[PATCH] bhyve: Fix build after introduction of emulated NVMe disks
by Martin Kletzander
From: Martin Kletzander <mkletzan(a)redhat.com>
Somehow I missed one switch over disk bus enum.
Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
---
Pushed under the 'build-breaker' rule.
src/bhyve/bhyve_command.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/bhyve/bhyve_command.c b/src/bhyve/bhyve_command.c
index 916d699c8030..c82a07c2eb1d 100644
--- a/src/bhyve/bhyve_command.c
+++ b/src/bhyve/bhyve_command.c
@@ -370,6 +370,7 @@ bhyveBuildDiskArgStr(const virDomainDef *def,
case VIR_DOMAIN_DISK_BUS_USB:
case VIR_DOMAIN_DISK_BUS_UML:
case VIR_DOMAIN_DISK_BUS_SD:
+ case VIR_DOMAIN_DISK_BUS_NVME:
case VIR_DOMAIN_DISK_BUS_LAST:
default:
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
--
2.49.0
2 weeks, 1 day
[PATCH] docs: outline bug expectations wrt automated tools / AI agents
by Daniel P. Berrangé
From: Daniel P. Berrangé <berrange(a)redhat.com>
Bug reports from automated tools and AI agents are time consuming to
triage and have poor signal/noise ratio. Set strong expectations for
any reporters using such tools, in a (likely doomed) attempt to stem
the flow of poor quality reports.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
docs/bugs.rst | 14 ++++++++++++++
docs/securityprocess.rst | 4 ++++
2 files changed, 18 insertions(+)
diff --git a/docs/bugs.rst b/docs/bugs.rst
index 5fd1970caf..e12a6c74ec 100644
--- a/docs/bugs.rst
+++ b/docs/bugs.rst
@@ -76,6 +76,20 @@ Linux Distribution specific bug reports
like to have your procedure for filing bugs mentioned here, please mail the
libvirt development list.
+Use of automated tools / AI agents
+----------------------------------
+
+If any automated tool / AI agent is used to identify a bug / security
+flaw, the following additional expectations apply when filing a report:
+
+- The tool / agent used **MUST** be clearly declared in the description
+- All stated facts **MUST** be validated as correct and free from AI
+ hallucinations prior to filing
+- The problem **MUST** be described against an upstream release that is
+ no more than 3 months old.
+- The problem **SHOULD** be analysed and accompanied with a proposed
+ patch that can be directly applied to current git
+
How to file high quality bug reports
------------------------------------
diff --git a/docs/securityprocess.rst b/docs/securityprocess.rst
index 075679df74..b7695ddc59 100644
--- a/docs/securityprocess.rst
+++ b/docs/securityprocess.rst
@@ -27,6 +27,10 @@ and moderated for non-members. As such you will receive an auto-reply indicating
the report is held for moderation. Postings by non-members will be approved by a
moderator and the reporter copied on any replies.
+Refer to the `bug reporting <bugs.html#use-of-automated-tools-ai-agents>`__
+page for the *expectations around the use of automated tools and AI agents*,
+**prior** to filing any security report.
+
Security notices
----------------
--
2.49.0
2 weeks, 1 day
Re: Can you have a brief look? [Was: Support for emulated NVMe disks
in VMX and QEMU]
by Martin Kletzander
[Adding the list to Cc]
On Fri, Jun 06, 2025 at 12:19:16PM +0800, Honglei Wang wrote:
>Hi Martin,
>
>Thanks for following up — yes, I saw your previous email and just had a
>chance to review the patches.
>
>The series looks good to me overall, and I’m fine with the Signed-off-by
>trailers you added — thanks for including them.
>
Thank you for the confirmation.
>There might be a small detail to look into: I noticed you changed the
>parameters of the virIndexToDiskName function, but it seems not all callers
>were updated accordingly. This should be caught by CI, though. If I have
>any other issues, I’ll reply on the patch mail list.
>
You are right, I missed the hyperv driver for some reason. I fixed that
in the commit which changes the parameters and pushed the series
upstream so that it gets to the next release.
>Thanks again for your work on this!
>
>Best regards
>
Thank you too and have a nice day,
Martin
2 weeks, 1 day
[PATCH v3 0/2] Fix forward type=hostdev nets for apparmor
by Tim Small
Fixes a bug whereby apparmor permissions aren't granted to allow a PCI
SR-IOV virtual function to be used in a kvm guest when the VF is defined
via a forward type='hostdev' network (as per the 'hostdev' option
documented here: https://libvirt.org/formatnetwork.html#connectivity ).
Downstream bug here:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993856
qemu accesses these PCI virtual functions using the vfio API, so no
additional permissions to access to the PCI device resources etc. via
/sys/devices/pci[...]/resource et al. are necessary.
This is a resend with fixed From in body for the patch emails, and
change notes in patch emails.
Thanks,
Tim.
Tim Small (2):
virt-aa-helper: refactor for readability
virt-aa-helper: Allow SR-IOV VF PCI for hostdev networks
.../usr.lib.libvirt.virt-aa-helper.in | 4 +++
src/security/virt-aa-helper.c | 28 ++++++++++++++++---
2 files changed, 28 insertions(+), 4 deletions(-)
--
2.47.2
2 weeks, 1 day
[PATCH] qemu.conf: Improve docs for 'dynamic_ownership' option
by Peter Krempa
From: Peter Krempa <pkrempa(a)redhat.com>
Add a note that the user/group can be overriden or relabelling disabled
using per-vm/disk <seclabel> elements instead of disabling it globally.
Add a note that read-only image labels are not restored.
Closes: https://gitlab.com/libvirt/libvirt/-/issues/512
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
src/qemu/qemu.conf.in | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu.conf.in b/src/qemu/qemu.conf.in
index 042bb75b50..221bfa8095 100644
--- a/src/qemu/qemu.conf.in
+++ b/src/qemu/qemu.conf.in
@@ -513,7 +513,17 @@
# Whether libvirt should dynamically change file ownership
# to match the configured user/group above. Defaults to 1.
-# Set to 0 to disable file ownership changes.
+#
+# Notes:
+# - Per domain or per disk image user and group can be configured, or
+# relabelling disabled using the <seclabel model='dac'> elements in XML:
+#
+# https://www.libvirt.org/formatdomain.html#security-label
+#
+# - The user/group of read-only images is not restored as with read-write
+# images as they may be shared among more domains.
+#
+# Set to 0 to disable file ownership changes globally in the qemu driver.
#dynamic_ownership = 1
# Whether libvirt should remember and restore the original
--
2.49.0
2 weeks, 1 day
[PATCH] nodedev: add nodedev name to mdevctl unsupport msg
by Boris Fiuczynski
Let's add the nodedev name to improve the error message for the user.
Signed-off-by: Boris Fiuczynski <fiuczy(a)linux.ibm.com>
---
src/node_device/node_device_driver.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/src/node_device/node_device_driver.c b/src/node_device/node_device_driver.c
index 2c9e749495..de103d1967 100644
--- a/src/node_device/node_device_driver.c
+++ b/src/node_device/node_device_driver.c
@@ -927,6 +927,7 @@ nodeDeviceGetMdevctlModifySupportCheck(void)
static int
virMdevctlModify(virNodeDeviceDef *def,
+ const char *def_name,
bool defined,
bool live)
{
@@ -942,8 +943,9 @@ virMdevctlModify(virNodeDeviceDef *def,
if (nodeDeviceGetMdevctlModifySupportCheck() < 0) {
VIR_WARN("Installed mdevctl version does not support modify with options jsonfile, defined and live");
- virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
- _("Unable to modify mediated device: modify unsupported"));
+ virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
+ _("Unable to modify mediated device '%1$s': modify unsupported"),
+ def_name);
return -1;
}
@@ -952,8 +954,8 @@ virMdevctlModify(virNodeDeviceDef *def,
if (status != 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("Unable to modify mediated device: %1$s"),
- MDEVCTL_ERROR(errmsg));
+ _("Unable to modify mediated device '%1$s': %2$s"),
+ def_name, MDEVCTL_ERROR(errmsg));
return -1;
}
@@ -1608,8 +1610,9 @@ nodeDeviceDefineXML(virConnect *conn,
* nodeDeviceDefValidateUpdate() is not required as uuid and
* parent are matching if def was found and changing the type in
* the persistent config is allowed. */
- VIR_DEBUG("Update node device '%s' with mdevctl", def->name);
- modify_failed = (virMdevctlModify(def, true, false) < 0);
+ virNodeDeviceDef *olddef = virNodeDeviceObjGetDef(persistent_obj);
+ VIR_DEBUG("Update node device '%s' with mdevctl", olddef->name);
+ modify_failed = (virMdevctlModify(def, olddef->name, true, false) < 0);
virNodeDeviceObjEndAPI(&persistent_obj);
if (modify_failed)
return NULL;
@@ -2357,6 +2360,7 @@ nodeDeviceUpdate(virNodeDevice *device,
/* Update now. */
VIR_DEBUG("Update node device '%s' with mdevctl", def->name);
if (virMdevctlModify(new_def,
+ def->name,
(flags & VIR_NODE_DEVICE_UPDATE_AFFECT_CONFIG),
(flags & VIR_NODE_DEVICE_UPDATE_AFFECT_LIVE)) < 0) {
goto cleanup;
--
2.49.0
2 weeks, 1 day
[PATCH] ci: refresh with 'lcitool manifest'
by Michal Privoznik
From: Michal Privoznik <mprivozn(a)redhat.com>
- Replace Alpine 3.21 with 3.22
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
Green pipeline:
https://gitlab.com/MichalPrivoznik/libvirt/-/pipelines/1860029940
ci/buildenv/{alpine-321.sh => alpine-322.sh} | 0
.../{alpine-321.Dockerfile => alpine-322.Dockerfile} | 2 +-
ci/gitlab/builds.yml | 8 ++++----
ci/gitlab/containers.yml | 4 ++--
ci/manifest.yml | 2 +-
5 files changed, 8 insertions(+), 8 deletions(-)
rename ci/buildenv/{alpine-321.sh => alpine-322.sh} (100%)
rename ci/containers/{alpine-321.Dockerfile => alpine-322.Dockerfile} (98%)
diff --git a/ci/buildenv/alpine-321.sh b/ci/buildenv/alpine-322.sh
similarity index 100%
rename from ci/buildenv/alpine-321.sh
rename to ci/buildenv/alpine-322.sh
diff --git a/ci/containers/alpine-321.Dockerfile b/ci/containers/alpine-322.Dockerfile
similarity index 98%
rename from ci/containers/alpine-321.Dockerfile
rename to ci/containers/alpine-322.Dockerfile
index 2351b03653..03db9a3d22 100644
--- a/ci/containers/alpine-321.Dockerfile
+++ b/ci/containers/alpine-322.Dockerfile
@@ -4,7 +4,7 @@
#
# https://gitlab.com/libvirt/libvirt-ci
-FROM docker.io/library/alpine:3.21
+FROM docker.io/library/alpine:3.22
RUN apk update && \
apk upgrade && \
diff --git a/ci/gitlab/builds.yml b/ci/gitlab/builds.yml
index 5fab2008d8..ae691862c2 100644
--- a/ci/gitlab/builds.yml
+++ b/ci/gitlab/builds.yml
@@ -33,15 +33,15 @@ x86_64-almalinux-9-clang:
TARGET_BASE_IMAGE: docker.io/library/almalinux:9
-x86_64-alpine-321:
+x86_64-alpine-322:
extends: .native_build_job
needs:
- - job: x86_64-alpine-321-container
+ - job: x86_64-alpine-322-container
optional: true
allow_failure: false
variables:
- NAME: alpine-321
- TARGET_BASE_IMAGE: docker.io/library/alpine:3.21
+ NAME: alpine-322
+ TARGET_BASE_IMAGE: docker.io/library/alpine:3.22
x86_64-alpine-edge:
diff --git a/ci/gitlab/containers.yml b/ci/gitlab/containers.yml
index 05809fbdeb..0650e4781c 100644
--- a/ci/gitlab/containers.yml
+++ b/ci/gitlab/containers.yml
@@ -14,11 +14,11 @@ x86_64-almalinux-9-container:
NAME: almalinux-9
-x86_64-alpine-321-container:
+x86_64-alpine-322-container:
extends: .container_job
allow_failure: false
variables:
- NAME: alpine-321
+ NAME: alpine-322
x86_64-alpine-edge-container:
diff --git a/ci/manifest.yml b/ci/manifest.yml
index 14bfef25d2..21d570cb00 100644
--- a/ci/manifest.yml
+++ b/ci/manifest.yml
@@ -19,7 +19,7 @@ targets:
RPM: skip
CC: clang
- alpine-321: x86_64
+ alpine-322: x86_64
alpine-edge:
jobs:
--
2.49.0
2 weeks, 1 day
[PATCH v5 0/3] Fix virtio console port assignment issue
by Aaron M. Brown
Changelog:
---
v5:
- Added xml tests to tests/qemuxmlconfdata
- Fixed virito -> virtio typo in commit message
---
v4:
- Update commit messages
---
v3:
- Added Reviewed-By
- Included CI Results Link
---
v2:
- Split patch into two commits
- Added fixes tag
---
This libvirt patch series does the following:
1. fixes an issue with virtio console device port auto assignment on vioserial buses
2. updates console port reservation comment and changes the allowZero variable to allowPortZero for clarity
3. Adds tests for virtio console on the vioserial bus
Currently in libvirt, a virtio console device cannot be auto assigned a port number greater than zero on a vioserial bus. This leads to port collision errors when adding more than 1 virtio console device on a single vioserial bus.
After applying this patch, one can add multiple console ports under a single vioserial bus.
Here is a link to CI results for this series: https://gitlab.com/aaronbmalik/libvirt/-/pipelines/1855918840
Aaron M. Brown (3):
qemuxmlconftest: Add console-virtio-vioserial tests
virDomainVirtioSerialAddrAssign: Fix virtio console port auto
assignment on vioserial bus
domain_addr.c: update console port reservation comment and allowZero
var to allowPortZero for clarity
src/conf/domain_addr.c | 27 +++++---
...onsole-virtio-vioserial.x86_64-latest.args | 44 +++++++++++++
...console-virtio-vioserial.x86_64-latest.xml | 63 +++++++++++++++++++
.../console-virtio-vioserial.xml | 48 ++++++++++++++
tests/qemuxmlconftest.c | 1 +
5 files changed, 173 insertions(+), 10 deletions(-)
create mode 100644 tests/qemuxmlconfdata/console-virtio-vioserial.x86_64-latest.args
create mode 100644 tests/qemuxmlconfdata/console-virtio-vioserial.x86_64-latest.xml
create mode 100644 tests/qemuxmlconfdata/console-virtio-vioserial.xml
--
2.39.5 (Apple Git-154)
2 weeks, 1 day
[PATCH pushed] virDomainDriverAutoShutdown: Fix printf conversion specifier for 'waitShutdownSecs'
by Peter Krempa
From: Peter Krempa <pkrempa(a)redhat.com>
The variable is declared as unsigned int but two places used '%d'.
Reported-in: https://issues.redhat.com/browse/RHEL-95721
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
Trivial.
src/hypervisor/domain_driver.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/hypervisor/domain_driver.c b/src/hypervisor/domain_driver.c
index 35966a5a8d..62bbe176ae 100644
--- a/src/hypervisor/domain_driver.c
+++ b/src/hypervisor/domain_driver.c
@@ -880,9 +880,9 @@ virDomainDriverAutoShutdown(virDomainDriverAutoShutdownConfig *cfg)
}
timer = g_timer_new();
- virSystemdNotifyStatus("Waiting %d secs for VM shutdown completion",
+ virSystemdNotifyStatus("Waiting %u secs for VM shutdown completion",
cfg->waitShutdownSecs);
- VIR_INFO("Waiting %d secs for VM shutdown completion", cfg->waitShutdownSecs);
+ VIR_INFO("Waiting %u secs for VM shutdown completion", cfg->waitShutdownSecs);
while (1) {
bool anyRunning = false;
for (i = 0; i < numDomains; i++) {
--
2.49.0
2 weeks, 1 day
[PATCH v4 0/2] Fix virtio console port assignment issue
by Aaron M. Brown
Changelog:
---
v4:
- Update commit messages
---
v3:
- Added Reviewed-By
- Included CI Results Link
---
v2:
- Split patch into two commits
- Added fixes tag
---
This libvirt patch does the following:
1. fixes an issue with virtio console device port assignment on vioserial buses
2. updates console port reservation comment and changes the allowZero variable to allowPortZero for clarity
Currently in libvirt, a virtio console device cannot be assigned a port number greater than zero on a vioserial bus. This leads to port collision errors when adding more than 1 virtio console device on a single vioserial bus.
After applying this patch, one can add multiple console ports under a single vioserial bus.
Here is a link to CI results for this series: https://gitlab.com/aaronbmalik/libvirt/-/pipelines/1832324065
Aaron M. Brown (2):
virDomainVirtioSerialAddrAssign: Fix virtio console port assignment on
vioserial bus
domain_addr.c: Update console port reservation comment and allowZero
variable for clarity
src/conf/domain_addr.c | 26 ++++++++++++++++----------
1 file changed, 16 insertions(+), 10 deletions(-)
--
2.39.5 (Apple Git-154)
2 weeks, 4 days