Stefan Kober [Thu, 4 Sep 2025 12:10:35 +0000 (14:10 +0200)]
NEWS: announce disk hotplug support for ch
On-behalf-of: SAP stefan.kober@sap.com Signed-off-by: Stefan Kober <stefan.kober@cyberus-technology.de> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Stefan Kober [Thu, 4 Sep 2025 12:10:34 +0000 (14:10 +0200)]
ch: implement disk device detach in public API
On-behalf-of: SAP stefan.kober@sap.com Signed-off-by: Stefan Kober <stefan.kober@cyberus-technology.de> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Stefan Kober [Mon, 8 Sep 2025 12:56:04 +0000 (14:56 +0200)]
ch: add disk detach helper functions
On-behalf-of: SAP stefan.kober@sap.com Signed-off-by: Stefan Kober <stefan.kober@cyberus-technology.de> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Stefan Kober [Thu, 4 Sep 2025 12:10:33 +0000 (14:10 +0200)]
ch: add virCHMonitorRemoveDevice function
The function calls the respective CH API to remove a device of any type
from a VM.
On-behalf-of: SAP stefan.kober@sap.com Signed-off-by: Stefan Kober <stefan.kober@cyberus-technology.de> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Stefan Kober [Thu, 4 Sep 2025 12:10:32 +0000 (14:10 +0200)]
ch: add virCHMonitorBuildKeyValueJson
On-behalf-of: SAP stefan.kober@sap.com Signed-off-by: Stefan Kober <stefan.kober@cyberus-technology.de> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Stefan Kober [Thu, 4 Sep 2025 12:10:30 +0000 (14:10 +0200)]
ch: implement disk attach in public API
On-behalf-of: SAP stefan.kober@sap.com Signed-off-by: Stefan Kober <stefan.kober@cyberus-technology.de> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Stefan Kober [Thu, 4 Sep 2025 12:10:29 +0000 (14:10 +0200)]
ch: add disk attach helper functions
On-behalf-of: SAP stefan.kober@sap.com Signed-off-by: Stefan Kober <stefan.kober@cyberus-technology.de> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Stefan Kober [Thu, 4 Sep 2025 12:10:28 +0000 (14:10 +0200)]
ch: add monitor disk attach logic
On-behalf-of: SAP stefan.kober@sap.com Signed-off-by: Stefan Kober <stefan.kober@cyberus-technology.de> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Stefan Kober [Thu, 4 Sep 2025 12:10:27 +0000 (14:10 +0200)]
ch: add/use virCHMonitorPut function
This allows users to call API endpoints that require passing data in a
generic way. Previously, only virCHMonitorPutNoContent was offered.
On-behalf-of: SAP stefan.kober@sap.com Signed-off-by: Stefan Kober <stefan.kober@cyberus-technology.de> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Stefan Kober [Thu, 4 Sep 2025 12:10:26 +0000 (14:10 +0200)]
ch: refactor virCHMonitorBuildDiskJson
Refactor BuildDiskJson to return a virJSONValue instead of adding the
disk json to an json array. This makes the function reusable for
hotplugging disks.
On-behalf-of: SAP stefan.kober@sap.com Signed-off-by: Stefan Kober <stefan.kober@cyberus-technology.de> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Stefan Kober [Thu, 4 Sep 2025 12:10:24 +0000 (14:10 +0200)]
ch: pass disk alias to CHV
On-behalf-of: SAP stefan.kober@sap.com Signed-off-by: Stefan Kober <stefan.kober@cyberus-technology.de> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Stefan Kober [Thu, 4 Sep 2025 12:10:31 +0000 (14:10 +0200)]
ch: assign aliases in ProcessPrepareDomain
This is required to have unique device aliases for devices throughout
the domain lifecycle.
On-behalf-of: SAP stefan.kober@sap.com Signed-off-by: Stefan Kober <stefan.kober@cyberus-technology.de> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Stefan Kober [Thu, 4 Sep 2025 12:10:25 +0000 (14:10 +0200)]
ch: add ch_alias.{c,h} for device alias handling
On-behalf-of: SAP stefan.kober@sap.com Signed-off-by: Stefan Kober <stefan.kober@cyberus-technology.de> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Stefan Kober [Thu, 4 Sep 2025 12:10:23 +0000 (14:10 +0200)]
ch: add ch_hotplug.{h,c} files to CH build
The files are meant to contain all device hotplug related code. The
first implementation will be live storage attach and detach.
On-behalf-of: SAP stefan.kober@sap.com Signed-off-by: Stefan Kober <stefan.kober@cyberus-technology.de> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Ján Tomko [Tue, 2 Sep 2025 12:04:40 +0000 (14:04 +0200)]
esx: pass 'long' to curl_easy_setopt when needed
The include header got its type checks fixed in curl 8.14:
https://github.com/curl/curl/commit/79b4e56b3f30dc1ac28a81128a07d27338e5219e
https://github.com/curl/curl/pull/17143
This causes a warning on rawhide with clang:
../src/esx/esx_vi.c:318:5: error: call to '_curl_easy_setopt_err_long'
declared with 'warning' attribute: curl_easy_setopt expects a long
argument [-Werror,-Wattribute-warning]
318 | curl_easy_setopt(curl->handle, CURLOPT_NOSIGNAL, 1);
| ^
Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
qemu: Don't query unavailable-features if qom-list-get is supported
With qom-list-get we already have the value of unavailable-features
property in the returned object (just like we have all values of all
bool properties). Let's use the value from there instead of querying for
it separately using qom-get.
After this patch only a single QMP command is used for getting all the
required info about guest CPUs created by QEMU 10.1 or newer.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Jiri Denemark [Mon, 25 Aug 2025 14:16:49 +0000 (16:16 +0200)]
qemu: Use qom-list-get for checking enabled CPU features
qom-list-get is a new QMP command (since QEMU 10.1) that combines
qom-list for listing properties of a specified object with qom-get for
getting a value of a given property. The new command provides an array
of all properties and their values, which allows us to dramatically
reduce the number of QMP commands we have to call when starting a domain
to check which CPU features were actually enabled.
A simple domain with no disk can now be started with only 15 QMP
commands in about 200 ms compared to 485 commands and 400 ms startup
time without this patch.
https://issues.redhat.com/browse/RHEL-7038
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Jiri Denemark [Wed, 27 Aug 2025 12:38:24 +0000 (14:38 +0200)]
qemu: Parse properties list from any JSON array
The qemuMonitorJSONParsePropsList API expected a QMP reply as an input.
By generalizing it to work on any JSON array, we can reuse the API even
for commands which return the array of properties nested in an object.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Jiri Denemark [Wed, 27 Aug 2025 10:29:57 +0000 (12:29 +0200)]
qemu: Move feature filtering to qemuMonitorJSONGetCPUProperties
When getting enabled CPU features (qemuMonitorJSONGetCPUData), we used
to call qemuMonitorJSONGetCPUProperties to get the list of all boolean
properties and then queried their values and ignored properties that
were not true. By moving the filtering inside
qemuMonitorJSONGetCPUProperties we don't need to even add disabled
features to any list and also get ready for better QMP interface.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Jiri Denemark [Wed, 27 Aug 2025 08:05:23 +0000 (10:05 +0200)]
qemu: Generalize filtering in qemuMonitorJSONParsePropsList
qemuMonitorJSONParsePropsList supported filtering based on type. Let's
replace it with a callback supplied by the caller to allow for more
advanced filtering.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Jiri Denemark [Mon, 25 Aug 2025 14:36:01 +0000 (16:36 +0200)]
qemu: Drop legacy probing of CPU features
The legacy probing which reads CPUID registers from QEMU and interprets
the individual bits is not used with any QEMU version currently
supported by libvirt. The code would only be used if
QEMU_CAPS_CPU_UNAVAILABLE_FEATURES capability (detected by probing the
presence of 'unavailable-features') was missing on x86, but all QEMU
release we care about report unavailable-features on x86.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Hector Cao [Wed, 27 Aug 2025 14:25:06 +0000 (16:25 +0200)]
docs : add doc on cpu model and features
Add documentation on the way libvirt displays the Host CPU
model and capabilities (features). There is an implicit
expectation from users to get the CPU model name matching the
CPU model they are running on, however, this does not happen
most of the time. As a consequence, having a documentation
is useful both for users to align their expectation and for
us to point to a place where the situation is clearly explained.
Signed-off-by: Hector Cao <hector.cao@canonical.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Peter Krempa [Fri, 29 Aug 2025 13:10:36 +0000 (15:10 +0200)]
scripts: qemu-replies-tool: Add stable dump of 'query-command-line-options'
While 'query-command-line-options' is usually fairly stable (for
comparing between two .replies files) it's simpler to compare it in the
dumped variant.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Mon, 25 Aug 2025 15:02:04 +0000 (17:02 +0200)]
scripts: qemu-replies-tool: Prefix output with filename when dumping data for multiple files
The --dump-* mode can be used together with --repliesdir which iterates
over all '.replies' files in the directory. Make this useful by
outputing the filename so the user can associate the data with the file
it was dumped from.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Mon, 25 Aug 2025 14:41:36 +0000 (16:41 +0200)]
scripts: qemu-replies-tool: List also data from 'qom-list-properties'
In addition to 'device-list-properties' libvirt probes also some
properties of qom types. Since the format is identical make the dumping
function for 'device-list-properties' universal and make it accept also
'qom-list-types'.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Mon, 25 Aug 2025 14:13:09 +0000 (16:13 +0200)]
scripts: qemu-replies-tool: Drop specific invocation of marginally useful dump modes
While '--dump-qmp-query-strings' is useful by itself because it's a
simple way to generate the QMP schema query strings for libvirt, the
other modes aren't useful besides comparing two .replies files by the
dumped output.
Remove specific options for '--dump-qom-list-types' and
'--dump-device-list-properties', so that upcoming additions which will
be useful only for comparisons aren't forced to add these options.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Mon, 25 Aug 2025 12:30:56 +0000 (14:30 +0200)]
scripts: qemu-replies-tool: Convert the QMP conversation to list of dicts
Currently the conversation was a list of tuples. Since upcoming patches
will want to store some additional flags with the processed commands
convert it to a list of dicts, so that we can name the individual
fields.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 27 Aug 2025 08:44:55 +0000 (10:44 +0200)]
qemucapabilitiestest: Add data for the qemu-10.2 dev cycle
This is an extremely early addition with data as of v10.1.0-1-ge771ba98de
thus effectively no code change compared to the qemu-10.1 release.
This early addition is done since I've upgraded the computer I'm
capturing the dumps from (yes the dumps are host-specific, and there
isn't really a good option if we want to have modern CPU data around).
Thus the only difference in the output files comes from the CPU change.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 27 Aug 2025 14:34:39 +0000 (16:34 +0200)]
qemuxmlconftest: Rename and strip specific machine type from 'x86_64-default-cpu-*' cases
qemu-10.2 which we're about to add capabilities dump for will remove the
'4.2' machine type per deprecation policy.
The 'x86_64-default-cpu-*' still reference it. Since there is no
functional difference when upgrading the tests to the latest machine
type (pc/q35 alias as handled internally by qemuxmlconftest) let's
rename and modernize these.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Mon, 25 Aug 2025 15:38:52 +0000 (17:38 +0200)]
qemu: capabilities: Detect TPM related capabilities from 'qom-list-types'
All the information needed to detect supported TPM front and backends
is present in the QOM types we already query, thus we don't need to
invoke specific commands for querying TPM stuff.
The only discrepancy is that there are 3 versions of 'tpm-tis' based on
the backed they use.
This patch reworks the probing but keeps the query commands in place.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Mon, 25 Aug 2025 13:11:07 +0000 (15:11 +0200)]
qemu: capabilities: Drop probe of 'query-migrate-capabilities'
There is currently noting being probed from the reply of the command. In
addition in most cases a feature can be now probed via the QMP schema
which covers the return values in 'query-migrate-capabilities'.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Mon, 18 Aug 2025 15:04:12 +0000 (17:04 +0200)]
qemu: capabilities: Update '10.1.0' capabilities on x86_64 after release
Notable changes:
- 'netdev_add' now supports 'passt'
- new command 'qom-list-get'
- 'query-block' and 'query-named-block-nodes' returns also 'children' links
- 'gtk' graphics backend added 'keep-aspect-ratio' and 'scale' properties
- 'query-migrate' now reports 'postcopy-latency',
'postcopy-non-vcpu-latency' and 'postcopy-vcpu-latency'
- new unstable command 'x-accel-stats'
- 'x-query-opcount' unstable command removed
- 'arch-capabilities' CPU flag no longer explsed on AMD cpus
(this also causes the qemuxmlconftest changes)
- new named cpu models:
- GraniteRapids-v3-x86_64-cpu
- SapphireRapids-v4-x86_64-cpu
- SierraForest-v3-x86_64-cpu
- YongFeng-v3-x86_64-cpu
Peter Krempa [Wed, 27 Aug 2025 13:32:33 +0000 (15:32 +0200)]
kbase: live_full_disk_backup: Improve the document
Changes:
- fixed emphasis on the API name and some operations
- fixed the output example of some commands
- added warning to avoid the snapshot+copy+commit approach as it's a
bit dangerous
- added --no-metadata to avoid creating snapshot XML
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 27 Aug 2025 13:13:36 +0000 (15:13 +0200)]
css: Add style for '.. note:' and '.. warning:' rST roles
One of our kbase docs already uses '.. note:' and we could use e.g.
'.. warning:' to replace some of emphasiszed paragraphs to make them
more prominent.
Introduce style for the generated HTML to add some hilight for them.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 26 Aug 2025 11:57:42 +0000 (13:57 +0200)]
daemon: Drop log level of VIR_ERR_NO_SUPPORT to debug
The error code signals that the API the user called is not supported by
the driver. This can happen with some hypervisor drivers which don't
have everything implemented yet. There's no point in spamming the log
with it.
Closes: https://gitlab.com/libvirt/libvirt/-/issues/805 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Peter Krempa [Tue, 26 Aug 2025 11:49:48 +0000 (13:49 +0200)]
qemu: hotplug: Audit device detach before deleting it
Commit f30843142aa0836423f5e3ff7a45707eb13ce553 introduced a code path
for solving a race when qemu doesn't know about a device but libvirt
still does. The patch introduced a call to 'qemuDomainRemoveDevice'
(which deletes/frees the device definition) and placed it before the
call to 'qemuDomainRemoveAuditDevice' (which accesses the device
definition to do the audit log reporting).
Reorder them to prevent the qemu driver crashing in the corner case
where qemu already detached the device but libvirt didn't yet process
it, which can be triggered by calling the asynchronous
'virDomainDetachDeviceAlias' API.
In addition in case when we're about to delete the device and return
success we need to also report successful detach in the audit log so the
logic calling the auditing function needs to be fixed as well.
Resolves: https://issues.redhat.com/browse/RHEL-110191 Fixes: f30843142aa0836423f5e3ff7a45707eb13ce553 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Implement domainBlockStats for the bhyve driver. Only the read/write
operations counts are reported as FreeBSD apparently doesn't support
accumulative bytes read or written, though real-time data is available
via rctl(8). There's also no information about the errors.
Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Hector Cao [Wed, 20 Aug 2025 15:49:59 +0000 (17:49 +0200)]
virt-aa-helper: Avoid duplicate when append rule
when a device is dynamically attached to a VM, and it needs a special
system access for apparmor, libvirt calls virt-aa-helper (with argument -F)
to append a new rule to the apparmor profile of the VM. virt-aa-helper does
not check for duplicate and blindly appends the rule to the profile. since
there is no rule removal when a device is detached, this can make the profile
grow in size if a big number of attach/detach operations are done and the
profile might hit the size limit and futur attach operations might dysfunction
because no rule can be added into the apparmor profile.
this patch tries to mitigate this issue by doing a duplicate check
when rules are appended into the profile. this fix does not guarantee
the absence of duplicates but should be enough to prevent the profile
to grow significantly in size and reach its size limit.
Signed-off-by: Hector CAO <hector.cao@canonical.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Older libvirt versions still only work if 'encryption_key' is enabled
in the server and client certificates. Add a note.
Suggested-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Sebastian Mitterle <smitterl@redhat.com>
docs/tlscerts: document need for socket activation
Mention that the tls socket needs to be started and the libvirtd
or virtproxyd service might have to be started.
If this is not done the user might run into connection issues and
it seems this is not mentioned elsewhere in the docs.
Suggested-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Sebastian Mitterle <smitterl@redhat.com>
Michal Privoznik [Tue, 19 Aug 2025 08:01:11 +0000 (10:01 +0200)]
spec: Package newly introduced CH conf files
In a recent commit of v11.6.0-25-g5dca0567f6 new config files for
the CH driver were introduced. But corresponding change to the
specfile was missing resulting in a broken rpmbuild. Just put
those files into daemon-driver-ch rpm.
Fixes: 5dca0567f694a7405ca3e796149aed857b1f6090 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
projects / thirdparty / libvirt.git / log
