Commit Graph

46 Commits

Author SHA1 Message Date
Daniel Henrique Barboza
bdb2bed3e9 virtinst: trivial codespell fixes
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2020-07-04 17:56:57 -04:00
Cole Robinson
c64009ecdd domaincapabilities: Finish test coverage
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2020-01-27 13:08:12 -05:00
Michal Privoznik
66be1d009f domcapabilities: Whitelist upstream qemu edk2 paths
Upstream qemu installs
/usr/share/qemu/edk2-$ARCH-(?secure-)code.fd FW images. Whitelist
them too.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2019-12-17 16:27:49 -05:00
Cole Robinson
5d91237386 domcaps: Tweak cpu security feature log statements
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-11-12 14:17:21 -05:00
Cole Robinson
d934d6f266 domcaps: Fix check for uncached security features
We need to check against None, which is the initial value, otherwise
a host with none of the security features present will repeatedly poll
libvirt baseline APIs

Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-11-12 14:17:21 -05:00
Pavel Hrdina
df48a77e6a virtinst: fix detection if baselineHypervisorCPU API is available
With libvirt-python >= 4.4.0 and libvirt < 4.4.0 we would receive
libvirt.libvirtError exception because the python binding knows about
the function but it's not supported by libvirt.  However, in case that
the python binding is older then 4.4.0 it will raise AttributeError
because the function is not implemented in python binding as well.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2019-10-22 13:42:21 +02:00
Fabiano Fidêncio
2e20b128a1 domcapabilities: Add supports_video_bochs()
Returns whether bochs display is supported, according to the domain
capabilities.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2019-10-04 11:15:09 -04:00
Fabiano Fidêncio
1547e16d62 domcapabilities: Get video devices
domcapabilities already handles disk and hostdev. Let's add support for
getting video devices as well.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2019-10-04 11:15:09 -04:00
Cole Robinson
f107e39989 Switch to more traditional logging structure
Init a shared log instance in virtinst/logger.py, and use that
throughout the code base, so we aren't calling directly into
'logging'. This helps protect our logging output from being
cluttered with other library output, as happens with some
'requests' usage
2019-06-17 00:12:31 -04:00
Erik Skultety
8ab9dcd33f virtinst: guest: Provide further SEV support checks
These include platform checks - libvirt & QEMU - as well as
configuration - SEV is only supported with UEFI.
Another configuration requirement made in this patch is Q35 machine,
since ADM recommends Q35 in their setups even though SEV can work with
the legacy PC machine type, but we'd have to turn on
virtio-non-transitional for all virtio devices with some other potential
pitfalls along the way.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Erik Skultety <eskultet@redhat.com>
2019-06-11 13:00:34 -04:00
Erik Skultety
1a8728fc2d virtinst: guest: Fill in SEV platform specific data automatically
The data in question are 'cbitpos' denoting which addressing bit is the
encryption bit and 'reduced_phys_bits' denoting how many physical
address space we lose by turning on the encryption. Both of these are
hypervisor dependent and thus will be the same for all the guest
residing on the same host, but need to be specified for future migration
purposes.
But given we can probe them from domain capabilities, we don't need the
user to provide them and thus enhancing cli user experience. This
requires a new _SEV domaincapabilities XML class to be created so that
we can query the specific properties.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Erik Skultety <eskultet@redhat.com>
2019-06-11 13:00:34 -04:00
Cole Robinson
f85e6def55 support: Convert callers to the new format 2019-06-07 16:26:03 -04:00
Pavel Hrdina
c11d6ba4d7 domcapabilities: detect MDS new vulnerability
There is a new security feature 'md-clear' that mitigates recent CPU
Microarchitectural Store Buffer Data vulnerability.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2019-05-14 20:11:39 +02:00
Pavel Hrdina
413858f3dc domcapabilities: actually fix detection if host-model is safe to use
The original code created a new list which had True/False items.  The
only case where the returned value would be False is for empty list
which never happens in real environment.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2019-04-11 15:13:29 +02:00
Pavel Hrdina
00f8dea370 domcapabilities: add caching of CPU security features
We will call this function multiple times so it makes sense to cache the
result so we don't have to call libvirt APIs every time we will check
what security features are available on the host.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-04-04 13:40:45 +02:00
Pavel Hrdina
b711b28b1a domcapabilities: fix typo in function name
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-04-04 11:51:03 +02:00
Pavel Hrdina
29f815fbd2 domcapabilities: remove recommended CPU features from security features
These features are only recommended to be enabled since they improve
performance of the VMs if security features are enabled.

pcid is a very useful perf feature, but missing in some silicon
so not portable.

pdpe1gb lets the guest use 1 GB pages which is good for perf
but again not all silicon can do it.

amd-ssbd is a security feature which fixes the same SSBD flaws as the
virt-ssbd feature does. virt-ssbd is usable across all CPU models
affected by SSBD, while amd-ssbd is only available in very new silicon.
So virt-ssbd is the bette rchoice.

amd-no-ssb just indicates that the CPU is not affected by SSBD, so not
critical to expose. I expect a future named CPU model will include that
where appropriate.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-04-04 11:49:29 +02:00
Pavel Hrdina
4a8b6363c0 domcapabilities: introduce get_cpu_security_features
Get all CPU security features that we should enable for guests.

In order to do that we need to get CPU definition from domain
capabilities and modify the XML so it is in required format for
libvirt CPU baseline APIs.  We will prefer the baselineHypervisorCPU
API because that considers what QEMU actually supports and we will
fallback to baselineCPU API if the better one is not supported by
libvirt.

This way we can figure out which of the security features are actually
available on that specific host for that specific QEMU binary.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-03-19 13:45:49 +01:00
Pavel Hrdina
95d1275f57 domcapabilities: get list of CPU models from domcapabilities
Currently we just call libvirt API which will return all CPU models for
specific architecture known to libvirt and we offer all of them to users
in GUI.  Let's switch to domain capabilities where we have more details
about these CPUs such as whether each model is usable with current QEMU
binary.  If libvirt can detect the usability we will offer only CPU
models that QEMU can actually run.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-03-19 13:41:53 +01:00
Pavel Hrdina
8183ba279c domcapabilities: fix CPUModel usable attribute
It is not True/False attribute, it can contain 'unknown' value as well
which means libvirt cannot figure out whether the CPU model is usable
with that specific QEMU binary.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-03-19 13:41:51 +01:00
Pavel Hrdina
9fdbbca27f domcapabilities: fix detection if host-model is safe to use
According to libvirt documentation for host-model [1] it is safe to use
it only if 'fallback' attribute is set to 'forbid', this indicates that
the libvirt and QEMU are new enough and can safely filter list of cpu
features that will be guaranteed to be visible inside of the guest.

[1] <https://libvirt.org/formatdomain.html#elementsCPU>

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-03-19 13:41:31 +01:00
Cole Robinson
b051b6c95d cpu: Have host-copy use domcaps if qemu is new enough (bz 1637767)
capabilities is known problematic. Use domcaps if libvirt+qemu
reports working host-model

https://bugzilla.redhat.com/show_bug.cgi?id=1637767
2018-10-13 17:48:25 -04:00
Cole Robinson
469fed08a0 guest: Default to cpu mode=host-model if libvirt is new enough
We check whether host-model is exposed in domcapabilities, which
indicates host-model is using the smarter new safer method in
cooperation with qemu
2018-10-04 14:43:41 -04:00
Cole Robinson
76334bfabd guest: Add DomainCapabilities caching 2018-10-04 12:30:14 -04:00
Cole Robinson
4adb1c8c30 pycodestyle: fix W605 invalid escape sequence 2018-09-29 13:59:19 -04:00
Cole Robinson
b623ece2ba domcapabilities: Whitelist fedora arm and ia32 edk2 paths 2018-08-08 15:04:51 -04:00
Daniel P. Berrangé
48e32b429d Fix copyright header to specify GPLv2 or later, not GPLv2 only.
The copyright headers in every file were chjanged in this previous commit

  commit b6dcee8eb7
  Author: Cole Robinson <crobinso@redhat.com>
  Date:   Tue Mar 20 15:00:02 2018 -0400

    Use consistent and minimal license header for every file

Where before this they said "

  "either version 2 of the License, or (at your option) any later version."

Now they just say

  "GNU GPLv2"

This fixes it to say "GNU GPLv2 or later" again.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-04-04 16:51:37 -04:00
Cole Robinson
12996dd458 domcapabilities: Document class layout a bit
It's a bit weird due to the repetitive nature of domainCapabilities
XML layout
2018-04-03 11:07:18 -04:00
Charles Arnold
d15b78ab0d virtinst: read CPU model from domain capabilities
Add functionality to acquire the CPU model from the
libvirt domain capabilities. This is used to compare
with the host CPU model.

(crobinso: add test coverage, rework domcaps layout a bit)
2018-04-03 10:57:15 -04:00
Cole Robinson
7fb1ddbc18 virtinst: s/_XML_ROOT_NAME/XML_NAME/g
No reason for it to be privatized, could be useful in some cases
2018-03-21 11:17:36 -04:00
Cole Robinson
b6dcee8eb7 Use consistent and minimal license header for every file 2018-03-21 07:29:40 -04:00
Radostin Stoyanov
978fb25ac7 Wrap keys(), values() in a list
In Python 3 dict.values() [1] , dict.keys() [2] and dict.items() [3]
return a view [4] of the dictionary’s values, keys and items.

In Python 2 these functions return a list. [5] [6] [7]

To resolve this we can convert the result of these function to a list.

[1] https://docs.python.org/3/library/stdtypes.html#dict.values
[2] https://docs.python.org/3/library/stdtypes.html#dict.keys
[3] https://docs.python.org/3/library/stdtypes.html#dict.items
[4] https://docs.python.org/3/library/stdtypes.html#dict-views
[5] https://docs.python.org/2/library/stdtypes.html#dict.items
[6] https://docs.python.org/2/library/stdtypes.html#dict.keys
[7] https://docs.python.org/2/library/stdtypes.html#dict.values
2018-02-06 18:49:17 -05:00
Chen Hanxiao
7f1b4cee82 pycodestyle: fix all E125 warnings
Fix all E125:
     Continuation line with same indent as next logical line

   Also remove ignore options of E125

Signed-off-by: Chen Hanxiao <chenhanxiao@gmail.com>
2017-10-21 23:26:16 +08:00
Radostin Stoyanov
b93cc3bbc9 pycodestyle: Do not use bare 'except:'
A bare 'except:' catches all exceptions [1], including SystemExit,
KeyboardInterrupt, and GeneratorExit (which is not an error and should
not normally be caught by user code). In situations where you need to
catch all “normal” errors, you can catch the base class for all normal
exceptions, Exception [2].

[1] https://docs.python.org/2/howto/doanddont.html#except
[2] https://docs.python.org/2/library/exceptions.html#Exception
2017-08-02 13:57:43 -04:00
Pavel Hrdina
0dbfb399cd virtinst: prepare XML parsers to handle GIC for ARM
GIC is used instead of APIC on ARM and libvirt allows configure specific
version of GIC for guests.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-06-11 18:41:24 +02:00
Cole Robinson
e796efeaf9 domcaps: Add pep8 fix 2016-06-07 11:03:32 -04:00
Cole Robinson
9afdceef4e domcaps: Add some generic uefi<->arch catchall regexs
Not strictly required, but may help new distros make packaging
decisions that will 'just work'
2016-06-07 10:22:58 -04:00
Cole Robinson
7f3ddf3818 Fix some pep8 warnings 2016-02-15 12:55:45 -05:00
Jim Fehlig
1c221fd034 virtinst: Support paths to SUSE OVMF firmwares
Extend the domcapabilities regex to include SUSE's OVMF
file naming convention.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2016-01-28 11:26:58 -05:00
Cole Robinson
070664b9e7 tests: Enable property checking for all objects
And loosen restrictions a bit so any read/write will trigger the
tracking.
2015-04-22 16:26:03 -04:00
Cole Robinson
6634053533 domcapabilities: Can and log error fetching XML (bz #1209723) 2015-04-08 09:53:30 -04:00
Cole Robinson
0befc54abe details: Handle libvirt reporting multiple firmware paths 2015-02-22 11:19:50 -05:00
Cole Robinson
4ee9fdf944 domcapabilities: Get arch from caps XML 2015-02-22 11:13:59 -05:00
Cole Robinson
a5b3e2adab create: Try to default to UEFI for aarch64
If we detect AAVMF, set it up, and allow all install options.
If we don't find AAVMF, disable all options except import install (the
current behavior) and show a warning.
2015-02-22 10:25:51 -05:00
Cole Robinson
a04307cd70 virt-install: Add --boot uefi
Will enable UEFI if we know libvirt + hypervisor support it, and libvirt
is advertising a suitable UEFI binary.
2015-02-22 10:25:47 -05:00
Cole Robinson
052220cfc8 virtinst: Add DomainCapabilities parser 2014-09-17 18:29:24 -04:00