This initial implementation requires all inputs to be provided
explicitly, and as such can run
This function is fine to use in other languages
Signed-off-by: Daniel P. Berrangé
---
build-aux/syntax-check.mk | 1 +
1 file changed, 1 insertion(+)
diff --git a/build-aux/syntax-check.mk b/build-aux/syntax-check.mk
index e35c2be734..8dc7495c45 100644
--- a/build-aux/syntax-check.mk
+++ b/buil
When doing direct kernel boot we need to include the kernel, initrd and
cmdline in the measurement.
Signed-off-by: Daniel P. Berrangé
---
docs/manpages/virt-qemu-sev-validate.rst | 43 ++
tools/virt-qemu-sev-validate | 102 ++-
2 files changed, 144 insert
The libvirt QEMU driver provides all the functionality required for
launching a guest on AMD SEV(-ES) platforms, with a configuration
that enables attestation of the launch measurement. The documentation
for how to actually perform an attestation is severely lacking and
not suitable for mere mortal
On 9/28/22 10:54, Yu Gu wrote:
> This patch provides basic support for the RISC-V architecture, so
> libvirt can run in RISC-V machine.
>
> Signed-off-by: Yu Gu
> ---
> po/POTFILES | 1 +
> src/cpu/cpu.c | 2 +
> src/cpu/cpu.h | 2 +
>
On a Tuesday in 2022, Daniel P. Berrangé wrote:
Changed in v2:
- Introduce g_autoptr support for virCapsHostCacheBank struct
Daniel P. Berrangé (2):
conf: define autoptr func for virCapsHostCacheBankFree
conf: skip resource cache init if sysfs files are missing
src/conf/capabilities.c | 90 +
Daniel P. Berrangé writes:
> Changed in v2:
>
> - Introduce g_autoptr support for virCapsHostCacheBank struct
>
> Daniel P. Berrangé (2):
> conf: define autoptr func for virCapsHostCacheBankFree
> conf: skip resource cache init if sysfs files are missing
>
> src/conf/capabilities.c | 90 +
On aarch64 the 'id' file is not present for CPU cache information in
sysfs. This causes the local stateful hypervisor drivers to fail to
initialize capabilities:
virStateInitialize:657 : Initialisation of cloud-hypervisor state driver
failed: no error
The 'no error' is because the 'virFileReadVa
This lets us simplify the cleanup paths when populating the host cache
bank information in capabilities XML.
Signed-off-by: Daniel P. Berrangé
---
src/conf/capabilities.c | 34 ++
src/conf/capabilities.h | 3 +++
2 files changed, 17 insertions(+), 20 deletions(-)
Changed in v2:
- Introduce g_autoptr support for virCapsHostCacheBank struct
Daniel P. Berrangé (2):
conf: define autoptr func for virCapsHostCacheBankFree
conf: skip resource cache init if sysfs files are missing
src/conf/capabilities.c | 90 +
src/
On a Friday in 2022, Jiri Denemark wrote:
This option can be used as a shortcut for creating a single XML with
just a CPU model name and no features:
$ virsh hypervisor-cpu-baseline --model Skylake-Server
Skylake-Server
Signed-off-by: Ji
On a Friday in 2022, Jiri Denemark wrote:
Signed-off-by: Jiri Denemark
---
Notes:
Version 2:
- new patch
docs/formatdomaincaps.rst | 18 ++
1 file changed, 14 insertions(+), 4 deletions(-)
Reviewed-by: Ján Tomko
Jano
On a Friday in 2022, Jiri Denemark wrote:
Signed-off-by: Jiri Denemark
---
Notes:
Version 2:
- patch 10/11 from v1 and the corresponding section in NEWS dropped
- mention --model for virsh hypervisor-cpu-baseline
- mention CPU blockers translation bug
- mention docs improvements
On a Friday in 2022, Jiri Denemark wrote:
Signed-off-by: Jiri Denemark
---
Notes:
Version 2:
- new patch
tools/virsh-completer-host.c | 50
tools/virsh-completer-host.h | 5
tools/virsh-host.c | 1 +
3 files changed, 56 insertions(+)
On a Friday in 2022, Jiri Denemark wrote:
Since commit "cpu_x86: Disable blockers from unusable CPU models"
(v3.8.0-99-g9c9620af1d) we explicitly disable CPU features reported by
QEMU as usability blockers for a particular CPU model when creating
baseline or host-model CPU definition. When QEMU c
On a Friday in 2022, Jiri Denemark wrote:
The API can be used to get usability blockers for an unusable CPU model,
which is not obvious. Let's explicitly document this behavior as it is
now mentioned in the documentation of domain capabilities XML.
Signed-off-by: Jiri Denemark
---
Notes:
Ve
Signed-off-by: Jiri Denemark
---
Notes:
Version 2:
- new patch
tools/virsh-completer-host.c | 50
tools/virsh-completer-host.h | 5
tools/virsh-host.c | 1 +
3 files changed, 56 insertions(+)
diff --git a/tools/virsh-completer-host.
301 - 400 of 18921 matches
Mail list logo