From nobody Tue Feb 10 05:44:00 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1770645925; cv=none; d=zohomail.com; s=zohoarc; b=XAdDwKnDOw/cPYHgaYhmR9EIZTPkNzGwX9QbkStez5lvFZEo/3/Myt40VdgTcZ0pRJ/tO+pSIIAjSN91+7d5HuJTDeP9xTcQnHPAr02XOYh+1OedP1l4SQ4VnN8TNJYv+FdDGtVuv6vK4VzJgICQ/3y0du+M5/63+ugKp5sRoYo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1770645925; h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc; bh=U0R5CUnm/vVEMJNmvv8QrmtIqzljkyhviU8W0R+i5Ik=; b=bvRGsV+Cfe06xzqN0514RcuaAYvDITz8qjBZrBezLxqO8uBf8HUueO3XeMDIjtllfeYFhLN4m4YSAWlWec4B1GrFIesnod1RVcpOuRRqUNFO/LxwE/KzI7X+97E3NaBc2NGCwtMOvfZluLDCdEOo8J9F6hA8jbE7G4Lw6+2ZFjA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1770645925570494.2873354540096; Mon, 9 Feb 2026 06:05:25 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 993) id ACB8043F13; Mon, 9 Feb 2026 09:05:24 -0500 (EST) Received: from [172.19.199.6] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id 2A7BC43FBA; Mon, 9 Feb 2026 08:48:29 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 993) id 906AA41B1E; Mon, 9 Feb 2026 08:48:24 -0500 (EST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id E792741ACC for ; Mon, 9 Feb 2026 08:47:28 -0500 (EST) Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-79-KNOk_8xDNFicd8EGRZIq-g-1; Mon, 09 Feb 2026 08:47:27 -0500 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 5C3ED195608E for ; Mon, 9 Feb 2026 13:47:26 +0000 (UTC) Received: from harajuku.usersys.redhat.com.homenet.telecomitalia.it (unknown [10.45.226.251]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 5F7D41956053 for ; Mon, 9 Feb 2026 13:47:25 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1770644848; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=U0R5CUnm/vVEMJNmvv8QrmtIqzljkyhviU8W0R+i5Ik=; b=ITj4M0XBDmjrH1A5WQ932yaCfNHqgHzMvIrbfe+8gb2p9TD8YzdHdAzO00Lxwdk0lqgTUd QS44/MPYQuU2PN3JTraUa0njmpJC+BKQxhlintOgeXjLGLpWF53KethRTsbflP5YaD1Dvz m0fCW3uX4FN8qN24mp2UCaO/2qNkQpw= X-MC-Unique: KNOk_8xDNFicd8EGRZIq-g-1 X-Mimecast-MFC-AGG-ID: KNOk_8xDNFicd8EGRZIq-g_1770644846 To: devel@lists.libvirt.org Subject: [PATCH v2 08/38] conf: Update validation to consider varstore element Date: Mon, 9 Feb 2026 14:46:42 +0100 Message-ID: <20260209134712.296670-9-abologna@redhat.com> In-Reply-To: <20260209134712.296670-1-abologna@redhat.com> References: <20260209134712.296670-1-abologna@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: LJbW_tlCN7Bj9aepwvIxPR3tsGSCcP28SEgVqXD-tss_1770644846 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: 5RXVDLJKGHSG6FTEBSTEGRFN4AH5574F X-Message-ID-Hash: 5RXVDLJKGHSG6FTEBSTEGRFN4AH5574F X-MailFrom: abologna@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Andrea Bolognani via Devel Reply-To: Andrea Bolognani X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1770645926537158500 Content-Type: text/plain; charset="utf-8"; x-default="true" The code is reworked quite significantly, but most of the existing checks are preserved. Those that aren't, notably the one that allowed pflash as the only acceptable non-stateless firmware type, are intentionally removed because they will no longer reflect reality once support for the uefi-vars QEMU device is introduced. As a side effect, reworking the function in this fashion resolves a subtle bug: due to the early exits that were being performed when the loader element was missing, the checks at the bottom of the function (related to the shim and kernel elements) were effectively never performed. This is no longer the case. Signed-off-by: Andrea Bolognani --- src/conf/domain_validate.c | 82 +++++++------------ ...-auto-bios-not-stateless.x86_64-latest.err | 2 +- ...-auto-bios-not-stateless.x86_64-latest.xml | 35 ++++++++ ...firmware-auto-bios-nvram.x86_64-latest.err | 2 +- ...nual-bios-not-stateless.x86_64-latest.args | 32 ++++++++ ...anual-bios-not-stateless.x86_64-latest.err | 1 - ...anual-bios-not-stateless.x86_64-latest.xml | 28 +++++++ ...nual-efi-nvram-stateless.x86_64-latest.err | 2 +- ...nvram-template-stateless.x86_64-latest.err | 2 +- ...ware-manual-efi-rw-nvram.x86_64-latest.err | 2 +- tests/qemuxmlconftest.c | 7 +- 11 files changed, 135 insertions(+), 60 deletions(-) create mode 100644 tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.= x86_64-latest.xml create mode 100644 tests/qemuxmlconfdata/firmware-manual-bios-not-stateles= s.x86_64-latest.args delete mode 100644 tests/qemuxmlconfdata/firmware-manual-bios-not-stateles= s.x86_64-latest.err create mode 100644 tests/qemuxmlconfdata/firmware-manual-bios-not-stateles= s.x86_64-latest.xml diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c index 1ad614935f..7e3da84767 100644 --- a/src/conf/domain_validate.c +++ b/src/conf/domain_validate.c @@ -1723,100 +1723,78 @@ virDomainDefOSValidate(const virDomainDef *def, virDomainXMLOption *xmlopt) { virDomainLoaderDef *loader =3D def->os.loader; + virDomainVarstoreDef *varstore =3D def->os.varstore; + virDomainOsDefFirmware firmware =3D def->os.firmware; + int *firmwareFeatures =3D def->os.firmwareFeatures; + bool usesNvram =3D loader && (loader->nvram || loader->nvramTemplate |= | loader->nvramTemplateFormat); =20 - if (def->os.firmware) { + if (firmware) { if (xmlopt && !(xmlopt->config.features & VIR_DOMAIN_DEF_FEATURE_F= W_AUTOSELECT)) { virReportError(VIR_ERR_XML_DETAIL, "%s", _("firmware auto selection not implemented for = this driver")); return -1; } =20 - if (def->os.firmwareFeatures && - def->os.firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_EN= ROLLED_KEYS] =3D=3D VIR_TRISTATE_BOOL_YES && - def->os.firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_SE= CURE_BOOT] =3D=3D VIR_TRISTATE_BOOL_NO) { + if (firmwareFeatures && + firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_ENROLLED_K= EYS] =3D=3D VIR_TRISTATE_BOOL_YES && + firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_SECURE_BOO= T] =3D=3D VIR_TRISTATE_BOOL_NO) { virReportError(VIR_ERR_XML_DETAIL, "%s", _("firmware feature 'enrolled-keys' cannot be e= nabled when firmware feature 'secure-boot' is disabled")); return -1; } - - if (!loader) - return 0; - - if (loader->nvram && def->os.firmware !=3D VIR_DOMAIN_OS_DEF_FIRMW= ARE_EFI) { - virReportError(VIR_ERR_XML_DETAIL, - _("firmware type '%1$s' does not support nvram"= ), - virDomainOsDefFirmwareTypeToString(def->os.firm= ware)); - return -1; - } } else { - if (def->os.firmwareFeatures) { + if (firmwareFeatures) { virReportError(VIR_ERR_XML_DETAIL, "%s", _("cannot use feature-based firmware autoselect= ion when firmware autoselection is disabled")); return -1; } =20 - if (!loader) - return 0; - - if (!loader->path) { + if (loader && !loader->path) { virReportError(VIR_ERR_XML_DETAIL, "%s", _("no loader path specified and firmware auto s= election disabled")); return -1; } } =20 - if (loader->readonly =3D=3D VIR_TRISTATE_BOOL_NO) { - if (loader->type =3D=3D VIR_DOMAIN_LOADER_TYPE_ROM) { + if (loader && loader->type =3D=3D VIR_DOMAIN_LOADER_TYPE_ROM) { + if (loader->readonly =3D=3D VIR_TRISTATE_BOOL_NO) { virReportError(VIR_ERR_XML_DETAIL, "%s", _("ROM loader type cannot be used as read/write= ")); return -1; } =20 - if (loader->nvramTemplate) { - virReportError(VIR_ERR_XML_DETAIL, "%s", - _("NVRAM template is not permitted when loader = is read/write")); + if (loader->format && + loader->format !=3D VIR_STORAGE_FILE_RAW) { + virReportError(VIR_ERR_XML_DETAIL, + _("Invalid format '%1$s' for ROM loader type"), + virStorageFileFormatTypeToString(loader->format= )); return -1; } + } =20 - if (loader->nvram) { + if (usesNvram && varstore) { virReportError(VIR_ERR_XML_DETAIL, "%s", - _("NVRAM is not permitted when loader is read/w= rite")); + _("Only one of NVRAM/varstore can be used")); return -1; - } } =20 - if (loader->stateless =3D=3D VIR_TRISTATE_BOOL_YES) { - if (loader->nvramTemplate) { - virReportError(VIR_ERR_XML_DETAIL, "%s", - _("NVRAM template is not permitted when loader = is stateless")); + if (usesNvram || varstore) { + if (firmware && firmware !=3D VIR_DOMAIN_OS_DEF_FIRMWARE_EFI) { + virReportError(VIR_ERR_XML_DETAIL, + _("Firmware type '%1$s' does not support variab= le storage (NVRAM/varstore)"), + virDomainOsDefFirmwareTypeToString(firmware)); return -1; } =20 - if (loader->nvram) { - virReportError(VIR_ERR_XML_DETAIL, "%s", - _("NVRAM is not permitted when loader is statel= ess")); - return -1; - } - } else if (loader->stateless =3D=3D VIR_TRISTATE_BOOL_NO) { - if (def->os.firmware =3D=3D VIR_DOMAIN_OS_DEF_FIRMWARE_NONE) { - if (def->os.loader->type !=3D VIR_DOMAIN_LOADER_TYPE_PFLASH) { - virReportError(VIR_ERR_XML_DETAIL, "%s", - _("Only pflash loader type permits NVRAM")); - return -1; - } - } else if (def->os.firmware !=3D VIR_DOMAIN_OS_DEF_FIRMWARE_EFI) { + if (loader && loader->stateless =3D=3D VIR_TRISTATE_BOOL_YES) { virReportError(VIR_ERR_XML_DETAIL, "%s", - _("Only EFI firmware permits NVRAM")); + _("Variable storage (NVRAM/varstore) is not per= mitted when loader is stateless")); return -1; } - } =20 - if (loader->type =3D=3D VIR_DOMAIN_LOADER_TYPE_ROM) { - if (loader->format && - loader->format !=3D VIR_STORAGE_FILE_RAW) { - virReportError(VIR_ERR_XML_DETAIL, - _("Invalid format '%1$s' for ROM loader type"), - virStorageFileFormatTypeToString(loader->format= )); + if (loader && loader->readonly =3D=3D VIR_TRISTATE_BOOL_NO) { + virReportError(VIR_ERR_XML_DETAIL, "%s", + _("Variable storage (NVRAM/varstore) is not per= mitted when loader is read/write")); return -1; } } diff --git a/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-= latest.err b/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-= latest.err index b058f970a4..743fe27a97 100644 --- a/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-latest.= err +++ b/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-latest.= err @@ -1 +1 @@ -Only EFI firmware permits NVRAM +operation failed: Unable to find 'bios' firmware that is compatible with t= he current configuration diff --git a/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-= latest.xml b/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-= latest.xml new file mode 100644 index 0000000000..062835e351 --- /dev/null +++ b/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-latest.= xml @@ -0,0 +1,35 @@ + + guest + 63840878-0deb-4095-97e6-fc444d9bc9fa + 1048576 + 1048576 + 1 + + hvm + + + + + + + + qemu64 + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + +
+ + + + +