From nobody Tue Mar 3 04:52:43 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1771872250; cv=none; d=zohomail.com; s=zohoarc; b=Q8ZQZxQGogCGKlGvkm7nQt3j5/pjSkiDkYtFZ7ONt91+KBiZFc1ZsbQsq3VEwwymIlc9YV7JnYGj9mMCKfFRxcLMHUfanymjmNKYeh9754wJg9r36DeQxzwOWSmQZsz0ubEWSaX5cAoA6gGS5X1Dp5GrVSgYSZyp2tkPjS8yLK0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1771872250; h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc; bh=keT7FYa8RvEzAB/RNjHpKZ8NZ3Gg/PhfzeJF9NrkHQs=; b=gFCqfluH4TvMU+8Nshcn3xDgi4YfQEhx8q0D2nveniNjm9m7MaaV0HDB1BQZtnVFcZg2FSjcNafFp2bzk17teQGtHbBsx8xhfffkkbaJuwQVEweb86kAjsk/I+4oYZXA08gHVsX9Gs773rHNPr0HfmQNs9LrqRBjSlvn5l2OxHg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1771872250741863.034235560119; Mon, 23 Feb 2026 10:44:10 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 993) id DB6BA41AF0; Mon, 23 Feb 2026 13:44:09 -0500 (EST) Received: from [172.19.199.9] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id B4AC141DC7; Mon, 23 Feb 2026 13:34:30 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 993) id D291741B17; Mon, 23 Feb 2026 13:34:15 -0500 (EST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id B102641B1D for ; Mon, 23 Feb 2026 13:31:43 -0500 (EST) Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-103-QkfhAZWNMJG08sTuxmx2tg-1; Mon, 23 Feb 2026 13:31:42 -0500 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 564631800282 for ; Mon, 23 Feb 2026 18:31:41 +0000 (UTC) Received: from kinshicho.usersys.redhat.com (unknown [10.44.32.20]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 1908B1955D71 for ; Mon, 23 Feb 2026 18:31:39 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HELO_MISC_IP,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1771871503; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=keT7FYa8RvEzAB/RNjHpKZ8NZ3Gg/PhfzeJF9NrkHQs=; b=Mhe7mafoEF5nJ5TKVAUA6Qb/zTu9Q8l/0M73u5v4EaZQCstL474IATY0HuFk/0G7UFZ/ML lKowjML3gWRJTdViGEOF3iYra9xq4ERR9KdrC4jDbTC+qnWBaR+dkdiexlMcE6yVG2J3k9 tf3gGHNu+cc3vnkVAawn3bH4//KVB8Y= X-MC-Unique: QkfhAZWNMJG08sTuxmx2tg-1 X-Mimecast-MFC-AGG-ID: QkfhAZWNMJG08sTuxmx2tg_1771871501 To: devel@lists.libvirt.org Subject: [PATCH v4 08/36] conf: Update validation to consider varstore element Date: Mon, 23 Feb 2026 19:30:51 +0100 Message-ID: <20260223183119.501349-9-abologna@redhat.com> In-Reply-To: <20260223183119.501349-1-abologna@redhat.com> References: <20260223183119.501349-1-abologna@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: pJOuHha1mif3tqg-n_Hz7L2uqnwXeIHNa9KPcEOgCUk_1771871501 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-ID-Hash: GSK4C6EFOG52MGBX3GHEZHCRBFXZH5DN X-Message-ID-Hash: GSK4C6EFOG52MGBX3GHEZHCRBFXZH5DN X-MailFrom: abologna@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Andrea Bolognani via Devel Reply-To: Andrea Bolognani X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1771872251219158500 The code is reworked quite significantly, but most of the existing checks are preserved. Those that aren't, notably the one that allowed pflash as the only acceptable non-stateless firmware type, are intentionally removed because they will no longer reflect reality once support for the uefi-vars QEMU device is introduced. As a side effect, reworking the function in this fashion resolves a subtle bug: due to the early exits that were being performed when the loader element was missing, the checks at the bottom of the function (related to the shim and kernel elements) were effectively never performed. This is no longer the case. Signed-off-by: Andrea Bolognani Reviewed-by: Michal Privoznik Acked-by: Gerd Hoffmann Reviewed-by: Daniel P. Berrang=C3=A9 --- src/conf/domain_validate.c | 82 +++++++------------ ...-auto-bios-not-stateless.x86_64-latest.err | 2 +- ...-auto-bios-not-stateless.x86_64-latest.xml | 35 ++++++++ ...firmware-auto-bios-nvram.x86_64-latest.err | 2 +- ...nual-bios-not-stateless.x86_64-latest.args | 32 ++++++++ ...anual-bios-not-stateless.x86_64-latest.err | 1 - ...anual-bios-not-stateless.x86_64-latest.xml | 28 +++++++ ...nual-efi-nvram-stateless.x86_64-latest.err | 2 +- ...nvram-template-stateless.x86_64-latest.err | 2 +- ...ware-manual-efi-rw-nvram.x86_64-latest.err | 2 +- tests/qemuxmlconftest.c | 7 +- 11 files changed, 135 insertions(+), 60 deletions(-) create mode 100644 tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.= x86_64-latest.xml create mode 100644 tests/qemuxmlconfdata/firmware-manual-bios-not-stateles= s.x86_64-latest.args delete mode 100644 tests/qemuxmlconfdata/firmware-manual-bios-not-stateles= s.x86_64-latest.err create mode 100644 tests/qemuxmlconfdata/firmware-manual-bios-not-stateles= s.x86_64-latest.xml diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c index 1ad614935f..7e3da84767 100644 --- a/src/conf/domain_validate.c +++ b/src/conf/domain_validate.c @@ -1723,100 +1723,78 @@ virDomainDefOSValidate(const virDomainDef *def, virDomainXMLOption *xmlopt) { virDomainLoaderDef *loader =3D def->os.loader; + virDomainVarstoreDef *varstore =3D def->os.varstore; + virDomainOsDefFirmware firmware =3D def->os.firmware; + int *firmwareFeatures =3D def->os.firmwareFeatures; + bool usesNvram =3D loader && (loader->nvram || loader->nvramTemplate |= | loader->nvramTemplateFormat); =20 - if (def->os.firmware) { + if (firmware) { if (xmlopt && !(xmlopt->config.features & VIR_DOMAIN_DEF_FEATURE_F= W_AUTOSELECT)) { virReportError(VIR_ERR_XML_DETAIL, "%s", _("firmware auto selection not implemented for = this driver")); return -1; } =20 - if (def->os.firmwareFeatures && - def->os.firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_EN= ROLLED_KEYS] =3D=3D VIR_TRISTATE_BOOL_YES && - def->os.firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_SE= CURE_BOOT] =3D=3D VIR_TRISTATE_BOOL_NO) { + if (firmwareFeatures && + firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_ENROLLED_K= EYS] =3D=3D VIR_TRISTATE_BOOL_YES && + firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_SECURE_BOO= T] =3D=3D VIR_TRISTATE_BOOL_NO) { virReportError(VIR_ERR_XML_DETAIL, "%s", _("firmware feature 'enrolled-keys' cannot be e= nabled when firmware feature 'secure-boot' is disabled")); return -1; } - - if (!loader) - return 0; - - if (loader->nvram && def->os.firmware !=3D VIR_DOMAIN_OS_DEF_FIRMW= ARE_EFI) { - virReportError(VIR_ERR_XML_DETAIL, - _("firmware type '%1$s' does not support nvram"= ), - virDomainOsDefFirmwareTypeToString(def->os.firm= ware)); - return -1; - } } else { - if (def->os.firmwareFeatures) { + if (firmwareFeatures) { virReportError(VIR_ERR_XML_DETAIL, "%s", _("cannot use feature-based firmware autoselect= ion when firmware autoselection is disabled")); return -1; } =20 - if (!loader) - return 0; - - if (!loader->path) { + if (loader && !loader->path) { virReportError(VIR_ERR_XML_DETAIL, "%s", _("no loader path specified and firmware auto s= election disabled")); return -1; } } =20 - if (loader->readonly =3D=3D VIR_TRISTATE_BOOL_NO) { - if (loader->type =3D=3D VIR_DOMAIN_LOADER_TYPE_ROM) { + if (loader && loader->type =3D=3D VIR_DOMAIN_LOADER_TYPE_ROM) { + if (loader->readonly =3D=3D VIR_TRISTATE_BOOL_NO) { virReportError(VIR_ERR_XML_DETAIL, "%s", _("ROM loader type cannot be used as read/write= ")); return -1; } =20 - if (loader->nvramTemplate) { - virReportError(VIR_ERR_XML_DETAIL, "%s", - _("NVRAM template is not permitted when loader = is read/write")); + if (loader->format && + loader->format !=3D VIR_STORAGE_FILE_RAW) { + virReportError(VIR_ERR_XML_DETAIL, + _("Invalid format '%1$s' for ROM loader type"), + virStorageFileFormatTypeToString(loader->format= )); return -1; } + } =20 - if (loader->nvram) { + if (usesNvram && varstore) { virReportError(VIR_ERR_XML_DETAIL, "%s", - _("NVRAM is not permitted when loader is read/w= rite")); + _("Only one of NVRAM/varstore can be used")); return -1; - } } =20 - if (loader->stateless =3D=3D VIR_TRISTATE_BOOL_YES) { - if (loader->nvramTemplate) { - virReportError(VIR_ERR_XML_DETAIL, "%s", - _("NVRAM template is not permitted when loader = is stateless")); + if (usesNvram || varstore) { + if (firmware && firmware !=3D VIR_DOMAIN_OS_DEF_FIRMWARE_EFI) { + virReportError(VIR_ERR_XML_DETAIL, + _("Firmware type '%1$s' does not support variab= le storage (NVRAM/varstore)"), + virDomainOsDefFirmwareTypeToString(firmware)); return -1; } =20 - if (loader->nvram) { - virReportError(VIR_ERR_XML_DETAIL, "%s", - _("NVRAM is not permitted when loader is statel= ess")); - return -1; - } - } else if (loader->stateless =3D=3D VIR_TRISTATE_BOOL_NO) { - if (def->os.firmware =3D=3D VIR_DOMAIN_OS_DEF_FIRMWARE_NONE) { - if (def->os.loader->type !=3D VIR_DOMAIN_LOADER_TYPE_PFLASH) { - virReportError(VIR_ERR_XML_DETAIL, "%s", - _("Only pflash loader type permits NVRAM")); - return -1; - } - } else if (def->os.firmware !=3D VIR_DOMAIN_OS_DEF_FIRMWARE_EFI) { + if (loader && loader->stateless =3D=3D VIR_TRISTATE_BOOL_YES) { virReportError(VIR_ERR_XML_DETAIL, "%s", - _("Only EFI firmware permits NVRAM")); + _("Variable storage (NVRAM/varstore) is not per= mitted when loader is stateless")); return -1; } - } =20 - if (loader->type =3D=3D VIR_DOMAIN_LOADER_TYPE_ROM) { - if (loader->format && - loader->format !=3D VIR_STORAGE_FILE_RAW) { - virReportError(VIR_ERR_XML_DETAIL, - _("Invalid format '%1$s' for ROM loader type"), - virStorageFileFormatTypeToString(loader->format= )); + if (loader && loader->readonly =3D=3D VIR_TRISTATE_BOOL_NO) { + virReportError(VIR_ERR_XML_DETAIL, "%s", + _("Variable storage (NVRAM/varstore) is not per= mitted when loader is read/write")); return -1; } } diff --git a/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-= latest.err b/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-= latest.err index b058f970a4..743fe27a97 100644 --- a/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-latest.= err +++ b/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-latest.= err @@ -1 +1 @@ -Only EFI firmware permits NVRAM +operation failed: Unable to find 'bios' firmware that is compatible with t= he current configuration diff --git a/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-= latest.xml b/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-= latest.xml new file mode 100644 index 0000000000..062835e351 --- /dev/null +++ b/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-latest.= xml @@ -0,0 +1,35 @@ + + guest + 63840878-0deb-4095-97e6-fc444d9bc9fa + 1048576 + 1048576 + 1 + + hvm + + + + + + + + qemu64 + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + +
+ + + + +