2014-09-17 14:56:52 -04:00
#
# Support for parsing libvirt's domcapabilities XML
#
# Copyright 2014 Red Hat, Inc.
#
2018-04-04 14:35:41 +01:00
# This work is licensed under the GNU GPLv2 or later.
2018-03-20 15:00:02 -04:00
# See the COPYING file in the top-level directory.
2014-09-17 14:56:52 -04:00
2015-02-18 15:16:48 -05:00
import re
2019-03-15 09:49:56 +01:00
import xml . etree . ElementTree as ET
2015-02-18 15:16:48 -05:00
2019-03-15 09:49:56 +01:00
import libvirt
from . domain import DomainCpu
2019-06-16 21:12:39 -04:00
from . logger import log
2015-04-22 14:44:52 -04:00
from . xmlbuilder import XMLBuilder , XMLChildProperty , XMLProperty
2014-09-17 14:56:52 -04:00
2018-04-03 11:03:32 -04:00
########################################
# Genering <enum> and <value> handling #
########################################
2014-09-17 14:56:52 -04:00
class _Value ( XMLBuilder ) :
2018-03-21 10:53:34 -04:00
XML_NAME = " value "
2014-09-17 14:56:52 -04:00
value = XMLProperty ( " . " )
class _HasValues ( XMLBuilder ) :
values = XMLChildProperty ( _Value )
def get_values ( self ) :
return [ v . value for v in self . values ]
2022-02-17 14:00:22 -05:00
def has_value ( self , val ) :
return val in self . get_values ( )
2014-09-17 14:56:52 -04:00
class _Enum ( _HasValues ) :
2018-03-21 10:53:34 -04:00
XML_NAME = " enum "
2014-09-17 14:56:52 -04:00
name = XMLProperty ( " ./@name " )
class _CapsBlock ( _HasValues ) :
supported = XMLProperty ( " ./@supported " , is_yesno = True )
2022-02-17 14:51:04 -05:00
_supported_present = XMLProperty ( " ./@supported " )
2014-09-17 14:56:52 -04:00
enums = XMLChildProperty ( _Enum )
2022-02-17 14:51:04 -05:00
@property
def present ( self ) :
return self . _supported_present is not None
2014-09-17 14:56:52 -04:00
def enum_names ( self ) :
return [ e . name for e in self . enums ]
2022-02-03 13:11:20 -05:00
def has_enum ( self , name ) :
return name in self . enum_names ( )
2014-09-17 14:56:52 -04:00
def get_enum ( self , name ) :
2020-09-28 13:44:34 -04:00
for enum in self . enums :
if enum . name == name :
return enum
# Didn't find a match. Could be talking to older libvirt, or
# driver with incomplete info. Return a stub enum
return _Enum ( self . conn )
2014-09-17 14:56:52 -04:00
def _make_capsblock ( xml_root_name ) :
2018-04-03 11:03:32 -04:00
"""
Build a class object representing a list of < enum > in the XML . For
example , domcapabilities may have a block like :
< graphics supported = ' yes ' >
< enum name = ' type ' >
< value > sdl < / value >
< value > vnc < / value >
< value > spice < / value >
< / enum >
< / graphics >
To build a class that tracks that whole < graphics > block , call this
like _make_capsblock ( " graphics " )
"""
2014-09-17 14:56:52 -04:00
class TmpClass ( _CapsBlock ) :
pass
2018-03-21 10:53:34 -04:00
setattr ( TmpClass , " XML_NAME " , xml_root_name )
2014-09-17 14:56:52 -04:00
return TmpClass
2019-06-11 17:41:59 +02:00
################################
# SEV launch security handling #
################################
class _SEV ( XMLBuilder ) :
XML_NAME = " sev "
2019-06-11 17:42:00 +02:00
supported = XMLProperty ( " ./@supported " , is_yesno = True )
2022-08-03 08:47:02 -04:00
maxESGuests = XMLProperty ( " ./maxESGuests " )
2019-06-11 17:41:59 +02:00
2018-04-03 11:03:32 -04:00
#############################
# Misc toplevel XML classes #
#############################
2014-09-17 14:56:52 -04:00
class _OS ( _CapsBlock ) :
2018-03-21 10:53:34 -04:00
XML_NAME = " os "
2014-09-17 14:56:52 -04:00
loader = XMLChildProperty ( _make_capsblock ( " loader " ) , is_single = True )
class _Devices ( _CapsBlock ) :
2018-03-21 10:53:34 -04:00
XML_NAME = " devices "
2014-09-17 14:56:52 -04:00
hostdev = XMLChildProperty ( _make_capsblock ( " hostdev " ) , is_single = True )
disk = XMLChildProperty ( _make_capsblock ( " disk " ) , is_single = True )
2019-10-03 10:44:52 +02:00
video = XMLChildProperty ( _make_capsblock ( " video " ) , is_single = True )
2021-06-08 10:30:30 -04:00
graphics = XMLChildProperty ( _make_capsblock ( " graphics " ) , is_single = True )
2021-11-24 16:05:16 +00:00
tpm = XMLChildProperty ( _make_capsblock ( " tpm " ) , is_single = True )
2021-08-01 20:36:36 +08:00
filesystem = XMLChildProperty ( _make_capsblock ( " filesystem " ) , is_single = True )
2022-11-10 15:57:08 +08:00
redirdev = XMLChildProperty ( _make_capsblock ( " redirdev " ) , is_single = True )
2022-11-10 15:57:24 +08:00
channel = XMLChildProperty ( _make_capsblock ( " channel " ) , is_single = True )
2014-09-17 14:56:52 -04:00
2016-06-10 02:22:25 +02:00
class _Features ( _CapsBlock ) :
2018-03-21 10:53:34 -04:00
XML_NAME = " features "
2016-06-10 02:22:25 +02:00
gic = XMLChildProperty ( _make_capsblock ( " gic " ) , is_single = True )
2019-06-11 17:41:59 +02:00
sev = XMLChildProperty ( _SEV , is_single = True )
2024-06-11 22:45:35 +02:00
hyperv = XMLChildProperty ( _make_capsblock ( " hyperv " ) , is_single = True )
2016-06-10 02:22:25 +02:00
2021-08-01 20:36:38 +08:00
class _MemoryBacking ( _CapsBlock ) :
XML_NAME = " memoryBacking "
2018-04-03 11:03:32 -04:00
###############
# CPU classes #
###############
2018-03-28 13:45:29 -06:00
class _CPUModel ( XMLBuilder ) :
XML_NAME = " model "
model = XMLProperty ( " . " )
2019-03-14 14:10:26 +01:00
usable = XMLProperty ( " ./@usable " )
2018-10-13 17:47:31 -04:00
fallback = XMLProperty ( " ./@fallback " )
2022-02-16 12:13:16 -05:00
class _CPUMode ( _CapsBlock ) :
2018-03-28 13:45:29 -06:00
XML_NAME = " mode "
name = XMLProperty ( " ./@name " )
2018-10-13 17:47:31 -04:00
models = XMLChildProperty ( _CPUModel )
2018-03-28 13:45:29 -06:00
def get_model ( self , name ) :
for model in self . models :
if model . model == name :
return model
2018-04-03 11:03:32 -04:00
2018-03-28 13:45:29 -06:00
class _CPU ( XMLBuilder ) :
XML_NAME = " cpu "
modes = XMLChildProperty ( _CPUMode )
def get_mode ( self , name ) :
for mode in self . modes :
if mode . name == name :
return mode
2022-02-17 14:15:46 -05:00
#############################
# CPU flags/baseline helpers#
#############################
def _convert_mode_to_cpu ( xml , arch ) :
root = ET . fromstring ( xml )
root . tag = " cpu "
root . attrib = { }
aelement = ET . SubElement ( root , " arch " )
aelement . text = arch
return ET . tostring ( root , encoding = " unicode " )
def _get_expanded_cpu ( domcaps , mode ) :
cpuXML = _convert_mode_to_cpu ( mode . get_xml ( ) , domcaps . arch )
log . debug ( " Generated CPU XML for security flag baseline: \n %s " , cpuXML )
try :
expandedXML = domcaps . conn . baselineHypervisorCPU (
domcaps . path , domcaps . arch ,
domcaps . machine , domcaps . domain , [ cpuXML ] ,
libvirt . VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES )
except ( libvirt . libvirtError , AttributeError ) :
expandedXML = domcaps . conn . baselineCPU ( [ cpuXML ] ,
libvirt . VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES )
return DomainCpu ( domcaps . conn , expandedXML )
def _lookup_cpu_security_features ( domcaps ) :
ret = [ ]
sec_features = [
' spec-ctrl ' ,
' ssbd ' ,
' ibpb ' ,
' virt-ssbd ' ,
' md-clear ' ]
for m in domcaps . cpu . modes :
if m . name != " host-model " or not m . supported :
continue # pragma: no cover
try :
cpu = _get_expanded_cpu ( domcaps , m )
except libvirt . libvirtError as e : # pragma: no cover
log . warning ( _ ( " Failed to get expanded CPU XML: %s " ) , e )
break
for feature in cpu . features :
if feature . name in sec_features :
ret . append ( feature . name )
log . debug ( " Found host-model security features: %s " , ret )
return ret
2018-04-03 11:03:32 -04:00
#################################
# DomainCapabilities main class #
#################################
2014-09-17 14:56:52 -04:00
class DomainCapabilities ( XMLBuilder ) :
2022-02-17 14:15:46 -05:00
XML_NAME = " domainCapabilities "
os = XMLChildProperty ( _OS , is_single = True )
cpu = XMLChildProperty ( _CPU , is_single = True )
devices = XMLChildProperty ( _Devices , is_single = True )
features = XMLChildProperty ( _Features , is_single = True )
memorybacking = XMLChildProperty ( _MemoryBacking , is_single = True )
arch = XMLProperty ( " ./arch " )
domain = XMLProperty ( " ./domain " )
machine = XMLProperty ( " ./machine " )
path = XMLProperty ( " ./path " )
################
# Init helpers #
################
2015-02-18 15:16:48 -05:00
@staticmethod
2015-02-22 10:01:02 -05:00
def build_from_params ( conn , emulator , arch , machine , hvtype ) :
2015-04-08 09:53:30 -04:00
xml = None
2019-06-07 16:06:52 -04:00
if conn . support . conn_domain_capabilities ( ) :
2015-04-08 09:53:30 -04:00
try :
xml = conn . getDomainCapabilities ( emulator , arch ,
machine , hvtype )
2022-06-28 21:56:09 +01:00
log . debug ( " Fetched domain capabilities for ( %s , %s , %s , %s ): %s " ,
emulator , arch , machine , hvtype , xml )
2020-01-27 10:06:18 -05:00
except Exception : # pragma: no cover
2019-06-16 21:12:39 -04:00
log . debug ( " Error fetching domcapabilities XML " ,
2015-04-08 09:53:30 -04:00
exc_info = True )
if not xml :
2015-02-18 15:16:48 -05:00
# If not supported, just use a stub object
2015-02-22 10:01:02 -05:00
return DomainCapabilities ( conn )
return DomainCapabilities ( conn , parsexml = xml )
2015-02-18 15:16:48 -05:00
2015-02-22 10:01:02 -05:00
@staticmethod
def build_from_guest ( guest ) :
return DomainCapabilities . build_from_params ( guest . conn ,
2015-02-18 15:16:48 -05:00
guest . emulator , guest . os . arch , guest . os . machine , guest . type )
2022-02-17 14:15:46 -05:00
#########################
# UEFI/firmware methods #
#########################
2015-02-18 15:16:48 -05:00
# Mapping of UEFI binary names to their associated architectures. We
# only use this info to do things automagically for the user, it shouldn't
# validate anything the user explicitly enters.
_uefi_arch_patterns = {
2018-08-08 11:55:29 -04:00
" i686 " : [
2019-12-14 12:48:32 +01:00
r " .*edk2-i386-.* \ .fd " , # upstream qemu
2018-09-29 13:59:19 -04:00
r " .*ovmf-ia32.* " , # fedora, gerd's firmware repo
2018-08-08 11:55:29 -04:00
] ,
2015-02-18 15:16:48 -05:00
" x86_64 " : [
2019-12-14 12:48:32 +01:00
r " .*edk2-x86_64-.* \ .fd " , # upstream qemu
2018-09-29 13:59:19 -04:00
r " .*OVMF_CODE \ .fd " , # RHEL
r " .*ovmf-x64/OVMF.* \ .fd " , # gerd's firmware repo
r " .*ovmf-x86_64-.* " , # SUSE
r " .*ovmf.* " , " .*OVMF.* " , # generic attempt at a catchall
2015-02-18 15:16:48 -05:00
] ,
" aarch64 " : [
2018-09-29 13:59:19 -04:00
r " .*AAVMF_CODE \ .fd " , # RHEL
2024-09-09 14:52:39 +02:00
r " .*aarch64/QEMU_EFI.* " , # fedora, gerd's firmware repo
2018-09-29 13:59:19 -04:00
r " .*aarch64.* " , # generic attempt at a catchall
2019-12-14 12:48:32 +01:00
r " .*edk2-aarch64-code \ .fd " , # upstream qemu
2015-02-18 15:16:48 -05:00
] ,
2018-08-08 11:55:29 -04:00
" armv7l " : [
2020-11-04 02:48:12 +09:00
r " .*AAVMF32_CODE \ .fd " , # Debian qemu-efi-arm package
2018-09-29 13:59:19 -04:00
r " .*arm/QEMU_EFI.* " , # fedora, gerd's firmware repo
2019-12-14 12:48:32 +01:00
r " .*edk2-arm-code \ .fd " # upstream qemu
2018-08-08 11:55:29 -04:00
] ,
2015-02-18 15:16:48 -05:00
}
2015-02-22 11:02:55 -05:00
def find_uefi_path_for_arch ( self ) :
2015-02-18 15:16:48 -05:00
"""
Search the loader paths for one that matches the passed arch
"""
2015-02-22 11:02:55 -05:00
if not self . arch_can_uefi ( ) :
2020-01-27 10:06:18 -05:00
return # pragma: no cover
2015-02-18 15:16:48 -05:00
2021-02-15 13:36:40 -05:00
firmware_files = [ f . value for f in self . os . loader . values ]
2021-02-11 19:41:12 +04:00
if self . conn . is_bhyve ( ) :
for firmware_file in firmware_files :
if ' BHYVE_UEFI.fd ' in firmware_file :
return firmware_file
2021-02-15 13:36:40 -05:00
return ( firmware_files and
firmware_files [ 0 ] or None ) # pragma: no cover
2021-02-11 19:41:12 +04:00
2015-02-22 11:02:55 -05:00
patterns = self . _uefi_arch_patterns . get ( self . arch )
2015-02-18 15:16:48 -05:00
for pattern in patterns :
2021-02-15 13:36:40 -05:00
for path in firmware_files :
2015-02-18 15:16:48 -05:00
if re . match ( pattern , path ) :
return path
2015-02-22 11:13:21 -05:00
def label_for_firmware_path ( self , path ) :
"""
Return a pretty label for passed path , based on if we know
about it or not
"""
if not path :
if self . arch in [ " i686 " , " x86_64 " ] :
return _ ( " BIOS " )
2022-01-26 13:08:55 -05:00
return _ ( " Default " )
2015-02-22 11:13:21 -05:00
for arch , patterns in self . _uefi_arch_patterns . items ( ) :
for pattern in patterns :
if re . match ( pattern , path ) :
return ( _ ( " UEFI %(arch)s : %(path)s " ) %
{ " arch " : arch , " path " : path } )
return _ ( " Custom: %(path)s " % { " path " : path } )
2015-02-22 11:02:55 -05:00
def arch_can_uefi ( self ) :
2015-02-18 15:16:48 -05:00
"""
Return True if we know how to setup UEFI for the passed arch
"""
2022-12-13 10:51:14 -05:00
return self . arch in self . _uefi_arch_patterns
2015-02-18 15:16:48 -05:00
2022-01-26 11:59:51 -05:00
def supports_uefi_loader ( self ) :
2015-02-18 15:16:48 -05:00
"""
2022-01-26 11:59:51 -05:00
Return True if libvirt advertises support for UEFI loader
2015-02-18 15:16:48 -05:00
"""
2022-02-17 14:00:22 -05:00
return self . os . loader . get_enum ( " readonly " ) . has_value ( " yes " )
2015-02-18 15:16:48 -05:00
2022-01-26 11:59:51 -05:00
def supports_firmware_efi ( self ) :
2022-02-17 14:00:22 -05:00
return self . os . get_enum ( " firmware " ) . has_value ( " efi " )
2022-01-26 11:59:51 -05:00
2022-02-17 14:15:46 -05:00
#######################
# CPU support methods #
#######################
2018-10-04 12:23:32 -04:00
def supports_safe_host_model ( self ) :
"""
Return True if domcaps reports support for cpu mode = host - model .
2020-06-03 10:14:31 -03:00
host - model in fact predates this support , however it wasn ' t
2019-03-13 14:18:14 +01:00
general purpose safe prior to domcaps advertisement .
2018-10-04 12:23:32 -04:00
"""
2022-02-16 12:13:16 -05:00
m = self . cpu . get_mode ( " host-model " )
return ( m and m . supported and
m . models [ 0 ] . fallback == " forbid " )
def supports_safe_host_passthrough ( self ) :
"""
Return True if host - passthrough is safe enough to use by default .
We limit this to domcaps new enough to report whether host - passthrough
is migratable or not , which also means libvirt is about new enough
to not taint the VM for using host - passthrough
"""
m = self . cpu . get_mode ( " host-passthrough " )
return ( m and m . supported and
" on " in m . get_enum ( " hostPassthroughMigratable " ) . get_values ( ) )
2018-10-04 12:23:32 -04:00
2019-03-15 09:49:29 +01:00
def get_cpu_models ( self ) :
models = [ ]
for m in self . cpu . modes :
if m . name == " custom " and m . supported :
for model in m . models :
if model . usable != " no " :
models . append ( model . model )
return models
2020-01-27 10:06:18 -05:00
_features = None
def get_cpu_security_features ( self ) :
if self . _features is None :
2022-02-17 14:15:46 -05:00
self . _features = _lookup_cpu_security_features ( self ) or [ ]
2019-04-03 15:17:08 +02:00
return self . _features
2019-03-15 09:49:56 +01:00
2020-01-27 10:06:18 -05:00
2022-02-17 14:15:46 -05:00
########################
# Misc support methods #
########################
2022-08-03 08:47:02 -04:00
def supports_sev_launch_security ( self , check_es = False ) :
2019-06-11 17:42:00 +02:00
"""
Returns False if either libvirt doesn ' t advertise support for SEV at
all ( < libvirt - 4.5 .0 ) or if it explicitly advertises it as unsupported
on the platform
"""
2022-08-03 08:47:02 -04:00
if check_es :
return bool ( self . features . sev . supported and
self . features . sev . maxESGuests )
2019-06-11 17:42:00 +02:00
return bool ( self . features . sev . supported )
2015-02-18 15:16:48 -05:00
2019-10-03 10:47:15 +02:00
def supports_video_bochs ( self ) :
"""
Returns False if either libvirt or qemu do not have support to bochs
video type .
"""
2022-02-17 14:00:22 -05:00
return self . devices . video . get_enum ( " modelType " ) . has_value ( " bochs " )
2019-10-03 10:47:15 +02:00
2022-02-03 13:11:20 -05:00
def supports_video_qxl ( self ) :
if not self . devices . video . has_enum ( " modelType " ) :
# qxl long predates modelType in domcaps, so if it is missing,
# use spice support as a rough value
return self . supports_graphics_spice ( )
2022-02-17 14:00:22 -05:00
return self . devices . video . get_enum ( " modelType " ) . has_value ( " qxl " )
2022-02-03 13:11:20 -05:00
def supports_video_virtio ( self ) :
2022-02-17 14:00:22 -05:00
return self . devices . video . get_enum ( " modelType " ) . has_value ( " virtio " )
2022-02-03 13:11:20 -05:00
2021-11-24 16:05:16 +00:00
def supports_tpm_emulator ( self ) :
"""
Returns False if either libvirt or qemu do not have support for
emulating a TPM .
"""
models = self . devices . tpm . get_enum ( " model " ) . get_values ( )
backends = self . devices . tpm . get_enum ( " backendModel " ) . get_values ( )
2022-06-17 13:04:05 -04:00
if self . arch == " armv7l " and models == [ " tpm-tis " ] :
# libvirt as of 8.4.0 can advertise armv7l tpm-tis support,
# but then explicitly rejects that config. If we see it,
# assume TPM is not supported
# https://gitlab.com/libvirt/libvirt/-/issues/329
return False
2021-11-24 16:05:16 +00:00
return len ( models ) > 0 and bool ( " emulator " in backends )
2021-06-08 10:30:30 -04:00
def supports_graphics_spice ( self ) :
if not self . devices . graphics . supported :
# domcaps is too old, or the driver doesn't advertise graphics
# support. Use our pre-existing logic
if not self . conn . is_qemu ( ) and not self . conn . is_test ( ) :
return False
return self . conn . caps . host . cpu . arch in [ " i686 " , " x86_64 " ]
2022-02-17 14:00:22 -05:00
return self . devices . graphics . get_enum ( " type " ) . has_value ( " spice " )
2021-06-08 10:30:30 -04:00
2022-11-10 15:57:24 +08:00
def supports_channel_spicevmc ( self ) :
"""
Return False if libvirt explicitly advertises no support for
spice channel
"""
if self . devices . channel . supported is None :
# Follow the original behavior in case of talking to older
# libvirt.
return True
return self . devices . channel . get_enum ( " type " ) . has_value ( " spicevmc " )
2022-11-10 15:57:08 +08:00
def supports_redirdev_usb ( self ) :
"""
Return False if libvirt explicitly advertises no support for
USB redirect
"""
if self . devices . redirdev . supported is None :
# Follow the original behavior in case of talking to older
# libvirt.
return True
return self . devices . redirdev . get_enum ( " bus " ) . has_value ( " usb " )
2021-08-01 20:36:37 +08:00
def supports_filesystem_virtiofs ( self ) :
"""
Return True if libvirt advertises support for virtiofs
"""
2022-02-17 14:00:22 -05:00
return self . devices . filesystem . get_enum (
" driverType " ) . has_value ( " virtiofs " )
2021-08-01 20:36:37 +08:00
2021-08-01 20:36:38 +08:00
def supports_memorybacking_memfd ( self ) :
"""
Return True if libvirt advertises support for memfd memory backend
"""
2022-02-17 14:00:22 -05:00
return self . memorybacking . get_enum ( " sourceType " ) . has_value ( " memfd " )
2024-06-11 22:45:35 +02:00
def supported_hyperv_features ( self ) :
"""
Return list of supported Hyper - V features .
"""
if not self . features . hyperv . supported :
return [ ]
return self . features . hyperv . get_enum ( " features " ) . get_values ( )