RE: [PATCH v4 00/23] LIBVIRT: X86: TDX support

>-Original Message- >From: Daniel P. Berrangé >Subject: Re: [PATCH v4 00/23] LIBVIRT: X86: TDX support > >FYI, QEMU soft freeze is next week, and rc0 release >is Jul 22nd. I proposed we merge this series once >the QEMU rc0 release is out, so this is likely ready >for the libvirt August 1

Re: [libvirt PATCH] docs: hacking: Define policy forbidding use of AI code generators

On 7/10/25 03:43, Pavel Hrdina via Devel wrote: This policy is a copy of what QEMU project is using [1] as there is no reason to use different policy, only modification is changing the project name and link to DCO. [1]

Re: [PATCH] NEWS: Mention switch to virtio-scsi on ARM

On 7/10/25 03:20, Andrea Bolognani wrote: On Mon, Jul 07, 2025 at 05:05:05PM -0600, Jim Fehlig via Devel wrote: * **Improvements** + * qemu: Change default SCSI controller model to ``virtio-scsi`` for ARM + +The previous default of ``lsilogic`` is unsupported by modern operating +sys

Re: [PATCH v5 0/5] Disable Deprecated Features by Default on s390 CPU Models

On 6/29/25 11:19 PM, Collin Walling wrote: Pinging this series once. Would like to know if there's any further feedback or if these patches are good enough. Thanks for your time. [...] -- Regards, Collin

Re: [PATCH v4 00/23] LIBVIRT: X86: TDX support

FYI, QEMU soft freeze is next week, and rc0 release is Jul 22nd. I proposed we merge this series once the QEMU rc0 release is out, so this is likely ready for the libvirt August 1st release. On Thu, Jul 10, 2025 at 03:21:02AM -0400, Zhenzhong Duan wrote: > Hi, > > This series brings libvirt the x

Re: [libvirt PATCH] docs: hacking: Define policy forbidding use of AI code generators

On Thu, Jul 10, 2025 at 02:33:45PM +0200, Peter Krempa wrote: > On Thu, Jul 10, 2025 at 11:43:32 +0200, Pavel Hrdina via Devel wrote: > > This policy is a copy of what QEMU project is using [1] as there is no > > reason to use different policy, only modification is changing the > > project name and

How to process after sending a patch assisted with AI

Hi, How should I process after sending a patch that has code generated by AI [1] ? Is creating a new AI free version with some explanation enough to prevent the submission from being suspicious ? Possible example for explanation would be "I am using how qemu:commandline is implemented as inspirat

Re: [libvirt PATCH] docs: hacking: Define policy forbidding use of AI code generators

On Thu, Jul 10, 2025 at 11:43:32 +0200, Pavel Hrdina via Devel wrote: > This policy is a copy of what QEMU project is using [1] as there is no > reason to use different policy, only modification is changing the > project name and link to DCO. > > [1] >

Re: [PATCH v3] qemu: passt: add support for custom command line arguments

On Thu, Jul 10, 2025 at 12:04 PM Peter Krempa wrote: > > On Wed, Jul 09, 2025 at 13:38:12 +0200, Enrique Llorente via Devel wrote: > > This adds support for custom command line arguments for the passt > > backend, similar to qemu:commandline. The feature allows passing > > additional arguments to

Re: [PATCHv2] passt: Define backend hostname and fqdn

On Thu, Jul 10, 2025 at 12:26 PM Peter Krempa wrote: > > On Fri, May 30, 2025 at 14:21:23 +0200, Enrique Llorente via Devel wrote: > > This commit introduces a feature enhancement for configuring hostnames in > > virtual machines (VMs) using DHCP. It adds new options to the "passt" tool > > to set

RE: [PATCH v4 00/23] LIBVIRT: X86: TDX support

>-Original Message- >From: Daniel P. Berrangé >Subject: Re: [PATCH v4 00/23] LIBVIRT: X86: TDX support > >On Thu, Jul 10, 2025 at 03:21:02AM -0400, Zhenzhong Duan wrote: >> Hi, >> >> This series brings libvirt the x86 TDX support. >> >> * What's TDX? >> TDX stands for Trust Domain Extens

Re: [PATCH 0/2] Fix problems with local pkg-config files.

On Thu, Jul 10, 2025 at 10:26:57 +0100, Daniel P. Berrangé via Devel wrote: > > > Daniel P. Berrangé (2): > src: add missing libvirt-admin.pc.in for local usage > src: fix package name in local pkg-config files Reviewed-by: Peter Krempa

Re: [PATCH v4 00/23] LIBVIRT: X86: TDX support

On Thu, Jul 10, 2025 at 03:21:02AM -0400, Zhenzhong Duan wrote: > Hi, > > This series brings libvirt the x86 TDX support. > > * What's TDX? > TDX stands for Trust Domain Extensions which isolates VMs from > the virtual-machine manager (VMM)/hypervisor and any other software on > the platform. >

Re: [PATCHv2] passt: Define backend hostname and fqdn

On Fri, May 30, 2025 at 14:21:23 +0200, Enrique Llorente via Devel wrote: > This commit introduces a feature enhancement for configuring hostnames in > virtual machines (VMs) using DHCP. It adds new options to the "passt" tool > to set the hostname and fully qualified domain name (FQDN) for VMs. Th

Re: [PATCH] virdevmapper: Always use device name for finding targets

On Thu, Jul 03, 2025 at 12:39:33AM +0530, Bhavin via Devel wrote: > From: Bhavin Gandhi > > DM_TABLE_DEPS expects a device name in dm_ioctl.name. In one of the > cases, full path of the device was getting returned causing the ioctl > call to fail with `ENXIO (No such device or address)`. > > Als

Re: [PATCH v3] qemu: passt: add support for custom command line arguments

On Wed, Jul 09, 2025 at 13:38:12 +0200, Enrique Llorente via Devel wrote: > This adds support for custom command line arguments for the passt > backend, similar to qemu:commandline. The feature allows passing > additional arguments to the passt process for development and testing > purposes. > > T

[libvirt PATCH] docs: hacking: Define policy forbidding use of AI code generators

This policy is a copy of what QEMU project is using [1] as there is no reason to use different policy, only modification is changing the project name and link to DCO. [1] Signed-off-by: Pavel Hrdina ---

[PATCH 2/2] src: fix package name in local pkg-config files

From: Daniel P. Berrangé The libvirt-lxc.pc.in and libvirt-qemu.pc.in files had the incorrect package name, though fortunately this appears to have been a harmless mistake. Signed-off-by: Daniel P. Berrangé --- src/libvirt-lxc.pc.in | 2 +- src/libvirt-qemu.pc.in | 2 +- 2 files changed, 2 in

[PATCH 1/2] src: add missing libvirt-admin.pc.in for local usage

From: Daniel P. Berrangé When using the 'run' script, we point pkg-config to files in $BUILD/src, which resolve to the local build tree. Unfortunately we forgot a libvirt-admin.pc.in, so the run script was not taking effect for the admin APIs. Signed-off-by: Daniel P. Berrangé --- src/libvirt-

[PATCH 0/2] Fix problems with local pkg-config files.

Daniel P. Berrangé (2): src: add missing libvirt-admin.pc.in for local usage src: fix package name in local pkg-config files src/libvirt-admin.pc.in | 19 +++ src/libvirt-lxc.pc.in | 2 +- src/libvirt-qemu.pc.in | 2 +- src/meson.build | 1 + 4 files changed,

Re: [PATCH] NEWS: Mention switch to virtio-scsi on ARM

On Mon, Jul 07, 2025 at 05:05:05PM -0600, Jim Fehlig via Devel wrote: > * **Improvements** > > + * qemu: Change default SCSI controller model to ``virtio-scsi`` for ARM > + > +The previous default of ``lsilogic`` is unsupported by modern operating > +systems. ``virtio-scsi`` is a more sui

Re: [PATCH] virdevmapper: Always use device name for finding targets

On 03/07/2025 00:39, Bhavin via Devel wrote: From: Bhavin Gandhi DM_TABLE_DEPS expects a device name in dm_ioctl.name. In one of the cases, full path of the device was getting returned causing the ioctl call to fail with `ENXIO (No such device or address)`. Also rename the function and variab

Re: Support cloning of VMs - part 2

On Mon, Jul 07, 2025 at 02:19:10PM +0100, Mark Cave-Ayland wrote: > Hi all, > > I'm currently looking at how libvirt can be used to clone a saved > VM, and have been focusing on the previous thread on this topic at > https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/YXN2L2PYL

Re: [PATCH v2] qemu: passt: add support for custom command line arguments

On Thu, Jul 10, 2025 at 8:59 AM Peter Krempa wrote: > > On Thu, Jul 10, 2025 at 08:39:18 +0200, Enrique Llorente Pastora wrote: > > On Thu, Jul 10, 2025 at 7:55 AM Peter Krempa wrote: > > > > > > On Wed, Jul 09, 2025 at 15:44:15 +0200, Enrique Llorente Pastora wrote: > > > > I have pushed a v3 wi

[PATCH v4 21/23] qemu: Support domain reset command for TDX guest

TDX guest doesn't support system_reset, so have to kill the old QEMU and start a new one to simulate the reset. This can be achieved by calling qemuProcessFakeRebootViaRecreate(). Simiar as FakeReboot, QEMU sends SHUTDOWN event with "host-signal" reason which can trigger another FakeReset. Check i

[PATCH v4 15/23] qemu: Add command line for TDX Quote Generation Service(QGS)

'tdx-guest' object supports a "quote-generation-socket" property for attestation purpose. When "quote-generation-socket" is configured in guest xml, libvirt generates unix socket format cmdline for QEMU. 'Path' element can be omitted, default path "/var/run/tdx-qgs/qgs.socket" is used in this case

Re: [PATCH v4 23/23] docs: domain: Add documentation for Intel TDX guest

On Thu, Jul 10, 2025 at 03:21:25AM -0400, Zhenzhong Duan wrote: > Signed-off-by: Zhenzhong Duan > --- > docs/formatdomain.rst | 63 +++ > 1 file changed, 63 insertions(+) Reviewed-by: Daniel P. Berrangé With regards, Daniel -- |: https://berrange.com

Re: [PATCH v4 22/23] qemuxmlconftest: Add latest version of 'launch-security-tdx*' test data

On Thu, Jul 10, 2025 at 03:21:24AM -0400, Zhenzhong Duan wrote: > We now have the '+inteltdx' variant dumped from a modern qemu with tdx > support, > add qemuxmlconftest data for that variant. > > Signed-off-by: Zhenzhong Duan > --- > ...h-security-tdx.x86_64-latest+inteltdx.args | 44 +

Re: [PATCH v4 14/23] conf: Add Intel TDX Quote Generation Service(QGS) support

On Thu, Jul 10, 2025 at 03:21:16AM -0400, Zhenzhong Duan wrote: > Add element "quoteGenerationService" to tdx launch security type. > It contains only an optional unix socket address attribute, > when omitted, libvirt will use default QGS server address > "/var/run/tdx-qgs/qgs.socket". > > UNIX so

Re: [PATCH v4 13/23] qemu_firmware: Pick the right firmware for TDX guests

On Thu, Jul 10, 2025 at 03:21:15AM -0400, Zhenzhong Duan wrote: > The firmware descriptors have 'intel-tdx' feature which > describes whether firmware is suitable for TDX guests. > Provide necessary implementation to detect the feature and pick > the right firmware if guest is TDX enabled. > > Sug

Re: [PATCH v4 12/23] qemu: log the crash information for TDX

On Thu, Jul 10, 2025 at 03:21:14AM -0400, Zhenzhong Duan wrote: > Since QEMU 10.1.0 commit id '6e250463b08b' guest crash information for > TDX is available in the QEMU monitor, e.g.: > > { > "timestamp": { > "seconds": 1752118704, > "microseconds": 27480 >

[PATCH v4 23/23] docs: domain: Add documentation for Intel TDX guest

Signed-off-by: Zhenzhong Duan --- docs/formatdomain.rst | 63 +++ 1 file changed, 63 insertions(+) diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index 9a2f065590..b1cecde947 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -95

[PATCH v4 22/23] qemuxmlconftest: Add latest version of 'launch-security-tdx*' test data

We now have the '+inteltdx' variant dumped from a modern qemu with tdx support, add qemuxmlconftest data for that variant. Signed-off-by: Zhenzhong Duan --- ...h-security-tdx.x86_64-latest+inteltdx.args | 44 +++ ...ch-security-tdx.x86_64-latest+inteltdx.xml | 75 +++ tes

[PATCH v4 20/23] qemu: Bypass sending VIR_DOMAIN_EVENT_RESUMED event when TD VM reboot

When TD VM reboot, qemu process is recreated by destroying old and creating new one. When new qemu process starts, it sends a RESUME event while libvirt domain isn't in run state yet. Then event VIR_DOMAIN_EVENT_RESUMED is sent out and confuse control plane. Check priv->pausedShutdown and bypass t

[PATCH v4 19/23] qemu: Send event VIR_DOMAIN_EVENT_[STOPPED|STARTED] during recreation

For secure guest, FakeReboot kills original QEMU instance and create new one which is quite different from normal guest. To reflect this fact, VIR_DOMAIN_EVENT_[STOPPED|STARTED] are sent to control plane with new introduced reasons VIR_DOMAIN_EVENT_[STOPPED|STARTED]_RECREATION. That would let con

[PATCH v4 18/23] qemu: Avoid duplicate FakeReboot for secure guest

For secure guest, FakeReboot kills original QEMU instance and create new one. During this process, QEMU send SHUTDOWN event with "host-signal" reason which can trigger another FakeReboot. Check if a FakeReboot is ongoing and bypass "host-signal" processing which originally comes from FakeReboot.

[PATCH v4 16/23] qemu: Add FakeReboot support for TDX guest

Utilize the existing fake reboot mechanism to do reboot for TDX guest. Different from normal guest, TDX guest doesn't support system_reset, so have to kill the old guest and start a new one to simulate the reboot. Co-developed-by: Chenyi Qiang Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P

[PATCH v4 17/23] qemu: Support reboot command in guest

We can reboot a TDX guest with 'virsh reboot' or 'virsh shutdown' if action for onPoweroff is 'restart'. But running reboot command in guest shell will always lead to shutdown. This behavior is not consistent with normal guest, fix it by checking shutdown reason and action configuration to trigger

[PATCH v4 14/23] conf: Add Intel TDX Quote Generation Service(QGS) support

Add element "quoteGenerationService" to tdx launch security type. It contains only an optional unix socket address attribute, when omitted, libvirt will use default QGS server address "/var/run/tdx-qgs/qgs.socket". UNIX sockets offer the required functionality with greater security than vsock, so

[PATCH v4 13/23] qemu_firmware: Pick the right firmware for TDX guests

The firmware descriptors have 'intel-tdx' feature which describes whether firmware is suitable for TDX guests. Provide necessary implementation to detect the feature and pick the right firmware if guest is TDX enabled. Suggested-by: Daniel P. Berrangé Signed-off-by: Zhenzhong Duan --- src/qemu/

[PATCH v4 12/23] qemu: log the crash information for TDX

Since QEMU 10.1.0 commit id '6e250463b08b' guest crash information for TDX is available in the QEMU monitor, e.g.: { "timestamp": { "seconds": 1752118704, "microseconds": 27480 }, "event": "GUEST_PANICKED", "data": { "action":

[PATCH v4 11/23] qemu: Force special parameters enabled for TDX guest

TDX guest requires some special parameters to boot, currently: "kernel_irqchip=split" "pmu!=on" "smm!=on" "-bios" If not specified explicitly, QEMU should configure this option implicitly when start a TDX guest. Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé --- src/qemu/qe

[PATCH v4 10/23] conf: Expose TDX type in domain launch security capability

As the tdx launch security type support is added, expose it in domain capabilities so that domain definition validation check can take effect. Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé --- src/qemu/qemu_capabilities.c | 2 ++ tests/domaincapsdata/

[PATCH v4 09/23] qemu: Add command line and validation for TDX type

QEMU will provides 'tdx-guest' object which is used to launch encrypted VMs on Intel platform using TDX feature. Command line looks like: $QEMU ... \ -object '{"qom-type":"tdx-guest","id":"lsec0","mrconfigid":"xxx","mrowner":"xxx","mrownerconfig":"xxx","attributes":268435457}' \ -machine pc-

[PATCH v4 08/23] conf: Validate TDX launchSecurity element mrConfigId/mrOwner/mrOwnerConfig

mrConfigId/mrOwner/mrOwnerConfig are base64 encoded SHA384 digest, can be provided for TDX attestation. Check their decoded lengths to ensure they are 48 bytes. Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé --- src/conf/domain_validate.c | 12 +++- 1 file changed, 11 in

[PATCH v4 07/23] conf: Add tdx as launch security type

When 'tdx' is used, the VM will be launched with Intel TDX feature enabled. TDX feature supports running encrypted VM (Trust Domain, TD) under the control of KVM. A TD runs in a CPU model which protects the confidentiality of its memory and its CPU state from other software. There are four optiona

[PATCH v4 06/23] conf: Expose TDX feature in domain capabilities

Extend qemu TDX capability to domain capabilities. Signed-off-by: Chenyi Qiang Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé --- docs/formatdomaincaps.rst | 1 + src/conf/domain_capabilities.c | 1 + src/conf/domain_capabilities.

[PATCH v4 05/23] qemu: Add QEMU_CAPS_TDX_GUEST capability

QEMU_CAPS_TDX_GUEST set means TDX supported with this QEMU. Signed-off-by: Chenyi Qiang Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé Reviewed-by: Peter Krempa --- src/qemu/qemu_capabilities.c | 2 ++ src/qemu/qemu_capabilities.h

[PATCH v4 03/23] qemucapabilitiesdata: Document '+inteltdx' variant

Upcoming patch will introduce test data from an TDX-enabled host. Document the new variant. Signed-off-by: Zhenzhong Duan Reviewed-by: Peter Krempa --- tests/qemucapabilitiesdata/README.rst | 5 + 1 file changed, 5 insertions(+) diff --git a/tests/qemucapabilitiesdata/README.rst b/tests/q

[PATCH v4 02/23] qemu: Check if INTEL Trust Domain Extention support is enabled

Implement TDX check in order to generate domain feature capability correctly in case the availability of the feature changed. For INTEL TDX the verification is: - checking if "/sys/module/kvm_intel/parameters/tdx" contains the value 'Y': meaning TDX is enabled in the host kernel. Signed-off-b

[PATCH v4 01/23] tools: Secure guest check for Intel in virt-host-validate

Add check in virt-host-validate for secure guest support on x86 for Intel Trust Domain Extentions. Suggested-by: Daniel P. Berrangé Signed-off-by: Zhenzhong Duan Reviewed-by: Daniel P. Berrangé Reviewed-by: Xiaoyao Li --- tools/virt-host-validate-common.c | 31 ++-

[PATCH v4 00/23] LIBVIRT: X86: TDX support

Hi, This series brings libvirt the x86 TDX support. * What's TDX? TDX stands for Trust Domain Extensions which isolates VMs from the virtual-machine manager (VMM)/hypervisor and any other software on the platform. This patchset extends libvirt to support TDX, with which one can start a TDX guest