Bug 1425058

Summary: [RFE] libvirt: Provide a way to disable ROM loading completely for a device
Product: Red Hat Enterprise Linux 7 Reporter: Andrea Bolognani <abologna>
Component: libvirtAssignee: Andrea Bolognani <abologna>
Status: CLOSED ERRATA QA Contact: yalzhang <yalzhang>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.3CC: abologna, berrange, cww, drjones, dyuan, eglynn, gchakkar, jdenemar, kraxel, lersek, lmen, michal.skrivanek, mtessun, redhat-bugzilla, sraje, xuzhang
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: libvirt-4.3.0-1.el7 Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-10-30 09:49:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1374176, 1477664    

Description Andrea Bolognani 2017-02-20 13:12:21 UTC
QEMU accepts an empty string for the 'romfile' property
as a means to disable ROM loading altogether; however

  <rom file=''/>

is refused at validation time by our RelaxNG schema.

The schema should be adjusted to allow this.

Comment 1 Andrea Bolognani 2017-02-20 13:22:13 UTC
A couple of super-quick questions:

  * Is there a problem with having

      romfile=

    as opposed to

      romfile='' or romfile=""

    on the QEMU command line, or are the two notations
    completely equivalent?

  * libvirt currently supports the <rom/> element (and
    consequently a way for the user to pick the values
    of the 'rombar' and 'romfile' properties) only for
    network interfaces, either emulated (<interface>
    element) or assigned from the host (<hostdev>
    element). Is the empty string a valid value for
    the 'romfile' property in both cases?

Thanks :)

Comment 2 Daniel Berrangé 2017-02-20 13:27:29 UTC
Essentially QEMU has overloaded 2 separate properties (ROM on/off and file path) onto a single property. We shouldn't follow that in libvirt as this is not portable semantics wrt other hypervisors. We should have an explicit attribute to enable/disable ROMs and not rely on a magic filepath.

Comment 3 Gerd Hoffmann 2017-02-20 13:48:46 UTC
>   * Is there a problem with having
> 
>       romfile=

That is the correct one.

>       romfile='' or romfile=""

That'll only work of you run qemu from the shell.
The "" and '' are interpreted by the shell and qemu will not set them.

Comment 4 Andrea Bolognani 2017-02-20 13:57:06 UTC
(In reply to Daniel Berrange from comment #2)
> Essentially QEMU has overloaded 2 separate properties (ROM on/off and file
> path) onto a single property. We shouldn't follow that in libvirt as this is
> not portable semantics wrt other hypervisors. We should have an explicit
> attribute to enable/disable ROMs and not rely on a magic filepath.

So you would propose leaving the current requirements on
the value of 'file' alone, and add something like

  <rom enable='no'/>

to disable ROM loading entirely, which would then be
mapped to

  romfile=

on the QEMU command line? Sound sensible to me.

Note that

  <rom file=''/>

is already handled by libvirt, eg. the schema will forbid
it, but you can ignore the XML validation error and keep it
around. Should we make an attempt to convert such guests to
the new property, or is it just not worth the effort?

Comment 5 Daniel Berrangé 2017-02-20 14:04:20 UTC
If we changed existing guests, that might cause migration fun for old libvirt,

Comment 6 Andrea Bolognani 2017-02-20 14:13:40 UTC
(In reply to Daniel Berrange from comment #5)
> If we changed existing guests, that might cause migration fun for old
> libvirt,

Yeah, that was my guess too :)

Comment 7 Laszlo Ersek 2017-02-20 15:09:09 UTC
(In reply to Daniel Berrange from comment #2)
> Essentially QEMU has overloaded 2 separate properties (ROM on/off and file
> path) onto a single property.

QEMU distinguishes the following cases:

(1) romfile=<empty_string>, with rombar=[01] irrelevant -- this disables PCI
    oprom loading for the device entirely
(2) romfile=<pathname>, rombar=1 -- the PCI oprom is loaded into the PCI
    device's ROM BAR
(3) romfile=<pathname>, rombar=0 -- the PCI oprom is loaded into a dedicated
    fw_cfg file called "genroms/%s", where "%s" is replaced by the basename
    of the host filesystem file that the oprom is loaded from.

For a long time, the domain XML schema had accepted <rom file=''/>, mapping it to case (1). At some point it started rejecting <rom file=''/>.

For UEFI guests, this was no problem, because for them, (1) and (3) behave identically (UEFI ignores "genroms/*" in fw_cfg). So it wasn't hard to flip these guests from <rom file=''/> to <rom bar='off'/>; any nonempty QEMU default for romfile=... would be ignored by the UEFI guest anyway, because the PCI ROM BAR would not be present.

However, for SeaBIOS guests, (1) and (3) are different, thus some way to re-expose (1) in the domain XML would be good.

Also, under (3), on the QEMU level, if the default <pathname> cannot be resolved on the filesystem (for example because the default option ROMs are not installed), QEMU will whine on stderr (although it will start). In this aspect, (1) and (3) are not equivalent even for UEFI guests.

> We shouldn't follow that in libvirt as this is
> not portable semantics wrt other hypervisors. We should have an explicit
> attribute to enable/disable ROMs and not rely on a magic filepath.

If that's feasible, it's likely the best solution.

Comment 8 Laszlo Ersek 2017-02-20 15:14:17 UTC
(In reply to Andrea Bolognani from comment #1)
> A couple of super-quick questions:
> 
>   * Is there a problem with having
> 
>       romfile=
> 
>     as opposed to
> 
>       romfile='' or romfile=""
> 
>     on the QEMU command line, or are the two notations
>     completely equivalent?


Gerd answered this in comment 3.

>   * libvirt currently supports the <rom/> element (and
>     consequently a way for the user to pick the values
>     of the 'rombar' and 'romfile' properties) only for
>     network interfaces, either emulated (<interface>
>     element) or assigned from the host (<hostdev>
>     element). Is the empty string a valid value for
>     the 'romfile' property in both cases?

romfile=<empty_string> is suitable for all PCI devices. The property is defined in QEMU's "hw/pci/pci.c", for TYPE_PCI_DEVICE ("pci-device"). All classes derived from TYPE_PCI_DEVICE inherit the property, and the property is handled in common code (pci_add_option_rom() [hw/pci/pci.c]).

Comment 9 Andrew Jones 2017-02-20 16:20:51 UTC
Additional info:

Currently it's not possible to use virsh attach-interface on rombar-less installations. QEMU errors out with, e.g.

 error: Failed to attach interface
 error: internal error: unable to execute QEMU command 'device_add': failed to find romfile "pxe-virtio.rom"

Attempting virsh attach-device instead with the following xml

 <interface type='bridge'>
   <source bridge='br0'/>
   <model type='virtio'/>
   <rom bar='off'/>
 </interface>

fails with

 error: Failed to attach device from interface.xml
 error: internal error: unable to execute QEMU command 'device_add': Hot-plugged device without ROM bar can't have an option ROM

Changing the xml to

 <interface type='bridge'>
   <source bridge='br0'/>
   <model type='virtio'/>
   <rom file=''/>
 </interface>

works.

Comment 11 Robert Scheck 2017-06-28 23:45:40 UTC
Cross-filed ticket 01880358 on the Red Hat customer portal.

Comment 17 Robert Scheck 2017-07-04 22:41:37 UTC
Not sure how much relevance this exactly has here, but virt-manager is
currently also not able to handle disabling ROM loading for a NIC.

Comment 18 Andrea Bolognani 2017-07-10 11:53:16 UTC
(In reply to Robert Scheck from comment #17)
> Not sure how much relevance this exactly has here, but virt-manager is
> currently also not able to handle disabling ROM loading for a NIC.

The virt-manager part would need a separate bug report.

It's unclear to me whether such a feature would be
appropriate for virt-manager though, as it's an exceedingly
narrow use case and, much like this very bug, mostly
irrelevant now that Bug 1337510 has been addressed.

Comment 19 Laszlo Ersek 2017-07-13 00:58:30 UTC
I think I may have found another (general) issue with the <rom bar='off'/> workaround. It affects UEFI guests primarily. From comment #7:

> (3) romfile=<pathname>, rombar=0 -- the PCI oprom is loaded into a dedicated
>     fw_cfg file called "genroms/%s", where "%s" is replaced by the basename
>     of the host filesystem file that the oprom is loaded from.
>
> [...]
>
> [...] under (3), on the QEMU level, if the default <pathname> cannot be
> resolved on the filesystem (for example because the default option ROMs are
> not installed), QEMU will whine on stderr (although it will start).

It gets worse than whining if:
- we use multiple instances of a device model that comes with a default
  romfile pathname,
- and the romfile *is* installed on the system,
- and we try to use rombar=0 (possibly via libvirt's <rom bar='off'/>) to
  keep the romfile out of the PCI ROM BAR.

Namely, we'll see a "genroms/%s" conflict, and QEMU will refuse to start:

qemu-system-x86_64 \
  -device virtio-net-pci,id=vnet1,rombar=0 \
  -device virtio-net-pci,id=vnet2,rombar=0

qemu-system-x86_64: -device virtio-net-pci,id=vnet2,rombar=0: duplicate fw_cfg file name: genroms/efi-virtio.rom

This is quite easy to trigger with a VM that is hooked into two subnets (with two separate virtio NICs):

    <interface type='network'>
      <source network='net-1'/>
      <model type='virtio'/>
      <rom bar='off'/>
    </interface>
    <interface type='network'>
      <source network='net-2'/>
      <model type='virtio'/>
      <rom bar='off'/>
    </interface>

Comment 23 Yaniv Kaul 2018-03-15 09:36:21 UTC
I doubt, but adding Michal.

Comment 24 Michal Skrivanek 2018-03-15 09:56:26 UTC
nope, RHV doesn't need that

Comment 33 Andrea Bolognani 2018-04-20 15:45:21 UTC
Patches posted upstream.

  https://www.redhat.com/archives/libvir-list/2018-April/msg02077.html

Comment 34 Andrea Bolognani 2018-04-23 13:24:02 UTC
Merged upstream.

commit 4d11d9a2922bf3272a697cffe396d05cae373e12
Author: Andrea Bolognani <abologna@redhat.com>
Date:   Fri Apr 20 17:17:11 2018 +0200

    qemu: Format rom.enabled attribute for PCI devices
    
    The attribute can be used to disable ROM loading completely
    for a device.
    
    This might be needed because, even when the guest is configured
    such that the PCI ROM will not be loaded in the PCI BAR, some
    hypervisors (eg. QEMU) might still make it available to the
    guest in a form (eg. fw_cfg) that some firmwares (eg. SeaBIOS)
    will consume, thus not achieving the desired result.
    
    Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1425058
    
    Signed-off-by: Andrea Bolognani <abologna@redhat.com>

v4.2.0-451-g4d11d9a292

Comment 36 yalzhang@redhat.com 2018-06-01 13:20:19 UTC
Test on libvirt-4.3.0-1.el7.x86_64:
1. It fails to disable the pxe boot when try uefi pxe boot with virtio(see below details), please help to check;

2. The issues in comment 9 and comment 19 are not fixed.
comment 9: hotplug interface with <rom bar='off'/> fail
comment 19: vm with 2 interface both has <rom bar='off'/> fails to start(vm with seabios)

3. If the comment 0 is a issue and need to be fixed that <rom file=''> fail to validate but can be ignored?
# virsh edit q  
====> add <rom file=''/> into interface xml

error: XML document failed to validate against schema: Unable to validate doc against /usr/share/libvirt/schemas/domain.rng
Extra element devices in interleave
Element domain failed to validate content

Failed. Try again? [y,n,i,f,?]: ===>  press 'i'
Domain q XML configuration edited.



#####################  Details for 1 #######################
1). Prepare a pxe server for UEFI on one host, and prepare a Q35 vm on anther host, connect the 2 host in P-2-P connection. 
# virsh dumpxml q 
...
  <os>
    <type arch='x86_64' machine='pc-q35-rhel7.5.0'>hvm</type>
    <loader readonly='yes' secure='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader>
    <nvram>/var/lib/libvirt/qemu/nvram/q_VARS.fd</nvram>
  </os>
...
<interface type='direct'>
      <mac address='52:54:00:58:b8:7a'/>
      <source dev='eno1' mode='bridge'/>
      <model type='virtio'/>
      <boot order='1'/>
      <rom enabled='no'/>
      <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
    </interface>
...

2). Start the vm, and check the vm can pxe boot by network interface.


Other scenarios & configs tested as below, and it works as expected.
1. direct type + legacy bios + virtio/rtl8139/e1000/e1000e:
2. direct type + OVMF + rtl8139/e1000/e1000e:

config 1: <rom enabled='no'/>  ---> PASS, can not pxe boot
config 2: <rom enabled='yes'/> ---> PASS, can pxe boot
config 3: no rom setting  ---> PASS, can pxe boot

3. vf passthrough(hostdev interface) + legacy bios
4. vf passthrough(hostdev device) + legacy bios
5. pf passthrough(hostdev device) + legacy bios

config 1: <rom enabled='no'/>  ---> PASS, can not pxe boot
config 2: <rom enabled='yes' file='/usr/share/ipxe/808610ca.rom'/> ---> PASS, can pxe boot
config 3: <rom file='/usr/share/ipxe/808610ca.rom'/>  ---> PASS, can pxe boot
config 4: set "rom enabled='no'" together with "rom bar" or "rom file" will report error:
# virsh edit rhel
...
 <rom enabled='no' bar='off'/>

error: unsupported configuration: ROM tuning is not supported when ROM is disabled
Failed. Try again? [y,n,i,f,?]: 

It makes sense.

Have not test vf/pf passthrouth with UEFI because the oprom you used had no UEFI image(refer bug 1278421 #21)

Comment 37 Andrea Bolognani 2018-06-05 15:40:55 UTC
(In reply to yalzhang@redhat.com from comment #36)
> Test on libvirt-4.3.0-1.el7.x86_64:
> 1. It fails to disable the pxe boot when try uefi pxe boot with virtio(see
> below details), please help to check;

I'm not sure I quite get what you're trying to say: the report below
seems to mark all cases as PASS. In any case, I'll leave looking
further into this up to Laszlo and others, since AFAIU libvirt has
generated the expected command line (let me know if that is not
actually the case) but the guest is still not behaving as intended.

> 2. The issues in comment 9 and comment 19 are not fixed.
> comment 9: hotplug interface with <rom bar='off'/> fail

That's weird, it should not happen with Bug 1337510 having been
addressed.

But I see you're testing on x86_64 instead of aarch64, so that
could be muddying the water somewhat. Can you please report the
actual error message in this case?

Either way, you should also try using <rom enabled='no'/>
instead of <rom bar='off'/> and see whether it still fails.

> comment 19: vm with 2 interface both has <rom bar='off'/> fails to start(vm
> with seabios)

That's expected: nothing's changed in the handling of
<rom bar='off'/> so you're still hitting the clash Laszlo described
in Comment 19.

Using <rom enabled='no'/> instead of <rom bar='off'/> should allow
the guest to start.

> 3. If the comment 0 is a issue and need to be fixed that <rom file=''> fail
> to validate but can be ignored?
> # virsh edit q  
> ====> add <rom file=''/> into interface xml
> 
> error: XML document failed to validate against schema: Unable to validate
> doc against /usr/share/libvirt/schemas/domain.rng
> Extra element devices in interleave
> Element domain failed to validate content
> 
> Failed. Try again? [y,n,i,f,?]: ===>  press 'i'
> Domain q XML configuration edited.

It was agreed that such an XML should indeed generate a validation
error, and that's exactly why a new attribute was introduced. So
libvirt is working as expected here.

Comment 38 Laszlo Ersek 2018-06-05 16:49:26 UTC
(In reply to Andrea Bolognani from comment #37)
> (In reply to yalzhang@redhat.com from comment #36)
> > Test on libvirt-4.3.0-1.el7.x86_64:
> > 1. It fails to disable the pxe boot when try uefi pxe boot with virtio(see
> > below details), please help to check;
> 
> I'm not sure I quite get what you're trying to say: the report below
> seems to mark all cases as PASS. In any case, I'll leave looking
> further into this up to Laszlo and others, since AFAIU libvirt has
> generated the expected command line (let me know if that is not
> actually the case) but the guest is still not behaving as intended.

This is expected (in fact, intended) behavior with virtio-net NICs -- OVMF and AAVMF contain a built-in virtio-net driver called "VirtioNetDxe".

The UEFI driver for virtio-net that is normally exposed to the guest in the NIC's option ROM BAR comes from the iPXE project, and normally it takes priority over the built-in VirtioNetDxe driver. If you prevent the loading of the iPXE oprom (either by disabling the ROM BAR, or by setting the ROM file pathname to the empty string, or by having arch/board-specific QEMU quirks such as bug 1337510), then the firmware falls back to VirtioNetDxe. This is 100% intended behavior.

Comment 40 yalzhang@redhat.com 2018-06-06 05:27:14 UTC
Scenario 1: live update "rom enabled" setting ---> FAIL 
(report succeed but no change, should report error like "error: Operation not supported: cannot modify network device rom enabled setting")

Scenario 2: hotplug/unplug with "rom enabled" setting ---> PASS

Details:
Scenario 1: live update
# virsh dumpxml rhel | grep /interface -B9
    <interface type='direct'>
      <mac address='52:54:00:78:36:26'/>
      <source dev='eno1' mode='bridge'/>
      <target dev='macvtap0'/>
      <model type='rtl8139'/>
      <boot order='1'/>
      <alias name='net0'/>
      <rom enabled='no'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x09' function='0x0'/>
    </interface>

# cat direct.xml
<interface type='direct'>
      <mac address='52:54:00:78:36:26'/>
      <source dev='eno1' mode='bridge'/>
      <target dev='macvtap0'/>
      <model type='rtl8139'/>
      <boot order='1'/>
      <alias name='net0'/>
  *** <rom enabled='yes'/> ***
      <address type='pci' domain='0x0000' bus='0x00' slot='0x09' function='0x0'/>
    </interface>

# virsh update-device rhel direct.xml
Device updated successfully

# virsh dumpxml rhel | grep /interface -B9
    <interface type='direct'>
      <mac address='52:54:00:78:36:26'/>
      <source dev='eno1' mode='bridge'/>
      <target dev='macvtap0'/>
      <model type='rtl8139'/>
      <boot order='1'/>
      <alias name='net0'/>
      <rom enabled='no'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x09' function='0x0'/>
    </interface>

When live update file path:
# virsh update-device rhel direct_file.xml
error: Failed to update device from direct.xml
error: Operation not supported: cannot modify network rom file

# virsh update-device rhel direct_bar.xml
error: Failed to update device from direct.xml
error: Operation not supported: cannot modify network device rom bar setting

Comment 41 yalzhang@redhat.com 2018-06-06 07:01:12 UTC
Hi Andrea, Thank you for your feedback, please check comment 40.

For the issue in comment 9, I have not tried on aarch64, only on x86_64. And the bug 1337510 is for qemu-kvm-rhev. So I would not report the error on that qemu case. I found it happens only for qemu emulated nics, not for hostdev, see below:
# rpm -q libvirt qemu-kvm-rhev
libvirt-4.3.0-1.el7.x86_64
qemu-kvm-rhev-2.12.0-3.el7.x86_64

1. Start vm with <rom bar='off'/>, succeed:
# virsh dumpxml rhel |grep /interface -B6
    <interface type='network'>
      <mac address='52:54:00:e7:11:12'/>
      <source network='default'/>
      <model type='rtl8139'/>
      <rom bar='off'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x0c' function='0x0'/>
    </interface>

# virsh start rhel
Domain rhel started

2. Hotplug interface with <rom bar='off'/> with emulated model types, failed:
# cat interface.xml
<interface type='network'>
      <source network='default'/>
      <rom bar='off'/>
<model type='rtl8139/virtio/e1000/e1000e'/> *** each type both failed
</interface>

# virsh attach-device rhel interface.xml
error: Failed to attach device from interface.xml
error: internal error: unable to execute QEMU command 'device_add': Hot-plugged device without ROM bar can't have an option ROM

3. hotplug hostdev interface with <rom bar='off'/>, succeed:
# cat  hostdev.xml
<interface type='hostdev' managed='yes'>
  <source>
    <address type='pci' domain='0x0000' bus='0x04' slot='0x10' function='0x0'/>
  </source>
<rom bar='off'/>
</interface>

# virsh attach-device rhel hostdev.xml
Device attached successfully

Do you think it should be fixed?

And also for comment 19, maybe we need open another bug for these 2 as they are not related with the customer request in this case.

Comment 42 Laszlo Ersek 2018-06-06 15:03:26 UTC
(1) Updating the rom/@enable attribute for a running domain:

    According to the virsh documentation, the "update-device" sub-command
    updates the current domain state, if no flags are given. (I.e., modify
    runtime state only if the domain is running, and modify the persistent
    configuration if the domain is shut down.)

    Similarly, the "dumpxml" sub-command, when invoked for a running domain
    without "--inactive", seems to be documented to dump the runtime state.

    So the issue report seems valid to me, either "update-device" should
    fail on a running domain for rom/@enable (like it apparently does for
    rom/@bar and rom/@file), or else its success should be reflected by
    dumpxml.

    (I hope my comments are not unwelcome, this is partly to educate
    myself.)

(2) Regarding comment 9, I don't think "attach-interface" should be tested
    with <rom bar='off'/> *at all*.

    We've established that <rom bar='off'/> is not what we're after; that's
    why <rom enable='...'/> has been introduced. In other words,
    "attach-interface" should be tested with <rom enable='no'/> instead.

    The difference at the QEMU level is that <rom bar='off'/> sets the
    "rombar" property to false, but it does not touch the "romfile"
    property, which is a non-empty pathname for (a) virtual devices on (b)
    the x86_64 target. QEMU is right to complain about this configuration.
    The fix is to ignore the "rombar" property completely and to set the
    "romfile" property to the empty string. Which is exactly what <rom
    enable='no'/> does.

    (a) QEMU doesn't complain about hostdev hotplug with <rom bar='off'/> on
        x86_64 because the "romfile" property is by default "" for hostdev.

    (b) QEMU doesn't complain about virtio-net hotplug with <rom bar='off'/>
        on aarch64 because we changed the "romfile" default to "" on
        aarch64, in bug 1337510.

(3) Regarding comment 19, no new BZ is necessary. That case is also solved
    by <rom enable='no'/>.

    That's because, with "romfile" set to "", no ROM file is loaded into
    "genroms/%s"-style fw_cfg files either, so they cannot conflict between
    each other.

Summary:

- IMO, "update-device" should indeed either reject modifying rom/@enable for
  a running domain, or if it reports success, the result should be reflected
  by a subsequent "dumpxml" (for the active domain).

- The "attach-interface" tests with <rom bar='off'/> are invalid and out of
  scope, they should be repeated with <rom enable='no'/> instead.

- <rom enable='no'/> can be specified for multiple <interface> elements at
  the same time; it should be easy to test. Again, <rom bar='...'/> is
  simply irrelevant here.

Comment 43 yalzhang@redhat.com 2018-07-05 05:34:34 UTC
Thank Laszlo for the detailed and clear feedback on comment 42.

So the '(1) Updating the rom/@enable attribute for a running domain' need to be fixed here, details see comment 40

Comment 44 Andrea Bolognani 2018-07-09 14:57:09 UTC
(In reply to yalzhang@redhat.com from comment #43)
> Thank Laszlo for the detailed and clear feedback on comment 42.
> 
> So the '(1) Updating the rom/@enable attribute for a running domain' need to
> be fixed here, details see comment 40

Agreed, we should give better feedback if the user is trying to update
the device and we are unable to comply with the request.

Can you please file a separate bug for that?

Comment 45 yalzhang@redhat.com 2018-07-10 01:35:14 UTC
(In reply to Andrea Bolognani from comment #44)
> (In reply to yalzhang@redhat.com from comment #43)
> > Thank Laszlo for the detailed and clear feedback on comment 42.
> > 
> > So the '(1) Updating the rom/@enable attribute for a running domain' need to
> > be fixed here, details see comment 40
> 
> Agreed, we should give better feedback if the user is trying to update
> the device and we are unable to comply with the request.
> 
> Can you please file a separate bug for that?

Thank you Andrea, file one Bug 1599513, and move this bug to be verified.

Comment 50 errata-xmlrpc 2018-10-30 09:49:43 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:3113