Implement domainGetVcpuPinInfo for querying vcpu pinning information.
Also, implement a couple of other APIs this one depends on:
domainGetVcpusFlags and domainGetMaxVcpus.
Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Bhyve supports vcpu pinning using the `-p vcpu:hostcpu`
argument. This argument can be specified multiple times for the same
vcpu to pin it to multiple hostcpu's.
Bhyve currently does not allow to change vcpu pinning configuration for
the VM that is already running.
Use this to support domain's vcpupin configuration such as:
When virDomainAbortJob is called with VIR_DOMAIN_ABORT_JOB_POSTCOPY flag
and the post-copy migration of the domain is already stopped (either
because of a failure or previous call to virDomainAbortJob), the
migrate-pause QMP command fails with "migrate-pause is currently only
supported during postcopy-active or postcopy-recover state". Such error
might be confusing to end users especially when we mark it as an
internal error. Let's not call the QMP command at all and report a
clear error message instead.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Michal Privoznik [Mon, 16 Feb 2026 09:42:07 +0000 (10:42 +0100)]
virstorageobj: Make virStoragePoolObjAddVol() report an error on failure
Adding a storage volume into a pool is done by calling
virStoragePoolObjAddVol(). This function may fail if another
volume already exists with the same key/name/target. In some
cases the storage driver does check for duplicates before calling
the function. But in some cases (e.g. when refreshing an RBD pool
in virStorageBackendRBDRefreshPool()) it doesn't.
The problem here is that the function reports no error upon
failure and leaves it as an exercise for caller. Well, no caller
does that.
Therefore, make the function report an error. The advantage of
this approach is - the function can report more accurate error
message than any caller ever could.
NB¸ this stems from a discussion on the users list [1], and while
this does NOT solve the original issue, it fixes one of the
symptoms.
1: https://lists.libvirt.org/archives/list/users@lists.libvirt.org/message/BALVNCRQM4KBKGV4RQ7BMKSX7UIJKLQH/ Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Lucas Amaral [Mon, 16 Feb 2026 15:50:06 +0000 (12:50 -0300)]
virsh: report "unknown" for autostart when API query fails
When virStoragePoolGetAutostart(), virNetworkGetAutostart(), or
virNodeDeviceGetAutostart() fails, the respective info commands
report "no autostart". This is incorrect: the API failure means
we cannot determine the autostart state, not that autostart is
disabled.
The persistent field in the same functions already correctly
reports "unknown" on API failure. Apply the same pattern to the
autostart field for consistency and correctness.
Signed-off-by: Lucas Amaral <lucaaamaral@gmail.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Lucas Amaral [Mon, 16 Feb 2026 14:48:17 +0000 (11:48 -0300)]
virsh: return failure exit code when UUID fetch fails
The domuuid, net-uuid, and pool-uuid commands call vshError() when
GetUUIDString() fails, but unconditionally return true, which
vshCommandRun() maps to EXIT_SUCCESS. This means scripts checking
$? see success despite the error.
Return false on failure so the exit code correctly reflects the
error, consistent with other virsh commands.
Signed-off-by: Lucas Amaral <lucaaamaral@gmail.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
qemu: Fill in firmwareFeature element for domaincaps
On architectures that support neither UEFI nor BIOS as firmware,
such as ppc64 and s390x, the enums end up empty. This correctly
indicates that filtering by firmware feature is not possible, and
is consistent with the fact that the existing "firmware" enum is
also empty in those cases, meaning that firmware autoselection
itself is just not applicable.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Pavel Hrdina [Sun, 15 Feb 2026 18:13:19 +0000 (19:13 +0100)]
qemu_process: Fix FD leak with multiple host devices using IOMMUFD
We would open IOMMU device for each host device with IOMMUFD backend
leaking FD except for the last one. Since we are adding only single
iommufd object we need to open it only once.
Fixes: 2f0999a161910e3992458902ce90d37f8b8f2642 Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Peter Krempa [Fri, 23 Jan 2026 16:18:14 +0000 (17:18 +0100)]
qemu: Setup disk latency histograms on startup/hotplug/update
Setup the histograms on startup and hotplug of devices via
'qemuProcessSetupDiskPropsRuntime' and facilitate update/reset/disable
of histogram collection via 'qemuDomainChangeDiskLive'.
The latter allows to use the update device API to either clear the bins
or select new bin configuration or disable the histogram altogether
without the need for a specific API.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Peter Krempa [Thu, 29 Jan 2026 13:08:18 +0000 (14:08 +0100)]
qemu: monitor: Extract block latency histogram stats into 'qemuBlockStats'
Extract the 'rd_latency_histogram', 'wr_latency_histogram',
'zone_append_latency_histogram', and 'flush_latency_histogram' stats
objects into our internal data.
Rather than storing 'boundaries' between bins we store them as start
points.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Michal Privoznik [Wed, 11 Feb 2026 09:16:34 +0000 (10:16 +0100)]
qemu: Wire up new hyperv host-model mode behavior
Since some hyperv features might be already enabled/disabled when
entering qemuProcessEnableDomainFeatures() only those which are
not set in domain XML (i.e. are VIR_TRISTATE_SWITCH_ABSENT)
should be modified. Furthermore, some features are not a simple
on/off switch, but a number or a string even. Well, that doesn't
matter really as the logic for setting them is the same: only set
their value iff they are not already set.
Resolves: https://issues.redhat.com/browse/RHEL-148219 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Michal Privoznik [Wed, 11 Feb 2026 09:16:28 +0000 (10:16 +0100)]
conf: Parse hyperv features even for host-model
As it turns out, some users of the hyperv "host-model" mode might
want to override the hypervisor defaults. For instance disable a
feature that's on by default, or vice versa. Currently, this is
not possible because as soon as our XML parser sees the
"host-model" mode it exits early and skips parsing of individual
features (for "custom" mode). Well, do not return early and parse
the rest.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Bhyve on arm64 does not have the bhyveload(8) tool.
That means that it cannot be used as a default if the loader is not
configured for the domain.
To prevent users from getting unusable configurations, handle loader
configuration on arm64 like that:
- if loader is specified in the domain XML, just use it
- if not specified, try to check whether the default uboot loader
is available on the system. In case it is, set is as the loader,
otherwise fail with the error.
Additionally, the loader could be configured in bhyve.conf.
By default, it uses the loader installed by the
sysutils/u-boot-bhyve-arm64 port or a corresponding package.
Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Erik Huelsmann [Wed, 11 Feb 2026 17:36:06 +0000 (18:36 +0100)]
In virFDStreamRead(), fill buffer from this and next messages
Before this change, buffers returned from virFDStreamRead() would
alternate in size (262120 and 24), because it only consumed the
bytes remaining from the current background thread message.
As the background thread reads 262144 bytes (256kB) of data in
each chunk, where the maximum size returned from virFDStreamRead()
to be transferred over the remote protocol is only 262120, 24 bytes
would be left in the buffer on each iteration. The next iteration
leaves 24 bytes, which used to be returned without considering
messages waiting in the queue.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Erik Huelsmann <ehuels@gmail.com>
With that, ACPI tables are always generated. As this change is
relatively new and there are likely systems that have bhyve(8) that
requires using the '-A' flag, add a capability probing for that, and
use this flag if it's supported.
Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
util: remove duplicate logging of firewall command
The vircommand.c code will always log the argv about to
be run, so logging it again in virfirewall.c is redundant.
Removing the dupe avoids the repeated memory allocation
from the array -> string conversion.
The minor difference is the downgrade from INFO to DEBUG
level, but the use of INFO level was out of character for
libvirt to begin with.
Reviewed-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Arun Menon [Tue, 10 Feb 2026 17:56:42 +0000 (23:26 +0530)]
secret: Add functionality to load and save secrets in encrypted format
Now that we have the functionality to provide the secrets driver
with an encryption key through a configuration file or using system
credentials, and the newly introduced array to iterate over the
encryption schemes, we can use the key to save and load secrets.
Encrypt all secrets that are going to be saved on the disk if the
'secrets_encryption_key' path is set in the secret.conf file OR
if a valid systemd generated credential exists.
While loading secrets, identify the decryption method by matching the file
extension of the stored secret against the known array values.
If no matching scheme is found, the secret is skipped. If the encryption
key is changed across restarts, then also the secret driver will fail to load
the secrets from the disk that were encrypted with the former key.
Signed-off-by: Arun Menon <armenon@redhat.com> Co-authored-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Arun Menon [Tue, 10 Feb 2026 17:56:41 +0000 (23:26 +0530)]
secret: Rename virSecretObj structure attribute from base64File to secretValueFile
Change the attribute name of _virSecretObj because we want it to have a generic
name to indicate that secret values can be stored in it in both base64 and
encrypted formats.
Signed-off-by: Arun Menon <armenon@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Arun Menon [Tue, 10 Feb 2026 17:56:40 +0000 (23:26 +0530)]
secret: Add secret.conf configuration file and parse it
A new configuration file called secret.conf is introduced to
let the user configure the path to the secrets encryption key.
This key will be used to encrypt/decrypt the secrets in libvirt.
By default the path is set to the runtime directory
/run/libvirt/secrets, and it is commented in the config file.
After parsing the file, the virtsecretd driver checks if an
encryption key is present in the path and is valid.
If no encryption key is present in the path, then
the service will by default use the encryption key stored in the
CREDENTIALS_DIRECTORY.
Add logic to parse the encryption key file and store the key.
It also checks for the encrypt_data attribute in the config file.
The encryption and decryption logic will be added in the subsequent patches.
Signed-off-by: Arun Menon <armenon@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Arun Menon [Tue, 10 Feb 2026 17:56:39 +0000 (23:26 +0530)]
secret: Set up default encryption secret key for the virtsecretd service
This commit sets the foundation for encrypting the libvirt secrets by providing a
secure way to pass a secret encryption key to the virtsecretd service.
A random secret key is generated using the new virt-secret-init-encryption
service. This key can be consumed by the virtsecretd service.
By using the "Before=" directive in the new virt-secret-init-encryption
service and using "Requires=" directive in the virtsecretd service,
we make sure that the daemon is run only after we have an encrypted
secret key file generated and placed in /var/lib/libvirt/secrets.
The virtsecretd service can then read the key from CREDENTIALS_DIRECTORY. [1]
This setup therefore provides a default key out-of-the-box for initial use.
A subsequent commit will introduce the logic for virtsecretd
to access and use this key via the $CREDENTIALS_DIRECTORY environment variable. [2]
Arun Menon [Tue, 10 Feb 2026 17:56:38 +0000 (23:26 +0530)]
util: Add support for GnuTLS decryption
Adds `virCryptoDecryptDataAESgnutls` and `virCryptoDecryptData`
as wrapper functions for GnuTLS decryption.
These functions are the inverse of the existing GnuTLS encryption wrappers.
This commit also includes a corresponding test case to validate data decryption.
Signed-off-by: Arun Menon <armenon@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Peter Krempa [Thu, 5 Feb 2026 14:10:36 +0000 (15:10 +0100)]
qemuProcessRefreshDisks: Don't bother to refresh disks on cold boot
The only thing that 'qemuProcessRefreshDisks' currently does is to
update tray state for disks. This makes no sense on cold boot since only
cdroms have tray and the tray is closed.
Avoid the extra call to 'query-block' on cold boot and just assume CDROM
has a closed tray.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Thu, 5 Feb 2026 13:31:41 +0000 (14:31 +0100)]
qemu: Refactor tray_status handling
Modify the monitor code to directly return values from 'virDomainDiskTray'
enum instead of two bools.
This allows simplification of the other code:
- qemuProcessRefreshDiskProps just assigns the value, thus can be deleted
- old_tray_status is no longer needed as we can directly access the
disk status instead and assign later
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Thu, 5 Feb 2026 13:18:46 +0000 (14:18 +0100)]
qemuDomainAttachDiskGeneric: Avoid unneeded disk property refresh after hotplug
The only thing the call to 'qemuProcessRefreshDiskProps' would update
from data gathered from a 'query-block' QMP call would be the state of
the tray of the device. We know that only CDROM devices have a tray and
after hotplug it's closed.
Remove the unneeded code and adjust tests.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 3 Feb 2026 14:14:14 +0000 (15:14 +0100)]
conf: domain: Add VIR_DOMAIN_DISK_TRAY_NONE state for devices without tray
Currently the default state was VIR_DOMAIN_DISK_TRAY_CLOSED. Not all
disks have a tray so add another state as the default and adjust code
which was based on the assumption that the tray is always present.
This change also removes the need for the 'tray' field in the disk
private data which was used inconsistently.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 4 Feb 2026 10:35:57 +0000 (11:35 +0100)]
qemu: monitor: Add test validating that 'eventHandlers' are properly sorted
The monitor code uses 'bsearch' to look up the event handler so the
event names must be properly listed. Until now only a comment reminded
us to do it. Add a test to verify that it is actually sorted properly.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 3 Feb 2026 17:01:15 +0000 (18:01 +0100)]
qemu: Drop 'removable' field from 'qemuDomainDiskInfo'
The only real use was in 'qemuProcessRefreshDiskProps' where it guarded
assignment of 'tray' status. Since qemu doesn't actually report any tray
status for devices which don't have a tray there's no need for the extra
guard.
Remove the field completely.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 3 Feb 2026 16:46:10 +0000 (17:46 +0100)]
qemuMigrationSrcBegin: Drop disk refresh step
Since 'qemuProcessRefreshDiskProps' doesn't remove the source since we
switched to blockdev mode, we don't need to update disk state at the
beginning of migration.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 3 Feb 2026 16:41:21 +0000 (17:41 +0100)]
qemuProcessRefreshDiskProps: Drop code to remove disk source
In blockdev mode, the guest OS can't force the drive to become empty
(opening cdrom tray doesn't remove media; floppies can't be ejected from
guest OS), so the check if a drive is empty is dead code at this point.
Remove it.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Thu, 11 Dec 2025 18:47:16 +0000 (19:47 +0100)]
qemu: Implement support for persistent reservation migration control
The 'migration' attribute for the '<reservations>' element allows to
control the persistent reservation migration feature independently of
the machine type default.
Add the XML plumbing and qemu support.
We consider it ABI for now since it influences qemu migration protocol.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
network: add comment to table that it belongs to libvirt
The result looks like
$ nft list ruleset
...snip...
table ip6 libvirt_network {
comment "Managed by libvirt for virtual networks: https://libvirt.org/firewall.html#the-virtual-network-driver"
chain forward {
...snip...
This should reduce the number of people wondering why
these rules exists.
Reviewed-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The virDomainInterfaceAddresses() API accepts @source argument,
but since this is hyperv, we can't really use _SRC_LEASE (we
didn't spawn any dnsmasq there), not _SRC_ARP. The only source
that's more or less usable is _SRC_AGENT. Okay, there's no QEMU
guest agent running, but hyperv has its own guest agent. In my
testing (with Linux guest) I had to install 'hyperv' package and
then enable 'hv_kvp_daemon.service'. After that,
Msvm_GuestNetworkAdapterConfiguration struct [1] contained guest
IP addresses.
There's one caveat though: the interface name
(virDomainInterface::name). We don't fetch that one even for
hypervDomainGetXMLDesc() case. And there's no <target dev=''/>
either nor device alias (v12.0.0-43-g4009126f17). So just put
InstanceID there for now, which is this long path, with some
UUIDs, e.g.:
When constructing a domain definition, NICs are fetched from WMI
and their MAC addresses are then parsed. Move this code into a
separate function so that it can be reused later.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
The aim of this helper is to convert subnet mask to prefix. For
instance for input "255.0.0.0" to return 8. Additionally, if the
input string is already a prefix (with optional leading slash
character) just return that number parsed.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
datatypes: Declare autofree func for virDomainInterface type
The virDomainInterface type (struct _virDomainInterface) is
defined in our public header and even has a public free function
(virDomainInterfaceFree()). But in our code we will want to use
automatic memory freeing for it. Hence, make appropriate
declaration in datatypes.h.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Dion Bosschieter [Tue, 10 Feb 2026 10:16:26 +0000 (11:16 +0100)]
nwfilter: move shared nwfilter driver functions into nwfilter_tech_driver.c
Introduce nwfilter_tech_driver.c which holds shared non driver specific
methods.
The following logic can be reused by new nwfilter drivers, which are not
ebiptables specific:
- data type print logic, used for constructing ascii cli arguments out
of nwfilter data;
- chain jump proto type l3_proto_idx logic;
- virNWFilterRule sorting.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Dion Bosschieter <dionbosschieter@gmail.com>
[DB: moved virstring.h include to source file & added to POTFILES] Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Dion Bosschieter [Thu, 12 Feb 2026 12:17:49 +0000 (12:17 +0000)]
nwfilter: remove redundant sys/utsname.h include
There are no calls to uname() in the ebiptables driver code.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Dion Bosschieter <dionbosschieter@gmail.com>
[DB: split from larger patch] Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Dion Bosschieter [Tue, 10 Feb 2026 10:16:25 +0000 (11:16 +0100)]
nwfilter: rename generic names to virNWFilter* and CamelCase
Rename generic nwfilter data types and functions to virNWFilter prefix
and convert them to CamelCase. These data types and functions are quite
common to any nwfilter driver implementation. Prior to moving them out
of the nwfilter_ebiptables_driver.c file, we'll first rename them.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Dion Bosschieter <dionbosschieter@gmail.com>
Adds documentation for the new USB bus/port addressing.
The new "port" attribute is explained.
Resolves: https://gitlab.com/libvirt/libvirt/-/issues/513
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Maximilian Martin <maximilian_martin@gmx.de>
tests: validate an XML config with USB bus/port set
USB bus/port addressing is translated into a bus/device addressing
at startup using the hostdev logic. This test covers XML parsing
and CLI formatting for bus/port addressing.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Maximilian Martin <maximilian_martin@gmx.de>
This patch implements USB bus/port matching in the XML schema.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Maximilian Martin <maximilian_martin@gmx.de>
[DB: split host USB search parts out into previous patches] Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
util: implement support for finding host USB devices by port
Extend the API for finding host USB devices, to allow requesting
a search based on the port.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Maximilian Martin <maximilian_martin@gmx.de>
[DB: split out of bigger patch] Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Prepare for adding the ability to find host USB devices based
on their port, by generalizing the APIs for device searching
into one all-purpose API
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Maximilian Martin <maximilian_martin@gmx.de>
[DB: split out of bigger patch] Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
virusb test data: add devpath files for port addressing
This patch adds devpath files to the virusb test data.
These files are mockups for the USB sysfs files that
contain the port of a USB device in dotted notation.
They are used for testing of USB bus/port matching.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Maximilian Martin <maximilian_martin@gmx.de>
Since commit 99a637a8 in qemu 10.0, the way the cmp_legacy flag is
reported changed. The same way as happend with the 'ht' flag in commit c6bd2dd634208, which was fixed in libvirt since commit ba16113c.
This causes migrations from a hypervisor running a qemu version before
that commit to a hypervisor running qemu after that commit fails
with the following error:
guest CPU doesn't match specification: extra features: cmp_legacy
We can just ignore this flag, just like we did with the 'ht' flag.
projects / thirdparty / libvirt.git / log
