June 2025 - Devel - libvirt List Archives

Re: [RFC PATCH v3 4/6] qemucapabilitiestest: Adds Arm CCA support
by Peter Krempa 12 Jun '25

12 Jun '25

On Thu, May 29, 2025 at 05:10:48 +0000, Kazuhiro Abe (Fujitsu) wrote: > > On 5/20/25 17:54, Peter Krempa wrote: > > On Tue, May 20, 2025 at 17:28:26 +0900, Kazuhiro Abe wrote: > > > From: Akio Kakuno <fj3333bs(a)fujitsu.com> > > > > > > - This test was added to check qemu capabilities for Arm > > > CCA support. > > > > IF > > > > > This test was created using the method described in the > > > documentation. > > > > > > Signed-off-by: Kazuhiro Abe <fj1078ii(a)aa.jp.fujitsu.com> > > > --- > > > .../caps_9.1.0_aarch64.replies | 36222 > > ++++++++++++++++ > > > .../caps_9.1.0_aarch64.xml | 530 + > > > 2 files changed, 36752 insertions(+) > > > create mode 100644 > > > tests/qemucapabilitiesdata/caps_9.1.0_aarch64.replies > > > create mode 100644 tests/qemucapabilitiesdata/caps_9.1.0_aarch64.xml > > > > Note that I'll be commenting only on the capability testing related matter, not the > > rest of the series. > > > > > diff --git a/tests/qemucapabilitiesdata/caps_9.1.0_aarch64.replies > > > b/tests/qemucapabilitiesdata/caps_9.1.0_aarch64.replies > > > new file mode 100644 > > > index 0000000000..906a21f0c6 > > > --- /dev/null > > > +++ b/tests/qemucapabilitiesdata/caps_9.1.0_aarch64.replies > > > @@ -0,0 +1,36222 @@ > > > +{ > > > + "execute": "qmp_capabilities", > > > + "id": "libvirt-1" > > > +} > > > + > > > +{ > > > + "return": {}, > > > + "id": "libvirt-1" > > > +} > > > + > > > +{ > > > + "execute": "query-version", > > > + "id": "libvirt-2" > > > +} > > > + > > > +{ > > > + "return": { > > > + "qemu": { > > > + "micro": 91, > > > + "minor": 1, > > > + "major": 9 > > > > This is from 9.2.0-rc1. So firstly the file is named wrong, because it was supposed > > to be 'caps_9.2.0_aarch64.replies' instead. > > > > Also except for the currently developed release we require that the .replies files > > are generated from the final release versions and not the RCs or any other > > non-final code. > > > > The libvirt tree already has qemu caps for 9.2.0 and 10.0.0 for aarch64. > > > > What makes these special? > > > > If there's a reason to have specific capabilities please add a 'variant' > > per tests/qemucapabilitiesdata/README.rst > > Thanks for your comment. > > These were generated from a special QEMU version which support ARM CCA based on 9.2. > So as a temporary measure, I will add a variant to the replies file, > and the name will be caps_9.2.0_aarch64+armrme.replies. I'd expect that now that qemu-10.0 is out you'd be targetting at least qemu-10.1 [1] as ... > > Note that, once the patch about Arm CCA support is merged, > we will change the replies file name. ... it's not yet merged as you are saying. [1] We do allow capabilities captured from the currently in development tree but: - they must be based on a commit from official qemu git - you will have to update them to the final version once qemu-N+1 releases. But since it's not merged yet your patch will need to stay RFC. Please make sure thoug to note it in the capabilities patch that it's not the final version yet so that there's no confusion. Your patch looked like it was something which already exists based on the commit message and I didn't read the cover letter because I wasn't too interested in the series itself, I'm just making sure that capabilities dumps are handled properly so that I don't have to deal with it later.

2 1

[PATCH 0/1] [RFC] Live migration support for ch driver
by Stefan Kober 10 Jun '25

10 Jun '25

This change serves as a proof of concept that adds live migration support to the Cloud Hypervisor driver. It is meant to show feasibility and to receive early feedback. I tested the live migration by invoking: virsh -c ch:///session migrate --domain vmName --desturi ch+ssh://dstHost/session --live Opens: * What is required for a minimal viable live migration to be merged? * Job state tracking? (virDomainObjBeginJob, ...) * What should 'virsh domjobinfo' show? * Testing? * Anything else? Stefan Kober (1): Initial CH migrate API src/ch/ch_conf.h | 4 + src/ch/ch_domain.h | 2 + src/ch/ch_driver.c | 362 +++++++++++++++++++++++++++++- src/ch/ch_monitor.c | 156 +++++++++++++ src/ch/ch_monitor.h | 8 + src/ch/ch_process.c | 136 ++++++++++- src/ch/ch_process.h | 6 + src/hypervisor/domain_interface.c | 1 + src/libvirt-domain.c | 15 +- 9 files changed, 680 insertions(+), 10 deletions(-) -- 2.49.0

3 5

[PATCH] docs: fix list term highlighting in URI docs
by Daniel P. Berrangé 10 Jun '25

10 Jun '25

From: Daniel P. Berrangé <berrange(a)redhat.com> Having a blank line between the term and its definition prevents the RST to HTML convertor highlighting 'pkipath' correctly. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- docs/uri.rst | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/uri.rst b/docs/uri.rst index 1d2c68f5b8..cc970001f4 100644 --- a/docs/uri.rst +++ b/docs/uri.rst @@ -296,7 +296,6 @@ Supported extra parameters: **Example:** ``no_verify=1`` ``pkipath`` - Specifies x509 certificates path for the client. If any of the CA certificate, client certificate, or client key is missing, the connection will fail with a fatal error. -- 2.49.0

2 1

Question about managed/unmanaged persistent reservation disks
by Annie Li 09 Jun '25

09 Jun '25

Hello, I've been looking at source code related to persistent reservation and got confused a little bit about managed persistent reservation disks. For disk configured with 'managed=yes' as the following, <reservations managed='yes'> <source type='unix' path='/var/lib/libvirt/qemu/domain-7-brml10g19-iscsi-rese/pr-helper0.sock' mode='client'/> </reservations> libvirt is responsible for starting a pr-helper program with a specific associated socket file. The following source code shows that there is only one pr-helper and socket file associated with the managed disks for one VM. const char * qemuDomainGetManagedPRAlias(void) { return "pr-helper0"; } char * qemuDomainGetManagedPRSocketPath(qemuDomainObjPrivate *priv) { return g_strdup_printf("%s/%s.sock", priv->libDir, qemuDomainGetManagedPRAlias()); } So if the VM is booted with multiple disks configured with 'managed=yes' for reservation, I suppose these multiple disks share the this managed pr-helper and socket file. However, per the qemu document, https://www.qemu.org/docs/master/interop/pr-helper.html <https://www.qemu.org/docs/master/interop/pr-helper.html> "It is invalid to send multiple commands concurrently on the same socket. It is however possible to connect multiple sockets to the helper and send multiple commands to the helper for one or more file descriptors." Due to this limitation above, only one persistent reservation disk is allowed as managed in theory. However, libvirt doesn't throw out any error or warning when the VM is booted up with multiple managed persistent reservation disks. I am wondering if I've missed something here? For unmanaged persistent reservation disks, libvirt doesn't start the pr-helper program for them. It is user's responsibility to start this program with customized socket file per disk, but the complexity increases with numbers of persistent reservation disks, especially in the case of hotplug/hotunplog. Is there any plan to support multiple managed persistent reservation disks with separate pr-helper/socket file? Any suggestions/clarifications are greatly appreciated. Thanks Annie

1 0

[PATCH] nvme: Fix more missing enum switches for VIR_DOMAIN_DISK_BUS_NVME
by Martin Kletzander 09 Jun '25

09 Jun '25

From: Martin Kletzander <mkletzan(a)redhat.com> Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com> --- So it turned out there were more places, but some even in code that was compiling on my machine and in the CI, but was not found. Not sure why, but I went through all the places again from scratch, hopefully this time that's all. Pushed. src/bhyve/bhyve_domain.c | 1 + src/qemu/qemu_validate.c | 1 + src/vz/vz_sdk.c | 2 ++ src/vz/vz_utils.c | 1 + 4 files changed, 5 insertions(+) diff --git a/src/bhyve/bhyve_domain.c b/src/bhyve/bhyve_domain.c index 3e18a462e460..c9bbf27d83ca 100644 --- a/src/bhyve/bhyve_domain.c +++ b/src/bhyve/bhyve_domain.c @@ -143,6 +143,7 @@ bhyveDomainDiskDefAssignAddress(struct _bhyveConn *driver, case VIR_DOMAIN_DISK_BUS_USB: case VIR_DOMAIN_DISK_BUS_UML: case VIR_DOMAIN_DISK_BUS_SD: + case VIR_DOMAIN_DISK_BUS_NVME: case VIR_DOMAIN_DISK_BUS_LAST: default: break; diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c index 5eaaca87fed6..b2faf4300204 100644 --- a/src/qemu/qemu_validate.c +++ b/src/qemu/qemu_validate.c @@ -1556,6 +1556,7 @@ qemuValidateDomainDeviceDefAddressDrive(virDomainDeviceInfo *info, case VIR_DOMAIN_DISK_BUS_SD: case VIR_DOMAIN_DISK_BUS_NONE: case VIR_DOMAIN_DISK_BUS_UML: + case VIR_DOMAIN_DISK_BUS_NVME: case VIR_DOMAIN_DISK_BUS_LAST: break; } diff --git a/src/vz/vz_sdk.c b/src/vz/vz_sdk.c index 684b76ffa057..160778146dcd 100644 --- a/src/vz/vz_sdk.c +++ b/src/vz/vz_sdk.c @@ -3380,6 +3380,7 @@ static int prlsdkConfigureDisk(struct _vzDriver *driver, case VIR_DOMAIN_DISK_BUS_USB: case VIR_DOMAIN_DISK_BUS_UML: case VIR_DOMAIN_DISK_BUS_SD: + case VIR_DOMAIN_DISK_BUS_NVME: case VIR_DOMAIN_DISK_BUS_LAST: default: virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", @@ -4339,6 +4340,7 @@ prlsdkGetBlockStats(PRL_HANDLE sdkstats, case VIR_DOMAIN_DISK_BUS_USB: case VIR_DOMAIN_DISK_BUS_UML: case VIR_DOMAIN_DISK_BUS_SD: + case VIR_DOMAIN_DISK_BUS_NVME: case VIR_DOMAIN_DISK_BUS_LAST: default: virReportError(VIR_ERR_INTERNAL_ERROR, diff --git a/src/vz/vz_utils.c b/src/vz/vz_utils.c index 7c08d0f88b58..976303479bb6 100644 --- a/src/vz/vz_utils.c +++ b/src/vz/vz_utils.c @@ -242,6 +242,7 @@ vzCheckDiskAddressDriveUnsupportedParams(virDomainDiskDef *disk) case VIR_DOMAIN_DISK_BUS_USB: case VIR_DOMAIN_DISK_BUS_UML: case VIR_DOMAIN_DISK_BUS_SD: + case VIR_DOMAIN_DISK_BUS_NVME: case VIR_DOMAIN_DISK_BUS_LAST: default: virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", -- 2.49.0

2 1

[PATCH 0/3] Drop unnecessary build dependencies
by Andrea Bolognani 09 Jun '25

09 Jun '25

We've recently stopped checking for the presence of several commands at build time. That means we don't need them in the RPM or CI build environment either. Test pipeline: https://gitlab.com/abologna/libvirt/-/pipelines/1855622714 Andrea Bolognani (3): rpm: Fix/clarify Requires rpm: Drop unnecessary BuildRequires ci: Drop unnecessary build dependencies ci/buildenv/almalinux-9.sh | 9 --------- ci/buildenv/alpine-321.sh | 6 ------ ci/buildenv/alpine-edge.sh | 6 ------ ci/buildenv/centos-stream-9.sh | 9 --------- ci/buildenv/debian-12-cross-aarch64.sh | 8 -------- ci/buildenv/debian-12-cross-armv6l.sh | 8 -------- ci/buildenv/debian-12-cross-armv7l.sh | 8 -------- ci/buildenv/debian-12-cross-i686.sh | 8 -------- ci/buildenv/debian-12-cross-mips64el.sh | 8 -------- ci/buildenv/debian-12-cross-mipsel.sh | 8 -------- ci/buildenv/debian-12-cross-ppc64le.sh | 8 -------- ci/buildenv/debian-12-cross-s390x.sh | 8 -------- ci/buildenv/debian-12.sh | 8 -------- ci/buildenv/debian-sid-cross-aarch64.sh | 8 -------- ci/buildenv/debian-sid-cross-armv6l.sh | 8 -------- ci/buildenv/debian-sid-cross-armv7l.sh | 8 -------- ci/buildenv/debian-sid-cross-i686.sh | 8 -------- ci/buildenv/debian-sid-cross-mips64el.sh | 8 -------- ci/buildenv/debian-sid-cross-ppc64le.sh | 8 -------- ci/buildenv/debian-sid-cross-s390x.sh | 8 -------- ci/buildenv/debian-sid.sh | 8 -------- ci/buildenv/fedora-41.sh | 9 --------- ci/buildenv/fedora-42-cross-mingw32.sh | 9 --------- ci/buildenv/fedora-42-cross-mingw64.sh | 9 --------- ci/buildenv/fedora-42.sh | 9 --------- ci/buildenv/fedora-rawhide-cross-mingw32.sh | 9 --------- ci/buildenv/fedora-rawhide-cross-mingw64.sh | 9 --------- ci/buildenv/fedora-rawhide.sh | 9 --------- ci/buildenv/opensuse-leap-15.sh | 8 -------- ci/buildenv/opensuse-tumbleweed.sh | 8 -------- ci/buildenv/ubuntu-2204.sh | 8 -------- ci/buildenv/ubuntu-2404.sh | 8 -------- ci/cirrus/freebsd-13.vars | 2 +- ci/cirrus/freebsd-14.vars | 2 +- ci/containers/almalinux-9.Dockerfile | 9 --------- ci/containers/alpine-321.Dockerfile | 6 ------ ci/containers/alpine-edge.Dockerfile | 6 ------ ci/containers/centos-stream-9.Dockerfile | 9 --------- .../debian-12-cross-aarch64.Dockerfile | 8 -------- .../debian-12-cross-armv6l.Dockerfile | 8 -------- .../debian-12-cross-armv7l.Dockerfile | 8 -------- ci/containers/debian-12-cross-i686.Dockerfile | 8 -------- .../debian-12-cross-mips64el.Dockerfile | 8 -------- .../debian-12-cross-mipsel.Dockerfile | 8 -------- .../debian-12-cross-ppc64le.Dockerfile | 8 -------- ci/containers/debian-12-cross-s390x.Dockerfile | 8 -------- ci/containers/debian-12.Dockerfile | 8 -------- .../debian-sid-cross-aarch64.Dockerfile | 8 -------- .../debian-sid-cross-armv6l.Dockerfile | 8 -------- .../debian-sid-cross-armv7l.Dockerfile | 8 -------- ci/containers/debian-sid-cross-i686.Dockerfile | 8 -------- .../debian-sid-cross-mips64el.Dockerfile | 8 -------- .../debian-sid-cross-ppc64le.Dockerfile | 8 -------- .../debian-sid-cross-s390x.Dockerfile | 8 -------- ci/containers/debian-sid.Dockerfile | 8 -------- ci/containers/fedora-41.Dockerfile | 9 --------- .../fedora-42-cross-mingw32.Dockerfile | 9 --------- .../fedora-42-cross-mingw64.Dockerfile | 9 --------- ci/containers/fedora-42.Dockerfile | 9 --------- .../fedora-rawhide-cross-mingw32.Dockerfile | 9 --------- .../fedora-rawhide-cross-mingw64.Dockerfile | 9 --------- ci/containers/fedora-rawhide.Dockerfile | 9 --------- ci/containers/opensuse-leap-15.Dockerfile | 8 -------- ci/containers/opensuse-tumbleweed.Dockerfile | 8 -------- ci/containers/ubuntu-2204.Dockerfile | 8 -------- ci/containers/ubuntu-2404.Dockerfile | 8 -------- ci/lcitool/projects/libvirt.yml | 9 --------- libvirt.spec.in | 18 +++--------------- 68 files changed, 5 insertions(+), 548 deletions(-) -- 2.49.0

2 4

[PATCH] bhyve: Fix build after introduction of emulated NVMe disks
by Martin Kletzander 09 Jun '25

09 Jun '25

From: Martin Kletzander <mkletzan(a)redhat.com> Somehow I missed one switch over disk bus enum. Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com> --- Pushed under the 'build-breaker' rule. src/bhyve/bhyve_command.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/bhyve/bhyve_command.c b/src/bhyve/bhyve_command.c index 916d699c8030..c82a07c2eb1d 100644 --- a/src/bhyve/bhyve_command.c +++ b/src/bhyve/bhyve_command.c @@ -370,6 +370,7 @@ bhyveBuildDiskArgStr(const virDomainDef *def, case VIR_DOMAIN_DISK_BUS_USB: case VIR_DOMAIN_DISK_BUS_UML: case VIR_DOMAIN_DISK_BUS_SD: + case VIR_DOMAIN_DISK_BUS_NVME: case VIR_DOMAIN_DISK_BUS_LAST: default: virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", -- 2.49.0

1 0

[PATCH] docs: outline bug expectations wrt automated tools / AI agents
by Daniel P. Berrangé 09 Jun '25

09 Jun '25

From: Daniel P. Berrangé <berrange(a)redhat.com> Bug reports from automated tools and AI agents are time consuming to triage and have poor signal/noise ratio. Set strong expectations for any reporters using such tools, in a (likely doomed) attempt to stem the flow of poor quality reports. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- docs/bugs.rst | 14 ++++++++++++++ docs/securityprocess.rst | 4 ++++ 2 files changed, 18 insertions(+) diff --git a/docs/bugs.rst b/docs/bugs.rst index 5fd1970caf..e12a6c74ec 100644 --- a/docs/bugs.rst +++ b/docs/bugs.rst @@ -76,6 +76,20 @@ Linux Distribution specific bug reports like to have your procedure for filing bugs mentioned here, please mail the libvirt development list. +Use of automated tools / AI agents +---------------------------------- + +If any automated tool / AI agent is used to identify a bug / security +flaw, the following additional expectations apply when filing a report: + +- The tool / agent used **MUST** be clearly declared in the description +- All stated facts **MUST** be validated as correct and free from AI + hallucinations prior to filing +- The problem **MUST** be described against an upstream release that is + no more than 3 months old. +- The problem **SHOULD** be analysed and accompanied with a proposed + patch that can be directly applied to current git + How to file high quality bug reports ------------------------------------ diff --git a/docs/securityprocess.rst b/docs/securityprocess.rst index 075679df74..b7695ddc59 100644 --- a/docs/securityprocess.rst +++ b/docs/securityprocess.rst @@ -27,6 +27,10 @@ and moderated for non-members. As such you will receive an auto-reply indicating the report is held for moderation. Postings by non-members will be approved by a moderator and the reporter copied on any replies. +Refer to the `bug reporting <bugs.html#use-of-automated-tools-ai-agents>`__ +page for the *expectations around the use of automated tools and AI agents*, +**prior** to filing any security report. + Security notices ---------------- -- 2.49.0

3 5

Re: Can you have a brief look? [Was: Support for emulated NVMe disks in VMX and QEMU]
by Martin Kletzander 09 Jun '25

09 Jun '25

[Adding the list to Cc] On Fri, Jun 06, 2025 at 12:19:16PM +0800, Honglei Wang wrote: >Hi Martin, > >Thanks for following up — yes, I saw your previous email and just had a >chance to review the patches. > >The series looks good to me overall, and I’m fine with the Signed-off-by >trailers you added — thanks for including them. > Thank you for the confirmation. >There might be a small detail to look into: I noticed you changed the >parameters of the virIndexToDiskName function, but it seems not all callers >were updated accordingly. This should be caught by CI, though. If I have >any other issues, I’ll reply on the patch mail list. > You are right, I missed the hyperv driver for some reason. I fixed that in the commit which changes the parameters and pushed the series upstream so that it gets to the next release. >Thanks again for your work on this! > >Best regards > Thank you too and have a nice day, Martin

1 0

[PATCH v3 0/2] Fix forward type=hostdev nets for apparmor
by Tim Small 09 Jun '25

09 Jun '25

Fixes a bug whereby apparmor permissions aren't granted to allow a PCI SR-IOV virtual function to be used in a kvm guest when the VF is defined via a forward type='hostdev' network (as per the 'hostdev' option documented here: https://libvirt.org/formatnetwork.html#connectivity ). Downstream bug here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993856 qemu accesses these PCI virtual functions using the vfio API, so no additional permissions to access to the PCI device resources etc. via /sys/devices/pci[...]/resource et al. are necessary. This is a resend with fixed From in body for the patch emails, and change notes in patch emails. Thanks, Tim. Tim Small (2): virt-aa-helper: refactor for readability virt-aa-helper: Allow SR-IOV VF PCI for hostdev networks .../usr.lib.libvirt.virt-aa-helper.in | 4 +++ src/security/virt-aa-helper.c | 28 ++++++++++++++++--- 2 files changed, 28 insertions(+), 4 deletions(-) -- 2.47.2

2 4