October 2025 - Devel - libvirt List Archives

[PATCH 0/5] CH: Add network interface hotplug support
by Stefan Kober 28 Oct '25

28 Oct '25

This patch set adds support for attaching and detaching network interfaces to Cloud Hypervisor domains at runtime. Stefan Kober (5): ch: pass virCHDriver to chDomainAttachDeviceLice ch: add net device alias assignment ch: implement network device hot attach ch: implement network device hot detach NEWS: ch: announce network hotplug feature NEWS.rst | 5 ++ src/ch/ch_alias.c | 47 +++++++++++++ src/ch/ch_alias.h | 3 + src/ch/ch_hotplug.c | 83 ++++++++++++++++++++-- src/ch/ch_monitor.c | 5 +- src/ch/ch_monitor.h | 1 - src/ch/ch_process.c | 163 +++++++++++++++++++++++++------------------- src/ch/ch_process.h | 8 +++ 8 files changed, 234 insertions(+), 81 deletions(-) -- 2.51.0

3 10

[PATCH v3] audio: deprecate HMP audio commands
by marcandre.lureau＠redhat.com 28 Oct '25

28 Oct '25

From: Marc-André Lureau <marcandre.lureau(a)redhat.com> The command is niche and better served by the host audio system. There is no QMP equivalent, fortunately. You can capture the audio stream via remote desktop protocols too (dbus, vnc, spice). Signed-off-by: Marc-André Lureau <marcandre.lureau(a)redhat.com> Acked-by: Dr. David Alan Gilbert <dave(a)treblig.org> --- docs/about/deprecated.rst | 20 ++++++++++++++++++++ audio/audio-hmp-cmds.c | 7 +++++++ audio/meson.build | 5 +++-- hmp-commands-info.hx | 6 ++++-- hmp-commands.hx | 9 +++++++-- 5 files changed, 41 insertions(+), 6 deletions(-) diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst index dacf2882e4..31445dfc61 100644 --- a/docs/about/deprecated.rst +++ b/docs/about/deprecated.rst @@ -169,6 +169,26 @@ Use ``job-finalize`` instead. This argument has always been ignored. +Human Machine Protocol (HMP) commands +------------------------------------- + +``wavcapture`` (since 10.2) +'''''''''''''''''''''''''''' + +The ``wavcapture`` command is deprecated and will be removed in a future release. + +Use ``-audiodev wav`` or your host audio system to capture audio. + +``stopcapture`` (since 10.2) +'''''''''''''''''''''''''''' + +The ``stopcapture`` command is deprecated and will be removed in a future release. + +``info`` argument ``capture`` (since 10.2) +'''''''''''''''''''''''''''''''''''''''''' + +The ``info capture`` command is deprecated and will be removed in a future release. + Host Architectures ------------------ diff --git a/audio/audio-hmp-cmds.c b/audio/audio-hmp-cmds.c index 8774c09f18..9129a02331 100644 --- a/audio/audio-hmp-cmds.c +++ b/audio/audio-hmp-cmds.c @@ -28,6 +28,7 @@ #include "monitor/monitor.h" #include "qapi/error.h" #include "qobject/qdict.h" +#include "qemu/error-report.h" static QLIST_HEAD (capture_list_head, CaptureState) capture_head; @@ -36,6 +37,8 @@ void hmp_info_capture(Monitor *mon, const QDict *qdict) int i; CaptureState *s; + warn_report_once("'info capture' is deprecated since v10.2, to be removed"); + for (s = capture_head.lh_first, i = 0; s; s = s->entries.le_next, ++i) { monitor_printf(mon, "[%d]: ", i); s->ops.info (s->opaque); @@ -48,6 +51,8 @@ void hmp_stopcapture(Monitor *mon, const QDict *qdict) int n = qdict_get_int(qdict, "n"); CaptureState *s; + warn_report_once("'stopcapture' is deprecated since v10.2, to be removed"); + for (s = capture_head.lh_first, i = 0; s; s = s->entries.le_next, ++i) { if (i == n) { s->ops.destroy (s->opaque); @@ -69,6 +74,8 @@ void hmp_wavcapture(Monitor *mon, const QDict *qdict) Error *local_err = NULL; AudioState *as = audio_state_by_name(audiodev, &local_err); + warn_report_once("'wavcapture' is deprecated since v10.2, to be removed"); + if (!as) { error_report_err(local_err); return; diff --git a/audio/meson.build b/audio/meson.build index 59f0a431d5..f0c97e5223 100644 --- a/audio/meson.build +++ b/audio/meson.build @@ -1,12 +1,13 @@ system_ss.add([spice_headers, files('audio.c')]) system_ss.add(files( - 'audio-hmp-cmds.c', 'mixeng.c', 'noaudio.c', 'wavaudio.c', - 'wavcapture.c', )) +# deprecated since v10.2, to be removed +system_ss.add(files('audio-hmp-cmds.c', 'wavcapture.c')) + system_ss.add(when: coreaudio, if_true: files('coreaudio.m')) system_ss.add(when: dsound, if_true: files('dsoundaudio.c', 'audio_win_int.c')) diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx index 25b4aed51f..8d3d180637 100644 --- a/hmp-commands-info.hx +++ b/hmp-commands-info.hx @@ -363,18 +363,20 @@ SRST Show host USB devices. ERST +/* BEGIN deprecated */ { .name = "capture", .args_type = "", .params = "", - .help = "show capture information", + .help = "show capture information (deprecated)", .cmd = hmp_info_capture, }, SRST ``info capture`` - Show capture information. + Show capture information (deprecated). ERST +/* END deprecated */ { .name = "snapshots", diff --git a/hmp-commands.hx b/hmp-commands.hx index 15f6082596..5cc4788f12 100644 --- a/hmp-commands.hx +++ b/hmp-commands.hx @@ -764,11 +764,12 @@ SRST ERST +/* BEGIN deprecated */ { .name = "wavcapture", .args_type = "path:F,audiodev:s,freq:i?,bits:i?,nchannels:i?", .params = "path audiodev [frequency [bits [channels]]]", - .help = "capture audio to a wave file (default frequency=44100 bits=16 channels=2)", + .help = "capture audio to a wave file (deprecated, default frequency=44100 bits=16 channels=2)", .cmd = hmp_wavcapture, }, SRST @@ -782,13 +783,15 @@ SRST - Sample rate = 44100 Hz - CD quality - Bits = 16 - Number of channels = 2 - Stereo + + Deprecated. ERST { .name = "stopcapture", .args_type = "n:i", .params = "capture index", - .help = "stop capture", + .help = "stop capture (deprecated)", .cmd = hmp_stopcapture, }, SRST @@ -797,7 +800,9 @@ SRST info capture + Deprecated. ERST +/* END deprecated */ { .name = "memsave", -- 2.51.0

2 1

[FOSDEM] Call for participation: Virtualization and Cloud infrastructure Room at FOSDEM 2026
by Piotr Kliczewski 28 Oct '25

28 Oct '25

We are excited to announce that the call for proposals is now open for the Virtualization and Cloud infrastructure devroom at the upcoming FOSDEM 2026, to be hosted on 31st of January. This devroom is a collaborative effort, and is organized by dedicated folks from projects such as OpenStack, Xen Project, KubeVirt, QEMU, KVM, and Foreman. We invite everyone involved in these fields to submit your proposals by 5th December 2025. About the Devroom The Virtualization & IaaS devroom will feature session topics such as open source hypervisors or virtual machine managers such as Xen Project, KVM, bhyve and VirtualBox as well as Infrastructure-as-a-Service projects such as KubeVirt, Apache CloudStack, OpenStack, QEMU and OpenNebula. This devroom will host presentations that focus on topics of shared interest, such as KVM, libvirt, shared storage, virtualized networking, cloud security, clustering and high availability, interfacing with multiple hypervisors, hyperconverged deployments and scaling across hundreds or thousands of servers. Presentations in this devroom will be aimed at developers working on these platforms who are looking to collaborate and improve shared infrastructure or solve common problems. We seek topics that encourage dialog between projects and continued work post-FOSDEM. Important Dates Submission deadline: 5th December 2025 Acceptance notifications: 10th December 2025 Final schedule announcement: 15th of December 2025 Devroom: 31st of January Submit Your Proposal During submission [1] please make sure to select Virtualization and Cloud infrastructure from the Track list. Please provide a meaningful abstract and description of your proposed session. Submission Guidelines We expect more proposals than we can possibly accept, so it is vitally important that you submit your proposal on or before the deadline. Late submissions are unlikely to be considered. All presentation slots are 30 minutes, with 20 minutes planned for presentations, and 10 minutes for Q&A. All presentations will be recorded and made available under Creative Commons licenses. In the Submission notes field, please indicate that you agree that your presentation will be licensed under the CC-By-SA-4.0 or CC-By-4.0 license and that you agree to have your presentation recorded. For example: "If my presentation is accepted for FOSDEM, I hereby agree to license all recordings, slides, and other associated materials under the Creative Commons Attribution Share-Alike 4.0 International License. Sincerely, Piotr Kliczewski and Tal Nisan In the Submission notes field, please also confirm that if your talk is accepted, you will be able to attend FOSDEM and deliver your presentation. We will not consider proposals from prospective speakers who are unsure whether they will be able to secure funds for travel and lodging to attend FOSDEM. (Sadly, we are not able to offer travel funding for prospective speakers.) Code of Conduct Following the release of the updated code of conduct for FOSDEM[2], we'd like to remind all speakers and attendees that all of the presentations and discussions in our devroom are held under the guidelines set in the CoC and we expect attendees, speakers, and volunteers to follow the CoC at all times. If you submit a proposal and it is accepted, you will be required to confirm that you accept the FOSDEM CoC. If you have any questions about the CoC or wish to have one of the devroom organizers review your presentation slides or any other content for CoC compliance, please email us and we will do our best to assist you. Questions? If you have any questions about this devroom, please send your questions to our devroom mailing list. You can also subscribe to the list to receive updates about important dates, session announcements, and to connect with other attendees. See you all at FOSDEM! [1] https://fosdem.org/submit [2] https://fosdem.org/2026/practical/conduct/

1 0

[PATCH v4 3/3] NEWS: ch: announce riscv-aia feature for RISC-V KVM
by BillXiang 28 Oct '25

28 Oct '25

From: xiangwencheng <xiangwencheng(a)lanxincomputing.com> Signed-off-by: xiangwencheng <xiangwencheng(a)lanxincomputing.com> --- NEWS.rst | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/NEWS.rst b/NEWS.rst index 1b8e188f5e..db98d9e7c2 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -32,6 +32,13 @@ v11.8.0 (unreleased) On the XML side, the existing <acpi> element has been extended with a "nodeset" attribute to specify the NUMA node affinity of a PCI device. + * qemu: Add ``riscv-aia`` attribute for RISC-V KVM + + This attribute was introduced in qemu-8.2 to specify the KVM AIA mode. + 1) "riscv-aia=emul": IMSIC is emulated by hypervisor + 2) "riscv-aia=hwaccel": use hardware guest IMSIC + 3) "riscv-aia=auto": use the hardware guest IMSICs whenever available otherwise we fallback to software emulation. + * **Improvements** * **Bug fixes** -- 2.34.1

2 1

[PATCH v4 2/3] qemu: Add XML tests for kvm riscv-aia feature
by BillXiang 28 Oct '25

28 Oct '25

From: xiangwencheng <xiangwencheng(a)lanxincomputing.com> Signed-off-by: BillXiang <xiangwencheng(a)lanxincomputing.com> --- .../caps_9.1.0_riscv64.replies | 4 +++ .../caps_9.1.0_riscv64.xml | 3 ++ ...atures-aia-aplic-imsic.riscv64-latest.args | 31 +++++++++++++++++++ ...eatures-aia-aplic-imsic.riscv64-latest.xml | 1 + .../riscv64-virt-features-aia-aplic-imsic.xml | 30 ++++++++++++++++++ tests/qemuxmlconftest.c | 1 + 6 files changed, 70 insertions(+) create mode 100644 tests/qemuxmlconfdata/riscv64-virt-features-aia-aplic-imsic.riscv64-latest.args create mode 120000 tests/qemuxmlconfdata/riscv64-virt-features-aia-aplic-imsic.riscv64-latest.xml create mode 100644 tests/qemuxmlconfdata/riscv64-virt-features-aia-aplic-imsic.xml diff --git a/tests/qemucapabilitiesdata/caps_9.1.0_riscv64.replies b/tests/qemucapabilitiesdata/caps_9.1.0_riscv64.replies index 51896936cc..b394d68d00 100644 --- a/tests/qemucapabilitiesdata/caps_9.1.0_riscv64.replies +++ b/tests/qemucapabilitiesdata/caps_9.1.0_riscv64.replies @@ -24238,6 +24238,10 @@ "name": "tcg-accel", "parent": "accel" }, + { + "name": "kvm-accel", + "parent": "accel" + }, { "name": "ES1370", "parent": "pci-device" diff --git a/tests/qemucapabilitiesdata/caps_9.1.0_riscv64.xml b/tests/qemucapabilitiesdata/caps_9.1.0_riscv64.xml index 9ceefed89f..6fbe05aa8d 100644 --- a/tests/qemucapabilitiesdata/caps_9.1.0_riscv64.xml +++ b/tests/qemucapabilitiesdata/caps_9.1.0_riscv64.xml @@ -3,6 +3,7 @@ <qemuctime>0</qemuctime> <selfctime>0</selfctime> <selfvers>0</selfvers> + <flag name='kvm'/> <flag name='sdl'/> <flag name='spice'/> <flag name='hda-duplex'/> @@ -180,10 +181,12 @@ <cpu type='tcg' name='thead-c906' typename='thead-c906-riscv-cpu'/> <cpu type='tcg' name='sifive-u54' typename='sifive-u54-riscv-cpu'/> <cpu type='tcg' name='veyron-v1' typename='veyron-v1-riscv-cpu'/> + <cpu type='kvm' name='rv64' typename='rv64-riscv-cpu'/> <machine type='tcg' name='virt' maxCpus='512' defaultCPU='rv64-riscv-cpu' numaMemSupported='yes' defaultRAMid='riscv_virt_board.ram' acpi='yes'/> <machine type='tcg' name='spike' maxCpus='8' default='yes' defaultCPU='rv64-riscv-cpu' numaMemSupported='yes' defaultRAMid='riscv.spike.ram' acpi='no'/> <machine type='tcg' name='microchip-icicle-kit' maxCpus='5' defaultRAMid='microchip.icicle.kit.ram' acpi='no'/> <machine type='tcg' name='sifive_u' maxCpus='5' defaultCPU='sifive-u54-riscv-cpu' defaultRAMid='riscv.sifive.u.ram' acpi='no'/> <machine type='tcg' name='shakti_c' maxCpus='1' defaultCPU='shakti-c-riscv-cpu' defaultRAMid='riscv.shakti.c.ram' acpi='no'/> <machine type='tcg' name='sifive_e' maxCpus='1' defaultCPU='sifive-e51-riscv-cpu' defaultRAMid='riscv.sifive.e.ram' acpi='no'/> + <machine type='kvm' name='virt' maxCpus='512' defaultCPU='rv64-riscv-cpu' numaMemSupported='yes' defaultRAMid='riscv_virt_board.ram' acpi='yes'/> </qemuCaps> diff --git a/tests/qemuxmlconfdata/riscv64-virt-features-aia-aplic-imsic.riscv64-latest.args b/tests/qemuxmlconfdata/riscv64-virt-features-aia-aplic-imsic.riscv64-latest.args new file mode 100644 index 0000000000..3dadcdcd7c --- /dev/null +++ b/tests/qemuxmlconfdata/riscv64-virt-features-aia-aplic-imsic.riscv64-latest.args @@ -0,0 +1,31 @@ +LC_ALL=C \ +PATH=/bin \ +HOME=/var/lib/libvirt/qemu/domain--1-guest \ +USER=test \ +LOGNAME=test \ +XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \ +XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \ +XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \ +/usr/bin/qemu-system-riscv64 \ +-name guest=guest,debug-threads=on \ +-S \ +-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \ +-machine virt,usb=off,aia=aplic-imsic,dump-guest-core=off,memory-backend=riscv_virt_board.ram,acpi=off \ +-accel kvm,riscv-aia=auto \ +-cpu rv64 \ +-m size=4194304k \ +-object '{"qom-type":"memory-backend-ram","id":"riscv_virt_board.ram","size":4294967296}' \ +-overcommit mem-lock=off \ +-smp 4,sockets=4,cores=1,threads=1 \ +-uuid 1ccfd97d-5eb4-478a-bbe6-88d254c16db7 \ +-display none \ +-no-user-config \ +-nodefaults \ +-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \ +-mon chardev=charmonitor,id=monitor,mode=control \ +-rtc base=utc \ +-no-shutdown \ +-boot strict=on \ +-audiodev '{"id":"audio1","driver":"none"}' \ +-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \ +-msg timestamp=on diff --git a/tests/qemuxmlconfdata/riscv64-virt-features-aia-aplic-imsic.riscv64-latest.xml b/tests/qemuxmlconfdata/riscv64-virt-features-aia-aplic-imsic.riscv64-latest.xml new file mode 120000 index 0000000000..73a864a8c2 --- /dev/null +++ b/tests/qemuxmlconfdata/riscv64-virt-features-aia-aplic-imsic.riscv64-latest.xml @@ -0,0 +1 @@ +riscv64-virt-features-aia-aplic-imsic.xml \ No newline at end of file diff --git a/tests/qemuxmlconfdata/riscv64-virt-features-aia-aplic-imsic.xml b/tests/qemuxmlconfdata/riscv64-virt-features-aia-aplic-imsic.xml new file mode 100644 index 0000000000..31d4f30401 --- /dev/null +++ b/tests/qemuxmlconfdata/riscv64-virt-features-aia-aplic-imsic.xml @@ -0,0 +1,30 @@ +<domain type='kvm'> + <name>guest</name> + <uuid>1ccfd97d-5eb4-478a-bbe6-88d254c16db7</uuid> + <memory unit='KiB'>4194304</memory> + <currentMemory unit='KiB'>4194304</currentMemory> + <vcpu placement='static'>4</vcpu> + <os> + <type arch='riscv64' machine='virt'>hvm</type> + <boot dev='hd'/> + </os> + <features> + <kvm> + <riscv-aia state='on' mode='auto'/> + </kvm> + <aia value='aplic-imsic'/> + </features> + <cpu mode='custom' match='exact' check='none'> + <model fallback='forbid'>rv64</model> + </cpu> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu-system-riscv64</emulator> + <controller type='pci' index='0' model='pcie-root'/> + <audio id='1' type='none'/> + <memballoon model='none'/> + </devices> +</domain> diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c index 171a6f1c78..5a2a14f7a6 100644 --- a/tests/qemuxmlconftest.c +++ b/tests/qemuxmlconftest.c @@ -2999,6 +2999,7 @@ mymain(void) DO_TEST_CAPS_ARCH_LATEST("x86_64-default-cpu-tcg-features", "x86_64"); DO_TEST_CAPS_ARCH_LATEST("riscv64-virt-features-aia", "riscv64"); + DO_TEST_CAPS_ARCH_LATEST("riscv64-virt-features-aia-aplic-imsic", "riscv64"); DO_TEST_CAPS_LATEST("virtio-9p-multidevs"); DO_TEST_CAPS_LATEST("virtio-9p-createmode"); -- 2.34.1

2 1

[PATCH] qemu: Drop /dev/kvm from default device ACL
by Praveen K Paladugu 23 Oct '25

23 Oct '25

A domain that runs with TCG emulation does not need kvm device, so drop it from default device ACL. To dynamically add devices to defaultDeviceACL, make it a GSList. This variable will be initialized when qemu driver is initalized. Lastly, dynamically append /dev/kvm to default ACL only if the domain is of type VIR_DOMAIN_VIRT_KVM. Signed-off-by: Praveen K Paladugu <prapal(a)linux.microsoft.com> --- src/qemu/qemu.conf.in | 3 +- src/qemu/qemu_cgroup.c | 52 ++++++++++++++++++++++-------- src/qemu/qemu_cgroup.h | 5 ++- src/qemu/qemu_conf.c | 14 ++++++-- src/qemu/qemu_conf.h | 2 +- src/qemu/qemu_driver.c | 4 +++ src/qemu/qemu_namespace.c | 12 +++---- src/qemu/qemu_process.c | 6 ++-- src/qemu/test_libvirtd_qemu.aug.in | 3 +- 9 files changed, 71 insertions(+), 30 deletions(-) diff --git a/src/qemu/qemu.conf.in b/src/qemu/qemu.conf.in index fc91ba8f08..0a8abd9544 100644 --- a/src/qemu/qemu.conf.in +++ b/src/qemu/qemu.conf.in @@ -618,8 +618,7 @@ #cgroup_device_acl = [ # "/dev/null", "/dev/full", "/dev/zero", # "/dev/random", "/dev/urandom", -# "/dev/ptmx", "/dev/kvm", -# "/dev/userfaultfd" +# "/dev/ptmx", "/dev/userfaultfd" #] # # RDMA migration requires the following extra files to be added to the list: diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index f10976c2b0..b2dcefd81e 100644 --- a/src/qemu/qemu_cgroup.c +++ b/src/qemu/qemu_cgroup.c @@ -38,17 +38,38 @@ VIR_LOG_INIT("qemu.qemu_cgroup"); -const char *const defaultDeviceACL[] = { +GSList *defaultDeviceACL; + +const char *const _defaultDeviceACL[] = { "/dev/null", "/dev/full", "/dev/zero", "/dev/random", "/dev/urandom", - "/dev/ptmx", "/dev/kvm", - "/dev/userfaultfd", + "/dev/ptmx", "/dev/userfaultfd", NULL, }; #define DEVICE_PTY_MAJOR 136 #define DEVICE_SND_MAJOR 116 +void +initDefaultDeviceACL(void) +{ + size_t i; + + for (i = 0; _defaultDeviceACL[i] != NULL; i++) { + defaultDeviceACL = g_slist_append(defaultDeviceACL, + g_strdup(_defaultDeviceACL[i])); + } +} + +void +updateDefaultDeviceACL(virDomainObj *vm) +{ + if (vm->def->virtType == VIR_DOMAIN_VIRT_KVM) { + defaultDeviceACL = g_slist_append(defaultDeviceACL, + g_strdup("/dev/kvm")); + } +} + static int qemuCgroupAllowDevicePath(virDomainObj *vm, const char *path, @@ -71,19 +92,19 @@ qemuCgroupAllowDevicePath(virDomainObj *vm, static int qemuCgroupAllowDevicesPaths(virDomainObj *vm, - const char *const *deviceACL, + GSList *deviceACL, int perms, bool ignoreEacces) { - size_t i; + GSList *cur = NULL; - for (i = 0; deviceACL[i] != NULL; i++) { - if (!virFileExists(deviceACL[i])) { - VIR_DEBUG("Ignoring non-existent device %s", deviceACL[i]); + for (cur = deviceACL; cur; cur = g_slist_next(cur)) { + if (!virFileExists(cur->data)) { + VIR_DEBUG("Ignoring non-existent device %s", (char *)cur->data); continue; } - if (qemuCgroupAllowDevicePath(vm, deviceACL[i], perms, ignoreEacces) < 0) + if (qemuCgroupAllowDevicePath(vm, cur->data, perms, ignoreEacces) < 0) return -1; } @@ -99,13 +120,13 @@ qemuCgroupDenyDevicePath(virDomainObj *vm, { qemuDomainObjPrivate *priv = vm->privateData; g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(priv->driver); - const char *const *deviceACL = (const char *const *)cfg->cgroupDeviceACL; int ret; + GSList *deviceACL = cfg->cgroupDeviceACL; if (!deviceACL) deviceACL = defaultDeviceACL; - if (g_strv_contains(deviceACL, path)) { + if (g_slist_find(deviceACL, path)) { VIR_DEBUG("Skipping deny of path %s in CGroups because it's in cgroupDeviceACL", path); return 0; @@ -556,8 +577,11 @@ qemuSetupMemoryDevicesCgroup(virDomainObj *vm, virDomainMemoryDef *mem) { qemuDomainObjPrivate *priv = vm->privateData; - const char *const sgxPaths[] = { QEMU_DEV_SGX_VEPVC, - QEMU_DEV_SGX_PROVISION, NULL }; + g_autoptr(virGSListString) sgxPaths = NULL; + + sgxPaths = g_slist_append(sgxPaths, g_strdup(QEMU_DEV_SGX_VEPVC)); + sgxPaths = g_slist_append(sgxPaths, g_strdup(QEMU_DEV_SGX_PROVISION)); + sgxPaths = g_slist_append(sgxPaths, NULL); if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) return 0; @@ -758,7 +782,7 @@ qemuSetupDevicesCgroup(virDomainObj *vm) { qemuDomainObjPrivate *priv = vm->privateData; g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(priv->driver); - const char *const *deviceACL = (const char *const *) cfg->cgroupDeviceACL; + GSList *deviceACL = cfg->cgroupDeviceACL; int rv = -1; size_t i; diff --git a/src/qemu/qemu_cgroup.h b/src/qemu/qemu_cgroup.h index 3668034cde..402120a8f2 100644 --- a/src/qemu/qemu_cgroup.h +++ b/src/qemu/qemu_cgroup.h @@ -66,4 +66,7 @@ struct _qemuCgroupEmulatorAllNodesData { char *emulatorMemMask; }; -extern const char *const defaultDeviceACL[]; +void updateDefaultDeviceACL(virDomainObj *vm); +void initDefaultDeviceACL(void); + +extern GSList *defaultDeviceACL; diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index 242955200a..a19a86cd70 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -345,7 +345,8 @@ static void virQEMUDriverConfigDispose(void *obj) virBitmapFree(cfg->namespaces); - g_strfreev(cfg->cgroupDeviceACL); + g_slist_free(cfg->cgroupDeviceACL); + cfg->cgroupDeviceACL = NULL; g_free(cfg->uri); g_free(cfg->configBaseDir); @@ -1068,6 +1069,7 @@ virQEMUDriverConfigLoadSecurityEntry(virQEMUDriverConfig *cfg, g_auto(GStrv) namespaces = NULL; g_autofree char *user = NULL; g_autofree char *group = NULL; + char **cgroupDeviceACL = NULL; size_t i, j; if (virConfGetValueStringList(conf, "security_driver", true, &cfg->securityDriverNames) < 0) @@ -1125,9 +1127,17 @@ virQEMUDriverConfigLoadSecurityEntry(virQEMUDriverConfig *cfg, } if (virConfGetValueStringList(conf, "cgroup_device_acl", false, - &cfg->cgroupDeviceACL) < 0) + &cgroupDeviceACL) < 0) return -1; + if (cgroupDeviceACL) { + for (i = 0; cgroupDeviceACL[i] != NULL; i++) { + cfg->cgroupDeviceACL = g_slist_append(cfg->cgroupDeviceACL, + g_strdup(cgroupDeviceACL[i])); + } + g_strfreev(cgroupDeviceACL); + } + if (virConfGetValueInt(conf, "seccomp_sandbox", &cfg->seccompSandbox) < 0) return -1; diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h index edb65c99f4..bef198c2c8 100644 --- a/src/qemu/qemu_conf.h +++ b/src/qemu/qemu_conf.h @@ -96,7 +96,7 @@ struct _virQEMUDriverConfig { bool rememberOwner; int cgroupControllers; - char **cgroupDeviceACL; + GSList *cgroupDeviceACL; /* These five directories are ones libvirtd uses (so must be root:root * to avoid security risk from QEMU processes */ diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index ac72ea5cb0..a5fff3dfb1 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -52,6 +52,7 @@ #include "qemu_saveimage.h" #include "qemu_snapshot.h" #include "qemu_validate.h" +#include "qemu_cgroup.h" #include "virerror.h" #include "virlog.h" @@ -910,6 +911,8 @@ qemuStateInitialize(bool privileged, }; virDomainDriverAutoStart(qemu_driver->domains, &autostartCfg); + initDefaultDeviceACL(); + return VIR_DRV_STATE_INIT_COMPLETE; error: @@ -1037,6 +1040,7 @@ qemuStateCleanup(void) if (qemu_driver->lockFD != -1) virPidFileRelease(qemu_driver->config->stateDir, "driver", qemu_driver->lockFD); + g_slist_free(defaultDeviceACL); virObjectUnref(qemu_driver->config); virMutexDestroy(&qemu_driver->lock); VIR_FREE(qemu_driver); diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c index f72da83929..74e2730d2d 100644 --- a/src/qemu/qemu_namespace.c +++ b/src/qemu/qemu_namespace.c @@ -212,14 +212,14 @@ static int qemuDomainPopulateDevices(virQEMUDriverConfig *cfg, GSList **paths) { - const char *const *devices = (const char *const *) cfg->cgroupDeviceACL; - size_t i; + GSList *devices = cfg->cgroupDeviceACL; + GSList *cur = NULL; if (!devices) devices = defaultDeviceACL; - for (i = 0; devices[i]; i++) { - *paths = g_slist_prepend(*paths, g_strdup(devices[i])); + for (cur = devices; cur; cur = g_slist_next(cur)) { + *paths = g_slist_prepend(*paths, g_strdup(cur->data)); } return 0; @@ -1459,7 +1459,7 @@ qemuNamespaceUnlinkPaths(virDomainObj *vm, if (STRPREFIX(path, QEMU_DEVPREFIX)) { GStrv mount; bool inSubmount = false; - const char *const *devices = (const char *const *)cfg->cgroupDeviceACL; + GSList *devices = cfg->cgroupDeviceACL; for (mount = devMountsPath; *mount; mount++) { if (STREQ(*mount, "/dev")) @@ -1477,7 +1477,7 @@ qemuNamespaceUnlinkPaths(virDomainObj *vm, if (!devices) devices = defaultDeviceACL; - if (g_strv_contains(devices, path)) + if (g_slist_find(devices, path)) continue; unlinkPaths = g_slist_prepend(unlinkPaths, g_strdup(path)); diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 9926998f85..d3a78266ef 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -3038,7 +3038,7 @@ qemuProcessAllowPostCopyMigration(virDomainObj *vm) qemuDomainObjPrivate *priv = vm->privateData; virQEMUDriver *driver = priv->driver; g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver); - const char *const *devices = (const char *const *) cfg->cgroupDeviceACL; + GSList *devices = cfg->cgroupDeviceACL; const char *uffd = "/dev/userfaultfd"; int rc; @@ -3050,7 +3050,7 @@ qemuProcessAllowPostCopyMigration(virDomainObj *vm) if (!devices) devices = defaultDeviceACL; - if (!g_strv_contains(devices, uffd)) { + if (!g_slist_find(devices, uffd)) { VIR_DEBUG("%s is not allowed by device ACL", uffd); return 0; } @@ -8193,6 +8193,8 @@ qemuProcessLaunch(virConnectPtr conn, goto cleanup; } + updateDefaultDeviceACL(vm); + VIR_DEBUG("Building domain mount namespace (if required)"); if (qemuDomainBuildNamespace(cfg, vm) < 0) goto cleanup; diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qemu.aug.in index 90012b3f52..82cfec3b4b 100644 --- a/src/qemu/test_libvirtd_qemu.aug.in +++ b/src/qemu/test_libvirtd_qemu.aug.in @@ -76,8 +76,7 @@ module Test_libvirtd_qemu = { "4" = "/dev/random" } { "5" = "/dev/urandom" } { "6" = "/dev/ptmx" } - { "7" = "/dev/kvm" } - { "8" = "/dev/userfaultfd" } + { "7" = "/dev/userfaultfd" } } { "save_image_format" = "raw" } { "dump_image_format" = "raw" } -- 2.51.0

3 6

[PATCH 0/2] qemu: hyperv spinlock retries count bugfix & improvement
by Friedrich Oslage 22 Oct '25

22 Oct '25

Greetings! I previously submitted this patch via GitLab [1] but was told to send it here instead. Well, here it is. Including tests! :-) The 1st patch contains the bugfix part: It fixes a type mismatch (int/uint) preventing us from using the special "never notify" value qemu recommends [2] for non-overcomitted VMs. The 2nd patch contains the improvement: While inspecting the bug I noticed that the default value for retries is currently 0. That doesn't really make sense as we explicitly require it to be >= 0xFFF (4095). This renders the retries attribute mandatory as opposed to the xml schema definition which already defines it as optional. This patch updates the default value to 0xFFFFFFFF (aka "never notify") and makes it truly optional. [1] https://gitlab.com/libvirt/libvirt/-/merge_requests/521 [2] https://www.qemu.org/docs/master/system/i386/hyperv.html#recommendations Friedrich Oslage (2): qemu: Fix hyperv spinlock retries count type mismatch qemu: Update hyperv spinlock retries count default src/conf/domain_conf.c | 9 +-- ...-spinlocks-never-notify.x86_64-latest.args | 32 +++++++++++ ...v-spinlocks-never-notify.x86_64-latest.xml | 56 +++++++++++++++++++ .../hyperv-spinlocks-never-notify.xml | 50 +++++++++++++++++ .../qemuxmlconfdata/hyperv.x86_64-latest.args | 2 +- .../qemuxmlconfdata/hyperv.x86_64-latest.xml | 2 +- tests/qemuxmlconfdata/hyperv.xml | 2 +- tests/qemuxmlconftest.c | 1 + 8 files changed, 147 insertions(+), 7 deletions(-) create mode 100644 tests/qemuxmlconfdata/hyperv-spinlocks-never-notify.x86_64-latest.args create mode 100644 tests/qemuxmlconfdata/hyperv-spinlocks-never-notify.x86_64-latest.xml create mode 100644 tests/qemuxmlconfdata/hyperv-spinlocks-never-notify.xml -- 2.51.0

2 6

[libvirt PATCH] qemu: forbid readonly attribute for externally launched virtiofsd
by Ján Tomko 22 Oct '25

22 Oct '25

From: Ján Tomko <jtomko(a)redhat.com> In that case, libvirtd cannot set it on the command line because virtiofsd is not launched by libvirt. https://issues.redhat.com/browse/RHEL-87522 Signed-off-by: Ján Tomko <jtomko(a)redhat.com> --- src/qemu/qemu_validate.c | 6 +++ ...st-user-fs-sock-readonly.x86_64-latest.err | 1 + .../vhost-user-fs-sock-readonly.xml | 41 +++++++++++++++++++ tests/qemuxmlconftest.c | 1 + 4 files changed, 49 insertions(+) create mode 100644 tests/qemuxmlconfdata/vhost-user-fs-sock-readonly.x86_64-latest.err create mode 100644 tests/qemuxmlconfdata/vhost-user-fs-sock-readonly.xml diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c index 3e8fdb2268..3b0f2b50a5 100644 --- a/src/qemu/qemu_validate.c +++ b/src/qemu/qemu_validate.c @@ -5022,6 +5022,12 @@ qemuValidateDomainDeviceDefFS(virDomainFSDef *fs, _("virtiofs does not support wrpolicy")); return -1; } + } else { + if (fs->readonly) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("readonly mode cannot be set for externally started virtiofsd")); + return -1; + } } if (fs->model != VIR_DOMAIN_FS_MODEL_DEFAULT) { diff --git a/tests/qemuxmlconfdata/vhost-user-fs-sock-readonly.x86_64-latest.err b/tests/qemuxmlconfdata/vhost-user-fs-sock-readonly.x86_64-latest.err new file mode 100644 index 0000000000..d6df9bddb8 --- /dev/null +++ b/tests/qemuxmlconfdata/vhost-user-fs-sock-readonly.x86_64-latest.err @@ -0,0 +1 @@ +unsupported configuration: readonly mode cannot be set for externally started virtiofsd diff --git a/tests/qemuxmlconfdata/vhost-user-fs-sock-readonly.xml b/tests/qemuxmlconfdata/vhost-user-fs-sock-readonly.xml new file mode 100644 index 0000000000..39e27ccfba --- /dev/null +++ b/tests/qemuxmlconfdata/vhost-user-fs-sock-readonly.xml @@ -0,0 +1,41 @@ +<domain type='kvm'> + <name>guest</name> + <uuid>126f2720-6f8e-45ab-a886-ec9277079a67</uuid> + <memory unit='KiB'>14680064</memory> + <currentMemory unit='KiB'>14680064</currentMemory> + <memoryBacking> + <source type='file'/> + <access mode='shared'/> + </memoryBacking> + <vcpu placement='static'>2</vcpu> + <os> + <type arch='x86_64' machine='pc'>hvm</type> + <boot dev='hd'/> + </os> + <cpu mode='custom' match='exact' check='none'> + <model fallback='forbid'>qemu64</model> + <numa> + <cell id='0' cpus='0-1' memory='14680064' unit='KiB' memAccess='shared'/> + </numa> + </cpu> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu-system-x86_64</emulator> + <controller type='usb' index='0' model='none'/> + <controller type='pci' index='0' model='pci-root'/> + <filesystem type='mount'> + <driver type='virtiofs' queue='1024'/> + <source socket='/tmp/sock'/> + <target dir='tag'/> + <readonly/> + <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/> + </filesystem> + <input type='mouse' bus='ps2'/> + <input type='keyboard' bus='ps2'/> + <audio id='1' type='none'/> + <memballoon model='none'/> + </devices> +</domain> diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c index e4d80faa99..1f39779d7b 100644 --- a/tests/qemuxmlconftest.c +++ b/tests/qemuxmlconftest.c @@ -3259,6 +3259,7 @@ mymain(void) DO_TEST_CAPS_LATEST("seclabel-dynamic-none"); DO_TEST_CAPS_LATEST("serial-target-port-auto"); DO_TEST_CAPS_LATEST("vhost-user-fs-sock"); + DO_TEST_CAPS_LATEST_PARSE_ERROR("vhost-user-fs-sock-readonly"); DO_TEST_CAPS_ARCH_LATEST("video-virtio-gpu-ccw-auto", "s390x"); DO_TEST_CAPS_LATEST("graphics-listen-network"); -- 2.50.1

2 1

[PATCH v2 0/1] x86: install modules-load.d file to load msr module
by Hector Cao 22 Oct '25

22 Oct '25

This submission is a follow-up (v2) of the discussion (RFC) that was happening at: https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/ADJ4A... On x86, libvirt makes use of the API exposed by the msr kernel module to read the MSR (Model Specific Registers) values. On some Linux distros, this module is not loaded by default so libvirt might fail to read the MSR values and falls back to /dev/kvm to obtain these values. KVM might be behind in term of exposing all the values of the MSRs so using /dev/kvm is not ideal. This submission tries to make libvirt deploy the modules-load.d configuration so that linux loads the msr module at next boot. One caveat, libvirt installs only the file and does not trigger the load that is only done at next reboot, it is up to each distro to trigger immediately the load of the module without a reboot. v2: - only install the file when qemu driver is enabled Hector Cao (1): x86: install modules-load.d file to load msr module meson_options.txt | 1 + src/util/meson.build | 19 +++++++++++++++++++ src/util/modules-load.d/msr.conf | 1 + tools/virt-host-validate-qemu.c | 7 +++++++ 4 files changed, 28 insertions(+) create mode 100644 src/util/modules-load.d/msr.conf -- 2.45.2

2 2

[PATCH pushed] qemumonitorjsontes: Properly free blockstats
by Peter Krempa 22 Oct '25

22 Oct '25

From: Peter Krempa <pkrempa(a)redhat.com> In the patch converting block stats to objects in 58aa005f3e9 I forgot to change the allocation of the hash table in qemumonitorjsontest which doesn't use the wrapper. This problem didn't manifest itself with newer glib versions. Use 'g_object_unref' instead of 'g_free'. Fixes: 58aa005f3e9 Signed-off-by: Peter Krempa <pkrempa(a)redhat.com> --- tests/qemumonitorjsontest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/qemumonitorjsontest.c b/tests/qemumonitorjsontest.c index a229a89860..6129dde449 100644 --- a/tests/qemumonitorjsontest.c +++ b/tests/qemumonitorjsontest.c @@ -1446,7 +1446,7 @@ testQemuMonitorJSONqemuMonitorJSONGetAllBlockStatsInfo(const void *opaque) { const testGenericData *data = opaque; virDomainXMLOption *xmlopt = data->xmlopt; - g_autoptr(GHashTable) blockstats = virHashNew(g_free); + g_autoptr(GHashTable) blockstats = virHashNew(g_object_unref); qemuBlockStats *stats; g_autoptr(qemuMonitorTest) test = NULL; -- 2.51.0

3 2