Vladimir Sementsov-Ogievskiy writes:
> For change, pause, resume, complete, dismiss and finalize actions
> corresponding job- and block-job commands are almost equal. The
> difference is in find_block_job_locked() vs find_job_locked()
> functions. What's different?
>
> 1. find_block_job_locked()
On 3/25/25 00:24, Will wrote:
Signed-off-by: Will
---
NEWS.rst | 5 +
1 file changed, 5 insertions(+)
diff --git a/NEWS.rst b/NEWS.rst
index 1fc80e2496..075fbd2d6c 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -67,6 +67,11 @@ v11.2.0 (unreleased)
restore. Using multiple channels can redu
On 3/25/25 00:24, Will wrote:
Adds support for configuring flags for domains
running under Xen.
The following flags, making use of QEMU's existing flags, are now
configurable for Xen: vapic, synic, stimer, frequencies, tlbflush and
ipi
Tests have been added validating translation to libxl's vi
On 4/2/25 19:24, Roman Bogorodskiy wrote:
> The 'plain' optimization type also triggers the clang stack frame size
> issues, so increase limit for it as well.
>
> Signed-off-by: Roman Bogorodskiy
> ---
> meson.build | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meson.
On Thu, Apr 03, 2025 at 02:08:28PM +0200, Michal Prívozník via Devel wrote:
> On 4/2/25 19:24, Roman Bogorodskiy wrote:
> > The 'plain' optimization type also triggers the clang stack frame size
> > issues, so increase limit for it as well.
> >
> > Signed-off-by: Roman Bogorodskiy
> > ---
> > me
From: Michal Privoznik
The domain object already has a member that allows storing
hypervisor's PID (vm->pid). There's no need to duplicate it in
_virCHMonitor struct. Switch CH code to use the former.
Signed-off-by: Michal Privoznik
---
src/ch/ch_events.c | 2 +-
src/ch/ch_monitor.c | 10 ++-
QEMU_CAPS_TDX_GUEST set means TDX supported with this QEMU.
Signed-off-by: Chenyi Qiang
Signed-off-by: Zhenzhong Duan
Reviewed-by: Daniel P. Berrangé
---
src/qemu/qemu_capabilities.c | 2 ++
src/qemu/qemu_capabilities.h | 1 +
2 files changed, 3 insertions(+)
diff --git a/src/qemu/qemu_capabi
For secure guest, FakeReboot kills original QEMU instance and
create new one which is quite different from normal guest.
To reflect this fact, VIR_DOMAIN_EVENT_[STOPPED|STARTED]
are sent to control plane with new introduced reasons
VIR_DOMAIN_EVENT_[STOPPED|STARTED]_RECREATION.
That would let con
On Thu, Apr 03, 2025 at 18:28:23 +0800, Zhenzhong Duan wrote:
[...]
>
> Zhenzhong Duan (18):
> tools: Secure guest check for Intel in virt-host-validate
> qemu: Check if INTEL Trust Domain Extention support is enabled
> qemu: Add TDX capability
> conf: Expose TDX feature in domain capabi
Hi,
This series brings libvirt the x86 TDX support.
* What's TDX?
TDX stands for Trust Domain Extensions which isolates VMs from
the virtual-machine manager (VMM)/hypervisor and any other software on
the platform.
This patchset extends libvirt to support TDX, with which one can start a TDX
guest
Add check in virt-host-validate for secure guest support
on x86 for Intel Trust Domain Extentions.
Suggested-by: Daniel P. Berrangé
Signed-off-by: Zhenzhong Duan
Reviewed-by: Daniel P. Berrangé
---
tools/virt-host-validate-common.c | 31 ++-
tools/virt-host-validate
Implement TDX check in order to generate domain feature capability
correctly in case the availability of the feature changed.
For INTEL TDX the verification is:
- checking if "/sys/module/kvm_intel/parameters/tdx" contains the
value 'Y': meaning TDX is enabled in the host kernel.
Signed-off-b
Extend qemu TDX capability to domain capabilities.
Signed-off-by: Chenyi Qiang
Signed-off-by: Zhenzhong Duan
Reviewed-by: Daniel P. Berrangé
---
docs/formatdomaincaps.rst | 1 +
src/conf/domain_capabilities.c | 1 +
src/conf/domain_capabilities.h | 1 +
src/conf/schemas/domaincaps.r
When 'tdx' is used, the VM will be launched with Intel TDX feature enabled.
TDX feature supports running encrypted VM (Trust Domain, TD) under the
control of KVM. A TD runs in a CPU model which protects the confidentiality
of its memory and its CPU state from other software.
There are four optiona
As the tdx launch security type support is added, expose it in domain
capabilities so that domain definition validation check can take
effect.
Signed-off-by: Zhenzhong Duan
---
src/qemu/qemu_capabilities.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/qemu/qemu_capabilities.c b/src/q
mrConfigId/mrOwner/mrOwnerConfig are base64 encoded SHA384 digest,
can be provided for TDX attestation.
Check their decoded lengths to ensure they are 48 bytes.
Signed-off-by: Zhenzhong Duan
---
src/conf/domain_validate.c | 12 +++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff
TDX guest requires some special parameters to boot, currently:
"kernel_irqchip=split"
"pmu!=on"
"smm!=on"
"-bios"
If not specified explicitly, QEMU should configure this option implicitly
when start a TDX guest.
Signed-off-by: Zhenzhong Duan
Reviewed-by: Daniel P. Berrangé
---
src/qemu/qe
'tdx-guest' object supports a "quote-generation-socket" property for
attestation purpose. When "quote-generation-socket" is configured in
guest xml, libvirt generates unix socket format cmdline for QEMU.
'Path' element can be omitted, default path "/var/run/tdx-qgs/qgs.socket"
is used in this case
Utilize the existing fake reboot mechanism to do reboot for TDX guest.
Different from normal guest, TDX guest doesn't support system_reset,
so have to kill the old guest and start a new one to simulate the reboot.
Co-developed-by: Chenyi Qiang
Signed-off-by: Zhenzhong Duan
---
src/qemu/qemu_pr
For secure guest, FakeReboot kills original QEMU instance and
create new one. During this process, QEMU send SHUTDOWN event
with "host-signal" reason which can trigger another FakeReboot.
Check if a FakeReboot is ongoing and bypass "host-signal"
processing which originally comes from FakeReboot.
TDX guest doesn't support system_reset, so have to kill the old guest and
start a new one to simulate the reset. This can be achieved by calling
qemuProcessFakeRebootViaRecreate().
Domain lock is already hold in qemuDomainReset() before calling
qemuProcessFakeRebootViaRecreate(), so bypass locking
When TD VM reboot, qemu process is recreated by destroying old and
creating new one. When new qemu process starts, it sends a RESUME
event while libvirt domain isn't in run state yet. Then event
VIR_DOMAIN_EVENT_RESUMED is sent out and confuse control plane.
Check priv->pausedShutdown and bypass t
From: Michal Privoznik
In a few places, when a size_t typed argument is passed to a
printf-like function the corresponding specifier is %ld instead
of %zu. Fix those places.
Signed-off-by: Michal Privoznik
---
src/ch/ch_monitor.c | 4 ++--
src/ch/ch_process.c | 4 ++--
2 files changed, 4 inser
*** BLURB HERE ***
Michal Prívozník (3):
ch: Use CH_DOMAIN_PRIVATE() more
ch: Drop pid from monitor
ch: Fix printf format strings wrt size_t argument
src/ch/ch_events.c | 4 ++--
src/ch/ch_monitor.c | 14 --
src/ch/ch_monitor.h | 2 --
src/ch/ch_process.c | 11 +--
4
QEMU will provides 'tdx-guest' object which is used to launch encrypted
VMs on Intel platform using TDX feature.
Command line looks like:
$QEMU ... \
-object
'{"qom-type":"tdx-guest","id":"lsec0","mrconfigid":"xxx","mrowner":"xxx","mrownerconfig":"xxx","attributes":268435457}'
\
-machine pc-
25 matches
Mail list logo
