February 2025 - Devel - libvirt List Archives

[RFC PATCH v4 0/5] Added virtio-net RSS with eBPF support.
by Andrew Melnychenko 14 Oct '25

14 Oct '25

This series of rfc patches adds support for loading the RSS eBPF program and passing it to the QEMU. Comments and suggestions would be useful. QEMU with vhost may work with RSS through eBPF. To load eBPF, the capabilities required that Libvirt may provide. eBPF program and maps may be unique for particular QEMU and Libvirt retrieves eBPF through qapi. For now, there is only "RSS" eBPF object in QEMU, in the future, there may be another one(g.e. network filters). That's why in Libvirt added logic to load and store any eBPF object that QEMU provides using qapi schema. One of the reasons why this series of patches is in RFC are tests. To this series of patches, the tests were added. For now, the tests are synthetic, the proper "reply" file should be generated with a new "caps" file. Currently, there are changes in caps-9.0.0* and caps-9.1.0 files. There was added support for ebpf_rss_fds feature, and request-ebpf command. So, overall, the tests are required for review, comment, and discussion how we want them to be implemented in the future. For virtio-net RSS, the document has not changed. ``` <interface type="network"> <model type="virtio"/> <driver queues="4" rss="on" rss_hash_report="off"/> <interface type="network"> ``` Simplified routine for RSS: * Libvirt retrieves eBPF "RSS" and load it. * Libvirt passes file descriptors to virtio-net with property "ebpf_rss_fds" ("rss" property should be "on" too). * if fds was provided - QEMU using eBPF RSS implementation. * if fds was not provided - QEMU tries to load eBPF RSS in own context and use it. * if eBPF RSS was not loaded - QEMU uses "in-qemu" RSS(vhost not supported). Changes since RFC v3: * changed tests a bit * refactored and rebased * removed "allowEBPF" from qemu config(now env is used for tests) Changes since RFC v2: * refactored and rebased. * applied changes according to the Qemu. * added basic test. Changes since RFC v1: * changed eBPF format saved in the XML cache. * refactored and checked with syntax test. * refactored patch hunks. Andrew Melnychenko (5): qemu_monitor: Added QEMU's "request-ebpf" support. qemu_capabilities: Added logic for retrieving eBPF objects from QEMU. qemu_interface: Added routine for loading the eBPF objects. qemu_command: Added "ebpf_rss_fds" support for virtio-net. tests: Added tests for eBPF blob loading. libvirt.spec.in | 3 + meson.build | 7 + meson_options.txt | 1 + src/qemu/meson.build | 1 + src/qemu/qemu_capabilities.c | 132 ++++++++++++ src/qemu/qemu_capabilities.h | 5 + src/qemu/qemu_command.c | 60 ++++++ src/qemu/qemu_domain.c | 4 + src/qemu/qemu_domain.h | 3 + src/qemu/qemu_interface.c | 87 ++++++++ src/qemu/qemu_interface.h | 7 + src/qemu/qemu_monitor.c | 9 + src/qemu/qemu_monitor.h | 4 + src/qemu/qemu_monitor_json.c | 27 +++ src/qemu/qemu_monitor_json.h | 4 + .../caps_9.0.0_sparc.replies | 95 +++++---- .../qemucapabilitiesdata/caps_9.0.0_sparc.xml | 3 + .../caps_9.0.0_x86_64.replies | 199 ++++++++++-------- .../caps_9.0.0_x86_64.xml | 4 + .../caps_9.1.0_x86_64.replies | 199 ++++++++++-------- .../caps_9.1.0_x86_64.xml | 4 + tests/qemuxml2argvmock.c | 24 +++ .../net-virtio-rss-bpf.x86_64-latest.args | 37 ++++ .../net-virtio-rss-bpf.x86_64-latest.xml | 46 ++++ tests/qemuxmlconfdata/net-virtio-rss-bpf.xml | 46 ++++ tests/qemuxmlconftest.c | 5 + 26 files changed, 792 insertions(+), 224 deletions(-) create mode 100644 tests/qemuxmlconfdata/net-virtio-rss-bpf.x86_64-latest.args create mode 100644 tests/qemuxmlconfdata/net-virtio-rss-bpf.x86_64-latest.xml create mode 100644 tests/qemuxmlconfdata/net-virtio-rss-bpf.xml -- 2.45.2

3 7

[PATCH 0/3] hw/sd/sdcard: Deprecate support for spec v1.10
by Philippe Mathieu-Daudé 02 Sep '25

02 Sep '25

Deprecate SD spec v1.10, use v3.01 as new default. Philippe Mathieu-Daudé (3): hw/sd/sdcard: Deprecate support for spec v1.10 hw/sd/sdcard: Use spec v3.01 by default hw/sd/sdcard: Remove support for spec v1.10 docs/about/removed-features.rst | 5 +++++ include/hw/sd/sd.h | 1 - hw/sd/sd.c | 14 +++----------- 3 files changed, 8 insertions(+), 12 deletions(-) -- 2.41.0

2 10

[PATCH v2 00/11] Enabling logging for ch guests
by Praveen K Paladugu 18 Aug '25

18 Aug '25

LogContext management is now moved from Qemu driver to hypervisor. After migrating Qemu to use domain_logcontext, I extended ch driver to use also use domain_logcontext to capture early boot failures within domain specific log files. Changes in V2: * refactored the patches to ensure all of them build. * ch driver will use virtlogd to consolidate logs from hypervisor and its domains. Praveen K Paladugu (11): hypervisor: copy qemu log context mgmt to hypervisor hypervisor: rename reference to qemu in domain_logcontext hypervisor: drop qemu specific args in domainLogContextNew hypervisor: Build domain_logcontext libvirt_private: export symbols from domain_logcontext qemu: Modify qemu driver to use domainLogContext qemu: delete qemu_logcontext files ch: Enable logging for ch domains ch: move curl_data and curl_callback definitions ch: Enable logging curl responses from ch ch: configure ch driver to use virlogd po/POTFILES | 2 +- src/ch/ch_conf.c | 1 + src/ch/ch_conf.h | 2 + src/ch/ch_monitor.c | 84 ++++++++++++------- src/ch/ch_monitor.h | 6 +- src/ch/ch_process.c | 36 ++++++-- .../domain_logcontext.c} | 78 +++++++++-------- src/hypervisor/domain_logcontext.h | 45 ++++++++++ src/hypervisor/meson.build | 1 + src/libvirt_private.syms | 6 ++ src/qemu/meson.build | 1 - src/qemu/qemu_domain.c | 28 +++---- src/qemu/qemu_domain.h | 12 +-- src/qemu/qemu_logcontext.h | 41 --------- src/qemu/qemu_nbdkit.c | 12 ++- src/qemu/qemu_process.c | 45 +++++----- 16 files changed, 236 insertions(+), 164 deletions(-) rename src/{qemu/qemu_logcontext.c => hypervisor/domain_logcontext.c} (79%) create mode 100644 src/hypervisor/domain_logcontext.h delete mode 100644 src/qemu/qemu_logcontext.h -- 2.47.0

4 16

[PATCH v1] tests: add capabilities for QEMU 10.0.0 on s390x
by Shalini Chellathurai Saroja 30 Apr '25

30 Apr '25

Let us introduce the xml and reply files for QEMU 10.0.0 on s390x. Notable changes: - new s390-ccw-virtio-10.0 machine type - old machine types (2.4 - 2.8) dropped - new CPU models - New devices: - virtio-mem-ccw - chardev now supports qemu-vdagent Signed-off-by: Shalini Chellathurai Saroja <shalini(a)linux.ibm.com> Reviewed-by: Boris Fiuczynski <fiuczy(a)linux.ibm.com> Suggested-by: Michal Privoznik <mprivozn(a)redhat.com> The replies and xml files are removed from this patch and are available in https://gitlab.com/shalinichellathurai/libvirt/-/commit/3e9df63925e2c86b81c… --- tests/domaincapsdata/qemu_10.0.0.s390x.xml | 359 + .../caps_10.0.0_s390x.replies | 38002 ++++++++++++++++ .../caps_10.0.0_s390x.xml | 4216 ++ 3 files changed, 42577 insertions(+) create mode 100644 tests/domaincapsdata/qemu_10.0.0.s390x.xml create mode 100644 tests/qemucapabilitiesdata/caps_10.0.0_s390x.replies create mode 100644 tests/qemucapabilitiesdata/caps_10.0.0_s390x.xml diff --git a/tests/domaincapsdata/qemu_10.0.0.s390x.xml b/tests/domaincapsdata/qemu_10.0.0.s390x.xml new file mode 100644 index 0000000000..4af3c7ec53 --- /dev/null +++ b/tests/domaincapsdata/qemu_10.0.0.s390x.xml @@ -0,0 +1,359 @@ +<domainCapabilities> + <path>/usr/bin/qemu-system-s390x</path> + <domain>kvm</domain> + <machine>s390-ccw-virtio-10.0</machine> + <arch>s390x</arch> + <vcpu max='248'/> + <iothreads supported='yes'/> + <os supported='yes'> + <enum name='firmware'/> + <loader supported='yes'> + <value>/obviously/fake/firmware1.fd</value> + <value>/obviously/fake/firmware2.fd</value> + <enum name='type'> + <value>rom</value> + <value>pflash</value> + </enum> + <enum name='readonly'> + <value>yes</value> + <value>no</value> + </enum> + <enum name='secure'> + <value>no</value> + </enum> + </loader> + </os> + <cpu> + <mode name='host-passthrough' supported='yes'> + <enum name='hostPassthroughMigratable'> + <value>off</value> + </enum> + </mode> + <mode name='maximum' supported='yes'> + <enum name='maximumMigratable'> + <value>on</value> + <value>off</value> + </enum> + </mode> + <mode name='host-model' supported='yes'> + <model fallback='forbid'>gen16a-base</model> + <feature policy='require' name='nnpa'/> + <feature policy='require' name='aen'/> + <feature policy='require' name='cmmnt'/> + <feature policy='require' name='vxpdeh'/> + <feature policy='require' name='aefsi'/> + <feature policy='require' name='diag318'/> + <feature policy='require' name='csske'/> + <feature policy='require' name='mepoch'/> + <feature policy='require' name='msa9'/> + <feature policy='require' name='msa8'/> + <feature policy='require' name='msa7'/> + <feature policy='require' name='msa6'/> + <feature policy='require' name='msa5'/> + <feature policy='require' name='msa4'/> + <feature policy='require' name='msa3'/> + <feature policy='require' name='msa2'/> + <feature policy='require' name='msa1'/> + <feature policy='require' name='sthyi'/> + <feature policy='require' name='edat'/> + <feature policy='require' name='ri'/> + <feature policy='require' name='deflate'/> + <feature policy='require' name='edat2'/> + <feature policy='require' name='etoken'/> + <feature policy='require' name='vx'/> + <feature policy='require' name='ipter'/> + <feature policy='require' name='pai'/> + <feature policy='require' name='paie'/> + <feature policy='require' name='mepochptff'/> + <feature policy='require' name='ap'/> + <feature policy='require' name='vxeh'/> + <feature policy='require' name='vxpd'/> + <feature policy='require' name='esop'/> + <feature policy='require' name='msa9_pckmo'/> + <feature policy='require' name='vxeh2'/> + <feature policy='require' name='esort'/> + <feature policy='require' name='appv'/> + <feature policy='require' name='apqi'/> + <feature policy='require' name='apft'/> + <feature policy='require' name='els'/> + <feature policy='require' name='iep'/> + <feature policy='require' name='appvi'/> + <feature policy='require' name='apqci'/> + <feature policy='require' name='cte'/> + <feature policy='require' name='ais'/> + <feature policy='require' name='bpb'/> + <feature policy='require' name='ctop'/> + <feature policy='require' name='gs'/> + <feature policy='require' name='ppa15'/> + <feature policy='require' name='zpci'/> + <feature policy='require' name='rdp'/> + <feature policy='require' name='sea_esop2'/> + <feature policy='require' name='beareh'/> + <feature policy='require' name='te'/> + <feature policy='require' name='cmm'/> + <feature policy='require' name='vxpdeh2'/> + </mode> + <mode name='custom' supported='yes'> + <model usable='yes' vendor='IBM'>gen15a</model> + <model usable='yes' vendor='IBM'>gen15a-base</model> + <model usable='yes' vendor='IBM'>gen15b</model> + <model usable='yes' vendor='IBM'>gen15b-base</model> + <model usable='yes' vendor='IBM'>gen16a</model> + <model usable='yes' vendor='IBM'>gen16a-base</model> + <model usable='yes' vendor='IBM'>gen16b</model> + <model usable='yes' vendor='IBM'>gen16b-base</model> + <model usable='no' vendor='IBM'>gen17a</model> + <blockers model='gen17a'> + <feature name='minste4'/> + <feature name='msa10'/> + <feature name='msa10_pckmo'/> + <feature name='msa11'/> + <feature name='msa11_pckmo'/> + <feature name='msa12'/> + <feature name='msa13'/> + <feature name='msa13_pckmo'/> + <feature name='plo_ext'/> + <feature name='sif'/> + <feature name='type'/> + <feature name='vxeh3'/> + <feature name='vxpdeh3'/> + </blockers> + <model usable='no' vendor='IBM'>gen17a-base</model> + <blockers model='gen17a-base'> + <feature name='minste4'/> + <feature name='msa12'/> + <feature name='plo_ext'/> + <feature name='sif'/> + <feature name='type'/> + </blockers> + <model usable='no' vendor='IBM'>gen17b</model> + <blockers model='gen17b'> + <feature name='minste4'/> + <feature name='msa10'/> + <feature name='msa10_pckmo'/> + <feature name='msa11'/> + <feature name='msa11_pckmo'/> + <feature name='msa12'/> + <feature name='msa13'/> + <feature name='msa13_pckmo'/> + <feature name='plo_ext'/> + <feature name='sif'/> + <feature name='type'/> + <feature name='vxeh3'/> + <feature name='vxpdeh3'/> + </blockers> + <model usable='no' vendor='IBM'>gen17b-base</model> + <blockers model='gen17b-base'> + <feature name='minste4'/> + <feature name='msa12'/> + <feature name='plo_ext'/> + <feature name='sif'/> + <feature name='type'/> + </blockers> + <model usable='yes' vendor='unknown'>max</model> + <model usable='yes' vendor='unknown'>qemu</model> + <model usable='yes' vendor='IBM'>z10BC</model> + <model usable='yes' vendor='IBM'>z10BC-base</model> + <model usable='yes' vendor='IBM'>z10BC.2</model> + <model usable='yes' vendor='IBM'>z10BC.2-base</model> + <model usable='yes' vendor='IBM'>z10EC</model> + <model usable='yes' vendor='IBM'>z10EC-base</model> + <model usable='yes' vendor='IBM'>z10EC.2</model> + <model usable='yes' vendor='IBM'>z10EC.2-base</model> + <model usable='yes' vendor='IBM'>z10EC.3</model> + <model usable='yes' vendor='IBM'>z10EC.3-base</model> + <model usable='yes' vendor='IBM'>z114</model> + <model usable='yes' vendor='IBM'>z114-base</model> + <model usable='yes' vendor='IBM'>z13</model> + <model usable='yes' vendor='IBM'>z13-base</model> + <model usable='yes' vendor='IBM'>z13.2</model> + <model usable='yes' vendor='IBM'>z13.2-base</model> + <model usable='yes' vendor='IBM'>z13s</model> + <model usable='yes' vendor='IBM'>z13s-base</model> + <model usable='yes' vendor='IBM'>z14</model> + <model usable='yes' vendor='IBM'>z14-base</model> + <model usable='yes' vendor='IBM'>z14.2</model> + <model usable='yes' vendor='IBM'>z14.2-base</model> + <model usable='yes' vendor='IBM'>z14ZR1</model> + <model usable='yes' vendor='IBM'>z14ZR1-base</model> + <model usable='yes' vendor='IBM'>z196</model> + <model usable='yes' vendor='IBM'>z196-base</model> + <model usable='yes' vendor='IBM'>z196.2</model> + <model usable='yes' vendor='IBM'>z196.2-base</model> + <model usable='yes' vendor='IBM'>z800</model> + <model usable='yes' vendor='IBM'>z800-base</model> + <model usable='yes' vendor='IBM'>z890</model> + <model usable='yes' vendor='IBM'>z890-base</model> + <model usable='yes' vendor='IBM'>z890.2</model> + <model usable='yes' vendor='IBM'>z890.2-base</model> + <model usable='yes' vendor='IBM'>z890.3</model> + <model usable='yes' vendor='IBM'>z890.3-base</model> + <model usable='yes' vendor='IBM'>z900</model> + <model usable='yes' vendor='IBM'>z900-base</model> + <model usable='yes' vendor='IBM'>z900.2</model> + <model usable='yes' vendor='IBM'>z900.2-base</model> + <model usable='yes' vendor='IBM'>z900.3</model> + <model usable='yes' vendor='IBM'>z900.3-base</model> + <model usable='yes' vendor='IBM'>z990</model> + <model usable='yes' vendor='IBM'>z990-base</model> + <model usable='yes' vendor='IBM'>z990.2</model> + <model usable='yes' vendor='IBM'>z990.2-base</model> + <model usable='yes' vendor='IBM'>z990.3</model> + <model usable='yes' vendor='IBM'>z990.3-base</model> + <model usable='yes' vendor='IBM'>z990.4</model> + <model usable='yes' vendor='IBM'>z990.4-base</model> + <model usable='yes' vendor='IBM'>z990.5</model> + <model usable='yes' vendor='IBM'>z990.5-base</model> + <model usable='yes' vendor='IBM'>z9BC</model> + <model usable='yes' vendor='IBM'>z9BC-base</model> + <model usable='yes' vendor='IBM'>z9BC.2</model> + <model usable='yes' vendor='IBM'>z9BC.2-base</model> + <model usable='yes' vendor='IBM'>z9EC</model> + <model usable='yes' vendor='IBM'>z9EC-base</model> + <model usable='yes' vendor='IBM'>z9EC.2</model> + <model usable='yes' vendor='IBM'>z9EC.2-base</model> + <model usable='yes' vendor='IBM'>z9EC.3</model> + <model usable='yes' vendor='IBM'>z9EC.3-base</model> + <model usable='yes' vendor='IBM'>zBC12</model> + <model usable='yes' vendor='IBM'>zBC12-base</model> + <model usable='yes' vendor='IBM'>zEC12</model> + <model usable='yes' vendor='IBM'>zEC12-base</model> + <model usable='yes' vendor='IBM'>zEC12.2</model> + <model usable='yes' vendor='IBM'>zEC12.2-base</model> + </mode> + </cpu> + <memoryBacking supported='yes'> + <enum name='sourceType'> + <value>file</value> + <value>anonymous</value> + <value>memfd</value> + </enum> + </memoryBacking> + <devices> + <disk supported='yes'> + <enum name='diskDevice'> + <value>disk</value> + <value>cdrom</value> + <value>floppy</value> + <value>lun</value> + </enum> + <enum name='bus'> + <value>fdc</value> + <value>scsi</value> + <value>virtio</value> + <value>usb</value> + </enum> + <enum name='model'> + <value>virtio</value> + <value>virtio-transitional</value> + <value>virtio-non-transitional</value> + </enum> + </disk> + <graphics supported='yes'> + <enum name='type'> + <value>sdl</value> + <value>vnc</value> + <value>egl-headless</value> + <value>dbus</value> + </enum> + </graphics> + <video supported='yes'> + <enum name='modelType'> + <value>virtio</value> + <value>none</value> + </enum> + </video> + <hostdev supported='yes'> + <enum name='mode'> + <value>subsystem</value> + </enum> + <enum name='startupPolicy'> + <value>default</value> + <value>mandatory</value> + <value>requisite</value> + <value>optional</value> + </enum> + <enum name='subsysType'> + <value>usb</value> + <value>pci</value> + <value>scsi</value> + </enum> + <enum name='capsType'/> + <enum name='pciBackend'> + <value>default</value> + <value>vfio</value> + </enum> + </hostdev> + <rng supported='yes'> + <enum name='model'> + <value>virtio</value> + <value>virtio-transitional</value> + <value>virtio-non-transitional</value> + </enum> + <enum name='backendModel'> + <value>random</value> + <value>egd</value> + <value>builtin</value> + </enum> + </rng> + <filesystem supported='yes'> + <enum name='driverType'> + <value>path</value> + <value>handle</value> + <value>virtiofs</value> + </enum> + </filesystem> + <tpm supported='no'/> + <redirdev supported='yes'> + <enum name='bus'> + <value>usb</value> + </enum> + </redirdev> + <channel supported='yes'> + <enum name='type'> + <value>pty</value> + <value>unix</value> + </enum> + </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + <value>lkcf</value> + </enum> + </crypto> + <interface supported='yes'> + <enum name='backendType'> + <value>default</value> + <value>passt</value> + </enum> + </interface> + <panic supported='yes'> + <enum name='model'> + <value>s390</value> + </enum> + </panic> + </devices> + <features> + <gic supported='no'/> + <vmcoreinfo supported='no'/> + <genid supported='no'/> + <backingStoreInput supported='yes'/> + <backup supported='yes'/> + <async-teardown supported='yes'/> + <s390-pv supported='yes'/> + <ps2 supported='no'/> + <sev supported='no'/> + <sgx supported='no'/> + <launchSecurity supported='yes'> + <enum name='sectype'> + <value>s390-pv</value> + </enum> + </launchSecurity> + </features> +</domainCapabilities> diff --git a/tests/qemucapabilitiesdata/caps_10.0.0_s390x.replies b/tests/qemucapabilitiesdata/caps_10.0.0_s390x.replies new file mode 100644 index 0000000000..5195489878 --- /dev/null +++ b/tests/qemucapabilitiesdata/caps_10.0.0_s390x.replies @@ -0,0 +1,38002 @@ [...] diff --git a/tests/qemucapabilitiesdata/caps_10.0.0_s390x.xml b/tests/qemucapabilitiesdata/caps_10.0.0_s390x.xml new file mode 100644 index 0000000000..242848d6ae --- /dev/null +++ b/tests/qemucapabilitiesdata/caps_10.0.0_s390x.xml @@ -0,0 +1,4216 @@ [...]

3 3

[libvirt PATCH] tools: virsh: metadata: do not report error on missing metadata
by Ján Tomko 02 Apr '25

02 Apr '25

Similarly to `desc` and `net-desc`, return an empty string if there is no metadata to be returned. https://issues.redhat.com/browse/RHEL-27172 Signed-off-by: Ján Tomko <jtomko(a)redhat.com> --- tools/virsh-domain.c | 10 ++++++++-- tools/virsh-network.c | 10 ++++++++-- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c index f3da2f903f..e104aa909a 100644 --- a/tools/virsh-domain.c +++ b/tools/virsh-domain.c @@ -8480,8 +8480,14 @@ cmdMetadata(vshControl *ctl, const vshCmd *cmd) g_autofree char *data = NULL; /* get */ if (!(data = virDomainGetMetadata(dom, VIR_DOMAIN_METADATA_ELEMENT, - uri, flags))) - return false; + uri, flags))) { + if (virGetLastErrorCode() == VIR_ERR_NO_DOMAIN_METADATA) { + virResetLastError(); + data = g_strdup(""); + } else { + return false; + } + } vshPrint(ctl, "%s\n", data); } diff --git a/tools/virsh-network.c b/tools/virsh-network.c index 6fcc7fd8ee..bcdb76ae36 100644 --- a/tools/virsh-network.c +++ b/tools/virsh-network.c @@ -604,8 +604,14 @@ cmdNetworkMetadata(vshControl *ctl, const vshCmd *cmd) /* get */ if (!(data = virNetworkGetMetadata(net, VIR_NETWORK_METADATA_ELEMENT, - uri, flags))) - return false; + uri, flags))) { + if (virGetLastErrorCode() == VIR_ERR_NO_NETWORK_METADATA) { + virResetLastError(); + data = g_strdup(""); + } else { + return false; + } + } vshPrint(ctl, "%s\n", data); } -- 2.48.1

4 4

[PATCH rfcv4 00/13] LIBVIRT: X86: TDX support
by Zhenzhong Duan 02 Apr '25

02 Apr '25

Hi, This series brings libvirt the x86 TDX support. * What's TDX? TDX stands for Trust Domain Extensions which isolates VMs from the virtual-machine manager (VMM)/hypervisor and any other software on the platform. To support TDX, multiple software components, not only KVM but also QEMU, guest Linux and virtual bios, need to be updated. For more details, please check link[1]. This patchset is another software component to extend libvirt to support TDX, with which one can start a TDX guest from high level rather than running qemu directly. * Misc As QEMU use a software emulated way to reset guest which isn't supported by TDX guest for security reason. We simulate reboot for TDX guest by kill and create a new one in FakeReboot framework. Complete code can be found at [2], matching qemu code can be found at [3]. There is a 'debug' property for tdx-guest object which isn't in matching qemu[3] yet. I keep them intentionally as they will be implemented in qemu as extention series of [3]. * Test start/stop/reboot with virsh stop/reboot trigger in guest stop with on_poweroff=destroy/restart reboot with on_reboot=destroy/restart * Patch organization - patch 1-4: Support query of TDX capabilities. - patch 5-8: Add TDX type to launchsecurity framework. - patch 9-11: Add reboot support to TDX guest - patch 12-13: Add test and docs TODO: - update QEMU capabilities data in tests, depending on qemu TDX merged beforehand - add reconnect logic in virsh command [1] https://lore.kernel.org/kvm/cover.1708933498.git.isaku.yamahata@intel.com [2] https://github.com/intel/libvirt-tdx/commits/tdx_for_upstream_rfcv4 [3] https://github.com/intel/qemu-tdx/tree/tdx-qemu-upstream-v5 Thanks Zhenzhong Changelog: rfcv4: - add a check to tools/virt-host-validate-qemu.c (Daniel) - remove check of q35 (Daniel) - model 'SocktetAddress' QAPI in xml schema (Daniel) - s/Quote-Generation-Service/quoteGenerationService/ (Daniel) - define bits in tdx->policy and add validating logic (Daniel) - presume QEMU choose split kernel irqchip for TDX guest by default (Daniel) - utilize existing FakeReboot framework to do reboot for TDX guest (Daniel) - drop patch11 'conf: Add support to keep same domid for hard reboot' (Daniel) - add test in tests/ to validate parsing and formatting logic (Daniel) - add doc in docs/formatdomain.rst (Daniel) - add R-B rfcv3: - Change to generate qemu cmdline with -bios - drop firmware auto match as -bios is used - add a hard reboot method to reboot TDX guest rfcv3: https://www.mail-archive.com/devel@lists.libvirt.org/msg00385.html rfcv2: - give up using qmp cmd and check TDX directly on host for TDX capabilities. - use launchsecurity framework to support TDX - use <os>.<loader> for general loader - add auto firmware match feature for TDX A example TDVF fimware description file 70-edk2-x86_64-tdx.json: { "description": "UEFI firmware for x86_64, supporting Intel TDX", "interface-types": [ "uefi" ], "mapping": { "device": "generic", "filename": "/usr/share/OVMF/OVMF_CODE-tdx.fd" }, "targets": [ { "architecture": "x86_64", "machines": [ "pc-q35-*" ] } ], "features": [ "intel-tdx", "verbose-dynamic" ], "tags": [ ] } rfcv2: https://www.mail-archive.com/libvir-list@redhat.com/msg219378.html Zhenzhong Duan (13): tools: Secure guest check for Intel in virt-host-validate qemu: Check if INTEL Trust Domain Extention support is enabled qemu: Add TDX capability conf: expose TDX feature in domain capabilities conf: add tdx as launch security type qemu: Add command line and validation for TDX type qemu: force special parameters enabled for TDX guest Add Intel TDX Quote Generation Service(QGS) support qemu: add FakeReboot support for TDX guest qemu: Support reboot command in guest qemu: Avoid duplicate FakeReboot for secure guest Add test cases for Intel TDX docs: domain: Add documentation for Intel TDX guest docs/formatdomain.rst | 68 ++++ docs/formatdomaincaps.rst | 1 + src/conf/domain_capabilities.c | 1 + src/conf/domain_capabilities.h | 1 + src/conf/domain_conf.c | 312 ++++++++++++++++++ src/conf/domain_conf.h | 75 +++++ src/conf/schemas/domaincaps.rng | 9 + src/conf/schemas/domaincommon.rng | 135 ++++++++ src/conf/virconftypes.h | 2 + src/qemu/qemu_capabilities.c | 36 +- src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_command.c | 139 ++++++++ src/qemu/qemu_firmware.c | 1 + src/qemu/qemu_monitor.c | 28 +- src/qemu/qemu_monitor.h | 2 +- src/qemu/qemu_monitor_json.c | 6 +- src/qemu/qemu_namespace.c | 1 + src/qemu/qemu_process.c | 75 +++++ src/qemu/qemu_validate.c | 44 +++ ...unch-security-tdx-qgs-fd.x86_64-latest.xml | 77 +++++ .../launch-security-tdx-qgs-fd.xml | 30 ++ ...ch-security-tdx-qgs-inet.x86_64-latest.xml | 77 +++++ .../launch-security-tdx-qgs-inet.xml | 30 ++ ...ch-security-tdx-qgs-unix.x86_64-latest.xml | 77 +++++ .../launch-security-tdx-qgs-unix.xml | 30 ++ ...h-security-tdx-qgs-vsock.x86_64-latest.xml | 77 +++++ .../launch-security-tdx-qgs-vsock.xml | 30 ++ tests/qemuxmlconftest.c | 24 ++ tools/virt-host-validate-common.c | 22 +- tools/virt-host-validate-common.h | 1 + 30 files changed, 1407 insertions(+), 5 deletions(-) create mode 100644 tests/qemuxmlconfdata/launch-security-tdx-qgs-fd.x86_64-latest.xml create mode 100644 tests/qemuxmlconfdata/launch-security-tdx-qgs-fd.xml create mode 100644 tests/qemuxmlconfdata/launch-security-tdx-qgs-inet.x86_64-latest.xml create mode 100644 tests/qemuxmlconfdata/launch-security-tdx-qgs-inet.xml create mode 100644 tests/qemuxmlconfdata/launch-security-tdx-qgs-unix.x86_64-latest.xml create mode 100644 tests/qemuxmlconfdata/launch-security-tdx-qgs-unix.xml create mode 100644 tests/qemuxmlconfdata/launch-security-tdx-qgs-vsock.x86_64-latest.xml create mode 100644 tests/qemuxmlconfdata/launch-security-tdx-qgs-vsock.xml -- 2.34.1

6 45

[PATCH v8 00/18] *** qemu: block: Support block disk along with throttle filters ***
by Harikumar Rajkumar 17 Mar '25

17 Mar '25

*** Support block disk along with throttle filters *** Chun Feng Wu (17): schema: Add new domain elements to support multiple throttle groups schema: Add new domain elements to support multiple throttle filters config: Introduce ThrottleGroup and corresponding XML parsing config: Introduce ThrottleFilter and corresponding XML parsing qemu: monitor: Add support for ThrottleGroup operations tests: Test qemuMonitorJSONGetThrottleGroup and qemuMonitorJSONUpdateThrottleGroup remote: New APIs for ThrottleGroup lifecycle management qemu: Refactor qemuDomainSetBlockIoTune to extract common methods qemu: Implement qemu driver for throttle API qemu: helper: throttle filter nodename and preparation processing qemu: block: Support block disk along with throttle filters config: validate: Verify iotune, throttle group and filter qemuxmlconftest: Add 'throttlefilter' tests test_driver: Test throttle group lifecycle APIs virsh: Refactor iotune options for re-use virsh: Add support for throttle group operations virsh: Add option "throttle-groups" to "attach_disk" Harikumar Rajkumar (1): qemustatusxml2xmldata: Add 'throttlefilter' tests This patch version addresses the feedback provided on patch v5, which includes the following modifications: * Reimplementation of the "get throttle group" to query from the XML. * Allowing the SET API to reset the throttle group config fields to its default in QEMU. * Updating the version to 11.1.0. * Implementing various coding style changes as suggested. * Removal of unnecessary comments. docs/formatdomain.rst | 47 ++ docs/manpages/virsh.rst | 137 +++- include/libvirt/libvirt-domain.h | 14 + src/conf/domain_conf.c | 407 ++++++++++ src/conf/domain_conf.h | 47 ++ src/conf/domain_validate.c | 118 ++- src/conf/schemas/domaincommon.rng | 293 ++++--- src/conf/virconftypes.h | 4 + src/driver-hypervisor.h | 14 + src/libvirt-domain.c | 122 +++ src/libvirt_private.syms | 8 + src/libvirt_public.syms | 6 + src/qemu/qemu_block.c | 136 ++++ src/qemu/qemu_block.h | 49 ++ src/qemu/qemu_command.c | 180 +++++ src/qemu/qemu_command.h | 6 + src/qemu/qemu_domain.c | 77 +- src/qemu/qemu_driver.c | 485 +++++++++--- src/qemu/qemu_hotplug.c | 29 + src/qemu/qemu_monitor.c | 21 + src/qemu/qemu_monitor.h | 9 + src/qemu/qemu_monitor_json.c | 129 +++ src/qemu/qemu_monitor_json.h | 14 + src/remote/remote_daemon_dispatch.c | 105 +++ src/remote/remote_driver.c | 3 + src/remote/remote_protocol.x | 50 +- src/remote_protocol-structs | 28 + src/test/test_driver.c | 367 ++++++--- tests/qemumonitorjsontest.c | 86 ++ .../throttlefilter-in.xml | 392 ++++++++++ .../throttlefilter-out.xml | 393 ++++++++++ tests/qemuxmlactivetest.c | 1 + .../throttlefilter-invalid.x86_64-latest.err | 1 + .../throttlefilter-invalid.xml | 89 +++ .../throttlefilter.x86_64-latest.args | 55 ++ .../throttlefilter.x86_64-latest.xml | 105 +++ tests/qemuxmlconfdata/throttlefilter.xml | 95 +++ tests/qemuxmlconftest.c | 2 + tools/virsh-completer-domain.c | 82 ++ tools/virsh-completer-domain.h | 16 + tools/virsh-domain.c | 736 ++++++++++++++---- 41 files changed, 4428 insertions(+), 530 deletions(-) create mode 100644 tests/qemustatusxml2xmldata/throttlefilter-in.xml create mode 100644 tests/qemustatusxml2xmldata/throttlefilter-out.xml create mode 100644 tests/qemuxmlconfdata/throttlefilter-invalid.x86_64-latest.err create mode 100644 tests/qemuxmlconfdata/throttlefilter-invalid.xml create mode 100644 tests/qemuxmlconfdata/throttlefilter.x86_64-latest.args create mode 100644 tests/qemuxmlconfdata/throttlefilter.x86_64-latest.xml create mode 100644 tests/qemuxmlconfdata/throttlefilter.xml -- 2.39.5 (Apple Git-154)

2 48

[PATCH v2 00/21] Add qemu RDP server support
by marcandre.lureau＠redhat.com 17 Mar '25

17 Mar '25

From: Marc-André Lureau <marcandre.lureau(a)redhat.com> Hi, This patch series offers an out-of-process Remote Desktop Protocol (RDP) server solution utilizing QEMU's -display dbus interface, offering improved modularity and potential security benefits compared to built-in server. This initiative was spearheaded by Mihnea Buzatu during the QEMU Summer of Code 2023. The project's goal was to develop an out-of-process RDP server using the -display dbus interface, implemented in Rust. Given that the IronRDP crate lacked some server support at the time, investments in IronRDP were required. I finally released an initial v0.1 version of qemu-rdp on crates.io (https://crates.io/crates/qemu-rdp) That should allow more people to review and evaluate the state of this work. On unix systems, with cargo/rust toolchain installed, it should be as easy as running "cargo install qemu-rdp", apply this patch series for libvirt, set the "rdp_tls_x509_cert_dir" location for your TLS certificates, and configure a VM with both dbus & rdp graphics (run "virsh domdisplay DOMAIN" to get the display connection details). Thanks for the reviews & feedback! v2: thanks to Daniel review - drop extra error report from "qemu: report an error for unsupported graphics" - replace g_return pre-conditions with ATTRIBUTE_NONNULL - improve "qemu/dbus: keep a connection to the VM D-Bus" to also reconnect - use domainLogContext for logging (for virtiofs as well) - check for qemu-rdp availabilty for setting 'rdp' capability - make dbus-addr qemu-rdp capability mandatory - rebased - add r-b tags Marc-André Lureau (21): build-sys: drop -Winline when optimization=g build: fix -Werror=maybe-uninitialized qemu-slirp: drop unneeded check for OOM util: annotate non-null arguments for virGDBusCallMethod() qemu: fall-through for unsupported graphics qemu: add rdp state directory qemu: add qemu RDP configuration conf: parse optional RDP username & password conf: generalize virDomainDefHasSpiceGraphics qemu: use virDomainDefHasGraphics qemu: add RDP ports range allocator qemu: limit to one <graphics type='rdp'> qemu/virtiofs: use domainLogContext qemu/dbus: keep a connection to the VM D-Bus qemu/dbus: log daemon stdout/err, use domainLogContext qemu: validate RDP configuration qemu: add qemu-rdp helper unit qemu: pass virQEMUDriverConfig to capabilities qemu: add 'rdp' capability if qemu-rdp is available qemu: add RDP support tests: add qemu <graphics type='rdp'/> test docs/formatdomain.rst | 25 +- meson.build | 7 +- po/POTFILES | 1 + src/conf/domain_conf.c | 28 +- src/conf/domain_conf.h | 5 +- src/conf/schemas/domaincommon.rng | 10 + src/libvirt_private.syms | 2 +- src/qemu/libvirtd_qemu.aug | 7 + src/qemu/meson.build | 1 + src/qemu/qemu.conf.in | 31 ++ src/qemu/qemu_capabilities.c | 24 +- src/qemu/qemu_capabilities.h | 12 +- src/qemu/qemu_command.c | 9 +- src/qemu/qemu_conf.c | 56 ++- src/qemu/qemu_conf.h | 13 + src/qemu/qemu_dbus.c | 69 ++- src/qemu/qemu_dbus.h | 3 + src/qemu/qemu_domain.c | 1 + src/qemu/qemu_domain.h | 4 + src/qemu/qemu_driver.c | 20 + src/qemu/qemu_extdevice.c | 46 +- src/qemu/qemu_hotplug.c | 49 ++- src/qemu/qemu_hotplug.h | 1 + src/qemu/qemu_process.c | 170 ++++++- src/qemu/qemu_rdp.c | 416 ++++++++++++++++++ src/qemu/qemu_rdp.h | 73 +++ src/qemu/qemu_slirp.c | 6 - src/qemu/qemu_validate.c | 48 +- src/qemu/qemu_virtiofs.c | 53 +-- src/qemu/test_libvirtd_qemu.aug.in | 5 + src/util/virgdbus.h | 13 +- .../domaincapsdata/qemu_10.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_10.0.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_10.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_10.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_7.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_7.0.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_7.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_7.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_7.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_7.1.0.x86_64.xml | 1 + .../qemu_7.2.0-hvf.x86_64+hvf.xml | 1 + .../domaincapsdata/qemu_7.2.0-q35.x86_64.xml | 1 + .../qemu_7.2.0-tcg.x86_64+hvf.xml | 1 + .../domaincapsdata/qemu_7.2.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_7.2.0.ppc.xml | 1 + tests/domaincapsdata/qemu_7.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_8.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_8.0.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_8.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_8.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_8.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_8.1.0.s390x.xml | 1 + tests/domaincapsdata/qemu_8.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_8.2.0-q35.x86_64.xml | 1 + .../qemu_8.2.0-tcg-virt.loongarch64.xml | 1 + .../domaincapsdata/qemu_8.2.0-tcg.x86_64.xml | 1 + .../qemu_8.2.0-virt.aarch64.xml | 1 + .../qemu_8.2.0-virt.loongarch64.xml | 1 + tests/domaincapsdata/qemu_8.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_8.2.0.armv7l.xml | 1 + tests/domaincapsdata/qemu_8.2.0.s390x.xml | 1 + tests/domaincapsdata/qemu_8.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_9.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_9.0.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_9.0.0.sparc.xml | 1 + tests/domaincapsdata/qemu_9.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_9.1.0-q35.x86_64.xml | 1 + .../qemu_9.1.0-tcg-virt.riscv64.xml | 1 + .../domaincapsdata/qemu_9.1.0-tcg.x86_64.xml | 1 + .../qemu_9.1.0-virt.riscv64.xml | 1 + tests/domaincapsdata/qemu_9.1.0.s390x.xml | 1 + tests/domaincapsdata/qemu_9.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_9.2.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_9.2.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_9.2.0.s390x.xml | 1 + tests/domaincapsdata/qemu_9.2.0.x86_64.xml | 1 + tests/domaincapstest.c | 7 +- .../graphics-rdp.x86_64-latest.args | 35 ++ .../graphics-rdp.x86_64-latest.xml | 1 + tests/qemuxmlconfdata/graphics-rdp.xml | 43 ++ tests/qemuxmlconftest.c | 2 + tests/testutilsqemu.c | 10 + tools/nss/libvirt_nss_leases.c | 2 +- tools/nss/libvirt_nss_macs.c | 2 +- 85 files changed, 1218 insertions(+), 138 deletions(-) create mode 100644 src/qemu/qemu_rdp.c create mode 100644 src/qemu/qemu_rdp.h create mode 100644 tests/qemuxmlconfdata/graphics-rdp.x86_64-latest.args create mode 120000 tests/qemuxmlconfdata/graphics-rdp.x86_64-latest.xml create mode 100644 tests/qemuxmlconfdata/graphics-rdp.xml -- 2.47.0

4 42

[PATCH 0/5] qemu: Introduce nvme disk emulation support
by honglei.wang＠smartx.com 12 Mar '25

12 Mar '25

From: hongleiwang <honglei.wang(a)smartx.com> QEMU has supported nvme disk emulation for a long time, see: https://qemu-project.gitlab.io/qemu/system/devices/nvme.html. The following patches introduce nvme and nvme-ns disk bus type: A disk with nvme as bus is represented as nvme disk that contains only one nvme namespace. In XML, it can be used like this: <devices> ... <disk type='file' device='disk'> <driver name='qemu' type='raw'/> <source file='/tmp/data.img'/> <target dev='nvmea' bus='nvme'/> <serial>nvme-serial-value</serial> </disk> ... </devices> A disk with nvme-ns as bus is represented as an nvme namespace and needs to be attached to an nvme controller. In XML, it can be used like this: <devices> ... <disk type='file' device='disk'> <driver name='qemu' type='raw'/> <source file='/tmp/data.img'/> <target dev='nvmensa' bus='nvme-ns'/> <address type='drive' controller='0' bus='0' target='0' unit='0'/> </disk> <controller type='nvme' index='0'> <serial>nvme-controller-serial-value</serial> <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/> </controller> ... </devices> ray (5): qemu: Add support for NVMe disk bus type qemu: Add support for NVMe namespace disk bus type qemu_capabilities: Add support for NVMe disk capabilities docs: Add NVMe and NVMe namespace disk bus types to documentation tests: Add test case for NVMe device configuration docs/formatdomain.rst | 5 ++- src/conf/domain_conf.c | 42 +++++++++++++++++++ src/conf/domain_conf.h | 8 ++++ src/conf/domain_postparse.c | 4 ++ src/conf/domain_validate.c | 5 ++- src/conf/schemas/domaincommon.rng | 12 +++++- src/conf/virconftypes.h | 2 + src/hyperv/hyperv_driver.c | 4 ++ src/qemu/qemu_alias.c | 2 + src/qemu/qemu_capabilities.c | 10 +++++ src/qemu/qemu_capabilities.h | 2 + src/qemu/qemu_command.c | 31 ++++++++++++++ src/qemu/qemu_domain_address.c | 30 +++++++++++-- src/qemu/qemu_domain_address.h | 4 ++ src/qemu/qemu_hotplug.c | 14 +++++++ src/qemu/qemu_postparse.c | 1 + src/qemu/qemu_validate.c | 40 ++++++++++++++++++ src/test/test_driver.c | 4 ++ src/util/virutil.c | 2 +- src/vbox/vbox_common.c | 3 ++ src/vmx/vmx.c | 2 + tests/domaincapsdata/qemu_10.0.0-q35.x86_64.xml | 2 + tests/domaincapsdata/qemu_10.0.0-tcg.x86_64.xml | 2 + tests/domaincapsdata/qemu_10.0.0.s390x.xml | 2 + tests/domaincapsdata/qemu_10.0.0.x86_64.xml | 2 + tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml | 2 + .../domaincapsdata/qemu_5.2.0-tcg-virt.riscv64.xml | 2 + tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml | 2 + tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml | 2 + tests/domaincapsdata/qemu_5.2.0-virt.riscv64.xml | 2 + tests/domaincapsdata/qemu_5.2.0.aarch64.xml | 2 + tests/domaincapsdata/qemu_5.2.0.ppc64.xml | 2 + tests/domaincapsdata/qemu_5.2.0.x86_64.xml | 2 + tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml | 2 + tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml | 2 + tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml | 2 + tests/domaincapsdata/qemu_6.0.0.aarch64.xml | 2 + tests/domaincapsdata/qemu_6.0.0.x86_64.xml | 2 + tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml | 2 + tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml | 2 + tests/domaincapsdata/qemu_6.1.0.x86_64.xml | 2 + tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml | 2 + tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml | 2 + tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml | 2 + tests/domaincapsdata/qemu_6.2.0.aarch64.xml | 2 + tests/domaincapsdata/qemu_6.2.0.ppc64.xml | 2 + tests/domaincapsdata/qemu_6.2.0.x86_64.xml | 2 + .../domaincapsdata/qemu_7.0.0-hvf.aarch64+hvf.xml | 2 + tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml | 2 + tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml | 2 + tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml | 2 + tests/domaincapsdata/qemu_7.0.0.aarch64.xml | 2 + tests/domaincapsdata/qemu_7.0.0.ppc64.xml | 2 + tests/domaincapsdata/qemu_7.0.0.x86_64.xml | 2 + tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml | 2 + tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml | 2 + tests/domaincapsdata/qemu_7.1.0.ppc64.xml | 2 + tests/domaincapsdata/qemu_7.1.0.x86_64.xml | 2 + tests/domaincapsdata/qemu_7.2.0-hvf.x86_64+hvf.xml | 2 + tests/domaincapsdata/qemu_7.2.0-q35.x86_64.xml | 2 + tests/domaincapsdata/qemu_7.2.0-tcg.x86_64+hvf.xml | 2 + tests/domaincapsdata/qemu_7.2.0-tcg.x86_64.xml | 2 + tests/domaincapsdata/qemu_7.2.0.ppc.xml | 2 + tests/domaincapsdata/qemu_7.2.0.x86_64.xml | 2 + tests/domaincapsdata/qemu_8.0.0-q35.x86_64.xml | 2 + .../domaincapsdata/qemu_8.0.0-tcg-virt.riscv64.xml | 2 + tests/domaincapsdata/qemu_8.0.0-tcg.x86_64.xml | 2 + tests/domaincapsdata/qemu_8.0.0-virt.riscv64.xml | 2 + tests/domaincapsdata/qemu_8.0.0.x86_64.xml | 2 + tests/domaincapsdata/qemu_8.1.0-q35.x86_64.xml | 2 + tests/domaincapsdata/qemu_8.1.0-tcg.x86_64.xml | 2 + tests/domaincapsdata/qemu_8.1.0.x86_64.xml | 2 + tests/domaincapsdata/qemu_8.2.0-q35.x86_64.xml | 2 + .../qemu_8.2.0-tcg-virt.loongarch64.xml | 2 + tests/domaincapsdata/qemu_8.2.0-tcg.x86_64.xml | 2 + tests/domaincapsdata/qemu_8.2.0-virt.aarch64.xml | 2 + .../domaincapsdata/qemu_8.2.0-virt.loongarch64.xml | 2 + tests/domaincapsdata/qemu_8.2.0.aarch64.xml | 2 + tests/domaincapsdata/qemu_8.2.0.armv7l.xml | 2 + tests/domaincapsdata/qemu_8.2.0.s390x.xml | 2 + tests/domaincapsdata/qemu_8.2.0.x86_64.xml | 2 + tests/domaincapsdata/qemu_9.0.0-q35.x86_64.xml | 2 + tests/domaincapsdata/qemu_9.0.0-tcg.x86_64.xml | 2 + tests/domaincapsdata/qemu_9.0.0.x86_64.xml | 2 + tests/domaincapsdata/qemu_9.1.0-q35.x86_64.xml | 2 + .../domaincapsdata/qemu_9.1.0-tcg-virt.riscv64.xml | 2 + tests/domaincapsdata/qemu_9.1.0-tcg.x86_64.xml | 2 + tests/domaincapsdata/qemu_9.1.0-virt.riscv64.xml | 2 + tests/domaincapsdata/qemu_9.1.0.s390x.xml | 2 + tests/domaincapsdata/qemu_9.1.0.x86_64.xml | 2 + tests/domaincapsdata/qemu_9.2.0-q35.x86_64.xml | 2 + tests/domaincapsdata/qemu_9.2.0-tcg.x86_64.xml | 2 + tests/domaincapsdata/qemu_9.2.0.s390x.xml | 2 + tests/domaincapsdata/qemu_9.2.0.x86_64.xml | 2 + tests/qemucapabilitiesdata/caps_10.0.0_s390x.xml | 2 + tests/qemucapabilitiesdata/caps_10.0.0_x86_64.xml | 2 + tests/qemucapabilitiesdata/caps_5.2.0_aarch64.xml | 2 + tests/qemucapabilitiesdata/caps_5.2.0_ppc64.xml | 2 + tests/qemucapabilitiesdata/caps_5.2.0_riscv64.xml | 2 + tests/qemucapabilitiesdata/caps_5.2.0_x86_64.xml | 2 + tests/qemucapabilitiesdata/caps_6.0.0_aarch64.xml | 2 + tests/qemucapabilitiesdata/caps_6.0.0_x86_64.xml | 2 + tests/qemucapabilitiesdata/caps_6.1.0_x86_64.xml | 2 + tests/qemucapabilitiesdata/caps_6.2.0_aarch64.xml | 2 + tests/qemucapabilitiesdata/caps_6.2.0_ppc64.xml | 2 + tests/qemucapabilitiesdata/caps_6.2.0_x86_64.xml | 2 + .../caps_7.0.0_aarch64+hvf.xml | 2 + tests/qemucapabilitiesdata/caps_7.0.0_aarch64.xml | 2 + tests/qemucapabilitiesdata/caps_7.0.0_ppc64.xml | 2 + tests/qemucapabilitiesdata/caps_7.0.0_x86_64.xml | 2 + tests/qemucapabilitiesdata/caps_7.1.0_ppc64.xml | 2 + tests/qemucapabilitiesdata/caps_7.1.0_x86_64.xml | 2 + tests/qemucapabilitiesdata/caps_7.2.0_ppc.xml | 2 + .../qemucapabilitiesdata/caps_7.2.0_x86_64+hvf.xml | 2 + tests/qemucapabilitiesdata/caps_7.2.0_x86_64.xml | 2 + tests/qemucapabilitiesdata/caps_8.0.0_riscv64.xml | 2 + tests/qemucapabilitiesdata/caps_8.0.0_x86_64.xml | 2 + tests/qemucapabilitiesdata/caps_8.1.0_x86_64.xml | 2 + tests/qemucapabilitiesdata/caps_8.2.0_aarch64.xml | 2 + tests/qemucapabilitiesdata/caps_8.2.0_armv7l.xml | 2 + .../caps_8.2.0_loongarch64.xml | 2 + tests/qemucapabilitiesdata/caps_8.2.0_s390x.xml | 2 + tests/qemucapabilitiesdata/caps_8.2.0_x86_64.xml | 2 + tests/qemucapabilitiesdata/caps_9.0.0_x86_64.xml | 2 + tests/qemucapabilitiesdata/caps_9.1.0_riscv64.xml | 2 + tests/qemucapabilitiesdata/caps_9.1.0_s390x.xml | 2 + tests/qemucapabilitiesdata/caps_9.1.0_x86_64.xml | 2 + tests/qemucapabilitiesdata/caps_9.2.0_s390x.xml | 2 + tests/qemucapabilitiesdata/caps_9.2.0_x86_64.xml | 2 + .../disk-nvme-device.x86_64-latest.args | 38 +++++++++++++++++ .../disk-nvme-device.x86_64-latest.xml | 49 ++++++++++++++++++++++ tests/qemuxmlconfdata/disk-nvme-device.xml | 46 ++++++++++++++++++++ tests/qemuxmlconftest.c | 1 + 133 files changed, 569 insertions(+), 8 deletions(-) create mode 100644 tests/qemuxmlconfdata/disk-nvme-device.x86_64-latest.args create mode 100644 tests/qemuxmlconfdata/disk-nvme-device.x86_64-latest.xml create mode 100644 tests/qemuxmlconfdata/disk-nvme-device.xml -- 2.11.0

3 9

[PATCH 00/26] integrate auto-shutdown of VMs with daemons
by Daniel P. Berrangé 11 Mar '25

11 Mar '25

This series starts the work needed to obsolete the libvirt-guests.sh script which has grown a surprisingly large amount of functionality. Currently the virt daemons will acquire inhibitors to delay OS shutdown when VMs are running. The libvirt-guests.service unit can be used to call libvirt-guests.sh to shutdown running VMs on system shutdown. This split is a bad architecture because libvirt-guests.service will only run once the system has decided to initiate the shutdown sequence. When the user requests as shutdown while inhibitors are present, logind will emit a "PrepareForShutdown" signal over dbus. Applications are supposed to respond to this by preserving state & releasing their inhibitors, which in turns allows shutdown to be initiated. The remote daemon already has support for listening for the "PrepareForShutdown" signal, but only does this for session instances, not system instances. This series essentially takes that logic and expands it to run in the system instances too, thus conceptually making libvirt-guests.service obsolete. It is slightly more complicated than that though for many reasons... Saving running VMs can take a very long time. The inhibitor delay can be as low as 5 seconds, and when killing a service, systemd may not wait very long for it to terminate. libvirt-guests.service deals with this by setting TimeoutStopSecs=0 to make systemd wait forever. This is undesirable to set in libvirtd.service though, as we would like systemd to kill the daemon aggressively if it hangs. The series thus uses the notification protocol to request systemd give it more time to shutdown, as long as we're in the phase of saving running VMs. A bug in this code will still result in systemd waiting forever, which is no different from libvirt-guests.service, but a bug in any other part of the libvirt daemon shutdown code will result in systemd killing us. The existing logic for saving VMs in the session daemons had many feature gaps compared to libvirt-guests.sh. Thus there is code to add support * Requesting graceful OS shutdown if managed save failed * Force poweroff of VMs if no other action worked * Optionally enabling/disabling use of managed save, graceful shutdown and force poweroff, which is more flexible than ON_SHUTDOWN=nnn, as we can try the whole sequence of options * Ability to bypass cache in managed save * Support for one-time autostart of VMs as an official API To aid in testing this logic, virt-admin gains a new command 'virt-admin daemon-shutdown --preserve' All this new functionality is wired up into the QEMU driver, and is made easily accessible to other hypervisor drivers, so would easily be extendable to Xen, CH, LXC drivers, but this is not done in this series. IOW, libvirt-guests.service is not yet fully obsolete. The new functionality is also not enabled by default for the system daemon, it requires explicit admin changes to /etc/libvirt/qemu.conf to enable it. This is because it would clash with execution of the libvirt-guests.service if both were enabled. It is highly desirable that we enable this by default though, so we need to figure out a upgrade story wrt libvirt-guests.service. The only libvirt-guests.sh features not implemented are: * PARALLEL_SHUTDOWN=nn. When doing a graceful shutdown we initiate it on every single VM at once, and then monitor progress of all of them in parallel. * SYNC_TIME=nn When make not attempt to sync guest time when restoring from managed save. This ought to be fixed Daniel P. Berrangé (26): util: add APIs for more systemd notifications remote: notify systemd when reloading config hypervisor: introduce helper for autostart src: convert drivers over to use new autostart helper hypervisor: add support for delay interval during autostart qemu: add 'auto_start_delay' configuration parameter hypervisor: move support for auto-shutdown out of QEMU driver remote: always invoke virStateStop for all daemons hypervisor: expand available shutdown actions hypervisor: custom shutdown actions for transient vs persistent VMs qemu: support automatic VM managed save in system daemon qemu: improve shutdown defaults for session daemon qemu: configurable delay for shutdown before poweroff hypervisor: support bypassing cache for managed save qemu: add config parameter to control auto-save bypass cache src: add new APIs for marking a domain to autostart once conf: implement support for autostart once feature hypervisor: wire up support for auto restore of running domains qemu: wire up support for once only autostart qemu: add config to control if auto-shutdown VMs are restored rpc: move state stop into virNetDaemon class rpc: don't unconditionally quit after preserving state rpc: fix shutdown sequence when preserving state admin: add 'daemon-shutdown' command rpc: don't let systemd shutdown daemon while saving VMs hypervisor: send systemd status messages while saving include/libvirt/libvirt-admin.h | 13 ++ include/libvirt/libvirt-domain.h | 4 + src/admin/admin_protocol.x | 11 +- src/admin/admin_server_dispatch.c | 13 ++ src/admin/libvirt-admin.c | 33 ++++ src/admin/libvirt_admin_public.syms | 5 + src/bhyve/bhyve_driver.c | 53 ++---- src/conf/domain_conf.c | 6 +- src/conf/domain_conf.h | 1 + src/conf/virdomainobjlist.c | 7 +- src/driver-hypervisor.h | 10 ++ src/hypervisor/domain_driver.c | 250 ++++++++++++++++++++++++++++ src/hypervisor/domain_driver.h | 42 +++++ src/libvirt-domain.c | 87 ++++++++++ src/libvirt_private.syms | 10 +- src/libvirt_public.syms | 6 + src/libvirt_remote.syms | 2 +- src/libxl/libxl_driver.c | 36 ++-- src/lxc/lxc_driver.c | 13 +- src/lxc/lxc_process.c | 18 +- src/lxc/lxc_process.h | 2 + src/qemu/libvirtd_qemu.aug | 7 + src/qemu/qemu.conf.in | 59 +++++++ src/qemu/qemu_conf.c | 63 +++++++ src/qemu/qemu_conf.h | 7 + src/qemu/qemu_driver.c | 203 +++++++++++++--------- src/qemu/test_libvirtd_qemu.aug.in | 7 + src/remote/libvirtd.service.in | 2 +- src/remote/remote_daemon.c | 78 +++------ src/remote/remote_driver.c | 2 + src/remote/remote_protocol.x | 30 +++- src/remote_protocol-structs | 12 ++ src/rpc/gendispatch.pl | 4 +- src/rpc/virnetdaemon.c | 212 +++++++++++++++++++---- src/rpc/virnetdaemon.h | 20 ++- src/util/virsystemd.c | 41 ++++- src/util/virsystemd.h | 6 +- src/virtd.service.in | 2 +- tools/virsh-domain-monitor.c | 5 + tools/virsh-domain.c | 39 ++++- tools/virt-admin.c | 41 +++++ 41 files changed, 1181 insertions(+), 281 deletions(-) -- 2.47.1

2 73