[libvirt] [PATCH 0/5] qemu: Use FW descriptors to report FW image paths
Michal Privoznik
mprivozn at redhat.com
Fri Sep 13 11:12:21 UTC 2019
On 9/13/19 12:25 PM, Kashyap Chamarthy wrote:
> On Mon, Aug 05, 2019 at 06:14:20PM +0200, Michal Privoznik wrote:
>
> [...]
>
>> Michal Prívozník (5):
>> virfirmware: Expose and define autoptr for virFirmwareFree
>> qemu_firmware: Document qemuFirmwareGetSupported
>> qemu_firmware: Extend qemuFirmwareGetSupported to return FW paths
>> qemufirmwaretest: Test FW path getting through
>> qemuFirmwareGetSupported()
>> qemu: Use FW descriptors to report FW image paths
>
> [...]
>
> Tested-by: Kashyap Chamarthy <kchamart at redhat.com>
Thanks, but I've pushed it yesterday and thus I can no longer add you to
the commit messages. Sorry.
>
> I've just tested this patchset on Fedora 30. (I too can reproduce the
> behaviour Cole saw - duplicate 'secboot' binaries.)
>
> Build libvirt with this:
>
> $> git describe
> v5.7.0-107-gb6e6d35f3f
>
> Stop the system libvirt daemons:
>
> $> systemctl stop libvirtd virtlockd virtlogd
>
> Start the daemons built from Git:
>
> $> sudo ./run src/virtlockd &
> $> sudo ./run src/virtlogd &
> $> sudo ./run src/libvirtd &
>
> Make sure your EDK2/OVMF RPM has the 'secboot' binaries/VARS files:
>
> $> rpm -q edk2-ovmf
> edk2-ovmf-20190501stable-3.fc30.noarch
>
> $> rpm -ql edk2-ovmf | grep secboot
> /usr/share/OVMF/OVMF_CODE.secboot.fd
> /usr/share/OVMF/OVMF_VARS.secboot.fd
> /usr/share/edk2/ovmf/OVMF_CODE.secboot.fd
> /usr/share/edk2/ovmf/OVMF_VARS.secboot.fd
>
> (The top two files are a symlink to the bottom two.)
>
> Before invoking domCapabilities API, ensure the relevant firmware
> descriptor files for x86_64 have the secboot binary listed:
>
> $> grep CODE.secboot /usr/share/qemu/firmware/40-edk2-ovmf-x64-sb-enrolled.json /usr/share/qemu/firmware/50-edk2-ovmf-x64-sb.json
> /usr/share/qemu/firmware/40-edk2-ovmf-x64-sb-enrolled.json: "filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd",
> /usr/share/qemu/firmware/50-edk2-ovmf-x64-sb.json: "filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd",
Yeah, I've posted a patch for that:
https://www.redhat.com/archives/libvir-list/2019-September/msg00485.html
The reason is that (I suspect) 40-edk2-ovmf-x64-sb-enrolled.json and
50-edk2-ovmf-x64-sb.json have the same _CODE but different _VARS.
Therefore, in qemuFirmwareGetSupported() (which is called when
constructing domcaps) we effectivelly see two different firmwares:
https://libvirt.org/git/?p=libvirt.git;a=blob;f=src/qemu/qemu_firmware.c;h=f316a26a5ba5c14d993fa8b96df32eba3c1f0997;hb=HEAD#l1536
Therefore, they are appended onto @fws list which is then passed to
virQEMUCapsFillDomainLoaderCaps() in virQEMUCapsFillDomainOSCaps() which
doesn't deduplicate them.
But the same thing can happen even without FW descriptors: ./configure
--with-loader-nvram="/dev/null:X:/dev/null:Y" (a very dumb config, but
serves the point) which declares [{CODE = "/dev/null", NVRAM = "X"},
{CODE = "/dev/null", NVRAM "Y"}] pair. In both cases the FW image is
the same and therefore it would be printed twice. To test this with
latest git just revert e9d51a221c1871 because now libvirt picks FW
descriptors and thus configure arg (or correspondinf qemu.conf knob) is
ignrored.
Michal
More information about the libvir-list
mailing list