July 2025 - Devel - libvirt List Archives

[PATCH] bhyve: implement timeout for bhyveload
by Roman Bogorodskiy 21 Jul '25

21 Jul '25

The bhyveload(8) command does not have a native non-interactive mode. It means that in case of errors, e.g. invalid boot media, it just drops into a loader prompt and waits for user input. This behaviour makes it tricky for users to understand what's going on. To address that, run it with the timeout(1) tool which sends SIGTERM after a certain timeout, and then optionally sends SIGKILL if the command keeps hanging. These timeout values could be configured in the bhyve.conf. Setting timeout to 0 mean that bhyveload(8) will be executed directly, without timeout(1). Signed-off-by: Roman Bogorodskiy <bogorodskiy(a)gmail.com> --- src/bhyve/bhyve.conf | 9 +++++++ src/bhyve/bhyve_command.c | 25 ++++++++++++++++--- src/bhyve/bhyve_conf.c | 12 +++++++++ src/bhyve/bhyve_utils.h | 3 +++ src/bhyve/libvirtd_bhyve.aug | 4 ++- src/bhyve/test_libvirtd_bhyve.aug.in | 2 ++ .../bhyvexml2argv-bhyveload-timeout.args | 10 ++++++++ .../bhyvexml2argv-bhyveload-timeout.ldargs | 7 ++++++ .../bhyvexml2argv-bhyveload-timeout.xml | 23 +++++++++++++++++ tests/bhyvexml2argvtest.c | 6 +++++ 10 files changed, 96 insertions(+), 5 deletions(-) create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-bhyveload-timeout.args create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-bhyveload-timeout.ldargs create mode 100644 tests/bhyvexml2argvdata/bhyvexml2argv-bhyveload-timeout.xml diff --git a/src/bhyve/bhyve.conf b/src/bhyve/bhyve.conf index 2a8baacff3..dc8d3d8fd8 100644 --- a/src/bhyve/bhyve.conf +++ b/src/bhyve/bhyve.conf @@ -5,3 +5,12 @@ # Path to a directory with firmware files. By default it's pointing # to the directory that sysutils/bhyve-firmware installs files into. #firmware_dir = "/usr/local/share/uefi-firmware" + +# Set timeout for the bhyveload(8) command. This might be necessary +# because in case of errors bhyveload(8) drops to an interactive +# loader and hangs indefinitely. These timeout values are passed +# to the timeout(1) command. Please refer to its manual page for more +# details. When timeout is 0, bhyveload is executed directly. +# Units are seconds. +#bhyveload_timeout = 300 +#bhyveload_timeout_kill = 15 diff --git a/src/bhyve/bhyve_command.c b/src/bhyve/bhyve_command.c index 5757a41e7e..ab6d6e92e4 100644 --- a/src/bhyve/bhyve_command.c +++ b/src/bhyve/bhyve_command.c @@ -921,11 +921,28 @@ virAppendBootloaderArgs(virCommand *cmd, virDomainDef *def) } static virCommand * -virBhyveProcessBuildBhyveloadCmd(virDomainDef *def, virDomainDiskDef *disk) +virBhyveProcessBuildBhyveloadCmd(virDomainDef *def, + struct _bhyveConn *driver, + virDomainDiskDef *disk) { virCommand *cmd; - - cmd = virCommandNew("bhyveload"); + g_autoptr(virBhyveDriverConfig) cfg = virBhyveDriverGetConfig(driver); + + if (cfg->bhyveloadTimeout > 0) { + /* TODO: update bhyve_process.c to interpret timeout(1) exit + * codes 124-127 to produce more meaningful error messages */ + cmd = virCommandNew("timeout"); + virCommandAddArg(cmd, "--foreground"); + virCommandAddArg(cmd, "--verbose"); + if (cfg->bhyveloadTimeoutKill > 0) { + virCommandAddArg(cmd, "-k"); + virCommandAddArgFormat(cmd, "%ds", cfg->bhyveloadTimeoutKill); + } + virCommandAddArgFormat(cmd, "%ds", cfg->bhyveloadTimeout); + virCommandAddArg(cmd, "bhyveload"); + } else { + cmd = virCommandNew("bhyveload"); + } if (def->os.bootloaderArgs == NULL) { VIR_DEBUG("bhyveload with default arguments"); @@ -1212,7 +1229,7 @@ virBhyveProcessBuildLoadCmd(struct _bhyveConn *driver, virDomainDef *def, if (disk == NULL) return NULL; - return virBhyveProcessBuildBhyveloadCmd(def, disk); + return virBhyveProcessBuildBhyveloadCmd(def, driver, disk); } else if (strstr(def->os.bootloader, "grub-bhyve") != NULL) { return virBhyveProcessBuildGrubbhyveCmd(def, driver, devmap_file, devicesmap_out); diff --git a/src/bhyve/bhyve_conf.c b/src/bhyve/bhyve_conf.c index f18b24f91d..182e00ee1d 100644 --- a/src/bhyve/bhyve_conf.c +++ b/src/bhyve/bhyve_conf.c @@ -2,6 +2,7 @@ * bhyve_conf.c: bhyve config file * * Copyright (C) 2017 Roman Bogorodskiy + * Copyright (C) 2025 The FreeBSD Foundation * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -60,6 +61,9 @@ virBhyveDriverConfigNew(void) cfg->libDir = g_strdup_printf("%s/lib/libvirt/bhyve", LOCALSTATEDIR); cfg->nvramDir = g_strdup_printf("%s/nvram", cfg->libDir); + cfg->bhyveloadTimeout = 300; + cfg->bhyveloadTimeoutKill = 15; + return cfg; } @@ -81,6 +85,14 @@ virBhyveLoadDriverConfig(struct _virBhyveDriverConfig *cfg, &cfg->firmwareDir) < 0) return -1; + if (virConfGetValueInt(conf, "bhyveload_timeout", + &cfg->bhyveloadTimeout) < 0) + return -1; + + if (virConfGetValueInt(conf, "bhyveload_timeout_kill", + &cfg->bhyveloadTimeoutKill) < 0) + return -1; + return 0; } diff --git a/src/bhyve/bhyve_utils.h b/src/bhyve/bhyve_utils.h index 9c9ea0a01a..8ed1fa5509 100644 --- a/src/bhyve/bhyve_utils.h +++ b/src/bhyve/bhyve_utils.h @@ -41,6 +41,9 @@ struct _virBhyveDriverConfig { char *firmwareDir; char *libDir; char *nvramDir; + + int bhyveloadTimeout; + int bhyveloadTimeoutKill; }; G_DEFINE_AUTOPTR_CLEANUP_FUNC(virBhyveDriverConfig, virObjectUnref); diff --git a/src/bhyve/libvirtd_bhyve.aug b/src/bhyve/libvirtd_bhyve.aug index b6bee261a6..0fd74d4bb3 100644 --- a/src/bhyve/libvirtd_bhyve.aug +++ b/src/bhyve/libvirtd_bhyve.aug @@ -23,9 +23,11 @@ module Libvirtd_bhyve = let str_array_entry (kw:string) = [ key kw . value_sep . str_array_val ] let log_entry = str_entry "firmware_dir" + let bhyveload_timeout = int_entry "bhyveload_timeout" + let bhyveload_timeout_kill = int_entry "bhyveload_timeout_kill" (* Each entry in the config is one of the following three ... *) - let entry = log_entry + let entry = log_entry | bhyveload_timeout | bhyveload_timeout_kill let comment = [ label "#comment" . del /#[ \t]*/ "# " . store /([^ \t\n][^\n]*)?/ . del /\n/ "\n" ] let empty = [ label "#empty" . eol ] diff --git a/src/bhyve/test_libvirtd_bhyve.aug.in b/src/bhyve/test_libvirtd_bhyve.aug.in index ec932b4b11..391648e71f 100644 --- a/src/bhyve/test_libvirtd_bhyve.aug.in +++ b/src/bhyve/test_libvirtd_bhyve.aug.in @@ -3,3 +3,5 @@ module Test_libvirtd_bhyve = test Libvirtd_bhyve.lns get conf = { "firmware_dir" = "/usr/local/share/uefi-firmware" } +{ "bhyveload_timeout" = "300" } +{ "bhyveload_timeout_kill" = "15" } diff --git a/tests/bhyvexml2argvdata/bhyvexml2argv-bhyveload-timeout.args b/tests/bhyvexml2argvdata/bhyvexml2argv-bhyveload-timeout.args new file mode 100644 index 0000000000..153a1d5035 --- /dev/null +++ b/tests/bhyvexml2argvdata/bhyvexml2argv-bhyveload-timeout.args @@ -0,0 +1,10 @@ +bhyve \ +-c 1 \ +-m 214 \ +-u \ +-H \ +-P \ +-s 0:0,hostbridge \ +-s 2:0,ahci-hd,/tmp/freebsd.img \ +-s 3:0,virtio-net,faketapdev,mac=52:54:00:b9:94:02 \ +bhyve diff --git a/tests/bhyvexml2argvdata/bhyvexml2argv-bhyveload-timeout.ldargs b/tests/bhyvexml2argvdata/bhyvexml2argv-bhyveload-timeout.ldargs new file mode 100644 index 0000000000..264ae48441 --- /dev/null +++ b/tests/bhyvexml2argvdata/bhyvexml2argv-bhyveload-timeout.ldargs @@ -0,0 +1,7 @@ +timeout \ +--foreground \ +--verbose \ +-k 20s 300s bhyveload \ +-m 214 \ +-d /tmp/freebsd.img \ +bhyve diff --git a/tests/bhyvexml2argvdata/bhyvexml2argv-bhyveload-timeout.xml b/tests/bhyvexml2argvdata/bhyvexml2argv-bhyveload-timeout.xml new file mode 100644 index 0000000000..0b8066733d --- /dev/null +++ b/tests/bhyvexml2argvdata/bhyvexml2argv-bhyveload-timeout.xml @@ -0,0 +1,23 @@ +<domain type='bhyve'> + <name>bhyve</name> + <uuid>df3be7e7-a104-11e3-aeb0-50e5492bd3dc</uuid> + <memory>219136</memory> + <vcpu>1</vcpu> + <os> + <type>hvm</type> + </os> + <devices> + <disk type='file'> + <driver name='file' type='raw'/> + <source file='/tmp/freebsd.img'/> + <target dev='hda' bus='sata'/> + <address type='drive' controller='0' bus='0' target='2' unit='0'/> + </disk> + <interface type='bridge'> + <mac address='52:54:00:b9:94:02'/> + <model type='virtio'/> + <source bridge="virbr0"/> + <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> + </interface> + </devices> +</domain> diff --git a/tests/bhyvexml2argvtest.c b/tests/bhyvexml2argvtest.c index 2838b20c29..cc6b17233d 100644 --- a/tests/bhyvexml2argvtest.c +++ b/tests/bhyvexml2argvtest.c @@ -165,6 +165,8 @@ mymain(void) driver.config->firmwareDir = fakefirmwaredir; driver.config->nvramDir = fakenvramdir; + driver.config->bhyveloadTimeout = 0; + driver.config->bhyveloadTimeoutKill = 0; # define DO_TEST_FULL(name, flags) \ do { \ @@ -305,6 +307,10 @@ mymain(void) driver.bhyvecaps &= ~BHYVE_CAP_VNC_PASSWORD; DO_TEST_FAILURE("vnc-password"); + driver.config->bhyveloadTimeout = 300; + driver.config->bhyveloadTimeoutKill = 20; + DO_TEST("bhyveload-timeout"); + virObjectUnref(driver.caps); virObjectUnref(driver.xmlopt); virPortAllocatorRangeFree(driver.remotePorts); -- 2.49.0

2 1

[PATCH] bhyve: don't reset domain autostart flag on destroy
by Roman Bogorodskiy 21 Jul '25

21 Jul '25

Currently, virBhyveProcessStop() uses the virDomainDeleteConfig() helper to clean up domain status. It passes BHYVE_STATE_DIR as a configuration dir and NULL as autostart dir, so the helper does its job, even though it has a different purpose. However, the issue is that it also resets the autostart (and autostartOnce) property. This results in a situation that when a persistent domain with autostart enabled gets destroyed, its autostart state is reported as disabled, which is not correct. To fix that, implement the bhyveProcessRemoveDomainStatus() which removes the status file without side effects on the virDomainObj object. Signed-off-by: Roman Bogorodskiy <bogorodskiy(a)gmail.com> --- src/bhyve/bhyve_process.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/bhyve/bhyve_process.c b/src/bhyve/bhyve_process.c index 5e77a9c4d6..79be6f7aba 100644 --- a/src/bhyve/bhyve_process.c +++ b/src/bhyve/bhyve_process.c @@ -427,6 +427,17 @@ virBhyveProcessStart(bhyveConn *driver, return virBhyveProcessStartImpl(driver, vm, reason); } +static void +bhyveProcessRemoveDomainStatus(const char *statusDir, + const char *name) +{ + g_autofree char *file = virDomainConfigFile(statusDir, name); + + if (unlink(file) < 0 && errno != ENOENT && errno != ENOTDIR) + VIR_WARN("Failed to remove domain XML for %s: %s", + name, g_strerror(errno)); +} + int virBhyveProcessStop(struct _bhyveConn *driver, virDomainObj *vm, @@ -483,7 +494,7 @@ virBhyveProcessStop(struct _bhyveConn *driver, cleanup: virPidFileDelete(BHYVE_STATE_DIR, vm->def->name); - virDomainDeleteConfig(BHYVE_STATE_DIR, NULL, vm); + bhyveProcessRemoveDomainStatus(BHYVE_STATE_DIR, vm->def->name); return ret; } -- 2.49.0

2 1

[PATCH 0/2] meson: Report library versions in the summary
by Michal Privoznik 18 Jul '25

18 Jul '25

Green pipeline: https://gitlab.com/MichalPrivoznik/libvirt/-/pipelines/1934463449 and if you shod individual builds you can see these in action. Michal Prívozník (2): meson: Convert attr_dep to dependency() meson: Report library versions in the summary meson.build | 77 ++++++++++++++++++++++++++--------------------------- 1 file changed, 38 insertions(+), 39 deletions(-) -- 2.49.1

2 3

[PATCH] qemu_tpm: Do not use persistent definition during pre-start checks
by Martin Kletzander 18 Jul '25

18 Jul '25

From: Martin Kletzander <mkletzan(a)redhat.com> Commit 3451987fca7c used the persistent TPM Definition in both calls to qemuTPMVirCommandSwtpmAddTPMState() but in one of the two cases it might've been NULL and what's more, it is not the right definition which should've been used. Change that to @tpm which is the current definition. The other call does not have access to the current definition and is only called during updating the profile. But for the sake of fewer future mistakes, keep the other one as is because there is no issue with calling it that way and adding logic that just skips the extra check on NULL could mistake someone in the future. Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com> --- src/qemu/qemu_tpm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 5cb678df0eee..4c9445d72c39 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -852,7 +852,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, virCommandAddArgFormat(cmd, "type=unixio,path=%s,mode=0600", tpm->data.emulator.source->data.nix.path); - qemuTPMVirCommandSwtpmAddTPMState(cmd, &tpm->data.emulator, persistentTPMDef, cfg); + qemuTPMVirCommandSwtpmAddTPMState(cmd, &tpm->data.emulator, tpm, cfg); virCommandAddArg(cmd, "--log"); if (tpm->data.emulator.debug != 0) -- 2.50.1

2 1

[PATCH 0/6] nss: Rework debugging
by Michal Privoznik 18 Jul '25

18 Jul '25

I've been debugging a problem with NSS plugin recently [1] and the fact that I had to recompile libvirt just to enable debugging printings for the NSS plugin turned out very inconvenient. Make the debug printings env var dependant and add a few more printings. 1: https://bugzilla.redhat.com/show_bug.cgi?id=2364285 Michal Prívozník (6): nss: Promote debug message to proper error when time() fails nss: Move logging into a separate file and turn it temporarily on nss: Make logging conditional on an envvar nss: Include filename in debug printings nss: Print module name nss: Debug print JSON files as they are parsed build-aux/syntax-check.mk | 2 +- docs/nss.rst | 13 ++++++ tools/nss/libvirt_nss.c | 8 +++- tools/nss/libvirt_nss.h | 30 +----------- tools/nss/libvirt_nss_leases.c | 12 +++-- tools/nss/libvirt_nss_log.c | 85 ++++++++++++++++++++++++++++++++++ tools/nss/libvirt_nss_log.h | 41 ++++++++++++++++ tools/nss/meson.build | 1 + 8 files changed, 158 insertions(+), 34 deletions(-) create mode 100644 tools/nss/libvirt_nss_log.c create mode 100644 tools/nss/libvirt_nss_log.h -- 2.49.0

3 10

[PATCH 0/3] qemu_tpm: Do not pollute logs with unnecessary warning
by Martin Kletzander 18 Jul '25

18 Jul '25

https://issues.redhat.com/browse/RHEL-80155 Martin Kletzander (3): qemu_tpm: Rename qemuTPMHasSharedStorage -> qemuTPMDomainHasSharedStorage qemu_tpm: Extract per-TPM functionality from qemuTPMDomainHasSharedStorage qemu_tpm: Only warn about missing locking feature on shared filesystems src/qemu/qemu_migration.c | 2 +- src/qemu/qemu_tpm.c | 75 +++++++++++++++++++++++---------------- src/qemu/qemu_tpm.h | 4 +-- 3 files changed, 47 insertions(+), 34 deletions(-) -- 2.50.1

4 8

[PATCH 0/3] qemu: workaround for GNUTLS bug hitting live migration
by Daniel P. Berrangé 18 Jul '25

18 Jul '25

This is a workaround for existing running QEMU processes which are susceptible to a GNUTLS crasher bug with non-multifd live migration: https://gitlab.com/qemu-project/qemu/-/issues/1937 which in turn is caused by a gnutls regression https://gitlab.com/gnutls/gnutls/-/issues/1717 Even if gnutls is fixed, running QEMU processes are still at risk until restarted, and that can't be done without live migrating workloads off, which triggers the bug we're trying to avoid. The only way to avoid this for running QEMU processes is to change the crypto priority string. On Fedora / RHEL distros we can do this on the target QEMU using /etc/crypto-policies configs, but many other distros have now adopted this - hint: this is a very useful thing to adopt. This series gives a more targetted workaround that is compatible with all distros and can be configured on either the source or dst hosts and whose impact is limited just to live migration. Daniel P. Berrangé (3): qemu: fix order of VNC TLS config entries qemu: sanitize blank lines in config file qemu: add ability to set TLS priority string with QEMU src/conf/storage_source_conf.c | 2 + src/conf/storage_source_conf.h | 1 + src/qemu/libvirtd_qemu.aug | 8 +- src/qemu/qemu.conf.in | 99 +++++++++++++++++-- src/qemu/qemu_backup.c | 5 +- src/qemu/qemu_blockjob.c | 1 + src/qemu/qemu_command.c | 15 ++- src/qemu/qemu_command.h | 1 + src/qemu/qemu_conf.c | 22 +++++ src/qemu/qemu_conf.h | 6 ++ src/qemu/qemu_domain.c | 3 + src/qemu/qemu_domain.h | 1 + src/qemu/qemu_hotplug.c | 4 +- src/qemu/qemu_hotplug.h | 1 + src/qemu/qemu_migration_params.c | 1 + src/qemu/test_libvirtd_qemu.aug.in | 8 +- ...rk-tlsx509-nbd-hostname.x86_64-latest.args | 2 +- ...graphics-vnc-tls-secret.x86_64-latest.args | 2 +- ...-tlsx509-secret-chardev.x86_64-latest.args | 2 +- tests/qemuxmlconftest.c | 6 ++ 20 files changed, 170 insertions(+), 20 deletions(-) -- 2.50.1

2 6

Re: download.libvirt.org HTTPS certificate expired causing download failures
by Daniel P. Berrangé 18 Jul '25

18 Jul '25

On Fri, Jul 18, 2025 at 10:36:53AM +0000, Song, Jiaying (CN) wrote: > Hello libvirt team, > > I am a user trying to fetch packages from https://download.libvirt.org/, but I encountered an issue where the HTTPS certificate issued by Let's Encrypt (CN=R10) appears to have expired. > > This causes download failures in automated builds and package fetching processes. For example, wget reports: > > wget https://download.libvirt.org/python/libvirt-python-11.1.0.tar.gz > ERROR: cannot verify download.libvirt.org's certificate, issued by 'CN=R10,O=Let's Encrypt,C=US': > Issued certificate has expired. > > Could you please update or renew the TLS certificate for download.libvirt.org at your earliest convenience to avoid further disruptions? > > Thank you very much for your help! FYI, we connected on IRC and I got this sorted out. It was a result of us having to move to a new physical server on short notice a few weeks ago, combined with an OS upgrade from RHEL 7 to 9. We copied the certs, but failed to setup acme-tiny again on the new machine to renew them. In 3 months time we'll find out if I got the acme-tiny config correct, so if anyone notices problems at that time let me know.... With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|

1 0

[PATCH 0/7] tls: Improve validation of certificates if multiple certs are concatenated in one file
by Peter Krempa 18 Jul '25

18 Jul '25

Our code handled properly only multiple CA certs in one file. This patch extends the validation also to multiple client/server certs in one file. Peter Krempa (7): rpc: virnettlscontext: Fix formatting of function definitions virNetTLSContextNewPath: Refactor temporary variable usage virNetTLSCertCheckPair: Fix function definition formatting rpc: virnettlscert: Rename virNetTLSCertLoadCAListFromFile to virNetTLSCertLoadListFromFile virPKIValidateIdentity: Validate all concatenated certificates virNetTLSCertSanityCheck: Validate all concatenated certs Remove unused 'virNetTLSCertLoadFromFile' src/rpc/virnettlscert.c | 94 ++++++++++++-------------------------- src/rpc/virnettlscert.h | 6 ++- src/rpc/virnettlscontext.c | 89 +++++++++++++++++------------------- tools/virt-pki-validate.c | 20 ++++++-- 4 files changed, 90 insertions(+), 119 deletions(-) -- 2.50.0

2 16

download.libvirt.org HTTPS certificate expired causing download failures
by Song, Jiaying (CN) 18 Jul '25

18 Jul '25

Hello libvirt team, I am a user trying to fetch packages from https://download.libvirt.org/, but I encountered an issue where the HTTPS certificate issued by Let's Encrypt (CN=R10) appears to have expired. This causes download failures in automated builds and package fetching processes. For example, wget reports: wget https://download.libvirt.org/python/libvirt-python-11.1.0.tar.gz ERROR: cannot verify download.libvirt.org's certificate, issued by 'CN=R10,O=Let's Encrypt,C=US': Issued certificate has expired. Could you please update or renew the TLS certificate for download.libvirt.org at your earliest convenience to avoid further disruptions? Thank you very much for your help! Best regards, Jiaying.

1 0