From nobody Sat May 4 10:38:34 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1567029179; cv=none; d=zoho.com; s=zohoarc; b=nu9bBob4DNF8wQBh+U6PK654fpnox1vsqC8+CYYUZjuBThiTZKMkRaBmSVcOFrZU7Kba3s0unLuTwFbWtzxxoXqN7DUoH7UkTZHFrmNt8RZijSZukUqcbAtswS4PyyM1/5zpkCOkbR/hpH2mXV2FnF7RT7sXLe5eRwc9haZwZ0c= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1567029179; h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To:ARC-Authentication-Results; bh=o1mFc4eWmFcCht/8y1dRlyy212953JBRUutuWdyWOLA=; b=TkW6lS2LPQAC8lfGAn/cveCq/GOOO/3NAbGdUfocWba12ACkmTAT9YYmO1uLJ+py75pSyWVEE49hCuneYsWzHk1Pl2zMeEffznXQGmFM5FXf4AWGUdLZ0qjO/6FLFWGfIzLuNI1WRdsmNGDTA/qNiW5CDSpcB505PhWGCHesBtc= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1567029179521227.2734649293169; Wed, 28 Aug 2019 14:52:59 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 6BCBF308FB9A; Wed, 28 Aug 2019 21:52:55 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 46177600F8; Wed, 28 Aug 2019 21:52:53 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id E4712180B536; Wed, 28 Aug 2019 21:52:49 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x7SLqm0B017708 for ; Wed, 28 Aug 2019 17:52:48 -0400 Received: by smtp.corp.redhat.com (Postfix) id 0B33E5C1B5; Wed, 28 Aug 2019 21:52:48 +0000 (UTC) Received: from himantopus.redhat.com (ovpn-116-135.phx2.redhat.com [10.3.116.135]) by smtp.corp.redhat.com (Postfix) with ESMTPS id BE3C85C21E for ; Wed, 28 Aug 2019 21:52:45 +0000 (UTC) From: Jonathon Jongsma To: libvir-list@redhat.com Date: Wed, 28 Aug 2019 16:52:39 -0500 Message-Id: <20190828215239.32185-1-jjongsma@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH] qemu: use 'bochs' video type by default for UEFI domains X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.43]); Wed, 28 Aug 2019 21:52:58 +0000 (UTC) Content-Type: text/plain; charset="utf-8" The 'bochs' video device doesn't have any legacy vga emulation so the attack surface is much lower. It works with OVMF, so UEFI guests should not see any functional difference to VGA. https://bugzilla.redhat.com/show_bug.cgi?id=3D1707119 Signed-off-by: Jonathon Jongsma --- NOTE: You may run into an error when trying to use the bochs video device. For example: error: internal error: process exited while connecting to monitor: 2019-08-28T21:32:20.134546Z qemu-system-x86_64: -device bochs-display,id=3Dvideo0,vgamem=3D16384k,bus=3Dpcie.0,addr=3D0x1: fail= ed to find romfile "vgabios-bochs-display.bin" This should be solved in e.g. Fedora 31 with newer releases of seabios/qemu= . As a temporary workaround, you can symlink the appropriate vgabios file under /usr/share/qemu/. src/qemu/qemu_domain.c | 19 +++++---- src/qemu/qemu_domain.h | 1 + .../video-default-nouefi.x86_64-latest.args | 36 +++++++++++++++++ .../qemuxml2argvdata/video-default-nouefi.xml | 20 ++++++++++ .../video-default-uefi.x86_64-latest.args | 40 +++++++++++++++++++ tests/qemuxml2argvdata/video-default-uefi.xml | 22 ++++++++++ tests/qemuxml2argvtest.c | 2 + 7 files changed, 133 insertions(+), 7 deletions(-) create mode 100644 tests/qemuxml2argvdata/video-default-nouefi.x86_64-late= st.args create mode 100644 tests/qemuxml2argvdata/video-default-nouefi.xml create mode 100644 tests/qemuxml2argvdata/video-default-uefi.x86_64-latest= .args create mode 100644 tests/qemuxml2argvdata/video-default-uefi.xml diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 4998474dc9..7ecb89ac84 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -4584,6 +4584,14 @@ qemuDomainValidateCpuCount(const virDomainDef *def, } =20 =20 +static bool +qemuDomainDefIsUEFI(const virDomainDef *def) +{ + return ((def->os.firmware =3D=3D VIR_DOMAIN_OS_DEF_FIRMWARE_EFI || + (def->os.loader && def->os.loader->type =3D=3D + VIR_DOMAIN_LOADER_TYPE_PFLASH))); +} + static int qemuDomainDefValidate(const virDomainDef *def, virCapsPtr caps ATTRIBUTE_UNUSED, @@ -4606,10 +4614,7 @@ qemuDomainDefValidate(const virDomainDef *def, } =20 /* On x86, UEFI requires ACPI */ - if ((def->os.firmware =3D=3D VIR_DOMAIN_OS_DEF_FIRMWARE_EFI || - (def->os.loader && - def->os.loader->type =3D=3D VIR_DOMAIN_LOADER_TYPE_PFLASH)) && - ARCH_IS_X86(def->os.arch) && + if (qemuDomainDefIsUEFI(def) && ARCH_IS_X86(def->os.arch) && def->features[VIR_DOMAIN_FEATURE_ACPI] !=3D VIR_TRISTATE_SWITCH_ON= ) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("UEFI requires ACPI on this architecture")); @@ -4619,9 +4624,7 @@ qemuDomainDefValidate(const virDomainDef *def, /* On aarch64, ACPI requires UEFI */ if (def->features[VIR_DOMAIN_FEATURE_ACPI] =3D=3D VIR_TRISTATE_SWITCH_= ON && def->os.arch =3D=3D VIR_ARCH_AARCH64 && - (def->os.firmware !=3D VIR_DOMAIN_OS_DEF_FIRMWARE_EFI && - (!def->os.loader || - def->os.loader->type !=3D VIR_DOMAIN_LOADER_TYPE_PFLASH))) { + !qemuDomainDefIsUEFI(def)) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("ACPI requires UEFI on this architecture")); goto cleanup; @@ -7452,6 +7455,8 @@ qemuDomainDeviceVideoDefPostParse(virDomainVideoDefPt= r video, qemuDomainIsRISCVVirt(def) || ARCH_IS_S390(def->os.arch)) video->type =3D VIR_DOMAIN_VIDEO_TYPE_VIRTIO; + else if (qemuDomainDefIsUEFI(def)) + video->type =3D VIR_DOMAIN_VIDEO_TYPE_BOCHS; else video->type =3D VIR_DOMAIN_VIDEO_TYPE_CIRRUS; } diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index 37a00323a7..c6deab1c52 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -923,6 +923,7 @@ bool qemuDomainHasBuiltinIDE(const virDomainDef *def); bool qemuDomainNeedsFDC(const virDomainDef *def); bool qemuDomainSupportsPCI(virDomainDefPtr def, virQEMUCapsPtr qemuCaps); +bool qemuDomainIsUEFI(const virDomainDef *def); =20 void qemuDomainUpdateCurrentMemorySize(virDomainObjPtr vm); =20 diff --git a/tests/qemuxml2argvdata/video-default-nouefi.x86_64-latest.args= b/tests/qemuxml2argvdata/video-default-nouefi.x86_64-latest.args new file mode 100644 index 0000000000..f0c9e36594 --- /dev/null +++ b/tests/qemuxml2argvdata/video-default-nouefi.x86_64-latest.args @@ -0,0 +1,36 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/tmp/lib/domain--1-guest \ +USER=3Dtest \ +LOGNAME=3Dtest \ +XDG_DATA_HOME=3D/tmp/lib/domain--1-guest/.local/share \ +XDG_CACHE_HOME=3D/tmp/lib/domain--1-guest/.cache \ +XDG_CONFIG_HOME=3D/tmp/lib/domain--1-guest/.config \ +QEMU_AUDIO_DRV=3Dnone \ +/usr/bin/qemu-system-x86_64 \ +-name guest=3Dguest,debug-threads=3Don \ +-S \ +-object secret,id=3DmasterKey0,format=3Draw,\ +file=3D/tmp/lib/domain--1-guest/master-key.aes \ +-machine q35,accel=3Dtcg,usb=3Doff,dump-guest-core=3Doff \ +-cpu Haswell \ +-m 1024 \ +-overcommit mem-lock=3Doff \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid 26b73eb7-f8c4-4541-ae6f-06607a1b21c3 \ +-display none \ +-no-user-config \ +-nodefaults \ +-chardev socket,id=3Dcharmonitor,fd=3D1729,server,nowait \ +-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \ +-rtc base=3Dutc \ +-no-shutdown \ +-boot strict=3Don \ +-device pcie-root-port,port=3D0x10,chassis=3D1,id=3Dpci.1,bus=3Dpcie.0,\ +multifunction=3Don,addr=3D0x2 \ +-device pcie-root-port,port=3D0x11,chassis=3D2,id=3Dpci.2,bus=3Dpcie.0,add= r=3D0x2.0x1 \ +-device qemu-xhci,id=3Dusb,bus=3Dpci.1,addr=3D0x0 \ +-device cirrus-vga,id=3Dvideo0,bus=3Dpcie.0,addr=3D0x1 \ +-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,\ +resourcecontrol=3Ddeny \ +-msg timestamp=3Don diff --git a/tests/qemuxml2argvdata/video-default-nouefi.xml b/tests/qemuxm= l2argvdata/video-default-nouefi.xml new file mode 100644 index 0000000000..7db2bedf6c --- /dev/null +++ b/tests/qemuxml2argvdata/video-default-nouefi.xml @@ -0,0 +1,20 @@ + + guest + 26b73eb7-f8c4-4541-ae6f-06607a1b21c3 + 1048576 + 1 + + hvm + + + + + + Haswell + + + /usr/bin/qemu-system-x86_64 + + + diff --git a/tests/qemuxml2argvdata/video-default-uefi.x86_64-latest.args b= /tests/qemuxml2argvdata/video-default-uefi.x86_64-latest.args new file mode 100644 index 0000000000..75c599f321 --- /dev/null +++ b/tests/qemuxml2argvdata/video-default-uefi.x86_64-latest.args @@ -0,0 +1,40 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/tmp/lib/domain--1-guest \ +USER=3Dtest \ +LOGNAME=3Dtest \ +XDG_DATA_HOME=3D/tmp/lib/domain--1-guest/.local/share \ +XDG_CACHE_HOME=3D/tmp/lib/domain--1-guest/.cache \ +XDG_CONFIG_HOME=3D/tmp/lib/domain--1-guest/.config \ +QEMU_AUDIO_DRV=3Dnone \ +/usr/bin/qemu-system-x86_64 \ +-name guest=3Dguest,debug-threads=3Don \ +-S \ +-object secret,id=3DmasterKey0,format=3Draw,\ +file=3D/tmp/lib/domain--1-guest/master-key.aes \ +-machine q35,accel=3Dtcg,usb=3Doff,dump-guest-core=3Doff \ +-cpu Haswell \ +-drive file=3D/usr/share/OVMF/OVMF_CODE.fd,if=3Dpflash,format=3Draw,unit= =3D0,\ +readonly=3Don \ +-drive file=3D/var/lib/libvirt/qemu/nvram/guest_VARS.fd,if=3Dpflash,format= =3Draw,\ +unit=3D1 \ +-m 1024 \ +-overcommit mem-lock=3Doff \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid 26b73eb7-f8c4-4541-ae6f-06607a1b21c3 \ +-display none \ +-no-user-config \ +-nodefaults \ +-chardev socket,id=3Dcharmonitor,fd=3D1729,server,nowait \ +-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \ +-rtc base=3Dutc \ +-no-shutdown \ +-boot strict=3Don \ +-device pcie-root-port,port=3D0x10,chassis=3D1,id=3Dpci.1,bus=3Dpcie.0,\ +multifunction=3Don,addr=3D0x2 \ +-device pcie-root-port,port=3D0x11,chassis=3D2,id=3Dpci.2,bus=3Dpcie.0,add= r=3D0x2.0x1 \ +-device qemu-xhci,id=3Dusb,bus=3Dpci.1,addr=3D0x0 \ +-device bochs-display,id=3Dvideo0,vgamem=3D16384k,bus=3Dpcie.0,addr=3D0x1 \ +-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,\ +resourcecontrol=3Ddeny \ +-msg timestamp=3Don diff --git a/tests/qemuxml2argvdata/video-default-uefi.xml b/tests/qemuxml2= argvdata/video-default-uefi.xml new file mode 100644 index 0000000000..59e880c78c --- /dev/null +++ b/tests/qemuxml2argvdata/video-default-uefi.xml @@ -0,0 +1,22 @@ + + guest + 26b73eb7-f8c4-4541-ae6f-06607a1b21c3 + 1048576 + 1 + + hvm + /usr/share/OVMF/OVMF_CODE.fd<= /loader> + /var/lib/libvirt/qemu/nvram/guest_VARS.fd + + + + + + Haswell + + + /usr/bin/qemu-system-x86_64 + + + diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 9395cc19a2..671e79e631 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -2045,6 +2045,8 @@ mymain(void) DO_TEST("video-none-device", QEMU_CAPS_VNC); DO_TEST_PARSE_ERROR("video-invalid-multiple-devices", NONE); + DO_TEST_CAPS_LATEST("video-default-uefi"); + DO_TEST_CAPS_LATEST("video-default-nouefi"); =20 DO_TEST("virtio-rng-default", QEMU_CAPS_DEVICE_VIRTIO_RNG, --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list