[libvirt PATCH 0/9] src: some improvements to systemd unit files
by Daniel P. Berrangé
These were suggested by Lennart in
https://gitlab.com/libvirt/libvirt/-/issues/489
Daniel P. Berrangé (9):
src: remove After=local-fs.target from systemd units
src: remote deps on ip[6]tables/firewalld.service from systemd units
util: remove pointless wrappers for setrlimit/getrlimit
util: add helper for raising the max files limit
rpc: automatically raise max file limit in all daemons
src: set max open file limit to match systemd >= 240 defaults
util: relax requirement for logind to be running
src: remove dep on systemd-logind.service from unit files
util: add logging about node suspend availability
src/ch/virtchd.service.in | 11 ++---
src/interface/virtinterfaced.service.in | 1 -
src/libvirt_private.syms | 1 +
src/libxl/virtxend.service.in | 1 -
src/locking/virtlockd.service.in | 8 ++--
src/logging/virtlogd.service.in | 11 ++---
src/lxc/virtlxcd.service.in | 11 ++---
src/network/virtnetworkd.service.in | 4 --
src/node_device/virtnodedevd.service.in | 1 -
src/nwfilter/virtnwfilterd.service.in | 1 -
src/qemu/virtqemud.service.in | 11 ++---
src/remote/libvirtd.service.in | 14 ++-----
src/remote/virtproxyd.service.in | 1 -
src/rpc/virnetdaemon.c | 3 ++
src/secret/virtsecretd.service.in | 1 -
src/storage/virtstoraged.service.in | 1 -
src/util/virnodesuspend.c | 3 ++
src/util/virprocess.c | 56 ++++++++++++++++---------
src/util/virprocess.h | 1 +
src/util/virstring.c | 6 +++
src/util/virsystemd.c | 12 ++++++
src/vbox/virtvboxd.service.in | 1 -
src/vz/virtvzd.service.in | 1 -
tests/virshtest.c | 1 +
tools/virsh.c | 2 +-
25 files changed, 88 insertions(+), 76 deletions(-)
--
2.40.1
1 year, 3 months
Release of libvirt-9.6.0
by Jiri Denemark
The 9.6.0 release of both libvirt and libvirt-python is tagged and
signed tarballs and source RPMs are available at
https://download.libvirt.org/
https://download.libvirt.org/python/
Thanks everybody who helped with this release by sending patches,
reviewing, testing, or providing feedback. Your work is greatly
appreciated.
* Security
* ``CVE-2023-3750``: Fix race condition in storage driver leading to a crash
In libvirt-8.3 a bug was introduced which in rare cases could cause
``libvirtd`` or ``virtstoraged`` to crash if multiple clients attempted to
look up a storage volume by key, path or target path, while other clients
attempted to access something from the same storage pool.
* Improvements
* apparmor: All profiles and abstractions now support local overrides
This has long been the case for the ``virt-aa-helper`` profile, but has
now been extended to all other profiles and abstractions. The mechanism
used is the standard AppArmor 3.x one, where the contents of ``foo`` and
``abstractions/foo`` can be overridden by creating ``local/foo`` and
``abstractions/foo.d`` respectively.
* qemu: Support ``removable`` attribute for scsi disk
Now the scsi disk device (``/disk@device='disk'`` and
``/disk/target@bus='scsi'``) supports the ``removable`` attribute at
``/disk/target@removable```.
* qemu: Add NUMA node automatically for memory hotplug
Users no longer need to specify guest NUMA node in the domain XML when
enabling memory hotplug, libvirt automatically adds one when it is missing.
* qemu: Consider ``BeeGFS`` as a shared filesystem
Allow migration with non-shared storage for VMs accessing storage via
``BeeGFS``.
* Bug fixes
* qemu: Adapt to new way of specifying PC speaker
PC speaker is now usable again with newer QEMU since the change of how it
is specified on the command line.
* qemu_tpm: Try harder to create emulator state
Libvirt no longer considers empty directory valid SWTPM state and setup is
now run properly in such case.
Enjoy.
Jirka
1 year, 3 months
[PATCH] NEWS: Mention CVE-2023-3750 and BeeGFS migration support
by Peter Krempa
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
NEWS.rst | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/NEWS.rst b/NEWS.rst
index 8f0c67f779..e31448e829 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -13,6 +13,13 @@ v9.6.0 (unreleased)
* **Security**
+ * ``CVE-2023-3750``: Fix race condition in storage driver leading to a crash
+
+ In **libvirt-8.3** a bug was introduced which in rare cases could cause
+ ``libvirtd`` or ``virtstoraged`` to crash if multiple clients attempted to
+ look up a storage volume by key, path or target path, while other clients
+ attempted to access something from the same storage pool.
+
* **Removed features**
* **New features**
@@ -38,6 +45,11 @@ v9.6.0 (unreleased)
Users no longer need to specify guest NUMA node in the domain XML when
enabling memory hotplug, libvirt automatically adds one when it is missing.
+ * qemu: Consider ``BeeGFS`` as a shared filesystem
+
+ Allow migration with non-shared storage for VMs accessing storage via
+ ``BeeGFS``.
+
* **Bug fixes**
* qemu: Adapt to new way of specifying PC speaker
--
2.41.0
1 year, 3 months
[PATCH Libvirt 00/11] Support dirty page rate upper limit
by ~hyman
QEMU introduced the dirty page rate limit feature in 7.1.0, see the
details in the following link:
https://lore.kernel.org/qemu-
devel/cover.1656177590.git.huangy81(a)chinatelecom.cn/
So maybe it's the right time to enable this feature in libvirt and the
upper user can play with it, expecting the upper app can use this
feature to do a virtual CPU Qos or whatever else.
Introduce the virsh API as follows:
# virsh limit-dirty-page-rate <domain> [--rate <number>] [--vcpu
<number>] [--cancel]
Examples:
To set the dirty page rate upper limit 60MB/s for all virtual CPUs in
c81_node1, use:
# virsh limit-dirty-page-rate c81_node1 --rate 60
Set dirty page rate limit 60(MB/s) on all virtual CPUs successfully
To set the dirty page rate upper limit 35MB/s for virtual CPU 1 in
c81_node1, use:
# virsh limit-dirty-page-rate c81_node1 --rate 35 --vcpu 1
Set vcpu[1] dirty page rate upper limit 35(MB/s) successfully
Specify the 'cancel' option to do the reverse, the optional option
'vcpu' is used to specify the CPU index to be set.
To query the dirty page rate upper limit, use:
# virsh vcpuinfo c81_node1
VCPU: 0
CPU: 14
State: running
CPU time: 27.1s
CPU Affinity: yyyyyyyyyyyyyyyy
DirtyRate limit: 60
DirtyRate current: 0
VCPU: 1
CPU: 1
State: running
CPU time: 25.1s
CPU Affinity: yyyyyyyyyyyyyyyy
DirtyRate limit: 35
DirtyRate current: 0
VCPU: 2
CPU: 7
State: running
CPU time: 6.0s
CPU Affinity: yyyyyyyyyyyyyyyy
DirtyRate limit: 60
DirtyRate current: 0
VCPU: 3
CPU: 8
State: running
CPU time: 3.5s
CPU Affinity: yyyyyyyyyyyyyyyy
DirtyRate limit: 60
DirtyRate current: 0
The patch set adds two new APIs to implement a dirty page rate limit:
1. virDomainSetVcpuDirtyLimit, which set virtual CPU dirty page rate
limit. virsh command 'limit-dirty-page-rate' correspondingly.
2. virDomainCancelVcpuDirtyLimit, which cancel virtual CPU dirty page
rate
limit. 'cancel' option was introduced to 'limit-dirty-page-rate' to
cancel
the limit correspondingly.
In addition, function 'qemuMonitorQueryVcpuDirtyLimit' was implemented
to query the dirty page rate upper limit, the virsh command 'vcpuinfo'
was extended. So that the user can query dirty page rate limit info via
'vcpuinfo'.
This series makes the main modifications as follows:
- introduce QEMU_CAPS_VCPU_DIRTY_LIMIT capability so that libvirt
can probe before using dirty page rate upper limit feature.
- implement virsh command 'limit-dirty-page-rate' to set/cancel dirty
page rate upper limit.
- extend 'vcpuinfo' API so that it can display dirty page rate upper
limit.
- document dirty page rate limit feature.
Please review, and hoping the comments, thanks !
Yong
Hyman Huang(黄勇) (11):
qemu_capabilities: Introduce QEMU_CAPS_VCPU_DIRTY_LIMIT capability
libvirt: Add virDomainSetVcpuDirtyLimit API
qemu_driver: Implement qemuDomainSetVcpuDirtyLimit
virsh: Introduce limit-dirty-page-rate api
qemu_monitor: Implement qemuMonitorQueryVcpuDirtyLimit
qemu_driver: Extend qemuDomainGetVcpus
virsh: Extend vcpuinfo api
libvirt: Add virDomainCancelVcpuDirtyLimit API
qemu_driver: Implement qemuDomainCancelVcpuDirtyLimit
virsh: Add cancel option of limit-dirty-page-rate api
NEWS: Document limit dirty page rate APIs
NEWS.rst | 16 ++
include/libvirt/libvirt-domain.h | 22 +++
src/driver-hypervisor.h | 13 ++
src/libvirt-domain.c | 106 ++++++++++++
src/libvirt_public.syms | 6 +
src/qemu/qemu_capabilities.c | 2 +
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_driver.c | 154 ++++++++++++++++++
src/qemu/qemu_monitor.c | 36 ++++
src/qemu/qemu_monitor.h | 26 +++
src/qemu/qemu_monitor_json.c | 150 +++++++++++++++++
src/qemu/qemu_monitor_json.h | 13 ++
src/remote/remote_daemon_dispatch.c | 2 +
src/remote/remote_driver.c | 4 +
src/remote/remote_protocol.x | 28 +++-
src/remote_protocol-structs | 13 ++
.../qemucapabilitiesdata/caps_7.1.0_ppc64.xml | 1 +
.../caps_7.1.0_x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_7.2.0_ppc.xml | 1 +
.../caps_7.2.0_x86_64+hvf.xml | 1 +
.../caps_7.2.0_x86_64.xml | 1 +
.../caps_8.0.0_riscv64.xml | 1 +
.../caps_8.0.0_x86_64.xml | 1 +
.../qemucapabilitiesdata/caps_8.1.0_s390x.xml | 1 +
.../caps_8.1.0_x86_64.xml | 1 +
tools/virsh-domain.c | 123 ++++++++++++++
26 files changed, 723 insertions(+), 1 deletion(-)
--
2.38.5
1 year, 3 months