Question about managed/unmanaged persistent reservation disks
by Annie Li
Hello,
I've been looking at source code related to persistent reservation and
got confused a little bit about managed persistent reservation disks.
For disk configured with 'managed=yes' as the following,
<reservations managed='yes'>
<source type='unix'
path='/var/lib/libvirt/qemu/domain-7-brml10g19-iscsi-rese/pr-helper0.sock'
mode='client'/>
</reservations>
libvirt is responsible for starting a pr-helper program with a specific
associated socket file. The following source code shows that there is
only one pr-helper and socket file associated with the managed disks for
one VM.
const char *
qemuDomainGetManagedPRAlias(void)
{
return "pr-helper0";
}
char *
qemuDomainGetManagedPRSocketPath(qemuDomainObjPrivate *priv)
{
return g_strdup_printf("%s/%s.sock", priv->libDir,
qemuDomainGetManagedPRAlias());
}
So if the VM is booted with multiple disks configured with 'managed=yes'
for reservation, I suppose these multiple disks share the this managed
pr-helper and socket file. However, per the qemu document,
https://www.qemu.org/docs/master/interop/pr-helper.html
<https://www.qemu.org/docs/master/interop/pr-helper.html>
"It is invalid to send multiple commands concurrently on the same
socket. It is however possible to connect multiple sockets to the helper
and send multiple commands to the helper for one or more file descriptors."
Due to this limitation above, only one persistent reservation disk is
allowed as managed in theory. However, libvirt doesn't throw out any
error or warning when the VM is booted up with multiple managed
persistent reservation disks. I am wondering if I've missed something here?
For unmanaged persistent reservation disks, libvirt doesn't start the
pr-helper program for them. It is user's responsibility to start this
program with customized socket file per disk, but the complexity
increases with numbers of persistent reservation disks, especially in
the case of hotplug/hotunplog. Is there any plan to support multiple
managed persistent reservation disks with separate pr-helper/socket file?
Any suggestions/clarifications are greatly appreciated.
Thanks
Annie
1 month, 3 weeks
[PATCH] nvme: Fix more missing enum switches for VIR_DOMAIN_DISK_BUS_NVME
by Martin Kletzander
From: Martin Kletzander <mkletzan(a)redhat.com>
Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
---
So it turned out there were more places, but some even in code that was
compiling on my machine and in the CI, but was not found. Not sure why, but I
went through all the places again from scratch, hopefully this time that's all.
Pushed.
src/bhyve/bhyve_domain.c | 1 +
src/qemu/qemu_validate.c | 1 +
src/vz/vz_sdk.c | 2 ++
src/vz/vz_utils.c | 1 +
4 files changed, 5 insertions(+)
diff --git a/src/bhyve/bhyve_domain.c b/src/bhyve/bhyve_domain.c
index 3e18a462e460..c9bbf27d83ca 100644
--- a/src/bhyve/bhyve_domain.c
+++ b/src/bhyve/bhyve_domain.c
@@ -143,6 +143,7 @@ bhyveDomainDiskDefAssignAddress(struct _bhyveConn *driver,
case VIR_DOMAIN_DISK_BUS_USB:
case VIR_DOMAIN_DISK_BUS_UML:
case VIR_DOMAIN_DISK_BUS_SD:
+ case VIR_DOMAIN_DISK_BUS_NVME:
case VIR_DOMAIN_DISK_BUS_LAST:
default:
break;
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index 5eaaca87fed6..b2faf4300204 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -1556,6 +1556,7 @@ qemuValidateDomainDeviceDefAddressDrive(virDomainDeviceInfo *info,
case VIR_DOMAIN_DISK_BUS_SD:
case VIR_DOMAIN_DISK_BUS_NONE:
case VIR_DOMAIN_DISK_BUS_UML:
+ case VIR_DOMAIN_DISK_BUS_NVME:
case VIR_DOMAIN_DISK_BUS_LAST:
break;
}
diff --git a/src/vz/vz_sdk.c b/src/vz/vz_sdk.c
index 684b76ffa057..160778146dcd 100644
--- a/src/vz/vz_sdk.c
+++ b/src/vz/vz_sdk.c
@@ -3380,6 +3380,7 @@ static int prlsdkConfigureDisk(struct _vzDriver *driver,
case VIR_DOMAIN_DISK_BUS_USB:
case VIR_DOMAIN_DISK_BUS_UML:
case VIR_DOMAIN_DISK_BUS_SD:
+ case VIR_DOMAIN_DISK_BUS_NVME:
case VIR_DOMAIN_DISK_BUS_LAST:
default:
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
@@ -4339,6 +4340,7 @@ prlsdkGetBlockStats(PRL_HANDLE sdkstats,
case VIR_DOMAIN_DISK_BUS_USB:
case VIR_DOMAIN_DISK_BUS_UML:
case VIR_DOMAIN_DISK_BUS_SD:
+ case VIR_DOMAIN_DISK_BUS_NVME:
case VIR_DOMAIN_DISK_BUS_LAST:
default:
virReportError(VIR_ERR_INTERNAL_ERROR,
diff --git a/src/vz/vz_utils.c b/src/vz/vz_utils.c
index 7c08d0f88b58..976303479bb6 100644
--- a/src/vz/vz_utils.c
+++ b/src/vz/vz_utils.c
@@ -242,6 +242,7 @@ vzCheckDiskAddressDriveUnsupportedParams(virDomainDiskDef *disk)
case VIR_DOMAIN_DISK_BUS_USB:
case VIR_DOMAIN_DISK_BUS_UML:
case VIR_DOMAIN_DISK_BUS_SD:
+ case VIR_DOMAIN_DISK_BUS_NVME:
case VIR_DOMAIN_DISK_BUS_LAST:
default:
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
--
2.49.0
1 month, 3 weeks
[PATCH 0/3] Drop unnecessary build dependencies
by Andrea Bolognani
We've recently stopped checking for the presence of several
commands at build time. That means we don't need them in the
RPM or CI build environment either.
Test pipeline: https://gitlab.com/abologna/libvirt/-/pipelines/1855622714
Andrea Bolognani (3):
rpm: Fix/clarify Requires
rpm: Drop unnecessary BuildRequires
ci: Drop unnecessary build dependencies
ci/buildenv/almalinux-9.sh | 9 ---------
ci/buildenv/alpine-321.sh | 6 ------
ci/buildenv/alpine-edge.sh | 6 ------
ci/buildenv/centos-stream-9.sh | 9 ---------
ci/buildenv/debian-12-cross-aarch64.sh | 8 --------
ci/buildenv/debian-12-cross-armv6l.sh | 8 --------
ci/buildenv/debian-12-cross-armv7l.sh | 8 --------
ci/buildenv/debian-12-cross-i686.sh | 8 --------
ci/buildenv/debian-12-cross-mips64el.sh | 8 --------
ci/buildenv/debian-12-cross-mipsel.sh | 8 --------
ci/buildenv/debian-12-cross-ppc64le.sh | 8 --------
ci/buildenv/debian-12-cross-s390x.sh | 8 --------
ci/buildenv/debian-12.sh | 8 --------
ci/buildenv/debian-sid-cross-aarch64.sh | 8 --------
ci/buildenv/debian-sid-cross-armv6l.sh | 8 --------
ci/buildenv/debian-sid-cross-armv7l.sh | 8 --------
ci/buildenv/debian-sid-cross-i686.sh | 8 --------
ci/buildenv/debian-sid-cross-mips64el.sh | 8 --------
ci/buildenv/debian-sid-cross-ppc64le.sh | 8 --------
ci/buildenv/debian-sid-cross-s390x.sh | 8 --------
ci/buildenv/debian-sid.sh | 8 --------
ci/buildenv/fedora-41.sh | 9 ---------
ci/buildenv/fedora-42-cross-mingw32.sh | 9 ---------
ci/buildenv/fedora-42-cross-mingw64.sh | 9 ---------
ci/buildenv/fedora-42.sh | 9 ---------
ci/buildenv/fedora-rawhide-cross-mingw32.sh | 9 ---------
ci/buildenv/fedora-rawhide-cross-mingw64.sh | 9 ---------
ci/buildenv/fedora-rawhide.sh | 9 ---------
ci/buildenv/opensuse-leap-15.sh | 8 --------
ci/buildenv/opensuse-tumbleweed.sh | 8 --------
ci/buildenv/ubuntu-2204.sh | 8 --------
ci/buildenv/ubuntu-2404.sh | 8 --------
ci/cirrus/freebsd-13.vars | 2 +-
ci/cirrus/freebsd-14.vars | 2 +-
ci/containers/almalinux-9.Dockerfile | 9 ---------
ci/containers/alpine-321.Dockerfile | 6 ------
ci/containers/alpine-edge.Dockerfile | 6 ------
ci/containers/centos-stream-9.Dockerfile | 9 ---------
.../debian-12-cross-aarch64.Dockerfile | 8 --------
.../debian-12-cross-armv6l.Dockerfile | 8 --------
.../debian-12-cross-armv7l.Dockerfile | 8 --------
ci/containers/debian-12-cross-i686.Dockerfile | 8 --------
.../debian-12-cross-mips64el.Dockerfile | 8 --------
.../debian-12-cross-mipsel.Dockerfile | 8 --------
.../debian-12-cross-ppc64le.Dockerfile | 8 --------
ci/containers/debian-12-cross-s390x.Dockerfile | 8 --------
ci/containers/debian-12.Dockerfile | 8 --------
.../debian-sid-cross-aarch64.Dockerfile | 8 --------
.../debian-sid-cross-armv6l.Dockerfile | 8 --------
.../debian-sid-cross-armv7l.Dockerfile | 8 --------
ci/containers/debian-sid-cross-i686.Dockerfile | 8 --------
.../debian-sid-cross-mips64el.Dockerfile | 8 --------
.../debian-sid-cross-ppc64le.Dockerfile | 8 --------
.../debian-sid-cross-s390x.Dockerfile | 8 --------
ci/containers/debian-sid.Dockerfile | 8 --------
ci/containers/fedora-41.Dockerfile | 9 ---------
.../fedora-42-cross-mingw32.Dockerfile | 9 ---------
.../fedora-42-cross-mingw64.Dockerfile | 9 ---------
ci/containers/fedora-42.Dockerfile | 9 ---------
.../fedora-rawhide-cross-mingw32.Dockerfile | 9 ---------
.../fedora-rawhide-cross-mingw64.Dockerfile | 9 ---------
ci/containers/fedora-rawhide.Dockerfile | 9 ---------
ci/containers/opensuse-leap-15.Dockerfile | 8 --------
ci/containers/opensuse-tumbleweed.Dockerfile | 8 --------
ci/containers/ubuntu-2204.Dockerfile | 8 --------
ci/containers/ubuntu-2404.Dockerfile | 8 --------
ci/lcitool/projects/libvirt.yml | 9 ---------
libvirt.spec.in | 18 +++---------------
68 files changed, 5 insertions(+), 548 deletions(-)
--
2.49.0
1 month, 3 weeks
[PATCH] bhyve: Fix build after introduction of emulated NVMe disks
by Martin Kletzander
From: Martin Kletzander <mkletzan(a)redhat.com>
Somehow I missed one switch over disk bus enum.
Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
---
Pushed under the 'build-breaker' rule.
src/bhyve/bhyve_command.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/bhyve/bhyve_command.c b/src/bhyve/bhyve_command.c
index 916d699c8030..c82a07c2eb1d 100644
--- a/src/bhyve/bhyve_command.c
+++ b/src/bhyve/bhyve_command.c
@@ -370,6 +370,7 @@ bhyveBuildDiskArgStr(const virDomainDef *def,
case VIR_DOMAIN_DISK_BUS_USB:
case VIR_DOMAIN_DISK_BUS_UML:
case VIR_DOMAIN_DISK_BUS_SD:
+ case VIR_DOMAIN_DISK_BUS_NVME:
case VIR_DOMAIN_DISK_BUS_LAST:
default:
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
--
2.49.0
1 month, 3 weeks
[PATCH] docs: outline bug expectations wrt automated tools / AI agents
by Daniel P. Berrangé
From: Daniel P. Berrangé <berrange(a)redhat.com>
Bug reports from automated tools and AI agents are time consuming to
triage and have poor signal/noise ratio. Set strong expectations for
any reporters using such tools, in a (likely doomed) attempt to stem
the flow of poor quality reports.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
docs/bugs.rst | 14 ++++++++++++++
docs/securityprocess.rst | 4 ++++
2 files changed, 18 insertions(+)
diff --git a/docs/bugs.rst b/docs/bugs.rst
index 5fd1970caf..e12a6c74ec 100644
--- a/docs/bugs.rst
+++ b/docs/bugs.rst
@@ -76,6 +76,20 @@ Linux Distribution specific bug reports
like to have your procedure for filing bugs mentioned here, please mail the
libvirt development list.
+Use of automated tools / AI agents
+----------------------------------
+
+If any automated tool / AI agent is used to identify a bug / security
+flaw, the following additional expectations apply when filing a report:
+
+- The tool / agent used **MUST** be clearly declared in the description
+- All stated facts **MUST** be validated as correct and free from AI
+ hallucinations prior to filing
+- The problem **MUST** be described against an upstream release that is
+ no more than 3 months old.
+- The problem **SHOULD** be analysed and accompanied with a proposed
+ patch that can be directly applied to current git
+
How to file high quality bug reports
------------------------------------
diff --git a/docs/securityprocess.rst b/docs/securityprocess.rst
index 075679df74..b7695ddc59 100644
--- a/docs/securityprocess.rst
+++ b/docs/securityprocess.rst
@@ -27,6 +27,10 @@ and moderated for non-members. As such you will receive an auto-reply indicating
the report is held for moderation. Postings by non-members will be approved by a
moderator and the reporter copied on any replies.
+Refer to the `bug reporting <bugs.html#use-of-automated-tools-ai-agents>`__
+page for the *expectations around the use of automated tools and AI agents*,
+**prior** to filing any security report.
+
Security notices
----------------
--
2.49.0
1 month, 3 weeks
Re: Can you have a brief look? [Was: Support for emulated NVMe disks
in VMX and QEMU]
by Martin Kletzander
[Adding the list to Cc]
On Fri, Jun 06, 2025 at 12:19:16PM +0800, Honglei Wang wrote:
>Hi Martin,
>
>Thanks for following up — yes, I saw your previous email and just had a
>chance to review the patches.
>
>The series looks good to me overall, and I’m fine with the Signed-off-by
>trailers you added — thanks for including them.
>
Thank you for the confirmation.
>There might be a small detail to look into: I noticed you changed the
>parameters of the virIndexToDiskName function, but it seems not all callers
>were updated accordingly. This should be caught by CI, though. If I have
>any other issues, I’ll reply on the patch mail list.
>
You are right, I missed the hyperv driver for some reason. I fixed that
in the commit which changes the parameters and pushed the series
upstream so that it gets to the next release.
>Thanks again for your work on this!
>
>Best regards
>
Thank you too and have a nice day,
Martin
1 month, 3 weeks
[PATCH v3 0/2] Fix forward type=hostdev nets for apparmor
by Tim Small
Fixes a bug whereby apparmor permissions aren't granted to allow a PCI
SR-IOV virtual function to be used in a kvm guest when the VF is defined
via a forward type='hostdev' network (as per the 'hostdev' option
documented here: https://libvirt.org/formatnetwork.html#connectivity ).
Downstream bug here:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993856
qemu accesses these PCI virtual functions using the vfio API, so no
additional permissions to access to the PCI device resources etc. via
/sys/devices/pci[...]/resource et al. are necessary.
This is a resend with fixed From in body for the patch emails, and
change notes in patch emails.
Thanks,
Tim.
Tim Small (2):
virt-aa-helper: refactor for readability
virt-aa-helper: Allow SR-IOV VF PCI for hostdev networks
.../usr.lib.libvirt.virt-aa-helper.in | 4 +++
src/security/virt-aa-helper.c | 28 ++++++++++++++++---
2 files changed, 28 insertions(+), 4 deletions(-)
--
2.47.2
1 month, 3 weeks
[PATCH] qemu.conf: Improve docs for 'dynamic_ownership' option
by Peter Krempa
From: Peter Krempa <pkrempa(a)redhat.com>
Add a note that the user/group can be overriden or relabelling disabled
using per-vm/disk <seclabel> elements instead of disabling it globally.
Add a note that read-only image labels are not restored.
Closes: https://gitlab.com/libvirt/libvirt/-/issues/512
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
src/qemu/qemu.conf.in | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu.conf.in b/src/qemu/qemu.conf.in
index 042bb75b50..221bfa8095 100644
--- a/src/qemu/qemu.conf.in
+++ b/src/qemu/qemu.conf.in
@@ -513,7 +513,17 @@
# Whether libvirt should dynamically change file ownership
# to match the configured user/group above. Defaults to 1.
-# Set to 0 to disable file ownership changes.
+#
+# Notes:
+# - Per domain or per disk image user and group can be configured, or
+# relabelling disabled using the <seclabel model='dac'> elements in XML:
+#
+# https://www.libvirt.org/formatdomain.html#security-label
+#
+# - The user/group of read-only images is not restored as with read-write
+# images as they may be shared among more domains.
+#
+# Set to 0 to disable file ownership changes globally in the qemu driver.
#dynamic_ownership = 1
# Whether libvirt should remember and restore the original
--
2.49.0
1 month, 3 weeks
[PATCH] nodedev: add nodedev name to mdevctl unsupport msg
by Boris Fiuczynski
Let's add the nodedev name to improve the error message for the user.
Signed-off-by: Boris Fiuczynski <fiuczy(a)linux.ibm.com>
---
src/node_device/node_device_driver.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/src/node_device/node_device_driver.c b/src/node_device/node_device_driver.c
index 2c9e749495..de103d1967 100644
--- a/src/node_device/node_device_driver.c
+++ b/src/node_device/node_device_driver.c
@@ -927,6 +927,7 @@ nodeDeviceGetMdevctlModifySupportCheck(void)
static int
virMdevctlModify(virNodeDeviceDef *def,
+ const char *def_name,
bool defined,
bool live)
{
@@ -942,8 +943,9 @@ virMdevctlModify(virNodeDeviceDef *def,
if (nodeDeviceGetMdevctlModifySupportCheck() < 0) {
VIR_WARN("Installed mdevctl version does not support modify with options jsonfile, defined and live");
- virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
- _("Unable to modify mediated device: modify unsupported"));
+ virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
+ _("Unable to modify mediated device '%1$s': modify unsupported"),
+ def_name);
return -1;
}
@@ -952,8 +954,8 @@ virMdevctlModify(virNodeDeviceDef *def,
if (status != 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("Unable to modify mediated device: %1$s"),
- MDEVCTL_ERROR(errmsg));
+ _("Unable to modify mediated device '%1$s': %2$s"),
+ def_name, MDEVCTL_ERROR(errmsg));
return -1;
}
@@ -1608,8 +1610,9 @@ nodeDeviceDefineXML(virConnect *conn,
* nodeDeviceDefValidateUpdate() is not required as uuid and
* parent are matching if def was found and changing the type in
* the persistent config is allowed. */
- VIR_DEBUG("Update node device '%s' with mdevctl", def->name);
- modify_failed = (virMdevctlModify(def, true, false) < 0);
+ virNodeDeviceDef *olddef = virNodeDeviceObjGetDef(persistent_obj);
+ VIR_DEBUG("Update node device '%s' with mdevctl", olddef->name);
+ modify_failed = (virMdevctlModify(def, olddef->name, true, false) < 0);
virNodeDeviceObjEndAPI(&persistent_obj);
if (modify_failed)
return NULL;
@@ -2357,6 +2360,7 @@ nodeDeviceUpdate(virNodeDevice *device,
/* Update now. */
VIR_DEBUG("Update node device '%s' with mdevctl", def->name);
if (virMdevctlModify(new_def,
+ def->name,
(flags & VIR_NODE_DEVICE_UPDATE_AFFECT_CONFIG),
(flags & VIR_NODE_DEVICE_UPDATE_AFFECT_LIVE)) < 0) {
goto cleanup;
--
2.49.0
1 month, 3 weeks
[PATCH] ci: refresh with 'lcitool manifest'
by Michal Privoznik
From: Michal Privoznik <mprivozn(a)redhat.com>
- Replace Alpine 3.21 with 3.22
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
Green pipeline:
https://gitlab.com/MichalPrivoznik/libvirt/-/pipelines/1860029940
ci/buildenv/{alpine-321.sh => alpine-322.sh} | 0
.../{alpine-321.Dockerfile => alpine-322.Dockerfile} | 2 +-
ci/gitlab/builds.yml | 8 ++++----
ci/gitlab/containers.yml | 4 ++--
ci/manifest.yml | 2 +-
5 files changed, 8 insertions(+), 8 deletions(-)
rename ci/buildenv/{alpine-321.sh => alpine-322.sh} (100%)
rename ci/containers/{alpine-321.Dockerfile => alpine-322.Dockerfile} (98%)
diff --git a/ci/buildenv/alpine-321.sh b/ci/buildenv/alpine-322.sh
similarity index 100%
rename from ci/buildenv/alpine-321.sh
rename to ci/buildenv/alpine-322.sh
diff --git a/ci/containers/alpine-321.Dockerfile b/ci/containers/alpine-322.Dockerfile
similarity index 98%
rename from ci/containers/alpine-321.Dockerfile
rename to ci/containers/alpine-322.Dockerfile
index 2351b03653..03db9a3d22 100644
--- a/ci/containers/alpine-321.Dockerfile
+++ b/ci/containers/alpine-322.Dockerfile
@@ -4,7 +4,7 @@
#
# https://gitlab.com/libvirt/libvirt-ci
-FROM docker.io/library/alpine:3.21
+FROM docker.io/library/alpine:3.22
RUN apk update && \
apk upgrade && \
diff --git a/ci/gitlab/builds.yml b/ci/gitlab/builds.yml
index 5fab2008d8..ae691862c2 100644
--- a/ci/gitlab/builds.yml
+++ b/ci/gitlab/builds.yml
@@ -33,15 +33,15 @@ x86_64-almalinux-9-clang:
TARGET_BASE_IMAGE: docker.io/library/almalinux:9
-x86_64-alpine-321:
+x86_64-alpine-322:
extends: .native_build_job
needs:
- - job: x86_64-alpine-321-container
+ - job: x86_64-alpine-322-container
optional: true
allow_failure: false
variables:
- NAME: alpine-321
- TARGET_BASE_IMAGE: docker.io/library/alpine:3.21
+ NAME: alpine-322
+ TARGET_BASE_IMAGE: docker.io/library/alpine:3.22
x86_64-alpine-edge:
diff --git a/ci/gitlab/containers.yml b/ci/gitlab/containers.yml
index 05809fbdeb..0650e4781c 100644
--- a/ci/gitlab/containers.yml
+++ b/ci/gitlab/containers.yml
@@ -14,11 +14,11 @@ x86_64-almalinux-9-container:
NAME: almalinux-9
-x86_64-alpine-321-container:
+x86_64-alpine-322-container:
extends: .container_job
allow_failure: false
variables:
- NAME: alpine-321
+ NAME: alpine-322
x86_64-alpine-edge-container:
diff --git a/ci/manifest.yml b/ci/manifest.yml
index 14bfef25d2..21d570cb00 100644
--- a/ci/manifest.yml
+++ b/ci/manifest.yml
@@ -19,7 +19,7 @@ targets:
RPM: skip
CC: clang
- alpine-321: x86_64
+ alpine-322: x86_64
alpine-edge:
jobs:
--
2.49.0
1 month, 3 weeks