Laine Stump [Tue, 7 Apr 2026 00:38:32 +0000 (20:38 -0400)]
util: add info about g_get_user_*_dir directories to log banner
When running in session/unprivileged mode, nearly all paths are
prefixed with the returns from one of glib's g_get_user_*_dir()
functions, which in turn base their selected paths on the settings of
a few items in the user's environment ($XDG_*, or a subdirectory of
$HOME if the relevant $XDG_* isn't set).
This patch logs the settings of these directories in the log banner in
an attempt to help diagnose the problem when a file/socket open/create
fails.
Laine Stump [Fri, 3 Apr 2026 16:44:25 +0000 (12:44 -0400)]
util: add uid to the log banner
As libvirt is used more and more in unprivileged/session mode,
file/socket permission errors have become more common. This patch adds
the uid of the current libvirt process (whatever it may be) to the
"hostname" line in the log banner (the first thing sent to every log
target after the process starts).
This is a first step in providing more useful info for session mode
users. We can expand on this idea to include additional generally
useful stuff about the environment we're running in. (We just need to
remember that in this context we can't call anything that could lead
to recursively calling the logging system (i.e. we can't call any code
that reports an error, or a VIR_WARN, etc))
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Laine Stump [Fri, 3 Apr 2026 05:58:13 +0000 (01:58 -0400)]
util: make it easier to add lines to the log "init banner"
The same thing happens for each line of the log banner:
1) A helper function is called that a) creates a "raw" string (just
the desired info, e.g. version string) and b) calls
virLogFormatString() to create a "cooked" version of the string
(containing thread-id and log priority)
2) the outputFunc for the target is called with strings (a) and (b)
By making a helper that does (1b) & (2), we can further reduce the
amount of redundant code that needs to be written to add another line
to the banner - now all we need to do is:
1) create the raw string
2) call the helper, sending it the raw string
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Laine Stump [Wed, 1 Apr 2026 15:15:54 +0000 (11:15 -0400)]
util: eliminate duplicate code in virLogVMessage
The same several lines were repeated, once in a loop iterating through
all log targets, and again to output to stderr when there are no log
targets specified. This just moves those lines into a helper function,
making it easier and less error prone to add additional info to the
banner that is logged each time a daemon starts logging.
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Laine Stump [Tue, 31 Mar 2026 21:32:30 +0000 (17:32 -0400)]
util: consistently use typedef virLogMetadata
For some reason there were some uses of this struct where "struct
_virLogMetadata" was used instead of just using the typedef
"virLogMetadata" (they are both defined in the same file -
virlog.h). Possibly at one point the struct was in virlog.c and
outsiders could only see it as an opaque object, but even if that was
the case, there are already cases of the typedef being used outside of
virlog.c, and constinuing to use "struct _virLogMetadata" in some
places both looks too much K&R 1st edition and might incorrectly imply
to someone that there *is* data abstraction/hiding going on when there
really isn't. So let's just always use plain virLogMetadata.
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Laine Stump [Wed, 1 Apr 2026 16:51:19 +0000 (12:51 -0400)]
util: log the name of the log directory that couldn't be created
The message previously just said "Could not create log directory", but
didn't provide the name of the directory, which could be helpful in
determine why the failure occured.
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Cole Robinson [Tue, 31 Mar 2026 15:39:58 +0000 (11:39 -0400)]
qemu: remove qemuDomainOpenFile() TODO comment
qemuDomainOpenFile() only acts on the 'dac' driver, where 'label'
and 'imagelabel' are always identical (see virSecurityDACGenLabel()).
So there's nothing TODO here
Reviewed-by: Peter Krempa <pkrempa@redhat.com> Signed-off-by: Cole Robinson <crobinso@redhat.com>
Laine Stump [Tue, 7 Apr 2026 02:42:43 +0000 (22:42 -0400)]
qemu: allow update-device of vhostuser network devices
When support for vhostuser devices was added, it was just
blanket-prevented from making any changes to a live device with
update-device. This is problematic because the link state of a network
device is modified with update-device. Most all of the parameters of a
vhostuser network device are individually checked within
qemuDomainChangeNet() anyway, so we don't need to just do a BRS (Big
Red Switch) forbidding of any change. We do need to check for
modifications to the socket parameters (path, type, reconnect) though,
since those are vhostuser-specific (we're not already checking for
them elsewhere) and they can't be changed on a live interface.
Resolves https://redhat.atlassian.net/browse/RHEL-152533
Resolves: https://bugs.passt.top/show_bug.cgi?id=198 Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Laine Stump [Tue, 7 Apr 2026 02:51:14 +0000 (22:51 -0400)]
qemu: log error on attempts to change backend type of live network interface
Somehow we've never checked for this, and nobody has ever tested for
it or complained about it, but certainly attempting to change a user
or vhostuser network device to/from a passt backend wouldn't work. Now
we check for it and log an error.
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
remote: Move secrets encryption dependency to a systemd drop-in
The monolithic libvirtd.service currently has a dependency on
virt-secret-init-encryption.service. This causes libvirtd to fail
to start on systems where the secret driver is not installed or
enabled, as systemd cannot satisfy the Requires= unit or the
LoadCredentialEncrypted= path. See below,
This patch decouples the secrets encryption logic from the main
libvirtd service file. It is moved into a new systemd drop-in
(10-secret.conf) which is only installed when libvirt is built
with secret driver support. The override snippet is added to the
daemon-driver-secret package.
Fixes: 97758bc9a0b1fccf8c0009308658f1204b113b89 Signed-off-by: Arun Menon <armenon@redhat.com> Fix-Suggested-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Michal Privoznik [Fri, 27 Mar 2026 11:17:44 +0000 (12:17 +0100)]
hyperv: Implement virDomainGetGuestInfo()
The hyperv hypervisor also has guest agent, in fact multiple ones
[1][2]. The first one, KVP, is for storing Key-Value Pairs and in
fact it's already used by our hyperv driver when querying
domifaddr (see v12.1.0-rc1~148 for more info). Anyhow, the KVP
service is capable of more, it can provide guest OS info, guest
FQDN and others. These informations are exposed via
GuestIntrinsicExchangeItems member of the
Msvm_KvpExchangeComponent struct [3]. You may have noticed the
member is an array of strings, well those strings are in fact XML
documents. For instance:
This is a bit messy to work with, because it's not like in QEMU's
world where each type of guest info (virDomainGuestInfoTypes)
corresponds 1:1 to a guest agent command. Hence the lookupTable
in hypervGetServicesProcessOne().
NB, the original jira issue asks for exposing plain fact whether
KVP daemon is running inside the guest and this commit implements
seemingly different feature. Well, thing is, in case of QEMU
there's a domain XML part where guest agent is configured and
where we expose whether there's somebody listening inside the
guest. But in case of hyperv there's no <channel/> to be
configured as communication with KVP daemon happens through
vmbus [4]. Users are advised to call the virDomainGetGuestInfo()
API with non-zero 'types' argument and if they get an error with
VIR_ERR_AGENT_UNRESPONSIVE code then the KVP daemon is not
running.
Michal Privoznik [Tue, 24 Mar 2026 14:58:19 +0000 (15:58 +0100)]
security: Don't error out on seclabels of type='none'
Ever since of commit v1.2.13-rc1~66 the model attribute of a
<seclabel/> is validated against secdriver names enabled. In
nearly all cases this is something users want so that domain XML
does not claim to set seclabels of a model that's not enabled.
However, consider the following seclabel:
<seclabel type='none' model='selinux'/>
It tells us to not bother setting selinux labels on given domain.
A mgmt app might format this into domain XML if it sees selinux
is disabled on the host. But if that's the case, selinux driver
is not loaded and this virSecurityManagerCheckModel() doesn't
find it and reports an error.
Well, the error doesn't need to be reported as we will just
ignore selinux as each driver callback checks if relabel is false
(which it is for type='none'). This is true for other secdrivers
too.
Resolves: https://redhat.atlassian.net/browse/RHEL-156689 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Tested-by: Richard W.M. Jones <rjones@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Michal Privoznik [Wed, 25 Mar 2026 15:52:55 +0000 (16:52 +0100)]
security: Rewrite virSecurityManagerCheckModel() to use g_autofree
Let's use automatic memory freeing inside of
virSecurityManagerCheckModel() as it will simplify future
commits.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Tested-by: Richard W.M. Jones <rjones@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Michal Privoznik [Wed, 25 Mar 2026 13:45:00 +0000 (14:45 +0100)]
conf: Fix seclabel type parsing wrt default value
Prior to v7.10.0-rc1~26 seclabels defaulted to
VIR_DOMAIN_SECLABEL_DYNAMIC (type='dynamic'). But after switching
the parser to virXMLPropEnum() the type is overwritten to
VIR_DOMAIN_SECLABEL_DEFAULT because the first thing that the
helper function does is to set variable that holds the result to
zero. Switch to virXMLPropEnumDefault() to restore the previous
behavior.
Fixes: f7ff8556ad9ba8d81408e31649071941a6a849a3 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Tested-by: Richard W.M. Jones <rjones@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Felix Huettner [Thu, 24 Apr 2025 14:26:32 +0000 (16:26 +0200)]
virhostcpu: Fix potential use of unallocated memory
In case of a host that has a large number of cpus offline the count of
host cpus and the last bit set in the virHostCPUGetOnlineBitmap might
diverge significantly. This can e.g. be the case when disabling smt via
/sys/devices/system/cpu/smt/control.
On the host this looks like:
```
$ cat /sys/devices/system/cpu/present
0-255
$ cat /sys/devices/system/cpu/online
0-127
```
However in this case virBitmapToData previously only allocated 16 bytes
for the output bitmap. This is becase the last set bit is on the 15th
byte.
Users of virHostCPUGetMap however rely on the "cpumap" containing enough
space for all existing cpus (so they would expect 32 bytes in this case).
E.g. cmdNodeCpuMap relies on this for its output. It will then actually
read 32 bytes from the start of the "cpumap" address where in this case
the last 16 of these bytes are uninitialized.
This manifests itself in flapping outputs of "virsh nodecpumap --pretty" like:
```
$ virsh nodecpumap --pretty
CPUs present: 256
CPUs online: 128
CPU map: 0-127,192,194,202
This in turn potentially causes users of this data to report wrong cpu
counts.
Note that this only seems to happen with at least 256 physical cpus
where at least 128 are offline.
We fix this by preallocating the expected bitmap size.
Signed-off-by: Felix Huettner <felix.huettner@stackit.cloud> Reviewed-by: Martin Kletzander <mkletzan@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Pavel Hrdina [Tue, 31 Mar 2026 11:24:28 +0000 (13:24 +0200)]
qemu_hotplug: Set correct iommufdState on error path
If hotplugging host device that needs to add iommufd object fails we
need to remove the iommufd object as well. We also need to update the
iommufdState otherwise hotplugging any host device with iommufd will
fail for the same VM.
Fixes: 5d16bef1a69500791be454239e3b9ac68ec53ace Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Pavel Hrdina [Thu, 26 Mar 2026 13:32:36 +0000 (14:32 +0100)]
hypervisor: Call virWaitForDevices() after detaching host devices
On systems with selinux enabled starting a VM with managed host device
using IOMMUFD backend can run into race-condition where both libvirt and
udev are setting selinux label on /dev/vfio/devices/vfioX device. If
udev is the last one to set selinux label starting VM fails with:
error: internal error: QEMU unexpectedly closed the monitor (vm='test'): 2026-03-26T15:47:36.620422Z qemu-kvm: -device {"driver":"vfio-pci","id":"hostdev0","iommufd":"iommufd0","fd":"20","bus":"pci.7","addr":"0x0"}: vfio hostdev0: Failed to add fd 20 to KVM VFIO device: Invalid argument
We need to wait for udev to finish processing all events.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Fri, 27 Mar 2026 08:37:42 +0000 (09:37 +0100)]
virPCIDeviceReadID: Fix use of 'virFileReadAll'
Use 'virFileReadAllQuiet' since the function doesn't want to report
errors on other code paths.
The function also assumed that the file which it reads always 7 bytes
isn't true at least in the test suite. This didn't cause a problem
because the test data had strings 6 bytes long so it didn't cause a
write beyond the end of the buffer.
Clear the newline by using strchrnul instead to find it rather than
assuming where it is.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Peter Krempa [Fri, 27 Mar 2026 08:32:07 +0000 (09:32 +0100)]
virPCIDeviceReadClass: Don't write beyond end of buffer from virFileReadAll
The returned class string from the kernel isn't guaranteed to be always
9 bytes, thus the write to the buffer could happen beyond the guaranteed
length.
Since 'virFileReadAll' already NUL-terminates the buffer just delete
the redundant overwrite.
This fixes an invalid write beyond the end of the buffer happening since 458c6a281001d51fd9796 where the returned buffer is shortened.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Peter Krempa [Thu, 26 Mar 2026 17:39:17 +0000 (18:39 +0100)]
util: file: Shrink buffer returned from 'saferead_lim' to actual size
The bufer resizing algorithm resizes the buffer in increments of the
value of the 'BUFSIZ' macro. On linux it's currently 8k. In case when
the caller wants to retain the buffer for long time with little data
read this creates massive overhead.
Realloc the buffer to actual size before returning it to the user.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
==2413993== 8,193 bytes in 1 blocks are definitely lost in loss record 4,201 of 4,225
==2413993== at 0x48FC897: realloc (vg_replace_malloc.c:1804)
==2413993== by 0x4ED0B0A: g_realloc (in /usr/lib64/libglib-2.0.so.0.8600.4)
==2413993== by 0x494112B: virReallocN (viralloc.c:52)
==2413993== by 0x49684F6: saferead_lim (virfile.c:1511)
==2413993== by 0x4968C8B: virFileReadLimFD (virfile.c:1587)
==2413993== by 0x4968D2C: virFileReadAll (virfile.c:1613)
==2413993== by 0xC2CC488: virGetSecretsEncryptionKey (secret_config.c:93)
==2413993== by 0xC2CC488: virSecretDaemonConfigNew (secret_config.c:162)
==2413993== by 0xC2CADFD: secretStateInitialize (secret_driver.c:533)
==2413993== by 0x4BABC76: virStateInitialize (libvirt.c:667)
==2413993== by 0x40148D4: daemonRunStateInit (remote_daemon.c:583)
==2413993== by 0x49BB8A5: virThreadHelper (virthread.c:256)
==2413993== by 0x52DD463: start_thread (in /usr/lib64/libc.so.6)
Fixes: 1c86748cf140a8710d6d8ec3ab3a2bd10ceeac67 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
==2413993== 23 (16 direct, 7 indirect) bytes in 1 blocks are definitely lost in loss record 1,238 of 4,225
==2413993== at 0x48FC683: calloc (vg_replace_malloc.c:1678)
==2413993== by 0x4ED0A51: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.8600.4)
==2413993== by 0x49A62CF: virPortAllocatorRangeNew (virportallocator.c:104)
==2413993== by 0xEA35F27: qemuStateInitialize (qemu_driver.c:723)
==2413993== by 0x4BABC76: virStateInitialize (libvirt.c:667)
==2413993== by 0x40148D4: daemonRunStateInit (remote_daemon.c:583)
==2413993== by 0x49BB8A5: virThreadHelper (virthread.c:256)
==2413993== by 0x52DD463: start_thread (in /usr/lib64/libc.so.6)
==2413993== by 0x5360413: clone (in /usr/lib64/libc.so.6)
Fixes: 36cf50f85b9c8f3351332dc5302401e4b06176e1 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Peter Krempa [Mon, 23 Mar 2026 21:33:49 +0000 (22:33 +0100)]
qemuDomainGetBlockInfo: Add debug statement when updating disk physical size
Update of the physical size fetches it from stat()-ing the file on disk,
which is not visible in the logs so the information can't be pieced back
together as it's the case with the data fetched from the qemu monitor.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Mon, 23 Mar 2026 16:23:48 +0000 (17:23 +0100)]
qemuDomainGetStatsBlockExportDisk: Export stats also for 'dataStore'
For qcow2 disk images backed by another storage for storing the actual
blocks (the 'data-file' feature) we forgot to export stats in the bulk
stats API.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 18 Mar 2026 07:54:16 +0000 (08:54 +0100)]
qemuMigrationSrcBeginPhase: Don't call 'qemuBlockNodesEnsureActive' with offline VM
Commits 7b5566ce67b18a and f879d5f40385358 ( v11.8.0-92-gf879d5f403 )
moved around code for re-activating block backends after migration.
While previously it was done when migration failed now we do it when we
need qemu to do some block operations.
'qemuBlockNodesEnsureActive' is thus called also when 'VIR_MIGRATE_OFFLINE'
is used. This doesn't cause failure similar to previous patch only due
to a conincidence as 'qemuCaps' wasn't initialized yet and thus we
assume that QEMU doesn't support 'blockdev-set-active' and skip all
monitor code.
Make the code more robust and explicit by calling
'qemuBlockNodesEnsureActive' only on active VMs during migration.
Fixes: 7b5566ce67b18a2bebe68fdb07e046f25185f8d3 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Peter Krempa [Mon, 23 Mar 2026 21:39:58 +0000 (22:39 +0100)]
qemuMigrationSrcBeginXML: Don't call 'qemuMigrationSrcBeginPhaseBlockDirtyBitmaps' with offline VM
Commit a4f610ff3fe190058f1 made the call to
'qemuMigrationSrcBeginPhaseBlockDirtyBitmaps' inside
'qemuMigrationSrcBeginXML' unconditional. This unfortunately means that
it was called also with 'VIR_MIGRATE_OFFLINE'.
Attempting to enter the monitor in such case results in an error:
error: operation failed: domain is no longer running
The migration parameter allows enumerating disks selected for migration
where the hypervisor may assume that the user pre-cleared the
destination images of the block copy so that all offsets read 0x00 and
thus optimize clearing of such targets.
This patch adds the 'VIR_MIGRATE_PARAM_MIGRATE_DISKS_TARGET_ZERO'
parameter and also plumbs it for the qemu driver (mirrors plumbing for
'migrate_disks_detect_zeroes').
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
The 'target-is-zero' option of 'blockdev-mirror' allows telling qemu to
skip zeroing the mirror target if the user certifies that it's empty. It
was introduced in qemu-10.1.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Any QEMU we support requires use of NBD for disk migration which is not
supported with tunnelled migration. This is validated in
'qemuMigrationSrcBeginPhase'. Passing the list of disks to migrate is
thus pointless. Remove the argument.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Fri, 20 Mar 2026 14:12:54 +0000 (15:12 +0100)]
qemu: conf: Don't use VIR_ERR_INTERNAL_ERROR for config file parsing errors
When parsing port ranges for the port allocator VIR_ERR_INTERNAL_ERROR
is not the right error code for errors on the user-supplied numbers. Use
VIR_ERR_CONF_SYNTAX instead.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Mon, 23 Mar 2026 07:50:56 +0000 (08:50 +0100)]
qemuBuildFSStr: Properly format 'readonly' attribute
Short-form booleans are deprecated in qemu since qemu 6.0. Switch to the
proper 'readonly=on' format.
Closes: https://gitlab.com/libvirt/libvirt/-/work_items/864 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Peter Krempa [Tue, 10 Mar 2026 15:55:47 +0000 (16:55 +0100)]
scripts: dtrace2systemtap: Fix argument name extraction regex to avoid '*' in names
When commit d249170bf609d2c modified the arguments of
'virNetTLSContextNew' which has a systemtap probe defined the
'dtrace2systemtap' script was no longer to correctly generate the
definitions for it.
First problem which stemmed from mis-detecting the string array
argumment as string, which would use 'user_string' to extract it was
fixed in cb33103c4afbce681.
After that the generated probe is still not correct because it doesn't
strip all the '*' from pointers and thus for double pointers it
generates the following invalid definition:
Lucas Amaral [Mon, 23 Feb 2026 22:52:22 +0000 (19:52 -0300)]
qemu: add automatic port allocation for pull-mode backup NBD servers
Previously, users had to manually specify a TCP port when starting
a pull-mode backup with an NBD server. A TODO comment in
qemuBackupPrepare() noted this limitation and pointed toward using
virPortAllocator, as done for migration, VNC, and SPICE ports.
When a pull-mode backup is started without specifying a TCP port,
a port is now acquired automatically from the configured range via
virPortAllocatorAcquire(). The port is released when the backup
ends or if startup fails.
Signed-off-by: Lucas Amaral <lucaaamaral@gmail.com> Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Lucas Amaral [Mon, 23 Feb 2026 22:52:22 +0000 (19:52 -0300)]
qemu: conf: add setup for automatic port allocation for pull-mode backup NBD servers
Add backup_port_min and backup_port_max configuration options to
qemu.conf, defaulting to 10809-10872 (10809 is the IANA-assigned
NBD port; range of 64 matches the migration port pattern).
Signed-off-by: Lucas Amaral <lucaaamaral@gmail.com> Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Pavel Hrdina [Mon, 16 Mar 2026 14:29:32 +0000 (15:29 +0100)]
qemu: Implement iommufd fdgroup
When fdgroup is used for iommufd we will start QEMU with -object iommufd
even if the VM has no host device. When virDomainFDAssociate() is used
the FD libvirt is holding is closed with connection.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Pavel Hrdina [Fri, 13 Mar 2026 14:28:17 +0000 (15:28 +0100)]
conf: Add iommufd fdgroup support
This will allow management applications running libvirt without
necessary permissions to pass FD for /dev/iommu with per-process
locked memory accounting enabled.
Kernel uses per-user locked memory accounting by default which may
cause error while starting multiple VMs with host devices using IOMMUFD.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Pavel Hrdina [Wed, 18 Mar 2026 16:59:01 +0000 (17:59 +0100)]
qemu: Implement iommufd
Ideally this should be done in qemuDomainHostdevDefPostParse but that
would require a lot of refactoring mainly due to how interface backed by
hostdev works.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Pavel Hrdina [Fri, 13 Mar 2026 10:57:57 +0000 (11:57 +0100)]
conf: Introduce domain iommufd element
In addition to configuring IOMMUFD for each host device add
configuration for the whole VM. This will be extended to add support for
passing FD to libvirt from management applications.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Pavel Hrdina [Fri, 13 Mar 2026 11:25:13 +0000 (12:25 +0100)]
src: Use virHostdevIsPCIDeviceWith* to check for IOMMUFD
Use virHostdevIsPCIDeviceWithIOMMUFD where we need to check if hostdev
is PCI device using IOMMUFD and virHostdevIsPCIDeviceWithoutIOMMUFD
where we need to check if hostdev is PCI device not using IOMMUFD.
Fixes: 7d2f91f9cb572ab95d0916bdd1a46dd198874529 Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Pavel Hrdina [Wed, 18 Mar 2026 11:52:05 +0000 (12:52 +0100)]
qemu: Expand call to qemuDomainNeedsVFIO
The function qemuDomainNeedsVFIO() was originally used by other parts
of qemu code to figure out if the VM needs /dev/vfio/vfio.
Later it was also used by code calculating locked memory limit for all
architectures, and after that change again and used only for PPC64.
Now it needs to be changed again due to IOMMUFD support, the
/dev/vfio/vfio device is used by QEMU only if IOMMUFD is not used
but for accounting we still need consider all PCI host devices
because if IOMMUFD is used it still requires increasing locked
memory limit.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Pavel Hrdina [Wed, 18 Mar 2026 10:57:43 +0000 (11:57 +0100)]
hypervisor: Fix virHostdevNeedsVFIO detection
Function virHostdevNeedsVFIO is used only in QEMU to figure out if the
host device needs access to /dev/vfio/vfio, for PCI host devices that is
true only if libvirt is not using IOMMUFD.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Michal Privoznik [Tue, 17 Mar 2026 16:20:32 +0000 (17:20 +0100)]
network: Don't enable ip_forward for VIR_NETWORK_FORWARD_OPEN
For a network that's <forward mode="open"/> there are no firewall
rules added. We should not assume that users will configure NAT,
and if they do it should be their responsibility to enable IP
forwarding too.
Resolves: https://gitlab.com/libvirt/libvirt/-/work_items/863 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
Michal Privoznik [Tue, 10 Mar 2026 15:10:13 +0000 (16:10 +0100)]
qemuhotplug: Introduce interface-network-hostdev
Inspired by commit of v12.1.0-37-g25662b3700.
We already have a test case for <interface type='hostdev'/>, but
what we are missing is <interface type='network'/> where the
network is of a <forward mode='hostdev'/>. Apparently, we had a
crasher there too.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
projects / thirdparty / libvirt.git / log
