[PATCH] bhyve: support interface type 'network'
by Roman Bogorodskiy
Add support for interface type 'network'. While bridge remains the only
supported options for networks in bhyve, supporting interface type
'network' allows easier configuration and makes domain XMLs more
compatible with the other drivers.
While here, update the error message for the unsupported interface type
to print the requested network type string instead of an integer to make
it more user-friendly.
Signed-off-by: Roman Bogorodskiy <bogorodskiy(a)gmail.com>
---
src/bhyve/bhyve_command.c | 44 ++++++++++++++++++++++++++++++++++-----
src/bhyve/bhyve_process.c | 30 +++++++++++++++++++-------
2 files changed, 62 insertions(+), 12 deletions(-)
diff --git a/src/bhyve/bhyve_command.c b/src/bhyve/bhyve_command.c
index bc287307c8..123d81699f 100644
--- a/src/bhyve/bhyve_command.c
+++ b/src/bhyve/bhyve_command.c
@@ -2,6 +2,7 @@
* bhyve_command.c: bhyve command generation
*
* Copyright (C) 2014 Roman Bogorodskiy
+ * Copyright (C) 2025 The FreeBSD Foundation
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -26,6 +27,7 @@
#include "bhyve_domain.h"
#include "bhyve_conf.h"
#include "bhyve_driver.h"
+#include "domain_validate.h"
#include "datatypes.h"
#include "viralloc.h"
#include "virfile.h"
@@ -40,7 +42,7 @@
VIR_LOG_INIT("bhyve.bhyve_command");
static int
-bhyveBuildNetArgStr(const virDomainDef *def,
+bhyveBuildNetArgStr(virDomainDef *def,
virDomainNetDef *net,
struct _bhyveConn *driver,
virCommand *cmd,
@@ -52,6 +54,7 @@ bhyveBuildNetArgStr(const virDomainDef *def,
char *nic_model = NULL;
int ret = -1;
virDomainNetType actualType = virDomainNetGetActualType(net);
+ g_autoptr(virConnect) netconn = NULL;
if (net->model == VIR_DOMAIN_NET_MODEL_VIRTIO) {
nic_model = g_strdup("virtio-net");
@@ -69,12 +72,43 @@ bhyveBuildNetArgStr(const virDomainDef *def,
return -1;
}
- if (actualType == VIR_DOMAIN_NET_TYPE_BRIDGE) {
+ if (net->type == VIR_DOMAIN_NET_TYPE_NETWORK) {
+ if (!netconn && !(netconn = virGetConnectNetwork()))
+ goto cleanup;
+ if (virDomainNetAllocateActualDevice(netconn, def, net) < 0)
+ goto cleanup;
+ }
+ /* final validation now that actual type is known */
+ if (virDomainActualNetDefValidate(net) < 0)
+ return -1;
+
+ switch (actualType) {
+ case VIR_DOMAIN_NET_TYPE_NETWORK:
+ case VIR_DOMAIN_NET_TYPE_BRIDGE:
brname = g_strdup(virDomainNetGetActualBridgeName(net));
- } else {
+ if (!brname) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("No bridge name specified"));
+ goto cleanup;
+ }
+ break;
+ case VIR_DOMAIN_NET_TYPE_ETHERNET:
+ case VIR_DOMAIN_NET_TYPE_DIRECT:
+ case VIR_DOMAIN_NET_TYPE_USER:
+ case VIR_DOMAIN_NET_TYPE_VHOSTUSER:
+ case VIR_DOMAIN_NET_TYPE_SERVER:
+ case VIR_DOMAIN_NET_TYPE_CLIENT:
+ case VIR_DOMAIN_NET_TYPE_MCAST:
+ case VIR_DOMAIN_NET_TYPE_UDP:
+ case VIR_DOMAIN_NET_TYPE_INTERNAL:
+ case VIR_DOMAIN_NET_TYPE_HOSTDEV:
+ case VIR_DOMAIN_NET_TYPE_VDPA:
+ case VIR_DOMAIN_NET_TYPE_NULL:
+ case VIR_DOMAIN_NET_TYPE_VDS:
+ case VIR_DOMAIN_NET_TYPE_LAST:
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
- _("Network type %1$d is not supported"),
- virDomainNetGetActualType(net));
+ _("Unsupported network type %1$s"),
+ virDomainNetTypeToString(actualType));
goto cleanup;
}
diff --git a/src/bhyve/bhyve_process.c b/src/bhyve/bhyve_process.c
index 3e6f678cf5..a17994e2a0 100644
--- a/src/bhyve/bhyve_process.c
+++ b/src/bhyve/bhyve_process.c
@@ -2,6 +2,7 @@
* bhyve_process.c: bhyve process management
*
* Copyright (C) 2014 Roman Bogorodskiy
+ * Copyright (C) 2025 The FreeBSD Foundation
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -71,18 +72,23 @@ static void
bhyveNetCleanup(virDomainObj *vm)
{
size_t i;
+ g_autoptr(virConnect) conn = NULL;
for (i = 0; i < vm->def->nnets; i++) {
virDomainNetDef *net = vm->def->nets[i];
virDomainNetType actualType = virDomainNetGetActualType(net);
- if (actualType == VIR_DOMAIN_NET_TYPE_BRIDGE) {
- if (net->ifname) {
- ignore_value(virNetDevBridgeRemovePort(
- virDomainNetGetActualBridgeName(net),
- net->ifname));
- ignore_value(virNetDevTapDelete(net->ifname, NULL));
- }
+ if (net->ifname) {
+ ignore_value(virNetDevBridgeRemovePort(
+ virDomainNetGetActualBridgeName(net),
+ net->ifname));
+ ignore_value(virNetDevTapDelete(net->ifname, NULL));
+ }
+ if (actualType == VIR_DOMAIN_NET_TYPE_NETWORK) {
+ if (conn || (conn = virGetConnectNetwork()))
+ virDomainNetReleaseActualDevice(conn, net);
+ else
+ VIR_WARN("Unable to release network device '%s'", NULLSTR(net->ifname));
}
}
}
@@ -437,6 +443,8 @@ virBhyveProcessReconnect(virDomainObj *vm,
char **proc_argv;
char *expected_proctitle = NULL;
bhyveDomainObjPrivate *priv = vm->privateData;
+ g_autoptr(virConnect) conn = NULL;
+ size_t i;
int ret = -1;
if (!virDomainObjIsActive(vm))
@@ -469,6 +477,14 @@ virBhyveProcessReconnect(virDomainObj *vm,
}
}
+ for (i = 0; i < vm->def->nnets; i++) {
+ virDomainNetDef *net = vm->def->nets[i];
+ if (net->type == VIR_DOMAIN_NET_TYPE_NETWORK && !conn)
+ conn = virGetConnectNetwork();
+
+ virDomainNetNotifyActualDevice(conn, vm->def, net);
+ }
+
cleanup:
if (ret < 0) {
/* If VM is reported to be in active state, but we cannot find
--
2.49.0
6 minutes
[PATCH] build: clang stack frame size handling improvement
by Roman Bogorodskiy
The 'plain' optimization type also triggers the clang stack frame size
issues, so increase limit for it as well.
Signed-off-by: Roman Bogorodskiy <bogorodskiy(a)gmail.com>
---
meson.build | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meson.build b/meson.build
index 56823ca25b..0a402a19a2 100644
--- a/meson.build
+++ b/meson.build
@@ -259,7 +259,7 @@ alloc_max = run_command(
stack_frame_size = 2048
# clang without optimization enlarges stack frames in certain corner cases
-if cc.get_id() == 'clang' and get_option('optimization') == '0'
+if cc.get_id() == 'clang' and get_option('optimization') in ['plain', '0']
stack_frame_size = 4096
endif
--
2.49.0
8 minutes
[PATCH 0/3] ch: monitor daemonization, sync after reboot, and shutdown fixes
by Kirill Shchetiniuk
1. Run CH monitor as a daemon
Made the monitor process daemonized to prevent VM termination if
the CH driver crashes. Added pidfile for daemon's pid aquiring and tracking
as well as its init.
2. Update domain info after reboot
Fixed an issue where domain properties (e.g., serial console path)
were not updated after VM reboot. Added VIR_CH_EVENT_VM_REBOOTED
handling to keep the transient domain definition consistent.
3. Update VM shutdown event handler
VM monitor was still up even if VM was shut off, which led to an
inability to start the domain again.
virsh # shutdown ch-test
Domain 'ch-test' is being shutdown
virsh # list
Id Name State
------------------------------
722117 ch-test shut off
Ensured the CH monitor process terminates along with the
VM shutdown (e.g., executed using virsh). Updated
virCHEventStopProcess to have proper job type.
Kirill Shchetiniuk (3):
ch: virCHMonitorNew() run new CH monitor daemonized
ch: virCHProcessEvent() update domain info after reboot
ch: virCHProcessEvent() vm shutdown event handler fix
src/ch/ch_domain.c | 1 +
src/ch/ch_domain.h | 1 +
src/ch/ch_events.c | 8 ++++----
src/ch/ch_monitor.c | 24 ++++++++++++++++++++++--
src/ch/ch_process.c | 18 +++++++++++++++++-
src/ch/ch_process.h | 2 ++
6 files changed, 47 insertions(+), 7 deletions(-)
--
2.48.1
57 minutes
[libvirt PATCH] tools: virsh: metadata: do not report error on missing metadata
by Ján Tomko
Similarly to `desc` and `net-desc`, return an empty string if
there is no metadata to be returned.
https://issues.redhat.com/browse/RHEL-27172
Signed-off-by: Ján Tomko <jtomko(a)redhat.com>
---
tools/virsh-domain.c | 10 ++++++++--
tools/virsh-network.c | 10 ++++++++--
2 files changed, 16 insertions(+), 4 deletions(-)
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index f3da2f903f..e104aa909a 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -8480,8 +8480,14 @@ cmdMetadata(vshControl *ctl, const vshCmd *cmd)
g_autofree char *data = NULL;
/* get */
if (!(data = virDomainGetMetadata(dom, VIR_DOMAIN_METADATA_ELEMENT,
- uri, flags)))
- return false;
+ uri, flags))) {
+ if (virGetLastErrorCode() == VIR_ERR_NO_DOMAIN_METADATA) {
+ virResetLastError();
+ data = g_strdup("");
+ } else {
+ return false;
+ }
+ }
vshPrint(ctl, "%s\n", data);
}
diff --git a/tools/virsh-network.c b/tools/virsh-network.c
index 6fcc7fd8ee..bcdb76ae36 100644
--- a/tools/virsh-network.c
+++ b/tools/virsh-network.c
@@ -604,8 +604,14 @@ cmdNetworkMetadata(vshControl *ctl, const vshCmd *cmd)
/* get */
if (!(data = virNetworkGetMetadata(net, VIR_NETWORK_METADATA_ELEMENT,
- uri, flags)))
- return false;
+ uri, flags))) {
+ if (virGetLastErrorCode() == VIR_ERR_NO_NETWORK_METADATA) {
+ virResetLastError();
+ data = g_strdup("");
+ } else {
+ return false;
+ }
+ }
vshPrint(ctl, "%s\n", data);
}
--
2.48.1
2 hours, 47 minutes
Re: [PATCH v8 55/55] docs: Add TDX documentation
by Daniel P. Berrangé
CC libvirt / Jiri, for confirmation about whether the CPUID restrictions
listed below will have any possible impact on libvirt CPUID handling...
On Tue, Apr 01, 2025 at 09:02:05AM -0400, Xiaoyao Li wrote:
> Add docs/system/i386/tdx.rst for TDX support, and add tdx in
> confidential-guest-support.rst
>
> Signed-off-by: Xiaoyao Li <xiaoyao.li(a)intel.com>
> ---
> Changes in v6:
> - Add more information of "Feature configuration"
> - Mark TD Attestation as future work because KVM now drops the support
> of it.
>
> Changes in v5:
> - Add TD attestation section and update the QEMU parameter;
>
> Changes since v1:
> - Add prerequisite of private gmem;
> - update example command to launch TD;
>
> Changes since RFC v4:
> - add the restriction that kernel-irqchip must be split
> ---
> docs/system/confidential-guest-support.rst | 1 +
> docs/system/i386/tdx.rst | 156 +++++++++++++++++++++
> docs/system/target-i386.rst | 1 +
> 3 files changed, 158 insertions(+)
> create mode 100644 docs/system/i386/tdx.rst
> +Feature Configuration
> +---------------------
> +
> +Unlike non-TDX VM, the CPU features (enumerated by CPU or MSR) of a TD are not
> +under full control of VMM. VMM can only configure part of features of a TD on
> +``KVM_TDX_INIT_VM`` command of VM scope ``MEMORY_ENCRYPT_OP`` ioctl.
> +
> +The configurable features have three types:
> +
> +- Attributes:
> + - PKS (bit 30) controls whether Supervisor Protection Keys is exposed to TD,
> + which determines related CPUID bit and CR4 bit;
> + - PERFMON (bit 63) controls whether PMU is exposed to TD.
> +
> +- XSAVE related features (XFAM):
> + XFAM is a 64b mask, which has the same format as XCR0 or IA32_XSS MSR. It
> + determines the set of extended features available for use by the guest TD.
> +
> +- CPUID features:
> + Only some bits of some CPUID leaves are directly configurable by VMM.
> +
> +What features can be configured is reported via TDX capabilities.
> +
> +TDX capabilities
> +~~~~~~~~~~~~~~~~
> +
> +The VM scope ``MEMORY_ENCRYPT_OP`` ioctl provides command ``KVM_TDX_CAPABILITIES``
> +to get the TDX capabilities from KVM. It returns a data structure of
> +``struct kvm_tdx_capabilities``, which tells the supported configuration of
> +attributes, XFAM and CPUIDs.
> +
> +TD attributes
> +~~~~~~~~~~~~~
> +
> +QEMU supports configuring raw 64-bit TD attributes directly via "attributes"
> +property of "tdx-guest" object. Note, it's users' responsibility to provide a
> +valid value because some bits may not supported by current QEMU or KVM yet.
> +
> +QEMU also supports the configuration of individual attribute bits that are
> +supported by it, via properties of "tdx-guest" object.
> +E.g., "sept-ve-disable" (bit 28).
> +
> +MSR based features
> +~~~~~~~~~~~~~~~~~~
> +
> +Current KVM doesn't support MSR based feature (e.g., MSR_IA32_ARCH_CAPABILITIES)
> +configuration for TDX, and it's a future work to enable it in QEMU when KVM adds
> +support of it.
> +
> +Feature check
> +~~~~~~~~~~~~~
> +
> +QEMU checks if the final (CPU) features, determined by given cpu model and
> +explicit feature adjustment of "+featureA/-featureB", can be supported or not.
> +It can produce feature not supported warning like
> +
> + "warning: host doesn't support requested feature: CPUID.07H:EBX.intel-pt [bit 25]"
> +
> +It can also produce warning like
> +
> + "warning: TDX forcibly sets the feature: CPUID.80000007H:EDX.invtsc [bit 8]"
> +
> +if the fixed-1 feature is requested to be disabled explicitly. This is newly
> +added to QEMU for TDX because TDX has fixed-1 features that are forcibly enabled
> +by TDX module and VMM cannot disable them.
This is where I'm wondering if libvirt has anything to be concerned
about. Possibly when libvirt queries the actual CPUID after launching
the guest it will just "do the right thing" ? Wondering if there's any
need for libvirt to be aware of CPUID restrictions before that point
though ?
> +
> +Launching a TD (TDX VM)
> +-----------------------
> +
> +To launch a TD, the necessary command line options are tdx-guest object and
> +split kernel-irqchip, as below:
> +
> +.. parsed-literal::
> +
> + |qemu_system_x86| \\
> + -object tdx-guest,id=tdx0 \\
> + -machine ...,kernel-irqchip=split,confidential-guest-support=tdx0 \\
> + -bios OVMF.fd \\
I don't think we need to show 'kernel-irqchip=split' now that we "do the
right thing" by default
This surely also ought to include '-accel kvm', as IIUC there's no
TCG support for TDX.
And presumably '-cpu host', since QEMU's default 'qemu64' CPU model
is likely a terrible match for what TDX will force set.
> +
> +Restrictions
> +------------
> +
> + - kernel-irqchip must be split;
Can append
"This is set by default for TDX guests if kernel-irqchip is left on
its default 'auto' setting."
> +
> + - No readonly support for private memory;
> +
> + - No SMM support: SMM support requires manipulating the guest register states
> + which is not allowed;
> +
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
5 hours, 45 minutes
[PATCH 0/4] Allow xml-configured coredump format on VM crash
by Nikolai Barybin
When libvirt processes VM crash event it always dumps core in raw
format.
This series makes it possible to configure dump format via domain xml.
This would be especcialy helpful for Windows guests, because it requires
a lot effort to convert raw dump into wingdb.
Nikolai Barybin (4):
conf: schemas: add coredump_format element to events section
src: conf: add parsing/formatting for 'coredump_format' value
qemu: use configurable dump format in doCoreDumpToAutoDumpPath()
docs: formatdomain: document 'coredump_format' element
docs/formatdomain.rst | 9 +++++
src/conf/domain_conf.c | 64 +++++++++++++++++++++++++++++++
src/conf/domain_conf.h | 2 +
src/conf/schemas/domaincommon.rng | 19 +++++++++
src/libvirt_private.syms | 2 +
src/qemu/qemu_driver.c | 2 +-
6 files changed, 97 insertions(+), 1 deletion(-)
--
2.43.5
7 hours, 17 minutes
[PATCH v2] meson: Add back prefix path for runstatedir
by Zhenzhong Duan
Currently libvirt favors /run instead of /var/run, but for local build
run test, a prefix path is still needed to avoid interoperating with OS
vendor provided binaries.
When 'system' option is specified, fixed path /run is honored.
Fixes: e5299ddf86121d3c792ca271ffcb54900eb19dc3
Signed-off-by: Zhenzhong Duan <zhenzhong.duan(a)intel.com>
---
v2: Take option `system` into consideration (Pavel)
meson.build | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/meson.build b/meson.build
index bf4a245dd3..2762236f37 100644
--- a/meson.build
+++ b/meson.build
@@ -62,11 +62,16 @@ if get_option('system')
endif
localstatedir = '/var'
sysconfdir = '/etc'
+ runstatedir = '/run'
else
prefix = get_option('prefix')
libdir = prefix / get_option('libdir')
localstatedir = prefix / get_option('localstatedir')
sysconfdir = prefix / get_option('sysconfdir')
+ runstatedir = get_option('runstatedir')
+ if runstatedir == ''
+ runstatedir = prefix / 'run'
+ endif
endif
# if --prefix is /usr, don't use /usr/var for localstatedir or /usr/etc for
@@ -80,11 +85,6 @@ if prefix == '/usr'
endif
endif
-runstatedir = get_option('runstatedir')
-if runstatedir == ''
- runstatedir = '/run'
-endif
-
initconfdir = get_option('initconfdir')
if initconfdir == ''
if (os_release.contains('alpine') or
--
2.34.1
8 hours, 13 minutes
[PATCH 0/6] qemu: Remove last HMP commands
by Peter Krempa
RIP HMP use in libvirt:
2007-02-14 [1] - 2025-04-02
[1] 23ad665cb05ef9ce7d298cc34bff5efb95ef6948
Peter Krempa (6):
qemu: domain: Don't check return value of 'virCPUDefCopy'
qemuSnapshotCreateActiveInternal: Fix error logic
qemu: snapshot: Always assume support for
QEMU_CAPS_SNAPSHOT_INTERNAL_QMP
qemu: Always revert internal snapshots via QMP rather than '-loadvm'
qemu: monitor: Remove HMP monitor code
qemu: capabilities: Retire QEMU_CAPS_SNAPSHOT_INTERNAL_QMP
po/POTFILES | 1 -
src/qemu/meson.build | 1 -
src/qemu/qemu_capabilities.c | 3 +-
src/qemu/qemu_capabilities.h | 2 +-
src/qemu/qemu_command.c | 6 --
src/qemu/qemu_domain.c | 7 +-
src/qemu/qemu_monitor.c | 25 ------
src/qemu/qemu_monitor.h | 3 -
src/qemu/qemu_monitor_text.c | 88 -------------------
src/qemu/qemu_monitor_text.h | 29 ------
src/qemu/qemu_process.c | 3 +-
src/qemu/qemu_snapshot.c | 49 ++---------
.../caps_10.0.0_s390x.xml | 1 -
.../caps_10.0.0_x86_64+amdsev.xml | 1 -
.../caps_10.0.0_x86_64.xml | 1 -
.../qemucapabilitiesdata/caps_6.2.0_ppc64.xml | 1 -
.../caps_6.2.0_x86_64.xml | 1 -
.../qemucapabilitiesdata/caps_7.0.0_ppc64.xml | 1 -
.../caps_7.0.0_x86_64.xml | 1 -
.../qemucapabilitiesdata/caps_7.1.0_ppc64.xml | 1 -
.../caps_7.1.0_x86_64.xml | 1 -
tests/qemucapabilitiesdata/caps_7.2.0_ppc.xml | 1 -
.../caps_7.2.0_x86_64+hvf.xml | 1 -
.../caps_7.2.0_x86_64.xml | 1 -
.../caps_8.0.0_x86_64.xml | 1 -
.../qemucapabilitiesdata/caps_8.1.0_s390x.xml | 1 -
.../caps_8.1.0_x86_64.xml | 1 -
.../caps_8.2.0_aarch64.xml | 1 -
.../caps_8.2.0_armv7l.xml | 1 -
.../caps_8.2.0_loongarch64.xml | 1 -
.../qemucapabilitiesdata/caps_8.2.0_s390x.xml | 1 -
.../caps_8.2.0_x86_64.xml | 1 -
.../qemucapabilitiesdata/caps_9.0.0_sparc.xml | 1 -
.../caps_9.0.0_x86_64.xml | 1 -
.../caps_9.1.0_riscv64.xml | 1 -
.../qemucapabilitiesdata/caps_9.1.0_s390x.xml | 1 -
.../caps_9.1.0_x86_64.xml | 1 -
.../caps_9.2.0_aarch64+hvf.xml | 1 -
.../qemucapabilitiesdata/caps_9.2.0_s390x.xml | 1 -
.../caps_9.2.0_x86_64+amdsev.xml | 1 -
.../caps_9.2.0_x86_64.xml | 1 -
41 files changed, 15 insertions(+), 231 deletions(-)
delete mode 100644 src/qemu/qemu_monitor_text.c
delete mode 100644 src/qemu/qemu_monitor_text.h
--
2.49.0
8 hours, 17 minutes
[PATCH] meson: Add back prefix path for runstatedir
by Zhenzhong Duan
Currently libvirt favors /run instead of /var/run, but for local build
run test, a prefix path is still needed to avoid interoperating with OS
vendor provided binaries.
Signed-off-by: Zhenzhong Duan <zhenzhong.duan(a)intel.com>
---
meson.build | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meson.build b/meson.build
index bf4a245dd3..84c9796c2f 100644
--- a/meson.build
+++ b/meson.build
@@ -82,7 +82,7 @@ endif
runstatedir = get_option('runstatedir')
if runstatedir == ''
- runstatedir = '/run'
+ runstatedir = prefix / 'run'
endif
initconfdir = get_option('initconfdir')
--
2.34.1
8 hours, 19 minutes
