[libvirt] [PATCH 0/5] qemu: Use FW descriptors to report FW image paths

Michal Privoznik mprivozn at redhat.com
Fri Sep 13 11:12:21 UTC 2019


On 9/13/19 12:25 PM, Kashyap Chamarthy wrote:
> On Mon, Aug 05, 2019 at 06:14:20PM +0200, Michal Privoznik wrote:
> 
> [...]
> 
>> Michal Prívozník (5):
>>    virfirmware: Expose and define autoptr for virFirmwareFree
>>    qemu_firmware: Document qemuFirmwareGetSupported
>>    qemu_firmware: Extend qemuFirmwareGetSupported to return FW paths
>>    qemufirmwaretest: Test FW path getting through
>>      qemuFirmwareGetSupported()
>>    qemu: Use FW descriptors to report FW image paths
> 
> [...]
> 
> Tested-by: Kashyap Chamarthy <kchamart at redhat.com>

Thanks, but I've pushed it yesterday and thus I can no longer add you to 
the commit messages. Sorry.

> 
> I've just tested this patchset on Fedora 30.  (I too can reproduce the
> behaviour Cole saw - duplicate 'secboot' binaries.)
> 
> Build libvirt with this:
> 
>      $> git describe
>      v5.7.0-107-gb6e6d35f3f
> 
> Stop the system libvirt daemons:
> 
>      $> systemctl stop libvirtd virtlockd virtlogd
> 
> Start the daemons built from Git:
> 
>      $> sudo ./run src/virtlockd &
>      $> sudo ./run src/virtlogd &
>      $> sudo ./run src/libvirtd &
> 
> Make sure your EDK2/OVMF RPM has the 'secboot' binaries/VARS files:
> 
>      $> rpm -q edk2-ovmf
>      edk2-ovmf-20190501stable-3.fc30.noarch
> 
>      $> rpm -ql edk2-ovmf | grep secboot
>      /usr/share/OVMF/OVMF_CODE.secboot.fd
>      /usr/share/OVMF/OVMF_VARS.secboot.fd
>      /usr/share/edk2/ovmf/OVMF_CODE.secboot.fd
>      /usr/share/edk2/ovmf/OVMF_VARS.secboot.fd
> 
> (The top two files are a symlink to the bottom two.)
> 
> Before invoking domCapabilities API, ensure the relevant firmware
> descriptor files for x86_64 have the secboot binary listed:
> 
>      $> grep CODE.secboot /usr/share/qemu/firmware/40-edk2-ovmf-x64-sb-enrolled.json /usr/share/qemu/firmware/50-edk2-ovmf-x64-sb.json
>      /usr/share/qemu/firmware/40-edk2-ovmf-x64-sb-enrolled.json:            "filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd",
>      /usr/share/qemu/firmware/50-edk2-ovmf-x64-sb.json:            "filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd",

Yeah, I've posted a patch for that:

https://www.redhat.com/archives/libvir-list/2019-September/msg00485.html

The reason is that (I suspect) 40-edk2-ovmf-x64-sb-enrolled.json and 
50-edk2-ovmf-x64-sb.json have the same _CODE but different _VARS. 
Therefore, in qemuFirmwareGetSupported() (which is called when 
constructing domcaps) we effectivelly see two different firmwares:

https://libvirt.org/git/?p=libvirt.git;a=blob;f=src/qemu/qemu_firmware.c;h=f316a26a5ba5c14d993fa8b96df32eba3c1f0997;hb=HEAD#l1536

Therefore, they are appended onto @fws list which is then passed to 
virQEMUCapsFillDomainLoaderCaps() in virQEMUCapsFillDomainOSCaps() which 
doesn't deduplicate them.

But the same thing can happen even without FW descriptors: ./configure 
--with-loader-nvram="/dev/null:X:/dev/null:Y" (a very dumb config, but 
serves the point) which declares [{CODE = "/dev/null", NVRAM = "X"}, 
{CODE = "/dev/null", NVRAM  "Y"}] pair. In both cases the FW image is 
the same and therefore it would be printed twice. To test this with 
latest git just revert e9d51a221c1871 because now libvirt picks FW 
descriptors and thus configure arg (or correspondinf qemu.conf knob) is 
ignrored.

Michal




More information about the libvir-list mailing list