Release of libvirt-8.0.0
by Jiri Denemark
The 8.0.0 release of both libvirt and libvirt-python is tagged and
signed tarballs and source RPMs are available at
https://libvirt.org/sources/
https://libvirt.org/sources/python/
Thanks everybody who helped with this release by sending patches,
reviewing, testing, or providing feedback. Your work is greatly
appreciated.
* Security
* libxl: Fix potential deadlock and crash (CVE-2021-4147)
A rogue guest could continuously reboot itself and cause libvirtd on the
host to deadlock or crash, resulting in a denial of service condition.
* Removed features
* qemu: Explicitly forbid live changing nodeset for strict numatune
For ``strict`` mode of <numatune/> it can't be guaranteed that memory is
moved completely onto new set of nodes (e.g. QEMU might have locked pieces
of its memory) thus breaking the strict promise. If live migration of QEMU
memory between NUMA nodes is desired, users are advised to use
``restrictive`` mode instead.
* New features
* qemu: Synchronous write mode for disk copy operations
The ``blockdev-mirror`` block job supports a mode where writes from the VM
are synchronously propagated to the destination of the copy. This ensures
that the job will converge under heavy I/O.
Implement the mode for the copy blockjob as
``VIR_DOMAIN_BLOCK_COPY_SYNCHRONOUS_WRITES`` flag exposed via
``virsh blockcopy --synchronous-writes`` and for non-shared storage migration
as ``VIR_MIGRATE_NON_SHARED_SYNCHRONOUS_WRITES`` exposed via
``virsh migrate --copy-storage-synchronous-writes``.
* Introduce TCG domain features
Libvirt is now able to set the size of translation block cache size
(tb-size) for TCG domains.
* qemu: Add new API to inject a launch secret in a domain
New API ``virDomainSetLaunchSecurityState()`` and virsh command
``domsetlaunchsecstate`` are added to support injecting a launch secret
in a domain's memory.
* Improvements
* libxl: Implement the virDomainGetMessages API
* qemu: Preserve qcow2 sub-cluster allocation state after external snapshots and block-copy
The new image which is installed as an overlay on top of the current chain
when taking an external snapshot, or the target of a block copy operation
now enables sub-cluster allocation (``extended_l2``) if the original
image has the option enabled.
* Bug fixes
* qemu: Fix device hot-unplug with ``libvirt-7.9`` or ``libvirt-7.10`` used with ``qemu-6.2``
An internal change to the configuration format used by the above libvirt
versions triggers a bug in ``qemu-6.2`` where qemu no longer emits the
event notifying that the device was unplugged successfully and thus libvirt
never removes the device from the definition.
This impacts only devices which were present at startup of the VM, hotplugged
devices behave correctly.
This is fixed in ``libvirt-8.0`` by reverting to the old configuration
approach until qemu is fixed.
As a workaround for ``libvirt-7.9`` and ``libvirt-7.10`` the old configuration
approach can be forced by:
Option 1, global ``qemu.conf``::
capability_filters = [ "device.json" ]
Option 2, per VM XML override::
<domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
[...]
<qemu:capabilities>
<qemu:del capability='device.json'/>
</qemu:capabilities>
</domain>
* Fix sparse streams with split daemon
In split daemon scenario, a client connected to a hypervisor driver and
using sparse streams (e.g. ``virsh vol-download --sparse``) would make the
hypervisor daemon enter an infinite loop without any data transfer. This is
now fixed.
* Build no longer requires RPC library
Code and its cross dependencies were fixed so that build without remote
driver and thus an RPC library (like ``tirpc``) fails no more.
* virnetdevopenvswitch: Fix 'burst' value passed to ovs-vsctl
When a ``<bandwidth/>`` was defined for a TAP device that's plugged into an
OvS bridge values passed to the OvS were incorrectly recalculated resulting
in slightly different limits being applied.
Enjoy.
Jirka
2 years, 9 months
[libvirt PATCH 00/14] Random fixes and improvements
by Tim Wiederhake
A collection of drive-by fixes and improvements that quickly derailed
into the g_auto-ification of src/conf/interface_conf.c.
Tim Wiederhake (14):
docs: coding-style: Clarify on virXXXPtr types
virQEMUCapsSEVInfoCopy: Remove superfluous g_auto usage
virInterfaceDefDevFormat: Add missing error handling
conf: interface: Preparation for g_auto
conf: interface: Use g_auto
conf: interface: Remove ret and goto
virInterfaceDefParseXML: Inline trivial virInterfaceDefParseName
virInterfaceDefParseIP: Simplify and cleanup
virInterfaceDefParseDhcp: Simplify and cleanup
virInterfaceDefParseProtoIPv4: Simplify and cleanup
virInterfaceDefParseProtoIPv6: Simplify and cleanup
virInterfaceDefParseIfAdressing: Simplify and cleanup
virInterfaceDefParseXML: Simplify and cleanup
virInterfaceDefParse: Simplify and cleanup
docs/coding-style.rst | 5 +
src/conf/interface_conf.c | 357 ++++++++++++-----------------------
src/qemu/qemu_capabilities.c | 4 +-
3 files changed, 128 insertions(+), 238 deletions(-)
--
2.31.1
2 years, 9 months
[libvirt PATCH for-8.0.0] virt-ssh-helper: Move manual page to section 8
by Andrea Bolognani
While sections are somewhat loosely defined and thus the choice
is not quite a clear-cut one, section 8 might be a slightly
better fit in this case.
Suggested-by: Olaf Hering <olaf(a)aepfle.de>
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
We could also merge this after 8.0.0, but I think it would be a
little bit nicer if the manual page didn't move around between
releases.
docs/manpages/meson.build | 2 +-
docs/manpages/virt-ssh-helper.rst | 2 +-
libvirt.spec.in | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/docs/manpages/meson.build b/docs/manpages/meson.build
index 6763d19af8..150f45d296 100644
--- a/docs/manpages/meson.build
+++ b/docs/manpages/meson.build
@@ -19,11 +19,11 @@ docs_man_files = [
{ 'name': 'virt-pki-query-dn', 'section': '1', 'install': true },
{ 'name': 'virt-pki-validate', 'section': '1', 'install': true },
{ 'name': 'virt-qemu-run', 'section': '1', 'install': conf.has('WITH_QEMU') },
- { 'name': 'virt-ssh-helper', 'section': '1', 'install': conf.has('WITH_LIBVIRTD') },
{ 'name': 'virt-xml-validate', 'section': '1', 'install': true },
{ 'name': 'libvirtd', 'section': '8', 'install': conf.has('WITH_LIBVIRTD') },
{ 'name': 'virt-sanlock-cleanup', 'section': '8', 'install': conf.has('WITH_SANLOCK') },
+ { 'name': 'virt-ssh-helper', 'section': '8', 'install': conf.has('WITH_LIBVIRTD') },
{ 'name': 'virtbhyved', 'section': '8', 'install': conf.has('WITH_BHYVE') },
{ 'name': 'virtinterfaced', 'section': '8', 'install': conf.has('WITH_INTERFACE') },
{ 'name': 'virtlockd', 'section': '8', 'install': conf.has('WITH_LIBVIRTD') },
diff --git a/docs/manpages/virt-ssh-helper.rst b/docs/manpages/virt-ssh-helper.rst
index 175ddacaec..9d0cf10bc3 100644
--- a/docs/manpages/virt-ssh-helper.rst
+++ b/docs/manpages/virt-ssh-helper.rst
@@ -6,7 +6,7 @@ virt-ssh-helper
libvirt socket proxy
--------------------
-:Manual section: 1
+:Manual section: 8
:Manual group: Virtualization Support
.. contents::
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 7a90a1a9e6..db9d622699 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1693,7 +1693,7 @@ exit 0
%{_mandir}/man1/virt-admin.1*
%{_mandir}/man1/virt-host-validate.1*
-%{_mandir}/man1/virt-ssh-helper.1*
+%{_mandir}/man8/virt-ssh-helper.8*
%{_mandir}/man8/libvirtd.8*
%{_mandir}/man8/virtlogd.8*
%{_mandir}/man8/virtlockd.8*
--
2.31.1
2 years, 9 months
[PATCH] Print errors on daemon startup if logging setup fails
by Martin Kletzander
https://bugzilla.redhat.com/show_bug.cgi?id=2039652
Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
---
src/locking/lock_daemon.c | 4 +++-
src/logging/log_daemon.c | 4 +++-
src/remote/remote_daemon.c | 4 +++-
3 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/src/locking/lock_daemon.c b/src/locking/lock_daemon.c
index ea81940a4325..75ebd059d79a 100644
--- a/src/locking/lock_daemon.c
+++ b/src/locking/lock_daemon.c
@@ -919,8 +919,10 @@ int main(int argc, char **argv) {
config->log_outputs,
privileged,
verbose,
- godaemon) < 0)
+ godaemon) < 0) {
+ virDispatchError(NULL);
exit(EXIT_FAILURE);
+ }
if (!pid_file &&
virPidFileConstructPath(privileged,
diff --git a/src/logging/log_daemon.c b/src/logging/log_daemon.c
index fe7fa8534aec..8c3eb66895dc 100644
--- a/src/logging/log_daemon.c
+++ b/src/logging/log_daemon.c
@@ -725,8 +725,10 @@ int main(int argc, char **argv) {
config->log_outputs,
privileged,
verbose,
- godaemon) < 0)
+ godaemon) < 0) {
+ virDispatchError(NULL);
exit(EXIT_FAILURE);
+ }
if (!pid_file &&
virPidFileConstructPath(privileged,
diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c
index 84157e6cc19a..1b8e982a2f01 100644
--- a/src/remote/remote_daemon.c
+++ b/src/remote/remote_daemon.c
@@ -940,8 +940,10 @@ int main(int argc, char **argv) {
config->log_outputs,
privileged,
verbose,
- godaemon) < 0)
+ godaemon) < 0) {
+ virDispatchError(NULL);
exit(EXIT_FAILURE);
+ }
/* Let's try to initialize global variable that holds the host's boot time. */
if (virHostBootTimeInit() < 0) {
--
2.34.1
2 years, 9 months
[PATCH] meson: Detect rst2html5 and rst2man only when needed
by Ivan Teterevkov
Detect these commands in docs/meson.build, i.e. only when
users enable documentation.
Signed-off-by: Ivan Teterevkov <ivan.teterevkov(a)nutanix.com>
---
docs/meson.build | 41 +++++++++++++++++++++++++++++++++++++++++
meson.build | 31 -------------------------------
2 files changed, 41 insertions(+), 31 deletions(-)
diff --git a/docs/meson.build b/docs/meson.build
index 3e912f21ad..50c12cc3c2 100644
--- a/docs/meson.build
+++ b/docs/meson.build
@@ -171,6 +171,47 @@ docs_lxc_api_xml = docs_api_generated[1]
docs_qemu_api_xml = docs_api_generated[2]
docs_admin_api_xml = docs_api_generated[3]
+docs_programs_groups = [
+ { 'name': 'rst2html5', 'prog': [ 'rst2html5', 'rst2html5.py', 'rst2html5-3' ] },
+ { 'name': 'rst2man', 'prog': [ 'rst2man', 'rst2man.py', 'rst2man-3' ] },
+]
+
+foreach item : docs_programs_groups
+ prog = find_program(item.get('prog'), dirs: libvirt_sbin_path)
+ varname = item.get('name').underscorify()
+ conf.set_quoted(varname.to_upper(), prog.path())
+ set_variable('@0@_prog'.format(varname), prog)
+endforeach
+
+# There are two versions of rst2html5 in the wild: one is the version
+# coming from the docutils package, and the other is the one coming
+# from the rst2html5 package. These versions are subtly different,
+# and the libvirt documentation can only be successfully generated
+# using the docutils version. Every now and then, users will report
+# build failures that can be traced back to having the wrong version
+# installed.
+#
+# The only reliable way to tell the two binaries apart seems to be
+# looking look at their version information: the docutils version
+# will report
+#
+# rst2html5 (Docutils ..., Python ..., on ...)
+#
+# whereas the rst2html5 version will report
+#
+# rst2html5 ... (Docutils ..., Python ..., on ...)
+#
+# with the additional bit of information being the version number for
+# the rst2html5 package itself.
+#
+# Use this knowledge to detect the version that we know doesn't work
+# for building libvirt and reject it
+rst2html5_version = run_command(rst2html5_prog, '--version')
+rst2html5_version = rst2html5_version.stdout().split(' ')
+if rst2html5_version[1] != '(Docutils'
+ error('Please uninstall the rst2html5 package and install the docutils package')
+endif
+
docs_rst2html5_gen = generator(
rst2html5_prog,
output: '@BASENAME@.html.in',
diff --git a/meson.build b/meson.build
index 214a3f05eb..0d98f13d5e 100644
--- a/meson.build
+++ b/meson.build
@@ -788,8 +788,6 @@ required_programs = [
required_programs_groups = [
{ 'name': 'rpcgen', 'prog': [ 'rpcgen', 'portable-rpcgen' ] },
- { 'name': 'rst2html5', 'prog': [ 'rst2html5', 'rst2html5.py', 'rst2html5-3' ] },
- { 'name': 'rst2man', 'prog': [ 'rst2man', 'rst2man.py', 'rst2man-3' ] },
]
if host_machine.system() == 'freebsd'
@@ -810,35 +808,6 @@ foreach item : required_programs_groups
set_variable('@0@_prog'.format(varname), prog)
endforeach
-# There are two versions of rst2html5 in the wild: one is the version
-# coming from the docutils package, and the other is the one coming
-# from the rst2html5 package. These versions are subtly different,
-# and the libvirt documentation can only be successfully generated
-# using the docutils version. Every now and then, users will report
-# build failures that can be traced back to having the wrong version
-# installed.
-#
-# The only reliable way to tell the two binaries apart seems to be
-# looking look at their version information: the docutils version
-# will report
-#
-# rst2html5 (Docutils ..., Python ..., on ...)
-#
-# whereas the rst2html5 version will report
-#
-# rst2html5 ... (Docutils ..., Python ..., on ...)
-#
-# with the additional bit of information being the version number for
-# the rst2html5 package itself.
-#
-# Use this knowledge to detect the version that we know doesn't work
-# for building libvirt and reject it
-rst2html5_version = run_command(rst2html5_prog, '--version')
-rst2html5_version = rst2html5_version.stdout().split(' ')
-if rst2html5_version[1] != '(Docutils'
- error('Please uninstall the rst2html5 package and install the docutils package')
-endif
-
# optional programs
optional_programs = [
--
2.35.0-rc0
2 years, 9 months
[PATCH] NEWS: Mention propagation of sub-cluster allocation on snapshots and block-copy
by Peter Krempa
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
NEWS.rst | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/NEWS.rst b/NEWS.rst
index d9fd50a067..c6970814b1 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -57,6 +57,13 @@ v8.0.0 (unreleased)
* libxl: Implement the virDomainGetMessages API
+ * qemu: Preserve qcow2 sub-cluster allocation state after external snapshots and block-copy
+
+ The new image which is installed as an overlay on top of the current chain
+ when taking an external snapshot, or the target of a block copy operation
+ now enables sub-cluster allocation (``extended_l2``) if the original
+ image has the option enabled.
+
* **Bug fixes**
* qemu: Fix device hot-unplug with ``libvirt-7.9`` or ``libvirt-7.10`` used with ``qemu-6.2``
--
2.31.1
2 years, 9 months
Entering freeze for libvirt-8.0.0
by Jiri Denemark
I have just tagged v8.0.0-rc1 in the repository and pushed signed
tarballs and source RPMs to https://libvirt.org/sources/
Please give the release candidate some testing and in case you find a
serious issue which should have a fix in the upcoming release, feel
free to reply to this thread to make sure the issue is more visible.
If you have not done so yet, please update NEWS.rst to document any
significant change you made since the last release.
Thanks,
Jirka
2 years, 9 months
[PATCH] docs: tpm: Clarify omission or removal of active_pcr_banks node
by Stefan Berger
Add a sentence to the active_pcr_banks node documentation that clarifies
that when the active_pcr_banks node is removed from the XML or when it
is omitted that the set of active PCR banks is not changed anymore.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2039246
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
docs/formatdomain.rst | 2 ++
1 file changed, 2 insertions(+)
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index d4f30bb8af..a84be77c37 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -7640,6 +7640,8 @@ Example: usage of the TPM Emulator
of a TPM 2.0 to activate. Valid names are for example sha1, sha256, sha384,
and sha512. If this node is provided, the set of PCR banks are activated
before every start of a VM and this step is logged in the swtpm's log.
+ If this node is removed or omitted then libvirt will not modify the
+ active PCR banks upon VM start but leave them at their last configuration.
This attribute requires that swtpm_setup v0.7 or later is installed
and may not have any effect otherwise. The selection of PCR banks only works
with the ``emulator`` backend. since:`Since 7.10.0`
--
2.31.1
2 years, 9 months
[PATCH] NEWS: Document my contributions for upcoming release
by Michal Privoznik
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
NEWS.rst | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/NEWS.rst b/NEWS.rst
index b5893627e3..32ab0c801e 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -90,6 +90,24 @@ v8.0.0 (unreleased)
</qemu:capabilities>
</domain>
+ * Fix sparse streams with split daemon
+
+ In split daemon scenario, when a client connected to a hypervisor driver
+ using sparse streams (e.g. ``virsh vol-download --sparse``) would make the
+ hypervisor daemon enter an infinite loop without any data transfer. This is
+ now fixed.
+
+ * Build no longer requires RPC library
+
+ Code and its cross dependencies were fixed so that build without remote
+ driver and thus an RPC library (like ``tirpc``) fails no more.
+
+ * virnetdevopenvswitch: Fix 'burst' value passed to ovs-vsctl
+
+ When a ``<bandwidth/>`` was defined for an TAP device that's plugged into an
+ OvS bridge values passed to the OvS were incorrectly recalculated resulting
+ in slightly different limits being applied.
+
v7.10.0 (2021-12-01)
====================
--
2.34.1
2 years, 9 months
[PATCH] rpc: Emit a warning when applying RPC throttling
by Ivan Teterevkov
Whenever the number of outstanding requests being served reaches
max_client_requests, the RPC server applies RX throttling and
temporarily stops receiving incoming data. Consequently, it stops
receiving the keep-alive responses from the client and eventually
may cause a connection timeout on the server-side.
This patch emits a warning message in such cases so that the users
may root-cause the connection timeout and reconfigure
max_client_requests depending on their application.
Signed-off-by: Ivan Teterevkov <ivan.teterevkov(a)nutanix.com>
---
src/rpc/virnetserverclient.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c
index 7050430e17..9d86e1ba3e 100644
--- a/src/rpc/virnetserverclient.c
+++ b/src/rpc/virnetserverclient.c
@@ -1293,6 +1293,10 @@ static virNetMessage *virNetServerClientDispatchRead(virNetServerClient *client)
client->rx->buffer = g_new0(char, client->rx->bufferLength);
client->nrequests++;
}
+ } else {
+ VIR_WARN("Applying RPC throttling, consider increasing "
+ "max_client_requests (client->nrequests_max=%zu)",
+ client->nrequests_max);
}
virNetServerClientUpdateEvent(client);
--
2.35.0-rc0
2 years, 9 months