June 2025 - Devel - libvirt List Archives

[PATCH v2 00/13] qemu: use 'usb-bot' device to properly emulate USB cdroms
by Peter Krempa 24 Jun '25

24 Jun '25

Version 2 of this series includes changes I've requested in the review and much more that I've learned during adaptation and testing: - 'usb-bot' and 'usb-storage' are not ABI compatible for CDROMs Migrating a guest from 'usb-bot'(with cdrom) to 'usb-storage' results in I/O errors on reads with linux guest. This required adding compatibility layer - exposing the model in -xml and corresponding post-parse and migratable XML config This patchset still tries as much as possible to use the 'usb-bot' device for cdroms to fix the definition - more tests - keeping of 'usb-storage' support - XML config and documentation - cleanup of the code The necessary logic is explained in the patches as comments. Akihiko Odaki (2): qemu_capabilities: Introduce QEMU_CAPS_DEVICE_USB_BOT qemu: Replace usb-storage with usb-bot Peter Krempa (11): qemuhotplugtest: Use VIR_DOMAIN_DEF_PARSE_ABI_UPDATE for virDomainDeviceDefParse qemuxmlconftest: Test various combinations of config qemusecuritytest: Use 'disk-usb-device' case instead of 'disk-cdrom-bus-other' qemuxmlconftest: Drop 'disk-cdrom-bus-other' qemuxmlconftest: Distribute testing of 'removable' disk property qemuxmlconftest: Invoke "disk-usb-device" case also without QEMU_CAPS_DEVICE_USB_BOT and with ABI_UPDATE conf: introduce usb disk models 'usb-storage' and 'usb-bot' qemu: Fill in model of 'usb' disks to preserve ABI compatibility qemuBuildDeviceAddresDriveProps: Prepare for 'drive' address for usb-bot disks qemu: monitor: Introduce 'qemuMonitorSetUSBDiskAttached' qemuxmlconftest: Prepare for proper testing in 'disk-cdrom-usb-empty' docs/formatdomain.rst | 23 +++- src/conf/domain_conf.c | 2 + src/conf/domain_conf.h | 3 + src/conf/schemas/domaincommon.rng | 2 + src/qemu/qemu_alias.c | 20 ++- src/qemu/qemu_capabilities.c | 7 +- src/qemu/qemu_capabilities.h | 3 + src/qemu/qemu_command.c | 101 ++++++++++++-- src/qemu/qemu_command.h | 5 + src/qemu/qemu_domain.c | 21 +++ src/qemu/qemu_domain_address.c | 2 + src/qemu/qemu_hotplug.c | 18 +++ src/qemu/qemu_monitor.c | 12 ++ src/qemu/qemu_monitor.h | 3 + src/qemu/qemu_monitor_json.c | 20 +++ src/qemu/qemu_monitor_json.h | 5 + src/qemu/qemu_postparse.c | 49 ++++++- src/qemu/qemu_postparse.h | 4 +- src/qemu/qemu_validate.c | 37 +++++- tests/qemublocktest.c | 13 +- .../caps_10.0.0_aarch64.xml | 1 + .../caps_10.0.0_ppc64.xml | 1 + .../caps_10.0.0_s390x.xml | 1 + .../caps_10.0.0_x86_64+amdsev.xml | 1 + .../caps_10.0.0_x86_64.xml | 1 + .../qemucapabilitiesdata/caps_6.2.0_ppc64.xml | 1 + .../caps_6.2.0_x86_64.xml | 1 + .../qemucapabilitiesdata/caps_7.0.0_ppc64.xml | 1 + .../caps_7.0.0_x86_64.xml | 1 + .../qemucapabilitiesdata/caps_7.1.0_ppc64.xml | 1 + .../caps_7.1.0_x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_7.2.0_ppc.xml | 1 + .../caps_7.2.0_x86_64+hvf.xml | 1 + .../caps_7.2.0_x86_64.xml | 1 + .../caps_8.0.0_x86_64.xml | 1 + .../qemucapabilitiesdata/caps_8.1.0_s390x.xml | 1 + .../caps_8.1.0_x86_64.xml | 1 + .../caps_8.2.0_aarch64.xml | 1 + .../caps_8.2.0_armv7l.xml | 1 + .../caps_8.2.0_loongarch64.xml | 1 + .../qemucapabilitiesdata/caps_8.2.0_s390x.xml | 1 + .../caps_8.2.0_x86_64.xml | 1 + .../caps_9.0.0_x86_64.xml | 1 + .../caps_9.1.0_riscv64.xml | 1 + .../qemucapabilitiesdata/caps_9.1.0_s390x.xml | 1 + .../caps_9.1.0_x86_64.xml | 1 + .../caps_9.2.0_aarch64+hvf.xml | 1 + .../qemucapabilitiesdata/caps_9.2.0_s390x.xml | 1 + .../caps_9.2.0_x86_64+amdsev.xml | 1 + .../caps_9.2.0_x86_64.xml | 1 + tests/qemuhotplugtest.c | 8 +- .../qemuhotplug-base-live+cdrom-usb.xml | 2 +- .../qemuhotplug-base-live+disk-usb.xml | 2 +- tests/qemusecuritytest.c | 2 +- .../disk-cache.x86_64-latest.xml | 2 +- .../qemuxmlconfdata/disk-cdrom-bus-other.xml | 30 ----- ...m-usb-empty.x86_64-latest.abi-update.args} | 4 +- ...om-usb-empty.x86_64-latest.abi-update.xml} | 6 +- .../disk-device-removable.x86_64-latest.args | 40 ------ .../qemuxmlconfdata/disk-device-removable.xml | 32 ----- .../disk-scsi.x86_64-latest.args | 2 +- tests/qemuxmlconfdata/disk-scsi.xml | 2 +- .../disk-usb-device-model.x86_64-latest.args | 48 +++++++ ...> disk-usb-device-model.x86_64-latest.xml} | 46 ++++--- .../qemuxmlconfdata/disk-usb-device-model.xml | 46 +++++++ ...est.QEMU_CAPS_DEVICE_USB_BOT-disabled.args | 59 +++++++++ ...test.QEMU_CAPS_DEVICE_USB_BOT-disabled.xml | 107 +++++++++++++++ ...ate.QEMU_CAPS_DEVICE_USB_BOT-disabled.args | 59 +++++++++ ...date.QEMU_CAPS_DEVICE_USB_BOT-disabled.xml | 125 ++++++++++++++++++ ...k-usb-device.x86_64-latest.abi-update.args | 63 +++++++++ ...sk-usb-device.x86_64-latest.abi-update.xml | 125 ++++++++++++++++++ .../disk-usb-device.x86_64-latest.args | 30 ++++- .../disk-usb-device.x86_64-latest.xml | 82 ++++++++++-- tests/qemuxmlconfdata/disk-usb-device.xml | 66 ++++++++- tests/qemuxmlconftest.c | 16 ++- 75 files changed, 1197 insertions(+), 187 deletions(-) delete mode 100644 tests/qemuxmlconfdata/disk-cdrom-bus-other.xml rename tests/qemuxmlconfdata/{disk-cdrom-bus-other.x86_64-latest.args => disk-cdrom-usb-empty.x86_64-latest.abi-update.args} (84%) rename tests/qemuxmlconfdata/{disk-cdrom-bus-other.x86_64-latest.xml => disk-cdrom-usb-empty.x86_64-latest.abi-update.xml} (89%) delete mode 100644 tests/qemuxmlconfdata/disk-device-removable.x86_64-latest.args delete mode 100644 tests/qemuxmlconfdata/disk-device-removable.xml create mode 100644 tests/qemuxmlconfdata/disk-usb-device-model.x86_64-latest.args rename tests/qemuxmlconfdata/{disk-device-removable.x86_64-latest.xml => disk-usb-device-model.x86_64-latest.xml} (56%) create mode 100644 tests/qemuxmlconfdata/disk-usb-device-model.xml create mode 100644 tests/qemuxmlconfdata/disk-usb-device.x86_64-latest.QEMU_CAPS_DEVICE_USB_BOT-disabled.args create mode 100644 tests/qemuxmlconfdata/disk-usb-device.x86_64-latest.QEMU_CAPS_DEVICE_USB_BOT-disabled.xml create mode 100644 tests/qemuxmlconfdata/disk-usb-device.x86_64-latest.abi-update.QEMU_CAPS_DEVICE_USB_BOT-disabled.args create mode 100644 tests/qemuxmlconfdata/disk-usb-device.x86_64-latest.abi-update.QEMU_CAPS_DEVICE_USB_BOT-disabled.xml create mode 100644 tests/qemuxmlconfdata/disk-usb-device.x86_64-latest.abi-update.args create mode 100644 tests/qemuxmlconfdata/disk-usb-device.x86_64-latest.abi-update.xml -- 2.49.0

3 31

[PATCH v2] util: workaround libxml2 lack of thread safe initialization
by Daniel P. Berrangé 24 Jun '25

24 Jun '25

From: Daniel P. Berrangé <berrange(a)redhat.com> The main XML parser code global initializer historically had a mutex protecting it, and more recently uses a pthread_once. The RelaxNG code, however, relies on two other global initializers that are not thread safe, just relying on setting an integer "initialized" flag. Calling the relevant initializers from libvirt in a protected global initializer will protect libvirt's own concurrent usage, however, it cannot protect against other libraries loaded in process that might be using libxml2's schema code. Fortunately: * The chances of other loaded non-libvirt code using libxml is relatively low * The chances of other loaded non-libvirt code using the schema validation / catalog functionality inside libxml is even lower * The chances of both libvirt and the non-libvirt usage having their *1st* usage of libxml2 be concurrent is tiny IOW, in practice, although our solution doesn't fully fix the thread safety, it is good enough. libxml2 should none the less still be fixed to make its global initializers be thread safe without special actions by its API consumers[1]. Resolves: https://gitlab.com/libvirt/libvirt/-/issues/788 [1] https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/326 Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- Changed in v3: - Drop xmlInitializeCatalog - I misread the code wrt thread safety - it has a sufficiently protective mutex - Cope with return type change for xmlSchemaInitTypes in libxml >= 2.11.0 src/util/virxml.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/src/util/virxml.c b/src/util/virxml.c index 9d46e5f32f..c851d6f407 100644 --- a/src/util/virxml.c +++ b/src/util/virxml.c @@ -26,6 +26,8 @@ #include <libxml/xmlsave.h> #include <libxml/xpathInternals.h> +#include <libxml/xmlschemastypes.h> +#include <libxml/catalog.h> #include "virerror.h" #include "virxml.h" @@ -35,6 +37,7 @@ #include "virstring.h" #include "virutil.h" #include "viruuid.h" +#include "virthread.h" #include "configmake.h" #define VIR_FROM_THIS VIR_FROM_XML @@ -50,6 +53,28 @@ struct virParserData { }; +static int +virXMLSchemaOnceInit(void) +{ +#if LIBXML_VERSION >= 21100 + if (xmlSchemaInitTypes() < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Unable to initialize libxml2 schema types")); + return -1; + } +#else + xmlSchemaInitTypes(); +#endif + if (xmlRelaxNGInitTypes() < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Unable to initialize libxml2 RelaxNG data")); + return -1; + } + return 0; +} + +VIR_ONCE_GLOBAL_INIT(virXMLSchema); + static xmlXPathContextPtr virXMLXPathContextNew(xmlDocPtr xml) { @@ -1603,6 +1628,9 @@ virXMLValidatorInit(const char *schemafile) { g_autoptr(virXMLValidator) validator = NULL; + if (virXMLSchemaInitialize() < 0) + return NULL; + validator = g_new0(virXMLValidator, 1); validator->schemafile = g_strdup(schemafile); -- 2.49.0

2 1

Re: virsh migrate fails when --copy-storage-all option is given!
by Anushree Mathur 24 Jun '25

24 Jun '25

CC: libvirt devel list Hi Kevin/Peter, Thank you so much for addressing this issue. I tried out few more things and here is my analysis: Even when I removed the readonly option from guest xml I was still seeing the issue in migration,In the qemu-commandline I could still see auto-read-only option being set as true by default. Then I tried giving the auto-read-only as false in the guest xml with qemu-commandline param, it was actually getting set to false and the migration worked! Steps I tried: 1) Started the guest with adding the snippet in the guest xml with parameters as: <qemu:commandline> <qemu:arg value='-blockdev'/> <qemu:arg value='driver=file,filename=/disk_nfs/nfs/migrate_root.qcow2,node-name=drivefile,auto-read-only=false'/> <qemu:arg value='-blockdev'/> <qemu:arg value='driver=qcow2,file=drivefile,node-name=drive0'/> <qemu:arg value='-device'/> <qemu:arg value='virtio-blk-pci,drive=drive0,id=virtio-disk0,bus=pci.0,addr=0x5'/> </qemu:commandline> 2) Started the migration and it worked. Could anyone please clarify from libvirt side what is the change required? Thanks, Anushree-Mathur On 04/06/25 6:57 PM, Peter Krempa wrote: > On Wed, Jun 04, 2025 at 14:41:54 +0200, Kevin Wolf wrote: >> Am 28.05.2025 um 17:34 hat Peter Xu geschrieben: >>> Copy Kevin. >>> >>> On Wed, May 28, 2025 at 07:21:12PM +0530, Anushree Mathur wrote: >>>> Hi all, >>>> >>>> >>>> When I am trying to migrate the guest from host1 to host2 with the command >>>> line as follows: >>>> >>>> date;virsh migrate --live --domain guest1 qemu+ssh://dest/system --verbose >>>> --undefinesource --persistent --auto-converge --postcopy >>>> --copy-storage-all;date >>>> >>>> and it fails with the following error message- >>>> >>>> error: internal error: unable to execute QEMU command 'block-export-add': >>>> Block node is read-only >>>> >>>> HOST ENV: >>>> >>>> qemu : QEMU emulator version 9.2.2 >>>> libvirt : libvirtd (libvirt) 11.1.0 >>>> Seen with upstream qemu also >>>> >>>> Steps to reproduce: >>>> 1) Start the guest1 >>>> 2) Migrate it with the command as >>>> >>>> date;virsh migrate --live --domain guest1 qemu+ssh://dest/system --verbose >>>> --undefinesource --persistent --auto-converge --postcopy >>>> --copy-storage-all;date >>>> >>>> 3) It fails as follows: >>>> error: internal error: unable to execute QEMU command 'block-export-add': >>>> Block node is read-only >> I assume this is about an inactive block node. Probably on the >> destination, but that's not clear to me from the error message. > Yes this would be on the destination. Libvirt exports the nodes on > destination, source connects and does the blockjob. > > The destination side is configured the same way as the source side so > if the source disk is configured as read-write the destination should be > as well > >>>> Things I analyzed- >>>> 1) This issue is not happening if I give --unsafe option in the virsh >>>> migrate command > This is weird; this shouldn't have any impact. > >> What does this translate to on the QEMU command line? >> >>>> 2) O/P of qemu-monitor command also shows ro as false >>>> >>>> virsh qemu-monitor-command guest1 --pretty --cmd '{ "execute": "query-block" > it'd be impossible to execute this on the guest due to timing; you'll > need to collect libvirt debug logs to do that: > > https://www.libvirt.org/kbase/debuglogs.html#tl-dr-enable-debug-logs-for-mo… > > I also thing this should be eventually filed in a > >>>> }' >>>> { >>>> "return": [ >>>> { >>>> "io-status": "ok", >>>> "device": "", >>>> "locked": false, >>>> "removable": false, >>>> "inserted": { >>>> "iops_rd": 0, >>>> "detect_zeroes": "off", >>>> "image": { >>>> "virtual-size": 21474836480, >>>> "filename": "/home/Anu/guest_anu.qcow2", >>>> "cluster-size": 65536, >>>> "format": "qcow2", >>>> "actual-size": 5226561536, >>>> "format-specific": { >>>> "type": "qcow2", >>>> "data": { >>>> "compat": "1.1", >>>> "compression-type": "zlib", >>>> "lazy-refcounts": false, >>>> "refcount-bits": 16, >>>> "corrupt": false, >>>> "extended-l2": false >>>> } >>>> }, >>>> "dirty-flag": false >>>> }, >>>> "iops_wr": 0, >>>> "ro": false, >>>> "node-name": "libvirt-1-format", >>>> "backing_file_depth": 0, >>>> "drv": "qcow2", >>>> "iops": 0, >>>> "bps_wr": 0, >>>> "write_threshold": 0, >>>> "encrypted": false, >>>> "bps": 0, >>>> "bps_rd": 0, >>>> "cache": { >>>> "no-flush": false, >>>> "direct": false, >>>> "writeback": true >>>> }, >>>> "file": "/home/Anu/guest_anu.qcow2" >>>> }, >>>> "qdev": "/machine/peripheral/virtio-disk0/virtio-backend", >>>> "type": "unknown" >>>> } >>>> ], >>>> "id": "libvirt-26" >>>> } >> I assume this is still from the source where the image is still active. > Yes; on the destination the process wouldn't be around long enough to > call 'virsh qemu-monitor-command' > >> Also it doesn't contain the "active" field yet that was recently >> introduced, which could show something about this. I believe you would >> still get "read-only": false for an inactive image if it's supposed to >> be read-write after the migration completes. >> >>>> 3) Guest doesn't have any readonly >>>> >>>> virsh dumpxml guest1 | grep readonly >>>> >>>> 4) Tried giving the proper permissions also >>>> >>>> -rwxrwxrwx. 1 qemu qemu 4.9G Apr 28 15:06 guest_anu.qcow > Is this on the destination? did you pre-create it yourself? otherwise > libvirt is pre-creating that image for-non-shared-storage migration > (--copy-storage-all) which should have proper permissions when it's > created > >>>> 5) Checked for the permission of the pool also that is also proper! >>>> >>>> 6) Found 1 older bug similar to this, pasting the link for reference: >>>> >>>> >>>> https://patchwork.kernel.org/project/qemu-devel/patch/20170811164854.GG4162… >> What's happening in detail is more of a virsh/libvirt question. CCing >> Peter Krempa, he might have an idea. > Please collect the debug log; at least from the destination side of > migration. That should show how the VM is prepared and qemu invoked. >

2 1

[libvirt PATCH v2 REBASED 0/7] qemu: introduce amd-iommu support
by Ján Tomko 24 Jun '25

24 Jun '25

Ján Tomko (7): qemu: introduce QEMU_CAPS_AMD_IOMMU qemu: introduce QEMU_CAPS_PCI_ID qemu: add IOMMU model amd docs: formatdomain: document intel-only IOMMU attributes conf: add passthrough and xtsup attributes for IOMMU conf: reject some attributes not applicable to intel IOMMU qemu: format pt and xstup on the command line docs/formatdomain.rst | 22 +++- src/conf/domain_conf.c | 31 +++++ src/conf/domain_conf.h | 3 + src/conf/domain_validate.c | 22 ++++ src/conf/schemas/domaincommon.rng | 11 ++ src/qemu/qemu_capabilities.c | 12 ++ src/qemu/qemu_capabilities.h | 4 + src/qemu/qemu_command.c | 30 +++++ src/qemu/qemu_domain_address.c | 4 + src/qemu/qemu_validate.c | 22 ++++ .../caps_10.0.0_x86_64+amdsev.replies | 102 +++++++++++------ .../caps_10.0.0_x86_64+amdsev.xml | 1 + .../caps_10.0.0_x86_64.replies | 106 ++++++++++++------ .../caps_10.0.0_x86_64.xml | 2 + .../caps_6.2.0_x86_64.replies | 102 +++++++++++------ .../caps_6.2.0_x86_64.xml | 1 + .../caps_7.0.0_x86_64.replies | 80 +++++++------ .../caps_7.0.0_x86_64.xml | 1 + .../caps_7.1.0_x86_64.replies | 102 +++++++++++------ .../caps_7.1.0_x86_64.xml | 1 + .../caps_7.2.0_x86_64+hvf.replies | 102 +++++++++++------ .../caps_7.2.0_x86_64+hvf.xml | 1 + .../caps_7.2.0_x86_64.replies | 102 +++++++++++------ .../caps_7.2.0_x86_64.xml | 1 + .../caps_8.0.0_x86_64.replies | 80 +++++++------ .../caps_8.0.0_x86_64.xml | 1 + .../caps_8.1.0_x86_64.replies | 102 +++++++++++------ .../caps_8.1.0_x86_64.xml | 1 + .../caps_8.2.0_x86_64.replies | 102 +++++++++++------ .../caps_8.2.0_x86_64.xml | 1 + .../caps_9.0.0_x86_64.replies | 80 +++++++------ .../caps_9.0.0_x86_64.xml | 1 + .../caps_9.1.0_x86_64.replies | 102 +++++++++++------ .../caps_9.1.0_x86_64.xml | 1 + .../caps_9.2.0_x86_64+amdsev.replies | 102 +++++++++++------ .../caps_9.2.0_x86_64+amdsev.xml | 1 + .../caps_9.2.0_x86_64.replies | 102 +++++++++++------ .../caps_9.2.0_x86_64.xml | 1 + .../amd-iommu.x86_64-latest.args | 35 ++++++ .../amd-iommu.x86_64-latest.xml | 1 + tests/qemuxmlconfdata/amd-iommu.xml | 39 +++++++ tests/qemuxmlconftest.c | 2 + 42 files changed, 1165 insertions(+), 454 deletions(-) create mode 100644 tests/qemuxmlconfdata/amd-iommu.x86_64-latest.args create mode 120000 tests/qemuxmlconfdata/amd-iommu.x86_64-latest.xml create mode 100644 tests/qemuxmlconfdata/amd-iommu.xml -- 2.49.0

2 14

[PATCH] util: workaround libxml2 lack of thread safe initialization
by Daniel P. Berrangé 23 Jun '25

23 Jun '25

From: Daniel P. Berrangé <berrange(a)redhat.com> The main XML parser code global initializer historically had a mutex protecting it, and more recently uses a pthread_once. The RelaxNG code, however, relies on three other global initializers that are not thread safe, just relying on setting an integer "initialized" flag. Calling the relevant initializers from libvirt in a protected global initializer will protect libvirt's own concurrent usage, however, it cannot protect against other libraries loaded in process that might be using libxml2's schema code. Fortunately: * The chances of other loaded non-libvirt code using libxml is relatively low * The chances of other loaded non-libvirt code using the schema validation / catalog functionality inside libxml is even lower * The chances of both libvirt and the non-libvirt usage having their *1st* usage of libxml2 be concurrent is tiny IOW, in practice, although our solution doesn't fully fix the thread safety, it is good enough. libxml2 should none the less still be fixed to make its global initializers be thread safe without special actions by its API consumers. Resolves: https://gitlab.com/libvirt/libvirt/-/issues/788 Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- src/util/virxml.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/src/util/virxml.c b/src/util/virxml.c index 9d46e5f32f..c2d5a109dc 100644 --- a/src/util/virxml.c +++ b/src/util/virxml.c @@ -26,6 +26,8 @@ #include <libxml/xmlsave.h> #include <libxml/xpathInternals.h> +#include <libxml/xmlschemastypes.h> +#include <libxml/catalog.h> #include "virerror.h" #include "virxml.h" @@ -35,6 +37,7 @@ #include "virstring.h" #include "virutil.h" #include "viruuid.h" +#include "virthread.h" #include "configmake.h" #define VIR_FROM_THIS VIR_FROM_XML @@ -50,6 +53,25 @@ struct virParserData { }; +static int virXMLSchemaOnceInit(void) +{ + if (xmlSchemaInitTypes() < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Unable to initialize libxml2 schema types")); + return -1; + } + if (xmlRelaxNGInitTypes() < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Unable to initialize libxml2 RelaxNG data")); + return -1; + } + /* No return value, it just ignores errors :-( */ + xmlInitializeCatalog(); + return 0; +} + +VIR_ONCE_GLOBAL_INIT(virXMLSchema); + static xmlXPathContextPtr virXMLXPathContextNew(xmlDocPtr xml) { @@ -1603,6 +1625,9 @@ virXMLValidatorInit(const char *schemafile) { g_autoptr(virXMLValidator) validator = NULL; + if (virXMLSchemaInitialize() < 0) + return NULL; + validator = g_new0(virXMLValidator, 1); validator->schemafile = g_strdup(schemafile); -- 2.49.0

2 3

[PATCH] NEWS: mention console type in domain capabilities
by Roman Bogorodskiy 20 Jun '25

20 Jun '25

Signed-off-by: Roman Bogorodskiy <bogorodskiy(a)gmail.com> --- NEWS.rst | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/NEWS.rst b/NEWS.rst index 7d7df72a50..184df16547 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -47,6 +47,17 @@ v11.5.0 (unreleased) * **Improvements** + * Include supported console types in domain capabilities + + Domain capabilities now include information about supported console types, such as:: + + <console supported='yes'> + <enum name='type'> + <value>pty</value> + <value>tcp</value> + </enum> + </console> + * **Bug fixes** -- 2.49.0

2 1

[PATCH] qemu: Remove redundant kvm group config in sysusers.d
by fossdd 20 Jun '25

20 Jun '25

It's already defined by default in systemd: https://github.com/systemd/systemd/blob/v257.6/sysusers.d/basic.conf.in#L32 Adding it again here in libvirt-qemu.sysusers.conf causes the following warning by validating it with sd-sysuers: /usr/lib/sysusers.d/libvirt-qemu.conf:1: Conflict with earlier configuration for group 'kvm' in /usr/lib/sysusers.d/basic.conf:32, ignoring line. I don't know if the GID is important, but from simple grepping around it doesn't seem that way. Signed-off-by: fossdd <fossdd(a)pwned.life> --- src/qemu/libvirt-qemu.sysusers.conf | 1 - 1 file changed, 1 deletion(-) diff --git a/src/qemu/libvirt-qemu.sysusers.conf b/src/qemu/libvirt-qemu.sysusers.conf index 3189191e73..05c35f94d8 100644 --- a/src/qemu/libvirt-qemu.sysusers.conf +++ b/src/qemu/libvirt-qemu.sysusers.conf @@ -1,4 +1,3 @@ -g kvm 36 g qemu 107 u qemu 107:qemu "qemu user" - - m qemu kvm -- 2.50.0

1 0

[PATCH 0/2] qemu: prefer GICv3 on TCG ARM VMs
by Heinrich Schuchardt 19 Jun '25

19 Jun '25

Emulating ARM machines with more than 8 CPUs requires GICv3. Currently libvirt defaults to GICv2 on TCG emulated VMs. This due to a deficiency existing in QEMU in 2017. There are no issues running virtual machine with <features> <gic version='3'/> </features> using current QEMU. Heinrich Schuchardt (2): tests: use virt-6.2 for aarch64 TCG qemu: prefer GICv3 on TCG ARM VMs src/qemu/qemu_postparse.c | 14 ------- ...fault-cpu-tcg-virt-4.2.aarch64-latest.args | 36 ---------------- ...efault-cpu-tcg-virt-4.2.aarch64-latest.xml | 42 ------------------- .../aarch64-default-cpu-tcg-virt-4.2.xml | 20 --------- ...fault-cpu-tcg-virt-6.2.aarch64-latest.args | 36 ++++++++++++++++ ...efault-cpu-tcg-virt-6.2.aarch64-latest.xml | 42 +++++++++++++++++++ .../aarch64-default-cpu-tcg-virt-6.2.xml | 20 +++++++++ .../aarch64-gic-none-tcg.aarch64-latest.args | 2 +- .../aarch64-gic-none-tcg.aarch64-latest.xml | 2 +- .../aarch64-pci-serial.aarch64-latest.args | 2 +- .../aarch64-pci-serial.aarch64-latest.xml | 2 +- ...arch64-traditional-pci.aarch64-latest.args | 2 +- ...aarch64-traditional-pci.aarch64-latest.xml | 2 +- ...aarch64-usb-controller.aarch64-latest.args | 2 +- .../aarch64-usb-controller.aarch64-latest.xml | 2 +- .../aarch64-video-default.aarch64-latest.args | 2 +- .../aarch64-video-default.aarch64-latest.xml | 2 +- ...4-video-virtio-gpu-pci.aarch64-latest.args | 2 +- ...64-video-virtio-gpu-pci.aarch64-latest.xml | 2 +- ...ault-models.aarch64-latest.abi-update.args | 2 +- ...fault-models.aarch64-latest.abi-update.xml | 2 +- ...64-virt-default-models.aarch64-latest.args | 2 +- ...h64-virt-default-models.aarch64-latest.xml | 2 +- ...rch64-virt-default-nic.aarch64-latest.args | 2 +- ...arch64-virt-default-nic.aarch64-latest.xml | 2 +- .../aarch64-virt-graphics.aarch64-latest.args | 2 +- .../aarch64-virt-graphics.aarch64-latest.xml | 2 +- ...h64-virt-headless-mmio.aarch64-latest.args | 2 +- ...ch64-virt-headless-mmio.aarch64-latest.xml | 2 +- .../aarch64-virt-headless.aarch64-latest.args | 2 +- .../aarch64-virt-headless.aarch64-latest.xml | 2 +- ...irt-minimal.aarch64-latest.abi-update.args | 2 +- ...virt-minimal.aarch64-latest.abi-update.xml | 2 +- .../aarch64-virt-minimal.aarch64-latest.args | 2 +- .../aarch64-virt-minimal.aarch64-latest.xml | 2 +- .../aarch64-virt-virtio.aarch64-latest.args | 2 +- .../aarch64-virt-virtio.aarch64-latest.xml | 2 +- ...o-pci-manual-addresses.aarch64-latest.args | 2 +- ...io-pci-manual-addresses.aarch64-latest.xml | 2 +- .../balloon-mmio-deflate.aarch64-latest.args | 2 +- .../balloon-mmio-deflate.aarch64-latest.xml | 2 +- .../cpu-topology5.aarch64-latest.args | 2 +- .../cpu-topology5.aarch64-latest.xml | 2 +- ...efi-aarch64.aarch64-latest.abi-update.args | 2 +- ...-efi-aarch64.aarch64-latest.abi-update.xml | 2 +- ...mware-auto-efi-aarch64.aarch64-latest.args | 2 +- ...rmware-auto-efi-aarch64.aarch64-latest.xml | 2 +- ...-loader-raw.aarch64-latest.abi-update.args | 2 +- ...t-loader-raw.aarch64-latest.abi-update.xml | 2 +- ...-efi-format-loader-raw.aarch64-latest.args | 2 +- ...o-efi-format-loader-raw.aarch64-latest.xml | 2 +- ...i-aarch64-legacy-paths.aarch64-latest.args | 2 +- ...fi-aarch64-legacy-paths.aarch64-latest.xml | 2 +- ...anual-efi-acpi-aarch64.aarch64-latest.args | 2 +- ...manual-efi-acpi-aarch64.aarch64-latest.xml | 2 +- ...ual-efi-noacpi-aarch64.aarch64-latest.args | 2 +- ...nual-efi-noacpi-aarch64.aarch64-latest.xml | 2 +- ...l-noefi-noacpi-aarch64.aarch64-latest.args | 2 +- ...al-noefi-noacpi-aarch64.aarch64-latest.xml | 2 +- .../iommu-smmuv3.aarch64-latest.args | 2 +- .../iommu-smmuv3.aarch64-latest.xml | 2 +- ...ch-virt-console-native.aarch64-latest.args | 2 +- ...ach-virt-console-native.aarch64-latest.xml | 2 +- ...ch-virt-console-virtio.aarch64-latest.args | 2 +- ...ach-virt-console-virtio.aarch64-latest.xml | 2 +- ...-serial+console-native.aarch64-latest.args | 2 +- ...t-serial+console-native.aarch64-latest.xml | 2 +- ...ach-virt-serial-compat.aarch64-latest.args | 2 +- ...mach-virt-serial-compat.aarch64-latest.xml | 2 +- ...ach-virt-serial-native.aarch64-latest.args | 2 +- ...mach-virt-serial-native.aarch64-latest.xml | 2 +- .../mach-virt-serial-pci.aarch64-latest.args | 2 +- .../mach-virt-serial-pci.aarch64-latest.xml | 2 +- .../mach-virt-serial-usb.aarch64-latest.args | 2 +- .../mach-virt-serial-usb.aarch64-latest.xml | 2 +- ...e-expander-bus-aarch64.aarch64-latest.args | 2 +- ...ie-expander-bus-aarch64.aarch64-latest.xml | 2 +- .../pcihole64-virt.aarch64-latest.args | 2 +- .../pcihole64-virt.aarch64-latest.xml | 2 +- .../pvpanic-pci-aarch64.aarch64-latest.args | 2 +- .../pvpanic-pci-aarch64.aarch64-latest.xml | 2 +- ...pci-no-address-aarch64.aarch64-latest.args | 2 +- ...-pci-no-address-aarch64.aarch64-latest.xml | 2 +- .../virtio-iommu-aarch64.aarch64-latest.args | 2 +- .../virtio-iommu-aarch64.aarch64-latest.xml | 2 +- tests/qemuxmlconftest.c | 2 +- 86 files changed, 177 insertions(+), 191 deletions(-) delete mode 100644 tests/qemuxmlconfdata/aarch64-default-cpu-tcg-virt-4.2.aarch64-latest.args delete mode 100644 tests/qemuxmlconfdata/aarch64-default-cpu-tcg-virt-4.2.aarch64-latest.xml delete mode 100644 tests/qemuxmlconfdata/aarch64-default-cpu-tcg-virt-4.2.xml create mode 100644 tests/qemuxmlconfdata/aarch64-default-cpu-tcg-virt-6.2.aarch64-latest.args create mode 100644 tests/qemuxmlconfdata/aarch64-default-cpu-tcg-virt-6.2.aarch64-latest.xml create mode 100644 tests/qemuxmlconfdata/aarch64-default-cpu-tcg-virt-6.2.xml -- 2.48.1

1 4

[PATCH] cpu_map: Add more -noTSX x86 CPU models (Sapphire and Granite rapids)
by Hector Cao 18 Jun '25

18 Jun '25

Several Intel CPU models with TSX technology (HLE & RTM features) are affected by the vulnerability TAA[1]. One of the mitigation methods for TAA is to disable TSX support on the host system. For that purpose, in 2021, Intel published a microcode update to disable TSX. Linux kernel also disables TSX globally by default. Even though TSX can be activated via the kernel command line (tsx=on), many Linux distributions stick with this default behavior and have TSX disabled. This makes existing CPU models that have HLE and RTM enabled not correctly detected by libvirt. This commit adds 2 remaining -noTSX models: - SapphireRapids-noTSX - GraniteRapids-noTSX Hopefully, this is the last effort on adding noTSX variants since Granite Rapids should be the last CPU model to have the TSX feature and is consequently affected by TAA. Indeed, SierraForest does not have RTM and HLE enabled. References: [1] TAA, TSX asynchronous Abort: https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/tsx_async_abort.… --- src/cpu_map/index.xml | 2 + src/cpu_map/meson.build | 2 + src/cpu_map/x86_GraniteRapids-noTSX.xml | 197 +++++++++++++++++++++++ src/cpu_map/x86_SapphireRapids-noTSX.xml | 190 ++++++++++++++++++++++ 4 files changed, 391 insertions(+) create mode 100644 src/cpu_map/x86_GraniteRapids-noTSX.xml create mode 100644 src/cpu_map/x86_SapphireRapids-noTSX.xml diff --git a/src/cpu_map/index.xml b/src/cpu_map/index.xml index 87db338cee..03a2c73ba5 100644 --- a/src/cpu_map/index.xml +++ b/src/cpu_map/index.xml @@ -116,10 +116,12 @@ <include filename='x86_Snowridge-v3.xml'/> <include filename='x86_Snowridge-v4.xml'/> <include filename='x86_SapphireRapids.xml'/> + <include filename='x86_SapphireRapids-noTSX.xml'/> <include filename='x86_SapphireRapids-v1.xml'/> <include filename='x86_SapphireRapids-v2.xml'/> <include filename='x86_SapphireRapids-v3.xml'/> <include filename='x86_GraniteRapids.xml'/> + <include filename='x86_GraniteRapids-noTSX.xml'/> <include filename='x86_GraniteRapids-v1.xml'/> <include filename='x86_GraniteRapids-v2.xml'/> <include filename='x86_SierraForest.xml'/> diff --git a/src/cpu_map/meson.build b/src/cpu_map/meson.build index dee8441a13..414cad7352 100644 --- a/src/cpu_map/meson.build +++ b/src/cpu_map/meson.build @@ -80,6 +80,7 @@ cpumap_data = [ 'x86_features.xml', 'x86_GraniteRapids-v1.xml', 'x86_GraniteRapids-v2.xml', + 'x86_GraniteRapids-noTSX.xml', 'x86_GraniteRapids.xml', 'x86_Haswell-IBRS.xml', 'x86_Haswell-noTSX-IBRS.xml', @@ -148,6 +149,7 @@ cpumap_data = [ 'x86_SapphireRapids-v1.xml', 'x86_SapphireRapids-v2.xml', 'x86_SapphireRapids-v3.xml', + 'x86_SapphireRapids-noTSX.xml', 'x86_SapphireRapids.xml', 'x86_SierraForest-v1.xml', 'x86_SierraForest.xml', diff --git a/src/cpu_map/x86_GraniteRapids-noTSX.xml b/src/cpu_map/x86_GraniteRapids-noTSX.xml new file mode 100644 index 0000000000..085b012f83 --- /dev/null +++ b/src/cpu_map/x86_GraniteRapids-noTSX.xml @@ -0,0 +1,197 @@ +<cpus> + <model name='GraniteRapids-noTSX'> + <check partial='compat'/> + <decode host='on' guest='off'/> + <signature family='6' model='173'/> + <vendor name='Intel'/> + <feature name='3dnowprefetch'/> + <feature name='abm'/> + <feature name='adx'/> + <feature name='aes'/> + <feature name='amx-bf16'/> + <feature name='amx-fp16'/> + <feature name='amx-int8'/> + <feature name='amx-tile'/> + <feature name='apic'/> + <feature name='arat'/> + <feature name='arch-capabilities'/> + <feature name='avx'/> + <feature name='avx-vnni'/> + <feature name='avx2'/> + <feature name='avx512-bf16'/> + <feature name='avx512-fp16'/> + <feature name='avx512-vpopcntdq'/> + <feature name='avx512bitalg'/> + <feature name='avx512bw'/> + <feature name='avx512cd'/> + <feature name='avx512dq'/> + <feature name='avx512f'/> + <feature name='avx512ifma'/> + <feature name='avx512vbmi'/> + <feature name='avx512vbmi2'/> + <feature name='avx512vl'/> + <feature name='avx512vnni'/> + <feature name='bmi1'/> + <feature name='bmi2'/> + <feature name='bus-lock-detect'/> + <feature name='clflush'/> + <feature name='clflushopt'/> + <feature name='clwb'/> + <feature name='cmov'/> + <feature name='cx16'/> + <feature name='cx8'/> + <feature name='de'/> + <feature name='erms'/> + <feature name='f16c'/> + <feature name='fbsdp-no'/> + <feature name='fma'/> + <feature name='fpu'/> + <feature name='fsgsbase'/> + <feature name='fsrc'/> + <feature name='fsrm'/> + <feature name='fsrs'/> + <feature name='fxsr'/> + <feature name='fzrm'/> + <feature name='gfni'/> + <feature name='ibrs-all'/> + <feature name='invpcid'/> + <feature name='la57'/> + <feature name='lahf_lm'/> + <feature name='lm'/> + <feature name='mca'/> + <feature name='mcdt-no'/> + <feature name='mce'/> + <feature name='mds-no'/> + <feature name='mmx'/> + <feature name='movbe'/> + <feature name='msr'/> + <feature name='mtrr'/> + <feature name='nx'/> + <feature name='pae'/> + <feature name='pat'/> + <feature name='pbrsb-no'/> + <feature name='pcid'/> + <feature name='pclmuldq'/> + <feature name='pdpe1gb'/> + <feature name='pge'/> + <feature name='pku'/> + <feature name='pni'/> + <feature name='popcnt'/> + <feature name='prefetchiti'/> + <feature name='pschange-mc-no'/> + <feature name='psdp-no'/> + <feature name='pse'/> + <feature name='pse36'/> + <feature name='rdctl-no'/> + <feature name='rdpid'/> + <feature name='rdrand'/> + <feature name='rdseed'/> + <feature name='rdtscp'/> + <feature name='sbdr-ssdp-no'/> + <feature name='sep'/> + <feature name='serialize'/> + <feature name='sha-ni'/> + <feature name='skip-l1dfl-vmentry'/> + <feature name='smap'/> + <feature name='smep'/> + <feature name='spec-ctrl'/> + <feature name='ssbd'/> + <feature name='sse'/> + <feature name='sse2'/> + <feature name='sse4.1'/> + <feature name='sse4.2'/> + <feature name='ssse3'/> + <feature name='syscall'/> + <feature name='taa-no'/> + <feature name='tsc'/> + <feature name='tsc-deadline'/> + <feature name='tsx-ldtrk'/> + <feature name='umip'/> + <feature name='vaes'/> + <feature name='vme'/> + <feature name='vmx-activity-hlt'/> + <feature name='vmx-apicv-register'/> + <feature name='vmx-apicv-vid'/> + <feature name='vmx-apicv-x2apic'/> + <feature name='vmx-apicv-xapic'/> + <feature name='vmx-cr3-load-noexit'/> + <feature name='vmx-cr3-store-noexit'/> + <feature name='vmx-cr8-load-exit'/> + <feature name='vmx-cr8-store-exit'/> + <feature name='vmx-desc-exit'/> + <feature name='vmx-entry-ia32e-mode'/> + <feature name='vmx-entry-load-efer'/> + <feature name='vmx-entry-load-pat'/> + <feature name='vmx-entry-load-perf-global-ctrl'/> + <feature name='vmx-entry-noload-debugctl'/> + <feature name='vmx-ept'/> + <feature name='vmx-ept-1gb'/> + <feature name='vmx-ept-2mb'/> + <feature name='vmx-ept-execonly'/> + <feature name='vmx-eptad'/> + <feature name='vmx-eptp-switching'/> + <feature name='vmx-exit-ack-intr'/> + <feature name='vmx-exit-load-efer'/> + <feature name='vmx-exit-load-pat'/> + <feature name='vmx-exit-load-perf-global-ctrl'/> + <feature name='vmx-exit-nosave-debugctl'/> + <feature name='vmx-exit-save-efer'/> + <feature name='vmx-exit-save-pat'/> + <feature name='vmx-exit-save-preemption-timer'/> + <feature name='vmx-flexpriority'/> + <feature name='vmx-hlt-exit'/> + <feature name='vmx-ins-outs'/> + <feature name='vmx-intr-exit'/> + <feature name='vmx-invept'/> + <feature name='vmx-invept-all-context'/> + <feature name='vmx-invept-single-context'/> + <feature name='vmx-invlpg-exit'/> + <feature name='vmx-invpcid-exit'/> + <feature name='vmx-invvpid'/> + <feature name='vmx-invvpid-all-context'/> + <feature name='vmx-invvpid-single-addr'/> + <feature name='vmx-invvpid-single-context-noglobals'/> + <feature name='vmx-io-bitmap'/> + <feature name='vmx-io-exit'/> + <feature name='vmx-monitor-exit'/> + <feature name='vmx-movdr-exit'/> + <feature name='vmx-msr-bitmap'/> + <feature name='vmx-mtf'/> + <feature name='vmx-mwait-exit'/> + <feature name='vmx-nmi-exit'/> + <feature name='vmx-page-walk-4'/> + <feature name='vmx-page-walk-5'/> + <feature name='vmx-pause-exit'/> + <feature name='vmx-pml'/> + <feature name='vmx-posted-intr'/> + <feature name='vmx-preemption-timer'/> + <feature name='vmx-rdpmc-exit'/> + <feature name='vmx-rdrand-exit'/> + <feature name='vmx-rdseed-exit'/> + <feature name='vmx-rdtsc-exit'/> + <feature name='vmx-rdtscp-exit'/> + <feature name='vmx-secondary-ctls'/> + <feature name='vmx-shadow-vmcs'/> + <feature name='vmx-store-lma'/> + <feature name='vmx-true-ctls'/> + <feature name='vmx-tsc-offset'/> + <feature name='vmx-unrestricted-guest'/> + <feature name='vmx-vintr-pending'/> + <feature name='vmx-vmfunc'/> + <feature name='vmx-vmwrite-vmexit-fields'/> + <feature name='vmx-vnmi'/> + <feature name='vmx-vnmi-pending'/> + <feature name='vmx-vpid'/> + <feature name='vmx-wbinvd-exit'/> + <feature name='vmx-xsaves'/> + <feature name='vpclmulqdq'/> + <feature name='wbnoinvd'/> + <feature name='x2apic'/> + <feature name='xfd'/> + <feature name='xgetbv1'/> + <feature name='xsave'/> + <feature name='xsavec'/> + <feature name='xsaveopt'/> + <feature name='xsaves'/> + </model> +</cpus> diff --git a/src/cpu_map/x86_SapphireRapids-noTSX.xml b/src/cpu_map/x86_SapphireRapids-noTSX.xml new file mode 100644 index 0000000000..de56826741 --- /dev/null +++ b/src/cpu_map/x86_SapphireRapids-noTSX.xml @@ -0,0 +1,190 @@ +<cpus> + <model name='SapphireRapids-noTSX'> + <check partial='compat'/> + <decode host='on' guest='off'/> + <signature family='6' model='143'/> + <vendor name='Intel'/> + <feature name='3dnowprefetch'/> + <feature name='abm'/> + <feature name='adx'/> + <feature name='aes'/> + <feature name='amx-bf16'/> + <feature name='amx-int8'/> + <feature name='amx-tile'/> + <feature name='apic'/> + <feature name='arat'/> + <feature name='arch-capabilities'/> + <feature name='avx'/> + <feature name='avx-vnni'/> + <feature name='avx2'/> + <feature name='avx512-bf16'/> + <feature name='avx512-fp16'/> + <feature name='avx512-vpopcntdq'/> + <feature name='avx512bitalg'/> + <feature name='avx512bw'/> + <feature name='avx512cd'/> + <feature name='avx512dq'/> + <feature name='avx512f'/> + <feature name='avx512ifma'/> + <feature name='avx512vbmi'/> + <feature name='avx512vbmi2'/> + <feature name='avx512vl'/> + <feature name='avx512vnni'/> + <feature name='bmi1'/> + <feature name='bmi2'/> + <feature name='bus-lock-detect'/> + <feature name='clflush'/> + <feature name='clflushopt'/> + <feature name='clwb'/> + <feature name='cmov'/> + <feature name='cx16'/> + <feature name='cx8'/> + <feature name='de'/> + <feature name='erms'/> + <feature name='f16c'/> + <feature name='fma'/> + <feature name='fpu'/> + <feature name='fsgsbase'/> + <feature name='fsrc'/> + <feature name='fsrm'/> + <feature name='fsrs'/> + <feature name='fxsr'/> + <feature name='fzrm'/> + <feature name='gfni'/> + <feature name='ibrs-all'/> + <feature name='invpcid'/> + <feature name='la57'/> + <feature name='lahf_lm'/> + <feature name='lm'/> + <feature name='mca'/> + <feature name='mce'/> + <feature name='mds-no'/> + <feature name='mmx'/> + <feature name='movbe'/> + <feature name='msr'/> + <feature name='mtrr'/> + <feature name='nx'/> + <feature name='pae'/> + <feature name='pat'/> + <feature name='pcid'/> + <feature name='pclmuldq'/> + <feature name='pdpe1gb'/> + <feature name='pge'/> + <feature name='pku'/> + <feature name='pni'/> + <feature name='popcnt'/> + <feature name='pschange-mc-no'/> + <feature name='pse'/> + <feature name='pse36'/> + <feature name='rdctl-no'/> + <feature name='rdpid'/> + <feature name='rdrand'/> + <feature name='rdseed'/> + <feature name='rdtscp'/> + <feature name='sep'/> + <feature name='serialize'/> + <feature name='sha-ni'/> + <feature name='skip-l1dfl-vmentry'/> + <feature name='smap'/> + <feature name='smep'/> + <feature name='spec-ctrl'/> + <feature name='ssbd'/> + <feature name='sse'/> + <feature name='sse2'/> + <feature name='sse4.1'/> + <feature name='sse4.2'/> + <feature name='ssse3'/> + <feature name='syscall'/> + <feature name='taa-no'/> + <feature name='tsc'/> + <feature name='tsc-deadline'/> + <feature name='tsx-ldtrk'/> + <feature name='umip'/> + <feature name='vaes'/> + <feature name='vme'/> + <feature name='vmx-activity-hlt' added='yes'/> + <feature name='vmx-apicv-register' added='yes'/> + <feature name='vmx-apicv-vid' added='yes'/> + <feature name='vmx-apicv-x2apic' added='yes'/> + <feature name='vmx-apicv-xapic' added='yes'/> + <feature name='vmx-cr3-load-noexit' added='yes'/> + <feature name='vmx-cr3-store-noexit' added='yes'/> + <feature name='vmx-cr8-load-exit' added='yes'/> + <feature name='vmx-cr8-store-exit' added='yes'/> + <feature name='vmx-desc-exit' added='yes'/> + <feature name='vmx-entry-ia32e-mode' added='yes'/> + <feature name='vmx-entry-load-efer' added='yes'/> + <feature name='vmx-entry-load-pat' added='yes'/> + <feature name='vmx-entry-load-perf-global-ctrl' added='yes'/> + <feature name='vmx-entry-noload-debugctl' added='yes'/> + <feature name='vmx-ept' added='yes'/> + <feature name='vmx-ept-1gb' added='yes'/> + <feature name='vmx-ept-2mb' added='yes'/> + <feature name='vmx-ept-execonly' added='yes'/> + <feature name='vmx-eptad' added='yes'/> + <feature name='vmx-eptp-switching' added='yes'/> + <feature name='vmx-exit-ack-intr' added='yes'/> + <feature name='vmx-exit-load-efer' added='yes'/> + <feature name='vmx-exit-load-pat' added='yes'/> + <feature name='vmx-exit-load-perf-global-ctrl' added='yes'/> + <feature name='vmx-exit-nosave-debugctl' added='yes'/> + <feature name='vmx-exit-save-efer' added='yes'/> + <feature name='vmx-exit-save-pat' added='yes'/> + <feature name='vmx-exit-save-preemption-timer' added='yes'/> + <feature name='vmx-flexpriority' added='yes'/> + <feature name='vmx-hlt-exit' added='yes'/> + <feature name='vmx-ins-outs' added='yes'/> + <feature name='vmx-intr-exit' added='yes'/> + <feature name='vmx-invept' added='yes'/> + <feature name='vmx-invept-all-context' added='yes'/> + <feature name='vmx-invept-single-context' added='yes'/> + <feature name='vmx-invlpg-exit' added='yes'/> + <feature name='vmx-invpcid-exit' added='yes'/> + <feature name='vmx-invvpid' added='yes'/> + <feature name='vmx-invvpid-all-context' added='yes'/> + <feature name='vmx-invvpid-single-addr' added='yes'/> + <feature name='vmx-invvpid-single-context-noglobals' added='yes'/> + <feature name='vmx-io-bitmap' added='yes'/> + <feature name='vmx-io-exit' added='yes'/> + <feature name='vmx-monitor-exit' added='yes'/> + <feature name='vmx-movdr-exit' added='yes'/> + <feature name='vmx-msr-bitmap' added='yes'/> + <feature name='vmx-mtf' added='yes'/> + <feature name='vmx-mwait-exit' added='yes'/> + <feature name='vmx-nmi-exit' added='yes'/> + <feature name='vmx-page-walk-4' added='yes'/> + <feature name='vmx-page-walk-5' added='yes'/> + <feature name='vmx-pause-exit' added='yes'/> + <feature name='vmx-pml' added='yes'/> + <feature name='vmx-posted-intr' added='yes'/> + <feature name='vmx-preemption-timer' added='yes'/> + <feature name='vmx-rdpmc-exit' added='yes'/> + <feature name='vmx-rdrand-exit' added='yes'/> + <feature name='vmx-rdseed-exit' added='yes'/> + <feature name='vmx-rdtsc-exit' added='yes'/> + <feature name='vmx-rdtscp-exit' added='yes'/> + <feature name='vmx-secondary-ctls' added='yes'/> + <feature name='vmx-shadow-vmcs' added='yes'/> + <feature name='vmx-store-lma' added='yes'/> + <feature name='vmx-true-ctls' added='yes'/> + <feature name='vmx-tsc-offset' added='yes'/> + <feature name='vmx-unrestricted-guest' added='yes'/> + <feature name='vmx-vintr-pending' added='yes'/> + <feature name='vmx-vmfunc' added='yes'/> + <feature name='vmx-vmwrite-vmexit-fields' added='yes'/> + <feature name='vmx-vnmi' added='yes'/> + <feature name='vmx-vnmi-pending' added='yes'/> + <feature name='vmx-vpid' added='yes'/> + <feature name='vmx-wbinvd-exit' added='yes'/> + <feature name='vmx-xsaves' added='yes'/> + <feature name='vpclmulqdq'/> + <feature name='wbnoinvd'/> + <feature name='x2apic'/> + <feature name='xfd'/> + <feature name='xgetbv1'/> + <feature name='xsave'/> + <feature name='xsavec'/> + <feature name='xsaveopt'/> + <feature name='xsaves'/> + </model> +</cpus> -- 2.45.2

3 7

[PATCH] security_manager: Don't leak seclabel in virSecurityManagerGenLabel()
by Michal Privoznik 18 Jun '25

18 Jun '25

From: Michal Privoznik <mprivozn(a)redhat.com> When a domain is being started, seclabels are generated for it. This is handled in virSecurityManagerGenLabel() which can either find pre-existing seclabel in domain def or generate a new one. At any rate, domainGenSecurityLabel() callback is called and if it fails then the seclabel is removed from domain definition using VIR_DELETE_ELEMENT(). While this shrinks down the seclabels array, it does not free individual item. It has to be freed manually. 80 bytes in 2 blocks are definitely lost in loss record 1,359 of 1,876 at 0x484CEF3: calloc (vg_replace_malloc.c:1675) by 0x4F19B29: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.8200.5) by 0x49E4953: virSecurityLabelDefNew (virseclabel.c:59) by 0x4BDE0A4: virSecurityManagerGenLabel (security_manager.c:638) by 0xBA029B7: qemuProcessPrepareDomain (qemu_process.c:6760) by 0xBA07DF2: qemuProcessStart (qemu_process.c:8369) by 0xB93DAC0: qemuDomainObjStart (qemu_driver.c:6371) by 0xB93DE08: qemuDomainCreateWithFlags (qemu_driver.c:6420) by 0xB93DE86: qemuDomainCreate (qemu_driver.c:6438) by 0x4CECEA8: virDomainCreate (libvirt-domain.c:7142) Now, you might think this may lead to a double free, because @seclabel is freed under the 'cleanup' label (if @generated is true). But if @generated is true, then just before calling the callback there's VIR_APPEND_ELEMENT() which clears @seclabel out turning the free under 'cleanup' label into a NOP. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- src/security/security_manager.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/security/security_manager.c b/src/security/security_manager.c index c2460eae37..5fc4eb4872 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -669,9 +669,14 @@ virSecurityManagerGenLabel(virSecurityManager *mgr, VIR_APPEND_ELEMENT(vm->seclabels, vm->nseclabels, seclabel); if (sec_managers[i]->drv->domainGenSecurityLabel(sec_managers[i], vm) < 0) { + virSecurityLabelDef *tmp = vm->seclabels[vm->nseclabels - 1]; + if (VIR_DELETE_ELEMENT(vm->seclabels, - vm->nseclabels -1, vm->nseclabels) < 0) + vm->nseclabels - 1, vm->nseclabels) < 0) { vm->nseclabels--; + } + + virSecurityLabelDefFree(tmp); goto cleanup; } -- 2.49.0

3 2