March 2025 - Devel - libvirt List Archives

[PATCH 00/26] integrate auto-shutdown of VMs with daemons
by Daniel P. Berrangé 11 Mar '25

11 Mar '25

This series starts the work needed to obsolete the libvirt-guests.sh script which has grown a surprisingly large amount of functionality. Currently the virt daemons will acquire inhibitors to delay OS shutdown when VMs are running. The libvirt-guests.service unit can be used to call libvirt-guests.sh to shutdown running VMs on system shutdown. This split is a bad architecture because libvirt-guests.service will only run once the system has decided to initiate the shutdown sequence. When the user requests as shutdown while inhibitors are present, logind will emit a "PrepareForShutdown" signal over dbus. Applications are supposed to respond to this by preserving state & releasing their inhibitors, which in turns allows shutdown to be initiated. The remote daemon already has support for listening for the "PrepareForShutdown" signal, but only does this for session instances, not system instances. This series essentially takes that logic and expands it to run in the system instances too, thus conceptually making libvirt-guests.service obsolete. It is slightly more complicated than that though for many reasons... Saving running VMs can take a very long time. The inhibitor delay can be as low as 5 seconds, and when killing a service, systemd may not wait very long for it to terminate. libvirt-guests.service deals with this by setting TimeoutStopSecs=0 to make systemd wait forever. This is undesirable to set in libvirtd.service though, as we would like systemd to kill the daemon aggressively if it hangs. The series thus uses the notification protocol to request systemd give it more time to shutdown, as long as we're in the phase of saving running VMs. A bug in this code will still result in systemd waiting forever, which is no different from libvirt-guests.service, but a bug in any other part of the libvirt daemon shutdown code will result in systemd killing us. The existing logic for saving VMs in the session daemons had many feature gaps compared to libvirt-guests.sh. Thus there is code to add support * Requesting graceful OS shutdown if managed save failed * Force poweroff of VMs if no other action worked * Optionally enabling/disabling use of managed save, graceful shutdown and force poweroff, which is more flexible than ON_SHUTDOWN=nnn, as we can try the whole sequence of options * Ability to bypass cache in managed save * Support for one-time autostart of VMs as an official API To aid in testing this logic, virt-admin gains a new command 'virt-admin daemon-shutdown --preserve' All this new functionality is wired up into the QEMU driver, and is made easily accessible to other hypervisor drivers, so would easily be extendable to Xen, CH, LXC drivers, but this is not done in this series. IOW, libvirt-guests.service is not yet fully obsolete. The new functionality is also not enabled by default for the system daemon, it requires explicit admin changes to /etc/libvirt/qemu.conf to enable it. This is because it would clash with execution of the libvirt-guests.service if both were enabled. It is highly desirable that we enable this by default though, so we need to figure out a upgrade story wrt libvirt-guests.service. The only libvirt-guests.sh features not implemented are: * PARALLEL_SHUTDOWN=nn. When doing a graceful shutdown we initiate it on every single VM at once, and then monitor progress of all of them in parallel. * SYNC_TIME=nn When make not attempt to sync guest time when restoring from managed save. This ought to be fixed Daniel P. Berrangé (26): util: add APIs for more systemd notifications remote: notify systemd when reloading config hypervisor: introduce helper for autostart src: convert drivers over to use new autostart helper hypervisor: add support for delay interval during autostart qemu: add 'auto_start_delay' configuration parameter hypervisor: move support for auto-shutdown out of QEMU driver remote: always invoke virStateStop for all daemons hypervisor: expand available shutdown actions hypervisor: custom shutdown actions for transient vs persistent VMs qemu: support automatic VM managed save in system daemon qemu: improve shutdown defaults for session daemon qemu: configurable delay for shutdown before poweroff hypervisor: support bypassing cache for managed save qemu: add config parameter to control auto-save bypass cache src: add new APIs for marking a domain to autostart once conf: implement support for autostart once feature hypervisor: wire up support for auto restore of running domains qemu: wire up support for once only autostart qemu: add config to control if auto-shutdown VMs are restored rpc: move state stop into virNetDaemon class rpc: don't unconditionally quit after preserving state rpc: fix shutdown sequence when preserving state admin: add 'daemon-shutdown' command rpc: don't let systemd shutdown daemon while saving VMs hypervisor: send systemd status messages while saving include/libvirt/libvirt-admin.h | 13 ++ include/libvirt/libvirt-domain.h | 4 + src/admin/admin_protocol.x | 11 +- src/admin/admin_server_dispatch.c | 13 ++ src/admin/libvirt-admin.c | 33 ++++ src/admin/libvirt_admin_public.syms | 5 + src/bhyve/bhyve_driver.c | 53 ++---- src/conf/domain_conf.c | 6 +- src/conf/domain_conf.h | 1 + src/conf/virdomainobjlist.c | 7 +- src/driver-hypervisor.h | 10 ++ src/hypervisor/domain_driver.c | 250 ++++++++++++++++++++++++++++ src/hypervisor/domain_driver.h | 42 +++++ src/libvirt-domain.c | 87 ++++++++++ src/libvirt_private.syms | 10 +- src/libvirt_public.syms | 6 + src/libvirt_remote.syms | 2 +- src/libxl/libxl_driver.c | 36 ++-- src/lxc/lxc_driver.c | 13 +- src/lxc/lxc_process.c | 18 +- src/lxc/lxc_process.h | 2 + src/qemu/libvirtd_qemu.aug | 7 + src/qemu/qemu.conf.in | 59 +++++++ src/qemu/qemu_conf.c | 63 +++++++ src/qemu/qemu_conf.h | 7 + src/qemu/qemu_driver.c | 203 +++++++++++++--------- src/qemu/test_libvirtd_qemu.aug.in | 7 + src/remote/libvirtd.service.in | 2 +- src/remote/remote_daemon.c | 78 +++------ src/remote/remote_driver.c | 2 + src/remote/remote_protocol.x | 30 +++- src/remote_protocol-structs | 12 ++ src/rpc/gendispatch.pl | 4 +- src/rpc/virnetdaemon.c | 212 +++++++++++++++++++---- src/rpc/virnetdaemon.h | 20 ++- src/util/virsystemd.c | 41 ++++- src/util/virsystemd.h | 6 +- src/virtd.service.in | 2 +- tools/virsh-domain-monitor.c | 5 + tools/virsh-domain.c | 39 ++++- tools/virt-admin.c | 41 +++++ 41 files changed, 1181 insertions(+), 281 deletions(-) -- 2.47.1

2 73

[PATCH] util: Require libnl for Linux
by Akihiko Odaki 11 Mar '25

11 Mar '25

Builds for Linux without libnl is broken since commit 582f0966f9b9e2148d8887d072364e2a91aed000 so make libnl mandatory for Linux. Another option is to fix such builds, but it can bring more problems than benefits. libnl is available on all supported distributions so the only practical situation to lack libnl is that a developer does not have a development package of libnl installed. Enabling builds in such a situation make developers use builds divergent from CI and end-user scenarios, which has some implications. Builds without libnl lack several features such as SR-IOV, bridge/tap, switchdev, macvlan, veth, and vlan. Some part of libvirt may expect these features are readily available on Linux, and the lack of libnl may cause a build failure like one mentioned earlier or runtime errors even harder to debug. Developers will then be forced to debug such bugs and to choose either fixing the build configuration that has no real user or work around the issue by installing the development package. In any case, the bridge/tap configuration is one of the fundamental features and developers are likely to want libnl for it. Save the potential trouble for developers by requiring libnl for Linux and let Meson direct them to install libnl. Signed-off-by: Akihiko Odaki <akihiko.odaki(a)daynix.com> --- Supersedes: <20250307-nl-v1-1-c66fc2bf8703(a)daynix.com> ("[PATCH] util: Check libnl function availability") --- libvirt.spec.in | 2 - meson.build | 16 +-- meson_options.txt | 1 - src/util/virnetdev.c | 223 +++++++++++++++---------------------- src/util/virnetdevbridge.c | 27 +---- src/util/virnetdevip.c | 230 +++++++++++++++++++-------------------- src/util/virnetdevmacvlan.c | 6 +- src/util/virnetdevveth.c | 35 ------ src/util/virnetdevvportprofile.c | 8 +- src/util/virnetlink.c | 8 +- src/util/virnetlink.h | 4 +- tests/virnetdevtest.c | 8 -- 12 files changed, 222 insertions(+), 346 deletions(-) diff --git a/libvirt.spec.in b/libvirt.spec.in index cb41ea1de1c6cd3d3d5f8c810d0df7be4f7d490f..9396029dd394d218f2c1c01740ad41754786dd04 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1421,7 +1421,6 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/libvirt.spec) -Dlibpcap=enabled \ %{?arg_nbdkit} \ %{?arg_nbdkit_config_default} \ - -Dlibnl=enabled \ -Daudit=enabled \ -Ddtrace=enabled \ -Dfirewalld=enabled \ @@ -1493,7 +1492,6 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/libvirt.spec) -Dlibiscsi=disabled \ -Dnbdkit=disabled \ -Dnbdkit_config_default=disabled \ - -Dlibnl=disabled \ -Dlibpcap=disabled \ -Dlibssh2=disabled \ -Dlibssh=disabled \ diff --git a/meson.build b/meson.build index 2d76a0846c6b94f8d168d25f09dd60954db770cb..fd90bb5b3005ac7ece24da4432fad78bdffdefe7 100644 --- a/meson.build +++ b/meson.build @@ -1086,18 +1086,10 @@ endif conf.set10('USE_NBDKIT_DEFAULT', use_nbdkit_default) libnl_version = '3.0' -if not get_option('libnl').disabled() and host_machine.system() == 'linux' - libnl_dep = dependency('libnl-3.0', version: '>=' + libnl_version, required: get_option('libnl')) - libnl_route_dep = dependency('libnl-route-3.0', version: '>=' + libnl_version, required: get_option('libnl')) - - if libnl_dep.found() and libnl_route_dep.found() - libnl_dep = declare_dependency( - dependencies: [ libnl_dep, libnl_route_dep ], - ) - conf.set('WITH_LIBNL', 1) - endif -elif get_option('libnl').enabled() - error('libnl can be enabled only on linux') +if host_machine.system() == 'linux' + libnl_dep = dependency('libnl-3.0', version: '>=' + libnl_version) + libnl_route_dep = dependency('libnl-route-3.0', version: '>=' + libnl_version) + libnl_dep = declare_dependency(dependencies: [ libnl_dep, libnl_route_dep ]) else libnl_dep = dependency('', required: false) endif diff --git a/meson_options.txt b/meson_options.txt index 3dc3e8667bb2cf73d96cd1ebe046590be55a5df8..bbcc13e8d8efa4c56cc3e0dc17386ccfd45b2b50 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -30,7 +30,6 @@ option('fuse', type: 'feature', value: 'auto', description: 'fuse support') option('glusterfs', type: 'feature', value: 'auto', description: 'glusterfs support') option('json_c', type: 'feature', value: 'auto', description: 'JSON-C support') option('libiscsi', type: 'feature', value: 'auto', description: 'libiscsi support') -option('libnl', type: 'feature', value: 'auto', description: 'libnl support') option('libpcap', type: 'feature', value: 'auto', description: 'libpcap support') option('libssh', type: 'feature', value: 'auto', description: 'libssh support') option('libssh2', type: 'feature', value: 'auto', description: 'libssh2 support') diff --git a/src/util/virnetdev.c b/src/util/virnetdev.c index 8ae854245ed99dc1a3aa4c225b614ddbb449caf8..4129768bd42e7b1b2a9e7b24148627d1abe5458a 100644 --- a/src/util/virnetdev.c +++ b/src/util/virnetdev.c @@ -884,7 +884,7 @@ int virNetDevGetIndex(const char *ifname G_GNUC_UNUSED, #endif /* ! SIOCGIFINDEX */ -#if defined(WITH_LIBNL) +#if defined(__linux__) /** * virNetDevGetMaster: * @ifname: name of interface we're interested in @@ -914,29 +914,6 @@ virNetDevGetMaster(const char *ifname, char **master) return 0; } -#elif defined(__linux__) - -/* libnl isn't available, so we can't use netlink. - * Fall back to using sysfs - */ -int -virNetDevGetMaster(const char *ifname, char **master) -{ - g_autofree char *path = NULL; - g_autofree char *canonical = NULL; - - if (virNetDevSysfsFile(&path, ifname, "master") < 0) - return -1; - - if (!(canonical = virFileCanonicalizePath(path))) - return -1; - - *master = g_path_get_basename(canonical); - - VIR_DEBUG("IFLA_MASTER for %s is %s", ifname, *master ? *master : "(none)"); - return 0; -} - #else int @@ -949,7 +926,7 @@ virNetDevGetMaster(const char *ifname G_GNUC_UNUSED, } -#endif /* defined(WITH_LIBNL) */ +#endif /* defined(__linux__) */ #if __linux__ @@ -1079,8 +1056,6 @@ virNetDevSysfsDeviceFile(char **pf_sysfs_device_link, const char *ifname, } -# if defined(WITH_LIBNL) - /** * Determine if the device path specified in devpath is a PCI Device * by resolving the 'subsystem'-link in devpath and looking for @@ -1133,7 +1108,6 @@ virNetDevGetPCIDevice(const char *devName) return virPCIDeviceNew(vfPCIAddr); } -# endif /* A wrapper to get content of file from ifname SYSFS_NET_DIR @@ -1381,99 +1355,6 @@ virNetDevGetVirtualFunctionInfo(const char *vfname, char **pfname, return ret; } -#else /* !__linux__ */ -int -virNetDevGetPhysPortID(const char *ifname G_GNUC_UNUSED, - char **physPortID) -{ - /* this actually should never be called, and is just here to - * satisfy the linker. - */ - *physPortID = NULL; - return 0; -} - -int -virNetDevGetPhysPortName(const char *ifname G_GNUC_UNUSED, - char **physPortName) -{ - /* this actually should never be called, and is just here to - * satisfy the linker. - */ - *physPortName = NULL; - return 0; -} - -int -virNetDevGetVirtualFunctions(const char *pfname G_GNUC_UNUSED, - virPCIVirtualFunctionList **vfs G_GNUC_UNUSED) -{ - virReportSystemError(ENOSYS, "%s", - _("Unable to get virtual functions on this platform")); - return -1; -} - -int -virNetDevIsVirtualFunction(const char *ifname G_GNUC_UNUSED) -{ - virReportSystemError(ENOSYS, "%s", - _("Unable to check virtual function status on this platform")); - return -1; -} - -int -virNetDevGetVirtualFunctionIndex(const char *pfname G_GNUC_UNUSED, - const char *vfname G_GNUC_UNUSED, - int *vf_index G_GNUC_UNUSED) -{ - virReportSystemError(ENOSYS, "%s", - _("Unable to get virtual function index on this platform")); - return -1; -} - -int -virNetDevGetPhysicalFunction(const char *ifname G_GNUC_UNUSED, - char **pfname G_GNUC_UNUSED) -{ - virReportSystemError(ENOSYS, "%s", - _("Unable to get physical function status on this platform")); - return -1; -} - -int -virNetDevPFGetVF(const char *pfname G_GNUC_UNUSED, - int vf G_GNUC_UNUSED, - char **vfname G_GNUC_UNUSED) -{ - virReportSystemError(ENOSYS, "%s", - _("Unable to get virtual function name on this platform")); - return -1; -} - -int -virNetDevGetVirtualFunctionInfo(const char *vfname G_GNUC_UNUSED, - char **pfname G_GNUC_UNUSED, - int *vf G_GNUC_UNUSED) -{ - virReportSystemError(ENOSYS, "%s", - _("Unable to get virtual function info on this platform")); - return -1; -} - -int -virNetDevSysfsFile(char **pf_sysfs_device_link G_GNUC_UNUSED, - const char *ifname G_GNUC_UNUSED, - const char *file G_GNUC_UNUSED) -{ - virReportSystemError(ENOSYS, "%s", - _("Unable to get sysfs info on this platform")); - return -1; -} - - -#endif /* !__linux__ */ -#if defined(WITH_LIBNL) - static virMacAddr zeroMAC = { .addr = { 0, 0, 0, 0, 0, 0 } }; @@ -2379,8 +2260,94 @@ virNetDevSetNetConfig(const char *linkdev, int vf, return 0; } +#else /* !__linux__ */ +int +virNetDevGetPhysPortID(const char *ifname G_GNUC_UNUSED, + char **physPortID) +{ + /* this actually should never be called, and is just here to + * satisfy the linker. + */ + *physPortID = NULL; + return 0; +} + +int +virNetDevGetPhysPortName(const char *ifname G_GNUC_UNUSED, + char **physPortName) +{ + /* this actually should never be called, and is just here to + * satisfy the linker. + */ + *physPortName = NULL; + return 0; +} + +int +virNetDevGetVirtualFunctions(const char *pfname G_GNUC_UNUSED, + virPCIVirtualFunctionList **vfs G_GNUC_UNUSED) +{ + virReportSystemError(ENOSYS, "%s", + _("Unable to get virtual functions on this platform")); + return -1; +} + +int +virNetDevIsVirtualFunction(const char *ifname G_GNUC_UNUSED) +{ + virReportSystemError(ENOSYS, "%s", + _("Unable to check virtual function status on this platform")); + return -1; +} + +int +virNetDevGetVirtualFunctionIndex(const char *pfname G_GNUC_UNUSED, + const char *vfname G_GNUC_UNUSED, + int *vf_index G_GNUC_UNUSED) +{ + virReportSystemError(ENOSYS, "%s", + _("Unable to get virtual function index on this platform")); + return -1; +} + +int +virNetDevGetPhysicalFunction(const char *ifname G_GNUC_UNUSED, + char **pfname G_GNUC_UNUSED) +{ + virReportSystemError(ENOSYS, "%s", + _("Unable to get physical function status on this platform")); + return -1; +} -#else /* defined(WITH_LIBNL) */ +int +virNetDevPFGetVF(const char *pfname G_GNUC_UNUSED, + int vf G_GNUC_UNUSED, + char **vfname G_GNUC_UNUSED) +{ + virReportSystemError(ENOSYS, "%s", + _("Unable to get virtual function name on this platform")); + return -1; +} + +int +virNetDevGetVirtualFunctionInfo(const char *vfname G_GNUC_UNUSED, + char **pfname G_GNUC_UNUSED, + int *vf G_GNUC_UNUSED) +{ + virReportSystemError(ENOSYS, "%s", + _("Unable to get virtual function info on this platform")); + return -1; +} + +int +virNetDevSysfsFile(char **pf_sysfs_device_link G_GNUC_UNUSED, + const char *ifname G_GNUC_UNUSED, + const char *file G_GNUC_UNUSED) +{ + virReportSystemError(ENOSYS, "%s", + _("Unable to get sysfs info on this platform")); + return -1; +} int @@ -2477,7 +2444,7 @@ virNetDevSetVfConfig(const char *ifname G_GNUC_UNUSED, } -#endif /* defined(WITH_LIBNL) */ +#endif /* defined(__linux__) */ VIR_ENUM_IMPL(virNetDevIfState, VIR_NETDEV_IF_STATE_LAST, @@ -3095,8 +3062,6 @@ virNetDevGetEthtoolFeatures(const char *ifname, } -# if defined(WITH_LIBNL) - /** * virNetDevGetFamilyId: * This function supplies the devlink family id @@ -3237,14 +3202,6 @@ virNetDevSwitchdevFeature(const char *ifname, nlmsg_free(nl_msg); return ret; } -# else -static int -virNetDevSwitchdevFeature(const char *ifname G_GNUC_UNUSED, - virBitmap **out G_GNUC_UNUSED) -{ - return 0; -} -# endif /** diff --git a/src/util/virnetdevbridge.c b/src/util/virnetdevbridge.c index c79d0c79b7b16a0a070b5013ed7df9d0a63b1c38..45f8dd7e15286b875f5b54ad147b32323886e1f0 100644 --- a/src/util/virnetdevbridge.c +++ b/src/util/virnetdevbridge.c @@ -30,9 +30,7 @@ #endif #ifdef __linux__ -# if defined(WITH_LIBNL) -# include "virnetlink.h" -# endif +# include "virnetlink.h" # include <linux/sockios.h> # include <linux/param.h> /* HZ */ # include <linux/in6.h> @@ -479,7 +477,7 @@ virNetDevBridgeCreateWithIoctl(const char *brname, } #endif -#if defined(WITH_LIBNL) +#if defined(__linux__) int virNetDevBridgeCreate(const char *brname, const virMacAddr *mac) @@ -509,15 +507,6 @@ virNetDevBridgeCreate(const char *brname, } -#elif defined(WITH_STRUCT_IFREQ) && defined(SIOCBRADDBR) -int -virNetDevBridgeCreate(const char *brname, - const virMacAddr *mac) -{ - return virNetDevBridgeCreateWithIoctl(brname, mac); -} - - #elif defined(WITH_STRUCT_IFREQ) && defined(SIOCIFCREATE2) int virNetDevBridgeCreate(const char *brname, @@ -590,7 +579,7 @@ virNetDevBridgeDeleteWithIoctl(const char *brname) #endif -#if defined(WITH_LIBNL) +#if defined(__linux__) int virNetDevBridgeDelete(const char *brname) { @@ -606,14 +595,6 @@ virNetDevBridgeDelete(const char *brname) } -#elif defined(WITH_STRUCT_IFREQ) && defined(SIOCBRDELBR) -int -virNetDevBridgeDelete(const char *brname) -{ - return virNetDevBridgeDeleteWithIoctl(brname); -} - - #elif defined(WITH_STRUCT_IFREQ) && defined(SIOCIFDESTROY) int virNetDevBridgeDelete(const char *brname) @@ -1020,7 +1001,7 @@ virNetDevBridgeSetVlanFiltering(const char *brname G_GNUC_UNUSED, #endif -#if defined(WITH_LIBNL) +#if defined(__linux__) # ifndef NTF_SELF # define NTF_SELF 0x02 diff --git a/src/util/virnetdevip.c b/src/util/virnetdevip.c index f365c1999c3d358a6a7b56ebda9f318c25fe96fd..acb0f41321b3d1d0f83fcf808ea9f95ffd9ddd46 100644 --- a/src/util/virnetdevip.c +++ b/src/util/virnetdevip.c @@ -52,7 +52,7 @@ VIR_LOG_INIT("util.netdevip"); -#if defined(WITH_LIBNL) +#if defined(__linux__) static int virNetDevGetIPAddressBinary(virSocketAddr *addr, void **data, size_t *len) @@ -361,7 +361,118 @@ virNetDevIPRouteAdd(const char *ifname, } -#else /* defined(WITH_LIBNL) */ +static int +virNetDevIPGetAcceptRA(const char *ifname) +{ + g_autofree char *path = NULL; + g_autofree char *buf = NULL; + char *suffix; + int accept_ra = -1; + + path = g_strdup_printf("/proc/sys/net/ipv6/conf/%s/accept_ra", + ifname ? ifname : "all"); + + if ((virFileReadAll(path, 512, &buf) < 0) || + (virStrToLong_i(buf, &suffix, 10, &accept_ra) < 0)) + return -1; + + return accept_ra; +} + +/** + * virNetDevIPCheckIPv6Forwarding + * + * This function checks if IPv6 routes have the RTF_ADDRCONF flag set, + * indicating they have been created by the kernel's RA configuration + * handling. These routes are subject to being flushed when ipv6 + * forwarding is enabled unless accept_ra is explicitly set to "2". + * This will most likely result in ipv6 networking being broken. + * + * Returns: true if it is safe to enable forwarding, or false if + * breakable routes are found. + * + **/ +bool +virNetDevIPCheckIPv6Forwarding(void) +{ + int len; + char *cur; + g_autofree char *buf = NULL; + /* lines are 150 chars */ + enum {MAX_ROUTE_SIZE = 150*1000000}; + + /* This is /proc/sys/net/ipv6/conf/all/accept_ra */ + int all_accept_ra = virNetDevIPGetAcceptRA(NULL); + + /* Read ipv6 routes */ + if ((len = virFileReadAll(PROC_NET_IPV6_ROUTE, + MAX_ROUTE_SIZE, &buf)) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Unable to read %1$s for ipv6 forwarding checks"), + PROC_NET_IPV6_ROUTE); + return false; + } + + /* Dropping the last character to stop the loop */ + if (len > 0) + buf[len-1] = '\0'; + + cur = buf; + while (cur) { + char route[33], flags[9], iface[9]; + unsigned int flags_val; + char *iface_val; + int num; + char *nl = strchr(cur, '\n'); + + if (nl) + *nl++ = '\0'; + + num = sscanf(cur, "%32s %*s %*s %*s %*s %*s %*s %*s %8s %8s", + route, flags, iface); + + cur = nl; + if (num != 3) { + VIR_DEBUG("Failed to parse route line: %s", cur); + continue; + } + + if (virStrToLong_ui(flags, NULL, 16, &flags_val)) { + VIR_DEBUG("Failed to parse flags: %s", flags); + continue; + } + + /* This is right justified, strip leading spaces */ + iface_val = &iface[0]; + while (*iface_val && g_ascii_isspace(*iface_val)) + iface_val++; + + VIR_DEBUG("%s iface %s flags %s : RTF_ADDRCONF %sset", + route, iface_val, flags, + (flags_val & RTF_ADDRCONF ? "" : "not ")); + + if (flags_val & RTF_ADDRCONF) { + int ret = virNetDevIPGetAcceptRA(iface_val); + VIR_DEBUG("%s reports accept_ra of %d", + iface_val, ret); + /* If the interface for this autoconfigured route + * has accept_ra == 1, or it is default and the "all" + * value of accept_ra == 1, it will be subject to + * flushing if forwarding is enabled. + */ + if (ret == 1 || (ret == 0 && all_accept_ra == 1)) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Check the host setup: interface %1$s has kernel autoconfigured IPv6 routes and enabling forwarding without accept_ra set to 2 will cause the kernel to flush them, breaking networking."), + iface_val); + return false; + } + } + } + return true; +} + + +#else /* defined(__linux__) */ int @@ -482,121 +593,6 @@ virNetDevIPRouteAdd(const char *ifname, return 0; } -#endif /* defined(HAVE_LIBNL) */ - - -#if defined(__linux__) - -static int -virNetDevIPGetAcceptRA(const char *ifname) -{ - g_autofree char *path = NULL; - g_autofree char *buf = NULL; - char *suffix; - int accept_ra = -1; - - path = g_strdup_printf("/proc/sys/net/ipv6/conf/%s/accept_ra", - ifname ? ifname : "all"); - - if ((virFileReadAll(path, 512, &buf) < 0) || - (virStrToLong_i(buf, &suffix, 10, &accept_ra) < 0)) - return -1; - - return accept_ra; -} - -/** - * virNetDevIPCheckIPv6Forwarding - * - * This function checks if IPv6 routes have the RTF_ADDRCONF flag set, - * indicating they have been created by the kernel's RA configuration - * handling. These routes are subject to being flushed when ipv6 - * forwarding is enabled unless accept_ra is explicitly set to "2". - * This will most likely result in ipv6 networking being broken. - * - * Returns: true if it is safe to enable forwarding, or false if - * breakable routes are found. - * - **/ -bool -virNetDevIPCheckIPv6Forwarding(void) -{ - int len; - char *cur; - g_autofree char *buf = NULL; - /* lines are 150 chars */ - enum {MAX_ROUTE_SIZE = 150*1000000}; - - /* This is /proc/sys/net/ipv6/conf/all/accept_ra */ - int all_accept_ra = virNetDevIPGetAcceptRA(NULL); - - /* Read ipv6 routes */ - if ((len = virFileReadAll(PROC_NET_IPV6_ROUTE, - MAX_ROUTE_SIZE, &buf)) < 0) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("Unable to read %1$s for ipv6 forwarding checks"), - PROC_NET_IPV6_ROUTE); - return false; - } - - /* Dropping the last character to stop the loop */ - if (len > 0) - buf[len-1] = '\0'; - - cur = buf; - while (cur) { - char route[33], flags[9], iface[9]; - unsigned int flags_val; - char *iface_val; - int num; - char *nl = strchr(cur, '\n'); - - if (nl) - *nl++ = '\0'; - - num = sscanf(cur, "%32s %*s %*s %*s %*s %*s %*s %*s %8s %8s", - route, flags, iface); - - cur = nl; - if (num != 3) { - VIR_DEBUG("Failed to parse route line: %s", cur); - continue; - } - - if (virStrToLong_ui(flags, NULL, 16, &flags_val)) { - VIR_DEBUG("Failed to parse flags: %s", flags); - continue; - } - - /* This is right justified, strip leading spaces */ - iface_val = &iface[0]; - while (*iface_val && g_ascii_isspace(*iface_val)) - iface_val++; - - VIR_DEBUG("%s iface %s flags %s : RTF_ADDRCONF %sset", - route, iface_val, flags, - (flags_val & RTF_ADDRCONF ? "" : "not ")); - - if (flags_val & RTF_ADDRCONF) { - int ret = virNetDevIPGetAcceptRA(iface_val); - VIR_DEBUG("%s reports accept_ra of %d", - iface_val, ret); - /* If the interface for this autoconfigured route - * has accept_ra == 1, or it is default and the "all" - * value of accept_ra == 1, it will be subject to - * flushing if forwarding is enabled. - */ - if (ret == 1 || (ret == 0 && all_accept_ra == 1)) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("Check the host setup: interface %1$s has kernel autoconfigured IPv6 routes and enabling forwarding without accept_ra set to 2 will cause the kernel to flush them, breaking networking."), - iface_val); - return false; - } - } - } - return true; -} -#else bool virNetDevIPCheckIPv6Forwarding(void) diff --git a/src/util/virnetdevmacvlan.c b/src/util/virnetdevmacvlan.c index cde9d70eefd047dc5c16056f6697cf4d05bc0795..c8a7a92eb6d8bedc3b1a838ac867e9b104cc5cb0 100644 --- a/src/util/virnetdevmacvlan.c +++ b/src/util/virnetdevmacvlan.c @@ -35,7 +35,7 @@ VIR_ENUM_IMPL(virNetDevMacVLanMode, "passthrough", ); -#if defined(WITH_LIBNL) +#if defined(__linux__) # include <fcntl.h> # include <net/if.h> @@ -859,7 +859,7 @@ int virNetDevMacVLanRestartWithVPortProfile(const char *cr_ifname, } -#else /* ! WITH_LIBNL */ +#else /* ! __linux__ */ bool virNetDevMacVLanIsMacvtap(const char *ifname G_GNUC_UNUSED) { virReportSystemError(ENOSYS, "%s", @@ -959,4 +959,4 @@ int virNetDevMacVLanVPortProfileRegisterCallback(const char *ifname G_GNUC_UNUSE _("Cannot create macvlan devices on this platform")); return -1; } -#endif /* ! WITH_LIBNL */ +#endif /* ! __linux__ */ diff --git a/src/util/virnetdevveth.c b/src/util/virnetdevveth.c index 4365345664c50f47680d5fdb74d616ac989a57c9..7c4a36d3d54c4da34cb2049966d142f1b6974278 100644 --- a/src/util/virnetdevveth.c +++ b/src/util/virnetdevveth.c @@ -32,7 +32,6 @@ VIR_LOG_INIT("util.netdevveth"); -#if defined(WITH_LIBNL) static int virNetDevVethCreateInternal(const char *veth1, const char *veth2) { @@ -56,40 +55,6 @@ virNetDevVethDeleteInternal(const char *veth) { return virNetlinkDelLink(veth, NULL); } -#else -static int -virNetDevVethCreateInternal(const char *veth1, const char *veth2) -{ - g_autoptr(virCommand) cmd = virCommandNew("ip"); - virCommandAddArgList(cmd, "link", "add", veth1, "type", "veth", - "peer", "name", veth2, NULL); - - return virCommandRun(cmd, NULL); -} - -static int -virNetDevVethDeleteInternal(const char *veth) -{ - int status; - g_autoptr(virCommand) cmd = virCommandNewArgList("ip", "link", - "del", veth, NULL); - - if (virCommandRun(cmd, &status) < 0) - return -1; - - if (status != 0) { - if (!virNetDevExists(veth)) { - VIR_DEBUG("Device %s already deleted (by kernel namespace cleanup)", veth); - return 0; - } - virReportError(VIR_ERR_INTERNAL_ERROR, - _("Failed to delete veth device %1$s"), veth); - return -1; - } - - return 0; -} -#endif /* WITH_LIBNL */ /** * virNetDevVethCreate: diff --git a/src/util/virnetdevvportprofile.c b/src/util/virnetdevvportprofile.c index c755fa79ec02e0e77b06bf6a3b6f42e24421e7dc..26be6e91319b98539927e6079596b976af207642 100644 --- a/src/util/virnetdevvportprofile.c +++ b/src/util/virnetdevvportprofile.c @@ -46,7 +46,7 @@ VIR_ENUM_IMPL(virNetDevVPortProfileOp, "no-op", ); -#if defined(WITH_LIBNL) +#if defined(__linux__) # include <fcntl.h> @@ -446,7 +446,7 @@ int virNetDevVPortProfileMerge3(virNetDevVPortProfile **result, } -#if defined(WITH_LIBNL) +#if defined(__linux__) static struct nla_policy ifla_port_policy[IFLA_PORT_MAX + 1] = { @@ -1327,7 +1327,7 @@ virNetDevVPortProfileDisassociate(const char *macvtap_ifname, return rc; } -#else /* !WITH_LIBNL */ +#else /* !__linux__ */ int virNetDevVPortProfileAssociate(const char *macvtap_ifname G_GNUC_UNUSED, const virNetDevVPortProfile *virtPort G_GNUC_UNUSED, const virMacAddr *macvtap_macaddr G_GNUC_UNUSED, @@ -1353,4 +1353,4 @@ int virNetDevVPortProfileDisassociate(const char *macvtap_ifname G_GNUC_UNUSED, _("Virtual port profile association not supported on this platform")); return -1; } -#endif /* !WITH_LIBNL */ +#endif /* !__linux__ */ diff --git a/src/util/virnetlink.c b/src/util/virnetlink.c index 206646d9d794d833de90266d4ab7cec015552137..0bb0ef23da28f2810d4e31c1bf9017545f11d0b9 100644 --- a/src/util/virnetlink.c +++ b/src/util/virnetlink.c @@ -37,7 +37,7 @@ VIR_LOG_INIT("util.netlink"); #define NETLINK_ACK_TIMEOUT_S (2*1000) -#if defined(WITH_LIBNL) +#if defined(__linux__) # include <linux/veth.h> @@ -1267,11 +1267,7 @@ virNetlinkEventRemoveClient(int watch, const virMacAddr *macaddr, #else -# if defined(__linux__) -static const char *unsupported = N_("libnl was not available at build time"); -# else static const char *unsupported = N_("not supported on non-linux platforms"); -# endif int virNetlinkStartup(void) @@ -1435,4 +1431,4 @@ virNetlinkGetErrorCode(struct nlmsghdr *resp G_GNUC_UNUSED, return -EINVAL; } -#endif /* WITH_LIBNL */ +#endif /* __linux__ */ diff --git a/src/util/virnetlink.h b/src/util/virnetlink.h index 327fb426a1d898398a60e46d3ee8fc554a2db548..56ee48161ada307e8af0bd2d4b8d7497a43e075c 100644 --- a/src/util/virnetlink.h +++ b/src/util/virnetlink.h @@ -22,7 +22,7 @@ #include "internal.h" #include "virmacaddr.h" -#if defined(WITH_LIBNL) +#if defined(__linux__) # include <netlink/msg.h> # include <linux/if_bridge.h> @@ -41,7 +41,7 @@ struct sockaddr_nl; struct nlattr; struct nlmsghdr; -#endif /* WITH_LIBNL */ +#endif /* __linux__ */ int virNetlinkStartup(void); void virNetlinkShutdown(void); diff --git a/tests/virnetdevtest.c b/tests/virnetdevtest.c index 42f1a74ee9ad66f40150920670a4f71518c9d610..99cf347934911aa4ae40bf61145e7817efbee97b 100644 --- a/tests/virnetdevtest.c +++ b/tests/virnetdevtest.c @@ -63,8 +63,6 @@ testVirNetDevGetLinkInfo(const void *opaque) return 0; } -# if defined(WITH_LIBNL) - int (*real_virNetDevSendVfSetLinkRequest)(const char *ifname, int vfInfoType, @@ -301,8 +299,6 @@ testVirNetDevSetVfConfig(const void *opaque G_GNUC_UNUSED) return 0; } -# endif /* defined(WITH_LIBNL) */ - static int mymain(void) { @@ -320,8 +316,6 @@ mymain(void) DO_TEST_LINK("lo", VIR_NETDEV_IF_STATE_UNKNOWN, 0); DO_TEST_LINK("eth0-broken", VIR_NETDEV_IF_STATE_DOWN, 0); -# if defined(WITH_LIBNL) - if (virTestRun("Set VF MAC", testVirNetDevSetVfMac, NULL) < 0) ret = -1; if (virTestRun("Set VF MAC: missing MAC pointer", testVirNetDevSetVfMissingMac, NULL) < 0) @@ -331,8 +325,6 @@ mymain(void) if (virTestRun("Set VF Config", testVirNetDevSetVfConfig, NULL) < 0) ret = -1; -# endif /* defined(WITH_LIBNL) */ - return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; } --- base-commit: e5299ddf86121d3c792ca271ffcb54900eb19dc3 change-id: 20250308-require-289966671f9d Best regards, -- Akihiko Odaki <akihiko.odaki(a)daynix.com>

3 2

[PATCH v2 00/23] Add typed param constants for guest info and domain stats APIs
by Daniel P. Berrangé 11 Mar '25

11 Mar '25

Contrary to most APIs returning typed parameters, there are no constants defined for the domain stats data keys. This is was because many of the keys needs to be dynamically constructed using one or more array index values. It is possible to define constants while still supporting dynamic array indexes by simply defining the prefixes and suffixes as constants. The consuming code can then combine the constants with array index value. With this approach, it is practical to add constants for the domain stats API keys. The pattern for array entries is as follows * VIR_DOMAIN_GUEST_INFO_blah_COUNT - the number of items in the array * VIR_DOMAIN_GUEST_INFO_blah_PREFIX - the key prefix, including the trailing '.' - eg "disk." * VIR_DOMAIN_GUEST_INFO_blah_SUFFIX_blah - the key suffix, including the leading '.' - eg ".name" Where there are nested arrays, this repeats in the natural way * VIR_DOMAIN_GUEST_INFO_blah_SUFFIX_blah_COUNT - the number of items in the array * VIR_DOMAIN_GUEST_INFO_blah_SUFFIX_blah_PREFIX - the key prefix, including the leading and trailing '.' - eg ".addr." * VIR_DOMAIN_GUEST_INFO_blah_SUFFIX_blah_SUFFIX_blah - the key suffix, including the leading '.' - eg ".name" A usage of this would look like, relying on CPP string concatenation asprintf(&str, VIR_DOMAIN_STATS_VCPU_PREFIX "%d" VIR_DOMAIN_STATS_VCPU_SUFFIX_DELAY, idx); Or in language bindings such as Golang fmt.Sprintf(C.VIR_DOMAIN_STATS_VCPU_PREFIX+"%d"+C.VIR_DOMAIN_STATS_VCPU_SUFFIX_HALTED, idx) Adding these constants has a few benefits: * We can ensure that different drivers are all consistent in keys used for typed parameters * Language bindings can query the API XML to identify any gaps in their API coverage A note on "Since" tags. We use the "Since" tags to express when an API was added to libvirt. In this case we're adding constants long /after/ we first introduced these APIs. So the question is whether the Since tags reflect when the typed parameter key was first used or when the API constant was added. For convenience I chose the latter, because the Golang bnidings use the Since tags to auto generate code with #if !LIBVIRT_CHECK_VERSION() around its usage of the constants. This would break if we retroactively dated the Since tags to when the keys were first used. As proof of the value, adding these constants has lead to be find sooooooooooo many mistakes in the Golang bindings where we forgot to add new domain stats/guest info data items, and one place where we typod the name. https://gitlab.com/libvirt/libvirt-go-module/-/merge_requests/67 Changes in v2: * Don't line wrap concatenation of the macros * Fix a couple of typos in constants * Rebase for changes to virt typed paramater list API usage in guest info * Add docs explaining the usage pattern * Add docs explaining the 11.2.0 version number caveat vs historical introduction Daniel P. Berrangé (23): src: add constants for guest info 'user.' parameters src: add constants for guest info 'os.' parameters src: add constants for guest info 'timezone.' parameters src: add constant for the guest info 'hostname' parameter src: add constants for guest info 'fs.' parameters src: add constants for guest info 'disk.' parameters src: add constants for guest info 'if.' parameters src: add constants for guest info 'load.' parameters src: expand docs for guest info array handling src: expand docs for guest info constant version handling src: add constants for domain stats 'state.' parameters src: add constants for domain stats 'cpu.' parameters src: add constants for domain stats 'balloon.' parameters src: add constants for domain stats 'vcpu.' parameters src: add constants for domain stats 'net.' parameters src: add constants for domain stats 'block.' parameters src: add constants for domain stats 'perf.' parameters src: add constants for domain stats 'iothread.' parameters src: add constants for domain stats 'memory.' parameters src: add constants for domain stats 'dirtyrate.' parameters src: document that no constants are provided for custom VM stats src: expand docs for guest info array handling src: expand docs for guest stats constant version handling include/libvirt/libvirt-domain.h | 6605 +++++++++++++++++++----------- src/libvirt-domain.c | 547 +-- src/qemu/qemu_agent.c | 35 +- src/qemu/qemu_driver.c | 377 +- 4 files changed, 4573 insertions(+), 2991 deletions(-) -- 2.48.1

2 35

[libvirt PATCH v2] qemu: snapshot: error out early when reverting snapshot for VM with non-file disk
by Pavel Hrdina 11 Mar '25

11 Mar '25

Before this patch the code would start the revert process by destroying the VM and preparing to revert where it would fail with following error: error: unsupported configuration: source for disk 'sdb' is not a regular file; refusing to generate external snapshot name and leaving user with offline VM even if it was running. Make the check before we start the revert process to not destroy VMs. Resolves: https://issues.redhat.com/browse/RHEL-30971 Resolves: https://issues.redhat.com/browse/RHEL-79928 Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com> --- Changes in v2: - add comments - limit the check for external snapshots src/qemu/qemu_snapshot.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/src/qemu/qemu_snapshot.c b/src/qemu/qemu_snapshot.c index 891e67e98b..dab841ef5b 100644 --- a/src/qemu/qemu_snapshot.c +++ b/src/qemu/qemu_snapshot.c @@ -2203,6 +2203,8 @@ qemuSnapshotRevertValidate(virDomainObj *vm, virDomainSnapshotDef *snapdef, unsigned int flags) { + size_t i; + if (!vm->persistent && snapdef->state != VIR_DOMAIN_SNAPSHOT_RUNNING && snapdef->state != VIR_DOMAIN_SNAPSHOT_PAUSED && @@ -2230,6 +2232,22 @@ qemuSnapshotRevertValidate(virDomainObj *vm, } } + /* Reverting to external snapshot creates overlay files for every disk and + * it would fail for non-file based disks. + * See qemuSnapshotRevertExternalPrepare for more details. */ + if (virDomainSnapshotIsExternal(snap)) { + for (i = 0; i < snap->def->dom->ndisks; i++) { + virDomainDiskDef *disk = snap->def->dom->disks[i]; + + if (disk->src->type != VIR_STORAGE_TYPE_FILE) { + virReportError(VIR_ERR_OPERATION_UNSUPPORTED, + _("source disk for '%1$s' is not a regular file, reverting to snapshot is not supported"), + disk->dst); + return -1; + } + } + } + return 0; } @@ -2381,6 +2399,9 @@ qemuSnapshotRevertExternalPrepare(virDomainObj *vm, if (virDomainMomentDefPostParse(&tmpsnapdef->parent) < 0) return -1; + /* Force default location to be external in order to create overlay files + * for every disk. In qemuSnapshotRevertValidate we make sure that each + * disk is regular file otherwise this would fail. */ if (virDomainSnapshotAlignDisks(tmpsnapdef, domdef, VIR_DOMAIN_SNAPSHOT_LOCATION_EXTERNAL, false, true) < 0) { -- 2.48.1

2 1

[PATCH RFC-v2 00/11] qemu: Add support for iothread to virtqueue mapping for 'virtio-scsi'
by Peter Krempa 11 Mar '25

11 Mar '25

Unfortunately still RFC as the qemu support is still not merged. Once again there are a few patches that are applicable: qemu: Use modern header formatting in 'qemu_command.h' virXMLNodeGetSubelementList: Document return value semantics virDomainIothreadMappingDefParse: Fix usage of virXMLNodeGetSubelementList docs: formatdomain: Clarify configuration of iothread <-> virtqueue mapping The patches below are RFC: qemucapabilitiestest: Update 'caps_10.0.0_x86_64' to XXXXXX qemu: capabilities: Introduce QEMU_CAPS_VIRTIO_SCSI_IOTHREAD_MAPPING virDomainIothreadMapping: Add support for naming certain virt queues conf: Add support for iothread to queue mapping config for 'virtio-scsi' qemu: Implement support for iothread <-> virtqueue mapping for 'virtio-scsi' controllers qemuxmlconftest: Add 'iothreads-virtio-scsi-mapping' case NEWS: Mention multiple iothread support for 'virtio-scsi' controller Changes to v1: - pushed the non-RFC refactors - few new cleanups added - new docs patch emphasizing the auto-assignment (in example XML and description) in qemu and improved wording of docs for 'virtio-blk' miltiqueue mapping - changed code to use names for 'ctrl' and 'event' virtqueues of 'virtio-scsi' - used the improved docs also for virtio scsi - added NEWS NEWS.rst | 6 + docs/formatdomain.rst | 66 ++++++++++- src/conf/domain_conf.c | 32 ++++-- src/conf/domain_conf.h | 4 +- src/conf/domain_validate.c | 10 +- src/conf/schemas/domaincommon.rng | 9 +- src/hypervisor/domain_driver.c | 3 +- src/qemu/qemu_capabilities.c | 2 + src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_command.c | 86 ++++++++++++-- src/qemu/qemu_command.h | 95 ++++++++++------ src/qemu/qemu_domain.c | 10 +- src/qemu/qemu_validate.c | 105 ++++++++++++------ src/util/virxml.c | 2 + .../caps_10.0.0_x86_64.replies | 7 +- .../caps_10.0.0_x86_64.xml | 3 +- ...ads-virtio-scsi-mapping.x86_64-latest.args | 40 +++++++ ...eads-virtio-scsi-mapping.x86_64-latest.xml | 65 +++++++++++ .../iothreads-virtio-scsi-mapping.xml | 57 ++++++++++ tests/qemuxmlconftest.c | 1 + 20 files changed, 495 insertions(+), 109 deletions(-) create mode 100644 tests/qemuxmlconfdata/iothreads-virtio-scsi-mapping.x86_64-latest.args create mode 100644 tests/qemuxmlconfdata/iothreads-virtio-scsi-mapping.x86_64-latest.xml create mode 100644 tests/qemuxmlconfdata/iothreads-virtio-scsi-mapping.xml -- 2.48.1

2 16

[PATCH 00/19] Add typed param constants for guest info and domain stats APIs
by Daniel P. Berrangé 11 Mar '25

11 Mar '25

Contrary to most APIs returning typed parameters, there are no constants defined for the domain stats data keys. This is was because many of the keys needs to be dynamically constructed using one or more array index values. It is possible to define constants while still supporting dynamic array indexes by simply defining the prefixes and suffixes as constants. The consuming code can then combine the constants with array index value. With this approach, it is practical to add constants for the domain stats API keys. The pattern for array entries is as follows * VIR_DOMAIN_GUEST_INFO_blah_COUNT - the number of items in the array * VIR_DOMAIN_GUEST_INFO_blah_PREFIX - the key prefix, including the trailing '.' - eg "disk." * VIR_DOMAIN_GUEST_INFO_blah_SUFFIX_blah - the key suffix, including the leading '.' - eg ".name" Where there are nested arrays, this repeats in the natural way * VIR_DOMAIN_GUEST_INFO_blah_SUFFIX_blah_COUNT - the number of items in the array * VIR_DOMAIN_GUEST_INFO_blah_SUFFIX_blah_PREFIX - the key prefix, including the leading and trailing '.' - eg ".addr." * VIR_DOMAIN_GUEST_INFO_blah_SUFFIX_blah_SUFFIX_blah - the key suffix, including the leading '.' - eg ".name" A usage of this would look like, relying on CPP string concatenation asprintf(&str, VIR_DOMAIN_STATS_VCPU_PREFIX "%d" VIR_DOMAIN_STATS_VCPU_SUFFIX_DELAY, idx); Or in language bindings such as Golang fmt.Sprintf(C.VIR_DOMAIN_STATS_VCPU_PREFIX+"%d"+C.VIR_DOMAIN_STATS_VCPU_SUFFIX_HALTED, idx) Adding these constants has a few benefits: * We can ensure that different drivers are all consistent in keys used for typed parameters * Language bindings can query the API XML to identify any gaps in their API coverage A note on "Since" tags. We use the "Since" tags to express when an API was added to libvirt. In this case we're adding constants long /after/ we first introduced these APIs. So the question is whether the Since tags reflect when the typed parameter key was first used or when the API constant was added. For convenience I chose the latter, because the Golang bnidings use the Since tags to auto generate code with #if !LIBVIRT_CHECK_VERSION() around its usage of the constants. This would break if we retroactively dated the Since tags to when the keys were first used. As proof of the value, adding these constants has lead to be find sooooooooooo many mistakes in the Golang bindings where we forgot to add new domain stats/guest info data items, and one place where we typod the name. Daniel P. Berrangé (19): src: add constants for guest info 'user.' parameters src: add constants for guest info 'os.' parameters src: add constants for guest info 'timezone.' parameters src: add constant for the guest info 'hostname' parameter src: add constants for guest info 'fs.' parameters src: add constants for guest info 'disk.' parameters src: add constants for guest info 'if.' parameters src: add constants for domain stats 'state.' parameters src: add constants for domain stats 'cpu.' parameters src: add constants for domain stats 'balloon.' parameters src: add constants for domain stats 'vcpu.' parameters src: add constants for domain stats 'net.' parameters src: add constants for domain stats 'block.' parameters src: add constants for domain stats 'perf.' parameters src: add constants for domain stats 'iothread.' parameters src: add constants for domain stats 'memory.' parameters src: add constants for domain stats 'dirtyrate.' parameters src: add constants for domain stats 'dirtyrate.' parameters src: document that no constants are provided for custom VM stats include/libvirt/libvirt-domain.h | 1614 ++++++++++++++++++++++++++++++ src/libvirt-domain.c | 424 ++------ src/qemu/qemu_agent.c | 36 +- src/qemu/qemu_driver.c | 425 +++++--- 4 files changed, 1996 insertions(+), 503 deletions(-) -- 2.48.1

2 41

[PATCH] security: Don't stop restoring labels too early
by Michal Privoznik 11 Mar '25

11 Mar '25

The point of virSecurityManagerRestoreAllLabel() function is to restore ALL labels and be tolerant to possible errors, i.e. continue restoring seclabels and NOT return early. Well, in two implementations of this internal API this type of problem was found: 1) virSecurityDACRestoreAllLabel() returned early if virSecurityDACRestoreGraphicsLabel() failed, or when def->sec->sectype equals to an impossible value. 2) virSecuritySELinuxRestoreAllLabel() returned early if virSecuritySELinuxRestoreMemoryLabel() failed. Fix all three places. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- Inspired by this Peter's patch: https://marc.info/?l=libvir-list&m=174169408218982&w=2 src/security/security_dac.c | 4 ++-- src/security/security_selinux.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index e07977300f..3ecbc7277d 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -1973,7 +1973,7 @@ virSecurityDACRestoreAllLabel(virSecurityManager *mgr, for (i = 0; i < def->ngraphics; i++) { if (virSecurityDACRestoreGraphicsLabel(mgr, def, def->graphics[i]) < 0) - return -1; + rc = -1; } for (i = 0; i < def->ninputs; i++) { @@ -2021,7 +2021,7 @@ virSecurityDACRestoreAllLabel(virSecurityManager *mgr, case VIR_DOMAIN_LAUNCH_SECURITY_NONE: case VIR_DOMAIN_LAUNCH_SECURITY_LAST: virReportEnumRangeError(virDomainLaunchSecurity, def->sec->sectype); - return -1; + rc = -1; } } diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index 38e611f567..64e7f41ce0 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -2969,7 +2969,7 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManager *mgr, for (i = 0; i < def->nmems; i++) { if (virSecuritySELinuxRestoreMemoryLabel(mgr, def, def->mems[i]) < 0) - return -1; + rc = -1; } for (i = 0; i < def->ntpms; i++) { -- 2.48.1

2 1

[PATCH 0/3] qemu: Refactor typed parameter list construction in SEV apis
by Peter Krempa 11 Mar '25

11 Mar '25

Peter Krempa (3): qemuDomainGetLaunchSecurityInfo: Don't forget unlock VM object on (impossible) error qemuDomainGetLaunchSecurityInfo: Use virTypedParamList to construct return value qemuNodeGetSEVInfo: Use virTypedParamList to construct return value src/qemu/qemu_driver.c | 107 ++++++++++++----------------------------- 1 file changed, 31 insertions(+), 76 deletions(-) -- 2.48.1

2 5

[PATCH] docs: Correct dbus graphics' accepted p2p values
by Martin Kletzander 11 Mar '25

11 Mar '25

The attribute is used (and formatted) as virTristateBool() and even in schema defined as virYesNo, so the values are supposed to be `yes` and `no`. Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com> --- docs/formatdomain.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index 4d03768c5f4e..3bbf94e192c9 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -6740,7 +6740,7 @@ interaction with the admin. <graphics type='dbus'/> - ``p2p`` (accepts ``on`` or ``off``) enables peer-to-peer connections, + ``p2p`` (accepts ``yes`` or ``no``) enables peer-to-peer connections, established through virDomainOpenGraphics() APIs. ``address`` (accepts a `D-Bus address -- 2.48.1

2 1

[PATCH 0/3] qemu: fix shared memory validation for vhost-user interfaces
by Peter Krempa 11 Mar '25

11 Mar '25

Use the common check which produces hard errors instead of the post-start check adding a warning which wasn't updated with the new logic. Peter Krempa (3): qemuxmlconftest: Include shared memory 'net-vhostuser' test cases qemuValidateDomainDeviceDefNetwork: Require shared memory for all vhost-user interfaces qemu: process: Remove un-updated 'qemuProcessStartWarnShmem' src/qemu/qemu_process.c | 54 ------------------- src/qemu/qemu_validate.c | 9 ++-- .../net-vhostuser-fail.x86_64-latest.xml | 3 ++ tests/qemuxmlconfdata/net-vhostuser-fail.xml | 3 ++ .../net-vhostuser-multiq.x86_64-latest.args | 2 +- .../net-vhostuser-multiq.x86_64-latest.xml | 3 ++ .../qemuxmlconfdata/net-vhostuser-multiq.xml | 3 ++ ...vhostuser-passt-no-shmem.x86_64-latest.err | 2 +- .../net-vhostuser.x86_64-latest.args | 2 +- .../net-vhostuser.x86_64-latest.xml | 3 ++ tests/qemuxmlconfdata/net-vhostuser.xml | 3 ++ 11 files changed, 24 insertions(+), 63 deletions(-) -- 2.48.1

2 4