Peter Krempa [Wed, 27 Aug 2025 13:32:33 +0000 (15:32 +0200)]
kbase: live_full_disk_backup: Improve the document
Changes:
- fixed emphasis on the API name and some operations
- fixed the output example of some commands
- added warning to avoid the snapshot+copy+commit approach as it's a
bit dangerous
- added --no-metadata to avoid creating snapshot XML
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 27 Aug 2025 13:13:36 +0000 (15:13 +0200)]
css: Add style for '.. note:' and '.. warning:' rST roles
One of our kbase docs already uses '.. note:' and we could use e.g.
'.. warning:' to replace some of emphasiszed paragraphs to make them
more prominent.
Introduce style for the generated HTML to add some hilight for them.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 26 Aug 2025 11:57:42 +0000 (13:57 +0200)]
daemon: Drop log level of VIR_ERR_NO_SUPPORT to debug
The error code signals that the API the user called is not supported by
the driver. This can happen with some hypervisor drivers which don't
have everything implemented yet. There's no point in spamming the log
with it.
Closes: https://gitlab.com/libvirt/libvirt/-/issues/805 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Peter Krempa [Tue, 26 Aug 2025 11:49:48 +0000 (13:49 +0200)]
qemu: hotplug: Audit device detach before deleting it
Commit f30843142aa0836423f5e3ff7a45707eb13ce553 introduced a code path
for solving a race when qemu doesn't know about a device but libvirt
still does. The patch introduced a call to 'qemuDomainRemoveDevice'
(which deletes/frees the device definition) and placed it before the
call to 'qemuDomainRemoveAuditDevice' (which accesses the device
definition to do the audit log reporting).
Reorder them to prevent the qemu driver crashing in the corner case
where qemu already detached the device but libvirt didn't yet process
it, which can be triggered by calling the asynchronous
'virDomainDetachDeviceAlias' API.
In addition in case when we're about to delete the device and return
success we need to also report successful detach in the audit log so the
logic calling the auditing function needs to be fixed as well.
Resolves: https://issues.redhat.com/browse/RHEL-110191 Fixes: f30843142aa0836423f5e3ff7a45707eb13ce553 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Implement domainBlockStats for the bhyve driver. Only the read/write
operations counts are reported as FreeBSD apparently doesn't support
accumulative bytes read or written, though real-time data is available
via rctl(8). There's also no information about the errors.
Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Hector Cao [Wed, 20 Aug 2025 15:49:59 +0000 (17:49 +0200)]
virt-aa-helper: Avoid duplicate when append rule
when a device is dynamically attached to a VM, and it needs a special
system access for apparmor, libvirt calls virt-aa-helper (with argument -F)
to append a new rule to the apparmor profile of the VM. virt-aa-helper does
not check for duplicate and blindly appends the rule to the profile. since
there is no rule removal when a device is detached, this can make the profile
grow in size if a big number of attach/detach operations are done and the
profile might hit the size limit and futur attach operations might dysfunction
because no rule can be added into the apparmor profile.
this patch tries to mitigate this issue by doing a duplicate check
when rules are appended into the profile. this fix does not guarantee
the absence of duplicates but should be enough to prevent the profile
to grow significantly in size and reach its size limit.
Signed-off-by: Hector CAO <hector.cao@canonical.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Older libvirt versions still only work if 'encryption_key' is enabled
in the server and client certificates. Add a note.
Suggested-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Sebastian Mitterle <smitterl@redhat.com>
docs/tlscerts: document need for socket activation
Mention that the tls socket needs to be started and the libvirtd
or virtproxyd service might have to be started.
If this is not done the user might run into connection issues and
it seems this is not mentioned elsewhere in the docs.
Suggested-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Sebastian Mitterle <smitterl@redhat.com>
Michal Privoznik [Tue, 19 Aug 2025 08:01:11 +0000 (10:01 +0200)]
spec: Package newly introduced CH conf files
In a recent commit of v11.6.0-25-g5dca0567f6 new config files for
the CH driver were introduced. But corresponding change to the
specfile was missing resulting in a broken rpmbuild. Just put
those files into daemon-driver-ch rpm.
Fixes: 5dca0567f694a7405ca3e796149aed857b1f6090 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Stefan Kober [Mon, 18 Aug 2025 09:20:54 +0000 (11:20 +0200)]
ch: add log level configuration option
Allow a user to set the verbosity of the cloud hypervisor instances by
specifying it in the ch.conf configuration file.
Signed-off-by: Stefan Kober <stefan.kober@cyberus-technology.de> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Stefan Kober [Mon, 18 Aug 2025 09:20:53 +0000 (11:20 +0200)]
ch: Add config file support
Similar to the QEMU driver, the ch driver receives support for
configuration files that allows doing certain configuration on the
virtchd daemon.
The initial use case will be setting the verbosity of the cloud
hypervisor instances started by virtchd, but the implementation allows
for adding further options.
Signed-off-by: Stefan Kober <stefan.kober@cyberus-technology.de> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Michal Privoznik [Wed, 13 Aug 2025 13:36:48 +0000 (15:36 +0200)]
qemuxmlconftest: Paper over test failure at MacOS
MacOS has its own dynamic linker (dyld) which is different to
Linux/BSD one. But with a little help (by setting
"DYLD_FORCE_FLAT_NAMESPACE" env var) it would behave similarly to
Linux/BSD ones. In particular, if a library is preloaded via
"DYLD_INSERT_LIBRARIES" on MacOS or "LD_PRELOAD" on Linux/BSD,
then dlsym(RTLD_NEXT, ...) considers ALL preloaded libraries. For
instance, the virFileCanonicalizePath() is reimplemented in
virpcimock and qemuxml2argvmock. Each one of these
reimplementations uses dlsym(RTLD_NEXT, ...) to look up and call
virFileCanonicalizePath() from next library in the queue and
possibly even the actual implementation from libvirt.so.
This chaining of mocks allows us to have mock libraries that
create stable, reproducible environment for tests.
Now, because of unknown reason Apple decided to remove the flat
namespace feature [1] (I recommend to just clone the repo and
view the commit via 'git show' as github's web interface hides
interesting bits away). They did so in 2022. And it wasn't until
my commit of v11.6.0-19-g12c35ab161 that we've noticed this,
because until that commit no two mock reimplemented the same
function. Well, now they do and with flat namespaces gone the
dlsym(RLTD_NEXT, ...) returns an address from libvirt.so instead
of from next mock on the list.
Since reimplementation of virFileCanonicalizePath() in
qemuxml2argvmock.c is only to cover a case on some Linux systems
and virpcimock.c creates full sysfs imitation of PCI devices, the
latter is more important than the former.
Therefore, switch order of those mocks.
On Linux/BSD this has virtually no effect, but on MacOS it fixes
the qemuxmlconftest failure.
1: https://github.com/apple-oss-distributions/dyld/commit/9a9e3e4cfa7de205d61f4114c9b564e4bab7ef7f Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
James Le Cuirot [Thu, 24 Jul 2025 13:49:38 +0000 (14:49 +0100)]
qemu: Match firmware with fully resolved and canonicalized paths
Distros may provide compatibility symlinks after moving firmware files
around, but they won't work for existing VMs when doing a straight
string comparison.
I tried to compare inodes instead, but even glib doesn't provide a
straightforward cross-platform method to do this.
Resolves: https://bugs.gentoo.org/960591 Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Thu, 31 Jul 2025 09:19:43 +0000 (11:19 +0200)]
qemuxml2argvmock: Pretend FW blobs are always present
Soon, the QEMU driver, specifically the part that picks firmware
based on firmware descriptor files (qemu_firmware.c) is going to
check for the presence of those firmware blobs (well, for their
realpath()). Just collect the list of all blobs we use in our
tests and mock virFileCanonicalizePath() so that for any path on
that list its strdup()-ed version is returned.
This means, qemuxmlconftest won't touch host files really.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Pavel Hrdina [Thu, 10 Jul 2025 09:23:26 +0000 (11:23 +0200)]
docs: hacking: Define policy forbidding use of AI code generators
This policy is a copy of what QEMU project is using [1] as there is no
reason to use different policy, only modification is changing the
project name and link to DCO.
Peter Krempa [Thu, 31 Jul 2025 12:14:05 +0000 (14:14 +0200)]
virCHDomainRefreshThreadInfo: Don't trust vcpu ID returned by hypervisor
The hypervisor may return an index out of range of current vCPUs
defined in the domain which would cause a NULL dereference. Validate
that the vCPU struct with ID fetched from hypervisor exists before
dereferencing it.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Implementation uses pf's anchor feature to group rules. All rules live
in the "libvirt" anchor and every libvirt's network has its own
sub-anchor.
Currently there are some assumptions and limitations:
- We assume that a user has created the "libvirt" (nat-)anchors. As
they cannot be created on fly, it's better not to touch global pf
configuration and let the user do the changes. If the user doesn't
have these anchors configured, the rules will still be created in
sub-anchors, but will not be effective until these anchors are
activated. Should we check if these anchors are not active to
give some runtime warning?
- Currently, rule reloading is not smart: it always deletes rules,
flushes rules and re-creates that. It would be better to do that
more gracefully.
- IPv6 configurations are currently not supported
- For NAT, pf requires explicit IP address or an interface to NAT to.
We try to obtain that from the network XML definition, and if it's
not specified, we try to determine interface corresponding to the
default route.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com>
qemu: don't warn about missing SMM for CVM firmware
Neither Intel TDX / AMD SEV(SNP) allow use of SMM, but the EDK2
firmware none the less supports secureboot. Libvirt currently
issues bogus warnings about Fedora firmware
warning : qemuFirmwareSanityCheck:1575 : Firmware description
'/usr/share/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json' has
invalid set of features: requires-smm = 0, secure-boot = 1,
enrolled-keys = 1
This removes the warning if the firmware descriptor indicates use
of any confidential VM technology.
Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
George Melikov [Thu, 24 Jul 2025 14:34:03 +0000 (17:34 +0300)]
Storage: ZFS: implement `resizeVol` method to support native resize
ZFS doesn't have thick allocations, every allocation is
thin-provisioned, so resize operation is essentially
a zvol size limit change
(`zfs set volsize=X pool/zvol_name`).
Shrink is allowed too (which leads to data destruction),
but shrink restriction is already implemented in libvirt,
so this function doesn't need to check anything.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: George Melikov <mail@gmelikov.ru>
Mark Cave-Ayland [Fri, 18 Jul 2025 08:44:39 +0000 (09:44 +0100)]
qemuxmlconftest: add tests for new hardware UUID (hwuuid) element
Add new 'hwuuid' and 'hwuuid-smbios-uuid-match' tests to verify that the new
hardware UUID (hwuuid) element is working as intended.
In particular the 'hwuuid-smbios-uuid-match' test is designed to ensure that
the hwuuid and smbios UUIDs are always identical, similar to the existing logic
works for the domain UUID and the smbios UUID.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
Mark Cave-Ayland [Fri, 18 Jul 2025 08:44:38 +0000 (09:44 +0100)]
conf: introduce hardware UUID (hwuuid) element
The hardware UUID (hwuuid) element provides a mechanism to supply an external
UUID to the guest, as opposed to the libvirt domain UUID. This is to allow
for the scenario whereby a domain can be stopped, cloned and then started as
a new domain without altering the guest-visible UUID.
Add the element, documentation and core code for the hwuuid feature along
with an implementation for the QEMU driver.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
src: add missing libvirt-admin.pc.in for local usage
When using the 'run' script, we point pkg-config to files
in $BUILD/src, which resolve to the local build tree.
Unfortunately we forgot a libvirt-admin.pc.in, so the run
script was not taking effect for the admin APIs.
Reviewed-by: Peter Krempa <pkrempa@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Michal Privoznik [Wed, 23 Jul 2025 10:57:18 +0000 (12:57 +0200)]
virnetdevvportprofile: Drop explicit enum virNetDevVPortProfile declaration
The virNetDevVPortProfile enum is both explicitly declared and
also typedef-ed. This repetition is redundant. Just use typedef.
To make matters worse, there's another type with the same name,
but because in the code, those few places used 'enum
virNetDevVPortProfile var;' to declare variables compilers didn't
complain.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
qemu: Bypass sending VIR_DOMAIN_EVENT_RESUMED event when TD VM reboot
When TD VM reboot, qemu process is recreated by destroying old and
creating new one. When new qemu process starts, it sends a RESUME
event while libvirt domain isn't in run state yet. Then event
VIR_DOMAIN_EVENT_RESUMED is sent out and confuse control plane.
Check priv->pausedShutdown and bypass the event for TD VM, for
normal VM, domain is in run state and already bypassing it.
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Peter Krempa [Tue, 29 Jul 2025 11:05:09 +0000 (13:05 +0200)]
Revert "qemu: Match firmware with fully resolved and canonicalized paths"
The canonicalization of the paths is not mocked properly and thus the
tests depend on the host system. While the tests do pass on our CI they
break on real deployments at least on Fedora 42.
Since we're in code freeze for the upcoming release, revert the patch
instead of attempts to fix it.
projects / thirdparty / libvirt.git / log
